From 919646648b7a5a292d265fba74eabebfe0594bc4 Mon Sep 17 00:00:00 2001 From: sra Date: Mon, 16 Dec 2024 19:17:09 +0530 Subject: [PATCH 01/14] DOCS-7072 creating a new remote branch for SSPM --- docusaurus.config.ts | 22 + openapi-specs/sase/sspm/SSPMconsolidated.yaml | 901 ++++++++++++++++++ products/sase/api/sspm/api-workflow.md | 10 + products/sase/api/sspm/intro.md | 9 + products/sase/docs/sspm/getting-started.md | 10 + products/sase/sidebars.ts | 5 + 6 files changed, 957 insertions(+) create mode 100644 openapi-specs/sase/sspm/SSPMconsolidated.yaml create mode 100644 products/sase/api/sspm/api-workflow.md create mode 100644 products/sase/api/sspm/intro.md create mode 100644 products/sase/docs/sspm/getting-started.md diff --git a/docusaurus.config.ts b/docusaurus.config.ts index 9fc654292..b712e34d1 100644 --- a/docusaurus.config.ts +++ b/docusaurus.config.ts @@ -490,6 +490,11 @@ const config = { label: "Multitenant Interconnect", icon: "api-doc", }, + { + to: "sase/api/sspm", + label: "SaaS Security Posture Management", + icon: "api-doc", + }, { to: "access/api/adem/autonomous-dem-api", label: "Autonomous DEM", @@ -533,6 +538,18 @@ const config = { }, ], }, + { + label: "SaaS Security Posture Management", + to: "#", + logoClass: "prisma", + apiDocs: [ + { + to: "access/api/sspm/getting-started", + label: "SaaS Security Management", + icon: "api-doc", + }, + ], + }, { label: "Prisma Access Insights", to: "#", @@ -898,6 +915,11 @@ const config = { outputDir: "products/sase/api/mt-interconnect", sidebarOptions: { groupPathsBy: "tag" }, }, + securityposture: { + specPath: "openapi-specs/sase/sspm", + outputDir: "products/sase/api/sspm", + sidebarOptions: { groupPathsBy: "tag" }, + }, access: { specPath: "openapi-specs/access/prisma-access-config", outputDir: "products/access/api/prisma-access-config", diff --git a/openapi-specs/sase/sspm/SSPMconsolidated.yaml b/openapi-specs/sase/sspm/SSPMconsolidated.yaml new file mode 100644 index 000000000..9f3fc8207 --- /dev/null +++ b/openapi-specs/sase/sspm/SSPMconsolidated.yaml @@ -0,0 +1,901 @@ +components: + schemas: + Application: + properties: + app_id: + type: string + app_settings: + additionalProperties: + type: string + type: object + changed_at: + format: date-time + type: string + changed_by: + type: string + configs: + additionalProperties: + type: string + type: object + created_at: + format: date-time + type: string + created_by: + type: string + fawkes_url: + type: string + features_metadata: + additionalProperties: + additionalProperties: + type: string + type: object + type: object + features_state: + additionalProperties: + $ref: '#/components/schemas/FeatureState' + type: object + health_status: + enum: + - Up + - Unhealthy + - Down + - Unknown + - Scanning + type: string + instance_label: + enum: + - Default + - Production + - Sandbox + - Internal + - QA + - Dev + type: string + last_scanned_at: + format: date-time + type: string + last_validated_at: + format: date-time + type: string + missing_configs: + items: + type: string + type: array + name: + type: string + owner: + $ref: '#/components/schemas/User' + remediation_enabled: + type: boolean + scan_interval_minutes: + format: int32 + type: integer + status: + enum: + - Registered + - Active + - Disabled + type: string + tenant: + type: string + tsg_id: + type: string + type: + type: string + type: object + ApplicationAuthInfo: + properties: + fields: + items: + $ref: '#/components/schemas/AuthFormElement' + type: array + sso_fields: + items: + $ref: '#/components/schemas/SsoFields' + type: array + strategy: + enum: + - REDIRECT_URL + - PROVIDED_CREDENTIALS + type: string + type: object + ApplicationPage: + properties: + items: + items: + type: object + type: array + limit: + format: int32 + type: integer + next_path: + type: string + prev_path: + type: string + total: + format: int64 + type: integer + type: object + AuthFormElement: + discriminator: + propertyName: kind + properties: + kind: + enum: + - FIELD + - DOC + type: string + type: object + CatalogApplication: + properties: + display_name: + type: string + enabled: + type: boolean + features: + items: + enum: + - SCAN + - REMEDIATE + - RISKY_ACCOUNTS + - THIRD_PARTY_APPS + - THIRD_PARTY_APPS_USER_REVOKE + - IDENTITY + type: string + type: array + uniqueItems: true + features_metadata: + additionalProperties: + additionalProperties: + type: string + type: object + type: object + lambda: + type: boolean + name: + type: string + type: object + CatalogConfig: + properties: + __metadata: + additionalProperties: + type: object + properties: + empty: + type: boolean + type: object + category: + type: string + common_control: + type: string + console_url: + type: string + description: + type: string + description_url: + type: string + enabled: + type: boolean + id: + type: string + name: + type: string + native_category: + type: string + native_name: + type: string + operator: + $ref: '#/components/schemas/CatalogConfigOperator' + optional: + type: boolean + remediation: + $ref: '#/components/schemas/RemediationConfig' + remediation_steps: + type: string + severity: + type: string + value: + $ref: '#/components/schemas/ConfigValue' + type: object + CatalogConfigOperator: + discriminator: + propertyName: operator + properties: + displayValue: + type: string + operator: + enum: + - equal + - not_equal + - substring + - not_substring + - greater + - greater_or_equal + - less + - less_or_equal + - one_of + - not_one_of + - in_range + - not_in_range + type: string + valueType: + enum: + - int + - double + - string + - bool + type: string + type: object + CommonControlProfiles: + properties: + id: + type: string + name: + type: string + profiles: + items: + $ref: '#/components/schemas/ComplianceProfile' + type: array + type: object + ComplianceCategory: + properties: + controls: + items: + $ref: '#/components/schemas/ComplianceControl' + type: array + name: + type: string + type: object + ComplianceControl: + properties: + description: + type: string + id: + type: string + type: object + ComplianceProfile: + properties: + categories: + items: + $ref: '#/components/schemas/ComplianceCategory' + type: array + id: + type: string + name: + type: string + type: object + Config: + properties: + app_id: + type: string + category: + type: string + common_control_id: + type: string + config_id: + type: string + console_url: + type: string + current_value: + type: string + description: + type: string + descriptionUrl: + type: string + id: + type: string + locked: + type: boolean + locked_value: + type: string + monitored: + type: boolean + monitored_attestation: + type: string + name: + type: string + operator: + type: string + operator_display_value: + type: string + overridden: + type: boolean + overridden_value: + type: string + recommended_value: + type: string + remediation_enabled: + type: boolean + remediation_steps: + type: string + status: + type: string + subcategory: + type: string + tenant: + type: string + tickets: + items: + $ref: '#/components/schemas/Ticket' + type: array + type: object + ConfigValue: + properties: + choices: + type: string + default_value: + type: string + type: + type: string + type: object + FeatureState: + properties: + last_scanned_at: + format: date-time + type: string + status: + enum: + - UNKNOWN + - OK + - UNHEALTHY + - AUTH_REQUIRED + - SCANNING + type: string + status_details: + type: string + updated_at: + format: date-time + type: string + type: object + JiraIdentity: + properties: + accountId: + type: string + displayName: + type: string + type: object + JiraIssueFields: + properties: + assignee: + $ref: '#/components/schemas/JiraIdentity' + reporter: + $ref: '#/components/schemas/JiraIdentity' + status: + $ref: '#/components/schemas/Status' + type: object + JiraIssueResponse: + properties: + fields: + $ref: '#/components/schemas/JiraIssueFields' + type: object + JiraIssueType: + properties: + id: + type: string + name: + type: string + type: object + JiraProjectDetailResponse: + properties: + issueTypes: + items: + $ref: '#/components/schemas/JiraIssueType' + type: array + type: object + RemediationConfig: + properties: + auto_fix: + type: boolean + guide_footer: + type: string + guide_header: + type: string + guide_steps: + items: + type: string + type: array + remediation_value: + type: string + type: object + ScopeConfig: + properties: + description: + type: string + enabled: + type: boolean + id: + type: string + name: + type: string + native_name: + type: string + severity: + type: string + type: object + SsoFields: + properties: + fields: + items: + $ref: '#/components/schemas/AuthFormElement' + type: array + sso_provider: + enum: + - NONE + - OKTA + - AZURE + - GOOGLE + type: string + required: + - fields + - sso_provider + type: object + Status: + properties: + name: + type: string + type: object + Ticket: + properties: + createdAt: + format: date-time + type: string + integrationId: + type: string + summary: + type: string + tenant: + type: string + ticketKey: + type: string + ticketUrl: + type: string + type: + enum: + - JIRA_TICKETING + - SNOW_TICKETING + type: string + type: object + User: + properties: + email: + type: string + full_name: + type: string + user_id: + type: string + required: + - email + - full_name + - user_id + type: object + securitySchemes: + Bearer: + scheme: bearer + type: http +info: + contact: + email: support@paloaltonetworks.com + description: "This Open API spec file represents the APIs available for\n[Palo Alto\ + \ Networks SSPM](https://docs.paloaltonetworks.com/NEED-URL) APIs. \n??? Add description\ + \ ???\nThese APIs use the common SASE authentication mechanism and base URL. See\ + \ the\n[Prisma SASE API Get Started](https://pan.dev/sase/docs/getstarted) guide\ + \ for more information.\n\nThis Open API spec file was created on December 16,\ + \ 2024. To check for a more recent version of this file, see\n[Interconnect APIs\ + \ on pan.dev](https://pan.dev/sase/api/mt-sp-interconnect/mt-interconnect-api.html).\ + \ ??? Add respective URL ???\n\n\xA9 2024 Palo Alto Networks, Inc. Palo Alto Networks\ + \ is a registered trademark of Palo\nAlto Networks. A list of our trademarks can\ + \ be found at\n\n[https://www.paloaltonetworks.com/company/trademarks.html](https://www.paloaltonetworks.com/company/trademarks.html)\n\ + \nAll other marks mentioned herein may be trademarks of their respective companies.\n" + title: SaaS Security Posture Management APIs + version: '1.0' +openapi: 3.0.1 +paths: + /sspm/api/v1/apps: + get: + description: 'You can use this API to get the list of onboarded SaaS applications. + + ' + operationId: get-sspm-api-v1-apps + parameters: + - description: List of filters + example: filter=type:office365 + in: query + name: filter + schema: + type: string + - description: 'defines sorting of the result.Format: FIELD_NAME:DIRECTION|FIELD_NAME:DIRECTION|... + .' + example: order_by=name:asc|type:desc + in: query + name: order_by + schema: + type: string + - description: applies page_token to get requested page of items + example: page_token=MSM2Iw== + in: query + name: page_token + schema: + type: string + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/ApplicationPage' + description: successful operation + security: + - Bearer: [] + summary: Get registered application + tags: + - Registered Application + /sspm/api/v1/apps/{app_id}: + get: + description: 'You can use this API to get the basic details of the application + by providing app ID and tenant name. + + ' + operationId: get-sspm-api-v1-apps-app_id + parameters: + - description: application id + example: f1700e7b-e60f-4d5e-bfce-aba3543adf8e + in: path + name: app_id + required: true + schema: + type: string + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/Application' + description: successful operation + '404': + description: not registered application + security: + - Bearer: [] + summary: Application details + tags: + - Registered Application + /sspm/api/v1/apps/{app_id}/configs: + get: + description: 'You can use this API to get details on the application configuration + by providing app ID and tenant name. + + ' + operationId: get-sspm-api-v1-apps-app_id-configs + parameters: + - description: application id + example: f1700e7b-e60f-4d5e-bfce-aba3543adf8e + in: path + name: app_id + required: true + schema: + type: string + responses: + '200': + content: + application/json: + schema: + items: + $ref: '#/components/schemas/Config' + type: array + description: successful operation + '404': + description: not registered application + security: + - Bearer: [] + summary: Application configuration details + tags: + - Registered Application + /sspm/api/v1/apps/{app_id}/settings: + get: + description: "You can use this API to get the details on the settings of the\ + \ SaaS application by providing app ID and tenant name. \n" + operationId: get-sspm-api-v1-apps-app_id-settings + parameters: + - description: application id + example: f1700e7b-e60f-4d5e-bfce-aba3543adf8e + in: path + name: app_id + required: true + schema: + type: string + responses: + '200': + content: + application/json: + schema: + items: + $ref: '#/components/schemas/Config' + type: array + description: successful operation + '404': + description: not registered application + security: + - Bearer: [] + summary: Application settings details + tags: + - Registered Application + /sspm/api/v1/auth/{app}/info: + get: + description: 'You can use this API to get details on the application authorization + in the catalog. + + ' + operationId: get-sspm-api-v1-auth-app-info + parameters: + - description: application type + example: office365 + in: path + name: app + required: true + schema: + type: string + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/ApplicationAuthInfo' + description: successful operation + '404': + description: not registered application + security: + - Bearer: [] + summary: Authorization information + tags: + - Information + /sspm/api/v1/catalog/apps: + get: + description: "You can use this API to get details on all the supported SSPM\ + \ applications. \n" + operationId: get-sspm-api-v1-catalog-apps + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/CatalogApplication' + description: successful operation + security: + - Bearer: [] + summary: Catalog of supported SSPM apps + tags: + - Catalog Information + /sspm/api/v1/catalog/apps/{app}: + get: + description: "You can use this API to get details on the catalog settings for\ + \ the application by providing application type. \n" + operationId: get-sspm-api-v1-catalog-apps-app + parameters: + - description: application name + example: servicenow + in: path + name: app + required: true + schema: + type: string + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/CatalogApplication' + description: successful operation + security: + - Bearer: [] + summary: Catalog setting details + tags: + - Catalog Information + /sspm/api/v1/catalog/apps/{app}/configs: + get: + description: 'You can use this API to get details on the catalog configuration + settings by providing application type. + + ' + operationId: get-sspm-api-v1-catalog-apps-app-configs + parameters: + - description: application name + example: servicenow + in: path + name: app + required: true + schema: + type: string + responses: + '200': + content: + application/json: + schema: + items: + $ref: '#/components/schemas/CatalogConfig' + type: array + description: successful operation + security: + - Bearer: [] + summary: Catalog configuration settings details + tags: + - Catalog Information + /sspm/api/v1/catalog/apps/{app}/scopes: + get: + description: "??? Add description ??? \n" + operationId: get-sspm-api-v1-catalog-apps-app-scopes + parameters: + - description: application name + example: servicenow + in: path + name: app + required: true + schema: + type: string + responses: + '200': + content: + application/json: + schema: + items: + $ref: '#/components/schemas/ScopeConfig' + type: array + description: successful operation + security: + - Bearer: [] + summary: Fetch plugin scope catalog for for given app by app_type + tags: + - Catalog Information + /sspm/api/v1/catalog/controls/{common_control_id}: + get: + description: "??? Add description ??? \n" + operationId: get-sspm-api-v1-catalog-controls-common_control_id + parameters: + - description: common control id + example: PAN-00000001 + in: path + name: common_control_id + required: true + schema: + type: string + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/CommonControlProfiles' + description: successful operation + security: + - Bearer: [] + summary: compliance profile mappings for given common control + tags: + - Catalog Information + /sspm/api/v1/integration/integrations/{integration_id}/{integration_type}/issue/{key}: + get: + description: "??? Add description ??? \n" + operationId: get-sspm-api-v1-integration-integrations-integration_id-integration_type-issue-key + parameters: + - description: integration id + example: 65dcec42a2f1d37173e6294c + in: path + name: integration_id + required: true + schema: + type: string + - description: integration type + example: JIRA_TICKETING + in: path + name: integration_type + required: true + schema: + type: string + - description: issue key + example: '10001' + in: path + name: key + required: true + schema: + type: string + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/JiraIssueResponse' + description: successful operation + '404': + description: not registered jira-ticketing integration + security: + - Bearer: [] + summary: Fetch onboarded JIRA ticketing issue details by key + tags: + - JIRA Issue + /sspm/api/v1/integration/integrations/{integration_id}/{integration_type}/project/{key}: + get: + description: "??? Add description ??? \n" + operationId: get-sspm-api-v1-integration-integrations-integration_id-integration_type-project-key + parameters: + - description: integration id + example: 65dcec42a2f1d37173e6294c + in: path + name: integration_id + required: true + schema: + type: string + - description: integration type + example: JIRA_TICKETING + in: path + name: integration_type + required: true + schema: + type: string + - description: project key + example: TestProject + in: path + name: key + required: true + schema: + type: string + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/JiraProjectDetailResponse' + description: successful operation + '404': + description: not registered jira-ticketing integration + security: + - Bearer: [] + summary: Fetch onboarded JIRA ticketing project details by key + tags: + - JIRA Issue + /sspm/api/v1/integration/integrations/{integration_id}/{integration_type}/projects: + get: + description: "??? Add description ??? \n" + operationId: get-sspm-api-v1-integration-integrations-integration_id-integration_type-projects + parameters: + - description: integration id + example: 65dcec42a2f1d37173e6294c + in: path + name: integration_id + required: true + schema: + type: string + - description: integration type + example: JIRA_TICKETING + in: path + name: integration_type + required: true + schema: + type: string + responses: + '200': + content: + application/json: + schema: + type: object + description: successful operation + '404': + description: not registered jira-ticketing integration + security: + - Bearer: [] + summary: Fetch onboarded JIRA ticketing project list + tags: + - JIRA Issue +servers: +- url: https://api.sase.paloaltonetworks.com +tags: +- description: '??? Add description ??? + + ' + name: Registered Application +- description: '??? Add description ??? + + ' + name: Information +- description: '??? Add description ??? + + ' + name: Catalog Information +- description: 'Get JIRA issue details. + + ' + name: JIRA Issue diff --git a/products/sase/api/sspm/api-workflow.md b/products/sase/api/sspm/api-workflow.md new file mode 100644 index 000000000..257512e0c --- /dev/null +++ b/products/sase/api/sspm/api-workflow.md @@ -0,0 +1,10 @@ +--- +id: api-workflow +title: Multitenant Notifications APIs +sidebar_label: Multitenant Notifications APIs +slug: /sase/api/sspm +keywords: + - SASE + - Reference + - API +--- \ No newline at end of file diff --git a/products/sase/api/sspm/intro.md b/products/sase/api/sspm/intro.md new file mode 100644 index 000000000..aba397edc --- /dev/null +++ b/products/sase/api/sspm/intro.md @@ -0,0 +1,9 @@ +--- +id: intro +title: Multitenant Notifications APIs +sidebar_label: Multitenant Notifications APIs +keywords: + - SASE + - Reference + - API +--- \ No newline at end of file diff --git a/products/sase/docs/sspm/getting-started.md b/products/sase/docs/sspm/getting-started.md new file mode 100644 index 000000000..8fcb39f29 --- /dev/null +++ b/products/sase/docs/sspm/getting-started.md @@ -0,0 +1,10 @@ +--- +id: getting-started +title: Aggregate Monitoring APIs +description: Aggregate Monitoring APIs +hide_title: true +slug: /sase/docs/sspm +hide_table_of_contents: false +keywords: + - sase +--- \ No newline at end of file diff --git a/products/sase/sidebars.ts b/products/sase/sidebars.ts index b784534ff..b5bca9786 100644 --- a/products/sase/sidebars.ts +++ b/products/sase/sidebars.ts @@ -303,6 +303,11 @@ module.exports = { "sase/api/mt-interconnect/mt-interconnect", require("./api/mt-interconnect/sidebar"), ], + securityposture: [ + "sase/api/sspm/intro", + "sase/api/sspm/api-workflow", + require("./api/mt-interconnect/sidebar"), + ], sasesubscription: [ "sase/api/subscription/subscription-api", require("./api/subscription/sidebar"), From 677bd8a02ae77294967aab650f0adb03ab6cfed0 Mon Sep 17 00:00:00 2001 From: sra Date: Tue, 17 Dec 2024 10:06:51 +0530 Subject: [PATCH 02/14] DOCS-7072 staging the changes made --- docusaurus.config.ts | 14 +---- products/sase/api/sspm/api-workflow.md | 73 ++++++++++++++++++++-- products/sase/api/sspm/intro.md | 37 ++++++++++- products/sase/docs/sspm/getting-started.md | 10 --- products/sase/sidebars.ts | 2 +- 5 files changed, 105 insertions(+), 31 deletions(-) delete mode 100644 products/sase/docs/sspm/getting-started.md diff --git a/docusaurus.config.ts b/docusaurus.config.ts index b712e34d1..fdca98646 100644 --- a/docusaurus.config.ts +++ b/docusaurus.config.ts @@ -538,18 +538,6 @@ const config = { }, ], }, - { - label: "SaaS Security Posture Management", - to: "#", - logoClass: "prisma", - apiDocs: [ - { - to: "access/api/sspm/getting-started", - label: "SaaS Security Management", - icon: "api-doc", - }, - ], - }, { label: "Prisma Access Insights", to: "#", @@ -915,7 +903,7 @@ const config = { outputDir: "products/sase/api/mt-interconnect", sidebarOptions: { groupPathsBy: "tag" }, }, - securityposture: { + sasesspm: { specPath: "openapi-specs/sase/sspm", outputDir: "products/sase/api/sspm", sidebarOptions: { groupPathsBy: "tag" }, diff --git a/products/sase/api/sspm/api-workflow.md b/products/sase/api/sspm/api-workflow.md index 257512e0c..241020f06 100644 --- a/products/sase/api/sspm/api-workflow.md +++ b/products/sase/api/sspm/api-workflow.md @@ -1,10 +1,75 @@ --- id: api-workflow -title: Multitenant Notifications APIs -sidebar_label: Multitenant Notifications APIs -slug: /sase/api/sspm +title: SaaS Security Posture Management APIs +sidebar_label: ecurity Posture Management APIs keywords: - SASE - Reference - API ---- \ No newline at end of file +--- + +# API Workflow for SaaS Security Posture Management (SSPM) + +Use this guide to interact with SSPM APIs to manage onboarded SaaS applications, retrieve configuration details, and handle integrations efficiently. + +--- + +## Workflow Steps + +### 1. Retrieve the List of Onboarded Apps +Use the `/sspm/api/v1/apps` API to fetch all onboarded SaaS applications. Each application includes an `app_id`, which you will use in subsequent API calls. For more information on how to onboard SaaS applications, read the [SaaS Onboarding guide](https://docs.paloaltonetworks.com/saas-security/saas-security-admin/saas-security-sspm/onboard-saas-apps-supported-by-sspm/onboarding-overview-for-supported-saas-apps). + +--- + +### 2. Fetch Details for an Onboarded App +Use the `app_id` from the previous step to access detailed information about a specific onboarded app: +- Use `/sspm/api/v1/apps/{app_id}` to fetch the application's basic details. +- Use `/sspm/api/v1/apps/{app_id}/configs` to retrieve the app's configuration details. +- Use `/sspm/api/v1/apps/{app_id}/settings` to access specific app settings. + +--- + +### 3. Retrieve the Catalog of Supported SSPM Apps +Call the `/sspm/api/v1/catalog/apps` API to get a catalog of all supported SSPM apps. Each catalog entry includes an app name, which you will use in subsequent API calls. + +--- + +### 4. Fetch details for a Catalog App +Use the app name from the catalog to retrieve additional details about a specific app: +- Use `/sspm/api/v1/catalog/apps/{app}` to get general information about the app. +- Use `/sspm/api/v1/catalog/apps/{app}/configs` to fetch configuration details. +- Use `/sspm/api/v1/catalog/apps/{app}/scopes` to access scope information for the app. +- Use `/sspm/api/v1/auth/{app}/info` to retrieve authentication details. + +--- + +### 5. Retrieve Common Control Details +Find the `common_control` or `common_control_id` values in the responses of the following APIs: +- `/sspm/api/v1/apps/{app_id}/configs` +- `/sspm/api/v1/catalog/apps/{app}/configs` + +Use the `/sspm/api/v1/catalog/controls/{common_control_id}` API to retrieve detailed information about the common control. + +--- + +### 6. Retrieve Integration Projects +Call `/sspm/api/v1/integration/integrations/{integration_id}/{integrationType}/projects` to get a list of integration projects for a specific `integration_id`. The response includes project keys for further actions. + +--- + +### 7. Fetch Details for a Specific Project +Use `/sspm/api/v1/integration/integrations/{integration_id}/{integrationType}/project/{key}` to retrieve detailed information about a project. The response includes issue keys that you can use in the next step. + +--- + +### 8. Fetch Details for a Specific Issue +Call `/sspm/api/v1/integration/integrations/{integration_id}/{integrationType}/issue/{key}` to retrieve detailed information about a specific issue using the issue key. + +--- + +## Summary +This workflow provides a structured way to: +- Retrieve onboarded and cataloged apps. +- Access detailed app configurations and settings. +- Manage common controls for enhanced security. +- Handle integration projects and resolve issues. \ No newline at end of file diff --git a/products/sase/api/sspm/intro.md b/products/sase/api/sspm/intro.md index aba397edc..1d783264d 100644 --- a/products/sase/api/sspm/intro.md +++ b/products/sase/api/sspm/intro.md @@ -1,9 +1,40 @@ --- id: intro -title: Multitenant Notifications APIs -sidebar_label: Multitenant Notifications APIs +title: SaaS Security Posture Management APIs +sidebar_label: Security Posture Management APIs +slug: /sase/api/sspm keywords: - SASE - Reference - API ---- \ No newline at end of file +--- + +## Introduction to Prisma Access SaaS Security Posture Management APIs + +### What is SaaS Security Posture Management? +SaaS Security Posture Management (SSPM) APIs provide tools for continuous monitoring, detection of misconfigured SaaS application settings. + +### Why Use SSPM APIs? +Integrate SSPM APIs to: +- Monitor and manage security configurations. +- Ensure compliance with security best practices. + +### Key Features +- Misconfiguration detection and prioritization. +- Automated and manual remediation workflows. +- Integration support for multiple SaaS applications. + +### How SSPM Works +1. **Discover SaaS Applications**: Onboard and monitor SaaS apps. +2. **Analyze Configurations**: Fetch assessments and detect misconfigurations. +3. **Remediate Issues**: Resolve misconfigurations programmatically. +4. **Monitor Continuously**: Keep apps secure through automated monitoring. + +### Prerequisites +- Access to SSPM. +- API token for authentication. + +For more information about SSPM, see +[SaaS Security Posture Management](https://docs.paloaltonetworks.com/saas-security/saas-security-admin/saas-security-sspm/get-started-with-sspm/whats-sspm) + +These APIs use the [common SASE authentication](/sase/docs/getstarted) for service access and authorization. diff --git a/products/sase/docs/sspm/getting-started.md b/products/sase/docs/sspm/getting-started.md deleted file mode 100644 index 8fcb39f29..000000000 --- a/products/sase/docs/sspm/getting-started.md +++ /dev/null @@ -1,10 +0,0 @@ ---- -id: getting-started -title: Aggregate Monitoring APIs -description: Aggregate Monitoring APIs -hide_title: true -slug: /sase/docs/sspm -hide_table_of_contents: false -keywords: - - sase ---- \ No newline at end of file diff --git a/products/sase/sidebars.ts b/products/sase/sidebars.ts index b5bca9786..d03aa2f01 100644 --- a/products/sase/sidebars.ts +++ b/products/sase/sidebars.ts @@ -306,7 +306,7 @@ module.exports = { securityposture: [ "sase/api/sspm/intro", "sase/api/sspm/api-workflow", - require("./api/mt-interconnect/sidebar"), + require("./api/sspm/sidebar"), ], sasesubscription: [ "sase/api/subscription/subscription-api", From f17c042bb3eb19da6eb1ff2f2c893d12cb464512 Mon Sep 17 00:00:00 2001 From: sra Date: Wed, 18 Dec 2024 18:39:55 +0530 Subject: [PATCH 03/14] DOCS-7072 Local server builds and will be creating a PR and send for review --- openapi-specs/sase/sspm/SSPMconsolidated.yaml | 95 ++++++------ products/sase/api/sspm/api-workflow.md | 75 --------- products/sase/api/sspm/sspm-api-workflow.md | 146 ++++++++++++++++++ .../sspm/{intro.md => sspm-introduction.md} | 5 +- products/sase/sidebars.ts | 4 +- 5 files changed, 197 insertions(+), 128 deletions(-) delete mode 100644 products/sase/api/sspm/api-workflow.md create mode 100644 products/sase/api/sspm/sspm-api-workflow.md rename products/sase/api/sspm/{intro.md => sspm-introduction.md} (94%) diff --git a/openapi-specs/sase/sspm/SSPMconsolidated.yaml b/openapi-specs/sase/sspm/SSPMconsolidated.yaml index 9f3fc8207..4af1b3c64 100644 --- a/openapi-specs/sase/sspm/SSPMconsolidated.yaml +++ b/openapi-specs/sase/sspm/SSPMconsolidated.yaml @@ -475,16 +475,16 @@ components: info: contact: email: support@paloaltonetworks.com - description: "This Open API spec file represents the APIs available for\n[Palo Alto\ - \ Networks SSPM](https://docs.paloaltonetworks.com/NEED-URL) APIs. \n??? Add description\ - \ ???\nThese APIs use the common SASE authentication mechanism and base URL. See\ - \ the\n[Prisma SASE API Get Started](https://pan.dev/sase/docs/getstarted) guide\ - \ for more information.\n\nThis Open API spec file was created on December 16,\ - \ 2024. To check for a more recent version of this file, see\n[Interconnect APIs\ - \ on pan.dev](https://pan.dev/sase/api/mt-sp-interconnect/mt-interconnect-api.html).\ - \ ??? Add respective URL ???\n\n\xA9 2024 Palo Alto Networks, Inc. Palo Alto Networks\ - \ is a registered trademark of Palo\nAlto Networks. A list of our trademarks can\ - \ be found at\n\n[https://www.paloaltonetworks.com/company/trademarks.html](https://www.paloaltonetworks.com/company/trademarks.html)\n\ + description: "This Open API spec file represents the APIs available for [Palo Alto\ + \ Networks SSPM](https://docs.paloaltonetworks.com/NEED-URL) APIs. \nSaaS Security\ + \ Posture Management (SSPM) APIs provide tools for continuous monitoring, detection\ + \ of misconfigured SaaS application settings.\nThese APIs use the common SASE\ + \ authentication mechanism and base URL. \nSee the [Prisma SASE API Get Started](https://pan.dev/sase/docs/getstarted)\ + \ guide for more information.\n\nThis Open API spec file was created on December\ + \ 18, 2024. To check for a more recent version of this file, see\n[SaaS Security\ + \ Posture Management APIs on pan.dev](https://pan.dev/sase/api/sspm/sspm-api.html).\n\ + \n\xA9 2024 Palo Alto Networks, Inc. Palo Alto Networks is a registered trademark\ + \ of Palo\nAlto Networks. A list of our trademarks can be found at\n\n[https://www.paloaltonetworks.com/company/trademarks.html](https://www.paloaltonetworks.com/company/trademarks.html)\n\ \nAll other marks mentioned herein may be trademarks of their respective companies.\n" title: SaaS Security Posture Management APIs version: '1.0' @@ -492,7 +492,7 @@ openapi: 3.0.1 paths: /sspm/api/v1/apps: get: - description: 'You can use this API to get the list of onboarded SaaS applications. + description: 'Retrieve the list of onboarded SaaS applications. ' operationId: get-sspm-api-v1-apps @@ -530,8 +530,8 @@ paths: - Registered Application /sspm/api/v1/apps/{app_id}: get: - description: 'You can use this API to get the basic details of the application - by providing app ID and tenant name. + description: 'Retrieve the basic details of the application by providing app + ID and tenant name. ' operationId: get-sspm-api-v1-apps-app_id @@ -559,8 +559,8 @@ paths: - Registered Application /sspm/api/v1/apps/{app_id}/configs: get: - description: 'You can use this API to get details on the application configuration - by providing app ID and tenant name. + description: 'Retrieve details on the application configuration by providing + app ID and tenant name. ' operationId: get-sspm-api-v1-apps-app_id-configs @@ -590,8 +590,8 @@ paths: - Registered Application /sspm/api/v1/apps/{app_id}/settings: get: - description: "You can use this API to get the details on the settings of the\ - \ SaaS application by providing app ID and tenant name. \n" + description: "Retrieve details on the settings of the SaaS application by providing\ + \ app ID and tenant name. \n" operationId: get-sspm-api-v1-apps-app_id-settings parameters: - description: application id @@ -619,8 +619,7 @@ paths: - Registered Application /sspm/api/v1/auth/{app}/info: get: - description: 'You can use this API to get details on the application authorization - in the catalog. + description: 'Retrieve details on the application authorization in the catalog. ' operationId: get-sspm-api-v1-auth-app-info @@ -645,11 +644,10 @@ paths: - Bearer: [] summary: Authorization information tags: - - Information + - Authorization /sspm/api/v1/catalog/apps: get: - description: "You can use this API to get details on all the supported SSPM\ - \ applications. \n" + description: "Retrieve details on all the supported SSPM applications. \n" operationId: get-sspm-api-v1-catalog-apps responses: '200': @@ -665,8 +663,8 @@ paths: - Catalog Information /sspm/api/v1/catalog/apps/{app}: get: - description: "You can use this API to get details on the catalog settings for\ - \ the application by providing application type. \n" + description: "Retrieve details on the catalog settings for the application by\ + \ providing application type. \n" operationId: get-sspm-api-v1-catalog-apps-app parameters: - description: application name @@ -690,8 +688,8 @@ paths: - Catalog Information /sspm/api/v1/catalog/apps/{app}/configs: get: - description: 'You can use this API to get details on the catalog configuration - settings by providing application type. + description: 'Retrieve details on the catalog configuration settings by providing + application type. ' operationId: get-sspm-api-v1-catalog-apps-app-configs @@ -719,7 +717,8 @@ paths: - Catalog Information /sspm/api/v1/catalog/apps/{app}/scopes: get: - description: "??? Add description ??? \n" + description: "Retrieve plugin scope catalog for the application using application\ + \ type. \n" operationId: get-sspm-api-v1-catalog-apps-app-scopes parameters: - description: application name @@ -740,12 +739,14 @@ paths: description: successful operation security: - Bearer: [] - summary: Fetch plugin scope catalog for for given app by app_type + summary: Plugin scope catalog tags: - Catalog Information /sspm/api/v1/catalog/controls/{common_control_id}: get: - description: "??? Add description ??? \n" + description: 'Retrieve a compliance profile mappings for common control ID. + + ' operationId: get-sspm-api-v1-catalog-controls-common_control_id parameters: - description: common control id @@ -764,12 +765,15 @@ paths: description: successful operation security: - Bearer: [] - summary: compliance profile mappings for given common control + summary: Compliance profile mappings tags: - Catalog Information /sspm/api/v1/integration/integrations/{integration_id}/{integration_type}/issue/{key}: get: - description: "??? Add description ??? \n" + description: 'Retrieve detailed information about a specific issue using the + issue key. + + ' operationId: get-sspm-api-v1-integration-integrations-integration_id-integration_type-issue-key parameters: - description: integration id @@ -804,12 +808,13 @@ paths: description: not registered jira-ticketing integration security: - Bearer: [] - summary: Fetch onboarded JIRA ticketing issue details by key + summary: JIRA ticket issue details tags: - - JIRA Issue + - JIRA /sspm/api/v1/integration/integrations/{integration_id}/{integration_type}/project/{key}: get: - description: "??? Add description ??? \n" + description: "Retrieve detailed information about a project. \nThe response\ + \ includes issue keys that you can use in the next step.\n" operationId: get-sspm-api-v1-integration-integrations-integration_id-integration_type-project-key parameters: - description: integration id @@ -844,12 +849,12 @@ paths: description: not registered jira-ticketing integration security: - Bearer: [] - summary: Fetch onboarded JIRA ticketing project details by key + summary: Get specific information using issue key tags: - - JIRA Issue + - JIRA /sspm/api/v1/integration/integrations/{integration_id}/{integration_type}/projects: get: - description: "??? Add description ??? \n" + description: "Retrieve a list of JIRA tickets. \n" operationId: get-sspm-api-v1-integration-integrations-integration_id-integration_type-projects parameters: - description: integration id @@ -877,23 +882,19 @@ paths: description: not registered jira-ticketing integration security: - Bearer: [] - summary: Fetch onboarded JIRA ticketing project list + summary: List JIRA tickets tags: - - JIRA Issue + - JIRA servers: - url: https://api.sase.paloaltonetworks.com tags: -- description: '??? Add description ??? +- description: 'Get registered application ' name: Registered Application -- description: '??? Add description ??? - - ' - name: Information -- description: '??? Add description ??? - - ' +- description: "Get authorization details for the given application. \n" + name: Authorization information +- description: "Get catalog information for the application. \n" name: Catalog Information - description: 'Get JIRA issue details. diff --git a/products/sase/api/sspm/api-workflow.md b/products/sase/api/sspm/api-workflow.md deleted file mode 100644 index 241020f06..000000000 --- a/products/sase/api/sspm/api-workflow.md +++ /dev/null @@ -1,75 +0,0 @@ ---- -id: api-workflow -title: SaaS Security Posture Management APIs -sidebar_label: ecurity Posture Management APIs -keywords: - - SASE - - Reference - - API ---- - -# API Workflow for SaaS Security Posture Management (SSPM) - -Use this guide to interact with SSPM APIs to manage onboarded SaaS applications, retrieve configuration details, and handle integrations efficiently. - ---- - -## Workflow Steps - -### 1. Retrieve the List of Onboarded Apps -Use the `/sspm/api/v1/apps` API to fetch all onboarded SaaS applications. Each application includes an `app_id`, which you will use in subsequent API calls. For more information on how to onboard SaaS applications, read the [SaaS Onboarding guide](https://docs.paloaltonetworks.com/saas-security/saas-security-admin/saas-security-sspm/onboard-saas-apps-supported-by-sspm/onboarding-overview-for-supported-saas-apps). - ---- - -### 2. Fetch Details for an Onboarded App -Use the `app_id` from the previous step to access detailed information about a specific onboarded app: -- Use `/sspm/api/v1/apps/{app_id}` to fetch the application's basic details. -- Use `/sspm/api/v1/apps/{app_id}/configs` to retrieve the app's configuration details. -- Use `/sspm/api/v1/apps/{app_id}/settings` to access specific app settings. - ---- - -### 3. Retrieve the Catalog of Supported SSPM Apps -Call the `/sspm/api/v1/catalog/apps` API to get a catalog of all supported SSPM apps. Each catalog entry includes an app name, which you will use in subsequent API calls. - ---- - -### 4. Fetch details for a Catalog App -Use the app name from the catalog to retrieve additional details about a specific app: -- Use `/sspm/api/v1/catalog/apps/{app}` to get general information about the app. -- Use `/sspm/api/v1/catalog/apps/{app}/configs` to fetch configuration details. -- Use `/sspm/api/v1/catalog/apps/{app}/scopes` to access scope information for the app. -- Use `/sspm/api/v1/auth/{app}/info` to retrieve authentication details. - ---- - -### 5. Retrieve Common Control Details -Find the `common_control` or `common_control_id` values in the responses of the following APIs: -- `/sspm/api/v1/apps/{app_id}/configs` -- `/sspm/api/v1/catalog/apps/{app}/configs` - -Use the `/sspm/api/v1/catalog/controls/{common_control_id}` API to retrieve detailed information about the common control. - ---- - -### 6. Retrieve Integration Projects -Call `/sspm/api/v1/integration/integrations/{integration_id}/{integrationType}/projects` to get a list of integration projects for a specific `integration_id`. The response includes project keys for further actions. - ---- - -### 7. Fetch Details for a Specific Project -Use `/sspm/api/v1/integration/integrations/{integration_id}/{integrationType}/project/{key}` to retrieve detailed information about a project. The response includes issue keys that you can use in the next step. - ---- - -### 8. Fetch Details for a Specific Issue -Call `/sspm/api/v1/integration/integrations/{integration_id}/{integrationType}/issue/{key}` to retrieve detailed information about a specific issue using the issue key. - ---- - -## Summary -This workflow provides a structured way to: -- Retrieve onboarded and cataloged apps. -- Access detailed app configurations and settings. -- Manage common controls for enhanced security. -- Handle integration projects and resolve issues. \ No newline at end of file diff --git a/products/sase/api/sspm/sspm-api-workflow.md b/products/sase/api/sspm/sspm-api-workflow.md new file mode 100644 index 000000000..4d1068a96 --- /dev/null +++ b/products/sase/api/sspm/sspm-api-workflow.md @@ -0,0 +1,146 @@ +--- +id: sspm-api-workflow +title: API Workflow +sidebar_label: SaaS Security Posture Management API workflow +keywords: + - SASE + - Reference + - API +--- +SSPM APIs enable you to manage onboarded SaaS applications, retrieve configuration details, and handle integrations efficiently. + +## Summary +This guide provides a structured workflow to: +- Retrieve onboarded and cataloged applications. +- Access detailed app configurations and settings. +- Manage common controls for enhanced security. +- Handle integration projects and resolve issues. + +### 1. Retrieve the List of Onboarded Applications +Use the [List of Applications](/sase/api/sspm/get-sspm-api-v-1-apps/) API to fetch all onboarded SaaS applications. Each application includes an `app_id`, which you will use in subsequent API calls. Refer to the [SaaS Onboarding Guide](https://docs.paloaltonetworks.com/saas-security/saas-security-admin/saas-security-sspm/onboard-saas-apps-supported-by-sspm/onboarding-overview-for-supported-saas-apps) for onboarding details. + +#### Request Example +```bash +curl -L 'https://api.sase.paloaltonetworks.com/sspm/api/v1/apps' \ + -H 'Accept: application/json' \ + -H 'Authorization: Bearer ' +``` + +### 2. Fetch Details for an Onboarded Application +Use the `app_id` from the previous step to access detailed information about a specific onboarded application. + +#### Fetch Basic Details +Use the [Application Details](/sase/api/sspm/get-sspm-api-v-1-apps-app-id/) API to retrieve the application's basic details. + +#### Request Example +```bash +curl -L 'https://api.sase.paloaltonetworks.com/sspm/api/v1/apps/:app_id' \ + -H 'Accept: application/json' \ + -H 'Authorization: Bearer ' +``` + +#### Retrieve Configuration Details +Call [Application Configuration](/sase/api/sspm/get-sspm-api-v-1-apps-app-id-configs/) to fetch configuration details. + +#### Request Example +```bash +curl -L 'https://api.sase.paloaltonetworks.com/sspm/api/v1/apps/:app_id/configs' \ + -H 'Accept: application/json' \ + -H 'Authorization: Bearer ' +``` + +#### Access Application Settings +Use the [Application Settings](/sase/api/sspm/get-sspm-api-v-1-apps-app-id-settings/) API to access specific settings. + +#### Request Example +```bash +curl -L 'https://api.sase.paloaltonetworks.com/sspm/api/v1/apps/:app_id/settings' \ + -H 'Accept: application/json' \ + -H 'Authorization: Bearer ' +``` + +### 3. Retrieve the Catalog of Supported SSPM Applications +Use the [Supported SSPM Application Catalog](/sase/api/sspm/get-sspm-api-v-1-catalog-apps/) API to fetch a list of all supported applications. Each catalog entry includes an app name for further API calls. + +#### Request Example +```bash +curl -L 'https://api.sase.paloaltonetworks.com/sspm/api/v1/catalog/apps' \ + -H 'Accept: application/json' \ + -H 'Authorization: Bearer ' +``` + +#### Fetch Catalog App Details +Retrieve detailed information about a specific app using the app name. + +#### Request Example +```bash +curl -L 'https://api.sase.paloaltonetworks.com/sspm/api/v1/catalog/apps/:app' \ + -H 'Accept: application/json' \ + -H 'Authorization: Bearer ' +``` + +#### Fetch Configuration Details +Call the [Configuration Details](/sase/api/sspm/get-sspm-api-v-1-catalog-apps-app-configs/) API to retrieve configuration settings. + +#### Request Example +```bash +curl -L 'https://api.sase.paloaltonetworks.com/sspm/api/v1/catalog/apps/:app/configs' \ + -H 'Accept: application/json' \ + -H 'Authorization: Bearer ' +``` + +#### Retrieve Scope Information +Use the [Application Catalog Scope](/sase/api/sspm/get-sspm-api-v-1-catalog-apps-app-scopes/) API to access scope details. + +#### Request Example +```bash +curl -L 'https://api.sase.paloaltonetworks.com/sspm/api/v1/catalog/apps/:app/scopes' \ + -H 'Accept: application/json' \ + -H 'Authorization: Bearer ' +``` + +#### Fetch Authentication Details +Call [Application Authorization](/sase/api/sspm/get-sspm-api-v-1-auth-app-info/) to retrieve authentication details. + +#### Request Example +```bash +curl -L 'https://api.sase.paloaltonetworks.com/sspm/api/v1/auth/:app/info' \ + -H 'Accept: application/json' \ + -H 'Authorization: Bearer ' +``` + +### 4. Retrieve Common Control Details +Find `common_control` or `common_control_id` values in the responses from: +- `/sspm/api/v1/apps/{app_id}/configs` +- `/sspm/api/v1/catalog/apps/{app}/configs` + +Then, call the `/sspm/api/v1/catalog/controls/{common_control_id}` API to retrieve detailed information about the common control. + +### 5. Retrieve Integration Projects +Call [JIRA Ticket Details](/sase/api/sspm/get-sspm-api-v-1-integration-integrations-integration-id-integration-type-projects/) to get a list of integration projects for a specific `integration_id`. The response includes project keys for further actions. + +#### Request Example +```bash +curl -L 'https://api.sase.paloaltonetworks.com/sspm/api/v1/integration/integrations/:integration_id/:integration_type/projects' \ + -H 'Accept: application/json' \ + -H 'Authorization: Bearer ' +``` + +#### Fetch Specific Project Details +Use [Specific Project Details](/sase/api/sspm/get-sspm-api-v-1-integration-integrations-integration-id-integration-type-project-key/) to retrieve details about a project. The response includes issue keys for further steps. + +#### Request Example +```bash +curl -L 'https://api.sase.paloaltonetworks.com/sspm/api/v1/integration/integrations/:integration_id/:integration_type/project/:key' \ + -H 'Accept: application/json' \ + -H 'Authorization: Bearer ' +``` + +### 6. Fetch Details for a Specific Issue +Call [Specific Issue Details](/sase/api/sspm/get-sspm-api-v-1-integration-integrations-integration-id-integration-type-issue-key/) to retrieve information about a specific issue using the issue key. + +#### Request Example +```bash +curl -L 'https://api.sase.paloaltonetworks.com/sspm/api/v1/integration/integrations/:integration_id/:integration_type/issue/:key' \ + -H 'Accept: application/json' \ + -H 'Authorization: Bearer ' \ No newline at end of file diff --git a/products/sase/api/sspm/intro.md b/products/sase/api/sspm/sspm-introduction.md similarity index 94% rename from products/sase/api/sspm/intro.md rename to products/sase/api/sspm/sspm-introduction.md index 1d783264d..235a67108 100644 --- a/products/sase/api/sspm/intro.md +++ b/products/sase/api/sspm/sspm-introduction.md @@ -1,5 +1,5 @@ --- -id: intro +id: sspm-introduction title: SaaS Security Posture Management APIs sidebar_label: Security Posture Management APIs slug: /sase/api/sspm @@ -8,9 +8,6 @@ keywords: - Reference - API --- - -## Introduction to Prisma Access SaaS Security Posture Management APIs - ### What is SaaS Security Posture Management? SaaS Security Posture Management (SSPM) APIs provide tools for continuous monitoring, detection of misconfigured SaaS application settings. diff --git a/products/sase/sidebars.ts b/products/sase/sidebars.ts index d03aa2f01..d9547b789 100644 --- a/products/sase/sidebars.ts +++ b/products/sase/sidebars.ts @@ -304,8 +304,8 @@ module.exports = { require("./api/mt-interconnect/sidebar"), ], securityposture: [ - "sase/api/sspm/intro", - "sase/api/sspm/api-workflow", + "sase/api/sspm/sspm-introduction", + "sase/api/sspm/sspm-api-workflow", require("./api/sspm/sidebar"), ], sasesubscription: [ From 1171338a224fc4fcef41b314e45a50c65cd862d9 Mon Sep 17 00:00:00 2001 From: sra Date: Thu, 19 Dec 2024 17:39:32 +0530 Subject: [PATCH 04/14] made minor update in the introduction.md file. --- products/sase/api/sspm/sspm-introduction.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/products/sase/api/sspm/sspm-introduction.md b/products/sase/api/sspm/sspm-introduction.md index 235a67108..fbbb6d2dc 100644 --- a/products/sase/api/sspm/sspm-introduction.md +++ b/products/sase/api/sspm/sspm-introduction.md @@ -18,8 +18,7 @@ Integrate SSPM APIs to: ### Key Features - Misconfiguration detection and prioritization. -- Automated and manual remediation workflows. -- Integration support for multiple SaaS applications. +- Provides real-time monitoring of feature states, operational status, and automated scanning to ensure active and healthy SaaS integrations. ### How SSPM Works 1. **Discover SaaS Applications**: Onboard and monitor SaaS apps. @@ -35,3 +34,4 @@ For more information about SSPM, see [SaaS Security Posture Management](https://docs.paloaltonetworks.com/saas-security/saas-security-admin/saas-security-sspm/get-started-with-sspm/whats-sspm) These APIs use the [common SASE authentication](/sase/docs/getstarted) for service access and authorization. + From 19fe55b2aa3c5c3ab7baa887fb6fcb598e0e6d0b Mon Sep 17 00:00:00 2001 From: sra Date: Thu, 19 Dec 2024 18:02:42 +0530 Subject: [PATCH 05/14] staging changes made in api workflow and intro file. --- products/sase/api/sspm/sspm-api-workflow.md | 32 ++++++++++----------- products/sase/api/sspm/sspm-introduction.md | 6 ++-- 2 files changed, 19 insertions(+), 19 deletions(-) diff --git a/products/sase/api/sspm/sspm-api-workflow.md b/products/sase/api/sspm/sspm-api-workflow.md index 4d1068a96..c84019187 100644 --- a/products/sase/api/sspm/sspm-api-workflow.md +++ b/products/sase/api/sspm/sspm-api-workflow.md @@ -7,7 +7,7 @@ keywords: - Reference - API --- -SSPM APIs enable you to manage onboarded SaaS applications, retrieve configuration details, and handle integrations efficiently. +SaaS Security Posture Management(SSPM) APIs enable you to manage onboarded SaaS applications, retrieve configuration details, and handle integrations efficiently. ## Summary This guide provides a structured workflow to: @@ -16,7 +16,7 @@ This guide provides a structured workflow to: - Manage common controls for enhanced security. - Handle integration projects and resolve issues. -### 1. Retrieve the List of Onboarded Applications +### 1. Retrieve the list of onboarded applications Use the [List of Applications](/sase/api/sspm/get-sspm-api-v-1-apps/) API to fetch all onboarded SaaS applications. Each application includes an `app_id`, which you will use in subsequent API calls. Refer to the [SaaS Onboarding Guide](https://docs.paloaltonetworks.com/saas-security/saas-security-admin/saas-security-sspm/onboard-saas-apps-supported-by-sspm/onboarding-overview-for-supported-saas-apps) for onboarding details. #### Request Example @@ -26,10 +26,10 @@ curl -L 'https://api.sase.paloaltonetworks.com/sspm/api/v1/apps' \ -H 'Authorization: Bearer ' ``` -### 2. Fetch Details for an Onboarded Application +### 2. Fetch details for an onboarded application Use the `app_id` from the previous step to access detailed information about a specific onboarded application. -#### Fetch Basic Details +#### Fetch basic details Use the [Application Details](/sase/api/sspm/get-sspm-api-v-1-apps-app-id/) API to retrieve the application's basic details. #### Request Example @@ -39,7 +39,7 @@ curl -L 'https://api.sase.paloaltonetworks.com/sspm/api/v1/apps/:app_id' \ -H 'Authorization: Bearer ' ``` -#### Retrieve Configuration Details +#### Retrieve configuration details Call [Application Configuration](/sase/api/sspm/get-sspm-api-v-1-apps-app-id-configs/) to fetch configuration details. #### Request Example @@ -49,7 +49,7 @@ curl -L 'https://api.sase.paloaltonetworks.com/sspm/api/v1/apps/:app_id/configs' -H 'Authorization: Bearer ' ``` -#### Access Application Settings +#### Access application settings Use the [Application Settings](/sase/api/sspm/get-sspm-api-v-1-apps-app-id-settings/) API to access specific settings. #### Request Example @@ -59,7 +59,7 @@ curl -L 'https://api.sase.paloaltonetworks.com/sspm/api/v1/apps/:app_id/settings -H 'Authorization: Bearer ' ``` -### 3. Retrieve the Catalog of Supported SSPM Applications +### 3. Retrieve the catalog of supported SSPM applications Use the [Supported SSPM Application Catalog](/sase/api/sspm/get-sspm-api-v-1-catalog-apps/) API to fetch a list of all supported applications. Each catalog entry includes an app name for further API calls. #### Request Example @@ -69,7 +69,7 @@ curl -L 'https://api.sase.paloaltonetworks.com/sspm/api/v1/catalog/apps' \ -H 'Authorization: Bearer ' ``` -#### Fetch Catalog App Details +#### Fetch catalog application details Retrieve detailed information about a specific app using the app name. #### Request Example @@ -79,7 +79,7 @@ curl -L 'https://api.sase.paloaltonetworks.com/sspm/api/v1/catalog/apps/:app' \ -H 'Authorization: Bearer ' ``` -#### Fetch Configuration Details +#### Fetch configuration details Call the [Configuration Details](/sase/api/sspm/get-sspm-api-v-1-catalog-apps-app-configs/) API to retrieve configuration settings. #### Request Example @@ -89,7 +89,7 @@ curl -L 'https://api.sase.paloaltonetworks.com/sspm/api/v1/catalog/apps/:app/con -H 'Authorization: Bearer ' ``` -#### Retrieve Scope Information +#### Retrieve application catalog scope information Use the [Application Catalog Scope](/sase/api/sspm/get-sspm-api-v-1-catalog-apps-app-scopes/) API to access scope details. #### Request Example @@ -99,7 +99,7 @@ curl -L 'https://api.sase.paloaltonetworks.com/sspm/api/v1/catalog/apps/:app/sco -H 'Authorization: Bearer ' ``` -#### Fetch Authentication Details +#### Fetch authentication details Call [Application Authorization](/sase/api/sspm/get-sspm-api-v-1-auth-app-info/) to retrieve authentication details. #### Request Example @@ -109,14 +109,14 @@ curl -L 'https://api.sase.paloaltonetworks.com/sspm/api/v1/auth/:app/info' \ -H 'Authorization: Bearer ' ``` -### 4. Retrieve Common Control Details +### 4. Retrieve common control details Find `common_control` or `common_control_id` values in the responses from: - `/sspm/api/v1/apps/{app_id}/configs` - `/sspm/api/v1/catalog/apps/{app}/configs` Then, call the `/sspm/api/v1/catalog/controls/{common_control_id}` API to retrieve detailed information about the common control. -### 5. Retrieve Integration Projects +### 5. Retrieve integration projects Call [JIRA Ticket Details](/sase/api/sspm/get-sspm-api-v-1-integration-integrations-integration-id-integration-type-projects/) to get a list of integration projects for a specific `integration_id`. The response includes project keys for further actions. #### Request Example @@ -126,7 +126,7 @@ curl -L 'https://api.sase.paloaltonetworks.com/sspm/api/v1/integration/integrati -H 'Authorization: Bearer ' ``` -#### Fetch Specific Project Details +#### Fetch specific project details Use [Specific Project Details](/sase/api/sspm/get-sspm-api-v-1-integration-integrations-integration-id-integration-type-project-key/) to retrieve details about a project. The response includes issue keys for further steps. #### Request Example @@ -136,11 +136,11 @@ curl -L 'https://api.sase.paloaltonetworks.com/sspm/api/v1/integration/integrati -H 'Authorization: Bearer ' ``` -### 6. Fetch Details for a Specific Issue +### 6. Fetch details for a specific issue Call [Specific Issue Details](/sase/api/sspm/get-sspm-api-v-1-integration-integrations-integration-id-integration-type-issue-key/) to retrieve information about a specific issue using the issue key. #### Request Example ```bash curl -L 'https://api.sase.paloaltonetworks.com/sspm/api/v1/integration/integrations/:integration_id/:integration_type/issue/:key' \ -H 'Accept: application/json' \ - -H 'Authorization: Bearer ' \ No newline at end of file + -H 'Authorization: Bearer ' diff --git a/products/sase/api/sspm/sspm-introduction.md b/products/sase/api/sspm/sspm-introduction.md index fbbb6d2dc..0b123a3b7 100644 --- a/products/sase/api/sspm/sspm-introduction.md +++ b/products/sase/api/sspm/sspm-introduction.md @@ -2,7 +2,7 @@ id: sspm-introduction title: SaaS Security Posture Management APIs sidebar_label: Security Posture Management APIs -slug: /sase/api/sspm +slug: /sase/api/sspm-introduction keywords: - SASE - Reference @@ -18,10 +18,10 @@ Integrate SSPM APIs to: ### Key Features - Misconfiguration detection and prioritization. -- Provides real-time monitoring of feature states, operational status, and automated scanning to ensure active and healthy SaaS integrations. +- **Monitor SSPM Service and SaaS Integrations**: Track the health and status of the SSPM service and integrated SaaS applications, with real-time feature state monitoring and automated scans. ### How SSPM Works -1. **Discover SaaS Applications**: Onboard and monitor SaaS apps. +1. **Discover SaaS Applications**: Onboard and monitor SaaS application. 2. **Analyze Configurations**: Fetch assessments and detect misconfigurations. 3. **Remediate Issues**: Resolve misconfigurations programmatically. 4. **Monitor Continuously**: Keep apps secure through automated monitoring. From 654a21407f6e7ea371c68c10dff758c2ed3b1fa1 Mon Sep 17 00:00:00 2001 From: sra Date: Mon, 23 Dec 2024 09:26:26 +0530 Subject: [PATCH 06/14] DOCS-7072 Made changes in the schema descriptions --- openapi-specs/sase/sspm/SSPMconsolidated.yaml | 290 +++++++++++++++--- products/sase/api/sspm/sspm-introduction.md | 4 +- 2 files changed, 250 insertions(+), 44 deletions(-) diff --git a/openapi-specs/sase/sspm/SSPMconsolidated.yaml b/openapi-specs/sase/sspm/SSPMconsolidated.yaml index 4af1b3c64..90d0b1811 100644 --- a/openapi-specs/sase/sspm/SSPMconsolidated.yaml +++ b/openapi-specs/sase/sspm/SSPMconsolidated.yaml @@ -1,40 +1,55 @@ components: schemas: Application: + description: 'Represents a registered SSPM application with its properties and + status. + + ' properties: app_id: + description: Unique identifier for the application. type: string app_settings: additionalProperties: type: string + description: Custom settings for the application as key-value pairs. type: object changed_at: + description: Timestamp of the last change to the application. format: date-time type: string changed_by: + description: Identifier of the user who last modified the application. type: string configs: additionalProperties: type: string + description: Configuration settings for the application as key-value pairs. type: object created_at: + description: Timestamp of when the application was created. format: date-time type: string created_by: + description: Identifier of the user who created the application. type: string fawkes_url: + description: URL associated with the Fawkes system for this application. type: string features_metadata: additionalProperties: additionalProperties: type: string type: object + description: Metadata for application features. type: object features_state: additionalProperties: $ref: '#/components/schemas/FeatureState' + description: Current state of application features. type: object health_status: + description: Current health status of the application. enum: - Up - Unhealthy @@ -43,6 +58,7 @@ components: - Scanning type: string instance_label: + description: Label indicating the type of instance. enum: - Default - Production @@ -52,87 +68,124 @@ components: - Dev type: string last_scanned_at: + description: Timestamp of the last scan performed on the application. format: date-time type: string last_validated_at: + description: Timestamp of the last validation performed on the application. format: date-time type: string missing_configs: + description: List of configuration items that are missing. items: type: string type: array name: + description: Display name of the application. type: string owner: $ref: '#/components/schemas/User' + description: User who owns the application. remediation_enabled: + description: Indicates if automated remediation is enabled for this application. type: boolean scan_interval_minutes: + description: Interval between scans in minutes. format: int32 type: integer status: + description: Current operational status of the application. enum: - Registered - Active - Disabled type: string tenant: + description: Identifier for the tenant associated with this application. type: string tsg_id: + description: Identifier for the TSG associated with this application. type: string type: + description: Type of the application. type: string type: object ApplicationAuthInfo: + description: 'Contains authentication information for an application, including + fields and SSO strategy. + + ' properties: fields: + description: List of authentication form elements. items: $ref: '#/components/schemas/AuthFormElement' type: array sso_fields: + description: List of SSO-specific fields. items: $ref: '#/components/schemas/SsoFields' type: array strategy: + description: Authentication strategy used by the application. enum: - REDIRECT_URL - PROVIDED_CREDENTIALS type: string type: object ApplicationPage: + description: 'Defines a paginated list of applications with metadata. + + ' properties: items: + description: List of application objects. items: type: object type: array limit: + description: Maximum number of items per page. format: int32 type: integer next_path: + description: Path to retrieve the next page of results. type: string prev_path: + description: Path to retrieve the previous page of results. type: string total: + description: Total number of items across all pages. format: int64 type: integer type: object AuthFormElement: + description: 'Represents an element in an authentication form. + + ' discriminator: propertyName: kind properties: kind: + description: Type of form element (FIELD or DOC) enum: - FIELD - DOC type: string type: object CatalogApplication: + description: 'Describes an application in the SSPM catalog, including features + and metadata. + + ' properties: display_name: + description: Name of the application. type: string enabled: + description: Indicates if the application is enabled in the catalog. type: boolean features: + description: List of features supported by the application. items: enum: - SCAN @@ -149,61 +202,89 @@ components: additionalProperties: type: string type: object + description: Additional metadata for application features. type: object lambda: + description: Indicates if the application is a lambda function. type: boolean name: + description: Unique identifier for the application in the catalog. type: string type: object CatalogConfig: + description: 'Specifies a configuration setting in the application catalog with + its properties and remediation options. + + ' properties: __metadata: additionalProperties: type: object + description: Additional metadata for the configuration. properties: empty: type: boolean type: object category: + description: Category of the configuration setting. type: string common_control: + description: Common control identifier associated with this configuration. type: string console_url: + description: URL to the console for managing this configuration. type: string description: - type: string + description: Detailed description of the configuration setting. description_url: + description: URL to additional documentation for this configuration. type: string enabled: + description: Indicates if this configuration is enabled. type: boolean id: + description: Unique identifier for the configuration. type: string name: + description: Display name of the configuration. type: string native_category: + description: Original category in the native system. type: string native_name: + description: Original name in the native system. type: string operator: $ref: '#/components/schemas/CatalogConfigOperator' + description: Operator used for comparing configuration values. optional: + description: Indicates if this configuration is optional. type: boolean remediation: $ref: '#/components/schemas/RemediationConfig' + description: Remediation steps and options for this configuration. remediation_steps: + description: Detailed steps for remediating issues with this configuration. type: string severity: + description: Severity level of the configuration. type: string value: $ref: '#/components/schemas/ConfigValue' + description: Expected or recommended value for the configuration. type: object CatalogConfigOperator: + description: 'Defines an operator for comparing configuration values. + + ' discriminator: propertyName: operator properties: displayValue: + description: Representation of the operator. type: string operator: + description: Type of comparison operator. enum: - equal - not_equal @@ -219,6 +300,7 @@ components: - not_in_range type: string valueType: + description: Data type of the values being compared. enum: - int - double @@ -227,113 +309,174 @@ components: type: string type: object CommonControlProfiles: + description: 'Lists compliance profiles associated with a common control. + + ' properties: id: + description: Unique identifier for the common control. type: string name: + description: Display name of the common control. type: string profiles: + description: List of compliance profiles associated with this control. items: $ref: '#/components/schemas/ComplianceProfile' type: array type: object ComplianceCategory: + description: 'Represents a category of compliance controls. + + ' properties: controls: + description: List of compliance controls in this category. items: $ref: '#/components/schemas/ComplianceControl' type: array name: + description: Name of the compliance category. type: string type: object ComplianceControl: + description: 'Defines a specific compliance control. + + ' properties: description: - type: string + description: Detailed description of the compliance control. id: + description: Unique identifier for the compliance control. type: string type: object ComplianceProfile: + description: 'Represents a compliance profile with categories and controls. + + ' properties: categories: + description: List of compliance categories in this profile. items: $ref: '#/components/schemas/ComplianceCategory' type: array id: + description: Unique identifier for the compliance profile. type: string name: + description: Display name of the compliance profile. type: string type: object Config: + description: 'Represents a scanned configuration for an application, including + its status and related tickets. + + ' properties: app_id: + description: Identifier of the associated application. type: string category: + description: Category of the configuration. type: string common_control_id: + description: Identifier of the associated common control. type: string config_id: + description: Unique identifier for this configuration. type: string console_url: + description: URL to the console for managing this configuration. type: string current_value: + description: Current value of the configuration. type: string description: - type: string + description: Detailed description of the configuration. descriptionUrl: + description: URL to additional documentation for this configuration. type: string id: + description: Unique identifier for this configuration instance. type: string locked: + description: Indicates if the configuration is locked. type: boolean locked_value: + description: Value of the configuration when locked. type: string monitored: + description: Indicates if the configuration is being monitored. type: boolean monitored_attestation: + description: Attestation for monitored configurations. type: string name: + description: Display name of the configuration. type: string operator: + description: Operator used for comparing configuration values. type: string operator_display_value: + description: Human-readable representation of the operator. type: string overridden: + description: Indicates if the configuration has been overridden. type: boolean overridden_value: + description: Value of the configuration when overridden. type: string recommended_value: + description: Recommended value for the configuration. type: string remediation_enabled: + description: Indicates if automated remediation is enabled for this configuration. type: boolean remediation_steps: + description: Steps for remediating issues with this configuration. type: string status: + description: Current status of the configuration. type: string subcategory: + description: Subcategory of the configuration. type: string tenant: + description: Identifier of the associated tenant. type: string tickets: + description: List of tickets related to this configuration. items: $ref: '#/components/schemas/Ticket' type: array type: object ConfigValue: + description: 'Defines the value and type for a configuration setting. + + ' properties: choices: + description: Available choices for the configuration value. type: string default_value: + description: Default value for the configuration. type: string type: + description: Data type of the configuration value. type: string type: object FeatureState: + description: 'Indicates the current state of an application feature, including + scan status and timestamps. + + ' properties: last_scanned_at: + description: Timestamp of the last scan for this feature. format: date-time type: string status: + description: Current status of the feature. enum: - UNKNOWN - OK @@ -342,74 +485,118 @@ components: - SCANNING type: string status_details: + description: Additional details about the feature's status. type: string updated_at: + description: Timestamp of the last update to the feature state. format: date-time type: string type: object JiraIdentity: + description: 'Represents a user identity in Jira. + + ' properties: accountId: + description: Unique identifier for the Jira account. type: string displayName: + description: Display name of the Jira user. type: string type: object JiraIssueFields: + description: 'Contains fields for a Jira issue. + + ' properties: assignee: $ref: '#/components/schemas/JiraIdentity' + description: User assigned to the Jira issue. reporter: $ref: '#/components/schemas/JiraIdentity' + description: User who reported the Jira issue. status: $ref: '#/components/schemas/Status' + description: Current status of the Jira issue. type: object JiraIssueResponse: + description: 'Contains details of a Jira issue, including fields like assignee, + reporter, and status. + + ' properties: fields: $ref: '#/components/schemas/JiraIssueFields' + description: Fields of the Jira issue. type: object JiraIssueType: + description: 'Represents a type of issue in Jira. + + ' properties: id: + description: Unique identifier for the issue type. type: string name: + description: Name of the issue type. type: string type: object JiraProjectDetailResponse: + description: 'Provides information about a Jira project, including available + issue types. + + ' properties: issueTypes: + description: List of issue types available in the Jira project. items: $ref: '#/components/schemas/JiraIssueType' type: array type: object RemediationConfig: + description: 'Defines remediation configuration for a setting. + + ' properties: auto_fix: + description: Indicates if automatic fixing is enabled. type: boolean guide_footer: + description: Footer text for the remediation guide. type: string guide_header: + description: Header text for the remediation guide. type: string guide_steps: + description: Step-by-step instructions for remediation. items: type: string type: array remediation_value: + description: Value to be set during remediation. type: string type: object ScopeConfig: + description: 'Defines a plugin scope configuration for an application. + + ' properties: description: - type: string + description: Detailed description of the scope configuration. enabled: + description: Indicates if this scope is enabled. type: boolean id: + description: Unique identifier for the scope configuration. type: string name: + description: Display name of the scope configuration. type: string native_name: + description: Original name in the native system. type: string severity: + description: Severity level of the scope configuration. type: string type: object SsoFields: @@ -430,38 +617,58 @@ components: - sso_provider type: object Status: + description: 'Represents the status of an item. + + ' properties: name: + description: Name of the status. type: string type: object Ticket: + description: 'Represents a ticket associated with a configuration or issue. + + ' properties: createdAt: + description: Timestamp when the ticket was created. format: date-time type: string integrationId: + description: Identifier of the integration associated with this ticket. type: string summary: + description: Brief summary of the ticket. type: string tenant: + description: Identifier of the tenant associated with this ticket. type: string ticketKey: + description: Unique key for the ticket. type: string ticketUrl: + description: URL to view the ticket. type: string type: + description: Type of ticketing system used. enum: - JIRA_TICKETING - SNOW_TICKETING type: string type: object User: + description: 'Represents a user in the system with basic identification information. + + ' properties: email: + description: Email address of the user. type: string full_name: + description: Full name of the user. type: string user_id: + description: Unique identifier for the user. type: string required: - email @@ -481,7 +688,7 @@ info: \ of misconfigured SaaS application settings.\nThese APIs use the common SASE\ \ authentication mechanism and base URL. \nSee the [Prisma SASE API Get Started](https://pan.dev/sase/docs/getstarted)\ \ guide for more information.\n\nThis Open API spec file was created on December\ - \ 18, 2024. To check for a more recent version of this file, see\n[SaaS Security\ + \ 20, 2024. To check for a more recent version of this file, see\n[SaaS Security\ \ Posture Management APIs on pan.dev](https://pan.dev/sase/api/sspm/sspm-api.html).\n\ \n\xA9 2024 Palo Alto Networks, Inc. Palo Alto Networks is a registered trademark\ \ of Palo\nAlto Networks. A list of our trademarks can be found at\n\n[https://www.paloaltonetworks.com/company/trademarks.html](https://www.paloaltonetworks.com/company/trademarks.html)\n\ @@ -503,14 +710,13 @@ paths: name: filter schema: type: string - - description: 'defines sorting of the result.Format: FIELD_NAME:DIRECTION|FIELD_NAME:DIRECTION|... - .' + - description: Defines the result sorting format as FIELD_NAME:DIRECTION|FIELD_NAME:DIRECTION|.... example: order_by=name:asc|type:desc in: query name: order_by schema: type: string - - description: applies page_token to get requested page of items + - description: Applies the page_token to retrieve the requested page of items. example: page_token=MSM2Iw== in: query name: page_token @@ -522,7 +728,7 @@ paths: application/json: schema: $ref: '#/components/schemas/ApplicationPage' - description: successful operation + description: Successful operation security: - Bearer: [] summary: Get registered application @@ -536,7 +742,7 @@ paths: ' operationId: get-sspm-api-v1-apps-app_id parameters: - - description: application id + - description: Application ID example: f1700e7b-e60f-4d5e-bfce-aba3543adf8e in: path name: app_id @@ -549,9 +755,9 @@ paths: application/json: schema: $ref: '#/components/schemas/Application' - description: successful operation + description: Successful operation '404': - description: not registered application + description: Application not registered. security: - Bearer: [] summary: Application details @@ -565,7 +771,7 @@ paths: ' operationId: get-sspm-api-v1-apps-app_id-configs parameters: - - description: application id + - description: Application ID example: f1700e7b-e60f-4d5e-bfce-aba3543adf8e in: path name: app_id @@ -580,9 +786,9 @@ paths: items: $ref: '#/components/schemas/Config' type: array - description: successful operation + description: Successful operation '404': - description: not registered application + description: Application not registered. security: - Bearer: [] summary: Application configuration details @@ -594,7 +800,7 @@ paths: \ app ID and tenant name. \n" operationId: get-sspm-api-v1-apps-app_id-settings parameters: - - description: application id + - description: Application ID example: f1700e7b-e60f-4d5e-bfce-aba3543adf8e in: path name: app_id @@ -609,9 +815,9 @@ paths: items: $ref: '#/components/schemas/Config' type: array - description: successful operation + description: Successful operation '404': - description: not registered application + description: Application not registered. security: - Bearer: [] summary: Application settings details @@ -624,7 +830,7 @@ paths: ' operationId: get-sspm-api-v1-auth-app-info parameters: - - description: application type + - description: Application type example: office365 in: path name: app @@ -637,9 +843,9 @@ paths: application/json: schema: $ref: '#/components/schemas/ApplicationAuthInfo' - description: successful operation + description: Successful operation '404': - description: not registered application + description: Application not registered. security: - Bearer: [] summary: Authorization information @@ -655,7 +861,7 @@ paths: application/json: schema: $ref: '#/components/schemas/CatalogApplication' - description: successful operation + description: Successful operation security: - Bearer: [] summary: Catalog of supported SSPM apps @@ -667,7 +873,7 @@ paths: \ providing application type. \n" operationId: get-sspm-api-v1-catalog-apps-app parameters: - - description: application name + - description: Application name example: servicenow in: path name: app @@ -680,7 +886,7 @@ paths: application/json: schema: $ref: '#/components/schemas/CatalogApplication' - description: successful operation + description: Successful operation security: - Bearer: [] summary: Catalog setting details @@ -694,7 +900,7 @@ paths: ' operationId: get-sspm-api-v1-catalog-apps-app-configs parameters: - - description: application name + - description: Application name example: servicenow in: path name: app @@ -709,7 +915,7 @@ paths: items: $ref: '#/components/schemas/CatalogConfig' type: array - description: successful operation + description: Successful operation security: - Bearer: [] summary: Catalog configuration settings details @@ -721,7 +927,7 @@ paths: \ type. \n" operationId: get-sspm-api-v1-catalog-apps-app-scopes parameters: - - description: application name + - description: Application name example: servicenow in: path name: app @@ -736,7 +942,7 @@ paths: items: $ref: '#/components/schemas/ScopeConfig' type: array - description: successful operation + description: Successful operation security: - Bearer: [] summary: Plugin scope catalog @@ -749,7 +955,7 @@ paths: ' operationId: get-sspm-api-v1-catalog-controls-common_control_id parameters: - - description: common control id + - description: Common Control ID example: PAN-00000001 in: path name: common_control_id @@ -762,7 +968,7 @@ paths: application/json: schema: $ref: '#/components/schemas/CommonControlProfiles' - description: successful operation + description: Successful operation security: - Bearer: [] summary: Compliance profile mappings @@ -776,21 +982,21 @@ paths: ' operationId: get-sspm-api-v1-integration-integrations-integration_id-integration_type-issue-key parameters: - - description: integration id + - description: Integration ID example: 65dcec42a2f1d37173e6294c in: path name: integration_id required: true schema: type: string - - description: integration type + - description: Integration type example: JIRA_TICKETING in: path name: integration_type required: true schema: type: string - - description: issue key + - description: Issue key example: '10001' in: path name: key @@ -803,9 +1009,9 @@ paths: application/json: schema: $ref: '#/components/schemas/JiraIssueResponse' - description: successful operation + description: Successful operation '404': - description: not registered jira-ticketing integration + description: Jira-ticketing integration not registered. security: - Bearer: [] summary: JIRA ticket issue details @@ -817,14 +1023,14 @@ paths: \ includes issue keys that you can use in the next step.\n" operationId: get-sspm-api-v1-integration-integrations-integration_id-integration_type-project-key parameters: - - description: integration id + - description: Integration ID example: 65dcec42a2f1d37173e6294c in: path name: integration_id required: true schema: type: string - - description: integration type + - description: Integration type example: JIRA_TICKETING in: path name: integration_type @@ -844,9 +1050,9 @@ paths: application/json: schema: $ref: '#/components/schemas/JiraProjectDetailResponse' - description: successful operation + description: Successful operation '404': - description: not registered jira-ticketing integration + description: The Jira-ticketing integration is not registered. security: - Bearer: [] summary: Get specific information using issue key @@ -864,7 +1070,7 @@ paths: required: true schema: type: string - - description: integration type + - description: Integration type example: JIRA_TICKETING in: path name: integration_type @@ -877,9 +1083,9 @@ paths: application/json: schema: type: object - description: successful operation + description: Successful operation '404': - description: not registered jira-ticketing integration + description: The Jira-ticketing integration is not registered. security: - Bearer: [] summary: List JIRA tickets diff --git a/products/sase/api/sspm/sspm-introduction.md b/products/sase/api/sspm/sspm-introduction.md index 0b123a3b7..057893e33 100644 --- a/products/sase/api/sspm/sspm-introduction.md +++ b/products/sase/api/sspm/sspm-introduction.md @@ -2,13 +2,13 @@ id: sspm-introduction title: SaaS Security Posture Management APIs sidebar_label: Security Posture Management APIs -slug: /sase/api/sspm-introduction +slug: /sase/api/sspm keywords: - SASE - Reference - API --- -### What is SaaS Security Posture Management? + SaaS Security Posture Management (SSPM) APIs provide tools for continuous monitoring, detection of misconfigured SaaS application settings. ### Why Use SSPM APIs? From e487cf7dbd7b86ec5fa76524957887c88cb0f370 Mon Sep 17 00:00:00 2001 From: sra Date: Thu, 2 Jan 2025 11:40:36 +0530 Subject: [PATCH 07/14] DOCS-7072 Staging the changes made. --- openapi-specs/sase/sspm/SSPMconsolidated.yaml | 17 +++++------------ 1 file changed, 5 insertions(+), 12 deletions(-) diff --git a/openapi-specs/sase/sspm/SSPMconsolidated.yaml b/openapi-specs/sase/sspm/SSPMconsolidated.yaml index 90d0b1811..b3eafe642 100644 --- a/openapi-specs/sase/sspm/SSPMconsolidated.yaml +++ b/openapi-specs/sase/sspm/SSPMconsolidated.yaml @@ -687,8 +687,8 @@ info: \ Posture Management (SSPM) APIs provide tools for continuous monitoring, detection\ \ of misconfigured SaaS application settings.\nThese APIs use the common SASE\ \ authentication mechanism and base URL. \nSee the [Prisma SASE API Get Started](https://pan.dev/sase/docs/getstarted)\ - \ guide for more information.\n\nThis Open API spec file was created on December\ - \ 20, 2024. To check for a more recent version of this file, see\n[SaaS Security\ + \ guide for more information.\n\nThis Open API spec file was created on January\ + \ 02, 2025. To check for a more recent version of this file, see\n[SaaS Security\ \ Posture Management APIs on pan.dev](https://pan.dev/sase/api/sspm/sspm-api.html).\n\ \n\xA9 2024 Palo Alto Networks, Inc. Palo Alto Networks is a registered trademark\ \ of Palo\nAlto Networks. A list of our trademarks can be found at\n\n[https://www.paloaltonetworks.com/company/trademarks.html](https://www.paloaltonetworks.com/company/trademarks.html)\n\ @@ -976,10 +976,6 @@ paths: - Catalog Information /sspm/api/v1/integration/integrations/{integration_id}/{integration_type}/issue/{key}: get: - description: 'Retrieve detailed information about a specific issue using the - issue key. - - ' operationId: get-sspm-api-v1-integration-integrations-integration_id-integration_type-issue-key parameters: - description: Integration ID @@ -1014,13 +1010,11 @@ paths: description: Jira-ticketing integration not registered. security: - Bearer: [] - summary: JIRA ticket issue details + summary: Fetch onboarded JIRA ticketing issue details by key. tags: - JIRA /sspm/api/v1/integration/integrations/{integration_id}/{integration_type}/project/{key}: get: - description: "Retrieve detailed information about a project. \nThe response\ - \ includes issue keys that you can use in the next step.\n" operationId: get-sspm-api-v1-integration-integrations-integration_id-integration_type-project-key parameters: - description: Integration ID @@ -1055,12 +1049,11 @@ paths: description: The Jira-ticketing integration is not registered. security: - Bearer: [] - summary: Get specific information using issue key + summary: Fetch onboarded JIRA ticketing project details by key. tags: - JIRA /sspm/api/v1/integration/integrations/{integration_id}/{integration_type}/projects: get: - description: "Retrieve a list of JIRA tickets. \n" operationId: get-sspm-api-v1-integration-integrations-integration_id-integration_type-projects parameters: - description: integration id @@ -1088,7 +1081,7 @@ paths: description: The Jira-ticketing integration is not registered. security: - Bearer: [] - summary: List JIRA tickets + summary: Fetch onboarded JIRA ticketing project list. tags: - JIRA servers: From e3dc6c006f1ad1473b3065ca3ac618afa1d29244 Mon Sep 17 00:00:00 2001 From: sra Date: Mon, 6 Jan 2025 22:31:16 +0530 Subject: [PATCH 08/14] DOCS-7072 Updated the spec file. Staging the changes. --- openapi-specs/sase/sspm/SSPMconsolidated.yaml | 35 ++++++++++--------- 1 file changed, 19 insertions(+), 16 deletions(-) diff --git a/openapi-specs/sase/sspm/SSPMconsolidated.yaml b/openapi-specs/sase/sspm/SSPMconsolidated.yaml index b3eafe642..4a0c530f8 100644 --- a/openapi-specs/sase/sspm/SSPMconsolidated.yaml +++ b/openapi-specs/sase/sspm/SSPMconsolidated.yaml @@ -688,7 +688,7 @@ info: \ of misconfigured SaaS application settings.\nThese APIs use the common SASE\ \ authentication mechanism and base URL. \nSee the [Prisma SASE API Get Started](https://pan.dev/sase/docs/getstarted)\ \ guide for more information.\n\nThis Open API spec file was created on January\ - \ 02, 2025. To check for a more recent version of this file, see\n[SaaS Security\ + \ 06, 2025. To check for a more recent version of this file, see\n[SaaS Security\ \ Posture Management APIs on pan.dev](https://pan.dev/sase/api/sspm/sspm-api.html).\n\ \n\xA9 2024 Palo Alto Networks, Inc. Palo Alto Networks is a registered trademark\ \ of Palo\nAlto Networks. A list of our trademarks can be found at\n\n[https://www.paloaltonetworks.com/company/trademarks.html](https://www.paloaltonetworks.com/company/trademarks.html)\n\ @@ -710,13 +710,14 @@ paths: name: filter schema: type: string - - description: Defines the result sorting format as FIELD_NAME:DIRECTION|FIELD_NAME:DIRECTION|.... + - description: 'defines sorting of the result.Format: FIELD_NAME:DIRECTION|FIELD_NAME:DIRECTION|... + .' example: order_by=name:asc|type:desc in: query name: order_by schema: type: string - - description: Applies the page_token to retrieve the requested page of items. + - description: applies page_token to get requested page of items example: page_token=MSM2Iw== in: query name: page_token @@ -742,7 +743,7 @@ paths: ' operationId: get-sspm-api-v1-apps-app_id parameters: - - description: Application ID + - description: application id example: f1700e7b-e60f-4d5e-bfce-aba3543adf8e in: path name: app_id @@ -757,7 +758,7 @@ paths: $ref: '#/components/schemas/Application' description: Successful operation '404': - description: Application not registered. + description: Application not registered security: - Bearer: [] summary: Application details @@ -788,7 +789,7 @@ paths: type: array description: Successful operation '404': - description: Application not registered. + description: Application not registered security: - Bearer: [] summary: Application configuration details @@ -817,7 +818,7 @@ paths: type: array description: Successful operation '404': - description: Application not registered. + description: Application not registered security: - Bearer: [] summary: Application settings details @@ -830,7 +831,7 @@ paths: ' operationId: get-sspm-api-v1-auth-app-info parameters: - - description: Application type + - description: application type example: office365 in: path name: app @@ -845,7 +846,7 @@ paths: $ref: '#/components/schemas/ApplicationAuthInfo' description: Successful operation '404': - description: Application not registered. + description: Application not registered security: - Bearer: [] summary: Authorization information @@ -860,7 +861,9 @@ paths: content: application/json: schema: - $ref: '#/components/schemas/CatalogApplication' + items: + $ref: '#/components/schemas/CatalogApplication' + type: array description: Successful operation security: - Bearer: [] @@ -873,7 +876,7 @@ paths: \ providing application type. \n" operationId: get-sspm-api-v1-catalog-apps-app parameters: - - description: Application name + - description: application name example: servicenow in: path name: app @@ -900,7 +903,7 @@ paths: ' operationId: get-sspm-api-v1-catalog-apps-app-configs parameters: - - description: Application name + - description: application name example: servicenow in: path name: app @@ -927,7 +930,7 @@ paths: \ type. \n" operationId: get-sspm-api-v1-catalog-apps-app-scopes parameters: - - description: Application name + - description: Application Name example: servicenow in: path name: app @@ -978,7 +981,7 @@ paths: get: operationId: get-sspm-api-v1-integration-integrations-integration_id-integration_type-issue-key parameters: - - description: Integration ID + - description: integration ID example: 65dcec42a2f1d37173e6294c in: path name: integration_id @@ -992,7 +995,7 @@ paths: required: true schema: type: string - - description: Issue key + - description: issue key example: '10001' in: path name: key @@ -1017,7 +1020,7 @@ paths: get: operationId: get-sspm-api-v1-integration-integrations-integration_id-integration_type-project-key parameters: - - description: Integration ID + - description: integration ID example: 65dcec42a2f1d37173e6294c in: path name: integration_id From 66495dea0b45f8c2126e02dd8c8c30369355d25e Mon Sep 17 00:00:00 2001 From: smitapaloalto <156162707+smitapaloalto@users.noreply.github.com> Date: Wed, 8 Jan 2025 12:15:46 +0530 Subject: [PATCH 09/14] update3-changes --- docusaurus.config.ts | 11 +- openapi-specs/compute/33-02/desc/SCAP/get.md | 11 + .../compute/33-02/desc/SCAP/id_delete.md | 11 + openapi-specs/compute/33-02/desc/SCAP/post.md | 12 + openapi-specs/compute/33-02/desc/SCAP/scap.md | 2 + .../compute/33-02/desc/_ping/_ping.md | 1 + openapi-specs/compute/33-02/desc/_ping/get.md | 14 + .../compute/33-02/desc/agentless/agentless.md | 6 + .../desc/agentless/get_agentless_progress.md | 31 + .../desc/agentless/post_agentless_scan.md | 17 + .../desc/agentless/post_agentless_stop.md | 13 + .../agentless/post_agentless_templates.md | 41 + .../desc/alert-profiles/alert-profiles.md | 8 + .../compute/33-02/desc/alert-profiles/get.md | 11 + .../33-02/desc/alert-profiles/id_delete.md | 14 + .../33-02/desc/alert-profiles/names_get.md | 20 + .../compute/33-02/desc/alert-profiles/post.md | 32 + .../33-02/desc/alert-profiles/test_post.md | 14 + .../compute/33-02/desc/api_restrictions.md | 8 + .../application-control.md | 1 + .../33-02/desc/application-control/get.md | 11 + .../desc/application-control/id_delete.md | 1 + .../33-02/desc/application-control/put.md | 1 + .../33-02/desc/audits/access_delete.md | 10 + .../33-02/desc/audits/access_download_get.md | 12 + .../33-02/desc/audits/access_filters_get.md | 37 + .../compute/33-02/desc/audits/access_get.md | 43 + .../desc/audits/admission_download_get.md | 14 + .../33-02/desc/audits/admission_get.md | 44 + .../compute/33-02/desc/audits/audits.md | 3 + ...firewall_network_container_download_get.md | 21 + .../audits/firewall_network_container_get.md | 64 + .../firewall_network_host_download_get.md | 19 + .../desc/audits/firewall_network_host_get.md | 96 + .../desc/audits/incidents_archive_patch.md | 18 + .../desc/audits/incidents_download_get.md | 20 + .../desc/audits/incidents_filters_get.md | 15 + .../33-02/desc/audits/incidents_get.md | 19 + .../desc/audits/kubernetes_download_get.md | 17 + .../33-02/desc/audits/kubernetes_get.md | 55 + .../33-02/desc/audits/mgmt_download_get.md | 19 + .../33-02/desc/audits/mgmt_filters_get.md | 36 + .../compute/33-02/desc/audits/mgmt_get.md | 35 + .../runtime_app_embedded_download_get.md | 14 + .../desc/audits/runtime_app_embedded_get.md | 48 + .../desc/audits/runtime_container_delete.md | 11 + .../audits/runtime_container_download_get.md | 15 + .../desc/audits/runtime_container_get.md | 60 + .../audits/runtime_container_timeslice_get.md | 35 + .../runtime_file-integrity_download_get.md | 14 + .../desc/audits/runtime_file-integrity_get.md | 41 + .../33-02/desc/audits/runtime_host_delete.md | 10 + .../desc/audits/runtime_host_download_get.md | 15 + .../33-02/desc/audits/runtime_host_get.md | 45 + .../desc/audits/runtime_host_timeslice_get.md | 40 + .../runtime_log-inspection_download_get.md | 15 + .../desc/audits/runtime_log-inspection_get.md | 34 + .../33-02/desc/audits/runtime_rasp_delete.md | 9 + .../desc/audits/runtime_rasp_download_get.md | 10 + .../33-02/desc/audits/runtime_rasp_get.md | 9 + .../desc/audits/runtime_serverless_delete.md | 13 + .../audits/runtime_serverless_download_get.md | 14 + .../audits/runtime_serverless_filters_get.md | 11 + .../desc/audits/runtime_serverless_get.md | 31 + .../runtime_serverless_timeslice_get.md | 35 + .../compute/33-02/desc/audits/trust_delete.md | 9 + .../33-02/desc/audits/trust_download_get.md | 14 + .../compute/33-02/desc/audits/trust_get.md | 103 + .../audits/waas_agentless_download_get.md | 16 + .../33-02/desc/audits/waas_agentless_get.md | 44 + .../audits/waas_agentless_timeslice_get.md | 36 + .../audits/waas_app_embedded_download_get.md | 15 + .../desc/audits/waas_app_embedded_get.md | 84 + .../audits/waas_app_embedded_timeslice_get.md | 34 + .../audits/waas_container_download_get.md | 15 + .../33-02/desc/audits/waas_container_get.md | 98 + .../audits/waas_container_timeslice_get.md | 34 + .../desc/audits/waas_host_download_get.md | 16 + .../33-02/desc/audits/waas_host_get.md | 89 + .../desc/audits/waas_host_timeslice_get.md | 35 + .../audits/waas_serverless_download_get.md | 18 + .../33-02/desc/audits/waas_serverless_get.md | 44 + .../audits/waas_serverless_timeslice_get.md | 35 + .../authenticate-client.md | 8 + .../33-02/desc/authenticate-client/post.md | 26 + .../33-02/desc/authenticate/authenticate.md | 4 + .../compute/33-02/desc/authenticate/post.md | 29 + .../33-02/desc/authenticate/renew_get.md | 20 + .../compute/33-02/desc/backups/backups.md | 1 + .../compute/33-02/desc/backups/id_patch.md | 1 + .../compute/33-02/desc/certs/capem_get.md | 25 + .../compute/33-02/desc/certs/certs.md | 1 + .../33-02/desc/certs/client-certs_get.md | 10 + .../33-02/desc/certs/server-certs_get.md | 62 + .../compute/33-02/desc/cloud/cloud.md | 2 + .../desc/cloud/compliance_download_get.md | 11 + .../33-02/desc/cloud/compliance_get.md | 10 + .../33-02/desc/cloud/compliance_scan_post.md | 10 + .../33-02/desc/cloud/compliance_stop_post.md | 10 + .../desc/cloud/discovery_download_get.md | 14 + .../desc/cloud/discovery_entities_get.md | 15 + .../compute/33-02/desc/cloud/discovery_get.md | 16 + .../33-02/desc/cloud/discovery_scan_post.md | 13 + .../33-02/desc/cloud/discovery_stop_post.md | 13 + .../33-02/desc/cloud/discovery_vms_get.md | 13 + .../compute/33-02/desc/coderepos-ci/post.md | 4 + .../33-02/desc/coderepos-ci/post_resolve.md | 1 + .../compute/33-02/desc/coderepos/coderepos.md | 1 + .../33-02/desc/coderepos/download_get.md | 18 + .../compute/33-02/desc/coderepos/get.md | 20 + .../33-02/desc/collections/collections.md | 15 + .../compute/33-02/desc/collections/get.md | 15 + .../33-02/desc/collections/name_delete.md | 22 + .../33-02/desc/collections/name_put.md | 64 + .../33-02/desc/collections/name_usages_get.md | 20 + .../compute/33-02/desc/collections/post.md | 39 + .../compute/33-02/desc/console_saas.png | Bin 0 -> 350829 bytes .../33-02/desc/containers/containers.md | 1 + .../33-02/desc/containers/count_get.md | 13 + .../33-02/desc/containers/download_get.md | 20 + .../33-02/desc/containers/filters_get.md | 9 + .../compute/33-02/desc/containers/get.md | 37 + .../33-02/desc/containers/labels_get.md | 9 + .../33-02/desc/containers/names_get.md | 13 + .../33-02/desc/containers/scan_post.md | 12 + .../33-02/desc/credentials/credentials.md | 1 + .../compute/33-02/desc/credentials/get.md | 16 + .../33-02/desc/credentials/id_delete.md | 24 + .../33-02/desc/credentials/id_usages_get.md | 22 + .../compute/33-02/desc/credentials/post.md | 35 + .../compute/33-02/desc/curl_examples.md | 38 + .../33-02/desc/current/collections_get.md | 1 + .../33-02/desc/current/projects_get.md | 1 + .../custom-compliance/custom-compliance.md | 9 + .../33-02/desc/custom-compliance/get.md | 32 + .../33-02/desc/custom-compliance/id_delete.md | 15 + .../33-02/desc/custom-compliance/put.md | 30 + .../33-02/desc/custom-rules/custom-rules.md | 1 + .../compute/33-02/desc/custom-rules/get.md | 17 + .../33-02/desc/custom-rules/id_delete.md | 15 + .../compute/33-02/desc/custom-rules/id_put.md | 30 + openapi-specs/compute/33-02/desc/cves/cves.md | 1 + .../33-02/desc/cves/distribution_get.md | 11 + openapi-specs/compute/33-02/desc/cves/get.md | 14 + .../33-02/desc/defenders/app_embedded_post.md | 20 + .../desc/defenders/daemonset_yaml_get.md | 17 + .../desc/defenders/daemonset_yaml_post.md | 20 + .../compute/33-02/desc/defenders/defenders.md | 3 + .../33-02/desc/defenders/download_get.md | 16 + .../33-02/desc/defenders/fargate_json_post.md | 36 + .../33-02/desc/defenders/fargate_yaml_post.md | 20 + .../compute/33-02/desc/defenders/get.md | 17 + .../compute/33-02/desc/defenders/helm_get.md | 21 + .../compute/33-02/desc/defenders/helm_post.md | 20 + .../compute/33-02/desc/defenders/id_delete.md | 24 + .../33-02/desc/defenders/id_features_post.md | 13 + .../33-02/desc/defenders/id_restart_post.md | 11 + .../33-02/desc/defenders/id_upgrade_post.md | 15 + .../33-02/desc/defenders/image-name_get.md | 19 + .../desc/defenders/install-bundle_get.md | 15 + .../compute/33-02/desc/defenders/names_get.md | 45 + .../compute/33-02/desc/defenders/rasp_post.md | 15 + .../desc/defenders/serverless-bundle_post.md | 15 + .../33-02/desc/defenders/summary_get.md | 15 + .../tas-cloud-controller-address_get.md | 1 + .../33-02/desc/defenders/upgrade_post.md | 17 + .../desc/deployment/daemonsets_deploy_post.md | 20 + .../33-02/desc/deployment/daemonsets_get.md | 11 + .../33-02/desc/deployment/deployment.md | 1 + .../desc/feeds/custom-vulnerabilities_get.md | 41 + .../desc/feeds/custom-vulnerabilities_put.md | 85 + .../custom_vulnerabilities_digest_get.md | 17 + .../desc/feeds/cve_allow_list_digest_get.md | 16 + .../33-02/desc/feeds/cve_allow_list_get.md | 30 + .../33-02/desc/feeds/cve_allow_list_put.md | 29 + .../compute/33-02/desc/feeds/feeds.md | 2 + .../33-02/desc/feeds/ips_digest_get.md | 16 + .../compute/33-02/desc/feeds/ips_get.md | 26 + .../compute/33-02/desc/feeds/ips_put.md | 21 + .../33-02/desc/feeds/malware_digest_get.md | 16 + .../compute/33-02/desc/feeds/malware_get.md | 35 + .../compute/33-02/desc/feeds/malware_put.md | 34 + .../compute/33-02/desc/feeds/refresh_post.md | 9 + .../desc/forensic/activities_download_get.md | 12 + .../33-02/desc/forensic/activities_get.md | 11 + .../compute/33-02/desc/forensic/forensic.md | 1 + .../compute/33-02/desc/groups/get.md | 15 + .../compute/33-02/desc/groups/groups.md | 3 + .../compute/33-02/desc/groups/id_delete.md | 23 + .../compute/33-02/desc/groups/id_put.md | 43 + .../compute/33-02/desc/groups/names.md | 26 + .../compute/33-02/desc/groups/post.md | 33 + .../33-02/desc/high-availability/get.md | 11 + .../compute/33-02/desc/hosts/download_get.md | 19 + .../compute/33-02/desc/hosts/evaluate_get.md | 1 + .../compute/33-02/desc/hosts/filters_get.md | 11 + openapi-specs/compute/33-02/desc/hosts/get.md | 47 + .../compute/33-02/desc/hosts/hosts.md | 4 + .../compute/33-02/desc/hosts/info_get.md | 13 + .../compute/33-02/desc/hosts/scan_post.md | 10 + .../compute/33-02/desc/how_to_eval_console.md | 35 + .../33-02/desc/images/defender_layer_get.md | 14 + .../33-02/desc/images/defender_rasp_get.md | 12 + .../compute/33-02/desc/images/download_get.md | 41 + .../compute/33-02/desc/images/evaluate_get.md | 1 + .../compute/33-02/desc/images/get.md | 57 + .../compute/33-02/desc/images/images.md | 3 + .../compute/33-02/desc/images/names_get.md | 15 + .../compute/33-02/desc/images/scan_post.md | 12 + ...stlock_defender_app_embedded_tar_gz_get.md | 1 + .../twistlock_defender_layer_zip_post.md | 1 + .../images/twistlock_defender_tar_gz_get.md | 9 + openapi-specs/compute/33-02/desc/intro.md | 92 + .../33-02/desc/kubernetes/kubernetes.md | 1 + .../33-02/desc/kubernetes/scan_post.md | 11 + .../compute/33-02/desc/logs/console_get.md | 11 + .../33-02/desc/logs/defender_download_get.md | 14 + .../compute/33-02/desc/logs/defender_get.md | 15 + openapi-specs/compute/33-02/desc/logs/logs.md | 1 + .../33-02/desc/logs/system_download_get.md | 13 + .../33-02/desc/pcf-droplets/addresses_get.md | 13 + .../33-02/desc/pcf-droplets/download_get.md | 13 + .../compute/33-02/desc/pcf-droplets/get.md | 11 + .../33-02/desc/pcf-droplets/pcf-droplets.md | 3 + .../33-02/desc/pcf-droplets/scan_post.md | 11 + .../33-02/desc/pcf-droplets/stop_post.md | 11 + .../desc/policies/compliance_ci_images_get.md | 18 + .../desc/policies/compliance_ci_images_put.md | 58 + .../policies/compliance_ci_serverless_get.md | 19 + .../policies/compliance_ci_serverless_put.md | 50 + .../desc/policies/compliance_container_get.md | 18 + .../compliance_container_impacted_get.md | 21 + .../desc/policies/compliance_container_put.md | 49 + .../desc/policies/compliance_host_get.md | 18 + .../desc/policies/compliance_host_put.md | 48 + .../policies/compliance_serverless_get.md | 18 + .../policies/compliance_serverless_put.md | 48 + .../33-02/desc/policies/compliance_vms_get.md | 18 + .../policies/compliance_vms_impacted_get.md | 16 + .../33-02/desc/policies/compliance_vms_put.md | 48 + .../compute/33-02/desc/policies/docker_get.md | 11 + .../compute/33-02/desc/policies/docker_put.md | 33 + .../policies/firewall_app-embedded_get.md | 18 + .../policies/firewall_app-embedded_put.md | 200 + .../policies/firewall_app_agentless_get.md | 1 + .../firewall_app_agentless_impacted_get.md | 1 + .../policies/firewall_app_agentless_put.md | 1 + .../firewall_app_agentless_resources_get.md | 1 + .../firewall_app_agentless_state_get.md | 1 + .../policies/firewall_app_apispec_post.md | 112 + .../policies/firewall_app_container_get.md | 17 + .../firewall_app_container_impacted_get.md | 1 + .../policies/firewall_app_container_put.md | 202 + .../desc/policies/firewall_app_host_get.md | 18 + .../firewall_app_host_impacted_get.md | 1 + .../desc/policies/firewall_app_host_put.md | 173 + .../policies/firewall_app_network_list_get.md | 20 + .../firewall_app_network_list_id_delete.md | 23 + .../firewall_app_network_list_post.md | 31 + .../policies/firewall_app_network_list_put.md | 31 + .../policies/firewall_app_out-of-band_get.md | 18 + .../firewall_app_out-of-band_impacted_get.md | 17 + .../policies/firewall_app_out-of-band_put.md | 30 + .../desc/policies/firewall_app_rasp_get.md | 7 + .../desc/policies/firewall_app_rasp_put.md | 33 + .../policies/firewall_app_serverless_get.md | 16 + .../policies/firewall_app_serverless_put.md | 82 + .../firewall_network_container_get.md | 12 + .../firewall_network_container_put.md | 37 + .../policies/firewall_network_entities_get.md | 9 + .../policies/firewall_network_entities_put.md | 17 + .../compute/33-02/desc/policies/policies.md | 186 + .../desc/policies/runtime_app-embedded_get.md | 18 + .../policies/runtime_app-embedded_post.md | 56 + .../desc/policies/runtime_app-embedded_put.md | 40 + .../desc/policies/runtime_container_get.md | 18 + .../runtime_container_impacted_get.md | 25 + .../desc/policies/runtime_container_post.md | 49 + .../desc/policies/runtime_container_put.md | 1 + .../33-02/desc/policies/runtime_host_get.md | 18 + .../33-02/desc/policies/runtime_host_post.md | 41 + .../33-02/desc/policies/runtime_host_put.md | 1 + .../33-02/desc/policies/runtime_rasp_get.md | 9 + .../33-02/desc/policies/runtime_rasp_put.md | 35 + .../desc/policies/runtime_serverless_get.md | 18 + .../desc/policies/runtime_serverless_post.md | 43 + .../desc/policies/runtime_serverless_put.md | 1 + .../33-02/desc/policies/secrets_get.md | 10 + .../33-02/desc/policies/secrets_put.md | 35 + .../compute/33-02/desc/policies/trust_get.md | 9 + .../compute/33-02/desc/policies/trust_put.md | 18 + .../vulnerability_base_images_download.md | 1 + .../policies/vulnerability_base_images_get.md | 1 + .../vulnerability_base_images_id_delete.md | 4 + .../vulnerability_base_images_post.md | 1 + .../policies/vulnerability_ci_images_get.md | 18 + .../policies/vulnerability_ci_images_put.md | 49 + .../vulnerability_ci_serverless_get.md | 20 + .../vulnerability_ci_serverless_put.md | 48 + .../policies/vulnerability_coderepos_get.md | 18 + .../vulnerability_coderepos_impacted_get.md | 19 + .../policies/vulnerability_coderepos_put.md | 47 + .../desc/policies/vulnerability_host_get.md | 18 + .../vulnerability_host_impacted_get.md | 20 + .../desc/policies/vulnerability_host_put.md | 38 + .../desc/policies/vulnerability_images_get.md | 18 + .../vulnerability_images_impacted_get.md | 20 + .../desc/policies/vulnerability_images_put.md | 45 + .../policies/vulnerability_serverless_get.md | 20 + .../policies/vulnerability_serverless_put.md | 36 + .../desc/policies/vulnerability_vms_get.md | 18 + .../vulnerability_vms_impacted_get.md | 20 + .../desc/policies/vulnerability_vms_put.md | 43 + .../profiles/app-embedded_download_get.md | 14 + .../33-02/desc/profiles/app-embedded_get.md | 13 + .../desc/profiles/container_download_get.md | 15 + .../desc/profiles/container_filters_get.md | 13 + .../33-02/desc/profiles/container_get.md | 13 + .../desc/profiles/container_learn_post.md | 15 + .../33-02/desc/profiles/host_download_get.md | 14 + .../compute/33-02/desc/profiles/host_get.md | 23 + .../33-02/desc/profiles/host_id_rule_get.md | 18 + .../compute/33-02/desc/profiles/profiles.md | 3 + .../desc/profiles/service_download_get.md | 10 + .../33-02/desc/profiles/service_get.md | 18 + .../desc/profiles/service_id_learn_post.md | 20 + .../33-02/desc/profiles/service_learn_post.md | 11 + .../33-02/desc/profiles/service_names_get.md | 11 + .../compute/33-02/desc/projects/get.md | 11 + .../33-02/desc/projects/name_delete.md | 13 + .../compute/33-02/desc/projects/name_put.md | 11 + .../compute/33-02/desc/projects/post.md | 35 + .../compute/33-02/desc/projects/projects.md | 59 + .../33-02/desc/radar/container_clean_post.md | 9 + .../33-02/desc/radar/container_delete.md | 9 + .../33-02/desc/radar/container_export_get.md | 10 + .../33-02/desc/radar/container_filters_get.md | 9 + .../compute/33-02/desc/radar/container_get.md | 9 + .../compute/33-02/desc/radar/host_delete.md | 9 + .../33-02/desc/radar/host_export_get.md | 10 + .../compute/33-02/desc/radar/host_get.md | 9 + .../compute/33-02/desc/radar/radar.md | 2 + .../33-02/desc/radar/serverless_get.md | 9 + .../desc/radar/serverless_progress_get.md | 25 + .../33-02/desc/radar/serverless_scan_post.md | 10 + .../33-02/desc/radar/serverless_stop_post.md | 9 + openapi-specs/compute/33-02/desc/rbac/rbac.md | 3 + .../compute/33-02/desc/rbac/role_delete.md | 12 + .../compute/33-02/desc/rbac/roles_get.md | 11 + .../compute/33-02/desc/rbac/roles_post.md | 46 + .../compute/33-02/desc/rbac/roles_put.md | 47 + .../compute/33-02/desc/recovery/backup_get.md | 11 + .../33-02/desc/recovery/backup_id_delete.md | 13 + .../33-02/desc/recovery/backup_id_patch.md | 14 + .../33-02/desc/recovery/backup_post.md | 12 + .../compute/33-02/desc/recovery/recovery.md | 4 + .../33-02/desc/recovery/restore_id_post.md | 13 + .../33-02/desc/registry/download_get.md | 18 + .../compute/33-02/desc/registry/get.md | 64 + .../desc/registry/get_registry_progress.md | 101 + .../compute/33-02/desc/registry/names_get.md | 15 + .../compute/33-02/desc/registry/registry.md | 1 + .../compute/33-02/desc/registry/scan_post.md | 61 + .../33-02/desc/registry/scan_select_post.md | 1 + .../33-02/desc/registry/stop_id_post.md | 1 + .../compute/33-02/desc/registry/stop_post.md | 13 + .../desc/registry/webhook_webhook_delete.md | 3 + .../desc/registry/webhook_webhook_post.md | 3 + .../compute/33-02/desc/sandbox/post.md | 1 + .../compute/33-02/desc/sandbox/sandbox.md | 0 .../33-02/desc/sbom/download_ci_images_get.md | 1 + .../desc/sbom/download_cli_serverless_get.md | 1 + .../33-02/desc/sbom/download_hosts_get.md | 1 + .../33-02/desc/sbom/download_images_get.md | 1 + .../33-02/desc/sbom/download_registry_get.md | 1 + .../desc/sbom/download_serverless_get.md | 1 + .../33-02/desc/sbom/download_vms_get.md | 1 + .../compute/33-02/desc/sbom/sbom_intro.md | 1 + .../compute/33-02/desc/scans/download_get.md | 18 + .../compute/33-02/desc/scans/filter_get.md | 11 + openapi-specs/compute/33-02/desc/scans/get.md | 33 + .../compute/33-02/desc/scans/id_get.md | 11 + .../compute/33-02/desc/scans/post.md | 1 + .../compute/33-02/desc/scans/scans.md | 1 + .../compute/33-02/desc/scans/sonatype_post.md | 0 .../compute/33-02/desc/scans/vms_post.md | 1 + .../33-02/desc/scripts/console_sh_get.md | 20 + .../33-02/desc/scripts/defender_ps1_get.md | 17 + .../33-02/desc/scripts/defender_sh_get.md | 23 + .../compute/33-02/desc/scripts/scripts.md | 1 + .../33-02/desc/serverless/download_get.md | 17 + .../33-02/desc/serverless/embed_post.md | 11 + .../33-02/desc/serverless/evaluate_post.md | 1 + .../compute/33-02/desc/serverless/get.md | 21 + .../33-02/desc/serverless/names_get.md | 13 + .../33-02/desc/serverless/scan_post.md | 12 + .../33-02/desc/serverless/serverless.md | 1 + .../33-02/desc/serverless/stop_post.md | 12 + .../compute/33-02/desc/settings/alerts_get.md | 9 + .../33-02/desc/settings/alerts_options_get.md | 11 + .../33-02/desc/settings/alerts_post.md | 17 + .../33-02/desc/settings/certificates_post.md | 19 + .../compute/33-02/desc/settings/certs_get.md | 14 + .../compute/33-02/desc/settings/certs_post.md | 31 + .../33-02/desc/settings/coderepos_get.md | 28 + .../33-02/desc/settings/coderepos_put.md | 68 + .../settings/console-certificates_post.md | 18 + .../33-02/desc/settings/custom-labels_get.md | 13 + .../33-02/desc/settings/custom-labels_post.md | 14 + .../33-02/desc/settings/defender_get.md | 15 + .../33-02/desc/settings/forensic_get.md | 9 + .../33-02/desc/settings/forensic_post.md | 17 + .../33-02/desc/settings/initialized_get.md | 12 + .../settings/intelligence-windows_post.md | 12 + .../33-02/desc/settings/intelligence_get.md | 13 + .../33-02/desc/settings/intelligence_post.md | 21 + .../33-02/desc/settings/latest-version_get.md | 11 + .../33-02/desc/settings/latest_version_get.md | 9 + .../compute/33-02/desc/settings/ldap_get.md | 34 + .../compute/33-02/desc/settings/ldap_post.md | 27 + .../33-02/desc/settings/license_get.md | 13 + .../33-02/desc/settings/license_post.md | 17 + .../33-02/desc/settings/logging_get.md | 13 + .../33-02/desc/settings/logging_post.md | 30 + .../compute/33-02/desc/settings/logon_get.md | 13 + .../compute/33-02/desc/settings/logon_post.md | 17 + .../compute/33-02/desc/settings/oauth_get.md | 37 + .../compute/33-02/desc/settings/oauth_post.md | 16 + .../compute/33-02/desc/settings/oidc_get.md | 37 + .../compute/33-02/desc/settings/oidc_post.md | 16 + .../compute/33-02/desc/settings/pcf_get.md | 11 + .../compute/33-02/desc/settings/pcf_post.md | 13 + .../33-02/desc/settings/projects_get.md | 24 + .../33-02/desc/settings/projects_post.md | 16 + .../compute/33-02/desc/settings/proxy_get.md | 13 + .../compute/33-02/desc/settings/proxy_post.md | 19 + .../33-02/desc/settings/registry_get.md | 25 + .../33-02/desc/settings/registry_post.md | 88 + .../33-02/desc/settings/registry_put.md | 136 + .../compute/33-02/desc/settings/saml_get.md | 13 + .../compute/33-02/desc/settings/saml_post.md | 28 + .../compute/33-02/desc/settings/scan_get.md | 13 + .../compute/33-02/desc/settings/scan_post.md | 25 + .../33-02/desc/settings/secrets_get.md | 11 + .../33-02/desc/settings/secrets_post.md | 32 + .../desc/settings/serverless-scan_get.md | 18 + .../desc/settings/serverless-scan_post.md | 56 + .../33-02/desc/settings/serverless_get.md | 11 + .../33-02/desc/settings/serverless_post.md | 23 + .../desc/settings/serverless_scan_put.md | 31 + .../compute/33-02/desc/settings/settings.md | 1 + .../compute/33-02/desc/settings/system_get.md | 11 + .../compute/33-02/desc/settings/tas_get.md | 13 + .../compute/33-02/desc/settings/tas_post.md | 22 + .../33-02/desc/settings/telemetry_get.md | 15 + .../33-02/desc/settings/telemetry_post.md | 16 + .../desc/settings/trusted_certificate_post.md | 21 + .../settings/trusted_certificates_post.md | 21 + .../compute/33-02/desc/settings/vm_get.md | 15 + .../compute/33-02/desc/settings/vm_put.md | 56 + .../33-02/desc/settings/wildfire_get.md | 1 + .../compute/33-02/desc/signup/post.md | 31 + .../compute/33-02/desc/signup/signup.md | 8 + .../33-02/desc/static/capabilities_get.md | 9 + .../compute/33-02/desc/static/regions_get.md | 9 + .../compute/33-02/desc/static/static.md | 1 + .../compute/33-02/desc/static/syscalls_get.md | 10 + .../33-02/desc/static/vulnerabilities_get.md | 12 + .../desc/stats/app_firewall_count_get.md | 1 + .../compute/33-02/desc/stats/compliance.md | 13 + .../desc/stats/compliance_download_get.md | 1 + .../33-02/desc/stats/compliance_get.md | 22 + .../33-02/desc/stats/compliance_refresh.md | 13 + .../desc/stats/compliance_refresh_post.md | 16 + .../compute/33-02/desc/stats/daily.md | 11 + .../compute/33-02/desc/stats/daily_get.md | 11 + .../compute/33-02/desc/stats/dashboard.md | 11 + .../compute/33-02/desc/stats/dashboard_get.md | 13 + .../compute/33-02/desc/stats/events_get.md | 37 + .../compute/33-02/desc/stats/license_get.md | 1 + .../compute/33-02/desc/stats/stats.md | 1 + .../33-02/desc/stats/vulnerabilities.md | 13 + .../stats/vulnerabilities_download_get.md | 26 + .../33-02/desc/stats/vulnerabilities_get.md | 32 + ...ilities_impacted_resources_download_get.md | 24 + .../vulnerabilities_impacted_resources_get.md | 116 + .../desc/stats/vulnerabilities_refresh.md | 13 + .../stats/vulnerabilities_refresh_post.md | 16 + .../compute/33-02/desc/stats/workload_get.md | 23 + .../33-02/desc/statuses/buildah_get.md | 1 + .../33-02/desc/statuses/intelligence.md | 11 + .../33-02/desc/statuses/intelligence_get.md | 11 + .../33-02/desc/statuses/registry_get.md | 29 + .../33-02/desc/statuses/secrets_get.md | 11 + .../desc/statuses/serverless-radar_get.md | 9 + .../compute/33-02/desc/statuses/statuses.md | 1 + openapi-specs/compute/33-02/desc/tags/get.md | 14 + ...ln-Bin-Package-CVE-tagged-Ignored-Vuln.png | Bin 0 -> 232806 bytes .../tags/img/CentOS-Vuln-Bin-Package-Info.png | Bin 0 -> 208271 bytes .../desc/tags/img/Tagged-Vulnerability.png | Bin 0 -> 258407 bytes .../tags/img/Tagging-only-Vulnerability.png | Bin 0 -> 284883 bytes ...ln-Bin-Package-CVE-tagged-Ignored-Vuln.png | Bin 0 -> 207557 bytes .../tags/img/Ubuntu-Vuln-Bin-Package-Info.png | Bin 0 -> 208248 bytes .../compute/33-02/desc/tags/name_delete.md | 14 + .../compute/33-02/desc/tags/name_put.md | 23 + openapi-specs/compute/33-02/desc/tags/post.md | 22 + .../compute/33-02/desc/tags/tag_cve_delete.md | 20 + .../compute/33-02/desc/tags/tag_cve_post.md | 169 + openapi-specs/compute/33-02/desc/tags/tags.md | 1 + .../33-02/desc/tas-droplets/download_get.md | 20 + .../compute/33-02/desc/tas-droplets/get.md | 21 + .../desc/tas-droplets/get_tas_addresses.md | 17 + .../33-02/desc/tas-droplets/progress_get.md | 13 + .../33-02/desc/tas-droplets/scan_post.md | 13 + .../33-02/desc/tas-droplets/stop_post.md | 13 + .../compute/33-02/desc/trust/data_get.md | 277 + .../compute/33-02/desc/trust/data_put.md | 32 + openapi-specs/compute/33-02/desc/trust/get.md | 11 + .../compute/33-02/desc/trust/id_delete.md | 12 + .../compute/33-02/desc/trust/id_put.md | 18 + .../compute/33-02/desc/trust/learn_get.md | 9 + .../compute/33-02/desc/trust/learn_post.md | 10 + .../compute/33-02/desc/trust/post.md | 32 + .../compute/33-02/desc/trust/trust.md | 2 + openapi-specs/compute/33-02/desc/users/get.md | 17 + .../compute/33-02/desc/users/id_delete.md | 27 + .../compute/33-02/desc/users/password_put.md | 27 + .../compute/33-02/desc/users/post.md | 114 + openapi-specs/compute/33-02/desc/users/put.md | 43 + .../compute/33-02/desc/users/users.md | 7 + .../33-02/desc/util/osx_twistcli_arm64_get.md | 17 + .../33-02/desc/util/osx_twistcli_get.md | 17 + .../33-02/desc/util/twistcli_arm64_get.md | 17 + .../compute/33-02/desc/util/twistcli_get.md | 16 + .../desc/util/twistlock_jenkins_plugin_get.md | 17 + .../33-02/desc/util/twistlock_tas_tile_get.md | 17 + openapi-specs/compute/33-02/desc/util/util.md | 1 + .../33-02/desc/util/windows_twistcli_get.md | 17 + .../compute/33-02/desc/version/get.md | 15 + .../compute/33-02/desc/version/version.md | 1 + .../compute/33-02/desc/vms/download_get.md | 18 + openapi-specs/compute/33-02/desc/vms/get.md | 63 + .../compute/33-02/desc/vms/labels_get.md | 29 + .../compute/33-02/desc/vms/names_get.md | 33 + .../compute/33-02/desc/vms/scan_post.md | 13 + .../compute/33-02/desc/vms/stop_post.md | 15 + openapi-specs/compute/33-02/desc/vms/vms.md | 8 + .../33-02/desc/waas/openapi-scans_post.md | 14 + .../{ => 33-02}/openapi-33-02-130-sh.json | 0 .../compute/openapi-33-03-138-sh.json | 52394 ++++++++++++++++ .../{ => 33-02}/openapi-33-02-130-saas.json | 0 .../cwpp/openapi-33-03-138-saas.json | 51554 +++++++++++++++ .../api/33-02/access-api-self-hosted.md | 150 + products/compute/api/33-02/set-up-console.md | 77 + .../compute/api/33-02/stable-endpoints.md | 105 + .../api/33-02/welcome-prisma-cloud-apis.md | 125 + products/compute/sidebars.ts | 16 +- 557 files changed, 116308 insertions(+), 3 deletions(-) create mode 100644 openapi-specs/compute/33-02/desc/SCAP/get.md create mode 100644 openapi-specs/compute/33-02/desc/SCAP/id_delete.md create mode 100644 openapi-specs/compute/33-02/desc/SCAP/post.md create mode 100644 openapi-specs/compute/33-02/desc/SCAP/scap.md create mode 100644 openapi-specs/compute/33-02/desc/_ping/_ping.md create mode 100644 openapi-specs/compute/33-02/desc/_ping/get.md create mode 100644 openapi-specs/compute/33-02/desc/agentless/agentless.md create mode 100644 openapi-specs/compute/33-02/desc/agentless/get_agentless_progress.md create mode 100644 openapi-specs/compute/33-02/desc/agentless/post_agentless_scan.md create mode 100644 openapi-specs/compute/33-02/desc/agentless/post_agentless_stop.md create mode 100644 openapi-specs/compute/33-02/desc/agentless/post_agentless_templates.md create mode 100644 openapi-specs/compute/33-02/desc/alert-profiles/alert-profiles.md create mode 100644 openapi-specs/compute/33-02/desc/alert-profiles/get.md create mode 100644 openapi-specs/compute/33-02/desc/alert-profiles/id_delete.md create mode 100644 openapi-specs/compute/33-02/desc/alert-profiles/names_get.md create mode 100644 openapi-specs/compute/33-02/desc/alert-profiles/post.md create mode 100644 openapi-specs/compute/33-02/desc/alert-profiles/test_post.md create mode 100644 openapi-specs/compute/33-02/desc/api_restrictions.md create mode 100644 openapi-specs/compute/33-02/desc/application-control/application-control.md create mode 100644 openapi-specs/compute/33-02/desc/application-control/get.md create mode 100644 openapi-specs/compute/33-02/desc/application-control/id_delete.md create mode 100644 openapi-specs/compute/33-02/desc/application-control/put.md create mode 100644 openapi-specs/compute/33-02/desc/audits/access_delete.md create mode 100644 openapi-specs/compute/33-02/desc/audits/access_download_get.md create mode 100644 openapi-specs/compute/33-02/desc/audits/access_filters_get.md create mode 100644 openapi-specs/compute/33-02/desc/audits/access_get.md create mode 100644 openapi-specs/compute/33-02/desc/audits/admission_download_get.md create mode 100644 openapi-specs/compute/33-02/desc/audits/admission_get.md create mode 100644 openapi-specs/compute/33-02/desc/audits/audits.md create mode 100644 openapi-specs/compute/33-02/desc/audits/firewall_network_container_download_get.md create mode 100644 openapi-specs/compute/33-02/desc/audits/firewall_network_container_get.md create mode 100644 openapi-specs/compute/33-02/desc/audits/firewall_network_host_download_get.md create mode 100644 openapi-specs/compute/33-02/desc/audits/firewall_network_host_get.md create mode 100644 openapi-specs/compute/33-02/desc/audits/incidents_archive_patch.md create mode 100644 openapi-specs/compute/33-02/desc/audits/incidents_download_get.md create mode 100644 openapi-specs/compute/33-02/desc/audits/incidents_filters_get.md create mode 100644 openapi-specs/compute/33-02/desc/audits/incidents_get.md create mode 100644 openapi-specs/compute/33-02/desc/audits/kubernetes_download_get.md create mode 100644 openapi-specs/compute/33-02/desc/audits/kubernetes_get.md create mode 100644 openapi-specs/compute/33-02/desc/audits/mgmt_download_get.md create mode 100644 openapi-specs/compute/33-02/desc/audits/mgmt_filters_get.md create mode 100644 openapi-specs/compute/33-02/desc/audits/mgmt_get.md create mode 100644 openapi-specs/compute/33-02/desc/audits/runtime_app_embedded_download_get.md create mode 100644 openapi-specs/compute/33-02/desc/audits/runtime_app_embedded_get.md create mode 100644 openapi-specs/compute/33-02/desc/audits/runtime_container_delete.md create mode 100644 openapi-specs/compute/33-02/desc/audits/runtime_container_download_get.md create mode 100644 openapi-specs/compute/33-02/desc/audits/runtime_container_get.md create mode 100644 openapi-specs/compute/33-02/desc/audits/runtime_container_timeslice_get.md create mode 100644 openapi-specs/compute/33-02/desc/audits/runtime_file-integrity_download_get.md create mode 100644 openapi-specs/compute/33-02/desc/audits/runtime_file-integrity_get.md create mode 100644 openapi-specs/compute/33-02/desc/audits/runtime_host_delete.md create mode 100644 openapi-specs/compute/33-02/desc/audits/runtime_host_download_get.md create mode 100644 openapi-specs/compute/33-02/desc/audits/runtime_host_get.md create mode 100644 openapi-specs/compute/33-02/desc/audits/runtime_host_timeslice_get.md create mode 100644 openapi-specs/compute/33-02/desc/audits/runtime_log-inspection_download_get.md create mode 100644 openapi-specs/compute/33-02/desc/audits/runtime_log-inspection_get.md create mode 100644 openapi-specs/compute/33-02/desc/audits/runtime_rasp_delete.md create mode 100644 openapi-specs/compute/33-02/desc/audits/runtime_rasp_download_get.md create mode 100644 openapi-specs/compute/33-02/desc/audits/runtime_rasp_get.md create mode 100644 openapi-specs/compute/33-02/desc/audits/runtime_serverless_delete.md create mode 100644 openapi-specs/compute/33-02/desc/audits/runtime_serverless_download_get.md create mode 100644 openapi-specs/compute/33-02/desc/audits/runtime_serverless_filters_get.md create mode 100644 openapi-specs/compute/33-02/desc/audits/runtime_serverless_get.md create mode 100644 openapi-specs/compute/33-02/desc/audits/runtime_serverless_timeslice_get.md create mode 100644 openapi-specs/compute/33-02/desc/audits/trust_delete.md create mode 100644 openapi-specs/compute/33-02/desc/audits/trust_download_get.md create mode 100644 openapi-specs/compute/33-02/desc/audits/trust_get.md create mode 100644 openapi-specs/compute/33-02/desc/audits/waas_agentless_download_get.md create mode 100644 openapi-specs/compute/33-02/desc/audits/waas_agentless_get.md create mode 100644 openapi-specs/compute/33-02/desc/audits/waas_agentless_timeslice_get.md create mode 100644 openapi-specs/compute/33-02/desc/audits/waas_app_embedded_download_get.md create mode 100644 openapi-specs/compute/33-02/desc/audits/waas_app_embedded_get.md create mode 100644 openapi-specs/compute/33-02/desc/audits/waas_app_embedded_timeslice_get.md create mode 100644 openapi-specs/compute/33-02/desc/audits/waas_container_download_get.md create mode 100644 openapi-specs/compute/33-02/desc/audits/waas_container_get.md create mode 100644 openapi-specs/compute/33-02/desc/audits/waas_container_timeslice_get.md create mode 100644 openapi-specs/compute/33-02/desc/audits/waas_host_download_get.md create mode 100644 openapi-specs/compute/33-02/desc/audits/waas_host_get.md create mode 100644 openapi-specs/compute/33-02/desc/audits/waas_host_timeslice_get.md create mode 100644 openapi-specs/compute/33-02/desc/audits/waas_serverless_download_get.md create mode 100644 openapi-specs/compute/33-02/desc/audits/waas_serverless_get.md create mode 100644 openapi-specs/compute/33-02/desc/audits/waas_serverless_timeslice_get.md create mode 100644 openapi-specs/compute/33-02/desc/authenticate-client/authenticate-client.md create mode 100644 openapi-specs/compute/33-02/desc/authenticate-client/post.md create mode 100644 openapi-specs/compute/33-02/desc/authenticate/authenticate.md create mode 100644 openapi-specs/compute/33-02/desc/authenticate/post.md create mode 100644 openapi-specs/compute/33-02/desc/authenticate/renew_get.md create mode 100644 openapi-specs/compute/33-02/desc/backups/backups.md create mode 100644 openapi-specs/compute/33-02/desc/backups/id_patch.md create mode 100644 openapi-specs/compute/33-02/desc/certs/capem_get.md create mode 100644 openapi-specs/compute/33-02/desc/certs/certs.md create mode 100644 openapi-specs/compute/33-02/desc/certs/client-certs_get.md create mode 100644 openapi-specs/compute/33-02/desc/certs/server-certs_get.md create mode 100644 openapi-specs/compute/33-02/desc/cloud/cloud.md create mode 100644 openapi-specs/compute/33-02/desc/cloud/compliance_download_get.md create mode 100644 openapi-specs/compute/33-02/desc/cloud/compliance_get.md create mode 100644 openapi-specs/compute/33-02/desc/cloud/compliance_scan_post.md create mode 100644 openapi-specs/compute/33-02/desc/cloud/compliance_stop_post.md create mode 100644 openapi-specs/compute/33-02/desc/cloud/discovery_download_get.md create mode 100644 openapi-specs/compute/33-02/desc/cloud/discovery_entities_get.md create mode 100644 openapi-specs/compute/33-02/desc/cloud/discovery_get.md create mode 100644 openapi-specs/compute/33-02/desc/cloud/discovery_scan_post.md create mode 100644 openapi-specs/compute/33-02/desc/cloud/discovery_stop_post.md create mode 100644 openapi-specs/compute/33-02/desc/cloud/discovery_vms_get.md create mode 100644 openapi-specs/compute/33-02/desc/coderepos-ci/post.md create mode 100644 openapi-specs/compute/33-02/desc/coderepos-ci/post_resolve.md create mode 100644 openapi-specs/compute/33-02/desc/coderepos/coderepos.md create mode 100644 openapi-specs/compute/33-02/desc/coderepos/download_get.md create mode 100644 openapi-specs/compute/33-02/desc/coderepos/get.md create mode 100644 openapi-specs/compute/33-02/desc/collections/collections.md create mode 100755 openapi-specs/compute/33-02/desc/collections/get.md create mode 100755 openapi-specs/compute/33-02/desc/collections/name_delete.md create mode 100644 openapi-specs/compute/33-02/desc/collections/name_put.md create mode 100755 openapi-specs/compute/33-02/desc/collections/name_usages_get.md create mode 100755 openapi-specs/compute/33-02/desc/collections/post.md create mode 100644 openapi-specs/compute/33-02/desc/console_saas.png create mode 100644 openapi-specs/compute/33-02/desc/containers/containers.md create mode 100644 openapi-specs/compute/33-02/desc/containers/count_get.md create mode 100644 openapi-specs/compute/33-02/desc/containers/download_get.md create mode 100644 openapi-specs/compute/33-02/desc/containers/filters_get.md create mode 100644 openapi-specs/compute/33-02/desc/containers/get.md create mode 100644 openapi-specs/compute/33-02/desc/containers/labels_get.md create mode 100644 openapi-specs/compute/33-02/desc/containers/names_get.md create mode 100644 openapi-specs/compute/33-02/desc/containers/scan_post.md create mode 100644 openapi-specs/compute/33-02/desc/credentials/credentials.md create mode 100644 openapi-specs/compute/33-02/desc/credentials/get.md create mode 100644 openapi-specs/compute/33-02/desc/credentials/id_delete.md create mode 100644 openapi-specs/compute/33-02/desc/credentials/id_usages_get.md create mode 100644 openapi-specs/compute/33-02/desc/credentials/post.md create mode 100644 openapi-specs/compute/33-02/desc/curl_examples.md create mode 100644 openapi-specs/compute/33-02/desc/current/collections_get.md create mode 100644 openapi-specs/compute/33-02/desc/current/projects_get.md create mode 100644 openapi-specs/compute/33-02/desc/custom-compliance/custom-compliance.md create mode 100644 openapi-specs/compute/33-02/desc/custom-compliance/get.md create mode 100644 openapi-specs/compute/33-02/desc/custom-compliance/id_delete.md create mode 100644 openapi-specs/compute/33-02/desc/custom-compliance/put.md create mode 100644 openapi-specs/compute/33-02/desc/custom-rules/custom-rules.md create mode 100644 openapi-specs/compute/33-02/desc/custom-rules/get.md create mode 100644 openapi-specs/compute/33-02/desc/custom-rules/id_delete.md create mode 100644 openapi-specs/compute/33-02/desc/custom-rules/id_put.md create mode 100644 openapi-specs/compute/33-02/desc/cves/cves.md create mode 100644 openapi-specs/compute/33-02/desc/cves/distribution_get.md create mode 100644 openapi-specs/compute/33-02/desc/cves/get.md create mode 100644 openapi-specs/compute/33-02/desc/defenders/app_embedded_post.md create mode 100644 openapi-specs/compute/33-02/desc/defenders/daemonset_yaml_get.md create mode 100644 openapi-specs/compute/33-02/desc/defenders/daemonset_yaml_post.md create mode 100644 openapi-specs/compute/33-02/desc/defenders/defenders.md create mode 100644 openapi-specs/compute/33-02/desc/defenders/download_get.md create mode 100644 openapi-specs/compute/33-02/desc/defenders/fargate_json_post.md create mode 100644 openapi-specs/compute/33-02/desc/defenders/fargate_yaml_post.md create mode 100644 openapi-specs/compute/33-02/desc/defenders/get.md create mode 100644 openapi-specs/compute/33-02/desc/defenders/helm_get.md create mode 100644 openapi-specs/compute/33-02/desc/defenders/helm_post.md create mode 100644 openapi-specs/compute/33-02/desc/defenders/id_delete.md create mode 100644 openapi-specs/compute/33-02/desc/defenders/id_features_post.md create mode 100644 openapi-specs/compute/33-02/desc/defenders/id_restart_post.md create mode 100644 openapi-specs/compute/33-02/desc/defenders/id_upgrade_post.md create mode 100644 openapi-specs/compute/33-02/desc/defenders/image-name_get.md create mode 100644 openapi-specs/compute/33-02/desc/defenders/install-bundle_get.md create mode 100644 openapi-specs/compute/33-02/desc/defenders/names_get.md create mode 100644 openapi-specs/compute/33-02/desc/defenders/rasp_post.md create mode 100644 openapi-specs/compute/33-02/desc/defenders/serverless-bundle_post.md create mode 100644 openapi-specs/compute/33-02/desc/defenders/summary_get.md create mode 100644 openapi-specs/compute/33-02/desc/defenders/tas-cloud-controller-address_get.md create mode 100644 openapi-specs/compute/33-02/desc/defenders/upgrade_post.md create mode 100644 openapi-specs/compute/33-02/desc/deployment/daemonsets_deploy_post.md create mode 100644 openapi-specs/compute/33-02/desc/deployment/daemonsets_get.md create mode 100644 openapi-specs/compute/33-02/desc/deployment/deployment.md create mode 100644 openapi-specs/compute/33-02/desc/feeds/custom-vulnerabilities_get.md create mode 100644 openapi-specs/compute/33-02/desc/feeds/custom-vulnerabilities_put.md create mode 100644 openapi-specs/compute/33-02/desc/feeds/custom_vulnerabilities_digest_get.md create mode 100644 openapi-specs/compute/33-02/desc/feeds/cve_allow_list_digest_get.md create mode 100644 openapi-specs/compute/33-02/desc/feeds/cve_allow_list_get.md create mode 100644 openapi-specs/compute/33-02/desc/feeds/cve_allow_list_put.md create mode 100644 openapi-specs/compute/33-02/desc/feeds/feeds.md create mode 100644 openapi-specs/compute/33-02/desc/feeds/ips_digest_get.md create mode 100644 openapi-specs/compute/33-02/desc/feeds/ips_get.md create mode 100644 openapi-specs/compute/33-02/desc/feeds/ips_put.md create mode 100644 openapi-specs/compute/33-02/desc/feeds/malware_digest_get.md create mode 100644 openapi-specs/compute/33-02/desc/feeds/malware_get.md create mode 100644 openapi-specs/compute/33-02/desc/feeds/malware_put.md create mode 100644 openapi-specs/compute/33-02/desc/feeds/refresh_post.md create mode 100644 openapi-specs/compute/33-02/desc/forensic/activities_download_get.md create mode 100644 openapi-specs/compute/33-02/desc/forensic/activities_get.md create mode 100644 openapi-specs/compute/33-02/desc/forensic/forensic.md create mode 100644 openapi-specs/compute/33-02/desc/groups/get.md create mode 100644 openapi-specs/compute/33-02/desc/groups/groups.md create mode 100644 openapi-specs/compute/33-02/desc/groups/id_delete.md create mode 100644 openapi-specs/compute/33-02/desc/groups/id_put.md create mode 100644 openapi-specs/compute/33-02/desc/groups/names.md create mode 100644 openapi-specs/compute/33-02/desc/groups/post.md create mode 100644 openapi-specs/compute/33-02/desc/high-availability/get.md create mode 100644 openapi-specs/compute/33-02/desc/hosts/download_get.md create mode 100644 openapi-specs/compute/33-02/desc/hosts/evaluate_get.md create mode 100644 openapi-specs/compute/33-02/desc/hosts/filters_get.md create mode 100644 openapi-specs/compute/33-02/desc/hosts/get.md create mode 100644 openapi-specs/compute/33-02/desc/hosts/hosts.md create mode 100644 openapi-specs/compute/33-02/desc/hosts/info_get.md create mode 100644 openapi-specs/compute/33-02/desc/hosts/scan_post.md create mode 100644 openapi-specs/compute/33-02/desc/how_to_eval_console.md create mode 100644 openapi-specs/compute/33-02/desc/images/defender_layer_get.md create mode 100644 openapi-specs/compute/33-02/desc/images/defender_rasp_get.md create mode 100644 openapi-specs/compute/33-02/desc/images/download_get.md create mode 100644 openapi-specs/compute/33-02/desc/images/evaluate_get.md create mode 100644 openapi-specs/compute/33-02/desc/images/get.md create mode 100644 openapi-specs/compute/33-02/desc/images/images.md create mode 100644 openapi-specs/compute/33-02/desc/images/names_get.md create mode 100644 openapi-specs/compute/33-02/desc/images/scan_post.md create mode 100644 openapi-specs/compute/33-02/desc/images/twistlock_defender_app_embedded_tar_gz_get.md create mode 100644 openapi-specs/compute/33-02/desc/images/twistlock_defender_layer_zip_post.md create mode 100644 openapi-specs/compute/33-02/desc/images/twistlock_defender_tar_gz_get.md create mode 100644 openapi-specs/compute/33-02/desc/intro.md create mode 100644 openapi-specs/compute/33-02/desc/kubernetes/kubernetes.md create mode 100644 openapi-specs/compute/33-02/desc/kubernetes/scan_post.md create mode 100644 openapi-specs/compute/33-02/desc/logs/console_get.md create mode 100644 openapi-specs/compute/33-02/desc/logs/defender_download_get.md create mode 100644 openapi-specs/compute/33-02/desc/logs/defender_get.md create mode 100644 openapi-specs/compute/33-02/desc/logs/logs.md create mode 100644 openapi-specs/compute/33-02/desc/logs/system_download_get.md create mode 100644 openapi-specs/compute/33-02/desc/pcf-droplets/addresses_get.md create mode 100644 openapi-specs/compute/33-02/desc/pcf-droplets/download_get.md create mode 100644 openapi-specs/compute/33-02/desc/pcf-droplets/get.md create mode 100644 openapi-specs/compute/33-02/desc/pcf-droplets/pcf-droplets.md create mode 100644 openapi-specs/compute/33-02/desc/pcf-droplets/scan_post.md create mode 100644 openapi-specs/compute/33-02/desc/pcf-droplets/stop_post.md create mode 100644 openapi-specs/compute/33-02/desc/policies/compliance_ci_images_get.md create mode 100644 openapi-specs/compute/33-02/desc/policies/compliance_ci_images_put.md create mode 100644 openapi-specs/compute/33-02/desc/policies/compliance_ci_serverless_get.md create mode 100644 openapi-specs/compute/33-02/desc/policies/compliance_ci_serverless_put.md create mode 100644 openapi-specs/compute/33-02/desc/policies/compliance_container_get.md create mode 100644 openapi-specs/compute/33-02/desc/policies/compliance_container_impacted_get.md create mode 100644 openapi-specs/compute/33-02/desc/policies/compliance_container_put.md create mode 100755 openapi-specs/compute/33-02/desc/policies/compliance_host_get.md create mode 100755 openapi-specs/compute/33-02/desc/policies/compliance_host_put.md create mode 100755 openapi-specs/compute/33-02/desc/policies/compliance_serverless_get.md create mode 100755 openapi-specs/compute/33-02/desc/policies/compliance_serverless_put.md create mode 100755 openapi-specs/compute/33-02/desc/policies/compliance_vms_get.md create mode 100644 openapi-specs/compute/33-02/desc/policies/compliance_vms_impacted_get.md create mode 100755 openapi-specs/compute/33-02/desc/policies/compliance_vms_put.md create mode 100644 openapi-specs/compute/33-02/desc/policies/docker_get.md create mode 100644 openapi-specs/compute/33-02/desc/policies/docker_put.md create mode 100644 openapi-specs/compute/33-02/desc/policies/firewall_app-embedded_get.md create mode 100644 openapi-specs/compute/33-02/desc/policies/firewall_app-embedded_put.md create mode 100644 openapi-specs/compute/33-02/desc/policies/firewall_app_agentless_get.md create mode 100644 openapi-specs/compute/33-02/desc/policies/firewall_app_agentless_impacted_get.md create mode 100644 openapi-specs/compute/33-02/desc/policies/firewall_app_agentless_put.md create mode 100644 openapi-specs/compute/33-02/desc/policies/firewall_app_agentless_resources_get.md create mode 100644 openapi-specs/compute/33-02/desc/policies/firewall_app_agentless_state_get.md create mode 100644 openapi-specs/compute/33-02/desc/policies/firewall_app_apispec_post.md create mode 100644 openapi-specs/compute/33-02/desc/policies/firewall_app_container_get.md create mode 100644 openapi-specs/compute/33-02/desc/policies/firewall_app_container_impacted_get.md create mode 100644 openapi-specs/compute/33-02/desc/policies/firewall_app_container_put.md create mode 100644 openapi-specs/compute/33-02/desc/policies/firewall_app_host_get.md create mode 100644 openapi-specs/compute/33-02/desc/policies/firewall_app_host_impacted_get.md create mode 100644 openapi-specs/compute/33-02/desc/policies/firewall_app_host_put.md create mode 100644 openapi-specs/compute/33-02/desc/policies/firewall_app_network_list_get.md create mode 100644 openapi-specs/compute/33-02/desc/policies/firewall_app_network_list_id_delete.md create mode 100644 openapi-specs/compute/33-02/desc/policies/firewall_app_network_list_post.md create mode 100644 openapi-specs/compute/33-02/desc/policies/firewall_app_network_list_put.md create mode 100644 openapi-specs/compute/33-02/desc/policies/firewall_app_out-of-band_get.md create mode 100644 openapi-specs/compute/33-02/desc/policies/firewall_app_out-of-band_impacted_get.md create mode 100644 openapi-specs/compute/33-02/desc/policies/firewall_app_out-of-band_put.md create mode 100644 openapi-specs/compute/33-02/desc/policies/firewall_app_rasp_get.md create mode 100644 openapi-specs/compute/33-02/desc/policies/firewall_app_rasp_put.md create mode 100644 openapi-specs/compute/33-02/desc/policies/firewall_app_serverless_get.md create mode 100644 openapi-specs/compute/33-02/desc/policies/firewall_app_serverless_put.md create mode 100644 openapi-specs/compute/33-02/desc/policies/firewall_network_container_get.md create mode 100644 openapi-specs/compute/33-02/desc/policies/firewall_network_container_put.md create mode 100644 openapi-specs/compute/33-02/desc/policies/firewall_network_entities_get.md create mode 100644 openapi-specs/compute/33-02/desc/policies/firewall_network_entities_put.md create mode 100644 openapi-specs/compute/33-02/desc/policies/policies.md create mode 100755 openapi-specs/compute/33-02/desc/policies/runtime_app-embedded_get.md create mode 100644 openapi-specs/compute/33-02/desc/policies/runtime_app-embedded_post.md create mode 100644 openapi-specs/compute/33-02/desc/policies/runtime_app-embedded_put.md create mode 100644 openapi-specs/compute/33-02/desc/policies/runtime_container_get.md create mode 100644 openapi-specs/compute/33-02/desc/policies/runtime_container_impacted_get.md create mode 100644 openapi-specs/compute/33-02/desc/policies/runtime_container_post.md create mode 100644 openapi-specs/compute/33-02/desc/policies/runtime_container_put.md create mode 100644 openapi-specs/compute/33-02/desc/policies/runtime_host_get.md create mode 100644 openapi-specs/compute/33-02/desc/policies/runtime_host_post.md create mode 100644 openapi-specs/compute/33-02/desc/policies/runtime_host_put.md create mode 100644 openapi-specs/compute/33-02/desc/policies/runtime_rasp_get.md create mode 100644 openapi-specs/compute/33-02/desc/policies/runtime_rasp_put.md create mode 100644 openapi-specs/compute/33-02/desc/policies/runtime_serverless_get.md create mode 100644 openapi-specs/compute/33-02/desc/policies/runtime_serverless_post.md create mode 100644 openapi-specs/compute/33-02/desc/policies/runtime_serverless_put.md create mode 100644 openapi-specs/compute/33-02/desc/policies/secrets_get.md create mode 100644 openapi-specs/compute/33-02/desc/policies/secrets_put.md create mode 100644 openapi-specs/compute/33-02/desc/policies/trust_get.md create mode 100644 openapi-specs/compute/33-02/desc/policies/trust_put.md create mode 100644 openapi-specs/compute/33-02/desc/policies/vulnerability_base_images_download.md create mode 100644 openapi-specs/compute/33-02/desc/policies/vulnerability_base_images_get.md create mode 100644 openapi-specs/compute/33-02/desc/policies/vulnerability_base_images_id_delete.md create mode 100644 openapi-specs/compute/33-02/desc/policies/vulnerability_base_images_post.md create mode 100644 openapi-specs/compute/33-02/desc/policies/vulnerability_ci_images_get.md create mode 100644 openapi-specs/compute/33-02/desc/policies/vulnerability_ci_images_put.md create mode 100644 openapi-specs/compute/33-02/desc/policies/vulnerability_ci_serverless_get.md create mode 100644 openapi-specs/compute/33-02/desc/policies/vulnerability_ci_serverless_put.md create mode 100644 openapi-specs/compute/33-02/desc/policies/vulnerability_coderepos_get.md create mode 100644 openapi-specs/compute/33-02/desc/policies/vulnerability_coderepos_impacted_get.md create mode 100644 openapi-specs/compute/33-02/desc/policies/vulnerability_coderepos_put.md create mode 100644 openapi-specs/compute/33-02/desc/policies/vulnerability_host_get.md create mode 100644 openapi-specs/compute/33-02/desc/policies/vulnerability_host_impacted_get.md create mode 100644 openapi-specs/compute/33-02/desc/policies/vulnerability_host_put.md create mode 100644 openapi-specs/compute/33-02/desc/policies/vulnerability_images_get.md create mode 100644 openapi-specs/compute/33-02/desc/policies/vulnerability_images_impacted_get.md create mode 100644 openapi-specs/compute/33-02/desc/policies/vulnerability_images_put.md create mode 100644 openapi-specs/compute/33-02/desc/policies/vulnerability_serverless_get.md create mode 100644 openapi-specs/compute/33-02/desc/policies/vulnerability_serverless_put.md create mode 100644 openapi-specs/compute/33-02/desc/policies/vulnerability_vms_get.md create mode 100644 openapi-specs/compute/33-02/desc/policies/vulnerability_vms_impacted_get.md create mode 100644 openapi-specs/compute/33-02/desc/policies/vulnerability_vms_put.md create mode 100644 openapi-specs/compute/33-02/desc/profiles/app-embedded_download_get.md create mode 100644 openapi-specs/compute/33-02/desc/profiles/app-embedded_get.md create mode 100644 openapi-specs/compute/33-02/desc/profiles/container_download_get.md create mode 100644 openapi-specs/compute/33-02/desc/profiles/container_filters_get.md create mode 100644 openapi-specs/compute/33-02/desc/profiles/container_get.md create mode 100644 openapi-specs/compute/33-02/desc/profiles/container_learn_post.md create mode 100644 openapi-specs/compute/33-02/desc/profiles/host_download_get.md create mode 100644 openapi-specs/compute/33-02/desc/profiles/host_get.md create mode 100644 openapi-specs/compute/33-02/desc/profiles/host_id_rule_get.md create mode 100644 openapi-specs/compute/33-02/desc/profiles/profiles.md create mode 100644 openapi-specs/compute/33-02/desc/profiles/service_download_get.md create mode 100644 openapi-specs/compute/33-02/desc/profiles/service_get.md create mode 100644 openapi-specs/compute/33-02/desc/profiles/service_id_learn_post.md create mode 100644 openapi-specs/compute/33-02/desc/profiles/service_learn_post.md create mode 100644 openapi-specs/compute/33-02/desc/profiles/service_names_get.md create mode 100644 openapi-specs/compute/33-02/desc/projects/get.md create mode 100644 openapi-specs/compute/33-02/desc/projects/name_delete.md create mode 100644 openapi-specs/compute/33-02/desc/projects/name_put.md create mode 100644 openapi-specs/compute/33-02/desc/projects/post.md create mode 100644 openapi-specs/compute/33-02/desc/projects/projects.md create mode 100644 openapi-specs/compute/33-02/desc/radar/container_clean_post.md create mode 100644 openapi-specs/compute/33-02/desc/radar/container_delete.md create mode 100644 openapi-specs/compute/33-02/desc/radar/container_export_get.md create mode 100644 openapi-specs/compute/33-02/desc/radar/container_filters_get.md create mode 100644 openapi-specs/compute/33-02/desc/radar/container_get.md create mode 100644 openapi-specs/compute/33-02/desc/radar/host_delete.md create mode 100644 openapi-specs/compute/33-02/desc/radar/host_export_get.md create mode 100644 openapi-specs/compute/33-02/desc/radar/host_get.md create mode 100644 openapi-specs/compute/33-02/desc/radar/radar.md create mode 100644 openapi-specs/compute/33-02/desc/radar/serverless_get.md create mode 100644 openapi-specs/compute/33-02/desc/radar/serverless_progress_get.md create mode 100644 openapi-specs/compute/33-02/desc/radar/serverless_scan_post.md create mode 100644 openapi-specs/compute/33-02/desc/radar/serverless_stop_post.md create mode 100644 openapi-specs/compute/33-02/desc/rbac/rbac.md create mode 100644 openapi-specs/compute/33-02/desc/rbac/role_delete.md create mode 100644 openapi-specs/compute/33-02/desc/rbac/roles_get.md create mode 100644 openapi-specs/compute/33-02/desc/rbac/roles_post.md create mode 100644 openapi-specs/compute/33-02/desc/rbac/roles_put.md create mode 100644 openapi-specs/compute/33-02/desc/recovery/backup_get.md create mode 100644 openapi-specs/compute/33-02/desc/recovery/backup_id_delete.md create mode 100644 openapi-specs/compute/33-02/desc/recovery/backup_id_patch.md create mode 100644 openapi-specs/compute/33-02/desc/recovery/backup_post.md create mode 100644 openapi-specs/compute/33-02/desc/recovery/recovery.md create mode 100644 openapi-specs/compute/33-02/desc/recovery/restore_id_post.md create mode 100644 openapi-specs/compute/33-02/desc/registry/download_get.md create mode 100644 openapi-specs/compute/33-02/desc/registry/get.md create mode 100644 openapi-specs/compute/33-02/desc/registry/get_registry_progress.md create mode 100644 openapi-specs/compute/33-02/desc/registry/names_get.md create mode 100644 openapi-specs/compute/33-02/desc/registry/registry.md create mode 100644 openapi-specs/compute/33-02/desc/registry/scan_post.md create mode 100644 openapi-specs/compute/33-02/desc/registry/scan_select_post.md create mode 100644 openapi-specs/compute/33-02/desc/registry/stop_id_post.md create mode 100644 openapi-specs/compute/33-02/desc/registry/stop_post.md create mode 100644 openapi-specs/compute/33-02/desc/registry/webhook_webhook_delete.md create mode 100644 openapi-specs/compute/33-02/desc/registry/webhook_webhook_post.md create mode 100644 openapi-specs/compute/33-02/desc/sandbox/post.md create mode 100644 openapi-specs/compute/33-02/desc/sandbox/sandbox.md create mode 100644 openapi-specs/compute/33-02/desc/sbom/download_ci_images_get.md create mode 100644 openapi-specs/compute/33-02/desc/sbom/download_cli_serverless_get.md create mode 100644 openapi-specs/compute/33-02/desc/sbom/download_hosts_get.md create mode 100644 openapi-specs/compute/33-02/desc/sbom/download_images_get.md create mode 100644 openapi-specs/compute/33-02/desc/sbom/download_registry_get.md create mode 100644 openapi-specs/compute/33-02/desc/sbom/download_serverless_get.md create mode 100644 openapi-specs/compute/33-02/desc/sbom/download_vms_get.md create mode 100644 openapi-specs/compute/33-02/desc/sbom/sbom_intro.md create mode 100644 openapi-specs/compute/33-02/desc/scans/download_get.md create mode 100644 openapi-specs/compute/33-02/desc/scans/filter_get.md create mode 100644 openapi-specs/compute/33-02/desc/scans/get.md create mode 100644 openapi-specs/compute/33-02/desc/scans/id_get.md create mode 100644 openapi-specs/compute/33-02/desc/scans/post.md create mode 100644 openapi-specs/compute/33-02/desc/scans/scans.md create mode 100644 openapi-specs/compute/33-02/desc/scans/sonatype_post.md create mode 100644 openapi-specs/compute/33-02/desc/scans/vms_post.md create mode 100644 openapi-specs/compute/33-02/desc/scripts/console_sh_get.md create mode 100644 openapi-specs/compute/33-02/desc/scripts/defender_ps1_get.md create mode 100644 openapi-specs/compute/33-02/desc/scripts/defender_sh_get.md create mode 100644 openapi-specs/compute/33-02/desc/scripts/scripts.md create mode 100644 openapi-specs/compute/33-02/desc/serverless/download_get.md create mode 100644 openapi-specs/compute/33-02/desc/serverless/embed_post.md create mode 100644 openapi-specs/compute/33-02/desc/serverless/evaluate_post.md create mode 100644 openapi-specs/compute/33-02/desc/serverless/get.md create mode 100644 openapi-specs/compute/33-02/desc/serverless/names_get.md create mode 100644 openapi-specs/compute/33-02/desc/serverless/scan_post.md create mode 100644 openapi-specs/compute/33-02/desc/serverless/serverless.md create mode 100644 openapi-specs/compute/33-02/desc/serverless/stop_post.md create mode 100644 openapi-specs/compute/33-02/desc/settings/alerts_get.md create mode 100644 openapi-specs/compute/33-02/desc/settings/alerts_options_get.md create mode 100644 openapi-specs/compute/33-02/desc/settings/alerts_post.md create mode 100644 openapi-specs/compute/33-02/desc/settings/certificates_post.md create mode 100644 openapi-specs/compute/33-02/desc/settings/certs_get.md create mode 100644 openapi-specs/compute/33-02/desc/settings/certs_post.md create mode 100644 openapi-specs/compute/33-02/desc/settings/coderepos_get.md create mode 100644 openapi-specs/compute/33-02/desc/settings/coderepos_put.md create mode 100644 openapi-specs/compute/33-02/desc/settings/console-certificates_post.md create mode 100644 openapi-specs/compute/33-02/desc/settings/custom-labels_get.md create mode 100644 openapi-specs/compute/33-02/desc/settings/custom-labels_post.md create mode 100644 openapi-specs/compute/33-02/desc/settings/defender_get.md create mode 100644 openapi-specs/compute/33-02/desc/settings/forensic_get.md create mode 100644 openapi-specs/compute/33-02/desc/settings/forensic_post.md create mode 100644 openapi-specs/compute/33-02/desc/settings/initialized_get.md create mode 100644 openapi-specs/compute/33-02/desc/settings/intelligence-windows_post.md create mode 100644 openapi-specs/compute/33-02/desc/settings/intelligence_get.md create mode 100644 openapi-specs/compute/33-02/desc/settings/intelligence_post.md create mode 100644 openapi-specs/compute/33-02/desc/settings/latest-version_get.md create mode 100644 openapi-specs/compute/33-02/desc/settings/latest_version_get.md create mode 100644 openapi-specs/compute/33-02/desc/settings/ldap_get.md create mode 100644 openapi-specs/compute/33-02/desc/settings/ldap_post.md create mode 100644 openapi-specs/compute/33-02/desc/settings/license_get.md create mode 100644 openapi-specs/compute/33-02/desc/settings/license_post.md create mode 100644 openapi-specs/compute/33-02/desc/settings/logging_get.md create mode 100644 openapi-specs/compute/33-02/desc/settings/logging_post.md create mode 100644 openapi-specs/compute/33-02/desc/settings/logon_get.md create mode 100644 openapi-specs/compute/33-02/desc/settings/logon_post.md create mode 100644 openapi-specs/compute/33-02/desc/settings/oauth_get.md create mode 100644 openapi-specs/compute/33-02/desc/settings/oauth_post.md create mode 100644 openapi-specs/compute/33-02/desc/settings/oidc_get.md create mode 100644 openapi-specs/compute/33-02/desc/settings/oidc_post.md create mode 100644 openapi-specs/compute/33-02/desc/settings/pcf_get.md create mode 100644 openapi-specs/compute/33-02/desc/settings/pcf_post.md create mode 100644 openapi-specs/compute/33-02/desc/settings/projects_get.md create mode 100644 openapi-specs/compute/33-02/desc/settings/projects_post.md create mode 100644 openapi-specs/compute/33-02/desc/settings/proxy_get.md create mode 100644 openapi-specs/compute/33-02/desc/settings/proxy_post.md create mode 100644 openapi-specs/compute/33-02/desc/settings/registry_get.md create mode 100644 openapi-specs/compute/33-02/desc/settings/registry_post.md create mode 100644 openapi-specs/compute/33-02/desc/settings/registry_put.md create mode 100644 openapi-specs/compute/33-02/desc/settings/saml_get.md create mode 100644 openapi-specs/compute/33-02/desc/settings/saml_post.md create mode 100644 openapi-specs/compute/33-02/desc/settings/scan_get.md create mode 100644 openapi-specs/compute/33-02/desc/settings/scan_post.md create mode 100644 openapi-specs/compute/33-02/desc/settings/secrets_get.md create mode 100644 openapi-specs/compute/33-02/desc/settings/secrets_post.md create mode 100644 openapi-specs/compute/33-02/desc/settings/serverless-scan_get.md create mode 100644 openapi-specs/compute/33-02/desc/settings/serverless-scan_post.md create mode 100644 openapi-specs/compute/33-02/desc/settings/serverless_get.md create mode 100644 openapi-specs/compute/33-02/desc/settings/serverless_post.md create mode 100644 openapi-specs/compute/33-02/desc/settings/serverless_scan_put.md create mode 100644 openapi-specs/compute/33-02/desc/settings/settings.md create mode 100644 openapi-specs/compute/33-02/desc/settings/system_get.md create mode 100644 openapi-specs/compute/33-02/desc/settings/tas_get.md create mode 100644 openapi-specs/compute/33-02/desc/settings/tas_post.md create mode 100644 openapi-specs/compute/33-02/desc/settings/telemetry_get.md create mode 100644 openapi-specs/compute/33-02/desc/settings/telemetry_post.md create mode 100644 openapi-specs/compute/33-02/desc/settings/trusted_certificate_post.md create mode 100644 openapi-specs/compute/33-02/desc/settings/trusted_certificates_post.md create mode 100644 openapi-specs/compute/33-02/desc/settings/vm_get.md create mode 100644 openapi-specs/compute/33-02/desc/settings/vm_put.md create mode 100644 openapi-specs/compute/33-02/desc/settings/wildfire_get.md create mode 100644 openapi-specs/compute/33-02/desc/signup/post.md create mode 100644 openapi-specs/compute/33-02/desc/signup/signup.md create mode 100644 openapi-specs/compute/33-02/desc/static/capabilities_get.md create mode 100644 openapi-specs/compute/33-02/desc/static/regions_get.md create mode 100644 openapi-specs/compute/33-02/desc/static/static.md create mode 100644 openapi-specs/compute/33-02/desc/static/syscalls_get.md create mode 100644 openapi-specs/compute/33-02/desc/static/vulnerabilities_get.md create mode 100644 openapi-specs/compute/33-02/desc/stats/app_firewall_count_get.md create mode 100644 openapi-specs/compute/33-02/desc/stats/compliance.md create mode 100644 openapi-specs/compute/33-02/desc/stats/compliance_download_get.md create mode 100644 openapi-specs/compute/33-02/desc/stats/compliance_get.md create mode 100644 openapi-specs/compute/33-02/desc/stats/compliance_refresh.md create mode 100644 openapi-specs/compute/33-02/desc/stats/compliance_refresh_post.md create mode 100644 openapi-specs/compute/33-02/desc/stats/daily.md create mode 100644 openapi-specs/compute/33-02/desc/stats/daily_get.md create mode 100644 openapi-specs/compute/33-02/desc/stats/dashboard.md create mode 100644 openapi-specs/compute/33-02/desc/stats/dashboard_get.md create mode 100644 openapi-specs/compute/33-02/desc/stats/events_get.md create mode 100644 openapi-specs/compute/33-02/desc/stats/license_get.md create mode 100644 openapi-specs/compute/33-02/desc/stats/stats.md create mode 100644 openapi-specs/compute/33-02/desc/stats/vulnerabilities.md create mode 100644 openapi-specs/compute/33-02/desc/stats/vulnerabilities_download_get.md create mode 100644 openapi-specs/compute/33-02/desc/stats/vulnerabilities_get.md create mode 100644 openapi-specs/compute/33-02/desc/stats/vulnerabilities_impacted_resources_download_get.md create mode 100644 openapi-specs/compute/33-02/desc/stats/vulnerabilities_impacted_resources_get.md create mode 100644 openapi-specs/compute/33-02/desc/stats/vulnerabilities_refresh.md create mode 100644 openapi-specs/compute/33-02/desc/stats/vulnerabilities_refresh_post.md create mode 100644 openapi-specs/compute/33-02/desc/stats/workload_get.md create mode 100644 openapi-specs/compute/33-02/desc/statuses/buildah_get.md create mode 100644 openapi-specs/compute/33-02/desc/statuses/intelligence.md create mode 100644 openapi-specs/compute/33-02/desc/statuses/intelligence_get.md create mode 100644 openapi-specs/compute/33-02/desc/statuses/registry_get.md create mode 100644 openapi-specs/compute/33-02/desc/statuses/secrets_get.md create mode 100644 openapi-specs/compute/33-02/desc/statuses/serverless-radar_get.md create mode 100644 openapi-specs/compute/33-02/desc/statuses/statuses.md create mode 100644 openapi-specs/compute/33-02/desc/tags/get.md create mode 100644 openapi-specs/compute/33-02/desc/tags/img/CentOS-Vuln-Bin-Package-CVE-tagged-Ignored-Vuln.png create mode 100644 openapi-specs/compute/33-02/desc/tags/img/CentOS-Vuln-Bin-Package-Info.png create mode 100644 openapi-specs/compute/33-02/desc/tags/img/Tagged-Vulnerability.png create mode 100644 openapi-specs/compute/33-02/desc/tags/img/Tagging-only-Vulnerability.png create mode 100644 openapi-specs/compute/33-02/desc/tags/img/Ubuntu-Vuln-Bin-Package-CVE-tagged-Ignored-Vuln.png create mode 100644 openapi-specs/compute/33-02/desc/tags/img/Ubuntu-Vuln-Bin-Package-Info.png create mode 100644 openapi-specs/compute/33-02/desc/tags/name_delete.md create mode 100644 openapi-specs/compute/33-02/desc/tags/name_put.md create mode 100644 openapi-specs/compute/33-02/desc/tags/post.md create mode 100644 openapi-specs/compute/33-02/desc/tags/tag_cve_delete.md create mode 100644 openapi-specs/compute/33-02/desc/tags/tag_cve_post.md create mode 100644 openapi-specs/compute/33-02/desc/tags/tags.md create mode 100644 openapi-specs/compute/33-02/desc/tas-droplets/download_get.md create mode 100644 openapi-specs/compute/33-02/desc/tas-droplets/get.md create mode 100644 openapi-specs/compute/33-02/desc/tas-droplets/get_tas_addresses.md create mode 100644 openapi-specs/compute/33-02/desc/tas-droplets/progress_get.md create mode 100644 openapi-specs/compute/33-02/desc/tas-droplets/scan_post.md create mode 100644 openapi-specs/compute/33-02/desc/tas-droplets/stop_post.md create mode 100644 openapi-specs/compute/33-02/desc/trust/data_get.md create mode 100644 openapi-specs/compute/33-02/desc/trust/data_put.md create mode 100644 openapi-specs/compute/33-02/desc/trust/get.md create mode 100644 openapi-specs/compute/33-02/desc/trust/id_delete.md create mode 100644 openapi-specs/compute/33-02/desc/trust/id_put.md create mode 100644 openapi-specs/compute/33-02/desc/trust/learn_get.md create mode 100644 openapi-specs/compute/33-02/desc/trust/learn_post.md create mode 100644 openapi-specs/compute/33-02/desc/trust/post.md create mode 100644 openapi-specs/compute/33-02/desc/trust/trust.md create mode 100644 openapi-specs/compute/33-02/desc/users/get.md create mode 100644 openapi-specs/compute/33-02/desc/users/id_delete.md create mode 100644 openapi-specs/compute/33-02/desc/users/password_put.md create mode 100644 openapi-specs/compute/33-02/desc/users/post.md create mode 100644 openapi-specs/compute/33-02/desc/users/put.md create mode 100644 openapi-specs/compute/33-02/desc/users/users.md create mode 100644 openapi-specs/compute/33-02/desc/util/osx_twistcli_arm64_get.md create mode 100644 openapi-specs/compute/33-02/desc/util/osx_twistcli_get.md create mode 100644 openapi-specs/compute/33-02/desc/util/twistcli_arm64_get.md create mode 100644 openapi-specs/compute/33-02/desc/util/twistcli_get.md create mode 100644 openapi-specs/compute/33-02/desc/util/twistlock_jenkins_plugin_get.md create mode 100644 openapi-specs/compute/33-02/desc/util/twistlock_tas_tile_get.md create mode 100644 openapi-specs/compute/33-02/desc/util/util.md create mode 100644 openapi-specs/compute/33-02/desc/util/windows_twistcli_get.md create mode 100644 openapi-specs/compute/33-02/desc/version/get.md create mode 100644 openapi-specs/compute/33-02/desc/version/version.md create mode 100644 openapi-specs/compute/33-02/desc/vms/download_get.md create mode 100644 openapi-specs/compute/33-02/desc/vms/get.md create mode 100644 openapi-specs/compute/33-02/desc/vms/labels_get.md create mode 100644 openapi-specs/compute/33-02/desc/vms/names_get.md create mode 100644 openapi-specs/compute/33-02/desc/vms/scan_post.md create mode 100644 openapi-specs/compute/33-02/desc/vms/stop_post.md create mode 100644 openapi-specs/compute/33-02/desc/vms/vms.md create mode 100644 openapi-specs/compute/33-02/desc/waas/openapi-scans_post.md rename openapi-specs/compute/{ => 33-02}/openapi-33-02-130-sh.json (100%) create mode 100644 openapi-specs/compute/openapi-33-03-138-sh.json rename openapi-specs/cwpp/{ => 33-02}/openapi-33-02-130-saas.json (100%) create mode 100644 openapi-specs/cwpp/openapi-33-03-138-saas.json create mode 100644 products/compute/api/33-02/access-api-self-hosted.md create mode 100644 products/compute/api/33-02/set-up-console.md create mode 100644 products/compute/api/33-02/stable-endpoints.md create mode 100644 products/compute/api/33-02/welcome-prisma-cloud-apis.md diff --git a/docusaurus.config.ts b/docusaurus.config.ts index 9fc654292..00ba02109 100644 --- a/docusaurus.config.ts +++ b/docusaurus.config.ts @@ -1044,8 +1044,8 @@ const config = { specPath: "openapi-specs/compute", outputDir: "products/compute/api", sidebarOptions: { groupPathsBy: "tag", categoryLinkSource: "tag" }, - version: "33.02", - label: "v33.02", + version: "33.03", + label: "v33.03", showExtensions: true, hideSendButton: true, baseUrl: "/compute/api/", @@ -1099,6 +1099,13 @@ const config = { sidebarOptions: { groupPathsBy: "tag", categoryLinkSource: "tag" }, baseUrl: "/compute/api/33-01/", }, + compute_3302: { + specPath: "openapi-specs/compute/33-02", + outputDir: "products/compute/api/33-02", + showExtensions: true, + sidebarOptions: { groupPathsBy: "tag", categoryLinkSource: "tag" }, + baseUrl: "/compute/api/33-02/", + }, }, }, ], diff --git a/openapi-specs/compute/33-02/desc/SCAP/get.md b/openapi-specs/compute/33-02/desc/SCAP/get.md new file mode 100644 index 000000000..a25abe94e --- /dev/null +++ b/openapi-specs/compute/33-02/desc/SCAP/get.md @@ -0,0 +1,11 @@ +This endpoint will return any SCAP datastreams uploaded to the console. This endpoint will return a 404 error if you have not configured your console to consume SCAP datastreams. + +The following is an example curl command that uses basic auth to retrieve any uploaded datastreams configured for SCAP scanning: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https://:8083/api/v1/scap +``` diff --git a/openapi-specs/compute/33-02/desc/SCAP/id_delete.md b/openapi-specs/compute/33-02/desc/SCAP/id_delete.md new file mode 100644 index 000000000..39f1b0132 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/SCAP/id_delete.md @@ -0,0 +1,11 @@ +This endpoint will delete any SCAP datastreams uploaded to the console. You can find `xml_name` from the `GET /api/v1/scap` endpoint. + +The following is an example curl command that uses basic auth to delete an uploaded datastreams configured for SCAP scanning: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X DELETE \ + https://:8083/api/v1/scap/{xml_name} +``` diff --git a/openapi-specs/compute/33-02/desc/SCAP/post.md b/openapi-specs/compute/33-02/desc/SCAP/post.md new file mode 100644 index 000000000..d459a0e97 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/SCAP/post.md @@ -0,0 +1,12 @@ +This endpoint will allow you to add a SCAP datastream to the console. + +The following is an example curl command that uses basic auth to add an uploaded datastreams configured for SCAP scanning: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + -d '{"XMLName":{"Space":"","Local":""}}' \ + https://:8083/api/v1/scap +``` diff --git a/openapi-specs/compute/33-02/desc/SCAP/scap.md b/openapi-specs/compute/33-02/desc/SCAP/scap.md new file mode 100644 index 000000000..7fb3222a8 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/SCAP/scap.md @@ -0,0 +1,2 @@ +Import custom security checklists and evaluate them against your container images. +Custom checklists complement the predefined compliance checks provided in the default Prisma Cloud Compute installation. diff --git a/openapi-specs/compute/33-02/desc/_ping/_ping.md b/openapi-specs/compute/33-02/desc/_ping/_ping.md new file mode 100644 index 000000000..3df18386f --- /dev/null +++ b/openapi-specs/compute/33-02/desc/_ping/_ping.md @@ -0,0 +1 @@ +Checks if the Console is alive, responsive, and reachable from your network host. \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/_ping/get.md b/openapi-specs/compute/33-02/desc/_ping/get.md new file mode 100644 index 000000000..8e143ef67 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/_ping/get.md @@ -0,0 +1,14 @@ +Checks if Console is reachable from your network host. + +### cURL Request + +Refer to the following cURL example command that pings Console and prints the HTTP response code: + +```bash +$ curl -k \ + -s \ + -o /dev/null \ + -w "%{http_code}\n" \ + -X GET \ + https:///api/v/_ping +``` \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/agentless/agentless.md b/openapi-specs/compute/33-02/desc/agentless/agentless.md new file mode 100644 index 000000000..e827c642d --- /dev/null +++ b/openapi-specs/compute/33-02/desc/agentless/agentless.md @@ -0,0 +1,6 @@ +The agentless security scan monitors hosts and containers for vulnerabilities and compliance risks by scanning the root volumes of snapshots without the need to install an agent. +Supported cloud service provider platforms for agentless scanning: +* Hosts - Amazon AWS, Google Cloud Platform, Microsoft Azure, and Oracle Cloud Infrastructure. +* Containers- AWS, Azure, and GCP + +When you add a cloud account in the Prisma Cloud Compute (Manage > Cloud accounts), enable the agentless scan option and configure the scan scope. \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/agentless/get_agentless_progress.md b/openapi-specs/compute/33-02/desc/agentless/get_agentless_progress.md new file mode 100644 index 000000000..b98ed9da5 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/agentless/get_agentless_progress.md @@ -0,0 +1,31 @@ +Shows the progress of an ongoing scan on hosts or containers for vulnerabilities and compliance. + +### cURL Request + +Refer to the following example cURL command: + +``` +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + “https:///api/v/agentless/progress” +``` + +### cURL Response + +Refer to the following example cURL response: + +``` +{ + "hostname": "", + "id": "", + "scanTime": "2022-11-09T11:10:51.649Z", + "type": "agentlessHost", + "discovery": true, + "total": 5, + "scanned": 2, + "title": "Agentless discovering" + } +] +``` \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/agentless/post_agentless_scan.md b/openapi-specs/compute/33-02/desc/agentless/post_agentless_scan.md new file mode 100644 index 000000000..f1295cdc4 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/agentless/post_agentless_scan.md @@ -0,0 +1,17 @@ +Scans the hosts or containers for vulnerabilities and compliance. + +**Before you begin** +Make sure that you download (use the agentless/templates API) and apply the permission templates in the supported cloud accounts: AWS, Azure, GCP, and OCI. + + +### cURL Request + +Refer to the following example cURL command: + +``` +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + “https:///api/v/agentless/scan” +``` \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/agentless/post_agentless_stop.md b/openapi-specs/compute/33-02/desc/agentless/post_agentless_stop.md new file mode 100644 index 000000000..ab83960cc --- /dev/null +++ b/openapi-specs/compute/33-02/desc/agentless/post_agentless_stop.md @@ -0,0 +1,13 @@ +Stops an ongoing scan on hosts or containers for vulnerabilities and compliance. + +### cURL Request + +Refer to the following example cURL command: + +``` +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + “https:///api/v/agentless/stop” +``` \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/agentless/post_agentless_templates.md b/openapi-specs/compute/33-02/desc/agentless/post_agentless_templates.md new file mode 100644 index 000000000..96be32555 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/agentless/post_agentless_templates.md @@ -0,0 +1,41 @@ +Downloads a tarball file that contains the agentless resource permission templates for the cloud accounts. Apply these permission templates to complete the onboarding process for agentless scanning. + +* AWS: The tarball contains templates in JSON format ending with the following names: + * _aws_hub_target_user_permissions.json + * _aws_hub_user_permissions.json + * _aws_target_user_permissions.json + +For more information on how to apply the permission templates, refer to the "Configure agentless scanning" section in the Prisma Cloud Compute administration guide. + +* Azure: Use the following script, that comes bundled in the tarball file, to apply permission template to an Azure cloud account: + * apply_azure_permissions.sh: Run the script with a location (that specifies location of the resource) parameter. For more information on location parameters, see [resource location in ARM template](https://learn.microsoft.com/en-us/azure/azure-resource-manager/templates/resource-location?tabs=azure-cli). + +* OCI: Use the following script, that comes bundled in the tarball file, to apply permission template to an OCI cloud account: + * pcc-apply-permissions.sh: Run the script with a compartment name parameter. + +* GCP: The tarball contains Jinja templates in YAML format ending with the following names: + * _hub_target_access_permissions.yaml.jinja + * _hub_target_user_permissions.yaml.jinja + * _hub_user_permissions.yaml.jinja + * _target_user_permissions.yaml.jinja + +For more information on how to apply the permission templates, refer to the "Configure agentless scanning" section in the Prisma Cloud Compute administration guide. + +**Note**: The body parameter `credentialID` is required to download templates in tar.gz format. + +### Before you begin +Add the supported cloud accounts (AWS, Azure, GCP, and OCI) in Prisma Cloud Compute. + +### cURL Request + +Refer to the following example cURL command: + +``` +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + -O \ + -d {"credentialID":"aws_docs"} \ + “https:///api/v/agentless/templates” +``` diff --git a/openapi-specs/compute/33-02/desc/alert-profiles/alert-profiles.md b/openapi-specs/compute/33-02/desc/alert-profiles/alert-profiles.md new file mode 100644 index 000000000..a8a915094 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/alert-profiles/alert-profiles.md @@ -0,0 +1,8 @@ +Manage alert profiles, which let you surface critical policy breaches by sending alerts to channels, such as email, Slack, and JIRA. + +Alert profiles define which events should be sent to which channel. +Each profile declares: + +* One or more recipients. +* One or more triggers, that raise alerts by sending messages on the configured channel. + diff --git a/openapi-specs/compute/33-02/desc/alert-profiles/get.md b/openapi-specs/compute/33-02/desc/alert-profiles/get.md new file mode 100644 index 000000000..82647e248 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/alert-profiles/get.md @@ -0,0 +1,11 @@ +Retrieve a list of all alert profiles created in the system. + +The following example curl command uses basic auth to retrieve all alert profiles: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https://:8083/api/v1/alert-profiles +``` diff --git a/openapi-specs/compute/33-02/desc/alert-profiles/id_delete.md b/openapi-specs/compute/33-02/desc/alert-profiles/id_delete.md new file mode 100644 index 000000000..1a67fe20e --- /dev/null +++ b/openapi-specs/compute/33-02/desc/alert-profiles/id_delete.md @@ -0,0 +1,14 @@ +Deletes an alert profile entry by name. +In the request payload, specify the alert profile name. +This method has no response data. + +The following example curl command deletes an existing alert profile named `PROFILE-NAME`. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X DELETE \ + https://:8083/api/v1/alert-profiles/ +``` + diff --git a/openapi-specs/compute/33-02/desc/alert-profiles/names_get.md b/openapi-specs/compute/33-02/desc/alert-profiles/names_get.md new file mode 100644 index 000000000..cac14437b --- /dev/null +++ b/openapi-specs/compute/33-02/desc/alert-profiles/names_get.md @@ -0,0 +1,20 @@ +Retrieve a list of only the names of all alert profiles created in the system. + +The following example curl command uses basic auth to retrieve all alert profiles' names: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https://:8083/api/v1/alert-profiles/names +``` + +Example Response: + +``` +[ + "jira", + "aqsa vulns" +] +``` diff --git a/openapi-specs/compute/33-02/desc/alert-profiles/post.md b/openapi-specs/compute/33-02/desc/alert-profiles/post.md new file mode 100644 index 000000000..9fa643429 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/alert-profiles/post.md @@ -0,0 +1,32 @@ +Update an existing alert profile created in the system. + +The following example curl command uses basic auth to add a Jira Alert profile: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + https://:8083/api/v1/alert-profiles \ + -d ' { + "name": "jira", + "_id": "jira", + "jira": { + "enabled": true, + "projectKey": "TWIS", + "issueType": "Task", + "priority": "High", + "labels": [], + "assignee": "" + } + "policy": { + "cve": { + "enabled": true, + "allRules": true, + "rules": [], + "clients": [ + "jira" + ] + } + } ' +``` diff --git a/openapi-specs/compute/33-02/desc/alert-profiles/test_post.md b/openapi-specs/compute/33-02/desc/alert-profiles/test_post.md new file mode 100644 index 000000000..1fc745efa --- /dev/null +++ b/openapi-specs/compute/33-02/desc/alert-profiles/test_post.md @@ -0,0 +1,14 @@ +Sends a test alert to verify successful configuration of the alert profile settings. + +The following example curl command uses basic auth to send test alert for an email alert profile: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + -d + https://:8083/api/v1/alert-profiles/test +``` + +In this case, the `REQUEST-PAYLOAD` would be the full JSON formatted alert profile from the base `GET` command diff --git a/openapi-specs/compute/33-02/desc/api_restrictions.md b/openapi-specs/compute/33-02/desc/api_restrictions.md new file mode 100644 index 000000000..1b7b00515 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/api_restrictions.md @@ -0,0 +1,8 @@ +Paginated API requests are capped to a max of 50 returned objects because very large responses could DoS Console. + +If the response contains more than 50 objects, cycle through the collection with the `offset` query parameter to retrieve more objects. +For example: + +``` +https:///api/v1/images?limit=50&offset=X +``` diff --git a/openapi-specs/compute/33-02/desc/application-control/application-control.md b/openapi-specs/compute/33-02/desc/application-control/application-control.md new file mode 100644 index 000000000..11b8e0d9d --- /dev/null +++ b/openapi-specs/compute/33-02/desc/application-control/application-control.md @@ -0,0 +1 @@ +Prisma Cloud Compute creates and stores host application rules for your environment. \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/application-control/get.md b/openapi-specs/compute/33-02/desc/application-control/get.md new file mode 100644 index 000000000..5bd600beb --- /dev/null +++ b/openapi-specs/compute/33-02/desc/application-control/get.md @@ -0,0 +1,11 @@ +Retrieves the host application control rules. + +The following example curl command uses basic auth to retrieve the control rules: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + “https:///api/v/application-control/host” +``` \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/application-control/id_delete.md b/openapi-specs/compute/33-02/desc/application-control/id_delete.md new file mode 100644 index 000000000..9b636266d --- /dev/null +++ b/openapi-specs/compute/33-02/desc/application-control/id_delete.md @@ -0,0 +1 @@ +Removes the given rule from the list of host application control rules. \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/application-control/put.md b/openapi-specs/compute/33-02/desc/application-control/put.md new file mode 100644 index 000000000..adf1a8a4c --- /dev/null +++ b/openapi-specs/compute/33-02/desc/application-control/put.md @@ -0,0 +1 @@ + Update and inserts the host application control rule to the database and returns the upserted rule. \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/audits/access_delete.md b/openapi-specs/compute/33-02/desc/audits/access_delete.md new file mode 100644 index 000000000..37f33ca64 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/audits/access_delete.md @@ -0,0 +1,10 @@ +Deletes **all** access audits. This deletion cannot be undone. + + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X DELETE \ + https://console:8083/api/v1/audits/access +``` diff --git a/openapi-specs/compute/33-02/desc/audits/access_download_get.md b/openapi-specs/compute/33-02/desc/audits/access_download_get.md new file mode 100644 index 000000000..1700deb8d --- /dev/null +++ b/openapi-specs/compute/33-02/desc/audits/access_download_get.md @@ -0,0 +1,12 @@ +Returns the docker access audit events data in CSV format that are logged and aggregated for any container resource protected by a Defender in Prisma Cloud Compute. + +**Note**: You can download the access events from Console under **Monitor > Events > Docker audits > Download CSV**. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: text/csv' \ + -X GET \ + -O \ + "https:///api/v/audits/access/download?type=docker" +``` diff --git a/openapi-specs/compute/33-02/desc/audits/access_filters_get.md b/openapi-specs/compute/33-02/desc/audits/access_filters_get.md new file mode 100644 index 000000000..00ac061c1 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/audits/access_filters_get.md @@ -0,0 +1,37 @@ +Retrieves all access audits by specific host filters. +There are three types of host filters based on host history, sudo events on host and SSHD events on hosts. + +The following example uses basic auth to list history of commands that are run on hosts protected by Prisma Cloud Compute. + + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https://console:8083/api/v1/history/host +``` + +The following command gives list of sudo events on hosts. + + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https://console:8083/api/v1/audits/access/filters?type=sudo + +``` + +The following command gives list of SSHD events on hosts. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https://console:8083/api/v1/audits/access/filters?type=sshd + +``` + diff --git a/openapi-specs/compute/33-02/desc/audits/access_get.md b/openapi-specs/compute/33-02/desc/audits/access_get.md new file mode 100644 index 000000000..2401391c7 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/audits/access_get.md @@ -0,0 +1,43 @@ +Retrieves all docker access audit events that are logged and aggregated for any container resource protected by a Defender in Prisma Cloud Compute. + +You can configure Prisma Cloud Compute to log and aggregate events such as sudo and SSH access on hosts protected by Defender. These events create an audit trail that tracks system components accessed by individual users. + +**Note**: Access events can also be viewed in Console under **Monitor > Events > Docker audits**. + +### cURL Request +Refer to the following example cURL command that gives a list of all access audit events: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/audits/access" +``` + +### cURL response +``` +[ + { + "containerName": "/compliance_block_container_photon_fua", + "imageName": "alpine:latest", + "user": "", + "time": "2022-11-08T18:24:09.249Z", + "hostname": "jen-photon-v3-0811t165215-cont-def-pre-lngcon230", + "fqdn": "", + "sourceIP": "", + "allow": false, + "ruleName": "compliance_block_container_rule_svn", + "api": "create", + "msg": "[Twistlock] Container operation blocked by policy: compliance_block_container_rule_svn, has 1 compliance issues ", + "collections": [ + "All", + "compliance_block_container_yue" + ], + "accountID": "twistlock-test-123456", + "cluster": "", + "namespace": "" + } +... +] +``` diff --git a/openapi-specs/compute/33-02/desc/audits/admission_download_get.md b/openapi-specs/compute/33-02/desc/audits/admission_download_get.md new file mode 100644 index 000000000..9571c483f --- /dev/null +++ b/openapi-specs/compute/33-02/desc/audits/admission_download_get.md @@ -0,0 +1,14 @@ +Returns the access admission events data in CSV format that were alerted or blocked by Defender functioning as Open Policy Agent admission controller. + +### cURL Request +Refer to the following example cURL command that downloads the admission audit events: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: text/csv' \ + -X GET \ + -o \ + "https:///api/v/audits/admission/download" + +``` \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/audits/admission_get.md b/openapi-specs/compute/33-02/desc/audits/admission_get.md new file mode 100644 index 000000000..84414496c --- /dev/null +++ b/openapi-specs/compute/33-02/desc/audits/admission_get.md @@ -0,0 +1,44 @@ +Returns all activities that were alerted or blocked by Defender functioning as Open Policy Agent admission controller. + +### cURL Request +Refer to the following example cURL command that gives a list of all admission audit events: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/audits/admission" + +``` +### cURL response + +``` +{ + "time": "2022-11-24T13:46:37.057Z", + "ruleName": "Twistlock Labs - CIS - Pod created in host process ID namespace", + "message": "Pod created in host process ID namespace", + "operation": "CREATE", + "kind": "Pod", + "resource": "pods", + "username": "kubernetes-admin", + "userUid": "aws-iam-authenticator:496947949261:AIDAXHNDH53GRQMZMIOQT", + "userGroups": "system:masters, system:authenticated", + "namespace": "default", + "effect": "alert", + "rawRequest": "{\"uid\":\"78d11e35-14ab-4b19-b3d3-a97b4252b56f\",\"kind\":{\"group\":\"\",\"version\":\"v1\",\"kind\":\"Pod\"},\"resource\":{\"group\":\"\",\"version\":\"v1\",\"resource\":\"pods\"},\"requestKind\":{\"group\":\"\",\"version\":\"v1\",\"kind\":\"Pod\"},\"requestResource\":{\"group\":\"\",\"version\":\"v1\",\"resource\":\"pods\"},\"name\":\"nginx2\",\"namespace\":\"default\",\"operation\":\"CREATE\",\"userInfo\":{\"username\":\"kubernetes-admin\",\"uid\":... + ... + ... + ... +}”, + "accountID": "496947949261", + "collections": [ + "All" + ], + "cluster": "johndoe-eks-123", + "attackTechniques": [ + "privilegedContainer" + ] +} + +``` \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/audits/audits.md b/openapi-specs/compute/33-02/desc/audits/audits.md new file mode 100644 index 000000000..6747921a1 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/audits/audits.md @@ -0,0 +1,3 @@ +Retrieve audits from the Prisma Cloud Compute database. +Prisma Cloud Compute creates and stores audit events for the components that are associated with a policy (rule) and shows deviation from that policy. +Endpoints support a wide range of filtering options. \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/audits/firewall_network_container_download_get.md b/openapi-specs/compute/33-02/desc/audits/firewall_network_container_download_get.md new file mode 100644 index 000000000..29029ac6d --- /dev/null +++ b/openapi-specs/compute/33-02/desc/audits/firewall_network_container_download_get.md @@ -0,0 +1,21 @@ +Returns the Cloud Native Network Segmentation (CNNS) container audit events data in CSV format. + +For more information, see the [Cloud Native Network Segmentation (CNNS)](https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin-compute/firewalls/cnns_saas) + +For containers, rules are defined between: +* Image to image. +* Image to Image to an external network not protected by Prisma Cloud. +* Image to DNS domain. + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: text/csv' \ + -X GET \ + -o \ + "https:///api/v/audits/firewall/network/container/download" +``` diff --git a/openapi-specs/compute/33-02/desc/audits/firewall_network_container_get.md b/openapi-specs/compute/33-02/desc/audits/firewall_network_container_get.md new file mode 100644 index 000000000..454558a44 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/audits/firewall_network_container_get.md @@ -0,0 +1,64 @@ +Retrieves all Cloud Native Network Segmentation (CNNS) container audit events. + +For more information, see the [Cloud Native Network Segmentation (CNNS)](https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin-compute/firewalls/cnns_saas) + +For containers, rules are defined between: +* Image to image. +* Image to an external network not protected by Prisma Cloud. +* Image to DNS domain. + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/audits/firewall/network/container" +``` + +### cURL Response + +``` +{ + "_id": "localhost", + "time": "2022-11-14T11:02:43.151Z", + "total": 1, + "resource": { + "images": [ + "" + ] + }, + "collections": [ + "All", + "user123" + ], + "audits": { + "unexpectedConnection": { + "count": 1, + "audits": [ + { + "ruleID": 4, + "time": "2022-11-14T11:02:43.151Z", + "type": "unexpectedConnection", + "srcProfileID": "sha256:8d5df41c547bd107c14368ad302efc46760940ae188df451cabc23e10f7f161b_user_tkgi-users", + "dstProfileID": "20", + "srcProfileHash": 228, + "srcContainerName": "users-ubuntu", + "dstContainerName": "", + "dstSubnet": "localhost", + "srcImageName": "docker.io/library/ubuntu:18.04", + "dstImageName": "", + "dstPort": 8000, + "block": false, + "count": 1, + "msg": "Unexpected connection to ip 127.0.0.1" + } + ] + } + } + } + +``` diff --git a/openapi-specs/compute/33-02/desc/audits/firewall_network_host_download_get.md b/openapi-specs/compute/33-02/desc/audits/firewall_network_host_download_get.md new file mode 100644 index 000000000..768dd00d7 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/audits/firewall_network_host_download_get.md @@ -0,0 +1,19 @@ +Returns the Cloud Native Network Segmentation (CNNS) host audit events data in CSV format. + +For hosts, rules are defined between: +* Host to host. +* Host to an external network not protected by Prisma Cloud. + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: text/csv' \ + -X GET \ + -o \ + "https:///api/v/audits/firewall/network/host/download" +``` + diff --git a/openapi-specs/compute/33-02/desc/audits/firewall_network_host_get.md b/openapi-specs/compute/33-02/desc/audits/firewall_network_host_get.md new file mode 100644 index 000000000..e5dc4c399 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/audits/firewall_network_host_get.md @@ -0,0 +1,96 @@ +Retrieves all Cloud Native Network Segmentation (CNNS) host audits. + +For hosts, rules are defined between: +* Host to host. +* Host to an external network not protected by Prisma Cloud + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/audits/firewall/network/host" +``` + +### cURL Response + +``` +{ + "_id": "john-photon-v3-0811t165011-host-def-pre-lngcon230", + "time": "2022-11-08T20:22:52.207Z", + "total": 4, + "resource": { + "hosts": [ + "john-cen8-cons-dock-0811t160649-cons-ssugandh-lngcon230.c.twistlock-test-247119.internal", + "john-photon-v3-0811t165011-host-def-pre-lngcon230" + ], + "accountIDs": [ + "twistlock-test-247119" + ] + }, + "collections": [ + "All", + "registry_scan_container_cen8-container_22_11_384_piu", + "photon-v3-host_crn", + "compliance_photon_etz", + "cnnf_cen8_client_itu", + "cnnf_photon_server_fsr" + ], + "audits": { + "unexpectedConnection": { + "count": 4, + "audits": [ + { + "ruleID": 15, + "time": "2022-11-08T20:22:52.207Z", + "type": "unexpectedConnection", + "srcHostname": "john-cen8-cons-dock-0811t160649-cons-ssugandh-lngcon230.c.twistlock-test-247119.internal", + "dstHostname": "john-photon-v3-0811t165011-host-def-pre-lngcon230", + "dstPort": 80, + "block": false, + "count": 1, + "accountID": "twistlock-test-247119" + }, + { + "ruleID": 15, + "time": "2022-11-08T20:22:48.175Z", + "type": "unexpectedConnection", + "srcHostname": "john-cen8-cons-dock-0811t160649-cons-ssugandh-lngcon230.c.twistlock-test-247119.internal", + "dstHostname": "john-photon-v3-0811t165011-host-def-pre-lngcon230", + "dstPort": 80, + "block": false, + "count": 1, + "accountID": "twistlock-test-247119" + }, + { + "ruleID": 15, + "time": "2022-11-08T20:22:46.127Z", + "type": "unexpectedConnection", + "srcHostname": "john-cen8-cons-dock-0811t160649-cons-ssugandh-lngcon230.c.twistlock-test-247119.internal", + "dstHostname": "john-photon-v3-0811t165011-host-def-pre-lngcon230", + "dstPort": 80, + "block": false, + "count": 1, + "accountID": "twistlock-test-247119" + }, + { + "ruleID": 15, + "time": "2022-11-08T20:22:45.122Z", + "type": "unexpectedConnection", + "srcHostname": "john-cen8-cons-dock-0811t160649-cons-ssugandh-lngcon230.c.twistlock-test-247119.internal", + "dstHostname": "john-photon-v3-0811t165011-host-def-pre-lngcon230", + "dstPort": 80, + "block": false, + "count": 1, + "accountID": "twistlock-test-247119" + } + ] + } + } + } + +``` \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/audits/incidents_archive_patch.md b/openapi-specs/compute/33-02/desc/audits/incidents_archive_patch.md new file mode 100644 index 000000000..a1127a001 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/audits/incidents_archive_patch.md @@ -0,0 +1,18 @@ +Acknowledges an incident and moves it to an archived state. +Requires a path parameter: id, an Incident ID + +You can get an incident ID from the list of incidents using the endpoint GET /api/vVERSION/audits/incidents. + +### cURL Request +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X PATCH \ + -d {"acknowledged":true} \ + "https:///api/v/audits/incidents/acknowledge/637627beb2a8e98a1c36a9db" + +``` +To undo this action (unarchive an incident), set the body parameter "acknowledged": false \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/audits/incidents_download_get.md b/openapi-specs/compute/33-02/desc/audits/incidents_download_get.md new file mode 100644 index 000000000..2266c3471 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/audits/incidents_download_get.md @@ -0,0 +1,20 @@ +Downloads a list of incidents which are not acknowledged (i.e., not in archived state) in CSV format. +Prisma Cloud Compute analyzes individual audits and correlates them together to surface unfolding attacks. +These chains of related audits are called incidents. + +This endpoint maps to the **CSV** hyperlink in **Monitor > Runtime > Incident explorer** in the Console UI. + +### cURL Request + +The following cURL command downloads all incidents and saves the result in a CSV file called `incidents.csv`: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: text/csv' \ + -X GET \ + -o incidents.csv \ + https:///api/v/audits/incidents/download +``` + +A successful response displays the status of the download. diff --git a/openapi-specs/compute/33-02/desc/audits/incidents_filters_get.md b/openapi-specs/compute/33-02/desc/audits/incidents_filters_get.md new file mode 100644 index 000000000..7d1c6f303 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/audits/incidents_filters_get.md @@ -0,0 +1,15 @@ +This endpoint lists the incident categories found in your environment. + +The following example lists incident filters. + +```bash +$ curl -k \ + -u \ + https://console:8083/api/v1/audits/incidents/filters +``` + +Response: + +``` +{"hostname":["aqsa-lab.internal"],"category":["hijackedProcess","dataExfiltration"]} +``` diff --git a/openapi-specs/compute/33-02/desc/audits/incidents_get.md b/openapi-specs/compute/33-02/desc/audits/incidents_get.md new file mode 100644 index 000000000..7724a08c1 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/audits/incidents_get.md @@ -0,0 +1,19 @@ +Retrieves a list of incidents that are not acknowledged (i.e., not in archived state). +Prisma Cloud Compute analyzes individual audits and correlates them together to surface unfolding attacks. +These chains of related audits are called incidents. + +This endpoint maps to the table in **Monitor > Runtime > Incident explorer** in the Console UI. + +### cURL Request + +Refer to the following example cURL command that retrieves a list of unacknowledged incidents (not in the archived state): + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/audits/incidents?acknowledged=false" +``` + +A successful response returns the incidents. diff --git a/openapi-specs/compute/33-02/desc/audits/kubernetes_download_get.md b/openapi-specs/compute/33-02/desc/audits/kubernetes_download_get.md new file mode 100644 index 000000000..6008bd92a --- /dev/null +++ b/openapi-specs/compute/33-02/desc/audits/kubernetes_download_get.md @@ -0,0 +1,17 @@ +Returns the audit events data that occur in an integrated Kubernetes cluster that you configured for Prisma Cloud Compute under **Defend > Access > Kubernetes** in CSV format. + +**Note:** This endpoint relates to the **Monitor > Events > Kubernetes** audits in Prisma Cloud Compute. + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: text/csv' \ + -X GET \ + -o \ + "https:///api/v/audits/kubernetes/download" +``` + diff --git a/openapi-specs/compute/33-02/desc/audits/kubernetes_get.md b/openapi-specs/compute/33-02/desc/audits/kubernetes_get.md new file mode 100644 index 000000000..e1ecb8a88 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/audits/kubernetes_get.md @@ -0,0 +1,55 @@ +Retrieves events that occur in an integrated Kubernetes cluster that you configured for Prisma Cloud Compute under **Defend > Access > Kubernetes**. + +**Note:** This endpoint relates to the **Monitor > Events > Kubernetes** audits in Prisma Cloud Compute. + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/audits/kubernetes" +``` + +### cURL Response + +``` +{ + "time": "2022-11-23T16:20:20.383Z", + "verb": "io.k8s.core.v1.pods.exec.create", + "user": { + "username": "johndoe@paloaltonetworks.com" + }, + "authorizationInfo": { + "authorization.k8s.io/decision": "allow", + "authorization.k8s.io/reason": "access granted by IAM permissions.", + "failed-open.validating.webhook.admission.k8s.io/round_0_index_0": "validating-webhook.twistlock.com" + }, + "message": "Exec or attach to a pod detected on GKE", + "sourceIPs": [ + "private" + ], + "resources": "core/v1/namespaces/default/pods/test-pd/exec", + ... + ... + ..., + "attackTechniques": [ + "execIntoContainer" + ], + "cluster": "johndoe-gke-9916911d51921853", + "accountID": "twistlock-test-247119", + "provider": "gcp", + "collections": [ + "All", + "user1", + "tv test", + "tv test2" + ] + } + + +``` + diff --git a/openapi-specs/compute/33-02/desc/audits/mgmt_download_get.md b/openapi-specs/compute/33-02/desc/audits/mgmt_download_get.md new file mode 100644 index 000000000..ae3ef45b6 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/audits/mgmt_download_get.md @@ -0,0 +1,19 @@ +Returns the management audit events data in CSV format. + +Management audits are: +* Changes to any settings (including previous and new values) +* Changes to any rules (create, modify, or delete) +* Logon activities (success and failure) + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: text/csv' \ + -X GET \ + -o \ + "https:///api/v/audits/mgmt/download" +``` diff --git a/openapi-specs/compute/33-02/desc/audits/mgmt_filters_get.md b/openapi-specs/compute/33-02/desc/audits/mgmt_filters_get.md new file mode 100644 index 000000000..854977b99 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/audits/mgmt_filters_get.md @@ -0,0 +1,36 @@ +Retrieves a list of management audit types from your environment. +Use these filters to query management audit events. + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/audits/mgmt/filters" +``` +### cURL Response + +``` +{ + "type": [ + "group", + "login", + "role", + "rule", + "settings", + "user" + ], + "username": [ + "admin2", + "ReadOnly", + "admin", + "ci", + "development-user" + ] +} + +``` \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/audits/mgmt_get.md b/openapi-specs/compute/33-02/desc/audits/mgmt_get.md new file mode 100644 index 000000000..5b586cb5e --- /dev/null +++ b/openapi-specs/compute/33-02/desc/audits/mgmt_get.md @@ -0,0 +1,35 @@ +Retrieves a list of all management audit events. + +Management audit events are: +* Changes to any settings (including previous and new values) +* Changes to any rules (create, modify, or delete) +* Logon activities (success and failure) + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/audits/mgmt" +``` + +### cURL Response + +``` +{ + "username": "user", + "sourceIP": "10.47.99.218", + "time": "2022-11-22T03:11:15.39Z", + "type": "login", + "diff": "", + "status": "successful login attempt", + "failure": false, + "api": "/api/v1/authenticate" + } + + +``` diff --git a/openapi-specs/compute/33-02/desc/audits/runtime_app_embedded_download_get.md b/openapi-specs/compute/33-02/desc/audits/runtime_app_embedded_download_get.md new file mode 100644 index 000000000..f3d844ead --- /dev/null +++ b/openapi-specs/compute/33-02/desc/audits/runtime_app_embedded_download_get.md @@ -0,0 +1,14 @@ +Returns the app-embedded runtime audit events data in CSV format. + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: text/csv' \ + -X GET \ + -o \ + "https:///api/v/audits/runtime/app-embedded/download" +``` diff --git a/openapi-specs/compute/33-02/desc/audits/runtime_app_embedded_get.md b/openapi-specs/compute/33-02/desc/audits/runtime_app_embedded_get.md new file mode 100644 index 000000000..c1d72acfa --- /dev/null +++ b/openapi-specs/compute/33-02/desc/audits/runtime_app_embedded_get.md @@ -0,0 +1,48 @@ +Retrieves all app-embedded runtime audit events. + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/audits/runtime/app-embedded" +``` + +### cURL Response + +``` +{ + "_id": "636be11d2408ed63b48ebd44", + "time": "2022-11-09T17:19:25.12Z", + "hostname": "automation_azure_presetup-prevent-tvzwx:aa9f944f-0456-004d-7c69-fd444591fefd", + "fqdn": "", + "user": "root", + "type": "network", + "imageName": "automation_azure_presetup-prevent-tvzwx", + "imageId": "b446aac9-6ee0-f254-ff75-cb21755cebdb", + "effect": "prevent", + "ruleName": "automation_azure_presetup-prevent-tvzwx_wul", + "msg": "DNS resolution of domain name SandboxHost-638036111205626034 triggered by /usr/local/bin/python3.9 explicitly denied by a runtime rule", + "profileId": "automation_azure_presetup-prevent-tvzwx:aa9f944f-0456-004d-7c69-fd444591fefd_", + "pid": 28, + "processPath": "/usr/local/bin/python3.9", + "collections": [ + "All", + "automation_azure_presetup-prevent-tvzwx_dde" + ], + "attackType": "explicitlyDeniedDNS", + "count": 1, + "severity": "high", + "appID": "automation_azure_presetup-prevent-tvzwx:aa9f944f-0456-004d-7c69-fd444591fefd", + "version": "22.11.384", + "accountID": "Non-onboarded cloud accounts" +} +... +... +... + +``` diff --git a/openapi-specs/compute/33-02/desc/audits/runtime_container_delete.md b/openapi-specs/compute/33-02/desc/audits/runtime_container_delete.md new file mode 100644 index 000000000..ddc8e82d6 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/audits/runtime_container_delete.md @@ -0,0 +1,11 @@ +Deletes all container runtime audits. + +The following example curl command uses basic auth to delete all the audits: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X DELETE \ + https://:8083/api/v1/audits/runtime/container +``` diff --git a/openapi-specs/compute/33-02/desc/audits/runtime_container_download_get.md b/openapi-specs/compute/33-02/desc/audits/runtime_container_download_get.md new file mode 100644 index 000000000..20e673b5e --- /dev/null +++ b/openapi-specs/compute/33-02/desc/audits/runtime_container_download_get.md @@ -0,0 +1,15 @@ +Returns the container audit events data in CSV format when a runtime sensor such as process, network, file system, or system call detects an activity that deviates from the predictive model. + +**Note**: In Console, you can view the same under **Monitor > Events > Container Audits**. + +### cURL Request +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -X GET \ + -o \ + "https:///api/v/audits/runtime/container/download" + +``` \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/audits/runtime_container_get.md b/openapi-specs/compute/33-02/desc/audits/runtime_container_get.md new file mode 100644 index 000000000..11beffb24 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/audits/runtime_container_get.md @@ -0,0 +1,60 @@ +Retrieves all container audit events when a runtime sensor such as process, network, file system, or system call detects an activity that deviates from the predictive model. + +**Note**: In Console, you can view the same under **Monitor > Events > Container Audits**. + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/audits/runtime/container" +``` +### cURL Response + +``` +{ + "os": "Ubuntu 20.04.4 LTS", + "_id": "636a952a5a293a6ea06cbb87", + "time": "2022-11-08T17:43:06.68Z", + "hostname": "jen-sle15-dock-0811t165158-cont-def-pre-lngcon230.c.twistlock-test-247119.internal", + "fqdn": "", + "user": "root", + "type": "processes", + "containerId": "6d5b5401b0e406ad064e7020b663236d0df177fa7f4a060c2f21262c27a4a6b2", + "containerName": "/runtime-wf-base-alert", + "imageName": "usertwistlock/ubuntu:wf-base", + "imageId": "sha256:76913b92c0cbacbec7440a62d751c0a38aba1dde6aefe9e832d2a3aa0a3c3f9f", + "effect": "alert", + "ruleName": "sle15-container_alert_usertwistlock/ubuntu:wf-base_mqu", + "msg": "/usr/bin/dash launched but is not found in the runtime model. Full command: /bin/sh -c sleep 3; curl http://169.254.169.254:80", + "profileId": "sha256:76913b92c0cbacbec7440a62d751c0a38aba1dde6aefe9e832d2a3aa0a3c3f9f__", + "interactive": true, + "pid": 1955, + "processPath": "/usr/bin/dash", + "collections": [ + "All", + "Prisma Cloud resources", + "registry_scan_container_sle15-container_22_11_384_ghf", + "sle15-container_alert_cnd" + ], + "attackType": "unexpectedProcess", + "count": 1, + "container": true, + "severity": "high", + "region": "us-central1-a", + "accountID": "twistlock-test-247119", + "attackTechniques": [ + "nativeBinaryExecution" + ], + "command": "/bin/sh -c sleep 3; curl http://169.254.169.253:80", + "provider": "gcp" + } +... +... +... + +``` \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/audits/runtime_container_timeslice_get.md b/openapi-specs/compute/33-02/desc/audits/runtime_container_timeslice_get.md new file mode 100644 index 000000000..f65d477af --- /dev/null +++ b/openapi-specs/compute/33-02/desc/audits/runtime_container_timeslice_get.md @@ -0,0 +1,35 @@ +Retrieves the container audit events when a runtime sensor such as process, network, file system, or system call detects an activity that deviates from the predictive model for a specific time frame. + +**Note**: In Console, you can view the same under **Monitor > Events > Container Audits**. + +Use the following mandatory query parameters to fetch results: +* **from**: Specifies the start time in UTC standard of the time period for which the audit events are returned. +* **to**: Specifies the end time in UTC standard of the time period for which the audit events are returned. +* **buckets**: Specifies the number of buckets (buckets of audits based on aggregation logic) to return. Query within the range of 1-100. + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/audits/runtime/container/timeslice?from=2022-11-15T15:23:57Z&to=2022-11-16T15:23:57Z&buckets=5" +``` +### cURL Response + +``` +{ + "start": "2022-11-16T10:35:57Z", + "end": "2022-11-16T15:23:57Z", + "count": 87 +} + +``` + +**Response Parameters**: +* **start**: Specifies the start time of the bucket in date-time UTC format. +* **end**: Specifies the end time of the bucket in date-time UTC format. +* **count**: Specifies the number of audit occurrences. \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/audits/runtime_file-integrity_download_get.md b/openapi-specs/compute/33-02/desc/audits/runtime_file-integrity_download_get.md new file mode 100644 index 000000000..99ec70c52 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/audits/runtime_file-integrity_download_get.md @@ -0,0 +1,14 @@ +Returns the audit events data in CSV format for file-integrity checks that are configured under host runtime rules. + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + -o \ + "https:///api/v/audits/runtime/file-integrity/download" +``` \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/audits/runtime_file-integrity_get.md b/openapi-specs/compute/33-02/desc/audits/runtime_file-integrity_get.md new file mode 100644 index 000000000..53fec9f9f --- /dev/null +++ b/openapi-specs/compute/33-02/desc/audits/runtime_file-integrity_get.md @@ -0,0 +1,41 @@ +Retrieves all audit events for file-integrity checks that are configured under host runtime rules. + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/audits/runtime/file-integrity" +``` +### cURL Response + +``` +{ + "_id": "63762bc3b2a8e98a1c36a9e6", + "eventType": "read", + "path": "/etc/user/user", + "fileType": 2, + "processName": "cat", + "user": "ubuntu", + "time": "2022-11-17T12:40:35.046Z", + "description": "Process cat read from path (user: ubuntu)", + "hostname": "ip-172-31-9-109.ec2.internal", + "fqdn": "", + "ruleName": "user-host-arm", + "accountID": "496947949261", + "collections": [ + "All", + "waas_oob_collection", + "user123" + ], + "cluster": "" +} +... +... +... + +``` diff --git a/openapi-specs/compute/33-02/desc/audits/runtime_host_delete.md b/openapi-specs/compute/33-02/desc/audits/runtime_host_delete.md new file mode 100644 index 000000000..0ab1c877e --- /dev/null +++ b/openapi-specs/compute/33-02/desc/audits/runtime_host_delete.md @@ -0,0 +1,10 @@ +Deletes all host audits from the database. + +The following example curl command uses basic auth to delete all host audits: + +```bash +$ curl -k \ + -u \ + -X DELETE \ + https://:8083/api/v1/audits/runtime/host +``` diff --git a/openapi-specs/compute/33-02/desc/audits/runtime_host_download_get.md b/openapi-specs/compute/33-02/desc/audits/runtime_host_download_get.md new file mode 100644 index 000000000..4d0454f56 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/audits/runtime_host_download_get.md @@ -0,0 +1,15 @@ +Returns the runtime host audit events data in CSV format. + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: text/csv' \ + -X GET \ + -o \ + "https:///api/v/audits/runtime/host/download" +``` + diff --git a/openapi-specs/compute/33-02/desc/audits/runtime_host_get.md b/openapi-specs/compute/33-02/desc/audits/runtime_host_get.md new file mode 100644 index 000000000..044b8b42d --- /dev/null +++ b/openapi-specs/compute/33-02/desc/audits/runtime_host_get.md @@ -0,0 +1,45 @@ +Retrieves the runtime host audit events. + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/audits/runtime/host" +``` +### cURL Response + +``` +{ + "_id": "637628beb2a8e98a1c36a9e1", + "time": "2022-11-17T12:27:42.003Z", + "hostname": "ip-172-31-9-109.ec2.internal", + "fqdn": "", + "type": "network", + "effect": "alert", + "ruleName": "user-host-arm", + "msg": "DNS resolution of name www.yahoo.com, type AAAA explicitly denied by a runtime rule", + "profileId": "ip-172-31-9-109.ec2.internal", + "collections": [ + "All", + "waas_oob_collection", + "user123" + ], + "attackType": "explicitlyDeniedDNS", + "count": 1, + "severity": "high", + "region": "us-east-1", + "accountID": "496947949261", + "domain": "www.yahoo.com", + "provider": "aws", + "resourceID": "i-0bc31d26963bd2933" +} +... +... +... + +``` \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/audits/runtime_host_timeslice_get.md b/openapi-specs/compute/33-02/desc/audits/runtime_host_timeslice_get.md new file mode 100644 index 000000000..8933efa74 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/audits/runtime_host_timeslice_get.md @@ -0,0 +1,40 @@ +Retrieves the runtime host audit events for a specific time frame. + +**Note**: In Console, you can view the same under **Monitor > Events > Container Audits**. + +Use the following mandatory query parameters to fetch results: +* **from**: Specifies the start time in UTC standard of the time period for which the audit events are returned. +* **to**: Specifies the end time in UTC standard of the time period for which the audit events are returned. +* **buckets**: Specifies the number of buckets (buckets of audits based on aggregation logic) to return. Query within the range of 1-100. + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/audits/runtime/host/timeslice?from=2022-11-15T15:23:57Z&to=2022-11-16T15:23:57Z&buckets=5" +``` +### cURL Response + +``` +{ + "start": "2022-11-12T15:23:57Z", + "end": "2022-11-13T15:23:57Z", + "count": 2 +}, +{ + "start": "2022-11-13T15:23:57Z", + "end": "2022-11-14T15:23:57Z", + "count": 1 +} + +``` + +**Response Parameters**: +* **start**: Specifies the start time of the bucket in date-time UTC format. +* **end**: Specifies the end time of the bucket in date-time UTC format. +* **count**: Specifies the number of audit occurrences. \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/audits/runtime_log-inspection_download_get.md b/openapi-specs/compute/33-02/desc/audits/runtime_log-inspection_download_get.md new file mode 100644 index 000000000..f047ed96f --- /dev/null +++ b/openapi-specs/compute/33-02/desc/audits/runtime_log-inspection_download_get.md @@ -0,0 +1,15 @@ +Returns the audit events data in CSV format for log inspection checks that are configured under host runtime rules. + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: text/csv' \ + -X GET \ + -o \ + "https:///api/v/audits/incidents/runtime/log-inspection/download" +``` + diff --git a/openapi-specs/compute/33-02/desc/audits/runtime_log-inspection_get.md b/openapi-specs/compute/33-02/desc/audits/runtime_log-inspection_get.md new file mode 100644 index 000000000..49f0d7be4 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/audits/runtime_log-inspection_get.md @@ -0,0 +1,34 @@ +Retrieves all audit events for log inspection checks that are configured under host runtime rules. + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/audits/runtime/log-inspection" +``` + +### cURL Response + +``` +{ + "_id": "637639e2b962a7ae744851bf", + "logfile": "/var/lib/twistlock/log/console.log", + "line": "DEBU 2022-11-17T13:40:50.066 route_handler_middleware.go:507 GET /api/v1/audits/runtime/log-inspection?limit=20&offset=0&project=Central+Console&reverse=false&search=panic ssugandh admin 0.10s", + "time": "2022-11-17T13:40:50.067Z", + "hostname": "jen-cen8-cons-dock-0811t160649-cons-ssugandh-lngcon230.c.twistlock-test-247119.internal", + "ruleName": "panic_error_log", + "accountID": "twistlock-test-247119", + "collections": [ + "All", + "registry_scan_container_cen8-container_22_11_384_piu", + "cnnf_cen8_client_itu" + ], + "cluster": "" +} + +``` \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/audits/runtime_rasp_delete.md b/openapi-specs/compute/33-02/desc/audits/runtime_rasp_delete.md new file mode 100644 index 000000000..688e04038 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/audits/runtime_rasp_delete.md @@ -0,0 +1,9 @@ +Deletes all RASP Defender runtime audits. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X DELETE \ + https://:8083/api/v1/audits/runtime/rasp +``` diff --git a/openapi-specs/compute/33-02/desc/audits/runtime_rasp_download_get.md b/openapi-specs/compute/33-02/desc/audits/runtime_rasp_download_get.md new file mode 100644 index 000000000..303c75858 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/audits/runtime_rasp_download_get.md @@ -0,0 +1,10 @@ +Returns CSV data describing all RASP Defender runtime events. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: text/csv' \ + -X GET \ + -o rasp-audits.csv + https://:8083/api/v1/audits/runtime/rasp/download +``` diff --git a/openapi-specs/compute/33-02/desc/audits/runtime_rasp_get.md b/openapi-specs/compute/33-02/desc/audits/runtime_rasp_get.md new file mode 100644 index 000000000..229d908b1 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/audits/runtime_rasp_get.md @@ -0,0 +1,9 @@ +Returns JSON data describing all RASP Defender runtime events. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https://:8083/api/v1/audits/runtime/rasp/download +``` diff --git a/openapi-specs/compute/33-02/desc/audits/runtime_serverless_delete.md b/openapi-specs/compute/33-02/desc/audits/runtime_serverless_delete.md new file mode 100644 index 000000000..99ada0515 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/audits/runtime_serverless_delete.md @@ -0,0 +1,13 @@ +This endpoint will delete all serverless runtime audits. + +The following example curl command uses basic auth to delete the current audits: + + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X DELETE \ + https://:8083/api/v1/audits/runtime/serverless +``` + diff --git a/openapi-specs/compute/33-02/desc/audits/runtime_serverless_download_get.md b/openapi-specs/compute/33-02/desc/audits/runtime_serverless_download_get.md new file mode 100644 index 000000000..f829d2342 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/audits/runtime_serverless_download_get.md @@ -0,0 +1,14 @@ +Returns the scan audit events data in CSV format for any configured serverless functions in Prisma Cloud Compute. + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: text/csv' \ + -X GET \ + -o \ + "https:///api/v/audits/runtime/serverless/download" +``` diff --git a/openapi-specs/compute/33-02/desc/audits/runtime_serverless_filters_get.md b/openapi-specs/compute/33-02/desc/audits/runtime_serverless_filters_get.md new file mode 100644 index 000000000..b9bf38610 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/audits/runtime_serverless_filters_get.md @@ -0,0 +1,11 @@ +Returns all serverless filters in JSON format. +These filters can be used in the base `GET` request as query parameters. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https://CONSOLE_ADDRESS:PORT/api/v1/audits/runtime/serverless/filters +``` + diff --git a/openapi-specs/compute/33-02/desc/audits/runtime_serverless_get.md b/openapi-specs/compute/33-02/desc/audits/runtime_serverless_get.md new file mode 100644 index 000000000..045946886 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/audits/runtime_serverless_get.md @@ -0,0 +1,31 @@ +Retrieves all scan events for any configured serverless functions in Prisma Cloud Compute. + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/audits/runtime/serverless" +``` +### cURL Response + +``` +{ + "time": "2022-11-22T12:27:19.329Z", + "fqdn": "", + "type": "", + "effect": "", + "ruleName": "", + "msg": "C:\\home\\xmrig launched by C:\\Windows\\system32\\inetsrv\\w3wp.exe and is identified as a crypto miner. Full command: \"C:\\home\\xmrig\" /I windows C:\\Windows\\*", + "count": 1, + "function": "Test44", + "region": "Central US", + "runtime": "dotnet", + "provider": "azure" +} + +``` \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/audits/runtime_serverless_timeslice_get.md b/openapi-specs/compute/33-02/desc/audits/runtime_serverless_timeslice_get.md new file mode 100644 index 000000000..863890174 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/audits/runtime_serverless_timeslice_get.md @@ -0,0 +1,35 @@ +Retrieves all scan events for any configured serverless functions in Prisma Cloud Compute for a specific time frame. + +**Note**: In Console, you can view the same under **Monitor > Events > Container Audits**. + +Use the following mandatory query parameters to fetch results: +* **from**: Specifies the start time in UTC standard of the time period for which the audit events are returned. +* **to**: Specifies the end time in UTC standard of the time period for which the audit events are returned. +* **buckets**: Specifies the number of buckets (buckets of audits based on aggregation logic) to return. Query within the range of 1-100. + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/audits/runtime/serverless/timeslice?from=2022-11-15T15:23:57Z&to=2022-11-16T15:23:57Z&buckets=5" +``` +### cURL Response + +``` +{ + "start": "2022-10-23T06:35:50.254Z", + "end": "2022-10-24T04:58:47.103Z", + "count": 4 +} + +``` + +**Response Parameters**: +* **start**: Specifies the start time of the bucket in date-time UTC format. +* **end**: Specifies the end time of the bucket in date-time UTC format. +* **count**: Specifies the number of audit occurrences. \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/audits/trust_delete.md b/openapi-specs/compute/33-02/desc/audits/trust_delete.md new file mode 100644 index 000000000..0bfb2bd81 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/audits/trust_delete.md @@ -0,0 +1,9 @@ +Deletes all the trust audits from the events page in Console. + +``` +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X DELETE \ + https://:8083/api/v1/audits/trust +``` diff --git a/openapi-specs/compute/33-02/desc/audits/trust_download_get.md b/openapi-specs/compute/33-02/desc/audits/trust_download_get.md new file mode 100644 index 000000000..21c0e55a2 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/audits/trust_download_get.md @@ -0,0 +1,14 @@ +Returns the trust audit events data in CSV format. + + +### cURL Request +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: text/csv' \ + -X GET \ + -o \ + "https:///api/v/audits/trust/download" +``` diff --git a/openapi-specs/compute/33-02/desc/audits/trust_get.md b/openapi-specs/compute/33-02/desc/audits/trust_get.md new file mode 100644 index 000000000..8fb3a341d --- /dev/null +++ b/openapi-specs/compute/33-02/desc/audits/trust_get.md @@ -0,0 +1,103 @@ +Retrieves all the trust audit events. + +### cURL Request +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/audits/trust" +``` +### cURL Response + +``` +{ + "_id": "quay.io/openshift-release-dev/ocp-v4.0-art-dev", + "time": "2022-11-22T18:15:06.793Z", + "total": 7, + "resource": { + "images": [ + "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:9dd1b7719d2a52910d7860f22d038ab57e1d3aa5274a3d0850112394fdf4aec0" + ], + "accountIDs": [ + "twistlock-test-247119" + ], + "clusters": [ + "openshift-v1-22-89e95cb9-cri-o-1-22-5-14-rhaos4-9-git80a8e67-el8-u-openshift-370392" + ] + }, + "collections": [ + "All" + ], + "cluster": "openshift-v1-22-89e95cb9-cri-o-1-22-5-14-rhaos4-9-git80a8e67-el8-u-openshift-370392", + "audits": { + "untrusted": { + "count": 7, + "audits": [ + { + "_id": "quay.io/openshift-release-dev/ocp-v4.0-art-dev", + "time": "2022-11-22T18:15:06.793Z", + "imageName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c3f8fe342716c0d9ba925a65f6f234e5c4d9670e7ea84bd227cf2af454dd4f0d", + "imageID": "0fad6b33183ae7dbd050b095bdd1d004911ba8f49d08104d513f4e0e1ee460b1", + "effect": "alert", + "ruleName": "TV 1", + "msg": "Untrusted by rule TV 1", + "count": 1, + "accountID": "twistlock-test-247119", + "cluster": "openshift-v1-22-89e95cb9-cri-o-1-22-5-14-rhaos4-9-git80a8e67-el8-u-openshift-370392" + }, + { + "_id": "quay.io/openshift-release-dev/ocp-v4.0-art-dev", + "time": "2022-11-22T18:15:04.922Z", + "imageName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:9dd1b7719d2a52910d7860f22d038ab57e1d3aa5274a3d0850112394fdf4aec0", + "imageID": "90e290196294063f8638cbc4e4c8f1db669a0b2ff67ac2c3d6612e6f783ffbd3", + "effect": "alert", + "ruleName": "TV 1", + "msg": "Untrusted by rule TV 1", + "count": 1, + "accountID": "twistlock-test-247119", + "cluster": "openshift-v1-22-89e95cb9-cri-o-1-22-5-14-rhaos4-9-git80a8e67-el8-u-openshift-370392" + }, + { + "_id": "quay.io/openshift-release-dev/ocp-v4.0-art-dev", + "time": "2022-11-22T18:00:02.682Z", + "imageName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c3f8fe342716c0d9ba925a65f6f234e5c4d9670e7ea84bd227cf2af454dd4f0d", + "imageID": "0fad6b33183ae7dbd050b095bdd1d004911ba8f49d08104d513f4e0e1ee460b1", + "effect": "alert", + "ruleName": "TV 1", + "msg": "Untrusted by rule TV 1", + "count": 1, + "accountID": "twistlock-test-247119", + "cluster": "openshift-v1-22-89e95cb9-cri-o-1-22-5-14-rhaos4-9-git80a8e67-el8-u-openshift-370392" + }, + { + "_id": "quay.io/openshift-release-dev/ocp-v4.0-art-dev", + "time": "2022-11-22T18:00:00.733Z", + "imageName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:9dd1b7719d2a52910d7860f22d038ab57e1d3aa5274a3d0850112394fdf4aec0", + "imageID": "90e290196294063f8638cbc4e4c8f1db669a0b2ff67ac2c3d6612e6f783ffbd3", + "effect": "alert", + "ruleName": "TV 1", + "msg": "Untrusted by rule TV 1", + "count": 1, + "accountID": "twistlock-test-247119", + "cluster": "openshift-v1-22-89e95cb9-cri-o-1-22-5-14-rhaos4-9-git80a8e67-el8-u-openshift-370392" + }, + { + "_id": "quay.io/openshift-release-dev/ocp-v4.0-art-dev", + "time": "2022-11-22T17:45:14.196Z", + "imageName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c3f8fe342716c0d9ba925a65f6f234e5c4d9670e7ea84bd227cf2af454dd4f0d", + "imageID": "0fad6b33183ae7dbd050b095bdd1d004911ba8f49d08104d513f4e0e1ee460b1", + "effect": "alert", + "ruleName": "TV 1", + "msg": "Untrusted by rule TV 1", + "count": 1, + "accountID": "twistlock-test-247119", + "cluster": "openshift-v1-22-89e95cb9-cri-o-1-22-5-14-rhaos4-9-git80a8e67-el8-u-openshift-370392" + } + ] + } + } + } +``` \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/audits/waas_agentless_download_get.md b/openapi-specs/compute/33-02/desc/audits/waas_agentless_download_get.md new file mode 100644 index 000000000..bbfcd12f5 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/audits/waas_agentless_download_get.md @@ -0,0 +1,16 @@ +Returns the agentless Web-Application and API Security (WAAS) audit events data in CSV format. + +**Note:** These are based on violations of WAAS policies defined under **Defend > WAAS > Agentless > Agentless WAAS Policy**. + +### cURL Request + +Refer to the following example cURL command that retrieves all agentless WAAS audit events: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: text/csv' \ + -X GET \ + -o \ + "https:///api/v/audits/firewall/app/agentless/download" +``` \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/audits/waas_agentless_get.md b/openapi-specs/compute/33-02/desc/audits/waas_agentless_get.md new file mode 100644 index 000000000..ad40ae497 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/audits/waas_agentless_get.md @@ -0,0 +1,44 @@ +Retrieves all agentless Web-Application and API Security (WAAS) audit events. + +**Note:** These are based on violations of WAAS policies defined under **Defend > WAAS > Agentless > Agentless WAAS Policy**. + +### cURL Request + +Refer to the following example cURL command that retrieves all agentless WAAS audit events: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/audits/firewall/app/agentless" +``` + +### cURL Response + +``` +{ + "_id": "", + "time": "0001-01-01T00:00:00Z", + "hostname": "", + "fqdn": "", + "effect": "", + "ruleName": "", + "ruleAppID": "", + "msg": "", + "host": false, + "containerName": "", + "containerId": "", + "imageName": "", + "appID": "", + "type": "customRule", + "count": 60, + "url": "", + "subnet": "", + "requestHeaders": "", + "attackField": {}, + "eventID": "" +} + +``` + diff --git a/openapi-specs/compute/33-02/desc/audits/waas_agentless_timeslice_get.md b/openapi-specs/compute/33-02/desc/audits/waas_agentless_timeslice_get.md new file mode 100644 index 000000000..007c6dba3 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/audits/waas_agentless_timeslice_get.md @@ -0,0 +1,36 @@ +Retrieves all agentless Web-Application and API Security (WAAS) audit buckets based on a specified query time frame. + +**Note:** These are based on violations of WAAS policies defined under Defend > WAAS > Agentless > Agentless WAAS Policy. + +Use the following mandatory query parameters to fetch results: +* **from**: Specifies the start time in UTC standard of the time period for which the audit events are returned. +* **to**: Specifies the end time in UTC standard of the time period for which the audit events are returned. +* **buckets**: Specifies the number of buckets (buckets of audits based on aggregation logic) to return. Values in the range 1-100 are accepted. + +### cURL Request + +Refer to the following example cURL command that retrieves all host WAAS audit events: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/audits/firewall/app/agentless/timeslice?from=2022-11-15T15:23:57Z&to=2022-11-16T15:23:57Z&buckets=5" +``` + +### cURL Response + +``` +{ + "start": "2022-11-22T02:49:23.827Z", + "end": "2022-11-23T01:12:35.884Z", + "count": 69 +} + +``` + +**Response Parameters**: +* **start**: Specifies the start time of the bucket in date-time UTC format. +* **end**: Specifies the end time of the bucket in date-time UTC format. +* **count**: Specifies the number of audit occurrences. \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/audits/waas_app_embedded_download_get.md b/openapi-specs/compute/33-02/desc/audits/waas_app_embedded_download_get.md new file mode 100644 index 000000000..149c10376 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/audits/waas_app_embedded_download_get.md @@ -0,0 +1,15 @@ +Returns the app-embedded WAAS audit events data in CSV format for the specified query parameters. + +**Note:** These audit events relate to violations of WAAS policies defined under **Defend > WAAS > App-Embedded > App-Embedded WAAS Policy**. + +### cURL Request +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: text/csv' \ + -X GET \ + -o \ + "https:///api/v/audits/firewall/app/app-embedded/download" +``` diff --git a/openapi-specs/compute/33-02/desc/audits/waas_app_embedded_get.md b/openapi-specs/compute/33-02/desc/audits/waas_app_embedded_get.md new file mode 100644 index 000000000..400fa447d --- /dev/null +++ b/openapi-specs/compute/33-02/desc/audits/waas_app_embedded_get.md @@ -0,0 +1,84 @@ +Returns all app-embedded WAAS audit events for the specified query parameters. + +**Note:** These audit events relate to violations of WAAS policies defined under **Defend > WAAS > App-Embedded > App-Embedded WAAS Policy**. + +### cURL Request +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/audits/firewall/app/app-embedded" +``` +### cURL Response + +``` +{ + "_id": "636ab72055e55c25de4702c3", + "time": "2022-11-08T20:08:00Z", + "hostname": "waas-mock-service-testing:24edfabfc76140ae97485844b0d7579c", + "fqdn": "", + "effect": "alert", + "ruleName": "waas-mock-service-testing_22_11_384_fargate", + "ruleAppID": "hxrbsrky", + "msg": "Detected Local File Inclusion attack in request body, match ../, value ../../", + "host": true, + "containerName": "", + "containerId": "", + "imageName": "", + "appID": "waas-mock-service-testing:24edfabfc76140ae97485844b0d7579c", + "type": "lfi", + "count": 1, + "region": "us-east-1", + "version": "22.11.384", + "accountID": "496947949261", + "url": "34.239.179.111:2001/", + "userAgentHeader": "python-requests/2.27.1", + "method": "POST", + "urlPath": "/", + "subnet": "34.72.93.22", + "requestHeaders": "POST / HTTP/1.1\r\nHost: 34.239.179.111:2001\r\nAccept: */*\r\nAccept-Encoding: gzip, deflate\r\nConnection: keep-alive\r\nContent-Length: 6\r\nUser-Agent: python-requests/2.27.1\r\n", + "requestHost": "34.239.179.111:2001", + "requestHeaderNames": [ + "Accept", + "Accept-Encoding", + "Connection", + "Content-Length", + "User-Agent" + ], + "responseHeaderNames": [ + "Content-Length", + "Content-Type", + "Date", + "Server" + ], + "statusCode": 404, + "collections": [ + "All", + "waas_collection_fargate_waas-mock-service-testing_22_11_384_zxo" + ], + "resource": { + "appIDs": [ + "waas-mock-service-testing:24edfabfc76140ae97485844b0d7579c" + ], + "accountIDs": [ + "496947949261" + ] + }, + "cluster": "automation-fargate-test", + "attackTechniques": [ + "exploitPublicFacingApplication", + "applicationExploitRCE" + ], + "protection": "firewall", + "attackField": { + "value": "../../", + "type": "rawBody" + }, + "eventID": "8513bd5f-3091-06cf-b856-4d007f11443d", + "provider": "aws" + } + +``` diff --git a/openapi-specs/compute/33-02/desc/audits/waas_app_embedded_timeslice_get.md b/openapi-specs/compute/33-02/desc/audits/waas_app_embedded_timeslice_get.md new file mode 100644 index 000000000..79a60038e --- /dev/null +++ b/openapi-specs/compute/33-02/desc/audits/waas_app_embedded_timeslice_get.md @@ -0,0 +1,34 @@ +Returns the app-embedded WAAS audit buckets based on the query time frame. +Use the UTC time of an audit event to query for a time frame. + +**Note:** These audit events relate to violations of WAAS policies defined under **Defend > WAAS > App-Embedded > App-Embedded WAAS Policy**. + +Use the following mandatory query parameters to fetch results: +* **from**: Specifies the start time in UTC standard of the time period for which the audit events are returned. +* **to**: Specifies the end time in UTC standard of the time period for which the audit events are returned. +* **buckets**: Specifies the number of buckets (buckets of audits based on aggregation logic) to return. Values in the range 1-100 are accepted. + +### cURL Request +Refer to the following example cURL command that retrieves the app-embedded WAAS audit buckets of five between 15 Nov. 2022 (15h:23m:57s) and 16 Nov. 2022 (15h:23m:57s): + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/audits/firewall/app/app-embedded/timeslice?from=2022-11-15T15:23:57Z&to=2022-11-16T15:23:57Z&buckets=5" +``` +### cURL Response + +``` +{ + "start":"2022-11-12T20:11:57Z", + "end":"2022-11-13T10:35:57Z", + "count":44 +} + +``` +**Response Parameters**: +* **start**: Specifies the start time of the bucket in date-time UTC format. +* **end**: Specifies the end time of the bucket in date-time UTC format. +* **count**: Specifies the number of audit occurrences. \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/audits/waas_container_download_get.md b/openapi-specs/compute/33-02/desc/audits/waas_container_download_get.md new file mode 100644 index 000000000..9a5e04fad --- /dev/null +++ b/openapi-specs/compute/33-02/desc/audits/waas_container_download_get.md @@ -0,0 +1,15 @@ +Returns the container Web-Application and API Security (WAAS) audit events data in CSV format. + +**Note:** These audit events relate to violations of WAAS policies defined under **Defend > WAAS > Container > Container WAAS Policy**. + +### cURL Request +Refer to the following example cURL command that downloads the WAAS container audit events: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: text/csv' \ + -X GET \ + -o \ + "https:///api/v/audits/firewall/app/container/download" +``` diff --git a/openapi-specs/compute/33-02/desc/audits/waas_container_get.md b/openapi-specs/compute/33-02/desc/audits/waas_container_get.md new file mode 100644 index 000000000..ac0df80fd --- /dev/null +++ b/openapi-specs/compute/33-02/desc/audits/waas_container_get.md @@ -0,0 +1,98 @@ +Retrieves all container Web-Application and API Security (WAAS) audits. + +**Note:** These audit events relate to violations of WAAS policies defined under **Defend > WAAS > Container > Container WAAS Policy**. + +### cURL Request +Refer to the following example cURL command that retrieves all container WAAS audit events: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/audits/firewall/app/container" + +``` + +### cURL Response +``` +{ + "_id": "636aa20ca5eab1d485abc519", + "profileId": "sha256:a9301dac5a66b3f54a324b9ee737c64a1cc68d2186d8082df82755fb6d551a06_waas_k8s-v1-23-13-docker-20-10-21-kube-ssugandh-2b19f07bd1e31534", + "time": "2022-11-08T18:38:04Z", + "hostname": "kube-ssugandh-2b19f07bd1e31534-k8s-worker-1", + "fqdn": "", + "effect": "alert", + "ruleName": "k8s-7878_384_kubernetes", + "ruleAppID": "zhdmrlnr", + "msg": "Detected Local File Inclusion attack in request body, match ../, value ../../", + "host": false, + "containerName": "/k8s_mock-web-service-36666_mock-web-service-32001_waas_52d3dccd-44b4-48fa-b149-60835b47c614_0", + "containerId": "22c03ede91779978eb664c03189e3b69432e754b984dd9be203e7567fc6461ba", + "imageName": "doctwistlock/waas-mock-service:latest", + "appID": "", + "type": "lfi", + "count": 1, + "region": "us-central1-a", + "version": "22.11.384", + "accountID": "twistlock-test-247119", + "url": "10.180.31.40:32001/", + "userAgentHeader": "python-requests/2.27.1", + "method": "POST", + "urlPath": "/", + "subnet": "10.180.31.40", + "requestHeaders": "POST / HTTP/1.1\r\nHost: 10.180.31.40:32001\r\nAccept: */*\r\nAccept-Encoding: gzip, deflate\r\nConnection: keep-alive\r\nContent-Length: 6\r\nUser-Agent: python-requests/2.27.1\r\n", + "requestHost": "10.180.31.40:32001", + "requestHeaderNames": [ + "Accept", + "Accept-Encoding", + "Connection", + "Content-Length", + "User-Agent" + ], + "responseHeaderNames": [ + "Content-Length", + "Content-Type", + "Date", + "Server" + ], + "statusCode": 404, + "collections": [ + "All", + "Prisma Cloud resources" + ], + "os": "Ubuntu 20.04.5 LTS", + "ns": [ + "waas" + ], + "resource": { + "images": [ + "doctwistlock/waas-mock-service:latest" + ], + "namespaces": [ + "waas" + ], + "accountIDs": [ + "twistlock-test-247119" + ] + }, + "cluster": "k8s-v1-23-13-docker-20-10-21-kube-ssugandh-2b19f07bd1e31534", + "attackTechniques": [ + "exploitPublicFacingApplication", + "applicationExploitRCE" + ], + "protection": "firewall", + "attackField": { + "value": "../../", + "type": "rawBody" + }, + "eventID": "dc2fb804-27b1-40f4-6b73-ae54783c548a", + "provider": "gcp" + }, + ... + ... + ... + +} + +``` diff --git a/openapi-specs/compute/33-02/desc/audits/waas_container_timeslice_get.md b/openapi-specs/compute/33-02/desc/audits/waas_container_timeslice_get.md new file mode 100644 index 000000000..a56b4c48f --- /dev/null +++ b/openapi-specs/compute/33-02/desc/audits/waas_container_timeslice_get.md @@ -0,0 +1,34 @@ +Retrieves all container Web-Application and API Security (WAAS) audit events for a specific time frame. + +**Note:** These audit events relate to violations of WAAS policies defined under **Defend > WAAS > Container > Container WAAS Policy**. + +Use the following mandatory query parameters to fetch results: +* **from**: Specifies the start time in UTC standard of the time period for which the audit events are returned. +* **to**: Specifies the end time in UTC standard of the time period for which the audit events are returned. +* **buckets**: Specifies the number of buckets (buckets of audits based on aggregation logic) to return. Values in the range 1-100 are accepted. + +### cURL Request +Refer to the following example cURL command that retrieves the container WAAS audit buckets of five between 15 Nov. 2022 (15h:23m:57s) and 16 Nov. 2022 (15h:23m:57s):: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/audits/firewall/app/container/timeslice?from=2022-11-15T15:23:57Z&to=2022-11-16T15:23:57Z&buckets=5" + +``` + +### cURL Response +``` +{ + "start": "2022-11-16T10:35:57Z", + "end": "2022-11-16T15:23:57Z", + "count": 46 +} + +``` +Response Parameters: +* **start**: Specifies the start time of the bucket in date-time UTC format. +* **end**: Specifies the end time of the bucket in date-time UTC format. +* **count**: Specifies the number of audit occurrences. \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/audits/waas_host_download_get.md b/openapi-specs/compute/33-02/desc/audits/waas_host_download_get.md new file mode 100644 index 000000000..4bc66202b --- /dev/null +++ b/openapi-specs/compute/33-02/desc/audits/waas_host_download_get.md @@ -0,0 +1,16 @@ +Returns the host Web-Application and API Security (WAAS) audit events data in CSV format. + +**Note:** These audit events relate to violations of WAAS policies defined under **Defend > WAAS > Host > Host WAAS Policy**. + +### cURL Request + +Refer to the following example cURL command that downloads the host WAAS audit events: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: text/csv' \ + -X GET \ + -o \ + "https://console:8083/api/v/audits/firewall/app/host/download" +``` \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/audits/waas_host_get.md b/openapi-specs/compute/33-02/desc/audits/waas_host_get.md new file mode 100644 index 000000000..14c967594 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/audits/waas_host_get.md @@ -0,0 +1,89 @@ +Retrieves all host Web-Application and API Security (WAAS) audit events. + +**Note:** These are based on violations of WAAS policies defined under **Defend > WAAS > Host > Host WAAS Policy**. + +### cURL Request + +Refer to the following example cURL command that retrieves all host WAAS audit events: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/audits/firewall/app/host" +``` + +### cURL Response + +``` +{ + "_id": "636ab7190487e34d5461a141", + "profileId": "jen-rhe7-0811t164940-host-def-pre-lngcon230.c.twistlock-test-247119.internal", + "time": "2022-11-08T20:07:53Z", + "hostname": "jen-rhe7-0811t164940-host-def-pre-lngcon230.c.twistlock-test-247119.internal", + "fqdn": "", + "effect": "alert", + "ruleName": "rhe7-host_22_11_384_host", + "ruleAppID": "cggseacq", + "msg": "Detected Local File Inclusion attack in request body, match ../, value ../../", + "host": true, + "containerName": "", + "containerId": "", + "imageName": "", + "appID": "", + "type": "lfi", + "count": 1, + "region": "us-central1-a", + "version": "22.11.384", + "accountID": "twistlock-test-247119", + "url": "10.181.239.16:2001/", + "userAgentHeader": "python-requests/2.27.1", + "method": "POST", + "urlPath": "/", + "subnet": "10.180.30.249", + "requestHeaders": "POST / HTTP/1.1\r\nHost: 10.181.239.16:2001\r\nAccept: */*\r\nAccept-Encoding: gzip, deflate\r\nConnection: keep-alive\r\nContent-Length: 6\r\nUser-Agent: python-requests/2.27.1\r\n", + "requestHost": "10.181.239.16:2001", + "requestHeaderNames": [ + "Accept", + "Accept-Encoding", + "Connection", + "Content-Length", + "User-Agent" + ], + "responseHeaderNames": [ + "Content-Length", + "Content-Type", + "Date", + "Server" + ], + "statusCode": 404, + "collections": [ + "All", + "rhe7-host_mhm", + "compliance_rhe7_hhk", + "waas_collection_host_rhe7-host_22_11_384_hpx" + ], + "resource": { + "hosts": [ + "jen-rhe7-0811t164940-host-def-pre-lngcon230.c.twistlock-test-247119.internal" + ], + "accountIDs": [ + "twistlock-test-247119" + ] + }, + "attackTechniques": [ + "exploitPublicFacingApplication", + "applicationExploitRCE" + ], + "protection": "firewall", + "attackField": { + "value": "../../", + "type": "rawBody" + }, + "eventID": "306032c4-2175-6d95-7a2c-c9abacfc9cb6", + "provider": "gcp" + } + +``` + diff --git a/openapi-specs/compute/33-02/desc/audits/waas_host_timeslice_get.md b/openapi-specs/compute/33-02/desc/audits/waas_host_timeslice_get.md new file mode 100644 index 000000000..e28ed7b7a --- /dev/null +++ b/openapi-specs/compute/33-02/desc/audits/waas_host_timeslice_get.md @@ -0,0 +1,35 @@ +Retrieves all host Web-Application and API Security (WAAS) audit events. + +**Note:** These are based on violations of WAAS policies defined under **Defend > WAAS > Host > Host WAAS Policy**. + +Use the following mandatory query parameters to fetch results: +* **from**: Specifies the start time in UTC standard of the time period for which the audit events are returned. +* **to**: Specifies the end time in UTC standard of the time period for which the audit events are returned. +* **buckets**: Specifies the number of buckets (buckets of audits based on aggregation logic) to return. Values in the range 1-100 are accepted. + +### cURL Request + +Refer to the following example cURL command that retrieves host WAAS audit events for a specific time frame: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/audits/firewall/app/hosttimeslice?from=2022-11-15T15:23:57Z&to=2022-11-16T15:23:57Z&buckets=5" +``` + +### cURL Response + +``` +{ + "start": "2022-11-16T10:35:57Z", + "end": "2022-11-16T15:23:57Z", + "count": 46 +} + +``` +**Response Parameters**: +* **start**: Specifies the start time of the bucket in date-time UTC format. +* **end**: Specifies the end time of the bucket in date-time UTC format. +* **count**: Specifies the number of audit occurrences. diff --git a/openapi-specs/compute/33-02/desc/audits/waas_serverless_download_get.md b/openapi-specs/compute/33-02/desc/audits/waas_serverless_download_get.md new file mode 100644 index 000000000..da05504df --- /dev/null +++ b/openapi-specs/compute/33-02/desc/audits/waas_serverless_download_get.md @@ -0,0 +1,18 @@ +Returns the serverless function Web-Application and API Security (WAAS) audit events data in CSV format. + +**Note:** These are based on violations of WAAS policies defined under **Defend > WAAS > Serverless > Serverless WAAS Policy**. + +### cURL Request + +Refer to the following example cURL command that downloads the serverless WAAS audit events: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: text/csv' \ + -X GET \ + -o \ + "https:///api/v/audits/firewall/app/serverless/download" + +``` + diff --git a/openapi-specs/compute/33-02/desc/audits/waas_serverless_get.md b/openapi-specs/compute/33-02/desc/audits/waas_serverless_get.md new file mode 100644 index 000000000..fe482a3f3 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/audits/waas_serverless_get.md @@ -0,0 +1,44 @@ +Retrieves all serverless function Web-Application and API Security (WAAS) audit events. + +**Note:** These are based on violations of WAAS policies defined under **Defend > WAAS > Serverless > Serverless WAAS Policy**. + +### cURL Request + +Refer to the following example cURL command that retrieves all serverless WAAS audit events: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/audits/firewall/app/serverless" +``` + +### cURL Response + +``` +{ + "_id": "", + "time": "0001-01-01T00:00:00Z", + "hostname": "", + "fqdn": "", + "effect": "", + "ruleName": "", + "ruleAppID": "", + "msg": "", + "host": false, + "containerName": "", + "containerId": "", + "imageName": "", + "appID": "", + "type": "cmdi", + "count": 1, + "url": "", + "subnet": "", + "requestHeaders": "", + "attackField": {}, + "eventID": "" +} + +``` + diff --git a/openapi-specs/compute/33-02/desc/audits/waas_serverless_timeslice_get.md b/openapi-specs/compute/33-02/desc/audits/waas_serverless_timeslice_get.md new file mode 100644 index 000000000..ec9ff3df1 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/audits/waas_serverless_timeslice_get.md @@ -0,0 +1,35 @@ +Retrieves all serverless Web-Application and API Security (WAAS) audit buckets based on a specified query time frame in UTC. + +**Note:** These are based on violations of WAAS policies defined under **Defend > WAAS > Serverless > Serverless WAAS Policy**. + +Use the following mandatory query parameters to fetch results: +* **from**: Specifies the start time in UTC standard of the time period for which the audit events are returned. +* **to**: Specifies the end time in UTC standard of the time period for which the audit events are returned. +* **buckets**: Specifies the number of buckets (buckets of audits based on aggregation logic) to return. Values in the range 1-100 are accepted. + +### cURL Request + +Refer to the following example cURL command that retrieves the serverless WAAS audit events for a : + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/audits/firewall/app/serverless/timeslice?from=2022-11-15T15:23:57Z&to=2022-11-16T15:23:57Z&buckets=5" +``` + +### cURL Response + +``` +{ + "start": "2022-11-21T04:26:58.066Z", + "end": "2022-11-22T02:49:58.549Z", + "count": 1 +} + +``` +**Response Parameters**: +* **start**: Specifies the start time of the bucket in date-time UTC format. +* **end**: Specifies the start time of the bucket in date-time UTC format. +* **count**: Specifies the number of audit occurrences. diff --git a/openapi-specs/compute/33-02/desc/authenticate-client/authenticate-client.md b/openapi-specs/compute/33-02/desc/authenticate-client/authenticate-client.md new file mode 100644 index 000000000..cee2db629 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/authenticate-client/authenticate-client.md @@ -0,0 +1,8 @@ +Retrieves an access token using a client certificate. +Valid tokens are required to access the rest of the Prisma Cloud Compute API. +Use this endpoint if your organization has rolled out multi-factor authentication built on X.509 certificates. + +The API can also be accessed using basic auth. + +* For Prisma Cloud Enterprise Edition (SaaS), see [here](https://prisma.pan.dev/docs/cloud/cwpp/access-api-self-hosted). +* For Prisma Cloud Compute Edition (self-hosted), see [here](https://prisma.pan.dev/docs/cloud/cwpp/access-api-saas). diff --git a/openapi-specs/compute/33-02/desc/authenticate-client/post.md b/openapi-specs/compute/33-02/desc/authenticate-client/post.md new file mode 100644 index 000000000..bc493d04e --- /dev/null +++ b/openapi-specs/compute/33-02/desc/authenticate-client/post.md @@ -0,0 +1,26 @@ +Retrieves an access token using a client certificate. +This endpoint checks the supplied client certificate and authorizes the user based on the username in the certificate's CN or UPN field. + +**Note:** The certificate must be in PEM format, and the certificate file must consist of a client certificate concatenated together with a private key. + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -X POST \ + --cert \ + https:///api/v/authenticate-client +``` + +### Response + +Refer to the following example cURL response that returns the user's role and an access token that you can use for subsequent API calls: + +```bash +{ + "admin", + "" +} +``` diff --git a/openapi-specs/compute/33-02/desc/authenticate/authenticate.md b/openapi-specs/compute/33-02/desc/authenticate/authenticate.md new file mode 100644 index 000000000..42b5d3e34 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/authenticate/authenticate.md @@ -0,0 +1,4 @@ +Retrieves an access token using your credentials. +Valid tokens are required to access the rest of the Prisma Cloud Compute API. + +**Note:** The Prisma Cloud Compute API can also be accessed using [basic auth](https://docs.twistlock.com/docs/latest/api/access_api.html). diff --git a/openapi-specs/compute/33-02/desc/authenticate/post.md b/openapi-specs/compute/33-02/desc/authenticate/post.md new file mode 100644 index 000000000..cb018de64 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/authenticate/post.md @@ -0,0 +1,29 @@ +Retrieves an access token using your username and password. +By default, access tokens are valid for 30 minutes. +You can set the validity period in Console under **Manage > Authentication > Logon**. + +**Note:** The username and password values are case-sensitive. + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -H "Content-Type: application/json" \ + -X POST \ + -d \ +'{ + "username":"admin", + "password":"password" +}' \ + https:///api/v/authenticate +``` + +### Response + +Refer to the following successful example response that returns the access token for use in other API endpoints: + +```bash +{"token", "ACCESS_TOKEN_VALUE"} +``` diff --git a/openapi-specs/compute/33-02/desc/authenticate/renew_get.md b/openapi-specs/compute/33-02/desc/authenticate/renew_get.md new file mode 100644 index 000000000..6040d58e1 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/authenticate/renew_get.md @@ -0,0 +1,20 @@ +Renews an old (unexpired) access token and returns a new token. + +### cURL Request + +The following cURL command retrieves a new access token using an old access token. + +```bash +$ curl -k \ + -H "Authorization: Bearer " \ + https:///api/v1/authenticate/renew +``` + +### Response + +A successful response will return the following response containing the new access token. +This access token replaces the old access token. + +```bash +{"token", "ACCESS_TOKEN_VALUE"} +``` \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/backups/backups.md b/openapi-specs/compute/33-02/desc/backups/backups.md new file mode 100644 index 000000000..fbeae23cb --- /dev/null +++ b/openapi-specs/compute/33-02/desc/backups/backups.md @@ -0,0 +1 @@ +Manage backup files. diff --git a/openapi-specs/compute/33-02/desc/backups/id_patch.md b/openapi-specs/compute/33-02/desc/backups/id_patch.md new file mode 100644 index 000000000..13f4c416e --- /dev/null +++ b/openapi-specs/compute/33-02/desc/backups/id_patch.md @@ -0,0 +1 @@ +Renames the specified backup file. diff --git a/openapi-specs/compute/33-02/desc/certs/capem_get.md b/openapi-specs/compute/33-02/desc/certs/capem_get.md new file mode 100644 index 000000000..f0f0f1bf3 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/certs/capem_get.md @@ -0,0 +1,25 @@ +Retrieves the Base64-encoded SSL root certificate self-signed by primary certificate authority (CA) in PEM format. + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v1/certs/ca.pem" +``` + +### cURL Response + +``` +-----BEGIN CERTIFICATE----- +MIIDHDCCAgSgAwIBAgIQDBOoX575awe…iQ6j6Icf8NDANBgkqhkiG9w0BAQsFADAo +MRIwEAYDVQQKEwlUd2lzdGxvY2sxEjAQBgNVBAMTCVR3aXN0bG9jazAeFw0yMjEx +MDgxNjA1MDBaFw0yNTExMDrbXDQLhFyPXcFfNgNdEaH +EbVjIec/Frhk0TWIhDDphuwaIz2Qkuj/hIF1rtHhkMFXsYKsUGDcyGKJnEUxz9zR +S4hdrn5QhEh+m+CLzuv+WRV925WJ5rCKYeT9DIhXgEM= +-----END CERTIFICATE----- +``` \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/certs/certs.md b/openapi-specs/compute/33-02/desc/certs/certs.md new file mode 100644 index 000000000..807edd91d --- /dev/null +++ b/openapi-specs/compute/33-02/desc/certs/certs.md @@ -0,0 +1 @@ +Retrieve and manage the client and server certificates from the Prisma Cloud Compute. \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/certs/client-certs_get.md b/openapi-specs/compute/33-02/desc/certs/client-certs_get.md new file mode 100644 index 000000000..d099b3e3d --- /dev/null +++ b/openapi-specs/compute/33-02/desc/certs/client-certs_get.md @@ -0,0 +1,10 @@ +Downloads a script that installs a client certificate, client private key, and certificate authority certificate for the authenticated user. + +The following example curl command uses basic auth to download and run the install script for your client certs: + +```bash +$ curl -k \ + -u \ + -X GET \ + https://:8083/api/v1/certs/client-certs.sh | sh +``` diff --git a/openapi-specs/compute/33-02/desc/certs/server-certs_get.md b/openapi-specs/compute/33-02/desc/certs/server-certs_get.md new file mode 100644 index 000000000..0bb13f51d --- /dev/null +++ b/openapi-specs/compute/33-02/desc/certs/server-certs_get.md @@ -0,0 +1,62 @@ +Retrieves the server certificate bundle from Prisma Cloud Compute that contains a chain of certificates. + +* Certificate Authority (CA) certificate in PEM +* RSA Private Key for server in PEM +* Server certificate in PEM +* Defender CA certificate in PEM +* Defender RSA Private Key for client in PEM +* Defender client certificate in PEM + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -H 'Content-Type: application/json' \ + -u \ + -X GET \ + "https:///api/v1/certs/server-certs.sh" +``` +### cURL Response + +``` +#!/bin/sh +# Copy Certificate Authority +echo -n "-----BEGIN CERTIFICATE----- +MIIDHDCCAgSgAwIBAgIQDBOoX575aweiQ6j6I…hXgEM= +-----END CERTIFICATE----- +" > ca.pem +# Copy Server key +echo -n "-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: AES-256-CBC,a7a8cbceec7e97d51c04ce03f1b4c4dc +HwlxgvmGJw068VUEletmSSBjE54Q+8BGcWuYc…3PjIj2nuD4PTtOULiuLnAoONb0 +-----END RSA PRIVATE KEY----- +" > server-key.pem +# Copy Server Cert +echo -n "-----BEGIN CERTIFICATE----- +MIIDOjCCAiKgAwIBAgIRAOCRfG1Sot…5SY03wZf20LvAzrLTRLsIAbsivp0Ljmvt +drBPViPXgryvwhpnaxU= +-----END CERTIFICATE----- +" > server-cert.pem +# Copy the defender certificate authority +echo -n "-----BEGIN CERTIFICATE----- +MIIDHTCCAgWgAwIBAgIRAMAqTE7/cvmwb…xLx9lzxemN +-----END CERTIFICATE----- +" > defender-ca.pem +# Copy the defender client key +echo -n "-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: AES-256-CBC,ab1bca8bc354c0866cfc26fd946c70b5 + +x1nwAJw5sbjoSL7aUpO3rP8IkMz63X1dD…3k1SVZSph63rRvv6d5O +-----END RSA PRIVATE KEY----- +" > defender-client-key.pem +# Copy the defender client cert +echo -n "-----BEGIN CERTIFICATE----- +MIIDJzCCAg+gAwIBAgIQcb6VdD45Jbla…6kXfxAvSiLTs4mhC1wg68ZSDUQ== +-----END CERTIFICATE----- +" > defender-client-cert.pem + +``` \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/cloud/cloud.md b/openapi-specs/compute/33-02/desc/cloud/cloud.md new file mode 100644 index 000000000..4dfd5f087 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/cloud/cloud.md @@ -0,0 +1,2 @@ +Find all the cloud-native services being used in your AWS, Azure, and Google Cloud accounts. +Prisma Cloud Compute continuously monitors these accounts, detects when new services are added, and reports which services are unprotected. diff --git a/openapi-specs/compute/33-02/desc/cloud/compliance_download_get.md b/openapi-specs/compute/33-02/desc/cloud/compliance_download_get.md new file mode 100644 index 000000000..7b1ec9fea --- /dev/null +++ b/openapi-specs/compute/33-02/desc/cloud/compliance_download_get.md @@ -0,0 +1,11 @@ +Download all cloud scan data in CSV format. + + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: text/csv' \ + -X GET \ + -o cloud-compliance.csv \ + https://:8083/api/v1/cloud/compliance/download +``` diff --git a/openapi-specs/compute/33-02/desc/cloud/compliance_get.md b/openapi-specs/compute/33-02/desc/cloud/compliance_get.md new file mode 100644 index 000000000..48c2fe5bb --- /dev/null +++ b/openapi-specs/compute/33-02/desc/cloud/compliance_get.md @@ -0,0 +1,10 @@ +Returns a list of all cloud compliance scan results. + + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https://:8083/api/v1/cloud/compliance +``` diff --git a/openapi-specs/compute/33-02/desc/cloud/compliance_scan_post.md b/openapi-specs/compute/33-02/desc/cloud/compliance_scan_post.md new file mode 100644 index 000000000..7f87bf1f4 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/cloud/compliance_scan_post.md @@ -0,0 +1,10 @@ +Initiates a new cloud compliance scan. + + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + https://:8083/api/v1/cloud/compliance/scan +``` diff --git a/openapi-specs/compute/33-02/desc/cloud/compliance_stop_post.md b/openapi-specs/compute/33-02/desc/cloud/compliance_stop_post.md new file mode 100644 index 000000000..df0febb56 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/cloud/compliance_stop_post.md @@ -0,0 +1,10 @@ +Terminates a cloud compliance scan that's in progress.. + + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + https://:8083/api/v1/cloud/compliance/stop +``` diff --git a/openapi-specs/compute/33-02/desc/cloud/discovery_download_get.md b/openapi-specs/compute/33-02/desc/cloud/discovery_download_get.md new file mode 100644 index 000000000..44d60a113 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/cloud/discovery_download_get.md @@ -0,0 +1,14 @@ +Downloads all cloud scan data in a CSV file. + +### cURL Request + +Refer to the following cURL example command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: text/csv' \ + -X GET \ + -o cloud-discovery.csv \ + https://:8083/api/v/cloud/discovery/download +``` diff --git a/openapi-specs/compute/33-02/desc/cloud/discovery_entities_get.md b/openapi-specs/compute/33-02/desc/cloud/discovery_entities_get.md new file mode 100644 index 000000000..a7abbdfb6 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/cloud/discovery_entities_get.md @@ -0,0 +1,15 @@ +Returns a list of discovered cloud entities. + +Use this API endpoint along with the `GET, api/vVERSION/cloud/discovery` to get full information about the discovered cloud scan result. + +### cURL Request + +Refer to the following cURL example request: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/cloud/discovery/entities" +``` \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/cloud/discovery_get.md b/openapi-specs/compute/33-02/desc/cloud/discovery_get.md new file mode 100644 index 000000000..28025f140 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/cloud/discovery_get.md @@ -0,0 +1,16 @@ +Returns a list of all cloud discovery scan results in a paginated response. + +The `entities` object and the associated parameters in the response schema is now part of a new API endpoint `/api/v1/cloud/discovery/entities`. + +### cURL Request + +Refer to the following cURL example request: + + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/cloud/discovery" +``` diff --git a/openapi-specs/compute/33-02/desc/cloud/discovery_scan_post.md b/openapi-specs/compute/33-02/desc/cloud/discovery_scan_post.md new file mode 100644 index 000000000..51799ebdb --- /dev/null +++ b/openapi-specs/compute/33-02/desc/cloud/discovery_scan_post.md @@ -0,0 +1,13 @@ +Initiates a new cloud discovery scan. + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + https://:8083/api/v/cloud/discovery/scan +``` diff --git a/openapi-specs/compute/33-02/desc/cloud/discovery_stop_post.md b/openapi-specs/compute/33-02/desc/cloud/discovery_stop_post.md new file mode 100644 index 000000000..6a6c7a5a5 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/cloud/discovery_stop_post.md @@ -0,0 +1,13 @@ +Terminates a cloud discovery scan that's in progress. + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + https://:8083/api/v/cloud/discovery/stop +``` diff --git a/openapi-specs/compute/33-02/desc/cloud/discovery_vms_get.md b/openapi-specs/compute/33-02/desc/cloud/discovery_vms_get.md new file mode 100644 index 000000000..6766f4e5a --- /dev/null +++ b/openapi-specs/compute/33-02/desc/cloud/discovery_vms_get.md @@ -0,0 +1,13 @@ +Returns the discovered cloud VM instances. + +### cURL Request + +Refer to the following example cURL command that retrieves all the discovered cloud VM instances: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + 'https:///api/v/cloud/discovery/vms' +``` \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/coderepos-ci/post.md b/openapi-specs/compute/33-02/desc/coderepos-ci/post.md new file mode 100644 index 000000000..df608d743 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/coderepos-ci/post.md @@ -0,0 +1,4 @@ +Adds a CI code repository scan result. + +> _**Note:**_ The API rate limit for this endpoint is 30 requests per 30 seconds. +You get an HTTP error response 429 if the limit exceeds. diff --git a/openapi-specs/compute/33-02/desc/coderepos-ci/post_resolve.md b/openapi-specs/compute/33-02/desc/coderepos-ci/post_resolve.md new file mode 100644 index 000000000..493d25834 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/coderepos-ci/post_resolve.md @@ -0,0 +1 @@ +Adds vulnerability data for the given code repository scan result. diff --git a/openapi-specs/compute/33-02/desc/coderepos/coderepos.md b/openapi-specs/compute/33-02/desc/coderepos/coderepos.md new file mode 100644 index 000000000..edd573525 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/coderepos/coderepos.md @@ -0,0 +1 @@ +Scan reports for GitHub code repositories. diff --git a/openapi-specs/compute/33-02/desc/coderepos/download_get.md b/openapi-specs/compute/33-02/desc/coderepos/download_get.md new file mode 100644 index 000000000..4ec0197bb --- /dev/null +++ b/openapi-specs/compute/33-02/desc/coderepos/download_get.md @@ -0,0 +1,18 @@ +Downloads code repository scan reports in CSV format. + +This endpoint maps to the CSV hyperlink in **Monitor > Vulnerabilities > Code repositories** in the Console UI. + +### cURL Request + +The following cURL command generates a CSV file containing the reports: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v1/coderepos/download" \ + > coderepos.csv +``` + +A successful response displays the status of the download. diff --git a/openapi-specs/compute/33-02/desc/coderepos/get.md b/openapi-specs/compute/33-02/desc/coderepos/get.md new file mode 100644 index 000000000..54c4e99bf --- /dev/null +++ b/openapi-specs/compute/33-02/desc/coderepos/get.md @@ -0,0 +1,20 @@ +Retrieves all code repository scan reports. + +> _**Note:**_ The API rate limit for this endpoint is 30 requests per 30 seconds. +You get an HTTP error response 429 if the limit exceeds. + +This endpoint maps to the **Code repositories** table in **Monitor > Vulnerabilities > Code repositories** in the Console UI. + +### cURL Request + +The following cURL command retrieves all code repository scan reports. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https:///api/v1/coderepos \ +``` + +A successful response returns all code repository scan reports. diff --git a/openapi-specs/compute/33-02/desc/collections/collections.md b/openapi-specs/compute/33-02/desc/collections/collections.md new file mode 100644 index 000000000..ccc5d42d4 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/collections/collections.md @@ -0,0 +1,15 @@ +Collections are predefined filters that let you group related resources together. +Resources include things like containers, images, hosts, functions, and clusters. + +Use collections to scope policy rules and segment data/views in the Console UI and the Prisma Cloud API. + + +### Endpoints with a `{id}` URL Parameter + +Some `/collections` endpoints take a URL parameter called `{id}`. +The value for `{id}` should be a collection name. +You can retrieve collection names from the `GET /api/v1/collections` endpoint. +Each collection object in the response has a key called `name`, which can be used for `{id}`. + +**Note:** Spaces are considered [unsafe characters in a URL](https://www.ietf.org/rfc/rfc1738.txt). +If your collection name has a space, encode the space with the value `%20` before passing it as a URL parameter. diff --git a/openapi-specs/compute/33-02/desc/collections/get.md b/openapi-specs/compute/33-02/desc/collections/get.md new file mode 100755 index 000000000..99120d17d --- /dev/null +++ b/openapi-specs/compute/33-02/desc/collections/get.md @@ -0,0 +1,15 @@ +Retrieves a list of all collections. + +This endpoint maps to the table in **Manage > Collections and Tags > Collections** in the Console UI. + +### cURL Request + +Refer to the following example cURL command that returns a list of collections: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + 'https:///api/v/collections' +``` diff --git a/openapi-specs/compute/33-02/desc/collections/name_delete.md b/openapi-specs/compute/33-02/desc/collections/name_delete.md new file mode 100755 index 000000000..3e2debd01 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/collections/name_delete.md @@ -0,0 +1,22 @@ +Deletes a collection. + +To invoke this endpoint in the Console UI: + +1. Navigate to **Manage > Collections and Tags > Collections**. +2. Click the dotted icon under the **Actions** column to open up the menu options. **Note:** The default collections do not have a dotted icon in the **Actions** column. +3. Click the **Delete** button to initiate the deletion. +4. Click the **Delete Collection** button to confirm the deletion. + +### cURL Request + +Refer to the following example cURL command that deletes a collection with the name `my-collection`: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X DELETE \ + 'https:///api/v/collections/my-collection' +``` + +**Note:** No response will be returned upon successful execution. diff --git a/openapi-specs/compute/33-02/desc/collections/name_put.md b/openapi-specs/compute/33-02/desc/collections/name_put.md new file mode 100644 index 000000000..b843a4b59 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/collections/name_put.md @@ -0,0 +1,64 @@ +Updates the parameters for a specific collection. + +To invoke this endpoint in the Console UI: + +1. Navigate to **Manage > Collections and Tags > Collections**. +2. Click the dotted icon under the **Actions** column to open up the menu options. **Note:** The default collections do not have a dotted icon in the **Actions** column. Use the **Manage** cog icon to open the update window. +3. Click the **Manage** button and update the collection's parameters. +4. Click the **Save** button to save the changes. + +### cURL Request + +The PUT cURL command updates a collection. + +**To submit a cURL request:** + +* The `name` value is required. +* If `description` is not included in the request, the value will be defaulted to an empty string. +* If `color` is not included in the request, the system will set the color to a random value. +* If one of the following resources is left unspecified, the resource value will be set to a wildcard `[*]`: `hosts`, `images`, `labels`, `containers`, `functions`, `namespaces`, `appIDs`, `accountIDs`, `codeRepos`, `clusters` + +#### Example cURL Request + +This existing collection `my-collection` captures all container images named `ubuntu:18.04`. + +```json +{ + "hosts":["*"], + "images":["ubuntu:18.04"], + "labels":["*"], + "containers":["*"], + "functions":["*"], + "namespaces":["*"], + "appIDs":["*"], + "accountIDs":["*"], + "codeRepos":["*"], + "clusters":["*"], + "name":"my-collection", + "owner":"", + "modified":"2021-01-01T21:04:30.417Z", + "color":"#AD3C21", + "system":"false" +} +``` + +The following cURL command updates `my-collection` to captures all container images named `ubuntu:20.04`. + +**Note:** You can retrieve collection names from the `GET /api/v/collections` endpoint using the `name` key. + +Refer to the following example cURL command: + +```bash +$ curl 'https:///api/v/collections/my-collection' \ + -k \ + -X PUT \ + -u \ + -H 'Content-Type: application/json' \ + -d \ +'{ + "name":"my-collection", + "images":["ubuntu:20.04"] +}' +``` + +**Note:** No response will be returned upon successful execution. diff --git a/openapi-specs/compute/33-02/desc/collections/name_usages_get.md b/openapi-specs/compute/33-02/desc/collections/name_usages_get.md new file mode 100755 index 000000000..5c9c40424 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/collections/name_usages_get.md @@ -0,0 +1,20 @@ +Retrieves all policies that uses a specified collection. + +To invoke this endpoint in the Console UI: + +1. Navigate to **Manage > Collections and Tags > Collections**. +2. Click the dotted icon under the **Actions** column to open up the menu options. **Note:** The default collections do not have a dotted icon in the **Actions** column. Use the **Manage** cog icon to open the update window. +3. Click the **Manage** button. +4. The **Usages** table displays the collection's usages. + +### cURL Request + +Refer to the following example cURL command that retrieves all policies with name `my-collection`: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + 'https:///api/v/collections/my-collection/usages' +``` diff --git a/openapi-specs/compute/33-02/desc/collections/post.md b/openapi-specs/compute/33-02/desc/collections/post.md new file mode 100755 index 000000000..168c73970 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/collections/post.md @@ -0,0 +1,39 @@ +Creates a new collection. Only the `name` field is required; the other fields are optional. The `name` field can contain the characters: 'A-Z', 'a-z', '0-9', '_', '-', and ':'. Optional fields for which you do not specify a value are set to the '*' wildcard. + +If you don't provide a value for the `name` field and try to use the collection, you'll get an empty resource error. + +To invoke this endpoint in the Console UI: + +1. Navigate to **Manage > Collections and Tags > Collections**. +2. Add a collection using **+ Add collection**. +3. Click the **Save** button. + +### cURL Request + +Refer to the following example cURL command that creates a new collection named `my-collection`, specifies a HEX color value of #AD3C21, and captures all container images named `ubuntu:18.04`: + +```bash +$ curl 'https://:8083/api/v/collections' \ + -k \ + -X POST \ + -u \ + -H 'Content-Type: application/json' \ + -d \ +'{ + "name":"my-collection", + "images":["ubuntu:18.04"], + "hosts":["*"], + "labels":["*"], + "containers":["*"], + "functions":["*"], + "namespaces":["*"], + "appIDs":["*"], + "accountIDs":["*"], + "codeRepos":["*"], + "clusters":["*"], + "color":"#AD3C21" +}' +``` +**Note:** No response is returned upon successful execution. You must verify the collection in the Console UI. + + diff --git a/openapi-specs/compute/33-02/desc/console_saas.png b/openapi-specs/compute/33-02/desc/console_saas.png new file mode 100644 index 0000000000000000000000000000000000000000..8e6ba2d91741797609570f0da758e291d0f7abaa GIT binary patch literal 350829 zcmbSy1yq!6yDlOKf`FiaG?F@$bPpg6(%s$N-O>Wm-AH#gh#=iDbax6v=Xv?Qz4!m` zb@thQ9@m<+#(C>`pS!N>x^IG|C52ItaFJkOU{FLw1Y}`gka}QX;PDZk0l&m(2Y!Zu zc_D1V&o3>?&rd9EYh`F+ZU6%#5*(|9pe)ymm8K>uYV3n3^1LOOL?j;LV<<7PLOFUA z@5f;Jw?Wg9g76Sp5^a7Z!Pgqd#AaQZSY3-mSn@Fr725n85=h&-7mGKGSFH^f!-;nH zats%XI575wF0v-5g~+_6WKvkzgaf$AQGF!b&k*0d*lx#ob8>0>o|A%L2gka za7wzg{#}D-+Cy0u<;%V+7~+bTdC2Rx>OmJzys@F*D!E{S7NxDYnWYLl*WR*x{SNmw z4rG&yi%n(Ih^v%ujZ*ch7_Bdmwj(X4v5+8D>%RF4z5o{(GljaWEJuAk5|+A_o{Fm zU!@%mrpYtOWaQ|kXa|wQ$1hvsHakuCZ3;h7su$GxPRpkel^u6IJz4gZhpvr|HBZAi zq&d4{S;-f35H-UHJV8Z#LY?7FO7Q8K3h(^vO!B zvozwpuL$D$Q_t^(DsOuNuj!tuo=w8*=Nm#52xpd`cQz1XthX;A#m4Ist7166U|vnn zg6fpATff`#oT|vA5X+W1g;v^M(*$RBzSM=I|FRvFy!@n|h!DPv&$@nPv0lonc4_~) z6r#oFz|Ur%9Xm=yS4n2j&dS@3M^H&Wo0v*Iv>MK%R=O^Kujg40oM(H*`h@lp@l9|T zLdP_rbpNP+Y4N@Aq1VJO4G6R2Yb7Kx9D(OqY`5D52RR4y?OFRf7X-3fN#GHsq4t4@ zWA-HnRhXkl9#viB@|J0n{Wp$SoI%X6SdMUJ9kkkkG0xhU+=?Yx_r^Ab?v-yNF7uqZ zBt98XZj?Hdrk18p+PQSVZrq?-Q;6sFb|z+VVd1r2`BRsE=CMcYADkS-gxPQsxJz>V zA@4!-aZfwwUwpuh@n$H0T?`wm%{>iQ z>yxUDW(R)2^(N#W&W4OQp2E-iJ^6&JryG}mycuRw{)QT} zzg>Tty7)C!w`sX+G0y$4Qn_O>@=eeyn`c8E8p}xG?XPUWVEA-@x(=#i3+Jbvux-9P z?M=sJa2(%bmOuR>w|=hoJn?hEXN-^RI>Ou~&N0(M?gIO7BSn6a8Ab8D59lP_h!hhs6X6sQ7Ks-n$U)Pmsf3>i!xxey7w-{V zw>@z@(K#_Vk+Y=}jMo)E{?;iC7h@7b9y1tY*e584@GZVjxF+vf?p40ZM8gD5~Pv^RikP`V~?Dj@f2hHS?46*+JxFz#~8=Z^8m@bxlzCE zf>W+*U00erwma~h9}B-*K8uoC2De(1SQFn(<+(UPNO%dVno*WyrewpAW@;#hM&oM@ zPK|I{DW^Eg*uy6ac#YhyFIrYy>0KLKLr-h>QYYPVrN-*U(I&CCvG=UTcuF6FeCUgD z@SmmAM^q%*M2+h3GL^F~B&Zvr+C8^J zgK|K}iL3bb`8xQJ5hl?ZxwczIwX=yyGi3@!X|v6Q(!Z$u%=|g?v;PZT*iqs#g(QXE zr`)7sMs|}i=4tKnCGGp=vF~ormRJNOQa`PI%1gFnXwjb4Gql9Aq+nLlbDS^kPcb3X zPcvv8yDfLgga1L&{?WW*Y&EFMF79pUV4sdcxny}GjRXxTHD(+hjT((x$$kk&Nl3Ay z%0gAHs+*dTa#^)y#bIqlIgSP6kKCcnTAHq@IYs@Z+4JfHH%_-E{iZ9&FvsEju>FQ} z|8s|PCxUHMA5=MfQ~Xj641yMdDgp?HrtQa6t`q@D1xf5w86zp93aIKs=M7Iup;QvG}9P{U56#<@XDCV zOv~^VpDk7_hBgmhzI6BXFucJ(z1rT}N#1JezOdrKZZmH?@EjJJjd&eC&vg>n7Rxj2 zmF?vQLq$xZ&ClzWVL(h*PVr0UtHW1fWAPEWT2ju?7QZ`&X=Y`tW}Zv#?s&#%J0>{f z=V9I-{?Ki3k*wTKX(ri4PpEC zJ~k#PrjfkHNPW9rVU6Rb+ZQ?M4UsM8w3vLZUavkdNq3=d z#?_SKU~S=ONgiG)+iZIY_goQ)!~ecxqazRJ9;cr%&EVRov}gY{d`O?5hHiMh>@A3j z#LQ#rWP zI2XCJC-dc6(roWMWw?6Kddm79J}{f?F2c6JihlPuksQa8bW?q!csXb9&f(?S|Dqqq z&WJ0aH?6@2i-F2RvEO`ermKo`^YicwOFRdw+hMw3sbGKT;*fY6MBQAGEAMiYZl!G^ z);PXL%yQr&xy|!QD{pg#L*`8fGjdxTlGt!;LtJdUhi0di{UKzfP4RZNj!n;I4`Y~o zFAgJKEKXAktKNLhwq?V=pQz+bOO_6~nZZt9T@ghIhZ;D`{myjPv}^Y~BtImVnZ+!w z^h*7GVY4EpdQH)6wX4qAO^t6&JOsX^NXx3W)%-3GWfg^$HNeU|zoO{_i&M|AMsMfJ*=bYTZI5n%(uKSW8-Z5a`ywIs&sXnx! z$eeY$Wcu#*qI#+9D0qIn65?ic2cGkoyurB<$NL&!g0c{n_47P8Cb#x!HflA~4fD~1 z-ZqgMnkr#2hrY9Mug>nu>JJZLq=-}eSi%F2IG25y{+u|@?ry?1SKWc&spv?`;S?lJ zhg+tb(@4g9Bh<7rZnx!>i-w=jv@JYZXZ7iayzcZHHEuOLT2~G8#&x@b1`GYUm42W2 z2#x0rw!5H<-7B+E$ZRR4W}A!NZPD!bEjC-I}5MXEL{*S1Zq z@Q2yS!x_(Qz8*hhv^Andmrk$K)r#BWt?*UKQ_2k~nzSjfottAhV=;6LYBS8KDWY}i z7<>EeLg`FAF#hHq_4?-H#q?pgQl*kd8FmZ3XVuw3P#q0-1^30$M(du3*7f(xAGHyS zL{eU2_ovlPyGCPMA#~wdNo_)&Epzd65Xy~S=fV=0X9!7=PullNU`FI%wA;Di98#`R z@-PHESQOs=N-w{r&c~2~*oU%q{IWoViKaC`(8a^IO>(5Hr&<(S9HS zBM}o5bJ^+}a>xn@{m13N|F}tv?d`2O=;)lBoM@dGX{~IH=;+zm+37wo&@nL30B6wH zxmeokIMZ0#k^X&?|GbZYft{YMiM73nl_l}xeRXuL9PGJCNFE>bU;qAIr-8G{zn)}i z_aCnXydd4<5juL>4|M<2W%ee9|BuTakNkbvU+?wz6=t@{==dOB!*t zr;DMdsIXb@GKk+f%DfIsZ@GwDFQeBgBo~sH5E;N0H?Qys%JR<0A{Gph6>znJ71!eE zcxX1-TuhxwZFMpQ$Y zuph{UhT%rI$+AmAL+c@H3zCoBH(%15BpfuUby);K_RYC>Yq($Ip9Q!OVvDk#t;b%iv*Ktg`Vi& zZzUm_*E`y2T#+vXuhUKs3HVSn7pMabLX=KDc1NZcXyit0@bY|ixi_=aj7Ra5&FHH(5Hge6f@O+eE(=~{%aq6}KGAeSPjz@QBs?;jsqDVd`jyjWBr~Cu&fq@Ib_$Bz2Sr;!|v6~KQ z1DDXT^aD|`NYYumt2Xx=*nNb^bH60+09+yPaUu6^tQ7LzYv{Kdg(^d}iaoJ{%|f>G z0i>~Nq1xg(7kLV5Ze79h+GbJ67x*iWwG6G*OV91lX?2a}I$$V4LVk|dAtDaR_a^90t z=r&!4_}wU~w#Da{Bt5e|_Mm*3$ZSISlr{Bay%FY}?_A5T2K=tj|J#R@aZA{8 z%~El~w3&5bbSt0Ew-_vR7vGwlyJt6rs7w_*9JPd6NIYn&-#<$ryb(N%*3;^TYojPw zbAQ6pRzjQK99`PIF&Ccn;>{oV9I9L`F@u+(~fagiu zP~PzU@|3Qy#H-@GJV($vReXs5o(u`Rd#jf!QgJSuP6%>keoz3#)3hN6;TNq=dw{~3AFc!{ zz@>bV`h&G=F?DB2t|_;37o=Y&7ZCmaWvt(4cU~RXR>aCu#3}R#n-^GZ-=7lt=<;qp zh5B4A2l2BLMl)a*D%%u!24)fa7Q4(BzEiA2)^lx>ZJ@qdP{GVm88laETFbw6$qL4I z8;SoeltH7eDOi)LF{*X0%LCk#XhXaO*Q z^)gOAQC;hU;mQz5Jtt=}b0allqg&2bY|CftDYHx8F(+$8xavR=VlI}HA}#p9z#1sq z2|ilMx7r>MDUe@;-DcT{QSu^{?tj*cA2ot_?6T+ zRovwNpHmlF6<@8hDu(^2c?*NqX5P=ry{yA_IcZspHiZCe&+-x)>cOmWXW^!cj$lda zR>0j3c7rJkW#vA&O~kQ;G>Sl(&o)d%@j=d}I9e*=T=fFi%Vp_sZQ@A0EU^gk|79qu zYq_hiB&mQ`*CMXQwBXUGE(9LG?<+EwJ-0gdk5F#Sb$JfXeCIy)bPLj3=otTu)3XOF(bOj61_khUjfPIMQ# zsAJ(fI5VdQzixW?MSlhDgpJ&{8e)pn?@yBVXf-8Mp|Kjka@wtc!0#lLIaom7bpK(h zC;2PY(}&BfTy}ASZBQYvY|5;JX}#`w^tjEZd*AC&?fHRh1pu5z)NsOCDo(GuC>)gYCplTH6Jr6|a4Y)G1hEXp%jP`|U4S2y%T(?sFWyJOx(vEJmf@UYXuVF?e_%ep|{>{N2a zgF;*tvmqJMUa%!e@BLb`-^s!?X)93t-XFTXxH(CFjoE*06-ka#cu94v&?WU}X^hyL zS22`DT*0PsF6m9MWFX=+*HEybMqP=7uopw+rw|C}|@-6=l z(?+<_W6@D8%zop(ioX>3NOIhDg@uiup*iPYMqgz}A)I%Q+biRd4`ak@&&r5G#9 zmOFc{$Xr?ceygo4vL4wmnvS73dHD5&NCnHnC(f3#D!RJj9!!mWm|su-39I>6jSS*# zN7R2R2$o#u5r)Is&9CuqJeuI=0O*Y%1at349qlw=K(UK^YwbN-mAjQ6w)zj23N?jT zQ%NBj9#u>D3pY=8uGN|6K1;pcd-Y=%MXk?EtE&Q%?ktZhe>~ayrzYcitUP#$k_K#` z)p5TN+Y~d*131lS!hxsY?_3E)|NSG@ecPkOqZHR>7r#GOt=we9JbIqL04>n=xbRqD z=DCy7;v^V=P6gxRS+~hd>e;FdliGenNlqpDBgp5?`x;h-X4alQ3LnY?xiuv$y@Ol+ zeyiXY+s;~Tx~Cr)B5(Ox=AlC_2URpB@`#eMn_!AG-{;ge);7Kcqc zGkr=qR?+;nd~?~dxu0+@qEl08t}9$>zz^L7I3+LtC=ImRe9HI~rt0vp9HC+KAwNT? z%PPD);6M4Yq1@?FD3Cz;-S>2c3soxZdX=Iya#Pl)%nSs|DXg19^hz!#>7tmO@NJ6i z+P;YLR17`AnYC=Qx3ZoH(IJpAf2TtYtD=$pXXOwH5l-MM%IhB-Bp<@RXX!Y%`#H!G z;~M>yDUXW-88)cI&!+N3Ck?rCWbdYAGllryt7TS(-Csk$bC2aHx)dlKm#0V{lvfuy zD1&0@NCExlFc7g4{=s?W#UDBKDB>F*b0d%RDtt~uR7p6M(v|P-kMJ_#Zam0)25kmS zuA0b`ZB;_)1>ULe27OmPdU$S zJf$-@XVXQS5Bi6}_{-ZHy@#Vr6fz5|6+g)Qh>X$B5thL1o;{ukA$QVSIDeR=o%!0a z`KB;?3*Sf%qIdaoM4_fjLp#tT=y?)|1|qcSO^6?16R9za_dB5gMpcD=E zF+?c~SL+p`G_qXym5QQmK1tUm1n&OdKWO|gf8^mXa9qSdg>l{WYj!YXmhN!^_{K^|{=vE*0@o)v`E#@;+-U&g zhO`k~=3yZGS-HuWe!P3CNF+YW2ybLO>HQia_NJiEWyD`xpUjB+^-ZEA{2zIlw|6?g znamaAB7Z&$TC9Imd8pCb5WoI)$8tj1N}^v@ul{V6?NpD&r#t*gE9wxt*A@kh^G5=j zB3VBmN0bx3cyjKyeuSXOJzIeAM-lhv2WS0D^FfK~H%3CsW}RnPkW!H$3||DUl%DZN zCqDOEJwkBQ+dz2KYA{I4E#_Eo=yg9gUu`DaUjACafcgdeQ^7~`WzTaghk|K|LG+gY za_R2BT{`Oq^moz9IzsD16i0v+4#$slTJlgjKU$(2OlFPe^LzGfpoH7)yeD5KdwnF6 zU$({7p<%zWUv`QGgcqX3wH~(zk#8{t@0Zlxb;kI34b5QbO0Qyl#>QQrO2? ze0W(Ba|$@Wws-g=m#`@wX*jR=8{R;?5L~RZ+>ia6e{~=$!f4hzV&-gZZ1kRN^c!@1 zey)h`c2EQ9yV^>pV`txlVExnd`Vzs%9B*eN8cApQ}gHx1CjeSZHt z;;S1zd?~BS+?004VJ^KkuIT*$Y#P<|5WVOHtTTS%ukAgNqzmGhIj$BUcaLQs1OfPE zTmtqHCS8jk0VtsYp_A@(EvHfQo;L@T9yjOhBsgB4m%nrxw$j|z7u}9(A`2N?`R)Ia zILV9qsJuCl7}zrLuVeezFj3#4%d<1kJu-`PpV#|ObDvXNJU3rxQ~+PCziL?aMUL8C zs~QF;Ph1z^!)7Ax&o_)?8eZ&9iZj_(#OGQSI)&0US=Lz0)y5`UwW_FA8^7J? zk9RscT4;h?pIq;ig_d&GgyFIF(bUb8ST!F9tZ!~Mx-eb|z_(E;7ME*GR~m#enN3kg zH~Ag?qeL(k1;jt~Dk~#f5Fa`MX}BRlIa)bd%sTjM+=FC$0Ss(e>vdtiGo1>H$yg5Y z6P?Q0Oijes6d9{l-2tcsyD6@Y?iUMA3k@0o-ng19^E4pst+iSLi{KZbm@>`W-`(_^ zm9-dV7nyq2q@<*fxLAA)xSwuua|&<`pZiA(WC;8_L3vnM$B|+HIupehHuO7Poc>=` ze;?t!3)paohcH}8>dfH?6xDKb*u*WIQKsf~+=b0u7LWAyWtg{+)7|A-gheff!>&ko zI6*dMFqH>%bMRzJ&8oq`vgJ&XeeDb5{GJGtT=qX>4yyH4w`B zAw`$Ze@Bg%-}>C%wp1SH4OWuVNjdIMzjr%<8a(*;*{=7X&xJe-FHp{GmM>6OF`dY# zbufd(1)%JT8oV;zbpCKDKxl9&u=xr!iKrijI1DB)nj0GIwi+F3E#?$~VCTBvh>LbT+wDE5TOt&n`qJme%aR>{Z1kHH$yg?F+=gqNN2k`>w)@HXhrj&Nd zlXo4I4C%%NKw*&7=L!!{5^dF-BdUn8(Z){*G(-gy^oa1fJGNQU1t3CQUs8-u|9hO{NuGm$>XgC-delRCi zH$=b)E~Iwf{~CDrB)!~tRSd`yC>U!dS0Y(tV=F&y5$P87Jsx>safJ2iq4GJxpx-xA zpS`j+&DP6RWOn=Quhc4)0=ZJ@w7?sjcTUD@d8&BcUm2+>MG$gxd3Ci=O3I2Bkd>Q^ zQ`o>28>PAA-gV9Gh0|&@PLxzC6e%8F9eaL+n_2UCHsbZamu@jmA9lN~{{5q^hK}h? ziDZ#vMVj@`h7#md{TH-L(l7dAX{fFX6l)5ZEarO**$o$;wV4j8sx-QPE7ok1^t`mG zz+5=zswg_$o+6iLHt|9OM+PE-Bd+J4bxHq5RzR0Tv+uqK`ZjjB z+nI1_U4q$1EEd#@!a7g?u!$FwuRkkKIrb70by^%$^p3l{Z)yjIi8yj&QUCVdYBS&pCqic zwDGlP9@R916ed~+DoD>|xiH@J&edvcCgxZ7E0#v7EDgri>`jTMFH(x9&emX*^2EZg zyh>zoCxMERO#+w~s8RJiCvSlog$NYZu+O~!z?oi%1(4H+rDd^Q&#ygtDGUW<*7sLi z{Rl+v#A`p}f48xndMnJ_^-WMqZAt^XA8VyyO zJ08xzpP89CWZPD*HiJk4J?5nHS=f=%fTdOaWN-s<7T8SxQ|)_!~su~KuGePJu6B0PRbq1%4Z{d~rV!D^AK2@FJu z=}ocSc2+1Y20?^$u3P7Hh2BBZ9Dun7vkdHMfCN8zNRZiQgZ3LFrH}C>>=%bgpFCbd zg<;sPZJ#Lj{JV0^Gk*VCqqI>a)nwypAm}ST&dcci6nkjRn?bD6tcm{Oy8J2;^ynr` z%s^jvNa*aFPV(IVCpR!RyrvgEXu{1V*^!&;>z}y_zYbmHk4W-d(^Rxa zKqGua%Ji&HtiOC(ZaQj>ez;qDs7Wksy*6!F4WZh@Lp~4Jj~?AQ7K8@-z+_dSz4C1wC)xb2?)jl7OlJZA-}RX1)1i74lriHwuG~nJN#)rFblc6?%$vSuo2AMJ^YdmSWp`GBQDU9QOI@0Gx9y4G=?f zkeYJ`DyzZKVoPS!f*a`iZan>-j55XA*NtvAI7BDi<6K3h)!n7DxNm#jZW!hLn@LB7 z6ujQYidxouB9=qVBGEO{cC&C)T+U#+Nv1CynN2!!e^%y2FrFgPi4rDz0~D*7ERgNg zyMab8%x?J@mz{6%AtB6@hmCu*k97f~RQAp;YX|kshxXFQ_CEQ6>)oQVzR%BJ!CD1! zDODT-&`4H5|87!AD;NpFY+LM!MXSDD`c^}2XqHahBoLKgJ;|)}y*uYN2aet0Bg}n# zq4NglaW~Q2dG4n~64#{_!u8J$BOd#J-=bkm6kT2tJzNGFKaeJR@-62kTY?R3;>Ztta+0oN3mlQb`1-M509o=m4LT|`wLnHu9*oz%dTObPSbGo()n9}3Y;pirnq4CG+0uIcOxKKq!^oP4B3 zR|w|9O{S#0cfPI+=JhkxZ(^}IqR|wxwdN|LL1mH?5*EUOk$tUF>0lqhk7;H(6WE&0 z-zDVGi-k%j^3!JnkV2J;m36XPK-u(qKkHqdN>!(jV!dcC+v?k{=q9Y{5T=xX7Cqp` z%1g|R)K;T}6}oPvI)#K}GGo{j`X7Mo6~`-r{WAws+9TSxvvJu^BfM_2Z|^VK=;A~a z;cNK=UPN9jx(&PLbPK>&g3c#;a>EPCIY;bE7o69^__CzK*os%pQ*Rn+?ZZsS445%T z3%{PSwp~d`lg*;>+*dJ zAV>MJymEpI1(&IOPrR$5?RJCCVnR7DgJIlwu#u8IQlD7@l5$uC%B9h2ZH`VQ{Y_7` z2NBk1^=Gu3WBjWoXQ*PAaVn&ZKFw3rs=##dF<5`)l?&NlULhC8I~6oB zpey6!AIxvG%Ly)3Lu*x!3v+v@-#I#FX+6ETR2}}px~9RArq$(FL%3RoZvvfEXsXgO8JhtQ9gdg|h66f#PHf9b{Eo$+MG+08vjG*GOt& zW~X|b&(I5NE7%kwnGyJyKHT34`hOk_YiAlc2a1Cf_gTy%LtLD)B^CM-^yZ12pe^oq zdD2Y|$3>T|UOLZXWIR4dL!NLL?9JTL{nTI)x(;(z5t8wbnIvX2-_DA>RL7)wn{EQZ z-Ki7Y4O#zcpHUly5v3AU=9}HiXi1Lu`i!#yLYoeK1-vR-y@^I?Dr66lq{8bw4_6U* z74oDAMIuUCQt6;^k=$@Lne2_iudFJ$X4wD)DrK`j-=8_@A&uyHipE6@Vv?AMi6{N4 zP_fbM0?jdll-ej=Y{Y9dt}2}=_@{>#h{*fTNp{MgU8K1kKF4U~a8V#D(kob1PDKFD zMd`~!w`zO1ccXNZW>QW4!O{IOk+hUHC9aP>4_5b%!8>WlB1sf zA}_>@8E7id#VZ$?Af#2S?P(*Uqw!Aecn9FHCeiX=3r01VaZNH{2H)qQ;{Z_N9jH+5 zZF-VW^9%B2`#$5l@mz_jc+kFFWQGvlegI#ZMa*BhMKbRXg~n^T_9C&>lm-&IzRTS1s<_T{iw%i#NI@e4n}?coj*eyv z&#~tZ6e*VAnmJg44Ze*!J4hCpkU>PCGc?NE>p*ph2k`uC6YeOhHO(%UU1zewK%M2o z(ZfBR2rr&;ERs4i#?kw{6cQls)~ywIIDPW3OWJgoAK4RdRQz6!G?iN2t~Xa}kqYt+ z?@hC7Ja<5omXoPU3Q2N^=p7uafefK(%)ci1zw#r3y{H^RMOOd#hg@T#p@fj+3x83*u%5F zONQ3&acJ*_`l?ax%aQF|5R9B$mBHeHx3tA)8mFE6trz)0~5w9UUhKB7x= zElu}h!2%$)O*bcH%qv)LCA2nzQwm0A(BGPpDPuMYF&^Xzc{%LgT`W0C@)IhEYzquc zh?Il!QOIR!)$8@T!)?bUTD_t{q+#mGNOC^4LhK6T?Ahv379ejA05*qOj|R2W&D)0F zz1wPTZmw6yVKGlg*4nBXntN z=s<(k{YgAJd=JPGWnRm^Oqz4$^DFb}9T5-t(WX}t$`D_n;@?eP0e?_+X?R`7@=Nlj zwnQ+yKCZd|Z8!AUQ`sf4+2vO*Z~zjGP%022#(RgMKp&Sx+K1#YFmI39?bxvDILE&f zF*eDwRBv#2x$L#0>Gg$f4bOAQA&q}u3oLXy00#>iYd)J&(@tm7rbCX4^AJp`d1wbE zuEGhx+c6KsB_$)(b_63mWi~CHJ>3~MxH&&Sw{?qN7dV@k?GU6q&;7Qn zD*vuv^;c0@>#V`v`ZR#}C7RA>%?{KPKIr&{W$fn!a+;pbuvpC2_Y%4P@^K^V7tOeI z*&fLh%;M#g$*L(8kqOZ==`Z3Ur{7{?umTERwj-b54abmAZpW-~uC6YDTeo6~>PCv~ z=YKUg|HmO96LIaK`KwA7v$Tm~8I9{ySFzd4g4TSg-Q;U!*-hs3mQ9rG=)9q?F34C| zMdIILr7AMuUQ1$wpU`67OaSciR^}vuDumhLnFgMW(ujj$E-Sl(_FJ3cN@!@M7~g}~ z&E+T$rqZtaB>%E24Z&XYv4MNy(*4_3KTRysCm?_Kv zIWom5V>JFO-Ys8_7rL`Io-OD|qb{{Il)9h>@;)7tmxknszN!+xfo9u-;wffiaVAcZ$+1Cq$FzEIBJ%IHGpa zv~%Kcp~-DQpz~TDrexIr0bnDu#@T>uNgJh=eGI;sx3j(4i0=Y*M-1YH3sfJrRe?xm+&Hjasd?*saxY5ci^)OiE05sDPMTQ7*DrZ=)|Z zdXxUprqL50>e^<#yMg!{g|3<8YnxNq!2RL{ONX4~t_<1BP^AMh*@$}-Sr1t`qDhFn z8pEYKkCo4Dy?()`bY@`|^XvC3w6Tid3RsmUPrs|=U7zxqaUUt=EsRfqsKe|zR_89i0YGXe-7#FrJY<8eR#7p)~rR}7O{0juu9)mQcaQZ@S*wP{zijH z!MPq#Z!Q{t^#bWyQ0r+~u5WX)Wn+PLT#Pzrhm-|%;>T)0oNKrP*ng4R;iRbFGnDzl z4x1&TR>AFrkh4|#F!Q|xByoNf?VSE-DKNWyT>b?t{O4Y*9#24yEzNN1`TADILtHTc zq)^z?g{?)6>jLb!R$NhOqZsT~Xl+rXtd`pWGhXl|pryUo6D!kfnMdqX-2~)m6h2_`{M_G(#>bR zzuWx~KJC(A-9j&Z^MzG7lUcU&w&2gEvU@X4PU*MR21Vv`t)%;NjQp`EPEsDSOVyTV z%#)ksL}%PqbB-!)70Xs4;&C+CVegXjV_Cozwj=Dd)}t7`p(lppQJb&KymSY*fMF4V z+-l)AHK8DOnuJ>1`qdNJXH|vweHJ?NGb`p8d<9bR9iqB6MG4OHQO-DD-2}1qs zf1`)J3~TrCLn!HyhB_R~)2p7B@8H5atmgEdoZwmYCm)5yjHZ8yM$hh^-isviAc11j zg5s2?jwRqDckK!XsKC2N=LDSVei1yF8x?jC+B#(M__CO~#T(wAUSQEvtI=R(ljT=Z zZ3)gH(9NYmTk`)C$C8ejSu9rqs5By{3`` zVTLAOX}E4V6-QW}e8cnMJgnz897-`E)inLAj5&shB`%rpf$vdP(kPQJh*Ec)F(97` z+c$^a<-bl0S&TBMI3<E7 z0(*!`lG&FW=wEKm_8x^Z)cBgt!y@JL!=|G+v(kp2LJ^Y=*}0KAL_p6D&xVDSwJyjD z_sMyzl4iw~yfmlVxjFkzPISn+ouxYvUWb>Cfc-^IRVmYv^c{x2;4uDN9NR9bTk>qG zHW?Qh;(2gqKbw%#K(CjhnCZ4pw*#a;2Xr=AmkXhoXrOV{w1z=W)%%;SNJb|jwMuQr zGjo&0>fnh|1x8CAR6;H?Ey;VKsbXXT;?3>RY!=-@A&EPiV~ia@TwpRAV>@)5U_G-r zn{~(nI{{k5AqU2LX?3tFZSh?b3>;1La)vq6Df?DWh=$1?FP>BdNF-wOgr=vK3 zWbBX-av(36kcNTu4wRVWB6CQ`)XKH_J{ib=xti9CXiz{9LU*vbmO42(nOD0W>=fXU zBnQ3x6z6e!+-*4-uWlRcmKIJ4NX^l1M=eUUEvK>&Zp_wj0?w%xRIUQ)Oy3k>frlkP zv_ZJh9I~K26*@lx*z?{-0EM;a^-z`lj_eh{Z4F6>AH&tra@SSd-(W0793E}Q$3FXn`9q7tq+R0$zl&Q6i3axPG zqdO_ozVc%SbAY?0$!My8(Q;hD8Zp6zo-a6_8g(8{I}USJVQjUZUT=FwDh6CY+-Wl9 z0ki3FiI01Bx*LMK!Rgstl_HX6u%L{a^=K*mh%0{~cyl6;)5sS%44v1vKrbnXG|gwb(CducQNdxhwHI!hm)!u{H}8~fDUl;@_NbwP&%%t0(Djx)Z!E4>L+N}sb85d4VOpROaw$LJ*8t z*l+iz3dyN5K!a%{4#XF}$snA1s6o$Y@B^K~RwDv1V$S`f>*nGn6I!PRg} zkXqmV{VLDemQWTo{9gRkfIGN#%kDG}i+wEKTj+BObcl0<&g&}F;p9y%gLg=4n zE11fEDzgZ5sp$mB8140}bC{>4= zHOW~75TbaAYRv$hWo*eywhu{$^{A(NkYS1f5yh+guQKohu5B*R%_xgSmW&rQcf;VD z0fYQVBO=%BOzX*6Ei&c^r09zzttH^mY0cs74ZVUxKB)ESYB!-Z@G9H++nbnHZit<^((_}|PG^FDhyU2jr#R%!F& znazWR_3RfFn_%!$oBaB7XjyJgEI%D;Gr^hqgJ(f&DL{@{?yFT&f-+=~DH1Z-++maF zO%@q&BP^CG#_v;=p1$kSOYEamCyGcUPR4bp7drE8|CC&39$PY3t721}+pSly`6|Nd zc>V0LaTsiREJ9LpDp595*^*-0eMHV;V_xt1x#=j#M09xKY6Y5ntar;`=cRYgfwnUS z_G}c^NfgVlT58Q&ZNj8doc3~WdxRNmJEwU@!)arg{0LiP(Q8Ut9tK)xgzvs^KeEn= zaRAwi0@_9KSH^Psu#7}WSd}~B%YM2xY5>ur+RMc#0fPTGfDyA`80#GG0OA%oZYnF5 z9DVUrn|?1wvd7u(WLCO$F1jJJt4Xy;28hdXcgE1OKswT#BPm31@^N;h8u4fEZrzYx zHxsB5DN2D1w@?1pE}}m3*xn%P5_LmEgXPqt0z=Kd#F?>XIMne`fb^chT<) zkG$S;v1kX0DHX)*0pILbjb#bmmQ4n43g-?q7~c^S{H~Wn;zP3;7GnxDb%W>bG;~P1 z73shGFv%L-xjGbkJ5DCmWcdzv)bxcO901FmIv{WHPxXa?$BQw6Z@g^l6~hX_C*~;OTM4!+@sM7oxTJ-r>;G)HWNg z)}EwVIQb8GG8B^(pAufKZxJ}nquXoDBZnbf1AYF6N#oN2zy=DqOvcNL{hy;(egyUd zjW=~Ax`uU($M&M%=P*lMUrH&SyK1WNgZYN4u-qow4KbBE%T!E8Aec3hSS&z;5&|>d z{Sd^f3#ZK(5aUwR0+-Br!pFQe@bNG2c`~I;!4!=YEzufdEXyB z;3#2gWy~hK_4eZ)0j-6N^Al2Z+mwJaZ_vwF(r_zC<(C|9|W3e8;$m( zg4hjPiMEw`-Ka|VYI%|bRB>VJO(8`DEA>J{lk`e&i#+>J0g`AFiV9S0?u%6cQi6xO zBd_?!#=7E`0M&WcVLJzd&Jg@{Kl^W57VjkBQr@LZ7XGA^Rd~j}d6ao~lSY9uuoTvo zcwgdSmK9=1U{n0#JtwF5?nEi3EO8U*la+j6|C+`n8Nwy;B$I<{D-0I`>O(C*td0nw z>~?Dm9Zw!}A0n;3TLuh;BRra~!Yo$4i?}(EN|(x6%Zlz-H`5k*INczQnsoCoQ#6<> z>6^4jCq`*i$GwFp;ITx@9l5F7_9=;Y>usK~j{ijPVl?BX*ZdNXd0^OcuXVj?1{*;i zl0)tT(Cqgjoq6bVWeuCSQXZ-7cDZ-mC5oy|jt5^}cNZQ3Id0Og=E>7%&a~l^A;3h9 z&K|_3{!v6~P~yR5wcJ<4e3LrSqS8Tmb8!?8Oh@&(W{xT_(lnNHw7Or}?zP<;PZq|y z5gz7fwRy@GL>(n(x((EkPmR(U>>grvuLz6oH)MIH0`5(Kdmw5l+!1!lEcOtIEj zLCU>JLEd7$_}v(e332&DJKr3N2eNL~RH+0Nj^j=j!)X>YN7p~gl@;Z-(sZ!#>!eZ% zM%xF-;|A+@5iZ!zTF-vUnN4kS3=Pp(tLf^G>jy;ZH5xBr5M*RBN*)l*nKZqNLy^ z8zD42=~<)!u)nkk94m6ko8vgU6HZv87R!ak8avK?`nlUI>^BluK+&jjdAiqdd(!_S zj?VJq-8KA@Sc!UrtxXY?EEv!-&;uKu{07&Fp+5mS;<1DDbQW|03I*z-eerbHxu+65 z7I7Cm_@qq|#0k<<<(>=Db)<`S?hft|2@MIse>uDS#oaA@@at$`(y)IFlWL82?{fE& z&8}5u{Jlz z(DTPL675Fzhb$<8{PZJ7mD^P&ozj z*?IQIAS>a3B1uv|Pax;4MEM*IpJr+yms`Vku3qM++r=&(~Z+yCM0y`!4! zx^3}S#oj7uqvvh2w)Ct=&!SXbF*$!D;*=R+ql~EuiMIclSJZ@ zgsrIPdCas?ZtInE{jv?h)_n$@Z|<1$k&F;lvFn}v@vQND(Q-=_J}vUjP1@CVs2hs7 zdBJd?B_+rpK&^Dn!_vnv-_?8d@P~0QcUW%8g-1_G1ET zPT+?N6Debt-KY5#cJuLMP_{nQgadjhVV;$8FPaM$#tr8YJbi)A6surlls4ruW?1s) zVNyEaxK$^cff7k1vs9j16Sp)U4!wWeq+bAZ8T!x%#0m5C&h?23vsgk7o7TYGX?la( zfE`n5YlB7@rg?35*0POQCBn%&>DvPetaU!`9m`++JgKT>1<*MjEWv~f=EE&wHpQbzR}u9;j)o}_`t8?Q)ezYR9phcyA&&E zYIw3>W!afZ4Q?IQC~+N=b!N1z0kG1#mMWH&C}J~C{m_24^k&|NN zUu6NL$Tv+Z=${`07KZvE@qlf0nej`mYjKj`S7Q_3L?&ZqbkmlY0rT-=G`sEJ0QFv4 z|9+`C_IxAK4Gl>Y5=ES=3@Z)W^u>F4ZyZMsdlJ-k!is#R(Qvy5ognNm1fdNypPkEz z0+25gWIe==$v$;pTLK(k3f<{ptDG~=(%I6yElQi1DLt3${*SO1bzLKpfAXLD?rsQ> zA42Tzc3;v-@6lf3-Kl!qPj{8YTElUQ`uJ=|je*8s7pN*0Kq}_4Ne5BQm}4bxomGAK zR$TY1^j@gwOoR`K_s?AX{UmXPD=Pn2 zncL=!6JVeO&`Fq^n|Fgu?@l;`m{)8CNLA$)18jtybP6Bn#a`BLy5ImM?Wzy>SXXLR zU11h~_Vqx_X7=Va06m-%jhEL@u1a<4;?}ym_F(i^n>b7}VG7WwzWYskFU4!o@gEan zOS%CFAEzkLG~5)ncnm0J`i)2r1(tyG>2f38o)_SiIvrwbP`iMUru(|;f_)3P%iRmd z?3ZLO{D^kLa)t^hyccFh%ftbVXxdsz3^2(WL3GR{Xizg+tcow6^j={4yDcDpl8!f~ z2JShG#K-dLk4E2DNfVJ7O}zJYw#YD9Yj8QnC@N2S;QXa*1Q#l}#e8);mPV{~?QrTe z^qDiQZ4CgT9@2GQhj{L9LamZk*k^ zyfoY6xqOcGfU1Pv+~{$K&QieA&)d|gALPGjK1pR~^I9+KDEhEf-hH3eyQ)DC;Zf`- zuXIdimdgq%0ByMZ+_Z8(70;|spp~tbh-qB>LcmF6dg-qB)xE@K};PO@@a8{mk=13;y##IV7patwedb!?iV zSz?Z|l^`XG1^MVxjl5f38nT{f?|oh0>|jG-r@~-f&)t&3F<&%`FR++p3=WKBwNoh(Am_%Ht)XXckJZ=a+ z0u(=Rig~UHXfot$dI$g#>^n)OA$T--!wq?nH_v684zi}>vOcbQOz7ggd`nPP!+;@V zRVS8Py*+H8CsAmT9(mw@jM%wOTTV}&#q0Z5nzny&9LpRno|^(?i=53j&<)-O=wgxX^+HyK%rz{dy}8=bkjE^v9x|LTM5<*zc5*9wz}X*P;6;qp&YiC87r)DZF^ zoQ%I-w?22#ddf&y(m3|kC zstWZ8!-|xKr5+IC<)y_G-}WW(Gk*EqVojMV-du=&--WVAT&uduk8%~e->%=rx_lX; zsPYhfd({>Kf@n||r^e?AXGHuhdFtX0ZuM`8e5(z{MUOJ~E%rhR?PKhFQ$pQ*7>|`dZ!;YVR(Y|S7Psy{#n9|@f4ZQk zIYm6C!Gc(7_`2+ZMC?B3V>Mq87FM&(RY@(n{SIhEs(Zzpml8;hVNzH3W#qa=ryM?B zVv&4o5Ldfd_-g1OopoHy>dk`hI_z~I-csImsCRfA9pF@_89xFT!|KzdJ z@we1EI~0+pFxzqwRdYH`*l@4-w_~vwk(i;4v0r5~e8cHWy%AE3T8g&pI)&)P>jX>k zCEm*_V`N6*baV3M75HZZv2`_C<=yM~5wBL(3pfR*b7bz9v!)8O!UeS;EJ9kG-og_G ziO+&qh>X_WYYH}6f@I61Um887;PCGJt=Kc307Hoso620fqutNK73?$I?k%D^xj{PL!9CO0wo1LqQ}2a(&RJFfJ>)ATyQRZOS6 zEVT1({04r>n{t76QQYv{C)(VcX6W=-OJcAhK$Y#}$~GH!!gvEOUvDo6gt03dfr9!N zC9B~H{giJq`RqnM_SxdooP1W@rHeWlO6;ZufglnZ$3BmKx4EVJ>bfdjB%q>7Yi#93 z>Wr)n=bN%u98>YNzy5}KFE))9j(&eF;{izE#Sg}3&f#R_5*Ug#pbR8+{~R8p;d@nU zAwHEVp=TKTDg^`(2buqqZ+YG2Q@Q^RZ#XSXQkA&7YRcZh$@3S#L8%c&KsGE;{g&nR zkth*5r!~nVkWFLFLHpvhq0{&jU^)(hwB$R%86RtK}Sd z&k>8VFghdidIZ2nOTMdqPIdC_Kp!oMZg0XV`o~CJnf@Q0i~sKJZRYdC!f-_mR3k^_cVVOSa3;vL@?YnBlist1UEV#eKtCQ=pn>t> zXJ&AN8noI-yVQh&cgNLI{!72a6p<7W)BLyHqmmOg5CB@WA?`@V2^uXqf)DJMZ)l9f zj$|sEXHBa8^b^aTEqg&~cUmLCo)LIvPqX2glXh38qbNh-b$|Q^%Dvmz2uq2S_-fL= zmBE?aP4iD>GG@}0q4_pCXP;0(ai?L6TMwPyb$PTia1Y5xD7ScQv^_?9?lWuMMCHBS z;&nG=`EgSy?C4cx<6b-5Y`}!>ZcaaxsbW%#(pq|qilpSSQ{6^*2lY!X2}rK zIImZGAFo1*tSCe5sP5g_Zj zbIHC5AD8!+E;g9ABm&S}#FyS{tk;-z-0+}ZNk7Boqb}akN{jFZ);RJ1T>kHYO$w(qp%rNxedzM zMm+iK-X>Ah$lI)pvXpC&OCw@|5t{~H6f%TN#tZ&jZwzE9gbR5t_PVX37swq{8bvlI zX*q^K23SfsMActr1b^3bIZzrMH!R8Cn(WrlrCV(*6gh5s#US-|(NMyB7A@Rs!SGRzDK(x{Gb?Dj{{YczMF)hhHC4XsNj`DP5 zHsp4)JX?))nd%}jbfNNWT7*+<6KzLHI=*UsqE@fGTzM>X#Ad>X0l&h|xa4J8GN`al z|10CM&q$t;3=3(8()Fj}%p{p}CxF)W-JcKS?bhi2UsgK-KBYvOrZgSTIE2ZTY)73^ zqK(IHIE6Rf*!6i4b#ScxN)CPZ4`0&aW_h&uciUTr~aSGqS8Q^^0p(@3PL( z3zf8)+?2b-y1k^rg;k`K09q;aEkp3qCN3>4rR?kI{KpT$uQYY?(v_;GrVJP}gw_=>A5{?fZ!9 zWt|g8zWFDAh5=`Qu@7c?RG4@a+2bHPy9oK)o{zq!@o^i^BnK9(Wt}NfO^@ae8@X~l z0LHOXGv`{Yf7;<0*|L6T!t_(K=a+l>ryj<3-k(1o!S8{}w)-;RqTbsPedTjrYo2VV z1uw6n2F`l!H^@sIQ}r7VyB>c8(t=H0gmfjB_>JMkdHo96BVQHGNGaTwBXEKCtW+9# z$^Ct<9GAklJD(vQHD}U1KCk4Op-Q-uVP*TAQcE@T^Mx2qI+Ce8(jIX_RoIn^WueH9 ziVc25Vjs-#mLT+Ql4EWhD)dahX!fDkM{$%P+n00&on1DDpBTaM#@oqgvg!=uYop~f zDzZ^=ZWNr%;e0ob@ni=pkd@?D!zpAFml>K#D-OUA7SJ-xzvnfiEP5=5`t$tysK!BZ zk;n|_OV+G`j&t2|%HIIy02TTAm`X3@_tb?q@%N2&ZG6{*H4DuEp+jzJ;9U81!wslI z2r=&)B)6+^A=)N=C=~`eA97F*Gmf8Jx4e6+X-FDED}knXo#wGvE71tVRmf`oW3AcZ zRC3*VH;U;uly%TbS^ve5`lIH8RdD>0{#Ep-$15F%gCpwRcgrPfvTo2 zT#_OX?sQu({GLl9euEU098Q$Q1jwq`ll1J+&XGrnYFPm z%Qs7x3vAVeE;hUEGQXG;uhBAG-T7mj?KQ&S!__FpL?W2$itia3o2kH071#+|Jk#4n z*DoBz|8c+6v};1>aE6`UE%~HEyNkBsA6azo?wIT~*;XD$x*yWsLCS|Q<2D$}_8#XG zhtz)wLO(?u_Zyp=2O~@j|Ht(L@MC!lalN=b!)Fvs8y2r)9 zxtXpe`AJ)XH8+RVgaEO_cix0|_VQvAjUE+K9?PkARFfGp0WVa-JP0S__NY!~br=Cu zbuXS=>BeyOZt3~lEM+1o}eDO1EuSVSFF{~ z@rO14m3f_y8=^Y(;+`1SgRLxD>8k9oI$=zg<#Xx|o?ee_tiJ>_S);OoZ}}AWT>HgZ-e;s>$)1J8~lNS^IkEr%9V5mlPn*u zX{>H*w4EQ5%-fsvC{7qNde$W?W1u1y_VPeK>4549ZY49D;68l0CW(p8c-7=(WJ>6` zWf+H}VTK+*dziNxkJeQI9fzi{orRTInev4pH$S4eoVov+rSQr%T`4oKpj|XC8Ae(h zc-j=~Bes}qxlNiP2%4?EBWyI(-8n2h*>&dfn&NU8b2jA`sVBEIZ{>ETB~|O!9H~rnCeyK96ms8hDB^5)9IbOE*=i$D00<#tx(qi@j{EH z?gHXMh1<=a*!XD9_#Pj%)+}n#s7K^GdOYuW{V^G@BtzlzYAt0mW9hz*l$fe$7bSyjfcFtAO1_ZW;(T;bVm*TV$OqpH2vkr7O8X6w_l$m zE~as%d#M5Z0HTZZX`*WgV-i!_9Rj>=%kl3S!^QgA1=^){>Ba!i7Mvr6%CYtCtqv*p z;0uj8*3X_+SNwC#G-uRsv^f@2S*!dF$#qvCdWhEw_hF34Z^oIC{wZt7YMl}>{<#VQ5RuKlZ}!I>BI?Xbi_lOJ-N zln#zAc2)BJj7#$F%1p6CO|wy91TJ-7LGMXcGIx*HxLs!Fn)z&a$l^3j)^Y#T={<7j z%`drSMKmP0zAYr>Q@()ZPI2HVf4l5S)^HSNqN3qa!+O-y)C+Ji+jb=nLhRTghFje` z(PYgfXLZB^-o=YTrBNb?fupNi91E6}+ddvBjC5OMOTg8d$Tw(@W#(hLEq{rs8J@QD{oXqFaqWNXrl2M= zI2ib2rpeQ6t~IDc0bpY;{bIg5C+ z@v(=a5>I+T$m+fyWPfXr1KlYnVqoijUE5#bolDEZ=8uZ)k>K7_ z`>Dfixx}#gNWrwd>jAChE)i2weW&FV;|mVt57(?zPcb+%IbRPt*7~r$6iKK)S}j9P z;tP~cE+g@xp9!RvX4b{DL#5$H^Yq~7cTqJk`??iBXSroLo(||i`uRw6X~A}=QwU;M z_JH2ar)@4inoE`9n%E@GejR==z@_zoGHgs<*SLjqU;Lh-bsH0=a4k)sZ83gro5nX1 z@Qm*&-R9y_codcAbAwOkRc1cip1sRTW1_K9Qq0E3x8SW0&StVQ|B>Zjs}HbzxC=0E zm0INsahFaocLM@+m&gpz5$6LIMCaqDg@1dNcAWNwG{NFj<=HDNItBCfa)MJVX2zMq zh3zM0?H(ramaco!UV?e6UJfK`4Qd%c{7LVT;3GXKAtZP<%GH@!tDf{w1_tL{C26l}bJazNc$sAm{ zU*rns%5STjAKe_K&GE{^@x2##g~%O;(#4;}1y*>6j(g73nbTv{0wtoAbsPbouuA*O z-X>ymtb8%jxYI?O!X|6|vqmG26lv^*)jX_DyGK6jNwe{y!HE3d>aS>UiG!+L1**zCV-qWWow7 z`l4DzSs(+Xkl@fu)E}fDo`1J7rMvqvR^{X|1P!v?*uK62-oK$Q|K(fB{xa8x((!#*)|hQtHTJxpaVinX4~jlTLVBO|38H=6FgBGBkl#^i#*y@bK@^u7~DtV z+3-x04GM8^h`0?U`1%$a%s08l4G_g~Cyt-Ig9q;{&{`$r^zqie_N5LY)+e#F9q%W? zkB+3akG3e$yrl?L1d+(7IM_{O$D=K|rrgh<1riA?Aruv8Gjl()mzINevjP8+W0?Vb zhdHeut-uO@@vS%E*0&Kq6j##LI(-^+d}pu4(Q$*`oqCl|cb+w0**Iz5ydZo)YKUpZ zG12NN9)0+O5|TgB9blBQ?Ga@~##PbNiU|Hq?e)Lgq!FA{la*F?nmqB9GhRa8-z={8 zX(U(Y+ZN^vtf|-E^kNIAIu>uS0r8fENM@#YQ&o_CydS1qi|MfTt~yhpL!9z~bQlZd zW;J~Fuejb~KAxzN4aygxVLPOz#-1UHO6Pr;am^sEL(@9#ztwq@|b+thtqU z2Dc;q-{AHCSwQ)|B#$++tLZ*w|$j_FH~NChfj zWN}?o7!_RIgDKV&wrn$fuQcZpMw7l*M>(HwQ0nOD9j-(Ela^Zkep@H~nSc_UP4lJQOPR;3+5)7d^v^{NdA z)B8Jb=9Z(Qs?(s!2RRmu14?b+H!${cDeqfJ2Cv6Ie3WLzqT>0mHZF!B=+RY~ki_Ef z9-UpexeHC~7b;y=SNd@r%l`8M|9{^~Ptv@Mod4kCU1aojAj(Y8WcMb}w#W<~4cAv) zwpA3qHt8xJY|8xCmgBQekY=t&^a2}8Iy8~0p8gP`Tm?(cvPRLp-0A%Unhufe=KVky zKIVPIk=KDkf)6t-t+=QOL2$84Q4x5O?hY`1+s~g>uS{Jz0?n2?QuS^j2%WdL(kN`Q%FRTIKP6@8}`>R+1bBi6C|9GZo;EPDrQ4-;jxa6@o*P#kF?@f%#O zp)29R9t|!SHs|HOt6LqjYfMdeflL{4D=2~ZZ0Wx!IuTh*$U0sZm*zs@#>#0to_h<5 zpb^4e@6dkB+w1^obmbweF_m@p;Cj=hG6nDXDx>amDU|KrwZE-${v%U+W_{9DuPTCJ zq_9(T2pM}E)z?1>WV?jWW?L_ZsWoUR!@T;BO+@&0?g0~#a{Nf4x;}9iq6^qii_b}& zMPO5{9$VqasyiFdgrE1%jogcJNmb9tOnKj*rB?O2Le@L9Zpt?m^`>{Y|B;=|0eL*; zmu5ACds)#DQC+OoIyp!((Et)OTFTa{V*>(blsF=YxH;h!@>()B+8mqX4%rpYSKw>m zQ_t<+4cd-cLG!_N_AIX8F+=(Y(UZEo*OW4$Dx`sZwacQbb%imk$v3SKZ8vRg)Jik!yV&wk2+CKJ#_m1 ztFV}J<<+Xuxm7fs8xUXZhTM~kh% zndPV|3M@^Kzd%}Ry3ioMe0{P>B4?*d?c%e(G%D@qD2g$Z|jyWt0KyGe$_#V{P0Hq1-VgtMEK|3@HQUJF3>{Vb0;4?hoJws=uPdJyq076 z*H`Z2hYLD~DTCee?+wds{EG~#^hE4?o!iQByP5yXiAw98eufvpJ@}ig5wO`}IJVic zE(p49Et}0*!!pv?sO4y5&mLAh&=^`QK?l7N>Y*6MKxa@%esg%p7y{#0zCJ%;BDI`y8$s0|^?ojoekj(VkrZ?; zNcLa9`lt^V0C92c6_nt)-_@?1Y^G?GmRDi|^Ermde}_^R(!Ax>x+kE?qaAk)ZcI;B zuZVA>y?07x+g*$@VT7xRr=)*l6QVpw9Qk<4I)p)|Dn_h?79M~1$ zAaP__8TE*n^~#Dji`tyQ>o9BYx%z}P?Z^^0N$<$>A){jtKA$V+N!gX#=F@|KET#{= zP^JCAD6%hV%*UytAu6byp;zNvY600&e?Tc~=35tQs(qPG`B6}gZEtkZ9(!?(j+f#n zIbxqOAwlcj@a+&Qp#AciOvF!W!N{8?Y1U~4m7g;UEVy4-dgyD$tbK(~GQ6nD$N%d_T{|GS^B@aBu-VY;fg=$X^)5{ay$J{seh3CY0)zXPh zPU4L`EL>J|-L;xazk1QN!p*m1%BxmD3D`1OGr8S1i^?QB63w0*{B?Sk_YY%$J!U)p z1$?we*Q~InXHc<5pA=_Q?>4dBlZ1c%#N)+Cf4Ckr^}$umhdx8I-En!?Nu*y9ro_0{ zi|3vJ`+<3^JrIo*+;*ckqK}}1Zd{%IiDc8caQ7cyG22TT-;~o6U!U*9y_p~)Q{;<@ z^Ko%3cF`>`r|uHL%*-CfTPrzmV_k1TA>WS(Tes2>Sd&-9oc7%aY=sT=vRPYcZj*$@ z`(4xp1M}j|9^J*$<$+qLLZ3j#?z%*yVU*G06G`15>%wh~D7T?@#nb*5kJeHs6>Hkh zp&9N%O$p+>KKfPK`XeX451EGQli6DJ+=cGNr zNHfOdW)^uPepWppb98`flyQ zR~L;1?wg!ULdt1*rE^;FM(J)pJ9dFEY{R7Z;_I~5rECwnjfj>Jb$hT1$WX*#z*zZ@RUi%(YJ6coT5t z*7^-hozBXI&^2S-#!&-P;V~o}9RbUS3z=61v!Kc)i%EqVmOZ6Ogba7jY>a7s{ESwb zkvJ(SoR^7SIM;aTec9rTV^B!kdY zZH*2U(W%KSZxo*uM)#^UqP|miglOA1kl)h&MD;8o-gH0=1Kp0~>eA#p*gV8aT}0K*deJ*bU~3KK z%sg(+nldh=cYBd>`+W=CX5Aw|hx&O(7f|=RmQZ@tt{ZTXzOJ|jn)gGr6%K6|i#zTk z+)K;FpxZaS8*qexFPM99=ehW{oWK6*sS7?&cg^CC!G_DgYcAQsJ$It@JYdW39lFwY zB6g5mQwp1ns-6TH+d|5i`N3ofItjxyhqUq#7CibiX5<#D(>L{Q{_=Fq{$$g)z2cn4 zmhW$p=yOM|L5+W}b?LuWuh#cq(4m;8dG{$N6741!Hp)=&4G4N5p$61_9mas#H z>f19H(ZsvL!rza2KOnVG=cOGz`#N~Asg$T!|8mAHbmX&kict>9Z75XqUa~#)FOl!i zPnUR=N^NHOr2SVlCt03DD|bVHI&{4=1@>{Lw35VA4D-yK1QhC{LwN{#@hN z(HOkb*@Jw7OJ_YakrO72;GoW+(_NJBUC2%GK~Hq29(9|d(qSCeFAyujUph>s>{&D0 z=j_1OgBl~gD@nm!hiNp5ln+?9rklDK(sq1e%0=?v+FihvtV=(_&@Gkb@+Jj6WtLm6 zG?OSfvU6`5VY_Ht?QloB{YXdQ5W9_Mo-RS(>tC!}Hg*s|iVwtpEhE%uQUp>2?zw(k zrgSkVX8hCR4}6~I_HVzyUTZJEi*dVt_qxJJ)feD=oe&pt{zkVebteM9`%DxwT~o+o zT<=q-H@XK;yi-`WI5u5ba&&5+=ipnnJN#q8$AF!<3{)a(pNj>vZ4mSA$T^P$3o-ge z8iKYUG@jo8BAwM$gB8)Qb?!Sr2A4OHzoDE+tpRo#WD8qIY@6r;?Y6b_;pZq!`oEl= z{l@_kD9wJ({bKo(`CGEl7H5?WVq6f{DEr2@Floe&e7lW!<42iZiIzRd5@Vqa^GUD1 z3Kpi^QIl^PTC~dtQEH@igY#d9*kB)W)iLT5;Y2Z%J)q!&=nN zw22gbadLX>v9xkyix- z`^$7AtYMQ^v!T_#yI0f&iks^#dOxZLrK&-r;pultY7+FuWP$zWTHIxfaeHrdTNh;^ zZy+Z)_Q0EDjjEHmGKt*S#^Q?&nNLofbIqQ%g`?;P@bV{&+iQ_9J}w=U>106#N&Vuh31?%3}s|K0doNCB|sTX=$M${GIYH zSgYR_-4bhuDe~Hw7GX@E{9?`+SBl}yH#zsweP>r4KF^Gj3hiR{ZoNAFBUZbh z-ix>7yBBqP+FnC+ml^GmF~feaCkET;Pk0l9G$2{wOYzY?61i2{u=8V2=fxxBcBK+2mR+R{FmPhD}OyZce_+>`+kjb7|AnBES*Vvm9kO0 zJT*j5?zDAZ5iscXlX`k3^gz_D55Q=40@sQvyk=cyF5mn8+t$t5UW)YWw&st*zHLo? zB%^)ZG`0*gHqFUs`%<-dRNtJxW@f^=Zh*o#zk%3?Zse=>i}Q(dVhuBo^zF*>QC2&> zQ(F2qOIk*jZJ7kRt-NxIhCU_J|Cz@tshZ*`Fv`kxnM`VKlyx!NV($Ro4?yXQGoNXx0Efp8gRncX|=OGCi02C9%7D|6i?u0xOn zqx}OuEs7J#dAFj!p-Q3XbsKjbsgow4w&e;TtpOY6*}ROSKn%+%S6LASDCZi(sTx@pf$yn@(|Mh?V7~E6%szCjatvyM! z-+GXt!COEeYI-H0qwcic4L17zU1pd-EB;s~xqiftmOLiyEkqV76DT_Uw!Hhpc>`jq9v?eYljbQTT)$nf@aG0$Ek-R> z%^QZhyc-GuEH@#gD(<~fxP`pm?T7@QDNoB+m4>egi+=vEt4HcD3e*i6dh}jaW<9VR|#}M~1j8tDqhx?ZgM+6Bg^WoFN zqEpv0b5Lc5VZ3}>;9g9nZH(m}<>!;KX?AS&D~&y?eYdau(`EK8QTcjytyaw><2|YD zuEbipdHv-pkZ*R8>+uy(H`)zk)z`+VxY8Vsed50Sqpb*A}AWoxrv5vknN1ES+mDC3-?i+RC@-^HI zo}U5qCgT~aP3s-UhbpVvC=ZlKGcwAl+B{*?Yct?U;MB~H%#=Mtrzr2V-jIF2>r115 zoFD!kIbZo|d$3hf7bSlH^PWw-9hJJwFE~2S33(TAIHeyR+N}#CtZ^$c)tIL*PW|9_ z<+&Fh^lgos6<;JmPTil{?33EetaVpLmF66Qs4_B)w501bPpN3tvk0n7+U_9L8<5aG z=H;m64>HMyixCtBkjRA{t>Tz7DJ|G<`kTAy5=nhaZSn05A@`ejq801*Y_s7*Ph?L& z-bvY+66%MfODg@=n$LP84pS@{P4bPAkP>Ax!h^~Wpq}WI*e87yGrLA50 z5ZB4#*4qj7R|@#Y_x1Kk7ix?1bGPH^PgUVuyPRR8d{N$bvi>xEx_1(-ws2mGi$k)& zTBaiZ{Aasl`c9ENuZzQxee5vF#XaK29lJSe`yTDlYT&y&(6Hh8BOc*Rj9nZW#q-1? zVzZ=b?3;wzY#Tue=ps6!RpNemAG!Bge|l{Hz^`laicv9{I?$dHP?2m)-9C5tDYQF0GPU9;V-_wn4FgROHXgDJVx=7%fuFxir6gN=9WsDLz zLR1h=o5~yAVik<~h}&bqf|frvnwxI81->z^+i$<#-@aY=&6^YEJw}@Cah_&&LvLOY z|0A)HEU`KMA?XI^!xsH7O}IGJv~tbNY6wfrmklROwQ6}ggXH?RnT;G5E zrb+&~daF~BgnE;OZ!vFWC>$}Ewq#Xu>xYPrHa*%fbDJ-&X{bRb z4n}OZ8D=CA?HXs_Z*T>$emUQvML%3n93Y0bLNP-LyA@Bet;96cedZns9{F9ozv4Ri zTEAwsy{_8G<43SoQ9-q%gs~6)@&?c+Db0zNH{P9OS;gzRTGn7klN+$rGtIUQBTLT> zttLE(iIh4|@=ip_)kK zBrvq1ujep!!z;^E`bM(0B~p_WdMwORN6Oly7N9`SS_yEpO^=Ja(Q)?YyQ7EXlxW(2 z9IH2!Uisd!wi7J<&6c5yut~>$2(5OthA#(j$d%g;NbfB5x$LKU)zVi9Bhs9ks!#%N z;c4Y}Cl0*UY-`9Q;+YeR-!(tio5gKl<8<5MQ@eiR*&s@{@=sMXVn&uNoNt$Mhy#MQ9Jxz5tg8xUxsecF-f)Xu6S}_o7+-C4K z%657FIV|*DzoF+7L%MukCyBAKWFuQ1`$YkAFVp54{P^Dh9j~`kU}NQfeD6PqUoRzm zZ?syGrDns%f|d=|YEzH6qzDm=&Mj?PfqSTGby8BVHbFn$N`-O*j_ap+N#U)Xu^=lO z!fjJ5{*|v2({2d(4=;fK(#Cix0KWRgle>y9jEWvzMSTm5+wQ=wQrhSDYf7Jq2=oPG zP(4J^WaPHJ9fcl_8#@|m#K078!s{-UlK%}T>XD!Hj9(FqCs1zU)$9Yf(iNQJ@B3B7 zP__wryE?xVR7aKb|Gd~5TMC^q&UWc2pFCD~Xnbg}8x!)6L&CeOC&8DMTJT-F9N-Zd z8PY0$qlEd$7=EzfdaY9=*C!~j___Ht8BSgm5otDEcD7U3QehUrRh8qT|10u8G%}cbK3ge}c`} z`%ZxE(BG}sgMS|#sZOM74`as60L9(QPcEan9mU_9FZA-MXnH_*f6HtXRrFnOyz=J7%JQ2mZ8*1U9C1Ancrm z%pYK5?F6)dCM$|SnW%D80+_!#9dk~*?>E>8Kj*eN%f3ZePH#BeL?R2+ih+q}*j~If z$5%pitX#z&^_5T-DRH60Qm;i`yB{A;*tOAVzYF27)_Hp~b=`>S*ehTkXuUoiPdAu; z!CSoW`O>XxCDw|3WwQHz0}GRVDPlqf0Xn5@#4LWDW!DAQ17H=jnf87yUwQ*vLoQ}0 z7Z%O!I+i`+SJmw6|MokTwLTy8eb=>TKQ=(fNleHbCrlX z;(e|t+vO|Jqpi>Tgm(~eJI0g1k;@4VY?BLLc%f`-TsoMXl{6je-@odu>9v0?dlb8C z#uE1AP3uQNr|Iw?-uu(bWL!AB_So&q0=WG8c(?(3%dqZl;6EuTtN+SC}_6 z(}C@G&bh6>_>f{T&gXz?pS0OfTs_%URe2D9Nu={366MvodBd<5ci3$fZ@6SvJNvn( z01F&OHqJs1o_sSlhfFY!-b=0X)^Po=k!&T5O3$x0D9JOjsKt-ZWa7wCMF{nNN{Qm= zX0-gB6ZLE?a&2sYQ0T?%>6Pa_4CzftAE7V|Qy4sa)%BR;{u<4uo;fxkWX}8&$YZh( z9QHc`Ch2|4si>1vffHG$a&OVObBu`nrcE(?DWACbnBh4K1Xhxt1kB4DfVOrZ)pgP` zHTO4<ui&q`a)K3u90gAFH_e6LhW0T&eHWDuRE1BW!<==L?gg zYHYiqUkgSIOyf7vNaY=^xzzZ-=4mg+H0ox>{BGJAeaS)Z+fMDi*|g7OAAjum${77s zt@Ew}5QE?SV7Hc*%oZ`KIY^e%-aXABNvh$T*m=I%KYnz& zf7Stkce&^lW1QZOEn{=>omJsc9rnOGLBVDMOMFJK-W31Z3;Qcs;q}Kle{7|?sSo^I z(3)|;-4BoBw7ojCUX#z!V>+jgMC$4#xus8-NczbLsPT$IDaTCK&)P z!eq5lAdzX}CRA&G3$!j$9tC=t{bcmfw|uQDsKS}9+(#!yqj80^<~<2C?dIY)u3C`5 z-gN=4H)TWhca;@7rv3lAdN|H#qO+-#4w+U?denKRE9JrKr$4q@Xk`d?#+J#H)IRGm+hlbeVVxhG)>zL}L++Df< ztFO%f`x?;Ah>%%)bd~ng+jIS!tsTs56o38FOV=6hL}3H*n3W?-Qg#EKOf za%lJa;j%rxUyxLR8*|SYKXKmSV>Y{(U7R7Dgby40!S*VK*4OG>>)iOJ*RsUMhf`Oc zWwLWlf?119nbOU+;2sC1yNZkYj?bwsmpng=Gup8|+`b==dP@F@;)pj8JpcKJW2~l@ zBg(F!_z;*At+043ME(hgT`%>=c&*X~)bD4suqq|yrj&Lm8bW z@H1kc+|C)D8{>22TWpH4+3q)Pw=ie}*g~0HJ zwz~sBF$1OPaB>1hQX9Wzu3jEp5#wAJ#}u{L#XA^!hYoTuJdgdakBzUL{8xXXN&fYT zE15hJ@{$a!Zg(m4_6=Q4xC2r~5&j61hrbwSD)9gwE5HTOpjf5~hz}lpCFheTB1?@I ziRMyckJ_*YRPIej;4qz-y)c=ja5czO!l3Y7*vVs`dhQib1TORqbVk>vtj+JGD+seV zOKgaA&0P?L=S3x~t3U{!e7$(F!^IQmwwRHBcwYBXfnh}yv7+Tf31AuRcMyhn*<%Zo z*&Co1bO3WwJj!lkoqVpPpZ|jc9>AX-2U3>>wiZ4qv#S}9XRHIWb2%I_ z6USb>Q)cmH-<+60%9Mr!usKK{7XH9KvK=e9JD4un_kqBMaj{8ujoAlBnEbqm6or`VsnA)Ol&sJBVn_=rHz6*p}<}Nxe8ny z=D`FEDK{|V@bTd5jh5z7;9x?(WZ2E#WajfTX#qUBH@eykKFZzu@?Q(A2m)j@1xl@NQcT1~9b)~MYl`|| zfMt_zOGM-XP zm1RwC4|5G#9N>q?kwgVtAUu_yM2rB9il!2nww1p}yU^JzR-wgO5CMEr2sR)+;hi&I z&}xGlkibaN$K{TUjR9t4Spw=-48N zG>_sx+mVLGi%@lVj>IjD`Z#`Kf~Cr_MY(G4&U>~<41ncaai z<#kv8G7$XQU3>oA=DFb{_eT>`N*pDL9SNJ zk1gdW@@3sY&8GSl%=+olw=%EaAwP%C>)w3uqsqnE81Pl9OnVCif8itQI=s)t9@OxD zN-Ee^vZyRQjhNO}NQ0l&Z>2g*Gw*?yf?S@*rz1uhtxYB}>jOV0eEUpXAr+djcEF6L zo*_G`V(5)Iu-8kdX7=Z=>9xRpi*zw_HrmF!%%%w?0WV5a3umgx2IQL^X&q`EjGL9G zKAIhDhqInN8uaXkK8D>UpR#42nf?EJJWv=~<0JCKMO6I4I@snY)gxqS5i)|4o1x{! z$Ji?AsJ!gz8W10_a4PPSPWVyplX*NWnL>B_{wc8~}3*e`ILeqk7GK zpo~|J0DW>(!qHZYEb9(5tD+$p-1@Agq)V}265o_WA4WWl4HR&qwEWFWwTSU`!~X$_ zOUeyX!g~pAELaJ_GX;8iSbwr}5N_!a{R&Kg z=MearOKEU01yy`0`|@t+$xi4grU!Y*r_pg5wi_uy#ZOwZn(zGvZxKy!Zt5=7nRJ@II3+Gr@leNLUwy1(yq zAbZ%n6@giGtF2heLs%U-aKf$W(nj-Ci{j~M;ib0UoAAybKN_UNv#xk@xG|*5vmoe1 z5Dd}!^U6~#oUVv{6f3LkM@xHhIHxuS7@l)Q23*$Q%KBZ7nd=;ak5MWkx!17TR~*pv zbWi3r1N-Sgb_DdcMo%2&Wi`~*Mg{%Fys&%2>caFb!c|-#Fmp8RM|d)Pn`bGN^QVAB zetvEBU;wj5Podg(7yhAfO}lc)tw|GJ7Y8x{1`Hl4u%k##FE%DyQQmHblM3b*=BcZm zNeWtm*SV&7SlB^GxZTpyz%V8r82;qT+pcF2#;w(|Zx~aJ_ttEmVE<8a`A=7rMR?0$zzn@UBqI9@6PTH$Z`mEOX(}C+U$_K`KSxtoKr?vV!!Vo76acNVo z0V1`kbB>lA9x2cI03pGwsrh1$Jdg0W7O(~nixdI9@+8jRvtvx&lpA*fcrnu9EX-7A zA+v#XYgY!lo2O3=t^Uc4KfZ3= zX~3e2>d;Z>J6d)PH3g-vrpy7(g7YD}P5f0b*OHsbKE69P%yOwA^RG7!--OxqZ<@MU zbu0VKe?q>QxCXg2LR#nTp0;;M>#jTxRj43MerR$TBPiA-si!D#6RX-uhHF*m2}A{2 z8JJH5GmmVZc&Ho!3EnT?C(6|Qb9Yf6gzuU1Z6PQDNv1iZfUz%~qI+Gv7?}&6j2n>p zAp%+kr($M7H4)U)Klm?Zn3bWf1Jd>%!DV^JKJ@8(E(~{yTIE7$HDpyBXW_?QAhwj^ ztAT#T>9DMGw{YR!*N3{ozbk{m8)DEXu+BzQ+q@nYllxHg*+3`cf z(&1XXKdhbiU1AooFE;K$orF(l=a?+ib5i8IH*)MOo^;if%pIs}V$DHP`_fIYa3Kll_;y zguezUXAI9@RU+AUSOXzsdLN`*EVN#^?@l4<;ZDt$ZS|s?abUD+4@xrbV;ce2aW;u{ zsz_mf0GP%ck=C)TglRV#QO^!;=QK(h9K`Zs5tK%phR&KnjD@-+nW|ChPn4U2BCQAn z9CTxPig8xFdJQcv1tz^PN%_aeY|rqs(=PhKt70gR4ivL94cfJSDFG&Wh}~1?+!2L% z3US`mKEdt9`5c|5R#;fKj|Ko{d^hH>(x_d9ko$M<5n#;LuN5$N+h?@UEny0`+82N9 zmCux=uf;t~mPBlXC%2Q5oNWqTW2~_s?ZZ{3d%Ho~Y0$*I3kIg6+7R=RyZY(!B*;<* zKTCYCC2P;*hXm{$xSj12!Jhc2Ij~&qO!ak}Yc9RAMf?Y|T|k;EjXT7>eyh;+TFPtV z{B^96Nu*IX{(tC^+FqOf<=E~dB=x+f>~h4fzFB+Gd>8KEWvmxoOypP9L{Zc%Tldf= zJzv)?-}v0xT|^l0O---CQo;S!VWgJysKCu$Z5KJ`h4hAC??b=Cdx^Kb8j5oofY}{5}#NiQ3vgo$9MPi($LQrKTs`Fv|0u7EgOJ;qe(AbLhIX<<@YVeLUL^v_Q9td zfk|B@(+qNz;luoVoBzJ3T>w$Y#{j$t}bDH1vc)y?)MKh2H|W5M1sa!!cKIa7WQTLhoF~BYx8=O|92GXSI*x zaIm7`ke86Ge}38SR^SgY1N@)pKdTT#)(YBj_Ayc78KSG&OGs~xQ2?Zzv&y?IYK}3a zYy%jLMDaUSIsZom1~wluCLO6y8937>+?I%>HkhES5X~%$C+bVZdFQerd!HYFQ;dpW z-@AB7%r>#(HTS@xXnE?6o93T4P2oH#e>-~hSo{qni$i74X6`wfrk|mjl>B`BFw)hy z@ml2XU0&}$1_)qEx#VI^X2uw2pu+bqP>0v>T-H}M*q5~xgFsn5Ik=#xErVfDLpK0H z@kjb5MXkYH^a4jBZbfSR4d!;nuT-3nZ7da(9It~=u zD@%Q4osjDOAfJBBUd&I45irYBo2o#sgHnwxW<~+1HB;FuYDS0lb@S|{NCT8^XAYA7 z!wK{tZ6<{8UJSnk%q6bgIHpt~t|nHYI$Id}6V6QDE`0?KOEtD_N%+|;mz^Z$Y0>FgF}_6Jj4zF~|oKcHzsux&2y8xS03vHKWWkWOcq>DdK3WSuEZCea$71 zmsB?P@9(OVHQNm_mOZQ9j7o)Liw8lZ9GnglZmlWcHXLlqVsoi~pXJ!GS8NVOl*y)E z1e+N%No;racF$90%v8LuyA;XAi5+A&i_Y!w{oaZMfa#}pW1GMesKm zoLYWPqR#k4Qq5KYV_>2*$#Mb=pb+K6M$>DY#5hmdB#$9lsO9ihd`Rn##jM`J@dHRm zKNk5&j2-ghF0my0W9@lno>vxAVsu!d`C_49#(g6+d=IT%13}INLNrGFtUH?le<8O` zDLyZGU|fGUK?8av+={1yCg|jgNNZ=fsUAENjum=+4$DdgtFL@cD)hhfU9&v%5>w%wCn}3%~{2Q5OAFa-As!c%OxvJU~`ZkKgBf`+6>k_mm z!F1U3SMX%}K}xshbjJHJ=WYnI>#{+o-)F=h$>r;H3e75#`^_DjI|++gBjYR7NYNBE zJIheQj|Irx1nqeLq2PHcN+;ha4!Kq60x_H&VYgCXqq zA-B{&nVp)Gr}bOfnCSrVO20JD!tqk2oG6aPsqJyQc0-nW-vKd}E2ZSbeV zvxRLd)yV9ix{oI=RpX0@)yGHgC5*Q$33K?*D-q{XOi4S*_k;Zd_arycG8WYO9fFpK zUAbmQzq}M3pbWwP9 zm#B6;m0}9)KR11WErphVj`@ci7qt2xCj@@LgdCiy`R)GbV_yFZDON0R$N=-pNx8^*P==$94D`E)!CQcr9NO_#1; zE|spL%JLDf3pkyRE#vBDSnLquqw?&tjSQ}-GYZ|KEkY&E$8I*1+E{2vx0?Ln*^v2c z!l&N2W)&B0qwrO&Bs-6V(wcuc%$dQgp?>i9U3dl1Qh7y6ng#knBk+p=;?$)1Y|Bh( zUP=~h-Pi>6F~ihe8tZ^c>ivC!rEZ2~YvLtSooJ z4UG)wz#ZF;&m1trOdxsFpl**N3DGEFZFK3)wiNfMhbj2m%+!6H6yPtd0Hm@BiZr_~ zTV-7~eH1r`27PO-51?M;)@o)5w`MC&y~#l%T~ebLJd{7$p|R%scySZJ5mZ={fRH04 zO#Sw#XLrXtHZ>oHOJc6;Gr~sc>du|2q9XS?F?c!Z1=72Py?ANAhe*}?ro?*xT(Wv{ z5P$b=wz=IqM6QkyZUrFMEaGN0bT^<|I6J>aOib+2vr~X-x2Q3KPrfc68)9Q_@m*5_ zQ7;GO2{E#Qtfs^dHoQlc`rS-lIp^5x!Bh4pgtT9pO|?+&mR?uV7AD_ZwL+B9JIj|L zot(@?6W?V1XG5+|7U~KA)_QW`1KW+6@~rj2i9Z4V(wRm_zVH`UMD2zZ>-?$Lia+po z7ZfVjt$}tgDtQkhHJ}c?;B_Hot)yAk<@za;0+U2+@bpmXkLi~n1q@?sHi8l6c+4>3{OYbrxRPNo0;ItN}}gn=V`j z&(R^l9*vfbg3nG?zZlaU8vXXvex(y?Q!_a)mlVC;#P><;NGdDDg9m1JBFx)2KEyP| zy44bdaz$@E3OH7Fhq*)UjYv`~bHr8GWX(gjBwAQA-t*h#-B}v(d%U4DM>a>tmzQNl zsGERn^3a8J!@AIo0$c8S1lw7i6w23+j3?6>?8eqq1qY$0m`J-ZPHuTOt9L=l4$?oE z2krt%G|z;NjR8+%CR(mX8qbw#gi^T;CDSjU}>eZD?rn5S74d5n->6Mp8Kf_6^ui_{Z7{h(WQZs6>c4Ue3RE4 z!C~)yIjn+FeN{U#{OLKQ1h+dsxWk>{Hr6XMo8G2ih(R730Iv39E-FoEUaMXVsi}*m z^ISHc0LsbQXt!mJX*)pU@Y&>JErL(DX zut~Rfu@uH&(*5sS?Ji_qHoh?^dLi<^_dowekMJSG{D8K(wUR4BPlO7mh_xY1>fEce zYTJ$8gHZiXi;b0p?YXD#$D;<^pg#$U*Qbpe3uV2ok$uzh!ue0G>!nYBt=qA_JkfWn zPWQ86X++Ou(c~1h1!le;Cv&MR2BE$iHEVyS_sU}qP}KLL-$HSII^y_>5vMP#jHzCA zJWb98@!Azi{6WLIC$H@9FMQqLUTj7+^DGFXGdH^qHU^3X^!{WoY?>x8!ID&4AF}Y7 z2Jq$a%-knL-=F;L-;pEK*xgw(=$Tv2oN0U6I}C+0DvH@~Cj zyE=FMR`J)Frg%*Z5{7G~ZH3xtsiP%wQ_60)BxYD_8equQj;)!Df0imn%b@kQIf|9` zZCERkq$D+!IWF=lmcB}Y+Hw-3g{|I7P``Qy##!%Ul0~!0to|S96d=<7>Q9a}J|tAI zuGvT$Xqbs_vz{H4Zx}XDIU~l4v?1KA@yM*$3>}W*9{gJm?D>&oEr;g*%5_@MzKw?G zGM;>gOJ3~R&(~(c9qeqx>25`z$zNezv~gyxlvOBu(}infQ`+KLtOb8;(UP*K1h_lL zZ#vp7W{-nvBTvgwW}&`nXCv+BvjH3ysj{V^apnrs6-l|2{)r5c|-Zif4d?hpMvL_GBl^`lEv20lX z?t9R{=H&!_SAkZKpqxqT3!WXU3^?O%nAikQxDlT-;W1|G5dnqT@9+@xlp?e5J3+2E z)IN=;G)R*;wx7~{9(`<9>#a8@30Uh}$)wODp`jxIt&Ky_1R_&N-mG9OAPFMD@`ib~ z-l*^&`T&#a-gpJf8sEt(f3(@p#3%F@a`dLIll!8d1gfsHDq;oROgJKZ3DwV#6*IfB z%WRJhCds%58tn&<_F=^gV~n4VK<~YXX&$z(+O0lAZiPyiV$97q3SJ(-sQrG--?n`d0Hnj(BCfvMwE9npAy&GS{Xdk`c}3cQ z)xb9=mzsuTQJ+8CD7lWH|K+f?9XH|qSjir67id-9-Nm6^YU<0nig!k1>mOZv%mR!4 z-VeZ4xKBj|`oU$7iO*L~Dkos9vfJ8!{n~5w{R)IsMp4%1-rLUY@^?K@S+RuAQ0!(b zF()F7e|`UjE)9ts-$N~tEIV;B$QeV3!8?}e2I%Wn(LthaPfe$42nL+fkAQI|_L5-M|v-7yxBtJOCi zBy0%v8*2QGIjU9nSwCp2crs0VyS~gb_a2dxR-)Q&yxozo5n{19N;dsR5M0l^tkqq) z-hKGTl-%n1^N_To43o1TrH0WTG4R3nLhhMPPKG^X>jJCQ#`h=m0VKYBv{i zZ7uHBW43h;*Of}in+d9S($$nPK@HQ6*-SG_D`Hh&?@vX_)s+aTJ|EBc_vR7;zaHjC z`i-<3tgtk_YNWNfG?L_Ylya+7B6fFlTIzT@n;_`*h@1 zFALwHB)32XH-^UEE4Fbsv%R@-$1wTa}4chi5 zEDFj3FboAozb04>cmWI0hah*AU;AsCEGmDo*)EMsBI-^z5Gy9L+V4ta@Yh^ma3w@b znePf|!i};bm-jn-caVog?h=>uO`f~rnLz1{eh6k2`}~*xXkNSRTq}bU4m0}D=(L9@ zHdr(km3~*>_g{ABJSVLO*tYfu1M4$4>-;TwUz=}RgD;+f>xB0=z5s%XqcNj7)K8%y zG&JOe{lHphId8_dBh^)~N~fSl*0PvN%Q0#T^eFu%NHhsvD0`FPIY(D4U-SuKK9y%J zBDQa?f~Vdrcl1OcM27vNn#}Lmt8(!eTcP!mb-}v0G1Kw&*$T$@qb5zY0#f2XW@J|0 zU)SGgF!47IqBuB;0B)-KS-Q%Pm1&bu9*_97k0T}5Bxaf~&tvpeJMDBnUS6QYhpt=; zJRh4gHF(mrxJY>PKH_OlWC^r2*dD_n-93fxHaLPj3o%8XVD!~?rhk*)L7|Iy#Xi12 zy^9<)_h<5pKIyLG7!QK3sK#n{UrF$oX}@8P)$mfT-bX*pgCe zBBa3UN7F{NwC^h1DLiI^Ob!tY-{Za=9>+EA?j2s0!|BNTpI8+tYy;gc$xHh@ zuicfA=MTk}FYzSQJG9hs?Pu>jS5u99M2+3Ov=crS?W(sHSa@{pikw!*NqcHed~_F6 zi-3@~Wx1C!m5IT`<^kns*NX2^qxQmkVVI>SG<$hj?6MS{m5aPl!qqyKvTc2e%|bF& z&AjXXE(2~&$=u&iJ)m;w{!8m}?x*>^6*dVfvRBTgV0NlZiaLVw$w+QeI$yE#e`Sh{whT|9)Wxgl# z>Fjr?JS2729|9JW$xUko^{kJdWuFoxkHgBMet!0)dMaBr)=a$OD4#pE4ZgcqQA_dD zx(9-J=3i?(^Z|mls$GL9+&(|7V!gGB#-NPC%S8TAW$2*hV0hC#cjrs0nM<=L)8z9J zG}PU=1^bFJ&hDDaV`h~`fS3H<9Jq9{^GsVCb6Hc9{H&D&cyGzug)9l_!`$HQ@_zp7L4ZVw= zMRe-BF|C<+Y~dxoz$F|FQwD1C2mYJWf>Cv0c~=KN@I5@%pK9mrQIncF7;H$Ta@h&Vc-Kam1uyxxNZLa$G=t)BR7$Io(g-L7sX4@_`>D zWJ?eR`U*K4~JaHkBVhC$R^T%&0noY9J}JX}&HDYKr*r#c*$ z=^mu2m3^pm`M&DNht)@R<8|Qas8G?lUM_K{Lnr^U9bK|{XRH>-g-ugU!6Qg!4oq!( z;pAYsOm}lgaY%e3wEsK%c7nVr%#%;RjH zk($y@HuWpW`KD9?mDV90^|3N6t3&8<7oA_AHbp7WBj_{DwEm(CTGryx=$e zjPbbytTw;&!A&JeK6T@8WZswMLt0RJ+GKYSYvxdd;#$QowX(m6siBtQ*g1KNF95d? zocY-7(C3oYpCE@u>qjIW7O@(DbL%tj=i(n&89?puy;tI=mv%K2u#c~(22vcy3d_e$ zHmyHGleBA~(yi`!XnOTszF!f-K*W3ZTwt?`Yw|DX8?!B1uyN!B-m{A@X)?f#z^W}W z4c%V@qE}gm_xp6jy&bZ=Q)1@~V)={hZXc;4++Esv+N;24zbmZIPUV!gt4QZ4!R_>s zjs$lzj)TH4FRE|@&uG)vBG|zR6E9AQoJw8*dHtkOb>j~}ddtdm{i8Q(F<>E8crnX8 z{#mz4!(w6Ke`kKOV9(Fj95-gn5F^QG);3koJxiS!+iJaF&qCBSodc-c{oHMEvCqyO z^9kb|E9=dz$<$+{+e&mVWj!BG%zW)l@^sJLEyhfAcKv6LzD`TZ{G1D^|R+%m4gP7EJ!q$WH?`Sp{0#IE^S z_xjBh$}zxRbrFNADL7njSs)vyvY#8xBycqzZfD>klE1i9Jg8?7<8D&xoBjGMas}HH zp`je66jVDIqqu6~>^Ul;YZ`pF-j93Y=I6Q@%u%yDer4jkgi}(iPGlj}_kVVmoQ6sN$oc`OeKX-_lVXss=&S2<=0n#>9!3hZiLzuExGv)Eb* z?{GK9b)?eIyeX46Ht$sb!UUeRX8R`?E`|Ih9%9ANp0zx)ShxYO)<0ZHre1CwbPd_a z2s_Kdb%iazh2`v9^_tldT2`TavA5}#0qyWPR{dk3oQPuUbPkVTsR%)>F0$4UQ1z+c#(+PKC)w8&&#`24@4wE9bXIkTEH=^ zEgYtvFNf>jb$sS+!5I6@09aV7AHu5E=t)g%4__Hh^CBNvbi2Tz9>C%a>$2=lucBbV zxZ;ifsJMD68UH>p+vS&U^dxO7A&(|md3_B}{5|Wvy3Gus`b=Y^5P|k$0Hc4l2h)^#k9a}Tblpid=k?9_#UlYCu^+dVf_*>}m z)zYB5U?{?Fw3D2s-@`%p+Wgxg`oQJoksN=qWlo+)puxUlY{tO4U`Y4=qCzKT(mFttef8JqBM>*)&;>pp!(yO0VggZKd?P+ydoA*N-#UJMj z90|=3t2~za8od_7KUNRWlz5`D54IL~wKoh69dd`u@vt!0w}*iyfmd>8Sst$%!*|ui zA9n`#8K$$YgG((H$NsEIh!^E`F{+9B+&($r3%pY*wm@8lw;2$(wEY@hyxpDYTk$wP z|6t_KBY_a_Ibfd5GA54sjEE_O0;mi-JOBE=riC1I$=>$eLtZ8OO0a!#ZS>^h3B74r4Z20-b%4U)3U z8_VkIrN{o={K9|KY7VG+(&WlmZ~fv%%J7tYeW_#W-rvtt{3Tv&%RQU>v%czHE?sZg zIS^`&1`^UtO2YVc*j>N&K2}zo3|6A6;tPdxg13jFKZ=@Lkc4m_@Y!(f!ynFlapW5*;*<;p zrFNP1;kU^lzVgHf5e)BAQ^o&sZ$BaVxFDuqo86S>k=Q=78r3Ntcu*g9hlMxtEKh<+6KEvU}wrk&7E<+@aS{yS$vW(t)L&eJJdo?=S!i0jE#=EYGmPm z4cgQF#(8VEnxIIB2KT{V}wTWmr># zXJgfVxOd{`?1Gnk5!(XNrd8CU*aeW7-#G?^PH%YG-r!u()aNObKmx#5wU}&V}h^ zR))SaDL;pvnm}T4nr7p`5L7=`zST!>$w}4VpIH8D5Zw}Gh<|-Yj8J;!Tn%b7+Mn|C zpqOrbS`V-(q(t4Ncn_k>}Q8w^T)X@Y`7miccdF|TH^2I$W_~_O;RV7+n9}8 z#V5P1l-CK>7PGwn=deo*x~?12y=89SmMaavWUAmWqmX>!bcuLV6aO| zT+e~|CMxGb&_E$eWwr{3ceQhEooVaIU@WkzkQo!(IU;v%-&^^Rny0yIT%x)a?Du%r zt#0mfte>@utN0&t1=iS|dyt$Tmda|)LDL&4`l)OBl4NVLFeo;+;uE?jIs?yO&3d&6 z*TOaR;DVt^#iMpzwXPLFqBYe5k_)Z4>J1>cH)!-RPSX=$G_Snv?{zPY8fYr zXyo@9v_^-#PR#O;!f{TVnH^Ydhm<@Su(Qo}UXkpGpUye_dt(aU0T39nzAQmwKWC55 z%L;-w9$pK-MDQor6wO>$Ef#yjelZOR%Gh{H%iN&q2?-DBYG9MhF+K{IO>^KWzSko7 zv1vNh?BMb*p`oWy1`G0IgOlTD`211+DnYpIdPjR7vei{d@8 zPbzOzWLvvRBQ<*3lDK8pX$BFTfMLvCNZCep$ho95hP|XIYi^2WvAw2kP!W*nHWDEu z;nAiEi2uoge&_|N%k5`We1tdiveP}tJ|iVdri~EI#!K>}s9x5DZ{mgZs+E>EK4z#a z8U7fLO8^qXiP68h8ezE9a%=2YIV1y`#YXWc@xlTYp{vxQJY7A=nzF{BglYX+_-7p) zx!Gjlp7~&fZ0b-qk(T%l-^CKTtBL&Z&T}n5%^X2!fc~B+6CC+}ya0j$j`L;l3gQx5 zLR=P*4J?ikUYkCUBx`AXzzEvFYqo#cJh(h|{0GR=dx|yu7%FuG=B@OPYDT}Tk+2&t zVPx)|Yzi;L)A%+D-<&?~z@Xwd+VCi@s?}fM6Q9R%RHlX)}_e911TT5rzCRH9ref~E8 zfnR9%ELrQ}f{VjC@!irlos(%<`PFYg7nb%rXFxAWEi>W3;EzRZjeOxRUp zv&wl694mUC>mLvw3592=HpSlXyj_94AEeknw?RsBJf{Do@F_jrpP_#qEA zh+l3YYiD*P-#{KyhUQe2=u%ziS_zpHiwiKg_Sp)87J?D11=%u_5>P-wNC#_^A#=!K z)3aOC^&+311#K+ zctYpp|WzY!CwLoW&Ztv?@qFtVY8jX4t+*xUE}ZGc17z8IzV*T>gQmw zv<;q@$LKSbscgjVHJy8r>%9{>em*rL9!)ag^xiG&Yexyk;=9DPw$Ku9WYkaL#H>Z) z&?bu-v-0@5kk!7Av+mHM>&V{ljqZG%1MLd@hzz4Z(!IYiXJWV?kN%QG4hSQ*Co9&% zKQz)Bj{50N1YP6#oL>5puS@Q?V9ON#1B$s~D7L+dwWTv3KsZThlSyu!KhDLmrljSi z!sL4BnRz~p-dqCmBC)i-i{JC#aKETIP9hsSC|E?GK5BJUS{_bwOkMx6rAtt_KB=>z zA(B>R_R__)A^2#E?29^?N21uSp7VMBR+%-;Xd`CEOTl~8k7g8=r5YRn`q^VBE8DNo zs|};7I-Wcuc5*hM=Du+-_nM}x#{07|c_quwj=a}bRR{v{yG8H_8Vw7MYUI8y;ofH0 z{t!{ZBe!qUZenchRkTJ6DqO#9H4Ko#3$lz;l>7&2baH*nHMAUQbZFI4zip6s4cehi zxxVH;2t0bUs$NE9fwc?5Eam%EjKAy+iI0{uqLhOMipLIjDQJ2rQ0f#?w6FN!28{~N! z@)V~XYz9LvtZQ@-Od_{lrPz$I*2Ai@;q=q$1l_+xs1}w_Ny}cjG_g)rdViR8?)%X_ z8fehbPZ zJ@geJYpba$9bu@XE#?U+&iZY2R9=&JqW4wmj0c+Du1$3Ln>e+~iSO?SAPHiM+|4y# zk~>dZ4`8}TieL{QdlI$n_H~}U%-0A{D%h$b50P(fVc5BvEf)R{MAeHl3QRwf=++FJ zxN~1#of9*2*vL7U;m{DN?rl)>)M4RE>F@PU-k&k)UM?RY?bYtdN!7l(izu9Z^j4bT<&8lkl4zcRhDI8q( zm5Iay{`18K<1`ChriD4Q+^V+si8q!(+Gwtf@``8&Ma$64StR=e6ohhHk9HvDz4yr| zQW`~?ie%;^l6V{7!%>QY`<-r-8+FT3_+#RtSLHLIp1s2_t4Z~Id<*+X*nqLv;i}zTA!^Dv3wozg8T?SjiTLCp4qGlEnB#*d1mL0KwiOjW*Mpen8~*S=+44 zZyfF4LlA@l1_2GId9g(;#H67U8p(%?O`sgXQev@BTjRM9($)=$9-f}j^y1i$ZzL|B zWdPfC+~xp3J-^3oS7Aa0rB;Gl2*jU4;CO5!(oPzYn?^YgG2CQeD;Jl;-U0YkR&U>O z7c=m6urjk=l*?bj56zOZ%12*KzYzgrL4Q{jAC?51{gLu zP@fKoleYp^EG$POw8f}j*bj7MzooZ)WOmFfevX<^$OjNp2U74U<%4Fh1#8Jf+2%!X z%D-vq1s4>SRU;wV2KUD0Gjq#%>T8TLD9dJuM*~cjCtN{U>r|RF&*k+k{RlBj1(5`Q zX*`K&F5grPhhMVBK1>1M=zmjM8U0~OD{%b`y$ccg0OCRxr$DKGv(~I6TeFBx$rTS> z+cA5z3@;e$pCv1lB_B$90G0omlS{Q(8%jyPA!bJ6Y+odT>qccoYrS|dzQRuSx)*jZ zd!VUaW~HU4*lpn~lVV;5EAfg+8ec%ZQ!Q!JA`(oSg8GQNsdFM3hQSrg48JWZMwc+U z)iy6)1Ls_I-Ttw=)Klr+=6(6>9sngsPgGbP3i#MTk^?*mKm&etTv|gl&buxrk2fXF zxFG#QqFe6REA1+rP6GcSyiiKWlB5XzmN3WCBIoM83miXgl7zDD>sX=+jo~aGZ5e}| zi(Zr@g|0z?rNY{UO^sVTw<(<=Hm{=%CqQ1eauyyJE7ubV^7W8x!UXi^`-4)Dij&0A zD@sK#Q3{SyMOWqFzNYo7Es3Wt3k~8&#lyh(dWb2rHE%z6D?iiY@w{*-Abe{)cXLya z^dioh&qvpi>6R$fon%cAo2k&#JN0k4Sypw|-fu7rE;a!#@P>Y|!+6F!blRi69wn6S z0Nw~a;9XpH6U$qOP1p+8;dTjtteO1zIpViuM^^-hTiHpcCGe;G;{SnQnJM=6kLfY>buRh*~je*Ycey)ZskH{tK z={?*v>s_7M*C||BUb37R4`g(ulU^yRr%K8>bfwZAd9sS{4^gRw#YY)Zb4j-uizuV<7Mvr=uMxI#-eT1h!*9YxV1c<<_DQes)>Zikg_m)_0B4+2_DBwzKQ`PgC4JU)hn*Xl&a}V_(U&R-*x0>-qPU+I3aEzWmzq z;nw;)btiXi&Horzw;Tz_YWuF%PrXw^W@wCdwC=BJRtAHHR;RA}97^`&ArPjVE*aWq z-kys5(>;52O`U7cL@HF> zp7R%tp1E@)?q+hz;qaR?E2`9sb?_{Mc-%GmwBvIFSs z=_GaXY-0VCLBGJ(`ZAvP#3*T%;R@%dZe|hf3XP{$P0;WaCpZr&2&*kZ;JTyZ{4!2o zjLZy&&pHLZ{si4$*Z^GAAI^QE{AQH6gY}3xQ< zl`z+EZrbp!Q8VE~No$6}JK3M~Pfp1(%3%qr`!~(#_d3I65O|vi+2Tzli`u+=SLg}s zSbVOi{&;^C%RS|XqSL98=PR8I6oW55P@pXiGMej-_|r#9I)7_`u)FI2dtg- z-|g%?4{d;e;$59kR6$kKTB>EoBLXg~wyvbs?@E~QExCsJab+l*Sa02e*Vpb33-2+t zYJc91H(FeYe%QUJdG+CqIge?zVX7zpc>{rzTb)}L9%}+!u_OI`IEm)6=QQ=COllANzwK1s0v{f|(}jJmqe!OtUFxCub;I(7yW^_KJ@DdMxFD?Y=n{ zoY@a-|LTklPs%&KKJ?kWdD!2!;wPup=5&BvH8Z}E2ohGMmIJ|m%O|eS&ZGfzqY+bYk=i> z+^e}EG?&b6g}*Q3n$4sZ)s0)rQ@Bl`0}U6F&Ae$rU#uz%z(%^J?h%H|&zWXsiQm6w zQE#~fCRp#=76#WtRdAfm`InKeT!E%EnfB#}>#XXn{T41>8=Z1D@PxaWX3Ml6O0YkT z3WfP-KA8Lui@2Ke*j#2qC(qF*$qm}c18~W8o4?Nt8|a&sH{-v2jS+n&(34EOkGoz} z*0t$dM>O0pm+i{f1&lL1f__W~^P&1R-PtKlP<6iJ>E{JsI^lb&7CIqjYTRqQtOdk) zALY1b@CjEhIoZ$%}Ux3N`x)MjIY%>;;0**(zZBHQK~tV?Io$ zlL*)&Sqy;f?%5vwzvuZC!&ykSV2oY6CKCWjW$D!0R|{Uf#rpq^_VWbV7~{lc!pmp9 z|NVr3b=hOke3foVor7QJ_-DrS8wfV(;;{|F%B-U9?=T32DCr zhx^2}T7(=>v>TsGa#?$J#Bt?1_YHU3VsT%f+@wR|*tpKT`cH-#$+%C?kDU(E-392J zqzqs#j!XCM|7+q;4gKMX@IC|twQ;}_Q*%2@hw)!4^)E)BzzjN80}t|QP@@v#_bg@G zncs3OHZ@^)UeeO*NhumVeHB6oZc?Fb{=&=#p9RiF9&UeeSX=Gu?VaA^u?+|7CG)r= zX`ODRDbqbO#R2G=6`!3YK8F(K$9b0jAF{YVFgN}4Z$`tF7^hW55yxbUJGth?Z<_PM zHXl;E_snm1lgx4HbIsi#cYoWxoohp7+Yq`NB7ra1%!Y*l{*vFCJ;(U9TK{>WpLuhU zMp(87Q&+dwiS)jfTq!IFyZO}a#Pn&x3qnX!h(OwA`hNPxjr9GJ!ToDB(hmCnTGgMq z`oZ6%JvgA4Wb-Vm|bLV0b=x%2xSIDC2au zcXeU-Hx+VY*b6D{&vj}0O1QweV0;40IS1E2as~X?pS-=$9dxw29rfF_w1cZEV;jFV zCbCF^Y!z)$`vDXDe>}ka54O-he%pPHhOwZg@r2pMuzS)rcctSC4z8T;@ybr#_Q&g7 zATo)ih&s<+q#D6}3(P1|l~$&qrWS?`_L$tW$eKz1hob#4U;eY7xZBVOo@F|zTb#WN(4nOzbIm1u2z(s$t$|~vy$_FRD>oF zAhJ!KRsH%vmN9Z9j%QX>aS3FgGq~4MdM1Bg85cYkLYNB?t6unDX1AyuEjNl3wq`G# zs>7)oB)=6BXah^$3=jM92)58}lEHP*Xq~O`=9Q+L3;G^>|HH_%lSj`OM9!+mS+xw} zw%9;Im$HSej8MgeBt~I74mM0^#NOAq+l7!}J@SWIJWEl<|0cSc=E|%OwH!wtG*72f z0&Wc_&#Jv;`0)xsCbN9D`~dr}^8d#_V7_p0*-d@NYK?=-cH1v%W0ilr0tFGTXF10~ z9Im?h7ytN=|Me$<0MV^uy49T-a7orpuCNe-O8%_+-*1?qD6JaWUA39!@%mq`gapH{ z(W-}Dbeh_0FMX%1^Df}%ZhZ^1Y);N-UwwB$D;PRPDKH;NIo}*YiSjoQQ&f-S!O`Lb)+4U3cb=IK*{&b8 zJ9e1vq|%{(eF+?6Oje{sjOl0d)9|TJEgsgrH+&jb^~Xl6R@?oNc#OY6{qX`43{ z7!LZ@r+$vG;)EBg(&XUHM$#ve`8@4h$cA5J(*8r?D}TJPKU<+l?m%05!{|-X2iD!) z&~Tgf^Pv%ouTQZN7|6W*ZkMsao2QP7ffuTZPncPcyx)BEV4C5t*81OfBJ&ncjIy5b z8_VZ!I-lF@V)&ZL9SIL*{1(884`VhP_g-1YSwV|&8K&ZjzrAHy75uf;xEx$Szq*$| z8Ey)uoa`jEJTsRU<37hiSQ>yvf^f<{X3OP4fA-k_exC;dbT!g0*w5g05cSC?0D<@c z+znb_=`q)AQlW&0R5%PJPO9IFy~>xR79aQK4O44Jha}Yy|Qkz z{P8ev82sbscZt0wyhl9;KIwCARE$_S%^4&~4LTF&N6ihvmj@xDcBtWv zx}O%Rk4k#^Lx`&v`T{ zA>j%E?Tq0&TzaEV^WQY@k9zPgy}ToIvXdw2vcx6g{o-O~ZfkZ+juVtGhZzWmu>syZ z^|%1~dj8|#Z<*g!1eVuqQ%8pC*FO9gTk$Ws(0q3!gWWPXO;vbAocaRqb{_t|FtS1>)Cm#@aV@v94o2H{+pC3Odi^w+{=IN=ND)d{2A(ieR}F& zOYxWQ-mxCFimYffF~YDcJ>p~`s7MY+ZGQTpE?cwy>~t-o0s5Rw4)M~@2Awfk3X>up z(B2Hp&nx4-(nIW)tvsB^Um}$uLaly_41v9X_H2jPYCeI!W#F9QsO^VnJ>KOTMWVVF zo*w^CHTly8;xpt?2~NEvct_{L4<$eL63_~e7)Tt%I^*}z?ZlD4l8%30l3w1(^n?vb zCg=GFruLUL2a$$8m;(>cxMvPMdRzHY^v4HBof|BnI^iEf76m4x74Po9kKPOXS>-xJ zV|VJn@IUuE0%>+cNgEk=#mPot_vmP%pvqKpzps|8R#0=`)q*3vkE^`#_NV1AAmGP^ zTeowRVNq{hna!chBUm}*+c!U|I`ZEoEr8#!G=-#yCV)QU4&y9_dCjO|qQ=mlzr2zW z-GQ7>831x_@$zqSp8hX6C%c8-0T*L0c(!idRJ0cV{=ZoNPj5Qie^~!73BMPHnN9~s z!0!&=8EZ3P-QWdK&+c0;Hcvy>W>uq!CCOi~*tZXyOYk76!}D(@Q_uPzCezIx+!C=L zFsb&_rbLOypC+BDRC+-*sj?AVV|kz@m#)Wbe)9X|*W&jcf=l-v*`oagal059t1O+& zuJr{@Qh)uo`|J9rNvBmMC=;4ge))L?gB>?KdgMMNT##C6M#tD8Wt~4=6xr(rKW<|D zr>8cDcC3^q7w^(ftex$~E>YA1?>M11myZ}|c=9IHZo6&^CIo&bn0190DuCgZCUKppLIKW{2|B3XgB zWrT;MtA^}=rIXJ$s}k=zW@}{$IT+*huocvj25wy)hP~G;oXntWDH?|q|t7~#_`7|kTGzjyo z86I0;G9a9* zc$*{bYeG}lSV8?5=alfs8^pmF>-!w9o%M4~T1m!8zpU0Lavxos9YX?lC70^rkyGcy-nBXyRYnn8hrvLodM!sAZaKlk^`J@1K1M z8bV))wm7^EA#Hl$?8IoFi!=98O^QWu7Sp@IqdyM77BUXKnztkBw3-won-nx|tRss3tDus+A6F564c|B4 z!?Dp6Rq6-Wi)LeJ2l(}b%gX;J(EO8)59~h(b?!H*Fz>%^^*c8Tr(ipiB;OI&&+$nM z7Eq72!}fKv>v8F=M~!nlg%>gTwX*Vy6_u7FTd^5L$uP%NBPkOp=9t3YEHlU!Wco7E zEqQ#yswYlplDy#P=pZfnX`8?m|K>=!j3BK>^ z6F!-$P^2cz=j5wNg=)d5H|DAfbJuapc>`NLIgpkix4HIkuJ2R5pYa^KQ|DyModn%5 zY)qV2`X;H@7tsjUZ=qWwZ|-KVftIN;Dpb#RhN5aBUElbr4p)Lle-3uf(+9~}*! zhvH>BGU}ruBH_)ig)x_7m`Y0;OAa>u<%wFeIZ@KYk;M`7`?bkZM8WEXu{*3I8rHCs z4S8Sa>Zp{}_KtpyQrqEq$c5JavK_D8S#KMByuI&wtc5_0~UAh zR7EQfUj{F2-s$3PK9&&tr}5$+ei8Xj>Gmay$JgC5=A3sVu4KCrGZht75-jFL z31$zjljTpJ&-Y4QfJ#yIyNbUokbCZ`m>fJ&GxmOiITmyKI3uA-lr8b z9zoFNmo`;s9}4Og@Q{6WBMr3$?h#c^9Jil^Q15gJ`e38PMs(Jj5eVT-Bbe89uzi}t zi*ZmjR5IG5btOU`_UvZqi=U4uz0U&q8ngHddojz;>M*!U}$!99-7*h%7p zvQyibGesc4{(9ceYM^(kneRGYBn;j0f5CG};s|OSyI-cb`>_-M)a z|52PjQT45hk&EIoK8+=#=9aKaN8259zVEGm_}o}RTN-51*8|-Z;hM!SBVyWO1?}C^ z#r^uv8B%RdK2JK!l*53-?uTj<6}v-u0``_=8Gl!V_(|xeLMdl?JxC?6Xk%5TXa#(W z`e*W-I_~%`6OPJD2`W?HHMt=(OWfTF!(Ld{w<4T&oK%41Vn7C$! z;NF34g;<9(Q`*~iqJeftW#FS@hQrwV)~Goqe)XZ>zH_4X3m1X-2f|Hy0-cnn#8iVuCW z7h)55EDcrXM|f(6H@U@jM&PHjucMhNJc-KENA-F$l*7|IJk!b5a%NeseC+)wxE%y0 zWL%RH%uT*_;?!??zUPNpBs`Epw6F7&N_Pkbqk7t#(;?=9S`{5+P=2 z4Kv#eW0I$~@hI)03+5|^D%xj?5X|$l6vna!0Fs?LPo{>?pq9v<&f?C}u>*(Q?W} zE)iFR^Mh{SScT$jAjyuU7{aP=rIU|pR_NK8b^nOy4<}p%-g2ynq6+s-8wj2aq{;e- zmZrB!rQ?t)=#^XuqA0mPC&XR8AVmk0lP6?E3RZ`$^Lk%xN#pb#Z}I$^bAOq&H(%98 z_Tzq_@`e}lzQ=(5zV*cK-WH>BTbntMZ}mlmFwHXBEc7+gEZs2LtO;m^)t8s|m0_kr z06|ZT(9yV(q57!;*qz#7IQldUPcRQ;Wc8=n-s<(Z0F8bBmk~g53Nm=g6Bk)&@WZp_L?~RLw zDu1GIe{^+$b;p1B){g>UBty!eOw710tx>ar%&vObv}FxV2pLy8O2Fe4RO5w{q@n=+b&=Wjc(+;yoyq2Y zh0QAGtq9!9)@1Ln-{EC)*9_Rj_jIaBL1mdb8)xT{{RL+C!{rN{PD*05A1KUgd6^Pr z*P^OJ#@vXgOyeA0$FpVqzJqB~6td5e!=;e6{rHH;w@ET`phC!vvT_nJ&LPWY=)>Bn7n+%Fly3&m3^e_9^cSQj!L@$ z6IKzk$4k1oS`W?6?*^>s+d#a+i~0*q)oQ%fE^|sdGp%aO;VRK+aoF5llc&tg_oV;0 zS$}3(c{FI0?>xRF*3Ht@%i32xE_}2lO#g%v=AH<n()Ql3gGMo;v5z#`bvwKg4b9U6!Pc#ZAwVq{D4YrVCT<*|Nlo^3J z)r+WdiNs#jVe&W2j+$!jE_>kBSdu8KS2i%3pS%?-y*?h_kHTMq-;}_il!|dl_B$TD3Cj+*(eVQEmw@oXeJ7q;swGnA8q=Sv+qc?> zhd;BllhNKLAk5`~pSbZBRFE71COT)de2dJV@dzMvCd?=dZ?J=20E zv?s8gh{tMxHAX#UA9BNdGEDq-m`kl!N4w`2oi7@AyUgXdYBrnomdxk6e!Z5{CL3=u ze*)uJT!OaI=;j%NnfZoEf=LE$sKSUPVMN^~QbCC0YoXIHVg3Z6w!cXC%lV<2FSp0| zoo=M?C}=2Zk9w`zls4HH7sl1+tzFSKa}77F+;QUB)o9ndGbtewsZyJANrAu|7c9r+ z66CmJ$sAO_nb`h2nv*>%`-F_s$_Kak7 z8EwmRfkJlWZvl~=pB=RlDn1=odyDox`SH3&ywUIkI~MJEHxa~`PbFHs0}w4gn-sSs z{itVe#7k!>YjSY28P56F`sUc;4VX_PZ!hV{^6rfiPgAe;lYEIO3AJ@*v2AB(@lpD1 zPD79jvB4h3O$u^XjuJSp1_wJ9dr}EtnU(>WH?MuEK-4B_DCtC2!5|+HaoHGA)My#K zXTr*S{j=5xWT?(j@$yk3rdnmD*jYfWR>XgHB`l&lc+0xO(1> z4jNT^OG%as#ZltKFqhddm$??>KJb%ymZiy|RDLhYe2F6zUB8`ZD^?0AaMBytt zp32wbcvGJdu{r_&a6sEf36SIi_oN^Mo?}17pCM z#X7hEHqUb6^EYR?o}DCVS*0cg_mJ)7@h{T69CW_Qk!Nvna-f)o`dT%jbdSTB>kw^5 zU~v?&3rgj1vfrBS9{-wT0Y^BFh$BN+hD&&7Diww)STr~oJ3<8LJ5e4x zORM@Ae?{;SLk*|>UE!g-7!{+YLQn(PSY;;Iu#9)Uc^jPo_gj0=Yu@*4N5*+n2oBx6 zKSluffZh%wK)DFRkoK67FDsL!R{8SM-(Pg&mJjdve4mxE((Xpa^=7H5mCOoEQk&Q|>jADxhM+9#g%rGVCa4x`h(@4mnz<9^9Ni)`z@P#f(4;ZadB=!p zO|D6_*BQTwEn<@oWUahUE@n`C1eCOfd6lVR0-L{F={%awC~jq6Z2VdMUA6o{km&UR z#BjJY7YX+1*X=F1t1{G-1BVHlMu2z{y^)3|Z?I#u9wn&_Y zctA@ig~pN|Hbo{oNw(Gy;S$9`VOPnC&G*aAdwaVel>btQBAB!_Oa2W*9rqObJ@f;L zD?;dJk7-US@vPG%NMDvl#l_Yi8UYWvJWbH^L~m7NLV!s&gKFL%@ItiYPNR2nW(7?=>OqA=7hC8Y+LxqI4Ee8@m&wx329wDX zl1Df22uPL|U-e8~U~heUlvbIK)N8sgqjBV{$p#bzF7jJ4XRV{Bx#W9NA?w@OT~5U7{d zUE`FS7>Cn8A~cKEJ&v*6aB$sq;T|BpN_K&_i}dZ1ZdH&!Dp?Bq!8hSBM4oRb95`3d zC;P;wf(^`IYY%0!F+Kb(y1^EeP8e%NHn5l>Vqu85{(OG6m^-J%;=dw$Fd!m%XIF8%HKrTUQ^$7bg3bA5bR&y+Tyu>2M@n}&xJH$e*oV*dW z0ELZ(lByp?%awF+OKT(iMQZ!eGA5r_zfnmQFZ~-f_B~OiS|Ion6q9c^_%pZX*z@K~ zzp|h*flQr#ANlIuSQd3OOs2+@p7vGk^17zXED=X+oC2~2*9WUV91|<=4EOZ}2!M%d zWeFxkWVV0mu$Aj>PT}+M70(_7=@E z*#gzU(JAzzS-!qxIA^A7R_GkJwi9e3Xg$*fv6k(OGEU)l9{;;VDK$ zTm+abZtT1E+?+3GnY^{^;`%*SrsWH@;qDC(`>{6)Gih_;tK$i4K1kuDV^TH3l*)Yk;`n2UDZ=W=H9K_0&`=gD z(v6!1IH-xpao=H(<2Jnbrz-xRzfhVu@;kewQ)Gm+Lom!eA%4}Hku8Zp_;7FbUiP>p zCP~sePl#%jl?$nMy;c3J<;+WjV~S)2AomzkJxVJGT=w@^JI%gEXY#^%Wi}#&9#J@$B0VR1a-Ty z;sy+Iet8RlLRQ^y3o^Gu!A5DLCfJ?OgF_0?lA$newp`7Iy7S{D^|GDd3DKkBg(+vJ z^3ZPRFB*wNOpR4iM*^xv%6Hv~_YyDfZ<PsdtuiZ|Pvbzk_W7r)9h9(Y* z(2OtNzT0G({9f8U+9Y}1^OLuJ%hoK1Qj&?UQKk1279{D^-&eVkzNSB*8_7`VUMn6X zl#}RRuGeXQkULgF^z{&ig27!VabxP9(+oGD-vas}GxyoI%EnQYYV)4o?4ahneR!$( z6agT|drNBYOj*&-i8Fx>d~@AC6=iPfwQ2rMQDe_;1zO9rOFh;|PL^BH>Fapi>=Etb zfsX}h`|)|cdQlI!SUh$k$u~AJWxI%Z)pY>{9PMhZ#U9S0cE)G#S96x^_BU*FIJ-}2 zn6Bfau9#|hMF)KRR^@|`q*}+p%!h5OXw$tEcLivGiThdrPch<=Civa{&O{0JX0VHP zJqpN5JRg@?!(v_iz3S7l>36GFO$cZ7{6kI_*dle3t_@7CBOHq7B~A;pf9%jNp1#aaDH$KQ&ZuPfF%wVi0nqNTMb&k-c+xj ziWVNmYfztELfLG{e%*73Oox!Lo>crQCd>Wgnf$|_38F|LqdJ|JZ>yw+xqxgpvS*KA zydL%Ni>NeEfGMja;eyH@=ZDhoEcuHXl}ZAGNhV)^llb%xE&v!1S_t5mteN_W*j#ii zage^e3j!na9aM`}t0~{{H}x`zWrXxyk{5V8^E_;9GShm;er`s((D)Ul?3S<@6zkM8 zWoYaN*F<#@{A5$XxDUkh^=KBDi<$5vGCEu}?ia!oufQp_;WBaMgIc#EQ0w07a-84V zBfXfct?gGDQ4rLZ#^jbG8e=ObcG5`Lx<~vDD+eY&$U-H7HM$A~6u^P=Nuz3F0*G#M zZWqTkfS0;1nUiri>Y(xg@t1?7dVkkl^j|v3c0PaSF&NbhPrR&AzY%(Dt9;d7X&LE+ znR#os-WJuo%~Dz*A{pZ8IQeMFWu)}hsK=@RqCwV_a(vJt%v!&GFOPG!ofxj(T++}ETURXuxcqG12Vag-FFZ!yYTFi*#BTf4(` zSwkL|AYGnA20m zA{4zBcMbH7%Y&gIxtZ(GZIBCzUlw}tLlXQKw&p~j)?17RCb!X1Bs#rwIKF9C4xz|b z;V>Y!D@SU&CcZe3yYEwf6YZu2Pj$uY=)Wf#a9h$0@HCVB)^6^W$gPW}7#bN#I|&g7 z^F+Xu^55r#3@n5AqMsHSqz9GDWo9`t(deKOB_K%W5j}Ib#{TiyOs9O-t#2}J2W8lQ!H9rs5J3W#m5fp&Cd$9&-Ek%LOoV_%3w>!sHJ6X|Pn_J0Z=y zyR~cI*E3`|Y6Nqp68pm;KszU3Cl2*(m7W#MTHds|6M|%D|3vY(8VQ92trW9-^P|tL z0BOq(k6qCXQm+^?fi~#m>f8ltA9t-gDfg`FZZsZQ`jNm)4sVX+Cn|WOpf|{+lb3cw zTnJ49WI?@v&2M{GlQ(Y#IIb92a{gJ7^FK@405aEdj-S^mFX03vnH0wuSy<+BKY`Ll z*OMiTWAhh14M}-7$dnlTU|A42u@j457~FrwbJ8mdD1xS(4)*QUI*EqovCT){eFtUV z_whOZvQE7GvM?_RU;Blrn`%%aYL`=Qz^FN(7ncz8jXk?A_2!Lf{d3?qb4Rk z^z?pmpVKc#Ad^TaXJdB#7Ek$hfWn)+9hBmh$g*?pr?==Z-2t9WS4rAKCcXf0l^n9q{;DdmM?I0?JslXr zT$2SBT?VLq>q7)S@yY0w8ZDoC?HAmox zTGFf(tjNahM!6H8KXE(egp)BtV+nTVn|{uj7ToAETa4&X8O=Thz9+va{A#}!Z%r_6 zU35Xq`_)=nTU!(LYuxS1H2yBeD6Om@&8O?|RhgQIp9Xp;-DSNzP-R+~!hagu#lvfL zQWI-4UB=EK%Uw040)Xd5LZ88vs&KcAeK6-M#xf#!p zB-`iQ2R;V^m|<8v6#=*+ngM`I4ZQp5bvQ(`cnUa5mSVqvwS396I{ysWk+AnZbwS*Y zgGIFLvLb*|+>R(v&wmq)stn#d5^2!D9ei9!ELW25IpFx{4FP2L1rAF68SIm7yIB zi{6EOKMyHA`tk2*DO%}0)%YL4Jh~8Z?)NP3SrS-q4vLb$3Z4Y&jV~os?DwMKSE8Kc z0nB(u!VfH0;AWc3)E)4h$!B-kjZ<#_bhTOO(+>bvgNTofq(tUR@?L^?r*t#3!Pg^z zbagy?)J~ItA3p^NVIa4H@XSM3F0n1P1? zBwo5pwqt^B0_a^LsCP>*=hV*^$;A#3guDqXQXj7v&(#7D)p7JwKLFghc{1rrGywGn zv`uk^C@zBw{#76)fbr&hjV zw5(4XLnx;t%m5f^gi^r1a`O?Kh4Z|s#H(L}CH+8GOU8!MN%3{OX?c2@^im_JBkBN# z$@2-2u7#v4#@4!XA(?X_<#hvgbUzzE9Hx8o<8)_Eh1tF>ZeL{h!>wJn14HgE{}pJ$ z0HpQ+{z`1<=p>o{DviNMy5gwDV~H1|&_@6yZu|7|soJj$AXq~d z>^V`Tl?yb-*TM4h+IA=Gz=|QywFaC^I@Y^ZsTLk0am$G9;F93z>{T|;yVNuQT%EDb zDJQa0Iujo8%WHDbTvNE8K>AyA&35ZQnrr6z51MNZqvC%7VNReEcZy_bzq0{4aec4R zWt)LOOTNIt)b^}pax=0)UrzXfraawXfg!I;{Z3r<$cOM7_m=u|wdI}bPOiHG?@E1k z>~nQ;-)*mr*PdK|uEwkBM>mIti$b9LSut02?-B5;f>v!YR}^I+bZar*0;CHC5R}ck&UdZ4dF%!K=@idVyBB_{x2Rjdys{uafQD=C zw(s^r6n-ij;E^)}*s<$Pf44P{4X-8aEGNNkoM5aGGDfO5g>wm_NLyj$E|X^T%p8{h z+9p-yN%|qR=ubdyYZYYRVP;V6nneO;k<3lbbtc`1>SkgQpMsq2Axl>bC%s7X{8<)rpMaRc!-Cm2>Ul^$U&o z4hZ;V2TLrP&(m5Ccs0FYpW96cq-D4l#wt9GObAcGRJz13BT#198gS=CIbcq#RZHZB zMcc%`gfRqO6g)8Ubo{nycRw=){;e&eD*G5gPa7fwTSspCB zA8G&PC9`%BJn8tC5Ehw0dn5hem+f)Fg0%EZE%&wiuiQM`xpo6edd61Fwyp;y@8}yA zn+M8DdT&{l73d>UnYiT*BsEQFk;-Nh$~Jqk*41M2ygWyYQaw+5x& zqlT^00{no1jF|%#0DEjg9bqY-|BwuR%-s~#LWYR~^m^wxw!_u2gZ#e}L&#nSg z0G^FP-YyBOz@bu90KM4KP%->z6T2%Qi%A{u*IoCUp`BOr49}Cdun}NFQUTl3!<~l; z*spsOAxDJB#)C{L9CZ1x?URUwd4KF%nKob&^;MAn_QN{u;SeS1K%fn-4dCMzJeb~u zw5T0T$0b7~?|3$cb5V+7hUPny*z!I&Q7FXqbpH}g<4Wh)c2U%rW!ZhcYc>P&Z8cuwkr7zJaVd)``RQgDRJV>I2aH;uSt&yUt$T0kCOCFZUA{&GP&A~r zcC!;d5zdYicD@rlu!4F8k>A4D!mRbmXJ_LftYlz_H@X!d6u0rp@h~hhksSf}8GjG7 z)XmemyDViZM5VLtOyr9<^)y_d;W&w@_w|yUe#Lup@^I``UDswQhukjQftLCKWW8G? z96F4C*uE!=p3xp}PR`rw=up>>I7|2V2&=HsC4kzka8c%faC7DR`AR^CT%b9{0u_M1 z;)g9*Y7_FU03=D-Kwn9ucF!Rr&ND@a5gyBfor~Mu*E+XX+3NM`d^gaKxc#I{*4SwD+r<8bDXb2wD z74`$-RL9~0yPOn$Y;#1s4cvdQqF_WB;6(qP*;JYz^SRBba-9EzYJ{{!t#;0Xr@`LZ zw&B{0ccy^phT`xfm@KpN01RjkzTr=aeni0ni87jAwxy6^rNovL63aN>vq zi+(=$pO%@~`sYGrm81_2QYT zEpPJi3gHgnluo^82qn9mxixcGatb>Wts&i5dSEW=@S_fMUDh4%AJJHQ!0GoM0xIcG z!(r|LkW#ljRORAhGkcb9XF$t#pkM3&Uj{*BrXsVkS_4cjuM8Q;5E1hyY->I#pgjFz z>NU={voxT#IJgsW84z`W2>Gp7b--i?ery$eGq=~+(<>EUTKP11L>se4*B@N}PKOgU zbxqvd%gZkkr@nIn=(VZp`2MPSJAMR)E1_d=Ck!duZ$ry9k&H5<9)#ZxTu=R|ut z;(sJJ7wWO;nWX85n&{kw$B5ds8?saq4!AdmdZ{EKpo+1jng$qU@h4MCLwi+Ev6kOL z&pIc?z7yQ&(*P&PjvQYY>T@{ck=Iy)Y!KOr;Ci62qZ7^Swl&kL_2D)%Rc!gF<>?l+ z07qogaXVErT1&=7WVO&=;Z`+mfhLNX>~Hk7C2twXKz`_V@)*=g(Na;UWnU9<>nD_H11TEWQod45FNp81m^p~GL8*u`%eRoKt2EqxCGc`g_51St6&Ij{kX z-RZ#&+r)L0*K$FOdf@IP48kg8FvShsUg)u74EK0j8l?0a4dCU}rVBFsj~_0*MZ|qy z`-`MAZQ&Tu=OfG~=XG1+i2ZN`T($?8`QYbsiVeuxu3=vQDce!H_aJu@G4PxxR5JJ# zX#Zj)(54Fv2CHx&0;KeOVFi8WM*_DQB^`&mrD~ph|Gl#7UhC;@>f3#Q>bZtt9aD)o z@7}HKoOG7%xK;pD>5<&diodv_LxC9=037%QdWcGavVyam0i#vh%yq?Wpt~`FZQ8QS z5^#4v+9x$7p~A!d>(c?WCn9+x0!HbDQfY|yD0jo+X>=Bl0a)c_a> zC(6sK!Xe`<^p-Y5q!()NT^y=Ht ze%Z=fWz0)b{c2!0at>q`Iu*!}IPWx4n$?ehfGa!0R`u=k$V&jd6~_rK*%u*aCS@h7ySO> zxV6d7@{mTNwA0e)K&;H9U!S+f%J4OJp`NC#+4k8m(S}ICQY&vyl&>$4rER-EnW%y> z2i7Lf8IK_jp<7W!^ubX4h)p)ymfDZ35VZ&O%=hm+yG2|rx9bD2Iv^P7q2w!#c_A)i zA8?^@Wt>*l#Ssj40Br}K$nTQ5@xXnpyQI*+J$wY1p>Y$q5Ii}trLP1qPGf#?$SA-@ zj2E$nWpRC2d`~1Zq=I1$3t(Y^)Mpv6%efvYNe8C1Yrwk*2%qi_^hK{ooPFV)lg1VL znBFiY%>6-c1}bM^{funv=M!54lNYw@KjP+>2J$=ovfQ%q$|+^;2}!b6MEvSjs{s7H zXS|5%)f;R}>jF1qme1#*Ad7PPWii@+DW^I>I-@Dne&>nUiR-qJ*U14;C9wJVGu!f! zZS6^JZUSk6hSExU!Aeq>?+2TB=}HF7L#TxKV}tFBV?aPZL?;=3?%KuXLu|}?eTZ{I z2Trxm^TBEpcP$VdS^;cL)|K=#2Se`gG3P6RNgvKM8rzvC07xDX_AYk~eM%B6s`~8c zGF~%q#Mv$q0}RFjCCIp>$_*9y0kaW2btR`fhl?L+{{hZp$XNTLu*hD=olxUTuj_T0L0Nn73 z-asm2YFfLsGXzlsY`@CkQi2rrAV8MAMf;kpq-%_ZEGfL@lzGq;0a{;|UM?XUfzc9Z zd5K3G)iA1t!cNRF>w!ZyDFT3zJ83_OB)9NJv~;JdSON1`)3HG2@|!}of0rmSb#1vn zH`)Z4z6Mz5v(%XLLlrD!V73q|S8d6yh{f|CZxM&y%1l(Lp@ya3jSqg(GOqDlO%%H` zoT?oYx0p&K+i1JV;We&*e;z}d1}O7tQ#U|=8RH({_%O+93-cYIX%ah}%yBM%UB;mZ zd%xMitnK5&52fT&cb!L*m`wesHxt70+pl(MnI#w?i)pndiVsb?o zShyX7W}|a+V4u?6oa-G;q2kE}@6t;sdSntn1Uqv<>n_-i; zi6P#{aJ-Nsk7=(;YFlBDPN&VZ%U0~N4Vg#7gq=pquLWi$DtEG2_9=yHYbZ!H2S|V; zH6#w%M_QJ$_eeVqPX$@*q-LupyweIOm_S%t_4O7QmH{!zTAvN_7Hz2H9X%AcDJ`Q@ zPnve;$(#i2c7xQj9@fr<+(rp|Js|b1m2*;KM)oN+0(<^)wEvJ==XCyI`NYK`?x9tH zkadWTKNZMM?jBjL1NhoqfdQA*(%Zjt-2BKc1MIIw=@Y`xGr-n$NI0Zv)tPs9zqNL< zec2BzvWPpgLMHq*rSFps^GvUji9ajz#XhEB%KT}>ct)v)1T!YXP|xjZlC+b!p}8nP zP3zd01+51>?0(XfLWhk)`WB+{$E5;z?gSifwS)9G47T-fv;)6Nk$EgyaM&R+%L7PX zi~OC8CAjTtZ=i=Mz_@#sQ0q5qeK`?!bHFe^1Um$Ie-)C*r(br|0aUgNsPKBCuP=~# z-bWhyLhG{dr=0X@zmhYC2A<}#$4SY3NU7YOkUV7E+-hi(GOK^Ly#~|*?SH76mDNdd zzJ!{CQX8aZnB5Z`hv*2QV}OiclfZ!#rg z-MDiDfl~PhF#8Lt>piVUcJ&=3MEh8-l*)Jh^EFL|e-Rx9{&q!)exv|#M07zt&?JH> zi{sKAa2lwaZQ{w19k^ACr-rm;K#&IL7*Rzm!V_*e>=n8fr7 zD9x;`NxjkumX_qX8LZ;;DSlc@fh`DM?teQ^>!mQP#K zw@{c6yDoc{`D#B<_$tH$frd01vAYHvuceQ!2WFo=rj3%ktXsA?@wAysRtmm#jd`z6 zJqc+$l|ip-ANc`fUaf`~Hn{#JY?=SG>___plz?7Vi@VRVTSU1!$_`cLLUE=+^ zPx|%YP{l+KEn*41?>9L#iltNhhU?6ozJ@N*QAoMQXvWYktsYPq(~Gttab$+e6dTy{X}aq_@B$P2_iDla>E{5zaV$^r5-DPs>Z@A(uKkFjOY zd0T!%|B%=#+WeU68Wk7|F4$tni=V8Z7Hmn*K-ny=JNp!M^-0)tNj8>IWd9o8{hAJd zd69Xzz_x0FWn9eDpMxnsm`flpCB9Ebc}3h5wa4e^E76ua1{Bag&2XmP+rwr2k>LWH=+xHjzswjJ}YclSdA)fWz50%hZ7P z%QhW-0Yk~5^g1IMhEw4Rc!OGYBm3eFAXpF*HY$I@epw2WLf^b{wMwjC^8_b{BbK4r z{!=9V!dLnj`_n#PAf}UQminkwhOqBRON)mwVl$e^DT`p4ea-<_1#_L=XI`jon0yF)(Xy*`gEsk(GFQRttokO1SD76#*v5Z zp?9|z`$*4DY-|By)e?woYG|;vV)^a|<%}D*ErJn_z69?RoYLy$FfveZ;7^<2Rx2-W z>;i_NNH&&0H|hp^oR|r{OhwYKNPuUSIXvcL(j2SkRj2;SwAND!_u4vZFvG$$I6~@) zoLP@-r_s{R?FepR1}=BaI_-n}#}x=Al9W7|pA2OL))CGwEnYn+a5&tP(3t0AEOxjI z*WdD8L(gL(Fn)L6drd1oEA9*D@*ShETH33c3SwMY%Zw*9pOk(NUcBcm|FEo!m@qG; z)F1BF`KD;SR;LX}>Lc9)R+44ifMys%<2+E@O2h z19mBLAwnIX>dI1M!=|Ai3+uWG2?@xnYJXA0RpL<%WMa1OeH@&0P}K&+Nb!|55@1T; zK5j2>3;8gE3ZSi1^sZkyz-w(4FpF31{zIWzr)} z>2%5`b_}U6``ZO1$4%7xhWWFSukKlf(vwCU!xKwNJy%Ctb)tcZsN#>F6ifyna|26} zdxmQ(4PzowY0Ys!25MYXvy^w9_Tg$Zho5a(-I8MG^PKR_PMXYOv{$g6>^1e?^6ta>A2pu<6({!${_s+5*t zk#S{LN~--yc)me^;E`*)Y*W}OwbeCTxUZ&O@6|MzWJX{Sk_n_J-#lgDn@V4125=sW za8`7A5s0deJ^RYRl@;fG7SfLeTabMcU+d9Y?L@F&{=Z?)AAp~wH0+7Tw7k&#j$=dDf5$+Eswfi61y0+?w7*0R?q8@A_%2-~Mr(=X2oDdj=Z8(PX9uj<4_U0h$~!YCiUy?aEhLLH(kbQ@pp|f6}OD zCKpKhx;$uv<2|LSMp^pHiG3ygZ}O40x4*lyG1ENYKb=MY_Tc0oz1`tS0a)P02_H^q z{jD%oZ`D!+9!TtfVKnDQfT*er^rlR;43`QF%3izkAfaOX?%kq2H^(}Jg+^%tja(tm z9EHaBeE}n|TMv|d<1&{!-(UM;88l=w=w%@elYH#&-heAhb(otNo~DLJUKaFpr$jvOrO$zfM@l73hz@jABDs-6F- zUSsOx<~Q_)Ks8~0Z94I;Cos~|10!3wFdwbX0;=P!I%4x8fMGRDY9AsX zL71?a`7sy7!;|gf9urrN*1m%>`|FRoZhm9S*=FD}LIBazTEu-vybmT-gj~H3%yr#h z`D@rtrY_IHiT^aK<)>1}|D)}#!=l{#eo;jP3`ztyFx|@+!5ikiU>2B!~0qO2W zL{RDOkQy3cgrQLe7-<-CfEo60)_UKw_j%suTF+T)U*{VB5x8XLzJK>OKfzM0*^?w5 z_kXHVY5Z?hs_|OM$h+6KTZi;7XS2vjCC!xvz2IFz!RJEs`J`#-0;XZo!kf=3y@t|7hZ*2DnLs!%%1d9ubyc%{ z8Vz;;6Jxr(AZ4g%*4odv*hwcQg6&kWzE@-g%cT zh-_WYBSk#o%8@;~Lc_(!_8YR)Np#3oLMJm?=V)AM40x}V@NZrnv!4GJ?F#PA2qphRvXO#>&kv33Sp#6K{L>yce<<##L(h1t`OtOE zwTqn0dbXi@HWOW8)D^biXSxk07?sr@zB!4wt5+5u8;CM^p~3C{?Fwu@`~=sIVXDoZ z`vPnDSrv#_4bDcI__0`RAyB8alZI-X=0MLl$DN&v=l#xRUrK@}DL=KL9q4E33!Y&J8X(&WqxQv_Fh#VPKwPQ>QjWfP>UBfTclP zY;3G^5TP;{@Y_fIZn`FEZz*ylVmnorhW8@I57;exrM7OG{w02ngixS^P8MlGMB3g` z6*wF|c&E?N`_xzNjO38GTX`Y?M|qIr7byM6?hgUA#m2V~Ci*STO>CPul!;qZG++Cb z@N_;6cFGA#GFXEE+n#c|XW(-Bj4*w7Hw6|zX0>ybkl#S>#GLB$XJTQk5u%TsHT*uu zZ)!Ow2eL}!!Z-mDO|@KU0gio)U*D*D8(mXA&3SR=td?t)rM?reg+6BRXh{_k$-$O` z%a=cIIlee!LRa+S%d?wX>|W1r2A0S+i}Y`R)_XDGxf;K=wQ!DRE0OMn>dU!DbT5TN zWD?_s9I3r#XNX$6YN#6Zz(}Ol8mvIaxBfdK|)Dz2My8ZLpCONlV3&yPe40kffP~18%M1qTX`DNxJ2ho8sSIFFYa@QPfp0XrLcZMOZjaAB4&M3rDaqX-UCLU9Yx=ZT+5 zU;-LSv`Le^K)kZJ--11-4X)(45t!`dYVQmEUI%j)D$*Jp*m(@L>Q#R@KU%Z6FK#1= zX_f*pOYuS-l6tVE2+PwNpo7$t6g?S|+I`HSS&}gW7T+ZeQ5=#b5-zKE(zLY&@6x;| zD{71-(4B1Zs9b5Cg1G3H`5XbY@PXvUZNZ*ZL^U2l4e$r?yof&QkGPB{6wZG7TcWAQ zU5;}Pm+QsY&MtyO9Qo$!ZCXOzD+0XS#=_Hazs$CO0@;Y*9llQ}{*dYVmiu48vlz&hN~R7wh8N$p)P)P#&&?E1 zQ$v}Y!8*FU(Yd-vzqz3hMSQP5^IMo%;uvtwQPc?dA;fNahCMt~k0pnmez$eom>Mfy zd-UbmCxrkrh}Sy5c7;hOmtKRA4vlte3(Sl$}?W`wY5JbiIDx@~1MrBP*95@*-0pFi^5M0#s zJy-4~mp|dnolM@(rXdx8A|nLDRJTj(R|uitIX8JXBy+MZm@4j^pK5$9BaOGQnjB*a z0Uy0--Yih+hR`PTPZ7fh-xVhpgy`-2TweE4X*m&Q>kMm?_@fJHw$9fsSB z)(nCQDD_+)ey?h>94TGm-*EH$M{U-9&PCzyuV#(?UjTr%p(8Cc>6sY8@&26r`>Xt^ zX{dozzPFl)7EFQ(`%l8>1c`% zqd^@L_|lkW%I`&cpc^fS?6C#A$!3SXV9qo%^8t|sX4bmyzk*n&55XIP^yO#IA1a;v zMdkmb=_0^d;+NM?g-9M%yi>wU-Qk`=*`ujc~k7gAa_}jG-wYY7~fmCBi zUT+E-hC#%vb$&I+^Zb;nDF;6R07q3rWOjVr8jSc#rC)F*;mi}*uh>_R=gPjV=`^dU zIuQ=oYQ^pIV!#M+oyYRW=h)uSLZ1&{OMzdGyA71A-@89P%v$6>mC#Q8-7zn_00)1| zNt!g4qeXw`>v=;kE2uvOjmaR5gMOV`%Ua=@H^0+j&y&|S!DP1vG!v}HZLn!*!2Axr znFdxOUI*X(g=_!>XzpTt^C`L?zii#PAPRQ~trB{A!`bhZom8+=iknm0uP0Fi$C7c} zy(YS~sC?ruemyy@Tfd=$CMUq9q3>u1ISUc^Eu~lQWLm!v#yRRJKJ^#E2>#cYfQ~AV zpS1i#M^*R#qmF8=GKhf#_k0P?ET>h&$QG*vzNL6 zaC3yfZg-H+uIM$qaa=3sgfV&*O;(%qUej)P^FsElp7=R&>e~WV zj-z^VCoMS2`%k%Wy2#;g_4No76mF&}^U@oZ-A`2mcbX920;4egD-Pr`a6`)<3G{Y94!BbZD}Szfe)4BZlBz zN1=|zO;)+y;)0<#JDICy%%odyruSOq{GbVeJE`#gG-D6i5bW2T=W612?LPXB3qgB0 zHhUWF5f6oWmSA2b6Va*O`Nj4@!fInm+qYE^S`dSO0z z7FJ(f4#6X!HYsD31BVxQiyI_hH`aGV?3Jdvp3P`=j6S%EG!0zn%@z%-!y~v zPj#W!B0~IrML>@sSY9Z~?O4+Z%bA)if?8C2J=f&n1j_S7Tl@+n)(_51C*UN^}ROkF7+k$m(Ky<+(y)Njs|I31)Yi4!8%9UiojFLiLwtr z3N?or#!tp8Ea9x>w!+rqk53~UmIIBpKY~@YQ9x4?w+<^n1=*HtdhRX{qL0@~8ym{c z_tT5m#C&;P(165agXR0;uBDevBr0r**IEffa?}0uv?a)_(M`PMy}AuUoz)3%W_) ztcSo|rrBX4buCzW`_dmI_PyvbAWFYpezHft8@Hf5by29!_GtT8i5{u%Zb0>ne-Sll z_m3P3QiripEkCddT>@^H;nKFr(|FT*N#y_?x0hdE7P129QW<_znybx;0GQKbmz5fT z0qrVb)m?SL8>)|-8^FWcKo#_JNOhTUrdQGC6M(Rx_u%U3jh+A>v=}A1`2a)4rk=I_ zE|Xr^DuG*TV)%v!IP75%tt52U!i(>(Sx6gxytd^&u09MPA`NpkThNP$<|V&)_SB|lxNHXW$)`;(`fNq*X0-5VRy;P-Wq)miT;ey=Lqt>Fq_ePK zrLP?x=-GEzKz-SB6NsdhG^%I%+3@8~*M}#X5Y&cufbxf|F=x?%z#q&b)8~Ws%FMLv z5hZ$2exKuWQmZygK;36u3J?r-nbd#Ty0QUodSy1zt))X(I4g0FOR@n|?acn$0fVFF z8JX3~Kmjzk5%#cD5o`rz@S3DkwU$d!OQxo67|k9w+3&W#P{@YzyF-Vz4@}Ec$8=a5 zw^efw57<-DmbUhwD@zsqJkHwG`$Z!kl~sZ+Q!i+e9GIDygqV>x|IQ5`5C_@$^QHBv zmqc2v-vCNu&eU!U+e;+px-~aT*khHMDrnxfw*q$=GkHIjGo+UYz`g0`w57K|%o3KZ zsENw{Fuuvj(+^OoX>XsAYK=!U+-%Bt#Ft7mj2~8PI`Y;pUfUIKy!9;%@bWZUc$5#=$&XHHps`+H7Mg7+!xr+G}L_bhM28+1M zE2S%bFMaMEHUTT{C$39-^V)fex7?12&)sY*H3eJt3SX?JI0*eLY>VguqA-1*{V~>@ zdhpA55T*)XIQ11%|MBdNpYzRZjpsJ--U*rk1LudC`ae*a@0>!qM%TYL%8xwW!Mwz0 zAP)ePP^_$7gIx9A{zmKsc7{ucr8p~1Fn3I1RZW|C`Ik)8`%wgRzN|9zHu=J*IUnEH zBFF^V)!cup;RQx3oBReo+k7kUP*$vXr&yAWY%X}i2hCz@ZAMpOk59&8*GgL+DCzlx zX1H|sV$dEa6n57`DPR&VEQ4ukPu1ROlSie#V=&-o{vjr=e4g|M9n`n!(&PPr*Fw7% zppbPgDkKIwXHI2Ck34bp00H}kmHfO5RKiq0LBBaG%+s_j_vKaf*Xbe4E^;FuU|Xe2 zG-(_q&RSr#IdPtt;q^O97gz$v^Tp=FIYF3^^U5DU2u?fBw88xh=OM>hpAJ&dkZf-F zt&qwJk6p9+{c#<=m^Ywm$^!$l$)UZ<8vxCV005vG8&v1?ht$`$->sXFxE8fciBRlK zw++pkRfXR|8}ChJD@WY8?P-wk<6>3mk?hMxD?@;A#v^3Y-~h|hQV0(p*uhWlynwyE z{fws?=S_DXU=81UR_VsNEs}5sIa{c?Og%+wqVnMBJ?@HX`&V~AQE!A@=U!D$7l|!a z{ZjSp#l2O85_>|(^{3Z^Os;6-c0Go$L*Pg+XNaQ)#1Ch@pz6GCHRf4MSnup5p=`_$ zy?s+G`zvysG0!Hin`{ z&;2@EpRC;H`*o0R-x6y#+i*7m*_5({R4Wl`^&HUE38jw znE42)159__H_}`xOjZQq4T3H&eR{cTJRpN>bLQ$SFUL$L3(oZ_Vqa8+wl916?yrp{ z9iTEfXtUkk&rGaTH1XQ=xF^+0T^=uasrPlgh2BGpFf3jg)h^S+!raG0hSYJa4vt`J zc$Rf8@cs6UD?6QdKr)E76`|`j({@S`BwO!fJE{@-*2+P_-|_fkn!!n0T}gnDuWr+s z2RmS!5~leVO)PSC@Xt?KoOz|VtsX2nuK+vIuzFJco44B)NY(_GS<9J^14O#mzEeIC z4Ow7ndU&0Qp#dPem%x&`?4x*>%)vwJ0^NG2XRW?I&X;qo3SipiQnLolp4Iqgxtpat zOQlAUQB&XJ(=F1PDFFTtd?zz;ZPQ=*^+bHqh+3fJrAuu@L(nsCOGHT~l> zFpP5!z|994K&Mz&XZ9?v6E76K1z52b%0`=&_ea-_mWp{PF<0*Ff*58w>$WT?v5H> zq?94&GYz45dkEC5d?h%d@JKg2&t#i`*f18ZQ#3b|uS(Ct?&KK>w+^itE7VK|1JXyE zO}lFGJbiBfoai#)XP4C}IFD-|KGq z2Umf0=o9jIyPed{5Awm?oz9;5k@Zg^$hI*@x8>ib3|Dj@83>KGb4k=&x6z>oZs}tN43!!J(7us_fg{lB(>K1O&}`n4%OO(Fqqrrj^@+g59Tsqo zWR5F7NTc{w?_zKKMFJ&45`(AuRXWA5stH|*&oeb;wTG95F+BAR2?ey1^a|ou6VrRW zh%*cdf-Jvod(jnKg7W)&_`2w_%tjRM(pC_~DClrb&;TVdA;#3EkbXV646Y{m5Dez< zuzC^277#rz8Vx%Si7UHKn$kLx5g59^eL*93seG17UCJ=9ll58B*?o#jAJ_;#0Cc!; z{Rbbuxdlk~5S|zW(709#ze38umKJI13PwQrXBPADTqB0JY^cXw+7BT=zow?^_{evBO@HW{`+J#pxKH|JAO<_&w`_18<5U6D zh-7p3=q~S|xAhjMM?0f=52*x|#IXnw~8k(JY)ko7w1Rd|St|{WEDGz+B)lMcX$?BW78X3Lz#gfA(IEtNvmF zshT1oU_!cjkAt24L6YK(ONjQ#{+f9<6x2E!SSHD_uP+4&c-^%X-%dQfm?aDF0Ains zr7m<_xJ!7SghJxWL~rT(HpA5q&H_6O3ogIE%PK|OFpTpAV{2NCa|@OsGfYPB z*(|DV+bC}k+pgJZ-nkgd+%!Z}d(J)rjOm-X)#UxYL80{T+pZlZ@EXjyTXavPhrex^ z02&i44;c7fzumc9jFFp(@{=X#ECP6lM3yKq<_CLij!wb{@^vISfozth+3QOb5vB#1 zu4(sAZwW1))Wvg>{k&MZ`B5oS0Lc>-OiFKtGn}Ub(@GnZq5g)kZb!dF1I@Q9w8x`C zl{sZpO$rH?ZTBJ<3ESRyW#gg5Nn50wtfhs$nJKJdJ|$U*j$oj5^Xc{gwn2Zoqy?r2g+Zyvji))TwLfzxvDrTHMF z#==e^db9BruXjjMRntqwV-MT_^!0Fz#CeidrjjqZ^%a2NrpLq@7%WB|_$kY1{nov! zselhZaEdY$rmfN5mSV``)`R2A+C!QLB)d2kvb zGgfPFfC2e+aZJ-75wynB+LF^WK1X0UoW!HoaHI6A>z(LKzCLpD&@Y7Mx3Gbu6msow z=0KYOV)B}k_l;Q;2-!L!`-z*cttsHk0&hjvy+Elb;JBc`Vx;lmvw=97*w1sw^Ea?a zz%?vCd2ev~W*B9)u6&CrM!E6ZmHK41HzCMj=|f$(8EEQ)zg%k~K$IHHyAzUGMPsBk z7sD8xv#fDxL^@d640dk5!pIN-!1YxV-oD2kfxX}T7!sw8lOC8)KGqQ zr{0^)3B%x9y5>#fPc=i{^ArF2bb-Vv6B)M4GjVqr24)Im`&ZO!{e@(uO>P~L&!?=88%Ky_Nx6j5wU*l=BB$oEGQ!EiMzp6LA* z%YlV?Qu?LuNHtNT@;H6_*5j97D$*Y_&|)H%lj93|sYPe>zj_=wE?`FaWv(Z?$}DUX zIqiRN%{O!1sWiEyT-lBQ~ieOM8^ZD-15QKP& zf|3w8Mik=$#Lk^DX*uBF^)mFiq^gZo_B-OPBy~TV$(e<{D;U~^L*Br5Zs<&Tn7uj! zB}U4yMCq&QK9aDVUb8AKGx@`o?0&qR8`sd31#bl9Bwho%Zh{GhzzjU{O8=0w^Z>DAvoiWA-|t6>o(@yikZT)5Xf?&uC1>tFf8Vg= z#L-NzSk`XvftKGCec==NXp8n3=o7KdSN{)%)SVb{a39mFYP?tKFR0x`S5f2k1FRu; zz=A-QNJd(2dEi7Gg@IioY4rsZ`xUn880C{0!?26~HXo5g4%Z#i-_++e3zc`8P|2J< zQfd*`aOG&N%y6;dv~-+#`mE4QSi9UQ(HlUgrA`;&Nrx$ZgUu(K%>^@VFjX_Zxzix@ zlQY98q0C0gmS+3brw8-qyqJ^hvC)kZ;#-t8y|KZNdj&NzvNsu@X&!ujrA>2I{=y8) zr=I1xY>Juoe7#&Vtc=@ooh*K)*zcjv5<@5r6ExZ*hCo<*h?mwpH8|`nhwdeoaj_nYIoWD?N%lpjUkIMzv1|IXj8foNW$3u$>FL;Npz-3d zwFJrX&A>@#zqqVJ>3d+<|2pcUUs#C`M@(c5!Qp=_9{%+gn4S|{tUriBB^opXM~}`J zWv=M^OF(l}eyK=Bf?k$cdfE(8SqgWb*>JK-Uw(FyV>P<|xf>mD_l}pL19Z|7_M7d- zVbLqa)v+%e<~q5PDiSX7Tc}fZm1OK)tzgYzwSKnY33QMJ>g|d9np`)8K za8=4AZ1qft(#YJ><-Xn+<*j&Rw0OI=6bp|uAOSh6XDbu;bJ|CRK0Hj&fTepEYEB!x zZ$&5VHGK-lP8#1KjJ1vLSnc;P&*CyS7*!nCX6%TW5BU(SWi<1i-(#%EH)pT0G}vcz zdJENaQFF!ug;?+DM!#tF;v#n{&ssUC>}+9UMEtnsX~3-KHOmX}ljtp>J<=#{YJ7X8 z-GCF9l+8uy7@b~HzWZ$mW1h)HRdgbxAK+QN^m!Zw%R{cys>{4den@-RBDiTh@4k7k z#4r6#V&k*el>9f>i{m$5-paRs=h54Kt&KUNR-t0(xLWGh?;DO>3qQ&ge&4XCK!3vJ z^PS57r-$@^wnG$`{Ru)sC^C$4Z6NZ5lBQE`N(qbCVKg*(4$qZ%tlgrjBtE2ycSET8 zS3+Mzm9EX{;L2sNn%DOgJ)C<*Eqwb%Bz+g}$-uEw&RE;>6?CGX4r#gSS1lv;KmaUz zN+dm{69wHjnrw0j_dZ^FVL5hs!+C?KpJhAQz{mJtc0U;LoRqgoU}|}{m7j%hK_}2w zLxv(2he2Ex-+t?3dggN|!aOl2Z5IPbw5$d`(j9i{s#o-Fyk23;cbG0LuAsNy7TEf) ze*kiwYLZ**XC?C#9X_RBUtZLIMJZxGXCu|Ze707)`a0ZL6G$(j^jw>{PHjWEH>GwL zlh8e9vv!+nXKk6IRbw8m4a+9KASBk=Hw1LwONoxQkUd?;m}eUqWsI&8_IFqt#Bbg@ zI}F)7ZB<@Mi=yo-M(A0V$VYf~k=9OQzPgv>*odzH z9y2SGwQnY4jA(}hoU;Ezm-VlK5_Dxuf&`|wqu$w%_lPWL^Xb4S zIAj^Zzk|5~`k+7HlUxvb`NqNoS!P4;jK`HCq=m;o7X@xH*O%Rl$K!o$c5WoV&Y@}NOw>YJ7}lovdN^*XN;XZPfNfe$t}YJ9a&sPUXt`#!beK5MJQ5bo@W z{l@lw>S^CA4TC~YVdo+QC7g~K_3;o{w^p63g2{9f8TnbhzkZ+>A*QiLTyEdU*?7~R zllfcxdSn>4PbY6LgK?+V_Ps4Is5)s} zAsmMc2)oUUYJ1L&-c@6e%zMJn=;3TK(_3(WKs&4a{jdnCnTqWU;z@=kJLU=4auZT4 zaBaKJ{3+hR9uYsSYyUf&FnZK!@toO}J`>RS)kF1V0F7C%o zDh(-bDL1I5D=4&uY>%#Oi7j-EZ()+>1rXZ>y@vb6ts`rm=T}^sN`m!#Mb9RoIFqJ+ ztJ7(_2>0+Yw7$JZSKv81!_frG3fw%YnL(*nB81ZY)`m@W@V>#-==KA)>;;&4<=r@+ zQS_ZF(IZ1;^DgQsT*9kK6w3Pg5z`%cLK^GLj4l zS~s>PN8dgX%Uk;hixRbzac~oT?lkSZu6|_!y>;@NY31bi>&Ev(Xhk)pPTiZg6W1KG znB~7_4|1xUwyPTSYR7%6J60|=v)e7a+~H0ze=VGu2fqQZ(V{(M#A z(}47--n!Oryq5K{Fy*r(y?WWxlbU-s;sX&_iXE#Ii_mA-W8$WT_Gzwn8<^^tQgKTx z#u;nF9dn-y-x}5oox#rxB+TUZK7sXMlo;3Ck82`<*0n&{B z-lglFF_G@00T!2-#RGdp4#bMqK6d+>Nc9d?E0ia{3G<91<;2<~w=U*IrzyM(WBIsI zs(D%h3yY`hpY%n_;AYf*E)ONsdA0AWB`bGXtLtQ$3Af%HJE%n(o3D-AK0M<-TGBkh zrKA@JJZRWCppT?or;47@T0>=gW)4BwyzbtZz-xct$haR(I(NuI zwh&Es7+R#$IyXbG)sSr9oh3g16~kWv;>#c=sFgs^A|;kXAJlCEkyvdSNXCv2A#$`UIiPu`f{m`pATT{6sm@B^3@oBhO8%wvBnkQnuY|M6D9^9HX85Wqm z2D^_t%tm9sFjuTO+7e219|6Lx^=b>?m65Y>17lKJ@THgAeg>xuC&XQ{<;6QeaTCF3H}mKI|V zrRXKQagYmKp)`18wyqYonJy-Z!g|^ad9|~QMQINZr?v)-#?Hb2Afp)*@H3jkrX{1A zetYQiT6+I@$Gq=UQ>qVqYfE9Cx?>Z4sA%X}h4dFNK~O4b*z;bQT5^hHh4`X_CJ}E6 zhEgmIrv2uduWUT&N6vM7DplK8xh<4h%eY<-M)ma6PaIo#qYj3bI5(!(ew5f9WFj01 zVEd~-Dv-sx)%RGld_Fk9)_i*?_D|2Pf%#uW@hej|@%k~xX9XIh&WBSjYfH^L*=atJ zkV&PjXz5Z0kJ1vx5J)G)SELQ;vn( zufx^Tti`s9o=4O@kA`@y)~6ikH<^5~nWlM2F8BSI7!g&!nb-=~7t)(O?n12HlN&=X zOwcuLo|%r=yC#s)W^L%S^iOA7!*uqhx6BOSmAqP#L+CXZ?r6pi_~uzliqZUm`@G}^ zR&$QQS_~Q3?KVG*{47oMOI81FFoJy7H?Dq{CI$CQ_c(aAzWyI{6EXb$1k{mBPF|aI zY!8P^^zuLvlTUC66;XH}?aisQ7>vHJpi`i+U$?7P{yfI1RIgFrH|5Z|dnGT;z6Iv? zN?l4BHTF3LPRASj`T9hK@v2GmaZnosbVg#9%F6-j%JkA=!5tQg?5&KmStmuGS`fy(KY?) z69_$5aT>(fE=W{A5C9#uvm+tDw1;w51oU4dY;|RN_pl*c4JAa+{`1u9e{4Mi<#Nt3 z^YvU}nGUhwO@~o5OLUcgRvgxm=>K6k5A4Twuk=%L3z>^@N5^OI)&5fMo}yqoC==~uK>4-XajJ((=EQEWZjB4FB{{_M#UCNGU* z=6D%zJ*6gzSNUq$983LMT!ZPtiSQ|*WH3t|$~!Dv%5+&?hZJMA)N4Z5MPJ2yE_mFT zE$a8dXQd5$C@gY3ygKHzqKN8|#|HQQc7yd7iSI7%J~WtSoYNBaHPQAlAl9485XUl3Kgf(=qGBa-C3<#@#7h;Q5ICLaCWyPlTUcloRz6HUyma7KPosdz__&tT9;J6@=ui7 zXqbR@*|w-;=EPc*t4kh)p6!`0_f~>^OQLEzPH;hIFCdDxw)*2d9H~Sne8BQNINb}l zJ!N~ySs{w-qHa%gLEW@WLfuL?#;188M;;dk=fg|kzKotmDOVwTF`1p%Xmb7&*)8=X znNpP5Y2~!a#Q_R`u^_p9<@P0II0O)Z|%x|Iy)Fu#v0!3NOu0uDc1eybxg zpIs?gjJKW5bCSWU>J035jhVk3@jCf+K3@R9siok0==4ta^~<@Z>uVp?TM~@bTJHb! zp?>$$O$&_qq-1`3Sh^g1O3HE7`;ggS>@m$NRiY$c#0ERVO>2)D8l$bk+7j zeC{KqDn-bjht{~RE*b24z!EP*>8`i8;Yn8%uk18B=Rzu= z4xL^yKc1{6M@OQIU7iSg9F7_0N4LpuP;w9TdY;`mWA{V+G`Z#Eo$F%)lVOjE+_IJW z`>AK;8v7OU5R&rgkb>c(-J86-YtVrcZKX);gR;nBw%tABwU0~V+;Cuf**L6z@_QDk z1XtchEs1t(`B}DB%`X_YmQ7C_Qhz#4yvwV-o4hjf4~KR)$SdwO$oFkKz>r$% z!HcqtYQxd>Wx*ghaN`5ic(DO*hrYY2h~1Qlgv<#WtU!0dpk$-D3PsyjG^Frvh7td1 zOMLau@qWu#HO_L~roH(+S=QsF+M$ zw@Oqr14RA?gj50d50V8*(0y(1eERcq%S@h?(Ssf^{?d5zjR34X>`D~*_~+i8kt|*@ zXrKTzr8mXzZ@>SygmSl^{FW725T`LJ5F3serz4~uMtdd%Ps4dIBfb;R3Fw=q#Ulzy zMhEYRrC+8Hvx+6iKRA9*NED=djy>K-h?74gml~3gVna7rhLF&rKlqgSIe7m(x*^H9 zTK8E8y@RCs$43C1Ix(u9w<`y43Q#WnYvoyTiQ#s=!QL5JFUEM@sGQ{Ze3!}HjXbzA zn>2?rG&B8&wM`V5EDCiQnr#UOmh1uZigYFaF!sjI3K8;J*$2 zT%dkH{O4<+>0T1~G^1SVSSrb1qS5|G)rK$h-u`iW#|7^!Lef4?bgqW}*u{f;+@qd^8ra_uU?(5?gqoD=M~4UTwhz#lJpRR5c9V!=uD zKl=!|j3(R|PPxtt`O{SSSqSb@Wibx&!zAw>*krZ^r2L=_N7)~6K-vFsZ%UcHQiAFq z+zdWKBdMN+$DJ2)r>XMre*)$i_JXJ3E(Go9Ir^gUJNHJwf$T}hkmwZe8y(M+;M7FS zKWU(^;~VJPube&6NPHH_&3ZivnfT+yx7$uu!Os{dP$)?G_v6EPd8Y1wqA*_v#V+Us z8XvkT9obJVz%E1uGmuvbGp6+>{qxv{Km6+d?(qNo;gE$-UX&Z;cIv6?kUw7%2Kj<(Id|z z?*8@F{o*&kMJKNmVos~o`=at1y9~2A2jLzXBPz@+1BW;q1g%w z6#jg};{W>%J9Lt@ul-*|O=}+>Pn{ovcT7NPNd-j@Y1tnMz3%wR3Gqp=;#=f}TWG+i_8eP(hrmkU=od}xz z|7NbqQMkq);(q)*+ONUI>)nsth9wt!yG5#Ba^PVWlm24W`d>l1Ev(&^_^wl8Y|ta_ zd0qDRvs?s@MFtb)MGvU06Dtv}rY5xg1~M1^W-`6M!i+z=FQeV>zxng8?`x^Y_9@mb z%FC#!r&-Z9d;*u%0y2V8Itj8yQ3nWo>C>`YYd7z+;vsb$?4k+h&998jN|L zRHv)+#B5f>8M0~qcl$DSX?(7dt6JW(fElB6q!py~DxhV5yk2{plkDksf8v?M_+{+6 z(L_*s&1Hp(6`~MRTDzHhDrZz*fN~x3rO0fRJLK0~h~0tq5JBkS6ql^yEwe^+*ok%q(Bm`Wk`Zg2Gr(sIE&>L~cV01>d`X!!wN9u~RoWHuQVQ6!J1PMz ze{%|>0v?{CyO#H;D1|YeN{cQmzAO;Pa4d+l;Nb^_(*?L`hWX1Va{un&xW*qO`hwKO zc0;konu~&K^Tlz6r|;rlKmMDwg8$<`_d_y)pE-thGhK+zqdYRb!Lh~tJV@xpef#6} zVb@dw8IWqDvI7Zufx~9BBOn9D5xH{Q`&MpW$}HnkyI~Hi$CSV|I}Rm zOIHP8Vedi;p!-J!I<;&Mq)T=550{l>D0%Ro8y^1^v=^h`L8>AzqL^`g!lgl~&9&IB zs&kRi1b!*LJ2G)DS@-q)@oeX?=}KvMUWaY-x^t*&%vO7(&Zj9dQz}KI@ZY^AMhc*M z;_AD#^Y-@v;g>&KALjpVeT4pJ>+>{Xoa_TFHNjX{`Y07Fm+vDnc?2i?_w5S{Lw6<0 zk6QPd5v-3y$E>XpC5Zt4r;1m9ze3BC02FzN9~sTmIga8nr9k&!VFA!M)bI`hlMQ1| z$@E4?Kn?tH7Qhjb@Q>}qc>>nvBEVfH0VG6T@_n+cdto)BtF|+BBUO{zzdH7>*YXem za%PF)9$;QHlq8gN0DkBVGJv1GM@bC=u_%907idpV*x}+ zEc2gu+V>Y=s`qN->V(bH-}lFVi9L5o;nJOBTgu2T>1*4pF@?evZktjn1iz?$rg3`b zKaTy^i2dlYe}x*kD@E~+*y>~qs5;ld>&ChvhzVkhCSFqP99P2Mtj30ljq|ovpPeGz zdUsFFRI*PhmlSK*2^7llW)^SOC!W5lwd1DMb@0~()VI+RJxTG+I%J-FFxhBo&PNO4J5>4g-EX2at^C zp&^*ewcreD1{4>#8PH6R%~}{&{0YQp1R}oksyMez`14=%DZCR1bPIIw8Vg05UBkW= z;xy*X&n(T}CbPYk2WVMU!Jttu9ht$>PqozT#p2UKx>=7S0l4E)+g7cj5Ygd-w(R>Q z<2|^$KdG;gB%ed*{z98r{cDx-B#xxhJ?16ljeDPs`2M>>iTQt3C_0yc5WdhC74EI# z)Ib%_y|Bh+`DjVx&|OJ?ryQyJtALZ64AhGHV{Xe6p0Pka0Nod-IS=U zZZ9oQrK7&<%(Uczbk*dJz!97SJ<>y2aghCTbiGP&DdqX_gDdl2xu;Ed`&)f$fEE|M z36L%p0P>gdW92YLPCQYZ!TqQIGhkhkvVNN^6G-kh?TxAk0GEzbF~{7i3}R2nfY4Ej zyFM{c)Jg0hhw3s#NdpPv=G?{odZ3Bc8+TX5WV&WR;fIG_Z+koSVU3eOcfr_|%a=0> z>eLB7rQLtHIG{t+_|gTOLermlUxEcHM-=uo~XL31h2Z837$ompPeU)Zp4A_%``1}#QY(qR2 z5T!dX+_xQnBnu4o7zTS*u^Cdhj2`?&0wK5h{-i6H zH$eojQ!pFX)?eZVDm6lYF&>3iu@JS(_(?SfI2XHNH{I-Dx7@BTzSQjiYEj|VBhPu< z9PK&HgLcF*_g;SeKaK?83hI2F7KrbQ*JIstw@)E_R^9~=%aQ{{yR5}8ZY-*P(5Apg z+a5sz29@0+SuKWt8+#21@P(+lJDDSw5zM0->7sHut<9MggU_n-yF#GaB|cFe#r=|e zp8WF)Jr}C{C|UhHfwqNf@x^E31Wnefs6;&B5=6JF3A9rEau34&KHUZCM)_4Qsujkl zHkABrLam-@yeG6FxGp!r{%r1cV?ylCdoD^6t8jWzyMbqy!el0Mu7rc71==W(B0iTNmYlPF}(;hpZ`@`saWca)V zD8>twiHUr?OpQ!ei6@>kntAM~7+hNqZUih7bqOFi7S!J&osMlEP(D0fcQ>yid^ctE z(Dx|^dw@f);2)`tT^l@aNks=Hw*Qh?@&C-ZLj}+c)e3J(9J7p#@w1pVwVA9pAc^&_ zQA$2#+{E{E&P|_uI;Z4UHXvr#cuf7q?H;N#O=Ab*7aK#fVI%GJ54WOYzh$e1HYV}1 z0ZBb+3|^J4cGfk%pQn+Ft?Ly~_`$>1pB1Rx`tsz%JNqm^d#CQi0tEn*U+qE9s;ypr zu?uCe{_**?4^?L^JPF3|{x*5IJ4Oia@04M}u z14JM0i&>(@0OO7&z`INU+5~ho#0(B^+tTetkeOV0whgiUThylI{xG@fo9%6x9A4eCW2QTaFO6=v|ya^7k(|1|oULZxm z4%Q@aiw`y+^1G!19{|gF>BE`ltK-GiQ=*@3b11$f(H`sp?FyAoj}r3$?d{UqdD&6G zPUHr1YIW-kYbBSE?J|b6K%J}x`AtRG=3LF!^C%!w$F_1n3t%t+vxMhoKr4%%zkNZ>lP6E^zWx&XW@L-a1j65 z@1xIaKfw4G={gqx#2orcTX9z1>3AamGU>hVbUqP8>_6NU?{ z)YJS+WUIUZ6+&bq&~p>WDBK)$USr&i83)=}=2P@*E0) z>Yjm_w+9Md>p;{gYrj(~oS)2x%17vF8$-~(zd`FItMD6e_@$MhEA_f-gr+}BK)>f) z5WlWf+txF2$o6j6#y!&sGYB(L8o_AwN-_0 zp+`Gzgf=FB`3oY>7OySs+xU9pt?)TtgAe3@bU8d=-n&WeBt7POU%Ty`vulMgMPC!h zq?L2dxSH>-Z4*H<5pP@k#m`wU0>guTaOATOGEzRzSxJ^jp0>1kGT255-yJ6jm22=Z z29edw&I*Y6(0v>!!3$8LUi-0k@WU9WL`4>AFZ*g5+g|bNJZ2l2_|0e#bCCBiKEn2+ zUD-Fl$nUJ8pCYh!n)nU!+JMx%c_rC#zLklB^o#DsMRIiC56YB(P_A_`nYLjk^;rre zlkyuy|Uk zQ2gU_TH(KHua57Q8P04m>}KqgM>nymWmt6AnKbdK8Tz(wbt_menxzaUR&f_q2Fzahz;aCQkx; z@5d)$H#Si_t9Ynn?yaE)vgxzVl)A~bK~b3)+P0oOEILMFiQuZ=E+YMVlAu<7&9Q*+B(R1}n-5F-f zWf+L>G9M9-Kp4H5fx^dKo~`p2h}^?Gnb_CH3X?r@eyTypg@9W@OCWi|&iw@-`$L(4 z;A8+|lB1R8>MXe3hOFLt1zWr{n+K5KGzC^G?~!=pAuIJEsoP}tb$~M24-biL8Agpc zcVwiJ#W_m1C;sbz6KdWW>Ha+$`1ZV60X}w*Tin~mK;@d^{1e+vZ{Gt*u9VLDC5L=e-v1P|1 zkRcIuISePhEr*wd(n14?nMt_?Ag$0z!UL+5Th9^T6HSwl%&ZWukZ*crz$o5I0X9Ei z?`=t_PoGdc-`ki*kdUp%m)r^|jUm!!+`bH=Uo+l2rQ}Q!i5EG=tK8g_4cnDEcnZU- z7O5AwWPHKiS)I2KBvHmo9%8_o0D9V6XGW_5#J!-RukMemflXZ2L0_iTdlS3j=PM^U z6F}SrG=7q$hZ^AGTTQ!P@RghxRY=IaegmqT&M|rT!)m=f85GUCn|T4^sxZcZ zNQw;c4vvBhW}t^wvzsuf4C#H-bOtQY7KbFaBFZ@iNphL1LX*$wAPFZ~jW?>;+&p{7 znec_ME=Ws`|BI}*42v>)_qOQ}Dd{c+L1gHLp=<;Zq!~cEB_)TJ6hxGUp}V`gyStI@ z9GGF?z1jPD-s9Q(|3N=^pdK*yTK8Jl^}Ehnn@@dgoxmt`Er8MVa zn6X;0Ubqd|1e8D(Hu-SNtwKxe}ccyFQQr) zRNQ#>-pt9!D1MM&4)UjJ!T@V=fw;_bF?HW$%Cm$1kT@Db_6$ zOuV!PkT&>Qj2frG!>8CS-)(_OWl^NB45bk@B-^fR7b3+X%ZMLO#vsv%vXVUP4ucRV)`ze9~gC547V>OG;0-K?2*6u^M6?YV#QluhmHpS zvv&1q{=e^Z^vt4NpXS7iKczM5x~S;v&K4J4rnWS4AhUn6r8q81ldAa*udQeAX)3d6%4c8iy*{K_+fL)ofR`RjPp6%sZDJCyAXp z(g+!+dL@lWxc>@nZ=YMcL%{~!RjnP>dv_Y^Ji#Ysda`to=Z@oVPUvoo$x+$@q7nWv%ktA?18ptcPn zM(Elaz5>iuX7BRTqjZ5_zA+^d_}ZFuBPolNEBgbe#qAn{luV)WpgBb&x@>O&2qIde#V4tM-}~TFPSOzbu)N3VNJUS9kW?rL5UUD?1$kL%Y>4k&&u+y#0^uJ~M-=TQ~ z8sMRD(xqJw}MT32c1cx;~Bq$NFE(es$P%?8(YGUCp8w>p;jf{;HG z-?A-{Oj0(DzoA(Y-e*+ph@%obwk~q^rMBfM%0>!3N6e7>^TB|{`COpT0>SL4k zuEVh~0v302u7`YA+DiQu;QJq1H3eji_u%b3#T)m>2GFx7JzE3fwAI1(SVqJM0SIsV zweS6#tbLVl{apzRH@yEl{VHR@{>hlp7z7LxE`GbrYHrtTdF>lCmxH(zPBCF}wGO`J zJ>I6~D+z6^&FcA()0=oDbAD&8FtU^rDC?gXZ1Yp|K@O7mm1wYxPk-S=O z!wuj$8e#Q#hFA8C@lU%IIb*wdD<(wpHsCv}_l+OMb(# z3wBvO1pQ5g6f&0w#*q?xFq^(7|AaeBiKTK9w@ohHW;$wWt}OXDNJPz5RAC{L_N4T4 zR~f|FKW;BGT8ZBaoj4jLm%SONw~@BI3^U1#04knJhV}H9$;)FT#Bv6B4Tc;f zd1C(1aVi&Vdx`m_mls%c!MIJ`pjl$Z>~fU-V9Bml7Z3mg`=xC@SeooAj!|o?R2v% z_nO6TY?TY}3)+8fmyWh3UYi;Y@JSTOg|=u99vw!Y`8Mh3hDk@>;VG+^vbYxc`;1%k zBpCd18LNfpWX=JFT}OP7mJE5sY4;Kj1pf8$h;d`kEWYrn5LE^kV7O4>%^8T0tUe_Z zYZ!=+kg}jX@xkFE4~Xq$f|<;qmC|F%XlEL@vKRiAkUI*LWHQgpB6gu z#xgTpYNxzNoaE1V{G2%8V7Q93`(q)9nLMB=)w5K^YggfT#5ghHrJPJe38Rlb>y_aU zfp!b9?~EIgxGYshKo%6IH{**{k~V!^@$VN?8Xmk`6_nkzzHV3`YD4K(0tURe7tARN zD|Y~c^k?Zxe6a`9J~0;97bYPcaq97CgLay*^xd{@h&?7q(%=xCX3k=XEykMKIh z`L<+r_8t;nIZ^L6Y^t~wMv`ZyY(5-Y1ciww4o~K_FuTnfD}64>JJU3o%<&rR40Jm^ z16PcOUA~mPuqJFdZpGfHoj4cU5-8+6k)vF1i3&|j9ucX^~UHh zBvzK${d?HnN9;myoo0miA^5(Idg0@Hxhn|BDbnDG>6!drE9qp$KU1i$rlA@g*k88Ghn~oM)Kf1p5UBxCo zT9uvVM6>T6>Xv3)mh0Rk@3EA2MZ;8<$8()MAUaw85tK?2C#SGW-Xp#t*NUMGeW=s} zEMGCurZJN)3$;_IQ8JCZCr%qPqwa1_RPs#I)u|5w@fmY{2M3xeMUQ({`~iJHWhoh! zWcYXBYvJoGf}KiuuFSZ~;dwY-qCqa_1#|(!CkFc*vjiE9TwFe*1nCkbsp%TQ?@1f2 zDYo0tXGW(NQooS4SZ50HNhe}T#omEvd2;q zuZy|84bxfjp9}6KJpoJR%5`8F+IqdB9Q75Mptq!CV3R~3%diKFs2?s@FdEq$f1~lb ztR%HBOhCrR&j(3{A9V5=OS1R}!(<{aBQ!(*278c$q=@w?R}L^NH^VGbxe5F)o`W_d zd2$LwWi{?~p)#J)z~dHWW3T?!8=_^+K^2z2qGu<3Rlb3=Gq z*PPgOjhlz1&`owfG33yS*3hP-I8ncjUn@4K?6rL?0SepdJ+MOPx(TtuYe)nwK9#+Y zjL%SlqMLL}`m9i0XS$F2T!N;-n#UePf2kK(927n&Be$4WVT$uC29&-ThKHDj)B(Td zp7gY<<~7rAQTB)vJR;uF^bj2&by;b(<89R3ohm-*3_&9<(;Sfio+PF40?m77nSTdV zyvH3nEult2j8G&C(=DT4E3NPm@C-?Yk7;JGrg(VK#&~@#_Pd_iEz&sep={y&M(BtQ zDRvCfEs9#YVHYRzu!(sN(j9npf69f4wPb5w*xjLFe=!emUDI+f?SLi7OC+-zb~3GF z_l#R)FKC6CBp`o>5ryA!Xi#%K9-`4YP=U7^e1i`8!_p0ZglL#Mt}$k}3gMj@(`=Bd zJm!cX6aaygB;WkU6fMcKPn3-J%o5{FiC1M}#1@d+nH4va;3P-wM05N{a0s=SHqYUr z9^mxU=GmS6IRCwV$~qA?28l2qQ@3rYfsqc0+Z6)0qEmJNu@mi}4o!R$bIpsA^I+3A z+N+i#zZ+pj#sL{VR)Yo1L$+zgP>Xxszt2s)T`D0HeNVYdJIe;3dgRfaX+sgQdR&LJ zjyzNTdIbD0fcD@GwfhC< z{v7p~sV5WLE{POS>EaD88V<(sZINTC_DNP(*(^+Vc5&Q0Fnp4h)IBF~P0c6%d73w8 zjLyp9y4#7#?Yb8z%0VUTwqdA}j!5M`Va=6$CmF8%Z1sExvAUwXleW7iTL&}e3_oip zqmWc*kxAVo+L0#-Unh$qVM(=#(C_{)dPkT%z# z5p#}5B=!E-7}L~H^mGr9oiQy_JJFyR9#?BCwA$v0n|Z5Q2WpGvXU4MVlt4nt$hM8< zx!*J&*}{xq`}_|*kroG&avox%pX=OI0gLk*N!!WDYfE$pSGy?i&IHfKp0Ls!^;{>v z&CE6FzD~$pna7uK8I2{wcAZs_q4`W0Un!sOh8+^w{EG|5ylY9H9K_cPU0^ zNES_cr)cL26rtPYWy0qJ18&j_sGfMLt1?JetlAUoDu%|SM5X7JNIw|{bkOMz!7Ai( zbcGw?p|DYDJvV-^9;i~1x@>fMpR-yQTzyOzGwVHm7#hx&V`TcveyR)UKZnNTk53<4v{O?2a96iijzp^B~ z8k9Woe!``vJbvn`A>{O46%{uz+{-=2yUj|>zpfirMww_x`<4_oG_BoSZxmczwdD72JAzEz?QdD^=y!m2mHqNU zAZj+<=Hz6A;bhkc3(sPLFa#l=F1RK|iOyL28(Xq-3O6mJ^AU8nHIcd<;2nQWH(%+v z-sB*OsAC!OFFoKezY4+HJF&#I2RCxwcnQzOM|O{uG0r&MwTTv4C&T|)>Nl;(_3mv` zAb|R=U>82CgL4cLkY9@gkxU`+ZIVvcu!*>NA>vKU;u}vbsmvPFXW?|mRZCxFqI0cD z>g972dL;^GQ1P?T5u4Q8zwr;FY9f-wH9Y=u^lHEEQk}06O17TQ-14>g#lN0Kf@NY% zbat!EvyJ^~%?#--RcKSZm+d8-?Chp#MQ%dr1o?7&IDE-&t=r_4FY|t4>Lo!*%8y zc{(f_a#aAp40-&$07I@3-{~711WM)vg`x5LxxB8G^bLJEy1=WNBEm_Tafj3+>?1JNJ@H&pyP%bIf{`RQr z!(VFns*Sq$wmZsp8g#RBY-+}scYrK<=EQ?%#PD;aJp_VBBv7KZH(dL_AMH=H_~g0I zxfd1&=99^`#avb=*#7kyf@oE^&q_2JvMVLm%q`|?qXus*niubP40JB?H$AKlg7^U( z4gXG*hf!xW+Ye3R%a>_~V5{lbUD<<7xIG#a(l+vS zL~zISN!%)IC%j=!9DTd2A*SNam}N&^%C$k$s7Rwxnkhce+ACUZEih(4)A{xN-SvEHl+3Pyj^$t)^lH>?$PS#0dknP*bc5{gz%6v}!cXRg z|4W-eVAle)_=qa--c5Xtihk4+y_8Dqdx`$J{Mua)Tlc{Smh#?;PTlSFomv0@q<(v% zWpAcGHlomOM1)cO0D)s7Pl%po!W%zLB_W3T~3u$)CvoDZbIlnE-#*^UpPZ7YH79 z$Sf~Ox2WNLmM9$m{)U8#(UGq?qeNaNV#AZDE{Q6M{?>YhhGPPyJNdaY0gSOsPY zvR765_1Ny$;ZFB=sGm8eg@2d)UgM?mZncu7&2Sv}|4V*OgjGutvRfPTycns?ez>ai zV!{Y-%rErs#L$Z`3uB%Rb0UJu;bD07Q|H4)5wXzyH)gseUV5?nx@#1;+k!A4PlbGS zDg^@;0@)Pbs2)yoVnx$ymzZaB%`u#VRa)hej$_`x|F-Sd&nwjn@BPg_e^>}^Z7;Z? z1I>U5qkEy&BWXN#5wMwTb0^I8#1W%&Lor*CwW=}&=^BG9c(p&MFu{NxYj?5Eagg8( zqT%MD3THoo%0N9&+&52tf$EP76Kc?3mi!NZTGmgWEX6Hb8)VDdL^2M zR6vFOgVC%Uy@bImUNlefiv0&O3lH~B0diJtB}K*HA(77!0FLwT0~ZG1Q_Zr@J)-Cz zAe?df)f|&c$;1e+C&qvM(A9UHlLCgAFkK$fA@XD4#Bmw#b$qC+LNCp3wrn^xyq5O7 zjql)PFpTAMAI!~E970v40XO;T&az%3pdw!Z77GpP>XS~~;nonoxko< z^D2$|$#3@Jqa;aNhnM8HCZMZ;VHVBV&`M*%k{)WLvYpC0RT_%E%*E3!U&1WQq?W_= z>kIMc_({IOGr3Z9yFVl`8v@OHG>?gEPEUwaT+}{=-eHwQko;Z*`qHM4(O(3Qu^`NW zZrpSr*-^DhiuP-`bBWO*2jbfz1Fq+(5Ba4ZhXCHp$;iuE`{kTv^C^PpbL}{!_KM;G zN8uT_e)HnfKxOTXi3VB!bH}!MoSRQfu0OguPNUe~&=UJ8fzs_-P}O;i(oGC%!9|jl z5qYye&Q8dBE$6!|3jFr=iyMZ63H<&rz><`@kPYSPP}#Fl(Y#{WPr`##@y*7WUnLJ0 zv>B}{OrnP+{f>-=J0wG>^3@c{E|ztBRAUT*o^-K4pkFD}$@h{Qpx>f>HSxH9Di-$+ z@GivZFpJ80y8~^p2m8(MV!eiLU5$});3aE2c%w$l%V_X25X72V#Cx=s^~))sEa7|o zVJe&|r)a{Z@}++aIM$2JJpSw@MEF49ErVm#YogDTKQs0N$D4&!84az&`kOzw+r#Dk8pY(>{YPm)R`h4jCP9-KD5k)!; zKNBLs;|F50qQB%@&;u*8> zX!t$^A*@`J9Qrx=x}GhnnCpw9EB8e61z|LjVH1jX?=%e~ zTUP;FR;5(pbe?KY_|FsCM`hi>Ndp8J2%66+D@ueh?cWH?16OJF8#TpSe}xzc_=(xKMD!q3omdo7KP!C;vy=jnc`H>iS5S^HiPJ`q25!kmwGO&iIPAkD~`1?T9z?$us7r?sT%r7V|Z%OiX zV}PwlpY^hBruq}Ted-E@itY>PTeO0pOJTZ{=Zah&3P#RJD;)9&Ia;`TI?C z=f@tG%7eNCx&$-(InxPge_r5xE%sJRFk=1#*G6LZ%Xd}+n^Aq$xrZMHh>lCIX&-eK z3^B;fmKpUVJb&o_q8xITGju3gp+K4l@D))x(xz+Nc1rz@6uxV7*2`&LA)y#n4kIWGF^xSrT5E4q%FV z1j!HpT*z2KzJ0iy@{~1pEZe#HeHly8cLM+w6^#b?Uz69)+8f)sTlDYx`eR3C3JzOJ z7MC{McY#sjy7k}ZayG}myZ7%JZ2!JvYUb&{m3k^c4&_g{qM-O2Q+Z|T)y{C=Cm^a^ z%JmbSQDnCV`JdBUe*B_%%37LscfGrR`chP^;@WV!baMi}sSa z-Y(C(9F62l1Le%|j5ov^q-Q|qTX3TrNE2rPT4{$a3JvN7wXsYI7@$yCNcv0~k961U z0dAnwn<}7W1kJG1c;~=lypvLmNpy^e4?K09B*c zzx?3>k0Kwy?bk8;9kfhfHztcQtyoGByrR}h`A_;gJwqhWPTOiW4)`%w+E*L?J887O z9qA$+a)AmhLa~RtwSgkj#bE>Wy9oBbWgqGS>Ryit`de2OiXVv|`=at)`)<<1pzd_A z9VL#|VdmOEQA*ev6mYB$x#t7Q&@B_G#>^nk35r;=aiZPHoZMrTg|RX|b2s2j;TOZn zv~IE>?LWzFxzN=}$+LPFa=kWfoZ`Zps}jC)-BNG?0W^x#Y1 zVK#t8S_ZoPSejiQ?}eeUmld^|{2KT@V?RhXIvfl+9L8QDVURdnIKOXgyc$Iav;@cfYHUv~2~EgxEabF7B5m}AO$_%SjLTo& z5YsTryF15{62t$#DQ;nZ7EaQgPCrL<&CRP2j0bAIPR~3CFP?s54j&0E==}$r=pJ!9 zedx{sVoqC*yTL*3>lLS6&sGH{@yuh#$(gxoABriT&<_K>B>xP$i2nN}uSj`)VO#EV zmMcQ*8ujj3?y3!7{`@_-@citQO!tT0@Be zS7=%}|G^DY8>s>gv@YXGt2B790fkTK#8-e$D*Wf^6Kz1+S^?{4x{SakcG&yadkmG# z#cpwu)4YmST86+^qbKo5D00X?F$HU%xa|WUYgV*EF1(fOxpZ47ult30{6pvJa+6NoYAe;MmI|fhZzn$d051`b7Ar8e2Wb?O;;2f3U~;%x5qB%9VOj zDm_owX*x6Ra#f;0xI*TmttF!GMm9{aC=7u2&RWW8g<*6G%`?$Fxo99R-`zQWiud&l zxTO<3?i@FpFwR?2Wa ztA-a_b?1%89|Gj#&q$z_?*Hf2#*RA+(~N0X*2q?vmqp@N58!Q)DDNp{4wO}{j>){l z+G%E*ybsEH5>z#V0C?5(EhNC4(lJybH%HSo0tFoLhfFR%9YxShmldm40I{L+Eq>5Y z^ndVOpBMet&^_z}=vMJvX9wip`L54brW`j0zb|HSl7w<0{Nw#++y!fQZ-R{f++zjF zP+F)1h4RwH_*n1+VjGE?$C^~Z8xxfzd@`jst(e5KR_AJD>TUA;BU&fin09$2ik<)u9lyf2 zh7a#0i@7D>#AvTQ3Im$SfV)_%D`|QJQNOWDeTc7Y3{7t<9SDQ^p^cR7@!`VqFCHO2 zk(`n+5fgp+vq}M8*nSArMRx(g%2>6<(}%!H?SnAka`V?Cm$6kssx-hdpr8 z$unN_^hWf7s8-}ZAbTmbvHG;LY)0>U^6{lHReL$i_y((K8EB)DT>>|Ok6hQU72u-S zcFKD73eCZMPCKIkARU9@)3fJAUXpraWqCduBf!_$L@?`i%9{r;6Hk9shy+uQ*fyTN zcEnD4()8&;;OEQ0_MFP`R~GnW{wE1#gF;t8t7cb^EaVm~N1+h7#B`?cuB>OFmA(}e zX4A)$TLDs<0#|x~`xNquZ(Ggvm9SOK%I(J#g17Q*;|m8mAQ=X>dbQuu z>S6EI^PD$u%(=OGc3y8#oqQ$Qx_6ReKlHhsBr`}~ z`5u=DxIDHSwiI&~cb73o!cQ)Osrr65&F(eQsygA%W3GL?YJq?MLmc-Bp$ z@C#e7hr7T6gU)UBgb)&F0$AUHA3;lSPY<;7K0iD6vInC*cu=Fjg({O99damqRP=?m5~Tsi6%z{#&X18FzlwswRwmI zEa`^f&!&^-3IZ7Cd++3m8`%Y#H`K_65^8Vs9_4&naj| z+2y-&ya)AGL7Ln{q|tny6U*Uv@=Sh6@^f@Ga04V~{jI*3KSk4lAtl-JceHP?Wv_K% zuwQt7vccB%&igTfQa{nw4wJtxTLgeamYkwVYj&#Cs`tjQ8HI&pMzM}nY}aBT%HIjb zsQN?Ej%)UchLag3Pi0dd8xl(&YkY23k~n-CDR~y`mWmDH1)`kq3oLn`ceQreTe9UwQlOfM&y2h*6`uMhn8$O~)j2c7Nc1gFjAc_fKdJ6TaPbymo#FZj&o zIX>}9qulJ~D|eD-GOg%qR9HGdo%5=H-j%IDH76ofkA#WQvHdow)GQlcX*yS>1Fwde zt9~!PApGqV1B2qji4l{&=&j{bmdJ!|eU8%Pl7jF$n3B^Ud!|Q$vPAW{4R<2d{-&wt>~A4TXj>)d3mz|77m_@heY){{`Ci^4HvmbL*FL@yJ2(Sr#Es0&^ZCP=i(X0L?5zjHR0sJiP z=Nial^19)^8_G2c%@!Gf!WJ49ucp=BrgeQb=7@T>u3W945T@6s&GO;VW{@xi1#5_U z*7$pm8mT?+6!;>1FuqOzKHT)(w7#Z!8=ffUSPl0Y*={_J@AKNCIiGvq;*$-d6EqNR z0`+9hpkFlUV`g1ce5y5YMAi60r#)7EamQbz=E@Hvm46T#hdS4u7fa#IpftYJs6-m6=`*fbvj4v=dQ2qUHpz7DB7&s*fYT1d*hnsD?6zCh6cX6iByhFFdMF;yQ2Wtf|a zBp#~H0Qn%%dl!v$>Nzk<5Nhf&#@!PiFZitj*uc`;9Nd>c4F~*Wy{W!= z^N~V$Q>IU*nC%HGKRFV9RhygjE}+cT zVs1(&1-6j~HYx@0BUOJ~A%k}ugrno&qgRNG&xH#G-oK`NFq5rY8@2GxGrh^x2$C;q zJEV3|G8M8GSGzz}HWY{2ax@h3f-qtl)-uWbf$(6;L(e=lHbQ7g-`nyFCcof|%!mr0 z=hOdC9Q0eP1e=e#WUhKP^>FLfj_QI5Q>Kx=F?nzt!o4wY>K>EwB>|fDkE^^w#j-uH zR-VKnA1!quob9m0GN)~7udti;Aa|pCxkjiUnozgYWY?LF-#B=ON~p4>;9+3SwmbQ* zu@T2|k9zE#|2KI7Ov|ecz~Yu*;7E8@@Hs2A&Xo2d54q6Fs-rLH*rYrw!+NMZmwX|e zssDVeIY(B_J!0P0%Wg{8s%1htAO4h3bjEr+B(4%{37+9ghd*u7$gjc4wOpw}$0)NL z;2Q=-nr9m{O>6f68TmnE%ra6?=A%HArMji_sLL+Xw19+34%nibn*oLhq(z0N9v>r` z^JO*ML7KqiT`Y@s%cnHd)24R<#d~#@!cM64h~>x&FC9#=Dc#sh0gWd2%kdZ8)?v=D zN(xK;iPMZZ>q~)%2t7jX84%kX2y2JBTubE8-lh0(9F{kOaxUBvQhn33z1yUE+(1iR za@<1ONN*8Z4YKqpT*egYNHjH_9)!`-7tAeBs+PnLaV0Oo1K-;GoI#iqR^BNj>$phA z_M8cXE)!os^WaW|2IGa7h~p?|Bbj5)1QT9e5*xuw({1q`kL(DFsxdh8kZA!Fv7Dig zF%}fTK=@~d&q{#f^+d7j;Y78Kjw92!NA&!jStalqP8gv;+@;1K>_8|<(u68L6(cst zHsihn*%&y(!ZBT%%}OV|DRyge#I(+0aO=YxgD$L@c#)Gsl;%f`?Fvg1lf8H7+*Rb(PujN&(`Fw~^;Q37%d<>| z5QJyQ_N=phy5l}|4%PSHJeKygs}(ux;8%26TkpPPS?_)>w?C)Usx+?iYl_@UH9j;?={CmI;9|N?4@cdbOZ%V_EbCEo$2qJmd`TnnxmzZQbS(q zZ~s-!WoDSKis~lZdrz^QRAalqL%Q_$E@2`L_Zk=$ek;l<(GfYf~H-+6n zG~sV$6rS<_|w4XyL3x6XUG0VI*MOykS@7XeNOToe=(1>2m(0VUG zr)x7%<4Bk^UYLdG@n+Dc{b$HQ$Ue?YKo~rVhL$XMc+gyCU4nD4o4KLrzd4ausc*UU zbx8yB<#^&(F-F#@3@=52aLaF7z`)*DMU?Mz+Jl@KrHT?uG`*e7eL(}Qk$0Gdl_j%% zR}^%{B}U6v77dZZRgVu<=e-3dN=>aQv_hxe`8NpBMc%FHAj?dr`}W8S?lLZe_I2Xx zOvNLF8ZvQ8&6ykSChKt)XWxzJRXFXURQ-?JKZ;iiwyGcZ(WV+))?9u=@`d)oLA8rs<@rYB_j|o;o0_@IbSdF+DD7+xx)$Otf38_*X9nla zQi}Fzo_DzNapXaK9Z%H!ntsWp^l2v+Kf}n|`3E&|tA0=2Q9&^y@+6qi~(6KcJ16%dXyOJs#^p^8s3HH%Z2=O5u zqE1er%wp9#^Bpo1qI|f3*d)5A62Dj!MAN_|5sFhmv3?x8dWA~LkcHB^7Q!t&N~S@) z<~Wx3+sslu2aO7u%)Ree)XRja6z-_xfUc70Y6MA(UsP{OcvnD@

zR#jvIG^!mcrno-}r)bjOaSgp{7wPFk_BR!<9K2}+i)_A>Pa7?p%XmxBcR?S&icyKi`IBCUD7}oMK&$fQIkRElS|NuBn~i0xI$ju)zUscy_)dJoi5>D%}ne$`sZ`$^Z|YlzuY;cnT> z>t=Sr!B@hOqEvPfoSjUS>>csgtvr%%q2fDCP_#nt*UUBXj}Je|3gTd?P3u1zj5|kt zKj#{tkIXjDR+yFOE;ZHMR-1=B<=FgtBft@iij)#ro_o`rEX9$l>ydKEBdUP|K27D^ zI{umXZ?IZ#5b73v-e1~=`d2uySUZCu~4c?;s!^GjezCwOgRlN=SnK)E?ZL>v{E?X)-Wj-&SyG)SGyzCo!4?D+2 zoX85Nf!B2I!(E0)8X0*vmjRVnok+5ZfzL12?342t0U)3x-z3gahxoU)|kxd zWHg<6B0p;MG1TZ9l`G!BD@uAk#y$5+q2|69^OgzAUYXtRStR`3g&w3CkvLXD$O~6) z3PLa;nBttZwy)B>YsZ32f1QI5W~ZI&+z>PGn32d7|MJ6@9f3a6E6>Qj#5a2s@1GF% z550@Vq1a<`5<1T}H6CC6vECJii_P5G(1eI?N*GeS7cC}62DQ7+BtmZHvw?IOzj4A{`F7J$2oe3RX!4z`mtr|qA{WWjs|!!+K%58V+WAPoQMG&~Q#6dekV{R^gl z%{9{k!3>%%(lI-NCG2+J`OdW{SC){CEt@Ym)WRpiXMknwU&(*oqjJdRE_DIP@EzU7 zcFy`9kszzoVw{RzmVhk*ffs9D!7he51QsTtJrNA)=to*^Bcm|SY3qJObB2k60Q&_s zq4=~_5xVl+>2#|rq4@*v9Ewi*Jb^#*q)Sb4{GhUF!MfpO1dO|{t{w#FUoXS zXKV%@;xF7#xHm7E5od(Y6<%<7D2Yc*y*|dI6(t?Y)c-aLk}@yNgW8V0v$>S43O64( zo%tIqop-s5OuoV$N=liNwm?=wT_#gA3K!w&hhfz`z*R5yoggz;0%yT7!Pp;$0hh}_xN?! z@UEw6c}9RPoZS86gwF7u^Qcv+`=#YZwroWjdiL&=TW$5OnJcPhM4IEBPqVTDl4iMD zM8&9MI+koZW)O%)6{(V#Fqv*FErk?X`47{Np5r zWfbX~?vGog!qP5dsmsrg`E|hmb1|>JCI7ZAx7bVK{VOuX{2&I?I>E3qfK0cP&BW~S zzzEwAZ3B93b#~W>*q+MUS@+Hb3B*~E#`U>l%^s75wC6tdaimaUwJ3OI{kCVEU+IT> zvf%2)RGZgkVYS}oivN9I!<;L?5 zy+(ETT=u=nRpjQ2kExcM?N-|(f z3j=FY%!JEG%hS7#guAxq4K#y=uUY4<_WO6w3r%mPTEpJPD+xFb(^9KeSxybo|IYF< zn)5E7^x?(L^HN7ui4xBC9e624h6L8!ooWcI?KuHtfJ8URl#BXTiBf`$m&k!h?=Z{P z%^iFeCyqc^eO=pG9T9EwD`G>lQW>+R!ZImWI&ZsB)=Mkd8aAxd5>X8@ttviPj4j{$ zJ+}d@jh7<-wKiJI5aH>vWm-)uR@GqOM7cpHWJ%s1w`sz#F%PepxED}$Q!nv{_?z<^ zm}S2_UDg111l>8jHQiI3ob6Rie9{DjdCXpK#|Dq|YSqQg!(+ndVZDd{{nTFq&fECa z*%u{^{73gcl#Ri`Y8nrBl6nE1Sg6~(icx-+|K}O&>hh z;0??8{btz7Ph`dQl(Qllr?OhKDr)c+S}chKL>)ebIK`A)x}#WGhyl>Hu}B`Is$5JR z^Yx0`J(**Z`|{)vLBtgE-tf%TpT7k&35bj9Fp#J+ju?8Lc+<&6$9UrxGsnf3Gmu^E zo`{><7j8QtEX$WOh~pz@^6mA2=UlZ-ke0VYSlHn049&(zpOP32cqKs+jAc@L+_ZD@ z(B;go5)7`=ZI&;$K2D1>j-Dzkn_&?Xjr`iSp3XUB! z^{$djRw!gTr}-PkMc+5BLV0E@j0a+x*a?siI=gGon|{Ck{NbeHoAfl5#^*40QQYMq zE;`}04)AB_|L+k7@5O3Bu=#665j;hB@MZa3Ws~=w>)6fk*MmKYDtq}n=g-UqGk~h!hRzuZf zI?{2dtVc9nU8q-mMx%tXxA}ZCb9eYk#w&sEYIplb{~rrm@I|cIqxW78GsqGBoR}gE*I(F(ExG=X z;s&iP=J(Frna^uN&d;&wdL7yOZfIS>BP(ZsF5BR2|36oL|6e(R7_@`=bH7r-v=6H_pdi9`yWuC?n%Q5RbX}mKFUG2G7*ejd~1LZBaOOH z-JVH$G~l+K9J^d>E&uSj^_pN*m=6607(@LJc5#lRZ*n|VQbVu)=VvNPi~U<`*1}f`lr~Y z^S-ah$cv4sw>gzFD|#g(0^V_SrbreJ%}Xk~980CwpOYu|e@5BHUcGZR zEU0jfju+f0v@OxR6YYxy%@r;*nj{V)y`tP0_P}fVc7yI-mdlyGd3Hndgv<3TD5l@+ zIY~+GO9IVzSFM%X$4ta7AbmF_LfoW-8W)7ck>~liRY`?c+i&oJsol{^vrR*yituF5 z4Tj676ZOh5OD8-rjmW0sp5?BlgAs zxT=?1&+!8j`Osn{{$5hX+YetkWnkf1>?RC{7%;D^c$S^!7J-b&TVgjc8k^|=UF!?#3<~5@+m-;g=y|4@z@7HUu5F+2JAP;rWI|W>ywiqXS(kg)F&R z-27UET5PX#)XyB%jDQS0yOJ)w%8wM@Sb4WP@$+1Hu=-1FGKm@1cI3Euqi^t&MYc=B z>9n`uC&{SseyFl-XS!AS@IrM&AYP1hgZBq_maNci`D!OCR!Nt(53~z%s^)?Q#g8S< z7iMG}J#+a@9>q6}>C3`2DkQ);bZ@88d^T8NB9MFjX6}@*KUQz+(cTB)E!I*L@9Qm8 zx?eE=E4`uoGd)qCjJpKVs-=eh`C6O4pBOH;i3C@>s$$6PA7Ab&`S6@ONSBHk`1qh> zXPGq=&S1AOFc)u}I91E9%I7xGFq>(Xr=9X9Jv!th1&AoHNjyP6iN8)ylU)3tfKE<< zN!3Rwm(lwivc7O>akNzQv;X*nd?!@FjRNtTm-5ICjLe&HEKTN3l~LJw3D04by4fMJ zb)e?UBP|`y6zTA@HhRWmAV%IzkNYdJ}UAQDMlS;JIO*xlr zHb;FjI$mQTY=|GlnGr}>zcNI}qHdnCsYTW0X6QGspV?{6gE+a)NT}hSO*GASlM6Qc z^m`wI@ai2+)iVFjZ;@>mT})HZVc$BYlPp-<@^nlacPlMu*0__dJPxQWbQBw;Z%AHR zzl3Q?H*4p80r{N_L4NJs>>VOms2hH5m29uXaRV?ZxpVZ%Yd0}axsk5y#ZnA%v!waCIsRCaEHsD8Ubk!$gS#G`e02M_9*ReW=J_pZvU214H* z#p+x`;C6*VE;sJ&BCI=~Cu=id<)sTFmG}C~&lFC#DDbRz_Ydh;-xu2X@gA%5%p8HT z#SSCfP)nnYrkcr$EeQ@aBfi5^#N9j0<4Dj2xUG@K1E&)z#8;BW*$$v$Aq7P3KI(4oFBx4cDguauc%hNZ7z$XZR_u{h72ko{mUMo zBUs^F2;Vy}AE^8u2vx7lJ_|VFTSopkX)|rI(OC{=O@VUW3|I5f)NJRMHTOzcU+`$G zA!GGX(xonSP^ttT=X?Fz>N#TB%qVPovBnCm%l`ATlV{6Q!**jfpEF%%&iQfZgjla` zMd_-srWId=ON0V=$&2AzEY8bbm|}t02NjjnYWEjKw7~bE1$jl!Uv09apT%IZUu>gxLY#>QJt50|)WyyF+^y%Tsts1F3d8ov{kLS*9Rk+&c1 z?>rLa;?q6($8^y*5RjF{tOhuUXCKfFJ zwJt{{*@DkO!3fk5k!b5}FTHj-J1N;g8O6G4?GzGI*J#Ki+*BqChxa!B5CMlG8Xexp z=X!hzu~unmi#$=h=@zv= zA>XAG?!-6TkII5{R|Y`@JEu$dAPw!Lpg*!r^}{>>Eq!h?Pp0T;16b3Zc)<%d@; zow%u$bjSrd$2dJ&ph_8)@S6zBCRPXg@@9~6fk96_C-Q_9s^e1!3)^|&B?)jD*Vo0k znn>HwK|Z_-&X%w1P^?=R*!&Q`$@)#SmN ziDW_E1)J(|e;>P@C3yU+z`2kNF=fl>(mNKJyqmtUUUMNL2uq%(1I&Sz&(UMYj57ZL zR{u3U{9EtvFMq%%aIk>gdOTZD^lo^F6c;7~Z3pY^v*}y?;o3)-;OYDRZYV|hwU4g* zjMf+Rw&9gi`Y}E@Tv;$@euIn!j2l;1%Bu~D8-%>LhVmzWD-ViH+zh}0({iFOQP3g( z4jzL{KX2&UaLFERh!2u=rY#KSqxP=AqAmyuc6iuyv=)^@fC#q$!nlh5Bg+94;J z3M?19U+?X#rL0mt%S*d0Kiz1F4!Wr;U-puo6BOm<&g|H>IJc#x>$x`UO30yRQf%>n z|JN2}>=jl*t0pSsXgCUBn<+f8Z{1!c(XZO>UDRrQnmleFT|scsYl4SZ>SO{ai&S5o z?GnCy8>TG-wv>iQrE5fmd($&m^|n@4W$6u!M|VEi$1v60By0To!cd7A%URL*cinOm zA^n4%=2+dl1{L<^sg=^I#hf-F*V$36jFpOjE_t~!6C1hZqW+wIX(gMk`i<3T#kcv^t?|JZERoi9&^q>m zF>Zn1+XO*%+wq!lY)giYwEewc>nRF1Gltnb#P^tYtyYL1XA{Nak)`=T!m`&!9{79& zDFyc9EuzaQc)`QUkbQTSYzueGUHc3VDu_e3=82l>Tqz~JSFPo^#3`S6$wHf_eoID> zlf=Wmwqqy}*sVD7x?KMyo3LZI*HWvYl4ao1tSBz1xlk9nvE%f!kcf5krkU3af3en} zDSPg0_@(+z1R3(eXs-x4+68efmN8{$81pspO(I@AK0nybUkWo0a$)gM zG1#krD+vDyHver_Gjd9!i*M2T*7~6s$JZQOrxOaKbaB{Xvgs}>k0Vc&<9*5IXn=&~ zG6tg)%**}fJ&mUor9KR~7-k1we0fGv^>r5qb}RZw@T2g9yc**1>D4C%5Cma6FQ7 zK)~{6E_R~HVC}LQZ5U|X_gKi(-ZLDfR=D7f8`t`$#9!RFP_ay~)RFc=j2DUz+Wi<< zo?d4WOU6D^Jh$P9{aOAkH9TDq!o@vroye{HgF%pQBfCN%M#^F2E|cPr>1d^*+R ztejA35Ty+#(DZ=8vb27O$9T^A))4VxjL^BnXmRm;X&3wQ=7n1;oS_rJUejjkIvt=eY)bx|u`t5F`>?~!BZN8X81CifL zQ1}R9=)-#(KH~=|p!t8tZt3eRp}zl8wZt+lS8%&fjib{h+|P4rF9o@!#Z1Vbl}v5X zeRD}hLq;~!&K0F=>;Ql9=eL}Y43lyjoQ!dq>(k&2I$e@In ze)?*y-t}Q3?xLnf7smse<;-9S`1i+h(_hDLUB;Iz_tj;rQ&0*z$&2JptySt9%$Mpy z?UXo)wGP&<5Mi1Lzl*#%Z)KLNn^9@?(g?!vtf;YAT8%5qsOut&EcW3f(}rWpQu$hj z*Eou%QcoPB=oMJ11Nls-F>+OWq~1rpo@_VWvN;xvpWdBmSd`tZIuMtho<93p*3F_q zm$3OdAz|9ONLNC2mE&(0-p$}U$tn9TFxOHK9b~u8_@tO2Wq zzNEOl?Sk`bW%UZ#Sa_aC!xqomejN;_L+yetOUvxNLV5G0LKh+F_3YN`z(_Sa*HIcAP@J79 z_7N^ZLVY_wShOvjCTc^a9Pg-alE%fEGuA6?w33q~^_)cX*5@x0#qAw7dnX4JNN}@z zzQlKU?gLwCH@0LK6cncvdr29%8VTb^F22L-vocoBb7RN@ajHX_SN0pn*GvupbAi!^ zeBXXDqi2(5Xp7{cy69fpxM02u@y@PL_$Y7sj#MU(7eO?3t0hRx(8pKuYqkA^(fUbO zdG|@ny3J~`4QL0tYTHGpgfc_wR;Xd>KU%Q8qtMUeP@{@#)Ek9RH~hrs(y6}FV{V@M@G8~(byPZz7Up_h+`wAH`C0l$@E%_eFtmTWQjMQ(Wvj#MAr=y*lY=YxmHy?qQDY49m@9v{bvA% zzBlHR4tM5}^VSG&9qSC>(4N6W*(Z68Y}!k-4S`r&fbqZxS-4V5S7#cMLY|2^Bdp`@ z41RbmMO|U7%OaGMw|WC8ooQF}{_T1H>xVjVD)a(n#3e%tm(Fw%)?wS|CdcLq&t9&O z09gFw+dS>8GuQBD{vjOQOXlLE@UI(|CE}E{mEdV4^eHF)B)(|)->Tt%|BF-3(rcwH zScWW;N+G99%a2Tsj8!W&YL|;cc+Yqv)qm`eOW6p1(;IFjZX_hsgHjtp-7;LW?f8#v zt^f8&UvB`YG-Ms+Bhi*xC+=m{vpe=HCCwC^`(nMq3+IsP;tHI9pk&?KH&Z}x!gO@U z6s=+7eM<{7yh56JhQ4*LGz&_5&7X9qS?%FGTnKW0L20s=eh+lFr8eIQ{~o=*qwpU3 z`s8~w&k6ySW2xS~Joi_rnO(_R?@#3EQH<4UiSD`o{>uLKPaiV=I?&wXKUj4iv$O81 z@jXvpY4U%lc!lT33RvAcEAX#32>;Rr{AZ|vkbM41C5~xl&N@8Us3n}*vFDD*DhCx@dy8i|@z2PuKy*$LC{H zRfmo^v`;Zf-|S3i^*y!sOz(+y+&b$n_@&zqgXR?UQ?(1nc;D4SzfPNH&}WeQJikqc z>90YO*YS>iYNuZ}M~1f&ZsjeUu|>^3PrHSADtx7R`_po=aUJxHtm*FsQ|PgB-R(kM z2MOAtVmk%pQN8PuPeFrEaP}j=*f^Xq6&^zi(V`tDv8pd`Uvc}a_#c;v|0Of3XwyT= z@r5hX*B47{VbJhaN6{E>XPW5mon;j! zW5K-#`BEvgu%QZWUZUXJlXV1pf|FQe(z+cvRhZ( zkY#vmFQ9>#=pNxo7wW4YmQ&u|mUN&W5D>b|6#kzfR_Lc0yp2=*0?P}heH(VO-(zv2W2Nha?a3(=z7HBk{?eM4i=cg9-iT+b`;Ff_YjKU*&tYTP0&XKmJdd^~wEY7(biV!< z;1G{v4WfjS)$VUaylE)Zf6k@of5(?NdJ$LSCd=_Hk}Vl94>j-I`%_*{<>A-oC(B`L zw)4Yf@9zV~CUfN_C!Jx0U+Erb+dTnuS`&CB^_^Zt^TJ!VSEh2!>OA|vZh;ie=Nni{ z$i4ISdYr7=#3!62LgKxQO||0YetJT_8kP%Ac?uBQ$I%Rwzdf3Q|0e&j75c@Gx0T3y z>9`%4fXNb z7ycLlWXrY&*xIpSprvHLn`G$*tfN)|QBMnySUxkg9_LXs0?LK_Kpibf79S)jaF)HQ z4XE{LvCrj%WF2ev{&bljA zdP2s6FZ&=cgR0klbLE^`6a({d|K_s#HSnDz6kAZ?Jf+QL^2CWo9HTF}hHNSLQHLtO zugPH3>+`WW?EF4QGZF0TeI+&IGNs{;Uv=pTr{OwljU_$bMa8%;m)1uM1%v{TcC_BiP!6s)^Bu8~ z@L3p`6Sl_in>@rLgI9reZCkpWmxLk)@Uw5P&2}|Xq!c`C1(cBYay2K;0S?=m1=;dK zxehg8-_Nmx8Ov8S6=9Z`{h@u4`FPIG${qvxIWStcy;U&G>mi=64lq1K%1-^L)+&j*;{S1wRO zsVeZpjLeceKNNU8SL|LqkqHJ{S{ClkeAe1puk;oXpfY*^uWN-f4cMF^6)LVw+U3V}A)v zIVT;R&NdT|9dRyxaqWBhaNdn{S)cu+?GwVG7rG9AcvKc~eBMlL{9ba`SWPFrDn_xA zSi3K|OMYB{G$SlM;rFBej+hrj+628@y{fR1P}0Qd)^HBk&`FcW0GoE6)NzYZf=+-|;?(@B14`TDhwrUK!0Zh$K;oz!P5z(6h*NH*T4A8!hEZ%r>n)-BU{_)~LH#mpe!L*oQf*}%7s2NDRaAfs9D ztj^>ecS%mt2kw^Mkw%RHRYgFZ!up4frltg0%%oBy1X$S7{bX}gLJxYbwh49sDT0i= zba2V6x4wN*E2$NTYu%Jw{dg06rc<8gAiLY_X(nF22y(M-Khj;;7LzF&kO>ynS!;~{ z%qV`q(8wlccIoEJ)31RH2v3rXO+IayX%S|hWenU`okuHgwq=lKzc@{J%u8#`9m8 z??PcbllnZX6~YU_B@bF|D)ly03ma)E!>NnFW+H>oolAPt@FsvXJG z;gkbfV!0sQ3oOop7k!yG=x3;Qmh$+LY{2^5^Arc^v|^?iM<$aDsXxkq=#wW%Rq~#Tm9wZQJI*PiO}Da(58VXLVaZ^*tF_t%mt$1+7#R5W z9V^5ru0^q30qT*a4t+TdtT;pZCV7rcN7C%ult7_PJ);Zw3H(t8ppC#C0|qN% z4%7wz>5-Zou({RA8wJk3X_JPK$yZW<+uY5Fwg9>!0v(RPl<^D6G2F^&s7MHq5Nqwt zskd>ZpCvWTlW|@jfX>d`#f3=VS zMV+DE#l48hDhv2BsUE8b%29UxG16be_B8>G(Bf;eEm>oJ;9%w1zDnmeeRve!`5rJ% zZ}9R*Koa~SAZH<|UGv2J;85)f8GlK^4e=6IYy|a<7imkK>_32PJ#C><;q5s4AmgJ! zF-J)LU&Vu2S#aRzr0tNJ@qmG{*IY(*l+xG){>UXh08ehKnWrRjnm&6w@Lbqv%YIJ9Gla_Q9axcWv3`yo$THUdyKlDJvvICy#d;T==G=CDJJBB^l7 zMzT4#6t=Udm+=&^*q%^u1&R?9PQhisW*fNH!aM7|y5-QFk^z04pX5a?k%~V`=+FqH z(;H)%BM<;(B_oPVsxDVVl*73WJsyEOpPd%c&uh(83j8tb_;Npcb$o#b+br^$)O7D8 z#_x2P>Owr%lcs7LZo^%r&`G=*;uu68>PlIswJce zTw9B8`WUQ3y02L-#Cj^U+?Rsy_OP<)i!v5?BXg37<@?aH3EMD1$8J`PLw>Ar{giW_ zilKIF&rp4~CxD5&c%U0WeX|#!gB9I7;dg+y?t-Y@`eOj}Jpsi>+cZ3l4co=!4#eGQaqOzEwKGTOS> zhihM1JBTrE{Ft9^o|2_|k-<#Kmd*L7FPm%K%3W=L1R^Wt3Ep15LJEFu;Apjh-J(?I zGSw75{()uN1aAB2x@s-;_`B7ZMx`6P@%deGWv2w%0h!@=$Ii`u>X&&v@(&zp_shz~j{VxUdCeE`e^9!PE@kH3kF>sx?*GN&8L_ z6Ix=%EYxU=w@b0e$`cSKB!Fm1?;m5J$M08^GTMA8ToMax)UEA>_GrAEy zAd&(!gEo>_w<5uaVMyxjjTe7PuqSPc{S>%Qc-&4#+PBae##@dLKAakmfNdZ%E9v11`2 zLpy=PpWHpCXZ>}qOyJ7aIF?DPIR2wtuB~!~rSIt5W&^Hero``mGyIzFh5p<+u$G6` zzYz)?xjX23b_l;^8Fpa>KN6P*zR0yTUNB~$$XGu~#P~d?jC1SV1LbEf-@lTdndje}=O_1E^7+1B+xYGXQfpXRJa#rUuDfyt?60kRAs0rLyxHyH5 zNd^UAg0X#bzF+;>aqiT8zXve!9AXkJ2!lQsHRv$W)oj-t`L3wzGIocjfnX3XJye9R z)4COOrTd62w_UZ9yORj+eTr3;g~GR~y~iUH{s0E|r)qXo=t^TpQinI)aGB>(qDCT6 z%5K`ya9M|Qv`^qI2=@iBuO(}P_g%J<*uX6}E}GYD-d;7MDaS$KA+XJ--&aw$`zr={ zBhLznl%jepb*~{Cf>t)9V7qmXMlS1dayzlMvoOB;p+%E7L5J6!TRnYOMKaOx&MXL> z%V5nh3DiA79e3NW;gV%nxOh>j*deh0Kev;=h0*iU=ghf7;2u+Dv}9#e6* zbQP+xLJWD{P4i;lJ89uEQLe)SpS`%_xDfTmBJ15vmPp%${sQ~n^A_$!yAaMXy=YO> zQD@HeuM7ezG72Sn%41p_(jT1K5hYIQ`K7^vULiZ8d4%|k&7JTALV`iII%e*294#;E zZqo-9E;Zw}AuZ+%B#VIgi!jg+^^Ze^IScO>JU-5;;9KOqG`#YODQp*Ki41~Od{BK$ zw>m%YnMzy756Ii#MT@2vzH8t-Xynq0}M)cpKb>` zG;BM6i#R*rk&SYi;kzKsq(1%ghu3pzRHLoy;B9!h@(>}zqL5A0#9BrcbdinYouEyu zwyD+g_50MEnL6VK#wYA&WkdG1k8PDHT<9AdO6gTR>mr{H+7z38ZHZmuI(R!ZB@PQgc zuNm`x$NGw2oxr;w>Zm5){vU>feN6++)C%@XywDhYMST-s;^=@i! ztdU9KW@kEEI5FT)88-*bcCp(db;5Tn&vuA^2Zx#Th+~gvOEG2luiAQ2k_lq}t<)GLGfQ5l!PJl7;hxiUYXMS}$+c0;f zF1fWu$5gQr2wNQUx2>R1cdHJ%)1d z0N>CZ2cJT2nU`C?P~4q+PZxLB&tuAI@#;HP?>FWVQE;8X8VI~|ZwC1(EH7rksdWzI zzYj3bmEqbADjcyTF3~jbYv^*Wn)*Y)-P;CWBLO30$;6hxK6&R8Yv5Cff-0z`pSu}O zrDTZjMR8mN68?8niEo9SPvmdrA7VM{pXMUR!I&{8H01K~Cat&0h?^Ij%0w`kyHBNT z;iW`4J^^X}n6wSLIBCd{rX8U__OeNLZ{Q7y?S5-f8*qeZhssb}QN3{GVD435V z>K3ko$!$V@W`O3)v!afX&vAQwTH?}#4RGO*Qd9+sYdjd?rc}>hvMi+-J~AD}-OeaM zkmM0>a$#U{G!4d@N%Q^rX@88fh&S|X^IUUp`b#_g+FhwjhS;rzK`n5l5T6?$;T0>d zohG9r%;eGB!1|IsbXUWNqs#oU#H_KFNw-m42+E zKWq;aZDF=5Id$C@86b=W^_O^RvpFPT*usp`~&QG<0 zsDeNct`imv7u-m#AGzT5!jUHREa+OfD(Ntl0D6KWe3f<$QLkHE@ zU``b-ttOc;)Hq7Wb+mS3jUN6-HE(@{}B)hMv3Fu{tp!QZHk0@?1XE{#J zfdRNvyVi}_`?!ZL{oumFKFl8sO5MW#l)f~e%kc?UZll%vuoc7#ZqPW>>8xK@g2Lmk zhfh5(QhhJuexGGfrL{v0p`9x0=DN^RXS)QEJtK7QYtazj?2`5ZohzFr1GvqB0uPPD zlZZLZMReIyhqRJH)0z@CDW|O!jC3vCoa-z^amW+2#Vi%ZxPlSKjlIu00cN#rn-Lm> z0@Y!8;~00Fuk||B(M#)D03W7Cb#Ywz6=vY-)+$oQ3nE3DXheV+PW#?)I>0#{M|Iq?iSYt+yc9xA&?RF=`xy2ksz0&1N z7D7so=&omB14|)EdAcX8yYgJhAHd%={4mDEQd#9yiwUVEo4C&x`{qY89U7b|kw}`R z6yNoH1W(X)Wa?h=O8;aJ8Cp!W?e-=svbUw+R;*k9y=+>y%#5nm( z;U^}saHd6pH^FC-c0|5=d2%_cNUt;auwA;>LM5DS_#DMB*~gVPRrLWc zN9`PZIPi6ef=NEONl-}XuIT^+?i-SSgL#>SX0jM}d=?B3k`I`FEc#q}@G;@W(P-^T z3Y9|E@x2c@HsqUl>F#+~ogR_5sksKPV&rE3>UD0IKLl$jK6maAfS1M~j`=zKKf3f) z+t~CeSAfaeNUg_vE>Pz3Xx6#uMm(pMf2AQKT)j`By&M=RG}JMbDZ<!DD>IWz`N4Qo%%pydf4+>%C43azP}e2cxM!pDLx^dfORkG$UAc`-yB&Xc$e*Sa2-mU7Z`Q#| zc{e;Nit*uo9m7XX&7k14ikpYJTwwB9yE__kCC=;>6ySoiie60=U~&DY+>Z_{n6|9D z<2C5G^QgPj76quut)}8i#6xJ(NQGgD`6r{Jr(1!cltJ=A-CK2z4|HRnZ8)a=VGIv8 z`J*G0Pv_TSte@hWG#0&)vpthN{)e7Bwv47Az?%6 zzJd@%?6D8KtwQ<@xP)=4euKXUox;5jfG08n>o;)Vf=Gf<eX(k$Tf;D3t)H(a z!5pFOP5{Il(jhbtSj;B{I{&S`y}*gt7?T9E0gSS3n3fig{&f;!O@Mv-2j|4*`oh*_ zDXdU!aO#eMq|id8-Lmq$uan!3OY@(lV`uYa;%JDqv#>>qp0;~YreSSc<}y*%dG&Z+`=lU`)Xj$Nb^gAh2ZCPIV$*7OiJUW1i-x7<;>8LU!V$-r zb_c7><*zkY9GZ!|-5(bA2q=V)KlJ8u|Fq>dySezscal-jFRhM!ZS;nA9=+gjC+^us zotJFM$k|tmX_Lc3{dOJFH4}oVhkTpfZ{0?3y4=J0Xn@NR)=kb! zQ!RQDgay`U;!tDFk?2Tp~HZ-&ZG{(^=Bnv+e~E^gFCJcBYnr23e2Z&)F@l- zoDoit^wG;y)~Db2*=H9rwJB5V-R66cRj0)bv~L~fw2vO_EVs&-G;$#Tmd5RfNRzbS zQsj(9@3HLpD$7NSsmkW`(o!H}i^{YPAZktfy1dAsw5f4|H2-u4MM6v6%vwUHjF-Y&d?;&h`miH(d5o@x{ za(b@9;{|H&9dw5ue`dKk^QZb^^MYwLEJhIDEw+`v55JVAWnljXjUF+wW-^}7;4N3%8 z$|O$XWnQM&zqh0a7LEm{g=07ePF?k~JXTHnxmKFj%kg0W!zBkB6#>nh*6#YkIUmRS zvY{n18U~VWK#BK`_%)fwvql7e$VB7-RXboXyxUchw8N5g ztuz>`5Kf)vezSYM6uu?^X&3}@CRPWZBzLDI*ir}hw*tt6h2~!xsE+N&Eql@(j_m#H&re>u^i5EtYTl>V}jgRa1N%Gp$(@yG*N7v9E)uBb6gKLx%U}e&%OB;LSb5 z4=~`yzbskQBUg`{8Bgq9`#9*7L6|Ge@_V?zB3f#asHs}W%AmH40`W8@|NV|Ev;s%7Z%Eqe0a2 zri}inAZl8sS-%zVRZQLsq6NWyxtymS%doy!!#vVhxp%R{V0iFe)#{O1ANR)B^4u`=MT zS;Cqr>avX3Q^VBdX4>?4jB-4SIO;A(dauPZl>}-x^Y#O<@fgTbq`zedA(;k^DPiI_T)w0cWzvUTNsntV!w7d zD3I0%?bRWi7w8#@9MQqW=@O_=>15Tu4erA{ps1d;wt@~0#>K44jNSmp?81!pB(WJ= zU5MA72RiBM2%L!Ih;>ww_=xARGA%%Nk(Exo!8Ld=0KovPu=x8;-0G6q7R`w$FX!C~ zX%aEbOBg6NS6W#8JXqsLQ-+1iDXhBF&Q)_1SQMATxLs-Xja7d{#~|T9Zo=D&r@oDe z{N7gkubuvzCgqTcewawIpiY_){n8U45r0+q+nEU4ILdnCTe{3b`F0F+W`VTz()L}K zHn~!)SU=p&DpC2vs$n?idjK4wm09gZ2w?ZemAf5y6qJAXX^HDRN09&$O4Jc|887&J=8wltd%5N^h zjs;|$I*l;XJS~2iANrRdxVSp2q};ffK3e;BPs%4f8CDG>k95pU@^x2~QDgUzn%nuE z7R#AiN+cW0;=7F>gUF~}&&3UMYE~opkN9^QoY$!3h_B`n8fO{X_*7NyUOg|+nYnUe z{mWON@=xumox<8k9lDf-jn#cB@66X!7%lD?(y3tJ5x_rDS~dd5i+7nLQ+~zCD>DrcKT+{XFk+P7$_@zI$uYdK5r+PLrX`?$nJ zo0_4I#%i}hHZu2S@|>o(OU$R&N$8F#AOwFZWY4GswIBie@g0$C?$nrvpP9hzwnw-% z+P5nwIt5ZxFDI-Wbkb8=F@g;+lIrKzO5v5{o8r%&t3IE$n779EwNd!b z0TQ!V?5rJ0QZ*`9^CrAy49{~UX^;hIDDPWz;_xL| z_Tle-BszUcz=Q3__QcEWR;+I(Z=BMq7LwGz{Gjs_p=YVgtzqg=>n<6w=()ydVfn%Q zwh4*}#+2W%&9qD_Pb{1+jiIXXG>~m?>*yqM3>E@8eGBfQJ~2Bxnpk*d;LX`i%fEn9 z-C7#?ub-?;n1JG_B$UI!T!ar%1kKw&GK8=H_IGA>w#Z0To`-Fjrzp^)v<5!9RHMm}eJD4C6ehSZ8v=8gOqT!uL@w4Z&#e>59> zw1cmYl?yz%a)PUHaHe%2xoNe_RAQzsIbx)<1db$W;&yMO!-uu>hUIyK9X|ngW=&UQ zNwPWC%OSRiCE)VhqVVyJ<>9)H`b8XR+<2#+wj8o1zgkpXy-7$v0} zmEve!6Le&0BfsG$aXAY*95N2|4?$!$t=yz+_o3F?PIjF(H*3j?Hs9B1`X3V|jVP6Z zyo`EUN%MU%|H>-_H`IELH_89Wm^V6HCVnZj(rPlCGP73^&>BIbn2{5Pd(FgKXZv0MI zmsl9fS;1-LMW0HSL2Vi5F_E>iqDe%Y?^4x7Wx{<2zZ+TwZ!*PB?w&MA%FV+rz42^O45t5LI~S5$VrCsoe|FKV9`?q_5ll3 z{B9eIRJDj>FB#E}v%{*d>v_u8(srSjw316j$`^(0p$mSLtG<~v)Nsq9G*h(ro}#yy zYc#9!in1(g1ALfOcw#?O#ebfsa|eZXy@uou!H4RvVAW&NM7ECkUtbt3un9L`#1?1d zZ*m1&2NswTPQ;5=zfh#LUpd7^elj4Phr;b z=9KkblD8{(LmGaAKYN|=I=i)W?WH&DpFR!I)(YCF@(*JnzLf3abHJXZmAI$QJ<`q8 zZ%|@%H`Pb^L1rNAO{M*ik@5?!!sasGpxp;0=)$pyg?ujHZb6!g`NdW{-MQUU_U$)_ zp)XEq6yL3B3+Eu6>1;4Oy(npiNuCilY)etnP0$iw5;CoJPQ0yecWd;FD?X`H+xU}x zLD1Tl(&~n-TtY{rp5g_B?{X3|v$8Pl1ta?MYd`bvQ;|P*UydfPsY|AL(th!>)FeWb z&Afg6zzSAdf8l+h{>Z6@^?L6?CF2PA) z#H+NnnX$bjDUjA@_zVIAicG~bRf6u+E&+c7$*)6_HXyXh$zqmengQl`ysP-fP2uci zoAHB-p_~24ck`BGSt{@xxTD|mXu}peu$_H!^HL7=kzV`$qx|rN8`<|Obn^pVm*vSr zNZu)D8b=!^jr{UHUoO3WRgIpI%^W1YEUaf?kVynfb^#FCmBjw0;gH~fwnIvR!>ey; zyLaec*m<=4qR^-trw#sPOU#?Y-nd?ylbbu^ zpPQFA>LTwap6nna6Irw-5MC6&@4|iO-XTqC;sC`D^3tbSt4#{J+q&6@VQlxE_kYp| zm9)iFtR;1&4)45KiJuusj%c6rh>tI)v@K{N;wn&H|BtdWkB0j1|9%LSq*4imQY4}5 zvP|0SO9|O#lzrc_GZXrz%@Q%$DND8)`_7Q;Th_rCWSbZ>)-f0}bAR;xUcYnh`~2?9 zb^YfY=gjc=yx*_=`FKI9BswiON!2`XBJ>XUyS}s{-uzaVc@8CxF9}b9+Z6tthhrT5`Med3QPW>lr`opl>jVqxS1d3s z1o)rkzoot%bEL34u<4!X9NfLTD#N+|1yG=1--f_<^urQ8tsA7wUJMXE&EBKGi3}gr zP5=}|`<#VeDiRwTK}Gx(|D7QR>VrA}WkErb{#S*;zSj4St@^H-<-{Mc9!Dz24oqb{ z{HWW1?9>IKPlf>SgTnrV+NHXG07s!LCY{RDkUlXEq% z^6$9Fe{|gWH>u^DcE^V)2NW!t?OmGRuaNgE-dr?#oS5^T_>A>G1a#w<;L zy1a;wBL1K!6D=1aEg|@YYx8S(5d!w=M>C#vb6*7)f@A1w{vN=$K(I=x|NBy0GiL~W z&W2X>t4LRFDpBP=NW0UXbmyJz;h~%AF&(Z=cVMC(P3Rp z!B55ILoBzRk~k1t6DGOb|Nef3%t%Bpgg#FQY-*C9PH#%vWZED4_0S*f3z?zEg^K>U z;n#?a#Z5?83)~>wIT|S>9(!~H-SLhcW3A^S|E8h}5?E3OlF9lslxwPbTN)vrQ;rla zpY34B@%v;NYMD&dtsBN$SOlUcLHYGb`j)6WmJ3vQ^`6j8%L7OSYO96nqV4Yg5=@ zez5qx#i@(*s8O1#U!t;a-1ntgpU1M4_^ldW|Dc zflIE9HO+7K9qkv1?T=+RwX$JYdF$`+F8VlQ)AVTV>qsH_iX(3CScLG(KSlf??}{{% zc@B6N&jl@^js0CO&hIIBxG3YnC;3%2Ia-StgE`HElEglkja?}}RodfAWaEMxArO6*a?mU1a|3jcCpetb(_FZ;qmca?tH9sj2l z`QYj_qXcQMW{;F<^I-T)Z_@jhlbl?~dFvq6%e}S-STxPLKVe~zJ?%(dES%wH^3g}l zGyA8iX?uDny^kR^s!6*zNaYG~<561iKRMNz?3WZ+-L!(m^!yKId}xx1E+a#|Fp>5{ zR(P`h12)|Ipzln)lbCiC`H5?D9*F@eR@xz-Fw@V1JUgyv0XBJAtn?bdUQngKu?BXv zyj74?(H!SGiQw9QD+2z9&41dsH#~3NnsX2kD`pJPn@~O$^GR~*>VXbjAm@+s;x-5a zd0Dea|6k7Q%m2rD>HlC9KjfuXL9Pb>==rtD@aNw=EL-~Kps}CoBbl$HzO;5Y+evlQ z5M24%Z)jC#u`AASZn;xidjQ1M=eMIIHn|+Y18LgQ+vmL!d;T`yXWqPIF>Tcq-HwivYeS1;=-qJsRy_JTtZ7B9iY0O z3_Q|w*nN=OM3wtSjG{^mIiFGNPfu3UjrAJ6l)L%=K1z%+_!GyOznF_k2fx-{ z!F??UQqcLW6T5sN-8DQye?g>6zmXb+Cm`oR&j3`y-!TJR#*HD#v36dgmm&^h?&b;AJ*^HWy(v$kb zHwcd8Xo&k;tgb)AD85?q4fCrv4J@v6Tdwfx*chtovqHWN1#!dp$qX(4shO}cdSJyQ zy7o>Y+paZ{88!1VjOFbh$8Xk6rdHKwAXZQMx9q>e$dDMpbk*W0GV!_#k5R0oLv9A! zR9v|lG^t#ZwnFGHQ502t(t7N`;>StR=+nLDML!<*1-mB`wX5NA!az%8RInm#I!v$5 zV|MrG-zI{*!$V={2_P~iBqVqOOMQ2dfHWP~Aa(W6`E7Za9$34(z5@x=Y!j04I^4GO zz`k*Ltq|V{=h*smBEsoR68=lZzd!0n1oWjDMG`OR<*ZJ0UHI%(i-}ql5x?Lq+F{dnQ7CtT%zC0?ao7#lE^HM)-W9O0)H_gR^zb9(xrV!h zr!`OX6Go;$enO>PPd335%LeMqi@@x;)TB3+%8{K#H;kO)7qw(xbv`|qm-C!?!2Bnd zm&7(3>xIy!=uOsLCh8@g3*CO#M%Pa6zu2|2qgCE;rLA920vTjP<6?hR`iQQ-9|KNQ z1);NqFj}ps*hes_x^0lUZJmgP%`MA3F7;GUD73&T@k7jgo^aw~skQL=nrj&F^g-XTo`#d=5(i?w*4t3x;jU$%bi8 zV1jYO;H*zc2k-`eZs;!#130D2-=qrn zB@zmVxN~*Q>cH7IOodGX>zv0DFKxNiM|M7n(~xuuv+_-%+Dc%qy+>Q`QtYSmSw>ap zV`nz#9g_XhLW_*XU} zyrOW*54@j^G;aKQna0tvRxYq(S{$_FnQKv7k(v1_EM{wXU|;Eot??$1lY$9a{zOI_ z?VF>6#=f#+7koA5k7ZqbAlUi&nE4?xqwvCE4I%xjUkj$bbg+%=bWu#d8I*^nF&HsD zm$)c>Hy%0V$T7H#T)__C>&(pREEc*)_~m`QYvOFuT|>k~kq*Ldop-E3w96Gm=D3(; zhkNL=GvYPg;VrQz5X*&#^9di0eiECzrOA1cGX93U!o07L+s=C+z}RKN7Vdx01Q%eL z_Rp+ji{sBE_^Dgb3M0<_9n5`?`A9_xHh)q=Kb7+gscAvb3%_w+gFmmIJAEDy3vCjy zW~l*7xj(mp3vU1*5JdF?Pc?vQu)+1FP{vc%gOAv&I}dM49&RHxi}bft37dY}jWKDY znub-}5|de>3(WkeAa#RYts<6_G_8}M`i&~F~Q&_X3p@^_>Il?81_m=-(1(=dSTfMz|=+{sSFYVg49*6`f&oJ6m zjN?`tRh;vjbMzxGbfWe+amQ>1 z=Zfx0X4=$u4wOLWrxAe`kuL9vN^ZmF5^DUuYJ(QDd?oG;i$zLIg2Tv3}}iG@Nh-IA<7X~pgi56=G>DKCJy zLn@P#DA_KxbMKFKWd$WXQOLJa=GCrh+{{YLM#f~}E5<09M2n=6Xcn0P3-9hz>W(2g z3*1kYC1n+5b1zNlfa7zvDxCF)r`$H3-3oSjyT7}Y8h7wVZiJd94P(f-m$ot3db_Be z+exmeYPWmLYx-FxM+)P`4ZA_-eot(kb z&;8vYyFrUbKy+uHg02pk@C(?Wc5df2WmeX!jEo@Tl!Fb0QAE8~@sHeE^=Vg8)8Fp7 z9Lhe|E7??!getZX$us3@9a>Y}@fvJ$+ilf<$-zDg!)gn{q>*MFE+reJgj(yyz*y_0 zn1~F5>-?N-dDe zD907@Jk$p(1NL<+tzsw{6Y4}0zN*%X7mW@pjvqcwr_MT*^dCOds*8kyjIV!M3tcTM zP>ndY9$GvkBInDV?SmVB<~0BHx?R%o9emcLSMdtB z%iQcEw#*la@WrhudJ->^r{bU%)}7NwK7%O!+?}CKw&RHVg--6vKQD#Ng_i1xZcaa~ zkJLOXl}UNq)(-R))!~9sMd-NpKRrB&QQBLH1|^Qu`3_orVqogtPXdx^RX zmNcgydrDDaa4#;2isc#UR)F$cJdLfe_kIDPr^~b1=(IYdR1n|L1S2HcB;s8Z>q!ej zoCL$1vLcE#p(DN$`q||_ad({8R*#oZclREd%5FeMO0G#jm~2++>ygQUE$kW7Q(|uTt|X=e01tBYPxIoY|~%ZlouB`>+$L+)fK6X6CajJLV|d^@SIvJD2;o)XPfCc#o8_mQ;cdg{R8dekA8`?Hx8|coKwu`R$w{x@v`vXD;nJsuJ`3C3wXQ!r4+Wp%5%CV95KvdfZGrjrCZDal& zXX4n_@VgI{bREbgo-17k_L(|FfHn)B`H=%>{qdJ?%~m|EYcs1o*@uQdR3uj3_`DeH z4ag1pyWxLGa~bxn_XdKV3Ypv^)@|r2Y>iq`jcjaf#|2DaVJ6#4`N+9JJrGGQPRwkC zr5})?{hW$F&ZY=tByp#}tMRlO+XTDHbtZWW%57PM5YF4d(ioLkrsO&u$I{j?UYT$2 zGc*k>fw5nmAMnOlN+6mO`=ng?kMF2Z!T1Fjoi z6BMpM5csQaMzb49<=5o8H0MF@Bw|L!t$!$I`|DKJK)k%GHtO7`Jz6}o<||SQ_X4E5 z5R*}%so4_P-)S>HM!>HvD>DLGN*XFBkwB^mMNN1#Rok9`F6H$C;dgvif*YBqU^%;5 zw6f~K!jUWGja0XYEezbXby<|E3m`O=9}sJb!ZsKCHTmR1il>gttJO&7U)6CmjzN)b zYeH`(*rDx+Wo%7SM^ zn}Yxci}xIU8OP=_7_lSY9aU-{B#sn1Ly8Hhm7b+a(m@}vK~qJK z*1xl3m#aXm)%{ci zYwAB%jYEuH$(If2`}s4n;2=KZoq;2nI|+Cmw+iWmH|Q5%IB1%fjL+IDi2E~4%lPHW^rX}05` z0=7`BSyFuARJ`CFA2$kGjvEV@_!{{33PSGzIZ zQec_b*cXjPf>jgIg;z@B-Qpw6d^?m^KEQ7ay(A3@E{zxD6{|KKwSQOm#dY{wlx?rr z??YpeLYDpm-`Pv-dyEo_U&NLbK*msKdR8gr9j6Oo!AM&c-JvHHFY-v{#g}+KC4Z~Q zWeo{Ev+XeMxu`JhEbWO@dB*rhu#JI*Jnl#P(eAouI|IQhDBpB_1#)i8axRIk zV2V)5eJh=7_(;|jb9E)c+&Yw8cW4B}w?duy&XDpU?3BFvVM(3WcrysK1suUr3*;z< zMsDNcPTiuF4lS=;JX>O?MrU@1r83Jp3X;wAor@wfrut$aIz~^~3$Q71VqIu8`lWmB zAPe1FeT7oD`5fh(Ea`5gMlHnew+|}0UP-tk9aeBud_Y9acKGKORRUPWDL>r9X@N3M zbAl(aN>(OraglaNXU{xdj3?Amr3`QI_Z%}VeXIbZ5R}b25-v7_n222GR`1q6 zG@Sqbm8Y|jBWJv^rxKbd(X;d<#wrngV_GUaAL$wjV+Hs3+Zs`QmX7T-S(gu|OQlG& z5qppk@y5G8ai(!!U4QXx!NjE8-LA(;)YH!{<4&>X<#ff?M}2BQekf6Epi%2C$e0Ie z8Ytv?6E0xJfKzvQY=JJABeqrY95-yWSkqlcTw1BLC!K>SRQ@HZ=jh7hR=$T#!!13gD1 z|Fi{r^a}&((%FeGH%yZPfl8SKgLnz8N1Xf!ZXAZDBD{ z@HX+4Yu4r*rWn;Vy zBJL6wA6CDnT*o5)rG6^|Zdj9SwejM~^d{rSXMMZqK?&IYWy4U<4S$G{RfIwa9y_MojuA$*MkcbS-rT)MFE!HwiqW1^3BY*D zwKE|PoFr|67jy#=Iv)#$DYreaj*BHyqGmqMW0zLwl6unW@dxf?iGc|8Fn63CQi>PY zQYxNjtwE6RXO#4cdi~~`ESsi1uG$2S0aWNkwUtj=l5J!#%BDEJ{|j2nc+|97Os9Nc>vt6pvKc=mVix zr=kgoHzwaM9{G||<{sueR%~`X{yj^NW8;KWnog9$^_m(7j4N!upCd;dD7ZbqcVB}G zEef49L85H4JRb{*1@zDufGY8wkRx?#1nqt_O}h*27MIFIs|AG@NgQZ=LxA42vwZBA z*Ko(1pL8dc==fsvc{7OfP6#5f@I-~2xmB+x_VfhGx{!aW{JoOmDl}LB*_6qUhaX5CRHXTnC){~{ zcz-g@w(zk~m@y*Z)P@-`(rZKgW*&^MQu&b={&d|54o#_We{>GM$rDg@n(~?S6{Zwp zur(0angVV8eeXxsm6|c8cXde9Qlp2!tn|Kk!$E36y(e*4+jh(<6XzhT8Nj@flM$s@ zQ~Cs9{>TVvVuzqjlh~R*4J zimt@03J2`FFJpEV>7^`Pt-6AC$Wy`f(7{^+=>Y-Gw+@_J`x6&NbA+g~m~cw+9Eltb z@U%YN?dCsc=jB4>x$j708=0cCDiUfM9FBZ3UUEAoHkTDNvb?kP*`88={R=Lt03*db z9y^8iLK}2PB0qh+M8-~{$-{^GaFAfFRG9x~RL|r`ldQS6G_@`WfAB*hRSQ!6J9%(E zp$Q3)5%d?Z&wZ%w)n%Y}r`XR8xp0vhOn8R!#gZzl0l-lLvmErD1HCgJNmpub zNn5Wc>ji0Ql;_0}w#{mxVccTB`nX`qKT&zc`Og{0TMpN-ZgG6VZ*N74?)9-M%NabG z28cKB5LYZ0fz1ticf=@&FOeNWfsgUy16|fk!ymq_W%~$;=CRyu*r6)*3t%iQvsfPa zsMOV%yANdyj9ZIG0F{G_C@@w|4DQ8(7fFiW*d90R#57{*6!d-GEBOhJryAzvbDuVp zeR^98D^juOC760S_00?2a|wSqJlDgI>)5=Sw5(u}l1M5iztx$$Kl?dNLuy7Gg3@V7 zu9{%ELcx7HOuTE2G+t^Klh$qf0|3 zx1WK(ja!(Ec@m;ORr|Urb3bI18 z3$78wZTy{`x%Vrp8mk+Zey6nKPLPDQ6jBRPQxq%WRE)uw14{tTea1@X=v#xW-5pPB zimWFgj!R2Z^Ie_nvU03Q;0%~7v5e>Ymr6xbN2eU~0^sGb?+(EBP6dsz#`_Ptv;;4W zmpk2+cm~w_ju!SAW~XJ~rF=Vp?nai+uqQNL-#8UsZF|O|);}i`t`mD*sMJA&&3Wi$ zzf6+PsKD55A^l2cm68RhtZS~)#uRtF8PlWM%0eqRX>xfoR;>IwysN8l6sLmmB@{FC z@Eoyd=$UjkF!MXWM(S_SZ}skh2`E>w>0og;l||9k7bIfwP$z%=!R5f_Ce&|=lsEOZO5 z^ZV7VxnHUh>gCrB=iY&m#d4C}KV%wTa|?Ss<%eSmET}+2Q^p7A3!sF?VcW+Db8eF| z>*{@N#`?l4-QMFHjWbH|`jg7|w1L9>gG5dOfV=T*>xYx2yYlF1o1ffG% zK}z6;A3^ym<>zPtNC3r2gEkj<=DxTGyRb*hlp9d~32%fK8OT=#eHnR*UaipPt9wS7NT*? zNNt*5!4#YH?{x$#9oooeQTrmAi&gpBS#5nM_dG~tMe-2g+9DbkU_grH!Xt; zeu3NaG)L=hl{>dwuP$FP{1Q^(S~GUI4C_v^@f^zK8o$%uMjM}+)H6n?ezVZl$6dvx ziP%8`Qmk!O)+i?E-iv!RFq%uj-p=miKwdTc)W}5$QddlY@X2+(J6g_q)oJC`g$b2O zrI=@3%Nf+|(9*!|5P!mWSs6n^6OEb!hDFn;fd4LT3Mi{@;~Vb3082Ed-~#XA*eZON zf8=_aP331j3#(~ro-cY$n%^{tgomg3O&-1o|0@27^jO%KQ!r6g_)hnVg%A+*}NPYmQxU1%N|dksH;N_B#7ix2t2y zg)b7NojgBJ^~tOnGFf`_oH`ogt&)@cQ|1i7{*eaN6=!DqkMU!n50ue9w;nJ{O0J)K zbzV92Dv$=I-}`D`gtu^ufQ#xm-$+S(0?%8tx!Pr2Zc*(~yLZziE=Ycyq9!4RH;z9M zZm5NLpDuG%vyl#yrEna35NZE3?$Fp3JVSuq3(uxv*Hr7COoanZ!j%X>_fo)iVqkx{=ju5kNc)FduXnp+dLFJv9p&MJ2_ssynkRFM*&4~?_(!*pMx z=(#Z11Zk0}l)PssL5&C{)K<+l#IDm2Oj)^3e$R^*B+Dc};Mmu^i`_2};R^&H{#m z044hQ{*+?S>#3{t-#C|Rfj=3@KE6Q5PwA;pmJ~~a^I>~{O8Q0^%LE~>i2SUl#=GRI zSN@Pxg0GByg=1XjdQ=FxO9TgY2(#!@+<3A>x#zpv<~&hmVw-U5Nw%|t1GX;rlZe4M z%UL>p*lw=uJtDH|esDSVcJ)?iq}nr5H~{A908ItxA>j>>{0bz4Z1MaOn%^7ceJ|gYJ5*leD}RrTh~j{(G$1$YagluJfg8AB9w7sUtSzgRrOs z_pW%y+FuN)m&rGbjSA=Z$TM80txZl$bD|4H|1xS;`D!44?;G2U&%7!MkX)BClwh<4 zh;-$x4?$b=DDGN%%pn$@8?dD#GwZ=_A`QPOcvf^U>q8_+i9V2y|61 z>6tMSM>KPb4rEb!7A0Xb;{fQu&!I2uyFl|7hM+NPMklOa?N$_57c*`%I%(yCC0tm)5$cH7aX&|X*Sq&spVn-&IY3EQH1$W_wVK9PsA|EphwI@8Qm%MVOlphg{~h2= zEpB2_=;92lZ^@uJ8s=?xgIQYkrdBX+b*+a>;wwoGwj&#e-%jygNraAZK{##k95<ZoHm1JMIv{wu*p6^36^>5!;LPcCA*(F$BN?*wROpGvgQicov2H*~I=)@4>h1-u zbt}Jw=a&a{D@<%M=Yxu$0A$lI~%BK|-Zd)ls3tG6>+!Q~Q$d6=Y!P{Mo z`cC8sEGe0enpuOS^!&bg>xk(cdKN;+0sPq_^#O1UBUvXOT5 z0($*qzpK9_TlW@VB2v9wp}Yj0+${PF!M#KjXuN-<3`=v}L> zjcOVp3e{OJ^whI8*?*FBf1Lj9=q~TpN|g23JHsv8ZFKB6yrO>EWqB1*(XN%xfE1hm zCl!=upol_LPEkkAbuv+-{$;?*8UmS0z3pw!JJuH$_&`)J;c*z%ZF9SW<}prGU^|!S zEg_Y4&OUpL#4ES-CB?Md*>RzNz1@~u>RAbUWQ5C<_8?@Wz+%NGwxTepO&M&K7ppi~ zh>7rMjk2v`C$8+GDtwzCBDK3XoSsb8skNoK4r*ZHQVQ+ZqEKX&o$r{YI&{IK9*LEa z@>mo#Os^rPU|HEmdCL!my)XvErnFl~_QA%n-z0y^+Z$%pogABmX84ozAjAZ+FTxBB zR^%8`^EZd=eWzl`qfxY2n^5aCnFQRAB`NISW^eLp(gVLU*7wQp9AE{rcP3L|r!tiLdFo?`P55^4XyI0|&Sl8SW z_?IVG*31`1Wh{lcqANW~JiN|%6j>mc3c59;h6=8}h!ngcPjK4H%*xiBZRSybpRIFW z3R{zVcSk)?u)(#~7&g>4402dM4ucOkIDGVZHf}CL5ZMUzy6rKM#OX^9;t&keo7rvSi~YD}lB8jD<+FzDXqt@tmOtkOUO6x4 z>0>(yQYob6@EzGKI7k;8cYFFy^%pR7YE;(uR;t&aAVvjdS8_OxC<|j+T@_D6-Tu>o}~g zJE8KXv4q4%ex=jHfB<_CD%8Ag1B?i4wGHrA3vBXRLwH#T9H~@QmY6msv#~b4j`GF5 z9pMv~h`T&M8DN|LUaH3_qbt=^u$E&VXtA1EndVFLBe0Lmc8VJ3{dSwg1iMr4<||=I z(q@E)Y=9K@iil~ttx|=U*_pt^mbbCR$P{0eGY>ZTrpN)c2(y|hNwA9Dp}pqm`Df7i z!IhK8qjfZHK^z5RSsa04NIwmhLh(K<=S%s4s3mmIvi)Ewt09dBrju16O@uWkYtaMZ zmLrFm_sfp%Uv$CIsa(rk7QPs)(#pJPIOSe$uN9tO3i^(CTB?Obxb+NcC|CWidF{kR zN?T!Dua?iw&|>M_oU5AI&^^@OF{(^6kuK-jBube_)YpLC3GI_>v01W|y zeICWOYwL==ZkYe1g5s?>``DxwdM|Tnq7Aa@hxKmN1jmy_-x3B-vS1Vh5u*w|KJKHI0^ zm9i$|Re1_Mz@sFw=5|6G*Abp2z8bzDW+tnB>E{f(+vuQy&HcG9%>r0mDeR`qFO8<- z@jOZ`HC!JIKc4_XzPO1XY#far4Dp*`P}rDpa#F(g2qSOCeGKaKtoL4_|m8%XddmTQqtk5jfyrT%BW|FhA_zP>m39huy49krETQJ zwO>h(Gw%AEl>w=!|5|zF{H#R7M{I40bM3=DoX%AD@Yl9*VK?kBZ!#;{3u9ae7Ud4V z=m>0)vA-Uh-SZ)ke}Z-!((t^TUjUP9#k;efL?7E~sf9JoUc*(#byF{O9qu?0Kr`G~ zL4y)$$zp(kl#r#~mahOJuzk5o`pv@=^c?2Cc}5BEBylJGY#J(Aw`uxmr7N4C)|;0B z_&H+81_z>cew1^`=Ro?z5w=YGq9om>^ve4PCkqNznJ zBL4~zZu~ir-fmV+Jlg<}bcd_`IIn_LiZzL(crgQ3$Z=FcSUT8aE_!CQ6AlUbk1 zcw~)p8X1(DrU?2SMde>X~Lg{-im2{$?^x@qi^d|(0!BAgW5xf`3eq3eVH!skq8)5rf z2dS7rq@KjiW(qu0GfvaT%o$d-nmjny);D=71$KJ^qoo!i(Bc<8FCZ~d z#Gy%oP#;S2h8k?+*jLpr#kjuxr%ddd^tcR6Edx6<4ZA()^joXY%J(z)`DfUVH= zP@dzV5w^Re6GvG39=7S#%Jxuqv-=WbXM=RK7j{pnfTGuh?m5v3m1fi!d5(+Ryj~t)m zU)SN4`?NmawL`YSSGdH)$2g*MdOi#8ckv=Y+3zi2)SZy^oj3e*N&L__=M94bY$VY- z%n{4)(w20*@N28?hc$A3?>vo|uXMhEhuB9{uaD$c2{xncj8G&4Chl|IAAgEyn7Nw^ z)VnYbh{4;r7jR@YowvF~=+fgC>!JMK!QI=rLcICLUl_)K&Tg!Ol&x0F=8NjZaZslr z9AYndhdC-@3T%v0Oq27)k(bcE#ws@BH+EdQ?<>@la=qD`n1#hjH0(SA3JZZ96E%jq ziaUPQ+jUaQ^(xd)vsqmtT%AB>;Ue@)s~0qAB)=M>*nNKS88nd=Xi{aJ0Mr@p(<~$V zk2l{2y8GthzrDYjyaOW@Vf*6{r}!lN=6ae>{EHEAjgf(hAVNva!ER{VDuU?(xCTq$ ztu4T7?{L2HMw`AcTRl6m(0f{`*Tw3<9j>W&61&WEU~@wt#11~>Lp0CCrxj0QWD?E@ zDLU08e7%_k zbV(;kxxHS0>RdHWt4PoyZI=clTSJQ5 z#7#@gceh}T&L_yF(@+}KooLIKJOgKC()ETRY11Ax$>5B-i69G!(oE#)<^aCgX5vTg zf-~4Xr?)w_lGs@;{4nSD_O^GoAFri(?(^55#8ZUm+`FM5p9va%#O>44aNd0*L4pib zROzoit_!dxs(E19UVI?m$EZoZ8{Uq?Wwpuu)Wg7(-2nA9l_E&LEfecr+RXdbc4t^a zim)W=Gcc>NJ*P#Nr`OqbF(~uP^MNiRvtei3aeBA#kmA|Me? z9=i(N8fEzw1Z&sR$;y`-K7lnPKd;IjLf3_T&+PqF6ECw%T1!hbd+u!3BRIuL4CBi#XVS z(SPAuJ@K&llu9pTx`EY?#?C9N)u)AwRqboIypLxiV0^D3L5s?mDu+_-&yp6dDEgyC z-?n=(DTIkSf1r2pr$#fSb1_NI?lsL4(dP7U96q@XPYzIZ18SwEg^D9niW&KGcJ#sZ zf&%4_lyl-!z%o4FDt}<98{EQ&RLjV|d{Ob)JC|Bawu@P0E zBnHlj1f~sNkze%Sk)POz!Ostm8RNc#ga7QI?vkl&&-!t@4QpuhXXt{ z(JGwhv#onXtI3twRXB^Lsi|qCv7=)iHrtErsVcYY&mB}PAzKsiPn^1U><8^@?sR~= z0*d4{(ZC#-Mazo}a(-2KOTCj`Cy*1bJV$(2n-K#iyeX zmn@te>@7^;~(TpqU3=BokaSA6=9j!@v}Vd+DIRM02c@R!}+Q6kj|xQhB!vv%$Sf+BTj zNLgs_m2ZdpK}8G7v0(6cR#P!9Wf+@3HMdYl|CrFP7?HAbu~FRqXZdTP_+-2UksP%J|KQOX964!6iT($*6msR1d&uXeJ0>oP znA9shH*WPb*8iAr6hHHCEtx>bJ`_mYPan_0B6hL8hL4x})lt6mS4i@Hr%_gZWEe&> z$>}Um*s$q-C9>Yi7Nynl;e}X9tnG(-AiCHCUfAbv_`!g068_4Bp0^VjOp9)taQBn^ ze111mPm}!@S`9Y+TTcIdTsj0#9`F7@gITPXtysEh{G?en=pqgPMTLZ(R__-OPBAYs z_=2|LP5rhDM?4iFCwwSwS|pkw;pjB}^Cu!@KvGkb>{@G}^aa%~;4{!iCw;?z4er-Q z?$kqo4a;y~9}))LIqXzLfB2GSQq-pibZA#LI;mD{%BlaHck8o1U+RGWvWqUDzVta@ z)JEU@u%-q=He@&I$l_RCOmWVz@<1*!f{6l=3a;-_^8)tXfmxZEZyKJ5eKJQ0&L;m?oVS5J?JQK%hZG^fXq0RGM4t-AU!}{gH$g%yQT7~F zLAQ|J3bG)kv<<`CswdOAAc4Ya6uv;)H$WjrOLxiVNo2qZ9V4}#aWqmndW*t`NGTR~ zO#w6lpl!9*OVsx?!$W;`t;U`a$e7&+ukZ&N*MB+Gbb-T6B zN`yc{4-k^Pt>>J3-u>VGFONM2BV#Z~ve#Z~_W4a;GF=ly7t$UL3fx>ecs*KCwm&Dj3bS(P;bU7*7Y2Z54OwC#T)ZPmH<`Ro~BuSZ=hYfTI-0%MCn@P z^%v`ixJColHm4A4*E!pv?M*bQdl&+-*YccS7qsVC1sdHV1lwr0j&jJukTccfpN+@j zUH&mIIPXyuimi(K>lAN^JWS=LPo^(N!vf)DbH6O=JlpqTHlSr)S^=af zk8Qeztv>biJFb28nh_w;ezAp29X-WQL>7X7^_YDJ3g zXuhpnI{VIwjp0yP^l{u@q%yN%cO`j-8rNez`G1Ty02BL;hWK+a4DuA9seJL9_Xq0o zd;OltUYhh9ZtFa@bLyYO?%Utp;$iJIYJ$0Zm`qCc9om74e&C%Rh`5Xa#6D^<_KVw< zTKxa~$8oQ+f8}zP(bbR`Tdj$T;b%O?&038>0)`GCqoizp-G3Gcw4XCb3;4+|;}7g< zFZ{)myIC1RQs658D)RV8nc~>r59Xik{co>sUHQddX#w~v@c@4%{XX>K?fQ1N{lz%d zc!01YL;P!CU9+o>}8hr?G;X2zy1WF>ZAv_e!qB7vE*M} z`+u`*E}pWVw{t&JMw=W?s4#P z(ef1ijkEx`A38@cJ$LHgPrAdLQ+$7-6cczDN53`khmG)alC*K<^R%^|bF?E@@J`xE zdj;Q1j{pRm40&M3$(0THvf61L&cTO^Stqhi9T!C3C8j0Fn0zMD>>2wq+W0K1d zj-ae)V?H}y=_jr-1@9r9&vZ(VS@TUW#$#Cm&wvzEw+b)Q+Be{{0UF;>xP8730Ok8w z(HXuc_Sd0|Q{udO4GbS1q3XKwU327%bt|njHBSA4_*?yBa+^BNRQ(K+Ny6`UfkQU& zi`4W?)(>EM(aJLTvtL=>u9yn+%>I*qLz@xOcd3|ZIZVi#G|sDU-9KAPJGXnKo^BL~ zTHo+4sKPA@ZLOZzihw`L8UE7gx?Ack)~rxJA*PjQ$j+x`~| zqmFU&FAmamx&|`C_!tePPys)ZGwZ#%UU%ttug23qTZh3HTU1<8^KxE@lw)o;B;+xG zr#$`Q?hPv+lnhQz;G_TN4JLT$0S;(dTo?R)o`J6&7? zKzs>Y759UAAhOnv5jP25ziw6#7*kTe)P2^W?&l|f1_2N}*%-tNuZxQ77yZc;EBuQomT&wYm|`Bm532vfpoV^B zazB{@u4={IeTAYJOi2SuHhdu-h=}7BmGk`N$ER(vW7%Q=-ALzObffWq(T#FA2KfFo zD0Ma{SnQc)8t41`Y$^#=7NQj3W|i6coJQXC%l{^_|50B1kUcDA%ey-+^ZV)-?{mJi zxX-zRl%cqDtK&5_!sLps&-2pergz@n6GNSrrrsU3Og`S`tT~@U-j#*j`h4l+3jgVk z${{CCZ)EuL*kLt1l+WB|+RqAdwOvjJrill8+QtR>1^rd+|KaZWZceB0FJ2AeS2dEI z7uo~e!zumQ{Wvz{7lWRf;FQtH{0e`{qgz&?->A)!HgzP;FHkr5KBThp{jY*6bU}-g zH{4lBB>T0(fyh$jd)n>m395Pu7(GI`v#5MmZeYCg8 zr$gbcR2F`5$%MUF6|6?#{ym7Fyr29UAr7y+5%h&{@8<>AU`ZIzbn$2HztrieFY3*F z1<&1Q?w^_hTPMGge0dz4O;Ui`GK|?u%(@^fv^(SW#3X`y{rlX;bJE5UfHxv`6Le9O zdw3TlnH7Yb;^S*%@4=CR;eRk^@ zS;QF&Q;bp&DWMUoT&EEP2FMRl;wX`nEwsH`aw^U~WIC)j$|;r%qT*)pB?4NV)a4_$n8n z>YN{;>UeVROU5@N*}OfcFHW#cb%r0z(+isbEnt=cx-&9_m9Y+qfL)&8Yy{&AZS0R zTJx}`h>MH1&YgscuppP@r7eEPUy;6K^|~hRxf~0dAfK7t)lij3ne!8_!nn?R~MnPlV8^sNxD2d*jy`6UmDBOPghPIf6uEZein)E6PF21d!Bm6z`G-4*`p)m z%BvatQ>1G6AJrP1KBYy8UoG-!+S>?oECnu5D2grK>G9B&+KhEd+H-GdJe_*PLu(Qi zjOMpamgf1~Pp5PrJ~Efv>JhXiU|Xi!tE(7#7dZOq=q7-}A(gAb=#cSb?x5N0;mkSc z;kI=ADAkr9T1=M8Dj|}3{KXmQd)f}V>9a8 ze>het^ricbwp3U(+4vb1>ho(Ex=!65g4Eq|7dUo#vjeGriARkOZSw+bdYS!iYryTG zeIW%uc@LW_OT;gP>%5W)c&klRjH8NF6V>3)$zi%!qUCp*#^oAuJrVgj9j48m7}t#= zYzc8OIcSeM-hUez*?g%;yLs&0&RIdp$;rwG*`ic>^)|hiwIK^$a>UH*&$T}^k`=Qp zs#)~Uck>UIo97sb*$k#ugnmYzYc$NsxzimETj!#b=Aky3;e{tugC!CXh=o#~6B3*n;cJcp2K{j8+ZH*Vc;HUsM7Ugo>-z z$_Di)orZ9TS!1|!&!zvW^#GOrh7W+8P9F)Qba7O4=rpNI9Dz|Mwz;zUn`AkDU9W-_ z9!zG@M&%1pXkrW!wca~*ht(o7<_d8|^`1!EtS*i>hbvtd|{$AiyhWD8dO$b_Ok2T0Nk&uC<@X5ULG(ML77~ z_eO#Ub(#t9md&$`on4q;sIfNR(blw>FReaSMt!&rz*L>WQfd}^qL@Dyuw|J+m7yGM z=-23Q;8OMo%Tb1DuX#RCb`=s^pX93Xvfw%D=88>Cz4P|%+l!YIB^2)s4Ys`la22X* zY97Ligd+98-E@l{i;%Sl&&i%wyrKdd=^%bJeCJ3@uz>@-qN$$E)#mGX-c}3>pLFZ} z@SSX+NAuy1^6jVDh7(Umw3YH~EW@4@T{Rze?Xn@fW`j~&_}avKdmg=E_vohLTa_@> zIe&^*C)bg?Jb+a6750r~yyS;X$i&(o$x&H6g{HnTK@NLxGE#h;szF5^692KzCVaI@ z)+NH1-F&*jCB}?2<<&ErwLXsW*Y#zdEH11LUXU`k?pLtwKAK3&Q?Hi3=psB}@tndE zlv+3C0QW?Mn5;_#f!j|m42B;4yY2A*s=-iU#y6w=$tGdy5?r>(fM$+$B|(g3^8P#{ zw$U=UVLR;ivU1Jhj7oE+#RJTgkAahrrx*qc2F6 z$yu1DT%l#vIY(6ykOX;q)rHze(qHQqcx?muo^BRmJfn4B`TaEoeysm3V?N1bK6oue zQT4R5kY`)PtNE#~YHV2qhZ6uqX}7k*=2^jOo{gC~@L|iYg?q`Qv+&8;_%_pZ@zgBk zW^ORX2WVam-UEJ*wZ=G=S*)uv{v4_FW|wmby6 zmOab>6s~W&w!OKLrG}w)?}%W2_*-wbjo%G){B}8 zNRQAvy3AF~H^K@|FAJbf-bW*b}j^q$-K&-KcuOVV8_G+jd0 zl3~uVPTFon-9jd*o- zU#;}D)B(Hhw(k)^#SKyR$!#csNx>K2C++@NU|BvOqM~c@c3;lS0lhK zJ`XA7vJSl7R{IY)xO~#q3b!CL#xu!;mimCq9cgCK1N)ts2qi7d51Pd3J&@*nE}K3~ z+5aK;A=~nC53DEV{)9-#b~`*cKKP+Dy33c5&%YWajbio$tg}tr&Oi zKB~=CIS8>h@j3Xg-hqI5n33o5Z8daH@clQV$k9CA^*h3Q>F2h-G}EOkj(yRxUHI0C z=?7xk&twteo0!Bw*$Tt~zgWl+P50nEEw>@F^|hHihk=TdRVzGw`Mc!xo&mbEu@l)# zp6mz0Lo4M$FMKkaW-qg8Zmh=}?e>~y;Oc08v>kPL_;>Xa-SZ5>9iww;9_vTDhVGjB zf=^b3H;dl!3Mm=%HTAK@))yl^3Qk+p=9w%Fx77*E>V;!#9~^|0gVLLxVjDjd=tBmW z*=$DF4D?2*$W8}CG~5+e5*r-aYh(BOiWwC!y%}AclWT^9#FhC91Q_ zCDns*Be^PIu90$7@O&t(HFmbqA_KA%(zEXiH}~y{<8~d+ujA(7>0O9X5ZK(@B$=xR znpfxSIqM=YzK2ITA!SAmhN2bjTj{$N6VSOizATG}DT#er&dbyzj^f7j=jn}*X|0oV znJu5);wy|nyOIM94t@2o<$=1-E+QJS#rz;*9M;;t7U6SHdOEf?52Tef6j=3uUG!vD zK!%AZYaz|IIuWS33$t68DcsekdUi&dyp=bUO#2I*S7>|Lj){J z>adyUhF&DiPb6Vambb4&U-yiHs2^6E@hmV8d*W$EMp2VgZgHNO(;K_A zJgWy@GBE8Iow@MUq})UP~YQ{7?Ks;WPT>OwVi$oPR7M-_MX4lm6^b7IzxS(8A%T zaBY)tor1*krr~-Ni+G#~9!-zVq{Kw-dQ@<;?BUN`|4wPwSxKmvQ<4#=)I`jG ztA{sFD?{4C+@UOeOvHG(#JxH-Skf-T%Jlaf=jXO7;{Y_Iwo<>TTyFuszZuSkkrfEq{_2e;5P z3y8L-rUs2)8OSU$)~U6p(Pq6gV@UZN@|3sLbn=6fmJ@$Zt#W8js>=jTVB7AxW8;K% z9KDfzTJkEDG0Fcac*QG5I6?`2P*^d_WuQEVZ%Jx^aV z)&r|i`+d+Ty~%z%E4fy+2rKFEW!X*Jk>_;c9AAf{C+u`oMy*#o<5AJc<_Oj=f7BL{!w>w1KP?HQ+XcSh|_U=C#p z8kS#8=O`7KARGNds{4t`l;+ytX93t%iu!^S3|y+{A*H1l!QD)2K4&tc)}we<`bC-N zT&kQg;>7X@V4Awi_Aldrtg;y#^_MpIo=2graWWQF3>dGI<1rs23}P^ z@L#fR-2WqKP#(SGdS@mEmX4B0@CLW1mXh)-FyFN8d32>u=#Od`nnL`^&50fdA(Mmq ztMJcjqC_{{RQp)IW2ZOW&KW(Ui1-P#=GVjo=Mn z+zhk_%JC|dl;PuAr5)b+$O~G<2g$4cSl7ix=0vIB69Ck zyk@P5Rz0@6LH6S`Pt7jZH@{>UNbJ;3(T>UXHVqHYMu0eUO&wcJf7AC9c=@sgwqTP;s1tMbN ziaFf5S#z~Xsqw&OvzEZI@=Kk`zyk(`Cjl#S&-k9S+7A0vPH6W*BDwif@z2&;poR;C z`Q*s6FP?C6&wbj*o9xUOcnHA_;wd6 ziEx;CBW~1UG|!mrtuVRV?=jrEab;GA^Kgtqu%cP2k4fH?k9GiZX<1NP^Bi`;&5G@R zi6{TdW9S8Os);B$ZrZ)9L9o!M%Ez)}W(_XnlSQuPHVVIB(?ihC~p^1SXk^>7y?KSxSQsfp;Dy=$ne>AgY5tG-}Gp%RaI z@}date8$#h2L}fHG1^4QC=zD_RrmXi7#G4+d( z(t*`i;rBbI6!)?AO}g-!|RzQ-VS22sYeVw$QMy+1rcmbr^qvEc5xwhO-dZ;xMQPag zj$US|O#RUa7BjdZ+!5WWZ*!eN=h^mU$th2w2 zQh*ZZ(U7lKE>r3h*CK88$}>|?LuaM7pmwvWH`q}aHshgH{z&gOZ+GA1-Pz>dJ? zM-v&(x*K^gm^GU;O(Aj>efjKUf)YR7M7gc8%ai7JB@#++0H-`zrXL>ebfTEX zNM>FEsIkVo3mti(Th?iiG>&pd?4Yu+~ z^4BEO%pQt-nMoSdoOO=zK?o3)YVkzh%+f*MMmtE|T7Ul?p)}VvwoAFsVLbs&+*Vo1 z1A5Kf^7G9<@9#mM^buEm=HxI!pt&;7c?A(8nby_WtKMpKcEqRqm4i%AkJ|B=2MW}` z{GXPyU#ZvC!HZ`CiRwjXn<4LHHxNi3f)jtdQd5qao`4PqGt$AXTA%9-wFifE*||xJ1_)leJCwnxWtw_G|TG=@8!ZB{oKWY zrjz1J4KbM+Rl}%1j_X`H^&lGvrvsV2+Yftv%CQ-rv}4Lf%e?6vQmn)7_m6_E2%2BN zUAR)^x8iYdRBT+;&Bx_%^x;RhSPy$88WpUrXMG%U6z05@#GNY_c4lT z7W}zp)5cePFJakVGgP*!nZ3E%&)`VD#?215j8LZvr{=}fs*x5- z@dG4fWBDBy1bgFA<%*Vf?ue_-Fx0)h$Rb+41{1R;adQS{Pxix1vOAP+O2w6z+{2a7IsB!-R}xg<{0^>BnG>z2Ar%)efxyc5++V` zlqxirdppqMF7wHg5-P5s+4eMr#|U~huR8fvn}-=;Be}GBug~0#v}p5jLYy9{QKtXU zF>Ssh%gBXsV9g|bH2cx5;#CnCj{iMfx0z|W=cT0-z}D<`VT7DDi=lZ8FK0)a6(e&; z@1#E5CL=R&8H6%AX;nE-q*dYPJbnoKq{ZNx#ZI;dShg?MbUs^^lF&C(`mpKEuBp#u z2gscNKxY(1OyiFPajp4M?EaoaAKh#g+y5Ie`**dOeMEiZM!56tORC0&A%MO4?e!JY z2b7NGEjxkeZKMidpmgy*e$@u#oR!Lw&dRz&uo&zRQExuM#faIPoC^`u6!YlAJ5J3vk#x||t z?<(Tf=-y1s&u^WLHE+AF?CN&_cH4nxPCgQSDmlXR2VsIZ*0L98;eXI~Ip<`P2@o`R z0_1Jtako9%phyS!T8fIg!xNcH587-!Nz8IFNtoy9U9Z0^QJP3G2PQ!<{#Tq#;FC`k})+|GBpdHuRP!)~0-U7Mz!Gih;k?bffn zVP#WuE3u*)YF<_Sj&;*@rKz;h6N-rIl!rj^bc{sTkf@7|uUr``8aNi=^{?B6P$_O7 zHR}2!a`FDBj&4{jR8SBJ_~aK0ojrhwdlwjH5|1f|S>)vAGJrLV#a7{=S%BX}k{Y1T zJj9iVSqS9@YaX304L3H5lrFo;m~xmFthof}32;QT__S4|$xi9L&-ytnfQQ5Td6$TT z`Y->YxJzLzjDkX~)m zKI1alsEVvirOLQq6zBMw!dd|o%VU%(WgsOkoVoeto2BBzD^IP$i1pYR^tE~`Jn24L z)|0yydr;2pR%Y;0hMUnFnjXFX{6zjqfOBq9-)FWSfJHmKE)NuuNV-qpg0Q9WIyrX& zWr{o7ZrwHIZHeRKJHvh+SrDu&?;Cs}8kGEq=c&&|$e%*%V-c(3$CLHstB`Vg@o5<> z_{q5?d3oN?!_5{meMclG9WIiq5XW})8cLyGArtl(OnyMhI{QKFE2Flo?hfNyo5yGx zAdJt)IBXwDGuZi{@#K14nPi{3mh&Bja^xyiv4suA&9sSPlXTZl5JUiQ64;%?1++17 zH!JVyT0j!-JnFm6b9GOh@zNpI*Qw=@#A8(iD?v4NA)M#3Q|n!g^fa1nE%;qmoWpd| z#@{CcysF4l$4La^z`kelI?t5L-qyhAujn@mQ+#vdgF5fCbv4fCdvlyHz+fI{BXuum zn^n2&4)T7%(4ESA9&qZ6GwIr@Z6$RmzUiCES(nb5O`iSAn14lqF&`rB1WHY8xCxXv zI@T@qcuqzl$BgVsVv8ecwyG{5Jl7;nMxsbfx?Y1~C6~_>)vohhIK{iMidKK1@bET} zQ|PN8CLbm@vUxTxhy`UY?KLKq~q8zNZil?oM4NC9$&XPZ`b$53+mW{Ty zaqWKh!)iOoL;3}mnYPs_FVW!%9sU;Qwh09{5w(K7mDjVOmbAW(oMW2H>JX_`r#MLU z6z24c%S(m2tu{bHtI)8~vXbDC_C(XGgeAnjuV)>DFmUtNYyS1zN{6jxQmlx1su?=3 z;q`WSkg4A zc0Xy=s#UqbgAZJ%c?9Qufq^X^xDNAoUeRB%B`15tHx58#Q|??K4u5Y%SL>15z#oKV ziQ+Q|gO7L__l;NpH5NFu5rw7Ch-w8~-0dCRvDvJ}bi&8b4i=5#y}nVORKiB_S@Dwq z$mU$HAf~<#)@HG^3oXdK|Kw)s39~eV{UyPqJ|MilNLVtpwp$K97=x~#8Br!Rn@LsV z1xXpnDqZ%O>xcb zR}FuoNKw*{I$NJz+Aaa(I=!;SrSkTu$_`1$qfXb6s4A9Qgtc6}D#Fk;sid8f03`%O znn~Ak@ z8=E2&?e#35rmG*iK&vey$rU$Beebnr!m~yUGY|e4INHaq)#hZmFO5gP{a&R02|KR! zb_3?T?k{#?yTcC#Sesgl5 zHLCM_|F38^9p4^aKV_Fub7KbxAZM5t3}`bFr*ez~cQcvlpOowAl5lZlTM!r|&Q=PEY+<7D73X}CcL6qu!E-{SWdrlVPnX(4`qMblGt1(PQD8i{S27L!wP zk`T338s^Oi(+5Lh_KF~Mlj!5U?=a*I-&y?U={=iseBUv5-)@S?V`F4u*0z(tZyDrC zc(H9RNseeF`rCm`2ZQ!}9l~{cQr*&Kw&4Z$h~`Ja&w0A56XBxI>V)!gdLEdJ0x?bU zmv$15JDkSEG27Z%1G(+wj+wSSibt3EzV@+11o*#x+C#-F@8=-l@7Q}0+B`}hRtt3) z`Z=ld=$!L)8N4<0M3=FD^sdn*FCuzZEs34y4W2u`^ohuu8Bco-mQT{%RGsG}pf+OF z4i1U=-o?FK$-c=jZR0iT7Zck*C3lX#0eLPUpZZ~l$vL)5!NhCo`l4^?<=ibK<-i}N zQ*i`#i}Cum<3%iY8S@3`{Tw!mq79NG^?f8m2VTiV%(*>_c))w!?+5&@OJaP-?pA!7 zsuAOGNe74eItX5uVvol|%ZzqPF?9gHIC!Zkcxxv4t~DTmGwbVCTGnjB>W3uo&B`A1 zr8)l}M}+hI`Om{e=y_!pvnN-WDSufN{`;AxEhp{W*Tm{)7pRt!CJ(ZLb}Sfg7BgGV zd6f3tARI(NZ9H0SmU{hrZAm|(JRMpKe!}S;<&bR1BQ)1VM#gwFBOBZL_{wN-j>d_M zVA03|vK0irG>CP;#N^wc+OUv$Jw2;TG0a9Nl-ryA@Iud28h4t{T71KlePO)LZRcSZ zRVf#d(86ZnYG59gxJj#;v#Pi0=iqbD);im@_;v7}%yghrn$!DUwv#5GGkaZm=@%z9 zdEn8$Rp*n(p?K&CWX(GCBIx#`)hCgC2SY<@MR*+r@Sa`Yat0xN+g`ECRxke&Xny#5 zM#r+kfQUNrnyjDDh7{q0;L;Z*->e^5uej9p6wybE2<;annhFTrKAC;klZ_5Sned4@ z=)d>CTtiWWo~;s>R8>7{58@D$FQz{YV(^;Uv({co~F7^yi_%>h; zzHj3J%MW?ZXv^_uB-;`%A>g2p2eJ?L4b)g9YaksI2FR416>Td>qFw=pN ztL%W3JF}@D7pFgU=8q}Pkx>hz|MrB|`MgYdE4VArmr@@0p|W`xYIfJ)T_Q~3h{AoEjxz6|1(9I6)9Y^Ei( zLWNFo3id6O-CQevB`?qI9sX0QoI~!blhyfmCRHJ`059 zHf16A-Sj4(Je#R;Q2c%H6XHW?EY7W_+yZQ86D_X!n(tIQnddLDY8{((`AYY|VOfS= zeau$hYt0xVwRRT8|Jm`N01zBnshQke`i_I1nKtw!vuyI}S(Q;Hz zGm@*JZ4}6dlL$L&Hzta?pR(H--xfD~&A@6oNtep;@tf?>#dHPgEEF3kEoq=7v|-`a z(b1iO1JKkaX1;GMW_w}isP7=?={cMrZmHw1`h^QOhRbxl0edO@6f^y|UlX`r9$PZ= zis{XkaPF#+V=CDnVXOJAqh+1ToN2Q|WqwB%-_q43Zv+yG^f_lE3$=XY7V`+A(Y_tDhd^SZ~hWb^==x zn|!W5%mlq!AwO*+n~^JtfgFAKdH@NcSKu>nAC~0=FS=gqv!f0biXaC>?qEm6Dj+Wg zL8IHKHWlL=zgf^aNfZavW;2Hbfz_J@-l}|k*Ix)^h0I{&D)8UnixU_4Fhg6>9Fv}(r)Ag7b~Om7z!uGlvJBw|h}=l$%$?B=C-Vy@2AIbyvg5K%6h zqn8H*9LymVAdFedCPs0Nq_(&3q+-5&v{1B{)$}~~sLHQ!VH^k&md2%(wW@U@MFx$B za7S9X2OmJ-`++S-!0{a|2HQD|RTWy>aKr*wfu4jy5$oQXa*t@bU%*fo|HVwx^b>U| znSK^Y06>y=cYP^}yV8Pfy522I14^omf~-;(nieE^Il@hT{J10a?M>-Z-9ezOoGq@z zG>b=p|LLMLX5Z2>XGt4!^|oBIcid~$T^l@B!?-ChQ6p`$G;n7+*%lVJJHgm2;G;@b zV)(0k39siK{1bc>omQ3vkU*q{d?@3U4w>UW1~whU2z@!L z{mE8?%>oUOg8>Ef{r$h{rI}CL>nwd#ZYQ4_p?SV+VIfnKm_GBdEwEC^{7MNzU`1xH zCp5g>s?UC^>&PKzz_(?*+(K2F8y>4KGnrgRUrbH$oQUUNP%)fP&m zgH_Y5MP*;9-2!@PRo6!Jhro=M@BuYR272e9Wj9D-uhhvBA2Lsms<8Dl2(#RlgvZ2g zec#@?OzXn#-7)Po#Mrd=SdxpD(E2*$FkEij*uo3DQss{^>@f#5dZb6e$l`9O{{Gg{ zrN!!uO<&BYg@wPZnLD5N!&C{)q%qnoJ~)w7zeP|$-o}iHFM?b1Hq&2vF35I31~NTg6;1_Re4L80rQ zDTQ)#a#}|0vu)EpQSpABq?w$_o4bv#E45>`;Ph22o*N8e*pdI)1>$H^aXhBQTJekE zv#qh0!n@O)*XPkXov3g}1t1c)+0ds^JU5T^HCW zmi#i)JTIV@igxi!DCO2n8cqh2l~Pg$1>>bKiI!GNN6(d8IfYC6*O%5(^l@$qxc=)~ zqxuZ~Ckqk2YYEey%Tmndc-)Z3IVV(pUd!%}c>lxtAfNRqEmy+A)#ep`c$s!$LW0-G z3y%K8cD4F-yYe3K;)VC`OK+9S65mK%p-->1ny!by#>#1WeO9K#hjy3REb5foi_b*R zvgd6Ql+gyk+fMB{prxg^Wbc`E2G*N0)`}2ZP!1F*fA)NpEH#NG{9tuUbDr)?A9xIf z`8fYsJbwO`(@DsDo;jY@dgg>CSr0EWTL*jZE%8OHUimrww>d`B0`+5y=3X-08arE6 zSjgI%&CRM|Fl8eY?z|~ND%GBwSG5;1cs>Lv!TK&t7zMB^95pCbRaLh>| zx9c&*LDp&!lw$Sf_448)B0cxwC&h5dhCzgZjFW!H`s}LHa z<-tQoO2OTurZS}r9}e@Gm^ws&dBL^D5PF|l{Fg&Q{dxel+ClDEofbxMkA*7l`2+0e z0F`kZqJ8W#3?e7|B-*RxW2PG6kgJh=$KZ~7{ouMBa5lGV)BWcU<)ywG2m)f_2_t6W z13jxm8qt#gHm8b)9lS;XyAdW}dYeIE(=0n^C{v?xYsPdbk^$vT+9Xy*4&FOip-(|X zWa?`!qmOZ0DAfsnWi=6&2nPsh0qPpS6G>1o;Rv093FFH($S`{lSU zzOTkfbvjlcz?ENh7qhei!g#wzi-y(=HhG$nf(Nw%G_=Ub0}YPIJe9}(uQhO4YeNSi|`PXDXlzdyBwFN3N)9e zO4ioiFvH0BayFU29FJbTFC_9wxdMe#W3aN5se8Zt%MwCz(;&M0>^R)bvDJG8#zgX# z(XNR;)++R;&Y3+MgjIO$=$=yVGAY_Wj1VXPG)(s)-;VTbk%I&VUM?@*-|v-LxI@}^ zwyT2>RXVtsQ6qjw578OVnHO7o^uJkXQg>z*^&@%Oi{!;dOt{4?|CIMVm(32yNq zNXi{`NJ^5OarGl_^hS}vg6A%7uj$4172{@k{cYAt0C>M4( zvT*F+489|ucP&T#T%+~A^%Q_oSyoY%1&Rp5v)tsD1A?PF@hUe5Vkl`fVoQ2%rpY{> zY)kekY_A+jnV+hFT5&BBaU6nwAIiKCg)e&W^)8N2%&v1ZUay^U1ui`?yBhiR=?o!` z5S+MV_TB7%kDUE>Ag*ar+!MDitw~Z(Dop^A2r@h@LIAa1miJWEXEXu#Nqh0Dr!TN~W9pS_ zc74)pMyN_E<$7HsOlPE<1&{TAyFr|f!UJlkk{d7h=J zM;4Y8)&7+IDW9FMvK-A| z61Epd>4rY^3CNlPCdwXZ1g2G*D!kd)wYaAKsBg=_DWmKwp78)Lanw*sxzNQs3nu@} z;$XQ+*x4=zY>_oM8X-Hoh4Yn9u*=M{7w)n}x2W9kB_Z%ke;-9C+pi4Rnx?I=h2ngpK7;=2y468`uRhwg*#_{W-vpVZxZYe-%B3=-^yKN{{9OnNnk3S@0= z+1#TQ-dtA&*qr6Wxuva$yMkiV9(N_PidD>cfM7#~Z_q(T%;68Yu7>Z+5bcDWz-~Zd zEoAxY%4Z%X`lGHTaI42;YJ4a8Uj6&XMTF2d)Pz>~5ZtY9_sd7fWY%p^1RIf?uo+;P zK!))@U7p{5&wu>&s|ugqMDGe@c=UraM8UVM+n%Y(9CKy#)@@zq<;k4%a>Ms59$lIc zcjy>A-=you+!hGuo;#I1|Pbj$~aiPn`V0 zz-I+1^ad!)aKGLzc&~1}%;4KJZW#mNwZbto+558eGm!lNehfEYQh20_p4g3F0nyG7 zi4ogXL94=MVC+I<6O0|0e3>K*Xj|jtI39+%pz5)Qeao6>yxV5cb}}hYMh4jVZRS^cB_;{ZRx8$~itx&)QmfcCcsOWPDrhV8h%43k}a0if5QJDA_#6Jd9#hS$*v# zSpCew0-_2|dH`X{@O_Qmm}Vk-PSQ1T-~#sxefu54wR#uaScwbZ)vR(bxdPdysV)VX z(m_kk!69u}bLnoPFG;n?pp?bFK4=-KFzYiJ>gkC0ur9@;RDdytw#!gsVk9e<;QH)56^L)Y-y3j6rPIhZ_6}@}c7s-}OuL zI3BR$^FuIcqQ2!BT&=Pa(A~;A?l^gAR%9I}H*~}evhmg>PK6|Gh)mh|47k3~L1N2R z)wWG9La;YYQ2zPqU>uw$YG_4p(TPEz8`2eh)-7;kWMu0{JVOsR)7khT1wZpn6eMj7 z$0lLU&!Lgd31IX;MzO!Bd=g!}IL^R6rOn=kz5>3pJ+TG~fE!F57!2>*GuYf0=nwox zCm6&TQ;!}3pZ+^+LIw2lYMATw8lE6j?Jhh2cP-YHsTh?!jf*|4HeNp3e>!QPS~hIY z2oGr#S?tk44fYtZCH;B=sOHm4LUlGbH>uN?Z( zSFtz@mZR&IE{pK+zmkHnmxJz^n8@2qlQrQMHm9xM_avlR3a?yQK4Nb6=?i3MWD>VrlaG6yn2^sJhl&hG!B_l3vy?)g9Vn3Ts><`g zGa_wP&q@2Zn1wjctVWX60`Ut`46lpA`&b}sm|Mv~89cv|>y2ei- z1#pY=bP0#LJMQj5-OqHUDM5$=;&7ozoy zM4Q49ki~3pQ2)tUolk^4TOKSD!z_h;fcJgVmgSWZ@uA)uc~2x%r*qDHfX}YhT(${b zIjPb|914N}kwCw;#$c?%w!)<+7+Hp8O~Z7QV8HRE!~cXc)E;HuFU|~SaELX_jPe)v zv^dQ#2F4_FXeGQXa=ilYP&ewnY!s8o#>}jxW9^Uu8X|Oh#;7$<@?X0*@G@Xkic5{y zlIJbgbsxrts7+#-V6+~Xd19QLYWM>W(+z(xaspY4(YM)cN~j>JK!-P6Gh`kI2HG6> zw_8qER(qkpSGuEmf5?UE%QI`J|CEbzvnI4145{4Y;o%wLm6o0<9LpmLo#nq+vY+7mA9|sS%9+Ya5NWQ|H6!Xa25lF zwQ_Zc*fBx&zrV;ys^}*`E$$h|(*ko*Kv-ryxWftJw)MoHyihoJuoFR3=6J%X_GJ-w zaPYvjG#SY~VoX6#P5S)Q{O$~s%nXCw24!=UFVIuqqTAq4+a zas2PELgOw9fkbh(!aIDL~~Z0v6TjQhpEi34q}2Tn58yV3a1m~9F}Z^EjfIh@%5ZHg@EuQ6Pt9nd z0O2v~D%_RSwL5(;Az2VzPZ5!&Fv}6>r;tD-pyV@TAs^AW0f_vKd-v}7%L7_OD??zN z_s$))9sQ4Cr(1V}N{T0sjVb=?VM=CF->F%Z+K-K&#>VzcIZ`+tK}}scn@62FL@TnQ z2$-j;pI2?8cTrKlj_VFHN=?nAsYHAF{8dog>31&UoVqk=3&d&5^-VygN7@!;*hUKu zY=SM87P}5Sh3OXnEL4mCbCG)s;o4Fys8;{(qr2lrT#Az<8oRg0RiOO6s9!$NEn3HV z%T%>%d~{WYuGf^+%oKA!NtAJG%65#=A@F*L;yYSS&CwSyE$KkRW9#Es}_mbq4$s+)ASYVWq~|Myo>{Qj$y$tAzX z!%SRFE#X6Qrl2y-Uh=2^L*9EwHMwo;!%7tqaf^z8Qbe)PloAl6sfbd=LJLjlC4lrA znu<#Ay@(X)5IP|QEVR%ev{0oJLZl@?ApBn3dXD#=eK-4j|9&IGF(6=g*P3(9_00Cn zFYd39M@!8BP!$Pr&Z=FV^@vDFSf*YZP7{y08Lxp_Axp%2-b5yLpQSw)bO?WGOo>dq zz+xP@Zk3w+lL@+f--#t%Jr*8R-C0ll3g^n*UZf z5n*8!GCt>jNL!Lt>jw(I8*xakB>aWgk(l5hQvH>Go14G-Dn!6H?tZ&rmHC4G<$2LZ zO-)tJJM*18&7Oup-(vF{j|{x;2W%(py&oka@4YuuUjC=A zAczf#d!BcnKYzaJ36vcsOXv-&J$Vu}uRv+E!y&0iVVY0%!yWbgbaXIH368YE)LfR< zy%IT>U#`N3dN{F^5v6N9ixhP-O&^B zqa$dXvW|EdACMM6$Jr3DHMv{IH@h~ed;$7X9ET~$6N4E2y_AVT``XK_ars2qz`eSt zsW9;$+2+470t&%CTNDan!s(_d-4pD#m>eRc_s5_7Tqo!%6Bm06uYe~~BRLeOiJ#Ti zVks%*_syF4EI^xcEQ{IH|GLxGW&r(kz)WIjHCAd^;6C1WjD8PMGBAO3sR%jHq*v|3 zyU{jp)}?9FdWXv7ww$bcfea~`Qq%inK-azf*xN$WXxF&s8+MMkUzZu#)B3uLZd3ai zzf`T~FkE1)-!Z{~w#++fU~EUsB=UX6=n$E{$M1lf4vYZY1#Hb4>KMz%fiMAv zZ!0FM8KdzEh4lL^evJFgeg616B>gfa&(*cbP+(m4eu-@B<9ZtX#j}oHi?va!=Z?=E z=T0Mjq4~Ux*NoH4IgsO$8z?2uyI}Kr(9jh5PztwcPNO%ga6J;{C9rgo!*eG-3s+mL z1lSDjot>`n@}KP^K-OyH5EBoNpi5LZIyAi1IV*>tO;zKUi$&*M70sl#K;+2!ekq?ZXZV z(4n<@IU>H!p8a?>k#2uMO`7f34uS#G+$UyCn~#|uMSs8SJ*!-?VkrGmCC!N|9r%}CGut@krGck#;C9Z6_?&SHu>ke zE<0sktMs}& zw!?p74Pb$pZ@|Z<1+Y1?FAs<~{lW)-uV4E=eR%FqDwR7li=T}{GDcriHmEEMx$x*? zO=HVw5&40707j5`T#(G{+_GZ`J(sxlK^*zzCe4qH@$EU$#g`e?d}?Cs?yT3dCx8EE z!>{h2p*zQ7x2``?la$^LooQ$bXk#Sl4qlROP_F6!DzMVflxi{9K@YzLoeQW_y87qm zMaB9s)Rv)ES!w6^wd#Rd8@|mWgoBFSH&4A;F}u*0#$RzKo(|BpeKngeqDiK$Wpw3; zB9JCFcZ6T&{ovPqbJ6!ceN|9sV7Pw4BC5eZU^>8r?UIAH^Tij@Sgm#arynQC1^R`Q zlhc2{z9V;wWrG;DpD)mOPx|=FoQ>G32k!Zoe*SLkibS_J6UftNS^t!`2~V0_$<#eU zbcl-O18Zf+iCR)AW3vk~3pKj8tq+4S(hLtCut30|+0);xW?30Ygqc4@sWE$Im_sh z2&4~9%P`C~b@)%*9b)<~@-2bM`i46~E?f8Fk?wiM%bhWV7SZI1!FM;*Pio${M=&}6 zonUgXn{(vy38un`f474BexkD;DbYNWKN^GYIQ`*6hC0r54PaK`xHkhgun^(XN8XuD zEGfX$Dy&4v6T_X?Q8l>L4i~G8 zd(m1fH;Z5Oy$O}-5xB_?>^>Dci<_TWiG@N|&{mUXM4eZtW;T!~@c3M;3cCQw=F^GY z^ANK;!FJFt+Kn7N!RawF<}UDyRa5b{VGdoN`{wSeSBtq1MqL;B^J8>xq`i8Qr(5!{ z>6F>!_S#M2)j*Th(5t?mT}({nJ$;tQOa8DX=>d+ddH--^5FYe^s$VBr_*p_MbSrb2 zu4CX%Qf}XI)sHIOP0S1+p@G3MV1r~67pE9jEf47UY)1__fbQUCQa)gb+*s&!)}KgU z{2lc^ft$BPsouml5xp9gN-$P zW0e_&u+guoDH6%kL}N@dT`Bh4GcN5Wwt~kCoh8JJG^f5feNjKc8K#i-BDqV_vhh>j zEnGle)zqhDpoyC%M?f2?B0>+5jQj({BhgCd>ScGAgXyBAa98jHAuLss>3Q)hdCG)= zs=>3}hqU=wH@C_8(W`9=^hsWh<8=_G%;(Bc=Eb%A+^QBvnlm{q^tDb019~BjwTo&r zWLg9!J4;nEd_+TgEAcNDe-cdo%_SYqU5{K+=s*}={AoodnBs)ZLW0iSe8ld(^TGhq zkOvU)hpT_M*J40kWd`cQ3>s*oCfT1}`zp?2qyP{zByYS8Wezlr=g*0#lj_ChJ}bC3 zCc%4&JM3Zgg@%$#cOD2Hais`QZqx*eV6C2^>Qx!qy^l;TOL>jC3yN!4fpE=H55^0e z+1fh+wmXCqe082y#-pJ`hxjF9>v=%L@7z)EU5KJ)&g+Y*Kx-}7>_FRnLBZ!3EZjlx zEZt8KG=0Q#y<0&D;M-{F=!kI{_tIP(C=%qp7j&h|3>Cv~->V|l(vd7V6DU|07R)Br zy16oy2{d6+vx8$Kb**7xs#`bYLAViKj0--tvQF<(Lb8ZUcUs9SYz6Awx*m+r2`DuW zumTM`1AQ;qjiQurt68nx{Gn-6wZ6unHa>03kkU-Kf>wYMs@o<(w)hjVh!!_kI&O?q ziEagG>NJS2I|gElhO3n7^rHlTK8zPad>}RDusR-I8~bEe{H;li^(uhV5tY7yF+py% zuExw(6}DTxHJ#-Dc*<#HczmDu&>$Fk8!OS%M^%^88^tkzk`P{IT`93&c&l=$nlRaP z%XR~#o%GE#?c8vtZ{Mm3qHGuAj;Q0%w7D@*c?Y1{3yV~aF-+9cx^s9gvCdRr)EK5} zs@R@e(vuGLOB%kao*P%>)>*`N11LyI;o=1?ML06;WKTgb#R*9xb#-@#t~6Yy#lCQ8 z*IH-Cjm6@EJ}5=%^bBa7Iu%qktlM-_I3Ok)7X>jb1m&>V&Kmmd(@lPf3raXe1>8vi z@!;~j>Y++_QYPEl5_z=8v3mZl*vE3G&wk#F<~&3Bl(b3t zr7N>C=3THawI4)yA&&}N=k&S(sziWvGxFGc*mN1zV+CmDO?LX}UHoNo^T+v+HKv>1 z6Z{@7s(R1==YeSom!)P}%5EsBP>#FaKo@ad!trB4YiV0sTNK!)S{|UwuLZSpf=ixX z;q0@zG8e6QLtV)9KCj#NQRc3ko*M;AJj*#elojU&vaP!vX%$0rQ35a&I_*=Kiq5li%v?vAR>1DMT1K zZm+{E=F^7srwORrXusyR5I94&+-jv7vRvq{bxxBe-h0tl;8jbQIXYzIH@?2 zs=vk6wegn6r#$V@P^yM)^jm`>#}I6ouG9%mE7EvU2~dOVgVAi;vhKD@{618)I*~b= zkw`}YUH@z_9r%jPy0mhqvkh%O{#7rT)4ZrB-+Hv%ASD5&Ri}OO*r6nZb!jO$wi-Jl z$n5Ccft9gIrMpGO(9%nRy)m@oaAG@0m5NKcW9o|zbf4s>YbgG(KFN~R5Li%v@j zlFGi5QsORI>?ivNRe$24Cv2RORZ1Uj(>7b$!TBYHi9ml@buU%X@S_5Ia|1B5P0k*d zU(6MQLz{t*nNd=)>yC>>H$Qw(PCzJLOCVOo?Cl6{3OHOl*z*0s^>7nk6!d0N=vP&} zI6GB`1eT9Q%Dv1bC*j7rFD-jmwZojd6FHiaXKGx}W%QC#4BtvF6BEW$-9rlLc5@;>q-6OJW=t|(!9T$ZBq$TxcFL(oAbv8jE!g#caB(hCDJOm5lBBPEhr zBXps!>UE@cKgaiv8?3UXGSLpO$TQjAIFtc9)cZZa;iwJSZ^8?<)Ld}}D49GSSDLtE zoM(pAyn&V_XA7OjuZcEGRHloAqP-T-%!`c(fUDJw^YZl}?-U8T=$*u``UCZk+0J2r z&aKEyG=n($cXuy@}R^HlZj1$-y72WBHrEXe8oHG<^ z+z#z+t6+^vf`2S$xYh5FG*l_xI+fzD2MleAu3nQU!{hJ>PN>jWh(v*|Ji9-&o z2TOHEK$d369!Y)d7sUHS_dE4c0x-pDnt-v51-Jr5I+yp^0<}v`-8RsX=J6Y!VBIZOaTZ zV!H_vEUv;rrL_}X^>l&N?+>@TL(tdYLxD(xI_>2hqS`)qbHfni)-6Dt2cSo$rsiDwEm#Z9_6i zrC`9i{>4o>e;v2})&hI%m+FplUeC6LvPaobCw;#isomNTsWi>+XwWqn$RNWwpo-cWUUrsZ)ZkXw+jMojYWSK^mYs-kb zu79gjsRiaL$%Xdvr2#ZX@h`Fy>zmV~A{GsVhoqqAefIWv2O7xFnCaV49GR9!>R2i;@;o1Ik_e9^^HCjWV~(H?`cw*m?km&Akqw za(+X@gxO~#-Y4Hg=dxM}QHhnd!}_UCVoq97P#Dx?rPjJ&Wm)zqBF^RE%2oO?fo(g* zCL4`<&gho!mSPx@>UF8yV}uA!DH|@WlRCr43b0Cn zUo2NA-bf35HclC>u}XE&Ws2k{a6Q&k^KZ@5h=2<$bKxSaBp?a98~%6=w_Qv$NdR|A zF998XWo?y|onh<(!&(mDzUB}RRl|KRkuo*tpU z_p64Wnkqd#eR|)NV+-M`XZUrd%WTH$q>5v`!9*lbzL@zq`@39>FD19(9c1fROq{vc zou!CVVh-8;B!3kgv?d7DpzB3WMM(OFrq^=FkWCz9PlmiC9naSFd-sj{nxWJc%e;Qe z@`4R(M5y~yk6dIwW*Dhsm8Vf~`BC1}KWe`p%DhJ8sysI-&2)s0t7UIXy0mj?$yDs( zGcNkApwYHAhjw9nd~%5(ax2S)O}hdLZxj4Dl*-_;8z~Bn?Z4SGNM+k7;J@myn|{fP z`*5Pp$M`3s>2irHG3$0Qy@NHz?cgT#v0M+UmK%pFwc{s}|h5lfT#ACHKbTnTU%irngW(^IlQbZyKOa$4b(~_q}LiW6w zL*}~`$!o~d6&?*)=b`n^ORh`Y4?zPm*ToU)!Bn52|^3-t?ZEF(|O2G*~Ol2qD{o$EO>-*1A+Yt z(fE<40+F)?;Zxf##WR5bG${vvGlPdLHXr|aDE~}k`~_<3OO)N&`=)2xJ6ZoL{vlf? z3()ILH_&oKp#1}UNt40(okh$^xTH!}haqPMeOOY8yh9oDYwftk13q_@rz8_iNRKn$pNR6K!T^&3{*TpMLi~{?~RZV4`ZtkjsTsmt? znp_esw0Po-Iqkbt&Uy&zXSmz=0_1pnnH>CBX8*KXoET&9;fI4oeu3X#sY z$ACV5%B5>XVZrj5LeGZnx3E<=$#H<^-ytT^G{MW$SUaf668ody@%WjZd8K|9+gE+V#MvC0AWOy3$Yv2Aa_b|+lB7E;r zs$Zm$;;&!zIXXQ%+xnSN#@gT5pT)>uf?3ZoJjrb~z9Bto>^M!Bsacj%;F7ZBcsZC` zTekd`@CVD7{)x916+JvWSIVHE^lD>ZnQY}8xBDAR*jS01PU2% zu>pluh-xhX*Y957k?N<9TdofkFj0S{AxRUvJ>#umpDYavXyS^7Pi;}ZGL#%W9Sytf8p{-_ z4j?2&V#jw3!_2Q2fE|@9M_hHhx0Wa7Wi;`NTHM8gRM(VQ2XCUp(2Eaw#ccAPdO&Ke z^}20HJC1ib*j)1%40f%%fq_K7FxCGVN?SDWIW)A5q-p#0o0eC)fV#|T(lUG|25b}l z?kK*qg~Ma1#2y2wMBBaWGtcslAkRD)-;TUF(-lH?j+K>NY7PGSfH77G*lC)`=BrqH5A7w#B|+l(e1E zU^|x=ouHyY8L8B!;9tnNIH()4JUYCy<&N*{h94IB-p`K$UF^tO7%sjC%q7ybyKU={ z3vcC}Heg~FiRzubbwJzFU=j6^u+btxj>tdtAZ?QF*m;R3%Lt;r+s;bUO!4RAk$FXR zIz2rXSgt?TySpbsq_pi=$#yd?>KA%0>*0-5%Ddk<_@ejd^q@3kr{I6rJ_Lf+eWHjYB_fcX5F4dW*VW+T@@WlP*T1( zJHW$#h9Sb_zUJV2_cS%DsEg}>4ct^+B$J+(Rw#6OT z1t!+eE#s|DA4u||U=s>6yeGu;NjxT}(+z&JugQIK@wUg{*!hGeh7h#J#co(#@fQt? zMACR1H)YMVV&KxT7Mmm+d_1T<@jg9M*||2ZyoTazj&5x-39ZQ1w$u4GaEAHvMqz}7 zb2ido{I6unBW=T#;R|k)y_eJ<^No}!#l)=wHbmXGBtd1P0?)yRbNEpDF)M(zrToKo zi(o3LHDryXY1TZX;3OJvj8VkS2Aix^B(Hw`w6VIHVGG%v^BO?my;;XGo3wrCvU6s5#B*#1nPqkA++D*v0x4UJB)Mg8# zr%08h0s1vIiMQ6eFT~%HdEv8^6X3j#k6aPfcnf{b%n%`k`>tv~*0mgAx-6v!1=YrS zUUvva7&Jjk+Ni8-BZWhkt|fzkt1v=O$m8o7mbERR?nAnW&{VkTM`N>9Z{FvSp@U2! zkkI>RaG0#*yu0n-_$v(UL#1KE2a*d6bn&>C%`v7eaI?haQ(I9$93M`Q|d2IcJ^w=q{>QJ zC*8;hY$xXi^e@#2oIsm!Nf#P`w;ac6s)VtnhYM4Q9{C1$HjcZ16*vcs(Dp4 zn=T!r5wk3wddqX2pd6_U0#QPA5@M+xZG-WRkffB&T0Nde1E8w9i7Iv;CX0|;#Fgif z@s99S8xz))Ieka*L_yuideQ$b(WoFOL*ge?uhkt86AFak44350^Dnt55^j_)AqEfwRE=X@fk=MfIQ8G;a~Ix zH9J`UHr4&ptUNhs?)cp)lJ~L2?Y2JyyuPpbzPHZsUzCy>-OI?#9D?Y<)vla6xho>% z9V@;0!bYb8DcE$*LHUu|`OWuc?`dK&n<8Zccc%Nhqb^ zvEFX-?u=kGD=OKr9g(V|Le#13mxPD#YceoNqE?VE?K z*@($Cvwk}(Xsz$B&zvt%c89Rsb?cd3KBz0dL=TJ~Du>a2Q&6O*^5@0Ofx`V%!rL0I zO0Ccc-9+%%(CPDPHXbOkbm~X5NPETwv~I{e`qNI%K!Ff4P3xWW(z}$a9zR#rWk{6( zf(#pWL^H{A4pFcwdswG}gxtvP@i0689m34QDuPQ-*~coxSX4Fg(>I}b#Ph&fi7l{p zb;%$*`EnESK0)NHtqfC_k5c7L_2VyYCG*yJ|z>I;sqlj%@o0i7KJhA9jF>1_Xnvl0Y zKeT>~$rXNif@CRAR85wVVV<93L5B!y)L40$w=q}+V(H=Xw~JS8T`5>y-M%&8 zOh(F{GT^5lZw757oH&*EiTO>=-?Or0B*`LZn)SVP>XMw4!E1AV2#ctgr}s5X6O6Mw zys0W|v(I&R5+dwxcwg0EHG65iwS9h8W<55+S_=%RU(yV$m7!0xhbbTV_X+cLKiQ0G zi9+f@%RGf_lWTW36xRaHFd439(}E)F%U!xOfT1zt7=5Y(g6OK1P8a9!brm_#-`war zzPh}Q&bif2BP@nE$RR9-@o%$0?NY3V>Xd|(_w;6>VXp1Rx1Kj> zY}t2fBtk0cjgx){CTZ`FigetMjHGcY<`BJd?P{drnvz*NOlZl#+WezHlFReM?W&8? z!;86(k4Kb)m5hgb+TTj5mkv-L$EKJSy<%_H;}B|Dc5*)c7vAJ=3S@Wah={~yP0OrI zBt9|oF{;siAk_WAc*o6InYQc}XMm?%t`O<=B7DRPD!67qx(nU?bb)D_72p!}l1S(b z)90U_m*&sNrb|$v7mW~NI+e)Qaf>Z!xBr_SL1xEH3~(j1C5^{gajP5OZpRxuv=;85 z!NC5k(~`}ltF?Edf1svDlmX^QID-e4nU21?E7QOkZLx@VZT=^)twutX8h@&dhY??lBf5&}qo9ijX$pygOD|+U6wZ)^Kh{ zORi+FXn0`(o05fgrm=~;wnh2-eyrL0Bt%*7l}N{tmd5mCkd|}nrvi{6Ay4*tp^Pi# z*!=hek$AU2lf{S&@$2npv=Q<7wG5m66Mg?i-^V!*Gh`g2X<5vv zHbf0>L|-Pxgi{W;1e6Z6=AQ;DYYaWQTJ(l$kX@E<1A1*6m4?$1iSgC5H<@n0we6)s zQoh%GQH_}x)cS+)@6Y^SOaJjLYfZgAV;EYtKR{rSdng!DkA_^D=_z}Vpqx-?0<=M+ z_0BQGp*z<&iU^6-K7-3Vs3kz7)3MJZGy8Wc4J^WO$(8}Njp?bAv~xqpDip@IWsu%? zMw^uxTPT?cARhjLr(JTCrfM8Ljb|3h;R~ts*2UJv44AjnI-;l(yZIwpmiVt<_;Y^4 z;b~-QzlM^8f<(H@z#3^#Q=#{-9uzO3 zq9(ZeEE&ZTg|+qWfX+HC3_sf12n;lCYxnnaxIat)j2=Wo>-_i0J%Q3GXUie2|EbLU zMJJew*-l2VzdeSH2F5pFHMweS-tez6a1r3pTRZc;LgQmm+N$?({ERJcR8PH-cYMRT?Xj9IrQ}|RHh86blj>b*g;lm zo;ZgE&>-Xda9M&*?r&Rs|NLQQ!yLIH8w_=mC69I`&hNR=K#l_sX-+xG&8`5m{kHvF zp4t2&p|jMa|F6N!zZSH_=IeEmGjZwhRX}1lKcimk+T&vA!w~pvgh^V91S#8FFkEfc zI$V{X4VB{$PQO;6_M&(L`%j_DGUZoW&8&>U58R^1nuwi|YoWG+sDapK zjwXTV+9b!D_$q?Xw~3gDQE`O|E+`00uN6Zps45XaXmrv3a=WvThh%*doN~3MueKFAk48EReEmTv-hqJu?!6yZC?bYC16_qkV;g- zA0L9{r9V1TcrC^y8*)807-|4a7EE*Z?Qa)0UY`K*lz>#SWF{)$}pJGpjUT;Q2uo9cylvQ3X*9ZD>r9a9f|HiZOeNzwR;AFcQ zy;!N(n(qHco~@VRK*+hi9+?IJW=w}LpV=Zgjf!ulomp+Z&@eM@X`5>3l+`+iX-yT-zDOlYOENg@A% z>VBW^#QEUZD!taeQ)e_8PUu#bh?vY)$|&CzZmuzD89tvb2lId>xoh!mk)n5ZC$xgq z^-4{$^MwuJ0AaL&FXM6-urj6YFAa{f)|z1b%vA`*jxWz3nxqy_vXp#fZq2 z>jSms3e)=Y-2zHBlBM8JB^DXLI|;yt^|o$j@_x;7woI8e|)|WA(uo(W&QB3^J2D}gp`I<^)+7T@4_{0W1)6$ zM;ZG|4k(&GL~((E$DfZ`@usa@l)2Zskel{iq7tG zl?yyo8}WIx&F@DOhd^T9$i!M{69mWRg3B@6T1m)xdAU-58ncV5vDOu<37n4O zRMis^#@-}$t^;bLEZl5apHFX&R)$q3qgC>9`2a)K(%$I~)P!kUHj8wv6nO%6)g8o}~1B>U>gvciby1uq8X z{A(dcL(py?8!|)N%UR5w_G&GKzFSJsQ!qT0r8F!OFE4d$&f7lUFI1qU5i|eVvd!&B zQK-l{-@!x5qjQhFX&NL23By#_!2?Z}IZ$%>L5lTD3Qa*xrgneIr9aqv;IG&e^~sLG z$n)@(kuOi7KyOX^E^eZ6m_M^Y559~3b{nZYhXC9lZv(MwZ8_Fs8ndw*_>sQx<2Ig< z#;g2muwfdM=oKfg_p$04C|c*>ahbu(@fd~mcUn7ZAKs{cKbt2O+Zyv+(8#8C0%-`Y z_{01Sg@8EVKqkG+E^?x3;hBC<@xx~LUZW7;1XX;BE**m(E`2*3O!mWcN=WJC5XG-0`)5G0*5HHM`@M9Hpk}r8h zPZ8BAz3 z(D|*$!$>~gG%r}A@wo%^k~QMcVHm@LWk9FXLd|)ok2TR*+v8%_trNx7c1|xomH5RQ zI3#5BLn^O^`Bo@#8j4P~Tr5eqh!pV_X@3oeXI@Ww;Ov6?sF22Wq|7>jODrixaCG<{ zMf*nW9$DY_7J2!o(!*yIZom~2+4)`$CYBN|*c)?3-XxX4R{U!gAszLRLFM~*sDHza ze~F?p(qt{=uVry|`HE-WL;)1dhusK$BAic3TLi!ckFp>0^A<&|m))zdMP)6}QFiDU zE7+8;CfxPww*Wa|PaRuDFV&Fjhcq4uxZO-?ZytwUY6z+(*|VRc_uW-DvoxgV+KQuDFPm<#-SX@`ET&MeFUMvX63>*a>*+;v; zA&}5r$M=_e_?IBtZsOgOLX#7u%_cBU{SObHwFar^``f00pzjlVzVqOF6!{ySg;-#U=fw}p zW5?=&lIcO2L?tBCmhg8d7of0V4-FeDEC}^@5|f8Nnwnp5>Jnyt}3Wj#fMh9DSe0UD$M>#`ybN1}Z+ob^7a@ zD=?z2?_P3UFoP{Y@y(zY0h0M1!ds(^9`}2BEM8!*-UVVgo*>)6d7}BJ^4g$LpjXEQ#hTac zoa^`a`Jx<_Q^UWRmEp5B)zvLZuac2Uq+vs~Ya*!l$rQoclLuEzq{Hw?IEPdXf785SF$L4%GO2q84~ zz*SDEsl_QxFUJ``#HMSc%R?S6%`x-=E>Wrl7lw?yNj(?5^%ox(m-H1O0Z#{FI2s`; zX}sCsX5ae0;2SXih%zqtG@GJ{9b?gS5EsPwYvaj^>GB zdhL=ru2hDrvS5=J#t{~x_<6^k_bFNAzc}RCNc8FYIV_wgr)J`Q5_^o-|i(kzEZQvg7qpl|sRxa;c zbF9^t)g_FvZKG->ehajT7OmPEqFzmE$;y?>9`^2==qF4qj=FEXK3ToYF9CmMwL!%6QplQU>S6#)JrK<=&7D-9kC{TGt^|>|mzDX!+7n8sX*P+iQ1(+v~_*B`Q$|hOK{dZTEeS zlSl6M`0<#B1%1on@%gUMR32-pT^`uvHC-@c|G9T89a9et9jAgYe5oKJ`5>jJiCf`?W`7n!YvC6{3jW6irkHWTZbhQ;X$WzL9 z9t~C3szuS**SO;hjD>nE4=v8avs-2@$y7DiNOL`Xc83YO&oEiH2iog9qgt$kl1>kv z^^G{$upLEBCm_AK-HW~o7{q(vBARB0w`j47?Kec|m)`(pe5!8DFz=dUah!bVjI>FI zWQ8K-E2C00d9$;0#zj!DqQ3;^62I0vF)EBt77+BR;F-O$bP(aw|2SxzKC=0;AN-3F zbwy!<6=?P)@7;R!i1_8NlQvhbMN;Qgph~>#XM*<%VhxaIw;~Bs-jahEf~U7O=mYQi z8xkECto#fm;|#U*tU!H)>UfY+E{#VGUyeLa@!BAUT$vppF|ln`(FtQv8mCT2)d-f@kfCB*3*V0u!ltrp!obQtMFOK3lLz{$HOgX#^Gh1) zD&&$l+Ep}0KYM^GiM9=m_i3iYRq{?P?8f9oTH}OQ(Qz)kAnx zp;MT|RA}!^7Tzh+h%~E+HD&1;2Abf~<=!QvR3cRw8>7@6V$XD)_mK^2;aKfs9vr4~WP9+Rfh|kKo{o zVCTeo`uW1Vw;$Lp0G2wzBr`t0sCso95};T@XUZ=c4^lX0ZQ*AQZtkYF01YZzp!s^q z54QDYPDc!gd}c5k*v`f}4FQg(1)gi5R8gQABW*T!MgPtLxRFn0-hfa@O}At$|oI zOu7>UdgyGmB9J2j6tWeM7xIR;V^Gt9TVTi;Ee4-md-Z2ts6paFY;a^U&@mH8_h576mD*OZdH$ETuyx^+)BVj8BsnH<;^!u z_&t&Hf8-$kV`I}Q_S1G)o_t@JaexzR{@;i2|Kq;{e`fL8iCim%?Y~dH{Uy){dq+Xl zob~PLGu8i22>T!AbOyL6IvgE;mdgCD!+-UVzrA-~9`G3-ujF38{NF2~1pNt4u$hF! ze`(kO#mPtqT%a7+r*TXNIUxVBRkF!IAyk3z`Sbt1Y#yltr4mnSueH(r7aR1aB}?l7 zgwr1%67t{6Cg+N*kM%YE)3Y!C*9CX*w-3z#;b4^&6#jeJJUInaPn|A0>TnZQSwJ3uLhPG%t&^HN6v7shV+pB$hiCEs;^ygqkun@sfV$6(fl z8lhT_(n1kZ-_+;b2I6OFL04(l&h}!;&L)~2=!u*@EC*RXPAtbQaghxj?P0}V6m_(y zzszN0k^$~+)h2UEDtR1Sa+Wk1O3UH-P~QV5y5EhNo#L)oHaDHCRgnKajbEaR=|oTX}djHf5{A$|o9eKt9w~1+GY{*=Q{G+EOp5hvVyb zfqt=Y-lAIAurmn;%g=A4X4fcnz<~r& zswRndr{od3IfwTL8{X!^k8@cGhgc;l&dtt#`De}z!S*myk;QFy<**Q%`9VW1hQ98J z^Kg*wadKS_+K?Tik1aP?mpE0bCMDfKdP(BmhE99GPPT>Wmt z?&Rnn-NaWODR$m=-WjvI&r(ejwnW3UM?LTho{-JF_9IvmQ{wW}{YEY3W8i1wmHJj| zDNcBBHLFWt;!N2;DCz_#aQm3`)v#Mn{46Et%KrVp4c67?O4aGKArcP6wMLJE%H z6A3&gD|)EDzE-x&C)>X*L~v?Lg)}xM*eAwoC>Z6a$|eT}240esgx8qTTI;E+|1sxW zf7I^zKicRpYu~VTL$l9bZ5+WMIf;a?9b`B2QUam8`6Xri-q&Rh+=Y#$JP!6{=p=Lk zI2HA4hTdN6U+VA|NMjy7IP9HqMti4D@3pM{xzsv?jaa4HJ$XX8uJ_Ha{fQ90{K(1{ z;3zmR4XUf)d=1J?P%)H*i;U9_l7@n;mtX&bdrkHoeFlb;gKf;n58C$J$jSPaTC)vi zg8eaa+?1lstYHV>1ts@OCXsxBSA)mcn%76%T74&J{NF7kQueXCW3EA5r=ym_AItVe~pGDyn&+!T%CBw^1dxT7t*} z=jD;Bmy_)LUfv#C<5JIl_wMM{Hnu3UwpKSpdfOa1G~1qNvOH295gExH!0!IhfE})` zqjOEztRo6o>H|4B-!k*=+pBA9xNL<`_LBAw1bTY<4+N{yQV0g5U1lD>o3C5_NWyWR zQ_6!7wLA(}0ve?(g`>tblAT7NyW0IJV7*OliUHf$j4u-e*N3+TL9 zDdfn=h>qIjp((UGh2uX06}}lqGDz`DpX8**QiBO(&$4^#Rfe4Ke$Es-yZ4pHmq@z^ zL#{>iVU9iMB>B7F#3nh;_7&ZQvg4jIo6wiz%%sn2T${HBNMf7PB5PvQlM`A9ByXEi z-%^0T882^pT@EqbuzVzMU_uL1^axvDQSK?Agu2H)D-S%W!YHMHT*1yaaw-=0@5 z=H}%lVVlFbXYxxsA`EsHHPa90A;}v>ChPOvPlu`LWB9Z$h>bc%@^7!D?(r#{cY0D> z(@KcC`gppL%{FRj$=VI5L)`Hh-ddZ(yx3k};NIJrlgV4}_1iZ|?C$ei+LbnXBkl}c zh{@M%8G3MMD5B#*r+lXYrKMB#T8HE%US5>#2exDhrwEKKQYu&3MZ{;Lj^NVX7x$ z?(7n%bIGB0^n54~MfnF38H7_T=%;7}cX!JWm#CcI%x^@LCU_*P%2TU2PW|uTt^$8hjQIk3!#9mD+gXwvZWX zjU1(J-oI?|MHo1J7`l2seQH?%lP^;|)KwyCr^(DPyhA1;1%LGI*ofXIj_;8x8Pd?4 z!^Cm#aYl{ZowZK+(sUZ;c4=^=yuUNPYU;R5F@aWQ({~+*(FD+pDStV%E$#;4LzCy$ zOl+px+N>yx#8n7kdStdO-iXpbbWqDbT1{rxv3tT;6rE;?kZBBNyA0UkcwM^&YS72c zH{2oj#qq|WvEOB%{D<@PSJtFnnyHw@7y;b)=(kiY_sm@TCO{0^y%QXQZ~DQdp|r$1 zPqGZ_I6z0j=KPs&wX99nyGom94Kx!0E;h$_qfw&1@MMBZrm5)w2VpzWu>B~1Wkcy? zTM3j#d(9MGVQOJ4>4w<}I@8?Q8S66U)^tWdt5{Z`_WNzN6I+0C+!Z^v6nyr^Cz@u} z1d$fghY(=kTN=pSVP|s%+VGN&378QO6m$&9S5;y)An>9IZPe%3T|Wk2u0es2%Qe{P z+O>|r#a!QH);?0p<<#bo^O8FgT9EZt-l9#2UQ9m#5?g7iw@<$SiLfn3YwBB2K7+g9 z1&AXKp#a(t&7BG3x-&iE&>5|1;DxTh#5R;jgx92i)z!mwJ#gjD9hTX1{lHZ3y%Cz@ z=dN5%c8u8BY?7(aewnSBd~HD2A-HyHHnAs5g$G|fQqd3krtpZ0=Ga+IH#axue8IZS z3zKnyXZRy#P_ar#=>OyF&BLMY-}m7=io3*gr&6|2Zlr~>W*w5GES0jaS&}{bHY0>e z2qDB+vM*yF3^Pfxg{*_I?~IwTjWNcI=k31l&-eFzj^p{=^?8o@rz3wD@AvCxi-O=szXWKTFLgw%Fue}>~r^6*}3268zs1R*%hi*jH7%ICwcMQc)Ht{qawp9 zMg}z^j$Ii=t*ZkC@%AdtPHx3KCZWO7%`3J^W(#i~!sv(~dM71t=Cw#xh;?W@Hef1N zgFjXcq%?4*NUcF=WVS_t#rBu7Z5ipvP4hl^alv$!ZQmxuv_QJ$iDLZ`minO#_!OFr z@%*nR^D59{jPj*~3R|O3(aJ5LknaYvCkIv=!Q-@th);Hg$k>YAPQeAb;jVo6~@lknh6{-iW++=_#KrD?rJOS{Q8=cAU_cU#KhqVy0DEmNzVaW%qSl-e#Jmd!2a!E0ts-P?uY5)!Igt#dnmbHtV= zET#u^>nvtPip2?Qr#w=q-rDl4+nI@UPL-YTRZA2z;~rEVnN?@+{^_{tUngatNTm(* z@R(h#q+XvpJ7FC^OTYn?dm=5BDLPOU2r$1lSPEER?d4Sav$yF~vAc*B3D z1TQwhwiJu!X}a*u?V!;fWztro(K2iMC<){I1h(`<{{ba*9Aq%evUex(^NT~we~OFu zaB%UQDhOla5Sj z-dM^A{c0Q22oSLOai7TqAlU2oTlW;2ej9BHWyN0VC#3UvO>TKFdbgdA7+4wOfb6*` zG!6eY5A0%bJ$2)!cENwY_*PhrAGfdKcBjyZ0VE4VnDe)o zKaak=d0vh@phvLh6wxV`D7>sN|6XseK3+#&)QYC7O#M0(#jjMaADlcYDk-VQ?>F}c zPg&8S+Mu0gu+2dJgN@J3pjUPY#IUvcPEhY=C<#H(8~Xq=u*fcX$Mc?&XKBceR+i-sT0XPRN%bl=536 zXrUz59@g}jZ8^8!8o`$uWwR*CTN5$dCySa&wxLUpQybUNrPg?Iz#n4Bt}ZlkDN?eb z{n9cM;MY`U4cnQHcpP%SH3sa8kA^UO_iLNO*(-5?1>w7j3JFX@-x#xTZX{1XqImi? zz|m{~?PDX-V($y+{UH5-RZHEW99XyjBz(xNY9+PAu>6aR{UjPnW~Ve8`?#c#kuvvE zWt^QhhkqNfi7`l(>pk;JQrLFs3&5~5#6v4Xr;UYVeycUIE@L~^jJfQ6lVE(z-`2na?8ncELvf}8`g?R)s%oJe1dvq?b1 zB0R|azzQc>+EL#*qNGn*M5Hw_Au&J|e(C&NpewQbluIkpUs+&($(*QBx=krhfC&b(#GXuTzl<+!Igr4Ito;5_+>W?im}WSeRqk)3CrQ!Fd2_ybs!^O}Yb6 zdpEct<$*WANWAz)xACLZMP`mC)`Dy178h}P#+7#3B|6UJmBE@uJV_o!w~1Q(X8Y65 z!M`pIS=I_@a5I?957`6b7N5JtMS5=twDo3KjEhc&|*U<0#x6n2Wn7NrR) zKE@4r(4$xI*BQ|J;7JgLf56MqeEN8~Ilqw}@oBg;;k(d4hIwP0c^xq|NQ$%MDtVjW zTLbs$@`4N1F*Qekkj!Yn>*660`V$fo4g@C?@3H5tkL8AcWU4uj0Kn`MAWpepC=&tR zN>9GNxv0d*rEexN(=c0wBmKan}H9T+Mz*!exs6$49HCSPzdwWn#X= zX(s<&E_k5Wq~&8StRU`@nZzR_KbxjAe1x(zN@y*u4)+gyLSjSq0McUUB6ANbMe&tc zUiaqtZTcbsb$o>gEpTM__M%-+exe-)iEdmnw==~+Gt7ky;|@u)~qhIXoq zJAipcr_YF+H)u51XY}+a)0|=|dx^cbwr@V=nkqDU;h6Fa`RUVF&>L?V7l(HK|KivK z8G!xiSIKj$Qm+8SHx_7ol%$ct3dReZtA~6DRnzyf|97Wd8uQh{^s!gK{ zEnF7GrO!GB3B<8z#f>}9a5W`qln>Xf9i;Y=6aJknicg9q5U-;lxmd-(t7 zrvNfO&-LCq)Xe!^O!&I*Ig-?k{JV`u{UuspYX%AaJi>Eitibsd!E|3Y$QpEtHkFQ0 z1U+2yD@&!Mat)>I(CzTjH^%lj8_@n;p|strWi<1^;z@H{`6Kan2?@45_TC2c0nc;F zfwj)N(-Gi~+UK*YHFmGHtAJ_z0e$Tc*HkA0NJ^-KBYmsO#{_NN${~8`Qelmml~tzw zZwRr*07^7Y2EY!92ot23OXFpyzE7`BJ-Vd5Dbz(cGTFn-tbu%h4gmuBeq&?9caZj} zICn8IHugN$%qK0azh4(}weo3CsW%KzdjD|F>l`$&xGESfCb} z5=vogPDHFv25~c1usD*>4*e`_W|=1WkQ9|S`J35{?Gr3Fb^;&})l38&l7gS~on;R~ z6&GtU)?!j(3r|dSE_7hn$Lu2z4F2b>ys>P3qWveMl*KtC%;z}sx|;b zIp|R`KSCF-TtgR1GQBXGSJ6ikIwI@i)&FAJqesbrv6TmD=duW#F5ITp%Pi(Lb%e5l zYCIZND>~;O`&8Y5I>)fx{LUj>rj}*_?SW^~xrzF-Q}MYZ8P8o4?B;ognYc zGuF)F7<*eGb&c!H$xqTS3<*u!KbHpK5kvTZzP)V0uiLWX_i64i0|p=TT>>jPu%yi( z=3x*he?%FOz^=Mt=rw!u;z6-M%(;snDzOE$f0?yvfLyo(k<~!1^8Up?vu{Vm0gs?} zD9y7^^YQ4{Gl7c=lk1Z8E7$w``ktf?`0k@7>7`n!GTP=)@?%%E4uDU%Q2p| zf~H!4#v}lO&NyxU(~WGn_vkYT=&q*%0&uZ3``mTz=;+Iw4Vx`{3PIh z_J~-w$WNUL1 zo562(0bqx8w;i29|D;1d*hmG&7!+f`g!B@y5JzsxmY zIW9a=GafLVECKvf{CT@x79J|qPLVpQukP#!n8gez(^f09RLjM#Z3CjsI}_K&K~S_; z8c=V$l+w5jgyh8a*;ZUeuc%(`E0|~Rtb=8t-Mhi#MdgtSdAB^=7gO?;y&G1x9RpmF zlat*E)!4syiz}L%%YJHT$_lyUrJtmytMph(ZIzg46OB|rj(3Iqn&x&VS|!^&R73xE zh;`#sdM&U+r7VVx@%k{eR^a?l?D3E$fs3YYfZFZXD7eBr8bRsP^9 zDV5rcjL+$ncA+KDUO1?$hvld8TZCFmzj{O}cw`K45q}O~+O@);?2xK1BP;6@qkDN| zmazWv?5{PHI0*g7r%Z85Z?s;Cwd7`}mD6Ig^8MLqM{8siuCtMMZjCFBfgdm(2)}Fe zSG#v_5kAdO)D};fOMMt*X{~26ORaF@6u&rBR2f`l?6T{NTgW^5rdrMZwaYNnHT5^6 zo+$V)CB=i%^`B}2Hlg0%@3;`usUJ>^+%~U@F(BG@^fP~(^qF_z!%ZZhq{-b13~u<2 z*cc>mf2;26Uj%_Zm(J$WC`$xEX<@Ch$wq?~Y9D7USWA5FHTd}}RjYr(IQINnh43%2 zHcsdrk#W3|Cb_l%lEIaa!vv4EthNqSB2@km@0tCw*&XLXO>?R{A_Zy4xP*X>??!D< zllpBIKDvI&y0Es0D%ugjB0VCu-3M(UiRi|FyE;0FfWU9;g2A6RLc!Dq_MY_Qp(z%A zD}Ts&T0-toD~ntb#L*wq`!-8l#iL0fXX9z~2L@(qEwVd`NJ=O*C+>DacgqpXZDP`~ zf;AG4cpDCfO&sl*OQ@!t`SsRw6#+S>WwEvhFVA-?>Hd3rS(~4{IvX4iePn~Z?~K<3 zLW_dU7Y%qjpO4bT`O~oig_b8K(z`Wi78|o3a|@1Q@%P)w{E-=7p(s7QJNwec-X+3~*Psv^0rFtgO$FKqnH zSWi7765GR;5>-W6+4<#7N53((pSYG8$9-k_2!83ssz_^gE|*5Aa_WLjr%_(o6}<_b z%W51vwFadcSRKCkL`T7<@*D-9j=ivZHXR0%HtT(^%~&NbL{OCorHG=WJ&teLYY^~E z&ujNfC;Cw0{YnGw?QLRROT}V0H;gy`eFeq;>u$w~oM;y?c^1N--9x}bjj0Gd{}A_fvDUX8Vh20;dDza z3MVbTi?8i1Qu+PF^r8bR0x7R=9++9$E*eC9$>==Gsiy3qrYX2^`*{rIUK3Qet zG2e3C)p%L*cG|_Dy)JQ}gf_liyWSBw-{qtHt{RVxK!n!u2P{n%X`mrFCP6+J_UNb% z-iC--((;}+b`l=w8%on735wSmX?ibeG_o1bQEf?Fw2zC7*U)_`ZE*L7EHawGsGIUC zS1p^Sbtzh0{tl6cUAr?B6rF5$`d0f&N&CMWi2Sb}8I``nH_gkUlSaf&HgL9kYBVN| z_8d_>CMq7+imxC!)6Tn{~IJkh!Ths^=AO3+VRSc@dG-?$!(a!G#j#~t7=?tka z@_fV?@CU;1{S$1t?2sA5U++fx%zx~bL|b^MM}t6`id{p#JJ(mWMmD=QnC+0P5Ug;$ z*<(zJN#vZkuCfTGVdV*~#FfOqkv84hLE{v`(JlA)#Q5gE_v^$qgU$(z*Lx>+nbdTQ zQ6uLq5a{!ji&w7^8rS=8o<9fe_#Fq46znf0>$bz~IxjRCy2k9^>A2hgp_a5hONkd+ zO!rGUeopbu?$(O1Evmz|X(nf*`{nD6?f@`t7XM-two{fpCj!|^4@70D5bO7^n?P0+ zMB3T~!`m~NX@I4;t%PgS6Tel`ew_Nfq{qvoZ|%;#ra;B*xZHMI^CuIu9HPs_Hc<|) z0S`1!J)BqwlaB$udsJupVC}6*jLQVhXZ0Nqj2tvHwZYaCU-|tk_x*+z(|C=2Mni*b z;K%*x2;M76dpoRs*(L_<*L5!ImtNmyn|JMLxWXgj%z=!AK$H%-@~)&k-IG>cH>(YL zI7^$g4T%bbk9(~TB}{9Ti~T-S9eKEYrBWY`Au405vBtRn=F+$y<|fMr+T^hC`B8Vj zs46V-=C4XsxLgs;lQ((p0>#`$6_;SZNnT?4mwguilqjFVj?(Yi656Vf)?NIi;3l_2OT={mjwubr#K}rzh#1;3;#2|V~ew+yzI zQneaMmM2cq0*F=*m>~`;3Xa4;i~-zyoZ$5wJ39@T5W_O|ZbEK&&lgH>jBr_W0%^qQ zw}P7fu$tZ#>uxS@yj!`QJ>uA3P zamI5mm!hF!Nh3#00-sQhjKKFJt@X2qmB2Es#jiUNuILVagH|{CxG&ZmW|c5ySdw}@ zAl=!$_m_;q-Az&Lk(wY6ZA@+InJg>+ z7qdlw>I#e>S^jDfuPTGS_h+r>1L&&I-2t(hK;mAD``C3gCyEXqj;8vEl}r?yRC-o> z6?-MjU~dDt(VM5Yx0^nW>cH>&n{q$3>xk)A)@CrqE(_oAN_)FEq3h(fu%$ckzPMPp zW=prEX{JzA4OWk(sehqK<3Bejr%p)9L+1 zwk?H&FnXvD{jLtg%VxmpW9p)NNC_^jlll}cw(m=PjGx&>seH#nk+aK}Upggr8H;(NTn}ur+H3>W;M$&;I zUWgId|F%Ti?QRV?XDq%b**cWOCLUj0v$mUhyrQO&OR5<9Q&W%s13LgHH+{SUNM0Pv zwzW2s9{DJZ)%k*D-^e5}3d%0^g}#pxf5WB>X0IS9svMXRo?5A%Yz%_+)$~G2N}4j7 z{86*}`TkJX`h|y(7y6QY4sK3m`_VHesUr!?~h4NnG0 zi_hx;R+a?pq`xlAx3_x3g7Z`nok1TuEIRqvCFRjw^T>so0y|{djpfKP)FQ@7J$URn zR&9f@k-#9kEiRUVXt7!;P56iyF8+4oj{v(Q?HY=&PVrJ&Vg=+>N#DTyzxA)7{2Pm!u$>KF|%6_eLiex2jo0AtFteQqX_4_LZUk$ynT_qt&vWOmB)08ko275!0_Y74>j_`1*Qp+% zzRAZx5Rb!=`~_Ts(t3dK06d(}e6+FIzDy_&inL(RkH;fprWyqxF#){gzf^tvy9D{?K_?KKwzoF>UAB?8KHPnr@l-KW5;AXMO+zBq zVMw3spRDSmyF0Vr?@X<3>F(o^npM5k9vXU&y8@q-S}aBr z=$S-X^VKZ)N}`>%$H})~2i4N_=05Z%G5ZHtA{*>$N550w|RWt%YEUOwUk9Zy#Q`>t)95-)59Yf z{Y+o=eR1^+>o4hK2U=zO$={#88@w+lKHSPSvA!++N~9Kil$bejL{4bqb)(8?sW7b3 ze}QI}RAOjL-$dQ2XmzkvSD$x*Tt23sniz{;1aVKiN(<`e1q{*?Q{Gw_KC?kTkiw&E{!WOZG3OWmW)cML zTgt+U-hdz!eIfY%ZnoTNzMcP!S^ok%54Zvl93GDD^$^bnOMbrbBZOOsf|%`BUK;@7 zG!UtW24Wh<&Yb)%ps<)4HWaj6k-)g$(xNa|#@StF@J+n9V){tWvvLI&&-lXD$r>nX zY28cCWuUIYsy}f_>_Na_6gYlFVg>!?_{_rNhxPs9-yOzoC{7k`Zt{$(IrO@JNE^$fgPak(vcE6hQAS}qRgXA8Um}rO6Pk|umtM?E%{6S-n==k!H zIJ?x0@Anh5a$HQ29CpIR+{HzzCcT?~h#EF_!#Dm2Wqn)_<6=>bnH<@AD~raHM(gMa zMN<7GNY9mFvB0sFZ`c}h=wmKyPf41_s{BK+a+Q&v&P2lnvP-&4;|^}#osMAiu!!z2 z_3;3Ncb;*gIa>K9cbKQ_^ZoHCT_~9X^g*oZP9l~T-vn@|f3X_(XbITei8%?F*8HE` z^6&o=ILef18Lq`XWQB3~1_AW9(Veg6spDkK(q85K()ozp@pM0{;^J#f*+hS*vDy&? zit#2gP8l8+i6OV{Q+v8`q3fJ9D(f|#?pfUY5mw9S*cTG7-psDawMVikm) zh+5nhv>qbvI_x8!eorJZ)*g;D*cS2S0{xmeNysElhFo1|F&6k_u@yE$J8F@REnv`p zh@^>?Pr6=xjSezfD|YS%{ZjMYUw`?X5S2$PMqFRBXX~f<%qlGcK#^y5V%sVocbZar z*n$!)#@E;|vEwj3qCG39CHj%kIx{$cPBkm)cIuRiL>D}#<0s`8f zj$Fu$6nLc)sB(x+@y%L>;ZF9+2PzMmvv+>$J9Ufc@Trg&FREUqs0cJtCgR5%X%LJD zG1;9oHqJg`Ln6Y$u@lL19zaVeNluc}oVtLtpl@)^0eQ$8M`!fN(QT;PSn+nbpr%ww zHZ%r;!7wHR)Qg5zq&(Mtlk?cqd`$x@x#y30HV^hy*lrGQe|PD+vhRD8_A*^paWnA8 zSdN~C9PvXl!GCKTo&?J$tdsCJtD2%-9{Kf$KkOL% zgnhZTESf&PCQ~)rtWZyJ3otwyLl7H#lpN!-**`Md+HpQRoc35V`EIru%2Niym!qkv z`J3sU_j?~dSJJuZt%dr%p%5YQP0oCPPyw&@epOHzT_JRnh!#eUiSXIR3dURRaAC= z!)K#cWb>1A>d;0d;Mpec<>cy9>Ck1YnI|p4%MZrt&d(kK2d+$z<2Z<5%~|BlJ?}=Y zmy5E;gY&EjL>m6`e=)2!@JZ$QiP7tWYGi}2toYbtKHN-wD_KqmwC>iQUZf%Qt-K0N zC>ZASX3uxV)oJI_qT&Za5|qZ`w?xF{Skt_>P3_n8gDUdOP(GcT`>;XaBz&d)83?M} zhmURWoRi8xyyd?>;0@XP5t{`WiRZ^prtd{K57AL4K9J^z=!+~Ko9RoZs!}Ny`?DtV zy#b{6-=ZQ36nW^_(JTmTwA?!H=%?OGb^%Of3_&o1N$ zVV8$6K7ZOV=}JinB&W)Lm=NPlm6XNR!Dbe_XzoGR#oorq!=NATJ1tNPC~7`*yz>PQ zNb$8y!}x?jZy(ISyJ8dMAEP^jUYFTl9_T!Dcw0vxXId&PuvWwnNf29Y-BzNAii;yl zspe8Akk9+=Ohn1k7$u?E9+cwmt;VFoK_zqk1MQ2i^|i;*P>t@=YC?O^UgtK|ZOF7z zNik^t8CP4MEOpJ!6P3PS;aT?)GVMTRbRkEq`>o&V*xK6GgcS1Q)nb%wDRZs&hQ%e* zE21I0)KP3>58q_*$mZNjN%V!t#4AWuRg5_ME?Qw$P>#42IX4l(;CJf(?6gJSMX%KI z`fYHv)V+k0AoomeCb^+t-Hxt}f~{%ZnSpE5tywH1{bNTWSE;E=uBr>QGbAj-)Pf3K zw+bA<;?+opHD__v5tOGMv}y_%m(2C+S3CcY;M>d`a_F0CFG@?(!u_=DMe_elJ$5rx zS+Q*_Eag~Jrl#iWx61bU_Gf)2zO(@27Yp1Fi{|j-@4THy+d^9I*^X>HmPYS8wcZxJ ze%dLbeWe<20{{&8%I0?Uy~Sugn}Jv7D}0xaB`dk2?Vq=;lA8RdO+|=|Z|hSh!mB96 z-S4KPh4y3_1GILRQ0lS8GO|DfWBSjO-X7K z%Bgx~W@cu%AwR#Z6hF5A>7i&Z7;3H&w91;yBUylT>qSU(MlWKo_AEc zoqY0Ik%iMlu49c{X@Raf|CF< zlfwI6<2QX3j}N6WQ`CqN@NJm=%Xpds%ZcI^-|mJiFd@| z2%oG3juC!D;A>WXQ?QkgRw*m+iP#~ZC^^N`s9dE~UrOrp68C&6Y%M#k2sN9pu_#Nb$Hn$oX-`4@L`Ly8Lm z4gb(b_t)xFoy;(MisBRRJ_7!xF+~1CZX#P9u7%VZ=Z}HM=&BmG`ZoKkY3olG(5S{Y zzW>Yi^xq-bZ^0=i+8(`={v-Xi*j6&~qyWx&haEn5_w`$FDVSZ|9qI;M3T=-HZS%Fy z=m8~^@f%G}R%<}Nlodmn|BJU=hGj}VRw4E=J2UrVM^FtDKMuMB0voLSko(%oHY-BR zJYT!y+ay8^)*TC7|AUebnpJ~;l(&UIOar!PD@ZS^(MDKdCG)SpoiZk?BO_WjTEjdq zBoLkul)pB6gYE97&&IEQ*_qz$J0XB&#cEXbm14wq{OISvyHTER;I8alc1WB{!!Pxi z{G|}8upa}?*9t8DQfN5AskJo>m6h<|9GFqRwrOwMRu*Ej^ws;DZeOkC-T;zTl-|2m z59)DsK@q+=twDO49i6Vib=}-1K3PbCbiZ2uR>-cN` z`fMea&SuC{LhW;g?Sq_SN{b3hCI3EY_g^vfsyLnJw}2`Oui`gH=28EC0#`x7Pr!Ye z>3Jb1bT_uI%{6;-@qaxOVecEg{@K@3aR9malC5&ZPdin_W}7<5>f<|}*JZp#!`JH& zq0cH=xuU%?O^{Irf4`|?YAVgintJH%Pv|PBfAH<7F^JYiz#4Ic08{Yz*~@G@eR0Sw zh7JE|b;xa;9>$BGU=H~A@$4X`}EN@mOuOl)IDReT3l{-Khe>&H_ zxV^&x#nx4Sw*n2Hw)#8lX9ygwXhy)y7Qt6X1bWa&t%)>@j=s~d*!(koOWMq*(>dIl zNbfFN&wUQ}jeLHIDg)G%b>OujI2VTB)AG>ILiQ7;C>DPAn+vWoX89sHqWo9=xwNL= zfRv7;hLpuPTA|olr)Q4@o_)KX$#n4T(Hr@g3t6%z-!#n5fs-|Ij~-k8gXZxJduhyL zpeFf#F`+;_*VXuPXNoO*Rqg%A5f|k0n3F6W?zco_Lf>X&h#aTXZtv71jxW(1Ya=PMi>=JFf-ogF=vSq);OC%k8e`eY(I9Ar@Hp5E zh#GkNH7gU^8S}sCY5wD2`y1Q!5RCebnlnA&Eb(OCrBh1c)xLKErG9ejyl#KqW76R2 zc-_-{7q;#Vp0Nt3U{mf6TW{LAQ;%>vh>*4RHz=%p>+&rmR_>H87v%Uq0XSpmaMqwT z^mn~Qq>`LkZkL&fV`~em!XYJAf3d8^Z@61MX|C2kIf}nA=?Lhn>ZitCYW<%W6Z&7o znCc5B*bQ$pe*lY327Ejc8H`A`t@gVS=pFJR zof8}$m5z8>D)sL%NZ`ebKVCh4N6rK%tWWcSN3F)gnAd;5d_lr|Cc$$3^8q%9SlW~{ z7M1Z2`mw!KU$`v)4|$=Pe2%!94abKjk**qYIos9!c6jUK&SpIHhUTIK3WWa&E|HQt z$mzbecfb=5j&qG#p+Mr((++$yf9Utk`A;)GlRuN+Z8dnFw(&rKutYclR+33y4<-Gz z*5>{lCS}iaX^7#n>~|co*4LT*b+Q)Q#6y4D-rs(Z8gn4$t$KKcqLB`wrpNfV-r)w9j!)`-A5${lI@9^L<%UWL+s+SLzZBL-CGfY! z%s)J4dUS_`^?xRB3#ba{sSe%p<*vK$G;#Np6LQ)raO2S%o4{+zZ+`=_V}$b4u^X@6 zMzHt?-9L(tCDY9UfGgNJD!cY~k^D34#M=I6!QBVSfyq@@M`PwkIrCR}pHDcD8rItX z{W*t;zAF&Gf05&M=qPw=Z|vFUT{GLf^E-l-y-r=JR(Xbh=dUXr6Mjv3t37#Z&y(-~ zH0Wk!Ok?@yHV?-zB^(i>%v!BIfZu%KK@t7o`|p(~mC%z1@%)RN*eA{cCoV_IdHx#O zHN6d9xDD4g5H>0Nw>sro<*Wp6I<%<=-?Q_>^^@LSprgGEYTWxDeiv-aCE#X+&&%jw zp5lG1d5iTY`HLyo@Q9JK*Xiro34|}le4Sb&)~CNX_jZ&|do=+$U zFAYC46tO+@g`NOQna?I%=*A@u^|rmkc?Moe@k%*Yow+-@$?3Ev6)uYlDUtUmpO< zGz=OV%Km@`7HRhKrP&!`&xZBaQJSusxhAfiyco52=XMv;#*9`#1wh_SEn?pHQySA3xp|!@UWk^IXY)Rqh8K1Y0%YI<>j@ z&+tP1>Tgb@ql}deYt4bz9iQ1aI^yOuJM&)3+4KtPZf7X^%Fpq=CR2;@drr8Au#R5&o*x^g$FFUVdSc%~0G4(RaQUfVLfd<1ricp{>*?vtL?MJbT z4*|xzWU5xJ)ccK53sgS>Z6douSPo#Y^j27qppp)3woi(q}Tt%kn3e4!HWSet+~p zRfc=zxm7xV`u!ERUIIi}d<uZ2)7vb%Fs2o5FKi~W4#Og1X^ zV5-!YvydVB+FexFcWX;4q1x zv__JARb^Z{OE}COhzUq-7-ZceobpV3mSb5kv>q7?3@Ig_APD;r8-;R@5mF5IXF8ta zue`0MJDczjcG%AH;zMPWh21cbFoNxt;U4-(e14`i*y+UMu7P=2B0X zG&q*Iiy@NG2Tx8&FTJaNCviG0Xm`GOet3G^+9Z72K_riF$RM}N=qh$%vz{99`@A>p zx*DqeX@pmjb+~sDb3k=MPwM>=xPPjn33Fux`^psvbk2EsAUBy%giB34)lMNo$9<|j z*oV@gw}Mcn=?n0NuWp7vQ5-UUJN!_rINOW(ZPd2 z*@Rqic^9{}^hrf&K|{NrGO=T70JPF?mM4nSqz-Bl{;!H>n|$4@WJ+0ytYe@$utSM~ zEJqw7!rs=9FinD6wT&4hk}0Rt9K~}3nL3lilS<7{cQ2g=3C-h4xTLEl!ob8i5@Ux$ zo*v!9=$yT{$TwneSIe+QQ-7)OM|8C^f6q#kLJ_%op~N$@PC3mOFl+QK9ST?i0Ahgf zj~d(fDR%G`L#`_Z)jvwiHZz!tS)TM@yb7;aV7k!SMHprOaYG>U#AR!RjUE~w1-#@_ zpP)?ZtWc&qMT@o(N5A7eo9kFRcdkPT8-sZmDiae-xSC2v=;58i0yj3Pd$tip4< zD{$n>>X~Al`pL&UNSy6ISndB_9n5e$EOFXK+qOaL887>~eST|~bXC03QB<^yYrADD6-3}yhTO3kM(KOC@- z`p<)*Rq);vYXvYA(m+3ErB-AYb+mP;@3mod!ODx(#I&5O1Us*l)T3Vp`=&R_e;;r> zw7;LVD-;}I;4ESnWUjW`j#K&2$HOdC2IRX&SQT>o|x+1n7!H-6c0n+@}E&-_F* z;D-R;5%3kGbeL{pU@Od%X5DfdFD$8VdO)DWp#AUPEt7v*$hyc25Dp{G*U~|i`O`J; zOKg+wpA)ZCa-CPKF@Xe*P2OL8H2S{~Ib&s;-V|dE0m0$Bjaza+Q5tayUy~=9@D%z= zvG|tbZmLzRuu$rzNH#DP(FP3e=K%8n`~j=im-})eO+9(bWK!z7N@Mbue+BWx{ zK4R49Up?lJF99Z1ajT`(Xa?g8yM$wMk=+e%8`)>zf{dNv)X1EwD_7A_`jFYiOhl0l zqvL8tWtHjfhp8b|=x9ein&5$Mtsvv(6O4+SX>G~`n>#%+a!{$a+gR+Gk!>;O)Q;!P z^`iny@%@RTG9~YQJMxKHhbC4vi==e?0+InQBK4@b)#d;LqXM69AZcyyk^8ct9&&cC zioVFZ4xUM_^UV${vk#S$e(VWa?Y*rmnV;?HFfK(CEHcGf#420&-cH8&M}C*Qjq^@u ze^FXe+@tzUKzDALto0n&F1k(~L{Ltc+C+Yg;4vg3)17LxjHrnBXpZX3@0$^u_ubZ z1=Ib*%zTtg14f+&8TAWH&h-iHN0%UDy>7*D04v(4Ram!1leOhG`4qg{d@wXKqw*)} zW!jh9WL!S-Y#f&#nE8TY!*()@_aHT{6&s`)s%)dV7Dqm>)L%t?f*+NckeSae7WA?z zmTcXMyR3Weim0~n(_A6pRX+-5VYs?em;3!$VC26yBZkFZS^(GZ$?#0+#3dkA<>+v; z&>3=qtL|I#j3lnMP(8HHvewbGw47xWSk(2CoPJrXtRw!ufm8^3=xhmxd{s|Sw6L-#F| zshJkv6|htI1Ru;fC+szRkJwqhV$9a`-8w>nk!s6`rJCLJKxjY*_8Ui4cdxT}x2fnp z!#-ha^~YHFON{)obZtZS&0V@Qr`oPH7coZ2; z&7_uSb;v9_X`!7fX7zFs{Khq3Fx&5^LO%DAaUm~OUke84D+m+?KZZC@{9!JuntBwm zTi{h$hH$-?;`quu?~$-mX{QfF_8!caky(Gy;4P1sZbO|4Hy7$IG6-s0>b&?0s;je7yBY3Lr|F_w=z?Bgr`M5Z zSf>q3iv0lyDWUlAkmp8~&_>8n!=VAs!P=&pn^{DXI_J*7yJwz#mIa_zhm6e%&TU2e zg7bRd=s|&E{r7`zr8>r^$qGT~VwYvZn|hWOpNczPB)@^6&%Ly!c{-dI;TzD7K06?~ zRCrqtV#r@iAx;&lu&~>yLM%ePH6gvQUV?LqEQidqDat~t-QnPY;M^z0h`kj|DvKdP zsp`krez!d;=sOU}_b$o#~`Q^843!?8={%>j2@^@LFJ{d);kj~9VtJ>QVyx>)AiyHe(=(|SjZ zQ?D0r?vFjzw;%Yl+(|Z}z>C}IQm?uDmtb$B%MOsWJ}1=oe-}FdJ@r(&%IVWK*$E`m ze9_{Ut@YvKYnHs%IBGd+L2lqR$|3fa`t=M@AXoUH7jmH)*aI_UkmA+o#4IkybdWp; ziwrtBbrr3UfJH$EU|%AR0VXazb^&Xr2Y@LdIinG9R&;OW^SRR+%@J=hdF$;!>A!TX#4lNZ5Y?Bp^j?7U0%`A(x&d$y5Em0FS0K3 z{;7QDjFi5$YEkyey15eUl~mW^-kQ}b390;al?k)53F5RXLOjm(t;eCN4sSmdE-qMq z84>x7JvNkv1l9K#HmH`?`P7?XXcivx?;j|wZd5-#-dWWZi`jdcX_me-AIf=|-~t5f z#k~z7oCxYkv9pvou)G_YVB}@ilb}BiVCWmfA=hzdG>#_W(SF;g-UYQsh*Ec-zD}p( zLhHgqE$F`0?3FO+s({{unlLA6F+P)d78|lQHcf6U+``MKr;8ngxl9rt6QF!pX_ik@ ztUyV-n9dcNDnHTMzczS;Ds_uT>Gpwim9HKgVUaG##j9}tfY1~^jNDsJZEZ*H?-T}B z*{H4NS2^HIl6b8OyJX@Kj0JT+SB5clrkB|X-VefGu7@vqZvQb|En^*v!rVeW6^E0P zVXErH)47Gtp8k7LRQKuf(A9OXXZV}Th`_3wQh)xV5B`h19wrJDl<;ci{`tzQ*&YWq zrJWxM~`I=ZqF!XidO&-~tdx2RXMIR@7E!xmlm3Eh+aU4!B%zQ{X) zL#sCz@6$fAeWb&Wny)-v_N2aMwpGEFNn|@0FGTXwDBZkgURsl#xj#4B?ftL>8I!#X zj0Q6+&G}5)`ei=~P)xlZUEwWK;O<4G@yZQ9jvFMEi*6JRg@Ou$!}bHt?~zxM&Lyo* zJ)%=jRg0MP~y>*_}cBlbd0GlRhEXJeo zNI1oEbyGG?44_OGSUsJuLK>Ic{MsL-n_;|?pcY`gtJ_a=OFUBT`p~wVR0bC)_I%@5 zqh1k42WG8W7KB-g7mtdKrOV&#*t1yI%=T}We)nO45;v)_Dc#p_GyuJy~p=dM4wMeJU&yvN2Fw>p;ltUK1x z_hD!;%(&4n&!RY%`f`@_!?D~h0-8ackf@{N_-%YB2rP^b_rkb+%>#jBWFDLA8DEfa zTygo5*-NUbNtrBoU2riOC5zld$6EBG-L1R0sm(z_4-BW>SKH?9q6x=Y)xV#4=}+C|m`Y3ZFN?>;gbyMA9NDgMKi-9=KfzXCK0E-t4&}P*L@r z9-5xAi#Cqk3a|X~Zv6mfp@!bnVAHNEUY|1NgpW6xo!v0i>w4j|y;%4%93uU)zUfgk zxgWhFy@b; z;W%CCXDI$#a1z8+Y}VEP_C!kK-I~>l3HD9;jo}8)W9KQDo!6$GIKZwkkIm1qYf`^OzX|E-HCZTvOP(A(m>fXc836nbYk25jbiD6j+v%j*v{83_?!s;3W>_9nn8)nW|~s84^KdJP%%3MW!- zTE06Pn0_NGRS_b1JTcApKJx3Ent=7|<;a@IN4L!|(#MhC_bfEZgMObpn<)t=`V^WyLo}t78y<0A`&A;=!ZkUntyft zV5)Z;_h!7Sarximo3N11XFPhhlKVr6!*1nK9NMn%%l7iv-MgKAGWSzSN}`*(_geYJ za4tiZdpz*s4s3$=Ps$P}E}jUU$&j!V9-9l&bk@mfxU-`flSVK~IJDmW^2-2F)dV_A z{wU(@pl9-rg9FvAAhHxx8Oj-AMvYm)N580!6qoORl! zI&Sr`ftiqk5Am%R7y@fBg;D3rW%RdoER&BuzujD3j}*xhkFDe&2{p=B4WrT){V4i+ z*ZXu!Ql+;e{T6MPkJZr&V&(vJ-nzR*>U$_(<8Y}{+umile$Jt!TsE*H!Crlc4>gVm z>p>Rrz`ghtLCr-XVkl5kd%oJ#en|zH6Ve*L1!6T-W)=7rn;Fc*_0% zKllB64!jN>whvw?jeJl-*%sERX-3Gwt4%5wi(pGN-$dNudaO`aJ39*9-%iWflP=W) zH#%@Gxnz(9ZD1(_@(A^?*ypMX2Tz_!tpU7No8R`|dp-aTsdkOLR-@H(HdcbIBVb^1 z72iue2Oq_I&1V?JU2-P@;rmH3%P&)6r{m5NKzyYcWjgQ+sv@iFUJnxR)^lB6;&AuC z(1FeyL@-ZsX&;S5gF@_P7=}V$$c@@z6Eujlh%b_Y7us0|5&n}N1Gjg2s5m=7O>O~) zC%acyF000-vAwv99i3*_$OAjmp><`W-1-&iOEoN4QJ5}SLT9ta zJ*x$$e+yG0$u%Elbi53#ACr7@lYewmRuT~Wt^X&%Zy-? zfDy102nV{^=Jo3V){S%+#CA%upy8m;PYT|!YRc;AT-u{wHc)gjlMWXfUT2(APp%*X z(jUE);H86bt!@xAw=L=Bv*n@buzQFIA_vCv*d7m%C%TdR%)H|KT-2>Y-}?3j{EiMF zg_`i8P$~(NzR*SRnxRqt+av3?(Aj$)ZWgTf%K;Y$N$V}pGcSW-_(nHPlCA8enxq}F8|M-H5l=kMr(HM1E9H*@nmrI>+NE& z^i9p+FuS3pKzMZ*D7$X`y{+Eo4vmHLXl=qs4)w*l>D@^ioiaDQk|s_{`}iw1I-2Kn zsUoM3anNseO;TIGUJzSX{ z9Y8mS8(S{QgpPlO*)p{Czf>YBb>OSNQ+wvCjzXzdgAHJs-WzO)QK{sf|IXR6wc%=h zIZjjAKyCt?im;#k`-Y zdX-F;+F14;**)?MsIbvxwkfuGB7;h75{48W61<0&{4z-j$h}@ueE1uv_Z}m$+vocE z`u)+GGg+@Szle@?oc@jZl|O@*tnURI8r%plSCy#9`FOMc_JN2P zzGOP%6iPMLzDg#dvGhfgyUC1p>Uu$gluz=i>fZ2VfVGx;1?2{#i6bd$VP z<_(E|xlgvvpts*;-d8}ZAY^oxw2bkx2f;J8;iWZuN7eq=h^D3&d{Uc#zHKZ!M|I(N zHi^~=Z!B0aRgjgq*oJ6`+mFTcG4q{KuGIU_9GYW<6H^7_j>5RA^KBM}gMss-240=P zaa+x;8eT3&B0z`Bce}qog`sK3dI$fSr~QEB2fvlblCc|O+L+j9@M2Ut0DAFk5dhMC zTg!2sLnTR@u3lkMeu0f(p8GxQVp!ORNx|<(y1KK<%8V;B5Jy0r_NYga$)>^GST(bA zzFJdjvzvuW>~!2x#xMDyTT4VIoD$v-sas~3cu1VFYxIeWbs~oN``N;tw5H97*?!Tt zZK-BdB)8(77i;DWveYmojBs3{{n1PgRSY1Sx@BhcSOau~H}Z`pi&GxFs!LR?99L5) zb?%1^tT8Q|R~l-Q+gWsBP~4jvlciaG3t!&D4Jt|t_>KrCLY~i<#Z|IxM)a|8RVRej z9vB=7*}2e&k+uwB!e266JWHLlP>)q#D%9yby$R3Ddz$UlViDrC zSaDG!?V(~e+hq62lckinPGJ+>)Lb;^q*K`$_*SCIimf;CyMKiOZrgTgnNh#iF}Rk4 z=jEg7T8j(r_BjIONP4C!bZAv!g2*&_Y8!TTFXZvoq<}FvZfF@wPZq<*GRPIvWVg`v zlZMn#AoJtPv&Z+Zknw-AT6*sbKAwB;%>MW4*VW*}zC)Hv2=aJ2*#_eTpF;MwV!wH0 zFB_DwUPP=>yCcNwt|aX?w_7}uydm>3V$~g}{SMxT2m3Y2?32Evwx>qSdG~3Bx}udA zJER$0>!oiiOO6(yR|0f^3oYnQlN2Azmg>@0UCG(wRkB(vN%+ED)+kZ6uTC0lj@SIN zurqILqg*Rk6(T7NW!|9lm7;$i#8Y2o%iTSS8yhm{_W@m6728((sZSJH{`*(CaO(=g zy*;CpMd(*Q8;*w0lldJR!6s8~5LQ=7>)co_y|?SbdE?3jznbzJz+)Mv zJZOL)E=($`#?c^>+*CJ1Y9f@loR8(%iN@$vu>Y_gl+ z>SmCPC#sN8Gg%t&>&sdxp_j!D7r9B+!CiapZh#gb7K;L%p3SL3m35z=FN(#Xkp&YKYCvN!y#xSx zgQiwt*p1r$;x)jUZh|2ytYH3rX&Qe2FZ-yiCa{kt0{iFy(Q5(0_ldH}LDykkx6#-`w6xE1#m$)<{zfy;h@Jt7CPz2Z2W@6Tg$3_ zEVmJ!ZdH<`BSl0A5q9kn)I^IZe0Sx}!9WwQ2X!V|=QoM$v~)@n?hdOCPE%g}7wv(t z3SUg=b<18il>zru4>-?YF<_$`HKEP~H-FlT)tYDzGUMMjz>W98x7e(=PBkZO4A{ ze+y^0|z z4Q`N0qNr>i6kqb8(F4G_*rV-m`wh!AjWBSP7R-A=Ezaw(hJfGSr@<{S`t?pCd&yF^ zM?)lt5IfW4igL9Omri5MgI{xH_|u<9I_%PePzb9P|z{Og9kDR@% z59oC#Dd5^7KsjCnZqI~rzs~A$Yj$` z&Z&pic%#$>JNX*0y4^)e9+yoXB+4k}gkw#=M?M*>u%z?6aW{;q`{shm&tP_?*rG^? zxt9rQcOQ^Ii)e7YHZ_aXQx6v$8@dV`IquBRF&uYvM=iyB;HU9n4Sp4AzQ+vm${-lG z$$Lo-@9oZUe_N;Ghw0k^?xZPabv-W`P{IhdXv&8sxjwQ0`_D6{O7__^v5X$O-O|kP z7!z_C%?~rA^;!w0x7`E3svoz@S?^Q;vqTh5|FI?an|8|>1&~-^cJc}g^3s=*U>F)e z*f<-pa(4u!b1;}42w{efb|IESbum)jhzGtyGE>L7A0^hbYZuICs%`7taIv)V$yTkJ z3Z&HS)Epqw8-kUv=ur?O3ymG1!G|vrOive#FDz!NE_Y?k)EJ7`O(uyIhnaNDo-x@u z6K#V+s6zXKEQ^o#Q19%gDxe=;)~(#`w2N>R;E{0K_#Blg)ys-njgnnTnNjKSypLz# zi#k3Sr7Cmz(UpXoYn#h~ER&DwOjBG~9!lR}5EkSEPDAU+He0Fr_|G7s+c5dnN|nXNcMhVgSJb@ysHT6Ms5 zrj7a6X!P|ueRMM$?OIy~n&A{jnPxXKY$0*LkBleptNtXD#eeJDcR0;OMOeK?6;W#F z%$h3ZqJAZum!Ch5#0s1AIBr#Uoho&XGZ@{%03qpw2Qid-cZulm<+~)WWFj$oQ58Yd zx$`)%?80ekmOFsQ>_@N`VFeUbc$B)|o` zE*DA&T;;iLz(HZi33yQR(8b1I`QW zia#g+1A#evHq`qCCsgI!xJlfDN%fIEI0B~d0JytJP*$;9(Z6IE&rg0M);NHCz!~KZMOahOmVUX+s?Z)RpFta2Viy2Kr&pleSDo=N~ z*xbfj8RIx!q#1?W}*Au_^*Ac((=__05 zN`>s0IM+>{-h*11;SJZBz6Oue(_@4^jDqvbGD+Zf*OK`jp8ml&=xCJu8B1Rj9E0=v zA}>)g<*9)kYJdvf^zMI!$>#@10;G2^$jds>3msN3Dy>(-%ba#~hlT=keoFP}#Z6w@ zJ?;}lFrIxQ6E6sc!AJ(BWc!&WS-#pG&z+WN0va*aG&?z@{KwwS@=S+g7@}LN;1gZn zzM@&>)9ZYOR&klBE2Q;Fkd_PS_MPB!2GbrZXY`Cj>c~yO$0_5iFqn&H4Y-PvIKR-& z0+f@lcgc_$1Ae}rsrJX&Rc;QTQCbYHdOTfcW^?(V>mShx>?MmW0Y(?)OYaV(2W$^g zRz0w=4|Sxq@t^@$#Ky{zo>?);?YHI2U$Xp4#Bq23TPZr!#nE1{*ZQ@Ba;eRzS?8qy zN62-MKMH;*Q#h6{13TywZDK?hVf)a8Eld&HoDl`+n$7+YIbvdI17B{l#65r< z&GU@w6CRpH{1wdUcJ z6~{-z&LIHRqqN|PTm%eG=ctnj&(#h?!kTQndX1^CMxfzA&XWQ&&2oi z9-q6JNG3;n^JQRuZ<&Gt(MZLYKs54|CJ>Dj>ULvr+oArYM5`=WI(*iWws!&rRW6Q_ z{WSG<)S^FKJ>h8p=&Ru`^)p4z2%qF?n*p}5&nj95eh&Cp-ckaEecwcJ5I8e+0R>-2 zK=C5A`}w#|5N!KCi#OaOE-i>b<@6q@ResSns>`IGT6GH96GjZv_s0^_elOYWdVu3~(ZLnhg-2hWZdMm-)19ATi{l zjRj**mq`t8*p^!H;Q|B5YY*mSkt@7b=Ylc^A{GaZ*}Q<1rRiOFLv6O_^%J|v8WC=HF=9R(fmfClVsCEFO?0vilD>?+y;#;d$ws!a<$)iaG)u-y)rAS0l|>b`gpIFQzY?LH+=+y#G9&yOM#4+1C`B}9)T_hCfo z2)81{s=K-51J?Bx_kL1?gi2%UfnsSd-9|uw0v_J{}c@VJz4!4cilv(o{7d12d zRAr9vQ6*tWz`bHI5*$;&6|RMmsZ;wb^&d`=Nn;B=(=r&o;er<GDLCQ zzKnFo9sy;l%{9sb7FW~JthQDHO!6r|Dr`}W|1$u9h5`d{%~Y z#(k{9Qpv#!AcZ>-SY)E{$eaAf35VvjyV;lx((y_{arYtxN2kOw>W9GsOFA?F zQ3?N?dc0NttzC*d`9T9_sL|fKSK^clqPdiWJDdw-STH^YgAPIzP&w9w_65|>%m1T~ zdhr@X%vqo-ToH9NVa`C^8(-e2D~-~JS~}QWk5|m=)+{PZmn;0K8;^@EM4Pn9moKFm z`C~~4*jn6Th3*O{sUeShxN3J90i{oaDpymoXEoq)hL8 zap@^(^XaE}9r6Y`TzdZ104UjGca;NiJml}xk!$2;;9rV@VFXCVOl|Jkd6RK%+8*tpy?qruKP@cH0=fw*G_=<5sxQ) zX70gJ1$g^X=c!{5js(B2U7_AryU(&L=-;-3)vnE{ERkoP+w?Q#=o?_2n7g%2 z`L5nX$L@Wj!|&YX*H?EJT1sjOJ}A4V=w+GYo;mckz1IJPPQgfPAv7Dgz$5f^VSU2% zsn(ORd-MUL88Pw(J`9`bja$q?G&k98(G{QMKE!o@TH>*}0Ovre0jMdtGYuy-NuW~f z-Ax(O3{)l!BL}apP&C1;=aX_`HTxdCbK#x-L03%AO|3u(I9~>3p1lKyI%W6L4SMqf zt@Xp4;|EVUC60RD1+LxBPA$9zKj~DWUG1_f;zb2;3K&uka*+b}381|srDkNXp|hQj zqZPBB`TPWlKJ(cK@BL8qpO5MONZ_cctKy+8T>f1~NlV9$S@Fr@}g^oxTG@;L1Ve9lb zZY9o{{3mzh{;~)@rn>Oe#-e@W9?)LC=X$*DhUnWfVem?#1jO{*Y5%{P-J76Y>`}V8 z5J4<|Zhr$X{QggXK2Ll_oRl(x45-E>bXO7>WNn>w7hmLdVyWzapG` zvG#efv-g8w44{>O3ce`1o^Q~MrYWU>rn?T?@YfX^ufCk7r!TtXVZ>@cmdHQBR%pU~ zWjYXT#IJLgB#FoV{X6d^KUUoE0+AMN1)q9#SL z9AFd4|Ac)bms8KkkiBP+y?6m9Z;bQs6vfc8gxMyAndih|4wmm49BVfvE#G4Wc!?hV z^?TgAc8bdLdCsbbi`Yc)k~e3X&*)b4fjrP={cXzwpoaW9O5(mydDk9d1Ogoxg;Oki z4_t6)_9Yp4H-hTAiiv&2(q`n{;@jGKzzI)6VF{)v*cugCu!pLAu%99Ik5QLP<-4&3 z2cwAcN+KQQINoT;N^vxBs;2}MXU!-KTPTc3)%k424*0&~2FMZ}oq$)N-w^9pyyjne z)Udysc82mdCrr1l&{+s=MbZiQl&`gj?Nvs7!0fL>N+DzP{}0NO!@p9V;=4+g1x9#A zl;iKBm#eK`iVSrIgie-03tuFHyyN&VZU&I<|MNlU+m}B%ogb^m;;;1l>bU3g0*sC$ zsw3i8Otp-dT1rCGnEksZ&^Z-}ifVo50|!#bQ9Ow3{p786`|a0YM}LzMwG7x=u$Jb?WSursBGg4=T`n@?YQ*(7GrqhCeofZyzqx$ z<~I{53UN845-;mj&~GeDkCOo{)I6ZU{qd;ILds**;5`kfjpCPqIe3yrc(E=Ac?Nt@ z%=6H~)62)`eO2G#n(vuk4Ei9>3}>uIwk4$&~j0s)=VWI?B+kn96k}NwRqdV zex|>fh0PZM0ex^K!ft0S*CSzk3AjlkA!rvH$RHu1eAAw+&Y_+8`$eDSsfM z?+@R-S@^k&9JM0bw30df@KYP`7z8>&NCZRUkAIY8CE#<1g7**7C$eS!?`a)6baR%A zPfMXZx67u2g10->xIO_+f(O44HwRZ-7j6l#GOm)J+%1qFB|xyRQ~$LOK+ zGr4W7WX>++U+s6kDkTrA%_o!sw!**p?tl0OasPirSmer`0@dADRhw_Pt|~h(j}hBm z;VeD#Tg&Sey8j!F#n`=n;aHHl)1Gv1bO!TBSD6w_8{N)wOUNfxPl$1PasTZXe?0dK zc4br-`emTY&FGxu3ADpuuF7I*Y^&}ht9b*&c(i!1<(s*6-R*ELnU7r0*Mf3musV&leg{iGVHS3I7Xxe18*P?#SCtu8ymK54R(IVER)O!AJzv8L0PG|puT6hv4MD*#j`)|*- zr0dg6($s*QWC}LPud+V1eW+?rt>$yFmcakVmxKIqT9^$O9!$lT*IFeGE*7=0pj#Dv zbf3`D0Ae8F#OZy4p8L9z1z3(ey=&Z#y>_kZDE`s#2AEm!&jR$>f2?FbKvK#F{!M%X zaM^r0@i{G{7bp3Yn2c;v4S^%#5U?6FL%f1aD_GhyjuXALU$y1&r@Cr|eFY^Z-%aG3r* z5!03w@!Gu?OZ7c_X$WllUh^3c-MJ4ym@v3Dl#TU73%E!EN91#uRxk=?ml79+k!YaF z#zqe}jA1Pm&@1`J^4CAUIN$#Fg9tb=J;xR~s0b1Nu~Kx}#I7FKzE=|m*>?8YQm8As0kYFS zfm{iF#K;!!Pp;$^-^Ac3n&Pls-K-ZZUW^`Z09V}6Oe_3CzWF}Ac4M@@anfbZXt3sy zDNV7Y!EO6q!@DOz#LXlD*`wW~!89wIp|&4o@QQ{jz@z;}QUj01{))NKBsaZK{p);k zk-5FORKbP!Cz}kg7~odKscS$&pGm%?6k=bseeo4?C30>zN(2K-vZ%L%5NM`SzX&sA zk8FQeC!E!^2X1V>ZeKz%-Du!^bFjQO=in+D64zN#i}_k0$;+E?t=s&(>w!9HT+4p2 zWCF-Dn|@m_6!00* zB5~3zdWxxiykDUTj;;{3JLIA|k}}}ot^X{f(mB)QY!kNOtO_Y}$BIDBk34iL+Qz9j z2cD~l=b}?KgN`l?>-^$*IBZypU?YK)y}eGQqi26MC1VPCd7oCm{)ZXSBBUPICSLOU zwdmQ|(AEd4l0O$F)Sj%ucVI@3KEf2j_aE@xV320+NFqI%Y61a+UOXJ|t4O8n5*cAK z44=Y^>sdF+jGtWTOHoOEis%5oH=%`I>a}cR(YnX z@LuA$RS%WVd+D)97k}_AR1wh?Z|u>jrF!FDuVN@SHb(;layRvrJY4tt4g+M~{NfY9 zy}mhUK_gooB2n;sp~}ECfRq zQvEJkk}!Q0>bd#57z>&KR_Q>&1)nWx-8EF8V1lVdlE4rcZsln=pFSAAN(o{4o_4g06h+pO5fZzjNY1 zu3c+*4JC~PQZY;s^DFC}Ta2JQl-46-03C13mnF+SCsv?D4_>!LFZTSb)w9`-+Xnt* z$$z1Vj1>HPng{?cszyiLoKThq$Uw}374^(x@ItTY04wq^THllLi6%NvC)^%UnEnzv){PG;k zNzSRWN6qB)Co`az79x1E@HI>kjrW-KtF{8IFRuy|zMT*mtzL{4q8;u-88NR@4Gn>8 z=LuJUd6-j-J>jQ;u)3bb(9E?%ss4g;)!y*kL^SYzY zd&BAOHytlQzoCZT?gE4k>QSA?Y3UbEXeImk{Jr|D_qELDe3~2_0Ja2auw6;?eb9FB zm(UX3TAee+Cuu^uPu{#$68P1sxv{~Wiu(^nz=;W-pU#`O4$fj0iji?MD)B}ni3L~^5XVOn&@KH93X89zxzDr;NCA_inVu1+5w>z$PiG_zwLh6zk8^c)3vjU-e{^g zz+|GrVm{5YiFK*xvh){*^%#_L?K2x_|2HwE;y)**c&BL+>a7;s(0#v8b%#Ih3Uu|l zD*>8z#4v6GNKam3zuNE_pxxpE(5Xa={*nF1+i!OtXR~lt%_EvY(RipD|KL_IF zgUJx~f90h}9rVk6xZVleR=!9fv+sMdkw;AHsU-{F%O80KPpFuf`??~Xmyd?cz*c0W zsioEYi>eJ>UZ^}0S$%t5XwqXP;9-WZPI86EIw(76#JtkBebY&&uJ2rj&}Bxd_H{QI z%L{~$4;#N)F0jq0bFRQeG*}|1%F2gz*BCYu^YnE%5%(#=nhh_hKRZf)ujyU5`LmW* zsz)Zkp)u9R#}b$YvBE$ej?VtR3sWyb-CABS_mV@Bx!L*d-*Ubl&s_+hHxZmmO3N^?k-Cg4F*rUi@AC*Sj_mqcS&MVN4MH8`Q#$(GHCh5+@>wR0>egKyT)Bj;979o z6v(g*KC7MO7NOx0a`Pvjn%v&%83`@MpI)%GOMpnwkQi1hC|52S4So?FZZov^hUn1w zJiglMLyunV5B29SPlzXr_wZs;6QZgfO8r%K-9P)Rha)cMClyj5O12D_Sk!=tNIqT~2 z^=Q}>vU<}+gXdVr)BIG9M$FN6@Wpq3rq|cY>C(zwD=je&)A%U-VARdk75mOs>s-Cw zap+V=#;x>07Fmd(;P=bN_#{$_Cr(eW_0I>*ge@p;t!4&4=^TtaT!so4duQ|SNN!m* z>HZMd%d})zE}pc&nOBV;|A0Gxg;id*G}}YilDibn^@N9o#?^}!^Lg-tBI4~E$@%g< znPKgQybvsND}9?`Tc079PoK`+5y5UnTvcU3VIXS9pVk*n&Sw!R)EJoXOy*wFr+atd zT72_FSYlQ}sUTHyqDCC9o&Wxu84;@dee82(@N$m9yG0-^q|2{5JW*yihdZ^)UVoP# z>5~a*`O|BSXy71%VliN7dMTS>YvVkG#dELpF%In1_2}Mzt&HRj=qBe`!wD+Y#1w6qbXZkTZ0`H zs|e*AK2Z@%i}HFPpfq~pTU?ttXi{jdqE>HbvDV&v-*tsx$tQ{+)~7}&A3m@Qkv!64UAE2|T6=#5JyY|a>N--ZTY+ZMn@C_???_5S3Tj$_~I-fCZ z_Un{s3|2Gnv1NGDP<@^^b*MP3%#C~a&~fJt z&kb*r$D%|e+NYx;a%>nQI&;YnC!MMG=AmWAc6A(Sgg>HcesW8j##@prN%>341N$)j zy+eCga;PRw0v_Fq(P~F*RSiFwK{kHqM~O zuP@x!t{hVG9biG}!-#;32H&kP>==P5b9R}`47%nID zO#@rE*#WHSs=YJ&)P+{z20Z>Hle6z{hrl0a6Gb($q*6=>(DL&}Ea$O}cM!zTtoomuOWRp_7z|vZXk-yEU`}mDl^VAnn9e;* z+1`hA^Hz5Z=c$qBfyKZ3PJ|@eQa6La>>6a+_q$GG!i(pYNPL<{v<9*;#4q%+#{K*! zKl08&r@eMQFe=)4?lf`eiTZ&WFh6_5I9sFT_8A9DuB(yT9hFxDIH{A?_Nii16W zi5VpxLIh2`My=2qjnQ@e>96Nl84UCoAVO?93}*b4ZG!^z$hxidi1J0qC?|8Qj_j-OTJPh9PFc}l#aqRj8b=Ewjw$oSaT)2u3F|IVk-m|HPAY`UJTEiGWUp{;3_SVpMIoOA3EJmS~ zk^a!@Nyxa;>EiA%EA@}o6E$Y9Vk_@kFrgl(zv7S@Sr!SBl=LBzBs-@U$pg=M7DDzK zTJ_K(9&U}&HXga63V%1t|1k#A*lF*5_qPetBp5?2VJ*@)>uFEXq z!`JP`%jE0;paXO@J=pJg)NtApf0OU;X<<+^vuw$|G2=Il9X`@|E~<|ghR*G75TBY9 zRQts9h%%~{@%4af2i#ey8p5Z|8a!FwosHnrceP<6n)G-jVu!!xhne$Td{(%dZ&s5n z7mf)Y72y$zrB0icmq+Szb)%Lhwui0P1E4;-rqXS)3PZ-v-#IvJ?W=cp4L=lc)wve@ijZsKSOez-Q*n!rlKUU5;*#$Uco+6gv*kz% z^;BK-{8)J|svFWKu~}1_;$92v7qz61VYC*mcSey=^t+2pOvBbV z2j>~?{Kg8f(t>SugH6X2+X&BdN|VaeiN!lBt})A%QjT+Fm9;w&-|iGV_H_7OR4h`J z`BB*BA=?vr2h2XB^v&|e=b6{N3mbW7Py0T-(6BpnSqu)L%+o9_*!H`>(-Pyon7DSw9pRw4vRKo^$?}{Cf%6s@%&Uy{%On8$6NYeZ~y(qax&z6lVxwsKN+RN ztVVM0y{-*shz_RMYsNQ2o1wWYf8hMF-k^J>&sKu9Hr?xzWxT>IXf~I?k`HM*__}7PO`YU!#O5fEWzEwSvdPBj z+MOS-opzNn?^;7E9`H_9l~jaAsjiMTGqeK=NSLSNTriYPyceS{ck#!P;pfs1gJy7I zK7_Mkbgw#f^r79c9tzHm3O+lg(wt!7wfi$)1iY6j(qWOnr1TOnrPsqW!|Bi&w@BPggfdcj4YlC($Df2ILKE4;+Xn zuH?lGn5}6fZ5zxJwLREq%4?}9p|&ZN6MR`P#azpFtHDK7VEP?S&=mO3qx0#zI(Ty+ zQ6f~5r8OQtWQ#>+AFsF?e2?8=se-G*!($%lcgN?QdM~mV#2n(vFT!-`klw;_J7MxG z4({{Ot0Hsaga1xi{L9AEyvZ4vk+P|tk_n#4|As{Gyh`!de+!ZXZ8pq$y_cqW1j>ZI z1;qw8J)vs^H#!ku!j2WA9D{Kkv@aACqC7WiR& z!;?R|UW_-4NI-_8tUuJnEC#SDFCI1(F3ncCK9lOO`ci30)6$eZZ!w0QS!=qkt95;aE5c*{#%Tp9 z%XgqLioI`mqYGO{7p7Aa$|T?Q$rnqyq$HS4gL1}}^{-yJr&m=VdAQa32GK-t-MpBv zFL$CAnVmXr!(b2&^~mvT*xmYo(sHd(I=D2!;8rZTeXduovF1AG;!Ruz56b>i9wmx# zPV0dmDKlrcREwUg){Q|Vwe6gj*9;qEz zNrmTspLN7MQ>KzFGdVvZ1`|)RFqcGJ7c~jk$a(X;;ZIH5_Q3fvS8@o!;IxdgE;|`_ zpbw~aZj5u)Gcs*RC{9D@Xo6;FF-g8DhHClaP+H5x5bM6;@_hq_yM7u*8yOl*OSo(- zGWt4afH-WkD_2^thZz)+z!OJ9jwaUjF#pk@p>Z`i^ z3>UgxE)1~3!cfUJA{xqZx`8;_I$tB9|Cbr`Ty#uOQPJX5M&zl-din=Q`K ziCQlnk}MA3{g_s&N}7-}%)BHB?69{HUyh8;3O_GloG3TyZERnG>zyj%M*YM^M8O8q zo@?jP&(0-~M2mD^;cM#7@tpCsDc9{hS2h>UebkWc!?ZS@A2hi$3aV0UAMkX^7il@cW?9Wn7^o5w6-2dv9Q7SDQka6V|P1(A_-cC1v z+~nlr!#r;i0msh(_Huk3G@fNUY;117ps?58sU&wU71bormU=wj#QW?ASneWR#HOlc z;O2)j-?W~u3E?XVH{TS#yGeBJvzpN>U@G>C7m5=~xn6y+)^gRzXlVt(|Jhi4qbX6|ux{J@RD5aVYlr z&ZLU67Cqbj&8_&rs+?25D@TD5T|&C}HP=F3)@36EI^S&|v7QMP^xx`Vb}ks{Z}V0sIfBl*XyzP=jjG0I96am+3i|ut^Yf*OHQ+ zebc$Z!kS4+MrTjVx<>C-{i;?s!?oCe^;Ytwby=3Pw_drNHYe=$?G!?ZI|n6ea<~^t z|AB6QTTS}_eC;M~PDP7u&t0CCbFe|wzd4Cur9Y#E(f$`lE?J{PKE5ZvYfdUVkp!uuD285xH;Mb_oF~*QF=B zls$8-X{cKsReWV7H$T$*c zlF*5Ua-B3gYy?=#w2F{13{CND+@J3LO=IJ~*2cT3k3UoBa2^bpN^Gml&h^pZBWWa0 zxA08R-IJXCMrajrS6exs3|{Ffv_Ixrk=cbGN=saEu2bO-_ueMOH^rf-sdyOHmqvD}+Kp}(@F1rv zMhYCOy1On;G48LKgs{vN8RtJ954>wlxp%Za@uQ8tJFD9WYmJ`Y=+#?lq}3@^-biT> zu!#l3G>bWs?nzT!z4D%OYX_p1b!?D2j{FMUHh=9!6D0>1nb>QeBG)$TkSm@k-}C>k zANAjBKE+$ULaLuL-?8A}q5cg7CGVZC+Z$^Ul9DA9IDLlJhum^ZCkzl$*n&K#$ zj&7{O3+!jo?LK0FMXcg83om#|_=cJeErn3lbw9r|+#{6Hj=dO`A4f<;NW3em5S~|~ zS6ODX&yabk&*qOv;Nwntc`Y2L3zlXToC#GKxw8&5ZlX>#CMp`=>7RCpvqTJc=)!c_tb?}$-(mPX@COZCi##UBTvfACJ+w!8CwiqxIygkz6^m(kksOedD#w z;*rMTdZYZV{AE@4dfPn!pHc^!R6Mtis5UuKi)sI_cTws502vzyk1;xsNZTU zWN@dvfPOltI}ufM4{7L>*042onb`6EfpG2>LWCH6gL85;3n^Wbm*nk0_uALi#{B>! zWl};r4%=>js+ZL=q3u|RamFiP3ooFSszr|+h9w77ZC-5`UGmu-=efUe0m4$RG-P#j zt&1FlYCC}Lp7n&Kn!%dV0ycZS&0RlvPN%*l`Vd#10{<#kEh}jX~eRi>prh4`9sZjOOA4EpKX1_kLgH0`)y z%WKOk0Q;>eSTWzb#Y!fzh!bz?lw#!gX_5b~n(=u^*Ewy9fpF`GJ%+JuK8aL5b~D9^KD%a!pC*q-!5q z6>|@0=Pee?w(q%%It=ZX>iL7OD7x4i8W@sRp6tvM$`=V@Jl@4k6VHAOt%ndMr+cqX z>sj33$}hY=$~UeX0~WAvn{$l}`rp3BzwdBwTsobV01>lE40Vx2xX})z@M|h<%jv27 zl-&r)nEitSSL=I*IjQ~Cy!V3sM|YU8ec$2xTu34vf>E`L@jgZLu+u|q0fi2)mTH-9 zQRzh@2cPMIwqrqvjEC|2uUT0?{ugEM8P(+4b&YNj#j+I<5h+qcKtW)GG=TsLf{1|h zPNYlkB?N+qQU#>gjU8^kLzOE%*N(@BbZrs8mo(a53J~cK*F> zQ@%SPl#%W`&%Hc0*|AW*A2QOeXa&b-Ab%M*9gE9j$`*o~4<@Gl-{n`o+RvizHR5*6 zH|1dShFebuyj-uw4h4RAL2e9@Z?9O%&boP?FG3*tuhIU3IetQP!~I8)dEFYjk_*z7 z`E|mcnS2S;OyX(!b zdbJsTakkmr`nQfoM1!j2tLDSKx>_H$gU3#Jzq+~2>U!DnbZ7n^u@~p_e`tZarDhjlQH31u1wSuRLWxCQ3P~tUd_=ipyxiX&e64)#j z>tB*X%z8bzYc|8f@t6C@KPN=~!AbfhZAuzw@a(+t~z#mI-Q zk%_}B_qKO7I4$I0Y@`-hU)etGD*?zO2s{RKaOjFdMh5TaZ6c7$%>mKAX<|NwTl({n z=p<>n62)C2$fEBydtx!?Ek&>4vNZUS~ovX}i5ypG<%+)Z4ss{gcwq@C6 zUK6t)Ejo{W14<;x|9B{VYhXuFYT&dP$AsJ5%~j9?ZP6G5_3hvoUT@XDQ=}(-?I7jt zAPp55Oh%*Z=&V|m2H$H!4`{r|0jF3Aeu)lNvTV%S!I8TXI!qm>wDJz*ED|F*43Y7d_&qUuyR?n*KSKd5TSvGTWruIq-Rr`ZsD}jz5isFJ2djMe<%Qv#ZUrM3SEK>D_aI)e8(ZD5ElEPr&AKfzm5C>gTdOtfoUQ zxi3cfbg$Rr%QX~Q=qEQ)0O%YbEzIt{iUFzT}e zhNQsx=@{#djCxq0E#gdxkc{lci63;#2cjGqG?LUxT&kmnTQnaXhXJF7i7U%946w&L z)kiD+XSuOaslO=5)=&1HGa%ev8&to>!m zyk&zP$#gNhJX``>?9eVgUex;RX$RRu8ZT@sT;2;DU$3bMNWbp>RXD)OyS2lyes!tQ z`XH=aItrRvu|mmM>`9DbseLv+7z-}tp@(ct1eEGkSLh)0be9B7Za)~WcUw~v%H;9E z`X`!t^fQlGZMXXL#O9e?!CY>fJ|yYgt;}{&1;kd36}M1rcoVOcKe~$zzN8*{cMjS1 z$EGUD49M~O(cy38cR0g%5wXoI@U90{EgTK_9gyImRSN_dWjcKng z2xN}w4uw(!*fy!O&ydbx~tVNDeU2FRhyu9It|SSh0I21peitR0gqP4TjppUh1X1aszeL?_R5M8~UW+dPS4){U|qhYy}~DSYw|i2yzJyZKFx zPq*++ZxTYZQjy5{<$y1m|7r70QTLrm<&H}jJE7oqp}XAz z2d?*vdX^%iCROERo!)%VLBm6YeMF#GiId8kXf&fa?1-@sJ(;}hAcE9CA+Z%`6=;>Q z(@|({etWFGIfK4j;kBk$zY~38RQ@sI9_xwI;p9RQd&s0XFqXa3vY|)HAjaX&owpiP z(lh2H;q39QLrXN5gOB}JxXYN+Em^=z$d#b^LWG%tx!(M44MA2q(Q! ziVE|{7ERB?zSwRn3O}&Y%jc*yk$zs}_ziqZ?(leRccBtde~X?)ceqMxcYa$FFkp=7 zMj=@4dQmngspje+$`cQ&yzL?@#+N%2z@^_#ArMDz8PM@zxH zYokt80cB`Yynl#zm(e>H4PjiX5LaL=!QM_VKR`GCIhL_&$$8>lR)AQauJU-6e#-IT zgc+$*);lWTfLNxFV$U#bkUS#a$jAZm%Q|>NXy#a3)@UnHTBFK_b?6?Dy#uem|0jJ< zE3{CWuKBUs$%@yB&o-2WiPwM*v+2*>A29>sc;i?UGr)lV4#0k;%(2bkpeU{0MBjE7 z`LaJ87Dn%Oq0KfLtxY@4xw2xHR6!X$$n_A6zdK~Z(1k~a()2dd%4NP_pX>C&U*o>a z0(B(0nwD)zi-X-d?J!dJ-V+q9%GbOOAr~1pJk{Gx_mRUwjzWC99wg1-v52n5H^qs8`Jd7}P8FV?;9V2)%VC`sbGOJip{D-cLto766q)H7rvxdzXGb3>qi$Gy1OTDCHSy)`tA-1!^ z+|qlH>=7A04c6bB8}sXzuz#+vzB;4P;OWR4#WI>a;xO7{#YGGtPk$6~>+zf%S;MV! z)}h!krF&vS+3%669R$4WN8UeHP3q1q7+RdBMFHJ{w&R4)pFXJ+U02K9e>goYVs%1v z;+B@ipab!(uHD_!R+A^we=QHK{bB5b3D$Tz>aTIH=*%o(U#=pCb+9tM%5MDG&!Aw4 zzur?9uDwW(K_%4l+^pI^8p$`)Wvkop>mILCac;(G8diE|8Y;6q*cszmhb8eFE7=UB z@@@s})%%lMh1|&193TPH(uM_-m5GAj;UZ&Iap%6+mHW6ZiB?#w2I`2@KA;>=1Bn5X z#03`XaxULrH&Rikq>&mOW~yAcJ0I>l@$SKdj0l`j&U0T)>yy@JnZqfE-Oe|6wGiq8 z4-V^K?%P4r_ehY7*L!17(Q&q57=IynU6O`{@uUyJ80LsQz z?i61B83MnR(yyUYg8#p42rt&nf}LyhJ2=dUj)~3cv}Qc74c}8rL$6SR>VS0XCi22= z!`=f;aVM-}yZhr6c7e~kOQ13+FXZTp^lh#jlSf5^JBa2*S^l;^_g%(5MEm0d5o5Ca zdL>D4WjI@P^bX3OkFROuTcI)PeOPb${%&A~fWDc(^B_1P@L&bAyVb~^)a0)ry0j@I zCZHQ4QUYCDTDs#SU9v!~6)uD1d%dMx}9jB&0F0Auy`tTcl_PQo%h0?q? z%wacC_wcJ%ehJufL|}I^#Z410k#DRl>q}56a8&%-{m5Y1t@Fc4w=uiF#hV#v+Zl`f z*d}Pqx>I?CVgKPvY{nsTdZ7BXwe{X2jJMLC4iiq3pR*0(hsPv4y$}84g{%j1{K--d z_`~HWP9oDNPVyK)EY*d&#|wv6*S=Pk+WexN@hOjisvi;fV$L+ zN8}L$H&R2h+saugD>ux9z~wzJ_iGO43?$Tj<-V?Aj;tUh=V@x4G04a99lPXC1n^gx z`Z#^cfYR`27HoMSpOE({w?|qCv>9m$h{q=1bPwGY5<+Kbjjwd-un2YCzx^Fqur2-_ z$$*1dZpHZT;Tvl4uEf%PrW$tOyelzc>0e$TDDFuM`8ZeD9CP&*xpcAL@s|}gls!n4 zcTk0O{-L;Vviwv6aO2mZ)?+{BtJN1HKgW&a-8hd2)tWhUe(OzGsa)v0h)7zWGU0!u zqfz1_gD>-(K$JLn;Kh==XxIap7RyJs9Iuw+->iLIvm4J2XZ2|NSYy;4avIU720J*E zKm}IvTq>#6W#ETHo(7T#gn|33auis@aDi^?78I?Z(d)1Uv%(bNF$itrO%&NLHNILN z#wKhOEwe}^y(ujuvpLgwGZ_B9R_>rLOQ>mcJB<)6T6c6p-WOl9)9lr`<`-fv<}e_G zqBQUeR?Qid$W`gnjw1s2ndIEkz=%b`d=A3k8ifn>?s$5%$QA?Ce|pRk#V+Yno&@e) z0&VL?z)iQYhgzj3hQ6WU~wkkI4`n|`UrXuoQQ?qv3+mmoI%J6W8k2P9R@AS4B7U?}UbTA_Z4 zMX0Wu`#v(y;9+@m(cHL;tY7sHnAOT5V#x=R_rCJFOzCE~n=6)@ z%_^9r`P4`@;y+#hEEkD}pw5sPMmVpb(??>Q3k5P~;PiI+$vEBL#oPxgdimSN75kwh z4}XI(`A&U{%?eZ=tp~Yvb634shm}p29}1|eWq8$6%}d*HkPU0bCx`Fcr4kq}!+nYJ z^XEtCJM9gzqcU7n%}*P9j#>S)2t%h!f@Ca^Q)}k*X zMa!PwEYW_}9qGe{d8{}L7}8xYUXpAJhA5lGgjtFq$c%z!w{T{D!Beo4d5SN#ZsO}1 zjeAQ=9t6QHqm{5|mqu}cT#rs~*oaCXsxQLQv{~xvtB99nv-4|-!NPE)1I&w_#*%-qLu@gwX{Lv#+wOD=Z(esd|y`-#|W+22&1z}WU zkaTE;8^ZNp#QQbv3dDn|3z8<&yAoEL)8>*;Mi_>_7vUt{XX+S!j`n(ropE zjl`poN#A6#EJtr=l-diJ?ML&MpiH`#W90A=cLk2flMmOqJJ>AOg&Hy?U|H{AGK^A2f`$fqc8p1mgO9CwvSoFZF&b6`I`ooCThGqP$<7o zUb93}R#<{GY3Cqcd3x*$8+h%wN#*e(*Kze@$%73AQhYK>ZPaP(ec8#F8$EgR63Z|F zH(6y@36^!+-FpHlgU4ES91{4n_Ldk_np_?RWD^Xb;Zrn(hO966dHgGlHtbcr8#<^` z;bdpKB!T)jsFDAgl(L+k`z@-i+xL`ic{FZTom)c~{zrk3NR~Cf-VtdK>7|-3C^+Ni zWlyrabmHVVNIpEo2*Vo7Y_)5%N(UFGDGlyX)0CoZZP53IZ5%qQYfpHltLi(rcklZ{ znb~Bt3B8@c3_ZX1wA^-XgX7`TwOKtD1_FhA>S8%+*&BPHo?GO_7dI@uyCq?T;>+;5 zwNzClTJT)96%78X^z$64s1rLir3S04O3+EC4EhR8SG3bB<$eC#<0N6i*@OGUOVfR7 znz-M&kJ0WT*OT2g?)M}nlBKI+htwq}7?%qf4fNSbUbW@qny877|MaxS zr9-6*DGzl$tEmIhzVxJ`e=`bxdq0m?_3uf^A(XEnj6PMcjy1=7u2p5tm}1tCenMN= z;j8-^(QARzi;M?^FCJBD7qGR_l!NH3bRqA6VLZhZm&cq|No%`RPMl2)&0^m=CPe-J zo|INV>X*;^Q|iY<4@mv)08+nr_Y^T7q^SK5$P1^5F?^q)iEN?>KLBkkN2hX0!j=Oj zDATvQi#ZdA3_Ns=(XN>h4OQ5Z>5+n$6=i<`xr+aS!*oUJjOSs`h#S6rfIWR*Ivvh; zE3yRR@43BegzXCRH0?4f`*xdtA48f-$>fjT0BYA>p&Y86auzPblMk|2s!L33%?28e zl_11&Xs*9fh*LJz0078pvKWf=dUYkH1#(VOUOeD#5b6ZaUtkbfC{!JY2d-|tU2U(! z$k57jVb<*{VRm=B&WMdVMq}-|8aZ1nU1rCnf&x=We=;BeIoUqmAub<@ISf9hKz8c& zuB986zh=0hjNVu@A$1Sg_CzEW<@!|@cEHwpwuNSrgph}t?f`p*Y=%ZaF9Vp1gWdo5 zlZ(DIbY{vgEExaSD1~_J@7_2PfcZh3c`~3Tc%1RlEVyQ9*Wbgdz71Vh!}Ggw>R(!N zQiDUS{V8)ca0Dv7TAPk;>mFJt3#Kh2Gmj#;eirBT`0H;v?n;3PPYc;(#dJzc4E0LP z9JF@G{I)g|;(pz|y^-S@C_XK=JzD#wgo!U1#fLCAZ|`W&)qvMo`&Z$0{GY$s=$9JJ zGa93dC+*~5xHsgC%#g=PLFCfOvM*b3!!PvLl_$Nvp*$Npb)@t2j4=c39C5CT<>d~z zM5s*Xv9M+X;ep|ROf@RQYjsC2p#aV$rh_ngY{s%%#_H42-l4E&5{Mjg6PsCkHK6no zipb|RV${jah)?Hd5qGY7ZK%&SDQ5_IxG@@9_bK;t3MUom$tdCng8ca#{yi>1$o8ZJtt1xS9kAsES?*y6l~BF zcfqo@%Z=5}_aSfUw;-(_A917PTtLI2`;TXpar>UKeD;?HGRH`GMT8N1M*IX85Ko$g zQ=?ONw~f-n{wrYp&d2rJRCmo|e55`n@3+Z3#3nYT9JNi!$O4Na(Q$GqTvC_ga9E*M zxz1S*1w^?+BAQjzV=ftdTlz;RSibBqe zH8l#w3J0ohpB2HZjuf`-d2Gb(|J+N=**GtVM#fV0r3tmH2N-@43=b!|+2{sH{q9}k zns-h`BvB9bB(Tdxh2&+}7s*l;NAl>g41_!#v$#AYln~t<9sflLd3WG6!o6wl^?fzW z!v0LDng@guP6}{a2kMa?ISM4QYV*5>6wAlmFP#}HF?kMQnR4R|7wnV80%O;BJ`D}2 zNgW;?hr}wb*O?(dP_VFiHwzNjox+5a)Z1Tb{s?{&$i?Rj{qcQpqbz>0V$H?J)QNTT zC!b;DR;>3dRaW)-J)>I}8HEyOI^M;f$nIop$OVkDYO|nZU1mbASGYv`_@8V`U5(NR z*v{Bg^&hqnZQBg=uXpM=^BW}De?fz>aO!tfXnK|q(A3Jo0*KDU?ckna%_A&%`C?#t znuMJdO3>`F)|n{%5_{|V6FH1(u%DMd#oVPd@MQA53JL5=ETH)F`M#T$(`S-K@na;L zkcs^IBwc-489C>su^m&`YLy`j^)!{i8X&qHu_F$}oQ7CEC8IYO`bpU-^&ulU=ecXB zI{g?y&3*dKll`Gfonf~6xWwTR(&-dM%_R(s+2q7k)(6i6aop~8Uu%vT6Zf;jR>i9E z+9U9pfO9)#0()Ov^u>>;U3}PgxB13Xt@wJ8sQ9R@38>R)=u{IVQb0>EfOaFbEbvob zi${^TV39{fH(rhEU##+PNtg-+(>Z_5O{0>_F!@be(JusRH?;<0~C3 ze$5g6cf@Nh8Pf~KY037Fl}4VzoF(A|2>91*SCv6=UCR!%fn z(0PI;2m9Ke4C6yI3C`pOY>^-couvVCQ_mEh^h#9TB-a8$n?r&#Y{RD;VmsmPRJ?cy zftT1Jy&^xK$9a&eqZp}3tVf4Faq*4a*OU46^_-hGEAn>;l%I?w#>5-Bc8@)P5~bEi z+Tnk8tFLvWb6{(ixz=Ii(bG@9TyG|E3kyfBHvQn2L$iJYu8_s`uV}80wvv-vin2ir zvNVb~^kdEyGP_1A^HDvM?p*pwz=k}OeU`E@QT6`hQp5BmmwDG_W0bLSMN_FLtHq># zk=D3g(f-(sQVf2pH_B(!t~0ceL|FMWukq!z5O>yV z?O5;fS2huL6r6q~UP+XwHHH=6XPTtofwv;3p<_T+|Y>jOrYZaf0XZ+Vh&o6oFi zdum9rdDVWbPS_ah>yp1A;WB#*ppBaanIynM(I|?ry=>=Xl$=us zEC1N=WeL-O@^?o8O~q!FO3b50{J>3~Z_9(7DF$g_8(VzSzU72cnTBccddqJo3nyj) zJ=ZZs+N!XlJpm}Ky=AkXXOeTK^bwT~Mt{C-o<_!Uty)>KZ4?1;&Z}vMBk-&nd+a~y zOm1{osqP;zOuxR$d2xwbWA(qcm{aP}(Xpn!1!AhoN=g*v6TC64jgW6l*XyG0Jo z51wc{k203@)88pMYg&tS$R?4U`Xmo`Nm)&Y z&*U`jF@|%^qqdJ4-RH^!1SA+DqK}tAy-HhZ3NVWJc$HneQ2u2ET0G3;*j+;7)EdU? zS%!@1Fj415;YXV&dri1^_4>RJGJZZi}78z;i;h9wrynHCepfr2rXfaAifL-&fF^YP_jQMn#RFxa3{d^~rO^^TBKiQcE@` z!vxlv`FN&ws}Gq9a>ci|KW;jyg9-cR$3O&$H)NNZqQ^o(G3yN@%TtF|isegmqvY!I z{Bd6Bm~eV_Il3b5*Z=4+0pZ}$eQ9$Ho$CqBnAd#~`d?R>L_vTrwi)`-27+OepcdS# zk!V}Os@LGjyU4{ayzux`kBV$$jcNU=P%5U_lsE8M$~_F$FU!PS5z6;^kN720;)YOB zXC@^481t^&dHU?6GRgiMg^$^PX|Z-OES{z-O>E5(Qil=_YasWy!z$kbfNB9ZXZgq;n;fzF)D(bi ziiRm2(dl>4X{0c6d*g+`lK@Ps<~+@O`{b6IkL;b(f{mKjg-qEbeAG92=3{-T_LiZA z?+z^=z40hReW^=xCtVp{BNzCNpYcKEU9QvG4D<|}zNnA0AQ&C(U3BSra2i3obiY7x z9-WfNebO-ha4lezP>cRNjtd9e_UL#oy-%Jwk~98vL@g1xE`)C0Js=e2jc_Ppz|Jx! zvcMTv_G?>4PoX4)0rx&gM6ndLaVoX;MQq7Lg>__j4ykiOBiqlk{34&lB?Op++B>4z zT_R;EZlq(={b(ptzOW6iVWyB)PiaLM96x+_ca}w?ceWWi0h5?Hd|w6n@zQQ&A+LAOoH6B@H-vDun{&He_8;0qaiW%;rg3 z$-O4uMRQsEsB_WBH2;>m33sTD@E=GC`ENH)N4iak{Z^edsqsMvFBs~itr1PBT zTI65jpV(Oi3CGZXp<~QaRvNDuEa`<+*pC>c{$-uEhy=-KYis4I6)kB=37AqcL=9`0 znwN-sLYuIpyQW4`8yG#EF-eC_8Oy;<|Ts@~3<-grUBq+Be} zZVc&5M;Y*_rN?^C6zUe-<3hsFa2V=XTu-oWZYg&ybGz3z+ssP$4fbA;d#gi(O&-;nP8MqWhIregPIY9w-pINXwodMel1^PKppahMz$L+ux<&>ieWRA z?kNgpucC>)P^cljbs;_)*9dOZ+uc;vFqr+|$Gz#Z3#rjKev7+Lhk7-H98hjA?Lhu{ zmV5T?lb)n{zr=1OW~QB@WO0422whMyv4)B(eSh$r6_;fA-w^0UEqxfnmk|8yo-=sa ztm#$R74eKwL?S(!N5?VDJrN#`bT05O*{O7y0Y;s@Whj~Gwc+p@1FuDFYC8b&GI$|J6W(}%cWK`vJlOo)5`&c=rSW+pqFHP$iZtlh8YPm%tKre@4p{>|_mPn-<37A^aF zD?MtrDWMNPmu`-F0^wLAlWz5y-jqv@s$FfD(w3oH5E^iWEWOd{V)CDqqvNWiJY zDddmb-?#M1jn{Z*hX_!G5ET1}L~AV6p++ zSY<(cLoQcNY<`g?Z9}`tG&&alCI9yH2=|D7u|7fs?6e@}x#HBJU3}e6j-fuRAG#8Q zy>S%>8ihoA3A0%V*!`=?j6Xl-qh!-n2z z4^n3T)ffi_B+0i07atnE)F_`n@AvMYGXnDGb)nB}vU=Yc#)4JsT4WPWqm@;lvcPeH z^=8wV3XWUR0(NWj{?ifzv>;CUOj@&gX*sp^*>7C`0h?os)Kh2`sq)X$wu4P0VU|9J z&bPCkzwK$@bq=)H7l3Hk|8L9t-)^U$n$xYTPu#$3CWQ&S5d{3`eD=QBw}?=`gZzA2 z(zZ;jAL}C-Us$mLGazJMC%xVe{qiH+lD=84By@ZmVt;cmJ5E>cA1x{{#~IsN`X5#h zodQz*Qps690@{t|BjpJ&lN_doyP{|c0!0K)?)f6BobwhH{aAAj~kM94v8W$3ax zIn!wTvmplPj~Q7+u|@=Nh1C;arL81}Zagk&r`N}O{2OUs=wEfU=-tjx_dUdAB+gn4 za=!xF7$&pE7H?1Vj)^b)@^GG`3_%BIkd)dUz@Gr!^!E#=!hQ37EIzjh`(O3=0`o=c zP

hUNB zSU~DK={|Bwe4gr`(Y-@Qov|z;Gy{!E40~LDPE~%tZG-m7ub03dL0^B;7rJhGV?#F~ zzAtElXr91n{&@mQ3U6LplsN}|f2kI;>uOeD5C3-p#}cV^UNW&{9EfO|IvVdbhRQ#L zwjnp*AalK6y=73G>d&{NCoj8a`gQ_(Qs|t#FEtxodGbq*y6smqK$o4u0hx(-jYXCn z5M%4xr}6$L&(Z|FrcQ3O1oatuQmvbQH~fC}R{`Y3%(Et6YMZ@yVKX9uw-yji64I5C5yXmBJ|->m!3$lgD--x=Eo zVS1MJ>JMoA9~U0~#;ZR1+p`9jpWnUz(pHOa?mVs_X6aPc|MOxrM7sXdq_CxOi3#N~ zZN~#j)9yC8NX*w_;`Ww(#J{^S@WCnGCeIzPEGPZ7^jDKyjEqnYsb4n*yb$7jzohu! zyIWVKsbZBvz*Y47?eds&#GrtDPG9eqLprjIB+v|xhWGQzS>T-Ia^{`pR-5HS+|X|+ z<>A=cQ3qOv?z8B~_(6Mz{}B@3v3uRS3$WP6kw$S@C^aRt0ndZ<+D%zWZbzGGe)9Dj z|Nhhe>k0h(40)r!n-nZG+NfzHec9M%|DYLA8EDOhpXP%R)*pkLcHms*t5*%CB})YQG3nZ(>~jUSa^df-%WjEmB&urAt{jk1?N`>Q4Y^UKMH z0Uby%(KqdK3$sBW$ygRN4ek{1Jlq*Lt??&|i=5G%A_j|J47V0jyTcrGiAB7NPMLK! z@GLExNmX>!-}P$HRkaT;okzQePUKG>mCSB)2BvivY-sKD^^r|EC{KH%X2qF{k-yXG z>@D|GR{#0n78~ypXGgq+!M#w>3tGTU%X(;NWZ&FtAyS3e8sl8UmQ@U}L zkRrgDpgqEJXhD@*H&kG-PL9GiC=Ez*N5de;Q5bWy)v+Uiboi zT$1ej)%(E_M)6sJlf}y;P{F-7u0*+7GPdFS7l~U`iGEM!+_KTl%r~4kcSeg!8 zKMWu~<=T9j$R<#zTA&37aj(^loNH6+H!yEEw|mPWPZjIV`s<7bprcC+g@x}oG=@`=QE?0CC!)qB8+YiqYrC;iBJ zRV209Gx%r!FwpH7k0g!6Ht6{kE9N&S_Y?S|{CEK{VovLI|#*|33UQfTN+ge78q z=An&%8E-re5naf2`Zw~lJjc&&9Pf0x2TZX_9CJI08Zh`j7DaUBO@aT_B>f#|l0F?% ze$=2lUIaln--la9oz==>0U8w`aRfM*cC?h9`9|!+_P6_i%i%W(XR)Z#S{*@fLkkqL z5Z^5_6-F;M<*x;O(4>$_H5o|2J%a2F-K|k0odq242)%NQ-7IqG8f(DCP*7ma>S=Q! z)0ybX`}`gfIF*{6rTm8=nX3`%96~PXX!W;+()`O$iXJM4SaXXK}02}i` zgDRJuVQpN15Zb6o4@vPr?mTLgDI^14H1V)Z=B^Z`-bFIlR;Bj3*y31eRIV49Pwzcx zW%=G=$KH_ZPOQ@>yNze#P3?Wso+e+#OaligTA<3}KJmc6cGmUdbCz!X&Md5({ZC^x z;QGgSRcbnz>VY{(zPS;*6c<8v~R6ZizYIjt1?l*jtq4|0L`M%%oF zOt+tf0YX-8&QSbb93ktpFJx7H!lQsSjotCxj4?mNyY!^H#q*FFk2yBe zRQjFgTj5Cwr~PGi7y$!-FNYs+kM{5_hgbSf%fio1WG0)FzR}-Ki&>J{sjJ~#2YiLJ zwHL~WLHQ1Ec9x8u-*^!4Scl+pU$3hnLqOAd_8IYWiHObUQ&hfk^9kHt?L^!i`>{XwDJMMU;?0b+SH>Pv zT`JPwR=y$b7MmsbbZ$vongsX`6sV`wKIO40NhpE9JG}{4pj!_>b0H#uSyt`k#?Km8 zE@HZx7FmwP`TTW*HsZ6?w?WP9V+}RAd7loPMBUW0^k9^54W0wLtG~|sujIQqUL0@u zW@ju*E-=OTHEM64pFB^bbD|BZ>*o)p_5X^#`14Ps0sKd41SgR)-|KW=Q03e`qpByn zcu=f%9MAbkMnRL8ifUN)`rD3W@fT?AHy~akvw;1Fj?T-(d&e(iIyyq=hT_|VLfR)ozy z9TUEv&}8LR!|FxKbH~ol^fJ-H1hS&xYiLix&P{74q79QAhBP0d<1q?nx!Sfmwd$tV z+Sl%2y^{7dOCiwpcLuLTkn_soLp|GP|6=@dI4x)=w(|^7VU^J`$SKLuZq~aB6G#`> zr*{;$&a>&XbR{{lxJ@r(^84^0FxY*;zcl zlY#+$+|C^B&1dxVJfvyJ-w|}!!o}fVM*FiE0S$~?mZT*n;#(TgR-}!d+HgO*OYj)~ zcpvY%@cibc2y>VjUW$z6zbc-9e#I;6Evj?HIO?n(tPeG*!U@dLefgf5`Wtad#p9yt1uxR>*R3g1(AtJ2$$I>=QOJtjMQ{JG??V{OhpwbHS<&#d9g1wSwBXTUrW=#(GxuOriNRleJw zcG9}bWg5L|MeQ=%^Tcm-kg&T}wWu}W-+mZA&3t?BRfD5b=}+HahPu0z9X7IzHiCvO z5VUc*W=#q~tU&imX#fj(@)g{bCcQr^7ep2xw+#JfZ+7!Qppd+LdquWji6s2oia`2Gaw5c2be-@}DR{71_I853{ zhTb4uMi@?BC7Mt<^kelRk9Xv8HY1Cqor{s4_W_f$oyn*)WFN3etIXi})z-~l zXHN4aO~)nM4y5YLoXrz7uzXwVRg_d4nDVXUu^N-KNBy3&K1MwU_qEIJ3uI%7=XZMC z0Ki)%-$yTSw9}*Q|6Tvf29?{5jjL{NXuX3>CEYlLabMs8Y`*YUBhk9U%ns-yBic`MOykU?D@X64MCd`S4W&ke2@CyZwScZUckJ;*W^*aCcugT03MURv(Ik zK=oIKUFuGU0~qp%YJ65Zxtm+L>K%(y3Y}BKhu207RE1CUf+J*O#IwJ-rr0P(^YIOT zfLjbY-UwA{}-un?)>E;Sx?PZJ1bbgy&iiq^ugre84iIo-&LD*TP zRABI{0^-``^C!snZvsrfQMzG%C!zGW9UwotzmLY?jjCOq8#>FBHxG-=nK4pC=d^fl zIU6)LRo!>8Xnl{!Gp75Lq+ev9bmW~+KdFd4fJFNfNmRzAw{$P@iNlU73xKX-(PVZW zNWpcbF289vr%&~C;n%P0d{{Zq69b<|$=XKB?5-^2J10&0+yeY=x%2j3-q6*5ZZi_n zzuSh>R&=_<3XAl;x+&=$^wY6OZ=smLSBhMTnrT(D?s;A9K8{B{PUP;HB7J$2KgTPy z?yOjc#h@8&Pdv-YHVBTo3Tzasin?kC@>Q;HdO?mU<{@-uC!&x7)c%C}nE_^O{nC|2 zpV}ruD1+hT*Kd!TC1(8WX$lO8hybL5cHHsB^Y{LOgEQr8fP(4q^{x<*9in%fwf3u* zQq$@qoBCxrML=8T20!GYzI2y!_81S=h@Bi*w(q53n>Gufh$|098Gu`*<*4uyfYC6A!fDXKj!on@pk6<3-CdaE zo%8%sfWz=2V2Hn)oXw`TRgYt1lJ+hJUsnfmcwp_6d*riBsS%-4)5aQ^-7YRIq(20; zj(7sx+MsLdh+Ksscb+p}c6gVs)&7oI=UEZfK+N0Rpi8@$p9M7JfPfH)MywjCdWC4f^JbmnncMNQcyDb6QnwH}050 zS1P#z+=~6`K*a%0(zWyzYNFUjX!49}YNKPY+&e#IFLTc~iM{wTT3R_m-jX4^3D?cSKI1qK7=KAMx~5|Tc$I+ zRQY8QimVTsX#&O6kTJ!bLeJt-Q0_Sy`wK#VxC>M86(_r4A31q{y4Mz!x*7AqX;0R) zx#-)jBD+4KoOr(0jmtnAjQrK-eokAtkzVc779~9M*#Ob+6&S)YIppmRbPBY2 z>x2jJzbVo;_B3B#PuwML*9)pPh0-6`&D}b=>{pB6z2rcR%_2uo14h=b@%frjzOm5x zw1~0xjElsZ0cS+6D51bC-qmtLh5z_i@9E)bE+S|z!c~pCen&2LN0^!l z@FLauFc;Y}WctolW_30=VB7!pc1l6ECPS$k%oVoTxJ5gEUff-_@L**A!xn@fpN9_J zx$RKZZnPP0*^ChL+31^Bc=G7S>x+W#t$UNYzkO72iWD%e=>n_+Z_|SIo}0ux3_jZ( zM#pu$+t>FDvR>Yq>ql6Hje`>b>&eu@GW2<6Wu_q8)AMIW-h%Uld{pp>Q}8QQD*YGq zo)y5YbeHqY#ENd1=Ui;fI}65?fF;0FuEP|<0^k*|G9LCr_3dZ-djvjZPBi zqF^E&`0c_K8uW_AWRbop<4-@bDi_IjDaczH)sF@<`XO4SRlHV1PZzhEHVX|#NZRbN zw6JtrQX$7)d#~S9oBEdde32U`C+pKRDGVdyEj!86pZ3id9!7}Lao)NmzJ8{$9HzJ4 z!5k$PkrvkB{F<9c|)duC4(`i-VaOB6gJh`Lpq^#o~${y=pG?Ees zur~9E*nVJa*9z1tAwW%OHd}|-Qy-}}1{H_SxtAbJ$e%B%qtg?`eze5aJRCA&F?F5kULR$bbm61go~NQq&XQh3rUp~dCpV> z6&sn}lU@F{zq1y6R2A#7Kdt2dzSL&Qy#kz&^;`kZKIg)6}^8dZdQ2zgQ)8Vc%N8-cLH|vV8*}Z)2Qm@)+oB`FN{%Tjg zc`KDJmAx-!*}u$OrH^(W{)6054@1?x7~3Olt>&OZY2p1@a;ytOPXwFyv{q(Nfq&%! zIe3y|{KHqrCd$#;ZVx|#T6d&KzxH93(`3!1)gC{EO7PKQPI%?VV!F1@xS+#opU#!o-f(?T7KO83nbj$5$@?9`IRoVaH?Y*O#%G>Q3f}o&MLhmFZN{2`d5Sr2nAwYl-(%y~pJkOl-p6`s~`^UHP&t9-r zviEP_<+|H-$1Q@prk!U-{e=VJ!^$&k2UUEh_}kkQWGYFq@7;5ePs0Rzn*o)tNW1k5 z%}XQF0ac|NOG3MvU3Ds@1P1BTYMrv$UFXswKioEi9kaYb7Pvhf?i-k_D|7sGvhbK5 zH)Zs8Wa@`O<*5Df!m5hN1r~h?f`)TvDXAT$)MJ<;M!Dk9JqeJHg`zzh92aKS`a=~d-)xg;IN66 z6+`~n{-_GYN9XAqz3xTbTF#waFD-|aF@nbPbq+%cyRaGRy6m+%i5Y$?JDDq!B(;k7 zGCVX72?KFITMEd0X(+SgMxo%6++G{{X0G?`YTa50E35*_g`<3?gI(aSS_qP0W~Bw76nw*( zTWJj49oSgKzg@%%?A@G7)=JSahX_XHZx(V;TW1Q-7S-Pw_ir>a>UbYZuDjO#sF7I zuF$IeRS<-l+HoBBt1UaSr`*(*&GW)$k+oXyu@NfTYx)tcUV>J)QSdhS@#U_>hHsQS zkr2C`7m^DtrHp3JJ)ft36s^0hvTxbIdZTF!H@8yZQG3@cj&)ukyU0etR;l`8Y4?_G zn?0m0(P)BoUw-PtZTkp;{6)D=l(@^}kQ>otbubh2O~ z%^yl_wFydQe_f`W+aGmzU*5nO9RRtzG+SV?m1?BDOQBll)V+K7W;=D zZaZn~8n1Sg4<+rS8tT!A2t6W`7@xS>dXeVYHh>QK!8+iBZ-c_`aGOE)=QKXy-hHzP zNuNNDeSG>%U1mie9W?QZvKK4!k-|ILHuY+KW%iPe%ie_YJEYAo`%6->J=K|y9zz0*D^9MJ-p@Q1>19|>7ECs`){5w(t7xJUI zMM)(Fc_BTS6}(z3?{DWUW*L3&O-_zhy4#YNy3gsoOJ)qeq-H$P?D`nots7YU)SX{# zdVtfzJ+)P1nXmYzUj~tneF^Ny;^efxQpTOFtd|?>;^Ld~=&edxb0xHJA8;bdn66h> zg;fjiHfw+2J(8wSG?~+3;pUwWnAYAI>53tHc(nov?IdLm{7qz%6F_n2^73b(ZYKDB z{^5SoVCfqZNFP|y0SEAxaNQJ@TeGqvL7Sp3Guvu`?5PJ?au2Q1vlLfmTX*-*(9z&k z#~`cPfJ8yhD(!vyKH7Gr2Mk|jujN8-Zyr~xER+z)d>75Fthp9&Tnn&RGyKg2Y_M?m zxttnjS+bkWbDLMJc;jOoGC^nfYmOp?SHOB&dc>-=}i$hR@4 zXttIlGM{&#TSS^mblO?`BBbLF5EUr9BV&W0%ZNSl*>aE)C}^vxV`_4N#pp|36O4RQ zwv)x6CBM>%x>g%No+@fQP`ab^;lqb-M(aDa<}o`VgJK;Iwl1uCJ#cPvQ|rdR9!=uYARv8qd0# z(s`Rv>3qXTHEn-!4eZ`dd)ECvnN*Jf9*~>ps!_H$k-hbmgnV*N&_Wq=R#~Xj>e=If z)%?$9A%$V(@9WPyUM{jryIdYYb{9<57?9x{A2AIe4_ht_JaQtelO4*tKC{l|72mhq z<#T44y7*b?kqs9ee9p}5y-ua8v4u&#bW(M6QajR1{~%wygZ6)e`*jJndyh~xr;`FdUoqxXYocw2G?{g5 z`JF*sJhl4G$;chrSy3Ckcb9>5ZGf+KQz=*))by<50};SlqE+j3;|)`du>i7wI7lKo z2@`)bZ{T&m+oeud>7tP6K7Xgh7jJwPU(m%{q&2FRgs)9z|M71wfWyaGlNjj<6Zu_% zigtj3WpzBP&}&Xwm*Z|iFh>{jqaHbSq-%P)3?N9ZE&VJDLa?)LX4YxE@4-Bv|x7p#3b|o1uMK%K+kIE(+nGxD6ZzL)SJXNsf|t5 zE~^7~J_sFou+iY+1w-Vkudw6fJQuu_O34}kUxcapy2F=@k-_&a!YZ)lii$1egv6Dn z4Cr~3vD2_^_f_1vcvEbOc}+!~GE@<8y>}kH_~9uv9;D#VMZltNf$8 z%PRG1|HlYh$mo|}1}2w|pVA%M!fJ57O-nP#Sq^zq83ges+&f7M*P|KSg@8~8!(OG$iaMN=+^@i_az{*DTQIxF$% z=5p@2&>B%2z5@f7FthVrjNa~HWn2a5$MDYS2orlWoV1tw?vd1-Xi9S=S2=KklI7)Ln~*p z_-`m0IA*sT^E!r`y-+^b+6yw-mh7~xd27n6fddCF=X(;NK-Zy8hZY-u_t{-Gwl};^R zf17S;>s8`m<gJcO?4S$$D zuK)P$gNW2rBFCWgDCnXb)Ad1#LMN&ea;!^x+PR4taYfBgMGMdShDRAlyxrGo-h^IZ0d&ZQ>)$)mm=p>7AWLC^Z# zO9VtyJ-YKbZ_MI{j9HqO9-qs@S`&r?Slz_d1PIf)B(Ccq-!J`_n)`C$b}ESEjavn- z;p&VPypn~>s*u27@aMb0PUe{wd``=qgw{Tp;ej^>aFrU4Nl%_tNRHLGAtBVy>o*W? za;GmysUaJcBx0fTLMg`Wv7=A_n?S~zou}7Aq>ZeW$ob~2zFjQWFNHP$d$+Qk%DrZ( zUOD`hrke$YkXOE)!`Tl}R5^~^pm@BDT_gl3flb8wWO5A3f1d; zPu9bW$!Ub=b^)Fewf=6u>DVwYj|r*ClT*y^w|zJuH*QIM>jk6@>YbdH`p?*TyRTyD z$e9JUgBlhZXXBZ92LGRy{eQedCE;*M;SgX^U_{`F2D1hXQXJ`iyl*N3 zb$aq3D4>xm&Usmkdbbx1dbhuLCav_s(WwRGJ-urR;CwGa`QAuH*0pPvGk0p0tYFoH zeWvFbM@Wbnr>O+mwVO9@4jbOR`>LR~oO9;%>4U6pt=73X&g4}WuG4T1%#ubT$mBL| zZBEAdhSYUV+X88WGT*YRqYHw5ty`8I=2gG%<9*)}DPo7b{?Z}$VY^AIkbFkY`g^_6 z{bnwui^q&P3Zca>l{z|4@ja{G%q*<%n19l*q*Z%>QyrPRI_gIlsP8#8sY3 zz!aa4YMIBb>)*&{Pla@!Yk1Roq^^+ax}4^S82$3bGv<93wAvhanCXR@3)cg}oxL5R zxfSiVfGA$A_tw(R5JTp#^``$In*Ox=$w%9apf7QG63E42_(xIgEr(R-rmRc~xZBos zrZGnrqVT%kN*4&Z>!evv*2$Vzl&k|Z{H&`o&B&C9r{xb%9eHb%d;N~>cRP{Uv0Gu{ zmVE2hhjtI5(n+m~j(!4VSBRnC3atf0pqyU2{P!5dmU;+)ApH{=J45^LUapl*$Zz-7 zH49%};Rm5W9Y7&^j3;f9@xckvsm{qp-7Syeu%Gg@My?l*?rvRB1MVegGDi91&OhVP zY01p+WUkuEX9Voan}xH}_HN)Wp}*f)9FB3m^!K+RDtRMQTTS3o_E3c1-nI(OTRFmz z86c?;X0wcVgaZXZn>11&1C0;sbHZ?2-gjtlw`)rz<#N#3T?bp7!WS+*1QI@QMsLa8 zPMCjAhq|g|-0s&=>vl zDod)n`m8D8I7s&r_B!E*NB2zn#v40I_&b}WMfR;ugh{vLXxj$Z1FOM$P#C$f7$Erv zNOLGd3V5SDlqevx@hC9ZvQp>jt~QMZQz}6menVgKtA9f_xIcGY~n)oAa%?oHdDzJtnizG9rV^_G#wtQAaHZupE;WJ{l zqJM;{ZUT3*v-dL(5(V=s_9;o1177<_n60KP)_S;S^MihvkCfYu9LM-|;_$Ifg*;+6E8ZdO+<+VS zk$|hAly2CX=BAGykud*bxs>D07el&hOCHX^KWbLpk9fj!^=4cYcf)y53Qq^pfTgmG zvQeB3{qak9x+ z>q;{v>kmA&TcHyGQ#>wRJ#C;=^alu3%Mz%Bm>^*z7<^x*FdyN*8>CE!A4CHec7QTK zW1u>aGKKaE&rGE=iccn<8HlRinmr|QQV|JCe?2JXDeJ=ACON2Ip8^qzC4 zdp$Y7$}L}UJn)GJLQN)g#C-~Fgi35LHA`Egenqg#G&urFBw!rxQo3YvihhaszJbc< zy;=SR?-lwrW_fx3=n8P-02OjaOxB~z8BG>Qwl|B`evnrI^vAKyyR7#pl^S?8~PF{tchka zVTGa#7RsYqAZ?BCwZWXDxpM87k@iU1gLxD8h!(Ry&+qN&9ehO{M^2JR<(-_l~r^pHmc zl_55>n;H@PoXxsrhUQJ)t3+I%BjlkenpXyr^=_f;%A>gPu0s!>xV7%?jkLkL|Mq8m za(}1h+%2xVtcpUoZN3fTka#;b!+(BPT``5+jvByr(HwqwOGCRq?k{;aAq0Ls8By)0 z3@JNo(h0u$=vE@f#-)~^*@dHrR zT6hVzuHtKA4t{teSE^L2PqC(;K4H2;H}lw!T+=;%d&Qt!(RhA5PwyEcg||;uBZK?$ zZ|g{FczMf`A~n`tbfjt!lFkkXMw>`YcRr6BF4hOyzZZjB9xJ8jHNVlj6ek0og)V$y zP1iL@w0!&=Jzb|4)dGSV6cZBhgut~|JT2Al&Z9%;{pIMnE@>UC3D&m=e`+w>;~G9} zX~sgm1wenyU5920sP0xv4gW4+S`T@hf5`#G_ct7TX2z~O znHF5JwF>#o>Ei#Yw|_bv&hCNd+7+UE;`bvF-x{?0lE)@TdapmTi@R_-<)}ZYFDV+s zb~~srjm&MkH<|+s@ml32!5AzMKi;&`lRP1V&AXjvKED(?d71C^)yd0p4qN-pD*S?n zH}g!+#{ZU#_QDjK^)|^Z4v_58jfPiArWw>~m+Z?uZ|`%VlvrT15>;n$&ilVkv$ny;7hr^(AgA0)%PY-P+V%7)7)}I>Ix| z!1{Rw|1z{w$OoWLPr2I`s$g)uIc9q@>)-pre z;GfMiKJ_!GjQH3`e?p{i=HV~UxGgkOa5P8b1Vw}u7Gc16Qmy&}gXeShMkb1^px*4n zy|1mpS|`*Q|Ilz;Q{xSyzNWY~m;ZN=hBrozHjW^AHUuLXsA=|AY@y9`6^Bny;n~OE z`I!Bu6m1R@lmo}S@tP_N^K_~&Qi{xHEVb{fEcBbJ(m1d$k zQ;;i3E1QzNEc|CGio}Sv`4%iWJA2lKiKN~9wq;cxHl9*GSwa!j{L^9r=+^mzIPva; zx0%@#)za4e2PoEev*EPZbrjUadK5$T00=&Q%yhwR|~@I@?*5HJK&{ zkK~Ijm?M#DItQMg$BcR{tf9Uk?Fa!J$u{Uh`{qY_5)4}fU7;j&Ht3=k_3=@8aUpLb zd2?dwkDvY#GWpBRec@k)QK!ep|Uoae{DRWc2F zE&00imDP`>hDlIs`M$AFuQ}Mz#S^;1C1{UYPI2yZuMAd+xH9SXfV^&MY0G%3*o?Is zY*ZS2f1PaJQ=q5oQt2Q_%z^MwaJl(rrA_X)pT7ZGozeiVTq4tdFv6qY1U$q)S(`yV z1Fs-SE4mpcUroquDHXFx;9#lY8rY3>#w7v|1$u*fjgjt0%*pP{H`5X4sQ1S**t)t` zip6j1KLrwRoT~uIodivN`45;%KwX*Vkp2NRXGrMNq|UUq7cTPC^>LaB3<&>oRdg*o zE9=DkNOAh&a2SuqTdNAv*zF`~E5{0}q9H-b(|Ct=(?M1&bisBAK8vjwe`c}t9G%`I0Pn)c4zxc_PJ*`WfQV3d+4p@W?=JeS@4G$A(wZgxz@EVZiZSC@g;#Up;5r%K#E@2g&jBu-cE=6&Nt z^O$+(-j=ag>-N^o@U`E+v7F;VCl1qEX!Ni0IB`na+2o6Ijjl0h&R6J( zWt0QUf59B>dh7?*>))~u=t#>Ot;7TMwA0-aC;7VWYhM$;)67(L26q@eGiS(=WLsKy zD<|eK=@v3qSRwvocrCq<}exh=6Lo3mp88eB)@guGeA%@$US zBMsHh>QL&S1vZq7QHM>aS0y|L&%C{H+%KXJV`HirN)5KCtccsefQXek;uEFQE0dlZ z?k}|}&kujkSUfK}S%|5pXS@uf^SMkqk7iY?-{%yFe<%-bVkzwLUEXclmf|JeG}FHs zXLFb@puZT(?4$ZjUvk>L<8wEcixvsE!!zwk(v^%b`dIrd;;y1XkLuA~yyJ{7-bBvl z<|tIAX|l&g9AV_73~nR9T}UcTF){ZkK>m%ft~W0f4yok(b%Qn!5P$>p^%|YrpB)97 z0Y>THa#>%WOsHp%3%WE}o;4z5F2&xBYk`V{^lV|5H^)6P3zb|CuIpjy`F$ysIx_TT zDZ&%(RY!9_Pbn2jVNW_8e?j0 z-(JI6RPpUCH00{bBFr|E3*}u8ai3k-;m`D{U%MlVDCl)B9ydr8dTPTp5NU}B=QHk| z)bO6=^O=Wm1Gm(kBvonV0+!z2te$BDQCUf8j9{pQcGdaEnjy{W?DT^-CyRR}%jW!bKJ%ty;xm_p zW=MX%dA;Nw1gzJ7UEO(H!<{iNAtII9D$fdPSPBrU*YLg3znXZ~-Nc;CS!ZBU_PKUp5>Cdga@Xf0{=K(--nYJAKsGJzFoFn7gv{2*aq}Dd zzZ5tUI`tc4NJQXe9{psa7W=AxfDxY)g^o?K3K-S~47<1~XZ--3 z5H_~AOKs{2b($6>Vr%HXG%-2-{41VF8f7dekV7_+mF*kEfKqa5V!$R9vr7a~S2Ivl z?Y(!_Dtxa8ZbcG&E}wiD%g~NhS>I_^1FP1E9m7aaY8Ab!nIGk+=*b+hl?mc<3n>)0 zzLh=s`f2lwJj7Bq&)RD{zslJ%euzgp#`2*p(rylD1{8)Bt3-sgjZ!@Y>3^F9`Y)yz zsKp5Fc?}eAZG|;5cza$gA`_LGbi&B>pb=xD8YNU=CbYRow`^FNTsi!^xq{oTZiGl@ z_6^g3ug0w_L&#l_Rt8wX{sMv-G;D-CO}ntUi+{b96Tx;f!8~V(h#V4nYnIRyVA0%N zuctdd1Q)azfX8W0!vux$j*d}EpyTH>OBZ6{A#WDowWIxrmwsIia*MAd?8wTa_r1Po zbLps+5#1j?za-l?Ooa;p}h8Pj;-eU18Q=}cdR)o@Mc)2~(4*%l0_@f~R z=XtL6Gi<2HZ}kDf_DH*I7N&k)+N`|I;eLT>WtVDGX~jyD(*s)F+@jIz3Y1OFIkOt$ z11d}B1P4g~+nun-PRB5dqAwfW`X#2W0oGJB1m__O0bW2hLn2OBWhuIOhWvGGVjf?a z2O1As$sK{B^8Y^6_^+pJYqx8kLT`HHyz|U;tB8_c;!4iv6;GhY?Htg(5_n2h^6AZ>Sd5bAD4VD)FH4w(7Q45vr1XV^F< zx)K?DtH8WJ6HeQqHtfOrk~w@-oRLqI(G0sB$M3{&IX0A9Zh6^a+)&W(0D?(Rc08-e z{tT?k!IaJn!q>A&O2WOd5C!w(O?Ee3m@?Z`Nmx?j=}!pDaFv^2KMP>GD8?&<)AGpd0~{HE2Hku zDA@65-th-P!=Jw6nc(;Q_czC#DvEd79n|}tRbHHd4ikv8Ejk;#OFg_8rt%~^F6KD@ z+K|)4gZ*sn($SWHuy6G}6tow<0tcFkp+$G__;O4OtR3VU3zw~4f9VqG6eXT{D_Erm zMQzfUJqGNVbl8%?rILHlfgY35=(`>SFi2^AcHAf0 zq~SM2hU#ccw4Uldqbbr7_2MRI9q_I zS8Z4t=PVmFG2Su4p!D2KoAlvwJ5~gD>2ntIuFUKWOUY#S=4?&4NWKT+Yhs-B5E@)> zQ?to%9E;33qFK3x^^4x{r5J+WW8Ta$&h*C|{l_R}k9(2Ub5Pr3jMa^J5k+fCdzn+f zUbr;i8wU;EnUzNNJ?*!betG{}x46~@?hq{q8aU?13BoLrJ;T6LZy6^sjSvYlN;`HG zQ;ukoDShMHyiu{>MN>ZwQdj-xj*%K{-yJo7pmnmw2Pl2AdWhs!aulyJm6bpOzKZ>j z7tGTSaONu$=bPgo&E?82eK**w4z6OYxnHTZJ;|6mXY`V!6Px%12RrhYCb}AhCDgId z`#F=kv}oGd=eP4rcp9o=1QebHQ^AAMt&_@c!Q3twvr_Ttdd*py(?+>=B4Zg|tdj zQ-_kfgToD{Q=miRXjKGX#5&hRAET*jj`0%yDWv~FRj%c-{5X9=WMIWM z*DnrOX>=9iQOix6&nrIc{^2!m(rUx2uQhLrt|(0AOQ$|8yHuJZ=R2@yeB-wF@preg zFF!+laXP)m&)aBSa}?**twey1Eny^v@C02#w`NU2bDHe^_(jc3jK@NSfo^FRj5&9| zBnE1ZUi31wg??)Wk^I}M9aXP~K$Y2#6U2D{##_(3HJ{_qLQzSIzKen~nkUL#tBYpm z<--!g)Hh$(tqrG@xK6v0R-1U^t`SAm3V6e!W6!E)IK$Uqtwk#1UIQ;-ZhHTYU!{4jdM4Zq*?$1>GhE|WR zGK{(^X{|g+dfG9mu(d7uo~oN%M8B2l+%^b?-xYZ%?EH`!s|Q2b*wA!V34sFc$7~-Q zXCGQ(-B_H(V6a;e-79ogSbET2|rO^&$e54B>lhuYY`3=PBKWoRf4 z<4ancjgETtkVYkWiKkeBifd`)(Ng2dak~%KwY?YdMoukbQRzo^#Vv%#PxhzI1tpNp zuUEL4(Rjgu<7Mjf*>~Cx7FTf4JM8r>HGUd&x=Ji!)c+;B4nYc+kqJDPa}QjoH}`5TfI>tCr&$9_VSUuuQ(4(vsa zpLXh6 z?nzp6KS1?t;Lvh(RuAwIx#bMI%M8Y(TN);AgGzQAa28FqsF)ud^K=dyFFfkWS+g}N z;84`E?SV))0QdfO^c03*>CVul0Ysr;>a;RZBTxKNx`cuxXnyHZH*5nOIoR*rbnQ~uxwlLG*?DWkSEh@bA$8jHoTb} zT=p?|mqCS)FdAYwsH3y>k;(`N6KY#wMDvJr&nl}x;wfD4HY?8D;bx_uIO(U`jhEc= zs6ASxo0%eze4x4eOwvF$WkchQHY=n-quO^+%#pY|+QmT$4`fw-%SCU7rUjcI^+7{n zGQsox%F{sR=n!AdIUvmR@QQ)ydvcm}atiNkjKQ7wtK6VzE5>oc(koP#WmmGfq6f7= zhkddU;6y&4)a=z)gk21rdY7ZQNQrw+4uRL&Fi6##3u#jgwd{L&v=I-9;Mr-3sdr8` zNyUe;2}%X#E!vEwyGTVvBKbF-#ZyGS3s;^*m!>P{1A8|n@6X0m8lp6Hw$>Ir)7A!! zayy?D5GxbIYu6GQITTBjlAUAZggp3MUbB@;gdHaUkm0WC|G%sFLrAl$@EIF66n#XtToLSU()@MEY#Z8Jm(NkJ}9wh;>JSNW!VW(X{{ONgVX|lU8hs)o)173soFtMQ09kvn+V-t9o$gPoasEIQ zZWK|fzeWkATG4pIUv5WEQ@OwWLVNx}6M@apEH=Y?S>i;T`@F^E2rn|fRpji)rBo;6fW z73Rgx!L8`d5Wx*!5vT!5+{wnLfcdqA)Ei4-a9a;Zsk7fFuDHd;8kT0ea$DEu%w>hY zGTmR@Z&LlC-??@yd3kdfF-$jYIZ7Cp1QP$TB2A7p{k825`jYtTG)|y*0<8HI%X++yAgu`PXi9C>qpaeFwk6)f`(fvBoAz0X=%=HWz z7_gHMLrFpP*+bl^Nz?TArg`ETwO)2y4$V)~oVm=D*Iv5`Gl5<*u$#0x-^LGU@ z$L?-jwfE@z_?1^eQBdgq%T@&Xb{)`qw6;yaS02kxOFw5*{ZTWDG%RBjdRIH#@4Roe z`OVvO*O5&*9B!%pW-(qzoTuq1H+9nJ7*&3KOkw<`zy?qQl@tq*yfR*sCe#0GuZ}+M zSNKrs=fZN$+tNxTNk{a(Q9Sc0Y}NXVq~tZmcIMH)W&^r=CYS)>!^W@&52HW@c0X!i z|4)I&*7w-ko?@C-OpIbQ{^|QP^EcD(JCv}aeyvqsGDfdAEH_9HOFskc)f22|;}jmg z07X2e+8`u%B!0NWA8XZUZEtLOxjgpcy2QI{$1VXhu(cd4j%2{_d*!GVu9?j&jZ!oTI*4?=D$-JIw_y&0-xV7m&4n0&>tG>l9EOBpB+5fY$6UnWr}PGibRo(@W9mVt+P9 z{1Y(!;0gdsT48s7b;S01r#p*lS>%j%foCH?RI!!1W!N(8_>M7!QGe7C z)w#ydIhC&qlvCk-68n?N)s}xIq?g+6sf+McczZ^Qitc=%TMJ@0HosBzJFr6k$b1~? ze9+Pl3lwiYNPHi9b>BzT!KwIPMTAvt&8;u=*VqonuuW!v`GKhZ7uRq5pSF?1t?uAF zpl`K|VVl$829v9m4GY35?0E(}npmm}0S9J=^r9dkmufyyD!DtwNgm4osuKT`LllkL zS-ig_WJDjO-54^wa=*cr|d4P&(Sbl$eub-7V2I$t6bCEo>n@ZX$I*UPDTU(!>xKjRhCgff1nhCt%2_bl+PYWb@1B*?b)UjoDKX; zpv|Jt-v5}szwZ?R{(JEjzrDdsbG$4S9Z9+<|J$$}IRJYB3{3buo_z?s+{Qi22=D3} z!O$uivg?ulIJ$5Q4=&vpB^!PEnZy76`?&wI@qKNynfz}(p2+d#*7!5=K+lov&h19B zt8HyNn$by_e-4n< zY=5+IVg4d7X5a@qj|h?}$VZLzDJ02vlic;{FNg4htHF-lf2u_4rmcvT(f0Uggif$X z5M)_%3Vvsp_Uf8Ls*E{=gZ0<0tdRd1A9ol?0}ll`UV+qQJ9+ajIfLX`F5H*Ym-ooK z$U(MwL4!o(;5OUd0_b$0jbpH{b#4DKO!y_-a__bkw*g!I>R7YwEpqe$Z;`6@-?ib( zYy>Sk47%{NWsNnzz=EB3qp23-5B|(!{F%-EX!LovqC@8&S8DkXjS_k}SAcg4s2kvu z=1ddPc%IXXP*{lZ$B>hS$++Fv&AZ?04h?vZcV(hm#}{FsT_F(w9ib|JPiYe#_w{g z53k%sR83SkJ9aEr+ak8{lK``o`W35em2-zkMNU_UptfA#+T&4K^ryj8ZxBVwE)*BaD9 zxRbxeZpikc8S8^D8ujBlz!~4E`mi!RIGJ+sUPgC6gN=P1@xyNUzaZ7Kv*B5yhpiv) zUCsNIJv^5==2X+3u+dG4d1@7ku>u94HdpOoE}p?N&6}38ZmC?<+*|4#7h240G!1>| z^t@TRy*29jXqYGg+lrYVYnwU?!s`gfHob z%@D)Bua{1mNV~h9%41Rnc ze-(qwMzxEku~`cXR?+cy<-T-aUPFCdEEN}V6$l1}iJo<#z0 zeTgLBE{?;W{wJfRf2tP%83EMQi2=*(m1kTEW0kfCr9jE8dictf-II^)$I3GjKP9h_ zd~IjcXn0N62AC~-d&cNbQB#B}3@Y_9#`}p@KNFzH{R$Wh#oyF#Ti&o8&<_dj$?)6L zl=fYLBF@>N_VAwoGDo)?|NXiL)85iAEBVXGo3NftGgGghYOs(ywC$bbtDfeqbOhanf3B1`n#F&w@%{{DlRBEb zQaw@LL4E&i7D|g^WH%&s;AQ3AHplR|StH#SE->tv(&|rmLWdLI-IQs!ejxqMb;&74 z5Wh`|_Ib$c;q7my97*Ttz%#=*rWLdOPEQQFFwW0>fBFEoUDe9mD|k^#A@!X*&tZB? z<;wXCW~$5xXh~PI9+wiAMu4rM?yX~WaW>^+JdDfOuE8I)r2kj*AhZvFSdk5?(#{fL z?X7Nj+KQZJ=Z#bx^)aK7br-P;tD!w;Kl!qqJ|WkV!vONptrYp6F%D|mjRI8CXT6Ud zh;AFsqMXQ#Vd!cP)dSWLbOIGv;B;!mfw?7=LhoXg#+l1PQgGkZYFqlQbb|OQI@j2N z>jB_@2L$OKRmA?y1@K=U<9{aS#_*pQo&B|8FYf(RRzPK&siFVINpM|C zl1gtMDPD$rHGD2e@$EVD0nyjasEsNf&Hp^)zr0qQ{&s3W9v)T`0#;9BUeA8|k08f) z+gyFC`ZR+ z)FC7qZ0>3IDNVG3^FTlG^1sjcpPZ}yc96ZkUwYD2UEcbR%?kPIL+8jr@0WBnHjL%~ zlMa%i*1g}P<5^$X&fce}@*N!lSQ?c=?>pomfW}nDz(k)NJPwd-K0SW^Bl`##EMb1; z!~?D1eJ}>Oa>ER^HJ|G+-Ih2V?ArD4#|QC@D?H2DQH`%g@{xUAuTM#R79h!mb1U9# zS)F^DUEpmmJ3tZCobEoq7xdd^8l4S3x=ei~{dPDZjh2iao zC9c0PgtCkQ#%XcinU3exzO!u~AM(Djt`F&XdsB?ji-m^{-Hj4{ZPy%|MNN9My0?zG z+P?ZNT4p%htCm~={BUwx;Gw6-|2Ikg&r2D6`k$#_nLQD017kA#HO~SB3!%3MW+yjM zGneS2Ud$Dm_QU+(rPWFJgk1ju?A&#hSo~bonwsRfTG64Pq4h5;vu``c!#MRLf#dL% zwp%Y;``@1$tqn}hj#a(3MWfg}(O9i*PgQhV4SkTdGN*8GGY*@ElM7=rpZ;3v z*!iTNGYR1wOwVo>4t$xO?Z43XxZLQi`p#3Qq|XLT^Pd;{!5HuM1D*EPR+ZjksIprB zvd)37Y2B2oZJX$XxR0x{=`hVOrHKq~Qgo8Fl}3B}C2*amz1}`>%wR2+;-}*Eq@M%C z)w<&PDMhcM+J+E$CI#`)(lsryE<+^_Dr%lsp}AZ%BEA91(>@wFo-U&!*?a$-S;<9_ zpotwSbD7Ag`CN3@aUo)jzuWwmS4h4{g9Ddm-!6qMH}JGCe{H-Z|K*=G2xtv$cj6nE zyq3H@5dTWna5&+lwj)-Z-$pjW-ch^B^vn#HhTlznqaquI!X-{He)AaHqIsk61w9KWiCcJvu7ztw~BEuEd6qh zAzFGiJ+wT;BbU0tujD321Y;k0O7ZNSE!k z!j?;56vmst!g1WXm)a8>lvS;p@T}-Ao*6Hg<}&P0$OTM9^4s+SKD?=%=%}f5D-#$+ z@%eN}x1|)XDQG{{r#0k;sW%w_1~8uMju(xBWvuJ&s+q*sD@FY>3n+F`jHuyoa13wcPfIDYxdV=!uG zre%iUu9l?SfF*qSJz(4cuzARiVqmAv3tf@miveT7voWe>I0VanbNQ=Mf;)%JQeL>T z_|JSF>DV^XTavc3mphz+p^=`r8Cu^`XmoHm9)@MeX@cvLf~{{enX_!~FoltL`a9|e zXk4p5`~PtE)=^P)|J$$v3f@SF3X%gB(%mqCf*`3P-Q6i2gGh&jlt?KZLw62H3@`!$ z(j_r;!_e_=?(h5F&$Hh3ThGJ&U1wmOKhByt=j^>dbzPrpA1-zDBbPrmSz|*4$bMaG z^(7R1#=il~AemMCVtZDKzSGPPe{`q%#$xTkl!tMD#;azxKtgK9WFZ&AF3Peu6&A|o zzrHoMQ+@Qh5*77Z%zxDN9F>VXU9-_f9+L6V!^(Yg>eIVq_wRL`du%@Sa>qnk3s%P8 zXHw}Jxi#Inn2zkgP4%R+RH@U&EkJflU0@n?jswXb*IYU+7O)FZ{q zEBM~{qmwzZ#8S}+e1{?DxKiR@w4QuOjux_JF@;IQeGjk8>VJb6{#V7}|9>WizVqxaU$%RNk(;;Xxn(J67}9ti70Y1hO2`R0u}zksA*G^N%j6Ghj;?Pl?oX-T9@@Wih09_ zkGf|+I&1w>gvPDYK7s%@B-%K6d=PuGSxv{evj;4r<(F$?`RMO9y`8^=Hmj&l&uz5# z4;H_QrqCm4>?4`gs->MDxVldD2JY<7cvAe1M{MGPkRy9-F&l-G&$cADE6;^Ic3+=C z-X;3%gmJ$eH-TSnGbzZw1iZfS`RUQ6P5s7N^L_NS=<(8{BOqgM+><1*pAD!){Wb4R zFCCQQ=9G5jm_`1)jU`LG^0nnlJ8j#5i96jJP)r+l_X5hgvEkH0T|hmPMZ{x2CQmuP z(8;RC?5ERB^#-X_*l}(cSdt4p$xOgga+2?>O8ed<$WSjc>CaY#jKWUVB{yZ&Sy#vj zB1M)nqBFiVogGy(_tq5}Dgx>Ap1w`Qh0a2EqA4;13N$)D^IDH}gbQsvyA;0r@#BXR zHKSQ7)T`F>{AjTsIG;-u;MYZzmP7EUUg(M3%Lp14E|Z^;;MZPF);g^VgAEO2<5~CX zOOj>OABe*0<-V{t_vj}hnN$m7K*%*}D!1rRWiy!pf~QPjjS=gk9rO-5UU$s0-}FVY z#c&~ua^Aa=;T-i3E+hK5<`dQS)k*?Z@+rcjQ*{vU)4m>SFTQe%K^Z}(6(bQR?I}aX zK-9v$|63X3gV+=vaOJXczY>pR=h=ghH=1vth0PVa(BmLmkl@5uDN^Y+3C9@fR-2Vf zH~^ASG7*%+hgq_8u~4XUnVy_~si$xa0Ac>c%pjwk^y z)68k??9u%Blc_`)4VO3H_L1dB1EuLyihHXm*k1l|Um#xI37}j5smkhlz^yc61|gp( zvT?11DJ)HId^y1oz{mw0jNk}1Pt2eyOsPkBS59EY?{4W$*>DOTnWyq!A5)xWiBh;O z#gE(6$y*GDn1&x%Q`}bjdOMRM!xcmTT_>A}O&5ZpKIR&V-$F(m#C<=rYqU~4HUvDh zDIVkxXN!B+=FBLoYR6*U;nKK%BbfR*B#x~Q0Wp)?={B;=sRZ-rWmvJL$nbSss^XzW z%7Gm5epuhP6_JC90Wv0|0`U~S2|Hg;aIK}t#S0=4BkW+?`t6sLzZ!;ma@!%WLvbJ+ zWg)8wJ<2Gzot`>ZU(Jly`5Xv=jofT|8gZBU(jr+d+Egww)ohlV56pvGivmWNZPW-m z-76EyM5gT+wFX2-)l>PVhl_N*&zx$2hxX!_J8mP>EyqYfyvmcDhScA7pN`fulMygB zZq%+?McVHOQ_#YFHedoEf`8Qr5Ck`opMe?Cjf|@%HD;toe_bG?W}~_ZBaE z%Z@QCT{#hm9QF%9ts1khjo3jTC};BxF}r}AdUAvYu4-+!mS(f})T8mtqpxUg69Re6 z$_pYOME8M`J!2WOc&WP-%DGQ$a49W;EgDs~*~m1k>)p`Zv@*`ku2^PhadT|6%rw-b z_IFrX?S#i>1Me?+Uu`bq<=?d9M53p^AdHpaH}AJo$cbNUBWvR>P8UUafAt&;*juQK zONNq;$|X*F9V8RH8{7}ROW(EWec?fQSdC(>JJbepFslVsCL%Anf3c0eDr+>+g5wPx6e1GS5VsTFBYT&U#GBSCVI74U8+}WlFFS7roBbc=(XNr$=a0i*?l1_wG~P zJ;9>t*$_R#V-tdpLsrccAIOu_HE4ugiwVw!&kyH@nMU3&e!e+(j%M=??l$zI(I_|5 z_f5m72SGI{*7DR%cseRy5*(OniMG#c0HM1M;aW3Z)$RxRyXr`&%>;h}r*TMwPDAg- z@i4-wxXPruyV8ukzNdRw$Ae`^(l?RE5FWldZi}cuVyL-CG&aj_-dz-o1gh}9M9|{v zbzrAn42T7ztt&@gYE)X8m+h=H46F`H`c6-~EmGGke6?IVL8@G(P8509haHs3hkpOz zflSN|-3SJ$=_#r+KRlx96sh!e_h7ojg?)`kl-k$pDCboo` zw`Il_cB#7DBYR<7J&{ul9^>9tGpnJYq39AMP4vk|U9XBc`?s6xPbn zCs+gkRA$} z_E7cRZh($2Q`*+kQP>?FATG2)zH*o95gBElo=Gy%{R*>}YTfYFcA;TA;wMuco7TR@Jg>QH%y^9&Y(xr8?80w; zd3pl;t`eB3!U<3>_g{|NZDiw%=^*nLPqs0mEx4&^>1^x;7Jw>t=f!>%;uVNj4ZZj( zznvdXZH4L-^`+rE6{*&VS zbcjqf%?-szta77W>V0zF#)0$lsvl8dWl|ji}a=r2s zx8;~xR`;o7Bl$)0=~=2`*XcAV4)Wk&c}*!i8anP2&o_Oc79e^MvgAbL{hM|)*Vb0u zjPr{KW{rt+XYk_dHzGa==5Ub^Dqd+e&~Gw!qQ7&`&9N2#DQe?lZRFH`Zq?3n+g&sQ z;4B{_-s=NEF>N~Vyk={4w){Zjx2&(;nQ*^|W1oYt^pIEY*h{Db|KyS}3v z2z0Es(r#9!cWIPV1IL#duju!vasJ%)gFi)K5wF`EYDZL*4)&8At zl5Oqs(`gp^)y`;oTx6fUa%)<1V&5M%U~I3UbZ>?PCsdXqZBb_j_TVtu3c=$D#e?0B_&M~wW)Bz+?RU2ri=Q`Bu8;r? zDSZ?3b#?^JJM4(0ed5r@@GFi#s{`&70@3d*qRx?9gh)|$LXreG5=ZOJUT zRJt?gr6)oMtB;UW_K{T3OBDb)qSp4L_HR-)AICHZC_AJ-Oa$0 zE_xfAMf*(h^|FDas8};Aso#O}>pN}X)NfwjnU`dcDfw{!{+&C-cO;jobNizh&klFw zoJ(J^)>WPDSDQNWB|vvkF;pk>sk|)8LaCmIu;u>TbWZ_$KN-~$Px9RNHUw@nosFEB z^fw{ByNY{n(0n#(id`{+nq6_M4DsAGuh04BZ@6vP59}n>c}_w%?L>9kJ-R)1W)3-6 z5*=WzCNRC1%>r(3sq(+I&fpJmr+V$HqgEd4OcIKxOlD?eJd@2J_WbeIkk%e9q6m@! zoT7?AU-sR_RPRbD&DpXoyru7E~WHZe9m7w^T}~ht7F$<9i@YfA;l= zFX_ad!@0gE>bAJDWdqrYs!?ASi8G&TB__0txPe*+Glx(+9elI>hqx!v_k8EGV+=lH z_~0^ok;efqjYIxx@f+fP2)A7m>h4FkBClQTBNl`6HaTuHDef-a%BxCO7w_l-FP-%x z`ypZD3PNin(FL&&jAur>rrtREgJ%S_5G$8SZ&|I!G&LVXRIKVzadFP z^c*(0by%!5*e6QfSDl`&VyTz7C+jB<-m}&oJ2hZ%eR+Mf-Z+t@Z^=%Z^z``s{L&k# zGcG73zco)9|4maKk9Q}$25}2M`6DwklU&8xqqB`HrRdbGN+2ah)!wyM*VakceeKI> zgLPnA&Rc&6&b7hp%z@afXNOx+>3Lf0eH#J!t{&G@EzTKCO?G7A6k*GV`T|`aPyjQL;^YxnW?W9A| zt0^!QtyyWW%WTdB`<+8z4;yIQH1;1D#BQ4WjME^ih+bH)Q^Tx}dy84{*f8->R=q*C z7Zg>E4e$2Yye*Zmk9EHA@$Ii1uZlRh&KwPI1%L^)o!n3Qf5NZ&ygQ+MuU8Z(!!MeAuvKGHmv4~Ngy!1$5?o^$APniG(MwPc}Dk6?ck!T`E zhxLl#fG3=i0wB{(QP!gEb1l@WfpZgg88p6J1!)D5Y*2{3T{q9LpSBSo-?A{3c7)lJ z7hqei>ur<&IJTPrapE(L@*>H$nR!zU658um{Mcea@k?PP;S6K1bP#ovol`oKja4sU zwAcjAt00M@((Z_+uPV11QfoZ4tCn-O4Z6pq(Hg{eWII}`t?oHUek|%5q4*AsfJW@? zYc?O794kUsi?cHxKpGr!kM*%K!Sy0hM69w7wcy*Q^5?dUlMFgC?i$^M0 zYHj})=(UIt@9DPv z>DT#ox;Q{^so+iN(Po&+3 z#EML1Ezuwyr?bS$Lli`K%ijDoqOwecX1$EDG#sR>roV(QZXc-N9O{Xgo9D z_#6d97beugm}%c~T)Az01LgigZI#s<$S$jV{1i|z65TcS#oLoryJn0rU#}U9d`A;~ zV+k_H!5ZxX+dbYoPEwe=E0nVmVd=%)Qji%=PlLm2Gm#?^N&I|Fv})2hac^^47ZmBK z69k>|Xp@~WtHWe!f2i2?K9ne;hnhJANEto`s>+dtNGc@rGKFW##FpkwmYGI4rQD|9 zUsVPuVNjw`m5v1)*DThjF#o^qmzKV;E7wybyDU^h?W>oebI2vKg9e!Ey}Ak=CeGHo9^Pwnw5@9@oa{q3z}p{lr=?H6 z-38?z=Hhv(;QV*FpSx~yZ0pPs5IH^;!@A<9@2+$iGZRG-mOnp>vU0zF`0Hs}uM>&Y$KPgN^XY#$wSsiHD<%v^s+AdWt9U%U(bSxE-%G}My z%Mx^-@!e~v=K;@X)y0QXevg#f)Ep|j)}wh{!^_)@YD!5#DrTl-!YiSO4&pis)iwCT zQj2r$bplu6A{8D?o_b8g8)KJ^;{!_T-y5l3Ck5wA`*b4APBRq^FQbL$qNbVo3{MJ< z!|wgDJSyuvEEz-X?;hKqn)ICxt_DCURzF#vu@4Kt*<53*Yi8-7lZQmR!&;_J^-+GT z23WcT;8^8;XY_dsB(mtr& zGMfDO4)1%qxnXs3nWj67YN1y3DD|>z9JBe+`p36S>@Vq$!fXf~h=ELI%3~JuwJ-5%lKG({}m|mPhvcmV92v zj_SpF;*Z<-nf2#tNBxiP-0zUP;(&w8K4-NFPa)quS?EhkG2*W+N^q%@zw?%}oKNk9 zkVX*B+)C(XTJ8xwr_O!Xd{5%HNKuyWNnJX9S31!|dhOIvEujo;sKe$G%-4UejW0lR zmTB)Ky9UvPvaM(G+CWSmHzVx6bD>uV3x4CqX>7vuKCF#Yj7Rk{zD_opSId0sCiQvG zQBC^x#?Vw2Zy-AB&sSwzccP-xU{=ZsyT_#R^9~I@k%U9>&7*^9Zxpc0MxaRH zu=PhA6D)ZoP!k4VER9Jvu&CMeCH-6t$T~oqd6h84z`56`SP*_ATDlk@6D67kn4kAr z#OgXo=7cCr$--^M${D_&oc z)qw2rjq8XTKs@diZeLtWY1Sj*)j8!y*19GhPIY^ICZlYfW1DRUOC^Ro(^9xyF+>5m zDamdo*QcG>Pq<8e7%dO%5`yfzs+4{FyA!@T!ag*H`HfcQbcIL6={b@Fb>@6K*{Don&)?vICXL=nVZR<@e&_eA+?_|tJf7#5{ zWTNV_2e93W*?qj^X)5FM2j0~*-sk*D#$hgTf2dO%3ccH5rDs#a$`QCbbdUxeSL!(t z=;>QsDhO%=Prpz9kK|Asyl{?<4kpW1@!fwu;zYhDd*Q%{nvx zROfB})+zOM+K=ng2!!Kuzhrv^giRNAlsWiV&F&0fNQ2qn%N;=N_Z5he3j*ule(kq# z)`Xnbia(}RY-!dyn#+Re{^)+kbBUtK^av=U{8#S2si5!&D4>rK{)~+)>dO9;|CW(~ z_z>#~holrNN^$5gx%)tK1-0TVsd@1gLkTYwzoy65`)jkqR0$DJS!h$#zt?y|I$GIc z8@xWr5lywcZUFZ>A$k^CR?Mz>yhg(L=X*+jp0Sd$Lf=FGOyk{lPOk;6*lCLo>#b9S zF(<1K*!JtA(oF23)t<$J@xS;K&Su<&jY&7}#Tx%CLe2C+2|I%4eCFslPRNZW7Cc)t zOhSxi_`I^F%bD{(9>z-IC?xUI0m4Mot-DWyCLOYE2ysGyu_ne7z`xJPx3fCIySn8nBj^TibogtGDBPA(1yZ(-Md= zmq3F33^k6{&>BAKj$l0R|Ght~?R4YLY7wIAX9AaTdl>mph2MzVpC+H3nLtPv*k6`Q zEm%Qb-l?4G0M)1EA++duv?I_(h%_YgG}Izxvw=2|Dv-;`Ue)zICWc@U;+GO{XHd-2 z@Yj7|OgPQ6uVgFdN*G%lOc|@lll48WF#g%9NT40#;!$KX-L*2oDw@C zFOu}MIo~t1viG#}bS>~+aG$-WS%(B13fa;JuLPl!rs|~Iczkop+z1l6Yeg@-0S09Z z>SQY2Al8fp>4pq&Etfm*8j!tTk+|1kK@vrcieWG`o~U;#bE4_&OcC*bTU9&T%w*gr zU+6qq1Uvm5?)Hir1D=V@GwU1e+pRsOt3w5E292tQ@V~p1)_?((*L5I;no&FOKk6kqC(VP@v+&R(Iqq1y;7{SHC*VWbdH63v~sIXkC zKYNk7zhp9#u|O2DlgGA4Yj||-3M?Mqc)HS!kb~j)lCxT^?o`+!<_XcxpHut7?5Le4 z>7B2NczkV@j9+zcJ-#+G({M0l8EgpNEz={Z@R$-qq|E<|{Su1nU?n<_sor3!AN$JS z7hHT!o;zMMU@M6*XbXuVji%GBuo$E=K-$l>8%y6U`T)G4x}+3SX*s?TDxS?YHZhFe z+}ylBO%k6R>RC-vxXSw+2UMk|EsC7Vb!|OF3vlRCn*QRz`DOPYzW5$>E|Yd`c`T2{ zc9k-*qVxxxD}D@~H<^l)8c^?6WIE%!<|- z!l+qk6R&JJglc{fm|+nc@;3iiK&6WC%tI~3_1sBT*qCkeXm~1$0dl*n|HtQ5rWaE@ zr?8S(1yQ%3<5)B6L+e858rA8~d@MLvpd#_1EF4i<(CV8{@X>fo)8d z(_UWRq*=etqx?9Oggv=LmtZGZSiXr`FY zX@9BtqnfntOcey5&9Npa3r~SpLa9zZKFu5o638_P+08jS=bqXocjMpXN)i4U)v;~Z z^;>}E2RYGl%4(TTksi591QT4%-D^M8s=`=3dt@4sx6Pb_qZdU|WFJ^J8^Sc-Ck6Sm za({i>YIRwS7ry(0lW77(CmBYapYJ#g*ys|+`2~Q(=d~`I ztii+yag54c7O%=5%GNav*-ZYskq2*UoE`CY2g5FAEQ@HS(Dg7% zAzM+eKJWLwapfboG1Cep(zI)MVBY5(8-2KaS0x{akTS&c+A^zF*8QXl7xA3WnK)~j zbC_*?rPzp4Er{**wk_*YuQu{uJ2x$waoHDDOc8!t7{*ZkOuN*t9@C{%YBj}I>e{2a zGwoq}-`ZoHvZirB!4g{4}JA&JdBvYyDMO z8>pr}3$HMHywJ*OQ?46oXIZ65TA`^!P(@X=cS%J7oI8y-mz($*B2VKE3W6S_&UYuO z_CQaplo^@VSk+4(r%{Ac2|U#GKC6hWl1tzma&zYQ;Za{FWz&Hx7Nl!$odEKo`pis< zTq<<3>+SdFH&%r|-{Cm=X3j z??j*#KfCgk8(F3f(oiCbvb$qU*6TVH-!Gy>Jr2|j-b}`)2W-s-rY^{&ql%)B0`9Bu zmr)U&w>$mX$m9#~&`AYMUfC8@VKiG~0_(H!^&PD?E zvwrnL?rCssM4!yXBvD!Bt2#=f<{y~>cJtMbM1(IB`DWXQ&nm+cR%%^ms=*H3+h{q9 z?b7ymQ5uX%nBpC^Mt|R|AtoC8>qq1qVf2vjhW#m=}A0>-=O>b8#lg6C~t2 zfQ*vIeCb&MgDEgt1T{d)toHhnOgR|--2X3QGey8If)~5(E_CjoQ7qm$^imNtv3==M znw^P!wl>L9?)@c(QcO(D%B#2xaIuuDR_3qWGP>o%%@WehD#e$%*1zGszaCxZE@~1S zxjLNt#FXOUha+$17~n?KXPS@Sizn~m44KYUZcZ2nDaGIT>2lg?zby3Ui2%gSOFX)yX7QG2> zsfEyS3o5OoXe#YL_!xoUwTgQYz>ht%ajw;eX6?00w%POR94y=vwfb7sp@(uHy+O7 z8?!jicSMEnPXp7-Y20>}!r4DEr6lZQjlGq{;zKaL2k9uE&$3fih-|tYV)Cz#8 zWqixCS7@{Twmhp&ef5OXu=dVI-DVy?Ua+qFa^~&jk2mC!1(o+k3N)(_ImaM--_;@AYVNj9_|bs zMt1tn^@6{a`R_=7Xl?a_ud3dH6;^q%1D0pcWoldRK2t4BQeFl|5J#o!g*`DdbbrL~ z`{RoKOLEeX0M7gDL|^GQb%3Y0G!Pk1Y;D13(256^m2NrT(j8I(dWEECmr&QTo^ko* z4(PiQcP~NQVLAo>91?3#-PD$7E7V2kfQl&1lW@uFAWMssPvjNo`lvhyhGXC_kIVLn zvh8ngpAlkB0bp;61P01_YOEj?d0pDhL(rN=+z_w=QVYW;1v(A2PBx;;{h6WnSTx?< zX#TndkewHmBgcRs(+RSTf>{tWXHGfj-H>p_n%M*Rxh)zt<4*?s_LDf#n7ct~xI{Em zq(!g0j47^IFemBg#Cdy0x+#ZpS%#vVj|ab*2sd`S?wVSw zK0cB*mdifMMXP5vC2&!vXnes&{Ytsnb6xZ3{;sT{K zc&RZ;LlOqc8ACPDW~Qk(q7w0=eabnnn=N?ZO|{gmseoz!m07d$C-oB$bzU+cbGEz* zEO&{7w>~ueW#(Qh(93DWj-}^+kei+I8C0_;LpDasvhQ&-ZzE9vtx^O?n6>#>d9Lye z=IJRwQQz4?u>~^6_*~DBV?fe$mZT z5+lWV$Dj_X*12XN&&1wLUtE8i2?1EXnIwF;b?s(=L^CiC67#nOtyHyuW-X$5+n&3% zeQZWhycM?ei;g;GCJ12(J^X|1LrXeGxKWB?EgSN?P5uxMB>w(Q4_T;&9%w~x&mnQC z$ECrxyBcnQ9Fzf;0;hTZVQTn8KinjKcrpiPB5$V!~#DAi&(Ma#3*^K zo)uGQlo&`Vllu7r`szF5F_!HgwW~bCT63(t3$XI-OM+w7l)LOLYNs2~^opdOmqAbs zAa}&lQjp5;&UdCud<7*JrQri4#JilicBMX+NmXU;`^!%hf*tk}iY?kg!%;yaZfQ;V6H*sv9 zg@OM5c>tqX^n9Wb8Kc8#Pr7~~Mwq7gb6DK>X71xlUM^@oy3Ax_(YkvO6>W}Q_5k3` z{}eB|130b&@WLMC90vVRdiyrUm14-yv?nRI>j9@x5XrfLm1@36iN`5)`5pFCQHFf?rb3vh2unOY-P=Tq^2{n zx+E#k?E_xrUC#-^hYcW_squ}T@;<{1GnJ&17KDRp&z60i*u$aIqg~Xa2;qmHDEZ<{ zQ@vDzh4i%tK^_Be{9>)pJ>tHnUCldon^O&$AW-DA8ex}x5O%E3;4<49OviJ>@b-`_ z-I_!~GZjv8amZh&T4JS^?i7*nH&v>zuuU)(v_kGN%-&DlV%NF=1oSR2g0Wx743vYU zDzNV!B>9Tn8+y0;J2ySrjfU=J8^52LN7IMvU1O|;f$?o79@lg3Vy%NZ`na#5vre_0 z{-6|`g;=%4pR+QG&=8cIXx`Sl+Pf}aF~bFy8Hj--S4H!OueOjAPIN^*h+z#@-G{anRiHk|)n)s$QBf_aB23UQAJg#MfQQJhRX9`-nM&Fm z(#r`KfO;9I@n|@?2N|5r?Zw1S-5WUmyb~#gbuj6Y`a54$QT;|6)7s3$Ly>w$>RDyA zbw6Sv!Xm?AQblF4r@F*PvCrN-2M#Qn?ulQDtE4bIqJ5xE_Sr3_Y+xnFEQ@Y2BWkJP zv(T+3>;w%CYtRYwJ5N~_bc@kmHaC$Z)uKK^hE$>|-!JxH*;}jdtDSqIV^uF<;jVrL zc;ydHb9P(~6Oilt=KnbOPK}swP+Y(28YHGw^)-n%Xd#2r60cEK3J;hd`ifsXs z`w9}w)4cN!q~iBQ*`PC+2=s|-4a@xJB9c@)Px(6_qRo{m;p zCzh_=TFt(JPx|usvzx%1r?%K%xy_g zv^2{PK-1S7NICg)MZ9QxKPSDP18UX48h7olj~jy}YT>y7Vu3+ljzs0O8R=tx z=n^c6-~PECOBE=tawOjU^U*%zh)T%$=WLAf>ce&}__#sR9}WEpJx@I=(`-w!PK*i7 zm4hD(EQUeW>WOz74>Ty09MKna5KiWSo#auu`N*bxoFQi7YpMGX)$c)pcgk>QAsPu6nBw+I50yOqF|hasJ6)3P1VomSgaDr zBQQ>lYQ=l=>gOYgvMzET;=bS+U4&yH`NBz-*pQF!m2dYS8bnZt7^8%U9lr(2Z!9A6 z_O{H3VTP(ygsY|-v8Zte#JJu9zRom+9!G^rov1f@*GJi|E#e}{knuVQ0mQ>Ex(REx z#Z;7GMIn4$?2F$UU}{-B2kPE1<$H*$o1uTMoRy%JA4kgiWD4(kr!&@NN(FiT`I&A` zHwY=($yF=M0Jlf#H&GI-Di7#7wdbw}5op7tk@k4Qi6#41*G12Mt-UDE4rJrhiv9Np zD#-V6B4Ygdiz9xDTS=>xM_pZ)M_$P^O4HwH}*x3#?{G|G#g~)Vl`*++%(!-}*Q*4AX84#z@WJH7d z0L@Sl6934uvkng&~T$NA6Cf;1AA}?`R)9ylrQc_qiiX)-^c95z6qnM>PvUQT4~lQU34K+5^lc%O3MTHx>sB! zG=t@d5Lb^G|FH!IaXWiTA~r@i~ZQ^d%vCrO~Fs0-omq! zX9uC{Bua>eM%TRvbYdE3w6Eg3xTbB%^Z5v#fH|T$+Q1&s>68ba7rUVz94h^Tuv|BC zx@XvPcqiF{V+X1tjqmH}9>w zmU*4qmUV8p&#EFuA#t|hlzcAh^pKrqxxTq(uld72htdn%KHCNBhTc{zJ?D}~_nCaDPD*s$r@+9&mFg+`nUja*t@AAGc`$&_< zZOPrCJe6V2h{?&y>5MsR`j|3lyWsnbwQ*bFnpw7s5SBl(&Wl;JaX8hplWdi6vFe}} zd2}b@NIyhV9=~LSDETDa{0{F8qJ*5Y-mR0?;^lzpi6zdW?{slwlpZm0b z6dCZjdsys5LNq{))B(b>(icZauv_{vN0B-IYcvl`x#A3E7QbAYB{J6kjlsRk9co2{ z#9qY4vlEdHzyQuj#Kg&WwCYKkz+8W1Ef$)~aX<&FnEzWtmieb(Soi_q&N# z#tQz)a%hKeZsV6~+_t15u!rmZ_RW)vA`dSf!7GUvaL}1Ov$@uVRalhV`KuAW0Azvr zdD^<>#c395o3@)U9JOa%jgS>5$xs7%4o->UEMvoqMx(gPR0KQ<&#Kp3N2mKE0?75MrBgfaMP&k_sK~&sHCP>zbn(Gl@4t_O&na; zKT{W?=}0{-d1@A#L`6hJ!~r2HJbS$vy^=#i!%-#oe%kNZn8mF)rwVYDyGHfh}BmoidzS-tcyfPCeL0Dpj5^~j+*sja*Wz9aob#XW9d{pP@3RG>|2*g+vVH}MeU>7nU3~ikN{wE>N8sgn zLu1){El-GhDQe!=qF5D4(0i+`=l{-~iaCQ-@rh6ZYDe6b^`KNuEmE0uE9MLG-U%&~ z`XTL;#+~e8gYOb;=`?|56{6&0@q?af2=Dr@aS~^+@CbM+f-3cVyJLIVgTJNf!YKYI zIGN-m9cpn0J_^&V9*h5ZzI^sOgs)1mqBqarzw%#XSY03C#sWjdp7DherIF`{I=BU= zSvmN#yj)W;y$}8A5|tU82w9H%&()B13}*P%wT-UBy*tUnLPNvxo}I&5sz2`s&7lNn z_(hY1XL+E^sN$59)G2Gb-=xW((t914_n+Oj2{s}?z?LM`!~G$k-T%Lchv=`jXu%n# zd>*Oe+#dv*&6D5rFbT z(jxIL+{wEe&018-Jiun#O_2OVNL~TrWcc zF}YhA&3~m-8paa>*))a?aTZV$S(z~n?DvkD6A%W z6T3(h={*FOO7a#kJWpuwL#wU@W(gUu#XEE%bhA!|=qhMNTZ;)1UGRsWevkE+6p7LN z<3z81Vjy$5c-z9?u78;wxgDo3FB_0`NZ%H@XNDgb`B(7g!!NV-t%s8hihN_K9mn#) zF|U}Jj(d;0?E~(}o(HFTQ-MRkvSIKf8CuJ7LUDfkq5AZTCo;H}8wDe#@}Xtzw|D$o z(wP67;XK8AhF>aEf{iMHHUlA;9$Rv@;%Tcd=DwuMcjsLGuu~+1C=*iXI9mwfOg<## zqGsBDeAwzI27JDj5>59*uTNZUEkS&cGSkLEg&rs{F4*<-m$b3VH*oh=B^ z?WAeS@K0=T^%L4Z#k8T<1|DXNlcW$1OSO-)m>$h0}G^^!M?hfNYMIW>ws((kbrwzmLSPUGlXw z_I&YJ&YPoPJAYi++rB3eX%SV^IEaJ|yXWv~!v355!|y}yNB98e<9S7A+2FlsT%_-` z!_!3&I9(pjdhe-PZJ@12s-|>Tf6M<|8FKmE+qFwdFjQpZ*$9gl4_c)N65%Ei?Gm-SUxHhMR@9mPLHU&I>4}z0Fuiiq(*S8La?VfK9d3wq$MvdP3;aQoo*e>JG&7ic z1|t|`|BZ*E($uY`s}WhK%DIQJI~k1mrBQKho>!kV|G9G1_wOZky!F2?vBCR1HIcyj z107ai)E?keL-lm*yuuv4-bDxLl3vF%xH#q09(wR&$gH(Q#i#w2Unx@0gd9ts7p3MjWw{+?!}LpM(OTY(kjoEZ@#8J%P`204b+!I%+=hS?{L8tpw=~T?U5E z&4!?~@d@sLVkcXmLf2IELJMAr&7CfPX;RFue`~*zQgA#;jpR{*#5~5uo~C|HbV=Lu zE!#7xL^iSsmuvs>a7Tn0dA&|#LByEx+#%JW3(u5}!w&yFLN!tw)~=(2UQ%h2I^M<&1n@ll?_!yRMt%3)z|6}5&q2D_1UU}{7dA& zdv0l3O=4*-7U!v!u&M+5PnGUXG5yXWktM+q1Bw=X)TFbjmX4j?sz#1 zOF8xz9$deG!|@kSACL3eL~am?n)u%k5^n&rT{g2mxA`;2zkL1Dw3K%`oKzAR6-V22 zHE`l$k)c3t$x^5?uD!kFjc;vxc8Xx_*`i7jqc^Mi262(Gab5JMN8@v3JPul4W?wqc z;uhj}*0E}N8#BFRm)t3!E&Qk+)Er1ze)EachB2{6iA<(cV|mI(n;fHYiJ=| z+DER4;N2HgLJP^N@S7&imjwQ0m|`lkrES_#F*FR-`blc%sckr458r$0pbOZSQJ9M$ z(iTcu!_P|`?|ZU;BV^~cs6My;Cw<9Elg2}hsJ00A_3^5BfbMESPu944D{=5WK||;~ zkm87=PxX9zsT{^^UK!@wG>>9Kyu*qH!elQe0xtz{NI@Sq%82>3cc8{~3O zHu9Ao5cI-|S_2G#M^9v8>|UmrG%_e<<UDT_cb>d8tulL+wmH%JKrfFico|DUWwlQ`{t(kFB$eM240 zh`$24nM<~dA5eyK4bUr|u;{3_Mqp0bnU3FZA& zKDtu3Q3d1ShU?)IP9F0mw-f3_cU%LCe`5V2ET>N)jC=Mz&ja-I#}xBTodph31R2ig zNjih}rR_q_f&NsEBQr?*NG*PiILC0d5;>$cYflVdKRw>tJ&!V z3Yfv>f-W1(V9dO59w+?$Fb+?ztGybs0X&am?r|Dh#F;aOU8QpU8YQdivzJ16qf4J7 zu3hMK)>?i%nE(t(ovmwHDz&cNN@|&s7hnVOuUi}TTJ%%`OppJk@(14E&X+DqejDLT zam1z8Blp_#fwjwH`M7=Da_%p*Fu3RkwBe4bfpj<#C<|##3!Hz95JhIi`3fgSNEJyJ z4DXSU@6QPz*_^5gRNEGDH_S4c_s?_%J=+j*laa~%I?R}c^@V}$C;Z`S zso_FxT4;a z1}f$2J0Dl8m;*j$se~ekgXlrdbhY$GPh`!j6&2lYodHgVtZW?>HKN zjoGqLt>k%EJR93(hgT!Dz$eWfglg%=tj$QV_#~y}3p(||&#v7Afcl$zt}mikK3A>4 zZ9nus!VJWO039RtGhpW&WL;Z+~&b$&eTI*a*(kF$Q-4Ix0j?d+^ZLhe{0_~P;h!8QqaF%g_a!qWemK5`(epOI=)mTe zqcxI->=TRYYamOc_IAuuez39Gd+Ka{1Z0o-TKS9T{8qzCOkSJ3=8pyYj{-Hc;Ut@Y zrC0g@a14f|pVR%{UAobIwJOJ@p|*wf#vnXfiN*J>tQZ`7r~Rx#0V&rfFEsU2%{*$9 zYM0+@q81s(v;|7F|Lgo!+5(4|{=I9YD^r50DTCo@H{Xw&pp%YDw>y8z8FlG@d_B5< zd0kW8#id`=RnSAX&|Y_tm!gZ#BUJP-?~03~N%vNo@mzZRetPiIL2JyE=~XQCQ{m?F z^t~B9u$sd=h(8EAXtti6JBMtYe-kWWICg1y!W60cR0QA5G;91-wjHa2E-8cX$Gck{ z1Rr1<{iyx5POIIyMnbFtwnYZ4ziN6v-~5Qf)h4u-&1mJntr`)Ydgihl6tz7jZM{BM6j^7$x4;{xxrp*s#C*x=ns2ScjlCua#W8ePk4KmZk zlbzaE$v49rx?jOmWA}&U_7rH>xW_U~)oT$_v$ME-)n^%-cB;S2rY_8`VyP9Ymkklm z3rrlBnFCw>*v@zkv8L5Y5U}`Ts{^Vsd%%{!^5t^+vJX=SxB&9t&BrNd>i5V|m;`c*kGFJ@z}4?V~>a9I|-m;zcPkyTEJk*SCI2 zecwfg;$h6HM{X-em=B{kU6S;1M*c)+lZcf0w~*rW`fI(=D`6fvJrx2aRn;#*W!QCo zv|$e9WN$L%32t9$>V-NQgm>9KJ`M$RwvP3Yd~={CacrY|*Kw;s*-v{9KaXi+l=K!} z*eu@X^SkzLM$u}Yq~}Y+$HycJ^V{q8Gk&3%Ozk~mbz?c{z(<9PzNHhJxnO30=>*=i$ zQ$OaQS4=ffKgJRcmGadCm=K|HV8!w`2CzqsR3j#$u#H=*{|I=|jS{t-<647O)xtC~9+XY-Bnd{p?x5fsphm&UbKW$KDD0_AISznth{T0P11ucEoNF3i8)YWJl2kjL^GU7 zHs0E9h9^RJgRJM5ipTspqAUHH(07;Zz6ns7LKg-@N$5o*ni(!Y;WT{jC+dD%)r>W- zee<-ngJ0NL=mpK@Wa7?Tq~Nm+#E1JXp538N^%f`&a_ek#om%hx_ix3EJc@staJ4i` z!fTGMm?zMnxLQ)IoNlf5i7ohfd|cVL=peOKgzfe4xDP0c&8x?ZW2Vqv6-Hd7hYjS* zlA~il%KXzh0F8grTW&o@sw27l@>{(YMY-$5xV)n(dDn&LH1*W1v0r<2grG6;Vo*K3 z$@~+GAQ7J)2cFO4vweW>oMTjH?2Y5JiU*J9(jBc<$Sm(bFLy-aj!8#weZsyR&D+l z5&N6`XBzKEGQ(4}pEzaUu?Ih)NjLN}Gz&K?Pvm$6{c7l)QM=c)_@>zZ09tcTsNj*C zYrPC`VX$1Kc_`GK`D(tb(qPklwx1rWs#$o=VOfP6$+_{oM!TPNlF(O zX&fW*U{c7g7}=1ynJMxs%Wh~{6JGhqOVv!3sPt531IW!aS!CVP_nI|t%L9ONO_Lgy z#kfVD0X!LWUL?V#QwG5& zk|Wny6Bk}koC3g6=``>C=Z)4|VPw#v^^%-{m0L03EzUd5R`K2?+coehl-$?K~N4)Q=P15|N=1r_Qnv`#h=rwu}`=e1RCFdf5AY~m8-fZ9L? z-d2lMfTN8Sp=;=Kq`}I61`zadyPW;i*sq%azv4b{`X1QW^P93vfH0~KDq**6y<1*t zd~q|?j}~(5JH%>D3~qY4*K%Q`f94v4mH_5zzuOUfV#=V1!!F|Oz)@~a{0yAlfML-y;GO#e>an|g_-{8!$L?k73J(ie_QSwuYQOos;DB4d zI#=RZP6bQUXQi=g%VSNiE8(zJTFun?{xIo{^b~gLT+_XLZ&0yW-*6E)Mr>6rCFtJToy*&@NZWmgTV`$% zjf(~ZnU;D7;OTY1Yl>#XAkrh|Y6IwRhet%CK`Z67`MolxF{Pth#y_N-PSzrdsuDoh z;o&1&9+MUJJY#xJA0(7g6`ks{i6T#ue{K-0(7yj_;?cur%~M1v@D%ux@Ri*sj~T92oFmg5xJsf;V^&8CzaDOm^BK9g|HU$IFy@xMyw~9a z+RQxrQ?GUKj@0@S*z@)Q{)z$3#Rc$PXxzXs!kV$2&KrrTjJ&T_q;AN?6D{46rfI%| z9Bw!LJDSH&H&+_l$|V^4{<~5JHgG!$1N5?%kIb?UaNaR}KXI!rEga7CRZ+V7dO6~@ zfBDTVj%~CXgUHFk3zn#GF=szg8ZJJ%BKi33x(%Q9M|=2B^k&{R?}lo@*@NoZgje)k z$gy-H*_XsbYG=flTNrdMGwq$C92AOTO!tQKxqt;(^C)eyGBt(&8k4`@{ld9h_f3_F zNYYi;j-w(xLJ0>vy#)AjGQ ziRsQN%U;#}H8Fdg>lDvG=-*q9%h4id3*>YULfvZAh^sjP!w&&_M*uS$4y5tr9A2PD z+Hj)}-Z(ZCG0p%Lt7DhHSIh@W@LE$>hF=>F79}mpk?D--P&Uw6-$Qu~qLrWt&d2lwQ zXg+KN3}`sW?*{Wh@asVZvwu8k-&O6h5!c_Zk0&ousfjqnq`C?dP=sTj1H;@%c`$@# zt4!DRL!7{RlCVSOEjpt!;(l;VabU1@=mr`246uq6`XX9m=H^A=71+vUG-J>vG;p39 zYCjBY?F61Vj##YVAs`O^W28;lq=Vf2NF&t`w6c01n4>%{{jUJY^l?ceXlUZh2h}FN z#1|}x%=Wv%eFB?fW@B|mHE`X%jW-uO8>c;1QmwYt^VFXc7%;Oifb*QJoA~|owdBVi zX5F~(sivbAPYiOg(H~%p@YuQwQq-XHB-j!#BFyjPmkmUP!;c!VW2l0Up2wU3R~o#B zquV%28~!2q6l+7E#oyhMSud=dw#fv3UVXX{`QvSlid9dj8eRf>iNSZ0#AX8%!Qn6g zH7Re5*L=$lidZL*`^@)bg^w}2C3x_ZJ=}M(0!5LWH#;}is@f-`)_6EHa3VQ};_I_1 zr@qGl%*Rh`_aIF#xm-iy<;83L_pq7gK*OIqLA)^qS1sv#mH0#^{JfakNWY>+Y4krg z;Pg2|LeO3V=BPS;5thDR!E2q%C;_15x;k`(WHw}QUP^4b(mK&nCiMs)OKOW;%D_lM zjdU3*e+k(!?QIU^IMyBh(C2q^VaOWg80qFrwX z@{xCN7MEF+hxYP^)+?Rbv2Hcm%AuCbR|5u4ZeOQ-3p|=bN#16Pm(h4x3Uf~!E0ku3 z4%J!i zb);&=33D@d$Tp2hf_CqoP#cAM=}yteVnozavADpyj%Ksi76IweQM@061DNRciXSZB zy(Vpy`w+mn-j^)UWktwzm+)BVF;lmH4TxPS5N}jzLXU;?(=516@vU9pB2A|^Ds`Vk zqD_H=Fz<0Cw4FAz+&M0!9vhejQEkF44V7*`{`>wWVDn{zz0Bxon9SvORcWG#*DW-H z*AD0#>?GZoE3Zk?D!?c!H5sXn+S<*%xq$j5yqD^YZ6}G{?9mU@Rbtnz&N^Hl&<~BG z{VuOXcfR&ovIVYLJ;Wx7+G}RuY`4POs6`PoKIXHyGP#t~NiOZ3TpZfKvLJ854_Gwtv6L_S z!=RS=TBz++Uf<2Z1^A_~g&*!y-<05Q)F_+KC)CuRV8`8?RK3T9W&SuQ>`*l#)b%LJ zuOi1O{X4jp1gA&;!EyuK38}~XE#SXNj>@}Nd3^iBesCdoH%Bjan+0$l-4fT&9fqf~ z)vh4*jWT5zR&`gu~46OvYpcb>NTV1 znl(z=%{upmPgV!yw6BMk=JCmSi-Zyz2B}*{A$P+TVNZhK5L1ZhtNLpib7>pw{C0?6 zhBtmzL(8^-*OtIi2rj=E2Y&tlH?jwzFUN?@#+eUq^{UITpE%F<*@TJfghAJtiJQr` ziaD(eIY1j$!CW*pD$g7|WF4tB4Uv@ohdk852zM^-z4Mwzehva61iwxaI%k=(jQZ@Z z(*!fp?j$xt_9hM6qwD6e=NSt&1MhRn)U*;BEKM}SQi5|K){mFtr{^`cDvxOw;fqFl z16+4;wUDMIZO!}Nd{Sk-n3V!FUKLzG&^V5eGFgU55u}I>3U7l7D9DrfUuTX=o3A2@ z18J!@YumV){9E8MUYnz1&b|f8bKysf7g(JEm9J|+Ri$*IsgD{X_j-y`T1-r%1giny zs;+y?$F6#OQS>}vj&o0LY8eWs!k&)7W}N%VEvqIcv3UhXZJ&e~>4|j{Y<~Frr35t} zKv>bLoGLh@h@S$BZv7jQ``1nzlF951(>(Aje)Q}2yy!gTngP*XK6U%Tb<>RC6upr| zLrTlJzo?P1lsXuNrVH|8wap*!n#~J|QDG!O$s15`3_RCZ!xCw2fYB{?rau6$3=7>VUD3LMMAJZp#g!s9 z!s@@*GCgdr3wD);Mc_3|`AKc;Gk+T)wa&S+M=(a;KPC|$4)&tjbjheh?6^4WWZksg zk-`t>y%QwC7J!$8==^Q*gX z%}Ur293B=TW>wp{Kgdz@C+m-4SG0c3(oUh6S$FW`!2*365A%+irk~v11yrYUW39W25t`dDd>QVch`ZT@|6c~c# zAQU0%yK;{hBPrKL4Z`+6DV%#vw>A~QM& z*UUC`kUM&0Pq>NVF6R=zB$z>=|o;l0MiIe-k9zWm!-axAVxY(sV+ z+71s;n3mpP;zSu=h2pE%C;!zaJr;s9KKt6QSmXb2uv}^oJu)p=1HGVOXi22SHXv;h z5Vj2%lOS_uf?vrqEbGC@UuHRxxX5?uS5PWW1xc6L(zH)38k5sr`Quu39~2-!WQoSe z9j|zP&JB-3-HbA!r0Letx|WZr4QuCovVv!QLaqQG19gerTmG@B{AoyG zbEy;)yfGyZE}HB$sx(Qnmb^ZaV`MxqrHaQPMD0*qOBjYngr$!yE*&UA(4-nwsH9gr z)@!-**f~9O+!`#~^5xsuh)zN)RrekLN+D1m@x#Jo=drG~uw#XpavOrUZ70fN!SIiR zyg+NxnXdXJivPG+X~$*D+{`t){9j?k%$q+5D9x%b0~4+kaQWN`qX| z5L_kUE{d!kvLxfOJuvu-yV%*UCmbhg3J41OH&ds2Pb!$faX4oKrE$ejwHqipcpB*W z=9ec`K3bFsGu?Zyka;s@Q=^vZPOROHZ$S~0_#tZL z2r6=XpYCwea+GH{HoI;#=s=hr(_a1jJX%3`Dg>)Au zdv?3S|7`CP+TkZ-i{LvMZBdh=(m#x96zPe4E7ti^7^3C=!}EbkeW{3=0lYpah<0?l z3?F~-9#(sS>p<~~VecVRF?Ax1j3*&SFYvi|w~fg86Pr(m6T}|9O1}H#aRD11{mR6f zct85$PCd=3`;FfU8)63q(4I0H+b|1`9l*&@%3Bl=((!DXAbjre;?*^*YoQ zPP5yf01GS0KIuhln`6b(Jg;PWwCzFpTzgx5U=zv)U?LiM9nvh0^3)ufFQk?2d-adyVll|MB3!RAx(l#TDgU;_6h<&fhDXtJpM&Ggj=)du|lLtDvyvxkHVf=dQnWJZkj#7Dnkz*SPKU(NN6CkgBiV&-doa?Z{1HG$0`~ z9{xY1Kpg})mq0@7!OS2pOWNfby}P>z_1l%yuq#ISs@AiBghhSUlCjx5bIPQ>GvWWN zMufaSMloLJ)gBHvV@?8mS+P8Qx4xGG{ZDhGO^>Iu-<0B4^C7m29evf&gmfWQJEGSF z&HF4Vzfv>GQ3JRxOKXarT{)&RpG4k1>I{C3>hiCX_+c31GQ?OhmOr2c0?Q#6a`9kR&9i#g(A_T!5A@JE^~ zxee+%#ILK98Q<@OJDykZ?6pP#d|8tuTKR{+>X>*wx1+gKPcCBin(ck_#eeC&yRqMP zER6D6(MZ~B6&_LjS98<5{i%H}cXD1l?bFozsvoL-ljcnwV@o+GsW^Mdd#v`gyOnz5 z$4|c-_U;e7cJs|i-&0}wxAHHRuU+wWPcneF9ZUU+{*QSN&nHZ>qqtG7;%N7n7)`F^ zTz;j=!H%JwdWkGefrEC=N2)uQ*Bw@4fB6E7o55b8ACf2`2RLZiJ%Q7`@e?a&5uhOE6#-q;Xr@^0odWw>9#P*{{R zCYYz={L{2GRmHbyRgNoJ6Vg&lL~uXo_rJS50~9!>5XCCo(qd8~mDNWD^o>pGr8Uw8 z6auq{fB)7^Urw@9*E&x!H#zBM9J3qNHwoU0rCug4C~9OBckj=8ILI4|l(Ydm)AF~d zcFpe+Dh=dV9Y&h25~U#wS-68WZac331}?C1k^^w!qlq!aArnn9v=l@%o6IC|ks!5u zWKO{*blN!sW7uG(wKX>OGzBeim&r5w@^mqV?o;y{HqI`Sy2g2YDft<@99&Vz;InnC zo^m*Xtl|~Kt~ulvDoj_g_;4bS$v~AP<847f8D9Pn6OHAK^gZV3bAUWMPz+fbBi8X)`K{XKvH`ZDp%>!N`+V!gf+2^`)bnagt5G+*;$yM%007-KC%z6U2{{ z{xD8&Fe?_@DSYAGpEH-<_@Y$NPNy~(+MB&E>($g;dhlhRo09un;>DMiZeN@$UmN%o zrAxb8yJ>J}#c8E^v=E*7Y=32xN|rbpRHM83Lo@izz?SZ4IWoFBD_AN1#nKP`eC4c_)aifGGcldBx^BYj zkt^a+t(C?XSSYc7^s_!Kk@h;<{6Br8ACETI2LIT*_~3(WH_4Wc}^j-f$ zp2h<$9qy$gb}5dw8arJTQR=9{z)iQsc8dm$ia)G$O-%&;dw*G~qEI%=My+J1+O`eG z+u)O+{IxVbCQ%WM!N5TzFpL^e7_J{8X-KKCp;WOHK-6{G#7yi%R0>?ud3 zJi%hy7(yp1N&8%S&ojEFUH^e83%O5!Hy$ZNZi{lj`H$u!_b~TtHRhFBdeK)86!Gb& zyPZXf5kxfW<-=#2iuefwuJ{s0d!p2&2|U;$T*sliWC?D3PRaSxrN&v-eh<8?Ew<#u zM|p(tZD7|GPAR;mp%FvW(}))9VPl2kg~+R$-&g;TY#U*R z*M`s(7JuRl@Dp7CD8T7{BtANH8>a-A5D!7g7vuFAYYUot8c4*gmJq@`1-85S?{v!) zjBQH>`Ce1wtZ!J=`^oTqGVdw7|NQ?R-y&4q`3r3)gJPqAhP)-PzF36wIaj+gV3+d@ z3J5USMjiT!PW-lv9D{$wCJ=LoiK$SS3xFb-7MBhgBHJhEHq%(9u2)^FcV3sl`NmtW z0NqKGY_%JViuU|TnHC!8F^u*!cV^uam%wu1wLL}gjebsHXJ!FH@4-p+d>nM!$3fVf zkL$lHAs=vH%Hf$rNN<|J_ysku&q6VdWxvb~kecp)nSG2xOTwekH{5Smvxcl3HUqH3 zo@Ocf_ug#mME={c70Y`069n84D`pL>IRtk-zlOd8#1<9!d;=bez8*b!^z=0K#JrkW zvp1@pEIo!CsXPzshNE54n}4fx+3zJ7c75S0G%!AkGuC#U4t@31{#sVV`xI%Mu~kW^ zS{|M;IMg%Nm>;N?us56CqdSs6_`yPiQ+<5s+UvB~1&vrLlY8I0@xJX_%;#q$C7qMy zD^PyD2pT@ay+kQLNx9vNGC&p^=}b>ZR(@D_63QB_aiv!w1Do>~*3{LL9Y%7XXfFUe-77%%)1kL z*ReN(A#HQxmj=@aj7GoT6tsSJiYT_th zZU{uaBATc@fAjMVD`57h;+QOhtrSr(%V~qY&(X+#7(VeiW^Uoh_H(#2g~A$C3m1b@ znPFCEgeZeH@1~JKCTlEol;NvE)OU|J-`BowUiD)mEnv~NFAf7BrZFA34Gm zGa(E63$>;jmFMyf@rPj1m+2GPzzUk=9z%>JK-$eGv5GT6+D#I;n6Z!6jqSaHUc{nF ztHhM&FHs+`oxF__-v`S94$NV&F~do}Ct%elVIO53H@kCq9o~Ig78$Csm%b z%*y|I*Qe>HIESflG2veU1OVY-T%V>D!1_F2vhjs@if;qE=F&4=Qk*rA51l>Xw|5fi z>ZvjTod_^@-<;hJqpiES_KM&7q}=3%6#C?)KV7F5JwHPe_U7UL8qJhaB5QERy)Gml zqrIj$-Cv=F8y;M!(M1@`3b9?hkii1r$j5d~;M8 zL*UDYMbnzXrO~Ym#LD^h_4{!YrPm-Whwkv0O}qRYMV#U}ABvk_1m-AT)IDwTq-&qH)BMPr`@gku~8oCE|}gtxV0wQd!3Hv3mD5d zZ$9nYqIhnZV-{)oHlZv+p7n<%t4_z83CqtferDB|J(mBW^nyr1o$b?RjoIuc*3uo_ z8;@QuKPM1*GUHP<=_Hwc((BlpvLv>Wl5|qnC*JI89$|EJ>68S|8LznTF_AyF-LbYJ zbInnru0^+$_(-0=oY|7ETj9VF}mF%E}btdBlgbfbH50W`%FL@&St0q8`o(%jPX}d24x%tn)O0MmDwfE{yv& zyy1h~RNUjYQEJrNS+_t?pt1YPI{1KZb7sqHwQGwl1e(h{!3dJtxEMm7+*x=cOuz)b z&psfX(VmQ(jq=2L$UO)j!)z|3#WclG@i~=NLJFe6hDj!}rSd(1HG#!f8xnJGkEltf%mWsX>@$-9dY&0Zzgq0F_HZGWj-ua zwra+BOv1u|vc+Qi;^o?tJFvL7ig4t~+&zK;hPEM~-u^I|CFbPAhJEm|K;{5>bZQy% zwuHCWxOOZLzI<(oDvbS2rt%lkv7nbH?Fy)g7Bg-&c33QxqwaXK`UM!`o6=g{#F4jG>Fi)Lw8Qub+mOa9>i}OTN^b6-oh+b0Oqy6@CA20=STja3S-wIj=ikW; zUQpq|pyCv&ibD-nKU`Ov9d)|tLnk`ND3amM8~JAW?7f>IAH8jUSUT?l{M}^-)R!FJ zhCG5wLWMn!%e2s($=>!f#Hbcwk<$2ud)M0|hlq3M7wTEZRgAMBi&kM@%by|hjo(|Y zyaM?eB^PpAT|B=}Vwg^>+Z^il$#gSkVz^`qLf2{1-ksF1YdqCI%GSQ3Ux0IwS*H`z zJ@mozw#XqHy*Ao1KmXUO_3!JiQzl7gdCwy#n~&7Jz5H{;sX zobu9h`}`qgx8Zo58LU5S(8XF0D)BZF+U+P1)Enx+;`&(`(M zI0831zEG$9=>ohs6jW1G?bfTz$NnAIC{_(#&D@95xpy$=WP2AJp(PUEM?Z zwTt*3kH7oSL1FiWmgfJ7f8L-yT~xC~XLH4J-(@}#(~wTsbhQ#VjPE*McbbOwJx!>R z8nm{~I?8+fJ@k3RnVO*x$rm_I<)}!IowfL&oOejcEw57a^Ftd6x+zM{s=MaFdx3Z{ zi0Sj)X0i|YJS{4a4hsc;BN`_ThL8cg+j7UL9)p~E%GLo&xn*7ZE0a;jB5(O6S6>y5 zGEOR`05``*mdmaVFc4_oD%je@6V|hK;srU5Tc74U%u6#k84B+d)00Gmx0chMh$Zsz zrknaUG?U({)04!29JvHBZuZ_={Py5gM%NhGk0_~&fVYyYCqh2Ytsn_z?%=Ps$=25;`xC!2o&$OrcJ7bYv3Zcr4 zonEu`s49yu`UZiME8MeMDhsEq_iqBy$vzVm)xP$uJBckg5*E_vEqq|gm7^}4mU%g( zoMu%e{R4z{*^NJRqT%e^ZRBm^Shtzek^~G`JQyB>p@{MP@Y{4Y>h`OkUxs_B>mh+00 zN?0i+yWdkH%z*da3Yv|w4;^|C#9A!5bT>em=5!(K)s+Juoy}YeLAwx6jxcuMqe|iV z6qzV&Jh9pZu}5LPSLXyRbBJ0wsg@1P>1f-MGP0&(pdRT0?=~CKbTOfW8P0^uPd+cf ztIAhiD`yo%5WHY%xx=of7T_zac|I{pNW~tkoZNq^cKf30f11G4cPaU?|Bg=5JcD#W zn8$h~Pu-K~JVew7{@jc4TQu+*Gv*pBSXP>eeUn%zu7PoFZS7eia)0hw>MEpb3c5aV z@BP(ova|4l>@I!@2~%LB0Lbp;#z!Q}%?3s?;*?hU!X%=bn{mSvRnhAyHroc~ZNF4^ zB4KdlXARA-5PJ%=Qogm?+52S6j@?@b&Xy}o`A>)ssemnb{lyzlSO>o=k{wKwno=yd)Y4&|)Q*d^c&Wzb{$9hTbFX>fN_6hu$y0xN-B&0( z4%9by)Q|G=i=JNW>XXVqt$u3cCycAKq^q4&5Bx(pf$**T?;=s}|A$~ok+K8vvHXE| z!X#~rtR$X9`YPEzvzHk2UO++M($35AN@Jh3>n2Lqt2zAB_p@ow81mPqj>fL4o!c)u zUpZeeoN51~=;PTtgNh@R&V4SchHZys^G59+K#9-afZa{b->hO*N%s>!{g*en+UN-M zP4HsmpM^E4KcCi2y}Rh>l&xzfofx;AS2T+(N8{@mjWrpz9FBMnrQh{0Ze4$B97`ho zq;qrH%}}tpbsdEEyruye4Ud|n{v4ee-}fy&ne}x^$pg_T}tz-51Oq^g{vbTsd2dGaZBCW8RrDvW`bo2fs|kEuv5xzvj&3|2b51&{ZJhn zTe^xN zQ#0~`hfbDLAseM1()E4FN2!$*2mmROIgXzGbIOKt6QD=R;>Sb%QbcO~`xw_L^7Pe` zd-KL$jX2Cld_Et$UZ;M{zc|?uindI~j~>Pcvds7+31ieYX?3uZKwz(!4CTYeP5G)> znIt-Q3<9=NtSQI4feR~f6X+N@AEmjQ3~T4Z{0>(Kj4yEY_7Gcpgb-_%)s&_9XD15l z;stByg!6S1WZ-9Vlhljyn0C)Pz}hrT#^&wW9REeK1JsLNg5+c>bKao8Z5CGwkoT-z z!6f*bWV20>o0%FySis^SII2}TiKkeJH4ioT{Go(=tM;BTxy)xScyU9^JQJ(X6!aVK z&qO}7zpPDx6V23lDs%q&zXG{j7rn{bnDNgzMe_*uo@nM#5rK){IJf5{hVXlH)jN|E zybDQx4~*H2-MR0g`C%MFHLdNpN8>p6>*G55Frx6v9DJ=%J|=tr28q4`?O)wfF_L(( z>`WF8c*4#1NoRe2+l-q;ivZ3oHj}3Vl&0(V7}}2iY*o(2z4>LqSc_$+>Hp9|caY*d zWiaDw4U$xpm=!eh?zKgRrc4gB;|Y!@LHB2wTBzEPW;No>G#X;FuF)e?uA5Wlkx&7t z4@0cS?S?n*lj-P~S+p1GawpaI&B3~^*+_DEgi5be&Zl|ZqHell$pQwEeZ#+f`|;M@ zyq&W=*jj#$Y0&>1grm#z1c<6d_JQr$Z-Lb10CevqI$BXj!fyVPdFk0K*YfV*j~AWx zQr_HsuHMq3zwIA?ufJ5YGBg-!$=LC^nkHKo9`bYBjPqjhe&Z_U`;r^fje45D@`yL5 zcGh5h*-W<|lIBezw z^p=cP%64!sc4@EF{`nXKg0m;q%UC763)+8R-Zr-ks=(Mi4y&3%{; zl+^Sm)oN!;26h{*)gGhZB~6>$!1k%- z+~M=nEPj3O&OC7wnbai=xJBZ?)HTd3BNj1I1Cj%JtXnlK@9g2pd#%<${)7^O(TM=5 z6$F0@7&kILJ>=^B&tZe;OoKG(Y<(cnCZ4Q=FRQ2CC!`_u-iV+^9`J)car#gf_(X>A z1rVn4tJ=*lSGtwX9m{%um-Jp4 zjE!1O5b}~>;Rvx46E5>>f$Zwf)NAVBzLPm8A|G5n7d(;I)SljLcsMLTi^_&RF_M0% zAjgLH$P_&ZDvNmsk=BH(xBOKHW_euFa?9mx+g zPraYzd zef=z(`0DLX*)xB~(L%E8YDJ{kZ3);X;(A`-v7d9K&B+Uko+~-_vD$|nId$k8xvtpJaY?bDC@R0A z&hba@T(XZ;zj$0Dg85DdMHYQZlG&danDR6J_Gvd9`X{Npy6*HxbS-%CM=PU{@+QjVm#?jm%iCu^vaI+heRLTQi;; zT)%GTARBhSYC#T8R6n-VKN;e3hs9_0?lyCxf*{7Q3iv5-kD^&uIU2rj{bG`Kz&|RE z){4z$2TloDCeKx7U7QVW8WZkfj2txbJKlQ$6~ZBk@X zyXvlvbyw`X7`cNWT5`42oMtqmxls8M;1L!)(x?!8haOmAF22nNNUhm&5q8QzpGUkA zV=*-!$W(a7h7*8g;KyjIB#;kUH$(&3?9IjOP1I+qHri!6VIAYTT|x*-u99T_zP#V* zz|=;+TmU8lqsiRc5{DU16dQj@ODi*UXf4`9+@C2TXFV?koFfa${f|UvDDup{u#1S z1IL~BwJ%_+&2j>khG4kct>-oEGM3~OuFPE}4<@^2ZIZ#B?#PFld*r<$O~XImUhVtC zw4ksTX7ryW-idBRh>#SmughOGV3P@d-#Sts{lm@QNu~Gw*0M4LW%Bq(-q`&3Cvi#l z&w){%w2L)_xl9YvT3|b-R=%_{TLO6EZrS3WdpV@Mq0KILF`J(2d4X2`StFXM?E#Zz ziv(v;EE~3|P)&&Y&SQ!ZrtVqx2dyXkKGI!DQro<|cnbkJ?m?pX%~kr?%Xm|dynLYT z?s5%ow!vy+{-Cl>=0E?YUL0odG85*vP&KBIfDlvk@0g-P*!uq}ymNVjkpbe*0`Wf9 z7STg+7Uxm&_@7^E0?RgT)b2CJl^YyL`~L@9{r`XQ=i$d~=iVT9wt-2ZSv6Hrsbl~2 zTn&1SEG6T|@5A4X6;4`qa#>v=MT_mpK15rdIrhywO#L+@kdIrpzFI~h8N1z+(DD0< zlILE|gjv~`c1%jjO{qq{?e!@h^Mt@Og|8Kxi%vMkc5Ine%$WHT1ISNNInK4qm=oKo z0|E_|NHM!lP3?D|;>iZ<|NGn2_Sj-;mfoysX9#D((9O5nXSKul%z3rqspTr-F?`PQ z{aESGvZ@so<>9zK?}-_=9Pw+tlW*wnbKv+R@O=pr(}4rTP&O(Q2xXl; z!9~%7M_K}rX^?maj4a17KOt`AgNL@Rg576==1e_ESkRTS6>NJe$J(NPC2v_7|2CJhhYB{RtJAX9_%8=_VP6F zWn*cAwQd;)Aqz>>zbu#8Jz=k7Ik9 zL96l&krU`oF6Dh2LbTo7@GV+l7V6HJOY}*>@7VTMoY#*wuEXoCSYbZ z_%TuC^lmYY_%)O7a9h4~BNmo84w6h(#41^y$?r`MyT&4Tz}P#q#@=$@qC{{oiTAAB z4}I`gnUNY{{D*!>UEXJ@Cf=3n^LWlF9G6H^av6}@fm0NUco_uOW_%7DMfTBSo(~-9 zRMV9d=z)XtAqX|9Tl)oRyav0OP)dWFXh}i`aRzSQM{-$sG^LhU%QW4KkZjq%81sDl zjUtJ_%|ZUzG)ks}=4CgA%){mTRKmtg@@ef%UIh*;!5{Ik?xxuP!yNc2*5E@z8Vac} zwF`vNoPk+*TWz!_NYY-e4k(HFEd`=swmCCrLW^lk@v&^n7)_M$pE*b<)PuEQ9oL;( z-`SAdXkg89!`Cq_r&KFl2=V^cd%{o!I9Ul6a={t{qb*CUq$(JKdyWhM7})@ zi)!@_^^nCi$#4o67u0roxGm&RD7up3^b!g$w~Ci0&LN|f`I}o*yFKwRUuD~IVY*E( z+9@V%4q^Y{c%eEi0@9Uo&lbHhe7H^}ZK_e!sr#w2Kfl+^VdBw>eb zSFeEDr$-{B?#v8WGL}=Moufn;$QoNHx$90%K0}w4x^q_hDp9Q``iCS_eZtLaIq7!2 zJVo`1&^;dsIL6yUMm_u8D}AUae!`5kpZH022ife>9t^kc-FMZ+8R9EiGRZmS`&4ZU z7n0jFdsi4In(i=~qxK-tQ$`G@>ZfH_SJP6NzxP&mRAMR_;$xJY$v8 zS77>+g@03N*!77+f#%$d7=0Iq#04_KltYUX_1gH0s@s-vi>gxYk%FWP>hR`W0^j%K zkvzCc>Cw_>=Gg~7(0`Vbke7Xhdav{J5kBE#raj9k0T;Os4r?i zF|GEm;r^c{R^_X)&nee2bFmQ z7HBJ57s52JN~okj5NxnJl7)Hsfbf)@NGebUf`usutg2U^Ze6{V+0}lVL-OtlY&g#D ztU|sGtuZaV{!r&V(|b5hdzZVU8B{IqmQaRX2&~0lNhbB-d^XMd{xQ=~3O@#)!vWuM z8GpjpPMtm>8}$?x{g(XEesfGTM4(Xs@8s<^#y~H~RWd!z zRZ<+9yOdG;aNevyz)Xu$g5zzd>ZCal#B$5Bje?jc7o;<+;91R7(>K1#bjq;_&nwnFGU&$Yq`JLF`CVI~~khb~ZTw zvG3&xA!MW}fSiTl(kNO)5j#4dnYv}Ag9DCiOVVyf9ZUVAvrku&rw=TDbz(~D&-c_| zk(3v!t&~st38oANTv06h$43Mwz4zr=Ag6L!+f)c~hCx_w(_a@+!}~>`(RlOA;+3w^hJc~RNMAnZW^)QIjdu6< zbl>xzbICt5ZCbu>8%209G-ns3LPOssQC4T}bI;^#`qZ)IS$vGqy}%63z+w}_4M z@3>dqkFo46$v#@=&`DQQPI2>L!|-|2+9G_%hhmH#|2yp384tt{J-HLC1=S^cA_M^p!8%JEWr(g`w6eS^U$i{M}JighZ zL9R}l1SQK`@Mv7^68WK)y{{`T%FViy+$}L=#k~2y*;d;7_Y*Z0t1+jEvM!{2w-aTO z9ib$9F8wh)>>te1b@rWyzA44)die6N+SYDFvk3CYcY;IeM6wK%3<2gv&E6*tzBi57 zR_<_o)7}kcawHy*HCZpyA}!^5+7WzO?^aOt*Ar6})f)>gMd;(Im?7I&^gWd=CAZho zaQU5C-aUVEre5%#H|%!fze)?;App%bKUsiDbja#(zCA|_LV4=Z9P=CTl)#c8e-Wlx ztw0~cHXr(;$HIcc0vIp%b}3Wx?o;_yPg3llxwo4g(19@e6OVf^aZMrL>98;u45R&q z3?}dDYu}m@e!OrVR6=3f@4F^WYXANi*Vuqd~-eOPdi0Tf0M5d~&wK|*@yR6rDPgOrqXGn90LbW2GIf`}k3 z-Q9>N-6<{2kl&iU-)Fzi^KBf^ z1L2OymHAidKEbEO&fO}e~FYIqykCY9$!#bTFBD1Y6`8Kps6GTLLi>!PmO zDk_`G)bi^mjS`hrzRF>)Nm|RTI9v^0u9dbYM_OaTQ?2rcXUk_<5@=3_O>ai+NSk@j z!(7I(!Q<5Nta)F+t2O<;=k*Dd%NRvky;v1X0(aMXdz#@r)o!7X!B=5P25V)M#j|No zictfcX!A*zY9UJL<>Y7L=bBZI&jq8IG9Fat7pOj;S|1u+KsQ(DEJkJP5Ppa#OOq3L zZ{|72xjP#+A;R{mW_l9&KmxjOIwSqqLO%z7de@i817Yi7|JC*aS#V<4wG+AD((F?! zZ7}{q=r}T2as7jvtyMa=_gy|goQi9W!njQor!dm)O24%pAfstGftqoeKObP#be+xc zh1+e!A~Be9w%Z#jz{C6Q83i9`kSdhtU#e{3Zv z>A%=$y}5h$Xx`(}E?J)>3)WRd(VqQ^13zL9zb<&6Gm5Ka=eGJ%y>#lc$zz0?qf9}}VH{%ejxM14|9`KlVwctq9K z_uTmFfv#CLo4%6MpqE{D3g2ruww-uJAP|jnimKfw7HEyOrfa7&>+@@7+!VaeJ}ZKM zh8Q}jk^0UQeX!iZ4MMKQvBZuOAj4O2_%34RoOsyS?E;_ixTTpL#c2s(>|QfpQuxYj zru_p{5yuz|gK9L(bo>X`U@0ERGGvE=1qSa!_O%^> z=!_9z%OU-#0wUU#?!LGuj-49~Kf_pAvpV_o9lcuXuri_djDJNog}|cMU6FWubvtOF zkZWKZ?#cT&b>)jnH-Xwsrr*@+&PogDBkxkc_|{K2cJ>H_7eK*5j8=6Ws6}&-{;=hdbX$1Z>w&(O@?mv2_uXns9lK|&&yQT@wp$l-BV0SD*Z8`k z4Ra0R=>@z>a+E&Qxb|y1*Ns2tEoe_&VNh!KFl^DtPPWf@e7-G5zK6b_$ZK9luX2~} zGkY%6@Nj`;e9>`1J?o1Vnv)~TamO+2(cx+ldUuiAG@v^pc0PnGX3fgdbXTL;jr3=t zV%0a(ogV!SgX;ZxWdga=)3Nb0gOLsn@}l!D2EMIODV4f9*sTJN^KD!ris;WOqJp)V z1=A_&Wu-IogaEAhdO)ACBS!1oI76}D^$l-a?a4uRbzGq9&-iKewUbQkjqc3x-H7pk zh+^Q|&*T%8+lWN-!K2vGM$6}h3^?Z;5QK(*$y)K5w84gVONfC2d!$02kic59zGRBg z83(iS8ZJ&%e@a3ZiKzN~U5!-yq2C4PZ1i7qM9~1sd})!6y}h&_2W6vMb`7D7=kwG$-5FW;B!=3bQ=G(H zZ_f|`mFT-lMm) z`*JsRs%xO#a1pamp@W`#aqqgQlfIkM%SQ>QetUfLK7!k z(Kv0caH4?8)^HDk3$0 zR%=m^3GMEmT;JfJLl~kA6*USKp`)m=MAd*kgF;zF(2z8PM-EsRVO-vzh@7C$!QgvV zpvV<)XCL(LoA3gPB)!SrKWMT3WW)dW1F>K{Ab3T}iuaCQ!f&K+s%+>q`Cu+^Yp6s) zxp#-Zy^hKTjY^>0J72?2H~w(na!81r@7yt_WmsO?b>0Nd`Iw$S%aGA!SjOAQ}l4>ZzWdxiB|m0RowubA7s1oxx6#4(sP7HMfhg7XSqcT zpDR&h6(3LhWcA^jyNiSGR6V;bU#4Rh-uL{v(mK4j9#Rk! z%(E){d5o_!?8*3T)k*)5_>~v7>b+(R7tc36WVGE&3h0}r4BJ=mA@#MQr;jyCU7Paj zhm_DG?UynMnKw>}l!WSyn zTGXj=P&T1Ojl4?sQe!heY}3pBMC)=#RqX^t-+$XQfN#uaGOx*o0*xVnL4a_IAo)LK`= z#wL2(kz?`pHMixGDKD*+o}Hn!h>%VYb;hucmpQ+eqdO!CCX4A5bvLc*&&=UktUE~Y zDKkFL+zQiY^DB)t*Pf4O6W+L+V_Vny-G%b!I@+@%oKj?2uizy^@p+FZdY8OEUZLhO zVbJ3Jg|khc;lwIYCszK07dh~n15$Y4S_-^&^M#HTVG_|9gep(Nx%|JhXmaw*U^#-r$aDK`S7Pb4;dd9VX`~DEaBps?nF13%J1x;$E zk!9DC7ZSS*X=>L~P7D*jxJlU2TYH&il!Jt!vw^yKp`X5ca=@o1Ki?r|VzSgmZCFj% z>FuKYaqx!09rrUH_;hr;V9N8eQQdpSyEy=saCLpKncI8{94^Bdu1Sm8ZO@XP)SZj(kem-AIQgpC{?R)p zI`8C{qSv;Me+<0C*?)ESW|KN)46Fwb&MC?ZtYk)78qxiAsSC5f#CGs9d&Ft?)ZcNJ6*Nb zjShi=3C+K8)Bc)J46}E8A3=}!J3bysmptBk8Aap2SlvGrADx|=_aI@h>e>ZleOC@P zd&RF1Y85|bWxW@x@XAd;gp8+JsyqUXZi%Y&2D~!tv5ptRtrg8?t~GIhNh+=8`?CIu zpf2=8^%YWu-$rO5b=%9XYd7(97mYqCkacl!X;}X7E}ZkE@S6gtFVlZf;IdP$bBkjU zo_{w_G=BB3yQ%&&Xa66ciHyg~6yNiEJC|)>)!ewhm|AN&1#1(T{2cJDa+a+`**iA{ z5gcnn;t~I_cdRRH$av&Xf1S2ynkoE=(aAS{68~%;#_nBy2L|86gzcDx)uhe1q9NO@ zy0e#_oQCQdBS0Oy%R0umWAWPNPm=ax&nzpE7Z(cJ7t5!MB+c(#gifAtPyD+f{68KC zhKRlLWs$O!FRxs%f*bR9s^mMpf1JY4_im?dC;Xmmp8eL2-?!SG=nuEQXKc)?XzxKY9h@)N4uH-6YS=AJJE}oyap0{lK z5sXA0R^wK*H$9CbEPmVk4-fKh{xonMgG)+=vZ_9Yr0J*Db5XZE4+@=r!QUyL$lqQs zlzU1k=&0^9WN75c?TH9?7`EQ1y7rL5yqwX0gR3U=?r>ww;z`;TMceYvS=wT=UJdmm z>Tm}EIR+QE!V5abb84NP-u!vKH)~Xb(f@Ax|8K{B43V#fU(+shFOxhO9XG1q;u*{d z<%sj{n&CO_j3Ic7)4)F-l!Ua(xvsrOje+a_zyiU{}*WB7kN8-zM?7O`e0 z;9qgKLA`%=FEQAuqT?aS%gr&%=yy{&A9Pf9U!WUP!ky1cJWh)}i#_!u4)!l!oCE2l z{^kvXt0MpZr?(h(5N%|B2E|2IGn!qpH0C2fTeV}zJTo_A<6l`~)@cX8Gbh>Sd`v4y z&YN%Ep{Akryf`P!(Sj|j)StZxKRtD3BGZZ{LL=K_4hXau3OxO4e{hJG(fypB61Fwz z{c54krxN^&6OAy3W~MzA-ys!XFvmB}`HwaCpHqd`+a7r)el=DrZrpM6H7=DW_4qf& zYSatiVpY*a^bEQ~ewX1yfAdGgL2TkZ{@_b3MXpq4Z{Dr;bp86m>EatWYDHpBji1R{ zQTL?$a#jB;a>nA#ovrjXI1lw&>9o~yN7u9CMwFcp>i0o6?-Eq$@BR1x{pZ*GKL-d7 z$XCRUxMC4ed8hB0H;{J`e^1NQez_gs_%9#dzWn#Q{@+a?F+FJJ359{X-hG444Y!*( zJ3sd?AK-?A(TAH%q{IVfSSs$*EPf;AO{hgzyRNRTbuCWe7uxbj3G4tBwz$jIH3?0` z>No!WGQ{X0UoDMmE?BNB*Yyk=jh}F}WL$8hx{ZjQCdW~~DQU<1T~$MR$?415D>i-+ zn%nRw&C*1M6A~{Z?}hraV$TQalD}9CZ$DyW zP6Iz63MYy$VOhrQBO=#R>x(GrkI?D{#1O>wm7Te|ju`eiA$%55i)Y1Aod!#S^M^qQt%~jBp-iRP1HI z>GVZpdJI!4|BJ`t<(1}}7wiE`pM$ehV!m3$<}OAyr7s|vD250ACWQ6BeCV%y^Xj>P z#*ciqlvNDwiR61b2C&M0ANdV+9+4H>k&(FqT!0Vy|7cJD{MdaAIPlZ(gNyi;t9YXk zgG_@KTvL~JZK%O?9Cn%o5|)Kflt)9w%;~MQQt;EaUy9WkGWy>;s^~ zGa|~_?mNyD1C&fKL$V;gsE24tuUquL_1kWU|Dx9@b) z5q(OvNso?2UKaATcD#HD@X=om~13;Wx! z!dplTG5J!W2P}fo@wkr8ex{i1ho=uk#FJ@9MMp$guqoga@CvKrWAAsOD33rBkB-ZS z6c#kU*bpyVEFQL>fphtEB&gzkYmNGsiRrA+*0Xx?=l=WW zK}Rh_**=H0rEJr6w;G32ukCi&9A^*&A*6k>WwlGr;T|@jcy`r!z0GceI3+_Z8NOVW z5_s<)b~1h+vD;E2Q09YKUgttl;OU8U*yArc%{a+?cM{Xl|MSFu9(3G+B+rdxUy*-@ zVT8iyz`v_XF#@!=F({1py`-}oyW{+1Dbjh-Dpp9{;P59aDePx>BttUx*=1VVq)JY<|5Lj4fDr^Z=CTtzXen#)6k2lY7KMe& z(y~OxPyg4nEeDJ&OLJB35dE@{#q#OjHpy|r)H1c%FbvU#sAOSKmE?ZzsNH@o~b z(HHQW#k4VJU9$`KuV8H;|2pRDh4GSrRoK=|RsyEo?!TU7otNO^7V`oE}Xo@qR!&uDNwFN2b8o% z6@asR0`y}3NP(}z&xLlZE;_W!ar3VIddoC;AAWqT)U0=~rU}v2#zT17Wh{3jQcl&i z{kfihJ&4@JBwjL(MFJGdl|BM|?)+Jba%>12(A7(pFTvR0^F}bDoNEVc(z|N}MQo>7 zA?Cks888AYQe7&MxswYq7U!P{3$OSUZuJKgp-d4xLJ z>+4acN4vTgKbITNXZvX*4v0RdW|#kq3*fT%U)b5dyRAQe4;+O*3~cMzc-)UcjDd|a zxaX&YKm%(ojaoMS-2g=t&eKw>Iv4>BPZ$r-=E9e9zes ztif@T!5N+djn7#%>oWKYwGwo%=j6D6B+3fl)L9?*L7lxR^;uyg$Kvxs6@<7>(uEuO)E4Ds|CRlf_N;J$t#_ zdi=NQhGH-2W|k2l_{S9YC*>WhbmBt~9r2&BRnftBYy@)5>VJ<~LEO5u|FGSkZFlpi zBb*N}PpJ>_6R?m2dP=P(l><<0i08E&^LrAnL~;sp@|+H<%9ShclQLzZXgqqMq|5P< zcQ8gY5*HduDX3yqxp>o?%RuEyww*Z*<@eb~AqQvM?Qr!`p}3UG(5rWNd%h84D_-%$ z2AXhjWtQV_T<={ZELeduqoOvT1}8_NbZrUrHnE?sS6k*sZcpCsOvvYZRKCQMbuvlT zT@i21eNvbzDjb&i=i2&<14KIs@b~>qdRHdeF&QPV`P}}>=>PG{sS|g-6D@!N(nENu zN=dfB*f8WRh#S41W`R-~&l6v2}UQWP$==~CT$@QshJPf$W>uwdYU1%X|7AbssZXUK$Yb;)K)^* zCB|tWDUtc@6L0KBx4fa2)}lT6zMEu@#yK5Rq=&ND_d+78V$qr}ifk;7dSXJ3{}eZf z$ScAdLm`F*aRHo4QcHJ=|j8TW)^UqqeX+jBwA>q8semLN6SA zI>NmnP1kSnn7x+$T46JflHFB4P3E`De3q-S(=U3_0r*0gB1Dc&9*xxlS`X97s?VU6 zQSzh8CuUGPek5DzToh^7ht#g(t?qakAndjvnpkG=&h6)5+E?=hH*!A5PZUD-EpM3; zL;>Gyk4E`+jZ^rD(cedU-Yvv3hx|0hf|3&F^W$4~eG3>@(m=r2_J1;mGruMOSTojR z-|AsyzYefw*~w0NPR7~mG=Y!WD!m)bz(!^}Zds0F0B2@HaQyz9#Xy(G+CwYC8y!na zB}oZoK*mVz6(J>acFM~)-#$F0e>NM!!?*yWO_i|M}J#wjZ{_M5ssAIwBK6p_3^|%(V*k+u{6|S2xxKjlWf47EBT<;M{Gl)6^Cw# z5c7yTE<-{7XFC_3+VJ$x?OT{d}g`H`RR z`km(GE9>pyc5-m`;b-?)N#$#*wQ&BHWw?8;sX?j!k8UziWaD^nd@PL~K4TITV)g0Bf? zPDc=&b}JZmzgB|o{OA8tfHb9foI-03eUR-J(1p< zzdU^NRn3zbfaSkgGjy|{loiM&U9U}b7*e-gFKWMnQv#q@Z*4XML3d*}kX6~3+9`bpruMrq*CmE*sET9G|0<-33r}^lI#&Ju)a@?e->I(jUy2P9Gcs1JJ6B?QI3* z)Ov8y+1c3v0^D;I{sd%QfM+!e7!a%t0#Y&?tj99g&Iy;=PC=E^5HxETSuq2!PvYf1 zj13%On@BzW)CZrA=H^Dn-RMCa?&Yu^ue7si-k|Jw%|h#g1r^?S-65a9gR-rVeI@Bl^l z;upMLE{dWdL_cT_XIRb1f z&KczF=7zYAc>RM5VX)s$bka^eO!--O_14@u^%zW{7Hqh>V?F}96f*)uY_|xcDIJu* ze4I(WB*YFBt(r-QCIEBJ;Cge7uNy|ngGucRFgSGL`@NpGA}$f8;b1)S_v#a zmZKoAIe;t=7ZtNg-mOmRRMT+LbEiRg8W0?^(-tD3f3XZ2SB)!pfnXpoiE(tV8(2~x zY@ggd*7BRRnJG|zOlkNW9T%sdU77n{)7eV4KA}X8H2w}7GwopfIjzFg1QuLEO5SbN zWGxA^6s6ztk=2>X%+DU*R?E=1W}IxFcfChjdE3C*@W*5R924r8o7*@96!Z!nLh3PZ z=>0y2v2Ta%H%p%b{nUS62(%z~m_%)bzj~>|Np6RZmL;_JMe=u1Q;fQi(|0z_7F4p}w@=T9Gw~Q!G0^2qK)Cp@bYA3U z6Kuf~XtW$ZnB}Phz7Y2uNkx!9$;_NCY2}2|e3*x`e~6^eY6oyQU^16{a{EP29s|LW z+6EbOB8c9tW>|RDWhq09q7z`tsC?IR5UZ-qL@8hogEnMbbGrN1xIcC0>~PwZN&}F< zIIrepF8~dw!%(6!61xdNFKD_1FW`oKe8J{-_v<}fwiST+bmqZmXVgZIoM0%HoB@eU z@4XfP$#!wAw_5}~d$D9XZUc6k{wAb$=A~G>{34(ch|fofBEorSBQ@ydDFD>G56AR* z+SpxHxheIo<1*GRA0(u)2?#gg4Ce#iZ;Yk_xYmj0gvW!x0ii_Q^~?OdPf})pGRV9i z$fmIYPNq+lDq>zppwToaq6xoV<+w$K(Dm20K)(Z}|K7xJlJ_%OM*C#6v3lg3xD z*?8Gbth`r9v&vtF6}#Y|Oabv_1N!HqwF%tKTO_v>ZWRpR8|Z%`TY@4>>w(+aw>q+h z6a{D$!c__U*+UF!g}vsd4={Vp$#Q`@DOi@Plhx%bsxt>5Ea(m;=Sr6CIR?BVETFj? z<(0sTc+p0fJP3H`@Y>AoM+vl4&EOYR2+mBc16|bv*DuS!E9Ss9G#*1)Y*lZGRD!Op zvzo-S`1T2&->1&mid)^O?7)%KD8 zz1x9B9Qa3_X;aecLuWs_-&*v45<9b@o#;jmYg>l^P1O**ZSABa|~}9}TU@ z0*~|ITc0zOm9H+2k9J_ZBA+7_D%szOaNp<0a`3(U`}@AP@SAe6E??;YbDCYhEwm^? z*#1Z4^>=Tt-F*iZfOxCPm^`!=@xlLXGiwh%X~6vF@Hb@fz+D%?Mm_Z}1U&DiZH=&k z>b4rc%FFU!Z%XW*K#)9IEfFx>ynY9kKF zr=r^}ByCZ*Q!tpT1});g z5KykZQ34m?+t0&b^utS9k3H5txC8-*-+9r z(wY~5Ihfw$5JT7&Iehjdpp0a=lSt&K!J=uS21qb6z`v0VS5r&AN?3zK+D+^-vCe80 z(nOYy19oxJUvN_oxy&|F1-=5ZmKH~VAmeMGY3hSetKXQ&|XZ`a%P*&5YaB}Fg8ODYCDM zHc1iRECE|xP!qA9TE&^()EiF2;F|5WI}a&BAqf{>+P{bE} zjSPD!3ZiGpri%W9*pGm)bgJ)fRsy$ItpIvco?E3QDaoHBp@6v&jkODQpGjkH1%(Y>TXX{A*rN<$ks zh??XBdw-5;Uqgusfyog{OVL6Ni{_u)N3cEcx_g!8Gr&%hd;3#uX-gon2k@jQV0wN8 zFr%5vWF?@-b*yvtCf@7_eY~a~#1IxG)_@%^ZtUd*!E$(s|LTiM;4r|H!8(}o{GG0B z!*Zx+VykDH0J`i6G5b@Q4@inkhpVbr=4BBD*S)+bGgxa}DCQbKCT9eC|9sm!0UjO( z%NB=b)5wLILxpBfp}6YVGNhZiu%s7+(EU}1>ig~ZOZSl#5_AOK%zlT`@D!$<#)((X zFgq-WOP?*}C?t<&+G?^Y(HWNryFp92HCEb<`VktwxW*ibs}+Zlx5OgNqm zi(dh%pk-~DM+}O8s0Lj^X@jO*cv!HBGf*BFwMvDt&NlFvN}MElg1 zQDSRcgUREPbV!)wVK2y}_}XasL2sS)B(nDjj$vP?*3|!O1suMT0&Ay=%fk$TPi*S+ z@L-Z3kvAn2%DGU$(|jTHgnl?xsg^h6EHhxa3 zEAbW$n&57w-`@%0Zc$=Sz7wcVeYZV9(T1_>p(u`Bpc;n}hI;@w#leXRHLF*m*vGt_ z+gCht^;DCk15>HPA0$P^UjYjW%MSaixJ=kCF|*j~tHWA*Te>wiY}aSP*X(~v3v!(I z@h?*hGTO-7M5ugFq>jDBnMCY*$nDNWLna`oNs={BFDS}AjQg9&7WbOQmYnd*O^xRiA;L*z zTd~&JdC||=*{zAc)fXyzi5=|E+F97J5Z9tNgt~>xLOV;8UnQ-N(=K&N6X_W4nAn;+ zKSzw`H&z8|5MN+^{ByxZTb){pFMI7*G^FB^dTtYV`?|dR~9iDU-ezA zr@~#ZmC|`lLCIjNaQCQH-_YNrR^UUYv+lmT-BZvij z(4^>_{=5a-n?;)_Ow~vdaZ_H(e^^j*!N(qWHbpnBAmnXK49ix6~75UQj!P^pMQVCPE?yUuf-q5t`iA9tZriyw%&VKvl1f+rx^a z#;#dG#_)VgsMDnu*6{CcHj_R{>@9Ci1U08qu!dt1soFi2O!i%C87Ic7ZFy zjs3V3e#SAjeM6!4r!HYj8Wa#)e@sITsXJ=U>$q({C;_3BHn9a&6AuNpPBv0y*K{Z^ zQQcpXW$6z1Y4Gg^5Wp-S_4~o6={3mhHw;^K^#?&&g6ploIm``dARFhL04rZ=Tl1L; z+@y)$F<77HTAY&@)D0DZ%jgzZ%L9~+dyyzw>mG&lCcbGm{fyZUy<*r=u#vhGuarD9 zbVosJtejz=!eAUkFOZiE4)tGL|V~5tajIMGQh{bQ`fJF6K^sBZxr^ ziA&b5+oWNv4QmpMTv&Wa&P?cxT>H@zvql$r2Tu%g+w_ZS1n6at6jnBws3;23E;Wft zc|0itsQQh!&SnZU3QF|sZBEnEUSrVP{ZI_=g(KLm92|S(G?iwtMeTnm(w6zV+TEvi`5-Zu z6W@2eLK^CD;j=UQ8o%ASV*5%`z?WfPJhxd`?imH!Q6u)IG;Ane>kdm$?ZsL_J+E`d zw2ME;mL*QEK36|&OxA#N+o~MZL-@>i0jo%Gi3*aebS)udkLoc_;q7HjpEclU zS&xxe^`WTR_iLW$Zp2OUdgbOOTLIYxZ{26j;kAi0&t22#wZEe@(|by*`pun>0=F&- zOyeAUUlDm6E2(BpIxKfxBa4kXT`@J9CL`hUUwBEA|4#;141$5(0F+y102kGQVjcaz z@N)nvF-@cb&_aUnhp1koXrV`!^q7F2V>TsGzKo7%zLis7mAEo4urz!#sUWdi=Jb(x zPmMIpsn!FjOu=bC#9@LJityHyxRhTQbp=`tqj6>xZZU`6Q^~t8cRHXNhhdbhkb@&5 znG%XfS_?6f)^^I=*xfS0PaPj3yQ;hnkwi%KK9AQ|tlK7`0rq3c1RsWjG(IuvCR#L%n&G zVah%(B0%5^uO>lC_-fa+Wp3>khk#BPnLcS{ z`?KTyCsig()W&VAg%P-pJ~%>}zB4y-s|Isv?`Z~6%kSflNjt8O%#vDe4LX&t6_kwIz>dY7kRbT2DjJ9;_QRUQ!IF`_(bG2*|NcxP@@P0ELv&{vEts_Ch5UDS{q zT+Qo;5>E2ifm1xH<)NauZVj4#?g->y$#K60kuW|2{>TOk$FgMUMBxibCdG#38&L5X z5VPtg*T#|%Dyph4kUpsZXM$MGz`lX9O;63{IVM&O&uk6$_jGsUHmn?6tyH{TAvk4z z=Zr)X@s$PS?_@LdI-UBN{32mI!0gG*tOJrJ)ud`wt)`8TY;EQRArP}Rlj_gOf%I40 zK#yc!=y!3I_&%hTYLPi|_!!iUk|Y6@PiDXs7MngB9S+m4bQqq>Y$*Ame*NiA2>(s_ zqCObw^V$g8kcMpp(L{*Nlyo=+6HvHD-PDKVui9R1ED#iHI0yNHO2_f>3QvK}iuv^o zsZSPTrLxBd8+W(`p&{EaQpus~w|3TkGj%b<;ZK(lU-P_00~b-2rdqj3VmUR>)ybL} z8=Fs+TkxC5m+f}+h~mG;+ie+ta(ogNmwRu==2ct#(US0bQvKNTZyS$2cUukVuaOou zxdi00mIXXfr|!+qGg)T-?S z-f&KezGBSeLZ0}J2PL1;W}JJQ6I{ky;Kn|7F@(}2r$0{Q^clV-Nx=u0iFWaI9Rz&u zFXmToMw|Fa_tg}M=(Rvg)_`>NOKJa5JBA^FkI$32!hv;3f=V$z_WePCEeag~Y@#p@ z?893=C3FxU44+o$9X|OhgcK$suoQ6?S5OLY4({_I{g59iKVVo`I9CopaW#XmCaO=eaVN;}qAx`d2U{IU6=3`B0Y5C65U849 zvT`fma$=_4a2TgC*@lVi?Vk~43TtGn<9mDdv>pCyBCCM`SGnI(!8$T7Bkm{J=RvA6$1_`fZ8~!}x{-FLb~I{xxmD1-WBxM3^SM#atW9)ww|>~i zk%8K}H0uKWtcwWGu9VNrBiI`2uEu_zx7Ysy9Q41gi?<9OAgD76OtNTKv$_*?-}y)? z5^yQOa7y5XV9;4pNV&`!2@rS4Lk`wQ^*_$jJ9#zhoE&Uqf&5$BJ|Q+dFdOl*X&H1K z!78vG-a*KFt3mQD0T+Ji^lbXvDY20S-MIgk+{c@=-pVA<#hM>^1e(g!F20HcR&V7w z;<&Wv)?giVr#sy{K!vdL50-kXudujlR6-*x-wnAmJyr!a+#K91^l5^I-43^=;j*?d zOQ5)Kl+*suO&5aqy_Hw6(tlq3RY{*fcSVKOM8#9(`@zHI?{xTaKEkMI5b`+1$SZ_} znBG09du>wM=-p+$j8)JhHX>h!8uY7X6dAby+D){k627TA!qZU(`KBpz&m4HaSIF#a zKiUNqWmynWEr4RpYfxdv%h!TI+i&ZAB0Ij@CzyYRGXE}e=Oa}G8?BT8k$=~{)Cy1m z9H0mnAz>>u``#5OxBa#s5SHT1StDnyrfSp?kNstCxsR=hV;kmf0KT0$2SN!?$16e| zzBW9TW88z&DKxvliSD9nmBiJ?l6amyGIZ|==fUhJY|7l#|9buqh`Acu$=`-}Z11kvwn!qb zQRfHSrnL8zC7T+v?RtLMY)EhBTC^Gp==Rrg8QgfHRU;N4h)h8O<$_Pyu5b> z839msL7Ze!KVaG3(BJAw;_DZhnYpnit~>^^rnG_2a8=w}tCwDI2F?;mIilXz06Yao zG$$%wtNM*5Le~$$Hz3|$pgm91sZ(G)R)7i(uQl1hQ&9ocq%08IJTwW;sw&2ngPVB@ z?K5jtm39hz<(Fs=jU)f4-5Kor;}laqB)X(ah);$v8QKlPwE@gdhJsA*D1UgmAMb77 zIFslI1!a|2sMZ80=miJk+$@B2Sb*r8E9IWUHBb=c%uxT91?ZuwlH`a3gBuDw^I~3U zNq3gg-!WXC@}2uuN+sadLJS&W#Oqn&maIc#wNBh59HHjc8|UxxCMud0AR&NaV3gHS z-IVdXXsU#2SLJNYu}3^NbnE@6Xxx+Y)kKfnMU~w2!w)!BUH^cOyM)&wQx2rB8WTmu;t=dICxO_J`&IH2yKBPQ5=X&8M#K53@MTj0TF9tqBzgw^+gns*$#&L(yGcp5hjDhR_DL z=OKTAK8N*(k`3@ePPH93V@1BYzu5xTgcbt>0gPt>!uFtI$Pk8qcmI+DMeD>(b45p$ zZ;XOCHBD!ej?=L~J-xM}@}puI$N^z}_ZwUS@DoV*EGp^@y`1*scJ{7egZR@;uaY8s ztL@upPzD$qe`-X^U3t)L*d2%SWIog@>Epq*<+V+Rb^1pW*RW2217Ydcgfd~%DE*-6 zfnMzUC{;?OP&;FWuc{k5E0cfbdA1*)6B9@N6o(`kimmz$lU=>eukU#@8^GzjW8e(L zV0$i$3@A&F12yQGdrP%DPen+Xm461u0lvbP3ijp)H=ERc!bRLFWL<$2!1KPeI$R}T zq9u7^sN|)lVQJ9>gWs~$-E(Yn=63oIYKuFMAp~pXn^8u>?QebzDj+eXa`Hxt!o4cb zxAbLaleYe>?zY$Yoqhyf|7Mo#nrNiXuc^9!wZwIN^D?Jl(bnt@M*&QW^WVleVwn&C zG2h=`LEe)0m^g5(q9fWt33wKZ7J^|QfMX}rB1%P5i{hfhGa$o;oiA-tkffEO@F+}h?Cp!2KPZX#gk z4gdftt~tqV0Xqoks|Rkn34R*!GCTfn9YM~SK|1hTviO6jRe_aIy8_A3HPUb5FF}A1 z7n5e#PDW!fS@pd_{*_F0;oU&*et|WX`HUdj?T;=!^<XMk8nPL3-;ikaKL zf+_maG8ZxyhX7`cDOxfdZ&q)Gj}1IcIRG_vGDQdljc-u1a?21{RbKP|gOBKtgn(U| z%Eo*a-(@M$_%^iw>>#H&ahQ zEM$71FG3K%1vYlQuT41B7|awp$DFR^UAmMFz!cTKy{4TGHqnPN!Duq8s7CCiZNOf9 zU#)bs-t)qv(R|L=9~2;xJ}5dkQ00byf}H`nZ!xQi*(;*dAKtSnzV!n9pY2e&XD!+7 zfX0yZd-~uS*0oyRx$pZ$ke|+AjrOLaNQ41V@)wH+^@0G9&)Ag zNMyZWm9B@I45sbjlo+5uY5>j}?)Eo=Whx(IWL{sI=yZwZBzjOmlsx;#$7i{ZxOXF| z(gNuz5@$U^Juu>U4_{{mYYIB7(!shVDBvqKKIjrqdRj`(&2=x77|z$aH|=rq>AL=W zW16nGf9)+LnTSgR7IgW;jXMh-#2tN*H(D!p$|Ckhfo=j*hh@R*nmR*ae-DO1oM7nn z_Z{neg}$tWcKqHiXy3H}z~h+FusAtPM9fE3e8GCzJb@CA0!aV7*FY&u);O1FJ;;-+ z$-pX@`L6nqU87XSk)Xxo7~jIxxUGveLTHYu%3EfkaygX*sxwoF!Fkn7lCf*Ez)Ens z$rhVahzlM&3U)bcPK*YsAvEklsufi$eu|qYm076Qb4s?N>3c??s?r7e6%mjfY%C}N z$HDa(`JByHn`O~>M(xFGpt1b*}IPrKAr|{j^V*O_R40a>}0){mE%ObsIo9RZqQ^IC+D6)1Bt;p=S!^vrklyjnsV6ELZId6)e1@G$^^2Ygl&$T{XxlYyo{FO0B8 zUngt%gx*pthA;O^eG;#w*^)F=WdL^~9eDXhs(>hI(U(XBn$Qo!Th0$?IUPqhaBcEP1rw+ISwQu(Y?-2m2N$p9mF<Bv})!9ngAVW413`TCWM7%0wdzlsi*7V9h!0VX{^(A;L!*7@|bXg^0j#WO4j?QKL~Wx zzHon2#5YS1+@HQDPQtwOM0?L)uW^iwK_$3FmkEb{``Oc<4DS`6LZzunU2`4XS(Y1c@UU$L^~ z8nN~cPC^O<$QG8azcGaFTm3O zt*w^sqmi3NDShRAQb{fmqk7p2A%N}S?{hnv0oYaR=meK;*7DbW^&WcG7yO%GdH#mx z(H1=(h3o%y2a) zV0F4H=|?#`UyGitDDc6bZ|#XvL~%H%EcTVx?SEQS<07oTINM^Mca7GM`H{HXwRUFuOW*@UilpNmIGS!IrP_^{0!!ad35pp>?Ig>I>W!?-^de z(H+vk{d?z1FZKb6$lc*4Wy4wk+I_R-zUBHv@80m|HxvSA73Xeq%y`4HJC7&cHyIx! zC3K6}r984&z*J597-BVzKPx{vpI8QVLZ)7g3G2P>sdvP0^y% zgUKxqM>z?Uo+o*G^m51f$;Ptig>&K){{?pU6}hu#i~Gq`*;no)@DpQS9I;)NBz z7YLC(_`EbZQCLJ$XL>$Sb-hT7ydXbzwnCcr5uo|Y8RN~Rmu3FG_nY@--O1*?BszW; zQmDDD#m)DtdUXuQXN$j~Iaq^obFPdlg!k?!-;>)hulr5t`>YwK<`BIsOYHt{D=3u= zHR9}OlejKVXA9x?LcFYa*U+o0D}KRrALtwDf|z6*9!aQJqBRbb&ANA1%)G}x0o2gBD9< zUuHNeO}3MW?Aa=e<;@btOp|I-7>$f&2+5Xx-bXZY2glHFJxh_Z^#cZJpkFST(UvdS78e z7eyQM#8kw(XE`Cu8VFeEs{;eGcjqqOo(K@-l^%PjAbs>ijutqsH6CtF_*Vh4o@@{> zdBL1uS0E*cc&MDJ=B+vyt7UuG&ReM9Yz448{%@p_1%uy3yO*b|*BHd%Qm9(Wv588q zvPwrp8gM2hlRJ+@KEd~fA8BG8;6=Y9jY_P{MhG_JWG1;~=lq7v2yf~U;J)k;&SUEn zos{tw*C)A8&qYm(ryz`~M`N6St4IgVqkNGb4gDkrIHe9znQe^b4+`uTGTC(~$74v2 zCjl{u9#6z6;3Wc-0>oxionCwzeM5`$ow=4$l988ZIY>h5#u*rTg3V5j4lh|gD3nIi z9*E|t1ZDW@jTS-0#Lufn5W>&)8-%skxmGQ7&V5W;hW=!t2SW3e9yrSK{#ntaY$YY)!h2Uvdv zx_kcC&bMs#!2^i7-pswK`hIeQqL@GbO27y}f;sE4fdbq@=vlWIRMp(PBwusBM2DY_ z?K#&KJIva}!FLidT>mOj?60a_V-2T|zN%TKw;ZgTn-Oxd@@TR(exm>>yse4=>lGDP zv*#j{CvD*}-hNBzg;B^0aULo>k`c3p3o<+)mVKnrec-r`v2$LfF`2SegT8b`pD%EZ zn@&-ek+F_ot8=vampk`?@pD`m1dJmy#QiESQqqZ#E7^z3&J4%?5rh|9(vhw*8j{YrEL4&lk_Tb`*q-5YAHO<6bwIrpuyk7(98e}*BHv7!b9?!r!@F)1WGtH4 z7-|;l5%hGxZ3(jDHf0N_Ivl$_L(l~^9zv?urcegz8^F5g-CfBVYz@+I%4u*c;i*E- zlitcygZ%Xq%GBHzikrg6%g4#b$MCHM)%(?rS7B=_t*xuiW~rS>f18V7;oMve2F){h z;rZ_hk&)-Gd1-Sy+WpA+->N{uwqV13GDs!ru`{lgRwV`KabwHL zN1*sitaB(&k3`Hkgwc>W9TEY2Hcck4+ln&wmxO zvzH~J&;dn8k3GxvZ>lVZrTaNA7sd434D5%fxP}*7l=n@+wtf^ z=qvO>hBXq#rr{NH{QIY3)@N~iCSu^nPz8P|i>r^(jETA6bU}Y$cB`C;rPl{AzBXI` zmIhc#QK1K89vW_snW@i+S@UBjhr3T6zaHwV_iobJDE0Vtj$M!b-Tl97I2K#$XL2Z4 zhtas7o<3BY^njC=03Qd{b5cHPhTsA-3iff}pziCx)~L_;8qj;l)r(=FwH@HE^?#SP zFv1;}<>5mgSgI~j2G(-XDUh{NU*LOz7+{E>U#VEWF0w%A*}xXn0b1y2U)gos^{~ea zraaJ5_N*RR4iEGFXc|X;7O!iy2a%V-KBj{H&M)7D#vUwUYq!V3tuj82Ea@7-kq*%& zq{nW^P!j9qTVknzIEg%Yq;m?6Q0ND9*Ml%9Ql+%VOxRZacv%1XKo5u7`}pxUKEJ`S zlF){OuYP=~x}_EMgzK#(CZ&wtLRJ`Le7r6`S&5%)94&h7{Dk*=jq~kc6xSJ21kJAz zsaz!)aWZRAcXH@3Y#yKfCcmDW@=|GE&vGe~CgZ*TZwIg62)bd7#Is6bC;Delc61^s zM`b{~isMQoSvcpkSwMgh!4k{=_Ru$njAwBf%g1^U#hi$jUt>(~XlZ3LF{DW8oe=Y-%jJsL z3sj$HRqW=8(ar-_{eA2dvSJP0+{9I^VbMCgFW$9)sOM()Eok4V%`MoZ!?^=Ff}~+6 z-EvNdd)IoBE7=Gtz4rKPyi(pBy1^5<@f<8@bNki86(hv^%8~Lx2}F^6Ua|hvnGU*F z*@O#r;&!JBoV9=0>vdKQYEejXGlgpt!Sx%Ty|b*TenR|S`^UH&QP2mI0J*Re;L{BY zvUU&7Y)Jox3khP5odr!Ou&lIYxe-Cu`H2hIhFQX<Y3k*t!?_27{`QRJbQxq}E{jo9YBoSUhaqzM#y{pDc zl^*^D+e${*IiY+#7ivk&jcA9m_@~Wg`-q@A;So?0km7R1d_XizUe4 zf%NY*F_px6Z0-JJkgGfo)%*Z&j2Sy5G|x@J(((>)2jiIPLZdMmyu$7R9LW5CvRg%K zDyAa?&oU;L^+}J~vYp7H%Ec0Kt4HX*rq_^QWI?C8R5+pegwxWak>sKsP4}BU5sA^n zHFfx!XoEHXb@bPC(MBYQnT`h7R#}JJT|g8MKNn0%H#5}BY@K3vOq;4h>`fF2Plhucqp7%yd+fr?^4 z8i&?KV=g+--G|kWe+B`XCbZ{nM|NaHoO+|pS8B=39bROQhPIr4ST zlyRu-Vwj#zz6rAc`f731KO!r0>@chxo!@Oek2k#P*70)re0{qfh;|6(eIr1U#N1e1 z8VrSbhy?`uskzLIk}dC%sWT9rSWcC6G{Lzl{@NN*E1kZOJ6Y^CuqoYt;5Bu_EUD;+ z%2Nq9mEB)M4%K0mc5^eHKM&>1pm#ohxPgUgt+qP7a{ynSV(B{Dy2N#kML*7I(&OKg zR_`^X0(Ulx{D9Q^QpGoR)YKBYKqdUu!*Q=ytktYld$rl%$$R)bh^4g_6=|>Lj56&n z0f)wJs7HVBo*i<4w|iX_aqLg2k-|^3O3zsocON@}?26A>nkt0(`Bh6PZknF*Ts_;$#=@0&A(n)` z!a(-Ah^og;cqG1^u|X-Rxa|~dL~mQ|D5agL$YwJ9`>f%A6D+brjsj zHnejO!}yI+1AR|!aKl$V&CJ#?*DRKdiW$z<<&FUR(>v+B5C)ERc~Qv*6-zaw+-ZFQ z%V1u7@o>-ISq|LP8gliVYPtN(v4Xrfn2`Ajw`I%rYQ!l`BXSRTYYO3VWa*U(k?$${ zTefW5UdU(P3u-JWAqbN0`;7YD<7ORd3<1hf*@gv%@U@E(SRY#BfyaZ>_m9y4Uzh(#y$ z&ITlJ#*ORl!)^=ic@b%8IDI2#CR_>;7M*g-1yilJz3?%9Szu`g>*X@wbPH(<$Ravm zzWVmB*-YjETuP_TrlU-%MPZln!dDirWzP5(HoBwygod=%#_{|>KocRLdR!bHlokEU z-B&pN+R+DqFW)~~=(|Cd?@HM=YA1yDgFv=w68u*1|J2D1DX`o0{yM;z<;#y?E;|~F z5&5H(S}nED`Vxq^rWJ_zr*X-i?=bvd%-*j}%X)Z;V5_I>8DXgGe)g5Ahw!et=g*fo zXLSF|W8eMDl&C=x?!CCpW$omM@UD4I%1sY|C!#2|`BKzHtxbx<&mjN|kRFv9ZI|0% zK;yCb;Z5-VvqhU3j-=uG6srOInCHYE9iE?~t{wuCOfF_{)SySjGce${8yf}ehcI|cbtr$Mn)@;^ z<)B-E8WxQCiroAYVSlb*psaWKVx!2_me zZ5~0>2){?RGyqu8(K{dK% z%0*~76I_V8qgfEYLVYCV0wvjfUTygv=yOJO(H4phoMS@I7$RjOEaWA(O;R3me0P2my!Zhh26!qBOV{Qe|Y{s1iWeY)#I;2 zeNM_}-I2)}yTDba&A-i#n`P%+lSbJJffdy6q{#@KNvZFclnvegi_}CEZZi(k%hx}q zx|rg8;d2!YM?b;*&J3ho9{-x#GK#RC7P()eI^tnKA|eZHb!0P-;uO;A0s-!A0|j&9 zPVSNzD|eOtAD;W#^FofKC;zGjRkhqFDI-gw$|_ym)Z;xSK1O?p!0K?zN4kj&ZB>Ey zQ)lA#L+(w&MiFZox<2jJ62twfr#zU!+kUv z+HOeDy&!GJx`sL}6jVe^C|Y@f#>*M|m;s7t`hVL2o)T->_#C zr3e&vpioB51F`CY1cSbffAJnDV4d}*hJFA9(D3tFf)&b=)|^(8%Ms#T7LVVck-fR- zX+yEBH(kj9rV#Ln7h0(I=<}%z93Z@!4?^l+-sSnh&VP89&TfIM2(!F&f!+_nmgY@` zKm==8J&Zi=_&U;Z8$1|P-{30e8DP4&AY+&Li~J6#5X;kDMF@v3!;kH&j>#56$frTv zw6+{!Nuj#H8?Qxgbdy{EKMEu>E`Sbs?-n>y&0kIYt+^*t1`?D_+YJyfbtfQcur!-S z%5yUNqZ?^qVL`G4*cT(hA-c2os+`lGI>s~XEbq4L9-p|Ao5}E>INN>hvo1&AcO)0{ z(VDeyYCmWb!vt}&G%+WH1VA81wdpel;G2yfeh#PU-P*Lhwa($Ty&|5;BEzGo#m6IF zPOP@1^7ls}Fcy2A5?4w~=kD@b= \ + -H 'Content-Type: application/json' \ + -X GET \ + https:///api/v/containers/count +``` diff --git a/openapi-specs/compute/33-02/desc/containers/download_get.md b/openapi-specs/compute/33-02/desc/containers/download_get.md new file mode 100644 index 000000000..5c0811d7c --- /dev/null +++ b/openapi-specs/compute/33-02/desc/containers/download_get.md @@ -0,0 +1,20 @@ +Downloads container scan reports in CSV format. + +You can download the container scan reports in CSV format in Console under **Monitor > Compliance > Containers**. + +**Note**: The query parameter `fields` is not supported for this endpoint and `offset` and `limit` query parameters are ignored as this API endpoint downloads all the results. + +### cURL Request + +Refer to the following example cURL command that generates a CSV file containing the scan reports: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/containers/download?id={id}&layers=true" \ + > container_report.csv +``` + +A successful response displays the status of the download. diff --git a/openapi-specs/compute/33-02/desc/containers/filters_get.md b/openapi-specs/compute/33-02/desc/containers/filters_get.md new file mode 100644 index 000000000..c8a1dfca4 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/containers/filters_get.md @@ -0,0 +1,9 @@ +Returns all container filters in JSON format. These filters can be used in the base `GET` request as query parameters. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https://:8083/api/v1/containers/filters +``` diff --git a/openapi-specs/compute/33-02/desc/containers/get.md b/openapi-specs/compute/33-02/desc/containers/get.md new file mode 100644 index 000000000..4cacdde60 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/containers/get.md @@ -0,0 +1,37 @@ +Retrieves container scan reports. + +You can view the container scan reports in Console under **Monitor > Compliance > Containers**. + +> _**Note:**_ The API rate limit for this endpoint is 30 requests per 30 seconds. +You get an HTTP error response 429 if the limit exceeds. + +Refer to the following available options for the `fields` query parameters: +* labels +* externalLabels +* cluster +* hostname +* image +### cURL Request + +Refer to the following example cURL command that retrieves a scan report for all containers: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/containers" +``` + +Refer to the following example cURL command that retrieves a scan report for a container with the collection ``: + +``` +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/containers?collections=" +``` +The name query is synonymous with the filter containers text field in the Console UI. + +A successful response returns the container scan reports. diff --git a/openapi-specs/compute/33-02/desc/containers/labels_get.md b/openapi-specs/compute/33-02/desc/containers/labels_get.md new file mode 100644 index 000000000..eb40a748d --- /dev/null +++ b/openapi-specs/compute/33-02/desc/containers/labels_get.md @@ -0,0 +1,9 @@ +Returns an array of strings containing all of the labels. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https://:8083/api/v1/containers/labels +``` diff --git a/openapi-specs/compute/33-02/desc/containers/names_get.md b/openapi-specs/compute/33-02/desc/containers/names_get.md new file mode 100644 index 000000000..8b32465d5 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/containers/names_get.md @@ -0,0 +1,13 @@ +Returns an array of strings containing all container names. + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https:///api/v/containers/names +``` diff --git a/openapi-specs/compute/33-02/desc/containers/scan_post.md b/openapi-specs/compute/33-02/desc/containers/scan_post.md new file mode 100644 index 000000000..6b2bdaaba --- /dev/null +++ b/openapi-specs/compute/33-02/desc/containers/scan_post.md @@ -0,0 +1,12 @@ +Re-scan all containers immediately. +This endpoint returns the time that the scans were initiated. + +The following example command uses curl and basic auth to force Prisma Cloud Compute to re-scan all containers: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + https:///api/v/containers/scan +``` diff --git a/openapi-specs/compute/33-02/desc/credentials/credentials.md b/openapi-specs/compute/33-02/desc/credentials/credentials.md new file mode 100644 index 000000000..47eb1f342 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/credentials/credentials.md @@ -0,0 +1 @@ +Management of Centrally Managed Credentials \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/credentials/get.md b/openapi-specs/compute/33-02/desc/credentials/get.md new file mode 100644 index 000000000..ee4309dee --- /dev/null +++ b/openapi-specs/compute/33-02/desc/credentials/get.md @@ -0,0 +1,16 @@ +Retrieves a list of all credentials from the credentials store. +This endpoint maps to **Manage > Authentication > Credentials store** in the Console UI. + +### cURL Request + +Refer to the following example cURL command that retrieves all credentials: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https:///api/v/credentials +``` + +A successful response returns a list of all credentials. diff --git a/openapi-specs/compute/33-02/desc/credentials/id_delete.md b/openapi-specs/compute/33-02/desc/credentials/id_delete.md new file mode 100644 index 000000000..e5c70259e --- /dev/null +++ b/openapi-specs/compute/33-02/desc/credentials/id_delete.md @@ -0,0 +1,24 @@ +Deletes a credential from the credential store. + +**Note:** Use only Prisma Cloud Compute user interface **Manage** > **Cloud accounts** to delete cloud credentials for `Amazon AWS`, `Microsoft Azure`, and `Google Cloud Platform`. + +To invoke this endpoint in the Prisma Cloud Compute user interface: + +1. Navigate to **Manage > Authentication > Credentials Store**. +2. From the table, find the row of the credential you want to delete and click the dotted icon under the **Actions** column. +3. Click the **Delete** button to open the delete confirmation window. +4. Click the **Delete Credential** button to delete the credential. + +### cURL Request + +Refer to the following example cURL command that deletes an existing credential: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X DELETE \ + https:///api/v/credentials/{id} +``` + +**Note:** No response will be returned upon successful execution. diff --git a/openapi-specs/compute/33-02/desc/credentials/id_usages_get.md b/openapi-specs/compute/33-02/desc/credentials/id_usages_get.md new file mode 100644 index 000000000..76c1099aa --- /dev/null +++ b/openapi-specs/compute/33-02/desc/credentials/id_usages_get.md @@ -0,0 +1,22 @@ +Retrieves all usages for a specific credential in the credential store. + +To invoke this endpoint in the Console UI: + +1. Navigate to **Manage > Authentication > Credential Store**. +2. From the table, find the row of the credential you want to update and click the dotted icon under the **Actions** column. +3. Click the **Manage** button. +4. The **Usage** table displays the data from this endpoint. + +### cURL Request + +Refer to the following cURL command that retrieves all usages for a credential: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https:///api/v/credentials/{id}/usages +``` + +A successful response returns a list of all usages for the credential. diff --git a/openapi-specs/compute/33-02/desc/credentials/post.md b/openapi-specs/compute/33-02/desc/credentials/post.md new file mode 100644 index 000000000..ed8a2a690 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/credentials/post.md @@ -0,0 +1,35 @@ +Updates a credential in the credentials store. + +**Note:** Use only Prisma Cloud Compute user interface **Manage** > **Cloud accounts** > **Add account** to add cloud credentials for `Amazon AWS`, `Microsoft Azure`, and `Google Cloud Platform`. + +To invoke this endpoint in the Prisma Cloud Compute user interface: + +1. Navigate to **Manage > Authentication > Credentials Store**. +2. From the table, find the row of the credential you want to update and click the dotted icon under the **Actions** column. +3. Click the **Manage** button and update the credential's parameters. +4. Click the **Save** button to save the updated credential. + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl 'https:///api/v/credentials' \ + -k \ + -X POST \ + -u \ + -H 'Content-Type: application/json' \ + -d \ +'{ + "serviceAccount":{ + }, + "apiToken":{ + "encrypted":"ENCRYPTED_TOKEN" + }, + "type":"TYPE", + "_id":"{id}" +}' +``` + +**Note:** There's no response upon successful execution. + diff --git a/openapi-specs/compute/33-02/desc/curl_examples.md b/openapi-specs/compute/33-02/desc/curl_examples.md new file mode 100644 index 000000000..3d4fcd468 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/curl_examples.md @@ -0,0 +1,38 @@ +The cURL example for each endpoint is called with a username (`-u `) only. +The cURL can be modified to use any of the following: + +* **Authentication Token:** Use the `-H` option to pass the authentication token from the `/api/v1/authenticate` endpoint into the request header. + +For example, replace `` with the token from the `/api/v1/authenticate` endpoint. + +```bash +$ curl -k \ +-H 'Authorization: Bearer ' \ +-X POST \ +https:///api/v1/ +``` + +* **Username and Password:** Use the `-u` and `-p` options to include the username and password, eliminating the need to enter a password in a secondary step. + +For example, replace `` with the username string and `` with the password string. + +```bash +$ curl -k \ +-u \ +-p \ +-X POST \ +https:///api/v1/ +``` + +* **Username Only:** This will require the user's password to be entered as a secondary step. + +For example, replace `` with the username string. + +```bash +$ curl -k \ +-u \ +-X POST \ +https:///api/v1/ +``` + +**Note:** This is a more secure method than including the `-p` option since your terminal history won't contain the password. diff --git a/openapi-specs/compute/33-02/desc/current/collections_get.md b/openapi-specs/compute/33-02/desc/current/collections_get.md new file mode 100644 index 000000000..f334288cc --- /dev/null +++ b/openapi-specs/compute/33-02/desc/current/collections_get.md @@ -0,0 +1 @@ +Returns collections in the current project that the user has permission to access. \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/current/projects_get.md b/openapi-specs/compute/33-02/desc/current/projects_get.md new file mode 100644 index 000000000..1da5a26be --- /dev/null +++ b/openapi-specs/compute/33-02/desc/current/projects_get.md @@ -0,0 +1 @@ +Get the current user projects. \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/custom-compliance/custom-compliance.md b/openapi-specs/compute/33-02/desc/custom-compliance/custom-compliance.md new file mode 100644 index 000000000..00e14acde --- /dev/null +++ b/openapi-specs/compute/33-02/desc/custom-compliance/custom-compliance.md @@ -0,0 +1,9 @@ +Custom image checks give you a way to write and run your own compliance checks to assess, measure, and enforce security baselines in your environment. +Although Prisma Cloud Compute supports OpenSCAP and XCCDF, these frameworks are complicated, and they can be overkill when all you want to do is run a simple check. +Prisma Cloud Compute lets you implement your own custom image checks with simple scripts. + +A custom image check consists of a single script. +The script’s exit code determines the result of the check, where 0 is pass and 1 is fail. +Scripts are executed in the container’s default shell. +For many Linux container images, the default shell is bash, but that’s not always the case. +For Windows container images, the default shell is `cmd.exe`. diff --git a/openapi-specs/compute/33-02/desc/custom-compliance/get.md b/openapi-specs/compute/33-02/desc/custom-compliance/get.md new file mode 100644 index 000000000..9022a87b7 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/custom-compliance/get.md @@ -0,0 +1,32 @@ +Returns a list of all custom compliance checks. + +This endpoint maps to **Defend > Compliance > Custom** in the Console UI. + +### cURL Request + +Refer to the following example curl command that gets the list of custom compliance checks: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https:///api/v/custom-compliance +``` + +### Response + +``` +[ + { + "modified": "2019-03-07T17:01:12.355Z", + "owner": "pierre", + "name": "apitest", + "previousName": "", + "_id": 9000, + "title": "apitest", + "script": "if [ $(stat -c %a /bin/busybox) -eq 755 ]; then\n echo 'test permission failure' && exit 1;\nfi", + "severity": "high" + } +] +``` diff --git a/openapi-specs/compute/33-02/desc/custom-compliance/id_delete.md b/openapi-specs/compute/33-02/desc/custom-compliance/id_delete.md new file mode 100644 index 000000000..72c7183ee --- /dev/null +++ b/openapi-specs/compute/33-02/desc/custom-compliance/id_delete.md @@ -0,0 +1,15 @@ +Deletes a specific custom compliance check. + +This endpoint maps to **Defend > Compliance > Custom** in the Console UI. + +### cURL Request + +Refer to the following example cURL command that uses basic auth to delete the compliance check with id 9000: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X DELETE \ + https:///api/v/custom-compliance/9000 +``` diff --git a/openapi-specs/compute/33-02/desc/custom-compliance/put.md b/openapi-specs/compute/33-02/desc/custom-compliance/put.md new file mode 100644 index 000000000..480e41b54 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/custom-compliance/put.md @@ -0,0 +1,30 @@ +This endpoint will allow for update of the custom compliance checks. + +This endpoint maps to **Defend > Compliance > Custom** in the Console UI. + +### cURL Request + +Create `custom_check.json` file (example): + +```bash + { + "modified": "2019-03-07T17:01:12.355Z", + "owner": "pierre", + "name": "apitest", + "previousName": "", + "_id": 9000, + "title": "apitest", + "script": "if [ $(stat -c %a /bin/busybox) -eq 755 ]; then\n echo 'test permission failure' && exit 1;\nfi", + "severity": "high" + } +``` +Refer to the following example curl command that uses basic auth to update the checks: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X PUT \ + -d @custom_check.json \ + https:///api/v/custom-compliance +``` diff --git a/openapi-specs/compute/33-02/desc/custom-rules/custom-rules.md b/openapi-specs/compute/33-02/desc/custom-rules/custom-rules.md new file mode 100644 index 000000000..cf5c6d091 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/custom-rules/custom-rules.md @@ -0,0 +1 @@ +Defines a precise defense action for containers, hosts, Kubernetes audits, WAAS requests, and WAAS responses. \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/custom-rules/get.md b/openapi-specs/compute/33-02/desc/custom-rules/get.md new file mode 100644 index 000000000..f0385f81a --- /dev/null +++ b/openapi-specs/compute/33-02/desc/custom-rules/get.md @@ -0,0 +1,17 @@ +Retrieves a list of all custom rules. + +This endpoint maps to the policy table in **Defend > Custom rules** in the Console UI. + +### cURL Request + +Refer to the following example cURL command that retrieves all rules in the policy. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + 'https:///api/v/custom-rules' +``` + +A successful response returns a list of custom rules in the policy. diff --git a/openapi-specs/compute/33-02/desc/custom-rules/id_delete.md b/openapi-specs/compute/33-02/desc/custom-rules/id_delete.md new file mode 100644 index 000000000..c0d6dc8b0 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/custom-rules/id_delete.md @@ -0,0 +1,15 @@ +Deletes a custom rule. + +### cURL Request + +Refer to the following example cURL command that deletes a custom rule: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X DELETE \ + 'https:///api/v/custom-rules/{id}' +``` + +​**Note:** No response will be returned upon successful execution. diff --git a/openapi-specs/compute/33-02/desc/custom-rules/id_put.md b/openapi-specs/compute/33-02/desc/custom-rules/id_put.md new file mode 100644 index 000000000..59108ea0d --- /dev/null +++ b/openapi-specs/compute/33-02/desc/custom-rules/id_put.md @@ -0,0 +1,30 @@ +Creates or updates a custom rule. + +To invoke this endpoint in the Console UI: + +1. Navigate to **Defend > Custom rules**. +2. Click **+ Add rule** or the dotted icon under the **Actions** column and choose to the **Manage** cog icon to open the update window. +3. Configure the custom rule's parameters. +4. Click the **Add** or **Update** button to save the changes. + +### cURL Request + +Refer to the following example cURL command that updates a custom rule. + +```bash +$ curl 'https:///api/v/custom-rules/{id}' \ + -k \ + -X PUT \ + -u \ + -H 'Content-Type: application/json' \ + -d \ +'{ + "_id":{id}, + "type":"processes", + "message":"unexpected %proc.name was spawned", + "name":"", + "script":"proc.interactive" +}' +``` + +**Note:** No response will be returned upon successful execution. diff --git a/openapi-specs/compute/33-02/desc/cves/cves.md b/openapi-specs/compute/33-02/desc/cves/cves.md new file mode 100644 index 000000000..bc03c8eba --- /dev/null +++ b/openapi-specs/compute/33-02/desc/cves/cves.md @@ -0,0 +1 @@ +Browse Prisma Cloud Compute's vulnerability database. diff --git a/openapi-specs/compute/33-02/desc/cves/distribution_get.md b/openapi-specs/compute/33-02/desc/cves/distribution_get.md new file mode 100644 index 000000000..aecddce23 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/cves/distribution_get.md @@ -0,0 +1,11 @@ +Retrieves CVEs from the vulnerability database grouped into distribution where you will see a count for vulnerabilities per distribution. + +The following example curl command uses basic auth to retrieve this data: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https://:8083/api/v1/cves/distribution +``` diff --git a/openapi-specs/compute/33-02/desc/cves/get.md b/openapi-specs/compute/33-02/desc/cves/get.md new file mode 100644 index 000000000..469ea4b28 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/cves/get.md @@ -0,0 +1,14 @@ +Retrieves CVEs from Prisma Cloud Compute's vulnerability database. +Query the database by CVE ID. +Partial matches are supported. +A null response indicates that the CVE is not in our database. + +The following example curl command queries the Prisma Cloud Compute database for `CVE-2018-1102`. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https://:8083/api/v1/cves?id=CVE-2018-1102 +``` diff --git a/openapi-specs/compute/33-02/desc/defenders/app_embedded_post.md b/openapi-specs/compute/33-02/desc/defenders/app_embedded_post.md new file mode 100644 index 000000000..9167469d0 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/defenders/app_embedded_post.md @@ -0,0 +1,20 @@ +Creates an augmented Dockerfile with Defender and dependencies included as a ZIP file. + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + -d \ + '{ + "appID": "my-app", + "consoleAddr": "https://localhost:8083", + "dataFolder": "/var/lib/docker/containers/twistlock/tmp", + "dockerfile": "/var/lib/docker/overlay2/183e9e3ec933ba2363bcf6066b7605d99bfcf4dce84f72eeeba0f616c679cf48" + }' \ + "https:///api/v/defenders/app-embedded" +``` \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/defenders/daemonset_yaml_get.md b/openapi-specs/compute/33-02/desc/defenders/daemonset_yaml_get.md new file mode 100644 index 000000000..678901a8a --- /dev/null +++ b/openapi-specs/compute/33-02/desc/defenders/daemonset_yaml_get.md @@ -0,0 +1,17 @@ +Creates a DaemonSet deployment file in YAML format that can be used to deploy Defender to your cluster. + +For more information about how to use this endpoint, see +[Deploy a Defender DaemonSet using the API](https://docs.twistlock.com/docs/latest/api/automate_defender_install.html). + +The following example curl command returns a Defender DaemonSet deployment file. +The `` query parameter specifies the address that Defender uses to communicate with Console. +It can be a DNS name or IP address. + +`` is a single list item from the `/api/v1/defenders/names` endpoint. + +```bash +$ curl -k \ + -u \ + -X GET \ + 'https://:8083/api/v1/defenders/daemonset.yaml?consoleaddr=&listener=none&namespace=twistlock&orchestration=kubernetes' +``` diff --git a/openapi-specs/compute/33-02/desc/defenders/daemonset_yaml_post.md b/openapi-specs/compute/33-02/desc/defenders/daemonset_yaml_post.md new file mode 100644 index 000000000..268e3ba81 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/defenders/daemonset_yaml_post.md @@ -0,0 +1,20 @@ +Creates a DaemonSet deployment file in YAML format that you can use to deploy Defender to your cluster. + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + -d \ + '{ + "orchestration": "container", + "consoleAddr": "servo-vmware71", + "namespace": "twistlock", + "containerRuntime": "docker" + }' \ + "https:///api/v/defenders/daemonset.yaml" +``` \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/defenders/defenders.md b/openapi-specs/compute/33-02/desc/defenders/defenders.md new file mode 100644 index 000000000..dd41f380b --- /dev/null +++ b/openapi-specs/compute/33-02/desc/defenders/defenders.md @@ -0,0 +1,3 @@ +Manage Defender. +Defender is Prisma Cloud Compute's security agent. +In general, one Defender is deployed per node. diff --git a/openapi-specs/compute/33-02/desc/defenders/download_get.md b/openapi-specs/compute/33-02/desc/defenders/download_get.md new file mode 100644 index 000000000..2d9435506 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/defenders/download_get.md @@ -0,0 +1,16 @@ +Downloads information about deployed Defenders in CSV format. +Use the query parameters to filter what data is returned. + +**Note:** The results contain "hostname" even if you don't specify a "hostname" in the "fields" query parameter. + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: text/csv' \ + -X GET -o \ + https:///api/v/defenders/download +``` diff --git a/openapi-specs/compute/33-02/desc/defenders/fargate_json_post.md b/openapi-specs/compute/33-02/desc/defenders/fargate_json_post.md new file mode 100644 index 000000000..5128e90a1 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/defenders/fargate_json_post.md @@ -0,0 +1,36 @@ +Returns a protected Fargate task definition given an unprotected task definition. + +### cURL Request +Refer to the following example cURL command: + +`` is a single list item from the `/api/v/defenders/names` endpoint. + +Unprotected task definition in `unprotected.json` + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + --data-binary "@unprotected.json" + --output protected.json \ + "https:///api/v/defenders/fargate.json?consoleaddr=&defenderType=appEmbedded" +``` +Refer to the following example cURL command that accepts the task definition in JSON format for a CloudFormation template: + +`` is a single list item from the `/api/v/defenders/names` endpoint. + +Unprotected task definition in `unprotected.json` + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + --data-binary "@unprotected.json" + --output protected.json \ + "https:///api/v/defenders/fargate.json?cloudFormation=true&consoleaddr=&filestemMonitoring=false&interpreter=&project=Central+Console" +``` + +### cURL Response +New Protected task will be in `protected.json` \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/defenders/fargate_yaml_post.md b/openapi-specs/compute/33-02/desc/defenders/fargate_yaml_post.md new file mode 100644 index 000000000..9a8306a1b --- /dev/null +++ b/openapi-specs/compute/33-02/desc/defenders/fargate_yaml_post.md @@ -0,0 +1,20 @@ +Returns a protected Fargate task definition for a CloudFormation YAML template given an unprotected task definition. + +### cURL Request +Refer to the following example cURL command that accepts the task definition in YAML format for a CloudFormation template: + +`` is a single list item from the `/api/v/defenders/names` endpoint. + +Unprotected task definition in `unprotected.yaml` + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/yaml' \ + -X POST \ + --data-binary "@unprotected.yaml" + --output protected.yaml \ + "https:///api/v/defenders/fargate.yaml?cloudFormation=true&consoleaddr=&filestemMonitoring=false&interpreter=&project=Central+Console" +``` + +New Protected task will be in `protected.yaml` \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/defenders/get.md b/openapi-specs/compute/33-02/desc/defenders/get.md new file mode 100644 index 000000000..471e7ef9d --- /dev/null +++ b/openapi-specs/compute/33-02/desc/defenders/get.md @@ -0,0 +1,17 @@ +Retrieves all deployed Defenders. + +This endpoint maps to the UI Console page in **Manage > Defenders > Defenders**. + +### cURL Request + +Refer to the following example cURL command that retrieves all deployed Defenders. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https:///api/v/defenders +``` + +A successful response returns all deployed Defenders. diff --git a/openapi-specs/compute/33-02/desc/defenders/helm_get.md b/openapi-specs/compute/33-02/desc/defenders/helm_get.md new file mode 100644 index 000000000..b11f9c4b9 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/defenders/helm_get.md @@ -0,0 +1,21 @@ +Creates a Helm deployment file that can be used to deploy Defenders to your cluster. + +For more information about how to use this endpoint, see +[Deploy a Defender Helm using the API](https://docs.twistlock.com/docs/19.07/install/install_kubernetes.html#install-twistlock-with-helm-charts). + +### cURL Request + +Refer to the following example curl command that returns a Defender Helm deployment file: + +The `` query parameter specifies the address that Defender uses to communicate with Console. +It can be a DNS name or IP address. + +`` is a single list item from the `/api/v/defenders/names` endpoint. + +```bash +$ curl -k \ + -u \ + -X GET \ + -o twistlock-defender-helm.tar.gz \ + 'https:///api/v/defenders/helm/twistlock-defender-helm.tar.gz?consoleaddr=&namespace=twistlock&orchestration=kubernetes' +``` diff --git a/openapi-specs/compute/33-02/desc/defenders/helm_post.md b/openapi-specs/compute/33-02/desc/defenders/helm_post.md new file mode 100644 index 000000000..2046e63eb --- /dev/null +++ b/openapi-specs/compute/33-02/desc/defenders/helm_post.md @@ -0,0 +1,20 @@ +Creates a Helm deployment file that you can use to deploy Defenders to your cluster. + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + -o twistlock-defender-helm.tar.gz \ + -d \ + '{ + "orchestration": "container", + "consoleAddr": "servo-vmware71", + "namespace": "twistlock" + }' \ + "https:///api/v/defenders/helm/twistlock-defender-helm.tar.gz" +``` \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/defenders/id_delete.md b/openapi-specs/compute/33-02/desc/defenders/id_delete.md new file mode 100644 index 000000000..f637ef850 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/defenders/id_delete.md @@ -0,0 +1,24 @@ +Deletes an existing Defender on a given host. + +To invoke this endpoint in the Console UI: + +1. Navigate to **Manage > Defenders > Defenders**. +2. In a table row, click the dotted **Actions** button for the Defender you want to delete. +3. Click the **Decommission** button to open the delete confirmation window. +4. Click the **Delete Defender** button to delete the Defender. + +### cURL Request + +The following cURL command deletes an existing Defender on a host. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X DELETE \ + https:///api/v/defenders/ +``` + +`` is populated with a value returned from the `/api/v/defenders/names` endpoint. + +**Note:** No response will be returned upon successful execution. diff --git a/openapi-specs/compute/33-02/desc/defenders/id_features_post.md b/openapi-specs/compute/33-02/desc/defenders/id_features_post.md new file mode 100644 index 000000000..ec8e4c5f3 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/defenders/id_features_post.md @@ -0,0 +1,13 @@ +Updates a deployed Defender's configuration. + +`` is a single list item from the `/api/v1/defenders/names` endpoint. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + -d '{"proxyListenerType": "tcp", "registryScanner":"", "serverlessScanner":""}' \ + https:///api/v/defenders//features +``` + diff --git a/openapi-specs/compute/33-02/desc/defenders/id_restart_post.md b/openapi-specs/compute/33-02/desc/defenders/id_restart_post.md new file mode 100644 index 000000000..da0cc7811 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/defenders/id_restart_post.md @@ -0,0 +1,11 @@ +Restarts Defender on a given host. + +`` is a single list item from the `/api/v1/defenders/names` endpoint. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + https:///api/v/defenders//restart +``` diff --git a/openapi-specs/compute/33-02/desc/defenders/id_upgrade_post.md b/openapi-specs/compute/33-02/desc/defenders/id_upgrade_post.md new file mode 100644 index 000000000..f0d30d1e9 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/defenders/id_upgrade_post.md @@ -0,0 +1,15 @@ +Upgrades Defender on ``. + +`` is a single list item from the `/api/v/defenders/names` endpoint. + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + https:///api/v/defenders//upgrade +``` diff --git a/openapi-specs/compute/33-02/desc/defenders/image-name_get.md b/openapi-specs/compute/33-02/desc/defenders/image-name_get.md new file mode 100644 index 000000000..e81ba3e19 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/defenders/image-name_get.md @@ -0,0 +1,19 @@ +Returns the full Docker image name for Defender. + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https:///api/v/defenders/image-name +``` + +### Response + +Refer to the following example cURL response: + +`registry-auth.twistlock.com/tw_mcxweebesog0apjuhtmatv7saf9xdnwd/twistlock/defender:defender_21_11_812` diff --git a/openapi-specs/compute/33-02/desc/defenders/install-bundle_get.md b/openapi-specs/compute/33-02/desc/defenders/install-bundle_get.md new file mode 100644 index 000000000..882d0cd53 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/defenders/install-bundle_get.md @@ -0,0 +1,15 @@ +Returns the certificate bundle that Defender needs to securely connect to Console. + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/defenders/install-bundle?consoleaddr=" +``` + + is the hostname of the Console. diff --git a/openapi-specs/compute/33-02/desc/defenders/names_get.md b/openapi-specs/compute/33-02/desc/defenders/names_get.md new file mode 100644 index 000000000..728eb6364 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/defenders/names_get.md @@ -0,0 +1,45 @@ +Retrieves a list of Defender hostnames that can be used as the `{id}` query parameter in other `/api/v1/defenders` endpoints. + +### cURL Request + +Refer to the following example cURL command that retrieves a list of all Defenders: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https:///api/v/defenders/names +``` + +Refer to the following example cURL command that retrieves a list of connected Defenders using a query parameter and a specified boolean value in lower case: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/defenders/names?connected=true" +``` + +Refer to the following example cURL command that retrieves a list of disconnected Defenders using a query parameter and a specified boolean value in lower case: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/defenders/names?connected=false" +``` +**Note**: The query parameter `connected` expects and accepts a boolean value in lower case. +The endpoint enlists all the connected and disconnected Defenders if do not specify a boolean value. + +Refer to the following example cURL command that retrieves a list of Defenders by type: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/defenders/names?type=" +``` diff --git a/openapi-specs/compute/33-02/desc/defenders/rasp_post.md b/openapi-specs/compute/33-02/desc/defenders/rasp_post.md new file mode 100644 index 000000000..526a9e112 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/defenders/rasp_post.md @@ -0,0 +1,15 @@ +Creates an augmented Dockerfile with RASP Defender and dependencies included as a ZIP file. + +The following example curl command returns a RASP Defender zip file. +The `` query parameter specifies the address that Defender uses to communicate with Console. +It can be a DNS name or IP address. + +`` is a single list item from the `/api/v1/defenders/names` endpoint. + +```bash +$ curl -k \ + -u \ + -X GET \ + -o rasp-defender.zip + 'https://:8083/api/v1/defenders/rasp?appId=&consoleaddr=&dataFolder=&dockerfile=' +``` diff --git a/openapi-specs/compute/33-02/desc/defenders/serverless-bundle_post.md b/openapi-specs/compute/33-02/desc/defenders/serverless-bundle_post.md new file mode 100644 index 000000000..df4f13e6a --- /dev/null +++ b/openapi-specs/compute/33-02/desc/defenders/serverless-bundle_post.md @@ -0,0 +1,15 @@ +Downloads a ZIP file with serverless Defender bundle. + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/octet-stream' \ + -o serverless_bundle.zip \ + -X POST \ + -d '{"provider": ["aws"], "runtime": ["nodejs14.x"]}' \ + "https:///api/v/defenders/serverless/bundle" + ``` diff --git a/openapi-specs/compute/33-02/desc/defenders/summary_get.md b/openapi-specs/compute/33-02/desc/defenders/summary_get.md new file mode 100644 index 000000000..08be4ebc4 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/defenders/summary_get.md @@ -0,0 +1,15 @@ +Lists the number of Defenders in each defender category. + + +### cURL Request + +Refer to the following example cURL command that retrieves a summary of Defenders: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https:///api/v/defenders/summary +``` + diff --git a/openapi-specs/compute/33-02/desc/defenders/tas-cloud-controller-address_get.md b/openapi-specs/compute/33-02/desc/defenders/tas-cloud-controller-address_get.md new file mode 100644 index 000000000..afd34dbf8 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/defenders/tas-cloud-controller-address_get.md @@ -0,0 +1 @@ +Returns the cloud controller addresses for Tas defenders. \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/defenders/upgrade_post.md b/openapi-specs/compute/33-02/desc/defenders/upgrade_post.md new file mode 100644 index 000000000..2f0b4d39e --- /dev/null +++ b/openapi-specs/compute/33-02/desc/defenders/upgrade_post.md @@ -0,0 +1,17 @@ +Upgrades all connected single Linux Container Defenders. + +This does not update cluster Container Defenders (such as Defender DaemonSets), Serverless Defenders, or Fargate Defenders. +To upgrade cluster Container Defenders, redeploy them. +To upgrade Serverless and Fargate Defenders, re-embed them. + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + https:///api/v/defenders/upgrade +``` diff --git a/openapi-specs/compute/33-02/desc/deployment/daemonsets_deploy_post.md b/openapi-specs/compute/33-02/desc/deployment/daemonsets_deploy_post.md new file mode 100644 index 000000000..94ec9386b --- /dev/null +++ b/openapi-specs/compute/33-02/desc/deployment/daemonsets_deploy_post.md @@ -0,0 +1,20 @@ +Deploys a Defender DaemonSet to the cluster identified by `credentialID`. +The `credentialID`, of type `kubeconfig`, must exist before calling this endpoint. +It identifies the cluster's API server, user, and credentials. + +Use the various request parameters to control the properties of the deployed DaemonSet. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + -d '{ + "credentialID": "", + "consoleAddr": "", + "namespace": "", + "orchestration": "", + "...":"..." + }' \ + https://:8083/api/v1/deployment/daemonsets/deploy +``` diff --git a/openapi-specs/compute/33-02/desc/deployment/daemonsets_get.md b/openapi-specs/compute/33-02/desc/deployment/daemonsets_get.md new file mode 100644 index 000000000..a0b7f3798 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/deployment/daemonsets_get.md @@ -0,0 +1,11 @@ +Retrieves a list of deployed Defender DaemonSets. +You must specify a `credentialID`, of type `kubeconfig`, which identifies your cluster and user. +Credentials are managed in Console's credentials store (`/api/v1/credentials`). + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https://:8083/api/v1/deployment/daemonsets?credentialID= +``` diff --git a/openapi-specs/compute/33-02/desc/deployment/deployment.md b/openapi-specs/compute/33-02/desc/deployment/deployment.md new file mode 100644 index 000000000..760ae1bdb --- /dev/null +++ b/openapi-specs/compute/33-02/desc/deployment/deployment.md @@ -0,0 +1 @@ +Manage Defender DaemonSet deployments. diff --git a/openapi-specs/compute/33-02/desc/feeds/custom-vulnerabilities_get.md b/openapi-specs/compute/33-02/desc/feeds/custom-vulnerabilities_get.md new file mode 100644 index 000000000..71834f19d --- /dev/null +++ b/openapi-specs/compute/33-02/desc/feeds/custom-vulnerabilities_get.md @@ -0,0 +1,41 @@ +Returns the list of custom vulnerabilities and associated rules for handling internally created or packaged apps. + +This list is used by the Prisma Cloud Compute scanner to detect vulnerable custom components (apps, libraries, etc) that were developed and packaged internally. + +> **Note:** When a vulnerable custom component is detected in an image, you must have a rule to tell Prisma Cloud Compute how to handle it. + +Vulnerability rules can be created using the Prisma Cloud Compute. + +### cURL Request + +Refer to the following cURL command that retrieves a list of all the custom vulnerabilities and associated rules. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/feeds/custom/custom-vulnerabilities" +``` + +### Response + +A successful response will return a list of custom vulnerability rules and the associated digest: + +```json +{ + "_id":"customVulnerabilities", + "rules": [ + { + "_id": "", + "package": "internal-lib", + "type": "package", + "minVersionInclusive": "1.1", + "name": "internal-lib", + "maxVersionInclusive": "1.8", + "md5": "" + } + ], + "digest":"" +} +``` diff --git a/openapi-specs/compute/33-02/desc/feeds/custom-vulnerabilities_put.md b/openapi-specs/compute/33-02/desc/feeds/custom-vulnerabilities_put.md new file mode 100644 index 000000000..4fe1c1898 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/feeds/custom-vulnerabilities_put.md @@ -0,0 +1,85 @@ +Updates all the custom vulnerabilities and associated rules simultaneously for handling internally created or packaged apps. + +### cURL Request + +Refer to the following cURL command that updates a vulnerability for a library named `internal-lib`, and specifies that its versions `1.1` to `1.8` are known to be vulnerable. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X PUT \ + -d ' +{ + "rules": [ + { + "_id": "", + "package": "internal-lib", + "type": "package", + "minVersionInclusive": "1.1", + "name": "internal-lib", + "maxVersionInclusive": "1.8", + "md5": "" + } + ] +}' \ +"https:///api/v/feeds/custom/custom-vulnerabilities" +``` + +**Note:** No response will be returned upon successful execution. + +### Maintain your Custom Vulnerabilities + +We suggest you maintain your custom vulnerabilities using the following steps: + +1. Get all the custom vulnerability rules from the `GET` endpoint and save the results to a file. + + **Note:** You will need `jq` to execute this command. + + ``` + $ curl -k \ + -u \ + https:///api/v/feeds/custom/custom-vulnerabilities \ + | jq '.' > custom_vulnerability_rules.json + ``` + +2. Open the JSON file and add, modify, and/or delete the rules by directly editing the JSON output. For example: + + ```json + { + "id": "customVulnerabilities", + "rules": [ + { + "_id": "", + "package": "internal-lib", + "type": "package", + "minVersionInclusive": "1.1", + "name": "internal-lib", + "maxVersionInclusive": "1.8", + "md5": "" + } + ], + "digest": "97de7f27XXXXXXXXXX" + } + ``` + +3. Update the rules by pushing the new JSON payload. **Note:** Do not forget to specify the `@` symbol. + + ``` + $ curl -k \ + -u \ + -X PUT \ + -H "Content-Type:application/json" \ + -d @custom_vulnerability_rules.json \ + https:///api/v/feeds/custom/custom-vulnerabilities + ``` + +4. Run the cURL command for the `GET /api/vVERSION/feeds/custom/custom-vulnerabilities` endpoint and you can see that the previously installed rules are now overwritten with your new rules. + + ```bash + $ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https:///api/v/feeds/custom/custom-vulnerabilities +``` diff --git a/openapi-specs/compute/33-02/desc/feeds/custom_vulnerabilities_digest_get.md b/openapi-specs/compute/33-02/desc/feeds/custom_vulnerabilities_digest_get.md new file mode 100644 index 000000000..0eb501d9b --- /dev/null +++ b/openapi-specs/compute/33-02/desc/feeds/custom_vulnerabilities_digest_get.md @@ -0,0 +1,17 @@ +Returns the unique digest for the custom vulnerabilities and associated rules for handling internally created or packaged apps. + +### cURL Request + +The following cURL command retrieves the digest for the configured custom vulnerabilities. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https:///api/v1/feeds/custom/custom-vulnerabilities/digest +``` + +A successful response will return the digest string. +This is the same value as the `digest` property in the response of the `GET api/v1/feeds/custom/custom-vulnerabilities` endpoint. + diff --git a/openapi-specs/compute/33-02/desc/feeds/cve_allow_list_digest_get.md b/openapi-specs/compute/33-02/desc/feeds/cve_allow_list_digest_get.md new file mode 100644 index 000000000..e27f21251 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/feeds/cve_allow_list_digest_get.md @@ -0,0 +1,16 @@ +Retrieves the digest string for the Common Vulnerabilities and Exposures (CVE) allow list configured in Console. + +### cURL Request + +The following cURL command retrieves the digest for the configured CVE allow list. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https:///api/v1/feeds/custom/cve-allow-list/digest +``` + +A successful response will return the digest string. This is the same value as the `digest` property in the response of the `GET api/v1/feeds/custom/cve-allow-list` endpoint. + diff --git a/openapi-specs/compute/33-02/desc/feeds/cve_allow_list_get.md b/openapi-specs/compute/33-02/desc/feeds/cve_allow_list_get.md new file mode 100644 index 000000000..34fb2c7f8 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/feeds/cve_allow_list_get.md @@ -0,0 +1,30 @@ +Retrieves the globally allow-listed Common Vulnerabilities and Exposures (CVE). + +### cURL Request + +The following cURL command retrieves the globally allow-listed CVEs. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https:///api/v1/feeds/custom/cve-allow-list +``` + +### Response + +A successful response returns all CVEs globally allow-listed. + +```json +{ + "_id":"cveAllowList", + "rules": [ + { + "cve": "CVE-2018-2222", + "expiration": "2020-06-18T00:00:00Z" + } + ], + "digest":"" +} +``` diff --git a/openapi-specs/compute/33-02/desc/feeds/cve_allow_list_put.md b/openapi-specs/compute/33-02/desc/feeds/cve_allow_list_put.md new file mode 100644 index 000000000..850016965 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/feeds/cve_allow_list_put.md @@ -0,0 +1,29 @@ +Globally allow-lists a set of Common Vulnerabilities and Exposures (CVE). + +**Note:** Any previously installed lists are overwritten. + +### cURL Request + +The following cURL command installs a global CVE allow-list. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X PUT \ + -d \ +'{ + "rules": [ + { + "cve": "CVE-2018-2222", + "expiration": "2020-06-18T00:00:00Z" + } + ] +}' \ + https:///api/v1/feeds/custom/cve-allow-list +``` + +**Note:** No response will be returned upon successful execution. + +To confirm the CVE list has been added to the global allow-list, call the `GET /api/v1/feeds/custom/cve-allow-list` endpoint. + diff --git a/openapi-specs/compute/33-02/desc/feeds/feeds.md b/openapi-specs/compute/33-02/desc/feeds/feeds.md new file mode 100644 index 000000000..748e0af74 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/feeds/feeds.md @@ -0,0 +1,2 @@ +Augments the Prisma Cloud Compute Intelligence Stream with custom threat data. +Enables you expand the scope of threats and vulnerabilities that Prisma Cloud Compute can detect and report. \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/feeds/ips_digest_get.md b/openapi-specs/compute/33-02/desc/feeds/ips_digest_get.md new file mode 100644 index 000000000..d059271ea --- /dev/null +++ b/openapi-specs/compute/33-02/desc/feeds/ips_digest_get.md @@ -0,0 +1,16 @@ +Retrieves the digest string for the list of suspicious or high risk IP endpoints configured in Console. + +### cURL Request + +The following cURL command retrieves the digest for the banned suspicious or high-risk IP addresses. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https:///api/v1/feeds/custom/ips/digest +``` + +A successful response will return the digest string. This is the same value as the `digest` property in the response of the `GET api/v1/feeds/custom/ips` endpoint. + diff --git a/openapi-specs/compute/33-02/desc/feeds/ips_get.md b/openapi-specs/compute/33-02/desc/feeds/ips_get.md new file mode 100644 index 000000000..381257d47 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/feeds/ips_get.md @@ -0,0 +1,26 @@ +Retrieves the customized list of block-listed suspicious or high-risk IP addresses. + +### cURL Request + +The following cURL command retrieves the list of globally block-listed suspicious or high-risk IP addresses. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https:///api/v1/feeds/custom/ips +``` + +### Response + +A successful response will return a list of suspicious or high-risk IP addresses that will be banned. + +```json +{ + "_id":"", + "modified":"2020-11:00:00T00:00:01.62Z", + "feed":["193.171.1.1","193.171.1.2"]}, + "digest":"" +} +``` diff --git a/openapi-specs/compute/33-02/desc/feeds/ips_put.md b/openapi-specs/compute/33-02/desc/feeds/ips_put.md new file mode 100644 index 000000000..6f8fc2419 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/feeds/ips_put.md @@ -0,0 +1,21 @@ +Bans a custom list of suspicious or high-risk IP addresses. + +**Note:** Any previously installed lists are overwritten. + +### cURL Request + +The following cURL command installs a custom list of banned suspicious or high-risk IP addresses. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X PUT \ + -d '{"name":"banned-ips", "feed":["193.171.1.1","193.171.1.2"]}' \ + https:///api/v1/feeds/custom/ips +``` + +**Note:** No response will be returned upon successful execution. + +To confirm the IPs have been added to the ban list, invoke the `GET /api/v1/feeds/custom/ips` endpoint. + diff --git a/openapi-specs/compute/33-02/desc/feeds/malware_digest_get.md b/openapi-specs/compute/33-02/desc/feeds/malware_digest_get.md new file mode 100644 index 000000000..005c476a2 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/feeds/malware_digest_get.md @@ -0,0 +1,16 @@ +Retrieves the digest string for all the MD5 signatures of malicious executables configured in Console. + +### cURL Request + +The following cURL command retrieves the digest for the configured list for the MD5 signatures of malicious executables. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https:///api/v1/feeds/custom/malware/digest +``` + +A successful response will return the digest string. This is the same value as the `digest` property in the response of the `GET api/v1/feeds/custom/malware` endpoint. + diff --git a/openapi-specs/compute/33-02/desc/feeds/malware_get.md b/openapi-specs/compute/33-02/desc/feeds/malware_get.md new file mode 100644 index 000000000..2a7aa128b --- /dev/null +++ b/openapi-specs/compute/33-02/desc/feeds/malware_get.md @@ -0,0 +1,35 @@ +Returns the customized list of MD5 signatures of malicious executables. + +### cURL Request + +Refer to the following cURL command that retrieves the list of MD5 signatures of malicious executables: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/feeds/custom/malware" +``` + +### Response + +A successful response will return a list of MD5 signatures of malicious executables. + +```json +{ + "_id":"", + "modified":"2020-11:00:00T00:00:01.62Z", + "feed": [ + { + "name": "dimaaa", + "md5": "d4ba1008e7d97458fdd65deca2ba801b" + }, + { + "name": "emacs", + "md5": "5ce9d1116755f827f5d1e06246dd30b9" + } + ] + "digest":"" +} +``` diff --git a/openapi-specs/compute/33-02/desc/feeds/malware_put.md b/openapi-specs/compute/33-02/desc/feeds/malware_put.md new file mode 100644 index 000000000..7e6ec5da0 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/feeds/malware_put.md @@ -0,0 +1,34 @@ +Creates a custom list of malware MD5 signatures of malicious executables. + +> **Note:** Any previously installed lists are overwritten. + +### cURL Request + +Refer to the following cURL command that installs a custom list of malware MD5 signatures of malicious executables: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X PUT \ + -d ' +{ + "name": "malware-sigs", + "feed": [ + { + "name": "dimaaa", + "md5": "d4ba1008e7d57458fdd65deca2ba801b" + }, + { + "name": "emacs", + "md5": "5ce9d1116755f827f5d1e06246dd30b9" + } + ] +}' \ + "https:///api/v/feeds/custom/malware" +``` + +**Note:** No response will be returned upon successful execution. + +To confirm the malware list has been added / overwritten to the ban list, invoke the `GET /api/vVERSION/feeds/custom/malware` endpoint. + diff --git a/openapi-specs/compute/33-02/desc/feeds/refresh_post.md b/openapi-specs/compute/33-02/desc/feeds/refresh_post.md new file mode 100644 index 000000000..a83c40d10 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/feeds/refresh_post.md @@ -0,0 +1,9 @@ +Triggers Console to refresh its data from the **Intelligence Stream** + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + https://:8083/api/v1/feeds/offline/refresh +``` diff --git a/openapi-specs/compute/33-02/desc/forensic/activities_download_get.md b/openapi-specs/compute/33-02/desc/forensic/activities_download_get.md new file mode 100644 index 000000000..8a2dbd926 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/forensic/activities_download_get.md @@ -0,0 +1,12 @@ +Downloads all host activities that can be found on *Monitor > Events > Host Activities* + +Use the query parameters to filter what data is returned. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: text/csv' \ + -X GET \ + -o host_activities.csv + https://:8083/api/v1/forensic/activities/download +``` diff --git a/openapi-specs/compute/33-02/desc/forensic/activities_get.md b/openapi-specs/compute/33-02/desc/forensic/activities_get.md new file mode 100644 index 000000000..c8fb1d0cd --- /dev/null +++ b/openapi-specs/compute/33-02/desc/forensic/activities_get.md @@ -0,0 +1,11 @@ +Retrieves all host activities that can be found on *Monitor > Events > Host Activities*. + +Use the query parameters to filter what data is returned. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https://:8083/api/v1/forensic/activities +``` diff --git a/openapi-specs/compute/33-02/desc/forensic/forensic.md b/openapi-specs/compute/33-02/desc/forensic/forensic.md new file mode 100644 index 000000000..210cbbe96 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/forensic/forensic.md @@ -0,0 +1 @@ +The forensic endpoint will return data for host activities. \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/groups/get.md b/openapi-specs/compute/33-02/desc/groups/get.md new file mode 100644 index 000000000..6a0daa2eb --- /dev/null +++ b/openapi-specs/compute/33-02/desc/groups/get.md @@ -0,0 +1,15 @@ +Retrieves the list of all groups. + +This endpoint maps to the table data on the **Manage > Authentication > Groups** Console UI page. + +### cURL Request + +Refer to the following example cURL command that retrieves all the system groups. + +```bash +$ curl -k \ + -X GET \ + -u \ + -H 'Content-Type: application/json' \ + https:///api/v/groups +``` diff --git a/openapi-specs/compute/33-02/desc/groups/groups.md b/openapi-specs/compute/33-02/desc/groups/groups.md new file mode 100644 index 000000000..a1e5e93a0 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/groups/groups.md @@ -0,0 +1,3 @@ +Manage (create, modify, delete) groups in the system. +If you integrated OpenLDAP, AD, or SAML, you can re-use groups from there, and assign roles to them as appropriate. +Otherwise, create Prisma Cloud Compute local groups to manage privileges for groups of users. diff --git a/openapi-specs/compute/33-02/desc/groups/id_delete.md b/openapi-specs/compute/33-02/desc/groups/id_delete.md new file mode 100644 index 000000000..5962a1135 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/groups/id_delete.md @@ -0,0 +1,23 @@ +Deletes a group. +The `id` can be retrieved from the `GET /api/v1/groups` endpoint. + +To invoke this endpoint in the Console UI: + +1. Navigate to **Manage > Authentication > Groups**. +2. Click the dotted icon under the **Actions** column to open the menu options. +3. Click the **Delete** button to initiate the deletion. +4. Click the **Delete Group** button to confirm the deletion. + +### cURL Request + +The following cURL command deletes a collection with the name `{id}`. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X DELETE \ + 'https:///api/v1/groups/{id}' +``` + +**Note:** No response will be returned upon successful execution. diff --git a/openapi-specs/compute/33-02/desc/groups/id_put.md b/openapi-specs/compute/33-02/desc/groups/id_put.md new file mode 100644 index 000000000..5bc1a81a8 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/groups/id_put.md @@ -0,0 +1,43 @@ +Creates or modifies a group. +The `id` can be retrieved with from the `GET /api/v1/groups` endpoint. + +To invoke this endpoint in the Console UI: + +1. Navigate to **Manage > Authentication > Groups**. +2. Click the row of the group you want to update or click dotted icon under the **Actions** column to open the menu options and click the **Manage** button. +3. Update the group's parameters. +4. Click the **Save** button to save the changes. + +### cURL Request + +The PUT cURL command updates a group. + +**To submit a cURL request:** + +* The `name` value is required. +* If one of the following resources is left unspecified, the resource value will be set to a wildcard `[*]`: `hosts`, `images`, `labels`, `containers`, `functions`, `namespaces`, `appIDs`, `accountIDs`, `codeRepos`, `clusters` + +The following cURL command updates `my-group` with the users associated with the usernames `john` and `jane`. + +**Note:** You can retrieve the group `id` names from the `GET /api/v1/groups`. + +```bash +$ curl 'https:///api/v1/groups/{id}' \ + -k \ + -X PUT \ + -u \ + -H 'Content-Type: application/json' \ + -d \ +'{ + "groupName": "my-group", + "user": [ + {"username": "john"}, + {"username": "jane"} + ], + "lastModified":"2021-03-11T23:32:51.336Z" +}' +``` + +You must include a `lastModified` timestamp even though it will be overwritten by the system + +**Note:** No response will be returned upon successful execution. diff --git a/openapi-specs/compute/33-02/desc/groups/names.md b/openapi-specs/compute/33-02/desc/groups/names.md new file mode 100644 index 000000000..80f34f536 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/groups/names.md @@ -0,0 +1,26 @@ +Retrieves a list of all group names as an array of strings. + +This endpoint maps to the table data on the **Manage > Authentication > Groups** Console UI page. + +### cURL Request + +Refer to the following example cURL command that retrieves all the system groups: + +```bash +$ curl -k \ + -X GET \ + -u \ + -H 'Content-Type: application/json' \ + https:///api/v/groups/names +``` + +A sample output would look similar to this: + +```json +[ + "admins", + "secops", + "devops", + "" +] +``` diff --git a/openapi-specs/compute/33-02/desc/groups/post.md b/openapi-specs/compute/33-02/desc/groups/post.md new file mode 100644 index 000000000..d0fc23a6d --- /dev/null +++ b/openapi-specs/compute/33-02/desc/groups/post.md @@ -0,0 +1,33 @@ +Creates a group with users. + +To invoke this endpoint in the Console UI: + +1. Navigate to **Manage > Authentication > Groups**. +2. Add a collection using **+ Add group**. +3. Enter a group name and add at least one user. +3. Click the **Save** button. + +### cURL Request + +Refer to the following example cURL command that creates a new group named `my-group`: + +```bash +$ curl -k \ + -X POST \ + -u \ + -H 'Content-Type: application/json' \ + -d \ +'{ + "groupName": "my-group", + "user": [ + {"username": "john"}, + {"username": "jane"} + ] +}' \ +'https:///api/v/groups' +``` +This group includes the users associated with the usernames `john` and `jane`. + +**Note:** You must use usernames that already exist in the system. + +No response will be returned upon successful execution. diff --git a/openapi-specs/compute/33-02/desc/high-availability/get.md b/openapi-specs/compute/33-02/desc/high-availability/get.md new file mode 100644 index 000000000..a988d47ef --- /dev/null +++ b/openapi-specs/compute/33-02/desc/high-availability/get.md @@ -0,0 +1,11 @@ +Returns the status of high high availability. + +A curl command to access this endpoint may resemble the following code snippet: + +```bash +$ curl -k \ + -X GET \ + -u \ + -H 'Content-Type: application/json' \ + https://:8083/api/v1/high-availability \ +``` diff --git a/openapi-specs/compute/33-02/desc/hosts/download_get.md b/openapi-specs/compute/33-02/desc/hosts/download_get.md new file mode 100644 index 000000000..ab691fb49 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/hosts/download_get.md @@ -0,0 +1,19 @@ +Downloads all host scan reports in CSV format. + +This endpoint maps to the CSV hyperlink in **Monitor > Vulnerabilities > Hosts > Running hosts** in the Console UI. + +**Note**: The query parameters `fields`, `complianceID` and `normalizedSeverity` are not supported for this API endpoint. + +### cURL Request + +Refer to the following example cURL command that downloads all host scan reports to a CSV file called `hosts_report.csv`: + +```bash +curl -k \ + -u \ + -H 'Content-Type: text/csv' \ + -X GET -o hosts_report.csv \ + https:///api/v/hosts/download +``` + +A successful response displays the status of the download. diff --git a/openapi-specs/compute/33-02/desc/hosts/evaluate_get.md b/openapi-specs/compute/33-02/desc/hosts/evaluate_get.md new file mode 100644 index 000000000..8f866d89a --- /dev/null +++ b/openapi-specs/compute/33-02/desc/hosts/evaluate_get.md @@ -0,0 +1 @@ +Adds vulnerability data for the given host. \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/hosts/filters_get.md b/openapi-specs/compute/33-02/desc/hosts/filters_get.md new file mode 100644 index 000000000..4bf6df5e6 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/hosts/filters_get.md @@ -0,0 +1,11 @@ +Returns host filters such as distribution and host name. + +A curl command to access this endpoint may resemble the following code snippet: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https://:8083/api/v1/hosts/filters \ +``` diff --git a/openapi-specs/compute/33-02/desc/hosts/get.md b/openapi-specs/compute/33-02/desc/hosts/get.md new file mode 100644 index 000000000..43020558a --- /dev/null +++ b/openapi-specs/compute/33-02/desc/hosts/get.md @@ -0,0 +1,47 @@ +Retrieves all host scan reports. + +> _**Note:**_ The API rate limit for this endpoint is 30 requests per 30 seconds. +You get an HTTP error response 429 if the limit exceeds. + +This endpoint maps to the **Running hosts** table in **Monitor > Vulnerabilities > Hosts > Running hosts** in the Console UI. + +Refer to the following available options for the `fields` query parameters: +* type +* hostname +* collections +* firewallProtection +* agentless +* stopped +* scanID +* err +* labels +* externalLabels +* clusters +* cloudMetadata +* ecsClusterName +* k8sClusterAddr +* vulnerabilityRiskScore +* complianceIssuesCount +* complianceRiskScore +* complianceDistribution +* vulnerabilityDistribution +* vulnerabilitiesCount +* osDistro +* distro +* osDistroRelease + +_**Note:**_ The query parameters `issueType` is not supported for this API endpoint. + +### cURL Request + +Refer to the following cURL command that retrieves all host scan reports: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https:///api/v/hosts +``` + +A successful response returns all host scan reports. diff --git a/openapi-specs/compute/33-02/desc/hosts/hosts.md b/openapi-specs/compute/33-02/desc/hosts/hosts.md new file mode 100644 index 000000000..c50ea307b --- /dev/null +++ b/openapi-specs/compute/33-02/desc/hosts/hosts.md @@ -0,0 +1,4 @@ +Host scan reports. + +Prisma Cloud Compute scans the host machines in your container environment for CVEs and compliance issues. +Scan reports are generated for any host running Defender. diff --git a/openapi-specs/compute/33-02/desc/hosts/info_get.md b/openapi-specs/compute/33-02/desc/hosts/info_get.md new file mode 100644 index 000000000..5b3903b7e --- /dev/null +++ b/openapi-specs/compute/33-02/desc/hosts/info_get.md @@ -0,0 +1,13 @@ +Returns minimal information that includes hostname, distro, distro-release, collections, clusters, and agentless about all deployed hosts. + +_**Note:**_ The query parameters `issueType` is not supported for this API endpoint. + +A curl command to access this endpoint may resemble the following code snippet: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https:///api/v/hosts/info +``` diff --git a/openapi-specs/compute/33-02/desc/hosts/scan_post.md b/openapi-specs/compute/33-02/desc/hosts/scan_post.md new file mode 100644 index 000000000..6b72cbfa3 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/hosts/scan_post.md @@ -0,0 +1,10 @@ +Re-scan all hosts immediately. + +Refer to the following example command that forces Prisma Cloud Compute to re-scan all hosts: + +```bash +$ curl -k \ + -u \ + -X POST \ + https:///api/v/hosts/scan +``` diff --git a/openapi-specs/compute/33-02/desc/how_to_eval_console.md b/openapi-specs/compute/33-02/desc/how_to_eval_console.md new file mode 100644 index 000000000..33f19ce65 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/how_to_eval_console.md @@ -0,0 +1,35 @@ +All the example API commands in these documents specify a `` variable, which represents the address for Console. +The Console address will depend on how Console was installed. + +#### For SaaS Installations + +To find your `` path for a SaaS environment: + +1. Log into Console. +2. Navigate to **Compute** > **Manage** > **System** > **Downloads**. +3. You can find your `` path listed under **Path to Console**. Click **Copy** to quickly copy the path to your clipboard. + +console + + + +#### For Self-hosted Installations + +For self-hosted environments, the Prisma Cloud Compute API is exposed on port `8083` (HTTPS). +This port is specified at install time in `twistlock.cfg`. + +* **(Default) Kubernetes installations:** Console service is exposed by a LoadBalancer. + + The value for `` is the LoadBalancer followed by port `8083`: + + ``` + https://:8083 + ``` + +* **Onebox installations:** Console installed on a stand-alone host. + + The value for `` is the IP address or DNS name of the host followed by port `8083`: + + ``` + https://:8083 + ``` diff --git a/openapi-specs/compute/33-02/desc/images/defender_layer_get.md b/openapi-specs/compute/33-02/desc/images/defender_layer_get.md new file mode 100644 index 000000000..1dfe3633d --- /dev/null +++ b/openapi-specs/compute/33-02/desc/images/defender_layer_get.md @@ -0,0 +1,14 @@ +Returns the the Prisma Cloud Compute Defender in as a layer that can be used in an AWS Lambda implementation. + +## cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -X GET \ + -u \ + -H "Content-Type: application/octet-stream" \ + -o twistlock_defender_layer.zip \ + https:///api/v1/images/twistlock_defender_layer.zip +``` diff --git a/openapi-specs/compute/33-02/desc/images/defender_rasp_get.md b/openapi-specs/compute/33-02/desc/images/defender_rasp_get.md new file mode 100644 index 000000000..a8e145ff7 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/images/defender_rasp_get.md @@ -0,0 +1,12 @@ +Returns the the Prisma Cloud Compute Defender as the RASP Defender + +A curl command to access this endpoint may resemble the following code snippet: + +```bash +$ curl -k \ + -X GET \ + -u \ + -H "Content-Type: application/octet-stream" \ + -o twistlock_defender_rasp.tar.gz \ + https://:8083/api/v1/images/twistlock_defender_rasp.tar.gz +``` diff --git a/openapi-specs/compute/33-02/desc/images/download_get.md b/openapi-specs/compute/33-02/desc/images/download_get.md new file mode 100644 index 000000000..d0eaceb19 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/images/download_get.md @@ -0,0 +1,41 @@ +Downloads image scan reports in CSV format. + +This endpoint maps to **Monitor > Compliance > Images > Deployed** in the Console UI. + +Consider the following available options to retrieve when you use the `fields` query parameter: +- labels +- repoTag.repo +- repoTag.registry +- clusters +- hosts +- repoTag.tag + + +### cURL Request + +Refer to the following cURL command that generates a CSV file containing the scan reports: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/images/download" \ + > images.csv +``` + +Refer to the following example cURL command that might be useful for developers: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/images/download?id={id}&layers=true" \ + > images.csv +``` +where an example `{id}` is `sha256:abd4f451ddb707c8e68a36d695456a515cdd6f9581b7a8348a380030a6fd7689`. + +It takes an image ID as the input parameter, and generates a CSV file that lists all vulnerable packages in a given image, organized by layer, with both the affected and fixed versions. + +A successful response displays the status of the download. diff --git a/openapi-specs/compute/33-02/desc/images/evaluate_get.md b/openapi-specs/compute/33-02/desc/images/evaluate_get.md new file mode 100644 index 000000000..a0df77215 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/images/evaluate_get.md @@ -0,0 +1 @@ +Adds vulnerability data for the given images. \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/images/get.md b/openapi-specs/compute/33-02/desc/images/get.md new file mode 100644 index 000000000..3f594c6c8 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/images/get.md @@ -0,0 +1,57 @@ +Retrieves image scan reports. + +> _**Note:**_ The API rate limit for this endpoint is 30 requests per 30 seconds. +You get an HTTP error response 429 if the limit exceeds. + +This endpoint maps to the image table in **Monitor > Compliance > Images > Deployed** in the Console UI. + +> _**Note:**_ The `image` object of the response was created for internal use of Prisma Cloud Compute for image scanning and analysis. Therefore, its inner fields are not saved in the database and will return empty in the endpoint response. You can get some of its values, such as `labels` and `history`, from the main structure of the response. + +You can use the wildcard (*) character as input to filter the retrieved images. + +If no entry is present in the database, the search returns an empty list. + +Consider the following available options to retrieve when you use the `fields` query parameter: +- labels +- repoTag.repo +- repoTag.registry +- clusters +- hosts +- repoTag.tag + +_**Note:**_ The query parameters `issueType` is not supported for this API endpoint. + +### cURL Request + +Refer to the following cURL command that retrieves a compact scan report for all images: + +``` +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/images" +``` + +Refer to the following cURL command that retrieves a compact scan report for an Ubuntu image: + +``` +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/images?name=https:///ubuntu:latest&compact=true" +``` +The name query is synonymous with the filter images text field in the Console UI. + +Refer to the following cURL command that retrieves the scan report for an image with the matching SHA-256 hash: + +``` +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/images?id=sha256:d461f1845c43105d7d686a9cfca9d73b0272b1dcd0381bf105276c978cb02832" +``` + +A successful response returns the image scan reports. diff --git a/openapi-specs/compute/33-02/desc/images/images.md b/openapi-specs/compute/33-02/desc/images/images.md new file mode 100644 index 000000000..49b429bab --- /dev/null +++ b/openapi-specs/compute/33-02/desc/images/images.md @@ -0,0 +1,3 @@ +Image scan reports. + +Note that the compliance issues in an image might be different (fewer) than those in a running instance of the image (a container). diff --git a/openapi-specs/compute/33-02/desc/images/names_get.md b/openapi-specs/compute/33-02/desc/images/names_get.md new file mode 100644 index 000000000..3a234df98 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/images/names_get.md @@ -0,0 +1,15 @@ +Returns an array of strings containing image names. + +_**Note:**_ The query parameters `issueType` is not supported for this API endpoint. + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -X GET \ + -u \ + -H 'Content-Type: application/json' \ + https:///api/v/images/names +``` diff --git a/openapi-specs/compute/33-02/desc/images/scan_post.md b/openapi-specs/compute/33-02/desc/images/scan_post.md new file mode 100644 index 000000000..8d802727a --- /dev/null +++ b/openapi-specs/compute/33-02/desc/images/scan_post.md @@ -0,0 +1,12 @@ +Re-scan all images immediately. This endpoint returns the time that the scans were initiated. + +### cURL Request + +Refer to the following example cURL command that forces Prisma Cloud Compute to re-scan all images: + +```bash +$ curl -k \ + -u \ + -X POST \ + https:///api/v/images/scan +``` diff --git a/openapi-specs/compute/33-02/desc/images/twistlock_defender_app_embedded_tar_gz_get.md b/openapi-specs/compute/33-02/desc/images/twistlock_defender_app_embedded_tar_gz_get.md new file mode 100644 index 000000000..618d35c93 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/images/twistlock_defender_app_embedded_tar_gz_get.md @@ -0,0 +1 @@ +Generates the embedded defender bundle and serves it to the user. \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/images/twistlock_defender_layer_zip_post.md b/openapi-specs/compute/33-02/desc/images/twistlock_defender_layer_zip_post.md new file mode 100644 index 000000000..64c3cccc2 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/images/twistlock_defender_layer_zip_post.md @@ -0,0 +1 @@ +Returns a ZIP file with a Lambda layer containing the Defender runtime. \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/images/twistlock_defender_tar_gz_get.md b/openapi-specs/compute/33-02/desc/images/twistlock_defender_tar_gz_get.md new file mode 100644 index 000000000..7852e12ba --- /dev/null +++ b/openapi-specs/compute/33-02/desc/images/twistlock_defender_tar_gz_get.md @@ -0,0 +1,9 @@ +Download the Container Defender image for Linux platforms. + +```bash +$ curl -k \ + -u \ + -H "Content-Type: application/octet-stream" \ + -o twistlock_defender.tar.gz \ + https://:8083/api/v1/images/twistlock_defender.tar.gz +``` diff --git a/openapi-specs/compute/33-02/desc/intro.md b/openapi-specs/compute/33-02/desc/intro.md new file mode 100644 index 000000000..9038a3734 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/intro.md @@ -0,0 +1,92 @@ +# How to evaluate + +All the example API commands in these documents specify a `` variable, which represents the address for Console. +The Console address will depend on how Console was installed. + +## For SaaS Installations + +To find your `` path for a SaaS environment: + +1. Log into Console. +2. Navigate to **Compute** > **Manage** > **System** > **Downloads**. +3. You can find your `` path listed under **Path to Console**. Click **Copy** to quickly copy the path to your clipboard. + +console + + + +## For Self-hosted Installations + +For self-hosted environments, the Prisma Cloud Compute API is exposed on port `8083` (HTTPS). +This port is specified at install time in `twistlock.cfg`. + +* **(Default) Kubernetes installations:** Console service is exposed by a LoadBalancer. + + The value for `` is the LoadBalancer followed by port `8083`: + + ``` + https://:8083 + ``` + +* **Onebox installations:** Console installed on a stand-alone host. + + The value for `` is the IP address or DNS name of the host followed by port `8083`: + + ``` + https://:8083 + ``` + +# Using the curl example commands + + +The cURL example for each endpoint is called with a username (`-u `) only. +The cURL can be modified to use any of the following: + +* **Authentication Token:** Use the `-H` option to pass the authentication token from the `/api/v1/authenticate` endpoint into the request header. + +For example, replace `` with the token from the `/api/v1/authenticate` endpoint. + +```bash +$ curl -k \ +-H 'Authorization: Bearer ' \ +-X POST \ +https:///api/v1/ +``` + +* **Username and Password:** Use the `-u` and `-p` options to include the username and password, eliminating the need to enter a password in a secondary step. + +For example, replace `` with the username string and `` with the password string. + +```bash +$ curl -k \ +-u \ +-p \ +-X POST \ +https:///api/v1/ +``` + +* **Username Only:** This will require the user's password to be entered as a secondary step. + +For example, replace `` with the username string. + +```bash +$ curl -k \ +-u \ +-X POST \ +https:///api/v1/ +``` + +**Note:** This is a more secure method than including the `-p` option since your terminal history won't contain the password. + + +# API restrictions + + +Paginated API requests are capped to a max of 50 returned objects because very large responses could DoS Console. + +If the response contains more than 50 objects, cycle through the collection with the `offset` query parameter to retrieve more objects. +For example: + +``` +https:///api/v1/images?limit=50&offset=X +``` diff --git a/openapi-specs/compute/33-02/desc/kubernetes/kubernetes.md b/openapi-specs/compute/33-02/desc/kubernetes/kubernetes.md new file mode 100644 index 000000000..cbc430983 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/kubernetes/kubernetes.md @@ -0,0 +1 @@ +Kubernetes diff --git a/openapi-specs/compute/33-02/desc/kubernetes/scan_post.md b/openapi-specs/compute/33-02/desc/kubernetes/scan_post.md new file mode 100644 index 000000000..15d614c1a --- /dev/null +++ b/openapi-specs/compute/33-02/desc/kubernetes/scan_post.md @@ -0,0 +1,11 @@ +This endpoint will trigger a Kubernetes scan. + +The following example curl command uses basic auth to initiate this scan: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + https://:8083/api/v1/kubernetes/scan +``` diff --git a/openapi-specs/compute/33-02/desc/logs/console_get.md b/openapi-specs/compute/33-02/desc/logs/console_get.md new file mode 100644 index 000000000..80ece6611 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/logs/console_get.md @@ -0,0 +1,11 @@ +Retrieves the latest Console log messages. + +The following example curl command retrieves the 10 latest Console log messages: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https://:8083/api/v1/logs/console?lines=10 +``` diff --git a/openapi-specs/compute/33-02/desc/logs/defender_download_get.md b/openapi-specs/compute/33-02/desc/logs/defender_download_get.md new file mode 100644 index 000000000..5d6718db0 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/logs/defender_download_get.md @@ -0,0 +1,14 @@ +This endpoint will return the defender logs with `tar.gz` file extension given the hostname of the defender. + +The hostname can be returned from the endpoint `/defenders/names` + +The following example curl command uses basic auth to download the logs: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + -o defender_logs.tar.gz + https://:8083/api/v1/logs/defender/download?hostname={hostname} +``` diff --git a/openapi-specs/compute/33-02/desc/logs/defender_get.md b/openapi-specs/compute/33-02/desc/logs/defender_get.md new file mode 100644 index 000000000..1e733a746 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/logs/defender_get.md @@ -0,0 +1,15 @@ +Retrieves the latest log messages for a given Defender. +The Defender is specified by the host where it runs. +You can retrieve the hostname for each Defender from the `GET /api/v1/defenders` endpoint. + +The following example curl command retrieves the 10 log messages for the Defender that runs on `worker.sandbox.internal`. +Note that you must quote the URL when running the following command. +Otherwise the shell misinterprets the ampersand (`&`) as the end of the command, and puts the curl command in the background. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https://:8083/api/v1/logs/defender?lines=10&hostname=worker.sandbox.internal" +``` diff --git a/openapi-specs/compute/33-02/desc/logs/logs.md b/openapi-specs/compute/33-02/desc/logs/logs.md new file mode 100644 index 000000000..62129734e --- /dev/null +++ b/openapi-specs/compute/33-02/desc/logs/logs.md @@ -0,0 +1 @@ +Retrieve log messages from Console and Defender. diff --git a/openapi-specs/compute/33-02/desc/logs/system_download_get.md b/openapi-specs/compute/33-02/desc/logs/system_download_get.md new file mode 100644 index 000000000..1e5b5b873 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/logs/system_download_get.md @@ -0,0 +1,13 @@ +This endpoint will return the system debug logs with `tar.gz` file extension. + + +The following example curl command uses basic auth to download the logs: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + -o {file_name}.tar.gz + https://:8083/api/v1/logs/system/download +``` diff --git a/openapi-specs/compute/33-02/desc/pcf-droplets/addresses_get.md b/openapi-specs/compute/33-02/desc/pcf-droplets/addresses_get.md new file mode 100644 index 000000000..257a47455 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/pcf-droplets/addresses_get.md @@ -0,0 +1,13 @@ +This endpoint will return the cloud controller addresses configured for PCF Blobstore scanning. + +You can also add optional query parameters to this API call, in this example `cloudControllerAddresses` and/or `id` + +The following example curl command retrieves the list of addresses: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https://:8083/api/v1/pcf-droplets/addresses?cloudControllerAddresses={cloudControllerAddresses}&id={id}" +``` diff --git a/openapi-specs/compute/33-02/desc/pcf-droplets/download_get.md b/openapi-specs/compute/33-02/desc/pcf-droplets/download_get.md new file mode 100644 index 000000000..ad761e744 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/pcf-droplets/download_get.md @@ -0,0 +1,13 @@ +This endpoint will download the list of configured cloud controller addresses configured for PCF Blobstore scanning. + +The following example curl command retrieves the list of addresses and outputs it to a file call `PCF_blobstores.csv`: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + -o PCF_blobstores.csv + "https://:8083/api/v1/pcf-droplets/download?cloudControllerAddresses={cloudControllerAddresses}&id={id}" +``` + diff --git a/openapi-specs/compute/33-02/desc/pcf-droplets/get.md b/openapi-specs/compute/33-02/desc/pcf-droplets/get.md new file mode 100644 index 000000000..930d16948 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/pcf-droplets/get.md @@ -0,0 +1,11 @@ +This endpoint will return the full metadata of PCF blobstore from page **Monitor > Vulnerabilities > PCF** within the Console. + +The following example curl command will retrieve this: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https://:8083/api/v1/pcf-droplets?cloudControllerAddresses={cloudControllerAddresses}&id={id}" +``` diff --git a/openapi-specs/compute/33-02/desc/pcf-droplets/pcf-droplets.md b/openapi-specs/compute/33-02/desc/pcf-droplets/pcf-droplets.md new file mode 100644 index 000000000..0719fcaf5 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/pcf-droplets/pcf-droplets.md @@ -0,0 +1,3 @@ +Scan reports for the VMWare Tanzu Application Service (TAS) droplets in your blobstore(s). +Droplets are archives that contain ready to run applications. +They contain an OS stack, a buildpack (which contains the languages, libraries, and services used by the app), and custom app code. diff --git a/openapi-specs/compute/33-02/desc/pcf-droplets/scan_post.md b/openapi-specs/compute/33-02/desc/pcf-droplets/scan_post.md new file mode 100644 index 000000000..34e75b26c --- /dev/null +++ b/openapi-specs/compute/33-02/desc/pcf-droplets/scan_post.md @@ -0,0 +1,11 @@ +This endpoint will kick off a scan of the any PCF Blobstores you have configured. + +Example curl command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + https://:8083/api/v1/pcf-droplets/scan +``` diff --git a/openapi-specs/compute/33-02/desc/pcf-droplets/stop_post.md b/openapi-specs/compute/33-02/desc/pcf-droplets/stop_post.md new file mode 100644 index 000000000..94c376972 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/pcf-droplets/stop_post.md @@ -0,0 +1,11 @@ +This endpoint will instruct the PFC Defenders to stop scanning. + +Example curl command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + https://:8083/api/v1/pcf-droplets/stop +``` diff --git a/openapi-specs/compute/33-02/desc/policies/compliance_ci_images_get.md b/openapi-specs/compute/33-02/desc/policies/compliance_ci_images_get.md new file mode 100644 index 000000000..f97130a97 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/policies/compliance_ci_images_get.md @@ -0,0 +1,18 @@ +Retrieves the compliance policy for images scanned in your continuous integration (CI) pipeline. +A policy consists of ordered rules. + +This endpoint maps to **Defend > Compliance > Containers and images > CI** in the Console UI. + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + 'https:///api/v/policies/compliance/ci/images' +``` + +A successful response returns a list of compliance rules in the policy. diff --git a/openapi-specs/compute/33-02/desc/policies/compliance_ci_images_put.md b/openapi-specs/compute/33-02/desc/policies/compliance_ci_images_put.md new file mode 100644 index 000000000..294add6f6 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/policies/compliance_ci_images_put.md @@ -0,0 +1,58 @@ +Updates the compliance policy for images scanned in your continuous integration (CI) pipeline. +All rules in the policy are updated in a single shot. + +The policy set in this endpoint is enforced by the scanners in the Jenkins plugin and the `twistcli` command line tool. + +This endpoint maps to the policy table in **Defend > Compliance > Containers and images > CI** in the Console UI. + + +### cURL Request + +The following cURL command overwrites all rules in your current policy with a new policy that has a single rule. + +To construct an effective rule for this policy, specify at least one "check" and the `effect`. +See [How to Construct a Compliance Policy](#how-to-construct-a-compliance-policy) for more info. + +For a full list of checks, go to **Defend > Compliance > Containers and images > CI** in the Console UI and create a new rule. +All prebuilt checks and their IDs are shown under **Compliance actions**. + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl 'https:///api/v/policies/compliance/ci/images' \ + -k \ + -X PUT \ + -u \ + -H 'Content-Type: application/json' \ + -d \ +'{ + "rules": [ + { + "name": "my-rule", + "effect": "alert", + "collections":[ + { + "name":"All" + } + ], + "condition": { + "vulnerabilities": [ + { + "id": 41, + "block": false, + "minSeverity": 1 + } + ] + } + } + ], + "policyType": "ciImagesCompliance" +}' +``` + +**Note:** No response will be returned upon successful execution. + + + diff --git a/openapi-specs/compute/33-02/desc/policies/compliance_ci_serverless_get.md b/openapi-specs/compute/33-02/desc/policies/compliance_ci_serverless_get.md new file mode 100644 index 000000000..59195f070 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/policies/compliance_ci_serverless_get.md @@ -0,0 +1,19 @@ +Retrieves the compliance policy for serverless functions built in your Continuous Integration (CI) pipeline. +A policy consists of ordered rules. + +This endpoint maps to the policy table in **Defend > Compliance > Functions > CI** in the Console UI. + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https:///api/v/policies/compliance/ci/serverless +``` + +A successful response contains a list of compliance rules in the policy. + diff --git a/openapi-specs/compute/33-02/desc/policies/compliance_ci_serverless_put.md b/openapi-specs/compute/33-02/desc/policies/compliance_ci_serverless_put.md new file mode 100644 index 000000000..b25c34aae --- /dev/null +++ b/openapi-specs/compute/33-02/desc/policies/compliance_ci_serverless_put.md @@ -0,0 +1,50 @@ +Updates the compliance policy for serverless functions built in your Continuous Integration (CI) pipeline. +All rules in the policy are updated in a single shot. + +The policy set in this endpoint is enforced by the scanners in the Jenkins plugin and the `twistcli` command line tool. + +This endpoint maps to the policy table in **Defend > Compliance > Functions > CI** in the Console UI. + +To construct an effective rule for this policy, specify at least one "check" and one `effect` value. +See [How to Construct a Compliance Policy](#how-to-construct-a-compliance-policy) for more info. + +For a full list of checks, go to **Defend > Compliance > Functions > CI** in the Console UI and create a new rule. +All prebuilt checks and their IDs are shown under **Compliance actions**. + +### cURL Request + +Refer to the following example cURL command that overwrites all rules in your current policy with a new policy that has a single rule: + +```bash +$ curl 'https:///api/v/policies/compliance/ci/serverless' \ + -k \ + -X PUT \ + -u \ + -H 'Content-Type: application/json' \ + -d \ +'{ + "rules": [ + { + "name": "my-rule", + "effect": "alert", + "collections":[ + { + "name":"All" + } + ], + "condition": { + "vulnerabilities": [ + { + "id": 436, + "block": false, + "minSeverity": 1 + } + ] + } + } + ], + "policyType": "ciServerlessCompliance" +}' +``` + +**Note:** No response will be returned upon successful execution. diff --git a/openapi-specs/compute/33-02/desc/policies/compliance_container_get.md b/openapi-specs/compute/33-02/desc/policies/compliance_container_get.md new file mode 100644 index 000000000..7f10245ea --- /dev/null +++ b/openapi-specs/compute/33-02/desc/policies/compliance_container_get.md @@ -0,0 +1,18 @@ +Retrieves the compliance policy for running containers. +A policy consists of ordered rules. + +This endpoint maps to **Defend > Compliance > Containers and images > Deployed** in the Console UI. + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + 'https:///api/v/policies/compliance/container' +``` + +A successful response returns a list of compliance rules in the policy. diff --git a/openapi-specs/compute/33-02/desc/policies/compliance_container_impacted_get.md b/openapi-specs/compute/33-02/desc/policies/compliance_container_impacted_get.md new file mode 100644 index 000000000..607bfa3c8 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/policies/compliance_container_impacted_get.md @@ -0,0 +1,21 @@ +Lists the containers caught by your compliance policy on a per-rule basis. +These rule names can be found from the `name` variable in the response from a `GET` on the basic policies/compliance endpoint. + +To see where Console invokes this endpoint: + +* In Console, go to **Defend > Compliance > Containers and images > Deployed**. +* In the **Compliance rules** section, click **Show** under the **Entities in scope** column for a rule. +* The endpoint is invoked when the pop-up is displayed. + +### cURL Request + +The following cURL command returns a list of containers captured by ``. + +```bash +$ curl -k \ + -u \ + -X GET \ + 'https:///api/v/policies/compliance/container/impacted?ruleName=' +``` + +A successful response contains a list of impacted containers by a rule within the context of the policy. diff --git a/openapi-specs/compute/33-02/desc/policies/compliance_container_put.md b/openapi-specs/compute/33-02/desc/policies/compliance_container_put.md new file mode 100644 index 000000000..2e9616ea0 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/policies/compliance_container_put.md @@ -0,0 +1,49 @@ +Updates the compliance policy for running containers. +All rules in the policy are updated in a single shot. + +This endpoint maps to the policy table in **Defend > Compliance > Containers and images > Deployed** in the Console UI. + +To construct an effective rule for this policy, specify at least one "check" and one `effect` value. +See [How to Construct a Compliance Policy](#how-to-construct-a-compliance-policy) for more info. + +For a full list of checks, go to **Defend > Compliance > Containers and images > Deployed** in the Console UI and create a new rule. +All prebuilt checks and their IDs are shown under **Compliance actions**. + +### cURL Request + +Refer to the following example cURL command that overwrites all rules in your current policy with a new policy that has a single rule: + +```bash +$ curl 'https:///api/v/policies/compliance/container' \ + -k \ + -X PUT \ + -u \ + -H 'Content-Type: application/json' \ + -d \ +'{ + "rules":[ + { + "name": "my-rule", + "effect": "alert", + "collections":[ + { + "name":"All" + } + ], + "condition": { + "vulnerabilities": [ + { + "id": 531, + "block": false, + "minSeverity": 1 + } + ] + } + } + ], + "policyType":"containerCompliance" +}' +``` + +**Note:** No response will be returned upon successful execution. + diff --git a/openapi-specs/compute/33-02/desc/policies/compliance_host_get.md b/openapi-specs/compute/33-02/desc/policies/compliance_host_get.md new file mode 100755 index 000000000..c029ecf7f --- /dev/null +++ b/openapi-specs/compute/33-02/desc/policies/compliance_host_get.md @@ -0,0 +1,18 @@ +Retrieves the compliance policy for hosts protected by Defender. +A policy consists of ordered rules. + +This endpoint maps to **Defend > Compliance > Hosts > Running hosts** in the Console UI. + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + 'https:///api/v/policies/compliance/host' +``` + +A successful response returns a list of compliance rules in the policy. diff --git a/openapi-specs/compute/33-02/desc/policies/compliance_host_put.md b/openapi-specs/compute/33-02/desc/policies/compliance_host_put.md new file mode 100755 index 000000000..9b1e4ce75 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/policies/compliance_host_put.md @@ -0,0 +1,48 @@ +Updates the compliance policy for hosts protected by Defender. +All rules in the policy are updated in a single shot. + +This endpoint maps to the policy table in **Defend > Compliance > Hosts > Running hosts** in the Console UI. + +To construct an effective rule for this policy, specify at least one "check" and one `effect` value. +See [How to Construct a Compliance Policy](#how-to-construct-a-compliance-policy) for more info. + +For a full list of checks, go to **Defend > Compliance > Hosts > Running Hosts** in the Console UI and create a new rule. +All prebuilt checks and their IDs are shown under **Compliance actions**. + +### cURL Request + +Refer tp the following example cURL command that overwrites all rules in your current policy with a new policy that has a single rule: + +```bash +$ curl 'https:///api/v/policies/compliance/host' \ + -k \ + -X PUT \ + -u \ + -H 'Content-Type: application/json' \ + -d \ +'{ + "rules":[ + { + "name":"my-rule", + "effect":"alert", + "collections":[ + { + "name":"All" + } + ], + "condition":{ + "vulnerabilities":[ + { + "id":6151, + "block":false + } + ] + } + } + ], + "policyType":"hostCompliance" +}' +``` + +**Note:** No response will be returned upon successful execution. + diff --git a/openapi-specs/compute/33-02/desc/policies/compliance_serverless_get.md b/openapi-specs/compute/33-02/desc/policies/compliance_serverless_get.md new file mode 100755 index 000000000..c7de886c1 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/policies/compliance_serverless_get.md @@ -0,0 +1,18 @@ +Retrieves the compliance policy for serverless functions situated in your cloud provider's infrastructure. +A policy consists of ordered rules. + +This endpoint maps to **Defend > Compliance > Functions > Functions** in the Console UI. + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + 'https:///api/v/policies/compliance/serverless' +``` + +A successful response returns a list of compliance rules in the policy. diff --git a/openapi-specs/compute/33-02/desc/policies/compliance_serverless_put.md b/openapi-specs/compute/33-02/desc/policies/compliance_serverless_put.md new file mode 100755 index 000000000..ea44d297e --- /dev/null +++ b/openapi-specs/compute/33-02/desc/policies/compliance_serverless_put.md @@ -0,0 +1,48 @@ +Updates the compliance policy for serverless functions situated in your cloud provider's infrastructure. +All rules in the policy are updated in a single shot. + +This endpoint maps to the policy table in **Defend > Compliance > Functions > Functions** in the Console UI. + +### cURL Request + +The following cURL command overwrites all rules in your current policy with a new policy that has a single rule. + +To construct an effective rule for this policy, specify at least one "check" and one `effect` value. +See [How to Construct a Compliance Policy](#how-to-construct-a-compliance-policy) for more info. + +For a full list of checks, go to **Defend > Compliance > Functions > Functions** in the Console UI and create a new rule. +All prebuilt checks and their IDs are shown under **Compliance actions**. + +```bash +$ curl 'https:///api/v/policies/compliance/serverless' \ + -k \ + -X PUT \ + -u \ + -H 'Content-Type: application/json' \ + -d \ +'{ + "rules":[ + { + "name":"my-rule", + "effect":"alert", + "collections":[ + { + "name":"All" + } + ], + "condition":{ + "vulnerabilities":[ + { + "id":434, + "block":false + } + ] + } + } + ], + "policyType":"serverlessCompliance" +}' +``` + +**Note:** No response will be returned upon successful execution. + diff --git a/openapi-specs/compute/33-02/desc/policies/compliance_vms_get.md b/openapi-specs/compute/33-02/desc/policies/compliance_vms_get.md new file mode 100755 index 000000000..f7d7e1a49 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/policies/compliance_vms_get.md @@ -0,0 +1,18 @@ +Retrieves the compliance policy for VM images scanned in your cloud accounts. +A policy consists of ordered rules. + +This endpoint maps to the policy table in **Defend > Compliance > Hosts > VM images** in the Console UI. + +### cURL Request + +The following cURL command retrieves all rules in the policy. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + 'https:///api/v/policies/compliance/vms' +``` + +A successful response returns a list of compliance rules in the policy. \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/policies/compliance_vms_impacted_get.md b/openapi-specs/compute/33-02/desc/policies/compliance_vms_impacted_get.md new file mode 100644 index 000000000..9cf5b9d03 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/policies/compliance_vms_impacted_get.md @@ -0,0 +1,16 @@ +Retrieves a list of all resources a compliance rule impacts. +These rule names can be found from the `name` variable in the response from a `GET` on the basic policies/compliance endpoint. + +Use query parameters to retrieve the list of impacted resources by *account ID*, *rule name*, or *collection*. + +### cURL Request + +Refer to the following example cURL command, which retrieves a list of impacted resources: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/policies/compliance/vms/impacted" +``` diff --git a/openapi-specs/compute/33-02/desc/policies/compliance_vms_put.md b/openapi-specs/compute/33-02/desc/policies/compliance_vms_put.md new file mode 100755 index 000000000..f38b1c61f --- /dev/null +++ b/openapi-specs/compute/33-02/desc/policies/compliance_vms_put.md @@ -0,0 +1,48 @@ +Updates the compliance policy for VM images scanned in your cloud accounts. +All rules in the policy are updated in a single shot. + +This endpoint maps to the policy table in **Defend > Compliance > Hosts > VM images** in the Console UI. + + +### cURL Request + +The following cURL command overwrites all rules in your current policy with a new policy that has a single rule. + +To construct an effective rule for this policy, specify at least one "check" and one `effect` value. +See [How to Construct a Compliance Policy](#how-to-construct-a-compliance-policy) for more info. + +For a full list of checks, go to **Defend > Compliance > Hosts > VM images** in the Console UI and create a new rule. +All prebuilt checks and their IDs are shown under **Compliance actions**. + +```bash +$ curl 'https:///api/v/policies/compliance/vms' \ + -k \ + -X PUT \ + -u \ + -H 'Content-Type: application/json' \ + -d \ +'{ + "rules":[ + { + "name":"my-rule", + "effect":"alert", + "collections":[ + { + "name":"All" + } + ], + "condition":{ + "vulnerabilities":[ + { + "id":6151, + "block":false + } + ] + } + } + ], + "policyType":"vmCompliance" +}' +``` + +**Note:** No response will be returned upon successful execution. diff --git a/openapi-specs/compute/33-02/desc/policies/docker_get.md b/openapi-specs/compute/33-02/desc/policies/docker_get.md new file mode 100644 index 000000000..f56872c67 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/policies/docker_get.md @@ -0,0 +1,11 @@ +Retrieves a list of all access control rules for Docker Engine commands. + +Example curl command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https://:8083/api/v1/policies/docker +``` diff --git a/openapi-specs/compute/33-02/desc/policies/docker_put.md b/openapi-specs/compute/33-02/desc/policies/docker_put.md new file mode 100644 index 000000000..860e2bb1e --- /dev/null +++ b/openapi-specs/compute/33-02/desc/policies/docker_put.md @@ -0,0 +1,33 @@ +Updates all Docker Engine access control rules in a single shot. +Updating all rules at the same time makes it possible to maintain strict ordering between rules. + +The procedure to add, edit, or remove Docker access control rules is: + +1. Get all Docker access control rules using the GET endpoint. + + The following curl command uses basic auth to retrieve a list of all rules, pretty-print the JSON response, and save the results to a file. + + ``` + $ curl -k \ + -u \ + https://:8083/api/v1/policies/docker \ + | jq '.' > docker_access_control_rules.json + ``` + +2. Modify the JSON output according to your needs. + +3. Update rules by pushing the new JSON payload. + + The following curl command installs the rules defined in your `docker_access_control_rules.json` file. + Do not forget to specify the `@` symbol. + + ``` + $ curl -k \ + -u \ + -X PUT \ + -H "Content-Type:application/json" \ + https://:8083/api/v1/policies/docker \ + --data-binary "@docker_access_control_rules.json" + ``` + +Any previously installed rules are overwritten. diff --git a/openapi-specs/compute/33-02/desc/policies/firewall_app-embedded_get.md b/openapi-specs/compute/33-02/desc/policies/firewall_app-embedded_get.md new file mode 100644 index 000000000..3da2a7cd6 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/policies/firewall_app-embedded_get.md @@ -0,0 +1,18 @@ +Retrieves the WAAS policy for web apps protected by App-Embedded Defender. +A policy consists of ordered rules. + +This endpoint maps to **Defend > WAAS > App-Embedded** in the Console UI. + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + 'https:///api/v/policies/firewall/app/app-embedded' +``` + +A successful response returns a list of rules in the policy. diff --git a/openapi-specs/compute/33-02/desc/policies/firewall_app-embedded_put.md b/openapi-specs/compute/33-02/desc/policies/firewall_app-embedded_put.md new file mode 100644 index 000000000..a74e1169e --- /dev/null +++ b/openapi-specs/compute/33-02/desc/policies/firewall_app-embedded_put.md @@ -0,0 +1,200 @@ +Updates the WAAS policy for web apps protected by App-Embedded Defender. +All rules in the policy are updated in a single shot. + +To invoke this endpoint in the Console UI: + +1. Navigate to **Defend > WAAS > App-Embedded**. +2. Click **+ Add rule** and enter the new rule information. +3. Click the **Add new app** button to move to the configuration window. +4. Configure the application with at least one endpoint, and click the **Save** button. + +Adding and maintaining rules for a WAAS app involves populating a large and complex JSON request body. +We recommend the following process: + +1. Manually define your app's policy via the Console UI as described [here](https://docs.twistlock.com/docs/compute_edition/waas/deploy_waas.html). +2. Use the **Export** button on **Defend** > **WAAS** to export the app's policy rules to a JSON file. +3. Use the exported file as a template to modify, then either import the file back in using the **Import** button, or use it as the basis for defining the rules to include in this endpoint's payload. + +### cURL Request + +The following cURL command overwrites all rules in your current policy with a new policy that has a single rule. + +```bash +$ curl 'https:///api/v/policies/firewall/app/app-embedded' \ + -k \ + -X PUT \ + -u \ + -H 'Content-Type: application/json' \ + -d \ +' +{ + "_id":"appEmbeddedAppFirewall", + "rules":[ + { + "name":"my-rule", + "collections":[ + { + "name":"All" + } + ], + "applicationsSpec":[ + { + "banDurationMinutes":5, + "certificate":{ + + }, + "dosConfig":{ + "effect":"disable", + "matchConditions":[ + + ] + }, + "apiSpec":{ + "endpoints":[ + { + "host":"*", + "basePath":"*", + "exposedPort":1, + "internalPort":1, + "tls":false, + "http2":false + } + ], + "paths":[ + { + "path":"/api/v1/logs/system/upload", + "methods":[ + { + "method":"POST" + } + ] + } + ], + "effect":"disable", + "fallbackEffect":"disable" + }, + "botProtectionSpec":{ + "userDefinedBots":[ + + ], + "knownBotProtectionsSpec":{ + "searchEngineCrawlers":"disable", + "businessAnalytics":"disable", + "educational":"disable", + "news":"disable", + "financial":"disable", + "contentFeedClients":"disable", + "archiving":"disable", + "careerSearch":"disable", + "mediaSearch":"disable" + }, + "unknownBotProtectionSpec":{ + "generic":"disable", + "webAutomationTools":"disable", + "webScrapers":"disable", + "apiLibraries":"disable", + "httpLibraries":"disable", + "botImpersonation":"disable", + "browserImpersonation":"disable", + "requestAnomalies":{ + "threshold":9, + "effect":"disable" + } + }, + "sessionValidation":"disable", + "interstitialPage":false, + "jsInjectionSpec":{ + "enabled":false, + "timeoutEffect":"disable" + } + }, + "networkControls":{ + "advancedProtectionEffect":"alert", + "deniedSubnetsEffect":"alert", + "deniedCountriesEffect":"alert", + "allowedCountriesEffect":"alert" + }, + "body":{ + "inspectionSizeBytes":131072 + }, + "intelGathering":{ + "infoLeakageEffect":"disable", + "removeFingerprintsEnabled":true + }, + "maliciousUpload":{ + "effect":"disable", + "allowedFileTypes":[ + + ], + "allowedExtensions":[ + + ] + }, + "csrfEnabled":true, + "clickjackingEnabled":true, + "sqli":{ + "effect":"prevent", + "exceptionFields":[ + + ] + }, + "xss":{ + "effect":"alert", + "exceptionFields":[ + + ] + }, + "attackTools":{ + "effect":"alert", + "exceptionFields":[ + + ] + }, + "shellshock":{ + "effect":"alert", + "exceptionFields":[ + + ] + }, + "malformedReq":{ + "effect":"alert", + "exceptionFields":[ + + ] + }, + "cmdi":{ + "effect":"alert", + "exceptionFields":[ + + ] + }, + "lfi":{ + "effect":"alert", + "exceptionFields":[ + + ] + }, + "codeInjection":{ + "effect":"alert", + "exceptionFields":[ + + ] + }, + "remoteHostForwarding":{ + + }, + "selected":true, + "headerSpecs":[ + + ] + } + ], + "expandDetails":true + } + ], + "minPort":30000, + "maxPort":31000 +}' +``` + +**Note:** No response will be returned upon successful execution. diff --git a/openapi-specs/compute/33-02/desc/policies/firewall_app_agentless_get.md b/openapi-specs/compute/33-02/desc/policies/firewall_app_agentless_get.md new file mode 100644 index 000000000..887614486 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/policies/firewall_app_agentless_get.md @@ -0,0 +1 @@ + Returns the Agentless application firewall policy \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/policies/firewall_app_agentless_impacted_get.md b/openapi-specs/compute/33-02/desc/policies/firewall_app_agentless_impacted_get.md new file mode 100644 index 000000000..382221d77 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/policies/firewall_app_agentless_impacted_get.md @@ -0,0 +1 @@ +Returns a list of mirrored VMs for which the firewall policy rule applies to. \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/policies/firewall_app_agentless_put.md b/openapi-specs/compute/33-02/desc/policies/firewall_app_agentless_put.md new file mode 100644 index 000000000..6fc8a0a16 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/policies/firewall_app_agentless_put.md @@ -0,0 +1 @@ +Sets the Agentless WAAS policy. \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/policies/firewall_app_agentless_resources_get.md b/openapi-specs/compute/33-02/desc/policies/firewall_app_agentless_resources_get.md new file mode 100644 index 000000000..e8165f2b9 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/policies/firewall_app_agentless_resources_get.md @@ -0,0 +1 @@ + Returns the WAAS VPC configuration resources. \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/policies/firewall_app_agentless_state_get.md b/openapi-specs/compute/33-02/desc/policies/firewall_app_agentless_state_get.md new file mode 100644 index 000000000..968086a90 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/policies/firewall_app_agentless_state_get.md @@ -0,0 +1 @@ +Returns the state for the Agentless app firewall policy. \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/policies/firewall_app_apispec_post.md b/openapi-specs/compute/33-02/desc/policies/firewall_app_apispec_post.md new file mode 100644 index 000000000..e4648a6c8 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/policies/firewall_app_apispec_post.md @@ -0,0 +1,112 @@ +Resolves the endpoints defined in an OpenAPI/Swagger specification and returns a `waas.APISpec` object. + +The `waas.APISpec` object can be included in the body of a subsequent call to the `PUT api/v1/policies/firewall/app/app-embedded` endpoint to define an app that WAAS monitors and protects. + +To invoke this endpoint in the Console UI: + +1. Navigate to the **Defend > WAAS > App-Embedded** page. +2. Click **Add rule**. +3. Enter the details for the new rule and click **Add new app**. +4. On the **App definition** tab, click the **Import** button and select an OpenAPI/Swagger specification file. + +**Note:** You can use a YAML or JSON format for the OpenAPI/Swagger specification. + +### cURL Request + +Refer to the following example cURL command that imports an API from an OpenAPI/Swagger specification: + +```bash +$ curl 'https:///api/v/policies/firewall/app/apispec' \ + -k \ + -X POST \ + -u \ + -H 'Content-Type: application/json' \ + -d \ +'{ + "swagger": "2.0", + "info": { + "version": "2021.7.28", + "title": "Book API", + "description": "A simple API for books.", + "contact": { + "name": "John Smith", + "email": "test.email@email.com", + "url": "http://mywebsite.com" + }, + "license": { + "name": "Apache 2.0", + "url": "https://www.apache.org/licenses/LICENSE-2.0.html" + } + }, + "host": "api.mywebsite.com", + "basePath": "/api", + "schemes": [ + "http" + ], + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "paths": { + "/books": { + "get": { + "description": "Returns a list of books.", + "operationId": "findBooks", + "responses": { + "200": { + "description": "Success response", + "schema": { + "type": "array", + "items": { + "$ref": "#/definitions/Book" + } + } + }, + "default": { + "description": "unexpected error", + "schema": { + "$ref": "#/definitions/Error" + } + } + } + } + } + }, + "definitions": { + "Book": { + "allOf": [ + { + "required": [ + "id" + ], + "properties": { + "id": { + "type": "integer", + "format": "int64" + } + } + } + ] + }, + "Error": { + "required": [ + "code", + "message" + ], + "properties": { + "code": { + "type": "integer", + "format": "int32" + }, + "message": { + "type": "string" + } + } + } + } +}' +``` + +A successful response returns a `waas.APISpec` object containing the API specification that was imported. diff --git a/openapi-specs/compute/33-02/desc/policies/firewall_app_container_get.md b/openapi-specs/compute/33-02/desc/policies/firewall_app_container_get.md new file mode 100644 index 000000000..3b8c157fa --- /dev/null +++ b/openapi-specs/compute/33-02/desc/policies/firewall_app_container_get.md @@ -0,0 +1,17 @@ +Retrieves the WAAS policy for containers. +A policy consists of ordered rules. + +This endpoint maps to **Defend > WAAS > Container** in the Console UI. + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + 'https:///api/v/policies/firewall/app/container' +``` + +A successful response returns a list of rules in the policy. diff --git a/openapi-specs/compute/33-02/desc/policies/firewall_app_container_impacted_get.md b/openapi-specs/compute/33-02/desc/policies/firewall_app_container_impacted_get.md new file mode 100644 index 000000000..cce179f4f --- /dev/null +++ b/openapi-specs/compute/33-02/desc/policies/firewall_app_container_impacted_get.md @@ -0,0 +1 @@ +Returns a list of containers for which the firewall policy rule applies to. \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/policies/firewall_app_container_put.md b/openapi-specs/compute/33-02/desc/policies/firewall_app_container_put.md new file mode 100644 index 000000000..56a794cc7 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/policies/firewall_app_container_put.md @@ -0,0 +1,202 @@ +Updates the WAAS policy for containers. +All rules are updated in a single shot. + +Updating all rules at the same time makes it possible to maintain strict ordering between rules. + +To invoke this endpoint in the Console UI: + +1. Navigate to **Defend > WAAS > Container**. +2. Click **+ Add rule** and enter the new rule information. +3. Click the **Add new app** button to move to the configuration window. +4. Configure the application with at least one endpoint, and click the **Save** button. + +Adding and maintaining rules for a WAAS app involves populating a large and complex JSON request body. +We recommend the following process: + +1. Manually define your app's policy via the Console UI as described [here](https://docs.twistlock.com/docs/compute_edition/waas/deploy_waas.html). +2. Use the **Export** button on **Defend** > **WAAS** to export the app's policy rules to a JSON file. +3. Use the exported file as a template to modify, then either import the file back in using the **Import** button, or use it as the basis for defining the rules to include in this endpoint's payload. + +### cURL Request + +Refer to the following example cURL command that overwrites all applications rules with a single rule. + +``` +$ curl 'https:///api/v/policies/firewall/app/container' \ + -k \ + -X PUT \ + -u \ + -H 'Content-Type: application/json' \ + -d \ +' +{ + "_id":"appEmbeddedAppFirewall", + "rules":[ + { + "name":"my-rule", + "collections":[ + { + "name":"All" + } + ], + "applicationsSpec":[ + { + "banDurationMinutes":5, + "certificate":{ + + }, + "dosConfig":{ + "effect":"disable", + "matchConditions":[ + + ] + }, + "apiSpec":{ + "endpoints":[ + { + "host":"*", + "basePath":"*", + "exposedPort":1, + "internalPort":1, + "tls":false, + "http2":false + } + ], + "paths":[ + { + "path":"/api/v1/logs/system/upload", + "methods":[ + { + "method":"POST" + } + ] + } + ], + "effect":"disable", + "fallbackEffect":"disable" + }, + "botProtectionSpec":{ + "userDefinedBots":[ + + ], + "knownBotProtectionsSpec":{ + "searchEngineCrawlers":"disable", + "businessAnalytics":"disable", + "educational":"disable", + "news":"disable", + "financial":"disable", + "contentFeedClients":"disable", + "archiving":"disable", + "careerSearch":"disable", + "mediaSearch":"disable" + }, + "unknownBotProtectionSpec":{ + "generic":"disable", + "webAutomationTools":"disable", + "webScrapers":"disable", + "apiLibraries":"disable", + "httpLibraries":"disable", + "botImpersonation":"disable", + "browserImpersonation":"disable", + "requestAnomalies":{ + "threshold":9, + "effect":"disable" + } + }, + "sessionValidation":"disable", + "interstitialPage":false, + "jsInjectionSpec":{ + "enabled":false, + "timeoutEffect":"disable" + } + }, + "networkControls":{ + "advancedProtectionEffect":"alert", + "deniedSubnetsEffect":"alert", + "deniedCountriesEffect":"alert", + "allowedCountriesEffect":"alert" + }, + "body":{ + "inspectionSizeBytes":131072 + }, + "intelGathering":{ + "infoLeakageEffect":"disable", + "removeFingerprintsEnabled":true + }, + "maliciousUpload":{ + "effect":"disable", + "allowedFileTypes":[ + + ], + "allowedExtensions":[ + + ] + }, + "csrfEnabled":true, + "clickjackingEnabled":true, + "sqli":{ + "effect":"prevent", + "exceptionFields":[ + + ] + }, + "xss":{ + "effect":"alert", + "exceptionFields":[ + + ] + }, + "attackTools":{ + "effect":"alert", + "exceptionFields":[ + + ] + }, + "shellshock":{ + "effect":"alert", + "exceptionFields":[ + + ] + }, + "malformedReq":{ + "effect":"alert", + "exceptionFields":[ + + ] + }, + "cmdi":{ + "effect":"alert", + "exceptionFields":[ + + ] + }, + "lfi":{ + "effect":"alert", + "exceptionFields":[ + + ] + }, + "codeInjection":{ + "effect":"alert", + "exceptionFields":[ + + ] + }, + "remoteHostForwarding":{ + + }, + "selected":true, + "headerSpecs":[ + + ] + } + ], + "expandDetails":true + } + ], + "minPort":30000, + "maxPort":31000 +}' +``` + +​**Note:** No response will be returned upon successful execution. diff --git a/openapi-specs/compute/33-02/desc/policies/firewall_app_host_get.md b/openapi-specs/compute/33-02/desc/policies/firewall_app_host_get.md new file mode 100644 index 000000000..adb90128a --- /dev/null +++ b/openapi-specs/compute/33-02/desc/policies/firewall_app_host_get.md @@ -0,0 +1,18 @@ +Retrieves the WAAS policy for hosts. +A policy consists of ordered rules. + +This endpoint maps to **Defend > WAAS > Host** in the Console UI. + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + 'https:///api/v/policies/firewall/app/host' +``` + +A successful response returns a list of rules in the policy. diff --git a/openapi-specs/compute/33-02/desc/policies/firewall_app_host_impacted_get.md b/openapi-specs/compute/33-02/desc/policies/firewall_app_host_impacted_get.md new file mode 100644 index 000000000..494518511 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/policies/firewall_app_host_impacted_get.md @@ -0,0 +1 @@ +Returns a list of hosts for which the firewall policy rule applies to. \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/policies/firewall_app_host_put.md b/openapi-specs/compute/33-02/desc/policies/firewall_app_host_put.md new file mode 100644 index 000000000..bb3aa36fa --- /dev/null +++ b/openapi-specs/compute/33-02/desc/policies/firewall_app_host_put.md @@ -0,0 +1,173 @@ +Updates the WAAS policy for hosts. +All rules in the policy are updated in a single shot. + +To invoke this endpoint in the Console UI: + +1. Navigate to **Defend > WAAS > Host**. +2. Click **+ Add rule** and enter the new rule information. +3. Click the **Add new app** button to move to the configuration window. +4. Configure the application with at least one endpoint, and click the **Save** button. + +Adding and maintaining rules for a WAAS app involves populating a large and complex JSON request body. +We recommend the following process: + +1. Manually define your app's policy via the Console UI as described [here](https://docs.twistlock.com/docs/compute_edition/waas/deploy_waas.html). +2. Use the **Export** button on **Defend** > **WAAS** to export the app's policy rules to a JSON file. +3. Use the exported file as a template to modify, then either import the file back in using the **Import** button, or use it as the basis for defining the rules to include in this endpoint's payload. + +### cURL Request + +Refer to the following example cURL command that overwrites all rules in your current policy with a new policy that has a single rule: + +```bash +$ curl 'https:///api/v/policies/firewall/app/host' \ + -k \ + -X PUT \ + -u \ + -H 'Content-Type: application/json' \ + -d \ +'{ + "_id":"hostAppFirewall", + "rules":[ + { + "name":"My Rule", + "notes":"My Notes 4", + "collections":[ + { + "name":"All" + } + ], + "applicationsSpec":[ + { + "banDurationMinutes":5, + "certificate":{ + "encrypted":"" + }, + "dosConfig":{ + "effect":"disable" + }, + "apiSpec":{ + "description":"test", + "endpoints":[ + { + "host":"*", + "basePath":"*", + "exposedPort":0, + "internalPort":1, + "tls":false, + "http2":false + } + ], + "effect":"disable", + "fallbackEffect":"disable" + }, + "botProtectionSpec":{ + "userDefinedBots":[ + + ], + "knownBotProtectionsSpec":{ + "searchEngineCrawlers":"disable", + "businessAnalytics":"disable", + "educational":"disable", + "news":"disable", + "financial":"disable", + "contentFeedClients":"disable", + "archiving":"disable", + "careerSearch":"disable", + "mediaSearch":"disable" + }, + "unknownBotProtectionSpec":{ + "generic":"disable", + "webAutomationTools":"disable", + "webScrapers":"disable", + "apiLibraries":"disable", + "httpLibraries":"disable", + "botImpersonation":"disable", + "browserImpersonation":"disable", + "requestAnomalies":{ + "threshold":9, + "effect":"disable" + } + }, + "sessionValidation":"disable", + "interstitialPage":false, + "jsInjectionSpec":{ + "enabled":false, + "timeoutEffect":"disable" + } + }, + "networkControls":{ + "advancedProtectionEffect":"alert", + "deniedSubnetsEffect":"alert", + "deniedCountriesEffect":"alert", + "allowedCountriesEffect":"alert" + }, + "body":{ + "inspectionSizeBytes":131072 + }, + "intelGathering":{ + "infoLeakageEffect":"disable", + "removeFingerprintsEnabled":true + }, + "maliciousUpload":{ + "effect":"disable", + "allowedFileTypes":[ + ], + "allowedExtensions":[ + ] + }, + "csrfEnabled":true, + "clickjackingEnabled":true, + "sqli":{ + "effect":"alert", + "exceptionFields":[ + ] + }, + "xss":{ + "effect":"alert", + "exceptionFields":[ + ] + }, + "attackTools":{ + "effect":"alert", + "exceptionFields":[ + ] + }, + "shellshock":{ + "effect":"alert", + "exceptionFields":[ + ] + }, + "malformedReq":{ + "effect":"alert", + "exceptionFields":[ + ] + }, + "cmdi":{ + "effect":"alert", + "exceptionFields":[ + ] + }, + "lfi":{ + "effect":"alert", + "exceptionFields":[ + ] + }, + "codeInjection":{ + "effect":"alert", + "exceptionFields":[ + ] + }, + "remoteHostForwarding":{ + } + } + ], + "expandDetails":true + } + ], + "minPort":30000, + "maxPort":31000 +}' +``` + +**Note:** No response will be returned upon successful execution. diff --git a/openapi-specs/compute/33-02/desc/policies/firewall_app_network_list_get.md b/openapi-specs/compute/33-02/desc/policies/firewall_app_network_list_get.md new file mode 100644 index 000000000..13f7fb450 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/policies/firewall_app_network_list_get.md @@ -0,0 +1,20 @@ +Retrieves a list of all WAAS network lists. +Network lists are groups or related IPv4 addresses and CIDR blocks used in WAAS policy rules. + +This endpoint is typically called as part of a process to programmatically update network lists based on new threat intelligence. +For example: add, update, or delete IP addresses. + +This endpoint maps to **Defend > WAAS > Network lists** in the Console UI. + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + 'https:///api/v/policies/firewall/app/network-list' +``` + +A successful response returns the lists of IPv4 addresses/IP CIDR blocks for networks in WAAS. diff --git a/openapi-specs/compute/33-02/desc/policies/firewall_app_network_list_id_delete.md b/openapi-specs/compute/33-02/desc/policies/firewall_app_network_list_id_delete.md new file mode 100644 index 000000000..4aba76dd8 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/policies/firewall_app_network_list_id_delete.md @@ -0,0 +1,23 @@ +Deletes an existing WAAS network list. + +This endpoint is typically called to programmatically delete a network list, based on new threat intelligence. + +To invoke this endpoint in the Console UI: + +1. Navigate to the **Defend > WAAS > Network lists** page. +2. Locate an existing list in the table to delete and click the trash icon under the **Actions** columns. +3. Click **Delete Network List** to confirm the deletion. + +### cURL Request + +Refer to the following example cURL command that deletes a new network list. + +```bash +$ curl 'https:///api/v/policies/firewall/app/network-list/{id}' \ + -k \ + -X DELETE \ + -u \ + -H 'Content-Type: application/json' +``` + +​**Note:** No response will be returned upon successful execution. diff --git a/openapi-specs/compute/33-02/desc/policies/firewall_app_network_list_post.md b/openapi-specs/compute/33-02/desc/policies/firewall_app_network_list_post.md new file mode 100644 index 000000000..0ebd39dcf --- /dev/null +++ b/openapi-specs/compute/33-02/desc/policies/firewall_app_network_list_post.md @@ -0,0 +1,31 @@ +Creates a new WAAS network list. + +This endpoint is typically called to programmatically create a list, based on new threat intelligence. + +To invoke this endpoint in the Console UI: + +1. Navigate to the **Defend > WAAS > Network lists** page. +2. Click **+ Add new network list**. +3. Enter the details for the new network list and click **Save Network List** + +### cURL Request + +Refer to the following example cURL command that adds a new network list. + +```bash +$ curl 'https:///api/v/policies/firewall/app/network-list' \ + -k \ + -X POST \ + -u \ + -H 'Content-Type: application/json' \ + -d \ +'{ + "_id":"{id}", + "subnets":[ + "192.145.2.3", + "192.167.2.2" + ] +}' +``` + +​**Note:** No response will be returned upon successful execution. diff --git a/openapi-specs/compute/33-02/desc/policies/firewall_app_network_list_put.md b/openapi-specs/compute/33-02/desc/policies/firewall_app_network_list_put.md new file mode 100644 index 000000000..68fdc558b --- /dev/null +++ b/openapi-specs/compute/33-02/desc/policies/firewall_app_network_list_put.md @@ -0,0 +1,31 @@ +Updates an existing WAAS network list. + +This endpoint is typically called to programmatically update a network list, based on new threat intelligence. + +To invoke this endpoint in the Console UI: + +1. Navigate to the **Defend > WAAS > Network lists** page. +2. Click on an existing list in the table and update the list as required. +3. Click **Update Network List** to save the changes. + +### cURL Request + +Refer to the following example cURL command that updates a network list. + +```bash +$ curl 'https:///api/v/policies/firewall/app/network-list' \ + -k \ + -X PUT \ + -u \ + -H 'Content-Type: application/json' \ + -d \ +'{ + "_id":"{id}", + "subnets":[ + "192.145.3.3", + "192.167.3.2" + ] +}' +``` + +​**Note:** No response will be returned upon successful execution. diff --git a/openapi-specs/compute/33-02/desc/policies/firewall_app_out-of-band_get.md b/openapi-specs/compute/33-02/desc/policies/firewall_app_out-of-band_get.md new file mode 100644 index 000000000..d4f72d041 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/policies/firewall_app_out-of-band_get.md @@ -0,0 +1,18 @@ +Discovers and detects the HTTP traffic for an existing WAAS out of band custom rule. +A policy consists of ordered rules. + +This endpoint maps to **Defend > WAAS > Out of band** in the Console UI. + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + 'https:///api/v/policies/firewall/app/out-of-band' +``` + +A successful response returns a list of rules in the policy. \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/policies/firewall_app_out-of-band_impacted_get.md b/openapi-specs/compute/33-02/desc/policies/firewall_app_out-of-band_impacted_get.md new file mode 100644 index 000000000..25d2c6691 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/policies/firewall_app_out-of-band_impacted_get.md @@ -0,0 +1,17 @@ +Discovers and detects the impacted resources for the HTTP traffic in an existing WAAS out of band custom rule. + +This endpoint maps to **Defend > WAAS > Out of band** in the Console UI. + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + 'https:///api/v/policies/firewall/app/out-of-band/impacted' +``` + +A successful response returns a list of impacted resources in the policy. \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/policies/firewall_app_out-of-band_put.md b/openapi-specs/compute/33-02/desc/policies/firewall_app_out-of-band_put.md new file mode 100644 index 000000000..4e8445660 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/policies/firewall_app_out-of-band_put.md @@ -0,0 +1,30 @@ +Updates or edits a WAAS custom rule for out of band traffic. +A policy consists of ordered rules. + +This endpoint maps to **Defend > WAAS > Out of band** in the Console UI. + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl 'https:///api/v/policies/firewall/app/out-of-band' \ + -k \ + -X PUT \ + -u \ + -H 'Content-Type: application/json' \ + -d \ +'{ + "rules":[ + { + "name":"my-rule", + "effect":"disable", + "collections":[ + { + "name":"All" + } + ], + } + ], +}' +``` \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/policies/firewall_app_rasp_get.md b/openapi-specs/compute/33-02/desc/policies/firewall_app_rasp_get.md new file mode 100644 index 000000000..15d481cf3 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/policies/firewall_app_rasp_get.md @@ -0,0 +1,7 @@ +Retrieves a list of all application firewall (CNAF) rules for RASP. + +``` +$ curl -k \ + -u \ + https://:8083/api/v1/policies/firewall/app/rasp +``` diff --git a/openapi-specs/compute/33-02/desc/policies/firewall_app_rasp_put.md b/openapi-specs/compute/33-02/desc/policies/firewall_app_rasp_put.md new file mode 100644 index 000000000..04ba86483 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/policies/firewall_app_rasp_put.md @@ -0,0 +1,33 @@ +Updates all application firewall (CNAF for RASP) rules in a single shot. +Updating all rules at the same time makes it possible to maintain strict ordering between rules. + +The procedure to add, edit, or remove rules is: + +1. Get all rules using the GET endpoint. + + The following curl command uses basic auth to retrieve a list of all rules, pretty-print the JSON response, and save the results to a file. + + ``` + $ curl -k \ + -u \ + https://:8083/api/v1/policies/firewall/app/rasp \ + | jq '.' > app_firewall_rules.json + ``` + +2. Modify the JSON output according to your needs. + +3. Update rules by pushing the new JSON payload. + + The following curl command installs the rules defined in your `app_firewall_rules.json` file. + Do not forget to specify the `@` symbol. + + ``` + $ curl -k \ + -u \ + -X PUT \ + -H "Content-Type:application/json" \ + https://:8083/api/v1/policies/firewall/app/rasp \ + --data-binary "@app_firewall_rules.json" + ``` + +Any previously installed rules are overwritten. diff --git a/openapi-specs/compute/33-02/desc/policies/firewall_app_serverless_get.md b/openapi-specs/compute/33-02/desc/policies/firewall_app_serverless_get.md new file mode 100644 index 000000000..d19e909f3 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/policies/firewall_app_serverless_get.md @@ -0,0 +1,16 @@ +Retrieves a list of all WAAS policy rules for serverless functions. + +This endpoint maps to **Defend > WAAS > Serverless** in the Console UI. + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + 'https:///api/v/policies/firewall/app/serverless' +``` + +A successful response returns a list of firewall rules in the policy. diff --git a/openapi-specs/compute/33-02/desc/policies/firewall_app_serverless_put.md b/openapi-specs/compute/33-02/desc/policies/firewall_app_serverless_put.md new file mode 100644 index 000000000..16ae54210 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/policies/firewall_app_serverless_put.md @@ -0,0 +1,82 @@ +Updates the WAAS policy for serverless functions. + +To invoke this endpoint in the Console UI: + +1. Navigate to the **Defend > WAAS > Serverless** page. +2. Click **+ Add rule**. +3. Enter the details for the new serverless function and click **Save** + +Adding and maintaining rules for a WAAS app involves populating a large and complex JSON request body. +We recommend the process: + +1. Manually define your app's policy via the Console UI as described [here](https://docs.twistlock.com/docs/compute_edition/waas/deploy_waas.html). +2. Use the **Export** button on **Defend** > **WAAS** to export the app's policy rules to a JSON file. +3. Use the exported file as a template to modify, then either import the file back in using the **Import** button, or use it as the basis for defining the rules to include in this endpoint's payload. + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl 'https:///api/v/policies/firewall/app/serverless' \ + -k \ + -X PUT \ + -u \ + -H 'Content-Type: application/json' \ + -d \ +'{ + "_id": "serverlessAppFirewall", + "rules": [ + { + "name": "{id}", + "previousName": "", + "collections": [ + { + "hosts": ["*"], + "images": ["*"], + "labels": ["*"], + "containers": ["*"], + "functions": ["*"], + "namespaces": ["*"], + "appIDs": ["*"], + "accountIDs": ["*"], + "codeRepos": ["*"], + "clusters": ["*"], + "name": "All" + } + ], + "applicationsSpec": [ + { + "xss": { + "effect": "alert", + "exceptionFields": [] + }, + "codeInjection": { + "effect": "alert", + "exceptionFields": [] + }, + "sqli": { + "effect": "alert", + "exceptionFields": [] + }, + "lfi": { + "effect": "alert", + "exceptionFields": [] + }, + "cmdi": { + "effect": "alert", + "exceptionFields": [] + }, + "body": { + "inspectionSizeBytes": 131072 + } + } + ] + } + ], + "minPort": 0, + "maxPort": 0 +}' +``` + +​**Note:** No response will be returned upon successful execution. diff --git a/openapi-specs/compute/33-02/desc/policies/firewall_network_container_get.md b/openapi-specs/compute/33-02/desc/policies/firewall_network_container_get.md new file mode 100644 index 000000000..3f1343b53 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/policies/firewall_network_container_get.md @@ -0,0 +1,12 @@ +Retrieves a list of all CNNS container and host rules. + +### cURL Request +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/policies/firewall/network" +``` diff --git a/openapi-specs/compute/33-02/desc/policies/firewall_network_container_put.md b/openapi-specs/compute/33-02/desc/policies/firewall_network_container_put.md new file mode 100644 index 000000000..fd9263430 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/policies/firewall_network_container_put.md @@ -0,0 +1,37 @@ +Updates all container and host CNNS rules in a single shot. +Updating all rules at the same time makes it possible to maintain strict ordering between rules. + +The procedure to add, edit, or remove rules is: + +1. Get all rules using the GET endpoint. + + ### cURL Request + Refer to the following example cURL command that retrieves a list of all rules, pretty-print the JSON response, and save the results to a file: + + ```bash + $ curl -k \ + -u \ + -X PUT \ + -H "Content-Type:application/json" \ + -o \ + "https:///api/v/policies/firewall/network/container" + ``` + +2. Modify the JSON output according to your needs. + +3. Update rules by pushing the new JSON payload. + + ### cURL Request + Refer to the following example cURL command that installs the rules defined in your `network_firewall_rules.json` file. + Do not forget to specify the `@` symbol. + + ```bash + $ curl -k \ + -u \ + -X PUT \ + -H "Content-Type:application/json" \ + --data-binary "@network_firewall_rules.json" \ + "https:///api/v/policies/firewall/network/container" + ``` + +Any previously installed rules are overwritten. diff --git a/openapi-specs/compute/33-02/desc/policies/firewall_network_entities_get.md b/openapi-specs/compute/33-02/desc/policies/firewall_network_entities_get.md new file mode 100644 index 000000000..757121f70 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/policies/firewall_network_entities_get.md @@ -0,0 +1,9 @@ +Retrieves a list of all CNNF network objects. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https:///api/v/policies/firewall/network/entities +``` diff --git a/openapi-specs/compute/33-02/desc/policies/firewall_network_entities_put.md b/openapi-specs/compute/33-02/desc/policies/firewall_network_entities_put.md new file mode 100644 index 000000000..83c023286 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/policies/firewall_network_entities_put.md @@ -0,0 +1,17 @@ +Updates the list of CNNF network objects. + +The following example curl command updates the network objects. There is an example of all three types (images,subnets, and applications ): + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X PUT \ + -d \ +'[ + {"_id":"Ubuntu","type":"container","resource":{"images":["ubuntu:latest"],"labels":["*"]}}, + {"_id":"Google DNS","type":"subnet","resource":{"labels":["*"]},"subnets":[{"name":"8.8.8.8/24","cidr":"8.8.8.8/24"}]}, + {"_id":"SSH","type":"appID","resource":{"appIDs":["ssh"]},"subnets":[]} +]' \ + https://:8083/api/v1/policies/firewall/network/entities +``` diff --git a/openapi-specs/compute/33-02/desc/policies/policies.md b/openapi-specs/compute/33-02/desc/policies/policies.md new file mode 100644 index 000000000..69768c03d --- /dev/null +++ b/openapi-specs/compute/33-02/desc/policies/policies.md @@ -0,0 +1,186 @@ +Policies are sets of ordered rules. +[Rule order](https://docs.twistlock.com/docs/latest/configure/rule_ordering_pattern_matching.html) determines how a policy is evaluated. + +You can manage your rules and policies programmatically using the policy API endpoints. + +For more information about policy endpoints, see: + +* [How to Add / Update Policy Rules](#how-to-add--update-policy-rules) +* [How to Delete Policy Rules](#how-to-delete-policy-rules) +* [How to Construct a Compliance Policy](#how-to-construct-a-compliance-policy) + + +### How to Add / Update Policy Rules + +All of the `PUT /api/vVERSION/policies/*` endpoints work similarly. + +To add, edit, or remove vulnerability rules from a policy: + +1. Retrieve the entire policy, which includes all the vulnerability rules using the `GET` endpoint. + + For example, the following cURL command uses basic auth to retrieve a list of all image vulnerability rules, pretty-prints the JSON response, and saves the results to a `vulnerability_rules.json` file. + + ```bash + $ curl -k \ + -u \ + https:///api/v1/policies/runtime/host \ + | jq '.' > vulnerability_rules.json + ``` + +2. Modify the saved JSON with the updates, including any new rule insertions. **Note:** Rule order is important. + +3. Update the rules by pushing the new JSON payload into the `PUT` endpoint. + + For example, the following cURL command installs the rules defined in your `vulnerability_rules.json` file. + + **Note:** Remember to specify the `@` symbol. + + ```bash + $ curl -k \ + -u \ + -X PUT \ + -H "Content-Type:application/json" \ + 'https:///api/v/policies/runtime/host \ + --data-binary "@vulnerability_rules.json"' + ``` + +Any previously installed rules are overwritten. + +#### Minimum Rule Parameters + +To create or update a rule, specify the following: + +* Rule name +* At least 1 collection specifying a collection name (at minimum) +* A block threshold (optional, but recommended) +* An alert threshold (optional, but recommended) + +For example, to replace all the vulnerability rules for CI image deployments: + +```bash +$ curl 'https:///api/v/policies/vulnerability/ci/images?project=' \ + -X PUT \ + -u \ + -H 'Content-Type: application/json' \ + -d \ +'{ + "rules": [ + { + "name": "", + "collections":[ + { + "name":"", + } + ], + "alertThreshold":{ + "disabled":false, + "value":4 + }, + "blockThreshold":{ + "enabled":false, + "value":0 + }, + } + ], + "policyType": "ciImagesVulnerability" +}' +``` + +**Note:** The default alert threshold of `Low` is typically too broad and not actionable. Usually you'll want to specify a threshold of `Critical` or `High`. + +##### Referencing Collections by Name + +You can reference a collection by its name when creating / updating a rule. +If the collection name exists in Console, the remaining resource fields for the collection will automatically be filled in. + +**Note:** The referenced collections *must* exist prior to creating / updating rules, or the API will not add / update your rules. + +In Console, the default collection is `All`. +`All` is a collection created by the system when the software is installed / upgraded. +When using the API, you can specify `All` as the `` to apply the default collection. + +### How to Delete Policy Rules + +In general, the policy endpoints don't have `DELETE` methods. +Use the `PUT` method to delete all rules by submitting an empty JSON object. + +For example, to delete all host runtime rules: + +``` +curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X PUT \ + -d '{}' \ + https:///api/v1/policies/runtime/host +``` + +### How to Construct a Compliance Policy + +To construct an effective rule for a compliance policy: + +1. Specify at least one "check" in the `condition.vulnerabilities` object. +A check is a security best practice or baseline setting which will be validated by the scanner. + +2. Specify an action for each check. +Prisma Cloud needs to know what to do when a check fails (for example, alert or block). + +3. In the `effect` parameter, specify the range of possible actions configured in the rule. +The value in `effect` a comma-separated list. + + For example, in a one-check rule, the effect could be `alert` or in a two-check rule, the effect could be `alert, fail`. + + See [Actions for failed checks](#actions-for-failed-checks) for more info. + +The following curl command creates a single rule compliance policy for container images scanned in the CI pipeline: + +```bash +$ curl 'https:///api/v/policies/compliance/ci/images' \ + -k \ + -X PUT \ + -u \ + -H 'Content-Type: application/json' \ + -d \ +'{ + "rules": [ + { + "name": "my-rule", + "effect": "alert", + "collections":[ + { + "name":"All" + } + ], + "condition": { + "vulnerabilities": [ + { + "id": 41, + "block": false, + "minSeverity": 1 + } + ] + } + } + ], + "policyType": "ciImagesCompliance" +}' +``` + +#### Actions for failed checks + +To configure Prisma Cloud to run a check, add the check to your rule in the `condition.vulnerabilities` object. +For each check, specify the action to take if the check fails. +Actions are set on a per-check basis in `condition.vulnerabilities[X].block`, where: + +Effect |`condition.vulnerabilities[X].block` +---|--- +`alert`|`false` +`fail`|`true` + +The `ignore` effect is set implicitly for any check *not* explicitly included in the `condition.vulnerabilities[X]` array. + +The `effect` parameter is a helper for the Console UI and has no impact on the policy itself. +However, we recommend you specify an `effect` parameter for each rule, to ensure the policy table in the Console UI renders properly. + +In the UI, these are convenience strings which enable you to quickly review the policy table and see the effect of each rule. +For example, you may want to quickly find the rule that's failing/blocking your build in the CI pipeline. diff --git a/openapi-specs/compute/33-02/desc/policies/runtime_app-embedded_get.md b/openapi-specs/compute/33-02/desc/policies/runtime_app-embedded_get.md new file mode 100755 index 000000000..fcf0ba8b9 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/policies/runtime_app-embedded_get.md @@ -0,0 +1,18 @@ +Retrieves the runtime policy for apps protected by App-Embedded Defenders. +A policy consists of ordered rules. + +This endpoint maps to **Defend > Runtime > App-Embedded policy** in the Console UI. + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + 'https:///api/v/policies/runtime/app-embedded' +``` + +A successful response returns a list of runtime rules in the policy. diff --git a/openapi-specs/compute/33-02/desc/policies/runtime_app-embedded_post.md b/openapi-specs/compute/33-02/desc/policies/runtime_app-embedded_post.md new file mode 100644 index 000000000..7b4b50ab7 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/policies/runtime_app-embedded_post.md @@ -0,0 +1,56 @@ +Adds a runtime policy for app-embedded deployments. + +This endpoint maps to the **Add rule** button in **Defend > Runtime > App-Embedded policy** in the Console UI. + +### cURL Request + +The following cURL command adds a single rule to your policy. + +```bash +$ curl 'https:///api/v/policies/runtime/app-embedded' \ + -k \ + -X POST \ + -u \ + -H 'Content-Type: application/json' \ + -d \ +'{ + "name":"my-rule", + "collections":[ + { + "name":"All" + } + ], + "processes":{ + "effect":"alert" + }, + "network":{ + "effect":"alert", + "blacklistIPs":[ + ], + "blacklistListeningPorts":[ + ], + "whitelistListeningPorts":[ + ], + "blacklistOutboundPorts":[ + ], + "whitelistOutboundPorts":[ + { + "start":4312, + "end":4555, + "deny":false + } + ], + "whitelistIPs":[ + ] + }, + "dns":{ + "effect":"prevent", + "whitelist":[ + ], + "blacklist":[ + ] + } +}' +``` + +**Note:** No response will be returned upon successful execution. diff --git a/openapi-specs/compute/33-02/desc/policies/runtime_app-embedded_put.md b/openapi-specs/compute/33-02/desc/policies/runtime_app-embedded_put.md new file mode 100644 index 000000000..e0ba70599 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/policies/runtime_app-embedded_put.md @@ -0,0 +1,40 @@ +Updates the runtime policy for app-embedded deployments. +All rules in the policy are updated in a single shot. + +This endpoint maps to the **Add rule** button in **Defend > Runtime > App-Embedded policy** in the Console UI. + +### cURL Request + +The following cURL command overwrites all rules in your current policy with a new policy that has a single rule. + +```bash +$ curl 'https:///api/v/policies/runtime/app-embedded' \ + -k \ + -X PUT \ + -u \ + -H 'Content-Type: application/json' \ + -d \ +'{ + "rules":[ + { + "name":"my-rule", + "collections":[ + { + "name":"All" + } + ], + "processes":{ + "effect":"alert" + }, + "network":{ + "effect":"alert" + }, + "dns":{ + "effect":"alert" + } + } + ] +}' +``` + +**Note:** No response will be returned upon successful execution. diff --git a/openapi-specs/compute/33-02/desc/policies/runtime_container_get.md b/openapi-specs/compute/33-02/desc/policies/runtime_container_get.md new file mode 100644 index 000000000..f1b50b727 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/policies/runtime_container_get.md @@ -0,0 +1,18 @@ +Retrieves the runtime policy for containers protected by Defender. +A policy consists of ordered rules. + +This endpoint maps to **Defend > Runtime > Container policy** in the Console UI. + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + 'https:///api/v/policies/runtime/container' +``` + +A successful response returns a list of runtime rules in the policy. diff --git a/openapi-specs/compute/33-02/desc/policies/runtime_container_impacted_get.md b/openapi-specs/compute/33-02/desc/policies/runtime_container_impacted_get.md new file mode 100644 index 000000000..195f75547 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/policies/runtime_container_impacted_get.md @@ -0,0 +1,25 @@ +Returns the impacted images based on a given rule +In the Console UI, you can see how it works by going to the **Defend > Runtime > Container policy** page and clicking the **Show** link. + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + 'https:///api/v/policies/runtime/container/impacted?ruleName={ruleName}' +``` + +For additional help with your `ruleName`: + +```bash +$ curl -k -G \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + --data-urlencode 'ruleName=Default - alert on suspicious runtime behavior' \ + 'https:///api/v/policies/runtime/container/impacted' +``` diff --git a/openapi-specs/compute/33-02/desc/policies/runtime_container_post.md b/openapi-specs/compute/33-02/desc/policies/runtime_container_post.md new file mode 100644 index 000000000..aee338386 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/policies/runtime_container_post.md @@ -0,0 +1,49 @@ +Updates the runtime policy for containers. +All rules in the policy are updated in a single shot. + +Prisma Cloud automatically builds allow-list security models for each container image in your environment. +Use runtime container rules to augment the rules in those models. +Manually defined rules augment learned models as follows: + +Policy (allowed) = Manual rules (explicitly allowed) + Model (all learned behavior) - Manual rules (explicitly denied) + +This endpoint maps to the **Add rule** button in **Defend > Runtime > Container policy** in the Console UI. + +### cURL Request + +Refer to the following example cURL command that overwrites all rules in your current policy with a new policy that has a single rule: + +```bash +$ curl 'https:///api/v/policies/runtime/container' \ + -k \ + -X PUT \ + -u \ + -H 'Content-Type: application/json' \ + -d \ +'{ + "rules":[ + { + "name":"my-rule", + "collections":[ + { + "name":"All" + } + ], + "processes":{ + "effect":"alert" + }, + "network":{ + "effect":"alert" + }, + "dns":{ + "effect":"alert" + }, + "filesystem":{ + "effect":"alert" + } + } + ] +}' +``` + +**Note:** No response will be returned upon successful execution. diff --git a/openapi-specs/compute/33-02/desc/policies/runtime_container_put.md b/openapi-specs/compute/33-02/desc/policies/runtime_container_put.md new file mode 100644 index 000000000..7d5cfc6db --- /dev/null +++ b/openapi-specs/compute/33-02/desc/policies/runtime_container_put.md @@ -0,0 +1 @@ +Sets the given runtime policy. \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/policies/runtime_host_get.md b/openapi-specs/compute/33-02/desc/policies/runtime_host_get.md new file mode 100644 index 000000000..38800596c --- /dev/null +++ b/openapi-specs/compute/33-02/desc/policies/runtime_host_get.md @@ -0,0 +1,18 @@ +Retrieves the runtime policy for hosts protected by Defender. +A policy consists of ordered rules. + +This endpoint maps to **Defend > Runtime > Host policy** in the Console UI. + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + 'https:///api/v/policies/runtime/host' +``` + +A successful response returns a list of runtime rules in the policy. diff --git a/openapi-specs/compute/33-02/desc/policies/runtime_host_post.md b/openapi-specs/compute/33-02/desc/policies/runtime_host_post.md new file mode 100644 index 000000000..fb3c78dcf --- /dev/null +++ b/openapi-specs/compute/33-02/desc/policies/runtime_host_post.md @@ -0,0 +1,41 @@ +Updates the runtime policy for hosts protected by Defender. +All rules in the policy are updated in a single shot. + +This endpoint maps to the **Add rule** button in **Defend > Runtime > Host policy** in the Console UI. + +### cURL Request + +Refer to the following example cURL command that overwrites all rules in your current policy with a new policy that has a single rule: + +```bash +$ curl 'https:///api/v/policies/runtime/host' \ + -k \ + -X PUT \ + -u \ + -H 'Content-Type: application/json' \ + -d \ +'{ + "rules":[ + { + "name":"my-rule", + "collections":[ + { + "name":"All" + } + ], + "advancedProtection":"alert", + "processes":{ + "effect":"alert" + }, + "network":{ + "effect":"disable" + }, + "dns":{ + "effect":"disable" + } + } + ] +}' +``` + +**Note:** No response will be returned upon successful execution. diff --git a/openapi-specs/compute/33-02/desc/policies/runtime_host_put.md b/openapi-specs/compute/33-02/desc/policies/runtime_host_put.md new file mode 100644 index 000000000..7bcbae945 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/policies/runtime_host_put.md @@ -0,0 +1 @@ +Sets the given host policy. \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/policies/runtime_rasp_get.md b/openapi-specs/compute/33-02/desc/policies/runtime_rasp_get.md new file mode 100644 index 000000000..5b7a76457 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/policies/runtime_rasp_get.md @@ -0,0 +1,9 @@ +Retrieves the list of rules that make up your RASP runtime policy. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https://:8083/api/v1/policies/runtime/rasp +``` diff --git a/openapi-specs/compute/33-02/desc/policies/runtime_rasp_put.md b/openapi-specs/compute/33-02/desc/policies/runtime_rasp_put.md new file mode 100644 index 000000000..bba60ba81 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/policies/runtime_rasp_put.md @@ -0,0 +1,35 @@ +Updates all RASP runtime rules in a single shot. +Updating all rules at the same time makes it possible to maintain strict ordering between rules. + +The procedure to add, edit, or remove rules is: + +1. Get all runtime rules using the GET endpoint. + + The following curl command uses basic auth to retrieve the rules, pretty-print the JSON response, and save the results to a file. + + ``` + $ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET + https://:8083/api/v1/policies/runtime/rasp \ + | jq '.' > rasp_runtime_rules.json + ``` + +2. Modify the JSON output according to your needs. + +3. Update rules by pushing the new JSON payload. + + The following curl command installs the rules defined in your `rasp_runtime_rules.json` file. + Do not forget to specify the `@` symbol. + + ``` + $ curl -k \ + -u \ + -H "Content-Type:application/json" \ + -X PUT \ + https://:8083/api/v1/policies/runtime/rasp \ + --data-binary "@rasp_runtime_rules.json" + ``` + +Any previously installed rules are overwritten. diff --git a/openapi-specs/compute/33-02/desc/policies/runtime_serverless_get.md b/openapi-specs/compute/33-02/desc/policies/runtime_serverless_get.md new file mode 100644 index 000000000..44326bbf6 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/policies/runtime_serverless_get.md @@ -0,0 +1,18 @@ +Retrieves the runtime policy for your serverless functions. +A policy consists of ordered rules. + +This endpoint maps to **Defend > Runtime > Serverless policy** in the Console UI. + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + 'https:///api/v/policies/runtime/serverless' +``` + +A successful response returns a list of runtime rules in the policy. diff --git a/openapi-specs/compute/33-02/desc/policies/runtime_serverless_post.md b/openapi-specs/compute/33-02/desc/policies/runtime_serverless_post.md new file mode 100644 index 000000000..7367d0018 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/policies/runtime_serverless_post.md @@ -0,0 +1,43 @@ +Updates the runtime policy for your serverless functions. +All rules in the policy are updated in a single shot. + +This endpoint maps to the **Add rule** button in **Defend > Runtime > Serverless policy** in the Console UI. + +### cURL Request + +Refer to the following example cURL command that overwrites all rules in your current policy with a new policy that has a single rule: + +```bash +$ curl 'https:///api/v/policies/runtime/serverless' \ + -k \ + -X PUT \ + -u \ + -H 'Content-Type: application/json' \ + -d \ +'{ + "rules":[ + { + "name":"my-rule", + "collections":[ + { + "name":"All" + } + ], + "processes":{ + "effect":"alert" + }, + "network":{ + "effect":"disable" + }, + "dns":{ + "effect":"disable" + }, + "filesystem":{ + "effect":"disable" + } + } + ] +}' +``` + +**Note:** No response will be returned upon successful execution. diff --git a/openapi-specs/compute/33-02/desc/policies/runtime_serverless_put.md b/openapi-specs/compute/33-02/desc/policies/runtime_serverless_put.md new file mode 100644 index 000000000..7bcbae945 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/policies/runtime_serverless_put.md @@ -0,0 +1 @@ +Sets the given host policy. \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/policies/secrets_get.md b/openapi-specs/compute/33-02/desc/policies/secrets_get.md new file mode 100644 index 000000000..89e6b9c0e --- /dev/null +++ b/openapi-specs/compute/33-02/desc/policies/secrets_get.md @@ -0,0 +1,10 @@ +Retrieves a list of all secrets rules. + +The following curl command uses basic auth to retrieve a list of all rules, pretty-print the JSON response, and save the results to a file. + +``` +$ curl -k \ + -u \ + -X GET \ + https://:8083/api/v1/policies/secrets +``` diff --git a/openapi-specs/compute/33-02/desc/policies/secrets_put.md b/openapi-specs/compute/33-02/desc/policies/secrets_put.md new file mode 100644 index 000000000..1e8877ca1 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/policies/secrets_put.md @@ -0,0 +1,35 @@ +Updates all secrets rules in a single shot. +Updating all rules at the same time makes it possible to maintain strict ordering between rules. + +Each rule specifies how and where specified secrets from a given store are injected into running containers. + +The procedure to add, edit, or remove secrets rules is: + +1. Get all secrets rules using the GET endpoint. + + The following curl command uses basic auth to retrieve a list of all rules, pretty-print the JSON response, and save the results to a file. + + ``` + $ curl -k \ + -u \ + https://:8083/api/v1/policies/secrets \ + | jq '.' > secrets_rules.json + ``` + +2. Modify the JSON output according to your needs. + +3. Update rules by pushing the new JSON payload. + + The following curl command installs the rules defined in your `secrets_rules.json` file. + Do not forget to specify the `@` symbol. + + ``` + $ curl -k \ + -u \ + -X PUT \ + -H "Content-Type:application/json" \ + https://:8083/api/v1/policies/secrets \ + --data-binary "@secrets_rules.json" + ``` + +Any previously installed rules are overwritten. diff --git a/openapi-specs/compute/33-02/desc/policies/trust_get.md b/openapi-specs/compute/33-02/desc/policies/trust_get.md new file mode 100644 index 000000000..8de1ba409 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/policies/trust_get.md @@ -0,0 +1,9 @@ +Retrieves the list of rules that make up your trusted images policy. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https://:8083/api/v1/policies/trust +``` diff --git a/openapi-specs/compute/33-02/desc/policies/trust_put.md b/openapi-specs/compute/33-02/desc/policies/trust_put.md new file mode 100644 index 000000000..fccd4b91e --- /dev/null +++ b/openapi-specs/compute/33-02/desc/policies/trust_put.md @@ -0,0 +1,18 @@ +Updates the list of rules that make up your trusted images policy. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X PUT \ + -d \ +'{ + "_id":"imageTrust", + "rules":[{"allowedGroups":[],"deniedGroups":[], + "effect":"alert","action":["*"], + "blockMsg":"", + "resources":{"images":["*"],"hosts":["*"],"labels":["*"]}, + "name":"My rule"}] +}' \ + https://:8083/api/v1/policies/trust +``` diff --git a/openapi-specs/compute/33-02/desc/policies/vulnerability_base_images_download.md b/openapi-specs/compute/33-02/desc/policies/vulnerability_base_images_download.md new file mode 100644 index 000000000..8de602e73 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/policies/vulnerability_base_images_download.md @@ -0,0 +1 @@ +Downloads the base images rules data to CSV. \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/policies/vulnerability_base_images_get.md b/openapi-specs/compute/33-02/desc/policies/vulnerability_base_images_get.md new file mode 100644 index 000000000..c5b249f6b --- /dev/null +++ b/openapi-specs/compute/33-02/desc/policies/vulnerability_base_images_get.md @@ -0,0 +1 @@ +Returns all the base image scopes and the list of base images digests for each of them. \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/policies/vulnerability_base_images_id_delete.md b/openapi-specs/compute/33-02/desc/policies/vulnerability_base_images_id_delete.md new file mode 100644 index 000000000..53d71c386 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/policies/vulnerability_base_images_id_delete.md @@ -0,0 +1,4 @@ +Removes all base images under a given scope. + +For the `id` path parameter to be passed correctly in the URL, it needs to be percent-encoded. Further, the percent ("%") character itself must be percent-encoded as "%25". Therefore, each forward slash ("/") character needs to be encoded as "%252F". + diff --git a/openapi-specs/compute/33-02/desc/policies/vulnerability_base_images_post.md b/openapi-specs/compute/33-02/desc/policies/vulnerability_base_images_post.md new file mode 100644 index 000000000..ca0e7cb88 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/policies/vulnerability_base_images_post.md @@ -0,0 +1 @@ +Adds the base images which match the given scope configuration. \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/policies/vulnerability_ci_images_get.md b/openapi-specs/compute/33-02/desc/policies/vulnerability_ci_images_get.md new file mode 100644 index 000000000..abc3da8fa --- /dev/null +++ b/openapi-specs/compute/33-02/desc/policies/vulnerability_ci_images_get.md @@ -0,0 +1,18 @@ +Retrieves the vulnerability policy for images scanned in your continuous integration (CI) pipeline. +A policy consists of ordered rules. + +This endpoint maps to **Defend > Vulnerabilities > Images > CI** in the Console UI. + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + 'https:///api/v/policies/vulnerability/ci/images' +``` + +A successful response returns a list of vulnerability rules in the policy. diff --git a/openapi-specs/compute/33-02/desc/policies/vulnerability_ci_images_put.md b/openapi-specs/compute/33-02/desc/policies/vulnerability_ci_images_put.md new file mode 100644 index 000000000..f6f505d37 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/policies/vulnerability_ci_images_put.md @@ -0,0 +1,49 @@ +Updates the policy for images scanned in your continuous integration (CI) pipeline. +All rules in the policy are updated in a single shot. + +The policy set in this endpoint is enforced by the scanners in the Jenkins plugin and the `twistcli` command line tool. + +This endpoint maps to the policy table in **Defend > Vulnerabilities > Images > CI** in the Console UI. + + +### cURL Request + +Refer to the following example cURL command that overwrites all rules in your current policy with a new policy that has a single rule: + +```bash +$ curl 'https:///api/v/policies/vulnerability/ci/images' \ + -X PUT \ + -u \ + -H 'Content-Type: application/json' \ + -d \ +'{ + "rules": [ + { + "name": "", + "collections":[ + { + "name":"", + } + ], + "alertThreshold":{ + "disabled":false, + "value":4 + }, + "blockThreshold":{ + "enabled":false, + "value":0 + }, + + ... + + } + ], + "policyType": "ciImagesVulnerability" + + ... + +}' +``` + +**Note:** No response will be returned upon successful execution. + diff --git a/openapi-specs/compute/33-02/desc/policies/vulnerability_ci_serverless_get.md b/openapi-specs/compute/33-02/desc/policies/vulnerability_ci_serverless_get.md new file mode 100644 index 000000000..958c86495 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/policies/vulnerability_ci_serverless_get.md @@ -0,0 +1,20 @@ +Retrieves the vulnerability policy for serverless functions scanned in your continuous integration (CI) pipeline. +A policy consists of ordered rules. + +This endpoint maps to the policy table in **Defend > Vulnerabilities > Functions > CI** in the Console UI. + + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + 'https:///api/v/policies/vulnerability/ci/serverless' +``` + +A successful response contains a list of vulnerability rules in the policy. + diff --git a/openapi-specs/compute/33-02/desc/policies/vulnerability_ci_serverless_put.md b/openapi-specs/compute/33-02/desc/policies/vulnerability_ci_serverless_put.md new file mode 100644 index 000000000..6e73d50d2 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/policies/vulnerability_ci_serverless_put.md @@ -0,0 +1,48 @@ +Updates the vulnerability policy for serverless functions scanned in your continuous integration (CI) pipeline. +All rules in the policy are updated in a single shot. + +The policy set in this endpoint is enforced by the scanners in the Jenkins plugin and the `twistcli` command line tool. + +This endpoint maps to the policy table in **Defend > Vulnerabilities > Functions > CI** in the Console UI. + + +### cURL Request + +Refer to the following example cURL command that overwrites all rules in your current policy with a new policy that has a single rule: + +```bash +$ curl 'https:///api/v/policies/vulnerability/ci/serverless' \ + -X PUT \ + -u \ + -H 'Content-Type: application/json' \ + -d \ +'{ + "rules": [ + { + "name": "", + "collections": [ + { + "name":"", + } + ], + "alertThreshold": { + "value": 1, + "disabled": false + }, + "blockThreshold": { + "value": 0, + "enabled": false + }, + + ... + + } + ], + "policyType": "ciServerlessVulnerability", + + ... + +}' +``` + +**Note:** No response will be returned upon successful execution. diff --git a/openapi-specs/compute/33-02/desc/policies/vulnerability_coderepos_get.md b/openapi-specs/compute/33-02/desc/policies/vulnerability_coderepos_get.md new file mode 100644 index 000000000..08dfed8e1 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/policies/vulnerability_coderepos_get.md @@ -0,0 +1,18 @@ +Retrieves the vulnerability policy for code repositories. +A policy consists of ordered rules. + +This endpoint maps to **Defend > Vulnerabilities > Code repositories** in the Console UI. + + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -X GET \ + 'https:///api/v/policies/vulnerability/coderepos' +``` + +A successful response returns a list of vulnerability rules in the policy. diff --git a/openapi-specs/compute/33-02/desc/policies/vulnerability_coderepos_impacted_get.md b/openapi-specs/compute/33-02/desc/policies/vulnerability_coderepos_impacted_get.md new file mode 100644 index 000000000..a401a12c4 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/policies/vulnerability_coderepos_impacted_get.md @@ -0,0 +1,19 @@ +Lists the code repositories caught by your policy on a per-rule basis. + +To see where Console invokes this endpoint: + +* In Console, go to **Defend > Vulnerabilities**. +* In the **Vulnerability rules** section, click **Show** under the **Entities in scope** column for a rule. +* The endpoint is invoked when the pop-up is displayed. + +### cURL Request + +The following cURL command returns a list of code repositories captured by ``. + +```bash +$ curl -k \ + -u \ + -X GET 'https:///api/v/policies/vulnerability/coderepos/impacted?project=&ruleName=' +``` + +A successful response contains a list of impacted repositories by a rule within the context of the policy. diff --git a/openapi-specs/compute/33-02/desc/policies/vulnerability_coderepos_put.md b/openapi-specs/compute/33-02/desc/policies/vulnerability_coderepos_put.md new file mode 100644 index 000000000..514eec136 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/policies/vulnerability_coderepos_put.md @@ -0,0 +1,47 @@ +Updates the vulnerability policy for your code repositories. +All rules in the policy are updated in a single shot. + +This endpoint maps to the policy table in **Defend > Vulnerabilities > Code repositories** in the Console UI. + + +### cURL Request + +Refer to the following example cURL command that overwrites all rules in your current policy with a new policy that has a single rule: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X PUT 'https:///api/v/policies/vulnerability/coderepos' \ + --data ' +{ + "rules":[ + { + "name":"", + "collections":[ + { + "name":"", + } + ], + "alertThreshold":{ + "disabled":false, + "value":0 + }, + "blockThreshold":{ + "enabled":false, + "value":0 + }, + + ... + + } + ], + "policyType": "codeRepoVulnerability" + + ... + +}' +``` + +**Note:** No response will be returned upon successful execution. + diff --git a/openapi-specs/compute/33-02/desc/policies/vulnerability_host_get.md b/openapi-specs/compute/33-02/desc/policies/vulnerability_host_get.md new file mode 100644 index 000000000..3b9b14b9c --- /dev/null +++ b/openapi-specs/compute/33-02/desc/policies/vulnerability_host_get.md @@ -0,0 +1,18 @@ +Retrieves the vulnerability policy for your hosts protected by Defender. +A policy consists of ordered rules. + +This endpoint maps to **Defend > Vulnerabilities > Hosts > Running hosts** in the Console UI. + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + 'https:///api/v/policies/vulnerability/host' +``` + +A successful response returns a list of vulnerability rules in the policy. diff --git a/openapi-specs/compute/33-02/desc/policies/vulnerability_host_impacted_get.md b/openapi-specs/compute/33-02/desc/policies/vulnerability_host_impacted_get.md new file mode 100644 index 000000000..346368518 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/policies/vulnerability_host_impacted_get.md @@ -0,0 +1,20 @@ +Lists the hosts ensnared by your policy on a per-rule basis. + +To see where Console invokes this endpoint: + +* In Console, go to **Defend > Vulnerabilities**. +* Select the **Hosts** tab. +* In the **Vulnerability rules** section, click **Show** under the **Entities in scope** column for a rule. +* The endpoint is invoked when the pop-up is displayed. + +### cURL Request + +The following cURL command returns a list of code repositories captured by `RULE_NAME`. + +```bash +$ curl -k \ + -u \ + -X GET 'https:///api/v/policies/vulnerability/host/impacted?project={PROJECT_NAME}&ruleName={RULE_NAME}' +``` + +A successful response contains a list of impacted hosts by a rule within the context of the policy. diff --git a/openapi-specs/compute/33-02/desc/policies/vulnerability_host_put.md b/openapi-specs/compute/33-02/desc/policies/vulnerability_host_put.md new file mode 100644 index 000000000..2311cfae4 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/policies/vulnerability_host_put.md @@ -0,0 +1,38 @@ +Updates the vulnerability policy for your hosts protected by Defender. +All rules in the policy are updated in a single shot. + +This endpoint maps to the policy table in **Defend > Vulnerabilities > Hosts > Running hosts** in the Console UI. + + +### cURL Request + +Refer to the following example cURL command that overwrites all rules in your current policy with a new policy that has a single rule: + +```bash +$ curl 'https:///api/v/policies/vulnerability/host' \ + -X PUT \ + -u \ + -H 'Content-Type: application/json' \ + -d \ +'{ + "rules":[ + { + "name":"", + "collections":[ + { + "name":"" + } + ], + "alertThreshold":{ + "disabled":false, + "value":1 + } + } + ], + "policyType":"hostVulnerability", + "_id":"hostVulnerability" +}' +``` + +**Note:** No response will be returned upon successful execution. + diff --git a/openapi-specs/compute/33-02/desc/policies/vulnerability_images_get.md b/openapi-specs/compute/33-02/desc/policies/vulnerability_images_get.md new file mode 100644 index 000000000..33581be37 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/policies/vulnerability_images_get.md @@ -0,0 +1,18 @@ +Retrieves the vulnerability policy for deployed container images. +A policy consists of ordered rules. + +This endpoint maps to the policy table in **Defend > Vulnerabilities > Images > Deployed** in the Console UI. + + +### cURL Request + +The following cURL command retrieves all rules in the policy. + +```bash +$ curl -k \ + -u \ + -X GET \ + "https:///api/v/policies/vulnerability/images?project=" +``` + +A successful response contains a list of vulnerability rules in the policy. diff --git a/openapi-specs/compute/33-02/desc/policies/vulnerability_images_impacted_get.md b/openapi-specs/compute/33-02/desc/policies/vulnerability_images_impacted_get.md new file mode 100644 index 000000000..ae1d5e396 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/policies/vulnerability_images_impacted_get.md @@ -0,0 +1,20 @@ +Lists the images caught by your policy on a per-rule basis. + +To see where Console invokes this endpoint: + +* In Console, go to **Defend > Vulnerabilities > Images > Deployed**. +* In the policy table, click **Show** under the **Entities in scope** column for a rule. +* The endpoint is invoked when the pop-up is displayed. + +### cURL Request + +The following cURL command returns a list of images caught by ``. + +```bash +$ curl -k \ + -u \ + -X GET \ + "https:///api/v/policies/vulnerability/images/impacted?project=&ruleName=" +``` + +A successful response contains a list of entities caught by a rule within the context of the policy. diff --git a/openapi-specs/compute/33-02/desc/policies/vulnerability_images_put.md b/openapi-specs/compute/33-02/desc/policies/vulnerability_images_put.md new file mode 100644 index 000000000..b3330dab7 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/policies/vulnerability_images_put.md @@ -0,0 +1,45 @@ +Updates the vulnerability policy for deployed container images. +All rules in the policy are updated in a single shot. + +This endpoint maps to the policy table in **Defend > Vulnerabilities > Images > Deployed** in the Console UI. + + +### cURL Request + +Refer to the following example cURL command that overwrites all rules in your current policy with a new policy that has a single rule: + +```bash +$ curl -k \ + -u \ + -X PUT 'https:///api/v/policies/vulnerability/images' \ + --data '{ + "rules":[ + { + "name":"", + "collections":[ + { + "name":"", + } + ], + "alertThreshold":{ + "disabled":false, + "value":4 + }, + "blockThreshold":{ + "enabled":false, + "value":0 + }, + + ... + + } + ], + "policyType": "containerVulnerability" + + ... + +}' +``` + +**Note:** No response will be returned upon successful execution. + diff --git a/openapi-specs/compute/33-02/desc/policies/vulnerability_serverless_get.md b/openapi-specs/compute/33-02/desc/policies/vulnerability_serverless_get.md new file mode 100644 index 000000000..c7a8e2ef5 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/policies/vulnerability_serverless_get.md @@ -0,0 +1,20 @@ +Retrieves the vulnerability policy for serverless functions situated in your cloud provider's infrastructure. +A policy consists of ordered rules. + +This endpoint maps to **Defend > Vulnerabilities > Functions** in the Console UI. + + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + 'https:///api/v/policies/vulnerability/serverless' +``` + +A successful response contains a list of vulnerability rules in the policy. + diff --git a/openapi-specs/compute/33-02/desc/policies/vulnerability_serverless_put.md b/openapi-specs/compute/33-02/desc/policies/vulnerability_serverless_put.md new file mode 100644 index 000000000..2b567b5b1 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/policies/vulnerability_serverless_put.md @@ -0,0 +1,36 @@ +Updates the vulnerability policy for serverless functions situated in your cloud provider's infrastructure. +All rules in the policy are updated in a single shot. + +This endpoint maps to the policy table in **Defend > Vulnerabilities > Functions** in the Console UI. + + +### cURL Request + +Refer to the following example cURL command that overwrites all rules in your current policy with a new policy that has a single rule: + +```bash +$ curl -k 'https:///api/v/policies/vulnerability/serverless' \ + -X PUT \ + -u \ + -H 'Content-Type: application/json' \ + -d \ +'{ + "rules": [ + { + "name": "", + "collections": [ + { + "name":"" + } + ], + "alertThreshold": { + "value": 1, + "disabled": false + } + } + ], + "policyType": "serverlessVulnerability" +}' +``` + +**Note:** No response will be returned upon successful execution. diff --git a/openapi-specs/compute/33-02/desc/policies/vulnerability_vms_get.md b/openapi-specs/compute/33-02/desc/policies/vulnerability_vms_get.md new file mode 100644 index 000000000..117d2cc4a --- /dev/null +++ b/openapi-specs/compute/33-02/desc/policies/vulnerability_vms_get.md @@ -0,0 +1,18 @@ +Retrieves the vulnerability policy for VM images scanned in your cloud accounts. +A policy consists of ordered rules. + +This endpoint maps to the policy table in **Defend > Vulnerabilities > Hosts > VM images** in the Console UI. + +### cURL Request + +The following cURL command retrieves all rules in the policy. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + 'https:///api/v/policies/vulnerability/vms?project=' +``` + +A successful response returns a list of vulnerability rules in the policy. diff --git a/openapi-specs/compute/33-02/desc/policies/vulnerability_vms_impacted_get.md b/openapi-specs/compute/33-02/desc/policies/vulnerability_vms_impacted_get.md new file mode 100644 index 000000000..29d9621ea --- /dev/null +++ b/openapi-specs/compute/33-02/desc/policies/vulnerability_vms_impacted_get.md @@ -0,0 +1,20 @@ +Lists the VM images caught by your policy on a per-rule basis. + +To see where Console invokes this endpoint: + +* In Console, go to **Defend > Vulnerabilities > Hosts**. +* Select the **VM images** tab. +* In the **Vulnerability rules** section, click **Show** under the **Entities in scope** column for a rule. +* The endpoint is invoked when the pop-up is displayed. + +### cURL Request + +The following cURL command returns a list of code repositories captured by ``. + +```bash +$ curl -k \ + -u \ + -X GET 'https:///api/v/policies/vulnerability/vms?project=&ruleName=' +``` + +A successful response contains a list of impacted repositories by a rule within the context of the policy. diff --git a/openapi-specs/compute/33-02/desc/policies/vulnerability_vms_put.md b/openapi-specs/compute/33-02/desc/policies/vulnerability_vms_put.md new file mode 100644 index 000000000..42df90fca --- /dev/null +++ b/openapi-specs/compute/33-02/desc/policies/vulnerability_vms_put.md @@ -0,0 +1,43 @@ +Updates the policy for VM images scanned in your cloud accounts. +All rules in the policy are updated in a single shot. + +This endpoint maps to the policy table in **Defend > Vulnerabilities > Hosts > VM images** in the Console UI. + + +### cURL Request + +The following cURL command overwrites all rules in your current policy with a new policy that has a single rule. + +```bash +$ curl 'https:///api/v/policies/vulnerability/vms?project=' \ + -X PUT \ + -u \ + -H 'Content-Type: application/json' \ + -d \ +'{ + "rules": [ + { + "name": "", + "collections":[ + { + "name":"", + } + ], + "alertThreshold":{ + "disabled":false, + "value":4 + }, + + ... + + } + ], + "policyType": "vmVulnerability" + + ... + +}' +``` + +**Note:** No response will be returned upon successful execution. + diff --git a/openapi-specs/compute/33-02/desc/profiles/app-embedded_download_get.md b/openapi-specs/compute/33-02/desc/profiles/app-embedded_download_get.md new file mode 100644 index 000000000..4b3f7ff8a --- /dev/null +++ b/openapi-specs/compute/33-02/desc/profiles/app-embedded_download_get.md @@ -0,0 +1,14 @@ +Downloads the app-embedded observations in a CSV format. + +## cURL Request + +Refer to the following example cURL command that downloads all the app-embedded runtime profiles: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + -o \ + 'https:///api/v/profiles/app-embedded/download' +``` \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/profiles/app-embedded_get.md b/openapi-specs/compute/33-02/desc/profiles/app-embedded_get.md new file mode 100644 index 000000000..f3ddb3125 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/profiles/app-embedded_get.md @@ -0,0 +1,13 @@ +Retrieves the app-embedded observations. + +## cURL Request + +Refer to the following example cURL command that lists all the app-embedded runtime: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + 'https:///api/v/profiles/app-embedded' +``` \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/profiles/container_download_get.md b/openapi-specs/compute/33-02/desc/profiles/container_download_get.md new file mode 100644 index 000000000..ad7a86101 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/profiles/container_download_get.md @@ -0,0 +1,15 @@ +Retrieves the details and state of all runtime models in CSV format. + + +## cURL Request + +Refer to the following example cURL command that downloads a complete list in CSV format: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + -o \ + https:///api/v/profiles/container/download +``` diff --git a/openapi-specs/compute/33-02/desc/profiles/container_filters_get.md b/openapi-specs/compute/33-02/desc/profiles/container_filters_get.md new file mode 100644 index 000000000..8b6122b80 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/profiles/container_filters_get.md @@ -0,0 +1,13 @@ +Returns a list of os and images from page monitor/runtime/container-models in Console. + + +Example curl command: + +```bash +$ curl -k -G \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + --data-urlencode 'image=istio/examples-bookinfo-reviews-v2:1.8.0' + https://:8083/api/v1/profiles/container/filters +``` diff --git a/openapi-specs/compute/33-02/desc/profiles/container_get.md b/openapi-specs/compute/33-02/desc/profiles/container_get.md new file mode 100644 index 000000000..cdbc24c3e --- /dev/null +++ b/openapi-specs/compute/33-02/desc/profiles/container_get.md @@ -0,0 +1,13 @@ +Retrieves the details and state of all runtime models. + +## cURL Request + +Refer to the following example cURL command that lists all runtime models in a system: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https:///api/v/profiles/container +``` diff --git a/openapi-specs/compute/33-02/desc/profiles/container_learn_post.md b/openapi-specs/compute/33-02/desc/profiles/container_learn_post.md new file mode 100644 index 000000000..5fef2e31e --- /dev/null +++ b/openapi-specs/compute/33-02/desc/profiles/container_learn_post.md @@ -0,0 +1,15 @@ +Puts all containers into learning mode. + +For more information, refer to [Learning mode](https://docs.prismacloud.io/en/classic/compute-admin-guide/runtime-defense/runtime-defense-containers#undefined) in Runtime Defense for Containers. + +## cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k -G \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + https:///api/v/profiles/container/learn +``` diff --git a/openapi-specs/compute/33-02/desc/profiles/host_download_get.md b/openapi-specs/compute/33-02/desc/profiles/host_download_get.md new file mode 100644 index 000000000..ace270a32 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/profiles/host_download_get.md @@ -0,0 +1,14 @@ +Retrieves the details and state of each host service runtime model in CSV format. + +## cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + -o \ + https:///api/v/profiles/host/download +``` diff --git a/openapi-specs/compute/33-02/desc/profiles/host_get.md b/openapi-specs/compute/33-02/desc/profiles/host_get.md new file mode 100644 index 000000000..208a24de3 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/profiles/host_get.md @@ -0,0 +1,23 @@ +Retrieves the details and state of each host service runtime model on a host-by-host basis. +The returned JSON object has the following structure: + +``` +* host1: + * service1: model + * service2: model +* host2: + * service1: model + * service3: model +``` + +## cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https:///api/v/profiles/host +``` diff --git a/openapi-specs/compute/33-02/desc/profiles/host_id_rule_get.md b/openapi-specs/compute/33-02/desc/profiles/host_id_rule_get.md new file mode 100644 index 000000000..672cb4c62 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/profiles/host_id_rule_get.md @@ -0,0 +1,18 @@ +Return the runtime rule/policy that is associated with this host. + +To get the `PROFILE_ID` for a profile: + +1. Retrieve a list of profiles using the GET method on the `/api/v1/profiles/host` endpoint. + +2. For the profile of interest, copy the value in `_id`. +This is the `PROFILE_ID`. + +The following example command uses curl and basic auth to specify the learning mode for a profile. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https://:8083/api/v1/host/container//rule +``` diff --git a/openapi-specs/compute/33-02/desc/profiles/profiles.md b/openapi-specs/compute/33-02/desc/profiles/profiles.md new file mode 100644 index 000000000..89b8f634c --- /dev/null +++ b/openapi-specs/compute/33-02/desc/profiles/profiles.md @@ -0,0 +1,3 @@ +Manage the runtime models (profiles) created for each image in your environment. +For more information about how models are used to secure you running containers, see +[Runtime defense](https://docs.twistlock.com/docs/latest/runtime_defense/runtime_defense.html). diff --git a/openapi-specs/compute/33-02/desc/profiles/service_download_get.md b/openapi-specs/compute/33-02/desc/profiles/service_download_get.md new file mode 100644 index 000000000..63dff3354 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/profiles/service_download_get.md @@ -0,0 +1,10 @@ +Retrieves the details and state of all host service runtime models in CSV format + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: text/csv' \ + -X GET \ + -o profiles-service.csv \ + https://:8083/api/v1/profiles/service/download +``` diff --git a/openapi-specs/compute/33-02/desc/profiles/service_get.md b/openapi-specs/compute/33-02/desc/profiles/service_get.md new file mode 100644 index 000000000..a4f8c348d --- /dev/null +++ b/openapi-specs/compute/33-02/desc/profiles/service_get.md @@ -0,0 +1,18 @@ +Retrieves the details and state of all host service runtime models. +The returned JSON object has the following structure: + +``` +* service1: model +* service2: model +* service3: model +``` + +Example curl command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https://:8083/api/v1/profiles/service +``` diff --git a/openapi-specs/compute/33-02/desc/profiles/service_id_learn_post.md b/openapi-specs/compute/33-02/desc/profiles/service_id_learn_post.md new file mode 100644 index 000000000..fb338b80d --- /dev/null +++ b/openapi-specs/compute/33-02/desc/profiles/service_id_learn_post.md @@ -0,0 +1,20 @@ +Specify the learning mode for a host service profile. + +To get the `PROFILE_ID` for a profile: + +1. Retrieve a list of profiles using the GET method on the `/api/v1/profiles/service` endpoint. + +2. For the profile of interest, copy the value in `_id`. +This is the `PROFILE_ID`. +The `PROFILE_ID` is typically the service's name, such as `sshd` or `ntpd`. + +The following example command uses curl and basic auth to specify the learning mode for a host service profile. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + -d '{"state":"manualLearning"}' \ + https://:8083/api/v1/profiles/container//learn +``` diff --git a/openapi-specs/compute/33-02/desc/profiles/service_learn_post.md b/openapi-specs/compute/33-02/desc/profiles/service_learn_post.md new file mode 100644 index 000000000..02a1f299e --- /dev/null +++ b/openapi-specs/compute/33-02/desc/profiles/service_learn_post.md @@ -0,0 +1,11 @@ +Specify the learning mode for all host service profiles. + +The following example command uses curl and basic auth to specify the learning mode for all host service profiles. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + https://:8083/api/v1/profiles/service/learn +``` diff --git a/openapi-specs/compute/33-02/desc/profiles/service_names_get.md b/openapi-specs/compute/33-02/desc/profiles/service_names_get.md new file mode 100644 index 000000000..7da863545 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/profiles/service_names_get.md @@ -0,0 +1,11 @@ +Retrieves the name of all host service runtime models from within the app at **Monitor > Runtime > Host-models**. + +The following example curl command uses basic auth to retrieve this data: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https://:8083/api/v1/profiles/service/names +``` diff --git a/openapi-specs/compute/33-02/desc/projects/get.md b/openapi-specs/compute/33-02/desc/projects/get.md new file mode 100644 index 000000000..05485c24c --- /dev/null +++ b/openapi-specs/compute/33-02/desc/projects/get.md @@ -0,0 +1,11 @@ +Lists all projects visible to the given user. + +Assuming the given user is an admin, the following example curl command would list all projects: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https://:8083/api/v1/projects +``` diff --git a/openapi-specs/compute/33-02/desc/projects/name_delete.md b/openapi-specs/compute/33-02/desc/projects/name_delete.md new file mode 100644 index 000000000..fba889f7e --- /dev/null +++ b/openapi-specs/compute/33-02/desc/projects/name_delete.md @@ -0,0 +1,13 @@ +Deletes a project from the system. + +The following example curl command deletes a project named ``. +The value for `` can be retrieved from the `_id` field in the response object from `GET /api/v1/projects`. + +The DELETE method returns the decommissioned supervisor's admin username and password. + +```bash +$ curl -k \ + -u \ + -X DELETE \ + https://:8083/api/v1/projects/ +``` diff --git a/openapi-specs/compute/33-02/desc/projects/name_put.md b/openapi-specs/compute/33-02/desc/projects/name_put.md new file mode 100644 index 000000000..b5a83a67d --- /dev/null +++ b/openapi-specs/compute/33-02/desc/projects/name_put.md @@ -0,0 +1,11 @@ +Updates a project. + +The following example curl command updates a project named ``. +The value for `` can be retrieved from the `_id` field in the response object from `GET /api/v1/projects`. + +```bash +$ curl -k \ + -u \ + -X PUT \ + https://:8083/api/v1/projects/ +``` diff --git a/openapi-specs/compute/33-02/desc/projects/post.md b/openapi-specs/compute/33-02/desc/projects/post.md new file mode 100644 index 000000000..8862c0fd4 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/projects/post.md @@ -0,0 +1,35 @@ +Provisions a new project. + +The following example curl command provisions a new project named `my-project`. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + -d \ +'{ + "_id":"my-project", + "type":"tenant", + "address":"https://:8083" +}' \ + https://:8083/api/v1/projects +``` + +If you have installed a new instance of Console, and you have already created an initial admin user for it, then you can specify the admin username name and password when you provision the project. + +``` +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + -d \ +'{ + "_id":"my-project", + "type":"tenant", + "address":"https://:8083", + "username":"henry", + "password":{"plain":"testing123"} +}' \ + https://:8083/api/v1/projects +``` diff --git a/openapi-specs/compute/33-02/desc/projects/projects.md b/openapi-specs/compute/33-02/desc/projects/projects.md new file mode 100644 index 000000000..7e7dcff66 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/projects/projects.md @@ -0,0 +1,59 @@ +Manage [Projects](https://docs.twistlock.com/docs/latest/deployment_patterns/projects.html). + +Before you can provision a project using this endpoint, you must designate one instance of Console as master using the `POST /api/v1/settings/projects` endpoint. + +#### Accessing the REST API of a supervisor Console + +[comment]: # (See twistlock/pkg/console/route_handler_middleware.go: function NewRouteOpt, for the list of endpoints that are proxied.) + +After enabling projects and provisioning a new project, access to the supervisor Console is proxied through Central Console. +You cannot access a supervisor's REST API directly. +All API requests to a supervisor must be made through Central Console. + +To retrieve data from a project, add the the following query parameter to your request: + +`project=` + +Where the default value for `project` is `Central+Console`. +If `project` is not specified, it is set to `Central+Console`. + +For example, to retrieve the compliance policies for a tenant project named `mobile_payments_division`, use the following curl command: + +``` +curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https://:8083/api/v1/policies/compliance?project=mobile_payments_division +``` + +Not all REST endpoints are proxied to the supervisor. +It largely depends on the project type (tenant or supervisor). +In some cases, requests cannot be proxied because management of that system is delegated to Central Console only. +Proxying a request to the right project is mostly a concern for tenant projects, which operate with their own policies and settings. + +The following user management endpoints can be accessed from Central Console only. +An administrator centrally manages all users, and specifies who has access to which projects. +These calls are handled by Central Console only. + +* `/api/v1/users` +* `/api/v1/groups` +* `/api/v1/projects` + +The following endpoints are proxied to the relevant supervisor for tenant projects only. + +* `/api/v1/policies` +* `/api/v1/trust` +* `/api/v1/settings` +* `/api/v1/collections` +* `/api/v1/feeds` + +The following endpoints are proxied to the relevant supervisor for both tenant and scale projects: + +* `/api/v1/settings/alerts` +* `/api/v1/alert-profiles` +* `/api/v1/settings/regisry` +* `/api/v1/settings/certs` +* `/api/v1/settings/secrets` +* `/api/v1/policies/secrets` + diff --git a/openapi-specs/compute/33-02/desc/radar/container_clean_post.md b/openapi-specs/compute/33-02/desc/radar/container_clean_post.md new file mode 100644 index 000000000..662b6d53f --- /dev/null +++ b/openapi-specs/compute/33-02/desc/radar/container_clean_post.md @@ -0,0 +1,9 @@ +Cleans the container runtime profiles and Radar entities. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + https://:8083/api/v1/radar/container/clean +``` diff --git a/openapi-specs/compute/33-02/desc/radar/container_delete.md b/openapi-specs/compute/33-02/desc/radar/container_delete.md new file mode 100644 index 000000000..4eabe337f --- /dev/null +++ b/openapi-specs/compute/33-02/desc/radar/container_delete.md @@ -0,0 +1,9 @@ +Deletes a learned connection between two containers. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X DELETE \ + https://:8083/api/v1/radar/container?dstProfileID=sha256:&srcProfileID=sha256: +``` diff --git a/openapi-specs/compute/33-02/desc/radar/container_export_get.md b/openapi-specs/compute/33-02/desc/radar/container_export_get.md new file mode 100644 index 000000000..7f577568f --- /dev/null +++ b/openapi-specs/compute/33-02/desc/radar/container_export_get.md @@ -0,0 +1,10 @@ +Returns the current learned connections from CNNF (for containers) in JSON format. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + -o cnnf_containers_export.json \ + https://:8083/api/v1/radar/container/export +``` diff --git a/openapi-specs/compute/33-02/desc/radar/container_filters_get.md b/openapi-specs/compute/33-02/desc/radar/container_filters_get.md new file mode 100644 index 000000000..f66463da1 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/radar/container_filters_get.md @@ -0,0 +1,9 @@ +Returns the namespaces from the container view on the Radar page. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https://:8083/api/v1/radar/container/filters +``` diff --git a/openapi-specs/compute/33-02/desc/radar/container_get.md b/openapi-specs/compute/33-02/desc/radar/container_get.md new file mode 100644 index 000000000..280d683d9 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/radar/container_get.md @@ -0,0 +1,9 @@ +Returns data from Console's Radar page (container view). + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https://:8083/api/v1/radar/container +``` diff --git a/openapi-specs/compute/33-02/desc/radar/host_delete.md b/openapi-specs/compute/33-02/desc/radar/host_delete.md new file mode 100644 index 000000000..738fa7a7c --- /dev/null +++ b/openapi-specs/compute/33-02/desc/radar/host_delete.md @@ -0,0 +1,9 @@ +Deletes a learned connection between two apps in CNNF for hosts. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X DELETE \ + https://:8083/api/v1/radar/host?dstProfileID=&srcProfileID= +``` diff --git a/openapi-specs/compute/33-02/desc/radar/host_export_get.md b/openapi-specs/compute/33-02/desc/radar/host_export_get.md new file mode 100644 index 000000000..dd91b5335 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/radar/host_export_get.md @@ -0,0 +1,10 @@ +Returns the current learned connections from CNNF (for hosts) in JSON format. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + -o \ + https://:8083/api/v1/radar/host/export +``` diff --git a/openapi-specs/compute/33-02/desc/radar/host_get.md b/openapi-specs/compute/33-02/desc/radar/host_get.md new file mode 100644 index 000000000..a12025856 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/radar/host_get.md @@ -0,0 +1,9 @@ +Returns data from Console's Radar page (host view). + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https://:8083/api/v1/radar/host +``` diff --git a/openapi-specs/compute/33-02/desc/radar/radar.md b/openapi-specs/compute/33-02/desc/radar/radar.md new file mode 100644 index 000000000..516a55fca --- /dev/null +++ b/openapi-specs/compute/33-02/desc/radar/radar.md @@ -0,0 +1,2 @@ +Radar is the primary interface for visualizing your environment. +It is designed to let you navigate through all the data Prisma Cloud Compute has collected about your environment. diff --git a/openapi-specs/compute/33-02/desc/radar/serverless_get.md b/openapi-specs/compute/33-02/desc/radar/serverless_get.md new file mode 100644 index 000000000..b2f329149 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/radar/serverless_get.md @@ -0,0 +1,9 @@ +Returns data from Console's Radar page (serverless view). + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https://:8083/api/v1/radar/serverless +``` diff --git a/openapi-specs/compute/33-02/desc/radar/serverless_progress_get.md b/openapi-specs/compute/33-02/desc/radar/serverless_progress_get.md new file mode 100644 index 000000000..a11c1ae20 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/radar/serverless_progress_get.md @@ -0,0 +1,25 @@ +Returns the scan progress from Console's Radar page (serverless view). + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https://:8083/api/v1/radar/serverless/progress +``` + +Example of the return data: + +```json +[ + { + "hostname": "", + "id": "", + "type": "serverlessRadar", + "discovery": false, + "total": 1, + "scanned": 1, + "title": "" + } +] +``` diff --git a/openapi-specs/compute/33-02/desc/radar/serverless_scan_post.md b/openapi-specs/compute/33-02/desc/radar/serverless_scan_post.md new file mode 100644 index 000000000..0d519ba88 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/radar/serverless_scan_post.md @@ -0,0 +1,10 @@ +Initiates a serverless scan of your environments. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + https://:8083/api/v1/radar/serverless/scan +``` + diff --git a/openapi-specs/compute/33-02/desc/radar/serverless_stop_post.md b/openapi-specs/compute/33-02/desc/radar/serverless_stop_post.md new file mode 100644 index 000000000..5c0bdf186 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/radar/serverless_stop_post.md @@ -0,0 +1,9 @@ +Stops an in-progress serverless scan. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + https://:8083/api/v1/radar/serverless/stop +``` diff --git a/openapi-specs/compute/33-02/desc/rbac/rbac.md b/openapi-specs/compute/33-02/desc/rbac/rbac.md new file mode 100644 index 000000000..576735876 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/rbac/rbac.md @@ -0,0 +1,3 @@ +Administrative endpoint to create and manage roles for RBAC. + +Roles management with these endpoints is supported for Compute Edition (self-hosted) only. diff --git a/openapi-specs/compute/33-02/desc/rbac/role_delete.md b/openapi-specs/compute/33-02/desc/rbac/role_delete.md new file mode 100644 index 000000000..87015b6e8 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/rbac/role_delete.md @@ -0,0 +1,12 @@ +This endpoint will delete a specific role by its name from page **Manage > Authentication > Roles** +System roles and roles assigned to users/groups cannot be deleted. + +The following example curl command uses basic auth to delete role: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X DELETE \ + https://:8083/api/v1/roles/ +``` diff --git a/openapi-specs/compute/33-02/desc/rbac/roles_get.md b/openapi-specs/compute/33-02/desc/rbac/roles_get.md new file mode 100644 index 000000000..4cd1d9bc7 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/rbac/roles_get.md @@ -0,0 +1,11 @@ +This endpoint will return a list in JSON format of the roles can be found under Manage > Authentication > Roles + +The following example curl command uses basic auth to return: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https://:8083/api/v1/rbac/roles +``` diff --git a/openapi-specs/compute/33-02/desc/rbac/roles_post.md b/openapi-specs/compute/33-02/desc/rbac/roles_post.md new file mode 100644 index 000000000..1f20772ce --- /dev/null +++ b/openapi-specs/compute/33-02/desc/rbac/roles_post.md @@ -0,0 +1,46 @@ +Adds a new custom role to the system. This endpoint accepts one role at a time. + +Create role.json file (example) +The added role must contain the "user" permission with read-write access. This permission contains basic API routes required for every authenticated user. + +``` +[ + { + "perms": [ + { + "name": "monitorCI", + "readWrite": true + }, + { + "name": "downloads", + "readWrite": false + }, + { + "name": "accessUI", + "readWrite": false + }, + { + "name": "uIEventSubscriber", + "readWrite": false + }, + { + "name": "user", + "readWrite": true + } + ], + "name": "runtime manager", + "description": "runtime manager" + } +] +``` + +The following example curl command uses basic auth to create the role: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + --binary-data @role.json \ + https://:8083/api/v1/roles +``` diff --git a/openapi-specs/compute/33-02/desc/rbac/roles_put.md b/openapi-specs/compute/33-02/desc/rbac/roles_put.md new file mode 100644 index 000000000..34d7b41a7 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/rbac/roles_put.md @@ -0,0 +1,47 @@ +Updates a single role by its name. This endpoint accepts one role at a time, and overrides its entire permissions set. +System role cannot be updated. + +Create role.json file (example) +The updated role must contain the "user" permission with read-write access. This permission contains basic API routes required for every authenticated user. + +``` +[ + { + "perms": [ + { + "name": "monitorCI", + "readWrite": true + }, + { + "name": "downloads", + "readWrite": false + }, + { + "name": "accessUI", + "readWrite": false + }, + { + "name": "uIEventSubscriber", + "readWrite": false + }, + { + "name": "user", + "readWrite": true + } + ], + "name": "runtime manager", + "description": "runtime manager" + } +] +``` + +The following example curl command uses basic auth to update the role: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X PUT \ + --binary-data @role.json \ + https://:8083/api/v1/roles +``` diff --git a/openapi-specs/compute/33-02/desc/recovery/backup_get.md b/openapi-specs/compute/33-02/desc/recovery/backup_get.md new file mode 100644 index 000000000..4da46f356 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/recovery/backup_get.md @@ -0,0 +1,11 @@ +Returns a list of available backups. + +Example curl command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https://:8083/api/v1/recovery/backup +``` diff --git a/openapi-specs/compute/33-02/desc/recovery/backup_id_delete.md b/openapi-specs/compute/33-02/desc/recovery/backup_id_delete.md new file mode 100644 index 000000000..ae9c33e90 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/recovery/backup_id_delete.md @@ -0,0 +1,13 @@ +Deletes a given backup by name. + +`{file_name_of_backup} = {backup_name}-18.11.128-1551386737.tar.gz` + +Example curl command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X DELETE \ + https://:8083/api/v1/recovery/backup/{file_name_of_backup} +``` diff --git a/openapi-specs/compute/33-02/desc/recovery/backup_id_patch.md b/openapi-specs/compute/33-02/desc/recovery/backup_id_patch.md new file mode 100644 index 000000000..4a78cd67d --- /dev/null +++ b/openapi-specs/compute/33-02/desc/recovery/backup_id_patch.md @@ -0,0 +1,14 @@ +Deletes a given backup by name. + +`{file_name_of_backup} = {backup_name}-18.11.128-1551386737.tar.gz` + +Example curl command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X PATCH \ + -d '"{new_name}"' + https://:8083/api/v1/recovery/backup/{file_name_of_backup} +``` diff --git a/openapi-specs/compute/33-02/desc/recovery/backup_post.md b/openapi-specs/compute/33-02/desc/recovery/backup_post.md new file mode 100644 index 000000000..f45161712 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/recovery/backup_post.md @@ -0,0 +1,12 @@ +Creates a backup named `backup_name` by invoking the MongoDB dump process. + +Example curl command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + -d "{backup_name}" \ + https://:8083/api/v1/recovery/backup +``` diff --git a/openapi-specs/compute/33-02/desc/recovery/recovery.md b/openapi-specs/compute/33-02/desc/recovery/recovery.md new file mode 100644 index 000000000..69c3a521c --- /dev/null +++ b/openapi-specs/compute/33-02/desc/recovery/recovery.md @@ -0,0 +1,4 @@ +Back up and restore Prisma Cloud Compute data. +Prisma Cloud Compute automatically backs up all data and configuration files periodically. +You can view all backups, make new backups, and restore specific backups from the Console UI or API. +You can also restore specific backups using the twistcli command line utility. diff --git a/openapi-specs/compute/33-02/desc/recovery/restore_id_post.md b/openapi-specs/compute/33-02/desc/recovery/restore_id_post.md new file mode 100644 index 000000000..850fceeaa --- /dev/null +++ b/openapi-specs/compute/33-02/desc/recovery/restore_id_post.md @@ -0,0 +1,13 @@ +Restores Prisma Cloud Compute from the given backup. + +`{file_name_of_backup} = {backup_name}-18.11.128-1551386737.tar.gz` + +Example curl command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + https://:8083/api/v1/recovery/restore/{file_name_of_backup} +``` diff --git a/openapi-specs/compute/33-02/desc/registry/download_get.md b/openapi-specs/compute/33-02/desc/registry/download_get.md new file mode 100644 index 000000000..5a3eb0141 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/registry/download_get.md @@ -0,0 +1,18 @@ +Downloads registry image scan reports in CSV format. + +This endpoint maps to the CSV hyperlink in **Monitor > Compliance > Images > Registries** in the Console UI. + +### cURL Request + +Refer to the following cURL command that generates a CSV file containing the scan reports: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/registry/download" \ + > registry_report.csv +``` + +A successful response displays the status of the download. diff --git a/openapi-specs/compute/33-02/desc/registry/get.md b/openapi-specs/compute/33-02/desc/registry/get.md new file mode 100644 index 000000000..e8b87080e --- /dev/null +++ b/openapi-specs/compute/33-02/desc/registry/get.md @@ -0,0 +1,64 @@ +Retrieves registry image scan reports. + +This endpoint maps to **Monitor > Compliance > Images > Registries** in the Console UI. + +Consider the following available options to retrieve when you use the `fields` query parameter: +- labels +- repoTag.repo +- repoTag.registry +- clusters +- hosts +- repoTag.tag + +> **Note:** + * In the Console UI, the images can be found in **Monitor > Vulnerabilities > Images > Registries**. + * The API rate limit for this endpoint is 30 requests per 30 seconds. You get an HTTP error response 429 if the limit exceeds. + * The query parameters `issueType` is not supported for this API endpoint. + + +### cURL Request + +Refer to the following cURL command that retrieves a scan report for all images in the registry: + +``` +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/registry" +``` + +The compact query can be used to get a general overview of the number of Vulnerabilities and Compliance issue counts rather than listing all the CVEs and compliance violations. + +Refer to the following cURL command that retrieves a compact scan report for the Ubuntu image in the registry: + +``` +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/registry?name=https:///ubuntu:latest&compact=true" +``` +The name query is synonymous with the filter registry text field in the Console UI. + +Refer to the following cURL that retrieves the scan report for the image in the registry with the matching **sha256** hash: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/registry?imageID=sha256:d461f1845c43105d7d686a9cfca9d73b0272b1dcd0381bf105276c978cb02832" +``` + +Refer to the following cURL command that retrieves the images in the first 10 registries: + +``` +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/registry?limit=10&offset=0&reverse=false" +``` + +A successful response returns the registry scan reports in alphabetical order. diff --git a/openapi-specs/compute/33-02/desc/registry/get_registry_progress.md b/openapi-specs/compute/33-02/desc/registry/get_registry_progress.md new file mode 100644 index 000000000..ddc319c1b --- /dev/null +++ b/openapi-specs/compute/33-02/desc/registry/get_registry_progress.md @@ -0,0 +1,101 @@ +Shows the progress of an ongoing regular or on-demand registry scan. +By default, the API endpoint displays the progress of a regular scan. + +## View regular registry scan progress +For a regular scan, use the API path only without any query parameters. + +> **Note:** The `hostname` and `scanTime` fields will not be populated for `discovery` and `imageScan` parameters in the API response. + +### cURL Request + +Refer to the following example cURL request that retrieves the ongoing scan details for a regular registry scan: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/registry/progress" +``` +### cURL Response + +Refer to the following example cURL response: + +```bash +[ + { + "discovery": { + "id": "", + "type": "", + "discovery": false, + "total": 4, + "scanned": 2, + "title": "Step 1/2 discovering tags in registry us-west2-docker.pkg.dev: Discovered tags in 2/4 repositories with 1 Defenders" + }, + "imageScan": { + "id": "", + "type": "", + "discovery": false, + "total": 2, + "scanned": 0, + "title": "Step 2/2 scanning images in registry us-west2-docker.pkg.dev: Scanned 0/2 images with 1 Defender" + }, + "isScanOngoing": true + "specScanStartTime": "0001-01-01T00:00:00Z" + } +] +``` +## View on-demand registry scan progress + +For an on-demand scan that is started using the `/registry/scan` endpoint with the following fields: + +- onDemand: (Mandatory) Set the parameter to `true`. +- repo: (Mandatory) Specify the repository name. +- tag: Specify the image tag (alias of image ID). +- digest: Specify the image digest identifier. + +> **Note:** You must specify either `tag` or `digest` along with the mandatory parameters `onDemand` and `repo` to view the progress. + +### cURL Request + +Refer to the following example cURL request that retrieves the ongoing scan details for an on-demand registry scan that is started using the `/registry/scan` endpoint for the repository `alpine` with tag `3.16`: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/registry/progress?onDemand=true&repo=library/alpine&tag=3.16" +``` +### cURL Response + +Refer to the following example cURL response: + +```bash +[ + { + "discovery": { + "id": "", + "type": "", + "discovery": false, + "total": 1, + "scanned": 1, + "title": "Step 1/2 discovering tags in repository: library/alpine, tag: 3.16" + }, + "imageScan": { + "id": "", + "type": "", + "discovery": false, + "total": 1, + "scanned": 1, + "title": "Step 2/2 scanning images in repository: library/alpine, tag: 3.16" + }, + "isScanOngoing": false + "specScanStartTime": "0001-01-01T00:00:00Z" + } +] +``` + +> **Important:** +- If you use on-demand scan related parameters such as `registry`, `repo`, or `tag` but set the query parameter `onDemand` to `false`, you'll get a bad request error (400). +- If an on-demand scan was completed and you get the progress response for that scan (i.e. "isScanOngoing": false), the next progress response for that image will be an empty list: `[]`, until you initiate another on-demand scan for that image. \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/registry/names_get.md b/openapi-specs/compute/33-02/desc/registry/names_get.md new file mode 100644 index 000000000..6933a570c --- /dev/null +++ b/openapi-specs/compute/33-02/desc/registry/names_get.md @@ -0,0 +1,15 @@ +Retrieves a list of image names from current scanned registry images. The base `/api/v1/registry` endpoint takes repositories listed in this response as the `names` query. + +_**Note:**_ The query parameters `issueType` is not supported for this API endpoint. + +## cURL Request + +Refer to the following example cURL command that retrieves a list of image names from your scanned registry images: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https:///api/v/registry/names +``` diff --git a/openapi-specs/compute/33-02/desc/registry/registry.md b/openapi-specs/compute/33-02/desc/registry/registry.md new file mode 100644 index 000000000..41184e2ef --- /dev/null +++ b/openapi-specs/compute/33-02/desc/registry/registry.md @@ -0,0 +1 @@ +Scan reports for images in your registry. diff --git a/openapi-specs/compute/33-02/desc/registry/scan_post.md b/openapi-specs/compute/33-02/desc/registry/scan_post.md new file mode 100644 index 000000000..ce7e19533 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/registry/scan_post.md @@ -0,0 +1,61 @@ +Triggers a new scan for all images when a new image is added to the registry or a new scan for an individual image. + +You can use the scanning feature in the following ways: + +## Regular scan +This feature allows you to trigger a new scan immediately for all the images when a new image is added to the registry or trigger a scan for an individual image. + +Consider the following points for a regular scan: + +* You cannot make multiple parallel scan requests with a regular scan. +* You either need to stop the on-going scan using the `api/vVERSION/registry/stop` or wait for the on-going scan to finish. +For information on stopping a regular scan, see [Stop Registry Scan](https://prisma.pan.dev/api/cloud/cwpp/registry#operation/post-registry-stop) +* You can view the scan result or response for all the images by using the `api/vVERSION/registry` API endpoint. +For information on scan result, see [Get Registry Scan Report](https://prisma.pan.dev/api/cloud/cwpp/registry#operation/get-registry) + +### cURL Request +Refer to the following example cURL command that forces Prisma Cloud Compute to rescan all registry images: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + https:///api/v/registry/scan +``` + +Refer to the following example cURL command that forces Prisma Cloud Compute to re-scan a specific image: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + -d '{"tag":{"registry":"","repo":"","tag":"","digest":""}}'\ + https:///api/v/registry/scan +``` + +## On-demand scan +This feature allows you to trigger a new scan immediately for an individual image and not wait for the next periodic scan. + +**Note**: For an on-demand scan, you must pre-define the image registry scope in the registry scanning configuration. + +Consider the following points for an on-demand scan: + +* You can trigger multiple on-demand image scans without interrupting the main registry scanning process. +* You cannot stop a running on-demand scan, you can only initiate a new parallel scan. +* You can view the on-demand scan result or response by using query parameter `name` that specifies the full image name in the `api/vVERSION/registry` API endpoint. +For information on scan result, see [Get Registry Scan Report](https://pan.dev/prisma-cloud/api/cwpp/get-registry/) + + +### cURL Request +Refer to the following example cURL command to trigger an on-demand scan for an image: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + -d '{“onDemandScan”:true,“tag”:{“registry” :“”,“repo”:“”,“digest”:“”}}' \ + "https:///api/v/registry/scan" +``` diff --git a/openapi-specs/compute/33-02/desc/registry/scan_select_post.md b/openapi-specs/compute/33-02/desc/registry/scan_select_post.md new file mode 100644 index 000000000..c88b28df6 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/registry/scan_select_post.md @@ -0,0 +1 @@ +Sends a registry scan request to all registry scanner defenders \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/registry/stop_id_post.md b/openapi-specs/compute/33-02/desc/registry/stop_id_post.md new file mode 100644 index 000000000..72d4cf6e9 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/registry/stop_id_post.md @@ -0,0 +1 @@ +Stops the specific spec's scan or removes it from the queue \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/registry/stop_post.md b/openapi-specs/compute/33-02/desc/registry/stop_post.md new file mode 100644 index 000000000..29e103ac1 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/registry/stop_post.md @@ -0,0 +1,13 @@ +Stops current registry scan immediately. + +## cURL Request + +Refer to the following example cURL command that forces Prisma Cloud Compute to stop scanning all registry images: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + https:///api/v/registry/stop +``` diff --git a/openapi-specs/compute/33-02/desc/registry/webhook_webhook_delete.md b/openapi-specs/compute/33-02/desc/registry/webhook_webhook_delete.md new file mode 100644 index 000000000..438e124ed --- /dev/null +++ b/openapi-specs/compute/33-02/desc/registry/webhook_webhook_delete.md @@ -0,0 +1,3 @@ +Listens for registry updates. + +Although this endpoint is supported, no backwards compatibility is offered for it. diff --git a/openapi-specs/compute/33-02/desc/registry/webhook_webhook_post.md b/openapi-specs/compute/33-02/desc/registry/webhook_webhook_post.md new file mode 100644 index 000000000..438e124ed --- /dev/null +++ b/openapi-specs/compute/33-02/desc/registry/webhook_webhook_post.md @@ -0,0 +1,3 @@ +Listens for registry updates. + +Although this endpoint is supported, no backwards compatibility is offered for it. diff --git a/openapi-specs/compute/33-02/desc/sandbox/post.md b/openapi-specs/compute/33-02/desc/sandbox/post.md new file mode 100644 index 000000000..2edd7eef3 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/sandbox/post.md @@ -0,0 +1 @@ +Adds a sandbox scan result, the scan is augmented with geolocation data and returned to the client \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/sandbox/sandbox.md b/openapi-specs/compute/33-02/desc/sandbox/sandbox.md new file mode 100644 index 000000000..e69de29bb diff --git a/openapi-specs/compute/33-02/desc/sbom/download_ci_images_get.md b/openapi-specs/compute/33-02/desc/sbom/download_ci_images_get.md new file mode 100644 index 000000000..333675335 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/sbom/download_ci_images_get.md @@ -0,0 +1 @@ +Downloads SBOM file for CI images according to the given options. \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/sbom/download_cli_serverless_get.md b/openapi-specs/compute/33-02/desc/sbom/download_cli_serverless_get.md new file mode 100644 index 000000000..78c64ed30 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/sbom/download_cli_serverless_get.md @@ -0,0 +1 @@ +Downloads SBOM file for CLI serverless according to the given options. diff --git a/openapi-specs/compute/33-02/desc/sbom/download_hosts_get.md b/openapi-specs/compute/33-02/desc/sbom/download_hosts_get.md new file mode 100644 index 000000000..248852739 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/sbom/download_hosts_get.md @@ -0,0 +1 @@ +Downloads SBOM file for hosts according to the given options. \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/sbom/download_images_get.md b/openapi-specs/compute/33-02/desc/sbom/download_images_get.md new file mode 100644 index 000000000..9b1f588de --- /dev/null +++ b/openapi-specs/compute/33-02/desc/sbom/download_images_get.md @@ -0,0 +1 @@ +Downloads SBOM file for images according to the given options. diff --git a/openapi-specs/compute/33-02/desc/sbom/download_registry_get.md b/openapi-specs/compute/33-02/desc/sbom/download_registry_get.md new file mode 100644 index 000000000..2b50c4e50 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/sbom/download_registry_get.md @@ -0,0 +1 @@ +Downloads SBOM file for registries according to the given options. \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/sbom/download_serverless_get.md b/openapi-specs/compute/33-02/desc/sbom/download_serverless_get.md new file mode 100644 index 000000000..53d4014f1 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/sbom/download_serverless_get.md @@ -0,0 +1 @@ +Downloads SBOM file for serverless according to the given options. \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/sbom/download_vms_get.md b/openapi-specs/compute/33-02/desc/sbom/download_vms_get.md new file mode 100644 index 000000000..d9488e475 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/sbom/download_vms_get.md @@ -0,0 +1 @@ +Downloads SBOM file for vms according to the given options. \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/sbom/sbom_intro.md b/openapi-specs/compute/33-02/desc/sbom/sbom_intro.md new file mode 100644 index 000000000..f67b0b685 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/sbom/sbom_intro.md @@ -0,0 +1 @@ +These endpoints enable you to download the Software Bill of Materials (SBOM) \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/scans/download_get.md b/openapi-specs/compute/33-02/desc/scans/download_get.md new file mode 100644 index 000000000..61a0ccc2d --- /dev/null +++ b/openapi-specs/compute/33-02/desc/scans/download_get.md @@ -0,0 +1,18 @@ +Downloads all scan reports from the Jenkins plugin and twistcli in CSV format. + +This endpoint maps to the CSV hyperlink in **Monitor > Vulnerabilities > Images > CI** in the Console UI. + +### cURL Request + +The following cURL command retrieves and saves your Jenkins and twistcli scan reports to a CSV file called `scans_report.csv`: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https:///api/v/scans/download \ + > scans_report.csv +``` + +A successful response displays the status of the download. diff --git a/openapi-specs/compute/33-02/desc/scans/filter_get.md b/openapi-specs/compute/33-02/desc/scans/filter_get.md new file mode 100644 index 000000000..58550ad35 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/scans/filter_get.md @@ -0,0 +1,11 @@ +Retrieves the list of Jenkins projects that have been scanned by the Jenkins plugin. Each project in the `jobName` array can be used to query the base `api/v1/scans` endpoint to retrieve only scan reports in that Jenkins project. + +The following example curl command uses basic auth to retrieve the list of Jenkins project names: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https://:8083/api/v1/scans/filters +``` diff --git a/openapi-specs/compute/33-02/desc/scans/get.md b/openapi-specs/compute/33-02/desc/scans/get.md new file mode 100644 index 000000000..e28506972 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/scans/get.md @@ -0,0 +1,33 @@ +Retrieves all scan reports for images scanned by the Jenkins plugin or twistcli. + +This endpoint maps to **Monitor > Vulnerabilities > Images > CI** in the Console UI. + +> _**Note:**_ + * The query parameters `issueType` is not supported for this API endpoint. + * The API rate limit for this endpoint is 30 requests per 30 seconds.You get an HTTP error response 429 if the limit exceeds. + +### cURL Request + +Refer to the following example cURL command that retrieves the scan reports for all images scanned using the Jenkins CI plugin or the twistcli tool: + +``` +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https:///api/v/scans +``` + +To get the report of a specific scan, add query parameters to narrow the scope of the request. + +The following cURL command retrieves the scan report for an image with a SHA256 ID of `sha256:f756e84300d8e53006090573dd33abe5b8cfac3e42d104fc4be37f435fe512f3`. + +``` +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + 'https:///api/v/scans?imageID=sha256:f756e84300d8e53006090573dd33abe5b8cfac3e42d104fc4be37f435fe512f3' +``` + +A successful response returns the scan reports. diff --git a/openapi-specs/compute/33-02/desc/scans/id_get.md b/openapi-specs/compute/33-02/desc/scans/id_get.md new file mode 100644 index 000000000..7a342ef60 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/scans/id_get.md @@ -0,0 +1,11 @@ +Retrieves all scan reports for images scanned by the Jenkins plugin or twistcli tool for a specific image with an given `id`. The `id` is `_id` value returned in the base `/api/v1/scans` request. + +The following example curl command uses basic auth to retrieve the scan report for just an image with a SHA256 ID of `5c3385fd2e76c5c16124c077`. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/scans/5c3385fd2e76c5c16124c077" +``` \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/scans/post.md b/openapi-specs/compute/33-02/desc/scans/post.md new file mode 100644 index 000000000..12fbe6a93 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/scans/post.md @@ -0,0 +1 @@ +Adds a CLI scan result \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/scans/scans.md b/openapi-specs/compute/33-02/desc/scans/scans.md new file mode 100644 index 000000000..ff3285bba --- /dev/null +++ b/openapi-specs/compute/33-02/desc/scans/scans.md @@ -0,0 +1 @@ +Retrieve Jenkins and twistcli scan reports. diff --git a/openapi-specs/compute/33-02/desc/scans/sonatype_post.md b/openapi-specs/compute/33-02/desc/scans/sonatype_post.md new file mode 100644 index 000000000..e69de29bb diff --git a/openapi-specs/compute/33-02/desc/scans/vms_post.md b/openapi-specs/compute/33-02/desc/scans/vms_post.md new file mode 100644 index 000000000..291393b44 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/scans/vms_post.md @@ -0,0 +1 @@ +Saves a single VM image scan result. diff --git a/openapi-specs/compute/33-02/desc/scripts/console_sh_get.md b/openapi-specs/compute/33-02/desc/scripts/console_sh_get.md new file mode 100644 index 000000000..d8f02038f --- /dev/null +++ b/openapi-specs/compute/33-02/desc/scripts/console_sh_get.md @@ -0,0 +1,20 @@ +Download the Console set up script for Linux hosts. + +Only users that have a user role of Defender Manager or higher (Operator and Administrator) are permitted to download this file. +For more information about each supported role, see +[User roles](https://docs.twistlock.com/docs/latest/access_control/user_roles.html). + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + -o console.sh \ + https://:8083/api/v1/scripts/console.sh +``` + +The script must be made executable before it can run: + +```bash +$ chmod +x console.sh +``` diff --git a/openapi-specs/compute/33-02/desc/scripts/defender_ps1_get.md b/openapi-specs/compute/33-02/desc/scripts/defender_ps1_get.md new file mode 100644 index 000000000..a47616983 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/scripts/defender_ps1_get.md @@ -0,0 +1,17 @@ +Download the Defender set up script for Windows hosts. + +Only users that have a user role of Defender Manager or higher (Operator and Administrator) are permitted to download this file. +For more information about each supported role, see +[User roles](https://docs.twistlock.com/docs/latest/access_control/user_roles.html). + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + -o defender.ps1 \ + https://:8083/api/v1/scripts/defender.ps1 +``` + +NOTE: The downloaded script takes a number of parameters to control how Defender is installed. +To see the default parameters, open Console, go to **Manage > Defenders > Deploy**, and examine how the script is configured based on the options you select. diff --git a/openapi-specs/compute/33-02/desc/scripts/defender_sh_get.md b/openapi-specs/compute/33-02/desc/scripts/defender_sh_get.md new file mode 100644 index 000000000..98ad6cf62 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/scripts/defender_sh_get.md @@ -0,0 +1,23 @@ +Download the Defender set up script for Linux hosts. + +Only users that have a user role of Defender Manager or higher (Operator and Administrator) are permitted to download this file. +For more information about each supported role, see +[User roles](https://docs.twistlock.com/docs/latest/access_control/user_roles.html). + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + -o defender.sh \ + https://:8083/api/v1/scripts/defender.sh +``` + +The script must be made executable before it can run: + +```bash +$ chmod +x defender.sh +``` + +NOTE: The downloaded script takes a number of parameters to control how Defender is installed. +To see the default parameters, open Console, go to **Manage > Defenders > Deploy**, and examine how the script is configured based on the options you select. diff --git a/openapi-specs/compute/33-02/desc/scripts/scripts.md b/openapi-specs/compute/33-02/desc/scripts/scripts.md new file mode 100644 index 000000000..95aca2460 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/scripts/scripts.md @@ -0,0 +1 @@ +Download the scripts used in the Prisma Cloud Compute environment. diff --git a/openapi-specs/compute/33-02/desc/serverless/download_get.md b/openapi-specs/compute/33-02/desc/serverless/download_get.md new file mode 100644 index 000000000..a8e49ff25 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/serverless/download_get.md @@ -0,0 +1,17 @@ +Downloads all serverless scan reports in CSV format. + +This endpoint maps to the CSV hyperlink in **Monitor > Vulnerabilities > Functions > Scanned functions** in the Console UI. + +### cURL Request + +The following cURL command retrieves a list of all serverless resources monitored by Prisma Cloud Compute and saves the results in a CSV file called `serverless.csv`: + +```bash +$ curl -k \ + -u \ + -X GET \ + 'https:///api/v/serverless/download' \ + > serverless.csv +``` + +A successful response displays the status of the download. diff --git a/openapi-specs/compute/33-02/desc/serverless/embed_post.md b/openapi-specs/compute/33-02/desc/serverless/embed_post.md new file mode 100644 index 000000000..6cce784b8 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/serverless/embed_post.md @@ -0,0 +1,11 @@ +The following curl command uses basic auth to retrieve a list of all Serverless resources that monitored by Prisma Cloud Compute, and save the results to a CSV file: + +```bash +$ curl -k \ + -X POST \ + -H "Content-Type: application/octet-stream" \ + -u \ + --data-binary @ \ + 'http://:8083/api/v1/serverless/embed?runtime=&handler=&function=' \ + -o twistlock_lambda.zip +``` diff --git a/openapi-specs/compute/33-02/desc/serverless/evaluate_post.md b/openapi-specs/compute/33-02/desc/serverless/evaluate_post.md new file mode 100644 index 000000000..f24bf10f4 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/serverless/evaluate_post.md @@ -0,0 +1 @@ +Adds vulnerability data for the given functions. \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/serverless/get.md b/openapi-specs/compute/33-02/desc/serverless/get.md new file mode 100644 index 000000000..aee50492f --- /dev/null +++ b/openapi-specs/compute/33-02/desc/serverless/get.md @@ -0,0 +1,21 @@ +Retrieves all scan reports for the serverless functions which Prisma Cloud has been configured to scan. + +> _**Note:**_ + * The API rate limit for this endpoint is 30 requests per 30 seconds. You get an HTTP error response 429 if the limit exceeds. + * The query parameters `issueType` is not supported for this API endpoint. + +This endpoint maps to **Monitor > Vulnerabilities > Functions > Scanned functions** in the Console UI. + +### cURL Request + +Refer to the following example cURL command that retrieves the scan reports for serverless functions: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https:///api/v/serverless +``` + +A successful response returns the scan reports. diff --git a/openapi-specs/compute/33-02/desc/serverless/names_get.md b/openapi-specs/compute/33-02/desc/serverless/names_get.md new file mode 100644 index 000000000..3cab17092 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/serverless/names_get.md @@ -0,0 +1,13 @@ +Retrieves a list of names of all Serverless resources monitored by Prisma Cloud Compute. + +_**Note:**_ The query parameters `issueType` is not supported for this API endpoint. + +The following curl command uses basic auth to retrieve a list of names of all Serverless resources monitored by Prisma Cloud Compute: + +```bash +$ curl -k \ + -X GET \ + -H "Content-Type: application/json" \ + -u \ + http:///api/v/serverless/names \ +``` diff --git a/openapi-specs/compute/33-02/desc/serverless/scan_post.md b/openapi-specs/compute/33-02/desc/serverless/scan_post.md new file mode 100644 index 000000000..159285349 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/serverless/scan_post.md @@ -0,0 +1,12 @@ +Re-scan all serverless functions immediately. + +### cURL Request + +Refer to the following example cURL command that forces Prisma Cloud Compute to re-scan all serverless functions: + +```bash +$ curl -k \ + -u \ + -X POST \ + https:///api/v/serverless/scan +``` diff --git a/openapi-specs/compute/33-02/desc/serverless/serverless.md b/openapi-specs/compute/33-02/desc/serverless/serverless.md new file mode 100644 index 000000000..5c6846b6c --- /dev/null +++ b/openapi-specs/compute/33-02/desc/serverless/serverless.md @@ -0,0 +1 @@ +Scan reports for your serverless functions. diff --git a/openapi-specs/compute/33-02/desc/serverless/stop_post.md b/openapi-specs/compute/33-02/desc/serverless/stop_post.md new file mode 100644 index 000000000..763710842 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/serverless/stop_post.md @@ -0,0 +1,12 @@ +Stops the ongoing serverless scan. + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -X POST \ + https:///api/v/serverless/stop +``` diff --git a/openapi-specs/compute/33-02/desc/settings/alerts_get.md b/openapi-specs/compute/33-02/desc/settings/alerts_get.md new file mode 100644 index 000000000..060114c39 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/settings/alerts_get.md @@ -0,0 +1,9 @@ +Retrieves a list of your alert settings. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https://:8083/api/v1/settings/alerts +``` diff --git a/openapi-specs/compute/33-02/desc/settings/alerts_options_get.md b/openapi-specs/compute/33-02/desc/settings/alerts_options_get.md new file mode 100644 index 000000000..095c1f1b7 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/settings/alerts_options_get.md @@ -0,0 +1,11 @@ +This endpoint will return the alert profile configuration options that can be found in the console under the alert type selection when setting up a new alert profile. + +The following example curl command uses basic auth to retrieve all alert profile configuration options: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https://:8083/api/v1/settings/alerts/options +``` diff --git a/openapi-specs/compute/33-02/desc/settings/alerts_post.md b/openapi-specs/compute/33-02/desc/settings/alerts_post.md new file mode 100644 index 000000000..3acb8d543 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/settings/alerts_post.md @@ -0,0 +1,17 @@ +Configure alerts. + +The following example curl command sets the aggregation period for alerts to one hour. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + -d \ +'{ + "aggregationPeriodMs": 3600000, + "consoleAddress": "https://:8083", + "securityAdvisorWebhook": "" +}' \ + https://:8083/api/v1/settings/alerts +``` diff --git a/openapi-specs/compute/33-02/desc/settings/certificates_post.md b/openapi-specs/compute/33-02/desc/settings/certificates_post.md new file mode 100644 index 000000000..fbdc8a5a9 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/settings/certificates_post.md @@ -0,0 +1,19 @@ +Sets a certificate authority (CA) to trust and the validity period for client certificates. + +Use client certificates to authenticate commands sent from the Docker client through Prisma Cloud Compute. + +For more information, see [Certificates](https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin-compute/configure/certificates). + +## cURL Request + +Refer to the following example cURL request that uses basic auth to set the validity period for client certificates to seven days: + +```bash +curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -w "\nResponse code: %{http_code}\n" \ + -X POST \ + -d '{"certificatePeriodDays": 7} ' \ + "https:///api/v/settings/certificates" +``` diff --git a/openapi-specs/compute/33-02/desc/settings/certs_get.md b/openapi-specs/compute/33-02/desc/settings/certs_get.md new file mode 100644 index 000000000..ba6674a3c --- /dev/null +++ b/openapi-specs/compute/33-02/desc/settings/certs_get.md @@ -0,0 +1,14 @@ +Returns the Subject Alternative Name(s) (SANs) in Console's certificate. +Defenders use these names to connect to Console. + +## cURL Request + +Refer to the following example cURL request that uses basic auth to retrieve the SANs in Console's cert: + +```bash +curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/settings/certs" +``` diff --git a/openapi-specs/compute/33-02/desc/settings/certs_post.md b/openapi-specs/compute/33-02/desc/settings/certs_post.md new file mode 100644 index 000000000..a6e429006 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/settings/certs_post.md @@ -0,0 +1,31 @@ +Adds or deletes Subject Alternative Name(s) (SANs) in Prisma Cloud Compute's certificate. +Defenders use these names to connect to Prisma Cloud Compute. + +SANs are set in a single shot. +You should first retrieve the list of SANs with the GET method. +Then add or remove entries from the `consoleSAN` array, and post the updated JSON object. + +For more information, see [Certificates](https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin-compute/configure/certificates). + +## cURL Request + +Refer to the following example cURL request that uses basic auth to add `node-01.example.com` to the `subjectAltName` field in the certificate: + +```bash +curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -w "\nResponse code: %{http_code}\n" \ + -X POST \ + -d ' + { + "consoleSAN": [ + "10.240.0.34", + "172.17.0.1", + "ian-23.c.cto-sandbox.internal", + "127.0.0.1", + "node-01.example.com" + ] + }' \ + "https:///api/v/settings/certs" +``` diff --git a/openapi-specs/compute/33-02/desc/settings/coderepos_get.md b/openapi-specs/compute/33-02/desc/settings/coderepos_get.md new file mode 100644 index 000000000..6cbfb78cb --- /dev/null +++ b/openapi-specs/compute/33-02/desc/settings/coderepos_get.md @@ -0,0 +1,28 @@ +Retrieves the list of code repositories Prisma Cloud is configured to scan. +It also retrieves a partial webhook URL. + +> _**Note:**_ The API rate limit for this endpoint is 30 requests per 30 seconds. +You get an HTTP error response 429 if the limit exceeds. + +This endpoint maps to **Defend > Vulnerabilities > Code repositories** in the Console UI page. + +* **GitHub repositories scan scope** table data +* URL suffix in **Webhook settings** + +### Webhook + +You can optionally configure your code repositories with a webhook to trigger Prisma Cloud to scan repositories when there are pertinent events (e.g., new code commits). + +Construct the full webhook using Console's publicly accessible DNS name or IP address, plus the webhook URL suffix. + +### cURL Request + +Refer to the following example cURL command that retrieves all code repositories to scan, as well as the webhook URL suffix: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + 'https:///api/v/settings/coderepos' +``` diff --git a/openapi-specs/compute/33-02/desc/settings/coderepos_put.md b/openapi-specs/compute/33-02/desc/settings/coderepos_put.md new file mode 100644 index 000000000..28a679762 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/settings/coderepos_put.md @@ -0,0 +1,68 @@ +Updates the code repositories to scan. +The list of code repositories to scan is updated in a single shot. + +To invoke this endpoint in the Console UI: + +1. Navigate to **Defend > Vulnerabilities > Code repositories**. +2. Under the **GitHub repositories scan scope** table, add a scope item using **+ Add scope** + + **Note:** If your table is not present add an item to the table by clicking **Add the first item**. + +3. Click the **Save** button. + +### General Set up and Scan Process + +This endpoint works hand-in-hand with the `/policies` endpoints. + +**To set up Prisma Cloud to scan your code repositories:** + +1. Add a scan scope with this endpoint (`/settings/coderepos`), where the principle component is the account information for the service that hosts your code repositories. + + For example, specify the the credentials of your GitHub account. + You can further refine the scope by specifying which repos to scan using explicit strings or pattern matching. + Scan all repos by specifying a wildcard. + +2. Prisma Cloud auto-discovers all code repositories in each scan scope. + + The system invokes the GET `/coderepos/discover` endpoint to discover the available repositories using the credential ID provided. + +3. The list of auto-discovered code repositories is passed to the scanner for evaluation. + + The scanner uses the corresponding `/policies/vulnerability/coderepos` endpoint to assess each code repository. + +### cURL Request + +Each scan scope is specified as an element in the endpoint's payload array. +Itemize the repositories to scan in the `repositories` array. +A wildcard tells Prisma Cloud to scan all repos in the account. + +The critical fields for this endpoint are: + +* `type` - Hosting service, such as GitHub (`github`) +* `credentialID` - Credential, from the credentials store, that Prisma Cloud uses to authenticate with the hosting service. +* `repositories` - List of repository names. +The format is `/`. + +Refer to the following example cURL command that overwrites all code repository scan scopes with a single new scan scope: + +```bash +$ curl 'https:///api/v/settings/coderepos' \ + -k \ + -X PUT \ + -u \ + -H 'Content-Type: application/json' \ + -d \ +'[ + { + "type":"github", + "publicOnly":false, + "credentialID":"", + "repositories":[ + "*" + ] + } +]' +``` +This scan scope includes all repositories in the GitHub account that can be accessed with `CREDENTIAL_ID`. + +**Note:** No response will be returned upon successful execution. diff --git a/openapi-specs/compute/33-02/desc/settings/console-certificates_post.md b/openapi-specs/compute/33-02/desc/settings/console-certificates_post.md new file mode 100644 index 000000000..5673af840 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/settings/console-certificates_post.md @@ -0,0 +1,18 @@ +Configures the custom certificate for securing browser access to the Console. + +These settings can be seen in the console under **Manage > Authentication > System Certificates**. + +For the custom TLS certificate for securing browser access, this file must be in the concatenated public cert and private key in PEM format. For more information about this configuration, see [Custom certs for Console access](https://docs.paloaltonetworks.com/prisma/prisma-cloud/30/prisma-cloud-compute-edition-admin/configure/custom_certs_predefined_dir) + +## cURL Request + +Refer to the following example cURL request that uses basic auth and configures the custom certificate to use for securing browser access to the console: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + -d '{"consoleCustomCert":"....."}' \ + "https:///api/v/settings/console-certificate" +``` diff --git a/openapi-specs/compute/33-02/desc/settings/custom-labels_get.md b/openapi-specs/compute/33-02/desc/settings/custom-labels_get.md new file mode 100644 index 000000000..a849dd8a8 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/settings/custom-labels_get.md @@ -0,0 +1,13 @@ +Returns the list of alert labels configured in Prisma Cloud Compute. + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https:///api/v/settings/custom-labels +``` diff --git a/openapi-specs/compute/33-02/desc/settings/custom-labels_post.md b/openapi-specs/compute/33-02/desc/settings/custom-labels_post.md new file mode 100644 index 000000000..6bb66e706 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/settings/custom-labels_post.md @@ -0,0 +1,14 @@ +Creates a custom alert label to augment audit events. + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + -d "{labels:"new_label"}" \ + "https:///api/v/settings/custom-labels" +``` diff --git a/openapi-specs/compute/33-02/desc/settings/defender_get.md b/openapi-specs/compute/33-02/desc/settings/defender_get.md new file mode 100644 index 000000000..ecb8b6989 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/settings/defender_get.md @@ -0,0 +1,15 @@ +Returns the advanced settings for Defenders. + +### cURL Request + +Refer to the following example cURL command that gets all advanced settings for Defenders: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + 'https:///api/v/settings/defender' +``` + +A successful response returns all advanced settings for Defenders. diff --git a/openapi-specs/compute/33-02/desc/settings/forensic_get.md b/openapi-specs/compute/33-02/desc/settings/forensic_get.md new file mode 100644 index 000000000..9c16b70b9 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/settings/forensic_get.md @@ -0,0 +1,9 @@ +Retrieves the settings for the forensics system. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https://:8083/api/v1/settings/forensic +``` diff --git a/openapi-specs/compute/33-02/desc/settings/forensic_post.md b/openapi-specs/compute/33-02/desc/settings/forensic_post.md new file mode 100644 index 000000000..31f809d39 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/settings/forensic_post.md @@ -0,0 +1,17 @@ +Configures the forensics system. + +The following example curl command allocates 100 MB of local disk space for container forensic data and 10 MB for host forensics data. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + -d \ +'{ + "enabled": true, + "containerDiskUsageMb": 100, + "hostDiskUsageMb": 10 +}' \ + https://:8083/api/v1/settings/forensic +``` diff --git a/openapi-specs/compute/33-02/desc/settings/initialized_get.md b/openapi-specs/compute/33-02/desc/settings/initialized_get.md new file mode 100644 index 000000000..3134912d1 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/settings/initialized_get.md @@ -0,0 +1,12 @@ +Checks whether Console has been configured with an initial admin account. +After first installing Console, the first thing you must do is create an admin account. + +Example curl command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https://:8083/api/v1/settings/initialized +``` diff --git a/openapi-specs/compute/33-02/desc/settings/intelligence-windows_post.md b/openapi-specs/compute/33-02/desc/settings/intelligence-windows_post.md new file mode 100644 index 000000000..c39e256d2 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/settings/intelligence-windows_post.md @@ -0,0 +1,12 @@ +This endpoint will enable or disable the Windows Intelligence Service from **Manage > System > Intelligence** page in the console. + +The following example curl command uses basic auth to enable online updates of Windows vulnerabilities from the intelligence stream: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + -d '{"windowsFeedEnabled":true}' \ + https://:8083/api/v1/settings/intelligence-windows +``` diff --git a/openapi-specs/compute/33-02/desc/settings/intelligence_get.md b/openapi-specs/compute/33-02/desc/settings/intelligence_get.md new file mode 100644 index 000000000..26c694246 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/settings/intelligence_get.md @@ -0,0 +1,13 @@ +Returns the details about the Intelligence Stream configuration. + +### cURL Request + +Refer to the following example cURL command that uses basic auth to retrieve your Intelligence Stream configuration settings. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/settings/intelligence" +``` diff --git a/openapi-specs/compute/33-02/desc/settings/intelligence_post.md b/openapi-specs/compute/33-02/desc/settings/intelligence_post.md new file mode 100644 index 000000000..74b06a3a0 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/settings/intelligence_post.md @@ -0,0 +1,21 @@ +Configures the Intelligence Stream. + +For more information, see [Intelligence Stream](https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin-compute/technology_overviews/intel_stream) + +### cURL Request + +Refer to the following example cURL command that uses basic auth to configure settings of your Intelligence Stream. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + -d ' { + "windowsFeedEnabled": true, + "enabled": true, + "address": "https://intelligence.example.com", + "token": "", +}' \ + "https:///api/v/settings/intelligence" +``` diff --git a/openapi-specs/compute/33-02/desc/settings/latest-version_get.md b/openapi-specs/compute/33-02/desc/settings/latest-version_get.md new file mode 100644 index 000000000..c443fa7b5 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/settings/latest-version_get.md @@ -0,0 +1,11 @@ +Retrieves the version number of the latest available Prisma Cloud Compute release. + +Example curl command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + 'https://:8083/api/v1/settings/latest-version' +``` diff --git a/openapi-specs/compute/33-02/desc/settings/latest_version_get.md b/openapi-specs/compute/33-02/desc/settings/latest_version_get.md new file mode 100644 index 000000000..18e436668 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/settings/latest_version_get.md @@ -0,0 +1,9 @@ +This endpoint will return the latest version of the product. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https://:8083/api/v1/settings/latest-version +``` diff --git a/openapi-specs/compute/33-02/desc/settings/ldap_get.md b/openapi-specs/compute/33-02/desc/settings/ldap_get.md new file mode 100644 index 000000000..4ad0ad0c9 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/settings/ldap_get.md @@ -0,0 +1,34 @@ +Returns the LDAP integration settings. + +## cURL Request + +Refer to the following example cURL request: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/settings/ldap" +``` + +## cURL Response + +Refer to the following example cURL response: + +```bash +$ { + "enabled": true, + "url": "ldap://10.176.135.212:379", + "caCert": "", + "searchBase": "", + "groupSearchBase": "ou=Groups,dc=example,dc=org", + "userSearchBase": "ou=Users,dc=example,dc=org", + "accountUpn": "cn=admin,dc=example,dc=org", + "accountPassword": { + "encrypted": "nkMtVY4NN9RccvbVIfLvJw==" + }, + "type": "openldap", + "userSearchIdentifier": "cn" +} +``` diff --git a/openapi-specs/compute/33-02/desc/settings/ldap_post.md b/openapi-specs/compute/33-02/desc/settings/ldap_post.md new file mode 100644 index 000000000..c152c7dc5 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/settings/ldap_post.md @@ -0,0 +1,27 @@ +Configures the LDAP integration. + +For more information, see [Active Directory](https://docs.paloaltonetworks.com/prisma/prisma-cloud/30/prisma-cloud-compute-edition-admin/authentication/active_directory) and [OpenLDAP](https://docs.paloaltonetworks.com/prisma/prisma-cloud/30/prisma-cloud-compute-edition-admin/authentication/openldap) + +## cURL Request + +Refer to the following example cURL command that enables the LDAP integration and specifies the parameters required to integrate with an Active Directory service. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + -d \ +'{ + "enabled": true, + "url": "ldap://ldapserver.example.com:3268", + "searchBase": "dc=example,dc=com", + "accountUpn": "example_service@example.com", + "accountPassword": { + "plain": "pass!-W0RD" + }, + "type": "activedirectory", + "userSearchIdentifier": "userprincipalname" +}' \ + "https:///api/v/settings/ldap" +``` diff --git a/openapi-specs/compute/33-02/desc/settings/license_get.md b/openapi-specs/compute/33-02/desc/settings/license_get.md new file mode 100644 index 000000000..5c792cae8 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/settings/license_get.md @@ -0,0 +1,13 @@ +Returns the details about the installed license. + +## cURL Request + +Refer to the following example cURL request that retrieves the license details. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/settings/license" +``` diff --git a/openapi-specs/compute/33-02/desc/settings/license_post.md b/openapi-specs/compute/33-02/desc/settings/license_post.md new file mode 100644 index 000000000..b77800a5f --- /dev/null +++ b/openapi-specs/compute/33-02/desc/settings/license_post.md @@ -0,0 +1,17 @@ +Configures the Prisma Cloud Compute license. +Use this endpoint, along with `/api/v1/signup`, as part of the initial set up flow after Prisma Cloud Compute is first installed. + +For more information, see [Licensing](https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin-compute/welcome/licensing). + +## cURL Request + +Refer to the following example cURL request that uses basic auth to set your license: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + -d '{"key": ""}' \ + https:///api/v/settings/license +``` diff --git a/openapi-specs/compute/33-02/desc/settings/logging_get.md b/openapi-specs/compute/33-02/desc/settings/logging_get.md new file mode 100644 index 000000000..6eda3e484 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/settings/logging_get.md @@ -0,0 +1,13 @@ +Returns the logging settings. + +## cURL Request + +Refer to the following example cURL request that uses basic auth to retrieve your logging details. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/settings/logging" +``` diff --git a/openapi-specs/compute/33-02/desc/settings/logging_post.md b/openapi-specs/compute/33-02/desc/settings/logging_post.md new file mode 100644 index 000000000..3619d9c0f --- /dev/null +++ b/openapi-specs/compute/33-02/desc/settings/logging_post.md @@ -0,0 +1,30 @@ +Configures the logging settings. +This includes Syslog, Stdout, and Prometheus instrumentation. + +For more information, see [Logging](https://docs.paloaltonetworks.com/prisma/prisma-cloud/30/prisma-cloud-compute-edition-admin/audit/logging). + +## cURL Request + +Refer to the following example cURL request that enables verbose scan output for syslog and stdout: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + -d \ +'{ + "syslog": { + "enabled": true, + "verboseScan": true, + "allProcEvents": false, + "addr": "" + }, + "stdout": { + "enabled": true, + "verboseScan": true, + "allProcEvents": false, + } +}' \ + "https:///api/v/settings/logging" +``` diff --git a/openapi-specs/compute/33-02/desc/settings/logon_get.md b/openapi-specs/compute/33-02/desc/settings/logon_get.md new file mode 100644 index 000000000..1559f2405 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/settings/logon_get.md @@ -0,0 +1,13 @@ +Configures the logon settings. + +## cURL Request + +Refer to the following example cURL request that uses basic auth to retrieve all current logon settings. + +```bash +curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/settings/logon" +``` diff --git a/openapi-specs/compute/33-02/desc/settings/logon_post.md b/openapi-specs/compute/33-02/desc/settings/logon_post.md new file mode 100644 index 000000000..5c2b60c9f --- /dev/null +++ b/openapi-specs/compute/33-02/desc/settings/logon_post.md @@ -0,0 +1,17 @@ +Configures the timeout for Prisma Cloud Compute sessions. + +For more information, see [Logon Settings](https://docs.paloaltonetworks.com/prisma/prisma-cloud/30/prisma-cloud-compute-edition-admin/configure/logon_settings). + +## cURL Request + +Refer to the following example cURL request that uses basic auth to set the timeout to 900 seconds (15 minutes): + +```bash +curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -w "\nResponse code: %{http_code}\n" \ + -X POST \ + -d '{"sessionTimeoutSec": 900}' \ + "https:///api/v/settings/logon" +``` diff --git a/openapi-specs/compute/33-02/desc/settings/oauth_get.md b/openapi-specs/compute/33-02/desc/settings/oauth_get.md new file mode 100644 index 000000000..6dcf70fb5 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/settings/oauth_get.md @@ -0,0 +1,37 @@ +Returns the OAuth configuration settings. + +## cURL Request + +Refer to the following example cURL request: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/settings/oauth" +``` + +## cURL Response + +Refer to the following example cURL response: + +```bash +{ + "enabled": true, + "clientID": "ef3a806a249a31b7d15e", + "clientSecret": { + "encrypted": "O27GsQ7PDX4LrVx6q+A7sMLUAKTbKU3DAYTZyaOhqTqdNwI7raKFCA3/RrmRPUgk" + }, + "providerName": "github", + "authURL": "https://github.com/login/oauth/authorize", + "tokenURL": "https://github.com/login/oauth/access_token", + "groupScope": "", + "groupClaim": "", + "userClaim": "", + "cert": "", + "openshiftBaseURL": "", + "openIDIssuesURL": "", + "providerAlias": "github_ss" +} +``` \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/settings/oauth_post.md b/openapi-specs/compute/33-02/desc/settings/oauth_post.md new file mode 100644 index 000000000..c593b9237 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/settings/oauth_post.md @@ -0,0 +1,16 @@ +Configures the OAuth settings. + +For more information, see [GitHub OAuth](https://docs.paloaltonetworks.com/prisma/prisma-cloud/30/prisma-cloud-compute-edition-admin/authentication/oauth2_github) and [OpenShift](https://docs.paloaltonetworks.com/prisma/prisma-cloud/30/prisma-cloud-compute-edition-admin/authentication/oauth2_openshift) + +## cURL Request + +Refer to the following example cURL response: + +```bash +curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + -d '{"clientID":"ef3a806a249a31b7d15e","clientSecret":{"encrypted":"O27GsQ7PDX4LrVx6q+A7sMLUAKTbKU3DAYTZyaOhqTqdNwI7raKFCA3/RrmRPUgk"},"providerName":"github","authURL":"https://github.com/login/oauth/authorize","tokenURL":"https://github.com/login/oauth/access_token","providerAlias":"github_ss"}' \ + "https:///api/v/settings/oauth" +``` diff --git a/openapi-specs/compute/33-02/desc/settings/oidc_get.md b/openapi-specs/compute/33-02/desc/settings/oidc_get.md new file mode 100644 index 000000000..ee439622b --- /dev/null +++ b/openapi-specs/compute/33-02/desc/settings/oidc_get.md @@ -0,0 +1,37 @@ +Returns the OpenID Connect configuration settings. + +## cURL Request + +Refer to the following example cURL request: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/settings/oidc" +``` + +## cURL Response + +Refer to the following example cURL response: + +```bash +$ { + "enabled": true, + "clientID": "0oajdm6atavfYyJfr4x6", + "clientSecret": { + "encrypted": "rnEk+1be20FLv+BYnDX4s5/T0NOb49hkNkaZQtgiF7K2s65" + }, + "providerName": "", + "authURL": "", + "tokenURL": "", + "groupScope": "groups", + "groupClaim": "groups", + "userClaim": "", + "cert": "", + "openshiftBaseURL": "", + "openIDIssuesURL": "https://ss-123456.okta.com", + "providerAlias": "oidc_okta_ss" +} +``` diff --git a/openapi-specs/compute/33-02/desc/settings/oidc_post.md b/openapi-specs/compute/33-02/desc/settings/oidc_post.md new file mode 100644 index 000000000..e0270247e --- /dev/null +++ b/openapi-specs/compute/33-02/desc/settings/oidc_post.md @@ -0,0 +1,16 @@ +Configures the OpenID Connect settings. + +For more information, see [OIDC](https://docs.paloaltonetworks.com/prisma/prisma-cloud/30/prisma-cloud-compute-edition-admin/authentication/oidc). + +## cURL Request + +Refer to the following example cURL request: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + -d '{"enabled": true,"clientID":"0oajdm6atavfYyJfr4x6","clientSecret":{"encrypted":"rnEk+1be20FLv+BYnDX4s5/T0NOb49hkNkaZQtgiF7K2s65"},"groupScope":"groups","groupClaim":"groups","openIDIssuesURL":"https://ss-123456.okta.com","providerAlias":"oidc_okta_ss"}' \ + "https:///api/v/settings/oidc" +``` \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/settings/pcf_get.md b/openapi-specs/compute/33-02/desc/settings/pcf_get.md new file mode 100644 index 000000000..5dc21eb17 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/settings/pcf_get.md @@ -0,0 +1,11 @@ +This endpoint will return settings for PCF (Pivotal Cloud Foundry)Blobstore scanning, which can be found in the console under **Defend > Vulnerabilities > PCF Blobstore**. This requires that you have a defender configured for PCF Blobstore scanning. For more information, see [PCF blobstore scanning](https://docs.twistlock.com/docs/latest/vulnerability_management/pcf_blobstore.html). + +The following example curl command uses basic auth to retrieve the current PCF Blobstore scanning settings: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https://:8083/api/v1/settings/pcf +``` diff --git a/openapi-specs/compute/33-02/desc/settings/pcf_post.md b/openapi-specs/compute/33-02/desc/settings/pcf_post.md new file mode 100644 index 000000000..139e947cb --- /dev/null +++ b/openapi-specs/compute/33-02/desc/settings/pcf_post.md @@ -0,0 +1,13 @@ +This endpoint will allow for updating settings for PCF (Pivotal Cloud Foundry) Blobstore scanning. + +The following example curl command uses basic auth to set up a PCF Blobstore scanner that scans the last `5` droplets for every droplet in the PCF Blobstore: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + -d '{"cap":"5","cloudControllerAddress":"https://my-cloud-controller.twistlock.com","pattern":"*"}' \ + https://:8083/api/v1/settings/pcf +``` + diff --git a/openapi-specs/compute/33-02/desc/settings/projects_get.md b/openapi-specs/compute/33-02/desc/settings/projects_get.md new file mode 100644 index 000000000..f5dd20395 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/settings/projects_get.md @@ -0,0 +1,24 @@ +Tells you whether the [Projects](https://docs.twistlock.com/docs/latest/deployment_patterns/projects.html) feature is enabled. +Projects are enabled when an instance of Console is designated as master. + +The following example curl command retrieves the state of the Projects feature from Console. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https://:8083/api/v1/settings/projects +``` + +If you direct the request to a supervisor Console, the response object tells you the URL Central Console (master) uses to communicate with the supervisor Console. +All API calls must be proxied through Central Console, where the request is automatically rerouted to the appropriate supervisor Console. +To retrieve the Projects settings from a supervisor Console, append the `project` query parameter to your request. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https://:8083/api/v1/settings/projects?project= +``` diff --git a/openapi-specs/compute/33-02/desc/settings/projects_post.md b/openapi-specs/compute/33-02/desc/settings/projects_post.md new file mode 100644 index 000000000..d29f8e9d5 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/settings/projects_post.md @@ -0,0 +1,16 @@ +Enables or disables the [Projects](https://docs.twistlock.com/docs/latest/deployment_patterns/projects.html) feature. +Projects are enabled when an instance of Console is designated as master. + +The following example curl command designates `` as master. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + -d \ +'{ + "master":true + }' \ + https://:8083/api/v1/settings/projects +``` diff --git a/openapi-specs/compute/33-02/desc/settings/proxy_get.md b/openapi-specs/compute/33-02/desc/settings/proxy_get.md new file mode 100644 index 000000000..9a4922d59 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/settings/proxy_get.md @@ -0,0 +1,13 @@ +Returns the proxy settings for Prisma Cloud Compute containers to access the Internet. + +## cURL Request + +Refer to the following example cURL request: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/settings/proxy" +``` diff --git a/openapi-specs/compute/33-02/desc/settings/proxy_post.md b/openapi-specs/compute/33-02/desc/settings/proxy_post.md new file mode 100644 index 000000000..a1bdc07ed --- /dev/null +++ b/openapi-specs/compute/33-02/desc/settings/proxy_post.md @@ -0,0 +1,19 @@ +Configures the proxy settings. + +For more information, see [Proxy Settings](https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin-compute/configure/proxy). + +## cURL Request + +Refer to the following example cURL request that specifies the proxy to use to access the Internet: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + -d \ +'{ + "httpProxy":"http://proxyserver.example.com:8282" +}' \ + https:///api/v/settings/proxy +``` diff --git a/openapi-specs/compute/33-02/desc/settings/registry_get.md b/openapi-specs/compute/33-02/desc/settings/registry_get.md new file mode 100644 index 000000000..12745005d --- /dev/null +++ b/openapi-specs/compute/33-02/desc/settings/registry_get.md @@ -0,0 +1,25 @@ +Retrieves the list of registries Prisma Cloud is configured to scan. +It also retrieves a partial webhook URL. + +This endpoint maps to the following information on the **Defend > Vulnerabilities > Images > Registry settings** Console UI page: + +* **Registries** table data +* The URL suffix under **Webhooks** + +### Webhook + +You can optionally configure your registry with a webook to trigger Prisma Cloud to scan repositories when there is a pertinent event (e.g. a new image is pushed to the registry). + +Construct the full webhook using the publicly accessible DNS name or IP address, plus the webhook URL suffix. + +### cURL Request + +The following cURL command retrieves all the registries to scan and the URL suffix for the registry's webhook URL suffix. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + 'https:///api/v/settings/registry' +``` diff --git a/openapi-specs/compute/33-02/desc/settings/registry_post.md b/openapi-specs/compute/33-02/desc/settings/registry_post.md new file mode 100644 index 000000000..efabf4e67 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/settings/registry_post.md @@ -0,0 +1,88 @@ +Specifies a single registry to scan. + +Each registry to scan is specified as an item in the `specifications` array. +The POST method appends an entry to the `specifications` array. +In contrast, the PUT method adds all registries in a single shot, completely overwriting any previous configuration by replacing the contents of the `specifications` array. +For more information about the `specifications` array, see the GET endpoint. + +The `version` string specifies the type of registry to scan. +It can be one of the following strings: + +* Amazon EC2 Container Registry: `aws` +* Azure Container Registry: `azure` +* CoreOS Quay: `coreos` +* Docker Registry v2: `2` +* Docker Trusted Registry: `dtr` +* Google Container Registry: `gcr` +* GitLab Container Registry: `gitlab` +* Harbor Registry: `harbor` +* IBM Cloud Container Registry: `bluemix` +* JFrog Artifactory: `jfrog` +* Red Hat OpenShift: `redhat` +* Sonatype Nexus: `sonatype` + +**Note**: From Lagrange 22.11 release or later, you can add a maximum of 19,999 registry entries in **Defend > Vulnerabilities > Images > Registry settings**. + +The API response returns an HTTP 400 error if the number of registry specifications exceeds the maximum allowable limit of 19,999 registry entries. + +**cURL Request** + +Refer to the following example cURL command that configures Prisma Cloud Compute to scan the Ubuntu 16.04 repository on Docker Hub: + +```bash +curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + -d ' + { + "version": "2", + "registry": "", + "repository": "library/ubuntu", + "tag": "16.04", + "os": "linux", + "cap": 5, + "hostname": "", + "scanners": 2, + "collections": ["All"] + } ' \ + 'https:///api/v/settings/registry' +``` + +Starting with 30.03, you can directly add a GitLab Container Registry. +To add settings for a GitLab Container Registry, you must specify the following parameters: + +* **version**: Specify the value *gitlab* for GitLab Container Registry. +* **registry**: Specify the GitLab registry URL address. For example, for native registries, you can specify the address as "https://registry.gitlab.com" +* **credentialID**: Specify the GitLab credential that you added in the credential store in Prisma Cloud Compute. For example, an API token that has at least the *read_api* scope. +* **gitlabRegistrySpec**: Specify at least one of the following fields: + * **userID**: Specify your GitLab user ID to add all registries associated with it. + * **projectIDs**: Specify the project IDs to add all registries associated with a GitLab project. + * **groupIDs**: Specify the group ID to add all registries associated with a GitLab group. + * **excludedGroupIDs**: Specify the top-level group IDs that you don't want to add. + +Refer to the following example cURL command: + +```bash +curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + -d ' + { + "version":"gitlab", + "registry":"https://registry.gitlab.com", + "namespace":"", + "repository":"", + "tag":"", + "credentialID":"", + "os":"linux", + "harborDeploymentSecurity":false, + "collections":["All"], + "cap":5, + "scanners":2, + "versionPattern":"", + "gitlabRegistrySpec":{"userID":"14631394"} + } ' \ + 'https:///api/v/settings/registry' +``` \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/settings/registry_put.md b/openapi-specs/compute/33-02/desc/settings/registry_put.md new file mode 100644 index 000000000..3768914f6 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/settings/registry_put.md @@ -0,0 +1,136 @@ +Updates the registries to scan. +The list of registries to scan is updated in a single shot. + +To invoke this endpoint in the Console UI: + +1. Navigate to **Defend > Vulnerabilities > Images > Registry settings**. +2. Under the **Registries** table, add a registry item using **+ Add registry** +3. Click the **Save** button. + +**Note**: From 22.11 (Lagrange) release or later, you can add a maximum of 19,999 registry entries in **Defend > Vulnerabilities > Images > Registry settings**. + +The API response returns an HTTP 400 error, if the number of registry specifications exceeds the maximum allowable limit of 19,999 registry entries. + +### General Set up and Scan Process + +This endpoint works hand-in-hand with the `/policies` endpoints. + +**To set up a registry for scanning:** + +1. Add your registry account information using this endpoint. + + For example, specify the location and credentials of an ECR registry in your AWS account. + +2. Prisma Cloud auto-discovers the images in the registries specified with this endpoint. + +3. The list of auto-discovered images is passed to the scanner for evaluation. + + The scanner uses the corresponding `/policies/vulnerability/images` and `/policies/compliance/images` endpoints to assess each image. + + +### cURL Request + +Each registry to scan is specified as an item in the `specifications` array. + +**Note**: Submitting a PUT request with the `specifications` array will first erase all the existing Registry entries, and then insert the new `specifications` array from the PUT request. + +An empty body will also erase all the existing Registry entries. For more information, see [Remove a Registry](https://pan.dev/prisma-cloud/api/cwpp/put-settings-registry/#remove-a-registry). + +We recommend that you send a GET scan settings request via [Get Registry Settings](https://pan.dev/prisma-cloud/api/cwpp/get-settings-registry/) and save the JSON response before sending a PUT API request to update the Registry Settings. + +The critical fields for this endpoint are: + +* `registry` - String specifying the registry URL. +* `credentialID` - String specifying the registry credential. +* `version` - String specifying the type of registry to scan and may be one of the following strings: + +Version|Description + ---|--- + `aws`|Amazon EC2 Container Registry + `azure`|Azure Container Registry + `2`|Docker Registry v2 + `dtr`|Docker Trusted Registry + `gcr`|Google Container Registry + `jfrog`|JFrog Artifactory + `sonatype`|Sonatype Nexus + `coreos`|CoreOS Quay + `redhat`|Red Hat OpenShift + `bluemix`|IBM Cloud Container Registry + +The remaining fields in the `specifications` object (e.g., `repository`, `exclusions`, etc.) are optional. +They let you refine the scope of what Prisma Cloud auto-discovers. + +**Note:** An empty string in `registry` implicitly refers to Docker Hub. +In `repository`, use the `library/` namespace to specify a [Docker official image](https://docs.docker.com/docker-hub/official_images/). +To see the current list of Docker official images, see [here](https://github.com/docker-library/official-images/tree/master/library). + +#### Set up a Private Registry for Scanning + +Most registries you'll configure for scanning will be private. +Prisma Cloud needs credentials to access private registries. +To set this up: + +* Create the credentials with the `/credentials` endpoint. +* Retrieve the credential ID from the `/credentials` endpoint (`_id`). +* Create the registry setting with the recommended minimum required fields (`version`, `registry`, and `credentialID`). + +#### Example cURL Request + +The following cURL command overwrites the current list of registries to scan with two new registries: + +* The official Ubuntu 18.04 image in Docker Hub +* All repositories in a private AWS ECR registry + +```bash +$ curl 'https:///api/v/settings/registry' \ + -k \ + -X PUT \ + -u \ + -H 'Content-Type: application/json' \ + -d \ + '{ + "specifications": [ + { + "version": "2", + "registry": "", + "repository": "library/ubuntu", + "tag": "18.04", + "os": "linux", + "cap": 5, + "credentialID": "", + "scanners": 2, + "collections": ["All"] + }, + { + "version": "aws", + "registry": ".dkr.ecr..amazonaws.com", + "os": "linux", + "credentialID": "", + "scanners": 2, + "cap": 5, + "collections": ["All"] + } + ] + }' +``` + +**Note:** No response will be returned upon successful execution. + +### Remove a Registry + +To remove a registry from the list: + +1. Retrieve the current list using the GET method. +2. Remove the entry from the `specifications` JSON array in the response. +3. Use the PUT method to submit the updated JSON object. + +To delete all entries, submit an empty `specifications` array. For example: + +```bash +curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X PUT \ + -d '{"specifications":[]}' \ + https:///api/v/settings/registry +``` diff --git a/openapi-specs/compute/33-02/desc/settings/saml_get.md b/openapi-specs/compute/33-02/desc/settings/saml_get.md new file mode 100644 index 000000000..f2228a440 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/settings/saml_get.md @@ -0,0 +1,13 @@ +Returns the configured SAML settings that is used to authenticate to the Prisma Cloud Compute console. + +## cURL Request + +Refer to the following example cURL request: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https:///api/v/settings/saml +``` diff --git a/openapi-specs/compute/33-02/desc/settings/saml_post.md b/openapi-specs/compute/33-02/desc/settings/saml_post.md new file mode 100644 index 000000000..0bd9c4a25 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/settings/saml_post.md @@ -0,0 +1,28 @@ +Configures the SAML settings that is used to authenticate to the Prisma Cloud Compute. + +For more information, see [Okta via SAML 2.0](https://docs.paloaltonetworks.com/prisma/prisma-cloud/30/prisma-cloud-compute-edition-admin/authentication/saml), [G Suite via SAML](https://docs.paloaltonetworks.com/prisma/prisma-cloud/30/prisma-cloud-compute-edition-admin/authentication/saml_google_g_suite), [Azure AD via SAML](https://docs.paloaltonetworks.com/prisma/prisma-cloud/30/prisma-cloud-compute-edition-admin/authentication/saml_azure_active_directory), [PingFederate via SAML](https://docs.paloaltonetworks.com/prisma/prisma-cloud/30/prisma-cloud-compute-edition-admin/authentication/saml_ping_federate), and [ADFS via SAML](https://docs.paloaltonetworks.com/prisma/prisma-cloud/30/prisma-cloud-compute-edition-admin/authentication/saml_active_directory_federation_services). + +## cURL Request + +Refer to the following example cURL request that uses the basic auth to set up and enable the SAML integration with Prisma Cloud Compute: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + -d '{ + "enabled": true, + "url": "https://my-adfs-server.twistlock.com/adfs/SSO", + "cert": "", + "issuer": "https://my-adfs-server.twistlock.com/adfs/services/trust", + "type": "adfs", + "audience": "twistlock", + "appId": "", + "tenantId": "", + "appSecret": { + "encrypted": "" + } + }' \ + "https:///api/v/settings/saml" +``` diff --git a/openapi-specs/compute/33-02/desc/settings/scan_get.md b/openapi-specs/compute/33-02/desc/settings/scan_get.md new file mode 100644 index 000000000..5c1df30a2 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/settings/scan_get.md @@ -0,0 +1,13 @@ +Returns the global settings for image, host, container, and registry scanning. + +## cURL Request + +Refer to the following example cURL request: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/settings/scan" +``` diff --git a/openapi-specs/compute/33-02/desc/settings/scan_post.md b/openapi-specs/compute/33-02/desc/settings/scan_post.md new file mode 100644 index 000000000..f043d1c9f --- /dev/null +++ b/openapi-specs/compute/33-02/desc/settings/scan_post.md @@ -0,0 +1,25 @@ +Configures the Prisma Cloud Compute scanner settings. + +For more information, see [Configure Scanning](https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin-compute/configure/configure_scan_intervals). +## cURL Request + +Refer to the following example cURL request that configures the following scan intervals: + +* Scan registries and serverless functions once per week. +* Scan images, containers, and hosts once per day. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + -d \ +'{ + "imagesScanPeriodMs":86400000, + "containersScanPeriodMs": 86400000, + "systemScanPeriodMs": 86400000, + "serverlessScanPeriodMs": 604800000, + "registryScanPeriodMs":604800000 +}' \ + "https:///api/v/settings/scan" +``` diff --git a/openapi-specs/compute/33-02/desc/settings/secrets_get.md b/openapi-specs/compute/33-02/desc/settings/secrets_get.md new file mode 100644 index 000000000..75e2b32c7 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/settings/secrets_get.md @@ -0,0 +1,11 @@ +This endpoint will return configured secret store already configured in the console. This can be found in the console under **Manage > Authentication > Secrets**. + +The following example curl command retrieves any configured secret stores, as well as the refresh period in hours: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https://:8083/api/v1/settings/secrets +``` diff --git a/openapi-specs/compute/33-02/desc/settings/secrets_post.md b/openapi-specs/compute/33-02/desc/settings/secrets_post.md new file mode 100644 index 000000000..d302ecdf8 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/settings/secrets_post.md @@ -0,0 +1,32 @@ +Updates the secret store settings found in the console under **Manage > Authentication > Secrets**. + +Please note the data structure returned from endpoint /settings/secrets GET to set in POST + +Refer to the following example curl command that adds a CyberArk secret store to the console with the appID set to `Prisma_Cloud_Compute_Console` and set the URL to `https://services-myca.twistlock.com:10882`: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + -d '{ + "secretsStores": [ + { + "name": "Cyberark", + "type": "cyberark", + "appID": "Prisma_Cloud_Compute_Console", + "url": "https://services-myca.twistlock.com:10882", + "caCert": { + "encrypted": "" + }, + "clientCert": { + "encrypted": "" + }, + "useAWSRole": false, + "region": "", + "credentialId": "", + "roleArn": "" + } + ]}' \ + https://:8083/api/v/settings/secrets +``` diff --git a/openapi-specs/compute/33-02/desc/settings/serverless-scan_get.md b/openapi-specs/compute/33-02/desc/settings/serverless-scan_get.md new file mode 100644 index 000000000..bb8ce06ba --- /dev/null +++ b/openapi-specs/compute/33-02/desc/settings/serverless-scan_get.md @@ -0,0 +1,18 @@ +Retrieves the list of serverless function scan scopes. +Serverless scan scopes specify a region and a credential. + +This endpoint maps to the **Function scope** table data in the **Defend > Vulnerabilities > Functions > Functions** Console UI. + +### cURL Request + +Refer to the following example cURL command that retrieves a list of serverless scan scopes: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + 'https:///api/v/settings/serverless-scan' +``` + +A successful response returns a list of scan scopes. diff --git a/openapi-specs/compute/33-02/desc/settings/serverless-scan_post.md b/openapi-specs/compute/33-02/desc/settings/serverless-scan_post.md new file mode 100644 index 000000000..0be8ba648 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/settings/serverless-scan_post.md @@ -0,0 +1,56 @@ +Adds serverless function providers to scan for vulnerabilities. + +To invoke this endpoint in the Console UI: + +1. Navigate to **Defend > Vulnerabilities > Functions > Functions**. +2. Under the **Function scope** table, add a registry item using **+ Add scope** + + **Note:** If the table is not present, use the **Add the first item** link. + +3. Click the **Save** button. + + +### General Set up and Scan Process + +This endpoint works hand-in-hand with the `/policies` endpoints. + +**To set up a scope for serverless scanning:** + +1. Add your scope information using this endpoint. + + For example, specify a region and credentials for accessing the AWS account. + +2. Prisma Cloud auto-discovers the serverless functions in scope. + +3. The list of auto-discovered serverless functions is passed to the scanner for evaluation. + + The scanner uses the corresponding `/policies/vulnerability/serverless` endpoint to assess each serverless function. + +### cURL Request + +Each scan scope is specified as an element in array. + +The critical fields for this endpoint are: + +* `provider` - Host provider name. For example, `aws` refers to Amazon Web Services. +* `credentialID` - ID of the credentials in the credentials store to authenticate against the service provider. + +Refer to the following example cURL command that adds serverless scan scopes to scan with a new single serverless scan scope. + +```bash +$ curl 'https:///api/v/settings/serverless-scan' \ + -k \ + -X POST \ + -u \ + -H 'Content-Type: application/json' \ + -d \ + '[ + { + "provider": "aws", + "credential":{}, + "credentialID":"IAM Role" + } + ]' +``` + +**Note:** No response will be returned upon successful execution. diff --git a/openapi-specs/compute/33-02/desc/settings/serverless_get.md b/openapi-specs/compute/33-02/desc/settings/serverless_get.md new file mode 100644 index 000000000..b6122c460 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/settings/serverless_get.md @@ -0,0 +1,11 @@ +This endpoint will return any configured serverless function scanners found in **Defend > Vulnerabilities > Functions**. + +The following example curl command uses basic auth to retrieve serverless settings in an array, sorted by Cloud Provider: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https://:8083/api/v1/settings/serverless +``` diff --git a/openapi-specs/compute/33-02/desc/settings/serverless_post.md b/openapi-specs/compute/33-02/desc/settings/serverless_post.md new file mode 100644 index 000000000..6e26ea1d3 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/settings/serverless_post.md @@ -0,0 +1,23 @@ +This endpoint will add serverless function providers to scan for vulnerabilities. + +The following example curl command uses basic auth to add a serverless account to scan for serverless functions. This is assuming that you already have the [credential](https://docs.twistlock.com/docs/latest/configure/credentials_store.html) added to the console that is needed to scan that provider: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + -d '[ + { + "provider": "aws", + "region": "us-east-1", + "pattern": "*", + "cap": 5, + "useAWSRole": false, + "credential": { + "_id": "AWS" + } + } +]' \ + https://:8083/api/v1/settings/serverless +``` \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/settings/serverless_scan_put.md b/openapi-specs/compute/33-02/desc/settings/serverless_scan_put.md new file mode 100644 index 000000000..1b4999575 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/settings/serverless_scan_put.md @@ -0,0 +1,31 @@ +Updates the serverless scan scopes. +All scan scopes are updated in a single shot. + +### cURL Request + +Each scan scope is specified as an element in array. + +The critical fields for this endpoint are: + +* `provider` - Host provider name. For example, `aws` refers to Amazon Web Services. +* `credentialID` - ID of the credentials in the credentials store to authenticate against the service provider. + +Refer to the following example cURL command that overwrites all serverless scan scopes to scan with a new single serverless scan scope: + +```bash +$ curl 'https:///api/v/settings/serverless-scan' \ + -k \ + -X PUT \ + -u \ + -H 'Content-Type: application/json' \ + -d \ + '[ + { + "provider": "aws", + "credential":{}, + "credentialID":"IAM Role" + } + ]' +``` + +**Note:** No response will be returned upon successful execution. \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/settings/settings.md b/openapi-specs/compute/33-02/desc/settings/settings.md new file mode 100644 index 000000000..050b83d4a --- /dev/null +++ b/openapi-specs/compute/33-02/desc/settings/settings.md @@ -0,0 +1 @@ +Configure your Prisma Cloud Compute installation. \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/settings/system_get.md b/openapi-specs/compute/33-02/desc/settings/system_get.md new file mode 100644 index 000000000..6f893abf0 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/settings/system_get.md @@ -0,0 +1,11 @@ +This endpoint will return all system settings in JSON format. + +The following example curl command does exactly that: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https://:8083/api/v1/settings/system +``` diff --git a/openapi-specs/compute/33-02/desc/settings/tas_get.md b/openapi-specs/compute/33-02/desc/settings/tas_get.md new file mode 100644 index 000000000..52f392433 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/settings/tas_get.md @@ -0,0 +1,13 @@ +Retrieves Tanzu Application Service (TAS) settings. + +### cURL Request + +Refer to the following example cURL command that retrieves all TAS settings: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/settings/tas" +``` \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/settings/tas_post.md b/openapi-specs/compute/33-02/desc/settings/tas_post.md new file mode 100644 index 000000000..cd783e3f4 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/settings/tas_post.md @@ -0,0 +1,22 @@ +Sets the Tanzu Application Service (TAS) settings. + +### cURL Request + +Refer to the following example cURL command that configures the TAS settings: + +```bash +$ curl 'https:///api/v/settings/tas' + -k \ + -X POST \ + -u \ + -H 'Content-Type: application/json' \ + -d \ + '[ + { + "cap": 5, + "cloudControllerAddress": "https://example.com", + "hostname": "vm-host", + "pattern": "droplet-name" + } + ]' +``` \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/settings/telemetry_get.md b/openapi-specs/compute/33-02/desc/settings/telemetry_get.md new file mode 100644 index 000000000..6460c3fc3 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/settings/telemetry_get.md @@ -0,0 +1,15 @@ +Returns the telemetry settings that anonymously reports the threats and vulnerabilities to Prisma Cloud Compute. + +For more information, see [telemetry](https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin-compute/technology_overviews/telemetry) article. + +## cURL Request + +Refer to the following example cURL request that retrieves the settings if telemetry is enabled or not: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/settings/telemetry" +``` diff --git a/openapi-specs/compute/33-02/desc/settings/telemetry_post.md b/openapi-specs/compute/33-02/desc/settings/telemetry_post.md new file mode 100644 index 000000000..bc97a6d0f --- /dev/null +++ b/openapi-specs/compute/33-02/desc/settings/telemetry_post.md @@ -0,0 +1,16 @@ +Enables or disables the telemetry feature. + +For more information, see [telemetry](https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin-compute/technology_overviews/telemetry) article. + +## cURL Request + +Refer to the following example cURL request that uses basic auth to turn off telemetry: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + -d '{"enabled":false}' \ + "https:///api/v/settings/telemetry" +``` diff --git a/openapi-specs/compute/33-02/desc/settings/trusted_certificate_post.md b/openapi-specs/compute/33-02/desc/settings/trusted_certificate_post.md new file mode 100644 index 000000000..5a2a30bda --- /dev/null +++ b/openapi-specs/compute/33-02/desc/settings/trusted_certificate_post.md @@ -0,0 +1,21 @@ +Adds a certificate to the list of explicitly trusted certificates. + +Use this endpoint to control how users authenticate to Prisma Cloud Compute. +Users employ client certificates to authenticate commands sent from a Docker client through Prisma Cloud Compute. + +> **_NOTE:_** You can only add a custom certificate if the trusted certificates mode is enabled. +For more information, see the `/settings/trusted-certificates` endpoint. + +## cURL Request + +Refer to the following example cURL request that uses basic auth to add a certificate to the list: + +```bash +curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -w "\nResponse code: %{http_code}\n" \ + -X POST \ + -d '{"certificate": "-----BEGIN CERTIFICATE-----\nMIIDUTCCAjmgAwIBAgI......XMKXJA==\n-----END CERTIFICATE-----" }' + "https:///api/v/settings/trusted-certificate" +``` diff --git a/openapi-specs/compute/33-02/desc/settings/trusted_certificates_post.md b/openapi-specs/compute/33-02/desc/settings/trusted_certificates_post.md new file mode 100644 index 000000000..78c07982b --- /dev/null +++ b/openapi-specs/compute/33-02/desc/settings/trusted_certificates_post.md @@ -0,0 +1,21 @@ +Enables authentication for just an explicit list of trusted certificates. + +Use this endpoint to control how users authenticate to Prisma Cloud Compute. +Users employ client certificates to authenticate commands sent from a Docker client through Prisma Cloud Compute. + +> **_NOTE:_** This feature can only be enabled if a custom certificate authority has been configured. +For more information, see the `/settings/certificates` endpoint. + +## cURL Request + +Refer to the following example cURL request that uses basic auth to enable this feature: + +```bash +curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -w "\nResponse code: %{http_code}\n" \ + -X POST \ + -d '{"enabled" : true }' + "https:///api/v/settings/trusted-certificates" +``` diff --git a/openapi-specs/compute/33-02/desc/settings/vm_get.md b/openapi-specs/compute/33-02/desc/settings/vm_get.md new file mode 100644 index 000000000..8043742f5 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/settings/vm_get.md @@ -0,0 +1,15 @@ +Retrieves the list of VM image scan scopes. + +This endpoint maps to the **VM images scope** table data in the **Defend > Vulnerabilities > Hosts > VM images** Console UI. + +### cURL Request + +Refer to the following example cURL command that retrieves all the scopes used for pattern matching on VM functions: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + 'https:///api/v/settings/vm' +``` diff --git a/openapi-specs/compute/33-02/desc/settings/vm_put.md b/openapi-specs/compute/33-02/desc/settings/vm_put.md new file mode 100644 index 000000000..9eda02855 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/settings/vm_put.md @@ -0,0 +1,56 @@ +Updates the list of VM image scan scopes. +The list of scopes are updated in a single shot. + +To invoke this endpoint in the Console UI: + +1. Navigate to **Defend > Vulnerabilities > Hosts > VM images**. +2. Under the **VM images scope** table, add a registry item using **+ Add scope**. + + **Note:** If the **+ Add scope** button is not present, use the **Add the first item** link. + +3. Click the **Save** button. + +### General Set up and Scan Process + +This endpoint works hand-in-hand with the `/policies` endpoints. +Prisma Cloud auto-discovers the VM images in your cloud account according to the scan scopes specified in `/settings/vm`. +The list of auto-discovered VM images is passed to the scanner for evaluation. +The scanner uses the corresponding `/policies/vulnerability/vms` endpoint to assess each VM image. + +### cURL Request + +Each VM image scan scope is specified as an element in the endpoint's payload array. + +The critical fields for this endpoint are: + +* `version` - Cloud provider. +Currently, only Amazon AWS is supported. +* `region` - Region to scan. +* `credentialID` - Credential ID from the credentials store so Prisma Cloud can authenticate with the cloud provider to access the VM images. +* `collections` - Filter for refining the scope of VM images to scan. +You can scope by VM image name and AWS tag. +* `consoleAddr` - Address for Console that Defender (the scanner) can reach over the network to publish scan results. + +Refer to the following example cURL command that overwrites all current scan scopes with single scan scope: + +```bash +$ curl 'https:///api/v/settings/vm' \ + -k \ + -X PUT \ + -u \ + -H 'Content-Type: application/json' \ + -d \ + '[ + { + "version":"aws", + "region":"us-east-1", + "credentialID":"IAM Role", + "collections":[{"name":"All"}], + "cap": 5, + "scanners": 1, + "consoleAddr":"127.0.0.1" + } + ]' +``` + +**Note:** No response will be returned upon successful execution. diff --git a/openapi-specs/compute/33-02/desc/settings/wildfire_get.md b/openapi-specs/compute/33-02/desc/settings/wildfire_get.md new file mode 100644 index 000000000..494d94018 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/settings/wildfire_get.md @@ -0,0 +1 @@ +Returns the wildfire settings. \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/signup/post.md b/openapi-specs/compute/33-02/desc/signup/post.md new file mode 100644 index 000000000..1db21df29 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/signup/post.md @@ -0,0 +1,31 @@ +Creates the initial admin user after Console is first installed. + +Although this endpoint is supported, no backwards compatibility is offered for it. + +### cURL Request + +The following cURL command creates the initial admin user with the username `admin` and password `password`. + +```bash +$ curl -k \ + -H 'Content-Type: application/json' \ + -X POST \ + -d '{"username": "admin", "password": "password"}' \ + https:///api/v1/signup +``` + +**Note:** The username and password values are case-sensitive. + +### Responses + +**Success Response:** No response will return if the user creation is successful. + +```bash +{"token", "ACCESS_TOKEN_VALUE"} +``` + +**Error Response:** An error response will return the following response if the initial sign up process was previously completed. + +```bash +{"err":"system already initialized"} +``` diff --git a/openapi-specs/compute/33-02/desc/signup/signup.md b/openapi-specs/compute/33-02/desc/signup/signup.md new file mode 100644 index 000000000..05534013f --- /dev/null +++ b/openapi-specs/compute/33-02/desc/signup/signup.md @@ -0,0 +1,8 @@ +Creates the initial admin user after Console is first installed, to help automation of Console setup. +Invoke this endpoint after Prisma Cloud Compute is first installed. + +You can use this endpoint along with other endpoints to automate the Prisma Cloud Compute installation and setup. +For example, see `POST /api/v1/settings/license` to automate the submission of your license key. + +**Note:** This sign up endpoint can only be executed once from Console *or* the API. +Invoking this endpoint after completion of the initial sign up will result in a `400` error response. diff --git a/openapi-specs/compute/33-02/desc/static/capabilities_get.md b/openapi-specs/compute/33-02/desc/static/capabilities_get.md new file mode 100644 index 000000000..ea119d2a9 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/static/capabilities_get.md @@ -0,0 +1,9 @@ +Returns a list of capabilities used in host models. + +```bash + $ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https://:8083/api/v1/static/capabilities +``` diff --git a/openapi-specs/compute/33-02/desc/static/regions_get.md b/openapi-specs/compute/33-02/desc/static/regions_get.md new file mode 100644 index 000000000..4a07097ee --- /dev/null +++ b/openapi-specs/compute/33-02/desc/static/regions_get.md @@ -0,0 +1,9 @@ +Returns a list of regions used in cloud radar. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https://:8083/api/v1/static/regions +``` diff --git a/openapi-specs/compute/33-02/desc/static/static.md b/openapi-specs/compute/33-02/desc/static/static.md new file mode 100644 index 000000000..f4a53ca75 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/static/static.md @@ -0,0 +1 @@ +Return lists of constants used throughout the product. diff --git a/openapi-specs/compute/33-02/desc/static/syscalls_get.md b/openapi-specs/compute/33-02/desc/static/syscalls_get.md new file mode 100644 index 000000000..9e2ddcde7 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/static/syscalls_get.md @@ -0,0 +1,10 @@ +Returns a list of the Linux kernel system calls. +Runtime rules for containers can allow-list and deny-list specific system calls. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https://:8083/api/v1/static/syscalls +``` diff --git a/openapi-specs/compute/33-02/desc/static/vulnerabilities_get.md b/openapi-specs/compute/33-02/desc/static/vulnerabilities_get.md new file mode 100644 index 000000000..cb6acab28 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/static/vulnerabilities_get.md @@ -0,0 +1,12 @@ +Returns a list of static compliance and vulnerability data. +This data can be used for building out reports with the API. +This data can be correlated with the `/api/v1/images` endpoint, specifically the the `complianceVulnerabilities` and `cveVulnerabilities` objects, to generate more thorough reports. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https://:8083/api/v1/static/vulnerabilities +``` + diff --git a/openapi-specs/compute/33-02/desc/stats/app_firewall_count_get.md b/openapi-specs/compute/33-02/desc/stats/app_firewall_count_get.md new file mode 100644 index 000000000..06641d791 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/stats/app_firewall_count_get.md @@ -0,0 +1 @@ +Returns the number of application firewalls in use. \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/stats/compliance.md b/openapi-specs/compute/33-02/desc/stats/compliance.md new file mode 100644 index 000000000..5c5be3991 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/stats/compliance.md @@ -0,0 +1,13 @@ +Returns statistics on the number of compliance issues found on hosts/images/serverless/containers in your environment, organized by day (`_id`). This will also return a list of all of the compliance issues affecting the resources in your environment for each day. + +For the current day, the response will also include detailed compliance stats for each running container and host at the time of the last scan. + +The following example command that uses curl and basic auth to retrieve compliance statistics: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https://:8083/api/v1/stats/compliance +``` diff --git a/openapi-specs/compute/33-02/desc/stats/compliance_download_get.md b/openapi-specs/compute/33-02/desc/stats/compliance_download_get.md new file mode 100644 index 000000000..63fddf971 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/stats/compliance_download_get.md @@ -0,0 +1 @@ +Downloads the compliance stats \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/stats/compliance_get.md b/openapi-specs/compute/33-02/desc/stats/compliance_get.md new file mode 100644 index 000000000..314f6a179 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/stats/compliance_get.md @@ -0,0 +1,22 @@ +Returns compliance statistics, including: + +* Compliance rate by regulation, CIS benchmark, and policy rule. +* Trend of failed compliance checks over time. +* List of all compliance checks with their corresponding compliance rate. + +This endpoint maps to the table in **Monitor > Compliance > Compliance explorer** in the Console UI. + +### cURL Request + +Refer to the following example cURL command that retrieves compliance statistics: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + 'https:///api/v/stats/compliance' +``` + +A successful response returns a summary count of compliance issues. +The response also shows a detailed list of compliance issues for each running container and host. diff --git a/openapi-specs/compute/33-02/desc/stats/compliance_refresh.md b/openapi-specs/compute/33-02/desc/stats/compliance_refresh.md new file mode 100644 index 000000000..b75491a69 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/stats/compliance_refresh.md @@ -0,0 +1,13 @@ +Refreshes the current day's compliance violations counts and list, as well as the affected running resources. + +The response will return exactly what the /statistics/compliance endpoint returns, only with updated statistics for the current day. + +The following example command that uses curl and basic auth to refresh compliance statistics: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + https://:8083/api/v1/stats/compliance +``` diff --git a/openapi-specs/compute/33-02/desc/stats/compliance_refresh_post.md b/openapi-specs/compute/33-02/desc/stats/compliance_refresh_post.md new file mode 100644 index 000000000..541a54d16 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/stats/compliance_refresh_post.md @@ -0,0 +1,16 @@ +Refreshes the current day's list and counts of compliance issues, as well as the list of affected running resources. + +This endpoint returns the same response as `/api/v/stats/compliance`, but with updated data for the current day. + +### cURL Request + +Refer to the following example cURL command that refreshes compliance statistics for the current day: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + 'https:///api/v/stats/compliance/refresh' +``` +A successful response returns a summary count of compliance issues for the current day. The response also shows a detailed list of compliance issues for each running container and host for the current day. diff --git a/openapi-specs/compute/33-02/desc/stats/daily.md b/openapi-specs/compute/33-02/desc/stats/daily.md new file mode 100644 index 000000000..082f58a27 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/stats/daily.md @@ -0,0 +1,11 @@ +Returns daily statistics about the resources protected by Prisma Cloud Compute, including the total number of generated runtime audits, number of image vulnerabilities and compliance violations, etc. + +The following example command that uses curl and basic auth to retrieve daily stats: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https://:8083/api/v1/stats/daily +``` diff --git a/openapi-specs/compute/33-02/desc/stats/daily_get.md b/openapi-specs/compute/33-02/desc/stats/daily_get.md new file mode 100644 index 000000000..0db89bdc3 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/stats/daily_get.md @@ -0,0 +1,11 @@ +Returns a historical list of per-day statistics for the resources protected by Prisma Cloud Compute, including the total number of runtime audits, image vulnerabilities, and compliance violations. + +The following example command uses curl and basic auth to retrieve the daily stats: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https:///api/v/stats/daily +``` diff --git a/openapi-specs/compute/33-02/desc/stats/dashboard.md b/openapi-specs/compute/33-02/desc/stats/dashboard.md new file mode 100644 index 000000000..be90a2d32 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/stats/dashboard.md @@ -0,0 +1,11 @@ +Returns daily statistics about the resources protected by Prisma Cloud Compute, including the total number of generated runtime audits, number of image vulnerabilities and compliance violations, etc. + +The following example command that uses curl and basic auth to retrieve dashboard stats: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https://:8083/api/v1/stats/dashboard +``` diff --git a/openapi-specs/compute/33-02/desc/stats/dashboard_get.md b/openapi-specs/compute/33-02/desc/stats/dashboard_get.md new file mode 100644 index 000000000..601769645 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/stats/dashboard_get.md @@ -0,0 +1,13 @@ +Returns statistics about the resources protected by Prisma Cloud Compute, including the total number of runtime audits, image vulnerabilities, and compliance violations. + +### cURL Request + +Refer to the following example cURL command that retrieves dashboard stats: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https:///api/v/stats/dashboard +``` diff --git a/openapi-specs/compute/33-02/desc/stats/events_get.md b/openapi-specs/compute/33-02/desc/stats/events_get.md new file mode 100644 index 000000000..3be5eb4e7 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/stats/events_get.md @@ -0,0 +1,37 @@ +Returns events statistics for your environment. + +### cURL Request + +Refer to the following example cURL command retrieves event stats: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https:///api/v/stats/events +``` + +### Response + + +```json +{ + "containerAppFirewall": 0, + "hostAppFirewall": 0, + "containerRuntime": 0, + "containerNetworkFirewall": 0, + "hostRuntime": 0, + "hostNetworkFirewall": 0, + "hostActivities": 0, + "raspAppFirewall": 0, + "raspRuntime": 0, + "serverlessRuntime": 0, + "logInspection": 0, + "fileIntegrity": 0, + "dockerAccess": 0, + "kubernetesAudits": 0, + "trustAudits": 0 +} +``` + diff --git a/openapi-specs/compute/33-02/desc/stats/license_get.md b/openapi-specs/compute/33-02/desc/stats/license_get.md new file mode 100644 index 000000000..1e7f713ca --- /dev/null +++ b/openapi-specs/compute/33-02/desc/stats/license_get.md @@ -0,0 +1 @@ +Returns the license stats including the credit per defender. \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/stats/stats.md b/openapi-specs/compute/33-02/desc/stats/stats.md new file mode 100644 index 000000000..772f66287 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/stats/stats.md @@ -0,0 +1 @@ +Return vulnerability and compliance stats for your environment. diff --git a/openapi-specs/compute/33-02/desc/stats/vulnerabilities.md b/openapi-specs/compute/33-02/desc/stats/vulnerabilities.md new file mode 100644 index 000000000..40c4dd1f1 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/stats/vulnerabilities.md @@ -0,0 +1,13 @@ +Returns statistics on the number of CVEs found on hosts/images/serverless/containers in your environment, organized by day (`_id`). This will also return a list of all of the CVEs affecting the resources in your environment for each day. + +For the current day, the response will also include descriptions of the CVEs currently affecting the resources in your environment. + +The following example command that uses curl and basic auth to retrieve vulnerability statistics: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https://:8083/api/v1/stats/vulnerabilities +``` diff --git a/openapi-specs/compute/33-02/desc/stats/vulnerabilities_download_get.md b/openapi-specs/compute/33-02/desc/stats/vulnerabilities_download_get.md new file mode 100644 index 000000000..753af8c7f --- /dev/null +++ b/openapi-specs/compute/33-02/desc/stats/vulnerabilities_download_get.md @@ -0,0 +1,26 @@ +Downloads a list of vulnerabilities (CVEs) in the deployed images, registry images, hosts, and serverless functions affecting your environment in a CSV format. + +The response also includes detailed descriptions for each CVE. The data for each CVE, such as impacted packages, highest severity, and so on, is based on the entire environment irrespective of the collections filter, assigned collections, or assigned accounts. + +You can use filters such as `cvssThreshold`, `severityThreshold`, or `collections` as query parameters to get desired results. + +Consider the following observations: +- You cannot use new filters such as **severityThreshold** and **cvssThreshold** with the **collections** filter or when you're assigned with specific collections or accounts. +- The impacted resources and distribution counts are not retrieved when you apply filters or you are assigned with specific collections or accounts. For example, when you apply these filters, the counts in the API `/stats/vulnerabilities` are returned as zero and empty in the API `/stats/vulnerabilites/download`. + +* **cvssThresold**: Retrieves a list of vulnerabilities (CVEs) that matches the specified value of CVSS score or higher. +* **severityThreshold**: Retrieves a list of vulnerabilities (CVEs) that matches the specified value of the severity threshold or higher. +* **collections**: Retrieves a list of vulnerabilities (CVEs) that matches the specified collection name. + +### cURL Request + +Refer to the following example cURL command that downloads a summary count of the CVEs and detailed descriptions for each CVE in a CSV format: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + - o \ + 'https:///api/v/stats/vulnerabilities/download' +``` \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/stats/vulnerabilities_get.md b/openapi-specs/compute/33-02/desc/stats/vulnerabilities_get.md new file mode 100644 index 000000000..2fe5d4e18 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/stats/vulnerabilities_get.md @@ -0,0 +1,32 @@ +Returns a list of vulnerabilities (CVEs) in the deployed images, registry images, hosts, and serverless functions affecting your environment. + +The response also includes detailed descriptions for each CVE. The data for each CVE, such as impacted packages, highest severity, and so on, is based on the entire environment irrespective of the collections filter, assigned collections, or assigned accounts. + +This endpoint maps to the table in **Monitor > Vulnerabilities > Vulnerability explorer** in the Console UI. + +You can use filters such as `cvssThreshold`, `severityThreshold`, or `collections` as query parameters to get desired results. + +Consider the following observations: +- You cannot use new filters such as **severityThreshold** and **cvssThreshold** with the **collections** filter or when you're assigned with specific collections or accounts. +- The impacted resources and distribution counts are not retrieved when you apply filters or you are assigned with specific collections or accounts. For example, when you apply these filters, the counts in the API `/stats/vulnerabilities` are returned as zero and empty in the API `/stats/vulnerabilities/download`. +**Note**: This is supported only for the System Admin role. + +* **cvssThreshold**: Retrieves a list of vulnerabilities (CVEs) that matches the specified value of CVSS score or higher. +* **severityThreshold**: Retrieves a list of vulnerabilities (CVEs) that matches the specified value of the severity threshold or higher. +* **collections**: Retrieves a list of vulnerabilities (CVEs) that matches the specified collection name. + +### cURL Request + +Refer to the following example cURL command that retrieves a summary count of the CVEs and detailed descriptions for each CVE: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + 'https:///api/v/stats/vulnerabilities' +``` + +### cURL Response + +A successful response returns a summary count of the CVEs and detailed descriptions for each CVE. diff --git a/openapi-specs/compute/33-02/desc/stats/vulnerabilities_impacted_resources_download_get.md b/openapi-specs/compute/33-02/desc/stats/vulnerabilities_impacted_resources_download_get.md new file mode 100644 index 000000000..0821d6a9f --- /dev/null +++ b/openapi-specs/compute/33-02/desc/stats/vulnerabilities_impacted_resources_download_get.md @@ -0,0 +1,24 @@ +Downloads a list of impacted resources for a specific vulnerability in a CSV format. +This endpoint returns a list of all deployed images, registry images, hosts, and serverless functions affected by a given CVE. + +You can use filters such as `cvssThreshold`, `severityThreshold`, or `collections` as query parameters to get desired results. + +Consider the following observations: +- You cannot use new filters such as **severityThreshold** and **cvssThreshold** with the **collections** filter or when you're assigned with specific collections or accounts. + +* **cvssThresold**: Retrieves a list of vulnerabilities (CVEs) that matches the specified value of CVSS score or higher. +* **severityThreshold**: Retrieves a list of vulnerabilities (CVEs) that matches the specified value of the severity threshold or higher. +* **collections**: Retrieves a list of vulnerabilities (CVEs) that matches the specified collection name. + +### cURL Request + +Refer to the following example cURL command that downloads a list of impacted resources for `CVE-2015-0313` in a CSV format: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + -o \ + "https:///api/v/stats/vulnerabilities/impacted-resources/download?cve=CVE-2015-0313" +``` \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/stats/vulnerabilities_impacted_resources_get.md b/openapi-specs/compute/33-02/desc/stats/vulnerabilities_impacted_resources_get.md new file mode 100644 index 000000000..c1e6d0ba2 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/stats/vulnerabilities_impacted_resources_get.md @@ -0,0 +1,116 @@ +Generates a list of impacted resources for a specific vulnerability. +This endpoint returns a list of all deployed images, registry images, hosts, and serverless functions affected by a given CVE. + +Prisma Cloud Compute recalculates the stats for your environment every 24 hours. +Alternatively, you can manually update the stats by clicking the Refresh button in Vulnerability Explorer. + +You can use filters such as `cvssThreshold`, `severityThreshold`, or `collections` as query parameters to get desired results. + +Consider the following observations: +- You cannot use new filters such as **severityThreshold** and **cvssThreshold** with the **collections** filter or when you're assigned with specific collections or accounts. + +* **cvssThresold**: Retrieves a list of vulnerabilities (CVEs) that matches the specified value of CVSS score or higher. +* **severityThreshold**: Retrieves a list of vulnerabilities (CVEs) that matches the specified value of the severity threshold or higher. +* **collections**: Retrieves a list of vulnerabilities (CVEs) that matches the specified collection name. + +### cURL Request + +Refer to the following example cURL command that retrieves a list of impacted resources for `CVE-2022-28391`: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + 'https:///api/v/stats/vulnerabilities/impacted-resources?cve=CVE-2022-28391' +``` +### cURL Response + +Refer to the following example JSON response that shows the risk tree for the impacted resources: + +```bash +{ + "_id": "CVE-2022-28391", + "images": [ + { + "resourceID": "sha256:a787cb9865032e5b5a407ecdf34b57a23a4a076aaa043d71742ddb6726ec9229", + "containers": [ + { + "image": "alpine:3.11", + "container": "mystifying_banzai", + "host": "jen-sle12-dock-0911t162051-cont-def-pre-lngcon231.c.twistlock-test-247119.internal", + "factors": { + "rootPrivilege": true + } + }, + { + "image": "alpine:3.11", + "container": "compassionate_austin", + "host": "jen-sle15-dock-0911t162051-cont-def-pre-lngcon231.c.twistlock-test-247119.internal", + "factors": { + "rootPrivilege": true + } + }, + ... + }, + { + "resourceID": "sha256:fcd5d51fc526ef1ff7cf2e94aa91be39d052874057ff603b66b9b461386fae93", + "containers": [ + { + "image": "infoslack/dvwa:latest", + "factors": {} + } + ] + }, + { + "resourceID": "sha256:bc6b65772f298854ea0dca7d562684cb835f2f677e0e2ea1863b4566f29dcac1", + "containers": [ + { + "image": "ghcr.io/christophetd/log4shell-vulnerable-app:latest", + "factors": {} + } + ] + }, + ... + ], + "hosts": [ + { + "resourceID": "jen-ubu2204-dock-0911t162051-cont-def-pre-lngcon231.c.twistlock-test-247119.internal" + }, + { + "resourceID": "jen-ubu2004-dock-0911t162051-cont-def-pre-lngcon231.c.twistlock-test-247119.internal" + }, + ... + ], + "imagesCount": 5, + "hostsCount": 21, + "functionsCount": 0, + "codeReposCount": 0, + "registryImagesCount": 0 +} +``` + +### cURL Request + +Refer to the following example cURL command that retrieves a the impacted registry images `CVE-2015-0313` by using an optional query parameter `resourceType`: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + 'https:///api/v/stats/vulnerabilities/impacted-resources?cve=CVE-2015-0313&resourceType=registryImage' +``` +**Note**: The API returns the impacted registry images only when you use the optional `resourceType` parameter with value `registryImage`. + +### cURL Request + +Refer to the following example cURL command that retrieves a paginated list of impacted resources for `CVE-2015-0313` by using optional query parameters `limit` and `offset`: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + 'https:///api/v/stats/vulnerabilities/impacted-resources?cve=CVE-2015-0313&offset=10&limit=100' +``` \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/stats/vulnerabilities_refresh.md b/openapi-specs/compute/33-02/desc/stats/vulnerabilities_refresh.md new file mode 100644 index 000000000..505a99d98 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/stats/vulnerabilities_refresh.md @@ -0,0 +1,13 @@ +Refreshes the current day's CVE counts and CVE list, as well as their descriptions. + +The response will return exactly what the /statistics/vulnerabilities endpoint returns, only with updated statistics for the current day. + +The following example command that uses curl and basic auth to refresh vulnerability statistics: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + https://:8083/api/v1/stats/vulnerabilities/refresh +``` diff --git a/openapi-specs/compute/33-02/desc/stats/vulnerabilities_refresh_post.md b/openapi-specs/compute/33-02/desc/stats/vulnerabilities_refresh_post.md new file mode 100644 index 000000000..1e3210e18 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/stats/vulnerabilities_refresh_post.md @@ -0,0 +1,16 @@ +Refreshes the current day's CVE counts and CVE list, as well as their descriptions. + +This endpoint returns the same response as `/api/v/stats/vulnerabilities`, but with updated data for the current day. + +### cURL Request + +Refer to the following example cURL command that refreshes the vulnerability statistics for current day: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + 'https:///api/v/stats/vulnerabilities/refresh' +``` +A successful response returns a summary count of the CVEs and detailed descriptions for each CVE for the current day. diff --git a/openapi-specs/compute/33-02/desc/stats/workload_get.md b/openapi-specs/compute/33-02/desc/stats/workload_get.md new file mode 100644 index 000000000..a25deed5c --- /dev/null +++ b/openapi-specs/compute/33-02/desc/stats/workload_get.md @@ -0,0 +1,23 @@ +Returns the workload statistics from Console. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https://:8083/api/v1/stats/workload +``` + +Here is an example of when would be returned: + +```json +{ + "Timestamp": "0001-01-01T00:00:00Z", + "HourSamples": 0, + "HourAvg": 0, + "DailySamples": null, + "exceeded": false, + "avg": 0, + "msg": "" +} +``` diff --git a/openapi-specs/compute/33-02/desc/statuses/buildah_get.md b/openapi-specs/compute/33-02/desc/statuses/buildah_get.md new file mode 100644 index 000000000..764b5413e --- /dev/null +++ b/openapi-specs/compute/33-02/desc/statuses/buildah_get.md @@ -0,0 +1 @@ +Returns the buildah status. \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/statuses/intelligence.md b/openapi-specs/compute/33-02/desc/statuses/intelligence.md new file mode 100644 index 000000000..74da8c7ff --- /dev/null +++ b/openapi-specs/compute/33-02/desc/statuses/intelligence.md @@ -0,0 +1,11 @@ +Returns the connection status of the intelligence stream and the last intelligence stream update. + +The following is an example curl using basic auth to find the intelligence stream status: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https://:8083/api/v1/statuses/intelligence +``` diff --git a/openapi-specs/compute/33-02/desc/statuses/intelligence_get.md b/openapi-specs/compute/33-02/desc/statuses/intelligence_get.md new file mode 100644 index 000000000..c18dd9611 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/statuses/intelligence_get.md @@ -0,0 +1,11 @@ +Returns the connection status for the Intelligence Stream, along with the time of the last update. + +The following is an example curl using basic auth to find the intelligence stream status: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https://:8083/api/v1/statuses/intelligence +``` diff --git a/openapi-specs/compute/33-02/desc/statuses/registry_get.md b/openapi-specs/compute/33-02/desc/statuses/registry_get.md new file mode 100644 index 000000000..427c4915c --- /dev/null +++ b/openapi-specs/compute/33-02/desc/statuses/registry_get.md @@ -0,0 +1,29 @@ +Returns the status of a regular registry scan that might include the following information: +- Scan is completed: `"completed": true` +- Scan is ongoing. +- Errors: 10 most recent aggregated errors that occured during the scan with error messages such as: + - "Failed to retrieve repositories info..." + - "Failed to query image details..." + - "No available Defender was found" + +To view the more details about the progress of a regular or on-demand registry scan, use the `/registry/progress` API endpoint. + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https:///api/v/statuses/registry +``` +### Response + +```json +{ + "scanTime": "2019-07-31T19:42:49.036311567Z", + "completed": true +} +``` \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/statuses/secrets_get.md b/openapi-specs/compute/33-02/desc/statuses/secrets_get.md new file mode 100644 index 000000000..510f15161 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/statuses/secrets_get.md @@ -0,0 +1,11 @@ +Returns the connection status of any secret stores you have configured, as well as the last update to the secret store. + +The following is an example curl using basic auth to find the secret store status: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https://:8083/api/v1/statuses/secrets +``` diff --git a/openapi-specs/compute/33-02/desc/statuses/serverless-radar_get.md b/openapi-specs/compute/33-02/desc/statuses/serverless-radar_get.md new file mode 100644 index 000000000..3bfdbb5bf --- /dev/null +++ b/openapi-specs/compute/33-02/desc/statuses/serverless-radar_get.md @@ -0,0 +1,9 @@ +Returns the status of the serverless scans. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https://:8083/api/v1/statuses/serverless-radar +``` diff --git a/openapi-specs/compute/33-02/desc/statuses/statuses.md b/openapi-specs/compute/33-02/desc/statuses/statuses.md new file mode 100644 index 000000000..c5f68b29e --- /dev/null +++ b/openapi-specs/compute/33-02/desc/statuses/statuses.md @@ -0,0 +1 @@ +Return connection and scan statuses for the various Prisma Cloud Compute subsystems. diff --git a/openapi-specs/compute/33-02/desc/tags/get.md b/openapi-specs/compute/33-02/desc/tags/get.md new file mode 100644 index 000000000..6da7ad135 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/tags/get.md @@ -0,0 +1,14 @@ +Retrieves a list of tags. + +### cURL Request + +Refer to the following example cURL command that retrieves a list of tags: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/tags" +``` +A successful response returns a list of defined tags. \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/tags/img/CentOS-Vuln-Bin-Package-CVE-tagged-Ignored-Vuln.png b/openapi-specs/compute/33-02/desc/tags/img/CentOS-Vuln-Bin-Package-CVE-tagged-Ignored-Vuln.png new file mode 100644 index 0000000000000000000000000000000000000000..ae8deb86fc912b9515c4c341c46fda660feb563a GIT binary patch literal 232806 zcmeFZcUV*1vOkUpf~X)OA{{|RKtOtLN)c(&duY-^?==(=P^pR(>AeIJq=eAHM(+?X zbOb_Aqy$K4zxdvB?>YB8=f&^ezvqT0**iOH&suBN%≫nc>ZIO_ggD3=~8}MAuZG zD(Vmsk&zP-k!+J+B3$7?b@mVr7rb;-9uq+anAQkiUfCL{+G%JIaTCtTiAXQpAiDUw z3E_|E0s|50U*|+b&n__j&$-Tp2mfe8OhgpzNJR3FHYSAQ@0TUvO}P6X$BVfa{z);H z_`h3|k>_6g?{kuELTjQr|FAB?;j;TvV=p2i%5T5l7m|4>841*k9rcX7jWpCHZQNY= ztX{ZT+w%Flxc|P3NZMbLaOz^~ZN=vA;_T`r=`X|nR|`qP`R~j8>}-EE@ph77H_~{{ z_QcK8mQ9rJ5#J+rSqe5bHfhfnc9J@Z%Kx~X@J)u@!Q0zilAqtt&yUYfh|kT_o?k#h zLW2L1Aitm>FQEmmSAeUxl|Qem7sr1Q`ENRkwq7=#j_%%$Zmw*<=~`L4`FP8)v;Xes ze_sDJPH#uMfA-|+^^a*0CdmK$7k&Z0NBsXon{cc2@2iqpo{qMJo`2Jq6_Ea`<^Q_& zkA9^2e|P>bgZZzS{&kfwRapvY{{LZ{ECoGafsBYqo=8(;1` z`x>2)-GUK;AZx$FUkj^_5dsO-3FqHVL|pdR^7I&o@(@qqGndrA`dZ~Y-f-U7em74{C&^EFa8Euh9m;K^a2_|V%d@duAbz#oo)~xjnB{>t+2qq0 zD!FYQ{~x`7l`uAz@KT~YkaTCa^7)J*3fH@PorQ%@H!+dOio3D&D(N{=O6Vc{kVO5n z0%2{|68|7i^4v6pwdvt|@bwRCJ#R(a#}=G+y_5P}6}kTO9&zz}uHz#8tFon+f>-~b zQ7m`cZxm3CEZja4-jsth zYCwp@j{U69SuIcYOO+7kFBvILWA?qtH>XEm`SoL_O|Z@rij@;C;K7hXq477Z_R&Ti z)6VnRMxEXNT$lfFrjsH6o|Igdk!dkNI^3og)jK+>8#+rF*!-5obAMC8#(On0l^A0- zu}&WW+p(K}GBE$>yxAo-k}~NY{JL%ajP|yqZ#DE%bXmZRXyCn?Ufm5;T-fuB#>!Ve z&{Iq=&Xw?|%f!Vi*98fpYq9h}ym_eI3pH=4vjT# z60?1$cogyIJ0N{*s%l=U>AkaigT+RXe!1z!h&dVUK+?VL$)Y>w5-6g$&Zb^wc%Sxw zr~SzCef+>MZxe-($0OB#$E)Y)s1B4!Ew*^tDG3okYelM=lYb)JkBdWYW>ig5Qj z!sAyfDywf|a+AFR)u``GezFAL;+w0Wp@Vi0Ak2#Z6;Sj={QCFlwTIADO4p&6N^MRD zRW*(1t&*!~i9Kf=H*nimOrIC!%0*|$zJw0oJ#s0l!%UXwuJHFBXoi^yHkQkGdxEtq zKTe93K8UW@jO~dbM_6poId!M^OX3IVanr4wL55<>JZ8`MTMSHjGXfseJn_CdJ}>}S z8);C^atVkdZz^Ht2^|GroATaUl9*}U;$OM?F}d7QRUff1%HMxXdcD;I|zX zV%}_);mb0F*Z@#m_0!J&at{m4LamR~+2w;}YMhd9RT@>c#j{N4yIFK|MN}_y=T`H# z76$g4Y!uzzKLuRD&Z_kKY_03h{MxRmh1L5o^VV%D-MKjKd+>C5=fL=c$~~k3qpc^mE}QIqR({&h>P<*%GaZUuoO4fm|ED zyi8v$KW%|+CK~G1Ev*zhF%6jrn;{di>P`q0sEHX57L(@)nPoQbc!~?O7?1a9b6kl^ zUjK!Ahy@!Dq3Q!V$v0gNw|U}nU^-$?zPQ9k&+ZRzw=nk0g;ronb2|3)E|E!P2o`5O zKNG@xwi7`lf4T&1&bnkt)O8*Uh4#>ib~0t|0*_MWoOfJvCUX;_gUe0~k6m`2U}i^< zHckCwY^bOgIUqWTaE~lzEUyDx&@Bmq;hE8uJJ}n`h?#9v2HZo z{rs$k;cWXl?=0wZo&2h~xy%6^XOI0UvE%Pl+UgIF&;Me#@Oi>#^#|9K*Nsnfx4f0I zEl#z(CRp?wVs~0+4PilFZ!E4*xopa67Bn_96?|L7L>)3u46&TlE^nG=^gPDkSC{gb zQ8@uMC}4Z3+gOE}Z-(IJxsD!}Hrsbn@~=-oSk)D%vV4bDk%eRaq<(f%lh>zsv=MX; zp84Ei-Z<{iz2Ux?ge4{Aq?DaL1l6xsr56&3GeqvI=Fqsel4bMi&1^!8Z6i2&w zt0_N3GN?1tqR}A82dMKTa_5C8e!l3*)PzG%MbXZcn5!K~sbXDdbAbM4WQQnrS_b}@ zxiOdvGvtm$mZYkT`htyN%{!>B!e2xdS>p9iVo;~WH6atii;M6Va#%l~z&jZl%$Jc8 zHU4S%5cq&j?eiiN;HtJUuDXG1=pc#`J)OI3S_eE1PTIXgw>E+8`Vd4Xr5K{8&MLJ+M=bErbU}g%zm)RNi z%_Us4sT(sYzp5Ok?KsWmu&ZvDDR23gy^|CTF^}}LH~5vsD7in8V}d_oFyEIciU5QI z?Y#J;&hyXZdu~4UxbT=}bo>hSx&Sa+GU#Sisffdf4sB;^nO4Y=;cRppLWPrkY5u)d z!ODOR?ASHM)2-IIWKG7zVO)UY>Fq$3IdxfRj$H6(&*={jCZMgJXyej+L`In#2Cg?Y z<15j-zqJm2vK!LK#8j-?2C67;G2l+{+OsYYJ7X#Teh?8s$`Cu0@MOaTkz?`wS*jtz z-W=gP#E&|Dta0Dr^r#N>ntXS3$geXkB7#!0Veie#Lj=EL)7^D1Tb?qHm?(zn#-{yg zim`+UIo&D5Tn|EaKUTS%^2gl>3>wiiR{>uV@eh3)CCYD)6uZaJJgm&@+h?$HP|`DJ z7nP?W0AU%QyHVk^vv3tOwil2=T$CN8Ai^j%u}L-Qw4O8JZ8;t^IT9ELZc^bZPnWR> z@xtvI^m;Td_mmTp3QmsMAgjC#qN8ZNUvw)WoM)6|rX~#TtCUxXxk1K7S`BvLTuyJ@FI$#+3=t&kCaoQbC3-xVAd& zlGVv^xrb||isLJi>j|)4k<%n-)ys%tK`4@YHEHtQ1yoOwL@>6MkHih!AAwn< zj=ZDJR=e1W1unWz#*S)7v#i0)-~uK!!Qry2MxCPK{%v*A`a$JZbzMY-a|qJL+c)>0 zZhi9^fp8o>M1Bt%gHceLRL8OTXto?r##B?7Dzn}_*8?w<55Gyz)_0;lE?&konmQu1 zR=_DE3Qgu5@TB*I)slF<#B9da^nDfF9qX~>@?03=Rh#@!?{x8x z3SWWL^sgawsZ>zNhSfzpsWmfvpliq3uooR}o65Tu%^7=7P|UpQ=EmOXMvAxDWjgq( z@q2-U9E-!G{Os{V{Je<()zqd`F;CGYV~z;l3AkIe#J;dEaOq9D0s}P5k39mamCszF z-jQB&0Kd|PPQ;Ef7VHF^>yV#15f2a7ojo1&Vo(E}F0umAE>;uuO>XJmQD_H#)B*`O7PoR+H!MAvb%Rot3hjrNT`l!ouFH9zf}Ux_`RWMyg|mP3IYPUqFO=GUu{iSeR0!&U#CcbHWoVDgyD0&ReP={LZ*zMi~TqpqiB@`3xj(HleeIK z6xrG)vPQI%wKl2jc@!CQoy4tRzXaR4d%NW+dj)qXkCez%E3?%6L(K)hw>djnA5r`7 zHv3|5YN4!hWxJ`BT~jOZ#}{8N`Snlf=*Ozrc87j=m1G*AK|l69s|~=Xn}+?Fz0BZx zENLdvby4JdJ1LB0crG@P#vy#(nFxUBJKytCR1VFS~t~ zZIJILlbcf&a|6@kA9KhY-4!i-+yE*{yNx`D1h3WE9O~B5FX)Hp-ZBOaH>7F6IlgdQ zj4oE6sJK?^`2Bgtq85--`dgz?$1sf5)x8f12;^+dL1w={zN8fP-n^W10^?B$3?%=M0GHgyX+X} z$)$E*Y(@r`m+n1BEmoIRaLHd&+w$zx#N&rrDBt10F-?s-ewtR;`KKZGymhZLhKaf2 z3RaGKx0bWc%>*a{jCuV!#MN34U=7&4t=6RM!Wn0)mc%VzZ}&3@?|iDcyL-0DJcE4( zF#+q8Wj>?j0ZTV{Jwffc61R-;M;ArS)#Hq@Td6%`l~`=#$bQ zD{9Yyy_d3Qr#$-nXqNJv5Gs?lu?H@gG*x7cy?_pY+obB{mrAqugUq24MT4cyO3%u7 zoM4D*RiE9O>ox}H`ApOAvGo3gZGe`+U%7Z$%EI02t?_2n0rRNRpxM=HPY+=E1w&lZ#6!O#n_Iobh@VR7P~d%t6sZ;WD30@#fN55 zCOI_Stxi*b!`I^lmU%}xWFJ*3X0VUE?z*Rzpdo5!pc%TT>b)KAbBy2e-Sr^se;_ev z<=eXp)x}hsX&#S2*(<`9n`T)RriNs3L~db&3>>LM3ty+j2Tkk@k|AbS!r4b$;wMZCB-s(LI&Gdjn=UTHV7+^|C? zNKr#qONctm+3lc?#n!t_?`&cT4h=lI+2&T&B-JRo&CPUc>i%xCsJtuXJ6&vZLi}j8 z+V+uRmZQl_A!z@AY+#RtgQ9d~EX~0YX@-`c`@li_{CvP%Zhd;ddO-0#Gqu8)%;DAf z4~u1Rm5b-t&an1H@-#cD^oUmpy4|7MW^ilQ6xT|L+Y%fD?>*!^oDm1>c*MIjWC~~_ zaeRTl(Xp%ajY+dNtj<{=TLTVi!r2d6M0=yAm2irBDC&Ns&{|imU*Bw5gT2lNS%y;+N0*&Ubx>lz9G_Af0-4tj*#e|6dEQ3rGmR+wAuVUeS~6|5nrzCDKa@>{IvJDXHK zSzyLFcd9E*b{a>ipKEA~$bZli;Dm1b>$kRyOihjoaFUzH6>X?!Q0YX^P2Ee;Z052c zz4Daf!tbVsm`UMTNT3FABl0KdhgpfovZ;ekgZr>a-=+5ro=v@N zjs;rwi0+hMD`(4>4RcgE*`dHSxvQX-`mJ10F>I$|j!b_oV3D5;Mdd0fyhTgaZ4=BPbeK z>9Sg|;MP*Z_Tm9zjX2{}Mvf^7Sy<|+UsKjId)O#C`3h{XyztaW7VwdI3sG%#0g~?3 z6O4ZCr@Xp&Cu`4a!K|8U5Ao(}6YQ{rwRUlnIT_mpd6H3ytlhrrTNi?`5HbKH&P)e@ z_mzWMw0CJ~dy)|TOY_WGlWqD!C4B~;xJ;Z^@?CQn4`>KbF z06nd3`E(Qck~%L$vfiWW(s6^V{IZylGtek9brt9J`Eh86M>h!vFaQ)uZ>rvVNE_v>( zvMdfB4JwJ}XL;V=KR3w~bVKSMP}FdnImu^I?Dh7G+ZxjCsWLvm*T9r?7DYE)mz3Xh)tVjZ&{EUl@5 z)0}5{bb_F|>xg0u+4^Eb)6%Mm5hhg1q@RbbnwutXXkH!{Xg=C)69jX|dvA#no8>9c z30tAK`dJS%^^Lhe+1w0LZXfp{rujamehz0(Qq0GY~ZmguQqyYWkr ziGf5zizyP$08VwRW3Z|4o-~n!9=$*%jVT{JeGYMlNp%;{_HHomjxh1-4Bxd)LTU#f}fAWM8jv1>O zrCavesQbbkE4##>@2L;a-K~RQ)#G0ct_DxbddQxq3cu=!eLsIjDcxX&XA66^&MhOs zGoEh)njt0p6YYXX7V-VusnDK+Sxc{vn}czqf`eeHhl2{|Ej$70&#rCXUhEXH>${C) z9J~|!O~O&DQSB@X-|XvJ<6Q?_h)wZ6ezR(;Qq#IOZ)tt(<4$s(b4Q38adHq~|9A1O zN}fgoX@d48_m~aYrT0=oj+dNv?~K+E1;Kc47z*tCDYhaQUe9_X^+o^L0Yi_${>7F| zP>F9K+4{H4J3ycMVup#bV*9tW&&Oleihf<6*>43WsZcqEpV6(u+0_VcOtZE_q*bvv$vKEjI!hy$_7N<%G5q2{lj4W8HmRR z*c=!?~Mp?y&DmuOy?;NVd&jl1j&@ZIx_x2g74lUL^J=7egDqQ|6|{Ol*9l3NMHQy z>})qu*5&+|DZy^spb$rOCvjfRDB${!Ecq9E_7r$wLp9=|K>8TI_D|+W@V7Zq4o?4* zIV$^Yj$qB8(f@8B*W%Z)w)*SCjNz<{Ct zj`hhrSh}oVl`o4p)HLLCk4bKAdh1Dcpm5-9v6-TOuEEJ61XcN?FqD5z&pmC6A!0us z3A3L7_DYo0@r~8uLRZ`6R=oMgv~g-5v%WD)aY-J7Yc_Dg~i|lcCJEx)T+@n zW4a`4d|Q6$X!xLa<9k*#-PX`qp?<)fy@ts;Oqwe`vP;HITfcJdF{r8ej#zXly`Rq5 zk@uq8jIh_(gh_Qkn=3y0fi5~9JONF(1SB5if23b=)w_%A4w%MTh~UEwdn`a#=JdE$_MPA~wu*tBosQ30Af{`+X4w zA`>Ia2=+Z^VbqAbZ?OsAISO*o%RwR3K*Sjnw6=3ZE~DwP)(m~dRz4HGKtPx`O-7F^_k|T(;Z5^g|{MOjQ}g9>6Uzm z(=G7CerT=ZqPLB5miO+w7I0=ah_oTqU^gY}gIswGG;_M#!ajDanAyJ88^z|;Q0jr3 zGpeMTavp((nSu2?$=N1nhR120u)Fmkjqj|gT7f#xp=cij#85UXTSU`qa7G_?`b2MZ z=DV3vcILZqLJG&?`e=T}egG-he|ZvUJmsG=*HFmIW4N)n<>YO7IEeqGy-;e01s&|; z*Gdz55UyqT!6n^!?5GLcIvsD$m%BVSE|{88v;La+;*;8)=+P7+tCaVwrGUJClP34D z;^gDU5TM?p*{^pbtNgNBkNuNy%^l`3rjvKV|Mt;N-h}2;%%i#ziPfR@8n6x|*?M3| zs9!xjU@My;&M22UF8|EvEbg7$nMv5Rn)fI^C&;ML*LyuCpOkzI?hr z@e8bA3E#5TM!8+Sb&yG+E33v)MZq!%<>#0T6lUfw>8o5Hytc^evK3s?ia%X0;!_hV zHv~)}TVn#pMpsW}!MKHoAOv?{lv^T3p=GADWZ+fdXzVp7{egbfa9JKb$bkDYSWt)O zzEYe0*O#EBg1(*wCM2de!`^WR9|Qd1_6dwqw_j5+>hd`ecMdCtO4)V`-P>dmEY-#c zFw9m}Ysj9Hg;D4m&Y=?T(3d7q4Tr3|&j`3#?Fb+5m54oYr`?)vzu)Gb)MXr$ zY5*W)JNcKDM;*A?TsBFgthWo*kE<@yorl00nHgO982z1EaIohYJE)1$vlo2G?#$+@ z86Ix6=r+8nRR`cqE2HB}*=%{_P3nB(DX3{rl04fz@>iEK$0w962PAB4<7y}<)A6YJ z_q|L^!bNT@_{W?VAM4w79sN!xs5%yr6>LjAO%H6Zb*cg3hciSmLhxg({?{3OLPVxp z>h2E6&g*e(R$`EfNC!D(;|pl9w!vowT>-iSPX=Vo2lg*$;O5|2`ruWnI5V*DUN#(e za$7$u!plI-edt5#U_nyrZHck_;-#;j^Rme4WN&D7^PcU3r|OF)VGe~oMP58!Z=P{m z2nO1D=(U`a7N3|x!alLCuE62jv-tuYrzSc@AGlBXZt&5Soy!3ZZoA@21AL9PB;-Pj zLRYdzk{=Bi^XHr>59N98c@4b8oZ3Qp)EXY9NQ#{G!{<6Y{`Jx1HaZ77&r(~8q&+o8Q5-a5^Zn+)+0s_v zIJoSmgqg;7*7~gDveZ_SdW!%j%CRrnTXD-e1vzE)P6n*lwNdqGm1D3LBt-~h8Oikb zP!L=4<-&R*D{Bx2AYM9`3PEIFjP}_-w#7}ilq4Prkrj+<_9t$*AbO=tH|(g!zpS(x zoY2K^cWr#IJH>={jFh0)C;D&7$4*1ZGVGopo%W|CJYUE2C^Cz-*>M~7+2t^kyfzP@+Y=2~W* z!CH)g-l*g?M6<5;a^HJZ9y09EV@%kplif;bUQOHZyQr2uY2~y?W^oqSAWQxk3dReK=I;~K0Lk3RyWzGu zOA4F^UB-Joo|L?P030D7b@DjPk;O$K*ABbS; zda=G&&}1LUq*v%0?TwfQ?tRnfZ}i(+eR*j#ucZM!c@4b-8=brp zdR0~m8{AJh60J!`?A=_adwG10mV#}#27%jrLg|&mS4Lij`UFpEmW?o~ie~Rgm@w>m z8m{h_S)fB}qQ|qdoF0};YQ+o8H6IK< zB*b2#kI`$tTCTSw-ce3`#BLN6*PiR>C6>Z!_vCN0&)Ik>j_uDLv;2h5kqbXX0xIli zn66$sGz>y3Un0uqcc^bgdMf2znD9B=yVmf+J*mb#7dl&CCO;Z6RZ%x`a@6(xInHVC z`pGi0gO4J`o@73K5{i4MmV%3snCoeKHzX4;lcDt4?_f28G}E4N(5R&2Q> zjFN>UdXMH)ccudn#b*Ac3AYB*3crR>g$|VTzcG-CU*l-=a$h!B3VOu;a0kKlgucZ> zw&|s-+bE}6ylK`Q(m7eM)f}ss-ARL^d-PH7f%2>M_Rlq<%Z2VUm#?IjK}+Z75fCrz zT8V`N91#Tbi|A@U<;*#;ZZ>q8o13!VpC}7^-mvUcHlob-?%Lmi1>v<1e&w88320>6 z`ta4UYT!)PM2(wjtOjZBz3_wYL>Lr4(!^L3g&w@|wz+hl0onRiHWRMFihYw=cGIV7 zi)myHXE-)l1Y9|&zIy3(m5EO33VABY7`>#vnOT}L)wmXcrx}!Q>x7OQ1N&$-t0mo9x&3e?BrvP(=Sq`U1ae?l&)dQ zwoEOYfOB?}%i3DYZH=>*{q$8I0q*O?=VPfxJ6koS_! zzH#fC=FowAGYIc5;t%Duisw{p}%)&$l$LddxE)$Z1}>MB8-x8=!k` zmVs+#ZeYI{*Z@Wsi+q_U8DLrC%hYsVW#T2?`C*O9`>uyiGGgDnGWMd=gQZ~Bw_M%8B%c*x zc;9^BnEwe-tqD08+uI%`JUfZ@&(c)%A+MC`6rdT7224>z^=0snG4Qc`B_&~-btaeT z79}tErP~VF%s}Wfnrr?|(csj9{jP`}UC@V1!pw!nZso;JyY>prN z8XSKLCS>dMSR5o9b$0#R^Xc>GhDdpTj?4DKJW`U*=y}=o@ za<#{>wiZ0$k_UBh;>v0<=WZLjO7*vv;`a}15DFuHf%N-!*VFmD(L30^vhA;bzq|bP zupw`9>nY73n|d!@TGij<8-KCVl2<-#$RtAe4+vOPK*G=tQ>HGEfHt8>!{6xTy9UuySf|>RB2yk?=g=N$q zV0uC^+l9wY*GB%p<3dlunw1?B3rYXI3ja0m3c@r@oD%;8`X>|COnsRyZQ<{+s{bu| zWoDMo3f93!Rr!>-$ikg>vL_2$jMLwoCGbCIN=AN+Lgn(ZT75io12SDYm^D_pKB&EF zmrI)b2s&cLYJM|zY;q_)^Qb{OUAtfC^7<~r2^kFhu>}*Qd{;ZBtl(qqK882PwrsH# zl&Ss8cw0P>YjL{%6ohROo;`MxFKBJjRpwkH{a5*y*1pimX=2Kh9C;~QKN$#lfk`tD z@`coWc-;ekVRR$DXB7>VR?5*v7y=Ay#;<+gpV7q>7x~;EXZy8EY!5#xUfWFtVhDK> zG!K`%EX)uaqK1_Namy%6y7HfKS?lW&1!6YK8G;ld`(tijd%p+teW3TmxM5u<)Q&0- z%Qp&_1L4mG{CiDU2?^PyK$z^OfofI$sVdWeOlIeu8!#H`ivBkB(Lpt_)kB=qTlen5 z8~n``23fQEEuIZD`iR9_ts(Bo_sL&>{QZDI)$cC>( zJFdJpj_NdFmhjQOK>d3IkU%(20%kG{lVE%3*0`~t63fq02NE+^ymVTv zZS^XZRD2xGv=i|CnS_M2KxBcFo*2uaq}voC65Wocn;+m8=VQX7Mg4VP4a=Cue|tomXDU zv;oC0XC02>O#*HvU}_bYk60}7vN6Y6B_~@jH%z=@*3n&x=u3d{m))bV;88yFy~YA> zbb}r`*<^jsRZJ#l2Aiirfg+$4$pDg=Xr50=CR6?4l zHt<>U4Ys|NI|yKzDTa?b87VP-o5ioMiaYk*c0HDJ?=+5_YK-4vf9%IS6|8zrj!22_ zo7*yPf+kjeIs2^27|T-QL;}7C>%ac`04=mQaE+=35}DKi9ByQ8T=LOEM{YP_zbtsr zg*Ce=51nR{!-jy6>yVulU{ioE$>No^Z7W$B73TntoiT{guMD zdT(A^j^`omT{aI}FD()JX8wWqYt>>RA%llwC?o$>-V?NhQfS2-G?YJp@eJ@nXV{*n zG^AV;Xt8UYQC*zHiEDkMkJIh(AIV|XD$CG|`6qfMpMLY{X;(&84X_!&%OJ>gpODp31BO44{Bb$rzyBA2Ly~3a>!(8OG}ml_rozUra5nWDKx(tc)1H9-n3 zKeY|_5BMBAtO8G)BYqhxjCdt0eXKLJMkhLr{ClnRnnZcWl{Ou5*gOTdLyG2RO` zoBaBE#%D3xzV{9X=uf=HwUFF)aZP<3({$l*-?FKr-Q=MLZ853=y~?r2xfh0i1KG;+I(t3M*RyrO@37HZyk~^z}*!Fo)-9?)PrAmWM@-nI2 zW82^*@k|DZHhi?6Z(8B3%PsVNRQX;sL694!vW-QrN+|p2^Zi=Q`6cW`r!BNaIQ%`9 z$1F@Fonl2Rrpg+wbb`awj@$O{{#GG-tIrdAA?2czfw=5vdSxYI8@Jw>CnoGeETEN_ z+(vR_>>VD%ceb;#bC10ki_3aBvm0&F5%$L{$z!Ik=d`gd!@5VVm$=p5dG3^EsK5tV z5hyu3$0;z3LBK70ov!<~8=U>iu`syzh)}f}9C>4xe*eKi>fk#Z5D99wawy5SwRo@M z%V{p_Wt4F%2zZnZNw0TK;kJ8Q2bvb>6dNc#?u5wY9k?0&(g%%JmWLqyIKXQpEm6}_ z#ekOk8_J1eP93$KgnVTN^P}!5hNgx0o+;%;@Qf6Lai&4eQhtFeMIQw2q5RUn&4vne zW)7Xanx@m*J;+Zx2{sDN{);v;AEvB1_KT#f&^R|TA6=5Q_xKT zn<`DQJ+4S1_^aVBsLA(?A+t$hy&}D8={vjP$qjNr-}ZQaRWVOFEL15mRO2;3Q@LS9 zp~Y_UZVk+(nF!h8zU^dQ+-23x)7EGd>w*6Mj=2cT{^vkT<9=qtn_*oUtQnq@P#EDk zOXTJLDCoOpx>QxFt#aQ?s93pI=NuWLu_It=_S3@LKi<8@`Ma~{biQffXMc=Yj~RHf zv~?T{Zpa?7*cJiF&FzsL&w}h8^bIIsG%_kyW~>LlGzYon1u}kCSW&mdo(v}G$r?)T zBJ)n^_H0u%O&Wm}vY?{$){4}#JCN_PoAV!Z=QIvtLGvN;2cIv4C$c*Q~F5`Pn6Z-qEHxNUGQV#8QLhhi6SqMgvm#&Zj>3xf|G%;HH$| z1*>kjCP8yP$%@(G`=+V-K7U?m)ELo{DL0~2+1t!J6LHEf8a-N-pX%pk?L4vJIu84` zZ~O#1Td42p$zL#i8oFU3SaDmXiBP8H{^?ml6&@NLeQzEVjP>_9_RelyJuL&63*8y` zxLBMAVMOTn@?R>?-VT~s2hCO~XZ#ra^ljFHdf@^-7o#{6*Ohxv!uLGm?YkU>j%g;y zSzS_8AI|iNoKd;HE~7Dizuu-!@21vIk9Dop6Gs2t+$it0$}QzzjeBZHpI|@dBk?Bt zVB}(xAAZBzvJ||xub1kH{P{2?O?_14(0bHXqN%0y`>2YsY|Rbb=rZSL^t#p|B>^9f z_^bGecP_W^XQMDm<0qO=Ls<@XcY9D(4ArZ(*)I6lQ@~Dw&o0W_T8_tBKQS!Uyfb+D zJx;$rQv#h=L=`eR!Ne5YIz!&?U->Q*&Hr@X&m+U6j-fCs`{EM9vA}aW$LgeTR*Y)v zM-un1o3c{bdK0Dpt3sZg)Vgxz!{ZlBX4PfdaO(84hHVYC#ZW$Jvi;Gx#7{Rzq#6kU zmvQ0}yFR_w0`H3U>jxha;Bk+jlFh)Cm`PNAXNaU7=q<4uL@-A;*Vub#s90WFYL-kI z;Wkdan842uocxAvWc7Mm;=Q>^Gv(GLa8jcsEqe#M%#nVAAVYMAo&@9FZx2I|{5ZKUi#-*)f>}w5X@{Yb}G*k(7 zreP9h4myp~LOcwTG)F!%`Mj;(sy^0Y3EsOf6^StHQ<18JWnr!CgGHN>(AU%v6eF3t zek{+Q97l)HBULZP&gYtLPo_7#Xq;yCo$IhbaIjwfb!x6lIj4uu)NmnijY4gLvD6CT z$uo4I6*uiAGa$-W$qGqG&D357=pv*|r`6ucb`O54M^{R%v>_B0jhji=8HFIcgh++o zmVUv6(XM^c;Ja1Jadu zji*H#Fu;W1XKh+N#_x*f`?U!a_|8qG<0B7{!8Z%ZR*nUe1)AL0 z$ow|5>lUgUFUtp0vxP$B{FQadL~99^C(APw&EQtt^ow+t6L{zzTt55T(f!#|>Bx&( zi#3Z}-bvj5^054Ll(_1wC;f}~+c8$CrjV%9cw`bo-TM1tQLYbP0-yR_e@ahWj11i6 zjGuUqmGbGHvT#N2mRGAhSu}p;R_1VN3Lg0CWvvxj@ub!vOVeUkKPpp6uhN|L8qg47 z_o!Gh^<*z11v*tcn%aC5^}*N{0Ij@`vuD6nj^xKNTpd{%JSsEz_@gE`YnuIH*utHT zCzm00QYCc+B}?^AEmF)dT@N<;vKMzyluZM({C+D-EW0N8jtVsbh)`mou6q~NM8~;dVdJYb zZjayiC~kKj1(8s6{aUx$F;Jy!S=+cwrEnQCH?6gppn7D`k2sz)+!*RsYouGx{W92E zIDi3FG!80~RZQ=|^yX#}SmmuBYC=a@Qr1wgWkGXQREPsYT_Xdou5#95_b~6HIjw~o zm``Jo()Od>h4gG#z2%xRbDO)lRXn}k9`0F3&8?$SkD@N5$I4YI-RIS>5H-K@8GM9O zQu>!HD}y?2;NBi{)*9t-0C+%64PAt70h>jG@yi@lYj1oAc(uOQ%~@Em=|#c7P+@ zHiiSM45oKAR|?katNq?|Xk}Ekbn-u#zE{rOJg$fV{m>v?Y#1yU5NZL;VIvKK$VwHX zRYfn1sRX#CuS>On-rUumMf>lbhKTxe(h^WZ%zEnlqqMdTy09XrPQvF zz`PfGC68gELL@Ae907nvKX*AlNI%Pfyk_(2KP?x#z*jM)_AjIC#xm%H{h)p~a&C6LRZj5lt8QZ(8TML}J5HNQ| zKiitW)FpvRBigx6sODDMff^R=@KM6SJQv^III^Ep>-KV+{>)Qt;|WE5m9e>;d4;oW zlY{jNo%gCu#@CcAm6NMAde@U*ubg^zA4e&No;Fhi=)LB441kH*5o%6yH2l60^9Cdc z+0k3j|JdFTwz1pb&T0-G^&fY%LO6`8vU-=<<6ibIj^zvyD#4v7CG5FMLkjMf+8~-6 ztC51uWcLYik>?hRY7$T+7>E+{u-HwbmENpzHlU%>5KJK#a|uc1EVcfA8CC04Cl3Zdqkt-{7+DR~_Wge>+T=YcNlj20`mKCBPYkG?~nrL;w^UH4B0# zdww?(l*v1YEJJ@g1$-D9d|Mil0ic=8Q49^4b-OD)X2>B4sxTcW67ka!Lt4;V&m4ap z-3~TT%<>0rJl4oKi>5rbkv0_nmkgRbmv-sZeae8ySLMz$i@j`A$S-ko`cl{}$fsi; zYqIXR(@kL()YhtwJnam7s-$Mu5$a#FcsgX>!{i-BKu0oIhrQs6*}HoLO{BR9WgYvr ztqZd{(4M*Mp||ac7_%9Q4it&MS48lqzc%vzFXSmvn7B?mqR>%j7*ZSDR$+&ofiB89 zr=&M$t?o)(2(M-Pb#C%S^_?`Ehf_^QkMASE0A2nc|H%Ikw@Go0`i=*yF73n>-NqJm^S3FP+5lhco%q#pWlXC9LyP82W5$I7?Gw3AN z&DGw(gX0rouRlAm;MvlT{z#280lPSjN2k9;F=22)y7Iyl=AIsj!(!il#ytH~4eoVi)6u6R=XwEf_s>AK2dK#1{ML%q1D z?OPRb{Qs?nmrz$tMi7%6^w2%911{o>$~Mn?0q03O(I{jIvt z=1CzKJTL&Al4NRyaGC`)j7Dx?WMal#+P6x9`4(|J=+zL2HJ-ucwVRO{#gq$ zIAqu!Q};XyYpVB^JXTM{j%=$jNF`g@5@Nr$N>p6Nj%mA}ZZFX&`2(dQb|b5Ce`Uo4 zLsR;bxfOmnELCv54+N{G2!tTQ`? zan`dxQ^{2TJsg(Nd-KINT_Kc%<7J}GioIm8gs|7PjLT`~#C>^xtF;F(BMT>+@2yneqA!sUF_%7Mt{;Dgs24>rz%aymJLyil1361&HJne@Bq z2S+!910Fc02^h8fk`9fBc)yoDd+X&QJH7UD+w?IKW)x)Eky)HIMoWCX^41`V`6FAe z^!S(fHmlu2)wAM{s)O@1_pWp7?Q}e}qWd60SFHoE^gP?HXHAMqFK)9+)Yn+LAJT#F zie6yaCr;(ZeVV)MARR;r24ub|NHQOGD7w-pOxLI2f3ykcYrEM!*d$pdNkfe*JoM?O z70YR$MZJ8hbXwkbJNx6_ZJN!@U%~uP zXM1;xJ0i`!o>A38v$|zJ|AvHdm63Gdou9(%HkAjj9!H{n##-e^-8ERsvM^a@_+0JB z@#g(cL~Z@`Zvs@#SzzD%zMm{Y_Ve|f&tFON$FXEJ=4)?=Pm@!AuHr@e--1Mfptph< zzr!l~aOHVZ3_+Sqs43mOoW2+P+5@#&eWZ=j(#J-tKVRMc=D4O{p<;5FQd`nxBtQ!8)ks=lcy$KUU?7pJ=-t->hp_)JzZ{$EAnU zH;Lu)9hKhKY*xz?39unG#6btu)pr`Ap7l3c|N0?2q}$sblcDenAWaEpZ?5vG{#Y9K zq0}B2iyP|2KcG4r?!Vp%UP`#CE2t3yd=w$rYTM+c>qxyg+S?D8b9 ziKy9#6~oA{Uts@*xp8=peh%>t5D4QwJZTpD+;!kP0+ zUGo3O+*gK05+&JoV~tDW?$Ee3?%ue&yL%&rHtx_kH16*1P`JChyB4mG+1+{jW_D(F ze!ibsH}ifKH!~t5PMmX7K!4|YOxwDO?B**^rq@7?X^kGT(_T|AU;t3=-WvetHHxn* z{yXK~E>_dzE|w`Fu(&jmp28*@*zxA=@(cx1zXA3+u~%IjYAVm5At_Ye$@X=3ZZD4X zKDjkI;c+oww7pS{wK0`_k?TEGSQA~xT3uzxkOgQPQJej%oKk&PU<_|p+BJP@7+eUGj2l&nVhny@zmLxhbgA7Zhp^7A9OMcXr_6h zgYI6QlbZtM7gtdg?^*22G#@LGWU94-ez!<};0qTdD( z6vh=2+dm4prMWSfT)Yk~wQ;Cdr=v#M;L%`IF18uVowxf-WGuwbZTqV8yHmdO%l(>9 z8)CFm{bIQUjBHpeMwg_6d^%(EZ<&M)oAyGZej8%pyfh>U_jKok{W#U*$K4>NgTa;wyo0(PI9 z+DKbCk%~`lA^;|5;FsIE=aIICGCc(??h3eEPOxQ=tXI;q7>W{ehA-&)6|w_M#xkHdKa3rUZU@Z(Jg2?u3F zUsNHF(G@d16u8Xx+4A;Fy65i6PE#3e0T#UgIrua}qSf6b*5~GKH_(rlJ#HAOS)IvD zKoGY1{^l!aWwG4=^!Kmj7*(;Y6)PZNc`|^K=`>ptG1# zCpaSBT7>9~_U8F6(VU#@ugqo_nv$^Iy=}b(#UK;wZ!AHXDJ;>LU&adTg6}UANvz`f zwS8ZIasC({N8jU>`5NItu{@oT3h*q)|OTyZIbCM2QKWQpR@G6K|(9t*`#58rh zL$lMxOKUv&ewvCCQZfuh=e<+(tkI&N!YR(xFu)h`ZUkxbG@cGQvz#NX@iw;?~9wH zG3#tJn@3Q#^uX(UEieW0T5hsET(+X{<84n7Xo_ttKYdN8?0u7XLWVk^8_?fSe9^|= z=LKVV$uL?1GD6rMQqaPhRIn(JYZCugg!^l_+vF!E@_v5H{9dV^TY>}TKtic>IoD!X zUxbG8&?!trdGf`lN@IxW<;AQ75L{8BfQW9aZ|{mr;ST6Jn`b)j`E{~!AOeAfV;~I{9%rqe0o|9N&Hymlr4Bq zhZS^7%+5GNgZCK@!cWb`oy^o0FqouDQyS^=n$A?_sPUq&H<7vQ11-+hytP$mji>z$ zL!544%-@9X`Og!^CBH!oLy}j@J1sJzQPOr=5-MJ~@FXJx+5Vf%{bNn74hL&;4}o%Y7kRt@^gf8XyDF>g~a1*6keBHtRKt2y;q{_MR{_}HusO>E4Mj|tNvUfUF9?PMJb z@cG({6C{a7gwL)j(54khq`K#+sOq&(YYbv+d562?&ns0f57%zb5YH1LonT^i|{n81M<_u8Z9e8nf5(=cjcAsHs-Zj9k5(`+K!yi#DcIRl$s5^2^%w}~2c zB}PoE5;5^8bJp_N%;g{x3jv! z6lNN(N3R|OUsY?UF;w~9&bW9C);oge5`TpHr=?r&yPWD-_{z()62G_r^eavXIofT= zpHb_IOcs&RuOZ6aNh#o%L2oMi+Jll_k^JZ4pmkX*vR=XQ_!3j{WJ!)6X8G+sIMMmg zUP&RxW6QZFuYcra!nifh0!YwZ3Yr$`t2)}q*%t~)jNDwFD9bu9$9TkW zjnZ?~@pexWi>Ctvjpw@Zo4zZsgf97Al~z3>HGAnX*TjqtAJ@tkUC7e)hJi9C9becY zej~Gsh=r?DS;EJuv{!+oQ~~rCugxmzo<}Stj7(ki>UP}4L0JN=L4M4bf`W4Bl6rO06rp*9^hajI;r&WYO?4RmdfFG zt9dDFnxexHkNk<#0(@M`^yuyfHr6D;y?v%mD9jgj@hu42|uMNX%0>iUm zf7lA=XAf89@B2?>i9_m+$8?%p?uMfL78im5XAXtlZX-H29lU@+I6i?4 z0W2?9)(#U>;le+3Q3MX+0NZmqK4^OLc8bI z&nMmnp0MsrQ?bpCD!xbFgiN^#58Xpq1AvAUD}J~ApNup*EB4H!GzzzB-NZ4w{4y_q zSRbK0wC?UOwb|@4{HhrS@6%0id!Hk`J@4m*W@6}NTIds(XH$5+v4ZmKvSUR6r^bdu z6ri;Dq|Ps;B50OR16Srrwr_|p_v&qo+cQj7h;xVQp=kvhPWLnV@@TKU5x&OU15eac z&E7)tg9-r+B|2JXJTJp~n);`S@ECI@TN*J|I?6_!A^a1>&Mo%faz4Klj5(23_nY(R z3<@Pi_cOY(G}M4`?q^{Ytu9g;UCkF%6+;?q05Hp4!vZDdC>l}`n^g7^Q9ql&t~%e@ z_f=bL7vQ=o`9pjy8xm4E1zp|LU}1mnx!SYdmkw=*)H=6lLsDI~iMGUZHn7lh3I{O| zZcxZ$Rk2f$;Q{Z$x9HyPYHLQV=vYOpxyT>u@G15_>K2EBAUK{EQ!xkW8fX#dE)0hd zIdt1&w=I(9i2+B$u18C#4>Y+71%X|sSR)<0VOHNP8r+o8BC=A_l4?^s>cEXqw~q1$ z753u^b2%Y@FXGd-HP;?uYkGWaLSxuc`PQ7dk<* zFd2;$oi%8WU1Rn!p_8Za^{jyb4-={@tC;uB4KbEF=aflG6=S`e3{-Mc0i-{34QVDA zqdz--Nef=}7EPh{c#~`>KYZ$8Equsv{z5FLOg^Y zBW|5^-O{2HjctWt>*tLHhWi?VDXpLATV9C*WIFBQVi%uXtt(!bD4PrPIvWBpxUfNr z9pB1}Gu%o=8aw|U(w*l7Oh8|Ar{kTJg!TdOu8FVFaKMpe3w6C3P}q#r9N#=nHh`Ed z^N-4*-&c~?8)v^r%KJJI_rfg_PAYylPzyu6O`vS@i1Hv^_-^#map1V2uPm$r@9IY; zlL5=4dTh7|AixDWY=}o?YEly>W#dGq(BNFE+tW2dPEIE&Ih}Bm);aUflkZJczZ2+! zXnXFk6CFo}ma_{~QUPT}JD*cg!{cU}l1eit#4bhYcnc*%{5>&dB^QED4&Ch+AMhwE zM7muBWV#W_-^=I213iqvw(bkBMpY)DSA$_vA_5atyOAwxq)%AqAs1f^9VXOY3-(OV zyOs7)`tm78M}B)$=SO&Df6%Fgkll#UkTTnPgC{nAC&&J2l-dqP#Yn6!GvFjlV3j3( zia}bTL5AkfgKHy1hmlK3zYBfW`OXTdH!@^*{}Xq)c~ zs`rPBPZ)jpIgfB3%bfhMr_tr{o2GCSU@%7tYvgmVe>5Www>r>ZGfE>z(r&8jmqIOXz{Ku7J*#w!A=sN^y}D$f!kNvw|Mhmuf_^ zyDi7N^o2EyI`dk=e$?a|*tlQG;G=~u#(I3^gAH@fqz^{vSY)`pKbM0<$o$og%8TB( zkA*mx+=dOw(142N5vGCJL0+jbH=bi~jw-*zKZd4I-vbG$EXDOR@BLz^biz#w2KI1c z&LCDs!gzXR8fC0t$8rsOYRwf58RCoEd_?5jqmnE|s&F^}sU*R65H8B8zf7ONv6;~> zKPa6KP>~Ku=xCGJTzL8TUId9!xghCOZU_>yaiqcHv;1E?+H+P$k7INZek{m^qsoi^ z;`W<{*pg9V8I6^WjCkC{xFou^-SFasjN;qNUK>Y(Opzbrt-TFNL5WSrov3Q$T?OwUn~l2o z%aJzjIMxIfS{&*%2W_6kMb+C@L7NgkKlbt2O$DkNOEk7T?4T+XL?oQg{j~q1!?1PQ zES4znO(XD`(Q>u-30n6JI@ngMrzYtEoP5afaRHS-VCUfo)C9U@T5pdQu{LC82IZ(i zXMPR$@fq9rqp!t(ksA}=7A^MS(okyO=vKb%{SSzv66FKp02=8=yAj=rYra_N7ZH^W1HgR$dP}B)hJZ6JlAYILw2N@=sh7-=wxwV zLa`l+Qxj&?#bsb9*Cf;$wW{m8**R#pB^ech~aL}+|U$3w&Nh@GZ` zco~SdfXRo1%`U#4!*9!SRf?C$9o}A*rzyYPCT{@Bv8bxth-2Q_Y&2?($G+-kvEF!# zXh&Q4b#~}5Y4EwWDNk1nLtOT9N(_NcrI(`bDyLYL)5<)4IV`^N^XST`ZUK9b%(ziV z{y6MtTyLP}POPTI5(6QBn#&&KD3>sg0;S%AN{3;G4_Y%@vy;CRVY0k>;23G)55>dA zSjM~`00b{zSJ5~5vahDFdL|3qK`>5_j7bPV)?G#YhF7H=2YxOZydCZF3=)A2sVQjV z7YmbTM73#9sb6BGLJ9pAJ6+@-TK27|?xS;zno3&qX@{lbFCM9v96^Y*_O~%)+JH-Z z;qttme8;`mTtv`~wwvT|xi zZ;8ZryasS#Q#*fmFABu-pQtcHu_p1nrb8_?^GbZM0Sf8MVBH$n&wZRekeyX!8G{oe z20fW2e~44z)bBXtSAMV2EUh;1*FcaIdP)f>7^N8NI73#l4snH5&^SqxH!n!si}$lc zihLFw=N}96JBV#Ezl%^(%Bkr+p5XXzU&N7&%7n76;HMW2#P4?D^dBkhX}tPhsxWR&zaz{?N7~I| z_r%_pVPkie9G$W)h_?esV92J)B6`eV@S_%R-#S|aB1B*dg2S$Sf8T4e z%}6fKxv}ff^-a1gnL?@T+o!@88K<2=a`omd>gM_Tr!o9Q z{a~pJ;ONL&5>_>CjC9&$C5yIl!L}W(07Yu&alhUbmcII>)y@JX|CNbVUBX#2CA0G2 z@MAj|Q-ReN-%tH80b?nyqq)1{(p95k`E8h7*V2dc$-v$m)Q1O0-Z#m5p;u4PiWkhS z2pC+enK55*=#SB`*gH~&(Vf2T0wtF&J7qY)+NRz#9_X&SoJ^&zx;bF}QI{)!KySck zAH6W&j;h8$Qw8@qSIPcJi+Xtw+Jl^WP*s_gIybk1qJok~-=HS!4OUm1JvdM;EfgBV zucTm1QkuzxM40&KRYJ{sJf91(R9-FWA%7H*U0@OdV!s%)nQCw4tSDOE*1XgXWv-Wx zevP^?nyBFnc|wDxOG$W%zaSlmO`2QuY@Wfv>N?r8vUYpIua(Z57`SO-JPngH1TCg? zXB!F{h~^l0-wqi0BHJxi7`^F8H%0XT>sxXwg4M8yc97 zLl)3+QC(|EXe#8j8Hl^!6L^Ogg)0c004LBTR)DwStp%H#CvN7rw_Od`XMsyEije?F z8V`D7oI5jJWxM3r%w7uIjGjRro0jgWLor&3i8Nr zO%;b&71;}c8az?ENZK2D8bg*P<3)nfMB0Iv>u-bgjx?J(E?zpwdgXgJ<1f><=HIkU zunhr7`zr=uxGVlk^;Fo)noCU5(`_UNNmVa}ljT^S8}+Zt*HXzLj4 z9=8X@z15UTsb3VapDi`TBr`j&pA^)+3rkFpU%tb-E^=%%ba@efDJ12n)`rA5^-s!C zG%(V5YgvZXwR$|Eswp33Dz-dC1L;z(p=wNg2YwC9@KJHE{h(fYh&F9HQLu(LcFi=2PB6tpqK*uzdmVW+5z$pkzwlX;W0!v6yu18vsbJxf8e}^lz1Q#wj-)azAG1NxA!=H^Syou6B*Y)ACIVX|UbXCjBMr zwVC4jzu5nOdFwmEXWtJ+=8Q{rxoM$~_$DF}yvCsJ@0!Z5;s8Kxm0L}xA^j}!85!6+ zCiJf9mO+!i=2t>n#IH3@$@g)g)7wO5JC%cI>&hEXU=!HcYavz)0i|C@v?1Ih_xid` z{dto)7R3$qy5~-Be!QG_fE@t&rOu>ZaiSn)(gUXRt7@1uIi9wF7^^@Ro>Ks%< zH&;&tO*$dF2Uw{qO=;!}CVC9CcdNeYFqKX0lnXsG2M{?R;J52Q>{cspP}P|Y&&^4s zpAmVrJxhf!ImQMPD#2%;@KZ+`Dm~lolRNfe9(vEs>uQQNdzLkmFWY3xGEc}sDFkYZ zFLe1#YirWVa@fxfa*$`NN2=n=nOdRm&t2=m!b6h-xywvRg8^FDU{HLa9tRLFMUk9TfLmT0PSEoER*{y) zrK3dB)#^L|j-(5vznbRWPfxX}yZsEp&8U($1jeVoLF&d~fcCh@G6s@R&UX?sWmjVj zGZXGUcQUk(+!YzzhvQ?%Wa!Z{)njgl z=M2$e+BVw0qk7VUIs2yB;TazK0yiG*tNTFffLM!xQgeos&6zUN>ngt0cFRXNJ>wP3 zow^}&Ijv}F0Le1vtf`L!5*q!{=HL8i+TGtj7?M!dK3nvxBwo<{g>@9kjZ7s9 zB(}cQ5;IY1$r_+X?W7}xt)wqJ#iShvV0AG9Y2}L$_E)=xDkk!4FGZAIO?NiCa3JNW5EE3IfQK7fe9#!pJH?`~7MlWv)4cQb;`$$)BZv5R*cN>g z$J-rF+)bWXkJyzCQ3S3Kxvf4zv7S*RYlz$X(1m)%Z27q5rsseEdO`lK3 zL^&R*Wsl`|-eE<%obQN5nd1Hv#Ts^zSh`Zuc#hpe$EU%O%>)dYZ8r0yLa)gBz%0QkQ~u8zhh6-TVkiLy_2Gi+us~x zOE`WJ1VV{Ucrk^e6jx}dSx6}&DgWsA{r4OCFU`M9D+3oj<#%H zeMENlW|DpwGmy>JMKGE4iA6BSz4nzgk(8tOzPCc;5Yi4jg!&fQE~C11)(2Hc;t=Q> zGk}(o-V<%l`@oErda&N!doisgmO{aqmQT@IG%X8xOE~kIOt1ow?BBA?%{`)@+ZBn zF(N8xFev8gEDfK(dcZsKM^v}lOpfR9mK<9W9oujKfuva_8rT&p3jz!b%BJp~So_vo zgZCg0N-H_qIg}VJ)y%{#Ys_PpAR^_;D6>-(P0Q1he8Z~gih zJB|Zdt;CJ)p0^lFtwIPhGq#kwSnIx5{#qc`%Nu6L8xq1^uMOTf!>?*U6g_Z}k*DVT zx=^_${*}9;!**p#2MGT0j_G$9#XZ=>O>@$Uj-m(G&x#EjVE5a^y#!lb^^N5%o|=H` z8DBQgdmz3!1K^)&@YmHePu4b~^zAQ~TC?GtK+S)>Z5JvPtt$1xrz8LvP2NNwZd9Yx zpprOTiF}%s)&ggM*bc4|vcafv=mKcrwQoi03ZHkiC^^NC%k;K~`$E6RBNoo9VyVfU zI{(4L4hZ#G*C+HaH=Msi|EAXKscwffZlas4QMA+5Tj}}H(BiX~GMRuIY6+`Im0pS< zV29dlyZ@=4&Mx{)!RkAU#RCu5QHb@PB5PhH)C>ochXfGAIGMCN+pg*NE{{jNzxbB7%lPrajdqPX`dow86A!sG=`L z3zO9I(lhNIFFdI`eQGL?O?gpV?p~N-bFcCH;d}!y=m@M*&ZNTX{8Ll2)IDJf5m(|x znte}{^Tm3*r!Li8jXj>_KqU=JP^%lFSka8_3zH|uI@g`}m}5zZ8(vUcvBiR;L;Ptd8(dW}VDLfH(RevbeAk3<@_pQA{rxzE-z^GQViu9;S0`*SZS5&_F$}$gC{+ zJV8{{1-H-uunOPprKD4bsgq0wyuQ9~-2?nEb`Uv=r#%9vDy+LSYNwN!yeH6YW-FQo^B8W0l@{6Dq~%GNR?Yh!6JvsEW!7h-OUtBHOwD14DXQhN7J!le1eBU z^ul?VZ|0lFn?rU(yIQo!`%!C^r-+{Rkx3+!iZcrC6@(f6YLF_p_@ZkXeW-l5^Im3n zJU$KDX-H8r^G;!rB9kf_K26gKY)eOhJ8iM#8Uy`-?3&58a}93)+SV%ng32;v<8x7MMeR z3ph{HCDJ_6FSC`}82rg+D--d>qJ+a~Z3;e5=RbTLwSF42= z`Tr5P_$^^%dcrz3)wOrjljvD4iuimL7K4?16w@R`RXID??o;j`gvkznNGOiQE{=_b zp`4sLp^u`8z!z_o?+otUsN3!OUi^-=maAme7WO1Njy<|w zf`~Ei&rPon3@<;%MV78rrb_(D#W*5`l!P6USt>3-OK_=GSiH2{yI;cF>}3Zfgcn2G zp`l^BXBJ|9jLHi_?zAvA)^#UOHH`Y_WhFT(ieT}m*@-UZE(|Ktgg=#Y8N`F&lZ|ae z18pPd`?N3ch7nC(kq=)y1&bzuVu!*PIi!=&C zN4U2U!aR{KnxdTBaI+}1>I3naMXFfUw!+nZj0vZg)!JljxwKDSlHSB#ox@NtIqts5 zvqM>T@H0i@We`b^ttR2_Ey^M~u&_5gP)%#I$G0Of`kh-5d3>ANQ<6z4cE?1AY#38| z`?O4Kz2XXsq$|QWrG>9z#V&aN*2AY$w=z5LgmtAVbKEvOs&%q|K|xeyps4`FSQn&_UKV?sUS<g6TJwhQ&OBS%{9Z?3)rEqQ`x19MhT@1Dax!R zn|F~)o{2ysw+vtQq&xlFJ5skNdYof-^r?bygtWqFvDM>jEX)Ut*d2B?a++Jxm-fc3 z(**7Ztn@A*hMExQPA6sHMC5y^G9%hgT^2<+0I^uJ&~TK&aGGALHEmUM$Rk-Z-{Jx8 zMgphlx%WxtJaiIRfx+7J9Ea;OUpQA@ld2a_T0tyTkCSTx$j0Z6hR;0p_iD za7kRmVa#QXN&JsIGZP@KE%%o!6C|y)3S!t-V4QzC9Vn-)jEOA|3Y){t3Rm%oz%^CL zBVxF3`_}IiQ)3jkiJ9=GX6vKQWYRBZQMz3Y6pEl`QH7@SZu5doy(j2dE3Ay^N-G(` zRtdHcmx{n+hrfk~AVje@sZ}I(7d)g8Tu!kqGy5AZ~l^dL%^_S3sgU3CH zaNl_QH5LKlz;g+I&x&Br>wRTCn&DDkJnOML0cYZPf}VfK=*7jL*J(6F_*sJ!U?KaO z#lVCC&0Ti5NK7mDKU=B1U~(Be-N$pK**Q6Wne@nS9>Jn?D1Vp3{!K#rHwQ%Fzw!hg z__@DimqjTN{C(9c@*niKzq#PQ4#-Ibzzl{S6m0%BS^h_-{^ul@QYb{emq|~}MYaF= z!#_XuuOnH;5I=}$vH446{$DcQUq}DZU-PB{BSU^u!rM1Mg5^^Om6#{V8f|7X|v#(vmdW&Bda_U|t6Lq7Cxfd{Eq?OBa~ z%Zd+U<(WThPmCa(qxd^c&p%qI|FFIj?ekY?pW@7LE~$TafhEO0Y>&OlT^9MLv;OVK zW)g`2*cQXBlY-g5yTAfNAGWJAdn>2@yZ7)#@#8^x$@iu|ru}yp_#5_z?H?@%OVoew zF+uj#3;TFbI%g+D)5-tc1^)lmN!~wD=d$=DMpjnQgY^?per;f?aMhV*R5wclky`vS zNX=!;&Bu!TJfFXeZgh*o?xJ&!tp20rYXpiqvonw#?qKl_x0cQKzqy|P3`|i%Rfpo-N2En@d*BeN4BRpiLEHYyl4T^1$cj@Z zP*}mMZ#M(ORg!PKJSrOvj5*_jZgT@i(euuVSJjv`Uj+M0JXU8=DjF_RX&aUE9k}9* zX@^Dv^%dU06crSw-B$T~KWHxCfJ-Bwp9|Qkl6Y2hh+!y^MdL^O$`ywTJW0&ccj?EZ z)wrSL8U_7I@J);_zW+>#oDd&WB$fI*{_NX*V@!z%?mH^P*Y&l&ZX>}a2he9ekpUtq z-Y-uEf(>|ld3*zq%Sb=ONth)^PBC$*wcZb>1RpUQMcTn^c-@n}=Ahsr5ex7OG2 zy7{LW4^CO(E95oZ#hjx5x)(sQj=sjUL-sGh;RiXGUE}`E!*Lr9d`ECQ(%hI*1&n%} zdLg~wP%LwWMs=@|G1>m>?s*RE80eMUq^hEz3L%&EK>WaoH>IZMQ-rU~zhL{Fr}E8w zIHDV ziKn|HTp}yMb{we_@>%ayz9q%~18w~c9(|jtU;&S67>^7sRh$qwp)G#ul^nKJi<^}9 zEIB6=&g-A`8yQQ+h`|#fuaxai!zY)a=WH{sn#rWu>3Z{%PV(RWwW(`Wv-c#-DT~^Y zqHqb3rCH1~`yHa*z4clCrx%P|T=ZRkj=Zudw4&b!5Q$muzJFu{`qG)%ju1d??Zt*q z1l$w;7Ri2Zs^t-|IGhh}`*N=T}J=(jd&4;sA0)rG~3kIj+7STWubvT(SXaJ zHgaGfLoU^(-)Wg~DI;7^JesGkAQ%bvA6E9#$nsy_S+3O|5$1-%7QSkQ7ewJ;z=S6_3*X+tMGwJR037d@b zZgRQf;ki2#uJpWLoem1om82~F*qeg-m*KaQ;`34C8UGPh$NFM~ zFMVsWYZ@#UxAed+%Bw=5A-00m#`?Pd`@YH|p*tZc7@?4d?6IN#vZ zN8k9Fq?(%U3DV`I86|}`HPreQmFAdBX0yT3xmwzUf?rr$6_FY}*QM5%rOI8Oi8?V$ z(sEX*xt{f>7Vy<|PcL?a^#`{%m+y#fZuR9ROHomR|4tpi{&WE{C?7-*T9s~VLJ1f< znco>}bsKb;e-(dDzP=UAz7txA@?CkOlvk+y6;r!!_+vv>@zu-u8Ly%2PH6Fr6pM+B zU?7TCoRihT*tn9)%FV%kb6Y3bjFjL@PDX(KYeCPUrDn(EUBZ$^tb<^ROVQ~BGQ zJp&>e_Ce&DtZ5FEQ#ysd2ESI?b&6jwVzzm4F8#9F?C^m+Llab+m{F^koAg z+#>D`z1_BVeQs$wt6gOIi<6Qy(Qyohug8*?iVqq646XQG>3FxECTund8wi}Zp9mX% z?7z`~T~)doAfkSeDn8cl*f1EyT9%=0a7d@lj}pUwHr$DUw?kvsjh!x?#0PI{&`8;-M&Srm0Cvxq&t_Qp{HAsQh57 zpffU82OOvp{+wMvODIGqAtJjZeqib30t#})J5jOn!s9B2bNUq;T|7e=T#+PMFd1N- zxM1yRMf5ynhiyc^t#`!T-<)-rhW^0Y#ZgjV@9jljdvwV>^QM@4%ihan^bhsta&9#` zfFV4@+=fcSal+Fg@CkMi<^EtyvMf$oQedRu64RY?C2pXs8bKoLZAx2H56@R6S|+jm zFE=2(OAZs7G>R7ZTt|C2m;P(d1pzKw4c1HBH7lk8Czda>x1aqgr{;*0HULLz2p~0u zNUqkw57!MWCe>fc2j}{E{6XjCv5yN(9?6{k*iB+~7OnG^pS+&tb_Klb&jCbfMf&9U zDBe8yfd1LKeqOcro^hW+mJZ>~abtKTXm}u|v3sdHmEkhSeTx^uX8F&Ki6jOAo@R9S z{F=dhHXKid{nqNQ5pcRkuHYP{N1G#`8i$<__I~(7a3_qQ@#*EyG_Ft}U}=@M*tSkb zM_^juTrJ8Pn78$+ zZ(tjA7qQpHG*f*t$_wpHwNCbqYjh4(>tZw2oXV=r^Xg_NY@0Ax%L4Y z>69fAar1uVBbb?5@za5`8Jk>l`8JQ&L~O}IWr=(0?m7@+!|=#61RB}1!OL_V*0HB& z!?{2xT{aPQ22~ansRfiq!!ek5aCdx)Ia>0JSzY}psK9oy(ivkM2`7;`Uu~6-kl6X+ z>#Fw3WDtVDm0a(i!ilR_z%T%gF|WY9mbMt)*}&!_8#}tc&?9!cdw&*UI1rZ#S=rrL zedco6LPfO>U2>K@iCbVZYJXYpmPV`pJ5+nsc{MYV9~(xl+Ovh!o5c=Es+B4yM`P%s zdSxVCCy9458$b1;IvC%SVZ|@$%9?}+G8TBdbhQe1-BWgjcsSpOXNuq2W$>b%=0VJX zNtXKLdBCCFkAM&|KW?w`}Mh<}e2_WK}z%0JX0QgdKS%pN+*#$lk=obJ@A9(hUer|3u)C53G9N9)LH zlQ0GvbX0MeII%+gIskC9ZKAS?Z9m*#?jhi=^a-*pS3R`ZK*)EBy}TUOu-5g&PdXnD z?iBYa=4xJ&P(NaZo*>A}627l6udEC*TNo$#-i6E1c}!xT{u59&(_~+qeK?iTC124(0t-CnAHk8qmq?xWe?O zVk$De`nODr_*#UX!ouQq995i{;gbBiZGAb}xX8eL`@LAzSd7k(=3#`yYx)(3;1^z~ z#cVwU;XF?d|1RNHrl)OZYlIt7kdTlywJtwqs_AkM`zb2?aSal~Q{CsU{3H*nCbW3? zQPXB}*|ok|at@U*jQTa~$_O~Q8^0Zj)G6R5Z1sW`v|V&{+rXT7WjZcgy-W>bCs>s& z=h6KK?tC*ep>$W_{qDCNn$Wi*%j3o#9IxLj{<(A&MrEudSy`vUoX&!M(g0c&&?@AEfEdp40sr`gi&N6+v4XX9UFpR#8=a0Oqazw~3S1Q*ZxbAnKnM^v^NTW_nyZeE?*1d7x;QLU|w;aJ~j{0*24U{>)wa(F<= z%4C5(IA*eurVKzxUt*R5`2NZDohxd6f(mXuQE{E_a3@h~2b0-4OW<+~g>A-qFI>QF zt44QFXhAI1(aZ@Lm_cu7N*jmytO-|?2STvBZrbqbky4dy0RG*VieA_gS#^C)!D+O0 zFNf{2Xy2vQl-0#$w@^(pSck1qBl-4 zNKPl5f1S0EOjOP$OZ_m*kUQq0lh^aLO15fLs&%|Xk`U}g$7qO$3HU{=TH);H529G* z--TQ;;+{HZm-=}z6$f)PmQs}B>gbr@;~3_F2eVL4IaOJ&pet2t-&Kq`zuF2uad~k$ z>dO0V8lMi_$vSDx?7msb^|7YvchO>5TYH>I z+1(*F;41nnMu7g=ap7T`BIEpqc0)8$bMsRb(&#N@4zU>L*1&-})^4c(kizE=ep>f1 z20h2o9#KtjcJAbOE+NL#m`Jiw(GTf(=TCp0@a;DbO=%~T*MR@zAirUaqUH#BOqEdu~+pH0Ksd*cM)XDAYmTstytPJ=Q-&dJzK0<)1 zJV%rL6%_vxdmVN#9(iD)_ftVd?+cD*P|?B=1lKXA+x;m9(C@`z2gpgg=!4~DMdiZJ z;4)B5@-O{_KmAv%E#2@PEynVV44qvWym47He+wPYW>qlT9@k zy6Z5$_hHRdN6X+9C*Z$h8Q=}ybo)DXf+>em7_HAgxDJkcB`GU=4D?Rir1bt1a*;Ce z%at1IA4*{zOL1b{r!k#P*6e8D2P?_4dcZ!0W6;Lx@Q;2BE2bYkZU?~WyW=B2H^6Qi zm|vp5^!3Zfc>U0r2Ya^_*~UxYUK)GYPs?jyPRrIZ?GP4|VeqfipFfG!`# z*bHX>Nol62OnL1hT6ME>mNvPGIl6=gi8cH4&c>?S=gYVGU?A<(^qNib#}v%Y5guFY z6o+{OdcyE=T<*W?vQQP?N& zyQi0SF14Zs7d?+16e!-SU(q#Nr9%9{YIzG&FKH?nJgHo`oxfCWwL|bjjScATb2j@V z!gUxI8)Zxg6+f!O*$}bgI=Pnni3(S9432Fyy$!j>+Z|JUES^gpJa^a9k1tcMY{RUj z)?O@>t{fjTr)_;G0Wa^2dU{08$nuRrCmTD=qJY&f!34*gvw>2VS_P!!b6ZM`FQ7XY z2h)t>=9J4;iVmL;YRNL=zZJGsz9Qe45oh8mPYbo*;mcRnG>BL%l@4W27@XD+VSUGr z8r#ttrdJ+a{V%QLIjA99lvp=SG(~O{LpwZhOzGQVlK*a7O#<^`fj&&;J^YfrS3H-=TU6t{@1&(7fPAg~?4em*<@z&SP|1 zqS|;|E3sZ@8pE2sPbkba6=pztl~Q~n!{gf`IGI*ryz=wdRsVnKOCc`m)NG6&yK1Fwobh7 z{#{>3M|aMLmYuHXns##!; zFhwOWJZ!Zrxx0xm^`zIMT71vvZ5@EO7D%ZCi6?bNC9$ZOpiSC6K3GQDZU0ZQMEi<} z+=XZ|77Ac?#$&M4>oq1N4FR=UQqq5t!Z2MccYsSf9LR3Ct%*_H?2)LKRm`e&p+0qK zEl~oq!w>WiO@8?9rJaqj^|$$xW#9AIiYaoKwqqn=dQW(+0#!hEdl_ z3w=C}W+1ed5vG`cp9KsS!&sh@nweJeD#DvKDRER-pk^MBMW;c+2uzv%VX)P_*VN4P zSBx_p39kryD!X+dHK|8mwm8yQPAA8>jowg>M_LS3+YWU;0is>Uz-IeFzPPik)pwFa z0`7>6g#2b01V^Lnl_HZLs-*}UV{r*@KSa#M=db@?XcC>sMLv%>Hr__T+@Q--}YEe~aS(9oYY33E^EM0DWWZBy|=o z+ns_WVZI`A3Q2;bY%CAaDOD+G1rU|b_oc#H+W6(0SXG}M6^)s=b!$lD{YI&gpvVWi zzfMhxA||KW47~n+%T26*VQIa(9bCHrb|tP()HZu-V8D+kWr`?fK@P;OaeaILp*VvA zO|DT4R+;M4YfdcY$PAGoU!v&YEk`TY)BHm zKaQ|%?l?WKX8|^qI$sedaz*3X=auU{>dh&d#JC&@6*>tv{3TY3e)e#2xkVkcfZOrz z!gd?a6{W}wl{OmSwk|g2O;ZKzD3JD`w&Y^&6a0{T9(T54`gOr&yFKiZ^Lf4n^`d1T zR6PU~TW=xyOlU5)9Uu$Io$kNa4KD=w&wxoEQ9g9-SV0}27y9wOd1O;lhLzbmKLRyP zuTiZ{wzCRs#XsN!Zu)Ul_uXNt#q}O=t9>1T3Emps(MkqKAOZ&8%3vFL#nVNvN`<4Y zR;VJ!4Bkv1D$ZqRRzO)6Ye z<3NJ(p$I``F}7LBj~vh-@D{|-sy5SobYTH4H%#Qq$d9-Dulh`#SiU|#N@9Ix+5D{x zJMW#e^&G$!`Ng~i8z|Yiv2_PFKqg#rWqRfswq{3RXH0p1Y-~Ofh71C=yRZQ`PhfJv zqYy_`&Z2C;D}U*>)7$Ho}1vdVz_ z>L=i61ihXk#EWG~zpkF5S^r`A>aDhsosoj>zKkf|zC5R&RT_yB6$QC$Yt9LeyQsHX zh}q=%2Jdpt0oI9bl)ZjRLNPyOWLQIOOO{94*MuSM3}NK)nKaPYm?9A5!TOVXkTyS? z=2BYv1-bWbWr)_OYyWUZQF#%?8YxZ#q7w07qj;LU zCe@%o?v(1PZ}{|Axd&{JjEw2}dfKYy{GclF2>;ib2gjgOVdTF^b^jqANc5MM*vm46 zvbW2Z+-Ok4^tHOC_AmIq(lm+kISv0^w*8CC2A%zJZ~N0f=JmQ0)gk^g8{F zuh+2#;=Y$C&I(udLD$v}kH;-4`Uc!!>tDPc3<>@1&{SUv&paGNke{lHRnR*S&{;p% zrde~gNiL$&lj&pf${3Ta8xfE}_Ra5BivR8vTC%`Jpf-?FZs&k_qB|c^d-k|cPV=Ti zjy72u8k6W*sr0i?S1C`u64kYBr7As?8#`%S^=*8&2BB%cB$G9krmNvU8#Ppki)h3B?9T8K&BM28bSU9CFS*OtBepyyJ3W&)=G*_Pm)QJu?-=2D7#?M# zmF>_I6v$R;w+j8*-_$kH`bF-pW6G(dNL z0eljn3TZ=j)}u;IUKP=R~<$c&Om&?e*UM`DxXSRL%b68F8R@wu7X} zc^{d`pALMHm<>SQ>b$-RKd`EQ&xslv%A7z~WmJKynjkyrN!eYYYE#B%i#v?wP-c|x z*|YzL$TLNhj1W5LL+qXH*m~^Y%WKu`AX>4!OBKt;V-F^R`uW(+MePqVyhIhD5a9YN zo3}?hi*@yrKtw7?I`y-gQ9)Uk0WHvy53dwu|B2TNS34X2IzN2Y9~iD5N<*Xidr!;qP{)2+p^& zwzEgW)|iVPA5JFnLA-$^`kt^oa7$Q$|I}8ZA|(9c&BGhk56@$}WwqW!znuFRZi(Lv zdy5C}@&RMYz68R_y)Zb61iqh1Kr(fNfu~|8hK+PUY$>Xpo%KguHsL`_^Rm#gmVOx< zsGcXfc~VY)jPTzm+yeh6D0n#wJLJ;(0+Y&m z%nS*`JE~VQh@`c8(*M5DRTa)OQVqQQW)nQHNUX|3?lPBLmuYqs2 zb8csI%fA=l9)<7gpcCr(hLD;3@Uy`0^ZOFRW zv+_&rRInZS{M5 znKow!X7IZk%#LWYL0bUy$dCT5{U@QO^r^rnbu6g?FLl>$3td~g^NS+xB3zzj@i&zyI8_Gx zGj)XqZ^O2a<-db?Ega>_MU`!1aXNj%1TYw=i?eBN#?143!~PsUu9;vF1b_IIE52+c z24QN<6$jp408pK;n9=tfn40`}e><^Lt9%3-@ist4#_VxyOBgsY!Ot58i_^w@D#t?*iY>cvF1!*2(XV*TKX~#g2Um_%lLH z!1t(Y@yAyPn0u{&L_aF5y)d=a*Mt=lHT}6|J~`I4OJ zOFu@F^@;15vGNF1K3Bd8kLdo<&51)(1$^qG4Lkl@2pw<90Bb86%Vc_@+PD3R?i3rU zrt3PcmP`V&Nz3e~8q2`{c@yCg+0bz#qw6yJB{rQVdyFaK*vP!gC4}-L7I9Gkl&s($ z#OO9Z;Xa5ODLGwhO`6;}{~j&W4={_o*9mxeOGj-m<8lwF6I=;Sh`rnbR`7X_dqB2W zX@2Hq>sF6XxkZ722)H_zBlhH23^JQtmYbC5x_NoH4APF6=Zfl2ypk5NnuYsE7jwmlLk8;#j>#=GF z1GApJ576y+;jwS61^qHx)43lSSz56a9mac>c}Y>KcbP4(lY|2j->Mrm(Z}q8zPY%! zoUsj+Ov5mS@E(ShAE>m~@It>*FeOy&`)+|k)8celX2xe=7qMqd!v|o|k3`?5;pV6R z=rDcBP?9mGU`aJk?zBR|lFA4;J3%H{o`N7RWfL}u*)rAmqmnzs%um;Q+NXZGj_NDI zGSS7Q%QR=U0O{f0qGwP`YkK!l!;L+TLE+W#RRp_GG(S$GS@)sQ56cI&m?yg3czY=hp~e6xHHy& z0_$au9D^PiOJgI*$@S`+NZ69&+`L-ytd?ZoJCWXBZNB%3fZGQGU)EcIJ+G?8H)Ra#TiQu<(UjuK5?f$9}kNXuyc6IPj zN-G!vK}m159eiEcjr4B;H4+$?Q~p!m@e}r)!(#X*mmTCjT(vAcT#q_)dUu)nau`M4 z91~el?cC zoFwPaqR1NXJE!D~E`lae>3@KcA{!U}RogN3q`rs#N8@l7Ws6RN$Iwl-2kfVp_XB>p zCe;qJxHuYW*@32z!5*()GE$S!h-Xy_DppqFk7F>&a+rK9z=9w6z;3jH z2IE#4--Bx$A*Gh<2!h(Yg}SoGIUl*u_7|Sy^1rLz5-#93n0K$hr56~e4j-#^=yT8$ zt%dANZ*zB7z!I!J=V(q&d`%a$m0Q-lhq$YL+WcgBtrJ5gm{jE9XpX zfyskvb*Azqo?#`dWU~->;NNBm5~@8vuq?HXgL*0HyEY!+#;mTh8yv7-R~wP34{GHS z$PtHI`)#nDE7yF524!{>rsThbPMU5pvrShT!8lsTD`FNYS@q$<$@xNHWPw3{6#)O+ z-_24CMsc)RRdolI-~X|}-yfU$zBv$upUh%{gn)=xAI(*)NHQk;_c#9if&cYMPcMky zpbWBJcP3F(|D^~2sXZ?g4)Gjhg!;d?y{w046nL!f3@GFOZ)5v!Z@xv*^OZxUHO~L< z^YCBVb}iC(fo(0mBh|eBr&;@Z>nR~$@Nc|T$qD~Hfx4|=kb$}{+(XZbe}Bh+SQ-Ij z@K3OJT?Q(DTd@E5nCBS;0*d$91@VdOzc0rBKe?be`v3Oif(ldVT~?e|H8zHb>4j!! zGIRg?=6HXA82B*8+~(&Ay13_s<-rW(?#_md2@Nuu(E6&;0B62vfzXImuW$Avt6t(W zQ}$Bz2!4myB=O@Pe4OM1foXf?sV0!du{K90E7xR-g-{nGetm~!wZty6>k1wys2WMY zHlkJvP&}cxeX0%|cz!&DDLR_M3La=^vYn7M)INsh2>A^g9X)v5Rr|OwBdk-t%ICB` zH@fpC(>=ccG4k4SDoahqM32y_;;|*rg}dtWjP|_%DA(r6R(CoDV?`*LzmAyn&l+P& za8nl^g^#Zq339NqFAn+2zTSQX^V?OMai}X{xJBXHu8)O^PssO(gB-yt0zBoI7^DHl z#tKe!JZSXN*CMrkqVE8m?R$WqnkN-XM`3~C%k2Q(ime}nx^mYS4|3KbZ8^Tz$0cM~ zFIRkQh=nSg+Hiwh4_-bntAInw)y(i4kL zP%Cbvq%AF5Kn1&MXbn!Wu*H;-hpX{(It*Q3bG;DC+};<0vT@c0pJV^*Sj_$L)Q94J zQ_GLZfmnOn%hU|X>h;_LbM0SZHd1DL{%`A$w)sNDB@_?FN=BOq|15jBaGqBtC_S<#qi49^`Pe_jW^MyBwYin1i!%MH z*|=P2=?4H&-N7LjtP6I2|ERY8V&FZmhyuI0DYmm+ty7$e*OQMm=mYR@vz|-=mNzzm z{6hEo!~6k^O?mZc{1o!S*!{PBPs%z|2Qjc;mQ*W)NTb@To$9EJWs}1UeO@7jRxVJg zT#B_6USC3%>I^WEpmn--k}mX&twPM}Q?nMch`yRwJx{kE)p{MW`MBDwM%AjGZ%Y55 zwa27~S+wq*T4~N1@aAi4itN8>vwQ8KYkT?`$P+Z0)gj4!d$J0(9}KF~?CJ7Bo9JQF zS1j3hNzIJJ4lR*oJ)SfRYpqy(<{{!fk))1}}5T;P~PLph(geio$fjoGZG;OM9 zSRub-vbZrc`bX*x(4v$}O#lCIa`>O3S(DX;eIa<*`UFV13$e4}8?n$!gUrko*5OwWRniPF-O>5^H!N1Z4ENDdbS ze0DII`Rgv1d8N8@AYl4fn@L&Ij-vGQmwqw5wVZ1Zm!1{AOKdF)U-qUAZ3@5@a#5DT%gy(TCF#v+B-^BV-ztkL7o2Z+`vI zC8pk;6- z`zVw4{0e}BmU28PGfi7lp{FO2xmp!8>+Y*zZo9we%ed>*@4O&c?LhJ6-rl%YS1H=a z22dbb23U$x30W6tX68XfYO%maL)Vnn^oi*7_TX3kd|4^R>lUO6Xg-TMG%*PSV&`>* z-GgO!tQ-_iL&ljGIWtTquPg*RSi_%wz8PG3EUv=x>s`83b6X2pM8!)Px5rkX>uh01 zbm8yY@sORK1!*j$GI}MSNLT@)E&xrX06~>G{>1ACw(El_^XVC-1wm1m5lItbT99rF z+myH}{TFiYuIIaxgox+PaD7iNFRxiklZ=(Gv*0}-^O<}A#PvfamCL(EF48E#iOlJ> zJ=vzhQGQ3wzcG=l<)`?^o%{9D&X0kBm{r&s_0*l*KQP-a>}$>w4pVu(WT-oNA%4p4 zyqe7qW0=NuvOOOXAMKuM-`=IRVQg@GlkLib{Uw%Ob+XO|=ve}`%^WO(_-o;yGyhxR zhAN945jmr_hH+tyF9yN~R4jB%6S8YM&AqP_;p;v&fe9GIw7YYVKy0MJy%hdzO*scv z7xTbRcjlyx8pM}J-7nYs*kbik=N84ZbbD+byF2mF6GorGSx%M@R|{Ct4123hPIQF3 z;C9%p10AyC*Q<+35TdN?w$gNue?%Gmb%em0M4x9rs%dXHW0ufdEJVIvb4M&>vS6y0 zCRbj_3lw*Ka1jEP|7LP~aAqCOM7vZq+Wr?4bp+?R1x7OUr4Y#88QIe<7F+Z#UExTR zqjhyFSH)wYea~&A@Ou%$=xkc#)nc}RL`&<_&Q&Z`6UXr9{4o|j0?2^6lb!YUgi(eC zbG(9POvzdXs_v;J1q)j_jii(_G9vB%49NE;+dVEK9?$Sa)C<(4)ma5N6^XbMX{*y! zMi@zzvfeGlj%32!h-M0QTgQ_y-H?Wmplt9Q-M%3=ZLH@kFCut1zB@qi0Zw5Vxt_5$ z^4l|2@SP(a0DjS~Bl(X5DS_ufk0?}TXE4?I8)6wow;)TY21vGx&p(MK9tWU$$@wa&+s9EF%jh!;_3`T*8@BkdOYfyv4U`HOG1T#R6vUY@p=qgp&Hm63>V zG+i~xI0jb)m&;|oMXkm$l2QImKaHT_*sl7j0vOiPPf=tcG9c%rw zyoHx^Il=C2s8~oJ4P>B3Y_j-2xlQ6?n-MOQ)a&{+ubyp}t)om&o9&Jz+2VZ6l^oV> zF+%LE`#1{Aq6r*4U$odNnc^^F;8AC4pAqEAJ@yUKvD}t>rFc3n=cO5hDXCvB%udOB zp}iVnymw;!Xx?JmrDPwiw8Q*(xpF#$5S3mFcr4>WaON9W&`Tj~9go8EHQV>*W8Nl) zDxuS9Mk`&~Cd^kN%`kpKFOTa4!~Ky)Y4bryO!K({F|5?%f1cptlaOv|6f89s?kSP& zq-iWLhy9aT67Y+J>Tva)T57{-D{u+C4Qzjl<1(DfDThUhSSXr32~n+fm7EJS)|Ty2Tf#qCGEx;G#9TfrFD;{X3|6U;S!8Mc=o0ustGvFr)NW2yQJP}* zWAj@g>d%R8=!n(`My@KeN3d7i{5PQg2RVwFsl4h{+f;I6A*1sFTU5#S1HZ{ba(fNI z!f3pcrhmpFx(1<{7thXj_RM#yO1YslO^gQxWB~+gjH<7xFe?y2KSyT}Vr??Wc8vnl zHh3-?aXR(*@FKc=?U~2r;Wqvl_4e~hPP>0-#8=2+ZC3}ox?f;rw1xSpPe>%UHw7?z z6zJejsQCw2wQij*quO@t`hJ=p>EYxfSd;-^3bxqBTggLMD<9`;HdL%=?jD8mP_$mz zPD-7Y^I>3Gj$a-w0LvcM!!6k2 zmK`W+amHz}N2_Q6z<;Fh+74DCnJZI+_a>`8l3l`{w}l2Pf2O1*()#YDIPuQ_NLD~s zCmM15v3#38!)fs!oR@~P?y#)drkAf6A3QNZ`O-26%>R{j}MgK;^7o~x=PEdf-Rjh!=j)Dv_#N*f z)Y$`H0FiX3QSI+yRYMF2-;GtiY7e8%9w3O2)q|BdQE{BEsuPr|Sa((5P*z>-!k}7? zMcA0P=!rM37irQrmPk$fu=3*~Yuj|Jr+ck<(tBKZR-4+|nS7d4r=`N8l*v2yORcFF zvNRa+XQd2=>F|82G1jezXi-VETz4uqgj!asK;9h-p4E3M412 zTM^Oxv+!VK2_#~JIxy-31^chd^)ms4=Z;BSu*du>L`pmg!gG`N_#vSFRknsCK%l2_ zzDw$$#6MZ@zuxn64;s{gYXCUJKOc$zk{0s6q-Cac-0)vf;-TxmI`9+&2L7)*sOHyS z((?aOT>U;geQn1tk!*_=A@DB(O`bR+z%U+_{4gh+^lfZnEMo04H82`K0I+>xYq1-h zT;o{p$oKDi&QAw3(bsl}9k};<&ON{C;ST31z6=aqD3(79)g>lyFJ^M|@DPzW)xgJNn4)8VW|b_ITHI z>-?~|o4zkNc_GYFZOyj|88*Ysn8dYw(A5@6`Z(skF*?b=c)BsN=$-l7=JBhP?s}9| z<>Y$?H|MIGufaFmt*RD$N87tHEO$4ZufT=VFjb+X;)7VHybx?DXz;LLY;jeYR+#9_ zyyY>aMB=CZ{2-(J@s{oogYk$A&jY&*eKG!GceTLpiVeR@r3B}cS|{3>so6C%L@YfX z)6CI5lv+8HC;3@K^HFax?{@O3>7jAD(~w^aDePNJe#fCEOXY$+A34+YG|<(}W?=Yc z@#*9aWV%-mFogCD5?fu znS&u>2=s|0Ekz#E2Ul1J~u zBap}Y2?>iG6lYQqYI-;e3vbvj;i5J{+v%yYsK-WvO6z_rWQhIo8?t{?RcI8+Yigl7 zo>_CmLV*^d(M^B!J-6wG5#xWDnkSe#rwjN(YG-c zGrq@um*D_=@-D!?%S(G^7sx+_`!*R|@Le`tuFH=6ezIORJ@S$pW^396?py?Sd#0bo zY@sme^7WRK6B$&%d&QY^ukdW?m#x`{M%l_)2q>`&8P_zwN_y=K@n1b4Bh_YgwCy{Kc%p4H$?lu>rMO@uEV8527>Sd zam7f!gFio?>rrm$DWq|W(aml6{GpBP3uGp4-Qo(e9MK?5TzW#!T;$8f@lFX8fztF| zD}AichjBkKLh>QGw;LV0zizmZEFe3{S-s`+LyiyzLAiGs^^x!843q|ymzoCHp@}H} z?_2-_7J1;A3-4dZ+Xm~BG8LNwwORj4NayrhR(*iykHj`cn6W1T~wRYKF zHL1g87^*^TELsPid$r{JK#F5E(pjxXplKi+ z(2ddQ>LNu}AzTf)*6^17j$fdvYm^;!Wm7e10(}n+we=pyc!fU#M^3FIG}~}~IG5!Q zl7&)JGLS47mR`uOdZYMrLONj3-O&B6Kl7`Qo^8;j!awFnipPnvn&oA5xsZ+rR6*mf zN)}QHY&2+ZyqY-=LH*5GZR%o*d(1ydo~?Ib+@0iWfe9)=thc-QaWBdmg2*&WP40Bh zvby1!1aKwhdLUeHovc-_Hv#$4tSRw>r`Z0zm8Ec>uD9he6NmWKcrZ4PA*6x#W^cQ zVKQk$K`l=88Izx|NTN9sF?+gSI3J$}jGOK>d|j?SeZ8_mtIvGSfB_*#``%{p63gg}iaxhRg4*j1$Ho)bj*- zW|u@h+U=215tUsRx4e%P1Ym~ainMP%HA}x~@I`YcbHKWm@HT*R{sFL;A+K*R_m!yu zxndIrJNM0BEfb$Ig>3+|u>k=M$}k2GGuCo|jIFU_HZB-gmf6I^XBAOCU?`Fm<&Ikp z&>YAnHcQ%!a(7J<{d_(!wG+a)WWv#+H1jHT;*jB`+fGfY<1OCEW%JPyq=%aPwmv{B zoiUcdVFo8bNpidE3FJ(kFh5+OC{T^AIKobR=;lHt7*o$?Q9+b{v7&{0{FMoQ_Z&pv zPJxAZb=H_L7pJeM=i5U%l|6o`H*|3>Tyj4)vBe5*hYp1L!L%d1WGA4%ea<=*yW zpX&k749J0Q6L@OXMnu%)4+3%S>Emb1L@PFDeWslgYI9{($8u;p8{2&=rn^o!A@lGh zr87<`z|Jxb_6YqDtJ3=}3FNni`TWVMDV`L8;BRV(>A)nWwG(L{=MsD8wxj-vkIiTb!E&W~9Xv&U)iI3pT z1mK(P##9EZg5H}y_jhsm4WE>)$@IK^*3u54#dCY`Tl&VDGy*Njj{DB z^u_P7`NZ@zWnJ->_Cd^xju%ro$mhp?iceLV;l2dGGj4+L?N~%yrgY%8uViOCr|t0R zaes33xRh;Q()p_Im>%!DIeZu>R0Qxz+3o(KI!^37)$$pq;g%7Uji8(UnEjg*!LaHv z9sk+EG%O1pGR#fqRmk#sd~K!m7-&4~Mk{)6$GUP;T32`JDCpt3D|Lg}{0sU=JJvV~ zUqbBBJ1F2iUERREuwlC98jw62CIo=>VDsZ%id%d}44-6>de+UNQ`q5wt}5#d`$dT* zH&iS^Mg?@!PW&q&W9XT~P`5XKg3gr{yiM+o_8=Db->U5o9UVU>m&&K{9jG6qNXF{W z;4n;tU?HyRt2d!@?ajY}C;Yh)&CS8374GB;$jEIVQQdQP_3~<6NPBJw(}165Vmd8B z{#4P9ggzRscFu-UQ0)J#d(D!i)9=vOqi?K@U#dE(D7(P*QG6yVzNr5{R{G_5hd$-d0qH$8SohdvX|Mx1O6uC6x>2?z1kc%tB+Xq%=m=?6Kf_b;H*36Q z`%9iD!gv$p^!sxL3`i>26R=b7~@+gMI8Q zENvis1Ek?}zcsRNKP&`qU7ol@$l%V=IPoenh;_DvPp`p{iLX8?R|M0Yry)zGi`19d ztW?-|&qs3#{mmKdZuNb_(vxcOn%ScCIx!sL*+4F$XEy*93?^u{0% z7R5dX3|a}or&1$|(~iX@*R8X}KVU{e2wn3wWkGzx#o~=l+1rfbd0gKuwWnOcKNt^p zMjf_wJ3#QnIut&2qub(pCBuy2@mjA)6LrR{T2pb;jut3VO8q1B`E7sX#nX%I4PNP3 zIVrgJ+30}3igph5ZDhGf<$EuKq$2&xuadg4vAz!Yp3x>@HB9_0RD$>sYB>*_GU23} zD#=!55g*u<0L(>Q5=|Y|sLibS?6g@qDaR@y$44`%_Dik$ak5Snw+;)KdhS(`aKFQ- z`DQ~q0Ui&l-d-1bqGFR>sLE1Cj1#P}2RUe%`~;u`r@M2SR{=^ z^T2tJcKuv2Rld%nHM>VMgimgC@f!?QcU-`opJ_Y>!*a^DauSTpwL%XW`MXXofc7Na zCo#p%_2Z4*>=BDef>O{(?UgNoMCF!rDE5vN2D2AGbJVjE^N~ryGaQ0`1?+0nc-kwt zTZL6X0}!J8t3`mI@z<5RonK7%(zkM6K-x*(UMgnZ0w?DhC3$`HC!m_s&AD@12TEjt zHmqctSHXXm3mF%Y z6+7FYY_Tj&p+tqz^%029nfN_?MC&E-f=-APNMzVR=8}-1wlqwi&ifdMGyzMAD9^ zWD7@pCtm&r8HW%MF!KpeUJ3h6W*tE5T^Wzfq0g!cS|%$x_{D)P|3m}1bn(?_iRN6> z7iPQEpE!Pc9i|Kkpa5B?2%m?PDao6$OxFYpLtdVgbZob`t<9NV)=#xM+_Qi`XW>RA z1ZKIn%lEf%a~wYIdyMIS1A`ttAwD#adt#KEU1z`B>SBgE#he>#Z&9ipDJZS)x~>F2 z?g?^w13lr+Zq$mxo6)PlB{|M}?>aMysYP%66XU=0ezd-rRIhrF$!McZKA~a1S;55% ztQA->f>?RV$hc$Y>Mx4`ZW#o5BzpxD!*ahu?xuMI77>k2O`J%2y4qAx4)J z0b^v6VX1mQzaR!mf=Uw#vh1-RwM$^Dz93>?t45VGI-l`iD8o+`*^u#`94?-p*}XO+ z7FcN`!WhMn*k$j}Y(*`#4I(d|^L4+tl3|p}LGmNxM^Nl39_t&gp|Mb^3d;|gANP;k z1aF@^NsmHUiyQo$jUTx#SbIHtm?Pd6cNvfWBy@J1L62QnN&->eW*U$9WaO zW5)CWev}owF^8D?U}p6XW8K|f=l6?DOSgSKcoe5TU@sk|)ACS12McSpvt@{IFw9^I zwSK=VkY{MAXf2g#E=c6cTmgs-N3WGRzhXA1#PgZP|1+ z4oN!HcfoPV>_F=+!4!H^Imh|4_T2(S$K0lYUOSMmGqbz)5@(lA9@UyxEX(3ep?E}@ zR${V4vqq0RI-@hp#ctrMazA)`NX$2@`fSVmwCu&#t#&((37zHuj@arU7bgEFw(u_7X2 z7+%_$sK3r&VMICf1ts!Mr_^q93CQDiN3`%Hne+XH4`-pefm&9SWqBFR=zVC@;rb#C z9oss516aL{nah)+nyLN5u!fYlV%uu4H{En6dpKKwrSJ(u zX>NNep6KySoi^B7E%4WVcmuW58}lrMgi&8dJN!iujqT$cW?*}a*!!=9>FkH1x&A`h z2z)B6J6wMs;g==XQ_(v5e7BB*A5uQ_xs$$pcVTWGqDV{LC#2SwQ~D!PFJzcBcdPe~ zfCvs!fmS;+S)Aa=_rrC^HzYZXJdf7=(Wf$<=1y7bki~tkrt896Ad6`BOv2`B1LbO} zs{ACy8?T++flb-N5FVPL6@@sv(6_=^qeIy&YKTyA6{K5Py4IK52C+M4$h z*2$+&TNA$py7Dz!prJ2PL+KTfNNnZ{4!Lt^#&*^>AMfiq(Fv&NS2eQZT`A^WhPxwF zRTp#92buep;)N_YTrftAf`7JRR~ybN5%Aw2-&YdRzxNg_&DZFpSH16BD4FdB7wo~4 zK0omi01tx%W#M~Wn=#0vziJhpmnOykSt0Tc5##IN1t zuiih%+_jOrx87=hu8A|rC{#$WO_%+8CQ{hf)#avRSYn&;1Xan+rnG;K?jWpYy@du9 z@E}dnW|}Lzh}3Cc$?;tl!2#wTwzn2Npa36tuTSviYQqOc7sH0)XwF0ymWDG8SqHU56Pw%YBp6#C>1e!U5LFfA3SKccjp z98bVyKYvoS`Lin!MZLxeMtQ9Qn#%pt!W*9zqv}X}xd1mRr&i36$xGiaQUNvnCY+h; zL%Gvqe!RWH7=bk#%t>M%A6Li$A`fbQu^OA}sYC`Dt)vI#tQ2D~X&DS35Yb{<2_d4M z>=f63eIP4?*_CF2cbOm33TgdYxoG{CMg^XA`kl}eI6$lQ3L&J?qlCVqUkqmF`GqsN zV?7j08jFmUM`1PHCQ1RbGsMCKxvs3(R_T0JfXBh~_P6#(zf@;%Mn0#s}$HSJ(E&*1|X`pHZ zvfg3L6YI4Y?*}2_@*|n5lNhV@QFxM1x=px>`^_rLdGHod$x9^h-<28I38kJUoEu5_Sp{qR;L*e z{d#>*cmDWp4$naI_S9whA(JI|0rEw7xQGMUu}GCG-zh6pIB})Za3&ky;&X<{@ttxe z@^5w#Z=K|qv5e#4>$Z-A@q~G@DGQM-&JFl%K}A)J8fL-EC>AvqL&oJ1E6B81@f5M-{1dk#Jg4_`(WD+8@vr(5T{E@`G5;UhqhThO;qq}CX=TrOgECcbey ziO&Z~cijt}J@S2K1QgtR-4RKZ`stuDUkcDh_13g#EYApsnwdp%{B9h`4X^$K5g9w_ zu+b*9!<5#Ju%{Xg#_ZN ztQsA8GZXf7Zi&J>)(d}D+Vj?3OcN{&R6pLFlF+8lp&$4s85n*19x0nT_`rQ`F}Wvr zRiK~RaY=^Cvsn4EH-GRVHjraBpozdy;hkp>$ zWAUVq@z}w;UoQ_eD(RRK_SA19>n=YUl(-!+%M}jUvx>>TGXkr954{}ZkdXFEftY+OX-YFh z0Wd;ZJ+Vm<^Je}KsLi`z*{o8k5mjmYts@!@kM}e9 zoi-)0=`;jt8umxuj~_Y+d!070lu3NH#T3v>7>eVlbe9&JOk-_#aEjCs@E5pJGqvjb z6D<_mt2oz10_X{#F8{OuNJVd{G^ z@~1cJ9>=w=IQy7)abBNQBMQFj704lP(&F_=ELY9R@!7y_z)b5TW}g>mM9mjUG;7$t$L zF@qbd+L1cYn4RBXv|=xr(-dmJBM%Bc|4fQDLjUkJq2!+J^4VNrUV~Qv2P@uJx#LAn9*Q%cib|h&-^IB*(F2BwZwS)iWH)IRUD&ruiv&Lq zS3OHBMPn$X7o!sJ7L--{-ekuPhAs9MTx_Knt-gM!_z}9!&q7H!?|#L^B0@P3qVNAA z+{Qu`a5u`Ul&P&fYVTkd>ro&fl*M)oBvf=?TwHSesL}_)F8ZMySkA=-8XTre0$OgS z*&wG}MJI>_>HI@o3sx2C%@C$etkAgqa&bbQbM4}bxjNN4I+e|92sfj%CfvpZ754B; zokmark|dC9dF#>TB=tHDsqN-{GEY)1sXcz@4%>WuAs zamnG)w8}iY$b+S?yL3p8EYF6uXTXs?-yT5wM80eu2SZ~W(PiB435UL%DDXu)CP%nLr)Fd)UT4-qGB5im7+H-P21cwL2-X-5R8B>NZx0hoG*TXQ zb`sNj`1K9varE1*Wvg-m{rFP6eV^xr4xU-&4o{rBR1`n;+LvjfV~+2pr{aS_$oilx zOGa6bNL7O^kdktu^ATQ*-)wXQkn9YT?8D&@yCySWe%2ar(4NVQq?FyUu~=<)>xvF{ zcmEDh)h~V=qb}@NlkF-WX9#ytO!=xq=HF;=`JBqgID*vrQ`)wO1yMoL@<#?dKWDRk zU+DSQ`0f`5%!G9l0gXZ%ubfQv?5rqqsc|d$7H4v`-(R-7%N=03>QGIhU!(0(8*`0H z*4t;i<7Wq#0aUt|g0fQg9)afVs@W0IWYCAtgjr=F^k<1W2en@xy$)p%P`bNcqsgjl ztYPMDpdIbS5GPfVtE|8Jw?Op>t}bOwez4?mot$L+ak!Lh62DtKa7pH~nl1DONH}>o z8=ygKh;v-hid@B{Ny7BOqSs~!i>GD_6HbecofbZyv#>J+av{QX`|K+L1(u4MYX{_x zX4o?oHjo)ydYb!5i*ayLv4uOEb!?Mt4C3OLU(w%=p$bNY`na=gwg}9wk3HV=s03o5 z{s%69B9HlBZk6%L6Ym|rP-5Kz**Tb%p-9knFnG1<5^w=;I4*q-B$lHMiXddgbAU8? znkNaGy#onN(rZ^*S35PhmGt5vBj-V~WL-SyI0hA)70NAFDP+IW5VhUu&Wd;GpuTwej#AXPYL} zaBM#b9q9B=*o8+NeP)tnatz{B?f;QRhHqYX9y0Oduo-noUh8wieyYa)Nj2k(-U$?? zau}jV^f#gTUj_vQgRXgjtQcm{$B3vb;I3ZE=G+SO>og1I?_Q5Dv{GDH{t(+eTZhL~ z-AEuddVca{T(T>V@GUC__P}VNR^4KvD(~6Z8*~%Nxkh98bt&jZ$cW-nxALnrK5<*E z50h~@Pvn=I*P@e4LbzRap~K!z+btCW@48Abmii2N)X!np=gjV+8Feyv!I$kr7G%Mr z@fk^+lMc)f0O2h0J%C)j6cdg}$ksx?B4f!bnZ$wY5fvsN8&=?Vgnr6wY7M2!iZ_kB zL5ZxgNQ{^f2t7=qFL+2^hSlUc?VHE+0dq>*J2hsHUTRvD&rtoic}`^Dx=oJUIB?I3 zZ~z+tu_GjTJNa&8W2ECfcoL7>XnO^sD~!&G79sug?Qp7`nMRCrGFT4AMbr+-pu&g( z#Zz6XY4-39YYky>zONm zMo)*&eVKq!^SA~D+puGAhEMG0`W)*)xNPEJN77+;6ZndbPT)nUsWJnX+nP%pn}2}9 zGIF~~k7YZ&&U>}+?U@xA6>UnPD6&)uNx5{&n3Y8@urUY+Vh&)lQy9)w;MmAKUrjXd zXGDJuPd1W(7ayjrAi^j7dfaN1MAp8m&2jO)B;9zQK*=htd(1a6=S(S;_LP8e>!l6H znH^*FBGAwp^X$w_)M_}D+hO;<=RCv=#5y(uDS6CTG$N?=wVU2Pv(d{h3pmOI1oADR zbfmgG-T7IiMe?IWZsVXLn0E_` zs5@hpmcmI#dW2P<8i%TWTkLfk@)IF%pEv;6`Sf|z!wipV zbn3q3#KqTMQ+t`tYx3Zvc471b8HZ<`jhr*Nt+(ZEIh2VX+hDEuz!t?Shwo$ZXZX}2 zZ|%WmlI`@v|5j%d@b=qG#A9~0pIy@Xls+(Uj^Qt)iXvLTuQLiy$q zug2Yn(w_T~^2Uvrm!{Xjoz)8Hun5WmocT9|cBoC@S=E+B*SMfjDpVQjQ@)93J_l~f zejJ0ESZ5Pe&1+F29k}YoV9y-$-nYKlfQP-izj*u)H9q%4gZ4!5njD<_H{Uj+f=m~l z2sF4kL;`{l<)~wtm-#p){XPo14jx~ZQ>f|NLc+45Fo>mWn3+}6GMOq3XGcj3Gqt7x zo#&k~B?e6eX5|vb$*Ro?aIj97X)#7(D_cjXHpD=I$Lno^wopl5BYo`CWhSC#WkG*Y z)A@B=B5CfO%t(B3VPF5?YV!KS4mN;a<(=PSP=9~AuxQ4Ce3fSZS5kURT) zNA^A^Ik~^@{r=3eW<9;Ss;jEIs`_nNo_nCdlcf7+VB)@J;jv zVd3049_)aAia!L4GkLu?lYd@;HSH^HlHG2Y+F~t|isngg-=pU8h3a_Ilxu0RG#^ae z>q+tEg^5$ZB6U`Gp+48q$%7HmkasdRVWvqere4{gx#v#I#l<#HinW&RvmOGWC)Ml> zgdQkcBLKa3p!INpo=Mq7Ido>dYdWdlbiwd!YkN7|WIG7k^mYR%_@ zjy*0Xy!b|%gWna%HY~R3UuemEXvHAnv_j|XEih(vWfBWVYs*-diRs#I@ig_wIc%Bx z(W4xoF|*KM-_eC%dUQ(k#kH@>5BWmtHmu(3{5 zP434pRno*`!j!(7e&`I}Pz6!&E0rla;%MT7oUuve)_5<4F;E88iAG5B@kx};4a^k~ zvb-2WF{CW@4+G`vs%Uc6B1Rx6aR|$9udq}t7uvJF5d;KWe@j-{Z&R`$c6DUnK~u-5 zv@M;fFwJ(4dS6IS6g-w$3!Y%j_)b5H?@PNjp>|RJHNRKEHg-?6TIYde^X>3e(x<#c zB{37Y$8oO#%;}q7O&*;kg?R`k^}kCBqV#@FQR*cLnkt}AR+1an+R4bgNM{SFU~4j7 zfDxp2gh8e39 zEUBcJ*&!;0ADZ1EbNYx<=yE4_=H3VuOMsgXIgV1lySq1m5V?YlHge>>c^CIt{0siq z{m6hLl%^&T(1+^n)Ga8Pk+W1bT|<5K;n?oWG|oqC&qqZO9~&+A5IuuS^<%IH9fGUg z0ClR?6-`umPC}E*jsKZ%^Uit_kj7K7t7j_~Ld`8il7n9y=4_AW20yH%BWBn6=!iyJ zyh&WsRt|gyl7|96G?Rmi{GaUw#m3%u!|xHaa6Kd-CdvSva1*^__5i&bZr-i^6sbA= z#XdxEDprJFrAmjxg|&tG$8bq~-D`w$M~uG(GZw?$);1sSt5W36KF`>76QlJh^- z8ewfcwp$l+C?ZT0j`OTKvS;Cwz0<^#V5j`zdOiwHjVFGNU^fp8;IDk7ZKOCw9jIHJ zLvwR3VB?wcHBi*V{t!qGj~)*7BdzEw!6g>quH|w|Rx5@|aIM&8KBuhnHR3I{)(&gs z&_>b>?(g665;!Len64DqF)&NAQl7y^5n);`${dzr5{j?TnmgY-6TwV=1~RR-%MXeo zR$cuhY1q~DBsT7Du7*r|D)&cy9OKrgeAO(W^tC5Swq@-Ze_C2Et*6UPjm@J89*Eh* zXkow)KLn4vvGy3Q z;sX5qa`F8TP}~I47CgaO(w?tqv1n|$s@{(>`OE6{wm6(iIi$xusK6CImEVZQh$6ZV5uez0^TUU1F6=$pr&?zee<)b)yf7m{IU z(V&uBO6RbXAS2K2mcTLX><==M0UZ@O4Z4f{D1Yq2m(lcmzm5Gh0!&NX;J6)m;P~R5 zz}6c-e^#28pM8sZjS;cO=eL$Gkxr~_OAOCsnWP%Fb2);@h;0sW-&NVOQkOX=FGOW1 zM(hDA@r&LdnAhs8_T4(!dLPY`cc=IBQri4Dp|iJ@BqUOM3;CnUxUX5kN1u&(mkHIq+FAma4iU12?Q9CZirf# z?H}g3dYU*ZnXuG+*j~wL5rDd%of>oZOQTg@b5n1R+y+*Hf`h|oJS&a37wzTdc#k@mgd?1R5)K;}T?O5Hon>Nkmmo;F~2#R{*{#;plZ%7vq5lZu%|) z@1SE1#DE`3PCuG(qbzJei_ZM>X~{ok{l;;Ls^FI)ug$V~-OaU-c?C}Vu<*Pz_Lhen zdQa@fwrtuxVV*c393y5Zl((4)-ds0i+lJkTgbYaTrz&WhEW$nf#JpFb)JgC2hC2*! zj>W*xh3-z})|k&&9i=4}!>kRpq^a9^y76K7;p~@Iy~4IE{g?@Qy;&^9`4jq`udxn^ z5(x!mHb*YzP=5czMc9f417}j=JdGzx_bbRmVM}k<<#arx7NQR2%FwVr`s-^C6VkPE$ETl zaQR6a$C~>Es*TvJe6h&0<2|Zj-62#SRpgqbUQ(Mpt`@5Vg$SZuv=D~l5@9=cjiM)+ z#M~YC?P4|rHx$i&660^aJ;l8wKoXeVH0@z%{@+XJq+K%9DI)4QhOMfTx$%i zYR55nAr~GJ>FbM!a``c(u_jn#Aep924nZ|@wQuq*9T+=lI^ZqW6Lvb7*E|*p6nhwop zaS0}*8ftMKcBo(4ZHv9)4vk2=&DE|4KgH+|2B1tw=!A-3%9unRBojOnbkV+*+tcV4 zb$+SeT@J(}_0HUIJH8xwe~hN~I$8qi-fZN9I6L6wJN3iJXXVQ zS}@L%cnnE@{ALQKz~$+;z0xvv!n!2s82?pqj!|Hz9#jAH$C04hi^Y;2PTRI8FA0)Q zhzkaAhzb3;>89FVZN99#21&CPuM`b7t~X5?3=EXbnrj4KK(UsV7U@%S*3(blW)+fB zgKp|q%lTBt3WRn5z*wAeQFni-cQTx$epjI`PRLG~KXi5HQMtQVnX(|4`pc4DYH|C4 zoy7cXVaM-n)87xuR=@ISBAcEAYKJetkFY+r4oGfPahPY* z*dC9?HKrZ`-C{m#Qb3IEK1Bm3Me|4M=-}^5ZYr8oe1$l_$)oY5F=5G;yqs~V@fy;* z;jz6)FCG)W(5YMksNQ+>Mp0+m**0Y%UxcU4T z_SR**R)(#*l&)sM_aZ#IhG~COT)p&Ua-k+8oH(|G9Ij?$vMl|; zzI{SCS}RcCm{A^2k^1m}p+zn`qc&+n8Icit6>8>18@d!AmBk(eVE6(d_wn0DSgF{3 zPK{r!m}A72b?79t<0u6=oh=t5GskTnoep~TWG^WXt)#dlEaBEmY^S2CK5rz-^-6#9 zMn*xTgK!WN@Het$Zh!(L_l@rdmqNNT2sfx~uVvNc^X=Y*Y-QAfs#vCHFHAKux^J zB)!p_qt<7m$EQVd>jwg%k(IUdSzDpm3mlixTdom?lAjM3;On@*+q%g;BQZ~<_IG{% zen@HPxgdJ04nUJcwG?)AL)+tW86YZbpBk&^m(poG6SRqunzS59thdDi-9Fxiyxr(i zy5iP*Ntex+v~xLEAI}CxDU0%djn-OF$9t26Of|{bJKu_FMo&jThDWGgJm322UUY<2g zGn%a`-^^z(z{L$!-$`4ENxLe`YK7G`Fj-}^AnS$}otLLtoT{9W#8>>1f^Sv_NO<+; zu`s_}fYG@6$D_+cTTiH<+<9u$ezeK)SomB06VYBDB{0)glp zE)>}kVx%&dm9Ekpsn&^s5`NUS>b9HSUWXt{%VqrbxC3N#Vw|kAXf}uf_<#=|HrUBQ zTN{QZ@bwwaU3fFhJ3R9e#&sw2A{5&-V#y8V;WlYDK@R7;L?pZ}zf7+Qly~i)KSYIn zR?fM=H{Hs((0+vYIQund;p-O?_IGWsE@r2nS`O~*4Y?hhGs5N*s;jcHc$#%a8|F@= z`3Fa9+G}eH@6Y%ZBudI&-1V~EGBG7N#D48g8ksF_ba9VpS#VV!A^QrwTfC4}{`}3` z_oM;K#WMitWIfe8XX*D!TBD-u2^Oz-NlnWVU%9-hblLJ&f7Rp=Q)@M2?AGkkHPMgO z&bfC~GTV|I?d_x9t8=cqE1g8W)g-Zx7I~O8n#C<@F~WI2EwEs$<`xY|hZTHJ zZB@e$xjINJBoDvtXK-+E7!K;S(~3)Nno;go{xlL0Y=iE*LUr|Rs&CNxgOqJR;5+W6Krh3v|6T;UMyi7)(;NXTc zr)cvk?pn^ob}|@PRC9pP8mmmwbFEr&UseyfI422QS%1B{-7O~b2%a&or0?3`Up95M z>CNGbb>Bq0Rm8!!tmKYUL%?1Y*vYlqaLbd=Yu_NOig2>-g5K!&-<#ykc%q1`lP8_3 zXbOUmuA3N6jlR}ka%@(?mXv%{-PxuVH0>^!8-llj{-1UbMA-&5$`csQHkqD0b~xJt+bfgzWxQTXQ_f>rL4SnuOnEsdn*^j04A&%V_a z^LrQhU+X+Q$zniRQ@zjyvgxyM9>(2gLJuAyV*St0@)hcgcDGwtFDhnZ!QCwk!uwt% z-cqYI)7K4iC$`>uZ!cEV%Ih?kCr-|bY53*Fj_0T(jv!GPIZBh04yw2T<7Lp&mFYLr zbxF(8xQ6Zf9{2PqQa|Gf-r=fxAb(6>%DZ=}pgyy8)0E?I`Jx*JK(VBl*6eZh(q6gH z?7##7Oq3JT!7R_Kn)p<9qvKPF9I^;`?}@mk3G3SE`L5K&x;}vcI!|UOfzDKrAS6(> z6Agh0NKtbLsf#X(b%~vwDDa1#UwGwPt+Jq=wx&a$=9(_Oh(oDRXFfys;O^{2dzvUq z69!W9ugTq16!{|4@Jgc6tfQ`dYDs$9!_aJ{!X>f!Q>kaaj-qHq9_Pb+ySZ|UG)sT( z{Bw=g0;yCt9|@yc5+WEts##!}$-$#KVgOK-K16-#b$rR_vd=^FdRqG0c@Oi1?VZRV zu6?Hz`5n(9k5{#=aAo`gw;{KW(n&Aj@%>j_&J$@n$0T+`9ZEBAdJUXXAq4raVy6!9=>t?qsQ_9iT`_ zU0tz$XS`esc(AVT$Kx=yn-*SP?>uGDg*ms>RNLgapQWlAJvoTPvc0i=3#>iOuior? zoz==7d(m*wENGhUSbeQLi0m}kP6bddH)iBcOyaF6Q!n+6dlW;d%744CxwHsF;z`gY zuC1QvVpyH{zCr|`QB}jJ1(|eS@1Jn)&#y(57v6qLO%D_IRPG$1Q@&V#Z;RScjQ*5h zJ3#0Afc>>7dKTENS>NSsrzo~9zu$Ernr6xYL$-gi#R9ywZeI zW({jxBm_@BE1WWmPBdyD_~d%KX;q!S-3Wx;5}VeRw`kKOPi6}i0iMQgM^@y!ubvD% zBki-BNI2xppC6y2O=0r2)Zr@>4W4=Qvt0LvDu4yCaLM@ZI)32n4hh;a^qYpz#K6W(LD4Bz(Vwdj& zGEyd*K+YbE<$+UER{1vxN?UUhB9q#L{-33Ne{ zGF9;Wd06|W?;@`a=|{grxG3j-V5EA|TyQ&IyZzZKze44p5VBO| z5VCu%r|L%6 z#$Ac(=qwXMFHFb#`Ju zgeLX4k1EnhHf6deMD8}Y2wKc~O+^dlEZts-=d{3J>>bg&NsRl&tu_ne1k)|sk0u@6 zzt=N!oYYDx`;6lrWITIRD9QlTSv|SpZgsCw(GF=E+uSJcBbF%L*G#98jcA?)w~mWA z*v+4xgbvm(DyG-v))t^WeN5r~0O9XHM;(YHL*yhiUN(HI!s6)LXCG^1C1Y7)ST_2~ zP|K8+f~P{GyBBm_?yIh=f$$TR(*!h|v`fb8leB4Ch|WFb80x+Wr+JP_Gy3?TqGPJ2 z-=mYx)=PTPFVGTzRI7B?L1XHR0<~KD;xc1}42=%6Ol_Lx(q$bvbomB(2Zcb2;YItE zITo+axg+Y7X)le2kfvX`(x^UTH=mcXYBGiS=RxjVb}qW#?DOyEMXR3_=_YBr!m3f+ zIzEH zsHN|u%sBSPks!pj60tz|W^tuT$3;NdS*Jf+Qf3VE;hgWC`pw`hARnTTb`CQhj?h53 z%0Y2p=yv2W#N>1T{X`6}WCBgCDThg(6VK$NQ)rQifir7~#wR!5E^V-{;mKb2oXc{& zWjyarRPI3fdn(#|(OypY!HE+t2igknAB`CA1dIWj9E(OY>rMQo2hxAw6(*&+@+;H( z?te8M)NbbtH=c`^px&yJ$z#-3s;g{dS?|jms7}n+fFY0V6M1|&5-PdTk9Ij9p(W+< z=s!D`&1mW#C=ktCGIiF0kv$(1Bc)E63Lm^1n}zrr@BBb-aGwu}Pt5wxjpC#l-jkD6 zSv?Zp)Vv`xRxCX|LP;t8QnZY;g&4P{4}t9En(HH zBpGj(7+k?Kgct<`SQQ6LoSOcC;Fu#6Gdl*SqPMJBi4Y;`k z5H;6Id%0NDAfMv(+KS*A-xSn_N{ig-N+e#ycUi%DH+B4m(q_F2gch%y~1nDY`D<-DCV=Y3&3n*z*uw1%Z}w zK2Fh`@T=>(!_LmACHeVhFhItx+U@x1ahiuzYAo58VCwrq!lx>`GwOqGOTy|WxGE)L z7850+>st|enPFDk=aIWUKs`T1IpV=*ugFxjTZPTo^v;xB_WAOQsIk)c9K`VGbhP#% zd$}y?2a5}}2GC5b+k*Y%B6x-nXS`MyUwcxL@^%tH4tPq|Y5PmsE|90{xhx;?qSP&%a zGuFqeyo~F@e`@1jYWtt8k3!%nSI=gL0>?knz+V-2u0cS2oL2I>{x|BtDnojV)w8>i zVg2W*;3rJ-X*@*u0-B0i_+6`~;e=NmPUX3N!(wX5gNGePyAqbaA>3sKCw$!C@`mI$ z+5@S0!;KXBit{&we^kQ>J1_F#V*EtFf0Cz<5uK3t(X4AE@oxwp1KYT@t%e_@5g%f;0(g7p{NQZRSDIYdCj_VLcyT=c>t3F$YY@y(&PN%!C zRRby$Squ4RfcRHa5JAPFSWEF1qQv@+Mn|NRn@2MU-ow$^NqRnT%yuVNDW~^6$c)rF zsOb6j&)c;u`WTDC{n-G?BcDzBqs%n!%eoyt8TC}dwB8sW3mY6~qWiqr*OobwBn38- zB>Nv2erj$X%;83cqYIA zHi{9*K-C}08J|A+c}xCT&xa5M5Ia#^jj=?GjMIG2{#hw$11@%MF_k2pKK49Dh(rpB z`FO=&<@l2U0i?2AkNkKL?MB<+fbQ^{YYa5b$~)1ERg;v(d7(B&^pBSMbkSPx94_r# zc527m82Wh@C)1RxM7jQ|j~{FQQRS+~J`DweBO?}>E#O|7tgPFtW^2twN3`yh>iJFg zWV$E;dr9*Ah=ZQ$txRR^wr#1asUoe+p5x_oLC1RY#~?#`wVX%2AlkPJ>Vy^RfS88i z$*XE2+sgg;+p=(c2#a&X(z6WCv)&1A+L_E0Nh+s6E8J+5U-T_!Qy*tMil#cZgr4}| z@+3#H35WZSIU_(J8D5X{1N7h-<+qf4^1-ifvIX%=r;hDZ@ksD>D;LMOOKL2&^|YKk zcQw(8PvdGx`7$W#Y24ZsP3LkOfzxk3R$@MVJd-4(c0}c|R9?xE+*-0=V73cQoL$GV z*W#U~A3Fj~nb=M1u+=HqxakM#dvvlpuc_ti%AbEldc1j4R_O_}QKYerRcVd|#B^|r z^g5MHrnPz&;3b6_Umua#%2s8ux2hd_?*_9Q-XJ>U!-yVsaCx$P2>W?YIo6<9LVWDe z<5kQlRw^GE%?)S<^5@uMOyqV;v26^FH0<4lBTu-~0Bz4-m#{mptH)SONZdBADKE!l zU7Ow5r(mGPNDYM0suX6hmq0QCO^>G@bLY@z8(K8bc#O;M&sP8;7l+04bkl{Ad1m&h zLlhsa5MCR)TcTs&@16OIIWQ1w-3FAVuxDGCF(i)4HEPf+9)FU^tYy}x!?J~W-@NaP z8F7T#X`BcOb`z1D4J`t_ZkGnn@I!(S&qot=N!hHI*lr=`8`n)k!L(y`MLWW*o?}Z7 z={X}r=J5PxA7Bd z?Buiry<`gDrzp)c>!%?YscKfKG&uxkay)=%)2_`1jtoTQI;veH^iZsO&1(HjmMZS-(ALW2*H6Bwi$)kMJ>2jXzikK5uE+A9!jE!0`FG8Xq?~ z`#9rJNUN3>A;(rCSxafCql4?rN)K5UAKwB~sjZ(odwgYAI9H*vz;@f%HIMb0Hej-Q zcVX#0dM_K#J`8BZqM;Qsp2~I&^!CT|yWay+0G2+DKM~w-B+55s79huu4u;(na~v=p z!+acLSNx_yWM#9#Q`>#BgQ#}0g(P2x-ga0t7I|(DjqMY=!m74yI3)(Btft{Pi!F2r zo}`%;DuKcVHeC*9ZT-cZ6vDUT&R`wfJgl2WGB<9`BbQ5&QWf^JTFnL5>Y3!!B?5 zCgiku?7=xwEmQg=38ONA*CJ$$cEf4V-Zt!rr_b6?5;@1BtwJ%<8uBSnoD4>^)T$G! zRA3D`xRdvw$e9zqzJx5V$&N`4hl3qbDk*r*OFIq7%8bG9!V*bSd?&JToE9t>XXYgwSNo<#L zSOZ}X2%AFsN9yz|tqe2Xp|A6CtRjc_?q-b+0)Rl}v0d6`4Pgj0DbEVX3BLA|QLa^C z0MMz*OXz9Ggv$=2A)HgmFYgPunhf_|=N-lk+;{U9slF+JOd<*h-(2kYo|79N4rdpR zW&02r$Yk-V${KGc3r@K08=~Lua^i(DhnR}Qw|YJwl|XSs%GV4XaGeFKqi`}#U%O;E zT-w^+ve%W9q$uS}ZCWN+Tbo-6c+~H9*_W?{a&y+m>08m;3cugb1}*_1kXV)q*z59rI=N~-~(W_HJFLTw&@ zTGc`Wgzr8l+AZ&KTK8#mY6-8u!;g4&@kcRHZaq(I8CIn-WmD-@WjNd{nyaucZP{rS z%k#f4kfj2vNt}my>5$7T6tI0Q%m?Hd+CHhLKCBLAKT5F!Hd)s#@R=2^CNXVaR_U;< zPA~wrZhZ=u_8n50Q^enY%nA8LxY?$UL_#@qHiHXtUj4iCy{6a9!yq(gs#@Y{ma^Mq z0#Bv5+5ec})@pRnctQQvIKj}>LPeGn2gF9Oh{9G-u-?)?dC~YHH%^`rNsBuZf&vBa zHR}@9e99n{JzJ_o!Yqx?jfgTbUcEb=a$gu7t+J3^Vl3w0<4a7 zr(D`CfiG3M?ox<*uc@lK{$C%&%(ZQ@oK`p$n0@1XRfq8@E9*2H{ zm})3=;>L4_%f5(3d8fn#QWe(1+>Y&iQ|+cP%=aTtOmIY@RnY{`*`i>F<5p~Y(6cl_ za3XBvHT`8`>7bH{)&Ue1?P+~+0mMD~xF}3CuX2csiwe+u;Cp71#KN(w-*`khw>JT4 zo;>z%ro9?QyLGNb$u7J26nZLKNVb@iU<497S3_@VP(V-eqR)$FuRc5U83Q;cU-YXV z7Jxy#$|d)R9+Ph?_8EAAuH+c5B{5B(pPC(i*0tr}46x5v5++CqHn~HtvR;ac!Mf#xtarZJBV;>_k8RgQa_tgV7}l{}-W5K*^sH zWe1==INPB&ruF?JC@Ghk{_r>NvOI^{k~rT=fiym8Lef&>J{T#WS(0kfY)mxRqcZQUQ#3L+xkX~+jk-xpQjcd6gp8LZLN8kni`(0a zMYUCYbIS^Bnu!LImSpO681pm<4`F-VtZDuFPU=!;V{IH4pZQ|hH%Ol0k)R!4jP-d; zM>mY3aJ0XZVyR_YpI{eexw0g;P_Ie|LUR`6;WD0Gj(=6M^d@Fx=&RXE^@F6UaNu)Z z$65n9k8_jYt>tv85?>`2hr8SohuTSD0-#Q3C#8P{TC*J>;?YYD)xmzMY8mTMTi>o5 z9e?8!Q=G0L%@6FmoPa@Us4|ZZvdaczj-HFTKWXR?mFIn0jk&nTLZhg?^{67SmaQyb z+ti6Q`%IFx$$m|SQm(K&Ujnwa7on5JSw}!pwYR#JtVlY)u6$Ht0kq{GO$^mBj_>Gv zv_`;c<^Kwfd%q?P-~UCg7J82#Kp-4~tgVylB*qYBbY}_VtIiwlJ}YtZe;yim1De*^ z7E3e)aYOWKpSpk7oE@L#1JN0}4!RG}BTepwelFDf;kRv2sb&_ZBaeAnOhb*h z2lxm~yQn&9W1rlCB?(w5awWEpcUtH{Fm~oGLj{sJB-mN0LznP%3_FC&Omd!_zmiaS zZ=kf`=C^#i-e?CUS8w>B10~EZ1RyWAUL91lewIcXfIg{}sxu7OlW~5@W%&4TMcofc zXWX@w;&iV=k(NyVay);cpQTD(F%M$DIj&h*7_|Uq1FWCnRCz)^RPXIrAXGajSGxk% zC5c^z@^8cLj(z+wjbDwR9rrdgMBilEIf*gCfn9gCXTBu;Sf)0A)qWH67E@T1v!3_ z!u(AMfie`@h>wMDoYa_pmNM_SFe# z)wu%-l=5Pe3~uTg!TYR@4(tG311ZO{#22+M{q>|Z;+H>0w!b$W+^2$I*u~Xl#}ArFP5`dt`u;1o(_M zjQuv;6|IlTQC#|ZtZ}|qNXKq+3D~nVPmU)%nCWjbLwy|ntuZU9C7BHf7P~L?iZvhY z(rIG1>2ji#&&asOa2CHhKql;!5&SrO0KOakqtnJ1%wwpON;p)1nt9Ny>J&6wf0kho zAWmnMGMj}ItZD*FZRT;<_*~liTzd|C*<&1+%zZYo3)}eC;6s)_wUf2A@>uQ>nq#E4 zHcq$!F|ywGwm!(n3O1;dqhY%&hC&tY>$8W97jdm$6r5}f!}33Y+?%tc)@&H~=gD{y zGTwU#cNBN(G(bF%Q|-n{cFx)<9NedM+?qL!$BF}iRW_;D=Z@1i{msR*m+^KP>*~JU zWaD%S)LUvi3Bh5o)N#hBQu7n>i(+@;W&CjG)>hW z*opnZbkEPu!FJG;l!=#qOS*V&wjJ@4S*_djjhjZ^xfQsuyOMqVP=@Hl5))7TGOwbJ z=T@AEhrOn(Q$S#bi`<#{oY@ah|40oA|$mKFZk{) z2>moJ$p|?ne_o+kV5_uBf=uv}*2J;1Co~N+wQbrmV&1A= z!8IT6rTsy>b#i>&)R!}RK9pQsua(A79ROACGDsXQfFjuud1DbKuo7@!`+%POetyo4 zS41>2G3m9Q?6dYc8{QMcpx5aAgm$&}wo4}=?U-IVG@zywHZx7tB<=8da+apEtbv`a zWJxGINm`lQ2ih>mS1ZnA3}5Hp(t`qqw6_c#nD0@SEVIH@lEIXxA^islk^HU%HNPB8 zgqFXG_g^!qms!l$6bK_@61P<4B${$4Wd0P zM$P>4ZkD*?RaUMA?q4Mf)hlyNCkyfn%bX^rvy2ipUAecWR(z+L7RL#|8fji-^-?OP zr&A2T${X_A%k}wz`*@?+S==BbMC<}@1LHBjgh<-09x)GgrV377Wk9E}mGMcN!c@0( zHBhW1%&Cl@7x#OtN#DI8Emsd$^s|+RKyI_x(j=p4?j#}OdsISP*UfL&VW$mc7%Ow- z))gE3^^TD1877{3apdiTYfY=}-ZzMI+*yN95E0WIAP;coPwZ^o4d- zN+t$`h>g>MYwK3);JmF&MK^zHz{!yW##(! z+-uL>Wg4f-rdH^DBqJ(o{LW}^zH6;^H;|N}D?|ZGpck=YrdK_VlO^&Z2hZ;2>Ky~m zlb?OFu1Y8NJsm8oXcTSuDKtx-K!(HLzk)+n=hPtg03)5}gh$RIl+~ptKw`x@A#n znI8abdU&W&+vY1nw1m$r)2If3g|S4+G#P7QK690hHPud^s$0m#;!0*TgaJku#K0QI zY+#i}o@wq#>PQApgIjYAN!=%eOm*nW5!u-GDlEipE;g6*LXd~mD;_`EQwnLkZfEGB z)h)Mf%>w@+xi-)>*=d7FXJKpDs~wEYa1VIw5x5w*3o z7$m$*wINr^Wd^FZhhWa=Ya0I_4idJIqd2)Yi{NNTJD**d=Iym4v5it5=C$!4z7?r} zgE}E9K;;m0Cl`8}TR}ECh86{^v|(`ZyV@Pf;Gb)7D8fi-%Ez4zDv}8ghbs72uw*#_ z^NQy0r`*$a2gbiwo90#Sue%%U@-ZxUX{jewF$=3TXn-{kY;*XnOfNDzPiCDa5L1GR zOniw3j0iKw+a+?$I8{d0UNl(Sr`1@_>W!zwO69&cJr~pQ7=v$=vEgR{D367VOl_`| zXtqdeYdF%4zKqj8ysE!u>vO8LkEM?)w9V=nNQR#Z10oy4I4qf~zsN_3%m#er8HVB;z#<8r85io3GBFRGOz7w~OQ& z)!gEF>$6o;BGv6Dv(+nY>s89;vn%gP3&)z0kf9coagCraRo|%wRYb{J{Oym91oj0T zCDaEeRBm_hqT63uUQBgOa>UArvHW6|okA8Nj!9<^8f}j-H51?dTF~y1lnO zr60Ql+`W$BWVXy3PSq*unS|pbUw(y;q$0VyyR+GE$#e7YB#s?pFGrVu;zxgbAOBOp z;7`+(6qX1Pt2NygNxqU`-Z7r}xnDD)T8mw)%GZQwsp7b5oacND2lxVX5wlCb&z z2D&&at%%5f%RBZ;^uT@yNG|eLO75R|`162M+Z&FX5qJ;1z;a$f7#SG>!LZ6l?o9?x z*kD}^La*F2+rXEC!vb>jA1I~0l_<@X3%~q~D>!xpm+E7p2wIBe$X9_Rr1!A!${e)V ziY|vBruA^MdK_WbxxK6EAK*EGR_tHGSy(hj5OG}NCx}?i)Ch1iOj7T&-F^2rzgT@> zm<3HISoYrFDy?SdiHqPLl`U0%_wdYlY4mfse>d_;Z;S~ST*aQVGn02hOpWl)dA$Ta zTXqxkzn`9cb#`)Z=8YKt&?5E$aVX`_jlp{nm7WVbKlh4H#Cy~df}l+Db1DAaMA}jj z4;E0zZ}esL0u?zbP!`Bj~vFZR?$J zoP}J@FXDy2i)T-sg1$qUhw^=xqncCUuW-k|+c8|oSQJ(Bxp_Z+;j{iOg!4B--lJq1 zDLlUsRf%`y;#6|be=kMxQ5=C=kqUmAdKO#(3Ry~k|1MYyj!2|e>Oa*<`{jCN=mcA2E^ZE0M-*f?tKOk=1EG2{gE+815bq%CY={I6T+!IeXOwG2n zw#R+=9%f=^`kM~bi@=m)9h>z8i=``{wDn0o&o5x}|M3ytw@=`P*UFLC^WP26ksfY% zVZ>>L|J|f!(jLH>G_y1P@Am$&7w#|i>y8Wlm$`qAZvQK}e>c?swYh(fs{G5}CN7^%A_{k#$>k6KR^fmAJ>v2i9sMKfhaax98a?CpmwNtV9!ZGu znYEo=CGukzWL-)V`NCh}{D1#Y$Q%*A98N5d?LWx=RY0$>;Vv#P`$YlrZ{$(_j6&!+ zG1d5gF!oorzkPtyrH=H=Ci)HGE_i03Yaac<_pjgol{*Uf0xdY*_zy&proSPKMGS99 zxdJ8nZ`u(k0;fx9^5Oq00X`4*n>A&3)j}QUSYn8~p@n$G?PZb99Xct!t6(d+1goc1g5HPwUD7M{r zC~oR+)zP54x&qZ@KzPh2^{_=LHOKI#&umyun9X>UA_ZMCzV#WSWop(7Uw`A8>H5ou zk~FD--qSi+?9N-DIro(j*8Xs5tNBkSHIMg`m~+1xx@vN*zPi6O`Q5) z9pH&Z8+SWCq+RrOep3ZDhJxqp(AuKyu9B6s;Vj}nc?J%r!!_UjzOh^wKELiM!lP14 zp9p;Eq#04^hQThodiUX5RgPJIr%m|57x6c8`?MU}Q|@;qo;)tX4s@Ip1rrTE9lRaq=cv61kR5~<)nPqO3Y;A2H>sEm~aHPnAM+4BNvdweL z0GvX#smtipC(kB7bM&HPHW#4xmiF25Tr4@r! zmejQ6zzYdm2j>fm=Cz$OCds%X$50;CndpV~cZ`f=k}-@~C;0TGCrkv9jaj}j*!Txe z_8_*(?_Rv)*=bfPjJ{g(;~EkDg3{-?D+M)+Kw?nZnJ04Y^9~mSF`c`$$tF99pxf!~=-Utb^oJ}Vt3@Wk@`xIE3Xy@;d z*IerhC;~wQjBertG4IN9J?!PLACjr?**$zcJwzMN8N&`a`i`}D z)SQlk;-r4RUpAp)QPf(OL>FeUl+*bP6FHbPg@3Zfk=vpbt5hr`ald%*J72o3ZYY>6U|u&WD$DK`$+L$dZWO)MvB4T7=qEBjTlbBVs{5o@6@s&1DS6aZ@aI#>a|@s&==`ppv`iOH5WlZ4!$> z8`bS7Y&=T1e}Y-AMX28&=@odgu3xNsu7H3NCp+3yvMG(3mQAaZ)iMw_P`1YC#MC1C zW&5U_A6V)Bl`%;de|Y%jiIc6h%9X1Oj^!1OLcdmIjAErBmAR=sbOt{ZW>+8PA~QX9 zavRfo+l_c0j+B_OX3k3?9!IBo#WR4{+y!5^_3~STvkW_3%2aNLkt4%c_SF&`sfm=t zbJZc#+AH!;LiaORA@s<*EDj-YEpfTP80ZZ(fM=TQ5X@ooI^jo*ChcAQC-oINUi1uE z+UOPY=0-0RDNJG`O^<>7Ufs`h$x6N-rKcrpRTin{ZP-eT3f|n|iJpy^NKS)yFH$hG zI9t3E=nYJFt67+qg#y>Gbl+{3yae$aFrFlzqx!f1_j!rhb5KS8?I5vU9V^yj#=C zX|Av#jz;CMIgSf3If^0-Vy(Q>X49-}foY#kAO0Wq-YP2YZP^zN5Fj{&;1C>wTX1L~ zB*ER?Y24i*p9!=UX-l z)yqroy3!}_GdGH>ePfU!A9VUEkcxY^{I^qYv|RQkc;r$zW%la##~PWYpKi2#>|vT3 z*SYsD5x9Qp!Mk*;2|~@Soti$$)YxkBvWKbdRXQ)} zOuesY^QYVXoX9xk18HiKgc7C9(A6Vd+En1(Mt!8$o2$-G_{cUp!Urb!wRx^$tA10O zlrP0aV71jT-bA*Vg+6;)^08}bcd;%ZraRzFq(+PSqwLs??d`@MdFiX2>SEbEf!(o^ zoD)yLoxE`>0&PG@z@UDLB?@K=niB?eyXYkmY)@)qIXCenPIZ2v2amN6c?pP;750iF z@I`LFo_r*y{ltFF!<-kTsHcyA!md`qy35YckTlPzM!v){JQo_y9)_o9pzF zH=Wz!P=Ajx@s(x#2({`~)c#o93b@uuMq&86C^b#)8~acD*tuFS1%e*<4>4&bSRd*SjsMiB&;4fC(rP&c2@RwT} zk)u~~eose6Zku*nRQKx0C%7L)ofCagH{PgfW9+pUXCx9)ciP-_231(@rMS*HA2oPJ zDFi&#c4Lqk2`X02DX#AEurqIuH_^6bj!qMze{6T4m5Z0Z4vSMCmhRc`GRWXarL7wF zris2Qe$nPV@^pPa`;kOItvq9L@^Mj`XA%R2uebyH$S@rTntV+Exzy=sNnIh8Q#;xW zWuD%2H31=EXxqm64~6jF`V(L4dwhhM$t)R(X@Gi8miS!WO%Ho_%`U3Up5iHOq{PSd z3wQXN^{$8CHxtPptuM*VRhv|d=r-B4c9F*OsIaOP-xs5{z4AN_dQ84128^PUr|+qq zTWZ_{HjBe!?i8$WZ6sxv1Gb50WrXXd5}b$dH@IO18X(Ud=v))*6MX05#Qwq30POpF zKYBN-Spoa>=H(K_)0S^^CT^#)t;LKQ>}v=clBGMEjb$?*k z4_keZ(>D8D1Mt31@%(7G4n^gN#y!XH@1>~>oLI5BHqNiHY~OHV5LKzs zf?Fz_>V0ZGhSk$gx!YXRbmJIw#3n6NHD+O$J#8zAl-e6Wz`Qx?iH=<>L88vqlN+Cq zfbrIjgd!VEPl5I}oR5+k;f|xux#B6U?c$3xul6(3M3hyAY9eLod^Iqf zMJzVKr)-hh4w8*JtvNi1D!a>ttf#Zb zQRBj|_tlibo6KJMZI!CC85HmSpT(-u7HBM|pb* zr!8Pk(_xbl2)Ejs(-z=jZ=Da$iu+rybF&%qo0mIk|0q_Ub3M%R@nuM*FTpNN7t zkG-?L+Vz&9QJJlV53Mg$s^1c+{di}q#*(p-joQJhU>$!gc+h@)x_KGh_?5?6U#(ov z;CifaHaFUKes=$rNgz~(gFWew1)zOVisdo=vbmHO@So@=o-Q%JiktqWhl+JRS+7sP z-F(vm6qCKNtOxOvrNvl_=9EJ6EPWA__lDV!3(Y2tQCs$N;Pjy5@?1lkBaWF&rKhr5 zNVljL(0o>d2O|v3P3!9_zrE>&o6>}=z0mWgL;j%sJDzirTB+04A{&+7SUSG#<+OKr zjPV*NrmTz_%%GS|87tN@{vwNmI`gD#^MS-sz1zg-2{80Nr+sh!t>GcV{nCKjv)0OQ z;izRZTDVZ#ytE=xknf89&GN0MdJW}0e$iAnK2M)-O2}pJLs2;psl=;BYif}xI_ZbK zlgFGXsQZkO)ZygwaFa|b(jo??K;c2++L?aW>QvTryl?nq(R`vnn`2z-(t@Oc`p>Lj zYQIV(;3&AMk`htq}%kVAD(FO%@=z-*K`vhUn=LdooU;(?=+Zt58y8koKv~I z#!$IFMTa}#G5+W*T5#E#^E{Z{$m_brEVPU+XG|Nrc-QVKQ=xt;n+m@%SR`*GLB>T8 z$;(1ov0h|tbuhs_pqJllh0nqST@$SJj85!LB{YVXPuh9}+aFHHNJ-SrvlXGPGh~&b z{yIiL2Kk=r>K(ajOnWujj)_=OGH?HQAmx^#xBL9Yq#T|x;i*K-RmQK@`&91heT;L@ zf)Kd?Rw^M$G+@-&^?1jCUSWWfH{Z@34!JX&Pdw|A(=@nD`UCkGXZL9BcNLd`Gk{!b zPS(IHshlsOB4o2*IhAPLiBNL4+6&Edkrt(#{8DAjFz`dtQYoccZYhz^{go-W$73(EO}dHS?yrnThW<5Lp=rn)AZJ)9aM(QTy5`v%@e>= zeK!kpZmKi~!4Gw*4syRS4GAl8{dq7hP;1z%zRyEXvG>X=Uv~9-TPjc5) z_=UE-oqL|tHNLL+UD*up&>jH2jkY|lRdVvZ6vmTU`QfsmU8pwae3J4QJ%SigB%kwf zG=~ff#kfnqNXe5b!TQzvX6aBlB?|8J|G}NPjOYES@T(Nc<%zP&q8q=Mya3r{tao zIg6;U)0Hy- z+5D#(gR?9JyVI=3EQu;HPr-j>7TS%;glT#+QRx{!T9M1jMA(al@?ZcU#o4q%o_DwW zriXf5+r6^u(fD-Mzv%NdiOsaofkCq#2DI)z-I`LTX18HIP8Q>2_QBR!WQ$AiG9|*~ zcAlXay`vs;JNoTf zn3vztX3JJdO2F=bWt-*rSDgX`+8 zcJ(slVWDZSngsg>X2_kI8m)opvng)1ljgu(ilx623hV@MVuHj-qF8^tX!`GN5*PWyb^7)eF0!Xo3X2t;CxgdR%Ex{>a zf~TLtB3mct?@PGft`MUR0k#Km32&OjO|3aa`#-nP`8yvw_F?%;Pu^(In&7IF6K?%EnY#||odi(9SMbz+av)_WW$DIXZb`c>yI?28 z1GYNORNpsy4P?;7CTc-6=6v(3emH&p`>d*^u&8i;#V-pko8@zawrzP$ zXU{tc_hyBAffIQPNE&Ph0hcr)Wel&pf^8srVt$Y9=U(E0a)^fOp2hlN0cRrDV(iCO zUp-}WmGP05A8s;76_jwHaxjKdeaB(a0>e)mRGsL~*?01v!iih1qrxOEJHHjDX;x&) zRoZvthA>VPG|IugReobCo<6n3Yw|{RtfKOCG5#sZl3J~+RqU=79_Eg4xEZZnfF@qM z@;D2|x~dzfvA+|MN~mwHPoHu8T!Ty#h+QrD0`BF7KH@R<(oU*yj z8^tU$m5bL#pT2(*y@)#Ciz0)y&}fZ4HbvJl&sUq!%b$Ty9cjqYuZ1P{bhnxg2Ow2> zzJUBb&l;RbypmgEh2F~wtv4br>Bw4_)u?y(t@MhGE1sm9C;sdL6o$X1qsAoisdVI> zL2%Ke_G`U|b9lUmtZrzy z%T&%1E$=p-t+{@|%yB+(-2GHjdDZ<6;@!uv_DD^{A$auQjhEyg7T6sf$!D#fZ>q1h z+QL@i7z+t`TFl(B-C^RRvO-TV6R5#LvO1^)EpOOXX}Ybr@>RVd_+EaQTxMS$>~prZ zs#D(Kae2(|kE8w;L_Oj=w(qgXZ3U*mb(l`9SQ#|0@u8RO*#T@6dUKV`Uq#@P$}($z zo@dJ_KwPWUV$lo3BKO9&=4}h%Er{+KfZsw{xEW@%=;-*=`Jv%F3~>p)G7p$#?9bw) zcZe`sP~oq}+9wWY2fm?5U0!?WSpazr3D^pTLV#gncGO26o~iu6Skr}k+9md zA|_#RCcAkiw5NX$h>;>k~(J&{^Z+yGhb@T9{}bXf(G{OJ3nuyeLejB8J75eg`sV@ z62`}bOF4a~pb;%h%racwTJ7D+oDK?(9cg||Fg$YpjYUg2s*l_Q7215QAe(+g9dSZh zlA#o}BN&;gv38F7h|UNSdpfhd{2m%c#K{~t?Pt31HZAT7bBf!K63QXp^E?xR?L3}1 zGi&r=tQ(Ey3UQ^Pg3%JKtw%r7Om6MzWK2k-Wyy3osaRe89G<@WQv3GVm?7ZG}le)b%d>CvEgb%o;;WbXs(ecQG-WLLq`ZmiYr5zD$8VIisp>V=~-i zb3amL9#=UWZwr^RtP=8t=MIue(mUWMqkG~9HC95~?zon2d{S#jvw3=}9y0~1vQn0o zF(N{$)ohW|>A7%wGq(sxRmbTfv;y*WVr&^Svi&w0RW>q!?^UDd`3gVpL^343qz|O< zj7}0Be+)a7Qc2SQ+1a}!G&w=U7c-ofiZaNXcB^(Xo#WF?)n@546B-b}yU7o!@>Fio~EfPAnq&BYF_JN2W~51ZToTLhBwzG+4O7xYX3;F z5t-?QqEix?)N)4UM zTwj()UKDCH-OH*SLi;o>;y0QO+DUI-zo4*GGcHb@ca5*Y! zmk%gx_hU_;ok__TZ}!NB_SYtNTVz5{N7DCDdKt(kw+=dGP0}YF{nYz9y}H|bDX2l_-BtkLN5Fg zpC{g`Cm3WvMS@tK(HpJi8V^fPSKbHLMg-^S`L@%H7k&)Z?qXx;7{tr^Z4n%_Zn`oH z7rZrGL zI#zM-13-*JZ*N6?9;7puvz)6`5(R>NxCPUo$ihsx>runHftLf?v@`s#32vSvPZsvh zDDn9#)tP#_t}MEO#PR`k$RLgV-p%1u@4I-ZO?yMMbCCZS5h7=i>Bv)&CHwiuC8UFu zw2kZ5VDA=@SFo1DWUMprI0~-HVysntENVJ5WPD5Elq7>EN6~ws5;V$nm&1+c6ljb& zlDUF`SxoP$yy@T3>~gR=&2sS2Mugntmk|=Olm4j_Q4?en1+~wY9Dn{KChJ=_2Fl&X zS)&1wX*RyX8B_xO?P5170_g@)3 zr{>6d!C$t~`5U+V)rtWFBsOR1g$K)Y%{Mp5nzsk|aS1YQe#5qvZkKmr`+{=Iz9uoe z2>TZ4Kb1S!%PKgu_*GUo(}br*C^qzgDoaiWc86oomBi^gbbqfKlUkkK%FQw$s0|8~ z>w9#EwrJwyLa;A|qT+S%W|W8R_K2SES(BvjYFH~23}g7I*{!Ie9QrPNU2S2}d`sU_ zp+)&|O9)d9MFfh!vKw3mZrQ5ZWbWP&_A-EYx95`=v(D2?pY&RDn5|TBV;Wvs7&RAu zW@rAXhh__F-jxG(8glXP-FU@Sc}C*KOe&-@(_tEQEBm@zTZaktm!bvX-Lv!p3fh=c zUMmx?E`JEsuPHEf3bNUC>R^d{^5rr&9>|q?!#H$|=HvMhfO+Vmy5CWUy7hS*{bSP0 zji4z0SaywS!INAeb3?SZHSYC>iKZQe`z?lAi%KYrh9@}8!@H(e?`GRs+ZDTn-M)Ji?T}U}k>81O@{Ct+$ zf%Mch^&g0F(=z)Gcz}u`6A%;VbuxJFcmu3pC=olO?;&WOdp`8~lnm-Cas&=$?aYlo ztgR)DQ}W>wK6u0HKDgJV#i}Of|F#v2uv;B;h~2uUsofU%G7^%8>q1T=PmJ7ngE&0T zxIs&Hcbi>TX>ue21&|@v+;r&QqO6T1pm($sK3)jVBw|zig2gm9U9G2kYkRR0;1o;)u&ZR+j4i<-JO5*J+y6ycI=j#o!)EQULrje@s z?uVIlGZdW6^6Lf>-*U9xr-A)quLZWLbNxMwB2*V<0|Xis8P%X(Gq?4_#nT;=y79?N+;D;HOy3Y}CLjNsMypwCC75&{d_<;m}J-qJm zh4`aIntD))in&c+G_09xJNim7vFSd=-z2!S5*!99N7jgx;#h41cm3l@`<-~E=?EFEbX4GVo%-y8t9PjD40oKvV zt^Ggm?g`%>%VgKYA|Lsu0u8JRl!-Vx!R!op%PXKO*`sX$1du!yVmo|8Ez zF~W_}8JWaleXRf&sk#0G8UO6w!sm8J^wAhH&ot1N87gKiPL=uMWPTn7%0{i51RuOL zSi^c@JOx0xyN>nzfmzEzS^E5L_CW&*o)!as!3_7KU!33b)&cv6o=w(~AY-a$XBXk= z;a}ci(eDU>?7sd!n^*4)JZOi#hU)};2vy?T7p zq1_n#*5{>O_aaP}OnCtqQd;6M$CTYnggxL<^j79)oa|x^q$ffb=s*+a7}YDU2GvlN zLHRl5QXx}4>X`YYoIWIT3W6vF~>_>b%&tuoo8gpM*T$YFqmDkj@dnzY) zt4|cc(Y>4-R|9E6B4r=KCI3mhtj0XF7=#Z+owFnZe82 z2libCY<(=zu#m=UG?rh5@KJqED)cMza$kE3lo>C}*oqy-Ek~49?rl{}V@`MP(94` zQjaE_NswC-KEEjl=gu0kT1L-N4Rft}K8hjrbKnGGg+hAi;hV;}L7LXu_=@}$tRvPQ z)?HRY=gsTdUf~SOr9RhxU&=*2GWLr0_U>w+nvc|3P5o$%;PETl#RQe}zG^?d08#P| z!jSS2aVRO5;0Qa(26hH{5!s|;WLp_)LIpWiiT&d$NiR)-`w>hLw+ zFW+MLx8s|cl>UQC?v>By>wO|2ZL{ILnO^8Qhj*`)bE7vDdmY&xC70-$T20vhOYZz^?v`n79@-mUiK|kXv$eqk z?|Hh@eF`e!MS3`Nu;Y4!F?@5s5i;zXAH&*t&D`cj*Xq|M z%M|N<5w|S1li|G0Z<+;b5#D0I6F++?tKRnhAi>KIi}>T=DmUBOwL(2LXW6rweA&KI zm2so6uf25yk0BL0iv$MeZSbzePTzDVVi_|Nz50Ib3;Jd5Leov2g0lazg}^nX<(a75 z=lkE&@*X4KPJc~>@N!!~Hkt3qbNdN^Q2bc040<%v`%L}Mj2qc=t=x~jdKGckQ39ry zXsi!-)q1nI3JZ4z9wrB@wW(zmMT^n(84V;%1Q|h(m+Fs$b#6A7aqDRgy}Akxm9CG( zKD77kXH(1vIu0-H6lVL3+OB)Rge%eYK07k5m{R~>sBw~RI9XPxej$bJqCllIoQ{6PLR^>^zCKp zYDT$B>glJWBu5F>Wmk(9F2zi4TSIy^x7H)hFp?p@`zF{*wR3{W2s(oZuKyrm*mgjE~)q#y9IIgz>52wE-uee=`+g^Jv!gB7%i4{K`w`%NmfC1KSZ8;h`ha z$zrzOsm{y<;nxz_72AT-n!DrLaQ(_irVlw#nmoSM_Q`W7&gwH3j%yt-#~y$Wcl`!O zTIRC48TbPgjvd+Hl~Cx76XI;_Dm)BYO`hJ>G3Sy+1X>ZWo^eXG1tZ@q&BM?`jh@E~ z^Q#n_yQIog9lSZ06G2bq{$XBpL+Eo6d+=pIH-LP}hdY6l4<)u2kBW^K`MA~W!>yLJ zHIM_dALwDa;Buhbt_b_hW`M{?mcOMk|F9Z|v=?t>K$XMbi_2MzX^#3LBon$r)SvjO zS|NcfRQWI3w7*wil+Pb&FzYpwG9{#k4f=VoX;(MXb08E5ruE^BB6{pYpdnJyPbC`a z)*k&}jLaz_SOw{xIDXg5XoWF=K)15_85osu45Zsbga4PieKWqub&p=dsrU5Ckc{7_ zk%=XRj~^sMPa$_7<$aj>5$V}<10V0Fk!-b|!p_e7Y58sU#_TBUST{;k-PtcX{{D#g z%$gA-)TOb zkJEU1hc3^8mHkuJ&PFEuweo39i}CWSor-sQ!#E=PK1(~=k21TaYpKzIh)I%*tnms6 z7IF&aVP{FS$QOy%UW8^R)T3{AnOTy?o43qtN?eir7fI%nFAxE7%2MC+`!(Z8wI3M{ zEyY_Fwf8fP#FUFH!|;4z?X_&oL>M^D6QTmYR1qC4lMHdmC;{B>u)j-mbOfKt?#9 z9lQc7dh+SkD|AM^`O@g2Us2pL^X3!MQ2M3K_EwN}3l_4cLV@$^98B=-y8y8fi)XPr z)Z~{i2P5RWWVx&n+q@BR+QY4cmpCv2=5ev72{UxrlL?g6-w0p$eiO2c zk1LwUaa;7Sot8SZ4EN3KRn$%;!TbSO23hb5vL$@Q8k0zahJD%z9#4?`fWSa{vr9r! z3(#6b-#s-S4mYsCqE8nd6eb+RH?_Wm`goH0h8{20}ntsFX?CS7D(AEn=o(5J5l{JiYa90Lo<5d4f zt(39iyX@?n_tNCc2g7AffhmswvK=Tgx>BPiWjtSLy7$pQFQZ8L;YhH@c`PG}ro>7_ z?CqiVoc%jMJHy~dv0Kd63tTyqDb&aIW5X{r6K0!Jf~4-% zStQ>dI&QRg^H#Lw36p|MGk`}chfgMZqIiP&XZAx92%49!^uOF(E9owr^QM2e(q0ZW zuomP5zy!zGjE(}JCy%%GZ}T2Rgl?xa_$KDyd^bIGJrC3xR`y?{`SvP!-Mtwz_egp) z8v>(Lh;ZTg`|oR&&Q@Y@%aMHvQ|P@as;OMM({l#H1mr4;nMxFea<#d z^VAZpR~7&V1>Zt7`Q6fowgR(G34L$$t`6=ZukN7+-BBk<-85UqOFIP1QG%=zL20ju zit`2J{MWNHR|(p@NmHfwO!>8vcn(b8x=C(|k>8WDHm`{Z37*ml-7Jt?nM-hJ3(zjp z&Qgp6GlRm*TQN`R`EC`jm)c%`n8Q_AyH}Vtddx;}c%Q<4+#TyU5?{X>6T)b{ab-#W zQ|)A`5P00ti*U7?zID9ett2TW_pw&>rLA?bM9uSf$^r&@>E0m=ew+evbXM@{+q?UI ztm9p3EW_KlqMwpsAH98P>kgO$m9E5OKF1Zh!xuEUjv7JhAu8d2->WxlS}0gg$;< zg&1`E=B=?ah>#%l2LUvjaglcgzHxJr)kw&Z4t#ih?#XZ3CVW1jA~sEZpX*#@VUAN- zjz4ekfV~FcgX0ijV!W`8cls7DnYi!sc+}|3BfucjXl2Ejv82m3S+QDs8;C|oY>m9+ zvkILt``QyRTk|c|>Yau&?Ua9`L^VE|!^jMEA`4lAFZH$K97>|`!(r%A&&Z`COyt7Y z%7~SURFAI`$TUFfENC*9tjXPLoyc?Pl-6)B=A+U~dnz+gh0j=eDZ24EF_}9$?=1LBiIVg9Qk^%(x>MYx5UA$*X_``nV@m z`>?ip>^S=z4b-&OB-{$nY((^oIgj+MyIf;rlUzfQ&GpK@MxW*#<0epNa%_L|an zEzN$>({UHov*)&+be+5G4!{uJB%ks>Wz~O!>E~#gYsoqySY!BWK1sFqrQ_#YM~8IN zjy~C=!65Q|*{9e+aAt#a#HBx$tvlwxzpD>CwGxOtz+t8gSfwT{j92~z9-XTo(`Eh488{A9Awqmws>Y{cS)VR&5TmMrFwB|77O(O?>$OBe#NxBm#p%g5y z)+ofF6}Eops<$^$>2NabBT+Qa3abF$F24%t-gH@BVnzQ|1F zRuZ~Pq`E>~^T3OhgC}q!mg>Wv4*6#c4~I(15ZHsZX=orddrUwPAti`K!jm>#kt6Wc zaRVVS zX052A#(X$7PT-Dv<joEX_;=L>TOW1aNHw_F(Q$6+eGMmtt=3eyFL%|45e+%pU>cri4F?2*!!dy6L*Fr=BxJ6HO zKkTZv4$lsc5c6^aBn(z@xSt%mzLbfL8_KAzUfw9PRVn?#q8(H+Qn?yj;l6rJ&)bi} zjPgSvC91?u1Q(;?95!|MgZv5OR?%-BNg8iGcb^GDF~y5<7ZIN z2XtM|==dDqvA10S>dO2O_rMsEgTsA8o{7e4V)TdCHU8|ZPmzrwn4i;+xjY`t^R?fu zuh8SRb;HI58urr`O=ua$Uh6E1gftGTCIAg7T&>!YtWsM*QLhf|>CQmco?NJV0aT^r7x$Thl-+dA^@ zi2faEaUvQgBqm%|e_=dg2(f_dB1B=%82M_6WVIOc*g_!9Yn0{Z-33?ad@Y$^Yy6Po zwU4CiaIe(hNMBHFJ~|^`q52ph7baAT1G%DXHi#^>o{9yCErRvOc)s!NuTXgVBSyR?ETIy;b@KFaNS_ z^v@Lv>Nnrg(u7K7=9^rZo(jpfiB?QoFBYQjb@Dm?o{@D*v>RD>Sf`R;$Frw)bR5kd zEGVOra=}lj14Z)A%ZgRO{x!)Zm2%Pz5(UF14!<%#NB?tc>c7T#+NE0Nd-a76v;J%9 z`+sa%y~=7=dTB9pgOmb3c%$t&prnn!n(&0TqA+-(f{ds*`@F|af1!wzNtfp=x`X_HWY=(WI-ECfL=3_g^K`0!DuPW$-~4FC71^y(SoQe`c9@f2XZ42u zLI3ZmsSs)6*UF_ ziJ3#d*bPPF)8Fex7h5}e=L+xU%P6kE_4V~NoA3tyKeXY$b^l-Ee~Nv^^`gtt-dTs? ze`wl&YuTy)qlTAm?%GV*_c{dXTKQlvd6 zq(Cod8Mgh`m!$tdj6Wyzg*P11i>?Q3ia&q)6RZD)D^Wfac2Pok@6>tezq4rUi{F^K zrxbnmcNQJ!@X|1VJ?(<0KK}1SMzN3h#MG^Lz_WiL>)+A6Leu`ti0{DGj_Hp~{Xa1^ zgZ9MKMd&lQe=|4#+NM+LNu~~S^9$;K%Ty)76I1(GaPWVT-oO9zNv9A#t<=^xmi;YL zMr=<^&5*-C|5vj94c#y3f0OC|D(e3#>c3aIKYk7T|C6FpQ0*iBJ)VjNvSV-WJBb#! zKUpjL%%Tl5JvJkkG9j{gYq6cN99 zmz?xrxxe==CV@XyZP$n>(AP`?Qva_3<8Q2B1K{f-K8UI^KJ}mJJHqn!{R81l;G3Kw zAKvqkIL!aOD6m=KIYtGx&rb+gNrnz`|DEsnZ#dlkj1mj}?^WniY$T4oR*drJ0UtkI%40Sr{rEaprBimf7+Evy{S$} zPaj^Uz~cY63v1X5FC zlaZAnzR)s0leBRDXU_K@MDmZJ2q~Y?BI+Ai$K?M5qu;R!9ce#;t=vr3TD|x_8}7LZ z2y@bB26T4+q)a0Di<gJK%6edLd|z!+h1Wo7lzoL~tKJ4lnTsn$jD> z)M$$q=etG0x~}~2-gPMx(2h4rMMbjUz8)v+o_)`l-F)BT{qBu^V(TXNudSxya3$U8 zkgHCrb#T;t;0X1^v2B9Y{+tf7i4PpzdS8fu)=VUDPar_Ar|gR~LwCb|l8Mvpp!>o5 z@ZqShvGiRI&!e{jjc122-msQ^2JqmSNB~7!PCU{uRll#P{HfoH6herl>P#uAsiR9v znBhG^Pr}4_cfNy5MD(?xfsclcuG2!u4}u)Bm9eG%&vsGdfjCd=sUw8ZmW!A+EM>y7 zW@JuuL+|~@maCD;FuC0JXQp8S>#yYA#k{Aqo@=6^cv>LQ{FXA$TLJ>X4JW+G&Eu3D zV>^05)UmV};3iXFD#yFa?6&@aB&b}=V2xWpt}Bf`w;2J&>0eQCwY6}FG%RwFmC_WrWuQudv1m<) zj7&Hqr(aH7e*xDh88|$`((>{rtTXv_pc44*e0ppwNIVpilAoU_IXM~q71HFY=3=2E|(yDMUl|j9~(L=f1_`@+X+~g+Rvp=#tbF95dN-GCgnwulZmz z87EBBl!%CQAFdnj6*gRG8POy+x1@~pQ=M0lub>1$tf)R>3oFYv}7^g7sM6qE{7({up>m%5C-P<;$1v(!z57fVZcG z3&QVk??AJ`ST8Y+928HdP0qGQ?+?Gu#K}g;@3_CU{ls(rq56_g#e!=^Q$k%7zQ=O5 z@t&&PVhDt=AG{_+xa`s<&*z%T&5 zt{ll`z8bmi%0@ObF8ak}cD;QpEBt_)T}QSX0-bDXSe$;-&QZE44OF8ey)`KK{QR8H zVL6}1PBYS~roGwvP{&ZH};( zOXJZWAFevE{GNgI7y}yo?!AO=_iKESczJDR0y6LSfmcUeSiV61tXp2F50|{)!CPIg zojin;LyL&gfuF2;O|KLH*EFhGpth;e(d_tqwR^SVfGT~+P~gMRmC!$Y1A1Hg7fkHp zVJuC1+Dt$KWhb(G$nG`WPq{y(P=**^Lf5Mf>eYgA2cFRW~__Rzm3 z32{Jb>cP3uopU#IE-r2zo4+~;$%5D8&>70MbT}s|$6=zXtAwx2_Y_@^u(jvFSzNu@ z7Cx;&{oSapr4T(qnP)jDv2+n9-tyi{MqLlW;L)8g9l1X^wh!NQW!&3-=_d^Dba{*^ znyR~>QJIR`9;zZt-F!@gMS!31QrZ5)N;eAov_^Ja6<)%j-P1wrZrWT53F&I2hX98e zmcoj1F%@gU(nTKIg_*1Oxxjo%x=w5D8X*0yQD^rte_@5dm(K}qE`sQU+4jxw5;a2w^W2$Nxo_9a>BQ(Cy?BtdNpknCeYu)S7k^2-r=;Y^(6aoh444wUSV|W( z{JtTZth-J|xSj#^Fb3Ph0Jig!h3VWqGy1ruR7APFG=^jEAMZ`}tin=Ptlcb zTYL;Sw87^;NqAp>{XXKm2;IvnGbVq!B+9-K(Y3w)26DIHUdn=8RnSaSHM@pwU=T+9 zl`@i%@m&xpbq3vDi@_AQ>viBUZeQ2-WgL;W8(tUAch)}bCg4kFYicVJ;!)NLvq@jQ zPy4Y~-KM6ww6|pAbJkfS5uH-8hW5oD&Gc}Yd5~Y8_EJr+H^0luDVn<0uKzi(LyZlT z{^(WhVosb3;#M8pDyE=2KW5JR5n>=?>1jrkwnW}xqNst6i%t?Sh<)V`D;1u z3m$6>X=&oz3Q=H!VfubW69vHP*Akha5F~;%1wHoH**Rcm+paTe5s&@-hT&?1DWvvL z(5>VKj=q9v7LckJUD)7ZYHHT?YJ)X#HR z4-mp&l-C%_O}^BOsVs9;Znkq@Rpc|g_`(H?$BO~TYFeX)Wgrkf@ z!=F~9-~WMqpLMb_xdyvhu6}Jo{l6)O>Y`xcljbcOTIj&hgqmHu;8v@a~m-a%0QlEJEw9`t~v_g)HJ%`K*aC0091c~%Fx#OOs(Us z$f8)|4i}?YQS|9(3nWECk!+iLcTqK|O*j}GJcSdUYo;(()mN#&>(SBlbpI#;5tY4c z-u*UI`ood`<+m^~H{IuqbAk?qIV7Hr5A%k5#WBw^$wnFY5l}Iu*KxSb@+{)lcx})4 z6dc&&rp0W`kzC|9EK0tMdOJZlzq^KNgC4}3W2nsTbCgs@qr9#IQ@*X<2b#mmCBUWi zFS4}Z`8})t4|{JN7S*@K4=dd$DGdrp2q-Y5lt_1X2_qfS9fJZ=(kU=B3>`B_gD6Pn z(5ZAwH}CP@`_21(fA{%4&->^5-#K&koW0N9Ywf+(XVrY&m)#Q^SA|Lt=bTTU>sV55 zZGjYIB33p5YWkLX^tG1}s7KT~R{Z$WXG1}PW;JQIXW}j{=$ix}pRpZ`HQU;<*J3?3 zGZ}~S%I_M=p*3Z9^T8s$VE0d*QDM&*lrFT9y@b1nBxdSa$Ih47lNV1$YN*|0jHsPV zvzk0~SB_~OUuxgjt-9+KdT;N=_z8;=dS|`IJWSh3V6m=cRYUQPCHlypt89Fjea+|! zmF_IFhquuOeSMq9*ybSRqQOp(v>n_ci+*){V4TWGj{P#Hq#Wni`F;p14;8j3IbP9@ zUAYkBTR6L`=rU=2ME|aL#pY)#~ z32er+$b-2#iaWKuI^SpP+psm5WU<)g>*Sm&r8pt3pxi5Cfg}SrH@6{RFL07g+_kga z(tBpL(Be1E%%xii?J6kQeg;y}ayXI&k$P%OIrxD{_tSVR2^^Y!O1BQb?oZ1{uf6Dj zY7!rjy*y6Wqa#c(*U-?QGmk7S#HeXzll>f<7wvbj7f(gQd_-LR%s)XTG=xYuvSczMyn(y6 z;4JG5u2(YjD(vg}XX-D#*xp$#*P<>Mic{64--UQ}5DYbKx4m92iN2|c*gP7cqFZ0= z-gl;8dxg1W4SD2cyPg`m*3!nAnpQtv*9m}9XAqHh$5-RM7romzrb+C+$J*5%PKM2L zQCcTizG%xw&r_k=o1~WiOtVHtS|Ns=v^zDmT5;`Z=p&jHpA#rNAH~QW8%18VtIlmb zZW&0`rDEEZIUE!xaydLj-(DCg7j}xRc%e+b=|_52DIZfUKa!~#_?VS-NKiIV6-68j z232k;J$S5_6`M(u4p~0K+2(K*mr_V0yQ)D@$L%=N`;R?XW)|QXz0)1o7e{9sS4APe zm6VK3$-&Nyw{Y@c=+4*W zH;}jyIYsueh!uG*NT7_Y=oVMi_GIBxh;~KIO^0D%Ur{J|>0{*0<#FGcVM^B; z=lPnBKdCjr(%vEavis+l@#tL=PvJ<%ik-3X$42?tay16&m8}RV6z!iZAD`-{SDc`6 z59@0{P~rV7Wr|CN)xRF*h}xo@%dZEs8KRrOaxwRvb&O z5!$a^1%+P_=s8d`lSCg_ye;TPN7Jr+E(LN$tAtrJXkFm@9!@Dye$>%s3 zbsV`-xr(Z$66K~XqSz3!PLvQa_(a@4?ez1z$Rq9UG!c4lpH$)FyQ=DT`w=+aJ zTBv;p<)K@uj}^V%Oy9`G(K{MwM3K=)$}7H97cVfjJZ7*r!MghY+_8akt zvR~DG&e{@Uf-bP_$;_L7^=N3>C0wx-FEO;r;T)g=A;cj;<+zd~ z+(5MZ5C#V3gGkX_F)<%KdIWdQ*sKy3D00xk9yDE%Mn30R@u(YKzs?}DqmX>2m{_aX z-U@-BaC8hZBlR9WoNaY!Qb-Ya^N`ka@$TN836VsaVn|vudfgbp(0vN5FQ^WBzgeRS z@8xQx7Q6ZR0e+dz@7S69K{TAh03n-S=)lpTF4FqyE6&b&D6Kcv;Pb;s_uCHvSC7WB zZ0G{6o+&aDi{4(jl$m^?Q3pwvHR4#nyb23_0v2qEj}EhNoMAV&;gqQ(C9q zMcpbw8;n;+g<^?4n((v1fE(0AJ;B#~4`$tG?42-uwOBP1Sz&3@?nq7TqG=4IN$&L8 zT82mFI9HDTs-yoQ)f2sHG|Nn{f^nIgo-tQ`t+Zph+p|#3)~RyvN98!Smu%)Po0^W} zWj)U|^NqDsxz+rMOP&mFRkYF$4+pI!&$_H|{2QgB=e;|j_jO2GblUuD{&~{mQMrXD_nl-1(Z6p5vJ`3gi5-wnW10>=Pgw zIz5yV#hUGm(LYKbkwUp?FDN*_2&IH2L!)|x;<0PDnfFp;b~E9U+_Ye^ugezbXwNmF zf-=2vn=#uwNb2$*L$sCl4Ph-GuoueSQziZY0^FB`GH5C42kyug;(V0jd0FsC4TX>| z0xiwxQW;-oMW$rz8A*m9w3MmF5Ug*^rI(1E`c35&BMjp}NY=f~++3SG;2jKQTC5OS_8y0r7dp_N|X> zx*peU@eN5u^NIe(d=7Ez^^PMPIy+^V6=iaJF`-XCB$Ap|SgkJcMR>1?xb<>wuU5Rg z!9-iTAgTbxpG~}Q+V6C(ux!ud=74;s>Ouvb8+nGUJ|z!!SY2E5$vkY%O?q>=Q)j#K z>us$s`g5UBah}OXvmUwYj&U?dV==vzo(ID?jwhgAo-j{ac0z~?C>s67dwlfR+LrZv#`Xe>N(R@F% zK^526X?mL(j~kSxM5nx(pZFAEY#Grs*PAOMb}@D=d_1}&u)mx%tV|2En57I=2k-q$A68D_Dz&x;7+Yi(A~Q6*OnV&CkM@wwEG_~v*%aw$YhxF zJ5>F|QFNJDtmC)Y>eHSuFbu@s-=J-+Fxc3vmKmi&K4Z|q(buXcu^bY5#7^6f$z)yu zBYs~$F!8Q_DTZuY9*<~p_n8I-y@=E2k>RkBaAs`9$JtN0l&Zfs+0$19hfUgj*-Rgr z%C2T1&S>Yu-qh(KEx8C|%)78i%a>g&t12J{sTXkbGrvG7QQy^m==eVMP1rk&>O{Wm z@x=G*1dN?|a;Ec0ea-NaS__>8&+_)^C}sKX0@=#)>5-_{*kczbl9cgNhj8TlYMPF( zm1FzVLGGog%j1(B)>!4G_?Va!`YDg#))7rhC(a2P!;`rr(^FKF8a7FdYXY8^`6n6e z5A0rFQ2;q<>fz+I})aA#XJ-+pFAiO-xno3x*S-^kB>DL;hgV z?~t9H0bG}04&7s}A{2YJ4n_3N+5QZzb^qC!vNR8UeSJq2!YL=xFPaqA6ciNtWYC^7 zAK-YYZA;R}JT`Px0(TeF&*vu_hv($v%uC1P!d*oCwu;3w9W|x`0YFgo?o*G|@87>h zz{N9gJXs}4Ei@?-VN7zQ%nM#ckzeW-{AUJXxw)vPvo3_1?wNa^T6*!DDymP$oNs^= z&+Fojrd~XoYDqN?04ly1WMqpN^zhTdSdt<)diz22LKYVfc3m*80fNs5Z9!2w*aC}Z zy=~dp4^LZfn-SL@vu{EzYd1yhF$0H1{5b|=LvqLz`0ua<2x%)*RR>y38O=nu?_&Fx->j~*X{xkI0v6|-V z0Ra25a!6SGaFjfO1SfGv@^w4AK;)C789*8As68S^vc&jHvhF&JJYGi+x_xn5@`ZwV z#9=(L6zbg%%ZiI7=87o>q zE$K<`vV#(LU8{|yW>}Z1{@j)j8e}lYGi{lH) zjM<(nwH}w(%aL)Sk1qXpgiK|8T!{7cXNHQ63DqGZ%u`{Z$h_Gan~QHlCtfDK+zRJ& z1*_T{d)2sPtPAFcd8Q#}uXb!#%hxatM5h+E8EZ?Ua&}fFT57!wI>n>?j`gX9*@!@H z_*T}Xqc=zQhh@9JCB>Ds*X;NhaEAWb;9@F(7ILo}GDyaJ-fKkF2{P-OY>O-NFG0VDwSrND>ES4Ld|Mt8Fxnj-8`?!I+t zSahn@nSt}YxKG5xX-K4ut?qoIFzY)YN_8Hr^v(qb&tqVy&t3DwMv8;l>!Ca`LAK+i z5()~qtAkm4{NX(h#(D+m;bNM6MK*$h>h;})cqKk!A!+bJl-OiL=l2WFD0D@A%3uvG zt#|zMo*jGEaAls?eM2F|28n9LkT9D}Hq;~8go0xO2GM`n=7N4`FYXWS($?|H_;-A4 zM-j|$j66sHQTM=AB|et2pc1%&WZ%oOvf7j-`rn}mlaFm%G7XlMtc1Ww3T)g1{vxNVWI@AqK2t0?nke&HGrqX94J(5@ zg5SZ{8mY@FwL}z(Nw2}y8FQb`J7MkYsLvBKV>2J>p|b_QpsnD6dm zjDZk2&H>o39!GDfg^V}*HYV(es6L#^Cvu8bQGDU7|1jra)X)@T@S%9TPi@e`rV$-Y zrs;f}Www05ctSF?9Qov$k@?{>LHywZ^FI3g7zO!oOwo=6xToNl!Lxn^&uRr0xk! ze_$TStJrd++3M}F;8$l-X-B`cwA=bDC0KZU&31gI$zyl+{e-cP(pHBm`i5qzDpHfo zxJU`?4vWiay;|Xt%=p5Si9-(~+dR;8FLv}0$fP)*RZA^|6|0v3f$8&U-pa>R=SQO| zwn6$@h@;U2w4l@-!4d7GU?_k7lEj7p=n+H+2y&M7n=v>d~J%qXxP_G0O6)wga% z8FdJDRn@bw&B6*qoBg_-lQGkST=^*4cVwx{vyU@C<(iH6fSedlKQjg;UA-}{Wi9PT zO`rF8Hm8oE2@eyn6!YI*dsQ<6-`DlgLY*d*i;;sc2^P;Q3ZHs5&uubVQ8>y=n6+4( z2{x!|>$6_=37?3YU<R{wYiy%;Usw0e<|fDK|^{;btKE^J<(%$YBwmGwSqRhzf_ zg*kT<*z`M34w%;dz%WAFoA=?c80xe3#Nvs`sYA>#w$S2ZN7kV3m)K6n6WvomQ;GrPbizv(S35Nh@$llT-psL zTP;vJc)u$do^Oat&}k9fJ_&iAmoIyVUsN0AyXal((~!s*gU~Y4jJT*$enz>@VxAZ4 z{;jUbilQI2Xx6LtjFT9+^&zcO2WieNt#$GXX@B;jAbFsDmy~+8<$j{*by`Vv&J^>W zqm``!6Q2Xu@ntiA>6R;rWx4#D22>+9TqW>a@ts*&huy^t9D#E_4=2?`q^93bDH*~W z{$v3^Mgo1SB6sk;@3pTtE<)6G1($P-sr<|tc{bC`9NT;2nNi4F* zWwFlL3AN$4)F}IaL*ypg>fNHGS5&|saw0W9vQD@DMi#pp$Zf6|dZc*kwT>T`%1RN< zXWNXnTpAYEJs!|lGw+j8Ufa1G zsHm$@a(dk*?7n`gsW*d$-7vHAzzR#?q^}HVg}=n6Y*2XUMjpSoH#h5Y&hrXv!xmeCqMmI6t@(6)kz2vSS28Uk?OQdAXN+lIL5qA`Lk{^b*}L+UbDm0 z(<@qUggT>Xa6RgkL3E_04aegK@N)Ov*4vxAT3+f?c0m;G=jZ3D0d)Rn3=NIfgIi6f z^FI2;eS$8lR_TiaAsQ0gTeFTby?ldRZ9G+aB*;I`()u_zUlf|;#|i~Y=swxS+|Dl?_l!r)&KDtAkb;^ zaldj}b7d?@zWE$|Tu`0yopFEE!B*P3o>p4s@pS3W6ahZs3oPPJ*|xlw+?PFh27yj437ThM_Zrk%H~`5B&RqvtmaGnm8)Ei?Kk z#vPTBZuOtwAns{tb8De694C2e@_(Uc=)^McAWyTg9YV@X$+&1elTT-=k(c+HF5~vs zNJo=qddlaWkkF6EFimU+MhT%{T!%@PXm8f?v5}q(yw?5U5}UmIq=NEk!}GC6b@UqY z9JDV0rL;Dc=suNw!nJ8EQ4R-DWZccq9F2SII+h5Xq-@3V=}46X^GDhc4x*=au_cF^ zx84->?Wo|O-cdI#bD*w9+;`2@oCH>TJLzOJy6+&CRjvBkLAcc6bg~uc+!;2lELtzM|aa^n291M zqzLcj1vU95Je94YPUt+gqz6_Yb=JDD9wql}&}tYm`PC;PmVT<3Td0qw%*tA4MP7;J z+sPo}Xij_KvU8G}QKl}ZDwooyw@)^9B1N*N10lPiYV>ithSL!`Yqr)>@mwd4yi=|7)FT=uG8~KP`Z`C%QPE=_`2RyN4LKT;o z3>m+6D`H~}5(Md0yWUj@wJ=2p#?Wt#Q9H#-E^bOOcWc3p;Z~x$@6Jj|ygX`hB`=0b z6aCe4Em}QQKmvulup4@VmC2;)+EAk0;o(`xTL`x72R_-=?E7#cXbB6u%&SOR4yB!M z?37%4@Zf;!P5jr}Ga8V*F9Jn*L(280Ib{l*urRrHmaG=_sGn@&Erc2PBXuF1G(Y1q zrsj}A7Z=RkCkfcXR{@_0`YrFM>Zym2g<6!#uYyY#XO>-ZvdguqseZ%|FU(xZFB&hJ z|K=q0OH#s9hISVo#5Slpk0(4Uk6?;o`RI+}%GNkUDqf3#ZSr~r8w{ys%7alcFeV^n zacsk>iHZ3lE4vk(lb$Udv)6Oy1XR(N|AKeh7GPQ>&}tOhe1*7V6MqWWa)BeW@%t-8 z<4Tf2-hy|@xXMD!peQ@}fp@SQ;IX87xL#H)o{NJ9+tAebphdPa=zqdf*4nY>x99U| zJtv|z@(ZB4Vgcsj@g9qUJb^)l;`0*!Tg~F}$Vfc9`6j(B4;AzgO_LBdtP*abiE^U| zOj=K99dh06EQ)`==-A5>(7(SIq&s{*`}qTY4m;Mm+~x{6SEv}p@cB%m>$h9K_A7Jg z7!tX(SyDm3XH(JPe-NK#HRE}GJRx~qtX^t>uxsZTe4cwuReTZJw3g{J#6XUpr zoJ{!%kfN~gB6?E~_6K3-)9>H06tTQ|WuC+Js>u}k%EKf36~jaNxw*Y_x=$T_Pius0 zo(VTz3e!y#Q?2=1?q)1KUlS}mO2V@pY06eg73xjm(l;$(tIuBAw8LT3ET8$JzorS- zbKoq_FPHF+#YF?_6j>o{ChEM8xAc`6D4S4gP*$xVLz zH_kx)VjKLD^qC=>dU|WML_G2<`z1)#=&b1L!89=G+~uzG+QF$FG)WzUa+iOlk^DQGNZ=o~(OpY~bN&Op^ z-sc|65Ga0HT`jVvaE3a$tayW*T^shD8`Gt%1tR}UKBZ@X5Sv4kGFJ{z7F_PWYHHSq({l2aWz)Cn zCx!A_wx7UMCDjfg*Ee+`&IDXihcuN^C9B$RRt?v-R}+kWY_46EjFno}J76se{QS8u z??m@U)$*Vh*tIj+W!FbP=nx2f$r*=qve;IMxmLM4yMba$SweRT1q=Pc^@ z@j+}?NYU}Z@JbLSEmkJM9GeSQ#T~P~`DXj8v!Ct@ey4grI-~qlRRK3Z)fu0oVVRwa zt%}psHwO0bM0`qKmRGwXUM!}3zGqGv8K;xxgklp=lt^!Cv~LZr8?OLBuQ9{-pgX&P z$yr9yTND7$TR0y{NABwdM^S>RX+^wsvqb%fre1#GZrp7sq47UkI$2G3ynyEKJ~j~Y z*tH`RyQ&m98j|F*_;xQVh?NT61~do_kG`Du*@GVriY;K;f$H)hsl$iT%#DsoGXJXi zD~>`@&OcPJD=uZ1Lx({lSAX-mJTiVK~ zQRmY0l98fB`wbMA4b_`#dkBYavb}ws18Eu^C(Wi5%{}qIloJj&hI&qae7IF?Cxow% zYT~s6pLp`%;LYvzDL;DV0XrpU&5L(R9aXD!&ntefaW2IGT~OV$%UP=KAZ7@EHN!e7 zT>zSUEyMrCz#EN8-KlLGC8(A-<#z9(*xTaj>yhkIBf+lKM%Na3ID%dvg}@QZ?XQFA z2@FK>gxfl%9Ew(SU_*lSnXmkt+-j8|!9QI+Y5zk*>P)IQsBd$+YhUjOHJs0oF!nhg ziZKb5o4|CZ2vNW~rq^lj_mj~c$&P$jz-p3uqlFJD#7`+HSfRbG@dDix9K zL$>y-fAv=CR?A@@5BaUiZbGg2uu^r>!K3c#)g58IA0P*U%7-b*Tq{V+P^<*?Ag0kd zUl&fF;zx9SZ4D%Gp%j+U@7QERP{{@lxX zHh6QYrttcFEz6(a^Hm5r67h{TQlT67Kb25pUIeLA(L_ww_ z5Uy#jM0rYJ=^q>YVyUU9B>u9H_r&S-q0&*5<9Tw#=|XNcM+!G@^5qjt{VuO=jbQdx z1|(?zS$cXJG^~pJjz;mn)55==k7$b@V!Q@}rxI8-?B*KWB&!PkyUk z{}rfvUzrj#_53ei`R}U4;v3|uffazS7$4yIl`aCta-HR+B|M z@aenBZJa-Lh~KZEM>s4)h1oAij|@IJWpfxcjA@tYgW0u9_c0UWlV8F>*ZHI;`smd=&zm0rrx>xIYF)F(QniJ*T=sTzPvF|VY#~%bL{`+`ET6> zC1Bs9SEK+5zxY2l{J$8WxO>mZm+0R*_-!VBAK8B%K);}AD?KnvrFi`{O(F%DcXplf zCsn}~U4K;U{o@L(Aa1W@dQZ9ndOss6$aMUSh2b7L^&L=am35%?w^K%?*Dy!cY>U`pnVeXXT@c5_R7Cg_njaJ zF3A@4Tfmuc94djDB_-f>U}4bg4KFjOD_?|zmHuH}f}B}Zi`AJ*j2aQQ8tKI7zfTEt z5#=i-y(YZ6riO!`f8v(3Dea%XpjnI6aKd+f4ddW z2KbXKEe8M3)b+PEziw5%(EvWqJPl8K_;`aJ*1uI4L_b+}DhZ6Np7)OG-~SNV%xuM8P6a6~F5}(2DZCiV_7Y zLHKTY>dG$1THrr0@+(r=3C0FsU;jlHq&|U_x^7bf|Ksbi7#U;Y$mObh;Hut}_kw1SDaELMh%ZdH0>fZn89t?!on@xGr3F7>ZSt25$7f-oI z{QnQ|?-TleKZB}GD7|aSHFCFo)yH2OsSwcsD|Tpemc?rBM;`O18c!3gpDhL-nxrs=Yc9?>w!%>f1lqihH^H|zmyWRx=}`=-2`Dv|g9yMCep2lA$~@re zr;M6In!P;n{Zvh}9$`+(af1GuH&>{;;(DuVg=~##F$GNA~ zcLTT-J<~%)Ps@#FnxsGX*3hGDFfIlMx7y?2aHfO0TRcc-v)#;lS+c`VcISl07R%{P z09o(V_;OKhbai+9V*`MX{LWXB{ZoHABKTh)>jd0Zb&Nlahy(BP zy>}HY7d@CL>3sH-Z)Q6}3G0{?k|qJCrS0S?`?|S@#%p)~P9VTqivPrlkRqEt1HigT{q`$&^s_cv}X!HMg#=KV{@=)mw zTWBjxTIYW`B>S8#h1w%wTHfIh@%LCSF)@SXS!7e9Q{VoQD?6akG{WOI01kcjr2ZW) z@g5o}wTav;*~+n@L>r*b^)f4e{4|yAx;;58rc+%coiH@d3pYd!B=`Wl7h!KX*Sg|)B2ZwO3@=RH~JI7QnBV`q!Efo@d{9cGwkbE zlC&#~n_csu%KyzW;;AIEjd#pCj2iVio^B!){INuO2CQv;_L@D`pLyJ4i9#7}Z{KFq zL%g2S4`884)v~{C$iMNo#wT*9`bt*NI%0TpbvQU;c>MzDmu`=kvbzTI9`YNcJif<* z5wyN&`VNQm#Ub+Df=VcTHe`EAlE-6b8adeS4a9!TVAA<6)~xR~9V(ChaOIMEBVtl( z72E$&kY_iWZL5jb@?)3CQ{zAQ=J%@+L;4+*x9`2n40r~k*WCk^4B+E7aG~jW|J9x_ zt%(XfyFyyuz^JU6&y=U1MvWWbB~hYHq4*gMlR}xt33JsmB#q{0ESK9|3-;ZcPi%+% zb%d|uO6>N^Y^Cfhkq|Mv<=_u9>2!WzjnyaB;mA$B#*Buk_m&yvjqoC}swaf^zNwfZ zuewi+CO-y~+VWM|r*l?02Iw#9^uuc3!EFTw{Xg<{iD}2|WA?hc5RDHyj#~e`0CuhI zut(ARZi0JFhl+>#$0Lx`K zzHHfqm6ZBl%YFdNF=zGx0CD@z^aN@IA5vI;Gy@O~txCbxC;-)+`W4P7mX(Qu3s@lG zG(Ou^Er&s?Z4En!8AS>gHk`lmj`^d<9!4I zi+4t6Er8P*uZ-L5Gn&uU&#vod*7F=R5eUDFjY0!J2-qpi@;`6@{HVq&OvHqDKmB;I zwK)JF9;TLAeh9kF!)W2%N{6|I^N9uTEe)*nPpDuYllFU%x?{nRB3o-2rX%cVeGxZ6yS%`n#ANxP=e4X zR0iQs6}#w6+yl>T2sv#Q7fM?!c1r+NXX22488yP&mBA+Efa&X|&27L2YYCv_A;Nbs z+muZYU?;vb3o$nubhDpmaVy!{mLwEeu25*$t#w?O=WIE9g)2m9=(+Un1YqEh7&oN| zolQXh0RZdQUwRt~Zh^R|8WaEXuSpyRuK}RyDZ1h1(FXBPk$Z+SyaCyp`CG9qE=SG7 zFfI1R?do1Tz=`t1Bp=~_>vus1oT@f!^nHEh<`dMDW32(WH`L}TgOf3Cq)pi_T??DR z!QQiL)ynOoHz$RU9jhKG*N+%q9?2L~TD&XMs~@|$I-%JLkaxT^oev+X?k#9Fe@wGU z*(TF!Mr_H6&_8zOaG82?d9ZUkCDlw&H{9xgwfRa3dL0r&o!Z&@uMPcT^-m@oIk_-e5nH_x`rmc3l{q4AeR~VG>{ucrE?B zE3xwf;D)MS4!4ud%_q~gqGzWA!h2^zuyWwguOQUT`~?GM>mi|K(wD=zGNI%6yDaMk zUU#&zfa7&etc>A;L;xQJs0y$7vt0=kS7K%uwY((7?0s{6x^P;qkSuL177Sit$lbRq z>WrfDAq11LdeT2a$H?^FEH;G??En^xAEz{9JVz)V_ppeE)>PKA2eNcCFiFsG}R-wd|KYM9GB$mCV@yb2xuYQto2Klm`F|aeEPE*VeBwp?<-uD_wA5`p9=_y1ja&S-3UA&dV#v%4 zA3s`SHEdq?DQW3_bJA9{wo}I6HD#adU{z^Q=Z%>2MFNsvjenGpM-P4aC%Y)*eG7PRzIWf@XGhyiCv3BSUQRVfx%7SX;0&OQrXeok7E^d|MVHv%}X8qLv15 zvKhTYZ{(9gZ@(F{#-t>gsZJWAl2Km+TV!Q{7EHZ&dT&VR$QQQ9Qkjd_pc@eXSVj4h z&@XRlLQl87`8kqLJ}ZejzWYxm14E{99cRZ6ZS2PVNzX=w9%p*ym>A+O>zhagaiMpT zC~7i8Gj%%7f%9{X2L&EQ|413XPoh%!t`tC<;uX+r%Ivxs2Vo7e-0Jmdg#A`sg<~X~=~xs}2{mSL%rI$-|GrQi78(i; zXYr4~0Uh+_oCp-TO>yX8F84wL&4UsaTZCG!v?x8P#ka5e<&0TdL)ns6r^G;^QD z+2|SN0zSG0X8uwWuZ(hKqNz73nj7YeizGw2skIW^`~bZA;_@P^JhvSL`m{4!@3MZp z7+sz%Q5bCGF^9C2*{U~isQ*gW2+7!-%)VplIcyH5u(<_d|I0TTW!f!_JV?><|3L}I zvLgzc>p^TB*S6>sYkLS6u7oI-P|(d;xJ=k#O_b@~l*}D=g>1KETpUkrKd5G}s~Yw& zvJtMce+}Q_t=w(KoGy;y$0HXy4K+hd=X-Ko*`_q}SV{)2Y1Y}5OebEsbJy5Tt0fz) z?Ny}gK|);k!PE|jN15WLJVA=KBkn$1wMMojB##9il#W1G5D1N~6Ybm=#iB}nxdAbx zd8TpPr<%OA8QkldB^u-9T7Gu;`pqdfRQvL37cCYfrAJwo3r_7MD_Knm7YYu z;Ce*a#O=iv*Mb#|#Rw~p^5tk2WmaO8dJ2(+z=i;1TM~TNCTx`6XB9a4PboNhlGHj7 zn?*T+A>0tnF=$y%wjAnX^!vd%i%=9+Hi>&`L9(QvG25as`WhH;G9rK(y_kUPTwqe& z7W!Gu0j{C*mUrK^CiPvLM+)~dY> zr@?0}UDWm*w>9o9ya3^cQYO$pNb3`%Hng=MqRy>8NZ=^5jSh$0_RwnzF1;nbg1-Q` z=g6&0O$M?kv_$TFJBlC?AHCPRS$f}&-BV<|3{hxX3yJE%nK)La0cnyr;g#1_jrZ@> zx4oQ@1M48HhCgFs05AtdgK@FOyK3^>-b%BMt7Fxvf(8r>$q0-Es^Q+l2Y-bIe&Mey z6)02r*KLILujv}=_8u5CdMDwZyB5rim&Gdi9rGD%Kz#K`sip$U@%e?n^p#R3#ZypZ zOyw$w_-xlRaq>82`ZZc4B7JQ~KMHmbY&dlA&Gdvk_SZ*D6O>c=c$Ny3?DL}JON&!b zNkG{eMtVNuhQvnrb6izXW+o12+Y#f7)d6SFWpbiO?vs0@U@R$e^qJ38Ra%6g@)9+_ z`6e&_pFe+eg=%a3aBa#tuOq>-o31U+vfO(AII~hk?0W2E#!<{9OII?pb4IMdn6 z0_ePrd)q^jgvT>uZ!n@(^krOdVJx_+E_XWFdftvXW#D{diAcvSMR2y2RP9CNYFGwagBJicu$R0zZ=;?CV~z6 zgQo$P_C>Q7b(>cAUBj@nhd{ED-mpi(+~J@jTM2n5d!0_Or>fS>2>dyVzOox3SCHiX zN0d~y_EYKo=XL*})_9S#9N+!iu)_tXDT#8EXhxnK@0j;BWH_okKPm|@shhM6M0P7b zxrC|j7SJ#FCcjVN@z7eYd9z;CTq+;gZ((6E6XeEkarYhBDgg>uR$QWJpNjG{l-Q}e7}hvHfiR3>B+vc!^i0j0;ALJ zlbx`xbkCuR*e>aZ2;Bx+t4v|=HY=5K$7j|<)w^8%xjHH58=t9KNqHkOb=dXgItXpn zh0q@-W)yb1feP4D3eQm!qcmc2mM(dDv!WGJT_}w;x{AHddBv6h6>K#)XBt7-3Zk~T z*A!7F)*o85P1SEyBnX`As)*PV(lL#wpOg@lDWT)7i8}x5i?1_=RiYKpufXvGwke(X z7%pKdo+?6l69W;ahtfw?Dk7eL)WhVa^ywD!m2 z53%Gr9~;>-?dt^G1GW06@99zqEsD0r+bCTy-ybuu%oWS}F;Svw?_;aOG(+jScOSML zKX^mi(7G`Yf>)sQphS-tjNzvVEyXxk?}FhqO7<9mN7# z&5VnjO168B%WRaHChlaKyHRT42Nd_s>I5pZxBHz;b%|c>OJ1J+_~56i95pM^X(&N} zFz<@aM%I3K8L`TuG2{Sb5hAk~P)vDhR)dW17f>S`1cDMAegSUoJJaVo=rc%BtpuaO zAA=PvfkjL5TB4WRJanc=KlC4;gPGdhf9cX1PoV z-(2ADw{ky*Zu9#oCz`=r9?d^@OB2?V)C6+djB%0UXVa%Zeh86&7RGtWmCX4e@jkz4 zTi}o&tWO{PSPRFQfSvdp&>?GOXuZDh&envl(r99$^&=mU^rNT1a_Byp_#G!MWP~IV z2w}c85hE&7aKh^m_%J}E*%bjTGROSG0QI}gkA(vzEk}OGTw>TyL`OYe5e=(`y{`I3 z*wM<$;Oa8u+|Rx7Amvj*Nz#o~hw)k8Yc74TZBl=g&aTMdyndw_ODSJ7pT(l4y=QgC zP)^7~=iZ|Mcw^?}OsJt69JO7gOX#x{XQpSPJQ7#?R+k zvi3ie%?KQUosMt|uIyT`8?6V5sV9o4jJVmCrwKCLoe#U*s>h>xR%775WGgW{Fw)we z4UGO37w_fe^098zw=`50sZ^dGG|hdp-Pw9kVO1AbK$rd2THcmaJ!|ayQ)-mji_ON9 zVDo+^IJeV-)Cj6&(*Lz6P`W8cuswv3&LM(~;~;|N!99y%^ck%Xb0mxkr7akf5CM3l z4hmcCewLy08}mL|Us@x>T?mCZ*cj?S8Ld1CL&))ygnx+)M&QS+JZkuxIIt_=7bI0UZM3;I|1+j z29s~bVm+G{?2N$;w3Y!;+tB2tEAobHs7w%`|0H>GyBJL93rfVN7R`IZy;d2*f~@@7 zPAF&83Sp2Ubs_6C+M`hX!w=Oi`fpJ}p1m2bsDAADeBoNEMZX3q z;eNVd5SsaXE!JQ=G?%M3i|k2VtR$y%Kz8y~h7GAG;@p-1K8-!#@}QpYgM6cSzL3E* zLD|I2X@DX>6JhyBv9FyKeK<7ZoB8qEYv}2#-%9iY*k@X_9DrPst}>Ef7>oJ(7h)AW zng+^fkjFd#6I;$TdJu|a^<`|8Hx3LuKU7>e6S13oI%?vn<|J`f`1s2MLFc>xxsD*V zMyVivaI@8?(S5JGAP*?_(pU`5m`+DFMtkS}PRW~_Bm)OPb??V5Fnx!TfOC(nV`Dj9 zF=_Jaw#Mr_HJ7AK>5%x1-NX-ciWx=n~kq^uO z%&F#hXNLc~8$P&*ivpbqN1u1L7$x!I`^d8*mTM!4DSA}Rsd)KN9o3gocVi(I1m}t8 zCaI)DUK4<{q8g|dluzH5A3SdEHy)e=)iD!oYzOE-Z?kt(73ZY$bc>o9M>o4 z+ePD%0(pzmw{Zd8QXKMH0^p02^uE5n+F!CWFG(@ProrKzNu#TgdSF%Mln0J7n{ILI ze$MvBVngBD@eQ&>XV7Eb6UepW7m5X@u~nY-oXVoiJOg&jx?e!P==n17EqM!}pNCaz z+FHWzt}TBkI|*b#^mf*(iDz# zuf8nbHaFleHlIqJ(k}7G6<*Kl-JXg?EqgtA<&vQ&qF<9R;>ml8KfUrl za&AA!-_Tx*C|3}o`z7l&0s^=BK!5VOVCfSPqb-sc9T_yRBzuH9%_E4J|4QxvT2B!{ zxk3Z;Hx0@3O>e!)Md-Sz zz%@5GU?OS94oiY0ai^z=YbHm}Ld9-Yl1;Y9G*pi9n|hoz%&WsgzG!x)SKB8nc}!au z>c!k8ZV^3I_#h5=%_;8Ht;*qX<147_6kEg4d0&E$RN)dd@(%@4I4Anr=#3l)h4-G1 zJ`cpfY5}6#H}sV@-~EH6`6+NZ{d1v-TH%_ml-v^u>^)DK=Q;^>lo|5f%%gZPwdr@AgBHLox*H4JIobq3IKc(8*zxQZ7|D{oytA%`;CKL)gyZRRTyi4bJ| z!Z3t1lZ60l_FfGnn2pjn0V3{?@)HvHGjq_nuw zGIPzh+3)E@6dtO+MG=)Fd)866YUR8)tX$@%w)NyPP0?C+IWK^_`{1 zl6-jN`fxLyM!Uv_cRFUczwGf6pQBSr?K=;`$8)T&hi2cR&l;xcD!E9rx_K{ui#_>D zZZZiVsP;heKmV4N43GIKz)V)Z)$`?Uaz}8AkQ>Yo*lzr3x%(xgCFm*cqN9W83We~j zT10XFaSpIZTE$aSgDcO9Cs9%I6#~y|?+B*1qvNGnu{Y5l`%{)~RpGokeAl-5P|9Vey6HCGY;7bN+o zxBeQ7EH2;!VEvO%^&jkee;KR#BfyIWG_d^-^4gzY8B}`@@BtumL{0qjum7-i^q~KT zy|<2wvfKKH73o$%x>Q=aWN2woS~>-!OS($|X_Syo>F!RYy9O9igaHN^kd9&Ai*w%l z9PjtJ@8fy@{r#T*=5x&zYp=c5+Iz3P_VfBND-|M;m>{ZMbqe87%^ZDmZ+Eta4)&x|G6sulN-uu(K0gjVqlWJ z<~8Pi@KjK3r=e|h6 z3+^Xl*#iUI-p-UjeHE>84e(I-%%{@7s)Wj|7q2AXBKJKD;WMPTj=2PGk3ezZ0h2=Y zxKOGsflsR4d~yoX-}z?+{=X1S~mdpM0^WoR;~GPtyV|!O89c{h_PBQP5+inAq6LxsR3U5Sy&m zo`JWFxjL(~f8*a1DnP41ZLCvRe=_P{O!gnbWe#E1*vw7Pgjb;l4Rx+Getas2@{T@h zMD#x^cOX(cUoovjI{ZP_+Vo8lg1$M|b;$QWKSanxfC5zF)&Y6`^LFQ_2HcpFtNNMv zziEB09MF)k%sIT@^v)J75J;(((6)aGhJU3{@i4&7@-UMZfr_G^DE3i4JtLr|kk;#~ zf*+c1@NTpk5Yv&n>{r=_;ZlbYjE^azIkWdfyJqYnV{xzy1beDmV`QK$Bpk(fJ7D5O z(6IVVq!7@`0*DoXmX12j{iW$uXCFOfXPbQ!wrcfB+s<}20=?O}b^OA4!|vThv1 zcHDb$c0eIi4;DRHvAwhQq;v9D9Vn-xRt-*eKKNF7eKP5GGOk-b3*U3?yb=ULmzj$b zh0bMEvsUz-=o*=q$-RriqsxBlC{#-GUk&}LUKMNTqV{pJU!u%c-@|48NdJ;_xIK6$UGJ9)Zzw`Xva7mbOX z+}%sH4BLA+S(I-Xk?Ql!2)1CG;ho4jgi?f57!`igj{F%^>fFv|1unHuJ6!Q=w0UFVzqG`IKqcr<;vAc!mjtH8S9)6 z9$tPA64*ToFRv{rDG3F8{K*{G6=)AM-v3;$nj0_Et6ZRNJVama%OPQ1S9g_Y?Wwcd z)k#@JVVt}^A4KMyXPPM1JyN=eHZwJqvXMk)&WM$~BImO;p0=K<+EPQ-)f*Pmiy}K_+Ams4-69Pn97iucRt~$q!JxDx(?8)o4InUJpMc~j zi9#|oy{Md>W9{m51?raOM32X)Tsu@4zwnBm4d=t>!j(jx`B&tM-P)lEcunMvc&}17 zkLEmJ;$N{_M`hdoC`!NyJc}>%;K?mbb^A#2WBazBHYvgf0>z(Tpm)19DfV&5^JWg) zD}fA%iqA-uWRwtn;i6^hc=WP8pVf5b;RS&_K&|NC*~(6_l}OX3XqBOJwiOa`zG5`N z+C)5W+x}^~L|FzPh@ku%OzEbRqgi4X-50};Am8Z(gOTa!cAm#xja`O z^$n}{`MA*asaEo<;vo&$G)42#EAV^`MAXhf8H2{YvCt2>B?NX6TL~SGI1xP~)qQFo zRSPjT4-87#+DH8*9IYz>AqoY4t^;1XhzcM{sltdqa7u;o6$hv9M7Guu3ttVHtw&Hh zmfI6*?U5TR3O5^C4B{+^b)|b8+0m%C99 z6Q0z$oGzH244XR^{|E|ZcW78L>wJ^GysT#>wP1#G5jYaR;?2CtKjGMV?qm)rif2_b zsMVg#|KgpoLwMt=nTIW|trvjulXqUW4|-F!*AKsNFc4XN#0^bsQu zl58$1J@vYhtPeMaszU5&HYtuq9p_wYVH*tIso1<0S~6yu{I=r*c?~NP+0tZJ@CXVM zUANhBUn-<+cJccJnAi2Itjlq?qsy}ap6E)AvhHyW+j-e`J=5rT06!}~Fi2oQXkdHB zo^-wr#hYN+F)h*s4(^BQlX;593Kg|;a~Err8z*{Z(6=xT3J;6j}K=xWz*$Jd?`_GssfC%C5cEEf%DG zS{u|ZnV`IeTFIlZ9)za+rWZQM9v&VLp z5F$nzvOD#SqseY@-o1EV7-frog`5uDm{s+pKluG|bzTZybLY-HgzZuF<^@&DTHx*@ znug&hp<{0WO6Z5B?M5ViJ$OMcy*`>0wsFU2Zi(tNm8S0Hp?|vTIG-qm$m!G50p>9p19e%v!+em{^=HlAh?@5}8}st!h8tB8Gz5I4 zEG80uEaWoBxlZhdr+gXX6daZMTo8EiC~+r@dzo1evpV0*{@xZNw=Gv~!{ED?xvk2dDn z?X+lk>qTk`WY^5?{K~udA zgr|RY09o4!qdT?dr#uL%H-O1|SGJ5kr7T)4 z@eW&_MyIsf$K#;$y4`*Ph$7P{yaT&3>3J026h z?0XV0>~{Fb>htlg+tMPwQ$QBTcrHr7z%{R0*BHETT|ncpdPuP3kn_ImG@8P0d}w1N z*?2UPa!<&X?QNPWIj_|=EbB?Dk;UnuC)~PNKlmhQ)Q?bw53SkYt&4JgDSbG}1s#J> z1MZomR~q?U-scG z?dP0PlltNsW`i>jDLD7u8h!YK`S3lxt9d+(vQZ0Qh9m2ph`~CNB)DkcV+T;23z~6R zHK?cEN#3C4*%A1>)UCO=5Ng;Y$O&y&cA2)Gsnc)T+r3lufg1j)+ukWD-*0YRV99!V z!6QXZ{)9Ys$c26BI>@?rU0~6Cv`Iy`%`vCC#G(6Yn^I_MxRwkd^b(@Nu&baXw!v-E ze$Za~c5&*izFx;!N6w|z`!HfeSyws6MeFgqLDK2tT04YH7R>5l`&<{SG_!#_f)67T zgtbXt3R6CVt55GHJ1Ol$cfJMfVH%2j2NKpr5QHSgXJ2FyZtHex=z2Ge#o2h9v37NT zs!6}E{X2LfuzdXY3@63_SkWAMi1{MdF?6?sb#10{J)}+yTc&xTqdd_IW_}IFQ?z+Y zYun6a!5;|pB}3~b4?A-BtvSQ$Mbc$y<56Jxw}$i{nMw?J3ZU8t&nR_z2MqMJx^$qG z#Wv=_8_QSAmpr$$y{?v0eAYgb7fi?G1aE-#{S71M?u3Z!@d$K9zm#YY^P_@ObTuE% zF5_XGHrpE^VW);W!CvV{hccEPXc+LeRqkcde3@ey>Sg=>Jfy?~TISoh;P`T8j}~4`esl2m%*XR`q)$fKP%v%SGi8oW4ZS)A+E|_Bx-nTlXWeQaX^m=@O0VDk znt49TixC%WcLl4@@G(b0BSv37RhN2%-0%uVM3gCz=c#}R5Hn9VKa2Wyvbgu zp6Ivq8G?yO7ktWt^t%1-kW5{5k3x&AtxInC&uFT+&Q`$K502;i(b!#DQ~7+t%7aj_ zG#fGl1G!e|W38>vey*OfuK)NPOn?_gz65Q0!HveeOnDixMLN>Hz|u8OiPL^Rh5)Le>wK$h$*V(ec281g#9oG&TLK(2b4^X(1dYJN*7>}O-WBmJ zUn@!|PXfGUPnBd!&lb|Wh0nVl5V*Acx#nxyqgBZrQHR6nYqv08 z^PQ!`TR0=l^kwP!hHq_4tfYib49FXOR+oY?b*sD;1EQ%A%af!_8~>i!si@_vnfc)!q;wT86hGkR6t z_77D)Q+@eF%qC6hyC8-qhNuTS3r58sjXZB4&F$2dp}9BH?ct2t)x(_#;hrB^aaLm1E`qtq^ImM5fz$my zj`By~6IyNZnsM&<{lLl^F5vPwT03nv@tq$HDYD&G!ZXAs1hB$t9=ZW%2Q6<8!}3;) zpmvuHnWHOX7X$3%8{|Jv1%J#A2h!fGh6nXz6l1>RKWP-wzxAWHT=Y1gYtvfZBFAIF z5*n;DWIH>Hfoa`v%itmO9Af9o%ZGbP;a$(?h&RZB4P(=JDrToF*Ue}JX&M1mF_1c_ zZ^-%ak(k*NW>y(0=6O5FxLA1vg_$7pB-fR|Xgd3$$C$Lw?l~jP+qvaC&mhWoF3j!r z__bNal>5<;>dtAe&_8duFI}#fJR8JFt9+&;wK(owK2WD#As%@h(D*=&k)TzUV3EJC zto^h<6#hx7tW>2r>~bG2#yE?YXovZ(aBcQnli;{>wSm>fTjKVHYt z8{w0gOqinkfubir?$pnZ$)<<9BLmF>bxU0 z^@N41PvD-*x$_PfZ_&<|Y7$&+?rM~&4vT#m>dxGxxw4{E>xuEKV}Wc1D=1dO^z4m~wZ70QPoTgUuZ#NM zV!w(!X1DIK&sWx!w=pvVzZb}6Qqz>KxAMme^K7+lEc_&ZdKmn$+zf4+X3!y^34H-#2R!og;}-6&SJ^Of-_}zcDTES4(_dARH8{nZ z%gmjbHq-h`@DL7%w1=(jZ0>u4iOtLGs=@0?La==kKHE95i>J!sE8Z6ta31y(2}Tz= zl{c#~tRp|?iq35rlfdx-VgqIl1KWfGJ3y^^XK?Rc6W4d8Zo`dNQ`*u==O0W7tc2i= zw^~qW22gN02A;gCut~saP=d^6aa-#!q?;m{NA$@MndO{44#pF_Coz_zB|lNX*~g*ChG_rKHe5? zjaO}s-H(g!e-#a(f{JObUMg2;Ni1%{K7t$zCIjn8uC?Va1X6IegE25_?aj)qm~@6I z3QA@^GTqoIVu|U)+Utxz4Grz$g+sJQ-7wsyugIXY4c5^*R(szLJd$Z9WDZ-$y?A|@ z%mHqJBc*KVZq!2c#Rj_y15Tn?&v(cb&*L`4Pm4)Tw)!J6aG8sw4f7#TKKTKwA!|M? z_r+TYW^glTnx1rny@j!1JCin@+-u5OsOhWKk*Y~GIqvkixP&hss-@Obz7ZByhNhaO zH$uoMDFG=X=ka|N=~qRKo`tJQkv`+Sq^;3L>9lR{5pl=p>B6ek1m5&ekMGY8xmBaY!+7>^f@?icM}w8NxJF2eqR8YJFrD! z2&)bZT=%4Qj;nXyO6uJKvS@RHnoFcD>IJ$8(c?q>rj8iyz3$~t?i3om#AaVZ66@?{ z7dC0-_M1dGu+y21Qo$9Ooj;2{apS*I6mqU#*&4PZVRKk^i+#i#oN#_QYG`}L20m+K z;A=N41yPJ>vt>SMZZ3nHlj{i2q$X!YK6a4p%@spSnr~Kok*upE=@)F?$54?p_ORc3 z>4-vto)o>Nl7cVOW3bL{>a5%*X0U2!JMd)tGodKd+(K5xO=iL8QwsEe2IkhicvnLu zeEpnr+*&G~f;pRn4_YWHsgU^OXZ!k*hw}Ks@J0A5l-?CSG}HT3FJ)j~5yKm0Zk1u6 z7n?eKhs%Y&)LUAEL|~`>^nVy(*+sSfue&5nsp77y8cK+H2?qyFu#l!CtEEN3ciej{ z*0S_xy{5jhC4Q!sS~T%8c5R=vq`PCR+Nwv&z}4ggqArq_t$ZiiVm2Bj>mK+4ahMIk zpB^$x*QPxz9LkFm@UivI#{4`OBGr(;&VJfV6Uaw?IsacM%ToCwM|}X z-mn^$$fj?TJgH2dwB~?AVtRVBdnS)*u_VSvX+6^Upme@T5KZXZqwgBF0h+9p=u9FWgW7LY*IWIwdri4L^7-yfWGExf3pn_}R@aL1lhA)bEmMEYG$` z^8ND|%L#=4qmq!zaP}sdZBGiS&@h)>^$m5TE=?7QUW~H#2Qgnn(kPKC!)I>%?(){v zOYOa~VV3E&p&ZTXli;S{=nKL&-=WL*4RseK0s>#JJ~LA9cc$!J_5w_eqE2sKo;nfq zBpa$osfvGkVOATdprZ>^}&EF1&==84>urRHOLyS9x#8pAa~n~ z%DaXpN@&UTqlbZHgs9{4u=L@zl+O|`4KyF#x)H*Ywjm>{wFA0?2GwyujGbrRTAt0P zu2fp`na1cMda+ld>qdi#H!{9yaxv7}P7czd%H}0#z7D)+N`HMY7%i%7n4@6}VU704 zzuzc>3Q_!KYjoc`@5m#J_-GPpSq*#d#cseHwrnF&SF@4u!UaqCo=7kDVQcKRiHYC; zH_TxZ0zvUI-7nsru;E9O(C&#fM^%<)nu#WEV|yPDR{U{3y6Ca{%)Z*TWxD416ylMd z$ZD-#i~qBVHuA4ig9ZWqXoolgH6|4=?d~#Fh`$d*GvIsuEqh+^tBl&EQ5MC-OFXGp z#o&tLJ#UQ<@c{);;s!MbW$h;ity7>*xlvz2=5!x;ER~&)BJ*Lq>J5(-kiG(Etqc)h#75{*2bsrdH6K z+>B}taO6-7*gjoRzvQ>)~8X$K|Q|DJR4u8P`WJWXSkB80S zkf#FqhYeiFT9)ae^G010TQO3sXA*H*-^|k+N#fQu)uj(rt>hHYLUQh?&dYMzAgWqG zQ#QER(=KGYm0`gjN;F#YM#I96Jtfj{xMz5mldoSBQzeE4ug$cy^b_G_oK5$_8&+O> zO^!u;h%1@~R<|a@8M`^0%)2-(rbd;|1Dju@m8_AWnSw&mE{FKnM~fuB z>~DtM^8LrYfR~9YZT2&*rni@L$=+eJ_psdeqq4tHt1~sY-6d6a*Y}dSVdOoH?7m>4 zv4ogf=SkSM0OY$g&J}~T-HzT}8!_T~G{Ii%i`Lk%HDj7T8BVHrAr_%kL7C8EMfLzC zZeS2d{rD?zLLAsmxTIYLX1|aUM$fm8V-++@)ca2(W@0p=mz}ENt!4hkCD|UKyjSr9 zbiK#N^%sU?JZdhH>`1$vSbc$d<0A!O8QL!>Wb8sYO!F4pKS|lyzF??#q*;vVNMAs*p zpbgHPF`TpWNh=`B)S3pDqCl`SteHtJTW}S~?f;M!PIsv$! zRf9i2U30DqvuxE@a?cM4n%#cvsbT_eW+3Hj?FZpA_C$Ub9xlp-+RbGYI-V16=C*XS zyN#?#w-|i(O+tk{x@WyL52!9sRkFn&}=9FV9x3+wolNLfNqwqTK0S zHHv~4g^_27tCrqYy#z;JAnEb0E_MKxdIGje!EbU*>Z9q!-Mb*Ue`ctHc%$Z^(@uY! z#A4II9bjc&CuclTY1%Hp4-r)QCEeyP{sG4{!5!~jiU0Mg&jmeL1{EXdReWO(ZI)-h z41pT)6SdE}d>~6z&*AE~-Cy$Oq78kvDXar+fxX8rQQu4A=B=MRJ`AzsrCnaHmVLU- zT&J~r&*>@yU7U-1q7pNFhs0`&DeP`QGO%kPOL{P=tfH8#9z(aXxP)xu31Hv&K~Y(i zAD>}N*ai&iIVbOu6Vj){91~--T)TBX5PftHgOW@*4Q@*>(Ee%Q9(Xn{8&MQs5n%m7 zLq*cXoj;pA0NM~d+?6m8UwrWr)d^POh<5_ir!uAbk1PT^(_lCBiBr$K=BOf*u@=E< zZ{-qBUHcYCJ2Ae^5E8Rfi>ITTAMd-^j>A0CpxZ};dIW*Cr3SSV%dZ?*+N+?x6jf-3 zE=i*}dK)g90xZwY;GAfUu3L4{ezpd&nyzPOnmTM?= zO$JP%g>)q>M4e-$Z1qbsZq5xpE7ENeirNA;2WW=_%Z^cxpCOw z?ctfF!H@myp@=kBn6b}DYZuZE(~m9ovU#sDBZEd6ug_{$lRuSvK=iEygV_Z$CYgaV zJ8O<)JI9ou{GoQKPUA#biy-$?k`kVs3*S7tco)3MR1@;j)mF#RbK?ii&dXw2Pxfq0 z1i%2;GxkJZ7ECk+q=Cvx<=6A=Gv2SU0_!#k4@W!24P?NfFwJGcU}uaz=(1+6cLE;lAm z7dg}T7GOc%h&9_sbI^Ff;|v9ixl*v+N{F=&G@gr{cD#>w;$2`|QS~;FX(3F+^D3RL zEk`cR^LTg6Apb(2dj3-V^zuMKEMmLfuwfhJup=IRa`)^4^#8$aOLRdJc-YIKFKs7 zUJzk!mL3f$sDqUrYI9| zHil1bOQxA52es7+ksPuNoG6?Kqy%$Qzg^e1(}LP*3?h0iFGsQ3)(W{tywY5a4Vo3U z`Sc$x`j-To{&ecNA%zR_+UOCwMPTBZ#ya}bhOE~ zjvIH#p#tq%T~f{u*5SY;(v|q!$pT&z_c`Oa!SqaWtvz0PiUBo8Ix_IDA$SU&7~d+o z*!53O@P^l9kYF>*AqPp6jd|leQhd=mdnxpcs&inAo!`rCfi#g#cx1VVt401$!*1@A z34a*$mA;u&#@o*6lWdBnvv7jt1x}hz&G?%jr%H;p-7VR@y48AvwP20GN}zPf6sqr2 z{Sx7o4bP1MyB>P&G6^Vs_AD=UbPO1rP!5VYkpPlRfjCSlN|6Vmq${BN1zEm}O|{p0 zmsbdZ-N{pfdTe6WZtcS136>;&l|E*%}Isb~-Gu^eyAiV_4B-H&HvJV1ekg zSMuUI8+<|F3qfk#qAC(I$X0_T5fi+p85?x4iM3l|3uZ_AF&?(8<6xqrshH{kVX%F> zJbQ|Q(e*JCNZcw)R)fAlOyv*4q~DFJ=mdw`yiMQR_duE#|YF z?zH~$w*Uf$5YZBm?_CEn|j2E9mVLSQO<~3E6oL! zgFlWciD{_zG_1>d(f*F+@~NRuCkA%VGWy~I6YAoESDayM;03*>S1`_Ar02dX@=}8A zJ)7Q`R@(g(+v)i-(R?=x9uT|PY#Vg@xT_$Z4$9*mti-vaKGrtqEmi@n$RSUZ0y}lgC5{IcTYbsm75S27zqERPyW$6aW{qT_r%Q; zG2^grlN=4UY>8HXXrH@)w{fQYtS@zI-R1*lrg)EXF9@^QseV#*WKzFr2orn2&0K5v zz9x7H*oM5RfUI+0^%h$OKNzm7T2pN9@T7K+Gc!AMDsH%%V@Hu@j!|n2J8oa^6c$KY zPEGVE8~Puj$4Z{zemF;+Zcm zsjh^Bq$`;D18$+vGsVQme{0kWyxt-IvyN$NQ2@wG9s85uzbbY8_cdSw57Z>9_`3eh z38g=jCT;~Fr{>M1wEk7$_`i*vR{7?XfkIqH+P`qX|9Hc{zj^a3MkiorYA@<{uLBk` zm{SYjCp?pVv`_B(xc&~`wg2WY1ex2(@9z6>bKhOp|9#)DkqW4L{*C@L;Le}!vdjU7p_@emHcpKJOFS8HP z+906wkK+EuyZ^9uz&Y4%Q@yKYx_bCqZx5JJ62~xxiS<%v{rmC1d%qRdCT)rID#?G+ zz(1b_ga%>iA_Y${e;-1W6#xm?u-pGr;QFU*naB6XBxWy0D`lB}-!L6O0&A5s>EB0( z(hMLt&G`zxK{XVyxo6ocXS);ovgoa*yY?Qc5t*SHZd zBV*L{4r{#4=Ms4R{76afqu;-t8@0)GH(3aijY|hT>eKJPGNuE#zD=q5%-YA_+Nd}g z;CX}Mjvs&DCpxS*)^!7~7Oswaj{ z@_W3d!3O}%zsUB^!R9X`82L*;&YbbuDB=vi>+@OP%iXo+WrW>Qrv;Vlx=IZ{il)BH ztCIR9&vP0o<9~+54T1mw?MSq4;qBm405$yeKpgX7{@p!b(rTfKGMTRw{Ygnwux|Es zcmn`zo$L&;Gy(ABwaa?b0H|ckj~Ql|L-NZuIg$JWWElWggIV29?#web6`a@dA<0JuRU0GIvR6O2V5_GkgvnI-@VcywvqJd5j`S>ir<5?ZX74%TfD z3}7jDYdM-w;ClTvbQ1uuy^dHm{q*uR@cAf!G=kR`U?u1UkfUitJdZ+gI9fPo0Hh>P z^fiDr9SHz~UvgPZ6==CFx~$z$WeQ*IcRK?3?BGVl$5cvZISdGVYka;SfY@08)DbKcR~T!nkQdE(fQiE1rXm2>kfEX0#tLO%WiC$Tf&~Y(=qqe6DJOI_kD=*69<6$e3!xIb_1g3!xQO#|dw(_cnPD6ktk1!@-i9z9*TO)u1&Z@t# ze&g1>I4ExjH9W`}UM3UCQn{#Koz%Av3%$J0@FMiXea4L_-c%;%p8%fSH22*vW{(rKXAHbCmpSAE}ORQUYICyAcBWa0A3swSpC-Jq2nzy?kF&$s2V4l!$5D4yAA1AHqle}kqv{(bOqxZH#2waNhqEP=OU2-H zatb;d;a(leOEAQEpa56k`)rdG>4WU85O-CSlX5&l+|WV(9OMXkA&j!=3iNLS03WzNM4H=p!EI~(D6@1Ba%8@k&M?OTsE zuBnZvW%yDlp9=Inc|x3C*w0zj_b@zecz)g$Vrv56ie;Eh19+6{?V4J~@3r$TB~f0! z^oO09i(Sq=NqGsT(bmC~pyO!2dW%c>l+)oJ|N96E0d}Sjz0F?$q6d#TCuin8dP;Xv zaNoYdL>ve^iTn8>g9FevP_VugJ(xO4Q`j79=mzn94FLJ=qY5&uqICRvx7su%@A#@D z3PkKa@Ft|*{_1?xZzSH4fpGdo z9aivqf;uRuF6VQ?bDuDqt*UD~A=CuDxBXg{U*dn>$y@8!;v*Ge8kd0*Ji>?~kVauk zx<&TAUr7r?L4YvFyuSxu%&L|Dpjn#OS3D`(Gl{;}nL2v{}8*jF`gbWQZQm6|xgzQbs@ zhdTwP?@AiJhk0}`bXxbzH*6$Z%be~lvO*;8v%OM`rq2XuIWnR$u6{6jc#VQ!C3;{B ztnMn_Z>_Uqe2U0qF<|huXhW@A@`P!V%Npt2yHG^eq$l?UmSSu-^DUN9J=Gzu?7M}U zL?GYw)JOIJeGWD8fR;#!5*7_5t7!qD{)Z*Lua-oF~)3Fp^|m7L!$b zzL5g0F4R^!VvaqQ!ey@>;`Z3W2c<9<#r)*MpmJ8GUPl7WV&x$71P~B^m?afBjkb+G zU5oJciW`zFM2<)M#wEUZX)9-P-*E__vM?+)iL2w>d#w_hOV@lW>rrNn9g0*c&ovR4 zC@?n2>y{+P7b3D87D1iRupbvaE6PNmDyh;>^j%ePT-l$R!3JLICW^#~YzRg5ZQ~HC z2RHmq>BG;C_^4K`PLvpM!J?;kA*{rdQW1#YF|7R3IFN$vmmo!L;hq^~9nsrm^kvey zZtx{X09QSMYVbYm^F2LzPG3DBzI&+it~LIA!9kq&NH~Mbf%Trn2UJDD^|&i)35;x~ z7e+***4fMBbnYkl;>=YTnCYGX24uD$^7{Pn6Kx4 zd6X}fW=1WE;=ukC{(v+&z6aqE~+}Eh^wT*}ANM za9!o$M>o{L@iI}Li>bZldx#d-)sGyT({Xw~Ko18a2IwP(KbWNZ7#nfyTJuhg$~DVD z@^aZhxTm*Hcd-~#2>}`}SJzPcMDU(~@O6QW)@W1gadTt6((KG2 zeb22g9zBF+fyU3BTe(?pk1($h9ke|An1i98H7lSXBU@!Q?$l@?Xn!>5u$gVo`{OI% z39LU=2cAaxo(~#sAijC$zxVsH*2l$ehD|DAPInky)i%ArgDS&yLO%VVpu_+EJ9E|~ zZ9T?#;Ze(n5~08(YWdK{n0o|kYTcJsjy1l=OzCQbL>Y2yZFE>gPPo7YRu>JmyiuAs<$@hos+qc(`M zw({uHHPJ}~4toQwJ0n{!Uy*(v!|RoI_x7?QXLj7fnPj|$<2a&S!mU& zDb19OSsf9PkHNmc8C9Ks;g?|bsKxDb$o{qbsX8eAJEL$I{AnQiH8A&BM{EIPHydDd zXu4V3aj8AA=5R>Ist&ZZ*QbZ)ss5USDdd}%SwcL54w$Us1}!rviuC!L!k`#M!88_-K%Dxs&=wO=U?tu<&6oT6R8ex=Mjt=Lm~CbP zZr6VLuqH!C&MJyyO0AvYxixUvM_ zC6xLrVMJwk6jP5a?ptYj88KWQXB%d-UpF$W+I-^QKa9d0OT-E(RG=Al~m4E*(O0=BJnR?Dt@i; zrO$|%cImi{@k7QwiiCaN|F#UMfob~g3gyoiGGhu@s@4%JXX48}Ns&gpy#a$lt?Eee z#0{U3U#RPl=R4P)zBn+DyObp93JCdx#^~eYGg5uQVt(*`i%6MDfh9F;FWkssv zmJb#x6}7Q;>J_FB`pM{-`_-z{%TA_ql*2Qc5!#E(7GwisI9%*vmDwbQ+x3eCN?~Dt zqnsh8IiUpZu)KqfBYs1=hn?y~>M8vwW_oWSJajndlpo!RGFY$Oy0liqmnlBIJGiWU z8L{V9Yq8yAU`4`o`2K|Ivmi8l)RHoV^rv9r?1!fzsY2=CRJEfhRYb;Ci^B8w=1l8V zTR4oyb5rog;^AHe>JBYGZREQ6Mh?@V#{fSa|Da2J!hsqvZh}yzTUZyFO0P;G@>Ef3^Kc(rA+>XOV19>}63qyi6QE!9mArB!KX8i^AH#-m>U zl2UbSKHCtbI7uSAh}pP$g|xQs+|ExORUhPl9X5@$);=Ywg;jiARddcG)P8BorK;E7 z;L~2ujv|G8OGT@f5wg;Jv|HA^H&8wa zkPq>+oe$e@m^6PeQxKcupYwBW(Grb+Q}_m1BCA_JR3*0g?zI+s9YH<_UE)U<4#!Yh z5UJzlm1DG{Qf!j{m@yl;bI|;v{2O71T9M+2gRscp+w5Nc*$_^ZAQFI%GH5h{Sxf9U2Ml z;&Z&)&c+ePPi0lxu{20AVE4-EovBxb58q!eStdP7YHvyn(vt0I4Ge%Bu6Bfi-1+>N1amTfVu7)>$iRR+xRUUE1}(m zOi$$;@FzIvOk!7b({C@V^&t_|N~y_2YL7g}1A& zYK`^V0qgCn^TBGgRS|SuU}pNc8MVkm^Y!KT#VD#sbIem-&;z*jJ1D&;$t#K-^P$DV zjTw5{fY7LC1yLQ?tR*pSc1+CiRT2)H2eNOd?jH4jR*)xtcw1#>vn6+gq6aN|NaaM? zNF|IJ<^*tTtoLBXeJ8^D!2P+W z8C-)q+-9GB&hPGfzrFAGf6r8PbyauOTF?8g?56Cmstj*F%F%Y$9>Yj9D?cXMyhUO& z89DC!dU4!Mv8A%_G=weZ0=790Vn>ytMN89`n{-%=S`D?g!vaTQz0u*)u|G&KXubZ% z`B0u_GDE%lGDjQ-oj86!1A`XX`uou5P#7&^0uxR|7^n^5<2rcv`{<|~3>U(0!nLB_ ztsGRDek*BFj}*h6Le)m77QTYFH9L6gXU-OgUekX6?fBX1wN{F|{-B87XGF)?XUHY% z3XF#+=57AT;TEA9H3o3-Hp_DI%XewU4^!IaX+l`< zO`WD|nK_);^9h#4dx?5DGhCJRlXrkOUzYpMY`Z7I)+>oNIZ)*i@tmPG6{_BV5xR(|M%VK7&zbJ>EwgUiPM6L8O|)7kiQ?~f@j%~)p{vE zg3eE?e2#Iq$hC)M#_)59 z4xg4=EBFy~r!*vA_hw$n(EnM|L_wilYl$;CO!PtSM`o6B@5$Kpo#HS-OThrgO*}nY zz)qe-6uq`nvHTPcoSq;fEU%yUEcG^b%#&tkTMw7-RP{5@w8|Ku>!3It7w&R#E6Y8= z`VhSIsa_76DRdf(D{Pb4a{hGsn!8QSoQgw$ax`ish~7P_gNk+omJOv1KT?X3yz zS3aOLB{)@-yX2pKEb}=p(u-Ur`_a-_*C>@mhP0V~No>>Ei^0n=@&--T=n&`UrhanZ zn)suFe{a*gdv`Q5gdEBNizRQnH~?0Il_bhvNbT3%E-HtrAsu5lE?ox&2%BN! zbc|~1egByKoIw$yqh)+nRGCXFXs2N_5BAPO-90-U?&(t1SnvO1-9Vy30q8c`83)ZV~SpG7YVQ6S|4#R z{8?a;x@DX>m#^L)-vdK^pfPdoC%&(GnY(B;+!e7%moGPCDFPHX$Ttgh)ATk4FE8 z#g0yv4uS+F_Ki1xGVXoT!iC(q^9`DbEWF!4(PL4LQ5)Oy@4LU&x8Xw> z_)y2o$6>kCqXjCvv|>`k92!LZjc>D#;`{K{z8jIHvpyB&OrO-d8qF%4gl`!HJs&5f^v zoW{IJVp+PFM`;C(xYLYE44aFgz63>>qd_mf^}xBNNAtvF#M+s0hX2ltRm}SW^Bes^ z^M*t1g0tDM(hnne{=sKT?$QL#OlRS1&cluYoR<6 z({>fP!N2qO32oN3RD^c+^A)-qrkp+cY5hhMtq7jurdhosQQOgvh}g%3&g+p7Ce`tT zl1U`cn<3}M*elq{suo0U1QTzj1MUPmwK4aVOe*nlzo}kk9N=Wd!x-ED#vGP8u~uRX z4P;lqxGshb3&G#q<@(>XaSEeNOK=ZaO~JL5J_t?=BH;1es^&9Y%39>w&1v4O6D#Be zk8z1ovz4LdKKltf#DtUO4U8x8^O>pgm&?^AzcUB_j()4yhKE4C5J_Q16tOM+8m$3s zNPslVr17-nW3qe`=VoA(w-}llVvl`H?!Jt`<5Q?t3M09Gv^1gV6Xb%Bhu@bEwvzG- zoD0uhphX~rXlRkDF$`{T?#y;sc*$hY_&uj3Fa@K{G49gr=)CQJA+AY3$$LUH+sZ#W zJkCRWqtKmRx{;fzJ~u2oUsffmY@(v5#Ha|GHU29PHkh;1eavl@rJ?r6j4Px4i;nVk z=vPDOXeWAeY{k`CbKMg7*@=w1#5dZJuCSQ&b_Mu?y$!*6>RQF5SJ`^{s)2088h<^; zjG}{b;=CeQ$ATgN#Ne8C3ZWc{Qf)p{y2@c<(cb8SOj{;#nQ7lhRry~^dM6*BncE|N z(PBC9tZGag_zoiBPzYDI=PkdU066S?b$4`pEU}q4k%$UOI8#`axQ}8d;6n*++{fa_1nJ2f^X?%NQ*xs9 zzAH?jn5BOk^C?KbfyQnehE(~A>hd7q9mjD8e^bIj&d8H+qM*)We@J|3DjmCG-HG}g zub|-CM=rA(i;~d~9D&VYYQO(>THjUQMtj>!BH4FA$>dMeTP=pd3H;%QIB}K4h;NFW z-XRfzS!{UoJyQP2~{hp&57Lyn6yHSb0TU-SP*4eYJ z(5>@#Q~YsGuBZsz1DWLRbN;#Vgvj&IstyXrma3#LZ#exl7TonnuT*HbtV@^6=-9ad z)lbl_cvAmq?ifLZyiHGMrPs=gIo~oNT4Ln8jfo;ltB4!tf)t9rq>ZBj1?L^vraiZG1Xq5*WV;=g3eJ(2Rv?E`KnxnQ$Zs+6;wL2MI zaN?ke0>_PHvGxCp}&d(70Io!{MXT#Ah1?syhs&y6Npg9d>oAfeZcv*IPGD8wt86CqeYY z0@cI;pEwpA^xwu^$WdF3J8X#1hs$ndUUhTB3=0to7j6_|+wLgEP!h$k4qucySA3>> z9g5M(8Gl>A_50V1V&CR!=3Bn!0X&!ZvujQ%v65eb3|d(;>)x0O+lPYNXzR=Ml@7Nd z#};+Bp!Ye9mjc?v7DA?wl7)WMqn9ug@frL#cycc!`H($p{OuR$;nAU(#K&?W8W$wp zEJvPBprHdG`Icm^8=dz_857wQ+D3ocSWzOKuF+KiO;vA*I8d{#Qm0GH_!dZa8mtIe z>aP~VLYrptm;6+if$J9Zg^(=B>LoHgAN~0&;_+cR;hGyC$HBFI={nJ$3u1xjvy5?L zpNdgUIVtIzyN=?6;Q*G6@P$CkZkV+BAezQ%>)q93? ziaI2ZkhVRw1I<1Eb**sYOns@aOXYB{iufii`E;23lPU7y@_T3D;p7a`3%+(Gpk$O# zFw$abiv@9PLR<70cy6pFEMq}bsBtxF3D=r&=brvqUfs~b)lelwM708Ygyjam@Y6o7 zxoHEr8^J1@+|jT4(fs@cGnL2S) zHUFYuc;hacxAi*(C`xNj^|%P+ORqis;MvBg8CJjBGeOz+Wyeh&a_l%Fj}HE8w+LO^k4@d7j%USu7CPxLRFWrI#+2imDbDltUrwnX-HN zO6Zt+%b`dqBnTBqYRKr)dS^%#ni!&Ye}$}G=%b)`9`ox81rGAeGx2)mTt-a}8mb_h zDPSlIxWb6(wXNq8c;5*u$&x#bCd*~$eu0Q^f70Zz!twi`&Ie{!bk`Ndpnd=X@ z7#s4h+|Lp<=d6+isFDmrxDYoJ8zY6B979X>jk%4MtO4{Pfl|;^PA64h3?9E80eANK zj?>$?lJ+*$!H0S~mA*RGYx!?km;uNb?*yDs`=j&x-lBI4U%nVutwHZDaAd=_zRn=@ zVwX(=(68&$6f0i+3`pd+w*fKZ&Qc|gHq=2#(=Uh3q!3G@pP9O-wc%m3#ff*8uMNnW z*0|*t;DqFn+GpabOKiTqLB2%Ko1_N^2Ou`*^Rn<&q0S7ycDK}a1SK-OAAYqM$~WkyB&?p#5Pk*4C73@uMM1FqbkMaz5sbs=1Ky2&bQa7XagD3By`eS3{ zI7mbhi~ocahIYI`;TV>I`ffl`x@_!yw#UIN;I{YAO~A==Et;OgnWE9cJ;3lHn6nSD z%y|y+Z%rIlly152I;uv*^T1^lybTU@mq@lP=*NG#1UP%G68&lPQ<{_f%;#->bEv5Y z?qce2pC}KZNgKG$71=VBJWZ`)ceDWUHQ0a6Ay`4raZu$ad2xX}L@j`{JX%|C;1)4L zK&2aJ{*im@_t>7DB1W3|%9O5MS}Sf{tJ~ITQ>VB#Ua3X|Gyn5#8LqhUK1ctyXQjiP zNHXjQ@Axp?2^fGl#wiuBr^4~ZNyDeVP}!D@ijojhdinl$Ml|Ro0|;UepjGvAbmkA2 z9N-qZ?VxyD^7>YUU{*8f^b%|h%Ha#$okMv z0n`|DuiAYZL>gnxP-9C>p7!4);c4nKaaz7=w1$qh5`a)DNqsgOKp)FSW?^NIkq@%4 z$$&Ce3}KTVAwR3G;oLu#HCn=^+}>L)4n^~ShJ=8v-Y)1b)**Vgis|nDMMn}@=;*~0 zso{>~!|CYc$LBRWeEPlIG9sH$NO{mBo+Zqna`bp!rt#w75BeXu!ukbkB)ZdRxzM}{ zy-MbFBs4Cdrcdh!^S3*(M<4u71V2$VX#O8~_edO)T$+DgYpR2x?SIk0DVPWhpWpH! zhvnsgQI&m&vmE?}+DU&r0#r`DLMB{qsU_8}3yIFtUm2rVOSSk7MMcn5D5|nR#F!S9 zOvFI{RzABv9jhGv+i&njy~6U(-`geswaraj|8=}v6JEGcZ7w^?7A}V?BS64rcHtU% z8T5sLG@Ai@MH+X(4H zk#vX=V60!7UcqXztvdiV5d=c%~=;7j zB?}i^25ONW19R+!q*Ju8EF#P-)g~d*QxU8239~mcz_LgG<1Rky{Xf*%zk_zGEDTdkm`$z|Rct;!TJO+dx z1!36CN+6Xy?7!#U|AlA+7}c|_70yWMrbjbJ+dLa!pCpG?+-T7mTD13`X=Ci0?;fRf zJMD13{J#aZzp5b7C{VG0nH`kR6i1Aum1?@u>O?u>uKW3_N&(UHe3@ph){X*bc=Nh)@_)Mhe>JXy z>2GrZnX!2cX3^IjW_N%8ME$@bLiirv1GDpZL1Wg8?7Ie{Blthu=T~Dy;2^<-HCnBU zYd13p;OZK<+Y|M>8hTk9*uYFna2>KP|F@6zf9BOcaqIf*|M#Uj3^YDlRv*ZKJr~5mNZ~Kmho9%sjA%MEIr)|IWABJkg7!~rc zpXT;=mH<9p9&0(jQ0_RrJ(cHZW}T64ilZ2Oj0@|`RJ!sMP4}>fzPg#_39Y_iRc~xE z{6+P5zw9D}ikyVlQ}4R$O8fD}FWuQZAOtas>a;(jg0gC@4*lO1Hvcmp|9iBO!rQ9c zPJhU(t-1!TJ2sr_2z}PI{XsZWX2&#^)6XQYL@X*0=ymh4>0wFt_&6B*xD({sh0iFwxIjbrb+HP z9?J043OVl2JtCgS)YZfPzM=n5IoM!io2F!X1d8L9QSFRzQ5p#D0S(A2IpQ@MoN=5V z1g%CKfF@{%yM>P;S@b)XpPtp`D_{zqzGxKu4_ajZO(i28p_8*)cTUX(`&2FWRqg(e z&tnfm!if<58ZBnSGdKZ7c*r<|cE9OU{|59C6A059y%rn()1W9L#&)-o1<-s7$4I;F zPLRK_K2vepYc?xhgqOI1_kX%s4s^~mX`V;G)`n!7AIoiqb^hB6V43eRGu{@si!%h$Ub>H{Y9DFZo8xi^73MO6Iqw9*?hq3 zdB<(P_v<)z1ZrT{{OZYuB+4pywd&R1}o4iP7>m$`#ukLV2W4BVFcK)}=v<9bePgh;Ggl2d3 zeaDVqLJ#|+x$4sUE!yL=s~zwOg8VjVao$>D%@fqED{@Qzgn0k!OT&m9=V~|E-1tmQ zsjF_iF<8DYd?*O#_79@!Ecu#`l~SX%D}ZGqTE&*APR@_aIy zT3F=?{}Yh-ub<7Q!8WqRBJ`QJIi9*~AvmJ&wDtmze_}t3*EHVkiPmN=FE-J-=yuI# zk2KXvaQ^3ZuI-Ly#J!z3Xzr?beFNH8H*6{A?{dgJUO$y&Bf{@y?X+92Q{wpBjN|~W zOTwBEze7sK3P}^1H=7nX-qzWo$nOF5x(rfh-~QgKCo;m8u|$1vm*wf`0&EJtavv1zO3((O(yhNlwX$yG7 zL#8#4Bl49(3W6Ym1cs%CwV|4fwJQ$VJn#v23Rp1xxN)?EXJ892&0O^nagkHe!2Ysx zd5UT#744)6R|JWVXB6wK=ZdWgOXb(&LEhlHvv9(bl~nB8Qsw!oA>rvTef%Sp+f-I~ z;3Fd;|KG4_AKX2g(^T!v!MkG(g#njEepvTGa%=@?8sWI)hb3tRXQIUduUz;NXU@bn zOcNt?6t|$8Kj=K{f%_vgeEz4^$IN)_pZgz2`!MD@{`JWAkHrRnD1^!38fV94J{qyq zGd=pz8dpPKg1W|9?@XDhCO?NSgcki%cuB03>D?^_iWOO0^Ua8i6wGkvZK)j%4WFBd znx+WNiY<^TIPC8tUfg5~u%FLqc|-7UH^sMKI}PIx+9$sEREX51XysP)+zHci=vOm7 z9tuDG_K7^+^wNCHrrcV&gJZ1R@zHB{A|zvoqgKCh_LBFyX!M%nxeFh)Pvv+q2tPl5 z-gQ6P{FP$zUw4I}rV#x`rdTuX-YpJB<`h%xh=^K|4B|A-pw)J7b360c{hn~y%pW*( z1gIktn5H5;f{Z~NJF!Z}`(dn`zFx!qxdR(C;e9a68OLGaN(9}@U~DSsfsN*RcQh_L z#3wbPb>$$>U}N-u?fYKQ+IPI>?c7YYBL}1h2VR0Po=45Rz{#@ts)OP|*^b0u;H;vg zc1ghJW;|o65z6_GgNxB2R!>?$LE03TH@tZG9$dp*QwW6Vu&;((TVnUPV`)BFMhBf& zX52GP*8*b0di+@*5@vr()Z&U>*l49>BO&K@a^30V+sWb-R>7+@T6n~Cpp;2O)oWhE zg57g@O)cw1imoFUZFUil?Y^tSmc}l##v^jktHr_cp_(ArWVdgQ({ZS;Yaa|r8iq-t z>5^6$8@M?x=%n4Wf4A1j(rlSPBw8g?Ty^)-^zk#{?+-0{@2d>>JxkfmhnjBUgipV=Mx0S%a^U8N-|0jL)zv>Vn;0H z@L$bq-KnhjVXQOs4~c{G``NX|;l)BduSE5^1-P(09D806U@4{3gDGI)nU#zu92~|I|TD39G)fK z36JBCfnD+1jZ36FZyU@uKJpOFaQf7oua);!aH3$d9>SN)B12!16X7fQa`C{-v7`E# z=cpqVa+OHyEi$%~4$4^E8FYOTTU$svx)np{x5{**17spBvua zR|GxHP=X(^dJ$2eXAm}fIzhM-xAD8JXL)P%-G_);lB><*D-DWH`D9GDJlpr1hF{HE zl{K&3U+%RcM-IZi&6#I-uZbpqaapJX`^VZYdtasz3|gIuq`R$!0B;8K^ASnRu9|00)1N9ljrP`t*;EdH9#KeG}u$=t@%$W))ZAzjqLGo7$0EYGG`YrDAiB(~F= zAHJLW+ZlojxAVQ#-T&QzQQnEejl6$7nXp;6Os|%|-mrQ$;6HqA=(-5oyBIvavW^A9 z8BW_xZu?b=8Fk0AUygTfDWr-GW*xtr%&Z=ty;6cPO7;v`Q51Q5H)`3mr&Ofp-TvIX zocVGID|@(C^g22#0u6W3c5Qz=$Uchc|8VqDK5VMG?6BE&P{-X6;_-MUFl2a1A2qcPmp+u{uBDLvtYl<=Z5$7uy$*eZBx=u1l z^fmc;4;B0N04GSt>^&nb`tOG>=Gsm`pdy%Xb3L3houHebYaNmAePCr6c4YdzHV0x; zH7e~`RkB%g5`ZZ}m}ua!Bjk+r=eX%~C=AdH8=`!1Y@{@+GWXFV7{vQAn9`2~GkNhB zv+g3G?jSy8j98cx1qXwT)WXgrqA)QC5*bELhM(x|n!M0kb+e`qkI#ZXFPI%Fn*Pun zZ?!fu(CaqH*^y&aZ~>eR|-|5G52KL9g_U`VLH|rMP3gXvPE~zepauCwsd2itkK^x)8l1Cw+&k+b= zPNn)88?H@Ux*}o33)c1N{URw zdB02O0cX(PV6fWS!vK-{aB2>mSMVY-wuPHhr-B{bu&?wjQUM%M-%NmRzS@eQhKB%6a;-6ViN;m)_ zbvk4SFj6R^hI54o$-KdXlCP!nfKcY9%*sLSa)dlf{rhQZC#)eK9|4zrLfSMZRiVeb z(_>$4`=)pPHDW81yjIpoVP)kW3aLUI>F$TUgj`vkOtZCiXM4@|Q?5riWb>cGLSkuP ziBzq@Z!^4cjxdPGwRwf-TzB7)6t_whPqunx6zTW`P}Fftn|rUdAGP395$N-KI1fu7 z-#TbPpbhp+6P3qs5|`Z;%R8s=CGZfVQfIGgE19`%tFg^EO}G!04|qdR8^>gr&nME< zs$lv&4>WDMHu3rfMz7TJMzn6Xyl!pf)2lGWF!RHD77-nX?itXz)X7eek9YaiC{+Nw zN^m($^hm_96)xgQGvxVj`lsQwZ<>gWC8@{Y7CUwSOp{rwRORUy3(L(?HW;1}*i}A_ z9`-2MV0f0aXg&HjP+tPE1OmtzrJ*CkfXP7M!}ai+l91=eIciGbJ~E`(-W=uzYA^d{ zlzdKN^A}7iXQyc6EYiA9uD3E!u)oQjQnQJchHc7sBn&bm#ug|>9B z`_#^>y2Fed+``k@xJ!LJ-0lSWrAaO($vZsc&x3u*8}z`cIW2}aS6lUt_CXpRUEwGg#m*wp;M&m_cCdQw&!j`W@%TkV zXSc4H-U)&zy`ha8nH$+#=;o91$&UM}zFv$zZvEZvJgW@eRtdh`j^EQyj@s*=W5}$u zG2vno#q+Xk zim~o16ecz)yGb1tiW_!+o%6gfC-G$#zd75%eG($efBj|i7Vx0 z_bnb&wsr7kLe3Y{%YUzoXENQ&F;JOA?N>s}A5x0CB($s3^JDUAMd?1b9#pwq?K)Pr zYS+$H4xbz^2KbQ6SPR=v5xsesW8RZl^!!^6UcO$AjC`zhw*Kwanshfg;>|Kz4W%{U_gHY%{0>A*?e|av9>gcx_T#`H+2lm{S?yskOW+bnB}_hhJcQRR#{Dl*Rq z&(cQHuI4yn^+lV~V4z|X#XG((AMX2Fr~Yn*U+(=KG!@A{bCpz&#nDUHd7q(tp7_!&{-7$Ue7X_-riY|zh_ef1Pb?zIxv;~=o zxcdjx|MdEqkeDAenUnx1wWsqQ7OkyDtcI&$f~jU)hwUAmPXa$mYmLdJ+sRD)DWqfV z&ax%8>$3M}FL(qwYzhFjGsa5IO_IH3!H;Z@P6Kg#mZu`sL*fZp=(|$O+5)al29FED zS6@F2y2EGa5E{RJR;}75H6fc*f~|Kl$(^2-(QsNIXY3MIkYi|(1`Kxb%clPG^ed)@ zl^LU0J@&Yr^PKie-dK{idV@`3tk^rFN6zTKfDSB)>!P{tU^dbLYrNo7u=$c3tt$pg zMWSTVb zV|nm7qGER+tzN5Bdmx-97j^6@9ul5{SUtK)Th|U%953AS!hUG#;VNMqV$ted)$+L< zomY$%#P@Dv=YWE`X+C85yy_++nLy$$;C7wO^0l5R(HA=2rmcU@{^?Q;(I(!H=(`5= zdPm!3w%Z&!TBk~{{i`F>dNJO%fqu?4`Mh0S3fD~6si>r;uX5?(vh{J}^d~~=lNK0` zgx%!~B$hji%36p4j}v5l~364(5k%v>yI;V4iMd_}uIea$Bl1#Wdsb4jIG% z!n?0bEpAzOx>@0Ivch}CmERCb0EZHS#{CNU7Eu_7*wbNcBG-+QWDlHGJl-=S!)pQ( z1?74zi_wSyi}E=oQe6r&#h=xc<(cv$y4!8;Wy49HU(?K`j1S0pneyU1`U$a`fv!S=e^MX@`4KgB2hC3(K z^GbqAYZ`qw&EA+;3r%X|K9^bRlZ02bt8r0=~w*V1V z2+L)wl2_;TE(6gTzRLwi`1U|l|RYArqApf874 zZfe>^W;BP(e4AUkpu8EVxjw6g6=FM20$2A|tXl+cp}u%b3K1b+-W-_`3PV5y>yX+B ztPI2XwTX<@z0$^S4|LQ+qJZm@SCiz;V^d-n55!_T|Aj|~jke2<;87FqHmOx{x%5(o zAz(~oRh!zvW=1Xm*!eVJ$I>ccBwPa;^R&mT4k)1DK9+L%^lqE;;zb5TQ$i0Z??&v1mm`XANT%-Fe5ex-20qQYL)}ePJ2 zY??nTV$m*z4*?epRXGwQZjaEDIII^i;?V+fC!3TfGY-Ya#LFcTHI9wqat?l7*LCm9 zu6Ke*3p1b8o5=gfFt|xMo@|92sjnxBC+Ou)iIQ_-#A}EYNTotTy{)k*IqEJGZ;O;4W{d&6fA)YaX&Xlp3ZLfo1gFG+& zo>HwqagZ#u+2g!V@D(4CFW|3`ufP71`lUbwO-;CXG#um|;ja`omihdZ zgv5v`%+pR-^no&tMJ4$6x6>vEem_qAvJy|btK0b7+B|@F-v;u`LCt)rr3YWiUL#AN zO_Wuf%L?JTK>NpDLL3NZFF&gQV}Hp}Rn12~@R>9umAKywKF#i8$Sv{N=#X-NV@h$+ zB}6Evq)sGHG@6Phc~M0}&sMQjjiHJq>jRC13+2gvX38=NliJdkk7$FF95O_E&AeX5 zOc~)FbuKk5z8kqNx3hH~Qv8){n_s{lpceSmf@j)~{?Z#co>B_MrfLq_cM?35HoHrO z-iLn~YgLIak7va}r?ZO{roC97{#=L<@$)ZTS$m1V-kO@)^^wMrnW2|15e9Z}7VNJu zy>i&CDlh*-RAx4x5oZdn!5r!UFYl-Fi|&a873vRe;1s(Ovtpb;g%wOWbv7gd$Woo8S81 zA6O;)*dt2T+dv`_jMkJ$_MlYCHsUV=5$w?KNKTdEUpfLe?yb*qZk`-n+?9DFc=lNg zS;3)>kg6AgA0040=h&?pz5kuk`kqX{spp!zMl^ge(7BvC%lwPypXAW+m!9Y@Oe$Y|`m5-Ktk!j zSTUl{p_%vC-cI32zW1D5 znBTbYmpr^y;^>gBVFGAvle={b@G4ct2GO@58?NzZYSSlijF`8g(@2z5SYRD?5$%*n( zO-<#OudF2&V&l!4dHcEU;pFnelN?nW5sr%a$LU*X5#z7D16&2MPmp5Rkc~JZvQU1L z_N$3gqQNA6)Xtv;P&6P)i@rNy-&}QD*AI`nm&wFE+T)LYlE4sceoS2P4q|_u^Cpl7 zJ)ox@W%~Q9s=xR@ax?ycXb{i)^FRUyrcqW$Ea$$PI0{pY0E5>MVJ$7@N1cNfx#`Qx z1!}QYdmvEz`kNQl&G)7w)~3IIw9M0-9RwvU5$+X8Elr-qm}=oct@yCeB&26ph&-Nr z$jIAbmqx8|b)VhJyP$mY@wuH}-fTd+L6I1tb9r@!dr`lg%^7gnLzBxYAO8+f4&1X! z`JR$t2mM;Q!dG4554JR$TKP-F+k!sC`*p*+HG=E4tqfnEL(uToH*6{HozC@fRVbKZZK4<+PKxO@7-c_@*$)Ljz`Xe~VJD-U8bV+*ZJp z;sh=$@a~kcno50aScaf$6@rVus2(k*hP^%2>>((wcF^b~D11wfKhJufQFl8m8r)&9 z$iky-V|2C~!+#ls*(+zhggflbL4P5*qckd-n*Wd8SEShOjhTSmXGA!sl!KzF7k-Hd zD-ty?Kguk{Mn%jit7&(h%X_IyAfBoeYbomcl(-RaPnxNo(3U$QpO6qB> zDyc%qzEhrHKg(((cmX1n<2DtIas18Ky5K73r}9wbB)U%`KFb;p{81~AuoTLEZb8tk ze3&FZZP(x0Tk-x~j4EX>KPo1AwTb4MIt#6d_WLc$Q~qwcoex3TSHrKe)L(zgsiy<{ z8o2HZ&w_Vw87~SNv|_MEMG~?<1c`kK9j#vx7Y2@)yJuzGq^al#Jvg%f6}Mu`^M6*Asv1 zc7Cur!UT(T;LwuoD}iCY79u9O%SwmkQgFZcbNCrqLhy@*nn;_6J4L8y4mxxH=c-7Y zKt|>%?j>R8bGOsn$y0|y&3#VF^sC-J@MH9>(Sf$vTKVJMdq;*uSFMDaGJ4NU1I&C2mZW&USa)=<1O#3Ni0|IKX>FoZJotq@_A!ad!Vx+ zC_PmLqzF9Qn4?o@W;kg(zmXdFETTGF`2}iLgOW~E#*gY%JAO2h zFtUt}0|tk1^L&^KVg=$TyZykMv;ZchUMFb4YqSW?{kQ5m3_t_}6NO4Uw$R3;3ES&~ zC|9+hO$OzRu^A}E;HJJEnPgqO(K^U)>pl8>I~J=6b^aIqU!%2SF80MS?8(po1v_hB z;(07;O$$s&*dMNMuHfK=B2<+SvaB(eayw}1b}~TLQTe-&HFTFfc$q>g9!uH1d*s2B z8onW%kAJ)CHV?bAPfv8auYFtSeVW`q8A(|Q`9uPyuz<@=c3AEedCUiS|WPd{6h$hsc44QRghyy1qLDd zb^7;;I16119gt}3c)o|=; zzjbb7dp)XMf`@_Hg085a3nrrcUYWq(U{PSbQraxpJRDojklb@Vv+nj>#a&yjVw~ev zQt!g#({&^jPpM#~ZTCQ-^VVuVZ{55V2kqKVw8|R0<#T*AsN#l+M1pwjyy+2azJmrP zilNOi)gu>3v%}uOFMVOC&tVG_>I%S?`9$H)1yv2zWQ_j90!3|Z-`1CFw zi39~CKcigstwpbGarS-@Cgcs%cNaUqL8RWYHx`T}_k-nW=#kG+yRT$y*0PF&JP ze(6%5-{s8~BK=Sv!uzP5IJv8P-8U;5m`5KEyC}dV`Su;WnIKnz_J!it2e|{(a2rkP zTL&VvDlWtW!Sjg4i+h!e=`kH!PXH<0{9trZ>+EQ$&uJxpTa3%eOcG?L_&q||@lEzN zLv$PwEa|&!sFAMQD)Dp69Uj$n(TJ?+Zz5;&Zf|ctbjM- z85wq8c?_CFh)PRGMunXTzUpqZPT`qAkxOG!|Dx=zqoQ2bxPL_y5P<;{kZzC;>25^bNrrRp6zl;}1qWK(IpvLMu zOXtf@R|`J1GTj&Lbe*3yG={lkyH*N6GKy9|p3f%N8Ql1k zJLGIV+hl4MmGeK0=I^tp7?`)b6#BRuZgM~t;MH<^63x5mqp+CFj2BkvyrY-=v#zw; zcv93<1jYz0Eo!v&*V>2j=wFb@l4D-BRum5^0mY)-G zn6D(2He%U1;z)Sj)X&nm;)d_w_4u8X!E1us$u(@6ksi1#Qh&1wN{Y{ z_i@YDfh}gAB|N9cdoA9`0M-vuko?2Z&zPM#P#W!it4iws^g&-* zM1IQ<_cqD+g9@XJm6d4umk2!`SF$* z@g|GPV))m73fZ%PF<}xifD+IPT+a{h5)hl+tp4P6J?LDxoJmSe3QF4D)GLhy#DTjA zky^Riv`5Fo$^@IiuZ|ClB!u_i<4_@@MVsnQv*8MN^FU7Ca($-O%`75pk?AT0rsnxA zn$JD-lG5RY&t%d@EtuNfjRL%~yi_V@;s-U8e;2hFeq3;Qg}9HsDETXYMC&;*iTA3o zbVY)y=9h0qFPF1dR5UigLGy1Z_V32X4W=mzVJ6F;>5L_`!v`yZ`OPG-$w^F&%MaWp z$IID2<(LC5N$PzXvaA)(8oDwId35sE2Ld~FMvn;C$ahajY+LVEipn0NBc;9#gfpQl zBdCgHz6=B&rhXoIPf%*J7{N1i#3);iLofG5DU#J>L#5D$>q9}rx>!S@73N5Tr&T`35sI)q!=9IypI+g=A##j;huFMP3)7su-s61ur93%gjFs%O^80O zpLMjgJQrftOIA4=3u9@ZC(By%MP~`tyV_6_drb04EK%3h^kw~5o{fh`IN937DXEVT zp0`T6%ZtH%{#WTQ?Af9Q`EMMw)>;*v0_^ip7oXGP(92|7bku_C*0U6AWBd6gpKvT<0qGXeK;u{(L%-y~@4o^Chy z{j_sNVuaT8%zZ5*wP5WD;OU4~{ozbRL!Qy7d%HZ+%W*s;dzs<1g zdg}5^&_`hXslrR$ zWV-}127E-46?)NDRJJjfVI1z5*NBFO7#}@H-wi|LSLLN#8A=u798Xv~sZIvrc947V@8M0QR7Rq_7Tx zH}O87ArSy{ciTlVBE{V1vw4W2TRff`ss5(@!ad9>%sd^-K1_z znLxbWT`))4LU^!nmoq|6bOk?_16BA2W=hQZ;EF|-5M}RQgQ}i|7Gsdv<5ByC6d*ki zMO%7&DVlm`=tK{cnT5pVYw+40w zDwrC#oHNawOdAWo7S58cO`dP0;|eA2tVXA?Xye)hL%JwuYHITLK?&mvmR?)as&Ff^ z!VpB2Cf_K)If9Vua=~W&uB=v76n#ohtOqMj0*&!Ycll7q&C#=5ilUdfuKct}wWNyu z$M%_~O86y}s#prg3lnoOr~|>Wek~e?a@QAmB%@}bQp5LMziA=5uuLah)vg7T)Jo#f z9aHdY+CuzDvd(@>-!zXvPy`xb!M)+aIu0-7sD|h3ORo%mX#2;llz_pw5@r4l?TyFZ zQ=g{R+4q1%p#Q;|wbl&j)Pn``O9hX!+QCe}-cB+8nZaerBHiXXp}l2yq7|69pWR%E z(;4L+o=}sENuk!Kk0Oq+e&)Kcev*mZ&4AfBw)oYn`$wT6%G>Lt# z<8$Lk=BTCE>9rBj*-Lm9cNeJ3kCgdxIcG-Q?=&4qhPU(Kl2*B$?5I|n%H0eN9pBzo z?(k^V)#i(x{=-KGC5WBI-LAeGtEo{hQbDL~U?&Z-40qvD0(%Wm)|_d+KHr2jd@P|t zq9jMUpL)kYqOwxOTB4V1Xv(4?>;;Yov-7jNqJx&hI7fCVckAN^J-qJBvzrk>P#5fLnXNpkT^Ng-h2 zI-{9VeZ(eQP65g}l0!}AI6DnIZa6c?4G{cOo!C(Bte zAQCZKByebqWjT@ug69K5w)|s<7_k$fuc(GV%!!pYGoO7KlM~jz*ek z)bYctJp3g|7fZEnlk3E9HN9=;t!kUOSyoJrA2dZ&ab`pLxNl<-#{Prk>F;#9Nuo-{ z{2plZCo*42UH}1agxyIBF^;nrnCzexUagoX?TJs09v`e1oblT7HXp%k-AK-3yOLry ziNQ0i5Au*|pADW{j1BZL1TT1d-{2?%aLA(ZJMRfsAOb)R6`<2ZVlee*mN916J0U^{=V~rw?;qq}6*H z5?;ARaqgp07HqFY&cN*-;dF7#BI*h?a_WWwhmWp=%F6G#!jQ$v*33LT)nmnrC~8QN z?<7-igp&!thD*7-0tP>}1RLI5eZaJ^O0#s(i<&8nopCg_^4e;Uuoy3xQ-cmy2Rh%p z3*xtXINYN^%X+e~@-xGE5R!VpK!+*3Gs(Qmd$rUS#qBkp|C(}rC_#4eVuq*#hKb#F z?s-&-LIzh@AMwi?Jn(3BIN+e;{%i;}$^3ES>^1ndGi;JV;nL7cN=1{WYh>rtB2ul1 z;ghAzD#gp--$v*1c5UmAMTE~!j>s6dlg>6_1ed2TZ&*wzPcdxU7>FBT9D|vJd~+Mh zEX#c*)o7KfL~~Jh%|?%Qb6VEfmUIuV%zYv%E`I>`5(>MD~v7l^{t1dURZ%6eD9 z({$8$sll|M9)wBaeyzn#xEHR^iR0p^Zj0{n@W5BG#q;Wt7r`+<$$<^Iiw*H9LW_6I zR4L53ll+OVGrhoII}8+*<)4#Bq*Ig|)~G#yX&5Akm@v2t+e8Dxq#i>^?jLIEiEB?Ex8 znNPiBDBodAlh}y0<>Njx03t=T7A5sv!v>IC+SkeRQF}ae7WhR02{q#8vLI&Eb-45Vf5{0#NlXZRk3Tq?@Q*EHU| z1kJB*NPp8|(?=syLq5AqnKy>anAb*EcgZ=8lyk5YsanxFJ$Y`le+0xMCV<aV(JQ#svfxZ$e2t5zthb$DH#=uf={#?&BnC_rd?7glugVIw1bD8b$CZ4YyA4}CWl6( zG>?S&#dmT>s!>Xaq9ajwcnpWQD0tSl>JrxWN|b;&7i*@;_h{=)KjzmPn}Sy#>gdw- z1B*XU&LIZj+>51q8R$RjhXQD&PTNttU1!`X7s5ILSIeg21Nrfj&%~98-BGD-_%%l3 zy%zpGR$H6hE{^NTE~l~X$_Pjfm6z80M!vfV#4$Wor76z@pBY`}nBg|A`-yBjI7irV zs`9aR;5fwk7?X+Nr67J%n#O!EWWFXDc!{!$wS{`XE6N#ZpB@ul{_+}S3#i$OxmF8EoS zX*B=Njq&yH3ST5|aQPi+bvxZ9PDx4QN}RNq=)@JMCL;5h`kS1%tS^WmJ*8ZNp;fZsdkI*qGuyZ$<@rY=*hc8k21|i!{pi zlCR6{_(4IUqXNvwIsZlSacX`X6ns?y43rWrLU2JNXK|gT^w2% zX0SKvV|gSg?Nh(Oe#?5SI|li?Rp#Y^Hr7us)U!pRnLHW}vb7Qn2hQ!SD;mIkYDAp>%gfVexktYMW*3xV!$6md{%m?kUIIG8r1hc_!x!N>pg5`|MD z!Vda0@zH()a#F8vIeX6NfOfR_NAu(~C|4b>F9xttPLzcx(;`upWninXkBCe=M@-Cn zK1Ffb#5JXJb}%sLGZrkFlN3eXPxQWyu*TkX>$=jq@@+s59~4_x51vkz&-l=X)9Z~I zQM76^`8h-0D&a_6?@ETWoRHH7J})lmHT*?zhKnHbk5z z?9p(t6wOPZAkz}|&+kqB=6ArG>B&U=vGGZxHy6P1`Ri3yj7A+9QB&-u0x8)Q*ZXa2 zw_aEe3F+6iy!g!mKYW1S?Ct-GMw>UFf+bx{DoM2AUA_H%gXbH0sMOS=r#Rvz5b1aX z!;**iBS`}4M~wBKQ7Pzf!EXPL7pgKJ99e6jjomaYj4i0HuOZq;TLLW8KfZ_w*a@wl ziZE(6!?xG_adkPc$7fL?s_~a`{)9B)^b}^j??s!X_r+sH^t+KB^E+F*kDg4hWvdgyiqOr?xOi?4cRtY!T}08$I|^t?32PB_A;~K z%yl(ojDLP_AMuyj1Eg-_CAD+boI7I?E|SIgfO z|M*7#ww}kbNC}g*CySYOs~K85FV_T7uu&w^0&of*F#lr>fC|GqmfHLkU?BhF)r#(l zk>xhjLzJwP$71z@c;K1X?|-bcPY3dnSaNb$WavMy`QKl{lH#toFZbHdZoH)6qv$)v0ac>lPce=O6BxI5xxr3p6| zSdLpje@#fR`9V3zSWx%R)e+^tJ^dtJ znMnPwE4F`q2d=Q77rFN(_aDEuL6MXD85!)#-ptrza7!UwHoh63d2C>1 z)(IXUGalu3?7#hZ&kgcU%Z=w0VBEIPH%o_aGE}hsv)T`z`+(Ye->?9X$&5l0!gSRA z)9}ch(dbbOcJ`Gm{#u4N^QZ&K?CoH%$$cU)t_h3rZI1YTi{D=pGC)+V3LNvQ?t{fB z5lt{u%xY)4-U&c|<0eTuiK;}LWu+5OeF!jW#%LzOgK9j=O>1T<_jk&bRu2 z!C5V52F`YhG!2ARzjgi#n?-y3R2h(_>oOp_d zt1fQ6KY&heOckq_=WQ^VD_4VbMQwO%p_@^Y@RJ>j^T-wvln&tkad=(pbTYwWt_qmEO7l)>y z$JyMai0)+f7sI1hE7mkQ48o_J1a3o2+-Ic{i5E$?Ubl24@%rXg&6KrgPUQVz;LA*P zlX+R*IvKlqeG%3yJ#EVX%_A)A@-X$O@w&O@{;>9@C0MP}ba33oaR z;^(#)WokSa68QNgHfIYs(3XI|^kKi@Km0CHET6&exzj;Qv7)zb-}4!Xmg1rsGmSe*mz=u>fk4><)_w3Vo3y%(kg?U@11k2PTRh~W9w zEmuw#U<%a;4(gs~o=}IFQ^u{xj_Su3G4VdIo9hdwVWAU(E7@-PsBTKqI|+#R6t03Gd^6o;CB?J6)ctHfu$$(D*zO1*pNB{mniz#; ze;gMdUwYTyT_E56S3?5#a4o>mT0E&9={kNPBr8|7;A>uR*&k`xpYndJP zf?T~VzfH2Onx$}<*l+m^eCFT>u<_QMR-NyK<5SZHuJuJ}C^lM>TueWdetl;ZfO z;7f0wRWMw`=yqnHrTk;Y=)oZ1_`2F5KE}!Kr!|M-v+h`shvH=T^5HwARG3uiY7eh) z@G~Qwg|^l`Eo|a_k>ACi^GpQQ|5GS_`2&?#Ci7L3XawixhQP&2d>p;bSMX@vo=MS9 z?sjAstn!=ib#2~?c#&h;N3u;?MyK%DkhXj__NS)_H!0SvzI;FhTU6o_H(%fjhISHv zv|H@@qFRkY3T^%TI>qp0)~$5cq3;RR{VxhHeiZQbykB_(RgupUp0Sw^QSLp8YPmiy zw5bH7+INQ|>>lz3PDL-b)hq%I+dkJMRI;>7S@75%FO z=a3ToCRN_9h4&4Ct-ZcFzm%w|zEP3{@-qG5zWOlJc$WptOYhX55<3lGj2HNd64>}R zneN1VebddE$ainp6j^|~<)e{cR>(u|d{PGz*!o*`@tlgiKtUh><=2k5D(+LkslomO z0=XV$62n^)l^%Pi^&0L(mqVA{7@Ap)W!X#5sq+zD*9T-|3zcB-Xvo)&$loP8Q(m;b z;(iY>47<-n$JHLO_I?O=xqp`Zo|OS}EeUcMAtQAAp7nmP}*c{Amltz{*hwxYFlzXmqnR= z)G(=n+r97M?lac~;RGDr^~MPc%Logv6Z20?*vZk+m@9NhIH(6dXWr=jwF{GDp_QTH z>jWFcgtZOy^6+`|d9YIKA<;SKA6))2wi@`1x!xR2;0YuZ^A{FRJqYhGBE8ElVDuB+1qHhsf;K_jp-pXB)mtLGiv0{1EkWZqjUI(B zCFvPo?;yTa+B>u*%M~f8f*^{)i&Hsdaq$*2p3)pa7kspG&%+-w7u-FcdeRMk6(|Y| zx~fvbpXH|;Lf=xBRVbqG3h$t~6!f}XIo+=N?;@Mh923g)sSbqF^5 z^vamH2gx}Tk;R! zH%?ZIWo*Idz-E=ktW(m3t)#|__3gJ)xKZ3YVxt@NbykHJZ&Og0oNsOLg5>SZ-)t}n zRS@_{_R)U8+V(hFoh1k+w!iv@h{9zR$E-< z5{grw;Ve2g(>1+_#SQlIm!i=opeWDn+Ht|7++*wMTSE!cU&5mFQc%Bq=#ubGq!1>n zQmA?qRv4TaTmst2V;ce_jzOYQ|e{LF6})p0|7+!!&n zwc7Reqrk^!wr!k?xP8}E@ zI0TN%g`DnQ8eX3C&zWi;n!VLVqVs|QcG`2ZVzPU&WK2#oOy8Th4az}*0!sOud#=6+ zfB$+F#;8_2_b&hW47-7|MV%dG$wI(c_rlR=iI@xe8MgE6072AXzRX~)RHTu%>?*}~2e@4ps0_3d=#JV<2E99r;>W3hDGwTV$7kO=uhAsU_ z0A#3}*t&diU93o5mcSLgkHxy^Ejj$)blj~+ckS#C`=XRj=;E;8u-cI%2b#YjfsdXp zIK!#Bu+PJE4vD)rSsNkgw)*9<83%Nk&|Iv8CnaHOG&uv!H`i`j&F=McF=Rthb9=%1 zV_uM5)GYXgPToP%Kb74>W6SARrPu{iq8qP#CV zI5RzQ|Z^ZsDCY07jYnWiVd8($4=ZIry}D_*(pb8@3Aoz zp16@R@kc9eId-!i7VV4BCyX%q3lMv|`XoBlC4sr%)mTxHFX}$2=F5|KVF;q`u{41x zb zl;yCanYR~u=`VOkUFs=Bci_lh9JCAi2NhYiZRxUwgj|~kH8KTU&ifJ=Ofk~GJH_IT zZqy5getQtEw_G9}*m&;s8esT6x-{|~Cr7hnnkoB-0Os0Xn%B{Y9!;?9!q@NGb`fy2KI1|Xa?E@KzRE;myl zKT$2!71|BK+aDxH6+Rv}^86MZz~5#mEg^4(_5kk=sDf?aw~h~Hg_e8c*+7Z?qcg^| z9U`!bWqW>uc(+@SKst(a`)S!)NN}R%n1DD@mm#^pN!(Lkql(M$B}-S(QFY}a+zz?D zk1#bV-Ee=EPpn#o6qZaU_dUTFQ_$XZC)5Am8U4H1FB0x7%mSHO!=+`TN(hlZs#Y&( zNqRKwuDe7ktuOh!O#o~7!kE;1X;OlkI-D;vOcARVw2(}Mg%9W<>ddTTiMn8ZXPCot z#s}V~o2~wy(h2M*E&aRTRNdp-og8H(!$tYh-7*&VTh zwiJARygj@AG@Y+lYmvn#rPD)s+I%P>L%KB-w2&cZxD+F=4`;C7ubi7;C})!OL%zOb zG>y<=M?=HsL3+8->CO6~A_%ASB^amkhaA-@u2VJQkFGS%TX*PYW2mCpN)`9mnqAHV z66{E$*C%&&bXA;Apov7gS&@VCY3=PeZ;#SMW}MsZO3}-k#%0tc_waA4C?Xk9vhmlb zpj}>w{8DWSC&d3-wvC=18FIz~Lx@xPu@i+;MkS2>1;eFnk4GIP$K+3xRqH2uG>@Jq)5xJ=K>WWH(*I<2!;n z1uhDzVZXrMiG6xNDegxZF5M~C$BAM<+RC+8C$Ro84u=~Th6_(GcocSYNR`4%V2|C- z#DHnfzMnloZL77}_)htk)vY^LkhqbBwiyXhEK zqRO>I)N?yKY#&juraxNIO9x3%cO+bkA)BnpR-n>IYgo}SSl)&b@Kk@OPkFiu8WNbN>$Z0>& zz$LLi;tUcYxZ4r7!$S+J%)r@3D=)L7BOYECNQ;0vjp(Yn_+yXI<7X+b{cv0zNLj?% z1-aP}`EG99`|QsZa}cl_2a|9seG$LbkAp5Flzp)O5r>SFD@( zuw$2d?D!hEP(I~9d6pk_2t>ks6}8swmkgGkP(L!=8U!?|>uy zxpOhenmx{gA7uqZ2WQ2FuG~w;?z`Qej=z005hjE0xv701jprl6M;$rj5SH*Z;_>>0njxht%p@!#U!~oU zg+`J%P||YkdI26Xci!*ZR+H3>iEya8@gg}~5QKs!k5>JXj8)IPj{&`_X9hAYvqrHn zzjXqN5s0G3S{~LCTDa!gz3z$)nJUbzJty+#3}MAfD&Z#_1R#Z9`nK8qOnXl@yrtRm z-{wg#hzuPS0cfpo5Q(lK$cy)rLl#tIPTz>XT6l@amFWdNs4S;1{2oU!O_Sz?GsrC7 zv-^g{H6q>JG_qBYE(QL3_#mwS{flO@vws1~-jVpPfFeOQw2;W2KIzhQ$veTvKJ`eX z3W`Q7zMVEq`zV#CVx%Vi$}5Sr)Ap}E#~QS&syg()PWS*yq!f4eH)E)p)Bx?GgkA3?yik49SSOhdIhUn;Lme0ITr zU-2OVpLE#b$VRvAUB;Gh(nNYA)^3ZWH0oQX_*cq-MoZk(-4wc+gU<4#n9nslkY!;q z*r+XbNbgASHIJh@H{D-MoU2rxK;%YCBEv*=amP8bW??(UC3Jr|7?jZ#w}YTQ%;BBg z&4MnVQB6N4H4m2dpX?Ys0(SKxojZN^*OxfG>{K=b-(f8Rab5T~Kv9i# z`aiROYyiECF$%uj7y7Wekf;`(2EHLYk~JQ3Ine_Z<#V>h=6+Z_|XRK6^3y4HO~1kHPsv1Rrs7)t%kR%ocm>z7!+l zo=FcQN8q_%Y}Z~bFiSmsg*bjani%;av zKBa6sU6%U-kGj-F$0eGRdQaTIs`IQ%_psu4us`z7Z_;_vRiwAVi*%Ntb{I^<@%p4#HhJG|9r z(|eW^mo%Y`&wV(ps#5GwNum?{t3o(mpK_RgAKUY&n?YbOp%MO_a5PWHv2n9!QaIkc zoLcrC5@p-MeH7)Rv#0qi>S>ENacH%DiGfd9w1GCr9=C_XyB|6XCL}9_tRgTHY&02# z{$x(>=D|*Rh`jMPCEMJ7=3ewg^~=v;l8(1qBKlny$V!qxj^|&+PEk_acQXyuAfxh| zRk8`RmUf}X1lz``FZU%BgZfpuF2+-i4pwT4?3k&j@9JB3x-CjUi>&Y}R@iI*#fNYX zjn;aUd4@ zIQ+-%Stf-HRlUD^{{0Qe*oC_{SjtkW>4o7jKf-d##X}UeJ0O6v!K2QrE<*njfUao* zhy0TG{xA>s3_?&~yXvPUAiz!z5^m!}I2)S5(+ubNay&|`Xc^wr#UwLma%ou#ibT}~ zJc#Vlj9cn{`3PChCo;jg6wYZ-+_*jq%hm+Z6l*l7`y>gc-Z`LJc~9U#weoD>8DtLB zCRd{34w9pbQ9~`&eeW-jo?Sr*(VPjh7Qd@aU)~G!C)@p*9~D8s-WJ4aR?@aY&uvFR z9;?7X(w-Ju-v{bz8$zfdsy+lEGL$DM2Jr{5e#z`?oYo7Q%WxIlkLK%buW31v+1qrk zo8M)ebVyiQDCdQH9IO&vm`^fTs8`2dcwv0$zY=ghyKHvK)q-(-Rh;bN#i|7<|MiX@ zIfLY9er9vj_@kV)mS?7=jXI0_3xlttyKO2C5~s_4Tt!qau#%-#e%Q;c8Tier)wV1= zvo#~rG9D+^+?qipPU1Q{ck|c|E)`~a!6S#N(qQgTr@G;b{yD-T@t8ucyN<2YYUA1s z3!(%MCVxrVQ}k%JYca!_D(CIogLlZc zhn*hH?It^u!3`JNvCTY&RdOD9J}_ExAGXqvP1nDU&FCo9TfWTmE|y(%CzsP+WpsO_ z9o{Yk&5y)oDaP~1`z(*+UdS~%78h(%-CM%n(C(q#Bi1{3iQ>ZKlLpOLP2N@(;Tj?IA&6iZkDgVc$!;SN%Qm#`S?FQ} z;)iCnd9@0%I7=%56q9qe^=H%?22`5EOrJQ2#7Vt~>@b55*N~jjjIHDCijD2*;ZFsR zj(aN%sBV^DAI6}GpPf37KO%hIQ_F7ti{6Ne;Nb2GpQM}qPP-tjjzqlikdGNv8;yZp z$|4*7!Zme&Q}T|ZvMzGXle_lY#UFAchVIf_QpYx0MhsRCmy=Om`mbr(~?1Qbs)T};GE}9os zOQ5AS@C~ddR=iU$uEOOQn{tawbj9Mer->D@8`{T6NwscJdYU#bZtl6$)yZfcoGsG; z^OsBK1wBb-r;{Btv$!#Kcn)4(ww58dBM9MvA*Y%0k0;9RbIZ)>3tb^>FPqLI1=?oQ zm(jO%lE!WmS2aqVu{D#+wAAkFgw8hd)(v?l%>z4x{&-SQ_wE2il5I&Xf32No;&g4) z9-XPYVig9}Z_&~$nzUTzqG(uNZ+eyp`FC$^wPz*PLkiLs2c;iYV*5`AqGp2>10#~u zH2&}v=QzJKZ*cR^ubqS~XLByEw~~eb+Qk1CvGW)Qi7_c{<`0I<{gxpUV4WB-;UFFU zG>3rDx^^Xw|Eu;p#8_5%K;PcZ%BWRw&gym;c7Nz#o2>B+p*dS=RgGH~$nO&j3)sw9 z)h{Lqo%%N95J3z^c77=7Usjt9vAkK?PurB_N2U=sz;pO&q@%Wj5OOY~Ddf?-xnZ_9 z5Gy=&chxweN|!Kpdp}J%H4~yUqp5}wgi+cP<)yo`zg}Gady}W(O#uyzPCJc%c`Jr> z#m(-KA|}yszy0o~u^&e{?q3X>cOIzS41Z!#2{Fu`|{3UIlJXRtmJpwAa@IJ&$kH5x! zdrqEM`+W;9+^M|L%&UHrom)~?vPGz}ZrCD&&1JZ(UbuAO)6JKaP3p#Ds;uFY9PPM_ z)l>EeMoq2mcUtO!USv~ib89sOC!=*MLW|c{M*zetGVJuak-KrDJ_GYsQ0o8NLEOo zqJ5ItY>>5`{k2c#0*TDl&ZPCv##{>gf}WCEhiql$Irn|2`+V>?Jk%xU4yk{W&UO2T zM==rUA$x%cXcg{fXy=rp{1!TQe~5QhLv$M5wo__Syoo=ZCA%Ys4r0_A0&5LQ^WI*hZJH;QD$*jI zMSxW7rIXArvcC$0w^tT;2i*}A^0gB`^+eG7u)UJxfA*&j8;x{#Us?|Y?Jr+ZV!oBW zB_2I+)t6!D?Dm*lQ+h0{@aOoS7q5ua$}J^ou><{vnsPZe6Uz!#vC^nOg~KH$=~!$jGW zu6NtGRjhvPGH!SCS-{?`5u+5l_fo3Pg#?-H=uIpu$Dhm}JC1RsZfAhS+P=cHaR2LY z`a8z>pZ8?}$g+5hhC$p#^Lkq2@n3<@ymSvq{v_!y1NmPM{eQNE$9Nz!iQb#vf`-&nFg{<9T;dIhCE{{ZFw^I8A(<}u~%NBc&Jw<)Y>Mk)F{Qv%{ z4{?1!&B={o3D8m%w=@+ShK|t_pO450VoBnqxu7BhSReJ%oqB1eKW+Fwcj|9%0wV8F z2Kz^gJ5O=x1IwTWW=nfFul@ga@mfKmx3Jsg>7Ek^#V3HURjnh-TU5=fr8tExpc7tG zIV?QI0_0whL>2eO6J~+xYj@n)6LP38ZSG+_1R~%HdLDu-Si!q z{?@;y0#4A)4DQj3KbgFL-t>JgpHHunZk=3?qnI})PZ(9JfEPLmA~{RCbX#8l-LOd1 z1AL)B5a9R{ml4E#Z;=ch@VngfcSR6wgW5wC=!~25yt#5_)T}DFMb?~VT~;+f9T>-H z4G0b+96!rvnA6C{mx1A(gONhV>YE@Iy%92?A$jbxh3d}fs)Tlu5eux@QUVFpzvZe5 zLm>Or>Jvayx=3k`{ns}6C&9HHe#h`_qtmuw-Z=nyta@WZ`NG;_ zropl3_1;3~_UAO~iV$47Nl-)~6)3@SQMhAQCKE-<4OkS`Er48&j23IH?#=+t%mB<@ zkGu^{p7M8Hxvyq87Xc_}6z1aKwF6>_YLNXJlLlyBl+bZ9{!>on5mw6Rhdv6k9E&vn z-g$a(Z;JrPl`NG1+cu`id_ZA)67)`Gz1Iiz!kWAH9;k!vmMxGUs{#S*h-TG0Y{non z3f74l8U%pq-0VQL3hNL_4{_WPhX4}i)z?=SZl$7v$mKwV1vD^#YUZA}K41|q_e}Z| zHGuBizv!_XBWyyG{}|g@n&^+q8KEQj|7`#uK)|NgswvU|ag(qJsjfLlp@f~hW_-6e zK6`Onp4TWh?1agfK~SDL0Fke)wY(^9L2&?E5w&|~2gC0Yc8Gb>6>Y`HkoL-?2{@N{ zjbZ({|NC6ZiIV!CU0fG9|L5EMIfVc!V=zXRrtrWc^2DdN#lhPdRyG zF&*c^u=LIETQt9k{+Z0$Aeg#7aZ7D>j*x$b$DC{w zmQDf=aBB)AByw)?vQZ$6r7i$(mm%|5>R*`YR$u!Gnh8neyJvfMp@8h1cuALG?2k6s z$I^UiICn$HWp2!%T5oUS6%LF2wuV18V-zLSmNR}q=5=WhZw1(cEp=5gREdiL&f#(J zwCx@!?$pkCI)RQj+9D3X><`<3pQ*8hi|5%)bBbr7|R zypsIhT*z%N)`9lPgjrU#p66NT=}wIE9>8ZSfKiHQa{V-uRNA?3xE}vZ>C$5g82ol1 zku{>8C+~@V+sQoOBg^ii<4G!<4MWGAK%T%$e)%Hx%UzN`pGszOavxjt`7dApFUN=I zC^AA)f?V5hW5b>0=YqG{_GeEHIizh%_u3fQ2F3YOl|Li(RAln=(tyR-? z>1=5e6Fg>XE2WI4sBr{jUYP13hD|>>-v)($zL6>a1F3u9bIgo+hB>v#yk&B%5}6 zI-%g(xa`&eNc)>w3aISkqX30af66-EXqhV+0M?dNC zc6tfk9`Zvei7=c@Tm@!WC+LnWdSqo6VM_ulNBsJ#QTdsoPAbAEL%{iX77CrCV4*l9 zhfr2Y-4};p>~-Y5hWJ9VAbAS`WgI4bP@A?}igk}JSYDfm9c{R(0Q&*1Q8UgY=IU)7 zP$cQwW<)c5z;eD9>IsB{FNBdj>VY7AFGlBqVd3dh2;v!K%e+B zw-L|AftqMBg_D%j%;^IJX$S6OtbqdF7xmzI?8HBr4G8|M=*M$32VKM%PIH3T5j}r5 zf8l*6D2TMH8dZ*vJJgQJeGVZSPDq+Mp>gRPwI5uL>JJrr(2gFzYYsu-8xqRP61h5z zJ8715mp{26oMau}WwEsS!jYzX-;I2u>2`;E{O;EOJ=|7W{kv1SfEN8KxU=4u7E;0c z3n1q0euhapPUR9hD%Zp8)p~0i{}3LHF6PL{d|(E0Zs!klKXbZ%<=S`GFZ&OMwR?xMI~>zcsRONUCL> z_@#txe;;I>P5d3DEDlcMn>_zuIn!XH@x;g=L^gr0*Ehs>iEK%4&?9ScWpFMz+xiYV zl^4n17uEwVD+S*P&0!L>u_UvROujl2I;5HA+`u-E-^KN{c>aO;jO$F7lGJeBQ_q9u z>d#X`n>^YjF&;hQE83ra!oO^ATotse%+xe^%9r*V;w_Npd`Bpw3hYiCdBOwm&vn+9 zo>LAazW!qudWhpg?u{H(BI(g>6m1)2xlb{$1Xg%SXrza+n>GbBtGexqZ%8+-;Z#2n zd=ls47jV85i5@scibP>Ja@&cR)w}dua(Z!+08Ys+{&^ON7hO9XqRbk=7P@=Oq3BlF zeB?h|A_HtwbFwIEb=!gZH6` z{9xa2=m@aEhB)HFcSGnh5pxtBA~5oG+_8s-v;p;{P(hppkd=jOp~g+#ItgyQ!mVq! zeJJiM?V!8pXOBdP)P*lO8aj*(Eg>w3k!S+pD@A}gTh4dZOuL!%pNh%_AoEf@3Oar0wyBvb))_yXf z8JD#(yR)|MAxI--T1w&Re{!VyuWtM7a9sZnVc#8(<@>%LQ9KmN3?VIh6|y&NJF-WG zY?8enl-aT}GD5bpXLcnkd+$;9-u%wnJJtL1>GS*kv)xC*M4NwT6S=S@SJTTg>jm;*BBtItsQo@z0J+%XXH!RB!%@?SSHg^MvYZt8l0`;)>O_E|J|s z91IxwckGr>+~AOOmuX+&hQ@TGz>=Tf=471n1Ky!{a(*50z$@dSP5Kp&H$^5>2#pv^ zWjl4W2&)^{vnC(!?=-gx$wQ6Ii{BRTkHzqPpm*&c8%DVUA{=F~FAI9094F=P*hb^L zUhaGENrkukAp&7P!q{dgg1wy@n>+N^th;Ab^SB;mn5=Pqw&|_l9X?+cx z_t7tXuCZP(%ht?~NjyS+#WKE;D>Mm&l#><}ew+`!+`57P=$l>b)-eK}{9fpc3YMXY zFIk!DP>U9FGS2I>`2dIdebm60-eYlPsuXr>>@_c*4!L_Q^A3ax5eO({6Z zo@VHqj<&rKj#?ubZ-2$z3s_Ib6@Jp3GB zPwL;<=Xa=PAt{U88dC2~_UllmNAKNepdpp*q!YaN<)wke9z{&hyasb-Rwr=zy#A<+KBu@D`P{_2?;P<>x&<_M;V|U-iB1 zGLa4`Y<|)Z75uYgC-6ML^BiPiF)GuM=6A9=pl%&tjXlp_s%n5J2=&HJIMKFJ6n)o0 z6H=JPICommxM&`9?ut0myG~XuQI5iWsZE)ON4*x!(2=gekJNJ|3pJD!Uo7xra7EcQGxh0-+rhhJPvAc5 zi9W)rf}mQcwr73O`J=qt7Qgya`GZGKFT4W3OU7~j>CAYg&P)k|2FSNJ2s4{YX=^OY3T}6q z_zj<~AZh%TndR%tNmJ#^X4LCa@#IXZWVL8IwOEH#-BJN;38BQZdKFd#Y~`6^==m&M^u+sL<%^r;z$g;)Y*e$wF5i8E#D0$;P7rFatvE9~5BO*}CHW-q=CPYf=sB($k3{@kB z>i44LHlDZhh}CqM_K`L?D@{=JRh1pJ3J^{=B)I{?Zh^erWddwe^XvO!M7y`kaA<~IRU{YgY^Nhx#ipT~M z(V9&eA1<4>A1EUtN1BDc2}NP~#aMs;R{H(LExykk4~V!@9J!~@PVo5zdPayPjR|FT zJ|VlHiLcVyQclx!P@{L&U=fPo;GKeg1@{J!AD8e}d^ll|2?ThIOvU5k9o)XoR8_7y zK_A;14y=-**+M2|Z`l_DT%VOb-KXI`msN0oeSXN9o*>Fwg5eF-Y4xuUe6U=N6;u0aMC7%gY$w8m$GB2c)G`=&w7m))0eYc z;}&1}3DjBX8k6;C@UT;?sVU01kV?7UKp=eq`W8~p{yaCF<`T`KVQV!3(bPo z!gFVsFTm+C6y|MC=}+#KR3i|y8g_eehc*`T8NGJU*LHsP35UXn@~&nOQ62Gz)6o# zs)SngqTT|#k?lMOD`_>3Z}obtSBM^x*~Xsh(90sg;84AI>C2hB?`6GtznmeeiB(Y1 z_i&k~oxiXm{xiv1#K6E3jT$N^d=*Mhh~YXx`ubk%lAkQ=E_LJOC=aBUE>Oi)##4I@ z#=6;wGQX5&7dNI$#;Cy8J?(z-b*OEyr3ro@N7OqUO{C-`^R*4&niG8~W_?ZHc6G?k z<|D>YeViAkziQejHJuzOYX8`3=~MbUpQmNo%>qUmy6)IRFT6Uscb` zl1;IJP%UhH1h8*b%MY95`TV4h`q!Re2#}tV1++rwsp_(m!!PZqrLb@{pZGZtVTp~? zOS}+y1H#*{oNJcFxs z9g2CSPy{6xm!hP;_?w|uk#w;{75w~hfj$Ps@|UY}ZOd6oSsRTdiY1~9o8RNebd9|e zSE*|#dd|I2b@m!YhHYgWhmnNH;H${20;UUVK^xkj@7rc7dU%$fK%5)B@Ra8apTw~R z=H0Cm4Yh%S_7ON_z4WDO3&95TDvn|LWgje9o;^0S)}x@4CK9?r8od`ZN2W7{n|Q5s zD(DX9g@F!zr&f!f`$Yx~REgrncYc4MN+M#Iqf3>sS9D^r#gCI!WhI@vn}n+qt0IG| zX|?d^xyFUNrq_kM)qP@)ZQk@@wWL4O4V3s2r7s)hkFyT9a|C=%MQ@y&Chw?z@uDf= zKnuP9D5h}<1Bh>boUZDhR{NrgThXQK`N^NBV)4COfC2Sr!9nB5$J{f3b*Vk;c=WsW zgT@0w0n`h-{vku3bBj`bG(trQ92Mr{-qp_m*x8VcUY>xNZk%GTPgMAs%Xy-^yH^2! z+#=LuuepBaSyExn)|=JeuLiJeDCCc8e)_Yd;~{o}N4Ot9TRXufW~uXj!}lUJ;2=vn zHy5ai5ygL2@$Bng$}l&$T_R$0e*&$BCuz$FrP8A$baHtEE*pNUDtoZv5h2p~=^1@q zm+73r-X}JXjsZx(xol;IZ|3J5D<_d7oa*|J*a#zwn-9*4{rkg=i!~=|DPYP(zei_x z3b?z=(OM^Bf`SqyIy%kDb{ua>F3NoQ2|;M9f!}OC%lE17-xnkM5tqtwzT7!R57b-j zAn`6!;KMguo@|EnK_W$~%$ZsLK5ximWU=R{2L-f|li~K{nou(3+OHUan|X(xreoGg zTp>@Yr%3u-RP%Yvn@pQeidv!&5M)pn=Ua?OZGk06iy@=*J?Q_u1*i10N7J3nWtOcz zjK4WE5xTQM%y;xO<7ho6;n(N1?3_$A4lpixx}g4RR~cE7|Fz^|=wzXvc&aTWM8j#N zZJ*`XTAfL|UmwnGHGZQ^Exai<;`TX#^Jh-qLp;)_n&Z6b2%#^ik(60w5LvXCmR6gOkKvN=88p%24at5;rfg^q8Lxl6HLo}=X4ak>2JmOy5qxrOx;wfT zU-!(J6)$*!pWhdUWBt%TUC>wD{hRIl7eV<#B#G@$`tBnskwMq{w<~i41K?U{hd3^< zXqEOl%s$J@0Q-iErd1Fq+}fv1cV_3d&>ZxpE`|J-%9<^u&9X!JSc!IimB}OYwr5fPRnvBvN7&` zkn8UX-Z`aA|9cVqL6w~$q?4^0Q`)$&=#cKLpZ9pcuua#bzn61Wj^wkW)T|{Tz znD63kDcXmv3`~U!LHztX{m;)CUVgEAhSV}m<%Dkk7wr9SewO$Wf*N&GE4cjL>;I9s$ccuFG z8@c~Mun`j8-KMrx>yIn^UssMn)QJfflXoa8`Co+k9~V3-eOv5RD(kOY~0P-&n1hEiV(xtsfcxk*L@*%=#I{_iF3OBL`Y4HbDWzYF| z)}m=nq`rJK+iUk)U5l*G5)&c5R%UwgKB7DUqz)8Zs5%J+*PgLXF?3$70wH`C(Bm}7 z&y^t}eW2IijSz-(*V+aE#wc%B*+ z%QvhIQE3{XlOiAYcZF0dtO1#MsiJS#$rdP<3nt$F`EW zcF1A`adMa-lGZ;Hq=1R7M5_)Ao`&rZ8amm>L-jbHOfCp$Ixa}MOhR2B_{4)MN%7tD zHL6jr(_Xe`4-OsLJlHT_S)Ln7|4d{5wVhz6eLR_@kQm^iRcxE(5-sSEJ5#o|iz_bK z5OJj?x@h$Ib;quC8XpNkht+KH<5#M7VImEAjQEGe8q~^Bg45GIPGhg`RM7410z0%rHu|lo+W&6n(?^Njj2m6_aQ=M6H zWa#n6Xd10nI2#a0%MgNkd&q~^OM@I(`?-xfwc$CG(y^bL(n{j8nN|^Q2Y#^^aeqMs zsHwn9w&y&&vo#i?<(LH|Ruj!c_-HmzSkXIByT?4)XAXx12LgD9afE{rur?4qpCv~h z&%Cw_veaB4rMi^vXxwA>_p-j}eLZ^yh-h0tqyyKy3vSsq-)|*9Ja$`PL1JJ4iTL@o z`^I3=M+u{P>1$Rh@YwWqn_vr1eS7N*eliun)r^(Vdv4!oH{E`;UII1^LNpVSWE!L5 zo}_G10zQ;cUN9o<71`k-GP7+pWJdJ%<3Ui5`wOT2LSkyMo(o4>_QoF=>iiLb{s{!c z_c3AA*lOhk{o!D8u|ZgHCO}W-A*#()V1_q}_gz@X(1;zA@)FKfaCY1mBb4@m6_5iP zn?x<0xR*+E?B48K7>3sY;EVGI!1+1>SRtSkw9jrl=WT8c8?-jvm)9#P+o1UjTQS`v zZ32wVaqya#-YtNLvb9JhZ7y+EBHrj*{1dt}{njlv!#t(C0pv7u613#=%6yT9cVT@V znCcz?KW1RBa$`wVH6x54;w~9Yun0fOgC@&v0I^0~q(AYE_;Km7(0!s?mdkV6T0NqL zrC#ICbMeYKfDy=<8od!1g#CSH1#IuhftI0RCJAR+({HzD+uq-+n}&A{jC|WDCoV94 z*XJRQVWl@g;1f%noK6^fs5>GyJtnDHCgilazN$lfxyGHhE@$Xapu~*Sl!P!nju4Ph z&Ei*uZ-;SKa{bT0M)W&cZaEi_a_94cy8Rng1xlVlA$NXbQZ zX_W7l?)|in?F)CL1Uc?M|5ce2$qeQ z?xcS`+mNc3*8l?4V~A-an>0mnYroT)MkQD3wO5S0>n?j+T59>`F>9X?QzzXWS}m&6 zjy^^J8on0Z{X`#VYcUU)?`o{>#Tx}+7f=h`Smahzp4YLej#Kk_R;rec-1NSvQtD`@ zl@2(O4KStTUkUf|n?U*q3o}AC50Ou{X5c2v=0#^J85RhnG@k!xD-8UQ)1% z{)B~1Vx-OD7~+wT7-9L84l5cO5j2DFJG7&^-iRKayBelc6tf*%ywq3j?h}!eX3qNZ zrlQn=zY+w^6F4pB5*GiA+;-QrYy2oy7iwuP;9m_+q;9VM72!CEK7K&S;f`>{u#3yo zArtV<3*Ac&9d@fE5Ek%|mAq_OL?lGq%&0*hL9glVBQ8oS(Nv+v(m!8_H%vQ0*f%dP zPP+{u1X_8eX*Jzvx^q4Nr)GzBUZ5Li;J{tpLHw#5g^At}w#5$9j!`^@(+2;xlt35K zYjoU!p6#?Qt!7yHx1ke1MwfS3F;H5x4`7)S_{| z?&v$pU4PqWuo2-rUgQJ47>tG|MdR`By&!EpAe3Z0APKsp{VwTXc|tf5=|8y+$!e!?8;w+^dyC;w5d4cVPTa|iDKMaFS^l(vUleNH^jIDPE3Iw4w z8r?g|QvFv1YCgU2zHuMz?xa_;|GGFmybQG zQmfv`vhnoSy<(bpJycqyMtI`$$TJcSJc-Vb$8csPE2Y$s)sdB*6eH<@RO9681y4muYu~$PhN;o@ho@rjE{+r=@T)J`(Pt^9(S$_Dn_JfzhtFd4N0ab zht3W-%n8yHKj0%3Xll>UGK0Z_(!oj|Yh*fXOL5qN75e?wwx@KT6cdfqzBnGTUZ^&* z2Gw{MSV<37`VULmBPJgaE;NqwZY2=O)kdB(T zqa^$D-o8gPb^Ky{|2PQk=iNOF`*|`F(7?m!4S~}N#Cpn&UC2=9tgLb zOGAWF-#t&>%7k>Sk?oUYR?x^8tS=r?EtSkTW01{FZ!b0Gg|JwA(3mZP$UeGVAa1TEeGtr{LVH57P2}2&1n)Nb$-G@qn?L{pxhs=aa4xS6RJn9QnoroTZEC>vXhL^g62E5P-KmvQ|?nW*we{ZREULQJ&S5y** z4YN?0c~-vzlzmfHq>@wMX!7$&*2fh6qy`EIQUZ^9acH1f zY+MMEX77_CV#ZzhjAzE~c_wP1xhd>j_LB~};f7ESJ>8Aj=WRWYIy80=+3Y!{_csHN z5`2NKp@v)F8h68Kh_^ld>Wdo_!vyh_=SpYW*LT3^ZD}p6_mv#M)!Ck0Zh;$NM@OFU z0|gRI#?gIYQNAKd;Az*Bre^!i13hLJ(Zz5LjL1K;%+69=T6`g3%7h3SvB}i6K_ALp zVMb&>1(#J{jNx3}8}C#>)u#e$#4`gFsCES7%6cLosf zDMufc3Jbbx2q=m4XqQ=qFXH&A^DtlR2Q3n*W^><;XC>$*K1?I3K~R=$*^f4fMx5o5 zW4F=d5)!*c?Xta4dYnI-tzh&y{+QUtcc!M5L4H9sHJR}F5SdE$U`EY<{b!y_wPmkNJ zfj)BUfi^kWa4#~*)wzDTfy)U_uB;K`Zac_Ocjlmz)_B@BndXx}8BH+poG|l+A$1t6z3tQT#5k&<>m-t+ST?>q1J)*NEVBt_R`5EA6vaR($@uI7r(AA6>Mxl zPCQM4Psz<3EY6-CXkN`5`r+-F*o4Y+>h#SHpJK?l{l==cp7YsCRtPg5e=f{5dhLew zOtAoB@wi@xSQ3E)ZA9nWJE)RMcmQ#^$?*q4rZtJ-D zVAGQ-;gFHyXA~o9O--j2r6Q0E?&x6M{?T-sG>;uioYXJYS8`XPHxN*vF43dZqv+~P z_9duR956_3OJgbdaipn!sNq6Ip{GAe%jk}Ed4;1)@ z=P5T=ow;;6i^Hhv37Cb8bM#NLoel;u^uuXly2@nm1Erh3sHZ3Q6kUnv{Hke-@rCxb zt;!~AbPZcoeDrjZ0M8WarNFcPwJA^I&@L~i>(di7e8Sre&Gt<)hK=kYcub0YxsYZzNooz^fh+7=X9iOZpRhA9()e@bxK+I6s z5{J;N0%(SvLhBUSULOz9H#za$&HTNOgQuzVC$veS4e*s4c9fKjo$NIwLk`lr!s8lh zm7!bMZamq6ou>lmjvsLgT5`<5ebIP?$5WJhA?uz09O1|=d9(`#z*KItl ze_6tcV4*172*2QBu=l%%41vD0MC4P&QBsNO^+km0@Odid#$HNQ_QA&!P2Ij5LbWT? zN{XlEW6AuU*5Jf(e2hzd)zwXJ&5x;I=`}y6^0YmM6%avh%v97tM36<;@U&VepjJ&A zo9Cc30rxHN$Tj(Pxp*9UUtstHC)F8=$Jsm6#fhKhC@r_Wya=6#t7(dBZSURlkuN?$ z5oKIF?0@Bi6~1N{g*$DAErR1NpuCP!ROm61HZry9L=laV2Q1ynMoV~Id^A_GcAoFm zkczU2xBGW<+()r z>9x-?k_k#xp}?a0A1ve(9;W2d@R>rd-%H!)S9fZ z!lxmlSmn?9e6$Ml^iVa9N$^uT>l38@)zaNY(8ilVT5<$0YWi9ksOF5JT=2482Wo0F zQ{DEwXYZ5I7v+{OUYp4Z|IQWvgdl0LF~jnh5@oMS{_E$5Fw5iE!#cF))31;E=d<8= zX>^T7Zh#(qJAGTtw4mC%?o6xE8S(j|?+LFV)fQTcrH$1EOkh=8e3V(Fg4gfSl(S&xU zI428D`}lew+NDZ7IT7RIf^;G8@Y6}~nD&N3C+-!>tnHfm$JhRTe^3G#XmXbMJlVs) zAuKl&=|h26DtwM3hu7Fvv&_nPez07sKgN2gUEe^a?4QK!Kfj8cz+9xgfhpzvC*b`4!k=tLe`PuV z5XdYXaX(59T}b_3EJ;2k{#=@M_S|Z}gBd`j1Jj7I8tDxIj>Wj?jcC?{1HyhF6agbdk01n@9$klG_zoe>MZ1~4e&hv!VAK;P_&_{xA|v) z2Rgd1CV3h)8t#XoLs$gDF#Nzu#6 zjMvUwyK3t=m*|k!AmkAJp)sDzakgWM*CE5Mq=Rp7Z)wx1D4o)+m6(?H#?6}n=tGz| zw65?)Ulaq|096GxOeQeH<^v#w`Gcw8{G0CoAVv%=A0L|=#s7HL+C)UDz9Umd9Ng|k zo;!X;kX6`-BbdBOCjj+pLZhL)wraC)KCY5*gTi5b$QvAoEz+x#k`WMOyp({Nuho%X zb|%AIc1RQPy9NP2hZ6rT6btEvmWY2bK!Au_|3i~-VHanfJ42veGXX>8+1&u)U0a2> zx^Qu6fW|emJ{kMx!uPNK=NFNuSnsKYIOVN9v25D+T)A|ucAH2A8NGxM)}K)1(Eb;< z8|U5x$DvjgH#(B!;%wJe0sQL(Rkl98lppQ3Z(=3puV4N7N1UZ1(PMl4;zhCi%x3+? zd#pY~FA^xP)@4Bx2PKp*_Zp-6LOs}7-d^GUc{gcYMS_WB9b}Ky(~%2ZVjBXWO~dya zG|G5ojPw8cor8N%Yp#fGz+tagaE0R6&qVH%BmvR%S{jBz8kv^MzrCg!C15uVNs_h6 z%{-Hy`#?-s)N!U@to?d~zwQKuxT`C>p1_6l6Tdz+Z6x04*RYlxf=FJASQeGckHo~M zdCfmwdZ1HaIi`*m2uD`pQqkbz!A<)8hfFwxg!j>jUj@$~%VhsOs7Ty;3#`u=zn&*?r=d43krBm2*L`5$k19CHRkh_zoI|5SO(`7Rhtr zWhdnNrUZh^L12B}XtD=p!{Gs2(9Y8X2n*6_W@-oVaT=06JZc3R=tFwgvXct%x(SUl zb6M8xqs7tBs}P0n0#A_!GJWVVl4erR&m1^AJO`n>3kqjr_)+eoDdoI5;BighmCF!b z%wlx|{7y{3iYwQ!<$O=kW3z}yn~M<3d%zQWGI**Vn&C|9LfG=a?ys%S0kQi4Qo{zq zZf#Ep_Ceqfk%h;QRQ}*EYt$_i>o^tfAZ8Kb3kL@FBko+-28d}hveywrCa>Q<1;Nk~ z3JyWb-Vd>A5Y7r)ZzHw@$PfU;(JK|O#Mw32`X(SJ%LViuIfU>i#rdf=-V9nme+}y! zz=D*{ zn2O=7Y>#voII@&jjpj2y5WdY7vd+VxK1LJL=tW=SEmpM8oH z*GWr%2+9WKVp|K7FF(U52G$uAA)%DM4&7gNu81xs(j5s)>k_f0;T9Cy;qLiBuZ35L zAH#mQ)@v1r*Bu4!K6%q1mCPp7a%@Jcp)fs^%upl5Ukpp!s|VKs2h*sI&Oiw`u4m%a z1v9I{h!pJma6RTa;g}T)w*}h(hN2OWm|O}J-Zf|h+sLE}_HS9)S&US8#1{vXw=BoL zjIG|eJOTm^(#uq>QiU!`r&cGM>8+2m+(D0kOwt%SDQ()6?u0dL0j|Y=Sasb>9cZg| zINr!kF)p{rzJiA>sKLu?J3q)<+qS^>c-9zdL`x-KAxCTeMS_FRO-QJHyyDOi8lqo! z=3vueVCjU|saYJar`$aK-J?4?dBt$v zK1Ty|6@B9fAGMWc6KhnRd`*hxxDmRd9(ouGf859$dgh|2`tFMaHT`xzP~C4|F(}jk z{bGO&SR6nP{Mrrz5cX`(GXLdc5XuCI!12>-I#eDe##Z0629M42coF2AYhB(?V@RZh z3`|R5$#!5{mdkSF-<v8An?yY#weeYi5_rS#G-|;Z3k{_>g4O4b-0Ar@tZWJT z<^X$rkQ{)2JcnWjT3J)I%iUwDaSIIT(SE1GTb{Wc#5#$SZ>kM0Q3U^r>Iat$zYw47 z%6Mc)wk^Vopl;i8Pp!@Bl*8)ug71kPY60h1$_wvB=T(e)>}n_;gpR9F@t8(z$@M7K zQvd-=cHZ_Z+7S?iJP0cT^>s-f*;Jk+MP7a|0t%+N?hnb;NkR|Hn&YI4zKG>qToE_9 zdHL3rG2*g|4RfRU)mIK_{d~-{*O4RgN$uC0zXJU4>-&CPWQo`)=?9y<%w)b6^jwk2DA(HZTydpnwQz zL34nXv61Omz3-hUoRv7b5NO)!tXG)iQO=2x$~OAEJUX5ccJM%hcCp}?8sHjw`g=Vd zeCKw9?ah}Wq}LA_ZNby1Iq#)(F41ne)kYyrs->>U(Hk~p)|MQ4$d7`nx7fQh?ZNsZ zzyX#Jbyp9Fs?s1MiD@hUAyH-y;W52p9>Vh@6136hyGgQiYh7k>1Esohriiva-7-2y zeFTXuWgABi&O4v8kRLo#RPj1^#J^8v+MonXe@Y&1Y*V8yihe0;B*>c$2t90iP?yJ+pm9;zcPY4=ih-an%r18$KVVAlQ$UZUskKDDN)as|}!@Z2{=|)PtO8 zY4&_`Wa`Rf6Wtxjq$x$8Bvci2rf}tlA?>8r4OgtjL(`dfA;{>$KorXuqwFTme8K3S z8=7_sB`X^GC|dAwz<*!u_5;lD$~hqOq7f@8)8YjwWTeVFr*S~Ldv8BEaV{0QIzN{R zbO%xAlaN%|{^S z3O|~Dbj3*TzAc)R!G}K}&2j@!eNo^8YAf!j!W@QF`2GE9GT^@R5F%l|p=K2<8#Sma zW+19PHn{<(i?-3{ z<=_yQ@7yyANp?UA#K=eOsz}2iPlh%`1M#h0$k(_Z{ZJ$mvjI7q(uw47^SS;KXkh15 zcofr+XmW{I;DSn84q^a))S4dYc(CuX0c%71I3-v@I& zxHSdNxnFKq5gmLwHy7CNb|eS?JlJacH)@>#yH$A^#-v)LNwrBWgRUhDGP!~REMVmg zSk!W}6(F<;7mMBU|GC7&ZbEMKK~Qe?*OvWt!wE%bD{+Y-F@U-`cqsif-p{Pp&5r># zHN{eaMcctb`|tg-zt7KJhZk2hp7#77KmQpFL~5W){TkZnpYpf7`p@f8#l-UbtgCn7 zuaDyQ4dG0HYNN){RQ>Y7*?mwZ{Ko}aOUk~EI#=+qlw;D#ScH;i)q5Sa){@I9d2Sr3eIie}=96W~qxUPeLioAzM{i3?&*1>=Lj~l6f z12($fMsL2+|8ZxYpMy7M=C%?0OGNnNGHLZ7=ez%PqDJX&NAaIAoEhF&KP&6x|8b)! z6ksLj3Gt+#`akZBJ}x2Qd0+p?KW^$D*Y)eFKZU|d_#aD9#EVEJ*EkH(*uhw>1$?V| z=@GFGFv?Ibd_3oT=~l@21UaX^Pf;|WZ#?yl)wm}}C)?9rwvl)^?_Udm0|9<6c)b{Z`J^A4PfS9*hZ!vw$6FB94TsrlRUY+1>vuDqS(T8# zMyr}V+qx!=30P_#Otxw~P9tROOU9N9x$E1wlo9#;clhQDi^tyXg!<9{ev2RsESR8U z3YuMCtG7r;f|?B^Hg_Rc8&0hY<9ZM=r@BxF_3DjRs#ul6-vHtP{nA6s9RnwUQu-_hx_#a z&VWxp@O$^u=21i;18_pU*Kum2 z0mmi(cQ^IoA0j>dMG0`oAt=KL6|k*QhzT_1Wuuox?Fh67R4o1DXrr~sJT?f^NMo_Z z>M`dHID+@9Kj$6$EvOJ@fCuMMGTq$q=s6;s2QCdJ!od4dLRMNtihhx-sdyQgAkE^i z>N17h%4qW~{wgxQvZwG-$~)@mKMUY;@gfIXMDvAI4UOVL_QzqK&wCUJV^tUTb{)vk z?o;#ISa-xseTn4Hdw7*{s$fN6xdA!4>c_~Pw-MVH)1n#fJX@ej61KEJhtz}UFmnMf zP=R`OSkdB(QU~YbS#`wn5kcv)AfG9mv36>fns;jE=hv;md8~nQuY1XW^viP#Y6)BS z8F8en*_OLwuOgG#U?$Pcxi3JAPjI*JFM@tDG-5d_3RE`AaFQw9OYc|k2Z3Jx;DY+c64eRU-6ZB6I@W#Q3^<6b-@mx&<7DQbD?coM|n z7Z1skPgXLa9RS#Wk3d3jP#PkXA>K>kQU+Q_=!{H-Es5K|1$E~=_Bzds+j9$7MdR@UP?J2~Jf}{@82Z<7;lf|fJglOl7ie5c5LF1OdLRFH( z7a5&k_cXwS3kao#zG^(~y9ZjzM?-S0k%6h5*@iFhMq1ky%R9j^Wk~ExxyR9-C_#rC zI^i{-$}vW$0K6k4#fTJtCWZETt!!reM@8|WJ0YwZ#-QD?0WhZrk%I&?bbfop5WxtO z9ecR9X(FZF;-Y4N$C#=pkB?9*e_J73Z(;}i)CGg`L(%Sh)CxKgW)BgY{ctgPY;*fE z>zgQ<0sASIEr51<1viv4P;W_|GZ41rI`d=uq1;YVqLztO7_*g{64~#Z4i8i)e*h~$ z+`DP}1;9~{g`I~uYN?#mfSYpIuUdJxpq?F5~VxVp1 zGfC9u=x!23BnPa#B~Um|BV~gNS$Kx5i`9_0iwhJ*(GFUmz8e&C%sHWKTVgqOt%ZMV zj^0tLbpJ$(cYz1LyyurM_TLeQRsrYYM>&~MrXdKk)9xbJw^1l?ESjBF!0@fWRnqH& zhWQwWJ2~N{De}nB!k9x$+2z7C+-CjL6{6S-fd1$kSqLq1Ug0j z`gFJZ*4b6nSC5j9D2UhspLrMDp-=Wyp9i^3#VIsf^6WQR?fi!wtarwOJ28ltFCKCN zjAtf)B*5x*oyJhO7}9W2aE%W;2qms$F+QhCnexK|wB)P;OLWPM94mgrUl=2lR^E8I zS3=2l#)vmb`^M0lbd5E7Jb!qKB(|t4Br0Iu(>jwes3iI!S&k%=8cGCHJIK>D=HHQiTz2kt|2bjesLh~mHs4hTFqWDvK*ZPCpWldjsOP+4Bqu4v z_D;r814EQ#OcG3^i^eTh@=8&RM9^ut+{C)8ayP^1BO>?dYk|n1E}80nS2+6yUC}I8 z%n#|EnRo8_zJ(L*m>i48 zBmerQKf>Jav{aQv}PIQp*opN#&z0i9u#U8l1{$Vx-!)Vc1N!n9Px9XmyCx$ z9HzdeUmNAD*>m;qPZbJ9vbI340H!NdA%qg=vbsQapuvAq_+tfsA7=mXk4UlzE#4-IbR-iH!3+Tv4R_0n==Cd2tX6+ z>vPCTT~Y@;8p>T|CkSZz+mFT#O_dZR?_F}lP8)Am#Or5D&#wS5cm`9oUM{q0p5&d7 z>`eo;w52&w06u5j@mPKG3T7`bD5WhN|G3YJx$UXDy3Px`V5$GD;BY0A#gjr4pe`wn zy^4t00Z?W#xsrH&J%*8~{wR5WLvzM$wz9SWdEw-Euz*NNsZo%PEBMjM$aQ4|U@)7a z4V!01^>z^Bi#FC3!xHQ!FG;`Y&e(Ll&3`edrL({)af`Z67)0(xfamX9_hIHi=S*Sn zOXmTV#MyDJtmnP0Ndh)w?Ur@z%m7(76-Ec3df;W=*Lv#p$#kgTLX(zO(EBuruy z!)8ymd75L-7_+o7D8a(kVo%Jf-l;SgX;DMb4r~UDaFu+2xB`xxDvk7HCYUX-YuCZ2 z_{zFmIen<@dHB(}2&)E*@|f-yMk3O9b%#}+~%qdgM>;SFI9gImH|CQcu%`}b` zd>V&o4ums+RCfSzJmPhW%Pj(11Pw}Mv=geF*tnW=xs<`P7;?0mZQhV#nunFkCjq1O7{3}W#*(LZ!E9HZ0vzdlWQ&R%QtNw^6wFl zcIK)@sQ9XuWe~)Yv1u9u2({$9v0uvuJ;8eaAl6|>`QXm{ncQ=_xprSOT84JMoZI;Q z-+((Z24lK%$ps;%QAGTeazx=!TtT-YMFMGfma=R$|D-UUV^AC|11~^Dx`ny(F|IfD zAd`(z!qun*^lQX8C6f55;d=0k+3T2l7iI7RkX93=TEjiaZ}XM-ZKlo3oCrtr)|Q4h z<~I94d$^`#!n>1W;5IAXW?Wj5*mH3n++BP1jKY$Qc(BpVXUBStT#}PT(D#xVmF5#s z64(aiF|IdW1tkwEOj1zU(^wzd-7sJk3d5>}M6GXU6xcAOLq|F!H<>SBzj2-nglz%;IgXs57oD;RtS2v*F@ z&QZamO1lhA3ZY7)G9quUl|VwYmO5n*bzxtiaISNmw2Ay9!BdNE{ITqi!@n|}y{cr- z3f-dE+E8)xXe4500hX)=P^$XM8%%wc7q8NJf)Qt!q5@_lJG>DB)YCMm)*nEJlK&W? zsq@#pojDg)mDb|W@WXN}8Y=-)i6FSK=uX=7_(4qtogog+s9oy@6)AW=GeBcKu5BH7 zb$2FRqljCvJRd~DO*+I?Lcpvxtbs|0RpZSiXU5*PqBpL}I(BZD*kW7r`)UPRJ%Bv! zr%qJ2{rxB^mj|0o^+)0Ec|fccUSq<(5zciB!w)mVK)lTn<*3M#Xrd&TgyN`=b1`qO#*6|gOvN@R zkKF_M#L48E?2_@RmTfy!LaUIX30vH;oKK2lLtu%hBWS;Dz83t_s!oM2dR6JQ3i>_j zLYuqt9D1B+c__7_6CqOjinh<+ikQ4>4c8mM@Ul8k>}T0EhgkMLqRu!6#NdkC@MW_dop6IFN(RzO|9xL_>`gKIOElcB7(W;L;Yn? zc~#pplEoXDHbDPhzN^}j9HV+$!Ab-6VKHh&7L6QJ&^wt%NtKjwmO?GkTO5QdxE9Lx z^w>Vwx69>bEPZX7AhE4$MeC(sXN0iz`e_nznvK6gh9coO7bO%sV+Jn@q{^uzU71i6 zBu#tDc9ZqTMXGFASm~#x0h6^TAC}|27ak>MBBGXS{N24*Mzj-;t#}Yq6kGEdBYDg4 zFru7doL3w>#ejdy*UIw7KdCc)(}Rt&j_&ly<1H?J&t5(QS~=c0YScvOO8P9uCP7;4 zUZV08ivBHOIeSLLw^_nfF;>sxW>-ylNJwHP?( zB90pMqKS5WAX^w44?}=*829xVDbcT3&I|j#U8*$*-;$jXzZ^0MGgo?h10grbL^xz6 z*JR1Nzyr5znV38M6E)+n17>w2BoOWU{|7@q$zXmJ4Sg0x+VS+yF#F%3SA_J$rzrI7 zD>cbqFy-H%OA*>S$UX0G+&OgUziZb&{?aY=EMT>-qPW-o|L+?#2H^CEZKgy2$JHqV z*8TO`?bipnNNBk~D^KeVQ&ikC5i39q{#v87n79W@ko> znPFf_dA0P+5_E~^ZQ=%iooE-p)arHZaPzV6EL?f|F@T!i81O*3_V?sJuLsusCx^eT z5`DL2V!~uT*&*!!sw?Ua&EU{kRYapS&~-0HiElK`3n}7<97=?UkW-osz=? zpK)M+Ybgrjz%JM)NZe9sfx%K8Vz3JQW2yd(nj(z2N#SX2DKBsjya3<;iP`9Lw;D4P zDjVFlU4}6}@1dKs9em9#I~F;*smx%!VQI>C%H5n~4U1}$1fv45@W&<~TUmnEpq-J& zn8?2v9+wd`o0-aM<7#uD9|5gr6@NmoAh7%C^72bkKl0&jsm(}E-d{vymF0Lev>aE-KlH92n*I%+H!JwWqJ(lb z1whlbV+ymdE&`$uir@>_!XSKnf9`s)3Zn6Ovr@LV!DYEn>)ojvq%Ew8-pK}pU%gEbHbB2%sRg*%Q1ES)6cwE*Lu+IcSq^r}^R4Q*s zc<09SD{K5Ji}6K|%oq z$?+c%r}%=!G|_L6TJC1FP#>`$qe06>aF^JM{N~c?wF*sdRul5PNx``&!?7L2e;etW zhnC)O2qX35U&HiZJ$(RQV%7%36;rdW_tgkh&{C9cE~_*6?d|o*SD23q7->U%15(P0 z27Ok0J$mLT_P3~;Cq(O$-*l+|7BQ&Y02B{%MlAO+E1;LWRy8A2TpS}X`H)iAxOca! zQM!oIHN@|dWfxcy4c;VLX}8-@-}PF~q_~<-cV@K%G|B50D;(v_bn)92k}t%}D(v}; zs?mraax$U9Yq@&q$-@cy)YBKIm!Y>X|LJw5Eo|{SO7e`UMqq;RNl`S~k7V&3A7F-> zO0Qg!aoS{?lA5mR1Y>>#kzUc5y$z69<`~fxEXS0l83=nMV0x0fjV#H8B(FZ%;@xU{nQ=0m(g zZ){dXpD?y<&y#4Q0^Bit+My|+vz1YSPANMk_|2&ck=F9rH;qA#$tois8c&0M+3Y38 ziY*Vla>*;ReLeNp$xV8eGu1oZxw4QS|4|60{zKdD2|__z;4Ct%QHUu5SmxW+rJkeF zA&ewzpl(U-T^8r{n0t`>J~H8J zOTOgT3uF<(1T76|uWx3rrz^ip4#romgALZJbkVds`*TSKUq;0kf;pq>LF)5pQXWJj zI!Kf2L($|iqGM>EF3g!#{RPxBkxS}dNtyR4Lk`V@hSO z3b(C$ImY|+dqgIt{Jc4Lk1Zr+ML!iIZ0+_ZE?YL|t-+;aaOQY;C3)~xn;mLW@g13= z=N)1r%AE6UvQzT@$jpPCQgG-{cbzQ7+GPNwW{XsaESl7)zkHcf|1II|xtIze|MNG) z^XHZ6)}bz)3r6~cStVNejwxwwZcw%jb9Xm!@q?&RJmtk=uQ>n0KVo+`SIB@4dHm%h zJA`S-HaPLQCCu?$c(>+}l)h~x16A8c5n71@4o7kWJJQ3%Ed|1}pJ4knX({?#d_yEzsBIrD1-DfdcKsguoIG)L%}b zF8088SouLR$M`64Q|@8Q;CjZapzSfoedWlfPDB;3wPCUHmt)-!R~?3_V!mfnnK9420sz&nIU2aeC>5eVNg za_&%fK}{=Ow(GhVq6%b6n#{8^2}Y0|swGS+mflPnuW8wSW)!#qq;wD9N+T5++Eev1 z7vz0XhEk>-u?@15rOE_iNZ&tec%fW}_)>`p+a=q}vnVW$)lD#BJ6(XvxVC*c*4BLkD9;TvF@A1`G4$vXIPWz)~=$l1Q82}B2`DF2%=J?Hx(>M385n*UQCFDDjVkMWrjJXFz%cdiQJZDkp(ZZV{Fjb^aW)MQI~tg zAEq61Jt7r9G1dzO{}(+4n!JPAA2g+T+9w(Bw8|0%mtd7{rvkYoCRRVetrm*E92r%< z)9$6!3eDiIbYjdq)2|y;@a``s{=A;mw*!xsB5-Tl?{@`<>1HnfHkdjiYcujTM5i#n zn7i}B3C=Uy2n{iIBOAaN3#F*wlP-2-+)&SGghhA0EDwkdJ70OK9J*0Qe#HIJ0mjZs z#I1zR*EqMUa9f_JPU-H<(io zzy>MG8CRV5=hts#gAt};Ui93t3_VtGUgoyKYmo)c0rRa&FvCh|bOsp1dR}T7Zup_| zc1fT>t|S6SU7pq=gfdGHmMpwad|Hzzm1H?#yzqv$>rykH-7^7apl(G9Ex;K__ggPk zBl@I9sEq6LBl9rsu%yOcQYwy@QzH3d2{77rcY3|MUBl26CJTD!YCv0&-4|=BHl#%g z#vYBJ!`uO&!LsQ~>Fdv#sW>k^yc3}y5kD5|&1Zml42Y_2h1>l1KcBomkZZ^%eVkV5 zVh{6#QbaKpSSj@svhP=@7S08D=v?A4u3s<*37w_v0~%q{fxzQO^1tx3oOF81 zRMtmfL@5aBAU`-Qc?ds^3O*-xF{_x_%%C#`yD%%jnrkyOulfhVeRGN=J9=TSCcI9g+J=_ysoOrcyjz_LZ*>q?_6^8k~|$~__d>Py5)(K|~%rQ2UF^Su~T zJ^I1p@al{~*YlhL#^u|P#aP^PWL-thj`nZAtK($@r937U0Ac0#Va-gam<42MQhR9( zlgXP~YJF_R_RN=%9TY`n$FVnAz>rCpr`J`F4VL^~*+TPYclz64gF}=C4zyc*iuhB1 ziY7P;&@y;-sMvZ{B<_w3d56l7YQ}lc(_eYe>+(^Zt9=VP(`0gyiiyd`)oWGYXpQT~ zgP-Fz3RNFm_p=P2MC|H;f$Nrhzu$Mi);@dG?uc$W{>|uX`0wlTAK$8cfhK)-@&cIW973nL8WY}}@^j<#Y`WYvLSmuXh#@C3zQF5mIp9d~abf@L5Kx>Htg|$NwZLEADq? zxo)Mm)$2bG=kG7;dmp1-D+HSp3|<1wI`dmP29SlBkZEK3OY_|Kx1d(x9KBfl2G~*O zpA!D0HIfn?U`~{2RJIlQqF&P`IKha))d|qFMj&3@_N>qN7$V(;>;<6|&j8C#?djnb zK9{A16(S#K0OnaO%G7m2KfD96givpUK7b32P*S!PIAqb@gL38sVk+(ESVm@O;E5x; z46~va)8YVbBmjNSW+bCY2Q`&Wh%N(6tt%j~N(GlTsUV)W&e4P{C+%5{s&fk}C`5PK+GQ%eB*B@ZA7X)Hq zr2C$^fx-(#+Ae-)f+J@cNy84TOK@{3*~PZgjeNrIa<9lG%98j20$)}!@C zPBQAXGeEk`eT&tul9)Je%S!nIRHdwTWw=rGO@iby>e#t;rG(8| z1!MD4op!8Wp|~xKyVF{4-uPrq85zFzYZutyGwj7gomEPR2rO5O>IoEB1U6vq!$^LR z6@Et{ERgbpVfPjP+U%P~b;>g;TAFa-j=$wzN+jgKRN*DfQ>f&Htq|7Q2KdS-&jvsg zFAvp(xj*I86*ji}{CX|!X(Mc(5tu1i;z?maxbN~XMlkEI3A^bXGxz~Um2Joa2mP^E z*6(MJ-TJ1;w3VW!Vy59#GmA!f1aK)RlCWwvP0V>040W6XG&7GGw^0Vwq#vd;s*r}D z+6~S;)ZM@GW@8V+nrH`UMV0}LSSWY$Ij=h^ zd`E-?4RkFhp=&0&2Ob#%Nbne5WP>L~C?gS!-#}rxWSr5qg>9^8VYrJkLu(3%TnY`3 zyE&i8sduDVFb1l&HZ46XeDzZr>iTAV>Y>cFL#rM{o3LCGbt-YST4ex(TdXKL;U0xM z7i-!;c?zO1-Y=sBJY^R-uzEbTf}cqI6iZN=2)rKi$PmiA1lU~Pry-s@PS+OdSyCes zu%M_(AOm?Rfr(yaceLqq;Aymh!Z6W11Te{*G2{bpG z?4USE8*^*}+wIS5ZM(uA`8d{mx26{}m{Ac5X@tA*pd+5*4E>`=Z|Xynn8#{ubB%E+ z!(X%PU^BN%K4O>dJn~?|0ltz=8LMsfHnp&koyro1sF_TA)EY*(cp86m>u!P96wM@a z%8mMoMiu-u7@fw$!C6%ZC5|wFqqnI{BPS3tm-o&;U$dCDF|C2Pg_xw9?%W<*;SloB@shR$7fsVio6UYyco@{P+? ze;NtJxxjMPo_6o*m4(H<6Rz<+7t=d~{&xAf6qM*qX0MyZ`=2WBxc4>I=_B^|~Z zsnbOZ@Z>-30jlya&05S&F`vvMFhr+4RDb1Ijy!QQ5656zRub)Qyem@z9Yx1wkXZ=) zhgclIwWHlfP66|Z5Oo5W#F~b?oh7jx);C!9x2lv!*&&f6W9vyi2_c3D!B(Hng!P=6 z4b2R~u2&Wx5k$rX?d`sVjd7QR8#(y7`_8@3#D)o~%f{Gk+PRltM)7-fMS=oxUL=a^?0pjY_ZBJ1QOUDy+dH-YL$fxE~cI**Mcj=-~qBm?QH>*}YXhHxAV zH)1J+sqjvl_N?!#@k*QUI|59UWH=PwYQr6Qg{n`aKWJO780JskrQRJ&;Ln&)SBZIj zpkRysGr3SuxPBzPIF0Vcu^zC6yG)rjS*f%ly=B^$pGjGJzgJ!LU8LNRlftW^*dMaY zIazm}wT$GLQ{fb^h1+0W+M$rK4$eq}Cb&H`TYCEZhtVCTt8OCiJ;?fwNkG5u1q)SO$`aVyXN0>dZu1^+~FLuIwWuCRL-6C>a zxmbO?4^Z0gaUB+zJ5nt5Gk9 zFtEVO_H4quN_kJIEGv%hV#ay-F{7E9`3R1>jV3xtDtd-l^cyqIKP6%Nt=Q-0H?jM9 zKY2{$S(uqiRJr&S_$!u0Q$9R+{2n_X8D*Pb=N8BD@y^mkdPNyd$ z!FbD}$R#D-d%zDB3s@>$_h@o@Yo6B^cGRD&qXn6SD?8h>)l`X^G}w^A#)KhfkWP;3 zm{X?0br>k5Fa5O<`m~jBPnPI^;mc~@F{S1d8bgq$>naf(-1=TGO!TXoQ4A?s&L44( z#@}w_L5%bS9I|em5~K*%ZOUY7uw}m!`}T5V809#7=G+w1#oJ+Eee%KO(TuL_D-XAd zNnwT)vDT5!^>j7i- zffL+zNp4O3(x!D^|GsM6NJ}fMY)Y2icEbYZY)yAkKnE3vTW$-H7E3GarO~z!a^); zVrJs|N)5qb<2syT@gd;1BD9nhjg-cn9ZkaCGLuWY=%TyJ%+6pV6+rO2ET&)!513buqJNujQY$J@bRQ~ zZ!?*$#>ySZ{!GKPVMEtCJOg3oY(=`&c=bEaC-;NS6(>_p%ZOq-{wAD0&~ z2oqu`!$mA2kl!j^P*M!tLtDm;Eg|AZKTUC;RC}szd5ymeYRGo=o8U&)6;oL3^mx9- zGjlo0KwyEk)3dh>XR3@(XXH}hNdHhReJC%T&DmT*@`=_v_~^rw^(a$fs68jGAzr&K z!x>*u^X(zLS-+|%yKRtgwi~L|$0`klOJnEx2qy7%G>jYsakG%X(h%O1qJeseLuD&e zlzU3hH47igT#c7DnDlWKZHd zV+YTM`FgbO<;h3XN++;OELQ4Zv0kAvK+k3d7)(0SSUE!-S7SqvJz>_GUPJYFtPvG- z6nY`$ne_^Q6Yn_Z`gSkM^L(fg(zV0oiyzV)GcXyjy^RVECnR-C#F_!))fwMUMFG|& z!8LBijy3H>=I(dcUhmVsX^?$^z{3%UYP)w_?iXl^O+$mGzqjj+ zcalKC`4`7B!Jt6%Kn$h$b4}MP9*%~K0A<%mWb5COE}IhxYX6$XzJjj&z<_(ttj+NK z-_mwz8;(g<(f9YSMn3juNP1#zrv#!xFpmwB6r=z zdI{2p^-7_54K&ykvl+gYVcKNFs7yJl2N53JR`KBVe%u0zbrfaMnq^@@7>XT?hIa6U z9J&6QEG0D6vb%);?(m&GO5(&GSxJ}it3dSL$iIM>_XT+a@pb;ZMX~%jzpqxNj zG6;gMBi(_=o))_U*Zo8;9$H|MoCcp)MhTx)@v@^Y6*^C)VloXsCIG98-yAyubb00O zygvr=f?a98Dau!$CDMJ+FdPN#|9P`hDC^CZF0euw59|?Zue3ZKl^!Ahy=B_LpN>Fb zmkzCTcFvrj0a+)X#|nN=Mqc6@?~wfpTbbgoJD0-=kt2X+=tQFV+^on>@zXPNZ#sFk z`^V0V<(C*6Y-e_6S=Kj`&nWP)IKr$KP1Q6ro1(sG-Oue(7Yp_8%Cycm8GxV?src16 zN}D!uZ~0pW$_6i3b7(GRMe7w2;Bn8UQ4tdR^PfP7jG#!qBpu8$8j?#Jv3$hE=0Mj>?v z*OA_08EF}LzV(jOiEocLMq0oGgQ8BfcX_&#ibOCsC|c?cS_Ku@LsP+n`d&iA4Jm+} zA4RabgSovyg9dIatheb#YkI7-{$uAulNW(#XvcpT?;AUDK-f_xhSCN={M(j%SkL^) z%YZYSZ;N`X!f1HdrSAGobMKW+u}z<&&2O20-g2^mTQ@>@^M2vwd6&;qGs{&wxW&0v z>t{fQa$!B_{r0>B!zo(nMMu*Vy}%Mtj4|a48dVy#9H=m#sK+V4=%wOfVk{5yK7=(< z`F;jsw{mQ`cyC*xxuwkM?fq#BUA$(RR-UtVPnPuq#}8RwR;&nH?pIt^_3E87*;=gCuN9__8udqg-zX?(7IfaUyf0eBnv z!c>l^+LlfB5HDLnAp!ARfA_`m9-`-JfBAKe&`kfpJf#G+Ct~$GGGN1+n-@opzI>Y5 z1vu18qa-kW(C*FL>5wGY72W!bg6I7cnf-=^;oR!9G~oYXuQjq|Y{b_*YY!y@B_v?~ z#^nh;xg&n9Njw4-JQq^(HPL()k(xHAq-WTtPNm@yY@7t6h-4 z{DmBDaG0!T*!6Gfer*H;4?XEA{QH}&`fv9*0QCOqCWj^c{ zV5^nIjU&IwT&K(FyA|1ded+uPEu;uJ4uHGAwCQ{5rf>XwI5L00D^lb+yo&N`+dUou zKs9017=rF+)hxqPgPVXt|Mv95-F{*lD`XT}id>3d%=!Ubvpu(1HC%UzMY{BXF$?Nw zM0-ZJ`Sb^Jw>Yu$u!M7#jxzlfS$c&#c=13IVb$7{QR=Y>+` z_j7D1*u1>Vso>3mfLmlf4LbBIhNiPW`K&U-G@_Tg{P|XeyaaglbJORG_l;nHI-i#= zeMU?|UZY@4i|rH?8%olDQij#`$zTl6PW~L^{DuAh_3B&&8OkZL+VH0Y9iN^M{JBPN z0&(f9xH~gJ-le-3gfPH{f@MnSqbXXYY*5Z?ReD=V#d~rK3}v=53HMV*Q=1p}N5FO60QaSjV@BuPAy}*yIBP^5JQ-fqQFo_Ii+x>uF{v z51!|BLQlD`%4r$EJ)~bki5CtA<^@w4braJ@AOjlh@C!N(E(P*bNf4D6y>N&|k|yBc z`#FRp=JYb-Ds&4(y5*^2c0Y`%QvDYTB9>7mO|E`=P{6=!zt~jOHGSk5)rZXj{K+Vn-K!eX|Eu}xFT3G58b;An^s)k)|{91lzWFf->QVT z+E*@mS;3~j>3MLD9fn`F4buQFAiUFsaNm=~Rlu6l&n5y~*$VVcV8m-9QYzCDSM!hk zLW$aaxd8GHgU6c{r%s{c?20E^Hv~R`=)?>L255LNgA0@k1<$z(koX%Tdmz~mxr6#$ zPz0Jow@Ie$MJz}_s8W&P9Vlx2YL=jdw^{olQ}cH89TeYUYuEt{-xbYqg`D_ZCxlqj znuECIGLmf}&Mw*HSRt_f+JzXn)!vLm-N99J?cOkS5lsO=0(+eF7NEF?#0{9|*zHI< zm-pF?R&MPxZ)pJNp7_v6VqT@YD08F1gbR&z;I|DYy}Xzx;Lo@iMjh`!89-E zDP;>vk0=of!mSM-J)?mQUqrI$VIZ%jBcp+#CFli^;XwwXa~j7_Y$$`N#t3NWQ(yv| z^ES2Cw-|20zD^5LE|@o2b(7^RNe{Zq&I~%ln*ulR0er7d9Tm{9-GDr}42XfsHoZ5k ztQLGd-6)v_y?Ed|08c%kud-tmp89nj6=3Q)K#Brbs20b% z9b4ow2KFF;)-{=P<4{ZI-cf4Xz}wE?Z};_t`1-<_4=S>OZfY1^(OV14%O_)e&oH`3 z`A+1O7XWBKYOf6OEm>M&Lr6+8szkk2viZ!<<`Z2!s^iCS5i~$8h*2ln^SX(E`xRr8QwYtOy<}%F% z`zgjKvwGn&Rd-Ao#xwc{;^i)|j}F@POMaT-jcllyojiW|&Ar=e4b{57F3wZ)ET9od)Ui07Y16M&t6%)Jw z3n1p{;vvo(-FZn;tyP-WF-OiCUI4YV80I)dZi_|V?snyn1}u*AiCf4DIZ&zLE==>B z@-?Ekb9!ed`r3feuQ&ezwA9471JRU^B}v-dIQa9K6#x34U|_Q}_Mi|0+XjW26WJ0o z+NYV}0=3{`skg-#Vyj9#-NZ2tfF9aojIol|tXLU$`L*#dW-I%w^41uAj*Ku#h;6(9 zZAao4!EC36^dQugL6tNx#Np`wGUgx!zqCwD!s0vY;N_X{0k4|5#Kes|-;Vl(S1*mWY=TvdIMdTBhPg7y1w(taK^Z{B#&PhW1)C{w!@Ey{{F zjIoIioKUTB>&8bCk;NDPjZd>Xj%^x^vkCR{=$n9p^g|UTn5%taiyM0JjSoJf%4Y$ zc3ayCaZe||C>n_j8oI(hzfq9@>WSMkTAg0sB=w|6V>l<|iL6%zL0j=41rSI64T2zFhZshI_vEdTMhszn=pSgj-W z^Qu3Jwuu80D0u=wRIcq{dG?L6=&1W~+=%PVC&d_jlNqU8Peu8sM9LeSxC+T1JEATb z)4i@#ah`O9R;p>-y1Q#}O5ykvHREbETUJ~zU;TXO?Bb+uQ=I6g2C_P%Jyx_-A$`8V z2AmkI`P6|Z)5F7NElJU;zc`ZX@y~ z?fvL55cN#&Hgl(Q-PqSYEExYr8~BHJVVgm4@j%738-785lV+r%-*cb1KFap^La)p; z`uctNU;=wld(nP-c0fk@dqakS>eZi|S|{<0aE^IsH}vB#ZB?n{=`h01mq!ewn1ts( zywmc2+U&qman!9Xa{4$O+smIrvlp81Z6>62M^^;;|6IZ4f;5Gs2sc&(S4L+dWPZfc z4lp#vm_%hN4c&x~or^nsF~1qe-On1My>2^_{E@FsFXqR{t)i#!&P=WO^28zWDk$sw4B$H zik?3HsOQz6`tk3WFCtdeGt@V%s}WO-FRjI((uuaC7o6wh)sjF@1E*PGnO89`~^_&OpTt{ui$OPh#aH5vNI^V z7|(7f1Dq|$r&oDPCf!t+?u-*}a~}9EnZc)=hEjGTeNVvk3nwcrVnfyC&7`Mp)MGU! zPQeD3imQytdPwx;GH`qf9)XwUH89@Y6MN_6Bfm*bm))DPB}mn2Rlm1cS;c#Ffvx>; zaUpvZW;;jSW=9b6n44!K=6>>3aJ zWdb6DdmS;ZSfOUb#o+*T?FihYnb1a5qjVsVvTjfu>0O#Z3`Cv+8VvT2A*;Y93#d9r zXDHJ+>rgqNO34#Y(KHRJwJm_Im%klnZ35hv9TH7YFn>uLK~#|h5tB#(JaG>?KI`Su z;BMc{wm(~~!7GqnwJB6|o5_yrF<-`j<|rbmiD%_Wu1jm^gVI&Hia+-d$%zmKU4)vg z83YyHH8q$6CQB|>^wTKV1`Ul7C2P7s`cDpVZ?8f7X9lW~dDsYmqlmtIVc18Q*Y)sw|Ku90)Zz6akDP0E*VK%E|V;pY(aQAs;i^3U$7i zZAujnST+}o7EmuT36M2T^j8~zrOZnKLpR#@3|F{A)!URa7V;sy;c!4Bq^)%qjpYvU z<9dR6XL0>8Yt%VIM^8O<18XfC##>?`CDo8Jl;=PvePP@Iw&TcKCIhR6M*yqcYD&ym zWOxn#ugLqRIEvJs7&%{I)j-OAcs{0J0I>;U@7x73pLr^_(6b~u z#kw_t`%zm$BOJ49@Ig6{ICPZ=YvE<>O}IW@6ERhECD}PtOzMA3LgFrl}I6 zax^T=ZVAFujbRcSkMuc`?ucpyvM4?AHn3tWYm+=Mb~E4oKq?13+I`VRD<*?72e*~m zM1EYd)ameC@(I}fa>8?KSH$K1{p`OS%70@M_x2})`6bgX?)3l~Yre8}JX1tNNYe)6 zOAz)wrmZbWQcsXz3_t=t7`5*z6jLhVRm5Y+C11uZwGG31RqFHIkg;gS&}YdDLT9%k zRKWNIGP5lBW^>9`3rvNU^|zHC%6NZa#lD`(p4BfMa5m^7_PSjL%PMx{=%al~c)iym z-w^Sk`Sk1BU?<14dIPsxq%$g3Kdv`Rz2}cV;jQ?CAPA11ev@OcDng`oMy5EFrUWS$ zfoSsTtb$TOsh~w?d*#t)m}%kK)b#sc4xm4;mT?HL`w3v>$j;58JAQWPdrrbN;4Z<% zzY5<9R`BFO0pK@?gmfWix>(69BSO0=U>WC$e_Vj#y;3yBCWg?Z5wCR=jBK97*?;tN zU%oFW6fe2~{p~XEc7TQR!>Ro2RcKAW+&HdQT!>gX9%gywci`in!-Go!tm{{O2EV-a zaxs8WwEMJ)(f{(dsmPX#|INEw_1|PPc0i%WD`_^$_Z|SYq1C8sRx=2{+Bfwpq)H< za^RHxizC(VSgY?EA3XkK^ZSo3NkRujMNLAwMDLsSba$+}^j!BHk&)5*X0dk7FHh~4 zFZ0){dGHtjJ=NUSSG+&h%71yBGJZ@P9EX2oty%N?Z;&b8%;Gdz3kHBt&CBplJ0jd> z^PyLlkkUv`*9nGUDCRZ~8sslJMO=v}@A+yv^tIu)=QfM?L0d0Y29vWtZiM6+DIgzS zaTKsQ>|ILysnOR1NVJ#63;%oh3Hu9o39=NXQJNlHXJ+8~r+wiIoKk735vNVG-+7fB zcrC=Q*YqT9C1|0%Nap^+n49EkwE~B4>x%I@a3dQEXM6V|s6EYU8qQ8Z{A&crRouGB zz_vE=W_M1&s})_Z%w;6m`&xc+wI{5m_ZeC=fyGmq2v#68#_!2_-b7NoW2$$L|6ue_ zv#D)sJ$5T?+AqFJ2*fr;g%y1@)K9_Q`q9-lv6hd%-n}fea^>th02rNLZu_glzrQoz z-L7Dh(Skxb5CVe`mrTImR`PwzScvDnHzEqQBuuS@0WZ>p&|~n^++QKAz-sMJ$0pIt zhs#DLZLKhLG6fEO^23K)+5qK^-^r7#--f@(5wu5u4XcG0b0tQ-D_O{sKPK zs=W#l!pCT`l<3p#O$zRJuFZJb1&a6}JV2505CvxgVbLC%kFtEa>GlQpw+=ZXcpEIu zUm^=`M9o2+ZhHYkihaN{(GK~+dAL}IApzHhddc!DvQ-2&oEdn1=M0F=>>9J1pOOaS zatGL!Wxy{sJ4ZbTGZ& znip4t2i(E{H`RuMT8T5Nr07!JQiJs3EXqq*7OaSvj=rSO7w*jUSrwjw4_NTW=^ ziY_$BelV8*q}rO;*SFr>+pZDc+~sa%1_FIlj$VzhJk=K~Fx=@dW|wsWga( z9c5t{9DD`VDPKzJpp|Jc%j(#5QIjzMrO0rGCsLuDwK(^T-(F$0z88#A;vVpLqx2po_%n_KFkkxt1(>IOgZF@V@cReG_dz4U3%LNqo&uom2 zypc%rKLP|;?8aM5&8eRxV?%W+7z75Hxli~P85|Lznny;^T+>&^#N>`yu`);?U&xMS zzoGf2*&NRWseSB=v)`;boyDE_fs1gJO25G>$f!ft*@dzwc#SReaZZz$zNUo4BIq7 z7zGg#!(AVK%m7WZ87R;tjE)pzTsFBzey!fO@1UVE&-CST34IqE^N99l|1f{y(%f_P_m z2WJByb0x#olx>Npsw2Xs?y(2d!tw#;Wq@uW1;i(3slOAr!I{$eaeDqQJ2idd$b@si z4{pYmIz>g%q=Tz)uBFOQ&s1kaCIPDe0_Dz61!HZ{e>^#Ga;n1J2VS1r{AMX1YW|`y zrNm$M0yV%OL}BI7|3k{{HFam5KmdjL0n4%a zqzDCkN9=63M2FXFQ+)d@Sw(IncPNq8)7?ISB8Jf-P#${Sz&=s0e5!w9caD-x662@! z^Ks)!rOFiU;fFUUsS|61IuR*a_mmH!`HkR)-hULK1>BWI1 zl*-aZ#g$5&7ETyj$5IgOtMSw+*O^%jU#ZDS>B8!{E6LtW<~cfZF}{yNnd}a2RDIn` zjUyD4lZRp`QUJs)=65pr%{Q82GO><~TpLSe3v7{oa*bZ;P0E~VWtRnZ5bPy;C~9~i zipA_mL=nAuW$bvZh*PiIE@!*(T8o#@9JsPWK2O}PZnM}~4F_A#%E5Mt3N^$io2~aM zzAp@7Ye|Y&H3q^P0;okSEv{e4xKyWimjLR9TRs#v-18XGB|(29<2uU_0`rBVsbIl$ z)6Z+iQtL)1%5X(2^2AP10}$|V98Z7!csw-HTaHNg_~Y7%m3_B?ERPcI0}gOtlXmy* z?5h5JG_|chX{`F3d^nGQ`b-b+iL^GUXsTOj%AED$I7Lcgx?*a#9p41eU_Esx#PqhV z5c`+89((mml$>2K!|IpQljJ$^)GwfnaKAsIM3b&^7All%&g;k%LL}Za-e|+KLvw5o zsQKNbo8-2LUcJZFigmvz@5^F zN3lY0wrzbJbuyPj*QSqo z?56v?3I{oimr>^W2@MP>(8V0m%x;ccAog8XJWID6>l7QP%6I!=w#{VI*+OjP#=M*s z;ZAF(Q?J}&%6F}N|C6J-Nlwp4O5@6{7X;#Rl^1iJwZG*qS?`;Rd2o{MIH*=^byJP+ z&*%3`)u=>^k_u)EJQwU{%HY)}RqtQvP3$)TWx!tVko_w3q{xS_kuIWEf!%r{;rfgM z-S*hCMF1ys2}bMMC^5Q0`RDVpRJl}aj%+9kzQtEW)FT487jRyT9@jd>F-MtisT!U& zB&61K0pp7R@v<4f=PZT`ug{}b0y3JzgDJf~@<49Bf^CF_mPA6$l5Izil-AZSZ|{O4 zq%ncK$fOQ%T27m_G07zT>w&q#7$`x+AMzZGAl+SBsgXuXJY+9eu@Pi=c z0aR|!Tq-1;0Ye&9#e0%6Mu3iva+kzIpaE?|lj;;2Is9H83AKKT-TV$PPDq3zNx7ci zwxt@z?|lJpiF`Yq3{dlWrRvr7LHFL8Ey9=@VqcXtaVa(&S6U1qQC)({WQl!E)V71U zKFqCC$PQsb9xSRF3c+qwb33zgInxl^55r-2-cDIYQiG0PM8}?sf2LbGD*YKQ-K+J_ zKWv5ly`NK5T5B*8C2(l>R-S&ZSDFH?d$=B|nzTa+Hw+ch&9Dk6$n>KweG_<&rp0+R zDqevbt3@h_G2KcH3t~$J?NU4oDmZpW-g1Jd%R?<6th~EZtvxu**u-5GNsp3f*thNt zyYoyjU-gg+!$+Q&24_d#KB|!O!fmF`xu)+Dgx#&5tsA$IkqujENiYrw zlA8DK>Z_X`;?s~3rc`=w!%L5XhHaUH&q`#4x)kWv4JCO63Y@Dl@>+qBEW+FMJKIR zkq#=dx`L7N3lCjK&~U|rP6dTO&cgsgzdXWjEs=oTC3K_{pvw*eOQ%Ya+rVLKJH@2` zZI|g1s_Z$=KE2y|q4+&0ufE8=L!u(+|F*TCN(?dGt$^1?{`^ROi<^l7^MpeoAEyd; zq!dH6nJL!L+MLp=_IwVg!dl>+cz#0U9RXOADbXR$t;q9yJUI?!{K)&C-Ya&z(K(#2 zN#fq}TvO37O#9PeZeK@eN<{8W^qL)u;C)gn?3Fu=?2}jQ6og_4YWliCNj&U;H8NYj zEGOlxJm=gH@Q%2(f@7j86}chc(=NOeuAIz*adPg&v=gwsJt2YTeaADH+@>QqO+|&8 z){9ktZVwXZyqt9t#IX;j2*5CldjAQ$b%2vtUr?XWPN9icgm*Nf#jEBhQwxHlj}bCMzUlzQwGAjxfrwi>|`4R4Aa{8f~* z19|hlzMTl}J(&;R@dgA&jy4zPZ2#IKSbVJYC9}69E!fzrQ8iv>pa<2rl`KF&Ieu+)W*}N$!Z&ZwF z8l0p)RdU9j6~_32E&PK#Q@b3rymLFTG}cnUHX*LP3A;;QWzolFp%jx?NTmGX2(diF z(5%`H5%yLZ-7e?!%yzg2Jq|IhH_B&ew>{Xt@6?y>bevG4zNpD~)*w$W`HiOZbFN?Y z*8Y|RwSTpy~Oak(OEtt!7)LdeBu zeAL2pr}KxMt93d14u*0drIjr)776o~+Bero3NkQP+KFGZ`M@2`5WMs2 z`Jc`IrcLb=Z@Z50U(Y^Fz)yFX4$mFVbJ>zU)S6=uzJ1N4PcGyUU3q(}NK|)q?7?9z zU01B(0ij4^%L}qahwx04SZ1%kb*(CvG+U19SY{6Yl)nD+SmWSO$-JR0;@JWASyz~I zQ$U9I{9Dq=|BIFYa~>a2T3p7SO0PU`Ha5I@I7L0vi4*C zdIhWEkZWkpYzL7W_V~ut0HI%=6+FOAn{Z#nYG_wkzrU`H$NQk>W4N;QrybaTKF`me zE>pXb(UJj23t%5=>71X&hauZV!FB}5M~!!yUD6Fy|CSU(5K`)0L#y;hV}cyKYc6IF{N97fAwqy-{LX#mmhX!F^Yl z+EVrLV>;rBaeA^m{=7d~e5Gg^hIg7)*DblqD|PMI7y7vevUbx!^{E4DA?xWv(fKxOVCm)Hy+Y~P|I})o*bEe*=lIk3uBlG)C58%E0De|EMQal{8@{m>A5X})W@6%b;!U24hUXJ139*9zlC z0;Im&8bemf@4Q(}cOE>S49PRR`Of=7^niPqH$0j@QI!TUkMGU1yEia#jHJr(?;5Tm zR-6){HEsafcMI6wjp&4d^JR6H+3OVHhHbf6L7+Ze0+F-6vkjBAE~%Fi^KjQT9>?gF*TujJ2WdDlK@|7< zs^&1HfjTw~DY59LV#1{HVYUz`nv>J*wo!HWci8B8hU+1OXrNJiC_W9r&)tJ@pXZix zdJp01k{^o-k=RHXjP*J1@eNM_3(c&2alGtXLiaI?+<}8kckGn)#VdzSfN7zK`Vb7@ zx_guU!gkHGE6ckDgo-*q=-l1=w5|YY>%BCt5BT^sDO8?{y)=&W7Kf?)-tFI$d&9QKaov=ch=1-X?@)o#lRG{VVJ=+{}BLC6QrHbE%< zDm?9o(I3FX6IzVDo?TxqBXuhR+0r{P#Sk>8ejXio>nMr~k${9#Fh5by?){>E;A>4y zdqm*gAHc^X6890BaY0@shRiE9<9{DFxbE8@`uZBOsR)*?TqfI1F`SQS9fKvmRZ|M^ zs7C(W{(U%sn6pxq+eLtK=l~_GK0Y+yEdhH(&^B~h^wR4!$WkI6-{Bih*#+6ekuP0T zWL1r?F%rKrxX3g5VQ!k=3IZq63ALGU)2J{lXku5gd|nz<*Tsn8^uL$psmo#?8!|@&SJp_Leo%wxLoFEOE|-Ri zEHvA^S7$k|G7jAU9n%i*%YJH8!Izb7s7}m%hHr_P6%&$(kq~SmC%Tu^y?=5jZz$4N zMT(gQAENIRyw6jw;pzk=5T$^}fJdohWyf>Y3Z}4# zhn&_XG3X#>(eX0SMXm2^^(oG407FNZm&&c2$n8+0_jW$y`=v7Y^AdL5$5#VG4B#Up znDjv~kR+ck1p_2)DHHR7V=+64Ck$r1o|TjGMLe%kO|g;cQ70f+OVjK&Ao)6;TUpN= zYQQm`dV@0f)@5lT#GFlzfq zcKnFp6m3A-w7bJc@`B0-s>H{vo~DY8A!@?5bJQO29($3jk_+<_eyt{nSC9b+ z*_ZcA&9zFID8r!-cXnOR+1k}}EdT!KJ3!^|e9cLlf2&V(p`IjHJPi-|mxA{X85roV zy$5y%zn`nWd{9>_R8KzRJte(brT_QG+opI23TT>bE&o=Z4xoCHU-NIeb6RfTWz>)`#>rCv3l{hJ;?*#QU;kcg5vuq-AEJ$G<$pyU@S?@5B4$w1k)PzYlNKi}C+?w(rH2Gy>EVgOEfo z84ozdq?jwi;0S6yQS%CP4=8L4k1JiF?!GMeqLt-;luIh&){@*o_@55Wam?M9miWUL zzHuq%9L!UdeSYKSPc`)_x6aC@k9_eOOvAe=?J#_PmmI!1-{wbqzFpe;ETFS&ZYNIX zg}Vtjuy?K|!v4?A^C159Gl@VL(!{mMM$i&wWC(yol4Bms~p$I3rVUvkLtS&Zx*3 znJZVWJeZERwBl_k{3yHoW|sua&j34kcrPl&069o0aqMw;^d>*zjssr!lWC{XQF>M&I4ny6m^nof@yS?}P ze=TTsKn(QmFzqaJeWq{>(=sUU%wN#tLa4#|uGAd|)I!GZ?e|8GfI2XM;p-?VKHQuy z!-2sd^Q9vNlaKL`66Gy6$VH9u_5B-u{pU+(5Oy`z%wZHRQWp!USI&AIZwzftcF@M;=sJf)eP+oa-Eyn+4Wc*X_1itrp9&aw3IZ z+dMpd$FlXyqfE=5D|Hb%arPz&&KaLZQ?BVh7_QEQqzZCTc=LlFIZSVdg3SB!2@O2Z zC2+8u&!Sau`7aO0b>HD+U78XMZ&vf2n?)_<194_k??zN-s8-#4jY8(ov$! z1%#nJ5}`JOu@V|JX+R?;4)P)dRcKe40)m6Ij0hs@kT8M1yz)n(Tr%QeSEPQX#jgeW z?}6-c!N~!z{xU@<5Gv${G3P7Aj7i83UAT$>!6UL!zFa3%{l` z&cW75*}U^$Gr0Dd8#sO^<9jB15dHz}}ki@4j1kQZxVujsYD`tT}<+ht5^H#&G)W z*Bw8eP(6j%&uFxJ0ihhalAR9Y&}H82+N*idE^6L<28NU!Q{uzPrR`2()gJ&yH40pZ z?>fT#Wd29fplL(7_e^@uJCI`MT{unR4_swr!lZmM^;KopHQm>2IC@tL2udPb-H&yD1!4#~gV}5<(UAZ?;sBtXB4manoKxedG``CGA>jpelAB8fM(2^KI z)w70Mv33GZaF0AP`xiz%t~Yh`T?l|fLQDW8t{_D^;vN=_Z`iI3pl}b(PIj&V1uD4Y zmoVHyAT$3$9sLh659dvq(hUYed``kjAp7`1+jT1b)B;OXHsbyfE zq{9W6BL$G6xFbCx76SoKup0Cj+H<}wW4N`CAQsp;RijQ+0uGAN&QEp&7uD`WSR+oO z?b6(h@^k#TeN%-j49}6GdK&gup!5=`-@%ZY?=A*KUMjM?x2ZBFQAAQU?!lzkI z8OsOf@7x-FYKoLDjAU)QKx*13ISvSS&QOAx)uYK5p9&&FaZR0FF9-9g^oKB|MnTby zxHSn5=ayq+l)6lG$VA+>L^FmBFsLaT?W7&uFVYol-nX#vpC!T1s@8QMS7>rZ5O1itVFEMSirjQVR7x^qs zG5l;a8vZO^OK^@A>w%nxTMd_&Jk9WLK~MXc2q2PYUXrEk+WRzH@%koB;K#nrSy#Hm zXZO*P#d0Tvu`TwBzI@X4`+zVx~aw9Dg( zRCT*(ir8XvV$Pn1Nj=U-l)LId-(Eg64!<)15jxf)*))HUjOS>VRFW>qto4&SOOhuP z6RGnLr(%3hmQ8TFHhMK`Vs>FYtVR}?0!!5JH+i-+++sE8_LSQh6hXt#WyR7ZU39oH zqQnc_b-7vidC%L!m2D==we8cC+U+nTyvpOyX%alq6eV}E(mj??O{@|vOW2!~LH{P* zFOdq1a#&8GK!el)8*0dHH-4J?53dF*3DPZ~yI5!MP=1=)sxZDgCDSKU&p-~##rW>x z?QT*x&*>>#aRPla?0+++;gcHdgUz|ZSd#U~Mf-sROqVE+t34aV66N-{Aji7VLJ+X$ z(DE|<ZS3yAa-rU_kgDA7ONjJ(r(SuAbc!M_($gG`^G72((N5yBqpGZhR;9aP)wa zNDNjunp_>rb0i7u0GLkCO;lA%#u)YAo{OJ#c^K-l5L%r(7xQ@$*^1hpGVBJe&$mQ( z1A`DDOab;3K)F3Mr_5?%afg_udEPWEa$a>A#a7@4Sn|h!S1B_&Kh@BHRh^$4*m+U2 ziw?{R!sjp4^j+9+e@2QfkGcwOZ=N;1z1CJ(x;qp^MVlD~-Z4L}PkQ!IfvzRi z_mAD!YbVYf$fvNW)r65xYVf5}K5R5va>`O;Sys*PN{X-b880ReCf^QZ|DrCdnS9E_ z-CkKboOk^u;YF<^GIn1V!wi?8>gPQ-n5FQBuiV}tkKuxzQejMVaj${GUVFi8AQ^t2 z#)n;kDPd`M=ybF*Pd)xpsEVdi@smKF&F*}imMU#rH@0X54?3%=gpny?LKuB)g_SY} zSclPPh48tv))|LI8g&emN^kJ&o>J<5T%}2kE#hA)C|3~e5B|<(ZxE&?aL=p#V04q% zMj=vlVfgu^3_m?>3E+`oW(uj)ATMA@RL!~{EGN+QPlPIS& zPRxx-JBiHoj;$pHbzU5U;aLft0*FVg)Nu_FZgNw&rvZfndJNm5 zHx%5|r^L4%P6~z9PYMXT*(WeGVW%(4 z96jES+qhDx;ZnTOY>%JQR7Hg3>BKl^La+kz(u?OGeD+h^NDER0oHa)L*h@D9lSBJqnV)hiKq@nw~4 z$adB)PsiHn156m1Ty{6k%inS#kF`$X#hh2;LP7M`+5c17b%r&SZEZmrm^g@|QUn1N zb(AI|y%!Y)k(waAD@6i=G--kYO1A;hgAyRr0HG5E6qJsT1OiBtP(qWIff(}bc%PZM z_l~3Y;}_*Thkf>0du8vn-hyz4E+Qei?1BZBVt_qC8Q+D|FwC#m{9&A@2!{E~i01-PChSC}C^H9JWH7q<;|sLHFxH~K z7|Fg=n`EwKJGs|->6h+oH!06;mwuIiNcclzC*CN1&5zCklC;4hef>2EfS?_~)!Xpm zja1u39vZP^k!C-{&+TaKjLQruQ*gJM)P(9bUV_DPgq@rx{}VLmr7Ft{6v@ygc^D~3 z#ofsOt#F@#E>4dviOWp)gBMIzz^|bOx$^CYq`=N`zG?FMX)X4Sya_H&*qIYX9yv&T zZC&-K2%PcdJj8ye+beC&@LzM&JhewcQNyO=sw(gFG1)1q#aHd1dh^wu9Yx;brROrY z*J3dmN#d4i;iR7i5{kC_F)E;A*t|CVmMBB?47xT@#)mgvrUr~gE|_r@`Kv<1U3MCs zx&(D1c+DsPO5mGm$r8oro}^kEt+5H0M%_$zYP;Mj2|Z0cc2_zn514Ez=W&rgK3XuT z=q2*CdU0G@IxAa3Ye4n@GbfazmiGzj9#ryiO{$lvNT`izGK0_ zEi^hMX+il4wgN;|$8zfy(pbJ-o7-RYdSR|(p@NV&)LisJd{3dJv=q_$`IAbYQLa=4 z*H|jwNOejBp{{b#=t;5!eDDZNbmd+teXubyD+b5SfKMZo`5gH6yQDKs1?xPz=h6J& z=S=`_s5y2KYJkHA1yJm(NW?Xq+~%+sc_nh)QJXUuv(N9@Qoh41oad?y%BnU3`V#@(3?Tp*a4sMZf#D3;5_|C zczrz9t|w9m`$TWT^IEV!I3-~P6nNtvTQ5jnNqF!{16?T9L=fk zx^s=aFaNa%@SGHvT3?fC9g#?tt+!R8*vQm9qKbvM1)a416fqy!tRD2+?9Q6*+Aj>9 zq$R};6AiMU?X1^)YWKx4*X_bRk+_XzR>6ZCLA)cs^?dWJeY%htyX&aI429g8gWt}X zMwS&k-B;l3iz&GwCQPRVj8C2nA!czT64x4URZb#m1^7d5`p4hhe|N_Ot(U!R^lZ~8 ziwS|EaTOCyA3x_ukvIzteP;H*+zTVsWAT01x{AUlqwu}!%Fw-WKy(UPVF3&hO@m*@ z$$WVg+>7VHF%DaNc6zw0*z7Y^{2MKwr={F2>ZwIQ-^Y8lw`pS;^hj?vX~K7FK;JmO zd;d0?yKam7zACbf>J*e8nwP;Lyy?6)^1Q_9tERN)ut2hf~YjuI} zAG+q`)WSd(blp!R+|$?8K%E)XH^QZA?B};`a`$O*CcP!{pJ1XJ%;rQ%)8?X0aOEkH zhAryCF$Qa#aYOvq2-hj-i0ioCWJpc6v^9I4cFlst7aGc+mvggq*dgE6f%DlIK(8#N z%-4raSSgV&C|bdlvfVOAB~>q!s3>kT^b!3ESnU^OWhpj=L7#5aEHSa9Y>PvabC(e| z{gluYdQ3Gpkh|NC6Hq2X>GNLMUW6G*VBR^K(MKDfQDnyo24>7I_m5-!zaaz6I2)o_ zD&0oya_h^QrJjz@>HEUHSmbO>n%KZpPmP{77`*GzHlCk@EQL@r}euZd6kvy zTMbg#M4N7Y9#M6h9P##PE%%~L-V&S|^{rHV-eo&r}#mvf{nLmG` zD>i3?GutV-uiltx33UF&U-w#AU=Qf#W=}cIw)v$5Cvd<)`9ZVJ%<8@lU9(>JGz~kl zPm|uKWXr29Rkk&80s1IEaV$Z|lip|5VL`akqz1H8BqAVk_jOx1gkQ7Cguvz51Lmp> za*~Q;-HExV{hS(G5<0d|Q2I~<*&Cfaji>;i*@AzHaQ8=V4wI%0IMI(OC_!z4;_nH1 zxED=pxP~2u!GP!WE?O>fLb)N|iY$lHADFpFg#&mOweX$jphM0*L*2}up;(t|I^h~k z$SJZHu(Ik##NlLBm(#5E2v%*lh7$6D9);lH>+v-k4>6fe9UJ`F5Q`e;Jmb+eAQ%)= z=`zyc8NkunFm(&Ip6SaH+!Sz$pwYrnu;u*)erSMf;my9mp9fJ3@(I(Gku(f1%Pi?{ zELomm2=K6*qa4Aebc0Iz%K7-u(mtceI?0_(+pP3*eCL@zBx{%$dY$MBNZvN_EcDa!@8Z~EY=jZg?~{=2~ssL@l6`; z>jjBlwP_oz7tKX>Z#z}ePj5uW=Od#w`01C_#okqzf~6JgMKdehaI+{ zqK5~1#3ba~y5*6D^Ri@@9cfxt@jVTk5pRZ}>UGyagRXSWTaY6RS|7!J15jD{0y~V; zUkNL81#!7gr;*wL;5j`A9RFmTdXKsSHxlY&i;0JE{Qh4=S-+6qGN4Ehc}x+??+_0v zO3!PL%OJL1YS9%i_{Cq<0OapT{O{Y3t;A8uM#(6(s~v%^Bh_d{BvAJgk`IP)h3zP#!Se8}-6oDuS+em-XAvgnnZJEgcP6v~dL0Zo(>BAc&6zvo+!w7mzvBkOFn#VFT z0SL^7LFe1s;vI74jRBk3S+|2jQWp8mN>E*u^m6mPz?!JGTHg9)ssov z1Kzz21-+I8bzI1{Xa*ooZUUh!A}Ai-1VD3N%Jc1F+Fb3N3Sq_=>I)eCz@p)~U#%eK zDw7?7zjOtI@oF41xQl71P-}5pIZW&^! z!`@UlZ^05?dv-nj71e@b?9g9B=A8@fU3<5D&C<0i7qxW~W4)+(4AmSw%E2peUGp&c zqwX7uvjg4lTi)Ivt;p|b+OAm$u#MC&MnxowqiUN z@n+);i8x*}ypY#>S60xlHOg(sg`Qg3epeZdCs|a)kB*#n6?kSOYcxk=UaSdgOe2DA ze7B@=9!d1b%FdHCneye}4*xOvr4xc8PCJFs;S+dM6(zhhnSL_c&5uoV`X<-%K=kXf4yBM=HgWjC=gOeH+5HvW$8z#VsM z;NHN{GUQeh@qqT`mKti-yYNY~M4IVkvUZ8&m6{2UxUxUvIOY^Q~n*N6I491GR1 z5UzwG%#_I0oL;}{!IeA*apLX;wT5&#^t(cN>{_tj$8}(Dn5vzfcl8_4ssvhO}&gTaxu?^+ij9&oU)n z^%O%7_TM|n|N8NePw4n%n=NGm0Uz1Q&W;g~j&?k3E1FA-@T^N0TYp2jxtY{h?cuRZ za~blTftDK{4k_|n74Yc@Aq~B>rr$8Z2)oD2h}-hvi*8ShXHW+)^mHTn!0KRrN@))4 zczw?cqY$(@!lTrja7m`ndv4_}5N34YR$3{iQQyAx32JO8dSl%NDM>h`C#m6=Avs~$ zJxleDqo#S_u=wE2sELh9b~cPUX}lg<8_tpV>Nj9}Sh1I#xyv|@3(s;5HVJ788D&(($HJ{XxZPe-RvpUQc(J*&*tPIZ()3^*rT}J^ z9vbo>LUOc)%i6kS$D*#;Wwdd?Wzn*qWC0tEYLg?q@TEHl!q2*Oz}>5L*nXcHVDXs^ z;9LA`o@!PC35iePu{XIb2D^PVIQL2WoLX%Jz!Tpwg@(fR!^Dk7@VAH=z%RYN{`Hbv zP4Nc&Y25+CMMcY$2-5+Hdw`NY;+S`lT`(Ua1J&hxi{!If+sSVh$v_xHXa71Aqb9|~ z{&S)BCkNQaOJvr6u>k)L90;vv8~FLHQsV>UYQJ@~q5n`zw_BzAu*-5pbCaZF$MS)F zF0tBBlv$2l$Y3q5K%>Ov`c@RQ$ZL99W4V=%Z|7#8WoY|)pt-|B5y)Y+TjKu`9}%t zy7^V5?C$~YeAeSqjh&3c;=X__%A$|93Tf3SITx1wrrV|2(nh2IB~B#6_Iwq*TtCif z`h3*T3YL8Val2z-$bF|GK&zyR+UhXaq+2j3bQ4zwb3EUX$5EoTX1b%V9+0 zC1`(cve@bgh}==pBzrZUA%vfG6{^bXBifHJmQHq7Ip5`*BXQNMC_h^t=b0j?<7J)C ze0dGci9y<4yxEy-%X-A)UTS}FUb^Z`w3-!*RBk>=0<@kAoK>{H0zUt~WRE7mnP)1_ zIBK@Kmpu|PNwG9J-!po4$3&ufu_VhQi9h@Xk?IzJ)$;u`k7YzM)Xy{0Oy7p|DXEvdss$Iz$e6xIvDb&YvT!; z`_BDI^!V=`Sf~TUA)>kR0_KL+Kqc`Y*Whx8$)JBGtYRYa`J)=Lbt1gH!F4I7B9ME4 zo5m?()vWNmqqL6?KRghtxUlk2o{dms>gei|49$nVEy|oeig0PJ)DAX#f!rfxWA?ZaUD)K98`CG~I>+fD=s=fcJ)2EQDNmGhb!)Qb)5^j_?2*sQKUjw9*6-Q{fnT|xZfq)4yt0|Ub3({C z`0zW!y~sMtjIAL??dq7KYQsfNK7WI$2Mf{Z|M-f&{^66T1Q2InPStj!rNnN2y6Jjr zq>x?4bpy7y>%vWFdr~P^Kq97?6^e;Af5z_Xf#=@4nBXfzJg3YzJWE2n>8|SJms#zf z-W&s&U^&Shql=i(zL@MOR6Syq~MY>*-wqLZsMIbOsv{yEM7^a8_*&dZeDFg zQ^QvY9^m z6J}XQcQ;?4Nb^&Y7Vb&-DBob-I5c}^utV?iWx3?ndz*{D7crq0kQ280?G~F4acjZ} zuP56U>ar3%h_PLZDL&HW*5}&mh?j;9<#|{lf24W-N#m$969OEtivxzf44a!Va>=wL zIue2lFw+7wzkf<{f2Q(J)<@51#$56#SH~F2RNUNM<;MU-*i7F@-6a1+sl{bX7ph}E z;89j@E+jlwocJml_Kl?Z*Zs_Fs`fl+vJz$+um(vWEc%}g{(s<$G?+WplQp=7GA*xc z?|-?qa5nY(GY{mjQ~{DwTm$wLG`|EqBO22mJrJpW354WFR;6-#Pc+ zQ^EerSO!jKm81RFy%zu#nAz6xNAg*(kYJoHR@`^Pzxy;XYJk_(zMdoDb7BY!@Q0tp zC)2(gWP2db0NM+<@TR?1E)zL>)MV>a`8ifwNsK(#cM)F^%)l|J49KvU0>sycQcC`) zV@r0ud%RmbYHKLAr*=Dczo)4*Tp z<9m_;e_aJaGZe@`bMc5Ne%mkj&%isn0hWZ(a!Rkz_fTvgZXs9i-79_VG<5EJ5dhXk z{>g;Lk8J^?(pz_y{Rh{w2m`QgR{g>^Bz*sb-GO-v9XJ4x@y)t z(TLy?ld$snhaLPMbFAh90e)>MgmA0xt}@`8qR%AEcCh_@_m5_r16DIgOFTh zD6L_CALRKnn*U=4|M)kd>jzetY##w7?p%|eIk6wSN48I9uUQ`)24;xuzeo=Q9A-^h z@7lPlG9?7@+fq#&(y>oqwE1<&m%E`CmA;?PLEtv-IW%(7HQ0ZktygB^^>WD!Lp{DD z>LPZZ7$IPXcA#!SzscH3s3@zqSGH)TS*1a6d#!}F`B*(GWO0l_o%n}R=^szVw8w|@ zVJ9xEq@{-rp?`5zp6`haiQ=V|z0>l2(_4Eoa6eC=adobfe#iO<-C1byU1SIZ64b$_ zL?~NP2xj@0+|*w;``dR%k@q~SMa5Q#jog6)YvY+EM+PJXdA8fe?=l2Q_HCn@><}+S zb~=7p1XHH69vx_`MUzza6+14m9_{}F*2u0}mOX6E?LoF8Jku;kPr|Mt&?8E=lJEcHRCT=ymVFM2_Qp^YxtXYwnoqGG&Kph@o7>5;w!fauKrO3 z|3`3zo`CqzGy#Fy6^4JNb+0`7M;Sr_f+$A;|5fD)R_~UyeiHDK_PtDj--^klYQ$y0m4ajf( z%I&2szaP;3kEaNv{Uq^8pslwxs~^zC)l1S(hV9Q1lKAu=*#c~=e-`m}mSHo})L~U{ z^R#6ZXuA=fk9>?FwusL{pyGsfP`1<8Tbu7%+ao{#)%~Zc0^4&DW?QO+ z*Eyno`GOwKZES3Ofo?GgUSt?Y#mC31R^5L?KuF5^*FR6IshGG z`AtTRZrYUGzhTLW@2UH+Nw~hN$o{5S!A*R{Tubu88h_n&e|D?}Aumr~@L!AgPl-My zyJ@vzMb_ARbPasZ}NKL4e zwNbfLLsbO{2N*R3Q_{oOE|&$XpjUj$rKFw`gxzI(>i#&w%pvl_rHy;@hp;YX6JOE) zQdm#>Xx>LhFQtWZVQH)mF4s=3=d8c%C=E)_K3e#5pzROgZ@#=b1JSL2u5vSlyoifQ zITyx-=&0bJ<+>>b6d2_S<# zjKjpcEhKFzH?G6}9ui8U+Ru2IcsZ*Byu0%39B2kyAS=bWa{Fm0Kp4DtX zSXe&is;6pW`j}I$p>U&YovQ`;jha%dZpmi*;Ir44QhCLXSHV{yVW6K25yV-7B-ax2 z+{~|uBnEPmcZwO~xRaN;RQvy&UNI1E$=>KpJYRZ&nHEuzQz0D4l`#6sIm0 zDX(V187-BZ>$`$aF0=D_V`@J;J4#mva}`kLp5&Nu+IF z2A@JL3;3pe*MCfY+G}BYH15sZXIdUzhHx!M`1JDt%pNMElp-CW>BJ_Dp5c@iUTW

x@eRKy55&k?d8RT?AR-5FN z$_x;jAb(O|#XRoq_qw21!-HI+j&umLNG^1w+GpB(X-Q(X`Oc$FIG`tp_SFVx*c zOCbY8g5wfh)Ot5BGkVpRVfLI)?#XPK+9yAfZp>}pnl=AKWfnJ-d=~6uwa9|5vFYgM zKYK1<>kjYR#ya#0NWJX4$0Y~)G}V0S3p8!f0JdjBT;Y3@jN;q(p0(A<1y=~dQr46m z-VN@4HEow{cFsCMK}EOGsL$qK#FD}_>0nw$om>>_FqM9)lL_XQK=tC-4Uvn1wBw|~ zDt-Q@THD2KG5-dwa(MC8NXP9$f{e4TQsO?Ry_EaVZDIRT9IXv}j;BL2?Z?K(xox8? zeTPxlt3=!Ra<)dyAE~E5-C<)S&&}ITWKB_(xb6;<$KMYa@eN74Oh*36or7$`UFKNbKge zl#cs`6L7{>pG^4;7=FGLmM&V5$gOWyPIfdXZz{gS6x@CoePZ(DNugn(lPKW)L|zTW zZ7%1l-%ra6i|Bl8J|m_u+YK0l23u6OxhlJRX!N+6gq+q(bSPpFPSan@_D};>2Mf)V zF2m21YWUX&`x@)jkDp%-Ncp5MFrCZzz z3z4i31+PF)&5LoB4(Q_TUXM{0C+thR49VNoUQS)Cn6r?&LWgrQH~^X) zMAjRqi@A=b)+DoeaDEGiI(JSpVaAh6p4tgQBLl#Z#bl^K{^IwnS#tiW{VUMX`oxf_ z$2MOB3i`^gXXS6qcpZ)XK8YFZ`X$5SGdgbXnl@b`;o2-|r)>kXK-3=DQ7A{QE+%gq zO?mA;%0Y`Fb$-2-SbACOd%DeZYI9;h%y0!tp(i)|V^4hyb1TS&zG3pi@KIKvDPg$3 zC8W}qp*8nRLg>-bp(xYjehLk)N|zR=<#2&v6|I*@xm?JTe+rp1PZPxk_dj;2+vj$; z1)ly|+7}mK3c{UN22q9-YsV^aCpo*uq>7qn`_J$#&$&#g=}C4JuBk*5SWf_hr4~v; zPL7rOJ@oQ4z>$S);WJMy|oNrg?>%mRXpv#UJ$jhu`Lr%%cSFyW0M5gT z!m>^k&qK{e+SgbdZ1$7Ne&4G5;*>n&Kd=ln;p(xe+Kp zg@2%rqq)LbR(bbaK~uUR?wRK4pb)6qs+ZBnd>H0=y2yDZfGapTf_NoY&x-oGF!XDv zuKBke^f3gq=-F@1cvvJ^#L-VL*8e)WY^u@;yZhb(v+G#@d9~S+ZV7njUNmGL;~Jiq z(7jKpO&n3GnBwL_7+w@k8S5H=4du(%9!b&+H5ncGpaJaw%Ng>Gq(UWsklje{YqaGr zhB_${2WnhV-rlcQSIbUo;%Vl_Y%JS8H+|@-zm>1Hmj5<3MV!A{_LY{UnYfYE+1tUj zJzP&W*$rjT{Dy_%)u?fi?R3K6#fzA958B`}>q?TI*wL&&;d@@~vX2d{9-p2CB_ZLx zk{-NW0hLeVktP(=-jl5KP`}BUwG8t&}7Fj%T20rY&=FT1~)f z_0L`;t|p^JKQ_Gtp(L%LzjW8%E^qVM(=&S`B&Rbi1lO$ev%|r%6^Y^qkM-zisL$7p zEz_Wpgb=@PMl@bH4)v;fmUipsJxT69acNBc7rQn4AqEF9I^?P)?)Zy&4dFuhswWWM(L`MSi(S#2N6T?a|r3vvc) z-Gge00JU6+;g8kPBx7gu3RnZns=E_sj)t2dz4}elM|Mh)*BGlZk7{pgZ3&L|K^s@J zo%+qtGEK!(jv=p?3Vqne@{X*1TyV){`j769+Y6PS7bt7VT%!E(X2dV^xGz56k~HC) zKh8PUm$wmLxG(PGj^f{xJ8KxqY$*Yc2QP<;Kkd3A*!8tnby~uPc&?Nc7;OUa-p~#d z0gv-k9k`wgE3BWr9XRnvi`Ggo)A;oNB!o{5r&!Oy5~|6p7AoxFojlaMZXa z0M!Mft|PMLrVee2EYpYN(0-)V%buA`5^QVPV!SY-kOIaqOm#gEZhgpI;_JpI<7XZ^ zh?_g}3SAJ9=yM!ytV|k*Cr^%WaO%*~xNn@pvM1Ud{o$*8LP9GNA4dE?_zybrqUhV0 z#FM!-%jW0%JXlsgNlXtwv0mPL!(ccVtQ#T3ZP6I-xzby9;Hc+pc~OL}VYe%?_m%^V zIUkOSVtyWpiq20xudwWRmeJsXNS0B~8BWzfhc3KPK6EV2xIziNZ~>Q8?D;GATlYYV-ZN`5a!C$YLY6?Y6w-2| z>L^RMXTazNxyG?>j)$n3tg{nt;f{lB?aBrd0J=(JSoJX7*JIO)LJ&V(@ToVgoQ5b; zQESjn|7wg&e5IaM@g80O80W3uxy+s}?HRuUY2QeB8?)Yh_WrlUVvpS#ZXbYM1(DYvq%AE{%;#|6$A>>9olp_!~^BAQ$ z>GynbeYrv6{K0E8nbv6Xvn+qEfqBym@99)@^7$>6c*9zyXO604LWL@v_k_8NTTdP| zA9qTIU|m0*G=}GAw6o0W5huEH!AM>YJW1t5?W2XAl4Hlq3USKr;={g$pVi%WtX&x| z3w>a(r@jr3J#?Ov<-=~ZI65}EKtz%ca37|N&$gk}8&Rj*@FQib;ab}=oo@-CRK=g| z0N$Teu}lzf?m{xI@y@M}{%Fe?jxDI@ppHv|s8jUkh4a&`H&C2X`Qi7v#cfjqZ2hmy z%A?PLWhGnzvQa9|yAj91c~B9)7P|43`Fp}}0bZeO`R)&aIE8^?ym)b)o%6;W^Ns2L zX#XNx(@#aQ>AzC@B-ZuZ;;vn~yzjZ?E|P4c;nDT%=-U=eO%gWW?whgD7Dp`a#WSXM zS?|z#Tcl*B&ki`2{&7$y4X;UV3`30l2ypV{`D7F7jaHU~z{S@_g@82Bc5(Mf-sx?0 z=+mszXqc@{+DKzPd0-0I_mfFLO~2y4*Vb?DJC+tOS6kjFM2M^z>bC>C&>3VUc=m-J zmD1p=+Dxk?cQtcG_H>#LeIIVXSG8CircWBLzPpk_g`PgI08|(RGLgTR;cS=@gvv`- ztvPA%bnj)Nf^7(cm2_2Pz$3K>XiEn2sd$c2>%tqqwwAC#R zWIf>_Z>-h|Jyn$H7Yyz~cqHGybJ?oW&wz+g_jh$(#9YPwiql^~6!pO)re5FV5bK3x zJisz5b7_C0e%kYLVg_w))3ouswV_^_<9$EdGEd>WB_m)h9-*^XF@F4F?uW5HrPdZV zE~W6oS)azNi(zw-J8ti6Z@9ewL-OZ$;wox@j!ItIk>C#5~^81;f6fo%8?AGr2p znAmHXk~VZ)68X9;O=1Cx?blmW_t$jDp%}kPz0sh#X>z37L&>KPQIu`sRL3A5NgJ4LFhHtOGs~ZWu7+=1sm{w=R~)x(z?0Owl*81&;&_C4dFu7+o~^s5 zJ}kh$E@b$Z$JA!yr!&{K1U#63}y-_TUC}8zTg&f z$Y(Q+TrUt5=J&Frnr#aDAMg|9q1UQO2I0k_`KCa*vG(<6WR0!bNUB*{ zy{gY@%jpW6*W&cnb;0^JKY2535K@#{bO*b&Ykf~%y|F8oE9!ku02Cw)Fikd2`KTt< zw5taL%Wo z-R`@XxfVPHRM1~OI(K$jYIciIw?~l?P8R=|x{aVIYboi!R<;!>$!)qt$ZgnEX3{>b zt0ZG~mu59*!_~`2G`3JBUkVryYdvla1B6~k@|iR}lR9J^rDm}tR(|q}-G*~nz(9?f zr#&wnGp9q@(C8)*rN4Fha!7>w-hQ}&>trQQ!`m9AFmj!mFxM;2aMeYjRXhJj7uk( zuA-DgYpq8>CJnY3v6<2W$c%=&pZiu7vfpy+t@(&LPMUGla0YRr77st{UpleJdvVh1 zf&$UUPkahWyl?_TIx$6e25nqrZ9kkQ_nmd_k|0mjE$Xlt{jdB(YH0!uL#+HM|0ZU? zQ$QTcEK~NGT?Ks$l_#^db>@q1X$RI6)+CV^)D$dg|KJr(Ut1<2xxH8!&VHHx;KTXS z?RfA+k-nLBz)8a9_W&^2+w8;puNkLnHEsh@8qo7~M75RK&t8SgW<_{F>^afzkVj?- zA~>YW1FyBX1GQw})XJR#8)1@?$u1`+9he>mISNqZ?O5<$XLhftd@<_CF=Ds8*=9UE zI!v-etK)fqL{@*O*YE-TWp4i|t1;=$K$l8mbXQ1}=te%Y7Cl@SmA$!P@pMy`uIx2{ zT&|Xv__A>oPu-86a0JTuYGs~%wKJ0lGT3ELAf|H;)j1D&iHqP8jkAn zF6r`@_i<-7ArZ-DsrK~c^^-ox#Y^`Txhcnq1IJ6}-grP!iu5L9?Nv$5zj19=RQPQJhdRZYmrWP{a7CvHx`5zq-o*bl$(yn*V6t|CrZ5Q~!Ij^+R`cea(S!Tei1y8Z! z|H>=45mwC1s6iJUeftWL24PtHC()2B@LbfF!c$ljQH4s9F7(Q zl{|0QCHu4#@YmbH;)RGabyvR9iQ=c+6k%_`fgt6&4`r~6-*NO!d$mG${Z-Ua2MHPZ z-`n;B9R}YQ(LWAtj@)p9Ab;v*9|c*_m?>Cba0soc3mp{VDKK_RHLCU z+i00*xYlWNsBi?93GvSDq2n^*>K^%P{RQ1@^x3b6WeL#P?zO%!K)R4~SpB9{S;qPO zzAp{$=-ZCMB*#O$ip*Xq#wTAKWUcU;SB47A>8LhtHouM4GOqQ)lJ!eG6dQysNrXBf z$xO0(GjG7|vXj&JVsO&n z=kC$j=?hobJFc2q|D#*8J5)(35cx7)6d%UrqG(1>30j+&hb&$X*)DPX-ZAoxBG8AO zRe#OvuI{FR%vdGB)+_7WkQ1zlJ!$sD75QKEL|UBgS~y$mBOLVaQ|((A4HFM$ECIKW zli(0fjm6xTg*>JH(~vS_No<>No&}qHu!#N4JwCGf$Ec_#tpBPzx$9{YbB=xcZkp$zKlTVPDv+ z8s>AZKbb$3#5hzN@MrVE>nugHkS9@gXQy=m%Y)#@+ab;7MPYO677Dp3hmL*Gg{O@e zE?l!+@?MLQ4|X{2>R8A(dWpchV+?U+x2a_%Lk27JQtKcd!rnL|<+a z0~~g;Wt|Llo{eie&Bb~7@ITVvXO=j4*>sxh-0rMq>62A$JZTxEz$ZDTcdhs)t_GOa zO|@0BY2WRvd!&|J{op1(GWU(}{KXMxR&CEiRpLHF!2T5RU4K-9SVd;BtLgd3sgGWC zn)hf7P7ds!!g6=xg}i2ZJs?{H((E0S5|SaQzuu5Nn&*fcSkCLAb_d4Dx>i|CU#$TL zXtMjQx|?PsLq-Mi1J_KZh)UI zQGqX3#7+gvs48(IbYS$|*t0`opjo{<$kn(sI6QQu2SctX4rY<8LqMZ~0Y%DsaIQ4d zXNKBNn9*NoAHmAxAj4TR*Ofg5GBPrFHH)^%+i<#1!39$%;tudu*>tlF9#OE#kRMeP zdIAEcKU@pg_otA&TUDz-c!@Y4%-?i$(e~=JepU?lRg<;_O0!S@EV9{W4rdWER6zHf z<(`|ehYlq@^}oAWBHH0y@4dNG&;UnZQ~N?sqB!A$&O;sTHtC!$zJ}1P!7snKoFc|p zL4yJLT9$=-C8d1esI-3KlZwywm@9q8wk0%i5MU{6dsPwOCan2WYG`zWpJU*}w{pM` ze#-u35ZrOj2-iidL-<)njjpCxj7*3!ET!G&-mxx?CL(-IV>DbC8@bue50%vusn?WH zcl#Dz>4cmdWD(U%Vp655}hilk4l-ELCKV%nY$g3}bvLo4m-AENAB*7Ayd) zUvs-Fjc|?lgj>fP7^ze&ujh=O0&p*Gm9ruX_sS)VCV42}qq~CJlRGypPq@RYn-wwG z-;rzSUsqbu7<6Udq^{}dE#?4#90fZ6Iau3hPvd%&z9XOmt4a~lkf$jt_17c71K%)( zC`!kr-p^uH0xi)^RfZuMufZJ&@QFB`+}A$9J#vxg^a@|=NhS3VM2eJy`!-GTn~1eH zrpe>_a$Zivvu1^+*0)xwpNWsBTJASIat?_(*N%J%9Q@^M3Q@6Nn;)0snVDF}`R5xw z0W`O9C`CG*u7H#G@a98>@1N$RX0whn_l=zxvu=;ZPEFOj_bYnbL>$&<}->EZ7 zEbJMqN*W+1*pYImF=anhHz|9u1k5-}3(S@*LoXEJQJ3XA^cdM1iG}v8;g%@TQPLaD zb~|J4;Le=VRImyi#ip*==LKI8bV}%;z4ALHK5hEf<2`2~(GdP5bxw7w;V&uE;EHy7 z$zjgNCB2XN?g{J9IcxRGK*`JCIi)6T08481C7sATYW;enf#~0>0scz=9LWFQ9fz!i zq>2^LlN&JziSU{xaY!1_enq0_V}PCUSGQG#zzmp#lfj54`;*kJ)EBFn%_SZ~^e0=Q zgp|}a+0J+*H?9d1Z7XDgHam&~Nyy|h7jtZ%|Ckl_-G;toxza*LWCj91wxM)K{Kk!p|Q=*1maqteF%SJdv4*xCoL~ajEfYR2&3j1n2CHGb>ONQ^~@c#AYBj$~{~D zDQSb@S#Rm6HJsStdwxDSHXm-tm~na^5B3%CiHLy@at^|YSuZicIB_Sy2ldawrguRt zYwP}jNnjJpL58_0BR0_$x{uSvM>=uLF+T3SZl^O&*I^_Ez0dx7-IMUSQ<#=fqkJ>V z3ybOb4VY@$&d~z3Jwi(PQU|zoTO94MHhx<7y1&7;b&grRs`YM_*ahcu*3)S_6?!C-a&Ib>yy zbJt3Fq)i)~&3Qm56S15*yKl5DE6s#c4t)AcN6vD8WK1GITh1@^#l!KE!nfbU1=6S_ zo-{lDXr)V+b|w=VDzrrtc@JkUl)!c$gc{P_}Zk2R~y5% zHbL&+xb)=c)ylZ_!4xm)Z4W);O8|p}{LWCxCyldMJxo@snj=|~VSYMhtN?i5wm;RP z|I`N|4eCr?U!E@r6K;p+2FxC4B7HG~ZR~iwdOd%aeQE8MuzFRzDL1fACg5Kv?VeGdMT>!-p8g8#I;HaryA|Ix&j`a6ES-&oXn*BDp3`>}7l-`g+RG$`)Fr=l@^gf*8F$|1Om@WL5mwQ+H*{B0q=AIt)?pV;sH_sX^B%JS(%_ce zgl~kE==opHo|^0Yv{9_)?XMM{6_L~#133bY;=#Gq_CE+Vcdu7VvJsoh6_hU8bM@Bl zJz^k)#=ofvq{9U8=gV(xjH!50O&#!#U3^&?ntnOdZ&cpFUF7>2dTzZp_jL+66>1CI%)&-#$G|`hr(``;*jfD-eb`J|v z1Z3R*LbdMEoW4MN_TuNr1k~W~(UpD^WJ^ONK%gibY*2AV{Mf7oQJHv;? zBpV?07W|)0a~lMl7Dq*!9m)x3j`vvrhjY3)<42T$;-i#DmM11o`WTKv-y5UtbzXI| zq-TZ~OJ3?oS*GJ~N;+X8U(2#QYPo>){r&@{;%2Og<79JH+3c&VvcPtSf!jA=yTJ^# zm|kj$rezrFPM`^zHS8~A*-zDOA49K^WX(e|Om~0hHmeCg6?;_Ja;59z4JtTOhx1h1sbR&;V?!A^aKX>~{I}%L zI_5GYx#8HmH1b;KO^}J32J65Vc93+&Yj_|N(%=PQIF0FTXzUxX3bE$JcT>G?jgh{J z3{e~V_d>6JfyppZj$_#E)No|coZX{Q{e2Ye*w}O7I@ccM!Ku3rL}N8;Cu$UMRNGLQ zF55mk6}NrT0vc8VDyp0){i!Yh9^;|V7fZ}&l10@*okzb-rVCq_B?Bi4o1_f;1%0kj z^O>4&cZ@6eSbn^&Y8UJnA963#u!g35I1X7UYDXZ+W0*@jw%MQSWZ95Y7|K_cGQ69F z(#LJeCrhiKTuxsiKxHC5rsRgMqv;V|)HhdNwMOli*?m$DsDw#zyJ9k5^nZA8i91*! zY;SM(d@oY}N>*#o#X$2;@JDA@^Y!Fq()=Dqx?7Jb4J}d>>W}KIJ$hDMF5Ml6pGm8V z5k^rmjrM+K$AE%YtX@KXP}od%;rBn8Q&GhEq;D@Ey~U+<{hiwA*YDB&^|bEKaOZ=E zVHX?Kc^{fc`AAwzn{Xj7YLqv}zRs<4e_^j-Q^5Hgf@Dl;&jkFxxRh+S+=Hsw{2lm3 zM_%yWR!MVwyRV&kFS|ykg_0QtkPDS)E&y!FbLbZ$Owq&D&AL*O4;K3ehX1!|v`5bbSf%pcDU_h$jLc$*d4n{p)DLpW%V{ zX#6QS&c#ptf78~RUup0G)QV@9Lv{pVuXyq2hv+QLBLC(<-u*9Ggjm*KEOT4u6obj^Lr8z_7@5t}J5y^JJ=pY~$(IKU z@3Q5a6iLs7+mj|6j;uk7nMu{3B8eGAGukYCUHT$b^F~7TXJH$`4|#jobv}ioIV!k;UkJ= zOOqP^h)b!Lt_G<`ax4^hGc)%YmlSY!oJP`%SAu6sK>^}?6^ZzBaVoS=+LnDa(`r;( zVlziKZ*n4HPz!p@tDK2{~8H zb!j=XX&NnYX@j-l5Bp@%-UbkPDA+C^fgbyzhZvO#Ko}kY4Vg{c_$!~Ah?E6oE;BE; zH=d6BmLUU+W~xQTSEzT93?mdxae*jLGY;+rrHZ zTjetm>ZOOK+hxJwdjVr^%kNHEhIuTQ@>+H~$0suyz>V;ZtPjC%vR^$HtzK3FUiQnC z;=XSul9HgvueAWeqzYJE{iG+v{=tFp#*1x%3$JNW z|2{_Gl!uO?8_6#jFXkjnIV5&=8tiv1#mL5QMzE)Br#-r-LN52n4IkbNVL~Y7(=Z$S zV(xITo6bAJJlHZvh6|4sVTn$ZS4Q3ydg=31<~Ks4rNr4bl2>9_3Qxcd=x>;oy+=AK zJS!BjEjtRHpa?;ZL*MitbD>oC-yiLK-}+R19ykKE95e6%l&-;@_wUs5Rtoq6#c zIqs-)evr&8jkb>{d`t9zAGn$qiSz9-7V=3}?%t*YO*4KXZ7G#&eTasNnjUNuvn(P% z9dI9*Nx&Tu1{Gi#dp$(${sW|V6?do_o%U(XB9~91)4u>~svd-gam^BqC1{3h!JW?w z&B6QWvCL=cup?JQxuaYu_UmpykFc)>oh~Ws&cO8zTxo~o#n)$)rK6=Tg=&4PH%snB z9Xiex2-F4aBTWuqJymZXf%#_u+~YF=xr#IyyHB1pm-LyQxa_&SW>XN|!dc+=Wm?)w zYN)zf4eP6P76MkvJY|pGR!f*h6+Jj&T)utx>DRSS@YuDu#6+w}(h-8kbGNtHu+8b$ z?iMj{wpjz@W(;WqK}U;YJ{o839wgYO1n1L)uW-$bXhM^?@`cv)*1mnXY9isAhY*-9 z2PFqg6UAk#X-7X@`_eurYTHlT6mWN#2jIjVTxP{I-KI469UoI1YEKvc4OIWi+uy$o zkem-{HNV~ztag!kXt=VM_M3m7^hjxVa1(vJz{ugPH5P+|jR6xpK*jt;&z0jJLptZT z)>z8=k1?L^YLzL{mU;%oteex#nu+ZbWpF9%ddfvzZM4Kz*pICB)pWh2{v^S-F}p{H zKXSv#UiU%HAc9AS`K{uMThBCH|FoB$+Alj}?P*sJ&V8L96yJ!%g7-uSX;ZW|M)KC! z>t18T2GhmW{LL3H>K^`KHZtT?P56jF-Eh$-UqG!cu+1Et!}vD1E^zR6@N8(?Ia&x{ zBb6MpeL%DfGL|yll-oyq6U^!V?{@(JVJ@W2BH^>X zVGTU?Y8Df)EWBT157z4P-hIu3Kk)N?I@E#kMz`T3L6CKvXXpuYdVWz>_q|9;Zv9hR ze_Id4Pd$>lkg$gO@|gmUPsQM%(|glBOkP2Y(LGc?!UR^!7-7H8EF z5@(~e8X}K3pOe5594^QxH2Vh%HT9WkAgl{JEw(AwXRl<2k$$v2THW7mt&+rV-dB_w z9v;4D;AE9Z%N(E?Zc;a_#vZ?x4KC^HIL!ODZ8j3twvO4{@|iksZ)o3sg;i>Lh-t4{ z>(!g_rw1`%fS2e?cX;o>0s45S?!quP1GZ) z5_5Y4C}x0&kjAHWr(A)UNw)A}=J6Ses*cahmRWHLp(}Ccc%l%eHW4h?_sbBMQ)Cv` zdr7z6Y5FFY==K>CO$Bb1!4lpXyZ1$PA1Vt;DS-Nbp3E92_x#4IJs;Wx*uHPAf?r=< zTGZ9ec70g;u)Sz|Ipf?9+18^UA=QWu|8?i!ZQ#aaito^Xo-h03)r9uikYn4{K09ro ztQ7BjW@MckSgBuSZQoEvwET5;R4onGog2Su3Hj)|arMYE=r9hj8B3yHyZpFmHe>Mk z(e|Jp!&k}p3FoAVJp)aSM|6I{Rm~wC%KXL_DMvF4+zSg%65Bf<1^8hoIefpL&*V5M zg##)1c_OgubOsA6whMkmc|#WI(HgR)`^)o5wYoj7(nEnSeN+K!;;J+GWQ#?8f#gBG z21^N5w?Imb3fD5}v8mz4SG9v^3mjhS)Us68utOHfR!1Y$HV0d%8VsNqika%G@))`& zP65R1P?~tkD%Qmy*9|rfKZs8K2#Mr4JpUL?I;JAiv!?aRB>0IV#N>sj;Jv~t``YLxWe&{Ix6two@!~sJ<6GdjM6X=rem@+) zQRz5UJ3__Rb}^m3(m79F5$S*?!7K;4-6y=*&w$q&%K`Vd^4EdmT9(5knb=!O6!{5djDaw&dffzR<`U{(d*@hHIM5J7PTcIgwflJsO zy<)Dh)J|QS1KQ-yoaaAABtFeultt2^dZ8*V@o!!E#X*S;9vYp)MNg%rWU;Mq=hOR( zR00BydyQJnv~C}Zy*D;&Od-Fx2EDYUAK#;6&IwCAVo-l%Kb-2;VuU|n!Cb(zR9JOY zhMMkHj^KCDxv(jJIXwsRD`^tW<&}oj@YpSqhw#w<$RZV5COkss+PtDLz)~ zy%8ZUXSm2)>f^Xc8u3GTP3XnZ+tN`I7nFgS5KC}F;id}}$zsjIrU7xxvEEm^>^9sR z`rmQ~>%;YE8=`BopT>r3BlMPbzhcGC%a~78bD%8gemjw)ubf}qxhDcJ%6n}|u{V&* z+R-86jegShAb0ve?)&fN4p$IP3map6o!0L?Hh~zqa)AxJbrE6)qQ*bHt@T>+cB8kg@_0ZA?B>3^I&o%Jo7)5%>R^v6kj-2Nd`*Joi1yZEa41`6-0bboP zBi}@)y}KSh-7?-Q$upE$oP3UlmrbS{0t(*Ny+%C2Nr%>HS?uafxex2+xc}xLTX8O0euY z39v!iMQ|Gs^RV|NU@Spoa0ZQlncnL5i~*gCn4Bz<-cBRS$QIvM!qS+8!WAqBvpBWE z#)|3?68ioqv8u6?ukY3}wm!A?IBt!`NIFX!@&FNU%jU}4TG@d4H++Y*hda8{{+M`{LcNd>+E)IW zC8*4V!{#kut0|+*{)juEMtNg76$fP$GEAxrffy;seGN+Igj$q;zpxNY9vsNqa}&|U zDtkm#Y1CY3Kn*fm9I|4wTgu#vYq<~Pi5Dk7%8cd6kCitHM@Dh68jqnTeMe#>>H2>a zX)l+wbXRBV_OEU7)x5S-&?+CzjaCs)4LA08ut=6Tp4k2aS)4D8~|PnqlgYyg9t6(Xat zUzHFg#t|bvW>a-KHk{BANIvTBLi+P%3%3#~*{zbG-5JyfD$SzO^+Js&h!9Xa=$A3S zhBs+VOxBDL@@zwPU-(W8mRBV#p=@%AsqF#*7K45eNvfM<_N;K}OMlI*d*1z7lwQg) zvYtu0^bM&YHIJzhQ@|8|zg^kNRucj2)1FG2f<}#aO+tE^9X}HSj*~ zPHRZoV}N=LY9njEi7&<5_~3Uxd<@cq<<4M_X`)K|RGfH@fpx7vD_gOi2KAG;rS}(9 zg`8UxBFBsFcoqBTc~rip7taF=Nzfs;1A2oqhN13yv-cZfo%<#}n6&$Yg0>>L>=$U^ z)%!g~3S!fxYhHucpDi5>DDi=^g9;AdiE&F0J!rR5q)tM7XX={IaZs30ifg6Ero~v8 zHjvWvH8VzdK=+w9TQ;^|^m_*V?lO7bHh{mmU>QD=n!D~ABsNP)RlOuLlxiDfZnf@~ z7(-Xl?{oH>VsWyFSijE0GL5&ttBrnK3Ua0Xc z3!t~`_2@SeGuE1@3ceJL!?S}nFAFr!hQ9Eq&>BNN?d zuKO2=G|9|Vq~qumxW zJ`WF%^4^6QC>~88qz|7zINjg3V8_40fqwK*Z`PYD*LYE?Z+DbneT5}E7FEM``r}T< zisN3UT-`RyqQp0AtvaB!TTqVO{Db?W@j(n$&gYFN$=N^c%it-brRcUJXsd!_0SUmeOvgB%43pzChF^ zbz3$Sbv{hw+W`@z1yb_TYF3R{4>0(ZR}h z#KrYpB$z`5a?jXM|n&21P-0U9o4S4N{nD)@bS2sV+ex|ZI->WZ+GU7S0%{GZ=r z*_yjM!RzplVNjobSw(k)08l6 zVoy%zch*ziIXYLftjGkwXlCG%p=T~{!%;L8=h284y1Y&jY_4t+YGh;EunqEw+7Dfuluqvk!(Oy&S+HjB}cPDQK|V;2CJ1|KlXtN=k`+ey8@1?%qyQ?GU%bA63@6n7HaQNFUk^k?4cf^I1z$i znz${>{#A|myL2p{CS*lQc@p+)Mdjp1jmWE{ z_uJ>5{rbA__2gP^y2Kl&a)I`QDc@<%cP#@GXygxrQ$*jz^So0deR0V5tDXA(`e4#> z0^f^XX8GIly{|W=j!fj=%VXQmpaat_a4Z75ve$8bfeMmMOA|&(qXv$$B!pMQps3I0P?@=yx*l4^1{4&-qgsLpE zaNZ!3?QJMtl{4nr2+!o2PFweq@VoZa{pSad_v47DFi7nxpQHBYDwp{pijtrsniame zUZTT#chJZu@mvT;(7Dcr33j2UV7@JOy;TS*(w7~YiL0bKvKnrb`y3Dc@OpMa)MWPN z_3iB61KIG#lLlt3(}R_dyU)}1@5iIGIWvhAvJN9^7VPc}6{7Ga4YTf9NK~8tNrpNd)FPm+nlP2@|=+8z# zh7xq@r@1(lZ=>}=kvolNGflIJQCIw+Z_uXxy&xHt-(IDQJFA@Mk2KP-;IHAOAg%A# zopfJ-&SA{Kn>Vp%lHV$$tdn61NCS0@B-uq^yRAak?omCqHqDu94sZaBO z3w_gM;T}Qz?qR6w{oc$7=8j3er%NE`Gy>?kkuD7KK^e$vZ7X%9zJlmCeTth{|Fuu- zL*LhTX?cO1*yYEDvFe$InMZwCjoQbZnbtl;X(tz)V8fRJ_h3d2%~Pu{M`_A7z}r3I z5Fu?Pw@j&E>OjiMXQF(&H!(p+uQo2EvfEV4 zgP7mT(l=@4)@{m+iC?rxXfV1M!3jK^3WvXjsNDNM%zb5CTwj)Lg1fti1a}DT?(XjH z5VW8O?k)us9xS-KySsQ>!4d*5^R*=OywcBM@BEjCV~ zdz~VY7$6RgH@8;V8Hp-CG=6gRG@csz#usBxfLi`6G=@nP8)*6F&y`FGv?h5IBg;Dk zW9>0~UCQu%@eT9x;J09ku#ggl%Trws^^XU9t%PQG*h6tH;-L26)~IhQXw^TRV3;vDIQq!SR;s}AO~4q z5Yhk~W5(YtK{(BDHtWT!cIw~z1n@j&m;2LRP=4lX#EY^ws= zG*nlRh1H;Kxhv6K8$;%)EzU1&n;%Matd<&hGb|?qypZ)fY%~&#fInu`ZHHL<_Yc9$ zEZ1;xU71Xobm1fY;(JEALo8p}vD)-TN7JI%V;Yw3w!ZL@XKpemYpBuq?QZvrhusf^ z7YP&>de-b#gWr7B55nVJXF<#%Srf&&Uf-O26#I>Kg_2-KA|}F^w899 zY@U$KD=PS8cUT~ngaz#;7%r-WnA=gag=A;&gK%NS3mpO{t5V2qF(nOyUcN6&O$=l1 z^2^{v0VsK9NK$(sYzVNGe5qjK8^H@&9x^qiZ6V!U;z z!+p&s4X3-Qt7~T6DBpx*fbBXL&PVtC~HQ zn}+*@*~`<8COijPEL>lG!P#=2}5ZB+eG@HUZN(yb%tL{^Xy`++8!D5#O& z2i2VnADB#Uv6>3nlyJ+=-&^ELNecJ`HyL=LDQ&-Q7Yt1s>92hd6E`K=C^<9PhW;zAlUN|#zF!%{kfL>UbKH&Q5<+RjVZ z^h}JwNsq!5za^V=b7cb<2viTr=}1V2Mu&NWu~}R0o^7VjF~Op&GfKPr!QhkTVx`jw z#&Z8Kv}a#R7-|V3ByAR$_)Gi)Za-X|Ffkba;fX9TxxGtwh2EwWY# z8C8k<>)ndKZliHUX$Q=%O*qw{NcKK6rvf+*~k8LmA}7-Y(0dQ2c-lB3k~+=PcyxlUjAN$ z$tN-Sl{w6tin3v`d#0g~rz8FgZB|Ty2fzrYRX1SI2^?s_ftw7f|MU7RvNl^&u`Myj zNamBg)5gW>heW4|KhV!t`IR##gtC$;}eY$pi<%f<&v|?BEdl z0feO@D7miM_GU$J1{tNtqd4+hztSI`YB2g;;hY~BG(E$DgdKFn%fAlLAIJEj2sbsR zWrk*!H=l@vBYHLZ4EOt7)>-Gi{9)bE2P-bvZ%+m@%JNYJ3HxJj7uxTpZC^z`mYb>5 zm-zIQ)_V@M`9$l`r(nQv^UjZ*E_Kdq<+Lb>LY-Xn5j6@rnH(eBQduegD*iOGAE|v4 zqKIL(_f|UA9G7_u;kO#I+n%8z3-_M9u$Mn^1#o7>m^4Y*>h7! zLI*jSM9Z~d=Ssi83DTa(Nmtq$`+CVbI4Ft_Tx3L9m9=1x@`)3gmM3cA?VO}ktOf@g z&-Xpte^X|Y<_@?lEq*|0_9bO=jq4d9sJbYsjAiQj!!~Wj?LZeI3r9%)qrVL6Zvn_) z?t!9|4|KP8Ekn=q_AxmPZDT>>8KUjWAibSw{62F$^U$vKQJPV%8+#OrH}aco_SAF> zkBo_7+Lh)Ku6YVPQ=`#nFOyF)>*Fqq)rF55{Wx$`QnUK4%eoBA4o9j<(rX9r_@%;0 zdXUw4J*jyi$PG)M79ba~cHDHE>{S@QXy~=S-e_5Re>v6k;zDB_SF1YGMAJ7z_H-*Y z49H-8k2*2fdT;Mhr)Jx7By<+9_A6G1e2DQZ*WqQPtzo>{oYtk$uEJ}xcS&fb7Ty@= zO27GscPd@z_t9*li3(Fj^_tW`)00Z07Q#BT?KY9k(;66GMQmWh-iR%}d#}#9%>9rT z3W)$zwl(C1RS%_SEZyT8on5IOD{Y-t z#|_5&Xh$6d*AR7h?a@c`gm-cYpQ57qw^N)>&>BQ#|B*)hBhCOx{0&8jb|?+^F*s3? zDBdq4U{af#p+-jNqF*`@d-EDd`W+h_SS%yEjoRWe(o+p;sgmjSvus9S!tPSA+jqOA zUaFG?4bgd6Uwxq$ctv2yY^!R^u3OA$|Ss>+YJK@;%wZDAubWn0LOZON%khu*zM1oK3m8f>#@Dr76Tg{ zWdgSp(b<9(0AQ1Xv6r^2n|`-bdVIoXTh44y0;A_ogOG8{f-+w(iGET=ID@SbTFccH zq*W>${>SUk_I_3*C&Z9n8BReC7(p(r&I~b?7PAXd8g4(^R!^9?#@pt;e$(xiQ&hFd zE{mr0rP|iYR`$I5!=7iFsN7&f-1h4*;9=7LkA0!3mb$+7{5@aH^o%(u?Lr-ejuHo_ zBZ;5M0A@0DvH8x5#T`+CgMqG5f0)=7wPS~qSd+NtTck~%KEL;!q#~wfl#VMgokeKg z)$Oa&Ec(TeLLAPkSn`sLMF(}UvV@M1*@|hd+Da;BYoM0r;IW;xzLg;8@-+&!g32Q2 zY^rDL=NJNgZL#fD&uOJky*~ri_Gh~vP3tmR3QhDCK4Z(0KGOs!;*oJ}V(^psWboY5OPiHW$J!Kmud&MuTq^U&K@z{< zzCmDq1T|nRAvxHCZn$lvovv2)iG8c0uST|&M{w{{qoH!) zNLFWpJzWdXbL)Bm170=+f4T4!5ZRiyKc{jH8cufBE)u4C`knykO%rkk9jMb zW-G5HIbFayn4kQl{u7W{CNKmjj8|_czB>0E!t9V4Hd&NEV(EsIjXv9mMEZdm3;?iV5C4YJP+xbR1>qG$HA?`{#d*Br@? z{X+=o*zfC3ST*E+qQzKjuHvtlEMKbDlZ_g%<(T|>hYn(0Oxs!dR44sEEZ>j#m7o0# zwj&ynF31CzO7t6A^VExp(C_`kzhAuv?70EgWVoU)Mr4x(e?Xw73DMB&tKjrcz;n(wWai z&I(dkZ-ZeB*AXO#mf==??~xn@eI!(DbY2<5NforT25Lff`P63k{Fk0O>?(zbe88VB zyw$#ZF<0>Z`qpY?4d0Ofnik8Y$9B`7voq>>T|&G+_A|K;r>1OK=znAnL`+T|3lrFl z(H%~cyZ=MG!#3a1CKL^^u^jKprnkwFa`MisMevsa9!-d0hjO)On zv;X%FeG=;t6$KJPDLe5q>_|nUQC1Pr=e6n`JRh|BcTQII7s1*xG(OjMOY{duk39Yd-vd3VgMun@gX}!cKdTXSp z1Cz-0@Hws=`gn9*BhWe8``OT9%N_}D5}wE=waPmA;790K{;^Cp;xfEkpRsi4I6zBn zM8+$OK@M+j=9roS$;C}=?i-6qFkQpVMc+}g<+Lj(b7=0)V3AxDS_2Eex0bExD)~x? zm0n5r)R-cS3Xz$n{&N@t#f7& z6#lG}lg-4$JWucyfzMSLi4E)R{&b9gk|}RL8y?VZSDgu#xRxa%c+0ADghta}5Es2YxJYrKBg zZyF6}T_NOe4MZrW1yD`v`?o3^jp)Qvv>$DuDvG7CYP4w1_QSikubNJ>*YpVw)2>P? zn^Mh5F4a77IWgd*wD*xxNvF^?WnJHr#AI;=cAg1z9dn*vveQ6oKTOjGDTY&YcH-E{ zSJ}tCbxYa2!hRmnvkV*sCDnv=e{x!Au#)I?hM7J!Zr<;bHAT&IKZvR(3FMFU0a95^2poKdLEIx$^4lBN3upyPeZkY6`cJ z)vOO9vU`n4X*k%!a&KSYz(wi`7c(iC@l8o!1~k`*TIF1}r@Zxj8i6bm!+X>U{bDZM zNA_!70@8%K#10NM*QDBPP+~-Mtt8pTjO`p-t%%|;<6_NL0;HR7%&WuFs|E%*j6}Z! z_wgAv`0|6f4C@Lb5XNM$O^+;Acri92DAu{Z@^7G_~nn(E*0i^*McBxg&eRvu1|vRF?gpyBxtu_?H8wcE4^@ z+tC(-PK&Fj%!O;3@|AUPB;UD6!pQdQKJqd9(5k033sY*#0dtDNW20jRg}A-!6RKea z69{9GeZiXB3EnizOeE`BPTT#XJfdw%MM6XB9VY&MSj`;Gu7R?SX;NBgJogbp zbfiP2c1H^Oh;}MNSqB#@a6r)n$o zB(jx5ZYpl?9@{z6cBNXn5I_Uwd<4uiigkx-Njzlv3@dY13GVQ$M12!>#V5VACPd8g zViTadwFCTiBq?;{hs<0ltU8{CeUV&{fEMKsnjne|wCk`nemr|Bol<)J!+z(V76D_k zGl^L-=BCkwWsmWnc;eqz-bEt(^L~GKaaF+*dU9Xrt?t;KRjwFRn9wv77gPD(p6^tf zsbaoIV^`Xuzg%%DxoR=>h|0Yjr=A}u>aewUb4lvihUFnJgOhnoYpLb(0p*vm0_9VPOjytZj#&85aW&noX-x7H{&G!kfyMK_Q# z%e{>nw`BVmuB|-t`c&)cWnA^MloUduA#M@*6?z<<)KE`RLzEDFWu?CntSZri&1bac zv;vbtPFSe^t%{Qadtb09H#$m5GcUkST)q~A=g4|fW{Vhyp!B|Sz2D7MTdMys%*43J zW~Jegz6`eGkm}S^*jfag( zjhenh>g!k~5I}~u8NK30-xL|XaH&!$Lkn?77O0*+C06`GgES#aA(MH%vLX??~@nqdoZ%y%%o zDE;{aA8(YUDFCmPgQ8cPjyFU)U32FdBPBLwDd3Z9gJ>zx@Z|Sq%pVsK8#=(4$kU$` zMb!3f5BBj%0@Qt@4n5)}gDSd$A}!u?-3ElfLGVpvp3r9A<@Cn|ch zHuQ8_nv&hN=3f#asWtnJH5|Ynvg= z3PecC#X$^nxYP)AgTfE>h7JrK)~0D#B&#Skh(t_u$UN~mQDlo?0qYm|>bl{A4)Khi z)@0t?VG0Azpf65rTw)U}J`#y3RU+7JJPxHPJK%f2P$NQ#4?c)K{-Pw)dmY~zi`zs+v7 zoeHh7FEl-}FGFwd#w@Rnd1(3m$(Po##L?G(Flx$SZnvmMJ=~l`q;2q`$EdbDOAhbk zb9Lo~jluxn`K+3#=-fAMCGGZ*WRKUC{!}D2XetSZzmxTy z1fR09RqYhEYx4AQpWCa4Mo|qZ+BOYHbYYp+jr#UN6?PEW+(D3gCdZ{vcyomCMG+>` z7IvW#^o6E4e1Wg%%exvXf(D^?(UU4(dP802rgEOs7Dx1geX@1nXAX>6ex{lS9U0@2 z(6r(#*4u4T_!Zlk@|a?Q#)OMWnxFO#rhEAs&lw>Oi3^)-i04#t%k*CkR-_|6{kRgH zw}Y3hzE&f50)hR?Yul1dpE-}&8W?@4SFsq1qO8X%nKCu+8?qpeT&wLv^ zc%DgpgBy%t?bHd#WK19gO_~ye|wu zLzl!;<-y``tfC>hk2+gq$GjE&@(#7q* z!M;<~>qd+f)FA!A}nhgt{l)vav zu`q^aWB;aWgm5J=CijTwdMg-LlAQdE@q~&XkiO9qzM{?;9Tha1iu=v5glIqbWWT|G zvebk<$dJ}mUlw20NOYP-FVc(6-SkSkV1T4Aeo>8nV(H_BDm!2NspAYnfbwYbknF6N#4 zsfzl5$uzWrKF!>V=VP`xw{#(})A$1f(@W~j<0 zlarx*nipV(j7+iR5d+J-h&qwKSN#4nH||oTB6|^h%wFRIjDr%xxLx)+!oYC4m!HS^iYFWx{xCzjIU2X9@bnx>}#!3NUZMe|vaJ~ z9_`+uA1u0)-C3faxL)Z=x?3Ca%n31*=12O$mW`KDzT@Slt2oCE@^L&33s<qvpx`k#Fwfl=GSpy`=5K7$~?B-(W+C`3cgQIe0G&qnsd{u8I^LKM6F6?z@f zX6|~vzZ-K~gZ6*0-j=SgFlD?jIj{H<^GpzY5S{e6+N4zAr)bMt(qC$V~sCW`N<4iP+tKfW+0<(6i)i;y9ah zmz#RAuYQ{wieq7?8&lIi=67TBMzrUf7R`eqcTcRzPJGa4Kj9y6M8I_Boy1CSec^wzgiZ1D-Sb&K6Od=EhQ{*Wl=TyJ}nRV%6 z)_Fzant1{J?D1?j=Y|f=h7%gMU9$JmhUuG?3i9&hG#9B0OtuoXMT150a7F*2F3#rK zh8Nd1JIrJc&yOF{_Qf@*Sq_pJ{k4;aQ>FI7H>%KUStELjs~??Qlh62_G``Ura!rR2 zAD{hhec;2cXLTa58LXsZ3z_^w5CylNd2hPJ+~#r=n{Gajc0-0SSW$H4`XL18p4v2N z(q{GSJYXnVb(*&gd4;1asIO7c>F^A3jcvg97=eQXq?e@bj)V!JeEl2|e&HVo_yE3B z$BstIV*$)LnbpKve@QG!=NNdh6UK#P5NI_UEQ|11>t(+E=22H+7$2pwLGmoJKl zsR4)-gQ)ONSO%RqUmlZAkPI~Ab%zRuGeHN;EVh1HD!1sfU(;P2iKaKSf1AqPzP2ImjZ{t1+-e{PeP7QwXeY)py ze>@9~@rUW!f*u$}DasX8PptHBn8P5yR*b{m`W zpMm!OA`;Jh5VT(OFGG7xUJ_$tur+TRc$<~S#(9N74|zz_5d`0mk&N|fKdyLGb$x&( zRAabMuPLT3f2V51DU#uGD%^j*kisK*y^8VeFY_O%2lsd%h((<-;GlBodUW5WV%fzu zX;=Xh-P(CSU%1jjFzN5}fBci0S_haXhZ0}ymb^7-5{Vu-uwX;OBm$Vks8h8$){=D7 z=~Uy+E;HNOQr;xjwPo-2+dEGG zgn6^if{j&$&>Z;g3D;F>lnV8*>yC`VHzz(%&q)!jL>)iz-PTaDDv-*eLUoY~24T9) zqT{y_3g>QmUT^Uyu&OI}*yyL~t{7cY>+W%@Eb(%4(_$EuHjw>!MKmh~3BPD$GS8S3 z$klM>6wNAM3wnQam>&si9a-UO^gskl?(t=Hz69yX^Uv8Xpg>AAb?FQ^)0n>Pz0PaZ z3KA)kb_liFv8TRRL|0>GUO2?_^O2;J{W)P(7X0Hfi`HWM86`-sYxH1p$oOhoz5Ewc z3Wq4OyHJtHTK@9k`NsZk^fu^hLpFrAWWm-S*sHfOC5)VcBdX*aCx|kJ)j7A-qXXmk z>-&4_E%Y01bRF}NTFFYv6^#D`L%8lJ8t{t0$9PgLCs-yiNbYD5d zVD%lF_9mYXx_3l_nMKNS7YjnkEAmtAZ_H7(Y>5cc4|A4qA*Vi(Zk92hy`M;Wfv^f&m!q*KL<{2O z5)9L$Kqw-H{!^MKT^ijiLfszsvLM0MfwiitMwsNI99=_6Ig)8iI(r5u#zs=cV1>jy zSCbB6ob1={=@vhny9Tu*>eaf*IU;y)Sv&Yc&UFkkI=o4%Ps~d@l-cVJ=O8~*RdEYl z?Mv^-SyH|R@^|n$bNs+=z>@TO5K(I(BLe=;dkC7tFPN><-%nUHGqIPVAny6GSUojW`JF@GZiCegYfBTke<@Bgj;OPlcG>zI z?VuLBi19VpqdJ^k%~|}b<9f1Ji-J&XL~yU*KIiB9I9!b+y7w%yaO|PJcK`w$ktUdM z9O&zRsh?)Lch=~C80{org|NV=9X!jKMV{#uyU4;4_~T0M+J+Ksr^!7?8vm(>2O1=v z*||u0-Lvzn8oD&BLD!QcB)k5eLa=e$VhH7gXDo}sKB;3rYvgjO4Yrz!u);1)feWn%iod5sD@ScILcWu<&uJJXd!5g^AubK{iS}f)Riq@rD<#|03v}_u13>~e`L|}K)?r}+` zxS@=nqXe3v){?SOc*kMhApxjxO*QY%aqjcu6qz*aE{$ES)wEVCT}R@7uxC1VJwV)xz@CVJm4qhY#OD&cvL1vc0 z7)Q7Y;z>n8_n^@6xWkRkCj1j8?Qen8KU;ERvo}<$-Ub`k#C3m#60Sr3&#>-)!+8Jt zLI~$$F4ui_rmK=h5l!r0?)(?1O6b3`V*dn8GUuwDlVZxh9+LkW%HM>_m*sUlGRtaR2`>G=Ia058;8GbCcqk6#uS+DX4_DjE0w$<=;K` zSJu$~@Dm@&FJ#floG(C+&Be9T?Z#+ zyxUG;DarotKEp01@%M>hc(k84@ozi$|JOz0|8}=!? z2CRxFerQ)#L6gfK!D-_PsxqYd0=ag01PM789+L@2F_)Oc)pdyy4Etv)xGxZPC%9E)tALQ6)LjbZkgYM95b#=6*7QS2dVbvu_{LxuV3ttm!VlMh zr(W|U`S@*z=h{T4tST%f6?Nz1J@saL^PogUZUlxjrdVt5pN!q_*g7n$2ZzddG|?JTy> z4?9%cW;?UQtUS4*imE{EAv5ZP@@c58N$pdd#L7E}HitTOH=VL%xJ4Yzrr~egW-Phd z;_8ISB^nYGg`>W}Hx!WQU2SLJ!NFJ3(xO`_0g%H#dI1Et*fG2s@&?saQf<`E1xHL9N(a~vJkNJrgg}2hkQ%mDjGiLv3AlR<}(QL<%JT4JGa2XPId*%u2 zy~G({I;o>Hd>^5^`ALiW7@~s9vA3m~A=%+{wS=XOxmd2B_qCQ8XbPn^H#AH0RS!na z2vLWWRl4LY$?xY&(A8C~q~HT;zCt(a1=ekcVm58?BOu-ihLm_~bIGS676J8*)M(#W zCr5i`OLLd%+=&f36uuKt{r0Pm{h57+WzA$VZq;<|3#T6a2am-RCFJ__%l!I2r-JDf zt)ti)SJ0*?hSSazYmz#yr0A`?{y1VFB<^XK9^oYy+7&a=F$am5=B$f&L*>}SIX-TZ zb?C^eCj=AZ{<~F))dEY0c9b^ElU{r&x3&GwhMKExVM4O{$kQEL8UkXTy$lD?1i#pO z5;uzavG?za{E&O|<_W$%G+T$2dk!IHvuGmN48-BwVVGqDQs8rnn1Z1eEXW4`j_^`w09s z*iCCqSnf2^4ekl>!+N;tMuFnG4azJZYq$PsGM9L(IVdYKE^zW_YZk=RNm{ngcJ z$A2bq(rFhz_Tq>x^e#u?tT z)z3J)P0lj#LN-#57wIO7-AVf1<(c<<^Ox_9$vZKWy|BbM2!6En>QrFuL965ia#X^E z029XT*nRNU$Pf=}^A(KafdwY@@mGN6edkKDElt_*;G`3N=6^*z0JOC7bQbrUBVx2I~!{w<;UXsxh0vurlXy4W6DJeSB0f_i{Cu>LSbghz-hqC4F1l zhU1J#E3|vzxA8(QA|I2>r`7L>kPHtzuqLzj_J@8hPB(F=5~v4|t~lNkGb3Mf}?X#dwd+y;?Zc97CGZ46<(XLIW#(rmm2n;Z&7p+mHnCpWM8q<0klk* zxTyAhea0_F#ttF3QM+B!s@2;&3~)f2wJ&d|eq*Qf7m7AKJujeY(=(V_cl+sPFuR2p z^o2pn)=b?kKa_&!$!_T)VZ%pvWaJ&NiZT}rcF$&c5mH&i)HJss^*7^tUtMOf zt;!?rZ@b^n`enGEskZrj_>1xyp<8iQ(sNr+mCDvU)aNW*#x$00&SExovoF08_7}@E zFMZaWQM;R$tTIr`Y(VJq3{80@${!s%YCT!5Zl)hRv*UYlhet=zu*|R8UZTF(>Pf{I zj8-IbXx*L=8WibF-meU6*GRm)QiFfau}$E;<(I&kluVe@pK4=F&f~4{dR1EQX8Yc z!R&ydAc&oTm>}ynVT= z8V2{LyH?Q~PMc2OpoG<)T8xbIiLjv!15VuGM+C+uBKXP0kqV~T_H%E}r^jEhV)HdR z_ZN5aL@NzQxD_3Jm#1vG443%ANBd4=#6BMvXK8zCBn=NrzHH45vn@4xBM5*50+Ji% zbM2=vP4&&P4U=gPm|6HybPZg3;%N6!%XOPnp@rZrs!u0 z%2T;qs04^GHBJY&hHse}nW>CFvI$zTp@J5hxBE_8i`P2{Vd~gKPHLrs4B-cMx=Ec_ z$3ne4q(7+T=$_JtGDwaoN{78g? z+ROU^XwOOG{oUqB=EcRWC*Z6H59OnQM8AbTi>DmvL8;}|VZG8lJwfELvcMASa1;~O zdG-LC<&Tl(LoU8y_jEO7y#6KvcdIfl>p+q$Rt8d`T32p_rE1;L3kg zb5&WjN~5jg-Ch=s?+upPhi~jy>+Go{@Tg=O+XC&)Hg@UJO1=)fNcmT-7RVc4#+MeT zdZD#Kc#uDAvox4b63RrQuYwKE!Ob$ z_l6H4s7HkKls-XP<|f~7P^VG-6Q0?b`E{5t!M1FViu72qeZF{iuw_4`rl^X;v*0nuFLIy?tQjd*$&ws93+C*GL?zjBP13~j<$ zHvv^_tO-*$bT=8BKCG$Lxw9w9S6od!#@ruS8wJhe4Na^^E9}Ph`k0Ffc02vukH5=| zdZAQ@lZamO;<)gz`7&`~qFd$qmCxT5k+Je=ob%YWp}&kBhY;u+&w?HbcPZpIZw6tO zNNUuuc$hp!@S@HgA_1UwC&A@HDRhw$H2a}1ap->WcSh=q)&Uj;k+|Ss39ibb;Y7~Q zKjdJExEgf62z?YaS_jgc?49-I$%q1RT-z--qjSH^WxSzn1tI4kK6mqSK zzlQh}SSxl%!k-qlmI0ssKt-kb09$kqd%oGQi}zU1G2v(pbIX0#bENCneY}S2iQPnk zbr{o-%iSPniwb*A=cEt(C<)Rcr`tuRWZ;fe!EP}g-Eogd6;}BQuC30XX@lJFZ4;)5 zUp(j@u5}g^Mjl0h$+bkjtQVZiMfBEH?0<&FO>=UjX+-WnF3oWhRW1JJ5_^3mMhLL>nm!E0@Wg8Kh2AR>F7=!zqj%r){1& zxY%*lHS-aYjXpE+!mrVtUw!h}M=Di?Kn$RbO{jgq#w1=g4M>*|S2H6?AXUx2T5Z1M zd-*|9f_EUI`U~!cCrwE6Gj1iRp`@7=Sw$9q^aB7j&yk`3Y@gzcOZ{Jhm>Z!ON;8?_ z%N;x9jJnJKBXi{bbQLCs3#XxBjL@0cDf^J}!N3g;AR2+@%s_2t&t|O;ie1a?_g^h! z`8aUCT2&zU%7rcCcg1BoKngxkui0kL9XfJ!bs}nV=W4ctQu=g}R#W}DM&Cvfoe*Z+ zvK!z-8XPPiskQDDT&86T$lq zZFg`T54EFQOjw6=K8Jem8Skm`JT>Y*2lkQBrY z_IaIMY7>iMiO=NMT>p~J=BussQwEPAXP|GXSQL77({V2-*j)y4Y0td$P@^oU>n?OBnhlKybs)x zd$oNUZM=;`gMqdHD6ns88f3g^ZMh$z7>om8I}kHNe~+2EoJVQjrwkEyPw5Byxyb*wH+nVv@7%e&}`ZCcI9S*t4)SQ z#&kEr?Voz9#>+WfYE9myU4=~+)`I^!K08B1G?ypelc_1k1kXP8K=t5J;;Bt~K+%lo zDIDPf8wtRca;!hC@q2;KM6c(Ni2Ggw&seu-@WP%sxLJNP1Jmo}6p^y!gBiYkj*CuK zjLDT_66&Qa%zB)d9&I7UVrHb*)kiT7`r}F!-*fW9#vd#Gv^($2gDA>1&c=h1a~8u| zF%Y#hL7F#)qm#o?!cYL?@}IU5DXa!s#{|4Nbt~Ta14L%_F$@j*xl5SYf}wiV*u~%V zAZ(5x6vs2l@S4rdPCfnpU}yWfI;{H${_ZJ|q3Wc|p!xhR7jsH+A%()jzGC@6h2lyB z%2bUgyvFm#taH;Pk2hR#p#vZm6IYEjBveh9%Ks(CeL;tQ-@QdPl{ijO|4!khTBrPBk6C>e z$|rR$`r}^z5m{%HE?@*%ZnN(d2B|Kn{8X)tw-t*CNBi=Mf4C&+QGt0;!#aG*t7Zf{ zxyXD9Ubt1$xOeYEMhj7ZAi3y9x$y_Yr)n)eUuGE^^q#o(^Eb_emI|RS!wQ(5znY>l6kFv4gb)}M`HAZ|WU0tSSf#kr2noq{Vlw488B=jHX=6f*Mi%Y^ zHkT`|dN=+Qm^I|*((T`+Xs4UI=!mjN|H`2|KBqOKT<gGX&)ccp5se!WEh|h$ zSs&Dz#JlFRdbOia4p4H`!Wu06uJ%0Y?7)tRt3_{my1-up-bdxDK^Q0-kv5mtF;HsvJI9G$-xs%BO(@r;Ksg!uG6MI^$A7%^}PG~eY>-P z^2hY4N>fBw*?vCn&kb_jWv84|CPONA;KFCgFFgWqAbHu+&wM1FeFIS1n<1{XTWE=C zknc*I0w^uxmw?f;`ESl!vOH%LmI+*1XejoW|9fH0-!QDJ^NZ@Rpb5B}y?SvUzJeYV z<~An9Fz$4CRNDV;n$st30`mx0JLQ*li3k9RrZP~TG;w)!(ynGKdt$ejInw8$oty)WPUGzHSG5DoL&Uz=;68h$!zw6rIC>$ z>^r;{mz4&M_pCiSmulW_APmp!jeCsvqE=SOUiaWV6(2D*gwNJ@%L~n^(Mo65Ko*?< z$O3d~RY4{yY(mRep{|0(VoQtQtcG5tN_Td=qeG*nMAh5|LLD9x{-?-TU<9J2f=TQ8 zCn$PS$Y_gw=G+(o%!GL-b{5E=>bBi#n#>KjtSVv>8h`kK@10;^(+a-cK#_z?JBls? zdDG01mNR_*E_jG%jof(X&h(scpC{CvH^xUO3WOtP~@Zp zlcFL$I*f|dHYTx zUd!c=c>H*#K7ZDo_YBKfp!H23gwS)S=kiS|-i;;(ZjB-~LuzPHo7tQ)nRj1?Dqm18 zpRQgh8aapRbOVMQZ-WiNK8HS*b*49yc+Z`QLjM-c<%^Q#f7DEL<2cFMY^*+5chhEu-pcwza_k!9BQJ za1S2bgS$Hf&&FMYy9IZ5cXvy$jk|0J?hYGm-h1xX_q_L>liU5bNAF*2j9sf_uBtg} zKJ%%X>*82yRtA}I{-5$<5SSJ`jgGZ0t?u8w^W*RBYC1K=-bw#4R{PZU z{*7o*Ql*EXqk#mmXKv>eN3r|TN}^;BX(SSQa+L1*mOcsd3Pk{x3nw+?j4)0^wl6~H zx~4Jk>hfJjJX!&_-|y?)UoC@u>4|`?@HCNLAq!Pwt*XKI0$-Qg(QLg8$z}&=aW-{c z(QL76lQM~;Je8*XWo%p^4f0h@?csPEmGQmwM^--iaZnk4Y0?zK5I_Cwe9}4l@=rA8 z&sRm8KiXXM*r$~wmlx0kRP$Rzn8=~-Lb)jCXSLj!yw&X1yMJNu)KcOgCKJL4s$m)E zfNl=B%wfAtd4NoU$=HJNLak;qp!rUGLEGhNqX3ZO{)Z3uXpw#T+ndk%a16Lc0c6iG zzd75pkdA;NI{b12YdR3!*8VlMebX5fXq6X1Zzu{I}U~?fRXyRvXX- zU&cz4GV!D2*!aPpq9nNC5nd%iiu(~TLpTYd}qzOLvHu0p8bfl)DBl<8r)E8u!$K)z{Yz2U>$~2MDPabdgak0nm29`9yzuPQgw&?2s z+hhZtNPLiIIZK8LR7kfun@0kK7DM=`)A53$1`MZF8Y@cY^sXeBoC!_ zLtT2L=PTw&qJv<26l|JIq8Mv)6p(~5#;$=Dx7x|52!j4gsH3Bghk%{`NHOO@X&kpw%wn_Fh=KdY3-2C_X zeE1kfB@BDL%K6rX%7FP!o`|*N(*Y^t7c6JA$6eVW9{9(;x4{-iC%+YpXwZCx5HJV zvL@)Jf#N*nIHbOvI=A3c)Xo`!odXC?_bMCuNN0C{z6@e^$<6+Cgy)t_j1PZtHrP9& z${|K$>Ot)!MPvCTnfs&*g~%NFd#)8eu`Y6u@1)ACF^O|1G}4rLERn2L zg6LLA@nZAQrv_xXS{8$zt=;lf&T#~ag}~myAr$P+_S~X4l&y8Xp;kn$xFUV%s9@wk zo-2o>+lghg2392Zm zWX`~$E3fmsvk{1Cr{+P%^37o#G3T(ka~0kmD%~eqhXD|%i)^h>w>aHFpF!_;IYVF1 zL7OY7U+Ntr!uKCRk)3a-;uOhQi&F5SE7)xGNxCqqAF;!v4|8BO%F+MX9HqVY3FrQq zTWZRKB025>TJ+0r!F5OW?T+dlRd{2Qumpx_@uuipfA7qM_LQRa0R!jg)uxcr{YC9O zUYPpRvb&;lbDhZ1oN_#sKTy2 z$cvnZW@%b_Lhgm1vu_?Y>uiU(&v~JH?J~R|MTll45g(>%8V;5n>@$&>SskSJyG|G~ zT=M$WljW97wJ;LOK^vWO^HNG_!&KJn_Fz`%)gi#T29xVGVjecs1^x$d((I#Y-Ahf> zJ%uZ!7i!RN;6}Abx3QelDL;(l@UpSd*_SVmzuqObJw;o(u%V-2Lu51FDK#t6m)JY9 zjiAHk=0Pmn2wONA(%)vce8+%2B^4DXP&?uryjPO#Ii|lo{&9#4c*2CFJ6^TZ28Gyg z?%9C`@N_%D?^vgp&zU5NOzBnqg4{i?opGb(kw?QG@(mV}|M58_YRTy65T-|Y+lPrXvU@G<&);uaZX4m-4Pupwtk)l!HJ z6)LoPXcaX91h>RaJw?vxcJ~83tL;AM7ckf~s`JE^X%WOKfTMoZn4e4WM;hm1qxM=@ z&eK2A8b4B8tWIF*?3&Cs6mmB?^PmuzN*v2ah0KSo46?ud zk;2wpKQ!@;XejTjSyzHh zL2~Z-h#;DsA;xWYbfEjhQ;qd9mUqZaaFjNv$+)<5QR&c=VWkFR5B02f3il$@PzMvG z%6qEP+&tmeM;4kBM$cZD#Rgv}PLHbL+#JNkRvtL1A#57O4#>~V)?rzCX%v#uJ+dPP z-Qv#2_rE_`HI944a_iycnIGQ+!UGh-eZz9Dm<#nRQ(q(!_J@iq6pW8e7<5}$2NC5Q z^s@i5z~5inXRv#Ia30Iz*E#wU{~4z*^1s*j_u~K2U{5kd4o~o2vWo3|!vARhf0mzA z`Q9tc-j8n1A0}$o|M!pa{|omo8U24-xQE~g=(BwkPfyPl*x>zE%KHC(ae#d34WDdJ1;`#~ zy_!!%Kw+e-C@A7?VuTEiI})`HE+u;1@VYv)!G&>t^K_I$!N!kt3ireUK_GKmL&Gen z!I70*sZo^u)iGiT?PgKT#DxP4Jvn7r$krg>N6+}6d!fyf@4EIKd#|HNqrkFck2pj@LnyaHa!P3Zr zdzNF(&JT}}@|!O+$zM3f{XSro<(q~GSm;zcEw9<7{!wH2p~5{`_x27C&l`d6vD`jn zl4{V#0E`lTng@q2x0ezbI3VyA_m3eqQ zKd?lSRce+W+QDX-5%kK&#R)f9X&SyLK2s_xqWH|k2obQj(1Hev(4vUmDtM%0*w;Fl zAwiTW_|wXN62!jO@DBhgFp93ATgS$J3;j$4lkdAQPm{>p9)2_UjCiikiI@(_Z2WC+ zBBjxq{&1&Rv9g=bF@+G9;ouX#^-zP-4O65$7^ef9Ny2NUtgIs=w`YOLFs>M@NZxtg z(9Ow=;xnrDcQ)$~(vneo?rruN&DUDQUc;cnVR*^A}hT* zPg_~boyg8CD7#is(z3#9V^veozqLF6P-J)rUbp5bR09GM-EqF5J)|J+7t}F=i+Tw| z#WJm~AGf%i<^+7Y(qybm?}UxY{e~j9lil zLVgX9;?^!h19a|U4&+U%C<^Tlf~`+K6)tpvRYb?^hvtSE7@53DXeQA^#{K=S_(v`O zLZAMV*oAf>vpe?;&u_!rXtGq2>YZ$5ooTbB07#Qw4LD5?TtfzAo;CN`!nnG0#TkN} zQexPH*8)3g`jdMxaO8`=28iP6ZpNb)Do+ANRMEOmu)&-gSWeYap`T-s}Uh*@jr*hdRqSX)mGoIA)23=8HarQs;3ix!}kVS2aNAMrR zeC**Pc0IQCThrYzG9x?0NAmm}d9ROFF?WMYfo5K=uk1=j6m728( zkdD`tDN@RmxN*8Z`{{Cqzp)jS3tkXYE)y{N5jRkW8_4w}MCLm;h%wN1 z8CFBL8~rwI{&-|9kuM%od*1$pFn7e$H&+PHpug&0970e;tbU#F<2Dh^kz`Hp(P+5V z^ZvBh1$VNWnsCIl|8x+8<>j7D%~@YhD@HvNrvFa*J$_r8(P9mRT}2j7S9wvMGtfO$ z>CC@$Ih@TPUC2S?{d}e;Ey~KfN_s6{^biC4`)Znx{=U2qF~J)_o}tkSn0v=EgewB5 z`O$nqaav^8jAdZ2Y38jSO{qWaDtcZOLG^cp*PcWaBv~rR!W46m#BTVdT1+4 zqbu{7JWwuxhs}|>wf)Vlh|7&R(flE~$+23LOPzfmICO$S(FTv(hrW$w8mZ3?<}x&$D+S zX#F|hHs}ab2#qmXrrEjx+dlu6lD!Mo?nw8YO@!~LnO3fFh))W44RRe`AxeF!QRWW} zR)=whS^5;cL`s26I&59vAifRRIXEO~yfJ`}n4pf#m;g1jTmvlZ&6kF>p?uA0YZB?>}PBd3{TnPotFR{4o)rD zPHCTJK5RTKo+R=z80PKY+(~Fk_4f8f^T%5E+Ucf&+1j8vBpru`EHt~RE=!;xvQN92 zZGC)HM-v2+My8bw>Lmr_^+2l{WQIxgZ^^xB0}5K~j+g5Q&};g*ZEd-+LkuC2Xs z<6Uh;XCO;^eblHX{w$~*H4qyttY1;VHPEifQ?J+0Jrxlo^B8E4_JHH}C((px=c8t8l+{M`|#} zS}Vc7kaZ8R@YKY`C*2jV$XIaq!&%;IjNO}giSvlGe`tF@<}feW?Gv8Mr$;x?Yns7q zcAEhQyTMa~?YGBl6z=OwL@#DIIaZeRmx*oni=%9lBl)f-$H(G2OUC}(zazu_aX#)( zi|#xd?F$LxNDbDE0gj>h4e9d!~#r zpsVa}45u35U$}j(Ybpuyq*n>lOGT-k0ZwmwM`e~Lfzr}aC19AmI3TBaxP6se(M4c6 zQAoab=QRj&op-+{N2Wd`&qBq2ynR3PpgUKR=0xlkrO!}|<#1e58;$s9Z}}@zY~!g* zYI3SgC18zg@e>;_jECFic`(n`hVCLJL*#0bS*X_)AsI8pHel?^JK*AKFEsPvF%1)X829C3$8F1Pg)YA6!E%6Yeh?ne~BGdC=&Ir`AURHq{5Oqt*tM1;Bqn$A;-8Au)Z$% zd|??4quW>zJsT9Dx!Q7Vz}>2@_+TY_*|$iZwRqwShxptV`^_xqliH!t!*Q-f1vcNf z)-u-L;aBk-*8dxRZT2EoOU(ecK_5nH!Vl8}HeKfs`HfLUZmws#8BLTeO#&m+<<$@*qwFn6vt|7GN z!Z=kglGC>HssH0=pW6}yvHTnrvCGO??1GeLD*lQ-!Fpk{y%!i|L9>r zz!TE{gTB(E8`_=IyXU*7{CQ^nRh6M#Z1x}3>OaQgMfn$qNNLNC8viGA`VVgk3FVUQ zzx=9y1Jw%oRf~P^?XBL9+BN#4&HBgty}~{)|E{M0>i>Bn+#4vF*fGT?`zIIXA7f(S z{t5hdljNV8>iX~owRZpDN(+(tuZI5J@L*uUc>fKP{uf1iG|1mTPK`^6E0#Y`?7yn& z0g(zq{qG<0UixjyJxQ-y5L5l{c2+;XjA}|7LRb_zG~hn7P4n&)Pzqt!#QV z(+K&+U}~PK;@sZew&3Hv#!=c|y#@)1%mTpA(@x3|pPF}kz$#3Zd;QR8gY|-GCwdGu& z6OxNe3+uvLbucqInN~gn)6**^?$S?TAK)wf*`05t!1B7YcQ@3vRdd4$3nk;s6;J%h zOL_VJrGdA(fNkeBzpsETK=bq8gmz8|kL!CnLN&lABp1@8?P3y1I6qILSO@7-p+-`< z{2VBPoi-;WANqao!ZWt2_+<4%BoncV_6YbcJ_{BM0_7{)9jTsdZ1CKD@q4Z53CJNj zUv0qIvwaD0wHI3ND^zN>w7z~Ugl33Bnx18G2`XWB_ z-u4&9(p+n9MRajoSu*aKe4rr7?3D(}ar@ljXLU#TnP&Bs>`ub*Ke|e`W)zj>_1ho? z=dVc3IY_YW&Lg8^vdA=kz8!aFNNdEDoLCONyJcb)nBDf(Q;{A-P{T>qSz_ z1am5N47it|1{Ns z6y&t>Tkq5}O7ArncYV7_h-e;LCO|~7#SHP9WR0LH2?h?)J=9r7eM{{Pia0*5=~Gr(cp0CGk((*BVgC3K)!FerRKTdFKTk_%L2i1pK<$#4OUDi zygD-+9#sK(?rjl$CN_-lyh(;6^#@UJJocSR2oy4ec^Y4J1iBs2M(0mseW^RKyW=YW z5nJucQB$1?8VMstKdQ#Ac$195^8qba`_M=Xm&S81{3SU%cL@zf5;tntX$j{r?Hx%b z3PNb7g76sKxfP0a#?I{4N5S&Q^mO%wUE!SMcIDJf_ryb$uwetI zhg*7Q(dXSC@y0dIZM?h3U495qoF)M}sZP-QD@{k~f@>(Lf7hB%){qC)xV}|-1SxsK z&$AIEU*recxtQ%9m!&G&ogmlC7xG@ODesqZW6NM*hIl|cb%>n0(L=!g#;0Ma#H)== z9#&V{dCI3T5U6`}qVstenyHe=Z(Rn;$S?tF&T3waDZt{%`}tE-WlE$dwT;o)vQiDp zEE3v-pgSr>y-11fy2S5&BqTYdW;vxO_9$rksjv3g!sINt@a@E-0y2i@H#c&2CmbYa zACMF;)A38pP5g^rb^E6>_2C|_xUtW4*1=|)|K~0MSWkNK?~{DMyPA5>nC-78`~g2c zY-~M58KPfHb>@=tup&_KUJw4#V7;HOWn4~Rdbc7S#DSu+5cJqyl+)k9&r-*LB3XP( zlQD_}JTve+OQPiVV1d*3)UeQ<43FvX^8>8f3m@}p!1K;pYrnH4Sx57$bLO_6Bq1i? z%1hPGA!TL4>}~?Y{8re=mz9%rveAZwsjapr>%pm)ARLssQ`4MOIawSSEJ_sB-E^kI zESeWrD%V%R?eg_kDMm5$niST>KZ~kmGIi$Xs|4qXJndXVV$oA%hnb;GPB(eL^k#_> zYO*6?yehtTm@z<5Jsv3v=I;vgsBrF9HePM_Jzog;vRwxs}a|tvo`YI~;k^HtQJ*q!MzTb0&5R-NEK_Rah6?@cAINb`W z)=`S91a;KT>IOeEAVAAf#>xAw^T(1QP4O3ezX%%%)AO~aRzp3&Xd&LN#`{xHxW|nc zdSwY9!c zPr)O!HrF4xrpUK~e)=Lr47{c*tm=JN3*cBmzIoXHoQ->jbOm$MGmpspX-#aSNpIsR z^)!S2Z`&L{AYJSYy^)9d=;Tj??$;O3w#pAC2AiPZ!IY+H9K?_&@#D+Reamconv!J~ zI5X=bx0I>^U*^q%SxUNx9o~8=TAKx=L_3tA$vltZ!qEy-ah^S|n#M9T$WMg=EI!4*|gtB-} z&!+=E;v8-F7{1`E)H+yMwb2Dcvq`~k?!P_?;HKdWr+KF<37?$0at-s?5w}6-`|?Kc z*ISiJKbcJ0@vvyVq38^UdJ0%STTZx0^oDH*8uWiFJp!T2*0WySViKSN5iR8dpZQX>Yd=CB$v0bq%=N@~L4}3X~>4h22W7%CEKdP?*YJ zB|&buR#e4$@k=#->2-)srSDLr4d4aOMZ{*PM;(NzNe)80PyN0aH%OkUw*Ru3XVtf>mQkv!0W)bT8=OkkWS^;m^)C8)8W#+WweUvOQ35T~ zzQ61}A(d!cjE&o+>{LX}mG8YlqM5IYx6~i)P$V8#Ma7d5S{fgjD&+jL=-)vFM2+G0(V*Tr0&t+Tktj+ocE)U9X-gCYqz*mudfjI=Ov!j zmstpX^kRBh<2?#1&6jslG&ES+9u41zrFV@i)byUz8(G$uB;5d3ZpN#Z(arzK?|Iw5 z`|1fj@80@)?@gmbja~MX7Q=GBWksTmFxu}3M(IPezc>`+4QuBCN``_+sSy-~D9`W8 z=0b6}?76ZY)9F}fD%sgZGmYDV>O8&2C= zO2CZjOs6+m9@3qjEod48j(8F57_MpMkO9g;NK-i*gznkZ)#hII(w&FXXqw#*Pf(+M zL{rrnjaG^5+jZ)ZBj1OD)$^gXRpr2QIyd`T(Ov*@N%oP(vGVivutOAY%?!{z_T{Qu^3l&f9?mjRsf?;B%C~Qi6ltR>r_0DAk!J$1lrUyfsohumg9!{HA z>FY$W*+a&YBhZ(Rg_Zil=7h2Fk_^OUe?^8R%$oMs>l->wPxJ3C>0d1nR&}03`1ssU zQcXDCWK=c6IGmpt1ucRC6w@6dQesD(t-~bB+h^6_rWC589F?RtolV-;K7W~{!PQAv zcnbrqr0s!G_`lUhTnV6Yi30_0q_VGMz1thE_RJJwS4x}M+N>)cQm!QObC9qL(iMxI zKEYJWj+$I_%xgQE7Rt?P$D)KOqYl16b;N#6LGJco6v1mGLv>!%y|$Zu@y;7V{`0;3usnn~?@mvML_ic;X=0#%W z#So^+;t_Ixl8VFTQ4I5tbr0-43jC-_z{ShKLW5;&7&&yBxxJ;I?OUnz&91=$5n1*V zGLkfbS4|iBJ05r2n)^;=;nnX`x>&dgO^po71W<@t;k{1e_Vjc&HhBPd)F-PIHaf+P zC%nXdr@x^JpqV!g20yHz>e`2Ks$PH^={$d1L>O$gVUQ!Mdwf2CU~>U>^Zo_|-vG4E zrQ3Dsfnm5<53u$X6jrU+9b}-5_jqx=Q!q&_=91S%1KxbVd8$NA5?eC^u+(_Ur~z>; z2}+Y^iUzN0c|q)1f#SW>MKx|_8jcrUwb@Fa+F9ps4??4Sp(FPA!stVRNxkbnsST<7 zj60z@qAEM?FS$Lh(jd`ngBuS@3haqs$V#Lt;&_1Q{ZPR~er zWCFrVA=q{}@j9h()E|*Canz$KSzJzZF;x&JN^B|kSN5AvPwcN-If?*U$grjgWcG2p zeZscimUlwRU9&;n{^;Qv6@CW6QQ|WQr8g|2OCQ*%H6&_1=H?<2_mBtmj*=vT-I8(R zZ8DnzXX^RTXoI^Q(w9UVAKsWi9}5|t8yhH&lj*R-Kf4>5kFdcStReM4UVN*WSvV!5 z`-Nm$J|`aIw?!4s9*;>Hzop1p%^bmT!#*z!gbK&(*Ga=KT%}~5f2p^L$SBr*tzd$3MkLuQfMXYdA8H_#0vM5h-chM1)#?yZ~DkWI%wcl zuqKpdNIlUm+OacG6Zc2VIEvY|R1F1vqE+|_UQ6kAz?j(Z3H(^UTB1LU*DrA+HpPC{ zSdH5?Ij#OU=(E$6P(2;g_pOL$ss+eBwy$RJUKoX5Vu}RUz zF`@hp5gT|Mu{y2y@);&A>t3NhuoKmA!U%pd&0&^pt#Oa~go_!K*f}UBz_c_DUnY z-t^_=+GRRC9Ghwp3p<#1YwKI$acRK#p#zG9fR3NX7Pw@@GDtrn3MeBJ1+Yublanj7qyPNCFhE6Fe@b!S|UM)LA^* zNP_HEVO`!UuwK) zeSjG3HFNgzgfzI$VSN4}~jlV)@PH50|LHzYzrSvX3kWZ_#fNv&0}+8Q9*6UFi{ zl}YDRTf;6mEsgbe>zDx4!z}gf2`!K2V^n=ht7r%<{Yi{!#jMFnKY(F96jX8dBZ~zI z@42`0;DIQI=F6RnO!Adhr-LuaMsQ;KE$Gr-X?-?MpSZW_pj2f4`8DKyA4HT%~ zxssQ&42{c^zu(wibBD%rzWuajduaIi$t?6v5(J1=_vY@^v5(mQ;7u z&qnJf-s6F}~%PElhQv3qK3TM#Ojd7?oLWb1@3|L&e6MEeZ=NzaD?Grej{@n24 zL_JcNlbgFOM^{*euiF!%`z7P0ufEn@N)`inM$l+Y5zN3u2Z=1F^o7syd{8jC#_GY1 z2TrTZ8CGqr3WnC>{roeNH>t)*LZu-uI=gPnPjk<35f&(Tve!OUN#ISK!S-*h|45M5{=1w>O|Rt-?zx z4cn(2r{FN_cS%g}wHhT+k(N7~#HB2m3vE1z1wH&~cdr3!uxs5Do{1Uqr91oBUkUL$ z9jqbV24O+Knd)5wd=pl{9!`=ySKLTi-Ef72$i$l?Sa=fFJmuFK?eLvdGTGVd+@=^nyKwq2f5;D>6?zz%nwtGG{s?c>ogYLGDX$4^V zUH;HBGu96y&}0L1t)g|a1;=EUw8g1*;$&CdBuXe*%;lDswN2OD0JB5L*zcL|0eTRx za5C3vow_%k+9UUJl`uc|2{z@wU$0=7ym%9X)t+Oj_F_usn(s~SIB(?Y*|W7)sw#!N zudL|M6#$SAd3fOe&?1W`bj_MhRPp^be526&xlpQ%5=1V#QlhX4-AEtBSzB zSt0xE>-kN4O;Y{GsU|VE9gnf&Q)s2mnV*>CNQB0@}8ekz^rLRyOj3iSYTe6J=g}6syMxaf^DLdgalf zAO>Lg;qC4THsoP<6ZyDbxb)vPlN?oTqQgd8B;WMvRV0SL0XGvZ!>U@)&OF zwxrJ#;?!4kLGyrA(_v}p>r#rvW5Vi^3w6Iq4`ll=~?vRjU)d7ajl3^mM? zqK?>IAlDWO_+;z!C4I}k!NZP)fd;+Y>n^7b&PH0rVM}Q2=s0rx?$*RBmUnlSmb92U z9ApUYn}=ho69U&Y#?pt->I=37N9qb8d7*kq*_ ze`Aaq`LBp|u+c``jIOF>>*Cy(e<&&MaNB0*Z0G?J$n|{eXsHU={HP+WO25~W;Bo{$ifEP;#cfiqGs zxu@Cj5c*P}Qav~IQTiLnk)N>ND2IogxB!Ak_YUu-wwyatxa|X_9_!aNM%h%f_Z#BK zg~moYrAQe*Ra72s4Qh>Yto#IdKJ~fh7{Gdh4ZF4s1+e6T2c|6tOi;3O|5~H>Mfxwe z25f$R$5hJA&C0hUuok7O0n!h0xyPAh3p^GU!L~$){h%HZ9&XJBAC(50q?cgm(h0Rk z=DrlpQotBUU)atCFBq{LcGG8}pC+})wc?Vya3ON}gC%#{CREZ-zg{Kl+ulY8ra7~I z5nE84DbHLTU=4k-wS@)drR^R6ij7jC4BLF+kx`a8b5w(ZeU=n|;SfoZO{@j#4Z%lt zmxA9SPK!R*dgwG=P{*}48^#H0H~J)zlLULQqN}ro8F?a5=MlpK+hwcBG9HVx@r_+( zg>tK}M>KCBs^d8w1A4aB&TR7|YfBSY&EAF%W6)ac92-gB7YasV$%vp19mTmw*eWb) z%<(s@q(&s}6j2bH`)gs|rw61jN7t1KV{G)8bxnb#t;i#@Rgg0AANg9`VT55j><=fi zahoj(w2Kbr=uaehyi1h=s<6-}K?0cPj$Zy`a)F5)QIcG=^F9h_Tnvy(6~2Bx`J3 zQR_i?eEg3vn?Xz&3;o~2-sq5}8ta02u?mf)ai!$%;xMcCm+~rC15<`u7_*>^RH`!H zP`w>CY`@6eRz}eC=PwL5aa`Wc&iJR{9UJbU`plLdWLP#V61rZiArbUUP~_Yx3Fi{) zRGZ!@xVmz>HF3!U<(4+va;bZW&@bhX4?aG_F$WcG_e@0brkiFKhWyA7o78AjSqA1N z#&D(0b3!pv2Pm!b-L`&02CFxySQ_nYs3;HeXMUtp6om&Zf`-LyvE?*%(Zde!3uyK5 zQJj9aOlYFnA&Bnj`T@BIgRTb_i*eg@Gs=xWO~fH{Xy1wMLGqkSTt_dpThcc%69tSa ze5f_`&o3L0;Frvevyx&}nepaR?#Byn@V^NOO?}tVMcznMigSu(&G9PmX)Zja}@T1rukGzCgcbAxVS(B_T@g^_YEfD!j z5h}|1dOKXbI-yvdJH)K>JvQ`J3fc80QARsn49N+7pKPV1s+jSQj`p#vFzU+qU}7)k zOYI1#S6r=Hv*)^uwjVwB* zU2EJ3Cr&w3;h36H!oy9NE<`-wFX9~9MGjHmYT3J(?eZvKl*ib=&QeREgnJ~ zf3ZjC>ST`~Nb+{d?nZc7BqI5>Ivqlcb!i1|pKQrTd9zSXKl<&CQPceOI{BO;-GZ zH?P*42n(MlJ*md#d4KN=4(2J?ihd#c)xqImsElk0IQ(j(LLl$XFi?~I;+D>$Hp|+W zo>&@v!!n^xd^GQ7xV^toYrErgp`g^&D(Ai}2cMLDux!vcQ;`u+7R8o|H>uo^X%!z- z2}R|VjM^_BV!U)>Hdo@F+l)X~bXW5fK-H>K!Jqq~?G>EM;-3WL`81!XguFcr2U zjrJ5#O~aQ-F9$Jn;oAK18;|3Fy5LbsrC)D4j_4TxV?1cNZX}`5NC8|vu7ob%HkX{w zJkG_&RZTF}0ehy%GrP9lTahEG*~hqN85P_QEcD0SA+ZrFtZZyJW{fuTP`zZ8)2(3NmC zjkc`fDJxQui^az$S^kn;rpw%U==oA&TYlEj1!(UA-&CSr{rzyD7RJx}L%{sVV@c(Q z-R}H;R4*qp{DDEiUC1D%bhay^=lQk zpozh-X@a=CU{{Br&x$9>+yI)~jCSG(d$mI$Cek5@6;%ecxqn79OGw)8d&8tt{ zb}Rx&KOHHloVc_xOg`Wz+NuCqXmxqic{|Tle?sNv9eZDzgMbw-wCfZX4g7ET~Py*uNob?E-d^bp>DlNGh-?)f}u7&Y+~ zcxs>GeouSsQT1JCXO(26%Gp~kq|Ko%-WuoLqairt%p(%sf)ceH_r@WDQ0$jZQT#k& z=rY2r%Mi{}X-xw9qv?rrIicloQvBQ{3j7tL907Y(ROA*uBr#chAxaaFKZ)9) z0g@Zoodzc?#g0}4g=ah^KDrMRIMxgT`Q+U9$KP;ch3#1Co3=~O7~PWxeX9}xvfoN=5zZrm zIebGOC14${x2)aOblS&&seu2By|0Rkb4eae2#^2?BuEGZ2@>4h2_D?tf;&TS7zPax zAV7jU!5xAO4gCCznPw|yQ-_Jx~jUW>oeaB z7k{w>wDjhSh@IJwPL-v70tgP`rTZ(CWtXq-`{A$#+LOPIsrAXJ=vijX2-!aScJi%@E(ORz z1DK*z>PQp2xA{G6CcAvty91vRP2%U%a77F8QZ0$ zAGk1kzWW+35#mN?xbUtPd{2OC5?5Sih!VeqRelA`l>>Z*i@%rt*;kao^f@o?mDzuj zIk32Z6<3WcP@1-EsRp3IDOh@$o-BYgMSNRf>|!v-7%AsV>_2bSb5ZZ zjKVsSLxC{;#1NFkUdhD7Dz`rPPLAKOW*RI(5DJqyu{HPFnD8;} zbm@dG9?(54?!&eps-eRtID~7ZbRin}Lllo87tagRXdMoZs%ii>#ktRaiNmY8W`8O% zigepzzDvnJkIbbUz`TbPs-2MOJ6cR^5q>^&xPxV~J#yT*31oj}4_W>8luoUV;tEEfgXFAV^3?hJxfnKIi znhebg_Snk2v+>iYfu5x0=%IerDz z0+mQ!s7<$3p*M4`Q8dv+$D`UV=r4CG3x<-Z3&5@r>8)z}TIn|mi!LfI@Jr_8+;L>- zy;U6WYt?9iy+pUxen7aViwpLC*sIdA4)aK)KG)}jg(vYWMOkXzxmy1;Cfgd}O?PU6P&2>0z|H&VJ2f zkLHSdEM4p72vPFO$JAT8Q9+jD5)Q&$y>QvQ_t=y&>)j*M{D&jGlqs%@gYLD2MhPWO31=4 zH4Me|$#4E=clc@{ChEZ+!psx&(%(0Xj*X}!(#Q;=VzjP)}t9$LL1L?F`jPotz7$d6_-zc;1>O?>L zQt!U;;?!O@xP{hd7@la)R|Oh=SZ9TfdCiI@g4pEUpC@<><3Y8Oh*2#`=G5~5M8yOj zcd$9*c;l!V?2fxP-K>fnS7XFC9&p?`N_uPMrs-5;lDQOialII@P^ z%g6~_Au@gsFa;CRtHt8wd^?$P)bY5!4;^=vRNu^0%{PCxRs{_yH*7SoH+=hlXrz`Tuqau zU5pV+vt?6!u6OAqB-a}<>?%j6Z%LX?Fw;rYLmy~5UW>SJsLtKiYb(2q)+_}KUYL;wb!h%3JH2*SsSYv72L`Yqnx#+S|8eX_!OqAUtJYt z7!!|bqA;%=r(Ay${OjjEApLg^JtmO0xN;5_o@Bn$Q<@Y9~wMS4_Qv5p?7xALV_mG-$1>R`+VP>8aG$;*Xxs6IsTBrcvL2qM=JTvLE3zGGlkm6RnD` z36+oCu-?QlDMwZ!`rpZt(f}ON`Q}>vuB5#fkH>?Y=1nQ^UYi-^9T8Ouc@o+SW6aKl)bSSRi4xgkLc|4tcTNom2f(c*wj7g zdyw@0G`L>uJ3-LcdH!OPBmIS%cbzD%*!RGdhQe8zW1j?PWpL8B*cB3iB4(`bce6p7 zeql>qx3$hrDvLZLzev^;nTAIXmqjMDj^)x9j6b(aR;bd9Q^#BV4lX4a!nGAd9}73BGdp z)!H{udt3pOI}wjyFhDt7xu{Q8yu1~qs;(Msv`Wy{JIium+dCzP#T>DRlq1!=O={H< zDCv~Ry9U6;5|Jt)@0J#(Hk-jsH+z-S#IvGQO8P@^HqYW&U&!a#1S?h6n$j@^s2nIV zXvj1IPUN#WiL+?kFf#r_>rjx6XFWs_^ z<{3L*T1XtmNOe^waD}oku4xcVJCoOSk*=JVTUbijmU6PycJg8m94eOOf3z{cxy5Pj znuiCS5EIMhykSvUGR8mG$XxVa&UwG_o;t+w(VI=oqC_)F36A<%+NcqL7~s=c>j!|q zHG0J}QH$+Ds=%q$qWW_?!yT)M(+lE{ShKgvPCNVhHI=f9Smz5Fw9X5riv>7obXZ>A z)^Q{+N`>06U_WXMU#V>0clk1RQU6g!s`4!0z|&X9?3@vo;d zqEF<|-PBIiTagZNID6*Jhkt(Bp)53zsg3$DLvks9e3i}b^4@Y#>he)*wS~HY0_*yu z5>h2DSG-<$>rO%?3R7%xrrjj}Ojz=yoC-o5mXSP4JDYj+*UYJFb>z!Ltex zd!|r&m*aGeI@Teavu@QGzr%)=2R8H^cOmcIc)jFzX%M0x3E1^FlOE(-=2eTQW#M>S zomdedTQ1{tn3?QI*P)&04)tjL=?LxaU4&b_8b{l z^aR>y+vqBNw>%_eLE|!Xdojyo3&?$|NW5Q+(Yn z^kSIIf)g<(%iactocHwiTcmjAXmt43LR~GkfY`|N`{)nH4<*)qfLrTi>*84)WZN@4 zFB;A$0$ZfmbcG;nIkGc&7l_v*<*qF0Ec)k&Q0Ekm&oL|#DIajst$;mDF`084F~KjX zM|b7GIuK-j4Q6=A(8N^X_Ghur)%}ms_(jFRk(ZxbzceFD#^3|0(M8NU;T>_ZNXh21 zGOS!@Y4)QAgSJIQq0aFY8$6MnyCy=S46`(eD^T+Z*c^nw!Eq3Cr5l;p!jgF(1dFvK zB#sDMNnXrYxsoJyY|>?s8m6QdgPayXtpNrv%2Z2jDXwoHaoG|++9Z`>t4xY#5UwWr zO=Tl&*MjS|K&@JzB;PFxx$#*zxb^ScagHYB4G24A)bt?@`mv2W9YT;_C^C7#V*N_x zrandzu!M0u*vAW3fMvE12(F;VrOOMwrx|^;2<8g}jG=Csb^(&?DC?~qnbQlBm352Y z$HVD5mHTWy5_{i(#pCYQN>e=avkTuRxcyk=a`>(n3h;c&A)#}h6kiOp9S>z&78S`O zRe6!VZRS{=!xS&%w1p%7PxsEw4NyWdOWqmwDSiT>8METJroCdh7jf6tFrZ5r;xXbY zQ(x6@W~WTS&;PuxVnHg#hR2+jQ&I;RJ`bm;9xwRw{o8SEvBsA!o5in>{2r|n^kUTe zNWE9(=QhJ#cumtz4J6QfH>@Irr8<**y9DAV_l#__6KXu`B;L9`1%p}lKMl2BgX42djFx@0QOvDAooPR2oP20M?S8j#Uk`rC-9W21sU}Pn|)ReZTniYS3V-Yp5akud8+k1Z_19W zNyPcxS|yz1!^dS|^#W?t(raNic8l_(cQRi4Tk-M<0lLhC^yNj#Qt9c$44_eXVX=I^2=}dtV-`HLEC3I7GYd+5MV(^{hvUp|%>1q(nX_R5WklITVdg%3jgR4-LnL zR7Xbeg?`a5r>}-0Q+@8<_0_(LPR!>0W{V4-aF5xz#s3q)rIf>G?zt+ZpG=)YGb!}VyM^3<^<;#EO<3L^JNZ?E4=SGQm_twf@o zeK*Ny5^0=a@YOFQ%#qhOHRF{g+c~}14x4t7c~9kE^{LL|!Lo}Q>VqzGbq9YT>f__s z*d?Gor*S{bF56?*jo&zktZ2_nYpD8c$lY`>p6voXj3Qob&fM!E`C-A%FPZD9L`upj zfmf8@N=4?ervo`nQWl@=z&KNC`5Zwhn9Kkh=>iZr4CUPt+9Vs=|O&=itk6> z1KAE<5d5$J)b^I~enyW%`RF6%^UjbxfEPagOUgi$QT*+eGhzYc15cj?r&7*>5VRbkr&5q)*6P#I=zGrXl-A8@;kB_B8 zjA0n9qHV|WZ1oN|+orji#g=5Ts9otr8V8d?YJ;IW+;`^6Zao5qgk! zRU0JkEv%^o9meCdV?O;VUuWWOJ4xK&w%$xqQZuAs6a8ed4Yg#UOVC(s16*)1TQu-RJNxlv%$tk72XQdqhh z4V$0+b`_WQ!+CqYa*-hjpe_3b=1o}ob=wnqJ3l+6<&9=Hm7+Vlr!s}g>0^&# zo!r-4jx)DEYUMInqJMl^Je6B}Wa&J%zS;!#35q6K7}re~Au)4VE}i-X0M5C&=Wy=z zIYU=fb3$%Stu6V1UL7n6-17?%;%mbMcZUJZPI_i=(tUVx z&rRsEMX&XnxME3s%-9~|Y`xQ$sLRk|xuMK)4j#~ld3YB}>blm9 zbGwh*H!sS+rw;`80KMPLQgd-W%Sz;On?0KDnqm@DjYZ_j#+LSxq>XN0lslM-D(|Mc zQ-#==z;0(bw?W*7X9dLx{UuI!)w5M@kOmdfJa5)$tt$hM2MX!F*J=^7t@+@^=0eBR z6j;&dg~Fwa9{61{3uA?CO*uuy^s9`VLEkY$Py&zEx+y=t>vqy}X1$!J4MmG}i=F5g zrqJEB6q!t+IivVgZmlf)j7CrEi07q?0F;y0C+l@(rZHWujpjo6?q%Lv$(G!4U9SzU zcvwd_B&Onv6lk9SNI@fGRQiNtoE`~EL$`7+#VuKCy7R7~^Up@E` z#w=q#P0(^S`e>eK@8|>uDV7~PfAC9~FuEDzoUS zM^}!a3?INVZH1OXdv`6BF!W- z2Ze0CIJR#pC%?^82G)!RHb!bzy?H+0=q+cLP?1>C@Xjb3@z7iN6vb^cic_B1viUdy zVG0xv(NyYxAIo#*LOkLSypXg~=E&Sw=+!3xjqeug@u(OH-z(6l)FztnT)(}ST4sOk z5++QGeY?Y7wtW{G;s!6r8>&mxwxms;Z4z^-`%oCR{l0E1BUK0e)9u@rf~^&ROYrD- zTQ^NgKN>Vck+R5C_Y}AgE!YQ`meK1t$0(9@<)0@VMz5^1#B$T{E=);D|Lb8+c%fXf zxHAUMZ~*C?8}emA7q(}UtgJHvG^f{ikRwr6#c7W>3L+SSfY+y{)1_;sFlr?$QWqaN0GNU|3Yzv%*5-%hdP#I__+bM z_jZ#NR(IVF#AstFO>EJ3N_)@vR?2K)w~&A!L#@(ad(G;U7XDyU;evAqOb*fB5QG@# zC^WQgO$=PV>=6cf?cKr5+(-#+9m6AU%W&1dGUZ*_tPOj!S5HoLl86!}42?tOM|dw# zNupcB)-KD@Qr7V2BZRNi9mZ?EIlvb>)8?4bpj8Micek}bOxm|ZkdZRUqt0k+7+!KA_65sh0+qcN`N@Ik~z(rLIhX02WX)rO5 z@KZ94`3e16-O#5sK4hMjP2I}Z`gT0I7aBQY@(8aBuk@SxoRG`7iIDY7{RokAP2otnw&PiWL8CH{COf-bd+RH>7uNhPZNG7BFqDQkG}^oy%D-%M6E6E? zU*HyD4~Uw!@*Y%3YtU)JCYyTVLJLY!;MXV?S9IGtj3JJT;vbr4mOC%2P7ylNW;SZl zw5mW)q5wM=`V3s=hZ>2-_n82{%vNbxx2Y-;9fxA@IZkcMPZ4bIW*HcDX*8+6M0mAI z**A4NQgBEz7DVw3&FbcLSh1uUEo^Jn7`VA@@xNh)+bjlAH5FcwTb#}(3wu>%V zdj=P;x_i0nnt2DBJPtv}hff%ZW9gUe($Ai-wajuB>CD*L+C?Q#av$|j zM}S)P>Ws}=U*_bco^BOmlw16gqO57hJA!r7f6N0Hnj3XiN+MBHE3s_Ohu`uV$hY7y zbe`-o8PtX}BK+hB`nrhrIgV* zObFehbx{j6Fx+$aB#|#ymDvkeI~>CviI}ijv_lN$V0tJPm=f3(O)&xr9Y>mY#XIA; z**9@Z<}+Rsvs)I|o|C9MeW8AlWiJ}{1T{$Zafss&NhFTCktO*xj+ zBVf{19S}U#sFU^psC)zju|s55g*Q_OaDhrft+v@A(dp$N+6w4v33tu1Ik^Yuh?u*B z@}26X4=cWlx=_58CS^!;%2&+|LHKt>s&lo^reHCm+r`cl0 zlQP<>kHM;C(`GzZceWOugrZ}i z3@@6ni?m`0@pk1#UtNBKcTo8?7nW1u6k5V7FN^LvqCxT*2^m2VG`FQTSX!`i{yq_S zQL~g>iE0VU&RCZF?jv^gxjK7bn6b7F{`S9W0ennIGHI)(aa#Kr8b5V+Kpc7PR>iX` zkZVWtD3irSDZWJ2cnC5sqj|K@Qb~L8oo>QTm?i%Ojt`>$)@K*q)=4Ispul@(R~{f( zF2Z()nb|)MV8-h7&6supnvV52e&qdKD?EC2Ac^YZ4l)tRQB-0$wwwuU;KjAzLCtS55JOtt0o3t|I;`5-AnoNx3?H5?CtG9nJT$c3mkTd zY2Ey>Gogo_RZL6=-x89@l(w52@m|#Uvr+s@IsFl#-`k$bEZx2rTJ=dHS$w`H{MO3~ zQUqvpAKjm1)~J2!*ueh*c9h(q#}24u;q%&t8DCQOWUJHs%WwKKM!z{!x9S1-ge0zg z=W(|w+*)|Pnc3V6SYXGDO!4*X(uNid@Lu0#zA_p&M=+j}__!vlefaNy-&8$! zQku-maeDOXGhM*&H@4u=P(}s@236S2Tqia*wzIo?LPF(TR^yOUNxf{>E{jyMh|Ck{RcQ zt6e<)g}7jRBx)Sxuc#9+PK{haZZM6T*zY6%)wd-I6x4_0fgLjc$t{0c(p;MRn?1V8 zuSs9pZWX=6Sm<1H)7SWZT=|^7-GYMRuL=5_?Odd|R4Khul~7h#JQHZ&Ke)S4)MxSx zs-0Ek+&JxSps>33E;fPaZ=~j_rz=V{H=oY>DnMgBqYB$jOW*HmLG6mQRsD=4;J^a0Wnv@A3N%?TQO}Vm(T%(`N4#}6ErAS#cboo_u!XG!~d*Sui91;W4 z8<$Gxrd%0Rnw#}pxAJPiSX6QM0tPtqx8$-cZPn@JQPf1kslUwDzKh9c*2xQ^9i*oo z)#X1T)J)IcLwv7(vgSBPaiwa{rn`Pf-IDViV7;@Z%P^Cb%8=)xsD+J>{#T2JY_v(ptuWe64MFkaSVZf3osL;|r1n|<5H5+r+7~hB zzh2e1tth=Td|RCRhAn)y!3G@9HEz5I;(GZdQwdo|l9Y{x38KA-XW2YTSNhKcU?uUJ z8emQ3C)=7T6xz|-@b`Y(3UBKTI5#vJ6r*r?3R*athvnJtKO z4Q<`9K?}@L-?h>E5;^;&wHlnVfc6++$i&uyrdbL3#1+~T*sN|uH_l`Rc7%pVnf$I* zb0xteECIT^gSQsdhS$>@D69%q=;)mI`=t;+znK%P-~}_6C!o26L14c$;>Hrsd|=`$O?dE{&TF zfOW4nm7>#ue2L4)J50NGY})ffh`ycy)4f#T^?d1}yYfI%$jH|1NDB(DACHttzWVY3 zq^D3z`fRI)^(1jI7zUMm$2J+odrI%**!9}3OVESP?!gk$i%u7KKAipKA=lonVmxc| z%!Z5QKIV_shV}h^JkL#tUx^!Iu#r6>E!&HhW!oW9s(}lstNhF_YBo*>vcM|`$R(;? zyy9=d{BNS9to3RJ^!Nk~P!X=Sp?$V!RW!p202X^>cfE;g$4|F9h38+ax@MCMaJ}#sardWV#3Yy zZ(j{&;Q;WVli~u-x9Z32&AuCa0|qrpGDC){A6$sN;yEN9dhC^K#2Vz> znDrqNo1h142^68wDf_~V8(^VMNYhY^;I$nq;tE#fYs@EaWpz`C;W7m)g)27X59C7; zbG8R|hH)clp_Cmr6D2@$!`5B9`R+hRwSOah?u+{dt;kFCuzp+rIK4QB|{UnLat7M9r( zrMX#;IhSP~mqZ!J7C<1j%rcuNI|y-dLt$=3ssa-2s9Dxx?Xs=oFIMH(BbNC-5XhJz zUY&u4cLip?kK6h)qTH6339vfWTI>0!cH%2vn9gG51EAeb0E}VkYZ)=YP}!VzlpSL9 zJ+U)I^evgzVhW4dm#GQ5JM^*?M0q#i#ajnhT%Cx^!Pel!<>{E)B-cPAVfX;&>*g8J zZL<~*cQBFKtUTC`o1=Z|se^v2I9}^6tMQqQcau^12QQh0$*uMwSjApz@$gr$w~*OP zW<@V>+a4tFE^^T4tiW5V-}Lni@BWh(PLsr{xZ<2m@7h?qX*UP`CLMAdp^7dnNGvcU zWam)LF+J%hHb1?!DCNO|#=Kz5fQ#j^0!C@vv!Aeo=U0D;xMZ^PZL{-tI@Pn6b7u+Y z%mxMf{PwI>3qsZU)tjtilZHUIqZ2Pf2vIH@9)69&7_YsmmN!g`cUL2) z2KBRSf9ghFD>YMmI=QwiypLUNGx+SvBSUK&8eEoobG2Se?6y@aa&6W~yusV@8m>Sw z)r{D!mRM8W!^1m>z;4y`#y;h4Z>{lySx+lVXbQ-mICXw8X(b-t;NN@lY4{hZKC_^( z)+Y3lj<015voPM9$r2rf$;qj)mEU#0PUNSItfqgu0f#NJ-W z4PfC<9J@xNdHUk`M|UBcVKZ5lfyeBRs{Ki^J;W)Cv0G;CTafeoya!X}YfHIO2h$@O z=AW2=pH=RYlaoIo7cuCy>~CX+v{cZLUT#IZ(P}hXVznR+wTbOQ?(fD;bkr&#%?ziN zN9(Tj#U_9gl^X%@c&P*{^XWhd1=U>*#$!D#rjf!_-!wjD#tnthhYti8R|m#Y4x|7# z-q#@xt^E}5tWcII3b>B$T5HkKkK>E-pF3n~!YrR?a5XhyYL}FY^TYX1W0HqDE1Sw* zdvC6?csvkFc)daL4DZEbtdo(#o2mGQ@l>7wF?o(Nrilqb8NG}B^9c?+&Um6rY5RA> zM*%tVS}i*Csa}Ld!Bc>lT+nd;bS030UUp zWe{_Ar(1G5-1I=;*J1PAhK}M=EKb=v-d1o)$jL0eI#LF|xaslb2R@$)W!^_V0^<{~ z(uj6MBk*=|DT(U@o24xa zs7iD6bLD-23k3+4ZX&gcGIVvVKL5+85>^l5^CE#?L(*md0W@=9kxOMci5Q$usuV@P>C&G2eWZD4UeaNbhavZ9MI^n zqU?C*RPsSTYRl*YulQ;Rd}W9OY0yqyE%FR8l;$424`GUwP3Mt$nD_otsy)#vRZ4jM zOJ13+6?p~XN~XvR?m+W)PSOoFrI}SaGWSUrK0VHhm@l1&YQhN=&vRoHRb1!d>bTC! z%4hFxC0pi8-}E!kpK|x4yFgz1TM?;Uny5=|y>@7QKS#}98sY{MV%tvs>;$s{Obiu7 zCz5MKTU{ZeJNd=hkN}3~y|->J4$AXaz6ZI2T497BGnmW3QK_Mz5zryyFZWH~9J7n_c9t$Dk{ z3dOtJi(IevAaz9e16IxDTk_gS(RUlxA*{|Xml)+nT8xbd2qChS0yh^ z6@7*^5)i${k?{Z>^;D!B!Qd%%<~cOiHHvuBzGb-F`a5M=4>Wg`{159O*m~7Kzqi0t zWIZmEiE`tjVRA*Vd8bOtf@{n`1J?ovbxttv(EdbVS4oW-TqIotsOtMZB(4_K$uH&1Ac3bK6 zFvLO$%t3B%X)TKbJh!zvWSp4T6f5F)NKn=qFUu?d)|^4n#dli%dYe{nw4YqOl|#&L zKWTw}ABg)1>!?y|irWz3S+Zvv7?MDL@Pp&n?+6Q9piwX6Jnp;1kghTLNv2(Q+GMn& zp+Zi!RD=lK43+Wz7IBNAd~~fREvHZ+K<9(oFY?iXL(MKqt9cm!-+ZzPG~316NIfpI zz~>GrId$ls*0-IBWi#hVE?Mg{f$J;Vk#u-YrD>Czv_8sqb+X#r^Fct3ZvFf_>*ZQe zkqO|c7PR`^Yq0gOMp>g5y?*zJ-s!Df3W(W6qF$h3vpVVv>H91Dz}cC0RI`^Jz=3O^ zW&w`IqN8pUwq-cMF7k1I(Y1xVp1`l@*1QC`&7h zcmQxz>h;m%%e0h1ekobm+95>~u!MV3C$6v~bVcJP<>1tl$(LnN2DNf3I92EsOtMUeYeI;YNoAkNxlnwJ%===X6}oeDV6tOc+rx-b zq}tXy-=|kL+~%+W?f_{%esWOD;=(axCm$6Xi_tpq7M{<1zX?2W!s4s)s-MaZ*udXE zf_SiskE^@dy5JsN;;2;4ufZ6U%JXBos3pMU4DC3uykF~`WSp1dyQZsfqzk2GVaKC6 zL;Qqbbc3i&fLn1{l{J-YR80)W>H-zr##ki@n#<0s)R~?w4(6o0ln(bJ4&mIly;}$N zaiT5Wg7P@<_lk%hh}!MFda4YHJaP>!nN0=Tj4lbRioM}*7=>-zj62`t!!j!`8uI|P ziSfQ`Mxt>kcqw0n)JAd)$R!VSz~B@36Uyg01<;aFysR>BsRb;S@AC^eY*lI5R(y%I zvfZ-;I2cqbvp z(W?J*rk7TFHAWzIQL@BxdnjTO@N&OMBG;WIt&ksBu~;p%T&+Yla=&rOg*Qi=Lm0&@ zWP46gz1Y-+F~?(FFi0Z!hOk1X86RkHwB{z zZ*qdlRiBMiyq{VX{+T^AimKL4u*O$Br4XI`%Qsk~ZOB^Rx~<^J90D{}M(88Y1rit} zZkD>&!r^ASabg{VCG?Lh{Hf0crrEFOI|ouo>Hve zT9`)VXuX&Ko(0YtOQiyf92x{YB8fV;Vym6Bc7B7N)6&GV_CA^yDaru9DOMhk zv)}3$aL#s@u(H)=^l%`wqEPZVZ@O^3qF+=dee~lqY(8V+PQ% zf_S1Nx4&Ff!0lb?1o zGh5hXnSjqu%;+X-1b$%Tk7bgrtJ*s6MO-p36_!Ys5@;N#Gk zWWp$1y3O2P4<$mW**ti5u`6ncqO?9yEA@b&`my}>QZ6)7zvNvbo1svxv3^U7Vk4*X zfTrA@k&iq%!sbPj;gErHiM^5)>=>?vyy^2~0f@h%`!@a3uTYFRe4al2bstypd@=Ya zH*6T}A_I1r)7qQ$P^dGgDz=P0^@c~_Xz=U1&X{V;Ev3?qSn^`Cj_(d=$CWHs+iJZ^ z_u4Q;=Vr*%?ZJkRWb1Nr`E^MfYHPW@JW8I86Rsd)R4R5j%Ybf?%=g}8El5`z1o6>>?Y=_$MFpv9lEYmNy#?FAczy!etOYPWjFSmhQ-D>9st%|u)mjFlG;nrvo zU`eC_To00zV3FkI@-_;Z zRiWnz{M$k5KYk*^Mu9;^U!N7Bpp>()IJ;iMajfKtm@H&>;|!pg)6NAUCp9yxc3ru% zBCWVTi)6ieb#pd?s)xjsEX+T&smVa$-9F?+_i&YBUoEr6+np2R1koZ3rC!*GWpo9C zEEvf|q(5h(A3X8OB4*EKUF20fP|3dd=RGu1^WGQE9=LoBlqH6zq@|2tPTJzq)=a-YA}`0rfMmVx>R zdsf{}UHfl_BcMy02{w`1t3?#?{X}{HL(KdQF@)CFWu1o0_0ph}e<^zZGSsHa+Qtoe zk?VFdpZ^Hff5w~5e$@V?N&n)bJ2=}`wlqh#YAVc)Ofc#PBe{b_AMTTZ;a=P=2 z|B}ys>vW0?^$xerWzPQfCi1TVr^EcUX$Uj;t!W(;x&L~Z|0SNg24CI9lmmm@TX9rC z|DEW9xbJjS1#Rt%!~X^6H@yCc^*abkUo`57%dl^1X3F2-8QYfE<`fuoI=(bc@Yj<1 zPoZyXMSGz&{(mv^FZbHT{x5J`MD8JbO*ch9v;6+aJpZqkc?tgOdDfOEnF`%u(&fhG{)UQ)+yeJa-@A4x2D<>9A=9m9>sP4aV zVtHyN^zT*}xgP(E+#dzze<}CxJna9!JooQADN=9ze=V(p(bcEEzP{0%z@tByYi*9G z9Dd&49e3oU)Dzke(O7wGy_Gl-(5N zg8yXh#$ye;u*LJTP5e!kRU73~GBOrqRuR^J-#{Nt2lzKN2_m(XwN>%QKW-5J+0S3o zKO<=O(SQE&r*6|>zv@04>*BCKHUB5!+Qm-)tFlGf2D_5TbggtQu8E%|NBomE{!6c} z{stO~J0((8C=sXpjmmrV#_2QYUuMZ4N&m+-!Dp}dtZAS8omKPn72hu+|HexH{?kAG z5mM8|hUBOG4PBp-n3Mmd3-mi;ZA!n|t+Ep8ihpAE-yitbw@27jIRCjIf6~bBXnz&` z+^iy+KQz;eEuCkw7RtplO#00^hU9;sT-5G{iKtH$>5_88_}=JWOYC2zq5b0bH3vK5^x@?b!9v3|vi;azn5JesO#AfdC z3VC7vByRBswc9ZA1Ukj2%@fN-(@CKf`7`C@hsHm$D`O|2)heVd4P}WUd&R?3_4t&c%&aZN${z&?F96koGo$GV&JlGdN>99o+FeUWFThuCa>Aa)b6b3nD*)dNB#PS}ONQ%KY1(WTD8>Yp z>~QzSuQ{L_>*Zp%h-kg>jN`_6NK43{?;-E(OYhY+R_#04c{4?>hZbGB$92A*`_Pm; zrQw2&fkVEIm)=w{ZD6)+m9@+RMrIHxB}*I8HI=iz6sIMz z=treF5efZWKyrNp@JUSyhqLRol&8yXrN#B+8&`e=4Lx^`@M+wd8+4eNcH`KRU{Yeb) zoYqMk62mdNSd2-&l#H*u<%YxiC7WQYIm-##==i3Fj(PbQ!6fZpmt?6$>3^MpLqZ8b3+p)o3vFTHAR#-^a}%^j7A~ej+?R)s36)a{tf| z%Guz1`}KydA%T}WvBY3Zt2pI$AFcM6Z}-a5MT}lXWlrtt$_zM3zs`J%;13l-+5j;q zX#2v_%!>qbgo?v4hT1jOM;!4)l0&sJhv~Qk1jWIj*Xz4lZ&=Ul$*<;9Q9P1m^wt!N zq%?%!=@}xgp@q`(-bZ#n3>G%{{in_%#{-ti8REaoaC+vxJ2OwHaE%8hQ2U#RlaT8UU+uYDmQA`ON>LRW#`(|sdOBp=qZ~+mhB*wWfm%kkKFQ`Zfy||?_%Jpkt+cG~1 zj_^y4G_3G7xxu%4H{4bI*@$FVcg7&yUWg=ptk84)l0mDomV`w8G|Nt%-7+TLKS$ns z!gfybWovrYR~LQ7nG6M|&n|DPW}nb0a6ET%a#fGF^0ppZc!v3Cx=g(;wXZJ{{=sj~ zTy^Nn zGwuSlluEvaBAHdA?nHnw14Bq_J&~XM&25p6L}Glf_!^lqx>>h|3l?a5_w;2z{L0>g zDTa-X!<2H{~R8d$Oss);oyv06`r~z8)QI?l2tU@09h#FngzxuEUG|J?R zdCOE+Oq%3nS5}xxsE{)!6Y?GFogY7gL!H!H)zOQZ+&d;B9PjFF&K1%H949wlXV+;s zl)NA9E720OZQF_nZDNG}VlE$_IK_?pa$DA{n(v|vVsUrICFTG{A)DGR$cu?aVUI|F`GPXFEp=j%du9i=)ZnnAa{OA}HtFQM5 zJBQolHQPp$Y~h%Ws&rHQ?4j02Syh#EO}u!%G0vB8-@EdX`5kQ4mJZqBIp{=?rNr4t ztRnWJtIEP5xlp}j`JiPKn=WR&^5O`S?x}fwk&aq*)EPZ1BLSAQSmrbW~nID5>)xNafs*bpC96!;)05cd4r4j3;r`0YOs~K5c zMk?M*C@Z2D&300iWKOye_84ver!#kuRH5}$CFxYRwSf&vU&pDUjPyE`TLUvv4LJ{2 z9fe0UrR5~93pBm5-F@qx&^X*7F%4} zy>Q6p>QlSa8cA=SBOa1nst7^ha6#(#m6iu7&WoPAf$k40tb*=&sw@6vqQ!QBZAld{v$Mz(QFw5TIP>^7})(G|CZ%WAoOY9Kr_1a|axn-Hp&ojz} zG_cO0v)jy;?_ti+1Dv2e168HBMW0Mr1wCl^@&k~ZtY98+{Rj6u`MH6e=Y2l-u!ybX zXqsEBIyAKO56STG?SVNm+M$XFItzvFx04$zl8@oTTsT ztfGhWB=vOe3|Ibmf-?EGfKZ)b#3iI*uHSP0+}Kb}cE<9${M@7Z=)A>inRzME!C15O+HVV3{LTpjhR~0OMORBwCH$J<3*NOlXH2)k(d$E=+jUh2(RE79w(#{Ta`&MC25^8 zdkgU>W41E4Z(piY{-7msHUeaNfXH!Z)v=*xu1CqI*y?7O0rs$fn7Bii3u_bMWq>=A zQB~=BV)5LmX3-70XV?O{ss-}68BO{X=mJSsZ%Y;nU@p~G$9#LQ7hU+6d&f>%nG*c} zdUuF8+h1;JQ)Cnq*xgLflXobbTtDZpKdAz?#MiV7FF16W4M!~1Xn!z^y&J2Njw*_g zM8+}OP6`krPtnbnQIBrzVI^B>)ms@ZVCuB?6;k`r+{uQTv5+?zr^ZMv&!$>(R>ze> zm2}UZITh)A?z}sXhkXe8z-GUmVjyAaONDs(>YJ197KSI+~e>Px2{4Qfcv1x%vCyy(BFD7^IRSTtp8DNo{*;vc2x zlwZF=7C63ryjbb2t=s1tC}K`cFb}i+5z1##@rt~mRrR_YS+i~Z+FK)CTUb7Bj!fyc zjZOuGk|{z)?Q|L#r8b(L^?I(Q#1p<7M%0zaXE776>ToeqE(5Y;OmBYXv9>9}ntIyG zg-f23Q=G-WYyEh6#y|esiBlARKUsMAHFx>~ha{j(%{28h^d_k<@7BNg>zF=Uhh1%3_OA3no*XL_=Xd z3)rGyO9jimM!(Bj=EvNn%l>T1=OerM)O5qlOxGzmNk^>wcWM*o$e@!k)WpD9y4`Mk z$DO<9s8Y?PUw*DLrHyH*D;&m+_kC<3T&+l4N@y5l;_TO(aJP-fsM2oCNmDH{BKkEN zE7di}zV8d;N^e^?2p$XXXiA*$o+_X$w(EP`)wC?1+6+DZ6+Od5pBM2kD!8e1IQ&zT zp8-ToS59Dm7yCd84^co1WHilw#iahW-QQc$;?a*a#qBs44f{~PJv(0^&g(4MS^FR{ z<7-f4uT=>l(RL|nNaZlAH)y_7|9ey=r6c#iGAFY$C8dzr#;aH0^T*}I&$o_X^L%ay z8L!1oOf8Yn{dE^OgbZBBU4C2Qe$y%%&LY_BV}7$b0TBP%T{! zptUSTKq_?%l@Zu{twZlh9|UR2LH3+8FVQo>-v7#kAy1f}OD|osb3s(gp2*|p>(t`D zSJeE}IPu{gq*vKKIqKopF4Jf;GOEXF3iG#EX$p7NQec~;|9L67{`> zkH>iZ?wO|4$-pLCiyNp7vYd?}v{p|TT`qF+Fo(1b@}~v$#Do_k8d`cj z=M5!zgY=Kwp1f!9#`@iFz9v2fi@C=RpkXr-=^vxNaaOJ=7P9n4BNAdX+Efa@s(wV% z1+5_W*SigwHMd{23?*fQ9Qlh_k1}$R!(5BDN-v?x8nyd@BV>*iN-RCznY}tESwP4e zylh?oJm<3iek-QjcSx1V{CxnGkfT|q+PG*zK%wSt{_L-H6T0CSQ<#NOvq9Y1Oxh)Z z&pn0qx|Jwi>ucxB@{3+9IyUUVampvzx08$MEL8a0oynY+QKwd6~5H zgNYN$nINx)>y4pk5$C^F_Q?t>=m(k{hS(Rq&I%Ak3G){5Y6iPVf&E?$=CjuUEwkRf z76j4+T77}>;|?^kV4+K=9@nr0+qN96-h&c_>fO~+t%6nnL%&H%3FL$MrCx5`T2kgz zl5RKM5MKQI3iHPf$rRDGaBVbfm1>>_8qy%tL;fxhTt>O7Nk+Y>C^a$ap!3u_#b-OM z1#7?ZJtqK}q2}n=c-s}!PCfG1McNgWoz-}9JOybTk7_Z#alP9Je!5P_!ib3Bw8xHm zMdO%h<)ro)4j%>lfM}S^W6pthqLWWCnNr7T+u0I-_9Vv9$*T8xakt~F^@oormiw8O zZ;q8d!1ea>!mC}))zr7TF)z-sY)3`4<;kGhq_t&l@LpzV+=+mSB-vHjY%+vh86JI? z7gRe;e0Vw9)4w+mX|@J-+!&->vFaN82OL@NP!00*zyn{kI_TM*Tt$$jSRe%u$?$+W zjqfd|{>%knS_*F0YUrD05`dbHE(pkfvTU=)z9-XLWgW(z9KV8Q=M?PZIeWBJq}-r0 z%8yWd#9*>MlYis1-BxdBlgvz85}j=#-Tc`SCxzVQ*1PlFI|8@pN5j zrI)*KB{ukOh7P{08{jqc#C=`J0^`SaOX2hdLlXkQcnKa?d)MbIngX76|#n-ip z^d;XJ>8hLU@JQ{zC>k#2dqX`APJ?;)N3!>&Qw(_#u^u=-8RvluiE$1#kqb5!KF&^~ zIokBTDg|C-s&DOJ@6ED-fSLOq^!n@f(Tgdj(Z)=ZntSPhi3l1@ycfE^+kki04&D%I z$4_4Iq5P%h`7%SNcrZEEEVylC=d1wTWqJ$v;|kC7m2go zkC+*nM^Se;^O;r5QJJi5Diw#%U1jRkDrc9(uwe0f)FtTp?^}(bbWM5)&E3|9sf{LA zdqzdNc*PAMoJ%w~*Ynx7*S;v8UE}f#H7V}dBzu~5Ecc9j8D{S<=5@NTjgvIt;Fh1v%V9RiVVS%$GEoFE2iP^)G#m5o;4xBP7bytDcVY_igpM*L7!Q*z&96pw zp#?B@UEn{<4t(=o`Yf0hf;mX?{yF0dA&mAwlaj7ChFFCB%Uf)N`|WcenMLSwG8j}* zSEJtBu<2a^IIA!*Jzl;UKeR9%OY_{(^yqw+5s|5v>Q_nui5k1|vWgp7&`{v2IVu&p z@1{^H<$9jKe0B}x9OvRQlDoxPKHsgZ_Sj?J%FV{cg?qE(gLep}Ybs57#44AX@u3M9 z*lzS}Vu)(i&B=>r(G3?&+LSx*XO+9Ar*->YLwCL(g?vnM`iSO*#9-*M8xq@m%Zt-6 z+9S|CBw08aGYiZl`T_7!WQH9J4B4LXU!8YrlRzm7Ad zbD6W8J>I_+^I3aM%lbghmTuWRsOT@3VGQV-%hxkdAJ&$`h#wbYR87_U)u~TYvt<$^ zilA*OQZN*JB#5);D)MU`(EvVuers%;tVfJ3;w0F@xDX*KHX2dm^PIn*t#Tu(vS*3%Opf zggFidn>BYO%;dk@1(V{qoU;o6B3Y#i_fN1h!!cfUa@CW4hzm9QY|ixX1aE4~Y|4FS z5f!aI@df9Di1m#>`$ZVttqS}x-gs^!{E${l|BF2K=gcTP({YDyg^DKvN598rVrjq; zy9af%8(WEf(0Rn4g}x$8r$EOp&-U=g*o@=wvf;EJ{p(R3v&YL~clUb@aWn@W{j4ce z!j+gLID8gy;bgZ#Q6_t@KpiN-mrk~Z;@&)BP^($)cWp*Mth_hnH?J%bquQ^%T066J zd**}GExLeZAh~QuEOYMki1>8O9h_>QU zeczW6@ae$_`*;uqG0S`b_XG(A07Yf~lHw_~bGCifuClt)@!5jrGl)2}1$plN7TbFE zv-(O1P;cqANCPXh`&P7#dQ-S1v0)%)&UFFby7EB=>HRII5FM*@>WUh?puBV}4XDRx z2p@I2Mx>ahQ_7z_b1#B(bv}x~FZA1-t9{>KbZg2)^bX#(*7lQ8{IZA>ZOgH%r{ge7 zA6G;qI@Wp!R=3qKP4^lSX^1E797`9zyMJ?WTT#L{za);#jG)&-bMu4fE3lf2G`!^3 z!tmEErJ7dSp3x3cjat<^=h>+Y61qb@D13S0W@*O~HfZ>0Yip zw4LH`g8b-FwqsZ1kCn#n7ObCb^sdy!2I`Envz4lkiB;k*+D5~nM275;!QrT>$f48D zXOQEgETxd{Lt1K{>8(NC9!pbdGho@GCmM zBY1rFEY7!@sr;j8e-59-117m+j3i=6MLoM>I!8eHV!bBONJlM8iD=UjjOosL$MLTe z^Q&V>dk%)#KEWdUcp`RV{@*rzST=rne+?u`j080lG1}J8sv3Toa-h{b4inBuekWh-|5WaZFwtB)8S$a`MK;&pwC<8|_zMnJ@wm|h{t zx9kEXB<{ecgpfC`-T$KTd*L#pShPddH(-)b&!7MvQx%^qTLM565(;*BYH+256lI~S zDk5?b_WjEGSrw_)sDp@Xrc6WPt#AYV5Fw%P)_RwZU_(uLaz;Zw+QV<*599c%PzH4w zC`=Dt!DU^&%Y6~n1qX3P8`c1Yq&6lDy4rwk_fvO9Ii+|kh<2sj`Gz!^|GO*!mm4u_y zi_?$aR9?}WD*m#`E))u9EH$w=nVq~S$G5@^O$Y6mkk-rXqTGyKe8wQY8qmc5otoWcM%VApXiUeOYOmTkG{n`B??;Edco(D&_=k$t0eSu|8C<`86qf>ePO(~f-F-hOv zpgejp;TFm#2V%VLqmgR4CpliA=l~FDI*wVwvTARM|pSLhd5N}O=UIu`1 z8|47u`js4%w_?w4s`yg^9GL zk1(Pb65$E4^oD5LMVXtkV_1D)xTqc%GH$lX60s9&^Jn4lFUh{8jwJOX-GVNL<(i51 zSMzuG<*l_!9j{aC!eMV1c5*wY3T5#ROn1$`NDQEkl{h7Bla){)Qa++Y!&!IyEX)4dKbyJ>&c#mJRU%;RBJGWqrCNT^1QFC9p-irs}gH{xm7?g3U=~b zGIaS(`jT3hMYA8@RId5J-59t-{nBI``d59YP94;B(=_)I6!a~ei9Lc&*ffI@;9U#< z!EN>I(QpFpd7ZcLk$<*x1phAbZ-y`YXh;3RZ;1=pTb`K8i;EE$E7W~{7uzD+_^glE`KeXfaB1U; zAB908su|F(3B_AQ$-JAP#0_=dPrTE48tL~-~xQ7q>B;aJNZkTkv{(-&~=Un10OF- zoXvt)4A3NOnag1<2e@q!Q1Jbe=d^cYt9XHB zgK-@8CRmHG${r!vf^5ycp28jOY&t!*z|3vUO7bZ02i`Ww4Ux@5zm$r#H?b?w9_OKf zt7jHVeXbH;TI`Yk`i6nzbf=PO!p@DPgM;Wr91ppAnrpI?s#gcA?=f9+!|W?gn9y>& z)2271ZsmI3m}QphhX(}bn-MnoZFpOQmi4Ep+%E1H1V%yYTkUk$Wi@!R##kr8k`y@_ z9g>A5oESPR?cJI*JdH<&k>9egeX{m`y(nD9AKdbgFVHC|J~VU6Mf!i% zj3AgZP5SAdmTdV;C*_>+Md@{6XP@WwZ~bPh*bbRKnd{Ye$ZC;{UBMo?PITNjVJsVk z>1CrAs)pj5NTV4BKf*{fT_lear^@FE1W$g-^j`c_=J3|#@rT2!b}k93jGt(jT3_D& zl-}epa>4H7)vQ5vSQ^=V7WKXaT8-P&bhyx@>7!{WYp)NrDSLEa?nvN_6^T3U>yB#! zpx46N6HhVqD2XT`IT|gwI_i_59~~sRe|`R!$ybd^j|!=kwD$bvCO@7z3h}mQ_A9 z%}Z zw}?_0__m`h(Zrd(W!g)nZe|5>Ebf{5>H(@Vnd=s0fjt1c)BARUwqn zDr~W-4btgHacXf5w$9P$d-r&MX?k+m#q`@`0Q=4KHYJ}B(o>&~YuL0RwwWj>-NA=J zVoUm_W5a;_wqpZU^7PcvA1?pt>vtso z!K7gl!xfv=Ni>zbagpF6vPn(7z&4zoMmV!Q$5uRnj_qry$O-h+OQ1 zGE#c1)?pOvgAVUYT#({ zQIxAD*CN+UEU2igC3*C=W+lc}x_(f!=?Znk*O$2xpk<(^9-7)JIdB#nBNEbZEnob$ zfBn7^g61iARbry@xKAR6H^-&`>WlU~xZ#}|)g0Fu(e?Adw@3{Gw??A7kxo7_Q5E2k^344tQ*vu%3)GUxf~ zbsG@ths;oC_m=v4=+Bp5z&S^DTzq@)8sI8v>c;*>VI9_ZTGkt{7i>*8IwTh>vtM66 zNmo2EU%W5JBO&X1sMV7ar8vCnpBBf`a5(P=HELI?YSiA@K})uv3GA_4h5Eg!jfOeP zzh~6wtoLpN_PHNV(>T5WHx?3NG+{Wy^QH!`$7@j0gqK23SJe7RJVn~5Pw&oS>qpI) zqOm#)=dz?a!dz2Rs!rP(>~7BR+&1jQA(&gj2T|le#lB3Q0nc`vM`#0}Yq2N0^gx|? zhe`F!kf0~DxSp$my7 zN@8ngtc&*wFX{81e`_dS4-E0=op9iX?8}`6`S9msxX(7|eo; zBjRykx0>KdH~pxdATHkH-+h&&=-JR*z8@HV_B+(_eJ*Bf+7axIWb7VEt(sNVaLqSb zEf0d4mpXk&-Ars~I!_5I(p!c%m`z*3^ZtOJAJJOjYN zaqY`VwUvDW&6EZfgT2#H?SV(lcvVpB87sbQJE+wCUG}HbO=YMhflS<3dSUxd-16HO z_3ek}9bQBwOOq#`36}cc#ADWn(D@--=!Y*;Uw>ckcG0TO79%C^f0$chN1nXes2%{% zG=KC)&a9X*PiGKt7tHY%nTWr`X-E{F1*uh2Kr~xKNCr5~%kNaYD34@N64;{}Kx>vfh>uA=)(^pj4YQjX|uqW98GgnO|%MIa2X= zlFYT7r73{5`3_ad9C(a}|O({7|=McP)}dwOi3uuRz^M7@f4uJGqeWiVb|%9GxD;&qp9U z0x>S@-e&dSu%(1%+9jCR zWMa+O?pl(1^DZZmRq(dhT`Jlwfq~tk;*S_?x-G9P7cWM{?pTF3GCozm{Rot>0&f8O zYHl3uZi&K9d+svc>lzbv=&BouxAr&!f84m;_t(~&V>ef>kE!FBjic8*>=t`yrG~Ba z$tPBJ<^-K{?p!2)v%7L{+TPAwO~!Rum=(N1e^r%M5oOs3uSZAJZLPKITMla4pMC7Q z)56p*6Ax!~py?fC(tY~+WCVGR=8H#&8KYJRg-$J!=}1O^BYP_9_rN|1J4U_ z-9;sf^^du{h3D>F$uvFT5!P>)Bb-z30Jh|o?HLIMI6@Yz0Q3>?r}mr8ZQ6*pThAWN|316M9XlI1|6Uk$RcBR$k*lyE@le)T#>cKI9Bfj*r;Yr{Ia- zG1%#P)jWY8CCiq%=y@gaNX{vL>>)Dm3%9M1Ivn}%2D;)`CTrXM0mDU**@8kFa7BB+ z6DR7XjGAR#p_L|#-QrW)*DtpRAC8If6jBcTc%w`b!3gz>yT|16gl@Am>@MvZ{tcLxpcNd$3}<+!4_SSqby zZ2Qe_?m(KzOQrV6a;P?E6(;Ha*p=WE{J3vX{@Td$6+K;0PJIWdFn^ik)(iHlQelfq zT|t7Vjx#*5YZ%bZ?(EI)pqt$MmJfaR0|Bo0q$7l$eA?plmm?b+0YXR?zidMB^;{XR z;Be!3FE|&UF@&+J`$?ctMidI<)0dVT#G@hbmDLQMx%Tr3 z#xgga4GP(-UC;!Zx%2SZbe@mHw4XHE!uFUe-@CXF^4XMi%3AUnF3fQ5^6{;%Rz$qg zP6Tqp<98Q!x=i7K2^NW#B<=**9_5AkKb%WDB>Af4fQ_OaO(B}1q}kFp+KeQ*gXrer zmFjl-qug%$Cr07&SfA7_$*zuuBwkZTi?Na^tyBOS2LX?GZE4fK;f&mzY#RR2eNvlN zi*F@9i?g(G$XnVOuA#df-=zPLOaHOAp-e}UgB*0%K&fscFsSPz0f`XuQ%2i&MM~wP zR;xdo>{ohd6*st?Ydtx-Wq*;%M=omv7q!t4B!UP-Uy(M1x0e%_+K^vQ1N3?hqD1{0 z#aDd&hosz4gJ~@H<+L3}Sp@(I&vP#H`gAUFwOg;K+nREbQXkw&#PnK-ku?C_sOr>a zAY`-SE5AlkL;7KzZ{?S&0#%Z5uZWa*-X>3nyo8wZbB2|^@VSic188OM1C6oS!PR?} z_h=@g!sv6}FbAUx?gZ0EEsnNIT9#X?6?c2$jO%g0>1Cr}QJHO!o-}QrY+_KNH_U}4 zIS-vb#I>9O*pOl?-fh`DHqPnguh`$alaJF9W1vAG-FZp%#{e9S#t2mTs|83`}e$3qp6zl|~xjj2rI>t&8(ic%9+Rh`%EeJPxz%?!hH6 zSP$fUcE*(}(*j-5`@*>MW+926nJBhRcy;}?n52z~$Pa|$u*wRxs!Kc$;XII8Zu$b% zG3~^Q>_i;_Tc3gV-3wX6GQ3~nD-0v?sZ#BfE5wC~a0H5g0& z@XPHY8(?^r=d?hevv}XU#rjMxC1|)nYB7Ou2;qY>k9^0#dBZ zCL})!kuqmXKF?+!^t@V8Vb~(HtIdPA0SXBQp<_Qo6x5jMRbLCY2fLkAvI}V$Nl)J! znyfZZd@z8wV9#f|K7o+(bn#OXV(d-ZT_s~i<5faFde{AObNjUJImgo9N@4rEzY_Sv zh8;j#U~2FHYNTm6r4hNeP{`~Jh}~W*KrMH39aX=Us$mrM3W(t}$H8aS2}BXE6g$Ut zdB58vYd_}H%n{@GB(suPO74A4xMF^k>zrOXh9g@S?)Ryan?7rS8dvlySu5_hv`ER^ z_-k@|T)eXmF|NI%bJXAA{PV4zuU#4j1Y)03NoP3GGnMPyGadU74*nKnh_4-~wb8I1CNI2+^w1c6 zQ1lEZtgp^}xZ1AE{M8ro-x_V0BwJgl;Y)0TzxSO}tL)W9vBV?>lB@(9Xp4j=YIa-I zd#=a&=WAW?_*^}xne4F&((O^z@*37`aXYvs_DQ#K2fqahcaQ`rcFYI1!I$itmR?i6 ztQI&b3*!Kc(Jr-BkjFKkDoir0JeW7FtrNL@2dR~LKVTcdFEj%OBhcnnJW$1M^~rFo zZbTZP0N>3>#gp;GTb~E4KvRxPD&%4y&^=_Mwi(#+Y5&4T8T(f5*2NctELC;%yeVZa&G27jExvX!6 z&ba+|vc~pcA2{8&MgwLStLVevNH&yUDT76SJOR^(6Y$Bp6SCClhb@;QGD!cn^Fg(& zP3J-^P+hDR{xU8t;-lku_aymd~4328ngHPWg{dEZyo$;;ebZLfvXq1{SB zf0Kq2rSN+_jJ-=l7B<0PNq{v2HL7=PniW1;X{@@`owGbYlkG`|iAM^jvz+bkKrWK^ z_s9a60bZH+7w&_6R2wCx)t5|5m7n=z)y>249kPX=kNRjN{XIb#WDl(;1@jI^``cwBGmj70%IgEJk#Y` z$Lw>q8uRiMzaLC>u8?b+u?--ir1g z#Qv-9!EA`W6WAKa|GukK(360G-0%F=F@IgT{5jbt{D;|Pjk)hz< zQeXcixUBz=GM9d0Wd#QfJ;Y=n|38KJ|AikMOepvF_k^URc%GpV|5XhCnN)OgJafaA zB!jEHBqv{iT6+2Y7nOkEm=y5I_?^_F*e3pe6~$w^PMeQlOMs*0zr|_!n{Sr{|H{p> z)4!78zorcKO5bjx{ffUa;lJbY-;wW(KqVw~+DIRl|401JzhH|U`yV>se^LEkuKusA z{_nE-A6Dj1v+y5E=>Mn6>ZO?_e?XT6Yyq;2@OA#uxBtA!Pk_+Eqqt9O#QvQ<_q{_n zAG>0ADOxiBhOci|w-FY)<>qPU=)YIk6n`jeQ$0u7e{Wl~|FA9MPnvH2h4TN$>>kr} zu4dgGTG}xFTdGnKZqn{H`V;=lf4g41Q4nS*(|eRP|6e&re_Ad($3LjLf3mv$KRwGo z`}`-iO;HHP=eV}AIse~MWrJ|NvQjCYEPMU)x%}H#*ozYwH-cTT`MKr4T<-ri^4~;* zLtw!0-w4Vdz>ld{o!j{9YHMFRJ3B8%4H~_7b%mYk(jENsX%^^3@$&XYcpDXPH+M3a ztY%>nIe*AsY`%C#I%oS;M@OfqsK_@Y1ideu2>FsOGU%@ke?t(_M8@MFjwmWG2UYO) z_Vyy8pB=MQ?R@@5^GksWL!1(JtNk!dFE0_~0FmW?PB0p4mW`15T+$4pUfAf*zYV8v zht!WKxuvI9>3qr2RAA5eH{gG73Op~W_z2=Qud-uzR! z^L_pFmqby8VD;Z9!%|pnLPKwDZAG7BV*B{dSC*d-irZ*01))O0UxLSmVBTsL=D`lj zzZIJ|S)CXNU+V-#!jbpicNSPctlf-5(ay_%E4p7+Q83)nvo7uaJy`0K&cdy0&>fvO zi%&Bx4sMzB?>uyeXyuiaol7uqM9P$(1J3Sw*T%;?Ng?c$0X7w4_|mDH)!t4vLRv?# z_K!Hqf4Q4U%Rxfq(?X!0bC;0%FZlR3?)r%#jgTHnc4PcsaD*3CYB?$3=ofkw+zxxB zXVsd+jgs$|S6S;av$gTXoEb^EkBWExF3CA+Lx>50u@W{)N{_-{F?&mD_`ASd`gk~F+dvS zMlrt8*05IDQQH3E&M|eBBqp-@^q~jnZ%|g<-a`0^DfJ~`od0Iglk)AWQ0+~%Mw+*x zn1(EwQ9VsEYX6O!tAUtFa`ZerJX!hqsAObhX12C-i&=dqr>Cb9`uddbB_-F6Mh_$y zymst@{tpv4jQr|DQceyFEWDEE!q22$duPiPTMtq_MEf)+L=)(SRKD^OGqr zFDNIwhd?Q&(8l*L$u14Cvk}-s0_(^Z6?$;i_J>@O<0~jZz}YC{#;E(C96VV%suT5 z9<7RaL`1|}W@bq@H-YblhD5YZ-+Mp*2eoG?DdFIzwO+5XMV(4swt;?RBBhSqeYC4z zjfU#xB;=ZUKMN~K1DF-V2;E6K@tavVs4H`VX~TPr76QA_pIvt9Yu07duh#_E66IS? zt!6z0xQWFQnsB&L^Rhh$mFxTnJ$F!~X^lTo1w?UF#pdwBo!d79Z%Wp6wt=A|?= z^ra!@FXqpQ?d&+11aS)X@lihXWlW4R{)%&i?oy(mD;5c^mZC4MW@hlb<@g>pL=L|^jlg% zyB$+4Pg;46V_87%>m&obIHjFGuy9IPNxgjS2$2Jb>(Re{{Tlg`{Kd<#Hw4IAqx-UX z{hXznSbwlAveb9)E#S9Sp5=1a8^uRETDlNilSv77!(*Eu+O&XlBCM2X%>TOA?|<<{ zqGNr1-Ed^<-WX4gM^43Fm|d{*z|f$3jI|^SXaQ< z>~?DJDDo|j`-%PSsXw@aMmfO-M!8Ve+*HV({MsU%`bk!KLE#@J2QlTZkaUjf=bPPW z8je^eY-SE>m9`b$9D;)*v|Mu3Y7p0)N<;yl5aI8u^H)bp^%R$Fz?}Ur>Q2w+EFQ z$F0zYh=|=XZ1#?8YM;weJ%iaYjq85#2S19(Yea;H`D>e&J$fEq-UWQ6aodg?lcIO) zH#?b?pi-nv7z7}m;d5)g>4cgtMZ^0^ zS$nGTa~}_)W`#0;S$*h9hpeyQ%9h7jMJWQ5%iFI26p0H3@a=$C)?|3{>DL`3MS~NZ4{FPM?do_eTF-2&9^qg_y_a))acFVWPB;Q4dn=R{R-k}O8!`H!=)$lpw7CAM zD#+OkKSV*JxiE@?I%oX_*>+RZC|FA6GrrMe)p{On>?1QF@`?eRez z!#u4PlV6;k^+u36q?zXIPf$6zqkVs`R?_pp>&pB6(eJz4wG<6=4`&l(K{qnM9dT8! z@JXt!gJN_WXGTpeJG+`lDlU!3!>wB}vi3(2VIZ2ow!bR*atJYsp_d7g#ZZ{i(mXXo zPKNZ@$cL)D#?(} z33Gn;j6ZnmV@(cNwfc z%wD8hBA}Rb6#=U4?JIjex(;|w_sDwMN`=70O450Tgg!TvcC^SWRk#%Quw+<>_xJU8 zL#9yQd8$%9x7-x?k{%>GI5=3%c62?j!Ctus5WpsXI*<`v;O%lGt`abDVgG}hKf9?+ zQ|yz_8cBR$c)Y$7&*sJ#duF6pTrv17t|RKoVQrO6m#|+JTKdsmSHFdQu1FVvxU5qR zKVLHlHGJ|JhBOkCpEV0`dLmKY-Bo$H6mg2Hn3s-xRLH-2BX+isl$-}J!9hegYis#2 zT_!Uu8AV^+pa)WN(Gz$1L}udNYF>-~-CJH()`vvG&D01m_Cu>h3rVIK3c7|pm}qxs zZv>Z=7ALaT4k6XJren!G7TGg5!TT~Z8cGs1^_Fw*jVCpRBguq0Tn@jb`P}ZETpoF{ zRqhk>+bm;{1Wd5ZxsZG8Qnj6QV>Vq($)1i0L%*f&pA_|d_PUt-RPA-+P&C48`B_o1 z-xYYL({{6+x|o~tFvMJG)-|QB=Z&}Ttg6zN^_*Vp?y$CLEtn+Drj;-EJ~1^ltaeOj z`1Zh;;{5Dv^B(YIXAoJp=Y)-8;z%`kbaeDbR20QZa24Mln)}ns`DjSECPrEQ$LrO@ zGC${laxNUejV=Z?l8AlpgkKFvp8{xKBVI`Fqda1iJfT6b6~0; zhnlMs6R3e7h5YNtZ8uD2`AYNYOg{LCuDr=oiBvP+wGLgpvNL~t^ZUU#{VLD!<@yw z0<6Dw#hulN)bTh`3(yj-Jw+>jC}?5AkV=XEl~IIRu~{O_6o!*qQjDD88$$6<%l7F zFP_hLxnKJhkpjv=U-g1!cJ`Q$u<$}`c;@)CYG`rkqwJ-hRVNL8{xnI2!Q$dB&GFe^ zTP%a4oaMPOsw&e`v71=wQyMBNj;|@)Aa;wC zf(^dJCC+3FC-PLH(m`dTIUcY)`sRs*h6!h#z_|X?r`$G56khfBsFqwu2eKODG5Hlp zRs^sJ$i7)Qit{s+0@YvY#Zg&!cmZHFj103_In4@wKenj6fTeU6)BSZ)utx)x6X=ft zro4WZ}Or)UkQqPARHQQEW!MUaGFDxV$Ex9 zhd)`1^lfD05SjH3L0q^CX>LV=3ci~9!qh7Zu7*~tJ7%BGI@CdzxZR-)UUbpk*x6c# zF;?JK9Nkr_Gx{iA>`a3%;v`AY<_UpDfc?%Nk8q5Y%yj?MV_GgIE9|gQ=0)vXkw63+ zCKo;spBM0nyq-`yyQ~5__-bSd3eIxK6%9zav_Abc=uiO;+(V3E-cG$v{FH%bHDK48 z-pwYUTXEe#0==!Amilv%K27Wic<)$(sGQu~$AOHf<03JRQ_{^jt*~eCh0}Ugm!>>9 z?zFxcJ_dmP<&2SK%t>i?jEb9&3HcBquz8DrJ&$pnxHe02ikK}VBm{ZI0&_$G&KQUE zJ`I)P4Aflf)`xDCp^@cdQ|+j8l5G-#7n#d!(oZ>UTtC4At5+~n8}n!{tA}Ikv`tjC zIaT-YH>0+Nd;_aduf8 zyGF7sTLKL|9ZU=maUw*1?_(OMMR#oYyq;=lETD$f>-1($C7jBIYax`n-VbC-BAc?_ zm+!S))|}KD%oAqjR8&-Q^YS2;mX?sK%F@`BKji@9#x$N^UM~CzpSv&t^)h@X^)vO> zB6EN+Mn=Z@A>=6FzOwFFa{Cs8KSJjwlP8p7Y)-}4tjjcQU7Cf=-{3~m`adt8^0J76PKa(n zmUtC0Te&y%HR2^FX{JRrF?;Br6<|UEB$Fgq56UOs#H5A8ArY0$s;DNx{d3^3#cCmo zX0Hc}#XblD(zI9V99p2NjhLDbMsR^w7CvS z6dp*XIZ9}DaDlEgx1g=47QhxlPd2m`mV=3+ENy7WfQ&~YXeUn6Ul1@{lSBko;=gYS z3@p(+HLQO!JTj$>372E`+a_tigzOjJ-H0Kd6_2LtiG?cGDUMSzM>*45f?le`e6QeF z;e$#lM&irmlpdgtcmxmsJ72|EwUvff&mLZEAMlZMu|q|l;|#>I-w^&=aV z_Q+2bwZ`G}f2a#c2^;Sb4oi%WCv($YxnQ!qQXD1EEeK27INsSW@Wev{leba`ZH#?#y31j``Q` z$XF|uFF5FUmN1LMW7AlaR3Q-&2|RRdk^i`A-l2(&XGY4j9`h^aLBhJEp#_?s6e^Sj z$eMx|nxMS(@mstMJjoj&mDWIKU|_sc@+DOE{I&ZTLrJky6T<&cUOFs%b|UBGNY1H$ z_#wK}}zostN<;>0u#heG!*WmWA0Bd*eLK~|lgyJKkuFy(CFgnT*(p)#4=>S;DaZ|xWT zxN>~v<%8e8!P36JzFo0tg5puWD*>h{ICYjb8cbyJECV90cE@H~)Rnhc39LMn*|un# zR{fH6+{KT++-yhj^(QkL)FV!8yxun5AJD%? zK)_%W6>p&A^@>gBTx6ek9Qjrx*J)Qgm16nac?@U|Tye=_aLU6TVpVOiSmk44cvfcXh9i1V1`a^Tt?%zK1)HSKrd0*5>F3`nv0~ZXt#Ux1tbM7xmjCE}AOdue zFp`X%XEOKmhi7MyX!+)Vj)#bFv?ASGeS+F7wyvAxL8ZP#XB6GMoH$>L(=3JZ;|CWs z(%dC+4H{($ebS~1jNeI*I%>-h-X5RzqN6!fJ`Rpz`*`C`Ty)|Q|X?BA1LBgF-hu`dD-+AmA; z#uU}pfGH8)V#gTVa@g`y@*Sp>Nv#W{u&8uscn|Ak36(n7CYkG%okr;B?%@8VOek=V z#WY>d8VAtIOiccUd_fdJ*-V`>wTNk`ar1Q>D?rj|Vlt)F_u@i8`l zXEbU)%v0O*_OCl~N3lfma_xZOmP68F?C1|L4(iOyrN2H?si8Q!xXepzjw0&9X_e&G zLXQ+^mm=MQN=&47Q@;yg^d77*6;iiqtw2z?NdeJA2D2 z8vX`Pxo}VCVaA2R)AfYS&FT;S^h~kJ&UHr(P~;SgpkfbH{@oCamjuOQ6$vLc2}ljl zvD#HvY7U_5A-#>y1LA37*LP1#wNtogk)9RrJ$#Em&x}9a>!(CSd;Dhaiy%B2muexU zrH!IB5v}?(t$CgHt!HnC_uX=tHXo@=kK`=A%0Zcx3-Dv;t+cvSHLB_B=UBO)xht)` zKux(%aLsN+VSo;{vUf8#3%XHzSw1?rKlM*no8^`Qd>&`A>go9B*ltyos?Bc>=k7QC zQO?sgo<&ALET}5=S*|zJ=sJDcc+va)C68@54r-Ou*+OtUoweo+q(56fy% z<{Ye1K;ZXczk2hw!JDH6X7=Keb3S;vO*QbGSgRt5_F)EW{w0lk-8f~i=5^sY4ytuR z+^Bkfs9krLgC&pGoL7RMMY@w=`%W)2vXwq%U4}+=1n+p}-E(QMgO#1Hbh(((QGC=x zLVQ;JaZNN z5r#gMG_Mp3V)FlNlTAU}}ZoL?gexhurevKv&?b&3*7PJVXMETLQWD6K)+X>~8tnnRi9>#P@U z4R=pWsH*CSQ%Xt(_R3wt>`1!H_{>RSg#m&4RNWsARGY9rjxuqy*8HY~xk0^w%q7*+AEQNHi+nsZ;r9eZ%diOPzMR;|t>u-{h_TWH9nLE`Ihl91m5S0@*p&L^E@(MKU=k@Bd~8t& z4GYU@6vw8~Y#ePIoGnqTF&si~dwYHQ{(L!NHS-2iZN2eyj^#68b}19Mvhzm!-Fg{5 z){9kD1Gv+3G2&;8(W9#3>?2TFoC{E#V(GcIwzgjHz^Z92D9xrrT~nvxsj~IdZ&*hu z5ZnJH#GVt1a#KpLjnurjwmJK)(`!7j4*GrGQ*&WS<@+)Pif!!7<6J>_2&&twx06`X z{9)Jdw|G0Gw|leZ+q`~4&*w|Vw)5k;HR736_XGbv?9Bp8O2=%;Z zm+4R?$Sa~MVN&NPUHbE#LN5B3Cm!{ECJD^cRgAgS=}_c6xQsPz4dVojaU8>QxTGEG zsO-XQNZ+B0^CZL?WbC8r@_hB9Wu|!?(mKneU{y#3#dH`VrMr0EL`UMec4LuR6kwUf z6s5s_2_XtS-{&7cBtMn;`_$q78Y!Fi))dKwoF-LEq)>M=auUfGe(av5(dHRG>V}(I zZmWED`P@>k)Hg#R*kW>$;5Ap^bN(1aK|EDCVe;gTM3C9|t|Hi^*wICUT!8Puy^e%H z{>!w24mD_Q$>QxbRN^UbCS=1fLvm+g_0wY0as};B5p#iYIt)FlVv&OD)^sA5kXiBF zG=bW&+;Xr9nRe~@>{Kt0SqBt2-qPHDqGRnxJTr7WWg9}2DxH;e4}p<0U@x7UC1)u$ zus~DEE4;7tQsEvZkc5|UoVayN9Rs*OE2kPo&cU{_5;1*}kC&F{1?&w#F5UMv8&Y$) z@S5F_P|B_^$RUW3j%_YkCfD9_9s>CF>I5yyXnOqe^8*@Vt2!=@yxX`V7B`65SEbXg zpUrF3AlMnuY*CFA7n^?s65ig{2>xN+!>9LvdyTJ%Y&DiL-bX5zgQ_4wZ-HE%1xAkQ zNgT^Jq^gIF^9~;gl%IUA^9aqBqJa?7P9&vFb2>gRPOA2#i&^tI)0wRx$2Wd;@UsB9H1c!p`8G~XI$-*v=FSWq)w(VvO(a<_;mJr8 z)~WTk(8Z9#0-}k${{xz%GI#eMaSo7XxCaWB^GKcVmkmIaDvW@ zM#;0e(>1t`9@QC3D=*9|$4$ zQcS~&@k?RN(0cW|{1N$#N(h4NtgD}Sc-y+L5nbs!H6H`M<%y~m0p%rs%|=UKoVUr; zhZ1m$O3Z|zqTy2IGE}Uhpm}Vy8fal{?V@2nZWVbeg>Cwdr_)x^3}qwT(n=BKg|aB# zM@pr}ZF=tugkl<@zhF%R=yE)zYmD^JD4r^jE4uVQ3R}sqR}}RsNJERyg^RBbKQVKl zf?zE*#GTmhzu;G$u}Vx2X4X1Gid}{r>eP3BK?1Us68DI>$}cpUM8VB^D@6|0p%bmD zFNZdpd9^CzZ>2FwnVFDyQHzQ{3DT4_DJPmfhFChAXl68WR`I_?zEd=a!311KNehXX zqvw9?G1S|62S>-z(LE>Fo!AO78|+8jw|NjngdI%h6%Ls=dV(HKHP^3QN4K&z_tj4V z4)IagKuZMpC66S3WPsmlZ9UOixZ+AsMnodiVhcAV{9>CaCNnc~v>a|Qo(*R4&dn55 z5D>DlrBx%}W7N06+3oROJeo{rxy+?$d3N$s+}M1k0k>Hk7roMj>ROmaC=LvxPVK4E z%CM$#qfSzIZ}KDOdj5@*UxEcl|^mHVwh00stL8Fpi8k4SLF#-Ere`g$*Ag3l!-#ms+q5yKq z3FVMV+oN>asN7*0sF?Q}xJvOOP)ZuEu=Lj1rK!hosA~@Bvc>0*hYQxNFD8afz5Q;u z5m07@UFwDPX+%4_v`k4iKWcyIPDt5CyBcXe_H9o zU!sv&$=6c(r2QlxX+HScTiy@bF)BzFIWm@qs_IP;%2`-gg$(;!J)^GQbuj6eO9{d& z7_LfV6ss7B*Zu)(1O3DV!vKsfS>xKsNh@oI^lP>tD|V*gNY?OBY;1YzO7mg-4%S(M z4jbe3gQBd+hpWA)QqV{R(6KpKN58(l4l30)&$O%5XrQTytK+%_WmV4g^e}r>U(aF{ ziz8%{Eer)vcK&jf%XHI{-$Z~x%B`_fXM&`E2`r z`P-7uO7NTqE@@1TiFlk=xrdcU2HWX6M-;)dPV3GnWwGQfikNCzdn@uw?|_kM?AMKm zB1!wemxjkoV1vng_RnR1Y2*c?w1_oVr?kVV(_cweebcS_RbdGyOh1x<^OcIS-qbMj zemUA>1dA=~O|WXr>7&{_E?Mduy52Q*8Xa;L>WmuhP}QS_DoV;qlEJ=0^!QGRyganZ zDP$IMPQ6qWaWp`l`-Qnen676byjI2&%d<4E52#g9*o#^kAGdean?$PGDsnK#+8g^? zpw@jE#i9^|T}1s2zbG%Q-y08kD>S%5Ls|&X9zE}#I;(0b;>Vyu|b$yzhBNkY|8~~MT_oS_8uX`R{w#!*I8nHfZKxdsd zPQ%-Vt|IdC6gxUn&~+dbItr`gdFj_jB( z<)%4{bv_F5+mX&|p-${P___4naGn{bLK69OYRN>ld8dwI`E>l_T%a#-?j-W5BClEF z`KfY6uh}en#N8#vGV11qFZ#|))S`^cq0R(fJ8`1^on%rMPt`g0zXZ%xvrVfYp--$O zZjfUbp(%<;ye=INpo;d47bBtJP)}(I8sxmay=6cLe6_(MNoWj6lpGhA=OkYOo&{6`p`hr^*Q`rVKb?dPXDX2~GtYR}_Bybt zWCPnFRDj7XHXFRfjBm#ysjL?Dx^wsb^SOun87X)DxHf~$Z2}0PW2vkNIXU+2X78~5 z=UYrBGApz--46DbyW?pORd}6L02hS zwNf3`l#0I~u3Bhv*xp%dF@bKeP(|PYdwgzyn7iXHGoPifA(UT4$3D)Rp?jBl@kcLr znYdL@P(>r(JvwzWi^sBF26(=2M+iP2wxiRy?!S9&YXnz(|6=zB6(Xwb6{Hp1VX5)m zaI;|xTzzk5L&>7MpUP)gz~7KC^H|~IkRVVk)yoIjyQvT{%1b%WLU(YW44v|2J)N@n zHmd)N^dtb^Dv7__lpZ*k+k$8nbNv1JBZ_O<%A_TH&waQWTsb6(w4agNPAmt7!5~y{ zP?u`I3A6ZSSxL>#Tb&DmUhD@Wh{_QTQM#^}xa^P6_9C^0WMXo$kixl;U{Ie)B~_x+ zArXn7V=3W*0~t4*nxZE+<73BT$K$8tr|lb8$Kz7LhlfqAWn~>oDf-ot z`@E)d`*GMlsUIDR+6i^iS!u7&gelL`84NCG8K{{9ZgAQh!@={8D_`nhdqTE*XI=V( z)_Y-$MKcL`(;3OavskDdM?PF2NJFQf(T7Rl^0;caTJ(&bFH2S#oAEzE7A8Egr#;ym zjz$Sp(P)(4P5#vH1+`Ry&#RRg=8EGTL{wcf;2e$2fH9JHi0e5XItv_XuYK64{Z_tI zXB==rC^gJ!s=i}?0(P~6w9mmI36oNQG4^^X$T{2r5gZWH3;kJ0biq5Xchaot$7~vX z`?Wsi#T=L8>AiUJ&D5yn>34PY<y*W4+E`2_2!~<7~UUT+u&1vI(%JrcYY4!57?^8VOjhYQr=R_u*<| zsgvDbhyxp6J>RM~+v=s6E*E{X;q+v~GI1f%|jE{wrtieQy?dCp{UwAZu`Pb%8 zp9KuXGh6Dl-(<9+AY^b#ArQoO2sbRcRUxQjZTMUo%a%k*!r!duUF3vrmgQwPD zbgc5^9;K&T7D=h#R(ti5PQ8Bj>*)+LN}Ao)&L=)(h^K4VtkJZ%F&7Rh$NdECFcVty zMOvCV-M30mK?oWgm*XD{p8SmyZO!_R@o@UX<$=&E&%7^n9uDrtKfJGQn(ESj;@4g` z69(_7=-ThQO zL({~5_3C71&gx!AF9l(cs?NkTw95%LH1go``f($p&#a*xD@orf- zF@A9L=&z8ZL|}0BCg6(p*ikLFxM;kckG1;U42_a%r_2_C$e%I1&AHQ=Gc1YomPwJr z^>^~$NNec|vT4%&D`!I#oh9L@*!V`%iQ^cOHpA#U06uiB$F;sK$MrKZU=S-*Md|3b zYc3n^4#;1sxj>Mj?c0nxGuB9s-DKMyIEsLmyA8hMwyW_e%7Hdl6rO9j=k|Uai+my4 zOAgD$YJO}0dN49R&K~gj)TI*_nd`XvJD)Xp+ zu%>l0S>lAv>o@ZsU1ILjsyc3DD`#ySav`Egw;;!`2**hDb zCrzm%w>77QKxGy60!J_?3yBPyZeyg^ACpbD%N7HiF+isbr}?4&vl;LbJ>B8!;JZ}^ zS->Z2E%t|BalO{9pkl;X#RBsNjuoszj{X!!5^!SKb8v_!GaSz^t<=FA+{_%S_xJhd zS)WY$XR}93nk05tJ5S7CdeCr@k%V~1{KNufS3y|4<8K68&%ynHX|-OkKe3sME$+7x zB?GtFaCPQAJr~XzEW^86A3{R5x|50m=YsEG`Ig;3FX}z;>K8C)St!$y)X{uJF&3F| zAi%?=8y!d6-iH@z33TXW1J;_(4YO`-S`D*<^gr>Z)#i_L72|C4)@kB!4P#f=rwo)H z(V4=4rM24l1PH9ph;}kO&=K&|&Sx0BgS$;>99|O1iB#QOE(bX7C;%L26#Ne@ssaLQ z1_wq$XC;J&56ct*94T8xl1-WFN^6r0^>01b5g9EgNCt_iSp72T1nc9wnMcWEnhUKq zZw$tLX!^IURRJ^+wmb*SmQsKjD^CEQodlcg!jE%tl z_WHN!qo$&qqt?_xXequ1&5V+PE*n{Z{*D*p`+S4MTSiG2PRA4s!8?w#;G~VzROhi> z#=(y;b+FB^LZU$(>Pk47CZkF0Hsi+(PCo+}oO(Re=|ACo zRnFPRnzo{g8`J!ByH=w=eNUzD%|@Zqbc_d$giY{xNAtRf=KF~(Eb*va$qPbr3WBA& z8bV~(C^%SE7dLH;?@mU|E>K=QqcyNVRgG8bm57;NCJl|;c%eaPV0?-75F-&M5nC-R z|MW*R52>Wng8*gZ}1yUgWcQn z)-xU0e{ZF}WSL#&S(+T&ccUZvI%iw@W6A@wgcK&*T}G;Jp8My|%=*XSGWvb2sup!^ z?naTR0DVjf0CdPC4!f-$k$D+j&T%5Tf;3Z>UTiR-H~V?89x5KQu~c|H$w$;}tbX!v zd#}gqkf3Ud%I3m#&##)6HNtG|A`{=o-1aiCzD4FChAV=0Ng+mD0C<`7_CxOF-zS^oqRr{Ax z#SR11A9_z2XPy*V-VZy%M^lr6;c@X{7ic7u3m^QqK^S@682xC2c+QQWNZs#|SIzsm zVL!F}0LnJ4CyneABqEBt*gw8Y{-O~1QC8UkEF>bsI1s_L`hfi*anI&A!@@`=iNnqo zcj_R1Zv1SNK5Ei#*WI+StG(UN+=@f!tR6H5Ra3dr78&U5NvNC9EL+cIZp6pFr;Z;} zJ=LtYY)o^qeqq8{b}m!KqBZf~@h}M*#(+mzD)ey~45y-c(wLKlL;-av3&e5hde}PI z%Nj)tKoI(=`Z&!w^=<0=Wny}}afAnJTdFX|jgIwBwG<}f>^v07=17XD+CD31dA$_o zff~`3u@9<_tDEOOqu~RMUvZlf5tMNK{=}V*C$Ch>21j|@FnrkO#RgMhULL>!zpm$N z18NHjN*T=pi@%Y@?1q8Ff1j~`9k={XWRu*SMUQQ}qbYG5z8!Kt`Z2n{gR!{+LCTs| z4azLDAC}73Kjuz|O_luhL|3fjSGPx*``*^DckH}jjZX)+B)ulJN||rCt)|(tbput2 z9F4)}4>W5gInn)BB?c>%1~OX@_pOhR`$F2b-B9X_N@;PC`q!lvfm0B}S3k@hicA7W z$R~*XDf(?>Q&C2GtNnrwV4 z`Ec94Ts9r4WBT{{`zd2)?DZZexG+WSpBVkHQ^zLM5CoNWJ=Ei=N;rc}9FD2}VbT1P zHea%scMknKiW-;((Yv^Y+OHlpR#ah382{AS$y7-54ReK9nWE~^LtR*s+Q}L^<>cV1 zU;0||GmwvT4O)pGodlCv+%%H8?L3o{#@=J@l^f8tPm%O?bu?tjIKH-}Y`sM72GO+# z1@mUq1&p&2IheFz85`vsc-5xg{7P2&ZDReCpuc`fegymYED}Y4zwUW87F*PLP?!d? z*+BLR$Ka|B5}Xk>>mn-gf;dQe)a+rO^{%#jI~6WhQB>#~fOPb1F1r3)-xa_)z^xY9 z2h|;6wU_U)e^mn ze|}eXAsmCOUXe^j4+!#uzdJFZaH2$%k52YQu2&Cga#iWS9`ZFN%eJdlztH&pzr^Ub zy6}4teYLYGNKk>_?vFr-qmZRLiU;+GAIL8GJkqlx@{bj+M+J-Ur-fYZ{gZ)wxIw2UuoI| z$%5RtB6$?@oBRJ|AOGKjccJN_0O06k3s)6OSU?k zDW0WD8|I&f*FTr}U&!)ZCI+pRb7dfF%zq}K4t+e|iuVgg{=-pl|1Q@d- zJD;udcs^eYG}txH3;ykc*<+`9jgQVzv27`)W3fe z8IPS|H0=}p??|=?D%3VC{@48cWA8x{b(J&- z|4%vp`)>mMH=7eAs4BsE1%FcZZ-j3bBz)x$l7>)Ze?#BD3Yi=}I1Wr%@6?}s`h#VE z{*=1{Q852ZR_phlxnRoaTUmBW2vV(#JhJ}-#nK?vS|q27ONjqh^8SW?{+ZvZ#VI8D zZzFx6 zzalEqp2V}~VD%Pn*R5Ee3Dm%qNjB@WSmQBCec5EYZnMX91!c1_;O?L6KYF69(ZSv$ zHiV7ri;HCgAuUl#{iXyplE22wES~BW@i6~q3R$CEN-XO82=CKO#%t);blF` ze;ztZ1EPS{!>l~{KMQNABuK8E+%!`E^HB3d5Cy62EGkm}S+(YVTSP6~w9wueLn9!2VLfZn;lN78^OI%sC-jDGT5xQEfS2TbJP_c8X5i9 z`po^_TyQ?n3jH%JVSUZhx;7Akc=Z=UNGpzED%;VN3lp|t99eWdJ!ZJ64MX&+flu*PiKTW zpkUTyoyi1$=Q|#OnpaVM;v{Wn_510h4yEsl8`7j8Qih04iUatT-f@RxuHS=EaW?ZZ-Vr<&CFEd*}3HAn1 zbnVyE=R5R1&89|epF+Rbv1+0XDLUnl%%=2h(`T?^ zxY?G?^{vJvf!*-BTdM|DL=0qCHR`W^>q9@7QFCE}FzJzar9eU{as zO{?~jEQq!8%T?X@rQexs?jL?)b*lBn(w5SqQL-QwwopLmGXV;BDlQ(TLP}KT|YwJ=aKZrh!S8U(HRUxBDJ+1yw_W7-A%RV0cAx1PC@9+>M^#J&q9PE zWK3Wzjwn3mT@ZGly1^$4_9iew%ybt zUZjKBw9n`|V0*}@J7k65Gf2#H^l}>vX&%@Gg{6h6qU|(S4I*$}BB4AOQX`O`u~)BD zj0tsK1Cm&0iO}<0pnTVP#R^Lfb3B!mn)`B)WDCS>k8sSxm4)IPNBo!gu2{i$frK%= zlv;AIzl9JHh4)@Bnb*sm{q=sk7c}^3vfbk@)OIucYmaISzXu6FBoW$OK8ut{_!qRs z)i=-vWW)UeszcEa`;utr%M>aG>Q+TD09%vD-8fK+1YUsXU*bH(pRB4?=tTP`k%?fjc12KRd?Mu4;C_nrH z2#LyO*?u$cbTaZgspY#DHnG|SRaRi}6OI)!-{qN+uC4Rl&l z>HWBs@-wTK?O8->2e(Qk{`+E%?alKlOF+=x*NK!1$F-{QHC1HLJ;H6xrc*3C5pEOv zTP~{Xfq*~soV{{I8f0n&zfe%O>NDpU63Lgy<+SyLaTX27!+HR8Ok&&y46BiY=B zES#9$5b@V7zj*0EU|Bi3*n#t`yr^&yST39#yvnkwuzH?Yb~`!|e6*tirQ&Y@?~mE$ zz`f9J66`^F=SGpo{umNb=+}6%DE=J%=xfi6}O_GJH*4}STX z&ueGiSTpkELh`F!K4XHL=?>#1%!sl5aq&5U<9_Tyn=GFXMFQ9u3Ve4S^`&S&gh$A7 zUwqbjUYhV``@npQM99lM4yOLSsVsx2hju{6DXteK4m$$UfTi(_R32E*fg(U zA-vasK;OnNj{(8jFA(tbAvi+=ZKJutp3J<8U>&!?MY>%6i9*hyzuP`$B8!XaxPEJX zYi;RD@D0Nm>2BlE-@VnF$;JJC-dQu)gklt)gsquq)oC1h>lXhLoJl7$kLPQ2TJOZX z7gxGZpY+z0i4HvTt|PpG%9{lHX7T%;-LmT{)$wC0`e5A3Hn!ELbAzoDxEaBPb^l&- z3md>K@2|<~)8zRfW}Pa(*J5#S2x!D_>jU}D>=!@YLtMRMSm^p0;HDy07NDwsDMoq& z;eZrA#9b8^oft6td$Y2ZvarAC!y0&CIM-UCPpjI;-MANV1>K1A_7>k>Hs1PtX)}bU zvwn@_a4SqjzXq669!g?=7RPtp^wn?PNt6r@$N$-S*1LHS(B zO&i`GG!P_)I&i~RBdcuG74-_=L3IMQ*+3p?R~8lTGmnih|BkGeW0R??xMtGn)k0U` zZ_(QtqR0wIlVT^etnP;1`W^b#esQ&myb$AEL2r_Rmel7wN+Kj7 z{^8pQO`X&t=pZ&&NsEUy+n-K}jsZ6d1p8>RUxzO4kLG`;l~awE^Rf!^zaOb2&CLI< zn=r-TmlFUB+`TS5*~89X)6oya_{kNu(`Mpoa_&u@8r<9?UL}&nCH(7rd~6}6`A4!( za>v8dStns$!~WY(ng9rSo$04k*PdD%9>A1jR@AT@k2PwL^igS7Egp z`<0QN;wtfiCd2)(q~>iV*`qVvBmP07%A;2-ZmlSSSZbHx{gv>#D zJLQV(2AwhyHx&3*OINP$oCCjN%H4*O#HxZRiAzkjq#!ohfrR?)}P z=k)RD-N2|MuX#0!R4K_66_p9ft<0%!QdX%b;M|002G6>=mFoS4~ z=-;N5vcY1tzSD+Vx}I(d)QN zhoXy=0*`bG6B%%j5%bHel!Pc}41f@IJYt+72=)~~n##+Xd$Caj8Hx?93YetwWN`3K zX7dnO;rcE*Fv;VA(9Z1TOJQ6AfOSK5wHCt<=tdC+&ye8_gTtTeMdqRbe!M(l{B|K) z$`Vi6_W}0d1nUl82rQ_IWkEl*w(CB~p4_coVf?$@_Rp>eFVkQ^Kn=cpG+!9n> zCaM4m-5-}YA!8L%@|fjl?_PT;yRQbXQgW4&v4Wl`s#e8K0(0LBOQAm^{l*b^ZeWEm ziLE?P`OcH_FZ0B+QNp^pOxhG=r9)D@PyZ4PGD@pt%yi5&CEsrH<77h5>Xg_fNX~+1 zVfJ2rT#39Txxh^5>V#z7N@m#@qVaRPTvx@Nm)j#h^E~e7ImvLE@nnsvhJ*3J4Q%m9 zW_=yZna@0#QFt$z;M-R(jYrPH z4wx5lJaKkj5m2YR@H34b_Cc@Fd(>`hjDg~|c#pHBCrdk8TmJ3l99hXME{@e0CbV86 zK_&ZjcClXs6TnCt_GR)s;0fgR;cSwz?qd(%!;tJ35B}wI1wqZ&UEAJjdGStyZ8+%n zw?(?%pqs}6evn7VBgyqxm@wwNRa-KBQ{-pinjVf7eq<^)zI ze{wvJh*4_hjIN5kw2Zy47ut;_i z8acBCu6jOFRIZTx4}CL;-EzT2K0-ZT6To^8%c=+xMn4lV+7RQba(Xznzz23izE9ln zd3&jO&bJ)+7VH-jGI^mv?2gv0$KMQ_q060ofH!ktB#>?Rt#g{9JF0I({vLr;8^ zP|kGXE_N$)lX1&rG}i_NaqYa}K8R7WGvG}IW#6;ET+eJjRMSszOmMCDQ4Y&3{uI`Z ztUdu{XyIe9;sp;11%To25ChocG`6HAxcn88*$kz2r6aT)r-YsQqwOb%Pu0$&oLL*B zKZ~Px2P)ZnE{iYPuVKq6s#fYM=)8C8VI`Xmm~|27a9On*=rd(p)(!8p?MKMi7>*St z8cXO`-|p5peF^Rfq5S#0D##9wCfsL|lg;vrL--)%=W2dgFF%a|=I>w`N{wOX5N^h87gFKIYH97mYPc?=6X&ogbsRe)GQXCF~cP6zy3m zlN)ZnqxNc4;ES^Z88EGKd%YYK-9zt4gwa1dE0{H&Ye?SUR1IRxf=q<*+A=!=yWWo{&`Uy-+x0=VZ?Q{(eCZap##=nSuJNW13U>3UgxBjikou@t!c;XqABI&g)alhe~~r=a(%Z*Nb(M>lcC0$q-pxz^@x~7fh#wTzV^W`ThT}g(VVb&gwD+H&xJdOzu zXQdR3M8pp?3u`U*a>v}Ton$&as2%1?tEC$KV$Oq$z1!qqm>uY#xI>Dnp?(M41IxWR z)a7wIqPPQHJxXaXITFnXhAc3HiZIQ&dRpGTBB9}qQMJ@sTTN7p>4Z;8@*sMGtJJAD z8D9&9XM6CBoKQ28Ubt5y4w84>isOfi@?{*UV+*KN$UcO&=9B*f*)wy(&drg+6-RZ# zC7Gx^7a6V>af4Wek0LR$9y&$h zfpwpj7eBeU=A$=RqVl=Mk0tq@Q(uSU(Xt47x-aQU5z-F{9OMvM$HG^tZ;q`j%FzqW z#v4+TGW!@|Sl8UWnZH+V9v;3GXRj}>Znd_ZO5ok_P29KabX9PhHVywhn4hcY|Gpk^ zh2HvO*#mRgQSW2rhl&Che#JvX&esr8nbGT%69%Wa4c39euz0Li`3y|Yo=OrOpDUa~ z#yPG@)5X?!xK?qw`|2e6yN??p25*P?)WQsCMM$;id)^TakX?^nIf+qJq$<5%+N-Ob z(~44pS1F?2Lp}(Z#6Nw~Aa^3GngZEhsW4#Ks4srpSU13HsaLLU`ig@iPjYqSZ@9{cDXa9ub5?)f>rkQf0QHef9T!cE)70{sU882l!T4 z2-*58c@x6x=VEiT22~3brt?`iZF;d#j1BubZI6xEjj-4!4~*ZHD}^TVmF5m*o4fCh z^SK<5;Fs?eSp~mrx<)4*Bvk+45OQJQ@vp zc9$gXV-4|;WNE<&m3Y|Mtf^@mmn>Lv39nFgdlEden%!NS)Yq5DoiO#dcYvN*UJ)%) zJt><6LA^lh9=MRu4;F`Q*l@F^%q*-aVF#j74d8T%@r(5TXkXT%aorTq`$3&sY$5$p zm_F#R`}$p|HP3vy3AHdI+s?PWtI&D95YyMF8uk4{0r(FNEQD({$QRT5h4Va=@#9mW z&I)De6>LM;Ms}Fv@^T#qo#;ko3W4#x9zdA9tOIpsR#Q|^{2AuNq@rwG$BvGNoZ2(2 zQzv@Mp}4xtj{JyB{SDinBKFpB%@! zOGjVm>Q$kmnKG-GSB$o(E2STufYODhiNCBaIRil~=8wE9sjf-V`yJC}y$;yc=mRHA zgj2&yrOsYW^5fgpwhN)iJCOK285w>HAMXd(mvH!TeHL#10|}7=#_mZ5^Q9hIV9{n* zW#jhy50iV58rgSL@lMh;%ZJI$7u!#5+lVpsEMiQ_BR*%^J}t&9TARC$_N<*WbpJ)N zl?n|$9oUjvPV1V>C1KcnlgLYF*ZxHB_ij-BpGuOw^p}oqq8;upn(NeN z>XP;lx+DkRIwHxchCn2@or%~mR%q=EjE?uP&7Hb-JO%geg;bYWX0goqb2LWpj_o`0 zq3&u@c*k$m1%~YWW>2$+%*;RBT$vrL-CUiDEO3-&Dr(<^z_I)sF{Lg(CHeSam9nia z8yujUv(9T+Zl|<~#TbTPAkH*6It*{ih1Yo9i$2-3JQ2%smqR6^#4Eq>|2 zAe8!Cek0$VtZKN0PasNsSJct%*EWUQy=-@oK2bb2gp7QMSqthbe8B^#RWNGU1C+pI+G-;;G=0dF(HR1av3}81v&E* zg?ZGs5Nu0lBkOjzHOl)B#U;!}U*qLNzn zP`8MLJEnI}w0SD@HQv9MU=>lCVD96lA2vYrxXAlhWE_RUkKVqDrs_}7PBEHPTdRxC zdsW)-#gi&OLQY_aD$;}eH+uBjt(%jB4>#Y1KMipf-sk9yzO#$;y=ovT1eVOG!&C~2 zYMrJ~_9!%KF)DxuB4>9*?tQJZ6y{U#;Mg3(!_qD*@@|F<5#a?C!FP}hohYB;w>izX z3it8b=ZmYd$TZ)qadvGkDQ>54>)Pht2qa1r(J;7vzJ<)0c3WntEs)5;7l>#u)3JPV z`s}M0CWU*_%}XCMMOHA@GzAH3Uu@M)-sNWbt|HLc8rDrHO2D6mf25WfVs81UE19)$ z+Pi+b*7{?wpsQ8~Dtmn&(Z!&=1#4sYs2`T^`oVoiO@+!<^HXh2?dfm&OK07-?6ajV)`*KpEtiOK_=Rmn z9P*DU?WI5_RvDp)j@BlkI=^2oSu=apUCvWgPz_nwWnZ0(;At+VoU?ZiazJ>FqCKnxKM1AbdWwS>H%L37kxJ!3K?;c9(X)<40 zN@G#?L}=I9nftxt*5JxBkhktb?^7HS%6>kIs`CY#oQ)+$^9T1H$rjOA(Gtm6#Jo7m z&1PZjeol<5i{gc`vWG72VwA)6JbBK)xYwZ`afS?jMxFNf?YDPtqG-ireh-H$AC%dA zts%J|6uFo?oYa5QacS}PrXxaM(QD}q7R}v6 z)vv=W9~_!Bo5@aWO(W>OJ?J9i7BVrA;=)ca!Y(8YlbU&WH~Q^&vEqG%_HG6aoGbUG;GQ_F@x~1 z0zRcZW2HXNaBj-NXfiQBpNaQj@rX%FW= zV`^d|kB~|Gm!ms;3|(5}1xCpw1&ipdO%nY0P8F_*2w7ms++XxlJ#fRre&t~H*#ham z!|nNPd(Et68RHXkGG0dzhmhFqb@K;nyS8LUjx;*rI^{N7> z)TjWc_%%brBnajB7JQsnl^6pR_r*}xqR%{WCKwWPUj52JTctBsuS$(fvyQ1v zaeoSIR}|`IY(B{JW1Sg~kyqR5{`O;_4XzGDm3`|(N4Jc9_xdRUi7l!5(hn&YB}J*{ z9^&go?cxJo`++w;hPF{pNRS^FNRV+e6Q<0PH`h-&bW2CLsdQGf4JADcLj7q`SN_u1 zA;XMP4e{M$?q#0mk4|hIMMkF|Ql1KRf$H$}^0+zdC^BJ+sdDR4QDPbW>D7|oDVkO_ zwW>J(+ao<@63YmSA2j*uTrb=3>p{+cn>@^Y#`>MiXg1Nle$Sh(9U9Ro{#Peii7A!Z zimzrcvZ^lu8p;=CA3hRz4o;GfE}l7wyl~Q=X|W*uSdyRk`8hY{a#4>v`5RUKrI7bo zMqW)U%D=Rq#nom?4(FHnJ(u!=cFs#B2icVR+QrYt|j;RJ0|90I~~e3lZ}E6Gitsqyos4t?8= z%&$7RjlQi{I*erBqY}LANB{Ct8TJ11L}e+U!Vcd}Jj0fqJ8GGQSs z5HYAg*t2qZFC_^FwoYcR;HF35;zekZTk<`4iEN0esVcNrT}NrTCPQpU*hmkNq$c4_ z(0rFcF{E2}Kf?n*8iBpp)M8o)VQRYx!5Yw*PUB|#xlxj7k3MDOZFia=3e2lkz65^W zyg3=FI3amy(md}4%tp5X$x0rzp$AIJN-F`F9hjE%Loe4kl!ru-JLs)PZ3wl1`-dx( zOLeFB@@8hL>3J%8(xw2d_gm~AN<_s-k>okX!d!{rd>T%ehY>!~^=*!PfB`5iV%|vW z7lsPD>kLJ)&=HzOKFZt zQ(m)(F3VkWF?Fskp3Onma$YE;Ti_}ADD4D3X`7%&~5Q8K)%r&N|LOsXCE!M zvEB%Q`qoZw@q$`&s^1xK3B>Qh5W5`81Pr z&Pq$lJsoi1srURPjEbh+Y}J`JqReSWG%yOUih zhia@Jx1R5O0dehYD`*i-rvPP+h~0|289z2#GC#i-R#yz1#_d;2TZYZVIhn^AbxR-V zzBGS(cBFK`agUm~v5$+KBv4^`+jv_;k1vkq2#zzIr}<@LDg1E=VW+f3!L2Lt*z896 z16$dhaO-)&*pZxOM!@t;@jXE&rr-dkpFQy0t|NJ{ktY#sM)9^z0+QSCY|PJ3F^`?V zWHI~*hYl}W=k7QtKDxAurx}-^b;a@ObWANA$UzwI*1j^mr_K$+S9^*1(&IBe4KxsU z4Zc?~haK~D4L#AE%Kzp_10wNVLR;D>BB`YZF8l#h$5!dGW3&`vrAl$&LmIlU1x+-1 zubwtW%i@u~fkcNQ`xU0pi}MN#d<`kouisGj5cXS<@p!TRL;SrQ@(r_j`XFcP>3LS=KVD`#6{ zRt9hOtcNR-A);t82E`#ssnFTF4ULopglYlAE@tww2<7EV>P9OkKeh{xXx~~cxKTN! z!LlCeZb!)KN?ZyiiD$cM{Tb^kp_o7|id(BIZv_FvI!<5Nt2u+OlCAI;fDm}rc*4vi z`EX6Zzhf0}15s-NM#l2t*U*j3Ba|2);R|W}l8s#Ullb=2B}a7Tm*fVzHg>*r*{{ly zavC!0rrt9c|867R*1YE4r`5+C`ON>tv6=Xh5t*}rt5$UWF8 z706cJM({CavkAi~OoSIut(ho_CDeYJWa?DZyn{>;Es(Yh)0EH+i*2=K2>J?HgS?|!I|BJt z=y^5Ol(E0BAw9ROf?y5F2}F_`mC+3CK&^l_R%pMj3Oj1!$}e35N+?7gbt1e~l(f@Yq_d#OQm=UZ9uTd}e9KU$LT?pB|f|SYX_g!Z;Jw6c0vT!KK&+W^qngZDXGYSEZ)C84) zJNs=WbM-bn%wBkk0!DV7_XS-%0V8PUFp_Natl37(u%O#ay@+zACm@+2F6d#*ZJ zPjQzXKsAzU^*EMe25C?-+ocBVNz697O*WjtFyTAiO5`;HYE5PtT%!Gn7hw{)`E6`V zZ_uhS;jhkEf+`OqK3S4fi!e9f-`QgzHoTc_dsY=wqZqKkB$h2NaMmwWk^05Ac=pi# z$5G=iY3zB=8IgF2<~3{<8!wiYcCbNv?-JVP5eX!m(E)HR29DaWDX zgVxG&wAx(0LrwEPfKzb|g#IoGMRLuqUjUnc{GwoyN!O2GMK4n0bv4j%;rNS%AAcNZ zfvSubvgNKQ@Z!tEuVz4FFag8WBB_;|t%(W$1aMmtl=BQpQ0_e^g9!5*!`|S=7&;Fp z_=t$O!~UOFCC}Vmu+fd+o6*>hPjkztMfJ46-*EpBcyl0+is15gH@xXb`vT&}4<4C<}=0<7C3oHZx zoLKQjmi2JgfnY&wy6N zR^*&g@6Vb4&%yLRf6A^1$n2=)bCds@BexO(9JzjMqg=|r9M->INjwUsXey}t|H;sj z1XBJI3K<;mtp)-Kz6+Yi#s~wFE#6=CDqoZ$zQ_s~a*Cq62*5AZL#Rc85%0QW)Qcx$ z$Q%jJK3XG)O7Z%7e#}CAkpxyX*hoI3UG&vwh$Es4d_+6E+u2GZ6*fM+_2MB~l3W0B z&V{|_$2moW8s(N(^(hrGu8HD(_?047dh?W@eDMx1t&OL~zF2#LtFjNx(JAIVN1LV` z-%kE)goSt5WET;$LqE&~pOgFI;aKD(?8pE2Z7byl6XzMSjpKjttIuFcfwNxS|3E*b zoerJ|)(18G|M%1dZTMsN4abFe1+E8nGFg?h3bN;oNLNA7luRJ@q>>blT zo?e^OmOpSp(VuUba&*5ZSHJvkBl(cP3d-@!*RUgPb^tqjb|Bq@7T;6X? zZ7*Jbs_8yo<7n|b`1oZIz4`w3VC6GQMcSfn*qAZPB_I=@SNY$7f1cg|gX-urm}o%h z;mG4Y2)U8##4~s~v8yGiaBM6XZ~q4XpU&4O!S3=Iu`c$YZYAarbV~~1F#Hx`nWD$I zTiK3ndcF5Gwwa7|5qvr52#_50AH(dY4CNIpRUiFXVDD4RN(|`}#%*zT0A+glV!1>jQmhsOIy~R~VBQq?MB%^${?pd)K+`XjgXa6Y zL(s5<`eXCm)lwS=E1~f*VC)T=;_Z%958QwY`!@MscAqsw?*L5J<_Q9UM+`k zjy}8c>?{j33`!#O-mB614a(AOf;%6_7>8(#t&?aD8ZV4~&uxh6XdcBcG)-RsW?h)o z)eX?}W*-dy+tRPTf=CI@kcR;Id>)&1>n>UyXU&5p8ar9J1ADuIaT`IWz zXaJT42)(0bLG9}dsRsBJYeRnLPq2bJsO$e!>||uOxK0@oJ9xD9pzGO`6}QFFNVTo@ zB*I+DN$;n_{JMd(WXvU<%2s$Vt5dS%P;@Xt6Gp!s7mr ze1wbLm_kd=hv>Mn3Z6rJf$S9ue|_liA7O6FBo&*c;L&K64e@uS{_DE ziUR3RGFPV?jd!Nmkri0ubJ^|uxbhp&?S4Gst#5uGF1dEVEOD2{wbZbh!NVC;Ccjfz z4aNgJYa?9p<7`9f_jk7|j&EDm^jdz0FCQxzUyah9T>_W+Wsy+LWGi407Wt=y3KUs~ ziD@IVyDx%qMEP-PA|7Zaz&bC^ftYi|@#8cP&u)03vQdPv@OEio+sTj^6->6V8IfXa z9DSg&*A+u0CVDOao~Mnp#)3z#tnZ+j-?YBPibxclRsAe_Ix zyT@*oajD{aJ}ZYcSsN++y`K4|Q~OyzK@&fXAbz2VK$wJPiIY7E@>if1k|8vS5_--% zS;$5EEkXN}XFIj!o0^H|kY!A|q|qwGh;?bMUdDFn=IgT^;sgIC0tpS~xs_ch#ag-; zep;XaGG?CpvGC_29r%(-T$?&f0)f^6wf!^08ASmuBXzVueqJ#I)ljTJeWnnsT%T$IwuzZl&G-$ zo-Nn0vsQnunAjq(VpqBZNs9021UY!xWj1m>elLZ$15%o>5d)@f{@NNjL}hKHh=#-K ztT=qhSlk=QR!+iaX`IV(0Cp6C3 zUw^sjXVC>qFgshATyFe^iI`^nM}6P_#^!bCaF0I|3wEOh2hJ~k%Rk<_ z_Gb7P9+up7@-=C24)J+*D6E8B@C`j;K~i5GR-jJaMq|oS2e9Uj@x5T&9Wv)1EbV8n ziBdA8rF7|D1l`2aYx!m*Tr0MP<1LVxzCXbK|?T_jMtLQmguv%ggT6oDhWo z>nyZ0CNZy!FL(@C+02Bpo-7wR=HDxP*4RvkL@uC4ryJ_RREiDPyPeDLmOD zf5-Q>QsV^9eS`$-oE98u4Mo}t{k-yoMn;?AG^c%i4>2L954TXByew>P=5G~Ocr@V@ z(!_f!v94C+pUdZx^2L9qgvDHbo#=;^(tU-xuI$foEo(gll9!}(CP`Hx2%Zu%+Q{1tiyzH5>Wplh2=YS~x$X1!A(u+^FmDJ12nGMW37} zFyvR_D5CqUb4knVyomPOUEWSIj^&7R7mdH0=084L$&QV2-K&|3*=jqvzCFpk#{{T} z#W-n#XtR21WaBanvi+uZUf7%-B2a#EB53xZ4s@(Bcf+ZA8E09T#=*S@TBkAwtXQZ# zLTQa0i6OfH^2O*AxnWYj<+n^`idax=9*&;Zr(jQsK_-5L#7Nf>5g3#awgHL(A5%pi zyg_P9CxuqA2UmiX%HOf2M=Ct9GHubbE2M;kWk_HnOR$|#}dJj(Yq_+#~ePU2`mj$$Nqqm(ngr@DG2H|%ifwU0rbO}{IRC} zOs%e=;iMNLmj$Gr5iGE9I_@~o}Y6$E@TD|++H zQ`6oJm8!zQB*%y99VQ)(eSHK-I79O=YqebWp#&5=1Cb~c3Vhd0?CxPIN zL-b3-?qYJzp5_`)jeRwPuz6B2v5-H^=cj;}Ko#!tRI7Mfy~ha}+n}r=Yr5Liashx= z*%j8@ezrvatuL4zxUTu;;vz?Rf}jyvK@cW`M1tahfF=&483&zXpCOCF>UEmf1~6*- z@Li70RQf&QKAs@9%X!`XR#rUnTUFFO^4=0N1oxQl;BXuYcE@^{R{pPOI4>GsJilem zwIc*Vv68dupl3^#0T`PI}&N$d81xh#`WsBz7n$qG;bW7pYV{>YL zvc|bDbgO5J;eS25U?xuBRYkvvxV3}l64=B}<*R^;P#Y>4eqYVm%3!hEviKXM>gBu@ zxIZS;3Uf}2ngocL4e(AqE{p0vSh=WG$$J?cY*IWHRU_o-cZ_QS|7ujj{$^Z5mUN(f zpoNWPnzR8D(P|Y>cS5kLY-AJbd{Aw^Q!jIe6B8w++xS380(U9Hj#MLXRV9& z($(*c0K%rQ1NrLw^88C^I`P#4bODzz9O~(?ZsFZYXJGC^@^{cvkG4o1>xXgcU60)0 zv=egoM1b?*%W0cZOxgz{@0NcUS&>_iew(Q9-FuDo5O3^oMwmLbOssvGCpEchF5aUNL?jKHe$`3)?<#P^g>9gw){II7cKnZ zw5ShEjac_)*Dl!4Db}#U`XuvlRKNLfw+^QcdHWLE>u(*{Kxy87q^}VPo75J&x?sN8 zBujPr{l2=~e!&C50;`oJb|d^cVm!YHQ7K&~;zqewexLJd)4er&%v1b*#?>VxbvqFWOGIa1otIP+8uVN+$Gh3yNBIfhx7KfaS z^6N&b?mSj|@VMO32))A5&#->s1o_*IC`kbXo7<#|Uw2<*keVtst-&OVgJ*wr>LlBR zN8VJM0?!!Kfrj+wDuevD(mM)EAezzNlJ!x@kv*QD1Ua$Y+ipxHU**K;aPZZ>^KBt` z+v;b&UvIX@dRAyB(-WrSEwvH9omEb7L8VFz6FBa8?xqU9O40I9av+aAuc6t1hV?pT z|84zX7Yo;mU1d9bp&Xf`I23fp8%akf$ZU#U2uJ#LNoL?Fe;8wHJw`D~nF!FiZEp_u ze6u;*8+BCl|NtZ&S$>wN#5*J%Ut(okJT7TgAG9u^MUsH5IAx|w= z^z&~E`p0e`nR0!&Wsi$pEw0&ku$NaQ1?>>CiIAlckUfU*tke}>W%Ty@SBYu-=9kiV z*}K|uO{n0Ey?)W-|E82GDxaHbHADlakUCHmQIFob`*%ds!|=y-dG2IfCgL7Ilet_D zJ35RPLa1ncUm&2D;ScJ@jM=W>!F^XB0}1Pl3Hn<6{(p& zB^C`EX-+58`QNNiJ@7}}k{9PLO;(4wI>K-4_?(kp6z@nuk+g2J znSoAsrj{j_-zGj8hmNdMqUvtRAeg|<^m)aNBhgfBv0BDK>N0NZBChfF-0|AGgCZhd z5L6cwk{!4gkf-0{_$4_5w*hHG#s$a4HjnUjKWC*;nWq8sN$iH&_6 zg&Ca(maxRlgCtN7`sk&R@oCx{;4YK=cmzF+O9J3DlLj>B5_S&WE0ZfS@9jJ7CaHRnY6*^ z&4rzF~k-q=|uFxQP)JI%;8*}v~`o-aX* ziQGNLMoI4d%|?{;b+Yq0za^#5VJoCVFsv2wv#vs&D~7t5n})tv#qZ;DU0LTl)t|(g zRPP^kz3(L9c7%DtM?FWgXAYGQuPC(9kbY(yp&IZR4G*y+$&ZDWP9TD@*sv@DG3mpm z#_0L8ib|xvT(_JM)0)CB?R(b6zn!&}eRImJ-PAethv~+7`0*bHoQP`pP2&v{5G8_$ zG%8u&mQ+^kw9g{F1=v6lrgP#VXlzPpQeBNBQkm>3yM>yqf%Fy@93x z{shNthH(PvjVh&WTO#Q&H?u|6MVo{vEI`+Y^IA3yFjcS?LQKGm+mtAWEG={ho4w zK6Z+PCnBB1#u?ER|9+gRF>?n_e4jEg933};oq`9k?ao1xPG|JHr{h|k(O+evz*>ob zqes};&?SeDkIC7Ror$205hOppleJSjHxMVTA}T&5y?Vi~wZ@>LrlEM5xKKN@P=*sp zNuO)59Zn4>X}?%tTqi z)~sARBly?_*H2PIZiqU|_E*BD1m9#{7#b{HZoa7~SX7cSJAOMd1WJ>PElC4311mbZ zZoF5YLoJ`4k}**sgr$AR*fl@(eak4l*<21%yb!ZED@nxL4BEg>{LSfU3Vk!NQJ3}P z4Ua)Xko9y72!BRS!$YcoBYhKptK?i!yx>#fYZZ5h+Kqv8rT?Ze*;xA`n}=0-HTrXm zC&Ys}p3u6Tns4E#q}`DJfc(TM9wGe7i5&Tvv@c{z_l}%}Z%qiMUEdicuObgrP`s=% zd3*ml6mIGWWc4G;XzS|qE?PH z#2jn|{i;AB&X}cwY@k&HxiI+b{T3~+UhS<#m;wWo%WuW8eWsYNiWtcL3#?3&C(~I_|ri0X(X_neLqh=amwpR*q)DGaj-f!l_og+ z^#=HmkiVOdzvgqrtOu2qt^)b5ip?CHMTRn;wV96&ew}#1WlUv-KWAP1N3TEPHJxN1 zgv5&7@t?0bjBa=vrLm&X87>{)Je|0U3B>Xxx+S}FfU>5DN zm`d|~oE%G;b|JVW(}Ny|BPl;ic&$9>$%0|10XTPDVpoKh8Pm9*G>a+s30(YJXRX%7&kwOk@g4_EihJ> zI2jjyck-DjieqxaSYONyOYv}xuvV&^+z^Js-L3#Vet%?S>Cv3!Wc4&AQcGci$ajY} z!Vj&|xOBO@SMr$(!mG;IEFqpEeMvJkEiF**MDHWeG1RXya%rHi1-nDu2D)QcnMPFv zZJkACKn|9M#?EatbRT!w^olg4u~uhJc>MfWGx-8uO<&jnP~r~$E75#Uy|7z4TJwRY zqW_@4#*bGS+M?BDpu%vx>}KcSYrZd#gkB8`zV#Zt-(E)wc*H4^#?wN%HC9Jt?;@s_ z{`LYGxh(wDsXN#>~qH(f|aP{3kAER+$gs^Q{|_!~}`(%P){^2#4)92|fd-*olvc`@KiKD6LQIK`nN>>K7Fu9E z()7tqF@W}zoOYpB%B${6;}a(92p&8&asj%n+``rj|KU0TWwe!Rc%i42@>K&E}SZG5tby+{B1MM zVZm&3@ST16xohP=ym?=wz?qj5Hjc+Rg?OfIspUy8C5k#{OvN<4Id-sT?t7q^XCYij z&P``REpgOZhrYqosRasbuUd`>iWM1xR#*o?FFsJH1>v>1OlLAkubC%^z;k+F3VHk( zyO%l&Nwk5yk|39G%;?4Ft*VAPD{X|+-~<0{z9L6ca2z4I=jt`1{-ORhn4`CWy>^;* zFg-e70c48##~e9VLc&kDB6|rLDuF{&*G_T;-bgmT+87_xOrTg55oB=bu5h8^FQ2~` z87(jnJD73!XsnA`=+Uj)I#n5x~`7;t!$AI<--EtF;;%0?~j63*r{3scv6#bmp8XN=)?x9Y# zj2&%xcS#<_;-GLQbhD(fS=%ov#owpq&Pk{uMwjy2X^okABAGjnteDp({*ZsCikt5n zVt)0QG#egxmtI_g`H{5WykAx?PaasRves`{g+~~bI7_^;Rfz8t?o&c18`45hdIUck z%&-^f-84bJc%r3}kpfWPL(&)c72h@<2QC9=$Vg{LYdeC&rcZl2=6g1oa6>rpRmt+j zG0^0sfm#bmn#F;Jq~wIxKh8ZO&B$p(RgSX;h^4e?G;NnJZruDT>=0IiIf)fynSkLaXE~kI`76HpM@9edtVCQ(f;5OrJ2yJnB+HY@WD3O5DP)x*e9n3FVzKcw%(_)Gy@CF_4<1OC^yGpI0v$0a`oSnlzY@;j@|0aHLo+ec8fb|iK7H|5fvc?$0&jzcNT zKLzW(*}9+xy*fL>yz>ODwZQ+n_&+{U0AdO`0CyC;h z;9m5;T1%;sYPqg;1OCO<-iRK4S_q`K=G;|8gzUdKj(;_BN%Y`@(Ld7p58i+; z9)PNv%HO@B`&SqH<09f11TYt@b|Ce51an)cJ&d32T!Kl8LV!c1kO4qb>kAles;&ex zLLHr`2?Dc zdOn1qBQ3&#bh1!Xa5{0F26a@asdB>=H{f=SWqjGI(+2nuQVy22}*fnZJ>rr0c%Jf0)THi(Awmk8gLt+Xv+_$d?e^@ zWHp)2`}+B+JFKG+*xfi`M%~8&jzc*jJIRK>S3qI_2h{xxP0FQ5^I;z1yTFt(-nAcT+$c2Gut6#W9ARxc4@^p>3YIP6ez4vx-sn8AxM8%nNiyQ&^W)79?yr2)PLOul&! z^Oj*(m||t`4!rTu!WcnT`rt>h6`-XHjRDL^6+mOCu$o(=06dlN=?H%;^{gF$w?5}2 zIf9&6*vX&}r!5%ZKfon9a!2XkdvE;7a{R8gtSnZuj)Q10+l`F4FwIU^v%pohtbELW z!t60&;;%!%k$}44o&Whh;(W>W{r&H7sHHNkR8hBfXTMZ>VwrpitwM>#d&0}-MXhm) z4BUh?k2JKy(BD=tC*c?4TBhWq-p}vc|JraLtRE9_7rvOE@)9n09;BQ!x~?B$pMB*o z`nv9(!)?8v)IA5CezL-NA-ijP;zM>iLIIeuCw3J9#aEiRT7x;C5x#7Tl`x{{ZR^&& zo^li0nf&wwi7A#+#0G#xnA6WBeo~5f)w!adS~pwvrPP}<>;C+x_hjK5otBmBgSchp zQ#%6(^&E7!QChixMUzzn4A~$!1XSvPfA&TEJ+a4e50l~3j3DW?zSN8C*dQ68*Zhug z6HNkXvpiynDDD>@nBwz3x7C`Q0RSM;q1V-^wfAbgoN@*F@w0M+pHuG?eP8ya4ER0| z%dGtl9#?}r4)^`JroHMR;2&bwlfb|cxBf|;T9echkSiBN^(Hw%uX>ZT9Mo@_rBu@+ z(6K>Bgt7O}KW)z%y_qaGBxB&`_rLR*O66wE^}DhLEe}7;$^~}LH+s(kUDd{wX3Ib` z3*38O-q`$%Dyro8-@qR>vx?|st?v~u%5@5q*!$4b2t&sNgbtitDz?8`kCkw&Xi7Y< z0p7Ad!KAc#({x$#YvN}FhFXWi&7S6m#w8cUN~upR+gQF->V7tB{jhT5bG)iR%&%3i$=SWt ztQCs>a83?MQp!5xi^c$1^STUdH&s~^=Y3@co)#6oka?e&{8Q2fl|x9-6pH`k`FHn& zS^zcH3t%+v5R$iG&BqS0aEd!{tyRF&{i{2QD^9I~>OpG98eBG-*s2mJfdqFO?9{tC zmgULWa2S+1r0Tq9EmXlGq&gr*HlV+8|9&*h29QWvCD41;3nO0}jt2FNRNsv=(q7TK z*;2yN7s_2)=Xu-+HQC(v9CeEb_rF$rD)xB&mq9&s50GaLt-}DB{(eaUJYKhhTtB-O z1k8hzs#OM#x-&ZK=BA;L<$dT_!`{TZjNZsmTHVFXE?Ebzpb8u*sedsk!AIal^Z5BH zgGxQ!F2DNr`eOEUYs@e#JIFCZrxE~LP1K1&RyF`qgw_ZhOs8{OqF+u!TuZr2Y+Bb8 z%x6SB>iO0Ihl*6;l)F~glGhs$Mn-ZfIDRP#oPkR`ksq#R^1er&Wfu6i zQSk`yzL}pxdYSB4XEj3W4HR?cGwg$FtSaxLub+i><-GuE7pGin3w}Z$Dkx`t|WQzKkJtyS3irkx$s3 z>7BP=U#;JjJ(#9BxM{|Ec*F%uFTMOELPOU*m>r|^+3d%?)Gu77Syf)(w zq`|NS-Wk^qM40yONKHu$Uu}PK6aPLw&~hd(H~c=y4jPN6JY?1Gwj(B|9w!gzRlNa( z?Tx$p&xj12;pTyCp(#5Z5aI+><)QyB3w>cT&h~*7W#IE>4cPOiixd*)Q!EN~m zTBewP(?$FgDsJ9KD?|gtuz$LP{CU4#;HjVIavy*-%i7rYEcw}|7ZZfkngU9eBd%Mc z9jrR#y9f~=W_XfZP0nQ!aB!L|G2P_rP4?s^^jU?`|6}hh!>U}n{ZT=t2q+kI2sRBO zDXmyYH_|axy1T&^5S5Tg3rsqt8&Q;rAYGGEq*LiWm4U`-_+B z0vD6#x$hCb7-Jx8#S;>WE=iO3_J%g7ud@tm{ju?bfEnKDOjmcnr^$_hiWiv+R|sQ> zBmLFS%7*fWajEAjp~Z4azLC0!%^Q*$55NG_u3V!ln)R^UB&*1M*?iR-b}S6unOnwK zWM4p4QTE{9-hIyTH7)O##v1R&>_`qW?mUP!ea$hVdJC%3m0u)x`(YW36_-wtW37_S zrmcSGIFtyM5UcF918`j(`JfT+g_m%`M3e6&taX^Sf;esM6Lj_L%`1o9>pMziYnx-m z@$1V|osB`ayx3VXr=^}T68HzaaNwdP*((q4BTUnm()P}&T){NGzEFqCq~yhgb48`e zr1*P~zE2Zh?trLL1s66_=z3f@4YzKO`|6w(DEp#=m_)l!TcP5@Za+<<_|PywWio|( ze>Q~8>}pUe-xKOqJE7{A4fEW~+OP(mKOQt*Qq%YbIPYBjuvLa8>Kx2gxd0<2D!f2r z=?o-RsmR*K$}GbXnT{e-S@wxi*B{10xRUOoSg=SbZ%R|4-xr*@8AkRk$S z;_itv3p zENI;?oBK%TfvXLVMi{1N1E$!?{)<@bn=y4Mh33j3V}H2N3Og-|Gt|{o~(0 zJkyC4bF&<8juEsO6w@iV_k!%HS*cHB1W%lLs#0z7#OKJ1D=?%QpAzRi<*n~AE5IP? zY*}`gaNSU)Hp*vb{UdCYFtVxm@sNsBi?`ugg%w^fir);3Wm*>oym=0ipX=>@7QFYx zzEMpG<2VX~V2Q@QVJJ4bGBkN22!vebbf;SrAL-=Oe7#R{Tvsqb){@;e(RpP?Tc^S` zFH0-$-BW6=sqpn(Wvm>X2XwDnG^MMXE3*#UY<0OFt8?7LNm8e{@=?Li!2!?_0^^ZC zp#9E$xCdBe4CMeeU84OOw^jP7ySaPc{Uk*K)P&k8wOM$1D<@N`sM+LP}*vOAUYPw71@%g6NnXcD%&!`pAb@!!&&rsh3MC&i8tnJYk}Eq{KP1i zpF_iR`Zs4XS1Mb#wEvA|Z~nRl+ZA56KJcDcuKyfGI`~q{568~RzIUfZajJLO!y$9t zTC

d7&X%rK~~vXKm{&Qwl(=rq;Q0L9J-VZ@N2KiF+2Hdp~uQml6>9+1(LwPn~;E{D$!RS(&ZeKyOwU6?Q7wLxS$3>Gy# z>~ILqoLyCwE)sqvTeKLMbggL~A3pJLY~2Iqnp#0pZkAbG8UR097gT~N`qfx4CD)MsynJ1!mJv{(w)Lobd>$zih)ATObaEf-eH=}|RsI6OsOzHzy z-XB*ismZ9n2uJ~q;nK$QN%bN=4K^Lrd8&fY+J&!m@+MOQ<;CSIq~YMHF2@>X`$r8j zhC}84ENz;xpy98k7F|4*dSvo>O*Ax6*%yHx$ zUl1)T5wUu#igYO$>ekAlFPJ<`JA>sTVs;%SDAtX10o0&yYkjdiP}pX!4#5OO=-`NW z4ek8!I&FYD!vkTr`$7H*o6=Eg)gfHSVsKhm-%5H$c0S;T?<;1SimdQ`un+)H2ziIG zK80>Yysmx2S#Hq_0FvCExeZT1FHJ-5*6wtwq4A4TSNoS$S4@SI4J)gh#83yRJ~3Q! zOeITaS7K1z1gKNbP^ot8f=RvB!$Wla*s^d^@~QG9PFa+N`Wp?pkUyXldevexcM%72 z>||pjY~k4Je1`B5lDcKYV^mX#$=Y)6i3i}EzqTu=aNn2&Kg~F!a2aWfkqSCFIBlTY=K2WGK zD%c6#&GprENwuGg@EExhn6Xub)yb}_hJ(rwk?)`#Ga^(p`(XtytF)6Z7(xM=o;6wBtGJ^*D$G*)MN+i7T*in>=758zHEZO1|3w0pN!bngUq z?@tBsN;l^Tt?fdy??;u&wPiry%WlrEMMFeLHLDm(xFaR zxndY>QX;atb#b{Oi0YFnwLYBI0bN(pbIp+#KWe78*Hu6tujZcZH3;Is4bp6JcHWF+L+w`9$e zr}jR;F9}J1-fI>`&GJ*k%PQ4(P_mf!<|jAui`foK$whrA>2H+kIKcjvPA5vl0b2=X zISufyShOWQ;h;-DRF)F!jtdef@-oqh5chB{zU{D`j2%OtxC1pdV(_D+E87y-HH2U@ z03TQFfKZUCv>w`NBSPcwVDOjS^EJ``c!m!6!O1L1WL-$Y&hYT;|ID?pIRdfMIgXT? zbE25PpcvkKA?%kes~HZ{)TbL!z*s0c;E`$v&6=Ksu5@3{^j!Z*;BchAN1BrZsWZB+ z39TA%mM5>J!-lM`An8#()qM3dl@GAJ=>$!DjIfw_O3du06=pb^fcGdAY4#2inU4dh3$WTnJ!@uiHVY3FTdUk(C2J z-7_tpcmy+_<2cy{zb`k9T&7mu8!}yQK)8_0uM^Ix{f1E}8ijGOgFU|p{xIE{5zz@i zKl&!ORxV4D+mSjE4P)z!%x3VK^Z{>Y5pdwJeQyM&*bbbk+*+wGvyce-R`&DAweE=T;prJMfH#r$|v^{k@kaH;A`}x!ae<4~_3y-E?}m@!>fK zeVp1ytO3!nQvfTRbf0-9_5I*NIipCo{|lCoHo~n{mgJm$9~GMjw|0`oGCua4mi8S= zxKTnHNZ|MB$Z$3B3p*y-tFDBeHg$`}7DQYBf)cEEui8~9-U~O^CGM$kdrRhfaokW> zCG+|}w6sA;>wB8!W&7_j2PqbA03GZ|@=pBEoBY>*>BoNx+WjEi8w&gX;Tub!m##ni z-u*Xe5cwasJ%(PN-~Ob?;eYtXZ^u}KX(NtI@7-hl`kXgT6A}@(e|qqpfA7%r>l+{6 z0`Nfh^8YU$U|WV1#F;EW4xGW0yCi$0%kBEpZaB^ZP7EUUrZ-07Acf&~pn+bol7u{O z(UJNBxtvw#iYIz3sxukd&-SYGko=i+_*W{DQi0fn0OkbeVSS%n6jZwab$*8BkruuA z=(n&oQ3t@&EC`X|07UrCE`N>l*~$Cxj0O*1nuX@OIPv=PKA4he3K(oI6ajs}+*-o7 z2jv@>YY)4vKS#QOaHtQDhl*bYX17PY!EEyK~%wih@pB zu<21Z^l`p#5sm@6hem*aKls+f3s!)dTzA;=!&55dE|g>FQ%OoTmG@|cDN4uKf{xP= zKbCblu07rJL`l6TixzchhPkKv5pV>_a^~IHR#33~3>#Wf7*3AR=R<#I61J^rTJC;x zl`KQQvMlQO0(70v1xKtQ-C=8@$I9BP^vWFb)H5{P^y)X&lleONS4#RomT?!(;9Jly zw4mwIzu%GLDsmc>NNa6mD95FyL)8CNxdXir_bWifV&~rOG9$e2G+dgI>Yi2o$j3lf z6@u`rcB&)I1i*l|v-sl8u8&J&AS1Wko+?`t(o;p-I0H1{MZByxgD=k6Uaj6;9^%xi zO3A!eRxuOJzxOk~c{+Zk91daG`YPpnQRkW0jhxecg&CFLcnz2I@gDN~5-nl^yZ3Tq zL|w|HjN$ajYkTHY@04xBuRbREB~I22v^p`^eMSH?$t@D@{P@Uh-7LaWGCnQ*S&02` z8E|IpJqRYxp^>Q-C_d5O5i0PSLo=JUn9S*_`O?p3`LkC$0rwl`dfJ`g@4Mlx>(C_N z460=ep_hU8dNSK5VT&$K4z*Mzt?gKGk1oAiUJ;P~>@Dy`S!TT$0Smd>2DpUf^LMpk zun9p>VkbOnNc($r0P^-B7XtT@@4h^x4ax#e04J@55ds~_=P36Bcb{ky} zCFc~B97bPl|E4|~y>|+_ancXuId#@m>vsTXtGm}%kj4;1C|fI!_dr;C-fU>tvfroB zJYLMFSp42FBKu@xRr!s~6JJZ2U8jU9&1zDaw5_x;I27zM%4O9DtF5FF^g?gX7{ndMT_aO)6K`oCyS^9%i3uD;~c3OJ1Q2Z9e4}%Me2k0zNzd-l@{ciqN2F7jXdzo&`4WtKpS6T zm_R6s#BGaJ*Q_s4qD7rob~x(|lA~Y93i!P&RIze-5bZHzMXHN@B$X^i739<(6$aO@ zKaJpghWx(C-=f{gRINl-MPDLDiL{W(`YUj!8HhO7!4vtm$_l-rgEJ8#}tRT*{!DzP0Ih0CXQ8UV6Z{~r81f}M!O6N?PG}~9$h#;>F;_e0V zF_#3SuOrKP@k7-Wcl|FNvKt3P>Ne2mx?SID1BeIoF&`DIAg^*Kws<`rXEtl%C_7Z+ z+Ey|^NvVM~hA~@L=IR?~ma;WJiDF+J9-m$B0bKSxO;o$go)sfY8j6}z%MhyX;<2uvK_@pMQ<}d)B z4Mpdfo(t`Eh%&OJI9SN6?TqGSCpeN_c_!Bz<0PvaB|5gA;@nkzGhBasbB4)52WF;s zA#kogmn>TyD06xX%t;@F^3m*9Rr_y+bJ|Ily~YKzYn@LyaF|}$!|N`kEuhf(g+QE? z)x9sv1njfOepFTm!i3XYe=m5#+-Z(RkK*ZI46D8y#_OWVcvS3=@@iv;in zkwY$=e8jI}qWAv>xDiCLtEZcS6w_8(AdCv(p7pNv1kzp9^*wj;Zq~jpuq<8v>@{Ew zuHr42mB$Uxx+66g;z3b%yicIZCADSeI-%7JIldFM;)EaClHVpfByipI+f zPy$U>fC) z&LFHTbz={cPnl-B!sYSx0gbM&NST+h4mKVS`?K|!p`f($@&=TAZez;hRllEfP$!u_ z$1@eloyPu0rdy}$s`sz$p1$E9z|N%c!k(TmP2P9j+PvI2kj8HUwWb$5_#pXU(shCz zkB}2Nm&T*Dpuap5er7vK6KLzU>9FyNqmS8v)P94>J@XT_Hh67E!1(?Pj`$&F8}e&G zDx)$1SL|`8)Vk8T-$m-Q;?GBGqWiiS?Gs;!&<4}v_kQ5NAhaV`DO*FO^6SN%pRGp< zMQUqZ^YZ?QI!;rB7Hq2gP9W``q59Vs{9H)@ZlYlj-5YNH^%+7opy$L^S=2xNhbHlH z1T>xhH$Px5s*lFnn25OUjtTKU^sy=_@UuJI251HLt^|L@JR`CrjEABEnf5Ls{?+it zK*Os#?qt&On@EW~p8H%-d0X;1|N2*Z|H0x!3Wz~WcaZXLni3>B9VvoeB)6f5;5RR? zEwLtA#32(l-vZs0sphi*P*X0TNVmaAtFm2cOZb(e+s`DB?OyK!$qno3QtU7F{{>~y?fFp8FRME*Wa7;5PPF)q+gjcFf`X2Lrw<# zlC~aVpU{D#_dWCbUH9*suWWDo2apIQ{qBYxR5gTtJsco+KnTCgKu#j<@c`C;1)Mor zi2UnX5PesLn*&k_uuZpAvn3*^h@khD>n1c&Ss-}BmX6&nvYZ@4brfMvf6*C?m)?&M zm$Q&Hb_RM%9mZ#%rp^VKv=;P#SG?K+xRx`k-YU5>bT0BB;sdBaC-zyyP-x2@->pAV!fkM+JD$#n8pz z-&}pRCA3@_;g`P+TJCXK4{}=G8dFBuO+ZTYoKuRJBs@#>fbPqibB0t>UnY^KQNOZ% zGt(sLgLi1>P3_hKSG36ay`#}7T^2|<+*-@6*O_~9VH{q)cc!~@gityB*Arwl*>$YI zzffdYOQ@4)`~ZP4WWzb>Y@Kgs2MVCNC^-@FrJk*_v?Pj(O4ky>i(th&w=cE^eKQIlsx+V^g`A%{*R{KT6AZxKwDj|f*~Ld97Cq7&U|F{DS$_>4IQAal8P7W!BtRe zV8;5NrTs#l95f775PAAr5Ysmx@`hgmbuc0@afhTi@xAN>tV4HL)nOmPqZe;O^Xa(> zMaz3PYkW}?6HwEfHlY_>0fyp$N=LLG0Gs3S)c^I$k9d}r` z4u%4=i(X^vNyc&tpi|g-mH{p<3ly6dqmoh!k)wNn)NIL|l}?W+n4K2~+@!Cd2tjv^ zXJ=4~3^0ev=`HkdrH87abB3G7F&3_wuGWBJ$Ae~JT9cp>nARSkr95i|itP^hfMWV1 zYB97S73;P}`MrbDlk^z-V;WVM2ivF{{vF|X0dR4S0^<$Nx^h{AMysPg5YFPtY<6G+ zIKgo-ahii~t?)(I?J%ne6!GX9uwPL{nhPr9lLBbj9hgV^L!y3d3auEV2Kc1tkAgz-k?3(WHZ6@aW$dIHXv*_Tsdjgii>>u&`c=;1 zvGP%wmmiQ0vTIHuO7X8i<_>S{+-Z-WQ}#H-y4;J4L?4Ne%^dO6I1_A|i6$`600JjpT2J zrllIj^BoKmDDm0#j*IcxWxq-+D2grC_j?Z%lN<9u22Oipb1g>= zdlx!`ZJGy55^I~s+Y~Hi##n}aledoCpd;X6oj|!kPb?}F0i=;5^ zKs}9~;|rZ=z)pNS2lKvR$atafwyrKIBAXDK2rC==7e=i#@0viksNDqpe23N1TYsCHl=L zd?`H)alqv|oAR6c9?SmXAj%3_nE(lmL*sKMQR>+ZTk74Z;lMXF?IpWQrHyaz!!km;K_9yeQ_Fp8m9R|mHeojlb-kXvSvgfo$eri)%H2Z>WL~zlG%%uGXMru z>Y6nl-}6y|I+9k@IkT}@)esqd?0A|(rzq278-h_LNJ5maWsI65N|Jo;DiFtL4HE`{ z)1(*_L+^{Dh-QV1-ye)%5(Y`x;unk>wbA81=wj!bySJYHu)?iD_==K`7H)-{gGN&5 z`$Nt3F1oE=KHu<~?sy&(cTuBenms=l0g;M=Ayf+7w-mJP*pH`Yisv9uDAy(^jrhE2 zn*Tiu;4=r^WR^~)dm*IlTGX)-j7dzwGImEHx#4{8c1lffRQdRsYvspoI$rT7On@w zsDZiOU0(nK*c?E)0ub_H_}1wKE$^Yos0-lf_rk@~t;clT{S;E$ZF6}@EkmOTD;H@D z1EcyYznV_0VWTz4uO!>1_Jbju-X1fkK!hbK%+v;C93hA zJgfM&B!J%wz!6rbcB&BS96)#kBiPacrMB<4neu@~0+B2usH>o1&A!GM(PFZWDa%h5%O*}4MD{3c1e-;zdHQT^0zU9+8AKpHFXp#%jp~59HLm(HIeWOacFFmJ zh{4_&8167g0l5#3GReYI!K+;>_!rly3b0?7M-FLM<<7>mpwkpA5OL0e&-{5drF3l$ zBxwM_h7_BRv z-2{!_d+OoxsGc`VkEC!wfJXDpF;e;6phOr>5EiSN9|c`?p)OlJT^ivQ`PHc~Bi(~% zs`u@R-|%(_er-!oRSd=6qa~z4MQgfS0l74Y_w9z)xGwPs(=drY`B?}NtAdoj>$L-~ zoUq{D;pbO-!BU8HHh|38{ZnUyh0cbzwukXIcM}R-zYccjsD6)-{(^C&UPFskM`Yr# z_fhy&H>+eIt)crUt%>4_kSPY zf3(Fn{%=1(M!!RJd@{XaWoTtVS$`A}@vD7d-2dId046QcuZPbDLa* zKJe_{FU3+zxW#?`bqM*98y68#M3b(p!Wk6N+V)KXNAgH4(HfJiYQ(Eo(k#-*SEW5? zqA!CcLiJ#59hQV(dq>7RG4o!MK3)BTJ+ab%-M&)*q{x{nmF+E8`B!*QL4o@JR}|Wt zvO<8AGjD1t#F-gtYh{R%IsV~FpV9`1>x=bVq9s8iMS&@b*XZ(%Q;3`Z1}J<4aKQqxn*x)f1p@j^K;ku^2SfN* zq#UZMLRc{%e}8&)MFHS_8~$?!YT5#zI`D{=0<>5wR>$M))}4dDHUXG}Mrw!g3NU~m zWlk8Ub{imHrXVZ`G~%H?9g>fvkFL1Hz2i+tHVW}dcz`^17Q`HOOG5&@CGZfwaQ zXlX0iHwM1?TmUeLwe(;r6ZetS2Ym+8^}wt2!l$zO`tE@sPz~kCu8NhLnG~dkkmlRH z*S-=X1WRYO9v*uCDZ*&PO9w@_*6Q5A@oC$o0I4?s3Cr=zUi!^_@v|j5rw~2CHy`@d z1^AniL$!$By!!*#y{$kpD0sJ-aTCxPuf|HDKAVnI1HBDz@vp z{AAha=l2F~-qg%`=(vXX&>OoaBLL$YbYGeyM#jovTVH)vgi6h0GC5)fC?r7;9v7)oC-{4S!0jz`vg`9F zMmA4fecA)8PX7i7b>ElhUDiNU5`&-@Zv>U6l%bLrB1LD{$h?=L7$+De8I;Xdr?klt za`OsHDFlsk#ljzdcRGQA$EZ$#-T>4rY#K***AJKsEckE;XeRU}TzS-Qq3Z+U%@*^H zR3q4N5Cy&f3EUXz(g4hmo4f8O?KKB_M8qCa6)0_UK1>J^;W|RU)S?r8F9*?qLVv0q z!L8R{5sZ2D112UFKo56SNY6ZoJJ89?jUm6vr1H`X-z#h(z#GY}j%2my1{ExEz}?^0_h{a`T=b(n+EZu|!4~h_a5myTV-1;8Jm|6B zLU~@&1YV@0Q`X36@p3={ybcf(7a~fCE|9I?+f?OM>Gd#Y7f2t`gx05c7ChVt5LxvF zaCF;w3b(^u ze|-d7$||OA9-4VuJnQjX;P(jdA6F8963jl7nomUaxe-t#yl!ndbo8b1I&$dC>h)^1 zm(b+gVEY7Hs0AQ=OH4k1fCC)6#`=gEy7I}77NmFB_w!;`z(i204)Ud+r~`#8fIw$| zP9wa}&P>n97XK)~oRp99P?;SzYk+tPO+FtUQ75PoCpdu50uk}qho9a1ywNG{0 zdo1qRf#SQdZuP|zpcP)NT=hvT-Br7DG4FPUMwTTKyEYYTYZ0d$K+3vO3cW4~1H=}esHuNEE>$nr|bMV)-=sU>Z-mHpU+enor1r%nB)EmSH5(i#CnADJx zb^{~A%1?)Hdly1U(KTS&pCyOH;fODDvcMfaGx14(y#;pQ)SwTW!#T{_U$g;@G7{{w ziOg!A?s{oedslj-9BO!PPP$=cT?eym@SyZ~<5&)zZ!rSmDR<@VBk%#S><)d!ZyHWN z)1xJ07z<=**b40X(E;tZ6-d_SDtBuU85e1rS=4uP@UYpT6{^?1k+mxV4$kQsEEz_~ z1&NPsx;1LCg<%L1j?JwI?n2Nhm2%41xEWUfbkgON_%fN@ZAw7IEL%nZO!!PW2Z_jd z#|?82#{H(3fN~pWs@lR+h6txY0rna(yjhc1BK42h=&ZVi}A1pup`@s=T*zD6lTZ$W$?CRnoCU8EA5S@N+42Q0WI6|EKkHGurZYFbDY;} z5T1AJSv>u_jRzW-h11W)jx|wp{%4A3;X@%tRm7n#zSMF>OyERh#AD@ual;|jMEpa8 zpdEc9Zh+dVaE9&QS`amKsbl$;`QzdU5jm*prW}gM;n=KZsBj)YcATo0E zxf;;+o$MPy0Hi@gA3#0y%hJb&2muQ3wY~%X?8I3-Z=b?D-PBT|kI$KHptC7PT!r1x z*uC}-LdIONr9#U6dpR|WGSSNXkd4>IlHG1k;`ur_feaee?)IK7@zQh5dWfJS1K^`i zo72p`OW#+4zA}f}?_yK8J-jS!n8t8y>A74&@FZN{DxaFxg9_b+mz&R&@`7`+A@ z=cLlZ=zDm?I1Ub~3GZ)HYCgMN6o=t{?2OIl)O!5);NW-Ws8Y)}FxNTzNrwfK3h|bh zd?ZICj%0@(iq=5**MbT`7p(MrO(#_$j?%EI8d?JQ`qg=|h{8#3cWd$aVZ^Q&%wz%M zwtfjiaS=Q=2!_2p(OM^dk~xRqe(5XrkwZ+EI*__CwxU~-)onBvY#2v)@5;Z{d+T=W z;DpPy+64p|gE|n174BZ)}KkcNoRzKD1r{onNm zX19g`?JWvo5GoTWz~9 z)^I+q0PyYd%uJ=t!*}Iy9Wd=6Ow^?*F){Nh2xN*%KYu{{L+GRDG$J!6nx$8M>1i6k zOQQutfW4x`ch*J_Y7T*dk6E2yHW;sXQe1=R>JSI!P*ZE-bv)>(zi+4ThF-{jo2^mQ{6{A)5v-# zY}-vzUIa4b3`8`UKSvw0pbf#sCxP4UJb5dFCc&^%8K8hIq|u~ z6bu#80zYg%q{&FWDt<*n6+zUgPN43nkI;7TH9bkhy4l}*aXQ{NYm8E*J_{xZO)SM! zPGX~UvEztX-S_mU2epWM;Get*i=f}*&y1c>Hund$5;J=mmOX)@IGaQK6)?c%@O$g6 z2SUtVZ=ME07WTZvvf2QGXj*5gnUBCcnLy{cgJFSgpm4Q>n~1HJnx2%Czmv`^-%qEi zI!P7g*}6rE$#`Sh@Y1>+gtmRlDd#UZjcCKf7MFk&l?yxa4!RR0^5PfDpu%N6tE1L; z=iPl0YnlN@^HZt=jyvFz&F*+M*52|%-TNVRBw?8~hT=gb5FU;jL~`v@CY;`uO$63Qn<-R(U*gGWvsP^*=(V1P#xNZqWn z#rQw%TZJAm(770rOeA04JF~BWW-v9(8H5q#Fi&pg>=E6kwrIm@r_lEf=@>$z=FG3$)*%96)LRHO4KM}y;>2TiG)%HO54^~@o=*QQC~qE_;oDN z6*QMzVEeBkOG#0uvQ_rIiig21bxqm{QCGKdEv&#YOQ{ zxuCJHEluB`Skoh+MG<%A6k9o(ptW%%sWL5y=d(%&=v@az7LHFD@p(H(We6m8vGbGA zwhz22gQcIg1lHRDzJ!B`*Mjmv7!Y-?K|Ms*?;DKDZAV0hLl4YikE1A|GMF7x5OJCc zMbaWHBE7m=9-oqF_Lq7l>Avrden#eb)JIB|4zCvI!#SCNfV;*T@4=*gyH&gg zva>u)7Mj$TTa^P7!VmGK$iTXvOtKVl>{@QfiV3#DNj$5c4a`>@b`O!3lb@!X5pi8G z43x&*A3UEfmW<0c-?`dkm&%-z_I(m2L>j_o@T}s;-3O_aq&AUB0%x6p0vf)C(HeSt zP{QirpWtH1W5T22;d@o7ssIqpk~}ZdPC!M8fVYQG};)CSrtg{0B2;QuCK6 zO@C0pST~SV8CTG$xv363X0uK74f1JETE_MLJQv!12~Cx*mbUXQ`#id{Vx0q-qbK3v z;~E#HJRyJ@)`f*B|0(w2Pj@VnYz zR8A%Lt<2&F3dr4uFRn=_Qeez8cO-XKEx!h8hlzJk`aVl@qgYQfmXqU3Sbb7P)5T9y zR^7RM8R;!X8DpyRzZiRH31TngiLIj)qJ_VnxYV_Jv$sV5R_1(UH*?OP_svX)MfFTv ztfpXxPavqsoS7@70(UR%uCgztVN;|kkpUxR#Q=}|p#HFt-iF0ddxCaL?xVW1L8|;m z%_G;*EL0PV{x2{?wPZV~JgAM13K1g5{aHUl%t6!RlGD1Ku=v!hIdG!ru67%l>!?M* z_`<=edb^We=9zc=>}(=e%ijcEqyOs>KrX>EW!jQ{wlgnWDNs9c^*B zq5Arsw}-shSLPP^z5pdlV5ZBIe0v5P}OcwkU_}001|8u6ja{` ztp|@sl(qiAjGa{-ZChT2Z%01; zdCD5NLZ2eK!V>8|d|SNpa)pTFXx5%)J%4{Yg;;bR9N{j^X*Kb4BQML$NXZ0pUdk{0aNJ41 zl(^XmD8qpq=eXk|63SExYBA@_3{$ZSC7@*bRb*`*%wd-;2rx3rCu8MJ^|`e`7{K1j z(0^>igS!9xU;5X!Y^iiIa&N%J=FC}d-I7-nV&_fujf!;+%tEw*sF@|2DJ5C^DKm|x zA1Qp#p~|Q^YGWhK zcCiJRY5Ls%E2^<#_Kju8Co;!fY@l=#Sx$|iJyS8@zjG&B;MSM35&FN~FS#*sTGQ=Z zQDEi!62*@F`3Rn0>9Kkn(C__@%Pm=iDdqsplWTo^6iTI}o&-Zoz6iod!4tZ{06QN& zSHH@M{u25Z82(I(RQ-1`t&)!_kqW!Vp5n0W(UiCr5NL!=H*+-EgY5KxFLk164@ zub1qNslzP$0gNr)jDnYa}wq0a zq7nv#V*nu1xy|^e*Pz%8{^9#$J@!Kn9mk(C*0u^MnY-lXj3Z^emo<;A zdWPsGX#-=ItXksz5V%A+Uv|G>;5f1TwH!l3#2i1YQ!UC)m*k^#aEH5o@yN`d#e}bv z79lC08R^087`0VZ%qtyj2lok;Fcp5P`zIbR?Np@`4=(YhV&)bdpN|$oYuJs-S<+st z$Y2|>UL0$h^MaXsx}D^xO8%Gt|7WCPgMc@2^Fq)#(cBU3McU%#@ZRF?wz$4LmHt$B z&ivq`pVw1OR1C@}IxC~+)Yaw30K0b>2b7Xt)L|^JTyY`CI`Qcl9A$f5GEe2wO9q9@ z^T!2N6Hf^0mD(pGwc)_s=>+wlTir6ME)(vpr>;m1p|=@6K(Cq!aICephxo({s=0DL z3(Ky2E%SEC(A!VKs@MGfpyEP~5guh?RAW;N^KN|==l)b#(Pd@2`-|hqxIowv;|1gU z$oRxCDs^nfVWIwE2@pm#&OOB8HF8L&(wI@};JsvWIi1cR({yw~{N`kJ<*rB2I6!|c zLYY%n2+Bx~pX)&gacHd^{H_fw1cS+OKv#TYBC%=!{#UnL_V)vf?D8rjdTNF`Bh5D z+KC=Y9XhdaN97|Di0PboGHcSk9Tn3p;)fCKaim2{U9hj_b`_)vEKa7j^GU_YDUa_c z;=1ivH?M_1{lh?C@NI2&^sXmevJxMqjeGKW*)(Zv#RKepSwK786sRzr))dlZPfPrn z#Ev@FA9^-5J~{SICk59i>f7Q#r`Qp8vLxSZpGfVPAi@V5j}D;T3RK@T77!=NdU=J} zbHUGp?^51IGBZ)zQz=jHh<045!wIlIu!5C_P<-valrZ>g?k9dIIw%9fBU#f)ZXLOi zgD4g%_18PR2A}+>?4&f1y{`=#u3O=)`%Th6rI^xgN0p}2>jGyh!7AQE75yoZ-Au&( zJFmKqQks>z$wC~5_Du$e5l&ASWG8M0V%wH*{RYL>F&x@C@6V_|QoVX0DDI(@F5$+u z@`GSojHdS4Xs>s@8Wag^wOns564!|&+!)kA8&fj2F+RY2k={MIXoF){%TP&vx@$a` z!bi~bByBeju?;KB_D%V)l&$EFs5vXs?LnNp*BOQ}`4`pKR0)GH>9VW|6W}e){$7fU zwO|N)s3~x87fW==rde+`hb1vx+_Jx`~BEYCW`FiKkq9$$oe{|CVtFyq9^aPU!rLV^-Z_O zFhZ-O^s*xtG?!C5*Hhe1@oRoZruE5sPHnXR8LHIMP zeHK7{34}e>tdVbbLkZ2&=srQCJ;?xmkV98%i+V{gs0F5F`?Nyn89g~zp7n7we zBFAEtYC^)xP@z-V>#B%}Y>c*}oky0S%aaX!+_nV9O$5?=ak6dszI=ptw}2_#5m)o$ zmoKL5551Z?tPjK532{#k*o^O%-gt3J(Dc(081ercMg^X_=^r3Fu?})yUEX%+i4WmS zJM5?!m(mF~o;P{qB(cbgCyV5gkh`;2T*FAoTw`A%!^RbK@Vj|JobFe=eTk>}tWrEs zRoJ-i=I)pN(p3I3SN-va%*z@W$I@>L&xYR0u*D~HXYud`&-2O3F?KZ=5*6YRH2pk) zn4%AHd4TZ!EwF`{ovgv?G{@92UNs#Uh=2$Uu0207>+i9Hhkr(|R&%lB`S9#opi~kW zk%BkPWFp%0&wBZP{Ow2{Aw(m-rrs268|KM?nu=PMlpolzk#z)#mD zrkkK-v|L;GY8^R<$jlMV#A+!xt-8`w&#y{^N~UY(Sc8t%agmb!bp$e0Ey~{oP|ml2 zx0WsEEf@Y5ew+y*a!isYA^bVBqy#P-kPU%tSNYn{*O|RKHa~F?vLPbJtLq}de@Pnu z@wCjYBTkYz(+U4^Dd4vsK;ptIXUh;oqjDK{ee~9^1N~J*k545IS5m*LPpU8*N9JWTB0yeF{Va|KZ z@1D~svc$&g8VfYB39s+wxtw3n2-+O^7MS@&y;&ufihj-$?3vKfv>K1#ZAucrEo!~CUPC+E%RmB?<9&BY4+^2*gd3(uTN z#cA!K@pTEIL0ahKs1A}Nb0)qbi$#EhcxrMiypU<-D?sgskjv# z6~r-iY2S^p?NryKqy3!m{rv{Jp>1wetjMa)9>0f@l;0szaN?h3gcEKA>L8g0fVI3sILfXaSohb%$flcH3bX=p$HUr1%GtC_RHA&lk0I_E4?)pfj2*``Gc&3 z1er+DzzG_yr|ke$Z?yoQ`*O13S*NCfcp!riw;R0NNJ?Je*A4C86xjCojHIke)hLA1 za$lLDqxA@hb%zBL;bXWF|%wcz0*Eka%FDF6rTHPr z1H`Zpu_1T12+z$s56l$J{s2!U{g8P`9nB1kx`q!Flvn}?gS_Jm%+0H@Q22peQ%^O+ zrINJcweQdXeWKF`(vEcB>e1Vy&L*U$w`;12BPGP=bn8)D+ooGYr5=$q3qqmms^7`k zl`IH%#8U;#h17xwy=^j%wyRUc?5k#W$7v+B=oFr71eXC5u(i~T4!P&T^osxXmHhdx z=#IgYNqF@&d#|_mU*D?qitqrjg-W**$DU8{*B3%g5(EU$U80+N`VT)?fDKORIj8^q zfdBd6|Mv<0eHei&`hWinwj`a?Y%YV^=XQIP?KWx0W8^X#IVF>Jlp&Y#yh{M7sRnWx z#RcZH#E&ejs!}MtEPriA;By7JpV5Sc?88F=$fbqleyc?o7QG-sx?`z7h7F-Exae2{ z*Wdxk0(0!pz`M-oTYj8mYdXz8d+mlOQ}qaTPjqA#>sV+J?s(I8tuNg(H>ep>nvE*I zipod+r<3AMkG?y(!ei?lH~;fsm}(B&_-yKAwj--&dIxT<%Kfz#nUagY8DrIZm?K`Q5=Ieq8`KQ} zVaf|i*aeWXJVfdM*z(K4X#eS?5y*`)i$9JA|Cx8xs`qt2Ly98M54a=yr0Vh;xfzhe z4P#L#L5-^2a=-^hl-NSW@DSNWhKxit0xva1lx6-+;hEgJcR-ciK0Q5*S%rW7yt@L* zSdwR4MOs?_US=oQV;JCH6dB7#){X4S@NfnCvJNc6bTC0JU;#4h1L$}jffJBpX%;V} z-<`7B+ueKgwUCW|2~4f6LsVAPtH^Hj!I+WqG60{)w*#L5xM-|p{N${x*A7@AAHt#l zu8QR@9V3`*lK={p1Zbj-ptK>m#Z&2+=H`|7>+(vWiAuaZV2JDf7<**hHZMR#u1r0^ zTj#>ReFWqwm;TV%>DUV<*CqfQ|0yWpu$u=$V57oL4KnzkUOfO2*1dVgeVgyg#V=yV z6+}iuTc9uJ1=a1#Np-g$P?9~2vZ)dQA@8|dMPvnD#R)NZX;+}>%g8s6P>*khDABdf zW=l+&YCzcEAq+~HI$%BMk@_tcq$Cev(8D8;shnnnVG%#>G$>zZQm-b*RjU6{N2eb3 z`+wMb?|3Zx|Np;)Y$|)pp4oesjEIDgnO(A#87EQMJ3Gp}QY5mow=zSKy~!4`zR#ns zt9rk$&vkwN{M~-H+vlHdjZ^1&9>?o=y`JO#csxOd*LbS|7~k)M7?I$!^5}4H9IVr^ zkG6e|$ovD5cK6+(QJ6|%d;cpylnrSZB3^F+I3b@ptLp}oZ$pyG^oxwAi}Xa!b=a); zA)aRDdfma#r@;@Z#8sFB*l1&w?06BGO6Z=%wWX)?GW`gd{0Q6+M_%Q6n<==euLV-h zKFkwC$1jU)3KhBZ1|2clbAX;>ATq}n_cH>dHoEJ8!G)$=4I~wfN%3WjryS|9~{|I(0uo1tsaRiVyFusCJ=I#RKm>1YIUf^$c zOj4owDr5WRqh+Sf>z1>@4YKrS^it_35nl{%C2?*8Sbmv@)tto+B%@ssK~1&>Ctkj4 zqBI3i4Ide0G}}0`9(k zQAfTur|!YZd4NnUd?TKPQK<0qAxv|_C`CDglLe;7b3?~Q64at14yrJir=0B#Z8gkP ztOwV-YdoiGWzhVGlgA^`^HTxnmMsV#(aMuZNVT^hF+3@?h=m7q&CEDx_<3wvFOLO` z1o<2+8k;>|llSDd9H&fd@VPUObM@;i3_xJDYUY1;II5Q5;Q25BW zz_P`)^FPw3w$o!rj2_v&_4Z&@@#=v|c{jGyMoXV;Js+jdG-+IWl}^Si0}YvV2aKI9 zX$Z6~Yu9e}r0gUjpMvjsmq(A;W@z^)+Lv{x^BNMIpLi_Tq;Hkty8dngQZ<7b7L@Bf zoZ;gb3y+V9;9D0v!~E!2bWAa{@}BMaUe+v@vkJbyUD{HNIg4%3hTI3#E0c-$A=W^Y zaskS{jdL^J1GY;v_UzL17=mLkVkc~kGUj%K%BwuhZr2E%$T1VhH74KDYsRx=0*r*> zqCi(CAIR^D3b-}LWL;EGAQ6Lu=Y-dapO0MU0NSXH4}J)uMx}K9DgW1XI9Rc_?b0GmpgStUs!iRC=9az{h(BS)^%V zGW-aJke%+mowXga!aFK6^NfVwOf({F4pi@v+fiR{0w6_g)re7ZPxk<_fs7KU=V zpWs3tK$159xJ?6tLB0a}53cxzu^u;~-o~a{mjw{(5ifAYEn)G7oN{a&0i?8yZ~ zXVUakvJX0{Rf296kFmG`u-+DCo~>qR@=Rx?k3GLoGNAdF7r@(WuajZ~XvszQ)Au|J&mp5~ z6DlqQQ{o)I9Q^BUJK}c5FA@6eoHs&Wa4~RZ+4`eW;N26%jidmM=;?#_X`8_&Nx?3z z=UOf_897g5KCnfn-bd#w`aK>F=M`a~`48`5c-&InF~>I?O+e zf6j`Z6pfp3$I*E$>B2#oFUvzk@%YIwiLk~K+;cD;BC!CT^Jd5H9vk5ufBD11LYxz? zuiD)3!q$&q3D62UN#mj+Iu&tVMPIawD&(XOTa*crjrrUMw}ss7rr|cOPP&VJ(Mywn zUesTtx=noTQkVsr|I#)%i6q%_*ge<|>6D8Q6zh+o@Vb(Xh8~8U<9OmeX^(RH*`~5# zFkhJP;cazEEla5JVVXa(jXEY=bwyo#K4Wu<@Zn2Ww;$0+EWESoBx6bzy2wl(O`| z`Qv_`8Tyk3y(ZC~%zamn*1~-nJn_u0Jw0_xZ#qQa{lks5T^M>xOr_L&?9 zi%LzE*K#!(Weukb)$ru(TN!4NX)E`|G%NaAIsUiPm?smOs_rZY%y2faMKx*NdQq%X zDf7hK!sMQKV3#R7d+XK|OqZM-{MhP3nb6(Z@>G@-ou7u9X~p}S;zeIm1}= zleu^^q|%e&7x-VIJ&C>(Bikak;qN|QL;oc9@g4uoEUgBRBawKz@cC$x@1!c0cYTZ1 z%GBDlex*p*%zi|5;u#nf&Fh_5!6xW=#tXj;MH*S6NB0B}pW8gkG^ezXT&TI2@p#Sk z3wF%iu#dR!9qrO5;t258#pJ{eUo*rTe9(kjgmNv*t+i*t#w#?`?^~66Uou*@2b#(} z@|~Hix&*7#guPdP?s(tpwrr=;#+gE;u%)N^GgU10TW~#Sdwipt63sv7sIuRpDRRkn zxP4tGUF2+l&J?j7Ie7bfuDPxg+T=tvJ#8)8bXLg!{w(sS+Vd`y3}-NY=0wp2wj!~6 z+ik9-5qo2+YreKB=#|d6Qpdx^X5!-masXGx4cU(AP&c!ttU#hxKIc=RIoNEoBQnY} z+j`#vFH|9V>8O%2A%2|1xp}GH`SFCu>E%5E9oB+I>8puhq^&|^19~o9>_te3_{tf* z3LSf<+vb6Mo9p2UWABL+)^(BzG_N>wv|%7DCX20|WS%TuFFcqgrLu0KNW6^VO|8P0-Eb1Sg4~fbY7{ur^508D$KH6?Cfd0WzA(oyx}|kDg%_c6X+?eI5OGD}gm_dxTEG4H6|VVR{92WihF z!N+6RDo&p-Omg?PZ)ulDpZPe9h10{%lu}obH)i&J#_PH43oLVS(Rg)woAiXD8PypC zkw=>ZkMYr?FuAY{n7ovd!DQ$;e@a`)9r6)0LLBb7sN1tVmqcvzjn_|x8tLqJn}x`! z6ncC3M~Xk#3^ma0eHw1UY{tsJeEu|+YFMxdlmE~x>EYN~T0kE2b+lx~_f+h+-LtN- z)e3Qp440bZwFbpZRa}jhm>bMBAe8Wn^SaVLe#*FZh;hQPdNv=Lzn zUQ`cQ9#2{1S}mJ7;p-U&VDg$zgY-!Yk05Gm1v){&11r@}s?DZnL=B=}ih6Hwp3ujK&5?EWM5b#UnC$4b z3C(k;;xuO5)ybuB8i|+)OhbIZ$=*XsKG?=DQm)>9Nnfu}jpIrYW}2Up>_a}bDEa4C z{8+Ub$e-}C?{`DieRU%KnCi2w6C|(T#Fl0vTWPJ7wz}@SaWR;vNo_otB_P!WP9cSa z&ppw*ZJsaRx4AFdKm0-qIW?c|JD)H~w*8A(=8w1N7)6A3q*+mNr%C_%I1qV zNj#JL43lZ}a!2k7wo&t&E9IRyO`buZ)2-Pe9>u^K)ge$eM6aP3N51fwgvP$0@cR?R zRF92+qRc(^da1i&6H$+nrm<4t)2a8fd*3)C%(Il2gS*c7r=HG;dnaOaW|U-RdgT7E z`|$`xJOdq~N9_5WNtkb+4jB&aZ(fGrjN7axlA+dmRpFe>1eO6Ib3hYc29bpuf7ALq zZspFF3<1sM*|*oyq_Oso?7h4Phj#aNK#tldm8q#bej{$V8GYFLi>}c;gyndHr#je} zm|3|g=Quica3K}f;F3wvDueUbDTqUGd?^L`QvAl+#SFAT^bo zkQx{gaKj5|MZ#;>tVo|daFFwoNkEEi5ufuq1VwgU(gNEbU&HRnxb=A0W z!qc%&UDE5?;%#=@;Qr7wYcc9Jmy&BKu`3gDag;$6AeTPuIBShk7BTz!_>0DPBGjQO z2QSkxE~>557`t>UpyD#;{aT?Q7L_`+7=qEk!v-SrzNl1(o(jEx%JH^J-J z+zz0^8%}0>4kyZukD$F}xtG8Dxgg)x|A^YT+Na}^@4C9rx2yZ=5k|#O*OH3n{6<=wMa(J~Y&VE)l$nd+U8QP{u?&cJ-#FQS_mxi-;- zpfzaxMt45Z!RIXd@Zwm7y7KZfrYF03KSH^5G*C2PL%!)&xjd$C2eEbLOF7+6So>xX zJl?l8=e}`D0IBr(h82N_(E1>p;bu3xHouY626B&43Np|JVRs%pjdFdRpBH?*p?%>) z?Dnx_-AS~J!>I~oizQfgoW)Z5-=GC8FhZWIddWufNF!lZM3$rTcFAX9oe^5E)!K+n z4zA+bqbl|(k%qkCefoF3VzbGwYi`a_T+*n7DXD8R4)<6?z9_eA-XlaGicS(y{&rO} zvZrw9N2H8gV~t8Q!DO@jn||tj;Vo(MX=m9DB=}Rt$*f(az;#vk@r3h&d*3T--PU(Z zXk>lWSh`G;6#~Xi2d(8GrlrllrbjoBjrWDuVXOux-+xQfK4V$ob5#E{QclJzjkpn% zB#$nM+j_CSy!4}X_bqGwsEADercAi&+|RMKU$FLgJZbU=7cr+n_*OThk}f`{X2mzn zz1CIV8^wKm8J{R7i)ic_k)-9rGdQDa_o%#P={)ArcPO@*N*UT$g7Nr5sjMgR`cXeETiD)jGMB+3-9Vdo?Z+1RhS@ zlL*Zz?S!)1N}F9)pOe9P$AkEMhudvOj|A^AoTm@CRW&T%>0U_O;~Nz7Y~SY+rfk1j zHsedfGFq$o9P4(OV=I*$eKZC zy&hcNZcN_^H3#jDWEYOM4h z?3&$-XmbS3vLLVS*`yS*;Zk}xMT{Wl3$jT`bo+|iNCf9ABqxt{JC=PIYkcor`J5a$ zJv6)d2aG}~_{93l!iZ6#z1F)Sf+hQJbMV&V#hfj{xX@NvHp)FG1P;zF3E`3lwuNW* zU*Zw4P)h%7K{T?nYkkWh6b7HPf~866-g4nv!Bg>D5CoW{9P^k)|;_nTk0|sJXoE z&8$YbC5-klB)C;golF7d&g#T9V}}b_ofU=x_5o|<~!;SzAmtZoKW)5@nWVZd~`I4MZkZD{?&c2fLn~> zY>o#P%s41>URAsBOuQZ*uUmgnZ-Zm5m)5=CZ&5waN6^#uia!=t|Kj>&23ap;u3A?s zuH9P9tSg3E2u4qIR3Kl;s$ygsGdE@1%?}Y3AuG3Z()dRW(MpQun9`Ci3$&-6_MNoE zKuL1g3K?>&Q=J`D`^MtuqebnEDR~X%pZA#=#pYib~!SpR`sb!~jFkhwZ^d{|e z(92w?+g*t=OgBeo^D0E)K=Mn%#T_kB1SO8 zu-46XN}q-8yh(&zDhnT2RtwbdUyD|73l zf{2IaAb%Xgo*E7-8VVglS*SsjDNHJ=`1Q=;uU_nb|4u^;z>HYu=c}49-Q>m`oGu+l zKJf4~&{|G0TT+T0Vw3AHlpHhD;VBt*8VARmut_wKT}y@8C>Mm*P@Sk0xTD;UlY3zW zo^R1OmfD+5*(S-@PSyhN(Z!0eEq{+ifB)X!*V!Sixl>2&x6XxAeRq#L+YD?A%pG#B z8Xxy*zjuaMgZ|X&irm@p*JvbU&|h~Hc&tIsJ!a4LV*D0H&~@m&H+ml~E_Ux#y~wwE zfAHQ9SeIt%j=BT~y5GXz|9(s49O#`S=58Yr$KVSnrbhTUZQo z(S+E??v{L~kBV8x?90C9eU3uYBZGC=-x;y@*y6a4jGnZ_@^x>bRS_+^_fdN}vR|;c zR=3k^UK1s9QOZBNSp52g-JfaD5q6)d!)h~~yxT!Qmu=fgh9X@}TOj;oU(?N=d~>ke zU$HSmz!||gW-oTFVH<}y-`9sQXnWXmN*h`4uIC3dhS3fKgZB14H*qpBNOwF7)^r$L z=7{T_24`Ar6#uxILOdD*wY4j6u}vE?(;G{#-P}Jm?29JE(Djr>XF;4qBds4}pL;;O zj7p3CHEee+OSz8C3n<^}Cms$_!;PxAJ5+6(^NzE`Iohb<>XS05qFnoha}(p+%u5DW zp0n14YU`SSV+)B<6GRg9Luf*0s5`#$RowlDr7oL-QxyNC_>V@X_II5|9||vT*N1Xy zq#i@nf^WuSk>DrnX|fb(dIWg`mmM5pzcO%DXkrETy`O0lCA_SYW`c5ep6yWIwNrWE zSDSnV6@mj)%-kc#65^Z_2o-a@Jjs?9p<+66H)R);fQq51toDKl)_$LLE)UYunHos8{b#7Tem#G1jr* zUHm7QFoLvTQ&I4kkXpKV3T^;*$jgj}82k7nYpvT|BrT`nx85h2=3YOdtg9Yv*=;EK zaS8ff%6>sV`Ph)*zP3(Du-BK=>m@oEDC5WRPZWoi*R_dUu3!{0z#XQVt*z3a$3<>I zot^{T!gII<-#li9SMspn7PKWe$PnjvqKs!nE)u?r%h{uGB>cXM1sSC|cH?6GeK+}! z8z38rMNZ8Xb>@pH$G^YQ#Gz~DUpF)OafP$6?I~R@dXW3Sys}oV`ow>HjK9C0_z?g? zXT`c{v;O|<|HmiAJb6Iy-zU?5ya4Ve6SB`vUGR+mU*43QdQ;-Re)hlr`2X_@7J(%R zV}#P7f<6w!iVDlF0TY^9(3Gf@>aSYF-+q^4fr7#(ha`|H2#!1s3MpJreBpqO4HyO& ztn2nwu1F$M2Yq{^!fW7Hhy`;1Iovyg5$*<=>H0zEIyd5iW(p+;d|(2sTO|SQRuzRB zmOSL4bs$x_lyz;o5o)v)2m!!r*%4nO{i2`_#}ssPgePg;Oh9E~rmgd(5T~yUR))9? z#`516&Chj!uRaFgHX*#5A%f6Imd5JnvljvTuL|);2r%^0@v|UfBuu*fMvvWBfmDwP z6D^@-9i4(zHJ%8_-O77)Q5QxX)kEu& zk{0;s@3jJCv>EN)55-ag&tz{SyxeWal7HsqWKWPGrW*Bd-AFxm@G1D2z7pBO-qL!d zS6~GoBEs!qXZ0P>Bwos5JvT?;2Gv1k`$+*QLXd9nfL^A-0lfS8(e|X->>9IZVPd+o*)=r(QOfdT? z%tId-UlKf+j5v5(Jd~`!i>kM>w!>TkiXh%@Q;~`{a6XtPcH)?;)uj6CNiZ&l|MLUB zr8@>SqEOGy9WU^FGA&b#qO~s=ra0PWFeA}~UR}jbWq}XOH6VrAk7quW*wZaTgn^Yc`#igkH9pLqT82#%R|NGMhOaeAde7wA=SYM!f`v0cYZKU4Y9< zu4Cjr?a+5cG4>OgW*)K*ztdA-Iz))L&mp|{jfD?L3jB&}~5EB#o@C%ef#^HzX5frH&D6pa$miRj@3=bOCsP?uN$=-ar`F!=s(LU?T zNw|IIgk&ZK4yVugJZe^!jcf)Fl`}l>i8MEMv)s^^#B?QRKQaCyu>O1Hq+P_2hOK2V z_;%TJ9H*%7wK)QW4#9%~t?yH5aUD$CqX{;_e<^rgTI73oI2tWxYR0 z+rIvxS(sMz+yU#-~xP62>40}W5pR#fWiJb4fGp6e_D?#fRRcwh)&NS|O}x%$dHkl(0lC_^AYs?v`jd_7D-wEha5g9 z2z(dcnU$;bufbx!W}*F|oU7^#B+Kox>gC{T^Z-grm>#=Z0EA)+M28+s(j7fC+w6Ac zGgkJv$RbzbwV`GCY4q@GNdfFWjkK{Dd&uE##vAQO@LW@rE(Szn+7?1QLp890z{}u;nJVt}VEhveO@5Y6AQO6sG%PP6IS?ABsrzqyjsUYS5cN=xM=k9~IyUjVILMa^t%3a>?5j6);IwflhI$_zsTbsX@)&?*Wzg+CX7Zt2>c zVn;C#C(Rx+$tLW>t9?jN_HEO1^=}{MXUwIQFAHXKb+E^!Rki#Yb(yg$yph2asUL9YFJtacK5bY>^-0nghyq#^|fMZcrid%1FvDOfFa2iv2@ zxvu3J2V@RVaPT3JLi?X@CUS%MnURVvxoicLaLhDrgYGXK7NTixW*iQ1c(@_?ioSmU zwweyEQXdLe&akLHtZnh)WK^>P&D;qy!VzecIL2kLntB`}QX^_;Wg<};4if$hnn$b2 zg9a3Bkp-V!3R4|yd^gW#8ol0!b3{e$`XH6&1MqX<|7tmG;t#?_jiZexNB0p-lk3gk z4czOM!=0W0Rlr<|Wdw%|1oDr|Wo1MPF>@G)LLEMAs9bmTWNb^}u52VP^U6=JN-l_e@3E9eFs>HSd$_WG5!RS>e@5X-A%o+|j z(D?P`P&ZHSfJfY<8i^eycndJ*K~U<*MPgT~m6ge#8-Y-Vs}T1F!fHB4?cBjf^69F6 zE~2R$hc|k(*N7h}-v%a{v|k}ES_Sb|AcPXRW3P-6qN58;pyh>6fpf=v0a&k)3ffy( zeuD*94-q!iGDra3qUXUcBlyKEs1x(MO6*4mZ&vd!T2M4C?LwEIb^x*Djw@=js;Vr} zQZs=f;5a;_c;S-kO15jAq89>U5F~uqp&lPKf+h0V<*Id0#{Q6O#-(SEPm17|i6vw( zaGGC#|0fr&hlZT4qH}5f6VLM8dwLV9pGvLF(OjG3N8iOsxCci+(jAy-7ql}c z2EG%jTHNn|@qOZddy~NQDnV zMMfT?q_u`8U^z_^Z>_{+$`5$A zJp0#k?u)jin>L|_wzyVXzKBB{EvsO6hd4U8`H!ConuY{g2y^{2kRxQG`P+KKfe4v0(pTCeEmYpUNU1&o5!;BhgL%&b!F~^{D3K|1N5$Kri>gQT$?hZ#jPJb#TG%0_0 z#z!V&^!q_=;tA$VY)S!r70HA>J3SR~MsILA5v|7NF=ki&^dY@L@dJaO&pv$xS^{{! zAx=G*8mu4icI_a}8xhrDC&>Z^8OgoGVW?%{g;>Ya-(mL5DR_1XrzTdwWKeZ4%AWqJ zz9r(PVmi_Ah_4uTgLjTS925Ytc_P~w+;pvr>WwovsTe&+J#`G~{qZ z`o+{#erxB+ulWVhGpA(D0|&>hZK|ICa7CzE3UlcIYWNe|@hanX6<>6gSI$-u82@Zw z;jl$uX;?`>rbU)Rwk9@7?TlJn`*w$`)9IzOZMv}O|Qi%;Qe`ZZp{>aOm*=Bo&I%Etv9JHgW|*Q6D)3=)4@&%62 z7;L8!Wgfdg14`?Gmvc8$eBK^AuA}Lf3MV;g52H^AmmR&POucsSQUH324=@pKNB50h zX2icxjVO&caH9S7R4!qe^NV5;PVyzg{yPp90AVLg1m;-Ca?s_Kp2<1zC^KyQ0FcF9 z=7`>aj6{|w%n{$(R1vq+RVHTBmc1i0C`6S-UGT$Fz+@>rn;G zADu5B(g58^#=-M9Nt>!op0s?ZhUB2(1K&jqIT|!?bOR)1-Pk#E;b}1&Nim}Oet#(- zTt(2vo_s&4tslNN@%6mZ)aF&KmAhX**toLF;?977D(}6LI}qc`E?RP|{DhE|Yd7Ye zg*W{PAtSMj8BwAO5AYyrmfSlDE0{w!Dv8iOX)#61Tbwf<7pcD+oJRj55NQL(3(tdn zC^n4W;i5X9@R%Y`Hx~-1! zn%3PHb@SH5{s_mSSyv|XFPTY%(fHBV<`i6q9h+ad;oU*hA*Qf&2=5L%D(c#mO;5NS zrjs%3?zMBE>*okYssyTNX@Z$D`E_?%P?R}xVQ2LMWlU1VM1JAeL!(g82i;tH)aZqN zHrKi^9FhrciqZoRCOtyQef5M}XVI@~t=6`Oh+{C7pI0~~+BVO&VH1h6@a{a2*=I0- z863=<>DjEaPWe?|gQSjBq~nkL`ktWs^@^zd1{-5k%}BIP22$BQtgVINu{Nvl=$qeT<1G$7I+MLokP{nae3Hl-(_&PIC+J#nAGVV0w0@oI&ujfVa?mdQ?wC1_Ym+?G; zH7s9vLK6Un>DlA$d5Z4xBXnO{1Ixtmuh$eJONdG?|TfycE>T#~D_^YYJ?^yedK1N+i99hg#Zn73~v zZ3B2rY**BM(UI0eqGyA%F{DnmrWFG6+iXjwER~Zt{Svfc zy7^~Cl{6y9dZB!AB6mA?@`}ifoj|77s(OpLEiRM?QlL9}- z_KhChqP~+*r&^8m&I&65LEG%TDj#pll%auW-VtiljIHa zNji0|)qUmNU3RK}_6A3U+gd@@{=DYya#8Q)wTl<^Y?N-@svZveD>zJ(tv{7!N=@jo z7pV|n%Nb&Sv5V9Ab2y`wt$b4h%Ll2C#ywT3)~b-AC^n6=Vx8vKx#JoG=4K*aUp^ZV zg`m<;M-23&gT6vi03*;0SV|R8OAVxN?;}14*$mrSBndu76pyQ=kgzq@G6398-Yf2R5LJ zZTWMDt@MM|(;_Yle!R0Rk2i98@e;?2O#(*x7IOa>^Sw<>DoDyp!9Thl&SMI4y2#%V zU3#|36H}y`kJgp01v$^Id4C2VPRu@|XgZ<)aY(LwW76iU5Fx$DD6hL5g{l^_%qeF` z6gWbP*l1vC_5Rzd=`s@!8E;S~w!Ivh{%x0NAxV?I5H8oGm+i=8Ha5+vY%hsMQ|3y~ z-_Bck!mQW%K;N)dF3>Mcx>>rrm&Y&)GrMnc&b3+e>k`>kr95t^M%mY_dkIMj8F{W+ zic*oAk;IzbEGW5=tJPD9Pv~hUhXhpRUGYuj&Z+mei@IT+?0#8R=Z)nzZ_cN35;K|` zfwb0A(P#bYy4Z)?2O;${^Oa5rx9XYKBo~Pq3G8!)`6Q&-yT3}uvh_qccWY~z6fkW> z*fY$;0J%jo%W}MODZoF7#q4qyj({Onmj-!+#C%HZq2#vEygc?ocTia6K~W(S{^fGs zP@Op2XcgjEiJrSeL{A%SG_8eH2rqEl&@zdZfBx?3WwA`AogQ%P*FD8pHJNzpWkSb{ zvlLMp+PfW^5ZqQVHJo|(mvGo)yp?F34UoKcZMw4Z_NynueJ07Zko-yOP{Z(?uRGVz zlH~t->SR$tSVZ^f3u=m)%u=W0%#&*}PFXF_R;p8WO!wDExl^d8Mxl2ilG?17%3b$I z9$LgA>D;|Ou)W3bi?iU4R?W_yf)t5{oYoAg8p_Y7#ZF7PLJNra3fl?BKys&Kv_ zhVe?|y_zg~SDa?sz16EovcVXS7m=Wp(LD~q&>ImmGGSoVQZX^DCh_a`Dv5TE96rM! z+sSC`4ijo7&6i)0Q+KfbVpY=)ar!F8#-QgzQfyOpF`eWrWE^%ycewIhmWRbKm*y;V zl~gWkqN3IV*T}-4S3y4bEWkSIW@KL$x_1tiA)-j-sBD#NJ=D-+b|`{^QWNT}GKKOq zC$=uj1|N~6oE%y(7`n+7hweq>jm{>LDEawr(oRud{iv?lreo2r%&`>P30=yQ7;QMvpoBL^|Y+6SD1R&T>H+Hy+4BL z$&Hml17|>Ni88ww3%lyvE1^<2*+r4T&D;{tGuadxY!6D}=}mLv0pDZC%?p|MDzPW= zW-zDbwUuau%E+9c!+=4%+lGjzsVa@`?M^c&pGmTp{w?n6Ge$M(jkxx>u)G)@RM%(b ze~(_312+GUOBa#KW+!wajJz%%Dswz)^-P7@#ZymTirS$!D(KdSS zECotZr<0~iH@;AzdO^MTJmxwakw{@Z>1p>(rx%^*3nilbm^51p8H##u586^L64s|m zc{T~gm@_c2#S#bZo2WW3tnBs}ux#uac%zB-a>n}Jb{h37zREhacOm!XW`(20Z(l*f z9z#WBv3<~#H;_J7scDk2MSf9;Lv!=As-_*1Ks!=DL=^9DhBMZ8VSzLq?{wxA(&AA5 zEbklH7Y-0cBk1$rQe1z*A1~#;vq6GckqroJ-OIP%792pT-0V1Qozk2(N@ZIhN1usr zL<8-$__nLjv+t zoxHsPEstHhbwf$0bg6tH;`YuJ6u75sm*1l)5VscCC!;m9iyx5)?&u|0ut22&1{)QN7lLHZjj{8yjU`Z7?_WSDA!Rhj5a7QX|%ZpbzkVVXQh06dJdfPQy(&fszHNdnw?O2zF9Wsj_;W z9(BLR2|iF#L}j1@oSXZJnGa`G<+eqH|Drx{KJ-oJq1-fOF z;x5*$6H}|K+H-OzX^1(?HnB1+xT>%}681!Cidlx7_fuUW?44&;Vve(+nJGz>nu#|9 zb>*^+Nx=nSiF0$OR93_KJChk9%?qTMj6w}R0f~J)!NZa4SoRRl*6k$MZvO)Cj^k6{ zu0|a{fyq^%a*xn9NkvSAq%@%>^r2V43dtf1z50qG+9G;7p~OW)bAk{5q;ipVQjZWrn>1$Tv z!FcUgWK;nY6Hr z{!=cdlIpa?%U79dYe6pF+|)b#nq11m#f#|JGR&e|G8}@c>*h_b7r)9=4QQb=B{}<5 zpTd3G_G9?6J6CQCF8fGLy?-lxKV_RBU7_7iSfO31=_^uGt3&Y9E`Gh#M>qrUD3NjI zgW!JztwQCJtX~|WUJb{vbdZ06OQibTx-tG36}LF{Tvl&K;RZSm!hSbrGZlwH5O7m5 zjlX*O(?@|4pvsH60X6+Zde;+Qxn@-Tym%7rB}1Tl{=juD$(0qxcuRGpZ|yq&DE6&Y z;=5-~`ILaE9?@NDD#+|ULt~4>E;#kH9#3j~UhDiF0sif7o4`QRjONQ$7L2ZU>>kh+ ze(8<~!L&rIJ8bErX|I;??-dt#TeYxEP=u7d<0}Z?T+W_U;5X>2>mQ%Rzv??mNFmOl z>GWDt$NZ!G3^Nr5%`pFG=Yoh6xr7_MS(pgR8nrDWLc>;t!w!XAM{iN;?N@lmn;NEM zxO$4GvWl29S!YL_4KP!qe{ZYO3!s_HDu-W+uQ1!Zk?}b3XCRcrbG+w9Gz3kyK!w?`zfzuNZMv0Eb&ZX`fM*JnCpBBVe9iJ3Q0}|Onz3&u>ilTUG|h0usPO|`^-wS>O3an=JHHsQkc7IjB|zEt2}5v%%oNt?j?afFd76J$#{BHt6>`;--e*mAkWZ*kqIvB8 ztIOevg%pP!<9R*)q&QTwO|2?zdTK|Z1;)1;R{=$^cY}(Z=X>nclSTQmvRR#t)rkFk z&@m}S6BK*+9x`N+OY9+a`|G!hwOcngrMsSoj5m?<2Qj2_;q+xeWm&&R8nVSnld&SL zv2b#!j=7PJW8(l|=+T>4=Z>Pem>NTkq7E7iG|dh7@y70uQvC%*Y{E*@13meGL0mmC)Rj z4#io9z?>U-w*LN)f;x+tBU+U(WOQlqb0h9pz;hE89_V5~d&vfcw1QU){^N8lC)kxD)h}XYlc|!daw7OgudF^07Z%`6n8rM(V%?`uCTq>mzJj z(9WhQcgi-2bXew-b7ab8exUT&qsl8UL*N{=HQjbZHF2cmgE0JE?Z_-2zVr zaVF9T!g!HrLQ8Q7=chrT@jS*ns>RI@kcmsGXFfsi5E1GJFkvO6K7K{0N4SAF#>|I% zy;$DeyZ)CKfGi92W-TWKOV9jvuKwp$z#$H=K{z9wql<4oj~}p&o?UbRi=mFlG%qx*0Y~s%!yCZT`?% z3IWT8`NL&3z1uorjWsDiy=EH9@cvqlM9a|aN z`4Gb*U*lir)0?Zc{iN9UPElQQ`khGDw1zJh+hp0JI?+@d6sMxFIyU zg@uymbl*Zna2$Az@Wo-UU7R#P|H`J^S+~Q|DFefE-G^oTg3!@=Cz(#?*g{XYRTGST zwDE9|LnyP!lSS0#N?I1;Zd6pTc`PCM$#kzM4We$~k@(!2iD9bxRQ-p*}0gj?&6J zooP?I7*9@^Dzmi$>a1a6C9v?e6oq08a!g>AnMS)nVVS$Bpe#Mgw?x5 z5=tPtVB~9xy*5dzPRl*MuVa8xP!6PQGO60n0ax~@Sr|011^xQB0-zNvkwv05V*{j$ zmza4=L>Hhp=1#2}kY~^WUwLhPgzU#D@u~05^?%t#9@W66Kmfki5{e6*4?)^|){(T$z^VPD7ANmyG)@`ljm396v zFVvEUZ^GPVaN!>=-Ji=1^^FZ~oph?upVk=v_-d32>`-~=iNU|$(Es5EYS3XM_O)H^ zJY>GFCveN+s@(|EkF)E@IPH#~|Cy%4yTNKn2S?m{DkwZ$ z!9B-&4h4--6eH*FsvXC`IR*d!!>A254QinO*}^uKuJnfh{h#RQ`l69>%s$8MeX-&n zHFfBudsFp9S>9y@ANPNBuThj_IVodfX505`>YvI=owB~7{Pv$!uuT zBbt$UThF`?++!=*uW@L+shP0wnPUC(PW^#AjT|LZSO16g_}jyt zwv2u=YnFcgyu=H#nRh8y?<&s3{ljVofyRE3^=sbQiuv*FCstN2grB)F4msg8)MAGv zghKQ$4rL_g$-SI*#@o*!ryV7E!h@@LXvieM(a$$TyJ^k*$yQ5-$JAe)%#p1{u1|a$ z1&OX~&1feY(`Ah`c~HP`G)#Bk2wEfh6z=QXbn?M*41&UC*Zrl}w)V%c@W2edJe4k> zB4741mbqAg5y)W_$Z$>zWs9gjn%o`E zfintR!$Jqr;RoM1;2I(Z*%F-awuMeC!-N)4xKtUNO8y)CKP8;wqE7DwU3|dau*~v~SbATuzhWBz6o4_Up zAjQKF8VO-9urW1-a(uc)dmKc71g21#CV&j`I^s)zsb8TBX5AVwuef&urq~5D#|ogm z8~`P0=_L?-nszIYaVKOy-P@`sl(`Qb1);AsW=DgENG*{7s!s)A#S@oT5j0H9EDQsaR5m2l;v>@K?D*1)B z=%2smN1{@o_s$<39+=UGjZw&n`uTzPI}Sk5gouC2pv7au8)Lk8!^r?CEdX+|K@mn> zA#vkr7Lbb|_>u#{)YF?S^9NKO0i|CLMh#>LzqbltcC)M%5VGHqK7=S<1!{||Fj2H~ zsx`VEj9|!5_+y;Y3ZTF)e4i>MLF-dU88(jK7)Rd*s=>;O?3J(7$>5zS&$)j-Ci^mL z;GWPZp_B=$8O{eb(E7o&0*;TFpxWn0CZ4=v9fmHEA-|M+trJ{9Bd~Ps-H0&q0NYVK zpp7qyLe6!`+o**K%?2r_kVCE3tBW&o9sC>utM{kReTNE>;>6Mm-H~rb0NxA+I|1>W zZdh^W)irbXjcl0;q&pktTT8n6kAuK*MY$tGiB1GEpYgiVhxV14YoT|g z_P1ihe}yj^B50d9OuU1T8r78EMW5&aV&Z0ItWHp^l*dxHXF-HKQP|p7HiXw>2#!gd zg;jwEl4FCVDy15JuuJKMkzV8onW6Mq3~*%4_UX6okS^8nHB+AnM})?lBzf&ABBP#7 z$Dpeyvf-^YQ-s95Uf^bjn_<9gf`Hqg;XuU0|8l_-k4^4gQ7S8g(YtXKpEuq7r{C{X z6DnU)*+md3XN5xsU8K;!^P|v!SP;+b<@6OH)=)0MV7(0Xod%NZ`ocz{+s2B|k;Kb8 z2#wf@SZk{KCvKKkf(b4fVH?6RBY^3S`0gwW>cBxPih%{hfteBE$3HTLiJrw2jdpjl z>`?TucnkXj%IHzZ?H2NAs6rC7pR4xr&@r~sfanQRJ?MwB@xQM2k3Y(uC;h2NVIUyq zP5VR``==(QZqW`N?m^(a)_FuA8LJ`p>v+B1#yOk9nlK1?NX;{0T&a`nw_cW6dRfXK z6=MXN6p&nRVRZBX|CCcQj9b>_!*GSy1_!O;e84uj9>}~?FdClXvdqC|lpeMq3|Qq= zO%mot+>yQ(AeJe0K-N(r>~3ku@w(G5Rp0)vqZYaxzKc&}(-85=bFE|fk`x|QFuj=T zeIZDq9*f)xknsfnW;6Q+#F`{5T6dfz=2Z>iheBAn*^DIBJCMLl3_fUe@eqn5bK8T5 z_&gLVknyC^3U#m<5$Vd*%6agENps26>&;*=C~jV(QJz*|sNz6fk7KM+3RlLd;`sO; z*`4|Ucoz-zLGq@r09t<6kwK^6wR!ouLRJ$8UeDPEsej2T<#4;GLZb+7Ow;n(i1yA) zBy8tA3*!)?lFJu(FUoj%QpjxayT9Cl@R02p*ngqUa&7wE&oTh!L_jbQr9(<2Tx<|j zq@)Jvjv-XakzElL5Re#JT|nvX6s2aQJCzzFq?C@|x&3@x-N5hfkLUIL^L_R&S7GKI z_kHeju5(@2p}qwj`Ct=iq~4>Y%kZF}`gridl-wQmxGkQ~x@h(m+mAyl`mfMXufxZt4qxhfL`iuH3mQH>^UogZdc9G+9&Py%QffRR5s4 z&(9XLpPYvN+J$vDU*fEB=JCQBYbWuA{FGk2^9X1N7mC6s3hPgio<76WOAJ1yp{t)y z0qR6`{-L0GK8!}=yqm{o-(SecDX8f=Y9BQJhSH)S)w9D_SOaQmk?_jcCj45deP0o+nlXnJ><%9= zK;^gJ_by>*omaAF6qtV+ILKQJLj2?w(1UY21KGhF!1^&- zOVnF4&tFe)pPU7aXp)Nrvj)=U%vU~2%&*G9q^3HQ2F3qKW9-`*l}D-_E*B6=d1 z6^w&sh$8iGpd-%;>}d^JR*AHp7eKnq>q&);DGl!6*&||!?kwA=>2eO{s4)EFL418Q zIQ&@-Qc3vry_%G(2^o-YRfRxqA-sU8JG}^8{ip9$A*nI|P>OT$sbk#JV)bnC*x{$k zj!^Igm0@z4CAOsIOwtM)+X}Aa!##%F)vSA=p#}F+gmjta;%^}Z>Ycs=Mp+StwrS6< ziKq!T6aavBR#%>q474w*zDiXFe$qL#eqrS`L_uwk?}j(dGO1$w%7G&yi2Th#Eh#ks z*fS5Q=9eKbV5Nud)(lfna<&4lVEIJ-2+2ojI2I{bgrbTyUyqxP*Q9lzC3;$^PDq_(1kGl(# zk6Ub(@NIEf%s{J)lw{S z%fBqO|1Q2s6^=|nG&U#?bRjoEsy&$*ct=!zD+QIwvC=@se}6HsX5*rf&T1gWla9M0 z(w9}zepxgrR_QRNu3QPrqeK0dRsG{S=cq06L_???#*fkttqG>zC6;?%wmkUvjqvBM zIGB>*%IVxzZe-8h^GvQywEJMP zWCV^m1bb-_@4N5cE84%%Il9R^Gu@8!q&s;Gq14FBwBn=h$+4G6TQ&gJmKGgiK%Klc z1@)PAM;n70#92n9J&OQpJ=?Rw~n7qt52Zr_ExPFE5&GvDoP6z8l$e zyAHDSk5-2?H7uY(9b;o-10c^c?`R7MLPaN7?1oDKt>sXAl@ALOaycM^;C==r#Qga~ z0Ub~j4uZbfJY$Kr1BL5h3nb_znioNS1d(a}0gQorRbvpBCA7uUi`D)D?SWGgeUMpb z82E_ZL^Ti^JK;X<$^Hg%RhihM6E-ArVXE$>9Zk}k?4yRptuTzZusXHw8YH87!k?`n z)kWhK!{Lkw0It7M}Ruz+-A(>jJ}{)VPp)SQb**kZwL zG@_pq*cqjY5p;&ZDFf+XN)a?sS-Li9BYIvjZyB1_RZyDDF!6D!E4zhXSZ=r_5xj?^-~5hMlEL!jz&%-h1+$3Ao*FC@JYRN zS+z67%`9O^FjA5VL-z&GNt!1FR9K1S4!Po(HHaL#bXQO22WWarp0L1P3ThPxLeU7T z+L&==KOzmo`QCq~st$ydMp|^Q5*)P2%FBISranh(vXdQd;lLJvWLLhG=?&^LA({tG zn33(+QxzrrXcwx@gr{`qYG530b+!J9Ol?4W(h&i^AExe9mtp9dmw;mN7BSY~Z>P>o z8a@#u)k7nebQ6v=PEP^PKuzQ=Fk3KlT2k9&;Zv`|wD7`k&t2pjVs#=#Dz+VsUw9QT zN24?qP~KLQ!h3n^Vw^(>ZNo^hX~OkMe#n|GPv#_hQlAiL={e1RNu1`}yZPJki1R%t z2~30wl-%>%b02;;tt*{uZ(>A^>Bp|3>{;b9-dPpi1y*II$dHX z9YC4L(rN(@L^R*Z6fWxC;Br zn<2FZBWu7MnQ@LTmSCCrPL15WGj+mXa2D#;DkMHGACU%O+w=FBpvKTWB6Gqb%!oID zEN^O;DRyK{zlBP+b~>puJ|e^p#tKEm#Io)c6WN+*|KWG0bH3|;osKgoy2MGVQ z1OW}B<-+qdYFB^xZujLsxc;s5L3^=Gkrx49!HG7f9*_KS0l}oz2W1fkhYqv>P^k&tn)=()4HG@yCB~#HyiG=-OIt>6(?MvD(eSSU%uU!fUNgX zw0^2DnrL;I4|}YMQAy&N;jyS&1KxH`7rEYoB%UiFth^#ZB%O}{TTh$ZlX>^MviIsG zvq3qhim}cXE)=4k)2(yl&pdmaXEErmG8vx4mM!*5%b|!R& z$$O17M4>YnjWlh9VJN#WMNo&JTtiee-rW(&tRk4EQLtn7?#!(mhGc*zJi}TQFxxzE zD`L77BS6{~q0J1#h49_ep$5L*@WKwE?P*^JvTbo;?3CWdvbubkpx32Hh*VtdJ=Z6Z zH#%M-Om|L+j_Yk0N&%=N>xAQx z>rI#K1jtG>>+q-ZULBX*J%;?A5jKx}H2gaspuu!BuZ^AvdWo!!sh8duxf&5RA9tN= z1<9JlHLbv^$`7Fbr)3zm>LkKNBVFSL$7|)~M_F>yb!b{zOBpJ2)%^P4_55Tp-E9<%By6G zxb}KwncJYup{hcPOT;jHR1jUk%LWR_85ovxUPdQM`FG`nA(cT%XN7g4W6@&uw=pOw z?f~I>{Mg62gkCT-3H}fT)0qlptNbEL&mC-F#hEQJ*UI|pA`T@mn9kJ2KK1yGAj|Oy zwnL!XhIqWk*e;F+C-UamsngwGn()+$#{@G=Z4kf~P;(0s8|A0CP+U3qfeX_CiKhb= z3fEnNmE>*`(3nn^I|&%`<5rgdCsfYlFNnpbsJH~st{XSF#)V@An{U@chJNu}Vf@}J zf6bvoPvT%vzM$24iY>{?8nRVF2?GtS(kq_`CeCQOddwxdnXINuJVCc_AdSl|ZB}vX zo~L2QR%9Vn6>h&oNx6sIith>TBkMz6@Lq*8lVvS`AjcoTUE*2$3K; zq`yUQ>8=$?<>ezBs2;g`P0M!URJb~szkd*PA4n#2qY39*L zi&tUHkNTJDoCjbOm<3|tsjvng_fkFygZlfc~tHxXa}j9hxjc!xu=pHQmdL zp^Y<8PR0Hh-u&}Z$&v)#%r|Jv?ATC90Q$3uNuOuOo)J8Bb z9T@{Gcn^Y0nFkI>KTf{1-V~+0G6{!nI%uwgYgCaWV3y#zeluFRT~bts~#|6ak!>Y zQNiZa?j~gKf3!DQy7J`r!-Dzv6HS*Ts-RWg;L`26hP5k@q7+leBdfSsFZ`;jM1BT% z+lOG0YMW7&P;cYt=$H;i?d7agCwa;+*(aCDhJg>jl(AuV0p zMHx~Pbf6eg=w8wni@yF&uPiY@zLC|T;dE^3 z63!V;Ah0B|c?04!cIbgQUK9jEWPLoD?DJ^KqUpsG(^{cx}PtD2Ierr z?OiQ7nGmNhUlEn<9-iv_dhP)5fC_bi{T@o;@9!=%Emg&=O6wjJd_fTf^A_yKA`H@A z1>k>E;7vbc7;NGDB&*@q?V_sh#J)ojm$zkgzsJmr$(Dh|k1FT1f2s(N1pqVNUr}+6 zQ1)fvD*@%@$l;%HD^+4mK34HPEzxj9kMgsyL>^$gNOF|f>3u1V290>wA>TJN)4$x7 zdr2;18=djF4(REskb8p2t&+mZ$hZUcnRZkk!OnZGrX^uWV3PR?;_oJ2Ho6tbYEA-f zfDbfGpX(O}`EowN`Ws?wVTvRlK0$SAu0p$n9W|c<7&NTvjSd8!9*0S@-8;guO5U!1 z5qHL3?Itm@2+l?wm0-$)m|9a+bB@{ z*l_E?I==C(Xs!(oIy%90BN3i~+^zk5$Vus;y2I74f4cedvMdxR5WfJWZZ5+3h zB7m>P(JmADDuz%%7!^#gQMFwGb6bpS@_AT7;`#Ck=l`STje z6#1X*v_XsvJ2dnF8mB5Fri2e?_mEF&a*#%eO}7rLbjf%?aWrg1CzS9VN-*^;d()UZ z!YaLGOij5`Rk_iK2~`B6pcd(Y*%$t$tRz-TW>zBRvO9f56lZr`0Jho)kFAp=WX$Bk zaZ_lSaL?OkLHtXBdEqO!oNNzVM4_wCJtXR#-aH>AK-CRDZNtw?%dRA-OpC+Bn}5S2qu<7u}U=d?MOuJj70 zo>8^A!!ObiXmqX99p(wScgj|=VxPv^MCx&nf=>aic{8`yiAR2qs(OU{Z&6T)2tm!E z9v+uxxhhkiRH3&zz+~k6v`hbjIFNJfQzB%~eh2OaGq<}!56})B&t?Y_8nw+Y8^fNS z&5+z_*LJ`rQcjD87oyJab?`iK2#hCE#bM2ZR=eN)x}C4Zkd5X0y(nIasn|+|4l#Q^ zJfEtTFwZzZun*B$X|z~L8+={)_qMih-EqWzFymfnZfS@O93y=`S?bgkFSmz+I8jc^ zYGQ0AdStX^UV@ZO)VIJ^H;!%5cb_Jd4MG{Fey^|735Y-hs`6J>>ObU!kvbSauIymG zZRMdyyt`m8-p1#a%!jc<88>@PFjnpD9hco2R@tqG*u~sIpK^#@#yWxxwWiLM^h5dH zTur6A=X-2?$6(rC@eqxAFnZ81c5n801K`CkR|mqeXIp|n8NrJXdgiBvKy5lCl8_+z z-h5ouV8#QIZzC+_%^TNH+^*J_L3r*hSkXsK4|&|KFA+$8v#YVCIf3!|{PSk&p|msv z#2a!YnDEFDgN7mkP4<>k> z&P4W}=_u-bSq-+jK39SUCL6gJD}gQWA4w)@sdv&o0SDwEEd?r*W}y5}eq8Cl)5~~e zX$1`&?-%^F>MI1bwp6A=H!KTXoF?6`GrkXd3Th_I4OP5U?cab_N<2|gmwWMC%pQu8 zrFS-!06|}sIXrSqcqxhy?HM701sBEPIU|{;Nnax%Zl3pv2LZvPFF;~HnIFD<4im>{ z+Fo8RPbYZUnGMGJZVeN|F-7l-)g^^Xyj=L-pelT1+Zr z?!!A-nH%b4WelC(gGJIVxKvqpWVE+~sTVMY>Ug=Y@H)b$P*ldtifmx~R}unn6T~aM zz*VSazc}m1y=3TU%%}^JW;^Kpyd~exOON_Fjt@A0NLl%xMEl#1u2sf%1<%E*mX}8) zN_oV;>&GL%H5$5_dTrzkNzpC5s2=1RleLX*#3X~&=dcJpg0zGS&Zp`Y*UHD^y;WB< zh3d0Wi@N?nc6Vm4tHu||0h5%j1~WgcN#$L-?Fgv`-*^cFluA(cRM(+ReKH1lI5(r$sH6-CU^Xz ze8D%m?c7mES2|orOG8v(f}T~qqXJCR3f0{J;|=~F>Y+urH9 z=C0RWQxoLw_fM{{Ik{29A!f9SO|0<>Lul~Aj%0DppAF)V{8aNQxMHw`~`mx zg5{%t!&in}nW=#I3cHKyJ@C8QyfCmH(*cBgsFka~ksu)%1gd zvwHLRQokQE-;aL|c(`!bT)gLjThj^Ui7 zlT5KkV5Phj_Id-92&2`3k+N4(y%hEjo=2!mv-B^X8=B4rD`~%oiXo^Dy%Di89jJ8Y z>zEsRV0>KWQ^^z9WB60yv0+J>THyXZCZZD*uVAe8}^ekQxISI@8_Bw zI&slTRoH@OLne`)Loi(~o`z0M(-Rsjgg5GD+i_y_sKt9T>h_4YVqksCqJG8wAjP%_ z0Zy-iUVSgNL!`&17r)M>2KJJ`oZ^s+w8(C(dvH(i+#chyE8matAJ9xW7y3Lv(+`u} z>WJlCO~K{mIj7VoMQ?C5Fi><2M|iT4DX~lCmSsJT?aepRX2bb%zBkD?=oKjDYzRXX zh|4-w&Q4^qvXN_ag(a{?L|R~ta5dObthzMVeF}j9o)eUu-%;91y^P z3_eRtSLd=3KBIr446s{q)D1$%Afh~^w_H;=dz1n-SQ%Ltpx^u!HNb#tbgKy5l!mq8 z*9?YwT=9INRYj1+`>Tkx1}9;`NGSL+!Y=WQGXOk2LcMC_PJjX%FMMmZmtt0we4H_P z71VqOfEIF2@+)N%koKe_4%ev+HxRxZFzruT1~wA?M@iI^MEpE(M(aOQb0mKQk}RFC zL`XCiX_o>o1Du355%#sm{nrqtrts?}M>@hh-;;&R;yTHWj1zJ5lgZATV(YZ@)px4_ z(;ei|Te?)y*$y40T}LE==XW?>VYx=xy(!HG0v+Et^Mz9Y2HXU97;g}xCR3Cj03&7z zXxj`ROlQh%$|bfB%=Zlda^^o>&YI(Zpd%*TThE9Bp`8!&`L>uNGf_mANe8a$Im)RF z+`7n=Ug%uxofvJ6n}(#fK+0u z-|O)U6pTK9nV4uH!Rr|)nb4D%T5@CAA6H%!mn44k%>%?lW*IXso73uFR-@ra0ZZ`o z*V}mBATM%+>RgJ+diHz|dGl##p`7F}zxQXl@V7ra*wu5%3mgtk*bcQQEIC4M67n8d z$@iuSs3W)4UHga}eecUXS;#GcC8bV7x4ynmD$wb)oi|Nx$n`$+1u0~U6d&niZpxLp z3*33NbWP&)DMz3#1){NnlMTu{jA`-9xG(>5oX`95)Kmf~@X8L_ezP&)% zz1fpz$2rKK>jq_wk-9NQTQIkvMxoWU@y>H}vL~T)d!HK!+>rzHPkIX+AEC;Yk%BT4 z$E_eNvX3Ri#(gdv3eldgs5Ugh^in=T_n*I2ghg0{X>LDqAfySajv0efT&i45fLbvT z*gs}_98UdtqWBBa8IzVRO9vcg%B7I!IAEwRk7wdy#Vb}Kvh{k~d;cMyX4@Q^2E zpR~(-MAL_P#!zGElbRiE`OAa)5iET|4k<1_y`<|%OE9;m0Es*)GBfq0Oz!ZL=bH9; zO>jr46x2`yt>1#3d6=}n2MQ|#NVOjke~GvziLyws{ypm23{2X#rO zyhwu2B(pvOJC}vIg>aiJab0=7tY#u9gM$P?sHP?3QQ2okde#W{;2VcFd7&cNa-tEY zbz~CRoFX65Bnsgq6H)R0AzvM!!wy2H$@kQGx+*+&mo9WnjE*%&MB7~A^rCwAK?)(_ z!u=mmpF0os>HwAO;%RN*QwqJ}eFFfNR0$x-AtlB+`gK&HrwM43AVRK>M>++pAW!TJ zfh~U9a5?nQNZW2i+KehDf-6JGK*j>v&#y|lAd2MEGTcFU;WL@|`7&tVMf`>agAYx| zpbmlJW!p4!S&?1XWA&^1!QibEMA=4mL4WnA4y8>QY zpl5|0L~WzVg9t}2q&>V0B}&j_h1X6$bv-x7dnaF<^Wjc~LhIB0N!58h#}shr4*CV7 zh7OeHVJztElo#SJ!m+cCy1cEuGhy?*4Ta}fJ&hhPhSyy-=rg1)+0W-LW_lxLQ zGUQfDYurxWe2fEYyPu5hdm->=Mev_LxE|d5jza2}U$|2*o;iIz4LH~5>qsG|i)int z8X>|D@fh)$Bokz+0UtxYWGK~bfo;L{7TPEK5g~&JJ)+@7#JfS}7RV)yKp%zAc7`JR z9Njp6(rtC7$`1IDPj6FEL5nMrI~Y7!cG(tvDi|Mt39@`-;UK zFArM>9Yd}Gpbb4rb(^&C$NL3xBlB$3eHH@yOh6>r4s8ii&H3<$FTQIMosXfu5ssR|ryL!CL2HjN5bx?zRtr;ylo!Fa%x#f^4#nZj72!~4=(3!n z<10W12DBEXPIK4;0BZ*zZza5OHYg=5US-0~pF@#5DYNb&^4~-(lz`KrWM8|=PJp1; z`(AV-98^GkoV?*+tpVVx`w|xk9~2R4DQ+Rr64zB!d;Z~#^2w=MfJvYUi zs7MOxtYRQNb%#qG{#)Gsw(CY)$kBLG)Z7&UZ$%}yNPb_r^ScE}nDa#z%Zh(n+TU{M zu6((=$@b)M!81~&mkY!hw^g%7(AX3x{1>eMF)DxkqGUb}!H%z~pfCh+)P&qLip$-V z^MYtPVVkSy^{>hMf3G}C5s0Kl*1nsCT=a|@K2T6lN%inG>wm{+{`u_q;Oi{$;V=Gi z)j#~Gg9KbRoio89^k)}NfUnaU89DZ|Z(~z}>#pb(X4~vpeZBDi@i8?VB}X|NVuD-Q z^K*S%1;%XT#(~0LH~a3GJzLxKJk~k@-_#nWMYFgOIRvc3lhn-gUWh~k#gyn=uOqa{ zI^k$IO#$P74j^3#!blOP)9H!sxUtJ#czX5D=leH%d^o%=1{vNK6cpqE7-D>9`!CJ> z91;?f_it==9>KB=lS9HiL@oe|o%A`s1HI;?#%ba~_(g1wiTa=T)wgy0?V}tpxXWUl zN01N#*!iYZCEIjtcEYon{J=lDWs`dwJwuM#P!WJX8l@CLcFH3LZMemydXEE$5?-N- zl1m|Quf3M4KS<&MoygTrXP{-An7D(YDo_mlXakJGQ4N9``#V;!Mo_X0=fU~ZJ_9Ux z6t`FaGt~W91%?ne#$+I)-_eaq#VQz8-3$brMT$w<{U?qARGGU7P4__*$AE{F6M;nr zM~HqW1Otd^#+1j-)-l`yV!7z&+mLPgZLE}Tgdbb^I?4tt7_g>Jt@ubT*G#e_{fCA9ZAbs-?cr|VP*NeBhv38x^TgzvAm;R;bw~b= z$S3|h<@z#A7=kiLxd%!#z>w76Ag+l9>XwN>c67G~nNy0KfI2X__2iE(I`s zOWz>+ATxCjQ0~kN=@C{3_RMUY9l>N}NX+UBoUC0f1P%z&)|%u_Krq9g?1J;KfG0j1 zQR*HdtrvLJdj$P52%Ydj)Yyh*5i@5f8b;Hm7Hzr)-|!G&SqO}-ju}9`Q>0spfOgXi zB;r9%z`(iD)de>&2nH(xYmwlA`<2dy<_aMziyWiDkD;lVJAMcLKQ*1wqbP&TA`y;; z0(CzTxn}_0y$|G%>H2!c{gXhv=9~`Ev_~UqG+j_RQo~&YmHTtx58A;UUrr-Z?ge0> z`VJcPVt~pzD>%hc{Pn<$tnN&CIjZJqOJjp?B(%J zoG4?h%@h+1-Ghb=1+ZyI?H&a^tX{?z__!8joJE&$)vl`|%U zL>P~_UUOHE@|eh74VHbxW&GJtyk8J>m@`p7!bsCCaR;qhxA1l$65DlH^r(bs#PV*k z`#BmouI#vtmv>h?oqInrI<=*>H3$PdLZhWm&ZS!SnWP~GT;kyOOMDlzvYK|3iCK;i zqf1HLPxWCxdjkmGGR&aoABt&5jYC~hT9l8%e72n?bRG$Dtm_WfhT%ZwE3|*vR9O+E zR%JLXs6gkv4BUnkTJe)m83_-WStsuJ4gMu(7-S)dA;A<^cjBQv&-yypN69lAu_`4Ub>=5x>{!DsbUhP<#jUF|EbI^(!;>8`aQ=x`CEj z4VN)9SS6m)H_@)reJp&T*GP#W|>txi0< zpclitm@bsUNuGZX$H_dM2NfN9PK|*ySsGfSoYffICgb;*!P~?B)Zvb=B`epDr$#?@% z=bIIDJQQKa;aw{Vwr(0<;HMn<4(vk$c1HJoOlbwbHpE1jI!$%vS zRt2*s@>s=tPD7H<)0&`IOk3GXmyXBIufe#3S7GKs!)UU_=|a?t`#KyCDyS+Td5D*n zbTJ`n$&l?c)L62gEhXbr6^;x~DVrhOgh)O8%qgaX{j7->8FPgg-*B!ngkU6buD{V(@$M^$!ZZ7MXRcF}5s3)7`G zT}obT$(!iaA+A7aXF9HB&=K&W;<)Od7waw<$L-DwP@cd1OJl(knZKaw%bt(<4ARvp zTycb|j9U!}Sn$qYJM|%|MhD{}0jQxc{GXz~y(uw5K!8+BNXmn1hSwUJ3Bu}q0v=0* z`*N5%rcg}>=(j2o0W{oU#S2uBuQCZ@sWX&(L2h4_fpY_85WwgF23vDQ=*D zgnZt-avPC2)lGYHr01UG#7Cr@HLy9e)+r*0hC^1ux<3GD-yH3fADyBmhle{%m=GC$ zC@OkGiV@8!;e5%DO{47P-fShw#T3&-z`i!3ZbJ3zWU|F_GZ_frq~2d{Hri}^V@Bxr zfgd_^mji4?zB&3jR`p44EtME83$YZd&3*}J9>LpThE_50Lq`~vC#T5Scj5u$k8Cq3 zA4N91yasb}*ekk;*}Vbx3xVAmP{Ar6a}kbCv6`Ek6<#Q&eZyzb@p_H{_7? z>*k-Vc<3|`KGF2EA8r8=b(^`yrf@&}Zi6>k-ZSqU&Az{@e}1Gn{E&rc(!cc$zZJr8 zU4R5Ejuf2u+3wDUAIjd}_S21f6Kz~qtj_+QZQL91LpOGe|LmeqrUL}URg%yDow@Zd zaVr^qDEYqQ&n`Mr1EK_DzjnyEpM@kf_#w55@2u5-UOi5U7qTvIn-qmjl^pQsuke75 zAW{E2i8tcyu|EyAdmu=*rfrHBqd3aAoth4o(fI$`WrVZN7WnD94vi>7 zX8Q=>2NBhq#hF1a_12Q3kjIQYhY@r@8^xXh$SC|}V?j8eaP8`wuSuNJK{VPMjetWk z7S5NV(5QEKI3C8pBm@n#eb9hfMYK?uApS>aj;bszPnTL#-Dav$YWmSKa^`&qT|h<$ z2L&ap#D&+Igru9Z`5qC=b6TAEH(k_nRJ(6MNu}V_4IqWlvBr4u3?8OxConuE6%!iCAr26biIpGrz>nTZVh=l=ThZ-6Tf7a5y_{npX1Qo^)HwI?aoG%P_+G0SMZZ}%*A+X-A15_ z_q;Tl)+y<@Kpo9)9bf&k-F02~Z(sQ@uXjJq<8=oI?Zx*ic7s^t~mppe_;|>g^awa30JS8dUhjc3slt z%{I5fs%eH7gXJVyUcGpJA@!cT_SJMl=Yy}!Vyq>u+os`OZ~Mt-{y_o8v$C&r_`23p zP5QlYAtg)(<9>aX$?h|mJ|hqJthfpt?knwIJ*Jeu7P+`K{^GgC+N-%$z0Wc3ZYLMw z&oVWV?cBvWaaa6u$mZ{iO%pQ_+L%5(EPvR9ZnaD7(c58*df~=l-Ug2xiI3r#Z)XM% z-En0QiFg^c;~j$Xqe8m=<#~R49L>k3U-z%G3AF9x>~j8;A5Kf#CMF9|)H3hu@b!7? zh^5i#TdTc7GiDCnZ%NUjPP*6>3D@jCMxv&~r%WNcWxg-W-W!X@bPoveFBAI?ulH|r z8+iF{#CQ0PyO6_2*e3(ZJBwIKU0iSBx7%5^r=-^&%6#k2vhXNXpv6w!k}a2%J+*D~ z*hEIocJ6)c%K4xY>#Vh&=04JL+4~LM#hVd}tD&KZ{Yf)EqNE3XgR+mPqLu{R?|gZX z_i31Hri{*wrEV@TQ_nlFe;>Ze4jJjPpdZxfdU zDqjis`g|E1XUo2mIx2iev1k5GTF0Do#bC6H0P}giKA{Rrw#@b&x%EGJ`Epv+iuID~ zDa(28Ne#;x7Nz{}!lcsl!^)R~5@ZEV&EBD*{@xqaHD&Ltx0zCFw4cbSZ}gX9CNln zdFA)Dp&aGfv}dGG5+gRO`)111mIH~5 z#U{}rIiKcqd#0DA(pzj~eNQKT@wQS2L1XCPBi91Uxe?{c_V$ev%dBe?N2C^Bk0v$G zJbaI-Dm1yXS@RAKtOoM#cU_!HEHeE3F5{UU_WMUZ5#)4(t$UC9-_uZM+U}72$fWAA z&+@*TpHs$nF|lWvMz|6R?fM4U-_D4;v2v~E^Q&pa*{m8@E!}L@9D8n#%~_Tkm~?s9 z`3Ls?L8jfB44i2<$ZX>T0_@yTjwVYH&Yhe%okkF$1m9vC+DhGzcA$K zPwnvO-8gBVF}`Fai-Ker0P+G!!b(x{%iPiCDYh6Kxkd3!mQJn#wxUd8SI06ct6t$@kol zhKHnOF2%HYkdf~83vWh-56VIaS6S;nhS9dW_=ApXEeUC-6h-t6(o4+^fK7OH> z5*=Z?YdG(+u}{R>lvKMry@5p>jNi7_UY*TYsJ+^4-MvtHzMV>f{gz|P89uiw?7Jr# zvB9JBx1B!dYrRt&W4+y2IMerA??Z82wga*o<6Ml{jaS9?sb#(BIli`eW$thY7pp$b zp6mDOQKa=M$NFknw;gt^{nxqA58R6j-aPQDdNWrc!=ql<(u94x{z&oUAKAqH+bf^d z7qN25esSV;tbEX6SEG5eZ6^AyXFZ)Cm6z|MJ?fFNN_qpORi#U{TIrp)*(4%zJrg4=_u$woj_dCV#-Dda$;a z3UeA;CeX=lFVQ>&|Y+ zbd4GRXLidkDhB=hXdhkuV#R+#xn2S@w_Gq@*LZM?C(TuL*#qX6?-_ae{2)B|=XrM) z1F%{;*!(q{a^ir+B&l}8ELP2Yt@Pc9G%NV~SF>8G8vATsNS^e%>zY|-$6n~*OR(MZ z&(HtiZxk;A8|2cj^P7JdM4TfiPZ~N`K)Y#>hG?m>OOW*b>2DK1DU_+PbWXnFIAS?m zo6gqFx6LoO_>;8DJ1dAN-=5lazGx|F420tqjR=P#c1l?PLr6 zi{@MG*kg?jiuDdwgqs?T|3gi+XS6j@ofkByGhih524w9T66d!ANGpMLvcLI3p~;(U3YkR>xSw2bB5oJ=I$-(#h>AaC<6o&2|7 z%L)T5BeBu^r(BU0fKDy{-zWXg&xrwu#oNov=drS%fBQ#9^*x5mC883MJGFB2N&;vl z>;PANb@uze^hw~-(E2+phME5pi{T+e4K@ANV?T>}^T#=`X>NT?#XsXk3F>Tx#+JI0 z&(F$f(|+Vbwy@SHwdodzhuC~pZsfg#e#_=|f`IPN3p^<=w}uvm*@kqh{Lem)BJLsw z*pC7MowT^T3r%LqNYYDniyUuNU%RAPpE;5f7i?tkE;m8<-Oh2l|-kXb~WfjHDc_vljj{P?p&4=)T*9bQr$`}Le#LbC?YQRCU9UTg}1mc?$(k-bza!BNZ`;{9W!skYRN|?-1{z2`nPu(xVu`Shaz^wF+0@>Kc20pT8Xhvy!U%+ zMuNI9mBkiM)f`O7vWUs3jq6&us%_e~MNwU2u0;5%OD{0`Kg#X?Ws&2&w+i1?*D}{r sAI~Oe3+R2J5=~M*DyX4%d|j5tAeduN_Z-VF@ZZI=N@r4j#oYV<08gm%9RL6T literal 0 HcmV?d00001 diff --git a/openapi-specs/compute/33-02/desc/tags/img/Tagged-Vulnerability.png b/openapi-specs/compute/33-02/desc/tags/img/Tagged-Vulnerability.png new file mode 100644 index 0000000000000000000000000000000000000000..f289b080c91b158b175838394c9280803dbd7dff GIT binary patch literal 258407 zcmeFZcUY6bwl6GpQNRXBR}rN5A|)WAC?LIrjz~}F5Lze-D$)e0QUg*GAfbnrL{va} z4WXj~K@uRe(94JW>~rpS|G8&BcVGTH$&1bJLPn|kN zr~d4*{;5;f!%v+$^Wx(9FeP+XZ|yN=5LKtVUI2TcJ7kLGgI$Vr|7@`{m>)}(z6{?Gj%pJ@iEbQ zE^q7ZDq>^j{?cB=-__%9ty7Br^2bS6dmo$I{;n==-tzu{yZS8|Caa9b`(YbHva$X%zxbJKXQ+6Rf$$n^uO4qM9X6J>%ys14^OE-Rx$LaS)91w ze-l5|wrU;7voQs|Oq0K5l`J42z%*21RbfF5#7BpXbb`+`M=>%kJfqyk5c(AE-HU&- zVKp^6y2#6Rz4F)Ro4C#!4#X}vOm1*9V3Tqk79Y=}bn*79Q>Rbli}3ghHN9FR??j0I zgJ|KY=A2I#Pm2B*>6^E24M~45az1hi>1x>3t%@`j=?kyVGaG8{Tb8#hw(0u3m|f zJ1NnbS?q++$=w-ci!xJ}C~J4Sz|0a>%KBj0}XU zu)=F6#i1}2@e3yeYNuX<`5uZDgWu~6o)j|wh5a)pMf`tY|G$~n$Ae3LL2sA;hD2?n z7{gxsEo96&qQW`*&z*pZ{0l$ZC1)*u-?(0h^tEN<;wnwue98znlkJT%tKUc8O|CbU zfTbVhFNcQ4$+0sW6`El^zIIDUwZ1+f;C*|sj;Rth8T$HFXpPyXag&BjHLB`&=9jLv z^Cg<|J!TwPixxCqcTNO&JUA}Z9kB$%L-xXV9f56M6ycuZQaeS$4&FQ@hW<%_fV|Yw zZxW^az;BF?V+rW8z~`?+sp|}b)xMo>Zy$f>6Xqr-C}tm`okqXvh^Y5wc)aL--fh)nra+%L z)bi=^PAVKBGwC*Hdvpsi!1+PEN@767sRx}{df@}Vh^c@c7GYLPK{irws?yQW^Z-fyM|cdu!yB`Su_lkVk>(NHs^d)i zpIM@f`M3YDwD1+XEpujbZS49KRnWD!pQbIm=`pgN4=VHamWvwZ_(-S6p!i44__1 z402QV7?how*QoLwA$r*@g7CLCQY4sPap_a-;M%CF0o&?DG%R)>43U~`(zk3ff*Y$s zxI9vq$5zeNomlqLh2V-_~)OS~R9`4Bqo{Y}0K%FK$6)P_F5kB0<1-g@X?TIN- z^*LpNh2Z(trCpC*Ajr6jRk1yRXL;x@V54tO9+qO0va%}5oBG|qz(M}}8!xI*Mq{hy z@L-~<)au;46d0l^n6mb~ss=kQvoj%y*mbz1ftc#W} zha~Tymn$e6{g|5W;38%m>cUhuMXc~gJhz#|!FyvN3nUz;BNN6qM<1DFP~f_Ru3!KS zAPk6w(T(V+odAB3UjwgnX+l0UfBMjsRZvtYjBlr!Enz#X=49;jre!sEa+@#)L{Eh;oaeF^ZFgwuG_>UJx#6!u*1Gfr(A&iipzQ$38f13_6E)Jvm9_sc-w2hxpq3#hb>=J$s zJLn>Q*k(u(;r(OGFy12#RVm+%+cl-Y0ULkyYwM5^OwxJfwesC+x}>6O-$922ckt$i zXD#d*C0o8qIY2l58Qs>(3QyZ4wf!yb$?3*|34QL3PVmvtEZwj4wTV0po%eci_os%v z(dbl^W)qWkkTzGBqRXxBzP4uWjYlu|!NF=CC>_ot^zrRaqHD8R_7VbXkoQrgXP0Ec zps@iIXqE-F-pX}a-JJ^m-FHE=yi5*i>C@@T@FzQj!)RF6K!GVVPbYL7u`z29xOL=v zD;UI$^YQ~9{%&Nf{Ovp`>6U8R_Qx4l0>0!Pu{&}ytLLAA%zvjweSp!x_c%2$_@x%N zhn{PrDW-vLw$eUvYV2C>`z)BCa0yz`BEM_nRyUoF*t&G^ob&PYu>Xe7s|!?G!z%67 zphXHD1uAXg5h*Lxgw$z`RkJPU{XeG)2xKIabo6M|5O}4&7Kt;0#=g?r!%p6VG)_+V z1vQ&`FPIa3C#L~?3ZVft6y>k`RYvjbRciD4l3m?M(J545aw!CeBxo?;hB{J~Dm(jH zhI5RqXk4iSeKMO(1zB_FeGZF;}co{R-Uw)hp9IzZ7^0dSmF z8QsMfTibg}O9J%U5(l~=%s|nAMpnJt7#*|E(%lnchn*eIjowvuX~~+uywh12d|vKs zm_$`$AlS)N*;|^Yl{Klo@|X1(tA&90nxEFRf7b+TI@B$jaj~7;dQ@1YrVIZZq8Mdv z3$b_L6_C{V6=Mg^;cq9!JEA8P1!if_+E0>~EiGM7H+9A4_az2Ie;S`k4&oTVoc1~` zn(Q>xV*@LJUOKny2+gFgp^UH3F?ml8;_B7L&Zvy~m1w}Gh-w;L@>$P(6+==uIL3hO z?U|V28c%g^VQCu*4^yfgFU^VAQC_n>``K{myit7GQ+06pozBBISHREiF>~tO*tG1RdZ%B)p#$T$HJwQH?kpQ8YT`fY{BJ#vNX0Ln$PBnAqRpIEDvpGkp}A5c|s4~g@91&c1q1TiwfRlbvq8| ztmMM#rjHd~bGD2p#7(U)2Z1Dypl9VNBG!3J&@jkv!}p(GzD&+c$aZJm!%{!`D(zIK za7`5exp0I#aV1cGz)I^`qgAgE{~})$zN3b%T46iB=Uq1NxkZ@%pd>q~#^ojoU@?tN zD?qm$<%Iu=j8durR$WWTf1T_3#_hjO1*4soCG~4rx%a z3bnyYQ!(GQxj(gfdD%#>29%WCSz!oS3XJ~DJu|y}BZrlmj@bH1g8+{0B}nY>3_fJ=m5yelf4h*@~I0z*Bl4`HH>#j;y3uk|X?{18?4f!-1;#aWycldxs zDIEdz{0(Xf=a@A0o362y*wrIIQ@Ii6eJ&-Cc`%Kemy!V!UE2P;(s(cm;JKvmnBipX zHFY1(iEu^!5hZP}PG=L^B>mD=a?UHSTF2fRF|`jav%EaL*0j98HLMxv71-ao3tF&A zcHeq!#Wqe%IOyTs-$Xe|hlVCi1cS-#{kcJAwB!+T@1igx8hCOu$MiJkIiDc02p{)61cd@SPgqaA)^(?a0a8{I0{z zSI=!4naIhqo3p^j$>)a>>0R_ei*CVEzGziWS)EX$vT>7x}v8}94jiN=#6Q-^+(&xD`M zPJ}ArVfpwf=>eju6(?og&YbEzf+=D&DSPv>7uI)ZJCD!rec{}msmb11!TOkmM=npTZFT5dJc>$dE3yD%c6#3t1ASH~ z@;*xX3+wm68LRU%*3Z)-S2fzZBsLq1_ln~TzwNE?^m1tFArHt$7TNvB%)3v9o#9-`0EX zPv?T>v4tYO_UZXz?ZlM8Uy&ah%8VeG8u$8?ci+dMiR|@e3=<04*G%mz;ONH z;Isve_i_EJ81e>jMCWEodaltlm*9h2NqUGuO&GcT6@xT%&Nxe<{3)|$l94W%CXm>C zfzf0w-&ZI|qhd3~lG@>CfOp^(Pt?ZZQo>0Mp`@-mZuK?h@j~5h{{U(r7`t7 zwaU6m*^gPcj&YW*L|1sN3+KM0ONSqEFo0h)em!$XID~u$Q#D(M*a|jFv}&?EbQ5uy zTxgGsYVa`b3<*@V7FH_Qj^`O;*$Okexn8}sVTP*P8yf!PUWn-I;!j7v#5gA>Eg%!@ z1>m0R#;iUBOhZB7m!kK;`*YSx=Xlp*#dX0kxml^RcQIlum%fTC^|YnmoXox-Sw<7 zCmY}fEbMQ0bQJCXIiQs4BTJmU&+309#64-LENYGrup&HhL22%)pFWu_$HkjMKh0K< zWWTsjy3i_b&s^BTUW@rn7Ff#Us8GurSll3$ zSUh~|6x|YDe_2F!UyS8MF#go(Q1jPpGPj1NH{XkUoXjv@t%IMna7Xlu-8v!q4}YG& zaU3u~=lkW4$O%c$gvDR4di{s{c`7F|X->Undw%SCl^vnUYdo3N(`^s$OUGduMEUHP z^Cz-gr8(;+cI>;Kd~qRW`R@OvBj>-V_NANW*aw(F_LpEip{Z2YeD*l_Bb-C5A^L>m zO*Zw|iR^})X?HrAmBarC!@uHV{2yWX7wjVcBMkq-RQeyy@Gs!lv1Zs(uEJfK538{o z4djrAXsbIXgu*Kk}gLn zFvamwEX%<@;|=@5Y{Dl`SjRUsw)F${D2iPFkv7}%ft7VB1F-Dc(Xc9=rWM)}cG&Y^ z>4Oel*(%r)kC~)hbPVz4;a~H^Q2QNrjGA;rl}En_Wn8T^PQ+UBVb{isyE*oIhquI7Cs;a~8&#Hx)c z!uXt}z_UCUPE+KZ)V11OsFsEA;}D|@3k7ZFoxVYre~9?O#sZg;BWTCU*4dN@+vglP zkPInZGMy9WEGHD_tV`b@@Q4xzS9yd@@~eqP6q(BADq=18d_1Tjf!tC>mWS)FG+WTwaLgv$U+3VY(Tt)3h1?|hR_$#kP=I+(q|?!QbA(`n-?cV(t7 zk9K0?l5s^3RlIpnY7-v;QR>=8Bh6a$jXh<%k8E2HVXEo&Guy}+4Ry_dk6DhQqkfXS zcJ{m^j5z8KIqRD2%*w4nYrgnfSfDlLDAz&QvdA`r1mmkst27V8PJ zc%6Yygj;i1uvrUWcz)|XtzCX5UKXY^7|;o6Q1_$b>U%P`Uy80MEtTRJUyT@Ejs#Ze zPkDKI_J0|+r?!lVxxzwC0GtgQ7Md3=i>vrqytd$ZQ*#IGfy*STM}8BY5vpVO5k5jL zZrRCXAotj*J-)G?R4-rdfGFHf?tf3u$gx><9RCFb-Uh6`PhnH}-K6Pjl=i)bmM**O zO$_twJn^@o>bc4BEP)_8i56J-c}(ZHk4mpdz(h-{sD@2WJ#EjlWsYe4>RDb;d1AOciQC`YpMKv+o~!kE0yKBYb2Ir%vy5 zCpX;{aXSR{WAj*ze6R3%-|h+Iob9IQm8OsRfr_HAp=OG;OUqoSg&0tFqarzHwgckdS9)X23i5t8zc3Pe7MQ=V-n~9@v}4Dv0+Ar2=iHCtgUx z9}z+vuuXeMh^2uVbJDM;f$7~GW^2LN;DeIgM+z7BInI6^7BWr|?;{197rW~^+dF)B zTK;vbD8i}_Gr2%}_&cUzZ=K8hnBAeCTTb+^$r^w8jS_59u9u{dPDiMY7p`@L^avK$ z?@vvNY>6aTABK^ztP4T&9@016v*ji9A2HgWZJ7J_&8@Gre(FR&HW(e(62Fv|-Vl_! zyfE6unfYzF+*R%%%TxZR*;7%)kw=%A$_9Q7+Gu=C1xdN&z7B`NtDi3W8=1;iJEsl1 zP3HAoZe0%Sx{lfG zaI$Ym9wN^ix~62T4TI%BeR4p;K5c%qO5?3>NF5Rs-56k_JWp&46~^ojsIK``oM)-9 zd;Xxxgc4eB+`<;y=e;E*)ycGBJ^QQMtUL&#{mwEe!4W)=CizH{)+wp#|&|b3| zu>Jn-=Nog&27g6aKNX8HEP0cfw)HcP%c&#x*5ukss8qG_E6o1yRd?ru9Ur=o1^b$n zEvdmO2?MFsEHvZ}CbRVe%iOKSdxDnMxYdRpyX`-}QjhXTt*e#65(zq_13zBD?xOnE zCMiSbOM6nwOV)FYed;Le2q8tQT`zir7(t!|E^}h`pW8wMrx?lN$dV#=RGDe?FllJV zsXlPK#5l2*RlYcSpFO0{d|SNdIRGU-qhthcWmv%G7^GvJ62JbI#8Y;dheW<;-f3o| zwh^=BS-h;&7mxzx1;_?E_WUnv*nq~um^YH?%Fy~vPC45y1$QG^;$%)Uz(|15)Tsaz zfq#GYEYhk#R>?$Uy3&t?I|3m_Y$c@^2$(3H$}V_xp#6qZmC2lv&H^k;kZ&1&tdRWjYSpLM3x^RmRy$DZDzE+~l)Fn%77k|R$ zJ&dvokOoa@2RF$0eS&RjQ~@(R#p9Amq?R_f{%ZJTpM8r`&_?JZhH63gA^q)&_VGgd zz0_5%Kk=Sj!Y~6#rC~wI7)EA4%ntE^r0}l^l`@Mey$GE*e66?QLen%rc>DMU>5>=A zvPYd7gFX1@YR~zQx7IO0wL+elr#(f@2BOE_k5K#kH(+X5!C3I0B$3wpY0XMrUg|nA z!IsI2!rqhZ6((br(mG%?hv8$3sHo(!&rGhuOh@BwX#w+Hs~WL#g>P}FzSlQ$H9CBZ z;A=*)Id+&KxU+VSf+I1>UMkY2IUVOzLl2_`zRN&?q(B873q6Noa+(q7(!Md_##pdh zwM6WfPw_!T8a3Z=mBojWmax##~sc^LqA7lxDZ#!+H{F!u`|O5Wib* zh96Jo111~==fsPyFRAjHW?3WFxHduw#<-{uv#aSj0gZR59wn8vmaP_Yd2e%9)vogE z(79zLy7jIwqqdEfKg+ZjgS{=9m{?VuIbAFU7C3LtDUrIGDy7&1>`GD&D@@x|Mfi9I zwd@6qfh8Y;hmfAgbqO7YUdpGk$g0}*M$l8tij#6Z8=*8NU#!f!-nfy0-N-P;(|TR7 z;Jk2ylSi-lB0)-1dVaGMp8!$t;Z=OZA3(HhS7TV%fr2y2

DwuBfcjWo^Z%q|36(5; zu@SC>G~Vz8kI!!JP9+i1&2?*ygY-U2TmZ<@d}IgS(rD&|fw0bzF8Dg{0XeRNJfF`Z z_(oqIgZXzbT3hcl{{R-h>0ecQ+?Z2n_Zpa7BbiO*Gcfe^+Z8vNC(tODEnpW51@u6z z*jsHPe!JrflK{Ig(}@CPUmPrM07(-A!*VMk5VRE_E)W?Ox6gcb%m=4*z|e3 zOy z;Y^;=sY;0r7YWyf9c{EMP18&s+BDQ1BxjvqBkY)uS5qD1oZ_m(Uem`0;$gCVR-Hw! zUGzrjVlBI%`WHIx&+{YRkFLZ!3%N)a{5|*i-y6eVJ!{22B+g1aLclIlaEOg;YQ<%| zpZ2N3eVa@b2K?@&_mErM_F>R6{r;xL$KdKcmOZeGfX}7Y?|Cn;rik2m?pNQR{c9oN zZCD=M-I|PP&gs+PzOO%H5it6-KaF3T6J?sned)FNt;o#aJ`+U9aELd{M{j3%aKYyk z|I#h3Mje>GYxhi##uXjQJ^0-4sVXNP>D;dpk!f*!UO`O#`#RjI(WX2gK5p?x888UM z=3#Z&)H@63IDYM^(kZ)c!Es}&E|so5y^%FZu^(_0;{~JWr{?#zhux9C%e8@hW}<+g zis7p*A{ra`{0^VPTgZIPy=}jCiVk;)a2KG>4{WJ_b-u;I&KkzHl#sER5F4GVv=)ry z?^PWFzkqyd+}P3P_LL%G3L7NGM`=f&aEenedv|&dS`N=F7mUatZ2g6AdZ6GJJdH6y z>?l=ei(KS`hMn{h$xM|YV|m-{-gT2j@yK{QU5pbnxIYr#Fx&MN-|+uZs%a}E^6tzj z;S0RPCpH3g8cSmtb`J8oMK0UHR;=XA0>X_pVrkmg`cJU6tN*6JFB=>M+QLGjC;E>3 z?ESqosPNg@TBWmgA^JsHs>(eFPND94+#j2s?kU|rJ>;FQK{@1_cWh*sP6YK-4Er@} zRxv{bqpf`tVERNQDxMw{$sa{h6%R?tz)|sVWfM_Xm2v@~oAMfHq({RLExGFVuwZMI z#KC&D)X%N^sE|Q6b&=*=Qp!|}k@uhkJI=>jTc=s2Wy(Q(Y-ZmK1T1T6+^{klT8%L8 zSf5mne3vnEt-wx)RsU&w?Fu5?JCAF{O=YIky!dE9(tjT!N@ z{(zbnUHXP!G~Cml@oZ~=IZuX`^tb8^x#tVpA@V{r+VjB(bL1_q)rO; z)oBeco6RRMMp2+eRX~`qpk`aC*Tjxb^4N4A!5YkcVsu7SF$mC)eDfC*lPGTc=M6|Uchdncy@4ys)(&(!VAy-7;ActNpIgVx)S zJ(xk*6%zGxo{t}!3_G%@?*dpW*C?P?FGb_}@OYGxjC*J%s9Mm@It_k6tZ9C`pGOXL z$4$4+y)tu+2P+_bzLM+K#7rH^WSw3g#7-m}cy#sEc8u+H2_nnu8)YK-+dl-NqP88F zB&>DS54OQTO*#*w`L)Y-DYsjKHx7_1=po zPyR%Nmb<6Lz^?~5_wD_KXoQ%GyGf%{db=Kwxi4tV*vm{xgZLUe#lSP&tiTEBe44j3 zk?Jccrgj?I1_RFn?#5LjmfEB%!*;06a&CQpVVaio8FhNDwq6*YBWIMBszR-(Huqvq zh8A=}ei;}rzqjEg^@GcTv{q_ch3j4|8BgFNHXboNySy)jSlhI163ZxIv{m#@Hp+dt z29lS%H!^49X%&I;>#6MZ5G*Zrb1lB=_Sc-yeoL*(cv)O5#|ft|T23s2&~0FtefX|# z+ky5*UP6z??s~na=)GxL?`XR|=ncP-O1wR%PvVjoRsxr@(K^0a9X8m~%+5h2u@oZt zVUsT?!EW(@&G;g&%VRC>%(2*kzP3DOXEz0-9N^@BEAn?{)JLvq=r#nWXx2APZgp)G zv#+}m`Ma|v$5=UUErF4(D5u0P2RNXkA%Gi^TSQe$!!JIWQmv-OoH-L<=GIm&TlfqC zaFkJj9ws5DEgy>iR5z8#Il<* zwEG|y<5eP0eTwJXo4YhEN~uOZdLA!D7$SDA2d+xuQlDi7^R?9k=Xr328$GiIBnHA) zo`A#WaKtKK&%gPTF0O*+oyZxD80{q$ihqa55GlwjdO@2zfo}f*jHZ-eDt(x6!C|YRrRm;?M=!mkSi2q0oNb4YAy6MvC41x1rG0&F92dXBJ7N~qpzKge- zfXse-R@3)3cMNh~;*FkOkJ}H8Tfp^#o0>lou8`LMEBxsXKI8utiTmG9{4e$Y2dDmO z3`h#NzcU4mE$N_OnQv7ykrX1v=U#xfU_vXCX4a}&Xis7Vk3#qzJ6#Ge5tMTX`M8Ev ze2Y)O23K`ZM<$lZBz2kijw3*?7x4MiIWhKf37^)w($lA5S5ux4&RHddFPQORkTt6i zx^i{;6S{S51~G)-t3?kmWb3p@XCfyX=KAQHp^U0Gix@O20ek_<8t@i_s5}3`o*`7T zQXi$s(Fc6lj85y4XwhkfX5=#CE2Q#!Yi1afNQ$i^pD*@rizQ|KzK>2P_e!h=@8$$e zqTJXJ`eG@|V*XCJLqou5SrK-c{6U8>jt>+YL_W%ZGX^M|#Fix8n>Pb@gq1fYU9fFn z>VWCg@G^Day-lZ!WPNvpz!Ay-&ZO(g-gh+-QVquU`(o|v8{93fYN8#AO6frx!F~mB zjW!Wh#kk3l2XU$H_wYS@UB_CPG}j2yh7*9KPnd*JeR6Up=?El*I@wbtBo^jJUii_6 zrfyUO+3bx9Zi;AugRe?f+4Nauee_x!(E}zvzP(!I3-Rv=T?JH*S-Q`DK63@IMk=BJ zG{USUQ)Xax%N#dvb;0)uYK72TBsg$M)$u6ZIzI!&thEOZ-S*fh+r?8wa-ST~WNb8c z-;_CIp-QhtzDu@K#Xg*W?mk=D8ECDLPhVViHf#H~KA6CQjn1;-lrQ;dQ+NuBQ7gO5 zX<|s_Fcu3a9Q>2YrmhhCL0XK4!h#=@JnXP=DSNA?t%2E5Yd0Llzh_bU)}ZNWab4M8 zq!W*x;!6hs@M(MQk6z67g(7IFfzeV$S-ub{!`GH|RFq`qa5ykZx%^_o4FAZ}_}!=z zdvpj7INT$ZRr_sr&;Z!VhPureOd=rQkLc2Ur{xl1YvTjPJYRP|k>MQvD=W3wbt8D% z-A%HnXsrxt+#w~F#3LM`20h>7|RAX99EhYUI% zpFqDH+I2VD`W_PSDM>85Zh#Y-S@MMfyQ-OGKPIuZC^Z}kGJSEFUpv(1R`a{(hy98G zmQ#CsNmZPz#hR+m@cf6D(bVSxh>N<~{dzH+mc@x6yYUgiX(O`jsxWyv}Cm3t} zU23&a&#&cBr?$+x&FpL8*Xn&be85qci74hcS!c4rY4FR#f}w2ev-zdiT*ke;7MkcZ z)@>Zg8s{xuZs41J9XlfMcLIyTB;^5vuyca?R)d$RODlR+D&u6oE}R>s-nDlggl+w> zxD7xzfI2vNh~X(<;zec1&JIr4;%0qL1XD*BqRMZIN+ITL?uXqJ=wDO_rbs$`F}7Lu?D&ZU257Fv02q5lVY~ zf~*?Jp8?+c%Ug`YZ!&!Z#R`tP&ZSyW0^5fMX8_bzOB>Y<9NOWa1?NBE5b?BVZTZHV z`=xDwo%-fDt2EuwoCbUu``rSz?KNG9dBAjTv$GURhkax>_DtkY@V#>r0NeP^M z2M=HLX}<8?*!`2uA1)O(@xgbu#;;?~tspO`ONQR){q6}bhf8J`xfL8dcO_=z@m-$0 zB5ht9w7GBwp`{MOoe<>l5!5cfW<%Y>Bn<+A;|=!9qT!&Kh5*)BMS*79bK-z%esZ(q z`$tv{PrE#!^rs`0979}e95vT&a9S9p#pheR!+o$!nz2{9QWEEC0^WG*o`r3J-8T(e zuS_q%zF@~&ZqPOwpmCVY!K1LQrrAD~v6k)J<4(A>n*l967jv<5sUQHbv3WkZJ9yBP zPkgM(PGIvF@d(yBCeV6f4PSA;@5@qFYH55Zt%Ap9B5$~U4RTr#5=QzuyQnrmrGTG9 zOz|y?yWQYDe8ZHiPwV>1p7)6nWZ8?2G|~5P;J<1C__b}V?xbC`SA(uG#oFv1UE&c> zi>jno`V4>hI26(PAtY{)i_a_B%HcK$|2b3CE}Sec=+h&l=hnJEmd2CCV-nKKQUZD(bjGfaMgMB8r;IELza$1!`?2JXejn~+ba7^Fdkic=!`d( z1y!|3MfUC_C=$bmMyfMJXhcMz-{L|=AmGL9%Y>$vDh^W@~nsIRs~IM^Fdj-zoxvR;18H(j2A^BQl2?#yT$DeLt`0YZn|c2ydtXn+2sDXiD4GRO*B@8dJG z0}t;X$B)5TC%+pY#|~-jm;Ami<(0n~ z_?8l4_l9aNuIzeC;MT`*J~SC;mY)^81rwG-(qPuEyb> zhQl)QRZ>QJvMQ~2B;CHOX3{oWt?zkUjjRc4A1zuwKjyBw;B-m`jyp) z1|B#~#%s9+!85nC3D&J4teP_Huj02hlzxLWF*-nGBn5;sJ5sGkWn?%x(ANnK)yN6^ z5Z85`6~IbNuwFXu$}^V}hZEB;!W?XkxIYHwi~uyZroPhJ-+4m7e)H@6+DW2$lmn86 zAoz&3@|UNC_}Btx5DcvIh(|JxBX7{Wx{XwgBj!5XSDQuPO|12MS+$7yFE&?1At8HX z(hiiv`qXn$zij?Bq1f8=EHD&(MNth4Bv1By_(^FKLqD90gu|$6aQ!BBJ%W@KesIEW z*A|FX($F#6T2J5C!)4lg5_)8Z_i#5tkP}SoAm8?B|`z% zwOWmW!>I9mOtN~7BUQi3HKM^|^n-k8=Liolf$+c_#a!jV3O2{zyI%kedFF1QMy(U( zov!kDzVOLnriHRtyPe-JGGpBVZov_9cf0HgN=jA9Q-S2BRuQ0pFI}aMl%Oh-op<(> zcp9J9$|r)Dy~^gBsc6#p$CGT2kS$MJwWX|~B^V`a4p&C2%)T~Bd)J1ThIFqi12y+1 z1bt*Pzvl@5O0o=abyd|HiGJeO5h~5QIa$c+T0Gr$um!_1_t~Oh)D4#$S*LwHU#R(| z_ICyAK+W8`p>M~v8|Lb5$U5A~21jS43(oU(MDkPBT1~her&LdDr}Ar8IV-H8eB&Np zm5Kb_<1+^gy)6?lPv_XMuDR{HeR}L$_t4($+G~%v#ZzpTYmmX(F{an#DrPKn0BWpn zk2e(}-=&j^I6+~mG)wqzP9Py}=COnA@LZEKs<@Iv{6UuI1I@3T1{|qCcEH2EDb`L7 zkktzPP4=k0&a&4v*aVyu8tsFLOWSj`&JF%d{X6e&A~4Jej~03j9%6nQ(Y70AXnA+#Z7H)nbmzNBG1OA#p$8HUimiY463&JX5_nvAmRCg5U*i^nDsrK zXbVW4BnRzsi=52M$;_y8-KnaTfofRVAeZtEh0T?63IhGe2ac{7Q~5fiuQj-U5GVNOGtXYi}_BM zxKIEnkkO@RScThckZGFH4)^BejkDmKFReMwc&o})#jG8181 z=W?7Ywbiju$!vDV%iCo)qWN^>fr9$PW}o}x}}2R9V@ z89BOpSmlIFq5T9`LoabOWOvh=9n(@FBOciv+l#NLAWOl174L`6CK6K6+OFH#3q@;% zE*4T|9F)S}Q=UFrY_bdv7ac?C6V@(uPG5LEpN#cZ_aPlAnm7bdfMU}K>m)dRlTd0% zTuAibP;wmgRy053+4fYM37&03mjuYGQ?)`F~&k|^rZg5pi2W?hVT`O#~bUtIh7iLt!d>vpX zN|4wkOP(g#I^bcP`m=_@l>~S4%>bIlL3oF_4mTNVb6L9_`m}GMofph*^KiI#Rpb66^1ECLv=m=cYftS}hK1 zR}0Z`G_(nIa^`;fHoLd3ahTtHbf+qhsiDiMvh&ih;r_TBntAz=hMIgvc4HCfqTv9O z$Y$I;ywx+P?P71*ypz^-MN3S>e|m-1odCg_riMfp`1L}<7o}*p$0luYO-CCZ(Uv*m z2|xjLue_^P=R9Sv>u?|9O8@Fya4U}DAIHgw+B|Gg;S5JbaV*M$hkiLneP>orEdCTR z@ziiHt*hFYL&^um*@q|Fn{&q0;XL=p!e<+42&sX5^wX(coN$~KyvW{?_`aa=c9~gz8z<=i^Z$3$1nVFyeN!4|Q>{ZMQs8!kJ$d zcWf9M_VJ28@`4*EtUvH@jVsDtY{LZgr?p?f3nV^y@MO50vVAEz&*d`vCp0tCE0;Z0 zH1sR!oh_EmBA(n^vqt!A9=+{wxP-mltT?>XC@CI!gucliP$smmrscdq%HXKIj&x$4 zl%L6Q{E-U#DLI@}M6pZRn>?@#8U#dxELZUZ;*tILY(Ab$qER6xhpYQn{!Rn?;2Ydq zFMTJ{KiQAMrLrun9>2>@%}lxY#1{SBg8QRSYBhhm)`kaEtM=Jm|0@+up{uvNZ)_Z9 zF2QBA*2=JJgjSE8$J;G7Z{>S96%gvr%7$hdo^CGfgfvq76V{OoCiNF*s|eb5ZVd>r zfXA8^JH}C?8=qsXx9x|FZIo(jg8VSm3mHO_IEsWU^e@)F7TbduRpxLs*HTX}fhc0F z>U{KU9p)(oAfIF<$i3C3k{tXxMmgaEOpX=c?0!`e9d3G$lhu=!kF05SLZ90j@d)Of ztx8c2)P7#@gzypG4GN`ytS!=)PpW=@R(oOVC%fH86^$c0+yXfvx5&QM8=L3M57z^) zjOz>82k)8*yOee%W(-WNj*5!Zx7^kp37Z%+fHRJB!jKrDluBA20z*Ak z4Lin}kTq(I@dDwG0p8%}^_bk*P2$9+y+E5VS}L-}I;pkhbP|mQHEGriRFXPBm}CAJ zFAp+<)O;uVV~k_C=QWdwmYnqb!XSF{MbKnxy54q&fYLp_9F(|ZQBQJ00H-oF`f{@9 zsnetg|GSRvtz|(Sb4k%qs|y^M=iLoc*p?W&M` z-cjfK!dQ8_eP(tRr|`r2ktm0n8^0BiKDsxFoN|A2nsiaQ>^I0o*tN^-?Jd1djcjJ4 zezpC9x8dTroq{}^Tf70EVuH6sv+Q*fTMrJV#|%F8(<-WDM|N5V4{H~atrR+LbPfN2H00VEmi6zMVjhnS++787d-^^Qm7B-p~5^nSe zjL69+e&oQDo~Rr1);^j~G@U>9o49Oms4U*nsMK@y_@p|oWo!Pp>eHX5Q>)wN_clbu zBlnf0x&fol^=1W&GP{LCIyN=MhkNHJM%PC?8{?!0IP>E{lpXZ>jYY{mSAn$8C{jYW zzoUQX#<)IZgulIMES{sd)oe~w<%d=0hfOaZ%!o&xQfw2@UV%QU@<{)=(T>L`AyPSY z#>QF{tFFFLgqq_~Zbldwaq12VBV4@fF2IH@Z&)mOi9|KKcTPYHP~ysgh$11E=)WgO z2g)L0#&rI6^iag(N3f4iXD6<7M+lR?Cs(%$9G8z5go^U2ga4j zyZ%0JrqK>F1h8X`X#g)1>%Cq4KUEtRm_2UWU3lElw!EJow%nxF;R}80kd!E|RM>gC z%*3_{xn6@Lo>Zw2a&N5K30LM(I_-LAw?D@|TkgoUw@r{ZhLutjFa$6Qi^N{6z>>{~ zY6uHjMgloQ0G_AmjnAH2d1(@knwC~*F_lM_VXTke%7s>IK9VN!W}hZJO9ZZ%goSJ1>``;l7kIR_$7r zk5j6EMcrK6H$9~^VG7<}+=F-CFBJr-FW23bcPg>vITe718mQXR&m5?BkUvHlBg zB9n|P#mqY|IEBhIlC(yeT&^06@Kr|E#b2(@DwS?D;5Du;>+LwZpzmNjpa{Hy`mmvh z5Um^K6z_@aT48s;I$N|L-EC3DPdgV7ZfS2CUb^L_XPrHz5#9=7c=nQL@f~F|yR&v!`YMr%Sd^SNgH%u#}@9W?BCJ5us&&uwa*XLiJ`i0O&?E=bF77^{sX z7)_Jha5vB6Yz85*6+C!5fb9mzy9u3}I3Z7P{Q z4d{B)-FC3{MQ^mt!5V9W&Y6|sdUI0Kk1w^F9cO(u%CM2Hv{oOSDb zceoq2)PSvo@V?0^Qj{{zQ)k8P7~FGs?Fvr1(+DN`1pKf%hwb>!95P|M3kU)D2j&5Z zA>QL5b7|ij?3UPXl848hYN#Ms3spRlJYjjifxcg%^A}WQSmQ%!DTbxToh%-$d|%=F zr~iUp;9R}e8@G&QdOH%4`oUjJ&EVfBZvTR27&tzBxbr=hI(Cd9sI>oMBKtqGod1tj z4t?MEWB<*3|4Z5bl*9phod|mT$PM4U9q#)6Qt#Ke-~Lhf_}X=+1j$##$IiFF=SEFb zbLtFLr0APIA@%O1-MXX79))ioI#VPv%74>)`0&$7iM*dqmSUjCj$gi8TWzR98fwfG z3?vN&p3Dz)-5FxRh5z-R|Fi#a>fe^`{PXgyyZ^TK?0?$-l=?Ay_pg_I{rTTkqW$wi z_P;Mk`=9nd&iz|m#XoO<{_4l{>AzlY@^4G!{@MQD&L2DWU&$Xk_FuC(cI?({vD_0$ zwa%pizBFGAhb)UHso8e&62#Ygjx#NvX5r37(;cmiy*&RKQs3_xD&_G40=@Y39vKyO zct>+6-6%cb-e&x6gyVa_Pj|k*^`FOo`F^!boRJ4SU~Q#Lr(Cb9^A}YV9Oza(k&qN% zt@8i#z_9~M`+*f=E4XA-u;8JU;&W;m64VuXz3PC6J|wGDb?YTG{BYP6$m+7pC#r>S z3VDC|t9w%jZm#0r6L1bokLZ|i@H0w2P6C!#FL3g-1aTlUXRWeytJG(G9#O9Ogrn(CG+YR#`!x2@Gvs!LyC zG-%I6)l=*q+uB$b1u8eV3(vrYg26?2+)22X@*#r3#6}qdnyrMnKb0^s1Gorb+S3x(i`U=AdO@cPQ!EN6aCm zsya5tpgfa0{F9c%4kF=1iBwgc{0_&qHt!BP&e*!l2jullGWO>ZBwcf2F1AJ-ztdWo z(5a?RUA{b3Fj-3?f)e)wpTQsDH;F~My6Y+yq1$hBtL3E=*Jr}NCF}c813bPAPs(-n z@n*)xG)s8jpZzS}HsBh*-i?A_KF-&7sE1wCfIaXJpoa%qS>vz%c1z;Au|+O)=P$(^ z-V)JP`s(Ved@;qgzVlJq&L=b=ZK{z|)v>g#q0pXBmTvL$uW~{?J@;2#xP~gn6wb{t(lFzf{K)SMz4bMIy*OKb{;J|+ zU}?MJW~sCk%}aa}YN1AH<7s<{{tC-|0n94J}zNjl(_lftZ+>0S`I( zFKUo)W3|V7vWf~?!S4cO{!=v&RCZFZeI*nIur|jTSDWfyV96ARzjM$%2?`S4V%>1D zD=zLmLhLVVW#O%+n&e8N$00ROt4xY5u*pSm%0!n1(0ZuP=m|EA((@0KqR#7$khQUj z#LSG|){;OiLO}s*e~6j?{^Dl2V2M1eW{U8+JD-@l)3?*1QyL6v$gcCvqlI?6iFuN= zAHyX>!UtX<#;x8$rZGu0@&gTt{`|HuYT@V6IKfiQa9^{|F!%iods4MrBR-169(zX( z?y35CN|OYc@8j8p2pzPG1TV)XCjP4yVB$#3sow!f{o`f5?>dvu#AAN#szgYYKWRz% zQu;&N^q82gX5vAPul4$oZ@pDPWzCeLbaH6t*?ZBOz}$3}1-?liZb8-kB}7q`&{;pK z%kJZmXnC{Own&{xknKh;#(sG}e1n}nofp%nUWRwIK5yy4e0PdRY=NypYIsv?;{)Ydh>IQR{Sd z*&mteKLM08Zg{Jk5WWK6p3n#YNz7fkc!N6F%{t0-pOG(%&wX;dn;49VIbY`M^Mus8 zR9t>*p38(ga6C=K&gv;rc~kvhe^qAb)rkUFb**gCT|uj0ACttMHNrgdh(9l;yikAo zqt)B(g{6C^g&P9y8@)9wIvudEsjKU`^8VYR7yR~%%9g|O1qyy@AX@M0+W3veW{oos z-G9YI5rZZUzDSYb@_{%QsjNO+7r`r4< zmTdbythnxtONirzO`k0UU9XnAUOU;Ed-GKYwlcePPnlshL8{0&tbI3H{oL&)uFqU!4+BE_v1^ul6&#WrG=J=w!ATV zGWLmeMx7ILFm<_iT?kB|4quT<;!%Ar5@)A=0}Y#d4br+UBY!S=Izeo3`kKTXf!TIR zHCpU&eIJpO$rE~1GCRW)IKm6v!K+FqbmV7UqLc_G^Y}8Z^vvv+xJh}jL$?zfiY!$! zE6fIBf=2Nh%9jjqMF}v@%-BOB+ooTKt zZ8L)G3<{DrX0GQ^5~EFD?7VDaxt#;Bp6;*W_t_Dlt{Z&3j;aGq*fQY8Pzd_)TOyAJ z)#dO0j1B%IE<)!OJu^|eIS+l=5dj_N(vw^qS@~Ufv_%igX!lOc6nw#3!cuHm$@7-P zpiFfi38lx#K{hBA0ykHim*>|=RaQr@Ko?xj$3uNwfuQ~VEVkg+UDj$*kg&C{L0_*7 zqAv7gkFpfZzFAeis-_j+ zNi5TO!D`arP;%l?|W z#RDH6R>FXJwpfRwTUR55PK$*NeYoO#RcZh@aX5A6jA(Dj>4vCp?v-1~=;=|msgKQVH~W?@`QPe1 z`BY6z##v(~_qAjuG&OJF?V20Z1j>+DfLm~hiQq6yU)6WHw|%sSj(k??VjRkt^_dBC zqr8A_WVBb~T*DiXTI!j#taAH>ez>mT`?aRQ(y@p}m8UVNdf3u>E(m+aGh}lH1^keC z-*B@Q<9Q+TAadpcuAefm`rG5WKHmPE%m{K?zR21u2f?Q(p=C~KNtO9TxL%*aR*4XQ5S0ycH1W3 zuU-UulX2Ownfn+QTXD3#sj z0^SR2nsnO!*Eph_L}xT;Nb~)}O@SH7mNMARldz*<+-a@qrsb?;5l!9Cwt4jZ@W90M z?AH>7P8#on?CNn@t@ACl4usg3l$N z6V_t8j{4KymA^bCZhFDls;f;eFwWtKteHU3`p@{Guy$RS5)kW|RuVQZK}2)mxa`-d zrz7`F(;8kRkKc#=9%qoGqR@Mf{602O{xGa8=4X3Bpj~ZNT!veEWh2X3hlevv@G_r< zT%7NAmAHGPaWE|O8CCm z@uB!$s6JZ9T-6_z|9yuVe(tiOz@68}!+AXb0lEOy1S4IKvxV&aqgH0$gh_mxP4nKJ zkR10JK~LF@7GW`PiyJcy7Fm=-VmL8J)Bv4#K=no?m!@XGtmHXw$d7q2QAP0=R{g<;hZrmU`hyNU|9G`A+O{?a>Ak<{fJISmZ^J1up7tgok(?bRi z9q#}Og;?fa6M|AkF&&=u4$j&DD0s29NVcxeclDdNpxO<~Ag`gi`HCv!QuEKj32~k` zL2%{u@j8k*@g8yK0jWGho%7W@sclAgY=r{nol$$0r@449-uXsXox$&H%#neu%ZxAY z2a9OI4pkv(xsQXpZYwnT+{|y30xkCZ(%9u}-hhgEl)29Ga4xkTn*@*`_QVq>9Z3E? z)tz=&wOd;y3j0a^Ge_z9c_%g1{S7|oE9qB`9|k2*d!Dc?5+4_Z@9n{dLN1h3RT5_e z)^o6n25sa zs=pZL*;iEqX#yj3SEK@MJ%jQ-Cc(DY~^Neg||Jrvh# zj?w1|!``08QlYOq$SL9jMg!j45-@Am#L)7t zGM}9f*G~|c*w#Mtp(~qco`qsZmyl!oO*hb=_e5@g&^LDD%L`mKoy~8#ko4t>1gmS9 z>G|4BqA-wxA2o4PDYZh*`QFHX98!s2n{uhVLb)m-Dl)HsvS~c6#OJ!oTZ1oOOeIp1 zA8B-%^ahT<-=HQJb;W$iI4;@PIk)%!G54NvO=bPsu#TgS4JIO>)G-#Mi%4%ORjSm` zQF`wXIyNAHfbbb_p1MT zt!puZhrG?jK;=3~vaR+{N2>vIbyGy@wT^r)v%tmxbXqt|3FhQIvz4>gV}(A%ckJja z>gdID%F5($A$4VZpw_qP=zqXJz|wl1yu?5*)R|hD{Wn2tk{mKJ{dwc3)eu+H5|H5j z%=76Nwr)^xh3C%82uUy7G_yyU1tX4IA1-id%g1u23?Qg(kE_cJCFY88Tx>`jo!FS+ zi=7tW0Ev{F!d1*iT4y2#st7Pi)0&4Y93EOD*y>>?R*XHdbWae`Ll@2H#A2A(Km&>w z%`uzKbkn9n3Jkm{xrW0eEIJZ+E}A3V%KeJp;+JfEt5_ z0P1P13C8X@(!f4pXh7=pE-nkbHpu4td;KU~A8kH5V{h$vt;4FfcKS#COI>4CTTo#c z*2qA)ag<%PpB98BU^(z0iN>*Fc(16IU?m!9mm2Muf_h-nU~UhCF&PEEAkYoB@Gh4< z_w`b$-&OrHdUs<*i=kyx&=EX8eQ(C0?_{Az>S)o~-k$6@s16FIi$p~#4i}DpRz(GC zB`#Z7ny;&31Hf)8Q)H!#faS=Yz`(?3Rv2Cp+T}kI>#1LOoQZ(8$fE*!<8fHbU*H7S z@CtRr9@`khmFZI^sY$K}Asl_+e3RrujqC>={mIPg#Sg{B)V4=0=`!@<&G0nK#h`M4 z1%ng3W%k03o=I4n9UOjk8W_&t1h_lHb-~KTcg;WEy9M=L*D)(9ms?z~U> zjV1*Ji!O`UDSpbc=(2q(*jKl8^kLqea-=A6B&BlnV zTvhrM{}A5C1K!tBW`?sDfhW6`}L58dkMj^Hj&{!^vaIItPYAx-yqq z5Az%+{rbgQAz?M~NroTT#^p*X9gQ-*4)&`EHF+$G#x9Qzts)Gx&<9;+M?$^IcJF5R z%R1gR6Hkx0y?w{dhI-@cXf@y82oq@Xm%B3-SiS&fZ6V&K!7u2$F8>&6>u_g@zISSP zi<5V~LakVUfvs{qK?5{cM{b~$&O~&B!5s139q>cyXvGcD@(|LBZ~tjp9HsNemu@5> zQcFM0|5677ep^3RumNTZY(9H5{2I*D=A^4MU9$@t26 zb-Jl3gMa=We!O949!j5kve~vwZ}sUGsN}1`d&+jiN=&R``;E;Z)?@E{nC(R8=V0zW zmnYV;Iasa4%*si-$UI_?u>0a-GBVeq-PTR|uUEN4Guy4ZC3b@AFC}YjEXMM*@v}TA zHsw2$V|w?%gPJVKLzdI~M#r8`dMMu>+o)#PTx{O1eZJqpzvUJGo>|Usy4|}i{@59- zx`nbsJtkf2yJMHj;_p}EBJY|{d%(fkF0?s$K zXu5cmc@mbhpn9oj05_%0`r|94CIc1nyH{=fdL{)^x~-ENUumolDtw}!V>32nsBsT0 zil`Si@0k0#z4VT|qdU*bv9t_JbLl7?M)5#d5W@CEmKM^+4AzIdz2rMQ$D2D}LggY6 zT#{+YylD!&fP|1L&n_*T*E_C${rrG0A1FE))H<>pF!e5!T*gO})D>#PQ8fm609cE^U%bffOF!b+`p0O7(@w08E)9!trMRAqsEYON z&$nlDB*FU(P88=A_-2svc@8#eP`Q3sT!ar~>9N5fld)_QAB|SHM$y$8gN=K3QbGO? z`(BnQkNS{vEZlYkTeWxT&Iwvan>f za2Q{M@+BZB3(4TR1!9A!ESPd5`Su8Vg{9B81|*+MxuDD#mNIcSNfUoz3|^JpQ~RFE zv|T;|7#+G&rvno9aXKD1k`vH zd*RatucM>eDXdK6F+GxeY(i|H!iup7VY>(M?SESR*brb*5g2nvWa^DG=+_kd9ylJc z;ySjNj)8tJ7^_PD@hBD}@ZJBo3D2GUV6MC`hYta+iiKD~Hs-n)^t2QHpkGQHuwc!5 z!I{|t@6?HPqE|0WV;;!3Yi|gXTpEeC$fx>UTX#c(?NR=%jE<&-w3k|VY?O3+O?bss z6*HEAH_x1>I~6szzCP@cm66Hyq}sU2h^=cltP0Foa;m||3;7&qpWRIl4tBS-O4(Df zos%@{`-5aD`9Gm<|95&=cRlFP?-%0HPmXa-l6bJ%Ut9mBC*36jnO`YfMEH%~Mj}FT zbtbeN98>PMf1*7(aHlUap>TIM??Gnc-Wel2DnY>BT2CFX7BAQ!-?6o_LX{6S=_K%M{((Yier`u2wYXV}@48d#Y z9)8z8?s+zcM5VAu&3E;ujA~qZE-z%Vf`5O?Rbo}xUmafSv5K$Fs9IiEkIn7MN~jBo zpdPbRe1cZ$L%81RiF7hbhkSJ-36A9R9A=LlwIA0fh3(smzu66A(MP`$C=Q2M%p6VE z#q%^>i8QN8zUJ1iJ%#`^RK1XKpK)NKy_{M%J6vOh60qtTJPAgV*S~Qq0gd%|mwf>b zR*uk4B#GKSh0w1o-{JPLLZPs_mc@;oCALKZY~>>iEQZkGc{4g5SBxkV$+*bgrHU!Lm;XlH%|~q&3_eZ_fH)wJ_cA6v-=w+1 zBA@|}S+}?r#mKnaGa8pZRVg?)wfPXzQE>MgxMH{AzS3#@#(qj=4l}KeFM)b^Xf@lv zNk=jS5jB{4Zqk}wVsYgE?;kui{E)hJ|hQ3SW)Lc>WtCuZhKlmHyS>P47 zUpQH355p83)gxf77X^Ng8DJJ&IM7=kTVFp3PBevAU<8gnV-57<(lw`7F$H{jviFq{ zpy;qz-$cKf`={$|to*-9m`9h@jDjCKZ7@qntgt0=FqU}As|`GMDyi_%J6Uk7#}#K% zc1n9U;7@80TiZKA!eZKxxC~CgFqldHy9-#xINubc%f?I48h>eQ#a%EMa1N#dyx=DX z+b1c+^YxY$-c(O)-u(nn3_eSCLy=N1qPO!cLE$l}dvRu6l z9I)uHO={+uc9}_UjQdM4S%6z6bXXrn$98%!nA#OR{r>d2fW^hjL;MkR2Ct@a2EX;C zeV8$O8?v1E-6Q}zIT!pIn*Ux?o<@lHquwURV@)g`yQc(?CUmUjL)2oCjocV)2p)BwqKQ&JGCE?&P&Kxis~O^@Y+ zFTx7%J9K!)V=X2YBO@0g-$tG^Q0G$ zZ~tgG<@KdEnd_;y95&w2 zJ*3oP5SeT4w%+-vdF@An^^Kjm;vtFo&bSnk8$R!zei5fDGKxO6SYP_sz$x6Jk?VEy z@6+v=c3ZpD=QJKgJ2PXB#=HH+Jmu4;(;g4%^tzJspY}UAHDx;r8!JOe8=>ANr)loe zhL=+d7hi4fqr7jJar9Iq2JGuqn1m2fS>Mw~1w`(M0f8VsnunpVs-wlrnSJWML3;$6 zjfFgJQJ2?~b2kyCW?~JtvgU;M@$43($!w>l87%X)48KnP6c5@gD0q9`nL>Lx0!YV(Jlk-5z}>Uq`7+?{j~Jy9F_I8-XEc%5upT} zP<^_qhnsSc!7xW}>6wePUn=Y8T+i+La^L30IAqU$dILI;pJswVy#wc=w%?GMVe73t zewGO}*Z`Xj^o!=LhcXH1fu}1)rAdDdjDYh!%N<2+rs+Ui1eccKv$@pj4N*Vwoz`z0 z5i@;Km4w-u50~7jwTU1QsA`NfXG4=vJk^AsrH zh>f~fii`7lWJj61ibSSDIwqcf2%)~QHzHuXJnB)P7-?fD9pWXBR)%zX@g>05xXQsA z!Yj{bx_wIHCrDILGC-jXD@z?-WH~nZyMKZjZ5Hyyw?D=c^RtFxJ&8&KlIelsxb=1X z=!0r`%H1oVvp!tMd@r+}Rgo`M<`B1ni9Ksy?O0mU zSk;dI!V#rRM8w}DEU+PRJjfRY!*&reIw+NqwtxN?JW5c z2G>cNcW8TMY-+;3QjBcw&bFP{>)nyN7wS#^g0cbLf#VA)3dUe(>Nj~$QC<~#ac6w2 zgJ`MRl)tzc={)kbxW5>gSyDLQ*{nAw;H* zx~T$-UtYp-&b6ywaj8m-_+*E+GVsg~NVhZj)oPgiO{+cZs>MbHm(;6($;Kn`?p$4G ztA;IgVmHU8iDiv8`Y@29qu;2=wVY3E)rlpO0s{)J zG|nB$m)Z@LrCRl$NR`;FB$_nBU;aBG{ND=={XnJtsZl8K2EZ`U*5S1TfHI53O+r~J z5YAVU{fe?V>^`j>p*8d_5gV#5`omCpP4hp^EJn$7;-D?b>zc ztpyrNj`AJ6Rr{IcFEhkR{3;JlSPc7C(_x>YTuEoOJLs{@)J(&obpcmECDMl+hj`n? z-P}^@8(Z5g0uZ5x4P5jQz{#6L2Gmc)H`E0sG!XB8>*}Sj(q)B+0E2F zT-d*uuXwiEflZMAIwRmenzAXDtMfmJ75@A7f!V$PAlCoat^dbxj2~kw&Yf$nvZ$F% zJ-svjRx#Ih|KB;Te%AVIwp4Yu-?m&!M<*dZKDo~_wJ#3Yk4UK$2UdZdtQyCD?KkyRQ)#i%OablCICs9?w)R$`;Q;L!T|8)fv%n&8W5D4 z+G0UtB$!|?mqq{RpeX+|*x!a?* z+Nav%%)P?ovPpV<#^9mU>CCX@6r62qUwSp2Rd9ZzxEb9eE{| z3;M6rYIe*1cai`4a>8dA^b;Rj0!eLvN6c_byehO`fK=^1%Qf3%{&#ZUpGBHk?*O3O zW`QBE#q?3zD*Y1nPmRYBBF@$I`(uv}epw}(m*oM-uk(iRkf9EI)VBQ5-#as<1z z#gzIik$NRMOIJ@W>6VOPr_vV!*#DuUF8@6K!g*ulQa!!`s*E~TsleFpAFcjlO97lb zF!AMz2{oU7t?JvK=wW~j7he5UWci12zh?b$#3;6R8ke+ zZpW3Uc}+4I=`&oq;N7OmGh^gK)wpyfA0mJF)c792_#7^&S7tA5shVL#8Z12a(9D+* z7Zoh)O1V}ssT_VLaN3u<79GWXV5!e$(GZPt%kvehU@3rhv%FgwC@J; z4qfV-I2lgw&gg8n$<9#X)wWyq%NJnHa1Qic0b-fj@+Ze$UsdV|P_^8OfiQRxmxn)} z66O~{a}Kf|$l;TSav?784)h7=$+Yqo7|D zI>OC_48U9L*0otAsfCnGvTqKtd;rJ!J>{;p7vp#IQnvOKka9si^lK2n6gbNak> za0r6ZJ$I>L`V4P%hkqDOD56bRKk07sRT6BPs6(R%u;quS1jtj2=h}5iBI1*cn;AqJ z_T1rV3Ymp770FIMUT0Vm{f{+w4p0+wkjNQrdW#YxDY9BSWU2+>(=X`R*dwp6c z|3{N1yl#+p71JT^1WwSdRuwl{Vidll-cEPV+`Nn}8U(n9)^!%NdW3 z<@X#*`0y^h?d~qy@VkrsLXK;IiwuKR2P7G{W@Zc*-G}x_4J13LBz9(vlVP1@=&^{@ zhMPVEp@`E{CyF;usf&8ajmOp_p76r`rJ=eInMLB|dLiTNp<2lR%_P`f%V@r=Ozzm} z3XbBn(PG5_1j(GOB4ApW4Pd5kXPZ3?hvc)}GfG_?#!~std{JK_c@6u0d#)zR8ki1U zr6KWnzfmkUbYAMGW;OIGxc}&EzzN5ayB=Clbyg}m0HQ|mk({8SaD&EIm}nW$9Uo&? zwJx1gU^F6Axb9_8{9HeVR9ri^=d-E>t|%{RL!|d=8LWv`joWsd^x<8gtQ1wW6i|w-7 z+~f_H}byRsr>GE_TM%+IM7+DWFy?LRjTh?m`< znP{T?aG@3#u5uWLZyarY4GK|wAy3&OWuNX0(0U&otp--bJ=zqr6rjz`XQ^g*UoRgl zA`qE@;TE~9>Bjjqy`k+uSmbRL^F#{1b!4mfo-)kOxJZo+BT8_TUY(_ZZ;j@?AhY+^TdVsK}2!RXmXc_<->jOf`KX6N#~ z5+B0o2bI9&JG`j%CHF4%vKtg1H5oaIM+Hn*86yWbB7uhQU%v+ii;{0g=Z*&Hfw#Id zV6ZfOa`!t$rQ=Y_ri(_nLf1PD(AN5Lp&{E)%a`M(FC5uJe(zR|>;QOjuh%?(s>0;w z?}b~^5p<~qdq&5RNoVW)AHHAj9;G*TzqW;$1#_8e87IYWsjyJURY8^RrC zV{(vL4by;vq^ABoa5DSl%ezrF^=r`O1u%i}d`kWip5DRU(zNK?F!W=1wocmoWKgs&J=G{Qeao4=?Z%eUbFgMOHHMz>ehc?_qwy{6gyBPC&-8~2u|8f@r@odN z@kTPn{(l{{J@OB5JdBxMn$JR`62}|w1cyO}5*P^qeDMnIY?+nich77=AZWab%x~D5 zmw{R7i0*31TLuAGYP8U`jis~=6Ja5&^SWXN#A=mDA`yQ47N1uwnHWeIrgQAAh(o4 z(gY~p77NMMTLa=ap=UDdlz|z4d3kkD7bdg;a_#)hKO}Zb|9Gx`UfpLUm;7)@1|(a5 zoA%ac4h7Jw&m7EasEg;<{`{=^R_o?ak0s%_BUq&(?swTg4+0`P_4XbSMx~;;u+~&A z@Xe>bL-nhl48xpCs3pBR#?LkfdHPs=_(tzvt%5c|#4fsz=-nJ(nW`{d$r}*OI0zUn z(kBZLeLw1-M?x)ptOeM3nMb{`rBavFL{UC*=#tu1WZgqhd^hUZ=yIPJ?c=tP4P31~ z=_pf`m3pSqGA$L~R0)0?vgtnF+Hpsw^-osMCkjPcTzPa05nnXlTv;<3d`hG~;N11o zYZBc*K0l+K8h3{Xr*l3i@a%yud}%%25Q?X>j!>y~-;eILhlqj!|o zyJPv#>1q{1l{C@R#|eIu+M-cX=y}y6ew9g9sMwd03LfKt9aC9z%7%>Hj}pGX`x8yA zB;H%-A@1>!u~J6*2Uu#2x|eg4fwGPDPv-3#^<-`-jvk#|+H-cR%5a@w(Ej+1$?-E~`fH`pL1AGo&NhBu_0JP~b5FUfjU7Y^Hdekf|N zs#@stjE9eVe=#IoZe}zgt=>EfAt+&0;Hep|puc^gDY?rh999dD1K+IhB?QlY%IAzl zIP_;jH6g|{(fv3CgJDBii3ZvQekuOaewypzOB8Q+Fl@feiaLh zQ9lElDhM}jT4pJx1|HSNkM86KPNr7lYrg~{F&)tB(-T%YO6XqsbDMtz^`I^5$7lPK z{`A~V8#Tykp&53A>JR*eh*zWJ1_T5dH{Ed_<^PgnxwLuJ1krT3u=Vja5~hHeuWPU7 z#)@WkzgBRlTR$IY&#Kf~1)E=p2_Eg5%q@bna7f;OAM`4Yshvr9?GBoQ2Jwb$hlTf? zrpkbH?EMFK-?)D|3>gZN0mi>$ELCjX3@p?i3|s6rn9{s|&&TRXp4PF*Q~V5{-&NXx z;g>Fic@JLz{u*Nzt2W6BTh*NR-55~77>R%&mX4%5%1+I) zKc)IV?bfD=3R6HvlSKP_B9YLZg$@Hz9b}mBiBgD~rAWL(o!`tWUJsv~S0y`c+Uy#d zJV~-l`g?a``@>;^iDndu)9Hl^lhpOr`^RTB-lHh~CaH`i33D~;sY9>AB(`C9Q1ln` zY?zj_cDO>zXal3@^_5RAS^YS=R@YCZe2M*erpKXmfd$NNXKc}ERum1Ws?_TNq^~On zNe9YR=uW=@)~MYQ+6RDvuouI3zf7;^A$hn(xMfIh(=-dhwY^l{t75TJcW7E#NDf)D%F(c)5%#A=K836Z(KVGX{|tEl!fu%^F|(YP5)!l#W>v6Dv!5)0Yl#M} z^6zyZ`BJZgv$QO_eC01$0eg{h4hW@SR~I!`Id-wU-4@AI`hO#7_?^(Jg=VkZAzlJu&vM!xFFKL7C=u;L9 z_R&Ft7kn}0$btu-9l39J?DDyMm5lB~%n@R|A32p=1>bBESP-)@<7;yaRnfND9`oyE zTJSFhGW?I{u*>b&m5p=l^$5Et6Z5eS+AB&8;V1~qPu&H3H$jEtf z>90IGTU94SJ+LtY`2?Zu_Z)z&nes78r8ABk)ND$DBNTHhUh$MfseV=CeNMuEJnrvJb%Y)Htt=<7-qDZI;0P zj0R2!$M}I~85TF4P4g#q^ieK=FXH-{*E}Qm-Wk*|qch%Vw%%rBw>A3)%ZROt36Y>UNcZNOJm%xs~N4ZFg7Caad07!!QMn@9A3b zMNa+ZHW!`x`FN#I1qEUiYZ^-;LhY=u86S}~FNLs$oa5hF)o7z#Np+&XMBvZ84aD)| zeb~TY+eA~8yy}|7_djVo#&bLeQYTepTJe;vCRM3*>`+yzX&1t5+s-W|dee^Xu?gvk z*HF=io;)T)!RZ=>L2;sLS2^h0n{u$mVo85G$BO4fF6j%T`tpf4SJ%410wJqDB!F|w zUtoUVSbvk&PR#!GUL%!k1I(Xa?31o_B}b2Uklze4^;=p7j0TjeIBvC^25n5!QVp_H zW}R?s-eo`4cl6EHDQv7ywW0_!Gp*B(AMnD5xb8ao$W<{hO(ylP zubRfJwpXhBWpnJwtUgRm$j#N0JQeb&PxgDT$nKACG%qb>!$CWEZ?Q?JcT!opou_;b zOyPUgAD~c?Dx30d1DWln(X8iJs6mBKopny7^hrq~1#?ssA7@ z*s6~Nq{Vek+j)Krg}n^amihFOjgGfE3>ItE=h=5EbANv-rB7@OfvI+sOCIN->r16$ z_1Qi+G)HF5gdlwrb}Lz}n$!3~u%FUKYB0;=ICg{k5ZA>%>A*B)L3m2QncG4mhT?Y4 zye!2rO^P<*b4J5(?Fu=;+Ti*CVCdi*|5k%{ZOZ9Gx&6t1_MWICcn-+XWcM?NCrTDkRb*OQIJ5;T9 zTYHR}w;rqo%#Ax`2ze!N8Wcmmxk-hj*tbnxL}9&idJlU(d+_|S=Doh(dfC+#S=Hfw zimg(N=Md4MT!Fi6bw&Tp36>MdGIKcy`#dlXCHVY24kiI;b8cQ7G zb~8;IzSOG;mVzIJiblch=64!h0#{C`tvR388%H=KGpt(Zc=x6p_VH_2Q3W{a`09AY znC)c<685Qh*BvKSuS;$(q_tg+%tWV}_bwR}%T3dr9#wCTyVZ=`@UryS&-5nu*II9gAt)_a^J znm~wRexl-{#)O21UbxcoY_F%9X1Ww6OO@bB_GoOCOOn$|3GKFyOY*Ps^+Ry*%XtU3i;m`Rxd~ z58pl~BqXGy=)ZB?@55!>Dna&;T6&&tYR&vnujdy~xv<$niso;CiXVFZ^D=lw2Vj*Q_2sd&d9*KF%JpWyA-<>HS@T*sdl{j z$sR7Ao}R9*z_D`-5psoE9P!kv)Blrl`tO<79KIoS2QVVxE?otY!=AsdlpcJG4Dx4| zKYvcdnb^sC#S#v)mbhmAv=&+QJzNN|DVMf%07BCXXK8XI85zR*wx-xX6nzMr`7XE* zK*+9q^Vq2>oi%=#sADI9gDL3wuJ@0>bFmrwB*GEl`K;wP2~OX*zFfZiWS%Ki{eAgX z>ik#-%^A41mtu*b#g4Vc&0){9&@)RV^R9l{#G?liqJT_23}4C^dTin^Wd+R@xX)qH z5?bK2Z>Tv>_%AF#d#mope_$V?6j5wl6H-dLm83M=iV|sCXgB5t1Q{bg1#L_l(gzUFc&?O8Ho&{PzB{_Hgk1=&;8Y* zRWFWc%IGNP0AH;#Iphe4{P!cP|L)|R?5Ka_ZqfUP7XStRy7te!PUim$uM^il^E!RL z_|Lpf75@vb6Wu@aI(7apyiWgLm4BPB_+~-3J@CCw?w_DG6l?6luUn6JZ~V+ETS z*So~x6>~KT+nXE$Mj-@YTD56-6Smwb)j{gk5^6Pl>bUTi5a(uv`uzuNVq+|s7<0v! zFJCGsJZ6Xhq>{_+bDJk_uCCjgo6asS>V>0`W+G-)`rJPS7GJXRrJn*TPfclUWV1bCvp>k{sH=3zhum|3h)Oxv=wvp zviVZ`WJnpm`R=L$cjFWd_WKiRk*C({UjcHA|C|zU6KQ@z1~e_gX8B6Ua zrlV2Ei4*hgYinW#Az}vS)N<>|3Wbei{$FC7vr94nPGVDw{npi=J?@D)D#Ey$R0lu> ztCOEL0T1!TU<@WP6`s{MCMo=CzfSK5f0wVs3`2pD*zxp1irs{&g>xHPQO{y9A^+KN z=e%tGZuEtH^TZclJJV|KLCJ9zR9H~`FHdfc1mx*#a#z}Rg#!)Bx0^@-{qnSPKSL~D z%L;+N4ES3LL$28`zXA_MR>b=_Zv40y_{)L-}Sx0btS z4q0>yYh^qGRE(dWACnSrE9w?4Z5umqs&%tehYjuKi+Kp6*Vd-*4RQ7pK>(=I(RK** zbTiF28(LsBl*-D=iX^zot?B+l)y~Z>?VH#C`+<-D_iq4r@k#1Hngk;Q9S`{8wZ*`_ zc*qDx{6dcJ>aQ^`pp4hn#dN7avHK%GS4YC+-LKDA2E_V1|4Cy4jcbDvJUj2Pi2k#d z@Y>SjN{|u( z-*P~R4dlXj)L{-Zw!R9EK0BHeASl-+&pw`W>f9b7&wadn?(IrCwtQ17r_Io)#3|&pj&~E-EjsPTm}m2-9WJ3Mh7)V&P3B4>Ogs;Kkl#2g zj=A)P^4EoK*xJ_~&vG^!`U6!dM4JH zgDXI@7e`Lvj~J|K#J&AEb^I67kNOx;>Q8old_~Y1MyW=xO6B*W>s=MvdZnpvx%mti zWq*Az2}LaAx-nhYM1)eaXy^Csf9klJ+drE9Z0_cn6MDQ!iIC+;t!r{|v#~5`e!tWJ z=|=hH2660YeNgC53{p&h>*d?zd+xaw#v2?7Ft~{;7H%=sx*OHZvqXx8=g2wO4C4u% zTCoi#nJD-%OhIEa+WVT$x|Ao+6G2SZG+Y+^Bt%a=0P@!C1( z$jaQG!#5T3)3ZwYi#%-8EyIs^AaTl6xTzwmXYac>z#MMt5x24zBm;Y{HE!=W?|=c! zO(TDPP}7#@HIRD4ExlR?3%$gU0R3|J*FA;uFJxK+he&R=^v+CY4H~4&bV6q)DowY0-Iwrf$?Y5^W1(UIqna%zzk81UVU5>UUm;rhCVZQo~KsR>y6FTE}$ z7G>&76uw+gja}xZ?7VPR_N!i@Q*^w?Q zQ#_o%@kCelmTHSwqB9fFXkKyn0|CC}p|$42SUEu_iB-R$*uzG^`IucYS5^u8qpser zWr$aDeG^TMZb-1NppLiGc`hUKwZupYjXL<_xI;Bv$Y~~{mePF#`7SYTG)pb4;cPrK zeh2M@%NZ{HY~FF@Tm}u_N&smvXRYiC63ToftdY^_Y3g2=3uJ)l%%Z!%QpMMy={Ceo z#tu||dm%9Z)#G9X0*UassG1kOl$p7+B?YQ;GY>%SvvN-}+`h>S6poqC8eql&)en6s|_P%)?G#Xt;?oBunOeF6_a0 z$s^QYv05axBxPkAv!E}u5ulmrGIOk4Sr}&^GtwW>w&Yn}yqRhAzGA7A7YcL; zrYy;{ed9)r15QF}4H0)aO?;I^v>UfrZExlud|9ZITk+b16(l0;Blo_mXy{1QxO}7Y z>xG5PA4?0oo86Ni`T@JDIlLv#)vooUbmXY-JmSp0XIjEVKZ;>V9H6w&J__8QGSZk( zG$8iZ_=H@9*Dy<#K_?R;rngTCWai^URj&%8?ThEmsdY<}z?;AUPVN(zHKCK$;aa78 zL;|h9xce5=k$I->!6WepM~K)h%O1}3V6oGYdwm=$R(**HW=NK2H=TGVSTi4jXX1mk z+(*q>Qbg?{-Nv}SV%NI3UjGDWzHc91hVHvm>qnG-9T()ysN!CAbX}eMb|I0ZJJILD z0SFV8uBI?kWtB$%!`{46IIql_6RXj1w$b8tRqQp9LYW+MGV9nOtC};n(Kpih2zO$Q zh-h2+@3ZV2Lw@Vfjc`5gyxLBK_1C%d>g z{Q`{^DDF|(z;K+G&}wI?ztxM~!4;?0J1KD+M&ovKrNXDv*J63|oPG!APZA8wCHdgP}AM!r;+8fFD&d;0U&OuqEd-ziWUrL6k&lDdzP7);o8L$>J?>0v|o6no9ANZTzn|w8Q z_3X~Ec#H`5;?oV-JF9MX=-?BJZWt^M{^~T{Cpfq&5Diz0)P>%)xJ^oWyAnPcCtN&W zZa^&ci7MBWv@fU%+}--t%os9GYSgY(+iL_5Q5M1)nk0D=Dz^yl={@^hnVrpNq1D%; zOeR77in1qtdP2JoLEgS6@9&aw$Vi8orj^myj%zwRR=%}9YY#w!_2{PU5I$8!P_*b? z>h3zDpQLCMcLKGzNpJ8bCa^6GMlx8)izsm76tu_YQL2XdnrM;A{&cq#r#a6?pFlK- z_B|(m0vgz$=OHsahzw@+i-ERnN|6lpg!`ua^IB}SO2V&z=i}f3!;q_(@N!_IwXk=? zBqwDm9JTF9`P;4-)E$0!-Go9^V`l0G4l#H1u#S=5x}qUQzl+d$?Dk;WJ`H9)jq^*X z6FY>edfk++F!`4l&_pfHziOto(E&w|OJ<~s0Q-xw+>0=IHK&8V_fjJWWv^s(ltl+^ zG`M}I?f+m5T#p3aJ$C!m_hDne%i?7W!Xoq0pz~=8HzcQ$J`x(CExOA$? zOrzlzr$Mf4$C-m&Vy8GgAZe3d6-Y=W9rVnJ_PvjZc;kx}&Cu$=sW7@6wB)fe(?&l} zrFQRI0fS%GMD?cCt_*I`jLP0G_;#E2+%)^h1~W@)%b!+xn)8PRh!d?^b`{ zMy1=K)w#Q}h&#vq`fPOm{Lq%Yh9h#5u3)M9T~M9->%H&VscLCxx=hoqCCvicKA&mH zRgH&B1r^))mGmhhZjYFr{0 zsOqeEavN3J?i7aC#6*Po$@VmkSGK%W^$;L~pJ5u6DpK}&j$OLirxSrwZ$?XHdvqL! zs;yRh;)%>+sUI%zA~!#nu&6zSDGqdx(5A7X_)nksg7x^rtrnA*(vsEDfFZr0Zja7j?hXEFj@|9|?~JTi%L@zxC(#YH zs;8^6XuBTY%1ov>xE8wP+Dz)xWx|F$4+pB7I8*t!O#Xw~dm@LHV@D*B|G{Mx<&0kF zy|hC^rPuKdfU5Eu*G4M5<l*2`K4Xkt2gIAU4I> zk5*NB?#0M1M%=woblCdx*yKj2yroe%WpyT3aqC+)zOuaJUFaF{QXu8VzQ4ow{kXvJ&zT)8y}MCIw6~h6C;mnhp3*>#(rK-$bTEycL{X_<=j}>g~ivTG41=zI`IeS zdEhl*FE_O7bcPciurkaUV9SXkoG$u^3WMrXeEizZ@F7Vk-R-1bUq+ zKj;eu)1`o(hiJFc9>fY0+BN^#9v^4EfL|-e^W`1zacsNEsoBi;_;(!xvh5EE;*C8J zf4IZAWEE$Q&`sq~Lqm9%dzIU_8wPo$8INrizVY)FT1GVn>|yusU{58E(UQW>qrE2M znFj>9BH0bi+7YoE273hTgi6~G;EAefe@%#gF_szrf7pBPucq3!Pt?vM3K$Sjs)j06 zKso`H&;_K19_a!Bq=t?S30*o!iPAzxT0)OVliq7+(tGH=%;x#d`<^+o)~xdfoVkC2 zWM}W}-23X~b4iQaD7~BI^J98=o#qV5f&)78ibZaV>RJz6GU5GG!f60u|H4yfrf{%z zq6jfBUr_B@2ov97h?cf!-DMVCI}?)P8zdCHOkzS?GEqmG5NkX|Mwd+9j!f>^mnP$z z9Ci+nH8(XYKeW>xa9R@lc5g?_P3JI*C2wXF(Z;Uh_Vc2q)Dq}DHsrtQq~M{M;b#hN z*^y4_feP)dQT&%)QmPry`Si_Q&;WX$3r8G_cW3BqE1i2!$JBnEst%x@!}8!!lHEg`_cIeItc!M0Lr$JZIcHSe zX0adQpm?==D(MkOw5#xNYpqa*64&WclM^)gb>Mk)`^V2f=c>VCuM|Th$BWN6{@yC(95AVzpkgT`8bKDjwQ?u$ zdjpB85~3VRg2AW|#}DJSnW&11)m#qU+3?J%Zo}eHcQ4mrrN>}N_C5N_8IR)|kxQF- z1enQ0tojxrq*nq;3nO18lwm$@uI_X}rrr}2d0g0F^H5)u<8q1&aM#_Rqe5VyM6@15LYI6$@j2#Um@jE|0KlAN~ zW4am;xa$Bfex0@Y=KbQ==5ilXj=l9~T7R(Wcy8%5?%gGy*tQ0hJ=?#w=gLJ}sxj``7Q-5X zI;7#r&_yZFt`2Vq4eO^wb=uH3+aJC4q&?XcFC|ZcI>#P;9=|lmqDqBmP$*@?HwpL% zjO}wB95qMO-6TBWqW5$Gd%Mag%vPIB+<&1+FIp}}Er9fJMjsfw4pzwCvi)Ut(RleZfMH;F z$*_Eh6Y2RV=nXa7gI3ZIl;(O=yDG?UuOm3ox=U$U?tm``(D&*Jlf(G@dn0b%t}CbN z{wpQ!s9Ha}cGM>)FOVhvwkijh(8WVWZdT6*3M16nR{&TxF+S3Zl zAr)~lKtYAHbRu-+^s*E79J6{0Wmo_+_GHN_U|p^nnFrhHw%DB4YXPRROv{;y zOeVT46kb+RJ&o^b%|nfv?L9fzfCCG-0}Q_d5&X-27Hk9s+p3C_ryw!3;& zHpF6cg(2SL@e=pFx&}IH3EL{j6du2#T*LXy*Sf1H)sO=`%5)LI&;Et3LybvzXl87dG%4`fot zV(6r>!~fLIPs+((VL}fgLP^QL9a!S_dUL>uUT?{W46p3ri#x|(v1wnA6XfHMWt!|`uGb%5OJ6&ck31P6wduAvk(fQd@@?A zB8UkH9e*bWZQD(Ces@u5d_uu{v9&sR)-qO@-M&BlOU1$3;#iK}n8_8C`^grKEVoA- zp8u>p99}~s=*biYarR=~xD6ta1>Bs`t|h;lr&Yc6ouA!a#!Gw${=RDVSd5z*Oj%~* z5D`ZdULE&uo(ZdWI3Br(WK|SP zHb7Y~s#$6Wlr^$RkUZ>QWVfHc_@G77?3}*&*tndpkFgwdRkIaKXQlNLLjyW^i5_FR zRkLumq(u%AU{CS9$eX&W+k2#qE_-_xY2I>xFcSRU>8&cwu%4+ajhN>p351;09~eTR z@rz+LDx!=Kx{BlBoN`i&-EFt8m>Fv}H(QXngeAJx!+f464`6-qnc8dOa1%vRV^=Ll zKCJ@X{w!5PH{PQqooggnbKjX*{8U8@jeYFY47X31704a+#c@tb6vcGIp{vFGYG_Yq zSKAGWYgP_Z-fwmsW$G5PK#^KI_@Cv{CSvZNPWC6?pQ{24}Z zzUv&k?WjLZs#FRaq~)r|JJk{Pe{sm;Z~~LZ+^>DIDZd22w%zAyOpfX))$iV111*#f2Tqom^mRke`mN125D_L3vw?@6W<_n7|zW36`~r zTsvsgySqG$$Z-u9RrUW4=9RC`xeo?1cFu-u!nPAt+1j91m~RYvB1^K_YkEB%uT@h z4u?(ffw}BI+?=A|oLwz^oqY%9W4)V^c)`8wk^cRwG1ZrXDju*fN$2XG!7&+QDdfC$ zniaHFIF$Lb)Bsw>Wa)L{iBdGM;N$0r9ldwnw0{ruq~HJLgfo_4!j)IXVBFu|YO9pu z{a!`o>Xl#qAC;4)usNr z`^lANit)ER0ag&mlxG~PG8+g?p>u!ezF<<(HBmG%hOW!kDgM50dYEY*lI1^$ebL|; z$576E!=o-{S;BY!kBOzPv0S5VFI=p|d?lV))ON&Xe(NpaGXfrEOHsrDX7}CPZFj;N ztEm$>!3Mb8>&hO|Luv3I#|=3C3!63A)dmtsbCaI%7vw!q@i+E@3e&vg3#S0UYtQwI zTBc=!q%p!E?MXlsjEqep2^ulgha4Ts*KhfJ9WQ)KNP6OlE#YCG3i-vC~24G=Z3G z44pNsTodX{n>Uv3&kQf%+Svef@bVumo7WMPso)ZuMjY1gor%e_IkQ})9|K_wiyqy( z8DA^u8=~bhj4mFg*utC#b0@a%FH1Ss=M~ZcK~twxlwRkPs{|lIK8Wj|qoAAX%`x7- zpFic2k0htjX67YOrE;7MnA57;ye`kE4lx}4W-RlE$PQK#UFQucjbHztu7}Bc)f^?q zE;}_9{QR%<95+9fym>}XRzY#IqlIc_k=ArcA>T;*?1rB!0FHMO&Lb#9Fx{}wP@{!= z8DJ+D`;#6DoOOXmO#Z>_XK$6KZ9E(zCQU~3*$Mp(7jg4{mB2H)-*FKO8r+QiGH09n zqy1pb;s%&jbq3N`=^%Tyo%^P-E;O?-bt29-XC+@-@70!_Y_wb>CJTqkkS|gaF_fD- z9Uwo~5@H09)+qTJRc1+CcY&C$M_Y%DDVEH*F7%6=dsCHeoN2Y{abC)*sCS-8ZPgy# zfPZxwyE)r}hI1^VKJMok`%oP9-&XL<3PDIcOZ|sWE{;|l41ST+km2Lt&G>8T`|FkC z^Pe@yyB3Z(D5MFcLs_*yB`=#{#Rtsp(RwSQ*DgDiJFMNrncb($p=t87c zjH99z-29R2TTt1aP(M}oy564-6JNsUK482y2SoN2t&{G{oRw(R(z()DWX@zR{+u9$Td%|gLXT$P35@rZGm`K3)Xok6G4 z)CK4XxJlACS68ubmgm@4s?25|-+kc3Jy0HSpiZBrRm7iSwEIyxtfP#+a0ei*?>`Vvcc`C3Ws=PHLo?=kMCY91Xb1S_uYHRx zqkx#jPWxeS0hf|=;)#~Jl<|f{tda0yR9J7zevo$YuufGdXNpSXE_&D)7=9s97q@8i z20EUJUJ)KO#J{LLCZmV(uiByS0x{nbrsxx1Tk#jn$ajYegy@w-=_LObP*PDQctd+@ z%-;Tc&`J1+2%WGpULgU+8B?{vCM5%*FNheWG^d+oz;*5i!?Ta5&YwR9*iB+6MSU~J zEs@WQelA+JypL`6Qkk0s4&xBnyKU{`5a^@@4TfGN?b@ zGPi`8^j8Rwzu=j*iF}n0q2;k1%5hw?U6@xuaQiT(Yr{lNMJHbe?>VeX6q_>q^fdE} z101(J9T^>8I29Tkq%QPeT~hDW?c3~mK-3a5b!Xa?FIB>lfU5B#M3ukTWC`a73pe}5 z;pUelHCE}%tBlGs)Ek>*_?s}|o^{)*xG11ZKWj>nP^7fFvhl4$lIwo3S=b%RLcn&D z;x;wxB8Y4cd;hZJyt(QF*vEgP<2F=9pv>bnr_&4bv%c_$!oCI#l%rFpipw#6e?x%I z!`s*sdpn4I*o(fLBa*MOY}Gt^1Ne@DU*e2`yu}8)Ds@Q&n{`pZ&_-oU z2#+j0a~!T`Tc!R;8c^lL)M7W0zi@*vu{04fY`0(8blyKKUCK!HA%37N(uSTn+O%ftQS7PdeE4C{#eAO$% z5R|N=6@8`>^>WA45btoOXdEK>WK0jv_li_FLGB0Bcus}XLK?byrMR%KyT=Z7@#QZG zS&)BM9n+M6rTovyjMppjW&8_b0Mw1t?c)UdkcKEI)E^m*zhDpSE&D9%;=p>BGw#eb z!B}n5EHEn(=!E8u+ObP@b{_e9KN^)?c2f}EclK7INCHAy#d{YBwYa1YtRv4`27!qI z`lUz^(ldGfW@evoyOy+1?DY9+&F?-ueE@@6Dyd{n7aM)&mtF5b$j3o0u%`9zaq@;Q z`Tx|UMO1B{L~-N!6Lqp}cWn9o1B4UU01dmW7oS7Y+#6MNG4RyTLY z=j6LQ&#^c2eHy1W=afoAzm#NZkjm$JP1bc?uj0c`MI0A|63AbHmUBaO--yBDuPOiW zas8K`6tZ(ZyWX~VevBv^jCqRK3V?g*I48ej#(kXlHg{yRW9+-s)v96N7Wl9OtU2F* zz_t<;-k)C_*(H^WB~_C#B5a5~1!g$ZXnXL)X{iu9>z*{@z%cIL+F3mf zz&9K)j^tIS@q%p^HL*68QyUT)(k}o%XA^EAAQu65k_Dp78-^!WdnG}Zr4bw=Yt&W# zEnUWvB18#47U7vSQQx|^72Z{|jS8B%5UGLS8_|RJm}4s))b149SKN1fb@l3>+W`iv za~a$^i_!0^ysx_lum?EMKgA9HzN!Oltc4y+=GfMfh_t1gDHJG&;o=P*T9;&(mj~Xp zSrX#`i+jY+>CR0s!-mPFecvr^OeFbFF-0LHYP^0Y7zpEixgGzFWI68huv~3{TAXED zUXR=B7RgW7US!h3zqwGwX{L*wGYvTmm5YJ4awO7XcG9J<1F47Q!RooJ_x)gJEk}0- z8Xy=+7I^>EODDTNnFie%OuA|Gn$wN!#GS6%Js*`ZuBKzVy*S5~V}X0o7H}Q#ms=Oj zCcm8rqC8?B=nbl}sN41O`>zY!OriUdl_;t%WuWN)8oFI0SeD$L?pF_37*jOQ%u~&u zpid|z@X5y@N+9d_Q>ZZ=4ob|2TvRJo!ol(nG5hKtl%SCydAy4HetR)i1|DmI$DdW zMzIZSJ{R9*9( zI7jBC5;qlA{lXB>Bq_<>Zxwe4AZ5UFfGbzyP7vJS}nAjR<`^Kbwv_E&$}POf;Jk|{_) zPp*JlAP4E$@(>J;D$@1ht|^cdteP<3J(e4um1`WW&WSfzo;xaB-{o{3b~|Ax{>HS* zv;F}P(MJcV$4>JWtw7RI>WR9r*P?Dl!(3M^FgwTwAG*=EeWq^R1uwJRYYT9}`1aM> z5Q`RyQiUuI_jl=&3HP&i0&oUTz#lN?(2VCP0+ZhY{W>|qncd!pt(?fmq}vLVBli3dZ*%B=>^3!v05AF3!{9w@Amee z$Di+|Y5p@R`;Xi|4@XPYE?>X=Q)k)zkG@s&S5}*T=R8B?$(hE)#+jmVR^k+L*X!Jk zcv2&S-biR!cad1E>2Br7Sz1p|(091L$n5nPEe~y+>H0@MtHDwUijMcV6_No}9+z3K zpOh-rHcECDI(HM1!Rt9)We7;Ht zFqB0)XR&A@^s~eE1F3h5VG+;_2eZ<>caqM3q-Yc)RquZQxA8QKoZkB+RO;`k2$ibkt5YRQ zpuO@7H@&@50AGCtW#u)HIiju8%e9ekj|m_LofRXG7iNne`h0kg-g>k!-S`-ia+dxe zKK?=3c!2Wxmv3114L94!pG*CO!yalA2x5&NL-TsjpG^t;F>XD$3dR{p8TnK+eNJv& z?MvG@!}l+<*$If-bnTWP5JbABhWOPf&u`+P6VG-}o$*zd777O3q3ghgK%KyL{O0b7 zS~f-%%4~kl3QqMyN8toXYJI`s0jl&?M8==XP}h#8gnq+oQfH2Stl)I_(xe=hok=;b z!YRB<=b9g1Dq&xt*{I5OyC?ifVI3tHyk9ZeIZwQ`iQa7aF`7idczf5`Ii*hQ^e|B+ z-i#b!C}36Z2A;8fc3@wqt}GM9uz-A=7JB&W*^h*FyE($xPgaxKPky#vGEd+P)fX*E z*26{YaYe$8^TMB0S^3TrxTA8H-FFb#+;%`p>%Hyna((U`SO8R>(wj6YZ!vGL0@YNi z&(%`uz$)vE&i`bPR1awYr`7h;G@qw(JzieS;Gkcus`dzs-R0n7@XXuBlC|vdR@(0I z2bKmi|FX{9f)0U22FTPXg4^0TDXAiL&)hpM2jd>n z>USGj7B)Wy)1%ATxfra3Kp>k$^@nCza!~$H*7D=8IPVAVltz&kCLez0X9ZIH9F(AV zn4^&~FId^XMruWg3z&cy?as%bQDwR`_1ZFU5q;7-mD~0hz5qDiS2jgY3F<=*rAU%o zUL)*5$!q0Sb%!sI$|q9>Q_T~Y_}_I44AfK?saBKm%G^uJ4ZF(0UUrc3!ZcXdDj_p^ji%4O!B zDtX>s8Dj%lg3&j5>u||yF@4pN*4c9=P+xApe8BRu@cX@geSA76)Z%=n=lk~~HX#%E z7{pq3x8-yx`b4#3)#)Z$+TuQCWM%HqN|VE{j-p_!W)+ z6lzKk&l~rH-`nC`-X_euaC^ch+;3lrvFsadX*o9NsZ|eHhCx0tf9_s+ z#_PIHwWxo4G=N0clUYwEH7AquME{u{y8U!!S$J>!DZ6RcxwpQ$x>r>SkK>yhDO7uz zOHcM`QO24K?uK0QV~JAl^vKF$FI&x$=itGo>)8CfAVE?7h${oy<@p%-e2tV!3s~@T z?M;EdhjllObUP(dPS2E)@Hi)fH>KVyM^VEC)`HgZ2D@v8d%LV~qX+biOhEQw_*v;> z&1e8h+bwAyVe7H1W948rp33Vq|FCgc)GjbRC(G!@G`{}3oVvf&yR5Bpx=w3!ts)F!< z#WJ+Iy>~*Y7fXdB4r0L7R2cx?38&e8R4i2qmg!`A5kDMs2nLtzXl1`V9r_zU85=?Q z^qufGqA|p(@znQ-xv2YrTW!sU%$c&cjz~ymmm`R_7R}`PRDo3-v~M?2)qFZI$MXTz zDGW5^TU%XL{hfwXtf)q$LLy_DiV<(y5Zo=>6I6%Q?KLn@n-?xpALr=4ktO5Ote3$% zz4RElyKvZ}1roJ)BN=%te>&O9s|ud!P;Lh}!+avRB&9CKBhJ}%$brn?mFL2_9)D)h zjaW4H_;>HRmOQzwrG|onY;4oQ%7a9GH|8bUGU6dSk)NV`_33c>TtM8>$cHb~{3DmL zjIPVm5akW$zV5c1o+O&eKEIb*a*AklP_d^zVu=4Gn?xH*?8ykPB2~~a&NE%@iax_7 zk4qR!D`d5zR5#XNp_b0A0IaD1ok@6uMRsf|9ViKg<%rIHdN6@jk06pV;1)ojVzF;^ zl4(PSq2;!^u#lGd?Cn=P1`-wC%%Rf9sw(e*y}6Q08;{Y+Qj`{Vhi0`&hngwFBervpQ0bN$oB1TZK{&VnJK>S2OL@^` zFzWblP3+#YBI_2KtA0Ts=a3G_KmqqZvsVFrfYhxyWs#T#~aW~;jIO4rmEAzR|S45UO9}oKlpU^U%8X4gPh(la5ZNXoB(|>@STCX~GRZHRuTC+mE)`^lkLF7#ps%_r-X!7K<6&If?Tt zU{|+c5788h~ywAfh> zyg3FL=eEtwbg2iK@Jy+*R@PaVRx>5x)iNgh)5Ettq@z;{@O0Cel{diDwL*CnqSZVj z2lzPr?@dj!nD_M^L#x_{^6}Csop)U;5QTB6L9y#!g}u8E$%-wq{B9}~Y!v_8bJ#at zU2@Wlnxx$cl^Cl;1f$k=!XVFpJI{8{^>X7XsAd5M5s$7xsHDxI7wil2QhZ669KsyN zLFhU%fS;bPy%+m{snR}DHP1_mPeIvM*H>Xp%yWcLST}B8rxnYX>c64jAI%l$12{531Jjygs}x&CyEiWI)VaRA@*UO5AUxp->)Pw{4dg>*Ro;mhu6Evkamdy#sae@+jr z7Rz!pa*n=b%{o9~M$_mrZP-a8h+yxo^Dps3M)L?T##fi~P?uzcodajQgezko zy*AZ zL)yuyK;6G48;nB!z5V|_cEK9+Z`04IJrDK8<{x*G-(AMF2gkG)q?|8M_4@BGqtnXdjnt(*V(#{a|N*YE%D$^YBd z{C{lNFUwnXDqda^LO{vKmDkj+k1tQpy;-GmMTXU<{HmYSp~-b^TAw7~-D$%g7net0 z^Y#?{tIV>!l!>8XVTqUL0J!29O!}S6r@wjd!|>*&?C<~Pt9smJPfs27F%U+*a%J!u zz;%F)tbVegdgK4n!sV9yuj~KEB%EDI+8?2(ufO-uGXy|<2Pn-PMQWn24;WQHgGM*0 zPv^pPb#=*wHiYQsYDnR434=q9-9lCXjQ4euTM<7?O1{N@tw$Wvgvx|(;()aMFVXsR zDu8ZD8q`Ov7M;T$Uiwa#>pfji``uIS&!% zS^X8N*0d2h`|Gc$ow?Xz{|V3Ey&J6jcEj!Py@I(_X|lo(=~DN}*LGq&$6wKaOh>SL zxjUyU=CW{=*A}6jt+62Ey(Llp$I+mC8P46qKKIZ^ph)cpQs#~4-a(xT_G6-iFQY(b z)xS%)b-n?2BzIJ-koMNc&Wav*Q+xjWZs0OfE3sG53i}xIDL+92m?n67A1`TfF<8Cz z1ij-q*34T_6_Fq~nDs$Kh~oPKUbW8Vw z8~cgCV`QbjeeNFzyA&m-4+<+sj_Nu$=x9nSV?m__$DE~fHBW{84hlC{k+WKYN48b$ z_66SIi4v8*>y8guqDYIFM<0TG=bH%kABVv3N`$L?RL#4N4S$qts2)->Q6GQ>;Q5*u z4Lfg)z$}TrfLgo8!gcOwt;h4Qr1o|{w;`9d?ctki6@kbE`zguuwaLz7ogXMrSws!x z+aK-!P-+bIpKbKxER{NODUgBl)r&+tuWPc8fc}15gHC^u<5+$?!_ozZPBBu<9jlq@}WZnphLk63Uk>Yn5;F=?K4gQ6j;N4N1i?F zD3N)V*w{D~B)(bNJ{0Cc!oOB&Z#K{*>`hDHvoLuDg>KO!E$#==SMl}D#K2m-`)kDwL`>R`IVMY}mju$_u_u6g^e?H>RqDVP4jCO`@`{^RZ;891q=Gnh9#h-H?PIqFJrIWJ!H-=TmnjbyN5oM&bt=&jVmDC3(E zhcB&8H*6jc>#wN3eCf-TTTO)~2wJzE6QCKt5nOHp;^=f;j85sc17AqNSVK;#k#Z#o zA?x#m%7CMQZM^6TP_OatvaQmvv*HMxSY471`&U9JKV7jH#7;wml(myjhTCyIvfNF) z7j2u--Bp#R+e*JzZDoG?Lq2`nMZ(h5JL=pWbeC=)3{k_cz5evihUS7&o3}FS6N+5y zquP3lH!6*KhnH$ln6`+|doZDX?*vPG+XW-e8;@m_MkfL~53s~tV)V(*#sB_61+5AJ z03eK2`>Sba^fCLs&*6khJT0SyR7LJ_v8Lu<>_gduaTT4xg5hF2^)?mnZ9)pKy5rQb zd4Hk)d^=|Lw-4k~QE`O?Bcke|%gqSlIGMitV&8RiL;Hlqr`K&hZ!Dd;GEQw>JcD5F zq44|PxT7fZJ_2c^!_w@{2v`7^tTZbu%(LWCy!EtI{*!ne<%A2Lu`+ubxo7sn;mRu; z7P|)SrGoyenDQaFDME7%7Tpwl*3b_jV9OrBBz^X zJZZZF#qLE`9L{z;Omb$m75d21Y%u&79Cbg%K+@E6j=HF6LaoS!vvRP~QyOo1+snhA ze0#}2b19C2UT{Ftb?Ve}wlE;4I0$tvw#4YgG5DvA<#gCao(lnP^LFtae}IqX<}e@_ ztyyYM=4F3whCR3h+~=Kcy%zwW|h-9T3irIQ;Jmsw@sG6nJKgj zI_@O+`yJ7zmw$%FxUeX^Znx^)2xCmNhyOuQq!b_I1ncJ6OIl_7>CgX{nJgUY$K5jc zBK%)dmlG4|{mTJq^;MB_X=D{iJ)0R$O^ieic>CtQmg3z#Jao_WUQtbaHsUnB`*oCi zf}iBc!nFa;Ysb5He8bJZ1Z5xI%&h&M-*3V6Tnb{v4G`Uc;`%MM@rfa`&5lTcw1Ycqvt(PU%n(1sZ3Lt+qRd_8;6br`u$@mAc!s{0Xh7Zt41gY{NyjF!2#BI z(bu-cgy|+ZLYC{>II6Yz{x?w;n}#gjK*M_N>NH@ zz`hw?Evs4@R6Zs!+|l|EqCl~>zVuoOkA>r`dQsADdn6S%2idAiagLX#@8=3Jx5*Vr zj%!uzzyvXoYd8aL$8?1&_L)4j1K?DU@KdgKspAmKsB) zJy8e5^!OUCdxOl_y0VRM)QIgTU!?nhu4*M#Djfa_Ix{mMOws3Y>-tdq-~=eLG7OVf z{N<_4-x=$xAf=|8A;`wk$|`yQeQN+X>Ml!A4YALN`WTkC5pN6=@G}c-dD=Y^W5$8+ zDR1CS=-kd|O2T;HX;4+&lfor8UB10G+Liv*;5l60XhlBRB2q12V0i=GeJ4{J`PSH~ zf%fz1=Vg;0l-MthOL5K4kW07ozg9NiG6hVIZHK`fICcm+_AOe+HWjc5m zRV4}56fHK8%I1p{+g4i!xzNUa4i5TaucxJnRDc?VdF^2N|58rqRTs{=3R_D56cmRa ze;HhG4!_~$L4qDGSu2&a#Z1C-d+Hod#b-^ffyi>|!hEsC40 zm8{$Kja1AlJdqe4>JS0aI)7uNfAT7HYnk@8(0^Edx$wA9VW=6TL6n0R48u~tZG0WX z-^foKHj)0Lo0HjOs?wAhF_PUg74&v3Lu6Z=C%pMC<`_CtAi#`5HR&3c+8(VGNNH zvrtiAvK=lA*(0;zU8-`Y-xXIcM0V13z#-v74ViRiL?0A)ar- z%d6vV#mQrI;)~tI&UES2bgzRY+llhP(m>eAsE5@pjlY<~a=+9wuQ69_G2{BY|Ehgz z{*$8_3vTYbtrjXv(2KF1ud#kz*H7Gwu^X1eGSY?{zSv2vo9cgxnzEG^mMRiMx66s+^m z)lWadqqnCsx*I{j2UF}36YQNq701eTdv^F|f-~0(^79$8nB&#i)6$aZYYQazANpp@ z6>wfm)IIWt1=bl$=pU@DiXo5oVd71}uqy)|n!U$zi=$lfd0Ax^BC$3F_0+WZ3jod} zL}_CuBuH@wo^t2fAv{VVgtRZQo^*5h>~56yPVO-dnRZ$uwT7s6TN$_iUfPnIqLG-^ z=h+RDQ~(?nBM)9V>5GzsdwJ*rB*)JDr@Rzz_cCldUp3Htd*$55jf}7+jkHkq7mCZU zd9FA>y2#F+yYw#(k2ZG>=Z4WpvXVos_lO>H{jZ44WI+6AiM-#oJa-=YI^5UKTgYb{ z^};w`QXhcHPoO?Dw7Qw8#ReEACdnzv(6P8XljMdle3FswNlZ zXRCIUk$XY+XYivIF6$xeD4W6f2CL!2F%Rrp!w|K(Fnt8&kkJymy+38`U| zXt|ZQ+uz2*L+-+RU#ZO7!JY`6`&jN-&?iY7I%Ks8Mwv-FYpYf->o^UmH9J;YeTK|F zbRVrX?U-8j!M)8;g^Cl~FnG3^-w)|qqRTuAy8i+-Ce}1JXq3fWhAL4OLc_qOz_*a8 zucy{de~3Z{oO(F{DX3jG)@g702xN6*@^yj>rA5k}i$Ablgd{FjGq6=R+`4Dn;k~SR zlYtlz97RMz8yX`~id?~MJQgl{$Ml_`t zp2F}HAbOrT;h_w*x}Fd{gDBMS_f4%hG)Jge=3VHxNvuUkNMwaPEPbKTJZmh}K>6&I z_r`68_>}lp&3M1~TeL1D77e6-I{lXNFW*h)X z7IX-yPCZM5uZ8vZl?Fdu1x$vEgpXzIb{rB#GO=$)ix;O~)RwtWML6y-)4D3eeSL^` zT>7KmyX9G%0$J$TDsgmVsO5e)(nxl#vPDZ{KYg{m1tIMYfna{3&^CJR2UkKJKEn;-lulQM55Pa6>^mP zQJr=?xyFQsevffxB)z=1-CIC&St z4(8{D3;osiiKc4(uyGa5htJGr%7Pqd#wlLxNLkD##-8>)wVfr%Yq9OsS54iI_{XCX zBBsDv3?GO`eLlsc$|~3c6B)-FoEFB#(@BtC-cC~$k7v=-+5nbd4$i+aneFXT)qEy5i|C`5d(#_Xr|Ew@7?~0#A+JiQ~_Pc&z&r&AQmbWgx z9MPPzT0 z$dP}cMUH&|ko7-c*yzhSMyLIBlH>xg#S-zc@=#CcK%WEDUMKnerAmDrmSJcu>CJcB zFAg(oH{J81*6(<8ZfwS>!O<^{pCfv5tn8QlMo~a>LCUz1z2P#)c=)%!5{q_8R64bE z$%?h^Bw%G}{}+F0qS9DMrYIw`sx*!3u*Tk_1QDwn{`h2N=(;2wrH1K3BKUR=y=0z` zldI7%Uo+J8%u?jZ!H3w^qbR|=PIzESH_d%%@oG3taU!Gh)3;SGGOxdG3zcCOyLk2J z(8r~-aA?-~u69z^hT>&tZu+;bWqEL#kUE^J@tEKSSV?<_bzIJ#x>T&2z&ywcXj3$?(% zeE>t%@0pZ&}Q>#esvl+I&vQ?FqKyUgPJ0%k*XH)s_4pUr<)J)j1I$-BRo)|N(e zd$@GWT)*<%En1nBxD+AHC{a9DZy>cZx_M3oXG)=$*|U=5r4HisZVp|S8#4}1Hh?P> zSa4c=c3GSc-=W~I6*mjBUw-=$no##tUd+X9GgrZc~g-B>u$ z%CcWhuJRy%!NEi@&8780=xVpnxbFBw)k@IWt<`P%tG|XV8-tN@Xxq#pd8p=AC|UX~ zW?n~o1e{LSTRH8nPt!UaA1}& zzfFAb9bGv*Z1C7qSIZYHA<=N4M9#7K)&gH5&=KhXxh2+NPY zCHOVF5U5lAhOc9WL^;>DyjmRgHYdG3SAy$Xu2*f|4Rq}@*?B6!sxX%Ul+$Q*!Rwb_ zD#5hENQxh8lJYK7Vm?)b7 z0TDl0TI0!|d_PW?&kZmbbUMK>(y<-B% z08d{lrbq`nh{OwVe&;1_D$!61qsNxcxdW!1GxdgMJjZJ0BHGG{TZ`1~S%~UWzv&Kg z%d0jY5`%6TYUVlh52d&UOZ$7gTm8GSNWnL;6Mok@zJNHjD0~q1JcCg2;-~l2T(TKh zu>5qi(K%UoCx*A{+Ok^n64|O=r)#IKFux3Ra_1im(*ui zf1g=<-vyvtuKl7o#mqZRPz&9vM|GrLs#bb-%(e0EQiAqzF1%#mC{)RHe&0vfZ&N7w z4n*4Lc7fZ$kxF-HR-J+Xp?^3?-~C6F*Q7@8yr84{j$NFIszB-9)~a3zDr3e7Z05wB z9dGX976g>un2Ov3X}nl*>weEImCjecqr%Yu^#p@wY;-p%3R}&oG{O~MLT?j3saeH1 zE;)?(_GK`!F}CEMF-Z`C(4L+VOEi|{y8I@qr@CWGNX2~!vN7GQx24M8=^dP{iUfh@ zInd?mlBsw*kkyW~B549}B-Y0O8(S9I`1fs++XE?&j6_b3`Q}8~;WYQ=7B+ci_>ZQe zGy|ZzWtwvUI=V?Z{BHy#w7A)MD7$|Cc) z{E=@)9ro7dgo;#<46it!NSzie&p;}Z-SUc`*h{Vsv*z4Knd1=|@cO=N$32U6zQ`D_ z8+<&MTe%`(8M0h2O*D_QIDrq$mT>HeR5Qm`a6cKw{NMwzAwuSXs3 zl~omHrOH0ZX4`kbM3!zc!jn|oW@Et5MB3jdRDoH~SOyBU%Y!NF*NimIlL~su^6qyZ z7_0V64IlMFPs2|D_5{4Zv8v_GB~$Fd(8U0CT%z(}R`s)GgcY5R9t4Vfql}>@nv@N=M%cJ@9R)48ITZwCB zd*p6Goa>XhDAu}6L&X!~G5j+6^4hY$Y_Ll)AliWET#v^gzp$fwz9V&Hz-_j4lPn?y zhGa`CJIRy29~3sm_cl|%-lgl{ly|s@;fRZpHC4h*Sz6O{*?8=%b|Zvk&rqBQht#nC zo_R|ZS(bKO6_q9_g84{w8Z3Pw;yd^Il}>xuUpvcg$3mKTRPc5aX$}+`!~gYOq)4DD zv=!EcR_3{IQdKpI;jbll?DB)@$~Q(3getbky6a!|?AC=H8fs(f7ORNo=c?p-463;I zWQIj|FW%X3@RoqnX2z>ciQ8hi<)UaQTYJsp?v1C2#*Lg$*cRhtq}8^F!kwebr1Pn7 zC_ZSFtWefEy3Zj)t4M;mtL|}H;7(u+#jlv&Iefgo+6{&%8$~H9qbdy zoD1tZ*ugT@q*;dBR6CYM`iKBh$?#l#Z~MXO%2vmlX>EDels8{_LSvrfzDdrwp^zy8 zDBQ%3TUQQA<7PzF`v+1vHNQGVWYZ}V5mx&KvsC53?U#51AD^wQAtZ(Q2~=e(a5|$f zE5G%yxMm3aLdwO|P8J+&;ug}R3tvLKfZlxAk_mmNep--!N?pVb_KWE~=viC<`aw@dS#urdNkIJUjp25u7M5YUoaxmY!l8%K zN^Bi(Vx6P%GIuw|O1q(R120WK+0(#U2K9V*0@rrXH(5f3d0O_;vl(#*b^H30A2NRP zIz7x12~m|?anVPrLF-($5$qt}$t^w@!N=B@O=9GdtuEJv27`_kIO-qnBpU5r!AEH` z9cEUta&<;zCLi-mE1w=Ng_h0XDW`6ajP0#hc;DT79Jdm>SGaAX92LARqV5u*1X45d z_jvEQy#JAbOb1Lkul*VhOXg+;Q?HZK{PJJF-mb;Ih}JTm?aq}@rOjXWo|qj7v*%y@ zAMCwnR8w8oF3hdB`Y6pHf`EVq1*8f{Zz`cT>C&ZlkP;$YMIcBs^p4Vd54}q7(n}!p z8b~0N&^ep?d7pE>G2Zw8H_jMm{eivMBzx_()?9O5^O|!8P2C?}KFkU39(lgI>wPwo zmm_hJa_8I}*M$G{xkP8^BeX-;#$$TOsY8qfZ0hPEgTx%sp}pFL2-=+w88yvT8=J5R zi`6=3*+=5mzhCGzZE(mI4c5`@#CrgvGTtju8K2tB3&?qx?303O^jEJZ8-wX()>=S% z!&=-HbSzJrIZ#O?hfT-}F7U z_FO;fviBPLK7RACf%^$qxi%xK=^*d@+jcag??T`HHgt<8=*`Ne^Atq$Nh~iNK#+}2 zd+f?4a)i#%aY9>|uipC(q^c|u(lHvRA$s?eN+$xI8F|C94VLGCVQi{vt-6pcmffjm zKt@?BDZ|-%AT`9wX4;vhezDw)33%}He>s^yUkUKY2g5tq(&RqT!Gupo4!eeoo@ZsQ zKBS~jgDMki*U%cIx^wQkBm1)`-u$faiIp1x5^Ft$vL%TX{eVPQboA{kM2SU=gHq>g z`f!cZtA$I_7C@Nf~&L0u_$w*}1GIee ziTMg4+Cz_I4qtcqp4s^)7tf+gwMcp$!Oy{S+N*}S6l}Dda5;nI0XTqZYKperkpS6@ zjXnc&5|h@+>e^Z=Cry~HUE5TzX|%)v;jyM&I+U&?#jvj8sP@IhYl{R~vetfZNiPX`CA;s2~yZ zDJQQLxP6F@)vS4M_I~i$e_L=bAh!A=tCv7ts5B^9MBA0tA)N%n>SG4t zQpUjDNd5S{oBA5%KRwnFVH$z{;sc4JDNj6MtRQ5(NWqMxGyd@Yq_C(aExB-|)t5c$ z6p9>YWjL!n?5p=XwimOW90>T1@XzxnDZj@=qYN61gSSdTK1=}44;7!1Q!(tiPSPbS zWlxu+k#P!pBrOcDb>W3Eu4%X(HeUO+a6i;2kX3R~x9LZYRo^-JnT$v98K4tEx5BtQ z`uNJ3(p4wXY|lWe=N{p3x1?(GcHrsr=lYoBA!GKRX+Y!7)>4oX_gRY-U}+M47Rx9` z!dVX$*ec$HJFu96XS_1Xler(RqCK>ps0+INu~fRQ>)yEjcMhVX)fJ@Jz(QJynJ9)T z5;O5zQW0qu45_LDOoE)^=T3)OQ;=xR$nJITJL3CmQe9`?ZV{fR)5S?djx@i@?!OF{ zYw(y)d(%bXaq7c7G07ENKv$n%#>!_B^jcjUHGSj!13Cro70YeE(9l^v!i3A+)T}n=*koa_);8w3_G@ted(ml5 zu*8tr_|p>f;iIC*TB8Zdhtgjs^(lB)m!+r6ywp$fXC@qxy>W5u``6eQwdV5iemx%x zJQrI!0$rQivi=^BM~?sgFjCHi8KK%1c-sSrDDwqvKYeOjVW?oWa$_rt7$bY7{XU; zD_t@8s!(-!5Z1oU#Y(q#Y@*gr;hE;E{90UP_m6;Hn5|zz@ugCwXofp~qAD z?Dr^U*|PX>6FUNzO*6N-mFG3B%Q~TP6WnT zz!%IC^iWN{C7nR@1#2GyUaqoz&$qW^`yCLc25_x9O6MpaQZ+`9DZGevm}9DKFe~y_ zsn9jDwfC%?!Kuld)Py~`m@Z!U_{CsA1&gZK{9R5^A1?bG10=|;_)7XB3w&8{1Cj5z z9!P7!e^Y(2@t7mv8PPE+G6UPwlmUJ-l5fmF;oPOnDXvhgS#dUA5a(8*vD z)9rWlEZ8`eqaV;yGGgm854cGy(2B}hLQZ4@eu>=n{G%FF>v&p@DxQZA8z*}i9r?$vrfi|8OGvSFb8jzkHMxFIxNJ!j6Y$pfzx*!#iLFMM$_dC zb26hOwcC>>^^EwC`cFvCyZM_l2b1fKQ+1-L+=Vz1CBP~6@7CfM{$#%-WuL|3`!iZ* zsrt=)ked5jS`c#EP{K4}f8ApmgVSEM{Yc}iRvxjgjfmc++S$;ndK1}S&?ie^sO32A zb^Kzwm=p707M!-%RV=b%p|dCKbkmoni&+HQxS(sf*$`Z_VfJS%3;Y6_Bx-!r6MfRs zyW)N4&FS3htBxSk1gKlgJD2m5<$;fWR}Tq&%%R7)!P62Fc{$E#L;T_*sD!?xrs1?N zMd9jDwp4YNo156dy&SGhofVy4c#wt(c-Ne@lMPuF~Y()J_ zZ)sG;aT_yHg%!N(1 zR2e|U9gpd7EHS(7W^Edoc6vHniwVdS@VMw4G1HoA&=Os*2{WSOHQNx^KXVUL`p!Gw zWmJ2V$_;hcn#~s7FZH_K)rs=b70^GsYZc*QjGF>>W2KHFn!CrR!Jo9rIS2WsxR(uciWjL!;|~A4F}ppbPnQp;z^2xp zu_-o>??V0A<4sJRp|TUBA_ted*=7zqsCdhq29ZYY6>jCVM`T3j%G;8H!k-MVlV!JZ zSa*)5UHvSn^}{a4f7y?fMO_I!jDyN%tEeUM{(h@-+SSG`Tar^f@y;W<f^N{f;8Jzg+86@d-ry14(cX0MMfaI2oEHA1t5Y+5$=Ms6I%U zptBT2R#E9RP7i)wWTKYkpj*B_m!Z0U8W^w{Jjp%R%St6k*U(*GE3xnSIq|2qzC!H~ ziT2mI$WN;eO#FfZdwvw93g eI)Tw)A(#Ko3>DJ$k8B7ain~s)#uodwNFRnWx0O`Wyvhd1Q0Z#)2S0uAh>Z~M6rZDB z_rP5;DUrhs^ZtioO+FZ()IaHI1h$~M=RN<>+{{59TEzkpN!1)%x`Dk#(Fj5JI0G=3 zin!Z~dJjek@h#JBq2(_C^R1kd6`?>xE)Nk?JNd+NhbnG@D!KyU6yd3%!XQRh{Of%( z$w|Hyi|1D-yCpOYPfOn=<@S*7_ZDP;@UF&!={IMv#*I6qnf-#jP1bG;SLLK1vrpB{$ zZslZ+Z`Mye`6w4F$7||)VlWnGG#}zK5UQpUknyS+3s(m=ovzmgbZ81Ei$9<>fs2g7GJVceS} zWq{cb6t2HRCJfy?%G&6nco^oXT-X>`7eQ~`5oss`nBz!~eZy%~da{0!;5-;?NW2Wd zxl9EKJP5-htfc3K@I{W5=XhP@LszZtidR^iDCl8RT2> zPO3y(5z~q`V zcgu2^h@So;su|0 z5WcB=dg(x1A0Ou^)C^r*1Uvf2YD;z6zqgHXu+kA}y-hU!IZME96tOaA*A{_O?PGZm zG7)8|lFD1-UucN>eK>Vne&I;!j{jt?HO-Z|S@Zf>=1^atWSyY|`WRZ6b*DN3H|2LS z`>R6NJGEH8-q$R9Fu`84sx_at`4v2Ob)|`t-gd^JEFu5x9%tO-2aOeknJ6r^)c;GLHQ;yik0e#B(y z6rPO`C6k#Gp-W(SB2{raeEA|g1 zo32CukM!u!HBb&;(I|ecQKG$nG$*5axTS7fkSRapa_Y|58VK)mWl3A48AD=MOAj;W z&$0$DhbW!)IHL_nRUkOC8($r>w#FQ>8Uf7(+8ud^YjM+^2E|m^PJub4yko-qz0Bm!0 zQ>2H#TBBQRs^gz7tym^5&t{K(%V~YEe2+c=zshgYzYx6Kww>ILAeMK}pp9)n9+8Sq z>>MP^Bu|U3=IET}U1+p?Qlxksn8oyp9+nYGJDezv9j89XGdy%_F-$ zNYyU#0&DaN#^KwfE=s49{zP(qYAXJpfP!32PtUqYL--DvxO>hTuF1E$DE8hzaZ*1! zHJbEq5nVl%MC+VYj}JyMJ-8S|y9o?`sQPP+L=sJ)UAXEK^iKLFxG}&M*}KEH$1h@J zE)ak1Tl~z}A$Y)eJqHUI-($xZP4FWNJHho?t!tFxntp%I=tZER9^d2tcwWj;O8FOv z(hE2DLyq#HR~y>ymB2RhQE@Q;(bU6-Kn=AA{JGZKrcUitQB%^=YJUSM&g+MW@4ItL zYeus8UHBL~4<$5GN@7w{68QF;xt~3I#>&dNhe>HZO<>Nl;45k8R*2@XNd&R|z6MXO z+tm{v@9vd3at9Y=1{SC@R#Kk({1#A?S&v4i6vyO|_`?6+_Z@c|%f9qNx2?#&{9m85u~D7c zw_Z`�#Vilkog^B-{1hE`{$BQ{UDTiB4HSC?@(tWrsM_Ee$2 zup|BRlrLM=bLsx*oqvD-E|0phv4{!{fD`?^t~Yf~I3$Qp7++rl7bP##{5CRqZxgjN zD;a8*Q)}J+&r=h9CdrHb-xt?6|EEbf{-0<1Pv7;=4`2W1h%}{tAlCoyo&Ws)`K|)) zzjXo~FW&&Zvj3qm|IguYEq`ZS<9Gk9#s4$f|JF_P;Q#7}x3ySE`S$G_s}wLWr?=Dq zPydM`5TYg_*MR&&PL8vCQn2d?bUKAx0`vPi_9w6>i6q|YYIv?MEv1tH(`nB7?AbRi zVAr*rW$54X{_)A~CL;rS^0oHjwNDUDbshitnd4105Djy#>b0)?w`T8ue}_O1qu~FW zz5jof-tlgpCi9`&cg28EAQKu9V^#c*B1cEZL(#N%%o3&8uT32%+&JNBDb-;cY`>Z>kYI2I0!$x{QR+ux(sS+%nj{3lXoJYxAD z=%Sji<)R4AHEi-mg8qpDkn}e2wAx-kxWBNa)eN=WKfpXj*!9cP5}*Jf6g1qAKRwix zQI?hvs&E<4UbZR`^T|T?Axg?+8__qLIW|Ao%&g6p$IykR)gOt0C1g{<45WI8n7QBb z4(c_zqqiN5YGOcIQ-&O>tQgN1R!@AVze z11HU%@l54F63?9p8ni3Sh+W)zKaim##)gU7M~1`@+Mh3H*Q{(-sAbt(**$K&_GxI= z7U4BDY-kuGjA#?54X-eH2S?zqz?6%Kamp>d{{C&JP`5%fVTGT{r%J%&vHg0ybn+_M3 z80gfXBiaQCSD40V?H334Ig^~mOG$FEk2zZN3|tN2*?{#)-iB~LltGggU@^_P$rZc= za(F}?PwD7q#fS_q&OHn+RU<*gn5y_@GhM0Kc=p_S$-M7F7Os=;SOr?I4uq{jLS?G4DKkx`%Y(#%Sn22QS2*>W)RM5q02bD=k+gk z)eN?Wwv%t4V_xn2sn)nynJyUP3bUIgynctzs-0o;8Wgi&_d};^L?mWKUUE{bm-dgj zn^m15d#vJSg^*!48>v!B2PZ#_57KBw3lp`-mKaQz-@SV`fi~ zxEMdS_O6%Rl@GwUM8Yl^3qs{*BnuS}N_In#gF-($Y ze{V}R9qSkio@HVcH*oqhge1o7C{wL`pUA#bY|N;rcQ#J)<64mNC~*UWLCE#IXw57B z((8J=YCBf^=yGK+Yq_55&N1Qgk{UO8A>eOR@A6(hO`|n7{8qk~fTr}V6cHrsZA+8l z1A%ZmU2vIlC&f}~KjVlUCcvr}!p41LlH|SfSbtsny)=-`_}ugDi%X2WWHKd)*n+L+ z%THFxd9TV!~S&5=*A|izE18Ou6@V% z9IJsg9#{WRB1(jKobpPF>9Sxg^>UY=BJW= zjh9H(*;<~FMx)wj=dI*)DJ&!Y?4*FnE9mrm7U@01{g=eOz}%^22eV=BTIZX#@>{vbEOqpBB+ogOf~Z1VI#eRuK|bv7f^ z4fn9u@m=quz;E3N#^K(SN##A7o?OS_2SzUKN)A`SvZU0=BYfT{dv@yS&MbUj-d%~y zFT~TkRPpTY8$Cm`dW@~63yGKa*=+01dc-zegS!=>d^!wg$#J^(7pTWD+dw5GT9`?6 zlCAg!6jl!P4iY}Y%}}3I>gLpuZ5=mrGn|^VzQ20lhc%L59UnYme%v?lama}sTsM__ z$M4G5ekj|_%g>h2d3kD0Itum34WSrVY~N`1$rE<(%=Peh#ipYRP|I^>_B^ULMlvrs zPg>#1ebew`OJsP4HxxWRLrOc6VOVBR6}*?@mo{DMy~wSDO-M=*)_J5h(TVfy9zvy& z+9he|isno_YkqpU0~tthQ`Enth!AxK_ zUTCYO>7fxg@;<@5dm&)av!GS6%6kz=s}7`H$J86mJ4(K?HVvC|ZJ=;M!p7i=zh?CO zsRnk`#P>i9l%?t8FVhY)WDmub?6N38Czvi1iJY$~bDs7FVo#j?zraOhz1$i1`$ExJ zhC5qAb`(xA3_Bq$JjP_CpD4BR^Y;fThJf>H4>5V0OfThw<>6tk#p-r666$FF=oS;_XP|EWU=zC7^&2TH-dUo%o4^~_yZ<_^6;u3vDn`G`rPRXn0&rnSK-l)} zfvNfZ-F+^VBz^MIPU;Md)w|10#?&ToTkgiwJ9o3?t99Ff{T~{TJ>){+lGdZD3 zJzDqf-t>0&)_q~4+UV<(SZy!zu|tQijv?7@hU(b*QM#FXOgO1RMl8Sd7?5V~`5|YC z9lq)8!M;D`#j70~2rxwZn8YI^jj}&2Xbo^$m%gtsZ1^*6@3l|(m|V2J5|^E1G8p4k zwClTnYGtO2Br~AflKeQWrhJs&Cpg58D+Gaj&i8BQMD6RFd_w)=q?PfCYq2F(+tmq; z=M0_vF0Mz-KZZT=a4*ztE@4v}W9QAa=P|CjA#kqK)=+M*ZL}clEi{5A4F6m}f8oO6 zhqmV+nzz((3#)$ho7TNeO$u=uFyV?M#|SedWs*O0rrdtC8o-1 z^v5I$LM9?quoJ)2q%l~XcBCs4fVh=No-&dB4sWr574~TYQvZia6k!-yZBp<%V60QB zZyn~_kn3|<^+#^RK~DGikdNGYDFIu7`{IHA)n6hz{+AhoTM*j_1H#1yLk|=Njx4A- zgP-V!V~t}cdkr)bc~aURZURQ>6C!!Y8_n=}iXZ1ay zerg}gy)QfG8?iNTc>dt$T3f!mjayNlF8(-;3|JesPV7f+VIdHUaqpG

kab3H(k# zw-87kPMqq4P3X+)X_&m=1of;h&b4+hOKi=2iPHn|JcFnj(B!I%a>V0Oyi1*`z^TM6 zo{tWOi7iuoF6t_!(fhdJ8PNr2gCrh_c_eqH5*=SV=a%4hthUa6!FWm^Ys9HC+(#%& z7Bw!5jlt6%ji!fxx98pI^Vz%IGtbt{i%{@hL4NV~K442iNX%0UZVdn-r=W5-Rvue5 za*)S4DzUx$aQr50?%t%3_S|kC-aU0Sawzd-wOjtUd&`h)_|VR7V3gDR6<}l&UGb6Z zturk}zahf43zVQTV(%Zd|5(-2ciIY$(_#-&)#k!R?ftU7 zr&~jIjvKdIB31W8kG0o{g4A?{2uVi9km8c&)JHx2_(Kvg5h1(TK|nCR9~SANBlDS- z>|uG6d3Zh@46KgysuwS9Po5#W%W!MY90?5j-d%%TYJ(5ESSII!<;rfG8FCIF7uTbh z@-Aq0l^isf8-efe@Hni5QxY8G8Wxlx`G@vg;AW?~w8uT63InoaT;@)H8uffRUkO`d zP6I0Rkg(b4?!W!jP|qSFRQ8C&xkekqc!5m4q9;0vI4myy{H3;4Tr(z_Y&Aw0$OZON z)w6~QBhdR>DfMv@6-9|yw*>}94avkF3r-$1BVwdNbmx^4#Ph#9zq3G$4jNd<{b4r3 z9-L@Enl?0AYr+z02NncwNmIn0N>YIMVpg{k<_Gmee%FM-DJSAXshN) zL>tEPh$3CEpJBMhF>EVUIU>N~!jv{l0}2}Mn56*ubD5q8CV@wwCkMZ69_A(`=(9;> zqnF4|-wO&>yKCHNyOQ87_LCjj!lnXD*BPh=B=yc|*dbOkC$K)qDx)_>XA<&U`}G3Z^iXE`g1W`&u#N?(oQ(T2-efkg>YBZu!piBA#onPrju`}J1^%fl@}?LU(Qebah>dssG?_m0`EI*i?QCQoap@!OqD3k!V! z(not83rQD;)p=^sC`DYFM9;HXyc`7*X4cgDi0rKONs<*}Mh6S@vLS*tTK>$Yfbb%ij~bnl@v@=Z3%_sA8=rl$=wm*tFKKuIwoCG2J{pppmG89_ zBOwMRr0!gpt#G;?X}m0Ec^avqy`7A%f^aFGjsk*8m+j)sT^?G?S}$+2d6j|uS{*1M zcg}31Qjt5_jQQTRVnK2=T(Hwsl%(@A<)UvSDge{6FFhAlL z$Gx~Hid&TtE!!H18fi}B<+XIw{pgG1bq1|Bqt9Uq zq5u$q`OT~%Zf>Guqf#%(_!bCbvTQJ%UlQLzxyeE#=;oypcQR1{05xo_{K zd&=LL`3@Iw!*#MCsHz?Y#r2ttozvSSD@@v{>w(4s=}AU6ckoq|Af65PCb(K2J)P(a z!Q0)Vm4(Nb7gM;VO3p%c(ed24u|_!)`1~QbQ^~=2XjlP~N?#8YGEZb>>Cm!W@0{kB z6!)XJ&!CUunR7ko*pWOjSr@Q)6|)|vL%!E&xvb~4Q@J*jCO#=-UR}YvnG&D(%4`Dr zGCXs05B&smlINH6ymiRbjg4jUEf(5vdf*V(b>L_fcZ9-Qz5gP!+-$Rg=Xf^uG)Q9! z0U&wiwHsDECq}m z%(8Kw&->Jqcd=u46Y=qa?AjFKQ8Uv6(h%dG*t|kk8Ya6vR`lKm)q5OLil6?mj|2h4{sTtK#EayPJW9AZYlDCcalC zsX;c6AMZq)6%nCXk5>fmNFh7wxRi0-qM$v7c^BL+XJeDmOS4Y|ms_q7$@*%qxq}Ro zGBRl|%U!mGn?Qxf@=PPYXo#8=D``c z%3R$q6C+f+z!3LI72YVHzhcjNtlXTTKF81S(X@kGFM$$-*e__>YTkkr-$RNX*lzs{ zKU+RPKacWCtF1Qgcukm8CV>qyZj_q(#;b6Hhi`|$O*VBLCU5<1!M&!PvzbG&_s8!F z5iEYQh_F+fV3^@-Kjrlrt>3gSfDYMxB$8d65d&Wtv|&o13k2#{`|0h)azdV+YE>n3 z(Sly+mqe9clZ(-cGX4}j4k{dv&oCW*&m~Gw+4-*B1E2j_U}V_cPZ3uXvQUwm_XCfm zeS(04IZ@S6A7w;Gkq>kB47n*?{*k^$!-K$_7oKzX;vy4XGr^7cbg~8rsXv&vEQI7o zmb#{Gkxe!e#ST+2t%9)m`lE>-iN!qJzG35v0&!JTd1OR|MgtZDLu#^D|H3SoI;<{C zY!X+u*Qn4PZBOru3Ub-&mKp4*+sveAGBR`FBj*o4AQm_$jXXcqe21%e;S@9*fFksk zq|JT|RC!g-tlHSoSi=VW8fv*qu4%P(Oo(QoMEShmEq~ zyR6nZ_9?&QppLTjkCKw5ZDX#KvWV+_kH$(c>kKn~TV3?~`})r>5KLGHn!3xxgxVs^ zGNZVy%4Bf7U9yDJn0q^%d!HwSoT%FtFvs(@=iJW@RJ=<&No!}CoNq~zOv4Us7U zM$`hIcJWj8<5k$iIKjMk4H~GSW(Q%<{gveuORqKghF}Q^^JKsCAG%FD;(fMbmSBnp zDd+U%ug(7i$op4+mkU-g{w`;|Kng1BOB?J)Iby@NwS;RVC;x{`pU>SrN05RF|sQTJ_IV^E%Ye zQS^}b$6>rm8cTSF+p*inuFagd!SlvpZy2a-K<9ikkRC-&`wp$k1iqa@&>>CwdppV7 zRcTILVCyYE-CFR+M1iwANNAqrKqAdNRg3;`mtERybFCk$*W$0%>3jSMMuH{I6F(#L z8a|adKhs^(^S;$6VcHx0q7y`1&$cZ4N-*5q{^I8%tWqRsDIm_x;XWk;3%IyLVrN4< zzrf1GLW5{?xN9)cTQ18zb+O1`+@v2l0Z*e|rxSBA!MW>4`iFOjt(R<>jomx`)GjUQ zn;zQu#prC3KIEP})EW2WNIun}-fFGt6*WR6#%v2Z_s6M;WZJXFPR$EsGgBEGXH{T_ z$=Nuw*9d+@0S+QPzRYU%#7EROerHjBawOiIZF99c>N%7P7!nHYKO<;P#(N+6d-m5E zI`lC+431y46uK{0HD9JuJZ$j!lmDPrTy{GV#bcva=^Bx*p{IOs!S)lQMjn(2P@Z-A z`&Q9D`^TvrhLNY|Y0)lx1w0e=%H!>TQuJul_Pq7PwRk*vF?)g%k7si`oy?-cNk`|R za&=QPV`-M>sa* za;~Fvj4)GY-{fe8-AG(eS_ipqbxjR)22+`%x>LQq(3UMF0YV(ZflBTI#&0Z`KtcF$ ze8sox!?XK%bpG$p#$ z*Cw(QG>1|Lcn@0B{>mXY5ckOBM8;EZB4ZIq$+J?v?0S&->q3~8SZ4R?avbA@@_T}Yt6uIQ!vao5tm9TXCk6i^w z|Cr4|l&0;SYc(+DE}*!ONotc1gU0uF&ZszOxEyRR# zccp4RzsV-RC9)ZhcNl8_LINtQ6F;V1-q>68X;-?U4eQ0(XnCS&g7`#@1l ztHP+$$q;s~km1A#1tx81iO#bV^~DZcQ=hw}Qd6Z%p}1{nkeZQv+I=3A-+zMu%a7yu zGJxF=LlQaJh+1NJ4tXX3VFxEB%hPFEJ!x!GSi}A3{+(@L3Lp=;Mfgcr<;yn<8 zZXdZEb;|KhOy<`RJ;+_9Ej_y&q~Zr#!Gh3kmrTGhDTC!oNL29J`} zpRPjVX0#Cg_UU^`Ny+8U%t0P&in!lSCGVXN1K{SaA8qDMyt(wp=j?K-?B|+4Le5w! zU}1%QH+-IGFwmz`0;+dm-w2q-(TlJZdzHDV=)W`;BPJF?{W08|%I)csQd?+sa-x!Q zFA*bcQQDidpCnDemutp&hAbFa2kP0xTrk{cco0mdnfUe^7BO{A8+1Zmw9c)ogIh%KHa#o6pFSQ`nq~ znZ`VT1gcouG|<}={pHZ^^a~f9!(b#&7nYf5`zTPJr{@lb4Tm5#RG|5_l*uX;5t1QO&r0ow+>YRb#<4}iBff7fYu_3{<(dcHA; zbZxdr31&hI-t-ATOO}%3^C!LB#4}>G!&B*Cp0u}~9n=|j8O?8}Vdlm$AM)CJU;AU% zZ;g7BT{^^-7##LyC37IFON@^d6|}ha*4|{^si#)1v1bSG&A?HUTxhRit-O>*>Owak z@#9zy)s(yeL)C3G-&*yXAdIMfNcZM+MrtREThcyqMk%@(fXi@fVGJ#jUDLnCgt!*v z4c>Z=A7%G9ZyA=ieJ!9{H+B>)sDq1%itek~e|7CBTeTnExD)zsM=CE6BPg=dXjtz~ zBRj&;=;iKiI2nwph_gFuD?ADY@$K7#P2~!jxXLzEEK+5reYX1)Z;D2EndsWLcH$z_ z_H0Fw@OGIjo*wF~@enxy*BJQU^fT2Mquy%vgaSigLTz0zM0Beq@L9%0g?Z&`Gpu3_$i|Hx= zhwoGfrWM8+89(2L$wm3=JqHg`y};OTJm!>sc4UzZZx_1~o_I1%>{jv9h=J&HM5sko z{($i{MtHDKe;cvhtoqS4>BAVCnt7qo(mWFN!4aVkA*rM8ZMUP<34=HM$>PzwvEY!9 zSLk)L@yv5BYYufo3P~zcl7bcqyXe!jU3ayjknCVZ9)4`j8GrGWrgA8>Z{IycuFQQ@ zAi^>Fz*z30(;-RIaSYlS{(|YwING|%v+qjxb40`&#{Hej2W-%Anv1>{t}+x$U(b%> zUG%N^pvyzb3eRFT+5_hvjg{*J`BS^wUk!fpCOT%_aAadj_|=#b+ECCg42co3aaIS* zA`{@>wkRMR3_B-^kbCZIHnXoG`2szhifu!wBzuld)aNLE(2J?E^z^W@HotGd-SM6_ zBxW*mAqtlwvK~=&^<({$GmEEty?_m{dYK*SlCuYjm{p}6ro&8JI@RYn5ktSE1t}B z&G9tiY%;n$j8~EM<`tIR)|{}DS%#vU(Z-i&`_kBAFn;p%uZn8JUJXKl1D~j!(a@cg zJ^EMH?+Vy8d=nS6x{p`ynM|r48&iYS^7sd9_XX{Zt2Ks-R}DtaVXqj=OS`b)ip_LQ zd6%a~GjXzA+a4c`S3-WRy0X&UAlhZ%)wmI7u_dhM;7!%IK2eaEmRW{*ZF>t9T7A(p zx@&xgPQ(Au+taYiq_0o`IoseFy^KjYhlcd^V=5(2kyw@{TkTl)QzOv;IwGO+@RtXDH0_!Zjt*q72>+@SYG+UjKb zl5}QaksgHBLGpmBo*lkXN#K(0)EBK*D6Uu3EN+9T%zFg_D<6-|0s!#|$`?*{&M)xa zjUdk{F6`srD^7Ta>yrz1C(euW%+>7YH5=|YNLNTVM9#pv5N@5;@m+2|Kq3#b z%ejrGG0x`sZIbyjZs-=b#mk#C+;0bre$~i*SZOnc*s{51k6;SSFUfGPsn6a)3Jpi+ zZUc-R@7(@=r9l5BC`!%a>-X^&Za_G9J+$ckTT&$Y1<+Vi{F?Zo7al zG`u&KCmuE$lIuHF(|VAp4+5Rtc(EUEX%kaF-}vzlt~w*G1ns?htP61qg+C&oHTwSd ziC6wN5AdpWdpFuqWD4fndre+ob*G7ie-1!f4A{(*3RiR7IcU~8fTC0gZyxq4zA5PL z*6{;mH>kaJu(M^-$@ECw#!YK3 zn5R@x$^G2r)#;uTBEQoa-SMz{e# z;Sm?dT|dp-b*@|HS@Cq=la1~#qFvwUh!a1}<%wGY#Wfy|rxE!5mlj-{w#sE?S_aI? zegYR$QMzdc##gK(y}x9x(#d+=aXZeRRdW{EITb2r8!QWZ21_id29gV_zkS1!j|({S zZimBVWfi$Trffpu`?vWAZIY?=2{L?6M=2dFKvXqI8aVR}?$SJiJ2 z@MiqLd!(2$gB_^Mt&$RPtV09s2(j*0ZTucKs53P%sGgvh_VlUe zW;eHY#5^Y!ooll1*b%Za#pKmkYAELZeZE2Wv%kBO zUjjUm?#v>+nbO(QH)1b+FuEfmrH|Y+AKr|53RbTO&4AC|ooW=^wP^lg%zAGzxm*|C zJ$hUn-#aWZ{vECro>`QAgK4?H-+_HPA+^ZLa!*&FPyZ=_OQy5d$}42CFcf*}I6D&9 zRvj8o_27KA!$B$NoW{Z87T~4p-Vjb%{qCN+P^c{}HYMbFMrxq~fuzoosX_81?AXC^ z)Q-)_PFYCr0b}B-r1PKQhxAQGHfjwW*+?@(b*RD20moBtlU*^*9n#bIEXlbCY94~} z)2%$r$C_#GZH`;_2B*`vodE5-_028*tvEsI%ZC|!;gZ5Y`iQ{=b!g`5SM@nA?Lnz<0LZVx&|8i2Tdd zY_k8QDeFztO(BgM+|+m>I~H|uLDjG>O7I!)woAIt=*-S-h>x+&pJ zfQ8l4J~Xb`**2wN@L(w+@3_}USqKj@Y~(H}fPIb#@i0-;*SFYJ9($g#pd1p? zeKFw2wzPhc2A3PR1LCfp`kXtY>$#e|IsWNC*wfx$tRK6~Tm$^;|ZC=EobUt#JFzb@lcZHyhY!Y zMcZ~_?t-%7#n=9^qX!M@3UlS{7ygPOq4+YkVbjsNGU3tx#ol`dHMRZyzj{3Cu>c1V zkbaB;(xrDeY5?idJ4o+DdJU)?Y6PTrBGOCfy#y7c7wLpRLT@328VDua&9^-B%>3@( zckZ3Jiy0;vh79br_gbIwe!bUL(?bWrf~NY@9pYjpKQgCAXoEP6^F7teavpN;yLqe? z7k9k%{2T)PPG~rp=tW%J!0FBNb>^!_EmgTsf_`|NcD-E*eP3C~EUaThmA&9Ldv5m0 zQRf-|(%>`_h^rqgy-cBE%N349e<3SUVE=kd938wfetcU_BeqM1f|-DS@^wq7-O&oX zY}jEf*9x5918GhhLq$^}pZl!55Y#zlGUu24ry6S8SuX(zr> z|KYZ{xASa+&N?J9)G^>vI=`nMlUI?)A!UOe@qLmIN)^i|&6+dz3Q(l8-Ka0z1ydQA z9kSg>VH3WK8zC6i%I=2QXf=NS0&8PH)Oww?MGoQmufIA^|Mq5CjN8+Mdeo8d)V!O6 z0)EZ!wp}~Y;?3(kvgg3Gb46O)DA`u8M}#K6&w47ngO!?AS)$FU7h*Y^1&`rQK4<&w zecgt4?lPUZZb^0_l^U*B8oFJ06FX?yBD^=hYU=-nvVLo`uP<1WN7H5hNorDU+Q0$tYk(LYgP^^3nR;WfgQWJS%MhGBHHiywSR=pH}aA5lq?!KUFFS zrnB4s1=(3n!Z#k?HV96gGY6|su-FtNz-qfqgL1~?r^8Ln+HLa0E?B*1>g_?=4Q~A* zl#3w*Rb^OY7Y+$$sHXU|^{#a^bS|-UUFV)$Oa8JU)-SZQ&iYqx z&iwKNZH_OxYZ*vY{Rxjcp~n73ztJzm8+1d*ZkrbMc6(VFX9gNKG52Z*)|+hjbJ?7AhHeTBz2)q2!1Y0X-Zm#64&*w~cw6PKe zi@#&X*IiLTaLGPTIFuo~_T(-&03o8ZA^4@hnd@_3y7;U~V-a2_0nqAgKIeC(Lm${* zF|oWmYjb%VqhE;-;yy|lDJ&IC-Jpw*-==A(-faGYnd z-CAj-w9lE_&jo#Z874jM3?Aao&iAjBSQQzil3Yx33(NM+FX@uQ4z>|x9Sjm)*rR*n z;a)ke>)OvNVY6SL9+$y>E+3n1E0Cc9?BrXUecLRUl2f;?a!RH4>5ypzI=cdKPcj|b z`k)H;so{mska?avaFEunV6nL8UXG7Nmbv&3+()H(ZuZHRDy$~!-8Opt8l(7zWG7X9 zFQ&l>%IteHt^rN{i<-1ddhaL#gFKHPbX~ekUIw&Zu_#lCLe54? z&?OTGyNT8JKUBUSbHD&UF|4oRlW&A>=9*Oc?nuABkyB*MD1ErW>t|j z+v;}47ACrt6fG4W#HZ39#i zU{y0HN_}|kULc9e*wgJDt}t2tk~bBBnlH0=lZzdbFi3B$f?8$H?7ojzZH(-NF`BEE zwnjfaKS{*yWLipx7#fkr_cioS&%^~V_oJ)aFI*P4f-6JlN)9KNI8vqYvTapbxXvRP zZi!Ow5Hq=et$-?Howq;s%i%Zmo$vDR&X<4s?b>IBr1prA7X?0f#3_fGqoVoioFntl z{f&S(FB`V`^<)^QA(&jVY!MCB0rcCi<8^eoQqZDNIFF~ITlSr%f=|kRh{ye(iXk7jv+E_+|Txf&&TLNFqmFJUTT{>*U` z@hCg;_uDyvP!aR!e_$g&$MwL2x>KQaglFxJKj}I;uXm6(`S36U*O@igb#wTN7LtSS zxbcj)CC%gM!g!)QzZ4fpn=5drYfL(M)^WCw#m!lN`xL(d2~Itt6T7L>MCCMj1S@pw zKKMuLg)}{%RCW*pQ?S+OR~pdLn_l+n!(o(b$0|DJ9woo|#dtVW(8{b% zrM==JLYy03bFcnYbpyJQ-n`wabFsEZj5V&>eb8vCom3@oI>nvbxxso##k;Kn#kCgw z{D2ScU}=Acp9(b*KXP)OKDU)Ao7|jehgPfIPXdUXvE?N(zj0qmPyNffao_Z?SHqgl zqUfqJ`Bf@#j8@x=ZTCT_ZlG=j+3PpRM{BvGFNgvG=5AkJkS?sD6sh{n|D*} zzUdisVuf^;5{qUo<2Ri`C>)a#=YMQXs%F^HP*c~U1{7n`>Xv2~+co!-T~M1kc@N(= zrj*T2j~kQa9M_LNJQ2g2jhUqnKYcYV;HHFkUKJ#z}UhDS{Yu<+W<%YfbuEz`n-Iu-?alZM6hg9sm%(db0y>v0Vi9UJon zeo{a$W698EVV`=IWI{Ih`1Ea>>;FVT$ur;N+hV>&~!eD$5hrDw;Ezc%^6 zE;(CdpN$m|nOu!a7WZ5y6VHor17nk(tb($Mjj50~^&fqrN(S$%w1u8iDB%b7EYk_Z z+V$8RSoBEB6G(PSdu!nFv-K>IAg9DKE$W^;-ye0Q5j{lVhhCYD$KLnu9J_yowFBDle$EytxvXN#%fDD0^eYx%+X!c*NHSy!&(|W3Aqe za(weKoQ`v60%y51aXjMq(~BQ_15yXf&G#BN7AMOzTV*OWyQ=HTbUXf0{pK0bV9Trk z?g|>C3ikGKn?W8g)DIMamUICksveKt9>^K;M4B5509v{%9q}Cx>`JZYQ%T?eILq+z)&KCK{$;+2i|LRqfs4aEpg2u^kl*`U3l^77@&j~^d0-7Crk_a#LCVR8@14E{4tuBEST zTVj_#>O~oY9QCG9Esk68Vf~Qbz5fIGvI&LmLy8UxS&f5&^OP(6R# zEhR+R1*>mhCI3q43nug1YlHD~1OKXz_X$N1+Qk7ADncG6J;Ex}XL!&$;N{$F-k zbOo!c`)5p|&wBoECvgG$Co5~kecLysUXBXjyry7ret!Obz(wru6ws3=3@?HCKKHy| z_MYm2h3i6R=P{$7#fjMUYwsI>o?O8)?Qac%<%wLRps2|G3YDjSbr$dcF;1GauB=M` zkMaL=^uY7@|AYyEocUgS=KS2;makl?%LydV=Yj{2%u{*_@GzM}lyEJ83jHjvzCZl( zW?q}j+}xb`*8TqQ#y#^ZAirj0Ww8usbb6L)`KHy-0F(IsScTqq2tc#-6L0nd6TVCC zk}+JG-1+if?m8|(k>Monb#!wr^gtlum8NOO*|SsIwt8sAgVj@9)CnLFS;XivI2%SOJK7qIZEon@KVxXj0or^4IR`jacultT3{&g$Ncr9I@|s#|1A zMf@S@x24}D9OFGa2A|mYW&hbgl5<(k>a|RrKdPJMta3i;x#4VT`JqB9>kURdchSv6 zc7O}@<)2GGGf8ufS<(qg+-@7b0^9s7&abS=zpj7$daBV5X4-5I$@d0+FNyq(BIUMvS*gnzn|rX!KyY9uPYkN1RGr!ua1{C0v8}Z+HSY^M z-Z+n{x&94Ta2~;aVeD#`+FA0Z&!c{;abv7BWwMNGFv-m+<^U*_Z)V5T0sUpfBtpjP zYfW~uO&g+Q@3E4JlnLy0|J-)(ypnX2A&<1}pWb^B{GlmehP%9|=G@ZF-+8ZD7u^b^ zlA_N2giII_e%r$=ZmSChFR_Io?w>4vi>kUkVukQ%O7bn6EV;ZE_f<0K;(c6-oIcx8 zggFzRo#X_i?W7p7pYplYFIkJ$08bJ?Ru6ptH(AY4HCN-Gn&ibCDi?eiry55OR%b>+!EP64{gH0KHhFx*B9%+1P+1&FOLv&>gw!Q}VCMAx3inVcJ-1VY`|`9+jV8 zjJBdeuxv1QWf-cA=c4b69xjw7n{J}xGHY~<2+rOrLYUhoCA6gYI2Kk9rb}Cp zG?5OYB}xdPk`Q_}J$^PIbcwqBG4~69<3lLtExCy+N*eM3$epd>a`&ZKANa`F%-iGX zM%XYxF4^qRkHle9+3%j^`#(XT2VxK1Wl^e9qmMYh!C zx?)KJUZqyaW&To`*vqq}@9-P1j+sg1X;C*~NoQ&?R=l1dFJR2cUaEg75_g1vaW>r4 zn6Euvp<*he3lMEic^K&ZrYv|puP#=Bd!k&2MC#03k8|nxlW}al)gs6|1`U`G)L6RS zh*L6@petQOy5OfV?IQ*|YI53HdQLc)b1gIN7`8 z{Wt1#fRZMh?%<;2nQ5p!ZFNf97pv`3NIXf(Y-^tEmJ>x44&gj>SplwAKv;JTv#~Mv)7i_6tNjKhtiML9Qwjv? zQ`TggzatGa0a2YMucU7Boy~G5Zhm*sF`B423KM#kAl|9A&BXrGoI&DU-}3JaO;!xv zzJE_;l{M?dwibPgeu_Lfi!%{yo>SA2HIKT3MODv>#~td6GK#vI_Hyy>50e+*9a2rs z4hth@+;-##3(J;%ZBNK^Kk`i?C{6*7U~YSFm`7+ix36xA1$_H}8WwlzJzBHcp5apn zIN0oJRdW~TU=aR`xAeS~1#UHvrrtDPIM~ty|IWF*-Ro22<>vz`tI|XBeSL3Vf*{rT z`4;sB9h-Lg>PgqUY!NrPQkA~p_n-sxXqmKroW{V$u*PWs-Tgkn@xYii_-DECBPsjo zPlrZcZwjg}C-Mqmih+wKQSbYDLZoG_mK#~d?YgYkw$ExVPTnE-L(;iL%On)#PtFdJ z2z$yM);8{96H->UuQ1*5+seolK7+@N{-+u7+0J^?hb_`5nTpPB*~V=cbgEoO_O|+% z#X9lwd5Bu?sJt)l(WFhY->M<9Fz^LX^=9wFT;Ps7rNx;sM>?5za6KXdIa3j)azOAo z7SeLa5AxFL(Q@_zO`=JZo1+zAR&>%yUWZ17Ny|bitZ_(}dtK#8Kl*ozsB?eZvZbph zkMsIri@naV{GVD>n-)_N7^ktr?d@`x!7p(DB!8BA3mtzwQ>v-JMe+-_u_^-FQbwbQ zpJ!R%1NB8wMcg;vHHAp}jTY|g0JP8H9kl%s*#{Sly(8*7NYrSatk8NgtmNo?#-BBw zr`Z2QMn>ezWYxF&E3&z%TbmE$anWP>q321~d_ehS@Z0`dHv}N8Tc{yIsv~qxmN@0z zpwc{vbAX4Fju;sONB@x*SbvF zhh!Pl75>8Iumx8P;RW4R&qtD78D#FoYL0md4HNy>#_Pv0OTZ`DWc1dFeLX=URHPSov9h z4Sbs-3pRFkFnDLKxqn0Y`P1O(kPQmNF!asaO77+)#5FZq!cs>KOz7EH_*l&je2qWR z*bb?LNwM^Nl8|uwmK#ow-CMJr49x_Xgo?;{~0+=|eR2fAWZ$P z3UO?@mWV#Yd_R7`)GQg1HN*`+U&ZqQ;;y=?$~M2{ubTV75j6ZeJ9Xx=KHE9M$nc&z z#hcnKL&qdBQyy7+H%8q`u*ym|W|O7I&1Ci1y3qnUzEimSj^Ik2PW`7LhU38MpR}_w zJ3{m7o3FTGidW{YG@GpuMUxJM^Z7^}eBWO`EItf?md6TT&)Uw!qM#k9^Mg7h0!QF; z%_ie|SAp}+d(M@_-6tFgl#klYIkoLqwg`&Hugh9#;$_(9l?KsX4kHQYDRy5Q_Hnvu z;HjYj8-?}Js1hogL>ATi`&Es)4ebT=zI5R~pVGR>;3mH*fG50f504f<-O_&Bf7HGZ zHNE5&W-_9V0JIqOwg>S8@*|de3k!|*)(;e(N(x%7ZT9GEsIMUzAyKcdQ^6_u#gwa4 zkLAXrBOgn;{iu0f-)%{jf!BpXJs%#JKL6hNB`#C`Vxnx?mVeFXb=;I(F4Y6{$<1LW z3oy!M@N-kuWfhaL8KP3(i@!)_OI&g>CnTDuTTioc2AoOITQtU7JW zpFsNQnm-AjBF7C=m4RzZU1kbD@~NLxWNUe#em(N*^fW=In^S zi0D6264;usw*3PT^?m!0jBVI#sneF$j98NOG|xhh*?SnOCHyPYC0hh|Jbu@kp_)Po z=RZS2rXotY+InPmJM_!dgkE1XC+b|`;I2D!Ax=>0<{F}k%2Vl0oKaH;q5_P59GP;+gL@8|(4rPoI}LkcU$6ux61lvV+$_q)P2MGL*E zfKtKDzN;IL^Fj%rj9oIl1YX!1R1IuX(k8nC2jIA+oWA25^-gM5VP(yEke;+}quJ;` zWkg*fzB43x0kPTqWz{WC7FN;|r7RutM5mWf^vxy>eEBA?kROOu>4xgsi2;Esow7Nz zhXq*I36?(IkzMWgk2^r;IN5T5_HKm&h403dLj83^4+o?17mCP$U?02E9?rF=w)=CM z_KPc4@wLA`hoQUc5D7n*zC>o3&OyfEqy7MAJl&jCqYhk1E9=EK9hcijWV7;#%JxxM z$4iBLxA1;hcIb~ELcKtk&K#w5hfPRq|6?hz$064bsYppa-zFKf9U?Agj)i?-En3dZ?;hC`?XMlvRm z#i%;hxXppkoUNoMSyq#WJeAGX@bNf!=wIJo6KUj|*A{1YpI>P9;|}photcK7n$`Y5Lvqu8YLm z!H@FlsZVL(78W9;vO@EmN#w2r%66gfNxE8L+uo4fE!|71nMB$E{@zq{wvI4G9KoYY^# zqCB5Lo5(m6edM|L7?CWM|`7IB%|=y6aOL)@}7;y|o!CwmMrYPpsHM z54Q%00vL0U57v(#WFMMxKtR27({%BCLj)ls+tN{;i{QGHTwK&~xrA;GiwHc5eG(fD?6da1 z2vQ5AC!k(-&Us>I#&;q|{;Q6~gX(hI#MAi{Gn#n4Az7X7^(StH4M_JTO2B&3@usJq zakI1MWj9Ipbc}rcg$_EU-}<{B<5j67;3EH@N9wh6QZ-16BD=}?vgW{vO+l}IQc=Go zO;~=~z>V9tw?v871|xju85aZQ>#}Pf)*(XYnSH|Dx@uUEI=~9w1q!xY-Xu|Am8qn; zJb6RdlV2~L!=2?M3#}y*;G-h|uk5P?0)yd)e&qURF?!Xx$?BL-dKx1;6%BU;VlN&t z2!NapestcZN)xF?y0e*WuNEoy`GheRnKC9=U$h2JyG^i9Je%j25W)=Cd(YY`HiR9( zdTS3fV?wKsD*(wycDnm>>3-Ug$Dk2H{>Z0xPavKD(^-#}!jh&R4`-aXf_zk9d&Q%lDao}wCa^?vS;vm4M+sdh7R z3J7$|?AN$oeRp+rqKEbSAoYQPj1Jb{vGENGlZ-_f<|Umlukd`l=CU4Rpn#GpwSUmb z*T@y;uci+ToU@qL>rOZOI)AO-@n*INjD?3?6v_YYs--CG=VAHtvuLWTDXu(Y?7VN8 zQ=d{2&#SJ;$z7j}Ep_dVSCgHg>-VyFGGPG#-vt*-9Olg@WEBJ+XCv;;bwD`M5)<1 z)o^T-wP0B2jb^=>#mijB+114_T zMuj~eqj8Lv$Q2xuYpBYjp;1!{`K9Bu{9CoiYH?|&2{Z6hm!l0i*l{MBmgqFWU73A4 z^|KS5qKRrHtgNvWt%+$ut8yqGi9Fv;YBq~kL`b(9<0^A7v-UHd1Y_G0*UIFwhGH&V77jmF^yFaHkD?_Cbt4Yb{;@++d0^& znPNo&_iG4$QdD0wP>ORl()5VUfW0{D|l3wjhJWvF_4}-GvD6&ws%x|n z(51_+Mg8?S@oA;`Kgjr%`&gd_>0=R(YPxuP197jd_Jxw~!|ky}t+lII&R0H&^x&iF z`6&ov^y_Saz?GoG^`vxpL&+%?*}6i204N;!LM;Z_JEqfzjFt?1B z*4LDMn7#0(&7Q9EH#r-@GAjWy?OPT~Kylu$`Bmok{u7hu%o&n?n)%+x0)e6_oF=J= zoH^&nGEIJLfv=PoZX;V2y1lOVVt`{V<;Mr8j_*j&vTkOijATb)GEiFS@6OX27$a@7 zn#oJo;5H7iTp*BrN{HxN(x^=Gmey&p=+~Gzv4of?z*USq4YcrHf|tx!dhu55pw)IMu0SA6TVU&R(gq<$MsHdN%lhU{ z&>zj}dd9ZVwGa${El^VVg!6h#wAuak<8xgVwkp%u?4Yk~YsUFW-XXsR#QjSzP`B|d z-M~EU+!N92V56a)J}uDZ$7UhPi~(j7`8hOS`BV@l69VJ2_1>)lj(~fR{`@2D0a5a1 z<(+`O#jz=w&g<_*OIyp&C5gY-Mp;bD`B>(F-kNF@u5L7rO}^RxXuI%z0b?q+4qYKK zy({hDy8#Fc5;F^4TU_J@@E1I+TA5A@mnnL_qwMvmyE_*gHewvSIsT*l%`BwP$VoTv zM+DK0p`m6Lvz((FdgD?OaCb7`+?kH$i}JD~ky z97z+exNLkSkdfv+yByxiPLC&?Z8JG)H#!j7AH(5WJxeQZfcsjRB}K*orcB4om+t7ck0~W=`vd6A@QU_wp;~X~Zk`gN zM2cFNr$~UYo<;Dh!FBz;>(>aGFW5q4?59~iK($%Rqh9gXL*~}w_&PgpF_&1`S4=BV zv9^gkRyrC&udiwHJtRyJVGxs8jKt>aqVyb+w%b?DXlAAa5u5G|V$Lc;gqu1lPW6le z^>s=@BU`tURQx$!IQC-6LYlpJ9Pm_M7fNuo55;C_H}kwQ4lCJ{C7>qb+#muvJfhMh-$@^ zA;CJF;(RCld%#$nben2ntkY?>5z6b^7#Fl~5-Y36XJx0Czin?GlW`0&pA;&Qh>h?;TCG;Ao*Tt1iZIaaA<9u02@8`T?o<=djd8&zGLf zLq_t$d0v<#hB&@ZB{F%=r9TBhVWIw)*N$Op)bTHO8p_)v#|bX-LEf{{{KGV#}ZVg+fE$2yNoyUY@q zs-a^?{!-09UT!43jQ-7!=kzJQQ+k@{V$|?d1f&$tp@Ul$cN5*P?zkieF2Bx5G6nc( zasj|Yxp&P~Y&B62#XK=G!AYM35&N5(jj#L^Kj56vkRCk312wOY4Mt_gS02Xtt_50*4ai9HbnJZruz5ClJ*WKAD7cZIS&R1e=8`^-(FhdN1$D_9PjYFVVzO8NbdWOTj zCmqIgkY6VV45p#YS_SSFXkW+FdNfH$nu$ap2jbR_n5&^0JrlO0!?LBM#*C`9vS0iW zGR)faY?t@bGJD$5-R`ogE%~t|dA{YsQpxTj_4*_O?}J@uQ8#QGD%DxtbKH=2kI3(_ zH2o6?>EP9?)T#|C5$GH40&Gj!Ze_}tiSue*8Aj@o%0gkd?QB5285-|`b{uatQg zy0e;<-ccqRo7X~T(7+(5VG)vzrwL^7%M!6UI%Y=*kBsL?HD4w`k25Gqy5IzJ@?&7~ z@A61TN$7ed!B>)Je(?&re-ol=ACyda;jIs4ngUL(m;T6UXnJi|3xJL6cwTh=wA zo;pKPxfV{k23yoh7$rRo!Sffwhg}#|PGUC0MQ4(at@dg0pbH0N*3@RH>RJevmdqun zm5vf)s;TlFbxD4ZFZ7hvSlS)m`6xzj(bCp~v9ZndU$GtUffAwPsSuYD_#tOed#rWI z_Z`WGte`em+;Xm~Cpt0`$c|PU&%QPs;*$CnmiLjL2MXhn)*KQ}U~q!f54*w3$tK4i z|J>OC!dK`)U&m~OG_;+W0SV~9IXI&!@|7I<43SkPz?j{V zoxf9{0WR0x-&98#mnf_>1AKF8>M&_lImkHC8G(d47ZoBpM&TdwDt_X?1@6N-&9xz% zJQo8nC12N5K0m)A&)U$C(&WVjB=5w&Ma#&>*k|Um_T>8E8{K6MQ zA#ow`#f@Clq1nz_c{UibQuYrOb^LGMJra(=vh?p>eDaVh{bYz4Dl?od_%V*1=0&*+ z;K#-q)6L@f(W-c1eJ*H z>PS8efNRVvi^pm@Dm0YKPvG{(>={`fHxoG~ez_Q`3IX5>pov&xtFlln~i2(qn)d66- z(yVpr3Yh+9Vd3radp-Wz?Np5HrSxA5V>;A*iwk4O&L)|LEtAwZ$ZVVa_edg@y&IcR z-0#r8Om^7P9-YeMcBR5#w$1o?7}H~#B7REE3EjP2UZY;gHTM(LuPP_eIS&(CXRTW& z3s1Xc{fe*r9s(~4{R<|ZY+^pV>Jz&v;8%}JlmtC-S5G$2BR1=v=Z=Fy& zlWuQciYE<`QmqoR%G5Njs(l|>`4q-f3H-yRnY=m3KWD>~{L{_|HI#^rU~W(IlPUjxTHtzPyal?3XZdxI}soTL2^DiA>J; zogG67@<&AEQ%4Ijlr)FuG_LPP*^`B)4H6-a817W6Ywvwi`uD;;HX&*7=FZMV)L!NiArjZ;`6)RU|f$zb&_jBE87&k*j|u7;;fwXW!PX@dR|I zx{m{(U7zZg(Z@5}IZ@xib_AZ`4=oI&G+Ti?aR|HL7#SpaR#Yi-uMo^A;y7RR6*A(_ zSrjv;=WMIb^w>t-)($-yf?2x26D}J}yPKn4FTrS>ciKd1ds}x?`2gLQybob2Tc6UQ z;cy$H)j>2FtBKqLHm8&IhnEok37L-VwzHFW`4dASA?xbYlEN(t-Q|Cx(+;(zs5hsd z9dV_Xqy^@p8zTzLW><&c)rT5gF1;UFrKR|DM1x*k)VJ4!sP?&VGepi`j9}f%;m!jJomrD%w87lXHy?&|tHL^>dB>DX>$$Q?SA<%g8|Ew8r z$KFNJ0&%Xv^)kp)c&OdHVwaj zLu;2H{tZ!+SWJF=tpgzHj9IC~i-8Ho^>NNuNm|s@j=05OlQNy(Yd7F5^lLkR#y`Lp zx-ic_JA!{cjX{f%^0iVO(dSC1Q$`R(@Ic7FDe6mnQl67~h2stGXXsB)ITa6ai==Zwsw=PWLgpZ~x2IQZ$3#ZhC7f+?B zok}|Cf*us8(g}_X>zZ^yQWf&w_4G%}byJ>G^MQiR8Hxnii9Rl~BhB0y6Z5t2a3Z3G`U?b#x3`nmP-)^gNpuc^LQTvLFCE)_sh3lEz!s8> z9)OesQSC8oQe}A-kR9MtvXHQeT{ihwwlrJ=JpC9yN#lwT=Ej3=m@(Y02KTpO82VG~ zMa6h%rw%C5rzNc{B*R+;oDqY_+dk%)8s;0xaV`0j5iL>OvRuWUVr%SXD%ig_*`L^5 z8i`2fmfLai2=}_oPvZeVa2?49V{)=MwB<(q3aD1R@|`$inPgIJ>W$;PN}1HV{r05Q znWxlTkTU9cMU&%>ft|ZoN#Q*~<*8u=uybkaZag2@lpZPO8BoBqA8LR_^nY^CX29c` zi|MssU9uQ{(9O)COnqNY&{rYC1~$0lI6;0o;trsYdmobCoCp}#E3!vM65T&Widg)a zR!xbWt9ZX>%OT9HcsKBN&XN8tVGrI>&lAqfb#ud(72{0P1G}didau@qx<0_c0%v#n zK-$kc<2!EhiaH{EX}mz%A_GtyR^LbNGfR(VdPAGhd8i+?yO+NH25O}d@XNXF&Xsx# zdS22lO=OXDC(UB1<29G-Hpk6d{s{zG;ZJAVQ=c+Hv(;g zq6R)IfVQsh9@ggDyF6TUeto7)&%|0ID{;8e>?}@@i3-S7p8(LFc9w6gIwh{RDVd*v zW@D2x0^(++%OLZN(l~~Z`3rI8roETC8K}-JCV>H|6gPb4<=M@}kR89$A&KqVU;ab} z4x-Y!9%S3wKv(8#c|6@5yen9-`ICV8NP%^8R33L-hM&V+Mc{z(L$NK&px?cwlj663 zVe}QrH@TLv+iLYc=V5@oW!`d$a6l3;371vD*_+CZAP_NZY+6t+9e}H)S_MuTU(xfM zwVo~P4K(>t3$nJ`A9i0AF@W*@Q^L=`K-_w#+g)f46&w8b9W-c3)OxqI`g5FLTFaR~zrj{27IU0Csx zTZ<^{D^kU}p`xFNH70tJu3hu9@9#P9D0RoZ#NDXK&N(Ik1DY#DpROJ?4X1u*JNk7;fJ7}>Astkmn79rH9U2OmHOvCC;KeB~3t zQEB-nwI`Z8y10L^uqxR|SItYMZ%+QLUsAq7rgVEt)C({(cfP=4(ep+wPM{w@dc~&_ zvWdZ;B4-}f&{DU8#5}aW@*X7fXPcl1*iomcnV%F95Jo|ExuqyrrbWcZ^rDWHT9L$5 z4|ze!%1z5-ss~=6gpnU=U~Qkw;M{R0-;)S(0aX`wWpboUNX9b-wIwe9m-?h~g{ON8 zGt=`C*#U2hN1Oa{=ISuo-n>{824c8H>a<&n1tlB`CE}CD{@XkG>x|cPjW+(|tf4@a zhidNi9+DNQIb1;ybc4RLFpTeBh5~^0xP<*&Y<^m8!9N{A-MOjXG9P&fa1KiqOi8FS7;2&Hwn+7ypah)o z6`pNH9e>X^xLx31c(!(hr7i3<`#96j8I|r-`>yWK_zSDn)L*!aN}Yst72>~^V?!f%yPGRCNk%PGi3}|c_YsG zWinq)u+;?}Q! z4s%5`N6M%KzzUf0PY{uYYbx_j+`JrGwss~zhYww3lS%86yl!BO9DU+O&N5$NZB5D$ zAP>2QG14E|Jg)Ft-y3E;8fe8SLE1~Ns$dZzO57mP?grZUd-obJh78X@tGDh$2?UAr zH-AS|0yniwwdLfa)cZG5#bi~ZdNYz!V?u#NaS84QD~4v|6BZt^xwk=DEvLQ0>>=8* zjo>b16~vNfsMh&jMGx-NG8NU3U#@VIE|cTlh{szIeFarx=Q^!cT5D#YJ)&Bz40!$Y z%g>ku_y^)I{;@fGX{N)E$Z7|#jD9!a$Oh+J)~kY<`%?@6ivT|Yc_zpJ+%M9{2_m)g zMD^C&az2ETW%VVUhun-L_?JGvu$2rrb=K@JGkIJT>C*0`o#gg97WIGusIlZfB(|;s zi~5Z?9kF-)Sqd6JeiIq5@)7fie_BG5|qG`S5UQ)*)y_C%L2-n!?%eq03 zc4DCiU+(=2=NjS3HPa`Jk>G8E;QAPUeNXE6$%xvm#L)|^Vx^=<*+nj7`e4v$ggfz4w_(vncuy*aNgp-ZonEKUNc%}e&LX;U}CF@IQF#%~8 z1pr3XKM|tgD>Ja_D`@+{NY~To*K`219qO`nRUjV5tOJ;~h?wnf-J;a-7s4$eqL5C! z{cK%fTBN-G$+62+?&e2fj!9q1yF{n7ac(iI&ZUKS$=$(iz5ylZKzDoWSIWHK_*Cm> zsshw@25<3)8K0!qP0h_p1$8zXsOsOEuV}u|Y0rO z_3x!b77uP09##|s1zHyBM;F`>xiz;919F6(6E1goUcI&BUWb^%1B;yV0QCSlbq}kR zvBf7|x7-g{-cIaMB+%?=vdMdE&V<&zKF_Oim-_(P5-1W=j{^EC1jBDTqfyG4!v$0g zOQ7LchGtFO400z={!QRPu<(Jm!HEa3%vO%hbNfmk@7%Q{3#JKHyTC$(4EsHSYr~%%vFYkbqSI$#Z;~M<63; zl-yZL5~Yb(4leuT^FUdyDySDSIy(oC<4z<}{q}xv!&}RmK1;_rtB|sP8^FPTgp;sp z7R*Wecn@-yc&g&X#!UW#^Cr_Z$2@+GEN^A-7Lh-P?sqvlI|V)$*W~Zwqq_VB|9<>Z z%2Yx;ljrW`9Q-BdN>IN*+SZPp!d|E6B2%0s#XAXeiHCd5V*6v!3b^`8HZ3KKU|!HF zuHbTc_q=j`a|i@TSVkjzL+zsgzc7s?7qz)7`OdX#kH+OL0!bT4P49qA8HAIRp$d@$ z04B>K;I)cSkB^rH#fO{mfjz;G4$x3QNs-qt85Oxv-x^}tjDNHB(ngUWKsEQLOwsYl z(K?U!E){cphFA6|)A%%YsPhS~Ck`I4H7TN%2ni@vXrN&7+;nt$D!I6rbv@DRR*7Vg zS3ks?Y24t+1EGMEzO(8QU%{t4roWC42f*vxuLcZ@_*a=tW$nj4eJeHy+3jc)NUN54 zCbT%2mHfijYiPq(94?)*J<6`RRU}@l{Fs_S+`o2@vMQG+f=pXkJAf6#4--^%9s^pq3t1ch)64+u=&M0T>=YB429{HhbglgRC~+0Q!H>m2{~gJ212%?0g@( zsmc9tID7Y;OsX}oO4K{L&4)Jv$;Je~{nlme+B3X~by;7pA9&c$aJDgAy}WLnIMk+8 z;goPT6aq+oF;nC_ERcUhNOih7Gm%WKJ}lAn1Hqo_>%WS@;0gWl)R6gVT>1O&2#o-- zQf(Q{ALD_!XH*!Npx3kc25mlr)ppEnpt4PJ7URwbr`XpUpFO|+Q9veoG=6HCsiGkn;lGnV^N z4agRh?^oMPr=Ok*7>N$s1I*Wg?Uk|GIynyV-ffSAo~R3An%b*kQOfJ8b^@j=Xe8E` zMoJ7jUS-)AB$+ec+~SPoO1Aw_{b5+0Jk{``gKtf%lW#;atW_jhN899;F<(YqPsi(#L6&2rX7=v1Eh z>1(QBJ>muSXV+aOL+c}ahzx8ocUGNlGp;;L=IiyN!0 z0{FWDycyGDP4e$Qxw$cV%bFVig1!go1%I`*$wM%4(qJEn1|s9@ zoi!HI)?n0+=A|bPwp08@V%Lh$P!9!9rVc4!;mKRQdEvdrx3(hp=vc*uhx->g6bq_D zfTnu0>rYAi0Ofp8foD&yMMH(7fIB_q1#@AktGy4GtJZjb^>DOhOu*nhhMDpL`@{f+ zEZ3a5=9= zUFb1GS|h<`*Rws70C7kCp##`Ck&art^JS-7rqSAwiQx2$JV5XuUZ|GF1}fE~jbr9d zw(LFv)Io&I`GJrF_WEYn#n6|EZ1JZ|V`amGuJP;>9M-v( zO-_rToF08|+*qG8l@-vG88-SQSD^Xh;8#3MJgRp*0|Rqvihg=|qO%+8Jo-YO_iUy1 z|03@_!oM^d8K9@#6fC z#{_dEP0_*lsTz;h6!_h%91LlbB!`%T7nb*_c;NHbR=RdqBd6$J(=-0s0i<{w?J>R0 z!xfqer8!;OE3Q?H)-mGIl$q(w1uB5?=y4jvPG2N`bmTzf>zrVoe1iI{y_Z9XU%pHF zeKnbXtR$}1guakf@b1T@zJEv&FwtGrBOFJ?OQqexGoXubn$@v%Z*F9^)gbx`vlloH zCrMpg9=UEiWu`KDUlz2BEPz3j6y6u(!#?X@2Bj!8^a20BvH&!YfRSy^pS%4XeP@$< zOGVFdBLDLDU5!I_^Y|1Ak@yOhDn?l z@7+N*sD0PkL6tRnxo+5ag;lhL0Ht3a&^G`4`Ec;PSirl9A~|71!nW?&GvgBYwMFlD zDhovyljp#@huC;4+l1i(e5<&_fH{ zHNXk#4JP=IoKn zeEy2iADk5mFBBR8l)pv2y!0wuhPBsg;h(7nYlOv2ON6#DR=>|G`)aMm_K=%N%SqU8 zwltefQ!n$Fl$%v~ORx$*9WS(*iVNm(2@>h^_=;R8_$H*%$KV0eLrgYqOXb)?@Q>3` zWn=%5ZPu{T^=iTN%W#`tZ(dUw!z9aVYkBo*H{7zy8IW3o6TZCUv#&}}kr{%nrwbMI zRD$xoh?+HF*DuD^$@&}oX<=c7HaxUKmX^)Sw-JogFL0HkwhC&u@J5*%<{I|rmu=rT zgA|-5Y6{aT#nSGFhmzAXg{Sl|4=+8**i*5X@4y0SDy=$hM`3rQ<{Un7)5y zipoby=K!Ol?P1B}73B8(ul}FE#4}#rF{$m*^)7aOZVh~}!K#DqFnCbv@Bpt~WW4&w zMG#aUHXR{k9BV52)LT@+YVmEgR)2X}W5DFgLy22VlHek;mCnQG?Hw=Z&04c}#5HMo ziwK)|(Q#IgkV0wZf}rOyFJSQl!}GcB`*D-p0lSJ;ox?Aq8QYh|H75104xeuZN>{-y zUzLeAP#@Sye1m53s-W_LLeo=~`$pogC0s{Q^Mt?}4~{i6EOehY@RYTN0mhEhz)y{a z);vYAE*-%onDnl)C)w2X{_Y_HCcY1CFQUs*u7~fHm09gn>NQ3dIGhyV!fj=P`FfE`R{N2={A|UAF z%}LJQHvJ{Wy#+s&kt!XL#u>tKcq>wB4tgLWP-N!k=a)38sBmLdPUI;I`%&`}IQ!qn z2lAKz=w&VE*a~$|J$uzi)%GU&TZO-a`Ms8xYk_;0sO$RS9w1})yYPRLncvRs!L_0~ z4STg}!!c|H+n&U;_@Gd{}V1w zBN5T}ri9ZrG-Msb3z*-wbA?WQFEzYYpbnNUSi6Cd0qbUvEzsq_$A$+q#}N4&zV;c> z<@de$pL(AB^IY%KOsyk(61fvJ|M?5xvp608&ylj<`u~{V{NKRNKXI@M>(N40+=(}S z&j0hcqW`nCHSzoXzecIuBkXQRd%HX>AVBWYdjFn9_8-7Z0*kSDy!UFMgv{UP%;DP#_Z)Eov0Gmlvpc_Nn|voJ zCM*JZ>JpZnoo%Vuj)%6ES3u$otTeVPBRgFFh=}O;BLYdGVo7Nw-yTw!a3=}3O8(Fr z{>|Xa>gDL*CGW17=WaF%@D1oo0UnW;vj1y-yv@J4r1$@gFT;00Yxuu71pW;_K4j$Y zLdpN_Eq(v>iT}^nKG6OfeER>!FTZyl5zsV=!y(l#t!_*)ZsBcm>k1HvOBJN1T-(D{ zK)_Igd1%cHyfOz1eKxhXlrFvX;kw0Mw(p+x3Gp8ReL@h(=?2*w;0}tov=T)Ue=qiMx@mtui|U1dt=8p;(&s(aPl*{K#y)#jUfr=|dtl%1$31_NJkGnh+ z%!nGAv>njJk0NY|JMtN&ebecNO-{IB0sYJ-)volM54Jd)06$^y@YlyY8(@nYLA$vB zh0U2jv|4`la!Kv_KeW*jsOdQFEBZFp!D{5^H#4%XPm;yu=*kY4 z!OWa}vqF^%gT4p~OIYq!2pc*jM1P@Gzf)?&^n=)Qj1Uj%;5HvNik>=h(PvvGy}j2s zdOP4E>%P8%dG~yc*QyibMy77b6jE+-vG_gy`)QWEBSU3^7aU)%VLo^TcnUYKcAnYU zZk^w`D-!#JES&w7Za#reNf?tsx0^YOOn&E| z%_v60#Py?qHt?K?Y%TBXkHf8Tm|2@jl1Z?`m?Iu;Yz4hnRWn0th`J_mkFzxvp>yNq z;agjx)$bLFcEO2PIImxP@I=o>s8{zH{_rADXCOqp^=H08{n}x}#X)SZndI8+GAa|! zvK`V~0)-;P)9UzhA|;pBrL<@tPl6Y`yg4KF^>-zeyevvxcL^5k$<%b4s)n8kT;>h- zi1P8s=R{MMev2Z(lbpIcwO!U(BWK{v%ga6)hRl+kgAewP0p#~Bd^<6;;=6I^6{-3W z?AvH$nB$4bovH?TnSh6WpchASLyf$~+^Hg^-4m&iP?D{z2ERYB2FpOIkW$=rGQPg; zXXlQTlh?oc`m9u|`|7gwX7%dU{#8bHD!4CQW996~yF|6PyzAD{VuZ@fAwi!CCdmUz>d~nrSPWBR#8e)u zYy-M=Jt3ndKKm~leGAf#>bM@A?AC~9W4ONps1K)JP6OFO7wW*IyDMvLiZ)ZDh->>) zK<*lvDRXeyz&!oO)E%x%<+P5ycOgZk4m$AC`w{P9&Md-GX`MAGHM{v%A9?BPO15*A z&MvQ7m{z0jil3|wJijf-wCDL#mM~U%$J%O#BL}q4dwsrWqhkX(%wvSh1#i1dZ={8i zIFDaM(=EA&`}$wLn;VoR-=*CmdUlT3&;IOB9X0H(Xxw3jXS39?$;=3o2n6wX#W}a$ zDseJ=WZ0&#WmNCvd#bPv2s2?5k4lJi8`u3IJui=@o~7%pWz2H|mgNsbi;hoB z7xx?8WQt8<+jn&!rxe(a<_1ztr`hikgJpfmV^xbM(7fg|l}Bmju>_Roabdz^++V}I zqpffqr#KU-f_u*)wTg+_GxjmabHDnt%7{98XCXXZ1ueb5nKDn0c23i}rVb$f9*S9P z^}0xJ@6qL4ed z;=5s{el(1gKeoF792iF#$^DI~;Nc2Vg@jkYZYaU zY;-XLv`2&aj7_}RjAI4$_Dz$y>+8Fv>B2eByqB7p%;>fixNu_~Que(+wSK%~stCUf z__K=uO}+?wV|f+y>h`LPhyl4teNm*MIt7L7Ow6vIKVp0C!`*T3fdim^l^NH{E4Suw z-{2*}aXeSw$DnJ(M)nFDLpQm-N9R}*)@3e3wl71mvw;T_$O&JBpZNGP*Bh@6qg6N8 z=Nr&TCBo~P>%&rH47dQdF65eJq6s`BFk3YZSl32i%@J~m$NIh0$(8yT4DC@IXUCC= z`QxL%OM$=1C!)&&zT9!clw`5)qxjd78bc92atZwb>-I zB~$6U#EvVLc1cwz9mTB=8paI@Qu;~#SoG>rA=_O&oGtH~zS<-(xNi|#)p<9N^G3Oj z=Zq=@JnDLKtka0JJn|nKXi+Hk__mm-$8O+?UA|9L{G(5cJ#eo+bV#=-IrmHL+s2*K>c+G?T;h(=hvYv1n$p1{G9y zC40~|dg{Slg^7}7`iJ6|kyE*WGriOF1({o-D398NHyk;E*FV77BVn3wRiGHTGa^%Q zZ2k?4TbFP^n&qy9jnBqzq-p`}Oq0Jt?`I*{eP$QZG1S?Z7#IED0a3b|mBQ+LcM#>@}KLqCyZ^445ygw07gVp>5 z{*GF9JHEP|SU2(iV-7j7?3E>2Q5t4q2$4;>B$qOtVwm zqTN5+I{NUV@DFF(rO|w;M`#I21uJc?JRnh0or2z)w<(CckD_ax`q@99GDa^@1!qdR zD1eJmzNiP`Bg<&-q>`%-VPgV+DKv?vxP2%_cg&k)68`4yR0G(3yzn$C z<7uLupncj_;NDX6-dD;D;}<~i+>}hLKH51sQGzTUois=cIA|NC0M3vqkxR*r-_@D9 zbr0sc5<2fHxt{2xp(WTrHJwOgKC!GcBX!`+=AbX`v1*V*Z|MoOgH<-qI)5`!gJON8 zB+8yXF?hR~+E<>E<_?Yu0E9TK9J$(Z(YZ`1$Q?KW^i7Q2qqt-U&Fs*6#yxT#7kqb@ zCbSwEyfNH8dDp(_RNJuOeML`#?a&|FRz^wjBDIn=g{S#4%vI0;p}K&(fVsbON;{^f zNIlDNlMOOfJQ^?*iI$bi#W*HHl|$<91cY4WjACh##lFuJtpQeE?E7$yXgXoo_|eQ_yjm_Y9f_4Uyyn{66Bdi+y95pK4ionsWV-_iCJ zED$PEXj)dRpTiutTlux)3GDr5HYy|4*Vj*{T(3&^w57y5OMq}CLtT4W`2~AyKxl7% zOc1}o6mDoDy<4Bnav^dAjA!y=QAqETGhu0PiOxZxAr>-Gr&2DZVQQXv^cijCMXIM^ zzo*V!2rprddV z#(m{y$LtDMPLv9eIGOem++Kee;54z3l9PrhS)QL?p9VGp0_18{jf(oo>h!ouO&kX! zBVaxCwcZUe@OdWB2v?8+iQW(o;@fDkg#2|3iZ80|-q|a6@(>LR)7)n&ASRjO(}CLH zpW37Ej&P13OAA*Ex?lFF6$t6>(D9`5(aQv#d^2|E5~V2ga|Y2;KNbdh5qsIOnS=@$7_KJ`+z>&h#k$iAPYN-bAEgjS zCJpk~DKcXX!wUU1NP!}w|G5qbLC8VtPx3+?V)qvsr z+bt!zS30IS%83p_hzF_u2WHiOL9e}f-Ovwe9CeNhjdHB9KRJ4b=I4G1tPR&^&b&V9 z{cxftB~@I_5U48GRwz?v+pmwD!j#XiYt|@Cn=zjfC{p}Y&iH3Tz~a0JR!~W*&-3HK z(AhTwDBl|pBXQHimZ!>Na7CKTqwu~w8!y?{smeFPoPR;DnRG9LC@uN>JPy|`@Y{6y z`-Mw@jl||0J544>r|Kih?D8Y}HP<207*i=WSMkf_yjAA%+k=yC6C&n=Pqf9sk%9o8 z??!m@X=xoB#bvIcv6VB&xCk3Csl6n}^)#U}ujZognVDde3>^>fSBi(_@^;mCNRovv zEvi$R8tW(9k)o($_tLOJ?!yQ46OfTU@qFi_Vf{>2mZ??y&tCSbQJFLC1qy_iXRN*3 zKQnbsA%rv<{BfNbEF79cujDdk)fs53e)LGx*@mAb+oGq=APztuCf^z}n}5L22x_KO z&sF9V3DC9aQ-^9NokGlqgy}rRzDn_l&I@R;cy3~262QOQMYx0SzF}PRSPov0Y9@JG zhbHzoja*6Dn?^uIxXS;r0V0>%AUhEQdK#lHJ`_|qM0?(*S?;(cMwgf%1e+yq;^saq z5#kwdibv2CMctLi>?jtD!4Cj9<+ZNo6y3vb#n{U+^}=1bxQnG%U5E9l1M8WKw##Sj zu|F9n3}Yo5>Me&-Icr^n^wsPSmWHXyv{|8!Rrqk_G6tjr!k$I#^b}xaVNl!DAuKW z-7*_m-#|a&_wC3|;`Nw2E{sEoEHk9sdAsh#K!d?ylBs8d!7Ooe3-eg}LDre=YLCT~ zKD?m5>#$|k+w7r_ikuuJzj5*Npfnx2W0jC<6W=S8)%CAr#+X_@IaA3>$bRl(=s=9A zj2QTrmak8QT#f3g(9(qqrbu_%{+dyA$d-xwdQVP38k<2eaH?#cV`u#C$i2%(ZvV7p zaJ27{#@tE`?g67YU43II(z-`BpUgGj__b=HxDcm=V>#nAeUtNiO=!%=L%g645FUPZ zAH1&Tt00_`{%HkR{pBUzKhnB6>&Y?VfFI?SctNJTG$Ped;h;0^6LfHu-gXAPomzuj z)~Z#=U=0b|{D{s><@=V1+X* zc)WNH*lZnc!ACn7spC4Nv_v%S?CH&SqQxG5=Nxm_^i#x#hs}!4O0^0fpE=;GEizP= z`=1`JVFt#vgP0f7fAxm8nl`g>%{R071`sqaqR2y7*8B{C?#MrAZSH4^xy@Ro@h~)s zd}f)8}i+Dmq=G-98!lnJ} z)F>L2kPHbrVaOcf9<$jU*hr~1TJ@8RQ<<-n@i?F^J(Rhheuvi z6v!P+-r6rEVaL&%0YnylWvfk{!m(r&!&R!^lG1rXtb~%+!6~2vFAEE@|6zbV&%+9x zIq&OZjY%Hy(~=M!3462IlpBGk(K+pW@hd=BgeH2`f@cLX!UTIJ_U-VCbOUzi>xCKc zf)wj>pK~Y-Kn~02JA}Y)T-bmuDse zndteR@aFfK(M^!q4dD6{L45u6NdPK;w$W}3M0tMcN#V}1o$JJ=g~2;)#!r;+-F1C| z>yObp<6AWAGB2*{pm%Tu~8pE`6VD{e(&HPQzg z>r@ELfOP$Cn+Bliu2sL54fJ&!ovYE;q4st;g&mYi>+)KD2N#*3m-pszo;QH&vx%sX z391zF?W5h4Bg<$euLf{XCd`SJdg|0p45|_&?J?K<-2H*B@b1@mfrhtDroBD07covo6~GqEp>mT!C{g_b*+9NQnFh?U8q%-1k2C zW(0`*qMo*)?VJuxN=QOyfQ=aIv(roTKiVNn*~n8`=}N zr#Fy(LUpdjIo}88+^J%I88}q;?dm6$*Cz=yp3>z6g}jpT!`f5&Id!;dMr-#R0z+B4 zt@p>|vlN^yoN3ii5IPdpX$)mYC`L6N@Z+uaB7!q|*o4-m32%C-nI9Dx1NW)w)ci-T z>2j`ng0T4mCyC>w>~-{b7GUV_-S8{S5bnJB6XDB+m;!Qk$d63+M7>eC(VNd$4YhIX z(d3oFf2bI(R?!hnpC(P+EWyXJ#yEqjb?vQee>VT%oKC$gV^q*lP>#6QN}eD0$Ud{y z`DIhOq;I8t+X(8<`gt`~X4h|(KL~!KEB;iWTp5z@+Lsc(nJ&J%=eIOC^n&l!O==-Z ziFBL}YaiI7%aA|gaG!V{YI0k#Z+Fr`TY0GAGj?VfscQ67R_xi=OY($@x|eI$jTVNi z4LmziZBkto)~iQbdek7T68}<2CpciG=UacMIJMWKIE843Gan&DrFZ3bEOkv7AD_b; z^llcdGb^Ebw7~7)7t7r$PWoe0{=C&{acDuYJTOiuWRu(JgmUzE?F>i6iquvK0!Goe zlMR9A;{MYgmOCq92(;yywf~ms9&t%iM2aCKU=koKP6Zf-HjI6cX8EjoF#MiIaD7#s8Y@USj@dIDXa7{o?lZIqU^w_26Z;4+tw z29-UHm@%2Gy2yP)QQ_XdI+{QDqa18z{!`{FCP#*PO`^w1-z?DH6PNKThbOCQGQ7aH zvu!7o@%eotf~-YaHP&8(&^Wko8$wTZ@mh}ZM(*w1aKJ$yE}H0_1jxO22lM>AN6)s+ zL#k6e<>j^xefkcv*5kw)o{UTtP2ET9DKd(Yophx>QX0c?B=w$$2dhSWZ0!tZkA{N>0rWM4xHiXuk708@hfc59Kakbe=u2bL%aw z1z8R$s-GWc7M3a2spK5GFaJLD`0x#!k18FoUbw6IU0`LKUrp`n%a$Yl_U!-xHipKm zR>!lo2t)a{uV=62bW#N`lpLbt!=4-s{spzZOMa5(|8~>JdcJUJo8_4I7?fS3vPeFo zUP2wW>K6p;$oVgm*(%uC>wxEX{LO|a3YT@w3~%3%&vWkwJYtu;jaqwEI!~M~gxm}e zhgCn<>A|+=P$GrWzTH2?t5{hcX)KEO$+%grZ4Eguen9}DZ|>1Z0|U{evuvgK6S1Sg zU8c#JdAH_+A>ojWWd}jZKT3T11#0<;=|Q;)d3 zL;%CzuI(LlZ!N_`C73oo{>D-+uXg=fEm|!Dl40zx#No##M-V0+ zjP_X<9#mG0C^rUdB!w4*Jq z1OSD+kycnNLngG<|1ex-baYbb+x%(*q zjgCnB%Z%ZN2=8s9(JtdB3qRk!t#*5=kD8VjNtJWG>Z^T4e&w81qBDNbZc^$+G?6+@ ze#B}1Det^lq8?&r2}Iei8K@uoEY?DJ%SqMJ8((mlX%CE+xG`c26)jd@zvk2h4;J?i z<=)>b8oonE7Tz;A{iK}moawFKs!qMU7GR7gO6|m3sb1EftONXaK$73m)w~xx7j>D{BU;n%c2YhEn*?e={@0D0?+MEu)ue2`;ojpsC-3Mq|{m($8 zpx3f;TF^(o(lY%M-0((2f#i9mKi~CV)_us9yj3r8F9MeIi{84a3J)N!ZmHEe z3}mR3kVIT|4v?kQ@z8nlak-Cvy6Ba%MB@gpQFWjd-q064=Z#oRM*_ z!@Qa*?iZljusj`oELVW3zvwq!IdRzImX9$q7jc)U^*miOCw*GH=)eqOvyJip`gy`0 zqfeLk0u~BHKX5_6TSP{EmB_ubHq!m@b=~Q-swY!bc4@xJ*g@okhk`DJub1BivR)2b zX{9`wH%$Jd;?y9GOSq>n>?ZK>-kPwWQ>r@J8D1Y}U~}r#DPE2hFk+L}p?&})4gq9! z(VDt*9DuBzsk%p)jty|owZmWRYT@_kpwVG%@&y30x=bJ}EGXDW?#~B1ICswD#Rwb6 z#QhP3ukkfS+=Hsx2gf}bkBX*$_##JcH}*>jIk#nQaL!g!{Fzq7wKb)liCBBL2}ScH zyYB#ojSEYu)4bfJmAq%xk&3lTGTvD$+j=L?O-nP^aR@)&lYZL^pa?CUzCi5vOEtJVhQ&J|@h43WM~;Z!5&Hp`#%XCRfZGITntA z-!SZR2dE*MPKUpOS*#`v{lgTeS&}cTVMXNst6KZpO=0!#a_!?5k?O%P zH0C6&Vfl5;lx&@h>5=cT!H_NmMUBE{D$wAD zshI|E8gQtj!eXg|Rv@@Z?_o%*@R;GW>?xPe(T+sSoyPk-fV8koAO^h zK@do#MN$qC>39Od#d{YZ^EWg_Q$i^QCst_Qmlg8>q3? zn(jPmhG+^m(uH7!84#C5i~Yuu8-*{1UAq{xFl=r1jOg%DASBkInmg#Qrg@diY4@wA z=6>+hpwD3(WUzbyRX&RF4UE63&R_tEXGUzn~A0qyi9Z=GhzLEVm)NW7tSYN8ci+}zhoh&)G1hx}4|;wk`4l8j!o z{W9_X@M(JId>Z}tOOTgz$|#qQitG-_q&0TCKtD4wG|hj4MKgtOTF?5-wZGwQoyD@q zU_<@;{Tk|&)qya9LX!UVd?%pd5~_(>A?lK)t{S3`rc#Pzx(8(w8mjH8gFAG(_^-Ee ziWC|9&K5SNpqd!<@e67%t=h|Xr?OYmWX3jzZIHztJ{t*iF&8~z!pZMx1@CL@PjbH zr`=A?ZG8bs@?L(VnHcPBRwgf}^IofahV-Sh>dQiIQ!}Zy7a;Y#gwdp=+UIgCe9~GJ zq_^gBMsbmp6w{L4Aj_;lJ$0o|;FxUrDvs%Zmo>WHKyeKLSAB9EOGPc`acA9tVmnmSASLhCSAh+4^{bs~qecEab9?K7nL|enIhMm@mxy}Lb$<|z>uw_( zpmz4masDma4=ZHMQTMuM2(6H2$_X0G>QIrc^3hVt6b_9B0#M`dH-AQofZOlcajQ3l zMRq67;;tF+#XuEBp1HA9%&+Q)BEe5h{4vjGiTE7n)fk4v?LI=uzfh#wV8!GYpcwC@ z0~Elbws=Irer*)|Rn}dRA{<6t5Qc71G$9RqXMrAe97u4yj3)jd$#>UY=P`#xrv)j1 zSe6Qep7lhPny>SM)aa|V6Y%z?{-ru9R*WvA^u`W-Y?11WFfP!zifCk4^ydud>#XDT zS$WNWtS-D`2a!{ah%WO=HHL~)R1BmyjgP^^l*YCY6_Fcc(}MoWPG|94J2}%!funi= z4x}km1X&={_{Vl9!eNYex0I=78*;;(X1qEypePcr%?mS0M{i#!1Bs$x$etoGy!DUd z+H;2#>-l_oz3A=(qs}~ez!Ra;X8G~xHy{SL+vKLGF>f7Xcxu(EapWMhlq$Vjs@8Lz z6ehaD@L9ja*W3BpyuxqvENG6F_o#y_QNbW!g6>JQFwBBJn#U5J9h(!2@(>e$wYimd z6^+bEuEXFXRlNE}+1Ir;H@HFM3sD$^&8)#urX%< zRN;}6Sc!f^-!S>famwk(*%@-(Aq6YdDAXfovzPCpWaxpik?REV@$X-zB^1nK)VpRq zY`%-!u%{oiN7O$o4^uQlal?xt9|j}k134umtoNJ+ts?>UbZUC^uaRBb(ExkeHi$9o zO&$lZd#!QMqqr+mc;%3GP@Etyr^n>0orc9-g2z&GL{!N3X6xOQv9)R?dZll(4fw2c zuvh;v6yp<~5Z@gxKA|Xz?>53ifa$an<3SZi1(VWmgYW)>Dz52qV(8dk1sn3zS?E!! zfc13XwoH?S!`MvP4R9LI=)WV>ySYLc_buLbAVWgrSu6mYzQ8p3e|AT_WD}b96(63CZzt zQ>x>(=PS{7$%Ttc71d5P^MSPPJElYAu^!#DrAnvJqqrb}#`_tFd5nOmG6%<1?BjTZ zkjtpuwPDqUMCc4|(|SZ9)Yah8ll&3Um{TQg@Z}2^CW8r^Tr@Zi7@x7-sd}ByHAcIG zodree$fn({#}g7Y(YESY@w^MT;#f8I`dAdKS~1N6Mt=}k*NryvwuY(50o!A3zXahm zW>WIg*fIJqe`rEphp0Tvhd{Mf8UUcqChtclR?i&t0jV+{Gi$`N)Mo7Mf+#J#0lwN-5iW4`&-jwsRJIMlK% z^0fW{_RL&R4V=pPaU?yIH6yUFf?YV`-VhP*#(JKw&EC<@ zC_7@sHQ8ZUS3O)LjrugC^yw9(6fbStYbor?{`_ZYPm+MPiSyNQy5u6lsQAIa!#WGR z$SBPn7UWCQUh=L|O&LjP_C2Hb%2cLpdEv9B)Nw{qzvln)aWJ$tBANflMlZ9ryc`hO zb=34tEYzlwc6N}acvUfFnF|p8asl+Ebia0Ard{WN^5g?zre~Jg;KzgV-6V>&36;yM|NA z^oD-|GLCQ4m!mz~E!|Xc@JpY~=ID=A&?s}*ch$7+>(+Q0Q}j+*FLrh?DCaM=@x}N{ z%~sdOBKcZ!TF-NP4`4xU*+Ru1DHI7i>5LRK#;)g4+@%xR8bhuv6+Bsl4DNzgteYGg zTG+M4LiGnT1zTkn#$B(n7!GZ@$bFukI`s7v%GBD7RniY;+=Fa?+p)z^#&$=aQsyOLmlz%S}%vhhedx7%_He!G0o>l37C2g zSTHw&V>DDVK4=-+L3vG#S|_Le6vvX^BdOl0dsm+2`ZjMPxXQuRT%5v>6Nsa+f7*9j z?>E}A`Bl^UO6l$D4OsVol~&QRMa$)BCGSeveo9UYd$f5Ffc50Yrk|Yd-z_&Q%H_Dg z?^~_rQ0l66mKH8L#Cxdt?GPIY?|h=dn$Flv)@cxT?pKSKdVi;;Rz)rbsq1Wl$-Zx6Z>GeuaDd1^(8RaO=;pj6&`M4Xyx0cii|c{ z&*hdTm$wn8q)y})%c0rJKuwPB^a>yBsh>lo3%=l8*Xv?m79%97OX5AYwxpvW`lXs& z8u@FXb+K9X4>RoM1uS)2OI?ZEfR>>Afw~=3s&Jl0zEVEae71^BRId~|nDR=N0q6?+ zyBA>fnczn$gk+b&I63uJY8*Cf}?ZQu7Cavg#Qx5X|xWE2Olt95HQnI7F5_*( zEJioIU_N1-0izysuGZbDM{9i2m;B-W&HnZ++JXx1iZui#n#9?F&+ScFK*>RYOzDM9 zNE=OS2${Bmypd|EUOOK+XEd6blu z?|A@AQC_TnH~#^HL}v}vcBA}`e_eI+@xDBjB2_Ob^^87dNhA6V$l%sLW+YA6&dio)x^6M+Mb$y<|q~#T#j|eJQcm6g!#Qn`;?uiZq!*!|@}{ zF7oNbaSH=rt_KF2y^n{x$27&Wjue*PEx<-k6h6Xi1Lca_9Q zMz4QRoIX0taiw7QW{vya=2nh=pZiFm{L9L0zx;e`vJ0hj6Pc)-C* zuR||ajL6U8HM5`XRLjJxs(TSrun_rMaUF0lYen%bdMva|ZW2Y+Nlv!rG<{p9DX(Alv4VJ$c-6JQ!IGE)j*v zXX(pCUUkOH(K+LNZ`Am}q{q^OZ-sp`DT#v?3(YivZM*gbM3`m}bV+NU*;Vcgl7LgI z?R7b$M@Kv`8FT!3_Mh-WE;`oM18v9J&#;MnzGhaR`QKX(raRwNpy2zIDPGVQp6*YZ zH3o4n8*=Z=e;t`rF5$P+m$gdC->`hTJ=F=<@YL^JI<}~*>T%o1mH0pDv3VV z;XV!FVam<|bD`VqB3!sfJ};KAzXv5+%_|=pd9AM=%0F0^vTs24!&=VAn15noB-*#Q zQ^a|s6tgAbi-dTzg`FVg4PKq_P8eB}-H+;i?KZ35t71&)8qx-+6hiNC8MyH;^Y5Hj z+_@JM9;S`rQp$sr?*#o(t7}MDOqz@Tt_U};tc0-Z)o4~dKyIcH(`#L7gh|feCQU0t z-H{(x&5foJj}DLQhr8h}4Nm#}z$9P*sD5{w$vJDwr|CI`?{NA+wj@de*T+l?Gk&d^ zspTd{{F|diZZQ@N_{;*s3c(%!Dw7eA|Y#yd<@A;Tx z9AR9Lsg}5k(fisk5Ml=UX>iu-s>Yp{(8 z$J~j~f3kutDuWmyumIrcN*_o$b}vY~wL;XZ^qj~HswPI*Hq#upn4^eR;aA_GG^ zNr)c;6v=;aiWqh@neo6nFHYy_7i8~BIN$eYrKDnvHuIBDYd9PG$vQ!df})~(rnGt* zg-CiHVDbgB*KZ8-c_)4P*s+!Y?Za~PCZPkv4oh*!NCoe_<=tkxl_i}RWEz<`h=shQ zJL(y89FwP>r0yw*y6!dU@w&3M`rh7)VUnQrI%pUWjyKLz$UvNI>#`beFedAU!ZR26 z0da1q{#^d5EX?(IhQYAa@ zbz`;L@RsNoGY^$7W%jR_kQejaEM0f7N|z2m%=e>HecfpEs1eA5;!y5zL+Wmo?? zW|*Equ=qZ(qb7H5iX_zR#y~=UW{-=IT6N)Q^qtg@;7yl&l3|xp^?Pt;zr^vu@k^Y> zaL(=m(>+49Q)|rZ00XkHt}9&%Hd-z%~TX@WyZv6!Z-yx3>Y%u-%jXnG|Do&F#mbOEu#9uu_S8h8S3jU2)njq{+52=5X? zCpq_9K(W|tySTsDX<-o&9X$Fr*G^Nut=a)dHU8_6rYJ5oWk6(B@o34il=X;9K%6t; zAAm!&A%7!u_t*tCU{49M8SXg=?!XtjKlI|}gZ_E!+5g~i))tw_?{VEHZVk(zoW`VR z?vd7LyGN!UmmTQj{!3OHPjkAk`WY9ODy^SdT(cjWN@ z;}oj@^B(-aF)ro~A7A=ZArR1vlg@;2@+t=d; zKfNn*;BCNmOcNqo>2<0hywPx!>7q+bl7CUya>N0)hry z$?xiEvtJ2T95nGg;D6>B^K&LR?Rb51Ox{Ybz7QMiY*Gta+gneY9~2Z$iAaJ^<=et` zDS7gp+nz8r0gUGiQaJ8`h>-*}k9LDD7Ioa)kW%Bzob#&AH+6RF17|y_lL@xw2fy<| z6LGJlH`aj0jmsp* zt#`_}XERnvM0)Kjyd*k|CAvRm0$Qp@O%G%>`Gz$whvMY9=?wA zRi}6@qW$K}!`JWs@rvFtepN!3$N8ea3$WhT zTI?!YF7G)wR(|we@(JJ2x#!0hTpOs&*Vb(NZMeHfC*%=<6v>=gg`@RgqQxTX1AdE{ zW{t>Woaf#~#@DtZ$;|w~$l1n84L5$*{O7YO4`dcoQ6w$Gg3*|9!7_z0Y&6^?rOlJm(kI z+Ovn*d!NTX;&;T4-$%yJ(Yv#wLK%^&sMk&fogm0x@@x zyie>fg3D&A$$WmW(=Ea-&5N9b*JD#FH@Z;)ym38Pb=(y5D^I-zCL!i(catiVQ4&Q= zRd>Y!x7D7^bE3puYj%TZ)C zR+%M{CwG_Ytv;F~kBeK}a}qQhP8TCUg!JwZI((2A&CPOdO7JN&8RC!CU_`jl@jiGJ zls(yEpahJBf3-Idlo-UP4?#YCPDZlEovt~2@F}jGV93ka5F^+sjwJY&{@wmD33p>O zmPNNO70{2YrdSG>nQv4YWK=Pno)=r%+)D1{IAsJ<4{e4Q$s9)dHFuAmOd|T^Ed%0gM^@SDQO?Y@J!&kwfqQtS`&g!&t z_E8i2DAtm0d$YyUx|<%i%tlRQoul9H@+zEhQ2E05gE1Q2)ysCl?!Ee&iGFE!FEQbR zw$o5J4n~-DKHK#hEstjj!Fd{?8axEDn?EL>3%-nG@7Vso%ZI@45+-uMW_;7wmp++j<|??1H*{#WPDfQq6^M_zLp13GRVx~p-584+vV5PB*iQ`es~;$&xcMNOZ|r{`@vnr;ygFcvT30Hwak(tQvaT{uzvdM z@kEE2r^G>}5L%=AwXSxd0~M`u%1 zAAD7Dc)>?cC2KFuxM3clMh`Yz>T$uR@aM2|-7~8$@mtKan@^eUKDKNRT;=v6Ba~Ru z)kl}@p1eyy_N2PSi-u7jI+BAtJg=+Om|9*^ZyvWPBrI8zhBdu--CzQf-u$d2l<-!p z<_XP$kh;c8Eu>laH89)8RQ@1`$yzZ*i_g>|ePAe7PK^D!gEJzJvqaBImL{9FeGe-f zFH{bX8vYCrhwIy77(eDERW8RNG2W@Jv&AN!l;t7?2&jRn|BO0>%IUkr@^^03{jh;R zq-x^1vySQdY08yH#tkjbxbdP0_b_L+ULdPv=HmB6S?#WP$dKS>3>&+Mb+Jtu?nqWVX z_Z-_`#(3#Yg)LF)HUv|&PGD}Yh0@$cAn8t`$OXBquT!N@p>Wf z%C>8Y$iRUk=QqW$Fn@yNAIUz7C2B`q+jDc zrJXb%*vSNb(}-nD;dtvkWCT}?BSg*g(vwa!$cr7zbKWxWTzS!+{L0ZXyA*1%HH|Id z;s)td&u?)@%d(G!g~2)@kl1ujK}KrL(mlsN5=3&UXZ5r9x4CGfWWOh2(xAGfiVASp z$A?G)qL30ez%GXpYzu^@{p}qoS&*4Jl&KX+if1^zG~;ZkJoTxOGJ&FgkWET$c+^1r zyN>h+{ZNOFL~P(j#MbQDnyx>4PUSw#&~D;{?dos?+-TBYRc{=5NE<$Wl?dir073=( zvkwfslK3j^o)}iDm(lie-n{P!UO)PM2Xo zGDQs2gP~m-3uV5=n`r?RKF~bsi1(07yk{U&za!5cVk@4c30={?yv2EmunyVqIabEa zCIeYuc(Y2w-7ZCL!dz9MiDM*me?Q6dMqQFE^ioHv>QgnSobW`Qfah9%ehtkV*i&-w zPRmacPouQnS%N$1gf6%P#+Yla3SnKvy+&7Pp=W+%tz z3~$?BXWSIBqV!^O2L`{!6XoPAUg1(S`1(ceqNjkbG~j-YgB}5MlKFqSo!b#TvNs{< zUASE(#re4Y(LgWp-gCX{BD44OcRW2kJ;R5iY#*-s#(iFMBLggMd=Gr39zvHF8@~LF zvr|j;_K4vek?T43j}7OhX4~~n<*%mvP>w={`Z=lcY{k3rw!$aun$nP}E#{*QUMr&)Q3 zj~|mUKuKuURX;*9F;EnmZF?vh5NA#UQA@n^Jm2wn#KtD*#tEn3UcDGP%6E|-^sd#-=rNnH&D(9?%PvDU|euSJ*{DF>D3t35i6#H=R>RsOY#m>jWTw-->!HG z1VDa;q>EgrKeKaXg5G!jh^M>k7ei=$JXrNN6F8igmlv#Wxw-0Df3F&-@}5YhQ5yCPhd=%1;gq*o_Ngg6z4;|0qX1rKeg3`8Q*bru%hj+lqdx93N6i5 z;c4Mc3sl*hJ@POA7AWU7y9}u#9l)`*RBpR7CCu-3S#~KRD$?4kt902W0xC~`YW%T{ zE8BRG-BESIwyu7bfbDwo%e3k) z_eWFTiso}a90fy*M?bX{Z5Q&MMD5WGhAH4fCwFie>tmsgi`_b~b1Hl$_yRjEox#wj zypsynDGV3r7Aot_?5F+Q1W2dKYA;4%ri8Hzxc^33kgHq8rp(1Lw0-xqKJPMy*2Nol5UF@Qmk=t6Z_Px7aIw~&S z>VQ{rgRU4h81t(2MrAc~u5nkk-_%rE4L?2NZs-1PR3%sqH18TJYm34PdEN%qalYOA z%GQS-`5uXDf`}ZN+P2e5(T|OOI-I=@uO*GwmW9N6uQGwAs*Myw;B}slDm`*P;L~tp zd0MHvho@(D+e>{@du<&40B1h>kms4y$`;HoYEb{~Om z#1<|4qIu-W-0S|b+;t&5k{=j5wZ&YPpUj(IsWUlkudz1Z4>I9So0W`BaCVrPQTHy^ zSj`zME|x8?QN&nsmtwVB?C#zuu7XNO9y?!+k|@C^uW;ZL<8L`QE^T{*JMc@E03c;j zL*XmXu!QaNU$p>d@+2<&yiIyk4Sx-x4q6)P9NWy#Ha)3@SiQnsC-08>eL6sC8l`kj z_4pvE{5KBFa`3*V?5O?CgDxQS{s%P16Hu_s>}_@PaB_aFwF2p8PFC! zF4>lX{Hv5CJeyvDS5*QB16vYa@ws;IKI)uuIo9bJkR4jKw94n~(f(^07HwDhOlgxW zY*uwF$_=tsxxnk(b|`aPQ>^p4ME%iX<67~HAmuBKds@m1@n=_wh*Y; zdf@H^Id3S*Jx(+f8_u517(pfC@E{xGidBq_(7XaLc3-<|6FOfl}h@gl<)hLvjZ(=vs+u( zl*aXupy${OU3R(*1cG}u1ZzfX4DpKWF%FGd8XOv$%#-7tqZ++F&n|gc z2P(@$Jn$%^Oh$wo-bWqINzylAxc=HzGE68bO?;8%%~>178<9I@fAmAp{-*k(#}qc? zuw9%DfmB)LDNp@rg??~1l{|w(pV`QIN_r&>wz3q6{?~W+l{NJTXvu1-IYjOc946SC zf?THMJV;1z zlU6Oq(--K${-O$@>@7{+O%II>uL_>Aa1p>L7e%TT=Bl!Y(+@Adjr!Z0oxko?5;Ay2 z@8TmA!1d&TE2_Y6S>CRbisbC7UpASZrUypQ6>#%oZEezxBQwGay}nc9gjBidBG?ed z^hkrmIt!l_CMEp^dUolckEVaF>>ZHN#Aq- zmNSD3TB%XDRZ{F>wxoSP+{O0oQ*E10;*=nd3SEVh*Bx0#RPG{bDCq{W$Cu%$&5%j= zU2qqdM{5@wrC+ZS<%o-(mSMPhc_GRbPvw67eXw+I!~jSp_KkL&h}%b%CPEeEcXMQ5 zEHg3?sLMd>6s%;y?_P|Ppa3D^;0l(8SJA_%RCIW{RP!%Kj{lB}T~ZIodu_PC`^YGB z?sPm*=cFGL5?pMukRLIT8DNGznb^b<*HN6E9bft(E6M|Qsx2A%o?DYoEzz21j8B|cPyz#*3r}aw`jlEe1KKPnzX5%9CsC~E zwDBv39z=4sr75J-18B06io>7p{6oY_jbxKWTot!PjgiGPlyF5)zTK%@CFGrkS#iJC zWSaY;pQgBghn%bKLvElY32NZSmo&hwJ1Lm}CE%%7wEVe${JQ|%v)gyN-VIS~-3<$etTfA(pGjS#umdePgp$_!{k@p$XgA`s; zu1us-7nyu-Xt=ETmhu=Eq82k~44{I+} zO3yCijl&h^W#LM?WD_6#p%^%CYN}u2dCe#YuhYV$!Tm`>#+#bKM+Hd#Vi*B#r-IMt zPs=Aw`!R^qx~(?)Xy`HV&~abFXFZ%$xOKkzr1^sB$nSxNa-uPgF%MJE7Yj_w4;IXV zRxHOkcvC~MF`hNi$3hc-{Rm;{Rg|_t zcxSo1iv(=y?Yq;m`!Lv?ZGD;M3+ zewt#3J+1XHXR!(a=y3H1$|~D2HVo!Ep`j^%f5FVPa|F*jcp?{Gi_6Ep)3K6QBw>}W6n|`1A6F=_XcR>@#a?~3>?p8) zR>ekC?_BT>f~P_RDz9B%ld&nG2mVRYAO;xRFBkIJv7vtgRqrKp=o;N_Lk&7q8@R;M zTrUr1RAr>koN0oMZ0&0Yvmvq9*GFUX9q7S%a{Ssx{wk5iRw?Pu-+73;p>8uZTSK$< zu;afF{%2i~o`94y<<%RD63hn=l>e%!!VkgVf=a7oonj6MPOy8QG^g(_7Anr+M<6cS z!|g(4iM(HcruM4Tg1qiB&W)qBj>qhNH#@|K{YrRlsdUr$O-zO(uF{h|&6IvZpE^AA zFHrDfgG6iy#QEGf{F^rH4{!iBIxl~HaPD`^FEy$vClh&Wat(j8SiL_U2h`3?paeVK z+D_c+LE?>mYl87MazdaX%_8BMikBVIbj&iof(nbS)whpZ@XbpXyzxA}4Ym$_>Lv9y zNR&Moqx?aw}6i`oRqA&h9F?Z};(;N$HB?JK&YL5CenQ zL~GkJT@N`)k%N+u$A_>?)mmn@>M*8~1{(0x+(xlFVX5gsHVFJ-e5>Bdgm^pK@Lp>T z6nD5nAH@V>vU1i%O{>iHuUH8tlR+^2p2`lmsl2NbZ5_eGQdN+b-Tb9RK2_qM8qc28 z`Z6a5dW=gY%1U;L;qXpc8fx<;cOc($TW>?h9&HW;LnZlQ?YSxz8LOn{lbIqS2 zD}hd-p2lBA-^O`2S95W}TP;q~B;)M75>DxDvU}1l#O;K*L+MXX9ivyXXp9Bjxbxcz z$A3L<^;0y|7YB2nVH@3{+%RoJB7R-}m8=j*IJF26tgfm+q-KRX{%pev;}l6j;Y!TO zzGe8&)MW9w373)M?^T0*GN^rMo@9>R zUMVParW7=GW;-oSzk7T=%lZ!Q%v$VZ_xI6TZr1V3)z)ndPtzC#}vK9Kdh&RTCg-HIP#J8l%Q2%SxcG zX3G)5ZSTl^Z98&PBU*jDD+%d4pY~&av0bG%CtH;w{AsL92XG|^89{$s#LeNa)x#Hb$_i)CLGX5P1EmLW8N#0iY5L51M^D-(cDJwpkiPZKO$>`JLG*t^g z{VdTaSqP-gn-i4pGy@^7~0_>+}FXL%4oU4a@py-7_1L!xMTxR~!^B{Mu)9 zX=@;KMCr7GC)Ni*+FM7AZQ0JzbQZ>AGvCG3tmj6jDHXWC(pH9 zuxXW~C`D}!cS&kAulKFr@FQ%DtOiJnZQmUC-(&3z_fg(af4YG(6l0K z)UrM+Rz@q#Ze$=8#jlC6r@O3HR}kTOJD#h3Wz=6yY+hvBep#8#M{BwIJzrS_adeZ@ z9q-LL119bgC?$%M--vUrdD}OQ_f%_brp60OVdZ7YwUa+)?>MQEKD`UcDCm2PzI2$1` zKGEG4t{ldH0&|h>``XCduiT4YJuib>A^isHC+tE~yslW_EysRDUkoB3DJ|2tM6kjJ zJI`(OqG>Q@OpaiE6JbHonV9iZWi2H4)oK8IkM{atYvL=}DS=6$;{)HnZe9dmG#twx z4j@kOv)w8}HeSpwtaQmpRMxVBWr;(e1fmA+3J`2b-k80&kkn$Uv9v+28r2lZJUYE# zx=ailTM{1=y=xj^ObF`$N%vsbK-`^HO_lDVo)#S}R6Vf?Uu7!jPki>zD#&B@$HTM| z1Vlxn*9LG+VxPdGAA_qrd2^NOc8GAloRApV@4fltJXlBAHo<0NG7VAh8Yy~YUR&q3 zv9s*9*W>Q_oXLDTM|yT0WxC#Jkg^5JnerZ7%5UMEXKqzdp#>Y72~3#>XgvgfP&O~= z*36&EF)!v7VJnsltE{9H_CtFoL?L_%`K5{`#yuCmyjR>5+x3aA@0k1o)u&1;|Gkzq z*R+|cD;A>3MdgebnVt3MRjpAinGUR|;WiO&Av^VTiD2>_=sjNWe!6(4Cm!g?e98EM}_EHsV^#CaW zr7nm~X5*R@L~X>XxDv>3K(m*Zd5ub|5G?mE#s6?601>NmY;fM|rZ3QozQ+&~_+pI> zMe{dpz1aarNq&h}v=T%q^fVKybncrYNx!4Pq=H|Hg|wsFVic5bgX-#+L%JNLMo z5dB>(ZY`*=2w8k(7tp}q8w$B%FtqcYsf+Awz%>Bca+A}# zIDov=uS$vszT~0Bg2vs?!7D+ta!+F zbj=ZG7n*IBHx(@aE$#c8uIw>^0Ld(27O|s!)bWu0h4>>l&!1$@hjFWNM~6ac7Ml1V z-y@QRw>d(s9B(h8N%Ap$$+?e+8T9W;F!{IR9`YI<>-*@ej`t-HVc)YOV{u1UeNj-K8QN6c2N-bq?|Lf> z!2=tW%StgcyD4WnJ|kX*_KrJg{4vWQ&AO<8@ANng`hPD(Cs8&(Tb~ha;8bpeGb{tx_5Jd*zSh)?Ix~nVyfUh^9sRGNsyQ(Ut|es@ARdFPY9$ zb~l>{NbE#^Tbum^&#Prg$<5tLt#lEaAfh+?0Eq;hli0f>iC1PUTd~3raY%BpZ07v! z!Kj|BX2D{S*5&5#?bNW1uQ)`ZN9Uh6DR4WJjV6tie|zt99}N1@CM|zR9yeh{P=szz z8xni3Ri(wfL4^3AI~5qC$E&EFczm)S=G1fk1c{l#`EGqKe|FGU?Aw&j2YXDx#9QWo z*$+H!d}%<5%kse8?RAnZ#LpcaHDg=ip7JNEyz>BF6n;!?2yHLB`TI_EH0hq0!~Q;j z-Qr)>w>dLE3RP7Zwr`jb+ztSCdf?>lNpwwgR(Ag5Blm2RQ)Gkotm%axP5F0z-6l`j zAGSkzQE7Nx=6+on2@jB9kXh-1d&JO`L;6_qEIr4uDKlu>_06ZwDs3`6k-N`#+(5mm zFAwVmxkg->pL3USMRv&VR)Kl6!}~@> z)udWo9^5|wyYBgKyR?klqA`F#NDDAevi$Lo zuc*OR`Z?nAO?4O`LSME|oh&M0sMZd*k$YH}U^tZn%9JC184LCa9rpj#-Ts9cc z!UJw_FYv~e|Dqwub`z$smWX#-N_d;m8O|c6Mc^V70QIaK1!uZNwPkP``Ss)MPr!lLR3it?_Z2ul z>ACqOq#8Kl!(>yo&CiVlgTpX}vE3I+Ici#liTk_pX@ue5@otAh3H-Z@TQ;||A~m}Yy*u2clJ>aI1xY@4 z-hZ44gX)!plhVB>?Y}ycWt9y*{T(#I)(Eu!$s z>~E)~W_mF8DwP&H4f93i{v9!q=IZXA*O=)?)FCDp*jvnm+a9=}FZT?9v=i_Q1v8$n z+M0EogN9ODgp!{7;fgdn?#F(OU!1S9v;4RL#eI-R6t>5!V3`Ypxm(Uvr{DD5YAvGj zLjIOHhhwdGtQ9=NzM7`XEX%td8yjQU;f^RZfl+fqL z^Xm@hp*B>}PaiIsg322#eS5t3*R#;UdFF@}35&3}Iy{yA3EfM*Y}x=^N6g^7Xqr3U z2TBb+^z#@VG9bM8@#xd(K{H@S(lt`i#r7)&FTFTwz?p?zevp#m?qZNJQ1{HqUXUZY9XSJUULgPRD-wq=83e zqZt>NW?g2|FAILY$i>E7IQp}P%d*YKu6;=64C{`7Z^nJ0#*59YSpvcuo_zgl+Q_gw zC7_w4eT5D!Kt;1zxA>_%ZnHMI-|Zg6-tim@jvhW|(Nm&fmY;3-l%Xt6KRjV7=35{ab2+)vO7lkC=@JQEQ;eY)eI>XyeoS%3xGuW^^7SW7c8-~W&8n+ zJGH*DI5I9~-h`#+g2vLEbywlG1&`a+m&F7cSq%yz^B|T~<*#oC?-rGunCJ1Y7=kg! z#l06LOZcT&ANLG3STk`cIWitywjZ))tQ`;Jl8A@bGjoXT$w|64SH=xk*R~J7O+4@U z(ZpwBhbPAG_Ubi#7!;`DBB#;WXCKB3CREcQp4u-L0K(d}78Wa(PejvwvwVF^-B#kC z*3!qN&w}zyOU|LahMqCwzUoANV>EJ%`LhmMv#P96i}BrRi1Rdj*HsR(EJy0!X z;^ZQ17Vox}TKnqLeDbN+w-Dd@lQ|)jV9gTm!E zYHI4H7%c(w)lA$c31imqqB=~z!+7gN`Q+52QTuDybJHf#iJbyalwE@*ChHYJg+PXK z{do@mf_YY@7>H!VLBnX`y;4F@e)gq+*!t|<;@wRM_s)+Q6R_26!--hXpcqFyFEEK; zGe8dV%m6D`8qEC5&+fn7vAgUGOZ#)Sq-c7A!b$RRJ=Nd>UdF?w=YzT@wYv>03u)O2 zI1%3UJ|^37BbZiuL^Y$-V7z0FJKtqz$RWf;YpMoE7q7x2y6`@W_sp&tE0kC-;dE#n zB}RXk(^6R2(-dt8F66vV32Q-eLNzs}d|<3O$o zzp%H@QTG9BH(!0<#VLz=vT>8dp;lpsKu$^JzX3 z9LMAJ!ohj(9gWs$oxg;h@9>SPYxdtJ6C@nOL3i9JL<&-IR^u(5=5!q!?q5lne5%fQ z*G1Nlrq^`ho5X{}4&rd&Ek1af@C&+#BX|2Zo~u*wg#>;#VTdfl&l&Qi$;G7&ZCUbc zp!thGBC*`KFvj-dCZ&Safv9j3K7K-m2EypPex<_w4j~k?OWe{&OjPy69)oml^|UVFD~-lV-;r&dAeD26PgLv`S8%QXU+bUblvmJ5q3=HV*AxB zBQ~$!Vp(<>QA*hY)3d0XtlARLjoWC+XA-?3z}Y60rze?~d@leX{vnh{(1j<+Ldnd?KrV|LDbFiRl^d7lv568zRyPP3TD zUzO6MdG*{<&4K7oL*IREKO6+s-m;|n?d-lfQ;zO_&NKPDQzT5-Edi+sBWC9IQ5PW6 zbW-!F`l8fRoo+SX6828AePFp`$zFY3(y^JL{I4(e%LSD)aEH#;*}tyMhxS~yKXp(k z^mb(yJ;ow>odxO8C`J{i)Q@eKcfm{gm7W()legH~^066js`I*OKDoxJ40(;3ll51< zxH>GJiI}xI9dxy?ird3|VA>?qeBshuR_>px;vx5F4s?0!4*Rj5{)x7_vTc(GYtrTis&+ zr!^KZ8ukfSGed?dzkrCNe>m<%d7bBR(*^;Lx~cMtmxD*(wdQ=-XAyxuD`oRgc9%B< zF-u*L?oNkTtGZoeW}hkk7=mw~r8)qF`h86H?C@5 zq(5l8V z!YdqKMcWOvxcD3jX-UU?=9>g^?#%V+nHH2?!R4T8{xPD#xmD?NUm0B*FgG-Bdg^Yn zRke2;qz`{%oz+Fy>`U&j>4BG^iFC0)9eL>Ffn9w`Vf=?Hw%{4J*9BQ6Su=lS!&I

a~Llg2u-%RrJW`QzEa z$RDF@UmrdL1sm^60wt4~6KiyNxL4;|J(fY6Q6SJCu+o*?FJO=H@vHX~m6Z z8VP!fq`;Mn`1{83`kbN$AkeWqXJl?Nc5+#GqzEHF5OrHWi;L_rdK`D9ppY8$gG6i; zvhl*WKMZ%SoJQ7DE7HTdCtL^e%QDYE%`?}WONg}$l|jQmlWAnv>`{=HW4vIy966?X zJ>ZwhjL{VS_>%JAsDbE|f6cHuIyt;N>9nj|(Pw@tb`Jvxvh}8~?6Htl_mg9xm%kQj z{nrz>v94;^^)Rz6O^9F4d~P`(vp%=GKn`k-6^xBfn(bfYZ*k^3}8X&08JXOBLXLec!7tBF*SlG&$I*E#R8mF_mY(a!qyggplW>$+20e!i2v`sIjb8s9Yb`vteFTi{!+6qy5Y1;%efMIxSP9!}~MoK_jyO$DXZDvC!az zCi?L_gGSrgpK*5>6gZRu6t3r17R}Hs14QqzF+3hxTI4ASarj!pzw+h4XR%JKWd2!+&sh zJfrZ4V1JTmZR0f=^UoO+W4TH0dWB@hyMTL-17IOA9T4ID-^U3rU>@9-IBCKh;P?&|7l5MbB_B7qMdJ`^O1?^f}OMaFu)0v8k~ zKZNhy>)S=A*PYtIQ>o`0`uDDG`rQUC&Npr*Q#k5Y=3M^$e#qLqWE$jg6;+UQ=s70=zga%B;7UR{9vG_ zbng?;q6bvb)6mh;iKYQm-U7+I*4@xg)_+jsFD;QDF9M(yq9(l)6R)z5i25J%F$_KlwAc;6ZD|KS_fJH!UzqM`J-8vN({-gp0dYUh7H z{zCqLzx@Asu>a>iFbzdJcJ8y(Bi}2aP3eDJegPL3?q+#Ea)y#Q!Mfe25n~91dElSZ znd73PzY+YItFgREUHtGusXc)o7eG=# z%KIO}Lg3i{x(=-W2mbAUPyN3V_P;!`|8phm|Bo`bsXtOxOiWBXA#n+v{pa406*J?5 zot?Bgi~ux441DB_;z^kOM@EQky zJ?)b@s37v20u})hY#XT%NT(7moT8H1UtR2`TZRW`pejOZMpG0HAWv0JLVMPWUx0-2@nOkG z^B358ns47q;r6txy_tZ=MyFYF$dS*!*ClzAhZrx9&QG0&C@m!Q1U>Hb?|wpd%*(?b z@3SDimUGc<7EP@Nt!ulp7<29F(Wt%m(d|%t(VlOm%{P&>D&rR8IRl@2wr}T2dQbCX zA%kM&!x< zF`gdZP~(Z0Z5aOEN~KmkPw_x9e>a$i2|MzYTyE_JZ6oH-ngfH`|4p4*4C`Fw! zv;B>wTpFwXdaz9Fi112}9!kty=f`unn?g1{4;tZIx#b=J^w3?;l24C>i!(O4SOY7? zUxWk=<>y3r!I?((c^}KqzlG418zMSMy=?OGUWTzH|IExR4{ZYJ$Q!jmL$Ke?JsjA- ze)4qSF(}LzZLs9Dq5oD4MParv2n?g?7z+>UUI;DPqpJKB?ay_ND;?4#P&p7e z5V3N_hDE*`t(4>o$F0S=(LWfTg1H&gI&7+E@)NPEms&PZ`)JQ5ntU8cjaf&{N<$k* z^Rv%8zOVh{-lUL+lPzM3GpUedxJA-e)TC0~;IP%O8zUtC}har9em-xebH2|4C} zW^cB#hfSE3ay1CI885e$Rm$OqdF*>X23TP-fqqz*f$Te-UxNU#Idw@K^hk;LdY=**prYV{ds+- z9WFCfiWw#i#>AGF7fxdq=^5>bKv9trg=q}52?r?_3s_9+E84xnd+Mn>F*h0^Q1Q;H zAqosu&urDWJnf00wv*qfg;IV%k-=x9ZAw4$`AL9Ry;MgCTl-~x%m*GTpJe3G(iFGQ ztr;c1``PsncW5)EuH2su*lQgCXV-U}f^8 zW#YHlnS^x%k9tpFs%Vq_hl9I;7+!?~#+Y$>ufE_2VjOhM-ioRzIEI+oI_QE@RV)7R zlq^+!QSYc3-JE=M%LL+7&-p;{Jd}r%LoHv|lTS07w-C{srxN45srmd!j4Zi9yoQG+ zzu{l+3%$MeZT+sE63~$Vt@=`tr4J}-?H94qevq!9@A1kZ#XG%+8a}2`T?e1S^9OgP zZpBFmm?AA{&x)gs?4OfVtXO_~t_2UN7kcG|!;@OrEut(bfoHIIxu-9$zxhK>L_hS| z{CwRiLg|F43RY#K|3+y6ejW74@9Jo)8RRSGQkrtg)+*KZ0`@uc{Y}*)Fox;I`u2C# zTzv6(ovNp=2he%FU{Rxy3iZP4>RnmD>08b+Qh|sxn4^pothS={u`TbzGOThP`so3! zd*L@2S?N4_Fc4u>aH?~t=;B88nc`yoH0uewSPoa8`eGMd4fEZIwPy9T@9jVztN{@r zr!)4CpueW=8Qd4zFciO{SG9K>^ZS9Q$YKuL%Pnys=b2;49l1~xyB)Y3(`nvL(YPbJ z-cqhnjA^f|7hf-!$~U9B+#0@oFT_s1C}yMgb|j=OEZvNCf9xHINjc+#=){Qt4OuR! z;B|$qkTxX(vxWuArDi7@^CqjHE4{k^X_!B zwCCJTv>DxV7Q+{2ug6s!_Kp~C(^=puB-OMn6V+0x<-H#UTL5^d74Igp-F~+X2u7SD zf+u&j05bQU50}NND@u3508PzGdTC&Co*It2q-G^%Dg_4wOZ*EcQ1WJEc_(mEc z;;rnl>OP+jcdCF_aQch-?v`bbVW2phbwpBCtI0>Hw8!VoSBLtHare(%h@;jzdpd&H z!pC8_I@MJPa?}6=cYBHbwGVu??0ikIVY4n**a|r_mOxW^+L$ni))QJMq$Jv%cm0J7 zbTGaqKjqU5h29)?NCVQ2Gu*_-MiE`n_V#4a*vIqgM!2vg6xD`-L&Ox}iN6>6BE6aB z8&!9F;r3_Lf|Kc-^oPOIj3w)6^$mk!ZIwPrEuCD1LH*>Fdk}6Qf*7t`Ao7 zC_6axXSudb5SOQzFL}KAtnlXnr=R{ZuXanTE%r`)neQ` z(CzaGj24)n;%TpEMB^R}@plF~+{5|V8tt7lPk)TcGYf&q^8u|z+@X;fq6>?cD=Ths zN>2we<9YOUw`(a(Pbv9WF`Mqmjt!XhWu_+pV&R(xb?aF_+o_fJ*Gi!tX(rQdchS@? zv448b5AJ8`)*ta9L!9%LMi8hyRC<_Cp3Cwa^k)W3xYk-po#Vi_ejFljrjn;i+%>Dqb!5!WgHry0Ur}ErCRP;)2U-i!bbM+uf zGu5ZNo^s+MhJ-$kl&D2C!GcsbC=#$Zh;^cVLQQN$c0bJ$Dgeqg*HdVh$a`tFhQTnk3T z{4f0c|A)QzjB9FZ`#&v5IEu&#C`dm<1nJVHtAyS}nslXiq<2se=^(v>^b$f3H6bb; z0tlg3=`{&Gw7`FJ?)#bhnVIJ^Z|2?1f4$ntPV&iKS=no?>$-lwuZ$JZYst450Cy{1 z4D;sGI7xZFm1A+E(lk7F=U@TT(^&E6?=Pd#UEw`Pg!ZZSEc{Ax=|N}B zOJMLOiR`MqHl<5H-^%HW--(7U&1P8Yg0U+UIN~sMG-pk~&;1}Hl0O_ApZQRlaIO_8 z$wQ66IfpC0)8o@nfEG+_k(yp%>ls9SbixeG8*Fm*rhc?GDL3+DZ`=Lq;znY%Oh$3S)+dNGFNQ=E34%04R5}&kj!G$ zQcm!==$y{#1^oaIbKQ!rg>*{p{9$Pk`g(VoHH{VN=Z?f}$>K)2G1*vC$ZuD`}yT0murD8%uGEEIa`sTsfgByiyp`HY}Vd*j;gNAE4LqFBH3 z^5LQW3X7Z>JsNLsHHvVh*CJO{z?Uk6mB-`+l$8@G#aqek>KI?i_`X}^Sv__{h5`;{fvff&q_r4tx`3W2~AY@0r%P`G?xYJNDJ~kvb8jYCcTsk+tZ)S_S$yM%T(SnzVmf z2-XsE8cpGQXk8U1)UDlAT%hqrz-E~dR#83J>{;lLqz|~(eNDn0ZZ>I*Z{-D=@aNla zS;6g^g;4>6)g`R{!6$mVb8WvKFd65)`GULT+7!qFI3Z~gmoaANu zGiZQsn^&?%XtJ7JQ=^d0SYU5WmO+4Bs3Y+kZ}jHq=q5RTtll$;tJWftZQ;-N!OK$r zX-e3``>1C`QArfSD)mx05&<9M-9BLktN||6?l#||B0$v`ttiS$RFS%q$_bgrzg^5~ zG*yFm*)$>LC)*24_iK5Nri3kb)D9@jZt8Ibi&0b6cTb+w(l(e}c)lloh`|AUR=0C7 z6(pey;Uy`jo9LMx?I?T~sV+FSt%pc6zi56MG#oajM%OrUo~OC*Y2K>uvgEVLV3|%M zdQXjMtX30g0N)(JOZiWwg;qz9fcMtIvH8em;c~s{LQmv9B$7z@Qc(E1wShwvY;t~D z3m}jxc;Vu)(i{Le(s*X=a`eLh`Bqc&NX59%_lcV*xuQAB*4})%rEI8Ecz5%d69;jB z$V;nslA;YT(nD1!&T-lk9O*|8-;_-~)1AMg?^*6;4CMeJ!Q*dpl22IV+qenp4s;WR zIy@=qycLIjv8gU6A+Bf$3&-l|*LQ)w(b&(2WD&@Bmo=g%AGW@e!55L?O3%AQB=8f!uBW zK(lKX9k4Ii8-4vwefg7%An7{@K1OLx`@Ip{#3`hrwc^wv*rc%9(ZZP*tPyMaAnp@S zV#1|C$B*M`UC)3yvf!}$U4z1iT7YQAi`&R`J|iWS9+>{7PUNKY!2OQP;$oZif7jxo3QHv6dnw|+ zXOR8Yw8A)aE@VGd=5*<2ti2V3RDd;MN|U7=PiYrKk22YbWo%R+f`Nh_EFf3-z-JYq>9bC|A{kR34N-Yw4 zxW3>aC0_0Bq7Vjn!2F950JG}nx<4k3YH>1JgCO_LGnd;#=Nu(MS4#~lUF-wevENMx z26k~aNWybL1r?BwkDFUcV5I3o2cylFre~@1V)S)`K}Y??A`-1moZ!Qj!vW$lfz}Px zQ04s83Bm~C=ht8c-PmFJq&IUv&eb@Qi|SHesd_y0t|?bK0&{MykML!(eP`{Q&tQKA zFfVSEzMso88gP;kgP;OchBKYXJ7Ni=dHVUjx}3?PINNpHp;XpX{Al4PHc=Zt}F+%pjCf#Lmu0K0 zv56@E4D$UijMuvYbw02Q2^pwuk58hU;$EL|Z_|suLDth3zdq(CoPBQA12nh+m zT*%&;Juq zk}DU$#hSd&vsLtZ{fDXo)IzNrK2c=ddANFF$*Z0N#=c_3?H*Iz#Tq&D zNFNs{UOCzvPOI`7mDZlx_fhnx+|LG+ppDHe#Oysvh~+0+;1sJlJ!1N%rXDQ&X)1v#*@!_xpYO$#Mqb(<-HKTYmsHPJo>pY$yY z+)LgJS7eC z!+BQSXWcCq}#^N_$Ok>phP9@R_DTZsy8~{q~vVX8$weU6J|ap%OXPJ*&j937vYada6=8 z^P{ExV|o{*$;7!8i0fj0T-*4j+#PD4p&{6dD0M!&eb*e(BRat;cxrTwN4=TQt!>9e z*j`eJ-iaHWcdxSv<0pca@&A25AwfgUuR&Caxi>3r*5;8E4#(s(8*L4Ygr~k)KFQM$ z9m+qWwxVXfwv$VHuv_d#n81$9taPM5J2xm^B?e7Pb6V_#+ldtU8ZTG9IZPUCf2>Oit_D_CbB~wla4mJ+@Mb?{#V(yS+;cF6gP%$2 z?NSTUQwt2x9aO8N@CwHiDCtL5ej8WN$Pnp&W@e{lzPLWt8Mp1Y!{ng{t>q&2)Zo;9 z=26PEmyTFxAv-<2&LETbzh|sdt*T0uk3B>0y{_1Nx~lDbprJxWL0{V#)CIGBarWAY zOpoHJ-7SAf$|WW#-Ojm}mBghA+oX}^M#9&f#@|P?wPdMjVT!?iTy+pHmTCj_LL-hi9DSKGF)lx2#!a=%+Pu6grS-o%9#ouUX%)-0994+Huojnm z!7a>gaFs0o^I5MKfhpOBY)2f})Ty=0y3E?L0q@EqVJ+O|#wNydF*jttVmxc5y!r_a zXL63tUdecw-zVfSR`zz2N9-R2x#@S#pxAz{#23Kt@Be3+1IgoI06`wGzSIK67OR87 zd!y8qt7N>{IaGUQF}3Cf^yVmMhWf);#abgv91LsfWmgdPM*O}PfkCLuYYENu-ECbK zc2jgcZ*7pM1FL49&My$KZudSp&Dc&KCUj#87PeB7>(RbhN9c`UT?XG@uE)jT`1?da zyg|cT*Td&9yXJiEmA~N}}{)P*N@`! zYqLCoYA0cTC6tD%w({5Buig%AiR7{7Lew4d$$gHQn)ch)>W&k>4!=^xiUYHC`5u>G z=9u7{>4mbG$}JjIU#FRW=;Vh`0`nd>hyE3v92p*v_KvryJ}02rtqTKU+|vh~ENR4+ zQbO}Y2pjQoYfGoO-?nHU-R#t;9|z|9j?ZZQx~^x!K6@5ReL@5Zbe8Y3=8J|Q>6|qx zknA28NYl1voxM~TxF?OvaZmwfLNtMB`>A(ip$2`Og--0Hkz?UuAs*C03uDxFpzz@h zx#iQ|6B(IU4HdCb#;4y*l)HAZfdqO#E)#anXxWQ0<6@8MUkavDP0m|l~d{s7+t+r-SjMDUA((K;b=vszog4!rp-vUki%0SvbVHkb`CVR#>n zZAwQ5c|w{s*g5+z7Z6BrdayO^NZ&xWuzJgQki(lm1Xh^Ry0rD|f9x5BEPvXei;_~dPmF|re z{S)B<=~2WT47WhtL|G%FQkUN$7;TX(*vIdyFMHT4aHaIo8L3Ir&w^~6^3_y~5p0Ew z5$xbwTe0`W?t>_~q`k$uDF1dX(3Ck9KRQc% z)s)!#JQ!CjCwP93Xsgxu8oRl&muicjX*>>1gqo~kgB63YCITA~@Gw@}e1Ji8|I`RN z_RO2dVCBGfhez!P3C2(&YX&*KMuUG8&B!gcjGn31h>!O}pDE{4u4w#u?fY489_h}Y z%TwXo8mfVrspmy@XHlxH+ooe~LvS^+O7~PPLr8XZ2JtD&WbWp%@|ga?&CYF^jSZX9 zsEDvIb^2!eao#1x)KXH~Ffsm}* z`b=Y0NbPtkf@Q3%9tu-@=|G*}Uu}R4TNcoaRGe5Kw!Flkj3&<+-AsHNY|a=#8zT5F zzS)QZNP3;kcwLQGPKdR2^rW7bqbEI!g@&cstk2ZXl~4((b4$3YJ9S*Up7l9iAtUv{ zo4tL{l=IRcEDqaT&NySY(h+Pr)>>adLQQ$+ERil_vr01+<#I<)Jk1F;zhV=ZRmg~B8+J>qNkS@U%{%qS1y56+AK z2wvu$YCB+TnB?c@`5R0!OJ=z!OvX+I^2zNptNY`7%WJ?j`2Yv@on4uomIc?Tb;2?x zc_WE^BXptr*1?IIAkfC|P0F%Sj!%KU z=7=rl8g10lCHMEPu5YoIR-H<4HhlSyq(retJ>d&C{WMzgYtvgdim5GMtGH8woqhcd z_9fk2)?%C)RimM9!~Mgj$hW2~^; zwC{8)wqr z60)6+@T)Sk5A}M6fLzRpzYn3}3RRyEXz(S72~Jz_+b4kc_YTo!fJ1*4tp%Xy?fsa; z>E`^_%#sbQpTbYlUn(>yE!S|{9K^gzq6;f{AGd|+<> zxeCLzkSgL5Ungtwra1fABfQC6YLFq+&6Ow)1OC5gESD;+VJSAzoQfdzX0#|()9v@8 zZ_1b4h?|FgUcU1$lrKduG!bDF5~+lJ}4Ms=3CUh==R8?na2PhlDx7zW)yZf>==y1ou5Kw1bN!#i8XE&D&Lj*J&aR z8xe|$?1pY>g3S!2BbTgSzghKS)D#*Y_maH_v6#3p4;=L{c7< zEs&jFF;8{~PfYhOOIEQFPJ2j?z*UMpjG`qk7hUA*CHrUU%{%U^yIpR8QhVWDRFiSm zkH^?V>_xr8k3eI2m;ldGwI%lWEt`Q!kKfJ;*Tg{!j$zI z0*K}&8Tns`$mp?iEorwlKd_v1jwQ_BAEfMbLE=_gQ+C;kPBtf2>g@MONI?AXilVSG z)$$1aR7g9dC=pF0|H7{13%AW4rvQEs)hXLbfMtY z2*>_{&%sTfY?&(^ZvLqB}2pVs$ebIc9YbC#9>b~0^h>`prKW4cr5 zbv*G#h(;5+mClo-#bLS5Y_9qJB_z*;ReAUBZeqM-IFR z_7!EB=Pm%35!4A=;dJH#Zst_?cOCq{d;AVfCg0taF@^1q2j-{KcSR#zPJG$an}jG? ze#jh?atYSh!g9juZ0F=OeXZlVW>r_{2^OIPzg{G`)U2aRt--GwJ|V+q$mfuJ%PZe< zk@rL1`?#h>bSD&erS=X<4@HFe%#FZ`UYb$ru#Js62xP;G1&ERwkmwsPT=+F%1akU8db1sHH0N)@)N?9L`$pH}A%ziSuI55<#F#_;_?MNx=CY zv#i{R3D2Y2D?8ZqCt5gys=V$qHZQz;S>rgw#F0XMFB-DkGvr507Y-pd zX+XAn_5L*)1E-Ht!V>K@UqS9P>4D-5p#x8*fT8#s#?2_zud}y!$_bO+^60VhJcO_w zRciINwS%fX}Zi)*nn6_~v9tWK|cV z2^nJ^tWdL}2%=pB2Hs<56i=Vk0dA(~Xib~OV1r~t3&A4L{bQh ziQOixB@@XIw<-NPOoY(tkTNR!8C8ZyRnY+N9k}Y|^wAg9hd01=2o3*bWt~fCud~u;- zogH8{BY#&Z1K&!iIbQDv5Wa)y@!^U@gHk_{q`HxZ@#dACRx>)lewzhI64i(;;-%g! zS4a%zzcD)I5AOA!aqzOF18T{!vaJns%H}!)US?z)LLEQp}Qm{BU1yCj}D&9Z7z~)@0#uA?-g!qY)*2mK1dAo4(v`&7}}MM%zB=SEbq3 zps4Qs%x@TdlO=W-ysPn&&G#g{q@~{>jk3DRd8VnVKS5Bd!9*GF&=F$FAhY_lL?~EZ zN0|&rFy(H`oIS-3R^o6OzPRwtnwiv^COKBGw4t2obSa9o6|Yqn19~LyVzF>vMW;mr zyAUvxg{X5>Jw1jyh$0p%F8Ng#KP%u8FHOS2nqc;_evysV(?QKNS;-e$#}QPT8#g7K zEq`^)L}1b;12lhbdaQh4*>F(&>_QI@hlj1#d1>)dy$;p5h9K2J;i(@q{5o$vgu?X% z{eNAw*`3x=#+6EM<(b5WMX)mKOP!}EI<^jWC99lKTz{?$gp+Sa@|6nvSl#R2?3M`l zxhiKmXu|Y$Z^N|&m!+2<=xS&88`fRNHWdcdYDEI>1E)!8A`P5+Umc;1UWWt_@FTh;9O zz$^0J8PJtsh8&ea%-PzM_4pX~bU}bytoYuk7N~UMDN!c0M21jY4CL0#3qf%Td{jW; zLFSXYKt>N}AH0ASp!H$nbv}1r=(*$8M4HL~$>X`C1ZZrqe1PX(ojquy?Gc4~fXqco zXpzWhr*1c3C^3$^e1{z{FQtl03uyHC{pI@!klG!reWdnbE$VaQ3lnpGA+CV;aMvI?46*=Vi(vFNI z&5TudFA>ShwA|Dl7&_c99@vfaCI-(>!o3GJKUm+c>?*(8oN%$EI~!fYH{0TOF@i$o z@*w{J{Gd3_)^kysq`&Qi<0XRC4XO8U(1MV4~m7QtXWdG|mDSXhQpoX`0}7hy#w zwy@UB%cY)vG7Tq_MeVvbb4IJxd~LGK$op}5@MaHKvVu$BH;~RfRf!-Lw#lBuEi>o2 ziNm#xrNNAhC!ccM8P>4z22wft$JLfuU1#jHBP-ap&V!A#)J*B?g(B4t8_^Bf$fj_g zg+djC1i60Auf9hmRnCjP%ki5Qpp994jx02=LxqE=;x1$=J20lXz1!yT=wAIO+3D zQXOJ4dz&UMjO!!48UuvY6egmkG8Lg{iGQG`-XPQH0I3ZgFxBSf-5sp_gEX{bU0H}u z1f^D8x7IEthS>l82sC8t90`<46-LvOgUy`uinX>Df#m4a0Fv~kCkYWz=WwXpvG*7v zh49~%cc>}b{go7;JXt7Z9fnWTVq`-zkJ#bY4tpQ;GoCG9lwwlM6Vzt9%I)LuSQ$Xs zf#2L&9%u+Q@Hb!!ayZ5YoW*oRo_xO*>1wMD2HQnWLQ$JDONR6B90!|)p}GP=KO;$h zgvLsT@p~s@Ulmp)>;ZKL*PagB91SBG{j&6Brigj=ZFH8x&E2LNjQ4Iwb5EB+LhTOa zEDjh3%}wZAu|rEv1kaBB)Xyg5a~`_WtPLH~`5VyfQXx;{$SH@wD$CtioeUk92!D5b z0?E9@7_GdkknV~MoFCxPl*GpB$93h0Fa?MrUT<6_MLzcn4d4$zOHwoz& zKzM#Py1kKL8cipxO#8rA#zU89`XE}pA&SxS*;0Fz$Aw8`YpJ8@fS=t~Eyn8%?%;xk z>pnJ2XqTzTL|o|Ase#5V$)uvDZ+36v#;SqIU)eKTixc|z&mjsL-t%`2-A-qo(Ihlg zLvNA|rC?g)J%+^ucZ%}yM*nKW?%>NmUf27 zcGF+3__@0Wv~@0rNNx6xNsxB(RY)}lIC-3pV$R0!$5<*dHD9?b#RU<|m1V%TQXXxm zy}J41rdq(wv&3raf14j5M)$ce;<2|ySlN*gF~VUb!uL#J598u{d%m@|48OT=Du|RV zR+>J8+vs4hkuU457QAFX$-Y!WlO31qzb)2`?CzTuWaGO-IojOI9+T1|w0H_6|CrOq zy?`8$otDCM%XO({Cv}kmy{t3?8biEj7pryOI0lTj__@3?ZkE6+T}D$kpaXGGaW`J| za0$bQ2jU#<#-JM|LndM#doSEy?-o6>ZlO_X>fkip>L7kXjAt{CRahSKNe?>1n!T{w zFokOBd%~-HxWr*L7EW*U9t^yf7jsrKr4H_qIe*xArfcz?04)pB6^m`UxPYlN{LF)8 zN}D3Aer@69$^x3|I+A$LVz`~gaEgz{IgjXOne}3_T0s@nPsD9kLUV47y}56=jFJN+ zW4~`|9x+|qEc0M!sZ@`2l)>GT_PCf^3Kjhs@3!JuzA%Mwu^)^fuX)A;dzH}RV^tUa zYojIV>}8su>zTujqor!zCb{01sBOclM?HUoPrugEB#Ffd4ux|B(1g;>dO7mIXS|le zBiDjZsfp7YRIzix2okv4Q#E5|>eHpY>0NQqZ3?l=QyYYPPfB)VMnYK0Nb;PDSMvOJ zi|~%(4&O&#!RcY)jC#CqI}!7#*RRGkD0DtvWkcbHwAf)=ycQTd>N>8*fxOzIOdv2m zFnoonI+4;_&e=|oJjjh)liu}xy+&0Vma+}GsE&+8kR}taC^tF<>$uT!QcN?3vk(;#`Q5JuitSm z(apnoz747bKkw`Z(tWR5C+pUK4GYUS%`o#NKeiXzl=jxH?cHd3HJ!9sW!}YZ?=Q+E z=H-tG_vSkDe_(77yDeO0(u9y71nx!8se#o8_gpo$YZOXgkgi<{#n`D#Q?A%Y?QIS< zX>QU=#0<2F1lfx^_s3qp;8Mlz1?X0eb{YqO*F0uvjyt1S1nHY`Efb|=1iqZA$1nDk zR&FbCVWlb&Fz_>Ow*I;_P!zeVlSH+WEyhX#sVEa&QzvhGPfg{^0^dyvkX^~;k| zdzmbumPV46Sh~!GbUkylOELM5gHCF-fj4&W#l4oZfsP|ZP9#Y6v|fm@Rg+HXV(+>P zw?-09#+d_dHd>Tm{b>MV3v-nib(pLr{JyTUSB!Vj_d7VH^;xaBJXxPAOu>>RI!svE zJg+QrGsKHI9B@|r^5`6h a^#)P!B#MnKK)zTcl7wmV4*F7co@B*8e+O78vO@$az zMAJ2Pfi*xWB)GnyBcG@6wgUSN$2%h#Qp4tnLBCF<{FwDF@^lU*sek@^f7<=A{m*E4 z_(cyF3?9(BC%k#^aN8J~s;11z9!!bPRm4x^Wr(x5JMk-?Hc%#T5=xONo{2$aAvPb%`~M5Fn9?v|dq0(%)F zS<2?qDxG<0*gn$4fDdek@yCc_T_?9`-v4gT{Qz?jS7Ry$t4T`vlCNtX1q3|@G$n@G z{MD6%p#i2Y)zvXEF};A+_IZ7_lwWciZ@V(V*S^hsoJm4!v{O3`DAYS%UqKk&`W^Hq zv*Yji&_UsyTm+`LXJuQq9a4xDz=HbwTg`(b591zG{~*%lwg!ex^cvS{kg- zUU7Tt$WCilVJ5X%z;Y63-%)8V2*|R4J~l^e{R2-3v~b6H~P=X<3>&2 ze__P`^W4?ZbCUmAbN2N*5HkHAn#J?~S=|5@B9DR$A60mkJjm&)0~+P{Aa84 zpN{y~(dFl=s;8Du5(F&!IKgxshi5MC?%F`y{aVf8_M~7lKuo(9#5~LS+cZ2@WC!22 zMtA(`Sm-*iWBM0+JNRGh?P4iE06^1A3m5pme*V?t?_JSXNY4Lz6Zm%UAFcC$PJg)j z&yf1h6aPN?`{sY=!vE)V_lN)e@z?&JJ7;G%BB;K9aG~%}5^7i(&^meAeZi6wy>=fYhI}mJR2@IL@giaAx4^PjSFJC7+RlrOMJF){iE+p3H)+6QW_5J_gJ^LkohvVvtMi(}Pi|gcvoI zqn%W1l`^sFy@pkv?Gx&QPaAsjdtNn`V7@r&!`ar?oBS5|gp-^4bStrwK{ok!e4?hq zSav7sbqqb3TRmiE-Z~jJ_tG%>Q8?-LbI4{m&>l=V)*@C(jrj0LOLP2iZ(W>9V7@}R zw3A7m@oy_;6}WO5b<@$lWaZ?vDp{0dJ+wuD-L=3AQ$23_N%f?8V=-Bq|IQgy(}nRnhsJ6Ydj4gFBm_riz+xBmfQ&oY69Ro<2z79kBYdavZt(GZ-2O)9g84x^P zVAj2lf0mcn5oGOiW%T*~R;tO7?6G2T;wwT4=5x2(0Mhbe>u4WR%(nXC?f)&*{Qrtj z^W5)0(#ulPJvMe4Zo>HCv4lzw9OOq}6kitdk6%`&NM@EEdgNJ~~7CN-shma|#CcDDh>_P&B!puXZd+d}{uq{InMwx$uMG>^+KxwPWs~fJF!9 z584{52OeI}j~ML4^`ia0MMbc-Ht$a(QxOBSDZU6m{LtXmRhhHSV<&1qiLl9Tv?frH zUL33p1w1+r+%yr}GW-x5y0C#eR#Az^F^aAyU_O=2z|ov{;U!c0g@OBKIk9j2+p{g9 zx&+6`Bw*hAuF#Pe=Ic2)){#E)>oJmU_<~+`RDCH??dk@6naX0j@ogc6xkG!aVKHkH zC;eM|r*BJv!YEMHG9KC-sp6z_o-u`B#3%dGN;t%NwD{g*S=GXNt^XTw|zc{ zs}OBkm+7>h)J*C;(i#_!p~EI&to@5~E>_OhdFI{K=|PbJ?j?rBO79Geb6rO_wQFPj z-Pg`@8EIm0%=NtAtmX2B?Pxos#Gim~accKkr%PK~ENQoKAaUyTY6qEKzq1{~2Ms)I zZHkpn_lFnoG|?2|Cug{%xpW8i%5APO7Y;KXaP#L0)W!MX@mzlwfjAMkSF{ULDT4E_ zn)AhzNFf!ne7aaD(=@BX{K`Xg5kR-lGs;?NQ0 z?8$JHZDdW5BqSV@ZRPa!gnceZ-J0`+`{O0_cQdk3h? zePG&0KvDCiH>3^h5{v|`(26Zl0p2d!u?sYn4r%T+Tj##FqUc&PD31I-vh23Jc;sa7 z!7EEV)$N0#Z*-Sf5Nz#RxPrl_v`plIq8^!>afeJk(+a$QYA7=;Hq<)9N2Cr($ZfDg zt|j=C+GghToNAsOe*Sj0%=N#5uph!+r1|)WFN|z_{<@;ea|696!C4dL7k?-O2EM=3 zsKJq`A^iB)1;#9!J?$_HWueIUukv{rPp6ab{S9EoGQ$3$@7bxfIkO#OqX^h$J;I#2 z$-ZKy=37m0NZ5Kp_8@+viP(8B=bMv?!Tq>Q9@D`&zS^@}(uxkN+kd(9w;V1HYk!!#p~XcCU#?kYb7)$ zng-TFv;7d5?4q4xK!!|UwqqYWqbZW%s+X=qga))ECSaK61Owi<+uV^a5~2Kv zBun5HFx#KSIxUu9E`+^j*s>If{97pcafz#fguN6`TIBn!>YH45(lWxPeip0T22D0T zjik+Dx3-d2SFPt09vK}oO7l~w#PQt@SK=H#pB`tV0cnap+zZ;C^)W(EUy|++RJGL3 z)W>S9DVkp1f2sH~QOd8I>1B6PKrv;=*X{dCf3nnk{)#nGQIv~3DzZ8w@(cI-8+^tQ zFL*20OatcD&?6(}r--%8eQ9f|P&rzSo2=u^ZOJG!%|r4@BO?H`<6zlx%kSdXE9K^T zP7#3O`dN-+3m>qsc{Fbn?+ns3CZkcfsS{{&URWs!rX<@>!N!=o)zv$>#4&9{hkn^j z3y@Vm3EG-!c^u1S>h$vS{$DBU1$nu+>-1mf1v4zeBkMJ?_S4zdrN@IT$W}E`KYzw% z58S&Lr&M)V%bdWq+axUpAivXSA%7gEl3VV$Em=2`giVx@-S8BO>#+jvtsj)os2r{K zyMe`ZEu~jvX}}aKUwrTJwXd(B=JozQ0L)tEAbIi#^?uxXGcF}f7;U}%(7D&)=7%yR zBua#pzab7IZteuYtk<;m#5mdhfmv^QWZIN;_C@(7$HH&zv{0_md=}yJrqis)RcOy) z&lCE+bK=u>=S@0i`Tl`fJOAFC(~<4kwi84vLx;Sx*fX%kx}7U~X<5Mc0dRJObqd#O zZ{%>=drTnRTvtNN__deBcThyaUdM>vzVa2}p!&gKaRp8dGI&oi0a8}ukEF~2kMrF2 z+3#{kvG~qEJ6KuVyT&r~m1pbm70g-_23(Nqy`e*LdLWmk{ne9`l|uuCeSHP97RJ?1 zyi)p@;$ce1v88iB6Jr+{v55n~vzUiqyG4QW0svl6(&sG!_GLIXp)0+k)pAQPTDarW zw(&0Q@VE4ZX94#l{KKs)sxos?1y2U663?m4Lj~x8D+%mI8Tb+|Mj~QEZXEjNi;CA< zU0LAez1;1G@1}-Ca4Wasl6q5SCRG@x|5AYda|gRmZiA44GA^~0xd=-5eP&k;)=iP0@E=U5D>DQYjt#me8zVVz;)oe3MwyK?d_86`F~3s4UcY}@ zpypO>bQsL$TUo)V-)86EgF{B1AsUH9FCow&w^maZE9Z=~#{hlyw}!J;mT2KL7;ufF z7AXMG5vv^c_f}NpxS~V`Zx$Nnm^Frr{HuGuw`RVx+%1Ry`&91?0^0wT-<~LIA)|+{ zfp3ou%5tM+>gHgkl}^Sm5~D%xM4tl<&@$@b@F+q{Z+c>TxMT6g9O;^gF}fwzXOL<; zNBrkhjf4j4fZCC;;8m+#$Fl7IF`t})@cX7V$bSLA%X6}lmX$0fn>qxTwZI#5v<*s+ z%DK@JhHu2wvb_#ARjgw1gr9zpE_L0YwUy7@?B}i#IWTtA zad!XC-W>D9@`BBDu?qV>Q^59G<B)(-z|bk{wq9d{!GeXWu=~;ay#oa{R(eknW&*Fy9p&vMKOk)H+l zhh}HM;MZ+_6oGo@^jTz7G61tU9JTjS;`W^&|GKB5F3>c6g~}9DQ==&vpH#;b^;IIH zF)v~OoHy}xR_n{OL23qJQ)Z^`^2X9Y=GnppTkND~fN#3jro*gr_a~j!!QqItCxyc~ za=aO0V^cLMDNa(E);^v7z2@$J=K&fGFE`rJz8a{Ho(ie;`1gI6VYZ&Z`g48x(f%BdHs3@G zYIC7mJ;3k}VG|MZ`_}4))vXN<%r8v*#Z600P&v!5xzYO!*7ml7;s#bt#&7ICHZT0O zVX1E?e?`b{bDw-W*OdZLN-F-QFOQ&(76Oc{12(!-KgACvEAd3Q;sz!5yliCv9mZ{e z6c{3}#Hrb3qJbh82zZo4;QM$2heLihKn}WwHPK%L?vJXiHT*IraQAQd4ts7b-gFEP zO93$@Wdnk!RjFafr;z3?wDs#HY_eC26doHS>lr4?063?L3f@c}|^BSRkU>-4XXjQ0Z z$l5W7t>?3cu9>tvkFar<<=?$^+L+D|+rzB|E^zmeq?H;f>Wr;ce4;~vk+>WMw5f;TcovOTYJl$YY#N&gZWBn4Sbv9A0+{oTV{Nb(oLR_ z*A{>1>$x@br3Pox?AtrO zyuVWqw)E-#i;=SG={Cx+u&~PF?jpOXg82NY8NbnMEg`uoYYd1+=Xh4{cOmxvx2dzHzZu)L3l`0HYRkr#FJLoLy+)=d{aIl<-{FI(lAQBeJ`mBr z^^a?Jhgt{2yDbX%YZvA_1|xH%?fF~|ByWztuf+&78BA@Wt97p(7bO}7$y@Ev#U7Qe zcT0d>_3fCYFW1|B49C&T)4hs(mnuIeiO_rjGB{my<+A2ARLx9)k4BC_@B>f)nru2> z*qu%Ag0Wq5%i2U$hgQ_?rHryfliy|U?b^G>2S#2+<0+}{A%dh+90mQhu?LjS~g&-MCr6Z>Mq0fVw-uX!Ni0p6n1e^ zIdRLJIw?>C3~okQYZ6rh}c~K&WR;elOAQUpFXUJKl=s5&( zV#XUcVO`O7u@1@Vw2~rqFUX7q(Nyx#GZ(uqICwGg>b2ktHqg1<2Ey8*dLB@`B)XOh2~&35CiO*1WiFo0Bn3o#VGtV!LJ{E3r}B8Wn?hAb{cD@c-N( zQvB)qpZq~*iDJ$^H(HX;d~Nn#3qnYm=Uu)j3Rm15cXXUXp?8I7W1T^9@9;(Oea?KQ zl^+zpR-2vIs1_E5B8n3YTRhi)YB9w!x8e`WabIq2tlg0-c=!9;o7HRID~#_RWe-I9 z#%@_d_-PxHJYi1a>nA))?S#=HsAX3#U0aGz$c5SRt} zDR2fQKJB~96&psPjrA7VDkP3a-}S9q`AeTKnIs4I=ihnq=G0G;dT#PMm=IqE?s>;_ z?cH%Jk1*D+4GwcizQ+Q-&c~wnM0d!hK&_&4HQn5ab+oTc_$B6793P?ewI^mv%)?AjaH;cqsy!-o&)=k1R38J z?)SA%Ut1qlX!8~)*ZY37i~f=fyL?L~kTZ)6z`qH$)Hh8JeL?(&JTFRX9h+~vL{ z+*Z&=J*!6+cE7PX%aLJbhHd2E(CzAy-}M8jwbv6^MaS~=H9`p)2aCt&jkcnyqYvah zq0m*UPQ|l>cK;W9XBiMx*EVVkc@zN$1f^w= zl#rGd9a=!7TUxrij0YIHJEa@x7zU8;ksM&??xA6*IUC>j-gCZlet&cSvqEEV}qGONyWB#bU@+2c_*#U)VUG9)ReA1 zdW*0~%RJmmtx1g8=U=q|dNPG`bCy~{-e9iX*;<#dQsnt}N|NZWcX4|~Wk~GnI%{e= zIoG_t5jiBCRFG-Fj#kr>&l;kJVF{`M7{e(yuW&!Ucxd`56Z;jANcKc(2v&cn-ijV?+-sq{-sVN_;< zC1LxT7Zawz0-%C1>*4aU5j*5Y$#FffV5;liL5ZEW2F35f->V3SrE}c=@;4MA=Yu_1 z+@EP0VkYmrQa>%EL$Q#q>`d1y^MUC#gApHM5je3z^MY75#f-7+uczyxftnH!JI4GO8t|_`R`FSo~?s) zw2OZ2;|fbehgSx+w*u{(u3jWX#jm}_Yh?ECEyi4U;=V_%@S4k`@rouPhDyJ_)x+@G zDNnC{5U^F#dw1$-@muxuM4@HenHhCYr;ANiNE>Sqqh5$GhtI~R=dvaMfyDT2X2u;WpPWW>Y1K$zx1+^SHbrhYc010;Yl?xYoU%H3GIWh#%kwgi z%VVb_oevfB-=X<7h>nI7N5V_$$o?ckgMbJ()e@@mNs@02#-)v(5&=3~>(>E*ebP2eUCSli`Qyg(+AXvL^uA#mzc zLllS4!7))}WOU9E|LpH30UWqm*&6uj_@kL!Mk5<)*;Pn8c>x{y4vd}NX9 zOe>&xeiLXqyI*d%&~&U;9UMM1zXnwK^XQh9#NVhP>&|s^DGF^HYooihG!p7K`C_xC z47b)7Z`_(i){|QD8x{Q)KE zyPH5%_T=XmL$rKIjgLUA@L{jB|9Zi$g8Rjbc-z9#glpr0N-uG?zR;VXTH%oWV)6Z7 zs5#x~L-TSus^j8X?ex|CV|jJi8{K!BpNNwA#!U1v?%$9~k!_P&y6P0snARGc*-I+} z?Z%-&|n6Z0j6h#|7z0&HolRCk7S=Y?J*Sq z-{z(e?0A(^U0+`z_dpi?w_p0|t_K7{i9e?BE;qa|Xa9I9xbjz*!WpYi43ls}zdz;+ z%h`hSyop~);E|J*kl5cN| zjqk+lv-X=Wra$Gc52*>|iB!2Cgp*h6fdjcN(W_NOx-c}zHu573vEXPI`DPL5(ZaS% zxReE?eQl*N&^IEY)5!5iw`P}*mCP%;aKr-z5Rz)6P6Uh%BzyIt$Qf4|N zE@TkGR#j_1<1$#BnARC8&T!^^l9+yi^(L+KD0Rit+~GOP-N|SgA6H9FdKp*Tc-4dK zYgzqF6q#wd5B33reh`j+p|~r# zk9QQGlalsXY@C-Mf#Xy4jw9#CDv1 zBsgt`N1B3Evokb;q3z$COy4~yrHzLU}7&{(~zqjnLil$|iO|~{S#b~skqK0r97Q@GOE7@ywfna7RlyuToGMx1;||WQCd^D^M3GQ^gA)aa zD$T!yk~dT;{4d82HO8pgi&C00i=!Mxzb)9rY~YEqy1Y2cQ!xTe}TPgG)| z(h;f($C^rf>Ch*<2}S#=mem_dMe>AO*K|@ED1xL~%d`uq*LQ#Ry43`% zcgdll&^GG{E%|+eT>$@{%!HL=0*!4o%W464kM@sF2b4{H~@;0`%waDS3g& z;BwGN_C0rZNc(E{lS=PqEj4QKE%GyJVNw!@=Pb*&)XRQE_kBeEvMvzRv#tKE_K8@j z=>sc~7Xz5YJK)RCcQS7cRu{OIMQi4%7pHwa{X!y! zkhThI;7We@P>d)t$l#B#TjMFaE5FnHiR z=P)7U>gS8u4oQFAFps07m4Ivx0Spf0MKU~I_1HiII1zsiX4=3&Xa@^b>e;M#U@yI{ z^mFi*Gq)U&Y=XXK!Jp~kx1YiYFM9;dd@wS|J`*hszf@b5O=5s3VPt3m1$#OJnS?}x zp*+dzbv5!ixgFc*(&PAMy`*5I3MBnGFy#kco3w(Ohvn@;4@ngtnq_dmLymBe95it*~O1SdT`smaG z#lT3Cr)VZ&8a8X{af@$sW3vj#o^rcgIj?*S$i_oJ^J}~YL^zI1gO{e`-!92_-C=#C zYLaZ>WGgev5yc_Q*yUegA31M%hP;E*K|WJen3SaQ<~=0HA~%FdPJ9en6cL%s%$#`f zU=iU3(pIWnmT8A%j}$g~wx1=^2gK-4Ff_JEj8` zuP&}&yBF_05yVyH{O&{tUgu$+zYhBoMV9S(8y@d0nCSI9VPzNch;jpl=tjc0L3?w2 z;Bh|HcorA2z7EXE$F?P~WsH~vrIUD0xU3?!s{7-MMv!DLB@UM%@dI~sGOy9@2^;O= zXXT!SHsC7xpc~_C0aE(KSRG{Z>tWCoq#eQhN7hYB!DA5S%93XzcF`2Q(>Y#HknCXN z*R^raR17%rI^IPhHZxR6i7SDgB4ud22O#Ulf+G{2ygomUNnHENKdPSFo>KPuh-hBB z{aeZk#cqW_gWiZXH)`1g{+hsrA={^O z%VrW7@V7QT7lu)ZBuy&LV$=UU7|sYWEyP5Txk=!w^^A6YXdpBxzTol5=TaGnggzeG zzU)oPR~o&s`}OpF>h+_9IYmD9qSloylV=uoOy4sJaV5F6nLgXz0^x7+e^c`48mm?{ z#H{#=GCvlwTV@P4w8wMvSrG|)XSuamR>iu?)$bHizBYrO8jNtVtDRyyLNfRTAKjg zr@gx@FhzBkB%R2Sz;+6uc(8(~8IamlI!IQL%-$lx1$$KOEN{VYLq-j!wk@!M#95a> z!=aiL7n9qZ;didUzTf-uflPL`jaDC6S@r}X-?Y1I=r?>f67SvVXe}?Zccqp!9L>Ou9LYHduX~$QZekldgRi7*?M%TNg}pJ}tlg)_9iZ?p0bta_Hxs zm-6@B^oM>)$6eCw_2=V|Bg~Xgy#hqjH-I=&?JzC`0Cc>m_O#!=3rajHlZQB4p&k$Q z&2WZ@Vk@Qz%}jCOqZY!3h$#3KzA9Fbi+|aOy)s%jOzUMpQlX*vNoH2rGx=}dkVUPc zM3DopSD9gAk}#XYU&PaQ;1`dFj{AE0SFw?;+bE7h92Sona!S(VEbb5bIZUTM5W(=t za3~bW5!F}(Nw|kMTWZ`C(zE0l&gb`M9-YkyD`7lkSj;tvlx738`~A^$Dcpz)JTe*r zu?DZf<=f*k@3m`r*d5z(Z>a=J5>PNEZ?4emr!*Wh&ee+*X;bmiimm7=M0#mBu>-3* z>*GqGnf>y7HlRUlV2R&OW3FzP4xPXJp*SRfImB&sk>*dE*fio91y{r~k7%7g&$_LVq%0G%Q3x$Ky)5G*mJ9I-zO)5T^@{RlV7= zcf^6+>x8Sc&LjnZ)e?ltt;3zQ+^XVgDe*N|(Oc<5l1(d0bi|eCDe8iQp!H8FC}72+ zhkps-(6?z0INfVR3N4P9Ecqo4U3_$i<>^ng$R|=-WX86%q!yvQ;&$E{`s|^sz%J?~ z=mZ4ZX`Kpmy#BG#Oqq@(Oe5j+g`$r-v;EK&kmF^6$y_1kH=X7_+s335(VH@JXj%4I z0V(S<^D+0ibB3_Oz`5aTh?B`oUA^`<;-)zE!a;fW1+;)q#?lw-)0ILr&!+r(QQLsr zgOdkx#`ZiSR&sJPg&h~twq1U=d*yL)(E2)AjqN$t&k+nPDXxrbxMEC+6-0Qg{EDGH z>|EPT5G}j(cqgOGrORdsNs6%hPDLHSwGYk7*ySy+mW~iWu{~FQ9(B)A41zdr95gKI zKRN4+e66}5I$FoHHrUuQe9Y6DIjVa&bI*{=F_mFtp90voj(Ze0J&S)4`ot?tdz0u* zJ9V|kmlv&LyE`iCSC0KbS%k9DC6_T19eCitjzq!cSf0Ob=3e$`%!@0*3+uBWSUOPM zf|s=MI8s5mR*WZhcyat*dyHC4;61XuD|q^{S`DKUFA<)jy8H}S<+onF<^6z?#uhVD zss6deirft22SVE7q0oDcwNZVoi%ws1i)jWJJbrpFZf11%XD)s|sLYqhVxZr<=V8sD z7&Yl1kkw0@8PbYo67IV=J9}rd0VNdUNQWM2Un9aA`+QtQWAzUfJH8R8Swg!mE&tlB~$x+Pl&qcD3SNbLE89(U7Km0~ z3io3e_WkSD2kOY@Mm;sSR$;rFWGhtej4Y34&)2llANRoInp2CY1FkURK|kXYhuIrL z82k8z=`+)ai_ElXzF>*`?#o(O^v~DYP4Srkh>3ISI3D$t7js9@2$@P{ntL{$sRfyH zo))^!;9>66!tTs)gXE~7?4_@n-7^%~S3m}^rid$apMYL zG90=TNAJsn!JSx#S7O;8=OgVSL>&Q_x2;PMVZ8PfmT<$VFT zya|sU%@+*LI4zp)#U=kj;croFm@}<;%gacg%R-J}A>`(TeQw>Olh*7Wv#|7+JXL2S z`HP{th+-WtMa{1ut5;T$Meg>;UYg8GvkJj?F@`RVJMB12U8E1>0Gap0Y35mS$Ip^B@3W^h6giy) z16vCibMjLSU>n<0M>SYZ@YVIMm33Bwt3^-mh11sRcO6>G--g)PbC%%%l@}Wa1uubA zbj%flAC!yQkLu%ZMnL9$|JXWP22!HyeKAe#(c@V&Kwmk?7FzIpN6E>_ur%Yxalicc zkZeRW7SmfG2b7k~1EdF^-S6)LfYoC0m~~w$C&=5|WAid6LK$S{!e@!>&6hM7&kHC= z9Q<88%k2_stJCn_w_)x;n?R0Fp33c-P%iph&^>)_uHovHV*V%CCw(mWoR0u7BImYx zx$=;pDS0gc81Ax$F<3G@flYR59a+qU&~UeQ^`2)I z1AmmV5>QYe_667_o3-uTuKadoHn`z#um3$LK=q}12LeZmbg&UD##yZ9I6bbaTP?4n zJ~5-|&iCmJmMNIMgoh;P+QW(a`dyfZ2p*d4q~hv!Mscmw(`(h|pO>pj?Ex9MgQ)eS z!x`(4<__)nh(&>;%KH;H0-E~m_1^LtgE)9H#Rf?>14OqeQSAj!xwc?lJ;C8Vuu-*n zT9nym(Eph}hE?VGIPsV7qu{Li8IXn?sk$mu)ZJJB8MwviUb@jzBfa7I8_%L^c*wEp$gCL5 zVaMlop28t#8!O91LSw17tKj+S;-a#@4l6I^9bbcg;sJor#MUsiyC55s6b~~g;BE-y41CkjRx-+f6BoESS#CEE8`O2} z2VUX2RBY-p1Cr`{uyriXG4b65rn5JJnW}_sUPIo9yA{i6Eqf4lZ@Q{kOI9 zJS&O21GTh9lK1gCa#YQNEF>@Pjx(!RV;Xo4bmLeL-IKb)#y*Anl(Sjd{9>znp%;UimfDI3kH^SePz;iFyKsKT?k_H>*!+S{kJF>UzHH%A zp9^`Ezufr~Qwfee0a?h#j1?S4PV|5<{V$;lF7D;|T^B0tEtcTfX0JUiPN}iIaO-Pj zIUiE4R9Gc83$&nKJNc;I!g@$DneJ>$X>`YonbO8PTz5mq) z&lQd=O+zYJ%{bq2weqJg2M0<&ab=8~lzbAc{Gvzq2o+8sGBweK{vA5uS!Re4^vB;$ z&1-m1m070ID9XCQvUz1w&#Si_a}AUy(%Jc1 z%?0&a^FvGb6M85O-@6CWqH4ROIq)iNZ03BTp;aOHFLGSZO)J3)E|b1{ZYuAmLy?Lx zqt5aT1kZ#mf2=954NV#J{6-g{KLJqkJ;S`LHR+BzGZ5&I&$#X;luSs=y7 zO?WeL7ajWeilwN2ABdDWqDG;wRp@BK_4V?}6=RPKjiyd0!%lcwE1q$7@j&& zxi%e}5FKD!smepaXDc>m5)$paPbPHVl>0mXXX_&|5Yc*3zG_z1O3S++OWgcnj|hwG zjJhjKw^5O`hJ85c^imH6@U@cg$zdjbnz_}^`#cmN)hLeJErj`#CTa0kODnVp(>k00 z&u|kyb)_-Ur!Pc9`@ROG}m2pI36dJxmdSZ(SgAv@LwhP96l;m=0)0#-^(IHwG+w{edl|$!%Mq#5i9u? zyq`y``{&EE&f~C;ZZ!+LjC|@qRb$-i`~4p>9ScKP>&xqWlWdZQ%))q1W~iLF8Ndv| zd4)z3<}Dg)=FzB8R;vB2&6+tm*Q;x8)79x!o$49whOPUr?ZvhS@MBQ+D<38OZ|QgWoU}n3Z;5&n!BQQI`=M(`fE2~ zwjE_)zC=%Bmd8_ZYerUvoBu-~ZZAPb$%`|zW|fxY61utr3r$>|>X6nQR*4l4r1?;W zZjDH?_PVP$3xDd&5nlE~JumMnyPSQngE3{>qg=Y)1ue3-38+$|;ioJcVSYk{fliQP6cnogY_VwQ39 z37_Ez&gh*16Grp?JPfs!mz%5I`qBhN_`Qc7)#Q&HYEoajYupILV@BmY`FWuVBMzT` z0N9I%eT4qUj|7~!gt@MVc2dAK;xnBD%J&tX*{Ww5n~MOI`W)})yr z_su2W{2zkwjjEt{pC;r_x!O{jKMvOxTRL7|Ue3t>Ll6$U?4QTk%4Y(k)1KK&7S5%E zCrQ?$+ajU=j&)6N~L ztRYmW#!B@~2J7Z%;rQ`NXw}|G9idm9cvF}R=)?_fD#-ui@WJmbQ9XwgIJxT_G3Z2` ztMvDQaqw%@9Q_3OWRJ0LhW0&7x#Ng+?H|_l3sqPs8~c)<$dM*u4MQzu)jp zY(cH61xhXO-yh}AL-~)A$^QME|Ng@n{7>59zd!Jgzq}#%zqh^r^ZCpF_a^#(KKlP( z{NGON|KJJx>2P?EP>znlj@*!Q{$IzQqV)Us#{RvZr;5qwS`Bot&+gv6YYK!_Ze@Hd zC@7Goy?LPz^)Sm9eWKYZK&;zX2Kc&X<$=HM!6N{=8?XYx%T~SlH9amVsrQj8{{O%J zZqCYo9{+<^!T%3W||2bN01KS>5zC5c(zY9;T zr=~hY1|Sjza9EN&Lba>V+{W#%iU75@cbg}sX@IJV**H;^ZIuo{GsS}p#Ox#(ihP!j zmo^`=hR>3M^xgXb47Bm4J4?$r6v!}NEDY|7{Nmpg#iR@D23(=IN;?cWCT)c40APlq9L9I}L&gNd_}-)oTa? zgEPZ+L>*3g`%ak+O$HdO1qmI~OpPpiIgFp zT4>)g7%>(k?UU7*>RZT^oRL7j4Qht{WO83Q*wH0*pIW!enVC(0B-68!qjTIt5~ilk zw3dr)V?j*jH_knhl98DE>4Oq$5D*NvG}6e?4~7^{BxX}mOQ025Q$7N5smVvc7uFn5 zfg!r(Ma<1+_A=jcecX09(-SS8h3mQ&_sBrDpa*_e0<_;fiu$EmsY#nEV}URY6}y$6W&1xTL+i20 zD>w7xt!97Aw&JIaecR;E%Hgr1l{+*o2v1R?_M-q93^BYdHxc=XPraBN`L#J%w3_j3 z`^wC=BDfn^UH3HsqkMJG_dZ$G& zsuYjpR}cIyC%&J=N!=nBPPjMey5geaAStTemmv{Q8n&d%nrz;88r9a7c!2c$bkZ6-?( zGeCng@wmcc{oh(K(%7m&n)PHRtjsNuaoocjG&(N_GU(*46U#53U)gZql8I@MZg>&mD( z(MHfYlc3>n7&kk;d$LA5N~DW+-X$o?<*HQ8d(u6y);7QsqVKj2s%md4$W~nWTcStX zR9=|$!f*0}q{sB^hK~|!Y_893o0YMd2W_tX+CF=vAZD)QAYIvh2 zHkS3Yo4galEv&MCd-G4Uptsi!>A%dy^RPWV7!hj@_q4lm-#(58(Yk&`1vs3lz!<$i)ge}%JgHX#tnZNb~2kR~&OHdV30s%LL&1IUEskUPmKFjlsC%e6)X*O28!3valo6^V z;c0Aa%#MGt=vPVs+dM+;9EMG$C+YxUv`mk_4og0+Ea1)dk}(*s2lKTZ(tU@b9fLI7 zFHeR*;mLITn&VL$XWl;7jvqMfhr$Xf^$+i@a^GP{*yPl{{YEcqD9uv}7{FkTi?p&Q z_-YgJ%~G@b0?Eo}tsA%V7!pX)1^mtxsaIdfd>oM>Vbd?>p3c|O4s!fut(Tyoz-C#{ zh{7-?2X3d^Z(W{I9mdCC>o3hAz&=nvdE<+WCyE@Au$-9Osh;%H{Nl)_pBng|0_c?q z-E`((9Nfn!`6EZn$+?;4ST#XPJczT6Kd5NL92q(Ar;B7U&zgM8?Q&A)6sm-}KxP%P z>6cBfR1>#}l1?UUNVTigqzN-FoIOHY$|hNRhq=`j6}*LfyCk$^c%2Ua*^^b&L7v^l>N?UNGt7`(B<~F}M{z zHwT|BYxWRb<5uj0F9|pfVp87ui2q_!>En>>zG^g^$vM?x$U@L0X;#Q*YiFlttpz?t z7ybMdz;x)G`>yuZNZPpzOXlvrkY7`uck(3R@NnWFV zP8!gD$CMZ-uQ*oqGTfSb({l0JSv>zs{zW5P`)Qpt(vDbZpp%rEA{?UousEyujaBK| z9#9VO$w+`(P~XrCXuFEqC2#C&yINa8?6 zyM%UbzegLfQ!?BV;`j$Qp*YJP1}kMum>Ljl>PQ@7>9}x-L zuDXU}Yt1^6e6zY{;KYh6fVef}%}+lj{%96gy|5xNaJ)chDM0FFa1(Dff45@KNUr_? zplEV3rvLyHdto;K3XV^`3+joythu&SW}SZk6y84tSpfh=WqSG16A$-40E*my04S={ zKm7qvq}>20k{9Q;k5U_i9_;haCWd`$eQSDo8fTAw$qj^-_9*IVJXa!yP}+pm;}$#$ zYa91*kt_D~UZyvh@>`e9F(O+a@H5*jrO58waBjvkJoJVdubcWT~dLb z;fKQt{`4ywwVJFzUj;aN77su6iJK;2c4WnM$aSxhwVo1yr1176eFq8E4Tu|^0fC&U z%@iSu1l|#ng{}QQvyY7A%b$CCdinF@o4!^{Z)^J5Eu_vA*TWX~WQ8g%YR;?w@y(W} zg%BephZarIIVt#%p=UcPn5Wjy2XyqSF!|Iag`|~rXD(BS7I^hU!$*gz%ORtV`=^%Y z&2pNS8FLTOyoacs`;$Suqa+iCw2BU7q?e4K(9}^azJQzzK_e(A^40T2ZczDztfgAn z5#C0?5&T%S^@HeZEfY| z6jBZ#PyFo6vPG2Y7GKPDUz!A)-@|a=x|Xj`bg=WmoXYFIoDSufnFZTqiS6C<%zIQ@ zzS&6}=oo!>;LpM4>E1Ivf8h}A`sn8lrw1|}Qq?u9;I6K&j^91$UImg$$;rvugpXo%4!GEp zl9NxLd8zRQEcA5Dj7SPNZCM$Njo6eb+I<97W-*cOg9&ZYmaS~ZI$DPtkoR2CFS+ir zb6f?~qCa6+^!L`+O&MW&q^Tv1wlDe`0mJn?|8o`|etw$9btNU2#_)@L>bO)Z%Aix` zC(GUwwX=OarLJpXq%)pE{krv6s&P6bI!fb~*p{DJSv* z{QPp-@;4aKzL5ZV!kfCPcck1GJxEF_Vimx8EY?Fz;yU5e)C{y@vsCj!rTfq3kD4P+ zJ|jaS%yi&`F#a%%R9DvRYq|Ds_`w_%B**HC=D)01hGb*uSkGg0Uc>|j?yiu6BFSex z_dI)NqEENUxHUjSd5wFi{hwl27;L!sZPACDsJ=c=M*Qln>7mT@=&cTZKx0W!V|4IJ zNDePJ?aCjs-O%mEwdUjXbGC1$$(1lTEY<3qAgz{b&s}SuGDqe7u$!K{b3(&;ce)zZ z_Z}#bau2x&KHpm9Bt%Avlr(5Kl{+}u;|b6(T1Q=4$)%fRiwW%T8D`{2n3;uZ13O;v zZNCVC=oC*aO)cQ5X*}5BzW&Ad>}|Vsq-B4Y`U~zS8~deo)dx5Aj$eFX9v&sG`mY6Z zY^~$+3tT@Wlo>@Q$*wE@2~B(?A(V~if7N%9{3AMmaNTNXsI>wX3`1l&ttLFUE5`3L z74iurmoeg3U^`L4q8_T!^FtgPPsWt6BPxFF)?_T6{w? z!}*qKLoIb(L@=t&J#lgHn%VcXU=VgISDlQ~=G`fugV-bWE|20LS_UUOO9eQPb~T

O#s?>ML%+0(btjwEAK{niDH z(bwPW8V0P+d5!M5Cq^dTiS(et1%u0tNNgy6#fV zysH;Obco1)`tx-X-&8N;=(tlETsRXhz&yCRemb^5ttb~Z$g*9kyCC2ro8-GqDAXAe z7kT1_?2iDr6T6;X+apc6H{6L8#cYG}`ZQ04Udi5AC)!A8m?G6~`a$)ZmT_L5nsozy z^Ml`02d=QEuU5L#6OXN*mi^>COG^5YllSsQxPEIsz7I=Y?_%iWR-qSOI-{*T4(~%M z-1mS>BZXg;RlcAVv6*{?{PNa%w9s}RnT7!+kJ=#7NwT4NJ0k?0N&>2YxuV5WFg-`2M#>U7uG;<*Zih$Z6AM9a| zZEx4qbRf%YEwOn=Fs*2fwA^d|im%yNCA1dKMoxn<@SJED3kry62kR}-;H< zTn&)CJ=*E`u|Uk17d*z+psl_BvKdZcPiuS}T(-%mc0`+*j^?<1>z&g)9+->Dpx^4u zZ2xdEZ(v%UQUo2LI=x->zBH~z(6N~0R@2Lslc4TLX+8O0g2EcoS7ugpdY z>y5O?H&%S*U&E06ER`RMhU#SXaQ0|A!*wK0kTk0AQ-p&N$=Tgk3u`g2Ee1m53RsM! z!q9T&j4s={qCUAliqcRggbGF}J4X|>iaQTb<{;Aw@bi<> ztVqm$2d2`~MmI>u=jctkphZ+ll@#rFox5(Vs&d)^xz%IMjbW+$9^xCP0NoE)$V_p@ zy~uQHSAqE4(mqJ9Q)f?~Z{Oyd?{BBzs3-d{-1yXQe5MZp?f}OsQQ%!uq1{l0QBF?u zP_xL2S5TdkcTe5x*kCi*hF$%XH-mx^fy8*>4_Q@;o0g(8b<6En5zvE5UW;dTf%$#| zcBX%_R+llo_vy0*YWX;XPxtJj6+{A@MisqDsN99D{FR3>fB9M~;M{#|cpcYMIlF)F zr0>)TxtwDPedJVRpV7^sgIkK~&D2jU8RSlzW&pS8$-ju7({Iwd9r^rTV+$~kJijFa z5mzyqtfNnql_xk;WUqDEY3VQ%rpC6W@pHq-NVC&lK8f`Inq`>CHV$**oA74g*fhzF z{u)#fhuJG%jjH<+k2$uSf;}yl`c~uksNbvR3HFsleRykn-s2p~K&+{`xisXCUh9Z( z(?`kmFQVEbT#f>TS`2I`p%5pk&r15|x=u;`wY)(MURL8_3{CGmt40?0uwHg1W0_kJ zo=Y@9RD(JcbDlx;w|!>2uKET@-{718>duCdWU4EqFZAJ|_CKbl^8}tT2X~xwDo0 z3|B2LDykuh+*$kul&;Y)KkVpDV(Uv2D$X8?Vk&-hg&)Zau)Ux}Wvrf&9IvSBKE}5( zWcEMR1UeyPgA=7jC3QF4w0<3W`OxRMssasbNxY802Eqk?^kZDa0S9dOGTCK)MG(<8 zES;LDTcD%BW_^5Tj2yp2%lU>UF$Z(BnL96v-=!3;F9&!MGyqQmdeP(-_btg_SiH}s z=?)mD)P_-8iZFcNnKPIW2wf%t@k}YRqsjTeC|t{-ezUf71uu6io9WSH)6F2@ei1^3 z!s8XB5vlxf!;`SBi<^3#`V8gAAt*!}ar0JAve(iWFBH>(l zwf3F7$Q}yKMLaqs+oV$Sm>q-}?c(nGmhTI0ul?2_BIESSv>y+7tZuz~s?AqI?+&3(=0wZHeM6KJd&}N`EcsgdxYAL- zaar<=fdVWjW-IQc5b1Zpjvcb5f1unoXGh5uZr|Yd<@Cq+5gRJNHA>hmbqZm368b>n zs@)~)h9h7--4uTKs@A;Z=npJnaCd~`e6d13O+;Q*Knx&g-g*E^kH1_P%P|tVlcmfP za)CK1{sW7!M%Bpw6BdD4%P5>!<2$7SU=ej+vH7!qU=g2(XD6MnnYQlttK7x zR0Zn5VqZF{2C%++8Lo`l989QnU;IrsoKX{a+?g6}Tye{XMgk+#(?8(~bt{`=u3;|? zzPRnzQyreFt1Bn-73xvN_LI!{Q?F!_`_WXsWD;bwxj8oVIOEKFHdCf+0$>8{7Mp7~ z2dc(V30orT-0s*Pe4n|>vpG$yD@01@^F?Z?ys|wByTjS#h$ibIor+4~jKA_{7gRbB zVdhx*8#Sn1T`V$K?8=@-O0_UNiWB{{lKjb*k?X0mIY=-nM6e~ z&-ws{j^&4yGGtmiid(Qya_TkJp8ab1TYs=){iG zF}R?8M?IoQEnPZOqDZxu)`Ak692NQ6Y?EgJBb6z9?ZlBD-oehlELo3&f@x!`8_w$q z;QOk5GnxJ`z{~Ur<6{cSA2_XtC8XXlFD<15sEG6qh^WTTIkWtN7r@4_;j&w4DW~#V zSKn*=|IUmbhrm;k1c)@pVw(ZtP}@OmG)7{ zbcL4@d}J=kJUz0*_Log!-`AR19zPDw(ytu&3%#JDG&rLDG)(6~y3pl9!`{+NFXgm) zpv^3b&V;?AwefqflucM8x2N}XU`K~8%G=TPFX)peJQi33Td~X=QbcF{J7k+nX9vUI z=|`#nDWZu52qfV&s)t2CGJXs|4vOgcoO4sK&z!K9AHoGU6utDH{x#)^c&WK34pFJ? zdaFBFA0QqsV>%F!*fq$>ho2MwXhZSs9fYiGHxwFE4MU_GXil-RJR&6IfWKJWWbS4c zpei>QNt|V0(5sZv(P?&Y$&bo){~ZO$#IY3hz)6=yEJtS_g-Petlr9Gc`OH}yPXcGF zo08{qgcYQ#DgaR-&}^r8g%pS37;e`6h5=I{6gp#~;T^>cM>TAbNmVBzT5cE)z-eZz z<7sHT_Hnz9_+k7?8W!4h-gEW8*t^THDBE^%^r(;UC9(p7K75Th<{Ls)Lhbn(#F=XUMT>DV7o&he1MGee^7`?ImIpAf1wb= z13~Ul017eu9G);p!WY7FCu>~GAb2?jP%G-H7qzef4tA8uBwDXSWchFu&gBL=<=16rlWZ{cm+#LNRG)C z3jErz&Xtz~LnYss9e6`Z4ab#ZV3s^o;5%?(Na`gNx2(Q9>h62JE#cBuc9rgL%&qs~ za_u_FElfjTTj>->0|l8XVP^zpy!=(`*V(D*Bn?w4BVM&zI#fn*oBF%mwXGxgG&T+< zVo<3pv$ntfypb}0vg!q4i@@3xiG1TqST|9O0$x#i$;(R1{J_HalefaagOD$=$_FWZ zZWYUj&p)^Sqxu1ZD8K*5mtWL|cVY#^cR|ngneX0E><6aO6D93)&$F{0fNyxa$L}%M zt4jtKZ5H<4+&ugk7(oyy9e33`wJg?z+f;O*L6E_Pjb?$_=alr?F#pnSF)Tru$DbQ2 z*$7$oB*Zzbn^$aWH=gT~__OvhgTdjN0&sO%`AF#btdCSv+-Zs{W(aZxnJ(()xUnQ| z_bIr$YCN8MRzd&W%joJbY#Gj{Pxw0u%3<0M!UK9+MMTf8jU?p-W_`8 zBi@FNjZ^YQfl%YA!P|C{a6`V}4)BIOki~M4*}rw~%J+nbNcHQNKFRj41$*m^gK0Ap zmgAMb!y+iJ8=j6%dl!n4JU*RgvB}p|5_<>h(o@1@8e{;0fD&)>;gra*7(Fl4DGa6} zue4d^vVi1Mz<rpnm#B%7T27B|o%PuP@OyAw7##KZ%%f0oNuWo(VyodW_6ZWE; zRt@OQy7ptMVHo*?5?r*8DLpGMeMZJ^!go9Y09U9<5j9h(JRh;+^Eltne^Aq7nC5Ti z^dq2r_b!3Vk80J~*%vM7a7&r7%*w|hhPqYkX#aaaG1XXUa$O(pUqImbDm;c;a4sH*pQ`xH z$#SU75wJTuvnR5IEW807jw=y;mCe1euw>8pN=Rr80^HVN8-`yzYxpV+KT<~VG4j}m z^-NO+9Pl4erHT;8|JrGO7lB-II%6+fa}LYQ4zwB3$%wit@Mv0Q0VU#`3N*FVoTq;` z^rb{sS5sDRXQ6~^_kS|&THOrXKR|;34B~RZ*!e_L(YEg&3}ScXTJuMP@QHdW-5(5s zeSw0GU$Q$*xLosJ7{qgru5aoO**}q9s6+`sc%|+5<&!(W891N5%N!nGOalx=Q@+i8 zkn65i=>3ZQMI~3toHQreH0ZaK`BzRK47?L%A!)pvLeSV=`QB*1;%T{({Suakv=Trj zDD!SJfy!j?`#;Gqz+o=PV+z3ky4?WK0fwD6&%qfJSUW98f!n9M%2cQ^W-5#=p5DIU zYGiL6m;A6&b3~9h>7w~| zI}Lbq2}0DyKdPpy{X5hUnOw6mlQ}11POT^M`Hq3$>l_-g{jG*vHFWE)Uw1+j`!z4NA99yQskq#?wtcqw*ZauJDl7c@aZRm!DS z`KTuDb&~&$qFb$4|E%i|mdqESlQp=?4a?E}V)j3JMO)6OKu@$MQWH@kOqaOj<+y`+ zO)&}0!sy$DPY$g^Xp7kBt5vU_l`eqV!-|N;73>Jk`#|+Krq=)BYwK zc4AACrn6$hnZU6parFn$fz{)4$i$m42}lin$<55A%RTmGM>Zo#|L;}%N*USXx{JkA zq$BS5*B)DxAji5Vdiji^{k}|KV}f;m5edlYWpNBJDuBufQ=5ZrYq77mxWoUnj`HV{ zG#~=R7X}(IZ2Aqj0#2b{gKMPHT(WB_@REY_+wNzRy@X#@`IAG7Q1Y8)177Ls`exbx zP#`!H904YFZ5`O5Y7Lw>SQ8azk58?i*4JQ&Oo7HA9 zB`2@V2W=51<&!yz$x;wu#MJfPhLNFAzI6Pth-uIM4M|CJA04sz zVv%9Rc*UF|R^#Msjlki^e+m&R?K2DDXpmnlwI^!t;*wAJ)6ezCcP2QaHJ_1S>-vvu zl~8t{IgZ~lbd&(l!sN@Y{s0{;)I9lo>wgv^V*V{eWCKD3jN0qjY*W%?; zTEzu!icHVxz>+*%QZd;-tU5J%dxv6T2Cx4*Bx!*b=jk~SaDXhUKPc%j74XsnYpQfF z?;b}64n-08kygGuU{yZN?8ca%`i++3WP?rqQvo0IsXabV;pQlJ7%I$r-TtP)HVYCi zkuuLnZ5k|0{2XX1t&Bh7O9!T`6#VAlnmG4u!HSEM>u~*a0O5{Bjdz&(W9D)@<||r# za<4MBYhyFKypX*9c4%)vcAU;SYH(&YB67DcmGvnHxg3K-*bL+iEI3CoQ78~tKX|s?7iNBCKRXpHPYoh{dYamP(|{o|$Y zx8@NM_zDJH5rBF)mP({M(WoVmkQOjN08 zI913E9<#RZg<98g(s^AiFPOjCqP()J^9|9SG^p(2Z!zNDad*&y4}7M*CgOUt`yVlal;>+AJ@R(sUo9Vj z8%3zk+M^H|HN{9jm$xfIKqBW*zdF>Cdz>aC!#?nv2d&>SAV%C;roBK7rD**%vd2sw zuK_f0GiBc%n3a=%PQ8Tjj5^cAU#-8 zQS$D2F+_&u>Tt#9Sg-)%vRC*axzMRhK=8qd##bk5NY-(JEwDr1G7>$YHzm&QK`w># z8^sr8nMy)DsqMMQ3#9q2!*8`XMLm{#$8@4E=UsTLC)?`=LDU!r^4w1Pe0>V+>=$D( zieeYT*E$9}d5)uQ0={6_`Yh!sT$g`aNRW zq2{9K*R+#D7_B7#s!&Hc%>6mxT`&3QGVp>EGe6^jqeAjb5M+=ncs3>|Ti>*$+EmA# z`*}t)AJYKi&T;I+7kuzq7i`g8Az{NkN%+dDo3LeKH%-_ zOa(DP29LII9ErbY=wTBgojW}pQ0HKr^4<{{| zUS4>k(FbRlL9r9IWay$~A=z<#JYExh#(ruj%El_I9fW z>ZjW6P<%U5%jjfTe^|JeFa#VLu{|x(+Lq8vE3&FOYLLMxxsdnj&oB1b*qP31hWkfU zd~Nx+8(2=v^*q~Q$V@k;sO8~cA z(gKL@%9EX4cape8bh`>i>a=<=)FsKo<+r+As2&l8nyv~R{)d#g^;_=R3Xz}wFUnuJ zug8SFdAPSepX)r+e|+D}sq-qVr0}s^Tv;X21XQNYo4%ffMWEI8C`rX8BUq2_JV?rn zm`FN0U7Gco0LLf#-_|0Q8H2pS6dJf7Q$kG>v7b%K%Ay-_;pYd(M(fyCxCW$Gs_w%Ih$T+p_Sq2T+SdL|W09VZ*`PaH1BcCy(GDU+hf)2F5z*5ht;&U+>1| zr4l=`S4d^~ry{c^))!fr!KLlu3I8s8ZG2!W)8cth{GrR%oH=B|q`h=@3Tp`-I6s?2 zT96WzUC<)RbzVDa-<+4oM1K*d^+kbC==6Q>245o6WpmDi20d7$lJP6cC1HzbzKkFh z!`Fp!%_L<=&c0p0jn^jP;#F~#|FFDo&45^pmScn<*9|kMdQ;~zLSo8@L_Rqr?*jwp zmL3QQFiM`>n*3+=v!utCy*pb%4BONEDT)aV`NRTV1{H&#xU@@(vqf6i2&Y`IwCEzN z^`PGzSS7d^at(n(nnJPM)4wsLL0NXD0TMX4G<}KaGOs$?y-fNrW2d5}(dW8{299%j zbkwZHsW4&R#m_t1r-PjyYh%jBqF^ZIn)q750KxX%N9#B+njZqf-hf@FX!(#hj$RB! z?;{AelIxQT2$k3M;f;QYMh;Sa>^EnFX0563^T&8>jDHn>e<%bqwd8Xn)u=o#+WHlc)ELGSBB zykWY+L4Ucu4cw-0?2p#Kw?cV~X(a}#OyS@t!3 zC{_0B_d`44uE}H5Y{-QWJI-?G>`)Z}B8*&(h9&i*F|z|b8cWBLnVDgFv8Ky*rizu^ zfD$a|X00E9UfxQr`=W5#Fm+S-bzsF4zOUerber?~okb3Lg+u?@*etto`HU^SeS*2I z3?#>-wxLrnXaT#XGIV>Y{2?>)cux<{Ik4yxw)^RrR%A;SSXN8PP_d6bW4D$O5_8CZ z_3^VPXmV4yO!=iE*lL}420i?J;AX!jen_bLRnF(Cp3%{e`p-eUTvK@5Q84=3fywCj z=)0>~0&=wwjD-sgkazC7DqyBK&+|5C}`dafp0C9J(@B*Hiy@kpmR$DZ0; z6~H8Pe~- z0cqc@cSdk#LL}mfw~O+x9MC6)`45Sm-SoB{LS#C69Zx@Y91k0~&2#ynIyHfAO15Xg z4PzblpjF}6ZK4}j`fQ1{Wl~7iywed|1iKnvia_)1@wZm5;t%9RljK7sGcnKhSHQ%_KY3`|77-jCHoNnl#Co>UKrQ_Fao=8{9VG~rpOQ)mdMcdi+HT^Vi9z6(+)?xWBd;9?_Fe@ejqt8fG8Loi-?<&h5w+#E zwh4(R+q*44YOS1J3J{&fV=Q4gs3&6;QBL`9{50S)JFTnA74PaOh%LNw{(f?Fa7C)M zP9HRB6~0(i5n7W!&xvjv7{Np#Nla(!vvb~z?)22Ih;8IeSDwH(pC{vCm^KS>-nxGJ z0c1(a{vjsp7d#H`h>2gkYSwqegu53WdHGuJ5r^BdW^)qhKg2|REI>?D8wnRC;vSy@ z#DrV4#8-E#<7219Cq!?z9Y1Q{EDG8%O?NFGI~xRM!Z>X} z*ra`=t)XsR?WfI!${dmAZ;YT=(1<>wmQMX@qLa@o9Ia&KRNaV7GTo`*FrLG}+VK+! z1C$9-;a0C}aX^`<9F<^YzEdV7_ymv6#@dGrgo8E#Wdc@ThUy%^)K{{UH0XP~=IV~p z;8jdBY?+{E@X;sO^M7}DpQU@7wEXW}0N|1U#ECtCe-#=D{V(E#(vQZhd?3^{*|kiD z)ZOPF+?n~}_drnBy&y9`=7^0=kWE~?J`PdxQ_Gt>a<$CTC1!o(5qBp}e4R0oy%Q(S8@rXT z8w7sYy^}5s2gHfh`C8F+K%5xVwbfES!k;8NOQwg^?X`%RINa8x3Qnk-H2b@uG*qdy zS{E;eI%os}bw-cxhd)*E(h|C53xc!<^mL50^yAF8X4;}P8~QWwN~v1p232@=%RHxJ zqS6Bg&Fptj9_NA9$+lQVmE|_YL!c%<3Ri^Z<6u3wHM%tY;f6yPZy<%)UAJRDkQs8B z`W>&!O<>7&IF%T=FZu?(HZnpGNG6E6$AUhqa3`C~Oc@{BJ~7PL;d&+UoUG*sL8W4M za^t9d0!M#EQXfuVUD@(qMhcLOy2kQB-i(A4uq<4%buo`iTH*d@+=Xw=x8^KHJ!PK) z1_-Aa15SxTr-NxJ@I2I>KhKD%L(@vH#^Q@AytI}81ODzpO{$F>!=}u6^(ON&n0Ba} z5{*MDG_)Tv2c%UZIzpCM@#G`oFPzXzaq|#}ncyOTN7#gyjQot=Xbc$EulJ?BDwk2I z_9MWq70>KGAIEG#KWEij5wRjd} zl~~VZ-~Nb+}Q33kN2eL3Upk zYIe>)g+9z0%S#=~%XhZbi`{=yY`WsH0tqk>$0}KD1bJ1y)@YQ%#zyOy(CZ~`_bsd< zprLjP-$fqhB$!4r@EsPRTM%1+c9x#bGvfw!kq=(l;HX2jt?wheS)P1t zb$d~7rxv`tmz`*v60d)riB1c6?@lGGsC3!6V#RGYKiM$SRvu7XXH&l}T3w_$;*>y+ z4_c=_>CDm*x>F`{0cB$M-Md9f^h!=NW)f{Qa|%XAv+OEOb!zmCjsyh?YpD4uFC=;?TK zpQzfZs+P=QX|Qh4^(EUEtvZemI^!stA-$SI!VwO&;$9%;-d5I_UKu>MXmHkQV zhi@JRG|+{YJfN?i*>P;S&Hro3oo>zl6z3~qo9Ecodgvd3LcAD<-B;D-y;j9eSY)wu zUHL`HcY<1KIJ7ZxKxNYEcf-!6xQWym<1H>wPQvn}`bA^q8|kl-_s!Hucj@jG&~*=P z!WC*y^TvY}@4J72eGP&3t>kY%bK4c`Hr>ve;*poWYVg=S9W|&#ot!StQ&~=1O*k)| zl$HBV&7?On9W&U8wj(}d;(o$X5~=gr5R7nnvZE)cL@DI>Vf8U!%F4`txOBsVb-#>s zrcYnpo~qn@PvS6lJkBXyYMw0sz-OqDRAswK%h!4aY}Z`>vHEwwt`+l3MeV6?-$uUW zw8d1(&St({YS;v=q6TTq`MuN2LA=6Q!B=aY&1e7hDG1ol>Lg%{7EXK9PXguPFJfXdy1l2wn^Vf}TSYqi zmTc>l<7#A%v^#|`nqk8#?QOYIhZ_M_MB3WB7ecZo96S!KeZMG!hlN9$FSLLB&?@}( znxyejbkG!=07zPPu}F&`V3V7*XJZZm$trX4_lPKaK+gv07Hf%C>*UR|Ug7s_J9j+e zk&Bxm0O^%?AN}Sc4*uN120ZEuMX@h!l1=UGt-W#^+sqNW#0CPDSEWGByWDW_waSI3 zCnhH5AOmo^zRp%vQ!AVaoUt>n7NWIxS63kaF9O9P6UI5oFFo?5RxG6TN26?AB;Dck z_mpup$Q9Tu04FeKhudc3CR!Q>+;`i=igfRqzX0vmdRrUxy5z;+&YSD=(>1T|%8i$5 zBa@Pn5_)H}>nIeHcugT?)xb>Tzid}n$mZ_z^X|voeTo0v+WeEe$g_EEWBx!Le_lUFs!eT^eI!5v zKP^fB14Z1lCX@M@Fme4i%;MjlbHHcJb@#viZ(A$hfBUol_h0N4-@040{9m?@6#wVV z|83X&f4IW{-esM`WD)=+?uLQ?Z95mDp`+uJFy*$KivcaaD)ImJ>C?TtA|8yl`4bcB zE-&uh=ttF{fpIJAVg29=wdDKcpm1sN?l&d_Z|=^eHug_;K+6@3t3m*e;grzm_$Mb7 zc;$cE{OlQ;{~yl4?*V`Ol>h0ScdrTjpEv)vUGx9*9rh8fCBCiV?0jta(vE|?;Q3Ss zY++#msfJs*j6CEL0}`+>+Tib7!m{h@J;MP|oaU~M203Oz%=PHc7xiNlzhMU6ZgbLj(Tu@nKXODUJZod_dN=f~>YrwU26J0c$EZ+D1U zGDJGOFk1#F>qKorTv<1m|1c5Duiok0F%e-V025Ja7zcuT4AOwXoX4W1Hs+n*`UkE( z+dykQGb|-sWG#alS9Som^Ei0qm$$&=G!Z>FRa8HT)<)s6OG$tG3%EZmtE!UF52&SndB3CoQ%COBO z`Sgp!t#3a@KQ2WN3_cSFgE`>--3Qn11W92FP4+dkm3J5B-S*>g3nabnygYIMS~G}= zk(clh1#5S**y7O>H;}0HTisandP2dIM_&8kZ?&lIjZJtfxk?gC$LJXN6a5S&(YTaB zWIs$ZO{b} zlw%H6I|pd)s3oqN0y?gHAD|C)&}US(%e!NS5_WThz+l(9XZKsl6s;1q&JQ#qn+*8W zEwQLr_iwS`_Q`bc+@N>*EG><(yu7d3Jp5xi%J}lYG9v1T{ybQ@I`5ZF$qbP8ej|Fh zHY{OIE$p9c0Ks%sEV{%=&|FTy{KQ>BV+g1?c9wWS>1H}vvxXiF<}Uy0&6s@KIFy4_si9-b`7ukneaFx=pg zPrevr7_ApVSurxk=xcaKZH|J2`{D_*;~!I)rjk|bRqb&*)XDRWulyTlIEI{m2XKb9 ziZ{9Qwk`3hwW#4TjlDmsGLwg5&&cKKh=olo9XOR=LoTbgc?&EP;?pSH>B0L-ouAGm z9`FuT8%>Bf7|*Qpc*kqA8@D7tp)0(5GR%a$F1jr9*c|0$MVTzV>Lk{0)nY;Kdp+EG z9mjHP?iIdI4xhUGnhvC#`7!Zdjt$u&-VE}DHnNi{hvOtyaHzee+Y`K1QCq(rPl*22 z63+%-^zW_p>suldLw22rM^l>~RE6oe?ZN1nFBUVC&8eiN6&Aeasf0nM8z&P`VB^gX-iApxjUYrC}<*HmeEzrL9Tc4uhfl~?n8gOlh?__QVW;IyKa2L%2)arx3-s*L-T9?#!?|) zE8s0Y>4oNOtrM9LyA@BwPv#bAoq-J+Ra}~!ez|OQoG_EH{+vJkMV_L&Sb|5k~YO>~jmc8}B~CAJgzf!x zwQDJ%`E?#guT9}@e)#dWr}N5I%}i9TpC|dLc5y=^5Jb5eHH_%Hr^50utcI9au;_DZ znusWI)k=Rci8+exd&y==|Iw)&G_by~X9TUUEjXqTIrH7K5f^*F*6vd0+TtdZFh4 z+1G4msqLUW9QmDnKc6U>MoFzuFQAh;!yx*6I+`4Tw^--k(;M|W@GLA#z*xMb6&?PI z9---yJ1FLE+oH8hcQ;#^JW`H_Wkb+HBY2>vu2kE+9 zDs4ouVnHJH^o8-7v^j5&x}FPx@rh|iQpyG7vxGZtd$mIa0lcW4%bLDO*m2TUcDizB zm!`Ji6?|0%bEMyPz$>0DO4`HN<@XPrUufb%YIhMxq9Wwva;a!Zi1BiR?dN=sEbp^k zPZA!xZ-^}o0#+7w)Nh2God(FzD+S?!+8puBp*%HOlsDlW_*2V0Py2y!WEM1|nyRBm zkN;s`m)~*v^e;dcYH9ZAw1|EBsKV~Up_MiptU3QdW%0MFx+PNYbf$t@oCOYv{EQo* zLE@jS4Ye@L2Htr46hr-yo_I%3kF-}JO2BP@GqF4Z&wG)q999sgV0>Ce#LZ_j)AmhM zXCEQ5!`3{_N$Pv^dob$p>slEx=@Eh#Fub4(m%Q#2zBc>pQ3m8DUKCAOsQ2g~h`yL}t+D!Y%jU zEVaE3W76-v91qZ~=KF2-KRm)MZ{-bvdo4$r=%^51SSh#Pb)2O^;-AMSfJbQl*cWVQ zx?P+4bnWu`bfm&>QqaLrs`I3cp+u=?FPN`t3`i1zrq}p=8!t!D3%``I+tP|CsPSob z($ZA^`&RvfbqO^{Z`SK5<%`Mqbt$uD%_II@cume@(4!-<5;COI*@{;wTU?>dj@%e; zeTl-_XdRDq4vISx0@F9#Yua3+8VN8Nu9ro2fA<1ohrDa9pH{Cl<m^i zu(ITtG85xpCFMVjL%Z!hV_I|b?uKdOM?cF15lMn#D%vX0SNGbT7>#Aqkji4n)+WSY zbJ0e1eaB!*VwnI*ngvA?yT>FPKeD|9mU^U1+r7YlrOylw%9>#;e4}pFD2d&yhIclk z(e8Uls1+dUHoALUx<8HA@j>3J&PpB$o(&xT&FO@}Py$cH$3&fPvw` z71SBZP7ouGVc*s8{dgi@LvpPyq(&xkAXQW*;SD|mUm5_Y1nXy=7ACz-;cJDD#yI;TSZfNA@ zFgJFOofP%R`sRNE9u`vx0urzOzG^z#aTC$h+*-2Js!-my#%^lL4TjJ&kpt(zlK>+4OusQa4gmWL!B2~la`4f|^GTCyZI4?!cL*@$JXu7%|8PbOoRFerc)fJ1QjMu}U6F;ie*rltj zZXxi^EQO#ODk{{I$Dzf)D^oe|VYKO8D9a=F_tMAO!0vgF@7<+(03eLp>iWQGf@7La3Um|fT?Xav#N9+|#tLjqY% zuZdQ9>2fqX=7|Vob^Q)LK@;)@5ra2#_7~4qdBH~^-Rh7P988d>r+*h^@o>vY@6nbJ z=|l3%nS>-^0U zCe01EFwCL(-Fbt|{v&br8ywPvw+r8;0n} zqm226NXLubFADCnDnYu*7q7`M7Y9UcDjTY7ROhobGvf>pKHfBaKYXIMjrVO+#OkBX zSLb*Pw)xJ;u21{*R2Z#$e3R>@94tLVJ5-MrCG-S@{Qa&b=`W7g!Z~1zWDS#!`Kwbc zsIn*MH)DK2Ov{7s(!<;wQA1El(^SV{@&SceQZ3x1dd4`ILm$oZVmrcgywzeEC_0HN z)Iz`J$+JH~;KwToEu?q3P$T1e+a z_XPjnOFTFY52JDO1}V((3i1@1RcGZ=V;pW(-bAS=_=^gPLyB(4>z^diz4qC9?7u!DT0MyLWJT@2;NA#S+$sZrfu3)f3iPy^~hfB8d+g z5*pTaetl>beuG%K>U*ijW4EMQ87Ey?W72Bqcx>5EVOn6$7ok838}BG~+iN)WjyMoO zKbIPPT|ud(aATupFC~m#4}Nc;*Vr(zFT4>0g^Igd-UhK_x!7%PY^(MZAAfWV_6t?0 zr?rXII+haATEvfZEnbL5BTV+QK2+W{_glJc0DBe`Ew=i;t^7=PS#0TaeC;XuapV__%5VtA@HMq=-{@ta(2NLEzo3D+p_IvW8%qoguF4##F~M zVy6w8hx&TbrS(zlc#RAJh$|Tk&QMlJ^c(6sIxXrH5rEkrp*#!D4CZp>x=+`nuQ3}M zcrQ0TBtSO_(pegaeonC9xfuISxH>;DUTleam$~jHzU;`WWUI!`<<%MuA(Gp`kIeJ7d})%i(M5b#`u*T& zC0_4V!I~Zn_A*$D*^(ZzDHz&0xRkKK0B)XqJ9f^g5YZGFeB9(tt5S<+wJ>kpVf{)CA586UNUUpC>%R2XSoPPw&c~ zI2)pfA%8$)@D?Z^>@nDhKd%aetl-^>n9wv#~QcG?1yMtqr*SXDzjbSenz3Rl&A#S+)6)d~5DN5^0>I>PQ5FbBLKF;xW-fHE6c4mebu!6Rvi+<`qq>>G?c}E6OubM;>S= z+j$h*?z_W-h)|*FL4LQ5(q?OEYs2QWm6z<)w+)D>AB|veR6>set-wOo*!MCIhhSuh zXf^YNCwgCFh#)N$J&byN`DB$Kv-F9b(Ape!a`#@-9HH|!-y^NxXJNkKX=ix4Mw8t| z$O9(v7LqudOY4E}RV~uSgQpiHR2xiV@I}}g2wTaG@xiv*Md1W;qBJm7aJjY;9k00K zzrW9U`;*O53r!nfM!li`NL zRDzTKW9KM*Dje(aixLTqTB+g_P;G#pAcC(b;Iu_T@mTk3@3B#>%U11q;;-)Pmd4P` zE+Yi)KKvDWnx40@#R?2QZ9E;mK1Y!{w@l9PJrk=afhOo?h5dcc1N#@VA5o-}K`1l9 z?au|%ZXQ;*tAlWr!v4YC-#;2s1rJf7VnazD3J~2h`FUZYHtWFDn{AmdHR`B!9iZ(E z7#7`h76F?=4oFr?p^DU5ly{>Wy{AWnsYvaC!I;9W5)GHFH?GrG*^>662IR8;UUk8hQ)!`?)K5XnrYGD@}x%8(4 z54?BQr!01pPpDNl&w?H%BU@Z3x5j@1$Mo@9WmL+Oj{6t~{<@Z>Q($~FSgWOp43xh) zDme?RtY9E%8pT5z6F_PMxR-_iNK1I{^3#J4nT zX_2n@cP@b0c*Up0sS;a32ZKVzh1UHusF#xCh~Kwq`I4r+Ax;Vm?OZolHN1!7mbF67 zP##+d!PcA-y((zC7EP~=yz;V4zLj%@S#iZ>`6PVVWESV^fV9^vdhBm+(|`r{7Ogo# zHbBXGycZjmAFAg1OVqPRnj1W8-58TD)nG`P(OIKR2#tTDe)lh@W)dyf#BMy15zLNS zyWis3Rm6~qUx<>8Fp61kTuo}|9)^ea?Uv2XPlPVWGO}`YRG5wjwbO91-LAO8@q)+W zIvE4RIBQbm8RXaY=^>ZDyqKr3)zJhCT3bg*aEBaZDVSdj-K=uYjK(3ZiRDZavPmn9 zl6iMkIS=0NPk}zBR(V+Mu9Zbx4+slr$Bd)u0z~%} z_NlxdT++8{6G-VJXNqp^g`|RUM0JL`6-q-XM14$sO6KNKEDSNK46tn9;?m}B`&74z z0SeUTKD<%-AZ6hM{&sr_Y1CJ;>JVsWSI*6s-75m_{l-FN%2cd<9gbJ^!#)QG_gZX) zD4_Csb}c67Ge#K-=DRbKYm?Ts*5?-MHqinoWM%9VAWobu}9t z6FgZFZ3%;Re%T|dxm3T0;_%*ZSK4ZE*)tfg9g2Bk^q0HXz7X!3 z^^CHfz27Giz3a^huCU)dCub+nmnzYjS{+}*3_zz@!0n1wT(DEm3_typ*L2H|U4U<$ zTpSE@jj*L(%Z~@LfsGC7P7sQM?i9RP6`4{H96=;|5;vactGzho4kyj+mD40bpRHFW z!?jiePON%0+t_9eurx?f9`N1vKOs<|6;XBoVwCwOLbMIV6FQ6vDdY{ zk&)3VG*R(X)okUb2pFejnm zlu&dFKoY7ac`x9? zeA-HAyHfM5m`9zTNTzF^H91M$>V)AAs)sx~aWrYwCNh7EE`pD@WcWHIrv+aNDlD9C zn{T-2AG+T@yfE;xOP$DdfyId4ny;rQZYv$wX>nbYq?L%;(oyR0Bc+;khOHDGl}A?0 z{qMsQqsmx$04vc*P~ZlWcDla{GZ zNluj{m9OU=;TVTk0t9D&m zoshkRRx2$y8`<@Mb?%uxn$f}~e&G1C+th%AgAwocMTxMni>1uh3p>@?F6m((4zUl@ zSurJh-J^vr;GCTL$9_`<8q=Q}@`CC87MxfdTzj({#T(7%5?XAHh%i2~ock@(dp?(d z4B9d)A2M)Tz{PGz($4u9PIluH{X4frQIu$_U%^nBWlRE!2{FU7RwgNH(Sk6Y#qmtY zc6NKE5pU6qx7g`ed&^DTatXM?^uiQGD$-~U{9`$07rOD)LI(`%f1^7$jfjo><8rsZ zO-ycsGaQRVI{VCEf!ScH9O6K_iC%>B#`aesm6vjK?yM(pnO~ohr;f1y1WF1JbDO;^bAsSL@Hhrq4b^twv7U9vdm-F`0m^}S$#sNHIJSa;;~?;fm&4@t4O zJr$e{z34F)QK4pkQCy7YIAjZ^$2q^6zHvPsqgLG?=VTeeg0%&t=VD5C#c$U%L2Bk< z&2_#G+k@*rA8lKe>}Q7xN{KycCZtfU40je)45u^wh^O>sw?n#r#(J~be}SVg%86!C zuZ(#S=y?XTn3i`Vn#~#`R4!>G0I7w(u|3u4~?K^a+)p>^^nwWhKvCNBY%m7m7(4E)zA7cURKw` zv=lFfG$>(_nB1BSM5ateH{#6;#J_WBbo%;!Kwu+utp&hex8$ri`b;GTzuAiXpy?G) zc)JuDt0f6Z9VjrHf3f&@&CBn$wpp(RsV};0WieL6s2Iz))}~kbV1&U!vvsNWoG!Yh z*vuqnusK7!B`v=drIhH&e=>fr&`VQJ%g?OnyEig%pV5D+iv|jvV~eJ?vNNXxhp^)l z9p2wJ8Xh3`LUadGyHPwFtr;pK((}@ES5Wdip+>%+7;A_5I{#=?c@4J1blpcy{=9%K zibTZ7m*DsW%VzkWu_gLU>O%0V*>4*hFZR`n<@Pq4En>$Df7Pl#Bv-Iscdrl$v8 zFZ7P8LWYM)QT!bFJx%PBbQxFV!0fMv6R4K=rWjJ_z>lJ$r7_j8O;6h*xgK!Sb@4rJ zFWkG{hW17uS5kM<3uvak?GudlYnyqHE4W^*E+q+p=66~BHKOG?TQw>xUqND-Ynyk<#=49$b`33d9YAaj@~IA zvU~YuH!(ri{mh{5%AyBLtT;|~7#wx5vK!>ht~i9va`8S`{wBuXZKTFv3fHdwXl&V0 z3|D_yW8oZF7j6>jLJmpl5k>jl3JZYPo;((r0h+b5h1;h(YCv6GbQx2jI5tT~af9k7 z*GnSaZ&cZB9}|-CElmE1m_KGwDrOvIaF27{Emw9Yhos$b&dz#PaMF(+dX>Ko8K|pS zsa|PY;CiXaLl7B{no98m8BI7xr2^tdD3zIg-B5VG&OPA4HjR;>)FOo&e54THXYuGGpJ_(L?s#M9rmNQ3 z{@)?Ld8u0M%;pu&*wykW*;9n_zI}ztcx%Ns&Q(P>N1Kj|(%;PRe;5vDen{?DZsMjD z#-WYYH!4vFyn*gVRJ4= zCw5b;A4X!D0~YlJ%<4Cp)sPjy!CveCIgWx|R5ii}c@qccXa?$hL^3yjKkzlDs$z%x zuD6ZE)Uzb$CWb=Un4-5UzmSB0jpO9&$>0UAV=o^TOrR`a)j$w$hh58WYkXb%H7){5 z$>cR`RRcr!cr*KZHgtB$!fc}$jyCcG_#`3fR$(Tez>0#ryJNZD*-eQz?%b5+btu^I z03sYVW?>?>cf2Z!zA0xNwf?X!+z&*2n*vf|+M4;O&WMxKJNFx}GhpV4yMo_U%H5)i zTDOi4I=>xs`g#tj3n9`-BI5{lnCF|rvooi&@6Mq~u)UENJ=jVyq<_jx zE2DHvQXO2bd)_xoRR}(KMG}IhF@)%{ z;`V9>+ncG)oO4Ela9?%_KVb7@3XpviLGUDF)F(sXnXC_p7Th&Im@?Z^2hLWVr%8`B zSF5v^K)Z?s57tw|>!5*K^`736S;&L_z9B05O-XgQ9W3T>Nqat{{|1Odv^BoskmaK| znM+g9zw!l@yYxGuI;T0ZZe&Rayd0F@9@G!i?k{+g9llBa0nBc6soLhbRCMr2IU$g$ z)WWI*3U`nFkC?7!Jls@`=-c;QImzIo$(ZnbwF2-)MsIQLi*1#>k$p(CX2{3DR{3{n5@%gOqKgy!2;3 zK|cTz@TU^>BqgT@cQ>QHIf>%@vu^jDNfrleY#hZac$gD_KkMzWR08!lf8wtJ42l^w zEX(7$E{N<_%(TC)Crdo6uBu_clX>~-&CBj05u@UPX=^Fc^k?x(IRn#NNek{912h5F zuBUU8g{lD&H(oEm$qzL33KT@QW(plIZP$lv2SO+!d_9b^avb#`h6_-9(EL#%g;?|; zXX{RHMtw^IffK``Mk0>7ghBp-T-Nr1wY(9fB0;AiXB^-aDc0y{S-1PTmrphXQiI6$A-8|!#D$%~jbdYo|z zX7z1oS(rD~l&61lSl1z{O2ki`ZKK7Pwn`Pr-3F+wP8wjmd_?_ZaOU~mNoQH^(s3Xjb2G)ylXrtHij#6U>$ zurG0-!0vod)5gckZNXlf)rAz8BZE6(-p5>9#J{#{xK{}2-pL_=dna8Q;?=rur3v$^ zy)*S*lZM(Ys;1fZkIn;!*Mog;d(~fK{YK#D5R1y!OB7z-)~@qveQo1Gsa||!zl$xu zU*j7~sH9%s7@CXR+m~71Xz^BRR`KgXZAs)nn8u4NNKCZ&G1*P}32Rsf1!cV&>CYjJUoDLMCpzKX{z znwn;(wf7Q^>+cI3{^EVe3wnOaDj8M~&H!Jr#?u1`=*{&ox|Z&8mRtAbFrbLHYU*Pz zi1o0B=PT=-G8$&fIp~*Upc`3c^Ue|YK>i6>0R-a`GjxO%NdCB5s(8<*fiOAj6JnG4 z-q|p@wqs9eQ3@cPbP;1N1?4v=oWPa@3=c#s|Ee@-$@r|njs(jccu;&vAe(ODe+$+V z*v@8b9u@RVNxkS2$K>%;>l9?N3i}8ffVZ@Mkj9Ao^f?a^rQxlHXFnT!4Nr!Ns`RhK zqe`u4Y^6Ius=eA8cdK-2sr5u~0kUTM{)oCC1zzdC!o)oeEC4MB^Ui&L^Ss<_vM0)B zyw9IMdj7P88^~%$-{R?jx0LKSKsu!R4b8y!V17c4#Yi}BINzy2%DGw4-hB;^ym&qt z%$zdOf+!|1ocQD?&V3#jVl^)T)!Cn1>^uDd_&E-nVFR=IJC30+`wHVu-mUdok~_iz zo+t_7z4LdL-TJPj*v7KYYPRA`_C*silEm};N)oU7w(~ajkFIP z#D-D~ymDB98s&Q)dg+RSO(h@-VGr&dU~Xz|Xb71mo3dapj!HqGTJ3bLYA+5=o2%jp zi$`22GoJX5$+dAop`wiy3ME4hxcQ(AB4AH(V4bHX*&)pv)uBQ2@vR#1AYi2u0KM=} ztwQ2(CL^LgJr&k*?W&jT$s?cBVsHiy^RM-v9aDRt=Q&oUU2k&uL>79_lS82~y(;!?P!ue6I?q&Kb(DV)l@6~j(nE0gWa|vsS0?is(Oizha z1*n`6mjr~EkJA|!Y3-68Ra%K$$0(&KFiG8|ykk=c?`|$bu`H1ih(C`>K^}*~Ow*yD z=kA)=asD&F6bbyuQHv|{3BeET4Eb|B)+gL-G!gI1(<;?)?za9jyx`*1n>V5})YL4X zNEiL?S$qXE4#)!rLZRaj7s%C|t3%fgVX8L%J&V$rZ?!6hxfKA5Gdo+6)b(*wCQ7Ezg z8amU=2QrbC`^U|vdNw64w{a=q-D)T!2W;cwU@M1o;8VWq4{>4)RT1 zndtaxuS@;HCc7qmCs}*z%xF%evUIfWUO0DIZE5B=j;bid;fao0M^N@eet zOK8wmL=O%~+|iw?mtoDqO5)hhYG1Rc=Hf`7ke-*KiDUUa|J1>B2Dr`+2V03JwJf6I z3`T3RIRspif)v=Vum*l96Otpr5J;6>6@T6`;JywJo`7?1n?QbVrss!to%^Gdl17%f`;Hs_B#(~Hh zA|tp@5YDCC6-^13!$m!~kqy&}Z~@j9D(lTDtM|qfggqMe-;zV;2vUFvY;GEyH!)hS z8nb<~Q7keTPXOymk$*GvdTZ!`wKXB3ntqY=%Hr|ggj{rQx=|AUiA%&eXDt28s3jJX zRU8vg%7!A3d#1BGQe9k5oi$4al@FV#WB5f~?oMin{JcL}XxJM(#3dwbK5O-`^`KEr zhV^gUlsypmdthI{>o|cq9s1x`E^EW!2C{E*elRC4l|ePb>vo(|?HF-c2zHN7ak|k} zpkulnzWzD-38zTJ8+xSbmcjX!&Bf_@!vK)Tqa*-l~P~AKLzr( zqXcyU@gcb?!+#R(&u3x&JAH=JZ#<2v*W1XrJpm4E znDFy!jCa`*o9}~aZAkyTmrY-rhJKvp7}f0Fp(m!Klhg?z|iyMcP~IuD*mOX=~~r=d7nURS>>e7))E@|52e zDe*mkV;iUSlk{E~HJE+qdaX#}?L$?ni})ly&}?h@Zck?Bg*$|wC6CqU>RJhO{7;kA;zHR&U{vJMLDpQ5_E&Sygp%(sGamO&n`X(#q`M!*RrtA zH+!4o3k$!k3?D@=9_y1T`l{?K=QI*Xya24a2FNKwFx5S;KqT&NA~nqHpdrLQ#zWBQ z{3lIf;!U-B1@usjpxmH=EY57iYNJ;?Z$~|or^A11^NeVnz@{D%tY4p9Z%REc;=87x z6kD`Dxx-}Pi*)@MJ-~At*cpeo?{Q7~ zd#1YXDVHSl)7u`(S&6q{Gc*cnF&1ECU zV}8J&SA^rn}`OT!%lp`a3&0g(GQQE5eXi@JSleC8SSZXSRd9w$A3L-$@bS9(! zB}%2MSzvH?cv*MRb^JN)&ezrqIIS;=5821V^@!II~*)lE)kR#Z$f(H z+(9NbWn9LzS0$>rP}kQVX=si?hyEFlN}SEMotAO#xv1D{8Dr<7*ktTsjCi) ztgQI~#5B9cu+r{B*XMbq&AF}jarAkQ*S!7qCvRj2Q$M`Oc*)6xMcP;xdiix7(bmrI z%y^mA*0|ZfIomqimr|OuQ$iG|*Z>aF#2DdSxr>k@BAFx`Wv^x4n@PUe_P99?#$bL~_<;8K^3nlS&fRD0!|+3Pl1)Cix|oM&+hqH}wUTQMRE+OPhF(S2PmKO> zM5;D$+d#Ub20Uqwfd^k??yOHYO7?x%=)oyUoO87rVu( z5{R9T-%%dhM`gd^+A4e`2(pu{s&0Q#`P_*Y`qjoI+<5m|eX@7Nu5pXqUe=-gsoq1%mxnRNqHE$RLWzJT6xT2lnPl*>f_C zQZi>8Qwdhj2z|Tj6?@aVr{Rx!d`Y{u(C2n6$T|Pf9z{|=RD9CxCJ_P?*o2F8<5kq9 zaran1nspW?eDt{fV9TnBS00`j1~{&yLe>yAw4q=4T}@VIpg-P7>TF{9bgm)dbw(z! zCMGV~r}3{u0~L|y2Zx*ciD@K+MTw0@E}Q8JyPT$d4(rHUA3xz6jo(_$$y&qQ?Cmq3 z_Q%_%H=db>K6+|Uxnj3v4jn6cqo@)JGdyhS$@7RBq{ZJWZoZwR>KY18Yw{hK`}N%* zoy5N3sa?vgtDX?w6#2^^?w!GzLq<;k$Ww8R zKhxpX;q$!c-9nb*P>E|ok&(w-aBFWvUP#pSw;35AS~)D=712T59&St<&Zn#C&LlEI ze5*a82dOvR^J}lnoY-df2V3MeF3sJR>tLE2!loWQlPKaBy zf@OvHpOy_@FMCyb#PI=}>+V|FG+CW-P_kjm5L(Y+W|YCjX!1r<*WpR>@Nc*I4kdlh zkJyf~!!1>2;o7}=rxe%R5ZPYdR2VF&Uzf|FU-OPaV&7l0u2cs;6sdj>^Wk;|GI(%l zZnH4(-Lz&0GNF+?_*$whl<1eNNxqY^oJWMp#_6~B%eI8G*%_d0?!NH#91GJ*RZSQ3?VFTJkW z?%k(ag)2KqJAR1jT@yGNxWP1$2L}hg-*^6MOJ>xlDFvArAc1j#|FvlTo{g&6ohKm-G=l$>>eON1Qd)C#2rFD+{ast4M51{<-gymM;ZaRqLEC$ZnTNj!HG>w|< zmRf(}*U8~BiPZ%rUi?`!UoS{4{h9dsYmFt%fsDs1+_Bz&zw)oY(3h;t`uyS!x>xY8 zsI%=h1Vy!)Ns6Mm4yO9O#&I?uW5d72ju#8MQ{#q%p@6z!!5$E!0Mj!jpW+L1eIWaf z7&3ses>sF&SzHge^8Z?9vUz{Vy8n-L;GA>v-!A`uy&mxCf0jqSqWYgP@p2*mv)FRv ze}>NgpMU@7PLFVfMun>V!o1%Rk@%y)`M<9Ke<>@gLhg9U4NZ(t;M@|bvTYAE(%3_J`ZvPh=!gTCp5tS!T_aWz(($>4-TBn87(#cyRrT6 zkD?LyKTq`D|Eu=c+Qq^SZLF$t%_%R44?Wr2+uPpR+3~$LK3XjsAVP1~U6nRwK(Vux z>_Gc8t)r-N;~x@}%D2^Nl9) zvmov(|F7(4iNGf`uZ1T7RnLQ4u!O(oukgbL%1lXt?VhYEF%4JX9iNo#6g>UTqVW1p|_B(+BMH z8IAfavrCbXI_9c-_n;r5?8K<3Xo#A`-d}2Kul>2%_|&-j!Uw877()py`g>-|1vj&u zNU0fQ?-)H?YIuZriw~Hdtt>WB^16S;f*H9S-RdcK5`87Wg^NGw684O^5vd#u4pd|oVs^dz(vbuSaVK+GHMT>U1D|@t zG^*kQW17ADFyR7s-Z8Jd9>ZO1N8IHy6Z!KuCtTLeu-^PY7qhz^*N!A~ z=*;@Q&djeM$uj!gAmtMwSEtc+szeTQw2jFP@y!E*Azg`1-|Qm`fFPh-y=4tm4^@ea z@OhnQVDMNsx20GE8auB*s0OQR$-4=V=J-Varg-9$2d~e;B+_&q_iq~E`jf7wgEdTO zI1EzbMp@0N&X89;dCQ7gou3@s!%yo;B~ z>rtLI=gN2S@y^ljz;E1%;rH1TwK4Sld*V>^8kDeM(I9e9D*lh?zA07XaiZhzQy^0E zq@X8JP8}m9lvjYBT^Mz*5}}NQE4DwvTeToI++@`KTtu$5-pF{#n7_zmOsXn<)eF2r zZfn>Mz53Xn?v91}8;M`;WS&fWG7#!Z{^RYpk$!h}15=S9d*Zb-Y%qMux}_^kFj-WSIUPP&NOT`s42&c(c&TsAzieh(4 zgdMOC2izG4cjN`i7 z^LAH3`Nkli#ISoAn{5enqP-Hg2M8GkGn^AX(_BQzUCVN}<6@-FP}*sx-&((aG8GtY~%5gKieZj9a|Q+9DOHRYrVQeQw~&sxPatw zezw-{frEVyF|u*-%u06^gpc^~h7{pAOma1H**T)shkaaK5e+@8bVZ2nOF?IB2#ebIPt`QsMaWn2!sq z>C3*}m)D#nsPOGYoT!u)S##+t){cVx?gd<~RU2W9@SSEdf9y+N(~Tc|^7JH-ay_*k z8D0H?N$K+B-~Iy?jrDyx{3W_sWmL3zN(4v)VeRY1B3Wv8d5+x+|$&SpRP51j#lW| zYq4!)2?Sk|89ntA=o1-WITkx|kI;LTn8Zu>(PQ3*$!F^+`S0G6&i8j57H$&U62AHi zImWQaSq*V<-Z;I9|L6^U&|@#WuLRa`na-ToMq$9-HdTz=K-JhBe!ua}$)ry?Pe+-_ z8Jhp;F1RKTK|vQ1^<$zk&yLUiZZ0iN_id@__?H%b6L;~|+m_EYWc}%YJ_%J_Ki{cd zUSrP;L?`lcfQ0m0GMY0j&L1~q{vMk?T*%v*h(k3snr>8@uGMJ49SzT{{S*m@J8yYP z9QT`X*Hp`wg-fg#S1iJtQ265tnL@L{{HzI-^}e3&>!FR4Sm@+&mvND*hUce?a@YkH zSF^ge>E)s!eP~z>xloSb;aK0d=3^Wv^5#nS!3@8!!36hiS94RX+uHPAob9S=WG>eR zNi>Fz-iB)w2t~4 z)K|i4tL%eeMa^UNtvz7;^03X$7I}R?4fWNf`ll~2x;I}3>JPxnzo9=%ZWCcI+)wx7 zCz-j{ek}r$0xr5v6qfKU!_=R%!^5 zNgOkRp^8w&l%NX|VAqwaMmB%HRrv}@qk2hhSXl*eR$h}jylOKUPh9=e`vQ(zKlW3Z znCV^?FxAx$h}HyzdWfP%MGMbzw1x&L4I;vS?*Bi6SGqv8*%t)SS2#hP+8fgv~n)7&MAafOzKc87DmLJQ_x!^&#$(I%8OhKekvbY--O2;N~@fNJ4x#nu& zzgr89aHb%{f=!u0&NzXvrY00ne6WOgn_*AVBfdQKwNp~gNK4O5>hY0?td}x6o|Bek zofiA<%hyx0`u`cdYs;!h%J23E>FMcLdo3j}iKdr=HU6?5I&kl&snIEWchUUzx~bxa zn`=RFGXjna>g}C5URR;6lk=g*!@xwJi=oYB;JvddO+feOuZS2lMcu^Ffx>jbds0`& zk_M|)@o_1;D;`N&neFeVZzmSFoCS+?igS9Fy>3p01Xfmcbf*!4kT#34f{{Gdp~NQoSS~pW(gD`p=#)!#vYT^ zX56`Z-UQ%hAZ;6X_g8!u+~Z*ecm{kwatcbq72DUSEK7y5Jb7gAT%B)MV#>$`oQib& za&%`aAc#6FuXz;rcvY%w{*(R9MeRm+^kuW`MTYOQ9IIC#|BN}VUyb@wwZiOfb2I1E zHO3G*8)j^kax>ZC4xA>~&3<=Fz416n0|dfB=iN}WQ2ws}o?4pMOSszHQ;O47h zRu+C&An~bA5rP$b- z*+`8u21K#Y$_?$WdKxBXb@sec=#? z8=kUs7;M8WMkAkwud0Y2(Y{Ua{rC zQG=xzm#i|F744a$-wS&SL$^|6pu3BuE=zi<@`I?JHmIc z-j>INm0zD#I(}FG`WqSi?dvm;;y=2GH@PDjHATr5e*Q|zJgVWp-S(r0t~iFyeKIWD zY(=|-)_tPfd5&)fUP>CtdCF)_Jt9oTit+V{b*V}=xBtvq z?zduMiazTCYBu*CvQ&FltS5oRF`hh%s z8sVd>oGjdwzcae$tt@iMoKwC!qLt_^-(yWKJhMcb0AxS_VT}6JuO7mmkA#~W&h3D2De3NW~1GR9J4++H1fxYJ;~p6OP#;b1>?t7~S}A%yBuC1R)aAaa~t<}+XUoK#&y z!he%8zU1rWif!888FKqlo63{iUkM-KC##=l;>vV3m)G884X zV}hJb(tGkezxh!M)UtWmDdCuu?KB?7c!M>*lBX^LX)R}1{Avhu-2WPUf$+)5C9f;y zAUvhyGurNBIe&^Wn3PeedEvA!aDF+bQ=x&*5WhK3ywaj_Z*_p%&$d zC;Q_@f$jcocSkdCCSg_!xxkFF`wOYh9n0_(m-)zdwJP2nps)Mq~U;0qKmsG@?>owToa~(zt|QkttKr z>VNs3Bhm!*=Ow$GCvj&h+_i;w^b5`&V%fvk;aC5Xd*2eyPuq1HuvV{#%Vn zTji4=`Vi5AMBPUBjW!MHXqw9XfgS2gucGy%pxk^*TFBPDRtLk=vy9$H{xQZS1-XUB zW)g#Pl%xmTv9anHv1s9~s_>l2316RK0*!AsoEN$vwWZ;tPeeq%pyvlBnJWjxBY)wX zp<`lW2Gl03#wv488AE>la(k1hj*J7x4Do~(dK2+&W-WR~YlmElon@T=qA!dY98#}#Y~aXtch4gMv2p>F=RZl zV6Zb>M|6nztS*FSm>Qehj5fV|d=cHI~TMlmy7H7pKT2dFb2r>!Ny=NNs=a z6wqEO`#H}6lLI4bijUq&{wmdNJQ{DH7OBe9R{LJptPCHY2#+eQGe-R^&A)j4&hIGp z{q4@_Ep5M^lMpMYw=V(OHlz^BI7bA{&r1XmhT>V;Q}JzdryiFR;-~tIE##$3Jd4vt zPoW*t^Xe)B<21+Ev~qKbKj=(K!>R|Sl3%%wdl z-h~g+&`}lLQ&jO<9X7@3Tfe9i+H;QkTMK6pBVOc}Clh)<04A4&^6Mn#m-Q%n01&8o zeMhkc?h_fvR@0+{oY*W2+N!d~0y*Sg7p^Z>elc*G&c9k|_G6fDC}iKmU11m#^>a6T z`cMe8HO@W+J^5~}Z+%u#l0#8UG#qe0U)w^;1i$W40i`8TC|=ci|5OaSy58ZWZpklc zsUVI0eJW00_|*!MgmmIZD7dZZp{wsPm=bZTa6cc(QB#bwp<~bsA5&BGq%3}(W+ysWy<)2<)NXe zvOzHG)7b{5{4PCO{K?kd-d9IyI&bZ?<1mR2Y)R1SJ%6gh0rLSar(7Y;$&!B_dLdpZ z9?l!ONbU@%`=Jm|ZlE~8q!wBF?Wj1`d^%jT9eF}$pW7_VyS=gfD6w^FYCIP6x^ToVsmwSRj3NOG){NBb0b2*lF+Q; zGtg^|G0w#4-+K$bE+qx$sy9+s5yr@{C<{v`5AhVqKHUVE)UI~59nWHH440MtC?ed# z!d?^eH6T1*`iaT6_td2bs&|L;m6j!g3e2W*Qxj9(&2;Gy#=tXVg3*vqzkTbz*C{6` zKM%!gBVd*I_HAHsg1;$_OMl6eXx2;}E}a%sPwtI?Op7S|Gg;pE&NR&vNUu-5pgSOys6hWJCF z9tJ4Xyf8V&ZZmoqj8TAV?&mI^PHoA0cJ?maL*2hXOU3brxaDmChC2VP9GI(-KU1X# zz%u(NC7Uqs3Hr^lpn^D#|L$1Y(01e*8OUJi_jch~*;xH(d4-$$MfHTy%?a|*yKWaR zuHgmo+BNc1yzJC&eQM4FIEkA*f#4M$Y-MH4#{DI)m6@`n#r3Ic2;$*xR8-hg@p>7p zJ=v>bz%W*w^u;7aze$4ew#pKdCsW*SbB3DfGL4YxGzhPBhK-GyEYF{~glfA+;Ygu% z>I+d&5g(2H`aZQS=B-Q5x67&ds~v`(ylji1pem)@BVy~?2`vLa6vrx*AiqZ1O(NcjX_v zGz%iomIhG}4{DeZfkW)zbAGD4al~ij{4lMC-Xd~)%Yva(S{m%JXQ3IXUnEZ!F#nX} z10Aaw4odpsi0=lxnJ%+z{4d(zSnI#-=!#<38L*0 zEGo&WMrQ2e>T08`uez0(-&zlS*`+UQsGByf)=K(b$9=#+A1a=K-n*0wf?YI~)^ZV; zXm|n?iFSU-&C*YS(3ECv{1KGbSyP{RR|!dj0{BI}@gk|;Vv_Q)AgjqOK5$a-(QJOEBk}QPP->00 z!oOM26_x-CIx1e*8~(}TZo~Yu9-BRWInC>+A1eU&OH26lO-E+h*YC1DnHHYQ z%sWH!L+vPPz0d{5C{Yk0-$I%34K}ti1%BbN+Lk;O8*QuS>$$49Uqc17&gbx_C)sMt zQf`g{MN#c2q8f~D^G9Q*lsGGNUEzL7hr#I$#jy9Ln{ zIvkg#wd6J^kIPm=H8@E|>XyCzs~bQk6p-0<;qQu;L~dMnblJz6j0yD zqRDK=5w%|XGT!rQ&jF;yz4yo$W5NW?fQ@I*#m9lN?0kP z2gwun-jl>|IwG%>`DHD4PZImn;@iG-6fL7Mc=0+oXSF z$sUexL?YfRH&FsW-<=uG8M($wU`sXV?|b>HKXf4GTCX5M32kWYf_Dj~TY=B|Fl6@< z{9D@u+%ZjcbDTFTTFB7CSIB^5plH8xl^S~yRP2V6F1lE(!F$hyt7D?~`+VUBPv4-5 z07dSVFALJof=aMG(vU|d!*|l*y5pKQ|X`B)g1&!3Gw$CJIMAz>Zgsa`Y3MmsA{Tx-P2RjVRIy^eK}%6bU?p z?$nxp3KnP!_XEn+dlKKd-#BUgGSJ|9#dLn1iVzcyuh@QTeHzTBHEm4ej}}YzH&V^; zHCZ+Uk=NxiRH17bH}zztb$N0spVOYt4jgLpR*P3!ez!R6CknC60(JHF`LYY;$b8AX ziGaPRP7-@9;chQ?;L+ZG8hHMgMN>JsKrX$)$ zmS>MVE21m03Jp?pZXPCV_5wEhoQgg*sT*C2`!HC${ci>7TjMjL*MzBz0-H|=$2U=W zf3~NN*jiVLioV_}t+%}Y>RGxqKAKSgYko^q1vlkFLF6loIt};`BV^5qITlP@ zUjwt#JDJJSFEEm!VVw}z8_@A-RoM0(uo)>lHK6CMnZ=53crRrc2#qlO>S1)ndRvzhO_~vhDb2W^?VTn3O@#4#lYI|`Re0++ zDx`QGwEoKztnP%ZR!LL`pQN2 z(3$#P*2`y4gg-dfx^z^o8vc9Ty{kraX7$D;X>j5c`)*=~jVLJ+c&>i<$9#9uTLRS% z0YiO0wzt_Du1WQkPIZwawUe&Rnbm9FZI}2%_|QS^u?_L&?>JRx)$r(pDvz@SM-yMO zeUs#Li0;t?WI_~ufuYj!>15)ja0kRw2Fzz}yXV#8L1nkz!pb`Z?H>X|bcMCbWFH?v zW1JR+run}`J$|_Pdeh4VIA+>v*4V1!6B726RGWi!U3yRJT&$dH(nC;1CfgM()h^a|F%J-Y$$I|>)aev*@1xZdEMS4tA+Mkn^ zB?;*!b7;Wi3Ub70%cpw-Hiko7Gau!7926{`(VF<~r?4gZ(OPWKw3q#Slife|7x%Z& zaK)oKz66+@q{e3;Dq-0Q6Ikd)-=<{hH@3uVc{FKB2h|%r{)L_QoS&Mi+|S~Qq!=4k z*P#~i=B-LEy<7NS#(RD4yF&atrXfu9W+SUZ00x7lBosf>u+3KiKimX@orlE$>osZp z3F)1W{jN4v=sYe;k;Mb+&2(u)sgMIhUDGC!;Z1GJf&;Inc@*~RX0-8GGv_!y{}uC8 z*1eMPNSmAR)T&$_ybl@-1{bKN3Pq{?Q&2{)3Wi*mryc1~V@Rn9nYLco^PRFVga+Fg zER9cMH=yTD9WTUaNoR$L?ahH++Jgto-l{tF!L){MLOZ3=_rw3nNmNql`+rO1PXzn|pDcE> z$Xxqb{YB`urxywP)Tl+9-NDk2sNt;|^afYoc}v?XTtU5J?jq0GsBWS>8=`9|=E^j# z)`ElkW%90Z|7!*YAhIq0@oMpd3p=5%71KyGzJg|{9)~Ze;YK))(BG9l3by5DLanZo z0VETtx46bT?~EuK6a0>^;9zsDCTRN4RWnabrpBu=`t0A`K5A-eeOuhoKjJigXQDL~ zTYai%>9vG2G6^d6|GJUzNe0Z@ zoo%LSQ%B{wGt%3xvK*fJlHG)fUC**p3Ggk~)x}UpUn1G*-An;$=0JoqgMU!Rq2XJgZD|5wb5L0_Ml1-D$fC!KbH~aQp#L0K8*UU#nH?Rh%`^V`v-1}^HA4g4GS+VU}BZStcpTjfoQun z)t{oibKV^bPx6uGEWe3q;uuz>x`s{VOgwoeTbDxOj?_Yd%LOm9a;p+jUm`svUsec? zrs*qu`D3xGZRta?5Px6N%B4NhsMy6X`Fh~oaWg*#x1jh9q+iUVSpIjCGeu$~1H5eIQAm1}0M#3sG0bnsOL*q+(8LA%) z`F3UUt9)DCc=3kE=RuA}sGJ%)x0YT&0DDn%t{Z#OwT%(rR>W~{k*DkSOJ;fhdt>Bn zeVxnO4ir&3Jvx}J;2rocjL4yRORmSmd-IWe)?NG$*w@F0y?ipep~HR^fM)9X@JK>e zZnzKanea_I!}~IG)54QTbx?pr8jy$XSiYZ{(`;d(D~ow_OyH=G9AuHZZX2^-FKjpV zuSbF|%!6|uaqRXSMXH7tPUZ&3zG}@3oE?uKD^B_nT3OD{a}hmk-<+Gw&9InnTc{}@ zg8hu@N`3OiFx(oc6)IP-%j-qri-)0vyqfmWc)8Z7Hj)8*l1@oHee$unFEBp#R)_<; zNj-GW2rIS~kwgcw8E#ym3F$|1#ODIRL{9(f?28j1S|TR-?f>71zR?Hj^Ls|TZ?s-% zmW$^$27|O5-Y@xVrq*q^OnD^Miz%~^QDZ-CFD&(Cu4>J)+m$N=@w?%L?S9Wec4+rV zu>(~dqvtW*WI#xnJ^Ff$l&yh%H??olU#Ttfp3WqnM|eo+B_gGjURcQTaC9tN&e*SQ zZIk71(AHj)+;x#mc!3k_9jVYfHcjK?h1yTAXr}W@yic>j^7$_1yYo#Z%@Dmq$Ln3P z=+nl)*yHf7Qt+45+i>W-xeY(HM1%KmCWa$}ZcETn@jNloCu-J)-sckVb8iz0m(C{y z$ew&UUS=9XLzmVT%LE798$#D!$4x{^dk#l`@V7bYrGrp<`vS z5tgDc!>IluBb$=;gZ~9cb~$?sJMz3;Y?tKfSbE1I#rZLP1REo3a)3#nbAk6|k_~e& z(*&j-?c5Qut4~!bC30?M5P7xOv%4|%WPHXV!#2Ek$!oKgVVWHp$MD;+WEbT*Qy%*- zcJFS!gYL(CRdDdKdqi~QA!^&woEVei`dE8#U0;C4jI9-3khxhKzx85@27#6;A3p83w5K*u zJxZJ70MNf-450h_PYDmJXefmN0FQL!9xV>pGquanxOI+)=}*L(tE?LnPm5PA{rp~@ zvKD+Z=W?C=DnlN--hZI$*JshQX8mBugPX6kB;k0qy=<1i6>qhaWM><)JBtEvWdZwc z=E>;P-?vmLnnUtXqUX;uWWzLS?KFtsh>H4c_n|6^s$t8CZz2|n_7vJfsy8p3S7!?B zV(c|iC&W&Yhc0n{+@1X(rp|A1nudRHEN zJUJUILOCU9(cd^M^|X4`Bomxg-@cvG`7|b_rT8U~J*zC=T2z%4RjCG0qnU(vM?3d3 zYni!eg(z1os5FVGb3;^|)C%M7&UZUhjAbq41?~m(E;9<8&j^~d?zH<@3~ahNLvD^j zv{>j_ueWw~`Xin{)vu^2@$Qi+kR=&x0Euvws{78>jH71;(bIP^zTH{`ecyEkl=W;~ z{zlLQ&HE*GFHX3jgE$0R1)4+}4%{-bzN0T?%-JNnFPq%9A(o+oHu!v*Mp6kmW_7dn z9o^=#I#EbGex#MQDg%cQ|Mk&8{Fis_l8WoRqb3-F1Kf`SLahFc^b!oI$&4ZI5K) zlk*%oeJ{-2QZmZJ_@Pc+67*ZxL!t0DeN8})G3Wnc?>*z;YTJHcNvB3@jB+Z#(%aqJ`O-YO)~I&eV{Sj<NDQw1fk}d)@Lr`-cS@QBIRD(<+p*2X>pY3Ymq-3V=Xh1o?~f z)ONZuzAhWtG4Pyqy(;cZ&=b&`xT*dFOlE5iaN85n-{C;VR(~+HC9n|mHkL-+^(dxA zG`J#ses7yQ23qMt4-~F+URIGVm4uIvS)J+RABgZNysa^s2uzMW-csx&hJpFy!}h`cJ?l#Z(uwJ{&uQbxnfVO616|UHD_E!Fkzu9ir`8*w<3P zME>};PLz%x2RTsIRtMB*tx6`v^`Sjm7R}@$mNnDcgPVGZ{^aPJ@o*k?Hxdr$0vgq> z=kK(J9|!YP)QOkLy!G~NGGL--(6uo^gPhr{F9s-bAu=*TpY)ARRM8#yb_bwZ2hzR_rQbn~5B>KQZv?k4XwbVz?P+iYjx2C-~Jt9G1k zgGf%eEfJTED}_{1S4~xQqrl`eX%a)+^xXPJrND<7X6mDv*E~Ohv@zs z`#jdEut}_hzPdn>ctR{~0{(NsS|a_kTGq9j{wn&WHID_qY5aBP-I*ErLk0s`vFZT# z`io4k(hJqd82!a>5yDu+YcaJnYaE{LIZ7x9m8{0HpO~rH27hm>Z;`Bx%zuKNp8UPi z@{_bfBe8e_kMnY58lE1j2Qz=nNYV0d3*<~0V>rj)P+0yfu!pMs<+XaVDZ;KLj$_4J zTZf>FfBYGt34;r{!+Qq&GltUq_&S}LI1Oa7zrv^UqB@yORNp#>D=v)h@ac94p~R#%({scz=J5+`{0SyK=pn(Tz&w$lr}pBz|&3fpICrBEqhp4zVWDd)N=< z=5pr7-*qV+GndwcxgpEU`9){iEu#EZ%A}@qD$JeZxcBN0MIgO1Dn0|gkJ}MZdHEbR z_K&bksq^azeKc_}#MJEfHG2a4ssK`u_JlC@rVV35h zWkfm5_q2PmQ2l=1`%dUwGNj>5^MAOKVI9zv^9Gi zKht><@BYhF4+B~I(SHQqYcl2cM)ZmRethU~7WzlOD z<#b^sPz%*jB7?KF=Gl!Ri=12so~5iJI6QO$scRi@H0rSQ-#G~1#RUi4Yy@9Z%e98x zrZc`Oa@3C3Z@qhBGlXembYme>{N>%4$&kpeA?=_=Rt5Y&7t7cmFoC z7^?xqoecgfs}wi^nfg(KxI#okwlaiXMJL{sK~g_Vnmg>Wu=(GtO|*;jkiVWAxal$( zbpFc(_VNE>0xL{cr@Dt*K5^#wYyOqku^Naqc4K0OXlTPqhhgF%AY1U^{($y*+3;?< zw@ffP$F^U2%Z90>q$EC-JqIpQNkFhBF*;isg&AtW?I2ZO=Cy{V{j>|k4L55`&#dup7GRxS>X zz0qa=2eE+9#j&IaTag>0|C}ZL-eGYf<&f2YN37cw6uj}^5nFW}H{nXeZNF?@c}+>2VW21BaewS)x=NivuF>)FRFWyu*a~*q zn?VamkCs=!e7uQw~FN!1ApUyLM}3@_pz5kY2oH&96)CWcZsH=B zh*Mv(HbMr9iY=#Y7g~b4Rz}644q-uTT|+Y@i(c*@#9mnqx}o_o8Aq}m1b$BxbF#9DfY_M1 zLY{o5#Q8)v<5wEEcoAs@xLBjLlW#ncKmRD)uH+9q27Fnn zNO;`V-cxmBwoJSct?<#ZlcLStbmBfuao>Rm{`ys8DIwSBL8zrLNB~sVx9yh8vfgTW zQ@7yOu)f_<9ZXdcqL5ntVOjC0PVIpCUA0!8u)c}#nQGdGYGh8KMj0f`&EVO56v9~h z)SV)u!^BbD;IV(uq-H!93-ibP_@2eiIUl#@Wws-Oz+-zy`5D{Lofj{cZu+7NJp%1c z6)yg4@>R6@aC-1(XFe-P01Gv@C1fF^gy<7XfZ)CG8Qfmg}j{WO{r8ANloakAk6e~65I%4ct!pc4hl$NW< z;-FdzE|)_ltwgLwNFMmI?e_3gpEoi+D(CYql<8(bc17;i$=@(Tc56sP{<0TqCN`V-?~Qs zRL1#a>8fEN5}9%d!nWl)N{fBbyJnkf?cJoXSuvXnC)Ey8GT)XIC` zYbDqhtgYxhQwS<|6cS_Zs9T)3f^@dQ2=G1b=K^)EzjoLCiSbRTS-6k`tLJzQSRGS4 zOBP=poXPDS?#!spD-bM~@b2*aX{~=2bdU09d|uCt1-sna2fo_CSgjQ1CgN!o3Q95G z;hr{fBT>H#Xm5z|z+-%DD>_RmoKIc?msrBP`b)7Kh6hItdWZkm(JpUlvA$9YN7m@= zu)f_BSa3YQSdAzy30^n4Yjw6r?AfKQbYe=dgI_Yo`DapRV#ueMszvAs(!S2EXv9(K z%n&Y1cJb~Fb&a3Z(E;$s^$t_ROws+1Gjr-B*O;FN7|-`KlR#T-R`XtnXg(Bq*}M{@ z@|7JEwnrViYlDLWF3ouqbxA$C9Cc9DsimD!7&?6S#zZ3%j@Mg9i=7q7hQBi@oNut0 zboo|O+9*?lcg~EQZ|rFIh$66O_{Cd(y`O4EqMI5hR;1h5I29$bXx$VZBUN(@Xapp@ zhuQZ_uaE68IGF=8Njb+Il_=yKGb-HWG$6L=%HJ!^k2Zv-O=?qWmHdvrN8{mQa8#Hd z7bi0_G=q|#qUm5tH6M@;y~IIZEc1fJOzRmN zoRfL>Y}?3e5DX&)`73QlGoa)7FRRGd#?24sMvYU=<{#h4fcY_mHhedMvh2Ps>GQ4mAD zH_Rk)S^?uu{i9_rF_Fe7^tg0pom04izOepCU~RU%2?qdZik7GI-R%bsl`qOq=}zJE z&Tst`h?K(RAxWQYj^;bw8WU)yrbRX0aG$5;Y*@ZTPc#X!fJGU-*sKZzRf!_zU5;Rq zIqcimBP>faW9&At2)Q3^^S7YGbOwg-Qo-InpQJAv99R4K^d*t$x`JkfU3vMk)Z~e0 ztGy|`qvZz0a+K8I$JpEAoonBv|M8jjZZrCqgY8u|+9Q>br`PUGM65d1ir`6N;*n)2 z*G;xNvjjgt4B97tHJVjsHn`&*q93cQTsUiyAJRn0iArzvogqsfsu;I7b?gZYo`FGZ zwtmtb6lGpqsUeRO8^1!u>t9bUf@nRWf>fzv|FkIQNiHA#sTk~S&|4_J<@m2uZy|aPP8GEI9qml?)4X~Rc1ZkBFXn& zfsEJ&yX@Ehege@=Dg1a{!*B2LmCP9xZZj;jSI>4IJMWPSbaBkGt+W}to?cnx7%Ngj z-CUX!lKtA(ZBSlHltRz*%W`D5Dh$ZreO{I^yJk}keTz6N<-emeQ93)dK$>S_0IEJ{ z%QS1tBMcv(Jz5DWoZ!%HZNUU}kwAL}Z;2o1P{$lODMy2(xN{uNXv+M3sOhI&X1q0e z_R7Qe6(h7;PH``(UERT*le>H}MuCZ-J0=3_7b{BC{X>G|ObAPh-KJ(7{(9#psmCI; zZ0mk4HO(@EK#j4Td}VKGvZH(7N_as&XZ5c#TD?+IO-b{U1qAfoL%Ob;vdkjIU-?acpDzc zDC+1jLy32eajA(~z%{!{R3U|x9mofyZFV{CGtlUI2l>0`ehWd1UrbM2qgUYNNnA3@ z5`JkcL8Mik%*{W;v)V2k>Q_1!woHTA0d*ua(T&7}B_F=VHMQ3FwZl6KbpVhAuun{6 zgf{XJRV!ympieKxUas+ag_siO1Q(*l?59utVzawf&Po<|m~2={KMiQ9#hZpU8XZ@SuUdG?e&y#vM(QaM+eyJw^7FK0jqYZb&d4JQgLG@xHoJ zjdNB}a%hRA*r_zPcj$&=>6-d=&Drakz2PNar%Hu+44UU5JCV~9ITajMNkj7jRs5V% zoe9%wnty&K)zP=xawQrZ`nTSZih*IW8i(xYC-q9HCkeDa9cFoJq6IjC$XZ##O(!`; zx9l|rhmu!w6v?OA+Um;2_{AoltjDujv(xU;a03Vy8!so%A%x#$ut`{K?7m{j%xn&p zSyIS``t$Ab7V3_G@T@>3TPGIrioD6c0Z>^@MaeTzjyX{>xs&kXwgMI zRj=oEqlqSYwVeU<)N#q>!`tke(7l53JVMH_ufLHXo;-65{0Q*&vPfsWW49tyi+&BG4O|6i0Oi8{gA6EQHH=7 zp6!G2l%E{S#;vw?Z@jkJaYSTlxWpYc7+3U_vDf>c(diJ)xq8?@zEo<251O;T`%27k z;SQ6<|N5MRho_QE_+$gdI;LYd#+g~m!t>8;5Fu1?MKFw7lJ51iZk1H8>MNCz;xd;)hxKrZT=s>?PS2Ww{ zzJL^KGny$H|0)Rh`k^QZY3KF`RJ79k+>hZdg5}aNGih`TyxYQ={`4}Ql$nWH&@MGv zMGBR;%gS<)$+1vuZN7e2hefdT2}ec!J7NN)Nz>g8yN+^LcK&h%8NT!It1cP;Ap#2* zbZ1BKy8N<2nA1x*$Ke!>{7x7mvbLM6wMJ#En>S1N4jXg5&2FasC|kzSY9)OzyS^Eh?x8P?LEE%(&q?z8@m5Vs7>J;;a31JRdMwWp~3R zn&n0d#h=2sC}XtB#K9kYM^CMREmk5eE4_CNoIafg*Im)V04jVLf2O7&&*Zis{SH`t zE$0WguD>36yG@`zTm*Mt#K9n4`g{-eaG4aQ2|Kevay7@5KblaJj{hOrT zQ8Pawhbk9f3e#>E?P163C*-SE;Dho+<>RroyrD8+r{ZN;kI%_BD{$Op)~8SMidjoj zeM2v*4o3u!-DLzRDRD4363SXAE9TtBk@n;tfLyUM;qr9-g$w~!8&$TVoD@55UT;aA zt6e$lPAByG?BZZc;`tm7h?V)>TM9kHya;DG(xNTV;F86`7C%nO?}?xUidV%`RWy`1 z=wDS&W=Mv7=LRDlSz%d--TC!A_j{XqWfSS=4OGakL+;;lyuHRVf^<9tyJsi)Sfrry7z519>G(XE8D3 zTrM?TQVhV;sy8m={)~vF`ikoUbw$jka3BnupkwoAp2b&LPYt>-RdcYz9gzLgTqIVU zt#x%KH}GrP^9G~l+w*-xbGsurz395w#a`vSzbOC@sh}Fk@3&RexfFRB@>lcL%svdS z!m!Q9FLg=w_rBCLt4BqH>)BllT769Aw}p+8Nbw4~q!|VG!`t1ZUH=}Q!E!aJmF=6_ zgLX$w=8K~!H*%pii;a0x<3};kZ&i%X>uPZijTCpRmP|id4-YgaQVkz^;>5Zf&2U_< zHHk)lCvY1b@>46kh$)~}`h7zh*@3kvXJ^mua=h}4$*}+6q$g4S<@HZS3#aD>l>Hu? zqBi*jX__Y#=dmS4e`hSh>O5C3=CsOFE$B4AGhDUUd-_axy1Rs09Xx6_cQ@W@-K?4K z{kbjc18||IDAwI9W{M2TM`9ZN8k5-Pfk3kz_5Tw)`Q#?;e=|GT`pDS?GPop1Ldttz zyHG(-sE?_jv8Bz3=B>6?reSQ^BAEm07d(y(CP~l@;v-MzvY*%8u4IPqZqRgPEVj`I zQ5of|24EaMzDPGi40v9}5i&&~)c~u>2;=IcBg9*bWj44;)mVcH?zM{S55!$Ot~p$A zhwt#}qu|uAY>*FpqV?^vS*7}jz3k{=@-BOjEv;AXi$(*ctFxlKgrlR&%j#=8!vH$gecb9TCcfvJ#eo5DA@b*0AL8d!Wh$(*G|a#v+;d< zg2Q?m%fO?5{Yd;Amb@q~%6g{X`hDWm=AGQYyC&Dkc`pXq8;Nga88O-4qHp=A9QE4= zq-AA2Q9^r#BP@}IdZ+^lQF*cRjurC|aEO%Yn1cLih;)0HPfUlF^ouuuA)BlukCaZ1 z%0T2)4#_j(>3Hu@&Dg+%v)`MceP@E;3Y*}=T(>8n<9qSO_th# z6rE17<#Jz!53SwbDsgs2TrpF`zCu5a0y zIWzGCz1rFa;Fns?!(RDarrt{@cWEcSMtv)|qu=*Pqac+g$nHw1Ogq63_ye;3Bkq^D zD&v4l_Q22+7JCDf?A_LpH^2}Zu4Hicxn%*U5+;9v&@UYuDMMl;n~%4#7>nzvFj(Zh z#6JxW0%i+0wUewTf!{iOr&p^&=uXV=L6&vXpCYOD3iCY#YF8v$e}qmo@4dpK9?Yya zl2@-6o1;5vZT!Gq8L#VF>!QDJGAA9u-z3|(AfRjYl%X~ysTR?X4{7yqK&(-Wz_kuZ z1*^-xs2-8?(;fz#WNG6|O}<@CvP8Ikpu|!txPGrkkVt>#NC3dle7QmzRx-{5Ufhl6 z5=>=#j!0probOF!C+XBjOuX*=J=o}sdR>g-^Ypcbtw|oS*Ddp;EF4%kx%;j%_x zCTSfqnxuO6k2RipWQh{sr{F)jSS8NeP+*xcjmDkGlkQk6dL`;XOj-I$^G=NVJ1Joc5l5-=0lvM{E-p( zI2ET?M@7J?SpVu+bRxOhc_is@%(~4WvGE+9-NJjr?vRQODw?uiGW&dMQ80UucS4x8 z{`HYR6>Ej>!CXZ=#`I6r=O%suvQ#YRcs)!~0rhjUM?WMxAN#HaO=~G$UV>?gh_MW( zD>7^}DTn7_UiCJ)aW(jvVobx1?(T^ZbcL>lt0v6EMRODd5{QcrLt7EBZdB9=10|(D z#9*H^F`UG;5%~d!#=smx*%aMcT zOYs#ssqPC$^vmFEzqlC3^H^S@G)&S)O$1`PzUBu{)T@2zx}f5$A8m={?dF|)n@u4; zSUMQgL*_)FB-%w26YR7-vJ_9DV(7E~RpVrhIGB^{fSkiRs;A~GA#u7g^KyVP)iM9M8z#5%hOj>KD?uj@QFv>)6g)YT!BG&mI@N*vE# zZqITJ%TygQdth#7ewIBz{~|K@_Tfvv`MZ<>pIY|0naK72o|o^1{WHLI4%x8&qihtL zw>#ICiN4k3;-q&0*UyZhxZb19PZu!>P*zIKEzEeGqy5b;F_2bQDy}Oy#*y3kqBHts z)VL`e&K#eB?Y6V;WE^qdSI_6}yjtZAie8H;$s((n-v+NEg8$;L2$rt(rP_K+Idrb; zl2By`Q9%e)9bs>8&D%y$Q`UZ?(YxVI-oa;$qqjVt+u_^Otje#Jag0w1CZ8^D)nt%r z)CkL%+Y8+#zYh;@x)Nfz86E2&%h8qT`N_v%t(eB8&%HdoXqnl}CCL=I_s3JPfaeZM zXh-*#ozqge*RQ%4(O9+gxz=Y7L)9z@ zi2J;oLs?<>-(PyUwd^Asgz2wiHh_5#M1j7>QW zC?rs4@GlT(lU9PS$!L4`45_QzlAg;ZB@Gsu#JF227UBV!p?85_H}{e2h4h+=VfFv5d2BhV8)=|G#L zdhB*m7qF)p>|%_e1%SNBC3*-S$yrmIj$Tw5Sk%8f@2M3MUXv3>q>RNtm(Htx;6cg$lfVepnwgE=7g!c=!0R|}z~F$_QV zlr&(L?XhrmIZ9*CJzXvL8EIrF6aI#W0`hLDCESx)yBZ@w6uaKU28MR6!NFr3Pv0F> zP>q$BP~B#SPH53;nHX>F6~Ub(Vjh*C&RH&#tv}UX|7E#M3Zl2FF*2L{DEsHyzrO9X zhGCxgK}obV8eFr{PIJ=K6})pE_dl=zJr;jE-On5eDb(jkJzRTq3LWH8o^(wD1rbw$OO)-DAV00HR|N%;I>~Gjl ztax>D4=wnUbs^nk|6|rWw+0az%#{*JE%1AbQ1%+2&E=@u2b6~zjWwG$KBnRhtTBfh zZM=Xd+0q{XG+kYT{9$X7hLhWPSY{&sl-dBa{?;?&{fLFa!>i+FtEFJDhI!TPeh==Q z9g=htRIQ$+qW>h-p3a(29cD?=r70z}Z82b@YXyiGK;il!|h#H`hP~t+&?xjz97Oqsm z@>hn?0c_v0Wv8?M%OI_K2k-QkM1m?`t51;C&v-#V5Rue~6MlS#0c-o|v^aU82uOX^ z#afHTYK$xxr+Xev|84<*;8vPQ1w3v%VDvM8?1U$=E@YG6vz)IsswHkmygA&!<*TgD z;4)*kwbc1S6djXrIr`B#87;5v@5;=k^U#8Ij}oNj*zo%hI6dy@> ze-O6QR;W>cZ)60%@-Qx#SJMF0X`Gk3MIz-ks~e$_^S3W$@t0*M51PB@R)z!R%BR!p zwD;(7RVMPOjsD6;*TZ+x>Ab-NHejt9PdNb=dd6egBI!8ocg3aihGgcyY7*S$Gszdv zC)`YxC}n+rt~zH)SFBgL72^#)!8d9(EvNu6)}ZL`9qG zBf3;--Iup~d``Emy(|OSL3n0TPrZ9r>855q594GG)H8RMR>kd zRREm8Dh51qsk_HG9WP9KXCin^Uhm- zSG-o>EVs;kGOZ&xG=`Gn1>R)1U>|E-A>mAkliMb3IwjCWWAlC#y$8!SnO&1r^6P@t zlUPtknbh|~lSD6RnvxPdq6%%yast(6r?ay=drLoLYtb0=-y73Kvc97n_w?ay{Hvmx z+_%SS2JOX*6T33G)Mq8qKCVu#rt7D{abM>aw=0OP=m4bNEU?HF3pTJkg(<;OKUe@d zz-SkCp?iy^a#x1{t^X`MfbI;N*VL3ZSw*!m&;%zpgE{WITgRHXPf1jca!~NQ-&~OF zzeYYwfh~VyXv(4e$k(>n?87pZX7YAgRhJiNyB~W3msJ1hN0?fILi)aWKqJ)U(~L!- zR~5f8B2}t4e47o)5sG9b)xI$b-h4a%EB#rdkzcn@rCMfA|31;($YUftI{1Yzs-a_R zuRL=yGC7ulK{jP|TH`w zAo@bik|T{hmmReNaq_TVraju)n0gK7S@5LPyU7-*((x&)+aLas1fu(wRIUXfk3hGs z7U%hDN_*#e4ptr7hJCj`t{*8XDt2TxX1Y~##Q6w_Z-ogOvjzvx=w}$FKYJpHBIfk; z7QDr{C*?nJqwXE>b!DYuPgr4n zhqro9o3Y}iEjBPF4NP(DJahkM*=78xWbgYPES`umj=Ux^6HeW+Acm+Ls!oVqUy8_< z*+e4rvNfExLk2k2H-BOr8-@1AU%zlNdKI0`<4n`36y{dt?90rt;N+AUGN`Xm9r0}O zBJGkgY>vHRvl4)}Tb1-vXMYi!ZZmU#3gj>kEz95Q*n3zmr>hG#4+%66jvMV$U!6}0 zQm!4R)M#mV#9YhEchdALi70_FpWPciEc%_QKi$b;J^kAwIqU&b0K)Vlh<=9-S49O% z0Xm9(5z-3{^1BrAep-7~h0UnF`hB#wUvw^%FxP6txKkno+_~E4BSlG>@PYa1u$M3N zi}vvoxa{nMKmsUt;F;O{NvDKSu(Zy|l;1Y8iVg&-)ZTyQsvc4p**HHM5#fWC8UDA( zYmj$v!F=bEW8gS4Qlp?aL!Wwid6VeIP^>n61m6pCsOLBt7c8x<{A&*n=yMaV`-3jC6yM}L zjOuRWh2_mL`5M}1io4^gorP?ODX*r_hC%m>5nk`CFS~PNz(S}xW>sw^)4Wm#ozF%W~u=@2iM5c0XZGX3DB==%uNH@q}Za>v2+@4@$; z9whU?ve!#5+|340;;{69qPw~qsezCPtiMT99-BIk@FnzS?1SbSTi%qkR%7XF1|WnI zZ?VI>Z(8krXASpW;sMF=Z5}g&NNJO~cGsgquvbsI5-lJSAI_ zF+2DsKnc9~X&oF#nkoS%Dr4mHm6UC)D{>Y;t3{ZU=bn_gFxq&Oy!RJ#-B}B&nPK8! ze@mH3#TsmJ&_9|7+|wrxOE1oQLkePp1T6I8?4pW}svl1#@3h9Pcsx}KV)Zf)k35A{ z-RHYMuv-JE@ICjPpcPWV8$pXA7Jgi^JXQJ&)Q^tGmev*InCsc9R3HD7#-|R-1smw1f$|V*?a3?hW7y zfGbQLI?~skm563U1==c|yZJmcd6cx6ksO~q=^kK)WcW5*B>#avZzIA# zA=9k=+2+|6LbN`)3R2P31rhdlnM&->H=7!5aZA^=Y)H>>#laueMV9u8&p z)TTh^gr4;)6%|PeD#Ji>?dN2N-1FQkS<$z;_Y(e})~gtpjaYl$r_1fW_GEe+lbn@v zeH&si^MgHnN-!fbo^pWqUhccH$v}LY&TCiRz+h+Le#+UrH6~5a4^ntJ{zTQ;yljiIH{QZ z`8BRes?MOIuRCKgfWGA&7R*J&&%NfzX^6Nec~3{I6h4#09Jk}HS9;;Y&8Ba-zSXbqdu7&5 zB9%mNEu_>w&S8FM!X1a}z5~Rq0BB%WJR{>N$fxnr(C(GW)N&Tk<(rtP03aB$114}8 z9juF4E(bm<6?ipj-A31)M4p%8{3bH{OLD%dilU2rxjwi2QsOv}^9=oEF}s2q@F0^1 z3#1Pvhv3+hpDPP*W-mw?TY3X(H)U64K}wG3$UP-+eL1xzr$%J2{rOkE)}IFfq`31p zy&v+l3PeFF&0k!TAGVJdcKugwvP`mJXX{~%OLBnNRCw^Q$dVb2l_Zy6mKNYY@j|%L z>h6>R9~M4W&&}lC`5f)$m4a=(Jnz_$TnmTuwR@{`n^pz1m{M%4BaQO%=Y@$r3uykv ziU$i8oUUdprnLl)CSY-3Y?TN545C;fJj?3CX%obGo2W4Cp2861kEl)r%+omYqB0|%yft26Gm*}&SJJ-8}4 z<%8mT3@1q z>|ZSjb06+f4Js|Gj(!jJK9Ok*-J?0LRS%}S8*Kgjc@ci-7fmXTBev3PL+Pe8M6@sh zgKh|e&URH=%+=J)%E56cCM91jdYRFj1xm`|wcs}U_VGhlSH6m`YCu3IJZgyn2sKIlVULx*(iV`dCtbAb;Q?o;|N z4agB6p5WLi)#{zrH;iuK-of_RwgHWRwL(vMTULCCK=Xw;M%UQK!=B!!hxOVvX6C%O zm#fRaU2~09hHnEOnVoTEXU7SL=?CC&xTR2YA{oJfnY;~U%{XdqCQ82&lkg(%!26Ey zZ_-pk%yQRPRz}&HnI8H)v;9h;hIM>t+6&2HbMb&_HJWeS07^8`H~p5y<;UkF{p?UdefsfrFN%d69%Q~+ zF%zdf@`}E&-B0cd*MIuGCbf-v-jxfAj`?OO%53P{UsR27mK`Uzzg!r;f_nMUhp?es zTa{I+y>R1Wh98Bj_{ul!zu}RJ2iRinV?lvtCj@AP^ivZC^O&9sqDo8)_wt7k=dAE8 zfw*AJX0l#}YiY`+O82E&dEc^fIo{(Y9ZHp&VqiFw&!*#^IXu~FL5m!e%z|tdS{DcPwwgr(2qYQTOjB9Y_d5| z5`|f3>kZVCcKEGpl|R7nnd5!6*3HHn!Nzg~i}z_-Hw-b^a)SAygY;vZPIh_v-i+H@ zVk48px8riYNA=t8HVedQs@hc$YS0q8_8y8wuB5T!Vy?>%#_vyzGaAZGYv%qrVgYgE z{zbVg!*-YPp3VT@?qIUqGgD@Ma8v32VS7yBiv$Mq%b=#~6AgTij8@!+1H~0Z|8Eg4 zlkvwKF>5#+!G*?Aj;0YVZH{r*$Wx{EbKs8U+p?Mdj+>Jajndt7ymZgLqmZh5+&K2Ku%yXnl%FbuUi z3rlK{uf5tbgon+qT@s@5=a@a!-g2>xp=o7f5 z?9K2-oAvZGm$sYT$+knaI}#46C)8McWX*8O(;GA5l)$t0v4G~bWiKca$a?Lu+q_r9 zq_je8jNdQymKY8{sUUKidPg=bjybv-O!KSqr?JK%Q_pZR`wA#Cpz2-Ic_p??JWZhM;umC@zADU@0 zNFSi2G&$kfH?R;ju0|}ZqK2LmahDk+ozov*4JkF^G$+)NLW$XoO16smgV;$L7b#3U z+A&AO*6py_EC+D6yTJk7o!i{RH4|mldCoCbvMsesdkPny%We4r``lRr@6vTX30Wp8 zlwnLkWhd(w*tSE<+&di^;YnX^n|2sNmWA8=PL7DV#lz^`Btw}(dgAzbU(^JJ*I6!0 z^9rs`9(A~T%ypN@Tj6R%7i)_-6|NsX2X~GuIO^^HmdB+pbYI#Li6kt0a~-=KV5!9< zci(uK%jH~Bz);Yw7Z3Eb_paJDGd`9RxrP2Lnxpx*0`(ghoc9f0!Za+^n}2BPBz=N= z&2kI^*0Y9iX7$ok@_vFZuhkE;d-+ZNs^G7eUU<%LV13K9$b z%POnM&g^}OFnsnLFqKvXB1@%iboYqbxnf}Xjb@p!;3m%pnTyu zONY=qD3tcxG*b78T7~U$vmkmqU=$ug?T7bw>YTlerV9FpVW378Y4En`2lsCiO;YZ1 zrxMsK#enlImc!J7XK!LDT|Ul>tVqCV>ggY%N(IlyZ(*!pW? zBKqL-r}?<{6-@J^<7T-$%`3C8KmKABL?;bqq^{tzpxRu)5Z?6kX}uZ`x3hk<*rwvE)&@KqguG6|`o)}Ec&*7^cnOgLmpA#=bF ziW)8;`Lg=?lDL#eIx|~!0NOLbR&a~G9r^PAC5gx)pG>tjKwHhrBw1Uy$JWmkXW`FEd(mZ@;AXz{sil$p@*80eQ?=*d z_wYYuVvo^5A*P2?0QFskUt+8=%y9c?TZs!`m^levt!9osw)OAk!Qvz}kNl%XSB@Pf zcyRlmWh}#vEf?9%NCi!k-FgP@G+`7x5E&Qvg97(P^jcGxNJMNcJ_}Fdn%}E$8r)Xj z5dVHZ++!y7*tgNkX4`<0lImb-Y)X(vtA`31e&oA+GJRdK0r{%?kjCiVFuU{5YQy;gSbnZnuaz5+7 zPh)uI6ZQNWfkJNpopEhAM#iKlGOCqCX+fUh;f6O*kQqv3RoK)@3`HGsq2sWn!YV ziweOTCEHZFVyoKM8zLr6&1F5yG8MhzqF-Wl^fG8~q$ojX(TH z?IW%VUJ*u~kbvIXgjXti<8-sQ&ay`}CG%+&xs#sreV+5vcKoh%aU+^`bF(IC>)B$Y zcd&k1pvG+U5UNT2=^OV#8Mct&x$Kka>Ey`3hr>u{XY^iYR_53X@j6s*CHNHhKkY0g~_6o(ep9GBrEVhy9zFpgywuiv^Y?}OQS?b5I3DDkyDaEQv?3tA6 z&jbpv21!65dN`K7y~Aeg2R+90HBxV4Oc!)^t|fw3E~wqIB)vv`yrFJVsKOf&$A!6K3)bn>93O z&TPO!*Z>Ql}TkzZXoIxt0eFY zQ^D3;A%&;h^C5+nJ83gaMsQb$yBY@3-`M41+qK^G89p1g(yQM#Gu=zFO|q}1d%M5d zB^PqgjD3*Xk>h7Z_&-FM@8F?hjm0EKi8igpnq^bzUJ6N@6FJc-TpH;TA@+Yhw#Tf@ zk$OM=N+uNUkwmLJT{b-pnFC7&xk0-I3K(ji^NfaiB=(Jf;?I7^Ul{{pa$G83!3s~49(X1PL zZ@6~s%{eWv0uq+5UOW(EDtJJUR_=NOSBtWK2P-VdxU z#r+g=IF0PL9t`;0=JhP#z$WON6POY|7T?uipxuchr=DG0uJ~Xgb0$_6<9rz4JA5J9 zz2S)+cB^HhemwuMcSXa92LA!w{BXM8wZs!WP;FDuLM+Yn$pe3=ot283npz~IveMzH zZjDV}@JDN7;P8L8i(QNGsh^8In#!NLHyw5DMt`PtJ;>Mm)7q89DTVf%=AF7!A%Fn} z+7BWim-X-8{p&-NLX-J9W{^c5J_O7Jq;1qAJQGy*5?DHm=^lu%|1{CS-}{B4Dg2G7 zl7WYNLQ{W|2=GMyYrEj5tJOLr&stcI%C67)9k-3+i|;rwn^MMq_KbmNKQ#Y86d*D) zVj!&cX&w)^v5ZmnApU^7Uo8EuSDp0#u=kcxaYS3YZk!}ofB?Zm6WrbD5E^$69w4~8 zLkPj$9TME#-L-Mo#vK}WxkdKb`0Ds;gElnQN~3KC@Iy+$4K- zMCu>WD1R@n5UVQO8A5;=FZ;j#+mF1Gcwoi)pUMv{JXQFA`Vshk?f2OuO5#71&nW-b zPgZ@QM)J>CfdB9}|2N#l|IhxJnw>rrC;!ha+#NuS{-^T8|fPvEkg)!lOIGc;g7JA9Lj(6Q}@>r`M}2| zFfA#mH%=ZQ+hdRaPvy`=U>6{?{ipH+zhd$Kq$&6C|M$uNwd(%gUSYR&Z{?(L@$l3_ z8rvmWiogFBRgTnL&D1hz<~3UA9yh-y^gk`F8J?c5F@Rm^r33H&cLzG6ysqvl{-0m3 zu_Yg$_LBbHroVi;_tA1&2g1s&ss1_mOWeaOaL&aN0ratj-g4Bw;loNd2jUa|M>!N< zVS4`XmjA%_gnVcrAn1B`H5QumOb>ZM-;C>mh*3YvNeyenbL7r-aUJCZNz+Kv_euhY zPs#S3LDER>HU8kf8-?q;u5W}J(`tYMOrj(g%=b#cak5UeMDUw^dM=^sIyCqJ163^nPng-QeRCABl4KH(3&1VfJZXb^v%+8 zpH(EXb*BY~?0txMFPL=7?Y?}yizG)I6gvyt|UHdUg1j{9pWof$SOnD?br;oh~IgMLdKOZ}w|4C(6EmO7c!>IzEdM9on4xlm|?HWQ3!ZuCKvw%auv-2&w^MBuUGDMZm7T)2GP~HL%S`b zY?v3Dog*Ko{Uvf6o2br}i+JAWZT3}Tx*PXTe>TM0bV1!C!oU;M-(y5+_3Ny`B`CLU zYw?Yq*o2Lai5igWv&4Ah4~#CyGOQu$ZYp+tQ~5G+SB9tWvWL9WN^*Ri-zpZGcP=0v z^Wx&)G0{n9$P^phc#@Dy;TS_5pMhy7VK*&jE{y)$S3Ht;Y|TK6*)yD!6L*ioci%vk z4J+x_B(v0K>~24&Ic?&V?a}sU?S7gb8VdI)z8hiJbW{w zIPiIxSG@OkB}Utx$c0r@@oTE;KpRWqT(pJjf{quPdYqkzQjJ=b*$LE*nv$-*gFpc@ z2eGOY#yZts?6F3n9Tl3j$6H;MiXYH?PB%TP#;OevRV2CWnWyA0Z_j52%J0LK&EZWS zz7@#wxQRZjc5KDZF?o*{*o4B2shd5p?7BP_qVq3M5sFN{mer8;xNsU=29a;O(ze?- zUfV*&Trbwnud>6n$Ly1BXyU6yJ6xNus_ri$-dEzDvkV^pX2o2iO) zD@ZCt)tD`gM~?JDA)H1)Jk*U)NtD{~*Vl(qghSLVZw3WGOt^C)@g&B4cI!R#Px}b=MjQYO@DOZe zknixr@)=-qHN6x!TKd5U0Tx@cv8arp7L7qonD5!hrY(qzf3CM0>ry719SkC&Pvlh65vMqNYqN-h+=_9%8wxbP0NafZ+F zT}B}JHVSo0V34i`XJ^mD-t{IR_1U3#*c#?y6|JMYw@4fG`#g1nOEE*2nx18ej+vVf z*4t5f=d1l>rtdV5HsMlin@P(e!$_U%!{8VG^S$t9ajp=}KK#Gd_Cu)Xi+Y1WmxwSE zmWga3H;2dG0YF4>7SR9%1UUwVnNllkC^h9+!)1T49}yuoM#)w=+qLm6y6k}uWgr+k z#*9fZe(OhPh$g#=dN54FW!vUT8ZLNMRO_(+r~e4HFFpqY0{Odx?E^OvcPp88^fIF3 z56`t7htm^dHwj;-Oe?9KPkdh|S0_#5GMk-{qo_B?&>x=pT>uY}Dk_Q@9uhcc&?}IaNkhU?XR{zKwVhXD1n=U9$vx#Uxj(h*S&Y7K0WP;7LHY6rzHTk z$elTFf;q}_%9Q(V0aPMFw7E6#`eaBR>^&XjGGgx{o)F81%1WK!3$f-GQU!Zl-Q0)s zau4zbu9kdtCQzTv`_&-Ai5JBKtHLUGkfMQpb>Q{%hQARP16sA$SxlnlrW)Zx9!E`7(l zRX5hBiCy(RH4441V_lRB1~tmg7LeX1<>4E3xO9CG5Ra8;!uj1n2D;vzc71RWb?!nD zb{L8=X9zo?(>aDr+3aS=$7$~8cSklU=v^8y7Re`(fHy05vM#RqshDX6!tl7ejZ*zG zD~5-%lX1(df%~7YHl1xsw3;pCHfV5e>k$J2wyVo7D z1PhfCn+GtqT!!Wk;tSp5G*=LdD@98|A-A8vv6Ki0-9=yRHzSn6SDp_a_1x+U)%F3L z#0@w3LX$upLAFx}%l8ex_v5p4YR%p_fMNT?qkmx!q(k@e>F3H4&K*KR!c5c?K4JO< z2Kwu5t7>jt-hrJSqyii^Vcp%yLg*HI*!%s2?OPvumiSe0r${USlyH*lu7?v1A))*8 znqJ@M{%)SlTH!sG8h|BydN*(mX70>!lx~b4D>Ud*mlVBXX8x=&&OgW-?uq z?1d+D2FxP%X6@r)(t^)}&)U-R^T>z%xmmk+v(kiw;j5a-#?%<$3=gZ5cXt{r@B(gcKux#2x*(QDlfH1ZUWz^Yx$a(E+z|h(5?Ki3` z&0zCT7liGb6xy(KoNzGDyRVgu@OSe>PCs2hkv=usNO zg!1H@G`)wG@nR90_qpaAejO;IxYd^RX+c1N6U#BEJZuo%(MFf&r# zNcD{E)}%cK%qN^_>HqFoHsGZSj=C`T&ZL|vsRwxSqK+nM}|UZT$G_FL8$>fsQ5)6!qBFTyfz*)W8e9>Ef@H7#1s zdrSSZ>@R;*y^hrOX8+=4TPT}q*b+-1o`U|>JaR8asa@hD6Vv^3U;)J!rykJ}8zsRe z3+%MpG z2qAGL+FB)hn>)ZMjjw7&Ay>j|wMaWt`Po-tYVi}aS-JQ408~QGcDLf9;7$90q-5R2 z4zqEnDM3uL?*=gvY@rHiZT9x8YThR1Ab@Hq8T|FIRHuK2Ry zPK5zCYp)xTdfVpEn7w~M5uek*)j%?LLhCI51+B@D9NvoO}-lCamO zSZgMjPEV{In3_ry1H_z&`Zoc7tlGZH`C^l9m)o(y!NE5nH7$ODFLOQTlu?MLhdMgO zoeNf%@hm<7J@v^wUWa#AR~JbPn6fYA%#si`RZ;IPdBo@4)`05Ev#?iieX*rKn%z8* z2D@k&jM)82-FMw@GVl|41q*eFvq7nDEB2k$0>54!A+Xn?;0;d!m)E~dVn%K5(a(>2 zj-SNY)mFf+Mbj&J%ErfV&`^VP>5$XzSiP&Nb^<+C2YLrfZBv!Cv|`L4Do>Rt*>wt zrK(6rrs!9pNIi|!5tAQHHJb=LtpE>l1{3HTkG2C#ajxs+hWDO)Jb)6VsA}5kns|*nkj2K*SquQbe7DV}^5fCSV9WbzZu@O(5Ks^N;|| zPJ=Ndosv45{!0Th? zc4lv#N@q5}fuL=v`V`QMiTKtseqJCpqg;aj3Pb%q7dJ4mttZRVNI`;@Bu)Lzij}4U zNPB)Y$qYy`;+*7@1}5+_2DpC*hR?Jn&1t{n98f9$KbPveg#Fd;}D`trK_#uJf8%M))f80$d+y zH--&`;a>`sNK6TKb}2}2&$dqaLK80*HK&{Xl&zhppsx5wHyz2uRuIUiVa0FqXKc9z z!0`8}jrYXt0wy_ZIPX+q2G+AW7*mUNQ-U=f8D7a=lvVoNM&U`36j3M44ylgA$J%Xt zrOgwjetQmk06_-BqBb-y-$-8&HdWZ}%|$K?i!1;9ls3P=OAfA!nQl+J7)F_&LM;;1 zoW7u8yXxzWeoN}+fzAlN4RC3RVb~UEs(R*+=)f7wbIg!gzV2t#o=^hhkfBRf1b6kheX6&7?XF{>6Mrwj=!VTte2OoAeeV~qo}q*s|6Z0HY0b7 zJ7ThgjuRN6vqti5kU5K4z(C z?T%-CJiNB+;3j}#uOJ_W5~scTAyIz3p}U3OZ0AHCM)1{G>yv&;Dhbu~9?LwRRCaoN zW+lg+WKZP{Ub0ZGW*w7^R(um1!WQ!&|4n}?pqf6ZxTdo^5QN}omSGYdb~VuDqHMoLfW}!=@62B{53q*k#lRG$Xh&A9 zvRo8-a3YhRoYyT%Q9RR7i|mxq5JJ8Gxl-L;y#eZro5G-Uq5H8whaspRaz$bli2!uh zoHNIR_Y4|JPp`pYxhZy;5Gnj>Ts}HP)D4|sek5^7j*-A{tgL7@wmA)3`m5?WufN~c z$l}ZL^TphSKcNfb#0m3h%Cdhn^RpL1PmYsy<(MGH2P2ByFthkCjA-lPju3SC%PItt z)yhPi3xZK^Yd&v{+FEPtpyPGK#!4ri!lz^UQ!W@KXNKw_x#cE+TOX7sFYcXJjRg3@ z4pS%R^*^Ak8{|)oZlcMm1u{a>4n6i39MlKyZV(Q4gLW#|XNbRta{r?E_3lelG654J z@h{MK<$!k)k|JdS_ODf{G3AUX3*`;&?m2>O_>lkH+~1pP4mDq^PuMC8W2T+af#G=jHwGlG6*cP;pG97%WkCV63PruN zzWx=MRHLByky;Bx;&#&`m5fANmB_Fn29t1d zo-Leg3Ea=sUYqe$y?1APIfL4sLW)L85O8O#uMb3$xz9)9d+InJ{@_!SXD+LyN)V!* zoeQ$Y|E^knS#HR#`Aw1jxGkLXX)v$vnPGM>W<#Ba)!9lugyow~?;DqB+Z!h`G)0R7 zIy@Hp>3M4pShxGh;%e& z^sYhZ6?nELl?EFVA=MoDQ<{(N26ar{^FgyiSK^05$B?-)Ymb#S9yK);NDr2>;0tXD&8&y=6zWC3d+DDUjIrC?k9YP-3`i5D~GmRDl>I85;?)y zmw;zw;?qil+N`b=f>cCPDHhb3s{x*YEu5sArD2ht^$|-SnpDfH)p)Wjk7ta@77$vp zU(u((+`2v`Tu_-q>4sMNQP1kvw;1JN%fJmDxp-x8AeB~ohxg!u9dm1o>$xbL zanuO0*ECyF*X&E1l8dT?hTQlODcbr6D9@U?83e-8B6Qiq)8P`Mlr9?Eko^vAKu z+gQIv0_%AXcwpunKYgOm=u?vJAlq`nk~zKjc1$o`pm{OZ$FSjR5^iXPBLo7-NHIn$ zfozCWVu~?eisL*(nH!Zh8dZsY^27Dbhc zCT+TZw$Y~_|8kV*8e>+7bNzhPUtlKiuc~B0jj^zw~Oj-D#uGHWVRpjq*h+a;{ zn!!vctUu_H)O*BXT_8R3qD{o*#C@_nmZlM_syD)Ka8T<*qT)9$m+Yaqs?n!oWa{Mv zT&Y%d-eC`ax`Jrugl!`R)2Ay_jo?mm4gOU44YhOqtxId z_d@8*P3R(Ih~^{cdHVTz2%?bM`-94-PhjMO7pm^@0QX|QM}300zh!>CqiU9U(;|gs zPsU27zei^^q!-v%y2pQ6`^FzS?cjIi(JXJMIE{UQag1R?$k~|X1M>BAt{5oCZ}iv^ zO0c`^+w#GMj5jyeR(38;Hy*6?3Qt4OWzUng)tbekVu?7+7IF@su0-9`UrWy&FdEqv z+oYI+{5dS{=YR0LnX((AoZC!syUr4ui@7tmqId>rfl7oROJ`i^hHPqiZnyo zi%3ld*=W@>$yT~?rY6PKDe%}2(h7^>?vE75_YtKnwCb8IQ@a^-w?AMB>vjHV_vzob ztmodhjqUR5lqFy=>F>CPY56FBk$YF`FtgZUN>{vyuWL2~_=VPM8#Y^BqMbCFr`WQ` zzVg0hAABkueRf^2rzsys#SO%eENw>LP2Ql2q5+6_D{ED!3fv(UMX)vb)n)10Ox1(} z;K73)0-~vDu_BT_3O*fr!Hzy*GJ4g#PEr6--tB0{MUtpmXPdjHSBknhMb{i5GuGBw zDZmPf@M}Ut3se(I?$|I!5C0n1EAb9Z)?6+l{YEcE(;(H`TfD+sAHr^X zh&{EPrPj;3T8rjSHk4@V_+OcfPcqeP8g)ZxDQV0uxDZ}H0x%LhknuUnvKW|`XXC^2 z|8VQ1t+s`@pvmmP)7lFq9IAa9zk|;cx6pXb96MW;54K3?V=%a@Ol3H zTx>>d0?NiK*=+Eyto7Qw9O}Gyq)B-c$>~UirEkA`h|^jS{Z+ffvn{J@c#nFqFJyEg zAr|3#ZW|6xvIf%x zgL4c+0BzJ#GX$hs;!-F$(5B1sVkVRwEIDSjFFXI}<7*roLmr=m%?W*{>lM6m~$IlF8YL;1d@obu*mS1wymjP&aqdMum>Ytv|N)N)M_<3 zjp#eR^T|K$o9y*S(&{e8?$R^>I3sFEIYv-#126d4OlG;t0k#OCIXMlcU#em(H&jrj z=LWzTR9U*%k;V;hX#kwzbE%D9>W6bnc+}s#jjal2!9$KdUqA~NY7d9p%tr44agv z)d2Om6F2iNx?+)6r5?b*&i$okoNNnFn%WEp)9X)q;|1Hi559028jhK%7#|-g{N5Ir zqkq8(i5=BV^An?b>(eLwuk`Ry*-Vk>*B-T)X8=OwEPlbdJ&xLfj!aIa&>`)1$fg<$ z0u|MXbrX*XPslu6Z+C8owF|pp^9EoOs2X=R{6TkjCU7*;&LC!vtis`_`re%eO8F5~q>q!TAPeL|egS(Cs;h^TAME*_Da6}(p5DUnMFfROQZ5zC?i7;4d0j;eKj4$v$F=&qM{{GWw_n6u|VJ>?3kJK}^bAENI)PV_``S%|+ z#L4pYLouHtnKg4^u{{l;*G}qKjLia%C1 z>vnVftI*`}4)d|GrQlH0#=3X1#|x~fCxXs}*p)K0=_qj?2R_M7OpiDPz+TRk&;CxL zSG7nATVQtHX57cBx@qtcC!q=9LKE%VDUM`YDCN|vSlIM%jR*)JJJfS9)EmJVNEPNhHiO-cp?73|v&`_hEy1k;j-#wpR?ma3uRl$y-` z*dM{hN{U}G(51L}OvTh3a^zsM;90q~*S%&!Ii5bbSq}Hxx^LspRQAr%kG1`dHu63{ zLaJ)C3@n(;g(>fvtCSv7;gui38kF;ql8Ho1b|9nh7UG}a*+^wzVm^wN7BR`K@;2cu zkmpRT433tVE(p2Ww)VI$Ujx^wCc8rntkEsdqM@cN_EcA26~aD5$4j5KRk&>vA$1;k zL%y@+cdN$ANZ+)w7a*LKR#a?FSJW7l{2X@(%$GXXP0X{5)EWE*mdMpRaCP)*G_7Ju zc^c|B`pY|dlwr=9{7&n-dC=CPs9hSd{)`sZ*PB6`?PYm8!~13?q;jGR!=4n=FUS`; zGK3yZBqavwJ5MU%5um90`eAzRb0&wT6HQlWN{)#@a64r!dvn@jJmG!h`w4ConjL^> zGe5qHo;KcXPDTa<=wy_gbbb=y4W}pGuk-f3Rw5Ms^9oJ$mk|_#CIl!An}2pH5yBaM zcC`6shjwI~xX{n=ZR_5sY_>cKNkD`wZ+l_#&^bIS^KZ?s9 z#EsXp=O!ks&SzE^S5gaJ(KFynFk(xpFlbP1-O6iVLW8&PB{R8zLKsVD>s_IYp5URs zdoZG!?J;u-_l!hE{d>3DX)fNEGe!76z&{R2ndNY9IrP^IL{o{&YP|y^Gb(CmKw{Vd ze((8G?-KoXf(=33Km54P^ZA?N9W1gqP?W{%J^-@WJvHX8p1Na@m!CTAI$K&qpMO8) z{nzSDb(n?`zTk5ZI$~cTK;AeW`xkj5S|MKaALI=Y>TiF^8~4|bga!Ou|$(y?)TYCOKp+_33)l&-cFdj;=_ubf$~XoPcZhH1KxA2$otrQGF=e4F0` zQmlABcA_7(L6<~&xtZ^il3dOQs?9y3OLspTo%ztoE^vXC6NCen3YwnXY}M5RYhx>i zjT*S@WVwGxmA242>B6EexLdk+dShwurK+HGN)3;IA__JAMQzTwwFmz>GhmPCD}A}G zFeI;^p%?VoMTN6O=T5LB8VyGe;S4e5zC3B9@;DV{AsP5w-1YA z7n$y$KGImbTFM|_@VcA;0){yYL)10BV)EXimZ$ppPeW>Zv;A_UniV@A0Sz=ST`rdA z3hy*ucE9@@89|iwJ6+;2!#t!zdXPNLGx51N0IJKGh-swJ^$`%_-EA>6(GR22X!k=z z_xEd$ya@s>;%)pk>Eia3r!?d3RCF08z}5tb#3J{d`}rd_JzCgiOEImaK>G*8adyTz z=(5O&)!&M*-EUBYeGY<=7W&7`zQJocj4XEp(nL>;ZiuDSREPaedaQk*s** zq{Bd$MGiW%6S^%bv>8+&aZi1N2S;vBusjIe=5$t40}SY^(Ce}ReR$~s zETmk!qy~6hP|i;){wLU@;r1`s!3LcPtv0+Uk0F z>yq{wi!@Mw{LPFZt%@MSrTTI3z>1dX1ATzrd*XVkEYWPKeL> z`WT>iD47$Y^(w(L72R?FDHZq~=l2QF+(bjAZnrWZo#=y|XyKVt&@^Cc6jWsWeCjB8 zubLONF^0u5N89SQ-rb6zraakoWjC0`UWRU{`euv)VxxL1f*uo_T=cL7=w^Ii+Qb1PEg>R<}V>)^_DHb`#1? zft;y>)kUXGYj)R@znO_fb(nj{fB4;=gGth&#eJ~>09^QXjiivLMtg%g);U;-UtTL; zu-jhwT1&Fuu)$`o9gooL!i7`8AzisCj@6{yapU8oc%|Jn@j>{EK#qO-VV!sAxvdTg zvoaRlkfAKMTlGzE$`pFzy>r!tO;v>clo2v({HnXk7lozQn@_yE*bp3OBj&E6GZ{V$ zU&)AFU)j2Y32H})m*;`q0!o<8kaX>?A^SyU&+v`q@A%tzs);&Q@>Fd9&6G%u=QA~5 zFIjI*fXPBtd7v+bY&{GZ$BglWqB>=ByH_&|3`Ep6+&$LY0F>2ld{qiE zMnaIZpGZQ$LhX0o5!e7DTueg|B*(1qhdZiBp*zlm>33u*DE5^oUhNa0xwoD~a?}U1ZnJ4XT4!&t6X{$AFJb9%YIDX%eoXc>}tLxZAlf8I`eZSq%M9UleZn z*wrCSeZ5PqI;glU^}hNS4-iM$tB(8VlF`b@(C`9q3HdR~%$DyffQ7VTmyaKKt)3N- zD7;BY=|qV&x7Q4(CU>$$I+LMpM0(Kr6!XqEUs>3{v=E1NSU&BtpqS$neaYohTY=v0 zL0K&q;g}ke%`uZ!7J9h3%X1<1{7mAJbW{UA3|07&bo;J&$Mp!S8jTm#T`NVeE-~zE>nKo^EZXQ&rgS!=p(VEO3Rle6A*-xZ|j2FgZp*03_5fGl(?F3l`32_kEy#!r@ENHNg?*xRvG>OLVB5)l4+9X&5}s}%SM2dGN7If4NHB*I*hkZm)wWbs-6>I{HD zb~q1M?8@QQ=3t<;X{pocMabJAS+! zF5`^6QL{H2E34Jc-ESm6FQA0F*)ttn=d!rx17Oc@u||*V{a;-g{?MLcBTm`-5T@5B znnNkI;u3pDYSnB?MQya?9SEysewl{U<&^+zs>LI=tSK2ia8&1cz+yrCd)5Jeip^C? z{grNoyjM?tP>l@R->tFLar$p&n_qXr=Cvj&WAa48Z0Ykq^U?5O#7cHlT}}-2JaP9R zlB(q!KpU^tFi}_zcTljUP`YmaB*e42jX<@t`1G>ea)&xEkI4(xZnhBjNDr`Ys*BTA= zqjL#PtY`dmVA4xnb5E z(itIPAdX4zojQSFFE4C>9SLaCWQ<6I>AIEnNSmEM1-WIbIjBtCRNi%J$RD*){_9_e zh;luQ6o8228D1MT*cgD0foMT>_jj^#5;YHhK5Tb$rV@HU>Ecn**VfR(HEjk03*EafX-vdug`0~`A1{px?x^s`@43Ff~d{mIR^T~_@re8iC&^cH323r(jAne*sx zcNcQHKzsN(DTvw^e!x%nCV}@vF{NarI6OGxA)Xk+jNGh zT>^=b4pUp!C$x<9KSJFY-ELUpOD^woHM(_1{X|6D3$n53+1GpgFH}0WL#J+w4BVR= zo4@KAKlvwpr2jVJ`sEY%_a-Zol0G~K`2r{QyxLfE4_P5a&;1N*cMqTuU{Q#&J+v;a zwRlq7)9T3M^%EJaQUda9C;UXJ2NYgnxxGD+qM%rGk$0v1rg7v5VoKQu=pzW4MW}M(J2vipW66B2x5v~w zLDSzs#*4t}-4{BwDK-k^7FAqEmu;JR2DoQ$ZCnI%_@{G?XjCC`}y%{@=*bbLwzo4zVRN*fi_^HnYf#}@VKCcfE#^Up%DcqU# z6mM%FuX_nL)!QW8lB?OOtANvKJ#hL@c`eNIz_BDT&eS+lByC*>)3OC`ssfKO8nbD! z#d7jbzHA$?s<6b1zb_rW8r)23Qx1Qhw7_$vspP4dIMXHQlB~6`+Bi?m(71)?;bL4q z6*3%ko5o4)e<(EE_QN4wH5gw=nf`WrU`sjHFQ$NlrvAC;u0rLmtx zPh`I697nS9bqKalJbTd$2L!kD z)4yC7)ULZ?6Ld{yyDMWZDJSYbrKHweJDx4TEaiSYP`+Hu{8pmNtTI=rOI^Bjws8{5 zVX=$nH0=B>NO9=APHe?N8m{hkC^Rr^{Zj)^Fs4JdEhyh<_Re>%q9FT*cDb|FjoopU ztY0D@Low`{pXNZqqgaGGJDXn$!9_60uz1aH%2+Qf{P6fx^PxHqN+nh3 z@1 zDf@yc9ouQL35jm+^4orH3gmBL8J8EmJKQ^-xN(|SmFz}h zrZ&($o@HCu8lF1|WOJ~>$r~7Sv8Hw%D#bo?nvV$KN}Kgc7!K~pFE=QzGQC}EyW+do zUd1!H8~c}&?GR7IZOt4E76YNX_VlC_UkH)dWB;8l zn5~K%APUz>(^=sVV^w!BA6_f--`d3s%}fOORo1VcnFNau)F>@;9g6Rg*ATh)DGg6K zVsq(#2SQIr?XrHWT1fxK&bIEK3M2u4KazuGbN<|VapJe256Kw$mJzCZYWuK@QHWs2 z0?!#*2iG~R%Ez>n3?;En+GSMdDB#sN>HHcia$)v8wV2Bluv478$#&2rTRS|Rb+RC& zBZy4JVTE11L(8cFcy$V?m6P2$lgVsQ)vjwi4>YPqucf zUk>{Yms{I8KzJOvyE_)W+|;Cn!DRK+=X!14J`UPK!1KXH=r!uSf`-V=Xv4HP@9*3m zB%5_bqc0+K=>z26c%+v=fXM3V^0yh4ftvLr*(f+y*YIXSH@ITO=egfa!R-p&xdNx} z-%j~<5}dh3l7C9eh;tDXUX6aoD?*C+9Po5SCsz?z;I4R3?1_zcGL)tXrH8orge02Z zDNAnf>RnmVSoV8GkUVXk=P6kyLzBhZH~$~>lC_#%x(9h|3r!@KPf9YmbJOEShg(*6 zlHXG?HadLGXRPZlnZPGqF|_P{B4aXIv(DKDOw=o1H+gSDAd4Zj_Z$9c2_aUo_g=!1 zr4bKYib&4*NXYZ+*tYBE=_Lp%V#Zuu`jZ0P9OvdItJKH9COVb2;$fEfoIT-!2VH0s zUR60h@4!r+UN7Bvf>2d=$OLS=`Jr#Yq;={^|U*SAt? zp{%_4mRryXW?!O>a>vSGRS6uh{^)Nij^(O_Sq(C5dm^yaM@}_`LihgO@@y%B;Sf$g ze_r>ya3S(%sJ~L09YGmCI++<*2wD4e+j!4&d zi-448iGEZfcNC-p=TGx}X6ZTW%yyogoXi>QEhdz^u5!XU5l(8)5)+Yd>#b@VU0P33ysC++%sNWw|+4#1^X=Arf11W6f^v6zmSw=&nQUOBtR@n0&Vg%}0ahs`+o z48^+o&g##T{Wo*A?aFX@%~EvB)5b#o1{|ns-VJo4h~riQY}JoXL?QeNL<^;>(Dk`) zlzAO$6BfhS!5OQdM!jVm?rSn;fk~qxm=g<2k2HU|s>{jK8|mPouV5ygg85)#@q7q! zi|TH5i(b6PUi4wdtfZ+>MXc!47S#Mjrxf3TRlPq$`Zd3P-2~}nQH#o1?kDVp$9Y5F zu7!;Fd*EWwyGR1=JXc~lxIevvzjfJ(Gy-d51{6mMV0pW7 zt-8WzlsA~b%8|xy;!i!3m#}EZ7yZ2V_PSb_Bm(-UL|J3Tr@dZ6?oV6U&4uR&*YXYV zZ1=#E+Oum)6XNGJdn;w#0tWjjk;)EcE;)+n+C%)zU%Jm!xDTOv@zpE(B)lQ)drQ?1 z9e4fNMaQDuzl-AcE36`gSgEoB7gj}(zNy2q1&?j7Qy)%>6u}tbWD~gtn6}!^MU^Sb z=PH4dZIB=BVlYY4bjIkj8Uf)Q_5U0&wUomK71#ZmU03ss6-{P~cH@ksl6Nu9OEuy} z{ZnPKhkg$46yE*}S!l#|q8I*Mq?YeHkWm_fLVNl)TUs$sjdeJ{HMVsKJ^Hi_Gr#OF z_#{00FZg7EUgcP0&93M#_{93^TDqj1<^JYYxL+1IfP{d|jAwk!vc+=@)k13!jdI+0 z*nBjMG15#zk7zVb3TURbA3v^*uWs#z{=#3tJwxF9DxJhrpg-cz5nycQ%sLq=Hc?@g zB?y5e>D{zB|2hC;xl^8x6c#+IayKKHqkK*lMD(@L(1;hU6f>{zHJ=_X`UmIx>&#(+ z+Al>R{K<>ZddDUj z;Z-Ijg^Bn!?hQ^7+3o~w^1}ehBco$U>s;XMF<$*i)FxO%>1b^59N&Ik6kLyrCSxX`e|g{|z1T1Lh?szP=dVmrR7+fQ+5R6Me|+pFTKg+Lx=B`L+6a z0w8()M{#$#f|-NatdI9qBI6&w%6ai`@P-x($-+vV-N}HzxR}3Z-QGvB)L*Z3JOWTI zRsQ1oe>}jmyfqTLg6>ojxCnymbsq7X|C_Ru+OGd!9{1mlxi|fLxqtiiUmwG~9;xX6 zv2gzP$^TY2{|{DJd*5KMHsGc_pl|*syXW6-?(t&_n3#_*1&1p0Z(oSDy0bYwJBud< ze);h>Gb7{oug8Nf?I`k}xQky-yt=$wy1@ONw^aQ|8g_rb11NR@&!1=6<8J=_7|^rg z{`6@x|LuIhH~+ih!S-(r{J$Rb-*l4yS|335{(lnL0xPSf$VC@ zymP#u>pC+6kbn^HV%2l<4B(c`5W!#Uy{>h?=#8~-WnGvx8=xT{h#Q8;%eq5(n}6I* z!8^0`-`JY4G3@d>?qu+Dsn>Q15`*u*wG8^@JHW`@)~QU`jpjPdN0IvVxyp1!WMzP>l?yx|$6BO~D*D_*8_+9xbb36NXvDtCe!2X~y)2{OW?%yMrio!*D zgJ`9wUmjiqm!D7{7dYjiZx7ktdZd-WJo zw&NR(HUn`gK#PL)XL_-hpV*|K_>TUH0mQG5b^eoHwtLXcbc>;k7O2;CjAK}00y1^2 zzRmc!-42`aWZ~5B5wH5AfGmd0_J0JDh`s7BVPy_pMRX8cG%w8hoT;UhqSk?o2Lv}o z3=Rx}9onU|;yL{cr9$asVaM?!APoUJbK`;mVEP|fh@WIOCud9-G*-P#J!jJv0#f$C z#i4W$Zp!A}pIir)b9dRscqDW&_xtTujTZ_%>E99mF0xuj!vXR(W5F#|g zB<|>a#bE5cz0QQkW#2t(k_TrzY53cJq_`{~gAS=F!-`jYI2_(N*8FbEy@e{D^%E-e z#L@jIp5bu=#x3i$R zMpF9R&6tyH@BzQrILABMd{XAW+n;dQ9sE@do5=Vq+cWJ7;GA9dZZCdJU**Q2sebF% zy>nIhcHq}F&-!5W)Zi;;qo;FP(#g&OUNb5S%&b}R;>LT z3PF0XV>mZ3(slElf)TkEY|L!(7-9S03u~6vS+UiL#-kTc_4^_&ZW{M(G?526r`0*k zsem=!=G`@hp%$Kx+nE_@tW-{gu1Ih8-Dh<{Ioth86W+GY_8j^rxI4d;Els0kaL@m_ zw*F73NOYb|OY8Ufiv^%?x67xesN>&A4hs3x)>N`Xy#7f1Y`Ovl`f=mH+e-O?4vo@q zvmuN1w*uM1q$%DS+%G|PrYLHrKEDeNF5M{;r4S&x1Inx3|NN(T&Xe zN)n-#-5E6uwfkX-lbuC@bB&@6tPEViX^Fl9exCCo!<_vsx8_ld3X*BZZ^Py<1OO$T z$CkEUIu3%LC#TapxdJOt3>@4S;cBgscP`}qg&TX`EV?CNK|HaERegRU=)cCMu(@zA z>7Q77{)#8$?aY||1M4xQ5{?zA;hs({hC9sHYJgHpb501Q(ESS2zn?wZ z5FfCO|M?<&qiEzLVbbf!dCqTN;c;;1i2d@25!04_Ux-Don?o^=?`lUoJUxLNHdU1; z7#H!tq$O`4Esp&OXq7Xufm10(lSB@xAFUhRHOhXOc=s~Va*R)k#y}6E`7)iKmI=}xS&3UJ~bLL0bA*Z-xU*K+PE8-qi zIFcskT2zG4n%Zip;KNMXHj}3$^r**&N+h6Uvv)j3d64Vy*P?=Hk@$J_qsco}*^;Y| zyvBT?LUBp)j6IQQ3)Pw(8p%}ildmJthAfoUTSol0tK-7kdD|^5-aXf%B1x0Hr{e?h zThn77lh~OAnBT9Yv)r}gJpaR*EnXLSy%ES(8%}vcXI^9je-Q2VI{{1Jiq_vmT6a^j zcNP}Z{gMturlA8RYjVU`r|?5TI3wR~cew}+t)RnOS$4dE6t$Ya{*rCBMY($rr&O-wl;C@n3mY_pcg? zpku((o{D}^Ql z+M&dy^fb0Nsq+XcAKew8f(9)3fm>y`*l!8cK8`GBVgZ2{RV76R#6xOPi3?P{qdWB% z^IzkA01D+j4Mg`e9n^C`zO-O^$90S!}>vY=IWy#vl zeU@}AzE%i1Ufj4tnva4udGHuIY8#3=#4HwhOGcRbzLQmZYP&QTBybcKh4YknaTKn( zSIqOw1ojlnebu_cW+n90GH@0Fc)Ch9kBzi7g(La8dvE^)Uhf;>Vu7BH%`Ut|?0s$b zo1ee?6Gt~$;NpJf_$5XJ7r#2!sk=S{sn0C^_C%qNOU@TaJsK)iQU46Y3v7QxQah&D z4)vZZVMnv_Zv}*N2}3H;hX71T9WR^5Mf*S|{kS-{gHaIW0l5jDMplHgh?+Y2GE-is zI1+8oH}ZPsBppI}DaY2E$_m~yf<2?wXN@RxrAT5;0`D3g@#^Y1_k3;tN27uy6`B3H z(Y$?Jdl-ES5Ymx1@a0a*A9a>iN60{G1|M%9YX2!xLDd4ZbOQGo)BOE&#m;GZP0z0! z?sGG2P-*blZ;Xol4kcE%cB}rcV8%%GJGZ2bZ%&d3S>{yyuiQubEcXJPucxo7ag-?C?+T-@58M7kDvU}+L-G^1$E5uHY&ol?GAN;kQ zKLT1Z=-lA@i%3eQCcd}Qsx;)e=arcCPT=h@5Rudh)}BR!9CH>6J{O@hU2i#0){1rf>jg1?ktaR3m)o7`%Qd?T&O? z>p!*n2+m@po&2W@X0e7>+mV$~mi^{L7!W~mD^1P5n8k-{3& z#RZmSidFkSKfkrj(HY2CkBgo@p-MbmG=F$`VTi&XgS~xK8$5+USqpyRH%bW4H zsq_hSEmIPPT3utNuXB9$G@Pm`q_2C-e8|{`*UtJ2x14LXyeS=8!+UZj0aQng`G+kH zG!goltyvxR^sIlZi}{B9+{_9oSpALz)ISowuRMXr?buUQ$B7#pue)9qJlTiD~lKp)T05k!?Lmz|tV&q}ZH)H0+THX{7Z{_XF z$PT8L**(_TcXWP5jUzBU^f;ub*&Ld7^^0~)xl2zS(3WPx zvkK7m8)t8ihs8Y`xDU5I9)j@C#~Zqz4bAa-3>mhRCv5I8%F+w~4aHtkpq(6@oDi=$ z2E^A_d0aEKS0nS{Cywkr<^Ecp>uW(YZ7+*vBXffaZK;YGEhe_^$6Yk}G}S;STbuy- zt;-rNe_zjS^WiH4*_HvU)RW8hhrluBPWR%Yy)T3x2P`CYFZi}6s^(HDE*Val`lmZS zjm<|WIS}wKw%^*JQJ#B^5;)iLH2?`pbm{TW5r{F2fzmGwpD587tk0s9((ZpZNQB|Y zrwOfpyn`98_I0LR)t)i6?(=A)u)N%^GIt783X4n|aFA7#az|`+GqyLMNZ1<_>K<6D0k)^^H+W1rp_O;Ta>C_~)5se^r zwv$-BC*MOtaMo0RM{gj{IR2Wy0=3~)Pxmqshew{7p5}|*JqUEI{RXRC6iQ00KK4Gv zcLqts1nYb4yqiW1?O{@s!J(uiiM*KUfw5{E%nMb8V7+i z3E79!w_D)rGq*)?ai)n(j5NEgmSO3v8|E%ke*&5ra5#gD%j5CU<}h0-H$&q5%qpHv z*7eESEq$Nq#TeD6#7Rk>wO$RcfL?vF!Nh|p4s)ZJf$Fe^i=|turj`$9zdw9C3ZI<% zkN~On%?zrR^n&UpmU>^K?B)s9BSfI>U)>|VyP1!{b< z%+sGWeUQ#;{?cYNGS3>gEnjhEi=m_!e^pxKqwYU+6QIPQ-@sEZ`ujA4He2oSZYB-w z_UirLIRUiCt5Q;+&ty=P>2(k$4(*L5$EvQ?rk6YV6_0H80=ah{zReoE4;k>G-V~EO zHzH|M**gWjW3-m4Lg!t zw5*!1y~ROvX@c!6tRiYX6Fe{Yx6LG=edWpfaL-AvjUT$y9;NXm)gx-E3X@~w(e#CY z9Mzj;*BI{7l!p}Y1vA<9$2zglZDUs<26=oA4cORdFF2ryte%dIA%v zJinM9vKm>hRJXmCChqF&;FDrf>z^|5I}qx&=g?Y$@@TKs<2Aj8#LQ;4m<5XC< z91Sn|m8N=nu`7g(7_I;uy0o6Jukq5QuwVH|EL$C%Kp<+HyOR zA^ui8_{k^p?pdY#ArN)-3JbZ4<4@SBrboV$Qxt~$p5y`r@3zdH^(@G;AJMXb6%F5_ z{Y^fU8@(J(T)OI*JEk}uKsVhxb=VQ+v&lpC#WeIy92FP{XK>Q&`|$qqyfRaqinv3m~11Ar5?n(o)W z3W-gPxhH$&zOJ|jx2r4JIyv|J^+U7i_KEl`ZT*xAH|?D9i3DVYNkPYU{P2uaJluETh*@9c1ZMIC!;0KC9%M8u{)EhQ+owvyf8D9n1> zKc$gE9-6S#DL2OLy)|Fk#vZEXs9pR$O>|-Mo|GD`n-+w|OHIOzJ8TH!!vt;!wc#U; z->S^Se7&ukK-#c~C@vU&apFuHY#gCjAht47R1kxTdt<&R6ZDeA#J3GWg;KRau(fJN z^^n{5W-8ZFbb=@y9ZOwIm>8J8PY?uxo*Z--@`xtn#n6qhfkNu>ijb{7H0uF`Z7R|E zK^THMW;cGMsYE_JP~3ao4k4d@&TRl43msXPu~Ogf7j5|&+(1>WZjIEA6|F<4lxPpN z3-tLHj>urdz0UISZlnyt7Z*d&Q_k;KJ<*JYw@Z;`=62iXC%(rUfKXB%O)z}J_W|t$ zCqvZ<(TAwP%qWR8#3KC_y~2ZulaG^zLTh{dwLjYYRkf;lMmNE?@9R+}l=e+v-42+k zLhJCCcCJ;?DJ<#l#73X0ji?;nL3RJhd_T3KtVWJHVj6(qS!m2I!0+BuG@>YPa`3zd z;(11zIN8#>BIetD>vX6v-H^7$>mp*;$Vu}&e^O2Hh>ric5%1b{_uKQEV1}VPeG8&C zi+aao4KcFfwIq)M@Nw(0j$#`K>X+{(^JJyruPnM59wg#e!M?#!%^+%=;JfkPkr_-( zhwGl0rsemY>y)C~7nlo5E_;IZh;S&1>gKevM3v>)_}Kvl(jjVE!M#yqi$yw%$VI>& zxwn{3+CQoe{JpJSqhwHMTr}BFzW%~$#mlb$djzeJU<>Dm<1Dpbk_~}`)>;as&#$W* z_)`tU;4a0l7!dDtIW>UbrGHLFMutnrK;FodnM(LmeX8S)!}^~O9QRKTS9`?f z5o?Rq%Hky&VyXw)Wg9P6j4Y-egzb|&YRQx<=45?E$f7^cIpXj8Lz3}MFtg$r0A9B7 z<`q_a8FKI+EWoRoQRQq*B;V%mbbv%}Z~YIANWiXGn`3Do22xJly4k#mdM9MFRD$)NFwGmexI3xl)^pdb8g|E*oPZU+s( z)!aGaia9^ra(^#d%p*42oDT`!SwrqyIz^c^tyU|fQ#wxOR+=8{ZMKkZydS`FLHGA2 zm)+bNJf_8K?RoN-B(GMPj8%#vjvVzx*0s|xasmv#?`F4X$MYMC1h`C0xNHIpDtVq& zdT*aa96Uol3;PK${mzN?mN)8c3weRl{fDTwCC<-etO}q>`Ur!Trqk6SFqqe}%K38x z6$ToO1bWF?@cR8&vEOMTG7h^r*DQsIr3S8 zIhK-y7n=RwJBzJR*7TRF@K-jZCQ@!|?LD}>YPO_U3v)XG+kTydJD(E>c+=$s;MkzK z*>#i3lRGvSh$O$BSZuPC1d`=WJbY}#+vF0a=qTl3zRmpfk6@HAKHD@RCsWneW-W9x zJ`&$jn8d<3AWTQ};X%S)_ObK6IHNk`AxpkhSIY@eox{wK@4~$Og9R1N-7(ITNu4=YG@;=^2w`x^je1 z<7dKbR^wcyv~0rHjx}6&t?B!FWavBp%jx`|e!)761g$&dfhH=s53E;AU9~fOal9TA6-=l`* zVU3ORXJL;i@^Z$oA+W9rMN^v;^eR<|H*=Rns{dZYbkX5CX|IPD*gP#?R>c0`DQG$t z=uI@GlQeZy9IKRYcGGer31-Lw0ahu@QCM$)X-;)=!FJ==d(vsQz{#*FbsgJUmOpoI z95%ktog5Rf1ssV@#a}LJtLRZ4-Col-S?s<;xE)FJpclepUixos;SF69h*^ z_DQ{^q9T?5@}bbJzWCnmj6K@Hr?uYEOb`#()pb99uG7l1f&Llxsx7X#ab?WXR^#>w zDkKVe4x#oXMjX{OSue*#vM5o z`DZn9KfdA3^nkqscp3wiR&UzZ4_ur#b|8=q5;mc_#b_}pspxP;9N8khKVmBsR#2s{ z?KE8HzvIBoa9(LMIc&xzdk9Ucrt)&ahavSQESUAp&Qntev{F$hjZBjE5O^6%NR-3_`U+zbuiQ9 zg%gal)blys!c3DcdRcOBUSPu~6hP#o4q)@1f)=jAHC3zRS7?7sfB(gF1QclIciE-S zin>PaL4IeEkLHBJzf zBMhpIvH5$IVZ?IhWA?UuREq$(Wp|SG5^I#HV1g#BRxP4(b!O#!aiKjy(JG_xyA_d& zoVn!DCis|)@6@3_e^>i@z3CW??#5C;P5ZmaZC*BBwd+sVjlN1u>+dZZR_3TKx*Q+M%E_=~_e^aOp+ zo!=Mb=&3yD8U}lH{2IOcwM!q!9=lVA#}j#*GPCuU8Bd3rctKIM^Y0z8(e`<@J#Vjg zHh|f-P(I(x!^XvAbLmU=0Hg~CV z`FcIAB1Z%gCkl1ZAoHyWfqmH|lNq4jzEFYOt>rXJeFBc7U5RIc52g9+%uF*MuF`@v z%2jU3L{>aSLSQ}5QTM;{WJ_mh1`MflsbGzL@>YhxS!zAi$6R22hJUjfy|XVML0fCTxjydRQ^}Y;O^-+Yeq13<4YwtkIJWqgp37d|iGqzg2ULs9pfmfG<@KZ;I)n)T@*C1F5%S~rs6&a)H#++`}lwoV_gDa`w z^?Y>onf>X4O4cNR;FG`CcE3gT(WR|n{XwRyNNflY=iJg~{YZExzRf8p8HV;<^}wU} zraYb?K5=#%1kN1o?XjZBk3^FSYf+*s;E3)qtrbLAu0>TCRSIjiZBV-YjP8NONF37NJK-NtE@`smx2_qdAc#0e59p*YR=}@HY5RUsM|n|AKy}(>5G;F z37IPBFISz*x_^SjR_KJuU(f|hS$f?9r3o%6YJJMJIEZa*dS>NsE#kKc3UJHq2~L;| zff;Dlr`DjC3+#PBaqH^FI8%QxRq z)L^4Km|`@IKqvM}D_OV1fq?gEuKU?``i(nq(-4@_L7^tXID8SDr7@#d@Jw*$BTP>; z@O@!8<1&l!;m=m=jaN3@*cM+Yj`JEp6Bh8-F;60fA&3>W&e;?+T+2GwW8cxHFJZ5Z zHJtI@+L@yic8VN&GMIm?B}n95988ci4G-m>cIujmYW9V?4bhbjp)XRd$5~O%Enx;h zuaHMZV2|I*jDC_`Z)JJuWk}t7*Ad3MFC@Ql)g>880rHg#tBx>_n^c6DGjzk`2R=Un zRS1fviz4#(d_dz~v_d%&>pGB*+Ls&RdA%viDqTCq;tzKZD%dBTuTD?&EtN}PkB(ifwGINQVl#H}f)V^%#G*CjdhTni7SxTyYV_UhC-;6aa~f;> z#vM{kexwzv^_wprUuCOJYql%j3vscvtoM^ZxM1^SnQ1WWg}QK~XfnV3ZhH`V4LPD= zrBUFq+K3+2%1fGwe<(tEaPm>!YOx;H+_I+#aZs{)f38f{Z?yCIt|ei`Y4_v%Qr*b= z_hxy&AzwM2u3v`H!aD}_A@NT2tl+tD=QIs37O+#=Dit11`NCqVM^Ue#7AXuY!%^I&GQEc{q)4Ab##sGCEito#d7)R)A5dyiqFgO zs|&>KH6(N+?sW7xBr6y?GJ&zr$T+~Co_S{VrKh!iJ8cOu2nfl7XNX}j@_ z2?Ud_xA(#1?Kx;b8BODkN{5&TLBMARH!^#65-x`HS$9?zF;9C;E5Qc$5_vw zS?lD=JmZmk4I(C*&mNTwB?A@zF#$GTG-tA5!hqF6$VB3xS7d2N>97LM7~Q&p(tG$v z0>y;#0(+Y%+-#*Cs+Z2c$$$c-WUDlxVjw`K_m$WK6NdPS1D*s;HvB^xPMO z_;H(233<{spEQV?ezwN@2(HHpB}lKSk#}GGoi%WCck8%6*QIteg@1jJ(A@Sti9~t1!T&{rRIa|%o*p}s3M_WWA9Wz*@<-JbFc7FrR zsNrh#>5oIw3>xy~$2#!^mkq12%yqI569kMZfqyUOySNIy5{Rcx2)M0D=gm;6iNy2( zI;t4>x8jI~N=~=09f?do#o%Ht@I=E49~Dtb_Ef2+Qtf%^~#RJlRNko0P@(;8l zm+6?8R+e;s^PBEI7@Rwz4YOjmVh8VWFFxF>JArMsKH%IDv%{W-I=1XFOt%Ui|ZdAv}*r-ZSMQ`M8%Pcwl zO80N$_C4M#dH%(%$C??eM$Rj|%*{8QZvd+3iEbX(dau7xwB(VmNs$BTNTgd#C6 zN@!*wP$h1h#5?ex~tLRo!!fA=uooJn&V-+4A-+WamcsqFUsj zcPXE+Hoem&z+Ep82ny9Ns#zdV_&+v2jMyB$L*x5knfoXmEIlC=s#MMSi)US9ag7zM z7B#CB^K5_P*dJ`JTNDl^C2EyB?w^p7$+7$?4*ot_+zi8*xX4ByaQi?V>tMnZqq^? z2*b>s7lQ*BcSB%WW#2U+kBe6xM*sTR2e0Lc>Qe<*9-Yj%j`$uP^mwrB#BJk{(7jkL z$7G$0N{#jJOmPb9=l|o4E+KnrwUSYwXi+rhk~A^XESC+Z4M^l-hF#`-XeSt~v8%Mq z=#g{^IOR>MLzL20Lt{j3!D_U=yd9>nP^##<$9u;&_|e5EC!H6}hly<+=1cC}R(wQ6 zf#_~OCq&G2(b9eeiOkY&_>d`T=Hb3Z%E&{Cvwk*YS%g0gXZ^RlGcLnRCwwKK=_kZ_ z$NODYE!}FI!N!p~Myh(s<_l70FE3>xawti?JNKm~(mZ~{SL~}(FG;~1VlWDk`ZV=9%xFndx+L@GZ3ise@-sa`1asX5+u@)tzU^&z}0!Z#wMXG=bz_xSa`6 zLB@;;v44Yj*2?~*oh;roW!V@k>1RD62hfBky1?7j)g-oQ9~p zn-mgUSP|?*xWODk-GMRxhH2e>eSgkDs%=xy#Zs_Ho7qGIf;hqDP3?`IR1+#m>o%si zX)`-ycx3Zvw`20v;2~4fclyN03_R+Gj)a5&&%7r@F;wt;`iuUgOpeYmnDy1XrkOzx zW*SI|P@RdJrEp|iol(tV4@qbkGHpl)9EORh!Q?5P9fnOx_rHS_+Hw?m63 zu?Qi2u+D&DFIDvS&u4}OOC#ax3GEt$)#=qqUC!Bp!Dcx+m&GJlY+>4&RIn}*r{+ir z#2#@55PD=d6-e5=`P}*be^z$6YVJ!tk;>J3X|rs)2X>y6-)mll94~K4_NkYOip}DD zyf=1xK5NcJT%JZJsdR#J=^&89>5Dn|ER+KZ=0!x+kz)RSkx!_PNa!b=oIX%8aZj5S zOMnL^vakq7(hA`*DP~z;=iIeJwjPV0orNvQn`2@`{FyiIYdEg;Kn|JRLaWUk84c%@&=nm^forJ)_Ff_*}jQo}`$bM`7<-mtgSXJA;XFue@BbJrrK1 zXsXQ-M%{f=xarS7z`UL#I*W8~KkGa=lhCn=nG{v`v@7wujJrnlj~YilZ;E--}mA?@83w53YIKxvkAg2>#jR8LFn7_CX`b z&WF>)$&t z?s`Iv$CYDfZXO6I-N1INr zKQ_T~We+9xAh-+Gvnlmj=GnPo>upUrP_KTjEdpE%)+oCgY0NjIHxe(nd^HL0tCx3} zip$IlR&Q)izq!KCndq94m>=v#?+27=w&_3$u*Pb$ r*jD588w}=#<1oJOCx==Y zsNzma9NJP{;Pl2V-h86NIjTr2*+YMEcv(1_kWH?F z_zJg8JisCW`4!ye?unq+AG84`;=1l@Y5s)B&QKY6!$B2O9K4W!RF~9t)MaA-#vsaP z46gSKD7O&53XYP5@t(x)UUP(@aOB60<69=iq~nCjYFkW|rtk3uJqR}qjZVnU1x};l zxi+{Df0W^q$Imc2xd>P9esqsFYIrfW4hYpw61-JStLwB^`Rs$C#_n+A!Y>9?F8Hy9 z`EM|?h>V*@(8r_@r*D(}ovd$Pj9G^)l*q){+M<2dD z__R&2k>C~S?dOX+TMpFAr|wlZj61`0osaalmSqndbYBFB9`;M85IJhEcUT3N@ z5TdEK9skf)Lt4Tbds@CRvrcaMfKF74n!;AZ#eiaFEJ9T%>d|}Q?T&JfvY`VO7KWQG z7E8RJ<=rBiZ_bWlIiCiEjZ@h2WxtbE`WwtJm;#JFTH=UPoUl}@ZWwR0KG}#p;fxW5 z-Wn^=EP5L`waVBXAW2P`p;y^E)s|byZu-FQ4}NX&-+`oWWarv3*uG(P>hqbz0!J#Y zow>%zy2TlOkvDLY3URc_ED`|Bijar-S)6w>OXvVg?4Yf&-LHw1?dkh=b6Lry9Y!KY z(&Y*yw4G08N9%(XxvJJrf@$BRE8NsoLUiHxBF#s8j7&%E`=-toDgu|(Ft*rsnIBAO8f$1`yj`OaU91a5V45>BdG?Nr)MHwD=Nkf`6YzS*BrndZeHLXiNb z(O>OX;lXjbc;o2{9z)N3#T}9j{ykf5_Rpgu`xA7y7rD0es&k%8x_yFAy@qaM)w`Co zBR=+hi}rW(diDqcVemW3s#IB0w)E4O>#WcS#u|ol>9;I&bRHm0lzVoJ3iK0ZTM&lA z$xQGE_s}g%swJwB*Pl^H5gKmo-?=aL-ctez1FI_;F(pTX7N&XmU#J^CZZqa_n>AaQ z$;|`tzDdiaOVX>L1dXUa{d_hELHQ5}n>9RL%O_t$Oc`B0>VeaM^0V>ol0M zbh^bXutblta0&eb_3La|BcXkY0zX@k{i|r1HZoPLWe-vk=Rd^jq;lJ9M?2e+G~4&w zQJLd5=hWGId`W~D(wCC6!Ke@ac&gYd1{Fh-CYe!gX?__Y^=H}XQMrzDeExfM%bfE1 zMERR(LtuS6w;xM>eb3VY+v2*c7L3|DxvcIRseNClDD5v+yQeH^(cSCOny2qsrRz9X z<5ZYrJj89sKU>~p-?8OM_=6Ywh!+uH-x857?0of|CuMOgs1Hcv^E+qRf62Gm=TCvb z5(kV#&8NOB3q@}EeuqP5Vcw&wgRvs_`}ML+ut zpb5h(ci=iiOrIFH=PEzjR`>S8>;_j^@x->U$FleC-t(F`;~)FuqJp@w7LzV7qRRuV zPNAffD~sEp!jcB$Q2g?<>zI=^7Mo4aL!VY>edFoEjDS z8tKs0dWQZSsF9*KMyyr(?|^Gkj%LOiW(Sz1=mdQpCO8RM*+g?EIGrrCFJR?re$N}V zVw==f>9@nIu2UXIG6YWAytKOIU%yPGY#;A8jqe-mFBTA!Bf5>%278Sy&gQM9CvT-+ z+2UecO$9CoUOm0~Pmbs0>WQS0qhnFvnSs4yMwM2s9Ub8iuJMbxkd^&28N-u61W<^K zGi`M0ZaC;3l4G&#kFL|HqEGW{iuF*Ym#pd2MwVYxG=ZjjI>rp@A2K-7)xQ#Qn(+V) zvxq-v{MNWch?ui*|LR~D!vSdC5J{#p1&ZzF+Ys7Wqq%(tW;Dz7oCh#mi(%!O(0sJ>S;CnoBs9QHaw|AAB+}E>RYMlwfX!~49<1tbz2-P5 zsu1P(!B_B6I1I!(0$!fcT;f$sbS~AdOM8M_@Fnr%!0kEuAhyT5j&37Vsnz7P{X!hE zEq#D$!wK9w>hhYo$a{R%Xqf9?QRi9wIX{vENc<6fQ0qEaMKMTfIdG(Y{LQ5J9NeY7 z34HY5wwv*GW_rRmu5ZAITCKmj!(m3$KUV!;7td`Txz9xyXxVJZTLDC?C-}5P!>jnHxo6&WD(0|*kY%TzH`)}K|%{~O8 zt^cwQ{QrBX|8w~XiQ+X)`@c;7^T_`vxp*Y=|9w5t|L^3y2nmhU>6+CXFm3rCzxrQu z8yFn?fPqbV{UNvdYmhp7nN)a8Objo8N8i;!Wk}`U10MM9IAdOPbi(e|yybb@AKn z+-qLWe_76}_5ZN!|F3Jd*M)=sw*U9_*K_i($&oa!K-D!iHcr@jX`q4se(<7RSl`*$ zpef`7%CU<^#>T}HG$qQ{G{{S@wQRf@mB)hz>*=YZ-OW0+mr_5%8n!n!3=j){SOIQy z;+;j$jd$?S`uFSK%A!zu|NJRg)(&p=Y;iA>4|#FQ59Xa15tJJqiQA}sH`A9L9@3LM zQIjwmVJB)c=^cgX(+!2e1jWns7eheIw@B&ctS#(#%OZW}l}dRPfSBuS`|y~pAUux( zzlx?{7fKWM+FrLWRf+V=Xz)E+n=Jj32AxhlP||e}cDa<*vwR&X9)#T##9^}wKZ~j? zWT_I~AB1XultW?f`4`p>nEb9Pl9V`u#(Ta1@@3~0rR;(@5kEpeK^p*yJ%t;1tZO2( z+>%r4c-LwS^G}D+9@$z~gS3qgH3exKmZThh^(|5c8UE=&V^zqjE*NHXPc1gMGYdfH){IEm{X)bn&%cz+D`v~dJLv84&?CvQ?P9vvwS+c}#a^`j2l)00)bI9d%} z>!Bg}=)>U<$?k?1vlg}g)2Qx!2{)rSbr2}TpQhR8)JtyYPpJUv(%u!Vt{R`2S%1tu zE6tS~8T3D^Bq|apnK5EczgY7ARH@YE;l`?I{)h+(?bf(`zfpH{(us34ub&D%qMQQk zymOwOr;1_Bbl>9_A01W%BTY9(?B1vkBCDDK_WwL`;T=0_;TT+0cF#y}LLGf1BoAvD zhda*oM_Dv-lddhsYob#dqUuS{O@0l()NPHGRuuofHBBXSo=_s< zCwijb9o{umc(|(V-*`6h+$=+ooy4&Nzm^WrV(objV0-)*^hr z6AUI350ud}GB?Yp=t6wUa@v7%YS54O-d(QLfIMu6JMZs^T-6NaybtQ5kF<`utoJ-5 zzRJAGLU~a=G%nacAPewN+MGQAyK7Wy#G%~uXPZ2&^RLEk5~Bj@Z0$Y@eYU?dTz4jb z^AItz$7$3W4BmyOV-SAk$8njh^mCVMguFTHU-r89kB+41?3_$9i{vD<4}Xs4A4lAq z4uoR5cm_jRmYa>u&tsrBo176R%II%HVe{ku2@HG{94(kYJy{R05JC$b??RI%*gVfc z(R0_Vx=?1el1a0vftl@qhV$N|+#FG4^>JerBU-7>R3NeOUpx8kN7W(YO4Z5e5wUsc zM7=S%t|sIe&qC)Yp)DbDuF>01?(K{*``358kLU+@$q#78ks7yUT=Qu|1_vf8B&!}^ zsyNSO7Hey^$L=6aMbEM4!yj1!u~j9=Gj2bwdE{V4rF~E$abJP_`KDAr16ABlfo+W_ zp)C3x$I*?Hd>@tZvk01p?_tn@tM{!BOc}63Jy*e`%e(=1b`@Sgy3=+e5dkkdG992$ z(VemN`gtZD60f9HSB+}0;CX&0yN;**SR@dWw6e&=m?OoFh$vF<#*#kOITELfuoccd?jbXM8x0vG-p&QgP|7cni9KT zx7HmzT}OZXrnuj*(!3`02o!ZC9Qdv~D4RfBf*vna_FQbD4ukr=fw(4crHpcT4E1z1 ze0Q_MVuRJl&Rv!IrMaE?Z@mCL z>f#S6sKBW`hjK4ftL;>iW7my^Zg9~@gc5akidt&==};dv063GoulLZloW8{`EXsZ) z{^ptVy{7Q#_x9(o&x8cu5P87=KHj8k9x=SH*PL5rXaWNHV|MhhEI46IpkIwd72>;7 zjdMqN|H3rQ1=Y~HhQK=L^2IyoLEGh~T;!UMds>hpWT_5EOvoVhaNn+UQJ>2pxednA zZ%*5eMUDE@H!zee7brApTUT>`lJlT_c=){0(yDuAwLNxFmMqKZa1+Tk++p4mnrr14 zTjSwl+)*?vp+iT~Yf?1QZ_34P5VPh1k3^2FxHB~QTqg9@y0?G2ATB{zTWfl*hu&C8 z!khlH0T9hDk8OIZlis?~Ll$RS%c_}|V8;=N zC$pWo4@8okSqlk3rOrc6GaerBFWN$YXkdm-aHFE}lM<3XK;7)l3U-BK%TVQ7(dfgK z*=qdZw7XdQUe!*&{~Y2HJ=JYMTt@O>tL`w7*>~A0Wi{Sy4A5p~bWmloO5Xa+*R z;QmaVmT!|M8KPFrJ&nRnyhb0To6MO$dK~u+*;XP%M+H(J-w=~?1TRcp#FR1osa#K& z%|2!BucqH$AlyJm{8V0k9)f(H$qhl2$WpAJYu^kIs=r`|Y$ys_NVs79wpK z3xzTASf7W!jhlA56rYRz>|aH3r1xSLn;DfPb%9BlwBlfUR<3k!F0*@&Q|=UHx1Hr6 zXbm%+^4+B?Ejybmo{rO@$EQ3xZiR;(7iBXtA#OXHPRR}@zb3c_etNYpgn~QBvoLPR zA}=p};>O=!Ifqf>t^e(`QH%?(Et`4&n*Xe~>XG*1$0rzO>b)-d=z$OPA{_Scz!88v zn#7fNku<8_>FJS>Lz6 zw;Q4;yf-ekvGe_riJh13L}w@KVn*$*8!DC&I9}Y4(@}FmyXc?l(0j@>S|bJPl5jcm z1%FzR0rz#u5@fu`P`}d{gk5E)#QPC`*xkL(qvDEnSRUmJVH6Yq2wfJh+m=L4Bn)E| z$jACUZh6yrZ|zq&Pt)Z|C2pTmWY%S^|Kpv@5HRP;pmI?YIjBbaBdDLbKqeBETuKFs zo+?jkqL&lXd6aUUrIFc;^b`~tZ)yBSrhuEww6QB5NgBuY%B4LknzB40qB8uvgRi7r zV0~r3IuvO)-og_Aa5l0rmQhisx4v}6?u=c>-mS!^a!R-zTQr~l@ei^BX<5RZBiDpeBN_1&yX1gs%%!3M6l{TT+4)br6T zuHqIf(3)12O`pzoP*zD#ON#l{<|Y-_@Hqy0^v6xAoyXh8>a)pEPX#z9Qg-R+5ii`> z)+z6P8tlf)>E9)t%y4ai?>szYOKsK1bkKJJd_d(u zu`CH(!3SH+kf3TinG+D#=ag>ZmT;>erGSWlQkM~=gR~%hsi8ONHAKMBi_`$2=t3cMkzN8yZz0l4XwrLc z0RqxXAffkiChNDK^XxJ9e#ZF+&U}$K$(TuIx#xXti~^hi9SDVRkZ3Lx zldq7mKy3(B-R+*Qfax3@NlOU5ZGA{SDW9I6o}x+s{>?Da)WKM)6ZbtQ*;p3~mL6wS zF3r?UyI(QouZKu$6V0!wMvf4Ly?JzwQ3ASSnV7Hx;DeREW&(?+$ zhwV%(qnEeNMOU3+P`$DGJ1OS$P~R$#<=pIj+v@6SG2(#J%5hE`X3|P5UW0LokPH0Q zN~3*ab%R>%0u54k;U;0MRNfskbASI`UctW`67AfEy}4D-yZerYI$)kv{gRjXkC)uy z(h_~!&(+(NaxEimBQO5=#eA=(+TyUFhbiZfKf~TTBPCWs@Zx9m5hNqw!bGPQWpJ6{ z`m*sdELU`J9Lp1sI4FyvG|0PWX*kk+TvP;8tv=t053oa4?Br|VG2bJ}7m`@OkGF`n z&InnJs~&Zn@b1b#58-efNuys5V;sqJ9=2xsbgFe9E{&GuD8oaY@00a@C&_OEbaYb(7$tc|Ck@on`z> zZT^NgK%6@pgs>{v2*Xw|mwGtRq_BokZz05k6XSH`B5C}H(k?h(Jphu3!%=rERR0a*V z{d_|ktS_^1pq-_OgRVfg9(!&|zRl+gmJ=}xk@VirSgm>Z2P$8c^~;pw?^qwh9K1V!sSP8PrP=sozs@e(_4J89(|kygFAGP^mM9hObw z0UvF27b{G$D@q(<+b~RMa4bSrM&(0u%`?xN=*&z5jZ#6 zt9_X5?u;3&sSka!vmJb6>g3kB%U(xUCRNJM9MRP{iUU*M^aNkJWy&=qZ)`t)htReKfN3p&Y1_e|_LBx?4y67*?o! zek*I&rkPaq82`)^D<#Vzc%gZ@?C^?-dn9)l!s^HIYo%29q_SiN`K>-W3sqZNp676Q zQ{W!hQB-=GiSObCW0ezO&$!>-!$(^KVp~D}dcKC$w)D#>#)`VU5e2{xMP};XwyysZ zH}fFs>!wKz#pSpE4-k_eMcXL(IrU`uO;v?;5PKrC7YC@`B6*XsChPRe@o=CAxAAj@ zp3*PUb~!Aes8XJxeLn1O7tIeS)nfLDkwRBc+`k}P3Qdntb8+GgN~y|?>3ZWEcczNX zH!~e?pnYBUU>>tM+KgDHd~Ml6e7U&~>fs(au@<@9&6w=t&Fh&r?xUOYl2D5WUDTE% z`jet>Q>snYd^a^EW~Th;CMKQo4<;E@k2~psB728t`6bH9u@kI|W^F6w|BKn|D8aXu8iz066AtHRYwNp$>#J!TUjKO;4A;ase>5=CT<`&-B zn5|4!l-g;T|SgUXwh@+_ob3 zE~eVd^fMl;_nowj?PY38T)W0fVnsVhZ)x#>!b?1)l2#@Hg(n?qg`5IBBh>GhUXH;a zA#O~LsYR?m{7ECQA$1li7O^M8GJ4CD8mD@Y^+<;&08*@|lMa*s!l5ZR8JoHl_9s103&t~HSohwP;p6ks^U$?-A%J%F^dN?THf)r!P}9ysZ22R zoza(aJdsA45_P$}%6^9Jh@C|+0-{*y+vnXOV^id)?Bk>LC1P+tN8I=aZV{>dSUkI z+D``AEpOs2X+Jzzq^dtS1Z)W`Yd>7?o-fhG*B~8d7GG^w%)rzf!7jTkG!9nYi%K=Y zGIPfXjh{XWkCh*AW@sj(6zzAOxEek{&mOjO@u|r{l48PfqZSJrtx3O0QgJk7Six!f z!3AJ-8N5whJSxG~MA>)FutACZEH)+Dlmsr^&a_aloc0l{uFXJgJQiBiN*MFq>blAN z74e+m#kN|3ogx3pFRZrM*CZh~icn;+1z?joRzLi{R>VUpOqBljrfkv%#zK0S|xyrt` z7l=8#=SW_r_&{yD6;Vgg)eL$*qjyY7QDtQJVCRps)03&@ zC*5d~?ksia-#nAXJzutE2sYGtGAOiQ_UI}SXIs*w1r-!-N7$hC=N)QBZ z)WsY8U__3$%&2Uno3nX@*CC4KpBA&VJ(81?)BN4$E-$YC?)|vC+;NL(92fQ2TC2Vp zXor<+P@=dnS9GL5FB(0Zv2Zd74XMi9JMN}O=<7aSn<_NlDUk4vuogPmN=Y2gS9cz_ zCiwVF_mPYq-e=M+vqayj);9gxdPN0Z+$ePQFsL+m4D`nugT8t9euLO*wZz_j8b`9$ zlJUZie%r5iw}RC^=Uc^#AmT@uwEYV=E9WdfeTEK7^5ArtS)YLP`W$62-jpO0B6?iS zH`o1_yzfZiT0_2QM6<+0t%}6w(E1B*$u@WC6Sm^Zb#kZyyj~r-Qz=c)S`TaR_o7w` zJAp#%cj(?c3w{yf5##XS*f>+C7tYXdI^3vNiUn9ozsN+tVd;{bhp&w!bP|`R=38ij zuCs`LeX3ORYu<}FEy<8pz(_n9Eq7EW`&&Ott@puJf3ttWNV+E=lSpP0dd373cI?ft z4zFlzoX4vg19Vd7f*qKt!hf}FSXM1Jj%kGGNMY(R+Esmk78DGw)=7v*U0zhjFFU;{mCla@3S#*o`{he0aH5+`5%Y{cpKs=AM{xuL zbyUmhHyc+(A~>8`a%@j%lyGCXoz*vC%B}Ly*iBT|EueQn zAx)B;Lyc7rHO+BNDXnMhfzr!67wH`{bVC(0XZ`|>$Mu}7*_hZy+l`V41zCmT{u#1o zfdtfWsPaNesr}R)hqAz2o}2^67iGxz$tuDKr=p~}U-jd;5@wxd(JB^NJ&_qxy^=o5 z$%ZeD<#XH|#_ySC(+dihc0=pUnk%aJqo_1Cj1cyxJKsWo;wsfEM3Lk5+}EyQpPQM- zFMhoDFYz-bsnIWe7-#BPQYN2j)u3MgIOo#5X(0Zt3_Gk?VqOnA5l?hUvEC~$~L95hVt!`ZZgJy`Cwde?4vz9Sp0@Qybx9G|E5I& zqGRjOaAyIQ9g5P~gqlW>>%E@qbiE)hIQCXOv^3KPGN`VQ+R~o2)RIcgKU;I4Rjc&W z`z=n!IV8DEq0&vkg5jD!*2+KrmlojGE|uD(pf^&C+N(%ID0d;1NYSa{1A(Vb;iaxJ zhXI$$woJ2vY~+%T0R{;p=Jz3jg<ln8`Bq_LF*^6F89BE9|W^w!LO?SRJ9N!NW%Q~`>GfbkY{d`-Y{ib{yy<;Via9CM~ zbhf*!>I{ALKx9d(E@TlA;rGBr@OiE|{E%sqSFP*XrDzR7{`FU(qi2DPVoTD>WTp@i zmB%qO#R4OG?=VKhI1`{QWEtm`WLarS=Y6W|W-e~LYo(uU5;?k(4;H>UE-pUX?w1;4 zy$!B!j{~CWz3iVl_17^(ubPmiMu4-^xq>%f!|ai|_C%FHH`+wNgorXDvSkS}^)jzL zRfdZ(JlXIeOtL@&9Id7z?bDvg62bwhE}(iS&cyPN^Xpi~n~wid0yP#~G0RzJ3GqPX z3sinPCY3O^ig_K$Ryu^sJi0y0Tg?k%kR*nvAuGG#hi4aL$#IA2TI7sV{P?#-{wI}K=#kBE{e@cc9<;V-VWqEAZH5qtOnzr1;eFHo zQ0R{0(LMpwa6xM1ojs5V3gythRo~7wScl$iH>seGfRscj>zRC1 zVsUMi6i|)LY2o=dvl-?SKv_ub6re^RC2O#N(!iR1goxVs;{``zhT3OLs zx7^p;a@LJ!%$79zK|DTLqktEr(Wl{iKW)*(;~iJB>dE!jhiKa+^Q?Ea*c4iNfyn6Lb?LpdiB{-~f#EcU z!8}M&1DEYzKcLcdVjjX*dLgpLHp2BH(Cb})9S28KrhMvcq+@7De={T8gw~t}t*6WZ zl3vf0Vi%_Mm3`kH@ohw9%EU`mg{+zj0D<`r zswL22fUz}8(Rk_Y-`?42V6G>7o{-wlm{Y4Y1v7i7@l*mIih{s4qy~}qT461|^xi$$ zWDwcjJ}6o;70Iy?0-6MXBZ02{Q3-Gxn5Q|4hDe>ehv7~iMHjvs+`gscQ^PmIiQmad z!6my}E>}ZZa{aUIJ(Y<0v{6xwrj{O$i5U^SsXgm#L)uG}9@ifL8qWCHvu?u>H;C&*5?YD4}k`~@9??t6!SP(PkScRsgNeXqLSP#UkUkBE;-{9J%~^Z|0A< zy>il_n&1Dxlr02Rjdl^OcP|neb&bs&`SB}ZYgqOIp^1>!!o0t&1UlgJpYF01461PC>kO$NYg8AsH1 zll}yGL${VzAv`P3^4t-f%H>IOWsN*%CoWM4fjS!M@QSxKjJvRO>?6nss93`TrC9F` zSY-g75IV~kjxv+^(xb=^e*w_rwJkAWM9G7wPg|bUgVMqDQGvT>LSu8uQ_G@tJ?}m> zL$0$ngvxaNk`!i`?_-_zI$FfriCz3jfut)?VLVqt-J_ue%G}(%$XNuPuzt?sVZMF5jh1;s37 zF{YR!kQQV*Ni}tPx>tlBI7yf+qxpGqC@PjHdB_=-cRAGlX=Aona%(z^v63u9;s0G_ zAQUBtVQ$1}=Q(&ElK4P1WAOFUdy+3Qkl|fO+oTA>xd5*z5(=qjoDyO z?l4}I`|VdspWk(CWZb_rlH5?SRDtOIwKI#<>A?v7mUW zL`M6aTh#kh*X@SW+;~9dX|fJ1+VCA-b@!F|IYLkbtloQJrkO*t*coI#iR|YjUbz8X zZFyf?I6>UHldCOL0R24E?E4cmFO8YKniNro>;9yMhLl}gRBm#-Vg$RYgf|Q#i*AUy z``BDQ;pvaJ6LxO>dzfZnsM8I&hb(H;Bb0@_{fZ2$eGF~424MmawnnGwSfhQVZgm)3 zML*Hf3}&+ExzT(IqE%Y}?aUixq9)=y7LO9&>4{6T`Y_35bst;E8de}u#L=%1;jE>628p+Som->p z;;8Z_Z6~+MHEQ`)zF!^M;76C=zODWqo2XX3XN3sus{IGuiuv(NW$+G*2i;oIwM?rK zh45r&Q;c)c2(GMzudahpLyql~z9^*1!bU8r8-b9%uT0)59vq|9tlLcDi?uU@uR3M) zX3<7((Wg2T zn^dHJ3vA&=(GA(!ABTTj-d!^CUlFS+vY8&?iN{*~vdxKlf9Gsa_6;6%o#z~qsYw8b z3`t_5BR|{PY%K73Tezy7bf%Z)G($4ib0R=4lJ8e$z5%&zZdwnU#PNxt9Sbe0>c>c0 zf(067V5xz(T~AA4vlX%!0U`v&?j=5?KN)HDg%tQ;r@HKn}V0!J)t5-mA08Gfe|XD z{Bm+F{!606-v;kjTD$&0O;(ytQbss`x2map*)nBD z5L#(5?xR-V3IW3YX&-2}%Fo$J1*b@A4Ti`%m|;E3(?jQOiT zdEX3Z=V$`$rUZ)eC(%*|Jz%E=QY&SuX2oV`qUQHqLKRukgg`D9ctg3q%YnI{Px}aw zEUOI`GoOC)`Px>;^Jtg7os3Wz>r>MOMTw2Wecw0rG?ga>z+a8Dep_`@aWH3bicl9a z!c~Y+gya&Geete~wc_Qw&)B6Vw|Tt~fDZkGszG&GiB4y!UAJ3c&p5mB3muxM1Y}Mu zg%gL(uWz3w<*x8fM(Gr!8I@L`pX>`uc#y;a(_hlo6hH z33{8|R6v13pIY2iSc|%${3!(Tr_LJ|twV0s_smBZUefYMFwUtH`GNs_Y^eBleK~0(@=k4Q>u%`SN(0j>YUN#a-_q0 z#Z8kpU&~a^C|W>$)>geiF7J$ToR$mk`W2}-gixOQwtnKLFd9uebgfyJ#Q8w&tcKe@ z6&aUFLb8fk7ozpn4_;17*ZvrNF58_RK89gQd|Dczav@I>VqinEe_Tr%>gM9f@FQ=e zTEW<=^q6Cf-m~s*EskSuUD|Lyw+Mj6nsi;np>lidIeej$-y$D9ZxMLqq(~`0d-u$; z=}zpVZR4ZJy*08qM7Z)(u4};A@YpaL`zOA~QV^$yhxK);4`%=3y7)OF7)|wi7IQw$ z;S1|BY#OSDuz1o*jj_Otc{#AAF*nR<8Cmgw_vSmk2gzlviC5{^-Ukfh;Iq}Y^Dh0I zk>sP@NKw7kAiC~nAbbdA-dm?_5$ljyyh5J%E#IRG+Pm0H0iDzKX`lN*6)_|mJ;vy> zemLTvJQYX0w5j-%d$$>EqD1jb{<7RmyA2&Yv`5@eM43$^jQ0ifTN$Ix&jK+IsL7h) z(NCYed?~186S}-$4wQPPr2&h-#!vF6odz2Ez8mDa_>|{&82x67T~r1Dckr^q!nNFR z03g~_*RkELqY2fJ&!*U@jnZWGeX8d)w*`MmjE}w1*5dkdE?eAIn2~yr=*R(U%ej|! z&GU9XmcGY**!E)Lx%E=48?4OVAkF(&?%iG`qgp8PhCbzyu)0%nj+b+RSj>a#tl|MO zJ|nd%w&BBzGC=>y3I!88#N~xnaL7JK%Mz2J8Gb(AXCy}IJg%B8o&`%2+9(DXy)wmb ztW*x{0`S#+UMUP39s9E(+%-{?y-+k#Jsj^e)Jut5lqKtZigm@LdN}|@dUfhDcXb1D ztohRjU+ul1_+G_c`l$IECr0^8LuJ(QsoDGe?q>S>y!Qs`Y5>}LGZ+<9n0O!?)FFGA zB^ruCwHZAHQKfO9P=Z`9FJk}K?C965>fr`LW7Z|+W#adDu^XvDvt3WFB*kHIB?tg;?&*jeTT9^q+XEHVVLv)V3JE zmaIx-i1EYx#Uj;jg*_HNKI=A1_nvjv47F!|v9n$pqo{S3VOZBj4A+8hZ7m|)S@F=P zCH_ahT&c{pNam^&!r0T#xxcTt+|bH#iNK_a`X#}Rx>?V#%)8lqvn+I%EqbOX=UdN|bo#AETMim=>P zG+pzlccxCi)kAL|Gh)<5u)O=7_AlR|63^JO)c(%vEt96>$1GdhSSB8x9{U;}q{_Be zZeN7xhAs}w)VVz4e9;8PjyG{}!MAHxtm+*_H}q0w%2T2*J5p7KEE^zMTK;1e2X6%Q zskvrsUao}pp7);~A2DH#iZi*Ff39iAr$_6A%NOM?*~gxI)%WtWCPobyP9V&)|J1P+FrQ~ONv-0gUo}Iu(T3c#t{9^6j3b%gX`(?4_SZT-?eTu8=4S-}E3oUl7jY)?+) zAL2Eqzbrb5g9FW*w9G7(madYlPV@e5dIS#+J7mlVLwZ02nc~l2E)&F20#Hq66I`|} zU?GT9ca>Yuqx%QvFUl=se-B*F7it;4;5%Ri2ng0Eo_V?}L1buuNQY{;6s*&YvojmJ7 zIN#p|$78hHMCa$i(ROhc@MuRi1q*0;Ev7YVCfxVo%)3$7|wgU+xtzZMy+=v4V&nhJOic}0|{Zn^tRHN_m(R6(^+~F zcNf&7&=G2N$fc4|16r8OclcB>WBul8Db5J<;ATnt=bNmuZtFI$w6+5?ZpU?G`$%t5 zzoCa(`8`9JtCp3_(em0B(#Cc!FZv6|w)tH&)$<{FA5GQFeVi;0U93R*9ah!_^%wB& zM(i-6&kRH>xugr=!PgnFl@8M10LA>l1LW~h#b3Ij#-#;$(Md+_>pZu{)}*Zb$+yDm z)<@l3EBw3^*l?d|o7`2AyBW(&QhpgeVXo7cen z_0E5>ZDR(^RESe@B~$4d(7EIG_DyV`0quFbdHd!^BD{#2$5PUI1hjKDmRan27;3A# z7R?c2`N;YF17I}Nzae3^pj%!YdcL{IJXxe7l&yEW8#pv4XK^$f*yt1+$dOndG9@>cu`1;_VG6US^P^5w!+)m6H8M-6h6!khL3!Oaai6^T{u{9AEC&!R?8 zcwRp{=$rX!{gC?gKy_#rII2|hPNy&ZO8*pj;*ICvP&tQy>Cu9@Ie1)y0YO@uD$OhP z>N@%Ht2flKbxn>dkFh1X!{e@1OhG1-q+=ZOAZqT37yTs#k2C?3LI* z;7T(-PU@K^%!^%WO-6l))VO?cS%y-qw%3hTA&)TRC=n}auqHJN18c8w0*pPFUHbji zsZ8IT6H@l>C&4FEEB&&`-j7+mY%k8VLG!}g4|E#q^V*|B z^owRQp^*}6vN`2;;rmnPdi)2n-UmA*70tK`^;T)$B=@cJd=vFyAiF^(CiuE5m4Acz z?xe4?x$def`JnFBI2XF&Zu#rEW#bB;67#jmj1`UFQ^HC;dNhYJ<{H(d^J)7XT_XL} zJN>#(iEU2e%j53ECZ?M*82q=^KIihF(Y&wTE@@c{^cS+nd}+9|#zbvd6UF!M`wl;A z92!bX*5(6sR0wd<%Nj2MUL9tUM7DA=YmiBEEz zHv~0m)xEFO>}YYz!zt#1ADCn-Gi-9~R@hJ1`WzQMwW>Vxly`u`ezdFv_)3-?sEb>) zx7N+pJf;-Zx1S+3OiVv%rype~Bn+~fTTa#CVAX=}*G;X45r^3!-T;ZcZc4 zeV&JZIFVy)03EBQ8cfQ*qbh4Wg5(=hX|Mo>C5T-2v=ir{NE$gBcb>u?J}z-2H$`+U z^9nsnd12xPd++QWMh|kT)dYAMh18Kb^~xMq=g$9Jydj?lpMe3tc?Fz`8WCrjxeo% zgTv4li%!fakke4;4c=W7Qt#hVqy2Z)AsE^rm!` zUE280wRZoejwbknwXD#+<>u!RXr#M9w6H^Dch_q@4VR?)lN<}4hRaq#{qITPC-!6= zq<1q^L6xO7tpZ(E{^oP5UFEsYyLLhJi|XY=`Zo?NO;WB zFo1ut%(?9qOIdfK$Ne^WIwtmIFyagL;K!zTH}Ao$%SF@nUBO@v{O*YLG$zAoMXQgi zIcH3q_|Q$tPx2LgY>eLB`1JtH4YBoh`x7;aN8Vu-rk+H-^4}@Fk^DG%)2{269`&HnuYoK^s8LxT0H{;13KJ&6`y>}y>LUX zGkZg0S2*KU=~IA6;J$Vlxixz00(oS5gSE@pH#tn>EW>ZzMp5+*IN>=Dc(@O_CF`{a zK%_@Ob-I^;`turg=L+XWR^(WQ2INHc>0ja8k@CQoD5A_Q=2Rc@>8Vl+VvPQqFa2=& zhi*jQ0b0O_4)g4*Asii!s~9uH8NJTM{fDqU5)fYZf3)q38ElRPsskT*2RQ%p#=k4v zt=YGRlj{Wwda-_LM|N15jeJddE=v#Fpa+&->jsP1zX$(=xHkHmo`se+(2;PtmX24@ z<==GwJLURIwzr~C4qrld#in0v7pJ_;`MmT0GTTM}VYWT$JknOP{)^fE&&RG_x5Tt~ z{vK8*i)_io0&ME1q1-t|i*pYo5FEcN4!K}}bA%e8zb zRKPK3{T;Xqu5Dc!85kr8#faL%|IhPqb%itj4}`UFBcsxPX#rmU-)ZZ$|NT1r@4f#m z@jt-al>ft5{r|hacJ0f*2j|xUEq%oxfl#M6rQHP(^dBO1-8xJV2t=CSO6--V!?la? zy<)Lx0-<0mIo{`Z9ve`Y&pIr8Z&7iV-bQH`re=Tp zVx&_IMU`d6j9kGR|$ zKtxpa1D4F%cQf8v%&Au_wd+6j86WP2opgv6h{f3xj_=~!7M@?5i6b2+vVvj6!Hl4i zIj1d+dit$FiP`>~e*7EwUe>g!3Zls1D$)o=} zlPvJfhGki=`$||wB@foOz4+~hQ^cM>W0|e;X(l~wAb2I@4$*NMRhWiiCCB(OI{uU? zh1)b9gf`r4XG>h+(y37|jes&%@u+uqcHQn%R?jY}pPbfd374*y=9mf5g`FLTm25)W z)28&dtEhAIe<#|D3w8Fsq<$E+#UoorE`2ebfY?rTPir`7KZENmu-tyFCD1Dphj&@z zKgP$0Pr4NuNjVTM5{yz$(>Qb(OB_9jO?f}V9338wc#J89+PnWorKVK@bhd^r-`aB? z<-!`A{UY7Gsh#^`E8nP(Cs;-P)3-q-QR=@*&qvqGJpEp0zm-tIno{pwIL^5g3Y-IL zQc2FX(oN&=3Q?5;PM(dqM2_Z|ArA4`0oFeoYKpuLfgHd5f8adc;>of{#I9lozmK=o z{TjMw2{KEG%ooJKIO!G0YSz|DY}ZOzjqB2eUPI??%G6Uc!s400?ePZ|e#GI-c7Ztw zg-R{m{P=Jmx6}A&N&ed;a>XwWSR_-YxO{*kzH!;l>J=Z;uKqzjCgP5`t0g(1(YGP& z&ZE&PYnMJEJG)fU@Fg*vK8=%6$dj(DaGAoFB^?g(6*oU6Ne9PSxk)IDS_$#D-QvoMy$5=XGf zvs~Z}QWRmTUc3VFVYcEROW6O;*7kE5{9}ZT-#nT|{cs~m|J2yNl==*H+ViEhMx&|VBydN)o zw70O>SwBX{_ebGEHB`V;c=s3XQ$4X zesc1kG9`sX>jt2)lPgqxj0=|qq;NB+VdE8ky%xD-h7oJD5pE*kU6x{4^$hNCo@09m z*;+C_LdbIAHEeyF77ln}Sdh+-iNVrD^$o(by?tXx;Ahp6dmr!Knz5}t*Tvbay8jHI zO968>U%SQ$zxeC;^wTYVd+8pSfL5N|>;>BRVPE3ThR@kbb-Bv&xf}b0YL*MXaAxK{ ziD))eA@z7dDyYPx@0-8OamQ|Uz`erjJ><%yBMqprR*Q%Su8Ybj;GcjCb4od8@k+kc zN2#W|zFAprR~;k0@9p6BH6K7{ zI6mbVH7qxHa`{iSLuZt>C3gnU3zm*4n00^~R>}~bL1fj+RweBG$lU+oA-aLR_Z# zv36;F{5a*z>^1~#Zv><~&x}~j3En*|2^|wS;{_ahS1rhDYm;6p^@bMQNcFsE{gQ)^ zrC+1-3b9}@+ErPPfhOPOh%Bgu|6MhmiY{D)Y`gRnJBapKUz+ZL+HDpF8oE8E_bNGu zs|(}hCLVA*%N;SM=Xr_7>+pfTL_)(P4*ZKmFX2k!MDAH{|60&OEz7e`>kQ8hrnXdMd z+E9`s`ldl-zq(({mqmlB$eg;Yl1;w4DoI&R2|*a)v4A8yD7|P987I#^r+@wxOD3}* zp6bEAt!-Qx-fJ3znQE?jO>z2UUBr`upSc%ZEyXQ6d=eg~b5eL-h3ZS`yU7(FqS6S-9Rh*bNuV?{P?0C$Bk2mH*S_Hk-$W43mXMI$_Jl>7PYZ0=S%#npk)dj zOVyHXARQO)YnW>XV2f=A*)?!*|c{u>KtUm;0-iK$lt zR0iT%b6nUkDkVWs_}Hzy(C1g-;=4V%f?hTIlo79AO}-VM?J(2z)7!MV)@1O-+1|7$ zwauGfy+MDb!bV)r!%<8uzI1L}IriO2E)+oruBBq@Fy3mqRE80QWxJHA<(X9KptN;W z7wr~>6qb`=XpYu7y0`brLoM?#GH!-Ikht)xodLs66EVvFn(j^WE`5YnH9vQam68zT z;??v*5!)Wq%VjRF>W>kv&{?lDY-ZIGWHwxfzfDR70g12)F*_&%=`aZ8wr<)cq5!uf zU=6QFWy+nhqEN~Xg1+l5HlcwD%cu?xBVp=bVFo$2^^5r_i8_m@>+FTYY9T8{;!R_! z`->ZeE&3YA!KlyCp>h>x=PORk_}Xc^XSd}Rr_)&&FHjvzqSoqD8nF%_TUUC!yFo_M zR<~5GvAPXA@&Xt49!4=d=01$Mx4ny`JX6WRikj;VHyvC}7G=J$%Z%n9``8UAT$Fig zO$EAh>+WqG*hssN`uUzH;6taZa>7@&XQ#TGGhEQw%-KZ~Ea;fH;+7nv*cyv4rDD4r zsyyRTWjOYP12nH@3e4NLX5;Vgm*Q|Z{Q%wUpGO^k12cZC{PpaYz<|OeV)4mob3GO2 z?d`rQxjcf-9my`0Cf49^0)7caXU~4PIsl(;7)V&`UgS5?Ity5$xizwzuT}hy0w&PG z3M(5u&A?n!=v-&S98b6(rAtuozh1;N?o4+S|{=O07pM}ybCdlQKYV}@->W%lSyS^5ha$Vl$p;OQ`m%bloEs5 z4~VN!j8+!+sN`YV`-7KVyAp}~K4~}{GCW%{TA*}j?$XyRS%BO7{4q^A5}ZtLmk zSwR##u26RxP;fLla@Ym3)LCMEjSw)`qlz`PEAOktZd1#pnQ&?1vfkqmHG>*om)&%6 zzEusNq~h~N{=BvBBA}+S$gp=f!=-$T5X5{W4JsFOPgv^f{J`SCptF;^I%in7`$4He zsyow-+fYw0fCKU=1O=V5&lU&G8;qz!_&>LD%_ruIS~g`S+J$7x=CovgxC$4%1-MGd zBqE=hWbnQC>->q+q`fKH#9jrRyod1xiVC{p@)W-El1@!E%Yp;^X#rxGWE z19jf>8g$8%8?I9>0kZB%9_MSBG*m0d6}50;)8Q?t5O5`zWR*@FWwfs}M*9xgoBiQS zXv^Fmbw9xx7Sz-key61`%G-*IqV=NUaDGbLm%DQ$+|U_Kd0Sox0xI{^NG-l8g-|;xElkpTR`}a^m&(4jU{tjeJKl z12xj5MkU^rmaFQcuv&Hsg_E`nog>Y4Pe3Kr`pKWaYs~N2a_EaiGRP2+WgX}XM<9e` zdP@Ov0R(v$EbOrHPCvm#FP*x10Zvcl6C6QSZg;28Ig#Pqquq*&#{mkJ{4Bdu!l&i0 zwe{Z0-ZdH?LTJ`nY-jgMuDF-@ck7;g9%%La|wj z>EBJ(0Uk*2o*is|9P6c&(A_%8*If7^+s792TNaQDD5e|4*?I5f;WjfrJueWJQ5 zWdcuWIOzq7NVx79B za59tVxM~_x;cz6Ytc>`ox#P31Y@mMs2I->Bf11A+gVMwGBHq_`rIQ@SP3{Wl7kCjK zc)3M7F;A8jUIzH!R*+UFrqxW!5l7QrXRSQi0y2pvf>!Hlsh5J}p6IH7F!EFN(+(7k zr+-MF6XxDS=MF+m-51fQqX@@Z#8x2ob}w3}$|CPKyhYmYWE1IQKur!j8L?ipTQIsh z?&Wn|_?GUyLkkZ9g!P!lWBFC)@#Izjp@FNzh|9K7FU3 zHdA4HT2lN|s}YOrA|*O84f&je`qRwHNyL_0q1#$rrex~9oUMcAvYn0{!;}VTyv4#x zibjf78e0awWffE&vb-s)`+V6o0AijztPqpI*O>PnKAp@3Gi?}5ygW7sN-x9^5l1#q zvA~8)m9<=ECV~-uWpX$Z>O3gctA9K29nXeo#s&QYcmKB3^jYS zz)W3S+%@#w3eGdmSrFFA8uVIjaraLkmw<#X@(h@$77^=zE~ZuewY$qfu-!k>ddWOC zmMSGSC9I@m@+|JM{txIh7U}oJY&805>MZZRYFf0WUR&BY370?2PJ+4@_>aa!pF~WD zf*A^p#PWByI(ONG3#LEI>^lzBAWQSJ6^QI@CPadNmUW57R$996w#X~uFYDw{F22vD z4RRrhed%kIcvsF58|&kJVF5lPpE_sqSDW&9&7Z{VbEY`l$)W_m-mdD-^=lm?vJz9? zzpB+C>sFhdBILpS>~e}KDJzU;q$-6e^cM%{v&6mfjsY&b7;=Za#u0ft;&HqUD{((U z)$lKnySx}Jbshf;iB4-9827?jAI#Wdlc^^y%yZ^c(@3n5aZSMZvCk0TE}Nxf+w zi^tMpI+v^&t^{tY8xV#h~eSx0nqztB=V6K$` z?Aso(U{V5_BkN7A+O7Zxn5EwDtP?z3=fW`y1gnB={mn0JF8Jz{Z2_ntI8@E|s^gFu zTu(oN?5tQ$TT-mQXENdZ?b3;+{T9jejj-=L@ezeHLgj#P?9jf*pW+lGU?;-D_`<(P zB&A@m=J==zO(^I5>qWkGuLOll1EKNe2b~JXSca<3RJ?Y89D|7Um$A3^frUyUZ34kp zuhF{Syjm#Yy`?gJy;X1dRtih>S@xJx#1ZAA`}~wZ@=HFrCQHQ7&3jVsI1gdF)iLrK zw0lJsq;wPf31`~FDJEUiZjS6hr zTb^E{U_zpx3`0UL(Xq(4Jysg@;F9w&8?EhXm=LTO{{M9Moo`KT`?|Q?%2k%KV_krN z3#1DuNEg^j6A+LtT~I)}5FqrhWT8=-fQWRZ_ehPQ1t}tgA^{QzAwfDJg&smea;Iyb zbI;!AFWAo=AM(s+ewcI2IWm6p*WULXTj-dDQ#FhZgKp!yfUcHFxZB7;&0vel`CsSM z08%;iQlDFWXO6ra@-3A;_EJ|QgfmISi(h=?4Fim02OyU+#~2mHBg6Xog702)>zulW z6Y*@Pw9=S!^w+Xh2+m)jkfLr4&6DdhE}ap?XQ5@o!5JirAVuB}0`j;*e zg|&@t3B*Q>4*S_we6El*aE`p;v7RcqoGJJDWF4bUi?xvGb7!m^*goN?s86dvJ3bB*~FkP*?bp-SBvXP312(n3NB}mqrJ_TQ4klAF`Yima5sg4SZZZ zCh1}xnTU8Li@uM|CH|S;NMdEa3INs4lY{P@A(K&|tRkJ(AJ2~h-O5JRpBMnUSPD7| z-ul7XV`W1HZhT!C^{G=`lD4W1HDDdA@+;&YMlSF1y&OG5P^yU~A97S;c}duH;ny*Z zpN{N*Pd_EL;CPUP?drux$8IZ0@BxWeT(Z-Sv}1|Po3|wcE^Y#+FLrH3T zp0=gIGar^^mD^7(`jw8I;JFIsK7D2L&?5sTZEhZYaiI94)9o_6hnQkc0uA+&&*Ws-75?u8R zZNB{uU;_E%Bk$O{8MKl_t1(H#F5@|$#UX=}O>u+yOnRF`vLb8MwnYfO-^=tcX zr=@S#lqmbLVXG;%XJ)0&sW*802h7^y{F%{}piYN#@eud>f~~%7_B6!%8>(wXNidxi zpNxCkBzvz*=J29{))8Ep>wZ==9jrIpi4~`H>M#(`26~QelU6G41M%(r+GoH) z>Y-k`7(;D^Cz2#%qa+1lnB+ z(6M=rKyb>uEtC`!k7@s|y3%+5tJHMReH#Ec zUaz|ZN+(S5zP@sn|MUf8xlXW*?usWs9d?g;tjrst9<}jZe9&>dz(eIT3|7g@QnV0M z^_@M&eQpEDo%W zbXY+mawuZwm^e(CebFmeL4qmTt^|y)q&sUhxi9_^spqJZ+x7VANV6?eU~X0eI_xO~ zGM+Rz3Zq(WS{FDjQnVmB8|Y(gHt$jkmGj#6=0cwK6%w0bw_knB1Y4^Sk`xG0>#OwL zA`zZVP}JNlD(|X);HBI*yVAc`!EEh_I7(h%zvD=!;EmOg9iJ?~8D>`TFJ$JUQ?Gkw z4uS*Mx~zfh%3FZsb$sJFgfi_eIM}>P8)QyV2LcD}s+s%~j*><;Ug2UM!?j%s$TjnT zcY~+mw#K0A6XBD}Nj>1>UZpxHl~zH}t2ASiY*{g}o06|KqYfIm{gunO%*gaI#9BOIuL3#%lSmb53E)?Li?Ql$w0B-A9YXH`Qz-_nmx`bTeHV=w>55eaueDbn71+OC`o=w+_Bnh?W0IbmQjEaLib!hMH##LhG zd3P)Eu>@^|!P4rF6wJv-u8ps{f}&Tvx%@jM^bn_b z2-UXdYk}RKvX0_q>s_bFs>b{jJ!}XGq-B9;wrY0BEn2wAia;}ZZlVjZqs%@nNQb1g zGTfMm>k`~h5c}ff)hATOd3tH%xM=+N-_?RKGA)v=eD+k1y+A-TMRUnKdGs>-bnvY-L|E_GDHf_I{b^uNFzbqXC1hJ$&8SpzjSp zy!xnzfHl@XS117#5;B8TB9v0XepvFU?M0v4w%>Fqz$-utVWVa*U_-?uie0&n!;?v) z5iV+GG0mzgJN29$?1SiRRtYe2GS=?iB`wS?ZHT43v7DK9(2OkJz z?JFKN-shruc^>giVXVYGT<%zg^eRlB$MFn_NqAONK&`EsXfb4qG!l1yB9kb%@Y^mx zT78LXtbfNQlCCBGk`VP^qaHUG<+($p9U@6%fwj?SnWXYx9cQ>XzUw!4x1gRjx0kBr zCGY;>@@Z|E(*#yk)mR;+R*>vtLdSXt?6$ff83zVH(m8duZ7cU(#hg0zaM11cWSM&v zZS(jW)K#R_C1jDL{r>ZXADd?@ZsB4Z6vSjz3C$rt;UV){)mL8w&+7?(LC&0kTSNum z^CS6m+_tB3!#2b{EVSf>&ZhJ3v z=86tBatk4;8*^Tyj3}h+hZ(ddG`kWTCigb58qEFz+FC|K{9@<8x8atL)+m{Q7<0X&(dh_GxS7YA6eCeF0?a6ex1{ zBD(U~1N{sB&N()`@!ATIU~_$&rw?w5$*NTU9fVe9__Zb;CsPThfGQ8kyG-OMwbnv) z$;ia8x08F|j?)$U^s?06KgJUEC9|TF^DR~lqSHnrm0NUBp7UmENtldOhAkTJomRcx zc2oeji`|~Dof6`w1e<9vlqs#nY!$V$acU}^Uq7H7B@hyhE%O_&N+vWclRV|9@)|bg z>YQ)$l8$=2x7}0i`3NW)^oYi>SEmNbo=mOTC`e%C^WLKj-aNw&Q()?x4}WUZG{(#~?#|5a&$Gc_ zUX+2-?dlD;&^^WXOyRb=%Ih)t>L2X9^lQH<-m9jke)T3yv^lN}Eb{&;xF2WOuSZ)i zj5$2Z<39l1)jH?~pPV$YaM@wL_mh&8`u;kW860l4{CQ(E8K%K7b3XW12~%Igpcw~J zuD1g85pp6!2bS3lY5VZb{trvZe7S~wi)q7(F4tw9bz^!eKvkVufjalRk1z;Dof`Uc z_6taw>FAt+e%6avVEy3_pOJKNtJ(EX4eIC=)1W1-D@x7282CeTESbB6WksnJrET13 z5kgh527hW0I&JQ_vo3l$NV*a;-?5PG(1JJUYt)5ie3$WD&r*}<#C)u?KyGnfN!g+uj|Sh%i=LCxSlUKgi4ogbIS_j8 z1(}?qsE9|WqPxAv7qilg=D4s**xV|#}L(iBEy?3wRrVXBIXifCR1(;{xXwmO$RlQgEU ze>9<1ryOJr_qapEFtGmj*DfR~#^s(*kLsZn`et60XkqU`!sVwAmI?VCt!f0vJ)o!J zDi6tpI}T6TJw0ONOu8vnPK@NxUnC!e_OFyIg}md$E_L&nQ^SX1p~m+}w)Nba%o^`H z7tQd4QUjTF+moUAD`B(ZI?=HY5q^fAs#K-@22NP3s(Ex@=<;=jz$^?!8|Y4O?c^G$5A&=zZ2nm+9&o(B)zA# zhUip+7#n*YH6n2gk&Eg0#a8Rrat>2?2nmI0bWlr)hB_D{!c4sxsKdQ`#`G{xbcPrY zMMe?T6q%4e#Vw4PXh&nvYN$4cJy<1iw_4O*hOtMOH5xf=EVXdwY=hZcRMN zbKq(^=8Gx5dw95<3Dox+Z$9{ueAD7B&DwuYO3`yQHg8yFsOZM#K1{uqf$UFgqcYN9 zNDFzw1_SWoy7_BZN;Bke!CQ|Lj+#|PkkhI?HvYx2H@i|S6faaorh zI2#(VI3EcLUP#1zVsDnJDA+f6gajL5_ycmC@qXdzWez)^Tm@vd`b(qV`Cp%jXxiL+ zc``ecXf?yj26h4u_ZX5C!`^JU49#?V=w38|w;4%>W$mC|!xEsakzYfmP_7Eh$ZYB} zm55i*&m`58wQr-O@h(7aL?t8Bh0hgAZU6{#{j_?XcX%S)reha60G5v5W-DBJmsS8Z zk_hyPDv$+(s!Pu^OIqSnjfos9Q(L}lkS7P1XFl;{c6+Wj@r5*bpAmf4J1sD%(MFYC zWbb4Lr3l=ZZ-t>ROJzik^2nmCz?M~61D&94CO|QZ*rF-Zz~k{$d@spZYjSP!kCG5M zHm&f~#K74co$#k~C(roVjXJk`tXG)Y>FXyvj?M>9mn%Op-ECvP0qATP+4;`_m&fNb zHN~Z<6UmKsx}rXNQ0vFKVl7qm&||&XeU7DDX#W;pj4!THJXrqvd_>N`YNAm=K(#oa zWw?3xh%Sm>rJ!G&U7rgZ8Xw?Rnq$31yR;b-Sy}tK?$gwQ*IKLf5v-m-+;!(7H^wKy zGzNWdeuei@dPYXnfds=f_U;_)X&gs1YE)-u3t|*TzC}GK;Wu|^k677dfKOYs?TXHH z*)cN^{^$%`VPRXSi+(L9!bkslk+M&yV;!s#?4O;dUmbqmAT7m>4@V&@&?_Kfo2PYAT$r)`(yBr-tRtUcl&0_+He4MrN+U>%*$qb@ z0>N^0)KC*cO{>GRS5wGNp7Utm$dAto&prIYmun-B9Q70r%#U0NW9(|~m5Cw(h#wB| zo<$=utb~>mJ_Yr0&5sL&xf(p5n#zgaV}HC&HBz1PreYE^r7WC8bFv96)&kgGOl2eW zC44Q8I1fT;Pz%m$UJ0Mq5$a-ke4W&Vrdv7pZPDv>BG9}l0#la?!^w(T;p*jHh8(s-rnme<*Use`2!wd6^8sRHkJtA0 zQP3ib@P1}v?YN(pB744S3$7aID6>*`uVeTug;eHnpSwMl?G_i^UM|{oI5a3O>GHi9 zKYm={oB9TAD|>&4vX^9No5W#eS6P^$18sj_JZc#X;x%D+80`5pz1ycv(JN9OlZ$kP z_J%T3S{uHsou!i~{3l%qepU%3=Cr7VbXzO%>V09xXl@GikY5_vV;6@*fLklh9IWeI z*5-!A?RIebGC17|EXHR)4pN8PO@pY)pt7XI{VwqfZ1?ej6m7IR=gL@iCW<8Xk3YPN zz`dXIpff&Jv-|RbSm&an^=2HfYZ^X8u5PeeD+}3i2gkl??*EwrH#4aZG(uu8`c9cB z(6qI3F~gP9T#3(Hl_O^Lw zwQxd3Y)G9OGk2zUwQeM@vy}SQ$jPXWT~S!DJxq`pOAQQO;;K~Uw8V^~INRgiRRS%n zv!V{V;E7U5%Svn@nLRq9n5!dvv?#THl8ANnxE?-buP(-5c9O26%>!fSA4-3=2@nx(CS@yOMpkV!=M3zY%*~Te5ew; z_I({>*l^+V{f9MN1XKYhNupmA<+o^cCcb+qh8I3 zse84m26&_Rl>R~h|>vt50 zb9Pg8X@#LbQMk5Q7!cY`>j*wD+Z(v8ygaUZe?)$GnjZfydroQ1URWsG+1(H2mzi5v zU-@?bu4~z%g4VO0ldj$MGT&I$Bp4H@dJ?d!ZZ3!j+t({5w^59!Em?8!6XM2vMAW2;>XxNYoT13ci6O}Z&Z5G zcN2EtG1MJhu2|Pd2Qj!DLZ2%Lw7yJk39@5lL7%|C%?;_jYe92%d!A?gOs=?jL$e5N z5mN-%`PWd+mVw?^6(R2T^NKMy{K)v{$x*ylg2&faT?l*cGk9hHG9{VLDKMp4)gZ!R zpR8Kv_s_A244o4~UB79DJ{?5EdKR*MmiOgSi3T$(MeQwqoH2WyAlzd7LiT{Ow(s4% z%N%ugOgprIHKrjXi>rlr;M@wL$4|VRG*c%nPYMl8YA=lIYHKeSRAu5WmrfB;gE^h; z&V(lLh?T_$08phM;Z3E{1iAvLczlbWl>ITDRyi%L_GCR6uU1R!lXbjN`G{t-m0^ew z@NIORd1>1X`3Bj-y6QkTjkSw3Dfm+*qxdUR$4z1`)BO%e&F3K#ehs?YQ#MK>V7)2?Dz|*&>*hm@mZicny}#m3B>(Yq?Tro0_3Q6Gdj5X_x4WkC literal 0 HcmV?d00001 diff --git a/openapi-specs/compute/33-02/desc/tags/img/Ubuntu-Vuln-Bin-Package-CVE-tagged-Ignored-Vuln.png b/openapi-specs/compute/33-02/desc/tags/img/Ubuntu-Vuln-Bin-Package-CVE-tagged-Ignored-Vuln.png new file mode 100644 index 0000000000000000000000000000000000000000..067d1bd30ce7efec69d9b3c8ac8895a187a09b46 GIT binary patch literal 207557 zcmeFZcT|&2*EcFwEMP%UnxNc*fb`yr0@6zey(v-ygx;H?B3(dwm!1HT5;_4yKzdC= z3!o56=!6hDCqCtUpZ9y8oBKO!opt_t!b+~m#aw&#?Afzt&;IR6n3jeT#WlKX=gys@ zP=4`T=iIp~SI(WgxJrJRbjK<`>OAQ}=BA@0f3B>bVVU&hot1&IwYvH_4pN!?+$FL* z=PvxNLi#&LMtAPg-^%CCsgTkCS6PSb$v^6lh=tmnyZDbfMx^WSmj&rfdio#N3)y7< zO)>lYKWksPl6~Qy<%_GN+UJ(SXSqq2tIjVB-Oin({Qmn*mcU6#PoidMr)%JDpsprv z33lXu`5OGnird@K`S(-jB)!E+MMo?5m(1Rd4o+_3-cpbLRzsXr{(YP05%b@wxPzn~ z8K`S9KLfj3F$;6^a`QftzQ)YVEb02%T3qM3;y)fIeUo}*>+bF>&coy7<;CqKzzue_ z;o%b#6XW6K=i%q)BGuq>^Ko*2>CNTj#`1R}|D^NW%FWW%&e`1#?8N+=?#owT4|l0Y zkA64wU$4LO>27EJ-z_=0{i9o?4)Xl|4-X$VFVBC`COswdAtDP08<=^zB`6T~V z^MBm?M>~={zZ?G-X8zvOzuhHuRr;DF&wq(c`Wmg-Pm+$vo>P7clu^FdzL{^cy zcdT;UO<8!~$Ha6SnGHABwqvYV=kjc8i1w>z=g2PJlKu0KH>XuCy(t3NRGFZY)15z3 z7|xS32cP@%k7#b^)iFK=1%{;+Ea}wEKC>!M?5_57I zf+K&SY$RIfGc^2fEK~k5yDIBu1v#64a?z4=oL3lkM+IEYoMdE5cP+5lESVk)k!LnM z>wLb1!MzsH|L$xJXD|#-2#NOJO_4ZLB*AUuUtI@ZY6wxCJzTP~udvMe|G$d&|8A(9 z9o`fbJ;@YX8cRA?sdTo={qg3tv6um3G|d;U-h&=U3SsElOG#OY-I%V)%@ zfL&ZH&{Q5;#ap__%P8srY^~t|wda``c}nd)%$RHHo07I+(7%1liNSxM6yVPgYxm`+<82{*;xr7jSvWV2l#CLG{bkphR@~C>BJfk{}#!#%-cQkaoz`@fkMiX|JL3T&zm$ zH81I#^jg_l#@G8CmPzUq0(Xb~pqv2t;k`04QseoI*K*o$e#261Zj zXPR}V3S_B#hL#+7a6E}pbvQzHbs4hjcz29eBNP=b+OJgX8zHRYDNj9A(BMm5Qb0N> z;x|>_+}DOkJ6&TjK!afqn+MzMs`PP%MKQ{8vM?eE#vwZV%+M8)R{_L9fOFwt_PZNv zJ@DBYN^GPhX+dtJWHhs6r0#n2syQDKhClqHk9N7)InOUJa{TU-C=LP-FZt%1Vz z5~ak9A*gVXfxTDSs4<(D{q(nliE`psjjZO9mcbYK8cEvw*Alg&4*Gy~S~O|fd{@X8 z6^mU%3>Vs}>JUTQDb%kj?i|^R%h2EJ8?Jy)y3c>7#nij$mv!v>JoE}o2wY)ALXDMa zr(O-Xy`?W;K5P1X>OHTi?#ydFU8BJTeE!0bVi~2ZN@)_MoOu4o!=ep_Ls&K=jQ4WG z3$_NkwJ|~#sOT~Nj_E$oBAh_npQyG@Ne$owGIAm;;=$6qZ+$_53}0daNz1+ldFp|C zTtSSJaMTgp*2C>suvfp>B;BDqneto62`YOX13wxRnrv(_J~;fLfk*dlnNQBw)yly7 z=ocpQFyaWstXyClhW&hDK$S%&?d18NUhZ3?+IV#Mr4iuI5X3?K zGwSwty^o&pthB_=ReRiVzI)qME-(Z!8VNk44%FOFLv!1AroQh$KPq)REJfH67Nj0O zIOcsin|x5c0-<2r7!#xk>@*Kz9J4<;@WI{iIJJIS8^{{cUC#8NxlwebcxyVuR=4?FO=9W$rv}u6hzPqP7OvPiR$N=FGPF`EI z*0W&OmUR*y-Uy|=FoBEurMlB01sz1~9?NFI#H^(6X_QTK7?y{JH^mtjOXWdrqV4wI zT8Vp!m@L+)13HJ=2>{}k>cu{C?r4V*?HGN5S?e`%h)>mAbpc@;MsO_ZQTUWbY9C_3$y75C zZ{3UT3RX?sS-#?$xd}CD%xo=)ddG0ol$}){d4Mqz?4(c7&6Rht>YL4-V*Ky}+yFJKy+%a!!>O>a{7s9saI)n~RtH`k~esBx;$Du?MCjuI|_l|q8P zP0|fIbpNZx1b9SZFVvD!V|^K;_e=xBPt>;B(S`eP=c@;$=qSMGBCjDkqh!ABE@lcB zasYi)FS+jjz$|Ud4>2Bi?CZV1Pc}e^KPlX5PlPLD#C-?5XydyhVLG8^QP?7-exh2Fj*`?U`lv6Jf6-1-LFbCF1GGX?K3%XPd9er7-`(g^@2t-g0IWio9+1Y8`Q>I2cdiG@96j{ zD9re)ZqzsyW=QlyUW@fiJ%DTCSkBskXzDO8l*MRP#5}J#ww94eYq3zffEC}ZT%{Xe zIg$`H*$)VvxOiDTMWa8{_q3;j59n?;_h==sSK~lG6*L6Nr`tDNIXoXyz@JGQzEs(r zXc5ESvgC!@O^hon*a){%F|F78y55P|Vn>=jZsL;bjG(9K?Bn0aGM_Y;aQcu;j36AW zBS?*25`i`14%MmgIqZWX3rs!X4arAAeo}iFXH1w`YjVEH45<}9g837qNgJfy?K*1d ze5(lBcCaI2AvaRN7jy4^q+Ms1*!!O{V|Q8v^-hj?m!GTY#hG1)(-tJC+CaVV9Mx}H zmrxa-ad~vKPg^^KBPu7IC^{q6~Zog{SVOx>sS=3EkL#3 zn0Ok{S35!VPkF{Bch8jpq|Z% z&~4XoyFkzR_wW#8(d0|GoslMX<_AwqA%Dq9t+j^48C~2or~ViPkz^5Yk9NDz8QNZW zhpr)vyeTI{!prXTXRf%%LL;|1L0{J5ll7W+`#XFE^*q>ZxCEzj4WTHS0ZBLig_BWP86 zs5~xq{}w%SlRL-HIl^Y(W~mC5MD*-RA>4BD0i)Dz63Hvd2A$MUyNf(0ODZ!=t6$VL z9Eq=(TL2o&`JuFWa#XFZm1kn=bdRHWYDNupD;>K85uhjazZQq%ZTaA8TDX%X59f z{l9AJg|W_Ys%eGr$*{1Dp}j*gWm1)8iKH0@$&8oNHIO81?=6 z>Qq#uX{?A1hP7!k7?>7j%ipTNvud0lCet^V%GlW_SAS98|HdUeYF`cS+MMGOAB37P z4N5t@+2E#~me|J^JIVJMY{5@?yh6IrecG%ZkM4wEJV8f;8fCb35wliI{c=r+KHO^e2_D__ z9&m71yLsr@XG~k-__&m?*1ZQii%rM}ljY015I$pF-Bq_cmcw`OsqM8Hpx)gi7wGW( zHOexEV;PF{y1t`E85?vJhiP$~3PStE{`R~cO_tiWMuPmIFH)b#Sk5VB*|A@1mc?nH za6t*EoyEyk<%IEdoM==|Bi?@_Zz*TjQg?w4)l}{jX`YR`Bp_MFZFlBydLNzF(1^ar za05{;$8~sI)bjC3onLbqPY0#;exuz+8-@3nlxoy)f7x_*GG9iy7qBjZT6_Mz+jcYK zA2pwg3I1hA9A;$|I5amnaQA0ZR736IlbG`D^^IBQ_g7B2Mz|!*iLMPbV=PP!1s_ez z?+1$ftT`VAn|qa_vxEkD^%+7nXSDO(Gq*B11IJ9NRo{Q3(kNGw00> zcA4Z0A*^3hSrB0&yvetE#hQ$k3mNr4H%-VMPr+2=A!DC?WHjjlT;}V=9DjYdP6uEK zRX>>%-F#u(D%v`e27XWL3d(h&SH(2O?*%vBqsPWwHgE#?zD_Uy;`*y0#`5D$$GM~p zku-cpx|9%ZlDj)0vW7oksU@=av!R(b@u$EJT4KYt`Sw)PO7rlG$D(^+r};A$+2G@g zYOQiMhaTXp%wr;Ao|n-rbzonZY1#}>Ik*-ef92!_O#K_ ztk=wvtHC>h=t;(lc4-37$sJ-rs@@Y+-|G}h-RHpw8Rxa>M=sGURdY+FqMg+ZhTR@X zNfB0I)9|(#`>whxhu=p9F`fd5zAiD(Vsr1&3)g6=iI?A{LK|vr0&Fcdclti<)%*Oi zE10ZCB!8=j8*1koq1uR{JaZJ3ZaWJ*buKx#%E2Vf^ePh$xj288Tpf~7N{j)nJPch| zuYS-;VZ(S-A9dg_V04`ZHu!;}qjE_YEF82p8>N06YYurA#{qR$8`j4Apk+s8Pp7*A=a z$8W^>ecVMoRzGBA5uW$_{qkh>=}2|u))n#)?gyhE&D4Qg8F~i-ODAGJ)=>d8zqX>1 zEdBVL27FL5!h=a7@3Dqa1;#L^Ft&5|sc+|*HxrN_Ez8Mf#yTDZ@I2ayD~KeHL<78j zIX+z)HsY$c_DRh3Dl6DZe0XMj(A(%@I>T1=m%23lM7?8M=_`|$Jx6*!#sJshk}B9c zU+`>{p#5)IRTgbmt+;jdS`S6q{mQ1A!i#JYOb$Ge$_ffoLm%1&qF~+;-Cao4OFcmC zG>r`1QS1CKmG#kwI)}KRJb+@$I&NCbUKbP!L6w!D@z(k(#3%b%GNl=5`gS8ZZVMe5 z{R3#D(?m$z!=D3(J$n1sf%o-QS76h?AAOGY<5kd!DyO_h`{tiQ8G7_+*tle4D$`Xlv$aN@>-OzBX${eobK&S$= zPjW=+FHGDVEDSJON=P5*65A^{k*s}oJuvl4DH|ASafyl1AgHS#rqkuC%L@^8BTq#Q zfk3?!uQVJcJU@X&)pzc8NR5a8hNAid8TFik7v=Gx6aFtv^c~Jv>w{YWPc7$Un?&0NI9y~(fT zi@$#6CLSw6mqAcnpY|JRjkQ-a%ItQw=8IKCvSSKL4*}Y-auW_0cZ7K&jJqo~a48B= z^+dp;AISrsQd2lsa?Elx@?-x&UUu1bJW{zr_-B=7b9#NLu+IpGd0GzSYjp}L>!xl? z3gMt?&R2DAXhuE2e+>LN^&X}$e5JXj%a7p-k6sD1(YSN@d!L2lfk*iM%Cu*O=?KJd z#s!il<*9&cvJzE1E1Z}~Ll%0SGIe%^GW}teJU|fCMR&Y4Acl!@);s7mB-qF5K#;X5 zDp+NZv`p#D4@k~r|Fl;bDrzl9)5akQYNHXbb8La+%4E?s{~18iwpviE(r%_&aMS0Xcy)wLrg^qtX>L_{p$T!f@e0o;}xxGj#+h1|YgANy{!Wej(3VyZE=qAvC zyE+9x!ruEb%qsx^`a1oW2Ce}V+H~EcJVSu^$Kx(m1pyH-8 z#xtYQ+cdVr?Zm%gQF~|@Ts(AzkkHf9N6u>vY*mYQpM_v)viK|mM$r!WbjyY93Gl$J zN2QoXbtR4TgwrVFaCg3rPh3gY5}p>;N6|xM3*N!z{YUw%b%Avvy=X3gd1;<()gu38<{n%JE(QGYs{F=iZ9z_Ya}`zvIU`AmOC_S_q#d(5KA zFP_0nQc8q6G-s?aF<>_SqYr^c4n<-;JFCsnQEu(}k%DK0bAQ8faSF^Qq2C^>q6e(m zXs_*}(r9b!CgB#xVofo03?)TI!0sa1%vF^v@%+2A1;%J@9IWlI>YKM7CQCmgDoniC zXy7VG?8NbSx?t{^3V&-)lYFzc^^f$9Pidh-MMN7TkEQNrlqbHsI5EpVKM}mRkFL0T zHc%)#t4#h~((O}1i1Hxe#UbRfhDnjNL?AjGP7gob%o6w7hpb=x@M9clI=w8wiH^9W z+o*O4S)wgRJ5}okx|3Y|_N;v>^JelTa!OX(QDvUQqE{y>u2i~zflM*eUNRU?j2v@+ zeaXW3{{Q)7VO*=#AoGW}T!Owy3ocS#!ZANKx_ zfZTti_wQ!ee{}EP&Efy=XKo8&0uI_;{YzUQ%bar2r1EuFoSNwn#a}EdjBn{73Wt-IV*UY1^`XKK3DpUP-b_GX}H%%w>mcs!6=lpPNGjGrx4V z_fK7JX4;D;S?)|fTiJjWY8S*BtVjFTI5XY7s$$NaA1G>B7zcQWfz^?miCbZP7U-jL zIvJa~6G=A(4R(IJVQ_>lGnOid-v1R|tj-6)+HX=~s&s-{(_#lyH*%b6n0h!Es+w_Y z5DE0o)`cC%yr%SC4^VK4m))EGP6@?2N^6si(48{kY3U2^O|ia%mvMR}lR5E8PCtYc z#Ic+vMo|;)I{8T>Gw47yd4ra#0m~~;t4^nGujR||EoJI>>J5#qwpwvn6fLxI`& zr|RIXSB+S;u)^y8k$1G$;fG7?mlSK+L78Y>xS1Oq0#qXo$f~TS&v`P?c zf2Lu#d-otXA!upuawFkwsOnLh&t)Cr$(ZU|M_E$5sy#Kgq0VypI&Lo~AXVb$^<%_x z5zXmdxsGV(W%A>jy?SlCEbam(-Nt#J!=;nt*={REq4-c+@Q-x#iKTK$q!O29S>;ihUzXl_F77>_EZn|j~0Zf7*3H)-;z zsjMYyeBR>Ri6fd!M7=6$ zjKuTXxV0~VB|54{)GV=<9p6fYT5G(gp6>q1GW^EIh`GPBeqcxPzT|mw$+q(kYicC7 zhO+8GPgC4n{T4`};-a~DR?ep?kfSwOkj3EV_0>e}wdOL131niWx?Pd515~XfI5A@e5&!3uB<-e!wN*zlaSFU8^v$%)~i5#%aN>5uSmhv+!1jL;u~-zSoN}h zFWhiMZx;`E=c4QN{nl@emQ%Mc5gyEF7Bst$^SUQLQV;7$91}CPH$<3EE*6#nZg#P# zYajF0mzr2U%5}M3PO=>T&Qy_0=AQSwP8kg|G{b@@b-ib0=ti0&Ai7UVMM#mvftSrs zruGIU<~v?Stxg&OITM944GqjTy!O=S`!7y)`Y*R|1Z>5^AV5fV++)>Z-w?gj+MUe+ ztlB`8k+9FlRAebc=kc^w`KxvZM0iq(Jz#OKqYj5XL~tbXl*Z-vKm#NCQx7Hs)A$*f zHwCZm={>PR6wJ{Bpxa=`7=8Y)o;W-BcyDX~u+Uy%&Za2RUW9|1~Es%8&-ZW`RsbSu6&i3rrRV==?U>6qfMyu&Plp6xzvi1^Be5B~W4%Q0&n z<~{&72&pzn!0GEgYvB^?+D`r>z>=Bi12TOTN6o;Av|Gq@f5 zQeSX8x!FX@4QkwaxVV~9_EuUj6J&dh|J0RGRu}WVU(DL#C0Qu4JR<8+lyOqv!CX!E z?L|E(pOyEYC1hq=ku^-~2`=G`Jjxmr*RANF&j!N98}Rz-X#&qpD{b^^%{4LHx~fc` zkdm+04+UK&zz4OnVBOUU4NKdZS^*bp zuh6N?(LrRYxdh%OJ60W!-dA7J9iHHpAeZbpe_PSwt7hAQcxwHpZe2+6CjF^x`^KaY z#0y}`1b;52^7vRWOZzq%-6%9CdX++_xEs9OS5+onVONJ5pwG2TYJ$7JHWi~MyFXLS z=)OOHBP!WfUYdFW8sNhuULN}fGJW+_SYO3})}Rz=Be)rolxv);lk)#j?{ z1O5sS2o5!wB+sKjy$LqrSi%;B3)$mvnF$NC7O6?y5IwG*fmg%6pAiqn%;xm6fKg=% zed@Ko)&hD@tw$iO<|!c|2~j8f^@c$e9ys)ag_dm1eWwGDy(_3$fNo7c-T0AIpNaSj zbM#Z_K)4lujhC;srke$?+f{R}`xv9l{-GgAnUseuQMt*Ql$2vEKa~6p>A&7A08v&L)R93ZytEA6HmnLr@ja- zHkcdDcroejy5xsq_S>d(Ar3bw?-%-Tl~&2td+a2Bn;};lPCrebR;WC!XD5#GEYHsi zbD&QP>SpfJxU!L_zW;yf0U|`0zYNlO1-;o_M|2)^4 z5+?wQjic)3uPOc>#|^cV6qPEyQ>Q2g>FnKJ13jTA8`DcO2KmN66ALv-1xF`NrQC1A zjs-r&@Avn*7oez}kY|DXGHA%;;zs-B%eihnUL`gq{MSZC)ssrG<8rfxG|rl)Iw8ME zf^zH9Eh*hkam^uXsM_(}WKoCBCNUXb2r2lGj^XbjM)h`><@s2lS%gl4yA3(32GQmO zU~%uwpaoMk0-vRN4UY#Z=>q-l2PE0<@xbX%a_Yu5%(?iRQxW@77|ZDmqB{P!=g{5- zgf(q_5gXXy%GuCFU32j)V@ihbG#?EwfR>i}TvWa{H@Ito91*l%x|vS1#DUc+oBb{_e6OCB;!nZ^ z-USy|>s@)J*=v?=dQ0(-mG!!L@{zIxjXwq%_#+*LD{2i<;uzkyA$F0}@15Ayn8sj< zr_=O0TVs=de3&lx|B+SpY0JN4$+6T$ReS_hsFSkv`Oy5lX1nyv>WPWYEpN|@>5;*D z{>I~y)2VJkFN`A>cbd{#EADV3T$PpaJLOeg0t-Gt%69X7NK*1m9zl_}4+BlUrgUZG zm+%^P#Gu$jk$ov{c{j;1(&i5{v`X9eKIlgk--b@E)Y)UdnXF&X`_7(~G+Yzlcx=LB zsIQmL=HYP1R)(PSmJEl(lp#XCv7s!_r)v^>yxF`?b%724^v}M4Rsl$ z2eFY(%(BRTiff}%IK*H63O73!>SxV^qZ20kilopyaZ53O_jg z9Q#hOZdM=7qPT&28Hz$!30#(WDVdldV|J3=}m z%&UJD4O7*#TSSD2`y4bLZCvDd>f3IiyYmSkMa+Rn%cwVNuH@IjZUEt5>Zn}_wXF1< zZfXNRaTBbb@BysWi2XAg^)x=yp_s=F;9t``-vc)T%~`LKA6>aP)x-s+$kCKLx1sE+ z_`yt2WaHJ8ui$iFmwHN+jIb!}Dy$(^+m%Avro`v7q@>x$n!Tp5t3E;XHPOqWO6oFe z(E&H?{S_RBQJPB-vv{u}t#}@xV!y{}lKKPbioqkwULnz``U;)*hOb{2eN{G>$$dhs zo?U4`)@h3{M*Jv#>Bd_8n*U1YR1=1Zd}+B>F~9b)}5m6{^{D59z(5%{Aq$3}3-kz20Q}Gu6F(DRX&t*0Wg?ITs34 zNoh!)hUz@?FrL?2aGy3pRc0)hHPHKsM{C>-!mE3EDOFMt_lfYI|OnmAru~5__uA;$LO^J|F4|q=(^sqS- zxeoqD?u=5&lCOjvfbxUBLJFIMkdyDRiL`g6m`#Y?7{g_}hOThc`EBu&p+PEV6V3BP7{dhTgzUdsi&?gHVr(FI&Pia+8r zx!3+I4MkJ8Wqp7_4Y#T`aCepeWr9xAs3NDerdAS4eaAE9jxQnMeE0nT;UL|DDDdpAWWo(!y#|BN}45>B$C33AJ#U z*%M>E%VsAEWVf|dmPZCnX4=VF6L)vD3|h<_n=O4P&HO3Yc8}Q+!gu1Te>HfLmi*R^ z3s`i|u2`wd3L3N@x9^ObZ~L7)sU7Pjw3`IzKveoeC(E)M{p_Fr(u8xmapMRSUjtoaAN@18kX!Z_{%>Ia;@3 zlyp&eP}~>^e9~I)jjey%X6YntFXpk|;E@=bQ(@!Gv{pys;3gdcdoY~GCvexH9>z?6 zUNfa-QmnC;vUcSihvm=A?w@vs zCaWo3cf9MX0#o)ExeMf9j|ugq`afFW?SgT$PxX3S7`QK|JYrok7V&kptFYp+1w5$C zQO1jBZFC+`ldIZ}Fqsm4mKAgY_ngAx>5ad6!c;@QDaz*^1n|umB+#VYqrUy5c^c4r zH91M~x_PxGdE3S-jRrT@epZ}wi5tgN9{k1Y=4uj3kA zHopRTx%I$TEH|{DVZ1DhwO_BhN-?{Y-08bh{{h5KIp7G-8ZhhwaHuF>oR5=-B?jmp zH{;6E6`8*atQmI*G(aHjAE|MqTvcF^nYNff!6dksl#eZ7IiQ|@WQ;?w7F|a9dSl#dZM%IT2KRpUtEqw*3p5D3| zyT{g;Cl|*3JNesrbT$}d$eA3-Eq=GVXzOqhcPw3IuPfXvf22tV^|V>>%v@EhJJfeG zfaq$kOV*?hr}|F1G!Bq^Ih3cwq5)6 zbYM3j?)EJy_qKvi&BJJ9P7CiELd%S^;B$Fb#0IlXQ>=YCBD$cAvCMu0JSy?nJl5uQ z@GkwE!Q;jA2{jX)2aUB@&o2cBb!m}0O+dI%(8_%vr~)9=L!%pBBr(xsU92tr9H9_J zj9Cry2?_`6-qbXfDoME9EB1#?joS8!O^&p!IN-Ln%cBHEj~ZREo!l9VluW**U$N@B z%^M{j7@N`LGsLPd&&8UO#{q>moscI05o|)~+m0LI0Y6@DMwOCwgf$xX<*c&gmxT!N zyL3!+RAunUKGLbE_mct87!CuysT3Xkft2EiA*_btl`+bv$)(Ffa-Aadg4)wd!Ii~F z?`IZ4eUDY04|Zn~v-3|8`Kjx1L!V1~^QVy#K2K}#JN+14OMfru+(i~!L%eCi6La~$ zh5dS1Gn%Lh(l^}EB0}ouFIK9n>FNX4>4IMobb-?PrBJj^*flT*w5EakxY9h0n8kmi zvS=U=oX|neT=DQvK(2v`76Ez&cS3K@vgM&|%f~FC?cC^V#22~faDA>yeq2{eK#m7?$7zx$==BQK`TN1-7oD>q@q2HIou7(Q>T%KQ^sU~U(f z`HM~@;EiXgVV+0FqqrSuo+7nl%7d?chrY2b*~r9D> z{Kd{GkkpEzQl}dZMN&fpuOlRW-GISIM?FOd?O(f6tLM{A8u@X3kiOBMK?q;5ehz*> z2F+ZM&ip5El||oqiixF?r*-DQzUbW1Mw55bWn&MWD#NCUF93>Eej++S&5sWPmie*X zb+ywm2rO(_FO$kTX7m%R)4nZz%V;i6#m77dfC(}vdi#b&Hy5xvP+vT!n6SM9OR&*h zKAyTtAG+mV-=Dis+>*{D=+`CAl~SqyP$RQDkqCr?_TNl28V?sRvMt^{@ZRR>7O|@e zG^|#3D_l!Z!rk!Ax22|F8a1Of6U_7}thyQ)RADFi@Jfe$^T6T*{-nqo4UoQurvnoW z%{Z4!w5ksQ4MvH2HcyAuBCHpYV^>GuE<}yvItjI9f7j(Enla zB4^$-C#}O^&eUY8q1u6lRE%39T_ait4*Cpm%DNGL?fT%d%&zU$HkXQVcD3UEf~s2l z=Rb>i{Uh~tHigRh<79Yhe|LTW=e&qpjwj<0APIc=$GB9&Rte;Ygu6(=olKP3)42w) zz6<@#7tYQPlASfb_=Sp=3Hcqy-Ao9*LY-{KH2 zkbV7e-==tH5_1}l-!LtX^a=F(mYezG$eYRMQHkLHFj`yWwH@)h2JzoQG$F53F1vd6 z6=h878%#zk*RUFRnIwoi8d-Ij%I2#y=ZjN7IYHrU(rTcMRpwyX;Y%7$nXoW{dmwad zvxkIk_h&9xcQZhr(HIq%6fqJ&0dw4n_GLl@n%A>GRN|89+c1AJEeUvKFstohKdkM? zbFr9^oR8Du$6x4~U}-y@6%<+#)Hu-|7hJDN;fU+NJZRek@6b{g5ZqYpcZY?dr_5M^QNZ04k^Hju-64dXkfJ0_CZLVP_MWv z_noa90+U4n^j-|3*vZ!I?oaCPdvtZuG)g~jup`!qdjy@DF#7q}hO)%|)!e)N#Ac<( zcOREuCLt<2&>3$oqb9@C^oD{bUSMos-A9O!ZB7BTd9^1!DPJF~XX_{xIMzRqR?TU? z)136Et<3IZo~i0JLGRe@1Tqw8kLA#Mz9H-cyG*^^G1*&OiWhv@A-^W=tMa$yYEcMS ziZ&^=ryiL*QmuH_Oc}o+;x?a{-+qmovcs@J=A+H!EUueK5EM@n2b&7`Hb9|^w_!7;1a|FDdQ*NzTP zt1@@?(x(W!##XQV!ommF==I%KXKBz9vauE3q%WC_EjiiT7RAj!m$d-t0WK^5W} zywfn9#=NVFpEkA6hlB}zByace><7rd!j(id078w-Gskv*@Ld!ue7>`I8s!d zc=L0HR7H_)ti0ma^;S;ZXeRNZTj<5lZEbhvf5$Fk=mdv5@Nay}Ujv&?HMqsz?}3Q8 ze7a#!M)jV?u$SYt$@BvZKqhV@*~8V9pf|*CmCz+*a9Hg$^6rf>;jrHviKed!8uX~%-(pCWUWs)2>E_ch$|zdJYGGh)%CW(49Gy+&#S%rFbk>KVh6pnA}!nXPf;|7Ae>Un1BpO zk8TPrey-Dc9I$5=m_M)sVc(Cfo~55eF65^8Zc?Z3EwKDohJ(r%PMLlXd%4VEL93a8 z=g{7I$=gfjm9!1<@$nT&C06kT-%m~|OOFS0zeh{)Z5ZEN+apUkJvzvz3u=17Z6*eU zTeDcHF6Q){uA+y>EvuaBwhsNaE>e5H2<9zEkIx-3TBMRJ*(YC-^=vM52(Zfj0y+E)9N=vn(`mC@{K<4iHW`5YUww~NRtw^6c4b7(2TDd?CfVmdJh-x? zjm%HK>dp{tvp;P`APbTm&;3NG{6SjfOfSAY)-M{VC2Xtd%g@;aK+*iZshuy4n)n-i zSo);+H3Re-VH;4Jn&^Ql`Il{_7FOK&6xNuhPU@OJ`lHL&1o30)R!^slsQjt)MINrn z=+MqR%hq0NSbld~lw-V0v-FykcisX+({{>?Z`y?rX{!mlgH2(TMSDX zSAC_%34-J)(|jV)neKA=x_4tB^%Nm_$h)((=$QXawi_F3|f9N<9Se_;mDO~do(3z z2KzRIN4VLSiIWb%d2PI)7}%hf*-aLEVAFZf>1^6w>p^os7&@UKfq{W(F^f-*S17PS&g;)qSf6sv9^EBj zXzJ59cP4wwP;O5=P`Fk?RMto_-B)N1f+JJxCB-xV_X`48_}of$wA20UJZFJ?0cd~4 zV-dR!)VBIFHYcnHQwWj3M&7y9oo_VzPOwqneWp$%D$dR{RR;ME~nOOQRnx!Cp z`8a1}@UiP|Z!x>7b+IgNj5tpN4262ejN=5HLun}383FAJLVuqmw*)@5a02??v@WXn z=QAN7bny;>>Z{GF4jgQ|vwWxYJKEC?R1)sp{~8FE-M%jQtuH)t)xuPgzsNd`EOr0= zmVQ-7ko%FZJ2K(xN481!QkG!ZxQo%6sU^IYhO$`j6{CN^V~}HXLZ9P<{pFA9ldU3& zX)CW`RP?-6?3=+Mpu?k458T7KHu#r=m+q5)z>2(O@iFO*mJWV>{O6NWR6U1_68UQ4 zednzitKZaFM#aQOQ7^C{?5rqmr1I)W>Z=8SQpz&O`zGlcd|yxJ9a}>m9;f|o_#&H) zCh~Aq0#B%L`R?mRJ5uxAticP`hyHf`O}D|OKw3+7acLt^nh*BK3QLMBf4`P1Sz z#ia&md=zn9?VteDgYro?bZKpzX)IqmjEM))HO>5ybi09KXlJCR6sy0B7YGc`t7rM} zo01y(Gfxq5FOdJ3di+C9TjVG3aP`Mem2`t&5MsQ^&DLJW+W~VIMRr7C=!;$l!EXy> zZ1*d$Z1wAz=DA9v0kXy4AJ2$Z^_l!sn7K^6G^YYDaqO4i#k>Eaivk=B^yx?9_qLla zlg=xV@|9McUVko^Z&(em3>$g<#Z&)=eLi;a*(f1&V?JXP8{^`8LliF0g*&jvzt=*p z%oXNPxOH>|?5+QHc8)8-56toc@y*atu{*n0sKSnqiOz4vrk=+fmm|RK(JaeL3|S+-_&3vh%$KR30B+4qv|wNQ)c;dNY&z=kPTAXs;29;3pQ z$9&RHF9&=kuK#f(gX3R!hNJ}U1{lLpjo2atWzNM~iXIgRDxTSPOVyI-Yz97LA`89C zTRNO3<~x5nEb;5@w)5TBW#P#%kv5a`PS`7L$Ad9f?zB>VuS}_C#5hp+!yOmjRXUR?0M{_za z9n3OIk;4h4he8(Yl2LxK!x)#%vmkrMshBkrZSNV69#v)tmSr|VV3t?qZR;}O8>&Ui@63h_2U z?DmKDo>r6#^FriC%0|0`>vM8pCqjF|q~@lWSbS+4;A-DmgXL7M^b;-tV0yhP?Cs4q zKk)j*t4EC02%x(As@O$KKltae&Q6~R)2U|KD;lQXdWczLbvz$%1miEKOI=G^oocQ> zhS%CEC%;;4uuEQzu?7gGw$+ykD2j55usNIWXYCl?Y#!0y6c)a%NYmVc7$6@D!)r>S zTQL_rDmb!J_sDK2ej(A}!ssriZGT6}5XD~k!no_i>{#|?_%3Ms9SyT&%U z^kL)6u0C|-FZ^PT>6=^*T*;@~AImoD|LjQ!i_3`xc)u@clUhC60Xd5C&o4I7oVCEVzR7OEDB2Efaf_fbx!aPvvAy=pdB4ZxebA3@Uv2m?g<#{vY<Z+vd=mDzH|3!=iU3~{X0KrTWz(8Z;n2`F?t_; z>d#JhHgCyMnOzNuTzl4=UO2|FTZYdv>*?fJsA4Ld9O8GuN-XK66e2bX=?vvAG2PW6 zv_p}+%;@vic#j)vw%>z>skN5ObfXy*P4buNsAAiLn6y)u+JwUy9O^G0HHykKlaEl^ zmYMmyzn<_}F1!4I&#L>f>}w_0X`sbE?UzdZ{C54w3*v0FKUdfezx(JExnB%2 zzqheHIgwhk-vpb=nR&J~P;`92e-qMB-KY&5f|YPKnFX2L-A$VVqK0yHf!<1Y`rS8M zVRSF(IZg7m-@3QpI}LGrF+v|DmxPW07xYadYD1xR#C=y>>MM?skI+<^BIlS=Yez17Oxiss#Q=Q;R$^~NtlCC9rSxyFN>qDd0@ z0qVR7Hp1A&JY@I1v)(PjZIT8ie+)dB5<*44m~h#Z@T{m)3prBxiXv6Gb?2`!$q%R^w_ zsb`u|h`GI+oC)FcyTC43H`NRBjNl4gUA?~)r${8;EVz-w;$$3}zQyGmvoU3F>h;iZ z%(wmTlPT?7xbISo%hHO5MD6V%W#~6350!s(#Y&#>F6bHr zME|tZg)5dtXot0PdnD=5Bt5+=RTxtgA}`}EJZjO7-XNgmAIt6u304E#>6jfl?t&)!8GFD8pi-w9NSt<%>- zwk{Xci*}|SvnpDw5$+`xkbKsk^fqx{T-`F}zSJGU^%GblAl<(!0(U4a`m7M)mRg;) z2K`|zS|}fmo4(Y;$h2^1d+<0Qg^>`!h81_HWY8@*a5bGww|$c42(zxi-yJT{C>DpS z%?l&H$a|a{Di!wC+=qtI{K5+Xd{!qt=W*+0YVs}ePX``b`Y4PCRIWGBxuoh3>9QB% zaHc_y+-&<_4UGgQK~Z@^&y?@O4Z<5hS!vpf4R=q({cc$@fYxlMg|2zj_r7v=Cr^Yz zvaQ)-wm{xC=&tef9E<615uf%+h63^435jnIyYA6L`GN+HXZw+OiDR)Z$INf=XT4Vu zi#5wW;3pE1H&|Ijm3$v~L6ywPUul_d(TypNA^k*k z%cFo^_|S4E4w6UgSdTk1dPeJTUbyAIq{DmX9l+^%p4e%1Rz@Q&#!7OEa2AJ~!8gWE zpCH548wVZ+q(co3$EWH+BTXy#JJS2KO6Y-T0)Xx$po&Je_A(K7SxTseI zGh?xG^?|6Caz5N*M(5HpGuTd}D%Y{2@rbpSN}~yYJZY2Vx9Bei5q8yk0Le1Lv3qeT z2)_s`x=0D70dArQu!u}acDa82^9Fb)3EBXs_8&TiP;GnBMZi`OJpPFdK5wLuw<5`= z2-W)>pion|f^=uL7^>rNHINCd%5lh`;jm61n-Gv~l8et?i z5!_%4x=&1>rmI}~mg%wDr^<<%yEw5OW7naJ;`;M^DTHK`(^+CgM&q9#{ZGXHz(+tp zw;vXVMrXBNQ(Y@iBWp=hECfRCUla`D?K?5m;TBM*&xCe=a{1Lye!MZy81<^Lqvb_T z?#N&gnyn00R=BlnI5>x*AHQSTAvx_v#-Z4 zZhz1z(`qeCODpHOioc?rz1RS}|0Gb5*&F$lHG8E;>nC5&_TPT05opdXT>-eL|7GT@9eKmM%3Bw^$(!8Cr7L&TOtjO;uP;a zwaILfO8=qwbA2D%tO7KaG*Pg-T6ENoEgHH!pNX|mX!|f2SYKsMZmhE4Rk_XrZreuz zpWHRhI&~AD$hcMd6fYYs!>`e`ey`WK|s!{NC<2ov`S|Kj6E z^x3DDQYB-Z0<4YKRoB+6%b$XJpP!zdlGxOUe|vW5=yIPfNwjd()$I(_aW2>1>=v}o z?o3>9Sgk~&bV(+0n=J1rM7ZDJytwluow#|}LuD_RouS#eYont?Fc|b-MDu@YKG4ch zR#C>Gp%XV+>C;%xyH&DPg+vTw<6G^$+B2^5?BJ65_xp6Y0laTd{yxoJDD6m(r(HR5 zO2aA_DyM17ZYDz243~NJ6&$uo#X#<)=`4hlr#GU33lfhUi$-+NTCa|& zuQ{FkG;1Y245hjo^!dIyF|BbS;nd%iHBtPIc&(H+C^UCYW*>y&{N{5xc&hD8C7hNI z89`)#`*fr5uojAT}S(02W?LG2QmeVs~!7FeBE!s~(saI`duv ztP3(wyZvqEEk37peYfE(znGPsXsbC)RQ9E;?+N zoOzvp^Nu&h?GL#)%+#U1U3nq!)Ls3+f;Gu6p zY>0b=(Xy%#e&4VwB#N9-{p@@pyGp}8tC@xs&GoF6q*!O&16+li`=i!X_VHmynj1XA zq`4&`nOcoJi^us-Gv+3GTIeAj%0zL&j}iK1XLSOxIBVv=tejNJTXdah8hr5$jH*CrdHSs)*hn6q1@k0l zy^D^yw^GV%zZRJDGHYZ$^Nm3COqYmDf_RimMEs&S+~9|b@a$pSC8h|I8(0(@ODZpT z=8#9kY^@PqmP2iSjCEOO(i~=6%WmO+Y$N}PP@&zEGF#L6B0B^E!J(fzu5c$u(AvE0 zYV@D*V-<6Pgjbiy!-$aDFnI}V-sj{a#D*L%#?`VjIFHK#x<%>5%S`f_2N%L1VM7X) zx)w1~5Q^meQsAvF7r)A3+x^V4a@n|4uBJvOo_x*H@vdfC2g36(Z!57Bi!gRl!PiH; zz->+YEV)9*f;YLq{|dj#)&05zP>lEfh#?r`6u5HVlfRcb(eE_)8Oinr##uR-Q)nO* z75#a7I==Mw#HhnZuK;~_&Wc_bReyaj0{eu^7Sh1@va=hG{KUPuD!N$!iRM;a^BZ#&Vn+$WfA&o>#e6*RY{m=a4(j z53i`ehM(k=CVpRa>pjLLX|8YgSUST*n^&QML!{+B;5NB>^%)0ea!~kaf6Jn6Qn!p( zLdoh?!J__Pq%)51Lse{m-xT}{dNvt0h))|m5H3Bq*2765<2{9ttjaPZy~y%<_~-Bx zi{Fqk>#<@po?5$%gNv;jZ(mG+-${D4wF^(*8NFTS}&7 zh7f66#(H_K8w`Y!D$8jv4@^1cTDA zE1So?;F{DUGU0GFOyDYY9zn#P^IifEjX1< ztXRH?16!uX7vlE8)8PQiaj%|Zj+siKrVx0XlAP57es$Le`8)s6;*tV;kN6RZ7h<^YNS^{9z(qjA=b(3@pZ z>0i8JeoHam*n+>S%sk{9V=nTiIox+wt<+*yt4Z12@iXk8Txzk)SgW74_lM#%uhYZh z5?Q1Umf6~*qtyYY!Cvr9_2$s#?TAP&>6yrUQ_Mfv;A}p?KxqoNwBrm)`mU4plK(jz z#CCWb-V^Otl4}TMJiwne=izuE3OZn>w zXO*0&;IcLYFb*gT*wZl7<4$w?b=l*$#Ci3Z5q)vS?hma;wx~C7P=|n>#D~2)NUkyS zZQ4d>>tU9fz*;IL@%dCiww)1E3%H?)p#J{4s&~f(bHM&(s<6>&PGu|)ElGhy z+Rga+BTsS(XSC@H%t`z!4ofz72&OqOa^~zqwJGe)VUra;`rqr|{{>**5TAUcem{N+ zoYpb^%>UICjQI0w8+L8x zi$n5cVVtegv8l+PUQ$@8lbkhZ2h#XyuL$Av4`+uOPp%EI?J4R9vp3z3yjnW*d2dGw zfQ{&G_~Hc*Bv~um(CVTM0%kf)-A&idd*yY?>yK(v23UcFgxCt@_)d*_N$&dnkFz%2 zt#2M|&Y!U9-VS}fKpx6sv%M4fGm*b`A}RDiQXUUenH7)ww5vF&t_-|C3o1q59TGAz zqn2qS{^V(3aBQ%bqt=11qx*kXMurF%Vp!QU6miK- zo|LGwON($+tjBv6J+Jww;Puk9e*P_u)^g8NSP#SKu3-0I8Myd8c6ku#OB0W{L_T&Yn)+dU3`rbzfI(&8zOWJo?tP9@Dv4QxfS^frOi`3nttq< zW`2$~y&FhgQd~_WXO{55-SSFUtZQG9ukr$q+Isl)<#AQ=l4G%^ZC#U+BH6l37y=JR zXy;X+OxfJ$Dn5j*Ke$O9yylKzN_8JJb9m|Ja5-&yvZbcF-4)MhV|H)=5Nx!g1b&$v z5t;0vnmz5XDnQSN*d=@?r|`02I39o_S~H;mR1wAU@m zl8@m}@7U)la@xCZ8NxC`TLJ8B?W!2r%;zSW*k6%eFn}ur)<%$A!dB4z+FWa(kodqo zNpccRl*Sc+wddKxKBzU>jA$vD@W`k%^!xZf#q_^*z1|)XWj}OQWt=l~bbembFfg57 z#WzHz34nUT{m2lRxCv;had;=ix$c6xR3f<2?to}WA?wc&nw1miktpw0c0dbX>&A4j z&g2d2E@QnWK4Z=^;3Z=2(9Qp)!en}DIJV>r4GTu?|ETB@#?jE2v0YLbi+53XuWhdi zIq?VGiNzma(d8KzsrN_5-#T{G7F!$jeUZ2Cnrhni#E8Vu^r_5(x;%zN92v$z)6Oa8 zbEZsigUD=u4$dvOXYD0I=S`0l~K;5JcH}QzQ1`Ums zqHgd{+IAqq%3A~yQIIA_GJR)D`*wb;E;$pw6;-=zGnh9+GC#Yfpm`X5xOm zW0am!2kk2ePtaRXZZTnsTrJc>#YJ%~O!766SCgojhNPZF3k?kX0Q-U3amp#;S9p$! zzl}BlONWrCkF5rVP<`r`>Fof+bxdp`i-$0SunTAstHI4DZLlgv3C8^*R~~?+v|tU% z`(>;@(nmHrU?+FTn9MV#cjLH6yiPE^@Nspr{p}$cda`+K(p|iIjT6ysiZ$>^zuG+yZsInAc9#C$HotEnZnVGq0>mhW z^@aIphhgI1I`>3y!I0DjDp)kC9OstIAynTGz^w;+I~}qR6$pWDDxWoP9Jg51VI;e! zqH%?*R|`1w1;DmI7- zZG$AvJ^uAfi}iP@RFow}@>&PU;*+CevI!f*4yoQ3)-F;d#vn${%Ir>}Va-)3pcIC& zN+!!8EE+c6%_?r+>vi+`x;V|e@oMIhomr?4poy;XVxK%w5XU1N>byiem7}o%86%wc z!9+#cV2{mwdMb*4EU?*$E+YT?1wE~Qa&y6q%9sPI#4ClwW-r-2Haiv}>>zg-o>NoM zdNRuDHPIqZahbqRgADyih}@A>@u+~4jn9oW*uc-AUtF#@!7g&ye-bFUL`v`)mQKdZ zBiF-+sFqbs*5Zc68(&C!yRuVTCW&Q~FZZ(_Ez!o~7-8&h4q#vOq{pqUAXLMVXIpdX zyh{e($5ij6^F4gY1F+#+FtNn1R((zmJ+dWGPE~OJQKp=$5yzQW>E^r;u?@VKX8)%i z_djsJ?^FB7Cm=FFgd6|HBxi-L?Q?^XPed5h`;TwsGyr4&flPQpbTI!972Eb-H5qlmLWikNvd=D9e@jg)8%TIfEyYZF<>rMwE z`#4i+^zQ@$QLvO%X@yA=tB~de=RsP_Alg9ffW3~o$)E|j@!yW@mn_UDRk})Q3}Pns z51a)aTrCGhSv|)x%L$m6Sh3K_dx*%k(+EU`4umodyv$5az4}?%1S+fGBL(O!Zzg{m z@J9n#aXMAf{@UHzIMTz25-JtSMb0~14+0fs9kOgZTE3xbq)BehcbZZalcWZlK%^G1 zoPN!GF}|HO2?JVN06Q}*dmccQ+xpiVKYQPnx1?qArfr_2iSnpIWOhyVBv!jKcPSd( zcqWGzE7ue8MBt#oS)krb@_p@n+P=HW0G*5qZOLj3jCghOJ#~Q>-3zIU)P!8v4!=({ z91rNFZfCeBF97bM7dq)hqUxaCPBzm!uY{O#2^^%z#!s8s7-Nk^dlD) zFDaEWQBzfA#$I7_mK;dSO&l&wW?qS5NdRC3at0oW-}69sCFz!2eHm*4w=J(&!YF}K z&!2I2XiGO^&!|l>pjs(}&%U4L={Y1P4Cp$iax)#=k4&{2e^Ya|PQm&?@>m6uw5vh_ z_FTRv+e!aIO0$QZ+*WKu=(Qa z!};^AeVYekYDRzrWE`KqtGG+q`0xVkwm_2R6S_PK`XO){K)XjJ9b0;43nPJf%QdrG z*|+-I%794B#rys8aO{s(YmE9JpAbt1LFjFYN``ZKRV2OTDA%y|fbf=fWsm5(N65_J zC~?scgaRQ}^>?EK*O%#7e1^L;3CJ$V!X zaQGx8GIW*Vb6yVX5v5^gr2IhodjG#upBsnn4+|CKo{k0NHcBB;+>@PK{H}zp3-8h1 zNw4f7t&iVux%J9{;_~Nm6-&ZW56o_~az!e3IMaKWiW*%gRq_ef(y8X+ME^UzB)H`h z>3d*f{bBSQ@q0uyH(^+I@CAG$DaJoG)lj6}Ua6X!jZ`O1XMuNc&TOB9$sKo@<#&ZP zd}%+5+X(i&7>dpz`*YIV073EjimDhXwZ07oTNfVq_phJdvoW=xfK+UW6c;njPGUV7d>%t-uqj=_UUS48P3hkj>Y8~nLT^pqd zi0?9acAOOPKB-hXc5u={w!&~$OR4sFzRM{u>F7N47Mq=noh8(aN?J=&&*%+CZHiz^ zSb>P0XGZ48+d*J^6oy`<8G0D-RrU@o7!Y!C+=fW%CF@V^zh*Pm`% zlh<0TQ(tEk*1Z+`^YCHn;TUDIXhbK?QYRxs8wtOHREt$-%_*KH6I})(`}=DrpDl+y zD%}`g= zV%IwOJBk^!>HTG=>NH*~lW-HL6EacV%x!}q6T=%LmOj~6|3aQ|@07^+V^ewBWZvix zk{3$4i*}%oBM6SpnlKs>zEAxnO&853dDoCQ+^uqY(+k|~7(-tiq}y!JDCM+X)|}>6 zd$X^%r{)9MZJF-gjNT$UdNTz$nF`?hWVMRw;~t}T85M7^G4YqQz>z`Ya~kYjV!uL( zyi9>5E7lc6?=RtoL|w{QYh^9N&w;PNU16^C1>E|t_HYeVw4rgaq%;}s9`)D?>O_KJ zmEplRv!GRRfDpJClUva?Rpv)o;j7-SMEBL5QY6YrDh?i~ECBFHi?6&`Y;zfm$3rzXz=5ri@`$> zyybfWSc)1@GR?^?gba=Pu?L+5&&tHc`_HIdZ2uMGRr5P!tB{4kN>%T*x&7PtTI=-- zTC>%VO3O>Fo!P0Orl_dM-y+6m=Cb}g!;k%zPBRDgzF#J)P>}D0i?p|3becq|lCYO=7l?=#{Zgmm%0LnD15m*-()r@H{;jSEjSOS`gYY)1r!BvaZvD+k>gO z%KV41l*n*M0$1jl(8qB@z8gr5TL48#>}hU^HSdnL>x2QA#utMcx#>tE1HcFNWFoKH zvN73=lS@s+`q$cAl&;FK3E6;jOxYC0=whtVV;3r7fU&DNso5^x?5UHa_?@yCzi{t_ ziwh{Kx@j9=rYwYF?FDBKKAEO>SB zKZpr9cZs-$XttK?(|971WB2S<`&o+-f$i;ue(ND{Zq)lO*v+L6igBZ#0LZrMnuJ3cj&n7jd|eQ!H@Cdc?>HE zzMOXfs}V<-!C}|j{!_x0aE;fZ3B70vwH`$0lZPs7)QZ{cAIzqjnI6OkIhTYuCA`5d z#v!D|hAqeK(!oX1?@S7~w}-*CLf7#k-y~Ri7q6NGH&}aop~w+0p7?PU*2)p?ZeKUm zCKHR!qCvd=Y1Xkn6v!J|%b{gDw}WD-)D3wj+{qB7bGZLNhpM8c&S9hGXnl5)TX!o{3?^ElHSZ_1&a2 z8**z}iob(vh$$iaWvBl>dmq5yUcg7K;OuG9GDtBk-t7@GKGW0rxjO0mSvk1sLJhC8 znVfRe0zaEs9-H}wxcKH}_ZCD)lU_d4ok+B0w?&^0HTQ#bdx+lf*X>g*bw)B(iHRa4 zr)ScwHs^Ir%+}rWE*p|9%xM{`V5WHC67USZ+2@f$zP4dXua^|2D$XQfj=A3d5x--4 z@%@*u^Kr1T^SIoEApW$aRnyiK#1TeNPV)m(A6##mCwxqBaeUQCeBl zW0nBji6%Hxr7{-9bd~LaB*KiIZ%r9jA>iO^bHBq(s_&-&@xgW+P^smwyP5|l>Bw+> z)5FZ=mJGTJ)p(_TKGwu1v4{dfg=Mh$`mX9x!h>_7Mo2&jL*`;NXhHP+m!~CJPn#+v z_b}mHm8+h!($QJ)-k$Uc=^CRLu;#CK-*dEX5A``CiOarQ`(EuX`>W`@BZyB6Jg3gU zB7uIU_jKwP=tk78kJP(FoP1O!yOtRl83DfV<2aJZ_BzLFXNCO)hVY)`cj)Lw^Dh`yW`7TD~_bT6QM) zwvs-ape#ybi1^PaWbiry0vgcmP;cajMoj^R)R;UFWPM1ws--+xFEriV=c$%b!l_Ma zlC6g4HCOgc@kzUc6!;UmXF9A)LnL5N;~tP>3FSURBW5cu5lQyFE3w~Gn$KBC@6W=6 z$I}@^z-ij`EPM0hmtG8`wptni#cA+g{OGIEsa@+N-P#&GNVLl`a71`M7uY_4r`;7g z6$+|&sf^iyUB7>CZXa!*p7$WU?u~@I7xYo*QtL$AAXn!~?2XTZl6n>Zx|~yC5K6C| zK3&xOok?%nWnDhQE-R8Mi-_(>*rdKh>w8|HsOAlC3`RmoR6OjL6@rn|{)zNjXf&() zcKad(60TMX-)d$eka}?ZG}z()F1JvH~2}K=+3N zU5N=*$}d!S|7b$RGT2BbJfPQJj+}sD;JneS?uxsk8{Ib(+KM27Nr~#FilKH;p|cId zKx~=R+@)&5HCCw|W()hvEv~soyqm+JiQTrQ9KHBfIs=2JRl3GOn%gN#^JNr^j-k=0oGP}XCGN#&o4YLp(oSG7A>bYC)0 zjB7_EF}mjlI%DCjvjyOWWCv&5Uis7MbRVqA3eSlex6Z;1I%MVfK>#}+~P-|KdQ z@g}m;F8kk4r%v0Eqt~wZ55G5UFO~9yhsN7J=JE0qF>Z|-3u7oXux&>6;SUjw2qi?ISg?jY7q`8dKw*r&<-~ zGgzJ3^4lKFf>*W%!KvI-=v%f^UY>>kK5?bepojGr-Lo9&l;bHV{Iv4E>%yoM^b`md zDXYECz+|%&%{%*HT+yO532zs4PG@|UHFz}&N{b|3Dfy?)-#2|FW zjFaY&@2VY6`22WX{N|0c;!5SwEMJO1^FJVrp$yPk*0L%W7Zf&6IBZeHRlI~DQuOx{ zILzz z!pZbhIiuAT8F6|{BQF$^a?!FM23%mt-Pg%&Qs$Vz)Hb@n$dItK2sJU(vn<>4(l{h) zQx*Ns>^$eAr}-!$(Fa9i<#M3qm_X0m?=%mB-jRT1gL}AX#JcKWQF#n{OciQU2 z4F?8pTc_D#)Yk%lj-(CRV-W%H#}C|QWQ0LstP|u;Z^YnoM=1wlL-I3p0bHWGe^;59 z^2}hLYAM~BU_Ouach$I@(mv?F({9vyC**5@8kLvkCVIIXD*Eo&wt_i6&AA)Q*R)|SUC=FDG^P*pF z5V>GVaa%FCl;S_EVZB8{(JxYtu)D6_;x70@vi`2@8UffV*M5LMc_Ib~MBnkzObK1?)A z549Ne9gk(r$<8?&K03QCJQ-0=6!o~aQRR1j(mB259fG1su#?!-(MD{1^wzG2?UUrM zto9e*0!gdwEW=G$qF_#XfX;J_9PyB1e|y#1T(;&q);yJ2d9U(veI62`)L=)t0jI%C zhpO1L=PDSU$kr~oO@=bc3)#!eqvmT~Jv>{h0X!p^j>yxH%&_sPlyZqOJZ{_LP_;GG z;qmo9(eLIwAw3YuHa%F9YqmTJn-ob9c;okXZtHE{II7x1KFLjkITkNyPJ& z0}hUu9hp|#E0I5HcJ6{FC)4Y4yj!*9yTzdi%d4Z{S1D z7%K{7D54?bSW4eDd!alh*?Q;mFBr+mfDMPukM1}e4zP&XNP4p6#OAElVLY@3dMb=D z_q_DZ4)=2Z#%BG$8g9X@L&B@4YlCvl7Nj6+oVOOZbajFMLTmr)pZ-Gy{_zMQ8X3TQ zo)+-wQ5+bZ@-Kb!|0NXv*Udf(?RN$^G+Lb*>Hpg^d1L)B#CbE5{>dEpKPUOu$N8UD z^FJ2me;(KWyj}ml#>waHAfKE$MtMcWbSqH(SWL{*>zlNd)wInCX=vf!ApB*X4qnSu z=Kvd3|N2^~Xsf3OZpn$bqIZqhKsp_^m1X^_a_&#%M8!#;&~AsS@19>@%qG6zo%>Om z^nY>LPpl9}AJ~baCkTaJzMnk?5UpsD)uE=u#74c%ftZv^HonSMoOv!y%5)3UaiKt~ zI>tP^VGpV|z{c6#B+%IqcFLTOIeeb?`Jqy zW#TQLhQjV|uxC7Xpaz4H6!pfTGek8$5v)IGH+$2MT#wKw{7zss@-|B#tE-HXy0q;` z{oyQoKH||4A6T&TL68+IzJ^9L2YYh;jJ(}YDG*uV4C*fJ*1XXC5-hnBUcY9i++hbo ztrwma7O{5DP^d2sLy-~1{=IjfT2dm!!~TAY{A9Tl9l^?feJw!=BSj-yM$fshU1_S& z(cE4g*AaMyS$&BO8XtaZcU%&mA*jA)S8uOMovb`1t=2Zqc5Fry8Y^r=EQ1~nnflMd6ip4GW5lP5N7=Pd>7Xnz%sDe%SUYvYG1hsCSf_T53e4cAUN58kDm9*af3q z%kq1VctJP))!uARY=fa#sH5gCuJ{Y=-buu;6=Hu09JK-qMTCFOVhxTfk~8_s0s3JV zLtSHgN2N$qD6P?(g2`+~kd~G69rl7ZI-oKa6>Fj450J5n5_8j``t-3=75@%Sonx>> zuIYPZ!wllb8R8oYPxs$lbi0oyb&Nk=veEeG|24z>+W^=<6Ong9cb7g+WJ?XAm$9XZ zw%v;9x(^g7%z2oO1g6;P2gMt$Cu?PQXO2e-qbY(i4(GSF8KHt__@vK4Y%nU$Hoey~ zZFvDD_cMp5w+1}5%o8!A&#=%eJF7A6)|)m(qe3nre{%4`u6)N19)+6PNf(qiKSHx< z8O5XpRx^l4BUq&a1u#T%>L1xQXcu=yCdLz6umM)2A3tT1lm0wWiGbM%$Nc44VzwX+ z*4dz7mh4#LOk{;g(`f5k^Kgpsb(&;r*lhwco@!d4$u-Y@gw0W8|)p4~8EuZat6YFkN*ok9hKZzmj!L z<&crlZTjn#Ph^ghiyLh9F~b(2MeGR7qS{b3MAO7*5TCq%Ol}bS_-xxGj7>xihOcJp znlAh-GyD>X)Z8>y9+}9Ys8Pt+@?@#asUnyZ>u)5 zh!1B5THA?H_O(3o3>&v_t5p5L0%O-(&qJkmnDw;PG1q){C|p|_+IJw}ro|vK!516> z%dd9MdD+!cUqi%+5%+U@Z~5X0q)if|>-7Fs1>9A+G_U(`w?DM>EG{Q`y%EsE*h8+k zlT5GAgPg9NJ$b$m{0qDMpC=jr@gn>AB>m3C1}B0WAJSmS%rr}+S3T3r_g%2aElYU6{_Fwv>;5xDIq^n(wDa{=Nv&V zRL7!QxGmF|g-#!$Q))cPE{#&jq-wJLe$Qp@K6xqXe5^HEZ~j#HT#9r#!%Bj!bf$UY zAxtL?i!q(WS&%a18nI_^UFN~d74`N(zSs@Pkpdo=j#d&J_8{BtHR`?{j(&DnQF5#{ z`Kcu6;v}4h*r;MN9q-0HkXtv@-`D6b6H;%|3D8Gueh$d08Zb#w-yIY@Vk1tR&}utD z@$yihQLb)8eVT61O34^fXn$+zWmn6tCOv~rH?CtSnqyT_{N9J;jA3jBda>&-0JX@= z+UVLm#@Fr*Yk7q=P=u=_C&p8ekz0XOB!d<5lZs;xh)NG~bXabQp>mc1xZD&S9@&yC z{GG(V`NDcq#PPoY;D0^%1cE|&smpzORk?MJA3nU0npm%Qs7WVo?L1;7H@-zt_^96+ zxi3=qwGq&#aM`hcXtKfH1NWuGUZe_Je%L*_CzynbwY}uVYcY7*n7xm{P(dY$gr`rEGuPBN=>%~;V4Rw3|s zg!d`MPPZ0lp}7wIGO0ic%#KO!3hb0(4e&q^pUNRP7z8xO2O*mg5km9R*RGis5Inm2 z`Ua~7$s#jV;i{Y~{cQx1EQ_0Sz3f0*P8fG44W3)m?adG(s>3Qe8qeKPB)!c7X**W) zMWq?=G}$AfpeuK0GTE>0k0?}xGcqF!zlIu)-xceRrqISCPIrzQ>L57If~ql)pQ>V$ zlc^**KPmlO$dYpxkBd#0b5S!an0jZ^zeDis2ZY4%?ws+#W0*^jZq2o;$*D9MbU$kh z*VYCL#CQ)s-#~q!^H+Q7<6~s2bAKn0_>LzDKD-dzN(pX|Wn(Q@lwRBDv4Ds(bGP0M$H6u=384c)53G%d5m zwF{cz$>s-h2%$Be#&)MfXtdPxvl3B2xa0D31E9q&>|fIV@S{&nX|=#D#W*44OS?S} z_4~^V27^2(C#{~4_~&9d#y9EsjLWrln6$j1@CWbwgU6?*@6(g zfC`<9CNK7Xs)fTrq1M?ju7pz3CZ|hN^w-57flhTlQtasbI@-YklUJ;g00IHpyNEAW zY{DF``NGJYOD;#D6L1xBt;0?5d>QeL&Ch&7KB*Moes<`q*F>Gm>Wn}y%2v2VeR z;V%N?#uVf;5uijec-V1@TK$a(9Q1i%&KR%&aFf0F*DBL9f*aM3G?}fz%C?U6z2gel zuDiMo4{%3=Fh#Wl>^Dk0ySn|?X6<@Ywc{u_w>X5%j-kbp{b{)qONU)35;z)ql?_4V zlPF@ zxFO5H+4VllW^Lh}gG^2tHnnVo^&!fOKZBk@(j*q2P8SW4UH~m&ut2ehgz`l6yy(0$Z>svRAy zj6z)k7IH$ak zY_Vt28%8k*&zyg?Cyfa-v4EpcRbw>B1IMug*^3k3Yzu ziiN>@=64BU#x=SvlA;s~$;DFS=chy)2sVdhF*Z97qFrWsTM*^K>Aa89N?H6*4-bq; zpe|x5p)tA-O>bRI6q$diYd?v%;J zLY{i+g`7!(0oheZ$$8HR$jcwXjK1-Y_9JnRNex>k3$V4nG?v8Oz&%)@fVk6&=DR4q z1x@VF13+XkB)%-F#Fc5wyM@G(_eAf1+z?=}%!7b~RPH)lq^X^l4ab+VO!L@?jHlEh zD>X)J)nK@AD@)Pvk|upkKjZ|$9AUHa3y@@a4<^0q732ra9R-*x8JbeKQj>U+i8N3W z5JW+kQq=fhs&QO#%3Nz_MzDDDOyR zus#Th<>Q-E9;K;1&2T@p&2|^)2k|w(r^u z8|uB;kb8is$~NWlot91(Fj;i)BGFa*u+EnN>Rzfwp48GmFFc8p45fGP3iFsKHbH$J z%DpX4xb3YMF}&-=IdxiOW19OR^*H0&x>StaCFUM{$E}0Cb1`{L^THASqZVn&@z1e< zJOfp2H@SzrE))%PT9G>;1JY4c`BG9)$8adHiZKA@Pc&fU)Wuv=9EYSu>eX~$u?~sYbE8a(2?M%$ znQp0#e88kkl>4Mj;yW=9;$8Y2Q_uZ#WphuFAxo2WXj$i%LkD~f3Rf?hRBy&Tz@5;;EkIYTpK~|+m`giVYk^=F6bUW3il5-j-E7`ls7;S zOki3a(?kT#TUvFY^aWXPay}rnwYTrSITJ>M=78)?5i)%CqV@Z>t`}miZm05x*rxq$ zXw67H6)TxPKB^-<+52!$hn()Y=b{}GGp_o8zpnBw-u?bosQ4TLk#^x6e_z;>U}ShJ zeT#!F?Z2=9$EZIEFIIxE`BCvxK+*roeiX}zE9}~TS_B-OfJ>AAIx+v@Y6>&=@igY` zASFI1eMZ*x(P~$z9kJ;$ml9a|axLhODUT1O=Pox+J`e=3L~rXTO>7h3d`dJmF!vqJ zYlW5?=i|{AA0_%;drKIhem6!XRP7V>^YRE)ceKDsD*CE_lg)oqwfgG8gv*YeHcIE( zPE)vxL|RV7j_+;iEALR7nuM8h*eZ(G;=v#Ar8^-o17znd*g>~B$!@`2qgWRHciW51yL z?+y$PFl+hW<%Q)I#xPyZ*Oi_yT_>X}yAKC{@V-x;xDS`?%n--88tjkXs-pa93@%kv z1q69*YVu8qNH}Y~uMm;E<%$a)hKTwP=%!Hiy`37%dHn<9`0rhd-@7~5N899s1=O9G z58f%|>T2KhZS-jb5!vq0UKiK~-`BDP&ae-HT{qqAa4K+&DzB{coSGUUsE}~pYLDa> z2gF4?q>*k~+mnu(%LJl(xK&cdThe2=k6P@v1Icn2jd%?0k(zd8l=^n2g%4w)qkgkB z?Sy_oEF(6$<}Pszht6Q9IR6uPHR?;DkqeNAcOGAV`9_wGW-k6bQ1S(ni zT3-}at-cE*z3+U%7`^Qbx>&XI-E~xB2c&HJk|>yLU+%Xt(EmSf--J@>VXZ56F)=)` z8pQVGuZ^sPPWb0;m>SX|Z556Ev1bJ@zgJA7LODgUI zi&;o;z&Z`yxITEFt-`;;kcqpp=*pTO?!I3Bt~v4x^{+EB5HPb7cqOt}Gp6`J!`A&B zkx+AWd+1HMtIg6axtitr&$a;)I#t_GHfklpGYjQh12qx~w^x0o$z-Wpm;Gc+_l#A) zlKPSWjsA(~nM;|UMhJgODYbaZ)>IV5-!N;>vki#hn?YL$zrPuN1)Y7(Ttv)8F8d_{o z{EGUmI(SkR!J^v`YC4pbFj?9%{iv9T=_GcbNI{nPzM8EKrK|ZcdS1Fu(9dl#-ejz8 zuu2EI%l#W7RVz)D-O;GuXt+Ui%?ju94jEzav;brVpUF258ayqqsbVvl14Ga5+ZmG! z7Xi|;kn)gRH|@ioux`o}eRZ5`nRj*aWH6RtilRDN92R-=BvyMl{v_;3PfhAHIB z-x`h!Kd{yRQrVMt_0zR^z3*Xcl>TrLe{7jKAjq1NKob~zFQ!&?#Ed?IM@7!6a{7vy z#tqshL?~xcq3_+Kgj<^J5SHN3J01Kax$2A?=k6@rvnM6D{0r8GAmkf0B}DMv2gmKh zx;AEITIr1=fzzz;4-P!b7%CIsm+ynd-!PW8IKn@$&BRz&=A5>itq9I1Mmt8L(BRE zLH_eIjI1x%e|hXM_M1S#i~j`6b`0BKoT z7AA%=&P?nI1fpe}pdbS-@8E^YnWp;#MD9>X`yCp%g~YL`QX42V$=tcDqn=V8cU0ru zi>h%AGwhDTZbUIPbt^t_uxncol3;WJA`Ot+J>@lTkn*({`sA{MdA3lG) zX})5eIEmvSAIuo#qB**1&WbqoujCk~R*VECM7DZ+aJLU8 z-^F}x)zUMwa#?ejetv1^cOggYRB>A*5o4@2OGNQ=%?SJunazuFi%`}YAwT`y$;J?9 z-3D=Uo&?K}a~bf!MD`ANJ#fvL*Q2bUyli*xHe4@ncoMGJ_r@ zMKG`$9LX|lRDH`md_;VqFLtZxVt56gb22rQ%FEPFx%BV1zKp83!vo8b5t&Lgi%xd@ zqoAHaYl!%^ESIlt>QvbD3N{^3>XCqGRJQT%XCvNO>p6lYluGzug6$!;XV-gi4tnzZ z=Z&VoSx($&AkLTXkWl%FegR46!iQECLZ8mQzeIZwb!lpXn==cqoI`cjm(*D3%rzV} zmif2y>4=`*iD^}fkCfbNN8SIS+s8q5Q=>{+~g0h zi=_kATkuI|UiY*Qyg?&G`6Wmppi!!Qbvk0>Z%uU4HPX+k6~CN%TWt5nZ<7WLY^$8> z8m6EJi7N@jDW4rokA5cQT+k($^-^2Ei8Fi~Yj`seZ?gD^R{n$1b>^%mIH?AXOAZ&k7s~EY% zMhk|+KH=HN5X7tSFLC`Ja`~If`5oSA@)eb#&TK<(VKL!l4W+ma7q9p z(C(U7x~@LGQIb5FhPb{z4|K?oJlb8@kBSEm5LS;F=>KXpR}PyC_8zz&GlINQ=g&z; zMt<>5ne{8Q_e6nC*IEhvd44P?zxqtM>AjM7)#ks+GycjK zlDE{T+>o(Fg&|0`9 zrifRAc^sjZlh!i}MN)@#9+u7+PaA9mf3$!8s?+WJ;GltBmo*g0<`TKXorMfLrzAY0+cnucQZ<}nYJqR~L|?F@E+!TG5s;AO zn3)};88Q0(WeoN6Q31t4LA5vV{JyW+%WF71D~>f&j&z_3JmVq&?JNTsEd2u7q+9J- zo9r)Hf)O%8Aecn5^xyJm#b#&}NqSoO2=&ePjV{p7Y2zVB=q23naGhbnm*INLk*Ju> zR&X{jYJ`P4!Cg;ZzVb-F1hZ(T$xaPRj+Y+u3C;uC?YP}5u7XmW^k!Y0{i4j!Xz_0Q zTMpNde;*=|vW=425YrwJxi{d3LNO?tE;oRSFBC^(n6ll(Ir3Lg4<10hsZ#zn+ zuSse1D8Sel+-?f>z*=o!tN0?4t$N#Uy3q7(OCV!=6xl}dhAa4ZrojME+MfEIc1s4% zdFn@)N%1Nj9`sSnYtbUe-n?yOVu7dj*;*M-D#gBhLqS9E#ag4j$SI^4y@1 zK7Rn-kkcL7$tr$7xkXp{Uz7X)toIj{FrHVStos#mHz=*s+N1j1M~!80Vs@;LDm+#P z8?TJbhL*A(KNOb@F-ygQF1})Cchf zEx~@!o(Jmaay^t3tXlE$(o#D?YAZrd9)$_0J};J&=P{7zcqM@bVZl0q!BEy?hh9nK zG{>Dy=+&46#A6c#jW8Y?;p5~^@D?2^cnZO%XB_YnmUa@2Op?*_J%o`y83{9zNKl!C z(}L!Ny9xS{MiS-PNuV{AY07=oS(0nz>oqEP*wFFVW2NXf3BM~-U8-m;WIX2TD$$Wd zntJE6&WlZZ-Kx!|vE+>ofcw&KKemf@3!jseC2*;9FIfr(Xm8VzQbO_R9mq$JHW6 zcVO_OgDXufdoA-%fX8>#P~a5vb`bQ2G4@nWVBa= z)J-_#jXyQ>K0d}sRo(Fu470T7J>(mBi(`-_`KUp5OZhZ$Hc#RC+(zI3v-16G=zg&O za%1D1l+B4tQfP{QFY=}B#Q^mpihu{MU$iZ@(NI58!yR% z#{1x@1b&Z2q2bActgHsM7L2xCx7HD@V(d8h{8c?GNWy@*>^u~3H1F3Lp_9-B7}-|; z(NL|JkjOlaaz||ztni)$hV18oM0dw+a*1#>@0E(=90l;rce%Ve(8`h#6Z&%Y6TnVk zkA4oPq@g(WawwISyfUPQqMxvD@BY{f_-i*gL3R-q5b#ssa=hBg5BcHN467t*EcPs; zo&8F6Jg(hvPVst=>d?1hOK0US3be-xHxWJ2%QvGbJIZ*v#=t1v%+0#f-iH5dV`AXU z<&nO^%vwK!WJGl`Q{MS6%4Jpnkuoh~% zy-|OOie3{cL6Wtttco87tK06*Af}pZjiH#9+O#B-<7-3)DuaGGA|s~V&tp=W$pR1L zora-clH4bKmEV*_Ije?uTetLXc07@=ZebhJ&-x*SWYX66om3+*i;P8ZWhcT_`#A?4 zQ^c7?t2IA|2tA%^R0fbUTiyc6ed|YV#*o>;eE4Gx+ca=rX)( z9@b2+z^!On)1!I#z6i8HsfN*q3X6q0<=uZHg0~-^@$rqkS5wiPGl_tRbPsQoqYt;4 z%&>eNMRe971H`pjuyAzN<>R<7jH*24EZLzw`Lc&=p8ZAfKMd@~C7U_ByP;hjOlWdY z;A{>J2cM?7AVSJ6`4dsvH`@*1gKv%kA*ESlD=f_xNu8-m>V3kPjF+yumQK0K7OSPD z-S)h+3HDvezr~!FxBpI#BZ0|78w8Z5ucjY716@Y64oD|9eVzb-_(m~oH^5Q@d@qIH z{e9!mS}f^AWvY*zCjbwNnr#tvMP*dL=C2!hnHza8IM=XMr3O>m=(weC{jcyiM*9ah?I_l}c+9;Gl@@5NhYx#`wC^s9+Y ze{Gd2ht!iyEK-m`X$VMM70x~$AMV+)1x=|k*|K}KhQ5G(iRf=pR?~}gY5I#MZ_{TF z>%6x!X2JOw_*POV6MJPRf3>YQG2F-q&t$9}$z@N?S%+0uyg%{Z3Q)G7 zD(eBUVdx?*N(3s#$_ey!k?{Hgbb2Sz8tRV*Jp{S~w0s;i57NHev@5dB8I;@4z?c$J zj)MOQt@{t33W7x)RCVA2cj>NJw>?Qtf)Fh5*y_bVytF~Kyhi_tKm{Av?h%#bmu(-G z*i5B=^{3DD4_$;i?4DXgc8Qj;<~k6}3c*U?lJN(Twm~T7`)c2{%T!erMGVBq>f9p} zzG%=XtnC49s*b*m41Z&FdNkX6xu6g2F-fN80Y7Ox6~eoqDnH2%uI?eh6P^NB?DOHWzv^JE8w_GjsFsmY3Zrkam~TStpR zVY{mF`Ff5Y%vL?NVkS+$iE4Yy+FD0zdvRsyx|c(u=4{Hgvr^Y^Y&OP8IGtI0-cX%r zHzI_55WEfE8|la6;f2Lj{3Oz>ZEX~_&y3~NFF#6UQ?`2yJZ=QNsM;%hEBTg=V<@ea zki!U{u2ZN9WRqC@-BPYxiE}@4f~rq6Awpkmin<`R~2A*8J!9>>ra{sJplDJ6vC`;He$Z0u8`bZU`pPCkpC&c2;&b zT|5&3bd0uSN6Z?~X($r5o*LGiN9gg@0*Ie=nUK zzZUriP^29m4v#Va_3HoK2KneZK_H(uk{yJ`TXSjKnHIf^lAV7i(mF3u<%|c zd;(YhJ&p)-K-LM$@|GSI{&3~Q2{q1WP znV7n^7av_4d#HauI4kpG4o@5mn18)~f2-Z!u0Jr+w|zc=v;W1?-Jt5)%JPxz<^0>R zoj%&WU0v@lqJ#MV@~8i0ZG64|hSTo%YW@|N@OQ~SOu*8!KV-f`H-rEC!ILt+UHq?r z}(;Ji&Nmi7ml`C(Z5j6C1ILC$2FXB6Sa0C{dK*3lYyMP; zfy2&FtWvFMKtb!gU2pp!d-`$H35TEB-BNvGd)rn}y#@m4Uc+ZoONhH>{|$03U2D?h zrwZC|nOAwDa-_El?#Nzc@6g8iR@9(Q%M#^F{4k3Kp+os_9wSp5ztuyKP+<)-Me}&W zwyJ!$Ncx3Z43{vqGTdQcCLOQHA+5ya3^bV&4ow7$nS!Rw;{m z+KT8a@q;T}n3op_Wzj&;nZQRt!o3dn7?Btvv2s3Hn-A{DLxgsBLp)!x5?l-1=sx~U zuDVO@J1iYF=^-ln=deC!(D0xd)$tW+uY5I{>Yji^T+c5N_s&3`Vz=3( zsJ6pNGJ}rwgmCm^gHW_r(CD>&JgZSFaYwCg5B;m$B1a(~H^M6aVb@A^zK31;E};b} z=K~{W9abdf)a6Bo?bin5mhq05dX_Q!ExXN5W4p17u2Wzpk-T28r|@u&*zx$mO#fHX zR5d5b!dv{iXCxK47Eq-D&1s(JxP|Rt4}bc@m7`BnR7Xz60$|W^MO_n$)PnRgr1m`= zpD3#BWv7TG4=8}^om)`RpW@_1B8NXB`e3D)f!fJa(G351IYH(XC+YHf@#3lE$kF3n z;3l&bHEe?b<{xJP7`ugR-*i=!?7+q3`pa||%N;G8_U!wJYCA;bj&@Ek_Ml6c^feXj zFLpTdw8^|ii@u%frVc^=pjr?aSPz&il8i>P@QF4!x>`?AZNDaebI19VE7@H2wh%y` z{@^h(d0d$NNYp_kbFLYJuT6F_ked|BQX`a&f( zqB$!?@oWdP*nHQ$&B9dG92K|$0hvqbY0otf6;?P=9~0>r{7yy5#o66Yj^eY?5v^rm z40>qhvo)P*Li1zG+~1_H9*nWix2$&_A6&${UG~mRC}1J6)~7yaQ~UziBU`*s0tW@T zvAXE%XCai%l+cNT{CyT3Yjn`N__#!r$3TEKOK^h16^hEPwt*ykaaU;VMcE#C#RMP4 zz<_$OouIy)X08v16B*M@2LaA_Tm_}i!7RzZJO%u$xy~koZB^x9s`T%N;39tDj3#8SsW7pFr&W4{l%e0LMjD8vZ zIzq<&tDf~Myg3(Jkllj=fY0Yk+-vmK@=kg3VoRX1o(gLW|2ul2u3;*?Qu@)iBr~*% zOrS3dA7J28BDdPBpjFxT;`G$Ybiw4Sz*eMeo<2PLO6q1`fChX01giJIxc=kjnC)Nz z{ucp83{AWDwC-q?G>$ z`mTWX{{B=WlyxjX00W0@uRc1u&IFFfImcfnTkAa~l)i?));V2{JqCVwM@3r$&Plq} zxR?&!!x^E+L#i{XQLflzS`~%x8YUv-u6vy7Gfpv~k32GAa5K-qpkG&vjyuke@SmeC z$oN&`=N!~!r*gI0sD?~o{W>bWPM+ho5860>TGuV6THtl!68l`E4Z+})BHT0T!VaXQ zJD=Y?(SiX8%Uy{{qS|4W{Y9$PZN|=6*x1=w1`_4Wf|VZF9HK7LN1;Ij1VkFK=B7)< zL^WysTj!-@7uSEjUhv*yB9s%rDMalDPjk-KQ_>kvxAYs`aI@BR40HBv57xvcKV92g zm8o5Y8{6`3<;S!cuQTrcUXgrOH!xCxaQ?ss1^GtclquHcc6{#}z3ikk$;wVgvZY_c z|Hdz=NaqPX_Fg||x8!@W;I_Tvh%UzLP@va6le_#a$x(ND6uip1bRo4>zw#f(o!<#6 zA==R27QS2|ZgoYH|SADzoa{^&P(#u}Yeh(m>m z=d_mLXU5Lsu)UHi$B5K9^ypjnf?sURL^~-VZBcS;)4-1YfewWxc4dXxqBZ49(a<}) ztF04(X1vB~Z*?VTuV#5^8{Uf|W%ny=uhF>5xT(j*i`FaeS&Q~xrJ)mUs}R~cl|{52 z?|8>vl}&`mrAjf8qpQ!&nJ24t8}`Dwl5H)azo81ztoo`?WXq$s0{b5^uS^TuUQ=&9 zC@UUCi>?QP`Q%ba?w z$XR-?3y}FeE~Rv)b1eLt6W+Gy3k&A;XbX(4Uatntt(r;MjWc{Q^{f>Jq!&*p&D8gV zHb<(d-hZ+Oq7}E=>$T!<@4Yhg!Gk$Xb{y`3by}O06)6aF>F5Ee^NGhbZ%V4+Ek!8A z0Tooi%@jb?Rya$_{qvT?4)f~u?U7vd;p1^HoIgjL1IFRok}v(~vog*2W7lkR2`C@* z#iG@u-*BEwJj+}{6&fSed=$(JGNCbwC&|+y+N`H+V-8xatWTaHW|i3-n3c&Cfwa+}bxun?(yCXrj=wc}N?-|*vckCEBOL`<}~jcao`v$~=i z?v>gp;gVq*0nUFKCbK?PS$FDBvbt>)u0HaayHp%K=XzgXVb1iSwHEkgd*K z2fp1KC-r@3bMvY}15TsV6*sMJ8~H5>{WO1LNU4-6+I;p{&OQ6b~M-LyPy)-FYqup zUR$XeR)*J)Je%^2Wv;gz?QW@G8vr*S$S4t9Qr2!D1i#|8=)QdlA4ro~};=|#bgnii_#oBI$ z>tk9h&n>x)}e>*w$ka zfGm!4jrp1ltJR${uL69WS~WDV_Xm-TcQ5=U@3j9IMpkZsF=l?hDgC4%@51`}onjJ+ zl;Ny``hthF44xNqRJKLZ@IXTRT{UF;3%Xsh-2sCnQ&N8_GL3G*6ysotEx(1-)-XI2sv&o@Hx;x*V6PoZfViWA=L18~xqB-KCU9^mXc+>%{EpGy!m16VoYItcm1HxJQjOkUwR242k4W0i6b(_*WC zEK93XX3m&kX3ndHcWmf!s$hiqCGBr@UelvFWkPvKj75v1TpX|bGNjo_T`oDgiPXG@ z;}P9h>-c6<>H2<`^DG+`;rpw6u18AS*PfL3HSom%Tfn7d~{%~S-TVInV5R)Q)X6-4tkOJTs1m{7tyj1 zyho)yc#;R3cv}+io zT3CKl#DEvn#e3%t7)(6o&Cd~DtvncbMN^0TQ_JRo9W2$S+y{Wdq$<8?JTvL_YG&!} zPN)#WJAl(DU@um<%+{SO+J)tC19%9aIW(T&*`QIazWrwX`ih47-0PNI|Q@J zd`%h9O1vKQ!`f4QpUU5TY+3);gtGcMf807*wbdgE-bK6bK0k6*4b8Xp>N$ZnlVaR( zLx#Qr@AQk2%$N^ifDqcw93?w@*`G#pvu!ZocI}@z-&(YXHn2l{U~0YGHypAC+5s7l z=xxGxUBe+QEZTHP1I0r1)TM6;ZV!b~?2a#ZZ*BykuC*uRI*}v!E z2l80ZE;k>tO+*3iR#8h_teq5Ujejsz?)svE{;>;g-!WXIU-#TZ?j%ZrcyHl6>LJIs z+QUoq%1fE%ON^NZh*kGNpl^lA>dV_XuKUHzzt$Ym7ds%i5HovUO+Ihc4u$_gx9Dk~ zkY%PV#5eUkdW9j~b1sS-<)HEJxJ?mo(~ zE&)wvQgL-XvZvTXm0TCS9*@#~*uysgJ_3kOE)8k*(7liUlTJJjAtUr+6?hpv#3l*l^%pxqW> z74UAeNYi4R(4j+9)7agHy(>G|9A2V&ySPZ*_|U;D^2>7?UcpRHgggH><9W0{UN8nk zuM5tZP}gsGS)Y1`6m#9W(CsiFx9W2#;@EB+1G(Wmu$VzhL5MUt!^f{l)`Ex~_y8s) z{{`Zkb(J;}ois~5IW$yhp0%PwBHHJ>kgg_ltf1hbmM1T#5%(gcf)g0@36xMDoJ0a=1PbLq$8R# z|7eXI6;~Qb^*u|PVEA^8i#_LV>}QP8qS~X|b>|s5$kDiv0wnfb87E?4_gFV{4_5OZ zDwKKKxYO(UW()G}bqTLDqw#?mU8r^$#zRV2QOoy%wZykk!jJ%w%Ax1qwfZvD=W?If z$O@D>k*?o(=V`Q}a`!7p$hi^RB9whSHtaZ6ChuDxtDB5N2kXZ}P$h+v)|YxY@M&A_ zAnL$HKH~dfSu&*@fG>g+AN{kr#^|Yvasp*c?nY)3;cC%=vMQCX(A4GEJwx?OqzIOATk3~DI{3;? zmJi5uO&x@0Mh7FE7OjI1TbGgU!;7h#E#b%&+S4I!{y5sd`}2%pbcU@ zZOQ$K0Nd8)gWb9?(OrCv_;GO``DI9jy#m#uVaPHe*SNio8=Bf+V*IHAsl#+IuE8l;m20uZH=k@c?mooWdY$gWKVT0m(y+lZWj1ep~ zEEnIK0Qh0W0g@T*erx(1dPQG-^CujEZ0t*v@GF{bf_HDE1j{Y@26%VEB)z-oi<^U* zY&DnvdC)sUkDN95h*d-Lp^E#qNf# zVPU}_-8u)>1qf$;B83_XETX|qWnSz)%Vq(zeHs`lM0y6I&oJy%8@{S3x@zp;ILkpVE zBCRFg3=}k&QE3pIq1yd7o=p{FI3rE%=;$meoYiTz6d&{LPSu;M^mN#z-?6EoplBT8 zMRND@S!#<4bN#)L@sd83zLd|IO$T;m=%)`Z6izxE@!NSj4TNW)*AGir8Nc6*U%Zl_ zrp^|}Oe+Q0t*>A{E6en+{gilNTvxMT@p{cyPTpwoDb!YpMG9M}3;?}9$he+sf@jK7 z-KaIGd!@%QCStQdKFUOPuJdopxsRL9mKJ&LgU&@8b+?8vuecPUJmXw5#HkEHuHNpZ zw99YqnDw{|{KxW2w)g&QF9;r6d#5VwEf((KY1h-nvjI(S)POA#_2gxJ>374AX*z{@ z8i1;|q-5N?B9y=>;m`dzJ6DK5~>IUc* z0)DrfveX@`BkwWT*j^?bvQw^Glvw-<^@uRzDfqV7_NAfh0QR)8+N_dD3+k!iEQTw` zBz&u0bFxhGvk(MNZ@=AHsMsX!#_#hz^)0SleN$-ez8?D5I399jM<BgH8Dl+Lbf>z%okhR0lu$V|sv(7H>2Ms?3m+)lz9PxAd`x z2Istzph$&XiPNqf&VDt~ZNl&$^|0uTCY92MI^*@%YWQ?_nm*hhbi8A(o~d~-L|XUl z!M)}Ol1>;8V`imF0?b>i#%=?>H)kq!R;}PH5dBm*Jy&=_Y4E((Q*MI6^ttaxHrdD) zEjpppL0?N7`7}=Zaj48cQw1eq_Ku$KGpfxHX3b_L+Y!}KyI(We zH~Nq2Ir#snA>k zJYa{xz28#Am;2Te%)dIHuzz~YD%>%NXKy>ntUys`xg?(+gNpXR264mT&2oIt>>`S% z{)%t^-I;I}s3FB{$^+reM~m#|b}0i#nvFPPZ8#nFA4PG2o3g*IvyzXcXIyuop(# zJ^saTfPP^0=(K;Jt@k1ucjuEzhri9_db6MDS2AMqehhM@c7~@IZ1_R}vGT21D$=xH z7QmZ|!bM}H!Y6vpt6V(1mjZ8vI_f<915IWN$SonN_ML^)kk;U^PLKt2Y8(EwI;P4( zg+t?b^2ss^uBeRgeOxID4_fG85>!eQ>hD%pvG~eZ_^ESk&~)?2qU}9Ov<_Z04}n%T zcB47F85K9ocxT|Q!_;13^U+m)7-Q74zEh_BQJsH+Ik81U`-j}cxx+SUj390q&AMeB zdhVnw6s{s?DUGhe_H*WRMd75KnKXwlC}OyZUnU2*=uZl{=oyE=T9bgC#b=hk8t;u%JJ?;;CcW+Fu~PKRa9k&~sU?+yHnsXwT=)b*?D>~6tmIM)g)78EtGf6x2Y zTsJy8OhAHBIrUIZgoBOaSRtMts@tN&J@0`p#DN^21S$N2M18gueER+pKIHwn8QX7i zdo;=nz*yTvM=ghhwZJox=Xjd`!8&_kK-O-NQs*_76;n%D*^${w`Cf>_cZ)*>1!;x< zv;`{ZIQseSOXNl0F6Duj(DFr+6%VkCN(Qda;5cKSPIJ#(`_5_nL1uEqYapO%QBtPE znY@NuuE!^7NmeeJfqS%ePMIf=@UZOMFFehgtxo>l8) zNfl$K^?{QN3<8dOG){_PKO&cNxA&24Sqd-KaUt1hgd@HU$BpO>CE#JLY~bEmq|#1I z13f)1&yE0BQD;ox7BDWK#a_bVBpT8MKDX9Owe@5mG_!ZX#R-4k&n8sdODnXUE2NSS zQHK1TfSpn)ht;wsb^CM%2y*FyYNUJEx@yW~C~d#G7ZBlGW8KLB<1+oF@?ZoagslygV>ZMLFV~XpAY^$PB+z#84=VfEBG&ee&EJ`x6il zrO{;WgqzXU5v<9V?*u< zQ(2hILlc#?u8jLyO?LwdC6)tefMiz6rForM zbp>dFr*rM(p4_xu5_QX_G>t;c{sVjM6fn_WA7N3~JhpER^Hp6-vHO*Nxl_KZXB#C0 z_sG!_-Q*^UDX(_xeBa}Mwujc#<{a^U!drsa6fkqKx<$=;&x!T{h2F_jjmZv~D_pw* zu~)@0t(hX_N|4~fR1=;`YoK`!!mV{+Z%WUK?NKM^YSR^#wui|G4Y>Z_Da<(|U25un z{KZ>|4fXVs<1nyvG?)%iNSGyXysE}xuNGVq`b-b^#2|c30upranG@qH)diouun~R1 zKkLPXR2y*y*9@mS5<3nAQI~UZ{-^TVg53Ep&!o5Ahgqs{>veEHoE-H?cc)k+)7GW% zvEmccOsHatDCqBsb3Y@OGheXX4o7UkiYtI!7F?a8^?-ou>b#GaG%^MU+|2$S2?VAE~O zWgA&1I2!EsRU+>0CJog4Gxlc1^4Kv-EHb%K##wQ(@2f@3G$!S^B}JHSFT=s(vItdc znn8V)PaH&p@$~kKv3prgp<0QC2+oU%#i3Yoo1*W!WZ!*dTE&Kb#D z+Awd#k+i};ByD=W=~H#f0oTUUf%@3Y3ryto@%*~5-UStpBeCxbwY%Kk^>}QPIv+o6&9zR+- zPJD^-XF7-~)dpgmR{H`qJNL-4w?1gGm)mbzwxe-k?br*f=~a3^CCWOs0;)rv^_46< zgua{x3G6_(aHzGJnAUJs-U%h+oiNwSduxe?3|P?3C&S8klF2Gx5-`M#4&U$ewaf5a zV8&sgF^{CWe_{aLOC4|;AzBXC_e@-Knp)D_4$X2C;w1;Vk!feipR*ifoU|twClzSs z9EZnOHaD5k`3LX=A;5^)O^bZ4tWuNr1@Rx#4Wfh^W78SxjVxR%@nJUZ3a7{~U;Wdb zZ+p60Z8jP8P>t(pDrp5i`n^s8%X+$LsL9nfn5lbX#Oh*sc~^>e@e97KOK2xD6TY6|KssfFvhDR%86JZz{_wCl0lG>4 zsH`MfkTKH|yp}lrMf1rAZxMZ+&S1)8%9(kgN#xgv6TI0g>wH3{**`JvI+KX9wlQXb zD%JPzfJ8Ry6v5UAk}(`H8A%yTpDaX78u|honqWU`mfvD+4wEJ$lB>`WL20I6^Kf#& za(2Z&wme)t$15JD8ZecDU6m=GwQ2DgTwl#C9y?(iV`}w2^)boy7qgI#;|0kNsq>g6 zcA3Gvtbh^TJ|yIzhXpw1p1WiUUhsH)b~)qm^#S1u3FYIX#Vhl)8U@18O7wR)9R~|Zy8!~_PG%Wx}Nv)yoTD^hzB&Ao~rj|3sC~m?7S*AdCzI_ z?ApzNVF0+!f6X1y_{l%;pcYpky^xGDh6LLGW})$(c4O&x69e!a^m#Ix17l;0+a0@p z2Ww7MrrV*3Q3Z#>nC9^HF_k6+$62XvzM%%2>cG{=<>#EtVx0A)r`_uyxWpJMSVV9<4wI~;VyPc)Gs~Sw_GSeA!c4L)835mClGm@vpsV;qYBp-u0r`$pK*9>{B}21Zhx+f z1cE9S;qPqqbjz|{oTfn4h6xHZ$u#YB^F`ADY%QJ-8C4yQ4MUW=WSM7vd1*zec)uMO zl#OMdt;n1okX;mhXHwa8#x%F&zAxwPepZ3wM&4f8Nmo;QoH=hc6shtpww#hUBQ3uQ znK9Po+Rw*f6VwjQ>Oh@S3ca#fhYbC6(Sm)4vAeG%^(Tx-p_lhu*tZq4Q*`SaXwD`a zRKYZ`VBarS-<9i5uL!x&MLSp&>_4H46rlo*_Zr`mozja-{hWUIrn94Gl8m~QSku5n zfpg*|=i?87;2abc`l#Jel~yd>#SzvC!%182R^8ru4_*@ifn4z@T@$4ifO{Dw255je zjV7~E&Nxx-qKj(%8a!U43!5UkbCuj31B)nxqT|_{(GpK~o8P0VM0^{lKJOm7W%$wU z3+3_VoKC+=MK&b-Yb=i9eoMi^f_P*yk4z{k74fW4%#2rm)+QiOvHLrykf+FYwaG>T zc)v@C>6+Nwk`sOkXNK2R{0RB_ToVi}m`bpX`@Sybd)E_6*j^H5?daHzF5ppzeb39H zt7ldkF!?I)8wJZ=MdW-!6b@G9xVfV8(Edp;H{EoAM zc(ooMEKxarMShb_Jks~S-1WqV9KtKFA)hNBR=tcJ zWl16#@$$yiOIonkEf;1kY%nalzFro+%LI2{DMAd#lH`gJeu&xyP<8 zqs5+%e@NtYCF1tp=uOS;J$3c&dy=p?p5ag;>dxTVC^plyk~lY+M{E6^jZwKzjy8z* z{XqL^J(2FE3bRx4fwnJZOUl#f={Y5?)T$Apq{!je>?e@Wp?$ON2t#$~Ek0yS7qDj0 zJ7i>C8yUxZzdBb6Zd*EJ8V|Ut_GO#PxbCysC%2zPCkdt*GQvh*aDSPR$R^Iy33Ejb3&)wU01eeGB(x|rL7y4uUNwU(Q^*BRnbiPO~ zgu_#%<5P|J55tbTCCSy2$-6R9(=TWu!Z*W=7O&y3wx6x1T3a&rZz68!`>YCsK$1Sx0l{;@#AWrC?IZnTR$5To`$-@Yq(J6Aa{X z_g_-<_rQ4G+-+^$bG#M%P6ade2%<%?*R}+zgahAyQN-!Gyl1j|J@;69X0(p;K>0J1 z?_s0%9XHXA<{AorV95xp1}O39BSa>jyg;{+C5u|5eQj9V$pum{m|UdK<{XS+;{UB% z*w;r6+TCewMp@BGVWhwYHdbh)IN_<8PW3+>X-Q~0re=lT-WeJm;LRbvIAd!16cGX$ zcGx_25qyYxN`?Xp``wC7O}&613wrm4+SU#%GB@D{TJm_xGDVS#i_LwC21y7B~USnvt4jDqWI%zk}U_{N9C;3F3m zYEn&On~=p!dlVwt&;e~)%dEdts#fcb=8-&GcPLNcb+NLnGlm_zLJ0(J{e49E%o49! zCdOPYH(?5JTZX0js%raZwJsQCs-co9pi9ze@7p?3K8(tEZBOf7Br&%1A zC%mqh&iIv#{%t9EAW!h9jOVS3Y$V-)XJH-zM7tz@>ecyLntn@UEXRFpw$EeRg6-hX z*f@({n7AEd_0N}1)4I;I$c>XHsC_!!6YE}4XwACIg}m*a^Zh6h8@&#qJ zGW8&9Yns?O9&y6HW?C*?n)8|@Uwm0)yQgjcz}-gu^qe{GsbuOq^PWeGotItXp(y%| zGf>=wPZ2ug8x*ispcRz0sPD=9lD4kn)bIYj5QyM2r6IYLlx>u;ZPeIa=J+e0L37(n zhN2eu>2vyaxl+kH+Z8)Mv`KqXj>KG0A9#M`do{-tiW_vCW>9X9_p(P4T))hoJ2(A7 z&0xVfNh4Qxf=-9?V3`z3_|kgHcs-O|cFBB|`nZO26z!s5MZ5d{l{2Yx-0?Zq$Emy= zLb5Ms>?vo|&go57G-hwNE~j-*r<8L4<(x|kW? zr@8@6J#)uVP1M!`sUfe4pVDBvC}Aw z3%{ZbcGu;WV>U-cS6*hK&#w$yGq0otSj;hAFOrzXgwB-7FoAb*`pPS&-~BT|TuK5So3Cb-I>k{B@!j#bSr()K=?9!hY$ zy5C>SYG#+1L++R_;9)u?s@kNy?W@o$(NfavZSJ>hwW90|pxWmS&=mt#&pgjnsXQA(@Aa=(gBtBfBp zF`Nr+1EE4QY@hVo8N5~a8sgk;xV(QZ@3JQe@li57(XVDsc&bmJz%G43juhv3RFy+X z1$6k)QYb)v17r|&zYhrB>2Ah<;0M#(iDBQHi?tH!);_ zt?3LjArNZ@Q0#3Tid9Jr#o5aV9S%j6#lT7IQ#tXn=F{6d!~|;&6ia$VyE)?#2aT>8 zoP9s`udcqyG#ppLqUsCs6GWCO6ZmB!?>-0gZ0;|KE$z#_p~bCBj<-_lih^4#PpIoK zPkziCOe)$sYyhp^Y9X3IE5s()6$veC;1cCGO>i8d;dkfKSa`#W)tT?}E#E9~YY6axS5wu{lYih&4G?rm zuF{=nQubq<0gyzRutz&i!})Geef84g$2&%`Um4q_<5642vV+4?1F=$3@)FymM7GRY zfUn)YG{L{X!z&el8#m_I?Ew6ea0WBk`NK2KF&$!xV6R2}cWKRe=sOvNPdMiu4wyv~ z5D{{8HbJl-GSjbX5G|grHw-M5pZxODr9efLdc+W=Q(n-K)3_<`3h-G2m`c8x8ZJv4 z;sUVj0MmTyD6tBSv%aczq&hA>`S%ZWX$8?bmv^ZE4I^js;(7RgWqz7W$+2)rg@2-LjvZ>x&WZp=P-fT)HcTrK46=5zg$#}63k29onj<58ac zK#e;Fb#vXOk@l1;tNv%@I#-_sJ%l~vbq`6w#IMExC7>z;^DhS~O4 zl74?N|S@esFQwgVyl^TgaircnHPzi0 z3{#oy%SP+Srsu#{<8OS4&rbc`-}4ouZ|`8_>?$+)xE-o`BG-D_o)9at?AcPd^qH(? zXL;iwP$#qJymn8I8=pg*ut0Cj_|3CG$JrsGq4q_!oZ*M>s}>9)e1VnN-|i=o?Z{~^W$On3MAMfx04{hSY^ z%t7zSGSq<8M=g?^6a{y4>kXWkcOT8n&OV9yh`HD!(x~{F{B`nA%&&W?=mHa|LN2Q* zLy4)g{eFXq(96MI{>XfB@3Qa)?8)JVuxj8hsSNR z4$nr}ff9$USMA=!73UI1)Joe+gIa0y<}Ks3b*;mDrOGu|HTtYy*;46e;5qiwr!?KQ zsY%}4@=#u}-RsTs`7io6D%d*-GdjvA)KVXugDk|<4KNwu z@SoUT^J6haB%?V!FObDrh5|&Tw$o!ixLo3bU>`B#WAme8<>WG`EMyuK(^LO&YMC7X z1ISbDKvA{!29Qq5?_8?w#uwo5v36+r#8=pxJ9D~M9?M@Nd?P72a; zloILeuHh|azDm;SVPHfxr;@5Ou5jLV=bocd*~J@t>*nUwA6pX_HRI0cMf|D^p3>9%Su6TFf!#GPAbx`*1W)TN zk~l=+q02wN3ne+=-DIsP&XhHL~`(m*kQC{%YL)hu74oJuJ8u zlz)h-Q%gH?gTJ3pRCL2C3>Xe`kO@zIw|F>93;2jVu3fMNo`%{aM~gE^Ol&4ZD42Wt z%%RE;T`s7^lGIjaTqG)Y}=Sv25w`WHWf5E~QGA z>3aXmF)#0u*IXFNx>^bK1?ZhoqiuHvfa=>tSs!c2a<*}$ikHhzM^Xvmyjs(^m3VY2 z=<6-sJ)}7oQa1)_OWIn^Bg7L1`4SLJ)W3(sPjHOE-^f zDl52MM8p;H)Czc(aE|86NLQcL%(2F`$;U_TjE*|FEH647?Rk%8BU0Q&Z|3k0CLJ)b zE_;qrre9i)fO^M`j=QrDWwnHqhwM3~SD1X%rw^w0E$KD)#r(PieJtMlW4YUb9OTxN zav^qucWM$z-_3jk(J`Mg&jGS8#sx?^PwSjw*vfDo``^L%ub-$ROuKM~+p*RglKSwx zwPmf+8bd-%+a0kI7sFVGxIl9YeKu9#Vd_a5#u7@^aZiH-g;Y&54D69Twq%`XSyYz ziy<~qtI3?69cYAF$ofr;axSc|St ztDxti;YqAl#CPBbyiwdE-}&e!L298BuVd%zI$NGyx#?VzL~!T*CY3>}KxrXW9Rsi{ zE|vA2H@PweejX7`#(DC|R*!U40#C}@sni~1D=JV6)vuA zIjq^*vpuJj_Rrn_QR)m3L$*v~vwmq45^gBmp0Dpd-jZi&EuQJZ_>8MG`t5$FCZ*DLRY#Fj|cxbQh zkOb6$6+8}^ncCo=uY8QYMdZART;*qfXA$J;iXdp>70nug5jL5TC~k*%EUX5cTK+zm zn*=oMn6^BsZCPWu`cYCkhni8(trR8H>g>N+hYKaun&uLwyke5bW|G=;O#~Dxk=5AU ze%U0C6b9?p?upIoq@f%%(&D1|Zb4gzxhyg%1KGF_BjNWA(+a29ebvV*caF!;hO(UB zuY%suyQ_;39Eih0v-52No$O3n*EpFF6-IfL`n6kmSeD`RZ&j7@(!3A5pa_#K_w_~P zY-=l6b+1l!ic=;$Ro^4d+gmBAHVkLvLeD(hdd2={VP9SN+@UR?T&%C2|iQoisMKPIFf^W_P0w%sEw1=1eWPK#4ef zFP@rxRBR@ryjDylB~xQ|V|}r58*F=AN`lMd`F534PtU&bcz7%KWk5=TN7wlL>F5h6 zwTQGaw#sHHamL$d@h}BIY4)kaW-+diMtA>|D1-BDxK%_l5VP-e^XsrN@kwC}zv>g@ zp0{G^yx-FcT8d^f+Q>DMZ2h9y(Y_1FfQC`(D=l7a2Za3+aYo`Hsi1F|tNOTLpPV%n zzl-N)2#|NP9_C72_GOkH`+4>lI{Bo#@{K*kxOsQX4QkLb?|9$IH_Z*D-3UAB!lz7d zqc-1c1r{ZB;*{>LU%}q9L0C%kXF<%FKKjvR?ds8&ROvKz)%R z#~F)HQy7fm)Ci+Y4_k+(C4};P7Am&U`szZHXFGA`A?*1pf_8?d@LfsX=5STEcSw!; zn&leV@io;NYE_OZ*^}lJG@_O4!w4vvW}u$iPmhc~^9~6LnH%$h%#99=-siXMu_(G@ zr#1VoCHTHE;(HGQYC0p3+UjKRtLqc35MHcCV4Z%UwC0wJ#*y2;D5~?67sz8I1o}W; zHkXBkyyHLSp4ESE$ zz3)V}@jZK5={eij#`+}afT#k{MSEXswyIEk`z&wx@T$i@t3pq7Y6N|{`FihAiB8BJ zV5Z{0daiF@voj-oA4~*57=!r6LHP$=l-~t7{7|X1N57O^(T9`~+ww=899c4C zd~dKMb{zR$O^oCZec|Xnc-Cl5s2`gq_|IzYZ$tg_yS+$^o|DADTV38qznRoOxAd1R z#;C2}u>2Pk{qCEbS9j63!j#GvKK#QpEASrDhR+7&{>v!;9q#|v_2=_0e)Vs60sIa? zf4%#kU;9LNO9C2{QMC78zm_H=C(rxw?L7AZ{WgBGO^CURz`3 z>VCg%_rQ$CYw)GaZ+R{thWT507E1-75W&V|x~VKuH_ zr*2#ZbAHdX0Wr@c9l4&@ynuLE-dBlAB7{S%d%GKP<8-a2vMJs|%5%Ks+9 z-r8b>Qit}bRTi^ad7E0goiF&#;u7c#@~p&mw!xR)0Yzwvs+**K3;w_LA$cd@Bgxy* z1=FCr?SNmQm4x(yORus@Yg& z%qN-sAy{S=w}43Tj6cX|Ln4Bt*-F)E40{L?PZq{&IQ~ok|B%jtv%v;X}81|4b~D8&uCLiA}_+@ zRW01E`M_DdSIVj84)KO-V3clgjm`mVr!kkL8TU)qn$uW#5bIQBNpG&lNkz>1eKYLe z(?wL){jXY%d#joJ)YgWSvrY>+-WacA#I1?>xAq#~d@N>2oG-*u`aTPiV0d=2{0!>m20Mdy)zgfO_ z2!6|#06F_4QVlr1Of-Lc8`V5)t-hqPLNR-UjIDR}#oM(AhLNmL>1wA-`GNE7It_G1 z)0VSu{WqKZZee!Y2$)hVtk;wwr@he)G~(xOyVNqoS9m+EefM>`xeM|JF%OaGm-SH4 zR)Y{>&(=FC8N{g|BaWx}wuiV`lTS7>RK6j1E-s=OT+fWvQoNUv=3F^at}I2AXCaCa zyF!2lS+Pm+`ck9DF`I>m8sSm!hYLOy)0&~PF`?D2Od^%_!=dgimGV)KWiX34mksRl zzo)zpxX%(77QV=vY_tz=Eia_$K!Ac8 z!b^hE}=?YyhuN|3Vic%4*7|L!DcuVeNn?sPA#^A(0f zeKEh(V)B(N&lMRP#JU4D*IEviPpcH3uf2r|!}0u%&*AY#eCw8WeHg3fTd&<4AAc_K zjiJHoURuf{=5g(%5T9p}azjqXt>pj)ce;$$V81L}0C~~a(=aq9V1(rU51||9xq~!o zlb?-b3ylhow2L%1lZ|d#SQ7F%NJ*G*KQ<&+x}qi1MZBFVPa*=Bzgeuf0uS(<6<1ai2%r- z1W0Mpq$LZ_UU`)9o+Yn;%dl-I2@DbTHR7?w z@|%ZOLcyuof_zpd5nF}lT~P&8Y;MCpPZc{2W1ZKYO4rPj(t1lp56y{i+Nf@0{X<6o z^OLbPcf`oktQx z`Q%>MFqvR2XNAk)n?rl7{sKf=2X@$DfJGjJW#B&EULsJhP=gx69lJb5E- zTf|Z6y-ea8*JUa{WwI$u;NNEf6Du2<9%EDKeUS3_-EDd^Oy#0Jj+Zx(2-bz!K+U7h zesgCP6Z!0$=_z0VvVgB=gMWSS!9bF*T(TSe2-NFzWjjtemZmvdoS~VDjyWA|6RxJh ziyuGrFHK&84*huVLY9g^j&DAnm(e+$sSQdJ1ve1V*fM;aWb?Xt2b^dMoD!%e%$S?F zjQ35iRKr#=;URKLt#Y*G_h`)4A7jn&H;5k1?S3?SaKgPNGJEE&;#VC)tr-tgoAW!J z{KWB+_xH-iA8mphk*z%I`ig8DG-OOK$8mA|`2--fbS*qP4K{q^!w%GyVCnEn7czqL zY-EAduB+e|Ci9)tGq8qQ0S`q2F)=`+hPn&5WBpD4<2_vTwP+p*mGt5nw^!~d#2rN$ zLlT8x?Q-{O{06F%z3PjW+fc&y*eoVNaL*zYx1e*A@ml_^qjb70$oiK2<}9;&wc$j& z<|g7qla4RAzu%}dF3D?E!{VE=y$Kk9wqYqIj-AE~(}Um;d;NS*ckz4!sirvRQ+_Sx*E-@g1zNjwsP^IQ=E9D5!)1k6` zc~tXGflzxf!An7D(Zt4*<`7Y6G9&qXb0M8?8!H3tt#I-IzK^3}`f0M2w?WRhjycwk z$=g!z)RErVtYgKcxb!OUa_iKw{ww+XCaC{jUE1p6 z==-{o8F2b=xrtTZWOJM+qzq{6uy*$T)7Eu#s|KoPI=1kQGCz1;&A}~GxMupj+wOvD z_1cK)MUA4&p+F1T7i5%P(e-d#Cfwf?+mbK1UcAD+NY;B?dGbcT@Uz45=uNhru!Kv_ zP1AB2tC+Y>iCnv}bWj35wtEM00Eco{`ZWwR)?C-RNh}ViRtC&jrEPZY49j z?zA)Chs=cL|i;V%ejZSc$1N{57#KZL}wfOc+@xSy5D zs$Oa)ldJOIx}5yT*Pd-bG7TuoJzpXV&{25|Ia!2le9`Cm5a<@saCEU%WBFeW7~zZg>msCSL4-IvM$Td#u*H83yP@wlz6)3YsL}3j}zE|BTX(^csU)<`fZ{ zI0;|`qKksEY8DjR!F)@J=3$hxm&JgUyTD67n&Zn)OE7_NIFv8;NU2uKzO>SFr!#og z_JRh*_!eT$k#Q5By6`pM&0LR@i0twkRT{r~*=}bwXkyGRv0Zoy zT;^U&HoS4^i8EQ*Y%W-unfTsAVFG(;Llz(%%*zvDxz+POSL@RJlk$fdq&_=PfXVK@> zi=L7A-m9@Ild&YR@NwvYP!r<4kDKG(*+*i1D@^!1l|-0N1`$kRSBlofX!Hv9E8Qjp zT)yeUEg+mgb@T1fLZy2ZrXV_x%p0Nv(xX@fQ+?)Jg(n=wk6&jo2+pf%KYcse__`~h z=n+Kx<>UU8)~c{vcZi*ci&Lej_DPFVbm!sdBo+YWcngm392=yb-i==7>8@Tu-XGh%RQ@6G8X>XZ( zxopSlty*il-DdSHeOt)>hz$QFUjwYR+Nm#Lg*tCaWmtaN^78GfASI*a8-ZIZGZ>7$ zl>Rp++#|qac}(m;@3D0RH)vVAzDj#=-HN||epjyjbC;H`@Vdmop-t&Z^i@=g8+prxlAm3tyIA!>pPznz8PMd%x=n6guZQ4U7{D4* zx>y*IK7{wq0u|;t5PK2!HQDOs$RbTSBpYe%MX8t7i{gK0bU)Jl3)<56PLe|ij+sqn zH{aRnE_m#m)E(`47@}~lo6h0eGvJNA$!S*8qo(q@2P4pF_gHZsPoZgv7Rl>{-Y2ul zI))8~3_83=0W0t9u@F%KN;r@AVk8sNBR%wB{e@}z*7~NXgxMxh(X-%l{-c&Uw5ST> zRp)o*a)5N4U*vN=+n z^Ou?X@3_EV!D;km#p#jYd4BJNJ{2AL=1A5P{VRPiS>HlVU$+}@vtG#ANig^X?-SMI zYGj5$?D0x}3EE68(QcTU$khm?2HSqiFz#Kl%a>yCErtec9CbAgXz|pA?3zeqP9kc1 zg^cd|n4F_R7^`~|1aX>PW1Kkbu1;aiea4;A(-9Z#ctl$5Qi=cE76p7zEzxxRP52iH zim{ym=zZ&u)UcCvpi^At2{mBxOWSr<-O4IW6_NOIG2cA<>cr)m%cV@A`MN~b_ri6E zW6c%1Y{RQg1m@)S6cgZe;Ck=r*XXYQAr1Li)aPj%lui@5ku2}b{PPWoAL=Pl2n7u# zU#x&MGHYZ)Q|9v1~^F;GDEj$~zQE zQg^#L&tg%F)3!ZDl{Y8oX7@(u;;hK&pmwPALV2@LdTFdTi6zyc>`MJ!yzyt3iUZ0Q zjiklj>>2=L?`xMNl!G>#@-w?6=0W+@kanPQI{Ynfh|kNAMZZGxmi)*Hzuw5>-zy&f zZ-=<96qaXnf@{kdSxh| z>_ydK_^-D`qAoVWTQn_#*jQl@x?G8=I0e1{NVWvxn-Df&gp~5C*sS=Ho4|6a#8epi z%16aKVjjWNS>iQ!|8nsna#5JG z5GMkO$c6~~)V!~ump%w~xRyDE?i=&!Y}jJHhO&yvr50I1hT%(f)kEuTM&bj}cgt}~ zn(T0KreU7?)@<21moE%We0WvdV+=^vB6aAqNx8pY!+qVxjCsWT%? z6;WSj*~c3XUgdC0+zS z{E!4NR-A94iTve^nenRo_Ysn^x9nTS4!&#j*taDD5vR#-OQ`oNgt&CGRs@Ie@ntOy zZl`Nktywv)H?iq>gFC~Mz6XMV7AS^+A@$-5Td+$~0VG~90?>`h)5i$(JL2{fZQawf z(NgcX|Jmx}B=hlnv+qU|I_DLcE=K8S8Pal77H?;#S?JZ;-JaJ~H@G6_)^;I&XTpADPS0t&n+gs2Am_SWtSJD%?En=4Q*`zUF44XXdle&OMG{HYXEH<%sT z%Y2k+`3V%6Wt&ajbEEEm8eEoJ=WS8H!Y_RH-$M#;p_Md}rctZ;-X)jFemS(Ef zGrN=~8!E7K+NjV-Eqx=NltgrG44OKMM(d!>rlJ5=vVl^r)~%^`n5$s6MpnMk0z0r) z>}vXWFoSH-fi<{iRzR)WtzuiNUQlYA|9sA%$OV^SPigke!_33M)W5ALab>%zQoX@mktO*;e8g0&by+`LX?Z<;6SgCK!qu1dt zj;Uz81e>D~fWy+k@pYN!D|(DoR}Lv-pY=!}Pil@&Lkl@hID!COlsrcnL;A;*3mMyO zYt@(99_)!T%7eT7P;0$0ol|uXa&2}DHk?uGOf}|SmNL4^eo1PRt{h~*uR|s%M{rpm zS&IcPGCO?18pqar1x^{cnw*9{Dec?n`<$3HS=p?vHsz~n(0ZjIf#k@@rWq@mD|0#a zz1yeOI{YB<-|5_&Ab;f??(47}le0X*x~m*3AFDobbMEGIS>=_!MKjk6oS(TQm({K- z0z%{tu!iVM^jW&Tt>MG(>Jz`%IQJIRIdje=Ki)UeYR1}$?adC-X5Ty>%`*##=Ldh+ zDw%|Ca5fcxW;nZ4A4rI?|&mR+z8Q zhX2jxkvk3O`+&b+uknBtyAF!hHVbhK+%CMQJ){gZwoE&JHw@$tCH@u$_LRZ2Ma;&D*n!AH*s;VxPTrh&1%)DQ@wo38`%BDPpdCsll--~+c;C5;&6E$s=^ zs$@DJTcDKnMxPF{i8RU;T@^6vLD z2HY*RPD6R|y@RKkNSZ`#9!5zIUQ9-5#hn`10tVeXRf8 zuN`2)j*d3!2{Hu9{hMv*e|__K7abs6a*$E@JtY2aTzsuT2M8@@y-Df+FmU}}k?=+` zmOljp$I#sm_I&M*2Q&>DZ&z!@0HWyH|>F zkak|gKVbAvPgf%70RHV@WC`)xM;Iq3C-Paeq!g{4HMkm$GG zrU#tp!G9_D5C>3jEUYg)HZTw$oWM}nvxVTex^dZbo=t8srEL7m*u}>;V)1< ze*WO0@>}^5c_U-n0Ik76XRZ$%_-tni3|R8D2YE{)uHH!zh_%#LUFPwMIMWj@RxH1r z2~G}QfNA#YaG8V={n(495sbV!zz~9MD^@o9phv;qTvU&rBIw_QuAjXq-&TrR7fR@$ z4qE(s$oHS1^iS`iC^3kx10N8+z4-QoJi8PwhsU2s(&ENuUY=~8ZSvLU;k$YLkFxW9=}T1%Uk~RhZTJ#MYnsF9Q686 z;4H`R7!lg*Z~OTCx!|8BnI{Qt;y`nn6+(^m4{aYA` zCvXb>NIM#T@y`FGDEj;ts^1lbi2^CRziA`YXi!33W2)cJdVf=09cRg+4|T*Z(8J z{|-*c|34Dp1d~;!o#&2X|8@^eKs=)(Sh6L)(!}la-z37{8Q>rAV$peQ1b5}kaXzB; ze$u~<`3DgYkKTjrt<>Fp{-5bwav=x@9ToUL>M*Kch&KGH=Blsk$#coa0r$PVy&t`j ztNeFyi~r4G#^HCwuuZ~wz5bnz`Cojvkc;~L@ z-W5#Z{Xu|mn)s&$a<&pM-~Cg=H~tF?cxF~i|A6>!pPIbU4FCT+{4F#&|F3|dDQyBL z`&Kb78Ee9A$tl6-c5->9o+c|u|4ONTqd^KT#Ig4jW|9rpKcy}8-+Ox~P=S=#Zc{&Y zn0>=9nr!=FyyVr2y@Kn(kQ7j@3O=_b{^qp(<$1S<`J?~5AGl%*Sf-&3#~%)5tsWC4IoS!0%ohj8Bu9DoFq0t*^xg zNu>bObpF-DIdIirw_(cT!zZVw35PcxGaHyakxKtiwqMKqeJa`E(CmxmbQ4shSYbwE zH^0pa0BRq%MuiL=1-F)Jek#mPf=0IhlW(aubg$fcj;Nb&BepeHhLhA z7+%3#);KoPZtvX>lKs)ipIW&#SmqpCRA?GE+N00RXPQ1Z&ugUHP_QE_+2A1?Z()?a zta}#XzPgdmJtn9;F)_s!3(~h7j8lBx3(!uyqB5~THk}rK8Ba|Cj@1_+eV=~c1x+`I z@T3l&(l+Hgr%e`*9lmhDAb#S`cjjkqVZH{tnLmn{md)|B#fT@rDYfn1)!UgL8+3kMIQ zn%7v_Sj&<%bUv`nxkpW*xe@JP!dQyBzNrFZOgkI1%Sze4DH~AGdEE zb%NU0UJ-P8t~BLW?$?D&2{N$q z+fOri@#-A$)(rHeLI$9f@0G&8mI`p6ALO^H9Wq)M0%R!kQ!4amJK$kIt5qMBuk_U3XQdx@OGb*5O^TFXHW#=N z7|}NSM1!|vhj36qrO6qLmq8@xR*oxi+Cj_uq>ZcbVSnR!M_&a=pk83Y@E zhI3PKoir2e>{7!~A*_5+2&R%E~lv+iv`86w()_d zgU=i$1cFS}3I54GGLDk0BqU4<-}FUj1sW)Gy9`jZsM-e`5IIrNI~z%#%m|dZI~SGG zpU*CPwUmj@&srFdx$VC=9^8L#6P+#5oKIwx&Rb?sX&+xHVSZK+QkPe>O4CZ!4z?Qq zO4e#~a~r%>RubaM$z^EEyP|&W4lghXfqU{;xuBL`TyuMr*6xUuHg-ixqW{&-ohmEp z>$Z>WJ9ly!E!9%LOMJ3f=~@EZO@;-S$FE<_K1NE3u)I#Ik!n%)yx!16K5JI0 zfweBXXr)75-k?G0JtodAsRAg^8b>i)S-((@MpdZ8AHTj*Gh0>}Io900LiaGMn#u+C z`WS0-qPZEjq0<+;0vYkOE&1EDagsGIJ~hQslJ|tNWu@qFU~iYoByJ2K`6`#}$#i~1 zm4%wj=L988(E}X~#P)Q}0?^-W9!D#{yCU7>QKfKRSVlZ_?FV&;1lsPq3X~k=fog%f z)k_WuN4r2oqr#l=#9g&D+mYwMns|3S02MmD)Ls=TVBSr?jN!gok8;P+mg*F3ES5`gE|Z`EwLRt zk6EHILeW0Kp*y1}B8z z0YY$x;O;s&0TML9-5myZ7$j(LmjMQM8Qg|}clO@1d-tAm_U`%mKF|N#?}47`s_L@t zuC5Y};FSHTVCX+{W>|gcGQjatz-TGOjK|JcR5v^|OH||)0r+;jSbuU8p7fYE)W}Mx znL#=KtjQ`@mj{?ThGrd-&q|$#%7ywR6lW?qsq>A`u;b}z?FX_&m#VSu?#{EjC?_Ig z&ryj<=X+$XTWUUYA%OBdXwJn~_OD#k#z$D>4cmntKa3za{o4fjR%UpX zHyl{CKI#CrTTu0W!~??$7+$SUd4la1QgCQE6ypH3g-C$5_ZdSzQ1J)8ab4WYfaFbmp#@FC$s?K5@i?5O@NL7ArqU&Kg zdGAcSn0RcZGnPx?*+-Tc+v&LysH7d}j9I-oNoc?{?tVjDtJ))hUFTA*AtKC?m>o1j zG4rX3G^0|!4R^{mCHrQTP?2h(MFAL@KD7wiq*k2sp);(rq#JM9tm&a%R|3PZKYOZV&A|j$dLJa zIX)Sx^~JX4%bK`kBH9Xv=Tk6cIgXX9njbThTo7AIyZpVAllek_G=SCy&FPR7qP3C| z`;jwi$_XBRYl&{Y(b^=&HED0KH#1;^UF99muB!U9%C9>XZU+5@tq59l4(i1$U3k=P zKO4=O;Gh~=)u!_KO@yjY%0^F+AB*o!0#ncTv1{@Yv-uOn4JvYX**3&$#kwSl-BX2l z=#E1zZ<>*7QKo|s&-Cz=Tn&5{14ELpd zWm)uTj8!p?E|0x0dF*R0MMp<_bH^vWos2=`m7p@b&T=Gct?BTffRq1~cRnSvQfp{& zT>t4LE+eu|{{H0Q5X5`?i!J%cQW)opOS0-M)$3vxRfcktSD#~Sbmmoh%9E>syyRPZ zbWPqIZ|iza_o_D8b7gtynGh7gR?+ViQ@MjyHfBda9hFKZ((^m)9X0!ex z=JVv@+nmf@5Qy-N?L@?OI2Ilysqp=d`cgk)>~bm139H6r21U2UQ%bBykwtwCo@G#3 zRjdgP*EuL{bIRtH_UFD}#|YN~sk;|$ND3(vi681uM1lleZujZ0G12>JT?B|;smes` z#R8cth-P4Gv)i`&nz=G1QOvrPJ-cH+9iiX$?68!508y|}OrwW;CG{|}5%ii{&=V(7 zt_-RRJ0JW7L0DoOIg`5vw=OleTdO3)*qFQRW-@i%pw0x6_qQD$_a= zs`VD)8$NGt@9KVt*LKWYSyL!iz_iwo9h^O&W3{EN`-@#dG*4G^7E|hX`+hm~429qi zWfTqapO(C%RUs~ z-((zWJ{{d9b9&@)7%^hUI3f1r9N3~b(+_E}1mUG4bMyJhGr-A~a}@zEsP(3LYPFsB z_lbmYs+IDQZ=6rh0V=bdHwvs1xLSo}1z8?#!aaKLSPsDB6R z@0;nP#}Cn=0>#hl^Cr|XT-cb)4Y7!xZh~mQwz~-eQ5gu%^Lp{k{2JstuRD1s2H9#) zto#`%(X*NPT3M$3i>K$XNja?WEFSz1R|+dMgE1C<<=_3lyH}m8$mHwMdHtQJR<^+r z(?=KlpnK;lX{$1r>XN@;jk`T=$!ongsDZo}7OHukCLRp}#h;4KWS!V*9W;j&==bWm zf{885-f4c?xq^({?EA_QtyilfNOZ@$E=#c%vGKu06_zyS{bn#GI|1zj?Yj^Wn$}rs z-Wu3r4+RU0+NCXz39DOcm!{Y6U6Mxtc6vsW&bY&Crg2luIRL}^Fdwx6+XK?8SDfZK zyrLgImNVoHp_B{usuhcG(KvgD1JoAaPw@$|t>S0UW2Us(%miv<~Jr%-{{pzJ(LJORxJApGUSD6V4 zG=f>Cx`IUw&F2yiXq4^L*2s7znAJZ8uGR^d>2N|Ty`sl+%L|6Md6|5J`is@8vRg)A zGsB&F$;MsyaOYy9ZVJcy1~qx%9P!p7)!esFH&il*Gx&zCVQcbUZt% zS89~<&)h2dtTSII9Y-$feIFbTTA;;B$hK4&abB786sWb0Q@|1t_Bw78j+X~04PJQ% zm!b0)xi?lZ@2w!yf&>Lx%u*O=L~|~LMO7k6{Vn!B{5Nkx3y@Cq5t!5H`I9F=pfF>~25huJ+a*5b0fmv`w@B|DzrS?$C){&4vC(VGZ zZPhq#lJa{`%h8VuFdOB?dvbL0cpz$3W&%2=GA$;ypGGPRKfckuNG>m;Q0yE2CEhI? zAG4EA04phofQ6U{xURM|`Aq6qM68{vCI)!30bG&Wj@Rm!9p`D}q9$pmFVf=5r42U# zw(O1GcZHGG+F2BrX;Wa$WApe19~vpUCq|ncs%!ZIbe!9Xaa)s*GO*9Xhq29-S= zg4s2Vvc+nh%#Jv~LP8+ed023En=@H9smfH@)@*{qo#`0K&E3JKAOYu{s$=bf!l#+M zi$|_K4~wZs_bXd(O5Lz}41*KASWUhYtP5usCJhHU2u@ zEEEANp&8eeb;73kvJlI41;W~9zPOQ|hwRhEn)B|F=L(=jS8dxMt0GfcxuYqjG%07j z^8P`da*X7bYZqA=4>;O|?+=Ns6m!p{8k z=va9=cIOFuBd}NP4Mz?41<3AGBAe6LE!EOt)EJtt)$i0iK40|9wO_D_S_d>qVmOSe zjFZ5&)Kj<^O?GvwmqgzaML@L*dU2)@oOHQci4sQeIu&wd0H2Ygth#i@y}kr!r$q(; zKv=U@;^9Fc%{#pwa_dPGQ>oBf{a|WH6DVa2esmmEPz>`b4{a+Sr>0wWaJX~WL8kgz zkdE+oif|py))^~TtNOa6RVx@pWTAR1gim%J5j%RwxHXNC8aJXr*z7pGk>#9n^259J zXD;KU_F_PQbsonImAuN^5v@akI0q(fRZBVR`7z;yWbaX7%WC6$a&mXbHjfD#2uyqxIIijzoKNKa16+-M6WDb}zn#3O6}5 zsC+|h;&iT={-9q%=^{{MQY+Qrx`zL$nL@nwpeX@Qv@riu5zXbhH;YA{(|J`QHu@7+ zbTf|MgFN&m5|{F~Z=j+sjl&83=kF_)VdVYOW8#_-*gEvGGb%|7Q5-+lQv~1nrU_)l z&CnEThOhX^dw9T2lzK;!ncz8s2XuR?6EzuIrulc>;Sbu8CCd4ei^HoOGkOw&KSM z>;`Dc+K?-Q!>Rok>p8|;+YHtK{vo@)qyaaYrcf-?B(y-=AmQ_4LDfNjJ}0&FU5mvo zC5VT4V|*NQCW8kni5-kO*$NLQe@IYL2GyUKDtVvee^}hkK9m z_KEfLM;8pdM8#UsY`-MpjT`$M>(}(wY#9~iUb?o*Ps12s%{#vsT=$>N@F}dOH*|ru zZL3(d!C|?tLZ1mf3c!7U;qG_Fpb09C4D)=l!!j3F^-SZbIKIoPB7Y+fnO}tN%Nvd@a4nuqJrPwc z9ZgQ7c#L^HpaeGFa1ubYls+>@w~D-_OJ-f+(1&(^KEWn~%CS*NQ2I@fKL0AsPd*M%o&wB+sdQ4>0_%w>T30;XVkn z*%*?wX$m#-FzUTi|1vZX9~@%$+3?3D0yEV=plvY>aH+ali{RB^g^4R`iJ1Pv4fwvC zsfQZi-9`csLevnGrn*c=G#D%S_*rlCTMBtDtzE5dv>6-@!amC`Yv6uxRKc&Y^(5h# z`cj|zi6XYmktY&+D3*3D+XL3iFx+{}RK8L@9koHZW<2=t8n3e6JAg`8A$RyT6#dRy zG#_)60yLuMdp?#bcwL~nRL@iZ4L;p6^N{+*A8U4BUU4zR_~SbmXQ_D*sDp;BWM0^t zW3_u!d}iWt(DKISrpHB5#-M_#nm*I(IKbMsmhUci?f4c3>y#R4`I_gZM;QO~W%7B7 z%b-_{y3IsD;PD*yIw>`DD9WEG=>ghi3+te0<&%Okoo81=>l(a-ZH<=}*4_uYkMMlx ztyzFt7X}+V`n?W8cOwrC?wX^Pe??gx!?rG0=hcVC^J#vyV(WgqHWtlz+`Y{CNAd8) zm#AuunZ)7jRNWL*gzDim>=$y=2BYsohRXA zu*LM`sj2?sp;{XE3ARQ`7Y&b}pIMPbcaQ3k>Fvd5kdoR5*%w`x877FYeoOo^?rnX5lu6|0Ur;p#%NL2+%^iC5k# z1|Nx}=4}ru*R||2-=1qboEM)SrO_Zb^sdcI02o=k-DCF|O@*1E&?h*d64k0ySS=*4 zV+!<1iAhyX84_4KEt1CjKOKtbuF1)7lympQl03vIcJMSJ-+U?iM4G*UL+go8!F4G= zv{|#h)^kGpdhcV@mcF~=vQ(L8+0B}eB6~%#8Y7L$RbbO@TvnI@DsDlVubzg%$060a zDh*+2=8B`~0?UP1>|tc(nklC=S~8Y(cCT7m3a{S!fib_CVo0qZj067>PVvsUq>T73 zb|IvzO7GJQacZr=OU}Z4)N#}FJR7qqEI62sVf21+=sw=rWIS5^&gVi-#^UzMY4(#{ zSM~&Zhx`_%HZa^dCTC8H4x~Ng_Nuqa^88Fq9*f}grK+j4!N(~ItMpLi+-?x)gzDUR zJg$gkxU>IzdnT%MTzfRL?i8>_>Ri7ky1MqQ;>1>Yh&O{9r8`;#9-t}#G|v7ia6ZN;BNxNQ1hxX%`^!rN2Vx;HT3&)IcbIKB(c{z~iy14GfD84nq0N>;SwwBiOYs zf>7~xL+lnta~JGr0g4wmf3H(J31sc+N?87RI`R-5lgQtazozB`yY;|zdqSFmJUs-q z*7{{P^*m21U80%=Z)?Gw=;R%$-dMU|LmFFQ4D705klw#NQ!Dau%TNqOhG+8yCb8i3 z7MhI2RxmmyI4ljA3}~OJSOkiYY9u{GV+Z0w3#()@odnqNkP;vh@krTzEL6v0aVl^| z)GD0wa!k0m+LVOX1~LgNm({wxU>j?_j1sNZFpVQV9skKzvkx=^UpOBZXOE7d;YIbB zmA9R&qzh6BaxaROT=11l0@+g=o%Lp~!mslnr}1nc|6`b!1|5KLb0zz_qdn78iLnTg zkd|1qc-7R%eG6E#pW&#ekP-N<(}c5?*2=dJP%iZdcAdzpc1p>`#l1h|B+-3>R2=KP z0gek3{vRnXy&~!6+_IVts?rpLYz0I9==|4iO!O*lF9T{mj{byi2P*-MYALS+N@ zIWU#khoha1IAm$k?516pQ@vo9hnwnd;ss&d{JkC=8j+Kp*9&j%vr(fa6xlkhMr^xS z@NZFoTO94Fn$;iGl1Yfq9)A!*!ECa0HL{9u6L-d>8)S0i?p@W?cmWc4{F2^uX?$jI zaXvC_{6?Y{5;mDUA6ptg4{JA6CHa{!aCgwI*7(GllgM!QxwkEzTSmIDAntuE?)3zW z<|h~SmeIxjoTHOuh3XebqY3~RNUQHLJ`HvoB*rh|k0L5t3 z1)Q%&1gOX;;(_3@wj-PmgSFp=-+_AG6wJUSPzUf4W%x3V&`g{iZLCqrw&xSMR)jDsE#awc?xQ%@=8W zP6xh>DM+JZL%Ynp9sn#097rBCzelKf)V5F+o2)!y4zYi>@lg~QqSa+ToOTv%sUMe^ zD#gk4r@P0#aDreMG?Q=nzg;nG5$$bjAMofF1D&_N#C{l0bv4+bcI}4 z9m3^_cQd1Y+^y5oee!U_PF`myat0rKzg#pH%y@jh{wKFxirUzl_QnC34|qMZl6rBn~E$+sLE?z;?+$3*NXbwKr3!f4$ z-0YDUBrKUqI^jho)jtWFP_EoNNZ1Gwa~314EsYFa4yqUzW51DT)}u>OSju8pdR2v}+M542hc@R|4V@+I3?~8(6jXMXW;6^rNg_-M7tBI?mug=Ykd>%7s zw(gOjYeG(b8H$=VBjxbQ%v!mkaFb^X8)=01jV?}_B(9(}G#(eb?6z2E``lK1$pXh= zoY^rTF7eCjQk}-P^Tik*>@pOMGB?p)C=+cib5G?2y&Asi3h$n3YPHGSOokB$ExEw- zvC?R5Kb>*!EI~(md%WlK?CNx9eKYacY376`& zJ<|6&i@!)nWn*(5X?$>c3ikhDp3hGpsG3$@7(HDOm+z~~DhYEa8+ZDUo2^v%*Atp+C8GT^Fz1*6_E6#CA&)q_HD7SwKkmByd_x! z7yUdqYrPcLU$gf`Nuzzb6`!~K?SRK!>UBzKzk;93h?Uk1QFpQ8&sPIkJ{LXI{!7Jo zgY=b~5?8xK*mSl<3eyA81lKKmt2mToN|^;7qP*77$o^u>H+3~x)$@1><=vV0J*!{2 zgTp_J0;67^>k5;@ZGZDbA05B{Q9}QN7IJFCRdlQ=y_Rc1?4$lgtFd`7mMGk&y3Po< zhxIn&du!CBbRc@}ZJz4QxB#U|hlC@^30S)pI}iWRveU+7Je#?+Fict;Am!j{+dYJg zHb4iaI;Vs}Hz4k(Tg}Z!=_61|N&C^Df*F8?)e|cbl!^7jP9>(!JFb#mb?l*r`k$c} zjyp7ETh0dxeHAX>-Wq-A@7>XF)Prl^_p&&^bASf*KBX9BsujoP?7OH7zbqWC-j1)e zo;Xn13QwizSr*!a%AZ5ymO!6eO}Z{q7Uni_-MfQpNDlyGucGX=z)U{!7M;!CN9Vyb zBSJUNnAf$YYdo;+_s5OCTgU_tw?2&$tu^ejvf%X4P4)g%ase969hZ%ld$9ODG&S{T zn$^1?t#D*wGc}5vS9KM1vUs&uB6w7LYKjGLnT4G$m#(?IV(6GB7#=f?_7CdR{M7JHdFi%b}6eN5I~trLU#A%UilG1v#ai+1NoJhaK=^lriH~@m0j|d(as8_ z6)6n#G=PlN4JUaEl|{Fe#cS(LP}h-Kij z>|$(j?-X=XT`9akwP~QIjF(ZAha##SNgi?|v2Cj60w4WtQbc>D^!GakqC^9j+7m_J~SZ^WIs#hGiy&=7)&Fot(6-WkV<{4qcnlLwO|OD0~i>d z!zx!mTNOKOuunMo&seowh=!AQ5F#Iqdg0e^KePZ6MMfj^sS_^2C4dXW;>x1w-I9Lh zayX&?LAh*OPIKk%4aU{&5HlOkA-~fLtX%lasPCY?C=fowd0})$Ag$K+elgNC9V>#? z?KA8`b0fL|An%1GHXT#eJv&CFP?R?fFZ_?9nzQ)nhUh=3pU8@2sx98mmu4>Z{} z5p1r*7`GqhbCP+^X+D2RD-!3UkI5W4Jk+pttvL2dRKT-2`DhjFw!Fw|w`|%owM1!N zXBaipi;h-aySKNYASnZ?9S|@V-a?GzLH5|qsBG_UI4XVYsP+{EcUb_dD;Yj$EDCxN z^?P0jfK{cG$R9-FH(n%UW9o3UpW zQ&UtY5v_>y*Bsg@xgNUiqD*(!%=MlemFomgH`G!UwnyaU~N3J z1c?^pN8EP_5=E0wtDhld*l47^H{TbMv%$q{QF#F#)r9*`f8I6MgjMQ|Ods4&q6T6V z_z>0Wxjc<$*ZgWhFVQzZ#pl;_8_ravW!rKpBMkkX@-h5dbtS8C;+@_{lNH1zf!avRE-^6~AsZi)@bJnv``C3e;eCRdqqtAuInN~W+H^~tjdW6uPz zYycQ-=>yM+cd@u+he|0Q{IQM*BQ7&&QBps{xkEL~GMFaaK86t7CdGE4)JF)WLiD& zYd_14JXC?jbLix3)?QigyxabmWZvMfJvc!I{&NFa5j<>qc_*`>6vs#~nia@3F>GYq zR*Tdio>mI~vf8chajyaDl%=D;@xXSi`scl;yJ0>!yjD7@MK{m9P7pSnCLEn^w#~!^ zY=YF)`El9LMe${_ir$B4Sed!;EbzbVaUtRs`hzpD+W7wlLdmt0m4*LadQ^q(Cv0822?mgHC?*K+wl0H z!$p0)lwuI?tUDZObJe!gfXNb{{#ALT30<`5o@`Qv=B=RUJm>n0RW>ujCJv14y?ULf zW*>LJ;cX8t-(D3gThMzMTZwDD@s?0DE{vK*@#muf^)=tSIz4T*lbY&d_?{U~ z8ofH{#9v-KZyuwX?hV1R!E#*mGmTLq~YB}$rW>j$f?vRa@4x6c7NP-o# z+y5cSbSHD_14R|c(m=U@X7f?Q#T?_uy?Ik_>v-2vegWPrr5k}q#P}Cwx)fdlKWWp3 zf#IGDcPS4fHO4qiCwfg+7j~Ek(2Kf7p-WR{3i!+budnA*A$Hz3rR`6F5Zyi8$6Lew zkF`S%Z`ce+#4|KZ(-@1G&dqQ4Ga&Gn_mj%+^n1*;=C$!M8%Ka+HkZ&>G0(CT8!CvB zaupSHnUZi`YHnlS>y@8(?3#UC0?>%SD=(a<`LPi>4mVXgHdh45M4L4AIm^)%S>P~{2p{6}f`_P8XaBAS98(9>HhbBAD`I}{=skt`F= zib1gb&w|g9>!3(lmktOifG8=8X)I5|(!<4_ljpaCi-EBnc@39EbuQHaQvKGehtqId zYUTg(W|vYY-W-Tm)2aYzY)!(?c_T1|5_ww%?4<%^P}gqI-)s4+ePtgSu?3h6ayWOT zX~%}m$W%bSa4V9wl3E02Q&!=L<}^DY zgviZ>l-*(*2CTe<`uGJ-YwSQI@lu2d^<^etH^NtaZlt8j z#aWx76xh}dQd+xxsmOxG(CWTJbg&Z}$A~FOv)j6Mt>PDr_DADjgYk!@i&|WjbGmzm6T@c=m zjL`gqfa0!>0$pPVMTnQKrj{HICr5JA;V-6@+jV3Oq{C0iwkZA6+D!M6?Nqhxgw314OTI;CP22jML#sy=i`@<#*)l z+GScLA5tAl7pP!wgum7E?)UbV3r8qIIceDz1NeSXL&m0YO3-6z6JD9g$|b#Pd{`hZ zRMxPoa(i8Fw-$s2>#XB<`VmJSGQ6o}y{Lqec1GrM;j(4vpI-S9a{LpmaLE-Xv^sjl z+^&6dsCn7%=>SKw(CAMd$i{GbT4=4+-fY;Z@>~*UOF!{n#=X0}eY5f=7cSxb8RK@Q-N#so7NGTkI@dfp+Sv z<-Q(x1M#sP>xYupbuNYb!=md(g9iN)KbSC8$3u5E@L8puri`SlXlBdgGUi$v8}?7$iyk&mrt@RX+S)z1mT@&_r0B&d&@gsPUPeQ%Gy?)~t% z#n7nC#JMVcI)8W0o1fvqy6U1Zxxe^=>ABSpCeTTz_!iXCIXd*DrIGm7NV(d$MRqb6 z&TimbD(rq;*=AHghjL27_THz7On6$W6mDE!qsH2Et&FeFveP;bNY5~%1oFop-k^y< zj~Na<%<(tlH|csN0ujyinOa)bWxEduakiOdbgD7r{*IGWb?H*>E&pNEta);tVJU(aO3h!p{`W_3UGevnB8JBuIViziL@0w54a%CsL zZR_Lf`UHCLd z!hS$m+EPaN4I|89=hlE`E~F0TF2a)@Nn3{f#}y2p4r&3bw$L&1zK4wDGvWq2WXqfZ;yElk+3v%?M)eNJAy6Z;useXXRu1v$8*$K(@ zM*HlgD7Jn`JNE1ELg&u6H!Bn3QrE!)M`KNUKYR3Vegcme4peeTmRBb19s3!$ z8k9GvL;ZzK8`FmI++C}(=ax*$J<;uTQ8_xxLozMIf}jS~iIB7X&57KR+%-jMSH428 z%l)y@HHCHYx8vkpyPYpiZK0Z{ZU&3_Hm}M{#emvqS__yjla-Zt!OyUXGro{D%J}0d zu=1g}EhK-toc0P{B+{->52(uTdKOFR^ddgJiV`E5!J@Puqh80K3Rc>2Q>*>*6=~RD zwx$Nyk!W)>B?R2pGSM13k;d^EG0bx{K%$Vy?Z}0!ck6Z9!tZ{VuAgl)%Y$jg$q>67 zEZ7>#V+ZQs-BE-ji$hm2_d!Yw$+@#}K(P%?LC7+XpEko{F~5q@{K~G=}K|P4>f8_X=2AT`8u^ zH3Q`ZFIER?H%7aA=(y`2maNZeyas;OZ6AM`C!wgSx*j`S#;@=)7SzRKCU88xC3tkE z59se^d6YRKfH||^K&+*AOQ%=(twr=CVPJ?oMdW?|nG;<;kebShYPk8DJQsBRY`)$r zSU$~_lrWmh(k2H1;Pri zmC1^vNw+c0nWacd3ofwFscq?f?qezyWqG|JTSX41xm@RkpNN*F_2U`V?YL9k}gh$bsv^5rQWB`J0H@_p^MqXc(_JU-%cR-+$?CGykc% zbSFYgpCYM(WtNTXW6Md5ikl%4iUlp}m~ulr$ZJ)(${M)7YSou%Tfnm0Z{C}V&46-G*$ zD%6~&E$g2n*=})qAqTNm-kIwR8_){@Mb`l=hG?6-??`aL6#S@>o17*s3d zfTAu_p3$3J56pTpNGXT%#}4uBe}5)EN5#QY_)hg}DD%G&r}RJpKz*9YxsI>-+_X-9 z=u?&b){EO;1hwZ&QNzaG%vwy;^k?-A;(h4sH$Bqar9PZz96I0R5;(*dCUP&8)|CHc z3UkzbC;RLJCEJli?23^NF2+sNSO1v)ACvyRZT;`R#whrC<0&-h4&(ka)Bgqi%=X#G z+r4$3(+dCkuYX!Fl*i#DD41Bi1L@12|9iea!tmeEoRF{#!ZAoGDUA%&6#o{m|M83V zteGg<3;&<1@LvEpdywK0$;DanyIB8;MgR2K?*0^sLd*W6GOYgq z2MxcD4lYd7^S?&(cjQPpenTNaxa0g^x%oS*ewU_p(#L0KXTO0)H=X*AKsz`%{02Sk zKZ34--4%Y0sv(NOknGp}ImtYw>mchdm+v>645A-$g0^4IjV*lmd(q(J>ofW%p8h-F zG4GM|$yDVuCjC8u2KL{3{~e5f`X$3Rq(sCROF41>y;Qa@KacubaYT9ifdHv%jK3l` zO+WoTO&wy?|FakV%i+je9;B&?rWzW`{d<}M1BEbum!Q9v8%`Odilx33Oiq#cdzvt@ zJaGP5;Qken-Si$Zyfq|H;({7z|+#;FPJXz~uSAHA|d3$T%hSEaU;o ze*zV0eG*Z^C7MOfe-oMiemH{2^vAVeDU|7@%*p&sF0(L)SX!VmKU!cAf@5S ze;^H250TM9FtWsBc5SUH+({tKzIo9IEIs}2BS_8;^bZV#ti)j#B!t|X2{jCf)PRsb zJO(;O&)J9m4acn3R%%Z$wS4LA3p3ELLDk;# zPXWi%(Wtxt0Yha*%f`k=9Gpn{H+%m!vL@7dyXah2##Lk`zne_>KSwy3?S1GyZ}?`X zr}OhXN#}|k*#89l&!1ng3n#Px-A}je`DQ=c8^eQ~l>Y6)zkl+P?co#;Bk})0^Z)TE z+`@kJz%|Mm#7FWM!iD){nWq57fG_zE&b_DQ%jy&E@9~Wm7@I#1|_wBVrO;YcEb2X1vbS6Zzmyw6-}XN zV&{i2Tq8EW3y%+1|4*3z#V67vkh*nqpfrX(wI=LoL5|sIR>Ptrz2)HZ3CG=&n6t#qWTZYp^az< z>;Ti@blgruq4bcjjjH<0mMZF-FU}v>1_L~|j`^s{UKIR!{oB`{*$bpqXo0r(_rG+m zyj4_;!pyok`W6u(@%i(MPoF*+yir)#6N_;gaVq(TsUZ|MSirzqtI9XhE637irodOy z2x%e1{unDzr4~pXMKxa!qjID=={KcSeeoTaN|+!VT}zu%dW0r*%EHQj%J7|}0NP7& z)To$83t+Zw=d*suS@y3LNwHMg)nr^=T{#=v)Ne_BhZE6Li}S25&AF|3Z{#Xo19%-5 zpOW3wdrg#9upL|U0k?Q3b{Wa4#Sw6o5LZHoLrUuU5_JU z+n1F}>1xz|d2n+o#tWZ3$O3R`L?_vAYdeIA+Vhdg;vn*_XhPRAo35V-PkxD4~n8|N1i7+9V9J_E7S1NBgd0f`GNuKIFE~5eVTE(EOr%MTw1irr$-ICR56yo#>!`;HvZ6Ie^I`)#o;l%h1scIm|tbJ z$Kktd%EEb$qsR*B|Jd`e$7yG7QS!VdKX9C$i-aYwA}8G zqMq5AFkd9;hE}lv*W)-N7isqH-B_Cp%`U6-6;|!OV#YW^J#xk z&^h6~AjiBD++;D!`+ z2aDejt|X3TgYS~L90zM1^!byU503go6LP5M>!z&s3b=C(E(QbIn=Yg?zC;Y!Z0{cW z599=Lu~Wy_u*wvWBr{CWo!W&k<)P;_3QSV*eZ3f_-VXovDn;*Ep&YLJg79o(4k~9d zmsL+}#Z1kNF#G;I7<)0@eUO<&%ub!i6}I=*Yg#4NG`K*<#dW{)uvnqXM6r7^{AlJK z%V80RlteXQ9=BOLR41fIje-&k9wiHx{-7Y9o@*GfGa);?=9<~qiegizzz5WY)I5@5 z>Khz>>-Ax@#_$sFO=o!0#ObJx+XFV_3pJxIKc!CsHWRe3BOe-<`J_6yD0>E6ZOwQkiw9J|SLopg%gd*VyPi*?hVxg^RK z*9}fm^g`p~#igZu)^l3&1V^)NKt_QD$=IP($o=_U7Z*_8}!QRs+^b zz3V-yR86940~f zU`4!Ob6#j;8Q8fYCflL1o&xsHa;@d@T-w9a-dV#2lr)JXL-S9S+sMm!` zRr#(GM*m2Ud*rn6gl6p|rv+5>6f})@*5^3cstPOFU$E{9(Fk7`-a9-H%V{wKQRzaC zEyCsAYnj^mx%HtO!>sKjt085!Azo0F{4XzMMp8qb>9?h`o1rl?YvtM@yBP;D%<0Rc zskE5EFWOmxOsWlulRHEhg~2wnttFV4%G9O`)##h&_zh{hy(ul_#&8{5;Sb+r`ucwb z%{}{|2dT6J6bq#FC2|qYd5@#cGrJo4x^Yyk18J38NhB`?AK1J00qe%#=`KKH1OdT! z<|U$?UueF(@cM|TKUs)pe9!!;C^jxL1pMuU{cz_OH24Z$UIC?j0#$71{j^HNwY!ER z1ntKkIpLc)ARiV_^=8V_lNS~G%{9YX!{X!P+XpBBwp}$A6BWk42ogUad`pU(Oa~Jk zW^bOK^}))P?(Z(I=9lh*!#G+=Ia;qi8|aE-sf_Msg;4*z-pYu&zk}W5wdB^V1yk6z zqu~o>VvwM5oRJk47W!#TXFZ!bflVqa3db_z&A0II@KnqnC~JXrdAkeEO`dQ7wG&e1E+vvQ#(KW z;>lzPjCXg;W8UfrGpBkEzWRWzvg6=lxCCW(ZbW88<^KHq`X`;54V!#nY|O#xPF{2s z4{4)PM@1y$@lNlE?+XSLE|0mX#c*((i@nT<(YNRUeGF`%0H}g@N_JT>$^wJQ-{b~M z%Zl0HV47|!HJneELjVF98@GS3NKnc=bbd&8U(@Lmd-tlks%oVMkW*G9wOXy&CyRGz z2NL1;C@TUTsJqyy6ZT(Db<(3WzImk9BkMQG)bVpOSZh|mlN0<>{Zp#!(ac0(zc751 z&VN8fF8R#Ld^Fz*RPN8si=uqPUcMClKuVkKqQ+J3`#|{Q75dq1X@$&kv7DB1ocutH zfr^kLq0z^Qxu8H@@GEJYB}{e2H1x}buW|zvY6c&(Bh3qozsN@}h5xkhZ#Q@Y3;eRr zx(z8F8+$J1DreXRvJ^0%xIr6|i-iVFg{8Z`>NW{>kVJRx*SQ?3;M>_lbGuG| zZ`Z+C1Dn1VXah=UyFGpg;6`;P6Abo#uKr}J%B^33$4Eb6e|`sJG-OaH`qH}oz4Y23 z6Tx6uTzd;Ut zBD^6-v|xTgl3%m{?81YZX{uOkLR;f4CSM**f~zx;;`^NIR2+o^D#uGLrPi5HQZ8lx z3n+C8`Xf*wJ4|vc+(P<{qYxGzC`2;^d!X({c(Greu*OJTw3Fm`>%M+kOXV^}^p!1z z-hXV_fv=A_nb(~5_gVnQ^#3aal78N89qZ&~cQj%M>Q2!1H`eVfjd!pt=?9CCvApV(DhO{t3k%c#g;V zg~#iU4{Bk~Xu|4|Yr@_Z+f7l%Kvlo*LI1tUL*DNMsQ>I8Ajhqs*76&*>5VVG+aalX z8Mp0@k5fDp8b`QFsvb^EImy0V9JWH+ePAsXhYW`QKf=B`Aj)m)TaXYCP$Z;L0bvN0 z2Bk#0Vd#`@P)fQ46p#+-p@)H?hfWbex`s}X?v5e8$8+zwp74A9Zw8)u_TH=ZTEDgS zUNMeOyks6bVBvrmM>a&|RY`0t=gGYEdIc&diIg;xg6V7cXkVuaXPY&ruyld!{SlSd z$J^!~E{zEAN5zqs4@ov5-cR2SjwZ*H+A-)pHi5hzrEwZ3kfG}*x^cq2T`W=c`33Ix zt=ibgIaBvq@;Vod1rhl=j5}f@lMh_CwD3FFnULCFS3D`V!au}Z(-2@CA1{;JZhIB+ z@D8%hwRJ>4fTjxL8Uy5xcCAzX>rs7oI_N_0+Vi$8uNAwfX4Mf^`alc@vE@(~O-#WQ zB1mD(k^-nYCTU`n|G9&bzp$DbzQcOYM@G1y@%5)X`0?2k8~Jvk@*Y8?Cytf0v738z zmNGbdF&7V42lt*xdPAjUdn{y%>)|q;W*FMhZl8;bj3TmqEX5FPcLE0odr}^<6&!I% zDXDM0OG%?vhaW*MP-592JN4ULV|pOh`O=YR&92&1Ez+hqb;8GYDI0;zcI z%vrSQSIoJ{EZAtL&5(P=s@kQU?zxycXh&QKnYqWLjQnW=l(oL!43~FOKTJ=YnZTCJ zRi=7*Hmq$D4AqEa%!#cItsc=)RtDj2*jHqh@n8<^w_fiAyiP9j#Rre{X095I6%m?~ zv)SkYI4T;ic0R_60CywSkLolCmo*$-=kC!fn|jgBluBfQlXQ=lkZ)08x;bM$o$o-o zl8ya|mi8yJmgrm0NTZLsIBYignCxrMBYmO3H6F({ItYw@2D*e;y|B!%Ie9#-L>^1F zIs^0rF%oJb2BwuK%l9UUQiLDmQ+Ns(s1) zz&Sz5S9!*@+$m<&P=;G8b_qG2m%+h_?_W^(L{UE$F zwbb#wx=D+hmkR5^k&+LZjh;26x2QmO^R=JBoHA=_F3MY2_3Q7_dL7($=|Yf@u-;^| z(kZI`hI=xU4{N*v*X(t&>^5wBDN@c!%cJC^$sneowS!b*w1!9 z-s;8V2(Uv!Lth;tHLyp-dc4nf+ZRx?SB)mwR-c8hP8Hcwt)!)K8ZQrvTWL4cRu$tC zKvt7#%5YI64^#*fDb%#{32(Q+;6g@L5;c^5Nz9^A^jXV1H85W_@7pD6dvrJ6RE*TTYMa->jOYSt`_~5;`1K)xO3f?tLfSW2>fm_Y381veDx+6^J&$e<7bB z;vGF@s@Juzo`@PrSZMdmfpT)ObkH%|!v`ZVEQiUQvW0a%e?EI)U^m)gwyEM0kNf?Q z`Rh0lYb;BPJoUWjb#5^`%X{6s*RiqG)UZ@ZiE>E7Rkd*h=p(;BveS4-;r`vIj9EvY zkTB^qk3Y8k#J}FqP)Us*PG9aR8loN-qa0$zJw}IiU#vcx=qAn%bkymInTd1^Y$p7& zhVRbnkfly0@xl*C*=7j@kE$Og z61FNuY@Sfz6njCOo-p)qEW^LsO?w^6Zt0vG((X!Ci?T^(H`_73?^H*W_Z<_cW2slj zlT>fyJsE)eo2lF^O_Yj)1a#dKHJfczT~O;B5OBWPW=dFqh}PR;hug)E#C{!T>b!{+ z9JDV~axzkiV65K`*mAf3_Vr+j9ucB#*mEC^xGL**Z{$ML*R|Ng-sia(9lCn>jY`oI z`-3p~v$puq@fZN|>Qsv}QiIAcKLqTuR$+6|(hFEz$XT=sh9qz{GsuB(^)e zEv_rmZ%zRaAW$lkNQ?4+AhU`b-5gg(&M(S^XL;m($9^2U)n>T0k z))2SJc0-pOIV!x3pNmQv_M>D}axu(JM~_{GvBTr~-3XlD@U=Hi*%Xq*N$^$N4ZAcn zThS!=E6#2hi}~HvwWfQu2-3|PoNU|Egl`UhQFR`^9; zv6AA^cpWIGy!rNCn@$lS2lnBW77m1Y0t!`qIHH3fP7yw7A%vits^-eIOuNp0Xs7Xz zOJ1s7FB(F(TzhX-vr_!v$rEL~G_T{jS>%%PszTFgkNr2m&u`Xqon~l?Y4strjKkka z$JN*Oxi}om5$E+jDo?jWt8wh*#}+>Qs#rk>@!?Th7CfHH!n~zM`vFkjJ_KD6MG*`( z$f!CA@pptxd2BaKoLz3YHVvf}T!C+?%BQoE!xf%xauJh|VCv&hD~WbK-KxIsxYXT3 zdvziS6##4l_jQtYYKwr@0wqkCWVD_;qHukr)$W|=wtQK};j54Tbrz`5^u?)UWc}%v zvUfsfFSWoF%>%5P(IZN6*Xvy7ny-=6ZO%Uw0!5m>HxvIJ;-cWr+DYkN5p$SHY>&q& zS$=%Kik~-IZRT1RaCw=#LA%}MNpwM#cwPU@q_c>B$#uIL9(fBXMoxw^NXg9Tpi~*l z5le>inL(I*l%Y|mp8vHn#V;Hu8wQ5yl6lBvc0{>5VdbG)&lPxk4~yMcmGdQZ_EAd# zF4#$`08|so%Fq9#pJ-6{!Z2bGVcL|*3p36X*Y3_IW}fkNR#zY@#Lmvq*W*>$YuLu~ z=n`e?k0ZJVoi0`(zb9z-X#g40nZ$!5lb2aR2i)0$+2t^U{RF2*s=q3uP8N|Sw~IAF z4>4eIg{>K@M9~a>VwLx|gX2$IL=MNE?mi&`#}QW%Im>=kc!8dcsbfk>;l+0ALiF>= zO`J}YOr6yPsO{T2ULUWvN5Ayh7#Gek@~QjFI67O4rmWrZi&>pi>c-mWOw^6uINB-f z!s)TPI&@O$y5y8-R``~LcW{31oL-S|2~{myR1m7sT&+v)kh0rQhPHmuD7!Q0Zr+eb zm23_lHJs=W*eub-2xVs9Ane`~ooqxNr|Dh$2F`XM?s5pf$Y#Zv(WuHa+ol;)VcSbf zIQBA{f^J7BPd!r?{|VGT9>4(mI&3|EQ)zPp4;R+MmE>5eltWHEt-938J~qDEz|1@7 zujb=Vrt9E0QYMG6+b8p}etxy@N24}PPELNk!E>zr_~78h#sg*eyQb~WMeN%>tzH@m zn1mNztNG0a7RvBzYSu4E&Q;)-VE)Be)e5>)To-0B5<@T>vzm0=hHQp2H2z(2Wx<6m9RP8kur)N-*NlyyaJK&dfo3>GCCW4lTsQ?o4DWwg>Q>#?V@R zjhFkrto{84xs=sAl6V2|?uw^;tO=j`);ZUjYiquC$D(|~C8pmQV;z+kPDi}24p&Z< z*q{XLO;&7J{f4(NY4EX7B*ZlchXk}TZ6*0W`-`&+)v$JZ(*CER(2v=|602`+Y1j5Y z=XBRjW{5Nr2`_XF%f{kf$+qv5sH^xW=i4AX7$GBFj&Z%8V7By*+%8O>=%nv^omTU_ z2QA9r9q}9IlO!*EaDtEimGSEquJ7$g>4(R*7Ez7I!|BQ@ugwh$PeBHJPz8ophGhY>z0hrJAJ6BX zcD${j@h+gaJgd@W!kcI78q7SxCv(?5f#6LOVHM}&^truJ6zn70k(89=?N{@Tq(cgM zY~GYglen6u4TgZ-`-K+V_mfn8x3y#1HgLx1e4&RbL+Dc|9zcB zeBzEA&n)K1P6sZH7nlyO<*=wWETbwSqa}vNnJzBf3}s><^HSHPvP%3x7dariJpH<% z4JFvdrp@!VORR%6qbMtBQ8Oz6qs6zqmhcudOPss5ubwub$p*Zkes9!2SRgRK;`OCX z^0rgxd(H=n==wG64+SRR7V%Rjn}eBsFW7}EKH4@c_YYsG4D?yRw#C(j<|Av9m;o!M!IVVXWsyt_;Fc0l!k=Sogr zQ`#4SH-n)ADi6I*zq&7Bof#Yy`73A>F_IHxmaD3`13l$=>MA_Db}=6sM>3#lXGWOr zkY(ggXB@J9q#*jp{q>QKb01VyVUXdab<<`U>YFX7VMVD8k{flL_O$axjJr>+*>@|S zqb&j)?GHAk!MCv0y++a=XYHvEa%+)8b0u*QHs3HSmC1-xzMv>tt-PLnpd-*l! z3VQ72jDhafTKqgm+7?#N@*+8FAiW8z=NcdjPD1qxU?Ks_)#L_K0Ba=3hX`);p1fY;iiMDhhBM zlsL=44mm%TReuPvk|&c_ZYdu%@X_-&uf$-~u#|jo$h(qGH&J^r6mgg(!>ny!K>O+m zXb}pEI(rbt7hs>=)bvG);L_IsIxgb8IaYcdz#ub6%rkKN^M@fY=!ok8DKb+v=k^7V z)*#+w^;-q+D8*SMLtIFt9;u+zC?$MQ6I_y{?T}IiQAv zLD`Hm!Gq#ak^R@t{*%Tse2iwGlhDFAZyhX4H=bZr@+5nIYe3)SbsBHmOVt4CRA-QD zBf)s$e9ME>;_Vg-RRWqdfwd2o+Ms%Ucwd#6CENF?rw8ZyG1YsJh;t?Y6{Unm_);DjJ_@$uL2su)ecIs3%vP zeFF9}Tbsr93ACMuER$jhjZ(mrx?S5nhr zL9y~3I?Q7K0dpEd&iV@1t;Avg+sC-vn$W1>tghwVR=0Xmz0_qr@TZuOk-s!T>aPBy{nDfIHoNnmC=F z4GT}1Dc?_xWnAjQ;%vQCS{Nf0q-M41M7*?opN$*y{p-9u=B<8oNq0*)ETrqn-a^;7 zJ{%Kkpbgbw&~H}PP0>ww)^;#~@h^oK*D$|;MKH0dY(;FPgqJ{Z7DfCgloR9nq4<-a zR`2Z(s{+(5oxFBacY&+GM$Bd7SqIK&pZOPXZHPb8ETQX&ET{21=rHL?TwBNt)lBloHE~~17lon`cE0{J@4GPF0 zi+J4?yQ!kn2Ak|AR2IKCi4U@ey9}(#bttNcCev(K@67O%)Q0s|N>p^z5~zWFCG@IC z+vwd;Y5RS2K%Wk*#90vA-1E?a_7I9yYo)x1Q9x4~c?Msm7IPAL+>i`k{ z$PHf#($_IBwJ*cIW-2gU)F-slRqTw$# z-MADMFT`d@T{*X`=&-gD3retICqCnmwUyA- zIxPLmw{J#p@oX7a3hm*ugF}_#f<}Cwod8-3lxWTa)Bl!!Q-z4^be?1kzph@2yKD(R z%GBm(km=7GG8H#P&`2oq3ZzJXm6?F{C!9mLN-&X|R!Ajxa9nF`>6 z_t^y-3?AESG7{bTDjy>>ku(8eH_iJlBW&XpVnq@gcPk*Mh!hN7kF*O9t{Ww=mgRI` z0OR)W+^H2Rk65wXi@i_32^Wzx=5}#Sii(CPGhsYsDf47|z3qG!l-eRc2ebXv2EtL|&1 z1)0?O?_q73*^IV`Oi6UY_vGSIANtn@qwOWcOp{&cO}^td8l17S9JuLfqv6tDbo#|( z;oNM`pr3q}dFWH0k;;CAQ3TKF8tBzKXo%Kq|lY4~m ze3aUCYoℜaqMJZuAT`b=i1GhEAb%9IUT`TkIR~Sa4J+&LDQCC!-X7_l#|fx~szH z&eR$+9}`w5w8nX2{>G%_Y-ck)&eyCe#j@T971Fb@g2CPfQVOCJHmD>e4P`WsT5;`V z^l)}dxAA$=vcecdA3lMX#v>kX^5`qlk?YPta`g4wdbK2z~Z1f9JwbHNW zQ;23iL`%f>3X%#SVf|#!oF>5PN&Zo6D>wRb{9g`aU!@3o@PM@y)Xp!4@DXbPm=i%s zuGPgFvg(QKHLJr0h3YIWn-e*LY|P99{_<D6CYf%;eq!7V1~Q4yBX!W}T6wD)MTBuR)|WIP++?uDHnCa(utP zvX3JTLQo6bWq2Hwq{ig;ydzbeW19(x=Sv(Wz!f}FzIhE|?1hurFEzq+broOOxd^a+ z9dLF})l<2VfI&GyVb#y-V&yF>ac}RAhiO9r3XV`<&nA=aidTQ_JP0box5G(GB8rJh zOAG+xM24#mNY7PiqL*@)g?$Oa`rPTAz~dO8PWzyx$#O{UH7i$ELu-&(vJSfWlXr?T z;tKAh-HnYmV)kUSw}oGoS7yvi;6-3aFMNxM5@w)eZajz!V3$INjEk$z+dO;6Xql5= zs}sh}AQjpoXOi!$^42JF#2+h_#7>N;jIh+cJT^szFU4b^zk(K#yV?=sJ0dlMZAo+h zsJy7kTVGehJ0?2i^pOTmr-p zl1dR%OzzGI@wmY!oU-V;x0i6>!jDEZUF z6%N;W&h|j|_p9`VI^P(W)dJt86dvy2y&QDVSjamFx{;BqQPvpsUC3DAdp1Ta(n?Lk z2O(@DEObowao=TfZJ*NeElj^Ob2W3da`jo>_sgeT_TKIuPu!ncPC*vhqDTP;gVv_g zr%A_)!Mbp;GifB<$ftVlqHsL)d>PWa*L>L7qoWfbu4+?>O6k@IPp?%Q%b9Mqe+zG{ zwBDv*O|opN?c4A?&VYWKm_PfFq&dWRsJC+2R2H2~RQ+Cds6~7Gf0X&A`IsBA}v}pjQZwGpS&8m z)x2HO-n2Wd>=X;wN$qm^_@CJptF;9m;rAKT3=;Iyf=C^UcPXb^56o_}B6f2&t zw>u#FsNsA0#zANJ)2)^3HZ1IF2juusS`BADVkM+ragu-b^b&EwIG~mx-ygtux3R&z zpaVC8k4%5YUsu12_CAc3hVli3>PGjOX*g{qSj#(5iL~!(+N_4FF{uEqU|4cX;fC|y z8~cKMef?bz*B>P>G*-91@4X^zNVlQ3jcGRIpiYzgPpfM`-5as3a}Z6K=6X0~-RT4| zUE$i2hm138lWt@gAqJ?jc~IPE!rpERVP#ju-Gi@j!?gF2&xsY6Wg-6^=0E5Cr*xV~ zh&axx<*RreYkjm=@(7zz1Yft6oy`7U>*7=5j;U-be&G<yiF;1{k(Qtj1X4eGLv21(B-GRyu3RZ=8qyKF+N=Jsi$j8T&7FX!bFYK?I zVshjs!icGEi=4r=oLC2`t!uW2r*gQxv%&jEA7#IfBGa|baMP}M9_O{;F~@2be{FJF@46H75MGN&ZJZL`3l{(wbpv1rxE%sy1Jv87z@%V(&r5 zkZJRklf>HkP~gHGuQ2JzH-e?|b%=5^YvCn;`Flo<-;$0C>E zVqhozZ?{H2Dx6zX-M6{w{v-8&Z)nami;lZz`9=xz{PKKXG5M)$5u0WSaCJ=bGGU=Q zTw6U$0>3~tFC1B*5dkqg6`CHV`GXRExGW+LC7;r?32y#_GC#i3QKI7#@mLLaTy=dp z8fW}->5=k&pz$fbNr}Ht;qMX(5YF$@Z8|r`t?&J6kXsKSjf{u<%Kw#1U>PzGBaw540a*ApyWiS?%dELLZpgZNYyMNx zf6$;AhsjvUOK#0tCH)TO|A+!{LPyF}Xsy9T?inl>P_BWSBhQ=|I?IfeuFqB+Vc;)l@VDh9-s)H@ z$xMXOP5w)a{x{M8h?`$G(89bs?19d&)Zi~ahRk6C%spq$^#2`mB>?7{QH}rP#jhue z3G`SmnNz$?^5XxNdpb^Z3~bJY4)vcr`sF94H-OY*`h-B~{wD;#9@vx&TDo;x!l7g% z+y?C*)cD6&zt{JGN$RFBg5Ll7U4PO-WE`MQ{B$JSKUD0WUzOMa6^RcWdckn}FSPvy z0hsCl-7KRl!~D}^{^FS*Z|DpJo_qZ&2}=LlRRhMuMXd5~V)Ezoe=bg><`(cAyTYBg z->?O;0kEaZu7mWK%=o!DCbA#TwOM9H|9h~X!vddT^&r~gyiuNboMzopm-mbRNxFYb zTuBu3$0jxsg@h_UfG^6{Ij9E&z`zS%KFI3uj)-0J8hV_JFHgBj zsvQC8KR670?Wh&WVC)BqfcoyLbFJs4Q~ze^E%OV;6CFyq)KZ`@69z0U@t>W%lTITmLs)?D!#$ z_37xKe{kWSUq$Qy`Cj^x*zmh`xB}~N6UGGpf5iIF>G)0kuudO1J$_@I=(d4%?0e%v z|0Ytum_!Y*hkm3qKl1;-9~7AZ^m*xmSP2cI+pIUm5~wlpL;oQGn*AjKs(cNoV2wA^IY=gO9`j>b~I^kzukzk%dhkT z5P=D^WLvYkjWXH%5%Ziuyf9kf8J7vmhfn8xuWuw6cr#xFY2NW;#RF%%aCU)nW;_`u z_Q5WfpYJGYM$iau00roXKs>VCGTg3TEciyOGDMqvwC`liJmpo;2Xaov#Z3Zoj?a}7 zRt2#M=Asz5(jwGTvtGw~g+RN|qvWR9MlaNuV@;#uoFDcV|5)4|WT6)4OOm4*4|~9O zECZa@wjUL;P2JYT4Q8{R`yZNowi}MMtL&zUigZ>K+4bwkXuMBe7U7eXo=G;D=s{pGlVp(6xw}4qQ0hR}fanvM(Pf zCmEA%jGk`Sm)q8^<_;v_oq01(I$r4A<+V#8M6a|$!a82fdZRXvj%R%)fyWjS#(}!r z(E8r%ztA+lZoEkTk8Y}!??hzKcd4gdGGN~5vc{TsUx%9`VQh6v5Xa@-`N+;`xImeG z?JA?k-q(j+dedDhFEJm3iFfdi58nWh6p#c?7zav+Oz}ur`&EfC_Ult}b;( zddh{+O^KKuZ7#7@O%c^eJx@;t5cCoAZ@@9BVxgx+22I{PHe-*|6LlFQS&LJ?9@SU# z9EPwIl_(0Gejd>@#+D^yAF7UDQsGe)!Vd(mp!ONFv zB6N7@i}}-FUqJz?@*ts6-NNN`pGI09y>UkhBE1N_29r#|QE~l&?bo~Qg*N+pDV8)o z&z}9li|z~%X~D!+6(2&LJl(8_NzapLot*|^VsZ6UVV}lL01`avdek&V16hI zqj_?PMnI`%UU8_9eNsAmY@hJelutaDNuI#jLf2BVy&b@Jw!H(uhJ1fIAbfdZtW#$4 z{%QjNGTlb9rDN`Q<(%;&dD1+#_&osWI6rs8{ZdrkD^Lk&#wi{l*D?|@s&CyHtE#MI zQ{Ka~e_S#sA1rR z`~i^&FE0RLJzPGSr*gfhZUPOPYHn6cTMDJ7u6n#RZ3~>|^M)!R-UAKcr~=MhS9221 zHkr%wwaU$02Bjamv0P=Nip~4dE{i69z`nzFb(=gfS!;s`>(P>rO=_g8Y8rZr+re(k zp{&i?Zh)me!hoT@#A zM3H1Bx}Kpj`bw9=kzQVAyb~4=nso0vi>7Pg1HF!@T~Fo}kwN+1=ILIQwAy^i9%;R< z`Kk*1ZC@g2X`gmk4MmgaT>}C+=>13Qb)yRr!gdBe7l;c$$3`kFRfYSU02>;5PJP2R zd5HylF-)^+A3kvoz}e$KA+IT=UG>W-+x=f`e9&(6MVH=|I1T-Az}ArYYz^;b6C7HQ zbDD(_-dw9`IG%ZW77etU`{eq$pjD3A8kgRRGKo;C<((37iE{g;afG1RP_BGAQeCI# zQ8B?Y=a7P!G=CAW;nq~mWy1lGM`O6@yLv$?1BB>ahBBfM3(JAbK!nXW$5CtQ_;D#JBn%CumEieoCs7J&xe}_U``vOwK;PnxP!^fwm+X z8|Lo8xbX3mqnG6C8{Y!m?l>1XX7~&!9N#B#CL{)fQ5pM<04h#4ACp;C#87$|sN6PXAn@Ia{Tilg!Npz_X~)<=4p3SXWQbK#2) zPav#O&A9>{NaiAfJqzW@oMp)fnoYgKMtSh}ds!Bw;5R;?EGfV1cy?E^ zBF?;m-HS@DDbmehfMo0P`*P5aKxex7f_Mzbz7md|VfFg+y{_CEy!GLHV~Qd$8W-ld zm@+EsNY(b;#9f4Jxq07Fx*H+`w=ytulvtON%ObMr@$=dD2Z`+Y*?W32n*nQgL)e3G zY^|!*=D3uVQO;+pc_=#QB>^n0)=`)$$TL@kLgb^Y}Te8cNNrMBjfOzvK zj`7oxi_?NkVPQKD#**I+;n2@q3?$RvA&kShn~o3dY~0Fbn^_0 zHw_l;m1zkXM+I~BBLgL#ptEx;uQ(^6yfs|{KLN}OlDn$Q_2@xsz9W%eI`zRiWk(a% zs7-5v!bs)3BRVbRqm+=!jOO%8IDrl3O|hkPffbUEU?mYU9w?h~a;BWb=0lU~mQMjA zTxVx9m@O?X&`d&ybO%jHAYp2ofG+IrKU?EBMKKL60h+y^D1y7T`W#0vJih7jtV`(P zKs7z8cE9&&``TSSiQ_{dwQF?ler>IU!W;5Vl+RpMxs&b3D@_sp^HK? z5y|t_MAJpU3rh32>!C6N=`X#u4ywepd;vpSVQ*j2$Z^1R<`*)d{UIJ=2$}H3dsN?F zCEeMn%2*;4u{#?&OlqZt7{E0IwU%T@ce*m0>KHf;h?mOeQ{w}YusN6`yK(3sX=_nE zX9z&DJ6Z$oTR^_&sJ+N|NSqq?QXIG;y-sO%apuhezOXrhy;-@g;2P6U1mUM?FiaHr z*71UWK=~Sj6DWU3R+O9s|NSAb0ijUu1#*xX@Kf(${@k04__tv|g`z+Qu|q#{Il~wg z#@YMMRDju7In@E=e$h_rb8vi0=m*9amLAU#!`88HIP^5kt9ItHfeTniFAOR95M#)&C`C=k<5N@1RQuAW_BmKsn-E>{Fi|RIkwbfwmFEl+13=ic zo+V9VA}uexj+J$?LT@~OI#2fc%2Ee6%~I1;4|=Q$f^*pSX?E|?5iT9lDDyj!%9091P2umAq^#F+5g zmIV#%5>1%c{L8@GO1Tm@RN81`fm`)kcfK^y&=d@5B~o>A4BSea=gco8H}!!sWpOkz z^^*b(s|1HjiwF)AInB@7hE7vJH^u;jSGaiO;&|2`aLUs*fwV!R(EA|%55PP144_W%h=Vt75-32@HpxHWVY+7-p-E7f1?Hs_ ztJU(S9bXFIB4N$UOczk2#m7;o{rP&nka~L^`b?6nEZc@eF;3?@$A>AsQ)iXIK<=1O^vVIsO=?bvhM+>oUSJO(YDJNkrGNyimlsH6Fp zGFADW34@P6=P+m3YUG-7L14D|Y=q)n`C9`-RG%DijbLw^DCgbm{*9dYb+RgL1qA5W zBI5eiR7Di2hj0mk!btEF5^UI$Phx2F6jF~nIdH|tgLl!0oM9}@P=!~x=p8TjQH5Yyo|+I!92P|0qeNw%*^mjd7g24@BKC*_4p*2+H_U?SGSQTCAOpRv1?`ZbXAjtRswT2$z{i2j z+0#L3QdLPUk+U-vJYWqT=ToTih)trY* zLGKE9I86A=tPE_h{q|UI`RfZ{nTqG3$ko3T2RW(7r#BYVpL`3wG*};jZ^8Th9d)&IxgJoYZy6Z7^@@XiKyzzW5M8?6qkRS~-f|`~(py>Mr5E&;AnZm|) z4m{EK*j#*iB8=ML6s}UgtH3f4nfX=0;qH-A@w(NeMR1b9w}s_p=}PLf;%De<7U0TQ zj)sHFcYW&bWSC?Xs4KPEwMy7(J;m#aMH)B`V=?nG=3-w#4HK4nWS1Q&wxhR}!CH+J zMGAh>ri=N;dduQ|&w9w9tSN)Urp(rSLevQyOHO|N;i~&PmO`HZmzHHD7rLM$MiSht zS9W1}DP}rtQS`irIalO)$2)>Uuw;GEwCWef7)JRGph!)wvZhd|*thKi@65{b)G$>D zt~Q`El43L}w{D=v)l3gBgVPB~E*kpV%f+k#UeSn!{JQH0*x=yL;FBs2J!7bckiE{-eYzirUcAK64&Fk zzSRd}oJ-3dWNz;PIE2F<2yB+k~Lyhy-i>IYRVz@W$s-|6zMs)1Qe+0hQU$4y(B)-n! zZyfYiKngJ#@)~`H~qwwI?Eu6G547v5sm)UI~MZ zS(}nDXPkD3-2Taih@R8!5cW05ui%R8M@skn18|`STho)YULRF+s}(GJnsRzk{EkZ} z{1!hhFiB6%!hbt|HvA-~rULB5(8v)=eB%u8!aXaamd?llAI&HA3X~_pWh{#J=|^n) z?fS#cC8Z?|rUB+Dr4!qCy~d9d4P*vh5~IG;1J zHyo&V0M#800ZX9zUlJ1lOo7bWb zxC;}|JR36?134mC#m9#;pfjD|!N|ga%nWfg6WF!Dr5D5J7Q`5t=mR_@nU%>&SE`Qp z*3%~lFn118O}almNqbJlE)J9%EOQpVl;#GPPB4-n3|`(<#-wyE4G1D5aJ(nH*YQ9o zMvIJLr7mKk8HlGU#*Vt}`2w$0PT6yMUQ7}qC_5|Dxhz#mJ#L^WB2j>sdE8ZCtBiV} zNP>VTSx5Z}EsJavsi9TpqAC-}jZ4hV42RlQP4m=Oe1Z!M4cFxQ3}nisw-P*MJsJkG z;5HX$hx^o4yi*PVs|FR&7*$bU3sS`c=PeBzG}DijKv_L0y|STz)8Jaip=K&11Mpda zyiJLMcnxyrBd9a;>Gw!6qu`uA*iz@D&(#GS@cc`chiYQhmJebSg-U^~zTaM3%y;da zc_r6|4F45HDz=g%Cg{4t@}pr5F$iNVoyf8-c^59070qMJH_o^HXjmR_RWRf7fizuv z`Ik>d<7)025Wl-Q?(Z%?sj^(fu?tRc9?@za0j%Ktg8U*$s#kCEDS5gZ&(>I;0+-B$ z))&p=kx;RAc_@mdfTZ%T6@-iC0HN;Xr}vSk`GsHE^=eOi-|1^S&gLQ)(@s!%g$WX? zbL(WzqZjnkv8&0sy1AMesWf{Y^eTOPXP{DcGul7Yw5L|~ur78Y4M^{w;uUUHFA(@Vd0X~@8{4+b#tmQEvtJZ@d}qFO z6A0c9uly724y(jw=RZMj4~+h`EaHE_r&5_nU+C5qX)cy%hKnFd%`SoSBC5E-3Hnw zUCqX_DUfDyUp%_nKn*!EA0Ec%m8L>&#TlgmOILMnW_g#VgISTQn7;LN6p7{q_$Q>N ztlI!Ycf?H06;FG7>kuN?$)%B;WFIl zj^`K>`73|k1&}%g1hkyaXX#!?<18Bwl9++n=LtQAzs_yq`got<1T z6nHpMwoPk@yaw=xMrv?gqX5cTG|2zfK<0u{RIz_PF$NLN=c?d=N)C5n@0u5rpo8TD zH)YD4zSjN>u}z=|4HPX+wwAtTuK9p^<>`C>-P#+XTK$~@qiwP;Eevc`$%rgI2lTV& z%SYw~aUzeC%CN8y5#T1-RgY-)j(*pNZqQBDoku1b);jMySM$=hMu*yPGW4ux>TB}7 zMxLzP{a2yD4-=VlNAs(xKP%fbjG>s@_{&XeATa-mXJ&|lN&4xr-jA4tc97k>{9)Rg zOv@q)XA8lr^ZngN`*;0R@GRaSPF|9>e%V8|q;~Zg@Qu8v`T;2Nx8{dhO%JDQ;)vP6=0v`NxGvQ&ys;kt?s>*Z~zMiq%4j@q}op=9pM&A<6p) zPbz#wcc4hw(UbB08t5I=FY_4?jvL^2{Md1&hXCAhx-XvRWcp^3bm<99Oozeb)?iD+ z#`LSJPsMhM$xp>ngcN3LzW2lfRNmeaIsrJk6%PDtrNyaV(yYIAM z+ir}N{zxb%bDD>zrxyc|v(V$aOR&}gPh2?wp!yOB)<3{Fl8elu`K36Qk98BoUmZ;Jd3v4KyxKgtm@(#Y3-lU5fA0+K>z zcVl~g;Wz(u|A6unD3FZ8JM30^^qYY>Sb?lxE5zpCdi1xI`8_8Aa3<6md<3mOu`0Kz;Mz$LQ;ZUi-*EXg1HfgC!42&H?-Ks_hu*B7hR46* z-gg;5T#K^D34gN=w;$@Xe5ZNqmuBRr`Rs@Tq(N7@oc1^C*kgKZKlAJX-^cbl%|*X` zrwCjd0ni6G`Qlez{$KtUX^+N%z5oBI1^X)t_37@N zjk^GsnC#Ij5*Ihalns7CE5E@Xb_q_keotu*-PXGA(GG=*An+Ve7G=SSx2&sl=T|@4 zz%}vG9I!ZawJ+y8i$nq1CGHobMoOMu!-`&RiE#_61Pn>C=JfjUzr{jCA45W+C@JA0 zw{9o}3wsDo)%B~a++T>TG=oXXs%dE49*zJm6gd;K952gpUL9-$av4$kV#b;SDKX_@ zznJDv(e>-3f9!q!CYi%DgiWt@_-e>YFd^c(!(-aDjXOV|`o$;6;0?JHzE^?9@&{A6 zctDqNphiu^6fh^hFi=1LhJj{!^Gm{uzP3j(AKEdn%QHH8ej|FootQu!&>Iyf(Qou) z9H?~ph_6=pyV4%CA8c)odH%aiu_Fl3BO7R${QpTmV7pNQ^cO9S820wB(*18bi0}Zl z6lP*^w)g)}3ef>~y8zqGPPP)mZw4*{ikTi$!fgI;K3(%e2TCh7eIEvbez)D=1C$?*esTMCNK2ET^H*ODTxoB!{L*8c@5{ot)bwz_4u52+!fC-G{vJvtnRxK^MnpyZ{bNppeU( zPhFpSjBKmt$f#M5RVO-6ym4Hw+1DSbH%-3ZB}wafxXMTN;!VfpaZf^}VT-4AKQ!OA z#8PAORdE1Zd1z@sye2|K6bG!u*ABb5fWs?x9_eU%sp(X#2~=iJz%bR?J;4%MxAreD z+P^d&!mg;6vk3lBQz>!7rR}Eif<7UuWT)vb>hLOUPyz8dM~u&TulK2CX7O^wtd}jN z?M%bmx~>+>nC+wx&)$H?=6jTV`JLXndR-3U3Do8Xva|~9ApO+-vL0>g$u?fW$Q{JV z!&$dY%ppuH)rVJxKnkbIte~nCUOCxTdpy$yQ!Cat*#%DMO;SF3_EOt?Vpv+e!5!ba zY71+`e712UV@N_go^7ked|?Kmkw#+|<9+gl^pUm++hpZ_Q&z2QT{*mBP^JxD`^j21 zf!(>OC#}3nLeN~5(c2#QUP=ldt)O|jVK=!^Ejcl%^Aa2L;B&%4`@}{f=XuT77YL45 zG~So1k{*}4K!WP{sq2=3kM{H#zHK?1$HW#kjj6LbJo&xVk~5`G?^&x|{dZQ>Ze6iW zGtxEtP^izkt!uYe)z&&x$L^r3PjiSAZZnO~!`4m&rv9H;Hv)oA{9(BdHM&K^G4`cl zzt$kj3?8Q^QXI(kN;ul*V)5Y+Vb*Ax$J7O%Q1_9*!5E46yER0xT~lxIWWAb>4r0sd zQu5HcFQUX%-=_tOfZWU-00`%Aup%Z@(<{^(n~+xLm*E8?gHlNKGRzOPlLng#6+Swf zi)o6*4<43fy!LWUZ#_fxT~vA@Ryp3-;rNy2X5H#*%Kc8M0zGq*q1}AXW2CvuEStte`*uVnaH`=I*>iSE3$rM^ zZ_^tb5hO}5o#IB@DN}2d`If;E@}cpCqh!jn=E_%SHPM}T54Ngq9|NbrxUDqvKJZjg za9bz&>$?)xd~Uq7NuhQ;YbNoQWSGod<2vX>^R710JAj087pTL{W_=nq?m8)(H*r2v zaP#mmg))bfOV=3{SdZIMQ}u~JCE}>!rUlsr}-(& z(P`Tc)7y)C+PMms>GSJcpRc?N17ct`)!wh-zg@N~T5#KPfYP;#Q3?=$>BB^>)NGgzdH3W!GTd8C*G$Yn-dWyLqwgIp-&r9ryDmYl?v% zo9F%y6cu>qdEDuIv7HZ#YIr9ppuoknU{@`l%Ka;=1J?eD6mRY`8<5z{-uM?Zr0N(` zVyluamQm5su3x`UE(g#+Lbg-$cDE#?DQ^w!JKwa;g`re6XtT_ojotp>cB`ha_aA$2 z4X?wT9(}?h{`%Jv20G<)TT7@u*HqebyKT~Go+)!D%Koh61&GK^Sl-*kP%hCM`51@H~pB2{oTI;UOQ2ap5G zl6@utqT|P|aP1+ty{ltkFIcgNNzLKJ@+8eB`ZzNOzXW=iUEy33|jHwXDii;Tum<5bK0 zYt^t^2r<}DrtN$nZN+(Jm|lCzVjDQ|6|F7XNrMXfV{5y^c1~VAJ929_^>UU<+D7m253OC^1v%0qgn=t5vWVMaW7F*?hSppwyrVG-O;%^-jE$<$ zm~7~Jv=#eLjaoS_7G8=0uNf2ff#5e6!_m@QUmjoeC#x+K zREwRDSGBG_5kB`XuN-AAU!Zq|z!sl=LvxwC5B+S%y}dyTz8(fY491-bAfE)))<-W* z&gg@PgyF-B;T6Ky$xJSzT$e46ZiN=Ls*Il#H`-7<^In+x;=^7SP3h9)ttU)U2kLbw zrP9&ln?B=Xr3HDe`z1MB$k zGh@K+@flf5jyA61KfK8(-cnBK zwo;tgEiG0ro>-_}i8!WP*G5r0?QQ$GeSs;e3POkJzF)3q&KfirfU@?WxvF&b%_uPq zjWhZjO@h<8QpLD7R~UBZ5nJof`bqz^5k%6+Sfjr8SyR_wHnk4_l1kFT(_&hS%w@=C z?5BbXo~R|Rn`BKIf{2ISg-I_BKXgp*~BaRU+6&C({ie7ifQbyMn5 z&Kn8(f+nbOyg!ALY(qLMTrCPO4jcD0Rzi4lX+Q5M3)Y%GArP{gh#NLzS?1$i=o03H zjGEI7TH0z(o$@XBHXk`JU&?RJu#6t3W>|_(=~DrlXOKR~c*?e*9{xHrMBO%P=mx55 zc_B<-@O(C>uB{jP?B-NDCYe?1JxBX$U2ylz(R1smsm4cg=hzncBW7*a;kLp{)%!Oq zO%5QAXxG7FuwAv-rJGynXB}@l@r}dftEJ2UJ8w5MlvB2hNxOL`)Y+BG$dM%PS~d6= zbD3WFQyaJ*zup&0TfB*Rc2C8@+IMh08+g~?xrCWh=Ih3Euu}F14zcr`G3FWbmzI}P zA1uofVUWxkxSH52Z9Xj>$|fS){E_WW@3kz%m$*w~2ug4i$DYLm=;Y%_7;S*{yE)7Szwz)Gynw zzZ7bV&nvWPU#DR!x@3BvTF+j`*i*-dx6*FMoS)mDuKIBm7tt@& z(4dD#knICggiI8e@{UE-d6HD9hGYr(zi=OBLsaPKA8%XNUmvJXqG9l6NBdZtm76QZ z_n1+c?$2mJoEx%NQT&EAXQnUh+Kf`uo*OKm3H{K7JgWBn(MX#0USs*X00`b@(Rug2 z9XMAg@F$4Ob@LOO{fi^UT?7*B)PYAIj1X z(}C1Gd6n(bFja+M$Jr(YEeZ3$kR4oi!hbS{7rU+c>A?QM-*L++yuI92hY z76?V1dY|O@6rW$09G`_dM)RQg@}|k~^W(3M#e+^r=U+P?n_1!Qjpt?$3u@G?2S+F& z90!t$m0ZMr<|yjFu3!Rvd*%bvFjbNvowzQ|&JJWWs+pQgV zuI!J{ht3|mo;`fFpYak?d5RWI%@D_=-<@_F>u=+pt9r<0thkjsiLECyet=tZ%6D?yFGpLi z)U8Nd{ZzCd*=6bBBE+!k$!Q%)m2a)Za0M)vB(?RBg@i(Gw8W_5oX#%FAP=PrBY((J znw6_UiNIGP_qBT1N7Oh{$)gx z7|TVulDLy2-OcQPr63x!v!avFi1yoa>qHk?OP=D_S1b6Cw&-?EDN;wTs}=KGt*(=q zwHwie$!nLX!|Ir2&w5Y{V%~MWrlWDUBJIqU$C>8&bL-@R#ivW)I_+sbM&A@ma*xe( zv66fjX-LRm=VdVd6r(4HN!^FGYXx=ws0Rh0LMBV_RP^=>j7D5){-uhc4^z)z^+orb z>&7HMk-YWFL0sUHX0NUA$6tBnVBz?P9f;DlOfKbwv`1t}eNk&KH3|u7@n+X<80T|R ztukLA(WA=+3xnGEcqeKg^H;1)#+sy-O278##le;0F(VwK-}^CGsynO$85&b3BE3|2{MD8-5IAYz6XMN9=Ye-`5yTs%ZhQYm0|E_g4z}%v3ek-uhMG;W?Ly zdJUekmmm5pdX=wqp*;1FaeleD<&0X#T;mj0d9i$Ix*((1d;{56bea!HrLJu`P1|3# zS4AvP7vL>=87ij=Gh~9^SyQ&)cdJs8Gr zcl_mrBAw|)hTyNFIk9q$>NOCod_%F1TopJ?rb8}lR{3~weUP`^YB5!sg_gnUk16!-bE@Ro? zWDVb~@I_jLl=w~xF{Wx#rjUpyysa9NU03=%Bts}Xe|~@XH3edn@@zW<{&}UmG~-x9 zkD)wTCbL_(1#Fzl=#~pM#&2yMbmDr2DG9gh}Oz1$A|c^ow=$kX2RK# zDTF^H;CltJYMSa>>I@IX_!O@Um`33Vo!YD3yC_lRz?}Z66%TKB-%kMIq_6BhMb!-? z2$l%;dBW@Ltk3Op4feuXgwtjfAWx^bKwE|Uq+E%GLc8z|msmZA5h*Sdo4g9R5?Z|T zqh99nnfecGI*V_Uoq3Ng@3WU&DQ=R($UQ#-dvDjb%1WuKVg3O|l&2B%vM9~CB$<PzKQZWD!uU# zg1y_es;cErIxm2KG)NN67S(kBXymi_OprZPSMd2+>R#({)?75f=8yRxMuA^Vm&*jSR8x+Y_{}bTwIAAGh|i`{w9cfA&k^Z2gV)|-&5$lJ<)WNa zktOPjf|8wyn?zcvqjFC&=)Ph_hQMKh0#} z(WvSSH;^L_$t`hIpeAkef76Fsn*ZT&TW-F;n0hTl5NG6LghUsrZx+8eY1wVC%Lq*;M3v|1m_mc=qAz=jX_r*>9!fLj8))+tkJ21qEsqP5>#K4q z_K|ttOnBauHZRAz?NeHdPSyA{Zt1#%|EEiIUQc22ScvW$rqhyQ#F_=dR71XX+f0j5mDqxv<5 zU9`iT)^d`8<_y}vdboe4E?Hu3sO)^OU@T{F%5?A|R!xC#tn_AvQKB(vB=(c>N148y zWzP*$nH#2K)-EcylTyIB(^vJCJ@&IOz)~w^{8jYGLW-_eeEVj1sk0d@+;6%O5(lh) zF6}EQ6B2PV8cj(;QM|K-b*NJJA)opXyN6yU>VBe$z;PI<_X2*v1zgI4Jy0g7rlzpd;UXz*L8qS{PWIcv-p-QISh)DgIM-5 zb#i4|7XR3tc!P}E$q)i@4#4en@V$*LNSt1)e%mSg29ypHH`Od-EEiCDX-0{iWcHH9 zO6aDO*579##LJlr;B-#w(Oqb_!wRIX;pJm`_R4-bK&plM46wH?Z@5%$vN-9?hiB+m zcXmQD*z<;*n7+Bo7vl}5yfXxi=nJ1mXus8S1=B0C{!E>^RL&+c?PY=$#%-UmOt%%b zXK=gmX4KT7o+9{(ag#3+u|HHdzf6AIhZ{0G;!)0o_rg$l@w<$qWypyR)XWtL(9*>> z*HI$tKahaAX{v4l<&Q3VZ<#mj&ss49OB36o)X^=%p)aDWW4o>@|Ecc11;=91d?iN! zhw&dOP;!X8$?Z6fZ?snRc{X{BWo+LL+ScljXAsEaKJ&tCLHza#(ce|Df7|XgFZ7Z6 zBSqKC+Y|aVp4pej3y$=AAc&8J2EIVgbqj6MA@gF~S^qAki9*gmg%VF)DMh_lJsNJC ziHXh^z6ZhN5iSZ=TDYWTYlhERH5uEm)MTh-zYJ&0*I&IN0$(mbf+GV>Mxg8GCWD&o ziqzms7}r*w*d7WJYB=e*Zf=-Dx{KB2YBz`KvsRpJzMEkuwq%8L;-=!(kr%k7(S}GEBCa&f%_*Uh@g$#+4G99mpf8d$}@2p`;0Gm%bx5}W~ zknQwty3IU~4_CHKN$b;WpI_{^%esT?2BxjV8VQxf57=R02I`J5i!L!-l2q%|8pSsF z7_c}_a~x)z*ook8#aYW_nUtTsAxm@2ZI__ax{oxY z&B8!4z>{e+W#5NVW}==a zHGvWB;h*!&-?~OF^ciil3kC7}Z8$E{{7(@Ohr;ZUv(R{S06aPEjhk4`_u&BI=v8E0 z7nM+St~QlVfa?a4$6b?{San?B9ya{}*f{*hl{s*Ir(D@VZH=B6P&&7-{0WD1f;kyO;#OsHB_%kzYJGRXQEqp=s$`~M7T&rRrB8jX zsUW4>Zx=BL$f98(+DLFD^X?gUV`klyl-7gXK$ZgD*XDV&1s?1;lf{A|YU(;-74PQI zn}I7L2@A9r0CGH{*M`~V?VMR&6H7c8lHuuHo^pNR`j-6nv$=H~S z;?<<-@lORtDb~CrwMvpZO*Ca=w~6; zq@;JYW|GWQf{+z(op_V%G}#z(Jor_GTmgnK=CDO1@(yKIuoK-rK;Nn=GOJ_5nO`z)n%Ds;qh-GiC{~qlJ z38QL}QQe**Zh3iKS$eU6N~s1&OD{h^?1^^OkfW&^5Xr6GevV6`Hr?@l8xZSZiCjBtP{F8`+YbT3QDQ4jbsI22&RqL6D%R=|=`#z=O zI@^~c($w73K8X!ubzLjVrZ(a{SGJymQ3`phIqYx8uQo5dJ{!!b%y<{p14*@S_BB8w z5YOYM;vEgLyeb6Td-NVF;pN8cVy}#DhsCBFaM}o@Z8C~d$)H<3(~u&4TWyTL*bd6` zsKf8+pXJ@bS|kzOZ* z*otWj`$?SDVLN7M7-nM^oh>r%xPE)sYFaLdE~&0+yi$uyjxtF$5*h|9hSl!w3d5Xu z8mb{{5en~uZr9@qwKIXc*qrzG16%8NTKMFjX7VwqJ^(Inc6m7R$ko`b<7c*}bBm0G zctaAl9(o=37wZ*6k6o^FCil`jv(CuX0f~}bSZs)GbG%8b?MI#vMq-xLvy;??tw@TQjtUvvMR z`VsZeef2QhS;{(x_2m1hDQWbA8c(NWzy@(7ne|-NA{%ngUnWeD6{#u@Bq=Pq>|QK# z_WFYe&XxS$<31|!ewJpZ9ASCGfu_aaefte-KEp_LxJK6W?8yVjXS=C1tVwGD`hDJ&Z!~~Ao!73k?)m9rM?vJ`cN(*2i`CZC zTvX{>uy-?H|Ds{v%+pI8@d6+b@;P2<@H8|Avvhsrq*hCwTQ6Ck^DNQD()!7iS0sL-HnS8aFO6K3 zZ+D(Wq+d8K2|u;1vxrFYNi|3s8&O%uy8jSUYTI1@2_V&Kwn%#BoL_K-OCtOhnhXYw zfqkE;LiPNPjrBxt5Z^MI?~D6=++(lmE58S6r9t*#lk5!#i)TlE2~0#_rOP?)iIrgE zFPk>G8Ix);=a-v~%ayGz4B+97KHDS7j7fBTyTJ^x@v)aB=N{=*D?;1P;xmEFNpCf?q_d8nD{R_wk3l0eiBoEXW(e!T5uQtawoo4Y(v)3&7!JGdBz-Eh0o`` zt#%)TAB{Txf2U-N30sO#69_;i6g3#fc;#`%-qmbv2digOHG#>pUd`SLZ< zQ=gY=31O{S=>}T6A+1@!xtr@0!T_`tFkOnCp1;fTYWrZ9gAYwC@l6_|aCyVNzLWTx zk3jQUec~6J5bpwy^wBOJZyGTV#2Z?=w}yw2uWX034V53JT7%y&8c@~j2-l`?O`)j?cz)nbC&8e~!yEusmM@0{a?iyl}aFf5~ z(I69IWK~Vl!R60=IpI7FS>=hY8yoC2iy-BQwsE-WaKG6(9~nD<288S=&(%0K&+YQ# zij9m4+k!xwhI=nv<)jkD5JR0erEDIo>26{dLWsMA!7Evv*4m~#jk=`w@ONd4SHUA& z6-@mLT3UsJc71A_KrK&exAGNdm2ga39^+-K!AI3a&?xo zCYkc4o74N*-fAX-rl#id&+laOH4+-vItQ!U>HMH|5oO&+dVW_evNv>h*6*#A3k=53 z`{kR|!|*O)ixnZ$%fQzHoke(O&HCz}4l?Y8Gc4p(gU@deX4Yx=AsMz)r4W1Q261>vn;WKAKq?K66q z&DJSnHBrFfKe*THV_LovoK$a0iRMaoIsup@*M2XzCR8NHa+!}ytJGDQ278# ziL+baA-vv|>(kN;gA=0lA2{^Xy5HUyFYY&iZx4u?iocSX23wMom?Erqw)EA~Plqz4 z!o8pqUa+y2M+o8{y9eBUYQz=G6Q;PkR1ojJ)yGh6a7_T;SV4;C-d-{0;GXCtosKYK#)n%>u09y%*vli z0^#Nc?QrvnNBE|EGiUw~Xoh^2rw}eUsMV)rF9De!W?rVBYDJRZfo3n&{t{7;A5u_DuG^dM3Bz zS`L2m{COkD@AfZMz+zV(ke4`cIzed!ZXV+gl*PmIkXj3{lh%VQr^_!{9`TCjY}Jkv zXfI^fT_>^Xz30*Om8AYqwxQ@r`~H&3#p_dN#bz+sbj&+bv7Nz|F6rHnOralYX96&D zoxbamJi1sVzo)#EbK>Q2i^k$;MrYoJt|nFa!dC1Vi9c*_dA(6%zafeJ@Cbn7yO z&p8h4;BER1X@@(G7oM|_qB173!*Q?0qx=3%nWO2oas$qp;=DU3b=ei`1vRBeSQH1qgJ6Nv1(Z-XSp}n83R|&1+>q8HA#aI z_y?{Ydz#-Z;@`6*9x1j*Q~r|h+e%UOBn=k|rKR$S(%W1R{?@44k9&^jF*m*UjpMsu z^*!k7WXy?;Ccmq5XYhpTAXq58dBum{>U&2a#Nl+-m4^UFdDsc`rs`uTOZp&Dz$1`onN!>x<~l#PmLvE-I(5 z7GlDPr=${B18mI)7wHS&+tJf`ABwlSQfpQFLO+1aF81h;eXGtNdj=Y3w8jjG3yh8| zXMm{4eUS9`=|s_a_}7U2fmfq7BcnnCpqtanRepZ!-9dQN8M)W>D3#ie;{+#Trmh^v z^6p~p!z`y$^`vEF{@XnNR*E%~NjA?p_D@0_DdLa=M{@ris#)cbc53?qh^hfUZFVrG z&vg*P5L2&A^Qam!t;8+avV#HUTsnbvqc+d*i3Kf*jUlF2@VA7dbL^nS^zI|#rSNKm#a4G zU#-^;mU=Zc*q7N@TK8EjsmPY^R6}Cg4%LoBcb2j|H|x6Hgf0~kA{}Q-n73JzOAeOp zr|vYsVW!LFH0gzkXIcB14E-~J9ZXoIIgd4J1>dvho3WS+)Q4o>?Z}+sNGKuoak4$%!;(7U%pH==jVN1#vM+w zN6GtBMO^yGZqla-2!6_P`ut>?XL{^y+aR%?K0WWyO{GTm=`n4Y_guj)UlX)v@bkk- z2wI~?TZ<&f?8G(xuOuxX8QFn|>MP>Q1Qi8?fqmmGas}-Vi1&FZW%&ED%a3Z)x2xL? z6I(NmP*I!H8LKMg=}x?Dv-Fk32M??M=6nQxpE%@yXHltrk)Ra8k!*t1VbU+ z8K)RJl?Dd2%n@4!otK5vy9*ho=*2+cS@m&}6E^KiBM#BiSnR`?GjZZ+_gP11=dvzQ z$VE=)PA+ZS@QaxmnGJEW4IzGTle*2~I=W$b(kYTL*9B$sX#1|7H_B7&`0xRgfc*}~#u;nCiJ7h=UnA?1X8 z&vCZsU2%_~=3&?ePWIGUo-L!}undRxmI=-T+}j?Q#@_V=hmI=0wTbKO7w;cTq$&Qq zxdk4hB=-bvmPYjKH!WrfFEg?S6~}n(fDi@opHCKDlD&=ReJ6iZnQzz)_~KU8;^Mt#Y{NP|v}o4PW3;^pT>3_J7S#BE)Cg_n z%k;dQekU2oF&N`4Ir8)XF{ypy#WYueP!f`vk8Cz@{A6GX=~FuFqakg+nJC6>Xe;M! zz#r&%Pq8TpUOo}ru33?F(Fc2LX!1^vC8@t|e4}T?z$BI{v53;FZN zwkm3eJBrAxZkP{M57hvf}(W-%+5< z;oS-c%-;*=g;D^p%UmWAV{;LAQvXXm>!N|z3)DaQ zDUSJEZgy}VlH{4#KvsPhg@(qYyuhd0*GApx$)7#(@pQQqS3Cp%p7RfgNB=!>R8Kq7 zn%pO(j2zJC=Y+&7EElaG*TO=6SvT*(L8JJRT5gR6vi}O(O_VWQ{o=hJLk?buz05{P zF=!-hYzh2lj5QE=OV6MYwO<0E;Hl8>yp?4p7xQx4YlLM6;0ZCF)dZ(6JWAgLO6u9? z>mHcAt7|1{0(h*ON~=Ia7ru`6SzAmes+M&mrO%)1BL^^9)Di$O*|D@p-#BLKY=pC~ zi&?IiFn_#VjmKZ9D~ju14jWEbm_VmRjLoAzO)e={lyO z$5i~t{g_viXUdnAv+aCfqa&%6QM;BxgM;iQ?}&K{j(m}2wETKCXL)l`_b&Um@h;$Ya>*Zix60}`ecv3L!aD8enI^&A0WcjHdAHRa zgQL^AC0m#k%xeS(QtPc^sI89=7JsgkTQg*B$N)!jSg%(R+mo;7_tN5uAIV|3c*w6B=qxJf;%)uN;uS{a4O95cyuw0!^Zq z`Yqq)->2KZeI+Lph|9Aw%+;7PI4aMiTcLGPAXm^=g zl1i*0e@ZRu07lS_kmgV68I)99YCuhXKCX77483Q5=*P_%67Szn`(Ll7V*pghvG=RuZ*Bg&uMB~K zeq3dvSpM~fzi+67;vIT4Fg5e<|NK`&V?jVa&c!jNev`$&8ui;Vzl=Nd=zSjHKjjtP z-sKhkUjh7Y$w&Wh3E;Uy($&9N0RK{e=uRnWWc~+Z-^*k z|2L)kZTJ9NR(FS$-u=Ayn_2r?Q`dV3{U(F@Y5(EHvG4q@)gizZ?n7cq)Svb$0(Xu4 zAJSfbZ$%w5(8%%*YpUNL{`Zmp|GNAE{B~X#|5r&k8y>9(23kQV9bG8nLjoBUVv<_K z3Q4~iymP(&{j8Y=ajnK4NxMHCPy?A5X}c4F>UR7l#lC+2jY~YPb=>Xwb=-2NE5LSw z*qCi4sBAu_L;mw8RuI*M>T8B$Zc?Z(=AS*c{rNLQh0KljVYF5G zm9zxvpFcU$_lE>D^W5IG{)49YVw&I~kz?>cbxWT9xu3vTD8ENdV$=D+jh95G|Bm$^ zj13)fs#FfZ*S+h)_CM`{$$dtL8k6%fmp_jVFoHv5cLVgbR9WiJqXUd!j>+8s)p@;Z z|7Qb)b2mU+Y9){U*#Ol6vcRgfefZUOJir^o0l~D`mY7(o#H2Xgq zdU7d=fu2Y~63ftk)YSx5psTNvsx3+XfmjmwMLwe2FdWFh;+6hKT~$Z|y83iPqcP$i zDaimq>_<*x#UP5u|EQ}^Ujbc>+bmy@`6o(3XN)-{kiu2`0+;X~bv5oO(A6(L-|hb+ z8HnY&vj-`vxxs%n2EbTIe7Um+|Hs5V#}JuCqpIQK#=ty~PKC{0()hnMI@TAMhWp*- zwSO-XCJ&Hs0_f$U8<H4l< z2vC1q05tT%K|9=5N%T}rdlxU!8Ndtgegx3f-kJqt0;u7W{EGk;Tyz6KMSU*SiWtW7 zGbF=7@0o*`ZVJpIJ`zLqUpMUoMf~bjl|-lSc=(q9#y@`f_2z$B1v(p4=HkjC2Q|U~ zBcSeIus6W{IRmKPWYjy)-lUOH*8!Ni6+VFd_f{%Evg?l93BCh~0}Qf^r6v%-Xg-63 zZ#{w<0nfN~u;ucgeSb6AVAOG(ghjof&3RWlozKR)y7R0q0AFm*De8x00j+7^ zJ?c|@@vCv!NHQbGt*^CZ@5(RCuGri6-VahaM&5DAtGX^MFHa_wDuGHmXWc0Hb1sWE z$%nAPNOI%b^D&S$P|Excz`FP^n6=M&p&me>zTbSGg~t5{;o`?Z>OLj!a0zWpRsd0U z228|@-Miu&vxHe*KVQ=39!_f*%*Tk|nCrDUF*z-oU`J95&t!R@Y2AS`xeV3YU2GQL zN3iYrqTtnJiF#@mDkM6TDna*rjR{$1upxy`I*XtVyo{USye^(7(sBjV;i)g$3 z-k|qb%20C!z~kN?=q3*m!-dRlb$4|a0gMTE21-lx&QxhVd%Ajscj2zSE>KUt^L#5E z$X$09KI}$0ZV0ycM7jWZe78-DFEt>{KgNNyU&nexTISD;oDD@unx1X+Z#{%@1gSjblX!ZWC;Ug{yi__T2bx48!Ddy zwEUAcj4|_!Q%-`Lb7=O>{0L9tDNfw0xAeZo#`&^QSF!>vtC;jm=I+yHbnL))V*yn$>J0Z#W0jC(#F7O z*LWoP#IEYJ)e%ZT=q4~m?KCcV_Jtuk;ly@Q9n^Lpv!Vh3JwrMVd$G?Kg1MRUHq;t3~VBxF2Ay(6sL z729}|AuvIUtv@O~w7wbRN1){K80#Y*xu{122)`y8i5G{8j4zZik|e9tNV&l0`r>1L zBT$Q*Rv4)D_tRQC_XXN*yUk*gd(v(QWp8fmf=A}egXmQ#nNqZ5TK$($=(HL@lKu}(XT(nIpx>D@rFj;-qUafK?;$5n2l z>j_6d6~V>WM^YUsv6xABd{w0ci#f&Yu=@mGg5&8CeE?lFvn6MSIQ5>2s=%k88GUQ8 z(^&(Aw?f^6C9mUevRK|vR3Klgbun)39bOpp7#@LdugA;;yOp)x#sO3IvXP5uCyMtf z$k87O&j`ogiX}mZmN2k^zHIP2A2+c#z;^@sn(dC!ZdKJfusddw`NiqwY^P>y)L8Sk_s)(^DCV&=X&&w&5&9zolS7W2&t+J#D`tm@|ogQvvYWZhW_$ zxcPBWs0&QqRF@fnNBjXc2}fEIcQ zZJE1w#n-V3=yA%Ei3H_u%By55EX2W@fadf+m7o~wtrD+VbnG;BI>2>++wo;fgV9931`OiC1_G|3;~3Y+dqakS)?MdYD_TT@jfQkfK&hDupiIb@eY!V=>)W*gs`voc zlD+HKd&tUNG2LB?LL=rRr=^G>y^WLV^LSu?VZ!c5BkJ+Pf=bas5+?kmmU(=<7}!%- zJOOqr;bv@%n>aaZxuhgQ-bXm}psS-01iGm$O%sC+zAVXO)kEf7DYvrpPzsrB_u`a6 zX6CQX&cMuHhLSw42bLgya2nOATjsh-Oz|o}SKOI&9-qKj2`s1(+;5odaJ{_)+)f5| z0gIp*36cB$JOU_Mvc60Ih6d{zFf;JUf?&SD)=+`1cts(mSw;n&6f-Vnw{e1ZzT@{} z6Ks&((s&@mv&6mkFc9|wItr9b6w3@vdMM*|(|dwT#>4t`GGPS6ac!Y^2LLW`ADR-L z6m=cVZwXW^u>nx@V&Q1jRzf|cd)b&|Ro(~mI}s$2QeRJl$B~LF3;3~Z3LO=hMYg`j zCio!hzS5152a3k+jS9mfgZihN5{d~ZkA%_sI*tXc^b(I*?2wKXkA+MHbh2<-uEwmO>@Rx}PUDQyAR zsr1rM9Bu=j^G){|F5G)i|Kn)Mbf{oJ127NO%Rp=NNo7H6nTiilSB^v$Q$fNj!kIni zNGRyPh}{c0Tg!Y%DV%~zKxi=QwbU9f)5 zCn0gF0brNCa#)`z$co&iU;TWrn!(LMIL7jX%zd0B&%2&;RX%~$gMF3-8s$SipnDS4 zi$iwD$yCaYoPZ5b+MQg>fG3B*bM6}{A>0BHIrRibGRzRQ1M-Z#6sss!Y!m(Nd%g9E zp{!N$CRxzugczUi%9_aCC$fl+XGfsmX+NT7-&_q~ALy{5V$gcyhJJVz!~%b^Fy^@f z)OtGgb{|E8*Bo{fXPrJWF?xi?;MlU^OYZEOvrOemus}tb+AEy8PsWc)7${IsX|-W! zZoJ2E%{0Js0KNry7F(px=-&`jSzH)rSgoAuLdc4@p@eKSPZAw9$4^6uUK-85>hRqt%R3pQX^!w$HIMe+|e6GFJLL^2C_#zZDvJ&4`~)Xfzu(TdkdGQ<+=GKO~C zlNS$p5cwEV^oBB@DA=FeimE_LF(f=1*CK&Hg&KQx_j|Ot>n- z1T{cvEK3xZ0jKI^RTw~?4QLlIrV|-#oq6(D`61@vRlniTRfdQ-tqICNJ5t%9vSei?NS8f(VwuOA+ut%915alsdC9f;%@+1xQ{ ze2VX6u>#etHbJ}ZFBVgaM9q&0&FC@O0RcN}Z%WnaF)6(XrRenQWA-pCn;dVPhZq?B zCKu!?0m9BabkR3NPs#>^OxK7+G5ToGLrM%^Z^o$2lTr4yKgeeq_Orr2Hz%sqTV6bBp($Z&>1;Er=I5ZQfOty0g0GhkmF&Mt z*-2`wb>vTmIDIE8Q0+9!L%f)yZ6g>E#$hFcVedEw+l<4v9c6>m3Qhz+0trbt&s6+~ zMv+gR5;(a9){*@pyujJZK0o}`=SxAQ;^pUjg)c>L?Y#n8il0ExULO)L$?vpjV)%_u z8EO`A1U|yV2!8z_Qab~s$}B6rfD7vVg~uQI5hl#N)#I7o;}9973kK>hSBfW?j2Rit zLPQZu@e$7^PUCdwMoAZ3%Xq%ZWlxgvl7EKkaw~oo{IPV@v6YeM`g!M;6{`1uMMUc5 zr#A)yn5I%-A}H%Yu4WHxxc(95tiYIO)+`DJ-d9JxAnprdK!s@URA^~3GW`f=U28}< z+3eL6c_0*h%)>Or9pGl7MImefu8H&}I$=o^8eLj7cUs zZI%LY+|$Fb_n~#)?(s40zX;*b4jz4mK3p1A-Q?Kj!{Gs+xBMy~r#42~@3jSWpr-uFWxXj3YGw4q{QbV1QA4_)fUoJ+M~5Qd zbk#E0QXDET0jn6;T{=&^(6GehlpuWKwi^No@|Ml^6yeE#5h8*KkCJ{-oYm6`GiX?m zUbJY%EC{$qt&N_R50Zwg)#}F*6cXYv!5CmDIB}nRsP7-2Jt+(DTV6#|Do#P-a3T@2 zc*QwKT9mI0;tb3w=bRf6W|U?#D(FiI0IK5l=@Bf9d5;+6^&BhntuP2ZfJ?6sF2QjY z@~e-cV~w8B)b=JHDQ>1ohek46qT&RwlcBp;Ib^l+*}EC9KE$AV%xu4BSk;(hm67ZQ zh?ylI&o6> z^iuphaOiU(s4VE{ME7TP1n>{H&R>A4V|X4PCl7HBIXeNH=}XJj8*Gnart&fhdvWJYePUx`9mwuqA#E`0o zQyv^BFGFSLj&2`A50t>lP~k@)&k98Q?@n@(*?8u`AMM*2O&EwUgeBlz=SiPd#%u~; zt`S5LG>!?!Lz%}6aROk-C;glk+&4Y-X_rr>zd!TDi*LQj8>EGMgjFe>WEyv40@-dC z=vo;BS&JeVVM#w|u(kuqZ|@`2eievQvcN=6B)M=L>>OkI0&IE(aNw*r?}Lmb89X-= zHLi}6&9Hktahe_w68ObEjU8@}tL0ePkIX;9S<8|gT=$MT?2v{()(N;Ef9koS){dFr zikvti?5h?727IV4V=0PK0yKZF81ctDhZ*=NtpzGQCN@OFeVWgrLX^rt8@V}Y9@27Cq9rq;zn z@PblBSB3j!OgL&#{KhU&r3#?8TQfcCrbEwEME`o{A$HDgr_dK{uP>~}_|YX~&^ejB zR2p%XGGXcM^eYzi=Qnri_P63cyEsLgy~@wxEQx3)K|z-!`zrt8)`^e2Ll$O^#^IG` z6h^bwB7hzl<3<&NN0wQ^Y2Pb>_X&q=ioBptdF=WTQzvS##B;fBiPy~jk{M?FaFnbb zocGEY2y7G#%(20_&|S5&+`7lgaj0Zpv4R_5KAfl-JLrzsaX`uSDd7mtl%PQ|*@sz~ zUU5aWoRSQWANwP*HErk@NPRW9^Mi@xLw~TBus?PrmyhWR@P8C*CI-)uCfr7w)|qQN z+*|GRT|?{9DlD0>4cf03sfdvkHYv-H!!0W z3Lcx}P-KRfGoM&Gp$B^Oidf^I#`n<4tDGL!c%KmUQG18ek-2eJ9g6joNTv;{U6AL} zh_#A^(G)1D#@c`FsYUB#AVZxGh9aS8lWDktKi={j(&8lBM>J)3A&+w8Dyfe9jO+-Z z-~5Uop$g8k7&e|g78Wu1Me}$Vrh#6JlQf8hS0p`F%Qm6#HJi$teISWrk00@}4)Jijt@b{3=Gy2}M3s!REiI12kCQe(1PoRPi9`6c31!h+xzj$OFpGd|FhRC$uysu6+ ziKg*pdQIf()5{Zc!)pA546al4k?&npn7d2< z3t{_VTsZGSs2{bhbk^OCjY5(HGkloy8t=l)USVr_R5+T^=wy|EiRR?qj)r)?$ylx> zsozg|z)60b;r!kAd#S97%uyeKU!6=yax`gxj$1g|#-mIgk(TxQ;ndXLk%Ty?t40xP z0aILLPY<6-a$c!$gzL#$k)=1WYlBi=i?v0najOK0w6Q0`$sAxO8>itPLrx^!tk*aF zW5Z*bUJcVAMXn#A=F2-(WxEC7_e}CK^682%QOf6C(yw$Kju+5}t=^}yTjfo?&R63y zyPuU%K-Ak37RxO_CK52qM%}QQ7^&eL`s_@m+wtR1jCf693b1?9$=mIiCKO2Ml`lM0vL>!RRvMqY+M+1Jk(EaO z!sVZ1KuF!^>F>u)RodI_WHgusqxSvC*%5$MPCtE07HR)Dmp+C@dXR>JGy`e9kzx8` z#Q5A0b9IhLG$tUofKH6e!WcIo0Y9L4!X}`qx6ZyYw(wq080NKD7O|XojD|r)m!h~I zV+l;cgZVmg^7V)kq2+ysN;+(eSA9a`Aj#xLD++~xDE6@<}ps% zzzh*DOoe?$K>qgmf_|jpNuiN{ZW;pT_(R?;Mu1w`zUukZ{Xi(Q&bq{)fC9nR&Z{RU zwF1yD8GU)WpxW72c`nk)a+f%)W*yJuIo*OGrC!0iSvK#pJ7Ed}uh#cd6))Enke%(IC;bvI3-=wSj!*0}Yyt94CCBEV9hX;-Y!MDCM{ACTo?3i3 zNQIFMA8)dwvV{YKQebKmfwK23FYM9y8I3MhA-HTV5-OaruX`wf5ecfh9@4Y;q#TZAS1e z2P?tG7=lsa#qk(32JP;rnmmChBN`0lD5o351w1vL^ZT=TwXb`o9T{Q@W7JZd4M8s` zRvToFLr+m138l88G54-O9xhI#%MLE5_Kh%uRvD>?DpGW#o z?K1CkQ+PHc2H3<}iPHbdwDP4HqRYr2){~kmSeJLwo3(Yn&uy1MVNk@)E$QC@t-_FFr+Np4f@adRsiHGl1~FP*QsCU>emCUC1sJ@@$mK?(1BTTl2y=tPv=#kwKB5i9m^U*QgR)T9g<#Wm^*tqz6Uf2^2dT z#GODwu1Wm@MF1p7&L5bWAG5!3$)n?<@-sWpqEIj-@Q{Y0J$*yS!Myg;f98q4liQQ^ zh_FkJ0MjROOdt8)3G6WI0%(ZQsq^*VaOip-w-n~L9~eCX{#EQOsVK?x6&$!wv{@PC z?iEx@A<&c?POzdI4dMBtNF3w9^H34a8oWF?9T|EFxdiiEwJJou&n9iBW3ss(C;~*s zeH32Fos0fmw;}0D5wgtTi`>ot9LTAfz?XOw!Xa-J;>XyQVot+1o9OcJXN2&VItK%` z+|IPW)VC&vzW&JgqufB$77X&hjPV!=rr7+Ta6Zey;~;88A>r?%_D*=AUchpKvp@9n zSuCi{SjhNO%d^k!jc(Md6H)ef0gQ)4DsO_$+!z|~tJL}N@g%ZPh2t)TKVIedvvnF2 zjjKC74IejJGC|8Y9+E1jjZgnE6iLU6*-a};OwGdIi0!IX9#kM-F*LL;H%KUJQ^d8C}(&{}idN`PRxahOD)9RxZL_sYH*n+?_!@Rxr!d3Cg%*Pv0>#+M+ybs{4kD{u zDKqFqAR}6ZyN;sWoefoe0?vIbIQEN{5Nq6}Pb#}VkelapnD`kGB%O49QEO=@nmF`O z_qrV+%5(mS{UV;-x|28nr!^z^;I%LX~PH+cmw0jv*mYBnh$QRlHasYsNTqOWwKX;)Vf_rDGwF(WL#$ zUdPiYYwX~GxPZ*7o|~G`7o5=jD(oO2L_5%rJiC@aR(5wwfI}feXzmbVijIMhugi=n zSPV^!qeSwi4s~5HBJIPTe|jw%AN9d~h5xYgi0!wlJ4yCqf91e|P7X5(Bi#lP4uX@k zb==h^(1hj$oYW8yS#^1Nj)<#M$Zlj{%rK81xp1I!`LN%YH!(aWX&nusT1g7u}V_aS2Y9D0lR6 zw2mfvO#4%&!RHp~mhdmsP{mzi(x7p-sQ9KjgOfRfRsiQ)R38~yw_jl_vAyph-Z{^lmXk+GhpA!0O{kp87_QHYLxATHI%N_j#|YU%$?U0es13#?t36= zk}%mKp>S@24;;y(t&;Hql$(a2d7zz{!{M+51T)~rs?W0_VelnbVCxn2^A_>0PtPwQ z6Qo9WrfAxYN%%`dBk2C`NKy!mKa1I+?G+-gHi+lar%>^HB9VX5xD0l7U(O+Sv?*^n zk)t+~bmGGi1~HmE!ogo2oU#!4`lTu@HM%VFT9%XSdG0VSj(Dz%1e4U^hIWTvpe1qs zHz#1iFLE-6M|Sg~2CO7My+)PXf%Z`8h_yF<;B=y2pfs$)lyD|DzPNm!OQ${lV=x;i&-^>V=PQIL@I1gd|Q4tnU;O$UVH)SsKF$ytEO zs99Acz$bk~nD9D8w>?)_61sWgs1O(9hv1jV-g>ncP)UXS2WY^%M=A58btg6GmAO4x zXnNAiUzE4M?^frqgO4(@%Cauex8k<>7>?7Sq~5t4Qm>o0bprV+l|Tur9xHl*mCP;0 za@h(yCEP{*4sFYxhr;)4(2{3D$Zqw)jkShiL8O6CJkbX1&r*av>!_hdI0o15GF4j~ z347xjx;?%?jqU94ab(zA+S~$3H!7)|cjCUuoHS)-6yLh8BI+$Oas=k+jymRuz5U_t z>cDz8-%N8mH%|fLbQ9A<#Q-XnoEg8xFy3~Q7H-{mOxK`+k zAQ0qL?$8&^p*x^)U7Dc5(=RlA5Qr~xgBx=nCUSr0>n_NJ7<%v+`I0|#Q01u-Xa4xd z{PfL;*j(~gQ|{Z+pA}L1Iwh7EC#pi*;@0BV#W1$Ocq-aiHNlSwgaS#uu=E{3iPaIg zUW6<256ucEjJgI!S6)zlU-72O6Ca{Sn*$r>oOT)4M*2 zvm$UQ-$Pa>RKI~#IW*mX&hvlbKhzYu9xer`^i}?t*kES`$8F;UcmCdnc(d!Ffd6#) z1wi@6Ck-nig)t}Zj=XTuLbg39WE$!Mo{{s07}0^5y6RTr#L&xZLmzUdY-I7@SjY|A z7!svv?wcth+NgTy>mFyX$c2M!7MrfbY|p5&8?VCTfM6wvD&71jK{3S1KsI@t^Udctdy_-T&P)*xQ{mHk51ZbEK-#=q90P9qgZ zYeS;nJVhUs@TX@9h^*KmV{B#KqE`d<30iveK2JItJD1)LLZXAh72xgM6*J>@Sd)V> zw(!3btgy2Rk=PA|VMhU;q(fP91;?T#XxGeV_6 z#$ZrTkMmU9+I~KbaN^VCmf@5cVOD{~LMYwzj4@s5C!Ah(844-NGkW}LOG1sLR5D#^;5xR#} zaEB79DS&mPzlOV-9t7YCp?Ly(wB8t_!6I2vLB6vtM1pn?4g ztBZy@fD|0OJwh8#5AhS@2)|e$d4Z+OMUe>#@H5=GH?2tOEO==Dx5YbS(;$+9`&kS$ z`IhNKeQO@G?@1X^#wYy1ZSiozZQhBiaKasCtJ9SLT#v;Nb3C+IQqxwT3Hj|KuJL_MTK{jJmk0VuZ!%3* z*lJP^K|-fOukTldJ3WIvMO`@V%9;;O`jm#&@cLG$cb34vK{0}ri0Q-M7)NFO99;_^ z)7ZnY(rm|Au8}?1JvbqfZWqL=fDtB_Up zj8z(K^sQhK$}NI*d9YV_qU@$;(Ix1bP&q)TypfpWsmXSBD?m#cT{O$ya^H50^-th4 zkpOw?ALuNRZ+`@wHtV}k4BUc_*jC~$@URt^Q`!(el|<8_m{BNdxz3!2asD9R&!tM1 zCUON_;kw}J2`rAl7*3WYFzPyXn!MAKwj5i>)+35<>{9W})P~5Km7`O4o&=3jQ zNeFRPH#Hq-c&KtmV2JN=8BD*`${LUyV=~tH9pn==!=Oy`bfNpn*|HUjdC{po1 z_^XEAgdM9W0em>FAe)EU9q{aIG;tIofypX>YuK+cE%Hi3B9$JzxN-A-daNQ+8fBXD zF-2RO)115=Qpe*b!I(=J0;G3`zW1jrpFd*99JY`=19+2pQ5~h0P?QR8ozb&S<5gz6 z@GndgS=9yWuUo2m^@8-PPt6c44iybF!>1Ry7f(L+ykRXn84>T-Z+c>PyO!`dP^oSG zYVfcERIVTTPu6B`-0Korjtf`FWnL5TiGd%k;72J%c;WsN0IY{B^C}{m^L3C|)SLT< z%1`v`4T2IKwIq9_+@{wukBJrN)%$RDf;FU`M6*RYX#!lTQx?Z=3bx#*3?6u$+m!6B znxtY`-T$DeYeu2?i$(J+j(F;Q-2}J-vo)3v^f`dxmK>E7zZPEHb}?@$@=^q6Hy4Mg zle%yt;Z1{TrZKNRiX8R>!+5lCs3eFhY5_p)H?~j=6`umc9zLWIjW=L^N3ED5BLEEt z+UX#P@}oIo8i7HM7KwEx?>+xP?3F`*3*&k6hKIx&aut=D5NOB(>O=6Ob=xA$p;k_dm z%0|V|`1turJQ>ndQL0+m8=OUzpTAG0-;tsZ!$@b2zx*54^K1Jjh8<)Vd2=N@y@ir6 z;GywqNU%fWX$Qw@R<+?>{KV_^So?}!nQtin&8vKRQX-Dz_#s)?F>3C}c4k$v_BpVv zsEDt8?;rVE2e7FFlr(!mHmP43|5uD^x@ak+FBEU-->NbEyT@-tz7A6uCF9{O&RyMf za6NGDpnK$J7B<> z?(v69Ju|+OErO+(A|(=F?);QgIsbR0>eueieq>c@h4Fo;-AnAxnc)P;=C89nUfMG= zphVhC|K!;+WO=1!@%^96=>PeePm>-Br3?k|e@wl<*V#XRXT<}I^@{j3W?mrS`!8h1 z|LOLZ2gdpu!LN(|%B=n$Z@-fR80(sHit%4r{@rN&=kt3X80+>J7M}k*T>-;`YJq`C zZuCFbz(3aff4l3qMo^%;fLYV}|GA8&LVmr&BZ*KmFYc)h5aYYjFIuI$qzkWk6;NX7 zvj#eU3lzrx+n0F#k%6Y$@T0I}%9Ks`u&z9C6xew9q#I1{M*qD?fjRIK9U9i-+$mYY zAGPs3tVAQa4=Ry^M&;rEX+Zwl|7l8r_j&tVQSE=XSW;vS=c>#Y*9|{pkk`unuf~5; zF3VwK2;l1^6tDtig#UJd|NC8LUljGyntiq6;br^1kcT=cgWphI)s#iezrA=sJYYh? z+Im|j%JjCXu=+c!iBqgb?5Z@!pg|H|nVNuQ2~Veo((jal@+{*^8;8OsoC<&-Uc4T%Mm_ zCiDNikD%fnLbGkCg#Y@;WC_cXS~&Uq@@A)w5I(}r1mhzSvQ(m;&8}F}W`CI4viLx# zVtLE@?BCAwcNrLO$%KE2Tsw!G{LUXBy7MOn&BXtGaQ<;Q z2CR_ex58^Kr4(6Q=%L|PV{Kns3TDp>kp9{s*&gQ+y<`)!{_BhW=UV;ejdvd~yzUp7 zU*v8 zA}-T|_XjWADt)2sRYkRYRg|uxvt@z^O<0!05;%L`EDk>Pczh1Aj9u>w9jpJsyF0h3 z;|#F)cFct9Eoxj0iW7CVyf15s7Z2-`#>*{SFItyH?w!-rO4`%0cYX8OlUhx)TYva| z^5*y>ow~jGu|&PT(s{Qk|6F8U0+wwvRqNbnTU<>tFUT(RksbGXtk(Y9lto41xxhBc zUK_;yT5C8-E7+51UbEOLQ}@^8ML{L8lZ$#H+~eL2;jYGufX8muxhK@_o$yGAN@P(y zgj9+&Q_AdrJJVn9qEsbCR8PoPzhCC)BrdM{FpnFiK0D@oLe@v{G^*KcFkH-~$Gsj_ z2Z9ah=#I;?|<|d8kfyxUS9<;n4^y({CKGX)a8PxV8>;UTjT;>(*CA zkU<98ye?%CjvpvJ58Kf<5=Zq9b>%;x){pZlMeKj^e3rtc5X3u;agIqoC)5%a+;N98J| zP2OJSdY0$&UV?XdulQ;;0@AJ*@3)q}nsz6a)mbXdX$E!bvR{ z=bP8Wr}Ymtl|JKoCOZ5BEbT**2kGu-#}~twm#~mt#3tF!QqwA#EqGzCMY`m$6Ydyw za`WD|`n_UPkAC~55G;R>yiSi}w~+uVU&wTM`q11})GHJ||6SHb^>^{if+0PzYL!mL zwk?9EJY8qzIM}K7R;g*e430?We(Q2M%;e>f!w=$HIC$!bh_i( z!|(qoWs866H;0TqzYVmwuT0W4uGV+&O}x2CEluMe-@tYJ*tI~ttknk@dY5SZkQ_Yx zRJ383vJc965>}CvzfezKR?@dpv#?IE1dkM!WWyJ0W8_C0JACxh+DBpf?nY%s(I-U3 zJT=vIumNu!Guu(E-Qof5li!AaC$y8rE^_*mW5xF06(s-|4 zUi18*d7`Oa4|rv5p~-`LlStm#wQQjvvAV*gtg!T-1$Co0SAz?z`d%Lb?|pW7`!~tZ zwB8jCNx8_RHZ^X<-a1T7kn0F0@tw`pf1f=ZR-avEAAjf!IKPFSr>{|kP<@5Ztbk%l z$F2aCw5DEbdCfQO^0gyGKi1mBe(ddn(%!Uy(Dj!wp9&+^gRv-g%RtDn_# z^qN)qG_?M;HOi3t4aGcZbW+o9R6Gva;4jwdRcE8Hb*$3Rx*hQHdw;KGPQk$c^3a{F8_~NgxYOLDc^KvLdWPZOh2+ZIG&O-kT>wk?kgPdVTYN~mc0{?~tIiuHD_p6ei zaiPeop@aeQ8#7^#vkGe8o5~tqVFS<0*i$hPM(v8k*Bcfuty1UJX4sfF>*dt=>&ALZ z$|o+iV8ZCOHupZq;gp_h-=^Ue-TP^t`qhz$G^26-I_Vf4&EC<+;V;rxHzmU9pKH85 zmw&EiNdUE8lAPMzh}VMDCe~X1hlaH-g?!Sf^V}+U6!zw3*ULu7tbHK6)zog6~FV0 z+b(iA^{$bp=C)Z7@NEIqSye!3HzCzz#_u67#74@zZ~bwNn{Kuou4np_*i>suj;O>e zz`~^?@qFKZkxVPDNo`-Jz6=(SW4-sCcYkZRzDDkI!(!UqWcx);@#%p$U#0w|xmEc+ z*G%NDXx(eW^CFEZcULP7!<6lz1U82LoaIqF>rCsM?=PLLiwr4Kr)n%c`D(pkTjQll zSJG|iM&k`Gx35f6)LdC)T|Vl;%62DuTt3#ibRBJri2U(xTfCnFkzX7d>wK*p;-~;W2MFzPU2+=-Z0f!qJGG*xtuZSd zzT40fC#t6hx1}bsO)%hFPH%5I5MqpN%T%Z)7fm)!|2k7sK4uG5Tc~CHm+aSXQtp## zwumvuDEjO4DZV)g7O9^jwFOh7j;9jF;3DOmAn(&re#ufslX{&tuSS4Z>-Zqvfc24Y zf%KtPCNtvQRn^sSZfJ!8Jp3~49$v4cNMeAipwJ*cuUD$g`=HHq9QL}}NK&u2(cAk~ z`2K+FL80b!P*)mpbA-+>XmFe-KEr1J-sQW>=^80DOo95wnrY#tgmTLC^Gi+TPBPo7 zLS7lJbn|TQDJ#1WOBfTM?>>y}EHAA0;%z=Q)f&HbljrJAn_gOn?XbFY z<*t1n<{Lo{9Gg9ryhu&1$?wq8nm#px%gk=R&)#F1!pk_|su41t`HnV-A^qO@xah^r z50(qnt!Wpj+qD^k*}GbO6t48w6VmHkw*ztw-dgu9A5RTthZ3XQXflnW^-NxvQkqrW zx#tAx#HCE-$fU0@#)#hiS-0LwcO4s%DpGq`(s;ogZ<3Dgj(qNC^>Odb#<4R^s)@}! z*Jt|9i{`0+CeFbFzH6ldZtugQqsM*OI0{8D+xJOiXx09vMcf=Xe~jwX%2g&57c0dw zvLhC~kb|9OY3`S&$!8yjKe`*KeTetV$*A*|P zra|L?qzV4R$7J81pK0C{%9Dewr+XE3uW7hQ1-4egPD#iY61BN^`bv4!14dYkyn!u| zR(see&wOVeIdR^<`eBe*%Vm3ZLozndbi3H@sShVptEaDr{ZMZRy0|j`;@o<#l)4`N zSu$oO&8QY}F9id+`ot3bq2MgVc8}o@GaYA=y?s&q-`!D8c)CCZH1@j}$y;P;q}sZqx8hcqKza z;`MZy9*hl;8QJ3X2{7aPX(FlZS=j_TTj4hgY%Gt?yVj=@=I+1Es~QYgszIGQXchPn zKRR4y>TIE2pXUgjZIOKC{Zn=KOJb>tqkOa19$KAOCtmYKcYAiRRjUEaZD&k;W*U0T+{`)NW#opnKe%Fm?8-|GrObQ&ZRGW{+WZ9;mlX30(wIRqWvIjI^VQuSV7_`!bvfkHYvt($41OdhUgfW-G8vUNWJL*WlhI+al`Aq3oIS^Si3U z$H>=fn-6l;Z6g>25;*xrAF($)BJF|RpGoF(r@)GJVk`&$GpA$qv))b z1@doXpeU^e0fW<3K57V{CnjZ1+TidOyWU4(T^=gs#9PYDB|-kP^XeNnX!x+pMf>HL zl?kG`Kpq8WtFeiiT4t9|vWuf)93JIgjPwbXhZ7;$-ukgzu6(&e5W zto;reBf6A&A;16lZf6_SmGx)srw?T|4}oaW_UR4lAWS3K6lpbQIt=5<8eF?!*`J#hPfEt zG$)OmB%(lv#2{-3DE1h%yi*Dg9In(S8rpf{!8jLyNE}gFJQ&BM1Go(A10uiLBDJ4M zB2_h2%FXM91+_*?K3+E}7>Viy#z0e{V&`Q#dr_XwM0=9@*+ZT^j*2MntNru?cH5YF z^4dxhrRMpu-3iFymuJ3|9;c%h_T}>Xafmw;!Zx^(-aJojiR62Dv6#VEa@LA&w!2K{ zk_6r5+J0Vd`0dixY;;n2J+kz^si*bNX;$cXJ$`pvl>y^ey^FBUd<>;S)u^@a1X11K zWzsBeR5~8n7{m^r-!9<+=)OpDr2Mdx`-j-%n&aP{QI9vF2QJ%of zRwdSry`NycHNQ$vJTJ0rWxjln$UUa~PFR}>$t>kT>MYbeM~MEadqs`KX5)khw{3n_ z{cqcg=s6UQ3?uNu2x)7O{^SylbBrgT1sImac5jnsfxtJdy)Bdz(`&@NGs#ZHNnQ!q zFJTgI5JIuI!vmh|@XO0(kn#=Zo%49!Br7;#2kcwQlPtQaY+XwUqTSa1IQ03<9k_IR zUh*BkPb99hE&W&7&+jcA$KLr&oQ-1ZqDyt6H$odVX_}o#){MIFS8){` z-b48_UTW^<4qm@}T_7DEm>aoq2*k_UOrPsQE2@gfqGS|xSXB3yO`Zy|oWweVaq-Cy z;NP#?sQ$FwRvXhdAML{S+eG;1C}$SU`3-zNr+c5>se2!2dhV9p&mQ#-URLMW75%cZ zjS@Z$)U(sX9nLt4YrUBd<2wqYE)@$txL9t^sJFbdBz>vB;+l`A2FD){{=mx zT0U|o&53my)scAiZuw<(#8(^hLzlr~6N(mJZdjodD*4IzGh3k-7022vNM>oTITt90 z1XA3BlUjcf`+8LAtUJW!y(qRC%!(@=lfBpcJjAQA1X)7+?Ya!mBfRDng=(*x6sKgi ztYx(W0jzZVLF;~x_!dlclIbP_--H+>={kgtXHu2MH6mS~??Hd7XTEa$Ze7udR<~Ey zJf8y1_!vRf7<~{@L8Zj%P|XflLGZz>xCQr0s_7V}eazlKPtJ1eXmi&E{;ULeA6x(m zQDbYdOY60s(53Zo-NPuMlMn-br|oxwz!?h;pz(E>Y&WU5ipd0DsimeY_2%0sn{+W68O;(?@J;Q28!eb*{3^KVhU zNIw#vZ8cE5Ob~K$!mxY75D*!%qg%Mr~BKIuQ^5LDP*Ki4sy35MZC?jVuiUu~A3?iZSj z3I~r;LXlyWk}m~~Vb~^NIySdP=w&^r?PKQ~ijMj|m0c8(`|Es3-<`5x{gR8PZMMe4 z!OP@RWmeKnx0j;d^7w}s+nMvq2f1YzbRJw>sly2rJPHMPfnhEal9FL?HT?)BlV)z3XhQOCgC+d!G zd;oRNe(U8D_fo6SOg+p-P;fn*JKQg!AXkOh+oUDT!EgdsbkV2K-G9BL&bi$INF)wmaGp23uu&x_9Y z{9bR16T~==3t!GYP~i~aXVj#{$pG1C(f9tA&vXE9d1e6+rQZrj0v;<4I>X72PH!ic zsfFAsT5nE<`G9muwB6|PVA1=!-+Z@Utyq07nA*o2Sx1?|>gK3Bq8*S`_m;I@Xs2$JDLjKL0q1wuKkmd@8DH39 zhXgR4(fy_#qf;2B+B6kHI~rtE)k`#E$Qv(#`RXw?xNE@S1NdvS9`wHQ0M^fKqfyD{ zJHcC@Awy;$^^N4UU0R5Q>@o|kh0x#p0l^#AzC7PQ9T&ZXEF|jKq`+!Wv53Lz=p{KB zUwJLbwypq$b+vWf9AiC&LD%^kOpP+E`6{<#W6R0h(DQ>u7>>|UhtLL=CCS$50~rsI zH>R*4louLUS&mNa^&|5hFfi%gYxBLkg0^u+O291Lujncay9~)|%}XmwjW?R6-4TlF zCUaJ)0^UWV`VBpaYz80Zil1xO0v&_?3pileW^~-=FQ|9gg5Cb%SZtx70(?hwGC7=Ur6U!DD2PvEO+v)v^=>lTQp{B-iS;;DX);Xo@Gkv)5`Ew zUc7d;9z1tGEw__rRV%a*XR{@DO(*{H+MOPV@t9Dr-t8@`^VmWbtC;%jqTcr}EzeHX zor{;;HJ+Z5eEA9ZPPBB@Y-Mx*oryZ5$7|%be!Pt5C zU0CcRixZd2zK4P?&bz;kgA74+%rj0Pz??zaBvme98fWNdCw;jn;BAz%^qA~$#@K_sE zOr5?63s%yluytNAtEZfOad0Am^|9Zc?G3K@_Rs#>GZr;ygL$8nO-8?)Lq)1!X=!ShLu?pT>1rftS<=DWtcO*`eHzC&O`&qV(~fqggZ0;g`S(KqsHX&0Wo^2J#ipe7Z9%&}T4GKsWZ`b(roDf5tfg-dB4sb{xbq$hWLN>Fe}7 zY@KOxf$yd!%4ucXw#eJDeq3y-&8$woyaOb1rl(uu9$bqzw4^eJbtKS zjohS#3t4`=u8v+W9TgeZ7q^HH^x}#t*h$gf=hYny{cIOJ|Mk9=cKhaZ{PI>hTnTIf zI6z_BR&;&}DD!hcdGM5XW|tKmP7Js8%N!78Nn*FZGdf3Q(N8{g*BWw#1gLiZiJ z1)79?@V-7fRN2sEKsS6^0hl%l|+PE6J12$5TJ@;30s!Jx%1N z{66VQ557XTu96VR*1Hk;(qg^>Lw;YJe{0!Kr?mBs^QJ}6p-t)3-9M})jA=y6br);> zv~+hT+*@LXNJFae75cKXBbI|zbIp)@qM}~(MzOUz`*9kX1kD}Kpw-vs!wa6FrXQzS zJy(i%L}JS?$6f`nkMK9}Sk}VIilQLl_0}PFxp%Pyn`)+PJqin6K9`LHKlIrnE}Q3P z^B%X_T}rvkWhfAQ2P=G608`3}>omq*g>>7LTEeJ*Ce2BYJ^E7_2KN3lKU@#}sJk;9N0| z>EneyvEYJ3n(aq7jA4(FT|gyyDv4r(Xe}Y?5;HUo_+r6E6=9tP1-aSHx!SHyqJNwJ z&_$E^0iaUGFSI!}GK;h@0qwQyI`zhZ<7}BK1gqTQ{P#a7+u|8+YoUD&NN;LLo4Sy3 zg$yYLUCz9RD@dyFegrd}u)EwrK$c+KL8*Xu?4*%Cx91uUR%zaS&l2A=N%35eWbfJ8 z0Vl*}FDHs7EPqA6Zq{3k3)yAfC(3~m?COOoy;0AzQVl62L@^*L%&A}4R2J-?CL28%nf8LLu_Cssj{j=~ohS7+hCEAu#ct@uIm<}Jyf@B>FoN8|h^?IR2 z8>>o(6#7K9K=o(S;dHmfbb$%>ZjY;%LXEZTi}J;Wdicy5H{xi*vE*{V+d8RKTc_1x ztU}cDi+s{m%&ox3&*@I1^wT3RAKZRIUeh5p@XN$Lt8myHmrZ=DYqe2AahTV`pkfff zMGgwEQpi>3xQVf$XBGPfT*eZE@G5C1nh8VYZkp%HBQlqtIPp8h!ydnRDi+^Yu(CmY z-V;_P-|sq)4+{7tea#j4q|*@mo8LNT5iIzz{FyfjTl>w4E}604Znw1zd02L2 zB}BqO>QWJ+1<_jdz}y3W`fegQL_&&&Oyph0j&z#1De*c^y^7i4qAcR(LsWSv0mxYh zo{dqh`)6KOkY|9q+(2`D>lumrMM>&7`-SanU<DUXe zXGTaG%oTLdUYTg0&HnL8N+qc*@TWbPR{DNDy4Vm(xuN1F;%of8*(me7k4W$H#f8r^ zO=lUsF)k5Bu;e|#*~}TIqe7WXk+wYSMmH?PnHB#;Q|jzdY&~P+Ku2w#5-9%tG+3Ox zdAk=uSuGu9VT7UpG;x>gqK%mTjmkL>UvHKh}N^~R!%20U+fW5||R0Jz$9 zZM-SvaC&5&bcc58~?Ikm1L?|P#}sac|pN9qTW=( zCz+snq4vw$ym<}3qkuT!N7SRcnnTdWfauU6_lEng?>jmf*y)zRIQGqv;f%GXiIqj^`UxK5IERty6!nj5jrA?hN zm2C^R4Zcx@7fHyWb<+&n-$)vB3jiWn(-%QI7UsC&IbB?!2!VvSDOU9X=BJ>55|i*p z;?xs)VB8o}SZ^CAO?Hl)1Pvt$tC}Lm%VpTUNT&a|7zY3at7K{VUp8A&>C8u2)DF|?>1rheL1I55 z2Yi%KZCrQdsE8p$qFto-KOv@kdWJP~Bi`8eh{xm1{5}-F67Xf5pxe9g%wEr-oiGU( zzH?ss!Bx|3&h(r@U8Y{l;vI^Te4snSpD-pcZq8(h7Iz*z1Zm>(TrNvLLeA&@G)=6K z+2O4;zw1Ir=*8;csh-8)3(><&a?gtVwsF}jd-a*xop9qlQNv-6i=`B6W0Ea|a0e;g z7W*))jZkprvXJYP$OS90aiCQ^lgz|-RMW;btu4ixQua{GGQudbpk3mP1o@jU6A})i zo^cT_Krw}IulA?*;a={pfyvX7*6%Or_0B$sLf=LV9a!(qZmONbF z4ufsI!cpn8aojp|$(KLG=q~-5>w5I*S53b2M?)o0#zwX*$!wwErbLACBdKda`ZX5I z#AC#ZnT$OE{iqi(*<`R)I17?WEN90E5M6B?HGHbS@+3et6onEQJ=S!1?MF`*Wq{af zYixl{Vt#gWR(r0Bs~BPm@)rQ>*M(8yRERv2P!b;J;-LrEL9med{fLVCko@htIkiaL zX7s#Jlh8I6I07>^YdG*2cPLimDea<}G6Rv`Gs<;l4jQ`HtJ8rV!c9{goOiVITts@- z)uVjF!d~C=Ly15^rXP(x@Ftr8lchTmE<$v;|FeqD3KHi(m@tk*8ZL+50~G}wN@KJT z1}Sxl)v)<8B-iW&x_5FIswI;hIKszXml|@ouSWrL4&dSlFt;|Is=BbWRZV+*%&Ypy ztm6madVLfx?mt5mXA@UNtIqL+Q!|*0OsLPeb;ASo=(koU2TMWb*xmRl1zkD$XA+fH z)SUN>g7i$2ZVGeBQ!WAA9~MQ-zv}&-bX>B3S1nY`Sw~PR128xQ5AdUvl8bRM&JBLG z#vCWHUAd16h4Jq<+f#MZob%g%l=M7Y_+f)^`sxkwFq)4D*v~PkPJ0|5>gYIWW8y}2 zNcSSek^_hYFC0df6!tHa^5><;l9O2ooPv(Rp|2z3l`6YV(?qK<0>v6khqy?%q*_e5 z@qpc&BRXDgv9dpR`EQJt^sS*nCSQO~!S@6_zgZviS?tqc?~_5Mr6UPG)rF9h8 z0`Y<5uid=2$+ETjq+IV(-k*u`BW3bJGY!TL_zfi3e~3|=L}}-(s`@Z@<|7vI=#?wd zGA1DutmX`^`|V#{Co+aJ)6O?7pK|-3wKBvQ6k<*ofYCF_xPF%H&Ha*&P(~k~$$Mds z?~X3~s*fDaz$vJcUJo*=IoIYMxyl;D8DEnHpry4QQ_p+TZI3LHVoz~MoLyIKBKF(5 zzxJyiZXKJj_0g`Azz%J2+Dg|(a`>GhX!&Xw3>bQKqt`J_rj5J*oU+ll%l6!kRqt?xvYnSAm4{K#~N zAr|*YUI~^lms5STbUG!!XFh@O*a^u=&d4`$$(iMrGi5$JFyZ^b-1#y*Bc5a`Pwo>ijZ9y=SN;0Sn?VwQdm{OLp)cLL`6sI7DxG6`+_o!o z$RmiGIf!}MslHI)JVu2gX9WO^tw)kMQPmUV zv_NhW*ov7Vi?I{9DieAtrOh1ylX8EL^cxIS2bM=O391f`D{@0jz`A7K;T65VaohuJ zfQ11sT^}3M@W5}GWO;#9et2e@szAmm3ph`hLuIJ10o$mpu{qZP+Tg$`pX(%3=h}sc z*gyW9@!oO9PmMCVB?wg7V)>jlhHktI4Sa8>Y{?E6o)vLVoT$zx6yUu4k9z#c+XtV| zF`wF(O0Ie9za`|GA~DscW@66J81(UMO95kHvJ6+i1=%j+Hm2?|10p}u=VUmQ-}a#O zaA1Nu{P-g;0#v;hHEP6*gJ>AN5NGWeuuD!pKo&JnSsaOp1Qwbf z4M>(T|C#5>!?{T$1n)g2PWQC?Rb%Fo5C$qysq_bU3vohfx_>q$nzzDsTzu-KE?z$l z661p`j*86|xR@c9XSj8D$7&0?R$VGnGh>)X*CA8&>ey@27aMc-_&yYs@Sr}gAbxM2 z-n)!OAtmfI=}kGSgKYGa)5?N3l>ELzQ^XRR{yj&oa6}y3lZ3ZX8U~pjlzfNw%B(+# zZz9jq%=_#*rB(o@=x&t8?lR4`BVS5(ks3M9(XX)F=I!`CF4$v&WXT5sKjL;3Ni!XC z0c^GN@4W!GZHM|TEJqAZb_Z2pKFzWvH02-wpW+8TtKTmSRY&hWXNElogT3A4n#>!N zAM9`BWT#_04S|}kNb2K4zL*ql$IVNeu_B*u2$D?_Q2P}K_Jg0{gpKvgmg#MBbTjiv zx%6)ef+~vK?66!D3I?7KAO4>$(Q9#{n+l-5{&$Q-dM~XA594Yww~dsw+JvN&a0XIed7$NALD11^ip+bn=WZtX)qJFD19XcgQ8FihMB3LInk<=<<#iP%z6iZS(hA7Ko(;A(t3r27^WU8C`TCiUmY`61r7aO`mbs z-$q$Kfa7KyZoRTOW~tU*#1G=~rRl4|UaS(aQ51s;4l_y2<5Nm$sow*(U)kMEY!|1< zo5dq)uZsqg6m1f0)%N|(w2Di&=zZrd+0>Zey)>?ftU{kQQ3DqR9o&NozgyS#h}-Pp zODn78NWE?Ph503}$qT2T7j$%@E{;n^vtDQ0#O{-R`oBQ|xJ@3M4Yvo`%aFx$Pby@< zC7|eZamm`NhBn3_msj{Gv^{;|#MVG`FF4%5Gza?PGH4b(O2(Q7pMHTbU`C2A_6-pN zzL=?W*)M^z?LKA~idTCzJCW*<1LO0Sb{E&nnOEDdFO-Kf@l(@oT>yt-9p`=lRwbMi zv(v?!PXpVe!#7MZ@n8hrCf33LscHa0f@1C2FMNJqs)>J;%pG^o(q)N*7oW}d!AJeVq znM*9*P0$;$A=UO(k~#eftWgqc5krrWz00B5MH5UIwT zo=4Eh|2}S9jJHeb5f>tyq8+M6d`Y4HGbX~u8gx?DlJz-ZZ5*!+Wz<2qcj)=z=gb~s z-Fna4q+VnGX-tMU{BvFUIzh_J5pcBEieb|`P4M8Qo16T8B9zWI1Ii2=z$CjgE6Jnd z@iIs2uPN6VboJsRyR&)F?FZ{9(>?lu! zfvGwHkGfUILqBb+C#@_!OupX=9w|HoodbSqLk;p#GMK}BK&+!Gp>Hzc$?AFhScmVC z-90s5ZCJm4sRT4E&+BJ^LC`Z5Q~%=rRiu6Q7%qG553=$p zmkIZ4c6qLgzzT7#@FpF5*0mPOCnLlbdJ6n2G;`G--il@tn9t*R8W{9;PoFv$2#I)w zM|!~L2Tj#$v?V8+GLmUJ*1cjB2TD}MVR=TfoAO|62G?;!vfg^{CF((E|*kcjf9d&VT1$`U1CkoJ!&Y4(bp{8ald2l1IbSeS=NJTW;lkIS^0qeJ% zhisbV9dX0?#uqE&y#-@67L!L9E$<_=*tQci~Gr~>t?F0jA=KL!ygEYqru^m+@%D^@E+TeZxo(~Gr+VW zI}jG_H+-E)_eY{S$-tK%k~Cz`X`B*(V|IXXd5`dk+f9ad?|3;P!zd+IGyZc=tpZ!< zJrnlt8{arup#T$HFYlXKc9y_0PN3z){}#G)UtxOL`#Sc@tb;H;KLQW`1(orpWb5sZ zk2rXfiC|J`&h4eRW-rE}!_;{3kh^VCS3ZT~2^}yG{7!cnzG3dlwFwkPdiZ0 zIDSp#F`dAHA<8p%r62P%@R9$=3q||T@(3pvpH3XLHLW2R`nYZSOWMNt!4*&n&eNRXtLMpeoPHJX z_32-h6kLjFuvTc!)8Mxu5FBi(c0sel@517T@ggQq=*44kVi7rbR4Q%wx6G5cV!AKt zG?F%iPS!cqmJ$^7)($4jw$5sMPVh!{C=3i-547=LUBRThaurMT3I_ft3uec9ea%qa zW_8ySbuav|oZ{g8rEOjvcwO99!(H&owDfr!WV+-pV= zozr;Wp8YirqgWV&1j)PWu>-0*p6P$`<3)G7m)ie`h)8M-+I zBhd~Z6PyUCX37;qXrZGD0vj)YGk?GXVApgmv>^ZV*%gdf$l-oZ)c)iMZvI!cg?y{8 zA+h_oL~j&zU(96|7Wvqq#y7d3K`*D#t9Ab4m081Z<-WU@jx42uXigiy({hBlc7snH zy3G!-e-=0a(Wo^*&0GfLd9)_VZ3w(Wh}dm4^qiy64Ln>+Sy8{&Z8`O3fzf?@L%XQH!Jrucf0`4C(rBX_i&mdZUeVb6K2gqw9Y!{VN?W0 zBxW#dOk zIe&9r8(5z+h|$`4(4oEXx#hQ0b(Gcc#L_^_#5`ZFwU1MD?ns8#*ayjcg$zjfLAYuD z_C8tnPG8UB#9*LRo<<3Dm_=Jdonxu6Z2!loyLzqp-5Qi5tMA23kfV*uV3Hd7bY`PK#Q2ucY{&RUz7TMfo(E6M{1(IMA?mFWZ9M8pAGvFpeQ33+S zUJAD#SFMInYH7*jfgX3S%NjPny~~CNQp|d`&Fe8)B4}oqHFP$dg)28rEeMPh0u0E!ke^M^^c7r zgTvC`vBv7fP8=szdmbk~`%JzYqz>y3g6mHPne9{;+3owD2sr#IvFOx$VO`_MM+B^U z$zZG&rqCDn1l4v5E&1l-c$tNlSg$6P*DiD}|Kmveb>|46CaS_@6=Lbo2_HvDp> z2Iz9uft^%|N=E;M=^ppZm$(x}-RYn&(&ju~Q%dw`ir6*K-6kI0#Rtv1QY1sU1P9~r ziTFRx-h$Fjlv!zbg4S9#`|D$t)RaZ?_=f`UO7FcBxNDqEgC6#Y^SNbwgLR@Bvq6#X z23zFHt~V+};2O4(e}kr>0F1>bt6bifRqq??kIvU^jWHwJCe0>oF}OC~G#wkNg$Y?s z`LM+q#}n^9QqPN+25SYUB;{6XD_Cx++S`DyB9DHmusg^RT3slVU@OOsF5kB*Q9Ujl zU!BQUmYgV7X@^zx-|+LI{k1iaR59?O{zj+5akM>8T4TJASWbzjj07gbF( z*#YDs0*X2wV9|{OVm@*8Sbv7Bw_w+!MyLsTlsDg6jhE&e3~=R3u2ln0806s19RS{y zpnGQx7n?{azDKzX$$0^0nY{A>Xuf0%SLC)D{tk|urxO60_?pjc|3lPO5tZC;BMg`< zXzL6jC~Z39e6uHDp>2G7=)3Cxk~j^Z37E^1jbRIRXbM8NH9P4T%BnM$uh}TqsZ4Ow z5c)=DSKAj3jNVi&d-G<|oU%RHX8CY%54j;$rQh^cKivYmf+7yG1&EcQ=NNTwLF=-| zebGZVGm;(vt1NUwr8Py={yacXKK_mdBtO1}Vv}#gVqQjIsfdwv)ICZWL9OV2$H;u1jG{8*DFu&@%lZa zc8%423Gs7z*PLcRlvmFFlBGiY(bc!3ZWy>4r*+#rOFz2RtVSkwW?0}xk4s=l&P*|- z2px^Gy~r!NPoZ~E=4x4aVd0qKd=l?1s~h{X?43LKJ`dUv70;C4*&vnGt_nOML0Y_YG?!m;A@j473fYf;Ox>{ z765(BST~af0@&+zKjiDxa7SXOH5p!gfex{=K!9vtRROS2RDPlVDr1~d)=p_X;{)UDy1l$ zZd45O%SR0c#&Z{%MnUV!eIbPMb%S}txt@dUf*e% zFUmud$2-e6pPy)yDhkPNYL7_RRung|mIOx@(Jq;68%yRn%p(!@>eUj*Vc$awm=~7b zwP{tnPy3|Xfq0o;D%m$4)$LR`Zkj)^Iib~VehTB@f@lQ!)b(E1 z(DOYUI1090f2!J}JUbC|H)boXm`KXRN-%?RqiD^gT$N_kln8pghMH9T;DyE< zJC;9bi8CyI+n>=_vil36i)J(3kZ`NK&f);`Eyk;Utg#@Hi}vEryLDN-aSx6Gf58Zd zHY0Mb)Krp9DY_OFQ!YAb$q8x@m1mOxtYX8127HhvHb#415ETd>Y*>*8)0^t=T@uPTTI)4S7MuK22ZK!_ORC1$XYSiPd@=BO%}rQ$#;v;*xp} z=Z2blgC#6aZTFUE+U;xL#4o)q&|Rx;OOgxU-yF20gSujLH0GQ!<>w^$@rz?Swa=z> zOHlD-7>^bi2{-hoY}W2{Ptz6K_oYd)een>d6DidX?ilyv<;fRc%HF|F%OdyJ&RXRj zE;N{tLh!QPRo+zOlM#=bniMRIWeHuxprmx2Kr)1xcWs2|BtpqlWl$-JiEvd=r7W0$cD3gtL2VAdkZRL*sGg4%UGu!ML zA-0YM$+4aFSA)neJPeSZi&8m)Yf{Ez(|y&8r)6x=nChmNQd~GaRt7@bdCXHwXC{l< zInwW}G#b2U$nO_#ndSc$lHMc$jTYZJ_JkRji%8@M&^{?2EzS#dGk9Lmv0z0_Z&%X6 z7^A~Eo)w^0#h%5gJC`FYF4X+s!iXhnQQTx{{Po+5Ze^h_ba!_al)FTOBSd_j^muHl zF^-G3Iwfsm)Awkt80bi)+1fs{kUGd#9zURsltO`$0BO zF{$_`_wST}PNSU9f*D=`<|~fDS9bj%fQpG8!3$-k5#C|nBHyN>U;m_z2Fn5NyYSoa7!{iczV_p z@{l+{tZc1*IA3SYq&ni0{A@hA3mL(9iEaX<;QVCf;w4`*$R2FbZ9FHh(vPI8lvr+P z1?u|4Uv;>X5Z!QA1Z4InlS~?^m;;n}D1Wy#AMAIK@p}+^*D+I~_{T=i(&RVdWLKm? zfFCa{K$gVAcV~{u?4?VpnWEV}kqXM@jx*wCn~FlYV#KhT%|3pv2HlvDN#Q~t0+Dho zjJZs9P8p|s<7cqkYBCkdn^HzzsgUsL3sWr`a>9~O{=w2sc_yuxH-zi8XDF?bd(UPo z+otHY9S)@5RsVWLI$UNXDd5!ub!qo2%hR4$nbcJ-fN@OFLdLqSHM+XTE2f=!c@7Cp2?O zN-KK+#`lTqhPVZkFh_!=0sl-XZs5mr)d{hi5ALziPL~k{>b{E&Y*lVE&Bg-Mw+~Vx zpe3peG(P8E0_2>g+>{Wqd=DDWD5hdz7^M%hFyagaEvy>ZZB~7d5Exa30T$oRd=ugj z(2rw0N``3~pCt9~1CYo0>Jd1g9F;Y4!0b^Zu5`A#~wo@4@ zD`!ciDV4gSCwHd#JqG7~7*bVpJ!ieFqZMqZ2`jd?h ziQ%L&kCQ-x9dOIa_E3t{@e?v_LUQ(HSQ{1bvo$-VGUQpkn|Pe^h87s6Txu!~{StOH z((cC!3eyYlQ(-ukdU$`X%P8&HMJ6m{d_OoqU z!t7M4bVlS6x4#*~j-1P^S>ws!C(?Skry->l#{HwW$%@1aD#D zUUc6hJ5o-;tWU0cf(kvTU<}K)TnX&mvh8G0%OH1wN9LUCznvknvHvkt7+0qwKRcJ# zX2HN=6BK4&5y;20P&X-pvH00MnTkoG>BnTY`s}K-E<&2b_-BYS8`74j3ZIaxlgPDi zJ;ptEqn=}@mhMx(uln158(XOKy8*k}=Dtcp($+kpVC4N^e^k&%HDvg3y_bAkXiTi^ z+Z?H0-~K3t-TZd4?!#=~0JR}27;E#blkbyb?moy&=WiJN1A_u-&N{TOcq{Xh1WztS z-;P8@)559Qy3^y-H*?X6T_6$^nkLsOWaJ_v=o;zM>D4^?@~C<5&9N1@UG!2Y?l9g} zS$Re)$8_CXnuAm&eANdCuuo+tKXf{%KJ$#alEbH_%ATu)BOj<@zNjW`j(B`Opiv=_ z-}EE&go493APeKxW~W=$7ooSY+g95>Ra5UL(_;*Ls%kc9&Sl(?pTO=eOLCL8AJ`+( zcWXr6S5Hf6t^xh~IQ^NGX0!C+{v8|Hq_3a`sHebpmpklE{9ztvC2$p<<^_&IE9r=J&?~YW6hPY8+c_A_@>V6^U`;kTl8k@#G=DEr_>*+&x|HGM z?yc8Fx(=vE#P3a&Q$S=`)c_GKo#ifk3_q|KVnCVBjM$%)M zt$!yBaXVVfUwPLLzj2VWOrckn)i_zhO-R4LY%OrFMYRFhI`6rMt*b~RF)b8L%$N9_vRMaaXv^M;i)WY9ZJp-C5ow~ zsVD;m4P!w%g@k1T0P`f6vjOM`R|u%m5^4r$1apK_F;nohVLLcPCid=Hn8n5xLt-(vYKlJpKgz&Z)D%R5%ns8DV%SSc3qR4Xh%h%@{*zV%Rs+IP5XBl+Le|~f#V)Os{@4i z%4k?RinB`J1FXFSbgdo-Y{k3PM>UfHkEFtPdsat4&+&L5LaYNF|5lE3vJa$PHG@(K5Jq7&U04`?B zhDt}TsTl7k@Hw&!{=gHrTi+qwToSs#Zlj{JKmibYqx`F@^bvo~!W*aNMx$)CH^=^{ zi5R`?echHeu1dEBe#M`$dKdCl=Zo{S+yYQS4`{sQaIX6T1FNN0A=SqY<*Z}>WCb1D zZ<1$hBH5XGlc{f}M$5{x6j`IsMPh&#XHxX_09A>}g+u7bR*klGYa@&jturba=VW_N- zqFHJMV%TPuh>xywVLWu3${y{i3VbbA1Ras1=`sXFzn{OS*w|Z`=Y<_h?jao4K%3!G zfP7WQD`AASA}KR>BcbvncY>jCH<|eXgH0&8T=?cx%>|0|Tb zN%jQsaqEmTw>F|bSIhwBtliJ1d)l2j8z z`#&(LSqnZ5C(nk&?}Y>{A{la*q>4E}?Ai9-i=J|1MuRiDMs$cD${MRBji(yYIdebH z$_klxLAQAGbH04Yh3=T`~3*E3wp`iO+q#f8-OeWwt^sZW4z$J!Hkkhjhyy5 zYSToWO2g!R+fepyHn`QA=Whr-Hm=oU3CopeR2I2d=>8&{k2#(yy((WSO4>a zxh;0J=SX`UE{8B(GF3z}CjQMG1h=EuCGn?U{@Yj0q8VCvRAMr-y1)c#a@z$!7W9_a z-w5YSFK8k(_W%+)0VtEYlpi!*NAz5)i0^MkYSN`j0+d|34KYenp$%$f-nM&Ds&Zx1 zG%nsC7h${CUd8Y&29pt6A?I1RFkd&A?T3oYag$OfHG9K4Hiy4{ZbD#P0%b#?&B7Ur z>qEI3;t3$&&_cL&(Xdwrv=+4u^VcHjEd8*yQAAiSW z6~OeW=_X>h`NnRT z-2P}L@=IkCsPZ&ro+8GbR9zcD$`tvws#X8Qr&wSHMy9+6F=N$>H(GuvfGpltChfZO z$$N$H4t9#(C;ou2M@CM@u!dh%g+x`?luuahpFP4UV-1mbT6Mc5v^q+*THN6UEbCW{ zc`}67d8YfWYp_R2ba#cuC;m5xrM%JyOwpx;%B;^aSoBB|<$GR6O*zL-kwfX3`nIDO zoLA{14VnAY&6pxp)6$1g=H$VVHR|k9@XB(5r~_w~5S5b62VwMm95rrpLA1)_1G_5) z&hIA&P^Jvqh*zRM_zVysr@lhb>43cb_j373#HXtXXGfHM$#*Wlh0*^C7Z+WTV6U2o ztO4RzXmnMTtK+U(oN{miJUbKR>UME<;E6K?m_anEsUD7bj}*Us+%Fj$%6i^0JbG(j z@^RaG(Og%DM%#b|kEuQOES$^^DtJ8R6;E1qRWT&t1$^I>FjPIS#8Wtqh;O=oebv9h zRcazcy4Hge5(LY#m!Bt|tbgVpKnc&wc{z1a$0LB6(h!D>p65^T2tbx;=orsTi=`d% z9_|Uay~imxZ<*nq@4T+e)Qi#=Vb66Au!4-<@Gbu05*kpTI-!o+MaMHgA;K26x|Cl^ zXmuXmpB!y}Q@6%rVcqv(m$Q-F>jdLLMcJvu5n65WBbAoZ>9W2vUp9TKIclkl)@l|g zk9Lk6hho{0`@9FTQ^~fTG_q4+4`%`Ooh@CnmLfO`u5Bq-EL^Hgo2%sEe@GYpP;N}= zK#7Y$?UQo16d%jNa;H3tUYRiDM$DLEqS>%9g)wQLyj2!!rn~UD*K|QQPq-A{aOgVEx!SYii$|c1 z#HLhZ2o-%>=`UPr)9spAcHSqycu{NQ*xjo6@3Z^c@0Ci#D!WEWuJ1<;S!EoZ!2Vgf zAeC*Vh1~uRo1k3X9&=P5NWd$EijNt{)-A7`>UBPGnp$8%l(4EzPTB*Yzo0{qwN0O`TimXkVV& zi#I2aA?x#L1JhB)jwS=v&)-<1QLFQi9s=P|lZxkrr-b9&`+BcUV%oN|HEhM%zFrL) z?(VZ8lH4P~#2gv{COtcOrhBUP{t z*ib!;wG$No#z5F47_|Zp!F5oX-!Ip_E$@nTkJxV^GFK^;)W5x$4JFRY1(io>`;|TV z`2lQ+axaXx{yOI*#m_D)TmJz<+{AosrNs3BmkG9|#3&vmtguHz3n|d68HRnb2hHO5 zoorELGNLJu?~Z0@uVil;$&fv$x@pFyWhEfVs6cyzO{*$(I#~ryF_RWDvd%1bVw{gZ zst#x}wz>2@^_TEu(53UDsJoTG!C$`c_3eyXLK~$6r)s@cMm|{9w=r7M;J#+%xi3w8 zbzaVNX|GTly&x|AO&dDe9ck}o+{vVTOH$WA-k-}vlu`sun7L`X_@dEDL34~X%{g3NdBke|$x(iUF zO;{EIralvZO|t=XLNcWbKuYa*%{vcZSe*1zJUYpr-V2W}>6N_fdP!D7d9xbOPP{}w z0oX!}&A;leFDESqcw#sVPcMsI)OyLMr%!-NRHxWD5M70GnGL32TpGO2Jrbp%Zvo;fD4#DN_HBT!?h39pEBzV! z%>;_0X#bcJv!3$Lrk&bAs=J<7()}5jA7!m|68$v{`AseJKozNwFb$bKd319aGQ0LBeI!_f1$GtP~gp~31a_i zJy<_LZ;f!r7es&k%l}Lj8rht|ZX6=!V-xHPOk7LRUP}gWAEs%KHP#w%RBT+FZ(Ue}Xt1m| zY2%gCUt2z<7e8guFqMz#KF($P861CrlkiCo;MeuNcZ3fOI}LuRe{MpHj6mtk4m}_) zQk~JPC7=j6vpSS(W|rjslK*NE(4-9m21>kuYXQK*SSN~?|2kAee?EHUSoABAg!xj` z4}bx|3L$~GM8`GcmT0;bI<=v2pTBE|E8=r;=31yY3iwfEy!M9X3bmcVhhMJU8Lf1f zvj)(>=8bg_wrl`7NU(5@a4jIdxBzO%1n9G9PM_$clGX`un9Y^vS&GSW%%vbqqqp2+&ywuPi?_kx-UUe0fXDuNEKq*Y=y$~Of<9#f9#J9XG6*^sP$Z|f zBnKtV`iEY>8eKYBD_#&wZMFe7q-iJH3sAU{3vX}qzc~T;UrP#Y9Z}4lD4k-BTP=CU z;Hmq7t1t%ErBIh;6qB0Q2IwgyPyf;KoubIu;2I}1;0%n$6FlY{esvORLU#)tB#1o|L~36u9iUXz5(>K`Y=AUA{VJWNu+ z_dxS!p7o;Ln*g<|2AxW?y_O*k$=X0tx~%48jlaH*o2OG@yV?2&+5;9f8^6p`9E{X) zMZSf5L|CByW)()p;}SFttcDk!X?byyx;6!1Pp6ZHj|KZf9uuNz9JqR&G3*s!CZ=!m zFH_E}0lTWDk-bkKnI^Hse-jE>FSXl4b2!Wuj?TfNt~opg8A;W|uK?f`&Sf<`+M6n_ zcTcu{<%2AngEDN^0d1oU4x?@ZGvIK=t^P zKf`iVe8N!^+4!N43swbJNusV4EQ$5R1xy2d9Tx}p!~e|3b+IcBMU>f`^q2BmpxDys z)pOwjUao+WF-o_gLLJpy3!K>KT9xx_jlRAa`+7&jnrG5pJWYuHVG@w*5v>Bp4{T{b8Bq3 zL#{}}Y))ure0!vJk*p z2$N=58c%t-MCH{vQ2(6kQ7eJV?QEy@T*fa?(=8I{%H8qX6oxg{h?Ki4oYlX8R^6@P7{Aa2W5H%oPp(k+!oqmSmDZg-Lhcjhp1sB_(n!r-ilAXA|7 ztsHlpbIlHUruMX%ba{nw9JrmQ^!HQ@-%@w$QGU zYap6ra2rTn3$1`JuQr zpCKBhnSqSf3ih96%u18!1;>({(hF=&W1rjcjc?R(uxqk z@ocG~6PCqC@*aW{!Nz;`N3#Rjz81>KxWNnD+~rglxQicIKbGCHsr+R}=uq@4nM&ZV z8~v{#`Qtjj{!BD2xHcEm!YrBsESY(+Vbip!xmYB71ZAy zpjT#<22Cl%GQ4UJ1OfvJPw~34V4qM%AGO-Hb9NJ3lZ*hnAT{f94;7uK_DNm6z^5_GRG<4!a-h_80lFumJ90ZWMM*ypjhr zV;9-E4oay!L*LQ-5Iy_G>zVgr`DCO>lG!W2!Xi;B+*XNY6rMe8=$<;HYr04 z%a@YuNfH{^8zMpXK-V`@qE5CXvb>!UUI&PQ1AAe&fa-?+*1{752bIHCCC7o?CZ`Z;lw5-`Q$>5Q`Xp|C8bmPCD2M?%?2m%%1&(?y`gb zmFR0x{B77ZJ5_POk$Z)hW7ogN#xn=agLx>{&Eq2|cR~C=&p-5O@(sLD2KnKT&~h$A zTNW6*)wzQfZ#isBS`#3;s->7mGYE~s!O2o(qI6pn+aHx0GZ4YcFp@$Z%&(F0xQmIV z9$E_WsN_TtKWRD3>k2G>G(qbgosE>J3x?_Y9;>yZJbkx2(v-_W%oQ zPkzs#!gm5^PSNeD<3Ui|6JYUH!;n9iiPB>5C9^Q|`JGoQRTXYO4VFNO5ItMrT=*dy4oU~(Ej&XQ0B)TZ zK4vrf0j%e&;9pu=N*Gl$D=X>zK=kIe%rcuJ;rIyejl+0_o!!@Kp-Pa%7UfdslKj{lupb@1Lz}pj)OA_Qu9Hq-j575q_=#nEIbgnvq z**#&yTb)*tdQwl9_Y@pj^6N_gKn&?io!?D_2F(uBB8=xVSO zU?9fhsz7fsewzX(u}!WfNaLQqXlKVius0g_LHbL#V9xw)Vgqg7q9ipYzGR?>c9uOv>6INU;s19SJVwx`gI?Zo%F5-fYNlNn6 z^R>Ax`e}%8X}fba^|1J8Xb%}_o`49)=%>mX*WfU?2-MuBH^r|#gW<0FvzUO#!O=#y zs@;K##HE$QY;?9I)O#Hmus6PzMy-j#RI8P-^;;j$ zafiYhnDxF7rGxk!1AM;D^FV>`0$A*>&PE6D3?-_P%9hEvMdBmlm4vFq{BMj!P>HVt zn&u8H9=^A?H8T?qg1Sk(sDi?Pe6;ZSfYu0VBHQ-itDJEPW*Ytjey1WJ0vcEwZoie~ zlxvA#*aJCvI>F5{{a_miSNu~8$Q$XS`Wc^-u_B|dUgQ}qfO?R_ejUhx ziVnH2Xd$!5z{+e^p}8MU%+W-{v?jPfIVfu@pJ6=|yGEk&Fi=8C$OMD|l?DdYPC22; z9>XAIa#ECvBTo1abnXZGP0~OeBBC`Mnf1OrQq84*(@^a^`{=J&{E~$Jh0G5?%y(&2 z!zjkAJ-vfzV|V!hJz&>G+~UT&jbkNuF>_VsA6mbEBxinJbSWMPz-NjBVu)^AWkgz=Bw);C+27xc7(c9s4&I-o0r|Clt3?tcoonH{8!z* zTVGT6ev-OFChS$2bz99+b;t=Ru9Wrztq7xqB7ao}T`v<}{10|!jR&~*VX3V`myF9F zt5-DXt`aTHkSR>>E08ns_AIvB8fHMeLFKD1JVhm_9(Xh83!vSlhk@$^I=4jYIL2;$ zb^i09|8idvD2qb*Z{NREx`rN;dyFd0Yo|8YG&Gp{4lRT_O)8q#{=6>@O91}y<7HzT z<-dKq|2^+Uf1^>^BeQ0lzfiABV=nZAa5%13%_1JD>A;g~55svs62V9aF3SV{xqC10 z8Gu{yjr%#{Pn`V^{XyB}A$5E|UQPVL*#G)@hVfLr zweF6_a02{+S#{Bs3zmM6G1c-l8vp$7~xz3+B(q_;~@e`lDh>?2Z3ET-W6RPLQJb>ge(%43{tjq0um~o?4rzunRvXa>@d> zK;xiZtkK)a(0c?}{+1x(Z4d%*&h_f>rpHI<%cSQ3)Kzf4!nGd#F$thz@YX-@@Ruh4 zWpl!S^@rl~uJ|)OHxSsgqA_5!B|zQp4(5G;xDYk>LmcZ5rakM+flEC7xQaKruye51 z_el!X$!CcU5N+n$B1w*2wx*{5Qo=`22-^l=*6}2$DJwX;=bEFnqWPM|P1Ej6iTTDN z?eUsGPAT-e?U4(bR|bMSE3-srb$E=^%+Li|Vi?P5mT9$w`{$RX6hSML>1`HYUpDhP zcl`h?@P|1Ft*d6fcG)^;Us43T#@m6JLK6lN)(&o&u0u|9BLGw;V7v~^xoM>tMz0g_nNzJw|Zx-16mV^73>h{a)!B&6FYQz#|$kGv> z-2Y;1e_wn>Y7hqHv;bVc?XLD$$deoX8x|COPsLf}5daDl>@?|#F_ zxoiqYL$J`UJ1zjAI|;8pUd_!nH_NF=+sy${kAgRcrCN165Cv&6-3Mg-?UN?YOn-Z$ zP@19_?GT+Rcm|*>^uVd{EC~QAKd=0m0ey;3kORW^#AIZN(PhDVLDm|`MYkgG4Ev~i2{X%XOeiao4Da|AajVBW26 zZ4Tu63dPYM#*Ya!A%Pn+(0a;3BC})+3Z6=hu|ejO!7T0=s2u19v(Y*=JqcL; zABRM1XXhP=Jx#0hJs4CjSgqmwI9KLl{|Sg@b-$~4qnm;aY}Os<6HS54YOV8wIpMQ3 z4bbmicUiaAt(bAh91A-Q@@Bl$f*?*VZ32))b>FT7?Q9K%Hf3cR94*3q?B_qxa&&YY z*-}!uoGuK~mojwCL%Y;G68{EmFKTlN1bDV+VP4I&@X$5dpW_5N-OG9D*rA~6}`SD#BV&4JyscO0G^)DwV-5Y4f0-|;EE7X?0S>hUnl!m7#zB~H0NLuCB~2k{h3@JQgOHf zS>SNJwX(zVMr>J>kEx*{MubbZxsL+_xJ z)(X0ltjT~L0z@)bWhc8?swz(0dmitoMKzXw~ zh{B_-rRBxJ9MEncKk6H&w{DIWe*#O_CU_sH$RDew$|p7-p>zCgT9p<_zF-e{nv5vS z3(#8F@H(zDiYd=#JZs9tEJVwKr`#NFrX_fsY}OQ>Es0#nEXg5j6w2-=10QS&ZTX>i zB=ghy8_AUWb6}l18QC|S?eBO;GpThHg1vvlCRYzGGqiaPZ_udCx!kgTumeulr_%hw z`eT&Ly&)277IA=kE&wO(AI7^tuw)GILY0yr38moFYM(LFm?}<{+bTje9!Vv+`8mRn z*o7xZ-t4oM$(~1=e?k=u=7U;QprjABvFVaPxNWXqIWG&B?KvjurqeS}FxQKO_P*AAG zhoi2iGL*K=EWnT{+2cX*lE8?sinA#NH}9&13kOOxQ{ufjhv3uFbVL%}3ATmvwq6(4 z8}W#8QFT6ew)}l=*3SHWgRC{IO@=f;%sU40g!f?-{3##EV-ff_oaJW|k_hs(Rul-y zI+YI4shnOUID=&A@m9w{znn!2y%tpr7yVXXq7boJ3sTY9*Qo)v8AWRI;7np4=@|Xv zmIdA$Kgd}UmReDl#Y3Wg1QBoP8lS&z0r&OVEK*mkookLxF=^eZ4zTIu3Sm^+O2DQ> z&~!Rra zn`1>!E<4eb%&`W6MihBl*?Aq7t7sueyUXx;l$t}iyD~2g)Qf%i(iOj>?DX}}?PGGz z6IVytZ@Ge22vvsM-p5WvB0Mkkv8_SZQ~RHa80If?cv_&FvO^@NAc(E&PLzNKi)jrh z48}dJ*ZqK+83n=22>^Ypfs&zA&t;6Z_(fQux5c?q4Z8zJ%tNOnNWcOd#wwnHp*Air zbQ7J~XZ@6;P-#l09!n%X&etkw4HU~z>B@gh+&ZfH2HJp%z~vAuF_Nnb;*xb^UB+7L z1QRb-81-lHZ`k=rw5ySIOHT9dWtTDo5)-Mf!pQ1-v_RwuB1nj*Ik*yhDL7xsrLmUW zp&ELTO%zkC~b`zT(r}S1BQz)AHX$G!b!S*V}X|2IpK3)pR9*} z1@3+QYd=k$ll!ZnEd7U|NdDX76$EcCGQQ;POw5oOb~1#jux68Ak+B9e((%2aGWDph zP=DSYd4)dm2_IVWArDHt3iZgfttwN7Z@IGoY3zC&lkg5ImOK6)%C6lTNwlQd>uLOF zHr6JBPCCEE#r{2b{wt*ZqAo8=-3LTMTLtLuGu?@H<3*OkL!b{MAdB0yW29R43IVhs zsho2c7`kNtf9-t*R8?!&u7R>KP>=>iK|pB*q(h_;P`W`7k?t-LL}`_hkkU;GNH?gI zN-5plDcx}A@_e4}9P9hX9seEo{&$=+#u)=)?X_3D?~G?Y^O^09LGSSdC-Fu_>H-m7 zzRW3%XUzIZ;)G?>8aiPVWo>opffAC1;D);)*xrsFA;-lYedGI3*2s_tjaN@!sz1TR zt^yg9^RZU);G=R4HTD;(lE@qac~_sczxLJI0vP~=;;{zJxT|%1dk`V!L5OP|Ho7h6 zi5E4=xVtnu@gi_lMj|eS_u(gHV5cl*#K{zdHm^zDx^PA36<+d(Hha6+4Wq+;2>QhdLhcpi+OXQGk*0^pKL#(GA>wB`ikrap`3 zkT7fCOPnf!9*Z>K5@-h9poppzEX)cH%>hh#mkZh^W;^v`a)V^}I*o`wrlDIRB;-hB zLrn7yB@&6P?1ym0Najgbw!RFZkEYwsO0X%%tW++>sC5ab1E|v@iZ|T5vd2u2NyLcc z4We*k1U!Z!M&QszXUpvf6dtA;N=5`rY$0k$n2ziu#8NL39j;{~s!aN%mCoCG1Zpna zX?F8{h$IK$nMA3`J2B3S-tAk{&{^kI{4J^UP_LD79uyoUHz!-;n zmVKDFeC7(lTA6e`U4F6!xlFfF$0xNW9_oz()$%#K`ZmE_r)$u=2y<8F)0DM=GW zUu`X0?t*A~rpKzW{xjF*=@w` zWBwA#6)n^WC4X@8Eh`BI9w^DpOWzCDUaI=SKlSH zoh8(^l=y6p%*`Di=G$3r)(kU;q(~8I-#$rO2HD*S4HlQM$Ej@CpvW_V8!|0JVSuPy z0Crx#%%|~q!U5DRwwB^Z9ym&mbjX=hB8?io4l3A>tE!~*lCpzP>vb%R_Ol{brH;FZ zgvxYtqRin;HedA15^E^cKO;+WOb^~v5OfejM=pBNlUOZrhg31Ee@)okO&$w8xj=PI zRdZGidVHQF@9o|inrd@kJ2m_ZU<>@;>HA-hN`#pK#2`eSy#F%V@f9U-0uy z_eVtX2=E7jp$gr}-yHNW3-$2Dd@JZ|kI*-NiCX^arV4>z`HWO` z`PbaXZx&SG9Q8d8z{3mZ(sfgJ~QG4 zpq}a7&wn`cU%Zw-KJoxj@H)rG6Z)?_<~Ps5y$6D#y5kI+zgRSXfeK?!BKTkB!A$$Ljbv}FL$T`mgzDz*2)@x)V4;gl z_(B{@gW<;F=-l0H5I4HwbDI4dpY#SZh7Vy~PTfygicp%kPjv%`n8g$EzE=!zAc?7= z?kz|6)7y;(UzD4Hf)SFsQ}$Yp7HvbCZVZI2$*zrWf^=^}rS^>vgu3v(!v5*z&^}82 zI@i|&z%AQNNCcd`c>nO+|ob{`He)jqygLnoBJZM8^uY!D12Lf9GtYiz& zWGC?49-ErrhRMH}1B@XLIFF9yx&fTkh`tk@?8`@M_2T3<@+NNpGU`Fpchs_Odn>@K zBtQc6p{LXQ!xQu@pmFQQ{++?nOAHoDy06@sfUV`Bo|&5{wQqEgEs^cIqF?YL@~X7UhJ zO|O*VA(F=kBe*OKsA?)ePB@kSN~^rjae3mFgeVux9kDjTtw9uLNUj*)MH)%_S&Z7~ zoq#d8Z49K``SD(eI%M=fZ?QZY6U}wpsT`uc8K42I+86~!Xz5NDZU6_{1S;*WS5lr| zV1#m+*ej;u6OhzL^4D@nqSX{=RcDnNZ}DVp^(w#CcDDh6cF=XEIrZX;)5&V(>^uIa z9Y&t)Dn#Wd)vrNl@8sAHBR99Qn}MV2wh9HMQru ztp*mWXp9@Qhvfo6uK}k1Jnd<st5`6cI5A zouRmWf{-_d!21U7+p@h~ryvxfT@{HDkHp4#{jN?yXCDXgkx1V6tBgWsa3VU_ZXt{s zUBcL{6+vRkz;Lx$d3@F$MAV7|l8lNHL5z+ueH)0iWoK;2fbY5k#s*l!{N*wf^3eEZ z0(Og$-oOpl?7XWVDSLx3sY{sHg2)p>7Lw)0cPFip@ zu}Fy`PzcA{^XiCfZy6%|F3g+R z8in1)i863Dx{NZy)%_5lFig|&LycCkZ5qE5Zn{l0iOhix=+m2_?+0CPH-cqeRMjnp z1v_54sZ^FvR$6JQY(aNZ=5dpAWw1i84nWT4RoMZ8H=T#9W{n=6ZrVd9E8msT!5NzZ zy7N3RuTF5!FpnqpV|jPrww!O!C*Y#NYLR#W(A7K_4R1SeY^^P{dRFKmkLADQxd~rd zuNWtIs5u)^nml!MXKrduc>2hb=CWI-VaE4jzx&yuY0g$nWWu7GDH{#KvxQf_ifIUC$T6D05Ww` z9oZ*YN9=vt;E5CCEYNDja{P%dQ7~ARqlI;pJy%9egM z4poXJ2R>kK2x+-IBGc}RPQSE?Q2KMg2&0AHNvNKWPbenyHg}adZ|LYWf+y))$z$eA z7CO0^5=bOMVN|p_!t_LJd?%;De!?#&^dy4Mt~miw?pjc}C}U}k7>}f{P=1b>r=+^C zC*}NJ`Q8rGX97MR0H<9UETNa*T#FGxmMU#Gm)KHkhJ5>Q~hh3Gamx46Mb_FF`7ju%H^>gh7pNcCvM5LJsNpE2}- z4}YL*e~;9_W2%wwFYF2yWQ|U_%n=y;kp&mexmjW*>Bf;y_MX9!hPC1`VvntABGpY7 zmY)}uLo_f)FSjX;9+rPUO7l?t{C44R9qHc2xiH0^TSVmvjh0Fm6>cx`M5vvsQIZw} z!16JYhW5tcmx}@iE260k&+<5JuU>~_iP?GMs`5LVoaXYI@|?wj6MpxNu3isTl?&i2 zoE(a~Qn(k~Br9Df8edYH)Id=tZF*IkP!faS3=SgU6oMNbEAQ>u-lYmSe_!RT|mz z>YU|fahw(Y60}jAJxz)B2%)^`XRUEgG*R7EVv_j8!sBc50cG+$LoO>Sjjl0#E=_FH zc0$rh^`xtpoY&3gDHBc2g}fqz=j6-#k+hb5G{KBW7lt3#J!Vv5R25dfHc|UWrDf#! zenafB<4Phw4d9{F=Ix4m@%#<(x*H^)5zyS|y>J5qH#FgvGBDDPy$qCEg;h zJ&_1YL*_Y21`zfwj-Y3QQ4wV44kdAz8eUjQ@{~vGguJHyEIKJgHE=N`W$J(gPw+rO zw%lpK-XIN6E7Z);4wZEk<&0ANZS@Y{wI}OTnRGAh{IzQ5tQ3vJ%h)&Ut}R`ZdNsx2 z^FTI;HdtC7#}HdW9iLrTQ7|*Q7C}6>^j0ZVCXVi$pP6=0aFId>A8$-=inv2CxOSG^ zg@sgdw(wSXD~GxV5}CV4;k;i@ycg9g%Jg%qW%BHvCq^sEw@JHed9qpKWbpKL9CYQP zU17OAi_C#IGW8S-N+qS>11-W7t*sx#V+QzA)eEx%Bey9z_A8V_rAij3Ye$mN^?f+? zcnsMi{+;EZ_Pf5aR%1FC*`KuL*g3PGUK5n+kTF*TSt;H^wSaP8z2LECq~V315bG%d zkhXUggW_n(uJ!=#nA91bFGt9NGRDV>r?w0jET4&!1z(dk73ZAJSsRE7zMHuD@JR2e z6KU60c1LJ~DHZN(n~Qnr)A#YKY#(t6gu&JszC`n>jZ+!p7P_8q*OfmQeE{z=7v>@F z2mMZyL$N{qowisso*&}^jkNarqfr`AE>qNGwC$DS$>zw2Pl2t=78}vECi=_OL7i)^S7mbhfOc zh|R1znYatx{_%c5uQ9mF=-Vu)PEnTY=u$c9IhQ2$g1EL9vhTb;sYu{Ou^ELXr;m+cbFNs=4dF!x z_V5%JP8JuoH`sqoH(xIROu!y}+U}>1$t2)j<(UWYE{~iWnF{JSbprh$SQ|GG@TskK z`y;TV#BR&(K|7b8IW?^bT1cQ(?I_z)i{R+6WO-XSeaWWkm`7h9B)8A1eE{9f2%v0JK)oezF`xkdHZ z4%I$GUQ5ppF4VWAD581{n9A05CdTFsgH9@C-4^GD=Feu0+8N1{9u*O}UiO}>aR?gB zPj^lsVRIt8Z5i<1O@_FPvb*(;(NIhd5-Uxyou%mvPg$)KOy@4-U#X)VHRP#OT-gCp zynw({dr^`7{^mfqoE;yhc!<_a_MEs8_yu;6hJ8^0dD2%szL`tKcK?1-yquv5+H~EqMpf(>&8_|M>xC|#j-Xj z0Yl(iCMW4_q9s(4%ecr}#abLKal48IZI&uUo%kWaPlKk%KE_N%idk@vQn`m#I6W~W zv0htxq#V{!_fw#4L!c1onbNaNG?c+j4yI;nDL6WOdo4W&?Z_80X9ZfjW!STFMj^U4 zFIup*k3H(yHuc=FmQLYa2QrJjoH?%7v}0J%jdyX;n4n0rc%Irw>lF2M^El1M>$bV4 zLKIg47hW5`w!&b;h}%v@Qu~}ZUNe|cxqroPd9JtHt>0P`ccE3wz^ND}%NpofHM4)C zX5jGvIC!7`pyCe!8?w)i9N&+1P@-@HVq0kJ*)$}~Jije=U9PJFVMb&Uww47A&qJ4r z4d(O8bDY?XT+{SHNwM$6$yb8z((GS^f`;9Aj1aefqN6n~&q$N+!yXUZw2|vu%n}+G z*}DMW9nl#CESV5dq=BqZqreH63bSeXeU@txo`mQ^MB=2VY||1(vOgnJ!Oc3qE&l$= z>%_+#)K?{q6b&V@cvP*R^RG1YmY7>g*-$Kr8Lr%DN0TdS8^BHj_v1Ei<4Y7@R2l=a zk1>=?ETPQ*Vv5&C809U9`*B1ak1$P*?F10W+cZo)FBkTlKm5^!T9fOAy@af{LWCNq zKZ}2eW0NEc_GMP-cp96mFJW-k##W~_QHH!5qG8$SYl|I&#rCx>oX}K5C=dgLG=6e_ zn!y6ynt-@z>T;mKQ1YoDWD~MrdqTS#UVONv3XO8_ij=2_Z>p6}*oigzN7vqV9qd~# zhW@^A*(r72ZcEpc&|%5>R zGz z5%Z*x%ItVy7Tw<>iGjWD;!_-@3B@M{Xt)J&ub!9i&h=3>N_H{0Sv<6o5+7`6z>rJ8 zkfA}J8``C6G;8#^OO3)7y;^FE^+Y-7vBS7q!SDzA57(o^KUmT9FKyJ-v8)x2_gR&X zhnLOQFzs2PPM#IGw{QOejBh_kVR(8-iIIKx+duz|{P2nGkf(=+l_oF#Uq1J@BjA+o z)CbtReY}+9bKcXiP2!~(ky89yH%oNaG!}uVTw}$5b1ZWB1Sefn4 zPpDBlW(pAexPc*Ar)hm#h=EvN^jWh791ZY-usxy0Z52FzLF#0R*Y~3tn z@G17HRP`62I-!ly3#ohI+>;<|Ail75Z~wt23SauC^O*qP%2-0WPFbgVx$*}0->!S|0BCvf zz)K=KQBRMm#4kYOk^r>Ku?yab&oz@x2XK`M{X27Z2G9gw*bjiQ)u$D}lN0Tk%67NM z`4hqaqT#a22cza)*NTIB5PG5{u)b^~Al_^SULLiBSzhOz$dR?I?Zrm7T^8ZjT;>CB za-cLh?%?;y8rrrw*N>;7P#|m2I~XV*THcQR(EK25$zU-74(0d{m*xMxJ^xsUZxHlZZg!Zom*6CN-3D7&eW)jh?%*9H3n39MG2I4G62ZX%UeotR8 zaDNhk&2ZKc!LZ54*RUr!UXzqq%D;lap$sn5YW)$nt#1*UB!u6I7_k@K8Jf?1aa$t{ z*86F?Sj*SCE*j6jU;Ce^4(aq4CAImuG$5pD^;Y~^ zcSq<(nCaeyfV={C`5sgi(6B_9c3_Rkz&5&5!5i<$Fh|;m(`xXUcAj*wo_ue;rbJ0| zrZ~Szf(~6^M}J7AbI5@SuG%>RVlOr&=c=bM{9B!kvKYo8X=!sIF61CIZ~f^iCK_^q z(Fz#aU{ui!tLJ)O1rxUCHTrg9r!L_eqy(@lZ*NY@xJ8sLJ)dV?4sY^(HmtQhL}&oT z?8bBbu!LAX?A~KoDF?;ZMcMdFo{14Yxj`rwZ6&zvOlwW@?`_C9Lc6%!FqN=ck*HdL z=ra;0n(ChFtml{5Z?+Qc*V8kqiLA57MISJ*d}=0GJXQ^y&nZf7OKO$w+Y@>6}KPL5DkT;h#4n@J^b zDiMzDC{Rr;&>U?<5ddhukpt;^qF$KBm4`|=StUTra818Nd7Far-3*z+y-N?%OmOnNOzOHXCPqD7h4p&T*8eq=s{A48(yXa(FCHLEiRQF}3@5(RVnf>s*?TcpSxF&|fY_AUeO?=f!yw)Tf z3ehBjnCEv*!fVE=iDI%*PhVtZFKXU=ZU;MbeCj=nNoP=cTdhwscY078BNQhde->8a z`@sRkPi|~^-{TI|d=Adt>donx2k})=LTAsoTjOk3_ahH~gLu&Nb9@(b3W`$57&i2? zVicP$c_T_=c%EO?b8TTwQT{5y@RzTb3}k99dzw!7EYwN{ia^1Yor z`{~djosCKq?VV@0yc8KSh-(Q%d_N^ye7X5WXy3`Vnwc$kEJ_v{A-Liq_c@Xms!H#o z+^HkpKxAa3h7t9dmM(Q@O}XgOf#B-)z%|uwpVyZJBktnd7Y@5{a8-W;B+`$EQVSKG z8HamNQ#xg85iiCz+4&TEvf11+ZsLP(mk9UDc%DYmZQz zS;+?*#TiI{ew|V2BezUR?M2 zM1uAU(KMm-{#4|o`9x06!e~YLs@$s5g3d~u6)#YjgG|9L zGhdy)wGce;m2R5oH3&Hx-P@oR-#fz@g6VrBI~U(1#3ganX2ynyVKvP!<8E4bjkC_t zehN^REbnM%S}pb)<@Rk9JF21TQcxgGU#>=9q1wsGr(ab<7~`Q+M%QRmJ3SPgw&BFU zCzrOS0Rg}a0sq3E;(&prJ<>-eyWkXagc&d4GO`zO!9XdPi7D4}26T}F;#_x+E z;21M!UJa)UZ8e^BT_`Mqr@PdhNu#Bo`z#xk^Wq)ryFOIADoY@P|2$w=;^mvI8H?lG zp_lzjIVdMwK{Ra16#^Hd*@dBb<`lBTWjkg1W|CT8#pbTXHImv15zr1xmuF#gL5#*( zDktnsydSIwDo6FKU`o=QH}f!HYtcI8W^P;E$)E#d0HgX8_8#ta#4xLlYMRNB2^^0( z*{YAzf;0|If;QK)8L{puzE0oVFL&h2gnjj{l|wd1tuM@`l~YBa_UeOE8t+N>E)ej3 zvX+g&rAy;U7X1u)9TdVhh-1Q0D4KR@o`p(0Cn^y(^%?R`VusL@{sYDk!Zg&@=jokM zBk4yx@mi>#&&LXEZu%;|doWADcyo-syi+#p%4xIOe(9Sk2*4)4!rmR~)BuA18xB4@ zY~9P|($q-Ue&r|%v-^6&4{KU`li<Ijo+@`>mf0}j6C>nx+~nPF<5eGKElnb2eUL-|m;;*41pXXc*TjBdMnl0uZ6 zFFz&9*A`|UCg@e;n`nNj*R1wm5K9N2n^?gudwP*jlB_Tkl@ONYQ)YV~x~ZDzLBTIxvSr(PgW zwie-g@8Y|{r1Ya1Fl3azTZD+PrfaIN=>=nEB`&8Y=b+~)OPf9jeu7drbTmPaYOkbU zgQ#X9iP~@UvKfSjJo=gXy`ToIT4bFXSmV4mL|A?omxz!M^^oYA{AVO(+Mo-4>VMW8 z{86DLQ-gowM}S4c_(_HPSGS4XXCXulhg38T5C8rGCo(r+X*}2RM15YJuGO#_3{(&hCw)4*TjtWr<_@gDEpLQPamio+RqPW}gL)Dt`5JQ?g>s}|@ zUQXnfa@%Zr6rze?}t#`7uM zNj$H$bpveOg;cjdK?83^#GN-K7|-_ju<7=!1xB2@xS$&XLp^bI2;Mcnk+Y%m-!0d?e*57?e9%55X6EJ^wjO-Bt7JDVkhApt-1%6St9WUS?w>^TzV@(#0VzqywK z4nFZKRGV2%;vj_hKrRHvBv3Pc0<&@MeF#_t&mse)JsU@udEA5q2?QF}pK~BjLIah~ zAZrIntaHGHUSEy+$Uf`{<$qU4Xi;hcZeNpec6}&fCv$)?n&`T-3GusD;A!qF5c)Vw zf*raJ0imgD1Ndvsof&<8Nl*D{>rcMN5FtjgY z(FK@J{Icrnh`A)H>N2F$bQB8&F-I}h=c?gI$Kinsq(4(k13fLP$slv;zK8_mF1R6d6(2jT<lZDp_20M^MmF$>ebbj6C+LwR`p%-sdOhdJ)cyJ|HlLykO$@cPH8xnq3=dv1H zN%|*9ORF`&bO~prO`K7DMyzE(8Yo zvE6@#Dnk0fTFTw_z5+28!_{cO23Y&q50pdAuyk+}XJ8g$nn?g<#j_i@j8wsdXHP@_ z)M6&01@qvRS~naY3|!NGysKJjsyt>G4wv#li)iY$$6Nc|buv#qjMyNfTZq1BBBU!%aaK+&#LZ{ zD0XBbp5PU`<27F$zW~G0>$@@SEsO8{{l7iSKW#Ds6tSt|qzelW)p{x(_Sk>2)&~hl zIq%ZZ?)bdUKQPv&)FHPyOSgsK`}#C*RQLdiUI zvDH_EMc^V-4$;r3JC(w%N5T6 zXnSGAJYo5|a8PZHrU#Co!r^;%Jr<&TOm(z@gwJ(fefC)zvQg(wIRRF;Vcq7bqNiF_ zF0jp>sG|wDPKrFx8_t8c8x4)Tqtl|fx<;z>dL(O{AR%g{2eKkS-{8S?ft@DfWB5VG zufCTh)XN_&0J!uF&)mgc%1}Iig4(LQJmCu@`;Fu;RcEDUZm0eMi4?_y^Q3D?(f^@{ zXnkLR-ip|%PME46$~Q5oZ4~CdJF^t)zF!RL+1jroMI#?7KGOUSN~U+ks1hU|S)bi@ znqea{$*#Xr%iq1oaKGj*4)YaL9E@J`isKt!0$rD1RGZ~@&*O9;Sddu#tP_!>Sv3cR z0DYI73~z{*2-|I|G!D%uLKwo)B;jCIGS(27Qg-(yKG7_o5Domk(<556Wx`aqW> z`QEzkb8o(B|&P+Q>=tbtA+UZuCfY|459$Vll#$O4!c@_Q_gJ1wx4O~mXjCyH<4&DS&~ z$f>qvaoAb%gIM$S_G%y)daq`R$39o?ev0+d4Pm+iyN>K#bw^^0jzK*VuNQ({WO^Yr zxoIKY!!1}VEN7&1u_`un^?rPeu~W$#sM1vKGo|pmD@Gr zmqX7Z4fIV=1_+C{%)XmxrZ-bhq!5(prZdw|wBOG2$xW$^X{|jje91Nfm+e0`j~@O> z>`-d%mG;)$c=_k&JbRV%s~VG|AjA1L{(Fg9O5Cw=&spRgmH{={VQt_Cua|d{A3n zxLP*MUu{N>y^vrFL*(ve1^KS|(^3>d`{^;Utc?<3-T-_l5!_pD0hwWm8@TqdwHJaJ zcM+ZZ)O2zh;SSPSD38g&UNLsna8?61m&oDV}5nwyk*PL%q+?-xFLSddt%zGvk&#cEA~4E~T()eJZ}< zOO3t7YLC*Gm%bvtAL+o+&G!&hY|-JvH`%|Q*o{JLk>00oVg_6*s3 z>Oz6J&Zz}|oNbMTb`rTpArRasGTMXpigx6E=tUW#8Bt*7TZDw~*B#56{!DsL-duHqb^6H}Gjrb?$2 za|ZfV3O93jD+J! z2=x%7sEn_{s{3WsdLpCVGb-I5>~gSBEGnON&CqwM0Ch(v`7k(pV>SJgiGOk5u!^u{DSM1e&f{ctTVkYafrEpxhjbfhDWB1 z?##y8L;mf!51PKh`$$4U>T{D^eKV99!FZS997Ea@CXv7ZcR=_oNg8^(#wka#^X|h( zZD#35jWrMwJZn77=WKtCoaqk-9S-~yy=Y!tnjbvTGl7{|0ux|bm=LMR$C|u;d-!4~ zsuT+2O`uQm7}`Mmk+OW^8D2-$sP-OT9fJ=PpN!_BE}o`KDUG+hBv=c0&$)-Pk+2Se zi}I$oZo1^dDjzYdRIbiSs!J^qr#B#;{Xi4*il^sG5l0!)qDMxjDa1@9X@HO`F0L-C zL3@u+K8Y*Aj?Xk}$wI5IvMp=qCqJM1fG#uUcZ15(Ig2c^oB>G^ev0%)svDZQ8M@?e z*U74v@ENL4rCECS43(~{%q3#!}v*4!y86lVG@Cs(geceG3VJvl2xII@Hx5uCN-_p{H^H^z|iFiO~v* zD(EWaq(UQkC;B-=cP9~`N_vFWSbx~VB2Zb8MHS;&J(Q^cXyX0Qjq`G6N~zp1iO86d z$PYUc^Y%=YJwl*Bs^L$KDw*6s%fESjVR*?h)jxGJB8n#jGoFiS4yQE=uz5Q~eNyv^ z4J>ezZQIuJ8r)n@uR}JV=(sej8_xcd- zh{to~_{=Qfec2H8j6PMRyMb6s5G?8)L%o95Lxv&S>5LJ($G$Q(HTqm;XrU;zJNd2m6aC-?d zNpYm!yjjg&_M~iYXP&);u+~q6nP|TuJr%s#3URH{M?R$;PM1=SL0{AB?QD*5kl4A7 zuxd0VmT34l#4QSX-3Vg*J030qJY-nlDsNLQn+lW09aXLB+0@>t( zg^tX$DBTaW9W~6Mmt3IOw^aJIkPjtk_ChnVM_U>WqahBQ%?PTR29Zd8w2}k!{giJh znLm3UM;hc8$IJ7Vhd`%E2J^J_4J4d}2LVst!Dp%E zCsd#pXgah^qikP&Tap9Rp6X?u?8p5c<}s8x8+wQr@Y%)1Fqi=0Lc(op>@)QSGD=?j zkX!zur*EldXqH;WHpxC}FOXSql0PI8YX_3t<2R;(6IB-nat{ZW`W!79m1%R(c}NZg z)#uAf?ZRjAL$u`#{plKM8?`{&o6gN-!N$`D=a`7Eb`F|A(wG3Mxzf<%e3c6b5X}G$ zgrpvNasP6(MVN-|hjZE%&rw4VwGdD*w5t2=%R*r~!5k2zm|;v@8!VDUIxl)JA4(Ri zSPc=yn!~y`Z3x}f^?YAnDvO_mlp3Ov?K6Y@c0fn5ZdFi1qX;OO{RJ4S*N4dg2B#t& z$7kTvg7#d?1*3|_A?2BK%AOtzoR9Wx00&=!Qp8UTA!YRGnghbpfbW4L0^ze4G7O-T zr}|WaMLqaBHq3!bZSle8w|}Y5vXj-ymZ-O7oF}T5DZ;6YmkA zAmc>Nkixd^^8n+8Kp%t_kgzTDlFJe={YNB_xfi7lT7HFsY3PsdCJ(>!`1bM>;_jK7 zlMEIAu{Qp)BD5WG5Te&&Rs>QSk)wZ-{3m>Mopk@;K#ql-()V%r8*8c?^2eb^rLDQu z%1QZOe}+3kVH%l;_&xkSAcc}IHV6_UOvW7WcD8R5m&E>s2f8n!P?)tWN+J?}X2(DN z5K9Y7S;3j>2iNuOfx*cx1VTQ=W2N`DALyYDX)DR2F6To98jFW zG^64|SLJ{D_5U|7?wJ2vT`HT2IK`ezOO86f;0^8Eko zvVV5jKfCOoU52DU{|^TF0*wu1Q%_D<{q>A<_I@f;I6D07OQf z!ZSbCGyi=i0kptFCc2{9PftSDmLh)pl?LZO4Gs>FLFv^0OuY%#_5K5tq5;=;cN69t z?Kp#zt2wp`mM9{z&_Ex5k~pfP5NCf zej^obO!YbO@DG)^zmQ)(HNZi(hiy22_ieefXUSguH(e4hx1}~xRulpB;9W*>@8Zzxy^rEuc|tS>68UlKy#0|Krw@ zV_vO-y5|qO@jWhE>KFOV8F99Fh!grpx~5k zfFEWgr&Q~c=Uw~Zm+Q)XQts^iw@CLXaC+3mnU#C>&u+iF#8Z*W68Z6MLyIlbFHMgC z)*+<0uiksbd_X|bJ8yXV!8pt$m0brxkf>Sv(NHF|T-n&yFyEo&B=+2cZAY@3|rCUQ|@{ zG@yj6V(z-upf)GpDG~8MU(Js{#2UIsD`>qv^zT^ahf66c5ztr6w{fU5SieV$nRu>D z?YGhDbtoC=8x|9O7wr9ch46#B!G*JAQC{n&Kh{zHeON5Zp&8DO@UFREt43T%zQ>Cx z$z|d1m1g-G=aJTrmC}FTmbC(0m(p{U#$TUqLgzqZ-=1v5!abViO&RG49ho+VKwXv3 z4cWFdzg!gi+(ixy^OMHxUf$lZ9%dm&*ND1Ai@0nGPjSm-FkZ~n@O`S;cR^`XZeaUYK+3cph3eB04RPy>4(W@8sO!Yqlf|l!$3x z)3mF)I{Ag|a6;9VTPbB9shLZ#bkRz$^{!hD`pimxz?K{D{mu4Sp6F!9N4U1Q*rDc4 z$HITPRd3vJZ=~^);V)S(#pA{_&06?mJt@I*#UaY>yt` z|MaN!JENGyka8BIu1(U?=0tKoNhMyc%O;zy^UE{XJ7qi>yAhZ%Yl52R9eyxmA}9kWiW;aOVL3)5$Of3RzQ{&u*o#qzGL7jF-5<_b=C zU-2l)H<*9pWpa303vbwA?(N=~_LoTChVb3e**7g)sYB&OD`R4q(Yvx-D}(IKbCN4k ziHx6ETownPksWI&9Z;VnS6egF=C%zSLqJCV4kiI=}u%uTp zl5N(0#&@#7w@<8`b3HP7y#0aK@$r_;qjWiKo5zUBe`z0LeX&Y5s=`jNnq^Fp&#djO zpJyU=O6yS6#sR8L#f4{7B)M@vCUbx8#b8Bk zvB2P6wV39r_My_m-AiTb&Vog|!$qtWelE=)Sy&l{r`fgJS~9k{Co4{fwD;d$ZLteg zX%^WLMU(DsnW|2-1OktFStgS4lBDXZ{`M7Xi~30Z?3TUQL^ZM=tKs3OMYcih zjj_5%zqVdzf)3+^xyg~tQ_WOnZckj5tNL7UMuew3vmfAAn)WuaJ6cQ1$gK0U>OV?0 z%b%Nk$2%@b({uUq^R4%ylS$<+Q2}MiYN~gh?4Jx~7{4xA-@$<29#zOER$}u|CDJB< z$Z}U@`cwn%l|gMRn)=7Tz79Qt4#$nY$&qe8Njr@#R|%&R5mTa*3knz3Hf|8a!<^%^e6O#1IK@DY6N1fFs7zF@>VxD+tv;zzFooUnYcNR zHkseD&T4mAd5(oY@3!%(ilb<4BK%5JvKom}Ip)9@85+f?wNd4o0OIG>*RLCd?mrk& zqEvqImg=o1u9JSJy%HEUZDn5cyYNdrQx03B?XeA=bI^KQ%eNgbUOv<}yOC{m=Syud z3X@x|yY%O#`>TJI&485`d1W?+D!p_tB&SvCMY9!od!jwQ$;`9Hrq4=c5d_>D53D~) zu0)>7`-H8gpMY1qH|t!FIl1IxvTvGN`g)D#W!kka>*oDhtLY~==3VsEgXmmtkRMr{ zW6_=3P_P-~Bdv>S?A*Km#GvJ6g+xZ_C!PE7Ob-E|a;zNGH4 z^|Ys{K`JS~7<=!QbW!21QFNzM;#C%F8FE*ibG+P}zS}uR8F-jyub9<7X``rZeD1o` zB01@~R}w_PwNsHZdY>gBe5y>WBIZn_S2_D7hO(9c>#hS@t8UYy`OQV+0pdrG&xYk` zIVZ5js%eny#;i4)#I&L7*@=5%xvjkmo8ki9La|*8tyPUX5)D!}tuR~7jMnSi_@&#+ zc^Fq>UTAgMRfWsOWW1~N3ZSz8oOK)Pu-T*EIEztyWrGKAC&SHFWc2-sf=nG&gO+D7 zPc>D{qgi9k8gr)dHxuf^qScO;099Tv*pT)9Dagr3y+s{qfhUe4n~ z(V(`(3M{(jiL>s|V04iIS~^c#uP`x@T5&*68#S?{p7a( zyyI9S)bb2T;NZpI>}D?6*!1*tN~Za)=jTDQC@8kq>*qf9>p9-!5Ww|M6PvsJ@+JlR zk6Od9jA~Kkxj~zR4D;7LG59Zj;KKfSOV$MfzzJ)DJcDbSuX*_RJ2q$T)K07am<2$; z85-$)Tbb)EekpUKxB|QV%j~NJ%m4U6(93*@b&C2W2pEJeV;Nd?3=*dgcB@Enbf`4V z{h+?{=PS67`38m_MZ&tdVfP=q(Qxi%jIjb$y92XU}%xe7^t?YlqHopf)@LFIm=Q&gkO ze|6WS{^938AL&nim|%wN;Nj;Y=3i}1SVrz$Kw@fZb0#|eyMwSHu(c&hJNmmEDTx8T z?f=_L!kK7GQ^Un>Yj7sQ`t6f~HVRwNf&T52It@>1w(h}`pS-g_m)^t;PGD5qq`~**pX9%v-058S*?(tEFpfC2#pLT}O`5PBydA}U>^cMu4W5F))M0Ths4 zLg-EDgx)(h?sCpP=h+|Mz0Y%h?&L|{c_%Y#W>(f(v)a6&FV&SP$r;HnUAjd1;`uYp zOP5GVFI^&8A-hVbvC4}iCR~WzG?kxTD(=3wM7ViprT4-b0Jy|SD3e{fLUi-e<=;&R z?@L6Cm#+M+eCd)3(cS+lYZ5*FM;ijL4|bPG{?W#OaQ*!gU7Q?1_372cm&-L9dU84H_`$H7ZMRk_|P2Wyi&s`6oCTZd1$otyT z$=r(9+tK-VuS?S2l7yn8mHTT}Z$}5Po20kQgTJ+qB$R(w^F3hwTN8JX%mY2ZOI8IZ zS1VRgUVdKw2eRa>tgO%gc+`ONiIW)rL<%LPCO% zUyx5wkcZHM$IS=q{@R-d?8f$YApeB(%*xHe)y~=7&I!!=8}4g!Cl7a-2M>M^^k1*P z&(qz``oBj4yZvKXgaz{b{)JC~m!I#yU=zAZ|E`tPaJ91{jQktEtbp|2TK{f5W3V;JJpx-*6q5viK;*ZiZOr0vPghUF7#H>fO zvMXlFD=-t&5pq0xd@8ZKgk{%!75(EmK6}l}0qNk**h9wp<`VG*UmM;eX=!P{gzrhM zVxjY`cUJ3%yka#3>h@?mxxGi{Q1{(-?e9?r{=B8YXG72)GdpA zWtLXvP%Ij9Y@TqvrTgcd3wsk_XD|fWVWDjzfoCT@o$r#!E}HT0^?auj_dodRW0mbT z&aHXD#QrwzX?1-MJ}WldBIz(;z<;Il3Gd^{%y}Q2m&E?!NX?o0wGG6 zc$*rlpr9t9>4>6D?O!z2Wo>&KJf|A3-S#;FY07u?q3I^O_dIE!caLwRBvNLdBwF}P z;ktNvV6lhE_iFw)sTgd0er6K|VR2FTl$UPMAcHiiwmBN@zPewtT~s2C92 zUf+QGt4f^dEi)yQ+x_YMsg*q;qZwnCu5T|An$k0b|JlEVZzEP5^>vzdzQIg0q6?{U z*{4Q4xvm{pj4(L#eyCWr6LcYvnBPDi@O6~Q6x3B!{xL!VY4;fToJZ*~Um5Od{UXuw zw4dfe-26d)nPDIMcC9ovrxrc) zOGrlU(T59XT1c$X+1@AufG^F=h{f?b3Grm~zX+qiwKG_Vfch9uAzsW15G_kbws(E{y^@=a^nT&k7?9LF6G`of?m@9za0;iWdug@)7a!jY}6`vYURIT+?4;uuvf2?sg;~Bm8)K^s8qS zV6=;kYxhMa(WnRSk4G{qdmc=3)wmN8n|AGrZg?6lXxtMFGzEr*J`l@SWpP4Bc&iqf=Rf+`bC0)XTx$#Y@0KFcV!zBH$;{LWR|) z1LE{JLPjKdeLYDz$Z~Rv>35k5|5U7uY8G5i(pFx$9V0&n%PI3*5r2; zssJaogN$Td#g3!`Y~cZ>r7!L)HMn&hoZG3DC@y~@V@d6HRDU2`Z!88f>AUd*QruI4yK1`*Et0OJIHH_ z%yFP0-IDw3OIV5X<#sg7?&egC>*fzwkQRHPnkXNr#%o!uuiA50cqxm9m7*>$JBJ!{ zq>MD&29SoNXlu)<~4 zhxfK%ZNd_E1CDCe$4W+fpwfre;R78RFsvI?LPmL&MR-+VOyJpj(gLRsjq?pz;bU$` z1A(7mD9bv^Wv(kzFA=^X1Mt^|j&;mMnSQ&vGkJ3DScx^27QM?~CF=eB>Le+QUjyK0 zKkw`!41f57B@52f*+j;K^?Bs(!C6z|Lqwa)cecTU^2V#tE%+HP(+ZAH>+wUt5*=f} z+Jv@+m`U&2i*xMg`wnecgcTPqLcc7zBQv7nO8$^r50~HGfat28M%p;8NQq`O)60PF zZsliFZ2OjHq{x0PC2j-p3O42jt7#t(zz)0y(}Q+D$dHNemsu+tFGPe$*|ku26>;6q z)737YP4z`ON;!`C8ldO6-Ta1S3!^XG#ngiqjagW1SgwKVW*5#xgBlmFwtJk6yV{ON zZ|FHEZ5=~wXzvJHNlN%FqmYcsx_u!Y+lbaa(j`;7;=>MlyWxDq49Qi1m9)^UzWjKe zMrN%yedpz?37^@a4$)v0<651s%&oE;95`e2WJ1==Va0WGo8;)8;-jaAPVbVU!*`GF ztDEuHzD?CN**&ccI~=&Rc=r%#)okp37AUiR{Q4tU8DZ9`S?rY7VCH^GuOc!uZSPrW z7RhII&rH9^2!;l1Fc4~+wk6+r!@U@ta8>#CIS0>o(Gu!h8*^kPMo zZGQLIovcDlBp9>1s4Gnt4ewt24)7FQg0oDBm0)5FVx00V&&CxS2-9wtS$U{ zFmIbWbGnx70uP`#kezY5M^|;C>9Zt9Gd?ud9l(V3T-<$`YCp+$Xa9#(z_&C{R(|ci zC-SLJTiUYaJH(B(>Mc{P#><@No8?tgN@k0WN!Q2b<)&8#O*c&??zpZZbdyDO4y=d>qo9^*9uCj>R=#xL!{DW+OtdC$@ah<&qgIA-d!!(-3 zJZS^=Yxf+-ie*TtmcAF3)p{SM5EBRAx_OJ1B0QqpSSVrpR4lh5VO1sYz$YK-$-|($ zeq; zRAQL^1}!Vf`N7%D?gsi?C+`}Q@&+z;wAL}7is?+5y(a@3530K5&i;&uzF04{c0p4g zOY1g057e{p9emlbe!K0KxeUrN2F;Hi*R+Xo8gYefd3pf7XC5}ADb3A~vZ*f8k3VS> zYZyCkylNb;`Dz+_!ftm~%2S)%fU{;WS)rl}{&9ye)xyGG;63_C>&2fvft z8xQ@cA0y_r>x**E1g2iI6`WM;Sv4tk!KmTd5z3uUYQ1&+Nv>=U9%`4lVY2&Z18}g_ z^Q2>H6vPBi-y8oJ-b+SjYvffgry{(?Jj|n!A{wT85fKxSFr(hYYHeMo zx@u|)PsltkYS?&QN5Bthbw)zAA0oqnT4)2CovdRUd+a#dsVN*Q)2^#VxM(y0O)Av~=5pugWi6W~T-emP8l+ z+UpmFt^gGkZl#hvg&Y^KL5TYp#`pV-a_v3Gb{C&KJ&kC{T8b%ou0Y8$tY4$q>LF;- z`eN&Oj06%UCJ3o`)q5CxWVf-9QgN7e%SRUzAgYd_4@moCCX4nWpAM@4ad&rj8=tth z!!HfO=6$VbzSn8>>eZQGi85WT)6(6~rMh^esT}fVCa0*?WJj!$DRaHO`rWF%G^N2G zuVc?2t4sIm@bhj&&m;I1z{OY|i^5c|2Tq^%&2x-2`Pfw>wpY{tC6)!{HVDR2l zs)I~4Q}^gT;O_3B=ev1cJy-=O(yz~P*z9by(hV7vE{=G^e|#TBf!xtfr{}h~MmY?x zoKRk@FX<{kwI&;@4j}r*d|RC&4rRUe+Q<120j*C5i{djOa4pZHj}+7cMNb@s12BZy zRy-}bJao%PS-S$bH-kj5gU1}X z7n?Y{Fy=LhIbOw3&yG(YFI1#Bh}GL%4Ex5rxKuj=MNNadPV4Lp4wO0f4Vd#>ul0@O zkd|9c@}<=66$sLE!lz~Mt0r7t$Op^%4-?U*0Y))Dt13Jjg=adzuOw=G3(aac?XiWi zVWUOb?m9z#rgmPZ)E-S_!^V>$T9NjSK-_5juJ7cE$`W%S$VS6{?ERbp<~*XtCBMwA zeAz%1*mmRm_|yu1lE)cQoF|gF{&=> zm<>{-S9e~=i!eHn>=6uL+h|*gw{mQ3OLoZQVa~`|0T<2j!_R#vfXxu9c zE2H-mc68qOgtrPa#Wy1;uJ>jD-Efc@DhS3bEX=RY&~LkQ8h#CX6~CQfYMVndOHL{N znq;{JlwI+x^9jsBaRlMb#tcv;6s%C&d`rabrcQv22t6aFFE zAVA+y~>xZ zqxEBaofx_=a?S>^E3%GUAq8xB9BagDWQV4po%7C)_9NEbNpV5ui+n4dbKva9)$+D- zMNBgXoh)%)sT!>{I&kIPUUsdjA2^|W*%Ozn<=Z_paJAf~wX67+x$8#@)1F<7V(NyG z(>i)TI8OP0euVCNKh)9Zup;<24?VIyPb4$~i^p<}Nu!sRariK2jl7*DA&x1$;+$b= zJq)e?j5&0iWKakq5Sb*S6%JL$mICj3?2Id3c`wQ3Hkih#xy&O1p48)mdgu-_vCAw- zDA2Du$S}&-Vj&b#6iK-$emZuIr6QxXZWvyp8mJUau}Ug0%C&wcC5)c0kW*wbE;|1- zF)=ng@kk>zEA5+--N<{HT4y1>Laa?6$SH2H4v+$m`z_!HfQKf`Q~cK>UH4WpKJN zIQ~b4ZM3hrhK66F7_y40QoDO#aORlhyMssy`g`!@(0!-idl&8V1a+O+X{F7o;hCqAt{Fy#>*8A2?FpJNupfu7t#>rGJWJO`Ea=5Q zUp;eIPkD8rnM5W{OFZtzPm?Gx+d@RScv_gSj@ikqn5cJ!&9$1s=L~($%DAsw=`l7L*`>viIiC#yY?YrhgbbMM* zL_pdvuZnp(0Z4>^7lUUmA%shw1xqe9-voA=hJxRQ{T1%AFR6}xzL8pdG29!@xtAKB zC@*8hF3^5{>k}^skyQR`B}?QN+0uj%qcXv9@183QxftQBpWgkB*ZgOC|BH|QgS~%8 z*8ics{}H?Y2hIHd=iF+O8rSBS)4!AjWPilG0VQzje=gvvy}&v1cS)g4_Kfe2rQs{( zMJ)SY$QY^{tm2E8+-slxxx?o-%mx~Q>|n}P&-{0^@-KDb@^7ZIF840o{40?~Mi5!= zBq0~Zo5)zFFA?$wsO0li{}<2x@7sI#<(+$JmUlugGBjA@3!^-P~N{`x&LO{d%QPjzL+|4iyUCng$dolw@>a5+q{W3?HI7_GEgnpun5qmiHHpd045_{=+xDD-U>l&xfN z$P`ksu;%TX%I9t4P<#}5ZhT3eb#rQ=?4n(R!-d=BGriZYyszT`WejOon7CEIfNCx_tPkD0OQfhMrE}E* zlJ-M2tQE{P&zby%TD#}}EJe_p^Ge2~MsubL_-f=O;=L;m2G&3H`4-2oTU@8gFz(Z3 zLK{Emi9o_k%0}DMx()fftA|;-wLaD27fkHM>?6~RG~r*7$bN~5zL?WG5ztEFk=yBg zo`XZSJm;uuH%!K)6e!22agqESPBEICM@HmKQ&swICz!s{IYVKeQ8C{}p?Tf668t*( z>7K^dbw<;Wu$9y+9@{6F(F!oy(@75|`YkXqGu=$TVQF`H^2lOUV7YmLCSbq*y{980 zS&H}6W|JvaHg4(%&ee5Sr%%u-zD-20PRwy|_$+m2q0%Jf3}}&h>GjhE2cb7VUPjtZ z;m9bi7QDpwkz93j7XSB~U{Jn3>wN5VzR&FlCPMC{eNb;huu?DQ(;k@?eQqZ3NTplD zP6=mX_qM>^&Os^_x>7q`2^nKkdy`S<)DM-=Cz$!Mmy5B#KE|3U4I!&Kg^k9QrIK2Z zH+ZaW1%s8m3p#!<95sl+tv#gHzRJkQ`3?WUGV`t-4sf^o zDraD5gk=40SjD*?H8?XVPhH8ZccLy!3BXd=q~wg!5S{S$bpbyr*{Y+`5V~q~}on z8HM#vcv9gaCmSF_Z?M|twGV3Orxrqn?#741rpdXZEd@CsT>A+cou`d@!WC)g&Z;hf zl|kIrxRYz`0f%XaifI?=38W%_p@ELe_w>b7Q74mH&0BeMhPCy}Rf|P00#`~nzFi~M z`25B+M00+q93@b}X{y;g`Phn26^gUQzTX9=!{{P2vjt%j0~)cqOcfk{J~s4jW9yMp z4zXa#ny)pn66>cgl#6@_%)$PEdLX*qv$-384$d%ts zybSgN6&R$4&esM;gRD<${P$yx=gYfR;mKH~yJJ$5$HTq99NjX`L*zk&?Ln*BP&F$` zQ?JIfy=Y8c*F&g$LJ81vCG)iGKGZpO^J6`{0u!nEVIN=cl)*Hf`xwf2himlFS&2f+ z*sHV;OQ)8*J1jVKn-r(%sIFDJuJ*P%q}=(KA+>Z95?ESzD>}9a=eOK(c6oOb)Us9Y z#|$<}z`do(PLR*!@XI)#n%870hn!~gE7cD?%&Q&fc%AzJG|*o*@6T@IMR~NxMR^a$ zrS7Bklvks}v&id#g?l|j^Rd>NAftdym^~(?o4>*km$H~48#|6gWfjYH_qFa`m-*`d zZ1Ewbls}+2qXvgC8<+5d!n3F&ju}(lc4Cat7He$TZc)s7whcrcE5DFr7WjURfHM;b zbH@rsvM+&_O{6jwSz%0d!#m|lQ)Gi#=KEcb#~%0N3$?Xg51r%s z<*IDG*P*qN{@K29Dkn;rF+YhId*RtsYvh`R?M^UD16?K~%rlU6^uW*XNdw`c;1l25RhlbuoF3hIGKf;EP1-EF3Mp2%jN`WP>;FW=2 z3Qw0?D84_It2Kn2)*rsDH+h_EzsuFuA@SUAkWcHJYB$cl*#H$ksCCUJFw9OmKzYe@ z8@M~Pl8CAtDkaC}Z>c5_w|FlYqb&6DffYM@Ray{q3)g3waha;cTy43;SE8tP9hf!d zGFyY>lx>gu6h_5PrpQV#aWU6Ns3`y3XL`+8J9eS#sK*sb>{ZOG{juZ^eh=u8Yh4c~ zx<60Qu4!BzafpAQ)U#E@@8-G&XQ@$>ie!aoGcz|KSGmPZ2RN)6vVZ$6jJ9F7v zV!E?;i8Zq2htt2gBIGo~C&RCKS0RN=a3=x%PMJGeLn0QI`fLf+ZA@~R8nm||Rue~p zUqGM=xX~C{F6F@F8w1Y8IcS)O{qk0~)%>(sN@6=qho_^*{FiSWdTGieM>kC;vRJVT zQ0;3iq{D5E-3l^I4GxZvJQJ+d4=nZgwa-ilVQL(Lk03ve2dA|xtGXEnPmBSE!tzrC z+;EL>E5Rx+*8mMSGk&*ga$QV)1{vM2`e4N}6@jfTC~HEpP4od;F8R9L7pIulRU($X zCT^@>_m6!#5$~^LzLfXQm995Mt?wnR6`G2)cWeCsV#E5#=Y98&J?DG)+CIaw`b!{v9I!cdk`M zU@bNqN7apAo#q{tUeHdphX(j?aHNB5)?TNcj!2}R@fB0k;?&m(bsB`iYcQ8`PLrr3 z)Tc1y@TC8J$KVbmI6z=(2sUQ3-a>LU$F;+&$fih;9GAOGkC>B?|1G~XR^db?#KF)S zOU}VTe~p?tqOpoa`wayEa$1)~pP&i6Pn!^ITaWB)dG*f6YDhsOAhTVctGrjtbRSsQ zNsV4GcHfQ3Q5#E?#KX@b5rj=YgW%mCr95mfTIoS9q-Fx9PLx-LSpv@-x04#OIGWpl zNYv&RiJl!E^t#3%c?nhVT6!)LebhdWucNtZ9{)A4+EyOqSWWY#o#iz5snRrV=OYEi zD!|hfU=dKc-zCAx_h1EzasV0hhKOw8t28qhRPAP!1&FLbL9OmLZrhGLz==d!sqfXg zM7Li@(WMkfeE5(Cj25Wt0@Oj(3vYTz*-vLV?Y>%=Z)b2Z!9*VEb)ik{k)Zy6XYCQ{ zg7Q@wvbjiCU(_f<8t^fVo>m!U;U%2kz26yKuh8v!#1o!sg}{2Si6^z_y;@9Y+6g)( zHy-ma=437d{F)d`pgzRX39d!c?dn-Mys+`zDb#+%`EX5ZIyC7xwYlrzm7sj(hBh+W z5x=;u8ANhoaCu*~#*`ETH`mXVcvZEO{OCN?-M;-}RW-Kg0`-H5>joAi*l|=?p|dtW zk0;hdHZs25s`@Q&QYFU0Vw`OgmcZ}`Y@#@eUuCYdt&d(O?76xE(>qtYGBK@>I=EDI zcGq0b_wzg~Bn!{q1_FnNm3C7l6M(_cs|5QXbu83hewt76@#2c>`KpjY@w#R{G;mZ$YcZr z>UPTHP#CaxFDzXahH+r**X?>v&<4HPZ|!aT%jIaJLnE#K%q>$#yvKIgGh8+~v`S;O zZ~b~AXlxB48L(AUJVB*xI}q0Rqu_qN@7iS`B%t&xZCtg?Rz4z7%rxp74;1hRr#O=U|!2 z13Uou@XgJBqjPf$@M}7$&MUyeA9Txot$fp{$vU8qy^2atN5+?aBLQv$CFwaF|4cg% z<)mD>$;EGLHzA@3-nBdY!Wb={>jUB|@I<90P@w-T4xo|Upv81={MUJ??@754hZ{Y% z4rpHh4j=z*9)|l>VvD%E%y~bQNW#`vFeObnZ991#UUHk<3j$kYt^WfM3Xmw6gWv4A71i zdqFG&Q89pnAApbi3*rTZ29q zguJWTAJ9>J1@3!P4WI1hDIp=vL?#QVpH6oe&J7iOkl+`$gkstcawD|nUD&;$NDi<3 z67pJc!`CsptCRaq+e#gKy>lj_I?3$T-LC=xn$xmeR$6zTC}U^Vc0aYs7?1v$1A-a; z=G(eN((p*~8pp8Jiff*4VPr!09XKx{brB)>aEFli8Yf_H*f;FRcTkG~TNmWWCGhqR zw8e_Jt=&Xqh&|a2PhNAmvt97A$@Q$PMDiUeF(ENfQmi9-JF+0YER@CX9W=ArkwkAC zC}$s%lv?#L>z1z&_h#3lQmCJ#>W1tQ^OsPE7O)7t7fZYtah8|UdT+*?YD1l?CMN)* zpD`*+*j}TlX0k^KdwVZ!8+aXS9BZgEQ15Av&Mc9U2e~|_+36DedS6`v5BEz^8laV< zT?4eGY`XAI`4!7;7t8NVkw>fVTvoU-%avS@*NujAD=BO7&U#do89xbf+3ph*KOkZ% z8FGaMw{ck)@Io~D)7`tmn@``U?e{vQjohqPTTBze%vpfluyT9rb>8l03~m8YzZe{j z=1Km<_3J%Kk}*1+we-yg`!t$DvEv8N;OD}xQs?%DY1FH1!tSdQArmzP5M{nLw)n&n z@`rj0e8xa$y`A}-1l2^0p^eWSPASs8zHY8Y(IKIOt$;`t31A}>a>a*rV@vIFK0^a1^Z@uQGvc4W-Wf1U-(uQITX-fY{fmUB_Yid9xfxKPpm;d z$Srz4uBiKw4E1G+HcBb;(b34mkklIRGzZ&bJKsB8drdsbTZInS^j4Ft#(L7Pj|u<$ zjwsL+&{!A(;A}D>If(s}la{!zGRythUt?}$_h8a2id4ee!YQcZ0@p+5->GEQgSr++ zkF2&gbu-nm6T@?ntYf7NLhfB;-H%pI+eY1qsUB3=J_kWWJrYfv271US2EEND=qH!* z>9wkt4^}c#Duo7FWbbr`W1Ns(Rcr0}+`NDIP%dqR9FE4X9>&x}*xk97UZ#;O+ip8<UuP+fA3G_NP2@-9l|zD4G`DnSgd{~`*J&Mzqf-y z#(jDE_NgHFy(UzIm{Q4^ZT@EwGWBRV$8-ok(~Yc+0n9Me67mey!b(AH)b(;1CdEBn2)SP0u#;DZM-Qt9ZUtC#v-ctjJ>y z<{^1(;{;jO*RP^R^dnrq3Ae3_9LAk$^X0?f3PMtNx9C0281`UZmWe!lp+v4BRV8`% zbB|PJ*(E8J3S`XdM00V`+gfR2QUE)M4sU$4fCrYrZG0p-t658>Xoq} zj;|V3J}RoVl6s|eIu3XbpWGTvDYMIkiHtx~tgdq^&N{B@)%U2f!CDf0i*4q;Mkwpsrx|Ky_ zVBMI9=ao92_1-`mB(;3uJEe~mJS*n1IoS1%KO~ms&I%$&>E%fNOJBfIHL7Jil4{7H zWqx+HsA&~F^ns3>YfY_?%UT_KSm4^4L+s$U(A^tXkY&+!6%Z%JIqkq1xYi?K;L~_B z4eil+v%J32F9up|DQv~%R_L|k$=uw7Q5PVtRYJ~15S%b#=Y0dAwIc%pk}UuiH{?`oBdue9HeHqcD$zg z2?imPB@HxyD$UG_jAi>IX~T9ZD*V(mIvHxJOeIL{pR8T21_Y!{ z=?oo<4Rjayl{PcGydN^K*Q~pH@t?ny*wzvrMjjIESqr_;iE6E;`IDD;qW$Era!K)dNOh+Aak;af zkC*nZB=04pCdR z*EdKnc`nqI8KaxiqTW}_G`6!J^)hd}EziraJkj*{>^ME-pU(oQ6&(}EJaCMY;J3Bk zZpv^Bs~GHsrf#I`=IS*zj#wz!f9PVdexAx6)i+;YPzc9WU8BlKTSc;XjYggSYBAlN zQBn891M;7<@nxS37vejG<0RO!Y7aT+eDm*7fnUsF?tk@2N{dp!KL36w9!gm zaoQiOUoaV3d{I{6F~;a9^tQ85$P#C`Uir!mbK6(MK6PSo&*#t1#%72Hfrg6PIQqS% z9WQGvdglul6bR^U*-gOu!j96$N8c?47}BXE#A?m&8I*mE6iL7QC%%AxhDI{zf=-Y3 zK^xPJF1HP&xwgxaTY(n4%Fh->jHxOnZue*}js{Id;Mil@_dM-VCI9j)bI~>Fim|Xq zvrmQBwxg_f(u%LHS8A^^&c%(f2R~4_?7oFeH~4Cq(|@}F@iXA?X8#{nf2NlIW8&V+ zB%hlrzd+%xulF?%HB$3ekIx31?-IFsYFLfKIWg@RV-3VzT}^VE4oFQ#E!U4Xe*y4- zI%v^RF}At=NoQdg7 za11_ayjXnuFV2Nm{!Zjs&9nJ+@p9V$gp4rPx?i32f1;B8J;i}_gpfa^R+*R)`ez&d z--r1R^8O7P|DTaJWy!-&2sY4h>8SZ#ej1yn;F=kzX}W_y-{HqhGC~4bO^nwUfn!Di z(@SHUoErB@Zanu5dL#6$Q!Zbm&H-@L&0-P#`pJi`ZBE_O56||uibnrnd>7WH#roj; zNtyN$Vy$QP#7~#gB4cXx>yK7Jxk+W_>s*olnrHEbiAYz)d#?@r76|g_CZDtaw|kMPmGWcM%veO7 zCe*f*fyj?^1;j~y3KyjuDn>$8oMY5Equ=CrA#q1vM3~|4YH2HMksQ5EFMUNNcwQL zs$K!2o`6Jv?wb>3 zz(6~|&;88clQh<{ze7iuR;-YH3P!q6HDJyjE)$%rgZWZc!$93$Fh@Mb5GXKuRq%H*n1pEnlw-6 z3cvzVF;*C^j78TiQTJrj&zFQ1t`-^s5mA$5y2+aX$%X7c<0zjOF$<>t2Co zXFnT+Kp^qmOHolPQwV(v%s?id+ODyOrTK6Ja+oY%<86t99}10jwziEJ&*4#KvDR+p z{(7QcAi8Y)ce0)$l;vE48VPae@3odgp&V-1uHSm{T{<_nn7+HlyVr ztM?#>W&)jysuQ)V-t;p+m6NmeuNuZEtl1kyzh|ua86n+2uidr@!L>HN)_ zK?&l6HKl*gqv4p|A@Fn!oiFmIjU??oXwl*ILWk_~T9>t?N<bPMD2U> zN`x3;qv*ng3x@0+ckUutMsHQt>_|O=JjTSp=Vq4?U#!|W|7J0a7L}ZeE%i8}giqlu zqH;o_@iUN{#m(Q&^LyBxgom8Ny=0bNp-gCd=OE!GdSV0j?$kR4kyv-0l*e4UlKKF4!@IA zr1U2Q9tFKGlFsQ2;am##+U9~lbpdVEyJTpzqN8jY^ceG&cGCY~Vw-WaqQZKuI&Qi> zdaEL?Hxq(2>*0}g^7qnde2W~3m}qNzF#-XNs(>J!K${1UwL&##Sh>Rlzxu7>($!= zZ{#$n2wI-&dXTAGs&9Qac_T1!`~!zcTl5)$Cj!@_hTd@ekH_^;(K>rO_l`6hPC@pK z@4eah1UC@0dWSx=iwRiilfQ3qy8s|CcIj!F${&QxIR%opNFHE*A80nY_+5+Ixe3y0 zM>zUhxv$mpZKV_s=gK2)h=!a_511*_E~IHRwXxl3UJGzXXFP>DGZ>LGYB&1xZo6J} zMa$8{BC!8xV1Z!E2l;PfUf5S`&a-1}rU-H??}GWyesfxZJEEjlA?@YZxciQA-MG?- z`R-<>qbw7f)r@{E)l?)9=bkV$9y;Zhd^xyBcLipO@i8sTkp+q&1e0;=GL$CLYNlXV zK|r2=XL+d4D%JLJI~j!v4{6uS{4fFd*C^g|ok+RloKQ#ra62SDb6C|2+;w9&8KTXH zF_ix>e;U8&qNFtbYMqzOT}m)s_MVhNWSG8M9vR}GB;-gHaSbOwAxSeq9#Q(*mj!wm zgG*GB$J6G1CFp-^Jsk67#ILkxuxM9wnV^Qf-;^|U_V<<)qPl__bw?ux_yW*_{V@Tn zJHYf&1OD!V8oPR>keqqQ@pov;>YT&FE&nl(e`qvy1U;uG`A-MYYs@BfUj|u6^Msn^L%g6dS03 zlrg^)4A3XCVNbanY`29*%0WFUOcV;sbSR3PPSVshF{_lj9-Ez;pp6X8g~Uw$e2RN` zq%QLfJpnpFR02jHqO)eADB?9aaek7Vm#I<2-G@zByg%BRf*l5{DC?H^sQ;ZyJ~BU_ z&U-Q6FzxmbJ*Z)-8>ucT$G$W5P&A&_ckAOh6FS5u3)4BXF(IaLvgxUUCu9BeIEZbA{qca_?U#oHv!@}e@cut?W!zFp z10`&+o*TOl=Ost*-$^JO$;TIF+rfbz>E%-g&WM5l#y-(LF3vUVi2}P56V3!1*3a-*R++cw6(WiX^wG%Ur<-8|k=rF$1-78)GjO)+~ zx|yZ$WV43Pp*mnusMR~OE7xfZ<&fT5n77c`+I4pfeJ)-D?ehb;GL($n07&?B7zB(g zoV94gXnQTPg3Nm3mQuE^>@siHs0Auk?$tFa{Sb4B-uQ%F9{Pfo;7`I>d!6oC%y^6K zJT^scuI{8$#hy|hv>dV3d@0dGeh6(Wg|n=UCu!b^I9B3vRaiWPQma{H1A+ zZSKr&b(9~auS*GdMXP+@cEl~)$Q?4X+EG*)U8Pq;aH@XJHT1|-&AozQ+Y-ur5@@+{ z76sL!c_2^n@e&Oy@v}E%H;4!~XO~INW-@}OBHO$@a#T`ml%(Puix; zS_;BejXH8 zW=uUF8NPe@=#LZH@9Py>Gjr1W75fJ-CVyCKO?8cwkkjqXMXP?vFw|P?p*eMyfQcup zOkGX=<@>oP&G9z)-YD@pAIJ=Yc`V6^EM>3KB$BY|&u0im~t zD}8N)up4=h0CJY~39{+{78=u=S*G>e4)?B_cOPUNnsh!2xneP+V`@}$N@Dt1a9C2B zu5Y|pswEO1tSP9~T*$f4xyWC?H(SK>sNWoKh<8w158OsuYzz|mA!eMWR2@Qb`oE5 zzC%|ZuKp(I(CI5)h`93C32l#uvzu~y=T-sKY*jxv?5h9ih+WO@JAr6`sMrG-=cgfS ztzkwxy9dbtH&U{zuP7+HX`7Q z%{WsB{ooVDF(sdH!C>Hv%I<C z*IvC|dt~i7s|Dgd>S%G%$Xulka;)8Eh@P=y_xDKm_{LYFGMGL5x%`ozayR&$q!CEA;E=A?P{cW2NYT7hZiP;R*o@97lExya74|d^M7=Viaw09**XH1=8nD2#{_c%UJ8S!I@PFe3Pw(Eudc%eP^lrsw&eYS5cl% zqQJk-{7H=_dce7j7$)h}P|crQlD`YsH+N({@5{5+r~IZg)A z1?`WN2V=DVM}z%fiXg)(QCw?|UWdB_>W@%j==!>=V-$G2@TlW<4c66WIWJQJqB2u3 z#-}XVt+Ge4+`hbfG(t&)rDf6_94#$+YkImdHAi@9cfJLN(g*rt`qxpbcYllQ7&q*x zujFW*+s%9QH6qd5pJm`x`7;{HjWKafg3t9SGd3%hZYHQCn6i9@$KWPekmgUFZ(=>F zw%7hSi}Ga%o*&^mIJ!~7A}o45q@^TQMGSpdsuiWHDAt+_{W+_@XK+v?Zon?41x2j8 zj{E>r%4o?MJ%sfBiEwo%q-gpHv~4*$TI}?q<1cH9i!bCs;M7F>*^PvAKwkuL>o!Ue z{NrtxpPJy_8UPK{i3AvlYBV(jH>42j!8~sRCt3NQt;6~d_#BM9!+hFdd?eqas+L;K z7uJX~=#w{&L-)D6%&^Yd*?TP}nJk9|K%9_yTu`ibagOHeOK`hDXVkj~=te+VfL{dB zP-^r^0qQk_7FP|9>w2_A9-q-RS%MmEbc4^+tQ5xFTZd!GYSZ{Z7Kw{$tfkPiMF z-%;1%ENZ#hXYyZsL*McWTa=p`X>wvV`oFldLH?GB0w?99>x^~WhGChA>eF-Su6CB0 zSqFdaE9Z9cMlBfFzTU@e_i)8|=CTWD^nhe|TlpS` z1w=UNP#6=tvs8UFo|e!`QAsJjg#u&JJL{`Zs+ozSdH7uWa2mC~}wY~NlQbW?r zUTfx8@vUNYipKZmH<$BFg4_FJY-N-!Dm^TdTO$;z2lnv(%ee0O$t1n^Xb#)WDi8T09?O;8) zF{I(PN1BR2^7H{qIL#(TT|4~1ckSQ(b@LNDm5Z)m2#k`c9IRh zGuAyM6yex9>STct=ymi~I^q7v8Ig<6Z59~}0fT88f+meM|P_w6W) zJd=A|vVSQfs7}4YQ7Y0S@U-rUfZ+q|r!=X{tuSl2c}&!^Qy65jqk~ zl0yD5?-2AyeIGBLjodE1_i1EY3Rlhi*F?vuL2*jJZ>#-_{boI8*yaG&lfJlfqBhFY zBF2B}KmVf{eMf-}L*V&Y*onqv3)TSVYf`tQ#utpj?VjX|k?gv#*Wu;Uq|JnNzw`Tl z%*ihtGbX*7JlMH6fUU_xa*O4`$_kH`H7D1wl+Zuy0+)Sw4j8T(jpkgcsfig0bb3wQ zy53uB)E4+SJUpxZi<@`MT1>jr@~)-qRCb!=Yz{qx&39M5L}~)0r_&#*uPGdRx0IlaXw7yZr+= z?TL}AiPq?nql85}4{ZwTRMAPazu#_So7G1@&K6R3m|A4li)|e`-v!6oDYv~D53H_m zBsEr93E^CxjoR(tC%xS^f^2%|F7pmlEIeIJ+ufzxu(t-)#``D#1RGCcQ$}QHYe!b3 z)?<=*64EE^lGA1pM~XTnm(nGnpHkbJ&TD|duH_Hnnb((xmy8Z^QokNNv${POYLXmX zOic#E&D?4YcZa@v6b+_tx@a}w(fX!*^_r;dFT%dv;kmhWXPCb}+rbp9m<2Iz)q|O6 zuua6mR|$jOT26cdRP;2za!~!Sp6!cJVL&z27zE^y%l5{}S=;@htpu zH?MqIqFdIVk;<`o?3#?9FI&Ohk=;p;WfZIK75aVhLp6cX&m}}PY#KR#DA`$#qRC;y zc!werKO2khqYG|KNoYQvLzr=PnLtxNs91;S%*bm3Cmn@(31lcdvz?T&M@1GdE9}7U zE?qw75mb3CRnS;O^D;yO8}>&PmV6YnG9$xg$Oqi?b{f@Hc@&={FG&f`@a-7R_E~kn zR7C)G+Zhpl^InL{2L3T27_Z3H#j_*=YURADh>E4#*%{kLowWE<8l&IpoIH*=>r|Dx z<668CZaN5~^ttvzTUXYb8VmeClCuaM)cHG_Dpa_NvYzW~XJy*Y_0B*<_euwly42A0 zbA6N{8HB@0MAe5pfIkn099`@AnlP6+&n^2&qwS5puvv>PN}m8_2hEt3Kj{-Q600Hc_7B^dU)DcJ@ zkL{+(U+m@OP?Q-sz^1d>FO$fCsX)Rf1qPlY$n`s+!0#(7`R^oK^H%)+`n~CBE-e9% zG1JzLVlQ(^RN3(y&goRE_SwaE^$6%S1HCIIsE2)~8tC?Sz3k^Md>LSPA(pH1WI3j} zUE~DR8P$CM1LyMOL#Us`phHSLUxnd!mZq^18PoN6*AY`Dv-EntS17)P6dJf&8F>Fz z=l;5Cwm!Tf8~i-7%tZe(?m$m3x1446ycW+$_vURzpS9Q?6$$Rp9@Fyq06Tnv2_4AI z52%ZbTRZ9d7~!lg&nd0+Qqfw`>x~1*tQv8{YU$oooM80K;fSt3w_KYaNvY-nQNkdH~(_!=E!^JXa!r#?6dUaVAoaHyvBm2O`U6SNnzOWD#Eqd zVgx%z=a;h_MYEktf_(7EaOwh4DABc8a)%`fKaPB;Sv17;5t6$Cr)|^uO@M$VcS^t$ zQxX6Ud=pPU-gmh-Y(vQBj{V2$uDd_Vi={r+-o{>kt;~_ggi4@aYavv6P9G?bwOgbx z%Vp(%i5;Th;U!R}b})aGp0^X`gxhj}C~Jw*GdPVzDW~45+K@$~d~pVbXK2RsXKiHL zSgy}kkyXXcol}1})?+{Kskf|ti7(LdEHFse4k|AtT>OQz#)g(U(k=jsuQM$;GR}Vf zbYMokHQm4l^6QC_EAd95e?`t|DA_o)TC@I&&HjfoBjzBjAwV>ooEzJTSYJGH3734< ze^)#QC``<9kWxQ{A2ajN?}1Fr^JTK6)%5nUFOM#$ z;{*V)^N^3!Mi25Hb38b87GuAj!O9bGlw9(*OrR=W(I=?@4X@u9HuLPJjkJtE=$#np zA!J!8S}*UxKRlTt2^FStJYaNK?R%m+MbX;zd9)BGTB*C5vhQ)XQG73g_vVcLljf== z&pa7DVx0^#In5EdNpyjNI65yp8p2^vnijICaK1%pS?xqEG+$hLk6g*)IbgHt1?E&3 z{RJxWJrHsvoA78hs22TXNs}DFV@Kw4B*5$T6~dU6#bJn7;j%)G>s|<+|mAN%aQ6qdOqlXz<2Q+7jkyO6M&FIy=XYFSBH9> zBteiiNTV!*5__( z>`H$orh%gGsaNBt_ku~qywSzah({UMgq&Fdp@&u@z?qXbji&Gyr*$rr=zkfBKcPMN z$$fi%7d@_H{gOx86oU4T9Cw95W3)ifSkOp%ajE5uhY8F?&X``S6evwb0O(#N{mnAU zp>IEkHdOxXI4Eo)ETi9yJZl`BG%~VNX`A{>NTE}>uV=I-U(&?H$ng+g3;N)^6Q6+T zZeR#O+n;dT;3gyCVXR_TZ4FHlxg{s)robEK=3xI*(nKJtqY<%ubX{=XQd5lP^mM{u zuU;?fw!zq~`L7N!HEc|x_dr!@k4riqY~yu?XE4qd5pSMbQb;vPJEkP~y}Q4$lZO16 zoJxW630q{PE3Eb*J;rzPp}w6b z!U=!D=aoHL7{~2&ZYm65k(E&Gq~QwQf-`;CDMUT~&DNnQm}B?V{ut{`z?b=jf|bQ` zUeKAA+D>XaV)0B6j=B|jsBO^>jX2}WtYgBZ;lBHr&*x;Wln^rbk-utX^6QLRt;EZY zey+OA_P>Y-TR(W~t~R4?6T5<0c1M@pQ%PDD$z+ybIj_5^sEYetsujW%cXT1B{6?u; zr}zZ4@TG~!-{rb+e4O$>hMRMwg<>t@b#AUJh;aGOnPrb|1}k@ccCX@3cZ|_Gvbea@ z)QM=!9>%o=#l?9l!Kr~&k6VFi#J%h*S4yfxZ8u^?tr#rcF3gE<4$u`%xAA+l5%Ck6 z+icNMe@1|TN6b?*jDcz|T28Lk5v%^m>*H{5+Ef(T3Zy4j zzMEDEfA5?G)o@?3W8c-e88}q6#{CSdi>r1Ku>+oapdrK%ixtg4Ptnnp+t57G***Nh zHi`uj=4H#XctGZc1k?ceG9?C_mzKjf-A4<5sm%#$u6k^*&*}qe4&_@mEY1F?XE+P- z$UYp9UiD%KRv5k8`H^)RkK6)jC)V^gPqd`r;!q5zyS{ z3WChYspL=mCC@@P_6&xbw3igtyh2%dm{#i>AroEKJ|`)kS05T8zBOVCcGDLFYunpz zI|T)CMghKJfr@FHI+Bk*61fT)4hnb1=-(d$8iQApFy|{K8UWgzhUdWtdoFNAxe7HF zHD-OOx}p&QboX8DyN*KDn1Ti)X@Dj5qSMl7ZTvA%K23e8bw4nWwwah37v|5}dEZoU z=M;xkppT^523HD7l#vK>x5JIf7yjhHzR2K9%~jvQ2H^~^Z-f--F4Z)`qZ% z(rW9^J(v_-2o?A7Q~-R~`?zjIeG=82O5n+OBFF-ae?a&DgyUbVOMbibv*`jk`1)Y| zZIW8A?*lBbS|X!8aKPFV^NgaL1x!B4ac{X{>6Ha+Hh7|0vM7Y{L>A^r5Cdu;w8u4R z93jlcT3p_~LR7Bx|Cw401HJ{s*9Sxe=uCHy|6ws+VPwaxhSgI({d%Ob>==^Q3eDR* zx!^TyO35v%*T2NvS-yJpoi#*Q5N=tVuE)h)^+x|4ai~hHwI@KD5&jK(B+EDp5D4VH02<=R>(Z*$$gUA&ngR4kz>lYF+do z%`Gfk?wc0$wY8COx)ZXJVE)zffDE?vg^KE#Xsf+77G`%g2+jX01C!tySI>z zR)U(AyyyyQ;{0)~(1z2+I<6-j5RbCVVD-pXdek0IXvQrvzP1OmF>$4ri;R1SpPtB( zpIqfoG6hcm(N*(KBY?7l@zH&aM9x(fjBq8(F)@A16X+1wFwk2_R{3Pxr;1l_=wSG= zhR|5JiEXUg2%S&yw2~0=fe}eWvEzF1) z#X4|I+YlAvMf$x?HKW_Wb;OgHO1*VQj-1oaHF&D)J4 z#wk{%K@n;bG9ey?);m?0_*|zXTlVW!D<3}uMYi1nIvy9Y;b;_CwnmCsYEX#JpHbUZ zq)18?h`Y?B{_Q&hAT6pb>naXm|2BaQ(J_3XZy`IvjsAf#%U@F$MJ5Wf6wDW|0+3@` zPl?JH<9-O{Yof!4=~A_mFk+Tq+Fs~kh=y(+YKGO@ij&r7nOv0}FJkaP$eOd;F%O%= zz5nW|vWo4hKe7@{(sIY6OEf~Th3O>$`+ekxIibq!+x?yGrx&I#TRq!9+G8Go{g|6P zB9FxbYG!JNClg-naXzYpjN#=!%dEb>Jg3B7%U=DwC4Tdm^qgk+$4c5QWRvX8fuY^r z3%FS-5O|M6idQEQ#n0zkVZvrwE`O)x^aQQHm1mv%Fb!+_tvQHgm`!Dh_j)XNdX5MM zjB1md{(JPxY`h0MToez9z9Fg*m_Dz2Q62mZ>qbGJ;(S2L(|Paxi}&3f(;JHV&TDh0 zp$}K6orZ}hwY>2T7=-#FXiaA;9yVQDN8uTL5Fx!QEzEZKWl&ZiM@9eFzI*c%SR(KZ zVN;-^PKjq1&q%DMM2^En)~P6L)MH48Z3q*5{GISxG5PUljR+1UEz!W+mpTWHBKr@oaD!x+!WzUB{ z*cA9YO;3xPy5GFQO& z=+87{L*`1qx$kF^5x_F?E~1Sz*kwaV{corf%*`kmE4y6jG&3nFFPPhAC);(_I!V!C&Rr*$?teRoeQ~iM&XJs9QJDP*P(W{augnP)41A!PdObzhS6aA zQ@p}=kFwYmbyfK*C7q#ce;tqE=nyqUmAOR`Yo+#^z#xMU_gUjEe}r0Xfbvk~!J!Tu zr5w=S^a+;`7~5{0WRBWc$}9!n7X0elW4^^te2e8>Pj=Za{a)_Q;N>@x;5V%6(e0?B zX7GDb7Jic;&uUJj(}BmURU*Jmck7vrVF2!_5P51I1dK248`G|95}BMyOXuQ1sIY=t z1av8PPimh9enuivnNxm8yY_mrqI5m8WmXu8ckJpJsWwo+UELD#U87aPB8v9?E}AK+ zHRj^(p{xEi;9;M7<2D_yR_0c5m^(QM$qaUjfA3npZCrg2m(zs!XH{;WJz&Tn|ENRM z(AWfhHaCbC?G`i_Rr*EsXnu|sN_S5#H69Oz#124dnZ=qoMp~MKFtnLxP(0XNB$hL? z(|aaUi&f@$IyyohF+>SVvYfo@PCYtO?D&phR$$Oa(zoGs%UG(llJ{pDRi#3Om`XyN z#reWO)5Xz2b@?rCJ5eXtnwm@mS9FvB;q_cJ+RSbhzE@JxW0&!`x@KRKfvNrbx5d`= z=}AYy{U5i)*##6pmz3}kfzsalYu{YsAtL?KpK>X}>BdjsmoQt-3-I z-(I=6-dVGm-^D@1iGLMD@2RyhfDj+}CKSd-r);I&EY_{ItB4kicDmp3sNR#j+QUo} zsodvTU9=Z6xLH>igCFDIq~7mn(hP{QDeucH_SYRTPp|Jm_dq7767|$1+(rzNl*>~0 zT{5MVxKmKQ*?ynH_OAL3D+d30ehS0Ykr;QEc8vwx($9viNfbE!h{YN}Uy}0vgLVSP zulGMvVEM5P{k;+O^eAP+^jJ}h#=&$L1MI@Lv+&8W<)(WefNoe;6~|NgP247hDdAHi zv|%#9D`i>CJ%^%78>FmSX@g`;h#)<%8Cp}_sK}p?Uf2lN$}&i8bk?2a!2+UZ`76C_ zsM<(#S9{pQBkrokC~W0Y7G`T!(Brs-i;%cH%ZbD1BR!eiK57$c=j&|1xh7tZsUxx=R4-u-F5x~o1 zIO8~x2Oyw&Dk(npEUd82e7&<2P=Av6*dF$iUTL3j-sN^cSAFRthdywz87y+4MoTgo z`VQz+F{?g(uf#UJM+O5wvo#4dGapWKy|YEi{4LS!wL^B2RD%`mm!z+&DY8GkNm*0m|jhN93F}b8%iHFRp{YZ z$(p5o@)vS~jfXAHTHMEnypHn+n-+;j0kztcrsei|w`8+K+C&tdl35r zP&eD#wL*CMP!vhnZ4)isay;BEt#JGz`i85201q9NFSx11BtfUK->qLIt!@A*ZE88? z@=NZXy+}cYVeWu&Bi7^Akr7PH_sloTl`+E3F$7zfYr>`@tqYLBLR?fH%sT0n(bp-B zNB8cA8uxiT*iJT4L#GxOq6(X*?%G9H!c1L-9N9H7acjCd-$!Ozycp1O?JWpIgVT@K z+y@NML2b8J?Q;8js95dfd#^3nV1uxGp8z&0ogdXT+qe5L>Lya}E%ZRE*AqI7`xUZF z<_|VgGv*uRS3k$)a}#i#VB2jhz3+;_F})1w;l=3K+y;MB zv3ZUGYCqDMWEq?ozb`sKZ>{mnb|nhVYdzSvS@Yw>1T>7+siz`Y_86d1*{F4>X@zG{?2eCr)6-g!$)a!bgNso zl-J{I+AWAH7o7Y4p`#35MMOY;i4Zr!IjsiTFAo&rCuaB^djyFQgWdh)Mq>*RAv zyty@n87^i)=jNoHtp!;ja$uaA(~mSCR8(JE>_$DLKgzcX-4bJ6Xv2d!smY3LT@K7A z)%2M)$9GL@ql)7Gi=;)sH2Jv_;OChxy}tB5l-(OA;Qvc~b-rd`~z=cXhzu~$D&k=+-(*h1p$W=bnPW?`1F zn2-yto^|Y2HYc%#d{-$F7Ya!#0=3NM9&I9)be@=tYIk&vu6!Kp zP2|!~xtzrdl<`^FD6{Qwgt?3&`T)@Eik~;FU7pa@Q+O8zsr{S__*~OFNA;D#f;imU zS@-3N4}YJGD-1^sN!hq6dGEU(sC!@QT)hn8b%psZZnNs*iot3bjeh6N2`Tsy*$TaN z`T18rIHMght4)!L*kWwXY~klpj3({u#&jbVt>Mj=P+b;rWKtGM?-l!#)A!kyyj8c4 zz>qh|p)OvHdsfmn!h}Afh$*a_uL)7jPaJOP@xw~ArOQs?+0yg>ks;)-cVZhJ;IYS7 zBN0;!L(?E$!EdkdS!u!8(|~`YC~dw3y^p*FN+x6^{7PYS>LL%}MhJJ9hV?;@5W7>- z((WRpV$wu0JC1wrQB#^1+gPMR_3>koh`AMoDwDUjT*Q?~wQ#qO#q$EG_qf)5Xb&!3 ziAH-C?3>rC^l}L46Z(sBU&5vsLE&_lC*z%aUi@D3b~yp$dw<6J2APF1b01S4r}5cFdJfos1I{UTOMoo z9#5_v9J``Yv^k5it?bcQYypAXoZ<9XZSpfd6|W`5&8jH=XyFr3Xr z2G+A)T=j79dt|}(U2$IMoc1>fi>}~8(&HMPhx%xE6$_pmYmy3*V^X`>4q8DzmI$^a z8D`Rl=IqCxYVgQrub?I(0rP`1NUZE zLQXB^a7YuFZ@5U2LY#%zov!+v7LCem$4(-jP`Ujes&JEW^;tlBK}@YzQitCccUdjUe?Nds(h&lGQumjm zx~{$1t-Y)t*Ovv=F;tv4OllN;QBeY?cKC;{XeLd8Um5TOVW~y8bM$KkGtcyY`LD2n zQh}^?b;-`*%f_3Bru2+M;&DQmJ)kbT>KK`ui?&7dWIB!a=s(I$=h%#gVGR_oEDkF+ zvPVl;NNHRq(a8Ajqo5#(uXVS>_&vrp`tlqkbBB_yqYK;4S%%Fm#?XXkwMl=XN=4H= zA_dxg(Z~!hi`Od9J-N(Bk5%^xciF{vqe@@DvQA;Vnmt#$eC1HAbLW1;6~x5*fCrYc zOA2CGGSj9Dn~CQPr`=YS(j8KP^u!d*2NGuW#k$0~5B54&d@(fffem>a3`>zFALT$E z92U*xx!Jyt3Cd~`xn54RMqb3_hlLk$kAqD(q3X$NGjL}z68z;ML_E-DJnGPX$UbK@ z3(@6=56sZM&og%*A{|PL1qqP-4*k80t zYqz!Od>g?-HT4Rq_Qqhy{83%BTtAM0I%9`C0U!zg@xEZL*@Vu%1fzZr0U*6`!UxhV z8L!6cOp4}7Lv9{A;%sy24@iZcnJ*OLjWsL@>^yOJ8_XVQx~4{$z?<4m(Z0b8v?7V) zcv;0yp=}P2vo+)4BmCj@shLqUpglyORm5@F@&3|9FYPs8$M)yU@ZNS)Yk|!+xHCEt z-JzlJX<((c!RBAjiLhtjFQ%Suuhk}G3JAs*RADk$lwdtgltH)eDRLc7 z_f|an4;>)eA7X>7ETJ{xi@xY6RRh%`bZ0R*ch_?!!5Wrg@3L4Bduw!k!G{QWgr@=e zu4}Mm$!gkB0+4K8xHTQc26A}dY3A^EIxl};Yc43z#y<1$%&qZ(QDFr{DCG29wB5z~ zjHyD(sKb${I>12z2LeFEST9DS%w9gB__n!#s%s5QJmMjIwraGMZEmCDD}3 zp~OCj4|_{fhV#&GNf{4Te^J}yIVKJmBBpB-EOhL~|fN)4LIsa_7|njlt%XV(+IZCL1^Ha9jMF zUeGW47qr(f-FxCKb(1*jZ5)+$%&}{AmrC1L-Bi*j^PcKvI0lBYJP!ozo1=B4-JgZ4 zeURBn+5VXfv z(DxJJOfx!aN=2G(xo1YK9p%8a-{&|e=DH&k3N^D6Boh_QiW=pZYR$utKs=%0=yz0& zoDuByYJrj0>xcmyrqZZ4eD*}di+N+LH!$P-RPc1x?SI$;5cty@Q0={I>iSYeI>QuV z8Ku?Z@uD(^RUui_Gc<-;fwr_zZRq1ZgPh?!GSKe28Dt zn-+2^v>lGNrJh;O+Hb(3YV$JLQ(|Ds=?6>JBy8 z42B~tUOpKk*1AOGig1`_pR?fhwQ3F5M78)~o|WBiTprtp-2fGvN*JM|@MB7|-bI>9 z_8pjMlKnO-nIJ1Wbi(}5U?&+nVLeeJ0AtKQ#^xYy%U6sp4iu~D%t&E}Upm1&5Rd{{ zIge6+ayP}9ER!8J^tYbO3cjVt+cx*1C&flrwD`vI5H;6T7E62eLv9A;FIAO9-H8I! z4(}eg&r+f=A20lrfLS<~;L{wH8%V|Mgl?4gnzF4Rc@ih-EhVD9NR<-u1==hu#GYMwDY$WLyqgWTF_l^#}3Ja;eemNO0DH7@C-acf@rbegh zH!h6d5(muty*wNd%fB}DV*kqo^RK@|qXY4ikU^(2KjZ)UPOM-4azBiw!&}1s_f7tF zIZ6LNx6%K;^77xy_20Ye-?s(ozX0t25!U}t!T7cx6_^|ULqk(D$0ey@=1<(k(C1fg0VPd`xoDfIf3yM;*_;qt|)S8_b9+;bE8WlpDkbwkg_#~XGl=t?r* zQT_KbAs>7>cfXJM6+@}~n|AsCkV7u)P^aFw=wj!{q+emX0*6rD8DVn_W5X22e&vMI z(y7_~QnTU9b!$>%o}2j{HfmEhL*ek(ivERZ?Hj0w+x!4WbO0Y|s>aI?@yHsAk>`+P z1@4|NB&?sE)EuUFb|||&({nlS?wPbS0@716r38#xLxZMW)fo_`NfC2~(r0iFO_%hF z*7Koxd2o7LH)k0ox}$n>EL|fKjQ*R?E~dBqE5E!)dNN9fZ22(;Z3EF;)cZ|Xb$=Da zRZ}?Q8q|E>Pt$c@%=Y@p8(Kw;?mlZwDzeRAH#E~=>_fG(fT*a&eP?qS@V=|kx$ODcG!CnPb$Lo-sEFK^Fehqc{gqhne*eAE&I$;1%s=(kWaMarRS>*+zb5KH z!3xDIQJ`4lkJVo??d}RdJwAi(JzrKL)LB-n9E&+oA>u*l$o2k_ujki*6!?u3yl5*{ zg0^6Z2g6YxX?Q%=19~OJ5-nVOirp(yPmxdJVz2%U);>>Kv*5O=d-YN)~x2iok3G+Zp?Q)thCgB=tl2y;C_!Vt?6=h-5>- z-e>{kbjr@(?0}K>-tLdkWM;6Q`v!#%3#cRr`)vM}LvNw1XuRZh9-Ybv`1c~V-!9riuR&^PUMbfn|d(cKi) z1mO7+=uuL?9K{<2iBWW}c;!es3EG{V_b=rkz}CxU!xY7HHlffm*}oN-|CC8y zX#D*KxN%*KDW1ka6YX2<)2;8Avbf6_2{QOnD{qhEx(~KG{vH1J%w|)h<=n2H8Ve$% zu1Of)Gq@1d932PlmOAo7O6w2yFW$TaSo!AvjJyHEq77}v^jfdlR7|LZ#M@~I3Oe(g zI|P+$YA4+=U;N2SVin>O7dR|on@o@r_LQN~Xc!>$ZL!a83e8L>Hjn~ssNRrJ_7i_U z(1*g`WfNh7k3CF~yzZD2+jS=AULZ17Z}k56z%WaCgOaX z%klHQ>7>3@{KZcaA7h3^)UP4ISXPgX=;G}{eBCGPaa|O^^|Z`o*IfAEul(vUM*3(s2!&@MkV~B9&EhW9?rdv#)y;~`;90=PSb7%18*3xrt ziP=^66ho}kN1Bvvr-y-oW7l7=R;qBARMuc`bO^VIAn8D65!HgFE0y}45$(YjVseej z$8XaverzPHKjMQav0H{J`-vE+Q{%|VbYP~3nKGzNOBiRRI_@ zwChC1NCit_Mj{ptomcIeeYCA>Ifh0UBNd|g+Vb&K@@5Iqb%r@*!Sz*c&8vO_?RT9$ zi%W?BPG2Y`9`=@Ivq+s1NZ1d?-#&qho?Y*HL zZ><@l$=;C>_*2i!_)(cxZxVXbmhMg)diJ_Tf6**7jgA!(i*ntiT=yG?qlgKC#%mKj zYof8^jT`RqmdPRqt6mNZ%fKm2v@;ToNMB?kgVkIlaFzGgHQ>Hxdz3ItKA}t1y?gB0g%oA$;b_4oK}l$zRSIl%Vrl)3*H zs;g^tT5Vaca=g|rn(ge0b%vzzZaG1efZ0|G1+=V@$78%?){ki|&tG@7-taN1^Yl$CawsoPiE zGtdaNF8Ooz>m`~^YF}wMkXqA~7qBuU@Z~#+ZLiG>YQ4o0q1+P34!b)E zC?{^##(4om1qRl>UNBk(^7`n^WVUM~$?2ABG{TN@jr~mK2ZOf$;l^&|sP1vXOmkKFPWf2x7}6M#ENDT9U4HNzpx%#|t3I=k|c$Qw^XEh5G|;d<9KKpmrO>MmnFj z+LO%ejI49MgGsFM86?_8IV>-$sLuG{W%DMzy1-llBS7%?J#Ckr)pgcpQx?tG` zK_YA#ZKb)sjzZMvKG#lC&|n1|L8=aPzQc{v+4XU^%NoaBEfnWGy$Dk&;|93?4BnVn4yjCqMl z!u2LHj@6u+vqEGIv7HZ)&$PaPB}qx?AeG%JMX`Kr`emFtiKf{adw&`Ba*uqEoY}g3 zbVAf#JZHMITl->j4XyFgG~0xQ6(BYs4BQX=rjyDE>FdWB6sQ_3QXH&;{(tJt|EY!l zrUwyhOL!B5Rk-I=&5+n+8~kk2rU@~|jXSBQ2iYrg$~l^pBV2U}>)}pFk@4~)FP!m& z*ICT$d4WcCXC;($LVkc`wvkk|9BGk=daBLU!D3Z(5+Iqy6I$>*LY@VY#CFbwruEi< z5xJZ&j^;F2Z?QSW%Gh__bbj>fz-!-qJKLc_?O;K!rYQeh$qy9$h*1aQCIYudTOtkX z4=JBTh-_@rQ~R5xh6LIbFA68rZ1d@%%-rIu9q2hx-o{6Un_FXRuLP;xp<2t!%h?!O zdFeOi8(r21efz+^#%w-q3Lou(7>m!_uS{h${)77DRy%?cxq^9dL`My4&9^k##y9c@ zmziAS$uI>=VIYM_CF4+EzHPDHgAHU!y2vsuCIpMH=EW7CKQEPtAG(=b?~!mc=>CWu z9H6r?-FoA;n3jo(Sa#@V{Pt^ahU4vtBPHlf#@48>Hndvb21#@jdn4r6Y*`{1aDJ{r zo2%uCb?46aP5vPm%6+iXY4j}8pp=nYZAb{CJvr(apT45HGlz){xp2!ux=>`>z%;j7 zB3rlxi~@B<$5uHySdiDPUfD@FVOX?UGxaWjA9dNgq1CdjwpLqu*2Tw(^{OVYIeDeOI9ff#9ZmV~944b15Bee={(LDJ+Wy+Z5 zYOh4w>w4kRYCp*gzKDIZ=iX>|ANot^5^3MwuL#K z!H$uk^vG|yd*9+%PYK5AZ-dN#Y3u5<`j3HruD7Ai@4#N#SbuwmE?A#B?2B|0MpasA z%tDoUt{=94xu$Rio2q!WGwSW-#o`%&B+G*%Q5&s19w~4EUOyfCd4M|3&{Pef2HOWA z9;&{Jz7{L%HI9!WK!TG`eSi6q!F4dMt1*vEx1KeVKCf z%=y}Uh;OfecBvOQ+gu^Al+wSKf`5wP4~NJ(MRw}ISzC-Y2Bl-W9XT5m#b%R=NrCsK zc)c@spQ7#5Ox?G07Pgw>pQQ3Dq?5Qyg_|6qYC3Pvgo zM%_|at3%k#Fr!%e)iR|*=ASd$XU4tVJP*0rP{f^nJtFEFZokW9R(|}7%Va2zEh>K7 zVK?-qFDy8ahN_P^x*8DEPatS#bp!_R4mfw~TGeIXkZHD|FW97K-@(8}EdMRQV$?;k zIc+ugO3;T)q#bNz9XIn~>Y&r5S4_#wO03KY#9oy&sF-B=@^m`XiP`hrVyj%!DDh4?Qp4pp zB#tK3A0;>u)X@l1xAtK*A=?#&&ocRO`CL>wOTPvm>Q)t`e9Y_avWnu@A}4INBA?u1 zDWp_4@8w_d_fuZ^DO7U77NQnj%^?)_XxQkb5q&p?yqbSVBXdRpw{~;%&ud>joerym{dt6ZpO#2C zA1X5TQFQuyuO42rBkk`*gAKq3^OxDGxP0#w>M^zygoXs>d5+Sa{UR~%jiv}+^i0^N zC`1+qP}JvF*IU$=dtht(~>cx7T+r|BG`s+iYXbIYu9yPw%r2?&tcquf0ws zKTQP9L?l-9BmxbFrJ#FSGLExh;^@zKK*OnyW_@Vdqq7B)6+~iRp0Rm!2GN`w{$&3% zaC^ls_Lnog@uGesS4GeHF5SFS{>v5DV`!`aU-LZuMnr;b=*w-M6djCgTp|vnQ#gzc zciizyXNg*f@tPl!GS4yHr)=d3hIjLb zizGDV(5z12^i}0|Py@;#A|aFGzsZ=%&}L}X8!4>2Kb%X=47XoBTRe&c5dG-ENR$Rv zN0+AKl?f$0#x6f&5*q3E=**4m^`W^uo1TKHUpyn_A&HRf`i4D`v z_f*Ze8~pzbX+Qh~a&aJiPP-6|?&}dh>`BnGyp;*#Vaf)tEI`p4j>1Zm!EHz@1w4h@ zckIV8ow#Fff6oeolHzk~3DzZ%KHtP*kUXD9zaL>H`c>@8xn69Imc0OccEyyvRi6)o z!RY^RJ@nq?WynXttf))4da2U31lBv!P7kUfV1>FM#U=Q-_wN-8{WLh`|NL6IW{AND zw%^VId3TKTX&UNwV4n?mpWWu@Zq_qEPl~GRV7D3ix0serYCF&_TINdJctS&>PRf1} zF;ca5FiYu*T+G{;KsK`7Z^o;TSg9Y@ABctn(Q<&JoDmZCvKj)T9iCkB%>UyFwK*gE zeYSmtp#7`d43WdqTTD!6k7)umsC5Cj!YqwN%@`#4P%f^iniAa#hcR;zRs!kB^+p#d zij*QV>)826#mWCx!^qQJe_xhkEN}H^@MSx4ouzCA>SlvPRi`$8Vy^|UY^T*HevtLo z>`F@4Rmgg{*W~G($APm>@&+!swUF((Ayib@axf^mU^KgBt3673!jQUjx>mXn!iTLz`OOTZ{jUSE}ss;NLc zx)P&7G3^tX#EYGC>vZYm@oreDR8(_V>|5b(_F33dI2MFv;^ZYG1!d9aA29@zXu01VHsxW1CQ zz>Z6NfJNKEJUJ|wztHH2mi~@-sZu9a#|-&2l@PE;%Ue__iIk9vjmA0(TByW%ffz?Gq^EsW z6XuRIhJ>V5n&r^gbtUf?xVOSn@!WC^Do(aznBJcEsM~hO)66B|U5oe0pLP33nDc>R zTWKlw07{65?B9aCnmtgIu86LvMA%j-O$&yc{vpJ8F6grTe;nkiFIF+EPE0G+&y2K(2p6m`)-GXlKtA|Rks>(aJECQlTL|%UempfXq>x)0md{h&U~p0%SkIs=;X@K-R7E&5T=dIKGtk``H=hvO9mFi5zfs zJ0ymO5Y4xi$6JrD5!$cXU!%;lNF%&5{;oCHns;u~Jur3&@UkZOK=N(%;<2$Zvtv)u zwD7;GLMNi-3!~Vj;!ZKq!PW7s9(SuRNXo;6``4BWkYs0|-mgiKrI{ouK z%-z1)$-mQEMKT-W@I0hMr5fI%b`_Y-^B)2%>fHklSMF)pp;ORjD)At0qIdUuxGZB zm&q(*#RTJvB8@bF;beTr{*^vTh=4;r3X(4k4UH3`x(~N_C3kE z&jY$>q58B*5At%F_rsy8;{^-~rNCEcIbRUeoG;)Mf4}q`1JV7?LGcy6d#++Mcm(kXDph<0nkn_zqEJSY-QgP2h?N z{%cGdu~Hf*-=m6cI9sAja3NULtDj41iVgDgA)`NSU`ao-jp2mtG`b@b#~^C$EAEmd zU4e$Up_WrE`QW~8V24=rw(6w-1x;;^DVE8220Q9K>+e)_^~`E>B~7UZ9$!P9V7VM6 zG)LRvT=}@|c=SayMxQl8niMXCHFn$|e@qLMnhkgzkC<^IM_0|!)XL`+#v`-+mAO5y zPRnnH)5h>waa@M7@U2tkmob{^?Lk{CCVFEI`f4_Ts7d9`fyAWLz2DUwvC@9nB8nPg zR-2MbSZjt>K+5cNH=c$t)e3hK7tEBELFutcTJk3TQp|Wm1`$0tVlredUEK1U07mVc zWOiNOtU&%6Ps4*xr0&}vk}=icttlu|NsORjaNTBWS7XLVcYcHLK>~~!=|b>A-v6*^ zlF(3RUTYeNdcIES^knwdWr8$T;gstc0k?R(?+0eD0W^AnxAiJadWDO)2rO7^;6pZ9 zevf55#hc}18 z|MrA``=h<38A8b_Bqzw!lhXF}TX>C_b%I))I@_ zS?v&Oe&K*lEqCZCk@skJxdayj2Dp@%mk){m4=no^BR{!*B?-jj>%>g@J3IdmOkM%v zakT55kZ{r`H0ApTTt+4wQXGL`8<9PPe3xYv(baxAs+$w&))1 z|7nuAllNL}cu(bu#~)2zwbeJw#0;H45e+f1K9d^@D&<%?APoKL^R0i#yZeC@f7$Jf zM+YpRXSEZly-D`{;|E~#pQjR&*Np)K&&S_^4@zF%9Uh|A!nAUJldC5K6VQI!SK+XE z)74->rGG<=Fi)GJUe;R^E6Y&6Aj@%y0bfVcBH!8$`gw%()9xxIO{+V!j){o@a2!J8 z)HVp@BN{|($R%j#8e>?!6Q7Hn-p`U#;)9>bHv50J?|;$fryw94400<&H)xS$kyu4P zBJIL|=A#ImB7-@;RpLFm(qOKZbJ_C*d(i2~m(!!Mhf@{e{syNmc*L*g$Hb7{`Et_9 zVqol7pWfT0feTHZ4n_bCaFxKk-s9CK}lkcF$cY3 z5P%0$EnI8+D=%{m;yRE|4u)DF=v!)jX?%pA8v{iFTT4e(z9A5JtcMrblRoxzVt z(0jwWuuki%Il93?8a>$nF^p=<1+t6|cLWge#sMT z(HeQ+W!vFwq|u~3^g+jjy&Z3)&}^VW12L~3L0mq>TUZkZxR6DLvy;wBp(TA`1&qFwXWK)|0E-5$ZhJ);m?WOT3 zc&$gpbh?()n?^6(_9OUewehQVbao$fl@o=D5!vCweKyhQmO3}YM$&Wlcq^efcU$)$ z3o-`0hv7m3-PKez0m{iiEISg;Gt`F0eP5p`HH+m6#K0NT?!K;Sjmx!g`=~BD{^Y2q zjg7THI-ewxkv0gehLd2YCA#Z90NS}cD=Pkwz~Ccon>ePpY*7lB1g1f+8NtI|X|O&e zDS}u9JqT~{{W7a$z~zR6?UfIr{>-oJYb=FA0iVXgRP-_cgTreWXV)_tFt|sHd2U`s z77F))@}_y$-_ZSYnR{Lk2g8HnhtBqR?D^3lkX$B9jWmiHJPF<^(5aJNPqF{2Q<@UQ zkE}l6u(;HjI|>&3rI<9%K4&3a3d+Cm?*B_WemY67WgywS97k_-3Y&tez;X9;)6K#M zUnqEpH#_A$RR~CniLAgITHy9UMaR+RIt(clcfQUWgz26FN(<9b7Yq?S4VWbci zc5nznAJDxYGO7i)_VD(*9i8mk^J?w_!rZjy9l8|X9J~WENT~Sf#IubUp<*Xfu_1Mo zHWDsNO|{rup>%_@^<@l^ySIDN&|wk%xPHAq?kM(5mcwoG6N^W z5z8+$bm#KoNq*C1fpyn3A|ilgfCMS7o{}NWOMQ9iMg9|c5#y6xJHo+KTX-6C;$d~` z7n%Q!vj5`pstVfkfX(O{DnhxFmmxaUJDq9b7qx%?0L2zF#YBpF;=t$|H)EkHPQs{F zC@|Tp`qv-@OU1?)L-Y$_*Nob=85UABJIn@W_zcPK5DLxsN$i@AR0Tbh0Wiu{RU8aII zO>H?>xk~<~OEu490);QQ=Gle*$ucdnYg5f&ibl2Kwbgi>Sv61-|C~;|57b2vnigU+ zjc{|0O>oJam=;x@c+f1Dr1QDvw2UofO={)jvZH#GYW$|fF?gbPyP2;Ig$u|gh?4wL ztht7?vQPo)mkgQMlR=%IPFi21l$gXZiTc807o_-+46^-|8;SgZ$76==WYH@P(fK~Z zH}LW5tPY+#;mP<0*85c z{RShGL?;i~lYcuNkibMwl-eV6jfJgY77H_hsmSCl#)Q4*uv=cM(+(#(yR*M7hN1s^ zJ*HBFUww6@Unb6>{`Jj0hvy=UgI5PY-x%&th4<=qx^Y;~GT`S2MN6kO4DSq^7(}KM zd);Ueb7trV|7XtkaxZfthC6>UldWNxzGz6KBW`Gh0A$Z@kSA38>_m%^==xfjz!i@> z5Xa?WcZJ#~AVBOpjXd5&NyUWGKPxCtalgHpTG{sdLaXx{w-Evkc0>B=7R}NE>YZLd z&0$GKk@2NL$w4Bz@$fU~>i%$uQI(J#I}O_eAg2<9*3y1#1c{zG*Y$d*wf0Y%@zDzg z?~wk{X#TL;@Ye|(7Qt}3z?eBQ7FvK@{% zh`Mq0eY<9kDg_)=yKObDTIR)Uw}`wbI@6=YZz3@J!O}?)PbG#!^D6sH|Kyl_0e>g` ziic<9y_$yVm`&A%K!4Q3B*ptATN+3JEWo%37$D5oMuDX?ub9NSqx#8P!I~Q~u#b4W z;Wqg170l4T*?FVCOp~d(S#%=v+Q=o{8h;C@=tnD>EC@*h<|c1PsEFa3;rc_Do@Ej! zib~|~64Xq@zF;4=Tt7|TyVM%|DIvo>mScVq&+kz*1R-U)Gs6#WUzUqz3X0tazM~W- zfiupGz}Ia1RGUp^PIx$gb*H_U8u>n(Q1H zlIQ{s;y-(>Golfcoq@0lW%b&(O4lG2#|_~6v77YX_MU!s+tPnLA#JYEFHH1f{$K|& zP94?z1+FRV#Swn(acObxau?i|Qh&!6Ayv+hmw(gDR7VvpSYU~WXOETNxVbn=fbxQ< z*#sOl6LfjozkYN|JS}1JegamT#~J=Jn{+by-LWlsWA}1-TYFp>EUreQmP#bq4r418F+W1&?x2Tw}8FA z$@Xx)=7UCOGh%RwZR7HBCp($Yi14rA-tBEgvh6qtXhjR}V_}18n#9BS+DeFOqXAVh zx+GI$>a{c#laFVgay~f6TUXOGDwj~(&|T+&QKP@0@~fT=R5(YGRV$V63utt^pJ6;( zv2rCM;z4k}CR-?>jPYH%mPqQvGIE^?oWDm=iyGsVn3kin;B#*a;{5}sXLL4dj}rJQ zx=mm$>$%c^{i_evwC6TG$7~*Zl+0y_3AvVBgRstZ=Xf%Q*EA%(h)pBEj9NIf$`0md zAuLT=sL%xDcD)$8BgYohLg%O3m4m^t?SyI*gAipMHN4bLR(($t6`>t+LZZ<-$N|zc zMbO)t>64cOwP+DsrcCM}^*_O-|6#(qyD0VkAoeAf3P>F(o~<=P7J1PFdYJjaLiJJ- zT?tlQM8w?MGBkbIXCn_2t`(b+z0xlRodIo-x@AGrW1mV^Gs zL~ntz$quSlvyXpgs z$|AVrpwrC?H(%`MfgWlNdT3D@U4dWhDvcW^qDNV=b0lr9tpzO{T3)F&eR^Ii_*`#J zXld&9gAMUi?~c}xrpTLm1GtR<9+s^c^u&5N<}7KD=>{;imJX4>oD4z!IljzR1x#jg zr?A`LcbeK>-CiI|7X70u@}IbZ^KJO%Z@c+A8 z^RF=q0sgNLkoOJ-bpQUvuZQ56xUW+_0qg(Bg8#XoBl2!Qj-+5|p!$Bu z|KsBSV(acu^lat$$q(}W?bvP~9p9dwk5{o_y#F&5^52)|>-{;0lf!cK78Q14nT-ii7;$ z?*6O!{Qrb`uNEL7m*8E370(No9r=HD@%|+sgd%?Xl?{IZfttCDln2|tt0V!Pk6d?- zHqb=`rTJqith%cEYBxOdlLh7i{AS zTShGBx<&W{Bx-Bo6C9%4cS^Y3kKcT{=-)O8oGI`Mr0=q`js?-J={DTbR%>wM|LoNs z0x%^M>m)8-s0M#=vVx{Y$^XU5KT|*?y5W^hqb)%(J&)2xR^&N36!7Nve*UukQfBL@ zyYtzefzv4|US)@M3JJ6QgoOsW!FTC^aab>-JuB!U`GD=d#AKR4jKO3^RI3$;NW=)u z^0I-W7_Qd$u|t2vp$|i2DUqkXHaMI}TW352A?;GW9RftE;aaj=al@TEuQR9ha9V(& zX1^FHSo7KTa>cDZc!gKa(4MZd5knm=_NquyiE#IU3_qY52$g)iQrV+lF~ws0V>_`p zq*ca5ISyN*h}YR8Pe~&!Rax_liH=$)PwqLhD}&@u3c9x46fP@Q+xNo~^W;yZSSuOo z3`c_%Y2z7x)ThzQ`43a$BXCORwXLuzV-hPndD$N(?O}HxO%4^#EVS8c1em=cceFV9 zqAd#*$k!H{+g-1mFGcGH6GABHn7(kf)$`GXscL>CfIf+Xy%5 z9xb8rE=GE^O+Wy|_uxr3%#NnV?|=&E<$-}tEDaH@Xv^{1P#9q&AV3MxwouveopR%G z$0EEj5$%aXn;Gw5*WktwPx^59-XE~pi!ixyPxbOxhat~1a!K8xf|?4;>kMLZHgr~? zX?y>UB1}ay?KpuSL7&U>2eUu-AlLtZm} zSmnl$_^)07enXpW6r6f6Y|fOW4X=t5!r13c+OjPij7<7G$QcEk3C5?sZGPrbS z+VquJVs?j@haqw)M6$V;GdXS^cb3~=C==yeg^EDxpm+%QuBTx0j-=>){Q4 zn79@5DD3eX!97+Jtn@aWz&x3!nEFNSyL zNSDB?@e1#9%aw_~O#Bp#NEFiOxosyHujmqTIt*ff_wc(tM9}|zsjrn?{cSf5V~*M)l6&Er+ukSfiA~5;S6GTOC$~JDq@SITCbY8MKKe zbGxT24!Mg*@8d8Q4PP}rym~!o!0`hrYow(m1V34WML3D<552@9 z3S9F95v>pcYi<6}XH{8%fsHK9N$OL~53PCv(MIcVX8Jz4`5ACLZ1e#6d2X%y>)s3` za=XeYbDFd3X98TN#^FeFw6SnKn^Ak8t(HiNIV}pkTsuRZ)1#kWgVToOOh?}}?o)$o zNpM)q7x2LyR&tbd_8SJ|4(BbBZf2(sO&I?G)z&>RQtiniN$qB;7=7eiEZa`1VqcEQ z(d=?l7Oei@V!qxL6e;9E^_OF>LX>&xcK5F0^Us_6(vZnNot8F7P2qxMj|tUyIYU-h z_^Ozhc?PejI0>{|9cq-BP6|Wv_h&~7#cl|4FW;O@Tf|Oa?vEzUjKh zInnbT9yMNDF~s0=?1Xz((dFV==9(BbdBX9n8#E#dH@p9>O1LQZz}Gv3dd5Wh@v(cs5X zMke8H`~|agN;W&=xWBQmbfIEuv0aIkcTjk1{z60e9UAP6v_szsIb|68#Qk>WAE?Hw z27DY7dt;NiMKOT*n}ZAp|3<-gi->alQ@%ujRAj#t&dHjRjY-Z<@BUX{z7VMhX)pn5 zSrypP_#-PRe2Jp8{Fu|kk`n1+Ac*@n8VdzQJ_4H{;nPIjEh!`$gt0^0d-pfgCQ#z} zvH=lDii75**e1>+0JBpo3lav(_o`j4y*QOtK4uIIm)J4OWy4frGM#MJxWiERmV8sq zj?(4}CB;|oORpPPVp3jUfqD$zy=Qf0emlKaN0xadl`Q*nZdh-PO4G07ATlui$CxI@ zSL4;CrRJ1JXpEuJu+jxhs&}YGJ{g^?RPy9qwo%nGXrij5(c?%U-lBvoSAMkHtkWzv z0gAKiX0*nH&kWU$B)-d6b`|Qs6*sN4w*L_kZ&Vx=lR7jK}2GZ-* zpS%K&Bs{7mIou_VkKY6~@l78>=hk7T-rFayjQX-@{7n_K$*d1o4o>c#TFrSLv|@om zi5g)QsybzJ11qH*jn(lPTLq6_Bk!WQqjwE|qoJfN#Cbt1RTkQsbBL8$njIKcs=qwx zW^RaXR!!nVqRwD1#l@JIpu&}@B+|^qHh~&gBW$P;4=6B;qdm<3^lMAO1ozi zKV_D6y4o;v$SvgoH_^f|z+&gE>g*`b6E)rWPHU~DC|@zjFfmRkgX6xze1{9?RwL?M zJm;KCOf0iYOlaa$Deol}M3HCMp-#=(B;HxSJ3e`pWjIAvBvTnk;lUc?NGV z{BIwr_2h~GB25%oRh@50Z>090QPMn!Pn8bn3=Y}J#|`u7GFhV(Gh3a=CD#4E=Of#? z;$bq`XTBk6Y2?GuyW+0i7{tcaVETo-dRXHdHOAw-dm4X*)56$5!@<&~(3R{j8gqE< z$cKXRg>V+~**e|Q`}+!$;jPg}CFSBj8?`^E$XV#{2M1G?MG8G|U9T(Kt>-|@lF{(a z!hKU*f7KB9#-%o_q3@M2!m113hIW^=HJlJT5zxY|;6hszSWFz5RW?kDjcaAG%Wp<6 z*0q`?-V{W&rA)US@pq$K4`MOSIv|A=)@h0pfERLb}=h|S|b-`@#ME+9=Dl?TC{1iaiBkMCDea$!f z8hMac;ctvlFjzb{CB(P1xpA$OOd|bfNl|0T!~<#!nMYJ2ehtjED()J(a4v`&PZ98WLreGx1`rt=TQ|maM|Qm1(>WlWa(hyGH?E zac?QDIvlGya{SBIQE0E7NIKe=?nh-7ji~GXb+(7rTCceJWWG8^>q{Y}<0cT=T5@lG z@3`JMieHB(>Gn~a@oOY?qI2vdhLZKTU2=RyQ{(&vb*NrleU6nh$e@+uy_*=h6lZ)m z4@qfwiT%5PHmF~8fVA1tle;^uM_695t*sV9n<~@n#XO)~WVr9oip2$K9cPPMMW@U^ zp{UVL6 z96!^rE`2D?DNuKFCco*YRxo-WE8wMNyYdzBnWmGF81!E390B_mhje#R+=-ol*1v+% z*u*Q5f^_)dCg}B==sU<7t)iZH9^)d-b}IZ}TW}d_O73uY;kl>C8!O*awg$6L9DZ^B zEokm8LYjWHc$-T|nN)ygON*c@lhuE#gG_OJ0#|89i;?77X~h@igYO;gGZ`ST3}yGY z09y9PNds+xml#md$UbtUSS+`Y{H?x5Wo+AL%GY!>cDr+2vPARd^T?oWtaI)NX?J{~ z6X6(oRa4;YP_V&?R(#h{6=XZSl9_T8@sx}A*1=mJp2V9X#Ce2O$vr*#sqM;=I2cd( z=~;guG77qr(SDvjEtE%s$a8d>F|wWU1o^!Fj-fOWY_7-g-99fhGxk?H@Po6c`B+we zy(Ru)XRI!N5G;zx)X5*FNeU5l!-gMKQXnK>72*7tqo8lBG78Z3jBu9YeX`MY({xgR z8aGq^t}oiUy=9XF)f_^HJX8S$2d}s0AglaL4)#rLtnTdLSd1^XLdb}>Cbl=%V>G^_ z1*}i@F?4y2vQN#`=_=6Pm6#lzqS>NfDl5TJYiHIdu;z23_i#Z%LUInw&*EbYaLX15 zo@AXqC7~@l1HkZk9x<||jZx`U@h*5FbG^;Z1$LP)mlznEgd)Gg+Y5@n$6McsKgN)3 zZ6Hc!G$cuA+XaRtcc-OOwDBgQs~|Zkf+xRgt-`}gCYE^~o`h~-U*gU$X=$v*cqv*- z13yxxEigTfu*z>*@_oLY3k)3cT+BCoc3Gf&dX)pq#)()9Ko_Yk#yC#dUG?62U;dxwC&R)1h!$( z^L>#3=Az5L#E1x%F8Q^+zTQsM+ot4rgTRnUr}WWKM1h;q$IO^v$D zwU=20pt&EXaJKi(RpPXRg9{Ypkv~Xii`7(h9UG;8$^1kJck)v0+f+sHHDF(J=01)0 z@ihl4AMUnVgrw>6O~;!rL_2E&*o(drY1txprT!t@u)oF zy@rc_9r1po$W!)@$8T-19a`)(7aHhIg9S=lh;Q3pRcN)M`b=yH8EDX3V3Gqps%E%U zrytv%Lz|65h8re>QKUqYH`V(&@yJ>q!0SOpUp#}4%TuW2Gx)nA_-R1q8&ej59?GRW zQ7^VS-nRJ}nt~OM+RQ;ZkAJ>&eI8<42r_#LYYlk2Z`z@zk5*yr&Du&nlrB%$Fe3Zd zT;y9cF>P;Ky0XYvER3CXv;65*fLss^#*}6v^0v9lSY~1+41u?_857m=^TR{!vIU9n zuyS`{O;1hZFfiW2BjR+4c%@-h($hz6rD0k=%vr&mPqGB8OH-`Ie9l^{*^b~+C_k3g z=Nro<4{V2)q=k*Z`0?#y*1XkQhWebIQjUA=eL=wQq|qsj`YlEJkBp&t(5WcXt{-k0 z;y6lgoAHH@nJAYQER1I!RJ>aj_vBK7$0@HAg}X$BQs4>NLPKJu-p5~$->hiPQ6T^B zY@Z@Ong8}jmMn|iulCNNzo_B`Z+4QAKN;y1KjJt?v{x|==p^y}Z8YwYvEB)PIG}hs zXsj+L-2RxS@B^@OJ^^PsXF{1*E}0`zMmL;10aAsp)f2TaXLs`|bf(L!^_p9@K0ljv zUbB6{olvy}9Vu}jvX|~-dj^nzbx$SG=~@&zhu7A-J)oD$zD<7;YJnF;s3fW~H6Xh1 zw9D!4qKR3&E>rJ_6w=(Ct)nScEu$O72Hzd;$zQ$+H*H8aV?Sv2A~%VI>xvev@YuOY z|A|_q0a>YRPk3~#jLX^hjn}5Dcl*sDW<>aT+^LZ%%2Z3#0VZ_r(mFHVmY?5gM(4vaS-nak!u%S4U6#47rPArM$ zO}C`uk(2AjEy_Mn|8(Qg*1lFzmEvm9eCFngj%jsaaP`<4>JA~mNCiiYbR$cRgcnHK z(I%4ZuCad-mIxER`&yd1d^O~eK)`@K5m!%@%4|iICtYi})BJA#R`AF<>JQ~jgFTIm zLl2o_@P>XgQ;rxx3~KidaE>@V@GlyB%o8i<_np2r$t4zu{dzH>bv63IyCcO!D7&pt zyflyZ*$;Rgy7FhwAFQ1Yr~Jp)D5CJLzG`Q5pxv@+?k4crbM9?aK1tC!geI zb?@g@g>emUf=2j_nXb?qchf{&H(YTnIL2fR9jscLlQ2`Mr^ytuuJDSnGkoll(UB>) z^%6E`Gcy~`r`OCeS1G5FuOGfH!)d%YG{^+QszzvjduvB)c?8yw;Vv?bmQe&S%f#y+ zMD2}M0!zDx)x8#YqoJ3~A9GFnPB$!zoimkG!^`vNk;38rcz#veKq6>mVgy2o^|7&x z{6v*-4rOmMtqu+N@)f)wMIVTf9>Fn7Qu!)7@d=uf<6%Mquz|roDjNrAR7;qU{znq;-8t z&<>(6_)C_Q`^5kg=>ku@&nTN~Dge_EH1|o(%Fan~EJ-+m(DtEV1Jw^k3Qh+w^F+l? zhpXA`NKBWVf>-#3&Mnf6qFLx;j;!qS?7$?*%Ut(2Y*U>);tTDopv$ka>#eug!A-K_ z&JH@O5$=df*={J&Vd#a8DJ$e7HF+l5#GBZzXB-8dv||?O^78}ZdL|3+N1unSmah_c zG?gw&cvxl?AbYR1@t#MN;^yt&_I6fW10w}~(Q08;a3%S>-DzsQdO^d7Kc<~v?-*|B z+b@MeG0_J_O1cXItt?k9elGdxOaK9uN2z(HtQag*i3qWN(bdlN+vB+ z3|n8RDDQm;&{d7nKWL7(*G_k)CyrJGZYD)JEyQG5WSDEaWsLrZo~`|(l4rPhF-yhQ zkoxFjDcW`cbFHEeKD0V%Ti?*#7rx0+?~VR`)zmv#0=G~$B+A!wUX7X3wH8nahe5yhn;x0nrYWN-=JA)|8fuH`trD~3hUJM0WAb&zbz zA8%V_^8ph}gXKph_s*qJp>@M_y)%yRo_Y9$h5Ojxb&Vhr`YAOSobz15-sZdJi27r>^9u4HqX;;ow_GN~yu3U^=CIfmy87Jq1B3->Pf);yU zRI^@fW>#CGOuvy6Qw*Y0$QSUvMBsic0tv0ynWrX8{b|*8S6Q@dOj@+cz;#!Ki~CyX zEW|>agLm|5^rF-srs6JM#Twm+fbQ4BUd*l!W6VxpTB!|`IcMx?pj?bf37{iSB6X!e z%p%8N!X6?qnc1OGWQEDw?CRgIQ>{MOG{SA;0ORK6`oV0i?D9(Hx|bbR6K;|_5Tt%` zQxK|f@1gHDg?v)~y6+=!K-0Dd$VqfX?lPOJJu#XM$UO);PhTwD!zxi84cMg@F6(K; zjM+18PS|$9cTspIl5I4&3Tk6u8Ubrl?dmHzfc@F@AWc)Z4VkQh$(V<8V^;sZ%4hrC z+KZv*?wor@Zg<(@QU@kd8`AK#f9^^{4nfezGbT)Ik!kdj#EopkXI~hm2`_J8nb)qa zO`u=f$saQ*#s@rafx zusBKg^4WDp-{`; zmI}K@#S4?%W~K~DTTOY?2x+UUD}!j;lJsYDkW!|}8Gq8zGS}4(O+Qn!cw2;s20>(& zDNqupT;K#R=m6z3!1fCSk=PM$xtsOJ_#qj4nhI7W4!occrMr zwp#lGFul+IIMK#8R$<@Ssq8O2I;ie{XziNl(w#V)^Gfk`3(_LW%brwoGcUbxxNsFy|*u6pX~YB#dvKDwkVYG5-HL-Bgt*lm0@ zkEOkFLf>m>{M}MO8@5ORN?qs5)9HfL8O*l*T0?@_<;I&rvB$HY>;gs2FLOa;*8-7VWUF`@LeJOO?c9UgTUruhb)y}f^NR$ixVWP04iG2Ul9Ze`P;+ro|M-VfSP4@S{Pj5DN!pW-d4ASB+aDtnt zYUvnmDq_5S(7fi}0Qb73o)Vwf7cWu-T4k`%AO7tx2EQsH!s|((svJSd8n;tfiZfEm1L(TR`E(Qvtq}DZyI9gD)j$1T`Q2<~~lle+uuYyN}=eP>ZAXC zVy)WnSZ&=EDYybfd!BUhlo9)W-eEMfi$`o^385sNbxmu3+FOEKZ7>+{up+eVJ}&84 z<_>q;?wn)HHul}Ze5$Zs_qe3UdE{k+R>MooTXyx%IMh$jOqvpEtwT~D_r4jHe#Sh% zWgU423jfrFl$wLyuME5Tz}W7>?fn@s|DQ z-S=QDK9GY(|At`nomxrk_g_j%^9C;K)h%h=VA4w^dJjfq^pNj@4OX`V79va~%Z;j~ zr@{-r-`h2C4w7wmZ&SJ1?fzT4^F)j$#9w*UUTzzaWdFGa5PyXMTC1|$>`b%+Z5^6} z6CyTYEYIrkgqtPj!T{qd0^x3MHX02oh(h&=y_(98ag?M1F!D}CS=G)Wu>-xEP}SjG z9uULQ?+|MR?Ln>*&o0rIQHp+ynAO%uVW&sEQlt46DLe)7pBzHVKBWK=uXUThHaVo` zasXG_Mx|Mdxs&b4jn3v&(@nyzBS{PCa^4+BL~Gad$mDugo;OL=p?jN5sc3g%2h~Xp z1f@c)3l24H@VFdRPf4f<%4)H3RKR>63)Elxov)iaX4zX>LHb+Qvq)bo}5xx%JA_ovqP}NbaQ@8B|eqZM{;Q|32V*6jJIJEb~RZE4)uRlTC*!= zX;8$E;FA9)UMQ2G?YVoio>VEMU;NBOF6(*^#g+8ce9uk59T*#<^($Cm>l-T>dq>^U zr-b0hdOz?ay;ZruL%cr4-AnSsR9 z_LBRdbvk#eeo(xM7hh(MVPmEVTDg;%=K&JEBXs6?-Ju67^u9SqM{7s7eu?@b#YyM$ zNQZTv(kvi_<-YNeksV94Bx^@yg^Pf$^lbYjva44X0pIV`NpO~dzkXK zDv+laFon*sC;E9-It?t;giWi2Sv`X+n8h80o}V9W#FDI$mUhjQ)~2bNq?>APZdbAG zucJrCazU6Zwd7L9&|Y-1M%7l}hg#HjCzC%|E^Lu#wQzE+J6b8?NbU&*Z;(@e_|el} zQAX)uA)QzmA%=|RvEvpplI-b++Q1Ns@|E+e`SA^?tkx`w5^kV z&d{!Y%WXe~zjf9tuDj6=QTX9MNIP9U{>3rV2Z>n>|HlODYDGTFY5JrAYzw;LHR(5wnU6sgEvK2%1uM_q?*3+kw zsJ0^jjM@i_aQhY`yZ1&NUQ`QHG5hXn9^T@eRoK32w86Zej@sfn{p?H_=C=g(cCqpA`8T|7H3SOquOj4N;1f(mxB_=w z_3(J)7Xi}8Do<9m-OAo zm`;dM?Q+!?y3k%4IHF40n)3B8r1BOlUnZ5W&wkVr#b@3D`ebGn_Cy#L@o+ue96{(H z#BzTE_XM$oP83d2@VG~uiHQUWOcq*SJTFSyvn^8o752r+dHgJ$M<8?6Tgj9aOV&zmUJ)N?W2pEJuaFpj?x8wvSr6|8&ogkN>G!lSL#LfxP}=@y zcinhYjAJW&t4zUm`qP7mOCp^R>*$JlKOfqza6_V5X2Eb4-^2mh;46xsS`6QRW>BVI zXSoz$x^;n00gq*vcTYwz*cMtOfA(90=Dl%FN2mT?tO+G5F{6k(?6v96p9DEi6XOaElQ;oaue%oPGAb|Ll|ba6ioqANqNp?s}_Mt@T?{wN@3MYEfh4 z1Zil%o|c{Dks3~DYjg4)+po`5JGVF!ZQBxijDvTUN#t@n6zd!N)I+j<>`bN!Dp9f& zGYoQwy^h?{dbJ;M-?ljBYj0%%(fP9Kx3$2-{hgB{a4$y7UldR?YO_HxM`3pKy%AOB zo!b&U`1b16nd$^}frIxqu~*6>()mo@n6j?W9-hrYMuM8!2ze(25P#kahxxLy}*e^jx2aqFO_IAFQS zc}pAJXn*f>TyxBwS%`xlj~&(jeyQf52| zaT(i^cxe3Qq(aje(`Kedk+UJa;=s-5b$I?yFRWosZray{3SmQPo)4&`$DY#0;RhVh z)n*kKzf1DyH9oud#hYyR`N5_UZywDElI+1;FUBim{W{LhwMx-26uTH?7Ij<~oInq; zNH~l!Un4W}R?LUQkIlIrq^zIIf#Vl!yCi7r)QGkr0RK1a%JzAZ2Zo24zE9_vkhAsj zZbH!-192!=%)b^iAkJ24O-MQ4&v_JX#+J9gx?#J*C%l^^Ci4=oQtOeblMbX1(qY#W zWP~={d7Sg|(y-_0A7@9tb_s*uUl>X1R&Y=`^A=Tvqq3R%?OUwfPp^#zTCpxS7+Pp5 zL2{{_)BInIJTF!eS1Hvj5Xc13xA@{SDB2$D1U*AgI9_`sCX zfuw?2PvQpq;HdF}-k0z2Ju-iU!N^UG*4)+fK{;MX_p+sVHLB9k6^^b!U3TB&CzD1`xO<<6E-h(q zc}XCnJilcCn1l#4h6$oXFCRzEx!;_=T@3pCT4EbR?->w?e+P+w)?*X2f^W(!; zc3JJ_ERUka_fQ_(4H(G)y5qYLdAYM5MAe>X6MTlG6^1UFG^0II6nsHEhCg~`liszh z^Y>Exn+PO*fW3WfH)Be!hS`RyG%!Xt#*{nF0QT*}p;mFfWhyJT7N&l{$Y2-(kWt-Fq?ySWk=e~q=h3j{Rq|;ioQ9y=e;^9 zXcF<~&b3l8s|J^97#wEM`oLK@87d4`GDer$xZ!d>fnq+mi}} za_pP7LASeY_?JIJzU`Ujl}DEmKQEEhsfpotT@AOqF)Oa>0`gJE`R(&n`Bc8A&1QT) zD(~d;q_Kaw=#2m9$sTMfqSkzelnZjrxp=3uSR8X!|4tOl8QiPimT-F)@(u7wR!ce+wLFq=JBzg+c?P3ZomOJc2GD;aI14&kR(Tb69|tC zA|7rM#jf5|M&-4sTpB*qn`T;sfC!)6dMQHnjN9IxTJWo4JoB_Z`5c$wT05*PBnG)2 z<;yx|XFI*JF!wEK0lpSGCs~Kv#DKXA+Lmyi702mAX*w(PTBB5S(w_dUmfzn`dkKVw zA#{`(3{`x$YMbVZdw?ZlvCa>PtHNC;8EHXl%f0#Yai0| zK-D%;>#J5@K6PmyFQ;hz_H!&v7=a|2-AitDl&z+EAe6$4<`4(f8@MuMc7d^?M?JS5(pr#>^#z(g$}bjOQ_eC=tEE=@-q`!h81^ysu`w-+ z2r>k|e0dwRtlPjuLltc@@bj!>1{HUJYA;wC2}e9AMSh{$WUg~>Wzn~gyr9d$; zJ)I(nXU%6Cz0Ml*+BKh)<+LfTvTTm;k`{)?ANv5EX?Zjhs!dyQTxA7BUWDkN`Gewn z$*Oi){IUe&E{zHRAi>a5S+ZsDiX;5$Dj-%WA8x%u)fH4IS>Vyjk0!rah8Lg&V7 z19PT&!m}#H!0~b0sHG!wpNP^g1lKhykb)0syoW3C&1;1wJMV;x{jbrj5@-vxgq{m3 z`0mj%02+p}g4%Z-_S)X}NjOq*=6&qw*6Y@FN1 zWVn4BHkmYiRt)lvfjE}z-=E#ulzQ0|{{8k5{Xmgzzb#*XLd2=Dprnmg)oC=g-eJ_v zjqVJh`)>|BrL>~Pb_T_ALciT=W4^G<#7bd^#M<158J1eZ?grj)bxLH*;5s2MrlSo# zg#dbvH9Ywo|2Wpj*gz1EBF^-Q0qBb3YO{jl9}K0 z>xz?-IX^y$p7%~jrYWRYod13yq#S{6$AV36EN#J;SZHXaqnnBn&6& zBK1OJ2OZ-B=qeu1_qdQI3(R33yllvdJ&v)kV1`YT)#!O(>jNZooF61&BF@W5Z?R-U z=rkjr&p}SdRg8>06hvS55FC4H>qSso!EBst)PeatQn5-l;2f_$6p7Jrv$ zOer?-e1?0X>zm#|aQA?Saqj}USc{^-6V*Pz%8<{zrq)zQqdWId+S9m-vst1EQ^aXu z7$A~li?U@yZp5pua!zu~^!PnB|M%egFyB5!t2MmZZF>_K;cnBVnnF?oIDN4>(!BZA z=XOc~s1SVEtOcKMjUzIW-QW;e(uFsw$Ti{7LSt}bCkd96+H;2wke?%NmEKKL_(EFr z_;=%GXtUABs!yIwMTrlpA_WF}0&B7|kA6O7hN?aFbw*WTy6)guf#avzGZ1cPjeR6; z!Q*b#Cnksjm}QzL+}94V$?+Xf_cDiJp&dZt8?bFMsj+i~(mU%iYO9ZB!My_A42fgM z4b>{lvWOBA!vpd9vr6EX=^tjvoM++5oQPZQIsrY~M{yZOhm!6L=rySsmP%b;8uB-$ zKd966e9jq61?`;FTdm*gj0pnQUh1Q;CRd)=f#pB9wxD8;7+xAZc{;LOUFKe7;@;-E z>r0#q7_S=ZvtJimuBT_@*lpyksJl)JFEo!Gfq5! zT3R)3$hS8Hs;}+D(8;6AxkvB&CyhAJOn7jyrAR6A&@}FFt~MlPI#v4_nY=K*8Jhbp zMu-kbSgklnZNJcV_OMQ<#gTdAK`utWLY+JU7r0A51AGr&ZmCO5HoFz2XQ3gv#=q*et(nPaX_~@h$nG(Bq5#O(8OYm*(DZZCs+szRAH z3@3pf?GHHc=%3t$Mhr61==0#^E((Pl9L2el0!8MQ!AdoSBuHh7l0%Dn7lS#kQ>RKk zGjx5ebMU5T3KtgHiOR@cjCRf|k4@k$Ylcfqv9A9hJL4X_2KWyp`fm%QXSXHc4#O`v z^YzXMS33&jFH) z39IBDmk&DC%o`ruX6W*`J2Sg_9JDVl<0v(VC^&T7zAe*l4k_oM96x9!){S`cBukEQ zui|P$&7A!sf5UxDbK|F&<%?^cyQr@($lug8Hh!k))QzYSM~{C;Tc9K(Tat8_#a9pz zzr2r8P^XQmJTJ(Dy!`HTrjhbBO3s`3;U8xD%yrERGczgh-96p&TK2ihDBu*Nq)B4w zzUwk@*5NRBm)L1%B}|z9BRf;q0xl1x+Iv0U20&e z9%MT6PU8KjHj3-+a6%g@j)i~{<*ZO0P3*Mi+nV$k5h{Dp7An|I1~lXJIhE|Og5gw@#-JZP@OrTpT%uY+HcAA29 zRoE0wk|})XBgXV><+}5&zVoav5-7y@u;U}~C0j;%hUj6N7(e&+lDK|?waWVpI!+dK zsOr!MPal11`IGegNpNkk?OA0dS_3d+4o*LOF<*UaoSXW6OLIp#AJla^XBOX6_hPmI z44eX$?VfkJ%?<7~SU>xyQ9R>yC8VHuOQhXZd_p}IxdEC1R`1~WOoKwcMG_e=E7Z6u zZ1bC@Z`bqDRb)DxNY6KcnPN7}gsjqvEyL2$8ywU?YBnE=iO(j7C=DN>6$)Ul*coMM z3g6GFlPuneVJ{x!KTohMdA~1*xKKncvm1i%kD=bozs+qDHfCggSoe|dV!KESE@qdZ zqoU57$V{QVLRECDJ-M?AR;qtxQT8E_^mNfHb!Fzf-_G*(>ItV;PUP6s$j&{%TwvZuA(Dm+Pt%QKU(O}}u%fXHTmfYnx@O!OuurCoG+6h~FMk4T zwzzdW8r`NYr}&DMaQSrwn#B6tLVzVB5w?KzG{cuC3&bj)vq7NK$sf8B)dL?66mKTC zlcS}LJbh*l%1=&$2?bLrRjaG8vhPC3wcM8;4(QfP;H^W($16Hl^~yqtDQ;Z6?}c=^ zTLMp}w!p%R)xM^thC^Oqw~=au0$Pli&Lcqi))J2pc}tzffDu`icSV@iBV|Ti&yf@! zpI(wlUlR$lW~~&_+8qu=X*KPq)|XJe8%ovhcm%gvmy=}~XLTZJK30BxVg|MHk4$y) zDD&0U_%J}f8hZeZ(_-~WA2e}yul^)8pjW3%uW)5K6L|#G0XJ3Rw~8@kaAc~OpFVII zJPYtmyGZoVXT5)0$T((pV0fyfpDQctH(ZJL1SH2L=|M6F-ojq*nVH!9>Cq}##C!1m zrWtR$st@%UM#2_vZ9SdINVVePC>eZ+h;@xau(sY2mUZ^gr_ZkY{y14?_maJ0E06Ng znGM8t-PO7G!-wwm=PFaQAG_r1CjE~~O<<$RLpy0)r)6#k(&IRt94$3Oz&_a1XQ~- zvAY$ehrM`ZVlNDC(v!++f$43%6T`v6DHs+J&fqPVcDkE2nm^K#<>!tL?|CPx4!2sa zOPO8ukgD|-ixj4FDz=_T-5#%kY$t>hSTf3F`YBA5zO`~*?KfH3|A?|itE>QSYyop? zY3bXa2)4+HwQzVYyI=Nl>PtiSk87SZ=}@}*^^+goJbvkVb2rkENd-e4U1cPV5ir`R zO?2VhQ7bpKnFA|#nT}mKRGas~8fgg@Z*eJ35WYSk7(VZYk7jtemVUnG836# z-VrEQkh(p+BG1V{xj8dnUh2*oz;Ca3lp{|#_H z!E19U?4WD)aC$0VVBgS{aN9>Uu3KS@YGt~`m0Kjb(5O-Qxy$aNqC7o;;1|+VIl)U@ zh2(5uZqLo-=XqwPo_IL4x}9}O3%VIZNq+WnsWlPk6J5M3k!EW)qqLATi31Nj9Eg%G ziPyRMPPe!1pluf9s7ihF02?prK|$a#E-i>kV$rS!^pUe^Kc4H1^W1YutibEkrl=t8 z%)xi%39*qU;gF6M8hRn}DZ%LGUXCbnR zI3`(oh=brt8C^CL8&I{1jk@XQ*zN*Z_+#P=MP6IAF7(bO$MyqS%__B#lAqQYR3|SO zN7e0`RXMr(l2gXUU`kW0-GD0i`>1_5ISoP8-PbAP#J8r6pGo-(Pw$M@?N4XYZEZu%0iTbq%?{(g^#w$zN?2dWXLg%_!d@9q%ddts68O3VjB zy_TcqQ-VZkmXiYmXv);B5sCFT;ISW&3_VqJ=51}Tb4!gvNc-C5=PSli7 zL=bK@dt9RSa5}l6(OoWJa{(q`d1ICUEff zoZXU5SI{gr5xh`1h6kbL`KG7oxTc zoVEf|6C2>EP>Qm|y(rh23hP2#@N9OT8HA3!Uv1_DM`f?e=2QZb6q&h!iSjCH;N?i- zq95~!dTamWS10vXKa(}r^ot?3K3AX%@K4K=MLx#q3hkhkXCKoLc_{^j&B7_F^h%(g zw_UhvO5r8k>oRSU`i#|tPiXSuv(|H7;#!?BUcb~DS@WwlD#Hi5--wz`}=h*jL$NG<5|J9R}6%y+o_gSO_h6Q1A2Jf-SCp9rb9BMH!1qwJN zFpK1Z8nE#rpLPf!p^|@k@XsH?ZGkBA1uvqPn^9l>M9F9_tcEQY z86vgPNzTT1S4S~IwE0}Gu>U%-ilqc- zziUda_i)ZVsq$|k`qewi84udqRj2Y*QU5;FpZ@mWQ@(hNiqUoOP5HmgMuEd0|KE23 zAUgOz+V}sv`rBR6??se=&vK;GoP z+mg{r1fQzsuf|D!&BuS~2BN!ZY7?6&XUqH{=Bu~vcvUrfYP1_~7?lJ1-o5+vy#Lf` z8()rqx;_dmT_Zq^v!kBqmfAglJ4VU&8|PWLc6ugK7d z^4BCvtszMh63eZ*s$%-TVt#@1v#0=D!s?PrQTGf(c|AbB+W3l^wm}b1FwtuE8vqeq z1>AJxTYE%oc1kdp3|TS8vt};#Bnc#0Y~LjC*^kPKe#PijsY67id%63Jz#k2ERY7kL zkM-m;YD5~(NyZrOl}!3$)p0B*)nm9DLGJ6$G0>-&0!2R$o=-N6wRjr+v^?ui`B`Bh zPyaGqh)-?~PjMs{pzX4LEHBRAP;5S9X*mUsAyofCa3J(jd!sJpf;a=jEu2h~wb^v# z@zWS^6~foOz*H~@JJu*XOL_{LqsNJBLLceca2PCoOSe#w1~m4(sfb^F{1N5X?EV6L z91E~N?8s2|WUu+3UF zgMGO6W}3U2c4spSu1vlm?eTkv!dLSH3P8oWNiEy+1#F&@9hoqHit4;7EQac{S$(e4x8I$X8DtARCBoqV`P zvjldFr*7>iWOyU$_`90-5p~8{M;ASCval%loUU|u&J1eME8r0%fsgmYspMV44)fNSbXdCnv}sUW!^-!Kv&c5X@L|`axmI^$sqIZHC8f76_ut@ zS279?0j9Jg6sP;1&r|Aj6>KL?`{L~YT%fpm!Vf>)IDiK`TAqd}En4^CzSfCDO#(}! zFMSM~M7_0kc3R<;UcCou4B1jk_>%!PeabD~nl>)^)e6ASCs5Yxpp zF@C>RK^oQFX<_A}U$j+Q(4OZ8_~Vt+_XqV;I)$EaMg;hi`7|DU9lpgjef-mR_i-+L&B3^ zVp>OcJB54NH&?6HLs%*1tJOBR7sukI1qUq9-3W6WI<8YT z1Y0t}_IWBlF`rUx2D)7pU+>(Wc95MweLLxp0xNR+^8x-p%C*tM!np#BI90q2hR1_9 z3WqrS7KyyCEvyZOtLG-8D?}kk}yng$!4)Z)UAiUwFiR1 z)6b()e6XKbd}V!Od2Z>$c>_gvP%l`#+_b;7LB|j(>M?`uZB$dc2L8%(JwUS1B%e7Y z?$>Ls4F=TOq8C}ajPqG}GM?#Cw}#rq&n&9t2od#%p|@zw&^fHXgb*E2?@VH>EL*lJ zuedxFCN8zJ?P$&+eiMrV zXrB<#T1G=3Q}m}|D^BBtD#X6E$wQagJ7DULj}+CNhX*>30oJ(+rqrII4PZ?eAU zW7e@r<3;It+rEXVNpDChuGR0fLLy=N!+U~xk=YhDGvaSr23a3BIoYQQrTfS!XacSJ z;ku>4T2az*v3g>5S;OgDC)FnK*Sf7c%tieks(F`vS4#s)hL6^&o}7(-Q_(}`MA~d% z9l3~<<4_;z0f$X8-BZ*wY`8Lwj0gE`m4D@;`KIR)k@%tNTyO%M;_~3^szvzhy811j z{Z*_-=+4bsdZ0^@-nIthGm@Rc2iRSo%h+6Z`hnca3Gc}r>9(AHjve}aD2e0j9a3 zTDhVbfg?M`MRjl!mk3Ie7~p$z&MemtQ0OPC*?QZ+yN!wuAwns+?E_D{dc~2mMo|`? zY-h6?o3_)Pjkh>F6h~PcE{p0K&LAzSc3h*O+?T&%(5 z+cO+S;$LbIx2A7b7DS5=OfLyHiX%N3#0b0Ju$@(=v2(63#OY(lEqZNy za0;$Z)3ObA=W)}%F156te^s$N_}t@SL1n@#3{piqbeO&3>9_f8WsV|3h?HAS;i22= z&L+iFq#{fWGwIBu1uj@GV%Nm3=9b3})LNKz9NI2^>cwrou$$%5JBNzuH#x17&IfUh z+X1s*ZB5lXI)aPfi)AKywn_W#FQ)tyZ#4po_LZX@T_##2*-dJmPL&9DRXMeiWH%@I zPTKi^QfiL`*|ish@$H^D==P$bo~ybVh3;Tq*I13?-NtVWO#l?HR8Z&?A#TOV}tBH=d*n7Z9eFf)0u4CMDb-EnQfI3)S$^OC1F3zr27zRKJu;CV6B@h}7SoCIdN+&*b4=t#_ug!$Q{NlG*Oj@ds=whYoaVQl8kThzvV*6uPIykPy2SLZx}Ap{3$jXdx{R4N zjM$j6STnGQpN;fo)}{5Hyz9cOdLgtdO{Um zJGIcR32z990}4J+L;XOCyN6XHSazFn=NYRN`}`TCI{I%TGm{_dTbIs1v|V4yZdM7C z6rvR6PO=Ea!tV!c=nmZ0sO%mwP!@0A>8ks%UmJNeHOO#Ak;4|r@RCECZarsdCL*^w z7s0jO5Lg0;7ga-PAj;r6a{{}+z1{GP5G1}INgEXJNbzf-qhm{PwYM+C2~8{=?X2p2 z*WF94Q4X1kpb1HfQ1cm9e;WDm){vUW%ZGIZkHlg^zXJt6e0WXIwhk)JG4fTiQSYA4 zFHBL6YP5(y8iMzt+33NOs1&t|Enw$~VnI=!pkjxkEVPHnrO0xEof0HXl->QDoD2#E z!|^{xpaCuJd3Byqf;l4*OqR<#oj6#I3Y3`cX

MMAR(iGIkruVhM~HXL5D`FkDIV zN;w6Vdf%s8+j`WXDHP&H1c|}KAkE^Cp^p+#pQr7Pfb5*jVtT&l*2QCQHU0j;<6==I z53{@b2|HyV!$YR){=_9yx!F3%mJY)X1rmeU*DhT=w?(TC$d&Dm%Nkd}`@n^&Zrz0Z z6D)tM^_z@z#%9pUTuN2mT1DkumprbbidpMP9Ov4!uG1s|yP3*$G#OoERTNXkbl%$t zZu4C;L6?>Lbql52`J+7{O(xk5Wk8mn)&$U+tILU~u_alB6x4J&weW(HC%MPc$J;LY zmaqG!zqeM{`j(uJ$iA8@Cv1Cv@#P^)IRv|_9d}Lemwlw&1&dE<>qz;|Faeo-b-{Uk|X= zCt4Ia-0!^5kA0(Un$_-j)q-cerAq>f4v;r0B8=Pe2vtKr5&l+r7w~jsYQ{ZLfPMnV_M?TI}own(+uPU^dmX#+< z)1oe{1RA#uL^ zvR{_~@Q=g<5|A3#YorZu7?Wcop$bsE__<-EmndX*B{`XbJ6+UgrAO*<&~V8)51T{S zsy_Tej)!BNt=v|7>m+>MyVYg$b>L4+$%~&@15vuOq*qe>fDShxM0K0bambZ-mma|V z(kW^i)MDq40QIfJmeT|GSbtE|;<-#kQ1hW!ZSeBr}m~Z-R%i!D~3VvSu?9R^Jb28*7 z2U9)J3)$^7v!*UR!Mq7Kv4J5Ixo_J-W2KYl%kYF9UY;bRyR_-=>XAzxl?GGR`aOB+Eden zdnk4)zfoiQ{QQ|olpksMFrCpN`IlhiUG~OQDOphX>ec9RbA4rbE(F*- zO_9L#t~N`G({?JTN-15^?u*ik*^4B4M!EpYTu98`h$tX!{<_rA?R<9U98Me#om_

Ps%WrX8~{TO%xwzY$k z^irqvU2s^@KJ6PtQ2lI6ML!H=BXtZl&Rh|#X} zWd-R!?0dOu`5R*qSG&;_r?mQ&LVQ!e`og;q)b4(|`*%KPB+XKtcF)z*;FFz`%&Y4d zjPstV;%VoT26^4$N{52tlEL(C@WgX)76hujZn0#>dAczK<+MK6SR)b^BT^e+&7{Pk zDeC71lxSi$-}>sCTw^k=cdG>uAjejGa;kBa@GFKM3)hZsj%eS0B{iz8Ibcf?GV4%Y zSKlbLiR6&Ds(KprQ_4!n)qKP%t%U>SNnaDEgr76$i!l;WR|^QTL89uRVsN-%dbHoo z5pU7DY)j~JmEJ|t3VLV)_ClP$I~y)d^Y3zc1u8LeH3JEh*=Ch4>i2&!s!&ViI1jwv z)mc`~hM@C+#}mekT)6Tp!V7AJGGNnppqr>8J*P=xW8`;HbOPcTR%@=4!7JQQ*k-#f z=UB(XavJbC+vCqRfVs||UYg66u<`CJg<%_<@l|nbz>m!j1ne1$C-%37li%;P<^pLy4~KD5!ijfLc#K5qur z0w(0N0)5Dnu$-^1pKTo#gGK7+KkK@%eORQJ+L`XCI?S&hIXucq1oet3swvgafwd53 z$1;UAqNY3FtVW6)W842wQVXOroe*r*y=qM;0;A)vyXn9b1Q>}LBMC2n1+}SSUFh5D zz49L)UZ1Yz=BaIUJQ}h(dWm_$){32&>0Yp{33oi&gI_U!J+ ze`MvdKI@%PxS?&}kXJlF^)p21%DZ92>!7^~k1np}MbayS>GAKA_1o8s z{nyv~pp@f?xYkIP!^sjd%PPC#%Es2Bmkt5e6_4eD*+;Pa`ACR!oS7y{kpjaprWPp^ ze>$(=&P@)osoH*Tj;M$@5bpZ$c5$CxGVc=ej!h0_Ux3F~4o$2%#$xuu1HBpcMpQj| z(=pp*dNeumTOgyDjv3?L%POgJ_@kyNAI9djJW57L1zPeyEfO>R+X8K|hsdiozIKwV z5NILxrd;?1lHE_G&gznoxY7K$^rFJhp zJaHnv2*7AD;$d@TS!&rdr&d<;8nLaWP?ea)7W}YgDk`}@^Vp^D$K93h5$g<}u}WbC z{RBMfak%&9Lq`k(bo1Th`xGzkhF8Agl%8b6*Kux^ZG9PQdX1@-Ga=iD`??J;Uz7zz zU0Z3KcvlqE*ZVXrURc(A%d-KnopAbmL=O2zL5934hlU78POm~?s&f;pu8oWlc$>kO zm(HVa$z)$_ZH9NIy0ua-KHcLh`Ei>@CP#$W-3cq}nAj6>8(8Gmg|sw@LFZ+As4f}= z+(?uR@}snTShSv33c0%)8}96CEi?MeJ3@RlICUY;vpIy!@re<-b%Ugf1uIF9;#u|O zqb|x^taanABcpswo708!aP>6vD`fjX4)y8BjlNo-b-Br)XOl4M!iH)7B-OV@KZXN^ zb|(Ci1CJN^iv+nrmY3tchy|pTKwo9pB59Q#S<|SvOX{Th!;Y)LwYb>^o7Q)`C&k7a z=fD)+3}4TUM>d!afU0vapil(&G2-R`aVIwdF&*_0$qC2rm1`CNomm&LIpHfQ;VI_A zyfiN0h~3juE!IAz)(W(L++w&3`Xpb?dKW&gNMH(8cLVnAkkU zDwd@_x9Z%^kWsIU!j-$#(cHanBo!PY2_h-<@Xx+({_^q>7MACSsMK?%t5T9`(=D$U zYeKB$f}prUtA+F1hV4D-xziLtwHyGtH>)mBFMQQM=p{tWVY91hb1Fb*x5Aslq~pWl1{Kuq!y+WC`j-ce8+@lwBUj_Rn%B2yt^vB2WsNPodTLflejk}6L*a&; z2Q12Eoxa1zv=T~3(kjlM2`B8#_xIrW`Sjd2fI=Qj0)bYmib5uh0gQ#n`5yGn zOW!>%i7NDK(=S!)B_6r#9fgNCXa;=Gsg1E*kFTGtye_xBNDi(W%sHMQ0>VG((UI0t zH;x24+$m;R4hG+%SN0TFGIJ;$z!%kmO2de1I4f#m*v)ut9d|aN0;Uf*= z6*Rlf@3T|_X3GDtu$93LMZ+kp`zS8ISx?73wb3Q~+jO{8-2)>#s`>Eve~A14y$zdh z{t$86yy24OciDe5JVbKQp8g+5{C9WcUvd!{?!wLWyu;rN{6^=~lEF8yRM?-d{(4a# zj*A#KH!bEH4)pQoKd#QETh!qMAvJ3V3~3-Zn-IQLGy1xR!r<;2`r9 zEJyOo4CjR#BI|meL8eXlg#meYZ!b=qmj)RL4a+@s<;xH9VOofl)=-rlH`S3bF}eC;`>)U zN!cL5BhguLKU!J=w&MyP%Qb^C3)R(9CGw7GWj+}Rh;!lv{X^>7n5z6(u6UC-xt}m- z`Jd7t{}St$S4iy-;iwo?j~P6EjoSZ6hWIg}Ph#yLwqI}7{ih)^LI`mW5*U6dqW?@* z$`(nyiif4t+|lY)?>{6I{*68nWz=!HRXKYWT7#b7)uXIZv21)IYj0njq=`rQhd}>d zRQTt=2#rLnoAW=tRs6La{v~)rJ}nD7_?;_`9aE4})>!69?Yq{89n_Wc&;F za|E8UnrV4|2T%rt&7$fv%~ATz$O2vn8#A;RPy9Q8CjJ3rlPV>e-(VvXERttP@E#%d z)L5e5ik&t*J z7Br=vm%pIuFEsnF(jeOL)}a4R9m&y<5tw*Lr};bV5dVRlZnYe_|4tw38-Ik0cq8&w z_BW7-{i76Vb($_7vC;hBnCSoJ1;Q~R7aRZ1fja(C74(17`bPf&ZX=M=?_!Wx5d^sY ze-QppA^v|7gyo98?=CMc-k6-PM*T-|MN+YT9JiiW6qc!Sn4ry*sJ$`4Ngn;X&h@Ca z4Giqn$46!c4h5xT{8ux8DExvweL;M4F!$-@?;7eLG+YSJ)HUEgN_w{r{+s$%_j>+rDZfglR+i~otezr7|!iBRP+DKQoK-;9ik;rQ$~ z?EE5uU}xdi;KJ0uGT|37`wQY#{QvmqUp|pX{o!sXpUZRp#?g}V{9ygX5Pv0Agb)j1 z|0D=gE&qR(j)b5J0>M-&Ig#BcoIrzP_4Ut#I5-&wpzm`6ej zbKq|b_yYtoenre*zZ(rjI1P@`Vb#Bcxc>3v_O|;wj&5$;_j5!q5?_YjND&;6rsS!o zP6197ZlQDBr(e$){&xW^wZ1C9XLid}KKHTTMZNW)exD(9p;3@QqAXF7*Ku~nE&SuP z537$rejj!pv7;A+N`8(e#GCU}E$OO~wFdPB1|pLz`w*NC*}iRg+wbu`Xe{q@DNWW^3zaG>lzUuQ^vyUtiy)hYqF&wr&0Rp_$5M{3x`fiYeK)Y zka&>xDi736B6%O+ZBgSPh!Ff07!H`%0kI>_|QM& zfFX?z*bxY{V;&z`QK0jg9z`&VW1uO(IG z0&#njfdaYTY{~g6}Gz zOb{5b?U2R_NL*OeG*$0J2#n{3YOoPUajxU60{nAnbAeVupWv@PiU zm?@)QOm!Z!slm+hSc;1wm2!xEaUG{-i|xk%>f|(`py=(s&RF}Lx{Em^#In{${;Y4k ze39pIv)8;sd;su^Wq4|lDuD?r{4P{k!#=xAuO-)qyUE%79?Qk2CC4m`={k6k1=={B>aWmpI*kq}^E5yFRIkMimP~b)mMVxi zBQ7Y|zh2GC`P_@^DE))#sF3$+g=`&BadL5Zw#sX%#T1hX1M?r@ZVBrr3z>byv6siQ z;~h2e^xSc0_cqUo0>^oBL0)4*>?f>KH*%m&QTpUsecaZGvU|BDOg#90KAPcw>dYsR z-WTpd>OOHlD2!Uxdw1O5tKZ&F`rdZ|uaX&GB@J4Q^$qtjsWvXi3uH29fJsT_|#;O3Up;2 zz^Lokg+Ew)>V&wS`^(0+eg)<1wvMb1V{V--fU)ZJHb!tNRAKGONY$REH$ojkwjgmW zm2M2hwO+2FxBK$`A^q%(mD)LmbSVeEido8Qs(E@ommC(a6<2saxy3|}94(d6#eI`x zcP})+G)ZhNy%v*wd4GP~DRLsAU@Jc{kNS*FS`)-IMGvUDHG6eApSHQ?2dloRSy$1{J)4GgSwP&&b@v^YLbn}yz00$mw!?IJF+wBNRd z((rDW=NoPj+|lUe`_;2-2CRMSZ0)C#xAV2RwstZYZm$nr+=OY)jLm3zOwXDr^#Gr% z<~owhOc(CPlmR;3<4TdONpw^jbyfB*JiZ2$?Xvcsdj|xji^WcS6#0nAHAaE+=C#j< z%Q{+r!0xk|7OisLMSD}<%uz)|AF69OR}+sVk+WQ2CUc#qO!Nt+32^JPD~ns?*%f0E z_ZNpQ(QEPfBu?6%4bRZmIx9xgX|)u3KEnqVnki5xhTc6xQ)15fSV+(|7(pX>l8lL-^3_0Gi`jiO7WPY_9 zZVqwFiS&StC9XkIlG36hpjFfsBioFBY*bV1W&r9`aiDw0HF{)!+q-KhSKx-i1iCnU%jZ`~fW8dg(+30tc$Bz2X_hyD~cI{dt zvPwP_K`S(a-I>2OUcWrK7C7s+=tPxu?mgILl25M@;XfxCk z*!Q{*7;BdL^F91ShpQ|WA3XR=;1!!E65g5`UuEhvvzN@&`hT(amSJ%(%id^k5-h*7aN2z=MfdMo2% zaI&h>t0U#2+P2SSQpgfqq4WF2>_%gM&cnKqVs_r(A2=l#N_T-Lj zi|fvYI!dS%LomDE=LjeD=^{7D(sgbHPw$e(P;8sxW$R??(Q1rm5l$*FgnRV~kM_9L zM3aS`vxX6GeV+3OwZ5_@wPG{8>CzO|m2)X+)PCnpsS8dQpWxTq@yxMHhwoHD6F8yy zm>B%IRQ}qKU*^g}87En*8qwJ`n()AvJHB9IAw7W&<}X`1H7%&^D*aZ+ph<54=pu(j zzr#c@c1%OtX-gFa%I{VE-mlc9oe0}vxxTI0V_EkFH)JraG>5V6qtdioVN6y|!EW-~ zvqrlL=jho55nSS^$QOo2r;sM3&`kvWRwvybFI1#9=NJtNY7S;9envS8<0YXjft9y~ zgVncB5Xx8E4QEe~2l%Z0xQ@nTww-^@_9E#Y>x#)g) zJui386~hpQX~(GXqgjW$=#y(T#8TKF+NzK(qLkU}(0kY9=r&N2o6l72hvdH5dS(<* z5ki^3ZmJkv=?2jTYces`d+nMxKzMn1)9Qn6ftPh`!j7H z2xN(Dg;_;bhS4`eZY)M;j`^L=Gft3^)0drgSQ(*2hov^{(lBR<(Bd$ zmnBa-okAp_0t_=jm5zsiMccrYbV>~Z1M2%=k*&JRE;&nF1-#a2GmWkAA_Law^KY|! z)WKSOr`iP@9a^-!bDQ6?eu}$%pWR`HEuNIupe<1S(#C6s{N}CZ53-j zDtlQ>Q*%Gs&hSt#XS}LfwNddzzjAct^kaW_qLpsv1dNUGuD<0ZZ}a+pfC{Wly{+HPEjc+*7tn)2rE4@!E8Dae5%U=x75gOrOpU0&S9t zX2au3z4Df=oA;q>^BwIxBUbBsKbnb!9+aM)q?Cj(XL zGv?o}0%o~mm6Kx&nckdth2yRZ^K3O4N1QD_D7oJHBnjKW_Eu>k7;R(~$akSul?&@S zfI;-rw4m|6Rk8}c^HQ@s?h>6jr<0cJT`iEHhh}0+d+CfMl@OH|l~#@;lTxuoVc>zv zf;v6$zU)gw@U+jEbafu9;69i~QhIL+e!Sql*I3~RW9atCYTO5BIjLKd`a|(K&_Ya# zDs9tp7%1DlocoQI=UZm3+XaeS0)I%2nh_B&s;ZZ#&&E3s<6Q7w9cc?`l}1ZjX0&}0 z%<5#1ESa(|>`QcJ>O72_vAvr5V!iUU&QSv%PcWTpD%2!&8Re;pbAabvZw2m3kjj}i zRPJ+E7`f|>0?$e@Ch&;MpM4)Ymy|}azMG3UzrbO$_cmFS@NEOdD-do9z%#K?OfKZ{ zIQwdKSt+mLc2}icZwg{>>{o4?B8%J-k{Hv0dm{;akf3zxrctoyE>kmU(|EsYuX zZjo@KFTH&F=olUSY4x;)G3n8o=ill&HP+LRCBYJWD)Kt#w>br#92Qs8Pwrg@HT4Iz zRx@pyjp`P`S@J|L(sr6e-cE2@ZLvLU>IklfjC^S-lAo7#s(CtI+ymTdvWvN+fR(D| zr(hhZskI|2)6oJAF~=` z+m-R7p{!mhPlh*5DTeN@^-TSw(}1Szbktfxt-{ZWY>`}rp~C&U%!-4RPAB%)*L{l7 znQb!lBc5vcUbdzjEI|e>4(|^M6*Q7wimM9}T%xw^w&=I_ak5iHQDR(03k>0LdLC>2 z+)q~`26|{DG8jr0Sl6#;Dv|+bWGMt34eZL9Tc@9*4ZB_ z-t*a3aLj^o=5@hEIv^souIt8(MD|)^M^AxdHglbi4`z`{bM)N z@*3IUUDmyl!afDv$~X(}$G8ZJ+qGsNPnQq*Pnr~o?DBa+N9y#Jqv0UFEp76l2q7Mka!J_*mh%-X5CxAu(Opks=?4b&HygP|U<`gY zp9V9%v&o!53J_1-lx>=!bW+A71VHrYsrs~(QR<7g^>%TKlS?rn8L|A)E>nLa$>*Dp zX#NxXrwhCxI$m(Yd45&r27MK}&6Yf=%+?y7P;3$RjT}NH==d0pp=t)~W!d2Ow3U=B zCGT+;`f&Db9w=!YvNfeS;iK8-PE`7jNVxH!a${6U5-4}?`Rjhit?;A_KE_IJ-|5_q zU`nZimuqIRnZMliJf8vcLfOXN``1jR@NTJ2BAdmf)6D)~XiwLpse$44v~`vv~mm zjYzufVOWiGRSL}vnBiI4C+>*H*awbbCt8Enq+LBAnV4@V_?DO?DQzxDSbGo6j=>)d zZZeiD0+Bjqj!#9S;lCb}VVu~kn2pBT15r`Q+OPacC-Ng|_`d9)&TOXv?ov?e0PTEl zS%wR;y{vyQ6j>ZW%h?muUPo?kH0D`%Lmzs17rKpyh4*kNkUgpXFI{;@?aV?df7vO)jF9lyAM~-G4Jfwxyglge};9_wJLnj|ta3 z0fM~4K98px`c^1jF}~TDdEvVP6QW>4EJLI7{n0;5G|293d(YioPgrlALsg0VCezuI zS(lrIyCpm)&+9&cPi()24No1;|7OrzwK2CWxQ`%nYO8t^M z;T_wiw^vvn8IO*XDf3S!^%4fg(|T+wk;3U(;K123RBeP6&hBbeWiYTgrfdK*7Ef`V#dk@X@KXAc4p(8 ztbMy0t(^u3*30|ZZpY>wf`VLA+2W$w%!*9DPsqeP`%X5YMj|K|IE zXGz7m{E0O~eb;wcLN%Il1zBU6C->@wMg?;mbU%Fx$g~fp%UMOh%Q_twNgT;#h0U~Y zyELU6(ERCvW@#nnxd6`Pa_09tDI)aJS56kYSEJdnUz4a`?is$T@X`u_{(he+ zy6~LWyPs(r4NXBoy+GZwJgZ7KdDffQUPlM8G9A4L0y|Gxy!0k3Re!jR-p6heXd<&R zTGWw>8;SR9OOw2sOflteF%DMSSHBR>eI3kYenKeuleNGP-1=&EuH{{6snvMmt?#$O zq--y-%o9U$PFsA6{YqNt%;`oG)<+XKLH83sINZ~z=o1Lh%Hq=P>%6&ErV1&$Q+rIs z%4cLW0j+5!j-ybU<(7kGULlf0jroFaoDEhF8w6H@ms~=7oTdQFpp`jNq7gjWLv^CLI>s+;1@ zYv3hWrBu6cza~Q*0v<2Lv_hi8;wJkzj$e1m-*YDDRwcv?G(lgShgBGqzhH8Peot@O z4jJ#MNO=?oXM(c`6kNSz}`ZD$kLu!9imA>v)CvJgc zl-il;DqinMdJueRcpm%4Y*^%)yUE)n(NWr`PL{jUvcM~CRI_N5G!yhutMbw^f1`;5 z2r)2Ncbwl7QvPsn2*zLBEOToM?K=%nwtUS-yi<5QWR{Y>x|LCz<&^F{esXgd zdpO%38#Br7ER?@#m#dKLem1AeRDncD9HyzL-lPI13zT}zYQkS<^n;I0t4s#RwfHQ@ zTzZo(ddqdTi=0?~cozu0v|4`W#Y=cNrF;Cz{?ntuUHWxDOE4`PF`>(&L$C|Of`O2L zP7r57&6M?$R-o4{<&Q2+pQ##{s5%SrBw10!If%U2m59{>pc%kV=)}%Hx20~W8URGc zP8*R)WYqR2qMsR6JDK9}%oZ+q{U{{MNmUjKXpZiW?wdqY_9RgTHCg%Q1}PShbq`vO z6PhfA^NMGgyV~cCmPAc@XYmj?7$%Z4L%NGq4C4PyFsQr24XzpyqyT9h`;e+o9jdsnp1f}D~-o+Myoba*` zbP0CydA}X%OS#0`CXjMWbg+MWSk;rX%zF~!T-TXX!e%$IJ;8PGy5IURgq=-sMe~WA zG@oB}vxKhU$uZ6XV(@_`RYuMEZpyY6C2`YTXS*GI^ z+sZ|Jw)eWF`gFD;kY?9QYUART!uqshVg+GzN^;jo3Wukbol0A-@|V*M%jXA1535I$ z$lGOctqVVPI{mERfU$uTiktS&6%|0gO~EMFTR&r~Yh3Sz;c!y-Z;O;x8TYrhaE;ny zQ)V{e)D~oSJ+HJ)`$X5XPd;}I9iMt)pr`!@o{ApEewMS-pozJ>^ z{3XZX>TlQ;raAhLFLY@puQC?fBcE1#Y3zTO$x}WZ!@E8;qBG^omGHu1+)Z@lL5PJytlB)xev~8Jq-;c9Tf$ zNq|IWa}X$e@zil(<8>@+?O2HM1d_IHM<9?e7(f zVI6eovZxdYkeu~F?GW3?^t@&cPj~k=x3IIO+Snz~x+stTji)oY7{9u- z(dFl;p7`ve}a*1E&=iVDf927my|6rNC$qE0o7FL7w9FODy3&?sQX#l&ib_rl2p4 zFxY0CQ}ph0$7LaYC7j$UIo7~4OV#LOrST<+rbSmrv%bA0(YMS)EZI0r@j{H7uCqcb zRt0lqt6qbt$ zzE(s0EviszYbtbd6)v`bh9}KPnh!@J3uOrv*IblM1p*#NS}Va2+du`x^b zQTH``;Ff1PV_xQ^htNKFoznF7G3{;?f!5WK z2Fb7s6|H(nug zh~)=JGPHOjbB-1vuxKg2@t8wM%crcqa95ag@al3`i*nEV;$yu#&GhzWr8~V@_407e zLRP)UOH6^4xZ!(N8qYl+TW5JJLmAWR3REC7eAY|}bt^W873td7@kCaX+g>m`4k}HX-254iXEbqpe zd5$oNw{#Z7Yn9r6cAmPQr}ED4wY7F!NX(AHf&#s9gma7snzsK)cG1Aa^V%Z?Hl1r1=>?Te)fL*75PFN(B}qpYi0 zO>zEt3p;fG*(?RI7DmU8?JiIvJIuwQC)+^`6*RuRC?F_iUZ(N)9d zO%q!9zfyFBMNL2hO}bxX9WB>`&aAe(J{^0Uc)I7&A8IBpxsN*OT@E!kTt~M!jKk;q zW4Mi=1t7K|b;z|g&*qHUV{-2U(s=`p(H3Io?yJ#P5X%E)U+h7hq#Z%a{w%qShobyp zLi7tPS!eHx68SZKCzHhd9yqqs6r=Porsa?w5Q|d}$>83yH8wkopwiB+IyroNSH^4& zVaiS)YiNTE048C?bC~`?$6V_WGpSVyF*Z1Jt+j_?N zFPYLJY_Lh;U2f0AixU%NRL2wTC7)R6S>*fBC4Aq0tuWH2K<=4B&oS7@qOj)G=N&M9 z&cAnMr!Gpod4^vNGTJuw*#6Lq>oZP^Ir`;v?e%W!dIj$Jldsrr&c>sjO>pvrk)i0zU6Y+6 z`Hd$7IFo%2+Jt%LcDYauVcP22ktJTBSDJ-#pfc$_}ORX5%j$eo=nT=ff7iT7nJ22QuXB<67z z9uculnh`1+)M~q~C#!}hjBas`2$#W5pU?PSVypDY18Wk^50?x1%l#X(AhY(33tW1K zO}FKMYvb6mx~xOHIVhoB^9=&NEF`mw6|*UU-gsjexelx!38xw`OkwscbvN4b^hb)--&~ zxT#;-lCy|FRrX7+1*M-XD{*N<@(|OgAAq;~OpR)V*~H*P zTv-O?fHZA<#khlg>H??trSPqCK}_tnkU<#Xnq z=;1@ZE+bUgd<_J41}OiNLYl+Afsj z2jMJEp*gzac=P6OR@0TXj*sjY`J*L0j=`0$3@glIvIMaThckn&_t1&u7tgv&mq`R6 zUP^rS~JrAtUt8ttRuKhx{Uj0qKfr{m!S} z?ItZVn@%y37N^PGY?INxX^Tsx9)(DiI`tdWK9jB*IkpFKJXxIMo_bKW2@GC&HX(xO z0JW8inaVJM==k5qXp1YZeFb-H#_AZcy*lJ*JsoX{GlRh%Ks}z15!=@02qyCSHgy_c zD6IZZB2c{>)lubJZbuvM{N>KTcXU2yz{M)RGl3Mc@>ssz{oCn5#`bFfGAdIX@2+qw zbT;3&LWCEBNOL3d_1O)%>ss+cck?AIrt^pIOIHT}YhnHQ*@b&v+f-!T?0KfZd(u{w zg`iR!?O3ZA$gNUcnb?)!$rR@lQY0FprFkamk-?W%DAZ)Xp}_be?28T&bXSIG0f`ya zP)JTWx@o`u!|crgD(STE?io5}33oAz`*iivv@+AGdYh}fXoI(TKb?*#=B1M11KJF@ zQtDI8k|?_^Htwd$b6ouJ4k4&b$BgPE!z!4jh@2_g-KQ*g)%{Lyn$>UQ&va{wjDcA^ zJTZIGWNq?&B?&5bXM}2gXH5`6&+!cd!=?M6%M-1)^=FcGB(dwUdknXk69k7e?|H*> z`|y2CZ7C7)b~nQs3?h3k%uVk0Y<}h!P!AU~jptQ%e^ub(IEn4T;f$FiR%n{{YEU?& zja$sd#Z7pHFkb7psg4Keg=}A)Nw$b2W<9wmX-QI~LzgF#nY)^X?|A?zfJjo+&*Yu!3=oqc>BEVs3s<-G)yi_QgqPT>@GfR8 z#~DQVR5rr>;^OdH*QNtc{R(F(#Torlp6^ZVW19_ulnFv5B;y^ZQcAsCksJW_EjX;( zYTv9J#$wj-Q3zvt&lpgSFaAu*=$8Ry<*AE=3x@ zvFwgSoa9$OkpdyKI>XoW2MEmpr>b=~i;O&tQTMy8QC`Ah7eF4~XH8BQ zK=lT_LUrwyL!;4>ZLkLQM4x=uS0;O)L{r3o7PIZXpTGgvLv_ZOVTZ|l5+2~>xW0Nc zmo94`9n+0e?sSB3mdxAd?$g<#^CSRd!SWrmb5|ozLpahsHNAR0v(RzAhTwX%OIVm_ z(0m3gbY)HAKS90gB?Jf8cXY4x{3txsWLmjzgx}`?T=3j>lJoMX(cLNVi`dn{EwZDO zHY{EU4T6`?ur+zQY^-_%D@FP$?OKR2l2@^m`cMTmV9dK|*)L~ioPSL=+&?osW(u31 zh)4@6_gI6hT9>NxJo38T5R>VUgo>5UaFP_3Hio(+zwmgfueLpwT5p^ zU2qPwRpYr@zRY!bkgicYPh&uT>PSM^Rnsjchk{pw^5(ezq{-VJW7~e2)|%U8dyBxX zI?hTUv!;G{Q=uYouT1%a%!wh}jE!K3)4(%q^vodY8@Nav?9tX#aYH;VT?*m%GsElY zJK0J?dUXf3H)dJfr_IHVuV+q*W`kZ06<(f@j*9rygpSvN$&xWlt(GFN3>&fEugcjz z!F!)DB9;_&Jf>3jESt)yZO<4`_vx^i>rJ)mz4Oll=7RU-Z9h^?^!gTSUDWb&Vp+%q z1Q;Df+voU`&ns6&e-z`blgI%Curm$G_MEdt?^pH-aatG@415Z>Q@qw;6G@bY?*-Ci ztL;Fjws%C+l&bnqt-P;YQZJ9{*mz8iv0TVvpiX&7dS9xY#JZQf&_{)CaO){bLY(b$ zG)hS%TX@#&V}%3FvwSsMKBl>i2p-c2pYFhl4vn)PZiYTC$4DvZ>=Q$+-!xQLnv~|W z;Tc=XeS4mRmLRBI`0R5DYcpJoFWj9nR`R4kSZzt*bYCVD;@Lf!{8G3R4HUN0SO0AG z(agg83{XB)`zWzNnw9#1Qg5W;3(|m@+ep)?NWrsU) zJAw=^y*O3&m@xQbmf@A;1d4O)2j#G1dkLvEnXBr)5uPIH)lM~A{}fuzdyp*wi)-9Tq|4JjqnmbH|_hod)>rWN9j(TA`Qegn0q zQL0QY3eGgokky?m3n#-3edqT%ue9k zE68ekBYse|QSM&fxU`oub8&Nc2)G4i^Z1S(lE|YtkIpnWUvLMA z@k+#Bh*t|*@k~buGB3ccPz&&!(oDy!d8=$$n&$BpT7)#ebOh;*yh&sF+ZJ$bknuhJ(F3WsPOWecLnD0f+uGbFN$ zoUdmKqH#*G2JQlXW_kM9d{hc}4EUNWIcpFl6x$j#am8w~86rTdMI02)zWb8))bYEm z7m58%R^U;{$9I~9#zRTV;c{^po%!X#RzCi#;-~-)Shx7)icO{6Prdj)vl}< z4?Vc6Ns&Ff#2D?N=b+$JB8j!wzpZcgU~T_ylh?l3jC4EIURooChCcv`?J$ zpKcrF2g3J6$Fo4ZG&~vdTJ^0^DXh)!@LMdCNyTt={qtX{Mc1HUEr1_=y8)C0x3Vb>r$xW2kU-DDbsgae0hwZgYHJq~+Vm9?gkJH{-w6f+|*D%(+ZK`LV3 z+lS_u9-^#g^a6+)G(T+`+VvF5Y5ov7RMPfC>0a@9!mN*Qnrt#`(}Gc2{(}@&U;1#U zoL)`pt`sxP;pBIBshe`PQ0sBO%r)oTNZ!XH@+*JKXr{H+;kbcCT#?Ge6Viqv4wD`1 z25%e_6|V1hJdhoBjEJj?lLfu{#ID%N#O8iBiRKpUy_;JRJArFZx({xrw16GURxe({?~V}mn}rDcX58?P zSHFCE%0@3QOvF?Z19nf_drD-YypnM30+telXtC49P<>$&VJgXoowR*XKhOMxxC4?6 zqX9!&kR?Xr(n+9seo+5Y!-uC9tcw_`Cj^b_m~HNvewrSLEJnv1gXX0~OZ9L4ASk>h zIxJPyq@EA=#3m!cC|#(WvN$L4cH=`i%?9=^wLg^{2(mmb?NbC9bRl0P(;q%cGQFQP zTc0Sdj-f@Z1z$G}cJk8y#ueq0`bV z@2+ptt+whw_~yuv(!3{|!CjAm^Kd5V9*JqCMYn$(tjGE}Ef1-l^WpaOS{q=l;YRf+(eB}q>i}sV-~9F|sMc9oulyeN zaYjW~#BWvo4KJ{Jy`2qRvx_EMh5>Khmbosro=qqjo@^Xe|GML@Khh8L_pz1o(Bq(! z&-?-|PYHjxyAf+V9G>T4LvenMbZTi*_!*J5x!n8B2y0@mE6kPX({ZwH)xF$+-Ch;- zI}Yqg!m>{7i?EYWq6RXyAbQ3I>yvA4?sEOGOeds~ouK9OEQ+X*%cokrP|!BVUJ6%NN}U9&4}d%HRlLdjk;GAxp~M)& zmh2DETz6rpL9DB1Jv=F1)3GZWCy$dFZ?x@(RX%bySeW9N`OR_%NyDlaj@1@j8M8Gb z!c**$T*SG^%IhphN6U*WAvykI$ELtO*OjAOYX# z8ySG6-s`RYfpQrrh@KP)w4lQrxb zLuaCO$X=TyuzL@DNfGhh2tW)j0l~ZS9PjyRPa(Sk)!smsr&Z?0kTU&SmMX= z_Xb*8dv20R5oRG1X3RLf24{h9QLtr##R#!+FDv-c;K?@(SZ|o5fD<5W8G+ zrv7~|x0;-iXxBP>3f=rrBvDrGRp(^eug>4ZEmx*<5|rPQLZ5O6cJ@mUm#M@|htAH< zQk9lyv!c9lXho)pJZtFi7KPZ=ZN@MIGipL5WEg)s!ZHUx%5mB{$-`FZ&#v zS)tC#1tu6!^XptWba6Zn?6F@7k@M?7^6N4=n_?O@(n-7T6J+{Y-w}3bch99mlW0Pznl8GtDM#-XeO23`PQ#0sAG4UmH%C4 zEl_m2&%Ms^Ng;FgUe{8_m&dA|rx-soTm?8N;VfT2-+|IKS-u;H$3Lgs3Z4liom%Yc z$f`Rx$Hc^bs8}au5dA~k{1+Y8c+oFA9`BOIK2*g2dlZ3qs+|j_-QI@k-K=aFa=7A3 z!%{Ws_&EWy7|0=@UqkjnVMGsSj5Bsif!*g;-)F=Q(>(g_Qh9fCOC8tm*bTrEPkz@k z{~$Fs0xDXYiHI}PzxxMDyUnOwceV-T6{0&f%YWJ0lnz%77HS>N%`+x8Gp0MF2 z#@`m;afR5xsH~(J8 zQkrh48}Eb82jI${x4Pk7pwoft^Nb&`JF-j|CCu# zBAB!gU}AfX!grGXQU36#4QPt!60=`mS>-Cwye_=}_T@%zr$MN*@J~%aUbK^rK|` zf0tKI&3-$LJi*S3|GaHvA5WwIcSEftKo3U=4mN0kHm&~y7y}SjXpCfdgCEyoVSP#C zAF04fcpCdihe&r3o`0r8Byv#jqipUq4&N#GXGkRAE*9`1~wxE*U6^lzMmCb#ny^{?G6c#x1g&lG!(VGG%S!STJCoR z>AxVjQ(e@Rxuk-x`gh6q@qbMDwG>n|0e=1zcHXM{?)<-Y_-FMc^dijnuAqqDG^~F^ z)W`@C_>OmOdYY?B!;#@X;NbFQr?sMQrvt|yus#+2tv?|x5%WLk`A3_76N!KO8Y=Us z92f`fSpCn#`s-JR)<=;}aK$^|@E=9GoKCi<*I1KYjimo!*niUJg~!_Fv%AaX2?Ijt zTg7f9CKdMmK*25bI;fZLtPtMVJc|57&xt{$f&x|_gi2|TD--X{+S{>}6>KwX{>W3l zKj!^A+5X!U6;%Rra;Qa=v5Bu`Sy521Na-4~tr}elWxgGawvteEu zv}?*u0G97n66Dp9&{R}sicORvHsvh=rg8K!7cH;ebkJA`=1<@k3$6xD%I+U&ZXu?- zpS~a8JECh2l>8MRzhS*4VBSW`#N@S(uI~8w_-{H)IhGY>c0j@fSmke{~JD9qR`+1>rr$ zQ~Az@njlaF#^GN`%$KkQD;OV51denDyH?LS&T4$}L)5f%B zF(a2!#`Sb@=7NHy)BKAJtSidJ%s=AiipSo;1=J2rg#Nah0^FY!k2PY!kD+X zmQ$UJtG-j^hlaK}kziC|Dfz)>qsmS()rSuni}RSxMQgf=*O+ZAHS1MN# z=cT3gT-lVkps?`ut5@AU`MhNR2jE86D8qzIBfeH5GemW-1h}8zRLakCpxoQGZE^v0 zPe&C1*PsI@nWO`9II2^$IHSXRRJ3VAY(Y`pkU+8M1vC;85@|`C2pNgcu)uS|tCthI zMe0ufx~%}Jb^3&eY?M!Morr$5cX&53k%v~Z7m!@-1`xv?=^DXAmG4LS+c_PWhh9W& zC?hkVyyNsx^Nfy=knj~Vv%(OKi^%M${Bon?Yrpe^Y@@y?5|8Wkug0;uqkFZm){{tBxA0JZD`W$O6;?S&t zH?xY0%IQ{u5+#hl3F|jlpi-ZX(GxscN=Y~4EIZ8d{<_-x!St%1Xf=UFvV)Tqp*_kT zQ}p_m&Q{3E7o7mMQg?TEU%ZmeH5W{oKBHA8k|m}I=-!J8AWntdzx4hbD#YUn1yRF% z^%HzjhWyf6)1U7WkN~GIpTg6L1@M6uv{m=UK9i8;(f{CT$A(e z##&b%j?B-rnVFdaS84C-({(@7EbI$2N7u)jHX;m{en6*4dHED_R`c6DO{1~YK7AvH zs};J8`z-{C2N!`Lzd8cElhH{IOkIK7cDP05h3A0OyQLd0zbn5~-}ue5rb?^2SwE<8 zlgYy9D%13g^88W+Or%8gmeu{$5&dG-d6Rfi@(P7I>K3a;;>%4H|~(sX(|+H(hhu`D_)Z2^8gH?96Nicf{#7&6@LW*gW68_-1Hb zqsg~HsWdk%*79?gBm|du_|bhyugZ7a*w;q5kw}sbBOVwd9n}F#vA$XtFXBowO7u^P zk=@$fr%&(V!Nu##=UZ50F~QZC<<0@kv6#4%tWn`d?WG|9lH_wwuu9zC4u~Fp?^c6A zK)Y>WWgFHdg5P8!#dqN3H(}uU0b7H!2Dsflp%zREz)m1Jy^^$OybR37j}@gV6zHRg zn_p0iT)34Yj;5F(q-K+7CXtsF`?*9rR_oHR_!CsRK=FbiEM$+3cY48@U8{xvqtEH{ zGy&f@ZZFJN`BWzA!?w{y6~)q#ye@--zDPmO@sdNX-^}{j9CQ58X%@Ayu?udReAQgh z`}iEPDRr1CKiJ+>fa@Bqz?MdHH4j7+>sk+&`5^JR>Tuu4u2|aBm11E*VXx-4zdnpw z79wu*YrG|9T9^8;B!T6#HQBh`Nl2_=&dxV{A_l6?z@&-bH#Tf91x?>^ zvAg`5JqOyCEe_OnRakOuCNoMTP0kR$zjN((6h@s!!|vQ5`+C-t$^x6Uvg}^*r9FKb zC2bdD?a)!%h6uZ`enFfao#EjtqEk*$R9YfsqKYAJb~CZJ8A;7I@@WJ2Imt#Eh6cbN z$Ld9lqlwB#UFD$W0*#wj2a%WTCeK;+k2OkBqNml167LsZx{}->y&$28MNcMNsQ=Jj zHlv}D(_W22k*QzffA@m$#TVW)bSGh)3Qe}O8CSXRHVGN%s2_Zq))UP+%s?hO@ z2A=l|WU*;APE!NyR^LqKr2%sFtb7Gf4?o+9=|VTSdwqEH7L9hgvWmfL@as%;OgV8yDPDe342PVbST7k&;s}<#hc%r`Gc?t2J@Xd` zN$J2s0~KJQFzAU`X`SuHuZW7{Z>!HBM^fpntcn?IlyUdIA6EpXQm9IZOR-;8%6fl& z;%QHwP|#rx*=@BiE|mayjV9P~e1HXszj~hjJoc1&7K-M}d?)i)wE~PkSL@5FGbI^x zi)%A<*nJtHeOl{J5D%t7@m%~kGxuZtXt^D&a5VMZryo;Ltm(v}mWidMC@$-noQjH( zv-8IsHtb%P78za##pswv_xc9YTy95m##F&$pQ_g$ok+h7e4gMy?dk3&x7ARZs=vFc z^zS|29y%*EydOMUsI#1OShQ^rL&5HVwt*iB@AGJu&bm4PJ6i^rqnx)4Y6xBob1t_! zZ747@Gf%%2vei~m!F}X`%*beHL-}u@vsgmqkr%(|1-yiahJV4}%;P0>Kei0=r#Y)xbnLh}2kaT=E%6`^fe!rp>f(D79$21d=Kj-_rp8$J7wh@+{ zof+k;e(Z5s%eVy5c{!E8Y@2V}Xl;zU@YB66Or-o*?*nfLvj}Ods?99M@ge*Q&2)kH zYa~!=Eh@vo=B-VaKW$uNVGTvgNh&o-{4E-}I&j%O*(mhwLqe~N#W$_EXS^)F8&4n) zKJoR6-kGnr9VPUR1-$~s0@R*jno&Ob{S^ubaByS$?YMm(=yjo5MW>&n_M3=N(VC2; zr?3v0zzfP3F?-L0HT<1@0m!dG{UF6@L`|n@3iVzz<>e)W)trwK5|Rk|X79K^uu(ry z`#7ny6?p5HPxnsPMbyKPsb6uBBAl0ZPR+bU`1U@<=V)M);P+SnebldO+~Y)@Yu$d7 zR6PMrz#F5+V>*p=qo*_(u5M6e1zz|5z+lFTE@A|Q&6~efd1YgEo}YIefK13Nj4K~c ztr@^Ne9T-_VI7Z?j|;uTdGGO4D20Ae&Ep9dvss8lAGHCZ6KbUPLAkW0-)nvj;H#A+ zMqBooHBsgKG7)0s>a$a5b#7b!Q-aMd(ppGH* z;%83adXQmR|M+ES;rk+PzBInVwhmIQ?dniAQe$=(0TpvLdGuAZCpX73_Wo>0>lI<_ zuWG0KPgJ1=6`fRjCe@(=h19P=-CyN*uD>FzW!HMq8#AkLk{;-O+SRL|wjHgnQTf^8 zlH6nO9=~^hbd*sskYHt~g^*X=F#trC=UBP;$M&WLPkIHmR?}C~Z!QJJ81I zz(4Z51UqYT>KD_dJW0SWYR9BiYZKqcB7}vB`y>?3dl$3fIQbSciLcBeT+i0vN7c%kquh*KsCRm!rY z&9Mf^K0^Q5K4H~GIVt-ZLXmxMtp66|^d%qSK4|iVjQC1<-;TL2)bG`om&H!KFYH{L zQv#j*4=8hfJkf{g`K9E!2ho3J>T!g~$*GCn^gT^5_jmb?Tbn1Cn|JOc5G>jHmQH=3 z@>FY3L+7C~Q5H9+UfAkc%yR{MGP9DunVvmEoR28?x!~9*t7Zz8lubbovw4)z-*XqP zKEovt*cSZFf_?7_KTv!%TB1E5=p#4)#;Xtf-HUB!zrB?FQ9R4>?&h*nKo3@o1ekmx zvi04_u&wpl(XF~3t*opxt8Ud*?kJ)Fg9s7z56a*iJ1N%$WZG$1V9nfUnK!E$hPB8ed1)m z90IN@M|^zB#JCDWyxZsAgmCmRJ^v_&oQH<-WOOM6btVy=?PiJz)v_8VJz&JvgG;Gh z+r#OwaKi~D%*AZw^j4yXClr8rQ_HCwEbbJrh21t<$}CBN@Blxz^=m!wkRS%-JPQs! zo~!WVY>2lnV)jQ&W!)2k`sZJD=?i}J1Z^V=(Tb}+D&p%zMWE$BA!&>(rF-3WP56Sd zQolZoUQyRs_Fbk#r%HVcUPTuDDrGeLkRd_6HIp=w|Ctee%iQxDPx}uyQvidI%qI2s zj8-qTx{T*yf?X4=bR%BAelg&7p3g6V?tey}UstIe7Je1AMKo0Hkk&i!a>^sYk(lBo zRlY=&CJIIT`MWB;VvlC(8RE?!(tc7npOLGwT6}Db+)xlM6eod$-^nM#wPXj}`_7MdZ6bxM{j6PiQ z2r&SEUESJTb2kM;u^L6zW0pbFXpEw>!opU94bIl&$?cq~!a4xYn<^X>rp@qCCVfV5 zRF)Q(bQ^^c8Q3r1RJ%OzrqBABRlDKnH=O2s=>)o1jQtt6C)T``Tc29<~8HG0` zriPSZgy$^MtK#Xnz8okT9z|=C?;qqhKM2+46UB@KW<`Sl=G++bmb~pd36-;vJi_-o zr(DbXM%G!Zy_et#oFPrMgr4B@OA=lB5kbLxW1=uXYu13ERG3G-5f$t3H9+!Pe&f){;VGt0|1e&=L z{mp_uc&wPm{X9o~K6HZ-_tAd+OCo-RTCw-XkZ&ZadE6)D5BE-KcN9|j%Lb@C^#Bhh zXebC0vYs-jeg@w<6B9rb_|?4D<{QdHp8mQ{=ng(VZ^}I;_;rva;PhqX{>~?0$7lt~ z%j>e(;`VO0ZqTnv*IEt|Vq+G{0p-v$cEj9VDu=wr1GXLwvmF-F-YWWcSq>73oiBQz z%*E1^uIX}XT?l+!c$0eXbdWZf8f9zNpWP4#Up$-%21?wX=)8}LT94uCni!B??DQAB zxw&biD}jhgEJK@LI_1B*(L__{UtWnMd^UmdHGTiCY8-e9i}Nm%vmMW^iXGB7F^Lsi zekU_h2I!qR2-p;@#r6lDm$J(I$#@DWbJTLC570by2IU&^i zpsybTBTG8V_Vx1u&kU**XjAP)f^Ob%=y*&O?K>K!x?LbEYCvdn-@Ykwv>y*VbCK0d z*f}@z&k6Wrn{z)3#cI`sC^uT&pO%Up7b}yX?TfR`GjNw7FZ!pf#BQzm@9OHXP;L^L zkXOzVdHg5h2UBi-#DQnR8`cr)k8z2{Mus*jxiD zaRVE>_~_#q&F*LP>r4`A@t>M?p%5iQTs2oh0?5a^wJQ_#oT||))uU;Btt!l^Hw@Qh zqTFTOyR_6L)~v!d-hLKI?f5Yc3=2#z9~b^;f0zIwyPtTsT~LQ=RYH05^GkQOn@O6y zLQ|3f&phBGk(W5`!@`p*1brvm6aqrfH@wCv7Z1Z`eZ?xlsfkQ&pP|PAM+fY~qKg#< zGHSXv4^L83_EFRPt`H{SM+OFtd;?4u=$w-5T}?S_@Gt4JBoeXI4OK4%*gd_zdNByH z4|=RRg$Yt_!mxKjW38|v)Kz*gE2!TV?uADH0j1c76_t85&0SfL#H8SSq$+Q7Y&wGh zRX|O>k3v$o#pgE3vx_g5d>I(c~3+t%SctS_hbOie8L3Uhp8$P zyvqfIu(4nRLZ9ovmJn<=}nhLM4<*QBEg`jKyG!oo0 zkx|axR%Th{iFw5Qu25R+6cmD|7)3wg`;){N;1%INS5+yJ{`8laCn~eSuf8WI=jw&i zOYNX5aP*5u!rLEdP?KzXGp$37N?6g}yBdzMAZ%U<(n*f&IN9vbEA1Z6Y-F(5aZ0rO zz7iDPlh7PT`uC`j`Fp%?KH$oa)9wDJiKEFpR;x4$-Y()Z;RR!al~1kUC`FfTh* zRRVyyCT1%jG6#>QJOtcHLP|QHcjhOiz0_$#^A&@%2e9-$@|z|Lt5CCfFFJ?RMf=Ka z^>|O|F%l4>nu>Bd32S(Z#mB|XqQ{r!cxRG*^FJOH%)eXloK{1K?Z8o_q~^r}uine) zygLAXN^xoF`ljT)aBlFOuT$<$b-Ox#QMnmlqo6ZxVnVZQb>75h2^0GL{&wZw-XtsN z_7r|`7$3~OvXb3B=>R;vl)>Zzy3W|~{ph;hpGJ4z%<-W~2@iY*`vMu0yuTbbd~mqm zelT!*zEXqf20Q-p8?(%F!1guz1wat@Moez;|h$J^ef<4LD5AfhMa4lOskN( zMp#lydRTP7Mdq3I`bVbR5XdWDULD>!EzBI>*S}rK zUXXl9aTEno0V0(ohtn)>Gb{1Fow7s5l!kf@rAAH6t2b}LZ^d6K68rQky1)0pP1;#u zCktexJD**xX)9o;OPqPT@CRq|4mK^RYxKUYj8#juX}>}ksXMaILYK*7 z#UzL#;G`V^m>4k4Wauf3F4b};{k&~gp&)JlFyLWfLJryHlkau#o&DE6WPDmny2@74 z^-q4OsYp~b4*_qvZ*NtMzFSO%mxYF2scV~9AbS_RFB8%>t3ghNQDmeispiobd(p-1 zT0=q(anWhSo{1lD2(>FtT3WLBrL^Oy29*CxhOGOt$k zTG=L#&?n}tuQbUiORTm9p4ZoHThg;tKI?laE$lVp*_5i7&_4c3B})M+EIW|P$ESE+ z`s75eXnCoqxDYG$$qC*EWjBmg0D1l4R2L-95Lc0rPSaH+ldYKMVG_Njjs4l+S_vy| z(6+Rxj!C!;IZLQMaCh$re@3SP`cYl-rg%pQK=sx+MbNPHyDYy-K+z5%8mnlH=|CAT z1^xO=dAm_5(m0purr`0uS;R(@GUdZM%*mucvKJYh(s%o3nIi>(cRwr_^ri|+733t7 zt-8O}Ro1H*8J&2r8jdWUmf^+Q@?0QYPG?_q%zg)4q{zQ10Xn$Ox(X;#6W6BqlGiTzzY%sHB|L%TqA=52|CKa zT&8%_m;Bnqi&x}#jXu+RM~8}_-f0s{KpGsA+!$<~R=z9XUuXLi5qz+t1$)laS4h2s zdd1g(ArR$}+4hScG0;zPsi!48xWHP?ScWq6?EUCW4b0!1-8b$(H#XX`rbHxO}5G`wMNP%CITeXb!%W70!-F`?_6=Cqz zbRM|=D0>sey0soPJgc*FxlVh(MRBZQtpcH|8fF9toE6lcXD?)>rbei6wqoQ39DO7s z0bGwRKa23Yw=83o4cZi2Le_@u^ad9@6NjqK06JkuxN(%cHi!~yhGVpb#CkO zWrr_-A;2X%akn2|B^o53r~bzMVElyzQs-n}B}n*ZXA;yVJ_D`d9s;GTn|IM+ni8SAHCI_2jR7u_z~>luN9yiszN$5;G&1FVE;;ogX%FY{kl|>vP}Wzw!4Cy4iu@)r;G1y2nd1J zVF9NO+@lv6w7HfnsOT5i$7p`<&Ma6HL*_Goy!)NFTF43__>x-;Ph{-X^18aXIGsDo z#YY6`QF?C|HfZS>Ff0`yE!lPTQeFtLQw=4NQUs)wrQ?b4&kBMK;zrNBlRZUQ21}gs zhPm?}vig}Dw$Yyb7DGBPuxcU@b0H-gWE8-KA~xd~t3EM;@?AO{~oMXw+J;|S&(0Cf>blb z>+Xh1^JC>B@1}%}ek;P0#mcYkcFumDo-g}r;8&KLCl7zsu}1kT6_u2FJI|LZtUFur zEy^FjP}gReKh94CD(?$YIDWWM2Td%s&X$+}v8iR^7<4voJJ;dMo5pDZ%G*7wvwZ}U zFfF8Fs9>Qs0U=en?{&<(&+xygxcv~8+wef)VgC=o(US#7o zPi`SAWI+)KfcpXaFU#x&hA3;I|FV`i@xboauE=9)N|L(x2S_w_c<)MJbK zZp5{gHFfd8HMp_GILt2shc=nPgbyh#e7#r&W8jHnff{1T@$6Up2?fdHD1u9u zZM$^hgwwL>Y6Ud|G=dkcia6AB<CdA_srIlHCXvF z(iIE_;o<0^eb;SN@@bsa>Mcv#!&jf;MGHj#!7u@gA=~Dh%G@vYYTl;JWnQpZU^ZI$ z?wy>Q1wnU(%ryZ0yY_F|k-6Gz>XcPuHSPY@aUU;!dVXavFn6?6RrVr;Zr$l|SC+G|P`dNxmRzn*o!@^6!o=+jj(_vT#A z?OCW|TbfhyNq_A(X4yfxm)ufg$}v_*vh9ql{WQ_s=}LEXNI|_sRNKjUhu{Z)fN}lV z3jKPqz$`q!q>Iuz>i98_^9lH2vrK1TW&D5QWJ1sffl|%`Y!@XyvtUp%(!z5`5G$MK zO9S@8fT15ptD!CaMuzcs?OR+=?+w&FlO7D@tcXvHg3-=PPSi&v)m;n^%I2 zMmzy%A~60kR?xK=2Wz2@*Q=`$v%9HjIqG8;CZL!}-Y}~d4OYKa;&k$c%`H_L($wqn z=$Cp;iv+O7;AiB|bW=Yi{3%GaGFRt`c9|RT-k!TjSofbu0>$SLq}E=XFYde5WW2>Y zzsCa0{9WU@=sWaUvJqS_i}kuQwx=*X-JW%^+x1?^!gu`DlK76)d_~{TU&?xMA@u67 zNwcyeadsS**Tqdt7IMW|0oOI|vbpIG*5c{~zKVw1ZnshS$9G9K1{- z#)7qC{yt(*QBwn5W!4*aAVqkG`+@VxVf-YzdyW$@DFHd(bRAKo=u?Wt5i>bw46)F~@!=&akq&E^`~kABNpn_V zXkj_-S3rj9INgZ0zA9>f;%(?|7XXw$>zsqTrl6&)WICM-x*1s~#KUNhX{_ZSqIQ6p^Yg&p!6jiYg?Owx#cmV!-mZ|MhK)v$NZ!}rqDPP~o%Do?%BSdj{ z_EwkGWt^5C3bs-<)cS}nYS^c_VH^IsQ2Is_{%OYQtE}8hKwPYpFsJ&=6pIN##Se1C zE%wZ^p+dot)HBHs#}b+YDr$;DQu0>v(E13G$$TW21{PuD8QlMi9GH9CSr}n%p>w`nvHmJ)||YPzefX&`%=mP8O$ zMHtXNI0jE1;v}jSEiUBu8wCvzQ1a@$LO9geQ@&S8W1noJ4&13~j%)ijOb+veS*Tfd z&L<@$X(4^fFT0X^y^y8Yq;C@@F$SEoolRAy&wLIlnTYIamfZcQ0b_j+r(ibY)iS~N zZ-p}%R(<-)lZ@8_s=C^h_cFxGT5N(FM!e?9bjVGY5P|Dz@%@pf@G6F>_P6mdse3$M z(^=1|b)ulsGPU)+CZjZASnrHT&j^?*P!v|)>r2v<&qcrRp{eO$sKSF0kh6@Jb*v|a z(8ZLN%g*$)ZYr=I3n-YK)c(ozYM~=Ri zl6T%?q}9o3Dxb}^#T2`VZd;RVn68rF@BD(=0(kmU52IHQBw|-BSpeEQV`*a2L_B@h zWL{>uA(6|c+?3-{*C<#3n5rO@=v8zdrUo3pXWF5S+)){Bl>3oGgIrJZzkF-L)u`^CT$zLZu^!Gep)_LoH@X@EOLDB0iSXr%oCuqm6 z{PF$rjzF0Poi_VfdyJL;?q+cC*fkMlbHS#!q2q!5izZPy|C$_~zr);C1JV228MwDR zbs)j-KfM+bem0+6s=_6-B-rQ8rySzyGxP!Th>zO_-*j%?hPmVq%{ji&1AovINdQTgC z^BTZC)mmxVX}Ck zU-KY1L&FkH0SR(mlnB;&H_U#C-_2B$7DRn5*|NBm?_a5eSznSS2{Q$@M=8kDX%5)( zs;pMDmIKkl?{K1HR?b#O?+dn!MLHoOm= z?X3C+_{ivLQY|!tRMK{RU6b~gVJ3Cv2iE;ScvyA2_X_Z9G#y>oNu1}qgZouV=g15z z#teF&q?OBnB>Uzd7s+v!v*V6mXVYJYq)MFFVx=humUEKKktMps$XR2H2_?lab?C+v1b1WdkAnDdu5<{( z>eh-j)GIJYbE*l$UR|mg_Gj7=5*MEP59gBq36Yk7n+?sIKf{^4EzcxabF6_zpzCkaK!w@YE8%8may+S)-QQ30Gj+4V` zXbZoE2*UzB>>qv26|nZ3D0v43UoHY?-73`6o{7zrm+XCkcF+IJv(*oR!g>Y1L#x_I z0$&hoh)!OE*lZVwB^gA{8$FJX*JlW?7AggV?Y!S1XXqd+-;To9-}cut^tyEoz;H}y z$muGzbOtY`z*a||*VZ7{EKlEwoo&tE7J`**DBy%RKW#%UPOjA>SW+;ex_wTEw}b5U5l2WhFey zAq@ge5HJ|ZHw-D~yPvNz5_Fg>h%i!Eku-5*+r4gPb8eZslknWqMEOzIjrT-R0WKVCuk!5d6-;M2qPc*!QzR4f}V$LbeMTa#b9GEqt=pI8*j(uxSC|E! zri!D!5-{(1AbR-qsngdFkI#%W6QCM-64EiIUVAV-GcSH=|Fd0##h;hYQA^95DAnL6 ze0FEnTuq)toP001GH~1SwXM0#TJOFtb#JLW*U5JY z&S03X8apFmhv{nkh_BOnk^LEEWnoxhPS(c!?^g(+7}e3zj?!dcZ!eXv^i!AEjfHXP z5LSO3euwGm2(^3bxGMenZ@Qb9YPtdleM`k1K!w}0og}lt4UF3b4zspzX&4!+!u%dp z&V4qsMFy55<5E~&RU9JvOZ^^>YhQeu7;$c9zE?b-fjHQVQaOUU>g0oX9ah|PMl-u- zO0WaRfy7r;6-M2m(1WRA-SN*>(!5_Hv^zKUssfjdvqXcnCN$sy3y(0|k3q2d4JRXm zq1kS!&4>8zh(8QYNhF-JO_`7+2Xx@u_Ki4J3v^1C2EunGQ>>IlsnoU1G>Na57(*kYiwm+pyth zVyLSH2d{qQc=JUNnZ_G#=mn9Z z$OFXG2d1kF1fNkGbvU+;5~EAO!uE1%_Lf>&NpHHAehjLd%%4h9V#o*IdR226kzib* zAKxHOtE?x!+UyZFgr6>xP*)l-G3UcY1h+Jt>qfJn^m7t0c0sN=v+$^NMohW%6T9WN z_(tRyqvWF*Z;!*h(%$yb)h@SV@sSMI}Pxm%yyNILFNz_jf z&Tk3BR#%>29_eiwc7lb;Xov}y&=sCq;xWmQaH^KI zqQI^|*TwHRanSylFtAIl8dcO;PD z^uv+LjXZb+tnZ4Y(yy{q82ZoAJ`W2qP|A;-edisYLq(=`QE@JhP)5u?&h}j%(W7su zycyKIHmaIszLqKis93nhuK&F}|5-F15l!&Tp}^ZO811N_S|w0(OBYR=0Y)%$LKE;? z`uck1ejoI;T;+2`bsI#}%>PKUb{7S^ggVr8&cf^fD`9w?$OhuLy}CgfZwJ!>fZ{pOO#$jYwW7=71)*Zy6_DXC56>HnSSq?Z>Bd;Yeii~1I z-a5DM*%T_oH(eieuQ<1?Vd))f3*b$$CR7xicA*@SPTvwfs46@;ayAc!gMck*qOgunb$ z;I{o96YYzd8oG1q4h`pr#5GD_+fY@u_&g&vG#cr>IE=vLkE|DG!MU)UV1dHy9gLb5 z=JYJy<;+&)TCUs+!9o0cBr|k~Ib+bpd0A)PWuH%zU0|FO)N6ATGza`z4-uZA?YbUf z?~ZUZy1PHXO-r#+%}q{WC1TwfP+z%nTyh_Lyr!(ZM||g$ zc{86j)5*0%=$0eKvoJh~i^CW{E@Uq78Dp#fo10908k-1p*glf>lA0&-&}(wwkW}1F zM0#a`-bXNXx*xiq*E!#AVZVV_Ws>u)wJaY|IWC{ryvrFrz8wb7{%Qm7N=aAzPzgxc zbbrnDSM9&QD$ozhNcFZyO5?NjGtg4ZxUQWK4NRlb<}gmL`TyUh%*3JW1VqurZBCO; z*bdWDXkVywD^dajQ?dDunIDFN%aa5M9p(|F4NgB&^1@5>!ygz;NG^o=dhDg!Cx=TA z1UDe0^CCx&3Tdg0c|5uvg2+zBDI$stGf+of2?)|4H!(=_N1Xm%AU+hr4DR|3!M?30 zPYnnTr((R3m=wxPD^Ys$*SuM^>8`Yri$wS63of9w-$cu1JPk#lSDXs-AI8K?2*DOQ%U zG6^huWj+Q@tpB@Hq3%!Ug!I)XzGMBDE&lV7t{s!)r_M1L?}Ed$V=j%$%(+6ZrYV(8 zuZ?tMe7t#a(YQjVG>(*nSEz~O&}rIZ;t=T~)JCFT{M+Y${gDz8682s# zlg};K`gLH*f2eRuvD9gOw$QZvUjpx>0<0*g zYhuSlt@FRGD@w9w@tJFseAWL$!XAVs;ilNT)=GzCHMy>RN#dZi{GWD&?hzBXgYlPe z;(tD`GNUGn_bVSuHQ(m7vkNy1F2;I0)I|J0cE>=6ye<=C{Kd~Q{_*`^+DNC#6PleA zn}*Q;Bf}e`S?!4M=@PXD6m4M+r5ifWGV=d(w7>mzVM52nHBKeqxOJDZDf=I%$s^_r zsSGS^s3MAoHrr^gbFNn}XT|=PCjDGrOg_%IZyCyDdf`U}ms=y;9|2f7rJyz+FG z=+q;Wg;sBHtU4cThF7k6vepo;_*eAcZtw&!D`>gVX=`5%vv|CIlPx1l#T0b${k0@m*TAcL~HA(`QcOML7U z|0MjVqxZ9cMoHwqi12??Eh(!%!tXs@YyJ-dTj`>-*hV~q>L12UM2$-^uhtj#PtR=d z=kz$W0{z3ds0Us(w-O}8|ECABK|P4gY;yTOjQi-%xc{Fopww#=DcG@=)FFoQL*Cym zB4rOkSAwobOH?x~9N_MKhG;k6pM)ynRvI;rLsko%tQF+ zKnP92=*sGzjSKco%()qUlU4uDM0uV25&DzQ+;7AFc#-y9cIWEAbeaqpC_eMkg#+8M zYy*bbj8s{02PW!OW6PA|ne^OqLi(&1n>OWqH^b~J2CB@Qc+^;{8Okc3#lk^>qlV^A zEs-X%WpK_3FoZ;r>wS-J;l{9E4Ev>_ocqt+ELSQ}9J6Ge!(0>H;#>a9oWoxKDd z=giYhyfgON54z5J9ufmCjyy)Ieycs2$24F0uv_xBm$g+&eP;F`w(EM~mkxPphkl?b zg>A5dp5(7J%15E~Btmx=>w757ccVn$)!fS6S#wcC+dfZl|Bu^~tnGGSMJ0 z4uBC26N`(cc?RI&dP&uAykct6OryCXLNfE=Cy3Lq@f(f*?rZ;p&hy2GZ=Id1p)M=S zey2$5L28druyP%yq><4#FG8ejFg=M{R>SZGvh0@Hy#Cybn^5fSR*yHyjA{bU7-3w? z@74)X*VN3@gOwE&Z&Let?AoIbjXkw*`*y3Em)+qbT7~lSXA3TQp1w?KnO3&hZjpa( zg5C&wrs+<1-(u7yd!g(8&R?)SipKBT^XXswE*nod&}b=6__2UGilL!SP4ffp?gfcn z?tO%Ub10AB>Z;$_u6{Gv{>FA% zJQTea1!XUUm1*_eUBSB%DE#PWfGrFH^hTDKBEEinTIIcmD7i-e^_0Ht{zKlkC7%_i z_Wd@88+ZU`aR@QNRS5XL@;G!KjqN2vJ5!ZGLkYj#L{Ad}#HKe<>~pZpS)(*kwzJcH zcgoe=($;jg10Ub3A+5W~WP&e7C)KoEB1KM7Thfl%f-?Obo0q&*TDW(g;Tl{#3FRS2 zdBHNC@`gj0f1@yfbG+kXI;46zUh;JLQbOEY*!mryaQsK|by#bkD0z3^KUJ?)pz-}` zJy&DUFpwgBGAg(-m*cZ+@3&=!B9@zxnm(2S zn{46{R+)CT$xfToV-zq?G`pBJ>$e3-pkzso^T!`YFM2rDw|KpuIFvW9sW0ZO(@l7U ztQk|)&<{hUyLTm|wjM^_T}Qt&sk4Z{r@HjLN5O<&!y4&Q^LlPBk4>Z_^JSviLPjbL z8dTxVOHY|=&wuw3FC;3^*x%o5O711d5V?g)V5ZJIk)4N(hj8B-CG4Qs^{s-c!q)wv)?=QUOdOFXX9}jtx~+T z8_x=Sg;}H_P$4S4rV$Ym z$EXr%IE&s3PP0%4y#>_o!g@t^Y;@9>3C!GE z-61i`xY3A_iFll{rt$_{k6VTX1}#=7$WURHHgF$k&jWSDC*K zWnOK8KBR7TWa#l>Bw=FRPF+5DE3`g!ubW!~xh=HT;*f{&!2L;;#rGPghdo|Hb~^yv zu00`W0)bbawwg7j;tRp|w@be2Xm3bg0$k;Nip)b8#ZbvN_w%a^0%T>&0S~^fxQV`JU+gm=A6bL}&p3!Z%g<-Apk5 z9DJ0oOH^+{6-^Ds4d9&*zUZSh-V1~wwDI*&KAeeF(#)0(UFP5-+p(_4+oOG7fEJ1!>NmjNm|h^^cc~b z7u{9Zxyx+CU{-bkZ>32iHS=HaFO?N}fL*Y37c_dmUKE+H|3SyM)-*3Ti>i?9{)xft zJmd*7max_B!M+QKm41G&jKbaf)ZE>yMpb-!@b)4XfZx0xC))PK;gv$1=LqBhG%Q>h zp#d~!V*Tjg3}}))Ned5r<+t#j0dj+$h)-0a+!eHkE(*$%M0|qnR7!7lot;gmlTdl} zA&R{bZ-X0gk97?zOq=J~ns=SXpU;mtUs;#$abGC4`;Ko5{8(n%Ev#Wg)bsOK2A(fD z_4xMfhEzQx$s9wW8GTIyKyNe=A zVF|CTi5GWl=^u-*gJCbVe``Xco8~O=by&>!rKzfwP{aqpc~qW`&60dNE1{==!J4b4 zdG`^Hy&1iMhax)VRrD62?toP7FaLzs znr|}Ut(&PVVts4&%6Sd9yxbG4UfcFv~n4P)?-Cb_BgFju_ zO&l&V*6mjE_vK1t{J!vtqhgs&gU0oU8taBP})bhBn@kvft*AZ=~R4|@n`!=Gqf zj(;Fy7;QX!n5!0bhiY{wn*|JZYqMT=SGUSU61b_6whhA)v9XTp+(a$=3-lPKj-Qh8)TJlTyk4AoX9yq9}hhIfWKj zmcMMKw0Z1S1j}oAf3dZpePi3-#MX0k;?w}@JEPZo!1WEnYp322~J8B-O4FJ z4?T%X4pJI5ymw|t_eAlCE*|6?MzS32bmAr1(dtgQ75f7)u~9cU`#;F_y)OSXvb4nz z>)#r;?vNFp=PG)pzQyhLEJIy+!*#{i_RlN)Oo6@6FxLa70xQSJGvls~k9&n~tAie3 z6VvSOPkK@#DFDGiA{txoW;-k6?3eCYwn{7|0`?D&ak`Orn#;;< z0I&uW+NfbKS`I@S<<0&A#ZsBBtUuGrh4QlU_y4S#z7vR2| zUAA&_n6}kcdF)v4!0D?~r>4uWLgFP^a;*ppf%)q9u>=DL3y)qAi)?{E>p`wH+pdE} zHsOGMGfVvM&oExnB|v+7k;1XN(J~0cYI-RVJ&xmFxd0FaO5+PU4Uuz)90Dddn;I?s zm{`_}2VcH0Sak*6*ocBo-WfGHTRvN)vYEPHu2a#t9R}SUGb}Vu4s3vfu1}wfo{p!_ z|6B=+iU9Ff861~1x%WC=pX}N09iJ~Z;tz_s41UFY%FpoxoprSQne5UQ+f&nCQOu2K z+;?BBE2DySn111*v$lYvXiRW`B1WSxAOi)?c0gs-X@C>f z(p(pcFR|aNH?6ff6MQ*hW^oMA(TE}AaHsrN%5GhUD^unSe>hY+Ck)3TbcbKdLJ4kMJ6>ugqJz9OG6aU{W}q_X zRc#t)N)f66W_kOX&a-Ii%u@eq*zFGLmbg)E8-x&{@e2HXzS<_S{cifUruwTOH_DSb@NRL@|r+pxdrl|S*4288b8Mh#tZ zn3`V~Tl^~c%u<||wVWG*Cm*2$xekI1rZq+2fwx;G#jEyP14BjmGs=3vNg#%(@Nh_L zsU;9|1u!v-4fM*L@PKxw&$hIYcimm>EL}>CMlz|0q+duZlFTV?cA54*#Z=|%LY1=- zTK_cX*vMsnnd<41TW0gtan)k^cZVr~=I;h{|KVqoP`bN!@XMD0_ciMhUB8PYHMUx% zuRo6+_%T*&t%A9>zyXvDQ1{0~pIf++Z&XfOI#KDdOkU*uwgTA6!*!ld`_T}VTETz) z=3YDhsTRTij+Sh~t^C*~U^(o{AD*{AtuD0ozVS#9#qM3Y*Aee7@xMo=hwEXmYMWa= zzl=5x)BfJBpvgL2(=+|5i)Yntus+266*R_iCc(kU zGR-^R;1~_fC%KGK4mhQ%6e^N>!o|8B3M3|2YWMNU_znpz3c~kVhh&K_dG<4jtCsa0 z{ju@XR&1NtK9my3d%dsLW`lH=6@`SBR1{^IrJB!<);R~9Y8GeRKD(CcJq2;S=PwFi+t@2>aBmF*Ry0W#@nW7kU z`C_%qs5m)m2vT1U7xa8uMBPh_t;}m&{JiCkAtkhkfC!VwlSpe|kRNWmKC7^f6oMaC zPxTKo>qJ&5Yn3MP?J6`h*7RNRLY1HQBU12|DN<_5_7}|^ex8x9>3M-%H&P6I9NH1k%PtvtM*4h3qzkY$OipmpeXW;+O`<>J zD^nH4Ok4Ug>C6neTOdhVt@W17#P&oCf;bvFE55K+`_%#yY9mgKExAX5p4xWug3qRc zs%)1pQnuQtB|k|d3#KYY9CY-cc(SDU1SpducLnOQ?W=eV22GbX5MOR1`BQHtVaE`1~FZlKRx>SwDjmiI5*60d_c@voc& z(z6YX5FUkN%_dEVFH`~`XYu&%DRl>E-N%W`bp=EwSbOA0o;*VIShvMZ13z+ak$b$e zCRfK?!R#H>zuW!oBkt^O_lE6bO!Oxcqo2{y+dgWyT_G!+K$-=t2HK2moQ!RUE4F!o z#tkxl;6t@fmq9o`2K7GLj;aVYv@u^5Md9DqdVGDX@HLYkXfMnF6FC{pD_4?O>G?L37(ueXzJgLNg2ZR+NijdmH{Ef#H=C zBX+5lvLER0hru@}3w99Vz%U zt)nj7&yj{sR9=)T?%!reflBA+b*v?ys65HaG7VIc#^>KG0cY}X0`#RL9(nTC6utRB z?7d}JmD}1jEK|xUrG$ipA~i_~kp=}3q`N}|q>=6v5J6BqN_U8o(p>@~-QDnx zxz=9KUhci0?f2t5j`z>|hl2wqjQbvOjVsRcysllGMXvBy-gtcJAUx!%D%Cx!G`jq4 zns+wOcrQ-KZU?`{&0s6;YKMZFQcI|Lq`9#4N^^5;x9m{gyS9crLWM4m=nHjG%>Wyf zRh1ECIv!g1>T~{6ef}#ekDr_-bC#4f9LJv{tE5p!6k5GRo|jUbPDsxNX+1JVz$ShLD=yPGb?3Itp4wJMV*9zicPhpyD7Sv-=Uo9|iTC&#l}5fD0DW*>^` zc$I6m%%_fVXCJv?>aejFV7Tv|eufkuF~+4xX-jx}YqsQ;0#%@h{K}Z*qAgEc?y6rh z(1k1MUR+*#>^1HtYkVocf2P%cI_o%8xZ3)x7|3SuyZF8QSg!7wf(vc&Nj^KlNvY9C% zR8o9rbG89SvZ?~w&9r+@b4RwE$-dQDhFT<#Q+&^M`Ksr3!)ecU7b8=o3|XrAk6x@Z z?mYa&kceTDQzoxp(Pli z{RQ1+?`B0>eTWT-{Pc0AJw0Lv3LlnFj~9W`yFkt%5_&zJfXzw=MphBxeiiAeic$&TaQ`us&dv&~*@I$z} z{gfoqAo=7%Md8umggH+$eufd}#VGOPv$8>~ll_DZ*5;J`B>CCJHCw{zi^Cs!j$ym` zx^RQEVW}Qss2yyXtZCYwK0d}TgugXF`KUI-)DFaq{Lzph$tBbBa;m2o7* zxcY!d_3`)XS$30wLHnEg@k?W{GxzjWyCdgIVGlhTn~vNq7#dG|fgn!Si(}Fg)+EoT zO;+FpUn=u8#4KD4v0n$7%P7%dEG!CVk!h#A({P&9TYHzbtGgzrIG-dpF2B2$3vbz3 zL`4cd<_}FCaZvWLF;uvE-}_=^w8t|{sN1iDH6hD<$ZqX@3&pcfRtL2DG+Q-3(jSqL z4$(AfEmh{UOteCZN(_g{yM;mI(JaIMK|P}K+#XW(%F1lg9V&-X_{`gAXhIsWNM+e2 z#wj3#THvY_{bjItS)Mlq$+vWBw>>adW)98MvM7JPp5165rl70<3IX;-m4gMTfm659 zZ}i|pUJF+qX%oEAsnZ+C{Wy~vquJ^!4cHiBUdEOyq^c&_@waw;@8Kpea@{#gGEa@B z|4N+^A5-X=c1#pa_A}hsc!5!wTi8q|I!cy1{K$~dQ*9lGZW=%Rd+r#$P$I14iDw;S zGo9s3j|AAz*~`igu@MG|oC(cw56Ibuj;TGinhIjxcAN31AP!Qq5n96?4vGWq((ysr zh|JyegJ9d83*?>0NOH*dB9V?-*U*ud6mZx%@63m1$;gD5(I}`vst*`Tln%>aXazWr z^>6ANCO{{dq8D@$;MaJjGFIaAS3hw6h~_I4G5(T!Mc;#?uh9F*jkrGMbh>$Z`9dgB zYBNY`uVXtN_!@6-_MX4#*&DR~n9NE@$8&l-W|~5*sln3c^3^kEu7!c}R&|Q9RjNbe z^x-o*O9W04q$AmM zwJfZuDgDKd@N2{mRo{6hMXD6_i?q@uJOMj3-SE5w=|yV;`=Bs%UQlTf7%SyWy)#F= zPyYQfL;$r(%izW{yyzW|X;%IH)$+4-9ahwwCMoqNipj!9DMZRjKQ-{~^KB)rD?QK= zcGR>SW!59J1p;LJLK_jz+Wy@juRe%9r1b`*`6LRrs#SXBad@w z-kLu~r0A8cd|>>lKRu-5{P1|SrXZ&s5;{BUsxJ&d(jjpyhHz9%yxSw7Xo#41P)qt; zj9AObor~`yC@bu*vrHdOJFo#be}fz705YQ>{6VR_U|DyC_vLEY}v z(<;e6JD5=p`pY$UpE_y<2hO?H6}^ROF;7ciR1G>96lX%H#=T1^-y-YcEYBD{3oYQu ztqx%c0?yVgB(h>RiR})%ZsiUaLseEzV&M|+98A|X(YUExm6umkH)cKce24oN`R-}W zIUJ^m4=}FOsB{$7M_z*{~=HCHtqs$5@1yRd98l>GaSjaPP1Ux0m5xA>yHG0K3w&qOD94-^RcQ z?|OVZj-Tgp_J*w8+6Q6WwZ0jf91@DtPtTmmvnch*@SVTAnx4usK*CPcJuHl>ap4_2;G&+iOEeM5~s%iLY%Jsc|tw?tNvF zMJ?SD)tSehH&OZC`?nk~S58xhe6~l_huRcM0;QqSnOa<*-!(RH5-K#R^=QDpWQ?=c zlNBG4A?5io;QKWPzP8@F_5f>0&-jQ6jj~jkuICo>#ZUz_jl5Xc zHmQAHF^y?|4w3mt)BHwGCgL8*9R+ziMF(vNOjOuxZhS4feY#c>u6|XZBQD$nWIVV!|k%tn8a*T9g?T&O_* zCI2jJyoJFP%h-+nZ~2$~!4wHr6T1;c5pH>U7t!xLmT41eUXYyl^x7{`PE%<>2+pGS^PE@ebqNwE^DbA~eap;`-QzLwAt@iP?^CQa!=HDc!+%NT;DX-eoHMI;iW5dzT~+VYCXZLfnszwc)EJRMmU$?S@p< ztEQth`2aUlU0O*Dn+}7=BU_H%MsVuOaqJMp{7I?dMGJ(2PV>gTyoL&O09~93|C}J; z@jNj3Myf7-63W$W+ZyO6LHi{1O*HAS|GA#~`ng$tN<2X&YarKKe zJ#U>D>7z-cc;pOqd~^f4G`hG(m)fvG$=k2Q^OzKdl9jvkhVWFFG>x?wX(d|=r43GQ zen-;fU5F`2GLdt#seqtFZG*;s)wr8Pgau|6N$bl z;@(N&4ujeTL~0o-TzS^z+;ZzC6knZcb4V-XKp@K>kDqawWk|d_VtB%IhJmv3wFtZs zc~YmW)WtW2A9F8yZ**m>Bqt&11WkP>WnWK>m(G=GnT%J5w8t~f*BfXrm|0d=Z;p5t zZsex8tuP(d+JahZ4gC#OY_X}gM~fyR7V9Y&dSfY9%Px;M&uoMBh8C-!MFE#8*A>0Z z$3HCYe>N}18=;DE_8|ONO|>LAdma0w_EI82io<&Uv1mTs*A#YeN%r&r>%NK+B>YjmT43K5bdvC3GnL+8u=Y*7zhbcDR4-EHrDlxW zz}0W5V*Zl>8n-m3Ro?2;V{kbPwE$L?Sli+y8fyX5c+j#P{ z7j@PxL$xX%N+~45{_5wojBRPD6NsE-b91*R_yxg!)`)_~XJ>nwS=fb8=zTasQfQ0W z|H?OvRp))=0P7?UzS)aZ)~ z_HuQ}C-rqW5MfO#xJ1sUo>}L+9Ly~{0nIt zxeh(ES2?sEVO&vB?iKN0_L6I6u!si_xzTDJ}*jRYVx&Ed z>D{=2?YWg?#ly*Q>uo6vTWYtZv`4ESq;XY^lULalt4}v-ruJO)rZY3nWq{VTh{}8U z);jZ>Cv*Cb11<1Ysq_LMH!-kyWqGtV2NO+;>4hAv`s-s5r2}#TU*ivk>|?b;6xTI~ zO$IKgs9jjwJ=zms!CD9JGIsUTQN``AP~z6hf?BL80pyiZsO2(y;+{@{V4}+5os@9G z$9=iQ_~4#vae&bolR?2 zBfQET6Q0B<3$>DSTi668d!z~Njz+7!FF}+))ALVS_f=0WN@JjUu3c{S+*OQ#qfkwE zbw}#l?7?KD?=(NoF~zIO9|B5 z%_b|VP0~EaIrZgxdiWgGcZT1UQn?XT_68{5;xjH-Qk7kYv*Q~VCE9+zwlPaT6=IPc zld?>sKmvjF<$e2z!XHJncI@?j>O-nB3oLvzn!HbDUH&Le5gDC28_k#2!%shm9w==C zBfK+7{ed%Wu;+ucYp!@MXAzMosJ6+cP?-!!!L0I@5%MCk@~tmVX+Rr|R#34b&kfE? z&9pWr{-#c#gx`exl-ZwxBz6V4`7CbjXq`=J^sj?o!WOdjYuAc9p%|j7e)3|<7$bW# z`TZUpUljF~>!q@{zA5PjZ9TlG>sG&th363GZf-7KCJy|gZyxj!HpSut!%m9c;vGj& ztjA@tLy0jE(eZ+DUI$^pz23)3Hi~qo=bXD*RT%wam-o`<^m#rwP!1nIZZb}?NKZ7> zt*W50P>+ECQkQq$!n*_KBmu%KnM4c6b5OP}aEIN?c*I@Zqnc6-+7v(igu&;)s%inL zp58xfhcY5)LLsy(?(c{I;BISIj7*>Q=`+Nmcfv(PB08nR&j20&b;drRR>ALFLs{z^plvqaa(zN!iVmut|(7{ z2kz&iPcRrq+kK)2x}#9hW9+5+?;|v!DMk_)n0(YM zGm8^vKd&NiQZ_iMA0TJkvk-hopH(j%Ffk~x7;td1uYcM42fSF}7(@7UjjJL83JrWl zu=+$ME<_sOJ83zV?i~gF0g)En!-&AR66r~O&hz{lKo({~+95ve_3Xd7Kd@8D-WD8F7|r4wDjuo?!26W2<0gA3G2D?1AH|6tL11*tD=`()HQjxTa%V7?(% zhB>sEaPpcDIFm-_4@h`fy(ItSApkBA<6MJeI8{NzUb)powb$G95(k!R5bUTNAAD@2 zem9`5lleC744UfwF>{KPou=c?@f-~am;;>!QE`IAjm^Wy1bTCM6z z5~#>CZQ8rRNQibY#c61qjvZBVrPZz~lIt=0UFODPn&N~&j7|tzSPIMNQqB+Gky%d*qACW!(oLtfJ3*O3 zUV~3G06-XpZ7&B#E`B)QZT~az1IbWQLwVujOaQI+EC+6kgw=NL&z&Vd^$5?3QjPP| z!wR#3?6GI;buWPW10#18N>1DfVBaQC-m!if^|PZ{AZ1g{Aa}TuuUD z-)-$O^XPSe?j5dmwNC(afUb}CoB5qL){=dpP-sMt;E}{GHHU!@MULm`0SYLLN`kEe zEZ`@=V;cu{Y_9&Jup0iD~c4I*Ok_(YOLs4;UzFdk;aMuM(6j1@7e z&#XUF+<%+$7wXJ=N5K5*G>b%(npId&Sps^-!JxAI80a&k%cSm^6YmctjUadk;KO-R zk@N-h%M>=XhCuVyA?`M%fKw^T{iCs0jn76h4^0m^{cztKpZO3lp2>X#qyE>2uy zNF=z9V=g|`vvRxyygSaR-DJ=Mq(DI@Js4S@5;y^#{W=CF&zfNn<$~AgNW+D(P2GMB zC2-;sWFHN91L3GiLBJ4+wX;>&rR03^hPl_Zoi4W0=O-@jWYO3ja1j1(Dchd-KE=e^ zw}m%!M5$D(;uoIK-cg8Z1bhgalMtnGtBNTZ*++k4O%gm+odL(h(f?q1z_disd^pdn z&i$|)Fib|d6CrPc`vF>da>OlchX=E{nbPZMHhU&DFa#eD*)m-=qGtgPUQH5EGA$^7 z?lKAL8HfQC0W(@%ZyAyR_P>Xs|1QO^v#tvHfP-feO>;fuuS@$+PL#q^1F-W7!W#e+ zYjqHzoHl(HL?z@_Sz-Q2M02OXs-)||HLUIF)7djoX7z$na6U)NhSN=?2r)>`i$JJf zdkNSKkxLBqkN;=vNVx2a$_p&%M zTQvHtXuEkRUwZ^_ZRXK?s$SZ-gkiFExB>mGUXf}W)6dqBKCfSumdoEoyk>9oFYK2 z81rlu`TJ@DVv#J^rM#M3c)zT&D9u#}IJ0)j+f8-ik$VlthJ?6tSKkP4#l9q!%>k?$ zHlHJ4BPO%Z9M&*H7-{%tnE(4kjp)HEa3k=O^J*x-YAz zJ$B!no&hd^W>-AVI$#}@hEWQTkO!j3?EhSLQB^?F)F3YBT>X`q8kON=zGGE3q=pi( zI9<+3L4lDIy3T<(g3~k#gP(A|(9mmxLhLgYjnuh2UplT0VVzYwt*_KGGcx``KL^I0 zh=TqC*jl4W6kh<4;=-GM@hRXpA>7PbbPu?g|A)~1$HPSxHhP_|FPc0AEy=n}YMs`# z+`;-!9oD(+kFPmjN+=HWa(In{;HQB?!nXlza>3c@`>nU<0$l-RV`>uxKR^BU>nf(g zu2mM0A^V{v|LQ5t)7k=ji$-%G?mBo+r?Sg4osmL)n~Lvlxm}5T18#>KR;a>@2$O*e z=yN#%)^s!e?ocf7oJ*#hCb|GcqNXeUn&;d*UL7CBx!mC1h-^ULA1i3MaMP}Jc_qcr z(;Dfio|pgzE-0vqfs5);$EpbvmwXf$UK0RCEe0g6uYt0M?-t5H zLTnU32raaRZQVfo0+fssuD3C@=iZ0Yfml?Nfu^QM{2qVzhkY$?z)7OsPb#Qg7jWLt zu>cdMDVw}}SHT3bR%866^Yslzb+oW~yLl565IO)aCzBWd`mI;M1$tvcL&ClT$gF=d zs^{r}4>1XkQ^dp=wc&cxo{3EK2}|+w^D7+|;N|7bpBm~Bbhfvf0z8p++X*=ofi0*4dU|y0Y-evtpg@VQkOte|#eaLUtZHx)bi$Dd% zvv>c#_dZQqyJMVn8I1d52Tqttwi zs!IJr!$s$B%y=lcmeW}%T|jP&%-eL|W{$nmsxUvEoQDg^Lj96ls3o5f?O@_A9Z>fDJP+kRIe43O35-*n{>yr~4v_8-T(AN5#nXnnr{OZTmo zN%=QQ6EqRvz|dA{YB2uh#Bc%y369-tnH#?u7r^gshyFA%{LiW+|FmmuwZM{mOW>6F z&A4|_C%?%A=o!jef=jO4qM(Ytsn8=p)XoaXX??3mL=rHu> zi}i?-nSa?+nzUQ{Bl;64(i$rMMCmY&&L@j_*8>OH^#Dae1}sejz~l4$H1`F+2smgp zvw;+A)R#v=xS$?`i9<>t^0dEabvVBSU>CYu!YD0Z98n1g7NBWt5@3xth<8RfJh^c+ zi&BIHy|Bk;gQ$}~WF3Q^;TG~j`%x24r~m`x95kluJ*V{L@Wu$1Y1FgMIVf)hN}v|L zjm;Ot3uD09c!?a`0)EaY2paRf&QFHxJ>8X!Lr~(t<|74^+6ajdk}))_+XSb1ydZ$D z00F&Lj$G0j$|24O~`78%6?h?~nn`;#vhTR|eDZ69cjrgKi8jC@~A@%}z_^#aVc zb-lJtU0D)fu$O}u$`;@Yl%y$!Oh!xon{0&WJb{8q7s?;gu5&BvG+?sMrZ5nvE43JAr_59AK_v4(<`D)B>Wtj93A1;KzY0Y4I$UjR&J|Zwkb&)`0o_VtnA; z3O0!UD<>YrVdDW>a!YskX$)BLyz5w?;YHyoE0RP}s{mO}{iHqF z_>W+}EwPa{T<|$a#fC3eXAgoj0dR~EtU8swfI@#+C4y@|qUM zvF&IBKYhzyfAkq+(?MSmOxL5is0DwBKP(ZYji4bW=DQAxoaN?2Fy010f-fw1KMEjd zy78JEY>*E?afUQbw#o1BH`NtLw7kK$kN2Ixrq%*%Egc`LuWyMZ3Nj(Ku>E||bn`@n zgKM?f!nZiK%7?}sM5};O2*jS4@}(FxvT0_3s+~3Ow1<7(y;DHm*Tww;5&?Zfch`E; z9&3U5Y2>s9I?sq(^4-Aut?1lSrcW(TiGY-$_+e{cZ#a;-!j|P>da20upsyhu=qSS| zT7GSbO5xBCIqTd)W?D(^_l}(BZGH=iqo`%B5OOuRTD#u`s2*5Zy43Y~hCp1VJr9$F z0QVp}RX4jIgf>4R{_g8#vAW*p`=1&!%n6b~2!4R_%40}CS|}Ew$w`S0lkpM8Vh&9v z`_<8i))tN9>mX86mgyi>Vl7VZ2kDd*KR2Xf_KXt9gS;gdoV7tEnUd@}m{57QTQ3Ab zZR;jp>{=%fLi*^(>FVn01dtV90e|1CleL07nnb;QA9&0xWA}sX<{uKIf8;G_CeT%w6%M_t3zcWnQ0&`> z9PoWb;I1EjcU`1h1^rN^bK##Q&1c1yL3AN&mZ*Z|2J~ZP%7{S+hJFnLg*gzV_2CKa zDQGu%)mf193@zWk4FMpj7q$uvAt*L135$k-+e5+S%t)C&w=%B0pia7HF+`k0Vu&Du zed@FYJ?^}dNCl=o@nz64Ec{fr8JRRgC@ziH^3XD&|^rF3Mv;%DT6@9`EkAeo495V?c#I%;!lRc3e0RMIwM?9w|0G z(FjY&>ijcO5`{rPma_&`)*mlOm-txedjcKy0$r|sapb(JFjlGkzNWjyV<-QB7wa{>8?2}4Bpqwi4^GnjQ zxeRp!;a>GJqCvtF9G%0j*_+d~KtN)HH+u9?>H$&};pOu~8HGtu2jUqam%%;P(4~v1 z=|AG=|LHUUsi2Ml6(zJZN~h7Zwt4JBUX7nV4VUnGXf%;X+Y6;KKZO zh`+1kO#$P{-~24qvk;EK!(Pd9{jbuEQbDQdpjG6eZ{21*Ckl}o z(L25vr8M>D7E(Qp{*-Z3q}mp_SI$Y~fRlT9Bf9a6c@5!-d~>>$5d}Q+U3r~e&lr*QfmX6QY)zF`v8>2LDf+pPDC*|@v|s|*kmv)`;2cq3 z$3sdNn^WLXpv1cKwjH0V*eZ3xBeH?KbVfqnxQ3dKL}$L%J7F{76AyrpsG>pWt6vHf z_7N(WJzsCVrR(tFxW7V6I$B&!luwu`Lk!J|$1pQ9q7k|!1o9%;}cT0#~%K}y;3-UAYbLEs8D;H$dZZgF7|-diA5}%WP4|404GtkP+cm# zawy-E3QI*UY7PBFC4cf9SBDE4bA@x~BZ{B8$@SV7K%e$c8<>BducFQ_7svTCS`l3V z=Wwv@&CWCzWur1x!_Im14`#j0`q#_22#?{zY42$s*TP{|Ad-RU`xFZc_;Y)}aF3d& zXvl`bdecn=JZ+1BglvM<_4Dk=*K#Dnh{uXN6X`VC;4YZ10ZBcqi8WQ(m=&=nT}5yb zjfaS9%I5)*(vOfvZb{sOKN02+kzcZv9xBXS*YMmt^-3gY0L!kH4RN~@ zpp(P@;o|n)P>^!Y+VXTg>p!k19QypsOiA-Q*Aky*8Kb9ClS-LP#!PB5gC|$Y#bL3B z>N6p8D%BpAdZ~iqM1A9rPOck4(M=(af4K1=Tdf6CP+IkDkAQJ3C4XVSrI=oMt@XGP zn9C^|w?Z`vkeJ6h)Qk>L5o1Wo^iUM3rUQ+7pw0ym2cV19tt1bw073$3W5Ql7r9xn$oi3Mi=Y%#0sxNP-16Vkj;0V8t-`Zzlpg* zt=J^JpEL@}Ga59#g|U7gwwtJA{#R-`56>2ma-=Gk2W5g}RHXwQeyj@ze&(tG!i?{YmWK&GEg)3QY@^$`Z3 z?}TVKinr>$n%ffiM;ss3;Nz{A2+-^OaXoQdt>+J< zU=XonQ|LRLU3m6|_fN9}0O!NKgV5BCoI#cH!iR*(etuTM`@kD&VBJHWxy&O>V05|P z-oHG7;W#y6-1_(f4=EVM;`8yPPW@vV3iM*Ohf5Pvhq5Hd^&i0R9gOBwK%nucj|yYg zA{_jr=>sF<6%~~l2^v2m?;yI>wyE$=3ny$i`!ih^73EFf zc{+;yKuKY(XPEyeul$*CuS-Qic0gH*!W$>68sCC1MEjPv&hn3*3+>66`9n)WM(ay< zYfny3mRr0c|AYL9xOVi&x_&D7O2F0|Nq8$N5z^dyz_l9`@q-BP z-#H==CfAou2qWj|7`%o!xu@d&8hU`b*h!{qL#b$j@ToWW_0?5h;$8xk@Ub^HXrYb{ zg-YpA!9&1F>;Tx?`9mp3(F-iSZ09C(IKiNGk{f z`pX7d9%$tt*U!8E!~bS7uOgGYNSNHy5|geS|7!Izo4j&=LORFsf`~BaFrwinFToSltbikJf;B(2NB*fq}uZA3*8MXdCSjYe<;TG`jL9=Ef`7;!poDoRuIW(>yRQ^p68g zM4}+I2MTK6g_ub$==SBe2Ndq`mtkj^-Y=se^rBAyo(FRjGKN!5`1t3j48OzD%=g@$ z6Wjihl;qinER_v1l`R$4K6rV0gZIeZ-fe_2yVVYcwkpjqLs@SIkzV1JeeT9O@jcln z6~+S)H}N`Vi5hTxP%xj4ejy@b)$y0>aEuM89nGk2%#~h=Sh(abdH{^U#FIalg3fVd ze)n0YX?sMEM8GE?24KjFfr&4;)%f%3?sbSJ8^N-P#8A)-DkS&zK)N0RSGgwW&d|+0 zU@P2qmijW*eX*!)%l3&fm9O;xHDJ$@?8mCRNZ@F&HM;x=W~c_3yow`KfR1&hX_{o5 zlk8^xSr$niyb`+}XPW#9-{1RuRbTcTf)rmyAr3$UQ@nF;AwzGwXWw*9yJj-&OCFa z@(4_%ES*BQ@X1SFgu}tC%CJP-y%8PzcQtR4L24|!vHGM{MM0gphZp!$_x> z`8e~P+G*6VfZD?NE@Bl^R=%lZ>%1&Ehp0_?XO1bdwZ|FgO1|o`Z_iF!d?Mt&Or@3Y z{nCYXK$6 zdE8FD2HoSVj#HGj16Oebs;3JRX&j^O!R6W%#>abK&nve- z-w8tJ6RbqPdDeTS>Dq=}Wv7^JkPhC+3|G1aVeEB z5PRPwdVB>VckS38~F`qDY?)u52=XZJ^ zzU)o4-DziNRSN{AXJ)Gtu>2uL1Q7_@_fNAw%FyOt8^gymPch4m`#~Dy(N`oQ!@woA z@X-uh3EHEebZWE^$1bD1jqy-lCldYmrL1I2!VH@TO=6E_`d3Oa+ZKk*i7_Cp!luWJ zQnp;Hejs4Ovw6HdPo8n*CrEeVl?uNgZ`vR1kA9_utP9K)BB>tB%H9HKg{vb%7+kk` zn_ii#=X~Nq@?kD2rZPf?^e)$I>Ne-oNh_(LjHx~l=$^RG@FC7uh2(zjWXVo{e?iHZ z!#&RDU*7b?Vsz}b#TnlT0an|DG$k--puB%pGc1qMaWU)|H0wte9x+ zrjhVT?eA|nyPgJo1zA4+@f@@Ih3kWElnaGl5r4iBx4O?F206PzOHWA)u*+1P?XF%w zT;J?CEJz8F>^a%EUgQnhKUSYARZa_SqzTqT>vYGIIsM9&*3^_aYr%XylYIy3R)%F~j0%V;Sm+u4yS{q$%YG?iiod z*kHK1tskuGRXJf0!BrdGtJLlAm-~SFV!s@5PHNxy= zzwgN!P9?;TiAmP^9JH*c1Vn=F9*IhlX#k$?Tti;qrvw`az{Uv3Xv4Ww9ErnS(P z$P90zmJx$gx0YfWgO^JG?OBKvQrR(}WVdf~zIZyLFF=PGt`Cy1a}7@XY~d3B)T1+Ry*^nP?$84&K4ro&e(iIx9pkDbf7>^X&^JmH+pt`(t9= z=nQOu%ne)KKgak_--)hblis#WvY$_e{q1S~!zX*0!N7Gt>eh4O(_M%Qz&R zss3ik)xp5-Ul%|BX57*+pQff^KJ^X6|19Qze!{w&U|?q9TWY@<*AeW5^6n}-`QL1X zrD!m)-gZ^dZ^q51lrIs;MJIn=xu*DdaXVi5c_2kq!{z z+0eL-?Q&V#C}nr+I_r#(%F@7GH&d?yS_3|L$9l`ky%|SshNtQoqQ2-Sf)5|s&NMO<+RWOj|vbQ$InxsJVwH^2=g@32{%756|9)e1H6o*Es}A zq}sUYpPo#1n9Gb-I8oqmCgWRxQR)3Qeod_uZrXDGyVKYWmSz=aW#zw{5F$n-m?6|K z&wjHf_^*@R&f|jTD*t9_;9%SkH%+^dG)ya>Dm zya>O4HUDqMeG3EQ{=W(Q_gVk{Jb{e1=M&CY{{DQX3&7{b2k0;;@M;~pbL5m#J<**e zU$wgAH-Mt&y1fEb@P9dYDnz6WKN!6J)wYQyp(lG^92Wr>DX=d?G6<+ore~LV9nZ(k z7I(5;2mjax1@~(vQkJ=~knFxu^p!;Wbyloib+%(x+-Ae&h3$+lRv;*Nx6UGS3#21! zJkCLt@-qMg6M$lB`Bu318Eq&?M!z}+rI9-T9`q#nQ_*-?t`tKrJwkZ!wW852)rF`r|&pCY0e2Gowl-#OM3@ zz6g-&0te(p>bUEMd4*hK5RMexg`zjm`4?H<7O8Le|GL_u6W9tGTnfsb20oR3m|Zm0j>SYLbDtI+a~t+LDygk&FEbR7z-R!$y?_VlrwKF08Bo&`|>`(dxuP< z85HIYVrLYT_n4NEJ5|)1c*$`b`&`AtMiT9!xuE#s(BJ`7)bURbm43UjRkI_;{Pw+-|Rs>5HmTp*bHz6LVQKDKMD5S z6{OfclQ3pYeg|M3?{zcPH{Eww26Az$iy*Q@;35_G;LZQ#o-M5rg}(2Dy^FB|v||a` zAeq#VMjDtxs0<#|xC^3C?9`5I3M)Z)>S4nOkKJDm7C?SN%(i z!O5AE#!xJ!nFK)KW@2@n8$gORi34;VZBbRSl`wekLodd!btM9ROLmaH?gX&tPH_>&>5m`U@WLaT)z>v6HptL(j-`XCGnX<3ksnq|&eL2_h zF};(FVK!Rg<+}1cAWG#3dUU6HBh%nbjBQ!wCBS&hf`VwU zuD;1t|2%)k{_3z)VzdhL0ib++TMtAcq%#?G`en<*+BUd@dLnB@&ClmdP4+*fo=Z7dQ{lZE?`m+S=Vu8H+la)_J>)?PHD#@VZ zUVBk22Z`D35%E4@JS;1GXU7{Kr;%%D()YRU9BlsQ&J{Wt%`N5Jvc6(Y4!|s4D^;Q+ z@BlCb66@)yJAYor1gWYtJ^X@_3TWma7RMWFq}ko7eT0v5IOVLb;XLISH)xe!e3Nxm z${|v(M`g7{MyO)Fn&@Sz=pBE54^0m1FW`P5Y74alsP|8+q}76V?AuANjfvBT%3LwJ z*V~23!`HsXaqvj*1RSv2BBpvR0i!@fym`~>utq7H#fB`q&#{X>!Sd#*7(G|qO`eDC z9-q7imyD7{&X?tv=lYpX&l9H4=nsNqZgGR#Y-P(P#q)rvtMjq&oDv|hKirsuGUpK- zCBEX9`ARgC_(~1{p$1*nU*Rgb$Bs9H=U1OJ>(-C2@0Vu&Dx-J2|1ES%SJ{F3OL=jb zPb5_2xkn6?w%EkSyS7MDcKndwuw#bjj)Bnv?af6A{Sb|x@0|ijUk0$YE)m`?{ zHbITlJw2uG(+!vsTrRTRWuS4@;JcW)lL9e49u^Gl)r-Z#5iA2+FneGRcD;6OM^d!#&gp4wgci zcUlK|;d9S+`?`QyiGh>Qs~@A6Z58kPJ!(@di`$>my!8`msaoyMEqphcQviZu-Td6K zlndeo(Mjh%iqkP9*HlZ7Npt9S#R|`9z7;=9 zO-96+#<^LKI5PF(_=Z*GnyiThSSdXVV^bn!_x&~qn!!+@@H!tqWaJXm>yW;VD!sfo z#e#TwFunh9ck~hF8+Ix`uRX)Wo1oXvJsg*g+QH8+QV#)GP1xl9gGt+FZi^uG6N+qR zVo2B^cM{+m%qnK#po!QwN)yCX6Pjt*# zosus4rdFqeBKvqpkBm3m6#i=7J>4I-K%!5*du`#B=#W@j~L4ctOqJ&P*vdHphA zMXM*mwQy>*)k{Pct7)=!mFh)^((N{?@Rsz}B}GmYk6Hd&?*a6sC&?|inbPy?bz@a~ z0&(hQxxB0S^P1Vb6R$Ke-qI+H&d@x>;plL|LhpY10-fwl@+XR=mDkqtPtm2ZKi?;C zMxy;6_TDn8s&?)BmL&~>ba#VvcXvt(lF~>@cL|Ch-5@2Yf^;kzl`a7hl$4fk5Rm7b zdhL6=_r0Hey&vCqjQ7hmxNr^TTr6 zy?+tQncTFR$u^vJN@Xb|1|ZC;$?u@Qe=jqF!>S%ss(^q{G#P$A1?o<)Yhp4wBozB0 zdE^8sEKBS7vj_A-eG&jixDzYb>A};4h&=6L#9#d0>+Iq^o@R{nn8%w9ce7}k4s&?z z7gZ8(qvVRZNh5A4CD*jfk;3PKb3&$~wLA=V+1-p~tC28f>!*=a9uJYUpMP++Yd%yFO-mGs)tDM&@g2AVCcfBuCZKq~=hJLm* zAAb1h#({?QXc!Yq;3B3e5L$Oa-*iBL;JsAMbN|+xKFRxsm`Vk13Uu0YHEMMAn*#Xj zs!)-YgkBs8Svt=X-z0{|<|aZ4KKYDImXip{K8YD_Su~+d9uiUc5o)#d&F}yLAZ*%C z%v$%093+;e3=^G}BPzZeU<{MNL>*2;<`?PnY1{86b0dU%3^M*?6jE|!M)I-SR(f6O zc*`&~!zxkv0h>%%EMgGrr`tmn^QX^=7QTQzuU>;l7V)RuzRGFk^!xLY*LR0)(XsUX z)vGwd!ZEdSD=3UcwPiEf;3Vm37xYN!=P|l%*!IE9T=@hX5txV{2X+(qa^L<@pWsss zQE}BxEnHauazDZoFuUSjSz>>NNfBru39L5x46B=Xc<~3<&TlitMj70JWQpDu<=i4)9qO{?Kw7FfJt@|j zDChafuTRk%p&>C(wzcn8zg{qBc!$NtvOu-b;_2Nsb!^mQ&$_S(SN(N%PK+JAWGqN% zhgfm@o;8*f#ahKowO% zJzl@`crchRiSb=G5h?qP^D)a9Y3(mRNguw!Y0k8A6n03)?V!2WHx(s$-lwU8kmX^F zNLNN;lyla#L}j9x`9+c1glXgHtES>c%5!e37*+TJgO8GTZ8!>c?CbmpNMB2dQnl8T zw4=zv*Vi07&J$zXc`y6Vfa4j5)ZXL$Y5QBfjnicVLt8;fg7nx5mC?34kdp1f?MAg;O*@jX^f@M&71!EZbZ2Hvw0=_lkI^#}DCzMfzgb+8-vd$hJDE0xgmw_e#CI z;XH4=D26gQO^7zcR=0bAfRKu*gs{l>P)PlEN^65UI?F$D?=p73CGj*sdgWCzbI+iv zSlY*heAB44E(aa&5uQ&KJ?EgHB{hJAqSJm++fB!fwFppB!iOZcnJpXzVJ;II)Rt-L zWhsPL`z5In(<1}(I+chbIgFmb6=vswWwt;|9aiO@SiV=JZ|2F zmP52lbsu9>gi4vd-z!w3w%wzJ&Kj;1E`S`E{&d^e1({VTUyQu{g9t$}_oTO~q0*7L z%$k5|(HvajR(L?_P!K@LTAz5}x1Co<2L3TK&+~zA!NL5mAPa;>&tx?Uk4xsfeTsN! zQgqAmjB>O!MSU-HBwW0M1-nX{1J{Qun^&@~d_}M~T9S9MKl8N`+#O!@311QUz3-1Y zBCxuBw0s9Lc3fwWHfqRv^7~)IzXtJ-@XVIK8zEq>?kMIhCp6*^Is@8m{>Jh~r&$0u%STHBw|C&QFL#JXG3T#uIgAJZ&F_sjQ@q014 zlvbB+2gS9?gN%-7j65#hJt-y?mw|LK{SAgcz1bsI1_(D?4s7o`)#=^A%VVN5;wpSU z6%E>-dRri=f5CY1yWJ&~k4SjWJhT!N?0UG-4BH$S!f>C#Y7#2e@?tBq-pPS43kkf^TS$cc0MVU>1~h zEWllfEw4o#s|=!Cu8F!qJDW51!O~Z<&uYE*62c(eaCm(Ani$QM^WrhNXS*w%Pf|R~ zYlcPKjJ(L&TmnOlD#|=+jj60cl*?2ljKHN$_U8HZ}h1q^sXiJ(3*LIv0ptcqy+pdx&?I< z;?ARA(a(h?)>7m;aS3LpkflFRc+YTayj^K;@#K1bNo(R+9e5C-E22&yt~0&rGYbMR>xvd{8(BqxFcfzuv&W8y;ydIA)_9Y)e zXnjBOc_2v-d>}FtTUEAKR~nG>8(?wq6#})*d(pYvgncfF*VMVH5=l8qs81hhR7V~5 z_|jLI;+9WNVMS3Y_Kpj5F*{dAUpw$`J8o9X2h29lUE+?8sR8@kqg3)L&&Y?0dwPL5@Sa%&BenB zQ8X4{w;H-ARUF}IVtZ5oW2eMZ(VxSi^& zELp}PZe`fEaj9=Jb@^-wQoZaRClX4ALg*C0yD2I_$t#_S zeoApPHh?`vMn@}QgPbnvSrxF!u?jHzNj3W>2)vU;Hz<3Q@>0-i5DiFV!utaqy@6(K zn{Nim7a3L=(|*=5RW+bfWORo`j&9E|C%vI%je?cBSni?Ru%a1R(YBu7c9})dF@c2$ z`%S2TM2uhZ)qqva{W%VOp<}53yT9^*k4R7%V=6C{Cy4YtS25qpvY7k+mb9m7^bFEp+M>f#$P0X{a_$k_VU%x2C7y=yMWXlhz(27hC4U?=~&3ri7 z67Z3b8nw6amWQUwDep=Yr#y_?s+;wb1G8Co`-Og9$!F*Jos@?LQlUnm-T9EfJqYQG z0cby-h&NCg&SUsoAGKE9w{t<*%|DT7r+fjcLp=-BicUQwl<(NAXSVISvXe*Hp)%^9 zOf1EmOpB5dx;5t*G?~_aeP3`kQ0pRzP-r0ii*Rpw%bM zbO{uNm{6Euo*e?oHnD2^&q&oQF%e*qe+I<==}-O8&WrEtgkYkdbvh67e35+H`%huWYDt(x;r%ohJ^GvuG&@UNfLZ-Wv&qK9DF|N57IhJnyJzzcfa0SqHsz|$PMeNq^*>&)|8xm5Y0L*YZA$HNBNI4c-XIvi%mP%Oweu;Uj%&o^rs^g*rNh7iOo*j6@WpXLKH9{lN&jLraoCWon z0DK@K4JSoHrypJG>;%h;m)OkpPr=7;+fWyqcSST#0ro==9G$5i10b$g%73{6JhPgJ zEouG*t32qnC4idP_B9oM)eWc#zV7Mr+P5L6S{FI@eUKkkd!li^gi90{D9udABrQJ(=J_*v*Z++ng^z0I;layiE%ht=An7Br%pS z)2k1Q&_dILzOqHa6jjVz|@KMOr3uv-xOMY6e%LJeI>0)h~u;9R)TN*IV8$ zi^^6((S^Nb_maxkh28yWZqU))bca`EMmE8-caiXW!IvHOc6$Z8x(k;7pFWe~tA1!c z*AuE^$43U>;rQvdD!voMxi?8hlkKI1IwCo{%Yyi8^<&PFIt&lj(Io1+;~v4avHW4& zE$&Bohxbi|2rgIicJUx=<4`Xga4FMxH{6&<{Q)oI=dw=v13V3y*W#y?zJZ7>Prfg$ z8{yk2hen~)E;~1m|5^vPITzByw}WHFW&UQNDhTP6=0yCP5B-P&%SF(m0&%s!`5-2i z->v_`qCso+s3ydtCE;yb{LL*kcO8BBZ!hS-|8HmzEm%Htv+b~T{`>j~2s6{0|FS{+ z@9pCV4}9usS2Rr~M z5PjqK2Npqkt?nSebT(cE{oYbP5?fuV&^ChgzSfxr|K%@#E#P?sztE5~M@S}7*R=zW z`{&6yakv7!;|UP_t^uaBo;a=9dJpY|#=t~x5ghFnqy|WT@QkGk3ij>=ft-AJm~=iEBvBRs zr&t6X1Pqs!eT8&jX8cYDgB|}@OJT1I!#h*bMMiuw!DJUWWp(Kpm=J)DP1_zw-y)(I zGnwyHcEBt^4EQ{>b*rWP=TE>1W4u&&jt+X^8YWmPz>N_dPz#BAB?(t??;G5*1z)n8`;U+R7 z?46Hp5|pcP9Z%?ZXC4=4IioXWyUN`2_$dDlBstg+pM1}`X{Aen%n3heFPth_{~C0gAM5EG799z?bc5W9>;EbJQR3pWDg?ya z@7Nn=a6yZ?p%V0Jjy?1ujCMfn4jVAKK>@|9BsXhv7;|1j#RXSDUw9cIt%V;Bx+{XB z=?g+~(a^P3s0yZq5PSGSU2HrMP%v(-0J+8hbc-n{-+ZRlnqgWX#p*Krw;EnFZXDB_y+7>~%k+Oo9(5o49>2C#g+1*R;cK~*Pv zL-a>jz`0PWvol#ogXH0zU_b$ch7gR$3VnNek6PP^dQBa=<=ar>#S2K*_ud9yv0bh! zNLKl?Cn-U_*p}~sfv^-*kSDDqbpuTH7 zR02@0@$f6U5tql;dF)sazXwbP?id@T~(ELnvGw#mB@F1vc=cU*^)ib29{p@ z<<@p$SyaoIM;%RrYqz4XeX0`G#Sp2RN1Yg^Y=oJ}eDw8y_!J`hK&|)5Vc|k*pj$!U zoiIs=AFrS2zi*j&=`r95;I1CR44;hOv2UF*;rIj2nIg(pNS6pt-$l=@GmmX0Cv%}ot75m)u}BxmVO7sT!q{dr997R$zvv(f)H zO65?b^&!Afw!ZZIJ16VMya${WBOnUJ0$k?JkEHifE3$(C58{Q2SzQgmb5+q=Mx{7+ zXg@kU>!2)u2___L=Qu!o2PhodzVQqKZ(aBK;m_ASBGsEv$-pz`_S* z%Y9*y6OZ3c96NZKl<(#2+$;NJ7AF@iIVO!lp^N@~U-0uyc4TFIp|OKHhXksp9;A#ZI(EFpQ<^jJ# zo6_hT<*@S?#Se%GJlExE$cU}z5dBbhKK^h772H=a zCtH<$j9C-4et!IUqC*9YMl<`yKy*^mz4qWFX~)z*6ON8`;_>3nXM@e{A&I)L)t}n~ zy_v0C<2f<9pPvCMkuIRqprkV05Qz+mj6y%Wk)>`$?7P79@&k3+pel0odXQ;BH+e2E zXB{u-KMhE|Z+VT0w3)w2+ID*#B?ILsxzt|imi|fHm$E_G_Uo0XtDi$IL3kIkj1Ce& zdxCWhR;1i9S}QCP9ScD3yHOe3vxw+egTyfQl=JwiA@1G6pn#xbsZNAWrwg2qBR^SXhqihXYmB9URPc!k_JWQ|hu5e)BF7 zBUm)$m}k2FO=#y$!&v6|fE~oCodN1)g7?chGY9T;{r9{)NGSL`>Y&K&#uK51h~Brh zf}|6)A8qzNb2IpIiHdFY`g>JuZCp!Y-10PyOYm9t4H}k<7B$nb7NptOR3^Cm3hzPw zN|YEo|72fMVu{UQJ1_w%d{=`}w`iDCVKjhOPIewsVWgvS?v9?syg>Ioxmyd2 zeiRxe;1vOsKUcHeuL?Q(st*g@PG3+zg1BZSa_cUb_}Y6=KKs{YlzBC zJ&mjVyH)?wT?VQf+uOLE_40&?UQTVEKE=5_#&CYo^n z8pEsh@F#Fi6i<~d2V?^`p|IbS>~@*_Jjq9)?>^HwaS~V7l$lZ9 z*mIVBn*OX)(B-b*A{FqTY4w#1av|Iqur4cCZr}wG;^(KO38@|s16RKi4LYoijkD@`s3ssv)Qg;Zt5kno{l@P=x32O;*G>pxPyn%wC z2oJ~rOG5^EBhD}w&3zW4-pQ^0qKSK&sZB1`Ea+T_D#Iv@dP0QyW%p3eb4B)hZB{m* z7vh7*%S*)5N#($qh(^l`_^nGOWOdY#YEx$)9d4xchZ%!JlJtn(XRtM6Tq#DO>k+@XO*%-CAVpoJA~ z8~Eqm)ya|$F6$c-@2wlSQet;qY4)UCqufqPX@=c-MxKeG zc&8AP#d65%(7u&R(-GrLJTHNG9l!2Ef0i-L;2-0)N>2>XbHI}}d^R}bBDQp$QsVc9 zu2}=7RXati^-S6~o=Y!wbK@T8wA0;;)G&q|6Q5y^$H_wf@B%3I*9-HH*?4ytpow?x zeo*=*D~xcMY-Gp4*iGJCtY^adPK4c5k|N`X>WZYc_nPpq?g^FYvN!6TlEeD~s-W3` z^sP}gn>SXFle=}ywv77D%I;yR%PJpi)J^mHJAV zhd)`-U5d*}r=}z#zxtlkn|`n`Fok0EpgM!6O^bM;S^Jxe?G5dMPZN*Tq7XXz_PCto zUM)&_WCn|clt|qcg0sp|DsSuPD#?g;ySEejg|JnmErrj$2#wgSJ;U?@$ zw!ibtBYm(u=TI=8zVW^h#}kx;pv=Fd?@#=(2e>Q>eLfKIn@9a#Yjtupdc&|Z1A zl8=ZSWirajQN(A%#g6XltZZExpy7gpxM3Hstxm!^g0)5TJVD#|akma&yH)Ol7jKDt z5F9)4wQd5>?>AaLR~n)8)4?8oElTpOikb9BLc=Vb+F_|jj}wl~gHfNQV&jA$g-Vm^ zeyn6Yj+6?Czm)Y2NjOgL*2ib#fz85k7&N1jRCo=$$@0Dq|E8|S?i3kFEUD6d(p|Yp zJ1jSfCRIpA%|5CpNMSYAc)l(Wk?KGF{#I|hBkeOy8_wr%rKKK|rWPJVXSAbXjTLYq zq4W*9(OEt0t-iw#D)vgF38=ye9yrzlo%0Ti|!L2SVovOu&yBVQbUGbiw?R@|d1G;F0*Vs^U`T7xQ%reYMbon0u-7WWSLJugIc(S@wL9(GYB+{*K3gt2SoY zH%E+V4)gxUak(IBBxFMr0+VUmu<&I~9ikWFCc)>A>aw5kxtxo@e`Ey^AX(wp0ws&3}gm69I;`F2kvxyQ{++!0fc7dbgj<3}oQ%f!4u3dJ@gBg};$a}u{BdC02v zNt@Ed$Sp$fQ!<&sz1o4k_c}^qRDkskK5Q{5Q^b+j-7OpK?40Ol_D|H-qDT5#oohW` zLh3dh^u)eg&d9OqLv@XQzz7jmITGj&PZ7uD|Kh|BLEn!?Isre1{!rSSxrndP=9P43 znlkCbFgJ2mhS&iBRlQi%7-@E%rmHXs3&*!|y;Zon>%rgO-Xgchl~szAxD&c{)N*P? zeD2oASW$DZVD9T0d#=NK3?vl1%|0ckzNaKt7I;E5m5Sv!-6n;p4+V-WcfX^E`S04K z9k;@sdBan z_S#!)(~cZ9x3~RDlBt+S8YV17`(9?cXRMZcH6LM0GngBVTVwRTGHIJWysIyjPZtrO z`)crY`G|z}sA5KVIdWED_e>j97Q9B(PW#59l+M&~_DHu;BWjMKKRmqlQpKe5P)zV(VTnAF-I9>cKU_@w1ms*Qu>RY^!5qjgkscU8G!TOfp;hcev zb9RHV!FVaX0(s<`_7a1Mvggk?;29WhCQ~5_@EwwJzTNG+#JIR9_z5<2Qa3<+x6t7s z-<(?yMQAWRT)E7nCZUhkvXh9kyzA^wK24=?&j(W3v#@olz(3|+q~oKi^~f*s@)Hl> znfYA4oUSOVLmWF!8g}z5I#GSaoh?o~%xg9^tvi5iS`=dG6__$t5;*j;k=up;l!U*b z?5^526+HSI)o0!-{c!?T779`R^uyRF`%ipN;@A!)kx1{v@5FgflzeW3r;!EtIR91* zhDM@l`6kNX!nbzpX{qHx5_Zyv1+%(hl0RE!*Q-Q1A1kMz+xu0=I^?$6JEb`Uj7Q*w z%D}%_8UJWgDPy2XF}u&A=T151t8u9B9)Rg0MH!)=9AiKJiskvsdmEJB0LxB)qM={h zrsWi3-cMnbMOvO59-Mj*sc6NK-hdoRw_uE4uV@d)*$06_hoC_jgM|{_XEjzRc*}V> zpmwSNiPq%1RdaSB!DpH$9A*cC2-VYWPV{DfE_( zX2S3_;uAD|YgH7bRRbNO@x%t$bXDrcbS#uv2bEg8li#MPh)>+HX~s8NDFRWjOY5|K z42hz($VoV*!*|2=#96G}zWa$|HGyW%Y|f#`j9Jp?L^EO6j@O<+AtMueIf6x^1_dR7N;9rX}=h%X{DtXB&*_)m0HHu#GTWB?fw|3O`fEKHv9$ zRp#gmO1(W*L}-|lt{n(A zyWWC0wt_44{Ac0n;^q6sHK3U8ZA2?RQ1qx&gV%#MRK*^Gy6(JOIj82_f201Ajdca* zCQF>tGW&Rzy-5n$XSnG}3QdcTK;eT$V1;P9$@*jaa*6P~7jST%1ARf-OZz}p@HC^5 zuhjOt0zJWS@lxMwmdw;ej9(6`HQffVn3Qe#I$4J88&>Rn7PrYGQY=5V^)^-BD z_=48xS+P;p5r(?L2`DES_Z%-BYTgeaX zLTWJ!i3oE9YoY=O#LKmq(LEtw(niqmQ1zvUThaO`7%17dWYlsT$U|z|OOw^p zbh$L8H%S5bt?gEaIv$J41KbXGY;Q8YxoBL9Wvi>)>=PN2&^zo8O0dnNWxYPoW}WZ> zEeF5=n^w>8iprkXU=ZMw1X(V0gceENL1IoH3*%X_H$*wtzT=mrZK3`B`Qu|ZXXWXo z{?+il>)Va&nlUWOv@UA-`YOivp%idQ0(!KIq&OpN)q+82oedV-GR-LYS zJbLPKhPJmQIp#S%e5|N?1EopQ6{Gbq^P3Zvg$<#wZ?*sFF2x&XwJIGQ9Y$XAjBC^jbiQ z85k#T>o^bb8lLlde~9P~l6uLiP5O=f=f@AhApENF@yk(@J@=^UKfC+vA{(fgC@L6o zq=kPv=HxYd9+!+@%sz@&!^A$0>FJ4(>W&-4C`Z&8lFDQ<1HGL6(2VHFkeh--(7>Cr zO)UqNu_9yy1-KYJoq{?X+$Y9Kp&1}mfRRME$ZgBOrCY$d@gOph1D8bcxlx%|rOy30 zX&oSN3*t$hmb;PQtXXz^Z%&g3d(%o=`_KVduB4A2X%tlCZsV0&%xDYXmMN?j~OgOD#jpCs9q5A}>elyOHR-3jaQE z1mRW}VVgCV5?P@3vsC=Lbp+LB>;-4}gEFVCx*`67)_<9dQXA;f z$+0{=hi-*emp?p)?YhlW@yT4l< z2{1&5UN#)pZ^GWGhBi^>!stl7r2tZ!3)S~y!I`4vl>c^~Bu3cYAjX?y@Unn0LPfU{ z#NNm8xl8V*I_nA^X_WwG+wh2kYxMxQ8bbDrRmU2rP>X z(VetkcWwP>LiPd{zpkLygyct_&p`9}J-ESyY42F>kIIioK$7J_9Z1UNrnf9y`bPQG zW(&_6p{&d03*p)l=xS^pSCt%pT1q)o_-s0(I75VA`DhDtowUWSC*s$>aBAWYn*h

tToQ^0#@!bVxFbyW?w&ti z)7vWDO6zVJu6X(7k!7kytJvxIeY#u9K5gRbdEu-l)k^0)D;r|Fhi@9XrhL#5q+?&8 z+a$}|9#TwSeIMDypdhC=mnn`Lv_enb0y6HRNwsVt_z}5?hh3iXo!Mu&D~#ct^H$Vn zJiUxzeu&1sR&M!+u0um=LwYD0;!oL+q(%p z%uV`3nbj0EViIx=4IWBe>r`|)CSL}a=w|YwY&A%M zD~?mnft3rD-K-6L-`?>dix( za9j&$84>!D9SjwXikl7mh-j{Rg`#Rp)s`4m*?WR;*6GZYLQ?wQiUn&;$xtSmoB7h( zsoaQNyMVyEdakAE2n+W9hneFAF=C7(!drMFi{Kw@-tZ|cs<_}Ge1>$Kt1dz%*(E^i znBc-htURDJ%zx2)9B*)2KA)DL&WCbIgtk&~+xOs(uGAo5vfI!{0(K-B`qh;$G!RO;?H7^Q5#3aBqbmGer5`_F7xyeg60i?dgETV<}}lYTyoN3^S~j-%Eq9q zu!T78N>+-WQEBmgPu9r8%M^9Q7iWsJ3R)~e=_bXgr(#dEb5uyUXLsE(lW`6M6i(j= z9n<67&!fQ@3DQme&iYY`?Ur}eyzEAm~HQgyNVyk@{XjV+h|ag-sh%TSiuJH1hJ)6 z9r$!#ebQ=+2|g{C+Nt|G#3($1c#InP>7{6nv%p#pIt!wyF^yut0_5naW_HDc+kBD*|Xj(xZ7v2f{? z5^bW>-6` z{J)VudAY!H$#E1-5_Hp+^0H%yI?k|{|T-9$DfXhAk8|aRbRW8 z3MM1uVA~VC?O{wga7{!Ue7XM)Ot84VMx1BKlNvzhx>5UoV@d54Asd07n(y3y2uJ@Z zA^qo1@pR^{Tqqy@l-T_zYN_@mz@EIsUQ;GPA<(Zl=s*8Q7*Ln)TG@Zc=!ybUp8pr0 zUNc$%h!Hy%%$r~6#VP(Ph48<~EAmj_Vl%&B9vhwXpZM25erKnOa38CF#r`<&k6->L zerg@^HmZrz`J0b{zZV|vWu8Z{`>Pr!>C_;m9X zB-#q@e!Mr^AU`L2`b&P7M}@&BDRj2AbloHQ@%_~qpU=8HUb@fV)WQNFFr6A^sDLrv zUEpe^z-4QY_Z%|DTT0r@KW+kWUoKvAr~nZlFc0yz7Fo2E7v7!9obA0($rUmAbz?${ z(T{vxUBN&A3M|)_I0^Km;6qPlr?ZoXG7GuNp)fQxqr5;j1F#ye!R7|U8{CzVzNiB@ z(M$9tr6wIxOE78KcKsJ{@KTDAS3QMN+c3-0rxF4wX(^L!jA>eV`!LgnUxr#oby6$} zpAE=Jgh^n!o70cV>jx6I)G+Z*P@%C#{?`KlYM0$(I0rG8`I@7^|@l=V_kN6Gq&&`JxX_*h#Y-rC7=dHm*k0)wuMjKF0mG(c7pZ>^U};25%s0GdX#e!9)r- zirDXD?2ZLN9fR|T!CE4y+R%ds zg|V~Q5DA?bJSPa6&zdKAU~`h}?yqJ(hN1gl6CAy7ypPT&yYRYdMg6aiAUZXdGr~!y z$$xqw{`_4iGGwQBqdM!)U;c-8G!GSW5_2V-LHV1{Ydj!T=31TOf0J@WrI zE+F|bFfS6r1S6!$1CKrm=ZYwYK0t+Br}jmzfH8J-mF!N$f7y)iP0cU6cJoDlRT2NW zV~q;H0IBw<5hT4`fP5i}zy8V1*abs9S)-0Y>n} z*ZD3W-y$ajqiYTfFYkk8C*Z&FpQ3L+7w3=&RzTaNR&)ozKFJ`3l+?>?Fn*LR;4h{! zZp0N5m*(NT#|A*<7^@`67b^Q%Unl=u9RigRGR7AkV_aasR3zx4^E*~{B3p!^F)|Oi zgRC`D7E74^PV-jvB53h&s_*t?L1SPf?gJ^(Yd12WrF#fDTT>I0 zUz9GO*Es)+M^z+n52&sscLC;OEySqH;sb{>C!o|835HaQ=w}N9R_GltyEtof-blBM zMT3mAFy%M^tK`-SDLsXNyHpo6MFe6G|0QNQVhV+NNLaH{ zG#E(Ip9;aapOPwhvm#$j(d}Ad@)_U-!a9^F`eFf{e_*2^cs0W|mVe6K)}sKJV>Nz% z_4>hW*RrBibfy;`+GX+|fFBGw#IXVngz3HhV*qseUyxzyglWhK^3Z z?4bz5bkzCv>_dTCm#IF!9gw|U;My8w=FE-q#G9K4d_0KHp#r12Kl}sevzFZXbODf3 zE@b53gQVQ|)C-UUTw@#La0f~~!jKBkV!1cLB8nk({gan5*j^wV5zcVf#Xp~Z=%?DM z4#10&Km+Hv`skA$1Lu=B9EvIkxU=k#U0LXYa$S^jfgLwQ=k^$FLAs~9XpvmlExa>e zr~vEigvez~GJ!Yv#8xQaqU1pC$=!tb2ByB&?@sz|{oW3>qHm;hqGBEldhRr>buSnR zaP`7L%h(lov+P9Adg<2$v3h;1&XH4X^8+L@oTVam?GyNeU63i?&;Y zZ-&a$lP?d1q09hpl+(ooMM^Yibe9j1(^)D!iXhN`YDRpdoIM6{pRS;9kL)}LPJ}^% zniH_qi@@3*%a?!s=jEE@6VQ_vndDdq&GLoxac3@o9a4V1eWY?L6ilFD5io08PE`HH zcdz9ea&NvAK7^3%xS*q#XL%ZFRMSUbf^Z}d%rj43`U8OB=EV#3>7ViTjOyN^R>t7T z5AJqDBEAmW*72XzRYM3OZwxx$zW}7)w>k(Fd~d`({V+PHrfm8Eh{+z`eW~z)ifs5A z;*E>J;jvJ9*7#c2;4420%$yve{uH&^5g-_eUjZ|@rz3UKVX1Rlk|X1_moEvu+3kV0 zKe{soN_p!^>D%qK^Xy>DEPa9yEp3r$U%XN4-+uOi6Sm|H%|OCz|MBUqj6nOez0E&3 zZ$yOt5oKV0<8;p|K^{I6zU32cGJMvKP2!R%cm7Zuul+6C+m=V^;1LxqPpt|*Z++p? zb}kaQiil)%7s%SAsnNbb+R;VG@(xp_|JFHF&9iC6MC?z)2#-%Z0fWwng%(vqJC)G7 z?mi6R%$dL1@vg#N5?Y$NE-jaGw+V|L9H1`7l+f&s&&r~WE`~{6t-%THMOx*W{ zxfVQ)6Z%DEya-e$8{lu>f;^XuDKhjkHSpHy?!Bijh8&j~fg2%g$(Bn2(rn|c0lE_u zyxzMZ3VF391HktBF@z*?3-$VqxAi`wk3*bjNMcHZ4eR@T_DH>@V1mlGU+F zeyBAW%&Uuq93vy3!C(_ZC`%@Ly8tY_1L%;(u~++GEcx^D-g`Nm3SmiGbhD2O5i~X| zGq|~?b^+ZpP1dW*M9yXSu-qdfR$0zR-1Si8Jch z7l}jbZdcCW>W7AUJi($MO|!)$Fv2=`Co9Fxu(|}NTX*~;ug@!m0hgESYH+oB#B^Fu zk|+&(sV2WTRGNPE7Dqp-yWy*#?F-CSwhu@;rCD=8m8So%D$O+P`p4(?Z#ASVyT@1y zce^#4B%_c?12dT47U7Ho6$BC4A;gjgHVJ<&my$(72X#VXnP_X>B1(uymztQy7{oxJXqtnY`YR~;%XvHMDxYc>nF^1gM7-h+Y4S_#wOlbYNQ z!PEA&tc9<~z>3E1MWKSBm`RZYW@h7?jR#+rtpm z>428`jIKk7l^&iuR1Eq?3yXjq!(XQq1mJQ|*mz7@SDm^FySZV`CcySpumR9-D)>LR z|L;OLGb}gwr!V>UP(lr;Hea@uHn&6NTLPRJ=_EAQj!R`ExWuzcoDyscPYIJ?<+M`K z7`T>L`YK0SvIQkH|9CEO&%mDcZO7^fGTXc)+^Zx;lws9cZPt;N%Nw{;zE^H3sk;Qd zLHz6Ds@u0b9F+OwR0c{`*6-3D|4b_`GJtnqLlgeUSU+Y_y^DSU_DxU!3iYr1dVuV~ z7ZFN_-x}(=JnNB+4K6mne^Rq`fgj&@BC2+pPY)Tso$6&xNtihY z;NY&Sb}F^0RcC0!-_aD2;>WP`q>0a zrA6OKhI+XMuE|I$%CqsDaoXg4=JWh-Dbx=PNV;mX|MY&sS6+aE4zLW`kWbRAJo#P~ zted(loMCExfSV%PXJCytvN|1b?}T@rO-l}e6(tD@#-25&g)K~r*?!2l`khULBBOJ4 z^Fn4p0z+r;qxY$}?B9UPKIXA}S`PgKB*fb!eo=(sd|0pQY+FGL+%myM=aly7T%}Vw z@{$%rr#6d_pXKbA@m6M8`F{*EICRw+YSfM97&-*6>k|-eii&|yDHO5~QdI3swu_R_ z1dXKeLJqUC=lznnOO}OBX`FJr_B?q3`FEpJ!1SM4%isP%96)fg2l*L#k@N|;SX?y(#ad4>YGpKvFY95S~11 z_wu<2#f`Pp%^0fY30PGQ63YvL^*{A>Kcqrr$Roqjty2vj+SdyF*1-*&g&pe^v zh&)X^aPAXZYfb#_OPGo2Yw6S?+8pIjeIlh5LQLMfEZmghQT~6pVC`g@-Z-at`FgA6 zKpn6Ea-0u+qaJDZ8*ZjBXYJY-MBk0X@(1=0x3Es|KdzuNj6MQ1)2>AMzETXY8_=MA zFhZUnrFM|~I@Li|hgT0)IIO9dUBv>)pA*%U?=Y={N3EHq#T{BG|HbI1=})7d3q{I7 zds8rdsOkp)ZM#rtBk~}A7;c32g#3{bCOJ1%9Tn+B(R}>@NkRi`u z;@fRt^w83=l6UVGVp?pWm-x10#_e$@nxyUEG3(c7~#RmV1MfvWBJQ`w1y+4SYc6`mDgSk(R+4X32+Z5HG&ll-VbmSZ(w1WFUL|jXH(?o-VZ|*+LErI}(-E=MO>pIJ{ALYK(%|EZjpM zWM^|>c3Q*2oI}_Mn)5ejr~f6|Btq~T6ao#`o0jOQYY9RMtX7GR{KO=eZ-icKux|$L%|{^)(1V2DXs9FMdDp9hDe@fXf-wt+s9HzuML-4u~9`566sF#0VUWa zpMcsHI%*lM2>q}!RfSBZarGf63%`GaQ~1(`;%0a;2l;sZs0r}fam2eBbKkki+L1u1 z{X9NF$9jQc5GGf|QhqbW12Ajg%lEp_HJ$$Hj8*rxhk(a)WN9h5(np)4{Ja|i1$;-O0~v@R52EOGSXX&Q zDp5$l#pI{`l_V}H=JlsD_s_!it)iP*)s|~)#(xt-9xK@*@5@&-2{5~H0(+wNn~JtM z&*9zZcr^gZk)~e`G8hL~lc+Yvu1>N*H^;Zv%=|$<_%hYh@=rh&JsQL7I5DfoX|&8V z|J_hD)6@rt3m%iA{B^_M@~qZC?Lxd4WKf3i)v4y=cw|RucVl(#S{S7Pw5nqP-*c0L0!c_sj&5!%;5_FAU7ni=#kNOO ziH_QZN7OpnyPXihBfi5TPp^Fu5hFD>2hZBS#UKlvgWe{Zn;S8gPxXI<6GTUEdA9hn z?OTt*bHBz1Ax)raCNo@s+VnymPL6`8=ztH%f6ckHtZ8~CR^ykaxOe(=8l}+VuQT^J z!lY(gk3_ANy2q3K%hFgJCiPVl0ro*2^!cdu(#69@F|zu>N1``NA{u?MeW=`rFPVZb z{Zsd?me*RSxB$GVL>jQE&e)ATuXs0k*rw>}lbpA5n#)%LGjF``t-n%ggm%h~Wb;O8 zS|1<+hM>bA-yQZcIfvT(VGBc98+(xXS4+L5Nk25V@gyf=)|=cyw-uE2aE-CQXw$a!^OZPmpAz%#Ktpbvg)@s?SDX7 zgS3cO$}$(N=Z8R3c$x8{2%X^Cv<2#r3k2Cl(aSUq{vEPqe1?c$M8u*it_cu4unpGK z`@a~Q--hVFPp1Db#^ygkss9&a^Z&;fo1d{SzXT-aj_x{<^Ln4lHmk>sVvD>hx)hGB z*c^<;XVNcvx{sXrYlGfS^Gq-75naPJ&t`g{p8Ne*1pec@V~y#xBXsCrF|;> zT>7KlyWsH;_x?*%Tmss+S<$dnWY7uX0x+29{{4@E7n!p~^on&myj1`955li!_hAs7 z?!_6N`Y%3u8Ji7PXC(LG)381w%^PhCT{r4X&x{4kdl;makH03{@&_7SJ zM_tCbtWRbt@&*(y?%^L@N<{b;k?{=+{uIXTd(ZNkeMGmVeDE6okA-EI7 zbS$n2LI8?qBN&zTaes;a-)?R;H!8J(JN?lT8yfb}`M~2)3P^v$g2{uHC*+OD)!dvi zIQ0NVkdipmVuIi<;gtKO4h;EQ_qXO-Aw-X`8szN}BQJh?GqP>5k?HF!5@v$vi}w$f zvRa{qA!mKy2%}fimEuC4Pai-Tex-K1hqDzKenIy0DlhD{p-DOh>}$|(<(PNIFt0Nb ze?yXZ5Z7TF`OD8rufHg`CUoN`fQKT@4!{?f1;+s_Fo?EA=HD$4)Ip_VxJ&0?9mYsGNGM6`jQyG?@Y{1b6 zt(r4Ks<2`?0G%bM%k2*w#NBH1RELT|ESjPj2NB_l0ib7kYJXQ zLlsV#^MBW)#VoQDzzjj5vY<=Xdj?F-4eJ* zX>PIvgSA+~TErtj?5!v?!`OklG&!4F1`ok{e$Ef+_?#fSDg=fK5{MnSDH7Yzd+)n9 zXcguiwxxgUGxkBggY$@2c?IGsPK3FoDFIPJE5(<5E|(&KNS5DNulmCwlk`%aE_J)^`)EwN9JjP6W-xYNZ{iU6YU z4iG!f=|rPP@0(DT;cre>tzf0PmaXul5hn*=Y-10z;C@Wmsr++YkokgYs*FWtzVzDZ z!49G#r$4DBXcY~NAH<`@0tTE(u;nzAb$%|J<&RyaNCDjwg8}Ewk9q(F(Y*q5UR!5R@QpHCO8&S(*X4?M3E46~-SHvp>V^m3f-9)|3B3V&pJ#zA5I z_6D>Kd|w&ejetIVauvzKG$Nn5N`q!J5i9yJRYbeleZp(C#5|Kg?3O;`P2oNC%IG@l z5o7=Fp0^UEneF>xKK@|3&Y$Nl!rv*<>Oz&*2pw8QW`}kM(0W z)&9bL&W`x8mfx6JR(FlO;SOXz;eMsA0TsvS`KA{Hv-caFMlQcPajWkb77hGF3E4HL zwu}J2dFTY>)eyuvYc~vLcmoj)M=NjpKaK`_FB-vN!G^0lqOg|DY4?! z{1cBJKKSD~&nCd;EePiu3*X#+t}i@e;<)%m%!SzOz_FmV4FBhY`g5aTreBQFqnT}H zu7%RgLJ2P9$wVO;Y^{)%ZGHnA1FO+UMJ|#WI!m0n;u%_oniuY!9*QOF=uRzZ z!VxFPyqwHb(DsS7PAo&bElN&_jY*Z(vCWiO9>{7So6RU74p?($oWmj_uuA_tsV^+eBv_BJL^n?s?{1 zBSHHtUWzAu5$A^6+9)5mxr+yCt0E(JBc*8P_(InKE;|gi&xQ(;Rs|Bk0^m~^0@tVq z;-X@{YoyK(`lSXiD{W&QqU0jdE=&x)kiiL8y^SI2%UHGgv=!&E_Hp9<(AgzI+$85(I<_**Vr zy19cbC-I*7I$^Mpp8anXYd)cg3%R50cyorBJ4dZ41t460^i?k`x2Vv0Xe?g!J^^w~rr} z{4yHouYP>9r`r?MacFq?k!0skLFLlZL50$9>%~@|KH8lek$9ZNG{}#^p+kjnI_Qg= z9jc#Kp%Q=vZWd~02ON3}UMm{976j0#8++tthT19xCl|7?EEg;xEF!G)z(+bqE#_w8 zEZC^sm7@(Ka*!0&Ej!nCP}na-;_HOsjw3b88=NpH-*1p`QpW0xnhn#WMOPTel$_u7 z;bYLetlSm`ySW$-YX`sF*@Kgt6lxvL`w|c;I@)dDr~a-=%eYth1b(D9$$*3$E3>>& zPya`Sa4V|~L`VF_1k9*Kbd~TiK2-bai<0 z%;*XWwE(%;#DK#S35i?B)ku*#derkF57Vb*ljt<&M^T67A~u3yNiWWgQn~Mv5ft5% zQM?!Asmp8{N7$?u*^in#o1>c`QVS#-b+^o?^9V3(!92FE!j}XU zM9neU5uQ$#=LVR6RD|lzLM2IR?eRud!N_EnC0WdOtM#X^64fK;tTx#;@-||*UW@3o zKrGqt7+RlA*&*`UF-M;n9}Kb+O{n6En}7>6)3*Aiaobn{eds(y3CW`qW8|;; zDwK-m8|T83t@G~BTd!VQmdx~5CA0XB_!_=EQKyVQ>b3Xzx=kfn2lj@X!uC^M71IW+ zJ0zmd7UDZ`KKaNSIk2m(Va@cYPYRkOV*E^goYI-}&(`Hskc6(4G;!2Gz ze)7Fih4!}5H%Uf~pvcC#EUptbVwq1New+)Nf2_7O7_S}c{pHB5kf53mNS!IdGwqvC z(YXZb9=WyzCMAB?`*FG5sqB&Y3sKMha7%YnYOd#spYiaVl>!sTzp#A{6SxdPzSTvR&Zty@NXvIe@=`D zMBFe9h>Wi^wosh?BK4@z!A^Rqq;w1anJSn6T^gDsy=rMH(*0+TvFUgOLbKnSTr*bU zJP*}Ywg!rB9hI!mBFFk25S8IB%GV-BjUru4e!20cReLCu>Uu~g9pU3M(Uv4)ItEJ9 zOFo@A9gFuOf?khds=I%^hW=VHJGZ@A4t05n*Wcq4(mAN~d+ z-r%syRa-qd9}>LfP`7sI7MtX9wC0iDs1?K&zSzz+Rnxb?z7W!T=e6Klb!S(FS|Znm z(H{@IMKkXPQ+05rSd#}Prso8sSl-*P2Z_ACZXNq)4aAXlVvZ<>8~f}<@1$Lm#%OAB zVV=h&{vAweF8x=k2iv%vrF9#W4U}RfR6cu-29Z|^;VMce{9whG zr?4x|m>FE3Ds{)tmR9ml{K0^qB>1aqVkV@cAdm02X&s{B8rA{#(F!w17Qa0*Ywi?c zS39<mOIT@`I6U$I!17kLN47;zO*WiJq zs#K&PrN9fRpOUk3_&cemyuc;0)5wlm+~et`s3SYb2$Yrhh(Mi`pRlkCGdv7bZkRbV z;b4d*EX2}%HRBgc4##7UqOYV~7MZ^u5}tdF6iqH@n^8Wq86G*dGcA1-AN`op9qTtx zu@C3Ijkq6$4yv18POR0nfxM;tp<8Qrh$%!k-1=P3&r@OPt7po(_z{4oPz+X<#Qd)s z4H+WHe8NawQ+g2>PSJjufw!DcZOHV@dWL(|>r}n&M?F5s|JBg$JwFjQfOBRjOs$2k znC0<1gU1=yOBy&zrXSIgL#`-Y$wf!s%8O5GcH)t>EwEZOpbOQ@^TNR`6X||gFTT6> z>8imM%Ca~5hOd$td2M^C>rIsba7dXCEjCxtJBPW6KdI8BS$bNbrAo^Cet(8|XRO=W zMLsLRxcLnP>@ma3XjzEw+6@+FJ`j&s?p9Til53N4>9&+ty-X4~3!|KYY7~{S>N? zEh31j6&flYBx!`%(40%I5K-m$ZnLoM%t75jYBiOs zt+ruwIG<;V!;(NBRd85nlR ziW|q9F(!LQA~h7)U6QMp&Gv{QSt1BOeSL%T=4;yfs&mFF3;tac=!^%9XU2}TuWG3N z(6WeypwF%xf-kQG!fpGri8Gt}D{f+4t2ut0kj1iukSwIS{@Pk97LG^w1%5zQml^fBE5)8oVS$Ea=zk z-LRqTRyOf*gGk)77bczLeX=A^w^$|4u}0@uy?@?zI5LXqfE`0qDTZ~`P4AKmRwLp% zDiFRjg|MqB+dQ!g219CD->NnMZzZpWhG7Z@kNDyd?8Bz@M4nRkcTWa7Bi6>$m*z;2 zhpzl>4ba>|5Uwrpv#m&FhPqSAQDpd%L`WDG*$>R}C4_^2{e?#~O+YyNTGkPTzPwCZ zUOZX%fpfwq-ozB#0r@CR!GjeP7yg-uI(0poU5)Ewx-c+VNlM`{B%Qf%4y~;b_Fv{m zK;pN|UB0}&&^eX?{CKs`*{5kdO&XGeA5nvtZ+ZHqH`l$}^m}9njLAU7G&;CEbKmP| ze7DoJ&9??|azx9pjteB;HfFFP6=;b-SSQXW7LgQYtd)g!1)R=@PLs9Hfz9DhQyj{D z0Uk7R))5{MpRVs?VpZqldh4)s>P8Ti>(j-}Nwd|6HL znQWu7UI)`%$abWERhz~9CvtF+PR5u$Uq{Bq&??Q+%sWmyZ^3S3xcExnVv0w*g3!0i zWZxye>5+*}q}|c9I6eM2m?D2leI{Jh3@fmBs@>QZ@9 zqrga@3L)KU=Q{>VxoT8R!!&HzE6Ij4{ z%BhaCL*F4yt+N{_(@9DJ1i_Ll7zCTC3?jzRw{2Qf5`xM$f*V}jT(Hl!^yxKV z7k7fbfWW#TVLq;(Wye(X#$7ivePM9@=#3k#3uf5>aM2H`qW(5IlC zEWOU3{I+hMMlqlsgd=k=|e0tyz@)hI#m-pA+W`9V< znTtDr-B6YK`QZ^3 zzo!Lrt9*Pjr$X6%Jp7H0qaxm73C9kzITMa6w$FAPt>4y|@;i(miMma+O0@dUylRC< z8(R&Q62V)zxesjqC^-Y|7@PEHa^}eAt=B%o_%mvLp=!dWlP^<~ykoA%R6&=MB<&o1 zMe6g9!Y1Xe9(N{Kc)NqgVt)z}qc?T2!rdkHBUE1LSKH?`JA+QK4mJb!@rX zWAEeK!Gj(>0#Xhlf}g!pXgaKZP@3#sB8V;_-JUy3{KVexYLD3>MLiWg)#(~l%KDQv zoEay|6S41I%&fcrjQ54mjSxM+E-LQ%BE{`*=)}MIF|dN5Xt^xcQt~ay+A677FN$UIR&nto3{XXWs3N>Bt~%&uEFNKL@A(?3{k9+zD*X!hHJSCk|-rnsZ<# zY6?gNUl!$7bRpmcwQIn+jk#+oaIL-dZw?C$yXq1;F*|O8&BIqC7K!Tos-p;J%-CM+ z{D9)0gYJKGLdXu~g^YZ?N|S{CZ0~+Q$loDHnLI2uT;VfWe=H6E_MHClarjyQEeD=g z6#SBbza`o@dO9nlfAzNgW&F3c9-{032dH`-E z-}gMY`0p>$Z~vNo32qu?$UyXOYx!@u%kMvGOCtEgl7aq}zdtd-NPtcAHtWj&=9z)( z`#20fx?{v?&++#sri8Ce*A0_7Oj*&qcLlj!*WqHs%GB)I3Qp^i`aw;#kM#BTLEislv&5{grH&^PJ{nr z2K*m0;QxE1iw`{jQwrpG?|q(y5Ol7x5k-O`O>{(Sr04$bS}PRAZ$A)=TxeTjuso~yW^f($t3V7IKvp(EAr_2CoE)I5*_rM|RDn%W&`o7+ zf`fU;&8hmu-7Q2PQEuKDN+apDkSz4>A&Bupz#3m-4XB_(xXpEvprmvj1N?}F1aMc1 z)$eqHBXZf#C3;I1y*z1-7dPz-frvuM2u^htYOiyE?V8)nH2Ug677Kziwjh>c^|yI* z+7LY~IQkJF71Xh07D?H73N0ntB?nMOmb%h9cmpgL3a0N&I5ZL>>QZ;U*S7#Rt6K|z z9l9f=mA_GCjXoR)=wi~4H~w;um!28k7cCh(QZ zpy3LGti|VNblfvA_NJkkCEJi>k=*Df^MJQFgE}Oi>9>?==p`nPy`?= zIi#~YHAIIbGm4-^soLT2PJwmlY)%+WB*Uep{)~H{Ps$>e`8Wat60RaZQlMnQA;-LpK1vb@BA zryhyCRTl_(r(?){bo6BaZ7a!AncDs8s6*vziVFLGObG-j0};t;_51zn ztyXX zgAKIV7g0T)N_nA;UJ@Z=e<#`StAjwZ&T>{QewLRUcdv9^R>6dBphG{}8GAw4b z&;Ks8`@DQzia`T)-4P@PHV)S&Z=h>vHl+t?#EhO)$#y3+aSGEHe{G7xOKis`*jX+a zieVrg_|YfXP+V<5>$r^hk#b^MBit2IdQ>&ZEY8VI0klVc_ELdxtNkXtN7#sP9?kA&-?Gr|nUsAM}Z04T*L@y~5}&Q%MP3G<9GT@R~oaG`01$8GX9 z0W|AG=|5j%7`gQiq6E(E=kUb6(`k78KB-b;3#6~@feOL0rS3mIm|P2boVSfN7ajyk zSW84gZx?J}Xp<9?Tf^}^4-o!$<*d5D)(L~q6EuNXK?;oKa%A+2l`VA7TkgfN5kAt+ zd94?T3`2%0Gb^g_du*c}_wbdnHVYnLJPwpmj12P8kCUDQUD~}Iv#!_xaAZm`TO72LeJuLAxGWab%q1|%W;SFiol#OfFj`==b^n~?mE}I7KlCM1TM+nA&$g6{(k%qH5iUGgW4suml;ykM zk8C@U`v!p+sP0s1jn1UiP*zF-C9I&1TfbQU#Rk%~zEkOCe`=006 zn`8J2LogM=3XO3l+q)^=k|PKZo_V)eEWOt z*3a+a3vu#uQdm>UCU_+EhQ@BeR_` zNPyz7Y^!VYQLqk^ob3USk?bU~W(&%2sl|x6QgU^9gCu6URFw@AsvYHBZWeyOGo~$)Z*`)i z@LGf&hvfF8?}|7^YqM{Uu z)%g_CMo`}?a?DXOPSyni7xl#`kN_kcK3IjF3*zV};|7VE@h^qO@PrP^g{PBSr}LeW z7VM`5CA%K0m|r+KnHgT`+diWFJf$vj43dPww-C&T8SRH-ipq)8ufmEK{6-!JrNWCm zkv6|8W3_=lIqsg=qn@Ldz8LNh+{iT93!Vt%1rO{V*W%ExBl40;Q{hpQAc`H9t3%*D zLQoBeda4BteJZZ_9?2ah6^YnzC1vX7*v(8()r9BH0El8}ZtP=1E&UWO=(NIW#aYjh z+L=`6XcH-fDpv-2AiAtm1EzfPBKqJEF)z?0IdxmEkvPit{sf9DMb9iEA|^=^cjhdP z&9GIzQQ>&??dubCPC%;coFQhhqQhZe6Y!2gqrfciNuKEN{h)u`-^$Em(G?Ke6;|ke zbNlLj`PJjm_>ZtE)kf-%s-MyDl_7Z(qe#|lbIUqfBIxUPtQr-)A&|lgdwpL_>AiVn zO_IToPmSiDr^`F5zQ{t~>ETdo>UA#`k~d*2Ow4mM44mITh8h(6hPv$Gp-y76PLM=v z+md}RkyA2$1_i_rC$Y1HBxguZz4{+*-ryug7jZ^9T4Z$1g#yh_w<`u0N;=kRsMZ@h zsAe3Q2h)#P73e|bp5pl!J8m@iYMTXeCaSro1@KU_DD5{<8e%uXJ%eXQfj!1}C742t zq>o2&zpKA-{%pw6sdk)L{Dckx^LW`=i{J!V)EHD(uBHfKl5ig;#=S0cbU{6yl>8qi zq3)>_HI52T9FA}P_zx;Y3*An~6F&0JS%Cvll1q7ohl&pqkUuIs=W(FKALLQqC&gwuT8EM3#n9{TOIrh2Q%y4J`u2*zL5t1k03J( z;&0CC^$nm>p0|+rrkEjqyWdgMa2G_Gu~}Oqc{3_kPqd^FG>7<+e6Q^o2g)cdLbdR8 z*lxUbcWAfpnJnAID35cAR-X(}?}B-a&ON{U4JW^9jMD3Ic0PmBwi~Jt;~LrXsb2@a358eSl2i`mjw_%r!Uz$YYKb zimk}#?j;sJweQwqx&@5nII z9P8>*-z0lqzS6PPtEJ|3Su0F&pYbKEwcG$f1|9KQz~Nhch2S^6BI zTq4}b-(HQ{47)ICTbM!erG~D51+(Eh4XYf+Fr3WM^JcC zOV4u!2Wk4^C_k$59gk75WB+DsknCGhGS#^+N%(e~TiTyteP-cAlJUp@fekw{`Dek4 z=1NBzA3t?7L!kWmQY;U2P_y{3jg%PHI1J@(9BelmZZ0Hh;Zl)qG+vILKMs?SGbUh6 z6N+26@PnP!ImH(9lramtF=pLNB>7TOLw977^PMjQAC!X|SQZB8sCa^?xq8o>84lML z$GM5{v+EY>j%4VVDtX8!2y>HZ73F#f5+c%SRg1Ezdb`Xc0yNYeMuzw-%1+@|=wUr@ ziyFW2R^a}2!>~^Es2IjJ)71k0a1NkgBzt9C_Vso2#z3uOw<_-QH;@ZMX5_MBsf@ZmvNcn%Lbjh zpFNaotITvx@o|pBzVT?hW$+9N1pxEGXh*APk@f^D3C}j3GG=;AMMtd&O0#{qY1$H^coa9Y2fU&*j`>Y$z7>-{K zpGq!O-rdi?QMe}Dc*_vOQwMwLUW)L{y3Z|v02LKmmw^Jz>xN#*6C>0g#{SqYui$4# z!-)QLC$_^QN4i1}->6-Ff1IW@Aaa+#RvZ29&?x=Q46dkU)ItI==3D2{7(a4R>_k5L zXIJH;=o{F-Yq7+WP^xga`@g=#b0?GU;Mx-!blXYvOAV>M(2_b|v&$mkTypufgu4>b zd7&lN?Nc-6%Dbd@j|8debn6)V?tHE8;GEy8qVKhg+PZI-Uv=2^C0(crLonQIDUo~C z8@oy{P}Q&=eMi#o3|`O$8l}!S-n{SMcJ3VzA$@`fA#ps*3|3M&e(WnEc^ld9OKRci z#6>?2gh2t4${3@MyYNf|%Io<6mu)BY#k4?~rTDbc1y+UqG3cZ7cvZ+AGEwmzqHVGHFbzb;Y+MruxUk2izJb!Z15}_&PYAyng(AO4l*HB*Mi{EyR02S0zRA?Ug^fs$`{v8qh&L6O)v-@_q4_Fb*DI~7ioSb(Kv5_Nt?30(JIC^x4 zRl%h=b_mbHh1FM;B~JJ`uU@~0%ZhyA{gbx2j%roShTEe%b<;`O$!<8417HlK&{d$O z>TWK_fq!pPUE59Ls?RY11$97^9*fd2CX2_ldqTHgJTs`(8yHar#+Yo2o7HL4v@H=( zmyd30s7hW5j|O{-+>Uqbf-iU+TS+fBlG0J@xF`|v%Sk4*(Ujvp<92B^?Y+U zd*Kle$Ig(Gp&t^2GVwp}_^5UEM1DQ6T=`~{wR-h^qtT2Q_9k`KPs)}L40}S;O=HcZ zS&Jig@H}>%EKo3WCA1O%x2mTB_M%q1g~HxBKV)|sD&D8=N}8qY{=^8!L}<+I zd}s{hv(0f)lb_XNSd1n>Y?VcF_zQn3V*4k_q%TX2ZJ+XHt!b`NeXt~Jz8b|Bhfjn> zw_ZHUUtQf|9wb92&Tx%$x`{+@^mT?UQPY!sYWTn$UPu(`%`ZB}19AzGlf>~cY3_(g zhe{i0Zn5_Z5|zBjF%K;J2QruL9`~vknu4Hw;=QqnPqLO z?fA{iI9JaTZw};|`UbKB1HzRV`4Ya&GZ9XQG`M-vm;t(K+ov055~1CtE<;dSaciZg z(d+9nehTs9C%rKB5bc5J>*O-P|1tfJ_W9^Z>Gt&eY8maip67qjWId1FGWGy5a@q1* zG8lk~;U%L+7~q;Ub|1y%c-AJ=oRW=}O@INk+lU_utLOIeE%akam&NffpO7*X>LOA+2$rp0HGUVYseOqrbM zX9_-FQI6)n_$2yyRJpW-t9B1@lwYkt_ZmSHs@|3tEqZgZc6mp6B3{^L`^UiNSA*W; z&%Y8z^viy>8!u58)@adrAgGYhbw%sWO1BqAt%Gzx`a-zaDAJ@G<5OKZa~G6aEW3RA zmu5U%CdY#Pzux<#oDg}p`mC?riky@;OA*WJM9nP|eh&8nZh7x8tP8`^8CN(AXWkE6 zogbFYo(Xu*?8qrsmGG7vKi==kHba({1{O+bhGxNg2-z8IOkyB@rha={p(+fUY7FBinIa^_C>sa&UFPqd!pFMB>w-0B=?SW_#nK&^$WfyNmxG786;X0H%@5a z_?v2ca>D!p&EGYr@OQS*KTh5eCTr`eapRKv!a%p}+Z3Q&97MMBQuCm5&vlhG;KGS> zEy!eU!z%Ma*qn;x``NURp<-rVJq?*2aM#C^ccn*e? zS=I*^^?Yd?<1~k;NbM|if+O>08Nvx;xsnwD} zN5&=%aQ3!mhAz^^YbsxB^cubh(E`hcQ+-M zR(vPCO7pGX90Bkgso2G)^U$X=`+sm?W~H$1T~rwsbQM14z_^Cq?W395)z_u&n|^psI|-U3KQcGuZoFH7)m6*#Cp3K0Ar9 zs4G3FB)zUs_Y_7{{`FI&-5eLQG0>%YnPn=%F~+fwOV|~%EBG)N2m^^G?uCxw0R!5U z^`n`OF;?in-AOGW!id5kUSn#C(!&U#CJM)eJ=qS%qMhFxCc})N5`$2OR86R8eqmAxJxLK3k&4o==kXxF**wf<{^Y%8#|mrMy6)h&8bP$Ioa9Dy8e{Y% zd2qk)sUsPAr`ES7Pa$VT;DW!#*@j5Ui=qNSU&PB40D>l z{4Z{>6+DfWm@A+Ei;ot=UE|#8(fco6^!sV>+@uB8i~s#yyUGD~_~J|c5w*X6AuL&d z&SsVUS@Z8dnuK@_{NJVhfA!J^K4x$N8}(xk4}gg(9hU*b7n_xat-Xa=_ps2L>&KNw-!`A%n+S00~;bID)z(ikuJu z5qRKJ1yWBBQ~q@U)Q*FvSC)(CAIg${9=;2{%&<7P2e*K1AD<ZI9f3&9Z=x@*Z5K7Y3E;-)&G2`sHSo4NtcdzZ-8#wx8v03m2yNc?&0!Y%-GXAmFDT2Mi>B7J8;n$?5a z86>SLG63y)ytXl>ufL_EuAz+Y6tBaJe5$KM)hjP^eGKZtQUB?1LvSHZmoJ zXk7WHoHwF=Q#B!1I53$>`xW~`Zv88<+<)EmuPH)~ie@B?4(@RgwBFSedUti_@lWvO zphisP5NnhX6y_NAA(H~zbT~Nq$xm*;Un57IE=*51d!+jhF94Sw#K2-PSXPIpYEaG; znjEx&7DV8`9rA;I0c>H_LUe>|$W5=}D}dGdG}&~Othh7dUsfqgrtBpXa?^Uwzx+GF zzCU`nmwm}|9io*2phE?aUiZbB#k=+D6p0?)5?^Yy@&e<}4m7)u4=B80j-w?n7s?`!q5>7!KIGZABI%F_R_p|> zH6ORh5F3K>WkjtmT)cI0c}O!u?37%B9|%-U5i(eL<9$4Y`h_rD@|G_Ehbas(l<+!# znYIC=QppcVR}fA|>{H=4V(SR?rNKJ2&CFAjVP*DI9Vi|`VcyJ)1TtKrYJfjAe}_J9 zcVk96G7PMJuBAfwV+#m^@Fh9$4VMrXZ}4EW!h<34zg8yCkqwYImh)d0A2{Fa%UEYG$@p z4M4A`WaQS*Mbqx-eV_ObL?8ITHijwH*-2-(#TL$ux^(H!BCbf379{uDb}Wkw=SO zbv_LH=YEukipU!#+-dNILFCMuigT-oeTdF=_jeS%N59v1z}t63|2dOrJ3%G!*IPqS zT>u}6L8`$1<+MmwBROq_N9#=k(BS*4C1~zUUQ39 zi%I&b&F&iF*R=191Zw1n0_kvPZ3S^YO6@%FFB*cir#d>MZ&cbQ9>xIV$|MJk`nfSZsQ=MxUwj#i&{*UinNRArY7h^TNndCbQXv%$?qt-X9hg zEm$zc(U*|W3rq|RxvV+zG0-h-0&`ROmOO^$Z%U)%{zM*YS#%U-ck_>V+HZ$y$t)xF z3g8xLBV>1^GhYhcZFBt$Gs|yhcU6^ENJ0ka};#JSg7_UVv3aMxj>8Px`g5(@C}q_VZ>5e{><+MABzLY7%^?fcVDXhg&vdz;2u)e; zo@+1G`W?7$iaGer@eTgrx5HD;a#v~h`KNLk^-{XfBKz6US*N^c;WJ3B^K=h!q(Km7 zUf8hOOU8bJI~pww1Oo1-OfgS509DfzUgFn0yD$H;0vbT$L(+tp!?pFZQdfX~N4*R- z>0d5SoXmBMu2Y_nAFFYdiP@WNDFMoLzp z99YF7bi>~dXMXl4EuPB^gx$$QMukeq?&?<_1q%hHHDtQ$A6*_pEglNHYZ&B-UqCje zSwQaY9X24EFGSOfxSAw*NCP|(3bwdRXL1pjW+EPZj6En|+4l1@5PRZFSoxo^3b3Af z>NBWJ1B~xX>oj2!bnXpH<6p!%MTpa2iKh{J;5R}OD?w4M`r8{fenwBp{r*6dgf~&S z_TgW?(NwSb1bAVA+BqROXs{myhUgF*h02T;YGv)~mdP-ZGFTAg3eId&^+6L0i7~l2 z2qUw}m`@%<0!mr*9QD&6Tf9^b67MjW*|YipGEZ3ID!aMxRVnpt_AT#~eC#Y56Z+Mh% z7?Pv4d_n3pLhONq!U$f^CbZLSarFXyyz+Ds8-SJ2Ao)gY4D-GZh|}ho8QO_E-FCIBE%3)k0L(+EESfc&>fmPq`^ByaneNN$< zBaGF$d)+m z@%?ZQ&l3yrq^onp>PGCPt1OV87mXhQe5zWk+{ul zPdzH|m=J1U>zb__QleDcxYAO`EPvEm+nK=IW&ODXa?OHkW`XY?_3X#5EqplTm~O@^C_tBGQYKEMMyn;wx?qYDM0Bd?!YB7Bp?_7y+t22vsH zDok|ZPoiBZ?O;~cf>4bSPEqJ=YgnhgOWy;;U~QfhlP@9>pYSJGWSx;{XzS{1uT@Lo znFZVQbHMyI=1BHtHa!ByGNm;ssvv|P>_ilgo^Tss3Sf9lxxZg-^Z|?T&{L#Fyq^=t z9<0S`QwJZ?%~0itA)cC(e0RPeZ0oiixDcNE0DqXbN*K~n;-$Hgfe#g3BOi4j(si?B zE$st;#?wP!M)w4omCj8d>DH0+1f9l+?P~iNHw$yV$4<+_a_NpfJ{;^3<^ebV9^@fFIw4E@va}=fLCb<-SV5mTOc5 z&+|pS0(FmsGg+(r;Dv^iAwJyiUmx(yXfsM7=iN3SLA_>fB{Kif3m^Hea;ip+)I*Hki^k>*SBWq2KG-FB zovcFBIiT1;cg56>=T7gN4MlDI#it-hYAN7aUIW99^-<~S7X2lnX0SmfUdYw9sR;tt z*f)ZT>WMj!9DIHM0oJ$r=srOGCzf`h!!MdtFI6!x7&=0W(UDW#1F{aBhHAd|eXZEB z2gYmlwN@WDRITrVQrzZPKCB*Kd_38cPoCuS*v|q7D){wBOo5-RBxJbEDbd!`jr(jf zOCdE0j#p$?N_%hOAlkVLV_$YSkq{SMw}iOS%ay!xdVei?;c)EQm!y<7`D+rz2yE6@ zq;Z7d99omR`)^9H9bRS7P3#CU^AIsFpl*LHLoljX{2;|%B%n!B#WEv*I|_pTOW{Ei zz!NL~xZ5d~LSG3c_x5&D5q}EN53#X?c_i3pzEE4UPJl=740(WHn&omJ*TwIFm8X zx7cSr5Ht@=&3RW*#%J<@iw`Av$Z42zH#L4f!hdt$E}$?agh{{jKme9c?ASx7Sd2sy z%=ey9Y&paddce0I@xsX`)L!n-L9GLg1TVKBDLlE#yjsX5r%%W~lg9P+Qj)JRS_vxA z-U{kx=+(tiFAQ2l7I&#{3N7ldEXDK@dxV^OY~JV%@sXhj@%!w z*7*wFF31hT8YeoVu@N9SluD>~ThK{)TTi|nDtf?(@p=zZ)=kUAN+c$t>mkiLyGdjn&+u#Nb~cHTr>K8_5~OFqJAqDbNdld>qp#bINEme05%Kteoi>i z3YQTTLl-f=p%MjhG0 z-Kzn>dES%!+pYe>Vwh8KJpaUVw>RHVTBB)%F$$j^;awl0^Ya%2?(ugkapcu2ntk)> zg^9j(PYqw(gt~W)%k0nsdL&V|dbR}WxX-wnFYc$}h;C@^E-5p7y|$3EcsLzZ`tRNI zEjk_%qmFfj1?^O{e@76m(F>y7%ZDkr4dkhXIa2hOS=PNK);z>jZ~=#%$t5! z7Ku!K$d5o+hVw&c>J{vV&J+{hDweAV@LOeezelXcuDpo1NK~EFDOkz**1;D*G;bk^`-qMyGtWy1v3cn8$`2qgaK6z+OvogAk#xU(&8hpD zS&5+zD)>uBs{~O%s*g-5gvh%cz0i8c1Rs(z?vt0m2K+o}j<*v8K>yoiDDB-yr&VJV zfTS*GgduTE$8|Gsr~DD>Pm2oQokK`Ku$pz?&?Knr+! zI{-&&*7qKWo-VN*<^*Io0{A$5)c#>S|fcQ}p?le&uLqR% zmR|c`+eMe80eXlZM|BALFNjiS{|m~{xM>W8gCM8|UondbwGSMKYIa@u0KSnbp*+Ze zPWiSm9hKh>A(a3rAVAsxTHO-0!YjdHcH19&!fXY6eZWEmGTN+zfA|ofSd0+*0~f3E zrG<@Or^xJtdaJ!x2w77Jm$IZ&`JCi4L+A#e^am0WVr#1)%R-(?&Q*VrfOdBV3YbCu zK+I){zE2#$4m>>O9`n7xl!$@ChrgI_PhS6EzBx^R%C-hj`m4TP0r`zQWm7MRt~P+Z z{6l|R%22Aoi}+FzI1=H6p#WF8GcL(d$w=YrUk z9}-Iq8h=PEeJ@((ahpV<#h^5bzwlCEA@h~YGXk95#y$lu>X`ctoh0M^k`NGs$&QG% z+W!IxwEP2sVLkPVQ@isblnI#NoxPYnTYu z0AKeDLq9L z&28Lx4ln$gg^wk%c_3O0f0yq}jyP~H;F1APE;REK;!|`sy?7Ww+r^R>vmX4iQ|C!Y zA$Bt#cNKoDdhYMQQM;U%?V!^PPjk;ZGOlYJM9#cI3h+FKe_~39nf4 zB?S5r(9%GDBDuvn6s(z?K;5oKfM5E6<`XDOOGL|hS;s(P8hYHXPRiuVwEA&d;K58dEX>)S3gj>UNyn2YVn;eNzcjtvp*~)yRfVYn?l! zE5d*96=Z9TvZbKoSLS{}_jyv5bCg$bj=^t9wkvTiJ`4RBuKdCdl53_Px0;ripG|?Z zC}E>4@pN+cB|eG;hESP;9|}rcwj5%>(|(%U6W{1t4;%Z#PGFCVUlE-WVjONSk)8H241(0{HNX4N@=s-cpsOVD z^tYPvS+s@@Lg}q{`0r}!UISIw`yy*lSLq8rz_jWqe)s{xYRoLs-);s7KZSiE83_gU zo0oG}NX%q{X%Zdv`YeeVH?nRG@RzyDjj;cwh4{n4=)HqI@btcADq-Ao2}EEUc^MDL zp+C}uU$5tbw;?Z%i4BG1>g?4UP5xm+&7Yt;>Upw2i>Vfk1)60fWDXj`_#DG={Chz-ZM&(K< zK^$^KNDJT+l-5uQ(4m2xCZZto!zgGsPpU<0*Gf;1?ZZyTz((Uke#P+3GSk3weySJY zP&ScWZ&9+eQIE)U*)uCMoy|e5<7ZGgUjdfYAmkD!ThGk2_$$oKl_ zWpI23xDSJ)wdFRJ%kpc<2K@(H===JugiBH2I2mU)PJNI$0T_g5^58D7j5Q^t@ zH=R+5*r1AB7OU@pF#@IH0REm9M_D?!{C!&2GMDrt#z3t$^-`r#$M5C!KRnEo55zH5 zACh9`{?#ofQf3OuMM6;GJUA?LsxXL9u`>KnXmbvU$AWm?KZ%KY4T> z%gAFjF^es)yWBFrR3I(i+ZiC9IejxOhIBg=r#no@5SvT)>7ZJ1|3UK4Fj>rio;sN7lAVL z!SCj7#Qoes5PYkt9<*?HbH`xObsS1mTl0b#>eBdAkZi_zm%RrlCpdZemfrw_<1&<@ z2VRxvEgPx!VF$%_722j7L3*-O><+Y}(;G<#Q!nNA`X5Y0M)dz31x6CRZ!LI>5EbA3 zX^;Pw%#FNxjtHx#*s$8=(|S1K{V=HN77cwLfn0|C>p+PnkhfC1>Q6mkGt+-nhUWYI z@<76P^8M3S6hM_!2P6S@AKbpc+0sEwPioTwNxW#yf(%07+L8#D9{$`}bgeesnasWpU}N7EfKCHX@MpU$=D z_Nlg)gJ9GMAC!a)n$bp3gLFM-&lI>`o&Tc68yIdBXK|N`T1YB4RzgfItoA35!0t zdzg!mB*dMbmgQ35l?BrZoAN;VtkYSboT1z}RCOnGM_EUV9JCGUF91{>e?UhV8etY@ z4lC5LX?j{UXQ)xoz?T5VOiaj>lREQ{tWk3+HNqu@VbJ9^Xk==uqUCnZ+RcS zd{3@j?~6uy={yT6+s9WAq%LX_s`q}1r1O5rh>e;@j6rT1B7}RqouBeWRJ_cr!tB6N zYqx67+2z3TtG#lfOZK9Y#<4P;l-D^FR5UC?Iw|7`bTrJluiebp;D7%5?K#wiP)Fd( z_7n~qSJHT$XQ`NE?@zy*?UD*pstZ-}87+;jnqfpdt35Q>pQb(4M*nm$B;FBjc+eNU zQY4P8uU2F{>hlKql|S@Y9iHL3sGqxzxz ziBjA&;j*oY;p)70JCKF^(51^Y2`t%I&141l<`pPqS`DuU%c6RFWnvgmSf0f4Td0rKJmr{u@y(bEYD(K<=U|M_9i5B8T@kDMkChRU)G zeV}}QZ7g5(S4fy?Tg4SrgSu|QSULf4TDH4Z!^OKi1Jdyml|uF?9{U|ec_$M9=5UQ3 zh8F^T@~me%hJfBCj)=3&i-nC=9o_5sv>I;}oDEEX;{dRVhG)xJBYMUU<#bAfdNV z1nn?X1X}cH<_CjJj~)1<9ZpY>iqEbZjb3vZt~|iw-tkCDCd1~Y1;hkIbnOvLQkb3T zr}ayR>PJfbB24UWi-TJkRdTPMAZy|ww#4?ZWdWy9eHvO6ujB+c)(r8~V!gEe7+3OJ zbWwE|LSty2#hP(f4_O0*K5W7k>d&^@Ed`r_VzmkLQa&D&gVkT$Qjk1 z%;7`$jT#`ef!D5MmZ(t!Mn%2xA&~e@LxAX#6)Nx|Rqt?QSdTIu1Nn0!Viri;B)k0l zVcwxy@`3u`G*_e731~phN%4rk(Z>)}o529enU4zJPIy(g-)SbH*2Nq%wFu}8M(AQB z z>7_w}%Y#?9fM<~xWmEF`4nlm*8ESl`);>0|Q<}wmA2pcbI=@4k#0Ws#T|3B^UoTfC zpKN6yK#em?K45-i-#1aav*--UxVA1un_PjnuDQ*L4i;&rNf7_EgnO{D@I{Cr8}sKH zPPvLo(ZGii*Qutp%NF1Nig-q0icK6(S?HT@QJ?&^NQi^MU<<+-*AK_$-uHn~-F`?@ zi8fJW1!f`J`}MXzF`Wn?Kgs*$Kq6b&G)_=u-(UxKV~7VbJQ*~K>0bk$Ti!b|6PFzW zK>vYd=avHL?jm`OAs_{3(6zg}-{V=6CGEEkTEB5XVktT`C)@d2DEUK?Os&tFDa_P2 z`3-@7l}0SZB?o_M$M-JhP0fLss^m>D8#>O?s?O3)5E&3Bw*ly|$dXkp$#}Mp&jQ6B zuv3K>Y)$9;03!8~p&**>{*HlnZZ7M#GU0XUz|!;)GuPtB*cZ~7&AeY>(z@A>0v&|| zJY;Fq=gFl31W4v^LTNo4V{T`V{WnCvcId&0()kY5lHRl};0mh!(>Px;hvy{?J^h+U z+!{h#&J&Ima2=&()qKokQ6Z(;%f7t&bsE~GTPTy5INuG+x}+JWjwsmV5bW~RR>RtSQQ%l$sGLiX>{D$DE0OAuiBLV z^)G)dR^tfpw4grfj4%Iw$X~y~xW?^KKpS$_D4m1DaXJ%(i}eAi5CKe0o)(ag8Q}nVk?HQsVUj_dd$BbuR7GL zwgBIW0G?9m(`V1LB%KpsS3}V-Wo~{IIb*&qk;Bo>AErBY9Lz2>O?vwzs%S9%`XT4w zbLf301vZb$a%_^6jyQxyur*-BXUw#Dir19!`Dd@#h|aiZ-WOcNtR5+M#{8tf!IHrn zXU)2G)Cv zH*ToZM7GP0z8Y`P{0!>K#g=C@Wm5`KYX~k^TB=)J#1itnQ?I1@=?;#N|K(~|^`N?f z3wsjen%37Sub{N75Z++(lk!0mp`p?TE;nUKdDcy1W7K_uopcN3%n+DVgADaTR6*mP)8WW5Nqg!F37fb|?G- zpmrtG^-lG_7ujFG!7cQfnj-XJ3p!)_OQ`|hF&^Ci^%)n{5#oSN%k%#GU-$m`Nce5; z_%)<#3;yqw{(m}3T}kD@m+454x7H1kIGDe_rhCiS9PQG;bk4$m*a0>w2I|kx!HF(90s30|vzpDsBEY+j2GlWUG)rE)Y)HtcJ>O$H zyYK5)1CPV8$tciB@!<@cN!RbY63%nQ7Nj(yP7m@=*=kRZ*E&ip`rE-#uVuJfF&ufG zK&(J9j^Cm*H$lSPWq($%R_A2S^CSZz4#9x8!I|&eW!VmTwyJ3ATBMC4dw|tW02wX> zkea-vGkg<=L){P=799azD&MN`)1_iWkGBF>bx8t9i9t~eXE}yGC^Be={K*MqR9Qq` zUS4VPLZxj140q_w+JWvVRF~h53B1sDzC3#c0`V=C{a$|w^^?68$tX~sk!uC~G5bT= z+BLIUDj?h!xdFM+9-Gc4=4f_qr}HwBSwU+6smoSO5Gt%XLU3_`@N>;=rR7a#qUw(g zR#%4xep3Uyp(D^?vhMVF@-(uA#x1A=La0Q9nbX$Nxo19x4?wyIhM zCWsZ-??Iw9NI$`Ox*z!8L%SsPlH*%+~6Qj9M@GyqDyKRj^|+?bFGEmv{?p!AxJOMiS;GC!vtEK;K# zAkZo&o06x+kFcWXQg3324nF zbw^?>&|2zYYlhBA`+6zFJXhTd4H5FYis5zEKY?~TX`jZCrt{t?E%!Sui)dD;( z0*XXj$UziBHb~1VdAy*UjpRL$rY7%z9d$*Jdvyn2Mwjv#m!9;4Ralgxj*Fryah4kLy+g!)HOi(o3ms7 zR>}o^HjZ)liUna5Jpy!B&fJ`73(uZ1Oy6%4n3ht#{LFpkDs5(w=|}sQ=itsH<_~ST zjV=Mkt+O+rX((8m^WxsMX5xFNX#Ij0^R{I>-eix*PVpn{K-}Wcs`A*Q4x^L4xZGWb zS>levws>KdlaCR2%8hE-M@S6 zxVAQMh-0*ObC8d<@v9ZUPK%Eon#YTzIatirwf6dDPJ^O1H9Yt5Z%^KtUU(?fz1)wx z(Ju(lFVEbGY+COvcS(48$-MiDrI8+*_ z&3U_{)w*M8Wae4>7w=!x-2$CGYujlg5wXYr_O_uh)mY4@`ifB3ZIOQ;~Z?no-@ z(&IY8Htzz#tG zpaB2~D|s!vRfB+*sf|w8&zEfw7tM>Y)N5U>6LoGDWGeIwaB8Q}xnh=%mq1!k2R#(2 z!f8Ly#X2=QDYAqppX?@#ve-y|qdk|AQ=wQp#~y;2weUI4HF|lihE+NzP4IR%=3#37 zZ!u~LHfpT22y0{f+`)aN%nwAJ3CO`ULXnH%l)TlaR&TcMHDw?Ha zbo8C9qxPtyR(+qiwKZ@66q6dD6Y%BS^(KJMNCSgbDCanM+mn~MAVliEZp>`D0NF7_ zDB1^*fg!q-nzc3IyF&VqY2lVfvv=fDI9hJ+xO)ds++k{Iu1fFZvIE>1b@+;yY^!sm zu`X($GkLhlwcIR{lFkst*k_CmnWsJmAfrF)Fz9oj?>VPM#j7YqW5w_y8dJ>TUJ`u@ z(tUj}-{ZptZ^B&n=N8L@cEJSIRGpKRwIRp-snJ2GYL*Z>NSw7Qt@VanKT z#(2qD4-sRv7VyehIET>bGhNTsdp>)^&D#k(Z$R9y?|`q~SJ6DVoLN_I5`hB)N&2jI z%iSKphEstGv$9(5yF43Yg-3#0mc^a>VEwHCU`mlkZlG#u4G;C<$M|ts)1UyrTFyOi zsv##yP^2cwX&b*JM`0p-BXmGiymm2SduFY(CsZ?jyL4#nP+SDvt~hb}T6Ozk1omA2 zCi{&77pK&N>iVN@;qd7L;A}lyE07jGu~SPv=j!c)t(oTFc+#k3%T1uIyTlu_-DNr9 zIH#ox%a{;WCTUU-Uy872Y@}c`K8Y%;N}JJtrP2L*%PmLE`%SDM(SDz{c(K<0wmsZ ze*Dr&vlxrusK_eX!mF5BLu2hrEx^Z5&rn09$G%dMu6UGWtmGX8l`;>?7i_!d%VbD- z%en`@-r^Mp8MrK(!p%yJg}cKdv~s%AW>%|I;rq%WbAu}BXxmHl@_HS2Q}PXfMQ>jh z0>Z$#s7~N8j|esN6|UVB51E3bU{&u*B}^H2e|CxQdo2iK(4O4Aap&^IEx}I9N*B{n zDfYRic^Lr-OMgHK#y2j>Hn#EajDv0yX64cH(*^H@yUe1OzCb?tWs0}8ZqAZ{yqhN( z65E-Ei)a-XsvgJz=WK$KBQ>ryo3CxUMy|uodJ+;H9Vb+#ZTtVgX~nk0s6fB%N8K5%uR80$ z#07v;-xvG`=wG(ab#ceVh6uLE%*MVCo_q7bLz+<@_~n5wWRur#(JgdgrhNu`rVB5aKJ^00V}NiNMNbAIa# z5y+_3ja+Ok?s_L8J7Rr}uhx1=zi)wPQcx&{{u`g2wrU;{7jG z7#db5XYc&f)bij;E$J-eT0p6pD3Bb;yzqX2V@{WOR*8ah5^{BCO^e~yoM+IZT zkjUrJ$+%{0fsf$_a2ap&MEUIv;RuA8b(D+ZhH#{4*=Du`8M61iLC-`2CPao?V*}WK znMQrRSkp*4vr3HdIG`*aK62`DMCpA~IJ=D=8*NIGY%StT+gOfX}(oujUVOC0jZT3%HvnNuDYP~j zO-2G48s^%_zn(Mana{pq!F}!=Ta4VT8|s^byKvUpTJ>73xs~{QL&LeHLywcZ$?VOY zEJh>!^?YQ zA3dw>=d1;T4{!$Kk7&H(4tb==Q*FO?>u1MNe)*z5!XU@rhVaNGy+u5bxw5D6E z^SvwADj*It%9CYxQpE1t+gT5@<_-Z3%cjv9>BZgSKfvz*7#tTfxqPWFWD$7cb{50^ zta#aW9MN|o+J*%Ouhy4X3IQi+^#icc>Av&vprAQ%vF6%U^?`oLt*-Fqbh(wGP{gKQ zvlLZPQm9g_3HR_fi-Kn$F}$mnsK^}RR!$J*r|GUEtU>*gB_Ztm&ilQ}8 zD#y9;AIf%@n72}Smh&7y0LfRY^b8~StMPB{ZWf%9<~!XM2DB;H^KO~Oi5auq&s|Y5 zVktQ`+h9UXxRg4W>`QJIv9VIJsIM&q#zb(H5?j_xFAUtMDltu(jG&h!Y3e>7R&m>b znw|0$5>v0%Y7BxAc$Xhfnm87~2KVP2Js{C*jiJetowD;u`a;!6;uvM)b$|k8&z|JW zA#;XBscM(#j9mz3^_2-)968?krE(74_#NROw}6l5r`<4H{nl4dv{tQZP>Xwbl569h zT@lprp3q$_Z!HWen9`YOf6qg^SBLo{*cVu~A|vm_>_bA#_I%xBBT&)|Wv}AW5&}@e z54$>DCyk~{_E}9*@Qc+S`JS{^%j7j4DvU~&EAOv9s~t1C)G?<u1GOXWv?rQ(3MUWlKKT(KtKb8)i%lrz^H!f+iuIni-#NG`7W+WJqmumFehWGN ziwZ$o??ixVM;6W`KtKu)RK%O^P|Lnocr;v*ccNGm0>MinmfNC&k7A?W8noXvna!0g z;FP9HkF-$z`kF_u+@YtIU70&&&CSFjG0sbQF&-rGN;(;%Ump!U?wngnQi4dQ0{lu* zgP`+5@Ozio$u7cH>7XsbyGvaMBeGpZp8Yq|Yqv5ak241vr}ZA?=LeR?z-r4j_VBh79)_^6gWUUviN}c|88@W558VW392UPk60ssJ zy7GIPsSfJ`Bqe|Vly5GJ_oGI^^%X8{;R~1S@FHm}a#`)WpbB!tb1t|0&W)54y@#5Y zyFo&KE!*3LVk2$4dP0$dYX^iIi}~Z0X&ZWpyaG)S{A5sByJWDoh*!#>9fJV9E%XvU z04U1MmK(o3NPO{qYL*3`i65M#Wrn$#+4<24IS0V5tAa#*#Km7cD1T2`oh)#*^`U% zamhUat~;pW*v3QE)r&>MQk?}E6j#gFgxVG~w(rL^{;~X!!#TNTiZyfN1`Yqip!VfTs$l1k(9@{{%dXh?>MbV)g@rAut__H` z9bIzqF`hNTsjD!_g!@Lin3x3;S1SNNN9zXY99vbiNF-RhWc|zo=JXb-Tz44>PpZVe!Xz8(&uH-}!7uM%7Rh1Y(zbAqGOK`qMc;5piH7_X$OZmbz+!+&0jy68BxPQkf{Wc_+b+^3vw|cGY5i!Gj?52d5@O! zrt%$M+2AI9AE@wY5Lq9^qwQ}cbEmb9>gxh}tZV%{{nI4C_8we13O{^dWtm&I}5rN1NLU&Aa$_I)bGOGbr!+!@=ygY=4x!UU|fYb z%I}>|V&X>zm^(=J+VBjba)U8WDAGuqJzYN4WxP35i68Xo}V zR)&w4Von+C*=N!v>=BIXQ7~-o4?D75T^^`P!q$cLJ59lw5 zL6zIFa|{Glyh_gAC)g#-#-r9k-U%((_@=IYkFW+#7RRlfUF_27rQPiE((g;tcq6_L)yMt)#>E17 z=>TVEI0qHRMhCq6>@q3nez3)+J*pdArF4#ub+`sN|4)`hA1UQUE=Bl#bT*D&>PM5e zmkh!9sLF@dXN-Jpbo5{lbTeL@mAKks9~3I4NB)xaVjO+yr5~dJLtU|Y>jk(bY zqZ4HGBl%o?&zUcrJ^kSsGy;!3$~cArt?lfI!IiL|ZkOOLud08uFo>0E zF;>%kXlh-Hn-*5rZmx`d^w2N>O|Oq6+onDGfp=8-=t{nZ^kmOoWijfe%d%ssrabKn zDeI(Kz~0iRA9Ad3gh%j5Iuq9^ueGD?==oH#^1&Mbzq2APgFp9MS~reRw5W|09@?GP zUTZ#|i!ug^U!ry=Gp&+3T)qp~8J|na1|p@*(A{XC4rwhU64{PBHfv^6DencX*Ietu!K0zFGdyTvRmZFl>h;t63(5tbMPA% z9&$F|)<@85$z0)%Su_obD!JKSCE(r<`SpvUb>$OU%|D#9zZegHW@z+L18Fp$ek2sB zP6FjGC2^jdo8>U4wod2JH+sakWR1a@0cCZ_sFt^aR8C^Zz;C1p&1zagLei4dmm zYh-PtV=`tTqT^merJxtyEPt5PB3QE#xM|qy=D}-EQv;C8_kP#AsC=M!eHLBEBv9Z- z&Ig^7?=KYfpG*UwHXf?{9xB@pOD>Gy%{&IAZk6MJw3Q+bw74rF_RAmvVsXm>Dx?Ub z{ncCZ--Wuaja^-o{$t$!J(5x>(tv+J?XAK7Gfm*ntj%vfz|#R!>iXkgpvLoSVhbD} zT;zzQS@?UV^FJ?*W18+EE{xCCqgJsZ1%NGZ{{1V4{}}K;-bDomsuS7nn3!CN+O7eD z_S2%;rEkxmyf+S7PAq3@%P^1|{)@#61(k5381DNw zM?s#Mvas5Z^l_853ihw35(PDpjF4)%s!-sp(KUxCFjpOYa%ouC**0Rhe|ddqUJe;&~@qTR`!)8NkTKg~PFCB*j`*rQXfZ_gbOM*%j{we<31Q z0`#)R%*O^MckA}~hIZbsP*|hP_1eDHqlM2xPg||ISA2p_Rdzh)Hh}l*INMZBKc&UNai1r@gF|rPv@1CH2Nw4 zjd?)~%WKjc0QiVsdv&ju=^7XqK&&}f-#a-Na;B}(@LqlWede;8zZ~tlc@if8r*}Yn z1SX{fZS)V9K;gpYG9tXp4H9Lsdr9ZI)HBex^C)drFHKUPtp_W?ss!jwvY74e!lo`LtuRI!ViFCtrW_{z_Wg?)3J8@JMaov%me--v`G9E&Xo1W|X0e#U*OO7nW}R*Rb*bhxg5t znx*8AFgJ5F)SnjB2hR4#ce(z*G94=Dt@}dzpe`aEcYp_ z?|K5i9Boj}@a-b^|1>2L7h>!|HN!`V!6Ewsf)|o!+4cYpU~LO4%pRXH#R1skE{H_f z=f)H5iK7+@6RQqC8++VqB5p%Ne^8G8^(};Sy)sh^%*mXSHAmm0k1jY6go!4K+ zf(j+3h;73X?a^tCjz~`yr3l&G}U9rh5BSUo`yn(#P6j?gblh zQg5^5=+xRH#mZ&Y2N9d3Y_q#a+WvWrU2n)}F`4iC@ydi}1ed{<)PBBe65F(kX5#i~ zF@|`)|3`_<5~9>~X>XrY+l)-!UrwDdKaLpR^g_|`E-hQEux$pl7T4sY+vm~ibI-%0 zS&}EsULr@$6k_*!V!m1Jvy&%)r7%@BbB0eGqYNL*JJQ>??@@WHz*VL{R%dLvasC4C z&eoNq(MYxSHZ5hYVa3>cN$fb00-CxxM@yz1QPP5jZc)NG$%(?L30s>F|nQQjv>>84jS@m{iM6JSax8GFmVX3XMe&jsI+TXE)nWKTPXY$l<^p07s z>$7CC|8_clSm{Q3?g;y%#BJ>!?Kk2U`J|UF4~)aB`*C-w-Y?mYY3!=Q>op839+Z2m z!8)4eL{A-RE%xp9wAR>-_8TWV>M1!4Yl>#~kb9~9S#?vdhjh!2?0V8%MkO|85gq4Y zZZ@%kMjp!hs>;T;Wd_46W>yupHZ{8^9lWsG=~b4~{jar=1fCBfc~6q5@mx3gkDn9i z#@F}{1pnHsHKUzKY?kBcIy4;Fj1bkjRb9TmRU#g>fQOqtkoUYfGI-@!zo#iV;ZXL& zTeHgKOphL?gIJ^+X;y7ZAgvKo+0)F!nS5F<5;DVgZua4x7#QJC-aK!PJ{@uShMXY@ zj^s-wu+>Blcl>>{N6JxY5+3%ok(Db8GZgN?*l(@y3H*9z1U!NpT+(}=Aap#6tUff2TA4Fh ztwBSEH3zR{;5^XMa{l%)&u%loOkNqckbUBV%6>O}b|lx4o4oLGoM%MO$#NmG9H*ka zd5P1YrmE!?EcJG!yumE7IK1igjzM~^eM5*Pdq2rHs^{QMF0S%xobe{6aB(An!UU&{ za736rEhj?yTIXhZfU5+{UgzeGhS3X)vGMC`e3cy^lfFrjdDfVG17c>J{wrH=k)O-D z*|jEif{`m7wCrZ%ydSEzEe#O){yEys$}!r+JFc^_86AG%X4INbOOZ0)yghe9seoKA z?2Ntmjc9%qy995rN1;?ZGiQJV9)B<;4O_dG6k`Hp5hPO)$8)70@>*_AH%C)nT4Gb) z?nH6gC+R7jam~x?&$!FcpTq%cON&lgsZNr^?l4_aVq;#bbQyKuc-}sMNyEvPw30W= zHtyQ?Jj)r~b8o(LR6;A?mBo{whsMpC!`lZ!f6mx^u!e@$5jc*9Sz$uERh8{yoH4rA zt~t!FhQrd8U5ngSmn%D5m`}>xj=GcDun*;AYCH4@6R`{F5U`Bkg>z1yDhvna0dr=B{8*}+lbL%JpGL*m8y9-CWs`_es8 z+k(282_>`k$+f#&yOAqO$(lok?yAmn2d^X3Dl0k=g5vs|9&am`EBfWDE3$10?Dn_t zl%teSEgtEt?J>8Hxghg;`EtK;?22i697Jcdt9B@}`PaA<7OijAH%$-(d6OM01bMe- zU-{+PbpOPQsM{t> z+{AEnh`j3RhvEK-lpsnie_v*Qb&ZBoc?XxG;^5WmsNmy{B1FMmvbE!*83Cr~O~-hZ z8n?kz#Ga9uE{$htc1~%-6~qg1O-_Gn{-q;t+EL5xq7w~*$nd-*Ll3vX0i?QeESE=p z17b>Wd&a%%-8~9&+*?{bfKWuu?)tduKb(y}y=)ciagcX}fj%55pXuR1iLThHpdN#o z?YR6wF#)8r`F74&CYDs`?;hw+UKu$h>Op*9;PJ=akr704-(w{cAss;Xm&w!V0-q zZQmos6;WOA@kvSs&+x|x$t}QBLnqD;{kqWB{G*hXmR6&sP(`+2LJe@e4z=&O{&E(i zTF{vkV^ly3m&~Aivm5$1pqQa8!Kab&vG^}768s(;w?*GOfm;Hjsc3NAcjP#IA`S zaiEFVv`9i*!P_%UD0tz5)+?_g9EJ_be$=LYDY4M-DyXbzg?H^s&heY;zZ@{I+C-pK5|1wW zSpb!J6i87N@A!W?YYEK9fQwqpNfm#&P3fdkbU>D<>kI9pGgE0M;3Dc&4eqn{f+>_r zv-EtAch*HgP%14zv;M5_k7ESi|GzRwLD2dpqO$5fQ6c%|x&{+R4QlC^S@Ijsup3zX zG60zqKD>GNj2(*g6jZ<$q*h&E{*NvG$0YPpfsHx4j3aO+2+sot1&mj~IxzfSSO+h> zl6@o$jk+opq;K f90sAiQ4S3aKu|H<7}x|Mg+*!%wh&r6+t literal 0 HcmV?d00001 diff --git a/openapi-specs/compute/33-02/desc/tags/name_delete.md b/openapi-specs/compute/33-02/desc/tags/name_delete.md new file mode 100644 index 000000000..2ed010e57 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/tags/name_delete.md @@ -0,0 +1,14 @@ +Deletes a tag from the system. + +### cURL Request + +Refer to the following example cURL command that deletes a tag named *my tag*: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X DELETE \ + "https:///api/v/tags/my%20tag" +``` +A space must be encoded with the value `%20` as specified here in [unsafe characters in a URL](https://www.ietf.org/rfc/rfc1738.txt). \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/tags/name_put.md b/openapi-specs/compute/33-02/desc/tags/name_put.md new file mode 100644 index 000000000..cbaea40d3 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/tags/name_put.md @@ -0,0 +1,23 @@ +Updates the parameters in a given tag. + +You must define all parameters in your PUT request. + +**Note:** `""` (an empty string) is automatically assigned for any unspecified field. + +### cURL Request + +Refer to the following example cURL command that updates the parameters in a tag named `my_tag`: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X PUT \ + -d \ +'{ + "name": "my_tag2", + "color": "#ff0000", + "description": "A super cool tag" + }' \ + "https:///api/v/tags/my_tag" +``` diff --git a/openapi-specs/compute/33-02/desc/tags/post.md b/openapi-specs/compute/33-02/desc/tags/post.md new file mode 100644 index 000000000..d55ae8b96 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/tags/post.md @@ -0,0 +1,22 @@ +Creates a tag that helps you manage the vulnerabilities in your environment. +You can use tags as policy exceptions or assign them to vulnerabilities for action. + +**Note:** `""` (an empty string) is automatically assigned for any unspecified field. + +### cURL Request + +Refer to the following example cURL command that creates a tag named "my-tag": + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + -d \ +'{ + "name": "my-tag", + "color": "#ff0000", + "description": "A test collection" + }' \ + "https:///api/v/tags" +``` diff --git a/openapi-specs/compute/33-02/desc/tags/tag_cve_delete.md b/openapi-specs/compute/33-02/desc/tags/tag_cve_delete.md new file mode 100644 index 000000000..8caed79cf --- /dev/null +++ b/openapi-specs/compute/33-02/desc/tags/tag_cve_delete.md @@ -0,0 +1,20 @@ +Removes a tag from a vulnerability. +When you delete a tag, the tag is deleted from a wider scope. All the packages and resources that were in scope will be untagged. + +### cURL Request + +Refer to the following example cURL command that removes the tag named `ignored` from the CVE `CVE-2017-15088`: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X DELETE \ + -d \ +'{ + "id": "CVE-2017-15088", + "packageName": "krb5" + }' \ + "https:///api/v/tags/ignored/vuln" +``` + diff --git a/openapi-specs/compute/33-02/desc/tags/tag_cve_post.md b/openapi-specs/compute/33-02/desc/tags/tag_cve_post.md new file mode 100644 index 000000000..966a80bd8 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/tags/tag_cve_post.md @@ -0,0 +1,169 @@ +Sets a tag to a vulnerability based on Common Vulnerability and Exposures (CVE) ID, package, and resource. + +**Consider the following scenarios**: + - When you apply a tag to a vulnerability only on a package, the tag applies to the vulnerability in all the resources related to it. + - When you apply a tag only to a vulnerability, the tag applies to the vulnerability in all the packages and resources related to it. + - When you apply a tag to a vulnerability on a resource type, specify the scope of the resources using either a wildcard "*" or resource names. + +A vulnerability can be found in a source package or a binary package. +The vulnerability feed reports CVE data either on source packages or binary packages. +For example, Debian and Ubuntu report CVEs on the source package, while RHEL reports on binary packages. + +**Source package:** Provides all the necessary files to compile or build the desired piece of software. For more information, see [Source Package](https://wiki.debian.org/Packaging/SourcePackage). + +**Binary package:** Built from a source package. There could be multile binary packages that are built from a source package. +For example, `perl` is a source package, and you can build different binary packages such as `libperl-dev`, `perl`, or `perl-base`. For more information, see [Perl](https://packages.ubuntu.com/source/focal/perl). + +Prisma Cloud ingests all the various distro vulnerability feeds, and normalizes them so that they can be used uniformly across the product. + +The **package info** tab shows both source and binary package fields in a vulnerability report. + +Refer to the following parameter descriptions: +- **id**: `Required` Specifies the Common Vulnerability and Exposures (CVE) ID. +- **packageName**: `Required` Specifies the source or the binary package name where the vulnerability is found. +Specify the source package name for tagging when the vulnerability is found in the source package. +Use the wildcard `*` to apply the tag to all the packages where the vulnerability is found. +- **resourceType**: Specifies the resource type for tagging where the vulnerability is found. +Use the wildcard `*` to apply the tag to all the resource types where the vulnerability is found. +The available values are: `image`, `host`, `function`, `codeRepo`, and `""`. +- **resources**: `Required when you define the resource type.` Specifies the resource for tagging where the vulnerability is found. +Either specify the resource names separated by a comma or use the wildcard `*` to apply the tag to all the resources where the vulnerability is found. +- **checkBaseLayer**: `Applies only to the resource type image.` Checks for the base image in the resources and whether to tag those resources. +- **comment**: Adds a comment. + +Consider the following scenarios for source and binary packages: + +- Debian or Ubuntu lists the binary packages and source packages. + A CVE-2020-16156 is found in a binary package `perl-base` and source package `perl` in Ubuntu 20.04.3 LTS distro. + + ![Package information](https://cdn.twistlock.com/docs/api/Ubuntu-Vuln-Bin-Package-Info.png) + + The parameter *packageName* in the endpoint accepts only the source package name for tagging if a source package is available. + + ### cURL Request + + Refer to the following example cURL command that tags `Ignored` to the CVE `CVE-2020-16156` on the source package `perl`: + + ```bash + $ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + -d \ + '{ + "id": "CVE-2020-16156", + "packageName": "perl" + }' \ + "https:///api/v/tags/Ignored/vuln" + ``` + Refer to the following image that displays the tagged vulnerability: + + ![Tagged vulnerability in Ubuntu](https://cdn.twistlock.com/docs/api/Ubuntu-Vuln-Bin-Package-CVE-tagged-Ignored-Vuln.png) + +- The RPM package lists CVEs on the available binary packages and not the source packages. + A CVE `CVE-2021-20305` found in only `gnutls` binary package in CentOS Linux Release 8.4.2105. + + ![Package information](https://cdn.twistlock.com/docs/api/CentOS-Vuln-Bin-Package-Info.png) + + Use the binary package name for tagging only when the source package is not available or NULL. + + ### cURL Request + + Refer to the following example cURL command that tags `Ignored` to the CVE `CVE-2021-20305` on the binary package `gnutls`: + + ```bash + $ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + -d \ + '{ + "id": "CVE-2021-20305", + "packageName": "gnutls" + }' \ + "https:///api/v/tags/Ignored/vuln" + ``` + Refer to the following image that displays the tagged vulnerability: + + ![Tagged vulnerability in CentOS](https://cdn.twistlock.com/docs/api/CentOS-Vuln-Bin-Package-CVE-tagged-Ignored-Vuln.png) + +Consider the following scenarios when you want to tag a vulnerability to all packages and resources related to it: + +- A CVE `CVE-2020-16156` is found in several packages such as `perl`, `perl-open`, `perl-macros`, `perl-libs`, and so on. You want to apply a tag `Ignored` to all the packages and resources. + + ![CVE information](https://cdn.twistlock.com/docs/api/Tagging-Only-Vulnerability.png) + + ### cURL Request + + Refer to the following example cURL command that tags `Ignored` to the CVE `CVE-2020-16156`: + + ```bash + $ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + -d \ + '{ + "id": "CVE-2020-16156", + "packageName": "*" + }' \ + "https:///api/v/tags/Ignored/vuln" + ``` + Refer to the following image that displays the tagged vulnerability: + + ![Tagged vulnerability](https://cdn.twistlock.com/docs/api/Tagged-Vulnerability.png) + +- A CVE `CVE-2020-16156` is found in several packages such as `perl`, `perl-open`, `perl-macros`, `perl-libs`, and so on. You want to apply a tag `Ignored` to the resource type `image` but to all the packages and resources. + +### cURL Request + + Refer to the following example cURL command that tags `Ignored` to the CVE `CVE-2020-16156` on the resource type `image` and to all the packages and resources. + + ```bash + $ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + -d \ + '{ + "id": "CVE-2020-16156", + "packageName": "*", + "resourceType": "image", + "resources": ["*"] + }' \ + "https:///api/v/tags/Ignored/vuln" + ``` +- A CVE `CVE-2020-16156` is found in several packages such as `perl`, `perl-open`, `perl-macros`, `perl-libs`, and so on. You want to apply a tag `Ignored` to the resource type `host`and resource `servo-vmware71` but to all the packages. + +### cURL Request + + Refer to the following example cURL command that tags `Ignored` to the CVE `CVE-2020-16156` on the resource type `host`, resource `servo-vmware71`, and to all the packages. + + ```bash + $ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + -d \ + '{ + "id": "CVE-2020-16156", + "packageName": "*", + "resourceType": "host", + "resources": ["servo-vmware71"] + }' \ + "https:///api/v/tags/Ignored/vuln" + ``` + +*Note:* A tag assignment is identified by the combination of the `id`, `packageName`, `resourceType`, and `tag` fields. Invoking the endpoint again for an existing tag assignment overrides the existing tag assignment for the resource. For example, invoking the endpoint consecutively with the following values: +1. `{"id":"CVE-1","packageName":"pkg","resourceType":"image","resources":["library/python:latest"],"tag":"In progress"}` +2. `{"id":"CVE-1","packageName":"pkg","resourceType":"image","resources":["library/python:latest"],"tag":"New Tag"}` +3. `{"id":"CVE-1","packageName":"pkg","resourceType":"host","resources":["devbox"],"tag":"New Tag"}` +4. `{"id":"CVE-1","packageName":"pkg","resourceType":"image","resources":["node:latest"],"tag":"New Tag"}` + + +Will result in the following tag assignments: +1. The first invocation creates the entry: "In progress", "CVE-1", "pkg", "image", "library/python:latest" +2. The second invocation creates a second (new) entry: "New Tag", "CVE-1", "pkg","image", "library/python:latest" +3. The third invocation creates a third (new) entry: "New Tag", "CVE-1", "pkg","host", "devbox" +4. The fourth invocation overrides the second entry with the following values: "New Tag", "CVE-1", "pkg", "image", "node:latest" + diff --git a/openapi-specs/compute/33-02/desc/tags/tags.md b/openapi-specs/compute/33-02/desc/tags/tags.md new file mode 100644 index 000000000..5da0bf726 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/tags/tags.md @@ -0,0 +1 @@ +Tags are predefined labels that help you manage your vulnerabilities via the Console UI and Prisma Cloud Compute API. diff --git a/openapi-specs/compute/33-02/desc/tas-droplets/download_get.md b/openapi-specs/compute/33-02/desc/tas-droplets/download_get.md new file mode 100644 index 000000000..db92ec66a --- /dev/null +++ b/openapi-specs/compute/33-02/desc/tas-droplets/download_get.md @@ -0,0 +1,20 @@ +Downloads scan reports for Tanzu Application Service (TAS) droplets in CSV format. + +This endpoint maps to the CSV hyperlink in **Monitor > Vulnerabilities > VMware Tanzu blobstore** in the Console UI. + +_**Note:**_ The query parameters `issueType` is not supported for this API endpoint. + +### cURL Request + +The following cURL command downloads all TAS droplets to a CSV file called `tas_droplets.csv`: + +```bash +curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https:///api/v/tas-droplets/download \ + > tas_droplets.csv +``` + +A successful response displays the status of the download. diff --git a/openapi-specs/compute/33-02/desc/tas-droplets/get.md b/openapi-specs/compute/33-02/desc/tas-droplets/get.md new file mode 100644 index 000000000..d820517c2 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/tas-droplets/get.md @@ -0,0 +1,21 @@ +Retrieves scan reports for Tanzu Application Service (TAS) droplets. + +> _**Note:**_ + * The API rate limit for this endpoint is 30 requests per 30 seconds. You get an HTTP error response 429 if the limit exceeds. + * The query parameters `issueType` is not supported for this API endpoint. + +This endpoint maps to the table in **Monitor > Vulnerabilities > VMware Tanzu blobstore** in the Console UI. + +### cURL Request + +The following cURL command retrieves all TAS droplets. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https:///api/v/tas-droplets \ +``` + +A successful response returns all TAS droplets. diff --git a/openapi-specs/compute/33-02/desc/tas-droplets/get_tas_addresses.md b/openapi-specs/compute/33-02/desc/tas-droplets/get_tas_addresses.md new file mode 100644 index 000000000..528281613 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/tas-droplets/get_tas_addresses.md @@ -0,0 +1,17 @@ +Gets the Cloud Controller Addresses of scanned Tanzu Application Service (TAS) droplets.\n + +> _**Note:**_ + * The API rate limit for this endpoint is 30 requests per 30 seconds. You get an HTTP error response 429 if the limit exceeds. + * The query parameters `issueType` is not supported for this API endpoint. + +### cURL Request + +The following cURL command retrieves the Cloud Controller Addresses of scanned TAS droplets. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https:///api/v/tas-droplets/addresses \ +``` \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/tas-droplets/progress_get.md b/openapi-specs/compute/33-02/desc/tas-droplets/progress_get.md new file mode 100644 index 000000000..504a21e84 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/tas-droplets/progress_get.md @@ -0,0 +1,13 @@ +Returns the details of the TAS Droplets ongoing scan. + +### cURL Request + +Refer to the following cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/tas-droplets/progress" +``` \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/tas-droplets/scan_post.md b/openapi-specs/compute/33-02/desc/tas-droplets/scan_post.md new file mode 100644 index 000000000..aad2174af --- /dev/null +++ b/openapi-specs/compute/33-02/desc/tas-droplets/scan_post.md @@ -0,0 +1,13 @@ +Scans the TAS Droplets. + +### cURL Request + +Refer to the following cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/tas-droplets/scan" +``` \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/tas-droplets/stop_post.md b/openapi-specs/compute/33-02/desc/tas-droplets/stop_post.md new file mode 100644 index 000000000..5f5a019b1 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/tas-droplets/stop_post.md @@ -0,0 +1,13 @@ +Stops the ongoing scan of TAS Droplets. + +### cURL Request + +Refer to the following cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/tas-droplets/stop" +``` \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/trust/data_get.md b/openapi-specs/compute/33-02/desc/trust/data_get.md new file mode 100644 index 000000000..dd55d47a3 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/trust/data_get.md @@ -0,0 +1,277 @@ +Returns the trusted registries, repositories, and images. + +## cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https:///api/v/trust/data +``` + +## cURL Response + +Refer to the following example response: + +```bash +$ { + "policy": { + "_id": "trust", + "enabled": false, + "rules": [ + { + "modified": "2023-05-11T09:24:33.936Z", + "owner": "ss", + "name": "Copy of combined", + "previousName": "", + "disabled": true, + "allowedGroups": [ + "by_cluster" + ], + "deniedGroups": [ + "by_host" + ], + "collections": [ + { + "hosts": [ + "ss-ubu2204-dock-0905t072802-cont-def-pre-lngcon443.c.example-247119.internal" + ], + "images": [ + "*" + ], + "labels": [ + "*" + ], + "containers": [ + "*" + ], + "functions": [ + "*" + ], + "namespaces": [ + "*" + ], + "appIDs": [ + "*" + ], + "accountIDs": [ + "*" + ], + "codeRepos": [ + "*" + ], + "clusters": [ + "*" + ], + "name": "trust_by_host", + "owner": "ss", + "modified": "2023-05-11T09:17:17.556Z", + "color": "#D64CA8", + "system": false, + "prisma": false + } + ], + "effect": "alert" + }, + { + "modified": "2023-05-11T09:24:13.952Z", + "owner": "ss", + "name": "combined", + "previousName": "", + "disabled": true, + "allowedGroups": [ + "by_cluster" + ], + "deniedGroups": [ + "by_host" + ], + "collections": [ + { + "hosts": [ + "jen-ubu2204-dock-0905t072802-cont-def-pre-lngcon443.c.twistlock-test-247119.internal" + ], + "images": [ + "*" + ], + "labels": [ + "*" + ], + "containers": [ + "*" + ], + "functions": [ + "*" + ], + "namespaces": [ + "*" + ], + "appIDs": [ + "*" + ], + "accountIDs": [ + "*" + ], + "codeRepos": [ + "*" + ], + "clusters": [ + "*" + ], + "name": "trust_by_host", + "owner": "ss", + "modified": "2023-05-11T09:17:17.556Z", + "color": "#D64CA8", + "system": false, + "prisma": false + } + ], + "effect": "alert" + }, + { + "modified": "2023-05-10T19:05:27.651Z", + "owner": "ss", + "name": "Default - alert all", + "previousName": "", + "collections": [ + { + "hosts": [ + "*" + ], + "images": [ + "*" + ], + "labels": [ + "*" + ], + "containers": [ + "*" + ], + "functions": [ + "*" + ], + "namespaces": [ + "*" + ], + "appIDs": [ + "*" + ], + "accountIDs": [ + "*" + ], + "codeRepos": [ + "*" + ], + "clusters": [ + "*" + ], + "name": "All", + "owner": "system", + "modified": "2023-05-09T07:00:08.761Z", + "color": "#3FA2F7", + "description": "System - all resources collection", + "system": true, + "prisma": false + } + ], + "effect": "alert" + } + ] + }, + "groups": [ + { + "modified": "2023-05-10T19:08:34.893Z", + "owner": "mbarash", + "name": "", + "previousName": "", + "_id": "by_host", + "images": [ + "alpine:*" + ] + }, + { + "modified": "2023-05-10T19:16:46.886Z", + "owner": "ss", + "name": "", + "previousName": "", + "_id": "by_cluster", + "images": [ + "registry.k8s.io/etcd:*" + ] + }, + { + "modified": "2023-05-11T09:11:54.683Z", + "owner": "ss", + "name": "", + "previousName": "", + "_id": "by_image", + "images": [ + "node:*" + ] + }, + { + "modified": "2023-05-11T09:21:23.54Z", + "owner": "ss", + "name": "", + "previousName": "", + "_id": "by_registry", + "images": [ + "mcr.azk8s.cn/*" + ] + }, + { + "modified": "2023-05-11T09:22:13.522Z", + "owner": "ss", + "name": "", + "previousName": "", + "_id": "by_repository", + "images": [ + "python:*" + ] + }, + { + "modified": "2023-05-11T09:22:47.854Z", + "owner": "ss", + "name": "", + "previousName": "", + "_id": "bu_layer_automated", + "layers": [ + "sha256:a0d44e5352dcb84bca48b6ee3d30a9ec91b5e6eb6793747e06d2454d360a9338", + "sha256:5ad177daa048ca8b354b9ad03deac863ff519a2860a35dc9fdc0011619aacc3c", + "sha256:543bb037d9827e706ea0ee9277e56ff916439a114fa56c520ac7dcaf6daae84a", + "sha256:efd3b1563a816d85c6414e0c139691df720c34d6f65abaa19819d37b11459b40", + "sha256:bc30bde5a6578b9643d05dd47105414777adadaf5df93b493eff1785e1e07328", + "sha256:77e7191206a99af5cf1718885fb45262c2e2da30ad650c5868dfa3c54739c24a", + "sha256:4fcf730353158873699670f97f2556942ff470c360539ff9283d80c72f275030", + "sha256:d1a8d814c41eab7ee00b94a9184f081bf4c36721d559c5b349b9653bd473d8a0" + ] + }, + { + "modified": "2023-05-11T09:23:21.338Z", + "owner": "ss", + "name": "", + "previousName": "", + "_id": "by_manual_manual", + "layers": [ + "sha256:05f4935ad90ae437375c64090af07a6232bfeffc9f311e3e315919627c542ac9", + "sha256:5aea01ea0a0f088b7844c169b9b8fd5ea034a21b4aa075ae3c54a1cb64138b93", + "sha256:d8183b2c9c73e92b3569c8c77f05a245d1d4a58c3d3f23e740ea4f69c5e8d8f4", + "sha256:ee50c22fdf6c99affec8690f7ef820f0e8cd19f4ece9a32503cdcf59a391514d" + ] + }, + { + "modified": "2023-05-11T12:41:27.885Z", + "owner": "ss", + "name": "", + "previousName": "", + "_id": "ss_test", + "images": [ + "kuku:*", + "example/cves:*" + ] + } + ] +} +``` \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/trust/data_put.md b/openapi-specs/compute/33-02/desc/trust/data_put.md new file mode 100644 index 000000000..0e6a0ba49 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/trust/data_put.md @@ -0,0 +1,32 @@ +Updates a trusted image to the system. +Specify trusted images using either the image name or layers properties. + +## cURL Request + +Refer to the following example cURL command that uses basic auth to specify that the Ubuntu 16.04 image on Docker Hub is a trusted image: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X PUT \ + -d '{"image":"ubuntu/16.04", "_id":"docker-ubuntu-group"}' \ + https:///api/v/trust/data +``` + +To edit a trust group based on image base layers, use PUT to specify a list of SHA256 hashes for the layers that are trusted. + +Refer to the following example that specifies the Ubuntu 16.04 image is a trusted base OS. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X PUT \ + -d '{"layers":"["sha256:a94e0d5a7c404d0e6fa15d8cd4010e69663bd8813b5117fbad71365a73656df9", + "sha256:88888b9b1b5b7bce5db41267e669e6da63ee95736cb904485f96f29be648bfda", + "sha256:52f389ea437ebf419d1c9754d0184b57edb45c951666ee86951d9f6afd26035e", + "sha256:52a7ea2bb533dc2a91614795760a67fb807561e8a588204c4858a300074c082b", + "sha256:db584c622b50c3b8f9b8b94c270cc5fe235e5f23ec4aacea8ce67a8c16e0fbad"]", "_id":"docker-ubuntu-group"}' \ + "https:///api/v/trust/data" +``` diff --git a/openapi-specs/compute/33-02/desc/trust/get.md b/openapi-specs/compute/33-02/desc/trust/get.md new file mode 100644 index 000000000..1226cd0a3 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/trust/get.md @@ -0,0 +1,11 @@ +Retrieves a list of all trusted images. + +The following example curl command uses basic auth to retrieve all trusted images: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https://:8083/api/v1/trust +``` diff --git a/openapi-specs/compute/33-02/desc/trust/id_delete.md b/openapi-specs/compute/33-02/desc/trust/id_delete.md new file mode 100644 index 000000000..b3114775f --- /dev/null +++ b/openapi-specs/compute/33-02/desc/trust/id_delete.md @@ -0,0 +1,12 @@ +Deletes an image trust group. Specify the image trust group to be deleted by the `_id`. + +The following example curl command uses basic auth to specify a image trust group for deletion with the handle `docker-ubuntu-group`. + + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X DELETE \ + https://:8083/api/v1/trust/docker-ubuntu-group +``` diff --git a/openapi-specs/compute/33-02/desc/trust/id_put.md b/openapi-specs/compute/33-02/desc/trust/id_put.md new file mode 100644 index 000000000..44d2c8b8b --- /dev/null +++ b/openapi-specs/compute/33-02/desc/trust/id_put.md @@ -0,0 +1,18 @@ +Updates the properties of an existing trusted image entry. + +In the request payload, specify either the `_id` or image name. +The trusted group ID needs to be specified in request payload. + +On success, this method returns the handle (unique ID) for the modified entry. +For more information about handles, see the `_id` in the response body for the GET method. + +The following example curl command uses basic auth to modify the image property for an existing trusted image entry, where the handle for the entry is `docker-ubuntu-group`. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X PUT \ + -d '{"image":"ubuntu/18.04", "_id":"docker-ubuntu-group"}' \ + https://:8083/api/v1/trust/docker-ubuntu-group +``` diff --git a/openapi-specs/compute/33-02/desc/trust/learn_get.md b/openapi-specs/compute/33-02/desc/trust/learn_get.md new file mode 100644 index 000000000..d8a3414d0 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/trust/learn_get.md @@ -0,0 +1,9 @@ +Returns the state of the trusted images model. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https://:8083/api/v1/trust/learn +``` diff --git a/openapi-specs/compute/33-02/desc/trust/learn_post.md b/openapi-specs/compute/33-02/desc/trust/learn_post.md new file mode 100644 index 000000000..094817738 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/trust/learn_post.md @@ -0,0 +1,10 @@ +Sets the state of trusted images model. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + -d '{"state":"learning"}' + https://:8083/api/v1/trust/learn +``` diff --git a/openapi-specs/compute/33-02/desc/trust/post.md b/openapi-specs/compute/33-02/desc/trust/post.md new file mode 100644 index 000000000..1072275a1 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/trust/post.md @@ -0,0 +1,32 @@ +Adds a trusted image to the system. +Specify trusted images using either the image name or layers properties. + +On success, this method returns the `_id` for the image trust group. +For more information about handles, see the `_id` key in the response body for the GET method. + +The following example curl command uses basic auth to specify that the Ubuntu 16.04 image on Docker Hub is a trusted image. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + -d '{"image":"ubuntu/16.04", "_id":"docker-ubuntu-group"}' \ + https://:8083/api/v1/trust +``` + +To create a trust group based on image base layers, POST a list of SHA256 hashes for the layers that are trusted. +The following example specifies the Ubuntu 16.04 image is a trusted base OS. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + -d '{"layers":"["sha256:a94e0d5a7c404d0e6fa15d8cd4010e69663bd8813b5117fbad71365a73656df9", + "sha256:88888b9b1b5b7bce5db41267e669e6da63ee95736cb904485f96f29be648bfda", + "sha256:52f389ea437ebf419d1c9754d0184b57edb45c951666ee86951d9f6afd26035e", + "sha256:52a7ea2bb533dc2a91614795760a67fb807561e8a588204c4858a300074c082b", + "sha256:db584c622b50c3b8f9b8b94c270cc5fe235e5f23ec4aacea8ce67a8c16e0fbad"]", "_id":"docker-ubuntu-group"}' \ + https://:8083/api/v1/trust +``` diff --git a/openapi-specs/compute/33-02/desc/trust/trust.md b/openapi-specs/compute/33-02/desc/trust/trust.md new file mode 100644 index 000000000..b8c57bf98 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/trust/trust.md @@ -0,0 +1,2 @@ +Manage the list of registries, repositories, and images that are considered trusted. +You can create a compliance policy that permits just the images in this list to execute in your environment. diff --git a/openapi-specs/compute/33-02/desc/users/get.md b/openapi-specs/compute/33-02/desc/users/get.md new file mode 100644 index 000000000..e4e6966ec --- /dev/null +++ b/openapi-specs/compute/33-02/desc/users/get.md @@ -0,0 +1,17 @@ +Retrieves a list of all users. + +This endpoint maps to **Manage > Authentication > Users** in the Console UI. + +### cURL Request + +The following cURL command retrieves all users. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + 'https:///api/v/users' +``` + +A successful response returns a list of all users. diff --git a/openapi-specs/compute/33-02/desc/users/id_delete.md b/openapi-specs/compute/33-02/desc/users/id_delete.md new file mode 100644 index 000000000..1cfa5642d --- /dev/null +++ b/openapi-specs/compute/33-02/desc/users/id_delete.md @@ -0,0 +1,27 @@ +Deletes a user from the system. + +The URL parameter `{id}` maps to `username`. +The `username` for each user can be retrieved from the `GET /api/v/users` endpoint. + +To invoke this endpoint in the Console UI: + +1. Navigate to **Manage > Authentication > Users**. +2. In a table row, click the **Actions** button for the user to update. +3. Click the **Delete** button to open the delete confirmation window. +4. Click the **Delete User** button to delete the user. + +**Note:** You can not delete the user for the current logged in account. + +### cURL Request + +The following cURL command deletes user `ID` from the system. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X DELETE \ + https:///api/v/users/ +``` + +**Note:** No response will be returned upon successful execution. diff --git a/openapi-specs/compute/33-02/desc/users/password_put.md b/openapi-specs/compute/33-02/desc/users/password_put.md new file mode 100644 index 000000000..5a5fe356b --- /dev/null +++ b/openapi-specs/compute/33-02/desc/users/password_put.md @@ -0,0 +1,27 @@ +Changes the password of a user. + +To invoke this endpoint in the Console UI: + +1. Click on the user icon near the top-right corner of the Console UI. +2. Select **Change password**. +3. Enter the old and new passwords. +3. Click the **Save** button. + +### cURL Request + +The following cURL command replaces the password of `USER` (the user authenticating with Console to call this endpoint). + +```bash +$ curl 'https:///api/v/users/password' \ + -k \ + -X PUT \ + -u \ + -H 'Content-Type: application/json' \ + -d \ +'{ + "oldPassword": "", + "newPassword": "" +}' +``` + +**Note:** No response will be returned upon successful execution. diff --git a/openapi-specs/compute/33-02/desc/users/post.md b/openapi-specs/compute/33-02/desc/users/post.md new file mode 100644 index 000000000..e3ca2f09c --- /dev/null +++ b/openapi-specs/compute/33-02/desc/users/post.md @@ -0,0 +1,114 @@ +Adds a new user to the system. + +To invoke this endpoint in the Console UI: + +1. Navigate to **Manage > Authentication > Users**. +2. Click **+ Add user** and enter the user's information. +3. Click the **Save** button. + +Every Console has a project name, even if projects aren't enabled. +If you've deployed a single stand-alone Console, it's called `Central Console`. +If you've enabled projects, the master Console is called `Central Console`. +Each connected tenant project has a unique name, which is specified when the project is created. + +All users are created and managed in `Central Console`. + +### cURL Requests + +Refer to the following example cURL requests: + +#### Add a New User + +When `authType` is set to `basic`, the system creates a "local" user that's managed in Console's database. +If you integrated Prisma Cloud with an identity provider, set `authType` to a supported value, such as `saml`. + +The following example cURL command adds a new user to Central Console: + +```bash +$ curl 'https:///api/v/users' \ + -k \ + -X POST \ + -u \ + -H 'Content-Type: application/json' \ + -d \ +'{ + "username":"", + "password":"", + "role":"auditor", + "authType":"basic" +}' +``` + +**Note:** No response will be returned upon successful execution. + +#### Add a New User and Grant Access to a Project + +Use the `permissions` object to grant a user access to specific projects and specific collections in a project. + +When you define the `permissions` object, specify the following parameters: +`projects`: (Required.) Specifies a project name. +`collections`: (Requires initialization with a valid collection name.) Specifies a valid collection to assign to the user. +If left unspecified, users are granted access to the `All` collection by default. + +The following example cURL command adds a new user to Console and grants access to the tenant project `PROJECT_NAME`: + +Before you invoke this request: + +1. In the Console UI navigate to **Manage > Projects**. +2. Enable the **Use projects** setting. +3. If no project is provisioned, use the **+ Provision project** button to create a new project. +4. Retrieve a tenant project name from the table from the **Project** column. + +```bash +$ curl 'https:///api/v/users' \ + -k \ + -X POST \ + -u \ + -H 'Content-Type: application/json' \ + -d \ +'{ + "username":"", + "password":"", + "role":"auditor", + "authType":"basic", + "permissions":[ + { + "project":"" + } + ] +}' +``` + +**Note:** No response will be returned upon successful execution. + +#### Add a New User and Grant Access to a Collection + +When assigning collections, you must explicitly specify a project. +When you're working with a single stand-alone Console, the value for project is `Central Console`. + +The following example cURL command adds a new user to Console and grants access to the `finance-app` collection in `Central Console`: + +```bash +$ curl 'https:///api/v/users' \ + -k \ + -X POST \ + -u \ + -H 'Content-Type: application/json' \ + -d \ +'{ + "username":"", + "password":"", + "role":"auditor", + "authType":"basic", + "permissions":[ + { + "project":"Central Console", + "collections":[ + "finance-app" + ] + } + ] +}' +``` + +**Note:** No response will be returned upon successful execution. diff --git a/openapi-specs/compute/33-02/desc/users/put.md b/openapi-specs/compute/33-02/desc/users/put.md new file mode 100644 index 000000000..8f25a00a6 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/users/put.md @@ -0,0 +1,43 @@ +Updates an existing user in the system. + +To invoke this endpoint in the Console UI: + +1. Navigate to **Manage > Authentication > Users**. +2. In a table row, click the **Actions** button for the user to update. +3. Click the **Manage** button and update the user's parameters. +4. Click the **Save** button to save the updated user. + +### cURL Request + +The following example command changes the role of a user to `auditor`. + +In general, you should get the user object from `GET /api/v/users` and resubmit all key-value pairs, changing just the values that need updating. +If key-values are left unspecified, their default values will override any current values (note the exception below). +For example, if `permissions.collections` specified a collection named `finance-app`, but the submitted request omitted `permissions.collections`, its value would be reset to `All`. + +For "local" users, where `authType` is set to `basic`: if a password isn't specified, it's left as-is. +For any other `authType`, passwords are managed by the identity provider (IdP), and aren't specified in the request body. + +```bash +$ curl 'https:///api/v/users' \ + -k \ + -X PUT \ + -u \ + -H 'Content-Type: application/json' \ + -d \ +'{ + "username":"", + "role":"auditor", + "authType":"basic", + "permissions":[ + { + "project":"", + "collections":[ + "All" + ] + } + ] +}' +``` + +**Note:** No response will be returned upon successful execution. diff --git a/openapi-specs/compute/33-02/desc/users/users.md b/openapi-specs/compute/33-02/desc/users/users.md new file mode 100644 index 000000000..976121da4 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/users/users.md @@ -0,0 +1,7 @@ +Administrative endpoint to create and manage users. +Assign roles and specify who has access to which projects and which collections. + +User management with these endpoints is supported for Compute Edition (self-hosted) only. + +If you integrated Prisma Cloud Compute Edition with an identity provider, use these endpoints to assign roles to individual users. +Note that groups are a better way to assign roles when you have a large number of users. diff --git a/openapi-specs/compute/33-02/desc/util/osx_twistcli_arm64_get.md b/openapi-specs/compute/33-02/desc/util/osx_twistcli_arm64_get.md new file mode 100644 index 000000000..b385d0d3b --- /dev/null +++ b/openapi-specs/compute/33-02/desc/util/osx_twistcli_arm64_get.md @@ -0,0 +1,17 @@ +Downloads the twistcli binary executable for MacOS platforms based on ARM64 architecture. + +**Note:** This endpoint maps to the **MacOS platform** hyperlink in **Manage > System > Utilities** in the Console UI. + +### cURL Request + +Refer to the following example cURL command that downloads and saves the “twistcli” binary executable for ARM64 bit MacOS platforms to your HOME directory: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET -o \ + 'https:///api/v/util/osx/arm64/twistcli' +``` + +A successful response displays the status of the download. \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/util/osx_twistcli_get.md b/openapi-specs/compute/33-02/desc/util/osx_twistcli_get.md new file mode 100644 index 000000000..c49f96c41 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/util/osx_twistcli_get.md @@ -0,0 +1,17 @@ +Downloads the twistcli binary executable for MacOS platforms. + +This endpoint maps to the **MacOS platform** hyperlink in **Manage > System > Utilities** in the Console UI. + +### cURL Request + +The following cURL command downloads the twistcli binary executable for MacOS platforms. + +```bash +$ curl -k \ + -u \ + -L \ + -o twistcli \ + https:///api/v1/util/osx/twistcli +``` + +A successful response displays the status of the download. diff --git a/openapi-specs/compute/33-02/desc/util/twistcli_arm64_get.md b/openapi-specs/compute/33-02/desc/util/twistcli_arm64_get.md new file mode 100644 index 000000000..7ec36d3f5 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/util/twistcli_arm64_get.md @@ -0,0 +1,17 @@ +Downloads the twistcli binary executable for ARM64 bit Linux platforms. + +This endpoint maps to the **Linux platform** hyperlink in **Manage > System > Utilities** in the Console UI. + +### cURL Request + +Refer to the following example cURL command that downloads and saves the “twistcli” binary executable to your HOME directory: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET -o \ + 'https:///api/v/util/arm64/twistcli' +``` + +A successful response displays the status of the download. \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/util/twistcli_get.md b/openapi-specs/compute/33-02/desc/util/twistcli_get.md new file mode 100644 index 000000000..f9d2d295c --- /dev/null +++ b/openapi-specs/compute/33-02/desc/util/twistcli_get.md @@ -0,0 +1,16 @@ +Downloads the twistcli binary executable for Linux platforms. + +This endpoint maps to the **Linux platform** hyperlink in **Manage > System > Utilities** in the Console UI. + +### cURL Request + +Refer to the following example cURL command that downloads and saves the “twistcli” binary executable to your HOME directory: + +```bash +$ curl -k \ + -u \ + -X GET -o \ +'https:///api/v/util/twistcli' +``` + +A successful response displays the status of the download. diff --git a/openapi-specs/compute/33-02/desc/util/twistlock_jenkins_plugin_get.md b/openapi-specs/compute/33-02/desc/util/twistlock_jenkins_plugin_get.md new file mode 100644 index 000000000..9fb8d4a02 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/util/twistlock_jenkins_plugin_get.md @@ -0,0 +1,17 @@ +Downloads the Prisma Cloud Compute Jenkins plugin. + +Although this endpoint is supported, no backwards compatibility is offered for it. + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -L \ + -o twistlock-jenkins-plugin.hpi \ + https:///api/v1/util/twistlock-jenkins-plugin.hpi +``` + +A successful response displays the status of the download. \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/util/twistlock_tas_tile_get.md b/openapi-specs/compute/33-02/desc/util/twistlock_tas_tile_get.md new file mode 100644 index 000000000..fea28aaad --- /dev/null +++ b/openapi-specs/compute/33-02/desc/util/twistlock_tas_tile_get.md @@ -0,0 +1,17 @@ +Downloads the VMware Tanzu Application Service tile for Prisma Cloud Compute. + +Although this endpoint is supported, no backwards compatibility is offered for it. + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -L \ + -o twistlock-tile.pivotal \ + "https:///api/v1/util/tas-tile" +``` + +A successful response displays the status of the download. \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/util/util.md b/openapi-specs/compute/33-02/desc/util/util.md new file mode 100644 index 000000000..2a0c26d8e --- /dev/null +++ b/openapi-specs/compute/33-02/desc/util/util.md @@ -0,0 +1 @@ +Download Prisma Cloud Compute utilities. diff --git a/openapi-specs/compute/33-02/desc/util/windows_twistcli_get.md b/openapi-specs/compute/33-02/desc/util/windows_twistcli_get.md new file mode 100644 index 000000000..1c545dbbb --- /dev/null +++ b/openapi-specs/compute/33-02/desc/util/windows_twistcli_get.md @@ -0,0 +1,17 @@ +Downloads the twistcli binary executable for Windows platforms. + +This endpoint maps to the **Windows platform** hyperlink in **Manage > System > Utilities** in the Console UI. + +### cURL Request + +The following cURL command downloads the twistcli binary executable for Windows platforms. + +```bash +$ curl -k \ + -u \ + -L \ + -o twistcli.exe \ + https:///api/v1/util/windows/twistcli.exe +``` + +A successful response displays the status of the download. diff --git a/openapi-specs/compute/33-02/desc/version/get.md b/openapi-specs/compute/33-02/desc/version/get.md new file mode 100644 index 000000000..28be315e0 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/version/get.md @@ -0,0 +1,15 @@ +Retrieves the version number for Console. + +### cURL Request + +The following cURL command retrieves the version number for Console. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https:///api/v/version +``` + +A successful response returns the version number for Console. diff --git a/openapi-specs/compute/33-02/desc/version/version.md b/openapi-specs/compute/33-02/desc/version/version.md new file mode 100644 index 000000000..41e9950da --- /dev/null +++ b/openapi-specs/compute/33-02/desc/version/version.md @@ -0,0 +1 @@ +Return Console's version number. diff --git a/openapi-specs/compute/33-02/desc/vms/download_get.md b/openapi-specs/compute/33-02/desc/vms/download_get.md new file mode 100644 index 000000000..e65e4efc9 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/vms/download_get.md @@ -0,0 +1,18 @@ +Returns all VM image scan reports in CSV format. + +**Note**: This endpoint maps to the table in **Monitor > Vulnerabilities > Hosts > VM images > CSV** in the Prisma Cloud Compute. + +### cURL Request + +Refer to the following example cURL command that retrieves all VM image scan reports and saves the results in a CSV file called `vm_images_scan.csv`: + +```bash +curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + -o vm_images_scan.csv \ + "https:///api/v/vms/download" +``` + +A successful response displays the status of the download. diff --git a/openapi-specs/compute/33-02/desc/vms/get.md b/openapi-specs/compute/33-02/desc/vms/get.md new file mode 100644 index 000000000..e78a28c76 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/vms/get.md @@ -0,0 +1,63 @@ +Returns all VM image scan reports. + +> _**Note:**_ + * The API rate limit for this endpoint is 30 requests per 30 seconds. You get an HTTP error response 429 if the limit exceeds. + * The query parameters `issueType` is not supported for this API endpoint. + +This endpoint maps to the table in **Monitor > Vulnerabilities > Hosts > VM images** in the Prisma Cloud Compute. + +### cURL Request + +Refer to the following example cURL command that retrieves all VM image scan reports: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/vms" +``` + +### cURL Response + +Refer to the following example VM scan report: + +``` +{ + "_id": "2226875301309860442", + "type": "vm", + "hostname": "", + "scanTime": "2022-12-01T18:08:15.299Z", + "binaries": [], + "Secrets": [], + "startupBinaries": [], + "osDistro": "redhat", + "osDistroVersion": "7", + "osDistroRelease": "RHEL7", + "distro": "CentOS Linux release 7.9.2009 (Core)", + "packages": [ + { + "pkgsType": "package", + "pkgs": [ + { + "version": "0.100-7.el7", + "name": "dbus-glib", + "cveCount": 8, + "license": "AFL and GPLv2+", + "layerTime": 0 + }, + { + "version": "2.02-0.87.el7.centos.7", + "name": "grub2-common", + "cveCount": 184, + "license": "GPLv3+", + "layerTime": 0 + } + ... + ... + ... + ] + } + ] +} +``` diff --git a/openapi-specs/compute/33-02/desc/vms/labels_get.md b/openapi-specs/compute/33-02/desc/vms/labels_get.md new file mode 100644 index 000000000..0aed1a217 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/vms/labels_get.md @@ -0,0 +1,29 @@ +Returns an array of strings containing all AWS tags of the scanned VM images. + +_**Note:**_ The query parameters `issueType` is not supported for this API endpoint. + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/vms/labels" +``` +### cURL Response + +Refer to the following example response: + +``` +[ + "gcp:vmscan", + "with_pulled_images:true", + "test-linux-key-2:test-linux-value-2", + "test-linux-key-1:test-linux-value-1", + "Name:user-test-b" +] + +``` \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/vms/names_get.md b/openapi-specs/compute/33-02/desc/vms/names_get.md new file mode 100644 index 000000000..1145cfa0d --- /dev/null +++ b/openapi-specs/compute/33-02/desc/vms/names_get.md @@ -0,0 +1,33 @@ +Returns an array of strings containing VM image names. + +_**Note:**_ The query parameters `issueType` is not supported for this API endpoint. + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -X GET \ + -u \ + -H 'Content-Type: application/json' \ + "https:///api/v/vms/names" +``` + +### cURL Response + +Refer to the following example response: + +``` +[ + "new-auto-images-cen7-dock", + "ubuntu-pro-2004-focal-v20210720", + "user-encrypted2", + "ubuntu-20.04-lts:1.0.0", + "user-test-b", + "user-ubuntu-image-scan1", + "Canonical:0001-com-ubuntu-server-focal:20_04-lts:20.04.202110260", + "ubuntu-20.04-lts" +] + +``` \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/vms/scan_post.md b/openapi-specs/compute/33-02/desc/vms/scan_post.md new file mode 100644 index 000000000..1caa2dcaf --- /dev/null +++ b/openapi-specs/compute/33-02/desc/vms/scan_post.md @@ -0,0 +1,13 @@ +Re-scans all VM images immediately. This endpoint returns the time that the scans were initiated. + +### cURL Request + +Refer to the following example cURL command that forces Prisma Cloud to re-scan all VM images: + +```bash +$ curl -k \ + -u \ + H 'Content-Type: application/json' \ + -X POST \ + "https:///api/v/vms/scan" +``` diff --git a/openapi-specs/compute/33-02/desc/vms/stop_post.md b/openapi-specs/compute/33-02/desc/vms/stop_post.md new file mode 100644 index 000000000..4a74743eb --- /dev/null +++ b/openapi-specs/compute/33-02/desc/vms/stop_post.md @@ -0,0 +1,15 @@ +Stops the current VM image scan. + +Note: It might take a few minutes for the scan to stop completely. + +### cURL Request + +Refer to the following example cURL command that forces Prisma Cloud to stop scanning all VM images: + +```bash +$ curl -k \ + -u \ + H 'Content-Type: application/json' \ + -X POST \ + "https:///api/v/vms/stop" +``` diff --git a/openapi-specs/compute/33-02/desc/vms/vms.md b/openapi-specs/compute/33-02/desc/vms/vms.md new file mode 100644 index 000000000..65409bb99 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/vms/vms.md @@ -0,0 +1,8 @@ +Scan VM images in AWS, Azure, and GCP for vulnerabilities. + +Prisma Cloud can scan the following VM images: +* AWS: Linux Amazon Machine Images (AMIs) +* Azure: Managed, Gallery and Marketplace images +* GCP: Public and Custom images (including Premium images) + +For more information, see [Configure VM Image Scanning](https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin-compute/vulnerability_management/vm_image_scanning) diff --git a/openapi-specs/compute/33-02/desc/waas/openapi-scans_post.md b/openapi-specs/compute/33-02/desc/waas/openapi-scans_post.md new file mode 100644 index 000000000..d78a42616 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/waas/openapi-scans_post.md @@ -0,0 +1,14 @@ +Scans the OpenAPI specifications file of size not more than 100 KB and generates a report for any errors, or shortcomings such as structural issues, compromised security, best practices, and so on. API definition scan supports scanning OpenAPI 2.X and 3.X definition files in either YAML or JSON formats. + +### cURL Request + +Refer to the following example cURL command that generates a report for any errors or shortcomings in the OpenAPI specification: + +```bash +$ curl 'https:///api/v/waas/openapi-scans' \ +-k \ +-H 'Content-Type: multipart/form-data' \ +-u \ +-X POST \ +-v -F‘spec=@.json;type=application/json’-F‘data={“source”:“manual”};type=application/json’ +``` \ No newline at end of file diff --git a/openapi-specs/compute/openapi-33-02-130-sh.json b/openapi-specs/compute/33-02/openapi-33-02-130-sh.json similarity index 100% rename from openapi-specs/compute/openapi-33-02-130-sh.json rename to openapi-specs/compute/33-02/openapi-33-02-130-sh.json diff --git a/openapi-specs/compute/openapi-33-03-138-sh.json b/openapi-specs/compute/openapi-33-03-138-sh.json new file mode 100644 index 000000000..bad8fc9d3 --- /dev/null +++ b/openapi-specs/compute/openapi-33-03-138-sh.json @@ -0,0 +1,52394 @@ +{ + "components": { + "schemas": { + "-_admission.Audit": { + "items": { + "$ref": "#/components/schemas/admission.Audit" + }, + "type": "array" + }, + "-_ais.ScanInstancesRequest": { + "items": { + "$ref": "#/components/schemas/ais.ScanInstancesRequest" + }, + "type": "array" + }, + "-_ais.ScanInstancesResult": { + "items": { + "$ref": "#/components/schemas/ais.ScanInstancesResult" + }, + "type": "array" + }, + "-_api.AggregationPeriod": { + "items": { + "$ref": "#/components/schemas/api.AggregationPeriod" + }, + "type": "array" + }, + "-_api.AlertProfile": { + "items": { + "$ref": "#/components/schemas/api.AlertProfile" + }, + "type": "array" + }, + "-_applicationcontrol.Rule": { + "items": { + "$ref": "#/components/schemas/applicationcontrol.Rule" + }, + "type": "array" + }, + "-_ccs.ConsoleMessage": { + "items": { + "$ref": "#/components/schemas/ccs.ConsoleMessage" + }, + "type": "array" + }, + "-_collection.Collection": { + "items": { + "$ref": "#/components/schemas/collection.Collection" + }, + "type": "array" + }, + "-_collection.Usage": { + "items": { + "$ref": "#/components/schemas/collection.Usage" + }, + "type": "array" + }, + "-_cred.Credential": { + "items": { + "$ref": "#/components/schemas/cred.Credential" + }, + "type": "array" + }, + "-_customrules.Rule": { + "items": { + "$ref": "#/components/schemas/customrules.Rule" + }, + "type": "array" + }, + "-_defender.Defender": { + "items": { + "$ref": "#/components/schemas/defender.Defender" + }, + "type": "array" + }, + "-_deployment.DaemonSet": { + "items": { + "$ref": "#/components/schemas/deployment.DaemonSet" + }, + "type": "array" + }, + "-_forensic.ContainerEvent": { + "items": { + "$ref": "#/components/schemas/forensic.ContainerEvent" + }, + "type": "array" + }, + "-_forensic.HostEvent": { + "items": { + "$ref": "#/components/schemas/forensic.HostEvent" + }, + "type": "array" + }, + "-_kubeaudit.Audit": { + "items": { + "$ref": "#/components/schemas/kubeaudit.Audit" + }, + "type": "array" + }, + "-_kubeaudit.AuditSpecification": { + "items": { + "$ref": "#/components/schemas/kubeaudit.AuditSpecification" + }, + "type": "array" + }, + "-_log.LogEntry": { + "items": { + "$ref": "#/components/schemas/log.LogEntry" + }, + "type": "array" + }, + "-_prisma.AlertIntegration": { + "items": { + "$ref": "#/components/schemas/prisma.AlertIntegration" + }, + "type": "array" + }, + "-_rbac.Role": { + "items": { + "$ref": "#/components/schemas/rbac.Role" + }, + "type": "array" + }, + "-_runtime.ContainerProfileHost": { + "items": { + "$ref": "#/components/schemas/runtime.ContainerProfileHost" + }, + "type": "array" + }, + "-_runtime.HostProfile": { + "items": { + "$ref": "#/components/schemas/runtime.HostProfile" + }, + "type": "array" + }, + "-_sandbox.ScanResult": { + "items": { + "$ref": "#/components/schemas/sandbox.ScanResult" + }, + "type": "array" + }, + "-_serverless.FunctionInfo": { + "items": { + "$ref": "#/components/schemas/serverless.FunctionInfo" + }, + "type": "array" + }, + "-_serverless.RadarFilter": { + "items": { + "$ref": "#/components/schemas/serverless.RadarFilter" + }, + "type": "array" + }, + "-_shared.AppEmbeddedRuntimeProfile": { + "items": { + "$ref": "#/components/schemas/shared.AppEmbeddedRuntimeProfile" + }, + "type": "array" + }, + "-_shared.AppFirewallAudit": { + "items": { + "$ref": "#/components/schemas/shared.AppFirewallAudit" + }, + "type": "array" + }, + "-_shared.Audit": { + "items": { + "$ref": "#/components/schemas/shared.Audit" + }, + "type": "array" + }, + "-_shared.BackupSpec": { + "items": { + "$ref": "#/components/schemas/shared.BackupSpec" + }, + "type": "array" + }, + "-_shared.CLIScanResult": { + "items": { + "$ref": "#/components/schemas/shared.CLIScanResult" + }, + "type": "array" + }, + "-_shared.CloudDiscoveryAccount": { + "items": { + "$ref": "#/components/schemas/shared.CloudDiscoveryAccount" + }, + "type": "array" + }, + "-_shared.CloudDiscoveryEntity": { + "items": { + "$ref": "#/components/schemas/shared.CloudDiscoveryEntity" + }, + "type": "array" + }, + "-_shared.CloudDiscoveryRadar": { + "items": { + "$ref": "#/components/schemas/shared.CloudDiscoveryRadar" + }, + "type": "array" + }, + "-_shared.CloudDiscoveryResult": { + "items": { + "$ref": "#/components/schemas/shared.CloudDiscoveryResult" + }, + "type": "array" + }, + "-_shared.CloudScanRule": { + "items": { + "$ref": "#/components/schemas/shared.CloudScanRule" + }, + "type": "array" + }, + "-_shared.ContainerNetworkFirewallProfileAudits": { + "items": { + "$ref": "#/components/schemas/shared.ContainerNetworkFirewallProfileAudits" + }, + "type": "array" + }, + "-_shared.ContainerRuntimeProfile": { + "items": { + "$ref": "#/components/schemas/shared.ContainerRuntimeProfile" + }, + "type": "array" + }, + "-_shared.ContainerScanResult": { + "items": { + "$ref": "#/components/schemas/shared.ContainerScanResult" + }, + "type": "array" + }, + "-_shared.CustomComplianceCheck": { + "items": { + "$ref": "#/components/schemas/shared.CustomComplianceCheck" + }, + "type": "array" + }, + "-_shared.FileIntegrityEvent": { + "items": { + "$ref": "#/components/schemas/shared.FileIntegrityEvent" + }, + "type": "array" + }, + "-_shared.HostActivity": { + "items": { + "$ref": "#/components/schemas/shared.HostActivity" + }, + "type": "array" + }, + "-_shared.HostInfo": { + "items": { + "$ref": "#/components/schemas/shared.HostInfo" + }, + "type": "array" + }, + "-_shared.HostNetworkFirewallProfileAudits": { + "items": { + "$ref": "#/components/schemas/shared.HostNetworkFirewallProfileAudits" + }, + "type": "array" + }, + "-_shared.ImageScanResult": { + "items": { + "$ref": "#/components/schemas/shared.ImageScanResult" + }, + "type": "array" + }, + "-_shared.Incident": { + "items": { + "$ref": "#/components/schemas/shared.Incident" + }, + "type": "array" + }, + "-_shared.LambdaRuntimeType": { + "items": { + "$ref": "#/components/schemas/shared.LambdaRuntimeType" + }, + "type": "array" + }, + "-_shared.LogInspectionEvent": { + "items": { + "$ref": "#/components/schemas/shared.LogInspectionEvent" + }, + "type": "array" + }, + "-_shared.MgmtAudit": { + "items": { + "$ref": "#/components/schemas/shared.MgmtAudit" + }, + "type": "array" + }, + "-_shared.Progress": { + "items": { + "$ref": "#/components/schemas/shared.Progress" + }, + "type": "array" + }, + "-_shared.RegionData": { + "items": { + "$ref": "#/components/schemas/shared.RegionData" + }, + "type": "array" + }, + "-_shared.RegistryScanProgress": { + "items": { + "$ref": "#/components/schemas/shared.RegistryScanProgress" + }, + "type": "array" + }, + "-_shared.RegistryScanRequest": { + "items": { + "$ref": "#/components/schemas/shared.RegistryScanRequest" + }, + "type": "array" + }, + "-_shared.RuntimeAudit": { + "items": { + "$ref": "#/components/schemas/shared.RuntimeAudit" + }, + "type": "array" + }, + "-_shared.TASDropletSpecification": { + "items": { + "$ref": "#/components/schemas/shared.TASDropletSpecification" + }, + "type": "array" + }, + "-_shared.Tag": { + "items": { + "$ref": "#/components/schemas/shared.Tag" + }, + "type": "array" + }, + "-_shared.TrustAudits": { + "items": { + "$ref": "#/components/schemas/shared.TrustAudits" + }, + "type": "array" + }, + "-_shared.VMSpecification": { + "items": { + "$ref": "#/components/schemas/shared.VMSpecification" + }, + "type": "array" + }, + "-_string": { + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "-_types.AgentlessHostStatus": { + "items": { + "$ref": "#/components/schemas/types.AgentlessHostStatus" + }, + "type": "array" + }, + "-_types.AlertProfileOption": { + "items": { + "$ref": "#/components/schemas/types.AlertProfileOption" + }, + "type": "array" + }, + "-_types.AuditTimeslice": { + "items": { + "$ref": "#/components/schemas/types.AuditTimeslice" + }, + "type": "array" + }, + "-_types.BaseImagesRule": { + "items": { + "$ref": "#/components/schemas/types.BaseImagesRule" + }, + "type": "array" + }, + "-_types.CVEStats": { + "items": { + "$ref": "#/components/schemas/types.CVEStats" + }, + "type": "array" + }, + "-_types.CVEVulnerability": { + "items": { + "$ref": "#/components/schemas/types.CVEVulnerability" + }, + "type": "array" + }, + "-_types.ClusterRadarInfo": { + "items": { + "$ref": "#/components/schemas/types.ClusterRadarInfo" + }, + "type": "array" + }, + "-_types.CredentialUsage": { + "items": { + "$ref": "#/components/schemas/types.CredentialUsage" + }, + "type": "array" + }, + "-_types.DefenderSummary": { + "items": { + "$ref": "#/components/schemas/types.DefenderSummary" + }, + "type": "array" + }, + "-_types.DefendersVersionCount": { + "items": { + "$ref": "#/components/schemas/types.DefendersVersionCount" + }, + "type": "array" + }, + "-_types.DiscoveredVM": { + "items": { + "$ref": "#/components/schemas/types.DiscoveredVM" + }, + "type": "array" + }, + "-_types.Endpoint": { + "items": { + "$ref": "#/components/schemas/types.Endpoint" + }, + "type": "array" + }, + "-_types.ImpactedOutOfBandEntity": { + "items": { + "$ref": "#/components/schemas/types.ImpactedOutOfBandEntity" + }, + "type": "array" + }, + "-_types.Project": { + "items": { + "$ref": "#/components/schemas/types.Project" + }, + "type": "array" + }, + "-_types.Stats": { + "items": { + "$ref": "#/components/schemas/types.Stats" + }, + "type": "array" + }, + "-_types.UserCollection": { + "items": { + "$ref": "#/components/schemas/types.UserCollection" + }, + "type": "array" + }, + "-_types.UserProject": { + "items": { + "$ref": "#/components/schemas/types.UserProject" + }, + "type": "array" + }, + "-_types.VulnerabilityStats": { + "items": { + "$ref": "#/components/schemas/types.VulnerabilityStats" + }, + "type": "array" + }, + "-_uint8": { + "items": { + "$ref": "#/components/schemas/uint8" + }, + "type": "array" + }, + "-_vuln.WildFireMalware": { + "items": { + "$ref": "#/components/schemas/vuln.WildFireMalware" + }, + "type": "array" + }, + "-_waas.APIChangeDetails": { + "items": { + "$ref": "#/components/schemas/waas.APIChangeDetails" + }, + "type": "array" + }, + "-_waas.DiscoveredAPI": { + "items": { + "$ref": "#/components/schemas/waas.DiscoveredAPI" + }, + "type": "array" + }, + "-_waas.NetworkList": { + "items": { + "$ref": "#/components/schemas/waas.NetworkList" + }, + "type": "array" + }, + "-_waas.OpenAPIScan": { + "items": { + "$ref": "#/components/schemas/waas.OpenAPIScan" + }, + "type": "array" + }, + "-_waas.UnprotectedContainersWebApps": { + "items": { + "$ref": "#/components/schemas/waas.UnprotectedContainersWebApps" + }, + "type": "array" + }, + "-_waas.UnprotectedHostsWebApps": { + "items": { + "$ref": "#/components/schemas/waas.UnprotectedHostsWebApps" + }, + "type": "array" + }, + "-_waas.VPCConfigMirroredResource": { + "items": { + "$ref": "#/components/schemas/waas.VPCConfigMirroredResource" + }, + "type": "array" + }, + "-_waas.VPCConfigResource": { + "items": { + "$ref": "#/components/schemas/waas.VPCConfigResource" + }, + "type": "array" + }, + "admission.Audit": { + "description": "Audit represents an admission audit", + "properties": { + "accountID": { + "description": "AccountID is the cloud account ID.\n", + "type": "string" + }, + "attackTechniques": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/mitre.Technique" + }, + "type": "array" + }, + "cluster": { + "description": "Cluster is the cluster where the audit took place.\n", + "type": "string" + }, + "collections": { + "description": "Collections are collections to which this audit applies.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "effect": { + "description": "Effect is the rule effect which was applied to the review which led to this audit.\n", + "type": "string" + }, + "kind": { + "description": "Kind is the type of object being manipulated. For example: Pod.\n", + "type": "string" + }, + "message": { + "description": "Message is the rule user defined message which appears on audit.\n", + "type": "string" + }, + "namespace": { + "description": "Namespace is the namespace associated with the request (if any).\n", + "type": "string" + }, + "operation": { + "description": "Operation is the operation being performed.\n", + "type": "string" + }, + "rawRequest": { + "description": "RawRequest is the original review request that caused this audit.\n", + "type": "string" + }, + "resource": { + "description": "Resource is the name of the resource being requested. This is not the kind. For example: pods.\n", + "type": "string" + }, + "ruleName": { + "description": "RuleName is the name of the rule which issued this audit.\n", + "type": "string" + }, + "time": { + "description": "Time is the time at which the audit was generated.\n", + "format": "date-time", + "type": "string" + }, + "userGroups": { + "description": "UserGroups is the names of groups this user is a part of.\n", + "type": "string" + }, + "userUid": { + "description": "UserUID is a unique value that identifies this user across time. If this user is\ndeleted and another user by the same name is added, they will have\ndifferent UIDs.\n", + "type": "string" + }, + "username": { + "description": "Username is the name that uniquely identifies this user among all active users.\n", + "type": "string" + } + }, + "type": "object" + }, + "admission.Policy": { + "description": "Policy represents a policy enforced on Kubernetes admission reviews", + "properties": { + "_id": { + "description": "ID is the policy ID.\n", + "type": "string" + }, + "rules": { + "description": "Rules is a list of rules associated with the admission policy.\n", + "items": { + "$ref": "#/components/schemas/admission.Rule" + }, + "type": "array" + } + }, + "type": "object" + }, + "admission.Rule": { + "description": "Rule represents an admission rule", + "properties": { + "attackTechniques": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/mitre.Technique" + }, + "type": "array" + }, + "description": { + "description": "Description is the rule description.\n", + "type": "string" + }, + "disabled": { + "description": "Indicates whether the rule is currently disabled. Values: true (disabled) or false (enabled).\n", + "type": "boolean" + }, + "effect": { + "$ref": "#/components/schemas/common.PolicyEffect" + }, + "modified": { + "description": "Specifies the date and time when the rule was last modified.\n", + "format": "date-time", + "type": "string" + }, + "name": { + "description": "Name of the rule.\n", + "type": "string" + }, + "notes": { + "description": "Describes any noteworthy points for a rule. You can include any text.\n", + "type": "string" + }, + "owner": { + "description": "User who created or last modified the rule.\n", + "type": "string" + }, + "previousName": { + "description": "Previous name of the rule. Required for rule renaming.\n", + "type": "string" + }, + "script": { + "description": "Script is the Rego script.\n", + "type": "string" + }, + "skipRawReq": { + "description": "SkipRawReq signals to exclude raw review request in a resulting admission audit.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "agentless.ImageScanResultErrCode": { + "description": "ImageScanResultErrCode represents the asset status error", + "type": "integer" + }, + "ais.ScanInstancesRequest": { + "properties": { + "cloudAccountID": { + "description": ".\n", + "type": "string" + }, + "cloudInstanceIds": { + "description": ".\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "cloudProvider": { + "$ref": "#/components/schemas/common.CloudProvider" + }, + "region": { + "description": ".\n", + "type": "string" + } + }, + "type": "object" + }, + "ais.ScanInstancesResult": { + "properties": { + "description": { + "description": ".\n", + "type": "string" + }, + "instances": { + "description": ".\n", + "items": { + "$ref": "#/components/schemas/ais.ScanInstancesRequest" + }, + "type": "array" + }, + "status": { + "description": ".\n", + "type": "integer" + } + }, + "type": "object" + }, + "api.AggregationPeriod": { + "description": "AggregationPeriod represents a period over which alerts are aggregated", + "properties": { + "displayName": { + "description": "The display name of the aggregation period.\n", + "type": "string" + }, + "periodMS": { + "description": "The aggregation period's duration in milliseconds.\n", + "type": "integer" + } + }, + "type": "object" + }, + "api.AlertClientType": { + "description": "AlertClientType represents the type of alert client (e.g., email, slack, ...)", + "type": "string" + }, + "api.AlertProfile": { + "description": "AlertProfile represents an alert profile (event type and recipients)", + "properties": { + "_id": { + "description": "ID is the alert profile ID.\n", + "type": "string" + }, + "consoleIdentifier": { + "description": "ConsoleIdentifier is the console identifier.\n", + "type": "string" + }, + "cortex": { + "$ref": "#/components/schemas/api.AlertProfileCortexSettings" + }, + "disabled": { + "description": "Indicates whether the rule is currently disabled. Values: true (disabled) or false (enabled).\n", + "type": "boolean" + }, + "email": { + "$ref": "#/components/schemas/api.AlertProfileEmailSettings" + }, + "external": { + "description": "External indicates that the profile is integrated through Prisma Cloud.\n", + "type": "boolean" + }, + "gcpPubsub": { + "$ref": "#/components/schemas/api.AlertProfileGcpPubsubSettings" + }, + "integrationID": { + "description": "IntegrationID is the ID identifying the provider configured in Prisma Cloud.\n", + "type": "string" + }, + "jira": { + "$ref": "#/components/schemas/api.AlertProfileJIRASettings" + }, + "lastError": { + "description": "LastError represents the last error when sending the profile.\n", + "type": "string" + }, + "modified": { + "description": "Specifies the date and time when the rule was last modified.\n", + "format": "date-time", + "type": "string" + }, + "name": { + "description": "Name of the rule.\n", + "type": "string" + }, + "notes": { + "description": "Describes any noteworthy points for a rule. You can include any text.\n", + "type": "string" + }, + "owner": { + "description": "User who created or last modified the rule.\n", + "type": "string" + }, + "pagerduty": { + "$ref": "#/components/schemas/api.AlertProfilePagerDutySettings" + }, + "policy": { + "additionalProperties": { + "$ref": "#/components/schemas/api.AlertRule" + }, + "description": "Policy contains the mapping between alert type to the applied alert rules.\n", + "type": "object" + }, + "previousName": { + "description": "Previous name of the rule. Required for rule renaming.\n", + "type": "string" + }, + "securityAdvisor": { + "$ref": "#/components/schemas/api.AlertProfileSecurityAdvisor" + }, + "securityCenter": { + "$ref": "#/components/schemas/api.AlertProfileSecurityCenterSettings" + }, + "securityHub": { + "$ref": "#/components/schemas/api.AlertProfileSecurityHubSettings" + }, + "serviceNow": { + "$ref": "#/components/schemas/api.AlertProfileServiceNowSettings" + }, + "slack": { + "$ref": "#/components/schemas/api.AlertProfileSlackSettings" + }, + "splunk": { + "$ref": "#/components/schemas/api.AlertProfileSplunkSettings" + }, + "sqs": { + "$ref": "#/components/schemas/api.AlertProfileSQSSettings" + }, + "vulnerabilityImmediateAlertsEnabled": { + "description": "VulnerabilityImmediateAlertsEnabled indicates whether an immediate vulnerability alert will be sent upon new image scan.\n", + "type": "boolean" + }, + "webhook": { + "$ref": "#/components/schemas/api.AlertProfileWebhookSettings" + } + }, + "type": "object" + }, + "api.AlertProfileCortexSettings": { + "description": "AlertProfileCortexSettings represents Cortex applications alert profile settings", + "properties": { + "application": { + "$ref": "#/components/schemas/api.CortexApp" + }, + "caCert": { + "description": "CACert is the certificate used to verify the server.\n", + "type": "string" + }, + "credentialId": { + "description": "CredentialID is the id of the basic authentication credential.\n", + "type": "string" + }, + "enabled": { + "description": "Enabled is Webhook provider enabled/disabled indicator.\n", + "type": "boolean" + }, + "json": { + "description": "JSON is the custom JSON we send to the URL.\n", + "type": "string" + }, + "url": { + "description": "URL is the Webhook address.\n", + "type": "string" + } + }, + "type": "object" + }, + "api.AlertProfileEmailSettings": { + "description": "AlertProfileEmailSettings represents the alert profile Email settings", + "properties": { + "credentialId": { + "description": "CredentialID is the Email authentication credentials id.\n", + "type": "string" + }, + "enabled": { + "description": ".\n", + "type": "boolean" + }, + "from": { + "description": "From is the from address of the mail.\n", + "type": "string" + }, + "labels": { + "description": "Labels are custom label names from which the mail recipients are extracted, allowing to dynamically extract the target of the alerts.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "port": { + "description": ".\n", + "type": "integer" + }, + "recipients": { + "description": ".\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "smtpAddress": { + "description": ".\n", + "type": "string" + }, + "ssl": { + "description": ".\n", + "type": "boolean" + } + }, + "type": "object" + }, + "api.AlertProfileGcpPubsubSettings": { + "description": "AlertProfileGcpPubsubSettings is the GCP Pub/Sub alert profile settings", + "properties": { + "credentialId": { + "description": "CredentialID is the GCP Pub/Sub authentication credentials id.\n", + "type": "string" + }, + "enabled": { + "description": "Enabled indicates whether the GCP Pub/Sub settings are enabled.\n", + "type": "boolean" + }, + "topic": { + "description": "Topic is the GCP Pub/Sub topic (used by subscribers to listen for messages).\n", + "type": "string" + } + }, + "type": "object" + }, + "api.AlertProfileJIRASettings": { + "description": "AlertProfileJIRASettings represents the alert profile JIRA settings", + "properties": { + "assignee": { + "$ref": "#/components/schemas/api.JIRADynamicField" + }, + "baseUrl": { + "description": "BaseURL is the JIRA address.\n", + "type": "string" + }, + "caCert": { + "description": "CACert is the certificate used to verify the server.\n", + "type": "string" + }, + "credentialId": { + "description": "CredentialID is the JIRA authentication credentials id.\n", + "type": "string" + }, + "enabled": { + "description": "Enabled controls whether the rule is enabled.\n", + "type": "boolean" + }, + "issueType": { + "description": "IssueType is the type of the JIRA issue.\n", + "type": "string" + }, + "labels": { + "$ref": "#/components/schemas/api.JIRADynamicLabels" + }, + "priority": { + "description": "Priority is the issue priority.\n", + "type": "string" + }, + "projectKey": { + "$ref": "#/components/schemas/api.JIRADynamicField" + } + }, + "type": "object" + }, + "api.AlertProfilePagerDutySettings": { + "description": "AlertProfilePagerDutySettings represents the alert profile PagerDuty settings", + "properties": { + "enabled": { + "description": "Enabled is PagerDuty provider enabled/disabled indicator.\n", + "type": "boolean" + }, + "routingKey": { + "$ref": "#/components/schemas/common.Secret" + }, + "severity": { + "$ref": "#/components/schemas/api.PagerDutyAlertSeverity" + }, + "summary": { + "description": "Summary is the PagerDuty's event summary.\n", + "type": "string" + } + }, + "type": "object" + }, + "api.AlertProfileSQSSettings": { + "description": "AlertProfileSQSSettings represents the alert profile SQS settings", + "properties": { + "enabled": { + "description": "Enabled is the SQS provider enabled/disabled indicator.\n", + "type": "boolean" + }, + "json": { + "description": "JSON is the custom json we send to SQS.\n", + "type": "string" + } + }, + "type": "object" + }, + "api.AlertProfileSecurityAdvisor": { + "description": "AlertProfileSecurityAdvisor is the IBM security advisor alert profile settings", + "properties": { + "auto": { + "description": "Automatic means the configuration was automatically provisioned by security advisor, and only notes should be created.\n", + "type": "boolean" + }, + "credentialID": { + "description": "CredentialID is the IBM security advisor credential.\n", + "type": "string" + }, + "enabled": { + "description": "Enabled indicates whether the security advisor settings are enabled.\n", + "type": "boolean" + }, + "findingsURL": { + "description": "FindingsURL is the URL to which findings should be sent.\n", + "type": "string" + }, + "providerId": { + "description": "ProviderID is the configured providerID (default twistlock).\n", + "type": "string" + }, + "tokenURL": { + "description": "TokenURL is the url from which security tokens should be fetched.\n", + "type": "string" + } + }, + "type": "object" + }, + "api.AlertProfileSecurityCenterSettings": { + "description": "AlertProfileSecurityCenterSettings is the google cloud security center alert profile settings", + "properties": { + "credentialId": { + "description": "CredentialID is the Security Center authentication credentials id.\n", + "type": "string" + }, + "enabled": { + "description": ".\n", + "type": "boolean" + }, + "sourceID": { + "description": "SourceID is the google cloud security center organization source ID (used to construct security advisor findings).\n", + "type": "string" + } + }, + "type": "object" + }, + "api.AlertProfileSecurityHubSettings": { + "description": "AlertProfileSecurityHubSettings is the AWS security hub alert profile settings", + "properties": { + "accountID": { + "description": "AccountID is the AWS account ID.\n", + "type": "string" + }, + "credentialId": { + "description": "CredentialID is the SecurityHub authentication credentials id.\n", + "type": "string" + }, + "enabled": { + "description": "Enabled indicates whether the security hub settings are enabled.\n", + "type": "boolean" + }, + "region": { + "description": "Region is the aws region.\n", + "type": "string" + } + }, + "type": "object" + }, + "api.AlertProfileServiceNowSettings": { + "description": "AlertProfileServiceNowSettings represents the ServiceNow provider alert profile settings", + "properties": { + "application": { + "$ref": "#/components/schemas/api.ServiceNowApp" + }, + "assignee": { + "description": "Assignee is the ServiceNow user to whom will assign ServiceNow incidents\\items.\n", + "type": "string" + }, + "assignmentGroup": { + "description": "AssignmentGroup is the ServiceNow group of users handling security incidents.\n", + "type": "string" + }, + "auditPriority": { + "description": "AuditPriority is the priority at which to set audit alerts in security incidents.\n", + "type": "string" + }, + "caCert": { + "description": "CA certificate for on-premise ssl (optional).\n", + "type": "string" + }, + "credentialID": { + "description": "CredentialID is the ServiceNow authentication credentials id.\n", + "type": "string" + }, + "enabled": { + "description": "Enabled is the ServiceNow provider enabled/disabled indicator.\n", + "type": "boolean" + }, + "project": { + "description": "Project is the name of the prisma compute project that was used to generate this configuration. It's required as secondary consoles do not store their project name.\n", + "type": "string" + }, + "securityIncidentBaseURL": { + "description": "SecurityIncidentBaseURL is the ServiceNow address, used to send security incidents.\n", + "type": "string" + }, + "vulnerabilityEndpointUrl": { + "description": "VulnerabilityEndpointURL to report ServiceNow vulnerabilities, customer defined scripted REST API, see: https://docs.servicenow.com/bundle/orlando-application-development/page/integrate/custom-web-services/concept/c_CustomWebServices.html.\n", + "type": "string" + } + }, + "type": "object" + }, + "api.AlertProfileSlackSettings": { + "description": "AlertProfileSlackSettings represents the alert profile Slack settings", + "properties": { + "enabled": { + "description": ".\n", + "type": "boolean" + }, + "users": { + "description": ".\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "webhookUrl": { + "description": ".\n", + "type": "string" + } + }, + "type": "object" + }, + "api.AlertProfileSplunkSettings": { + "description": "AlertProfileSplunkSettings represents the alert profile Splunk settings", + "properties": { + "authToken": { + "$ref": "#/components/schemas/common.Secret" + }, + "caCert": { + "description": "CACert is the certificate used to verify the server (optional).\n", + "type": "string" + }, + "enabled": { + "description": "Enabled is Splunk provider enabled/disabled indicator.\n", + "type": "boolean" + }, + "json": { + "description": "JSON is the custom json we send to Splunk.\n", + "type": "string" + }, + "sourceType": { + "description": "SourceType is the alert source type.\n", + "type": "string" + }, + "url": { + "description": "URL is the Splunk HTTP event collector URL.\n", + "type": "string" + } + }, + "type": "object" + }, + "api.AlertProfileWebhookSettings": { + "description": "AlertProfileWebhookSettings represents the alert profile Webhook settings", + "properties": { + "caCert": { + "description": "CACert is the certificate used to verify the server.\n", + "type": "string" + }, + "credentialId": { + "description": "CredentialID is the id of the basic authentication credential.\n", + "type": "string" + }, + "enabled": { + "description": "Enabled is Webhook provider enabled/disabled indicator.\n", + "type": "boolean" + }, + "json": { + "description": "JSON is the custom JSON we send to the URL.\n", + "type": "string" + }, + "url": { + "description": "URL is the Webhook address.\n", + "type": "string" + } + }, + "type": "object" + }, + "api.AlertRule": { + "description": "AlertRule represents the configuration of an alert type", + "properties": { + "allRules": { + "description": "AllRules controls whether an alert is sent out for audits on all policy rules.\n", + "type": "boolean" + }, + "enabled": { + "description": "Enabled controls whether the rule is enabled.\n", + "type": "boolean" + }, + "rules": { + "description": "AssociatedRules defines the specific rules whose audits will generate alerts (relevant only if AllRules is false).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + "type": "object" + }, + "api.AlertSettings": { + "description": "AlertSettings are the global alert settings", + "properties": { + "aggregationPeriodMs": { + "description": "AggregationPeriodMs is the alert aggregation period in milliseconds.\n", + "type": "integer" + }, + "securityAdvisorWebhook": { + "description": "SecurityAdvisorWebhook is a webhook for IBM security advisor alert wizard, used to authenticate the wizard with the console and to pull data.\n", + "type": "string" + } + }, + "type": "object" + }, + "api.AlertType": { + "description": "AlertType represents an alert type", + "enum": [ + [ + "", + "defender", + "containerRuntime", + "appEmbeddedRuntime", + "containerAppFirewall", + "hostAppFirewall", + "appEmbeddedAppFirewall", + "serverlessAppFirewall", + "agentlessAppFirewall", + "networkFirewall", + "containerVulnerability", + "registryVulnerability", + "containerCompliance", + "hostVulnerability", + "hostCompliance", + "hostRuntime", + "incident", + "serverlessRuntime", + "kubernetesAudit", + "cloudDiscovery", + "admission", + "containerComplianceScan", + "hostComplianceScan", + "waasHealth", + "vmVulnerability", + "vmCompliance", + "containerSecurityEvents", + "hostSecurityEvents" + ] + ], + "type": "string" + }, + "api.AuthType": { + "description": "AuthType is the user authentication type", + "enum": [ + [ + "saml", + "ldap", + "basic", + "oauth", + "oidc" + ] + ], + "type": "string" + }, + "api.AuthenticationRequest": { + "description": "AuthenticationRequest is the required user input for authentication requests", + "properties": { + "password": { + "description": "Password is the password used for authentication.\n", + "type": "string" + }, + "token": { + "description": "Token is the Prisma JWT token used for authentication.\n", + "type": "string" + }, + "username": { + "description": "Username is the username used for authentication.\n", + "type": "string" + } + }, + "type": "object" + }, + "api.AuthenticationResponse": { + "description": "AuthenticationResponse returns the result of calling the authentication endpoint", + "properties": { + "token": { + "description": "Token is the new JWT token.\n", + "type": "string" + } + }, + "type": "object" + }, + "api.BuildahFeatureStatus": { + "description": "BuildahFeatureStatus holds the response for the buildah feature status", + "properties": { + "enabled": { + "description": "Enabled is the buildah feature enabled/disabled indicator.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "api.ConsoleAuthResponse": { + "description": "ConsoleAuthResponse represents the console certificates authentication response", + "properties": { + "role": { + "description": "UserRole is the authenticated user role.\n", + "type": "string" + }, + "token": { + "description": "Token is the console authentication response token.\n", + "type": "string" + } + }, + "type": "object" + }, + "api.CortexApp": { + "description": "CortexApp identifies a Cortex application (there are several)", + "enum": [ + [ + "xsoar", + "xdr" + ] + ], + "type": "string" + }, + "api.DefenderInstallScriptOptions": { + "description": "DefenderInstallScriptOptions holds the parameters for defender install script download", + "properties": { + "port": { + "description": "Port is the communication port between the defender and the console.\n", + "type": "integer" + }, + "proxy": { + "$ref": "#/components/schemas/common.DefenderProxyOpt" + } + }, + "type": "object" + }, + "api.InitStatus": { + "description": "InitStatus returns whether the console is initialized (i.e., if initial user/password is set)", + "properties": { + "initialized": { + "description": "Initialized indicates whether the console is initialized.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "api.JIRADynamicField": { + "description": "JIRADynamicField represents a value that can be given as a string or as a dynamic label\nSee more: https://developer.atlassian.com/cloud/jira/platform/rest/v2/api-group-issues/#api-rest-api-2-issue-post", + "properties": { + "id": { + "description": "ID is the field ID.\n", + "type": "string" + }, + "labels": { + "description": "Labels are the dynamic labels of which the value is based on.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "name": { + "description": "Name is the static string field.\n", + "type": "string" + } + }, + "type": "object" + }, + "api.JIRADynamicLabels": { + "description": "JIRADynamicLabels represents JIRA labels that can be given as strings or as a dynamic label", + "properties": { + "labels": { + "description": "Labels are the dynamic labels of which JIRA labels are based on.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "names": { + "description": "Names are the static strings field.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + "type": "object" + }, + "api.LicenseRequest": { + "description": "LicenseRequest is a request to setup a new license", + "properties": { + "key": { + "description": "Key is the license key.\n", + "type": "string" + } + }, + "type": "object" + }, + "api.PagerDutyAlertSeverity": { + "description": "PagerDutyAlertSeverity is the severity of an alert triggered in PagerDuty", + "enum": [ + [ + "critical", + "error", + "warning", + "info" + ] + ], + "type": "string" + }, + "api.Permission": { + "description": "Permission represents a user or group's permission to access a specific resource.\nCurrently supported resources are:\n- Project - Access to a specific project (if empty, the Master Project by default)\n- Collection - The set of collections in the project that may be accessed (all if empty)\nIf no permissions are assigned, all projects and collections may be accessed", + "properties": { + "collections": { + "description": "List of collections the user can access.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "project": { + "description": "Names of projects which the user can access.\n", + "type": "string" + } + }, + "type": "object" + }, + "api.Permissions": { + "description": "Permissions is a list of permissions", + "items": { + "$ref": "#/components/schemas/api.Permission" + }, + "type": "array" + }, + "api.ProjectSettings": { + "description": "ProjectSettings are settings for supporting federated console", + "properties": { + "master": { + "description": "Master indicates that project feature is enabled and that this console is the master console.\n", + "type": "boolean" + }, + "redirectURL": { + "description": "RedirectURL is the redirectURL for the given project.\n", + "type": "string" + } + }, + "type": "object" + }, + "api.ResolveFunctionsReq": { + "description": "ResolveFunctionsReq represents the parameters supported by the functions resolution API", + "properties": { + "functions": { + "description": "Functions is the list of functions to evaluate.\n", + "items": { + "$ref": "#/components/schemas/serverless.FunctionInfo" + }, + "type": "array" + } + }, + "type": "object" + }, + "api.ResolveFunctionsResp": { + "description": "ResolveFunctionsResp represents the functions resolution API output", + "properties": { + "functions": { + "description": "Functions is the list of functions that were resolved.\n", + "items": { + "$ref": "#/components/schemas/serverless.FunctionInfo" + }, + "type": "array" + } + }, + "type": "object" + }, + "api.ResolveImagesReq": { + "description": "ResolveImagesReq represents the parameters supported by the images resolution API", + "properties": { + "images": { + "description": "Images is the list of image to resolve.\n", + "items": { + "$ref": "#/components/schemas/shared.ImageScanResult" + }, + "type": "array" + } + }, + "type": "object" + }, + "api.ResolveImagesResp": { + "description": "ResolveImagesResp represents the images resolution API output", + "properties": { + "images": { + "description": "Images is the list of images that were resolved.\n", + "items": { + "$ref": "#/components/schemas/shared.ImageScanResult" + }, + "type": "array" + } + }, + "type": "object" + }, + "api.ServiceNowApp": { + "description": "ServiceNowApp identifies a ServiceNow application (there are several)\nfor more details, see:\nhttps://docs.servicenow.com/bundle/orlando-security-management/page/product/security-operations/concept/security-operations-intro.html", + "enum": [ + [ + "securityIncidentsResponse", + "vulnerabilityResponse" + ] + ], + "type": "string" + }, + "api.User": { + "description": "User represents a user in Twistlock", + "properties": { + "authType": { + "$ref": "#/components/schemas/api.AuthType" + }, + "lastModified": { + "description": "Datetime when the user was created or last modified.\n", + "format": "date-time", + "type": "string" + }, + "password": { + "description": "Password for authentication.\n", + "type": "string" + }, + "permissions": { + "$ref": "#/components/schemas/api.Permissions" + }, + "role": { + "description": "User role.\n", + "type": "string" + }, + "username": { + "description": "Username for authentication.\n", + "type": "string" + } + }, + "type": "object" + }, + "api.UserList": { + "description": "UserList represents a list of users", + "items": { + "$ref": "#/components/schemas/api.User" + }, + "type": "array" + }, + "appembedded.FargateTask": { + "additionalProperties": { + "$ref": "#/components/schemas/string" + }, + "description": "FargateTask represents the generic fargate task AWS template", + "type": "object" + }, + "applicationcontrol.Application": { + "description": "Application contains data about allowed installed versions for an application", + "properties": { + "allowedVersions": { + "$ref": "#/components/schemas/vulnerability.Conditions" + }, + "name": { + "description": "Name is the name of the application.\n", + "type": "string" + } + }, + "type": "object" + }, + "applicationcontrol.Rule": { + "description": "Rule represents an application control policy rule", + "properties": { + "_id": { + "description": "ID is the ID of the rule.\n", + "type": "integer" + }, + "applications": { + "description": "Applications are rules configuring the desired effect per application.\n", + "items": { + "$ref": "#/components/schemas/applicationcontrol.Application" + }, + "type": "array" + }, + "description": { + "description": "Description is the rule description.\n", + "type": "string" + }, + "disabled": { + "description": "Indicates whether the rule is currently disabled. Values: true (disabled) or false (enabled).\n", + "type": "boolean" + }, + "modified": { + "description": "Specifies the date and time when the rule was last modified.\n", + "format": "date-time", + "type": "string" + }, + "name": { + "description": "Name of the rule.\n", + "type": "string" + }, + "notes": { + "description": "Describes any noteworthy points for a rule. You can include any text.\n", + "type": "string" + }, + "owner": { + "description": "User who created or last modified the rule.\n", + "type": "string" + }, + "previousName": { + "description": "Previous name of the rule. Required for rule renaming.\n", + "type": "string" + }, + "severity": { + "description": "Severity is the rule's severity.\n", + "type": "string" + } + }, + "type": "object" + }, + "bool": { + "type": "boolean" + }, + "byte": { + "format": "byte", + "type": "string" + }, + "ccs.AccountMessage": { + "description": "AccountMessage is a cloud account message", + "properties": { + "accountID": { + "description": "AccountID is the account ID.\n", + "type": "string" + }, + "awsRegionType": { + "$ref": "#/components/schemas/shared.RegionType" + }, + "cloudType": { + "description": "CloudType is the account type.\n", + "type": "string" + }, + "deleted": { + "description": "Deleted is true if this account is marked deleted.\n", + "type": "boolean" + }, + "enrichedFeatures": { + "description": "Features is a list of enabled features and their mode.\n", + "items": { + "$ref": "#/components/schemas/ccs.Feature" + }, + "type": "array" + }, + "features": { + "description": "EnabledFeatures is a list of enabled feature names, kept for bc.\n", + "items": { + "$ref": "#/components/schemas/ccs.FeatureName" + }, + "type": "array" + }, + "lastModified": { + "description": "LastModified is the last time this account was modified.\n", + "format": "int64", + "type": "integer" + }, + "name": { + "description": "AccountName is the account name.\n", + "type": "string" + }, + "organizationName": { + "description": "OrganizationName is the organization the account belongs to (if any).\n", + "type": "string" + } + }, + "type": "object" + }, + "ccs.ConsoleMessage": { + "description": "ConsoleMessage is a generic console message which contains one type of message, e.g. account, alert rule, etc.", + "properties": { + "accountMessage": { + "$ref": "#/components/schemas/ccs.AccountMessage" + }, + "type": { + "$ref": "#/components/schemas/ccs.MsgType" + } + }, + "type": "object" + }, + "ccs.Feature": { + "properties": { + "mode": { + "$ref": "#/components/schemas/cloudaccount.FeatureMode" + }, + "name": { + "$ref": "#/components/schemas/ccs.FeatureName" + } + }, + "type": "object" + }, + "ccs.FeatureName": { + "description": "FeatureName is the account feature name", + "enum": [ + [ + "agentless", + "serverless", + "cloud-discovery", + "auto-protect" + ] + ], + "type": "string" + }, + "ccs.MsgType": { + "description": "MsgType is the message type, e.g. `account`, `alert-rule`, etc", + "enum": [ + [ + "account" + ] + ], + "type": "string" + }, + "cloudaccount.FeatureMode": { + "enum": [ + [ + "cloud-scan", + "target-scan", + "hub-scan", + "hub" + ] + ], + "type": "string" + }, + "clustereddb.AddMemberRequest": { + "description": "AddMemberRequest represents a request for adding a member to the clustered DB pool", + "properties": { + "address": { + "description": "Address is the member address to add.\n", + "type": "string" + } + }, + "type": "object" + }, + "clustereddb.ReplicaSetMemberStateStr": { + "description": "ReplicaSetMemberStateStr is a string representation of a member's state\nRef. https://docs.mongodb.com/v4.4/reference/replica-states/", + "enum": [ + [ + "STARTUP", + "PRIMARY", + "SECONDARY", + "RECOVERING", + "STARTUP2", + "UNKNOWN", + "ARBITER", + "DOWN", + "ROLLBACK", + "REMOVED" + ] + ], + "type": "string" + }, + "clustereddb.ReplicaSetMemberStatus": { + "description": "ReplicaSetMemberStatus represents replica set member's status\nRef. https://docs.mongodb.com/v4.4/reference/command/replSetGetStatus/#mongodb-data-replSetGetStatus.members", + "properties": { + "name": { + "description": "Name is the member's name (hostname address).\n", + "type": "string" + }, + "stateStr": { + "$ref": "#/components/schemas/clustereddb.ReplicaSetMemberStateStr" + } + }, + "type": "object" + }, + "clustereddb.Settings": { + "description": "Settings represents the clustered DB settings", + "properties": { + "loadBalancerAddress": { + "description": "LoadBalancerAddress is the address of the customer's load balancer in clustered DB mode. All clients (including Defenders) are reaching the Console through the load balancer.\n", + "type": "string" + }, + "seedConsoleAddress": { + "description": "SeedConsoleAddress allows editing the address of the seed Console (optional).\n", + "type": "string" + } + }, + "type": "object" + }, + "clustereddb.StatusResponse": { + "description": "StatusResponse represents the response to a clustered DB status request", + "properties": { + "date": { + "description": "Date indicates the current time according to the queried Mongo server.\n", + "format": "date-time", + "type": "string" + }, + "loadBalancerAddress": { + "description": "LoadBalancerAddress represents the address of the load balancer.\n", + "type": "string" + }, + "members": { + "description": "Members are the replica set members.\n", + "items": { + "$ref": "#/components/schemas/clustereddb.ReplicaSetMemberStatus" + }, + "type": "array" + } + }, + "type": "object" + }, + "cnnf.AllowAllConnections": { + "description": "AllowAllConnections indicates if connections are allowed to/from any entity of the specified types\ne.g. if inbound contains the type subnet, the entity is allowed to receive connections from any subnet", + "properties": { + "inbound": { + "description": "Inbound indicates if connections are allowed from any entity of the specified types.\n", + "items": { + "$ref": "#/components/schemas/cnnf.RuleEntityType" + }, + "type": "array" + }, + "outbound": { + "description": "Outbound indicates if connections are allowed to any entity of the specified types.\n", + "items": { + "$ref": "#/components/schemas/cnnf.RuleEntityType" + }, + "type": "array" + } + }, + "type": "object" + }, + "cnnf.ContainerAudit": { + "description": "ContainerAudit represents a network firewall audit event", + "properties": { + "block": { + "description": "Block indicates whether the connection was blocked.\n", + "type": "boolean" + }, + "count": { + "description": "Count is the event occurrences count.\n", + "type": "integer" + }, + "dstContainerName": { + "description": "DstContainerName is the destination container name.\n", + "type": "string" + }, + "dstDomain": { + "description": "DstDomain is the destination domain that was queried.\n", + "type": "string" + }, + "dstImageName": { + "description": "DstImage is the destination image name.\n", + "type": "string" + }, + "dstPort": { + "description": "DstPort is the connection destination port.\n", + "type": "integer" + }, + "dstProfileHash": { + "$ref": "#/components/schemas/common.ProfileHash" + }, + "dstProfileID": { + "description": "DstProfileID is the destination profile ID.\n", + "type": "string" + }, + "dstSubnet": { + "description": "DstSubnet is the destination subnet.\n", + "type": "string" + }, + "labels": { + "additionalProperties": { + "$ref": "#/components/schemas/string" + }, + "description": "Labels are the custom labels associated with the target container.\n", + "type": "object" + }, + "msg": { + "description": "Message is the event message.\n", + "type": "string" + }, + "ruleID": { + "$ref": "#/components/schemas/cnnf.RuleID" + }, + "srcContainerName": { + "description": "SrcContainerName is the source container name.\n", + "type": "string" + }, + "srcImageName": { + "description": "SrcImage is the source image name.\n", + "type": "string" + }, + "srcProfileHash": { + "$ref": "#/components/schemas/common.ProfileHash" + }, + "srcProfileID": { + "description": "SrcProfileID is the source profile ID.\n", + "type": "string" + }, + "time": { + "description": "Time is the UTC time of the audit event.\n", + "format": "date-time", + "type": "string" + }, + "type": { + "$ref": "#/components/schemas/cnnf.NetworkFirewallAttackType" + } + }, + "type": "object" + }, + "cnnf.EntityID": { + "description": "EntityID represents the ID of each network firewall entity.\n20 bits are used. Max legal value: 2^20-1", + "type": "integer" + }, + "cnnf.HostAudit": { + "description": "HostAudit represents a host network firewall audit event", + "properties": { + "accountID": { + "description": "AccountID is the host account ID.\n", + "type": "string" + }, + "block": { + "description": "Block indicates whether the connection was blocked.\n", + "type": "boolean" + }, + "cluster": { + "description": "Cluster is the cluster from which the audit originated.\n", + "type": "string" + }, + "count": { + "description": "Count is the event occurrences count.\n", + "type": "integer" + }, + "dstHostname": { + "description": "DstHostname is the destination hostname.\n", + "type": "string" + }, + "dstPort": { + "description": "DstPort is the connection destination port.\n", + "type": "integer" + }, + "dstSubnet": { + "description": "DstSubnet is the destination subnet.\n", + "type": "string" + }, + "msg": { + "description": "Message is the event message.\n", + "type": "string" + }, + "ruleID": { + "$ref": "#/components/schemas/cnnf.RuleID" + }, + "srcHash": { + "$ref": "#/components/schemas/common.ProfileHash" + }, + "srcHostname": { + "description": "SrcHostname is the source hostname.\n", + "type": "string" + }, + "srcSubnet": { + "description": "SrcSubnet is the source subnet.\n", + "type": "string" + }, + "time": { + "description": "Time is the UTC time of the audit event.\n", + "format": "date-time", + "type": "string" + }, + "type": { + "$ref": "#/components/schemas/cnnf.NetworkFirewallAttackType" + } + }, + "type": "object" + }, + "cnnf.NetworkEntities": { + "description": "NetworkEntities represents a list of network firewall entities", + "items": { + "$ref": "#/components/schemas/cnnf.NetworkEntity" + }, + "type": "array" + }, + "cnnf.NetworkEntity": { + "description": "NetworkEntity represents a network firewall entity", + "properties": { + "_id": { + "$ref": "#/components/schemas/cnnf.EntityID" + }, + "allowAll": { + "$ref": "#/components/schemas/cnnf.AllowAllConnections" + }, + "collections": { + "description": "Collections indicate the collection the entity is part of.\n", + "items": { + "$ref": "#/components/schemas/collection.Collection" + }, + "type": "array" + }, + "domains": { + "description": "Domains is a list of domains.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "name": { + "description": "Name is the entity name.\n", + "type": "string" + }, + "subnets": { + "description": "Subnets are the CIDR format network.\n", + "items": { + "$ref": "#/components/schemas/cnnf.Subnet" + }, + "type": "array" + }, + "type": { + "$ref": "#/components/schemas/cnnf.RuleEntityType" + } + }, + "type": "object" + }, + "cnnf.NetworkFirewallAttackType": { + "description": "NetworkFirewallAttackType is the network firewall type of attack", + "enum": [ + [ + "unexpectedConnection" + ] + ], + "type": "string" + }, + "cnnf.Policy": { + "description": "Policy holds the data for firewall policies (host and container)", + "properties": { + "_id": { + "description": ".\n", + "type": "string" + }, + "containerEnabled": { + "description": "ContainerEnabled indicates whether container network firewall feature is enabled.\n", + "type": "boolean" + }, + "containerRules": { + "description": "ContainerRules holds the container firewall rules.\n", + "items": { + "$ref": "#/components/schemas/cnnf.Rule" + }, + "type": "array" + }, + "hostEnabled": { + "description": "HostEnabled indicates whether host network firewall feature is enabled.\n", + "type": "boolean" + }, + "hostRules": { + "description": "HostRules holds the host firewall rules.\n", + "items": { + "$ref": "#/components/schemas/cnnf.Rule" + }, + "type": "array" + }, + "modified": { + "description": ".\n", + "format": "date-time", + "type": "string" + }, + "networkEntities": { + "$ref": "#/components/schemas/cnnf.NetworkEntities" + }, + "owner": { + "description": ".\n", + "type": "string" + } + }, + "type": "object" + }, + "cnnf.RadarConnectionInstance": { + "description": "RadarConnectionInstance is an instance of a connection between two radar endpoints", + "properties": { + "dst": { + "description": "Dst is the dst of the connection instance. Typically kept as an IP or a hostname.\n", + "type": "string" + }, + "policyRule": { + "$ref": "#/components/schemas/cnnf.RadarPolicyRule" + }, + "port": { + "$ref": "#/components/schemas/common.PortData" + }, + "src": { + "description": "Src is the src of the connection instance. Typically kept as an IP or a hostname.\n", + "type": "string" + }, + "time": { + "description": "Time is the time the connection instance was added.\n", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "cnnf.RadarConnectionInstances": { + "description": "RadarConnectionInstances holds the recent connections history between 2 entities (hosts, subnet entities, etc)", + "properties": { + "instances": { + "description": "Instances are connection samples.\n", + "items": { + "$ref": "#/components/schemas/cnnf.RadarConnectionInstance" + }, + "type": "array" + } + }, + "type": "object" + }, + "cnnf.RadarPolicyRule": { + "description": "RadarPolicyRule holds the data of a single policy rule", + "properties": { + "effect": { + "$ref": "#/components/schemas/common.Effect" + }, + "portRanges": { + "description": "PortRanges specify the ranges of ports.\n", + "items": { + "$ref": "#/components/schemas/common.PortRange" + }, + "type": "array" + } + }, + "type": "object" + }, + "cnnf.Rule": { + "description": "Rule contains the properties common to both host and container network firewall", + "properties": { + "disabled": { + "description": "Indicates whether the rule is currently disabled. Values: true (disabled) or false (enabled).\n", + "type": "boolean" + }, + "dst": { + "$ref": "#/components/schemas/cnnf.EntityID" + }, + "effect": { + "$ref": "#/components/schemas/common.Effect" + }, + "id": { + "$ref": "#/components/schemas/cnnf.RuleID" + }, + "modified": { + "description": "Specifies the date and time when the rule was last modified.\n", + "format": "date-time", + "type": "string" + }, + "name": { + "description": "Name of the rule.\n", + "type": "string" + }, + "notes": { + "description": "Describes any noteworthy points for a rule. You can include any text.\n", + "type": "string" + }, + "owner": { + "description": "User who created or last modified the rule.\n", + "type": "string" + }, + "ports": { + "description": "Ports are the entity port range specifications.\n", + "items": { + "$ref": "#/components/schemas/common.PortRange" + }, + "type": "array" + }, + "previousName": { + "description": "Previous name of the rule. Required for rule renaming.\n", + "type": "string" + }, + "src": { + "$ref": "#/components/schemas/cnnf.EntityID" + } + }, + "type": "object" + }, + "cnnf.RuleEntityType": { + "description": "RuleEntityType is the network firewall rule entity type", + "enum": [ + [ + "container", + "host", + "subnet", + "dns" + ] + ], + "type": "string" + }, + "cnnf.RuleID": { + "description": "RuleID represents the ID of each container network firewall policy rule", + "type": "integer" + }, + "cnnf.Subnet": { + "description": "Subnet is a network firewall subnet", + "properties": { + "cidr": { + "description": "CIDR is the IP range of the defined entity.\n", + "type": "string" + }, + "name": { + "description": "Name is the given name to represent the range.\n", + "type": "string" + } + }, + "type": "object" + }, + "coderepos.ManifestFile": { + "description": "ManifestFile holds the data of a specific manifest file (can also be of a dependency manifest file)", + "properties": { + "dependencies": { + "description": "Packages listed in the manifest file.\n", + "items": { + "$ref": "#/components/schemas/coderepos.PkgDependency" + }, + "type": "array" + }, + "distribution": { + "$ref": "#/components/schemas/vuln.Distribution" + }, + "path": { + "description": "Path to the file.\n", + "type": "string" + }, + "type": { + "$ref": "#/components/schemas/packages.Type" + } + }, + "type": "object" + }, + "coderepos.PkgDependency": { + "description": "PkgDependency represents a required package", + "properties": { + "devDependency": { + "description": "Indicates if this dependency is used only for the development of the package (true) or not (false).\n", + "type": "boolean" + }, + "lastResolved": { + "description": "Date/time of the last version resolution. If the value is zero, it means the version is explicit and does not require resolving.\n", + "format": "date-time", + "type": "string" + }, + "licenseSeverity": { + "description": "Maximum severity of the detected licenses according to the compliance policy.\n", + "type": "string" + }, + "licenses": { + "description": "Detected licenses of the dependant package.\n", + "items": { + "$ref": "#/components/schemas/license.SPDXLicense" + }, + "type": "array" + }, + "name": { + "description": "Package name that the dependency refers to.\n", + "type": "string" + }, + "rawRequirement": { + "description": "Line in which the package is declared.\n", + "type": "string" + }, + "unsupported": { + "description": "Indicates if this package is unsupported by the remote package manager DB (e.g., due to a bad name or private package) (true) or not (false).\n", + "type": "boolean" + }, + "version": { + "description": "Package version, either explicitly specified in a manifest or resolved by the scanner.\n", + "type": "string" + }, + "vulnerabilities": { + "description": "Vulnerabilities in the package.\n", + "items": { + "$ref": "#/components/schemas/vuln.Vulnerability" + }, + "type": "array" + } + }, + "type": "object" + }, + "coderepos.Repository": { + "description": "Repository is the metadata for a code repository", + "properties": { + "build": { + "description": "CI build.\n", + "type": "string" + }, + "defaultBranch": { + "description": "Default branch in the repository, usually master.\n", + "type": "string" + }, + "digest": { + "description": "Repository content digest. Used to indicate if the content of the repository has changed.\n", + "type": "string" + }, + "fullName": { + "description": "Full name that represents the repository (/).\n", + "type": "string" + }, + "jobName": { + "description": "CI job name.\n", + "type": "string" + }, + "name": { + "description": "Repository name.\n", + "type": "string" + }, + "owner": { + "description": "GitHub username or organization name of the repository's owner.\n", + "type": "string" + }, + "private": { + "description": "Indicates if the repository is private (true) or not (false).\n", + "type": "boolean" + }, + "size": { + "description": "Size of the repository (in KB).\n", + "type": "integer" + }, + "url": { + "description": "URL is the repository address.\n", + "type": "string" + } + }, + "type": "object" + }, + "coderepos.ScanResult": { + "description": "ScanResult holds a specific repository data", + "properties": { + "_id": { + "description": "Scan report ID in the database.\n", + "type": "string" + }, + "collections": { + "description": "List of matching code repo collections.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "complianceRiskScore": { + "description": "Code repository's compliance risk score. Used for sorting.\n", + "format": "float", + "type": "number" + }, + "files": { + "description": "Scan result for each manifest file in the repository.\n", + "items": { + "$ref": "#/components/schemas/coderepos.ManifestFile" + }, + "type": "array" + }, + "pass": { + "description": "Indicates whether the scan passed or failed.\n", + "type": "boolean" + }, + "repository": { + "$ref": "#/components/schemas/coderepos.Repository" + }, + "scanTime": { + "description": "Date/time when this repository was last scanned. The results might be from the DB and not updated if the repository contents have not changed.\n", + "format": "date-time", + "type": "string" + }, + "type": { + "$ref": "#/components/schemas/shared.CodeRepoProviderType" + }, + "updateTime": { + "description": "Date/time when this repository was last updated.\n", + "format": "date-time", + "type": "string" + }, + "vulnInfo": { + "$ref": "#/components/schemas/shared.ImageInfo" + }, + "vulnerabilityRiskScore": { + "description": "Code repository's CVE risk score. Used for sorting.\n", + "format": "float", + "type": "number" + }, + "vulnerableFiles": { + "description": "Counts how many files have vulnerabilities. Vulnerability info is calculated on demand.\n", + "type": "integer" + } + }, + "type": "object" + }, + "collection.Collection": { + "description": "Collection is a collection of resources", + "properties": { + "accountIDs": { + "description": "List of account IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "appIDs": { + "description": "List of application IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "clusters": { + "description": "List of Kubernetes cluster names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "color": { + "$ref": "#/components/schemas/common.Color" + }, + "containers": { + "description": "List of containers.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "description": { + "description": "Free-form text.\n", + "type": "string" + }, + "functions": { + "description": "List of functions.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "hosts": { + "description": "List of hosts.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "images": { + "description": "List of images.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "labels": { + "description": "List of labels.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "modified": { + "description": "Datetime when the collection was last modified.\n", + "format": "date-time", + "type": "string" + }, + "name": { + "description": "Collection name. Must be unique.\n", + "type": "string" + }, + "namespaces": { + "description": "List of Kubernetes namespaces.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "owner": { + "description": "User who created or last modified the collection.\n", + "type": "string" + }, + "prisma": { + "description": "Indicates whether this collection originates from Prisma Cloud.\n", + "type": "boolean" + }, + "system": { + "description": "Indicates whether this collection was created by the system (i.e., a non user) (true) or a real user (false).\n", + "type": "boolean" + } + }, + "type": "object" + }, + "collection.Usage": { + "description": "Usage represents details of a collection being used", + "properties": { + "name": { + "description": "Name of the consumer (e.g., container runtime, username, etc.).\n", + "type": "string" + }, + "type": { + "$ref": "#/components/schemas/collection.UsageType" + } + }, + "type": "object" + }, + "collection.UsageType": { + "description": "UsageType represents a collection usage type", + "enum": [ + [ + "policy", + "settings", + "user", + "group", + "registryScan" + ] + ], + "type": "string" + }, + "common.CloudMetadata": { + "description": "CloudMetadata is the metadata for a cloud provider managed asset (e.g., as part of AWS/GCP/Azure/OCI)", + "properties": { + "accountID": { + "description": "Cloud account ID.\n", + "type": "string" + }, + "awsExecutionEnv": { + "description": "AWS execution environment (e.g. EC2/Fargate).\n", + "type": "string" + }, + "image": { + "description": "The name of the image the cloud managed host or container is based on.\n", + "type": "string" + }, + "labels": { + "description": "Cloud provider metadata labels.\n", + "items": { + "$ref": "#/components/schemas/common.ExternalLabel" + }, + "type": "array" + }, + "name": { + "description": "Resource name.\n", + "type": "string" + }, + "provider": { + "$ref": "#/components/schemas/common.CloudProvider" + }, + "region": { + "description": "Resource's region.\n", + "type": "string" + }, + "resourceID": { + "description": "Unique ID of the resource.\n", + "type": "string" + }, + "resourceURL": { + "description": "Server-defined URL for the resource.\n", + "type": "string" + }, + "type": { + "description": "Instance type.\n", + "type": "string" + }, + "vmID": { + "description": "Azure unique vm ID.\n", + "type": "string" + }, + "vmImageID": { + "description": "VMImageID holds the VM instance's image ID.\n", + "type": "string" + } + }, + "type": "object" + }, + "common.CloudProvider": { + "description": "CloudProvider specifies the cloud provider name", + "enum": [ + [ + "aws", + "azure", + "gcp", + "alibaba", + "oci", + "others" + ] + ], + "type": "string" + }, + "common.ClusterType": { + "description": "ClusterType is the cluster type", + "enum": [ + [ + "AKS", + "ECS", + "EKS", + "GKE", + "Kubernetes" + ] + ], + "type": "string" + }, + "common.Color": { + "description": "Color is a hexadecimal representation of color code value", + "type": "string" + }, + "common.ContainerRuntime": { + "description": "ContainerRuntime represents the supported container runtime types", + "enum": [ + [ + "docker", + "containerd", + "crio" + ] + ], + "type": "string" + }, + "common.DaemonSetOptions": { + "description": "DaemonSetOptions are options for creating the daemonset install script for defenders", + "properties": { + "annotations": { + "additionalProperties": { + "$ref": "#/components/schemas/string" + }, + "description": "Annotations is mapping of key-value pairs of annotations metadata - optional.\n", + "type": "object" + }, + "bottlerocket": { + "description": "Bottlerocket indicates whether to be deployed on a Bottlerocket Linux OS.\n", + "type": "boolean" + }, + "cluster": { + "description": "Cluster is the kubernetes or ecs cluster name.\n", + "type": "string" + }, + "clusterNameResolvingMethod": { + "description": "ClusterNameResolvingMethod is the method used to resolve the cluster name, could be default, manual or api-server.\n", + "type": "string" + }, + "collectPodLabels": { + "description": "CollectPodLabels indicates whether to collect pod related labels resource labels.\n", + "type": "boolean" + }, + "consoleAddr": { + "description": "ConsoleAddr is the console address for defender communication.\n", + "type": "string" + }, + "containerRuntime": { + "$ref": "#/components/schemas/common.ContainerRuntime" + }, + "cpuLimit": { + "description": "CPULimit is the cpu limit for the defender deamonset - optional.\n", + "type": "integer" + }, + "credentialID": { + "description": "CredentialID is the name of the credential used.\n", + "type": "string" + }, + "dockerSocketPath": { + "description": "DockerSocketPath is the path of the docker socket file.\n", + "type": "string" + }, + "gkeAutopilot": { + "description": "GKEAutopilot indicates the deployment is requested for GKE Autopilot.\n", + "type": "boolean" + }, + "image": { + "description": "Image is the full daemonset image name.\n", + "type": "string" + }, + "istio": { + "description": "MonitorIstio indicates whether to monitor Istio.\n", + "type": "boolean" + }, + "memoryLimit": { + "description": "MemoryLimit is a memory limit for the defender deamonset - optional.\n", + "type": "integer" + }, + "namespace": { + "description": "Namespace is the target deamonset namespaces.\n", + "type": "string" + }, + "nodeSelector": { + "description": "NodeSelector is a key/value node selector.\n", + "type": "string" + }, + "orchestration": { + "description": "Orchestration is the orchestration type.\n", + "type": "string" + }, + "priorityClassName": { + "description": "PriorityClassName is the name of the priority class for the defender - optional.\n", + "type": "string" + }, + "privileged": { + "description": "Privileged indicates whether to run defenders as privileged.\n", + "type": "boolean" + }, + "projectID": { + "description": "ProjectID is the kubernetes cluster project ID.\n", + "type": "string" + }, + "proxy": { + "$ref": "#/components/schemas/common.DefenderProxyOpt" + }, + "region": { + "description": "Region is the kubernetes cluster location region.\n", + "type": "string" + }, + "roleARN": { + "description": "RoleARN is the role's ARN to associate with the created service account - optional.\n", + "type": "string" + }, + "secretsname": { + "description": "SecretsName is the name of the secret to pull.\n", + "type": "string" + }, + "selinux": { + "description": "SelinuxEnforced indicates whether selinux is enforced on the target host.\n", + "type": "boolean" + }, + "serviceaccounts": { + "description": "MonitorServiceAccounts indicates whether to monitor service accounts.\n", + "type": "boolean" + }, + "talos": { + "description": "Talos indicates if the daemonset is to be deployed on a Talos Linux k8s cluster.\n", + "type": "boolean" + }, + "tolerations": { + "description": "Tolerations is a list of tolerations for the defender deamonset - optional.\n", + "items": { + "$ref": "#/components/schemas/common.Toleration" + }, + "type": "array" + }, + "uniqueHostname": { + "description": "UniqueHostname indicates whether to assign unique hostnames.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "common.DefenderProxyOpt": { + "description": "DefenderProxyOpt holds options for defender proxy configuration\nIt embeds ProxySettings but override it's Password field with a simple string\nThis is needed in order to avoid Secret's MarshalJSON method, which depends on existence of master key file", + "properties": { + "ca": { + "description": "Proxy's CA for Defender to trust. Required when using TLS intercept proxies.\n", + "type": "string" + }, + "httpProxy": { + "description": "Proxy address.\n", + "type": "string" + }, + "noProxy": { + "description": "List of addresses for which the proxy should not be used.\n", + "type": "string" + }, + "password": { + "description": ".\n", + "type": "string" + }, + "user": { + "description": "Username to authenticate with the proxy.\n", + "type": "string" + } + }, + "type": "object" + }, + "common.Effect": { + "description": "Effect is the effect that is used in the CNNF rule", + "enum": [ + [ + "allow", + "alert", + "prevent", + "monitor", + "" + ] + ], + "type": "string" + }, + "common.ExternalLabel": { + "description": "ExternalLabel holds an external label with a source and timestamp", + "properties": { + "key": { + "description": "Label key.\n", + "type": "string" + }, + "sourceName": { + "description": "Source name (e.g., for a namespace, the source name can be 'twistlock').\n", + "type": "string" + }, + "sourceType": { + "$ref": "#/components/schemas/common.ExternalLabelSourceType" + }, + "timestamp": { + "description": "Time when the label was fetched.\n", + "format": "date-time", + "type": "string" + }, + "value": { + "description": "Value of the label.\n", + "type": "string" + } + }, + "type": "object" + }, + "common.ExternalLabelSourceType": { + "description": "ExternalLabelSourceType indicates the source of the labels", + "enum": [ + [ + "namespace", + "deployment", + "aws", + "azure", + "gcp", + "oci" + ] + ], + "type": "string" + }, + "common.HostForensicSettings": { + "description": "HostForensicSettings indicates how to perform host forensic", + "properties": { + "activitiesDisabled": { + "description": "ActivitiesDisabled indicates if the host activity collection is enabled/disabled.\n", + "type": "boolean" + }, + "dockerEnabled": { + "description": "DockerEnabled indicates whether docker commands are collected.\n", + "type": "boolean" + }, + "readonlyDockerEnabled": { + "description": "ReadonlyDockerEnabled indicates whether docker readonly commands are collected.\n", + "type": "boolean" + }, + "serviceActivitiesEnabled": { + "description": "ServiceActivitiesEnabled indicates whether activities from services are collected.\n", + "type": "boolean" + }, + "sshdEnabled": { + "description": "SshdEnabled indicates whether ssh commands are collected.\n", + "type": "boolean" + }, + "sudoEnabled": { + "description": "SudoEnabled indicates whether sudo commands are collected.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "common.ImageType": { + "description": "ImageType is the type of a VM image.\nFor example, in the case of Azure this is one of marketplace/managed/gallery.", + "type": "string" + }, + "common.NetworkDeviceIP": { + "description": "NetworkDeviceIP represents a network device name and address pair", + "properties": { + "ip": { + "description": "Network device IPv4 address.\n", + "type": "string" + }, + "name": { + "description": "Network device name.\n", + "type": "string" + } + }, + "type": "object" + }, + "common.OSDistroInfo": { + "description": "OSDistroInfo represents information regarding the OS distribution", + "properties": { + "distro": { + "description": "Distro is the OS distro name (e.g. ubuntu).\n", + "type": "string" + }, + "distroRelease": { + "description": "DistroRelease is the OS distro release (e.g. willy).\n", + "type": "string" + }, + "fullName": { + "description": "FullName is the full name of the distro (e.g. Ubuntu 19.10).\n", + "type": "string" + }, + "underlyingDistro": { + "description": "UnderlyingDistro is used in cases OS an OS is built on top of another, and we need to know both.\n", + "type": "string" + }, + "underlyingDistroRelease": { + "description": "UnderlyingDistroRelease is used in cases OS an OS is built on top of another, and we need to know both.\n", + "type": "string" + }, + "version": { + "description": "Version is the OS release numeric version (e.g. 19.10).\n", + "type": "string" + } + }, + "type": "object" + }, + "common.PolicyBlockMsg": { + "description": "PolicyBlockMsg represent the block message in a Policy", + "type": "string" + }, + "common.PolicyEffect": { + "description": "PolicyEffect state the effect of evaluating the given policy", + "enum": [ + [ + "allow", + "deny", + "block", + "alert" + ] + ], + "type": "string" + }, + "common.PolicyType": { + "description": "PolicyType represents the type of the policy", + "enum": [ + [ + "containerVulnerability", + "containerCompliance", + "ciImagesVulnerability", + "ciImagesCompliance", + "hostVulnerability", + "hostCompliance", + "vmVulnerability", + "vmCompliance", + "serverlessCompliance", + "ciServerlessCompliance", + "serverlessVulnerability", + "ciServerlessVulnerability", + "containerRuntime", + "appEmbeddedRuntime", + "containerAppFirewall", + "hostAppFirewall", + "outOfBandAppFirewall", + "agentlessAppFirewall", + "serverObserverAppFirewall", + "appEmbeddedAppFirewall", + "serverlessAppFirewall", + "networkFirewall", + "secrets", + "hostRuntime", + "serverlessRuntime", + "kubernetesAudit", + "trust", + "admission", + "codeRepoCompliance", + "ciCodeRepoCompliance", + "ciCodeRepoVulnerability", + "codeRepoVulnerability" + ] + ], + "type": "string" + }, + "common.PortData": { + "description": "PortData is a port of connections with his metadata", + "properties": { + "effect": { + "$ref": "#/components/schemas/common.Effect" + }, + "port": { + "description": "Port is the port number.\n", + "type": "integer" + }, + "protocol": { + "description": "Protocol is the protocol used in the port.\n", + "type": "string" + } + }, + "type": "object" + }, + "common.PortRange": { + "description": "PortRange represents a port range", + "properties": { + "deny": { + "description": "Deny indicates whether the connection is denied.\n", + "type": "boolean" + }, + "end": { + "description": ".\n", + "type": "integer" + }, + "start": { + "description": ".\n", + "type": "integer" + } + }, + "type": "object" + }, + "common.ProfileHash": { + "description": "ProfileHash represents the profile hash\nIt is allowed to contain up to uint32 numbers, and represented by int64 since mongodb does not support unsigned data types", + "format": "int64", + "type": "integer" + }, + "common.ProfilePort": { + "description": "ProfilePort represents a networking profile port", + "properties": { + "port": { + "description": "Port is the port number.\n", + "type": "integer" + }, + "time": { + "description": "Time is the learning timestamp of this port.\n", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "common.ProfilePortData": { + "description": "ProfilePortData represents a runtime profile ports data", + "properties": { + "all": { + "description": "All indicates that this port data represents any arbitrary ports.\n", + "type": "boolean" + }, + "ports": { + "description": "Ports is the list of profile runtime ports.\n", + "items": { + "$ref": "#/components/schemas/common.ProfilePort" + }, + "type": "array" + } + }, + "type": "object" + }, + "common.ProxySettings": { + "description": "ProxySettings are the http proxy settings", + "properties": { + "ca": { + "description": "Proxy's CA for Defender to trust. Required when using TLS intercept proxies.\n", + "type": "string" + }, + "httpProxy": { + "description": "Proxy address.\n", + "type": "string" + }, + "noProxy": { + "description": "List of addresses for which the proxy should not be used.\n", + "type": "string" + }, + "password": { + "$ref": "#/components/schemas/common.Secret" + }, + "user": { + "description": "Username to authenticate with the proxy.\n", + "type": "string" + } + }, + "type": "object" + }, + "common.RuntimeResource": { + "description": "RuntimeResource represents on which resource in the system a rule applies (e.g., specific host or image)\nEmpty resource or wildcard (*) represents all resources of a given type", + "properties": { + "accountIDs": { + "description": "List of account IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "appIDs": { + "description": "List of application IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "clusters": { + "description": "List of Kubernetes cluster names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "containers": { + "description": "List of containers.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "functions": { + "description": "List of functions.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "hosts": { + "description": "List of hosts.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "images": { + "description": "List of images.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "labels": { + "description": "List of labels.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "namespaces": { + "description": "List of Kubernetes namespaces.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + "type": "object" + }, + "common.Secret": { + "description": "Secret Stores the plain and encrypted version of a value. The plain version is not stored in a database", + "properties": { + "encrypted": { + "description": "Specifies an encrypted value of the secret.\n", + "type": "string" + }, + "plain": { + "description": "Specifies the plain text value of the secret.\n", + "type": "string" + } + }, + "type": "object" + }, + "common.Toleration": { + "description": "Toleration holds options for pod toleration\nref: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/\ncode ref: k8s.io/api/core/v1/types.go", + "properties": { + "effect": { + "description": "Effect indicates the taint effect to match. Empty means match all taint effects.\nWhen specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.\n+optional.\n", + "type": "string" + }, + "key": { + "description": "Key is the taint key that the toleration applies to. Empty means match all taint keys.\nIf the key is empty, operator must be Exists; this combination means to match all values and all keys.\n+optional.\n", + "type": "string" + }, + "operator": { + "description": "Operator represents a key's relationship to the value.\nValid operators are Exists and Equal. Defaults to Equal.\nExists is equivalent to wildcard for value, so that a pod can\ntolerate all taints of a particular category.\n+optional.\n", + "type": "string" + }, + "tolerationSeconds": { + "description": "TolerationSeconds represents the period of time the toleration (which must be\nof effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,\nit is not set, which means tolerate the taint forever (do not evict). Zero and\nnegative values will be treated as 0 (evict immediately) by the system.\n+optional.\n", + "format": "int64", + "type": "integer" + }, + "value": { + "description": "Value is the taint value the toleration matches to.\nIf the operator is Exists, the value should be empty, otherwise just a regular string.\n+optional.\n", + "type": "string" + } + }, + "type": "object" + }, + "cred.AzureMIType": { + "enum": [ + [ + "user-assigned", + "system-assigned" + ] + ], + "type": "string" + }, + "cred.AzureSPInfo": { + "description": "AzureSPInfo contains the Azure credentials needed for certificate based authentications", + "properties": { + "clientId": { + "description": "ClientID is the client identifier.\n", + "type": "string" + }, + "miType": { + "$ref": "#/components/schemas/cred.AzureMIType" + }, + "subscriptionId": { + "description": "SubscriptionID is a GUID that uniquely identifies the subscription to use Azure services.\n", + "type": "string" + }, + "tenantId": { + "description": "TenantID is the ID of the AAD directory in which the application was created.\n", + "type": "string" + } + }, + "type": "object" + }, + "cred.Credential": { + "description": "Credential specifies the authentication data of an external provider", + "properties": { + "_id": { + "description": "Specifies the unique ID for credential.\n", + "type": "string" + }, + "accountGUID": { + "description": "Specifies the unique ID for an IBM Cloud account.\n", + "type": "string" + }, + "accountID": { + "description": "Specifies the account identifier. Example: a username, access key, account GUID, and so on.\n", + "type": "string" + }, + "accountName": { + "description": "Specifies the name of the cloud account.\n", + "type": "string" + }, + "apiToken": { + "$ref": "#/components/schemas/common.Secret" + }, + "azureSPInfo": { + "$ref": "#/components/schemas/cred.AzureSPInfo" + }, + "caCert": { + "description": "Specifies the CA certificate for a certificate-based authentication.\n", + "type": "string" + }, + "cloudProviderAccountID": { + "description": "Specifies the cloud provider account ID.\n", + "type": "string" + }, + "created": { + "description": "Specifies the time when the credential was created (or, when the account ID was changed for AWS).\n", + "format": "date-time", + "type": "string" + }, + "description": { + "description": "Specifies the description for a credential.\n", + "type": "string" + }, + "external": { + "description": "Indicates whether the credential was onboarded from the Prisma platform.\n", + "type": "boolean" + }, + "global": { + "description": "Indicates whether the credential scope is global.\nAvailable values are:\ntrue: Global\nfalse: Not Global\nNote: For GCP, the credential scope is the organization.\n", + "type": "boolean" + }, + "lastModified": { + "description": "Specifies the time when the credential was last modified.\n", + "format": "date-time", + "type": "string" + }, + "ociCred": { + "$ref": "#/components/schemas/cred.OCICred" + }, + "owner": { + "description": "Specifies the user who created or modified the credential.\n", + "type": "string" + }, + "prismaLastModified": { + "description": "Specifies the time when the account was last modified by Prisma Cloud Compute.\n", + "format": "int64", + "type": "integer" + }, + "roleArn": { + "description": "Specifies the Amazon Resource Name (ARN) of the role to be assumed.\n", + "type": "string" + }, + "secret": { + "$ref": "#/components/schemas/common.Secret" + }, + "skipVerify": { + "description": "Indicates whether to skip the certificate verification in TLS communication.\n", + "type": "boolean" + }, + "stsEndpoints": { + "description": "Specifies a list of specific endpoints for use in STS sessions in various regions.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "tokens": { + "$ref": "#/components/schemas/cred.TemporaryToken" + }, + "type": { + "$ref": "#/components/schemas/cred.Type" + }, + "url": { + "description": "Specifies the base server URL.\n", + "type": "string" + }, + "useAWSRole": { + "description": "Indicates whether to authenticate using the IAM Role attached to the instance.\nAvailable values are:\ntrue: Authenticate with the attached credentials\nfalse: Don\u2019t authenticate with the attached credentials.\n", + "type": "boolean" + }, + "useSTSRegionalEndpoint": { + "description": "Indicates whether to use the regional STS endpoint for an STS session.\nAvailable values are:\ntrue: Use the regional STS\nfalse: Don\u2019t use the regional STS.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "cred.OCICred": { + "description": "OCICred are additional parameters required for OCI credentials", + "properties": { + "fingerprint": { + "description": "Fingerprint is the public key signature.\n", + "type": "string" + }, + "tenancyId": { + "description": "TenancyID is the OCID of the tenancy.\n", + "type": "string" + } + }, + "type": "object" + }, + "cred.TemporaryToken": { + "description": "TemporaryToken is a temporary session token for cloud provider APIs\nAWS - https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp.html\nGCP - https://cloud.google.com/iam/docs/creating-short-lived-service-account-credentials\nAzure - https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/what-is-single-sign-on", + "properties": { + "awsAccessKeyId": { + "description": "Specifies a temporary access key.\n", + "type": "string" + }, + "awsSecretAccessKey": { + "$ref": "#/components/schemas/common.Secret" + }, + "duration": { + "description": "Specifies a duration for the token.\n", + "format": "int64", + "type": "integer" + }, + "expirationTime": { + "description": "Specifies an expiration time for the token.\n", + "format": "date-time", + "type": "string" + }, + "token": { + "$ref": "#/components/schemas/common.Secret" + } + }, + "type": "object" + }, + "cred.Type": { + "description": "Type specifies the credential type", + "enum": [ + [ + "aws", + "azure", + "gcp", + "ibmCloud", + "oci", + "apiToken", + "basic", + "dtr", + "kubeconfig", + "certificate", + "gitlabToken" + ] + ], + "type": "string" + }, + "cred.UsageType": { + "description": "UsageType represents the credential usage type", + "enum": [ + [ + "Alert settings", + "Alert profile", + "Registry Scan", + "Serverless Scan", + "Cloud Scan", + "Secret Store", + "Serverless Auto-Deploy", + "Host Auto-deploy", + "VM Scan", + "Agentless Scan Hub", + "Custom Intelligence Endpoint", + "VMware Tanzu blobstore Scan", + "Kubernetes Audit settings", + "Agentless app firewall" + ] + ], + "type": "string" + }, + "customrules.Action": { + "description": "Action is the action to perform if the custom rule applies", + "enum": [ + [ + "audit", + "incident" + ] + ], + "type": "string" + }, + "customrules.Effect": { + "description": "Effect is the effect that will be used for custom rule", + "enum": [ + [ + "block", + "prevent", + "alert", + "allow", + "ban", + "disable" + ] + ], + "type": "string" + }, + "customrules.Ref": { + "description": "Ref represents a custom rule that is referenced by a policy rule", + "properties": { + "_id": { + "description": "Custom rule ID.\n", + "type": "integer" + }, + "action": { + "$ref": "#/components/schemas/customrules.Action" + }, + "effect": { + "$ref": "#/components/schemas/customrules.Effect" + } + }, + "type": "object" + }, + "customrules.Rule": { + "description": "Rule represents a custom rule", + "properties": { + "_id": { + "description": "Rule ID. Must be unique.\n", + "type": "integer" + }, + "attackTechniques": { + "description": "List of attack techniques.\n", + "items": { + "$ref": "#/components/schemas/mitre.Technique" + }, + "type": "array" + }, + "description": { + "description": "Description of the rule.\n", + "type": "string" + }, + "message": { + "description": "Macro that is printed as part of the audit/incident message.\n", + "type": "string" + }, + "minVersion": { + "description": "Minimum version required to support the rule.\n", + "type": "string" + }, + "modified": { + "description": "Datetime when the rule was created or last modified.\n", + "format": "int64", + "type": "integer" + }, + "name": { + "description": "Name of the rule.\n", + "type": "string" + }, + "owner": { + "description": "User who created or modified the rule.\n", + "type": "string" + }, + "script": { + "description": "Custom script.\n", + "type": "string" + }, + "type": { + "$ref": "#/components/schemas/customrules.Type" + }, + "vulnIDs": { + "$ref": "#/components/schemas/customrules.VulnIDs" + } + }, + "type": "object" + }, + "customrules.Type": { + "description": "Type is the type of the custom rule", + "enum": [ + [ + "processes", + "filesystem", + "network-outgoing", + "kubernetes-audit", + "waas-request", + "waas-response" + ] + ], + "type": "string" + }, + "customrules.VulnIDs": { + "description": "VulnIDs is the list of vulnerability IDs", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "defender.Category": { + "description": "Category represents the defender target category", + "enum": [ + [ + "container", + "host", + "serverless", + "appEmbedded", + "hostAgentless", + "containerAgentless", + "cloudSecurityAgent" + ] + ], + "type": "string" + }, + "defender.Defender": { + "description": "Defender is an update about an agent starting", + "properties": { + "category": { + "$ref": "#/components/schemas/defender.Category" + }, + "certificateExpiration": { + "description": "Client certificate expiration time.\n", + "format": "date-time", + "type": "string" + }, + "cloudMetadata": { + "$ref": "#/components/schemas/common.CloudMetadata" + }, + "cluster": { + "description": "Cluster name (fallback is internal IP).\n", + "type": "string" + }, + "clusterID": { + "description": "Unique ID generated for each DaemonSet. Used to group Defenders by clusters. Note: Kubernetes does not provide a cluster name as part of its API.\n", + "type": "string" + }, + "clusterType": { + "$ref": "#/components/schemas/common.ClusterType" + }, + "collections": { + "description": "Collections to which this Defender belongs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "compatibleVersion": { + "description": "Indicates if Defender has a compatible version for communication (e.g., request logs) (true) or not (false).\n", + "type": "boolean" + }, + "connected": { + "description": "Indicates whether Defender is connected (true) or not (false).\n", + "type": "boolean" + }, + "features": { + "$ref": "#/components/schemas/defender.Features" + }, + "firewallProtection": { + "$ref": "#/components/schemas/waas.ProtectionStatus" + }, + "fqdn": { + "description": "Full domain name of the host. Used in audit alerts to identify specific hosts.\n", + "type": "string" + }, + "hostname": { + "description": "Name of host where Defender is deployed.\n", + "type": "string" + }, + "isARM64": { + "description": "IsARM64 indicates whether the defender runs on aarch64 architecture.\n", + "type": "boolean" + }, + "lastModified": { + "description": "Datetime when the Defender's connectivity status last changed.\n", + "format": "date-time", + "type": "string" + }, + "port": { + "description": "Port that Defender uses to connect to Console.\n", + "type": "integer" + }, + "proxy": { + "$ref": "#/components/schemas/common.ProxySettings" + }, + "remoteLoggingSupported": { + "description": "Indicates if Defender logs can be retrieved remotely (true) or not (false).\n", + "type": "boolean" + }, + "remoteMgmtSupported": { + "description": "Indicates if Defender can be remotely managed (upgraded, restarted) (true) or not (false).\n", + "type": "boolean" + }, + "status": { + "$ref": "#/components/schemas/defender.Status" + }, + "systemInfo": { + "$ref": "#/components/schemas/defender.SystemInfo" + }, + "tasBlobstoreScanner": { + "description": "Indicates TAS blobstore scanning only Defender.\n", + "type": "boolean" + }, + "tasClusterID": { + "description": "TAS cluster ID where Defender runs. This is typically set to the Cloud controller's API address.\n", + "type": "string" + }, + "tasFoundation": { + "description": "TASFoundation is the foundation the Defender is running on.\n", + "type": "string" + }, + "type": { + "$ref": "#/components/schemas/defender.Type" + }, + "usingOldCA": { + "description": "UsingOldCA indicates whether the defender client is using an old certificate signed by an old CA for TLS handshake.\n", + "type": "boolean" + }, + "version": { + "description": "Defender version.\n", + "type": "string" + }, + "vpcObserver": { + "description": "VPCObserver indicates whether the defender runs in a VPC observer.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "defender.FeatureStatus": { + "description": "FeatureStatus holds data about defender features", + "properties": { + "enabled": { + "description": "Indicates if the feature is enabled (true) or not (false).\n", + "type": "boolean" + }, + "err": { + "description": "Error string, if an error occurred.\n", + "type": "string" + }, + "hostname": { + "description": "Name of host where Defender runs.\n", + "type": "string" + } + }, + "type": "object" + }, + "defender.Features": { + "description": "Features is the defender features that can be updated", + "properties": { + "clusterMonitoring": { + "description": "Indicates whether any of the cluster monitoring features are enabled (monitor service accounts, monitor Istio, collect Kubernetes pod labels).\n", + "type": "boolean" + }, + "proxyListenerType": { + "$ref": "#/components/schemas/defender.ProxyListenerType" + } + }, + "type": "object" + }, + "defender.ProxyListenerType": { + "description": "ProxyListenerType is the proxy listener type of defenders", + "type": "string" + }, + "defender.ScanStatus": { + "description": "ScanStatus represents the status of current scan", + "properties": { + "completed": { + "description": "Indicates if scanning has successfully completed (true) or not (false).\n", + "type": "boolean" + }, + "errors": { + "description": "List of errors that occurred during the last scan.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "hostname": { + "description": "Name of the host where Defender runs.\n", + "type": "string" + }, + "scanTime": { + "description": "Datetime of the last completed scan.\n", + "format": "date-time", + "type": "string" + }, + "scanning": { + "description": "Indicates whether scanning is in progress (true) or not (false).\n", + "type": "boolean" + }, + "selective": { + "description": "Indicates if the scan is for a specific resource (true) or not (false).\n", + "type": "boolean" + } + }, + "type": "object" + }, + "defender.Settings": { + "description": "Settings is the Defender settings", + "properties": { + "admissionControlEnabled": { + "description": "Indicates if the admission controller is enabled (true) or not (false).\n", + "type": "boolean" + }, + "admissionControlWebhookSuffix": { + "description": "Relative path to the admission control webhook HTTP endpoint.\n", + "type": "string" + }, + "appEmbeddedFileSystemTracingEnabled": { + "description": "AppEmbeddedFileSystemTracingEnabled is the default deployment state for app embedded Defenders file system tracing.\n", + "type": "boolean" + }, + "automaticUpgrade": { + "description": "Deprecated: indicates if defenders should be automatically upgraded to the latest version.\n", + "type": "boolean" + }, + "disconnectPeriodDays": { + "description": "Number of consecutive days a Defender must remain disconnected for it to be considered decommissioned.\n", + "type": "integer" + }, + "hostCustomComplianceEnabled": { + "description": "Indicates if Defenders support host custom compliance checks (true) or not (false).\n", + "type": "boolean" + }, + "listeningPort": { + "description": "Port on which Defenders listen.\n", + "type": "integer" + } + }, + "type": "object" + }, + "defender.Status": { + "description": "Status is the generic status state per defender or global", + "properties": { + "appFirewall": { + "$ref": "#/components/schemas/defender.FeatureStatus" + }, + "container": { + "$ref": "#/components/schemas/defender.ScanStatus" + }, + "containerNetworkFirewall": { + "$ref": "#/components/schemas/defender.FeatureStatus" + }, + "features": { + "$ref": "#/components/schemas/defender.FeatureStatus" + }, + "filesystem": { + "$ref": "#/components/schemas/defender.FeatureStatus" + }, + "hostCustomCompliance": { + "$ref": "#/components/schemas/defender.FeatureStatus" + }, + "hostNetworkFirewall": { + "$ref": "#/components/schemas/defender.FeatureStatus" + }, + "image": { + "$ref": "#/components/schemas/defender.ScanStatus" + }, + "lastModified": { + "description": "Datetime the status was last modified.\n", + "format": "date-time", + "type": "string" + }, + "network": { + "$ref": "#/components/schemas/defender.FeatureStatus" + }, + "outOfBandAppFirewall": { + "$ref": "#/components/schemas/defender.FeatureStatus" + }, + "process": { + "$ref": "#/components/schemas/defender.FeatureStatus" + }, + "runc": { + "$ref": "#/components/schemas/defender.FeatureStatus" + }, + "runtime": { + "$ref": "#/components/schemas/defender.FeatureStatus" + }, + "tasDroplets": { + "$ref": "#/components/schemas/defender.ScanStatus" + }, + "upgrade": { + "$ref": "#/components/schemas/defender.UpgradeStatus" + } + }, + "type": "object" + }, + "defender.SystemInfo": { + "description": "SystemInfo is the OS information of the host", + "properties": { + "cpuCount": { + "description": "CPU count on the host where Defender runs.\n", + "type": "integer" + }, + "freeDiskSpaceGB": { + "description": "Free disk space (in GB) on the host where Defender runs.\n", + "type": "integer" + }, + "kernelVersion": { + "description": "Kernel version on the host where Defender runs.\n", + "type": "string" + }, + "memoryGB": { + "description": "Total memory (in GB) on the host where Defender runs.\n", + "format": "double", + "type": "number" + }, + "totalDiskSpaceGB": { + "description": "Total disk space (in GB) on the host where Defender runs.\n", + "type": "integer" + } + }, + "type": "object" + }, + "defender.Type": { + "description": "Type is the type to be given at startup", + "enum": [ + [ + "none", + "docker", + "dockerWindows", + "containerdWindows", + "swarm", + "daemonset", + "serverLinux", + "serverWindows", + "cri", + "fargate", + "appEmbedded", + "tas", + "tasWindows", + "serverless", + "ecs", + "podman" + ] + ], + "type": "string" + }, + "defender.UpgradeStatus": { + "description": "UpgradeStatus represents the status of current twistlock defender upgrade", + "properties": { + "err": { + "description": "Error string, if an error occurred.\n", + "type": "string" + }, + "hostname": { + "description": "Name of the host where Defender runs.\n", + "type": "string" + }, + "lastModified": { + "description": "Datetime of the last upgrade.\n", + "format": "date-time", + "type": "string" + }, + "progress": { + "description": "Upgrade progress.\n", + "type": "integer" + } + }, + "type": "object" + }, + "deployment.CommandError": { + "description": "CommandError is the command error on specific instance", + "properties": { + "error": { + "description": "Error is the error in case the command failed.\n", + "type": "string" + }, + "hostname": { + "description": "Hostname is the instance hostname.\n", + "type": "string" + }, + "instanceID": { + "description": "InstanceID is the instance id.\n", + "type": "string" + }, + "instanceName": { + "description": "InstanceName is the instance name.\n", + "type": "string" + }, + "projectID": { + "description": "ProjectID is instance GCP project id.\n", + "type": "string" + }, + "region": { + "description": "Region is the instance region for AWS or zone for GCP.\n", + "type": "string" + }, + "state": { + "description": "State is the error state in which the deployment failed (e.g. timed out/failed due to some other reason).\n", + "type": "string" + }, + "vmImage": { + "description": "VMImage is the instance image.\n", + "type": "string" + } + }, + "type": "object" + }, + "deployment.DaemonSet": { + "description": "DaemonSet holds information about deployed defender DaemonSet\nTODO #12377 - Implement Resource interface for collections filtering, after retrieving correct value to Cluster field", + "properties": { + "address": { + "description": "Address is the kubernetes cluster address.\n", + "type": "string" + }, + "cluster": { + "description": "Cluster is the kubernetes cluster name.\n", + "type": "string" + }, + "credentialID": { + "description": "CredentialID is the name of the credential used.\n", + "type": "string" + }, + "defendersVersion": { + "description": "DefendersVersion is the version of the defenders deployed.\n", + "type": "string" + }, + "desiredDefenders": { + "description": "DesiredDefenders is the number of desired defenders.\n", + "type": "integer" + }, + "error": { + "description": "Error indicates any related errors found.\n", + "type": "string" + }, + "hasDefender": { + "description": "HasDefender indicates if the cluster has at least one running defender.\n", + "type": "boolean" + }, + "projectID": { + "description": "ProjectID is the kubernetes cluster project ID.\n", + "type": "string" + }, + "region": { + "description": "Region is the kubernetes cluster location region.\n", + "type": "string" + }, + "runningDefenders": { + "description": "RunningDefenders is the number of defenders running.\n", + "type": "integer" + }, + "upgradable": { + "description": "Upgradable indicates if the cluster is upgradable.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "float32": { + "format": "float", + "type": "number" + }, + "float64": { + "format": "double", + "type": "number" + }, + "forensic.ContainerEvent": { + "description": "ContainerEvent holds forensic event information (in flat structure)", + "properties": { + "allPorts": { + "description": "AllPorts indicates all listening ports are allowed.\n", + "type": "boolean" + }, + "attack": { + "$ref": "#/components/schemas/shared.RuntimeAttackType" + }, + "category": { + "$ref": "#/components/schemas/shared.IncidentCategory" + }, + "command": { + "description": "Command is the event command.\n", + "type": "string" + }, + "containerId": { + "description": "ContainerID is the event container id.\n", + "type": "string" + }, + "domainName": { + "description": "DomainName is the event queried domain name.\n", + "type": "string" + }, + "domainType": { + "description": "DomainType is the event queried domain type.\n", + "type": "string" + }, + "dstIP": { + "description": "DstIP is the destination IP of the connection.\n", + "type": "string" + }, + "dstPort": { + "description": "DstPort is the destination port.\n", + "type": "integer" + }, + "dstProfileID": { + "description": "DstProfileID is the profile ID of the connection destination.\n", + "type": "string" + }, + "effect": { + "description": "Effect is the runtime audit effect.\n", + "type": "string" + }, + "listeningStartTime": { + "description": "listeningStartTime is the port listening start time.\n", + "format": "date-time", + "type": "string" + }, + "message": { + "description": "Message is the runtime audit message.\n", + "type": "string" + }, + "networkCollectionType": { + "$ref": "#/components/schemas/forensic.NetworkCollection" + }, + "outbound": { + "description": "Outbound indicates if the port is outbound.\n", + "type": "boolean" + }, + "path": { + "description": "Path is the event path.\n", + "type": "string" + }, + "pid": { + "description": "Pid is the event process id.\n", + "type": "integer" + }, + "port": { + "description": "Port is the listening port.\n", + "type": "integer" + }, + "ppid": { + "description": "PPid is the event parent process id.\n", + "type": "integer" + }, + "process": { + "description": "Process is the event process.\n", + "type": "string" + }, + "srcIP": { + "description": "SrcIP is the source IP of the connection.\n", + "type": "string" + }, + "srcProfileID": { + "description": "SrcProfileID is the profile ID of the connection source.\n", + "type": "string" + }, + "static": { + "description": "Static indicates the event was added to the profile without behavioral indication.\n", + "type": "boolean" + }, + "timestamp": { + "description": "Timestamp is the event timestamp.\n", + "format": "date-time", + "type": "string" + }, + "type": { + "$ref": "#/components/schemas/forensic.ContainerEventType" + }, + "user": { + "description": "User is the event user.\n", + "type": "string" + } + }, + "type": "object" + }, + "forensic.ContainerEventType": { + "description": "ContainerEventType represents the kind of event", + "enum": [ + [ + "Process spawned", + "Binary created", + "Container started", + "Listening port", + "Connection established", + "Runtime audit", + "Runtime profile process", + "Runtime profile filesystem", + "Runtime profile networking", + "Incident", + "DNS query" + ] + ], + "type": "string" + }, + "forensic.HostEvent": { + "description": "HostEvent holds host forensic event information", + "properties": { + "app": { + "description": "App is the application associated with the event.\n", + "type": "string" + }, + "attack": { + "$ref": "#/components/schemas/shared.RuntimeAttackType" + }, + "category": { + "$ref": "#/components/schemas/shared.IncidentCategory" + }, + "command": { + "description": "Command is the event command.\n", + "type": "string" + }, + "country": { + "description": "Country is the country associated with the event.\n", + "type": "string" + }, + "domainName": { + "description": "DomainName is the event queried domain name.\n", + "type": "string" + }, + "domainType": { + "description": "DomainType is the event queried domain type.\n", + "type": "string" + }, + "effect": { + "description": "Effect is the runtime audit effect.\n", + "type": "string" + }, + "interactive": { + "description": "Interactive indicates if the event is interactive.\n", + "type": "boolean" + }, + "ip": { + "description": "IP is the IP address associated with the event.\n", + "type": "string" + }, + "listeningStartTime": { + "description": "ListeningStartTime is the listening port start time.\n", + "format": "date-time", + "type": "string" + }, + "message": { + "description": "Message is the runtime audit message.\n", + "type": "string" + }, + "path": { + "description": "Path is the event path.\n", + "type": "string" + }, + "pid": { + "description": "Pid is the event process id.\n", + "type": "integer" + }, + "port": { + "description": "Port is the listening port.\n", + "type": "integer" + }, + "ppath": { + "description": "Path is the event parent path.\n", + "type": "string" + }, + "ppid": { + "description": "PPid is the event parent process id.\n", + "type": "integer" + }, + "process": { + "description": "Process is the event process.\n", + "type": "string" + }, + "timestamp": { + "description": "Timestamp is the event timestamp.\n", + "format": "date-time", + "type": "string" + }, + "type": { + "$ref": "#/components/schemas/forensic.HostEventType" + }, + "user": { + "description": "User is the event user.\n", + "type": "string" + } + }, + "type": "object" + }, + "forensic.HostEventType": { + "description": "HostEventType represents the kind of host event", + "enum": [ + [ + "Process spawned", + "Listening port", + "Binary created", + "Runtime audit", + "SSH event", + "Incident", + "DNS query" + ] + ], + "type": "string" + }, + "forensic.NetworkCollection": { + "description": "NetworkCollection describe the different types of collection of network events", + "type": "string" + }, + "identity.LdapSettings": { + "description": "LdapSettings are the ldap connectivity settings", + "properties": { + "accountPassword": { + "$ref": "#/components/schemas/common.Secret" + }, + "accountUpn": { + "description": "AccountUpn is the user principle name used to connect to the active directory server.\n", + "type": "string" + }, + "caCert": { + "description": "CaCert is cert in PEM format (optional, if not specified, skip_verify flag will be used).\n", + "type": "string" + }, + "enabled": { + "description": "Enabled indicates whether LDAP is enabled.\n", + "type": "boolean" + }, + "groupSearchBase": { + "description": "GroupSearchBase is the LDAP search pattern for groups.\n", + "type": "string" + }, + "searchBase": { + "description": "SearchBase is the LDAP search pattern.\n", + "type": "string" + }, + "type": { + "description": "Type specifies the LDAP server type (AD or OpenLDAP).\n", + "type": "string" + }, + "url": { + "description": "URL is the ldap server url.\n", + "type": "string" + }, + "userSearchBase": { + "description": "UserSearchBase is the LDAP search pattern for users.\n", + "type": "string" + }, + "userSearchIdentifier": { + "description": "UserSearchIdentifier is the user identifier to use for querying open ldap (e.g., cn -> cn=user).\n", + "type": "string" + } + }, + "type": "object" + }, + "identity.ProviderName": { + "description": "ProviderName is the identity provider name", + "enum": [ + [ + "github", + "openshift" + ] + ], + "type": "string" + }, + "identity.ProviderSettings": { + "description": "ProviderSettings are the Oauth/ OpenID Connect connectivity settings", + "properties": { + "authURL": { + "description": "AuthURL specifies auth URL.\n", + "type": "string" + }, + "cert": { + "description": "Cert is idp certificate.\n", + "type": "string" + }, + "clientID": { + "description": "ClientID is the client identifier issued to the client during the registration process.\n", + "type": "string" + }, + "clientSecret": { + "$ref": "#/components/schemas/common.Secret" + }, + "enabled": { + "description": "Enabled indicates whether Auth settings are enabled.\n", + "type": "boolean" + }, + "groupClaim": { + "description": "GroupClaim is the name of the group claim property.\n", + "type": "string" + }, + "groupScope": { + "description": "GroupScope specifies name of group scope.\n", + "type": "string" + }, + "openIDIssuesURL": { + "description": "OpenIDIssuesURL is the base URL for OpenID connect providers.\n", + "type": "string" + }, + "openshiftBaseURL": { + "description": "OpenshiftBaseURL is openshift base URL.\n", + "type": "string" + }, + "providerAlias": { + "description": "ProviderAlias is the provider alias used for display.\n", + "type": "string" + }, + "providerName": { + "$ref": "#/components/schemas/identity.ProviderName" + }, + "tokenURL": { + "description": "TokenURL specifies token URL.\n", + "type": "string" + }, + "userClaim": { + "description": "UserClaim is the name of the user claim property.\n", + "type": "string" + } + }, + "type": "object" + }, + "identity.RedirectURLResponse": { + "description": "RedirectURLResponse is the response for identity redirect endpoint", + "properties": { + "enabled": { + "description": "Enabled identify if auth provider is enabled.\n", + "type": "boolean" + }, + "url": { + "description": "URL is the redirect URL.\n", + "type": "string" + } + }, + "type": "object" + }, + "identity.SamlSettings": { + "description": "SamlSettings are the saml connectivity settings", + "properties": { + "appId": { + "description": "AppID is the Azure application ID.\n", + "type": "string" + }, + "appSecret": { + "$ref": "#/components/schemas/common.Secret" + }, + "audience": { + "description": "Audience specifies the SAML audience used in the verification of the SAML response.\n", + "type": "string" + }, + "cert": { + "description": "Cert is idp certificate in PEM format.\n", + "type": "string" + }, + "consoleURL": { + "description": "ConsoleURL is the external Console URL that is used by the IDP for routing the browser after login.\n", + "type": "string" + }, + "enabled": { + "description": "Enabled indicates whether saml settings are enabled.\n", + "type": "boolean" + }, + "groupAttribute": { + "description": "GroupAttribute is the name of the group attribute.\n", + "type": "string" + }, + "issuer": { + "description": "Issuer is idp issuer id.\n", + "type": "string" + }, + "providerAlias": { + "description": "ProviderAlias is the provider alias used for display.\n", + "type": "string" + }, + "skipAuthnContext": { + "description": "SkipAuthnContext indicates whether request authentication contexts should be skipped.\n", + "type": "boolean" + }, + "tenantId": { + "description": "TenantID is the Azure Tenant ID.\n", + "type": "string" + }, + "type": { + "$ref": "#/components/schemas/identity.SamlType" + }, + "url": { + "description": "URL is idp sso url.\n", + "type": "string" + } + }, + "type": "object" + }, + "identity.SamlType": { + "description": "SamlType represents the type of a SAML configured settings", + "enum": [ + [ + "okta", + "gsuite", + "ping", + "shibboleth", + "azure", + "adfs" + ] + ], + "type": "string" + }, + "identity.Settings": { + "description": "Settings hold the identity settings for supported providers", + "properties": { + "ldap": { + "$ref": "#/components/schemas/identity.LdapSettings" + }, + "oauth": { + "$ref": "#/components/schemas/identity.ProviderSettings" + }, + "openid": { + "$ref": "#/components/schemas/identity.ProviderSettings" + }, + "saml": { + "$ref": "#/components/schemas/identity.SamlSettings" + } + }, + "type": "object" + }, + "int": { + "type": "integer" + }, + "int16": { + "type": "integer" + }, + "int64": { + "format": "int64", + "type": "integer" + }, + "intelligence.IntelligenceSettings": { + "description": "IntelligenceSettings are the intelligence service settings", + "properties": { + "address": { + "description": "Address is the intelligence service address.\n", + "type": "string" + }, + "customEndpoint": { + "description": "CustomEndpoint is the user defined custom endpoint.\n", + "type": "string" + }, + "customEndpointCACert": { + "description": "CustomEndpointCACert is the custom CA cert bundle for trusting the custom endpoint.\n", + "type": "string" + }, + "customEndpointCredentialID": { + "description": "CustomEndpointCredentialID is the custom endpoint credential ID.\n", + "type": "string" + }, + "customEndpointEnabled": { + "description": "CustomEndpointEnabled indicates that the user custom endpoint is enabled.\n", + "type": "boolean" + }, + "enabled": { + "description": "Enabled indicates whether intelligence service is enabled.\n", + "type": "boolean" + }, + "token": { + "description": "Token is the token used to access intelligence service.\n", + "type": "string" + }, + "uploadDisabled": { + "description": "UploadDisabled indicates whether logs uploading is disabled.\n", + "type": "boolean" + }, + "windowsFeedEnabled": { + "description": "WindowsFeedEnabled indicates whether windows feed is enabled.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "istio.AuthorizationPolicy": { + "description": "AuthorizationPolicy is a compact version of Istio AuthorizationPolicy resource\nSee https://istio.io/docs/reference/config/security/authorization-policy/#AuthorizationPolicy", + "properties": { + "effect": { + "$ref": "#/components/schemas/common.Effect" + }, + "name": { + "description": "Name is the authorization policy name.\n", + "type": "string" + }, + "namespace": { + "description": "Namespace is the namespace of the authorization policy.\n", + "type": "string" + }, + "rules": { + "description": "Rules are the access rules this authorization policy defines.\n", + "items": { + "$ref": "#/components/schemas/istio.AuthorizationPolicyRule" + }, + "type": "array" + }, + "targetServices": { + "description": "TargetServices is the list of services the authorization policy applies on.\n", + "items": { + "$ref": "#/components/schemas/istio.AuthorizationPolicyService" + }, + "type": "array" + } + }, + "type": "object" + }, + "istio.AuthorizationPolicyDestination": { + "description": "AuthorizationPolicyDestination is a compact version of Istio Operation resource\nSee https://istio.io/docs/reference/config/security/authorization-policy/#Operation", + "properties": { + "methods": { + "description": "Methods are the destination endpoint HTTP methods, such as: \"GET\", \"POST\".\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "paths": { + "description": "Paths are the destination HTTP paths.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "ports": { + "description": "Ports are the destination endpoint ports.\n", + "items": { + "$ref": "#/components/schemas/int" + }, + "type": "array" + } + }, + "type": "object" + }, + "istio.AuthorizationPolicyRule": { + "description": "AuthorizationPolicyRule is a compact version of Istio Rule resource\nSee https://istio.io/docs/reference/config/security/authorization-policy/#Rule", + "properties": { + "destinations": { + "description": "Destinations are the endpoint definitions the rule grants access to.\n", + "items": { + "$ref": "#/components/schemas/istio.AuthorizationPolicyDestination" + }, + "type": "array" + }, + "sources": { + "description": "Sources are the metadatas of the services the rule grants access to.\n", + "items": { + "$ref": "#/components/schemas/istio.AuthorizationPolicySource" + }, + "type": "array" + } + }, + "type": "object" + }, + "istio.AuthorizationPolicyService": { + "description": "AuthorizationPolicyService represents a service an authorization policy applies on\nSee https://istio.io/docs/reference/config/security/authorization-policy/#Source", + "properties": { + "name": { + "description": "Name is the service name.\n", + "type": "string" + }, + "namespace": { + "description": "Namespace is the service namespace.\n", + "type": "string" + } + }, + "type": "object" + }, + "istio.AuthorizationPolicySource": { + "description": "AuthorizationPolicySource is a compact version of Istio Source resource\nSee https://istio.io/docs/reference/config/security/authorization-policy/#Source", + "properties": { + "namespaces": { + "description": "Namespaces are the source services namespaces.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "principals": { + "description": "Principals are the source services principals.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + "type": "object" + }, + "kubeaudit.Audit": { + "description": "Audit represents a Kubernetes audit - this is the data that is stored for matched audits", + "properties": { + "accountID": { + "description": "AccountID is the account ID the Kubernetes audit belongs to.\n", + "type": "string" + }, + "attackTechniques": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/mitre.Technique" + }, + "type": "array" + }, + "authorizationInfo": { + "additionalProperties": { + "$ref": "#/components/schemas/string" + }, + "description": "AuthorizationInfo holds the original event authorization info.\n", + "type": "object" + }, + "cluster": { + "description": "Cluster is the cluster the Kubernetes audit belongs to.\n", + "type": "string" + }, + "collections": { + "description": "Collections that apply to the Kubernetes audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "eventBlob": { + "description": "EventBlob is the original event that caused this audit.\n", + "type": "string" + }, + "message": { + "description": "Message is the user defined message which appears on audit.\n", + "type": "string" + }, + "provider": { + "$ref": "#/components/schemas/common.CloudProvider" + }, + "requestURI": { + "description": "RequestURI is the request URI as sent by the client to a server.\n", + "type": "string" + }, + "resources": { + "description": "Resource represents the resource that is impacted by this event.\n", + "type": "string" + }, + "sourceIPs": { + "description": "Source IPs, from where the request originated and intermediate proxies (optional).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "time": { + "description": "Time is the time at which the request was generated.\n", + "format": "date-time", + "type": "string" + }, + "user": { + "$ref": "#/components/schemas/kubeaudit.EventUserInfo" + }, + "verb": { + "description": "Verb is the kubernetes verb associated with the request.\n", + "type": "string" + } + }, + "type": "object" + }, + "kubeaudit.AuditSettings": { + "description": "AuditSettings represents the kubernetes audits settings", + "properties": { + "lastPollingTime": { + "description": "LastPollingTime holds the last time the logs were polled.\n", + "format": "date-time", + "type": "string" + }, + "specifications": { + "description": "Specifications are the K8s audits fetching CSP specifications.\n", + "items": { + "$ref": "#/components/schemas/kubeaudit.AuditSpecification" + }, + "type": "array" + }, + "webhookUrlSuffix": { + "description": "WebhookSuffix is the relative path to the webhook http endpoint, used for auditing K8S events sent to the console from a cluster.\n", + "type": "string" + } + }, + "type": "object" + }, + "kubeaudit.AuditSpecification": { + "description": "AuditSpecification is the specification for fetching audits from a CSP", + "properties": { + "awsRegion": { + "description": "AWSRegion is the cloud region to fetch from.\n", + "type": "string" + }, + "azureResourceGroups": { + "description": "AzureResourceGroups holds the resource groups to filter by.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "azureWorkspaceName": { + "description": "AzureWorkspaceName holds the workspace name to fetch from.\n", + "type": "string" + }, + "clusters": { + "description": "Clusters are the clusters to fetch.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "credentialID": { + "description": "CredentialID is the credential to use for CSP authentication for this specification.\n", + "type": "string" + }, + "deploymentType": { + "$ref": "#/components/schemas/kubeaudit.DeploymentType" + }, + "filter": { + "description": "Filter is a provider specific query using the provider's query syntax for additional filtering.\n", + "type": "string" + }, + "gcpProjectIDs": { + "description": "GCPProjectIDs holds the IDs of projects to fetch from.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "name": { + "description": "Name is the specification unique identification as provided by the user.\n", + "type": "string" + } + }, + "type": "object" + }, + "kubeaudit.DeploymentType": { + "description": "DeploymentType specifies the type of Kubernetes deployment", + "enum": [ + [ + "gke", + "aks", + "eks" + ] + ], + "type": "string" + }, + "kubeaudit.EventUserInfo": { + "description": "EventUserInfo holds the information about the user that authenticated to Kubernentes", + "properties": { + "groups": { + "description": "The names of groups this user is a part of (optional).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "uid": { + "description": "A unique value that identifies this user across time. If this user is\ndeleted and another user by the same name is added, they will have\ndifferent UIDs (optional).\n", + "type": "string" + }, + "username": { + "description": "The name that uniquely identifies this user among all active users (optional).\n", + "type": "string" + } + }, + "type": "object" + }, + "kubeaudit.Policy": { + "description": "Policy represents a Kubernetes audit policy enforced on Kubernetes audits", + "properties": { + "_id": { + "description": "ID is the Kubernetes audit policy ID.\n", + "type": "string" + }, + "customRulesIDs": { + "description": "CustomRulesIDs is a list of the custom runtime rules ids that apply to this policy.\n", + "items": { + "$ref": "#/components/schemas/int" + }, + "type": "array" + }, + "enabled": { + "description": "Enabled specifies if Kubernetes audits are enabled.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "license.SPDXLicense": { + "description": "SPDXLicense represents a SPDX license ID", + "enum": [ + [ + "0BSD", + "AAL", + "ADSL", + "AFL-1.1", + "AFL-1.2", + "AFL-2.0", + "AFL-2.1", + "AFL-3.0", + "AGPL-1.0", + "AGPL-1.0-only", + "AGPL-1.0-or-later", + "AGPL-3.0", + "AGPL-3.0-only", + "AGPL-3.0-or-later", + "AMDPLPA", + "AML", + "AMPAS", + "ANTLR-PD", + "ANTLR-PD-fallback", + "APAFML", + "APL-1.0", + "APSL-1.0", + "APSL-1.1", + "APSL-1.2", + "APSL-2.0", + "Abstyles", + "Adobe-2006", + "Adobe-Glyph", + "Afmparse", + "Aladdin", + "Apache-1.0", + "Apache-1.1", + "Apache-2.0", + "Artistic-1.0", + "Artistic-1.0-Perl", + "Artistic-1.0-cl8", + "Artistic-2.0", + "BSD-1-Clause", + "BSD-2-Clause", + "BSD-2-Clause-FreeBSD", + "BSD-2-Clause-NetBSD", + "BSD-2-Clause-Patent", + "BSD-2-Clause-Views", + "BSD-3-Clause", + "BSD-3-Clause-Attribution", + "BSD-3-Clause-Clear", + "BSD-3-Clause-LBNL", + "BSD-3-Clause-No-Nuclear-License", + "BSD-3-Clause-No-Nuclear-License-2014", + "BSD-3-Clause-No-Nuclear-Warranty", + "BSD-3-Clause-Open-MPI", + "BSD-4-Clause", + "BSD-4-Clause-UC", + "BSD-Protection", + "BSD-Source-Code", + "BSL-1.0", + "BUSL-1.1", + "Bahyph", + "Barr", + "Beerware", + "BitTorrent-1.0", + "BitTorrent-1.1", + "BlueOak-1.0.0", + "Borceux", + "CAL-1.0", + "CAL-1.0-Combined-Work-Exception", + "CATOSL-1.1", + "CC-BY-1.0", + "CC-BY-2.0", + "CC-BY-2.5", + "CC-BY-3.0", + "CC-BY-3.0-AT", + "CC-BY-3.0-US", + "CC-BY-4.0", + "CC-BY-NC-1.0", + "CC-BY-NC-2.0", + "CC-BY-NC-2.5", + "CC-BY-NC-3.0", + "CC-BY-NC-4.0", + "CC-BY-NC-ND-1.0", + "CC-BY-NC-ND-2.0", + "CC-BY-NC-ND-2.5", + "CC-BY-NC-ND-3.0", + "CC-BY-NC-ND-3.0-IGO", + "CC-BY-NC-ND-4.0", + "CC-BY-NC-SA-1.0", + "CC-BY-NC-SA-2.0", + "CC-BY-NC-SA-2.5", + "CC-BY-NC-SA-3.0", + "CC-BY-NC-SA-4.0", + "CC-BY-ND-1.0", + "CC-BY-ND-2.0", + "CC-BY-ND-2.5", + "CC-BY-ND-3.0", + "CC-BY-ND-4.0", + "CC-BY-SA-1.0", + "CC-BY-SA-2.0", + "CC-BY-SA-2.0-UK", + "CC-BY-SA-2.5", + "CC-BY-SA-3.0", + "CC-BY-SA-3.0-AT", + "CC-BY-SA-4.0", + "CC-PDDC", + "CC0-1.0", + "CDDL-1.0", + "CDDL-1.1", + "CDLA-Permissive-1.0", + "CDLA-Sharing-1.0", + "CECILL-1.0", + "CECILL-1.1", + "CECILL-2.0", + "CECILL-2.1", + "CECILL-B", + "CECILL-C", + "CERN-OHL-1.1", + "CERN-OHL-1.2", + "CERN-OHL-P-2.0", + "CERN-OHL-S-2.0", + "CERN-OHL-W-2.0", + "CNRI-Jython", + "CNRI-Python", + "CNRI-Python-GPL-Compatible", + "CPAL-1.0", + "CPL-1.0", + "CPOL-1.02", + "CUA-OPL-1.0", + "Caldera", + "ClArtistic", + "Condor-1.1", + "Crossword", + "CrystalStacker", + "Cube", + "D-FSL-1.0", + "DOC", + "DSDP", + "Dotseqn", + "ECL-1.0", + "ECL-2.0", + "EFL-1.0", + "EFL-2.0", + "EPICS", + "EPL-1.0", + "EPL-2.0", + "EUDatagrid", + "EUPL-1.0", + "EUPL-1.1", + "EUPL-1.2", + "Entessa", + "ErlPL-1.1", + "Eurosym", + "FSFAP", + "FSFUL", + "FSFULLR", + "FTL", + "Fair", + "Frameworx-1.0", + "FreeImage", + "GFDL-1.1", + "GFDL-1.1-invariants-only", + "GFDL-1.1-invariants-or-later", + "GFDL-1.1-no-invariants-only", + "GFDL-1.1-no-invariants-or-later", + "GFDL-1.1-only", + "GFDL-1.1-or-later", + "GFDL-1.2", + "GFDL-1.2-invariants-only", + "GFDL-1.2-invariants-or-later", + "GFDL-1.2-no-invariants-only", + "GFDL-1.2-no-invariants-or-later", + "GFDL-1.2-only", + "GFDL-1.2-or-later", + "GFDL-1.3", + "GFDL-1.3-invariants-only", + "GFDL-1.3-invariants-or-later", + "GFDL-1.3-no-invariants-only", + "GFDL-1.3-no-invariants-or-later", + "GFDL-1.3-only", + "GFDL-1.3-or-later", + "GL2PS", + "GLWTPL", + "GPL-1.0", + "GPL-1.0+", + "GPL-1.0-only", + "GPL-1.0-or-later", + "GPL-2.0", + "GPL-2.0+", + "GPL-2.0-only", + "GPL-2.0-or-later", + "GPL-2.0-with-GCC-exception", + "GPL-2.0-with-autoconf-exception", + "GPL-2.0-with-bison-exception", + "GPL-2.0-with-classpath-exception", + "GPL-2.0-with-font-exception", + "GPL-3.0", + "GPL-3.0+", + "GPL-3.0-only", + "GPL-3.0-or-later", + "GPL-3.0-with-GCC-exception", + "GPL-3.0-with-autoconf-exception", + "Giftware", + "Glide", + "Glulxe", + "HPND", + "HPND-sell-variant", + "HTMLTIDY", + "HaskellReport", + "Hippocratic-2.1", + "IBM-pibs", + "ICU", + "IJG", + "IPA", + "IPL-1.0", + "ISC", + "ImageMagick", + "Imlib2", + "Info-ZIP", + "Intel", + "Intel-ACPI", + "Interbase-1.0", + "JPNIC", + "JSON", + "JasPer-2.0", + "LAL-1.2", + "LAL-1.3", + "LGPL-2.0", + "LGPL-2.0+", + "LGPL-2.0-only", + "LGPL-2.0-or-later", + "LGPL-2.1", + "LGPL-2.1+", + "LGPL-2.1-only", + "LGPL-2.1-or-later", + "LGPL-3.0", + "LGPL-3.0+", + "LGPL-3.0-only", + "LGPL-3.0-or-later", + "LGPLLR", + "LPL-1.0", + "LPL-1.02", + "LPPL-1.0", + "LPPL-1.1", + "LPPL-1.2", + "LPPL-1.3a", + "LPPL-1.3c", + "Latex2e", + "Leptonica", + "LiLiQ-P-1.1", + "LiLiQ-R-1.1", + "LiLiQ-Rplus-1.1", + "Libpng", + "Linux-OpenIB", + "MIT", + "MIT-0", + "MIT-CMU", + "MIT-advertising", + "MIT-enna", + "MIT-feh", + "MIT-open-group", + "MITNFA", + "MPL-1.0", + "MPL-1.1", + "MPL-2.0", + "MPL-2.0-no-copyleft-exception", + "MS-PL", + "MS-RL", + "MTLL", + "MakeIndex", + "MirOS", + "Motosoto", + "MulanPSL-1.0", + "MulanPSL-2.0", + "Multics", + "Mup", + "NASA-1.3", + "NBPL-1.0", + "NCGL-UK-2.0", + "NCSA", + "NGPL", + "NIST-PD", + "NIST-PD-fallback", + "NLOD-1.0", + "NLPL", + "NOSL", + "NPL-1.0", + "NPL-1.1", + "NPOSL-3.0", + "NRL", + "NTP", + "NTP-0", + "Naumen", + "Net-SNMP", + "NetCDF", + "Newsletr", + "Nokia", + "Noweb", + "Nunit", + "O-UDA-1.0", + "OCCT-PL", + "OCLC-2.0", + "ODC-By-1.0", + "ODbL-1.0", + "OFL-1.0", + "OFL-1.0-RFN", + "OFL-1.0-no-RFN", + "OFL-1.1", + "OFL-1.1-RFN", + "OFL-1.1-no-RFN", + "OGC-1.0", + "OGL-Canada-2.0", + "OGL-UK-1.0", + "OGL-UK-2.0", + "OGL-UK-3.0", + "OGTSL", + "OLDAP-1.1", + "OLDAP-1.2", + "OLDAP-1.3", + "OLDAP-1.4", + "OLDAP-2.0", + "OLDAP-2.0.1", + "OLDAP-2.1", + "OLDAP-2.2", + "OLDAP-2.2.1", + "OLDAP-2.2.2", + "OLDAP-2.3", + "OLDAP-2.4", + "OLDAP-2.5", + "OLDAP-2.6", + "OLDAP-2.7", + "OLDAP-2.8", + "OML", + "OPL-1.0", + "OSET-PL-2.1", + "OSL-1.0", + "OSL-1.1", + "OSL-2.0", + "OSL-2.1", + "OSL-3.0", + "OpenSSL", + "PDDL-1.0", + "PHP-3.0", + "PHP-3.01", + "PSF-2.0", + "Parity-6.0.0", + "Parity-7.0.0", + "Plexus", + "PolyForm-Noncommercial-1.0.0", + "PolyForm-Small-Business-1.0.0", + "PostgreSQL", + "Python-2.0", + "QPL-1.0", + "Qhull", + "RHeCos-1.1", + "RPL-1.1", + "RPL-1.5", + "RPSL-1.0", + "RSA-MD", + "RSCPL", + "Rdisc", + "Ruby", + "SAX-PD", + "SCEA", + "SGI-B-1.0", + "SGI-B-1.1", + "SGI-B-2.0", + "SHL-0.5", + "SHL-0.51", + "SISSL", + "SISSL-1.2", + "SMLNJ", + "SMPPL", + "SNIA", + "SPL-1.0", + "SSH-OpenSSH", + "SSH-short", + "SSPL-1.0", + "SWL", + "Saxpath", + "Sendmail", + "Sendmail-8.23", + "SimPL-2.0", + "Sleepycat", + "Spencer-86", + "Spencer-94", + "Spencer-99", + "StandardML-NJ", + "SugarCRM-1.1.3", + "TAPR-OHL-1.0", + "TCL", + "TCP-wrappers", + "TMate", + "TORQUE-1.1", + "TOSL", + "TU-Berlin-1.0", + "TU-Berlin-2.0", + "UCL-1.0", + "UPL-1.0", + "Unicode-DFS-2015", + "Unicode-DFS-2016", + "Unicode-TOU", + "Unlicense", + "VOSTROM", + "VSL-1.0", + "Vim", + "W3C", + "W3C-19980720", + "W3C-20150513", + "WTFPL", + "Watcom-1.0", + "Wsuipa", + "X11", + "XFree86-1.1", + "XSkat", + "Xerox", + "Xnet", + "YPL-1.0", + "YPL-1.1", + "ZPL-1.1", + "ZPL-2.0", + "ZPL-2.1", + "Zed", + "Zend-2.0", + "Zimbra-1.3", + "Zimbra-1.4", + "Zlib", + "blessing", + "bzip2-1.0.5", + "bzip2-1.0.6", + "copyleft-next-0.3.0", + "copyleft-next-0.3.1", + "curl", + "diffmark", + "dvipdfm", + "eCos-2.0", + "eGenix", + "etalab-2.0", + "gSOAP-1.3b", + "gnuplot", + "iMatix", + "libpng-2.0", + "libselinux-1.0", + "libtiff", + "mpich2", + "psfrag", + "psutils", + "wxWindows", + "xinetd", + "xpp", + "zlib-acknowledgement" + ] + ], + "type": "string" + }, + "log.LogEntry": { + "description": "LogEntry represents a single log line", + "properties": { + "level": { + "description": "Level is the log level.\n", + "type": "string" + }, + "log": { + "description": "Log is the log text.\n", + "type": "string" + }, + "time": { + "description": "Time is the log time.\n", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "mitre.Technique": { + "description": "Technique is the MITRE framework attack technique", + "enum": [ + [ + "exploitationForPrivilegeEscalation", + "exploitPublicFacingApplication", + "applicationExploitRCE", + "networkServiceScanning", + "endpointDenialOfService", + "exfiltrationGeneral", + "systemNetworkConfigurationDiscovery", + "unsecuredCredentials", + "credentialDumping", + "systemInformationDiscovery", + "systemNetworkConnectionDiscovery", + "systemUserDiscovery", + "accountDiscovery", + "cloudInstanceMetadataAPI", + "accessKubeletMainAPI", + "queryKubeletReadonlyAPI", + "accessKubernetesAPIServer", + "softwareDeploymentTools", + "ingressToolTransfer", + "lateralToolTransfer", + "commandAndControlGeneral", + "resourceHijacking", + "manInTheMiddle", + "nativeBinaryExecution", + "foreignBinaryExecution", + "createAccount", + "accountManipulation", + "abuseElevationControlMechanisms", + "supplyChainCompromise", + "obfuscatedFiles", + "hijackExecutionFlow", + "impairDefences", + "scheduledTaskJob", + "exploitationOfRemoteServices", + "eventTriggeredExecution", + "accountAccessRemoval", + "privilegedContainer", + "writableVolumes", + "execIntoContainer", + "softwareDiscovery", + "createContainer", + "kubernetesSecrets", + "fileAndDirectoryDiscovery", + "masquerading", + "webShell", + "compileAfterDelivery" + ] + ], + "type": "string" + }, + "packages.Type": { + "description": "Type describes the package type", + "enum": [ + [ + "nodejs", + "gem", + "python", + "jar", + "package", + "windows", + "binary", + "nuget", + "go", + "app", + "unknown" + ] + ], + "type": "string" + }, + "prisma.AlertIntegration": { + "description": "AlertIntegration has the relevant fields for Prisma Cloud defined integrations\nhttps://prisma.pan.dev/api/cloud/cspm/integrations#operation/get-all-integrations", + "properties": { + "id": { + "description": "ID of the integration in Prisma Cloud.\n", + "type": "string" + }, + "integrationConfig": { + "$ref": "#/components/schemas/prisma.IntegrationConfig" + }, + "integrationType": { + "description": "IntegrationType is the provider type.\n", + "type": "string" + }, + "name": { + "description": "Name of the integration in Prisma Cloud.\n", + "type": "string" + } + }, + "type": "object" + }, + "prisma.AssetType": { + "description": "AssetType is the integral value that we need to pass to PC in the UAI and Unified Alerts integrations to identify the asset type\nMappings of the asset types agreed upon with PC can be found here - https://docs.google.com/spreadsheets/d/1M0Aj5U4vpFGEnpd0v_xK-CsxSH4lovE7p93hkzE4DTY\nAdditional asset types can be found here - https://redlock.atlassian.net/browse/RLP-57240\nThis value will be identical to resource api id in case of Unified Alerts", + "enum": [ + [ + "15", + "16", + "18", + "5109", + "39", + "45", + "65", + "5051", + "5070", + "7075", + "7077", + "10523", + "10524", + "10562", + "15000", + "20019", + "20028", + "20042", + "20051", + "20125", + "20126", + "20127", + "20155", + "25001", + "30012", + "30013", + "30014", + "30015", + "30016", + "30018", + "30020" + ] + ], + "type": "integer" + }, + "prisma.CloudType": { + "description": "CloudType is the prisma cloud type of the resource that is used for policy verdict creation\nCloud type values are documented here - https://docs.google.com/spreadsheets/d/1ZRlPl2IdEX22-7pSnqxeJGwwS0jyUbJJ16IkuPoiHMU", + "enum": [ + [ + "1", + "2", + "3", + "4", + "5", + "6" + ] + ], + "type": "integer" + }, + "prisma.IntegrationConfig": { + "description": "IntegrationConfig holds the additional configuration data for each integration", + "properties": { + "accountId": { + "description": "SecurityHubAccountID is the AWS account ID.\n", + "type": "string" + }, + "regions": { + "description": "SecurityHubIntegrationRegions holds AWS account available regions.\n", + "items": { + "$ref": "#/components/schemas/prisma.SecurityHubIntegrationRegions" + }, + "type": "array" + }, + "tables": { + "description": "ServiceNowIntegrationConfig holds ServiceNow tables info.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + "type": "object" + }, + "prisma.SecurityHubIntegrationRegions": { + "description": "SecurityHubIntegrationRegions holds AWS Security Hub regions info", + "properties": { + "apiIdentifier": { + "description": "APIIdentifier represents the AWS region.\n", + "type": "string" + }, + "name": { + "description": "Name is the region name.\n", + "type": "string" + } + }, + "type": "object" + }, + "prisma.ServiceProvider": { + "description": "ServiceProvider represents service provider id or \"other\" in case it is non cloud.", + "enum": [ + [ + "aws", + "azure", + "gcp", + "alibaba_cloud", + "oci", + "other" + ] + ], + "type": "string" + }, + "rbac.PermName": { + "description": "PermName is a name of permission to a single resource type", + "enum": [ + [ + "radarsContainers", + "radarsHosts", + "radarsServerless", + "radarsCloud", + "policyContainers", + "policyHosts", + "policyServerless", + "policyCloud", + "policyComplianceCustomRules", + "policyRuntimeContainer", + "policyRuntimeHosts", + "policyRuntimeServerless", + "policyCustomRules", + "policyWAAS", + "policyCNNF", + "policyAccessSecrets", + "policyAccessKubernetes", + "monitorVuln", + "monitorCompliance", + "monitorImages", + "monitorHosts", + "monitorServerless", + "monitorCloud", + "monitorCI", + "monitorRuntimeContainers", + "monitorRuntimeHosts", + "monitorRuntimeServerless", + "monitorRuntimeIncidents", + "sandbox", + "monitorWAAS", + "monitorCNNF", + "monitorAccessDocker", + "monitorAccessKubernetes", + "systemLogs", + "manageDefenders", + "manageAlerts", + "collections", + "manageCreds", + "authConfiguration", + "userManagement", + "systemOperations", + "privilegedOperations", + "downloads", + "accessUI", + "uIEventSubscriber", + "user", + "none" + ] + ], + "type": "string" + }, + "rbac.Permission": { + "description": "Permission is a named resource permission", + "properties": { + "name": { + "$ref": "#/components/schemas/rbac.PermName" + }, + "readWrite": { + "description": "ReadWrite indicates RW or RO permission.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "rbac.Role": { + "description": "Role represents the role of a given user/group", + "properties": { + "description": { + "description": "Description is the role's description.\n", + "type": "string" + }, + "name": { + "description": "Name is the role name.\n", + "type": "string" + }, + "perms": { + "description": "Perms are the role resource permissions.\n", + "items": { + "$ref": "#/components/schemas/rbac.Permission" + }, + "type": "array" + }, + "system": { + "description": "System indicates predefined immutable system role.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "runtime.AntiMalwareRule": { + "description": "AntiMalwareRule represents restrictions/suppression for suspected anti-malware", + "properties": { + "allowedProcesses": { + "description": "AllowedProcesses contains paths of files and processes for which we skip anti-malware checks.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "cryptoMiner": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "customFeed": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "deniedProcesses": { + "$ref": "#/components/schemas/runtime.DenyListRule" + }, + "detectCompilerGeneratedBinary": { + "description": "DetectCompilerGeneratedBinary represents what happens when a compiler service writes a binary.\n", + "type": "boolean" + }, + "encryptedBinaries": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "executionFlowHijack": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "intelligenceFeed": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "reverseShell": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "serviceUnknownOriginBinary": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "skipSSHTracking": { + "description": "SkipSSHTracking indicates whether host SSH tracking should be skipped.\n", + "type": "boolean" + }, + "suspiciousELFHeaders": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "tempFSProc": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "userUnknownOriginBinary": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "webShell": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "wildFireAnalysis": { + "$ref": "#/components/schemas/runtime.RuleEffect" + } + }, + "type": "object" + }, + "runtime.App": { + "description": "App represents the applications runtime data", + "properties": { + "listeningPorts": { + "description": "ListeningPorts represents the applications listening ports.\n", + "items": { + "$ref": "#/components/schemas/runtime.HostProfileListeningPort" + }, + "type": "array" + }, + "name": { + "description": "Name is the app name.\n", + "type": "string" + }, + "outgoingPorts": { + "description": "OutgoingPorts represents the applications outgoing ports.\n", + "items": { + "$ref": "#/components/schemas/runtime.HostProfileOutgoingPort" + }, + "type": "array" + }, + "processes": { + "description": "Processes is a list of the app's descendant processes.\n", + "items": { + "$ref": "#/components/schemas/runtime.ProfileProcess" + }, + "type": "array" + }, + "startupProcess": { + "$ref": "#/components/schemas/runtime.ProfileProcess" + } + }, + "type": "object" + }, + "runtime.AppEmbeddedPolicy": { + "description": "AppEmbeddedPolicy represents a runtime policy enforced for a given running resource", + "properties": { + "_id": { + "description": "Internal identifier.\n", + "type": "string" + }, + "rules": { + "description": "Rules in the policy.\n", + "items": { + "$ref": "#/components/schemas/runtime.AppEmbeddedPolicyRule" + }, + "type": "array" + } + }, + "type": "object" + }, + "runtime.AppEmbeddedPolicyRule": { + "description": "AppEmbeddedPolicyRule represents a single rule in the app embedded runtime policy", + "properties": { + "advancedProtection": { + "description": "Indicates whether advanced protection (e.g., custom or premium feeds for container, added whitelist rules for serverless) is enabled (true) or not (false).\n", + "type": "boolean" + }, + "collections": { + "description": "List of collections. Used to scope the rule.\n", + "items": { + "$ref": "#/components/schemas/collection.Collection" + }, + "type": "array" + }, + "customRules": { + "description": "List of custom runtime rules.\n", + "items": { + "$ref": "#/components/schemas/customrules.Ref" + }, + "type": "array" + }, + "disabled": { + "description": "Indicates whether the rule is currently disabled. Values: true (disabled) or false (enabled).\n", + "type": "boolean" + }, + "dns": { + "$ref": "#/components/schemas/runtime.DNSRule" + }, + "filesystem": { + "$ref": "#/components/schemas/runtime.FilesystemRule" + }, + "modified": { + "description": "Specifies the date and time when the rule was last modified.\n", + "format": "date-time", + "type": "string" + }, + "name": { + "description": "Name of the rule.\n", + "type": "string" + }, + "network": { + "$ref": "#/components/schemas/runtime.NetworkRule" + }, + "notes": { + "description": "Describes any noteworthy points for a rule. You can include any text.\n", + "type": "string" + }, + "owner": { + "description": "User who created or last modified the rule.\n", + "type": "string" + }, + "previousName": { + "description": "Previous name of the rule. Required for rule renaming.\n", + "type": "string" + }, + "processes": { + "$ref": "#/components/schemas/runtime.ProcessesRule" + }, + "wildFireAnalysis": { + "$ref": "#/components/schemas/runtime.RuleEffect" + } + }, + "type": "object" + }, + "runtime.AppListeningPorts": { + "description": "AppListeningPorts is an association of an app and list of listening ports", + "properties": { + "app": { + "description": "App is the name of the app.\n", + "type": "string" + }, + "portsData": { + "$ref": "#/components/schemas/common.ProfilePortData" + } + }, + "type": "object" + }, + "runtime.ContainerCapabilities": { + "description": "ContainerCapabilities are a set of static capabilities for a given container", + "properties": { + "ci": { + "description": "CI indicates the container allowed to write binaries to disk and run them.\n", + "type": "boolean" + }, + "cloudMetadata": { + "description": "CloudMetadata indicates the given container can query cloud metadata api.\n", + "type": "boolean" + }, + "dnsCache": { + "description": "DNSCache are DNS services that are used by all the pods in the cluster.\n", + "type": "boolean" + }, + "dynamicDNSQuery": { + "description": "DynamicDNSQuery indicates capped behavioral dns queries.\n", + "type": "boolean" + }, + "dynamicFileCreation": { + "description": "DynamicFileCreation indicates capped behavioral filesystem paths.\n", + "type": "boolean" + }, + "dynamicProcessCreation": { + "description": "DynamicProcessCreation indicates capped behavioral processes.\n", + "type": "boolean" + }, + "k8s": { + "description": "Kubernetes indicates the given container can perform k8s networking tasks (e.g., contact to api server).\n", + "type": "boolean" + }, + "proxy": { + "description": "Proxy indicates the container can listen on any port and perform multiple outbound connection.\n", + "type": "boolean" + }, + "pullImage": { + "description": "PullImage indicates that the container is allowed pull images (might include files with high entropy).\n", + "type": "boolean" + }, + "sshd": { + "description": "Sshd indicates whether the container can run sshd process.\n", + "type": "boolean" + }, + "unpacker": { + "description": "Unpacker indicates the container is allowed to write shared libraries to disk.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "runtime.ContainerDNSRule": { + "description": "ContainerDNSRule is the DNS runtime rule for container", + "properties": { + "defaultEffect": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "disabled": { + "description": "Disabled a global disable for the DNS rule.\n", + "type": "boolean" + }, + "domainList": { + "$ref": "#/components/schemas/runtime.DNSListRule" + } + }, + "type": "object" + }, + "runtime.ContainerFilesystemRule": { + "description": "ContainerFilesystemRule represents restrictions/suppression for filesystem changes", + "properties": { + "allowedList": { + "description": "AllowedList is the list of allowed file system path.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "backdoorFilesEffect": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "defaultEffect": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "deniedList": { + "$ref": "#/components/schemas/runtime.DenyListRule" + }, + "disabled": { + "description": "Disabled a global disable for the filesystem rule.\n", + "type": "boolean" + }, + "encryptedBinariesEffect": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "newFilesEffect": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "suspiciousELFHeadersEffect": { + "$ref": "#/components/schemas/runtime.RuleEffect" + } + }, + "type": "object" + }, + "runtime.ContainerNetworkRule": { + "description": "ContainerNetworkRule represents the restrictions/suppression for networking", + "properties": { + "allowedIPs": { + "description": "AllowedIPs the allow-listed IP addresses.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "defaultEffect": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "deniedIPs": { + "description": "DeniedIPs the deny-listed IP addresses.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "deniedIPsEffect": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "disabled": { + "description": "Disabled a global disable for the network rule.\n", + "type": "boolean" + }, + "listeningPorts": { + "$ref": "#/components/schemas/runtime.PortListRule" + }, + "modifiedProcEffect": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "outboundPorts": { + "$ref": "#/components/schemas/runtime.PortListRule" + }, + "portScanEffect": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "rawSocketsEffect": { + "$ref": "#/components/schemas/runtime.RuleEffect" + } + }, + "type": "object" + }, + "runtime.ContainerPolicy": { + "description": "ContainerPolicy represents a runtime policy enforced for a given running resource", + "properties": { + "_id": { + "description": "Internal identifier.\n", + "type": "string" + }, + "learningDisabled": { + "description": "Indicates whether automatic behavioural learning is enabled (true) or not (false).\n", + "type": "boolean" + }, + "rules": { + "description": "Rules in the policy.\n", + "items": { + "$ref": "#/components/schemas/runtime.ContainerPolicyRule" + }, + "type": "array" + } + }, + "type": "object" + }, + "runtime.ContainerPolicyRule": { + "description": "ContainerPolicyRule represents a single rule in the runtime policy", + "properties": { + "advancedProtectionEffect": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "cloudMetadataEnforcementEffect": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "collections": { + "description": "List of collections. Used to scope the rule.\n", + "items": { + "$ref": "#/components/schemas/collection.Collection" + }, + "type": "array" + }, + "customRules": { + "description": "List of custom runtime rules.\n", + "items": { + "$ref": "#/components/schemas/customrules.Ref" + }, + "type": "array" + }, + "disabled": { + "description": "Indicates whether the rule is currently disabled. Values: true (disabled) or false (enabled).\n", + "type": "boolean" + }, + "dns": { + "$ref": "#/components/schemas/runtime.ContainerDNSRule" + }, + "filesystem": { + "$ref": "#/components/schemas/runtime.ContainerFilesystemRule" + }, + "kubernetesEnforcementEffect": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "modified": { + "description": "Specifies the date and time when the rule was last modified.\n", + "format": "date-time", + "type": "string" + }, + "name": { + "description": "Name of the rule.\n", + "type": "string" + }, + "network": { + "$ref": "#/components/schemas/runtime.ContainerNetworkRule" + }, + "notes": { + "description": "Describes any noteworthy points for a rule. You can include any text.\n", + "type": "string" + }, + "owner": { + "description": "User who created or last modified the rule.\n", + "type": "string" + }, + "previousName": { + "description": "Previous name of the rule. Required for rule renaming.\n", + "type": "string" + }, + "processes": { + "$ref": "#/components/schemas/runtime.ContainerProcessesRule" + }, + "skipExecSessions": { + "description": "Indicates whether to skip runtime validation for events triggered by docker/kubectl exec.\n", + "type": "boolean" + }, + "wildFireAnalysis": { + "$ref": "#/components/schemas/runtime.RuleEffect" + } + }, + "type": "object" + }, + "runtime.ContainerProcessesRule": { + "description": "ContainerProcessesRule represents restrictions/suppression for running processes", + "properties": { + "allowedList": { + "description": "AllowedList is the list of processes to allow.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "checkParentChild": { + "description": "Indicates whether checking for parent child relationship when comparing spawned processes in the model is enabled.\n", + "type": "boolean" + }, + "cryptoMinersEffect": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "defaultEffect": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "deniedList": { + "$ref": "#/components/schemas/runtime.DenyListRule" + }, + "disabled": { + "description": "Disabled a global disable for the processes rule.\n", + "type": "boolean" + }, + "lateralMovementEffect": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "modifiedProcessEffect": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "reverseShellEffect": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "suidBinariesEffect": { + "$ref": "#/components/schemas/runtime.RuleEffect" + } + }, + "type": "object" + }, + "runtime.ContainerProfileHost": { + "description": "ContainerProfileHost represents a host that runs a container with a specific profile ID", + "properties": { + "agentless": { + "description": "Agentless indicates if the host was scanned by agentless.\n", + "type": "boolean" + }, + "hostname": { + "description": "Hostname is the name of the host.\n", + "type": "string" + }, + "profileID": { + "description": "ProfileID is the profile ID that matches the container running in the host.\n", + "type": "string" + } + }, + "type": "object" + }, + "runtime.DNSListRule": { + "description": "DNSListRule represents an explicitly allowed/denied domains list rule", + "properties": { + "allowed": { + "description": "Allowed the allow-listed domain names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "denied": { + "description": "Denied the deny-listed domain names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "effect": { + "$ref": "#/components/schemas/runtime.RuleEffect" + } + }, + "type": "object" + }, + "runtime.DNSQuery": { + "description": "DNSQuery is the data of a DNS query", + "properties": { + "domainName": { + "description": "DomainName is the queried domain name.\n", + "type": "string" + }, + "domainType": { + "description": "DomainType is the queried domain type.\n", + "type": "string" + } + }, + "type": "object" + }, + "runtime.DNSRule": { + "description": "DNSRule is the DNS runtime rule", + "properties": { + "blacklist": { + "description": "List of deny-listed domain names (e.g., www.bad-url.com, *.bad-url.com).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "effect": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "whitelist": { + "description": "List of allow-listed domain names (e.g., *.gmail.com, *.s3.*.amazon.com).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + "type": "object" + }, + "runtime.DenyListRule": { + "description": "DenyListRule represents a rule containing paths of files and processes to alert/prevent and the required effect", + "properties": { + "effect": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "paths": { + "description": "Paths are the paths to alert/prevent when an event with one of the paths is triggered.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + "type": "object" + }, + "runtime.FSFileType": { + "description": "FSFileType represents the file type", + "type": "integer" + }, + "runtime.FileIntegrityRule": { + "description": "FileIntegrityRule represents a single file integrity monitoring rule", + "properties": { + "dir": { + "description": "Dir indicates that the path is a directory.\n", + "type": "boolean" + }, + "exclusions": { + "description": "Exclusions are filenames that should be ignored while generating audits\nThese filenames may contain a wildcard regex pattern, e.g. foo*.log, *.cache.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "metadata": { + "description": "Metadata indicates that metadata changes should be monitored (e.g. chmod, chown).\n", + "type": "boolean" + }, + "path": { + "description": "Path is the path to monitor.\n", + "type": "string" + }, + "procWhitelist": { + "description": "ProcWhitelist are the processes to ignore\nFilesystem events caused by these processes DO NOT generate file integrity events.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "read": { + "description": "Read indicates that reads operations should be monitored.\n", + "type": "boolean" + }, + "recursive": { + "description": "Recursive indicates that monitoring should be recursive.\n", + "type": "boolean" + }, + "write": { + "description": "Write indicates that write operations should be monitored.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "runtime.FilesystemRule": { + "description": "FilesystemRule represents restrictions/suppression for filesystem changes", + "properties": { + "backdoorFiles": { + "description": "Monitors files that can create and/or persist backdoors (currently SSH and admin account config files) (true).\n", + "type": "boolean" + }, + "blacklist": { + "description": "List of denied file system path.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "checkNewFiles": { + "description": "Detects changes to binaries and certificates (true).\n", + "type": "boolean" + }, + "effect": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "skipEncryptedBinaries": { + "description": "Indicates that encrypted binaries check should be skipped.\n", + "type": "boolean" + }, + "suspiciousELFHeaders": { + "description": "Indicates whether malware detection based on suspicious ELF headers is enabled.\n", + "type": "boolean" + }, + "whitelist": { + "description": "List of allowed file system path.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + "type": "object" + }, + "runtime.GeoIP": { + "description": "GeoIP represents an ip address with it's origin country code", + "properties": { + "code": { + "description": "Code is the country iso code.\n", + "type": "string" + }, + "ip": { + "description": "IP is the ip address.\n", + "type": "string" + }, + "modified": { + "description": "Modified is the last modified time of this entry.\n", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "runtime.HostDNSRule": { + "description": "HostDNSRule represents a host DNS runtime rule", + "properties": { + "allow": { + "description": "Allow is a list of user-defined domains to skip checks for.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "deny": { + "description": "Deny is a list of user-defined domains to deny.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "denyListEffect": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "intelligenceFeed": { + "$ref": "#/components/schemas/runtime.RuleEffect" + } + }, + "type": "object" + }, + "runtime.HostNetworkRule": { + "description": "HostNetworkRule represents the restrictions/suppression for host networking", + "properties": { + "allowedOutboundIPs": { + "description": "AllowedOutboundIPs is a list of IPs to skip checks for.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "customFeed": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "deniedListeningPorts": { + "description": "DeniedListeningPorts is a list of listening ports to deny.\n", + "items": { + "$ref": "#/components/schemas/common.PortRange" + }, + "type": "array" + }, + "deniedOutboundIPs": { + "description": "DeniedOutboundIPs is a list of outbound IPs to deny.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "deniedOutboundPorts": { + "description": "DeniedOutboundPorts is a list of outbound ports to deny.\n", + "items": { + "$ref": "#/components/schemas/common.PortRange" + }, + "type": "array" + }, + "denyListEffect": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "intelligenceFeed": { + "$ref": "#/components/schemas/runtime.RuleEffect" + } + }, + "type": "object" + }, + "runtime.HostPolicy": { + "description": "HostPolicy represents a host runtime policy enforced for a given running resource", + "properties": { + "_id": { + "description": "ID is the host runtime policy internal id.\n", + "type": "string" + }, + "owner": { + "description": "Owner is the host runtime policy owner.\n", + "type": "string" + }, + "rules": { + "description": "Rules is the list of host runtime rules.\n", + "items": { + "$ref": "#/components/schemas/runtime.HostPolicyRule" + }, + "type": "array" + } + }, + "type": "object" + }, + "runtime.HostPolicyRule": { + "description": "HostPolicyRule represents a single rule in the runtime policy", + "properties": { + "antiMalware": { + "$ref": "#/components/schemas/runtime.AntiMalwareRule" + }, + "collections": { + "description": "Collections is a list of collections the rule applies to.\n", + "items": { + "$ref": "#/components/schemas/collection.Collection" + }, + "type": "array" + }, + "customRules": { + "description": "CustomRules is a list of custom rules associated with the container runtime policy.\n", + "items": { + "$ref": "#/components/schemas/customrules.Ref" + }, + "type": "array" + }, + "disabled": { + "description": "Indicates whether the rule is currently disabled. Values: true (disabled) or false (enabled).\n", + "type": "boolean" + }, + "dns": { + "$ref": "#/components/schemas/runtime.HostDNSRule" + }, + "fileIntegrityRules": { + "description": "FileIntegrityRules are the file integrity monitoring rules.\n", + "items": { + "$ref": "#/components/schemas/runtime.FileIntegrityRule" + }, + "type": "array" + }, + "forensic": { + "$ref": "#/components/schemas/common.HostForensicSettings" + }, + "logInspectionRules": { + "description": "LogInspectionRules is a list of log inspection rules.\n", + "items": { + "$ref": "#/components/schemas/runtime.LogInspectionRule" + }, + "type": "array" + }, + "modified": { + "description": "Specifies the date and time when the rule was last modified.\n", + "format": "date-time", + "type": "string" + }, + "name": { + "description": "Name of the rule.\n", + "type": "string" + }, + "network": { + "$ref": "#/components/schemas/runtime.HostNetworkRule" + }, + "notes": { + "description": "Describes any noteworthy points for a rule. You can include any text.\n", + "type": "string" + }, + "owner": { + "description": "User who created or last modified the rule.\n", + "type": "string" + }, + "previousName": { + "description": "Previous name of the rule. Required for rule renaming.\n", + "type": "string" + } + }, + "type": "object" + }, + "runtime.HostProfile": { + "description": "HostProfile represents a host runtime profile", + "properties": { + "_id": { + "description": "ID is the profile ID (hostname).\n", + "type": "string" + }, + "accountID": { + "description": "AccountID is the cloud account ID associated with the profile.\n", + "type": "string" + }, + "apps": { + "description": "Apps are the host's apps metadata.\n", + "items": { + "$ref": "#/components/schemas/runtime.App" + }, + "type": "array" + }, + "collections": { + "description": "Collections is a list of collections to which this profile applies.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "created": { + "description": "Created is the profile creation time.\n", + "format": "date-time", + "type": "string" + }, + "geoip": { + "$ref": "#/components/schemas/runtime.ProfileNetworkGeoIP" + }, + "hash": { + "$ref": "#/components/schemas/common.ProfileHash" + }, + "labels": { + "description": "Labels are the labels associated with the profile.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "sshEvents": { + "description": "SSHEvents represents a list SSH events occurred on the host.\n", + "items": { + "$ref": "#/components/schemas/runtime.SSHEvent" + }, + "type": "array" + }, + "time": { + "description": "Time is the last time when this profile was modified.\n", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "runtime.HostProfileListeningPort": { + "description": "HostProfileListeningPort holds a metadata on listening port stored in host runtime profile", + "properties": { + "command": { + "description": "Command represents the command that triggered the connection.\n", + "type": "string" + }, + "modified": { + "description": "Modified is a timestamp of when the event occurred.\n", + "format": "date-time", + "type": "string" + }, + "port": { + "description": "Port is the port number.\n", + "type": "integer" + }, + "processPath": { + "description": "ProcessPath represents the path to the process that uses the port.\n", + "type": "string" + } + }, + "type": "object" + }, + "runtime.HostProfileOutgoingPort": { + "description": "HostProfileOutgoingPort holds a metadata on outgoing port stored in host runtime profile", + "properties": { + "command": { + "description": "Command represents the command that triggered the connection.\n", + "type": "string" + }, + "country": { + "description": "Country is the country ISO code for the given IP address.\n", + "type": "string" + }, + "ip": { + "description": "IP is the IP address captured over this port.\n", + "type": "string" + }, + "modified": { + "description": "Modified is a timestamp of when the event occurred.\n", + "format": "date-time", + "type": "string" + }, + "port": { + "description": "Port is the port number.\n", + "type": "integer" + }, + "processPath": { + "description": "ProcessPath represents the path to the process that uses the port.\n", + "type": "string" + } + }, + "type": "object" + }, + "runtime.LogInspectionRule": { + "description": "LogInspectionRule represents a single log inspection rule", + "properties": { + "path": { + "description": "Path is the log path.\n", + "type": "string" + }, + "regex": { + "description": "Regex are the regular expressions associated with the rule if it is a custom one.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + "type": "object" + }, + "runtime.NetworkRule": { + "description": "NetworkRule represents the restrictions/suppression for networking", + "properties": { + "blacklistIPs": { + "description": "Deny-listed IP addresses.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "blacklistListeningPorts": { + "description": "Deny-listed listening ports.\n", + "items": { + "$ref": "#/components/schemas/common.PortRange" + }, + "type": "array" + }, + "blacklistOutboundPorts": { + "description": "Deny-listed outbound ports.\n", + "items": { + "$ref": "#/components/schemas/common.PortRange" + }, + "type": "array" + }, + "effect": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "whitelistIPs": { + "description": "Allow-listed IP addresses.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "whitelistListeningPorts": { + "description": "Allow-listed listening ports.\n", + "items": { + "$ref": "#/components/schemas/common.PortRange" + }, + "type": "array" + }, + "whitelistOutboundPorts": { + "description": "Allow-listed outbound ports.\n", + "items": { + "$ref": "#/components/schemas/common.PortRange" + }, + "type": "array" + } + }, + "type": "object" + }, + "runtime.PortListRule": { + "description": "PortListRule represents a rule containing ports to allowed/denied and the required effect", + "properties": { + "allowed": { + "description": "Allowed the allow-listed listening ports.\n", + "items": { + "$ref": "#/components/schemas/common.PortRange" + }, + "type": "array" + }, + "denied": { + "description": "Denied the deny-listed listening ports.\n", + "items": { + "$ref": "#/components/schemas/common.PortRange" + }, + "type": "array" + }, + "effect": { + "$ref": "#/components/schemas/runtime.RuleEffect" + } + }, + "type": "object" + }, + "runtime.ProcessesRule": { + "description": "ProcessesRule represents restrictions/suppression for running processes", + "properties": { + "blacklist": { + "description": "List of processes to deny.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "blockAllBinaries": { + "description": "Indicates that all processes are blocked except the main process.\n", + "type": "boolean" + }, + "checkCryptoMiners": { + "description": "Detect crypto miners.\n", + "type": "boolean" + }, + "checkLateralMovement": { + "description": "Indicates whether dectection of processes that can be used for lateral movement exploits is enabled.\n", + "type": "boolean" + }, + "checkNewBinaries": { + "description": "Indicates whether binaries which do not belong to the original image are allowed to run.\n", + "type": "boolean" + }, + "effect": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "skipModified": { + "description": "Indicates whether to trigger audits/incidents when a modified proc is spawned.\n", + "type": "boolean" + }, + "whitelist": { + "description": "List of processes to allow.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + "type": "object" + }, + "runtime.ProfileFilesystem": { + "description": "ProfileFilesystem defines the filesystem features profile", + "properties": { + "behavioral": { + "description": "Behavioral is filesystem data learned from behavioral analysis.\n", + "items": { + "$ref": "#/components/schemas/runtime.ProfileFilesystemPath" + }, + "type": "array" + }, + "static": { + "description": "Static is filesystem data learned from static analysis.\n", + "items": { + "$ref": "#/components/schemas/runtime.ProfileFilesystemPath" + }, + "type": "array" + } + }, + "type": "object" + }, + "runtime.ProfileFilesystemPath": { + "description": "ProfileFilesystemPath represents the filesystem static data", + "properties": { + "mount": { + "description": "Mount indicates whether the given folder is a mount.\n", + "type": "boolean" + }, + "path": { + "description": "Path is the file path.\n", + "type": "string" + }, + "process": { + "description": "Process is the process that accessed the file.\n", + "type": "string" + }, + "time": { + "description": "Time is the time in which the file was added.\n", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "runtime.ProfileNetwork": { + "description": "ProfileNetwork represents networking data that is learned", + "properties": { + "behavioral": { + "$ref": "#/components/schemas/runtime.ProfileNetworkBehavioral" + }, + "geoip": { + "$ref": "#/components/schemas/runtime.ProfileNetworkGeoIP" + }, + "static": { + "$ref": "#/components/schemas/runtime.ProfileNetworkStatic" + } + }, + "type": "object" + }, + "runtime.ProfileNetworkBehavioral": { + "description": "ProfileNetworkBehavioral represents the behavioral data learned for networking", + "properties": { + "dnsQueries": { + "description": "DNSQueries is the learned DNS queries.\n", + "items": { + "$ref": "#/components/schemas/runtime.DNSQuery" + }, + "type": "array" + }, + "listeningPorts": { + "description": "Listening is the learned listening ports.\n", + "items": { + "$ref": "#/components/schemas/runtime.AppListeningPorts" + }, + "type": "array" + }, + "outboundPorts": { + "$ref": "#/components/schemas/common.ProfilePortData" + } + }, + "type": "object" + }, + "runtime.ProfileNetworkGeoIP": { + "description": "ProfileNetworkGeoIP represents a cache of last ip-country pairs attached to each profile", + "properties": { + "countries": { + "description": "Countries is a list of ip addresses with their corresponding country codes.\n", + "items": { + "$ref": "#/components/schemas/runtime.GeoIP" + }, + "type": "array" + }, + "modified": { + "description": "Modified is the last modified time of the cache.\n", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "runtime.ProfileNetworkStatic": { + "description": "ProfileNetworkStatic represent the static section of the networking profile", + "properties": { + "listeningPorts": { + "description": "Listening are the listening ports learned by static analysis.\n", + "items": { + "$ref": "#/components/schemas/runtime.AppListeningPorts" + }, + "type": "array" + } + }, + "type": "object" + }, + "runtime.ProfileProcess": { + "description": "ProfileProcess represents a single process data", + "properties": { + "command": { + "description": "Command is the executed command.\n", + "type": "string" + }, + "interactive": { + "description": "Interactive indicates whether the process belongs to an interactive session.\n", + "type": "boolean" + }, + "md5": { + "description": "MD5 is the process binary MD5 sum.\n", + "type": "string" + }, + "modified": { + "description": "Modified indicates the process binary was modified after the container has started.\n", + "type": "boolean" + }, + "path": { + "description": "Path is the process binary path.\n", + "type": "string" + }, + "ppath": { + "description": "PPath is the parent process path.\n", + "type": "string" + }, + "time": { + "description": "Time is the time in which the process was added. If the process was modified, Time is the modification time.\n", + "format": "date-time", + "type": "string" + }, + "user": { + "description": "User represents the username that started the process.\n", + "type": "string" + } + }, + "type": "object" + }, + "runtime.ProfileProcesses": { + "description": "ProfileProcesses represents the process data that is learned for a specific image", + "properties": { + "behavioral": { + "description": "Behavioral are process details learned from behavioral analysis.\n", + "items": { + "$ref": "#/components/schemas/runtime.ProfileProcess" + }, + "type": "array" + }, + "static": { + "description": "Static are process details learned from static analysis.\n", + "items": { + "$ref": "#/components/schemas/runtime.ProfileProcess" + }, + "type": "array" + } + }, + "type": "object" + }, + "runtime.RuleEffect": { + "description": "RuleEffect is the effect that will be used in the runtime rule", + "enum": [ + [ + "block", + "prevent", + "alert", + "disable" + ] + ], + "type": "string" + }, + "runtime.SSHEvent": { + "description": "SSHEvent represents an SSH event data", + "properties": { + "command": { + "description": "Command is the executed command.\n", + "type": "string" + }, + "country": { + "description": "Country represents the SSH client's origin country.\n", + "type": "string" + }, + "interactive": { + "description": "Interactive indicates whether the process belongs to an interactive session.\n", + "type": "boolean" + }, + "ip": { + "description": "IP address represents the connection client IP address.\n", + "type": "integer" + }, + "loginTime": { + "description": "LoginTime represents the SSH login time.\n", + "format": "int64", + "type": "integer" + }, + "md5": { + "description": "MD5 is the process binary MD5 sum.\n", + "type": "string" + }, + "modified": { + "description": "Modified indicates the process binary was modified after the container has started.\n", + "type": "boolean" + }, + "path": { + "description": "Path is the process binary path.\n", + "type": "string" + }, + "ppath": { + "description": "PPath is the parent process path.\n", + "type": "string" + }, + "time": { + "description": "Time is the time in which the process was added. If the process was modified, Time is the modification time.\n", + "format": "date-time", + "type": "string" + }, + "user": { + "description": "User represents the username that started the process.\n", + "type": "string" + } + }, + "type": "object" + }, + "runtime.SecretScrubbingSpec": { + "description": "SecretScrubbingSpec defined a single runtime secret scrubbing specification", + "properties": { + "disabled": { + "description": "Indicates whether the rule is currently disabled. Values: true (disabled) or false (enabled).\n", + "type": "boolean" + }, + "modified": { + "description": "Specifies the date and time when the rule was last modified.\n", + "format": "date-time", + "type": "string" + }, + "name": { + "description": "Name of the rule.\n", + "type": "string" + }, + "notes": { + "description": "Describes any noteworthy points for a rule. You can include any text.\n", + "type": "string" + }, + "owner": { + "description": "User who created or last modified the rule.\n", + "type": "string" + }, + "pattern": { + "description": "Pattern is the regex pattern to mask sensitive data.\n", + "type": "string" + }, + "placeholder": { + "description": "Placeholder is the placeholder text to replace the matched field content.\n", + "type": "string" + }, + "previousName": { + "description": "Previous name of the rule. Required for rule renaming.\n", + "type": "string" + } + }, + "type": "object" + }, + "runtime.ServerlessPolicy": { + "description": "ServerlessPolicy represents a serverless runtime policy enforced for a given running resource", + "properties": { + "_id": { + "description": "Internal identifier.\n", + "type": "string" + }, + "learningDisabled": { + "description": "Indicates whether automatic behavioural learning is enabled (true) or not (false).\n", + "type": "boolean" + }, + "rules": { + "description": "Rules in the policy.\n", + "items": { + "$ref": "#/components/schemas/runtime.ServerlessPolicyRule" + }, + "type": "array" + } + }, + "type": "object" + }, + "runtime.ServerlessPolicyRule": { + "description": "ServerlessPolicyRule represents a single rule in the serverless runtime policy", + "properties": { + "advancedProtection": { + "description": "Indicates whether advanced protection (e.g., custom or premium feeds for container, added whitelist rules for serverless) is enabled (true) or not (false).\n", + "type": "boolean" + }, + "cloudMetadataEnforcement": { + "description": "Catches containers that access the cloud provider metadata API.\n", + "type": "boolean" + }, + "collections": { + "description": "List of collections. Used to scope the rule.\n", + "items": { + "$ref": "#/components/schemas/collection.Collection" + }, + "type": "array" + }, + "customRules": { + "description": "List of custom runtime rules.\n", + "items": { + "$ref": "#/components/schemas/customrules.Ref" + }, + "type": "array" + }, + "disabled": { + "description": "Indicates whether the rule is currently disabled. Values: true (disabled) or false (enabled).\n", + "type": "boolean" + }, + "dns": { + "$ref": "#/components/schemas/runtime.DNSRule" + }, + "filesystem": { + "$ref": "#/components/schemas/runtime.FilesystemRule" + }, + "kubernetesEnforcement": { + "description": "Detects containers that attempt to compromise the orchestrator.\n", + "type": "boolean" + }, + "modified": { + "description": "Specifies the date and time when the rule was last modified.\n", + "format": "date-time", + "type": "string" + }, + "name": { + "description": "Name of the rule.\n", + "type": "string" + }, + "network": { + "$ref": "#/components/schemas/runtime.NetworkRule" + }, + "notes": { + "description": "Describes any noteworthy points for a rule. You can include any text.\n", + "type": "string" + }, + "owner": { + "description": "User who created or last modified the rule.\n", + "type": "string" + }, + "previousName": { + "description": "Previous name of the rule. Required for rule renaming.\n", + "type": "string" + }, + "processes": { + "$ref": "#/components/schemas/runtime.ProcessesRule" + }, + "skipExecSessions": { + "description": "Indicates whether to skip runtime validation for events triggered by docker/kubectl exec.\n", + "type": "boolean" + }, + "wildFireAnalysis": { + "$ref": "#/components/schemas/runtime.RuleEffect" + } + }, + "type": "object" + }, + "sandbox.ConnectionEvent": { + "description": "ConnectionEvent represents a network connection event", + "properties": { + "countryCode": { + "description": "CountryCode is the country code for the network IP.\n", + "type": "string" + }, + "ip": { + "description": "IP is the network IP.\n", + "type": "string" + }, + "port": { + "description": "Port is the network port.\n", + "type": "integer" + }, + "process": { + "$ref": "#/components/schemas/sandbox.ProcessEvent" + }, + "protocol": { + "description": "Protocol is the transport layer protocol (UDP / TCP).\n", + "type": "string" + }, + "time": { + "description": "Time is the event time.\n", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "sandbox.DNSQueryEvent": { + "description": "DNSQueryEvent represents a DNS query event with it's connection details", + "properties": { + "countryCode": { + "description": "CountryCode is the country code for the network IP.\n", + "type": "string" + }, + "domainName": { + "description": "DomainName is the domain name for a DNS query.\n", + "type": "string" + }, + "domainType": { + "description": "DomainType is the domain type for a DNS query.\n", + "type": "string" + }, + "ip": { + "description": "IP is the network IP.\n", + "type": "string" + }, + "process": { + "$ref": "#/components/schemas/sandbox.ProcessEvent" + }, + "time": { + "description": "Time is the event time.\n", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "sandbox.Event": { + "description": "Event is a single event in a chain that lead to finding detection", + "properties": { + "description": { + "description": "Description describes what happened in the event.\n", + "type": "string" + }, + "time": { + "description": "Time is the time of event detection.\n", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "sandbox.FilesystemAccessType": { + "description": "FilesystemAccessType represents a type of accessing a file", + "enum": [ + [ + "open", + "modify", + "create" + ] + ], + "type": "string" + }, + "sandbox.FilesystemEvent": { + "description": "FilesystemEvent represents a filesystem event during sandbox scan", + "properties": { + "accessType": { + "$ref": "#/components/schemas/sandbox.FilesystemAccessType" + }, + "path": { + "description": "Path is the file path.\n", + "type": "string" + }, + "process": { + "$ref": "#/components/schemas/sandbox.ProcessEvent" + }, + "time": { + "description": "Time is the event time.\n", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "sandbox.Finding": { + "description": "Finding represents a finding detected during sandbox scan", + "properties": { + "description": { + "description": "Description is the finding description.\n", + "type": "string" + }, + "events": { + "description": "Events are the events that lead to the finding detection.\n", + "items": { + "$ref": "#/components/schemas/sandbox.Event" + }, + "type": "array" + }, + "severity": { + "$ref": "#/components/schemas/sandbox.FindingSeverity" + }, + "time": { + "description": "Time is the detection time (time of triggering event).\n", + "format": "date-time", + "type": "string" + }, + "type": { + "$ref": "#/components/schemas/sandbox.FindingType" + } + }, + "type": "object" + }, + "sandbox.FindingSeverity": { + "description": "FindingSeverity represents a finding severity level", + "enum": [ + [ + "critical", + "high", + "medium", + "low" + ] + ], + "type": "string" + }, + "sandbox.FindingType": { + "description": "FindingType represents a unique sandbox-detected finding type", + "enum": [ + [ + "dropper", + "modifiedBinary", + "executableCreation", + "filelessExecutableCreation", + "wildFireMalware", + "verticalPortScan", + "cryptoMiner", + "suspiciousELFHeader", + "kernelModule", + "modifiedBinaryExecution", + "filelessExecution" + ] + ], + "type": "string" + }, + "sandbox.ListeningEvent": { + "description": "ListeningEvent represents a network listening event", + "properties": { + "port": { + "description": "Port is the network port.\n", + "type": "integer" + }, + "process": { + "$ref": "#/components/schemas/sandbox.ProcessEvent" + }, + "time": { + "description": "Time is the event time.\n", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "sandbox.ProcessEvent": { + "description": "ProcessEvent represents a process event during sandbox scan", + "properties": { + "command": { + "description": "Command is the command line.\n", + "type": "string" + }, + "md5": { + "description": "MD5 is the md5 hash for the process binary.\n", + "type": "string" + }, + "parent": { + "$ref": "#/components/schemas/sandbox.ProcessInfo" + }, + "path": { + "description": "Path is the binary path.\n", + "type": "string" + }, + "time": { + "description": "Time is the process start time.\n", + "format": "date-time", + "type": "string" + }, + "user": { + "description": "User is the username/id.\n", + "type": "string" + } + }, + "type": "object" + }, + "sandbox.ProcessInfo": { + "description": "ProcessInfo holds process information", + "properties": { + "command": { + "description": "Command is the command line.\n", + "type": "string" + }, + "md5": { + "description": "MD5 is the md5 hash for the process binary.\n", + "type": "string" + }, + "path": { + "description": "Path is the binary path.\n", + "type": "string" + }, + "time": { + "description": "Time is the process start time.\n", + "format": "date-time", + "type": "string" + }, + "user": { + "description": "User is the username/id.\n", + "type": "string" + } + }, + "type": "object" + }, + "sandbox.ScanResult": { + "description": "ScanResult represents sandbox scan results", + "properties": { + "_id": { + "description": "ID is a unique scan identifier.\n", + "type": "string" + }, + "collections": { + "description": "Collections to which this result applies.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "connection": { + "description": "Connection is a list of connection events detected during this scan.\n", + "items": { + "$ref": "#/components/schemas/sandbox.ConnectionEvent" + }, + "type": "array" + }, + "dns": { + "description": "DNS is a list of DNS queries detected during this scan.\n", + "items": { + "$ref": "#/components/schemas/sandbox.DNSQueryEvent" + }, + "type": "array" + }, + "entrypoint": { + "description": "Entrypoint is the command executed in the sandbox scan.\n", + "type": "string" + }, + "filesystem": { + "description": "Filesystem is a list of filesystem events detected during this scan.\n", + "items": { + "$ref": "#/components/schemas/sandbox.FilesystemEvent" + }, + "type": "array" + }, + "findings": { + "description": "Findings are the detected findings during scan.\n", + "items": { + "$ref": "#/components/schemas/sandbox.Finding" + }, + "type": "array" + }, + "image": { + "$ref": "#/components/schemas/shared.ImageInfo" + }, + "imageName": { + "description": "ImageName is the image name (e.g. registry/repo:tag).\n", + "type": "string" + }, + "listening": { + "description": "Listening is a list of listening events detected during this scan.\n", + "items": { + "$ref": "#/components/schemas/sandbox.ListeningEvent" + }, + "type": "array" + }, + "pass": { + "description": "Pass indicates if the scan passed or failed.\n", + "type": "boolean" + }, + "procs": { + "description": "Procs are the different detected process during this scan.\n", + "items": { + "$ref": "#/components/schemas/sandbox.ProcessEvent" + }, + "type": "array" + }, + "riskScore": { + "description": "RiskScore is the weighted total risk score.\n", + "format": "double", + "type": "number" + }, + "scanDuration": { + "description": "ScanDuration is the provided scan duration in nanoseconds.\n", + "format": "int64", + "type": "integer" + }, + "scanTime": { + "description": "Start is the scan start time.\n", + "format": "date-time", + "type": "string" + }, + "suspiciousFiles": { + "description": "SuspiciousFiles are suspicious files detected during scan.\n", + "items": { + "$ref": "#/components/schemas/sandbox.SuspiciousFile" + }, + "type": "array" + } + }, + "type": "object" + }, + "sandbox.SuspiciousFile": { + "description": "SuspiciousFile represents a suspicious file", + "properties": { + "containerPath": { + "description": "ContainerPath is the path of the file in the running container.\n", + "type": "string" + }, + "created": { + "description": "Created indicates if the file was created during runtime.\n", + "type": "boolean" + }, + "md5": { + "description": "MD5 is the file MD5 hash.\n", + "type": "string" + }, + "path": { + "description": "Path is the path to the copy of the file.\n", + "type": "string" + } + }, + "type": "object" + }, + "secrets.SecretScanMetrics": { + "description": "SecretScanMetrics represents metrics collected during secret scan", + "properties": { + "failedScans": { + "description": "FailedScans represents number of failed scans caused by scanner errors.\n", + "format": "int64", + "type": "integer" + }, + "foundSecrets": { + "description": "FoundSecrets represents number of detected secrets.\n", + "type": "integer" + }, + "scanTime": { + "description": "ScanTime represents cumulative secret scan time in microseconds.\n", + "format": "int64", + "type": "integer" + }, + "scanTimeouts": { + "description": "ScanTimeouts represents number of failed scans caused by timeout.\n", + "format": "int64", + "type": "integer" + }, + "scannedFileSize": { + "description": "ScannedFileSize represents accumulated size of scanned files.\n", + "format": "int64", + "type": "integer" + }, + "scannedFiles": { + "description": "ScannedFiles represents number of text files scanned for secrets.\n", + "format": "int64", + "type": "integer" + }, + "totalBytes": { + "description": "TotalBytes represents accumulated file size.\n", + "format": "int64", + "type": "integer" + }, + "totalFiles": { + "description": "TotalFiles represents number of files read for secrets.\n", + "format": "int64", + "type": "integer" + }, + "totalTime": { + "description": "TotalTime represents the total time in microseconds.\n", + "format": "int64", + "type": "integer" + }, + "typesCount": { + "additionalProperties": { + "$ref": "#/components/schemas/int" + }, + "description": "TypesCount represents distribution of secrets by its type.\n", + "type": "object" + } + }, + "type": "object" + }, + "serverless.ActionResources": { + "description": "ActionResources is a single action resources", + "properties": { + "resources": { + "description": "Resources are the resources granted to the action.\n", + "items": { + "$ref": "#/components/schemas/serverless.Resource" + }, + "type": "array" + }, + "serviceAPI": { + "$ref": "#/components/schemas/serverless.ServiceAPI" + } + }, + "type": "object" + }, + "serverless.AssociatedVersion": { + "description": "AssociatedVersion is a single function version associated with the alias", + "properties": { + "version": { + "description": "Version is the function version.\n", + "type": "string" + }, + "weight": { + "description": "Weight is the possibility that the function will be called when triggering the alias.\n", + "type": "string" + } + }, + "type": "object" + }, + "serverless.Condition": { + "description": "Condition contains limitations on resources, such as a specific prefix", + "properties": { + "conditions": { + "description": "Conditions contain the limitations.\n", + "items": { + "$ref": "#/components/schemas/shared.KeyValues" + }, + "type": "array" + }, + "name": { + "description": "Condition in AWS such as: StringLike, StringNotLike, StringEquals, StringNotEquals, StringEqualsIgnoreCase, StringNotEqualsIgnoreCase, ForAllValues:StringLike,...\n", + "type": "string" + } + }, + "type": "object" + }, + "serverless.FunctionInfo": { + "description": "FunctionInfo contains function information collected during function scan", + "properties": { + "Secrets": { + "description": "Secrets are paths to embedded secrets inside the image\nNote: capital letter JSON annotation is kept to avoid converting all images for backward-compatibility support.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "_id": { + "description": "ID of the function.\n", + "type": "string" + }, + "accountID": { + "description": "Cloud account ID.\n", + "type": "string" + }, + "allCompliance": { + "$ref": "#/components/schemas/vuln.AllCompliance" + }, + "applicationName": { + "description": "Name of the application with which the function is associated.\n", + "type": "string" + }, + "applications": { + "description": "Products in the image.\n", + "items": { + "$ref": "#/components/schemas/vuln.Application" + }, + "type": "array" + }, + "architecture": { + "description": "Architecture that the function supports.\n", + "type": "string" + }, + "baseImage": { + "description": "Image\u2019s base image name. Used when filtering the vulnerabilities by base images.\n", + "type": "string" + }, + "binaries": { + "description": "Binaries in the image.\n", + "items": { + "$ref": "#/components/schemas/shared.Binary" + }, + "type": "array" + }, + "cloudControllerAddress": { + "description": "Address of the TAS cloud controller API.\n", + "type": "string" + }, + "cloudMetadata": { + "$ref": "#/components/schemas/common.CloudMetadata" + }, + "clusterType": { + "$ref": "#/components/schemas/common.ClusterType" + }, + "clusters": { + "description": "Cluster names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "collections": { + "description": "Matched function collections.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "complianceDistribution": { + "$ref": "#/components/schemas/vuln.Distribution" + }, + "complianceIssues": { + "description": "All the compliance issues.\n", + "items": { + "$ref": "#/components/schemas/vuln.Vulnerability" + }, + "type": "array" + }, + "complianceIssuesCount": { + "description": "Number of compliance issues.\n", + "type": "integer" + }, + "complianceRiskScore": { + "description": "Compliance risk score for the image.\n", + "format": "float", + "type": "number" + }, + "compressed": { + "description": "Compressed indicates if this image seems to be compressed - currently only relevant for buildah images.\n", + "type": "boolean" + }, + "compressedLayerTimes": { + "$ref": "#/components/schemas/shared.CompressedLayerTimes" + }, + "creationTime": { + "description": "Specifies the time of creation for the latest version of the image.\n", + "format": "date-time", + "type": "string" + }, + "defended": { + "description": "Indicates status of runtime defense. Covers both manually and automatically deployed function defense.\n", + "type": "boolean" + }, + "defenderLayerARN": { + "description": "Prisma Defender Layer ARN, if it exists.\n", + "type": "string" + }, + "description": { + "description": "User-provided description of the function.\n", + "type": "string" + }, + "distro": { + "description": "Full name of the distribution.\n", + "type": "string" + }, + "ecsClusterName": { + "description": "ECS cluster name.\n", + "type": "string" + }, + "envvars": { + "description": "Function environment variables.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "err": { + "description": "Description of an error that occurred during the scan.\n", + "type": "string" + }, + "externalLabels": { + "description": "Kubernetes external labels of all containers running this image.\n", + "items": { + "$ref": "#/components/schemas/common.ExternalLabel" + }, + "type": "array" + }, + "files": { + "description": "Files in the container.\n", + "items": { + "$ref": "#/components/schemas/shared.FileDetails" + }, + "type": "array" + }, + "firstScanTime": { + "description": "Specifies the time of the scan for the first version of the image. This time is preserved even after the version update.\n", + "format": "date-time", + "type": "string" + }, + "foundSecrets": { + "description": "FoundSecrets are secrets with metadata that were found in the secrets' scan. Requires json tag for reporting secrets from image scan.\n", + "items": { + "$ref": "#/components/schemas/vuln.Secret" + }, + "type": "array" + }, + "functionLayers": { + "description": "Layer ARNs used by this function.\n", + "items": { + "$ref": "#/components/schemas/serverless.LayerInfo" + }, + "type": "array" + }, + "functionTags": { + "description": "Cloud provider metadata tags.\n", + "items": { + "$ref": "#/components/schemas/common.ExternalLabel" + }, + "type": "array" + }, + "handler": { + "description": "Handler is the function handler.\n", + "type": "string" + }, + "hash": { + "description": "Hash of the function.\n", + "type": "string" + }, + "history": { + "description": "Docker image history.\n", + "items": { + "$ref": "#/components/schemas/shared.ImageHistory" + }, + "type": "array" + }, + "hostDevices": { + "description": "Map from host network device name to IP address.\n", + "items": { + "$ref": "#/components/schemas/common.NetworkDeviceIP" + }, + "type": "array" + }, + "hostname": { + "description": "Hostname of the scanner.\n", + "type": "string" + }, + "id": { + "description": "Image ID.\n", + "type": "string" + }, + "image": { + "$ref": "#/components/schemas/shared.Image" + }, + "installedProducts": { + "$ref": "#/components/schemas/shared.InstalledProducts" + }, + "invocations": { + "description": "Invocations is the function invocation count.\n", + "format": "double", + "type": "number" + }, + "isARM64": { + "description": "IsARM64 indicates if the architecture of the image is aarch64.\n", + "type": "boolean" + }, + "k8sClusterAddr": { + "description": "Endpoint of the Kubernetes API server.\n", + "type": "string" + }, + "labels": { + "description": "Image labels.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "lastModified": { + "description": "Date/time when the function was last modified.\n", + "format": "date-time", + "type": "string" + }, + "layers": { + "description": "Image's filesystem layers. Each layer is a SHA256 digest of the filesystem diff\nSee: https://windsock.io/explaining-docker-image-ids/.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "memory": { + "description": "Memory size, in MB, configured for the function.\n", + "format": "int64", + "type": "integer" + }, + "missingDistroVulnCoverage": { + "description": "Indicates if the image OS is covered in the IS (true) or not (false).\n", + "type": "boolean" + }, + "name": { + "description": "Name of the function.\n", + "type": "string" + }, + "namespaces": { + "description": "k8s namespaces of all the containers running this image.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "osDistro": { + "description": "Name of the OS distribution.\n", + "type": "string" + }, + "osDistroRelease": { + "description": "OS distribution release.\n", + "type": "string" + }, + "osDistroVersion": { + "description": "OS distribution version.\n", + "type": "string" + }, + "packageManager": { + "description": "Indicates if the package manager is installed for the OS.\n", + "type": "boolean" + }, + "packages": { + "description": "Packages which exist in the image.\n", + "items": { + "$ref": "#/components/schemas/shared.Packages" + }, + "type": "array" + }, + "platform": { + "description": "Platform is the function OS.\n", + "type": "string" + }, + "provider": { + "$ref": "#/components/schemas/common.CloudProvider" + }, + "pushTime": { + "description": "PushTime is the image push time to the registry.\n", + "format": "date-time", + "type": "string" + }, + "redHatNonRPMImage": { + "description": "RedHatNonRPMImage indicates whether the image is a Red Hat image with non-RPM content.\n", + "type": "boolean" + }, + "region": { + "description": "Function's region.\n", + "type": "string" + }, + "registryNamespace": { + "description": "IBM cloud namespace to which the image belongs.\n", + "type": "string" + }, + "registryTags": { + "description": "RegistryTags are the tags of the registry this image is stored.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "registryType": { + "description": "RegistryType indicates the registry type where the image is stored.\n", + "type": "string" + }, + "repoDigests": { + "description": "Digests of the image. Used for content trust (notary). Has one digest per tag.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "repoTag": { + "$ref": "#/components/schemas/shared.ImageTag" + }, + "resourceGroupName": { + "description": "Name of the resource group to which the resource belongs (only for Azure).\n", + "type": "string" + }, + "rhelRepos": { + "description": "RhelRepositories are the (RPM) repositories IDs from which the packages in this image were installed\nUsed for matching vulnerabilities by Red Hat CPEs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "riskFactors": { + "$ref": "#/components/schemas/vulnerability.RiskFactors" + }, + "role": { + "description": "AWS execution role.\n", + "type": "string" + }, + "runtime": { + "description": "Runtime environment for the function (e.g., nodejs).\n", + "type": "string" + }, + "scanBuildDate": { + "description": "Scanner build date that published the image.\n", + "type": "string" + }, + "scanTime": { + "description": "Date/time when the scan of the function was performed.\n", + "format": "date-time", + "type": "string" + }, + "scanVersion": { + "description": "Scanner version that published the image.\n", + "type": "string" + }, + "scannerVersion": { + "description": "Scanner version.\n", + "type": "string" + }, + "secretScanMetrics": { + "$ref": "#/components/schemas/secrets.SecretScanMetrics" + }, + "startupBinaries": { + "description": "Binaries which are expected to run when the container is created from this image.\n", + "items": { + "$ref": "#/components/schemas/shared.Binary" + }, + "type": "array" + }, + "status": { + "description": "Status of the function (e.g., running).\n", + "type": "string" + }, + "tags": { + "description": "Tags associated with the given image.\n", + "items": { + "$ref": "#/components/schemas/shared.ImageTag" + }, + "type": "array" + }, + "timeout": { + "description": "Function execution time at which the function will be terminated.\n", + "format": "int64", + "type": "integer" + }, + "topLayer": { + "description": "SHA256 of the image's last layer that is the last element of the Layers field.\n", + "type": "string" + }, + "twistlockImage": { + "description": "Indicates if the image is a Twistlock image (true) or not (false).\n", + "type": "boolean" + }, + "type": { + "$ref": "#/components/schemas/shared.ScanType" + }, + "underlyingDistro": { + "description": "UnderlyingDistro is used in cases OS an OS is built on top of another, and we need to know both.\n", + "type": "string" + }, + "underlyingDistroRelease": { + "description": "UnderlyingDistroRelease is used in cases OS an OS is built on top of another, and we need to know both.\n", + "type": "string" + }, + "version": { + "description": "Version of the function.\n", + "type": "string" + }, + "vulnerabilities": { + "description": "CVE vulnerabilities of the image.\n", + "items": { + "$ref": "#/components/schemas/vuln.Vulnerability" + }, + "type": "array" + }, + "vulnerabilitiesCount": { + "description": "Total number of vulnerabilities.\n", + "type": "integer" + }, + "vulnerabilityDistribution": { + "$ref": "#/components/schemas/vuln.Distribution" + }, + "vulnerabilityRiskScore": { + "description": "Image's CVE risk score.\n", + "format": "float", + "type": "number" + } + }, + "type": "object" + }, + "serverless.LayerInfo": { + "description": "LayerInfo contains information about a lambda layer", + "properties": { + "id": { + "description": "ID of the layer.\n", + "type": "string" + }, + "name": { + "description": "Name of the layer.\n", + "type": "string" + }, + "version": { + "description": "Version of the layer.\n", + "type": "string" + } + }, + "type": "object" + }, + "serverless.Permissions": { + "description": "Permissions contain service function permissions", + "properties": { + "actions": { + "description": "Actions is API actions of the service that the function has access to.\n", + "items": { + "$ref": "#/components/schemas/serverless.ActionResources" + }, + "type": "array" + }, + "service": { + "description": "Service is the service name.\n", + "type": "string" + } + }, + "type": "object" + }, + "serverless.RadarData": { + "description": "RadarData represent all data relevant to the serverless radar", + "properties": { + "serverlessRadar": { + "description": "ServerlessRadar holds all radar entities.\n", + "items": { + "$ref": "#/components/schemas/serverless.RadarEntity" + }, + "type": "array" + } + }, + "type": "object" + }, + "serverless.RadarEntity": { + "description": "RadarEntity is the extended serverless radar entity", + "properties": { + "_id": { + "description": "ID is unique identifier of the function (for AWS - ARN).\n", + "type": "string" + }, + "accountID": { + "description": "AccountID is the cloud account ID.\n", + "type": "string" + }, + "alias": { + "description": "Alias states that the current entity is an alias of the function.\n", + "type": "boolean" + }, + "applicationName": { + "description": "ApplicationName is the name of the application the function is associated with.\n", + "type": "string" + }, + "associatedVersions": { + "description": "AssociatedVersions contain the alias associated versions, or empty if the entity isn't an alias.\n", + "items": { + "$ref": "#/components/schemas/serverless.AssociatedVersion" + }, + "type": "array" + }, + "collections": { + "description": "Collections are the matched function collections.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "complianceDistribution": { + "$ref": "#/components/schemas/vuln.Distribution" + }, + "credentialId": { + "description": "CredentialID is the id reference of the credential used.\n", + "type": "string" + }, + "defended": { + "description": "Defended denotes weather the function is defended by a serverless defender.\n", + "type": "boolean" + }, + "description": { + "description": "Description is the user provided description of the function.\n", + "type": "string" + }, + "incidentCount": { + "description": "IncidentCount is the number of incidents.\n", + "type": "integer" + }, + "invocations": { + "description": "Invocations is the function invocation count.\n", + "format": "double", + "type": "number" + }, + "lastModified": { + "description": "LastModified is the modification time of the function.\n", + "format": "date-time", + "type": "string" + }, + "name": { + "description": "Name is the name of the function.\n", + "type": "string" + }, + "networkCount": { + "description": "NetworkCount contain the runtime network events count.\n", + "type": "integer" + }, + "permissions": { + "description": "Permissions are the function permissions.\n", + "items": { + "$ref": "#/components/schemas/serverless.Permissions" + }, + "type": "array" + }, + "permissionsBoundary": { + "description": "PermissionsBoundary are limitations of the permissions, acting as AND.\n", + "items": { + "$ref": "#/components/schemas/serverless.Permissions" + }, + "type": "array" + }, + "processesCount": { + "description": "ProcessesCount contain the runtime processes events count.\n", + "type": "integer" + }, + "provider": { + "$ref": "#/components/schemas/common.CloudProvider" + }, + "region": { + "description": "Region is the region that was scanned, for example: GCP - \"us-east-1\", Azure - \"westus\".\n", + "type": "string" + }, + "runtime": { + "description": "Runtime is runtime environment for the function, i.e. nodejs.\n", + "type": "string" + }, + "scanned": { + "description": "Scanned indicates if the function was scanned for vulnerabilities and compliance.\n", + "type": "boolean" + }, + "tags": { + "description": "Tags are the cloud provider metadata tags.\n", + "items": { + "$ref": "#/components/schemas/common.ExternalLabel" + }, + "type": "array" + }, + "triggers": { + "description": "Triggers contain invocation paths for functions.\n", + "items": { + "$ref": "#/components/schemas/serverless.Triggers" + }, + "type": "array" + }, + "version": { + "description": "Version is the version of the function, or the alias name if it's an alias.\n", + "type": "string" + }, + "vulnerabilityDistribution": { + "$ref": "#/components/schemas/vuln.Distribution" + } + }, + "type": "object" + }, + "serverless.RadarFilter": { + "description": "RadarFilter contains filter options for serverless radar entities", + "properties": { + "accountIDs": { + "description": "AccountIDs are cloud provider account IDs with discovered entities.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "credentials": { + "description": "Credentials are cloud provider credential ID's with discovered entities.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "provider": { + "$ref": "#/components/schemas/common.CloudProvider" + }, + "regions": { + "description": "Regions are cloud provider regions with discovered entities.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + "type": "object" + }, + "serverless.Resource": { + "description": "Resource is a single action resources", + "properties": { + "allow": { + "description": "Allow states if the resource is allowed or denied.\n", + "type": "boolean" + }, + "condition": { + "description": "Conditions contain limitations on resources, such as a specific prefix.\n", + "items": { + "$ref": "#/components/schemas/serverless.Condition" + }, + "type": "array" + }, + "name": { + "description": "Name is the resource name.\n", + "type": "string" + }, + "negate": { + "description": "Negate indicates that the policy apply to all except the given resource.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "serverless.ServiceAPI": { + "description": "ServiceAPI describes a service API", + "properties": { + "api": { + "description": "API is the service API.\n", + "type": "string" + }, + "negate": { + "description": "Negate indicates the policy apply to all APIs except the given API.\n", + "type": "boolean" + }, + "service": { + "description": "Service is the AWS service.\n", + "type": "string" + } + }, + "type": "object" + }, + "serverless.Trigger": { + "description": "Trigger contains function triggers", + "properties": { + "properties": { + "description": "Properties are the trigger properties. There may be multiple values per key, for example AWS S3 event types: ObjectCreatedByPost, ObjectCreatedByCopy, ObjectCreatedByPut.\n", + "items": { + "$ref": "#/components/schemas/shared.KeyValues" + }, + "type": "array" + }, + "sourceID": { + "description": "SourceID is the id of the service instance that caused the trigger. For example AWS S3 bucket ARN, AWS apigateway ARN, etc.\n", + "type": "string" + } + }, + "type": "object" + }, + "serverless.Triggers": { + "description": "Triggers contain a service function triggers", + "properties": { + "service": { + "description": "Service is the service name.\n", + "type": "string" + }, + "triggers": { + "description": "Triggers are the function invocation paths from the service.\n", + "items": { + "$ref": "#/components/schemas/serverless.Trigger" + }, + "type": "array" + } + }, + "type": "object" + }, + "shared.AISOperationType": { + "description": "AISOperationType represents a scan operation type", + "enum": [ + [ + "discovery", + "create-snapshot", + "deploy-scanner", + "cleanup" + ] + ], + "type": "string" + }, + "shared.ActivityType": { + "description": "ActivityType is the type of user activity", + "enum": [ + [ + "app restart", + "app install", + "app modified", + "cron modified", + "system update", + "system reboot", + "source modified", + "source added", + "iptables changed", + "secret modified", + "login", + "sudo", + "accounts modified", + "sensitive files modified", + "docker" + ] + ], + "type": "string" + }, + "shared.AgentlessAccountScanStatus": { + "description": "AgentlessAccountScanStatus represents agentless cloud account scan status", + "type": "integer" + }, + "shared.AgentlessAccountState": { + "description": "AgentlessAccountState holds the information about the agentless account state", + "properties": { + "lastScan": { + "description": "LastScan is a timestamp of the end of the last scan.\n", + "format": "date-time", + "type": "string" + }, + "regions": { + "description": "Regions is an array of regions scanned in account.\n", + "items": { + "$ref": "#/components/schemas/shared.AgentlessRegionState" + }, + "type": "array" + }, + "scanStatus": { + "$ref": "#/components/schemas/shared.AgentlessAccountScanStatus" + } + }, + "type": "object" + }, + "shared.AgentlessHostTag": { + "description": "AgentlessHostTag is the tag to be checked on a discovered host", + "properties": { + "key": { + "description": "Key is the tag key.\n", + "type": "string" + }, + "value": { + "description": "Value is the tag value.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.AgentlessRegionState": { + "description": "AgentlessRegionState holds information about the statuses scans in a region", + "properties": { + "availabilityDomain": { + "description": "AvailabilityDomain is the code name of OCI availabilityDomain.\n", + "type": "string" + }, + "errorsInfo": { + "description": "ErrorsInfo holds information about the errors that occured during in region scan.\n", + "items": { + "$ref": "#/components/schemas/shared.ScanErrorInfo" + }, + "type": "array" + }, + "lastScan": { + "description": "LastScan is a timestamp of the end of the last scan.\n", + "format": "date-time", + "type": "string" + }, + "region": { + "description": "Region is the code name of the region.\n", + "type": "string" + }, + "scanCoverage": { + "$ref": "#/components/schemas/shared.AgentlessScanHostCoverage" + }, + "scanID": { + "description": "ScanID is the id of scan cycle the region was last scanned in.\n", + "type": "integer" + }, + "score": { + "description": "Score is an aggregated score of the errors in the region.\n", + "type": "integer" + } + }, + "type": "object" + }, + "shared.AgentlessScanHostCoverage": { + "description": "AgentlessScanHostCoverage contains the scan coverage stats", + "properties": { + "excluded": { + "description": "Excluded is the number of hosts that were excluded from the scan.\n", + "type": "integer" + }, + "issued": { + "description": "Issued is the number of hosts that are failed to scanned.\n", + "type": "integer" + }, + "pending": { + "description": "Pending is the number of hosts that are pending ais scan.\n", + "type": "integer" + }, + "successful": { + "description": "Successful is the number of hosts that were successfully scanned.\n", + "type": "integer" + }, + "unsupported": { + "description": "Unsupported is the number of hosts that are unsupported.\n", + "type": "integer" + } + }, + "type": "object" + }, + "shared.AgentlessScanSpecification": { + "description": "AgentlessScanSpecification contains information for setting up an agentless scan for a group of accounts", + "properties": { + "autoScale": { + "description": "AutoScale indicates that the number of concurrent scanners should be selected automatically.\n", + "type": "boolean" + }, + "cloudScan": { + "description": "CloudScan indicates whether the account is being scanned with prisma.\n", + "type": "boolean" + }, + "consoleAddr": { + "description": "ConsoleAddr is a network-accessible address that scanners can use to publish scan results to Console.\n", + "type": "string" + }, + "customTags": { + "description": "CustomTags are optional tags that can be added to the resources created by the scan.\n", + "items": { + "$ref": "#/components/schemas/shared.AgentlessHostTag" + }, + "type": "array" + }, + "enabled": { + "description": "Enabled indicates whether agentless scanning is enabled.\n", + "type": "boolean" + }, + "excludedTags": { + "description": "ExcludedTags are the tags used to exclude instances from the scan.\n", + "items": { + "$ref": "#/components/schemas/shared.AgentlessHostTag" + }, + "type": "array" + }, + "hubAccount": { + "description": "HubAccount indicates whether the account is configured as a hub account.\n", + "type": "boolean" + }, + "hubCredentialID": { + "description": "HubCredentialID is the ID of the credentials in the credentials store to use for authenticating with the cloud provider on behalf of the scan hub account. Optional.\n", + "type": "string" + }, + "includedTags": { + "description": "IncludedTags are tags that are used to filter hosts to scan. If set, only hosts that have one or more of these tags are scanned.\n", + "items": { + "$ref": "#/components/schemas/shared.AgentlessHostTag" + }, + "type": "array" + }, + "ociCompartment": { + "description": "OCICompartment is the resource group that holds all scan related resources for OCI.\n", + "type": "string" + }, + "ociExcludedCompartments": { + "description": "OCIExcludedCompartments are the compartments excluded from scan (OCI).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "ociVcn": { + "description": "OCIVcn is the Virtual Cloud Network to use for the instance launched for scanning. Default value is empty string, which represents the default VCN.\n", + "type": "string" + }, + "proxyAddress": { + "description": "ProxyAddress is the optional HTTP proxy address for a setup that includes a proxy server.\n", + "type": "string" + }, + "proxyCA": { + "description": "ProxyCA is the optional proxy CA certificate for a setup that includes a TLS proxy.\n", + "type": "string" + }, + "regions": { + "description": "Regions are the cloud provider regions applicable for the scan. Default is all.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "scanNonRunning": { + "description": "ScanNonRunning indicates whether to scan non running instances.\n", + "type": "boolean" + }, + "scanners": { + "description": "Scanners is the number of concurrent scanners to perform the scan (when auto-scale is off).\n", + "type": "integer" + }, + "securityGroup": { + "description": "SecurityGroup is the security group that scanners should use (for isolation and internet access). Default is empty value to use the cloud account default security group.\n", + "type": "string" + }, + "skipPermissionsCheck": { + "description": "SkipPermissionsCheck indicates whether permissions check should be skipped for the account. This allows users to attempt scanning when permissions check fails.\n", + "type": "boolean" + }, + "subnet": { + "description": "Subnet is the network subnet to use for the instance launched for scanning. Default value is empty string, which represents the default subnet in the default VPC.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.AlertThreshold": { + "description": "AlertThreshold is the vulnerability policy alert threshold\nThreshold values typically vary between 0 and 10 (noninclusive)", + "properties": { + "disabled": { + "description": "Suppresses alerts for all vulnerabilities (true).\n", + "type": "boolean" + }, + "value": { + "description": "Minimum severity to trigger alerts. Supported values range from 0 to 9, where 0=off, 1=low, 4=medium, 7=high, and 9=critical.\n", + "format": "float", + "type": "number" + } + }, + "type": "object" + }, + "shared.AllowedCVE": { + "description": "AllowedCVE is a CVE to ignore across the product", + "properties": { + "cve": { + "description": "CVE is the CVE to allow.\n", + "type": "string" + }, + "description": { + "description": "Description is the description of why this CVE is allowed.\n", + "type": "string" + }, + "expiration": { + "description": "Expiration is the expiration date for the allowed CVE.\n", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "shared.AppEmbeddedEmbedRequest": { + "description": "AppEmbeddedEmbedRequest represents the arguments required for a AppEmbedded defender embed request", + "properties": { + "appID": { + "description": "AppID identifies the app that the embedded app defender defender is protecting.\n", + "type": "string" + }, + "consoleAddr": { + "description": "ConsoleAddr is the console address.\n", + "type": "string" + }, + "dataFolder": { + "description": "DataFolder is the path to the Twistlock data folder in the container.\n", + "type": "string" + }, + "dockerfile": { + "description": "Dockerfile is the Dockerfile to embed AppEmbedded defender into.\n", + "type": "string" + }, + "filesystemMonitoring": { + "description": "FilesystemMonitoring is the flag of filesystem monitoring for this Defender.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "shared.AppEmbeddedRuntimeProfile": { + "description": "AppEmbeddedRuntimeProfile represents the app embedded runtime profile", + "properties": { + "_id": { + "description": "ID is the profile ID.\n", + "type": "string" + }, + "appID": { + "description": "AppID is the app embedded defender name.\n", + "type": "string" + }, + "cloudMetadata": { + "$ref": "#/components/schemas/common.CloudMetadata" + }, + "cluster": { + "description": "Cluster is the ECS Fargate cluster name.\n", + "type": "string" + }, + "clusterType": { + "$ref": "#/components/schemas/common.ClusterType" + }, + "collections": { + "description": "Collections are collections to which this profile applies.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "container": { + "description": "Container is the app embedded container name.\n", + "type": "string" + }, + "image": { + "description": "Image is the image name.\n", + "type": "string" + }, + "imageID": { + "description": "ImageID is the image ID.\n", + "type": "string" + }, + "startTime": { + "description": "StartTime is the time when the defender starts.\n", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "shared.AppFirewallAudit": { + "description": "AppFirewallAudit represents a firewall audit event", + "properties": { + "_id": { + "description": "ID is internal id representation.\n", + "type": "string" + }, + "accountID": { + "description": "AccountID is the cloud account ID where the audit was generated.\n", + "type": "string" + }, + "additionalHash": { + "description": "AdditionalHash for internal use only. This parameter is used to add an additional level of uniqueness to the audit.\n", + "type": "string" + }, + "appID": { + "description": "AppID is the application ID.\n", + "type": "string" + }, + "attackField": { + "$ref": "#/components/schemas/waas.HTTPField" + }, + "attackTechniques": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/mitre.Technique" + }, + "type": "array" + }, + "cloudProviderName": { + "$ref": "#/components/schemas/prisma.ServiceProvider" + }, + "cluster": { + "description": "Cluster is the cluster on which the audit was originated.\n", + "type": "string" + }, + "collections": { + "description": "Collections are collections to which this audit applies.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "connectingIPs": { + "description": "ConnectingIPs are the requests connecting IPs such as proxy and load-balancer.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "containerId": { + "description": "ContainerID is the firewall container ID.\n", + "type": "string" + }, + "containerName": { + "description": "ContainerName is the firewall container name.\n", + "type": "string" + }, + "count": { + "description": "Count is the number of audit occurrences.\n", + "type": "integer" + }, + "country": { + "description": "Country is the source IP country.\n", + "type": "string" + }, + "effect": { + "$ref": "#/components/schemas/waas.Effect" + }, + "eventID": { + "description": "EventID is the event identifier of the audit relevant request.\n", + "type": "string" + }, + "firewallType": { + "$ref": "#/components/schemas/waas.FirewallType" + }, + "fqdn": { + "description": "FQDN is the current hostname's FQDN.\n", + "type": "string" + }, + "function": { + "description": "Function is the name of the serverless function that caused the audit.\n", + "type": "string" + }, + "functionID": { + "description": "FunctionID is the id of the function called.\n", + "type": "string" + }, + "host": { + "description": "Host indicates this audit is either for host firewall or out of band firewall or agentless firewall.\n", + "type": "boolean" + }, + "hostname": { + "description": "Hostname is the current hostname.\n", + "type": "string" + }, + "imageID": { + "description": "ImageID is the firewall image ID.\n", + "type": "string" + }, + "imageName": { + "description": "ImageName is the firewall image name.\n", + "type": "string" + }, + "labels": { + "additionalProperties": { + "$ref": "#/components/schemas/string" + }, + "description": "Labels are the custom labels associated with the container.\n", + "type": "object" + }, + "method": { + "description": "HTTPMethod is the request HTTP method.\n", + "type": "string" + }, + "modelPath": { + "description": "ModelPath for internal use only. This parameter is a correlated path for the mapped API Model.\n", + "type": "string" + }, + "msg": { + "description": "Message is the blocking message text.\n", + "type": "string" + }, + "ns": { + "description": "Namespaces are the k8s namespaces.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "os": { + "description": "OS is the operating system distribution.\n", + "type": "string" + }, + "owaspAPITop10": { + "$ref": "#/components/schemas/waas.OWASPAPITop10" + }, + "owaspTop10": { + "$ref": "#/components/schemas/waas.OWASPTop10" + }, + "prismaAccountID": { + "description": "PrismaAccountID is the Prisma format account ID.\n", + "type": "string" + }, + "prismaCloudProvider": { + "$ref": "#/components/schemas/prisma.CloudType" + }, + "prismaRegion": { + "description": "PrismaRegion is the Prisma format cloud region.\n", + "type": "string" + }, + "profileId": { + "description": "ProfileID is the profile of the audit.\n", + "type": "string" + }, + "protection": { + "$ref": "#/components/schemas/waas.Protection" + }, + "provider": { + "$ref": "#/components/schemas/common.CloudProvider" + }, + "rawEvent": { + "description": "RawEvent contains unparsed function handler event input.\n", + "type": "string" + }, + "region": { + "description": "Region is the name of the region in which the serverless function is located.\n", + "type": "string" + }, + "requestHeaderNames": { + "description": "RequestHeaderNames are the request header names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "requestHeaders": { + "description": "RequestHeaders represent the request headers.\n", + "type": "string" + }, + "requestHost": { + "description": "RequestHost is the request host.\n", + "type": "string" + }, + "requestID": { + "description": "RequestID is lambda function invocation request id.\n", + "type": "string" + }, + "resource": { + "$ref": "#/components/schemas/common.RuntimeResource" + }, + "responseHeaderNames": { + "description": "ResponseHeaderNames are the response header names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "ruleAppID": { + "description": "RuleAppID is the ID of the rule's app that was applied.\n", + "type": "string" + }, + "ruleName": { + "description": "RuleName is the name of the rule that was applied.\n", + "type": "string" + }, + "runtime": { + "$ref": "#/components/schemas/shared.LambdaRuntimeType" + }, + "statusCode": { + "description": "StatusCode is the response status code.\n", + "type": "integer" + }, + "subnet": { + "description": "Subnet is the source IP subnet.\n", + "type": "string" + }, + "time": { + "description": "Time is the UTC time of the audit event.\n", + "format": "date-time", + "type": "string" + }, + "type": { + "$ref": "#/components/schemas/waas.AttackType" + }, + "url": { + "description": "URL is the requests full URL (partial on server side - path and query only).\n", + "type": "string" + }, + "urlPath": { + "description": "URLPath is the requests url path.\n", + "type": "string" + }, + "urlQuery": { + "description": "URLQuery is the requests url query.\n", + "type": "string" + }, + "userAgentHeader": { + "description": "UserAgentHeader is the requests User-Agent header.\n", + "type": "string" + }, + "version": { + "description": "Version is the defender version.\n", + "type": "string" + }, + "workloadAssetType": { + "$ref": "#/components/schemas/prisma.AssetType" + }, + "workloadExternalResourceID": { + "description": "WorkloadExternalResourceID is the workload external resource ID (Asset External ID).\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.Audit": { + "description": "Audit represents an event in the system", + "properties": { + "accountID": { + "description": "AccountID is the cloud account ID where the audit was created.\n", + "type": "string" + }, + "allow": { + "description": "Allow indicates whether the command was allowe or denied.\n", + "type": "boolean" + }, + "api": { + "description": "API is the api that is being audited.\n", + "type": "string" + }, + "cluster": { + "description": "Cluster is the cluster from which the audit originated.\n", + "type": "string" + }, + "collections": { + "description": "Collections are collections to which this audit applies.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "containerName": { + "description": "ContainerName is the name of the container.\n", + "type": "string" + }, + "fqdn": { + "description": "FQDN is the fully qualified domain name from which the audit originated.\n", + "type": "string" + }, + "hostname": { + "description": "Hostname is the hostname from which the audit originated.\n", + "type": "string" + }, + "imageName": { + "description": "ImageName is the name of the image.\n", + "type": "string" + }, + "labels": { + "additionalProperties": { + "$ref": "#/components/schemas/string" + }, + "description": "Labels are the labels associated with the target audit (for containers/images).\n", + "type": "object" + }, + "msg": { + "description": "Msg is the message explaining the audit.\n", + "type": "string" + }, + "namespace": { + "description": "Namespace is the container namespace.\n", + "type": "string" + }, + "ruleName": { + "description": "RulesName is contains the name of the rule that was applied, when blocked.\n", + "type": "string" + }, + "sourceIP": { + "description": "SourceIP is the remote agent's source IP.\n", + "type": "string" + }, + "time": { + "description": "Time is the UTC time of the audit event.\n", + "format": "date-time", + "type": "string" + }, + "type": { + "description": "Type is the audit type.\n", + "type": "string" + }, + "user": { + "description": "User is the user that run the command.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.BackupSpec": { + "description": "BackupSpec is the backup specification", + "properties": { + "id": { + "description": "ID is the full backup file name, used as the instance id in API calls.\n", + "type": "string" + }, + "name": { + "description": "Name is the backup name.\n", + "type": "string" + }, + "release": { + "description": "Release is the backup release.\n", + "type": "string" + }, + "time": { + "description": "Time is the backup creation time.\n", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "shared.Binary": { + "description": "Binary represents a detected binary file (ELF)", + "properties": { + "altered": { + "description": "Indicates if the binary was installed from a package manager and modified/replaced (true) or not (false).\n", + "type": "boolean" + }, + "cveCount": { + "description": "Total number of CVEs for this specific binary.\n", + "type": "integer" + }, + "deps": { + "description": "Third-party package files which are used by the binary.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "fileMode": { + "description": "Represents the file's mode and permission bits.\n", + "type": "integer" + }, + "functionLayer": { + "description": "ID of the serverless layer in which the package was discovered.\n", + "type": "string" + }, + "md5": { + "description": "Md5 hashset of the binary.\n", + "type": "string" + }, + "missingPkg": { + "description": "Indicates if this binary is not related to any package (true) or not (false).\n", + "type": "boolean" + }, + "name": { + "description": "Name of the binary.\n", + "type": "string" + }, + "path": { + "description": "Path is the path of the binary.\n", + "type": "string" + }, + "pkgRootDir": { + "description": "Path for searching packages used by the binary.\n", + "type": "string" + }, + "services": { + "description": "Names of services which use the binary.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "version": { + "description": "Version of the binary.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.BlockThreshold": { + "description": "BlockThreshold is the vulnerability policy block threshold\nThreshold values typically vary between 0 and 10 (noninclusive)", + "properties": { + "enabled": { + "description": "Enables blocking (true).\n", + "type": "boolean" + }, + "value": { + "description": "Minimum severity to trigger blocking. Supported values range from 0 to 9, where 0=off, 1=low, 4=medium, 7=high, and 9=critical.\n", + "format": "float", + "type": "number" + } + }, + "type": "object" + }, + "shared.CLIScanResult": { + "description": "CLIScanResult describes a CLI scan result", + "properties": { + "_id": { + "description": "ID of the scan result.\n", + "type": "string" + }, + "build": { + "description": "CI build.\n", + "type": "string" + }, + "complianceFailureSummary": { + "description": "Scan compliance failure summary.\n", + "type": "string" + }, + "entityInfo": { + "$ref": "#/components/schemas/shared.ImageScanResult" + }, + "jobName": { + "description": "CI job name.\n", + "type": "string" + }, + "pass": { + "description": "Indicates if the scan passed (true) or failed (false).\n", + "type": "boolean" + }, + "time": { + "description": "Time of the scan.\n", + "format": "date-time", + "type": "string" + }, + "version": { + "description": "Scanner version.\n", + "type": "string" + }, + "vulnFailureSummary": { + "description": "Scan vulnerability failure summary.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.CVEAllowList": { + "description": "CVEAllowList is a collection of allowed CVE's", + "properties": { + "_id": { + "description": "ID is the id of the feed.\n", + "type": "string" + }, + "digest": { + "description": "Digest is the feed digest.\n", + "type": "string" + }, + "rules": { + "description": "Rules is the list of allowed CVEs.\n", + "items": { + "$ref": "#/components/schemas/shared.AllowedCVE" + }, + "type": "array" + } + }, + "type": "object" + }, + "shared.CVERule": { + "description": "CVERule is a vuln rule for specific vulnerability", + "properties": { + "description": { + "description": "Free-form text for documenting the exception.\n", + "type": "string" + }, + "effect": { + "$ref": "#/components/schemas/vuln.Effect" + }, + "expiration": { + "$ref": "#/components/schemas/vuln.ExpirationDate" + }, + "id": { + "description": "CVE ID.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.CloudDiscoveryAccount": { + "description": "CloudDiscoveryAccount holds data about a discovered account", + "properties": { + "accountName": { + "description": "AccountName is the cloud account name.\n", + "type": "string" + }, + "agentless": { + "description": "Agentless indicates whether the account is scan by agentless.\n", + "type": "boolean" + }, + "credentialId": { + "description": "CredentialID is the id reference of the credential used.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.CloudDiscoveryEntity": { + "description": "CloudDiscoveryEntity holds data about a discovered entity", + "properties": { + "accountID": { + "description": "AccountID is the cloud provider account ID.\n", + "type": "string" + }, + "activeServicesCount": { + "description": "ActiveServicesCount is the number of active services in ecs cluster.\n", + "format": "int64", + "type": "integer" + }, + "arn": { + "description": "The Amazon Resource Name (ARN) assigned to the entity.\n", + "type": "string" + }, + "collections": { + "description": "Collections are the matched result collections.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "containerGroup": { + "description": "ContainerGroup is the azure aci container group the container belongs to.\n", + "type": "string" + }, + "createdAt": { + "description": "CreatedAt is the time when the entity was created.\n", + "format": "date-time", + "type": "string" + }, + "defended": { + "description": "Defended indicates if the entity is defended.\n", + "type": "boolean" + }, + "endpoints": { + "description": "Endpoints are the cluster endpoints.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "image": { + "description": "Image is the image of an aci container.\n", + "type": "string" + }, + "lastModified": { + "description": "LastModified is the modification time of the function.\n", + "format": "date-time", + "type": "string" + }, + "name": { + "description": "Name is the name of the entity.\n", + "type": "string" + }, + "nodesCount": { + "description": "NodesCount is the number of nodes in the cluster (aks, gke).\n", + "type": "integer" + }, + "provider": { + "$ref": "#/components/schemas/common.CloudProvider" + }, + "region": { + "description": "Region is the region that was scanned, for example: GCP - \"us-east-1\", Azure - \"westus\".\n", + "type": "string" + }, + "registry": { + "description": "Registry is the Azure registry that was scanned, for example: testcloudscanregistry.azurecr.io.\n", + "type": "string" + }, + "resourceGroup": { + "description": "ResourceGroup is the the azure resource group containing the entity.\n", + "type": "string" + }, + "runningTasksCount": { + "description": "RunningTasksCount is the number of running tasks in ecs cluster.\n", + "format": "int64", + "type": "integer" + }, + "runtime": { + "description": "Runtime is runtime environment for the function, i.e. nodejs.\n", + "type": "string" + }, + "serviceType": { + "$ref": "#/components/schemas/shared.ScanResultType" + }, + "status": { + "description": "Status is the current status of entity.\n", + "type": "string" + }, + "timestamp": { + "description": "Timestamp is the time in which the instance info was fetched.\n", + "format": "date-time", + "type": "string" + }, + "version": { + "description": "Version is the version of the entity.\n", + "type": "string" + }, + "zone": { + "description": "Zone is the GCP zone that was scanned.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.CloudDiscoveryRadar": { + "description": "CloudDiscoveryRadar represents a cloud radar", + "properties": { + "accounts": { + "description": "Accounts is the number of accounts.\n", + "type": "integer" + }, + "agentlessDisabledAccounts": { + "description": "AgentlessDisabledAccounts is the number of accounts with agentless is disable.\n", + "type": "integer" + }, + "appEmbedded": { + "description": "AppEmbedded indicates whether the region includes app Embedded.\n", + "type": "boolean" + }, + "clusters": { + "description": "Clusters indicates whether the region includes clusters.\n", + "type": "boolean" + }, + "defended": { + "description": "Defended is the number of defended entities.\n", + "type": "integer" + }, + "errCount": { + "description": "ErrCount is the number of errors.\n", + "type": "integer" + }, + "functions": { + "description": "Functions indicates whether the region includes functions.\n", + "type": "boolean" + }, + "nodes": { + "description": "NodesCount is the number of nodes.\n", + "type": "integer" + }, + "provider": { + "$ref": "#/components/schemas/common.CloudProvider" + }, + "region": { + "description": "Region is the region that was scanned, for example: GCP - \"us-east-1\", Azure - \"westus\".\n", + "type": "string" + }, + "registries": { + "description": "Registries indicates whether the region includes registries.\n", + "type": "boolean" + }, + "total": { + "description": "Total is total number of entities found in cloud scan.\n", + "type": "integer" + }, + "vms": { + "description": "VMs indicates whether the region includes VMs.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "shared.CloudDiscoveryResult": { + "description": "CloudDiscoveryResult represents a cloud scan result for a specific cloud provider, service and region", + "properties": { + "accountID": { + "description": "AccountID is the cloud account ID.\n", + "type": "string" + }, + "accountName": { + "description": "AccountName is the cloud account name.\n", + "type": "string" + }, + "agentless": { + "description": "Agentless indicates whether the account is scan by agentless.\n", + "type": "boolean" + }, + "collections": { + "description": "Collections are the matched result collections.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "credentialId": { + "description": "CredentialID is the id reference of the credential used.\n", + "type": "string" + }, + "defended": { + "description": "Defended is the number of defended entities (registries, functions, clusters).\n", + "type": "integer" + }, + "defenseCoverage": { + "description": "DefenseCoverage is the defense coverage percentage (0-100).\n", + "type": "integer" + }, + "err": { + "description": "Err holds any error found during a scan.\n", + "type": "string" + }, + "nodes": { + "description": "Nodes is the number of nodes.\n", + "type": "integer" + }, + "project": { + "description": "Project is the GCP project that was scanned.\n", + "type": "string" + }, + "provider": { + "$ref": "#/components/schemas/common.CloudProvider" + }, + "region": { + "description": "Region is the region that was scanned, for example: GCP - \"us-east-1\", Azure - \"westus\".\n", + "type": "string" + }, + "registry": { + "description": "Registry is the registry that was scanned, for example: testcloudscanregistry.azurecr.io.\n", + "type": "string" + }, + "registryTags": { + "additionalProperties": { + "$ref": "#/components/schemas/string" + }, + "description": "RegistryTags are the registry tags.\n", + "type": "object" + }, + "serviceType": { + "$ref": "#/components/schemas/shared.ScanResultType" + }, + "total": { + "description": "Total is total number of entities found in cloud scan.\n", + "type": "integer" + }, + "undefended": { + "description": "Undefended is the number of undefended entities (registries, functions, clusters).\n", + "type": "integer" + }, + "zone": { + "description": "Zone is the zone that was scanned, only relevant to GCP.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.CloudScanRule": { + "description": "CloudScanRule is a rule for discovery/compliance/serverless radar scanning", + "properties": { + "agentlessAccountState": { + "$ref": "#/components/schemas/shared.AgentlessAccountState" + }, + "agentlessScanSpec": { + "$ref": "#/components/schemas/shared.AgentlessScanSpecification" + }, + "awsRegionType": { + "$ref": "#/components/schemas/shared.RegionType" + }, + "complianceCheckIDs": { + "description": "ComplianceCheckIDs are the compliance checks IDs.\n", + "items": { + "$ref": "#/components/schemas/int" + }, + "type": "array" + }, + "credential": { + "$ref": "#/components/schemas/cred.Credential" + }, + "credentialId": { + "description": "CredentialID is the id reference of the credential.\n", + "type": "string" + }, + "deleted": { + "description": "Deleted reports whether the account is deleted.\n", + "type": "boolean" + }, + "discoverAllFunctionVersions": { + "description": "DiscoverAllFunctionVersions indicates whether serverless discovery and radar scans should scan all function versions or only latest.\n", + "type": "boolean" + }, + "discoveryEnabled": { + "description": "DiscoveryEnabled indicates whether discovery scan is enabled.\n", + "type": "boolean" + }, + "modified": { + "description": "Modified holds the last modified time (in Compute).\n", + "format": "int64", + "type": "integer" + }, + "organizationName": { + "description": "OrganizationName is the organization the account belongs to (if any).\n", + "type": "string" + }, + "prismaLastModified": { + "description": "PrismaLastModified reports the last time the account was modified by Prisma (unix milliseconds).\n", + "format": "int64", + "type": "integer" + }, + "serverlessRadarCap": { + "description": "ServerlessRadarCap is the maximum number of functions to scan in serverless radar.\n", + "type": "integer" + }, + "serverlessRadarEnabled": { + "description": "ServerlessRadarEnabled indicates whether serverless radar scan is enabled.\n", + "type": "boolean" + }, + "serverlessScanSpec": { + "$ref": "#/components/schemas/shared.ServerlessScanSpecification" + }, + "vmTagsEnabled": { + "description": "VMTagsEnabled indicates whether fetching VM instance tags is enabled.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "shared.CodeRepoProviderType": { + "description": "CodeRepoProviderType is the type of provider for the code repository, e.g., GitHub, GitLab etc", + "enum": [ + [ + "github", + "CI" + ] + ], + "type": "string" + }, + "shared.CompressedLayerTimes": { + "description": "CompressedLayerTimes represent the compressed layer times of the image apps and pkgs", + "properties": { + "appTimes": { + "description": ".\n", + "items": { + "$ref": "#/components/schemas/int64" + }, + "type": "array" + }, + "pkgsTimes": { + "description": ".\n", + "items": { + "$ref": "#/components/schemas/shared.PkgsTimes" + }, + "type": "array" + } + }, + "type": "object" + }, + "shared.Conditions": { + "description": "Conditions contains rule conditions. Conditions apply only for their respective policy type", + "properties": { + "device": { + "description": "Allowed volume host device (wildcard). If a \"container create\" command specifies a non matching host device, th action is blocked. Only applies to rules in certain policy types.\n", + "type": "string" + }, + "readonly": { + "description": "Indicates if the condition applies only to read-only commands (i.e., HTTP GET requests) (true) or not (false).\n", + "type": "boolean" + }, + "vulnerabilities": { + "description": "Block and scan severity-based vulnerabilities conditions.\n", + "items": { + "$ref": "#/components/schemas/vuln.Condition" + }, + "type": "array" + } + }, + "type": "object" + }, + "shared.Connection": { + "description": "Connection is a radar internet connection", + "properties": { + "port": { + "description": ".\n", + "type": "integer" + }, + "protocol": { + "description": ".\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.ContainerHistoryEvent": { + "description": "ContainerHistoryEvent is a container process event created by interactive user", + "properties": { + "_id": { + "description": "ID is the history event entity.\n", + "type": "string" + }, + "command": { + "description": "Command is the process that was executed.\n", + "type": "string" + }, + "hostname": { + "description": "Hostname is the hostname on which the command was invoked.\n", + "type": "string" + }, + "time": { + "description": "Time is the time of the event.\n", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "shared.ContainerInfo": { + "description": "ContainerInfo contains all information gathered on a specific container", + "properties": { + "allCompliance": { + "$ref": "#/components/schemas/vuln.AllCompliance" + }, + "app": { + "description": "App is the app that is hosted in the container.\n", + "type": "string" + }, + "cloudMetadata": { + "$ref": "#/components/schemas/common.CloudMetadata" + }, + "cluster": { + "description": "Cluster is the provided cluster name.\n", + "type": "string" + }, + "clusterType": { + "$ref": "#/components/schemas/common.ClusterType" + }, + "complianceDistribution": { + "$ref": "#/components/schemas/vuln.Distribution" + }, + "complianceIssues": { + "description": "ComplianceIssues are all the container compliance issues.\n", + "items": { + "$ref": "#/components/schemas/vuln.Vulnerability" + }, + "type": "array" + }, + "complianceIssuesCount": { + "description": ".\n", + "type": "integer" + }, + "complianceRiskScore": { + "description": "ComplianceRiskScore is the container's compliance risk score.\n", + "format": "float", + "type": "number" + }, + "externalLabels": { + "description": "ExternalLabels is the external labels e.g., kubernetes namespace labels.\n", + "items": { + "$ref": "#/components/schemas/common.ExternalLabel" + }, + "type": "array" + }, + "id": { + "description": "ID is the container id.\n", + "type": "string" + }, + "image": { + "description": "Image is the canonical image name.\n", + "type": "string" + }, + "imageID": { + "description": "ImageID is the image id.\n", + "type": "string" + }, + "imageName": { + "description": "The image name as stated in the docker run command.\n", + "type": "string" + }, + "infra": { + "description": "Infra represents any container that belongs to the infrastructure.\n", + "type": "boolean" + }, + "installedProducts": { + "$ref": "#/components/schemas/shared.InstalledProducts" + }, + "labels": { + "description": "Labels are the container labels (https://docs.docker.com/engine/userguide/labels-custom-metadata/).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "name": { + "description": "Name is the container name.\n", + "type": "string" + }, + "namespace": { + "description": "Namespace is the k8s deployment namespace.\n", + "type": "string" + }, + "network": { + "$ref": "#/components/schemas/shared.ContainerNetwork" + }, + "networkSettings": { + "$ref": "#/components/schemas/shared.DockerNetworkInfo" + }, + "processes": { + "description": "Processes are the processes that are running inside the container.\n", + "items": { + "$ref": "#/components/schemas/shared.ContainerProcess" + }, + "type": "array" + }, + "profileID": { + "description": "ProfileID is the container profile id.\n", + "type": "string" + }, + "sizeBytes": { + "description": ".\n", + "format": "int64", + "type": "integer" + }, + "startTime": { + "description": "StartTime is the starting time of the container.\n", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "shared.ContainerNetwork": { + "description": "ContainerNetwork contains details about the container network (ports, IPs, type etc...)", + "properties": { + "ports": { + "description": "Ports are the ports details associated with the container.\n", + "items": { + "$ref": "#/components/schemas/shared.ContainerPort" + }, + "type": "array" + } + }, + "type": "object" + }, + "shared.ContainerNetworkFirewallProfileAudits": { + "description": "ContainerNetworkFirewallProfileAudits represents the container network firewall profile audits", + "properties": { + "_id": { + "description": "ProfileID is the runtime profile ID.\n", + "type": "string" + }, + "audits": { + "additionalProperties": { + "$ref": "#/components/schemas/shared.ContainerNetworkFirewallSubtypeAudits" + }, + "description": "Audits is a map from the audit sub-type to the audit events list.\n", + "type": "object" + }, + "cluster": { + "description": "Cluster is the cluster from which the audit originated.\n", + "type": "string" + }, + "collections": { + "description": "Collections are collections to which this audit applies.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "imageName": { + "description": "ImageName is the container image name.\n", + "type": "string" + }, + "label": { + "description": "Label represents the container deployment label.\n", + "type": "string" + }, + "os": { + "description": "OS is the operating system distribution.\n", + "type": "string" + }, + "resource": { + "$ref": "#/components/schemas/common.RuntimeResource" + }, + "time": { + "description": "Time is the UTC time of the last audit event.\n", + "format": "date-time", + "type": "string" + }, + "total": { + "description": "Total is the total count of audits per runtime profile.\n", + "type": "integer" + } + }, + "type": "object" + }, + "shared.ContainerNetworkFirewallSubtypeAudits": { + "description": "ContainerNetworkFirewallSubtypeAudits represents the container network firewall sub type audits per profile", + "properties": { + "audits": { + "description": "Audits are the container network firewall audits associated with the sub-type, limited to the determined capacity.\n", + "items": { + "$ref": "#/components/schemas/cnnf.ContainerAudit" + }, + "type": "array" + }, + "count": { + "description": "Count is the total count of the sub-type audits.\n", + "type": "integer" + } + }, + "type": "object" + }, + "shared.ContainerPort": { + "description": "ContainerPort represents the state of a port in a given container", + "properties": { + "container": { + "description": "Container is the mapped port inside the container.\n", + "type": "integer" + }, + "host": { + "description": "Host is the host port number.\n", + "type": "integer" + }, + "hostIP": { + "description": "HostIP is the host IP.\n", + "type": "string" + }, + "listening": { + "description": "Listening indicates whether the port is in listening mode.\n", + "type": "boolean" + }, + "nat": { + "description": "NAT indicates the port is exposed using NAT.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "shared.ContainerProcess": { + "description": "ContainerProcess represents a process inside a container", + "properties": { + "name": { + "description": "Name is a process name.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.ContainerRadarIncomingConnection": { + "description": "ContainerRadarIncomingConnection is an incoming connection in the network radar", + "properties": { + "policyRules": { + "description": "PolicyRules are the policy rules that are applicable for source/dest. Used for radar display of connections deduced from policy rules.\n", + "items": { + "$ref": "#/components/schemas/cnnf.RadarPolicyRule" + }, + "type": "array" + }, + "ports": { + "description": "Ports are all the ports used by the sender.\n", + "items": { + "$ref": "#/components/schemas/common.PortData" + }, + "type": "array" + }, + "profileHash": { + "$ref": "#/components/schemas/common.ProfileHash" + }, + "profileID": { + "description": "ProfileID is the sender's profile ID.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.ContainerRuntimeProfile": { + "description": "ContainerRuntimeProfile represents the image runtime profile", + "properties": { + "_id": { + "description": "ID is the profile ID.\n", + "type": "string" + }, + "accountIDs": { + "description": "AccountIDs are the cloud account IDs associated with the container runtime profile.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "archived": { + "description": "Archive indicates whether this profile is archived.\n", + "type": "boolean" + }, + "capabilities": { + "$ref": "#/components/schemas/runtime.ContainerCapabilities" + }, + "cluster": { + "description": "Cluster is the provided cluster name.\n", + "type": "string" + }, + "collections": { + "description": "Collections are collections to which this profile applies.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "created": { + "description": "Created is the profile creation time.\n", + "format": "date-time", + "type": "string" + }, + "entrypoint": { + "description": "Entrypoint is the image entrypoint.\n", + "type": "string" + }, + "events": { + "description": "Events are the last historical interactive process events for this profile, they are updated in a designated flow.\n", + "items": { + "$ref": "#/components/schemas/shared.ContainerHistoryEvent" + }, + "type": "array" + }, + "filesystem": { + "$ref": "#/components/schemas/runtime.ProfileFilesystem" + }, + "hash": { + "$ref": "#/components/schemas/common.ProfileHash" + }, + "hostNetwork": { + "description": "HostNetwork whether the instance share the network namespace with the host.\n", + "type": "boolean" + }, + "hostPid": { + "description": "HostPid indicates whether the instance share the pid namespace with the host.\n", + "type": "boolean" + }, + "image": { + "description": "Image is the image name that represents the image.\n", + "type": "string" + }, + "imageID": { + "description": "ImageID is the profile's image ID.\n", + "type": "string" + }, + "infra": { + "description": "InfraContainer indicates this is an infrastructure container.\n", + "type": "boolean" + }, + "istio": { + "description": "Istio states whether it is an istio-monitored profile.\n", + "type": "boolean" + }, + "k8s": { + "$ref": "#/components/schemas/shared.ProfileKubernetesData" + }, + "label": { + "description": "Label is the profile's label.\n", + "type": "string" + }, + "lastUpdate": { + "description": "Modified is the last time when this profile was modified.\n", + "format": "date-time", + "type": "string" + }, + "learnedStartup": { + "description": "LearnedStartup indicates that startup events were learned.\n", + "type": "boolean" + }, + "namespace": { + "description": "Namespace is the k8s deployment namespace.\n", + "type": "string" + }, + "network": { + "$ref": "#/components/schemas/runtime.ProfileNetwork" + }, + "os": { + "description": "OS is the profile image OS.\n", + "type": "string" + }, + "processes": { + "$ref": "#/components/schemas/runtime.ProfileProcesses" + }, + "relearningCause": { + "description": "RelearningCause is a string that describes the reasoning for a profile to enter the learning mode after\nbeing activated.\n", + "type": "string" + }, + "remainingLearningDurationSec": { + "description": "RemainingLearningDurationSec represents the total time left that the system need to finish learning this image.\n", + "format": "double", + "type": "number" + }, + "state": { + "$ref": "#/components/schemas/shared.RuntimeProfileState" + } + }, + "type": "object" + }, + "shared.ContainerScanResult": { + "description": "ContainerScanResult contains the result of a scanning a container", + "properties": { + "_id": { + "description": "ID is the container ID.\n", + "type": "string" + }, + "agentless": { + "description": "Agentless indicates if the result was received by an agentless scanner.\n", + "type": "boolean" + }, + "agentlessScanID": { + "description": "AgentlessScanID is the ID of the agentless scan in which the result was received.\n", + "type": "integer" + }, + "ais": { + "description": "AIS indicates the scan was performed by AIS.\n", + "type": "boolean" + }, + "collections": { + "description": "Collections are collections to which this container applies.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "csa": { + "description": "CSA indicates the scan was performed by the CSA.\n", + "type": "boolean" + }, + "firewallProtection": { + "$ref": "#/components/schemas/waas.ProtectionStatus" + }, + "hostname": { + "description": "Hostname is the hostname on which the container is deployed.\n", + "type": "string" + }, + "info": { + "$ref": "#/components/schemas/shared.ContainerInfo" + }, + "runtimeEnabled": { + "description": "RuntimeEnabled indicates if any runtime rule applies to the container.\n", + "type": "boolean" + }, + "scanTime": { + "description": "ScanTime is the container scan time.\n", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "shared.Coordinates": { + "description": "Coordinates represents a region coordinates type", + "properties": { + "latitude": { + "description": "Latitude coordinate.\n", + "format": "float", + "type": "number" + }, + "longitude": { + "description": "Longitude coordinate.\n", + "format": "float", + "type": "number" + } + }, + "type": "object" + }, + "shared.CustomComplianceCheck": { + "description": "CustomComplianceCheck represents a custom compliance check entry", + "properties": { + "_id": { + "description": "ID is the compliance check ID.\n", + "type": "integer" + }, + "disabled": { + "description": "Indicates whether the rule is currently disabled. Values: true (disabled) or false (enabled).\n", + "type": "boolean" + }, + "modified": { + "description": "Specifies the date and time when the rule was last modified.\n", + "format": "date-time", + "type": "string" + }, + "name": { + "description": "Name of the rule.\n", + "type": "string" + }, + "notes": { + "description": "Describes any noteworthy points for a rule. You can include any text.\n", + "type": "string" + }, + "owner": { + "description": "User who created or last modified the rule.\n", + "type": "string" + }, + "previousName": { + "description": "Previous name of the rule. Required for rule renaming.\n", + "type": "string" + }, + "script": { + "description": "Script is the custom check script.\n", + "type": "string" + }, + "severity": { + "description": "Severity is the custom check defined severity.\n", + "type": "string" + }, + "title": { + "description": "Title is the custom check title.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.CustomIPFeed": { + "description": "CustomIPFeed represent the custom IP feed", + "properties": { + "_id": { + "description": "ID is the custom feed id.\n", + "type": "string" + }, + "digest": { + "description": "Digest is an internal digest of the custom ip feed.\n", + "type": "string" + }, + "feed": { + "$ref": "#/components/schemas/shared.IPs" + }, + "modified": { + "description": "Modified is the last time the custom feed was modified.\n", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "shared.CustomLabelsSettings": { + "description": "CustomLabelsSettings are customized label names that are used to augment audit events\nThey can either be docker labels (which appears in the container label specification)\nor k8s/openshift labels (which appears in the pause container that monitors the target container)", + "properties": { + "labels": { + "description": "Labels are the custom labels.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + "type": "object" + }, + "shared.CustomMalwareFeed": { + "description": "CustomMalwareFeed represent the custom malware", + "properties": { + "_id": { + "description": "ID is the custom feed id.\n", + "type": "string" + }, + "digest": { + "description": "Digest is an internal digest of the feed.\n", + "type": "string" + }, + "feed": { + "description": "Feed is the list of custom malware signatures.\n", + "items": { + "$ref": "#/components/schemas/shared.Malware" + }, + "type": "array" + }, + "modified": { + "description": "Modified is the last time the custom feed was modified.\n", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "shared.DefenderInstallBundle": { + "description": "DefenderInstallBundle represents the install bundle for the defender", + "properties": { + "installBundle": { + "description": "InstallBundle is the base64 bundle of certificates used to communicate with the console.\n", + "type": "string" + }, + "wsAddress": { + "description": "WSAddress is the websocket address (console ) the TAS defender connects to.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.DefenderLicenseDetails": { + "description": "DefenderLicenseDetails represents a single defender license details", + "properties": { + "category": { + "$ref": "#/components/schemas/defender.Category" + }, + "count": { + "description": "Count is the amount of licensed defenders.\n", + "type": "integer" + } + }, + "type": "object" + }, + "shared.DockerNetworkInfo": { + "description": "DockerNetworkInfo contains network-related information about a container", + "properties": { + "ipAddress": { + "description": "IPAddress is the container IP.\n", + "type": "string" + }, + "macAddress": { + "description": "MacAddress is the container MAC.\n", + "type": "string" + }, + "networks": { + "description": "Networks are the networks the container is connected to.\n", + "items": { + "$ref": "#/components/schemas/shared.NetworkInfo" + }, + "type": "array" + }, + "ports": { + "description": "Ports are the container network binding that are externally mapped.\n", + "items": { + "$ref": "#/components/schemas/shared.Port" + }, + "type": "array" + } + }, + "type": "object" + }, + "shared.EncodeServerlessRuleOpts": { + "description": "EncodeServerlessRuleOpts represents the arguments to serverless rule encoding request", + "properties": { + "accountID": { + "description": "AccountID is the cloud account ID.\n", + "type": "string" + }, + "consoleAddr": { + "description": "ConsoleAddr is the remote console address.\n", + "type": "string" + }, + "function": { + "description": "Function is the name of the function.\n", + "type": "string" + }, + "provider": { + "$ref": "#/components/schemas/common.CloudProvider" + }, + "proxy": { + "$ref": "#/components/schemas/common.ProxySettings" + }, + "region": { + "description": "Region is the function's cloud provider region.\n", + "type": "string" + }, + "updateIntervalMs": { + "description": "UpdateIntervalMs is the interval between defender policy requests from the console in milliseconds.\n", + "type": "integer" + } + }, + "type": "object" + }, + "shared.EncodedServerlessRule": { + "description": "EncodedServerlessRule represents a base64-encoded serverless rule", + "properties": { + "data": { + "description": "Data is a base64-encoded serverless runtime rule.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.EntityType": { + "description": "EntityType represents the type of the resource identifier", + "enum": [ + [ + "", + "docker", + "kubernetes", + "tas", + "istio", + "internet", + "podman" + ] + ], + "type": "string" + }, + "shared.FileDetails": { + "description": "FileDetails contains file details as the file path, hash checksum", + "properties": { + "md5": { + "description": "Hash sum of the file using md5.\n", + "type": "string" + }, + "original_file_location": { + "description": "Path of the original file in a case of archive analysis.\n", + "type": "string" + }, + "path": { + "description": "Path of the file.\n", + "type": "string" + }, + "sha1": { + "description": "Hash sum of the file using SHA-1.\n", + "type": "string" + }, + "sha256": { + "description": "Hash sum of the file using SHA256.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.FileIntegrityEvent": { + "description": "FileIntegrityEvent represents a single file integrity event detected according to the file integrity monitoring rules", + "properties": { + "_id": { + "description": "ID is activity's unique identifier.\n", + "type": "string" + }, + "accountID": { + "description": "AccountID is the cloud account ID.\n", + "type": "string" + }, + "cluster": { + "description": "Cluster is the cluster on which the event was found.\n", + "type": "string" + }, + "collections": { + "description": "Collections are collections to which this event applies.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "description": { + "description": "Description is a human readable description of the action performed on the path.\n", + "type": "string" + }, + "eventType": { + "$ref": "#/components/schemas/shared.FileIntegrityEventType" + }, + "fileType": { + "$ref": "#/components/schemas/runtime.FSFileType" + }, + "fqdn": { + "description": "FQDN is the current fully qualified domain name used in audit alerts.\n", + "type": "string" + }, + "hostname": { + "description": "Hostname is the hostname on which the event was found.\n", + "type": "string" + }, + "metadata": { + "$ref": "#/components/schemas/shared.FileMetadata" + }, + "path": { + "description": "Path is the absolute path of the event.\n", + "type": "string" + }, + "processName": { + "description": "ProcessName is the name of the process initiated the event.\n", + "type": "string" + }, + "ruleName": { + "description": "RuleName is the name of the applied rule for auditing file integrity rules.\n", + "type": "string" + }, + "time": { + "description": "Time is the time of the event.\n", + "format": "date-time", + "type": "string" + }, + "user": { + "description": "User is the user initiated the event.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.FileIntegrityEventType": { + "description": "FileIntegrityEventType represents the type of the file integrity event", + "enum": [ + [ + "metadata", + "read", + "write" + ] + ], + "type": "string" + }, + "shared.FileMetadata": { + "description": "FileMetadata represents the metadata of a single file/directory", + "properties": { + "gid": { + "description": "GID is the ID of the group that owns the file/directory.\n", + "type": "integer" + }, + "permissions": { + "description": "Permissions are the file/directory permission bits.\n", + "type": "integer" + }, + "uid": { + "description": "UID is the ID of the user that owns the file/directory.\n", + "type": "integer" + } + }, + "type": "object" + }, + "shared.ForensicSettings": { + "description": "ForensicSettings are settings for the forensic data collection", + "properties": { + "appEmbeddedDiskUsageMb": { + "description": "AppEmbeddedDiskUsageMb is the maximum amount of disk space used to\nstore the app embedded historical forensic events.\n", + "type": "integer" + }, + "collectNetworkFirewall": { + "description": "CollectNetworkFirewall indicates whether network firewall collection is enabled.\n", + "type": "boolean" + }, + "collectNetworkSnapshot": { + "description": "CollectNetworkSnapshot indicates whether network snapshot collection is enabled.\n", + "type": "boolean" + }, + "containerDiskUsageMb": { + "description": "ContainerDiskUsageMb is the maximum amount of disk space used to\nstore the container historical forensic events.\n", + "type": "integer" + }, + "enabled": { + "description": "Enabled indicates whether host and container forensic data collection is enabled.\n", + "type": "boolean" + }, + "hostDiskUsageMb": { + "description": "HostDiskUsageMb is the maximum amount of disk space used to store\nthe host historical forensic events.\n", + "type": "integer" + }, + "incidentSnapshotsCap": { + "description": "IncidentSnapshotCap is the maximum amount of incident snapshots we store.\n", + "type": "integer" + } + }, + "type": "object" + }, + "shared.GitlabRegistrySpec": { + "description": "GitlabRegistrySpec represents a specification for registry scanning in GitLab", + "properties": { + "apiDomainName": { + "description": ".\n", + "type": "string" + }, + "excludedGroupIDs": { + "description": ".\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "groupIDs": { + "description": ".\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "projectIDs": { + "description": ".\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "userID": { + "description": ".\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.GraceDaysPolicy": { + "description": "GraceDaysPolicy indicates the grace days policy by severity", + "properties": { + "critical": { + "description": ".\n", + "type": "integer" + }, + "enabled": { + "description": "Enabled is an indication whether the the grace days by severity is enabled.\n", + "type": "boolean" + }, + "high": { + "description": ".\n", + "type": "integer" + }, + "low": { + "description": ".\n", + "type": "integer" + }, + "medium": { + "description": ".\n", + "type": "integer" + } + }, + "type": "object" + }, + "shared.HostActivity": { + "description": "HostActivity holds information for a user activity", + "properties": { + "_id": { + "description": "ID is activity's unique identifier.\n", + "type": "string" + }, + "accountID": { + "description": "AccountID is the cloud account ID.\n", + "type": "string" + }, + "affectedServices": { + "description": "AffectedServices is the affected systemd service.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "cluster": { + "description": "Cluster is the cluster from which the audit originated.\n", + "type": "string" + }, + "collections": { + "description": "Collections are collections to which this host activity applies.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "command": { + "description": "Command is the original (with arguments) command the user invoked.\n", + "type": "string" + }, + "hostname": { + "description": "Hostname the activity originated from.\n", + "type": "string" + }, + "interactive": { + "description": "Interactive indicates that the target process was spawned in an interactive session.\n", + "type": "boolean" + }, + "modifiedFiles": { + "description": "ModifiedFiles is the related modified files.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "msg": { + "description": "Message contains additional non-structured information about the activity, e.g. throttling message.\n", + "type": "string" + }, + "ruleName": { + "description": "RuleName is the name of the rule applied to the host activity.\n", + "type": "string" + }, + "service": { + "description": "Service is the owning systemd service.\n", + "type": "string" + }, + "time": { + "description": "Time is time of the activity.\n", + "format": "date-time", + "type": "string" + }, + "type": { + "$ref": "#/components/schemas/shared.ActivityType" + }, + "user": { + "description": "Username of the user that triggered the activity.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.HostAutoDeploySpecification": { + "description": "HostAutoDeploySpecification contains the information for host defender auto-deploy", + "properties": { + "awsRegionType": { + "$ref": "#/components/schemas/shared.RegionType" + }, + "bucketRegion": { + "description": "BucketRegion is the bucket region for Cloud Storage on GCP.\n", + "type": "string" + }, + "collections": { + "description": "Collections is a list of collections the rule applies to.\n", + "items": { + "$ref": "#/components/schemas/collection.Collection" + }, + "type": "array" + }, + "consoleHostname": { + "description": "ConsoleHostname represents the hostname of the console to connect to.\n", + "type": "string" + }, + "credentialID": { + "description": "CredentialID is the service provider authentication data.\n", + "type": "string" + }, + "lastModified": { + "description": "LastModified is the last modified time of the specification.\n", + "format": "date-time", + "type": "string" + }, + "name": { + "description": "Name is the name of the spec.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.HostAutoDeploySpecifications": { + "description": "HostAutoDeploySpecifications is a list of host auto-deploy specifications", + "items": { + "$ref": "#/components/schemas/shared.HostAutoDeploySpecification" + }, + "type": "array" + }, + "shared.HostInfo": { + "description": "HostInfo is a collection of information about the host and it's runtime state", + "properties": { + "Secrets": { + "description": "Secrets are paths to embedded secrets inside the image\nNote: capital letter JSON annotation is kept to avoid converting all images for backward-compatibility support.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "_id": { + "description": "Image identifier (image ID or repo:tag).\n", + "type": "string" + }, + "agentless": { + "description": "Agentless indicates that the host was scanned with the agentless scanner.\n", + "type": "boolean" + }, + "aisUUID": { + "description": "AISUUID is the unique instance ID in the agentless instance scanning system.\n", + "type": "string" + }, + "allCompliance": { + "$ref": "#/components/schemas/vuln.AllCompliance" + }, + "appEmbedded": { + "description": "Indicates that this image was scanned by an App-Embedded Defender.\n", + "type": "boolean" + }, + "applications": { + "description": "Products in the image.\n", + "items": { + "$ref": "#/components/schemas/vuln.Application" + }, + "type": "array" + }, + "baseImage": { + "description": "Image\u2019s base image name. Used when filtering the vulnerabilities by base images.\n", + "type": "string" + }, + "binaries": { + "description": "Binaries in the image.\n", + "items": { + "$ref": "#/components/schemas/shared.Binary" + }, + "type": "array" + }, + "cloudMetadata": { + "$ref": "#/components/schemas/common.CloudMetadata" + }, + "clusterType": { + "$ref": "#/components/schemas/common.ClusterType" + }, + "clusters": { + "description": "Cluster names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "collections": { + "description": "Collections to which this result applies.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "complianceDistribution": { + "$ref": "#/components/schemas/vuln.Distribution" + }, + "complianceIssues": { + "description": "All the compliance issues.\n", + "items": { + "$ref": "#/components/schemas/vuln.Vulnerability" + }, + "type": "array" + }, + "complianceIssuesCount": { + "description": "Number of compliance issues.\n", + "type": "integer" + }, + "complianceRiskScore": { + "description": "Compliance risk score for the image.\n", + "format": "float", + "type": "number" + }, + "compressed": { + "description": "Compressed indicates if this image seems to be compressed - currently only relevant for buildah images.\n", + "type": "boolean" + }, + "compressedLayerTimes": { + "$ref": "#/components/schemas/shared.CompressedLayerTimes" + }, + "creationTime": { + "description": "Specifies the time of creation for the latest version of the image.\n", + "format": "date-time", + "type": "string" + }, + "csa": { + "description": "CSA indicates the scan was performed by the CSA.\n", + "type": "boolean" + }, + "csaWindows": { + "description": "CSAWindows indicates the scan was performed by the Ivanti agent(CSA Windows - Cortex server).\n", + "type": "boolean" + }, + "distro": { + "description": "Full name of the distribution.\n", + "type": "string" + }, + "ecsClusterName": { + "description": "ECS cluster name.\n", + "type": "string" + }, + "err": { + "description": "Description of an error that occurred during image scan.\n", + "type": "string" + }, + "errCode": { + "$ref": "#/components/schemas/agentless.ImageScanResultErrCode" + }, + "externalLabels": { + "description": "Kubernetes external labels of all containers running this image.\n", + "items": { + "$ref": "#/components/schemas/common.ExternalLabel" + }, + "type": "array" + }, + "files": { + "description": "Files in the container.\n", + "items": { + "$ref": "#/components/schemas/shared.FileDetails" + }, + "type": "array" + }, + "firewallProtection": { + "$ref": "#/components/schemas/waas.ProtectionStatus" + }, + "firstScanTime": { + "description": "Specifies the time of the scan for the first version of the image. This time is preserved even after the version update.\n", + "format": "date-time", + "type": "string" + }, + "foundSecrets": { + "description": "FoundSecrets are secrets with metadata that were found in the secrets' scan. Requires json tag for reporting secrets from image scan.\n", + "items": { + "$ref": "#/components/schemas/vuln.Secret" + }, + "type": "array" + }, + "history": { + "description": "Docker image history.\n", + "items": { + "$ref": "#/components/schemas/shared.ImageHistory" + }, + "type": "array" + }, + "hostDevices": { + "description": "Map from host network device name to IP address.\n", + "items": { + "$ref": "#/components/schemas/common.NetworkDeviceIP" + }, + "type": "array" + }, + "hostRuntimeEnabled": { + "description": "HostRuntimeEnabled indicates if any runtime rule applies to the host.\n", + "type": "boolean" + }, + "hostname": { + "description": "Name of the host that was scanned.\n", + "type": "string" + }, + "hosts": { + "$ref": "#/components/schemas/shared.ImageHosts" + }, + "id": { + "description": "Image ID.\n", + "type": "string" + }, + "image": { + "$ref": "#/components/schemas/shared.Image" + }, + "installedProducts": { + "$ref": "#/components/schemas/shared.InstalledProducts" + }, + "instances": { + "description": "Details about each occurrence of the image (tag + host).\n", + "items": { + "$ref": "#/components/schemas/shared.ImageInstance" + }, + "type": "array" + }, + "isARM64": { + "description": "IsARM64 indicates if the architecture of the image is aarch64.\n", + "type": "boolean" + }, + "k8sClusterAddr": { + "description": "Endpoint of the Kubernetes API server.\n", + "type": "string" + }, + "labels": { + "description": "Image labels.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "layers": { + "description": "Image's filesystem layers. Each layer is a SHA256 digest of the filesystem diff\nSee: https://windsock.io/explaining-docker-image-ids/.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "malwareAnalyzedTime": { + "description": "MalwareAnalyzedTime is the WildFire evaluator analyzing time shown as progress in UI and cannot to be overwritten by a new scan result.\n", + "format": "date-time", + "type": "string" + }, + "missingDistroVulnCoverage": { + "description": "Indicates if the image OS is covered in the IS (true) or not (false).\n", + "type": "boolean" + }, + "namespaces": { + "description": "k8s namespaces of all the containers running this image.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "osDistro": { + "description": "Name of the OS distribution.\n", + "type": "string" + }, + "osDistroRelease": { + "description": "OS distribution release.\n", + "type": "string" + }, + "osDistroVersion": { + "description": "OS distribution version.\n", + "type": "string" + }, + "packageManager": { + "description": "Indicates if the package manager is installed for the OS.\n", + "type": "boolean" + }, + "packages": { + "description": "Packages which exist in the image.\n", + "items": { + "$ref": "#/components/schemas/shared.Packages" + }, + "type": "array" + }, + "pullDuration": { + "description": "PullDuration is the time it took to pull the image.\n", + "format": "int64", + "type": "integer" + }, + "pushTime": { + "description": "PushTime is the image push time to the registry.\n", + "format": "date-time", + "type": "string" + }, + "redHatNonRPMImage": { + "description": "RedHatNonRPMImage indicates whether the image is a Red Hat image with non-RPM content.\n", + "type": "boolean" + }, + "registryNamespace": { + "description": "IBM cloud namespace to which the image belongs.\n", + "type": "string" + }, + "registryTags": { + "description": "RegistryTags are the tags of the registry this image is stored.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "registryType": { + "description": "RegistryType indicates the registry type where the image is stored.\n", + "type": "string" + }, + "repoDigests": { + "description": "Digests of the image. Used for content trust (notary). Has one digest per tag.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "repoTag": { + "$ref": "#/components/schemas/shared.ImageTag" + }, + "rhelRepos": { + "description": "RhelRepositories are the (RPM) repositories IDs from which the packages in this image were installed\nUsed for matching vulnerabilities by Red Hat CPEs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "riskFactors": { + "$ref": "#/components/schemas/vulnerability.RiskFactors" + }, + "scanBuildDate": { + "description": "Scanner build date that published the image.\n", + "type": "string" + }, + "scanDuration": { + "description": "ScanDuration is the total time it took to scan the image.\n", + "format": "int64", + "type": "integer" + }, + "scanID": { + "description": "ScanID is the ID of the scan.\n", + "type": "integer" + }, + "scanTime": { + "description": "Specifies the time of the last scan of the image.\n", + "format": "date-time", + "type": "string" + }, + "scanVersion": { + "description": "Scanner version that published the image.\n", + "type": "string" + }, + "secretScanMetrics": { + "$ref": "#/components/schemas/secrets.SecretScanMetrics" + }, + "startupBinaries": { + "description": "Binaries which are expected to run when the container is created from this image.\n", + "items": { + "$ref": "#/components/schemas/shared.Binary" + }, + "type": "array" + }, + "stopped": { + "description": "Stopped indicates whether the host was running during the agentless scan.\n", + "type": "boolean" + }, + "tags": { + "description": "Tags associated with the given image.\n", + "items": { + "$ref": "#/components/schemas/shared.ImageTag" + }, + "type": "array" + }, + "topLayer": { + "description": "SHA256 of the image's last layer that is the last element of the Layers field.\n", + "type": "string" + }, + "trustResult": { + "$ref": "#/components/schemas/trust.ImageResult" + }, + "trustStatus": { + "$ref": "#/components/schemas/trust.Status" + }, + "twistlockImage": { + "description": "Indicates if the image is a Twistlock image (true) or not (false).\n", + "type": "boolean" + }, + "type": { + "$ref": "#/components/schemas/shared.ScanType" + }, + "underlyingDistro": { + "description": "UnderlyingDistro is used in cases OS an OS is built on top of another, and we need to know both.\n", + "type": "string" + }, + "underlyingDistroRelease": { + "description": "UnderlyingDistroRelease is used in cases OS an OS is built on top of another, and we need to know both.\n", + "type": "string" + }, + "vulnerabilities": { + "description": "CVE vulnerabilities of the image.\n", + "items": { + "$ref": "#/components/schemas/vuln.Vulnerability" + }, + "type": "array" + }, + "vulnerabilitiesCount": { + "description": "Total number of vulnerabilities.\n", + "type": "integer" + }, + "vulnerabilityDistribution": { + "$ref": "#/components/schemas/vuln.Distribution" + }, + "vulnerabilityRiskScore": { + "description": "Image's CVE risk score.\n", + "format": "float", + "type": "number" + }, + "wildFireUsage": { + "$ref": "#/components/schemas/wildfire.Usage" + } + }, + "type": "object" + }, + "shared.HostNetworkFirewallProfileAudits": { + "description": "HostNetworkFirewallProfileAudits represents the host network firewall profile audits", + "properties": { + "_id": { + "description": "ProfileID is the runtime profile ID.\n", + "type": "string" + }, + "audits": { + "additionalProperties": { + "$ref": "#/components/schemas/shared.HostNetworkFirewallSubtypeAudits" + }, + "description": "Audits is a map from the audit sub-type to the audit events list.\n", + "type": "object" + }, + "cluster": { + "description": "Cluster is the cluster from which the audit originated.\n", + "type": "string" + }, + "collections": { + "description": "Collections are collections to which this audit applies.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "imageName": { + "description": "ImageName is the container image name.\n", + "type": "string" + }, + "label": { + "description": "Label represents the container deployment label.\n", + "type": "string" + }, + "os": { + "description": "OS is the operating system distribution.\n", + "type": "string" + }, + "resource": { + "$ref": "#/components/schemas/common.RuntimeResource" + }, + "time": { + "description": "Time is the UTC time of the last audit event.\n", + "format": "date-time", + "type": "string" + }, + "total": { + "description": "Total is the total count of audits per runtime profile.\n", + "type": "integer" + } + }, + "type": "object" + }, + "shared.HostNetworkFirewallSubtypeAudits": { + "description": "HostNetworkFirewallSubtypeAudits represents the host network firewall sub type audits per profile", + "properties": { + "audits": { + "description": "Audits are the host network firewall audits associated with the sub-type, limited to the determined capacity.\n", + "items": { + "$ref": "#/components/schemas/cnnf.HostAudit" + }, + "type": "array" + }, + "count": { + "description": "Count is the total count of the sub-type audits.\n", + "type": "integer" + } + }, + "type": "object" + }, + "shared.HostRadarIncomingConnection": { + "description": "HostRadarIncomingConnection is the incoming connection between two apps in two hosts", + "properties": { + "dstHost": { + "description": "DstHost is the src hostname.\n", + "type": "string" + }, + "policyRules": { + "description": "PolicyRules are the policy rules that are applicable for source/dest. Used for radar display of connections deduced from policy rules.\n", + "items": { + "$ref": "#/components/schemas/cnnf.RadarPolicyRule" + }, + "type": "array" + }, + "ports": { + "description": "Ports are the destination ports.\n", + "items": { + "$ref": "#/components/schemas/common.PortData" + }, + "type": "array" + }, + "srcHash": { + "$ref": "#/components/schemas/common.ProfileHash" + }, + "srcHost": { + "description": "SrcHost is the src hostname.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.IPs": { + "description": "IPs represents a list of IPs", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "shared.Image": { + "description": "Image represents a container image", + "properties": { + "created": { + "description": "Date/time when the image was created.\n", + "format": "date-time", + "type": "string" + }, + "entrypoint": { + "description": "Combined entrypoint of the image (entrypoint + CMD).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "env": { + "description": "Image environment variables.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "healthcheck": { + "description": "Indicates if health checks are enabled (true) or not (false).\n", + "type": "boolean" + }, + "history": { + "description": "Holds the image history.\n", + "items": { + "$ref": "#/components/schemas/shared.ImageHistory" + }, + "type": "array" + }, + "id": { + "description": "ID of the image.\n", + "type": "string" + }, + "labels": { + "additionalProperties": { + "$ref": "#/components/schemas/string" + }, + "description": "Image labels.\n", + "type": "object" + }, + "layers": { + "description": "Image filesystem layers.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "os": { + "description": "Image os type.\n", + "type": "string" + }, + "repoDigest": { + "description": "Image repo digests.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "repoTags": { + "description": "Image repo tags.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "user": { + "description": "Image user.\n", + "type": "string" + }, + "workingDir": { + "description": "Base working directory of the image.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.ImageHistory": { + "description": "ImageHistory represent a layer in the image's history", + "properties": { + "baseLayer": { + "description": "Indicates if this layer originated from the base image (true) or not (false).\n", + "type": "boolean" + }, + "created": { + "description": "Date/time when the image layer was created.\n", + "format": "int64", + "type": "integer" + }, + "emptyLayer": { + "description": "Indicates if this instruction didn't create a separate layer (true) or not (false).\n", + "type": "boolean" + }, + "id": { + "description": "ID of the layer.\n", + "type": "string" + }, + "instruction": { + "description": "Docker file instruction and arguments used to create this layer.\n", + "type": "string" + }, + "sizeBytes": { + "description": "Size of the layer (in bytes).\n", + "format": "int64", + "type": "integer" + }, + "tags": { + "description": "Holds the image tags.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "vulnerabilities": { + "description": "Vulnerabilities which originated from this layer.\n", + "items": { + "$ref": "#/components/schemas/vuln.Vulnerability" + }, + "type": "array" + } + }, + "type": "object" + }, + "shared.ImageHost": { + "description": "ImageHost holds information about image scan result per host", + "properties": { + "accountID": { + "description": "AccountID is the cloud account ID the image is associated with.\n", + "type": "string" + }, + "agentless": { + "description": "Agentless indicates if the image was scanned as part of an agentless scan.\n", + "type": "boolean" + }, + "agentlessScanID": { + "description": "AgentlessScanID is the ID of the agentless scan in which the result was received.\n", + "type": "integer" + }, + "ais": { + "description": "AIS indicates the scan was performed by AIS.\n", + "type": "boolean" + }, + "appEmbedded": { + "description": "AppEmbedded indicates if the host is an app embedded host.\n", + "type": "boolean" + }, + "cluster": { + "description": "Cluster is the cluster on which the image is deployed.\n", + "type": "string" + }, + "csa": { + "description": "CSA indicates if the image was scanned by CSA.\n", + "type": "boolean" + }, + "modified": { + "description": "Modified is the last scan time.\n", + "format": "date-time", + "type": "string" + }, + "namespaces": { + "description": "Namespaces are the namespaces on which the image is deployed.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + "type": "object" + }, + "shared.ImageHosts": { + "additionalProperties": { + "$ref": "#/components/schemas/shared.ImageHost" + }, + "description": "ImageHosts is a fast index for image scan results metadata per host", + "type": "object" + }, + "shared.ImageInfo": { + "description": "ImageInfo contains image information collected during image scan", + "properties": { + "Secrets": { + "description": "Secrets are paths to embedded secrets inside the image\nNote: capital letter JSON annotation is kept to avoid converting all images for backward-compatibility support.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "allCompliance": { + "$ref": "#/components/schemas/vuln.AllCompliance" + }, + "applications": { + "description": "Products in the image.\n", + "items": { + "$ref": "#/components/schemas/vuln.Application" + }, + "type": "array" + }, + "baseImage": { + "description": "Image\u2019s base image name. Used when filtering the vulnerabilities by base images.\n", + "type": "string" + }, + "binaries": { + "description": "Binaries in the image.\n", + "items": { + "$ref": "#/components/schemas/shared.Binary" + }, + "type": "array" + }, + "cloudMetadata": { + "$ref": "#/components/schemas/common.CloudMetadata" + }, + "clusterType": { + "$ref": "#/components/schemas/common.ClusterType" + }, + "clusters": { + "description": "Cluster names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "complianceDistribution": { + "$ref": "#/components/schemas/vuln.Distribution" + }, + "complianceIssues": { + "description": "All the compliance issues.\n", + "items": { + "$ref": "#/components/schemas/vuln.Vulnerability" + }, + "type": "array" + }, + "complianceIssuesCount": { + "description": "Number of compliance issues.\n", + "type": "integer" + }, + "complianceRiskScore": { + "description": "Compliance risk score for the image.\n", + "format": "float", + "type": "number" + }, + "compressed": { + "description": "Compressed indicates if this image seems to be compressed - currently only relevant for buildah images.\n", + "type": "boolean" + }, + "compressedLayerTimes": { + "$ref": "#/components/schemas/shared.CompressedLayerTimes" + }, + "creationTime": { + "description": "Specifies the time of creation for the latest version of the image.\n", + "format": "date-time", + "type": "string" + }, + "distro": { + "description": "Full name of the distribution.\n", + "type": "string" + }, + "ecsClusterName": { + "description": "ECS cluster name.\n", + "type": "string" + }, + "externalLabels": { + "description": "Kubernetes external labels of all containers running this image.\n", + "items": { + "$ref": "#/components/schemas/common.ExternalLabel" + }, + "type": "array" + }, + "files": { + "description": "Files in the container.\n", + "items": { + "$ref": "#/components/schemas/shared.FileDetails" + }, + "type": "array" + }, + "firstScanTime": { + "description": "Specifies the time of the scan for the first version of the image. This time is preserved even after the version update.\n", + "format": "date-time", + "type": "string" + }, + "foundSecrets": { + "description": "FoundSecrets are secrets with metadata that were found in the secrets' scan. Requires json tag for reporting secrets from image scan.\n", + "items": { + "$ref": "#/components/schemas/vuln.Secret" + }, + "type": "array" + }, + "history": { + "description": "Docker image history.\n", + "items": { + "$ref": "#/components/schemas/shared.ImageHistory" + }, + "type": "array" + }, + "hostDevices": { + "description": "Map from host network device name to IP address.\n", + "items": { + "$ref": "#/components/schemas/common.NetworkDeviceIP" + }, + "type": "array" + }, + "id": { + "description": "Image ID.\n", + "type": "string" + }, + "image": { + "$ref": "#/components/schemas/shared.Image" + }, + "installedProducts": { + "$ref": "#/components/schemas/shared.InstalledProducts" + }, + "isARM64": { + "description": "IsARM64 indicates if the architecture of the image is aarch64.\n", + "type": "boolean" + }, + "k8sClusterAddr": { + "description": "Endpoint of the Kubernetes API server.\n", + "type": "string" + }, + "labels": { + "description": "Image labels.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "layers": { + "description": "Image's filesystem layers. Each layer is a SHA256 digest of the filesystem diff\nSee: https://windsock.io/explaining-docker-image-ids/.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "missingDistroVulnCoverage": { + "description": "Indicates if the image OS is covered in the IS (true) or not (false).\n", + "type": "boolean" + }, + "namespaces": { + "description": "k8s namespaces of all the containers running this image.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "osDistro": { + "description": "Name of the OS distribution.\n", + "type": "string" + }, + "osDistroRelease": { + "description": "OS distribution release.\n", + "type": "string" + }, + "osDistroVersion": { + "description": "OS distribution version.\n", + "type": "string" + }, + "packageManager": { + "description": "Indicates if the package manager is installed for the OS.\n", + "type": "boolean" + }, + "packages": { + "description": "Packages which exist in the image.\n", + "items": { + "$ref": "#/components/schemas/shared.Packages" + }, + "type": "array" + }, + "pushTime": { + "description": "PushTime is the image push time to the registry.\n", + "format": "date-time", + "type": "string" + }, + "redHatNonRPMImage": { + "description": "RedHatNonRPMImage indicates whether the image is a Red Hat image with non-RPM content.\n", + "type": "boolean" + }, + "registryNamespace": { + "description": "IBM cloud namespace to which the image belongs.\n", + "type": "string" + }, + "registryTags": { + "description": "RegistryTags are the tags of the registry this image is stored.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "registryType": { + "description": "RegistryType indicates the registry type where the image is stored.\n", + "type": "string" + }, + "repoDigests": { + "description": "Digests of the image. Used for content trust (notary). Has one digest per tag.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "repoTag": { + "$ref": "#/components/schemas/shared.ImageTag" + }, + "rhelRepos": { + "description": "RhelRepositories are the (RPM) repositories IDs from which the packages in this image were installed\nUsed for matching vulnerabilities by Red Hat CPEs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "riskFactors": { + "$ref": "#/components/schemas/vulnerability.RiskFactors" + }, + "scanBuildDate": { + "description": "Scanner build date that published the image.\n", + "type": "string" + }, + "scanVersion": { + "description": "Scanner version that published the image.\n", + "type": "string" + }, + "secretScanMetrics": { + "$ref": "#/components/schemas/secrets.SecretScanMetrics" + }, + "startupBinaries": { + "description": "Binaries which are expected to run when the container is created from this image.\n", + "items": { + "$ref": "#/components/schemas/shared.Binary" + }, + "type": "array" + }, + "tags": { + "description": "Tags associated with the given image.\n", + "items": { + "$ref": "#/components/schemas/shared.ImageTag" + }, + "type": "array" + }, + "topLayer": { + "description": "SHA256 of the image's last layer that is the last element of the Layers field.\n", + "type": "string" + }, + "twistlockImage": { + "description": "Indicates if the image is a Twistlock image (true) or not (false).\n", + "type": "boolean" + }, + "underlyingDistro": { + "description": "UnderlyingDistro is used in cases OS an OS is built on top of another, and we need to know both.\n", + "type": "string" + }, + "underlyingDistroRelease": { + "description": "UnderlyingDistroRelease is used in cases OS an OS is built on top of another, and we need to know both.\n", + "type": "string" + }, + "vulnerabilities": { + "description": "CVE vulnerabilities of the image.\n", + "items": { + "$ref": "#/components/schemas/vuln.Vulnerability" + }, + "type": "array" + }, + "vulnerabilitiesCount": { + "description": "Total number of vulnerabilities.\n", + "type": "integer" + }, + "vulnerabilityDistribution": { + "$ref": "#/components/schemas/vuln.Distribution" + }, + "vulnerabilityRiskScore": { + "description": "Image's CVE risk score.\n", + "format": "float", + "type": "number" + } + }, + "type": "object" + }, + "shared.ImageInstance": { + "description": "ImageInstance represents an image on a single host", + "properties": { + "host": { + "description": ".\n", + "type": "string" + }, + "image": { + "description": ".\n", + "type": "string" + }, + "modified": { + "description": ".\n", + "format": "date-time", + "type": "string" + }, + "registry": { + "description": ".\n", + "type": "string" + }, + "repo": { + "description": ".\n", + "type": "string" + }, + "tag": { + "description": ".\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.ImageScanResult": { + "description": "ImageScanResult holds the result of an image scan", + "properties": { + "Secrets": { + "description": "Secrets are paths to embedded secrets inside the image\nNote: capital letter JSON annotation is kept to avoid converting all images for backward-compatibility support.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "_id": { + "description": "Image identifier (image ID or repo:tag).\n", + "type": "string" + }, + "agentless": { + "description": "Agentless indicates that the host was scanned with the agentless scanner.\n", + "type": "boolean" + }, + "aisUUID": { + "description": "AISUUID is the unique instance ID in the agentless instance scanning system.\n", + "type": "string" + }, + "allCompliance": { + "$ref": "#/components/schemas/vuln.AllCompliance" + }, + "appEmbedded": { + "description": "Indicates that this image was scanned by an App-Embedded Defender.\n", + "type": "boolean" + }, + "applications": { + "description": "Products in the image.\n", + "items": { + "$ref": "#/components/schemas/vuln.Application" + }, + "type": "array" + }, + "baseImage": { + "description": "Image\u2019s base image name. Used when filtering the vulnerabilities by base images.\n", + "type": "string" + }, + "binaries": { + "description": "Binaries in the image.\n", + "items": { + "$ref": "#/components/schemas/shared.Binary" + }, + "type": "array" + }, + "cloudMetadata": { + "$ref": "#/components/schemas/common.CloudMetadata" + }, + "clusterType": { + "$ref": "#/components/schemas/common.ClusterType" + }, + "clusters": { + "description": "Cluster names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "collections": { + "description": "Collections to which this result applies.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "complianceDistribution": { + "$ref": "#/components/schemas/vuln.Distribution" + }, + "complianceIssues": { + "description": "All the compliance issues.\n", + "items": { + "$ref": "#/components/schemas/vuln.Vulnerability" + }, + "type": "array" + }, + "complianceIssuesCount": { + "description": "Number of compliance issues.\n", + "type": "integer" + }, + "complianceRiskScore": { + "description": "Compliance risk score for the image.\n", + "format": "float", + "type": "number" + }, + "compressed": { + "description": "Compressed indicates if this image seems to be compressed - currently only relevant for buildah images.\n", + "type": "boolean" + }, + "compressedLayerTimes": { + "$ref": "#/components/schemas/shared.CompressedLayerTimes" + }, + "creationTime": { + "description": "Specifies the time of creation for the latest version of the image.\n", + "format": "date-time", + "type": "string" + }, + "csa": { + "description": "CSA indicates the scan was performed by the CSA.\n", + "type": "boolean" + }, + "csaWindows": { + "description": "CSAWindows indicates the scan was performed by the Ivanti agent(CSA Windows - Cortex server).\n", + "type": "boolean" + }, + "distro": { + "description": "Full name of the distribution.\n", + "type": "string" + }, + "ecsClusterName": { + "description": "ECS cluster name.\n", + "type": "string" + }, + "err": { + "description": "Description of an error that occurred during image scan.\n", + "type": "string" + }, + "errCode": { + "$ref": "#/components/schemas/agentless.ImageScanResultErrCode" + }, + "externalLabels": { + "description": "Kubernetes external labels of all containers running this image.\n", + "items": { + "$ref": "#/components/schemas/common.ExternalLabel" + }, + "type": "array" + }, + "files": { + "description": "Files in the container.\n", + "items": { + "$ref": "#/components/schemas/shared.FileDetails" + }, + "type": "array" + }, + "firewallProtection": { + "$ref": "#/components/schemas/waas.ProtectionStatus" + }, + "firstScanTime": { + "description": "Specifies the time of the scan for the first version of the image. This time is preserved even after the version update.\n", + "format": "date-time", + "type": "string" + }, + "foundSecrets": { + "description": "FoundSecrets are secrets with metadata that were found in the secrets' scan. Requires json tag for reporting secrets from image scan.\n", + "items": { + "$ref": "#/components/schemas/vuln.Secret" + }, + "type": "array" + }, + "history": { + "description": "Docker image history.\n", + "items": { + "$ref": "#/components/schemas/shared.ImageHistory" + }, + "type": "array" + }, + "hostDevices": { + "description": "Map from host network device name to IP address.\n", + "items": { + "$ref": "#/components/schemas/common.NetworkDeviceIP" + }, + "type": "array" + }, + "hostRuntimeEnabled": { + "description": "HostRuntimeEnabled indicates if any runtime rule applies to the host.\n", + "type": "boolean" + }, + "hostname": { + "description": "Name of the host that was scanned.\n", + "type": "string" + }, + "hosts": { + "$ref": "#/components/schemas/shared.ImageHosts" + }, + "id": { + "description": "Image ID.\n", + "type": "string" + }, + "image": { + "$ref": "#/components/schemas/shared.Image" + }, + "installedProducts": { + "$ref": "#/components/schemas/shared.InstalledProducts" + }, + "instances": { + "description": "Details about each occurrence of the image (tag + host).\n", + "items": { + "$ref": "#/components/schemas/shared.ImageInstance" + }, + "type": "array" + }, + "isARM64": { + "description": "IsARM64 indicates if the architecture of the image is aarch64.\n", + "type": "boolean" + }, + "k8sClusterAddr": { + "description": "Endpoint of the Kubernetes API server.\n", + "type": "string" + }, + "labels": { + "description": "Image labels.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "layers": { + "description": "Image's filesystem layers. Each layer is a SHA256 digest of the filesystem diff\nSee: https://windsock.io/explaining-docker-image-ids/.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "malwareAnalyzedTime": { + "description": "MalwareAnalyzedTime is the WildFire evaluator analyzing time shown as progress in UI and cannot to be overwritten by a new scan result.\n", + "format": "date-time", + "type": "string" + }, + "missingDistroVulnCoverage": { + "description": "Indicates if the image OS is covered in the IS (true) or not (false).\n", + "type": "boolean" + }, + "namespaces": { + "description": "k8s namespaces of all the containers running this image.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "osDistro": { + "description": "Name of the OS distribution.\n", + "type": "string" + }, + "osDistroRelease": { + "description": "OS distribution release.\n", + "type": "string" + }, + "osDistroVersion": { + "description": "OS distribution version.\n", + "type": "string" + }, + "packageManager": { + "description": "Indicates if the package manager is installed for the OS.\n", + "type": "boolean" + }, + "packages": { + "description": "Packages which exist in the image.\n", + "items": { + "$ref": "#/components/schemas/shared.Packages" + }, + "type": "array" + }, + "pullDuration": { + "description": "PullDuration is the time it took to pull the image.\n", + "format": "int64", + "type": "integer" + }, + "pushTime": { + "description": "PushTime is the image push time to the registry.\n", + "format": "date-time", + "type": "string" + }, + "redHatNonRPMImage": { + "description": "RedHatNonRPMImage indicates whether the image is a Red Hat image with non-RPM content.\n", + "type": "boolean" + }, + "registryNamespace": { + "description": "IBM cloud namespace to which the image belongs.\n", + "type": "string" + }, + "registryTags": { + "description": "RegistryTags are the tags of the registry this image is stored.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "registryType": { + "description": "RegistryType indicates the registry type where the image is stored.\n", + "type": "string" + }, + "repoDigests": { + "description": "Digests of the image. Used for content trust (notary). Has one digest per tag.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "repoTag": { + "$ref": "#/components/schemas/shared.ImageTag" + }, + "rhelRepos": { + "description": "RhelRepositories are the (RPM) repositories IDs from which the packages in this image were installed\nUsed for matching vulnerabilities by Red Hat CPEs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "riskFactors": { + "$ref": "#/components/schemas/vulnerability.RiskFactors" + }, + "scanBuildDate": { + "description": "Scanner build date that published the image.\n", + "type": "string" + }, + "scanDuration": { + "description": "ScanDuration is the total time it took to scan the image.\n", + "format": "int64", + "type": "integer" + }, + "scanID": { + "description": "ScanID is the ID of the scan.\n", + "type": "integer" + }, + "scanTime": { + "description": "Specifies the time of the last scan of the image.\n", + "format": "date-time", + "type": "string" + }, + "scanVersion": { + "description": "Scanner version that published the image.\n", + "type": "string" + }, + "secretScanMetrics": { + "$ref": "#/components/schemas/secrets.SecretScanMetrics" + }, + "startupBinaries": { + "description": "Binaries which are expected to run when the container is created from this image.\n", + "items": { + "$ref": "#/components/schemas/shared.Binary" + }, + "type": "array" + }, + "stopped": { + "description": "Stopped indicates whether the host was running during the agentless scan.\n", + "type": "boolean" + }, + "tags": { + "description": "Tags associated with the given image.\n", + "items": { + "$ref": "#/components/schemas/shared.ImageTag" + }, + "type": "array" + }, + "topLayer": { + "description": "SHA256 of the image's last layer that is the last element of the Layers field.\n", + "type": "string" + }, + "trustResult": { + "$ref": "#/components/schemas/trust.ImageResult" + }, + "trustStatus": { + "$ref": "#/components/schemas/trust.Status" + }, + "twistlockImage": { + "description": "Indicates if the image is a Twistlock image (true) or not (false).\n", + "type": "boolean" + }, + "type": { + "$ref": "#/components/schemas/shared.ScanType" + }, + "underlyingDistro": { + "description": "UnderlyingDistro is used in cases OS an OS is built on top of another, and we need to know both.\n", + "type": "string" + }, + "underlyingDistroRelease": { + "description": "UnderlyingDistroRelease is used in cases OS an OS is built on top of another, and we need to know both.\n", + "type": "string" + }, + "vulnerabilities": { + "description": "CVE vulnerabilities of the image.\n", + "items": { + "$ref": "#/components/schemas/vuln.Vulnerability" + }, + "type": "array" + }, + "vulnerabilitiesCount": { + "description": "Total number of vulnerabilities.\n", + "type": "integer" + }, + "vulnerabilityDistribution": { + "$ref": "#/components/schemas/vuln.Distribution" + }, + "vulnerabilityRiskScore": { + "description": "Image's CVE risk score.\n", + "format": "float", + "type": "number" + }, + "wildFireUsage": { + "$ref": "#/components/schemas/wildfire.Usage" + } + }, + "type": "object" + }, + "shared.ImageTag": { + "description": "ImageTag represents an image repository and its associated tag or registry digest", + "properties": { + "digest": { + "description": "Image digest (requires V2 or later registry).\n", + "type": "string" + }, + "id": { + "description": "ID of the image.\n", + "type": "string" + }, + "registry": { + "description": "Registry name to which the image belongs.\n", + "type": "string" + }, + "repo": { + "description": "Repository name to which the image belongs.\n", + "type": "string" + }, + "tag": { + "description": "Image tag.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.Incident": { + "description": "Incident represents an incident", + "properties": { + "_id": { + "description": "Internal ID of the incident.\n", + "type": "string" + }, + "accountID": { + "description": "Cloud account ID.\n", + "type": "string" + }, + "acknowledged": { + "description": "Indicates if the incident has been acknowledged (true) or not (false).\n", + "type": "boolean" + }, + "app": { + "description": "Application that caused the incident.\n", + "type": "string" + }, + "appID": { + "description": "Application ID.\n", + "type": "string" + }, + "audits": { + "description": "All runtime audits of the incident.\n", + "items": { + "$ref": "#/components/schemas/shared.RuntimeAudit" + }, + "type": "array" + }, + "category": { + "$ref": "#/components/schemas/shared.IncidentCategory" + }, + "cluster": { + "description": "Cluster on which the incident was found.\n", + "type": "string" + }, + "collections": { + "description": "Collections to which this incident applies.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "containerID": { + "description": "ID of the container that triggered the incident.\n", + "type": "string" + }, + "containerName": { + "description": "Unique container name.\n", + "type": "string" + }, + "customRuleName": { + "description": "Name of the custom runtime rule that triggered the incident.\n", + "type": "string" + }, + "fqdn": { + "description": "Current hostname's full domain name.\n", + "type": "string" + }, + "function": { + "description": "Name of the serverless function.\n", + "type": "string" + }, + "functionID": { + "description": "ID of the function that triggered the incident.\n", + "type": "string" + }, + "hostname": { + "description": "Current hostname.\n", + "type": "string" + }, + "imageID": { + "description": "Container image ID.\n", + "type": "string" + }, + "imageName": { + "description": "Container image name.\n", + "type": "string" + }, + "labels": { + "additionalProperties": { + "$ref": "#/components/schemas/string" + }, + "description": "Custom labels associated with the container.\n", + "type": "object" + }, + "namespace": { + "description": "k8s deployment namespace.\n", + "type": "string" + }, + "profileID": { + "description": "Runtime profile ID.\n", + "type": "string" + }, + "provider": { + "$ref": "#/components/schemas/common.CloudProvider" + }, + "region": { + "description": "Region of the resource on which the incident was found.\n", + "type": "string" + }, + "resourceID": { + "description": "Unique ID of the resource on which the incident was found.\n", + "type": "string" + }, + "runtime": { + "description": "Runtime of the serverless function.\n", + "type": "string" + }, + "serialNum": { + "description": "Serial number of the incident.\n", + "type": "integer" + }, + "shouldCollect": { + "description": "Indicates if this incident should be collected (true) or not (false).\n", + "type": "boolean" + }, + "time": { + "description": "Time of the incident (in UTC time).\n", + "format": "date-time", + "type": "string" + }, + "type": { + "$ref": "#/components/schemas/shared.IncidentType" + }, + "vmID": { + "description": "Azure unique VM ID on which the incident was found.\n", + "type": "string" + }, + "windows": { + "description": "Windows indicates if defender OS type is Windows.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "shared.IncidentCategory": { + "description": "IncidentCategory is the incident category", + "enum": [ + [ + "portScanning", + "hijackedProcess", + "dataExfiltration", + "kubernetes", + "backdoorAdministrativeAccount", + "backdoorSSHAccess", + "cryptoMiner", + "lateralMovement", + "bruteForce", + "customRule", + "alteredBinary", + "suspiciousBinary", + "executionFlowHijackAttempt", + "reverseShell", + "malware", + "cloudProvider" + ] + ], + "type": "string" + }, + "shared.IncidentType": { + "description": "IncidentType is the type of the incident", + "enum": [ + [ + "host", + "container", + "function", + "appEmbedded", + "fargate" + ] + ], + "type": "string" + }, + "shared.InstalledProducts": { + "description": "InstalledProducts contains data regarding products running in environment\nTODO #34713: Swarm support was deprecated in Joule, remove swarm node/manager boolean (and related compliance) in Lagrange", + "properties": { + "agentless": { + "description": "Agentless indicates whether the scan was performed with agentless approach.\n", + "type": "boolean" + }, + "apache": { + "description": "Apache indicates the apache server version, empty in case apache not running.\n", + "type": "string" + }, + "awsCloud": { + "description": "AWSCloud indicates whether AWS cloud is used.\n", + "type": "boolean" + }, + "clusterType": { + "$ref": "#/components/schemas/common.ClusterType" + }, + "crio": { + "description": "CRI indicates whether the container runtime is CRI (and not docker).\n", + "type": "boolean" + }, + "docker": { + "description": "Docker represents the docker daemon version.\n", + "type": "string" + }, + "dockerEnterprise": { + "description": "DockerEnterprise indicates whether the enterprise version of Docker is installed.\n", + "type": "boolean" + }, + "hasPackageManager": { + "description": "HasPackageManager indicates whether package manager is installed on the OS.\n", + "type": "boolean" + }, + "k8sApiServer": { + "description": "K8sAPIServer indicates whether a kubernetes API server is running.\n", + "type": "boolean" + }, + "k8sControllerManager": { + "description": "K8sControllerManager indicates whether a kubernetes controller manager is running.\n", + "type": "boolean" + }, + "k8sEtcd": { + "description": "K8sEtcd indicates whether etcd is running.\n", + "type": "boolean" + }, + "k8sFederationApiServer": { + "description": "K8sFederationAPIServer indicates whether a federation API server is running.\n", + "type": "boolean" + }, + "k8sFederationControllerManager": { + "description": "K8sFederationControllerManager indicates whether a federation controller manager is running.\n", + "type": "boolean" + }, + "k8sKubelet": { + "description": "K8sKubelet indicates whether kubelet is running.\n", + "type": "boolean" + }, + "k8sProxy": { + "description": "K8sProxy indicates whether a kubernetes proxy is running.\n", + "type": "boolean" + }, + "k8sScheduler": { + "description": "K8sScheduler indicates whether the kubernetes scheduler is running.\n", + "type": "boolean" + }, + "kubernetes": { + "description": "Kubernetes represents the kubernetes version.\n", + "type": "string" + }, + "managedClusterVersion": { + "description": "ManagedClusterVersion is the version of the managed Kubernetes service, e.g. AKS/EKS/GKE/etc.\n", + "type": "string" + }, + "openshift": { + "description": "Openshift indicates whether openshift is deployed.\n", + "type": "boolean" + }, + "openshiftVersion": { + "description": "OpenshiftVersion represents the running openshift version.\n", + "type": "string" + }, + "osDistro": { + "description": "OSDistro specifies the os distribution.\n", + "type": "string" + }, + "serverless": { + "description": "Serverless indicates whether evaluated on a serverless environment.\n", + "type": "boolean" + }, + "swarmManager": { + "description": "SwarmManager indicates whether a swarm manager is running.\n", + "type": "boolean" + }, + "swarmNode": { + "description": "SwarmNode indicates whether the node is part of an active swarm.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "shared.InternetConnections": { + "description": "InternetConnections represents the radar internet connections", + "properties": { + "incoming": { + "description": "Incoming is the incoming connections.\n", + "items": { + "$ref": "#/components/schemas/shared.Connection" + }, + "type": "array" + }, + "outgoing": { + "description": "Outgoing is the outgoing connections.\n", + "items": { + "$ref": "#/components/schemas/shared.Connection" + }, + "type": "array" + } + }, + "type": "object" + }, + "shared.JFrogRepoType": { + "description": "JFrogRepoType represents the type of JFrog Artifactory repository", + "enum": [ + [ + "local", + "remote", + "virtual" + ] + ], + "type": "string" + }, + "shared.KeyValues": { + "description": "KeyValues is a generic key values struct", + "properties": { + "key": { + "description": ".\n", + "type": "string" + }, + "values": { + "description": ".\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + "type": "object" + }, + "shared.KubeClusterRole": { + "description": "KubeClusterRole is a compact version of Kubernetes ClusterRole\nSee https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#clusterrole-v1-rbac-authorization-k8s-io", + "properties": { + "labels": { + "description": "Labels are the labels associated with the role.\n", + "items": { + "$ref": "#/components/schemas/shared.KubeLabel" + }, + "type": "array" + }, + "name": { + "description": "Name is the kubernetes role name.\n", + "type": "string" + }, + "roleBinding": { + "description": "RoleBinding is the name of the role binding used for display.\n", + "type": "string" + }, + "rules": { + "description": "Rules are the policy rules associated with the role.\n", + "items": { + "$ref": "#/components/schemas/shared.KubePolicyRule" + }, + "type": "array" + }, + "version": { + "description": "Version is the resource version of the role object maintained by Kubernetes.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.KubeLabel": { + "description": "KubeLabel represents a label\nThese are stored as an array to allow special characters in key names,\nsee https://docs.mongodb.com/manual/reference/limits/#Restrictions-on-Field-Names\nFor example: kubernetes.io/bootstrapping", + "properties": { + "key": { + "description": "Key is the key of the label.\n", + "type": "string" + }, + "value": { + "description": "Value is the value of the label.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.KubePolicyRule": { + "description": "KubePolicyRule is a compact version of Kubernetes PolicyRule\nSee https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#policyrule-v1-rbac-authorization-k8s-io", + "properties": { + "apiGroups": { + "description": ".\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "nonResourceURLs": { + "description": ".\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "resourceNames": { + "description": ".\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "resources": { + "description": ".\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "verbs": { + "description": ".\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + "type": "object" + }, + "shared.KubeRole": { + "description": "KubeRole is a compact version of Kubernetes Role\nSee https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#role-v1-rbac-authorization-k8s-io", + "properties": { + "labels": { + "description": "Labels are the labels associated with the role.\n", + "items": { + "$ref": "#/components/schemas/shared.KubeLabel" + }, + "type": "array" + }, + "name": { + "description": "Name is the role name.\n", + "type": "string" + }, + "namespace": { + "description": "Namespace is the namespace associated with the role.\n", + "type": "string" + }, + "roleBinding": { + "description": "RoleBinding is the name of the role binding used for display.\n", + "type": "string" + }, + "rules": { + "description": "Rules are the list of rules associated with the cluster role.\n", + "items": { + "$ref": "#/components/schemas/shared.KubePolicyRule" + }, + "type": "array" + }, + "version": { + "description": "Version is the resource version of the role object maintained by Kubernetes.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.LambdaRuntimeType": { + "description": "LambdaRuntimeType represents the runtime type of the serverless function\nThe constants used are taken from: https://docs.aws.amazon.com/lambda/latest/dg/API_CreateFunction.html#SSS-CreateFunction-request-Runtime", + "enum": [ + [ + "python", + "python3.6", + "python3.7", + "python3.8", + "python3.9", + "python3.10", + "python3.11", + "python3.12", + "nodejs", + "nodejs12.x", + "nodejs14.x", + "nodejs16.x", + "nodejs18.x", + "nodejs20.x", + "dotnet", + "dotnetcore2.1", + "dotnetcore3.1", + "dotnet6", + "java", + "java8", + "java11", + "java17", + "java21", + "ruby", + "ruby2.7" + ] + ], + "type": "string" + }, + "shared.License": { + "description": "License represent the customer license", + "properties": { + "access_token": { + "description": "AccessToken is the customer access token.\n", + "type": "string" + }, + "contract_id": { + "description": "ContractID is the customer contract ID.\n", + "type": "string" + }, + "contract_type": { + "$ref": "#/components/schemas/shared.LicenseContractType" + }, + "credits": { + "description": "Credits the total amount of credits purchased by the customer.\n", + "type": "integer" + }, + "customer_id": { + "description": "CustomerID is the customer ID.\n", + "type": "string" + }, + "defender_details": { + "description": "DefenderDetails represents the defenders license details.\n", + "items": { + "$ref": "#/components/schemas/shared.DefenderLicenseDetails" + }, + "type": "array" + }, + "defenders": { + "description": "Deprecated: Defenders is the maximum number of defender allowed in this license. Use DefenderDetails field instead.\n", + "type": "integer" + }, + "expiration_date": { + "description": "ExpirationDate is the license expiration date.\n", + "format": "date-time", + "type": "string" + }, + "issue_date": { + "description": "IssueDate is the license issue date.\n", + "format": "date-time", + "type": "string" + }, + "type": { + "$ref": "#/components/schemas/shared.LicenseTier" + }, + "workloads": { + "description": "Deprecated: Workloads is the number of workloads per license kept for backward compatibility. Use Credits instead.\n", + "type": "integer" + } + }, + "type": "object" + }, + "shared.LicenseConfig": { + "description": "LicenseConfig is the compliance policy license configuration", + "properties": { + "alertThreshold": { + "$ref": "#/components/schemas/shared.LicenseThreshold" + }, + "blockThreshold": { + "$ref": "#/components/schemas/shared.LicenseThreshold" + }, + "critical": { + "description": "Critical is the list of licenses with critical severity.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "high": { + "description": "High is the list of licenses with high severity.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "low": { + "description": "Low is the list of licenses with low severity.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "medium": { + "description": "Medium is the list of licenses with medium severity.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + "type": "object" + }, + "shared.LicenseContractType": { + "description": "LicenseContractType is the license contract type", + "enum": [ + [ + "", + "host", + "avg", + "burndown" + ] + ], + "type": "string" + }, + "shared.LicenseThreshold": { + "description": "LicenseThreshold is the license severity threshold to indicate whether to perform an action (alert/block)\nThreshold values typically vary between 0 and 10 (noninclusive)", + "properties": { + "enabled": { + "description": "Enabled indicates that the action is enabled.\n", + "type": "boolean" + }, + "value": { + "description": "Value is the minimum severity score for which the action is enabled.\n", + "format": "float", + "type": "number" + } + }, + "type": "object" + }, + "shared.LicenseTier": { + "description": "LicenseTier represents the license tier of the customer", + "enum": [ + [ + "", + "developer", + "enterprise", + "evaluation", + "oem" + ] + ], + "type": "string" + }, + "shared.LogInspectionEvent": { + "description": "LogInspectionEvent is a log inspection event detected according to the log inspection rules", + "properties": { + "_id": { + "description": "ID is event's unique identifier.\n", + "type": "string" + }, + "accountID": { + "description": "AccountID is the cloud account ID.\n", + "type": "string" + }, + "cluster": { + "description": "Cluster is the cluster on which the event was found.\n", + "type": "string" + }, + "collections": { + "description": "Collections are collections to which this event applies.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "hostname": { + "description": "Hostname is the hostname on which the event was found.\n", + "type": "string" + }, + "line": { + "description": "Line is the matching log line.\n", + "type": "string" + }, + "logfile": { + "description": "Logfile is the log file which triggered the event.\n", + "type": "string" + }, + "ruleName": { + "description": "RuleName is the name of the applied rule for auditing log inspection events.\n", + "type": "string" + }, + "time": { + "description": "Time is the time of the event.\n", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "shared.LoggerSetting": { + "description": "LoggerSetting are a specific logger settings", + "properties": { + "allProcEvents": { + "description": "AllProcEvents indicates whether any new spawned container process should generate an event source entry.\n", + "type": "boolean" + }, + "enabled": { + "description": "Enabled indicates whether log feature is enabled.\n", + "type": "boolean" + }, + "verboseScan": { + "description": "VerboseScan indicates whether detailed scan (Compliance/Vulnerability) result should be written to event logger.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "shared.LoggingSettings": { + "description": "LoggingSettings are the logging settings", + "properties": { + "consoleAddress": { + "description": "ConsoleAddress is the console address used by the admin to access the console, used for creating links for runtime events.\n", + "type": "string" + }, + "enableMetricsCollection": { + "description": "EnableMetricsCollection indicates whether metric collections feature is enabled.\n", + "type": "boolean" + }, + "includeRuntimeLink": { + "description": "IncludeRuntimeLink indicates whether link to forensic event should be included in the output.\n", + "type": "boolean" + }, + "stdout": { + "$ref": "#/components/schemas/shared.LoggerSetting" + }, + "syslog": { + "$ref": "#/components/schemas/shared.SyslogSettings" + } + }, + "type": "object" + }, + "shared.Malware": { + "description": "Malware is an executable and its md5", + "properties": { + "allowed": { + "description": "Allowed indicates if this signature is on the allowed list.\n", + "type": "boolean" + }, + "md5": { + "description": ".\n", + "type": "string" + }, + "modified": { + "description": "Modified is the time the malware was added to the DB.\n", + "format": "int64", + "type": "integer" + }, + "name": { + "description": ".\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.MgmtAudit": { + "description": "MgmtAudit represents a management audit in the system", + "properties": { + "api": { + "description": "API is the api used in the audit process.\n", + "type": "string" + }, + "diff": { + "description": "Diff is the diff between old and new values.\n", + "type": "string" + }, + "failure": { + "description": "Failure states whether the request failed or not.\n", + "type": "boolean" + }, + "sourceIP": { + "description": "SourceIP is the request's source IP.\n", + "type": "string" + }, + "status": { + "description": "Status is the request's response status.\n", + "type": "string" + }, + "time": { + "description": "Time is the time of the request.\n", + "format": "date-time", + "type": "string" + }, + "type": { + "$ref": "#/components/schemas/shared.MgmtType" + }, + "username": { + "description": "Username is the username of the user who performed the action.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.MgmtType": { + "description": "MgmtType represents management audit types", + "enum": [ + [ + "login", + "profile", + "settings", + "rule", + "user", + "group", + "credential", + "tag", + "role", + "pairing" + ] + ], + "type": "string" + }, + "shared.NetworkInfo": { + "description": "NetworkInfo contains data about a container regarding a specific network", + "properties": { + "ipAddress": { + "description": "IPAddress is the container IP.\n", + "type": "string" + }, + "macAddress": { + "description": "MacAddress is the container MAC.\n", + "type": "string" + }, + "name": { + "description": "Name is the network name.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.NodeJSModuleType": { + "description": "NodeJSModuleType is the type of a NodeJS module", + "enum": [ + [ + "commonjs", + "ecmascript" + ] + ], + "type": "string" + }, + "shared.Package": { + "description": "Package stores relevant package information", + "properties": { + "author": { + "description": "Author is the package's author.\n", + "type": "string" + }, + "binaryIdx": { + "description": "Indexes of the top binaries which use the package.\n", + "items": { + "$ref": "#/components/schemas/int16" + }, + "type": "array" + }, + "binaryPkgs": { + "description": "Names of the distro binary packages (packages which are built on the source of the package).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "cveCount": { + "description": "Total number of CVEs for this specific package.\n", + "type": "integer" + }, + "defaultGem": { + "description": "DefaultGem indicates this is a gem default package (and not a bundled package).\n", + "type": "boolean" + }, + "files": { + "description": "List of package-related files and their hashes. Only included when the appropriate scan option is set.\n", + "items": { + "$ref": "#/components/schemas/shared.FileDetails" + }, + "type": "array" + }, + "functionLayer": { + "description": "ID of the serverless layer in which the package was discovered.\n", + "type": "string" + }, + "goPkg": { + "description": "GoPkg indicates this is a Go package (and not module).\n", + "type": "boolean" + }, + "isRPMModule": { + "description": "IsRPMModule indicates whether this package data represents an RPM module.\n", + "type": "boolean" + }, + "jarIdentifier": { + "description": "JarIdentifier holds an additional identification detail of a JAR package.\n", + "type": "string" + }, + "layerTime": { + "description": "Image layer to which the package belongs (layer creation time).\n", + "format": "int64", + "type": "integer" + }, + "license": { + "description": "License information for the package.\n", + "type": "string" + }, + "name": { + "description": "Name of the package.\n", + "type": "string" + }, + "originPackageName": { + "description": "OriginPackageName is the name of the third-party origin package.\n", + "type": "string" + }, + "osPackage": { + "description": "OSPackage indicates that a python/java package was installed as an OS package.\n", + "type": "boolean" + }, + "path": { + "description": "Full package path (e.g., JAR or Node.js package path).\n", + "type": "string" + }, + "purl": { + "description": "PURL is a package URL identifier for this package.\n", + "type": "string" + }, + "rpmModule": { + "description": "RPMModule represents the RPM module in which this package is included.\n", + "type": "string" + }, + "securityRepoPkg": { + "description": "SecurityRepoPkg determines if this package is available in a security repository.\n", + "type": "boolean" + }, + "symbols": { + "description": "Symbols contains names of vulnerable functions that are linked in the executable binary, empty if the entire package is vulnerable.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "version": { + "description": "Package version.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.Packages": { + "description": "Packages is a collection of packages", + "properties": { + "pkgs": { + "description": "List of packages.\n", + "items": { + "$ref": "#/components/schemas/shared.Package" + }, + "type": "array" + }, + "pkgsType": { + "$ref": "#/components/schemas/packages.Type" + } + }, + "type": "object" + }, + "shared.PkgTypeThreshold": { + "description": "PkgTypeThreshold represents specific vulnerability alert and block thresholds for a package type", + "properties": { + "alertThreshold": { + "$ref": "#/components/schemas/shared.AlertThreshold" + }, + "blockThreshold": { + "$ref": "#/components/schemas/shared.BlockThreshold" + }, + "type": { + "$ref": "#/components/schemas/packages.Type" + } + }, + "type": "object" + }, + "shared.PkgsTimes": { + "description": "PkgsTimes are the compressed layer times for pkgs of the specific type", + "properties": { + "pkgTimes": { + "description": ".\n", + "items": { + "$ref": "#/components/schemas/int64" + }, + "type": "array" + }, + "pkgsType": { + "$ref": "#/components/schemas/packages.Type" + } + }, + "type": "object" + }, + "shared.Policy": { + "description": "Policy represents a policy that should be enforced by the Auditor", + "properties": { + "_id": { + "description": "Internal identifier.\n", + "type": "string" + }, + "policyType": { + "$ref": "#/components/schemas/common.PolicyType" + }, + "rules": { + "description": "Rules holds all policy rules.\n", + "items": { + "$ref": "#/components/schemas/shared.PolicyRule" + }, + "type": "array" + } + }, + "type": "object" + }, + "shared.PolicyRule": { + "description": "PolicyRule is a single rule in the policy", + "properties": { + "action": { + "description": "Action to take.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "alertThreshold": { + "$ref": "#/components/schemas/shared.AlertThreshold" + }, + "allCompliance": { + "description": "Reports the results of all compliance checks (both passed and failed) (true).\n", + "type": "boolean" + }, + "auditAllowed": { + "description": "Specifies if Prisma Cloud audits successful transactions.\n", + "type": "boolean" + }, + "blockMsg": { + "$ref": "#/components/schemas/common.PolicyBlockMsg" + }, + "blockThreshold": { + "$ref": "#/components/schemas/shared.BlockThreshold" + }, + "collections": { + "description": "List of collections. Used to scope the rule.\n", + "items": { + "$ref": "#/components/schemas/collection.Collection" + }, + "type": "array" + }, + "condition": { + "$ref": "#/components/schemas/shared.Conditions" + }, + "createPR": { + "description": "CreatePR indicates whether to create a pull request for vulnerability fixes (relevant for code repos).\n", + "type": "boolean" + }, + "cveRules": { + "description": "List of CVE IDs classified for special handling (also known as exceptions).\n", + "items": { + "$ref": "#/components/schemas/shared.CVERule" + }, + "type": "array" + }, + "disabled": { + "description": "Indicates whether the rule is currently disabled. Values: true (disabled) or false (enabled).\n", + "type": "boolean" + }, + "effect": { + "$ref": "#/components/schemas/common.PolicyEffect" + }, + "excludeBaseImageVulns": { + "description": "ExcludeBaseImageVulns indicates whether to exclude vulnerabilities coming from the base image.\n", + "type": "boolean" + }, + "graceDays": { + "description": "Number of days to suppress the rule's block effect. Measured from date the vuln was fixed. If there's no fix, measured from the date the vuln was published.\n", + "type": "integer" + }, + "graceDaysPolicy": { + "$ref": "#/components/schemas/shared.GraceDaysPolicy" + }, + "group": { + "description": "Applicable groups.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "license": { + "$ref": "#/components/schemas/shared.LicenseConfig" + }, + "modified": { + "description": "Specifies the date and time when the rule was last modified.\n", + "format": "date-time", + "type": "string" + }, + "name": { + "description": "Name of the rule.\n", + "type": "string" + }, + "notes": { + "description": "Describes any noteworthy points for a rule. You can include any text.\n", + "type": "string" + }, + "onlyFixed": { + "description": "Applies rule only when vendor fixes are available (true).\n", + "type": "boolean" + }, + "owner": { + "description": "User who created or last modified the rule.\n", + "type": "string" + }, + "pkgTypesThresholds": { + "description": "PkgTypesThresholds holds package type specific alert and block thresholds.\n", + "items": { + "$ref": "#/components/schemas/shared.PkgTypeThreshold" + }, + "type": "array" + }, + "previousName": { + "description": "Previous name of the rule. Required for rule renaming.\n", + "type": "string" + }, + "principal": { + "description": "Applicable users.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "riskFactorsEffects": { + "description": "RiskFactorsEffects indicates the effect (alert/block) of each risk factor.\n", + "items": { + "$ref": "#/components/schemas/shared.RiskFactorEffect" + }, + "type": "array" + }, + "tags": { + "description": "List of tags classified for special handling (also known as exceptions).\n", + "items": { + "$ref": "#/components/schemas/shared.TagRule" + }, + "type": "array" + }, + "verbose": { + "description": "Displays a detailed message when an operation is blocked (true).\n", + "type": "boolean" + } + }, + "type": "object" + }, + "shared.Port": { + "description": "Port is a container port", + "properties": { + "containerPort": { + "description": "ContainerPort is the mapped port inside the container.\n", + "type": "string" + }, + "hostIP": { + "description": "HostIP is the host IP.\n", + "type": "string" + }, + "hostPort": { + "description": "HostPort is the host port.\n", + "type": "integer" + } + }, + "type": "object" + }, + "shared.ProfileKubernetesData": { + "description": "ProfileKubernetesData holds Kubernetes data", + "properties": { + "clusterRoles": { + "description": "ClusterRoles are the cluster roles of the associated service account.\n", + "items": { + "$ref": "#/components/schemas/shared.KubeClusterRole" + }, + "type": "array" + }, + "roles": { + "description": "Roles are the roles of the associated service account.\n", + "items": { + "$ref": "#/components/schemas/shared.KubeRole" + }, + "type": "array" + }, + "serviceAccount": { + "description": "ServiceAccount is the service account used to access Kubernetes apiserver\nThis field will be empty if the container is not running inside of a Pod.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.Progress": { + "description": "Progress displays the scan progress", + "properties": { + "aisInitialScanInProgress": { + "description": "AISInitialScanInProgress indicates whether agentless next-gen first scheduled scan is in progress.\n", + "type": "boolean" + }, + "aisOnDemandScanInProgress": { + "description": "AISOnDemandScanInProgress indicates whether agentless next-gen on demand scan is in progress.\n", + "type": "boolean" + }, + "discovery": { + "description": "Discovery indicates whether the scan is in discovery phase.\n", + "type": "boolean" + }, + "error": { + "description": "Error is the error that happened during scan.\n", + "type": "string" + }, + "hostname": { + "description": "Hostname is the hostname for which the progress apply.\n", + "type": "string" + }, + "id": { + "description": "ID is the ID of the entity being scanned.\n", + "type": "string" + }, + "onDemand": { + "description": "OnDemand indicates whether the scan was triggered by the user or not (scheduled scan).\n", + "type": "boolean" + }, + "scanTime": { + "description": "ScanTime is the time of scan.\n", + "format": "date-time", + "type": "string" + }, + "scanned": { + "description": "Scanned is the number of entities for which the scan completed.\n", + "type": "integer" + }, + "title": { + "description": "Title is the progress title (set by the scanning process).\n", + "type": "string" + }, + "total": { + "description": "Total is the total amount of entities that should be scanned.\n", + "type": "integer" + }, + "type": { + "$ref": "#/components/schemas/shared.ScanType" + } + }, + "type": "object" + }, + "shared.RegionData": { + "description": "RegionData contains data regarding a region", + "properties": { + "coordinates": { + "$ref": "#/components/schemas/shared.Coordinates" + }, + "name": { + "description": "Name is the region display name.\n", + "type": "string" + }, + "region": { + "description": "Region is the region code name.\n", + "type": "string" + }, + "regionType": { + "$ref": "#/components/schemas/shared.RegionType" + }, + "supportedServices": { + "description": "SupportedServices is a list of cloud service types the region supports.\n", + "items": { + "$ref": "#/components/schemas/shared.ScanResultType" + }, + "type": "array" + } + }, + "type": "object" + }, + "shared.RegionDataByCloudProvider": { + "additionalProperties": { + "$ref": "#/components/schemas/-_shared.RegionData" + }, + "description": "RegionDataByCloudProvider represents the region data per cloud provider", + "type": "object" + }, + "shared.RegionType": { + "description": "RegionType specifies the region type that runs the Amazon services", + "enum": [ + [ + "regular", + "gov", + "china", + "all" + ] + ], + "type": "string" + }, + "shared.RegistryOSType": { + "description": "RegistryOSType specifies the registry images base OS type", + "enum": [ + [ + "linux", + "linuxARM64", + "windows" + ] + ], + "type": "string" + }, + "shared.RegistryScanProgress": { + "description": "RegistryScanProgress represents the registry scan progress", + "properties": { + "discovery": { + "$ref": "#/components/schemas/shared.Progress" + }, + "imageScan": { + "$ref": "#/components/schemas/shared.Progress" + }, + "isScanOngoing": { + "description": "IsScanOngoing indicates if a scan is currently ongoing.\n", + "type": "boolean" + }, + "specScanStartTime": { + "description": "SpecScanStartTime indicates when the current spec scan started.\n", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "shared.RegistryScanRequest": { + "description": "RegistryScanRequest represents a registry scan request", + "properties": { + "onDemandScan": { + "description": "OnDemandScan indicates whether to handle request using the on-demand scanner.\n", + "type": "boolean" + }, + "scanID": { + "description": "ScanID is the ID of the scan.\n", + "type": "integer" + }, + "settings": { + "$ref": "#/components/schemas/shared.RegistrySpecification" + }, + "tag": { + "$ref": "#/components/schemas/shared.ImageTag" + }, + "type": { + "description": "Type indicates the type of the scan request.\n", + "type": "integer" + } + }, + "type": "object" + }, + "shared.RegistrySettings": { + "description": "RegistrySettings contains each registry's unique settings", + "properties": { + "harborScannerUrlSuffix": { + "description": "Relative path to the Harbor scanner endpoint.\n", + "type": "string" + }, + "specifications": { + "description": "Information for connecting to the registries to be scanned.\n", + "items": { + "$ref": "#/components/schemas/shared.RegistrySpecification" + }, + "type": "array" + }, + "webhookUrlSuffix": { + "description": "Relative path to the webhook HTTP endpoint.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.RegistrySpecification": { + "description": "RegistrySpecification contains information for connecting to local/remote registry", + "properties": { + "azureCloudMetadata": { + "$ref": "#/components/schemas/common.CloudMetadata" + }, + "caCert": { + "description": "CACert is the Certificate Authority that signed the registry certificate.\n", + "type": "string" + }, + "cap": { + "description": "Specifies the maximum number of images from each repo to fetch and scan, sorted by most recently modified.\n", + "type": "integer" + }, + "collections": { + "description": "Specifies the set of Defenders in-scope for working on a scan job.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "credential": { + "$ref": "#/components/schemas/cred.Credential" + }, + "credentialID": { + "description": "ID of the credentials in the credentials store to use for authenticating with the registry.\n", + "type": "string" + }, + "excludedRepositories": { + "description": "Repositories to exclude from scanning.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "excludedTags": { + "description": "Tags to exclude from scanning.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "gitlabRegistrySpec": { + "$ref": "#/components/schemas/shared.GitlabRegistrySpec" + }, + "harborDeploymentSecurity": { + "description": "Indicates whether the Prisma Cloud plugin uses temporary tokens provided by Harbor to scan images in projects where Harbor's deployment security setting is enabled.\n", + "type": "boolean" + }, + "id": { + "description": "ID is a unique identifier of the registry spec.\n", + "type": "string" + }, + "jfrogRepoTypes": { + "description": "JFrog Artifactory repository types to scan.\n", + "items": { + "$ref": "#/components/schemas/shared.JFrogRepoType" + }, + "type": "array" + }, + "lastScanStatus": { + "description": "LastScanStatus is the last scan status. we keep both LastScanStatus and ScanStatus in order to not lose the latest scan status when a scan starts.\n", + "type": "string" + }, + "lastScanTime": { + "description": "LastScanTime specifies the last time a scan was completed.\n", + "format": "date-time", + "type": "string" + }, + "namespace": { + "description": "IBM Bluemix namespace https://console.bluemix.net/docs/services/Registry/registry_overview.html#registry_planning.\n", + "type": "string" + }, + "os": { + "$ref": "#/components/schemas/shared.RegistryOSType" + }, + "registry": { + "description": "Registry address (e.g., https://gcr.io).\n", + "type": "string" + }, + "repository": { + "description": "Repositories to scan.\n", + "type": "string" + }, + "scanError": { + "description": "ScanError is the error received while scanning the specification.\n", + "type": "string" + }, + "scanStatus": { + "description": "ScanStatus is the scan status that's updated dynamically during the scan, when the scan finishes - its value is passed to the LastScanStatus field in the DB.\n", + "type": "string" + }, + "scanTime": { + "description": "ScanTime specifies the time a scan was started.\n", + "format": "date-time", + "type": "string" + }, + "scannedImagesSuccessTotal": { + "description": "ScannedImagesSuccessTotal is the total number of registry images that were scanned successfully on the last registry specification scan.\n", + "type": "integer" + }, + "scanners": { + "description": "Number of Defenders that can be utilized for each scan job.\n", + "type": "integer" + }, + "tag": { + "description": "Tags to scan.\n", + "type": "string" + }, + "version": { + "description": "Registry type. Determines the protocol Prisma Cloud uses to communicate with the registry.\n", + "type": "string" + }, + "versionPattern": { + "description": "Pattern heuristic for quickly filtering images by tags without having to query all images for modification dates.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.RiskFactorEffect": { + "description": "RiskFactorEffect represents the effect which is applied by a risk factor", + "properties": { + "effect": { + "$ref": "#/components/schemas/vuln.Effect" + }, + "riskFactor": { + "$ref": "#/components/schemas/vulnerability.RiskFactor" + } + }, + "type": "object" + }, + "shared.RuntimeAttackType": { + "description": "RuntimeAttackType is the sub-category of the attack (e.g., malware process, process not in model, etc...)", + "enum": [ + [ + "", + "cloudMetadataProbing", + "kubeletAPIAccess", + "kubeletReadonlyAccess", + "kubectlSpawned", + "kubectlDownloaded", + "horizontalPortScanning", + "verticalPortScanning", + "explicitlyDeniedIP", + "customFeedIP", + "feedIP", + "unexpectedOutboundPort", + "suspiciousNetworkActivity", + "unexpectedListeningPort", + "explicitlyDeniedListeningPort", + "explicitlyDeniedOutboundPort", + "listeningPortModifiedProcess", + "outboundPortModifiedProcess", + "feedDNS", + "explicitlyDeniedDNS", + "dnsQuery", + "unexpectedProcess", + "portScanProcess", + "malwareProcessCustom", + "malwareProcessFeed", + "explicitlyDeniedProcess", + "modifiedProcess", + "cryptoMinerProcess", + "lateralMovementProcess", + "tmpfsProcess", + "policyHijacked", + "reverseShell", + "suidBinaries", + "unknownOriginBinary", + "webShell", + "administrativeAccount", + "encryptedBinary", + "sshAccess", + "explicitlyDeniedFile", + "malwareFileCustom", + "malwareFileFeed", + "execFileAccess", + "elfFileAccess", + "secretFileAccess", + "regFileAccess", + "wildfireMalware", + "unknownOriginBinary", + "webShell", + "fileIntegrity", + "alteredBinary", + "malwareDownloaded", + "suspiciousELFHeader", + "executionFlowHijackAttempt", + "customRule" + ] + ], + "type": "string" + }, + "shared.RuntimeAudit": { + "description": "RuntimeAudit represents a runtime audit event (fires when a runtime policy is violated)", + "properties": { + "_id": { + "description": "Internal ID (used for in-place updates).\n", + "type": "string" + }, + "accountID": { + "description": "ID of the cloud account where the audit was generated.\n", + "type": "string" + }, + "app": { + "description": "Name of the service which violated the host policy.\n", + "type": "string" + }, + "appID": { + "description": "Application ID.\n", + "type": "string" + }, + "attackTechniques": { + "description": "MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/mitre.Technique" + }, + "type": "array" + }, + "attackType": { + "$ref": "#/components/schemas/shared.RuntimeAttackType" + }, + "cluster": { + "description": "Cluster name.\n", + "type": "string" + }, + "collections": { + "description": "Collections to which this audit applies.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "command": { + "description": "ScrubbedCommand is the command executed by the process with scrubbed PII.\n", + "type": "string" + }, + "container": { + "description": "Indicates if this is a container audit (true) or host audit (false).\n", + "type": "boolean" + }, + "containerId": { + "description": "ID of the container that violates the rule.\n", + "type": "string" + }, + "containerName": { + "description": "Container name.\n", + "type": "string" + }, + "count": { + "description": "Attack type audits count.\n", + "type": "integer" + }, + "country": { + "description": "Outbound country for outgoing network audits.\n", + "type": "string" + }, + "domain": { + "description": "Domain is the requested domain.\n", + "type": "string" + }, + "effect": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "err": { + "description": "Unknown error in the audit process.\n", + "type": "string" + }, + "filepath": { + "description": "Filepath is the path of the modified file.\n", + "type": "string" + }, + "fqdn": { + "description": "Current full domain name used in audit alerts.\n", + "type": "string" + }, + "function": { + "description": "Name of the serverless function that caused the audit.\n", + "type": "string" + }, + "functionID": { + "description": "ID of the function invoked.\n", + "type": "string" + }, + "hostname": { + "description": "Current hostname.\n", + "type": "string" + }, + "imageId": { + "description": "Container image ID.\n", + "type": "string" + }, + "imageName": { + "description": "Container image name.\n", + "type": "string" + }, + "interactive": { + "description": "Indicates if the audit was triggered from a process that was spawned in interactive mode (e.g., docker exec ...) (true) or not (false).\n", + "type": "boolean" + }, + "ip": { + "description": "IP is the connection destination IP address.\n", + "type": "string" + }, + "label": { + "description": "Container deployment label.\n", + "type": "string" + }, + "labels": { + "additionalProperties": { + "$ref": "#/components/schemas/string" + }, + "description": "Custom labels which augment the audit data.\n", + "type": "object" + }, + "md5": { + "description": "MD5 is the MD5 of the modified file (only for executables.\n", + "type": "string" + }, + "msg": { + "description": "Blocking message text.\n", + "type": "string" + }, + "namespace": { + "description": "K8s deployment namespace.\n", + "type": "string" + }, + "os": { + "description": "Operating system distribution.\n", + "type": "string" + }, + "pid": { + "description": "ID of the process that caused the audit event.\n", + "type": "integer" + }, + "port": { + "description": "Port is the connection destination port.\n", + "type": "integer" + }, + "processPath": { + "description": "Path of the process that caused the audit event.\n", + "type": "string" + }, + "profileId": { + "description": "Profile ID of the audit.\n", + "type": "string" + }, + "provider": { + "$ref": "#/components/schemas/common.CloudProvider" + }, + "rawEvent": { + "description": "Unparsed function handler event input.\n", + "type": "string" + }, + "region": { + "description": "Region of the resource where the audit was generated.\n", + "type": "string" + }, + "requestID": { + "description": "ID of the lambda function invocation request.\n", + "type": "string" + }, + "resourceID": { + "description": "Unique ID of the resource where the audit was generated.\n", + "type": "string" + }, + "ruleName": { + "description": "Name of the rule that was applied, if blocked.\n", + "type": "string" + }, + "runtime": { + "$ref": "#/components/schemas/shared.LambdaRuntimeType" + }, + "severity": { + "$ref": "#/components/schemas/shared.RuntimeSeverity" + }, + "time": { + "description": "Time of the audit event (in UTC time).\n", + "format": "date-time", + "type": "string" + }, + "type": { + "$ref": "#/components/schemas/shared.RuntimeType" + }, + "user": { + "description": "Service user.\n", + "type": "string" + }, + "version": { + "description": "Defender version.\n", + "type": "string" + }, + "vmID": { + "description": "Azure unique VM ID where the audit was generated.\n", + "type": "string" + }, + "wildFireReportURL": { + "description": "WildFireReportURL is a URL link of the report generated by wildFire.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.RuntimeProfileState": { + "description": "RuntimeProfileState represents the state of an image profile", + "enum": [ + [ + "learning", + "dryRun", + "learningExtended", + "manualLearning", + "manualRelearning", + "active", + "manualActive" + ] + ], + "type": "string" + }, + "shared.RuntimeSecretScrubbingSettings": { + "description": "RuntimeSecretScrubbingSettings holds the runtime secret scrubbing settings", + "properties": { + "customSpecs": { + "description": "CustomSpecs is a collection of generic sensitive data masking patterns.\n", + "items": { + "$ref": "#/components/schemas/runtime.SecretScrubbingSpec" + }, + "type": "array" + }, + "skipDefault": { + "description": "SkipDefault indicates whether default secret scrubbing should be skipped.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "shared.RuntimeSeverity": { + "description": "RuntimeSeverity represents the runtime severity", + "enum": [ + [ + "low", + "medium", + "high" + ] + ], + "type": "string" + }, + "shared.RuntimeType": { + "description": "RuntimeType represents the runtime protection type", + "enum": [ + [ + "processes", + "network", + "kubernetes", + "filesystem" + ] + ], + "type": "string" + }, + "shared.ScanErrorInfo": { + "description": "ScanErrorInfo holds information about the errors that occurred during the scan", + "properties": { + "category": { + "description": "Category is the category of error.\n", + "type": "string" + }, + "cause": { + "description": "Cause describes what caused the error.\n", + "type": "string" + }, + "detectedDuring": { + "$ref": "#/components/schemas/shared.AISOperationType" + }, + "error": { + "description": "Error holds the full error string.\n", + "type": "string" + }, + "recommendation": { + "description": "Recommendation provides more information about error and suggestions for possible fixes.\n", + "type": "string" + }, + "score": { + "description": "Score is a rating of how relevant the error is to the customer.\n", + "type": "integer" + }, + "source": { + "description": "Source is details on where the error occurred.\n", + "type": "string" + }, + "updatedAt": { + "description": "UpdatedAt holds the timestamp of the current error, relevant only for AIS scans.\n", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "shared.ScanResultType": { + "description": "ScanResultType represents a cloud scan result type", + "enum": [ + [ + "aws-ecr", + "aws-lambda", + "aws-ec2", + "aws-eks", + "aws-ecs", + "aws-s3", + "aws-config", + "aws-cloud-trail", + "aws-kms", + "aws-cloud-watch", + "aws-sns", + "aws-security-hub", + "aws-secrets-manager", + "aws-parameter-store", + "azure-acr", + "azure-functions", + "azure-aks", + "azure-aci", + "azure-vm", + "gcp-gcr", + "gcp-gcf", + "gcp-gke", + "gcp-vm", + "gcp-artifact", + "oci-instance" + ] + ], + "type": "string" + }, + "shared.ScanSettings": { + "description": "ScanSettings are global settings for image/host/container and registry scanning", + "properties": { + "agentlessScanPeriodMs": { + "description": "AgentlessScanPeriodMS is the agentless scan period in ms - validated for minimum 1 hour or disabled with zero.\n", + "format": "int64", + "type": "integer" + }, + "cloudPlatformsScanPeriodMs": { + "description": "CloudPlatformsScanPeriodMS is the cloud platforms scan period in ms - validated for minimum 1 hour or disabled with zero.\n", + "format": "int64", + "type": "integer" + }, + "containersScanPeriodMs": { + "description": "ContainersScanPeriodMS is the container scan period in ms - validated for minimum 1 hour or disabled with zero.\n", + "format": "int64", + "type": "integer" + }, + "extractArchive": { + "description": "ExtractArchive indicates whether to search within archive during scan is enabled.\n", + "type": "boolean" + }, + "imagesScanPeriodMs": { + "description": "ImageScanPeriodMS is the image scan period in ms - validated for minimum 1 hour or disabled with zero.\n", + "format": "int64", + "type": "integer" + }, + "includeJsDependencies": { + "description": "IncludeJsDependencies indicates whether to include packages from the \"dependencies\".\n", + "type": "boolean" + }, + "registryScanPeriodMs": { + "description": "RegistryScanPeriodMS is the registry scan period in ms - validated for minimum 1 hour or disabled with zero.\n", + "format": "int64", + "type": "integer" + }, + "registryScanRetentionDays": { + "description": "RegistryScanRetentionDays is the number of days to keep deleted registry images.\n", + "type": "integer" + }, + "scanRunningImages": { + "description": "ScanRunningImages indicates only images that are used by containers should be used.\n", + "type": "boolean" + }, + "serverlessScanPeriodMs": { + "description": "ServerlessScanPeriodMS is the serverless vulnerability scan period in ms - validated for minimum 1 hour or disabled with zero.\n", + "format": "int64", + "type": "integer" + }, + "showInfraContainers": { + "description": "ShowInfraContainers indicates infra containers should be shown.\n", + "type": "boolean" + }, + "showNegligibleVulnerabilities": { + "description": "ShowNegligibleVulnerabilities indicates whether to display negligible vulnerabilities (low severity or will not be fixed).\n", + "type": "boolean" + }, + "systemScanPeriodMs": { + "description": "SystemScanPeriodMS is the host scan period in ms - validated for minimum 1 hour or disabled with zero.\n", + "format": "int64", + "type": "integer" + }, + "tasDropletsScanPeriodMs": { + "description": "TASDropletsScanPeriodMS is the TAS scan period in ms - validated for minimum 1 hour or disabled with zero.\n", + "format": "int64", + "type": "integer" + }, + "vmScanPeriodMs": { + "description": "VMScanPeriodMS is the VM image scan period in ms - validated for minimum 1 hour or disabled with zero.\n", + "format": "int64", + "type": "integer" + } + }, + "type": "object" + }, + "shared.ScanType": { + "description": "ScanType displays the components for an ongoing scan", + "enum": [ + [ + "image", + "ciImage", + "container", + "host", + "agentlessHost", + "registry", + "serverlessScan", + "ciServerless", + "vm", + "tas", + "ciTas", + "cloudDiscovery", + "serverlessRadar", + "serverlessAutoDeploy", + "hostAutoDeploy", + "codeRepo", + "ciCodeRepo" + ] + ], + "type": "string" + }, + "shared.SecretStoreType": { + "description": "SecretStoreType is the secrets store type", + "enum": [ + [ + "hashicorp", + "hashicorp010", + "cyberark", + "awsParameterStore", + "awsSecretsManager", + "azure" + ] + ], + "type": "string" + }, + "shared.SecretsInjectionType": { + "description": "SecretsInjectionType is the method used to inject secrets to containers", + "enum": [ + [ + "envvar", + "filesystem" + ] + ], + "type": "string" + }, + "shared.SecretsPolicy": { + "description": "SecretsPolicy defines policy for distribution of secrets to containers", + "properties": { + "_id": { + "description": "ID is the internal secret policy id.\n", + "type": "string" + }, + "rules": { + "description": "Rules is the list of secret injection rules.\n", + "items": { + "$ref": "#/components/schemas/shared.SecretsRule" + }, + "type": "array" + } + }, + "type": "object" + }, + "shared.SecretsRule": { + "description": "SecretsRule defines distribution of secrets to containers", + "properties": { + "collections": { + "description": "Collections is a list of collections the rule applies to.\n", + "items": { + "$ref": "#/components/schemas/collection.Collection" + }, + "type": "array" + }, + "disabled": { + "description": "Indicates whether the rule is currently disabled. Values: true (disabled) or false (enabled).\n", + "type": "boolean" + }, + "injection": { + "$ref": "#/components/schemas/shared.SecretsInjectionType" + }, + "modified": { + "description": "Specifies the date and time when the rule was last modified.\n", + "format": "date-time", + "type": "string" + }, + "name": { + "description": "Name of the rule.\n", + "type": "string" + }, + "notes": { + "description": "Describes any noteworthy points for a rule. You can include any text.\n", + "type": "string" + }, + "owner": { + "description": "User who created or last modified the rule.\n", + "type": "string" + }, + "previousName": { + "description": "Previous name of the rule. Required for rule renaming.\n", + "type": "string" + }, + "readAllPerm": { + "description": "ReadAllPerm indicates whether file permissions of injected secrets allow read by root only or by all users.\n", + "type": "boolean" + }, + "secrets": { + "description": "Secrets are the encrypted secrets to inject.\n", + "items": { + "$ref": "#/components/schemas/shared.VaultSecret" + }, + "type": "array" + }, + "targetDir": { + "description": "TargetDir is the target directory to inject secret files to if we choose filesystem injection.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.SecretsStore": { + "description": "SecretsStore represents a secret storage entity", + "properties": { + "appID": { + "description": "AppID is the twistlock application id, as set in Cyberark store.\n", + "type": "string" + }, + "caCert": { + "$ref": "#/components/schemas/common.Secret" + }, + "clientCert": { + "$ref": "#/components/schemas/common.Secret" + }, + "credentialId": { + "description": "CredentialID is the authentication credential id.\n", + "type": "string" + }, + "name": { + "description": "Name is the name of the secret store defined by the user.\n", + "type": "string" + }, + "region": { + "description": "Region is the secrets store's region.\n", + "type": "string" + }, + "type": { + "$ref": "#/components/schemas/shared.SecretStoreType" + }, + "url": { + "description": "URL is the secrets store's endpoint point.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.SecretsStores": { + "description": "SecretsStores are settings for connecting with secrets storage vaults", + "properties": { + "refreshPeriodHours": { + "description": "RefreshPeriodHours is the secret stores refresh time in hours.\n", + "type": "integer" + }, + "secretsStores": { + "description": "Stores is the list of stores to fetch secrets from.\n", + "items": { + "$ref": "#/components/schemas/shared.SecretsStore" + }, + "type": "array" + } + }, + "type": "object" + }, + "shared.ServerlessAutoDeploySpecification": { + "description": "ServerlessAutoDeploySpecification contains the information for auto-deploying serverless functions protection", + "properties": { + "awsRegionType": { + "$ref": "#/components/schemas/shared.RegionType" + }, + "collections": { + "description": "Collections is a list of collections the rule applies to.\n", + "items": { + "$ref": "#/components/schemas/collection.Collection" + }, + "type": "array" + }, + "consoleAddr": { + "description": "ConsoleAddr represents the hostname of the console to connect to.\n", + "type": "string" + }, + "credentialID": { + "description": "CredentialID is the service provider authentication data.\n", + "type": "string" + }, + "lastModified": { + "description": "LastModified is the last modified time of the specification.\n", + "format": "date-time", + "type": "string" + }, + "name": { + "description": "Name is the name of the spec.\n", + "type": "string" + }, + "proxy": { + "$ref": "#/components/schemas/common.ProxySettings" + }, + "runtimes": { + "description": "Runtimes is the list of runtimes to which the spec applies.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + "type": "object" + }, + "shared.ServerlessAutoDeploySpecifications": { + "description": "ServerlessAutoDeploySpecifications is a list of serverless auto-deploy specifications", + "items": { + "$ref": "#/components/schemas/shared.ServerlessAutoDeploySpecification" + }, + "type": "array" + }, + "shared.ServerlessBundleRequest": { + "description": "ServerlessBundleRequest represents the arguments to serverless bundle request", + "properties": { + "provider": { + "$ref": "#/components/schemas/common.CloudProvider" + }, + "proxyCA": { + "description": "ProxyCA is the proxy\u2019s CA certificate for Defender to trust.\n", + "type": "string" + }, + "runtime": { + "$ref": "#/components/schemas/shared.LambdaRuntimeType" + } + }, + "type": "object" + }, + "shared.ServerlessLayerBundleRequest": { + "description": "ServerlessLayerBundleRequest represents the arguments to a serverless layer bundle request", + "properties": { + "nodeJSModuleType": { + "$ref": "#/components/schemas/shared.NodeJSModuleType" + }, + "provider": { + "$ref": "#/components/schemas/common.CloudProvider" + }, + "proxyCA": { + "description": "ProxyCA is the proxy\u2019s CA certificate for Defender to trust.\n", + "type": "string" + }, + "runtime": { + "$ref": "#/components/schemas/shared.LambdaRuntimeType" + } + }, + "type": "object" + }, + "shared.ServerlessScanSpecification": { + "description": "ServerlessScanSpecification describes how to connect to a serverless provider", + "properties": { + "cap": { + "description": "Specifies the maximum number of functions to fetch and scan, ordered by most recently modified.\n", + "type": "integer" + }, + "enabled": { + "description": "Enabled indicates whether serverless scanning is enabled.\n", + "type": "boolean" + }, + "scanAllVersions": { + "description": "Specifies whether to scan all image versions. If set to false, scans only $LATEST. Default: false.\n", + "type": "boolean" + }, + "scanLayers": { + "description": "Specifies whether to scan a function's layers. Default: true.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "shared.SubnetConnections": { + "description": "SubnetConnections holds the entity incoming and outgoing connections from/to subnets", + "properties": { + "incoming": { + "additionalProperties": { + "$ref": "#/components/schemas/cnnf.RadarConnectionInstances" + }, + "description": "Incoming holds connection from radar entity to subnet.\n", + "type": "object" + }, + "outgoing": { + "additionalProperties": { + "$ref": "#/components/schemas/cnnf.RadarConnectionInstances" + }, + "description": "Outgoing holds connection from subnet to radar entity.\n", + "type": "object" + } + }, + "type": "object" + }, + "shared.SyslogSettings": { + "description": "SyslogSettings are the syslog settings", + "properties": { + "addr": { + "description": "Addr is the remote address for sending events.\n", + "type": "string" + }, + "allProcEvents": { + "description": "AllProcEvents indicates whether any new spawned container process should generate an event source entry.\n", + "type": "boolean" + }, + "cert": { + "description": "Cert is the server cert for dialing TLS syslogger.\n", + "type": "string" + }, + "enabled": { + "description": "Enabled indicates whether log feature is enabled.\n", + "type": "boolean" + }, + "id": { + "description": "ID represents the user's custom identifier string.\n", + "type": "string" + }, + "verboseScan": { + "description": "VerboseScan indicates whether detailed scan (Compliance/Vulnerability) result should be written to event logger.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "shared.TASDropletSpecification": { + "description": "TASDropletSpecification specify which droplets to scan", + "properties": { + "cap": { + "description": "Cap indicates only the last k images should be fetched.\n", + "type": "integer" + }, + "cloudControllerAddress": { + "description": "CloudControllerAddress is the address of the local cloud controller in TAS env.\n", + "type": "string" + }, + "hostname": { + "description": "Hostname is the hostname of the defender that is used as the blobstore scanner.\n", + "type": "string" + }, + "pattern": { + "description": "Name is the droplet name.\n", + "type": "string" + }, + "remote": { + "description": "Remote indicates whether the blobstore is remote or local.\n", + "type": "boolean" + }, + "remoteConfig": { + "$ref": "#/components/schemas/shared.TASRemoteBlobstoreConfig" + } + }, + "type": "object" + }, + "shared.TASRemoteBlobstoreConfig": { + "description": "TASRemoteBlobstoreConfig contains remote blobstore details", + "properties": { + "blobstoreAddress": { + "description": "BlobstoreAddress is the address of the remote cloud controller.\n", + "type": "string" + }, + "cACert": { + "description": "CACert Ops manager CA root certificate in case the user chooses not to skip TLS validation.\n", + "type": "string" + }, + "credential": { + "$ref": "#/components/schemas/cred.Credential" + }, + "credentialID": { + "description": "CredentialID is the id in the credentials store to use for authenticating with the remote blobstore.\n", + "type": "string" + }, + "foundation": { + "description": " Foundation is the name of TAS foundation.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.Tag": { + "description": "Tag represents a single tag", + "properties": { + "color": { + "$ref": "#/components/schemas/common.Color" + }, + "description": { + "description": "Description is the tag description.\n", + "type": "string" + }, + "name": { + "description": "Name is the tag name.\n", + "type": "string" + }, + "vulns": { + "description": "Vulns are the tagged vulnerabilities.\n", + "items": { + "$ref": "#/components/schemas/shared.TagVulnMetadata" + }, + "type": "array" + } + }, + "type": "object" + }, + "shared.TagRule": { + "description": "TagRule is a tag rule for specific vulnerabilities", + "properties": { + "description": { + "description": "Free-form text for documenting the exception.\n", + "type": "string" + }, + "effect": { + "$ref": "#/components/schemas/vuln.Effect" + }, + "expiration": { + "$ref": "#/components/schemas/vuln.ExpirationDate" + }, + "name": { + "description": "Tag name.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.TagVulnMetadata": { + "description": "TagVulnMetadata contains the tag vulnerability metadata", + "properties": { + "checkBaseLayer": { + "description": "(Applies only to the resource type 'image') Checks whether the base layer in an image is the resource image.\n", + "type": "boolean" + }, + "comment": { + "description": "Adds a comment.\n", + "type": "string" + }, + "id": { + "description": "Specifies the Common Vulnerability and Exposures (CVE) ID.\n", + "type": "string" + }, + "packageName": { + "description": "Specifies the source or the binary package name where the vulnerability is found.\nUse the source package name for tagging if only source package exists.\nUse the wildcard `*` for tagging all the packages.\n", + "type": "string" + }, + "resourceType": { + "$ref": "#/components/schemas/vuln.TagType" + }, + "resources": { + "description": "(Required when you define the resource type) Specifies the resources for tagging where the vulnerability is found. Either specify the resource names separated by a comma or use the wildcard `*` to apply the tag to all the resources where the vulnerability is found.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + "type": "object" + }, + "shared.TrustAudit": { + "description": "TrustAudit represents a trust audit", + "properties": { + "_id": { + "description": "ID is the registry-repo of the created container.\n", + "type": "string" + }, + "accountID": { + "description": "AccountID is the cloud account ID where the audit was generated.\n", + "type": "string" + }, + "cluster": { + "description": "Cluster is the cluster where the audit was generated.\n", + "type": "string" + }, + "count": { + "description": "Count is the number of times this audit occurred.\n", + "type": "integer" + }, + "effect": { + "$ref": "#/components/schemas/vuln.Effect" + }, + "imageID": { + "description": "ImageID is the container image id.\n", + "type": "string" + }, + "imageName": { + "description": "ImageName is the container image name.\n", + "type": "string" + }, + "msg": { + "description": "Message is the blocking message text.\n", + "type": "string" + }, + "ruleName": { + "description": "If blocked, contains the name of the rule that was applied.\n", + "type": "string" + }, + "time": { + "description": "Time is the UTC time of the audit event.\n", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "shared.TrustAudits": { + "description": "TrustAudits represents the trust profile audits", + "properties": { + "_id": { + "description": "ProfileID is the runtime profile ID.\n", + "type": "string" + }, + "audits": { + "additionalProperties": { + "$ref": "#/components/schemas/shared.TrustRegistryRepoAudits" + }, + "description": "Audits is a map from trust status (audits are only for untrusted type) to the audit events list.\n", + "type": "object" + }, + "cluster": { + "description": "Cluster is the cluster from which the audit originated.\n", + "type": "string" + }, + "collections": { + "description": "Collections are collections to which this audit applies.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "imageName": { + "description": "ImageName is the container image name.\n", + "type": "string" + }, + "label": { + "description": "Label represents the container deployment label.\n", + "type": "string" + }, + "os": { + "description": "OS is the operating system distribution.\n", + "type": "string" + }, + "resource": { + "$ref": "#/components/schemas/common.RuntimeResource" + }, + "time": { + "description": "Time is the UTC time of the last audit event.\n", + "format": "date-time", + "type": "string" + }, + "total": { + "description": "Total is the total count of audits per runtime profile.\n", + "type": "integer" + } + }, + "type": "object" + }, + "shared.TrustRegistryRepoAudits": { + "description": "TrustRegistryRepoAudits represents the trust registry/repo audits per profile", + "properties": { + "audits": { + "description": "Audits are the trust audits associated with the registry/repo, limited to the determined capacity.\n", + "items": { + "$ref": "#/components/schemas/shared.TrustAudit" + }, + "type": "array" + }, + "count": { + "description": "Count is the total count of the sub-type audits.\n", + "type": "integer" + } + }, + "type": "object" + }, + "shared.TrustedCertSettings": { + "description": "TrustedCertSettings are settings for trusted certs", + "properties": { + "certs": { + "description": "Certs are the list of trusted certificates to use in access scenarios.\n", + "items": { + "$ref": "#/components/schemas/shared.TrustedCertSignature" + }, + "type": "array" + }, + "checkRevocation": { + "description": "CheckRevocation indicates whether to check the certificate revocation.\n", + "type": "boolean" + }, + "enabled": { + "description": "Enabled indicates whether the trusted certificate feature is enabled.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "shared.TrustedCertSignature": { + "description": "TrustedCertSignature represents a trusted cert settings", + "properties": { + "cn": { + "description": "CN is the certificate common name.\n", + "type": "string" + }, + "issuer": { + "description": "Issuer is the certificate issuer.\n", + "type": "string" + }, + "notAfter1": { + "description": "NotAfter is the certificate expiration time\nRemark: the 1 suffix required for backward compatibility (previous values were strings and cannot be serialized).\n", + "format": "date-time", + "type": "string" + }, + "notBefore1": { + "description": "NotBefore is the minimum time for which the cert is valid\nRemark: the 1 suffix required for backward compatibility (previous values were strings and cannot be serialized).\n", + "format": "date-time", + "type": "string" + }, + "raw": { + "description": "Raw is the raw certificate (in PEM format).\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.UploadScanResult": { + "description": "UploadScanResult is the result uploading the scanning result", + "properties": { + "scanId": { + "description": "ID is the scan result ID.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.User": { + "description": "User represents a local user in Twistlock", + "properties": { + "username": { + "description": "Name of a user.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.VMSpecification": { + "description": "VMSpecification contains information for setting up and connecting to the image", + "properties": { + "cap": { + "description": "Specifies the maximum number of images to fetch and scan, ordered by most recently modified.\n", + "type": "integer" + }, + "consoleAddr": { + "description": "Network-accessible address that Defender can use to publish scan results to Console.\n", + "type": "string" + }, + "credentialID": { + "description": "ID of the credentials in the credentials store to use for authenticating with the cloud provider.\n", + "type": "string" + }, + "enableSecureBoot": { + "description": "EnableSecureBoot indicates secure boot should be enabled for the instance launched for scanning (currently only supported with GCP).\n", + "type": "boolean" + }, + "excludedImages": { + "description": "Images to exclude from scanning.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "gcpProjectID": { + "description": "GCP project ID to use for listing VM images instead of the default associated with the GCP credential (optional).\n", + "type": "string" + }, + "imageType": { + "$ref": "#/components/schemas/common.ImageType" + }, + "images": { + "description": "The names of images to scan.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "instanceType": { + "description": "InstanceType is the instance type to use for the instance launched for scanning. For example, the default instance type for AWS is \"m4.large\".\n", + "type": "string" + }, + "labels": { + "description": "The labels to use to target images to scan.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "region": { + "description": "Cloud provider region.\n", + "type": "string" + }, + "scanners": { + "description": "Number of Defenders that can be utilized for each scan job.\n", + "type": "integer" + }, + "subnetID": { + "description": "SubnetID is the network subnet ID to use for the instance launched for scanning. Default value is empty string, which represents the default subnet in the VPC.\n", + "type": "string" + }, + "vpcID": { + "description": "VPCID is the network VPC ID to use for the instance launched for scanning. Default value is empty string, which represents the default VPC in the region.\n", + "type": "string" + }, + "zone": { + "description": "Cloud provider zone (part of a region). On GCP, designates in which zone to deploy the VM scan instance.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.VMSpecifications": { + "description": "VMSpecifications is a list of VM specifications", + "items": { + "$ref": "#/components/schemas/shared.VMSpecification" + }, + "type": "array" + }, + "shared.VaultSecret": { + "description": "VaultSecret represents a secret held by a secret store", + "properties": { + "folder": { + "description": "Folder is one of the following:\nCyberark: Name of the folder for secrets held in Cyberark store\nHashicorp: The directory path for secrets held in Hashicorp store\nAWS: The name of the secret in AWS Secrets Manager or AWS Parameter Store.\n", + "type": "string" + }, + "key": { + "description": "Key is the secret's identifier in the secrets store.\n", + "type": "string" + }, + "name": { + "description": "Name is the name of the secret as input from the user.\n", + "type": "string" + }, + "safe": { + "description": "Safe is the name of the safe, for secrets held in Cyberark store.\n", + "type": "string" + }, + "store": { + "description": "Store is the name of the secrets store where the secret is held.\n", + "type": "string" + }, + "value": { + "$ref": "#/components/schemas/common.Secret" + }, + "version": { + "description": "Version is the Azure secret version.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.WildFirePolicy": { + "description": "WildFirePolicy is the global wildfire usage policy, set by the client", + "properties": { + "agentlessEnabled": { + "description": "AgentlessEnabled indicates whether agentless scan will consult WF.\n", + "type": "boolean" + }, + "complianceEnabled": { + "description": "ComplianceEnabled indicates whether compliance malware scan will consult WF.\n", + "type": "boolean" + }, + "graywareAsMalware": { + "description": "GraywareAsMalware indicates whether files with WF verdict of Grayware will be treated as malware.\n", + "type": "boolean" + }, + "region": { + "description": "Region is the WF server region to query.\n", + "type": "string" + }, + "runtimeEnabled": { + "description": "RuntimeEnabled indicates whether runtime malware scan will consult WF.\n", + "type": "boolean" + }, + "uploadEnabled": { + "description": "UploadEnabled indicates whether files will be uploaded to WF.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "shared.WildFireSettings": { + "description": "WildFireSettings are the settings for WildFire API requests", + "properties": { + "apiKey": { + "description": "APIKey is the key identifier used for WF APIs.\n", + "type": "string" + }, + "apiKeyExpiration": { + "description": "APIKeyExpiration is the expiration time of the API key.\n", + "format": "date-time", + "type": "string" + }, + "lastError": { + "description": "LastError is the last error that occurred when trying to create/update the wildfire key.\n", + "type": "string" + }, + "policy": { + "$ref": "#/components/schemas/shared.WildFirePolicy" + } + }, + "type": "object" + }, + "string": { + "type": "string" + }, + "time.Duration": { + "format": "int64", + "type": "integer" + }, + "time.Time": { + "format": "date-time", + "type": "string" + }, + "trust.Data": { + "description": "Data holds the image trust data", + "properties": { + "groups": { + "description": "Groups are the trust groups.\n", + "items": { + "$ref": "#/components/schemas/trust.Group" + }, + "type": "array" + }, + "policy": { + "$ref": "#/components/schemas/trust.Policy" + } + }, + "type": "object" + }, + "trust.Group": { + "description": "Group represents a group of images", + "properties": { + "_id": { + "description": "Name of the group.\n", + "type": "string" + }, + "disabled": { + "description": "Indicates whether the rule is currently disabled. Values: true (disabled) or false (enabled).\n", + "type": "boolean" + }, + "images": { + "description": "Image names or IDs (e.g., docker.io/library/ubuntu:16.04 / SHA264@...).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "layers": { + "description": "Filesystem layers. The image is trusted if its layers have a prefix of the trusted groups layer in the same order.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "modified": { + "description": "Specifies the date and time when the rule was last modified.\n", + "format": "date-time", + "type": "string" + }, + "name": { + "description": "Name of the rule.\n", + "type": "string" + }, + "notes": { + "description": "Describes any noteworthy points for a rule. You can include any text.\n", + "type": "string" + }, + "owner": { + "description": "User who created or last modified the rule.\n", + "type": "string" + }, + "previousName": { + "description": "Previous name of the rule. Required for rule renaming.\n", + "type": "string" + } + }, + "type": "object" + }, + "trust.HostStatus": { + "description": "HostStatus represents an image trust status on a host", + "properties": { + "host": { + "description": "Host name.\n", + "type": "string" + }, + "status": { + "$ref": "#/components/schemas/trust.Status" + } + }, + "type": "object" + }, + "trust.ImageResult": { + "description": "ImageResult represents an aggregated image trust result", + "properties": { + "groups": { + "description": "Trust groups which apply to the image.\n", + "items": { + "$ref": "#/components/schemas/trust.Group" + }, + "type": "array" + }, + "hostsStatuses": { + "description": "Image trust status on each host. Can be set to \"trusted\" or \"untrusted\".\n", + "items": { + "$ref": "#/components/schemas/trust.HostStatus" + }, + "type": "array" + } + }, + "type": "object" + }, + "trust.Policy": { + "description": "Policy represents the trust policy", + "properties": { + "_id": { + "description": "ID is the trust group policy ID.\n", + "type": "string" + }, + "enabled": { + "description": "Enabled indicates whether the policy is enabled.\n", + "type": "boolean" + }, + "rules": { + "description": "Rules is the list of rules in the policy.\n", + "items": { + "$ref": "#/components/schemas/trust.PolicyRule" + }, + "type": "array" + } + }, + "type": "object" + }, + "trust.PolicyRule": { + "description": "PolicyRule represents an trust policy rule", + "properties": { + "allowedGroups": { + "description": "AllowedGroups are the ids of the groups that are whitelisted by this rule.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "blockMsg": { + "$ref": "#/components/schemas/common.PolicyBlockMsg" + }, + "collections": { + "description": "Collections is a list of collections the rule applies to.\n", + "items": { + "$ref": "#/components/schemas/collection.Collection" + }, + "type": "array" + }, + "deniedGroups": { + "description": "DeniedGroups are the ids of the groups that are blacklisted by this rule.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "disabled": { + "description": "Indicates whether the rule is currently disabled. Values: true (disabled) or false (enabled).\n", + "type": "boolean" + }, + "effect": { + "$ref": "#/components/schemas/vuln.Effect" + }, + "modified": { + "description": "Specifies the date and time when the rule was last modified.\n", + "format": "date-time", + "type": "string" + }, + "name": { + "description": "Name of the rule.\n", + "type": "string" + }, + "notes": { + "description": "Describes any noteworthy points for a rule. You can include any text.\n", + "type": "string" + }, + "owner": { + "description": "User who created or last modified the rule.\n", + "type": "string" + }, + "previousName": { + "description": "Previous name of the rule. Required for rule renaming.\n", + "type": "string" + } + }, + "type": "object" + }, + "trust.Status": { + "description": "Status is the trust status for an image", + "enum": [ + [ + "trusted", + "untrusted" + ] + ], + "type": "string" + }, + "types.AccessStats": { + "description": "AccessStats are stats for the access flows", + "properties": { + "docker": { + "$ref": "#/components/schemas/types.AccessStatsCount" + }, + "sshd": { + "$ref": "#/components/schemas/types.AccessStatsCount" + }, + "sudo": { + "$ref": "#/components/schemas/types.AccessStatsCount" + } + }, + "type": "object" + }, + "types.AccessStatsCount": { + "description": "AccessStatsCount stores the total amount of access audits", + "properties": { + "allowed": { + "description": ".\n", + "type": "integer" + }, + "denied": { + "description": ".\n", + "type": "integer" + } + }, + "type": "object" + }, + "types.AgentlessHostStatus": { + "description": "AgentlessHostStatus holds the status of a host handled by an agentless scan", + "properties": { + "account": { + "description": "Account is the cloud account the host belongs to.\n", + "type": "string" + }, + "availabilityDomain": { + "description": "AvailabilityDomain is the host availability domain.\n", + "type": "string" + }, + "category": { + "description": "Category indicates the status category.\n", + "type": "string" + }, + "cause": { + "description": "Cause describes what caused the error category.\n", + "type": "string" + }, + "collections": { + "description": "Collections is a list of the matched collections.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "createdAt": { + "description": "CreatedAt is the time when the instance was launched.\n", + "format": "date-time", + "type": "string" + }, + "details": { + "description": "Details provides more information about status.\n", + "type": "string" + }, + "detectedDuring": { + "$ref": "#/components/schemas/shared.AISOperationType" + }, + "excludedTags": { + "description": "ExcludedTags lists of exclude tags cause the host to be excluded from the scan.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "hostname": { + "description": "Hostname is the hostname. E.g. \"ip-192-0-2-0\" or \"custom\".\n", + "type": "string" + }, + "includedTags": { + "description": "IncludedTags lists of include tags cause the host to be excluded from the scan.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "name": { + "description": "Name is the host's cloud name e.g. \"dimako-test\".\n", + "type": "string" + }, + "ociCompartment": { + "description": "OCICompartment is the compartment the instance belongs to (OCI only).\n", + "type": "string" + }, + "recommendation": { + "description": "Recommendation provides suggestions for possible fixes.\n", + "type": "string" + }, + "region": { + "description": "Region is the region the host belongs to.\n", + "type": "string" + }, + "regionError": { + "description": "RegionError indicates the status origin is a region error.\n", + "type": "boolean" + }, + "resourceID": { + "description": "Unique ID of the resource.\n", + "type": "string" + }, + "scanID": { + "description": "ScanID indicates the scan id in which the status was collected.\n", + "type": "integer" + }, + "scanTime": { + "description": "ScanTime indicates the scan time of the host.\n", + "format": "date-time", + "type": "string" + }, + "source": { + "description": "Source is details on where the status was collected.\n", + "type": "string" + }, + "vmTags": { + "description": "VMTags are the tags of the VM instance.\n", + "items": { + "$ref": "#/components/schemas/common.ExternalLabel" + }, + "type": "array" + } + }, + "type": "object" + }, + "types.AgentlessResourceTemplatesRequest": { + "description": "AgentlessResourceTemplatesRequest is the agentless resource templates request for populating\ntemplates that are needed to be applied prior to an agentless scan with the credential", + "properties": { + "awsRegionType": { + "$ref": "#/components/schemas/shared.RegionType" + }, + "credential": { + "$ref": "#/components/schemas/cred.Credential" + }, + "credentialID": { + "description": "(Required) Specifies the ID for which the templates are generated.\n", + "type": "string" + } + }, + "type": "object" + }, + "types.AlertProfileOption": { + "description": "AlertProfileOption describes options available for configuring an alert type", + "properties": { + "alertType": { + "$ref": "#/components/schemas/api.AlertType" + }, + "hasPolicy": { + "description": "HasPolicy defines whether the alerts are triggered by policy (e.g., this is false for defender alerts).\n", + "type": "boolean" + }, + "name": { + "description": "Name is the display name for the option.\n", + "type": "string" + }, + "rules": { + "description": "Rules are the rule names for the policy associated with this alert type (only relevant if HasPolicy is true).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "supportedClients": { + "description": "SupportedClients are the supported alert clients for this alert (e.g., jira, email).\n", + "items": { + "$ref": "#/components/schemas/api.AlertClientType" + }, + "type": "array" + } + }, + "type": "object" + }, + "types.AllDefendersUsage": { + "description": "AllDefendersUsage holds stats about the usage of different modules and the sample time", + "properties": { + "appEmbedded": { + "$ref": "#/components/schemas/types.DefenderUsage" + }, + "cloudSecurityAgent": { + "$ref": "#/components/schemas/types.DefenderUsage" + }, + "container": { + "$ref": "#/components/schemas/types.DefenderUsage" + }, + "containerAgentless": { + "$ref": "#/components/schemas/types.DefenderUsage" + }, + "host": { + "$ref": "#/components/schemas/types.DefenderUsage" + }, + "hostAgentless": { + "$ref": "#/components/schemas/types.DefenderUsage" + }, + "period": { + "description": "Period is the date beginning of the usage period.\n", + "format": "date-time", + "type": "string" + }, + "remainingCredits": { + "description": "RemainingCredits is the amount of credits left at the beginning of the period.\n", + "type": "integer" + }, + "serverless": { + "$ref": "#/components/schemas/types.ServerlessUsage" + }, + "waas": { + "$ref": "#/components/schemas/types.DefenderUsage" + }, + "waasOutOfBand": { + "$ref": "#/components/schemas/types.DefenderUsage" + } + }, + "type": "object" + }, + "types.AppFirewallAttackCount": { + "description": "AppFirewallAttackCount holds app firewall attack type and the amount of audits", + "properties": { + "count": { + "description": "Count is the count for the attack type.\n", + "type": "integer" + }, + "type": { + "$ref": "#/components/schemas/waas.AttackType" + } + }, + "type": "object" + }, + "types.AppFirewallStats": { + "additionalProperties": { + "$ref": "#/components/schemas/int" + }, + "description": "AppFirewallStats are the daily stats for app firewall audits\nTODO #20802 - replace string key with WAAS attack type type when mongo changed to avoid encoding map keys without stringer", + "type": "object" + }, + "types.ArtifactoryWebhookRequest": { + "description": "ArtifactoryWebhookRequest is an artifactory webhook request\nArtifactory doesn't have native webhook support, instead it comes as a plugin\nhttps://github.com/jfrog/artifactory-user-plugins/tree/master/webhook\nThe relevant fields in the this struct were reverse engineered from the webhook groovy code and from the fields that were sent by a real artifactory environment", + "type": "object" + }, + "types.AssetsSummary": { + "properties": { + "containerImages": { + "$ref": "#/components/schemas/types.ImageAssetsSummary" + }, + "hosts": { + "$ref": "#/components/schemas/types.HostAssetsSummary" + } + }, + "type": "object" + }, + "types.AttackTechniqueStats": { + "additionalProperties": { + "$ref": "#/components/schemas/int" + }, + "description": "AttackTechniqueStats represents statistics grouped by attack technique", + "type": "object" + }, + "types.AuditTimeslice": { + "description": "AuditTimeslice counts the number of audit events for a given time period", + "properties": { + "count": { + "description": "Count is the number of audit occurrences.\n", + "type": "integer" + }, + "end": { + "description": "End is the end time of the bucket.\n", + "format": "date-time", + "type": "string" + }, + "start": { + "description": "Start is the start time of the bucket.\n", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "types.AvailableVulnerabilities": { + "description": "AvailableVulnerabilities contains all available vulnerabilities types", + "properties": { + "complianceVulnerabilities": { + "description": "Compliance is the list of all available compliance issues.\n", + "items": { + "$ref": "#/components/schemas/vuln.Vulnerability" + }, + "type": "array" + }, + "cveVulnerabilities": { + "description": "CVE is all available cve vulnerabilities.\n", + "items": { + "$ref": "#/components/schemas/vuln.Vulnerability" + }, + "type": "array" + } + }, + "type": "object" + }, + "types.BFFHostQueryOptions": { + "properties": { + "hasVulnerabilities": { + "description": ".\n", + "type": "boolean" + }, + "limit": { + "description": ".\n", + "type": "integer" + }, + "nextPageToken": { + "description": ".\n", + "type": "string" + }, + "offset": { + "description": ".\n", + "type": "integer" + }, + "reverse": { + "description": ".\n", + "type": "boolean" + }, + "search": { + "description": ".\n", + "type": "string" + }, + "sort": { + "description": ".\n", + "type": "string" + } + }, + "type": "object" + }, + "types.BFFImageQueryOptions": { + "properties": { + "hasRunningContainers": { + "description": ".\n", + "type": "boolean" + }, + "hasVulnerabilities": { + "description": ".\n", + "type": "boolean" + }, + "limit": { + "description": ".\n", + "type": "integer" + }, + "nextPageToken": { + "description": ".\n", + "type": "string" + }, + "offset": { + "description": ".\n", + "type": "integer" + }, + "reverse": { + "description": ".\n", + "type": "boolean" + }, + "scanPassed": { + "description": ".\n", + "type": "boolean" + }, + "search": { + "description": ".\n", + "type": "string" + }, + "sort": { + "description": ".\n", + "type": "string" + }, + "stage": { + "description": ".\n", + "type": "string" + } + }, + "type": "object" + }, + "types.BFFPaginatedResponse": { + "description": "BFFPaginatedResponse is the paginated response", + "properties": { + "nextPageToken": { + "description": ".\n", + "type": "string" + }, + "total": { + "description": ".\n", + "type": "integer" + } + }, + "type": "object" + }, + "types.BaseImage": { + "description": "BaseImage represents an image which is defined as a base image", + "properties": { + "creationTime": { + "description": "CreationTime is the time when the image was created.\n", + "format": "date-time", + "type": "string" + }, + "imageName": { + "description": "ImageName is the image name repository:tag.\n", + "type": "string" + }, + "topLayer": { + "description": "TopLayer is the SHA256 of the image's last filesystem layer.\n", + "type": "string" + } + }, + "type": "object" + }, + "types.BaseImagesRule": { + "description": "BaseImagesRule holds the base images defined by a single scope", + "properties": { + "_id": { + "description": "Pattern is the scope configuration identification, e.g. image name regex pattern.\n", + "type": "string" + }, + "description": { + "description": "Description is the base images scope description.\n", + "type": "string" + }, + "images": { + "description": "Images holds the base images which matches the scope configuration, capped to 50 image digests per scope.\n", + "items": { + "$ref": "#/components/schemas/types.BaseImage" + }, + "type": "array" + } + }, + "type": "object" + }, + "types.BffQueryPermissions": { + "description": "BffQueryPermissions are user permissions", + "type": "object" + }, + "types.CSAPairingSettings": { + "description": "CSAPairingSettings is the settings which are received from the CSA during the pairing process", + "properties": { + "apiKey": { + "description": "APIKey is the key to call the CSA API.\n", + "type": "string" + }, + "apiKeyID": { + "description": "APIKeyID is the key ID to call the CSA API.\n", + "type": "string" + }, + "apiURL": { + "description": "APIURL is the CSA API URL.\n", + "type": "string" + }, + "fqdn": { + "description": "FQDN is the fully qualified domain name of CSA tenant.\n", + "type": "string" + }, + "gcpBucketName": { + "description": "GCPBucketName is the name of the GCP bucket.\n", + "type": "string" + }, + "pubSubSubscription": { + "description": "PubSubSubscription is the subscription name to the pub/sub.\n", + "type": "string" + }, + "pubSubSubscriptionDebug": { + "description": "PubSubSubscriptionDebug is the subscription name to the pub/sub for debugging purposes.\n", + "type": "string" + }, + "region": { + "description": "Region is the (GCP) region where the tenant is deployed.\n", + "type": "string" + }, + "serviceAccountKey": { + "description": "ServiceAccountKey is the service account to the pub/sub and bucket.\n", + "type": "string" + } + }, + "type": "object" + }, + "types.CSAStatus": { + "description": "CSAStatus is the CSA status", + "properties": { + "tenantURL": { + "description": "TenantURL is the CSA tenant URL.\n", + "type": "string" + } + }, + "type": "object" + }, + "types.CVEStats": { + "description": "CVEStats represents statistics about a CVE type", + "properties": { + "count": { + "description": "Count is the number of CVEs from the specific type.\n", + "type": "integer" + }, + "distro": { + "description": "Distro is the impacted image distro (e.g., ubuntu).\n", + "type": "string" + }, + "distro_release": { + "description": "DistroRelase is the impacted image distro release (bionic).\n", + "type": "string" + }, + "modified": { + "description": "Modified is the max unix timestamp for the specific CVE.\n", + "format": "int64", + "type": "integer" + }, + "type": { + "description": "Type is the vulnerability type.\n", + "type": "string" + } + }, + "type": "object" + }, + "types.CVEVulnerability": { + "description": "CVEVulnerability holds data on package and files vulnerabilities", + "properties": { + "affected_cpes": { + "$ref": "#/components/schemas/vulnerability.RHELCpeHashes" + }, + "affected_cpes_uuid": { + "description": "AffectedCpesUUID is used to create unique records for vulnerabilities that only differ in their affected CPEs.\n", + "type": "string" + }, + "app_vuln_id": { + "description": "AppVulnID is the unique ID of the application vulnerability (app+cve+internal custom ID).\n", + "type": "string" + }, + "archs": { + "$ref": "#/components/schemas/vulnerability.CPUArchs" + }, + "conditions": { + "$ref": "#/components/schemas/vulnerability.Conditions" + }, + "cpe_ids": { + "$ref": "#/components/schemas/vulnerability.CpeIDs" + }, + "custom": { + "description": "Custom indicates if this is a custom vulnerability.\n", + "type": "boolean" + }, + "cve": { + "description": ".\n", + "type": "string" + }, + "cvss": { + "description": ".\n", + "format": "float", + "type": "number" + }, + "description": { + "description": "Description is the vulnerability description.\n", + "type": "string" + }, + "distro": { + "description": ".\n", + "type": "string" + }, + "distro_release": { + "description": ".\n", + "type": "string" + }, + "exploit": { + "$ref": "#/components/schemas/vulnerability.ExploitType" + }, + "exploits": { + "$ref": "#/components/schemas/vulnerability.Exploits" + }, + "fixDate": { + "description": "FixDate is the date this CVE was fixed (unix timestamp).\n", + "format": "int64", + "type": "integer" + }, + "go_package": { + "description": "GoPackage indicates a Go vulnerability at package-level and holds the package import path.\n", + "type": "string" + }, + "is_rpm_module": { + "description": "IsRPMModule indicates whether this vulnerability is specific to an RPM module.\n", + "type": "boolean" + }, + "jar_identifier": { + "description": "JarIdentifier holds an additional identification detail of the vulnerable JAR.\n", + "type": "string" + }, + "link": { + "description": "Link is the link for information about the vulnerability (used for custom vulnerabilities).\n", + "type": "string" + }, + "link_id": { + "description": "LinkID is the ID required to construct the vendor link to the CVE.\n", + "type": "string" + }, + "modified": { + "description": "Modified is the last time this CVE was modified (unix timestamp).\n", + "format": "int64", + "type": "integer" + }, + "non_vulnerable": { + "description": "NonVulnerable indicates that the CVE in not vulnerable on its own, but only when it comes together with conditional combination of CVE.\n", + "type": "boolean" + }, + "originBuilder": { + "description": "OriginBuilder indicates the origin of the CVE.\n", + "type": "string" + }, + "package": { + "description": ".\n", + "type": "string" + }, + "rh_general_severity": { + "description": "RHGeneralSeverity is the Red Hat's general severity of this CVE.\n", + "type": "string" + }, + "rpm_module": { + "description": "RPMModule represents the RPM module containing the package affected by this vulnerability.\n", + "type": "string" + }, + "rules": { + "$ref": "#/components/schemas/vulnerability.Rules" + }, + "running_on_with": { + "description": "RunningOnWith is NVD \"running On/With\" conditions.\n", + "type": "string" + }, + "security_repo_pkg": { + "description": "SecurityRepoPkg determines if the package belongs to a security repository (e.g. bullseye-security).\n", + "type": "boolean" + }, + "severity": { + "description": ".\n", + "type": "string" + }, + "status": { + "description": "Status is the official vendor state for the CVE.\n", + "type": "string" + }, + "symbols": { + "$ref": "#/components/schemas/vulnerability.Symbols" + }, + "type": { + "$ref": "#/components/schemas/vulnerability.CVEType" + }, + "vecStr": { + "description": "VectorString is the NVD vulnerability string.\n", + "type": "string" + } + }, + "type": "object" + }, + "types.CertData": { + "description": "CertData is used to add a custom certificate to the product", + "properties": { + "certificate": { + "description": "Data is the certificate pem data.\n", + "type": "string" + } + }, + "type": "object" + }, + "types.CertSettings": { + "description": "CertSettings are the certificates settings", + "properties": { + "caExpiration": { + "description": "CAExpiration holds the expiration date of the CA cert.\n", + "format": "date-time", + "type": "string" + }, + "consoleSAN": { + "description": "ConsoleSAN if specified, use this list as the SAN for the console server certificate. Used for websocket and API.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "defenderOldCAExpiration": { + "description": "DefenderOldCAExpiration holds the expiration time of the defender old CA cert.\n", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "types.CertificateSettings": { + "description": "CertificateSettings are the certificate settings", + "properties": { + "accessCaCert": { + "description": "AccessCACert is a custom CA certificate.\n", + "type": "string" + }, + "certificatePeriodDays": { + "description": "CertificatePeriodDays is the certificates period in days.\n", + "type": "integer" + } + }, + "type": "object" + }, + "types.CloudComputeInfo": { + "description": "CloudComputeInfo holds some fields from the compute structure that may be contained in the raw cloud info", + "properties": { + "vmId": { + "description": "VMID (\"vmId\") is a field used in Azure raw struct.\n", + "type": "string" + } + }, + "type": "object" + }, + "types.CloudInfo": { + "description": "CloudInfo holds cloud information of a CSA agent\nTODO #CWP-52951: - Cortex should send us normalized cloud attributes instead of raw data.", + "properties": { + "cloud_provider": { + "$ref": "#/components/schemas/types.CloudProvider" + }, + "raw": { + "$ref": "#/components/schemas/types.CloudRawInfo" + } + }, + "type": "object" + }, + "types.CloudProvider": { + "description": "CloudProvider identifies a cloud provider in the CSA Endpoints API", + "enum": [ + [ + "AWS", + "GCP", + "Azure" + ] + ], + "type": "string" + }, + "types.CloudProviders": { + "items": { + "$ref": "#/components/schemas/common.CloudProvider" + }, + "type": "array" + }, + "types.CloudRawInfo": { + "description": "CloudRawInfo holds some fields that may appear in the raw cloud info, depending on cloud provider\nTODO #CWP-52951: - Cortex should send us normalized cloud attributes instead of raw data.", + "properties": { + "compute": { + "$ref": "#/components/schemas/types.CloudComputeInfo" + }, + "id": { + "description": "ID (\"id\") is a field used in GCP raw struct.\n", + "type": "string" + }, + "instance-id": { + "description": "InstanceID (\"instance-id\") is a field used in AWS raw struct.\n", + "type": "string" + } + }, + "type": "object" + }, + "types.ClusterRadarInfo": { + "description": "ClusterRadarInfo contains cluster information to display on the radar", + "properties": { + "cloudProivder": { + "$ref": "#/components/schemas/common.CloudProvider" + }, + "hostCount": { + "description": "HostCount is the number of host running the cluster.\n", + "type": "integer" + }, + "name": { + "description": "Name of the cluster.\n", + "type": "string" + }, + "namespaceCount": { + "description": "Namespace is the number of namespace in the cluster.\n", + "type": "integer" + } + }, + "type": "object" + }, + "types.ComplianceCategoryStats": { + "description": "ComplianceCategoryStats holds data regarding a compliance category", + "properties": { + "failed": { + "description": "Failed is the count of impacted resources by the category IDs.\n", + "type": "integer" + }, + "name": { + "$ref": "#/components/schemas/vuln.ComplianceCategory" + }, + "total": { + "description": "Total is the count of evaluations of category IDs.\n", + "type": "integer" + } + }, + "type": "object" + }, + "types.ComplianceDailyStats": { + "description": "ComplianceDailyStats is the compliance daily stats", + "properties": { + "_id": { + "description": "Date holds the date the data was collected.\n", + "type": "string" + }, + "distribution": { + "$ref": "#/components/schemas/vuln.Distribution" + }, + "modified": { + "description": "Modified is the time the data was modified.\n", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "types.ComplianceIDStats": { + "description": "ComplianceIDStats holds data regarding applied compliance ID", + "properties": { + "benchmarkID": { + "description": "BenchmarkID is the benchmark ID.\n", + "type": "string" + }, + "category": { + "$ref": "#/components/schemas/vuln.ComplianceCategory" + }, + "description": { + "description": "Description is the compliance description.\n", + "type": "string" + }, + "failed": { + "description": "Failed is the number of occurrences of compliance ID in resources.\n", + "type": "integer" + }, + "id": { + "description": "ID is the compliance ID.\n", + "type": "integer" + }, + "severity": { + "description": "Severity is the compliance severity.\n", + "type": "string" + }, + "templateTitle": { + "description": "TemplateTitle is the template title.\n", + "type": "string" + }, + "total": { + "description": "Total is the count of resources evaluated with the compliance.\n", + "type": "integer" + }, + "type": { + "$ref": "#/components/schemas/vulnerability.Type" + } + }, + "type": "object" + }, + "types.ComplianceStats": { + "description": "ComplianceStats holds compliance data", + "properties": { + "categories": { + "description": "Compliance stats by category.\n", + "items": { + "$ref": "#/components/schemas/types.ComplianceCategoryStats" + }, + "type": "array" + }, + "daily": { + "description": "Daily compliance stats.\n", + "items": { + "$ref": "#/components/schemas/types.ComplianceDailyStats" + }, + "type": "array" + }, + "ids": { + "description": "Compliance data by check ID.\n", + "items": { + "$ref": "#/components/schemas/types.ComplianceIDStats" + }, + "type": "array" + }, + "rules": { + "description": "Compliance stats by policy rules.\n", + "items": { + "$ref": "#/components/schemas/types.RuleComplianceStats" + }, + "type": "array" + }, + "templates": { + "description": "Compliance stats by template.\n", + "items": { + "$ref": "#/components/schemas/types.ComplianceTemplateStats" + }, + "type": "array" + } + }, + "type": "object" + }, + "types.ComplianceTemplateStats": { + "description": "ComplianceTemplateStats holds data regarding a compliance template", + "properties": { + "failed": { + "description": "Failed is the count of impacted resources by the template IDs.\n", + "type": "integer" + }, + "name": { + "$ref": "#/components/schemas/vuln.ComplianceTemplate" + }, + "total": { + "description": "Total is the count of evaluations of template IDs.\n", + "type": "integer" + } + }, + "type": "object" + }, + "types.ConsoleCertificateSettings": { + "description": "ConsoleCertificateSettings are the console certificate settings", + "properties": { + "checkRevocation": { + "description": "CheckRevocation indicates whether cert revocation status is required.\n", + "type": "boolean" + }, + "consoleCaCert": { + "description": "ConsoleCACert is a custom CA certificate for the console.\n", + "type": "string" + }, + "consoleCustomCert": { + "$ref": "#/components/schemas/common.Secret" + }, + "hpkp": { + "$ref": "#/components/schemas/types.HPKPSettings" + } + }, + "type": "object" + }, + "types.ContainerRadarData": { + "description": "ContainerRadarData represent all data relevant to the network radar", + "properties": { + "containerCount": { + "description": "ContainerCount is the total number of containers.\n", + "type": "integer" + }, + "radar": { + "description": "Radar holds all radar entities.\n", + "items": { + "$ref": "#/components/schemas/types.ContainerRadarEntity" + }, + "type": "array" + }, + "radarSubnets": { + "description": "RadarSubnets holds all the radar subnets.\n", + "items": { + "$ref": "#/components/schemas/cnnf.NetworkEntity" + }, + "type": "array" + } + }, + "type": "object" + }, + "types.ContainerRadarEntity": { + "description": "ContainerRadarEntity is the extended container radar entity (include presentation metadata)", + "properties": { + "_id": { + "description": ".\n", + "type": "string" + }, + "agentless": { + "description": "Agentless indicates whether this container was scanned by the agentless scanner.\n", + "type": "boolean" + }, + "allowAll": { + "$ref": "#/components/schemas/cnnf.AllowAllConnections" + }, + "appFirewallAttackCounts": { + "description": "AppFirewallAttackCounts is the counts for the app firewall attacks.\n", + "items": { + "$ref": "#/components/schemas/types.AppFirewallAttackCount" + }, + "type": "array" + }, + "cluster": { + "description": "Cluster is the provided cluster name.\n", + "type": "string" + }, + "complianceDistribution": { + "$ref": "#/components/schemas/vuln.Distribution" + }, + "containerCount": { + "description": "ContainerCount is the amount of containers per entity.\n", + "type": "integer" + }, + "distro": { + "description": ".\n", + "type": "string" + }, + "dns": { + "description": "DNS states whether this is a DNS node.\n", + "type": "boolean" + }, + "filesystemCount": { + "description": ".\n", + "type": "integer" + }, + "firewallProtection": { + "$ref": "#/components/schemas/waas.ProtectionStatus" + }, + "geoip": { + "$ref": "#/components/schemas/runtime.ProfileNetworkGeoIP" + }, + "hasDNSConnection": { + "description": "HasDNSConnection states whether the node has DNS connection.\n", + "type": "boolean" + }, + "hostCount": { + "description": ".\n", + "type": "integer" + }, + "hostname": { + "description": ".\n", + "type": "string" + }, + "imageID": { + "description": "ImageID is the entity's image ID.\n", + "type": "string" + }, + "imageName": { + "description": "ImageName is the entity's image name.\n", + "type": "string" + }, + "imageNames": { + "description": "ImageNames are the names of the image associated with the radar entity.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "incidentCount": { + "description": "IncidentCount is the number of incidents.\n", + "type": "integer" + }, + "incomingConnections": { + "description": "IncomingConnections are the radar entity incoming connections.\n", + "items": { + "$ref": "#/components/schemas/shared.ContainerRadarIncomingConnection" + }, + "type": "array" + }, + "internet": { + "$ref": "#/components/schemas/shared.InternetConnections" + }, + "istio": { + "description": "Istio states whether it is an istio-monitored entity.\n", + "type": "boolean" + }, + "istioAuthorizationPolicies": { + "description": "IstioAuthorizationPolicies are the Istio authorization policies.\n", + "items": { + "$ref": "#/components/schemas/istio.AuthorizationPolicy" + }, + "type": "array" + }, + "k8s": { + "$ref": "#/components/schemas/shared.ProfileKubernetesData" + }, + "label": { + "description": "Label is the entity's label.\n", + "type": "string" + }, + "labels": { + "description": "Labels are the radar entity labels.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "learning": { + "description": "Learning indicates whether the runtime profile associated with the entity is in learning state.\n", + "type": "boolean" + }, + "namespace": { + "description": "Namespace is the kubernetes namespace the entity belongs to (for kubernetes type).\n", + "type": "string" + }, + "networkCount": { + "description": ".\n", + "type": "integer" + }, + "processesCount": { + "description": ".\n", + "type": "integer" + }, + "profileHash": { + "$ref": "#/components/schemas/common.ProfileHash" + }, + "region": { + "description": "Region is the cloud provider region.\n", + "type": "string" + }, + "resolved": { + "description": "Resolved indicates if the entity has all data resolved or just contains the ID and hash, used to indicate if the console should be updated on entity resolving.\n", + "type": "boolean" + }, + "serviceIP": { + "description": "ServiceIP the ip of the kubernetes service (for kubernetes type).\n", + "type": "string" + }, + "serviceName": { + "description": "ServiceName is kubernetes service the entity belongs to (for kubernetes type).\n", + "type": "string" + }, + "servicePorts": { + "description": "ServicePorts are the ports the kubernetes service exposes (for kubernetes type).\n", + "items": { + "$ref": "#/components/schemas/int" + }, + "type": "array" + }, + "shouldSkipNetwork": { + "description": "ShouldSkipNetwork indicates whether network monitoring for this container should be skipeed or not.\n", + "type": "boolean" + }, + "subnetConnections": { + "$ref": "#/components/schemas/shared.SubnetConnections" + }, + "type": { + "$ref": "#/components/schemas/shared.EntityType" + }, + "vulnerabilityDistribution": { + "$ref": "#/components/schemas/vuln.Distribution" + }, + "waasStats": { + "$ref": "#/components/schemas/waas.MonitoringStats" + } + }, + "type": "object" + }, + "types.Count": { + "properties": { + "value": { + "description": ".\n", + "type": "integer" + } + }, + "type": "object" + }, + "types.CredentialUsage": { + "description": "CredentialUsage represents a single credential usage", + "properties": { + "description": { + "description": "Resource description (e.g., repository name for registry scan).\n", + "type": "string" + }, + "type": { + "$ref": "#/components/schemas/cred.UsageType" + } + }, + "type": "object" + }, + "types.DefenderSummary": { + "description": "DefenderSummary is a summary for a type of defender", + "properties": { + "category": { + "$ref": "#/components/schemas/defender.Category" + }, + "connected": { + "description": "Connected counts how many defenders are connected for this category.\n", + "type": "integer" + }, + "deployed": { + "description": "Deployed counts how many defenders are deployed for this category.\n", + "type": "integer" + }, + "licensed": { + "description": "Licensed counts how many defenders are licensed for this category.\n", + "type": "integer" + } + }, + "type": "object" + }, + "types.DefenderUsage": { + "description": "DefenderUsage holds the number of defenders and the credits used for a specific defender type", + "properties": { + "creditCount": { + "description": "CreditCount is credits that was used for this defender type.\n", + "format": "double", + "type": "number" + }, + "defendersCount": { + "description": "DefendersCount is the number of defenders that was used for this defender type.\n", + "format": "double", + "type": "number" + } + }, + "type": "object" + }, + "types.DefendersVersionCount": { + "description": "DefendersVersionCount holds the defenders count per each version", + "properties": { + "count": { + "description": "Defenders count per version.\n", + "type": "integer" + }, + "version": { + "description": "Release version.\n", + "type": "string" + } + }, + "type": "object" + }, + "types.DiscoveredVM": { + "description": "DiscoveredVM represents the information about the instance, fetched from the cloud compute interface", + "properties": { + "_id": { + "description": "ID is the instance id. E.g. \"i-5cd23551\".\n", + "type": "string" + }, + "accountID": { + "description": "AccountID is the cloud provider account ID.\n", + "type": "string" + }, + "architecture": { + "description": "Architecture is the architecture of the image.\n", + "type": "string" + }, + "arn": { + "description": "The Amazon Resource Name (ARN) assigned to the instance.\n", + "type": "string" + }, + "awsSubnetID": { + "description": "AWSSubnetID is the ID of the subnet associated with the VM (AWS only).\n", + "type": "string" + }, + "awsVPCID": { + "description": "AWSVPCID is the ID of the VPC associated with the VM (AWS only).\n", + "type": "string" + }, + "cluster": { + "description": "Cluster is the cluster name that is associated with the vm.\n", + "type": "string" + }, + "collections": { + "description": "Collections is a list of the matched collections.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "createdAt": { + "description": "CreatedAt is the time when the instance was launched.\n", + "format": "date-time", + "type": "string" + }, + "fqdn": { + "description": "FQDN is the host's fully qualified domain name . E.g. \"ip-192-0-2-0.us-east-2.compute.internal\".\n", + "type": "string" + }, + "hasDefender": { + "description": "HasDefender indicates that the instance has a defender installed on it.\n", + "type": "boolean" + }, + "hostname": { + "description": "Hostname is the hostname. E.g. \"ip-192-0-2-0\" or \"custom\".\n", + "type": "string" + }, + "imageID": { + "description": "ImageID is the ID of the AMI used to launch the instance. E.g. \"ami-35501205\".\n", + "type": "string" + }, + "imageName": { + "description": "ImageName is the name of the AMI used to launch the instance.\n", + "type": "string" + }, + "name": { + "description": "Name is the instance name.\n", + "type": "string" + }, + "os": { + "description": "OS is the Operating System installed on the instance.\n", + "type": "string" + }, + "osInfo": { + "$ref": "#/components/schemas/common.OSDistroInfo" + }, + "provider": { + "$ref": "#/components/schemas/common.CloudProvider" + }, + "region": { + "description": "Region is the region the VM is located at.\n", + "type": "string" + }, + "tags": { + "description": "Tags are the tags of the VM instance.\n", + "items": { + "$ref": "#/components/schemas/common.ExternalLabel" + }, + "type": "array" + }, + "timestamp": { + "description": "Timestamp is the time in which the instance info was fetched.\n", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "types.EcsTaskDefinitionOptions": { + "description": "EcsTaskDefinitionOptions holds the ecs deployment options", + "properties": { + "annotations": { + "additionalProperties": { + "$ref": "#/components/schemas/string" + }, + "description": "Annotations is mapping of key-value pairs of annotations metadata - optional.\n", + "type": "object" + }, + "bottlerocket": { + "description": "Bottlerocket indicates whether to be deployed on a Bottlerocket Linux OS.\n", + "type": "boolean" + }, + "cluster": { + "description": "Cluster is the kubernetes or ecs cluster name.\n", + "type": "string" + }, + "clusterNameResolvingMethod": { + "description": "ClusterNameResolvingMethod is the method used to resolve the cluster name, could be default, manual or api-server.\n", + "type": "string" + }, + "collectPodLabels": { + "description": "CollectPodLabels indicates whether to collect pod related labels resource labels.\n", + "type": "boolean" + }, + "consoleAddr": { + "description": "ConsoleAddr is the console address for defender communication.\n", + "type": "string" + }, + "containerRuntime": { + "$ref": "#/components/schemas/common.ContainerRuntime" + }, + "cpuLimit": { + "description": "CPULimit is the cpu limit for the defender deamonset - optional.\n", + "type": "integer" + }, + "credentialID": { + "description": "CredentialID is the name of the credential used.\n", + "type": "string" + }, + "dockerSocketPath": { + "description": "DockerSocketPath is the path of the docker socket file.\n", + "type": "string" + }, + "gkeAutopilot": { + "description": "GKEAutopilot indicates the deployment is requested for GKE Autopilot.\n", + "type": "boolean" + }, + "hostCustomComplianceEnabled": { + "description": "HostCustomComplianceEnabled indicates whether host custom compliance checks are enabled.\n", + "type": "boolean" + }, + "image": { + "description": "Image is the full daemonset image name.\n", + "type": "string" + }, + "istio": { + "description": "MonitorIstio indicates whether to monitor Istio.\n", + "type": "boolean" + }, + "memoryLimit": { + "description": "MemoryLimit is a memory limit for the defender deamonset - optional.\n", + "type": "integer" + }, + "namespace": { + "description": "Namespace is the target deamonset namespaces.\n", + "type": "string" + }, + "nodeSelector": { + "description": "NodeSelector is a key/value node selector.\n", + "type": "string" + }, + "orchestration": { + "description": "Orchestration is the orchestration type.\n", + "type": "string" + }, + "priorityClassName": { + "description": "PriorityClassName is the name of the priority class for the defender - optional.\n", + "type": "string" + }, + "privileged": { + "description": "Privileged indicates whether to run defenders as privileged.\n", + "type": "boolean" + }, + "projectID": { + "description": "ProjectID is the kubernetes cluster project ID.\n", + "type": "string" + }, + "proxy": { + "$ref": "#/components/schemas/common.DefenderProxyOpt" + }, + "region": { + "description": "Region is the kubernetes cluster location region.\n", + "type": "string" + }, + "roleARN": { + "description": "RoleARN is the role's ARN to associate with the created service account - optional.\n", + "type": "string" + }, + "secretsname": { + "description": "SecretsName is the name of the secret to pull.\n", + "type": "string" + }, + "selinux": { + "description": "SelinuxEnforced indicates whether selinux is enforced on the target host.\n", + "type": "boolean" + }, + "serviceaccounts": { + "description": "MonitorServiceAccounts indicates whether to monitor service accounts.\n", + "type": "boolean" + }, + "talos": { + "description": "Talos indicates if the daemonset is to be deployed on a Talos Linux k8s cluster.\n", + "type": "boolean" + }, + "taskName": { + "description": "TaskName is the name used for the task definition.\n", + "type": "string" + }, + "tolerations": { + "description": "Tolerations is a list of tolerations for the defender deamonset - optional.\n", + "items": { + "$ref": "#/components/schemas/common.Toleration" + }, + "type": "array" + }, + "uniqueHostname": { + "description": "UniqueHostname indicates whether to assign unique hostnames.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "types.Endpoint": { + "description": "Endpoint represents a Cortex XDR agent", + "properties": { + "active_directory": { + "description": ".\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "alias": { + "description": ".\n", + "type": "string" + }, + "assigned_extensions_policy": { + "description": ".\n", + "type": "string" + }, + "assigned_prevention_policy": { + "description": ".\n", + "type": "string" + }, + "cloud_info": { + "$ref": "#/components/schemas/types.CloudInfo" + }, + "cloud_labels": { + "description": ".\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "cloud_provider_account_id": { + "description": ".\n", + "type": "string" + }, + "cloud_security_agent_capable": { + "description": ".\n", + "type": "boolean" + }, + "cloud_security_agent_mode": { + "description": ".\n", + "type": "boolean" + }, + "cluster_name": { + "description": ".\n", + "type": "string" + }, + "content_release_timestamp": { + "description": ".\n", + "format": "int64", + "type": "integer" + }, + "content_status": { + "description": ".\n", + "type": "string" + }, + "content_version": { + "description": ".\n", + "type": "string" + }, + "domain": { + "description": ".\n", + "type": "string" + }, + "endpoint_id": { + "description": "EndpointID is the Endpoint unique identifier.\n", + "type": "string" + }, + "endpoint_name": { + "description": "EndpointName is the hostname.\n", + "type": "string" + }, + "endpoint_status": { + "description": ".\n", + "type": "string" + }, + "endpoint_type": { + "description": ".\n", + "type": "string" + }, + "endpoint_version": { + "description": ".\n", + "type": "string" + }, + "first_seen": { + "description": ".\n", + "format": "int64", + "type": "integer" + }, + "group_name": { + "description": ".\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "install_date": { + "description": ".\n", + "format": "int64", + "type": "integer" + }, + "installation_package": { + "description": ".\n", + "type": "string" + }, + "ip": { + "description": ".\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "ipv6": { + "description": ".\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "is_isolated": { + "description": ".\n", + "type": "string" + }, + "isolated_date": { + "description": ".\n", + "format": "int64", + "type": "integer" + }, + "last_content_update_time": { + "description": ".\n", + "format": "int64", + "type": "integer" + }, + "last_seen": { + "description": "LastSeen is the last time the Endpoint was seen connected (UTC epoch milliseconds).\n", + "format": "int64", + "type": "integer" + }, + "mac_address": { + "description": ".\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "operating_system": { + "description": ".\n", + "type": "string" + }, + "operational_status": { + "description": ".\n", + "type": "string" + }, + "operational_status_description": { + "description": ".\n", + "type": "string" + }, + "operational_status_details": { + "description": ".\n", + "items": { + "$ref": "#/components/schemas/types.OperationalStatusDetail" + }, + "type": "array" + }, + "os_type": { + "description": ".\n", + "type": "string" + }, + "os_version": { + "description": ".\n", + "type": "string" + }, + "public_ip": { + "description": ".\n", + "type": "string" + }, + "scan_status": { + "description": ".\n", + "type": "string" + }, + "tags": { + "$ref": "#/components/schemas/types.Tags" + }, + "token_hash": { + "description": ".\n", + "type": "string" + }, + "users": { + "description": ".\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + "type": "object" + }, + "types.EventStats": { + "description": "EventStats holds counters for all event types", + "properties": { + "admissionAudits": { + "description": ".\n", + "type": "integer" + }, + "agentlessAppFirewall": { + "description": ".\n", + "type": "integer" + }, + "appEmbeddedAppFirewall": { + "description": ".\n", + "type": "integer" + }, + "appEmbeddedRuntime": { + "description": ".\n", + "type": "integer" + }, + "containerAppFirewall": { + "description": ".\n", + "type": "integer" + }, + "containerNetworkFirewall": { + "description": ".\n", + "type": "integer" + }, + "containerRuntime": { + "description": ".\n", + "type": "integer" + }, + "containerSecurityEvents": { + "description": "Cloud Security Agent event stats.\n", + "type": "integer" + }, + "dockerAccess": { + "description": ".\n", + "type": "integer" + }, + "fileIntegrity": { + "description": ".\n", + "type": "integer" + }, + "hostActivities": { + "description": ".\n", + "type": "integer" + }, + "hostAppFirewall": { + "description": ".\n", + "type": "integer" + }, + "hostNetworkFirewall": { + "description": ".\n", + "type": "integer" + }, + "hostRuntime": { + "description": ".\n", + "type": "integer" + }, + "hostSecurityEvents": { + "description": ".\n", + "type": "integer" + }, + "kubernetesAudits": { + "description": ".\n", + "type": "integer" + }, + "logInspection": { + "description": ".\n", + "type": "integer" + }, + "serverlessAppFirewall": { + "description": ".\n", + "type": "integer" + }, + "serverlessRuntime": { + "description": ".\n", + "type": "integer" + }, + "trustAudits": { + "description": ".\n", + "type": "integer" + } + }, + "type": "object" + }, + "types.Group": { + "description": "Group represents a console group", + "properties": { + "_id": { + "description": "Group name.\n", + "type": "string" + }, + "groupId": { + "description": "Group identifier in the Azure SAML identification process.\n", + "type": "string" + }, + "groupName": { + "description": "Group name.\n", + "type": "string" + }, + "lastModified": { + "description": "Datetime when the group was created or last modified.\n", + "format": "date-time", + "type": "string" + }, + "ldapGroup": { + "description": "Indicates if the group is an LDAP group (true) or not (false).\n", + "type": "boolean" + }, + "oauthGroup": { + "description": "Indicates if the group is an OAuth group (true) or not (false).\n", + "type": "boolean" + }, + "oidcGroup": { + "description": "Indicates if the group is an OpenID Connect group (true) or not (false).\n", + "type": "boolean" + }, + "owner": { + "description": "User who created or modified the group.\n", + "type": "string" + }, + "permissions": { + "$ref": "#/components/schemas/api.Permissions" + }, + "role": { + "description": "Role of the group.\n", + "type": "string" + }, + "samlGroup": { + "description": "Indicates if the group is a SAML group (true) or not (false).\n", + "type": "boolean" + }, + "user": { + "description": "Users in the group.\n", + "items": { + "$ref": "#/components/schemas/shared.User" + }, + "type": "array" + } + }, + "type": "object" + }, + "types.Groups": { + "description": "Groups represents a list of groups", + "items": { + "$ref": "#/components/schemas/types.Group" + }, + "type": "array" + }, + "types.HPKPSettings": { + "description": "HPKPSettings represents the public key pinning settings", + "properties": { + "certs": { + "description": "Certs are the public certs used for fingerprinting.\n", + "type": "string" + }, + "enabled": { + "description": ".\n", + "type": "boolean" + }, + "fingerprints": { + "description": "SHA256 fingerprints of the certificates.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + "type": "object" + }, + "types.HostAssetInfo": { + "properties": { + "accountID": { + "description": ".\n", + "type": "string" + }, + "cluster": { + "description": ".\n", + "type": "string" + }, + "collections": { + "description": "Collections to which this result applies.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "distro": { + "description": ".\n", + "type": "string" + }, + "docker": { + "description": ".\n", + "type": "string" + }, + "kubernetes": { + "description": ".\n", + "type": "string" + }, + "lastScanTime": { + "description": ".\n", + "format": "date-time", + "type": "string" + }, + "name": { + "description": ".\n", + "type": "string" + }, + "osDistro": { + "description": ".\n", + "type": "string" + }, + "osRelease": { + "description": ".\n", + "type": "string" + }, + "provider": { + "$ref": "#/components/schemas/common.CloudProvider" + }, + "region": { + "description": ".\n", + "type": "string" + }, + "resourceName": { + "description": ".\n", + "type": "string" + }, + "scanPassed": { + "description": ".\n", + "type": "boolean" + }, + "scannedBy": { + "description": ".\n", + "type": "string" + }, + "stage": { + "description": ".\n", + "type": "string" + }, + "vmImage": { + "description": ".\n", + "type": "string" + } + }, + "type": "object" + }, + "types.HostAssetsSummary": { + "properties": { + "cloudProviders": { + "$ref": "#/components/schemas/types.CloudProviders" + }, + "total": { + "description": ".\n", + "type": "integer" + }, + "vulnerable": { + "description": "Vulnerable is the number of images with impactful vulnerabilities.\n", + "type": "integer" + } + }, + "type": "object" + }, + "types.HostAutoDeploySpecStatus": { + "description": "HostAutoDeploySpecStatus contains the discovery and deployment status for a particular host auto-deploy spec", + "properties": { + "defended": { + "description": "Defended is the number of already defended VMs.\n", + "type": "integer" + }, + "discovered": { + "description": "Discovered is the number of discovered unprodected VMs.\n", + "type": "integer" + }, + "error": { + "description": "Error is an error logged during the the auto-deploy scan (if occurred).\n", + "type": "string" + }, + "errors": { + "description": "Errors are the errors occurred in the command invocations.\n", + "items": { + "$ref": "#/components/schemas/deployment.CommandError" + }, + "type": "array" + }, + "failed": { + "description": "Failed is the number of instances where deployment failed.\n", + "type": "integer" + }, + "missingPermissions": { + "description": "MissingPermissions is the number of instances in regions that the credential don't have permissions to them.\n", + "type": "integer" + }, + "name": { + "description": "Name is the spec name.\n", + "type": "string" + }, + "skipped": { + "description": "Skipped is the number of instances that the deployment was skipped for due to having a running Docker engine or being a worker node in a k8s cluster.\n", + "type": "integer" + }, + "unmatched": { + "description": "Unmatched is the number of discovered instances for which the scope does not apply.\n", + "type": "integer" + }, + "unsupported": { + "description": "Unsupported is the number of instances with missing prerequisites.\n", + "type": "integer" + }, + "windows": { + "description": "Windows is the number of windows instances discovered.\n", + "type": "integer" + } + }, + "type": "object" + }, + "types.HostAutoDeployStatus": { + "description": "HostAutoDeployStatus is the status of the deployment tasks per spec during the host auto-deploy action", + "properties": { + "scanning": { + "description": "Scanning indicates whether scanning is running.\n", + "type": "boolean" + }, + "status": { + "description": "Status contains the deploy status for each spec.\n", + "items": { + "$ref": "#/components/schemas/types.HostAutoDeploySpecStatus" + }, + "type": "array" + } + }, + "type": "object" + }, + "types.HostRadarData": { + "description": "HostRadarData represent all data relevant to the network radar", + "properties": { + "hostCount": { + "description": "HostCount is the total number of hosts.\n", + "type": "integer" + }, + "radar": { + "description": "Radar holds all radar entities.\n", + "items": { + "$ref": "#/components/schemas/types.HostRadarEntity" + }, + "type": "array" + }, + "radarSubnets": { + "description": "RadarSubnets holds all the radar subnets.\n", + "items": { + "$ref": "#/components/schemas/cnnf.NetworkEntity" + }, + "type": "array" + } + }, + "type": "object" + }, + "types.HostRadarEntity": { + "description": "HostRadarEntity is the extended host radar entity (include presentation metadata)", + "properties": { + "OSDistro": { + "description": "OSDistro is the OS distro name (e.g., ubuntu).\n", + "type": "string" + }, + "_id": { + "description": "ID is the host name.\n", + "type": "string" + }, + "activitiesCount": { + "description": "ActivitiesCount is the number of activities detected in the host.\n", + "type": "integer" + }, + "agentless": { + "description": "Agentless indicates whether this host was scanned by the agentless scanner.\n", + "type": "boolean" + }, + "allowAll": { + "$ref": "#/components/schemas/cnnf.AllowAllConnections" + }, + "appFirewallAttackCounts": { + "description": "AppFirewallAttackCounts is the counts for the app firewall attacks.\n", + "items": { + "$ref": "#/components/schemas/types.AppFirewallAttackCount" + }, + "type": "array" + }, + "cloudMetadata": { + "$ref": "#/components/schemas/common.CloudMetadata" + }, + "cluster": { + "description": "Cluster is the cluster the host is deployed on.\n", + "type": "string" + }, + "complianceDistribution": { + "$ref": "#/components/schemas/vuln.Distribution" + }, + "created": { + "description": "Created is the profile creation time.\n", + "format": "date-time", + "type": "string" + }, + "fileIntegrityCount": { + "description": "FileIntegrityCount is the number of file integrity events detected in the host.\n", + "type": "integer" + }, + "filesystemCount": { + "description": "FilesystemCount is number of filesystem events triggered by the entity.\n", + "type": "integer" + }, + "firewallProtection": { + "$ref": "#/components/schemas/waas.ProtectionStatus" + }, + "geoip": { + "$ref": "#/components/schemas/runtime.ProfileNetworkGeoIP" + }, + "incidentCount": { + "description": "IncidentCount is the number of incidents triggered by the entity.\n", + "type": "integer" + }, + "incoming": { + "description": "Incoming are the incoming connections from the host.\n", + "items": { + "$ref": "#/components/schemas/shared.HostRadarIncomingConnection" + }, + "type": "array" + }, + "internet": { + "$ref": "#/components/schemas/shared.InternetConnections" + }, + "labels": { + "description": "Labels are the labels associated with the profile.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "listeningPorts": { + "$ref": "#/components/schemas/common.ProfilePortData" + }, + "logInspectionCount": { + "description": "LogInspectionCount is the number of log inspection events detected in the host.\n", + "type": "integer" + }, + "networkCount": { + "description": "NetworkCount is number of network events triggered by the entity.\n", + "type": "integer" + }, + "outboundPorts": { + "$ref": "#/components/schemas/common.ProfilePortData" + }, + "processesCount": { + "description": "ProcessesCount is the number of processes events triggered by the entity.\n", + "type": "integer" + }, + "profileHash": { + "$ref": "#/components/schemas/common.ProfileHash" + }, + "subnetConnections": { + "$ref": "#/components/schemas/shared.SubnetConnections" + }, + "vulnerabilityDistribution": { + "$ref": "#/components/schemas/vuln.Distribution" + }, + "waasStats": { + "$ref": "#/components/schemas/waas.MonitoringStats" + } + }, + "type": "object" + }, + "types.ImageAssetInfo": { + "properties": { + "collections": { + "description": "Collections to which this result applies.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "digest": { + "description": ".\n", + "type": "string" + }, + "distro": { + "description": ".\n", + "type": "string" + }, + "imageID": { + "description": ".\n", + "type": "string" + }, + "lastScanTime": { + "description": ".\n", + "format": "date-time", + "type": "string" + }, + "name": { + "description": ".\n", + "type": "string" + }, + "osDistro": { + "description": ".\n", + "type": "string" + }, + "osRelease": { + "description": ".\n", + "type": "string" + }, + "registry": { + "description": ".\n", + "type": "string" + }, + "repository": { + "description": ".\n", + "type": "string" + }, + "scanPassed": { + "description": ".\n", + "type": "boolean" + }, + "scannedBy": { + "description": ".\n", + "type": "string" + }, + "stage": { + "description": ".\n", + "type": "string" + } + }, + "type": "object" + }, + "types.ImageAssetsSummary": { + "properties": { + "cloudProviders": { + "$ref": "#/components/schemas/types.CloudProviders" + }, + "stages": { + "$ref": "#/components/schemas/types.Stages" + }, + "vulnerable": { + "description": "Vulnerable is the number of images with impactful vulnerabilities.\n", + "type": "integer" + } + }, + "type": "object" + }, + "types.ImageScanOptions": { + "description": "ImageScanOptions holds the options for image scanning", + "properties": { + "hostname": { + "description": "Hostname is the optional host name to scan.\n", + "type": "string" + }, + "imageTag": { + "$ref": "#/components/schemas/shared.ImageTag" + } + }, + "type": "object" + }, + "types.ImpactedContainer": { + "description": "ImpactedContainer contains details of a running container with an impacted image", + "properties": { + "container": { + "description": ".\n", + "type": "string" + }, + "factors": { + "$ref": "#/components/schemas/types.RiskScoreFactors" + }, + "host": { + "description": ".\n", + "type": "string" + }, + "image": { + "description": ".\n", + "type": "string" + }, + "imageID": { + "description": ".\n", + "type": "string" + }, + "namespace": { + "description": ".\n", + "type": "string" + } + }, + "type": "object" + }, + "types.ImpactedOutOfBandEntity": { + "description": "ImpactedOutOfBandEntity holds the info of an impacted out of band entity", + "properties": { + "containerName": { + "description": "ContainerName is the name of the container or empty for host.\n", + "type": "string" + }, + "hostname": { + "description": "Hostname is the name of the host that was scanned or host on which the container is deployed.\n", + "type": "string" + }, + "image": { + "description": "Image is the image name of the container or empty for host.\n", + "type": "string" + } + }, + "type": "object" + }, + "types.ImpactedPackage": { + "description": "ImpactedPackage holds the vulnerability details for a package", + "properties": { + "cvss": { + "description": "CVSS is the vulnerability cvss score for this package.\n", + "format": "float", + "type": "number" + }, + "package": { + "description": "Package is the impacted package name and version.\n", + "type": "string" + }, + "severity": { + "description": "Severity is the vulnerability severity for this package.\n", + "type": "string" + } + }, + "type": "object" + }, + "types.ImpactedResourceDetails": { + "description": "ImpactedResourceDetails holds the vulnerability details for a specific impacted resource", + "properties": { + "containers": { + "description": "Containers are the running containers of this image found in the environment.\n", + "items": { + "$ref": "#/components/schemas/types.ImpactedContainer" + }, + "type": "array" + }, + "functionDetails": { + "description": "FunctionDetails is a formatted string holding function details.\n", + "type": "string" + }, + "packages": { + "description": "Packages holds vulnerability details per impacted package found in this resource.\n", + "items": { + "$ref": "#/components/schemas/types.ImpactedPackage" + }, + "type": "array" + }, + "resourceID": { + "description": "ResourceID is a resource identifier (e.g. image ID, hostname).\n", + "type": "string" + } + }, + "type": "object" + }, + "types.IntelligenceStatus": { + "description": "IntelligenceStatus stores the status on the intelligence service", + "properties": { + "connected": { + "description": ".\n", + "type": "boolean" + }, + "err": { + "description": ".\n", + "type": "string" + }, + "lastUpdate": { + "description": ".\n", + "format": "date-time", + "type": "string" + }, + "modified": { + "description": ".\n", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "types.IssueType": { + "description": "IssueType is used to filter scan results by issue type", + "enum": [ + [ + "vulnerabilities", + "compliance", + "" + ] + ], + "type": "string" + }, + "types.LatestVersion": { + "description": "LatestVersion represents the latest remote product version", + "properties": { + "latestVersion": { + "description": "LatestVersion is the latest official product version.\n", + "type": "string" + } + }, + "type": "object" + }, + "types.LicenseStats": { + "description": "LicenseStats holds the console license stats", + "properties": { + "avg": { + "description": "Avg is the average number of credits.\n", + "format": "double", + "type": "number" + }, + "containerDefenders": { + "description": "ContainerDefenders is the total number of container defenders.\n", + "type": "integer" + }, + "dailySamplesDefenders": { + "description": "DailySamplesDefenders holds the last 30 daily credits averages.\n", + "items": { + "$ref": "#/components/schemas/float64" + }, + "type": "array" + }, + "exceeded": { + "description": "Exceeded indicates the number of credits exceeded license.\n", + "type": "boolean" + }, + "hostDefenders": { + "description": "HostDefenders is the total number of host defenders.\n", + "type": "integer" + }, + "hourAvg": { + "description": "HourAvg is the average number of credits per hour.\n", + "format": "double", + "type": "number" + }, + "hourSamples": { + "description": "HourSamples is the number of hourly samples collected.\n", + "format": "double", + "type": "number" + }, + "monthlyUsage": { + "description": "MonthlyUsage holds the last 24 monthly usage averages.\n", + "items": { + "$ref": "#/components/schemas/types.AllDefendersUsage" + }, + "type": "array" + }, + "msg": { + "description": "Msg is the license exceeded error/warning message to show.\n", + "type": "string" + }, + "onDemandCredits": { + "description": "OnDemandCredits is the number of on demand credits used during the current contract.\n", + "type": "integer" + }, + "protectedFunctions": { + "description": "ProtectedFunctions is the number of serverless functions that have a defender installed.\n", + "format": "double", + "type": "number" + }, + "scannedFunctions": { + "description": "ScannedFunctions is the number functions being scanned for vulnerabilities and compliance issues without a defender installed.\n", + "format": "double", + "type": "number" + }, + "serverlessTimestamp": { + "description": "ServerlessTimestamp is the timestamp for the last serverless credit calculation.\n", + "format": "date-time", + "type": "string" + }, + "timestamp": { + "description": "Timestamp is the last collection timestamp.\n", + "format": "date-time", + "type": "string" + }, + "totalCreditUsage": { + "description": "TotalCreditUsage is the total amount of credits used from the beginning of the current contract.\n", + "type": "integer" + } + }, + "type": "object" + }, + "types.LogUploadResponse": { + "description": "LogUploadResponse returns the result of uploading a file to the intelligence", + "properties": { + "remotePath": { + "description": "Path returned by the intelligence.\n", + "type": "string" + } + }, + "type": "object" + }, + "types.LogonSettings": { + "description": "LogonSettings are settings associated with the login properties", + "properties": { + "basicAuthDisabled": { + "description": "Indicates whether the user can use basic auth.\n", + "type": "boolean" + }, + "includeTLS": { + "description": "IncludeTLS indicates that TLS checks should be included in copy links.\n", + "type": "boolean" + }, + "sessionTimeoutSec": { + "description": "SessionTimeoutSec defines the session timeout in seconds.\n", + "format": "int64", + "type": "integer" + }, + "strongPassword": { + "description": "StrongPassword indicates whether strong password enforcement is applied.\n", + "type": "boolean" + }, + "useSupportCredentials": { + "description": "UseSupportCredentials indicates whether to include credentials in the URL.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "types.MgmtAuditFilters": { + "description": "MgmtAuditFilters are filters for management audit queries", + "properties": { + "type": { + "description": "Type is the management audit type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "username": { + "description": "Usernames is a filter for specific users.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + "type": "object" + }, + "types.NetworkFirewallStats": { + "description": "NetworkFirewallStats stores the total amount of network firewall audits", + "properties": { + "alerted": { + "description": ".\n", + "type": "integer" + }, + "blocked": { + "description": ".\n", + "type": "integer" + } + }, + "type": "object" + }, + "types.OperationalStatusDetail": { + "properties": { + "reason": { + "description": ".\n", + "type": "string" + }, + "title": { + "description": ".\n", + "type": "string" + } + }, + "type": "object" + }, + "types.ProfileStateUpdate": { + "description": "ProfileStateUpdate is the request for updating profile state", + "properties": { + "profileID": { + "description": "ID is the profile ID to relearn.\n", + "type": "string" + }, + "state": { + "$ref": "#/components/schemas/shared.RuntimeProfileState" + } + }, + "type": "object" + }, + "types.Project": { + "description": "Project represent the project details", + "properties": { + "_id": { + "description": "ID is the project name (primary index).\n", + "type": "string" + }, + "address": { + "description": "Address is the project address.\n", + "type": "string" + }, + "ca": { + "description": "CACertificate is the remote console CA certificate.\n", + "items": { + "$ref": "#/components/schemas/byte" + }, + "type": "array" + }, + "creationTime": { + "description": "CreationTime is the remote project creation time.\n", + "format": "date-time", + "type": "string" + }, + "err": { + "description": "Err are errors that happened during project synchronization / setup.\n", + "type": "string" + }, + "password": { + "$ref": "#/components/schemas/common.Secret" + }, + "skipCertificateVerification": { + "description": "SkipCertificateVerification indicates that the connection to the secondary project is done on insecure channel, this is used when secondary\nproject is behind a proxy or when customer is using custom certs.\n", + "type": "boolean" + }, + "username": { + "description": "Username is the remote project username.\n", + "type": "string" + } + }, + "type": "object" + }, + "types.ProjectCredentials": { + "description": "ProjectCredentials are the supervisor project credentials", + "properties": { + "password": { + "description": "Password is the password used for the deleted project access.\n", + "type": "string" + }, + "user": { + "description": "User is the user used for the deleted project access.\n", + "type": "string" + } + }, + "type": "object" + }, + "types.RegistryWebhookRequest": { + "description": "RegistryWebhookRequest is a registry scanning webhook request.\nSchema supports multiple webhook providers:\nhttps://docs.docker.com/docker-hub/webhooks/\nhttps://docs.docker.com/registry/notifications/", + "properties": { + "action": { + "description": "Action is the webhook action.\n", + "type": "string" + }, + "artifactory": { + "$ref": "#/components/schemas/types.ArtifactoryWebhookRequest" + }, + "domain": { + "description": "Domain indicates the artifactory webhook domain (e.g., artifact, docker, build, etc). Used to avoid filter docker events.\n", + "type": "string" + }, + "event_type": { + "description": "EventType is the artifactory webhook action performed (e.g., push).\n", + "type": "string" + }, + "type": { + "description": "Type is the event type (Harbor registry).\n", + "type": "string" + } + }, + "type": "object" + }, + "types.RelatedImage": { + "properties": { + "name": { + "description": ".\n", + "type": "string" + }, + "scanStatus": { + "description": ".\n", + "type": "boolean" + }, + "uaiID": { + "description": ".\n", + "type": "string" + } + }, + "type": "object" + }, + "types.RelatedImages": { + "properties": { + "build": { + "description": ".\n", + "items": { + "$ref": "#/components/schemas/types.RelatedImage" + }, + "type": "array" + }, + "deploy": { + "description": ".\n", + "items": { + "$ref": "#/components/schemas/types.RelatedImage" + }, + "type": "array" + }, + "run": { + "description": ".\n", + "items": { + "$ref": "#/components/schemas/types.RelatedImage" + }, + "type": "array" + } + }, + "type": "object" + }, + "types.ResourceVulnerabilityStats": { + "description": "ResourceVulnerabilityStats holds vulnerability stats of a single resource type", + "properties": { + "count": { + "description": "Count is the total number of vulnerabilities.\n", + "type": "integer" + }, + "cves": { + "$ref": "#/components/schemas/vuln.Distribution" + }, + "impacted": { + "$ref": "#/components/schemas/vuln.Distribution" + }, + "vulnerabilities": { + "description": "All resource vulnerabilities.\n", + "items": { + "$ref": "#/components/schemas/types.VulnerabilityInfo" + }, + "type": "array" + } + }, + "type": "object" + }, + "types.RiskScoreFactors": { + "description": "RiskScoreFactors holds factors used to calculate risk score", + "properties": { + "envVarSecrets": { + "description": "EnvVarSecrets indicates whether a container has access to secrets via environment variables.\n", + "type": "boolean" + }, + "hostAccess": { + "description": "HostAccess indicates whether a container has access to the host network or namespace.\n", + "type": "boolean" + }, + "internet": { + "description": "Internet indicates whether a container has internet access.\n", + "type": "boolean" + }, + "network": { + "description": "Network indicates whether a container is listening to ports.\n", + "type": "boolean" + }, + "noSecurityProfile": { + "description": "NoSecurityProfile indicates whether a container has security profile issue.\n", + "type": "boolean" + }, + "privilegedContainer": { + "description": "PrivilegedContainer indicates whether a container runs using the --privileged flag.\n", + "type": "boolean" + }, + "rootMount": { + "description": "RootMount indicates whether a container has access to the host file system using a root mount.\n", + "type": "boolean" + }, + "rootPrivilege": { + "description": "RootPrivilege indicates whether a container runs as root.\n", + "type": "boolean" + }, + "runtimeSocket": { + "description": "RuntimeSocket indicates whether a container has the runtime socket mounted.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "types.RuleComplianceStats": { + "description": "RuleComplianceStats holds data regarding applied compliance rule", + "properties": { + "failed": { + "description": "Failed is the count of the rule compliance IDs in resources.\n", + "type": "integer" + }, + "name": { + "description": "Name is the name of the applied rule.\n", + "type": "string" + }, + "policyType": { + "$ref": "#/components/schemas/common.PolicyType" + }, + "total": { + "description": "Total is the count of evaluations done by rule.\n", + "type": "integer" + } + }, + "type": "object" + }, + "types.RuntimeStats": { + "description": "RuntimeStats are stats for runtime flows (sum of audits per flow)", + "properties": { + "filesystem": { + "description": ".\n", + "type": "integer" + }, + "kubernetes": { + "description": ".\n", + "type": "integer" + }, + "network": { + "description": ".\n", + "type": "integer" + }, + "processes": { + "description": ".\n", + "type": "integer" + } + }, + "type": "object" + }, + "types.SecretsStatus": { + "description": "SecretsStatus holds the update status for the secrets", + "properties": { + "err": { + "description": ".\n", + "type": "string" + }, + "lastUpdate": { + "description": ".\n", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "types.SecurityAdvisorConfiguration": { + "description": "SecurityAdvisorConfiguration is the security configuration associated with security advisor", + "properties": { + "accountID": { + "description": "AccountID is the customer account ID.\n", + "type": "string" + }, + "apikey": { + "description": "APIKey is the security advisor secret.\n", + "type": "string" + }, + "findingsURL": { + "description": "FindingsURL is the url to which findings should be sent.\n", + "type": "string" + }, + "providerId": { + "description": "ProviderID is the id assigned to Twistlock.\n", + "type": "string" + }, + "tokenURL": { + "description": "TokenURL is the url from which token should be fetched.\n", + "type": "string" + } + }, + "type": "object" + }, + "types.SecurityAdvisorDashboardResp": { + "description": "SecurityAdvisorDashboardResp is the response to security advisor dashboard", + "properties": { + "url": { + "description": "URL is the console URL link.\n", + "type": "string" + } + }, + "type": "object" + }, + "types.SecurityAdvisorNotes": { + "description": "SecurityAdvisorNotes security advisor the security advisor finding metadata", + "properties": { + "changedSince": { + "description": "ChangedSince is the last time entries were modified.\n", + "type": "string" + } + }, + "type": "object" + }, + "types.ServerlessAutoDeploySpecStatus": { + "description": "ServerlessAutoDeploySpecStatus contains status for a particular serverless auto-deploy spec", + "properties": { + "defended": { + "description": "Defended is the number of already defended functions.\n", + "type": "integer" + }, + "discovered": { + "description": "Discovered is the number of functions to protect.\n", + "type": "integer" + }, + "name": { + "description": "Name is the spec name.\n", + "type": "string" + } + }, + "type": "object" + }, + "types.ServerlessAutoDeployStatus": { + "description": "ServerlessAutoDeployStatus is the status of the serverless auto-deploy scan", + "properties": { + "errors": { + "description": "Errors is the collection of errors for the auto-deploy scan.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "scanning": { + "description": "Scanning indicates whether scanning is running.\n", + "type": "boolean" + }, + "specs": { + "description": "Specs contains the status for each spec.\n", + "items": { + "$ref": "#/components/schemas/types.ServerlessAutoDeploySpecStatus" + }, + "type": "array" + } + }, + "type": "object" + }, + "types.ServerlessRadarStatus": { + "description": "ServerlessRadarStatus holds the status for serverless radar scans", + "properties": { + "err": { + "description": ".\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + "type": "object" + }, + "types.ServerlessUsage": { + "description": "ServerlessUsage holds the number of defenders, invocations and credits used for serverless defenders", + "properties": { + "creditCount": { + "description": "CreditCount is credits that was used for this defender type.\n", + "format": "double", + "type": "number" + }, + "defendersCount": { + "description": "DefendersCount is the number of defenders that was used for this defender type.\n", + "format": "double", + "type": "number" + }, + "protectedFunctions": { + "description": "ProtectedFunctions is the number of serverless functions that have a defender installed.\n", + "format": "double", + "type": "number" + }, + "scannedFunctions": { + "description": "ScannedFunctions is the number functions being scanned for vulnerabilities and compliance issues without a defender installed.\n", + "format": "double", + "type": "number" + } + }, + "type": "object" + }, + "types.Settings": { + "description": "Settings are the global system settings", + "properties": { + "WAASLogScrubbingSpecs": { + "$ref": "#/components/schemas/waas.SensitiveDataSpecs" + }, + "accessCaCert": { + "description": "AccessCACert is a custom CA certificate.\n", + "type": "string" + }, + "address": { + "description": "Address is the intelligence service address.\n", + "type": "string" + }, + "alerts": { + "$ref": "#/components/schemas/api.AlertSettings" + }, + "certSettings": { + "$ref": "#/components/schemas/types.CertSettings" + }, + "certificatePeriodDays": { + "description": "ClientCertificatePeriodDays is the certificates period in days of client certificates.\n", + "type": "integer" + }, + "checkRevocation": { + "description": "CheckRevocation indicates whether cert revocation status is required.\n", + "type": "boolean" + }, + "clusteredDB": { + "$ref": "#/components/schemas/clustereddb.Settings" + }, + "communicationPort": { + "description": "MgmtPortHTTP is the Console HTTP port.\n", + "type": "integer" + }, + "consoleCaCert": { + "description": "ConsoleCACert is a custom CA certificate for the console.\n", + "type": "string" + }, + "consoleCustomCert": { + "$ref": "#/components/schemas/common.Secret" + }, + "consoleNames": { + "description": "ConsoleNames is a list of names to use when generating the console SAN certificate.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "credentialsCountLimit": { + "description": "CredentialsCountLimit is the maximum amount of allowed credentials.\n", + "type": "integer" + }, + "csaAPairingSettings": { + "$ref": "#/components/schemas/types.CSAPairingSettings" + }, + "customEndpoint": { + "description": "CustomEndpoint is the user defined custom endpoint.\n", + "type": "string" + }, + "customEndpointCACert": { + "description": "CustomEndpointCACert is the custom CA cert bundle for trusting the custom endpoint.\n", + "type": "string" + }, + "customEndpointCredentialID": { + "description": "CustomEndpointCredentialID is the custom endpoint credential ID.\n", + "type": "string" + }, + "customEndpointEnabled": { + "description": "CustomEndpointEnabled indicates that the user custom endpoint is enabled.\n", + "type": "boolean" + }, + "customLabels": { + "$ref": "#/components/schemas/shared.CustomLabelsSettings" + }, + "defenderSettings": { + "$ref": "#/components/schemas/defender.Settings" + }, + "enabled": { + "description": "Enabled indicates whether intelligence service is enabled.\n", + "type": "boolean" + }, + "fipsEnabled": { + "description": "FIPSEnabled indicates whether FIPS-compliant cryptography is enforced.\n", + "type": "boolean" + }, + "forensic": { + "$ref": "#/components/schemas/shared.ForensicSettings" + }, + "hasAdmin": { + "description": "HasAdmin indicates whether the admin account is initialized.\n", + "type": "boolean" + }, + "hostAutoDeploy": { + "$ref": "#/components/schemas/shared.HostAutoDeploySpecifications" + }, + "hpkp": { + "$ref": "#/components/schemas/types.HPKPSettings" + }, + "identitySettings": { + "$ref": "#/components/schemas/identity.Settings" + }, + "ldapEnabled": { + "description": "LdapEnabled indicates whether ldap is enabled.\n", + "type": "boolean" + }, + "licenseKey": { + "description": "LicenseKey is the license key.\n", + "type": "string" + }, + "logging": { + "$ref": "#/components/schemas/shared.LoggingSettings" + }, + "logon": { + "$ref": "#/components/schemas/types.LogonSettings" + }, + "oauthEnabled": { + "description": "OauthEnabled indicates whether Oauth is enabled.\n", + "type": "boolean" + }, + "oidcEnabled": { + "description": "OidcEnabled indicates whether OpenID connect is enabled.\n", + "type": "boolean" + }, + "projects": { + "$ref": "#/components/schemas/api.ProjectSettings" + }, + "proxy": { + "$ref": "#/components/schemas/common.ProxySettings" + }, + "registry": { + "$ref": "#/components/schemas/shared.RegistrySettings" + }, + "runtimeSecretScrubbingSettings": { + "$ref": "#/components/schemas/shared.RuntimeSecretScrubbingSettings" + }, + "samlEnabled": { + "description": "SamlEnabled indicates whether saml is enabled.\n", + "type": "boolean" + }, + "scan": { + "$ref": "#/components/schemas/shared.ScanSettings" + }, + "secretsStores": { + "$ref": "#/components/schemas/shared.SecretsStores" + }, + "securedConsolePort": { + "description": "MgmtPortHTTPS is the Console HTTPS port.\n", + "type": "integer" + }, + "serverlessAutoDeploy": { + "$ref": "#/components/schemas/shared.ServerlessAutoDeploySpecifications" + }, + "tasDroplets": { + "description": "TASDropletsSpecification is the TAS droplets scanning settings.\n", + "items": { + "$ref": "#/components/schemas/shared.TASDropletSpecification" + }, + "type": "array" + }, + "telemetry": { + "$ref": "#/components/schemas/types.TelemetrySettings" + }, + "token": { + "description": "Token is the token used to access intelligence service.\n", + "type": "string" + }, + "trustedCerts": { + "description": "TrustedCerts is the list of trusted cert to allow in docker access scenarios.\n", + "items": { + "$ref": "#/components/schemas/shared.TrustedCertSignature" + }, + "type": "array" + }, + "trustedCertsEnabled": { + "description": "TrustedCertsEnabled indicates whether to enable the trusted certificate feature.\n", + "type": "boolean" + }, + "uploadDisabled": { + "description": "UploadDisabled indicates whether logs uploading is disabled.\n", + "type": "boolean" + }, + "version": { + "description": "Version is the current console version.\n", + "type": "string" + }, + "vms": { + "$ref": "#/components/schemas/shared.VMSpecifications" + }, + "webAppsDiscoverySettings": { + "$ref": "#/components/schemas/waas.WebAppsDiscoverySettings" + }, + "wildFireSettings": { + "$ref": "#/components/schemas/shared.WildFireSettings" + }, + "windowsFeedEnabled": { + "description": "WindowsFeedEnabled indicates whether windows feed is enabled.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "types.Stages": { + "properties": { + "build": { + "description": "Build is the count of CI scan.\n", + "type": "integer" + }, + "deploy": { + "description": "Deploy is the count of registry Images.\n", + "type": "integer" + }, + "run": { + "description": "Run is the count of deployed Images.\n", + "type": "integer" + } + }, + "type": "object" + }, + "types.Stats": { + "description": "Stats represents the status model that is stored in the DB", + "properties": { + "AgentlessAppFirewall": { + "$ref": "#/components/schemas/types.AppFirewallStats" + }, + "_id": { + "description": "ID is the metric type.\n", + "type": "string" + }, + "access": { + "$ref": "#/components/schemas/types.AccessStats" + }, + "appEmbeddedAppFirewall": { + "$ref": "#/components/schemas/types.AppFirewallStats" + }, + "container": { + "$ref": "#/components/schemas/types.RuntimeStats" + }, + "containerAppFirewall": { + "$ref": "#/components/schemas/types.AppFirewallStats" + }, + "containerNetworkFirewall": { + "$ref": "#/components/schemas/types.NetworkFirewallStats" + }, + "host": { + "$ref": "#/components/schemas/types.RuntimeStats" + }, + "hostAppFirewall": { + "$ref": "#/components/schemas/types.AppFirewallStats" + }, + "hostComplianceCount": { + "description": "HostComplianceCount is the host compliance count.\n", + "type": "integer" + }, + "hostNetworkFirewall": { + "$ref": "#/components/schemas/types.NetworkFirewallStats" + }, + "incidentsCount": { + "description": "IncidentsCount is the incidents count.\n", + "type": "integer" + }, + "serverless": { + "$ref": "#/components/schemas/types.RuntimeStats" + }, + "serverlessAppFirewall": { + "$ref": "#/components/schemas/types.AppFirewallStats" + }, + "time": { + "description": "UnixTimestamp is the unix timestamp.\n", + "format": "int64", + "type": "integer" + }, + "vulnerabilities": { + "$ref": "#/components/schemas/types.VulnerabilitiesStats" + } + }, + "type": "object" + }, + "types.Status": { + "description": "Status stores the status of a specific defender or for global features such as intelligence or LDAP", + "properties": { + "_id": { + "description": "ID is the defender identifier if the status is per defender or the type for global statuses.\n", + "type": "string" + }, + "appFirewall": { + "$ref": "#/components/schemas/defender.FeatureStatus" + }, + "container": { + "$ref": "#/components/schemas/defender.ScanStatus" + }, + "containerNetworkFirewall": { + "$ref": "#/components/schemas/defender.FeatureStatus" + }, + "features": { + "$ref": "#/components/schemas/defender.FeatureStatus" + }, + "filesystem": { + "$ref": "#/components/schemas/defender.FeatureStatus" + }, + "hostAutoDeploy": { + "$ref": "#/components/schemas/types.HostAutoDeployStatus" + }, + "hostCustomCompliance": { + "$ref": "#/components/schemas/defender.FeatureStatus" + }, + "hostNetworkFirewall": { + "$ref": "#/components/schemas/defender.FeatureStatus" + }, + "image": { + "$ref": "#/components/schemas/defender.ScanStatus" + }, + "intelligence": { + "$ref": "#/components/schemas/types.IntelligenceStatus" + }, + "lastModified": { + "description": "Datetime the status was last modified.\n", + "format": "date-time", + "type": "string" + }, + "network": { + "$ref": "#/components/schemas/defender.FeatureStatus" + }, + "outOfBandAppFirewall": { + "$ref": "#/components/schemas/defender.FeatureStatus" + }, + "process": { + "$ref": "#/components/schemas/defender.FeatureStatus" + }, + "runc": { + "$ref": "#/components/schemas/defender.FeatureStatus" + }, + "runtime": { + "$ref": "#/components/schemas/defender.FeatureStatus" + }, + "secrets": { + "$ref": "#/components/schemas/types.SecretsStatus" + }, + "serverlessAutoDeploy": { + "$ref": "#/components/schemas/types.ServerlessAutoDeployStatus" + }, + "serverlessRadar": { + "$ref": "#/components/schemas/types.ServerlessRadarStatus" + }, + "tasDroplets": { + "$ref": "#/components/schemas/defender.ScanStatus" + }, + "type": { + "$ref": "#/components/schemas/types.StatusType" + }, + "upgrade": { + "$ref": "#/components/schemas/defender.UpgradeStatus" + } + }, + "type": "object" + }, + "types.StatusType": { + "description": "StatusType holds the status of a given flow (defender/intelligence/etc...)\nTODO: Use type in shared.Status object", + "enum": [ + [ + "intelligence", + "secrets", + "serverlessRadar", + "serverlessAutoDeploy", + "hostAutoDeploy" + ] + ], + "type": "string" + }, + "types.Suggestions": { + "properties": { + "suggestions": { + "description": ".\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + "type": "object" + }, + "types.Tags": { + "properties": { + "endpoint_tags": { + "description": ".\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "server_tags": { + "description": ".\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + "type": "object" + }, + "types.TelemetrySettings": { + "description": "TelemetrySettings is the telemetry settings", + "properties": { + "enabled": { + "description": "Enabled determines whether the telemetry settings are enabled.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "types.Trends": { + "description": "Trends contains data on global trends in the system", + "properties": { + "complianceTrend": { + "description": "ComplianceTrend represents the compliance trend.\n", + "items": { + "$ref": "#/components/schemas/types.ComplianceDailyStats" + }, + "type": "array" + }, + "defendersSummary": { + "additionalProperties": { + "$ref": "#/components/schemas/int" + }, + "description": "DefendersSummary represents the defenders count of each category.\n", + "type": "object" + }, + "vulnerabilitySummary": { + "$ref": "#/components/schemas/types.VulnerabilitySummary" + } + }, + "type": "object" + }, + "types.UserCollection": { + "description": "UserCollection holds general collection properties that are accessible to all users", + "properties": { + "color": { + "$ref": "#/components/schemas/common.Color" + }, + "name": { + "description": "Unique name associated with this collection.\n", + "type": "string" + } + }, + "type": "object" + }, + "types.UserPassword": { + "description": "UserPassword represents a new user password", + "properties": { + "newPassword": { + "description": "New password to assign to the user who is invoking the API.\n", + "type": "string" + }, + "oldPassword": { + "description": "User's existing password to replace.\n", + "type": "string" + } + }, + "type": "object" + }, + "types.UserPreferences": { + "description": "UserPreferences are the user global project reference that are persistent between versions", + "properties": { + "_id": { + "description": "User is the user name.\n", + "type": "string" + }, + "hideGuidedTour": { + "description": "HideGuidedTour indicates that guided tour should be hidden.\n", + "type": "boolean" + }, + "hideProjectDialog": { + "description": "HideProjectsDialog indicates the initial project selection dialog should be hidden.\n", + "type": "boolean" + }, + "waasRulesNotificationDismissed": { + "description": "WaasRulesNotificationDismiss indicates the time the user dismissed the waas added rules top bar.\n", + "format": "int64", + "type": "integer" + } + }, + "type": "object" + }, + "types.UserProject": { + "description": "UserProject holds general project properties that are accessible to all users", + "properties": { + "_id": { + "description": "ID is the project id.\n", + "type": "string" + }, + "address": { + "description": "Address is project address.\n", + "type": "string" + }, + "connected": { + "description": "Connected indicates if the project is currently disconnected due to an error.\n", + "type": "boolean" + }, + "creationTime": { + "description": "CreationTime is the project creation time.\n", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "types.VulnImpactedResources": { + "description": "VulnImpactedResources holds details about the resources impacted by vulnerability", + "properties": { + "_id": { + "description": "ID is the CVE ID (index for the impacted resources).\n", + "type": "string" + }, + "functions": { + "description": "Functions is a map between function id to its details.\n", + "items": { + "$ref": "#/components/schemas/types.ImpactedResourceDetails" + }, + "type": "array" + }, + "functionsCount": { + "description": "FunctionsCount is the total impacted functions count.\n", + "type": "integer" + }, + "hosts": { + "description": "Hosts is the list of impacted hosts.\n", + "items": { + "$ref": "#/components/schemas/types.ImpactedResourceDetails" + }, + "type": "array" + }, + "hostsCount": { + "description": "HostsCount is the total impacted hosts count.\n", + "type": "integer" + }, + "images": { + "description": "Images is the list of impacted hosts.\n", + "items": { + "$ref": "#/components/schemas/types.ImpactedResourceDetails" + }, + "type": "array" + }, + "imagesCount": { + "description": "ImagesCount is the total impacted images count.\n", + "type": "integer" + }, + "registryImages": { + "description": "RegistryImages is a list of impacted registry images.\n", + "items": { + "$ref": "#/components/schemas/types.ImpactedResourceDetails" + }, + "type": "array" + }, + "registryImagesCount": { + "description": "RegistryImagesCount is the total impacted registry images count.\n", + "type": "integer" + } + }, + "type": "object" + }, + "types.VulnSummary": { + "properties": { + "highestCVSSScore": { + "description": ".\n", + "format": "float", + "type": "number" + }, + "vulnFunnel": { + "$ref": "#/components/schemas/vuln.Funnel" + } + }, + "type": "object" + }, + "types.VulnerabilitiesStats": { + "description": "VulnerabilitiesStats are measures the total number of vulnerabilities in a specific images", + "properties": { + "containerCompliance": { + "description": "ContainerCompliance is the sum of all compliance issues for all running containers.\n", + "type": "integer" + }, + "imageCompliance": { + "description": "ImageCompliance is the sum of all compliance issues of all running images.\n", + "type": "integer" + }, + "imageCve": { + "description": "ImageCVE is the sum of cve vulnerabilities of all running images.\n", + "type": "integer" + } + }, + "type": "object" + }, + "types.VulnerabilityInfo": { + "description": "VulnerabilityInfo holds information about vulnerability used for VulnerabilityExplorer", + "properties": { + "cve": { + "description": "CVE ID.\n", + "type": "string" + }, + "description": { + "description": "Vulnerability description.\n", + "type": "string" + }, + "exploits": { + "$ref": "#/components/schemas/vulnerability.Exploits" + }, + "highestCVSS": { + "description": "HighestCVSS is the highest CVSS score of the vulnerability.\n", + "format": "float", + "type": "number" + }, + "highestRiskFactors": { + "$ref": "#/components/schemas/types.RiskScoreFactors" + }, + "highestSeverity": { + "description": "HighestSeverity is the highest severity of the vulnerability.\n", + "type": "string" + }, + "impactedPkgs": { + "description": "Packages impacted by the vulnerability.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "impactedResourceType": { + "$ref": "#/components/schemas/vuln.ResourceType" + }, + "impactedResourcesCnt": { + "description": "Number of resources impacted by this vulnerability.\n", + "type": "integer" + }, + "link": { + "description": "Link to CVE.\n", + "type": "string" + }, + "riskFactors": { + "$ref": "#/components/schemas/vulnerability.RiskFactors" + }, + "riskScore": { + "description": "Risk score.\n", + "format": "float", + "type": "number" + }, + "status": { + "description": "CVE status.\n", + "type": "string" + } + }, + "type": "object" + }, + "types.VulnerabilityStats": { + "description": "VulnerabilityStats holds statistics about vulnerabilities issues", + "properties": { + "_id": { + "description": "ID of the vulnerability stats.\n", + "type": "string" + }, + "containers": { + "$ref": "#/components/schemas/types.ResourceVulnerabilityStats" + }, + "functions": { + "$ref": "#/components/schemas/types.ResourceVulnerabilityStats" + }, + "hosts": { + "$ref": "#/components/schemas/types.ResourceVulnerabilityStats" + }, + "images": { + "$ref": "#/components/schemas/types.ResourceVulnerabilityStats" + }, + "modified": { + "description": "Date/time when the entity was modified.\n", + "format": "date-time", + "type": "string" + }, + "registryImages": { + "$ref": "#/components/schemas/types.ResourceVulnerabilityStats" + } + }, + "type": "object" + }, + "types.VulnerabilitySummary": { + "description": "VulnerabilitySummary represents the stats of each impacted entity", + "properties": { + "containers": { + "$ref": "#/components/schemas/vuln.Distribution" + }, + "functions": { + "$ref": "#/components/schemas/vuln.Distribution" + }, + "hosts": { + "$ref": "#/components/schemas/vuln.Distribution" + }, + "images": { + "$ref": "#/components/schemas/vuln.Distribution" + }, + "registryImages": { + "$ref": "#/components/schemas/vuln.Distribution" + } + }, + "type": "object" + }, + "types.XSOARAlerts": { + "description": "XSOARAlerts is a list of XSOAR alerts", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "uint": { + "type": "integer" + }, + "uint32": { + "type": "integer" + }, + "uint64": { + "type": "integer" + }, + "uint8": { + "type": "integer" + }, + "vuln.AllCompliance": { + "description": "AllCompliance contains data regarding passed compliance checks", + "properties": { + "compliance": { + "description": "Compliance are all the passed compliance checks.\n", + "items": { + "$ref": "#/components/schemas/vuln.Vulnerability" + }, + "type": "array" + }, + "enabled": { + "description": "Enabled indicates whether passed compliance checks is enabled by policy.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "vuln.Application": { + "description": "Application represents a detected application", + "properties": { + "installedFromPackage": { + "description": "Indicates that the app was installed as an OS package.\n", + "type": "boolean" + }, + "knownVulnerabilities": { + "description": "Total number of vulnerabilities for this application.\n", + "type": "integer" + }, + "layerTime": { + "description": "Image layer to which the application belongs - layer creation time.\n", + "format": "int64", + "type": "integer" + }, + "name": { + "description": "Name of the application.\n", + "type": "string" + }, + "originPackageName": { + "description": "OriginPackageName is the name of the app origin package.\n", + "type": "string" + }, + "path": { + "description": "Path of the detected application.\n", + "type": "string" + }, + "rpmModule": { + "description": "RPMModule represents the RPM module in which this application is included.\n", + "type": "string" + }, + "service": { + "description": "Service indicates whether the application is installed as a service.\n", + "type": "boolean" + }, + "version": { + "description": "Version of the application.\n", + "type": "string" + } + }, + "type": "object" + }, + "vuln.ComplianceCategory": { + "description": "ComplianceCategory represents the compliance category", + "enum": [ + [ + "Docker", + "Docker (DISA STIG)", + "Twistlock Labs", + "Custom", + "Istio", + "Linux", + "Kubernetes", + "CRI", + "OpenShift", + "Application Control", + "GKE", + "Prisma Cloud Labs", + "EKS", + "AKS" + ] + ], + "type": "string" + }, + "vuln.ComplianceTemplate": { + "description": "ComplianceTemplate represents the compliance template", + "enum": [ + [ + "PCI", + "HIPAA", + "NIST SP 800-190", + "GDPR", + "DISA STIG" + ] + ], + "type": "string" + }, + "vuln.Condition": { + "description": "Condition are extended options for vulnerability assessment in authorization flows", + "properties": { + "block": { + "description": "Specifies the effect. If true, the effect is block.\n", + "type": "boolean" + }, + "id": { + "description": "Vulnerability ID.\n", + "type": "integer" + } + }, + "type": "object" + }, + "vuln.CustomVulnerabilities": { + "description": "CustomVulnerabilities is a collection of custom vulnerabilities\nTBD: this storage usage is not best practice, should be migrate to a 1 document per vulnerability", + "properties": { + "_id": { + "description": "ID is the custom vulnerabilities feed ID.\n", + "type": "string" + }, + "digest": { + "description": "Digest is the internal custom vulnerabilities feed digest.\n", + "type": "string" + }, + "rules": { + "description": "Rules is the list of custom vulnerabilities rules.\n", + "items": { + "$ref": "#/components/schemas/vuln.CustomVulnerability" + }, + "type": "array" + } + }, + "type": "object" + }, + "vuln.CustomVulnerability": { + "description": "CustomVulnerability is a user customized vulnerability", + "properties": { + "_id": { + "description": ".\n", + "type": "string" + }, + "maxVersionInclusive": { + "description": ".\n", + "type": "string" + }, + "md5": { + "description": ".\n", + "type": "string" + }, + "minVersionInclusive": { + "description": ".\n", + "type": "string" + }, + "name": { + "description": ".\n", + "type": "string" + }, + "package": { + "description": ".\n", + "type": "string" + }, + "type": { + "$ref": "#/components/schemas/packages.Type" + } + }, + "type": "object" + }, + "vuln.Distribution": { + "description": "Distribution counts the number of vulnerabilities per type", + "properties": { + "critical": { + "description": ".\n", + "type": "integer" + }, + "high": { + "description": ".\n", + "type": "integer" + }, + "low": { + "description": ".\n", + "type": "integer" + }, + "medium": { + "description": ".\n", + "type": "integer" + }, + "total": { + "description": ".\n", + "type": "integer" + } + }, + "type": "object" + }, + "vuln.Effect": { + "description": "Effect specifies relevant action for a vulnerability", + "enum": [ + [ + "ignore", + "alert", + "block" + ] + ], + "type": "string" + }, + "vuln.ExpirationDate": { + "description": "ExpirationDate is the vulnerability expiration date", + "properties": { + "date": { + "description": "Date is the vulnerability expiration date.\n", + "format": "date-time", + "type": "string" + }, + "enabled": { + "description": "Enabled indicates that the grace period is enabled.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "vuln.Funnel": { + "description": "Funnel is the vulnerability funnel", + "properties": { + "exploitable": { + "description": ".\n", + "type": "integer" + }, + "packageInUse": { + "description": ".\n", + "type": "integer" + }, + "patchable": { + "description": ".\n", + "type": "integer" + }, + "total": { + "description": ".\n", + "type": "integer" + }, + "urgent": { + "description": "Urgent is the number of critical and high CVEs.\n", + "type": "integer" + } + }, + "type": "object" + }, + "vuln.ResourceType": { + "description": "ResourceType represents the resource type", + "enum": [ + [ + "container", + "image", + "host", + "istio", + "vm", + "function", + "registryImage" + ] + ], + "type": "string" + }, + "vuln.Secret": { + "description": "Secret represents a secret found on the scanned workload", + "properties": { + "group": { + "description": "Group is a group name or ID of owner the file metadata containing the secret.\n", + "type": "string" + }, + "locationInFile": { + "description": "LocationInFile is the line and offset in the file where the secret was found.\n", + "type": "string" + }, + "metadataModifiedTime": { + "description": "MetadataModifiedTime is the modification time of the file metadata containing the secret.\n", + "format": "int64", + "type": "integer" + }, + "modifiedTime": { + "description": "ModifiedTime is the modification time of the file containing the secret.\n", + "format": "int64", + "type": "integer" + }, + "originalFileLocation": { + "description": ".\n", + "type": "string" + }, + "path": { + "description": "Path is the path of the file in which the secret was found.\n", + "type": "string" + }, + "permissions": { + "description": "Permissions are permission bits of the file metadata containing the secret.\n", + "type": "string" + }, + "secretID": { + "description": "SecretID is the SHA1 of the secret content.\n", + "type": "string" + }, + "size": { + "description": "Size is the size in bytes of the file in which the secret was found.\n", + "format": "int64", + "type": "integer" + }, + "snippet": { + "description": "Snippet is the partial plain secret.\n", + "type": "string" + }, + "type": { + "$ref": "#/components/schemas/vuln.SecretType" + }, + "user": { + "description": "User is a username or ID of owner the file metadata containing the secret.\n", + "type": "string" + } + }, + "type": "object" + }, + "vuln.SecretType": { + "description": "SecretType represents a secret type", + "enum": [ + [ + "AWS Access Key ID", + "AWS Secret Key", + "AWS MWS Auth Token", + "Azure Storage Account Access Key", + "Azure Service Principal", + "GCP Service Account Auth Key", + "Private Encryption Key", + "Public Encryption Key", + "PEM X509 Certificate Header", + "SSH Authorized Keys", + "Artifactory API Token", + "Artifactory Password", + "Basic Auth Credentials", + "Mailchimp Access Key", + "NPM Token", + "Slack Token", + "Slack Webhook", + "Square OAuth Secret", + "Notion Integration Token", + "Airtable API Key", + "Atlassian Oauth2 Keys", + "CircleCI Personal Token", + "Databricks Authentication Token", + "GitHub Token", + "GitLab Token", + "Google API key", + "Grafana Token", + "Python Package Index Key (PYPI)", + "Typeform API Token", + "Scalr Token", + "Braintree Access Token", + "Braintree Payments Key", + "Paypal Token Key", + "Braintree Payments ID", + "Datadog Client Token", + "ClickUp Personal API Token", + "OpenAI API Key", + "Java DB Connectivity (JDBC)", + "MongoDB", + ".Net SQL Server" + ] + ], + "type": "string" + }, + "vuln.TagInfo": { + "description": "TagInfo is the tag info in a specific vulnerability context", + "properties": { + "color": { + "$ref": "#/components/schemas/common.Color" + }, + "comment": { + "description": "Tag comment in a specific vulnerability context.\n", + "type": "string" + }, + "name": { + "description": "Name of the tag.\n", + "type": "string" + } + }, + "type": "object" + }, + "vuln.TagType": { + "description": "TagType specifies the resource type for tagging where the vulnerability is found. Use the wildcard `*` to apply the tag to all the resource types where the vulnerability is found", + "enum": [ + [ + "image", + "host", + "function", + "" + ] + ], + "type": "string" + }, + "vuln.Vulnerability": { + "description": "Vulnerability is a general schema for vulnerabilities (e.g., for compliance or packages)", + "properties": { + "applicableRules": { + "description": "Rules applied on the package.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "binaryPkgs": { + "description": "Names of the distro binary package names (packages which are built from the source of the package).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "block": { + "description": "Indicates if the vulnerability has a block effect (true) or not (false).\n", + "type": "boolean" + }, + "cause": { + "description": "Additional information regarding the root cause for the vulnerability.\n", + "type": "string" + }, + "cri": { + "description": "Indicates if this is a CRI-specific vulnerability (true) or not (false).\n", + "type": "boolean" + }, + "custom": { + "description": "Indicates if the vulnerability is a custom vulnerability (e.g., openscap, sandbox) (true) or not (false).\n", + "type": "boolean" + }, + "cve": { + "description": "CVE ID of the vulnerability (if applied).\n", + "type": "string" + }, + "cvss": { + "description": "CVSS score of the vulnerability.\n", + "format": "float", + "type": "number" + }, + "description": { + "description": "Description of the vulnerability.\n", + "type": "string" + }, + "discovered": { + "description": "Specifies the time of discovery for the vulnerability.\n", + "format": "date-time", + "type": "string" + }, + "exploit": { + "$ref": "#/components/schemas/vulnerability.ExploitType" + }, + "exploits": { + "$ref": "#/components/schemas/vulnerability.Exploits" + }, + "fixDate": { + "description": "Date/time when the vulnerability was fixed (in Unix time).\n", + "format": "int64", + "type": "integer" + }, + "fixLink": { + "description": "Link to the vendor's fixed-version information.\n", + "type": "string" + }, + "functionLayer": { + "description": "Specifies the serverless layer ID in which the vulnerability was discovered.\n", + "type": "string" + }, + "gracePeriodDays": { + "description": "Number of grace days left for a vulnerability, based on the configured grace period. Nil if no block vulnerability rule applies.\n", + "type": "integer" + }, + "id": { + "description": "ID of the violation.\n", + "type": "integer" + }, + "isRPMModule": { + "description": "IsRPMModule indicates whether this vulnerability is specific to an RPM module.\n", + "type": "boolean" + }, + "layerTime": { + "description": "Date/time of the image layer to which the CVE belongs.\n", + "format": "int64", + "type": "integer" + }, + "link": { + "description": "Vendor link to the CVE.\n", + "type": "string" + }, + "packageName": { + "description": "Name of the package that caused the vulnerability.\n", + "type": "string" + }, + "packageType": { + "$ref": "#/components/schemas/packages.Type" + }, + "packageVersion": { + "description": "Version of the package that caused the vulnerability (or null).\n", + "type": "string" + }, + "published": { + "description": "Date/time when the vulnerability was published (in Unix time).\n", + "format": "int64", + "type": "integer" + }, + "riskFactors": { + "$ref": "#/components/schemas/vulnerability.RiskFactors" + }, + "rpmModule": { + "description": "RPMModule specifies the RPM module containing the package affected by this vulnerability.\n", + "type": "string" + }, + "secret": { + "$ref": "#/components/schemas/vuln.Secret" + }, + "severity": { + "description": "Textual representation of the vulnerability's severity.\n", + "type": "string" + }, + "status": { + "description": "Vendor status for the vulnerability.\n", + "type": "string" + }, + "templates": { + "description": "List of templates with which the vulnerability is associated.\n", + "items": { + "$ref": "#/components/schemas/vuln.ComplianceTemplate" + }, + "type": "array" + }, + "text": { + "description": "Description of the violation.\n", + "type": "string" + }, + "title": { + "description": "Compliance title.\n", + "type": "string" + }, + "twistlock": { + "description": "Indicates if this is a Twistlock-specific vulnerability (true) or not (false).\n", + "type": "boolean" + }, + "type": { + "$ref": "#/components/schemas/vulnerability.Type" + }, + "vecStr": { + "description": "Textual representation of the metric values used to score the vulnerability.\n", + "type": "string" + }, + "vulnTagInfos": { + "description": "Tag information for the vulnerability.\n", + "items": { + "$ref": "#/components/schemas/vuln.TagInfo" + }, + "type": "array" + }, + "wildfireMalware": { + "$ref": "#/components/schemas/vuln.WildFireMalware" + } + }, + "type": "object" + }, + "vuln.WildFireMalware": { + "description": "WildFireMalware holds the data for WildFire malicious MD5", + "properties": { + "md5": { + "description": "MD5 is the hash of the malicious binary.\n", + "type": "string" + }, + "path": { + "description": "Path is the path to malicious binary.\n", + "type": "string" + }, + "verdict": { + "description": "Verdict is the malicious source like grayware, malware and phishing.\n", + "type": "string" + } + }, + "type": "object" + }, + "vulnerability.CPUArch": { + "description": "CPUArch represents the CPU architecture", + "type": "integer" + }, + "vulnerability.CPUArchs": { + "description": "CPUArchs represents list of cpu architectures", + "items": { + "$ref": "#/components/schemas/vulnerability.CPUArch" + }, + "type": "array" + }, + "vulnerability.CVEType": { + "description": "CVEType represents the type of a CVE", + "enum": [ + [ + "python", + "gem", + "nodejs", + "jar", + "package", + "product", + "app", + "go", + "nuget", + "osConditions", + "excludedCve" + ] + ], + "type": "string" + }, + "vulnerability.Conditions": { + "description": "Conditions represents a list of CVE rules (used to determine whether a CVE applies to a given package)", + "items": { + "$ref": "#/components/schemas/vulnerability.Rules" + }, + "type": "array" + }, + "vulnerability.CpeIDs": { + "items": { + "$ref": "#/components/schemas/uint32" + }, + "type": "array" + }, + "vulnerability.ExploitData": { + "description": "ExploitData holds information about an exploit", + "properties": { + "kind": { + "$ref": "#/components/schemas/vulnerability.ExploitKind" + }, + "link": { + "description": "Link is a link to information about the exploit.\n", + "type": "string" + }, + "source": { + "$ref": "#/components/schemas/vulnerability.ExploitType" + } + }, + "type": "object" + }, + "vulnerability.ExploitKind": { + "description": "ExploitKind represents the kind of the exploit", + "enum": [ + [ + "poc", + "in-the-wild" + ] + ], + "type": "string" + }, + "vulnerability.ExploitType": { + "description": "ExploitType represents the source of an exploit", + "enum": [ + [ + "", + "exploit-db", + "exploit-windows", + "cisa-kev" + ] + ], + "type": "string" + }, + "vulnerability.Exploits": { + "description": "Exploits represents the exploits data found for a CVE", + "items": { + "$ref": "#/components/schemas/vulnerability.ExploitData" + }, + "type": "array" + }, + "vulnerability.RHELCpeHashes": { + "description": "RHELCpeHashes represent the CPE hashes associated with a given Red Hat repository", + "items": { + "$ref": "#/components/schemas/uint32" + }, + "type": "array" + }, + "vulnerability.RiskFactor": { + "description": "RiskFactor represents a vulnerability risk factor, used in determining a vulnerability risk score", + "enum": [ + [ + "Critical severity", + "High severity", + "Medium severity", + "Has fix", + "Remote execution", + "DoS - Low", + "DoS - High", + "Recent vulnerability", + "Exploit exists - in the wild", + "Exploit exists - POC", + "Attack complexity: low", + "Attack vector: network", + "Reachable from the internet", + "Listening ports", + "Container is running as root", + "No mandatory security profile applied", + "Running as privileged container", + "Package in use", + "Sensitive information", + "Root mount", + "Runtime socket", + "Host access" + ] + ], + "type": "string" + }, + "vulnerability.RiskFactors": { + "additionalProperties": { + "$ref": "#/components/schemas/string" + }, + "description": "RiskFactors maps the existence of vulnerability risk factors", + "type": "object" + }, + "vulnerability.Rules": { + "description": "Rules represents a list of CVE assessment rules (used to determine whether a CVE applies to a given package)", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "vulnerability.Symbols": { + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "vulnerability.Type": { + "description": "Type represents the vulnerability type", + "enum": [ + [ + "container", + "image", + "host_config", + "daemon_config", + "daemon_config_files", + "security_operations", + "k8s_master", + "k8s_worker", + "k8s_federation", + "linux", + "windows", + "istio", + "serverless", + "custom", + "docker_stig", + "openshift_master", + "openshift_worker", + "application_control_linux", + "gke_worker", + "image_malware", + "host_malware", + "aks_worker", + "eks_worker", + "image_secret", + "host_secret" + ] + ], + "type": "string" + }, + "waas.APIChangeDetails": { + "description": "APIChangeDetails contains the details of the API change", + "properties": { + "changeType": { + "$ref": "#/components/schemas/waas.APIChangesType" + }, + "date": { + "description": "Date is the change date.\n", + "format": "date-time", + "type": "string" + }, + "value": { + "description": "Value the value of the change - if applicable.\n", + "type": "string" + } + }, + "type": "object" + }, + "waas.APIChangesType": { + "description": "APIChangesType is used to represent the supported API changes types", + "type": "integer" + }, + "waas.APIProtectionStatus": { + "enum": [ + [ + "unprotected", + "monitored", + "protected" + ] + ], + "type": "string" + }, + "waas.APIRequest": { + "description": "APIRequest represents a single API request and its data", + "properties": { + "bodySchema": { + "$ref": "#/components/schemas/waas.BodySchema" + }, + "bodySchemaDiffExceededLimit": { + "description": "BodySchemaDiffExceededLimit is the date that the request body schema exceeded the size limit for finding body schema changes.\n", + "format": "date-time", + "type": "string" + }, + "clientTypes": { + "description": "ClientTypes are the client types used to access this path.\n", + "items": { + "$ref": "#/components/schemas/waas.ClientType" + }, + "type": "array" + }, + "contentType": { + "description": "ContentType is the request content type.\n", + "type": "string" + }, + "firstSeen": { + "description": "FirstSeen is the date when this path was first seen.\n", + "format": "date-time", + "type": "string" + }, + "hits": { + "description": "Hits are amount of hits on this path.\n", + "type": "integer" + }, + "lastChanged": { + "description": "LastChanged is the date when this path was last changed.\n", + "format": "date-time", + "type": "string" + }, + "lastSeen": { + "description": "LastSeen is the date when this path was last seen.\n", + "format": "date-time", + "type": "string" + }, + "method": { + "description": "Method is the HTTP method of the API request.\n", + "type": "string" + }, + "owaspAPIAttacks": { + "description": "OWASPAPIAttacks are the OWASP API Top10 attacks that were found on the API.\n", + "items": { + "$ref": "#/components/schemas/waas.OWASPAPITop10" + }, + "type": "array" + }, + "path": { + "description": "Path is the path of the API request.\n", + "type": "string" + }, + "protected": { + "description": "Protected indicates that the method+path are protected by WAAS API Protection.\n", + "type": "boolean" + }, + "public": { + "description": "Public indicates this path may be accessed from the internet.\n", + "type": "boolean" + }, + "queryParameters": { + "description": "QueryParameters are the query parameters of the API request.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "requestSizeDistribution": { + "$ref": "#/components/schemas/waas.SizeRangeDistribution" + }, + "requestSizeTotal": { + "description": "RequestSizeTotal is the total request body size.\n", + "type": "integer" + }, + "requiresAuthentication": { + "description": "RequiresAuthentication indicated this path requires authentication to access.\n", + "type": "boolean" + }, + "responseContentType": { + "description": "ResponseContentType is the response content type.\n", + "type": "string" + }, + "responseSensitiveData": { + "description": "ResponseSensitiveData indicated this path may be used with sensitive data attached in response.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "responseSizeDistribution": { + "$ref": "#/components/schemas/waas.SizeRangeDistribution" + }, + "responseSizeTotal": { + "description": "ResponseSizeTotal is the total response body size.\n", + "type": "integer" + }, + "sensitiveData": { + "description": "RequestSensitiveData indicated this path may be used with sensitive data attached in request.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "servers": { + "description": "Servers are the destination servers (including port and schema) of the API request.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "sourceIP": { + "description": "SourceIP is the source IP of the API request.\n", + "type": "string" + }, + "statusCodeDistribution": { + "$ref": "#/components/schemas/waas.StatusCodeDistribution" + } + }, + "type": "object" + }, + "waas.APISpec": { + "description": "APISpec is an API specification", + "properties": { + "description": { + "description": "Description of the app.\n", + "type": "string" + }, + "effect": { + "$ref": "#/components/schemas/waas.Effect" + }, + "endpoints": { + "description": "The app's endpoints.\n", + "items": { + "$ref": "#/components/schemas/waas.Endpoint" + }, + "type": "array" + }, + "fallbackEffect": { + "$ref": "#/components/schemas/waas.Effect" + }, + "paths": { + "description": "Paths of the API's endpoints.\n", + "items": { + "$ref": "#/components/schemas/waas.Path" + }, + "type": "array" + }, + "queryParamFallbackEffect": { + "$ref": "#/components/schemas/waas.Effect" + } + }, + "type": "object" + }, + "waas.APIStats": { + "description": "APIStats contains the API stats that occurred since the last stats dump", + "properties": { + "actionCounts": { + "$ref": "#/components/schemas/waas.ActionStats" + }, + "attackTypeStats": { + "$ref": "#/components/schemas/waas.AttackTypeStats" + }, + "blockedRequests": { + "description": "BlockedRequests is the number of blocked requests since last dump.\n", + "type": "integer" + }, + "forwardedRequests": { + "description": "ForwardedRequests is the number of forwarded requests since last dump.\n", + "type": "integer" + }, + "geoData": { + "$ref": "#/components/schemas/waas.GeoData" + }, + "inspectedBodyBytes": { + "description": "InspectedBodyBytes are the total request and response inspected body bytes.\n", + "type": "integer" + }, + "inspectionLimitExceeded": { + "description": "InspectionLimitExceeded is the total number of requests in which the body size exceeds inspection limit.\n", + "type": "integer" + }, + "interstitialPages": { + "description": "InterstitialPages is the number of interstitial pages served.\n", + "type": "integer" + }, + "lastErrs": { + "description": "LastErrs is the last errors that occurred, storing up to 20 errors.\n", + "items": { + "$ref": "#/components/schemas/waas.ReqErrorCtx" + }, + "type": "array" + }, + "maxRequestInspectionDuration": { + "description": "MaxRequestInspectionDuration is the maximum request inspection duration (time spent in waas until request was forwarded).\n", + "format": "int64", + "type": "integer" + }, + "maxResponseSizeBytes": { + "description": "MaxResponseSizeBytes contains the max response size.\n", + "type": "integer" + }, + "parsingErrs": { + "description": "ParsingErrs is a counter of the parsing errors that occurred.\n", + "type": "integer" + }, + "reCAPTCHAs": { + "description": "ReCAPTCHAs is the number of reCAPTCHA pages served.\n", + "type": "integer" + }, + "responseCodeStats": { + "$ref": "#/components/schemas/waas.ResponseCodeStats" + }, + "totalErrs": { + "description": "TotalErrs is a counter of the errors that occurred.\n", + "type": "integer" + }, + "totalForwardedRequestsDuration": { + "description": "TotalForwardedRequestsDuration is the total request duration for forwarded requests.\n", + "format": "int64", + "type": "integer" + }, + "totalRequestInspectionDuration": { + "description": "TotalRequestInspectionDuration is the total request inspection duration (time spent in waas until request was forwarded).\n", + "format": "int64", + "type": "integer" + }, + "totalRequests": { + "description": "TotalRequests is the number of incoming requests since last dump.\n", + "type": "integer" + }, + "totalResponseSizeBytes": { + "description": "TotalResponsesSizeBytes is the total APIs response size.\n", + "type": "integer" + }, + "totalTimeouts": { + "description": "TotalTimeouts is the number of timed out responses.\n", + "type": "integer" + } + }, + "type": "object" + }, + "waas.AccessControls": { + "description": "AccessControls contains the access controls config (e.g., denied/allowed sources)", + "properties": { + "alert": { + "description": "Alert are the denied sources for which we alert.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "allow": { + "description": "Allow are the allowed sources for which we don't alert or prevent.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "allowMode": { + "description": "AllowMode indicates allowlist (true) or denylist (false) mode.\n", + "type": "boolean" + }, + "enabled": { + "description": "Enabled indicates if access controls protection is enabled.\n", + "type": "boolean" + }, + "fallbackEffect": { + "$ref": "#/components/schemas/waas.Effect" + }, + "prevent": { + "description": "Prevent are the denied sources.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + "type": "object" + }, + "waas.ActionStats": { + "description": "ActionStats contains the WAAS action stats", + "properties": { + "alert": { + "description": "Alerts is the number of Alert actions.\n", + "type": "integer" + }, + "ban": { + "description": "Bans is the number of Ban actions.\n", + "type": "integer" + }, + "prevent": { + "description": "Prevents is the number of Prevent actions.\n", + "type": "integer" + }, + "reCAPTCHA": { + "description": "ReCAPTCHAs is the number of reCAPTCHA actions.\n", + "type": "integer" + } + }, + "type": "object" + }, + "waas.AgentlessPolicyState": { + "description": "AgentlessPolicyState is the state of the agentless policy", + "properties": { + "deletedRules": { + "description": "DeletedRules are rules that were deleted but their VPC deployments have not been terminated.\n", + "items": { + "$ref": "#/components/schemas/waas.Rule" + }, + "type": "array" + }, + "states": { + "description": "States are the VPC configuration states.\n", + "items": { + "$ref": "#/components/schemas/waas.VPCConfigState" + }, + "type": "array" + } + }, + "type": "object" + }, + "waas.AppProtectionStats": { + "description": "AppProtectionStats contains the app protection status statistics", + "properties": { + "protected": { + "description": "Protected indicates the amount of protected WAAS app entities (containers/hosts).\n", + "type": "integer" + }, + "unprotected": { + "description": "Unprotected indicates the amount of unprotected WAAS app entities (containers/hosts).\n", + "type": "integer" + } + }, + "type": "object" + }, + "waas.AppStats": { + "description": "AppStats contains the WAAS app policy statistics", + "properties": { + "accessControl": { + "description": "AccessControl is the total amount of apps with Access Control policy.\n", + "type": "integer" + }, + "bot": { + "description": "Bot is the total amount of apps with Bot Protection policy.\n", + "type": "integer" + }, + "customRulesEnabled": { + "description": "CustomRulesEnabled is the total amount of apps with Custom Rules enabled.\n", + "type": "integer" + }, + "dos": { + "description": "DoS is the total amount of apps with DoS Protection policy.\n", + "type": "integer" + }, + "waf": { + "description": "WAF is the total amount of apps with WAF policy.\n", + "type": "integer" + } + }, + "type": "object" + }, + "waas.ApplicationSpec": { + "description": "ApplicationSpec is an application of a firewall instance", + "properties": { + "apiSpec": { + "$ref": "#/components/schemas/waas.APISpec" + }, + "appID": { + "description": "Unique ID for the app.\n", + "type": "string" + }, + "attackTools": { + "$ref": "#/components/schemas/waas.ProtectionConfig" + }, + "autoApplyPatchesSpec": { + "$ref": "#/components/schemas/waas.AutoApplyPatchesSpec" + }, + "banDurationMinutes": { + "description": "Ban duration, in minutes.\n", + "type": "integer" + }, + "body": { + "$ref": "#/components/schemas/waas.BodyConfig" + }, + "botProtectionSpec": { + "$ref": "#/components/schemas/waas.BotProtectionSpec" + }, + "certificate": { + "$ref": "#/components/schemas/common.Secret" + }, + "clickjackingEnabled": { + "description": "Indicates whether clickjacking protection is enabled (true) or not (false).\n", + "type": "boolean" + }, + "cmdi": { + "$ref": "#/components/schemas/waas.ProtectionConfig" + }, + "codeInjection": { + "$ref": "#/components/schemas/waas.ProtectionConfig" + }, + "csrfEnabled": { + "description": "Indicates whether Cross-Site Request Forgery (CSRF) protection is enabled (true) or not (false).\n", + "type": "boolean" + }, + "customBlockResponse": { + "$ref": "#/components/schemas/waas.CustomBlockResponseConfig" + }, + "customRules": { + "description": "List of custom runtime rules.\n", + "items": { + "$ref": "#/components/schemas/customrules.Ref" + }, + "type": "array" + }, + "disableEventIDHeader": { + "description": "Indicates if event ID header should be attached to the response or not.\n", + "type": "boolean" + }, + "dosConfig": { + "$ref": "#/components/schemas/waas.DoSConfig" + }, + "headerSpecs": { + "description": "Configuration for inspecting HTTP headers.\n", + "items": { + "$ref": "#/components/schemas/waas.HeaderSpec" + }, + "type": "array" + }, + "intelGathering": { + "$ref": "#/components/schemas/waas.IntelGatheringConfig" + }, + "lfi": { + "$ref": "#/components/schemas/waas.ProtectionConfig" + }, + "malformedReq": { + "$ref": "#/components/schemas/waas.ProtectionConfig" + }, + "maliciousUpload": { + "$ref": "#/components/schemas/waas.MaliciousUploadConfig" + }, + "networkControls": { + "$ref": "#/components/schemas/waas.NetworkControls" + }, + "remoteHostForwarding": { + "$ref": "#/components/schemas/waas.RemoteHostForwardingConfig" + }, + "responseHeaderSpecs": { + "description": "Configuration for modifying HTTP response headers.\n", + "items": { + "$ref": "#/components/schemas/waas.ResponseHeaderSpec" + }, + "type": "array" + }, + "sessionCookieBan": { + "description": "Indicates if bans in this app are made by session cookie ID (true) or false (not).\n", + "type": "boolean" + }, + "sessionCookieEnabled": { + "description": "Indicates if session cookies are enabled (true) or not (false).\n", + "type": "boolean" + }, + "sessionCookieSameSite": { + "$ref": "#/components/schemas/waas.SameSite" + }, + "sessionCookieSecure": { + "description": "Indicates the Secure attribute of the session cookie.\n", + "type": "boolean" + }, + "shellshock": { + "$ref": "#/components/schemas/waas.ProtectionConfig" + }, + "sqli": { + "$ref": "#/components/schemas/waas.ProtectionConfig" + }, + "tlsConfig": { + "$ref": "#/components/schemas/waas.TLSConfig" + }, + "xss": { + "$ref": "#/components/schemas/waas.ProtectionConfig" + } + }, + "type": "object" + }, + "waas.AttackType": { + "description": "AttackType is the type of the attack", + "enum": [ + [ + "xss", + "sqli", + "cmdi", + "lfi", + "codeInjection", + "deniedIP", + "deniedCountry", + "header", + "violationsExceeded", + "attackTools", + "shellshock", + "disallowedFile", + "malformedRequest", + "inspectionLimitExceeded", + "informationLeak", + "unexpectedAPI", + "dos", + "searchEngineCrawler", + "businessAnalyticsBot", + "educationalBot", + "newsBot", + "financialBot", + "contentFeedClient", + "archivingBot", + "careerSearchBot", + "mediaSearchBot", + "genericBot", + "webAutomationTool", + "webScraper", + "apiLibrary", + "httpLibrary", + "sessionValidation", + "javascriptTimeout", + "missingCookie", + "browserImpersonation", + "botImpersonation", + "requestAnomalies", + "userDefinedBot", + "recaptchaRequired", + "recaptchaVerificationFailed", + "customRule", + "publicSensitiveDataWithoutAuthentication", + "publicSensitiveDataWithoutEncryption" + ] + ], + "type": "string" + }, + "waas.AttackTypeStats": { + "description": "AttackTypeStats are the WAAS attack type stats", + "properties": { + "accessControl": { + "description": "AccessControl is the count of access control attacks.\n", + "type": "integer" + }, + "apiProtection": { + "description": "APIProtection is the count of API Protection attacks.\n", + "type": "integer" + }, + "attackTools": { + "description": "AttackTools is the count of attack tool attacks.\n", + "type": "integer" + }, + "bots": { + "description": "Bots is the count of Bot attacks.\n", + "type": "integer" + }, + "cmdInjection": { + "description": "CMDInjection is the count of command injection attacks.\n", + "type": "integer" + }, + "codeInjection": { + "description": "CodeInjection is the count of code injection attacks.\n", + "type": "integer" + }, + "customRules": { + "description": "CustomRules is the count of attacks detected by custom rules.\n", + "type": "integer" + }, + "dos": { + "description": "DoS is the count of DoS attacks.\n", + "type": "integer" + }, + "lfi": { + "description": "LFI is the count of local file injection attacks.\n", + "type": "integer" + }, + "sqlInjection": { + "description": "SQLInjection is the count of SQL injection attacks.\n", + "type": "integer" + }, + "waf": { + "description": "WAF is the count of WAF protection attacks.\n", + "type": "integer" + }, + "xss": { + "description": "XSS is the count of XSS attacks.\n", + "type": "integer" + } + }, + "type": "object" + }, + "waas.AutoApplyPatchesSpec": { + "description": "AutoApplyPatchesSpec is the configuration for automation apply patches protection", + "properties": { + "effect": { + "$ref": "#/components/schemas/waas.Effect" + } + }, + "type": "object" + }, + "waas.BodyConfig": { + "description": "BodyConfig represents app configuration related to HTTP Body", + "properties": { + "inspectionLimitExceededEffect": { + "$ref": "#/components/schemas/waas.Effect" + }, + "inspectionSizeBytes": { + "description": "InspectionSizeBytes represents the max amount of data to inspect in request body.\n", + "type": "integer" + }, + "skip": { + "description": "Skip indicates that body inspection should be skipped.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "waas.BodySchema": { + "description": "BodySchema is the request's body schema", + "properties": { + "contentType": { + "description": "ContentType is the content type the schema represents.\n", + "type": "string" + }, + "head": { + "$ref": "#/components/schemas/waas.BodySchemaNode" + } + }, + "type": "object" + }, + "waas.BodySchemaChildren": { + "additionalProperties": { + "$ref": "#/components/schemas/waas.BodySchemaNode" + }, + "description": "BodySchemaChildren represents a set of body schema children, uniquely identified by the body field's name", + "type": "object" + }, + "waas.BodySchemaNode": { + "description": "BodySchemaNode represents a single body schema node", + "properties": { + "children": { + "$ref": "#/components/schemas/waas.BodySchemaChildren" + }, + "name": { + "description": "Name is the body schema item name (key for json, tag name for xml).\n", + "type": "string" + }, + "type": { + "$ref": "#/components/schemas/waas.ParamType" + } + }, + "type": "object" + }, + "waas.BotProtectionSpec": { + "description": "BotProtectionSpec is the bot protections spec", + "properties": { + "interstitialPage": { + "description": "Indicates if an interstitial page is served (true) or not (false).\n", + "type": "boolean" + }, + "jsInjectionSpec": { + "$ref": "#/components/schemas/waas.JSInjectionSpec" + }, + "knownBotProtectionsSpec": { + "$ref": "#/components/schemas/waas.KnownBotProtectionsSpec" + }, + "reCAPTCHASpec": { + "$ref": "#/components/schemas/waas.ReCAPTCHASpec" + }, + "sessionValidation": { + "$ref": "#/components/schemas/waas.Effect" + }, + "unknownBotProtectionSpec": { + "$ref": "#/components/schemas/waas.UnknownBotProtectionSpec" + }, + "userDefinedBots": { + "description": "Effects to perform when user-defined bots are detected.\n", + "items": { + "$ref": "#/components/schemas/waas.UserDefinedBot" + }, + "type": "array" + } + }, + "type": "object" + }, + "waas.CertificateMeta": { + "description": "CertificateMeta is the certificate metadata", + "properties": { + "issuerName": { + "description": "IssuerName is the certificate issuer common name.\n", + "type": "string" + }, + "notAfter": { + "description": "NotAfter is the time the certificate is not valid (expiry time).\n", + "format": "date-time", + "type": "string" + }, + "subjectName": { + "description": "SubjectName is the certificate subject common name.\n", + "type": "string" + } + }, + "type": "object" + }, + "waas.ClientType": { + "description": "ClientType is an HTTP client type", + "enum": [ + [ + "browser", + "mobile", + "httpLib", + "apiLib" + ] + ], + "type": "string" + }, + "waas.CustomBlockResponseConfig": { + "description": "CustomBlockResponseConfig is a custom block message config for a policy", + "properties": { + "body": { + "description": "Custom HTML for the block response.\n", + "type": "string" + }, + "code": { + "description": "Custom HTTP response code for the block response.\n", + "type": "integer" + }, + "enabled": { + "description": "Indicates if the custom block response is enabled (true) or not (false).\n", + "type": "boolean" + } + }, + "type": "object" + }, + "waas.CustomReCAPTCHAPageSpec": { + "description": "CustomReCAPTCHAPageSpec is the custom reCAPTCHA page spec", + "properties": { + "body": { + "description": "Custom HTML for the reCAPTCHA page.\n", + "type": "string" + }, + "enabled": { + "description": "Indicates if the custom reCAPTCHA page is enabled.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "waas.DailyStats": { + "description": "DailyStats represents the WAAS daily stats", + "properties": { + "_id": { + "description": "Date is date that the daily stats are relevant to.\n", + "type": "string" + }, + "actionStats": { + "$ref": "#/components/schemas/waas.ActionStats" + }, + "attackTypeStats": { + "$ref": "#/components/schemas/waas.AttackTypeStats" + }, + "geoData": { + "$ref": "#/components/schemas/waas.GeoData" + }, + "inspectedBytes": { + "description": "InspectedBytes is total amount body bytes inspected by WAAS.\n", + "type": "integer" + }, + "policyChangeCount": { + "description": "PolicyChangeCount is the amount of policy changes for this day.\n", + "type": "integer" + }, + "totalRequests": { + "description": "TotalRequests is the total request count.\n", + "type": "integer" + }, + "unprotectedAppsVulnStats": { + "$ref": "#/components/schemas/waas.UnprotectedAppsVulnStats" + } + }, + "type": "object" + }, + "waas.Dashboard": { + "description": "Dashboard contains the data of the WAAS Dashboard", + "properties": { + "appProtectionStats": { + "$ref": "#/components/schemas/waas.AppProtectionStats" + }, + "dailyStats": { + "description": "DailyStats are the WAAS daily stats.\n", + "items": { + "$ref": "#/components/schemas/waas.DailyStats" + }, + "type": "array" + }, + "insights": { + "description": "Insights are the current WAAS insights.\n", + "items": { + "$ref": "#/components/schemas/waas.Insight" + }, + "type": "array" + }, + "policyStats": { + "$ref": "#/components/schemas/waas.PolicyStats" + } + }, + "type": "object" + }, + "waas.DiscoveredAPI": { + "description": "DiscoveredAPI represents a single discovered API path+method information's", + "properties": { + "appID": { + "description": "AppID is the app ID.\n", + "type": "string" + }, + "clientTypes": { + "description": "ClientTypes are the client types used to access this path.\n", + "items": { + "$ref": "#/components/schemas/waas.ClientType" + }, + "type": "array" + }, + "firstSeen": { + "description": "FirstSeen is the date when this path was first seen.\n", + "format": "date-time", + "type": "string" + }, + "hits": { + "description": "Hits are amount of hits on this path.\n", + "type": "integer" + }, + "host": { + "description": "Host is the host seen for this API.\n", + "type": "string" + }, + "image": { + "description": "Image is the image names seen for this API.\n", + "type": "string" + }, + "lastChanged": { + "description": "LastChanged is the date when this path was last changed.\n", + "format": "date-time", + "type": "string" + }, + "lastSeen": { + "description": "LastSeen is the date when this path was last seen.\n", + "format": "date-time", + "type": "string" + }, + "lbWorkload": { + "description": "LBWorkload indicates if the API was discovered by a load balancer observer.\n", + "type": "boolean" + }, + "method": { + "description": "Method is the API method.\n", + "type": "string" + }, + "owaspAPIAttacks": { + "description": "OWASPAPIAttacks indicates whether OWASP API Top-10 attacks were found on the API.\n", + "type": "boolean" + }, + "path": { + "description": "Path is the API path.\n", + "type": "string" + }, + "protectionStatus": { + "$ref": "#/components/schemas/waas.APIProtectionStatus" + }, + "public": { + "description": "Public indicates this path may be accessed from the internet.\n", + "type": "boolean" + }, + "requiresAuthentication": { + "description": "RequiresAuthentication indicated this path requires authentication to access.\n", + "type": "boolean" + }, + "responseSensitiveData": { + "description": "ResponseSensitiveData indicated this path may be used with sensitive data attached in response.\n", + "type": "boolean" + }, + "riskFactors": { + "$ref": "#/components/schemas/vulnerability.RiskFactors" + }, + "riskScore": { + "description": "RiskScore is the sum of all risk factors (used for sorting and filter by risk factors).\n", + "type": "integer" + }, + "ruleID": { + "description": "RuleID is the rule ID.\n", + "type": "string" + }, + "sensitiveData": { + "description": "SensitiveData indicated this path may be used with sensitive data attached in request.\n", + "type": "boolean" + }, + "servers": { + "description": "Servers are the servers seen for this API.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "vulnerabilityDistribution": { + "$ref": "#/components/schemas/vuln.Distribution" + } + }, + "type": "object" + }, + "waas.DoSConfig": { + "description": "DoSConfig is a dos policy specification", + "properties": { + "alert": { + "$ref": "#/components/schemas/waas.DoSRates" + }, + "ban": { + "$ref": "#/components/schemas/waas.DoSRates" + }, + "enabled": { + "description": "Enabled indicates if dos protection is enabled.\n", + "type": "boolean" + }, + "excludedNetworkLists": { + "description": "Network IPs to exclude from DoS tracking.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "matchConditions": { + "description": "Conditions on which to match to track a request. The conditions are \\\"OR\\\"'d together during the check.\n", + "items": { + "$ref": "#/components/schemas/waas.DoSMatchCondition" + }, + "type": "array" + }, + "trackSession": { + "description": "Indicates if the custom session ID generated during bot protection flow is tracked (true) or not (false).\n", + "type": "boolean" + } + }, + "type": "object" + }, + "waas.DoSMatchCondition": { + "description": "DoSMatchCondition is used for matching a request for tracking", + "properties": { + "fileTypes": { + "description": "File types for request matching.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "methods": { + "description": "HTTP methods for request matching.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "responseCodeRanges": { + "description": "Response codes for the request's response matching.\n", + "items": { + "$ref": "#/components/schemas/waas.StatusCodeRange" + }, + "type": "array" + } + }, + "type": "object" + }, + "waas.DoSRates": { + "description": "DoSRates specifies dos requests rates (thresholds)", + "properties": { + "average": { + "description": "Average request rate (requests / second).\n", + "type": "integer" + }, + "burst": { + "description": "Burst request rate (requests / second).\n", + "type": "integer" + } + }, + "type": "object" + }, + "waas.Effect": { + "description": "Effect is the effect that will be used in the rule", + "enum": [ + [ + "ban", + "prevent", + "alert", + "allow", + "disable", + "reCAPTCHA" + ] + ], + "type": "string" + }, + "waas.Endpoint": { + "description": "Endpoint is an application endpoint", + "properties": { + "basePath": { + "description": "Base path for the endpoint.\n", + "type": "string" + }, + "exposedPort": { + "description": "Exposed port that the proxy is listening on.\n", + "type": "integer" + }, + "grpc": { + "description": "Indicates if the proxy supports gRPC (true) or not (false).\n", + "type": "boolean" + }, + "host": { + "description": "URL address (name or IP) of the endpoint's API specification (e.g., petstore.swagger.io). The address can be prefixed with a wildcard (e.g., *.swagger.io).\n", + "type": "string" + }, + "http2": { + "description": "Indicates if the proxy supports HTTP/2 (true) or not (false).\n", + "type": "boolean" + }, + "internalPort": { + "description": "Internal port that the application is listening on.\n", + "type": "integer" + }, + "tls": { + "description": "Indicates if the connection is secured (true) or not (false).\n", + "type": "boolean" + } + }, + "type": "object" + }, + "waas.ExceptionField": { + "description": "ExceptionField is used to perform the protection exception fields", + "properties": { + "key": { + "description": "Field in HTTP request.\n", + "type": "string" + }, + "keyPattern": { + "description": "Match and scrub by keys, relevant when location is not defined.\n", + "type": "boolean" + }, + "location": { + "$ref": "#/components/schemas/waas.ExceptionLocation" + }, + "response": { + "description": "Indicates that sensitive data should be checked in response, only relevant for pattern based sensitive data rule.\n", + "type": "boolean" + }, + "valuePattern": { + "description": "Match and scrub by values, relevant when location is not defined.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "waas.ExceptionLocation": { + "description": "ExceptionLocation indicates exception http field location", + "enum": [ + [ + "path", + "query", + "queryValues", + "cookie", + "UserAgentHeader", + "header", + "body", + "rawBody", + "XMLPath", + "JSONPath" + ] + ], + "type": "string" + }, + "waas.FeatureExceptions": { + "description": "FeatureExceptions represents subnets that should bypass WAAS features", + "properties": { + "subnets": { + "description": "Subnets are network lists for which requests bypass WAAS features.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + "type": "object" + }, + "waas.FileType": { + "description": "FileType is the type of an uploaded file", + "enum": [ + [ + "pdf", + "officeLegacy", + "officeOoxml", + "odf", + "jpeg", + "png", + "gif", + "bmp", + "ico", + "avi", + "mp4", + "aac", + "mp3", + "wav", + "zip", + "gzip", + "rar", + "7zip" + ] + ], + "type": "string" + }, + "waas.FirewallType": { + "description": "FirewallType represents the firewall type", + "enum": [ + [ + "host-proxy", + "host-out-of-band", + "container-proxy", + "container-out-of-band", + "app-embedded", + "agentless", + "REST" + ] + ], + "type": "string" + }, + "waas.GeoData": { + "additionalProperties": { + "$ref": "#/components/schemas/waas.TrafficStats" + }, + "description": "GeoData are the per-country traffic stats", + "type": "object" + }, + "waas.HSTSConfig": { + "description": "HSTSConfig is the HTTP Strict Transport Security configuration in order to enforce HSTS header\nsee: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security", + "properties": { + "enabled": { + "description": "Enabled indicates if HSTS enforcement is enabled.\n", + "type": "boolean" + }, + "includeSubdomains": { + "description": "IncludeSubdomains indicates if this rule applies to all of the site's subdomains as well.\n", + "type": "boolean" + }, + "maxAgeSeconds": { + "description": "maxAgeSeconds is the time (in seconds) that the browser should remember that a site is only be accessed using HTTPS.\n", + "type": "integer" + }, + "preload": { + "description": "Preload indicates if it should support preload.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "waas.HTTPField": { + "description": "HTTPField is used to perform checks on flags and fields", + "properties": { + "key": { + "description": "Key is the key of the field, if exists (e.g. header and cookie).\n", + "type": "string" + }, + "type": { + "$ref": "#/components/schemas/waas.HTTPFieldType" + }, + "value": { + "description": "Value is the value of the field, if exists.\n", + "type": "string" + } + }, + "type": "object" + }, + "waas.HTTPFieldType": { + "description": "HTTPFieldType indicates type of http field", + "enum": [ + [ + "method", + "xmlBody", + "jsonBody", + "formBody", + "multipartBody", + "rawBody", + "rawBodyResponse", + "protobufBody", + "query", + "queryParamName", + "cookie", + "header", + "url" + ] + ], + "type": "string" + }, + "waas.HeaderSpec": { + "description": "HeaderSpec is specification for a single header and its allowed or blocked values", + "properties": { + "allow": { + "description": "Indicates if the flow is to be allowed (true) or blocked (false).\n", + "type": "boolean" + }, + "effect": { + "$ref": "#/components/schemas/waas.Effect" + }, + "name": { + "description": "Header name.\n", + "type": "string" + }, + "required": { + "description": "Indicates if the header must be present (true) or not (false).\n", + "type": "boolean" + }, + "values": { + "description": "Wildcard expressions that represent the header value.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + "type": "object" + }, + "waas.Insight": { + "description": "Insight represents an insight on the dashboard", + "properties": { + "message": { + "description": "Message is the display message of the insight.\n", + "type": "string" + }, + "type": { + "$ref": "#/components/schemas/waas.InsightType" + } + }, + "type": "object" + }, + "waas.InsightType": { + "description": "InsightType is the insight type", + "enum": [ + [ + "vulnerableUnprotectedApps", + "expiredCertificate", + "upcomingCertificateExpiry", + "noAPIProtection" + ] + ], + "type": "string" + }, + "waas.IntelGatheringConfig": { + "description": "IntelGatheringConfig is the configuration for intelligence gathering protections", + "properties": { + "infoLeakageEffect": { + "$ref": "#/components/schemas/waas.Effect" + }, + "removeFingerprintsEnabled": { + "description": "Indicates if server fingerprints should be removed (true) or not (false).\n", + "type": "boolean" + } + }, + "type": "object" + }, + "waas.JSInjectionSpec": { + "description": "JSInjectionSpec is the js injection protection spec", + "properties": { + "enabled": { + "description": "Indicates if JavaScript injection is enabled (true) or not (false).\n", + "type": "boolean" + }, + "timeoutEffect": { + "$ref": "#/components/schemas/waas.Effect" + } + }, + "type": "object" + }, + "waas.KnownBotProtectionsSpec": { + "description": "KnownBotProtectionsSpec is the known bot protections spec", + "properties": { + "archiving": { + "$ref": "#/components/schemas/waas.Effect" + }, + "businessAnalytics": { + "$ref": "#/components/schemas/waas.Effect" + }, + "careerSearch": { + "$ref": "#/components/schemas/waas.Effect" + }, + "contentFeedClients": { + "$ref": "#/components/schemas/waas.Effect" + }, + "educational": { + "$ref": "#/components/schemas/waas.Effect" + }, + "financial": { + "$ref": "#/components/schemas/waas.Effect" + }, + "mediaSearch": { + "$ref": "#/components/schemas/waas.Effect" + }, + "news": { + "$ref": "#/components/schemas/waas.Effect" + }, + "searchEngineCrawlers": { + "$ref": "#/components/schemas/waas.Effect" + } + }, + "type": "object" + }, + "waas.MaliciousUploadConfig": { + "description": "MaliciousUploadConfig is the configuration for file upload protection", + "properties": { + "allowedExtensions": { + "description": "Allowed file extensions.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "allowedFileTypes": { + "description": "Allowed file types.\n", + "items": { + "$ref": "#/components/schemas/waas.FileType" + }, + "type": "array" + }, + "effect": { + "$ref": "#/components/schemas/waas.Effect" + } + }, + "type": "object" + }, + "waas.Method": { + "description": "Method is a method information", + "properties": { + "method": { + "description": "Type of HTTP request (e.g., PUT, GET, etc.).\n", + "type": "string" + }, + "parameters": { + "description": "Parameters that are part of the HTTP request.\n", + "items": { + "$ref": "#/components/schemas/waas.Param" + }, + "type": "array" + } + }, + "type": "object" + }, + "waas.MinTLSVersion": { + "description": "MinTLSVersion is the list of acceptable TLS versions", + "enum": [ + [ + "1.0", + "1.1", + "1.2", + "1.3" + ] + ], + "type": "string" + }, + "waas.MonitoringStats": { + "description": "MonitoringStats are the waas per-profile monitoring stats", + "properties": { + "aggregationStart": { + "description": "AggregationStart indicates when stats aggregation started.\n", + "format": "date-time", + "type": "string" + }, + "firewallType": { + "$ref": "#/components/schemas/waas.FirewallType" + }, + "lastUpdate": { + "description": "LastUpdate indicates when the stats were last updated.\n", + "format": "date-time", + "type": "string" + }, + "profileID": { + "description": "ProfileID is the profile ID.\n", + "type": "string" + }, + "stats": { + "$ref": "#/components/schemas/waas.APIStats" + } + }, + "type": "object" + }, + "waas.NetworkControls": { + "description": "NetworkControls contains the network controls config (e.g., access controls for IPs and countries)", + "properties": { + "advancedProtectionEffect": { + "$ref": "#/components/schemas/waas.Effect" + }, + "countries": { + "$ref": "#/components/schemas/waas.AccessControls" + }, + "exceptionSubnets": { + "description": "Network lists for which requests completely bypass WAAS checks and protections.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "networkControlsExceptionSubnets": { + "$ref": "#/components/schemas/waas.FeatureExceptions" + }, + "subnets": { + "$ref": "#/components/schemas/waas.AccessControls" + } + }, + "type": "object" + }, + "waas.NetworkList": { + "description": "NetworkList represent network list of IP/CIDR in waas", + "properties": { + "_id": { + "description": "Unique ID.\n", + "type": "string" + }, + "description": { + "description": "Description of the network list.\n", + "type": "string" + }, + "disabled": { + "description": "Indicates whether the rule is currently disabled. Values: true (disabled) or false (enabled).\n", + "type": "boolean" + }, + "modified": { + "description": "Specifies the date and time when the rule was last modified.\n", + "format": "date-time", + "type": "string" + }, + "name": { + "description": "Name of the rule.\n", + "type": "string" + }, + "notes": { + "description": "Describes any noteworthy points for a rule. You can include any text.\n", + "type": "string" + }, + "owner": { + "description": "User who created or last modified the rule.\n", + "type": "string" + }, + "previousName": { + "description": "Previous name of the rule. Required for rule renaming.\n", + "type": "string" + }, + "subnets": { + "description": "List of the IPv4 addresses and IP CIDR blocks.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + "type": "object" + }, + "waas.OWASPAPITop10": { + "description": "OWASPAPITop10 represents OWASP API top 10 attacks", + "enum": [ + [ + "excessiveDataExposure", + "lackOfResources&RateLimiting", + "brokenFunctionLevelAuthorization", + "securityMisconfiguration", + "injection" + ] + ], + "type": "string" + }, + "waas.OWASPTop10": { + "description": "OWASPTop10 represents OWASP top 10 attacks", + "enum": [ + [ + "brokenAccessControl", + "cryptographicFailures", + "injection", + "insecureDesign" + ] + ], + "type": "string" + }, + "waas.OpenAPIScan": { + "description": "OpenAPIScan represents the OpenAPI file scan", + "properties": { + "_id": { + "description": "ID is the scan identifier.\n", + "type": "string" + }, + "issueResults": { + "description": "IssueResults are the scanned issues results.\n", + "items": { + "$ref": "#/components/schemas/waas.OpenAPIScanIssueResult" + }, + "type": "array" + }, + "scanInfo": { + "$ref": "#/components/schemas/waas.OpenAPIScanInfo" + }, + "scanStartTime": { + "description": "ScanStartTime is the scan started.\n", + "format": "date-time", + "type": "string" + }, + "severityDistribution": { + "$ref": "#/components/schemas/waas.OpenAPIScanIssuesSeverityDistribution" + }, + "specInfo": { + "$ref": "#/components/schemas/waas.OpenAPISpecInfo" + } + }, + "type": "object" + }, + "waas.OpenAPIScanInfo": { + "description": "OpenAPIScanInfo is the OpenAPI scan info", + "properties": { + "appID": { + "description": "AppID is the WAAS app id the file was imported from.\n", + "type": "string" + }, + "policyType": { + "$ref": "#/components/schemas/common.PolicyType" + }, + "ruleID": { + "description": "RuleID is the WAAS rule id the file was imported from.\n", + "type": "string" + }, + "source": { + "$ref": "#/components/schemas/waas.OpenAPIScanSource" + } + }, + "type": "object" + }, + "waas.OpenAPIScanIssueMetadata": { + "description": "OpenAPIScanIssueMetadata represents the static metadata of an API definition issue\nFields reflect the KICS metadata,\nExample: https://github.com/Checkmarx/kics/blob/master/assets/queries/openAPI/general/items_undefined/metadata.json", + "properties": { + "category": { + "description": "Category is the issue category.\n", + "type": "string" + }, + "descriptionText": { + "description": "DescriptionText is the issue description.\n", + "type": "string" + }, + "descriptionUrl": { + "description": "DescriptionURL is the issue information url.\n", + "type": "string" + }, + "id": { + "description": "ID is the unique identifier of the issue metadata.\n", + "type": "string" + }, + "override": { + "additionalProperties": { + "$ref": "#/components/schemas/waas.OpenAPIScanIssueMetadata" + }, + "description": "Override is the list of possible override fields by OpenAPI version.\n", + "type": "object" + }, + "queryName": { + "description": "Name is the issue name.\n", + "type": "string" + }, + "severity": { + "$ref": "#/components/schemas/waas.OpenAPIScanIssueSeverity" + } + }, + "type": "object" + }, + "waas.OpenAPIScanIssueResult": { + "description": "OpenAPIScanIssueResult represents a specific issue result in the OpenAPI spec file\nFields reflect the KICS rego queries result,\nExample: https://github.com/Checkmarx/kics/blob/master/assets/queries/openAPI/general/items_undefined/query.rego", + "properties": { + "_id": { + "description": "ID is the issue result ID.\n", + "type": "integer" + }, + "category": { + "description": "Category is the issue category.\n", + "type": "string" + }, + "descriptionText": { + "description": "DescriptionText is the issue description.\n", + "type": "string" + }, + "descriptionUrl": { + "description": "DescriptionURL is the issue information url.\n", + "type": "string" + }, + "id": { + "description": "ID is the unique identifier of the issue metadata.\n", + "type": "string" + }, + "override": { + "additionalProperties": { + "$ref": "#/components/schemas/waas.OpenAPIScanIssueMetadata" + }, + "description": "Override is the list of possible override fields by OpenAPI version.\n", + "type": "object" + }, + "queryName": { + "description": "Name is the issue name.\n", + "type": "string" + }, + "searchKey": { + "description": "SearchKey is the issue location in the spec file.\n", + "type": "string" + }, + "severity": { + "$ref": "#/components/schemas/waas.OpenAPIScanIssueSeverity" + }, + "status": { + "description": "Status is the issue status.\n", + "type": "string" + } + }, + "type": "object" + }, + "waas.OpenAPIScanIssueSeverity": { + "description": "OpenAPIScanIssueSeverity is the OpenAPI spec file issue severity", + "enum": [ + [ + "INFO", + "LOW", + "MEDIUM", + "HIGH" + ] + ], + "type": "string" + }, + "waas.OpenAPIScanIssueStatus": { + "description": "OpenAPIScanIssueStatus represents an OpenAPI file issue status", + "properties": { + "id": { + "description": "ID is the issue result ID.\n", + "type": "integer" + }, + "status": { + "description": "Status is the issue status.\n", + "type": "string" + } + }, + "type": "object" + }, + "waas.OpenAPIScanIssuesSeverityDistribution": { + "description": "OpenAPIScanIssuesSeverityDistribution counts the number of issues per severity type", + "properties": { + "high": { + "description": "High is the high severity issues count.\n", + "type": "integer" + }, + "info": { + "description": "Info is the info severity issues count.\n", + "type": "integer" + }, + "low": { + "description": "Low is the low severity issues count.\n", + "type": "integer" + }, + "medium": { + "description": "Medium is the medium severity issues count.\n", + "type": "integer" + } + }, + "type": "object" + }, + "waas.OpenAPIScanSource": { + "description": "OpenAPIScanSource is the scan trigger source", + "enum": [ + [ + "app", + "cli", + "manual" + ] + ], + "type": "string" + }, + "waas.OpenAPISpecInfo": { + "description": "OpenAPISpecInfo is the OpenAPI spec info", + "properties": { + "content": { + "description": "Content is the OpenAPI spec content.\n", + "items": { + "$ref": "#/components/schemas/byte" + }, + "type": "array" + }, + "contentType": { + "description": "ContentType is the OpenAPI spec file content type.\n", + "type": "string" + }, + "fileName": { + "description": "FileName is the OpenAPI spec file name.\n", + "type": "string" + } + }, + "type": "object" + }, + "waas.OutOfBandMode": { + "description": "OutOfBandMode holds the app firewall out-of-band mode", + "enum": [ + [ + "", + "Observation", + "Protection" + ] + ], + "type": "string" + }, + "waas.OutOfBandRuleScope": { + "description": "OutOfBandRuleScope represents the Out-of-Band Rule Scope", + "enum": [ + [ + "container", + "host", + "" + ] + ], + "type": "string" + }, + "waas.Param": { + "description": "Param contains a parameter information", + "properties": { + "allowEmptyValue": { + "description": "Indicates if an empty value is allowed (true) or not (false).\n", + "type": "boolean" + }, + "array": { + "description": "Indicates if multiple values of the specified type are allowed (true) or not (false).\n", + "type": "boolean" + }, + "explode": { + "description": "Indicates if arrays should generate separate parameters for each array item or object property.\n", + "type": "boolean" + }, + "location": { + "$ref": "#/components/schemas/waas.ParamLocation" + }, + "max": { + "description": "Maximum allowable value for a numeric parameter.\n", + "format": "double", + "type": "number" + }, + "min": { + "description": "Minimum allowable value for a numeric parameter.\n", + "format": "double", + "type": "number" + }, + "name": { + "description": "Name of the parameter.\n", + "type": "string" + }, + "required": { + "description": "Indicates if the parameter is required (true) or not (false).\n", + "type": "boolean" + }, + "style": { + "$ref": "#/components/schemas/waas.ParamStyle" + }, + "type": { + "$ref": "#/components/schemas/waas.ParamType" + } + }, + "type": "object" + }, + "waas.ParamLocation": { + "description": "ParamLocation is the location of a parameter", + "enum": [ + [ + "path", + "query", + "cookie", + "header", + "body", + "json", + "xml", + "formData", + "multipart" + ] + ], + "type": "string" + }, + "waas.ParamStyle": { + "description": "ParamStyle is a param format style, defined by OpenAPI specification\nIt describes how the parameter value will be serialized depending on the type of the parameter value.\nRef: https://swagger.io/docs/specification/serialization/\nhttps://github.com/OAI/OpenAPI-Specification/blob/master/versions/3.0.0.md#style-examples", + "enum": [ + [ + "simple", + "spaceDelimited", + "tabDelimited", + "pipeDelimited", + "form", + "matrix", + "label" + ] + ], + "type": "string" + }, + "waas.ParamType": { + "description": "ParamType is the type of a parameter, defined by OpenAPI specification\nRef: https://github.com/OAI/OpenAPI-Specification/blob/master/versions/2.0.md#data-types", + "enum": [ + [ + "integer", + "number", + "string", + "boolean", + "array", + "object" + ] + ], + "type": "string" + }, + "waas.Path": { + "description": "Path is an API path information", + "properties": { + "methods": { + "description": "Supported operations for the path (e.g., PUT, GET, etc.).\n", + "items": { + "$ref": "#/components/schemas/waas.Method" + }, + "type": "array" + }, + "path": { + "description": "Relative path to an endpoint such as \\\"/pet/{petId}\\\".\n", + "type": "string" + } + }, + "type": "object" + }, + "waas.Policy": { + "description": "Policy representation details", + "properties": { + "_id": { + "description": "Unique internal ID.\n", + "type": "string" + }, + "maxPort": { + "description": "Specifies the upper limit (maxima) for a port number to use in an application firewall.\n", + "type": "integer" + }, + "minPort": { + "description": "Specifies the lower limit (minima) for a port number to use in an application firewall.\n", + "type": "integer" + }, + "rules": { + "description": "Specifies the rules in a policy.\n", + "items": { + "$ref": "#/components/schemas/waas.Rule" + }, + "type": "array" + } + }, + "type": "object" + }, + "waas.PolicyStats": { + "description": "PolicyStats contains the WAAS policy statistics", + "properties": { + "appStats": { + "$ref": "#/components/schemas/waas.AppStats" + }, + "apps": { + "description": "Apps is the total amount of apps in the WAAS policies.\n", + "type": "integer" + }, + "rules": { + "description": "Rules is the total amount of rules in the WAAS policies.\n", + "type": "integer" + } + }, + "type": "object" + }, + "waas.Protection": { + "description": "Protection is the type of protection", + "enum": [ + [ + "firewall", + "dos", + "bot", + "custom", + "accessControl" + ] + ], + "type": "string" + }, + "waas.ProtectionConfig": { + "description": "ProtectionConfig represents a WAAS protection config", + "properties": { + "effect": { + "$ref": "#/components/schemas/waas.Effect" + }, + "exceptionFields": { + "description": "Exceptions.\n", + "items": { + "$ref": "#/components/schemas/waas.ExceptionField" + }, + "type": "array" + } + }, + "type": "object" + }, + "waas.ProtectionStatus": { + "description": "ProtectionStatus describes the status of the WAAS protection", + "properties": { + "enabled": { + "description": "Enabled indicates if WAAS proxy protection is enabled (true) or not (false).\n", + "type": "boolean" + }, + "outOfBandMode": { + "$ref": "#/components/schemas/waas.OutOfBandMode" + }, + "ports": { + "description": "Ports indicates http open ports associated with the container.\n", + "items": { + "$ref": "#/components/schemas/int" + }, + "type": "array" + }, + "supported": { + "description": "Supported indicates if WAAS protection is supported (true) or not (false).\n", + "type": "boolean" + }, + "tlsPorts": { + "description": "TLSPorts indicates https open ports associated with the container.\n", + "items": { + "$ref": "#/components/schemas/int" + }, + "type": "array" + }, + "unprotectedProcesses": { + "description": "UnprotectedProcesses holds the processes that support HTTP/HTTPS without WAAS protection.\n", + "items": { + "$ref": "#/components/schemas/waas.UnprotectedProcess" + }, + "type": "array" + } + }, + "type": "object" + }, + "waas.ReCAPTCHASpec": { + "description": "ReCAPTCHASpec is the reCAPTCHA spec", + "properties": { + "allSessions": { + "description": "Indicates if the reCAPTCHA page is served at the start of every new session (true) or not (false).\n", + "type": "boolean" + }, + "customPageSpec": { + "$ref": "#/components/schemas/waas.CustomReCAPTCHAPageSpec" + }, + "enabled": { + "description": "Indicates if reCAPTCHA integration is enabled (true) or not (false).\n", + "type": "boolean" + }, + "secretKey": { + "$ref": "#/components/schemas/common.Secret" + }, + "siteKey": { + "description": "ReCAPTCHA site key to use when invoking the reCAPTCHA service.\n", + "type": "string" + }, + "successExpirationHours": { + "description": "Duration for which the indication of reCAPTCHA success is kept. Maximum value is 30 days * 24 = 720 hours.\n", + "type": "integer" + }, + "type": { + "$ref": "#/components/schemas/waas.ReCAPTCHAType" + } + }, + "type": "object" + }, + "waas.ReCAPTCHAType": { + "description": "ReCAPTCHAType is the reCAPTCHA configured type", + "enum": [ + [ + "checkbox", + "invisible" + ] + ], + "type": "string" + }, + "waas.RemoteHostForwardingConfig": { + "description": "RemoteHostForwardingConfig defines a remote host to forward requests to", + "properties": { + "enabled": { + "description": "Indicates if remote host forwarding is enabled (true) or not (false).\n", + "type": "boolean" + }, + "target": { + "description": "Remote host to forward requests to.\n", + "type": "string" + } + }, + "type": "object" + }, + "waas.ReqErrorCtx": { + "description": "ReqErrorCtx is the request error context", + "properties": { + "defender": { + "description": "Defender is the defender name from which the error originated.\n", + "type": "string" + }, + "err": { + "description": "Err is the API error.\n", + "type": "string" + }, + "requestInspectionDuration": { + "description": "RequestInspectionDuration is the request inspection handling time by the WAAS plugins (time spent in WAAS before forwarding the request and handling the response).\n", + "format": "int64", + "type": "integer" + }, + "requestStart": { + "description": "RequestStart is the request start time.\n", + "format": "date-time", + "type": "string" + }, + "route": { + "description": "Route is the API route.\n", + "type": "string" + }, + "serveDuration": { + "description": "ServeDuration is the total request handling time including forwarding and response until the error.\n", + "format": "int64", + "type": "integer" + } + }, + "type": "object" + }, + "waas.RequestAnomalies": { + "description": "RequestAnomalies is the request anomalies spec", + "properties": { + "effect": { + "$ref": "#/components/schemas/waas.Effect" + }, + "threshold": { + "$ref": "#/components/schemas/waas.RequestAnomalyThreshold" + } + }, + "type": "object" + }, + "waas.RequestAnomalyThreshold": { + "description": "RequestAnomalyThreshold is the score threshold for which request anomaly violation is triggered", + "enum": [ + [ + "3", + "6", + "9" + ] + ], + "type": "integer" + }, + "waas.ResponseCodeStats": { + "description": "ResponseCodeStats holds counts of different response types\nCategories taken from: https://developer.mozilla.org/en-US/docs/Web/HTTP/Status", + "properties": { + "clientErrors": { + "description": "ClientErrors are the codes in the 400-499 range.\n", + "type": "integer" + }, + "informational": { + "description": "Informational are the codes in the 100-199 range.\n", + "type": "integer" + }, + "redirects": { + "description": "Redirects are the codes in the 300-399 range.\n", + "type": "integer" + }, + "serverErrors": { + "description": "ServerErrors are the codes in the 500-599 range.\n", + "type": "integer" + }, + "successful": { + "description": "Successful are the codes in the 200-299 range.\n", + "type": "integer" + } + }, + "type": "object" + }, + "waas.ResponseHeaderSpec": { + "description": "ResponseHeaderSpec is specification for a single response header to modify", + "properties": { + "name": { + "description": "Header name (will be canonicalized when possible).\n", + "type": "string" + }, + "override": { + "description": "Indicates whether to override existing values (true) or add to them (false).\n", + "type": "boolean" + }, + "values": { + "description": "New header values.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + "type": "object" + }, + "waas.Rule": { + "description": "Rule details for an application firewall", + "properties": { + "allowMalformedHttpHeaderNames": { + "description": "Indicates whether to allow non-compliant characters in the HTTP request header.\n", + "type": "boolean" + }, + "applicationsSpec": { + "description": "Lists the OpenAPI specifications in a rule.\n", + "items": { + "$ref": "#/components/schemas/waas.ApplicationSpec" + }, + "type": "array" + }, + "autoProtectPorts": { + "description": "Indicates whether to automatically detect and protect the HTTP ports.\n", + "type": "boolean" + }, + "collections": { + "description": "Scopes the rule based on a list of collections.\n", + "items": { + "$ref": "#/components/schemas/collection.Collection" + }, + "type": "array" + }, + "disabled": { + "description": "Indicates whether the rule is currently disabled. Values: true (disabled) or false (enabled).\n", + "type": "boolean" + }, + "modified": { + "description": "Specifies the date and time when the rule was last modified.\n", + "format": "date-time", + "type": "string" + }, + "name": { + "description": "Name of the rule.\n", + "type": "string" + }, + "notes": { + "description": "Describes any noteworthy points for a rule. You can include any text.\n", + "type": "string" + }, + "outOfBandScope": { + "$ref": "#/components/schemas/waas.OutOfBandRuleScope" + }, + "owner": { + "description": "User who created or last modified the rule.\n", + "type": "string" + }, + "previousName": { + "description": "Previous name of the rule. Required for rule renaming.\n", + "type": "string" + }, + "readTimeoutSeconds": { + "description": "Specifies the timeout of the request reads in seconds. Default: 5 seconds.\n", + "type": "integer" + }, + "skipAPILearning": { + "description": "Indicates whether to skip the API discovery. Values: true (skipped) or false (Do not skip).\n", + "type": "boolean" + }, + "trafficMirroring": { + "$ref": "#/components/schemas/waas.TrafficMirroringConfig" + }, + "windows": { + "description": "Indicates whether the operating system of the app is Microsoft Windows. The default is Linux.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "waas.SameSite": { + "description": "SameSite allows a server to define a cookie attribute making it impossible for\nthe browser to send this cookie along with cross-site requests. The main\ngoal is to mitigate the risk of cross-origin information leakage, and provide\nsome protection against cross-site request forgery attacks.\n\nSee https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite for details", + "enum": [ + [ + "Lax", + "Strict", + "None" + ] + ], + "type": "string" + }, + "waas.SensitiveDataSpec": { + "description": "SensitiveDataSpec defined a single sensitive data specification", + "properties": { + "disabled": { + "description": "Indicates whether the rule is currently disabled. Values: true (disabled) or false (enabled).\n", + "type": "boolean" + }, + "key": { + "description": "Field in HTTP request.\n", + "type": "string" + }, + "keyPattern": { + "description": "Match and scrub by keys, relevant when location is not defined.\n", + "type": "boolean" + }, + "location": { + "$ref": "#/components/schemas/waas.ExceptionLocation" + }, + "modified": { + "description": "Specifies the date and time when the rule was last modified.\n", + "format": "date-time", + "type": "string" + }, + "name": { + "description": "Name of the rule.\n", + "type": "string" + }, + "notes": { + "description": "Describes any noteworthy points for a rule. You can include any text.\n", + "type": "string" + }, + "owner": { + "description": "User who created or last modified the rule.\n", + "type": "string" + }, + "placeholder": { + "description": "Placeholder is the placeholder text to replace the matched field content.\n", + "type": "string" + }, + "previousName": { + "description": "Previous name of the rule. Required for rule renaming.\n", + "type": "string" + }, + "response": { + "description": "Indicates that sensitive data should be checked in response, only relevant for pattern based sensitive data rule.\n", + "type": "boolean" + }, + "sensitiveData": { + "description": "SensitiveData indicates this spec is used for marking APIs as using sensitive data for API discovery.\n", + "type": "boolean" + }, + "skipLogScrubbing": { + "description": "SkipLogScrubbing indicates this spec is not used for log scrubbing.\n", + "type": "boolean" + }, + "valuePattern": { + "description": "Match and scrub by values, relevant when location is not defined.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "waas.SensitiveDataSpecs": { + "description": "SensitiveDataSpecs is the sensitive data specifications", + "items": { + "$ref": "#/components/schemas/waas.SensitiveDataSpec" + }, + "type": "array" + }, + "waas.SizeRangeDistribution": { + "additionalProperties": { + "$ref": "#/components/schemas/int" + }, + "type": "object" + }, + "waas.StatusCodeDistribution": { + "additionalProperties": { + "$ref": "#/components/schemas/int" + }, + "type": "object" + }, + "waas.StatusCodeRange": { + "description": "StatusCodeRange represents a status code range", + "properties": { + "end": { + "description": "End of the range. Can be omitted if using a single status code.\n", + "type": "integer" + }, + "start": { + "description": "Start of the range. Can also be used for a single, non-range value.\n", + "type": "integer" + } + }, + "type": "object" + }, + "waas.TLSConfig": { + "description": "TLSConfig holds the user TLS configuration and the certificate data", + "properties": { + "HSTSConfig": { + "$ref": "#/components/schemas/waas.HSTSConfig" + }, + "metadata": { + "$ref": "#/components/schemas/waas.CertificateMeta" + }, + "minTLSVersion": { + "$ref": "#/components/schemas/waas.MinTLSVersion" + } + }, + "type": "object" + }, + "waas.TrafficMirroringConfig": { + "description": "TrafficMirroringConfig specifies the traffic mirroring configuration is fine in that case", + "properties": { + "enabled": { + "description": "TODO #41884 - remove traffic mirroring enabled flag when no longer needed for BC\nEnabled indicates if traffic mirroring is enabled.\n", + "type": "boolean" + }, + "sampling": { + "description": "Sampling indicates if this is a sampling VPC.\n", + "type": "boolean" + }, + "vpcConfig": { + "$ref": "#/components/schemas/waas.VPCConfig" + } + }, + "type": "object" + }, + "waas.TrafficStats": { + "description": "TrafficStats are traffic stats", + "properties": { + "attacks": { + "description": ".\n", + "type": "integer" + }, + "requests": { + "description": ".\n", + "type": "integer" + } + }, + "type": "object" + }, + "waas.UnknownBotProtectionSpec": { + "description": "UnknownBotProtectionSpec is the unknown bot protection spec", + "properties": { + "apiLibraries": { + "$ref": "#/components/schemas/waas.Effect" + }, + "botImpersonation": { + "$ref": "#/components/schemas/waas.Effect" + }, + "browserImpersonation": { + "$ref": "#/components/schemas/waas.Effect" + }, + "generic": { + "$ref": "#/components/schemas/waas.Effect" + }, + "httpLibraries": { + "$ref": "#/components/schemas/waas.Effect" + }, + "requestAnomalies": { + "$ref": "#/components/schemas/waas.RequestAnomalies" + }, + "webAutomationTools": { + "$ref": "#/components/schemas/waas.Effect" + }, + "webScrapers": { + "$ref": "#/components/schemas/waas.Effect" + } + }, + "type": "object" + }, + "waas.UnprotectedAppsVulnStats": { + "description": "UnprotectedAppsVulnStats contains vulnerability statistics of unprotected web apps", + "properties": { + "critical": { + "description": ".\n", + "type": "integer" + }, + "high": { + "description": ".\n", + "type": "integer" + }, + "low": { + "description": ".\n", + "type": "integer" + }, + "medium": { + "description": ".\n", + "type": "integer" + }, + "none": { + "description": ".\n", + "type": "integer" + } + }, + "type": "object" + }, + "waas.UnprotectedContainersWebApps": { + "description": "UnprotectedContainersWebApps contains the result of scanning unprotected containers summary", + "properties": { + "_id": { + "description": "Image is the image name.\n", + "type": "string" + }, + "count": { + "description": "Count is the sum of containers using this image.\n", + "type": "integer" + }, + "ports": { + "description": "Ports is the open http ports on containers using this image.\n", + "items": { + "$ref": "#/components/schemas/int" + }, + "type": "array" + }, + "tlsPorts": { + "description": "TLSPorts is the open https ports on containers using this image.\n", + "items": { + "$ref": "#/components/schemas/int" + }, + "type": "array" + } + }, + "type": "object" + }, + "waas.UnprotectedHostsWebApps": { + "description": "UnprotectedHostsWebApps contains the result of scanning unprotected hosts summary", + "properties": { + "hostname": { + "description": "Hostname is the host name.\n", + "type": "string" + }, + "unprotectedProcesses": { + "description": "UnprotectedProcesses is processes that uses HTTP/HTTPs but are unprotected by WAAS.\n", + "items": { + "$ref": "#/components/schemas/waas.UnprotectedProcess" + }, + "type": "array" + } + }, + "type": "object" + }, + "waas.UnprotectedProcess": { + "description": "UnprotectedProcess holds unprotected processes alongside the port", + "properties": { + "port": { + "description": "Port is the process port.\n", + "type": "integer" + }, + "process": { + "description": "Process is the process name.\n", + "type": "string" + }, + "tls": { + "description": "TLS is the port TLS indication.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "waas.UserDefinedBot": { + "description": "UserDefinedBot indicates a user-defined bot and its effect", + "properties": { + "effect": { + "$ref": "#/components/schemas/waas.Effect" + }, + "headerName": { + "description": "Header name which defines the bot.\n", + "type": "string" + }, + "headerValues": { + "description": "Header values corresponding to the header name. Can contain wildcards.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "name": { + "description": "Name of the bot.\n", + "type": "string" + }, + "subnets": { + "description": "Subnets where the bot originates. Specify using network lists.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + "type": "object" + }, + "waas.VPCConfig": { + "description": "VPCConfig is the VPC configuration (there is a 1-to-1 relation with the rule, only one configuration per rule)", + "properties": { + "autoScalingEnabled": { + "description": "AutoScalingEnabled indicates that the deployment is made with auto VPC observer instances scaling.\n", + "type": "boolean" + }, + "autoScalingMaxInstances": { + "description": "AutoScalingMaxInstances is the maximum deployed instances when auto scaling is enabled.\n", + "type": "integer" + }, + "configID": { + "description": "ConfigID is a unique ID for the configuration.\n", + "type": "string" + }, + "consoleHostname": { + "description": "ConsoleHostname represents the hostname of the console to connect to.\n", + "type": "string" + }, + "credentialID": { + "description": "CredentialID is the service provider authentication data.\n", + "type": "string" + }, + "instanceNames": { + "description": "InstanceNames are the names of the instances to mirror (can be wildcard).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "instanceType": { + "description": "InstanceType is the instance type to use for the defender instance.\n", + "type": "string" + }, + "lbARN": { + "description": "LBARN is the ARN of the observed load balancer.\n", + "type": "string" + }, + "lbName": { + "description": "LBName is the name of the observed load balancer.\n", + "type": "string" + }, + "lbType": { + "description": "LBType is the type of the observed load balancer (currentlly only ALB is supported).\n", + "type": "string" + }, + "ports": { + "description": "Ports are the ports to mirror.\n", + "items": { + "$ref": "#/components/schemas/int" + }, + "type": "array" + }, + "region": { + "description": "Region is the AWS region the mirrored VMs are located in.\n", + "type": "string" + }, + "subnetID": { + "description": "SubnetID is the ID of the subnet the defender will be deployed in.\n", + "type": "string" + }, + "tags": { + "description": "Tags are the tags to filter for instances to mirror in Key:Value format or \"*\".\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "vpcID": { + "description": "VPCID is the ID of the VPC to look for instances to mirror and to deploy the defender in.\n", + "type": "string" + } + }, + "type": "object" + }, + "waas.VPCConfigMirroredResource": { + "description": "VPCConfigMirroredResource is a resource(vm or LB) mirrored by a VPC configuration deployment", + "properties": { + "id": { + "description": "ID is the resource ID.\n", + "type": "string" + }, + "name": { + "description": "Name is the resource name.\n", + "type": "string" + } + }, + "type": "object" + }, + "waas.VPCConfigResource": { + "description": "VPCConfigResource is a resource created by a VPC configuration deployment", + "properties": { + "id": { + "description": "ID is the resource ID.\n", + "type": "string" + }, + "name": { + "description": "Name is the resource name.\n", + "type": "string" + }, + "type": { + "description": "Type is the resource type.\n", + "type": "string" + } + }, + "type": "object" + }, + "waas.VPCConfigState": { + "description": "VPCConfigState is the state of a VPC configuration\nThis includes only the state needed by the frontend\nbson bindings do not omit empty as the structure is updated using upsert and fields may need to be set to empty value", + "properties": { + "configID": { + "description": "ConfigID is the ID of the VPC configuration.\n", + "type": "string" + }, + "error": { + "description": "Error is the error received during deployment (on failure).\n", + "type": "string" + }, + "lastUpdate": { + "description": "LastUpdate is the time when the deployment was last updated.\n", + "format": "date-time", + "type": "string" + }, + "status": { + "$ref": "#/components/schemas/waas.VPCConfigStatus" + } + }, + "type": "object" + }, + "waas.VPCConfigStatus": { + "description": "VPCConfigStatus is the status of a VPC configuration deployment", + "enum": [ + [ + "inProcess", + "error", + "ready", + "deletionInProgress", + "deleteError", + "deleted" + ] + ], + "type": "string" + }, + "waas.WebAppsDiscoverySettings": { + "description": "WebAppsDiscoverySettings is the web apps discovery settings", + "properties": { + "disabled": { + "description": "Disabled indicates whether web apps discovery is disabled.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "wildfire.Usage": { + "description": "Usage holds wildfire usage stats, period for the usage varies with context", + "properties": { + "bytes": { + "description": "Bytes is the total number of bytes uploaded to the WildFire API.\n", + "format": "int64", + "type": "integer" + }, + "queries": { + "description": "Queries is the number of queries to the WildFire API.\n", + "format": "int64", + "type": "integer" + }, + "uploads": { + "description": "Uploads is the number of uploads to the WildFire API.\n", + "format": "int64", + "type": "integer" + } + }, + "type": "object" + } + } + }, + "info": { + "title": "Prisma Cloud Compute API", + "version": "33.03.138", + "description": { + "$ref": "desc/intro.md" + } + }, + "openapi": "3.0.3", + "paths": { + "/api/v1/certs/ca.pem": { + "get": { + "description": { + "$ref": "desc/certs/capem_get.md" + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Certs" + ], + "x-prisma-cloud-target-env": { + "permission": "accessUI" + }, + "operationId": "get-certs-ca.pem", + "summary": "Get CA PEM Certificate File" + } + }, + "/api/v1/certs/server-certs.sh": { + "get": { + "description": { + "$ref": "desc/certs/server-certs_get.md" + }, + "parameters": [ + { + "description": "OS is the target os.\n", + "in": "query", + "name": "os", + "schema": { + "type": "string" + } + }, + { + "description": "IPs is the list of addresses for which the certificates are generated.\n", + "in": "query", + "name": "ip", + "schema": { + "type": "string" + } + }, + { + "description": "Hostname is the target defender hostname.\n", + "in": "query", + "name": "hostname", + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_uint8" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Certs" + ], + "x-prisma-cloud-target-env": { + "permission": "manageDefenders" + }, + "operationId": "get-certs-server-certs.sh", + "summary": "Get Server Certificates" + } + }, + "/api/v1/registry/webhook/webhook": { + "delete": { + "description": { + "$ref": "desc/registry/webhook_webhook_delete.md" + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Registry" + ], + "x-prisma-cloud-target-env": { + "permission": "none" + }, + "operationId": "delete-registry-webhook-webhook", + "summary": "Delete a Registry Webhook" + }, + "post": { + "description": { + "$ref": "desc/registry/webhook_webhook_post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/types.RegistryWebhookRequest" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Registry" + ], + "x-prisma-cloud-target-env": { + "permission": "none" + }, + "operationId": "post-registry-webhook-webhook", + "summary": "Registry Webhook" + } + }, + "/api/v1/signup": { + "post": { + "description": { + "$ref": "desc/signup/post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/api.AuthenticationRequest" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Signup" + ], + "x-prisma-cloud-target-env": { + "permission": "none" + }, + "operationId": "post-signup", + "summary": "Create Admin Account" + } + }, + "/api/v1/util/prisma-cloud-jenkins-plugin.hpi": { + "get": { + "description": { + "$ref": "desc/util/twistlock_jenkins_plugin_get.md" + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Util" + ], + "x-prisma-cloud-target-env": { + "permission": "downloads" + }, + "operationId": "get-util-prisma-cloud-jenkins-plugin.hpi", + "summary": "Download Jenkins Plugin for Prisma Cloud Compute" + } + }, + "/api/v1/util/tas-tile": { + "get": { + "description": { + "$ref": "desc/util/twistlock_tas_tile_get.md" + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Util" + ], + "x-prisma-cloud-target-env": { + "permission": "manageDefenders" + }, + "operationId": "get-util-tas-tile", + "summary": "Download VMware TAS Tile for Prisma Cloud Compute" + } + }, + "/api/v33.03/_ping": { + "get": { + "description": { + "$ref": "desc/_ping/get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_uint8" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "_Ping" + ], + "x-prisma-cloud-target-env": { + "permission": "none" + }, + "operationId": "get-_ping", + "summary": "Ping" + } + }, + "/api/v33.03/agentless/progress": { + "get": { + "description": { + "$ref": "desc/agentless/get_agentless_progress.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.Progress" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Agentless" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorHosts" + }, + "operationId": "get-agentless-progress", + "summary": "View the Agentless Scan Progress" + } + }, + "/api/v33.03/agentless/scan": { + "post": { + "description": { + "$ref": "desc/agentless/post_agentless_scan.md" + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Agentless" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorHosts" + }, + "operationId": "post-agentless-scan", + "summary": "Start Agentless Scan" + } + }, + "/api/v33.03/agentless/stop": { + "post": { + "description": { + "$ref": "desc/agentless/post_agentless_stop.md" + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Agentless" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorHosts" + }, + "operationId": "post-agentless-stop", + "summary": "Stop an Ongoing Scan" + } + }, + "/api/v33.03/agentless/templates": { + "post": { + "description": { + "$ref": "desc/agentless/post_agentless_templates.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/types.AgentlessResourceTemplatesRequest" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Agentless" + ], + "x-prisma-cloud-target-env": { + "permission": "manageCreds" + }, + "operationId": "post-agentless-templates", + "summary": "Download Agentless Permission Templates" + } + }, + "/api/v33.03/application-control/host": { + "get": { + "description": { + "$ref": "desc/application-control/get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_applicationcontrol.Rule" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Application-Control" + ], + "x-prisma-cloud-target-env": { + "permission": "policyHosts" + }, + "operationId": "get-application-control-host", + "summary": "Host Application Control Rule" + }, + "put": { + "description": { + "$ref": "desc/application-control/put.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/applicationcontrol.Rule" + } + } + } + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/applicationcontrol.Rule" + } + } + }, + "description": "Rule represents an application control policy rule" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Application-Control" + ], + "x-prisma-cloud-target-env": { + "permission": "policyHosts" + }, + "operationId": "put-application-control-host", + "summary": "Update Host Application Control Rules" + } + }, + "/api/v33.03/application-control/host/{id}": { + "delete": { + "description": { + "$ref": "desc/application-control/id_delete.md" + }, + "parameters": [ + { + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Application-Control" + ], + "x-prisma-cloud-target-env": { + "permission": "policyHosts" + }, + "operationId": "delete-application-control-host-id", + "summary": "Delete a Host Application Control Rule" + } + }, + "/api/v33.03/audits/access": { + "get": { + "description": { + "$ref": "desc/audits/access_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Type is the audit type.\n", + "in": "query", + "name": "type", + "schema": { + "type": "string" + } + }, + { + "description": "RuleNames are the rules names to filter by.\n", + "in": "query", + "name": "ruleName", + "schema": { + "description": "RuleNames are the rules names to filter by.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "APIs are apis to filter by.\n", + "in": "query", + "name": "api", + "schema": { + "description": "APIs are apis to filter by.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hosts are hosts to filter by.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hosts are hosts to filter by.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Users are users to filter by.\n", + "in": "query", + "name": "user", + "schema": { + "description": "Users are users to filter by.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Allow indicated whether allowed requests should be shown.\n", + "in": "query", + "name": "allow", + "schema": { + "type": "string" + } + }, + { + "description": "Clusters is the cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Clusters is the cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.Audit" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorAccessDocker" + }, + "operationId": "get-audits-access", + "summary": "Get Docker Access Audit Events" + } + }, + "/api/v33.03/audits/access/download": { + "get": { + "description": { + "$ref": "desc/audits/access_download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Type is the audit type.\n", + "in": "query", + "name": "type", + "schema": { + "type": "string" + } + }, + { + "description": "RuleNames are the rules names to filter by.\n", + "in": "query", + "name": "ruleName", + "schema": { + "description": "RuleNames are the rules names to filter by.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "APIs are apis to filter by.\n", + "in": "query", + "name": "api", + "schema": { + "description": "APIs are apis to filter by.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hosts are hosts to filter by.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hosts are hosts to filter by.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Users are users to filter by.\n", + "in": "query", + "name": "user", + "schema": { + "description": "Users are users to filter by.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Allow indicated whether allowed requests should be shown.\n", + "in": "query", + "name": "allow", + "schema": { + "type": "string" + } + }, + { + "description": "Clusters is the cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Clusters is the cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorAccessDocker" + }, + "operationId": "get-audits-access-download", + "summary": "Download Docker Access Audit Events" + } + }, + "/api/v33.03/audits/admission": { + "get": { + "description": { + "$ref": "desc/audits/admission_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "From is an optional minimum time constraints for the activity.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the activity.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "in": "query", + "name": "namespace", + "schema": { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Operations is the list of operations to use for filtering.\n", + "in": "query", + "name": "operation", + "schema": { + "description": "Operations is the list of operations to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Clusters is the cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Clusters is the cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_admission.Audit" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorAccessKubernetes" + }, + "operationId": "get-audits-admission", + "summary": "Get Admission Audit Events" + } + }, + "/api/v33.03/audits/admission/download": { + "get": { + "description": { + "$ref": "desc/audits/admission_download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "From is an optional minimum time constraints for the activity.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the activity.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "in": "query", + "name": "namespace", + "schema": { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Operations is the list of operations to use for filtering.\n", + "in": "query", + "name": "operation", + "schema": { + "description": "Operations is the list of operations to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Clusters is the cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Clusters is the cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorAccessKubernetes" + }, + "operationId": "get-audits-admission-download", + "summary": "Download Admission Audit Events" + } + }, + "/api/v33.03/audits/firewall/app/agentless": { + "get": { + "description": { + "$ref": "desc/audits/waas_agentless_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Images is the image names filter.\n", + "in": "query", + "name": "imageName", + "schema": { + "description": "Images is the image names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Containers is the container names filter.\n", + "in": "query", + "name": "containerName", + "schema": { + "description": "Containers is the container names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hosts is the hostnames filter.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hosts is the hostnames filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RuleNames is the rule names filter.\n", + "in": "query", + "name": "ruleName", + "schema": { + "description": "RuleNames is the rule names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Types is the firewall audit type filter.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Types is the firewall audit type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Effect is used to filter by runtime audit effect.\n", + "in": "query", + "name": "effect", + "schema": { + "type": "string" + } + }, + { + "description": "RuleAppIDs is the rule app IDs filter.\n", + "in": "query", + "name": "ruleAppID", + "schema": { + "description": "RuleAppIDs is the rule app IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "FunctionName is used to filter by function name.\n", + "in": "query", + "name": "function", + "schema": { + "description": "FunctionName is used to filter by function name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Runtime is used to filter by runtime.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Runtime is used to filter by runtime.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "in": "query", + "name": "ns", + "schema": { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AppIDs is the app embedded appID filter.\n", + "in": "query", + "name": "appID", + "schema": { + "description": "AppIDs is the app embedded appID filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Subnets is the source IPs filter.\n", + "in": "query", + "name": "subnet", + "schema": { + "description": "Subnets is the source IPs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ConnectingIPs is the connecting IPs filter.\n", + "in": "query", + "name": "connectingIPs", + "schema": { + "description": "ConnectingIPs is the connecting IPs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Countries is the source IP country filter.\n", + "in": "query", + "name": "country", + "schema": { + "description": "Countries is the source IP country filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "UserAgents is the user agent header filter.\n", + "in": "query", + "name": "userAgentHeader", + "schema": { + "description": "UserAgents is the user agent header filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "URLs is the URL filter.\n", + "in": "query", + "name": "url", + "schema": { + "description": "URLs is the URL filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestHosts is the request host filter.\n", + "in": "query", + "name": "requestHost", + "schema": { + "description": "RequestHosts is the request host filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Paths is the URL path filter.\n", + "in": "query", + "name": "urlPath", + "schema": { + "description": "Paths is the URL path filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Queries is the URL query filter.\n", + "in": "query", + "name": "urlQuery", + "schema": { + "description": "Queries is the URL query filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Methods is the request method filter.\n", + "in": "query", + "name": "method", + "schema": { + "description": "Methods is the request method filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestHeaderNames is the request header names filter.\n", + "in": "query", + "name": "requestHeaderNames", + "schema": { + "description": "RequestHeaderNames is the request header names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OS is the OS filter.\n", + "in": "query", + "name": "os", + "schema": { + "description": "OS is the OS filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Messages is the audit message text filter.\n", + "in": "query", + "name": "msg", + "schema": { + "description": "Messages is the audit message text filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Cluster is the audit cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Cluster is the audit cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Aggregate indicates whether the result audits should be aggregated according to the Select field.\n", + "in": "query", + "name": "aggregate", + "schema": { + "type": "boolean" + } + }, + { + "description": "Protections is the firewall audit protection type filter.\n", + "in": "query", + "name": "protection", + "schema": { + "description": "Protections is the firewall audit protection type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "EventID is the event IDs filter.\n", + "in": "query", + "name": "eventID", + "schema": { + "description": "EventID is the event IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OWASPTop10 is the OWASP top 10 filter.\n", + "in": "query", + "name": "owaspTop10", + "schema": { + "description": "OWASPTop10 is the OWASP top 10 filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OWASPAPITop10 is the OWASP API top 10 filter.\n", + "in": "query", + "name": "owaspAPITop10", + "schema": { + "description": "OWASPAPITop10 is the OWASP API top 10 filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AdditionalHash is used to filter by the additional hash value.\n", + "in": "query", + "name": "additionalHash", + "schema": { + "description": "AdditionalHash is used to filter by the additional hash value.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ModelPath is used to filter by the API model path.\n", + "in": "query", + "name": "modelPath", + "schema": { + "description": "ModelPath is used to filter by the API model path.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.AppFirewallAudit" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorWAAS" + }, + "operationId": "get-audits-firewall-app-agentless", + "summary": "Get WAAS Agentless Audit Events" + } + }, + "/api/v33.03/audits/firewall/app/agentless/download": { + "get": { + "description": { + "$ref": "desc/audits/waas_agentless_download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Images is the image names filter.\n", + "in": "query", + "name": "imageName", + "schema": { + "description": "Images is the image names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Containers is the container names filter.\n", + "in": "query", + "name": "containerName", + "schema": { + "description": "Containers is the container names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hosts is the hostnames filter.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hosts is the hostnames filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RuleNames is the rule names filter.\n", + "in": "query", + "name": "ruleName", + "schema": { + "description": "RuleNames is the rule names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Types is the firewall audit type filter.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Types is the firewall audit type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Effect is used to filter by runtime audit effect.\n", + "in": "query", + "name": "effect", + "schema": { + "type": "string" + } + }, + { + "description": "RuleAppIDs is the rule app IDs filter.\n", + "in": "query", + "name": "ruleAppID", + "schema": { + "description": "RuleAppIDs is the rule app IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "FunctionName is used to filter by function name.\n", + "in": "query", + "name": "function", + "schema": { + "description": "FunctionName is used to filter by function name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Runtime is used to filter by runtime.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Runtime is used to filter by runtime.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "in": "query", + "name": "ns", + "schema": { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AppIDs is the app embedded appID filter.\n", + "in": "query", + "name": "appID", + "schema": { + "description": "AppIDs is the app embedded appID filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Subnets is the source IPs filter.\n", + "in": "query", + "name": "subnet", + "schema": { + "description": "Subnets is the source IPs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ConnectingIPs is the connecting IPs filter.\n", + "in": "query", + "name": "connectingIPs", + "schema": { + "description": "ConnectingIPs is the connecting IPs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Countries is the source IP country filter.\n", + "in": "query", + "name": "country", + "schema": { + "description": "Countries is the source IP country filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "UserAgents is the user agent header filter.\n", + "in": "query", + "name": "userAgentHeader", + "schema": { + "description": "UserAgents is the user agent header filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "URLs is the URL filter.\n", + "in": "query", + "name": "url", + "schema": { + "description": "URLs is the URL filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestHosts is the request host filter.\n", + "in": "query", + "name": "requestHost", + "schema": { + "description": "RequestHosts is the request host filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Paths is the URL path filter.\n", + "in": "query", + "name": "urlPath", + "schema": { + "description": "Paths is the URL path filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Queries is the URL query filter.\n", + "in": "query", + "name": "urlQuery", + "schema": { + "description": "Queries is the URL query filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Methods is the request method filter.\n", + "in": "query", + "name": "method", + "schema": { + "description": "Methods is the request method filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestHeaderNames is the request header names filter.\n", + "in": "query", + "name": "requestHeaderNames", + "schema": { + "description": "RequestHeaderNames is the request header names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OS is the OS filter.\n", + "in": "query", + "name": "os", + "schema": { + "description": "OS is the OS filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Messages is the audit message text filter.\n", + "in": "query", + "name": "msg", + "schema": { + "description": "Messages is the audit message text filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Cluster is the audit cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Cluster is the audit cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Aggregate indicates whether the result audits should be aggregated according to the Select field.\n", + "in": "query", + "name": "aggregate", + "schema": { + "type": "boolean" + } + }, + { + "description": "Protections is the firewall audit protection type filter.\n", + "in": "query", + "name": "protection", + "schema": { + "description": "Protections is the firewall audit protection type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "EventID is the event IDs filter.\n", + "in": "query", + "name": "eventID", + "schema": { + "description": "EventID is the event IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OWASPTop10 is the OWASP top 10 filter.\n", + "in": "query", + "name": "owaspTop10", + "schema": { + "description": "OWASPTop10 is the OWASP top 10 filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OWASPAPITop10 is the OWASP API top 10 filter.\n", + "in": "query", + "name": "owaspAPITop10", + "schema": { + "description": "OWASPAPITop10 is the OWASP API top 10 filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AdditionalHash is used to filter by the additional hash value.\n", + "in": "query", + "name": "additionalHash", + "schema": { + "description": "AdditionalHash is used to filter by the additional hash value.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ModelPath is used to filter by the API model path.\n", + "in": "query", + "name": "modelPath", + "schema": { + "description": "ModelPath is used to filter by the API model path.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorWAAS" + }, + "operationId": "get-audits-firewall-app-agentless-download", + "summary": "Download WAAS Agentless Audit Events" + } + }, + "/api/v33.03/audits/firewall/app/agentless/timeslice": { + "get": { + "description": { + "$ref": "desc/audits/waas_agentless_timeslice_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Images is the image names filter.\n", + "in": "query", + "name": "imageName", + "schema": { + "description": "Images is the image names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Containers is the container names filter.\n", + "in": "query", + "name": "containerName", + "schema": { + "description": "Containers is the container names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hosts is the hostnames filter.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hosts is the hostnames filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RuleNames is the rule names filter.\n", + "in": "query", + "name": "ruleName", + "schema": { + "description": "RuleNames is the rule names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Types is the firewall audit type filter.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Types is the firewall audit type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Effect is used to filter by runtime audit effect.\n", + "in": "query", + "name": "effect", + "schema": { + "type": "string" + } + }, + { + "description": "RuleAppIDs is the rule app IDs filter.\n", + "in": "query", + "name": "ruleAppID", + "schema": { + "description": "RuleAppIDs is the rule app IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "FunctionName is used to filter by function name.\n", + "in": "query", + "name": "function", + "schema": { + "description": "FunctionName is used to filter by function name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Runtime is used to filter by runtime.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Runtime is used to filter by runtime.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "in": "query", + "name": "ns", + "schema": { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AppIDs is the app embedded appID filter.\n", + "in": "query", + "name": "appID", + "schema": { + "description": "AppIDs is the app embedded appID filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Subnets is the source IPs filter.\n", + "in": "query", + "name": "subnet", + "schema": { + "description": "Subnets is the source IPs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ConnectingIPs is the connecting IPs filter.\n", + "in": "query", + "name": "connectingIPs", + "schema": { + "description": "ConnectingIPs is the connecting IPs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Countries is the source IP country filter.\n", + "in": "query", + "name": "country", + "schema": { + "description": "Countries is the source IP country filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "UserAgents is the user agent header filter.\n", + "in": "query", + "name": "userAgentHeader", + "schema": { + "description": "UserAgents is the user agent header filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "URLs is the URL filter.\n", + "in": "query", + "name": "url", + "schema": { + "description": "URLs is the URL filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestHosts is the request host filter.\n", + "in": "query", + "name": "requestHost", + "schema": { + "description": "RequestHosts is the request host filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Paths is the URL path filter.\n", + "in": "query", + "name": "urlPath", + "schema": { + "description": "Paths is the URL path filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Queries is the URL query filter.\n", + "in": "query", + "name": "urlQuery", + "schema": { + "description": "Queries is the URL query filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Methods is the request method filter.\n", + "in": "query", + "name": "method", + "schema": { + "description": "Methods is the request method filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestHeaderNames is the request header names filter.\n", + "in": "query", + "name": "requestHeaderNames", + "schema": { + "description": "RequestHeaderNames is the request header names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OS is the OS filter.\n", + "in": "query", + "name": "os", + "schema": { + "description": "OS is the OS filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Messages is the audit message text filter.\n", + "in": "query", + "name": "msg", + "schema": { + "description": "Messages is the audit message text filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Cluster is the audit cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Cluster is the audit cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Aggregate indicates whether the result audits should be aggregated according to the Select field.\n", + "in": "query", + "name": "aggregate", + "schema": { + "type": "boolean" + } + }, + { + "description": "Protections is the firewall audit protection type filter.\n", + "in": "query", + "name": "protection", + "schema": { + "description": "Protections is the firewall audit protection type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "EventID is the event IDs filter.\n", + "in": "query", + "name": "eventID", + "schema": { + "description": "EventID is the event IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OWASPTop10 is the OWASP top 10 filter.\n", + "in": "query", + "name": "owaspTop10", + "schema": { + "description": "OWASPTop10 is the OWASP top 10 filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OWASPAPITop10 is the OWASP API top 10 filter.\n", + "in": "query", + "name": "owaspAPITop10", + "schema": { + "description": "OWASPAPITop10 is the OWASP API top 10 filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AdditionalHash is used to filter by the additional hash value.\n", + "in": "query", + "name": "additionalHash", + "schema": { + "description": "AdditionalHash is used to filter by the additional hash value.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ModelPath is used to filter by the API model path.\n", + "in": "query", + "name": "modelPath", + "schema": { + "description": "ModelPath is used to filter by the API model path.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Buckets is the number of buckets to return.\n", + "in": "query", + "name": "buckets", + "schema": { + "type": "integer" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_types.AuditTimeslice" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorWAAS" + }, + "operationId": "get-audits-firewall-app-agentless-timeslice", + "summary": "Get WAAS Agentless Audit Events for a Timeframe" + } + }, + "/api/v33.03/audits/firewall/app/app-embedded": { + "get": { + "description": { + "$ref": "desc/audits/waas_app_embedded_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Images is the image names filter.\n", + "in": "query", + "name": "imageName", + "schema": { + "description": "Images is the image names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Containers is the container names filter.\n", + "in": "query", + "name": "containerName", + "schema": { + "description": "Containers is the container names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hosts is the hostnames filter.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hosts is the hostnames filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RuleNames is the rule names filter.\n", + "in": "query", + "name": "ruleName", + "schema": { + "description": "RuleNames is the rule names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Types is the firewall audit type filter.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Types is the firewall audit type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Effect is used to filter by runtime audit effect.\n", + "in": "query", + "name": "effect", + "schema": { + "type": "string" + } + }, + { + "description": "RuleAppIDs is the rule app IDs filter.\n", + "in": "query", + "name": "ruleAppID", + "schema": { + "description": "RuleAppIDs is the rule app IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "FunctionName is used to filter by function name.\n", + "in": "query", + "name": "function", + "schema": { + "description": "FunctionName is used to filter by function name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Runtime is used to filter by runtime.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Runtime is used to filter by runtime.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "in": "query", + "name": "ns", + "schema": { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AppIDs is the app embedded appID filter.\n", + "in": "query", + "name": "appID", + "schema": { + "description": "AppIDs is the app embedded appID filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Subnets is the source IPs filter.\n", + "in": "query", + "name": "subnet", + "schema": { + "description": "Subnets is the source IPs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ConnectingIPs is the connecting IPs filter.\n", + "in": "query", + "name": "connectingIPs", + "schema": { + "description": "ConnectingIPs is the connecting IPs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Countries is the source IP country filter.\n", + "in": "query", + "name": "country", + "schema": { + "description": "Countries is the source IP country filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "UserAgents is the user agent header filter.\n", + "in": "query", + "name": "userAgentHeader", + "schema": { + "description": "UserAgents is the user agent header filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "URLs is the URL filter.\n", + "in": "query", + "name": "url", + "schema": { + "description": "URLs is the URL filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestHosts is the request host filter.\n", + "in": "query", + "name": "requestHost", + "schema": { + "description": "RequestHosts is the request host filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Paths is the URL path filter.\n", + "in": "query", + "name": "urlPath", + "schema": { + "description": "Paths is the URL path filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Queries is the URL query filter.\n", + "in": "query", + "name": "urlQuery", + "schema": { + "description": "Queries is the URL query filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Methods is the request method filter.\n", + "in": "query", + "name": "method", + "schema": { + "description": "Methods is the request method filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestHeaderNames is the request header names filter.\n", + "in": "query", + "name": "requestHeaderNames", + "schema": { + "description": "RequestHeaderNames is the request header names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OS is the OS filter.\n", + "in": "query", + "name": "os", + "schema": { + "description": "OS is the OS filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Messages is the audit message text filter.\n", + "in": "query", + "name": "msg", + "schema": { + "description": "Messages is the audit message text filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Cluster is the audit cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Cluster is the audit cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Aggregate indicates whether the result audits should be aggregated according to the Select field.\n", + "in": "query", + "name": "aggregate", + "schema": { + "type": "boolean" + } + }, + { + "description": "Protections is the firewall audit protection type filter.\n", + "in": "query", + "name": "protection", + "schema": { + "description": "Protections is the firewall audit protection type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "EventID is the event IDs filter.\n", + "in": "query", + "name": "eventID", + "schema": { + "description": "EventID is the event IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OWASPTop10 is the OWASP top 10 filter.\n", + "in": "query", + "name": "owaspTop10", + "schema": { + "description": "OWASPTop10 is the OWASP top 10 filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OWASPAPITop10 is the OWASP API top 10 filter.\n", + "in": "query", + "name": "owaspAPITop10", + "schema": { + "description": "OWASPAPITop10 is the OWASP API top 10 filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AdditionalHash is used to filter by the additional hash value.\n", + "in": "query", + "name": "additionalHash", + "schema": { + "description": "AdditionalHash is used to filter by the additional hash value.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ModelPath is used to filter by the API model path.\n", + "in": "query", + "name": "modelPath", + "schema": { + "description": "ModelPath is used to filter by the API model path.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.AppFirewallAudit" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorWAAS" + }, + "operationId": "get-audits-firewall-app-app-embedded", + "summary": "Get WAAS App-embedded Audit Events" + } + }, + "/api/v33.03/audits/firewall/app/app-embedded/download": { + "get": { + "description": { + "$ref": "desc/audits/waas_app_embedded_download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Images is the image names filter.\n", + "in": "query", + "name": "imageName", + "schema": { + "description": "Images is the image names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Containers is the container names filter.\n", + "in": "query", + "name": "containerName", + "schema": { + "description": "Containers is the container names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hosts is the hostnames filter.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hosts is the hostnames filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RuleNames is the rule names filter.\n", + "in": "query", + "name": "ruleName", + "schema": { + "description": "RuleNames is the rule names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Types is the firewall audit type filter.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Types is the firewall audit type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Effect is used to filter by runtime audit effect.\n", + "in": "query", + "name": "effect", + "schema": { + "type": "string" + } + }, + { + "description": "RuleAppIDs is the rule app IDs filter.\n", + "in": "query", + "name": "ruleAppID", + "schema": { + "description": "RuleAppIDs is the rule app IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "FunctionName is used to filter by function name.\n", + "in": "query", + "name": "function", + "schema": { + "description": "FunctionName is used to filter by function name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Runtime is used to filter by runtime.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Runtime is used to filter by runtime.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "in": "query", + "name": "ns", + "schema": { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AppIDs is the app embedded appID filter.\n", + "in": "query", + "name": "appID", + "schema": { + "description": "AppIDs is the app embedded appID filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Subnets is the source IPs filter.\n", + "in": "query", + "name": "subnet", + "schema": { + "description": "Subnets is the source IPs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ConnectingIPs is the connecting IPs filter.\n", + "in": "query", + "name": "connectingIPs", + "schema": { + "description": "ConnectingIPs is the connecting IPs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Countries is the source IP country filter.\n", + "in": "query", + "name": "country", + "schema": { + "description": "Countries is the source IP country filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "UserAgents is the user agent header filter.\n", + "in": "query", + "name": "userAgentHeader", + "schema": { + "description": "UserAgents is the user agent header filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "URLs is the URL filter.\n", + "in": "query", + "name": "url", + "schema": { + "description": "URLs is the URL filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestHosts is the request host filter.\n", + "in": "query", + "name": "requestHost", + "schema": { + "description": "RequestHosts is the request host filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Paths is the URL path filter.\n", + "in": "query", + "name": "urlPath", + "schema": { + "description": "Paths is the URL path filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Queries is the URL query filter.\n", + "in": "query", + "name": "urlQuery", + "schema": { + "description": "Queries is the URL query filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Methods is the request method filter.\n", + "in": "query", + "name": "method", + "schema": { + "description": "Methods is the request method filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestHeaderNames is the request header names filter.\n", + "in": "query", + "name": "requestHeaderNames", + "schema": { + "description": "RequestHeaderNames is the request header names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OS is the OS filter.\n", + "in": "query", + "name": "os", + "schema": { + "description": "OS is the OS filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Messages is the audit message text filter.\n", + "in": "query", + "name": "msg", + "schema": { + "description": "Messages is the audit message text filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Cluster is the audit cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Cluster is the audit cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Aggregate indicates whether the result audits should be aggregated according to the Select field.\n", + "in": "query", + "name": "aggregate", + "schema": { + "type": "boolean" + } + }, + { + "description": "Protections is the firewall audit protection type filter.\n", + "in": "query", + "name": "protection", + "schema": { + "description": "Protections is the firewall audit protection type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "EventID is the event IDs filter.\n", + "in": "query", + "name": "eventID", + "schema": { + "description": "EventID is the event IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OWASPTop10 is the OWASP top 10 filter.\n", + "in": "query", + "name": "owaspTop10", + "schema": { + "description": "OWASPTop10 is the OWASP top 10 filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OWASPAPITop10 is the OWASP API top 10 filter.\n", + "in": "query", + "name": "owaspAPITop10", + "schema": { + "description": "OWASPAPITop10 is the OWASP API top 10 filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AdditionalHash is used to filter by the additional hash value.\n", + "in": "query", + "name": "additionalHash", + "schema": { + "description": "AdditionalHash is used to filter by the additional hash value.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ModelPath is used to filter by the API model path.\n", + "in": "query", + "name": "modelPath", + "schema": { + "description": "ModelPath is used to filter by the API model path.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorWAAS" + }, + "operationId": "get-audits-firewall-app-app-embedded-download", + "summary": "Download WAAS App-embedded Audit Events" + } + }, + "/api/v33.03/audits/firewall/app/app-embedded/timeslice": { + "get": { + "description": { + "$ref": "desc/audits/waas_app_embedded_timeslice_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Images is the image names filter.\n", + "in": "query", + "name": "imageName", + "schema": { + "description": "Images is the image names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Containers is the container names filter.\n", + "in": "query", + "name": "containerName", + "schema": { + "description": "Containers is the container names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hosts is the hostnames filter.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hosts is the hostnames filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RuleNames is the rule names filter.\n", + "in": "query", + "name": "ruleName", + "schema": { + "description": "RuleNames is the rule names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Types is the firewall audit type filter.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Types is the firewall audit type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Effect is used to filter by runtime audit effect.\n", + "in": "query", + "name": "effect", + "schema": { + "type": "string" + } + }, + { + "description": "RuleAppIDs is the rule app IDs filter.\n", + "in": "query", + "name": "ruleAppID", + "schema": { + "description": "RuleAppIDs is the rule app IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "FunctionName is used to filter by function name.\n", + "in": "query", + "name": "function", + "schema": { + "description": "FunctionName is used to filter by function name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Runtime is used to filter by runtime.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Runtime is used to filter by runtime.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "in": "query", + "name": "ns", + "schema": { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AppIDs is the app embedded appID filter.\n", + "in": "query", + "name": "appID", + "schema": { + "description": "AppIDs is the app embedded appID filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Subnets is the source IPs filter.\n", + "in": "query", + "name": "subnet", + "schema": { + "description": "Subnets is the source IPs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ConnectingIPs is the connecting IPs filter.\n", + "in": "query", + "name": "connectingIPs", + "schema": { + "description": "ConnectingIPs is the connecting IPs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Countries is the source IP country filter.\n", + "in": "query", + "name": "country", + "schema": { + "description": "Countries is the source IP country filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "UserAgents is the user agent header filter.\n", + "in": "query", + "name": "userAgentHeader", + "schema": { + "description": "UserAgents is the user agent header filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "URLs is the URL filter.\n", + "in": "query", + "name": "url", + "schema": { + "description": "URLs is the URL filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestHosts is the request host filter.\n", + "in": "query", + "name": "requestHost", + "schema": { + "description": "RequestHosts is the request host filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Paths is the URL path filter.\n", + "in": "query", + "name": "urlPath", + "schema": { + "description": "Paths is the URL path filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Queries is the URL query filter.\n", + "in": "query", + "name": "urlQuery", + "schema": { + "description": "Queries is the URL query filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Methods is the request method filter.\n", + "in": "query", + "name": "method", + "schema": { + "description": "Methods is the request method filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestHeaderNames is the request header names filter.\n", + "in": "query", + "name": "requestHeaderNames", + "schema": { + "description": "RequestHeaderNames is the request header names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OS is the OS filter.\n", + "in": "query", + "name": "os", + "schema": { + "description": "OS is the OS filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Messages is the audit message text filter.\n", + "in": "query", + "name": "msg", + "schema": { + "description": "Messages is the audit message text filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Cluster is the audit cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Cluster is the audit cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Aggregate indicates whether the result audits should be aggregated according to the Select field.\n", + "in": "query", + "name": "aggregate", + "schema": { + "type": "boolean" + } + }, + { + "description": "Protections is the firewall audit protection type filter.\n", + "in": "query", + "name": "protection", + "schema": { + "description": "Protections is the firewall audit protection type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "EventID is the event IDs filter.\n", + "in": "query", + "name": "eventID", + "schema": { + "description": "EventID is the event IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OWASPTop10 is the OWASP top 10 filter.\n", + "in": "query", + "name": "owaspTop10", + "schema": { + "description": "OWASPTop10 is the OWASP top 10 filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OWASPAPITop10 is the OWASP API top 10 filter.\n", + "in": "query", + "name": "owaspAPITop10", + "schema": { + "description": "OWASPAPITop10 is the OWASP API top 10 filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AdditionalHash is used to filter by the additional hash value.\n", + "in": "query", + "name": "additionalHash", + "schema": { + "description": "AdditionalHash is used to filter by the additional hash value.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ModelPath is used to filter by the API model path.\n", + "in": "query", + "name": "modelPath", + "schema": { + "description": "ModelPath is used to filter by the API model path.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Buckets is the number of buckets to return.\n", + "in": "query", + "name": "buckets", + "schema": { + "type": "integer" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_types.AuditTimeslice" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorWAAS" + }, + "operationId": "get-audits-firewall-app-app-embedded-timeslice", + "summary": "Get WAAS App-embedded Audit Events for a Timeframe" + } + }, + "/api/v33.03/audits/firewall/app/container": { + "get": { + "description": { + "$ref": "desc/audits/waas_container_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Images is the image names filter.\n", + "in": "query", + "name": "imageName", + "schema": { + "description": "Images is the image names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Containers is the container names filter.\n", + "in": "query", + "name": "containerName", + "schema": { + "description": "Containers is the container names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hosts is the hostnames filter.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hosts is the hostnames filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RuleNames is the rule names filter.\n", + "in": "query", + "name": "ruleName", + "schema": { + "description": "RuleNames is the rule names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Types is the firewall audit type filter.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Types is the firewall audit type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Effect is used to filter by runtime audit effect.\n", + "in": "query", + "name": "effect", + "schema": { + "type": "string" + } + }, + { + "description": "RuleAppIDs is the rule app IDs filter.\n", + "in": "query", + "name": "ruleAppID", + "schema": { + "description": "RuleAppIDs is the rule app IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "FunctionName is used to filter by function name.\n", + "in": "query", + "name": "function", + "schema": { + "description": "FunctionName is used to filter by function name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Runtime is used to filter by runtime.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Runtime is used to filter by runtime.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "in": "query", + "name": "ns", + "schema": { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AppIDs is the app embedded appID filter.\n", + "in": "query", + "name": "appID", + "schema": { + "description": "AppIDs is the app embedded appID filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Subnets is the source IPs filter.\n", + "in": "query", + "name": "subnet", + "schema": { + "description": "Subnets is the source IPs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ConnectingIPs is the connecting IPs filter.\n", + "in": "query", + "name": "connectingIPs", + "schema": { + "description": "ConnectingIPs is the connecting IPs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Countries is the source IP country filter.\n", + "in": "query", + "name": "country", + "schema": { + "description": "Countries is the source IP country filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "UserAgents is the user agent header filter.\n", + "in": "query", + "name": "userAgentHeader", + "schema": { + "description": "UserAgents is the user agent header filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "URLs is the URL filter.\n", + "in": "query", + "name": "url", + "schema": { + "description": "URLs is the URL filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestHosts is the request host filter.\n", + "in": "query", + "name": "requestHost", + "schema": { + "description": "RequestHosts is the request host filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Paths is the URL path filter.\n", + "in": "query", + "name": "urlPath", + "schema": { + "description": "Paths is the URL path filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Queries is the URL query filter.\n", + "in": "query", + "name": "urlQuery", + "schema": { + "description": "Queries is the URL query filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Methods is the request method filter.\n", + "in": "query", + "name": "method", + "schema": { + "description": "Methods is the request method filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestHeaderNames is the request header names filter.\n", + "in": "query", + "name": "requestHeaderNames", + "schema": { + "description": "RequestHeaderNames is the request header names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OS is the OS filter.\n", + "in": "query", + "name": "os", + "schema": { + "description": "OS is the OS filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Messages is the audit message text filter.\n", + "in": "query", + "name": "msg", + "schema": { + "description": "Messages is the audit message text filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Cluster is the audit cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Cluster is the audit cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Aggregate indicates whether the result audits should be aggregated according to the Select field.\n", + "in": "query", + "name": "aggregate", + "schema": { + "type": "boolean" + } + }, + { + "description": "Protections is the firewall audit protection type filter.\n", + "in": "query", + "name": "protection", + "schema": { + "description": "Protections is the firewall audit protection type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "EventID is the event IDs filter.\n", + "in": "query", + "name": "eventID", + "schema": { + "description": "EventID is the event IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OWASPTop10 is the OWASP top 10 filter.\n", + "in": "query", + "name": "owaspTop10", + "schema": { + "description": "OWASPTop10 is the OWASP top 10 filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OWASPAPITop10 is the OWASP API top 10 filter.\n", + "in": "query", + "name": "owaspAPITop10", + "schema": { + "description": "OWASPAPITop10 is the OWASP API top 10 filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AdditionalHash is used to filter by the additional hash value.\n", + "in": "query", + "name": "additionalHash", + "schema": { + "description": "AdditionalHash is used to filter by the additional hash value.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ModelPath is used to filter by the API model path.\n", + "in": "query", + "name": "modelPath", + "schema": { + "description": "ModelPath is used to filter by the API model path.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.AppFirewallAudit" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorWAAS" + }, + "operationId": "get-audits-firewall-app-container", + "summary": "Get WAAS Container Audit Events" + } + }, + "/api/v33.03/audits/firewall/app/container/download": { + "get": { + "description": { + "$ref": "desc/audits/waas_container_download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Images is the image names filter.\n", + "in": "query", + "name": "imageName", + "schema": { + "description": "Images is the image names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Containers is the container names filter.\n", + "in": "query", + "name": "containerName", + "schema": { + "description": "Containers is the container names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hosts is the hostnames filter.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hosts is the hostnames filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RuleNames is the rule names filter.\n", + "in": "query", + "name": "ruleName", + "schema": { + "description": "RuleNames is the rule names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Types is the firewall audit type filter.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Types is the firewall audit type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Effect is used to filter by runtime audit effect.\n", + "in": "query", + "name": "effect", + "schema": { + "type": "string" + } + }, + { + "description": "RuleAppIDs is the rule app IDs filter.\n", + "in": "query", + "name": "ruleAppID", + "schema": { + "description": "RuleAppIDs is the rule app IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "FunctionName is used to filter by function name.\n", + "in": "query", + "name": "function", + "schema": { + "description": "FunctionName is used to filter by function name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Runtime is used to filter by runtime.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Runtime is used to filter by runtime.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "in": "query", + "name": "ns", + "schema": { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AppIDs is the app embedded appID filter.\n", + "in": "query", + "name": "appID", + "schema": { + "description": "AppIDs is the app embedded appID filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Subnets is the source IPs filter.\n", + "in": "query", + "name": "subnet", + "schema": { + "description": "Subnets is the source IPs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ConnectingIPs is the connecting IPs filter.\n", + "in": "query", + "name": "connectingIPs", + "schema": { + "description": "ConnectingIPs is the connecting IPs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Countries is the source IP country filter.\n", + "in": "query", + "name": "country", + "schema": { + "description": "Countries is the source IP country filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "UserAgents is the user agent header filter.\n", + "in": "query", + "name": "userAgentHeader", + "schema": { + "description": "UserAgents is the user agent header filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "URLs is the URL filter.\n", + "in": "query", + "name": "url", + "schema": { + "description": "URLs is the URL filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestHosts is the request host filter.\n", + "in": "query", + "name": "requestHost", + "schema": { + "description": "RequestHosts is the request host filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Paths is the URL path filter.\n", + "in": "query", + "name": "urlPath", + "schema": { + "description": "Paths is the URL path filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Queries is the URL query filter.\n", + "in": "query", + "name": "urlQuery", + "schema": { + "description": "Queries is the URL query filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Methods is the request method filter.\n", + "in": "query", + "name": "method", + "schema": { + "description": "Methods is the request method filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestHeaderNames is the request header names filter.\n", + "in": "query", + "name": "requestHeaderNames", + "schema": { + "description": "RequestHeaderNames is the request header names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OS is the OS filter.\n", + "in": "query", + "name": "os", + "schema": { + "description": "OS is the OS filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Messages is the audit message text filter.\n", + "in": "query", + "name": "msg", + "schema": { + "description": "Messages is the audit message text filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Cluster is the audit cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Cluster is the audit cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Aggregate indicates whether the result audits should be aggregated according to the Select field.\n", + "in": "query", + "name": "aggregate", + "schema": { + "type": "boolean" + } + }, + { + "description": "Protections is the firewall audit protection type filter.\n", + "in": "query", + "name": "protection", + "schema": { + "description": "Protections is the firewall audit protection type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "EventID is the event IDs filter.\n", + "in": "query", + "name": "eventID", + "schema": { + "description": "EventID is the event IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OWASPTop10 is the OWASP top 10 filter.\n", + "in": "query", + "name": "owaspTop10", + "schema": { + "description": "OWASPTop10 is the OWASP top 10 filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OWASPAPITop10 is the OWASP API top 10 filter.\n", + "in": "query", + "name": "owaspAPITop10", + "schema": { + "description": "OWASPAPITop10 is the OWASP API top 10 filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AdditionalHash is used to filter by the additional hash value.\n", + "in": "query", + "name": "additionalHash", + "schema": { + "description": "AdditionalHash is used to filter by the additional hash value.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ModelPath is used to filter by the API model path.\n", + "in": "query", + "name": "modelPath", + "schema": { + "description": "ModelPath is used to filter by the API model path.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorWAAS" + }, + "operationId": "get-audits-firewall-app-container-download", + "summary": "Download WAAS Container Audit Events" + } + }, + "/api/v33.03/audits/firewall/app/container/timeslice": { + "get": { + "description": { + "$ref": "desc/audits/waas_container_timeslice_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Images is the image names filter.\n", + "in": "query", + "name": "imageName", + "schema": { + "description": "Images is the image names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Containers is the container names filter.\n", + "in": "query", + "name": "containerName", + "schema": { + "description": "Containers is the container names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hosts is the hostnames filter.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hosts is the hostnames filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RuleNames is the rule names filter.\n", + "in": "query", + "name": "ruleName", + "schema": { + "description": "RuleNames is the rule names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Types is the firewall audit type filter.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Types is the firewall audit type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Effect is used to filter by runtime audit effect.\n", + "in": "query", + "name": "effect", + "schema": { + "type": "string" + } + }, + { + "description": "RuleAppIDs is the rule app IDs filter.\n", + "in": "query", + "name": "ruleAppID", + "schema": { + "description": "RuleAppIDs is the rule app IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "FunctionName is used to filter by function name.\n", + "in": "query", + "name": "function", + "schema": { + "description": "FunctionName is used to filter by function name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Runtime is used to filter by runtime.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Runtime is used to filter by runtime.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "in": "query", + "name": "ns", + "schema": { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AppIDs is the app embedded appID filter.\n", + "in": "query", + "name": "appID", + "schema": { + "description": "AppIDs is the app embedded appID filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Subnets is the source IPs filter.\n", + "in": "query", + "name": "subnet", + "schema": { + "description": "Subnets is the source IPs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ConnectingIPs is the connecting IPs filter.\n", + "in": "query", + "name": "connectingIPs", + "schema": { + "description": "ConnectingIPs is the connecting IPs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Countries is the source IP country filter.\n", + "in": "query", + "name": "country", + "schema": { + "description": "Countries is the source IP country filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "UserAgents is the user agent header filter.\n", + "in": "query", + "name": "userAgentHeader", + "schema": { + "description": "UserAgents is the user agent header filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "URLs is the URL filter.\n", + "in": "query", + "name": "url", + "schema": { + "description": "URLs is the URL filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestHosts is the request host filter.\n", + "in": "query", + "name": "requestHost", + "schema": { + "description": "RequestHosts is the request host filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Paths is the URL path filter.\n", + "in": "query", + "name": "urlPath", + "schema": { + "description": "Paths is the URL path filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Queries is the URL query filter.\n", + "in": "query", + "name": "urlQuery", + "schema": { + "description": "Queries is the URL query filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Methods is the request method filter.\n", + "in": "query", + "name": "method", + "schema": { + "description": "Methods is the request method filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestHeaderNames is the request header names filter.\n", + "in": "query", + "name": "requestHeaderNames", + "schema": { + "description": "RequestHeaderNames is the request header names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OS is the OS filter.\n", + "in": "query", + "name": "os", + "schema": { + "description": "OS is the OS filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Messages is the audit message text filter.\n", + "in": "query", + "name": "msg", + "schema": { + "description": "Messages is the audit message text filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Cluster is the audit cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Cluster is the audit cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Aggregate indicates whether the result audits should be aggregated according to the Select field.\n", + "in": "query", + "name": "aggregate", + "schema": { + "type": "boolean" + } + }, + { + "description": "Protections is the firewall audit protection type filter.\n", + "in": "query", + "name": "protection", + "schema": { + "description": "Protections is the firewall audit protection type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "EventID is the event IDs filter.\n", + "in": "query", + "name": "eventID", + "schema": { + "description": "EventID is the event IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OWASPTop10 is the OWASP top 10 filter.\n", + "in": "query", + "name": "owaspTop10", + "schema": { + "description": "OWASPTop10 is the OWASP top 10 filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OWASPAPITop10 is the OWASP API top 10 filter.\n", + "in": "query", + "name": "owaspAPITop10", + "schema": { + "description": "OWASPAPITop10 is the OWASP API top 10 filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AdditionalHash is used to filter by the additional hash value.\n", + "in": "query", + "name": "additionalHash", + "schema": { + "description": "AdditionalHash is used to filter by the additional hash value.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ModelPath is used to filter by the API model path.\n", + "in": "query", + "name": "modelPath", + "schema": { + "description": "ModelPath is used to filter by the API model path.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Buckets is the number of buckets to return.\n", + "in": "query", + "name": "buckets", + "schema": { + "type": "integer" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_types.AuditTimeslice" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorWAAS" + }, + "operationId": "get-audits-firewall-app-container-timeslice", + "summary": "Get WAAS Container Audit Timeslice" + } + }, + "/api/v33.03/audits/firewall/app/host": { + "get": { + "description": { + "$ref": "desc/audits/waas_host_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Images is the image names filter.\n", + "in": "query", + "name": "imageName", + "schema": { + "description": "Images is the image names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Containers is the container names filter.\n", + "in": "query", + "name": "containerName", + "schema": { + "description": "Containers is the container names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hosts is the hostnames filter.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hosts is the hostnames filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RuleNames is the rule names filter.\n", + "in": "query", + "name": "ruleName", + "schema": { + "description": "RuleNames is the rule names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Types is the firewall audit type filter.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Types is the firewall audit type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Effect is used to filter by runtime audit effect.\n", + "in": "query", + "name": "effect", + "schema": { + "type": "string" + } + }, + { + "description": "RuleAppIDs is the rule app IDs filter.\n", + "in": "query", + "name": "ruleAppID", + "schema": { + "description": "RuleAppIDs is the rule app IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "FunctionName is used to filter by function name.\n", + "in": "query", + "name": "function", + "schema": { + "description": "FunctionName is used to filter by function name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Runtime is used to filter by runtime.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Runtime is used to filter by runtime.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "in": "query", + "name": "ns", + "schema": { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AppIDs is the app embedded appID filter.\n", + "in": "query", + "name": "appID", + "schema": { + "description": "AppIDs is the app embedded appID filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Subnets is the source IPs filter.\n", + "in": "query", + "name": "subnet", + "schema": { + "description": "Subnets is the source IPs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ConnectingIPs is the connecting IPs filter.\n", + "in": "query", + "name": "connectingIPs", + "schema": { + "description": "ConnectingIPs is the connecting IPs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Countries is the source IP country filter.\n", + "in": "query", + "name": "country", + "schema": { + "description": "Countries is the source IP country filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "UserAgents is the user agent header filter.\n", + "in": "query", + "name": "userAgentHeader", + "schema": { + "description": "UserAgents is the user agent header filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "URLs is the URL filter.\n", + "in": "query", + "name": "url", + "schema": { + "description": "URLs is the URL filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestHosts is the request host filter.\n", + "in": "query", + "name": "requestHost", + "schema": { + "description": "RequestHosts is the request host filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Paths is the URL path filter.\n", + "in": "query", + "name": "urlPath", + "schema": { + "description": "Paths is the URL path filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Queries is the URL query filter.\n", + "in": "query", + "name": "urlQuery", + "schema": { + "description": "Queries is the URL query filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Methods is the request method filter.\n", + "in": "query", + "name": "method", + "schema": { + "description": "Methods is the request method filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestHeaderNames is the request header names filter.\n", + "in": "query", + "name": "requestHeaderNames", + "schema": { + "description": "RequestHeaderNames is the request header names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OS is the OS filter.\n", + "in": "query", + "name": "os", + "schema": { + "description": "OS is the OS filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Messages is the audit message text filter.\n", + "in": "query", + "name": "msg", + "schema": { + "description": "Messages is the audit message text filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Cluster is the audit cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Cluster is the audit cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Aggregate indicates whether the result audits should be aggregated according to the Select field.\n", + "in": "query", + "name": "aggregate", + "schema": { + "type": "boolean" + } + }, + { + "description": "Protections is the firewall audit protection type filter.\n", + "in": "query", + "name": "protection", + "schema": { + "description": "Protections is the firewall audit protection type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "EventID is the event IDs filter.\n", + "in": "query", + "name": "eventID", + "schema": { + "description": "EventID is the event IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OWASPTop10 is the OWASP top 10 filter.\n", + "in": "query", + "name": "owaspTop10", + "schema": { + "description": "OWASPTop10 is the OWASP top 10 filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OWASPAPITop10 is the OWASP API top 10 filter.\n", + "in": "query", + "name": "owaspAPITop10", + "schema": { + "description": "OWASPAPITop10 is the OWASP API top 10 filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AdditionalHash is used to filter by the additional hash value.\n", + "in": "query", + "name": "additionalHash", + "schema": { + "description": "AdditionalHash is used to filter by the additional hash value.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ModelPath is used to filter by the API model path.\n", + "in": "query", + "name": "modelPath", + "schema": { + "description": "ModelPath is used to filter by the API model path.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.AppFirewallAudit" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorWAAS" + }, + "operationId": "get-audits-firewall-app-host", + "summary": "Get WAAS Host Audit Events" + } + }, + "/api/v33.03/audits/firewall/app/host/download": { + "get": { + "description": { + "$ref": "desc/audits/waas_host_download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Images is the image names filter.\n", + "in": "query", + "name": "imageName", + "schema": { + "description": "Images is the image names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Containers is the container names filter.\n", + "in": "query", + "name": "containerName", + "schema": { + "description": "Containers is the container names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hosts is the hostnames filter.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hosts is the hostnames filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RuleNames is the rule names filter.\n", + "in": "query", + "name": "ruleName", + "schema": { + "description": "RuleNames is the rule names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Types is the firewall audit type filter.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Types is the firewall audit type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Effect is used to filter by runtime audit effect.\n", + "in": "query", + "name": "effect", + "schema": { + "type": "string" + } + }, + { + "description": "RuleAppIDs is the rule app IDs filter.\n", + "in": "query", + "name": "ruleAppID", + "schema": { + "description": "RuleAppIDs is the rule app IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "FunctionName is used to filter by function name.\n", + "in": "query", + "name": "function", + "schema": { + "description": "FunctionName is used to filter by function name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Runtime is used to filter by runtime.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Runtime is used to filter by runtime.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "in": "query", + "name": "ns", + "schema": { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AppIDs is the app embedded appID filter.\n", + "in": "query", + "name": "appID", + "schema": { + "description": "AppIDs is the app embedded appID filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Subnets is the source IPs filter.\n", + "in": "query", + "name": "subnet", + "schema": { + "description": "Subnets is the source IPs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ConnectingIPs is the connecting IPs filter.\n", + "in": "query", + "name": "connectingIPs", + "schema": { + "description": "ConnectingIPs is the connecting IPs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Countries is the source IP country filter.\n", + "in": "query", + "name": "country", + "schema": { + "description": "Countries is the source IP country filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "UserAgents is the user agent header filter.\n", + "in": "query", + "name": "userAgentHeader", + "schema": { + "description": "UserAgents is the user agent header filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "URLs is the URL filter.\n", + "in": "query", + "name": "url", + "schema": { + "description": "URLs is the URL filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestHosts is the request host filter.\n", + "in": "query", + "name": "requestHost", + "schema": { + "description": "RequestHosts is the request host filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Paths is the URL path filter.\n", + "in": "query", + "name": "urlPath", + "schema": { + "description": "Paths is the URL path filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Queries is the URL query filter.\n", + "in": "query", + "name": "urlQuery", + "schema": { + "description": "Queries is the URL query filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Methods is the request method filter.\n", + "in": "query", + "name": "method", + "schema": { + "description": "Methods is the request method filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestHeaderNames is the request header names filter.\n", + "in": "query", + "name": "requestHeaderNames", + "schema": { + "description": "RequestHeaderNames is the request header names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OS is the OS filter.\n", + "in": "query", + "name": "os", + "schema": { + "description": "OS is the OS filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Messages is the audit message text filter.\n", + "in": "query", + "name": "msg", + "schema": { + "description": "Messages is the audit message text filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Cluster is the audit cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Cluster is the audit cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Aggregate indicates whether the result audits should be aggregated according to the Select field.\n", + "in": "query", + "name": "aggregate", + "schema": { + "type": "boolean" + } + }, + { + "description": "Protections is the firewall audit protection type filter.\n", + "in": "query", + "name": "protection", + "schema": { + "description": "Protections is the firewall audit protection type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "EventID is the event IDs filter.\n", + "in": "query", + "name": "eventID", + "schema": { + "description": "EventID is the event IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OWASPTop10 is the OWASP top 10 filter.\n", + "in": "query", + "name": "owaspTop10", + "schema": { + "description": "OWASPTop10 is the OWASP top 10 filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OWASPAPITop10 is the OWASP API top 10 filter.\n", + "in": "query", + "name": "owaspAPITop10", + "schema": { + "description": "OWASPAPITop10 is the OWASP API top 10 filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AdditionalHash is used to filter by the additional hash value.\n", + "in": "query", + "name": "additionalHash", + "schema": { + "description": "AdditionalHash is used to filter by the additional hash value.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ModelPath is used to filter by the API model path.\n", + "in": "query", + "name": "modelPath", + "schema": { + "description": "ModelPath is used to filter by the API model path.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorWAAS" + }, + "operationId": "get-audits-firewall-app-host-download", + "summary": "Download WAAS Host Audit Events" + } + }, + "/api/v33.03/audits/firewall/app/host/timeslice": { + "get": { + "description": { + "$ref": "desc/audits/waas_host_timeslice_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Images is the image names filter.\n", + "in": "query", + "name": "imageName", + "schema": { + "description": "Images is the image names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Containers is the container names filter.\n", + "in": "query", + "name": "containerName", + "schema": { + "description": "Containers is the container names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hosts is the hostnames filter.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hosts is the hostnames filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RuleNames is the rule names filter.\n", + "in": "query", + "name": "ruleName", + "schema": { + "description": "RuleNames is the rule names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Types is the firewall audit type filter.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Types is the firewall audit type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Effect is used to filter by runtime audit effect.\n", + "in": "query", + "name": "effect", + "schema": { + "type": "string" + } + }, + { + "description": "RuleAppIDs is the rule app IDs filter.\n", + "in": "query", + "name": "ruleAppID", + "schema": { + "description": "RuleAppIDs is the rule app IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "FunctionName is used to filter by function name.\n", + "in": "query", + "name": "function", + "schema": { + "description": "FunctionName is used to filter by function name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Runtime is used to filter by runtime.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Runtime is used to filter by runtime.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "in": "query", + "name": "ns", + "schema": { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AppIDs is the app embedded appID filter.\n", + "in": "query", + "name": "appID", + "schema": { + "description": "AppIDs is the app embedded appID filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Subnets is the source IPs filter.\n", + "in": "query", + "name": "subnet", + "schema": { + "description": "Subnets is the source IPs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ConnectingIPs is the connecting IPs filter.\n", + "in": "query", + "name": "connectingIPs", + "schema": { + "description": "ConnectingIPs is the connecting IPs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Countries is the source IP country filter.\n", + "in": "query", + "name": "country", + "schema": { + "description": "Countries is the source IP country filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "UserAgents is the user agent header filter.\n", + "in": "query", + "name": "userAgentHeader", + "schema": { + "description": "UserAgents is the user agent header filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "URLs is the URL filter.\n", + "in": "query", + "name": "url", + "schema": { + "description": "URLs is the URL filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestHosts is the request host filter.\n", + "in": "query", + "name": "requestHost", + "schema": { + "description": "RequestHosts is the request host filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Paths is the URL path filter.\n", + "in": "query", + "name": "urlPath", + "schema": { + "description": "Paths is the URL path filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Queries is the URL query filter.\n", + "in": "query", + "name": "urlQuery", + "schema": { + "description": "Queries is the URL query filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Methods is the request method filter.\n", + "in": "query", + "name": "method", + "schema": { + "description": "Methods is the request method filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestHeaderNames is the request header names filter.\n", + "in": "query", + "name": "requestHeaderNames", + "schema": { + "description": "RequestHeaderNames is the request header names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OS is the OS filter.\n", + "in": "query", + "name": "os", + "schema": { + "description": "OS is the OS filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Messages is the audit message text filter.\n", + "in": "query", + "name": "msg", + "schema": { + "description": "Messages is the audit message text filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Cluster is the audit cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Cluster is the audit cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Aggregate indicates whether the result audits should be aggregated according to the Select field.\n", + "in": "query", + "name": "aggregate", + "schema": { + "type": "boolean" + } + }, + { + "description": "Protections is the firewall audit protection type filter.\n", + "in": "query", + "name": "protection", + "schema": { + "description": "Protections is the firewall audit protection type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "EventID is the event IDs filter.\n", + "in": "query", + "name": "eventID", + "schema": { + "description": "EventID is the event IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OWASPTop10 is the OWASP top 10 filter.\n", + "in": "query", + "name": "owaspTop10", + "schema": { + "description": "OWASPTop10 is the OWASP top 10 filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OWASPAPITop10 is the OWASP API top 10 filter.\n", + "in": "query", + "name": "owaspAPITop10", + "schema": { + "description": "OWASPAPITop10 is the OWASP API top 10 filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AdditionalHash is used to filter by the additional hash value.\n", + "in": "query", + "name": "additionalHash", + "schema": { + "description": "AdditionalHash is used to filter by the additional hash value.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ModelPath is used to filter by the API model path.\n", + "in": "query", + "name": "modelPath", + "schema": { + "description": "ModelPath is used to filter by the API model path.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Buckets is the number of buckets to return.\n", + "in": "query", + "name": "buckets", + "schema": { + "type": "integer" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_types.AuditTimeslice" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorWAAS" + }, + "operationId": "get-audits-firewall-app-host-timeslice", + "summary": "Get WAAS Host Audit Timeslice" + } + }, + "/api/v33.03/audits/firewall/app/serverless": { + "get": { + "description": { + "$ref": "desc/audits/waas_serverless_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Images is the image names filter.\n", + "in": "query", + "name": "imageName", + "schema": { + "description": "Images is the image names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Containers is the container names filter.\n", + "in": "query", + "name": "containerName", + "schema": { + "description": "Containers is the container names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hosts is the hostnames filter.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hosts is the hostnames filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RuleNames is the rule names filter.\n", + "in": "query", + "name": "ruleName", + "schema": { + "description": "RuleNames is the rule names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Types is the firewall audit type filter.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Types is the firewall audit type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Effect is used to filter by runtime audit effect.\n", + "in": "query", + "name": "effect", + "schema": { + "type": "string" + } + }, + { + "description": "RuleAppIDs is the rule app IDs filter.\n", + "in": "query", + "name": "ruleAppID", + "schema": { + "description": "RuleAppIDs is the rule app IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "FunctionName is used to filter by function name.\n", + "in": "query", + "name": "function", + "schema": { + "description": "FunctionName is used to filter by function name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Runtime is used to filter by runtime.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Runtime is used to filter by runtime.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "in": "query", + "name": "ns", + "schema": { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AppIDs is the app embedded appID filter.\n", + "in": "query", + "name": "appID", + "schema": { + "description": "AppIDs is the app embedded appID filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Subnets is the source IPs filter.\n", + "in": "query", + "name": "subnet", + "schema": { + "description": "Subnets is the source IPs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ConnectingIPs is the connecting IPs filter.\n", + "in": "query", + "name": "connectingIPs", + "schema": { + "description": "ConnectingIPs is the connecting IPs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Countries is the source IP country filter.\n", + "in": "query", + "name": "country", + "schema": { + "description": "Countries is the source IP country filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "UserAgents is the user agent header filter.\n", + "in": "query", + "name": "userAgentHeader", + "schema": { + "description": "UserAgents is the user agent header filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "URLs is the URL filter.\n", + "in": "query", + "name": "url", + "schema": { + "description": "URLs is the URL filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestHosts is the request host filter.\n", + "in": "query", + "name": "requestHost", + "schema": { + "description": "RequestHosts is the request host filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Paths is the URL path filter.\n", + "in": "query", + "name": "urlPath", + "schema": { + "description": "Paths is the URL path filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Queries is the URL query filter.\n", + "in": "query", + "name": "urlQuery", + "schema": { + "description": "Queries is the URL query filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Methods is the request method filter.\n", + "in": "query", + "name": "method", + "schema": { + "description": "Methods is the request method filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestHeaderNames is the request header names filter.\n", + "in": "query", + "name": "requestHeaderNames", + "schema": { + "description": "RequestHeaderNames is the request header names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OS is the OS filter.\n", + "in": "query", + "name": "os", + "schema": { + "description": "OS is the OS filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Messages is the audit message text filter.\n", + "in": "query", + "name": "msg", + "schema": { + "description": "Messages is the audit message text filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Cluster is the audit cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Cluster is the audit cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Aggregate indicates whether the result audits should be aggregated according to the Select field.\n", + "in": "query", + "name": "aggregate", + "schema": { + "type": "boolean" + } + }, + { + "description": "Protections is the firewall audit protection type filter.\n", + "in": "query", + "name": "protection", + "schema": { + "description": "Protections is the firewall audit protection type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "EventID is the event IDs filter.\n", + "in": "query", + "name": "eventID", + "schema": { + "description": "EventID is the event IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OWASPTop10 is the OWASP top 10 filter.\n", + "in": "query", + "name": "owaspTop10", + "schema": { + "description": "OWASPTop10 is the OWASP top 10 filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OWASPAPITop10 is the OWASP API top 10 filter.\n", + "in": "query", + "name": "owaspAPITop10", + "schema": { + "description": "OWASPAPITop10 is the OWASP API top 10 filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AdditionalHash is used to filter by the additional hash value.\n", + "in": "query", + "name": "additionalHash", + "schema": { + "description": "AdditionalHash is used to filter by the additional hash value.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ModelPath is used to filter by the API model path.\n", + "in": "query", + "name": "modelPath", + "schema": { + "description": "ModelPath is used to filter by the API model path.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.AppFirewallAudit" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorWAAS" + }, + "operationId": "get-audits-firewall-app-serverless", + "summary": "Get WAAS Serverless Audit Events" + } + }, + "/api/v33.03/audits/firewall/app/serverless/download": { + "get": { + "description": { + "$ref": "desc/audits/waas_serverless_download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Images is the image names filter.\n", + "in": "query", + "name": "imageName", + "schema": { + "description": "Images is the image names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Containers is the container names filter.\n", + "in": "query", + "name": "containerName", + "schema": { + "description": "Containers is the container names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hosts is the hostnames filter.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hosts is the hostnames filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RuleNames is the rule names filter.\n", + "in": "query", + "name": "ruleName", + "schema": { + "description": "RuleNames is the rule names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Types is the firewall audit type filter.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Types is the firewall audit type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Effect is used to filter by runtime audit effect.\n", + "in": "query", + "name": "effect", + "schema": { + "type": "string" + } + }, + { + "description": "RuleAppIDs is the rule app IDs filter.\n", + "in": "query", + "name": "ruleAppID", + "schema": { + "description": "RuleAppIDs is the rule app IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "FunctionName is used to filter by function name.\n", + "in": "query", + "name": "function", + "schema": { + "description": "FunctionName is used to filter by function name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Runtime is used to filter by runtime.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Runtime is used to filter by runtime.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "in": "query", + "name": "ns", + "schema": { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AppIDs is the app embedded appID filter.\n", + "in": "query", + "name": "appID", + "schema": { + "description": "AppIDs is the app embedded appID filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Subnets is the source IPs filter.\n", + "in": "query", + "name": "subnet", + "schema": { + "description": "Subnets is the source IPs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ConnectingIPs is the connecting IPs filter.\n", + "in": "query", + "name": "connectingIPs", + "schema": { + "description": "ConnectingIPs is the connecting IPs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Countries is the source IP country filter.\n", + "in": "query", + "name": "country", + "schema": { + "description": "Countries is the source IP country filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "UserAgents is the user agent header filter.\n", + "in": "query", + "name": "userAgentHeader", + "schema": { + "description": "UserAgents is the user agent header filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "URLs is the URL filter.\n", + "in": "query", + "name": "url", + "schema": { + "description": "URLs is the URL filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestHosts is the request host filter.\n", + "in": "query", + "name": "requestHost", + "schema": { + "description": "RequestHosts is the request host filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Paths is the URL path filter.\n", + "in": "query", + "name": "urlPath", + "schema": { + "description": "Paths is the URL path filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Queries is the URL query filter.\n", + "in": "query", + "name": "urlQuery", + "schema": { + "description": "Queries is the URL query filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Methods is the request method filter.\n", + "in": "query", + "name": "method", + "schema": { + "description": "Methods is the request method filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestHeaderNames is the request header names filter.\n", + "in": "query", + "name": "requestHeaderNames", + "schema": { + "description": "RequestHeaderNames is the request header names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OS is the OS filter.\n", + "in": "query", + "name": "os", + "schema": { + "description": "OS is the OS filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Messages is the audit message text filter.\n", + "in": "query", + "name": "msg", + "schema": { + "description": "Messages is the audit message text filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Cluster is the audit cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Cluster is the audit cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Aggregate indicates whether the result audits should be aggregated according to the Select field.\n", + "in": "query", + "name": "aggregate", + "schema": { + "type": "boolean" + } + }, + { + "description": "Protections is the firewall audit protection type filter.\n", + "in": "query", + "name": "protection", + "schema": { + "description": "Protections is the firewall audit protection type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "EventID is the event IDs filter.\n", + "in": "query", + "name": "eventID", + "schema": { + "description": "EventID is the event IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OWASPTop10 is the OWASP top 10 filter.\n", + "in": "query", + "name": "owaspTop10", + "schema": { + "description": "OWASPTop10 is the OWASP top 10 filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OWASPAPITop10 is the OWASP API top 10 filter.\n", + "in": "query", + "name": "owaspAPITop10", + "schema": { + "description": "OWASPAPITop10 is the OWASP API top 10 filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AdditionalHash is used to filter by the additional hash value.\n", + "in": "query", + "name": "additionalHash", + "schema": { + "description": "AdditionalHash is used to filter by the additional hash value.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ModelPath is used to filter by the API model path.\n", + "in": "query", + "name": "modelPath", + "schema": { + "description": "ModelPath is used to filter by the API model path.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorWAAS" + }, + "operationId": "get-audits-firewall-app-serverless-download", + "summary": "Download WAAS Serverless Audit Events" + } + }, + "/api/v33.03/audits/firewall/app/serverless/timeslice": { + "get": { + "description": { + "$ref": "desc/audits/waas_serverless_timeslice_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Images is the image names filter.\n", + "in": "query", + "name": "imageName", + "schema": { + "description": "Images is the image names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Containers is the container names filter.\n", + "in": "query", + "name": "containerName", + "schema": { + "description": "Containers is the container names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hosts is the hostnames filter.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hosts is the hostnames filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RuleNames is the rule names filter.\n", + "in": "query", + "name": "ruleName", + "schema": { + "description": "RuleNames is the rule names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Types is the firewall audit type filter.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Types is the firewall audit type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Effect is used to filter by runtime audit effect.\n", + "in": "query", + "name": "effect", + "schema": { + "type": "string" + } + }, + { + "description": "RuleAppIDs is the rule app IDs filter.\n", + "in": "query", + "name": "ruleAppID", + "schema": { + "description": "RuleAppIDs is the rule app IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "FunctionName is used to filter by function name.\n", + "in": "query", + "name": "function", + "schema": { + "description": "FunctionName is used to filter by function name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Runtime is used to filter by runtime.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Runtime is used to filter by runtime.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "in": "query", + "name": "ns", + "schema": { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AppIDs is the app embedded appID filter.\n", + "in": "query", + "name": "appID", + "schema": { + "description": "AppIDs is the app embedded appID filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Subnets is the source IPs filter.\n", + "in": "query", + "name": "subnet", + "schema": { + "description": "Subnets is the source IPs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ConnectingIPs is the connecting IPs filter.\n", + "in": "query", + "name": "connectingIPs", + "schema": { + "description": "ConnectingIPs is the connecting IPs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Countries is the source IP country filter.\n", + "in": "query", + "name": "country", + "schema": { + "description": "Countries is the source IP country filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "UserAgents is the user agent header filter.\n", + "in": "query", + "name": "userAgentHeader", + "schema": { + "description": "UserAgents is the user agent header filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "URLs is the URL filter.\n", + "in": "query", + "name": "url", + "schema": { + "description": "URLs is the URL filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestHosts is the request host filter.\n", + "in": "query", + "name": "requestHost", + "schema": { + "description": "RequestHosts is the request host filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Paths is the URL path filter.\n", + "in": "query", + "name": "urlPath", + "schema": { + "description": "Paths is the URL path filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Queries is the URL query filter.\n", + "in": "query", + "name": "urlQuery", + "schema": { + "description": "Queries is the URL query filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Methods is the request method filter.\n", + "in": "query", + "name": "method", + "schema": { + "description": "Methods is the request method filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestHeaderNames is the request header names filter.\n", + "in": "query", + "name": "requestHeaderNames", + "schema": { + "description": "RequestHeaderNames is the request header names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OS is the OS filter.\n", + "in": "query", + "name": "os", + "schema": { + "description": "OS is the OS filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Messages is the audit message text filter.\n", + "in": "query", + "name": "msg", + "schema": { + "description": "Messages is the audit message text filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Cluster is the audit cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Cluster is the audit cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Aggregate indicates whether the result audits should be aggregated according to the Select field.\n", + "in": "query", + "name": "aggregate", + "schema": { + "type": "boolean" + } + }, + { + "description": "Protections is the firewall audit protection type filter.\n", + "in": "query", + "name": "protection", + "schema": { + "description": "Protections is the firewall audit protection type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "EventID is the event IDs filter.\n", + "in": "query", + "name": "eventID", + "schema": { + "description": "EventID is the event IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OWASPTop10 is the OWASP top 10 filter.\n", + "in": "query", + "name": "owaspTop10", + "schema": { + "description": "OWASPTop10 is the OWASP top 10 filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OWASPAPITop10 is the OWASP API top 10 filter.\n", + "in": "query", + "name": "owaspAPITop10", + "schema": { + "description": "OWASPAPITop10 is the OWASP API top 10 filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AdditionalHash is used to filter by the additional hash value.\n", + "in": "query", + "name": "additionalHash", + "schema": { + "description": "AdditionalHash is used to filter by the additional hash value.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ModelPath is used to filter by the API model path.\n", + "in": "query", + "name": "modelPath", + "schema": { + "description": "ModelPath is used to filter by the API model path.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Buckets is the number of buckets to return.\n", + "in": "query", + "name": "buckets", + "schema": { + "type": "integer" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_types.AuditTimeslice" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorWAAS" + }, + "operationId": "get-audits-firewall-app-serverless-timeslice", + "summary": "Get WAAS Serverless Audit Events for a Timeframe" + } + }, + "/api/v33.03/audits/firewall/network/container": { + "get": { + "description": { + "$ref": "desc/audits/firewall_network_container_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "From is an optional minimum time constraints for the audits.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audits.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "SrcImages are the source images filter.\n", + "in": "query", + "name": "srcImageName", + "schema": { + "description": "SrcImages are the source images filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "DstImages are the destination images filter.\n", + "in": "query", + "name": "dstImageName", + "schema": { + "description": "DstImages are the destination images filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Block is the block/audit filter.\n", + "in": "query", + "name": "block", + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.ContainerNetworkFirewallProfileAudits" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorCNNF" + }, + "operationId": "get-audits-firewall-network-container", + "summary": "Get CNNS Container Audit Events" + } + }, + "/api/v33.03/audits/firewall/network/container/download": { + "get": { + "description": { + "$ref": "desc/audits/firewall_network_container_download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "From is an optional minimum time constraints for the audits.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audits.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "SrcImages are the source images filter.\n", + "in": "query", + "name": "srcImageName", + "schema": { + "description": "SrcImages are the source images filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "DstImages are the destination images filter.\n", + "in": "query", + "name": "dstImageName", + "schema": { + "description": "DstImages are the destination images filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Block is the block/audit filter.\n", + "in": "query", + "name": "block", + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorCNNF" + }, + "operationId": "get-audits-firewall-network-container-download", + "summary": "Download CNNS Container Audit Events" + } + }, + "/api/v33.03/audits/firewall/network/host": { + "get": { + "description": { + "$ref": "desc/audits/firewall_network_host_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "From is an optional minimum time constraints for the audits.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audits.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "SrcHostname are the source hostnames filter.\n", + "in": "query", + "name": "srcHostnames", + "schema": { + "description": "SrcHostname are the source hostnames filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "DstHostname are the destination hostnames filter.\n", + "in": "query", + "name": "dstHostnames", + "schema": { + "description": "DstHostname are the destination hostnames filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.HostNetworkFirewallProfileAudits" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorCNNF" + }, + "operationId": "get-audits-firewall-network-host", + "summary": "Get CNNS Host Audit Events" + } + }, + "/api/v33.03/audits/firewall/network/host/download": { + "get": { + "description": { + "$ref": "desc/audits/firewall_network_host_download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "From is an optional minimum time constraints for the audits.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audits.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "SrcHostname are the source hostnames filter.\n", + "in": "query", + "name": "srcHostnames", + "schema": { + "description": "SrcHostname are the source hostnames filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "DstHostname are the destination hostnames filter.\n", + "in": "query", + "name": "dstHostnames", + "schema": { + "description": "DstHostname are the destination hostnames filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorCNNF" + }, + "operationId": "get-audits-firewall-network-host-download", + "summary": "Download CNNS Host Audit Events" + } + }, + "/api/v33.03/audits/incidents": { + "get": { + "description": { + "$ref": "desc/audits/incidents_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters results from a start datetime.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Filters results from an end datetime.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Filters results by hostname where the incident occurred.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Filters results by hostname where the incident occurred.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters results by incident category.\n", + "in": "query", + "name": "category", + "schema": { + "description": "Filters results by incident category.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters results by incident type.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Filters results by incident type.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters results by runtime profile ID.\n", + "in": "query", + "name": "profileID", + "schema": { + "description": "Filters results by runtime profile ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters results by incidents that have been acknowledged.\n", + "in": "query", + "name": "acknowledged", + "schema": { + "type": "string" + } + }, + { + "description": "Filters results by region (for functions)\nFilters results by cluster name.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Filters results by region (for functions)\nFilters results by cluster name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters results by ID.\n", + "in": "query", + "name": "id", + "schema": { + "description": "Filters results by ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters results by app IDs.\n", + "in": "query", + "name": "appID", + "schema": { + "description": "Filters results by app IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters results by container IDs.\n", + "in": "query", + "name": "containerID", + "schema": { + "description": "Filters results by container IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters results by function IDs.\n", + "in": "query", + "name": "functionID", + "schema": { + "description": "Filters results by function IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters results by custom rule names.\n", + "in": "query", + "name": "customRuleName", + "schema": { + "description": "Filters results by custom rule names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.Incident" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorRuntimeIncidents" + }, + "operationId": "get-audits-incidents", + "summary": "Get Incident Audit Events" + } + }, + "/api/v33.03/audits/incidents/acknowledge/{id}": { + "patch": { + "description": { + "$ref": "desc/audits/incidents_archive_patch.md" + }, + "parameters": [ + { + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.Incident" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorRuntimeIncidents" + }, + "operationId": "patch-audits-incidents-acknowledge-id", + "summary": "Archive an Incident Audit Event" + } + }, + "/api/v33.03/audits/incidents/download": { + "get": { + "description": { + "$ref": "desc/audits/incidents_download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters results from a start datetime.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Filters results from an end datetime.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Filters results by hostname where the incident occurred.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Filters results by hostname where the incident occurred.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters results by incident category.\n", + "in": "query", + "name": "category", + "schema": { + "description": "Filters results by incident category.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters results by incident type.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Filters results by incident type.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters results by runtime profile ID.\n", + "in": "query", + "name": "profileID", + "schema": { + "description": "Filters results by runtime profile ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters results by incidents that have been acknowledged.\n", + "in": "query", + "name": "acknowledged", + "schema": { + "type": "string" + } + }, + { + "description": "Filters results by region (for functions)\nFilters results by cluster name.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Filters results by region (for functions)\nFilters results by cluster name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters results by ID.\n", + "in": "query", + "name": "id", + "schema": { + "description": "Filters results by ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters results by app IDs.\n", + "in": "query", + "name": "appID", + "schema": { + "description": "Filters results by app IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters results by container IDs.\n", + "in": "query", + "name": "containerID", + "schema": { + "description": "Filters results by container IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters results by function IDs.\n", + "in": "query", + "name": "functionID", + "schema": { + "description": "Filters results by function IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters results by custom rule names.\n", + "in": "query", + "name": "customRuleName", + "schema": { + "description": "Filters results by custom rule names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorRuntimeIncidents" + }, + "operationId": "get-audits-incidents-download", + "summary": "Download Incident Audit Events" + } + }, + "/api/v33.03/audits/kubernetes": { + "get": { + "description": { + "$ref": "desc/audits/kubernetes_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "From is an optional minimum time constraints for the activity.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the activity.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Users is the list of users to use for filtering.\n", + "in": "query", + "name": "user", + "schema": { + "description": "Users is the list of users to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Clusters is the list of clusters for filtering.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Clusters is the list of clusters for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_kubeaudit.Audit" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorAccessKubernetes" + }, + "operationId": "get-audits-kubernetes", + "summary": "Get Kubernetes Audit Events" + } + }, + "/api/v33.03/audits/kubernetes/download": { + "get": { + "description": { + "$ref": "desc/audits/kubernetes_download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "From is an optional minimum time constraints for the activity.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the activity.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Users is the list of users to use for filtering.\n", + "in": "query", + "name": "user", + "schema": { + "description": "Users is the list of users to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Clusters is the list of clusters for filtering.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Clusters is the list of clusters for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorAccessKubernetes" + }, + "operationId": "get-audits-kubernetes-download", + "summary": "Download Kubernetes Audit Events" + } + }, + "/api/v33.03/audits/mgmt": { + "get": { + "description": { + "$ref": "desc/audits/mgmt_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Types is the audit type filter.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Types is the audit type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Usernames is the username filter.\n", + "in": "query", + "name": "username", + "schema": { + "description": "Usernames is the username filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.MgmtAudit" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "systemLogs" + }, + "operationId": "get-audits-mgmt", + "summary": "Get Management Audit Events" + } + }, + "/api/v33.03/audits/mgmt/download": { + "get": { + "description": { + "$ref": "desc/audits/mgmt_download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Types is the audit type filter.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Types is the audit type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Usernames is the username filter.\n", + "in": "query", + "name": "username", + "schema": { + "description": "Usernames is the username filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "systemLogs" + }, + "operationId": "get-audits-mgmt-download", + "summary": "Download Management Audit Events" + } + }, + "/api/v33.03/audits/mgmt/filters": { + "get": { + "description": { + "$ref": "desc/audits/mgmt_filters_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Types is the audit type filter.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Types is the audit type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Usernames is the username filter.\n", + "in": "query", + "name": "username", + "schema": { + "description": "Usernames is the username filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/types.MgmtAuditFilters" + } + } + }, + "description": "MgmtAuditFilters are filters for management audit queries" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "systemLogs" + }, + "operationId": "get-audits-mgmt-filters", + "summary": "Get Management Audit Event Filters" + } + }, + "/api/v33.03/audits/runtime/app-embedded": { + "get": { + "description": { + "$ref": "desc/audits/runtime_app_embedded_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "IDs are the audit IDs to filter.\n", + "in": "query", + "name": "id", + "schema": { + "description": "IDs are the audit IDs to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ProfileIDs are the profile IDs to filter.\n", + "in": "query", + "name": "profileID", + "schema": { + "description": "ProfileIDs are the profile IDs to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Time is used to filter by audit time.\n", + "in": "query", + "name": "time", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "ImageNames is the image name filter.\n", + "in": "query", + "name": "imageName", + "schema": { + "description": "ImageNames is the image name filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Containers is the container name filter.\n", + "in": "query", + "name": "container", + "schema": { + "description": "Containers is the container name filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ContainerID is used to filter by container ID.\n", + "in": "query", + "name": "containerID", + "schema": { + "description": "ContainerID is used to filter by container ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RuleNames is used to filter by rule name.\n", + "in": "query", + "name": "ruleName", + "schema": { + "description": "RuleNames is used to filter by rule name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Types is used to filter by runtime audit type.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Types is used to filter by runtime audit type.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Effect is used to filter by runtime audit effect (e.g., block/alert).\n", + "in": "query", + "name": "effect", + "schema": { + "description": "Effect is used to filter by runtime audit effect (e.g., block/alert).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Users is used to filter by host users.\n", + "in": "query", + "name": "user", + "schema": { + "description": "Users is used to filter by host users.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OS is the image OS distro filter.\n", + "in": "query", + "name": "os", + "schema": { + "description": "OS is the image OS distro filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces is the namespaces filter.\n", + "in": "query", + "name": "namespace", + "schema": { + "description": "Namespaces is the namespaces filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Fields is used to fetch specific runtime audit fields.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "Fields is used to fetch specific runtime audit fields.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Clusters is the cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Clusters is the cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTypes is used to filter by runtime audit attack type.\n", + "in": "query", + "name": "attackType", + "schema": { + "description": "AttackTypes is used to filter by runtime audit attack type.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hostname is the hostname filter.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hostname is the hostname filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Message is the audit message text filter.\n", + "in": "query", + "name": "msg", + "schema": { + "description": "Message is the audit message text filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Interactive is the audit interactive filter.\n", + "in": "query", + "name": "interactive", + "schema": { + "description": "Interactive is the audit interactive filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Function is used to filter by function name.\n", + "in": "query", + "name": "function", + "schema": { + "description": "Function is used to filter by function name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Runtime is used to filter by runtime.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Runtime is used to filter by runtime.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "App is the name constraint of the service that triggered the audit.\n", + "in": "query", + "name": "app", + "schema": { + "description": "App is the name constraint of the service that triggered the audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ProcessPath is the path constraint of the process that triggered the audit.\n", + "in": "query", + "name": "processPath", + "schema": { + "description": "ProcessPath is the path constraint of the process that triggered the audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestID is used to filter by request ID.\n", + "in": "query", + "name": "requestID", + "schema": { + "description": "RequestID is used to filter by request ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "FunctionID is used to filter by function ID.\n", + "in": "query", + "name": "functionID", + "schema": { + "description": "FunctionID is used to filter by function ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Aggregate indicates whether the result audits should be aggregated according to the Select field.\n", + "in": "query", + "name": "aggregate", + "schema": { + "type": "boolean" + } + }, + { + "description": "AppID is used to filter by embedded app or Fargate task that triggered the audit.\n", + "in": "query", + "name": "appID", + "schema": { + "description": "AppID is used to filter by embedded app or Fargate task that triggered the audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.RuntimeAudit" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorRuntimeServerless" + }, + "operationId": "get-audits-runtime-app-embedded", + "summary": "Get Runtime App-embedded Audit Events" + } + }, + "/api/v33.03/audits/runtime/app-embedded/download": { + "get": { + "description": { + "$ref": "desc/audits/runtime_app_embedded_download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "IDs are the audit IDs to filter.\n", + "in": "query", + "name": "id", + "schema": { + "description": "IDs are the audit IDs to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ProfileIDs are the profile IDs to filter.\n", + "in": "query", + "name": "profileID", + "schema": { + "description": "ProfileIDs are the profile IDs to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Time is used to filter by audit time.\n", + "in": "query", + "name": "time", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "ImageNames is the image name filter.\n", + "in": "query", + "name": "imageName", + "schema": { + "description": "ImageNames is the image name filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Containers is the container name filter.\n", + "in": "query", + "name": "container", + "schema": { + "description": "Containers is the container name filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ContainerID is used to filter by container ID.\n", + "in": "query", + "name": "containerID", + "schema": { + "description": "ContainerID is used to filter by container ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RuleNames is used to filter by rule name.\n", + "in": "query", + "name": "ruleName", + "schema": { + "description": "RuleNames is used to filter by rule name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Types is used to filter by runtime audit type.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Types is used to filter by runtime audit type.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Effect is used to filter by runtime audit effect (e.g., block/alert).\n", + "in": "query", + "name": "effect", + "schema": { + "description": "Effect is used to filter by runtime audit effect (e.g., block/alert).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Users is used to filter by host users.\n", + "in": "query", + "name": "user", + "schema": { + "description": "Users is used to filter by host users.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OS is the image OS distro filter.\n", + "in": "query", + "name": "os", + "schema": { + "description": "OS is the image OS distro filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces is the namespaces filter.\n", + "in": "query", + "name": "namespace", + "schema": { + "description": "Namespaces is the namespaces filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Fields is used to fetch specific runtime audit fields.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "Fields is used to fetch specific runtime audit fields.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Clusters is the cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Clusters is the cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTypes is used to filter by runtime audit attack type.\n", + "in": "query", + "name": "attackType", + "schema": { + "description": "AttackTypes is used to filter by runtime audit attack type.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hostname is the hostname filter.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hostname is the hostname filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Message is the audit message text filter.\n", + "in": "query", + "name": "msg", + "schema": { + "description": "Message is the audit message text filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Interactive is the audit interactive filter.\n", + "in": "query", + "name": "interactive", + "schema": { + "description": "Interactive is the audit interactive filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Function is used to filter by function name.\n", + "in": "query", + "name": "function", + "schema": { + "description": "Function is used to filter by function name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Runtime is used to filter by runtime.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Runtime is used to filter by runtime.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "App is the name constraint of the service that triggered the audit.\n", + "in": "query", + "name": "app", + "schema": { + "description": "App is the name constraint of the service that triggered the audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ProcessPath is the path constraint of the process that triggered the audit.\n", + "in": "query", + "name": "processPath", + "schema": { + "description": "ProcessPath is the path constraint of the process that triggered the audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestID is used to filter by request ID.\n", + "in": "query", + "name": "requestID", + "schema": { + "description": "RequestID is used to filter by request ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "FunctionID is used to filter by function ID.\n", + "in": "query", + "name": "functionID", + "schema": { + "description": "FunctionID is used to filter by function ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Aggregate indicates whether the result audits should be aggregated according to the Select field.\n", + "in": "query", + "name": "aggregate", + "schema": { + "type": "boolean" + } + }, + { + "description": "AppID is used to filter by embedded app or Fargate task that triggered the audit.\n", + "in": "query", + "name": "appID", + "schema": { + "description": "AppID is used to filter by embedded app or Fargate task that triggered the audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorRuntimeServerless" + }, + "operationId": "get-audits-runtime-app-embedded-download", + "summary": "Download Runtime App-embedded Audit Events" + } + }, + "/api/v33.03/audits/runtime/container": { + "get": { + "description": { + "$ref": "desc/audits/runtime_container_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "IDs are the audit IDs to filter.\n", + "in": "query", + "name": "id", + "schema": { + "description": "IDs are the audit IDs to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ProfileIDs are the profile IDs to filter.\n", + "in": "query", + "name": "profileID", + "schema": { + "description": "ProfileIDs are the profile IDs to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Time is used to filter by audit time.\n", + "in": "query", + "name": "time", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "ImageNames is the image name filter.\n", + "in": "query", + "name": "imageName", + "schema": { + "description": "ImageNames is the image name filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Containers is the container name filter.\n", + "in": "query", + "name": "container", + "schema": { + "description": "Containers is the container name filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ContainerID is used to filter by container ID.\n", + "in": "query", + "name": "containerID", + "schema": { + "description": "ContainerID is used to filter by container ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RuleNames is used to filter by rule name.\n", + "in": "query", + "name": "ruleName", + "schema": { + "description": "RuleNames is used to filter by rule name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Types is used to filter by runtime audit type.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Types is used to filter by runtime audit type.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Effect is used to filter by runtime audit effect (e.g., block/alert).\n", + "in": "query", + "name": "effect", + "schema": { + "description": "Effect is used to filter by runtime audit effect (e.g., block/alert).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Users is used to filter by host users.\n", + "in": "query", + "name": "user", + "schema": { + "description": "Users is used to filter by host users.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OS is the image OS distro filter.\n", + "in": "query", + "name": "os", + "schema": { + "description": "OS is the image OS distro filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces is the namespaces filter.\n", + "in": "query", + "name": "namespace", + "schema": { + "description": "Namespaces is the namespaces filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Fields is used to fetch specific runtime audit fields.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "Fields is used to fetch specific runtime audit fields.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Clusters is the cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Clusters is the cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTypes is used to filter by runtime audit attack type.\n", + "in": "query", + "name": "attackType", + "schema": { + "description": "AttackTypes is used to filter by runtime audit attack type.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hostname is the hostname filter.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hostname is the hostname filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Message is the audit message text filter.\n", + "in": "query", + "name": "msg", + "schema": { + "description": "Message is the audit message text filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Interactive is the audit interactive filter.\n", + "in": "query", + "name": "interactive", + "schema": { + "description": "Interactive is the audit interactive filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Function is used to filter by function name.\n", + "in": "query", + "name": "function", + "schema": { + "description": "Function is used to filter by function name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Runtime is used to filter by runtime.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Runtime is used to filter by runtime.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "App is the name constraint of the service that triggered the audit.\n", + "in": "query", + "name": "app", + "schema": { + "description": "App is the name constraint of the service that triggered the audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ProcessPath is the path constraint of the process that triggered the audit.\n", + "in": "query", + "name": "processPath", + "schema": { + "description": "ProcessPath is the path constraint of the process that triggered the audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestID is used to filter by request ID.\n", + "in": "query", + "name": "requestID", + "schema": { + "description": "RequestID is used to filter by request ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "FunctionID is used to filter by function ID.\n", + "in": "query", + "name": "functionID", + "schema": { + "description": "FunctionID is used to filter by function ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Aggregate indicates whether the result audits should be aggregated according to the Select field.\n", + "in": "query", + "name": "aggregate", + "schema": { + "type": "boolean" + } + }, + { + "description": "AppID is used to filter by embedded app or Fargate task that triggered the audit.\n", + "in": "query", + "name": "appID", + "schema": { + "description": "AppID is used to filter by embedded app or Fargate task that triggered the audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.RuntimeAudit" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorRuntimeContainers" + }, + "operationId": "get-audits-runtime-container", + "summary": "Get Runtime Container Audit Events" + } + }, + "/api/v33.03/audits/runtime/container/download": { + "get": { + "description": { + "$ref": "desc/audits/runtime_container_download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "IDs are the audit IDs to filter.\n", + "in": "query", + "name": "id", + "schema": { + "description": "IDs are the audit IDs to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ProfileIDs are the profile IDs to filter.\n", + "in": "query", + "name": "profileID", + "schema": { + "description": "ProfileIDs are the profile IDs to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Time is used to filter by audit time.\n", + "in": "query", + "name": "time", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "ImageNames is the image name filter.\n", + "in": "query", + "name": "imageName", + "schema": { + "description": "ImageNames is the image name filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Containers is the container name filter.\n", + "in": "query", + "name": "container", + "schema": { + "description": "Containers is the container name filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ContainerID is used to filter by container ID.\n", + "in": "query", + "name": "containerID", + "schema": { + "description": "ContainerID is used to filter by container ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RuleNames is used to filter by rule name.\n", + "in": "query", + "name": "ruleName", + "schema": { + "description": "RuleNames is used to filter by rule name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Types is used to filter by runtime audit type.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Types is used to filter by runtime audit type.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Effect is used to filter by runtime audit effect (e.g., block/alert).\n", + "in": "query", + "name": "effect", + "schema": { + "description": "Effect is used to filter by runtime audit effect (e.g., block/alert).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Users is used to filter by host users.\n", + "in": "query", + "name": "user", + "schema": { + "description": "Users is used to filter by host users.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OS is the image OS distro filter.\n", + "in": "query", + "name": "os", + "schema": { + "description": "OS is the image OS distro filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces is the namespaces filter.\n", + "in": "query", + "name": "namespace", + "schema": { + "description": "Namespaces is the namespaces filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Fields is used to fetch specific runtime audit fields.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "Fields is used to fetch specific runtime audit fields.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Clusters is the cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Clusters is the cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTypes is used to filter by runtime audit attack type.\n", + "in": "query", + "name": "attackType", + "schema": { + "description": "AttackTypes is used to filter by runtime audit attack type.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hostname is the hostname filter.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hostname is the hostname filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Message is the audit message text filter.\n", + "in": "query", + "name": "msg", + "schema": { + "description": "Message is the audit message text filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Interactive is the audit interactive filter.\n", + "in": "query", + "name": "interactive", + "schema": { + "description": "Interactive is the audit interactive filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Function is used to filter by function name.\n", + "in": "query", + "name": "function", + "schema": { + "description": "Function is used to filter by function name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Runtime is used to filter by runtime.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Runtime is used to filter by runtime.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "App is the name constraint of the service that triggered the audit.\n", + "in": "query", + "name": "app", + "schema": { + "description": "App is the name constraint of the service that triggered the audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ProcessPath is the path constraint of the process that triggered the audit.\n", + "in": "query", + "name": "processPath", + "schema": { + "description": "ProcessPath is the path constraint of the process that triggered the audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestID is used to filter by request ID.\n", + "in": "query", + "name": "requestID", + "schema": { + "description": "RequestID is used to filter by request ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "FunctionID is used to filter by function ID.\n", + "in": "query", + "name": "functionID", + "schema": { + "description": "FunctionID is used to filter by function ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Aggregate indicates whether the result audits should be aggregated according to the Select field.\n", + "in": "query", + "name": "aggregate", + "schema": { + "type": "boolean" + } + }, + { + "description": "AppID is used to filter by embedded app or Fargate task that triggered the audit.\n", + "in": "query", + "name": "appID", + "schema": { + "description": "AppID is used to filter by embedded app or Fargate task that triggered the audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorRuntimeContainers" + }, + "operationId": "get-audits-runtime-container-download", + "summary": "Download Runtime Container Audit Events" + } + }, + "/api/v33.03/audits/runtime/container/timeslice": { + "get": { + "description": { + "$ref": "desc/audits/runtime_container_timeslice_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "IDs are the audit IDs to filter.\n", + "in": "query", + "name": "id", + "schema": { + "description": "IDs are the audit IDs to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ProfileIDs are the profile IDs to filter.\n", + "in": "query", + "name": "profileID", + "schema": { + "description": "ProfileIDs are the profile IDs to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Time is used to filter by audit time.\n", + "in": "query", + "name": "time", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "ImageNames is the image name filter.\n", + "in": "query", + "name": "imageName", + "schema": { + "description": "ImageNames is the image name filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Containers is the container name filter.\n", + "in": "query", + "name": "container", + "schema": { + "description": "Containers is the container name filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ContainerID is used to filter by container ID.\n", + "in": "query", + "name": "containerID", + "schema": { + "description": "ContainerID is used to filter by container ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RuleNames is used to filter by rule name.\n", + "in": "query", + "name": "ruleName", + "schema": { + "description": "RuleNames is used to filter by rule name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Types is used to filter by runtime audit type.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Types is used to filter by runtime audit type.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Effect is used to filter by runtime audit effect (e.g., block/alert).\n", + "in": "query", + "name": "effect", + "schema": { + "description": "Effect is used to filter by runtime audit effect (e.g., block/alert).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Users is used to filter by host users.\n", + "in": "query", + "name": "user", + "schema": { + "description": "Users is used to filter by host users.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OS is the image OS distro filter.\n", + "in": "query", + "name": "os", + "schema": { + "description": "OS is the image OS distro filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces is the namespaces filter.\n", + "in": "query", + "name": "namespace", + "schema": { + "description": "Namespaces is the namespaces filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Fields is used to fetch specific runtime audit fields.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "Fields is used to fetch specific runtime audit fields.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Clusters is the cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Clusters is the cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTypes is used to filter by runtime audit attack type.\n", + "in": "query", + "name": "attackType", + "schema": { + "description": "AttackTypes is used to filter by runtime audit attack type.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hostname is the hostname filter.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hostname is the hostname filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Message is the audit message text filter.\n", + "in": "query", + "name": "msg", + "schema": { + "description": "Message is the audit message text filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Interactive is the audit interactive filter.\n", + "in": "query", + "name": "interactive", + "schema": { + "description": "Interactive is the audit interactive filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Function is used to filter by function name.\n", + "in": "query", + "name": "function", + "schema": { + "description": "Function is used to filter by function name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Runtime is used to filter by runtime.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Runtime is used to filter by runtime.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "App is the name constraint of the service that triggered the audit.\n", + "in": "query", + "name": "app", + "schema": { + "description": "App is the name constraint of the service that triggered the audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ProcessPath is the path constraint of the process that triggered the audit.\n", + "in": "query", + "name": "processPath", + "schema": { + "description": "ProcessPath is the path constraint of the process that triggered the audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestID is used to filter by request ID.\n", + "in": "query", + "name": "requestID", + "schema": { + "description": "RequestID is used to filter by request ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "FunctionID is used to filter by function ID.\n", + "in": "query", + "name": "functionID", + "schema": { + "description": "FunctionID is used to filter by function ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Aggregate indicates whether the result audits should be aggregated according to the Select field.\n", + "in": "query", + "name": "aggregate", + "schema": { + "type": "boolean" + } + }, + { + "description": "AppID is used to filter by embedded app or Fargate task that triggered the audit.\n", + "in": "query", + "name": "appID", + "schema": { + "description": "AppID is used to filter by embedded app or Fargate task that triggered the audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Buckets is the number of buckets to return.\n", + "in": "query", + "name": "buckets", + "schema": { + "type": "integer" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_types.AuditTimeslice" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorRuntimeContainers" + }, + "operationId": "get-audits-runtime-container-timeslice", + "summary": "Get Runtime Container Audit Events for a Timeframe" + } + }, + "/api/v33.03/audits/runtime/file-integrity": { + "get": { + "description": { + "$ref": "desc/audits/runtime_file-integrity_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "IDs is the list of IDs to use for filtering.\n", + "in": "query", + "name": "id", + "schema": { + "description": "IDs is the list of IDs to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "From is an optional minimum time constraints for the event.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the event.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Hosts is the list of hosts to use for filtering.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hosts is the list of hosts to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Paths is the list of paths to use for filtering.\n", + "in": "query", + "name": "path", + "schema": { + "description": "Paths is the list of paths to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "EventTypes is the list of file intergrity events to use for filtering.\n", + "in": "query", + "name": "eventType", + "schema": { + "description": "EventTypes is the list of file intergrity events to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Clusters is the cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Clusters is the cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.FileIntegrityEvent" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorRuntimeHosts" + }, + "operationId": "get-audits-runtime-file-integrity", + "summary": "Get Runtime File Integrity Audit Events" + } + }, + "/api/v33.03/audits/runtime/file-integrity/download": { + "get": { + "description": { + "$ref": "desc/audits/runtime_file-integrity_download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "IDs is the list of IDs to use for filtering.\n", + "in": "query", + "name": "id", + "schema": { + "description": "IDs is the list of IDs to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "From is an optional minimum time constraints for the event.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the event.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Hosts is the list of hosts to use for filtering.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hosts is the list of hosts to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Paths is the list of paths to use for filtering.\n", + "in": "query", + "name": "path", + "schema": { + "description": "Paths is the list of paths to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "EventTypes is the list of file intergrity events to use for filtering.\n", + "in": "query", + "name": "eventType", + "schema": { + "description": "EventTypes is the list of file intergrity events to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Clusters is the cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Clusters is the cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorRuntimeHosts" + }, + "operationId": "get-audits-runtime-file-integrity-download", + "summary": "Download Runtime File Integrity Audit Events" + } + }, + "/api/v33.03/audits/runtime/host": { + "get": { + "description": { + "$ref": "desc/audits/runtime_host_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "IDs are the audit IDs to filter.\n", + "in": "query", + "name": "id", + "schema": { + "description": "IDs are the audit IDs to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ProfileIDs are the profile IDs to filter.\n", + "in": "query", + "name": "profileID", + "schema": { + "description": "ProfileIDs are the profile IDs to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Time is used to filter by audit time.\n", + "in": "query", + "name": "time", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "ImageNames is the image name filter.\n", + "in": "query", + "name": "imageName", + "schema": { + "description": "ImageNames is the image name filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Containers is the container name filter.\n", + "in": "query", + "name": "container", + "schema": { + "description": "Containers is the container name filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ContainerID is used to filter by container ID.\n", + "in": "query", + "name": "containerID", + "schema": { + "description": "ContainerID is used to filter by container ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RuleNames is used to filter by rule name.\n", + "in": "query", + "name": "ruleName", + "schema": { + "description": "RuleNames is used to filter by rule name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Types is used to filter by runtime audit type.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Types is used to filter by runtime audit type.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Effect is used to filter by runtime audit effect (e.g., block/alert).\n", + "in": "query", + "name": "effect", + "schema": { + "description": "Effect is used to filter by runtime audit effect (e.g., block/alert).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Users is used to filter by host users.\n", + "in": "query", + "name": "user", + "schema": { + "description": "Users is used to filter by host users.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OS is the image OS distro filter.\n", + "in": "query", + "name": "os", + "schema": { + "description": "OS is the image OS distro filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces is the namespaces filter.\n", + "in": "query", + "name": "namespace", + "schema": { + "description": "Namespaces is the namespaces filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Fields is used to fetch specific runtime audit fields.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "Fields is used to fetch specific runtime audit fields.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Clusters is the cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Clusters is the cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTypes is used to filter by runtime audit attack type.\n", + "in": "query", + "name": "attackType", + "schema": { + "description": "AttackTypes is used to filter by runtime audit attack type.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hostname is the hostname filter.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hostname is the hostname filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Message is the audit message text filter.\n", + "in": "query", + "name": "msg", + "schema": { + "description": "Message is the audit message text filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Interactive is the audit interactive filter.\n", + "in": "query", + "name": "interactive", + "schema": { + "description": "Interactive is the audit interactive filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Function is used to filter by function name.\n", + "in": "query", + "name": "function", + "schema": { + "description": "Function is used to filter by function name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Runtime is used to filter by runtime.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Runtime is used to filter by runtime.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "App is the name constraint of the service that triggered the audit.\n", + "in": "query", + "name": "app", + "schema": { + "description": "App is the name constraint of the service that triggered the audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ProcessPath is the path constraint of the process that triggered the audit.\n", + "in": "query", + "name": "processPath", + "schema": { + "description": "ProcessPath is the path constraint of the process that triggered the audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestID is used to filter by request ID.\n", + "in": "query", + "name": "requestID", + "schema": { + "description": "RequestID is used to filter by request ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "FunctionID is used to filter by function ID.\n", + "in": "query", + "name": "functionID", + "schema": { + "description": "FunctionID is used to filter by function ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Aggregate indicates whether the result audits should be aggregated according to the Select field.\n", + "in": "query", + "name": "aggregate", + "schema": { + "type": "boolean" + } + }, + { + "description": "AppID is used to filter by embedded app or Fargate task that triggered the audit.\n", + "in": "query", + "name": "appID", + "schema": { + "description": "AppID is used to filter by embedded app or Fargate task that triggered the audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.RuntimeAudit" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorRuntimeHosts" + }, + "operationId": "get-audits-runtime-host", + "summary": "Get Runtime Host Audit Events" + } + }, + "/api/v33.03/audits/runtime/host/download": { + "get": { + "description": { + "$ref": "desc/audits/runtime_host_download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "IDs are the audit IDs to filter.\n", + "in": "query", + "name": "id", + "schema": { + "description": "IDs are the audit IDs to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ProfileIDs are the profile IDs to filter.\n", + "in": "query", + "name": "profileID", + "schema": { + "description": "ProfileIDs are the profile IDs to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Time is used to filter by audit time.\n", + "in": "query", + "name": "time", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "ImageNames is the image name filter.\n", + "in": "query", + "name": "imageName", + "schema": { + "description": "ImageNames is the image name filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Containers is the container name filter.\n", + "in": "query", + "name": "container", + "schema": { + "description": "Containers is the container name filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ContainerID is used to filter by container ID.\n", + "in": "query", + "name": "containerID", + "schema": { + "description": "ContainerID is used to filter by container ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RuleNames is used to filter by rule name.\n", + "in": "query", + "name": "ruleName", + "schema": { + "description": "RuleNames is used to filter by rule name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Types is used to filter by runtime audit type.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Types is used to filter by runtime audit type.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Effect is used to filter by runtime audit effect (e.g., block/alert).\n", + "in": "query", + "name": "effect", + "schema": { + "description": "Effect is used to filter by runtime audit effect (e.g., block/alert).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Users is used to filter by host users.\n", + "in": "query", + "name": "user", + "schema": { + "description": "Users is used to filter by host users.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OS is the image OS distro filter.\n", + "in": "query", + "name": "os", + "schema": { + "description": "OS is the image OS distro filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces is the namespaces filter.\n", + "in": "query", + "name": "namespace", + "schema": { + "description": "Namespaces is the namespaces filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Fields is used to fetch specific runtime audit fields.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "Fields is used to fetch specific runtime audit fields.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Clusters is the cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Clusters is the cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTypes is used to filter by runtime audit attack type.\n", + "in": "query", + "name": "attackType", + "schema": { + "description": "AttackTypes is used to filter by runtime audit attack type.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hostname is the hostname filter.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hostname is the hostname filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Message is the audit message text filter.\n", + "in": "query", + "name": "msg", + "schema": { + "description": "Message is the audit message text filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Interactive is the audit interactive filter.\n", + "in": "query", + "name": "interactive", + "schema": { + "description": "Interactive is the audit interactive filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Function is used to filter by function name.\n", + "in": "query", + "name": "function", + "schema": { + "description": "Function is used to filter by function name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Runtime is used to filter by runtime.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Runtime is used to filter by runtime.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "App is the name constraint of the service that triggered the audit.\n", + "in": "query", + "name": "app", + "schema": { + "description": "App is the name constraint of the service that triggered the audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ProcessPath is the path constraint of the process that triggered the audit.\n", + "in": "query", + "name": "processPath", + "schema": { + "description": "ProcessPath is the path constraint of the process that triggered the audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestID is used to filter by request ID.\n", + "in": "query", + "name": "requestID", + "schema": { + "description": "RequestID is used to filter by request ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "FunctionID is used to filter by function ID.\n", + "in": "query", + "name": "functionID", + "schema": { + "description": "FunctionID is used to filter by function ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Aggregate indicates whether the result audits should be aggregated according to the Select field.\n", + "in": "query", + "name": "aggregate", + "schema": { + "type": "boolean" + } + }, + { + "description": "AppID is used to filter by embedded app or Fargate task that triggered the audit.\n", + "in": "query", + "name": "appID", + "schema": { + "description": "AppID is used to filter by embedded app or Fargate task that triggered the audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorRuntimeHosts" + }, + "operationId": "get-audits-runtime-host-download", + "summary": "Download Runtime Host Audit Events" + } + }, + "/api/v33.03/audits/runtime/host/timeslice": { + "get": { + "description": { + "$ref": "desc/audits/runtime_host_timeslice_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "IDs are the audit IDs to filter.\n", + "in": "query", + "name": "id", + "schema": { + "description": "IDs are the audit IDs to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ProfileIDs are the profile IDs to filter.\n", + "in": "query", + "name": "profileID", + "schema": { + "description": "ProfileIDs are the profile IDs to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Time is used to filter by audit time.\n", + "in": "query", + "name": "time", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "ImageNames is the image name filter.\n", + "in": "query", + "name": "imageName", + "schema": { + "description": "ImageNames is the image name filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Containers is the container name filter.\n", + "in": "query", + "name": "container", + "schema": { + "description": "Containers is the container name filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ContainerID is used to filter by container ID.\n", + "in": "query", + "name": "containerID", + "schema": { + "description": "ContainerID is used to filter by container ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RuleNames is used to filter by rule name.\n", + "in": "query", + "name": "ruleName", + "schema": { + "description": "RuleNames is used to filter by rule name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Types is used to filter by runtime audit type.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Types is used to filter by runtime audit type.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Effect is used to filter by runtime audit effect (e.g., block/alert).\n", + "in": "query", + "name": "effect", + "schema": { + "description": "Effect is used to filter by runtime audit effect (e.g., block/alert).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Users is used to filter by host users.\n", + "in": "query", + "name": "user", + "schema": { + "description": "Users is used to filter by host users.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OS is the image OS distro filter.\n", + "in": "query", + "name": "os", + "schema": { + "description": "OS is the image OS distro filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces is the namespaces filter.\n", + "in": "query", + "name": "namespace", + "schema": { + "description": "Namespaces is the namespaces filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Fields is used to fetch specific runtime audit fields.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "Fields is used to fetch specific runtime audit fields.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Clusters is the cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Clusters is the cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTypes is used to filter by runtime audit attack type.\n", + "in": "query", + "name": "attackType", + "schema": { + "description": "AttackTypes is used to filter by runtime audit attack type.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hostname is the hostname filter.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hostname is the hostname filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Message is the audit message text filter.\n", + "in": "query", + "name": "msg", + "schema": { + "description": "Message is the audit message text filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Interactive is the audit interactive filter.\n", + "in": "query", + "name": "interactive", + "schema": { + "description": "Interactive is the audit interactive filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Function is used to filter by function name.\n", + "in": "query", + "name": "function", + "schema": { + "description": "Function is used to filter by function name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Runtime is used to filter by runtime.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Runtime is used to filter by runtime.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "App is the name constraint of the service that triggered the audit.\n", + "in": "query", + "name": "app", + "schema": { + "description": "App is the name constraint of the service that triggered the audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ProcessPath is the path constraint of the process that triggered the audit.\n", + "in": "query", + "name": "processPath", + "schema": { + "description": "ProcessPath is the path constraint of the process that triggered the audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestID is used to filter by request ID.\n", + "in": "query", + "name": "requestID", + "schema": { + "description": "RequestID is used to filter by request ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "FunctionID is used to filter by function ID.\n", + "in": "query", + "name": "functionID", + "schema": { + "description": "FunctionID is used to filter by function ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Aggregate indicates whether the result audits should be aggregated according to the Select field.\n", + "in": "query", + "name": "aggregate", + "schema": { + "type": "boolean" + } + }, + { + "description": "AppID is used to filter by embedded app or Fargate task that triggered the audit.\n", + "in": "query", + "name": "appID", + "schema": { + "description": "AppID is used to filter by embedded app or Fargate task that triggered the audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Buckets is the number of buckets to return.\n", + "in": "query", + "name": "buckets", + "schema": { + "type": "integer" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_types.AuditTimeslice" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorRuntimeHosts" + }, + "operationId": "get-audits-runtime-host-timeslice", + "summary": "Get Runtime Host Audit Events for a Timeframe" + } + }, + "/api/v33.03/audits/runtime/log-inspection": { + "get": { + "description": { + "$ref": "desc/audits/runtime_log-inspection_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "IDs is the list of IDs to use for filtering.\n", + "in": "query", + "name": "id", + "schema": { + "description": "IDs is the list of IDs to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "From is an optional minimum time constraints for the event.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the event.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Hosts is the list of hosts to use for filtering.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hosts is the list of hosts to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Logfiles is the list of log files to use for filtering.\n", + "in": "query", + "name": "logfile", + "schema": { + "description": "Logfiles is the list of log files to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Clusters is the cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Clusters is the cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.LogInspectionEvent" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorRuntimeHosts" + }, + "operationId": "get-audits-runtime-log-inspection", + "summary": "Get Runtime Log Inspection Audit Events" + } + }, + "/api/v33.03/audits/runtime/log-inspection/download": { + "get": { + "description": { + "$ref": "desc/audits/runtime_log-inspection_download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "IDs is the list of IDs to use for filtering.\n", + "in": "query", + "name": "id", + "schema": { + "description": "IDs is the list of IDs to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "From is an optional minimum time constraints for the event.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the event.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Hosts is the list of hosts to use for filtering.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hosts is the list of hosts to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Logfiles is the list of log files to use for filtering.\n", + "in": "query", + "name": "logfile", + "schema": { + "description": "Logfiles is the list of log files to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Clusters is the cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Clusters is the cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorRuntimeHosts" + }, + "operationId": "get-audits-runtime-log-inspection-download", + "summary": "Download Runtime Log Inspection Audit Events" + } + }, + "/api/v33.03/audits/runtime/serverless": { + "get": { + "description": { + "$ref": "desc/audits/runtime_serverless_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "ProfileIDs are the profile ids to filter.\n", + "in": "query", + "name": "profileID", + "schema": { + "description": "ProfileIDs are the profile ids to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Time is an optional exact time constraint for the audit.\n", + "in": "query", + "name": "time", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "RuleNames is used to filter by rule name.\n", + "in": "query", + "name": "ruleName", + "schema": { + "description": "RuleNames is used to filter by rule name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Types is a filter by runtime audit type.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Types is a filter by runtime audit type.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Effect is used to filter by runtime audit effect (block/alert).\n", + "in": "query", + "name": "effect", + "schema": { + "description": "Effect is used to filter by runtime audit effect (block/alert).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Function is used to filter by function name.\n", + "in": "query", + "name": "function", + "schema": { + "description": "Function is used to filter by function name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Runtime is used to filter by runtime.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Runtime is used to filter by runtime.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestID is used to filter by request id.\n", + "in": "query", + "name": "requestID", + "schema": { + "description": "RequestID is used to filter by request id.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Message is the audit message text filter.\n", + "in": "query", + "name": "msg", + "schema": { + "description": "Message is the audit message text filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTypes is used to filter by runtime audit attack type.\n", + "in": "query", + "name": "attackType", + "schema": { + "description": "AttackTypes is used to filter by runtime audit attack type.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Aggregate indicates whether the result audits should be aggregated according to the Select field.\n", + "in": "query", + "name": "aggregate", + "schema": { + "type": "boolean" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.RuntimeAudit" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorRuntimeServerless" + }, + "operationId": "get-audits-runtime-serverless", + "summary": "Get Runtime Serverless Audit Events" + } + }, + "/api/v33.03/audits/runtime/serverless/download": { + "get": { + "description": { + "$ref": "desc/audits/runtime_serverless_download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "IDs are the audit IDs to filter.\n", + "in": "query", + "name": "id", + "schema": { + "description": "IDs are the audit IDs to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ProfileIDs are the profile IDs to filter.\n", + "in": "query", + "name": "profileID", + "schema": { + "description": "ProfileIDs are the profile IDs to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Time is used to filter by audit time.\n", + "in": "query", + "name": "time", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "ImageNames is the image name filter.\n", + "in": "query", + "name": "imageName", + "schema": { + "description": "ImageNames is the image name filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Containers is the container name filter.\n", + "in": "query", + "name": "container", + "schema": { + "description": "Containers is the container name filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ContainerID is used to filter by container ID.\n", + "in": "query", + "name": "containerID", + "schema": { + "description": "ContainerID is used to filter by container ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RuleNames is used to filter by rule name.\n", + "in": "query", + "name": "ruleName", + "schema": { + "description": "RuleNames is used to filter by rule name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Types is used to filter by runtime audit type.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Types is used to filter by runtime audit type.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Effect is used to filter by runtime audit effect (e.g., block/alert).\n", + "in": "query", + "name": "effect", + "schema": { + "description": "Effect is used to filter by runtime audit effect (e.g., block/alert).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Users is used to filter by host users.\n", + "in": "query", + "name": "user", + "schema": { + "description": "Users is used to filter by host users.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OS is the image OS distro filter.\n", + "in": "query", + "name": "os", + "schema": { + "description": "OS is the image OS distro filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces is the namespaces filter.\n", + "in": "query", + "name": "namespace", + "schema": { + "description": "Namespaces is the namespaces filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Fields is used to fetch specific runtime audit fields.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "Fields is used to fetch specific runtime audit fields.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Clusters is the cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Clusters is the cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTypes is used to filter by runtime audit attack type.\n", + "in": "query", + "name": "attackType", + "schema": { + "description": "AttackTypes is used to filter by runtime audit attack type.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hostname is the hostname filter.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hostname is the hostname filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Message is the audit message text filter.\n", + "in": "query", + "name": "msg", + "schema": { + "description": "Message is the audit message text filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Interactive is the audit interactive filter.\n", + "in": "query", + "name": "interactive", + "schema": { + "description": "Interactive is the audit interactive filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Function is used to filter by function name.\n", + "in": "query", + "name": "function", + "schema": { + "description": "Function is used to filter by function name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Runtime is used to filter by runtime.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Runtime is used to filter by runtime.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "App is the name constraint of the service that triggered the audit.\n", + "in": "query", + "name": "app", + "schema": { + "description": "App is the name constraint of the service that triggered the audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ProcessPath is the path constraint of the process that triggered the audit.\n", + "in": "query", + "name": "processPath", + "schema": { + "description": "ProcessPath is the path constraint of the process that triggered the audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestID is used to filter by request ID.\n", + "in": "query", + "name": "requestID", + "schema": { + "description": "RequestID is used to filter by request ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "FunctionID is used to filter by function ID.\n", + "in": "query", + "name": "functionID", + "schema": { + "description": "FunctionID is used to filter by function ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Aggregate indicates whether the result audits should be aggregated according to the Select field.\n", + "in": "query", + "name": "aggregate", + "schema": { + "type": "boolean" + } + }, + { + "description": "AppID is used to filter by embedded app or Fargate task that triggered the audit.\n", + "in": "query", + "name": "appID", + "schema": { + "description": "AppID is used to filter by embedded app or Fargate task that triggered the audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorRuntimeServerless" + }, + "operationId": "get-audits-runtime-serverless-download", + "summary": "Download Serverless Audit Events" + } + }, + "/api/v33.03/audits/runtime/serverless/timeslice": { + "get": { + "description": { + "$ref": "desc/audits/runtime_serverless_timeslice_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "IDs are the audit IDs to filter.\n", + "in": "query", + "name": "id", + "schema": { + "description": "IDs are the audit IDs to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ProfileIDs are the profile IDs to filter.\n", + "in": "query", + "name": "profileID", + "schema": { + "description": "ProfileIDs are the profile IDs to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Time is used to filter by audit time.\n", + "in": "query", + "name": "time", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "ImageNames is the image name filter.\n", + "in": "query", + "name": "imageName", + "schema": { + "description": "ImageNames is the image name filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Containers is the container name filter.\n", + "in": "query", + "name": "container", + "schema": { + "description": "Containers is the container name filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ContainerID is used to filter by container ID.\n", + "in": "query", + "name": "containerID", + "schema": { + "description": "ContainerID is used to filter by container ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RuleNames is used to filter by rule name.\n", + "in": "query", + "name": "ruleName", + "schema": { + "description": "RuleNames is used to filter by rule name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Types is used to filter by runtime audit type.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Types is used to filter by runtime audit type.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Effect is used to filter by runtime audit effect (e.g., block/alert).\n", + "in": "query", + "name": "effect", + "schema": { + "description": "Effect is used to filter by runtime audit effect (e.g., block/alert).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Users is used to filter by host users.\n", + "in": "query", + "name": "user", + "schema": { + "description": "Users is used to filter by host users.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OS is the image OS distro filter.\n", + "in": "query", + "name": "os", + "schema": { + "description": "OS is the image OS distro filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces is the namespaces filter.\n", + "in": "query", + "name": "namespace", + "schema": { + "description": "Namespaces is the namespaces filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Fields is used to fetch specific runtime audit fields.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "Fields is used to fetch specific runtime audit fields.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Clusters is the cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Clusters is the cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTypes is used to filter by runtime audit attack type.\n", + "in": "query", + "name": "attackType", + "schema": { + "description": "AttackTypes is used to filter by runtime audit attack type.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hostname is the hostname filter.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hostname is the hostname filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Message is the audit message text filter.\n", + "in": "query", + "name": "msg", + "schema": { + "description": "Message is the audit message text filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Interactive is the audit interactive filter.\n", + "in": "query", + "name": "interactive", + "schema": { + "description": "Interactive is the audit interactive filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Function is used to filter by function name.\n", + "in": "query", + "name": "function", + "schema": { + "description": "Function is used to filter by function name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Runtime is used to filter by runtime.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Runtime is used to filter by runtime.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "App is the name constraint of the service that triggered the audit.\n", + "in": "query", + "name": "app", + "schema": { + "description": "App is the name constraint of the service that triggered the audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ProcessPath is the path constraint of the process that triggered the audit.\n", + "in": "query", + "name": "processPath", + "schema": { + "description": "ProcessPath is the path constraint of the process that triggered the audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestID is used to filter by request ID.\n", + "in": "query", + "name": "requestID", + "schema": { + "description": "RequestID is used to filter by request ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "FunctionID is used to filter by function ID.\n", + "in": "query", + "name": "functionID", + "schema": { + "description": "FunctionID is used to filter by function ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Aggregate indicates whether the result audits should be aggregated according to the Select field.\n", + "in": "query", + "name": "aggregate", + "schema": { + "type": "boolean" + } + }, + { + "description": "AppID is used to filter by embedded app or Fargate task that triggered the audit.\n", + "in": "query", + "name": "appID", + "schema": { + "description": "AppID is used to filter by embedded app or Fargate task that triggered the audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Buckets is the number of buckets to return.\n", + "in": "query", + "name": "buckets", + "schema": { + "type": "integer" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_types.AuditTimeslice" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorRuntimeServerless" + }, + "operationId": "get-audits-runtime-serverless-timeslice", + "summary": "Get Runtime Serverless Audit Events for a Timeframe" + } + }, + "/api/v33.03/audits/trust": { + "get": { + "description": { + "$ref": "desc/audits/trust_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "RuleNames is used to filter by rulename.\n", + "in": "query", + "name": "ruleName", + "schema": { + "description": "RuleNames is used to filter by rulename.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Effect is used to filter by runtime audit effect (block/alert).\n", + "in": "query", + "name": "effect", + "schema": { + "description": "Effect is used to filter by runtime audit effect (block/alert).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "IDs is used to filter by registry/repo.\n", + "in": "query", + "name": "_id", + "schema": { + "description": "IDs is used to filter by registry/repo.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.TrustAudits" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages" + }, + "operationId": "get-audits-trust", + "summary": "Get Trust Audit Events" + } + }, + "/api/v33.03/audits/trust/download": { + "get": { + "description": { + "$ref": "desc/audits/trust_download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "RuleNames is used to filter by rulename.\n", + "in": "query", + "name": "ruleName", + "schema": { + "description": "RuleNames is used to filter by rulename.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Effect is used to filter by runtime audit effect (block/alert).\n", + "in": "query", + "name": "effect", + "schema": { + "description": "Effect is used to filter by runtime audit effect (block/alert).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "IDs is used to filter by registry/repo.\n", + "in": "query", + "name": "_id", + "schema": { + "description": "IDs is used to filter by registry/repo.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages" + }, + "operationId": "get-audits-trust-download", + "summary": "Download Trust Audit Events" + } + }, + "/api/v33.03/authenticate": { + "post": { + "description": { + "$ref": "desc/authenticate/post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/api.AuthenticationRequest" + } + } + } + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/api.AuthenticationResponse" + } + } + }, + "description": "AuthenticationResponse returns the result of calling the authentication endpoint" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Authenticate" + ], + "x-prisma-cloud-target-env": { + "permission": "none" + }, + "operationId": "post-authenticate", + "summary": "Get User Authentication Access Token" + } + }, + "/api/v33.03/authenticate-client": { + "post": { + "description": { + "$ref": "desc/authenticate-client/post.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/api.ConsoleAuthResponse" + } + } + }, + "description": "ConsoleAuthResponse represents the console certificates authentication response" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Authenticate-Client" + ], + "x-prisma-cloud-target-env": { + "permission": "none" + }, + "operationId": "post-authenticate-client", + "summary": "Get Client Authentication Access Token" + } + }, + "/api/v33.03/cloud/discovery": { + "get": { + "description": { + "$ref": "desc/cloud/discovery_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Provider is the provider filter.\n", + "in": "query", + "name": "provider", + "schema": { + "description": "Provider is the provider filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "CredentialID is the account filter.\n", + "in": "query", + "name": "credentialID", + "schema": { + "description": "CredentialID is the account filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ServiceType is the service type filter.\n", + "in": "query", + "name": "serviceType", + "schema": { + "description": "ServiceType is the service type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Registry is the registry filter.\n", + "in": "query", + "name": "registry", + "schema": { + "description": "Registry is the registry filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AccountName is the account name filter.\n", + "in": "query", + "name": "accountName", + "schema": { + "description": "AccountName is the account name filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Agentless is the agentless filter.\n", + "in": "query", + "name": "agentless", + "schema": { + "type": "boolean" + } + }, + { + "description": "Zone is the zone filter.\n", + "in": "query", + "name": "zone", + "schema": { + "description": "Zone is the zone filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.CloudDiscoveryResult" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Cloud" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorCloud" + }, + "operationId": "get-cloud-discovery", + "summary": "Get Cloud Discovery Scan Results" + } + }, + "/api/v33.03/cloud/discovery/download": { + "get": { + "description": { + "$ref": "desc/cloud/discovery_download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Provider is the provider filter.\n", + "in": "query", + "name": "provider", + "schema": { + "description": "Provider is the provider filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "CredentialID is the account filter.\n", + "in": "query", + "name": "credentialID", + "schema": { + "description": "CredentialID is the account filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ServiceType is the service type filter.\n", + "in": "query", + "name": "serviceType", + "schema": { + "description": "ServiceType is the service type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Registry is the registry filter.\n", + "in": "query", + "name": "registry", + "schema": { + "description": "Registry is the registry filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AccountName is the account name filter.\n", + "in": "query", + "name": "accountName", + "schema": { + "description": "AccountName is the account name filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Agentless is the agentless filter.\n", + "in": "query", + "name": "agentless", + "schema": { + "type": "boolean" + } + }, + { + "description": "Zone is the zone filter.\n", + "in": "query", + "name": "zone", + "schema": { + "description": "Zone is the zone filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Cloud" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorCloud" + }, + "operationId": "get-cloud-discovery-download", + "summary": "Download Cloud Discovery Scan Results" + } + }, + "/api/v33.03/cloud/discovery/entities": { + "get": { + "description": { + "$ref": "desc/cloud/discovery_entities_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "CredentialID is the account filter.\n", + "in": "query", + "name": "credentialID", + "schema": { + "description": "CredentialID is the account filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ServiceType is the service type filter.\n", + "in": "query", + "name": "serviceType", + "schema": { + "description": "ServiceType is the service type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Registry is the registry filter.\n", + "in": "query", + "name": "registry", + "schema": { + "description": "Registry is the registry filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Zone is the zone filter.\n", + "in": "query", + "name": "zone", + "schema": { + "description": "Zone is the zone filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Defended is the defended filter.\n", + "in": "query", + "name": "defended", + "schema": { + "type": "boolean" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.CloudDiscoveryEntity" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Cloud" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorCloud" + }, + "operationId": "get-cloud-discovery-entities", + "summary": "Get Discovered Cloud Entities" + } + }, + "/api/v33.03/cloud/discovery/scan": { + "post": { + "description": { + "$ref": "desc/cloud/discovery_scan_post.md" + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Cloud" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorCloud" + }, + "operationId": "post-cloud-discovery-scan", + "summary": "Start a Cloud Discovery Scan" + } + }, + "/api/v33.03/cloud/discovery/stop": { + "post": { + "description": { + "$ref": "desc/cloud/discovery_stop_post.md" + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Cloud" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorCloud" + }, + "operationId": "post-cloud-discovery-stop", + "summary": "Stop a Cloud Discovery Scan" + } + }, + "/api/v33.03/cloud/discovery/vms": { + "get": { + "description": { + "$ref": "desc/cloud/discovery_vms_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Provider is the provider filter.\n", + "in": "query", + "name": "provider", + "schema": { + "description": "Provider is the provider filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Region is the region filter.\n", + "in": "query", + "name": "region", + "schema": { + "description": "Region is the region filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "HasDefender indicates only VMs with or without a defender should return.\n", + "in": "query", + "name": "hasDefender", + "schema": { + "type": "boolean" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_types.DiscoveredVM" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Cloud" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorCloud" + }, + "operationId": "get-cloud-discovery-vms", + "summary": "Get Discovered VMs" + } + }, + "/api/v33.03/coderepos-ci/evaluate": { + "post": { + "description": { + "$ref": "desc/coderepos-ci/post_resolve.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/coderepos.ScanResult" + } + } + } + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/coderepos.ScanResult" + } + } + }, + "description": "ScanResult holds a specific repository data" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Coderepos-Ci" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorCI" + }, + "operationId": "post-coderepos-ci-evaluate", + "summary": "Resolve Code Repos" + } + }, + "/api/v33.03/collections": { + "get": { + "description": { + "$ref": "desc/collections/get.md" + }, + "parameters": [ + { + "description": "ExcludePrisma indicates to exclude Prisma collections.\n", + "in": "query", + "name": "excludePrisma", + "schema": { + "type": "boolean" + } + }, + { + "description": "Prisma filters the collections originates from Prisma Cloud.\n", + "in": "query", + "name": "prisma", + "schema": { + "type": "boolean" + } + }, + { + "description": "System.\n", + "in": "query", + "name": "system", + "schema": { + "type": "boolean" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_collection.Collection" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Collections" + ], + "x-prisma-cloud-target-env": { + "permission": "collections" + }, + "operationId": "get-collections", + "summary": "Get Collections" + }, + "post": { + "description": { + "$ref": "desc/collections/post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/collection.Collection" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Collections" + ], + "x-prisma-cloud-target-env": { + "permission": "collections" + }, + "operationId": "post-collections", + "summary": "Add a New Collection" + } + }, + "/api/v33.03/collections/{id}": { + "delete": { + "description": { + "$ref": "desc/collections/name_delete.md" + }, + "parameters": [ + { + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Collections" + ], + "x-prisma-cloud-target-env": { + "permission": "collections" + }, + "operationId": "delete-collections-id", + "summary": "Delete an Existing Collection" + }, + "put": { + "description": { + "$ref": "desc/collections/name_put.md" + }, + "parameters": [ + { + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/collection.Collection" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Collections" + ], + "x-prisma-cloud-target-env": { + "permission": "collections" + }, + "operationId": "put-collections-id", + "summary": "Update an Existing Collection" + } + }, + "/api/v33.03/collections/{id}/usages": { + "get": { + "description": { + "$ref": "desc/collections/name_usages_get.md" + }, + "parameters": [ + { + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_collection.Usage" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Collections" + ], + "x-prisma-cloud-target-env": { + "permission": "collections" + }, + "operationId": "get-collections-id-usages", + "summary": "Get Policies for a Collection" + } + }, + "/api/v33.03/containers": { + "get": { + "description": { + "$ref": "desc/containers/get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Hosts is used to filter containers by host.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hosts is used to filter containers by host.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Images is used to filter containers by image name.\n", + "in": "query", + "name": "image", + "schema": { + "description": "Images is used to filter containers by image name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ImageIDs is used to filter containers by image ids.\n", + "in": "query", + "name": "imageId", + "schema": { + "description": "ImageIDs is used to filter containers by image ids.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "IDs is used to filter container by container ID.\n", + "in": "query", + "name": "id", + "schema": { + "description": "IDs is used to filter container by container ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ProfileIDs is used to filter container by runtime profile ID.\n", + "in": "query", + "name": "profileId", + "schema": { + "description": "ProfileIDs is used to filter container by runtime profile ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces are the namespaces to filter.\n", + "in": "query", + "name": "namespaces", + "schema": { + "description": "Namespaces are the namespaces to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Fields are used to fetch specific container field.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "Fields are used to fetch specific container field.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "FirewallSupported is used to fetch containers with app firewall supported.\n", + "in": "query", + "name": "firewallSupported", + "schema": { + "type": "boolean" + } + }, + { + "description": "Clusters is used to filter containers by cluster name.\n", + "in": "query", + "name": "clusters", + "schema": { + "description": "Clusters is used to filter containers by cluster name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ComplianceIDs is used to filter containers by compliance IDs.\n", + "in": "query", + "name": "complianceIDs", + "schema": { + "description": "ComplianceIDs is used to filter containers by compliance IDs.\n", + "items": { + "$ref": "#/components/schemas/int" + }, + "type": "array" + } + }, + { + "description": "ComplianceRuleName is used to filter containers by applied compliance rule name.\n", + "in": "query", + "name": "complianceRuleName", + "schema": { + "type": "string" + } + }, + { + "description": "Agentless indicates that we should return only containers that were scanned by an agentless scanner.\n", + "in": "query", + "name": "agentless", + "schema": { + "type": "boolean" + } + }, + { + "description": "CSA indicates that we should return only containers that were scanned by CSA.\n", + "in": "query", + "name": "csa", + "schema": { + "type": "boolean" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.ContainerScanResult" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Containers" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages" + }, + "operationId": "get-containers", + "summary": "Get Container Scan Results" + } + }, + "/api/v33.03/containers/count": { + "get": { + "description": { + "$ref": "desc/containers/count_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Hosts is used to filter containers by host.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hosts is used to filter containers by host.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Images is used to filter containers by image name.\n", + "in": "query", + "name": "image", + "schema": { + "description": "Images is used to filter containers by image name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ImageIDs is used to filter containers by image ids.\n", + "in": "query", + "name": "imageId", + "schema": { + "description": "ImageIDs is used to filter containers by image ids.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "IDs is used to filter container by container ID.\n", + "in": "query", + "name": "id", + "schema": { + "description": "IDs is used to filter container by container ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ProfileIDs is used to filter container by runtime profile ID.\n", + "in": "query", + "name": "profileId", + "schema": { + "description": "ProfileIDs is used to filter container by runtime profile ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces are the namespaces to filter.\n", + "in": "query", + "name": "namespaces", + "schema": { + "description": "Namespaces are the namespaces to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Fields are used to fetch specific container field.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "Fields are used to fetch specific container field.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "FirewallSupported is used to fetch containers with app firewall supported.\n", + "in": "query", + "name": "firewallSupported", + "schema": { + "type": "boolean" + } + }, + { + "description": "Clusters is used to filter containers by cluster name.\n", + "in": "query", + "name": "clusters", + "schema": { + "description": "Clusters is used to filter containers by cluster name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ComplianceIDs is used to filter containers by compliance IDs.\n", + "in": "query", + "name": "complianceIDs", + "schema": { + "description": "ComplianceIDs is used to filter containers by compliance IDs.\n", + "items": { + "$ref": "#/components/schemas/int" + }, + "type": "array" + } + }, + { + "description": "ComplianceRuleName is used to filter containers by applied compliance rule name.\n", + "in": "query", + "name": "complianceRuleName", + "schema": { + "type": "string" + } + }, + { + "description": "Agentless indicates that we should return only containers that were scanned by an agentless scanner.\n", + "in": "query", + "name": "agentless", + "schema": { + "type": "boolean" + } + }, + { + "description": "CSA indicates that we should return only containers that were scanned by CSA.\n", + "in": "query", + "name": "csa", + "schema": { + "type": "boolean" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/int" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Containers" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages" + }, + "operationId": "get-containers-count", + "summary": "Get Containers Count" + } + }, + "/api/v33.03/containers/download": { + "get": { + "description": { + "$ref": "desc/containers/download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Hosts is used to filter containers by host.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hosts is used to filter containers by host.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Images is used to filter containers by image name.\n", + "in": "query", + "name": "image", + "schema": { + "description": "Images is used to filter containers by image name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ImageIDs is used to filter containers by image ids.\n", + "in": "query", + "name": "imageId", + "schema": { + "description": "ImageIDs is used to filter containers by image ids.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "IDs is used to filter container by container ID.\n", + "in": "query", + "name": "id", + "schema": { + "description": "IDs is used to filter container by container ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ProfileIDs is used to filter container by runtime profile ID.\n", + "in": "query", + "name": "profileId", + "schema": { + "description": "ProfileIDs is used to filter container by runtime profile ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces are the namespaces to filter.\n", + "in": "query", + "name": "namespaces", + "schema": { + "description": "Namespaces are the namespaces to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Fields are used to fetch specific container field.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "Fields are used to fetch specific container field.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "FirewallSupported is used to fetch containers with app firewall supported.\n", + "in": "query", + "name": "firewallSupported", + "schema": { + "type": "boolean" + } + }, + { + "description": "Clusters is used to filter containers by cluster name.\n", + "in": "query", + "name": "clusters", + "schema": { + "description": "Clusters is used to filter containers by cluster name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ComplianceIDs is used to filter containers by compliance IDs.\n", + "in": "query", + "name": "complianceIDs", + "schema": { + "description": "ComplianceIDs is used to filter containers by compliance IDs.\n", + "items": { + "$ref": "#/components/schemas/int" + }, + "type": "array" + } + }, + { + "description": "ComplianceRuleName is used to filter containers by applied compliance rule name.\n", + "in": "query", + "name": "complianceRuleName", + "schema": { + "type": "string" + } + }, + { + "description": "Agentless indicates that we should return only containers that were scanned by an agentless scanner.\n", + "in": "query", + "name": "agentless", + "schema": { + "type": "boolean" + } + }, + { + "description": "CSA indicates that we should return only containers that were scanned by CSA.\n", + "in": "query", + "name": "csa", + "schema": { + "type": "boolean" + } + }, + { + "description": "When set to true, an additional field \"Labels\" is included for each container in the output CSV/JSON file.\nThis field will provide a concatenated list of all the labels for the respective container in the format:\nkey1:value1,key2:value2,...,keyN:valueN. The default value for this parameter is \"false\".\n", + "in": "query", + "name": "includeLabels", + "schema": { + "type": "boolean" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Containers" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages" + }, + "operationId": "get-containers-download", + "summary": "Download Container Scan Results" + } + }, + "/api/v33.03/containers/names": { + "get": { + "description": { + "$ref": "desc/containers/names_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Hosts is used to filter containers by host.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hosts is used to filter containers by host.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Images is used to filter containers by image name.\n", + "in": "query", + "name": "image", + "schema": { + "description": "Images is used to filter containers by image name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ImageIDs is used to filter containers by image ids.\n", + "in": "query", + "name": "imageId", + "schema": { + "description": "ImageIDs is used to filter containers by image ids.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "IDs is used to filter container by container ID.\n", + "in": "query", + "name": "id", + "schema": { + "description": "IDs is used to filter container by container ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ProfileIDs is used to filter container by runtime profile ID.\n", + "in": "query", + "name": "profileId", + "schema": { + "description": "ProfileIDs is used to filter container by runtime profile ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces are the namespaces to filter.\n", + "in": "query", + "name": "namespaces", + "schema": { + "description": "Namespaces are the namespaces to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Fields are used to fetch specific container field.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "Fields are used to fetch specific container field.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "FirewallSupported is used to fetch containers with app firewall supported.\n", + "in": "query", + "name": "firewallSupported", + "schema": { + "type": "boolean" + } + }, + { + "description": "Clusters is used to filter containers by cluster name.\n", + "in": "query", + "name": "clusters", + "schema": { + "description": "Clusters is used to filter containers by cluster name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ComplianceIDs is used to filter containers by compliance IDs.\n", + "in": "query", + "name": "complianceIDs", + "schema": { + "description": "ComplianceIDs is used to filter containers by compliance IDs.\n", + "items": { + "$ref": "#/components/schemas/int" + }, + "type": "array" + } + }, + { + "description": "ComplianceRuleName is used to filter containers by applied compliance rule name.\n", + "in": "query", + "name": "complianceRuleName", + "schema": { + "type": "string" + } + }, + { + "description": "Agentless indicates that we should return only containers that were scanned by an agentless scanner.\n", + "in": "query", + "name": "agentless", + "schema": { + "type": "boolean" + } + }, + { + "description": "CSA indicates that we should return only containers that were scanned by CSA.\n", + "in": "query", + "name": "csa", + "schema": { + "type": "boolean" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_string" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Containers" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages" + }, + "operationId": "get-containers-names", + "summary": "Get Container Names" + } + }, + "/api/v33.03/containers/scan": { + "post": { + "description": { + "$ref": "desc/containers/scan_post.md" + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Containers" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages" + }, + "operationId": "post-containers-scan", + "summary": "Start a Container Scan" + } + }, + "/api/v33.03/credentials": { + "get": { + "description": { + "$ref": "desc/credentials/get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "IDs are the credential IDs to filter.\n", + "in": "query", + "name": "ids", + "schema": { + "description": "IDs are the credential IDs to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Cloud indicates whether to fetch cloud credentials (AWS/GCP/OCI/Azure) or other types of credentials.\n", + "in": "query", + "name": "cloud", + "schema": { + "type": "boolean" + } + }, + { + "description": "External indicates whether to fetch credentials imported from Prisma.\n", + "in": "query", + "name": "external", + "schema": { + "type": "boolean" + } + }, + { + "description": "AutoImported indicates whether to fetch credentials imported from Prisma automatically.\n", + "in": "query", + "name": "autoImported", + "schema": { + "type": "boolean" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_cred.Credential" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Credentials" + ], + "x-prisma-cloud-target-env": { + "permission": "manageCreds" + }, + "operationId": "get-credentials", + "summary": "Get All Credentials" + }, + "post": { + "description": { + "$ref": "desc/credentials/post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/cred.Credential" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Credentials" + ], + "x-prisma-cloud-target-env": { + "permission": "manageCreds" + }, + "operationId": "post-credentials", + "summary": "Add Credentials" + } + }, + "/api/v33.03/credentials/{id}": { + "delete": { + "description": { + "$ref": "desc/credentials/id_delete.md" + }, + "parameters": [ + { + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Credentials" + ], + "x-prisma-cloud-target-env": { + "permission": "manageCreds" + }, + "operationId": "delete-credentials-id", + "summary": "Delete a Credential" + } + }, + "/api/v33.03/credentials/{id}/usages": { + "get": { + "description": { + "$ref": "desc/credentials/id_usages_get.md" + }, + "parameters": [ + { + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_types.CredentialUsage" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Credentials" + ], + "x-prisma-cloud-target-env": { + "permission": "manageCreds" + }, + "operationId": "get-credentials-id-usages", + "summary": "Get Credential Usages" + } + }, + "/api/v33.03/current/collections": { + "get": { + "description": { + "$ref": "desc/current/collections_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_types.UserCollection" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Current" + ], + "x-prisma-cloud-target-env": { + "permission": "accessUI" + }, + "operationId": "get-current-collections", + "summary": "User Collections" + } + }, + "/api/v33.03/current/projects": { + "get": { + "description": { + "$ref": "desc/current/projects_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_types.UserProject" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Current" + ], + "x-prisma-cloud-target-env": { + "permission": "accessUI" + }, + "operationId": "get-current-projects", + "summary": "User Projects" + } + }, + "/api/v33.03/custom-compliance": { + "get": { + "description": { + "$ref": "desc/custom-compliance/get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.CustomComplianceCheck" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Custom-Compliance" + ], + "x-prisma-cloud-target-env": { + "permission": "policyComplianceCustomRules" + }, + "operationId": "get-custom-compliance", + "summary": "Get Custom Compliance Checks" + }, + "put": { + "description": { + "$ref": "desc/custom-compliance/put.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.CustomComplianceCheck" + } + } + } + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.CustomComplianceCheck" + } + } + }, + "description": "CustomComplianceCheck represents a custom compliance check entry" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Custom-Compliance" + ], + "x-prisma-cloud-target-env": { + "permission": "policyComplianceCustomRules" + }, + "operationId": "put-custom-compliance", + "summary": "Update Custom Compliance Checks" + } + }, + "/api/v33.03/custom-compliance/{id}": { + "delete": { + "description": { + "$ref": "desc/custom-compliance/id_delete.md" + }, + "parameters": [ + { + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Custom-Compliance" + ], + "x-prisma-cloud-target-env": { + "permission": "policyComplianceCustomRules" + }, + "operationId": "delete-custom-compliance-id", + "summary": "Delete a Custom Compliance Check" + } + }, + "/api/v33.03/custom-rules": { + "get": { + "description": { + "$ref": "desc/custom-rules/get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_customrules.Rule" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Custom-Rules" + ], + "x-prisma-cloud-target-env": { + "permission": "policyCustomRules" + }, + "operationId": "get-custom-rules", + "summary": "Get Custom Rules" + } + }, + "/api/v33.03/custom-rules/{id}": { + "delete": { + "description": { + "$ref": "desc/custom-rules/id_delete.md" + }, + "parameters": [ + { + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Custom-Rules" + ], + "x-prisma-cloud-target-env": { + "permission": "policyCustomRules" + }, + "operationId": "delete-custom-rules-id", + "summary": "Delete a Custom Rule" + }, + "put": { + "description": { + "$ref": "desc/custom-rules/id_put.md" + }, + "parameters": [ + { + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/customrules.Rule" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Custom-Rules" + ], + "x-prisma-cloud-target-env": { + "permission": "policyCustomRules" + }, + "operationId": "put-custom-rules-id", + "summary": "Update a Custom Rule" + } + }, + "/api/v33.03/defenders": { + "get": { + "description": { + "$ref": "desc/defenders/get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Hostname is a name of a specific Defender to retrieve.\n", + "in": "query", + "name": "hostname", + "schema": { + "type": "string" + } + }, + { + "description": "Roles are the defender api.Roles to filter.\n", + "in": "query", + "name": "role", + "schema": { + "description": "Roles are the defender api.Roles to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Indicates whether to return only connected Defenders (true) or disconnected Defenders (false).\n", + "in": "query", + "name": "connected", + "schema": { + "type": "boolean" + } + }, + { + "description": "Indicates the Defender types to return (e.g., docker, dockerWindows, cri, etc).\n", + "in": "query", + "name": "type", + "schema": { + "description": "Indicates the Defender types to return (e.g., docker, dockerWindows, cri, etc).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Indicates whether to return a list of Defenders that are running the latest version of Prisma Cloud (true)\nor defenders with older versions (false).\n", + "in": "query", + "name": "latest", + "schema": { + "type": "boolean" + } + }, + { + "description": "SupportedVersion indicates only Defenders of supported versions should be fetched.\n", + "in": "query", + "name": "supportedVersion", + "schema": { + "type": "boolean" + } + }, + { + "description": "Scopes the query by cluster name.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Scopes the query by cluster name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by TAS cluster IDs.\n", + "in": "query", + "name": "tasClusterIDs", + "schema": { + "description": "Scopes the query by TAS cluster IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by TAS blobstore scanning only Defenders (true) or TAS full coverage Defenders (false).\n", + "in": "query", + "name": "tasBlobstoreScanner", + "schema": { + "type": "boolean" + } + }, + { + "description": "Scopes the query by TAS foundations.\n", + "in": "query", + "name": "tasFoundations", + "schema": { + "description": "Scopes the query by TAS foundations.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query to defenders which are using old certificate.\n", + "in": "query", + "name": "usingOldCA", + "schema": { + "type": "boolean" + } + }, + { + "description": "Scopes the query to defenders which are using expired certificate.\n", + "in": "query", + "name": "usingExpiredCA", + "schema": { + "type": "boolean" + } + }, + { + "description": "Scopes the query by provider type\nIndicates whether to return only defenders running on ARM64 architecture.\n", + "in": "query", + "name": "isARM64", + "schema": { + "type": "boolean" + } + }, + { + "description": "Indicates whether to return only defenders running as VPC Observer.\n", + "in": "query", + "name": "isVPCObserver", + "schema": { + "type": "boolean" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_defender.Defender" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Defenders" + ], + "x-prisma-cloud-target-env": { + "permission": "manageDefenders" + }, + "operationId": "get-defenders", + "summary": "Get Deployed Defenders" + } + }, + "/api/v33.03/defenders/app-embedded": { + "post": { + "description": { + "$ref": "desc/defenders/app_embedded_post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.AppEmbeddedEmbedRequest" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Defenders" + ], + "x-prisma-cloud-target-env": { + "permission": "manageDefenders" + }, + "operationId": "post-defenders-app-embedded", + "summary": "Generate a Docker File for App-embedded Defender" + } + }, + "/api/v33.03/defenders/daemonset.yaml": { + "post": { + "description": { + "$ref": "desc/defenders/daemonset_yaml_post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/common.DaemonSetOptions" + } + } + } + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_uint8" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Defenders" + ], + "x-prisma-cloud-target-env": { + "permission": "manageDefenders" + }, + "operationId": "post-defenders-daemonset.yaml", + "summary": "Generate Daemonset Deployment YAML File" + } + }, + "/api/v33.03/defenders/download": { + "get": { + "description": { + "$ref": "desc/defenders/download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Hostname is a name of a specific Defender to retrieve.\n", + "in": "query", + "name": "hostname", + "schema": { + "type": "string" + } + }, + { + "description": "Roles are the defender api.Roles to filter.\n", + "in": "query", + "name": "role", + "schema": { + "description": "Roles are the defender api.Roles to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Indicates whether to return only connected Defenders (true) or disconnected Defenders (false).\n", + "in": "query", + "name": "connected", + "schema": { + "type": "boolean" + } + }, + { + "description": "Indicates the Defender types to return (e.g., docker, dockerWindows, cri, etc).\n", + "in": "query", + "name": "type", + "schema": { + "description": "Indicates the Defender types to return (e.g., docker, dockerWindows, cri, etc).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Indicates whether to return a list of Defenders that are running the latest version of Prisma Cloud (true)\nor defenders with older versions (false).\n", + "in": "query", + "name": "latest", + "schema": { + "type": "boolean" + } + }, + { + "description": "SupportedVersion indicates only Defenders of supported versions should be fetched.\n", + "in": "query", + "name": "supportedVersion", + "schema": { + "type": "boolean" + } + }, + { + "description": "Scopes the query by cluster name.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Scopes the query by cluster name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by TAS cluster IDs.\n", + "in": "query", + "name": "tasClusterIDs", + "schema": { + "description": "Scopes the query by TAS cluster IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by TAS blobstore scanning only Defenders (true) or TAS full coverage Defenders (false).\n", + "in": "query", + "name": "tasBlobstoreScanner", + "schema": { + "type": "boolean" + } + }, + { + "description": "Scopes the query by TAS foundations.\n", + "in": "query", + "name": "tasFoundations", + "schema": { + "description": "Scopes the query by TAS foundations.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query to defenders which are using old certificate.\n", + "in": "query", + "name": "usingOldCA", + "schema": { + "type": "boolean" + } + }, + { + "description": "Scopes the query to defenders which are using expired certificate.\n", + "in": "query", + "name": "usingExpiredCA", + "schema": { + "type": "boolean" + } + }, + { + "description": "Scopes the query by provider type\nIndicates whether to return only defenders running on ARM64 architecture.\n", + "in": "query", + "name": "isARM64", + "schema": { + "type": "boolean" + } + }, + { + "description": "Indicates whether to return only defenders running as VPC Observer.\n", + "in": "query", + "name": "isVPCObserver", + "schema": { + "type": "boolean" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Defenders" + ], + "x-prisma-cloud-target-env": { + "permission": "manageDefenders" + }, + "operationId": "get-defenders-download", + "summary": "Download Deployed Defenders" + } + }, + "/api/v33.03/defenders/fargate.json": { + "post": { + "description": { + "$ref": "desc/defenders/fargate_json_post.md" + }, + "parameters": [ + { + "description": "ConsoleAddr is the remote console address.\n", + "in": "query", + "name": "consoleaddr", + "schema": { + "type": "string" + } + }, + { + "description": "DefenderType is the type of the defender to create the install bundle for.\n", + "in": "query", + "name": "defenderType", + "schema": { + "description": "Type is the type to be given at startup", + "enum": [ + [ + "none", + "docker", + "dockerWindows", + "containerdWindows", + "swarm", + "daemonset", + "serverLinux", + "serverWindows", + "cri", + "fargate", + "appEmbedded", + "tas", + "tasWindows", + "serverless", + "ecs", + "podman" + ] + ], + "type": "string" + } + }, + { + "description": "Interpreter is a custom interpreter set by the user to run the fargate defender entrypoint script.\n", + "in": "query", + "name": "interpreter", + "schema": { + "type": "string" + } + }, + { + "description": "CloudFormation indicates if the given fargate task definition is in Cloud Formation format.\n", + "in": "query", + "name": "cloudFormation", + "schema": { + "type": "boolean" + } + }, + { + "description": "FilesystemMonitoring is the filesystem monitoring flag.\n", + "in": "query", + "name": "filesystemMonitoring", + "schema": { + "type": "boolean" + } + }, + { + "description": "ExtractEntrypoint indicates if entrypoint will be extracted automatically.\n", + "in": "query", + "name": "extractEntrypoint", + "schema": { + "type": "boolean" + } + }, + { + "description": "RegistryType is the registry type for fetching image details needed to create fargate task definition (e.g., dockerhub).\n", + "in": "query", + "name": "registryType", + "schema": { + "type": "string" + } + }, + { + "description": "RegistryCredentialID of the credentials in the credentials store to use for authenticating with the registry.\n", + "in": "query", + "name": "registryCredentialID", + "schema": { + "type": "string" + } + }, + { + "description": "DefenderImage is the full path to the Defender image, if not specified Prisma's private registry is used.\n", + "in": "query", + "name": "defenderImage", + "schema": { + "type": "string" + } + }, + { + "description": "DefenderImagePullSecret is the name of the secret required to pull the Defender image from private registry.\n", + "in": "query", + "name": "defenderImagePullSecret", + "schema": { + "type": "string" + } + } + ], + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/appembedded.FargateTask" + } + } + } + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/appembedded.FargateTask" + } + } + }, + "description": "FargateTask represents the generic fargate task AWS template" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Defenders" + ], + "x-prisma-cloud-target-env": { + "permission": "manageDefenders" + }, + "operationId": "post-defenders-fargate.json", + "summary": "Generate a Protected JSON Fargate Task Definition" + } + }, + "/api/v33.03/defenders/fargate.yaml": { + "post": { + "description": { + "$ref": "desc/defenders/fargate_yaml_post.md" + }, + "parameters": [ + { + "description": "ConsoleAddr is the remote console address.\n", + "in": "query", + "name": "consoleaddr", + "schema": { + "type": "string" + } + }, + { + "description": "DefenderType is the type of the defender to create the install bundle for.\n", + "in": "query", + "name": "defenderType", + "schema": { + "description": "Type is the type to be given at startup", + "enum": [ + [ + "none", + "docker", + "dockerWindows", + "containerdWindows", + "swarm", + "daemonset", + "serverLinux", + "serverWindows", + "cri", + "fargate", + "appEmbedded", + "tas", + "tasWindows", + "serverless", + "ecs", + "podman" + ] + ], + "type": "string" + } + }, + { + "description": "Interpreter is a custom interpreter set by the user to run the fargate defender entrypoint script.\n", + "in": "query", + "name": "interpreter", + "schema": { + "type": "string" + } + }, + { + "description": "CloudFormation indicates if the given fargate task definition is in Cloud Formation format.\n", + "in": "query", + "name": "cloudFormation", + "schema": { + "type": "boolean" + } + }, + { + "description": "FilesystemMonitoring is the filesystem monitoring flag.\n", + "in": "query", + "name": "filesystemMonitoring", + "schema": { + "type": "boolean" + } + }, + { + "description": "ExtractEntrypoint indicates if entrypoint will be extracted automatically.\n", + "in": "query", + "name": "extractEntrypoint", + "schema": { + "type": "boolean" + } + }, + { + "description": "RegistryType is the registry type for fetching image details needed to create fargate task definition (e.g., dockerhub).\n", + "in": "query", + "name": "registryType", + "schema": { + "type": "string" + } + }, + { + "description": "RegistryCredentialID of the credentials in the credentials store to use for authenticating with the registry.\n", + "in": "query", + "name": "registryCredentialID", + "schema": { + "type": "string" + } + }, + { + "description": "DefenderImage is the full path to the Defender image, if not specified Prisma's private registry is used.\n", + "in": "query", + "name": "defenderImage", + "schema": { + "type": "string" + } + }, + { + "description": "DefenderImagePullSecret is the name of the secret required to pull the Defender image from private registry.\n", + "in": "query", + "name": "defenderImagePullSecret", + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_uint8" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Defenders" + ], + "x-prisma-cloud-target-env": { + "permission": "manageDefenders" + }, + "operationId": "post-defenders-fargate.yaml", + "summary": "Generate a Protected YAML Fargate Task Definition" + } + }, + "/api/v33.03/defenders/helm/twistlock-defender-helm.tar.gz": { + "post": { + "description": { + "$ref": "desc/defenders/helm_post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/common.DaemonSetOptions" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Defenders" + ], + "x-prisma-cloud-target-env": { + "permission": "manageDefenders" + }, + "operationId": "post-defenders-helm-twistlock-defender-helm.tar.gz", + "summary": "Generate a Helm Deployment Chart for Defender" + } + }, + "/api/v33.03/defenders/image-name": { + "get": { + "description": { + "$ref": "desc/defenders/image-name_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/string" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Defenders" + ], + "x-prisma-cloud-target-env": { + "permission": "manageDefenders" + }, + "operationId": "get-defenders-image-name", + "summary": "Get Docker Image Name for Defender" + } + }, + "/api/v33.03/defenders/install-bundle": { + "get": { + "description": { + "$ref": "desc/defenders/install-bundle_get.md" + }, + "parameters": [ + { + "description": "ConsoleAddr is the remote console address.\n", + "in": "query", + "name": "consoleaddr", + "schema": { + "type": "string" + } + }, + { + "description": "DefenderType is the type of the defender to create the install bundle for.\n", + "in": "query", + "name": "defenderType", + "schema": { + "description": "Type is the type to be given at startup", + "enum": [ + [ + "none", + "docker", + "dockerWindows", + "containerdWindows", + "swarm", + "daemonset", + "serverLinux", + "serverWindows", + "cri", + "fargate", + "appEmbedded", + "tas", + "tasWindows", + "serverless", + "ecs", + "podman" + ] + ], + "type": "string" + } + }, + { + "description": "Interpreter is a custom interpreter set by the user to run the fargate defender entrypoint script.\n", + "in": "query", + "name": "interpreter", + "schema": { + "type": "string" + } + }, + { + "description": "CloudFormation indicates if the given fargate task definition is in Cloud Formation format.\n", + "in": "query", + "name": "cloudFormation", + "schema": { + "type": "boolean" + } + }, + { + "description": "FilesystemMonitoring is the filesystem monitoring flag.\n", + "in": "query", + "name": "filesystemMonitoring", + "schema": { + "type": "boolean" + } + }, + { + "description": "ExtractEntrypoint indicates if entrypoint will be extracted automatically.\n", + "in": "query", + "name": "extractEntrypoint", + "schema": { + "type": "boolean" + } + }, + { + "description": "RegistryType is the registry type for fetching image details needed to create fargate task definition (e.g., dockerhub).\n", + "in": "query", + "name": "registryType", + "schema": { + "type": "string" + } + }, + { + "description": "RegistryCredentialID of the credentials in the credentials store to use for authenticating with the registry.\n", + "in": "query", + "name": "registryCredentialID", + "schema": { + "type": "string" + } + }, + { + "description": "DefenderImage is the full path to the Defender image, if not specified Prisma's private registry is used.\n", + "in": "query", + "name": "defenderImage", + "schema": { + "type": "string" + } + }, + { + "description": "DefenderImagePullSecret is the name of the secret required to pull the Defender image from private registry.\n", + "in": "query", + "name": "defenderImagePullSecret", + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.DefenderInstallBundle" + } + } + }, + "description": "DefenderInstallBundle represents the install bundle for the defender" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Defenders" + ], + "x-prisma-cloud-target-env": { + "permission": "manageDefenders" + }, + "operationId": "get-defenders-install-bundle", + "summary": "Get Certificate Bundle for Defender" + } + }, + "/api/v33.03/defenders/names": { + "get": { + "description": { + "$ref": "desc/defenders/names_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Hostname is a name of a specific Defender to retrieve.\n", + "in": "query", + "name": "hostname", + "schema": { + "type": "string" + } + }, + { + "description": "Roles are the defender api.Roles to filter.\n", + "in": "query", + "name": "role", + "schema": { + "description": "Roles are the defender api.Roles to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Indicates whether to return only connected Defenders (true) or disconnected Defenders (false).\n", + "in": "query", + "name": "connected", + "schema": { + "type": "boolean" + } + }, + { + "description": "Indicates the Defender types to return (e.g., docker, dockerWindows, cri, etc).\n", + "in": "query", + "name": "type", + "schema": { + "description": "Indicates the Defender types to return (e.g., docker, dockerWindows, cri, etc).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Indicates whether to return a list of Defenders that are running the latest version of Prisma Cloud (true)\nor defenders with older versions (false).\n", + "in": "query", + "name": "latest", + "schema": { + "type": "boolean" + } + }, + { + "description": "SupportedVersion indicates only Defenders of supported versions should be fetched.\n", + "in": "query", + "name": "supportedVersion", + "schema": { + "type": "boolean" + } + }, + { + "description": "Scopes the query by cluster name.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Scopes the query by cluster name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by TAS cluster IDs.\n", + "in": "query", + "name": "tasClusterIDs", + "schema": { + "description": "Scopes the query by TAS cluster IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by TAS blobstore scanning only Defenders (true) or TAS full coverage Defenders (false).\n", + "in": "query", + "name": "tasBlobstoreScanner", + "schema": { + "type": "boolean" + } + }, + { + "description": "Scopes the query by TAS foundations.\n", + "in": "query", + "name": "tasFoundations", + "schema": { + "description": "Scopes the query by TAS foundations.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query to defenders which are using old certificate.\n", + "in": "query", + "name": "usingOldCA", + "schema": { + "type": "boolean" + } + }, + { + "description": "Scopes the query to defenders which are using expired certificate.\n", + "in": "query", + "name": "usingExpiredCA", + "schema": { + "type": "boolean" + } + }, + { + "description": "Scopes the query by provider type\nIndicates whether to return only defenders running on ARM64 architecture.\n", + "in": "query", + "name": "isARM64", + "schema": { + "type": "boolean" + } + }, + { + "description": "Indicates whether to return only defenders running as VPC Observer.\n", + "in": "query", + "name": "isVPCObserver", + "schema": { + "type": "boolean" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_string" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Defenders" + ], + "x-prisma-cloud-target-env": { + "permission": "manageDefenders" + }, + "operationId": "get-defenders-names", + "summary": "Get Defender Names" + } + }, + "/api/v33.03/defenders/serverless/bundle": { + "post": { + "description": { + "$ref": "desc/defenders/serverless-bundle_post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.ServerlessBundleRequest" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Defenders" + ], + "x-prisma-cloud-target-env": { + "permission": "manageDefenders" + }, + "operationId": "post-defenders-serverless-bundle", + "summary": "Generate Serverless Bundle for Defender" + } + }, + "/api/v33.03/defenders/summary": { + "get": { + "description": { + "$ref": "desc/defenders/summary_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_types.DefenderSummary" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Defenders" + ], + "x-prisma-cloud-target-env": { + "permission": "manageDefenders" + }, + "operationId": "get-defenders-summary", + "summary": "Get Defenders Summary" + } + }, + "/api/v33.03/defenders/tas-cloud-controller-address": { + "get": { + "description": { + "$ref": "desc/defenders/tas-cloud-controller-address_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Hostname is a name of a specific Defender to retrieve.\n", + "in": "query", + "name": "hostname", + "schema": { + "type": "string" + } + }, + { + "description": "Roles are the defender api.Roles to filter.\n", + "in": "query", + "name": "role", + "schema": { + "description": "Roles are the defender api.Roles to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Indicates whether to return only connected Defenders (true) or disconnected Defenders (false).\n", + "in": "query", + "name": "connected", + "schema": { + "type": "boolean" + } + }, + { + "description": "Indicates the Defender types to return (e.g., docker, dockerWindows, cri, etc).\n", + "in": "query", + "name": "type", + "schema": { + "description": "Indicates the Defender types to return (e.g., docker, dockerWindows, cri, etc).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Indicates whether to return a list of Defenders that are running the latest version of Prisma Cloud (true)\nor defenders with older versions (false).\n", + "in": "query", + "name": "latest", + "schema": { + "type": "boolean" + } + }, + { + "description": "SupportedVersion indicates only Defenders of supported versions should be fetched.\n", + "in": "query", + "name": "supportedVersion", + "schema": { + "type": "boolean" + } + }, + { + "description": "Scopes the query by cluster name.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Scopes the query by cluster name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by TAS cluster IDs.\n", + "in": "query", + "name": "tasClusterIDs", + "schema": { + "description": "Scopes the query by TAS cluster IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by TAS blobstore scanning only Defenders (true) or TAS full coverage Defenders (false).\n", + "in": "query", + "name": "tasBlobstoreScanner", + "schema": { + "type": "boolean" + } + }, + { + "description": "Scopes the query by TAS foundations.\n", + "in": "query", + "name": "tasFoundations", + "schema": { + "description": "Scopes the query by TAS foundations.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query to defenders which are using old certificate.\n", + "in": "query", + "name": "usingOldCA", + "schema": { + "type": "boolean" + } + }, + { + "description": "Scopes the query to defenders which are using expired certificate.\n", + "in": "query", + "name": "usingExpiredCA", + "schema": { + "type": "boolean" + } + }, + { + "description": "Scopes the query by provider type\nIndicates whether to return only defenders running on ARM64 architecture.\n", + "in": "query", + "name": "isARM64", + "schema": { + "type": "boolean" + } + }, + { + "description": "Indicates whether to return only defenders running as VPC Observer.\n", + "in": "query", + "name": "isVPCObserver", + "schema": { + "type": "boolean" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_string" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Defenders" + ], + "x-prisma-cloud-target-env": { + "permission": "manageDefenders" + }, + "operationId": "get-defenders-tas-cloud-controller-address", + "summary": "Defenders Tas Cloud Controller Address" + } + }, + "/api/v33.03/defenders/upgrade": { + "post": { + "description": { + "$ref": "desc/defenders/upgrade_post.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Hostname is a name of a specific Defender to retrieve.\n", + "in": "query", + "name": "hostname", + "schema": { + "type": "string" + } + }, + { + "description": "Roles are the defender api.Roles to filter.\n", + "in": "query", + "name": "role", + "schema": { + "description": "Roles are the defender api.Roles to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Indicates whether to return only connected Defenders (true) or disconnected Defenders (false).\n", + "in": "query", + "name": "connected", + "schema": { + "type": "boolean" + } + }, + { + "description": "Indicates the Defender types to return (e.g., docker, dockerWindows, cri, etc).\n", + "in": "query", + "name": "type", + "schema": { + "description": "Indicates the Defender types to return (e.g., docker, dockerWindows, cri, etc).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Indicates whether to return a list of Defenders that are running the latest version of Prisma Cloud (true)\nor defenders with older versions (false).\n", + "in": "query", + "name": "latest", + "schema": { + "type": "boolean" + } + }, + { + "description": "SupportedVersion indicates only Defenders of supported versions should be fetched.\n", + "in": "query", + "name": "supportedVersion", + "schema": { + "type": "boolean" + } + }, + { + "description": "Scopes the query by cluster name.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Scopes the query by cluster name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by TAS cluster IDs.\n", + "in": "query", + "name": "tasClusterIDs", + "schema": { + "description": "Scopes the query by TAS cluster IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by TAS blobstore scanning only Defenders (true) or TAS full coverage Defenders (false).\n", + "in": "query", + "name": "tasBlobstoreScanner", + "schema": { + "type": "boolean" + } + }, + { + "description": "Scopes the query by TAS foundations.\n", + "in": "query", + "name": "tasFoundations", + "schema": { + "description": "Scopes the query by TAS foundations.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query to defenders which are using old certificate.\n", + "in": "query", + "name": "usingOldCA", + "schema": { + "type": "boolean" + } + }, + { + "description": "Scopes the query to defenders which are using expired certificate.\n", + "in": "query", + "name": "usingExpiredCA", + "schema": { + "type": "boolean" + } + }, + { + "description": "Scopes the query by provider type\nIndicates whether to return only defenders running on ARM64 architecture.\n", + "in": "query", + "name": "isARM64", + "schema": { + "type": "boolean" + } + }, + { + "description": "Indicates whether to return only defenders running as VPC Observer.\n", + "in": "query", + "name": "isVPCObserver", + "schema": { + "type": "boolean" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Defenders" + ], + "x-prisma-cloud-target-env": { + "permission": "manageDefenders" + }, + "operationId": "post-defenders-upgrade", + "summary": "Upgrade Connected Single Linux Defenders" + } + }, + "/api/v33.03/defenders/{id}": { + "delete": { + "description": { + "$ref": "desc/defenders/id_delete.md" + }, + "parameters": [ + { + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Defenders" + ], + "x-prisma-cloud-target-env": { + "permission": "manageDefenders" + }, + "operationId": "delete-defenders-id", + "summary": "Delete a Defender" + } + }, + "/api/v33.03/defenders/{id}/features": { + "post": { + "description": { + "$ref": "desc/defenders/id_features_post.md" + }, + "parameters": [ + { + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/defender.Features" + } + } + } + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/defender.Defender" + } + } + }, + "description": "Defender is an update about an agent starting" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Defenders" + ], + "x-prisma-cloud-target-env": { + "permission": "manageDefenders" + }, + "operationId": "post-defenders-id-features", + "summary": "Update Defender Configuration" + } + }, + "/api/v33.03/defenders/{id}/restart": { + "post": { + "description": { + "$ref": "desc/defenders/id_restart_post.md" + }, + "parameters": [ + { + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Defenders" + ], + "x-prisma-cloud-target-env": { + "permission": "manageDefenders" + }, + "operationId": "post-defenders-id-restart", + "summary": "Restart a Defender" + } + }, + "/api/v33.03/defenders/{id}/upgrade": { + "post": { + "description": { + "$ref": "desc/defenders/id_upgrade_post.md" + }, + "parameters": [ + { + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Defenders" + ], + "x-prisma-cloud-target-env": { + "permission": "manageDefenders" + }, + "operationId": "post-defenders-id-upgrade", + "summary": "Upgrade a Defender" + } + }, + "/api/v33.03/feeds/custom/custom-vulnerabilities": { + "get": { + "description": { + "$ref": "desc/feeds/custom-vulnerabilities_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/vuln.CustomVulnerabilities" + } + } + }, + "description": "CustomVulnerabilities is a collection of custom vulnerabilities\nTBD: this storage usage is not best practice, should be migrate to a 1 document per vulnerability" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Feeds" + ], + "x-prisma-cloud-target-env": { + "permission": "systemOperations" + }, + "operationId": "get-feeds-custom-custom-vulnerabilities", + "summary": "Get Custom Vulnerability Feed" + }, + "put": { + "description": { + "$ref": "desc/feeds/custom-vulnerabilities_put.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/vuln.CustomVulnerabilities" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Feeds" + ], + "x-prisma-cloud-target-env": { + "permission": "systemOperations" + }, + "operationId": "put-feeds-custom-custom-vulnerabilities", + "summary": "Update Custom Vulnerability Feed" + } + }, + "/api/v33.03/feeds/custom/malware": { + "get": { + "description": { + "$ref": "desc/feeds/malware_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.CustomMalwareFeed" + } + } + }, + "description": "CustomMalwareFeed represent the custom malware" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Feeds" + ], + "x-prisma-cloud-target-env": { + "permission": "user" + }, + "operationId": "get-feeds-custom-malware", + "summary": "Get Custom Malware Feed" + }, + "put": { + "description": { + "$ref": "desc/feeds/malware_put.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.CustomMalwareFeed" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Feeds" + ], + "x-prisma-cloud-target-env": { + "permission": "systemOperations" + }, + "operationId": "put-feeds-custom-malware", + "summary": "Update Custom Malware Feed" + } + }, + "/api/v33.03/groups": { + "get": { + "description": { + "$ref": "desc/groups/get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/types.Groups" + } + } + }, + "description": "Groups represents a list of groups" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Groups" + ], + "x-prisma-cloud-target-env": { + "permission": "userManagement" + }, + "operationId": "get-groups", + "summary": "Get Groups" + }, + "post": { + "description": { + "$ref": "desc/groups/post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/types.Group" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Groups" + ], + "x-prisma-cloud-target-env": { + "permission": "userManagement" + }, + "operationId": "post-groups", + "summary": "Add a Group" + } + }, + "/api/v33.03/groups/names": { + "get": { + "description": { + "$ref": "desc/groups/names.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_string" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Groups" + ], + "x-prisma-cloud-target-env": { + "permission": "userManagement" + }, + "operationId": "get-groups-names", + "summary": "Get Group Names" + } + }, + "/api/v33.03/groups/{id}": { + "delete": { + "description": { + "$ref": "desc/groups/id_delete.md" + }, + "parameters": [ + { + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Groups" + ], + "x-prisma-cloud-target-env": { + "permission": "userManagement" + }, + "operationId": "delete-groups-id", + "summary": "Delete a Group" + }, + "put": { + "description": { + "$ref": "desc/groups/id_put.md" + }, + "parameters": [ + { + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/types.Group" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Groups" + ], + "x-prisma-cloud-target-env": { + "permission": "userManagement" + }, + "operationId": "put-groups-id", + "summary": "Update a Group" + } + }, + "/api/v33.03/hosts": { + "get": { + "description": { + "$ref": "desc/hosts/get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters the result based on hostnames.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Filters the result based on hostnames.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on OS distribution names.\n", + "in": "query", + "name": "distro", + "schema": { + "description": "Filters the result based on OS distribution names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Provides the minimal image data. Information about vulnerabilities, compliance, and extended image metadata are skipped.\nDefault is false.\n", + "in": "query", + "name": "compact", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters the result based on cluster names.\n", + "in": "query", + "name": "clusters", + "schema": { + "description": "Filters the result based on cluster names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on compliance IDs.\n", + "in": "query", + "name": "complianceIDs", + "schema": { + "description": "Filters the result based on compliance IDs.\n", + "items": { + "$ref": "#/components/schemas/int" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on applied compliance rule name.\n", + "in": "query", + "name": "complianceRuleName", + "schema": { + "type": "string" + } + }, + { + "description": "Retrieves the host names that were scanned by the agentless scanner.\n", + "in": "query", + "name": "agentless", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters only images scanned by CSA.\n", + "in": "query", + "name": "csa", + "schema": { + "type": "boolean" + } + }, + { + "description": "Retrieves the host names that were skipped during an agentless scan.\nDefault is false.\n", + "in": "query", + "name": "stopped", + "schema": { + "type": "boolean" + } + }, + { + "description": "Retrieves the result in the normalized form of low, medium, high, and critical based on vulnerability's severity level.\nDefault is false.\n", + "in": "query", + "name": "normalizedSeverity", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters results by uaiID.\n", + "in": "query", + "name": "uaiID", + "schema": { + "type": "string" + } + }, + { + "description": "Filters results by issue type.\n", + "in": "query", + "name": "issueType", + "schema": { + "description": "IssueType is used to filter scan results by issue type", + "enum": [ + [ + "vulnerabilities", + "compliance", + "" + ] + ], + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.ImageScanResult" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Hosts" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorHosts" + }, + "operationId": "get-hosts", + "summary": "Get Host Scan Results" + } + }, + "/api/v33.03/hosts/download": { + "get": { + "description": { + "$ref": "desc/hosts/download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters the result based on hostnames.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Filters the result based on hostnames.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on OS distribution names.\n", + "in": "query", + "name": "distro", + "schema": { + "description": "Filters the result based on OS distribution names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Provides the minimal image data. Information about vulnerabilities, compliance, and extended image metadata are skipped.\nDefault is false.\n", + "in": "query", + "name": "compact", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters the result based on cluster names.\n", + "in": "query", + "name": "clusters", + "schema": { + "description": "Filters the result based on cluster names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on compliance IDs.\n", + "in": "query", + "name": "complianceIDs", + "schema": { + "description": "Filters the result based on compliance IDs.\n", + "items": { + "$ref": "#/components/schemas/int" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on applied compliance rule name.\n", + "in": "query", + "name": "complianceRuleName", + "schema": { + "type": "string" + } + }, + { + "description": "Retrieves the host names that were scanned by the agentless scanner.\n", + "in": "query", + "name": "agentless", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters only images scanned by CSA.\n", + "in": "query", + "name": "csa", + "schema": { + "type": "boolean" + } + }, + { + "description": "Retrieves the host names that were skipped during an agentless scan.\nDefault is false.\n", + "in": "query", + "name": "stopped", + "schema": { + "type": "boolean" + } + }, + { + "description": "Retrieves the result in the normalized form of low, medium, high, and critical based on vulnerability's severity level.\nDefault is false.\n", + "in": "query", + "name": "normalizedSeverity", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters results by uaiID.\n", + "in": "query", + "name": "uaiID", + "schema": { + "type": "string" + } + }, + { + "description": "Filters results by issue type.\n", + "in": "query", + "name": "issueType", + "schema": { + "description": "IssueType is used to filter scan results by issue type", + "enum": [ + [ + "vulnerabilities", + "compliance", + "" + ] + ], + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Hosts" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorHosts" + }, + "operationId": "get-hosts-download", + "summary": "Download Host Scan Results" + } + }, + "/api/v33.03/hosts/evaluate": { + "post": { + "description": { + "$ref": "desc/hosts/evaluate_get.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/api.ResolveImagesReq" + } + } + } + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/api.ResolveImagesResp" + } + } + }, + "description": "ResolveImagesResp represents the images resolution API output" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Hosts" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorCI" + }, + "operationId": "post-hosts-evaluate", + "summary": "Resolve Hosts" + } + }, + "/api/v33.03/hosts/info": { + "get": { + "description": { + "$ref": "desc/hosts/info_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters the result based on hostnames.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Filters the result based on hostnames.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on OS distribution names.\n", + "in": "query", + "name": "distro", + "schema": { + "description": "Filters the result based on OS distribution names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Provides the minimal image data. Information about vulnerabilities, compliance, and extended image metadata are skipped.\nDefault is false.\n", + "in": "query", + "name": "compact", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters the result based on cluster names.\n", + "in": "query", + "name": "clusters", + "schema": { + "description": "Filters the result based on cluster names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on compliance IDs.\n", + "in": "query", + "name": "complianceIDs", + "schema": { + "description": "Filters the result based on compliance IDs.\n", + "items": { + "$ref": "#/components/schemas/int" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on applied compliance rule name.\n", + "in": "query", + "name": "complianceRuleName", + "schema": { + "type": "string" + } + }, + { + "description": "Retrieves the host names that were scanned by the agentless scanner.\n", + "in": "query", + "name": "agentless", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters only images scanned by CSA.\n", + "in": "query", + "name": "csa", + "schema": { + "type": "boolean" + } + }, + { + "description": "Retrieves the host names that were skipped during an agentless scan.\nDefault is false.\n", + "in": "query", + "name": "stopped", + "schema": { + "type": "boolean" + } + }, + { + "description": "Retrieves the result in the normalized form of low, medium, high, and critical based on vulnerability's severity level.\nDefault is false.\n", + "in": "query", + "name": "normalizedSeverity", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters results by uaiID.\n", + "in": "query", + "name": "uaiID", + "schema": { + "type": "string" + } + }, + { + "description": "Filters results by issue type.\n", + "in": "query", + "name": "issueType", + "schema": { + "description": "IssueType is used to filter scan results by issue type", + "enum": [ + [ + "vulnerabilities", + "compliance", + "" + ] + ], + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.HostInfo" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Hosts" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorRuntimeHosts" + }, + "operationId": "get-hosts-info", + "summary": "Get Host Information" + } + }, + "/api/v33.03/hosts/scan": { + "post": { + "description": { + "$ref": "desc/hosts/scan_post.md" + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Hosts" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorHosts" + }, + "operationId": "post-hosts-scan", + "summary": "Start a Host Scan" + } + }, + "/api/v33.03/images": { + "get": { + "description": { + "$ref": "desc/images/get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters the result based on image IDs.\n", + "in": "query", + "name": "id", + "schema": { + "description": "Filters the result based on image IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on hostnames.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Filters the result based on hostnames.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on image repository names.\n", + "in": "query", + "name": "repository", + "schema": { + "description": "Filters the result based on image repository names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on image registry names.\n", + "in": "query", + "name": "registry", + "schema": { + "description": "Filters the result based on image registry names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "List of fields to retrieve.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "List of fields to retrieve.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on image names.\n", + "in": "query", + "name": "name", + "schema": { + "description": "Filters the result based on image names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Indicates whether the CVEs are mapped to a specific image layer.\nDefault is false.\n", + "in": "query", + "name": "layers", + "schema": { + "type": "boolean" + } + }, + { + "description": "Indicates whether to filter the base image for vulnerabilities. Requires predefined base images that have already been scanned.\nDefault is false.\n", + "in": "query", + "name": "filterBaseImage", + "schema": { + "type": "boolean" + } + }, + { + "description": "Provides the minimal image data. Information about vulnerabilities, compliance, and extended image metadata are skipped.\nDefault is false.\n", + "in": "query", + "name": "compact", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters the result based on whether an image is trusted or not trusted by a trusted image policy.\nUse filters: trusted or untrusted.\n", + "in": "query", + "name": "trustStatuses", + "schema": { + "description": "Filters the result based on whether an image is trusted or not trusted by a trusted image policy.\nUse filters: trusted or untrusted.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cluster names.\n", + "in": "query", + "name": "clusters", + "schema": { + "description": "Filters the result based on cluster names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result by compliance IDs.\n", + "in": "query", + "name": "complianceIDs", + "schema": { + "description": "Filters the result by compliance IDs.\n", + "items": { + "$ref": "#/components/schemas/int" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on applied compliance rule name.\n", + "in": "query", + "name": "complianceRuleName", + "schema": { + "type": "string" + } + }, + { + "description": "Filters the result based on whether the images are scanned by App-Embedded Defenders.\nDefault is false.\n", + "in": "query", + "name": "appEmbedded", + "schema": { + "type": "boolean" + } + }, + { + "description": "Retrieves the result in the normalized form of low, medium, high, and critical based on vulnerability's severity level.\nDefault is false.\n", + "in": "query", + "name": "normalizedSeverity", + "schema": { + "type": "boolean" + } + }, + { + "description": "Indicates whether to retrieve host names that are scanned by agentless scanner.\nDefault is false.\n", + "in": "query", + "name": "agentless", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters only images scanned by CSA.\n", + "in": "query", + "name": "csa", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters results by uaiID.\n", + "in": "query", + "name": "uaiID", + "schema": { + "type": "string" + } + }, + { + "description": "Filters results by issue type.\n", + "in": "query", + "name": "issueType", + "schema": { + "description": "IssueType is used to filter scan results by issue type", + "enum": [ + [ + "vulnerabilities", + "compliance", + "" + ] + ], + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.ImageScanResult" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Images" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages" + }, + "operationId": "get-images", + "summary": "Get Image Scan Results" + } + }, + "/api/v33.03/images/download": { + "get": { + "description": { + "$ref": "desc/images/download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters the result based on image IDs.\n", + "in": "query", + "name": "id", + "schema": { + "description": "Filters the result based on image IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on hostnames.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Filters the result based on hostnames.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on image repository names.\n", + "in": "query", + "name": "repository", + "schema": { + "description": "Filters the result based on image repository names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on image registry names.\n", + "in": "query", + "name": "registry", + "schema": { + "description": "Filters the result based on image registry names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "List of fields to retrieve.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "List of fields to retrieve.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on image names.\n", + "in": "query", + "name": "name", + "schema": { + "description": "Filters the result based on image names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Indicates whether the CVEs are mapped to a specific image layer.\nDefault is false.\n", + "in": "query", + "name": "layers", + "schema": { + "type": "boolean" + } + }, + { + "description": "Indicates whether to filter the base image for vulnerabilities. Requires predefined base images that have already been scanned.\nDefault is false.\n", + "in": "query", + "name": "filterBaseImage", + "schema": { + "type": "boolean" + } + }, + { + "description": "Provides the minimal image data. Information about vulnerabilities, compliance, and extended image metadata are skipped.\nDefault is false.\n", + "in": "query", + "name": "compact", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters the result based on whether an image is trusted or not trusted by a trusted image policy.\nUse filters: trusted or untrusted.\n", + "in": "query", + "name": "trustStatuses", + "schema": { + "description": "Filters the result based on whether an image is trusted or not trusted by a trusted image policy.\nUse filters: trusted or untrusted.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cluster names.\n", + "in": "query", + "name": "clusters", + "schema": { + "description": "Filters the result based on cluster names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result by compliance IDs.\n", + "in": "query", + "name": "complianceIDs", + "schema": { + "description": "Filters the result by compliance IDs.\n", + "items": { + "$ref": "#/components/schemas/int" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on applied compliance rule name.\n", + "in": "query", + "name": "complianceRuleName", + "schema": { + "type": "string" + } + }, + { + "description": "Filters the result based on whether the images are scanned by App-Embedded Defenders.\nDefault is false.\n", + "in": "query", + "name": "appEmbedded", + "schema": { + "type": "boolean" + } + }, + { + "description": "Retrieves the result in the normalized form of low, medium, high, and critical based on vulnerability's severity level.\nDefault is false.\n", + "in": "query", + "name": "normalizedSeverity", + "schema": { + "type": "boolean" + } + }, + { + "description": "Indicates whether to retrieve host names that are scanned by agentless scanner.\nDefault is false.\n", + "in": "query", + "name": "agentless", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters only images scanned by CSA.\n", + "in": "query", + "name": "csa", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters results by uaiID.\n", + "in": "query", + "name": "uaiID", + "schema": { + "type": "string" + } + }, + { + "description": "Filters results by issue type.\n", + "in": "query", + "name": "issueType", + "schema": { + "description": "IssueType is used to filter scan results by issue type", + "enum": [ + [ + "vulnerabilities", + "compliance", + "" + ] + ], + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Images" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages" + }, + "operationId": "get-images-download", + "summary": "Download Image Scan Results" + } + }, + "/api/v33.03/images/evaluate": { + "post": { + "description": { + "$ref": "desc/images/evaluate_get.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/api.ResolveImagesReq" + } + } + } + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/api.ResolveImagesResp" + } + } + }, + "description": "ResolveImagesResp represents the images resolution API output" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Images" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorCI" + }, + "operationId": "post-images-evaluate", + "summary": "Resolve Images" + } + }, + "/api/v33.03/images/names": { + "get": { + "description": { + "$ref": "desc/images/names_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters the result based on image IDs.\n", + "in": "query", + "name": "id", + "schema": { + "description": "Filters the result based on image IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on hostnames.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Filters the result based on hostnames.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on image repository names.\n", + "in": "query", + "name": "repository", + "schema": { + "description": "Filters the result based on image repository names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on image registry names.\n", + "in": "query", + "name": "registry", + "schema": { + "description": "Filters the result based on image registry names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "List of fields to retrieve.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "List of fields to retrieve.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on image names.\n", + "in": "query", + "name": "name", + "schema": { + "description": "Filters the result based on image names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Indicates whether the CVEs are mapped to a specific image layer.\nDefault is false.\n", + "in": "query", + "name": "layers", + "schema": { + "type": "boolean" + } + }, + { + "description": "Indicates whether to filter the base image for vulnerabilities. Requires predefined base images that have already been scanned.\nDefault is false.\n", + "in": "query", + "name": "filterBaseImage", + "schema": { + "type": "boolean" + } + }, + { + "description": "Provides the minimal image data. Information about vulnerabilities, compliance, and extended image metadata are skipped.\nDefault is false.\n", + "in": "query", + "name": "compact", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters the result based on whether an image is trusted or not trusted by a trusted image policy.\nUse filters: trusted or untrusted.\n", + "in": "query", + "name": "trustStatuses", + "schema": { + "description": "Filters the result based on whether an image is trusted or not trusted by a trusted image policy.\nUse filters: trusted or untrusted.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cluster names.\n", + "in": "query", + "name": "clusters", + "schema": { + "description": "Filters the result based on cluster names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result by compliance IDs.\n", + "in": "query", + "name": "complianceIDs", + "schema": { + "description": "Filters the result by compliance IDs.\n", + "items": { + "$ref": "#/components/schemas/int" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on applied compliance rule name.\n", + "in": "query", + "name": "complianceRuleName", + "schema": { + "type": "string" + } + }, + { + "description": "Filters the result based on whether the images are scanned by App-Embedded Defenders.\nDefault is false.\n", + "in": "query", + "name": "appEmbedded", + "schema": { + "type": "boolean" + } + }, + { + "description": "Retrieves the result in the normalized form of low, medium, high, and critical based on vulnerability's severity level.\nDefault is false.\n", + "in": "query", + "name": "normalizedSeverity", + "schema": { + "type": "boolean" + } + }, + { + "description": "Indicates whether to retrieve host names that are scanned by agentless scanner.\nDefault is false.\n", + "in": "query", + "name": "agentless", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters only images scanned by CSA.\n", + "in": "query", + "name": "csa", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters results by uaiID.\n", + "in": "query", + "name": "uaiID", + "schema": { + "type": "string" + } + }, + { + "description": "Filters results by issue type.\n", + "in": "query", + "name": "issueType", + "schema": { + "description": "IssueType is used to filter scan results by issue type", + "enum": [ + [ + "vulnerabilities", + "compliance", + "" + ] + ], + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_string" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Images" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages" + }, + "operationId": "get-images-names", + "summary": "Get Image Names" + } + }, + "/api/v33.03/images/scan": { + "post": { + "description": { + "$ref": "desc/images/scan_post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/types.ImageScanOptions" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Images" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages" + }, + "operationId": "post-images-scan", + "summary": "Start Image Scan" + } + }, + "/api/v33.03/images/twistlock_defender_app_embedded.tar.gz": { + "get": { + "description": { + "$ref": "desc/images/twistlock_defender_app_embedded_tar_gz_get.md" + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Images" + ], + "x-prisma-cloud-target-env": { + "permission": "manageDefenders" + }, + "operationId": "get-images-twistlock_defender_app_embedded.tar.gz", + "summary": "Download App Embedded Defender" + } + }, + "/api/v33.03/images/twistlock_defender_layer.zip": { + "post": { + "description": { + "$ref": "desc/images/twistlock_defender_layer_zip_post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.ServerlessLayerBundleRequest" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Images" + ], + "x-prisma-cloud-target-env": { + "permission": "manageDefenders" + }, + "operationId": "post-images-twistlock_defender_layer.zip", + "summary": "Download Serverless Layer Bundle" + } + }, + "/api/v33.03/policies/compliance/ci/images": { + "get": { + "description": { + "$ref": "desc/policies/compliance_ci_images_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.Policy" + } + } + }, + "description": "Policy represents a policy that should be enforced by the Auditor" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyContainers" + }, + "operationId": "get-policies-compliance-ci-images", + "summary": "Get Continuous Integration (CI) Image Compliance Policy" + }, + "put": { + "description": { + "$ref": "desc/policies/compliance_ci_images_put.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.Policy" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyContainers" + }, + "operationId": "put-policies-compliance-ci-images", + "summary": "Update Continuous Integration (CI) Image Compliance Policy" + } + }, + "/api/v33.03/policies/compliance/ci/serverless": { + "get": { + "description": { + "$ref": "desc/policies/compliance_ci_serverless_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.Policy" + } + } + }, + "description": "Policy represents a policy that should be enforced by the Auditor" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyServerless" + }, + "operationId": "get-policies-compliance-ci-serverless", + "summary": "Get Continuous Integration (CI) Serverless Compliance Policy" + }, + "put": { + "description": { + "$ref": "desc/policies/compliance_ci_serverless_put.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.Policy" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyServerless" + }, + "operationId": "put-policies-compliance-ci-serverless", + "summary": "Update Continuous Integration (CI) Serverless Compliance Policy" + } + }, + "/api/v33.03/policies/compliance/container": { + "get": { + "description": { + "$ref": "desc/policies/compliance_container_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.Policy" + } + } + }, + "description": "Policy represents a policy that should be enforced by the Auditor" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyContainers" + }, + "operationId": "get-policies-compliance-container", + "summary": "Get Container Compliance Policy" + }, + "put": { + "description": { + "$ref": "desc/policies/compliance_container_put.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.Policy" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyContainers" + }, + "operationId": "put-policies-compliance-container", + "summary": "Update Container Compliance Policy" + } + }, + "/api/v33.03/policies/compliance/container/impacted": { + "get": { + "description": { + "$ref": "desc/policies/compliance_container_impacted_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "RuleName is the rule name to apply.\n", + "in": "query", + "name": "ruleName", + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.ImageScanResult" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyContainers" + }, + "operationId": "get-policies-compliance-container-impacted", + "summary": "Get Impacted Container Compliance Policy" + } + }, + "/api/v33.03/policies/compliance/host": { + "get": { + "description": { + "$ref": "desc/policies/compliance_host_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.Policy" + } + } + }, + "description": "Policy represents a policy that should be enforced by the Auditor" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyHosts" + }, + "operationId": "get-policies-compliance-host", + "summary": "Get Host Compliance Policy" + }, + "put": { + "description": { + "$ref": "desc/policies/compliance_host_put.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.Policy" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyHosts" + }, + "operationId": "put-policies-compliance-host", + "summary": "Update Host Compliance Policy" + } + }, + "/api/v33.03/policies/compliance/serverless": { + "get": { + "description": { + "$ref": "desc/policies/compliance_serverless_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.Policy" + } + } + }, + "description": "Policy represents a policy that should be enforced by the Auditor" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyServerless" + }, + "operationId": "get-policies-compliance-serverless", + "summary": "Get Serverless Compliance Policy" + }, + "put": { + "description": { + "$ref": "desc/policies/compliance_serverless_put.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.Policy" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyServerless" + }, + "operationId": "put-policies-compliance-serverless", + "summary": "Update Serverless Compliance Policy" + } + }, + "/api/v33.03/policies/compliance/vms/impacted": { + "get": { + "description": { + "$ref": "desc/policies/compliance_vms_impacted_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "RuleName is the rule name to apply.\n", + "in": "query", + "name": "ruleName", + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.ImageScanResult" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyHosts" + }, + "operationId": "get-policies-compliance-vms-impacted", + "summary": "Get Impacted VMs Compliance Policy" + } + }, + "/api/v33.03/policies/firewall/app/agentless": { + "get": { + "description": { + "$ref": "desc/policies/firewall_app_agentless_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/waas.Policy" + } + } + }, + "description": "Policy representation details" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyWAAS" + }, + "operationId": "get-policies-firewall-app-agentless", + "summary": "Get Agentless App Firewall Policy" + }, + "put": { + "description": { + "$ref": "desc/policies/firewall_app_agentless_put.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/waas.Policy" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyWAAS" + }, + "operationId": "put-policies-firewall-app-agentless", + "summary": "Set Agentless App Firewall Policy" + } + }, + "/api/v33.03/policies/firewall/app/agentless/impacted": { + "get": { + "description": { + "$ref": "desc/policies/firewall_app_agentless_impacted_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "RuleName is the rule name to apply.\n", + "in": "query", + "name": "ruleName", + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_waas.VPCConfigMirroredResource" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyWAAS" + }, + "operationId": "get-policies-firewall-app-agentless-impacted", + "summary": "Get Agentless App Firewall Policy Impacted" + } + }, + "/api/v33.03/policies/firewall/app/agentless/resources": { + "get": { + "description": { + "$ref": "desc/policies/firewall_app_agentless_resources_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "ConfigID is the ID of the VPC configuration.\n", + "in": "query", + "name": "configID", + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_waas.VPCConfigResource" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyWAAS" + }, + "operationId": "get-policies-firewall-app-agentless-resources", + "summary": "Get Agentless App Firewall Policy Resources" + } + }, + "/api/v33.03/policies/firewall/app/agentless/state": { + "get": { + "description": { + "$ref": "desc/policies/firewall_app_agentless_state_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/waas.AgentlessPolicyState" + } + } + }, + "description": "AgentlessPolicyState is the state of the agentless policy" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyWAAS" + }, + "operationId": "get-policies-firewall-app-agentless-state", + "summary": "Get Agentless App Firewall Policy State" + } + }, + "/api/v33.03/policies/firewall/app/apispec": { + "post": { + "description": { + "$ref": "desc/policies/firewall_app_apispec_post.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/waas.APISpec" + } + } + }, + "description": "APISpec is an API specification" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyWAAS" + }, + "operationId": "post-policies-firewall-app-apispec", + "summary": "Generate a WAAS API Specification Object" + } + }, + "/api/v33.03/policies/firewall/app/app-embedded": { + "get": { + "description": { + "$ref": "desc/policies/firewall_app-embedded_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/waas.Policy" + } + } + }, + "description": "Policy representation details" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyWAAS" + }, + "operationId": "get-policies-firewall-app-app-embedded", + "summary": "Get WAAS App-embedded Policy" + }, + "put": { + "description": { + "$ref": "desc/policies/firewall_app-embedded_put.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/waas.Policy" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyWAAS" + }, + "operationId": "put-policies-firewall-app-app-embedded", + "summary": "Update WAAS App-embedded Policy" + } + }, + "/api/v33.03/policies/firewall/app/container": { + "get": { + "description": { + "$ref": "desc/policies/firewall_app_container_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/waas.Policy" + } + } + }, + "description": "Policy representation details" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyWAAS" + }, + "operationId": "get-policies-firewall-app-container", + "summary": "Get WAAS Container Policy" + }, + "put": { + "description": { + "$ref": "desc/policies/firewall_app_container_put.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/waas.Policy" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyWAAS" + }, + "operationId": "put-policies-firewall-app-container", + "summary": "Update WAAS Container Policy" + } + }, + "/api/v33.03/policies/firewall/app/container/impacted": { + "get": { + "description": { + "$ref": "desc/policies/firewall_app_container_impacted_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "RuleName is the rule name to apply.\n", + "in": "query", + "name": "ruleName", + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.ContainerScanResult" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyWAAS" + }, + "operationId": "get-policies-firewall-app-container-impacted", + "summary": "Container App Firewall Policy Impacted" + } + }, + "/api/v33.03/policies/firewall/app/host": { + "get": { + "description": { + "$ref": "desc/policies/firewall_app_host_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/waas.Policy" + } + } + }, + "description": "Policy representation details" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyWAAS" + }, + "operationId": "get-policies-firewall-app-host", + "summary": "Get WAAS Host Policy" + }, + "put": { + "description": { + "$ref": "desc/policies/firewall_app_host_put.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/waas.Policy" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyWAAS" + }, + "operationId": "put-policies-firewall-app-host", + "summary": "Update WAAS Host Policy" + } + }, + "/api/v33.03/policies/firewall/app/host/impacted": { + "get": { + "description": { + "$ref": "desc/policies/firewall_app_host_impacted_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "RuleName is the rule name to apply.\n", + "in": "query", + "name": "ruleName", + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.ImageScanResult" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyWAAS" + }, + "operationId": "get-policies-firewall-app-host-impacted", + "summary": "Host App Firewall Policy Impacted" + } + }, + "/api/v33.03/policies/firewall/app/network-list": { + "get": { + "description": { + "$ref": "desc/policies/firewall_app_network_list_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_waas.NetworkList" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyWAAS" + }, + "operationId": "get-policies-firewall-app-network-list", + "summary": "Get WAAS Network List" + }, + "post": { + "description": { + "$ref": "desc/policies/firewall_app_network_list_post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/waas.NetworkList" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyWAAS" + }, + "operationId": "post-policies-firewall-app-network-list", + "summary": "Add WAAS Network List" + }, + "put": { + "description": { + "$ref": "desc/policies/firewall_app_network_list_put.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/waas.NetworkList" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyWAAS" + }, + "operationId": "put-policies-firewall-app-network-list", + "summary": "Update WAAS Network List" + } + }, + "/api/v33.03/policies/firewall/app/network-list/{id}": { + "delete": { + "description": { + "$ref": "desc/policies/firewall_app_network_list_id_delete.md" + }, + "parameters": [ + { + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyWAAS" + }, + "operationId": "delete-policies-firewall-app-network-list-id", + "summary": "Delete WAAS Network List" + } + }, + "/api/v33.03/policies/firewall/app/out-of-band": { + "get": { + "description": { + "$ref": "desc/policies/firewall_app_out-of-band_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/waas.Policy" + } + } + }, + "description": "Policy representation details" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyWAAS" + }, + "operationId": "get-policies-firewall-app-out-of-band", + "summary": "Get Out-of-Band WAAS Policy" + }, + "put": { + "description": { + "$ref": "desc/policies/firewall_app_out-of-band_put.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/waas.Policy" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyWAAS" + }, + "operationId": "put-policies-firewall-app-out-of-band", + "summary": "Update Out-of-Band WAAS Policy" + } + }, + "/api/v33.03/policies/firewall/app/out-of-band/impacted": { + "get": { + "description": { + "$ref": "desc/policies/firewall_app_out-of-band_impacted_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "RuleName is the rule name to apply.\n", + "in": "query", + "name": "ruleName", + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_types.ImpactedOutOfBandEntity" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyWAAS" + }, + "operationId": "get-policies-firewall-app-out-of-band-impacted", + "summary": "Get Impacted Resources for Out-of-Band WAAS Policy" + } + }, + "/api/v33.03/policies/firewall/app/serverless": { + "get": { + "description": { + "$ref": "desc/policies/firewall_app_serverless_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/waas.Policy" + } + } + }, + "description": "Policy representation details" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyWAAS" + }, + "operationId": "get-policies-firewall-app-serverless", + "summary": "Get WAAS Serverless Policy" + }, + "put": { + "description": { + "$ref": "desc/policies/firewall_app_serverless_put.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/waas.Policy" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyWAAS" + }, + "operationId": "put-policies-firewall-app-serverless", + "summary": "Update WAAS Serverless Policy" + } + }, + "/api/v33.03/policies/firewall/network": { + "get": { + "description": { + "$ref": "desc/policies/firewall_network_container_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/cnnf.Policy" + } + } + }, + "description": "Policy holds the data for firewall policies (host and container)" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyCNNF" + }, + "operationId": "get-policies-firewall-network", + "summary": "Get CNNS Container and Host Policy" + }, + "put": { + "description": { + "$ref": "desc/policies/firewall_network_container_put.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/cnnf.Policy" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyCNNF" + }, + "operationId": "put-policies-firewall-network", + "summary": "Update CNNS Container and Host Policy" + } + }, + "/api/v33.03/policies/runtime/app-embedded": { + "get": { + "description": { + "$ref": "desc/policies/runtime_app-embedded_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/runtime.AppEmbeddedPolicy" + } + } + }, + "description": "AppEmbeddedPolicy represents a runtime policy enforced for a given running resource" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyRuntimeServerless" + }, + "operationId": "get-policies-runtime-app-embedded", + "summary": "Get Runtime App-embedded Policy" + }, + "post": { + "description": { + "$ref": "desc/policies/runtime_app-embedded_post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/runtime.AppEmbeddedPolicyRule" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyRuntimeServerless" + }, + "operationId": "post-policies-runtime-app-embedded", + "summary": "Add Runtime App-embedded Policy" + }, + "put": { + "description": { + "$ref": "desc/policies/runtime_app-embedded_put.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/runtime.AppEmbeddedPolicy" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyRuntimeServerless" + }, + "operationId": "put-policies-runtime-app-embedded", + "summary": "Update Runtime App-embedded Policy" + } + }, + "/api/v33.03/policies/runtime/container": { + "get": { + "description": { + "$ref": "desc/policies/runtime_container_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/runtime.ContainerPolicy" + } + } + }, + "description": "ContainerPolicy represents a runtime policy enforced for a given running resource" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyRuntimeContainer" + }, + "operationId": "get-policies-runtime-container", + "summary": "Get Runtime Container Policy" + }, + "post": { + "description": { + "$ref": "desc/policies/runtime_container_post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/runtime.ContainerPolicyRule" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyRuntimeContainer" + }, + "operationId": "post-policies-runtime-container", + "summary": "Update Runtime Container Policy" + }, + "put": { + "description": { + "$ref": "desc/policies/runtime_container_put.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/runtime.ContainerPolicy" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyRuntimeContainer" + }, + "operationId": "put-policies-runtime-container", + "summary": "Set Container Runtime Policy" + } + }, + "/api/v33.03/policies/runtime/container/impacted": { + "get": { + "description": { + "$ref": "desc/policies/runtime_container_impacted_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "RuleName is the rule name to apply.\n", + "in": "query", + "name": "ruleName", + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.ContainerScanResult" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyRuntimeContainer" + }, + "operationId": "get-policies-runtime-container-impacted", + "summary": "Update Runtime Impacted Container Policy" + } + }, + "/api/v33.03/policies/runtime/host": { + "get": { + "description": { + "$ref": "desc/policies/runtime_host_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/runtime.HostPolicy" + } + } + }, + "description": "HostPolicy represents a host runtime policy enforced for a given running resource" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyRuntimeHosts" + }, + "operationId": "get-policies-runtime-host", + "summary": "Get Runtime Host Policy" + }, + "post": { + "description": { + "$ref": "desc/policies/runtime_host_post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/runtime.HostPolicyRule" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyRuntimeHosts" + }, + "operationId": "post-policies-runtime-host", + "summary": "Update Runtime Host Policy" + }, + "put": { + "description": { + "$ref": "desc/policies/runtime_host_put.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/runtime.HostPolicy" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyRuntimeHosts" + }, + "operationId": "put-policies-runtime-host", + "summary": "Set Host Runtime Policy" + } + }, + "/api/v33.03/policies/runtime/serverless": { + "get": { + "description": { + "$ref": "desc/policies/runtime_serverless_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/runtime.ServerlessPolicy" + } + } + }, + "description": "ServerlessPolicy represents a serverless runtime policy enforced for a given running resource" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyRuntimeServerless" + }, + "operationId": "get-policies-runtime-serverless", + "summary": "Get Runtime Serverless Policy" + }, + "post": { + "description": { + "$ref": "desc/policies/runtime_serverless_post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/runtime.ServerlessPolicyRule" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyRuntimeServerless" + }, + "operationId": "post-policies-runtime-serverless", + "summary": "Update Runtime Serverless Policy" + }, + "put": { + "description": { + "$ref": "desc/policies/runtime_serverless_put.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/runtime.ServerlessPolicy" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyRuntimeServerless" + }, + "operationId": "put-policies-runtime-serverless", + "summary": "Set Serverless Runtime Policy" + } + }, + "/api/v33.03/policies/vulnerability/base-images": { + "get": { + "description": { + "$ref": "desc/policies/vulnerability_base_images_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_types.BaseImagesRule" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyContainers" + }, + "operationId": "get-policies-vulnerability-base-images", + "summary": "Get Base Images Rules" + }, + "post": { + "description": { + "$ref": "desc/policies/vulnerability_base_images_post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/types.BaseImagesRule" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyContainers" + }, + "operationId": "post-policies-vulnerability-base-images", + "summary": "Add Base Images Rule" + } + }, + "/api/v33.03/policies/vulnerability/base-images/download": { + "get": { + "description": { + "$ref": "desc/policies/vulnerability_base_images_download.md" + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyContainers" + }, + "operationId": "get-policies-vulnerability-base-images-download", + "summary": "Download Base Images Rules" + } + }, + "/api/v33.03/policies/vulnerability/base-images/{id}": { + "delete": { + "description": { + "$ref": "desc/policies/vulnerability_base_images_id_delete.md" + }, + "parameters": [ + { + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyContainers" + }, + "operationId": "delete-policies-vulnerability-base-images-id", + "summary": "Delete Base Images Rule" + } + }, + "/api/v33.03/policies/vulnerability/ci/images": { + "get": { + "description": { + "$ref": "desc/policies/vulnerability_ci_images_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.Policy" + } + } + }, + "description": "Policy represents a policy that should be enforced by the Auditor" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyContainers" + }, + "operationId": "get-policies-vulnerability-ci-images", + "summary": "Get CI Image Vulnerability Policy" + }, + "put": { + "description": { + "$ref": "desc/policies/vulnerability_ci_images_put.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.Policy" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyContainers" + }, + "operationId": "put-policies-vulnerability-ci-images", + "summary": "Update CI Image Vulnerability Policy" + } + }, + "/api/v33.03/policies/vulnerability/ci/serverless": { + "get": { + "description": { + "$ref": "desc/policies/vulnerability_ci_serverless_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.Policy" + } + } + }, + "description": "Policy represents a policy that should be enforced by the Auditor" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyServerless" + }, + "operationId": "get-policies-vulnerability-ci-serverless", + "summary": "Get CI Serverless Vulnerability Policy" + }, + "put": { + "description": { + "$ref": "desc/policies/vulnerability_ci_serverless_put.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.Policy" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyServerless" + }, + "operationId": "put-policies-vulnerability-ci-serverless", + "summary": "Update CI Serverless Vulnerability Policy" + } + }, + "/api/v33.03/policies/vulnerability/host": { + "get": { + "description": { + "$ref": "desc/policies/vulnerability_host_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.Policy" + } + } + }, + "description": "Policy represents a policy that should be enforced by the Auditor" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyHosts" + }, + "operationId": "get-policies-vulnerability-host", + "summary": "Get Host Vulnerability Policy" + }, + "put": { + "description": { + "$ref": "desc/policies/vulnerability_host_put.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.Policy" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyHosts" + }, + "operationId": "put-policies-vulnerability-host", + "summary": "Update Host Vulnerability Policy" + } + }, + "/api/v33.03/policies/vulnerability/host/impacted": { + "get": { + "description": { + "$ref": "desc/policies/vulnerability_host_impacted_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "RuleName is the rule name to apply.\n", + "in": "query", + "name": "ruleName", + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.ImageScanResult" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyHosts" + }, + "operationId": "get-policies-vulnerability-host-impacted", + "summary": "Get Impacted Host Vulnerability Policy" + } + }, + "/api/v33.03/policies/vulnerability/images": { + "get": { + "description": { + "$ref": "desc/policies/vulnerability_images_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.Policy" + } + } + }, + "description": "Policy represents a policy that should be enforced by the Auditor" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyContainers" + }, + "operationId": "get-policies-vulnerability-images", + "summary": "Get Image Vulnerability Policy" + }, + "put": { + "description": { + "$ref": "desc/policies/vulnerability_images_put.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.Policy" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyContainers" + }, + "operationId": "put-policies-vulnerability-images", + "summary": "Update Image Vulnerability Policy" + } + }, + "/api/v33.03/policies/vulnerability/images/impacted": { + "get": { + "description": { + "$ref": "desc/policies/vulnerability_images_impacted_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "RuleName is the rule name to apply.\n", + "in": "query", + "name": "ruleName", + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.ImageScanResult" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyContainers" + }, + "operationId": "get-policies-vulnerability-images-impacted", + "summary": "Get Impacted Image Vulnerability Policy" + } + }, + "/api/v33.03/policies/vulnerability/serverless": { + "get": { + "description": { + "$ref": "desc/policies/vulnerability_serverless_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.Policy" + } + } + }, + "description": "Policy represents a policy that should be enforced by the Auditor" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyServerless" + }, + "operationId": "get-policies-vulnerability-serverless", + "summary": "Get Serverless Vulnerability Policy" + }, + "put": { + "description": { + "$ref": "desc/policies/vulnerability_serverless_put.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.Policy" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyServerless" + }, + "operationId": "put-policies-vulnerability-serverless", + "summary": "Update Serverless Vulnerability Policy" + } + }, + "/api/v33.03/profiles/app-embedded": { + "get": { + "description": { + "$ref": "desc/profiles/app-embedded_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "IDs is the runtime profile id filter.\n", + "in": "query", + "name": "id", + "schema": { + "description": "IDs is the runtime profile id filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AppIDs is the app embedded profile app IDs filter.\n", + "in": "query", + "name": "appID", + "schema": { + "description": "AppIDs is the app embedded profile app IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Containers is the app embedded container filter.\n", + "in": "query", + "name": "container", + "schema": { + "description": "Containers is the app embedded container filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Images is the app embedded images filter.\n", + "in": "query", + "name": "image", + "schema": { + "description": "Images is the app embedded images filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Clusters is the app embedded clusters filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Clusters is the app embedded clusters filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ImageIDs is the app embedded image IDs filter.\n", + "in": "query", + "name": "imageID", + "schema": { + "description": "ImageIDs is the app embedded image IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.AppEmbeddedRuntimeProfile" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Profiles" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorRuntimeServerless" + }, + "operationId": "get-profiles-app-embedded", + "summary": "Get App-embedded Profiles" + } + }, + "/api/v33.03/profiles/app-embedded/download": { + "get": { + "description": { + "$ref": "desc/profiles/app-embedded_download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "IDs is the runtime profile id filter.\n", + "in": "query", + "name": "id", + "schema": { + "description": "IDs is the runtime profile id filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AppIDs is the app embedded profile app IDs filter.\n", + "in": "query", + "name": "appID", + "schema": { + "description": "AppIDs is the app embedded profile app IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Containers is the app embedded container filter.\n", + "in": "query", + "name": "container", + "schema": { + "description": "Containers is the app embedded container filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Images is the app embedded images filter.\n", + "in": "query", + "name": "image", + "schema": { + "description": "Images is the app embedded images filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Clusters is the app embedded clusters filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Clusters is the app embedded clusters filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ImageIDs is the app embedded image IDs filter.\n", + "in": "query", + "name": "imageID", + "schema": { + "description": "ImageIDs is the app embedded image IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Profiles" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorRuntimeServerless" + }, + "operationId": "get-profiles-app-embedded-download", + "summary": "Download App-embedded Profiles" + } + }, + "/api/v33.03/profiles/container": { + "get": { + "description": { + "$ref": "desc/profiles/container_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "IDs is the runtime profile id filter.\n", + "in": "query", + "name": "id", + "schema": { + "description": "IDs is the runtime profile id filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OS is the service runtime profile OS filter.\n", + "in": "query", + "name": "os", + "schema": { + "description": "OS is the service runtime profile OS filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "States is the runtime profile state filter.\n", + "in": "query", + "name": "state", + "schema": { + "description": "States is the runtime profile state filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ImageIDs is the runtime profile image id filter.\n", + "in": "query", + "name": "imageID", + "schema": { + "description": "ImageIDs is the runtime profile image id filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Images is the runtime profile image filter.\n", + "in": "query", + "name": "image", + "schema": { + "description": "Images is the runtime profile image filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hosts is the runtime profile hostname filter.\n", + "in": "query", + "name": "hostName", + "schema": { + "description": "Hosts is the runtime profile hostname filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces is the runtime profile k8s namespace filter.\n", + "in": "query", + "name": "namespace", + "schema": { + "description": "Namespaces is the runtime profile k8s namespace filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Clusters is the runtime profile k8s cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Clusters is the runtime profile k8s cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.ContainerRuntimeProfile" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Profiles" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorRuntimeContainers" + }, + "operationId": "get-profiles-container", + "summary": "Get Runtime Container Profiles" + } + }, + "/api/v33.03/profiles/container/download": { + "get": { + "description": { + "$ref": "desc/profiles/container_download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "IDs is the runtime profile id filter.\n", + "in": "query", + "name": "id", + "schema": { + "description": "IDs is the runtime profile id filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OS is the service runtime profile OS filter.\n", + "in": "query", + "name": "os", + "schema": { + "description": "OS is the service runtime profile OS filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "States is the runtime profile state filter.\n", + "in": "query", + "name": "state", + "schema": { + "description": "States is the runtime profile state filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ImageIDs is the runtime profile image id filter.\n", + "in": "query", + "name": "imageID", + "schema": { + "description": "ImageIDs is the runtime profile image id filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Images is the runtime profile image filter.\n", + "in": "query", + "name": "image", + "schema": { + "description": "Images is the runtime profile image filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hosts is the runtime profile hostname filter.\n", + "in": "query", + "name": "hostName", + "schema": { + "description": "Hosts is the runtime profile hostname filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces is the runtime profile k8s namespace filter.\n", + "in": "query", + "name": "namespace", + "schema": { + "description": "Namespaces is the runtime profile k8s namespace filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Clusters is the runtime profile k8s cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Clusters is the runtime profile k8s cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Profiles" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorRuntimeContainers" + }, + "operationId": "get-profiles-container-download", + "summary": "Download Runtime Container Profiles" + } + }, + "/api/v33.03/profiles/container/learn": { + "post": { + "description": { + "$ref": "desc/profiles/container_learn_post.md" + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Profiles" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorRuntimeContainers" + }, + "operationId": "post-profiles-container-learn", + "summary": "Learn Runtime Container Profiles" + } + }, + "/api/v33.03/profiles/host": { + "get": { + "description": { + "$ref": "desc/profiles/host_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "IDs is the runtime profile id filter.\n", + "in": "query", + "name": "id", + "schema": { + "description": "IDs is the runtime profile id filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OS is the service runtime profile OS filter.\n", + "in": "query", + "name": "os", + "schema": { + "description": "OS is the service runtime profile OS filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "States is the runtime profile state filter.\n", + "in": "query", + "name": "state", + "schema": { + "description": "States is the runtime profile state filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ImageIDs is the runtime profile image id filter.\n", + "in": "query", + "name": "imageID", + "schema": { + "description": "ImageIDs is the runtime profile image id filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Images is the runtime profile image filter.\n", + "in": "query", + "name": "image", + "schema": { + "description": "Images is the runtime profile image filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hosts is the runtime profile hostname filter.\n", + "in": "query", + "name": "hostName", + "schema": { + "description": "Hosts is the runtime profile hostname filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces is the runtime profile k8s namespace filter.\n", + "in": "query", + "name": "namespace", + "schema": { + "description": "Namespaces is the runtime profile k8s namespace filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Clusters is the runtime profile k8s cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Clusters is the runtime profile k8s cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_runtime.HostProfile" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Profiles" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorRuntimeHosts" + }, + "operationId": "get-profiles-host", + "summary": "Get Runtime Host Profiles" + } + }, + "/api/v33.03/profiles/host/download": { + "get": { + "description": { + "$ref": "desc/profiles/host_download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "IDs is the runtime profile id filter.\n", + "in": "query", + "name": "id", + "schema": { + "description": "IDs is the runtime profile id filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OS is the service runtime profile OS filter.\n", + "in": "query", + "name": "os", + "schema": { + "description": "OS is the service runtime profile OS filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "States is the runtime profile state filter.\n", + "in": "query", + "name": "state", + "schema": { + "description": "States is the runtime profile state filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ImageIDs is the runtime profile image id filter.\n", + "in": "query", + "name": "imageID", + "schema": { + "description": "ImageIDs is the runtime profile image id filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Images is the runtime profile image filter.\n", + "in": "query", + "name": "image", + "schema": { + "description": "Images is the runtime profile image filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hosts is the runtime profile hostname filter.\n", + "in": "query", + "name": "hostName", + "schema": { + "description": "Hosts is the runtime profile hostname filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces is the runtime profile k8s namespace filter.\n", + "in": "query", + "name": "namespace", + "schema": { + "description": "Namespaces is the runtime profile k8s namespace filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Clusters is the runtime profile k8s cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Clusters is the runtime profile k8s cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Profiles" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorRuntimeHosts" + }, + "operationId": "get-profiles-host-download", + "summary": "Download Runtime Host Profiles" + } + }, + "/api/v33.03/registry": { + "get": { + "description": { + "$ref": "desc/registry/get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters results by registry image.\n", + "in": "query", + "name": "id", + "schema": { + "description": "Filters results by registry image.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result by image IDs that are available in daemonset.\n", + "in": "query", + "name": "imageID", + "schema": { + "description": "Filters the result by image IDs that are available in daemonset.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on image repository names.\n", + "in": "query", + "name": "repository", + "schema": { + "description": "Filters the result based on image repository names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on image registry names.\n", + "in": "query", + "name": "registry", + "schema": { + "description": "Filters the result based on image registry names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on full image names.\n", + "in": "query", + "name": "name", + "schema": { + "description": "Filters the result based on full image names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Indicates whether the CVEs are mapped to an image layer.\nDefault is false.\n", + "in": "query", + "name": "layers", + "schema": { + "type": "boolean" + } + }, + { + "description": "Provides the minimal image data. Information about vulnerabilities, compliance, and extended image metadata are skipped.\nDefault is false.\n", + "in": "query", + "name": "compact", + "schema": { + "type": "boolean" + } + }, + { + "description": "Indicates whether to filter the base image for vulnerabilities. Requires predefined base images that have already been scanned.\nDefault is false.\n", + "in": "query", + "name": "filterBaseImage", + "schema": { + "type": "boolean" + } + }, + { + "description": "Retrieves the result in the normalized form of low, medium, high, and critical based on vulnerability's severity level.\nDefault is false.\n", + "in": "query", + "name": "normalizedSeverity", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters results by uaiID.\n", + "in": "query", + "name": "uaiID", + "schema": { + "type": "string" + } + }, + { + "description": "Filters results by issue type.\n", + "in": "query", + "name": "issueType", + "schema": { + "description": "IssueType is used to filter scan results by issue type", + "enum": [ + [ + "vulnerabilities", + "compliance", + "" + ] + ], + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.ImageScanResult" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Registry" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages" + }, + "operationId": "get-registry", + "summary": "Get Registry Scan Results" + } + }, + "/api/v33.03/registry/download": { + "get": { + "description": { + "$ref": "desc/registry/download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters results by registry image.\n", + "in": "query", + "name": "id", + "schema": { + "description": "Filters results by registry image.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result by image IDs that are available in daemonset.\n", + "in": "query", + "name": "imageID", + "schema": { + "description": "Filters the result by image IDs that are available in daemonset.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on image repository names.\n", + "in": "query", + "name": "repository", + "schema": { + "description": "Filters the result based on image repository names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on image registry names.\n", + "in": "query", + "name": "registry", + "schema": { + "description": "Filters the result based on image registry names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on full image names.\n", + "in": "query", + "name": "name", + "schema": { + "description": "Filters the result based on full image names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Indicates whether the CVEs are mapped to an image layer.\nDefault is false.\n", + "in": "query", + "name": "layers", + "schema": { + "type": "boolean" + } + }, + { + "description": "Provides the minimal image data. Information about vulnerabilities, compliance, and extended image metadata are skipped.\nDefault is false.\n", + "in": "query", + "name": "compact", + "schema": { + "type": "boolean" + } + }, + { + "description": "Indicates whether to filter the base image for vulnerabilities. Requires predefined base images that have already been scanned.\nDefault is false.\n", + "in": "query", + "name": "filterBaseImage", + "schema": { + "type": "boolean" + } + }, + { + "description": "Retrieves the result in the normalized form of low, medium, high, and critical based on vulnerability's severity level.\nDefault is false.\n", + "in": "query", + "name": "normalizedSeverity", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters results by uaiID.\n", + "in": "query", + "name": "uaiID", + "schema": { + "type": "string" + } + }, + { + "description": "Filters results by issue type.\n", + "in": "query", + "name": "issueType", + "schema": { + "description": "IssueType is used to filter scan results by issue type", + "enum": [ + [ + "vulnerabilities", + "compliance", + "" + ] + ], + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Registry" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages" + }, + "operationId": "get-registry-download", + "summary": "Download Registry Scan Results" + } + }, + "/api/v33.03/registry/names": { + "get": { + "description": { + "$ref": "desc/registry/names_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters results by registry image.\n", + "in": "query", + "name": "id", + "schema": { + "description": "Filters results by registry image.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result by image IDs that are available in daemonset.\n", + "in": "query", + "name": "imageID", + "schema": { + "description": "Filters the result by image IDs that are available in daemonset.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on image repository names.\n", + "in": "query", + "name": "repository", + "schema": { + "description": "Filters the result based on image repository names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on image registry names.\n", + "in": "query", + "name": "registry", + "schema": { + "description": "Filters the result based on image registry names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on full image names.\n", + "in": "query", + "name": "name", + "schema": { + "description": "Filters the result based on full image names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Indicates whether the CVEs are mapped to an image layer.\nDefault is false.\n", + "in": "query", + "name": "layers", + "schema": { + "type": "boolean" + } + }, + { + "description": "Provides the minimal image data. Information about vulnerabilities, compliance, and extended image metadata are skipped.\nDefault is false.\n", + "in": "query", + "name": "compact", + "schema": { + "type": "boolean" + } + }, + { + "description": "Indicates whether to filter the base image for vulnerabilities. Requires predefined base images that have already been scanned.\nDefault is false.\n", + "in": "query", + "name": "filterBaseImage", + "schema": { + "type": "boolean" + } + }, + { + "description": "Retrieves the result in the normalized form of low, medium, high, and critical based on vulnerability's severity level.\nDefault is false.\n", + "in": "query", + "name": "normalizedSeverity", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters results by uaiID.\n", + "in": "query", + "name": "uaiID", + "schema": { + "type": "string" + } + }, + { + "description": "Filters results by issue type.\n", + "in": "query", + "name": "issueType", + "schema": { + "description": "IssueType is used to filter scan results by issue type", + "enum": [ + [ + "vulnerabilities", + "compliance", + "" + ] + ], + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_string" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Registry" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages" + }, + "operationId": "get-registry-names", + "summary": "Get Registry Image Names" + } + }, + "/api/v33.03/registry/progress": { + "get": { + "description": { + "$ref": "desc/registry/get_registry_progress.md" + }, + "parameters": [ + { + "description": "OnDemand indicates the requested progress is for an on-demand scan.\n", + "in": "query", + "name": "onDemand", + "schema": { + "type": "boolean" + } + }, + { + "description": "Registry is the image's registry.\n", + "in": "query", + "name": "registry", + "schema": { + "type": "string" + } + }, + { + "description": "Repository is the image's repository.\n", + "in": "query", + "name": "repo", + "schema": { + "type": "string" + } + }, + { + "description": "Tag is the image's tag.\n", + "in": "query", + "name": "tag", + "schema": { + "type": "string" + } + }, + { + "description": "Digest is the image's digest.\n", + "in": "query", + "name": "digest", + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.RegistryScanProgress" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Registry" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages" + }, + "operationId": "get-registry-progress", + "summary": "View Registry Scan Progress" + } + }, + "/api/v33.03/registry/scan": { + "post": { + "description": { + "$ref": "desc/registry/scan_post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.RegistryScanRequest" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Registry" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages" + }, + "operationId": "post-registry-scan", + "summary": "Start a Registry Scan" + } + }, + "/api/v33.03/registry/scan/select": { + "post": { + "description": { + "$ref": "desc/registry/scan_select_post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.RegistryScanRequest" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Registry" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages" + }, + "operationId": "post-registry-scan-select", + "summary": "Scan Registries" + } + }, + "/api/v33.03/registry/stop": { + "post": { + "description": { + "$ref": "desc/registry/stop_post.md" + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Registry" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages" + }, + "operationId": "post-registry-stop", + "summary": "Stop a Registry Scan" + } + }, + "/api/v33.03/registry/stop/{id}": { + "post": { + "description": { + "$ref": "desc/registry/stop_id_post.md" + }, + "parameters": [ + { + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Registry" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages" + }, + "operationId": "post-registry-stop-id", + "summary": "Stop a Registry spec Scan" + } + }, + "/api/v33.03/sandbox": { + "post": { + "description": { + "$ref": "desc/sandbox/post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/sandbox.ScanResult" + } + } + } + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/sandbox.ScanResult" + } + } + }, + "description": "ScanResult represents sandbox scan results" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Sandbox" + ], + "x-prisma-cloud-target-env": { + "permission": "sandbox" + }, + "operationId": "post-sandbox", + "summary": "AddSandboxScanResult" + } + }, + "/api/v33.03/sbom/download/cli-images": { + "get": { + "description": { + "$ref": "desc/sbom/download_ci_images_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "ID is the ID of the entity of which the SBOM is generated for.\n", + "in": "query", + "name": "id", + "schema": { + "description": "ID is the ID of the entity of which the SBOM is generated for.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "sbomFormat is the file format of the SBOM.\n", + "in": "query", + "name": "sbomFormat", + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Sbom" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages" + }, + "operationId": "get-sbom-download-cli-images", + "summary": "Download SBOM CI Images" + } + }, + "/api/v33.03/sbom/download/cli-serverless": { + "get": { + "description": { + "$ref": "desc/sbom/download_cli_serverless_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "ID is the ID of the entity of which the SBOM is generated for.\n", + "in": "query", + "name": "id", + "schema": { + "description": "ID is the ID of the entity of which the SBOM is generated for.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "sbomFormat is the file format of the SBOM.\n", + "in": "query", + "name": "sbomFormat", + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Sbom" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages" + }, + "operationId": "get-sbom-download-cli-serverless", + "summary": "Download SBOM CLI Serverless" + } + }, + "/api/v33.03/sbom/download/hosts": { + "get": { + "description": { + "$ref": "desc/sbom/download_hosts_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "ID is the ID of the entity of which the SBOM is generated for.\n", + "in": "query", + "name": "id", + "schema": { + "description": "ID is the ID of the entity of which the SBOM is generated for.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "sbomFormat is the file format of the SBOM.\n", + "in": "query", + "name": "sbomFormat", + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Sbom" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages" + }, + "operationId": "get-sbom-download-hosts", + "summary": "Download SBOM Hosts" + } + }, + "/api/v33.03/sbom/download/images": { + "get": { + "description": { + "$ref": "desc/sbom/download_images_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "ID is the ID of the entity of which the SBOM is generated for.\n", + "in": "query", + "name": "id", + "schema": { + "description": "ID is the ID of the entity of which the SBOM is generated for.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "sbomFormat is the file format of the SBOM.\n", + "in": "query", + "name": "sbomFormat", + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Sbom" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages" + }, + "operationId": "get-sbom-download-images", + "summary": "Download SBOM Images" + } + }, + "/api/v33.03/sbom/download/registry": { + "get": { + "description": { + "$ref": "desc/sbom/download_registry_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "ID is the ID of the entity of which the SBOM is generated for.\n", + "in": "query", + "name": "id", + "schema": { + "description": "ID is the ID of the entity of which the SBOM is generated for.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "sbomFormat is the file format of the SBOM.\n", + "in": "query", + "name": "sbomFormat", + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Sbom" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages" + }, + "operationId": "get-sbom-download-registry", + "summary": "Download SBOM Registry" + } + }, + "/api/v33.03/sbom/download/serverless": { + "get": { + "description": { + "$ref": "desc/sbom/download_serverless_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "ID is the ID of the entity of which the SBOM is generated for.\n", + "in": "query", + "name": "id", + "schema": { + "description": "ID is the ID of the entity of which the SBOM is generated for.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "sbomFormat is the file format of the SBOM.\n", + "in": "query", + "name": "sbomFormat", + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Sbom" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages" + }, + "operationId": "get-sbom-download-serverless", + "summary": "Download SBOM Serverless" + } + }, + "/api/v33.03/sbom/download/vms": { + "get": { + "description": { + "$ref": "desc/sbom/download_vms_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "ID is the ID of the entity of which the SBOM is generated for.\n", + "in": "query", + "name": "id", + "schema": { + "description": "ID is the ID of the entity of which the SBOM is generated for.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "sbomFormat is the file format of the SBOM.\n", + "in": "query", + "name": "sbomFormat", + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Sbom" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages" + }, + "operationId": "get-sbom-download-vms", + "summary": "Download SBOM VMs" + } + }, + "/api/v33.03/scans": { + "get": { + "description": { + "$ref": "desc/scans/get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Scan ID used in the image layers fetch.\n", + "in": "query", + "name": "_id", + "schema": { + "type": "string" + } + }, + { + "description": "Jenkins job name.\n", + "in": "query", + "name": "jobName", + "schema": { + "description": "Jenkins job name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scan type.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Scan type.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Indicates whether to filter on passed scans (true) or not (false).\n", + "in": "query", + "name": "pass", + "schema": { + "type": "boolean" + } + }, + { + "description": "Build number.\n", + "in": "query", + "name": "build", + "schema": { + "type": "string" + } + }, + { + "description": "Image ID of scanned image.\n", + "in": "query", + "name": "imageID", + "schema": { + "type": "string" + } + }, + { + "description": "Indicates if CVEs are mapped to image layer (true) or not (false).\n", + "in": "query", + "name": "layers", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters results by start datetime. Based on scan time.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Filters results by end datetime. Based on scan time.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "List of fields to retrieve.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "List of fields to retrieve.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Indicates if base image vulnerabilities are to be filtered (true) or not (false). Requires predefined base images that have already been scanned.\n", + "in": "query", + "name": "filterBaseImage", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters results by uaiID.\n", + "in": "query", + "name": "uaiID", + "schema": { + "type": "string" + } + }, + { + "description": "Filters results by issue type.\n", + "in": "query", + "name": "issueType", + "schema": { + "description": "IssueType is used to filter scan results by issue type", + "enum": [ + [ + "vulnerabilities", + "compliance", + "" + ] + ], + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.CLIScanResult" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Scans" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorCI" + }, + "operationId": "get-scans", + "summary": "Get All CI Image Scan Results" + }, + "post": { + "description": { + "$ref": "desc/scans/post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.CLIScanResult" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Scans" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorCI" + }, + "operationId": "post-scans", + "summary": "Add CLI Scan Result" + } + }, + "/api/v33.03/scans/download": { + "get": { + "description": { + "$ref": "desc/scans/download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Scan ID used in the image layers fetch.\n", + "in": "query", + "name": "_id", + "schema": { + "type": "string" + } + }, + { + "description": "Jenkins job name.\n", + "in": "query", + "name": "jobName", + "schema": { + "description": "Jenkins job name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scan type.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Scan type.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Indicates whether to filter on passed scans (true) or not (false).\n", + "in": "query", + "name": "pass", + "schema": { + "type": "boolean" + } + }, + { + "description": "Build number.\n", + "in": "query", + "name": "build", + "schema": { + "type": "string" + } + }, + { + "description": "Image ID of scanned image.\n", + "in": "query", + "name": "imageID", + "schema": { + "type": "string" + } + }, + { + "description": "Indicates if CVEs are mapped to image layer (true) or not (false).\n", + "in": "query", + "name": "layers", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters results by start datetime. Based on scan time.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Filters results by end datetime. Based on scan time.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "List of fields to retrieve.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "List of fields to retrieve.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Indicates if base image vulnerabilities are to be filtered (true) or not (false). Requires predefined base images that have already been scanned.\n", + "in": "query", + "name": "filterBaseImage", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters results by uaiID.\n", + "in": "query", + "name": "uaiID", + "schema": { + "type": "string" + } + }, + { + "description": "Filters results by issue type.\n", + "in": "query", + "name": "issueType", + "schema": { + "description": "IssueType is used to filter scan results by issue type", + "enum": [ + [ + "vulnerabilities", + "compliance", + "" + ] + ], + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Scans" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorCI" + }, + "operationId": "get-scans-download", + "summary": "Download CI Image Scan Results" + } + }, + "/api/v33.03/scans/{id}": { + "get": { + "description": { + "$ref": "desc/scans/id_get.md" + }, + "parameters": [ + { + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Scans" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorCI" + }, + "operationId": "get-scans-id", + "summary": "Get CI Image Scan Results" + } + }, + "/api/v33.03/serverless": { + "get": { + "description": { + "$ref": "desc/serverless/get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Retrieves a list of cloud function IDs.\n", + "in": "query", + "name": "id", + "schema": { + "description": "Retrieves a list of cloud function IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Retrieves a list of cloud controller addresses that contains the cloud functions.\n", + "in": "query", + "name": "cloudControllerAddresses", + "schema": { + "description": "Retrieves a list of cloud controller addresses that contains the cloud functions.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud runtimes.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Filters the result based on cloud runtimes.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud function's versions.\n", + "in": "query", + "name": "version", + "schema": { + "description": "Filters the result based on cloud function's versions.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on AWS Lambda Layers.\n", + "in": "query", + "name": "functionLayers", + "schema": { + "description": "Filters the result based on AWS Lambda Layers.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters result based on cloud functions that are connected and protected by a Defender.\n", + "in": "query", + "name": "defended", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters result based on compliance IDs.\n", + "in": "query", + "name": "complianceIDs", + "schema": { + "description": "Filters result based on compliance IDs.\n", + "items": { + "$ref": "#/components/schemas/int" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on applied compliance rule name.\n", + "in": "query", + "name": "complianceRuleName", + "schema": { + "type": "string" + } + }, + { + "description": "Filters result based on platforms (OS and architecture) such as Windows, Linux ARM x64, Linux x86, and so on.\n", + "in": "query", + "name": "platform", + "schema": { + "description": "Filters result based on platforms (OS and architecture) such as Windows, Linux ARM x64, Linux x86, and so on.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Retrieves the result in the normalized form of low, medium, high, and critical based on vulnerability's severity level.\nDefault is false.\n", + "in": "query", + "name": "normalizedSeverity", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters results by issue type.\n", + "in": "query", + "name": "issueType", + "schema": { + "description": "IssueType is used to filter scan results by issue type", + "enum": [ + [ + "vulnerabilities", + "compliance", + "" + ] + ], + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_serverless.FunctionInfo" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Serverless" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorServerless" + }, + "operationId": "get-serverless", + "summary": "Get Serverless Function Scan Results" + } + }, + "/api/v33.03/serverless/download": { + "get": { + "description": { + "$ref": "desc/serverless/download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Retrieves a list of cloud function IDs.\n", + "in": "query", + "name": "id", + "schema": { + "description": "Retrieves a list of cloud function IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Retrieves a list of cloud controller addresses that contains the cloud functions.\n", + "in": "query", + "name": "cloudControllerAddresses", + "schema": { + "description": "Retrieves a list of cloud controller addresses that contains the cloud functions.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud runtimes.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Filters the result based on cloud runtimes.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud function's versions.\n", + "in": "query", + "name": "version", + "schema": { + "description": "Filters the result based on cloud function's versions.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on AWS Lambda Layers.\n", + "in": "query", + "name": "functionLayers", + "schema": { + "description": "Filters the result based on AWS Lambda Layers.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters result based on cloud functions that are connected and protected by a Defender.\n", + "in": "query", + "name": "defended", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters result based on compliance IDs.\n", + "in": "query", + "name": "complianceIDs", + "schema": { + "description": "Filters result based on compliance IDs.\n", + "items": { + "$ref": "#/components/schemas/int" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on applied compliance rule name.\n", + "in": "query", + "name": "complianceRuleName", + "schema": { + "type": "string" + } + }, + { + "description": "Filters result based on platforms (OS and architecture) such as Windows, Linux ARM x64, Linux x86, and so on.\n", + "in": "query", + "name": "platform", + "schema": { + "description": "Filters result based on platforms (OS and architecture) such as Windows, Linux ARM x64, Linux x86, and so on.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Retrieves the result in the normalized form of low, medium, high, and critical based on vulnerability's severity level.\nDefault is false.\n", + "in": "query", + "name": "normalizedSeverity", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters results by issue type.\n", + "in": "query", + "name": "issueType", + "schema": { + "description": "IssueType is used to filter scan results by issue type", + "enum": [ + [ + "vulnerabilities", + "compliance", + "" + ] + ], + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Serverless" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorServerless" + }, + "operationId": "get-serverless-download", + "summary": "Download Serverless Function Scan Results" + } + }, + "/api/v33.03/serverless/evaluate": { + "post": { + "description": { + "$ref": "desc/serverless/evaluate_post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/api.ResolveFunctionsReq" + } + } + } + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/api.ResolveFunctionsResp" + } + } + }, + "description": "ResolveFunctionsResp represents the functions resolution API output" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Serverless" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorCI" + }, + "operationId": "post-serverless-evaluate", + "summary": "Resolve Functions" + } + }, + "/api/v33.03/serverless/names": { + "get": { + "description": { + "$ref": "desc/serverless/names_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Retrieves a list of cloud function IDs.\n", + "in": "query", + "name": "id", + "schema": { + "description": "Retrieves a list of cloud function IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Retrieves a list of cloud controller addresses that contains the cloud functions.\n", + "in": "query", + "name": "cloudControllerAddresses", + "schema": { + "description": "Retrieves a list of cloud controller addresses that contains the cloud functions.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud runtimes.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Filters the result based on cloud runtimes.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud function's versions.\n", + "in": "query", + "name": "version", + "schema": { + "description": "Filters the result based on cloud function's versions.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on AWS Lambda Layers.\n", + "in": "query", + "name": "functionLayers", + "schema": { + "description": "Filters the result based on AWS Lambda Layers.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters result based on cloud functions that are connected and protected by a Defender.\n", + "in": "query", + "name": "defended", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters result based on compliance IDs.\n", + "in": "query", + "name": "complianceIDs", + "schema": { + "description": "Filters result based on compliance IDs.\n", + "items": { + "$ref": "#/components/schemas/int" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on applied compliance rule name.\n", + "in": "query", + "name": "complianceRuleName", + "schema": { + "type": "string" + } + }, + { + "description": "Filters result based on platforms (OS and architecture) such as Windows, Linux ARM x64, Linux x86, and so on.\n", + "in": "query", + "name": "platform", + "schema": { + "description": "Filters result based on platforms (OS and architecture) such as Windows, Linux ARM x64, Linux x86, and so on.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Retrieves the result in the normalized form of low, medium, high, and critical based on vulnerability's severity level.\nDefault is false.\n", + "in": "query", + "name": "normalizedSeverity", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters results by issue type.\n", + "in": "query", + "name": "issueType", + "schema": { + "description": "IssueType is used to filter scan results by issue type", + "enum": [ + [ + "vulnerabilities", + "compliance", + "" + ] + ], + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_string" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Serverless" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorServerless" + }, + "operationId": "get-serverless-names", + "summary": "Get Serverless Function Names" + } + }, + "/api/v33.03/serverless/scan": { + "post": { + "description": { + "$ref": "desc/serverless/scan_post.md" + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Serverless" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorServerless" + }, + "operationId": "post-serverless-scan", + "summary": "Start Serverless Function Scan" + } + }, + "/api/v33.03/serverless/stop": { + "post": { + "description": { + "$ref": "desc/serverless/stop_post.md" + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Serverless" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorServerless" + }, + "operationId": "post-serverless-stop", + "summary": "Stop Serverless Function Scan" + } + }, + "/api/v33.03/settings/certificates": { + "post": { + "description": { + "$ref": "desc/settings/certificates_post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/types.CertificateSettings" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "authConfiguration" + }, + "operationId": "post-settings-certificates", + "summary": "Add Certificate Settings for Clients Accessing a Custom CA" + } + }, + "/api/v33.03/settings/certs": { + "get": { + "description": { + "$ref": "desc/settings/certs_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/types.CertSettings" + } + } + }, + "description": "CertSettings are the certificates settings" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "manageDefenders" + }, + "operationId": "get-settings-certs", + "summary": "Get Certificate Settings for Prisma Cloud Compute" + }, + "post": { + "description": { + "$ref": "desc/settings/certs_post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/types.CertSettings" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "manageDefenders" + }, + "operationId": "post-settings-certs", + "summary": "Add Certificate Settings for Prisma Cloud Compute" + } + }, + "/api/v33.03/settings/console-certificate": { + "post": { + "description": { + "$ref": "desc/settings/console-certificates_post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/types.ConsoleCertificateSettings" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "authConfiguration" + }, + "operationId": "post-settings-console-certificate", + "summary": "Add Certificate Settings for Clients Accessing Prisma Cloud Compute" + } + }, + "/api/v33.03/settings/custom-labels": { + "get": { + "description": { + "$ref": "desc/settings/custom-labels_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.CustomLabelsSettings" + } + } + }, + "description": "CustomLabelsSettings are customized label names that are used to augment audit events\nThey can either be docker labels (which appears in the container label specification)\nor k8s/openshift labels (which appears in the pause container that monitors the target container)" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "user" + }, + "operationId": "get-settings-custom-labels", + "summary": "Get Alert Labels" + }, + "post": { + "description": { + "$ref": "desc/settings/custom-labels_post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.CustomLabelsSettings" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "manageAlerts" + }, + "operationId": "post-settings-custom-labels", + "summary": "Add Alert Labels" + } + }, + "/api/v33.03/settings/defender": { + "get": { + "description": { + "$ref": "desc/settings/defender_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/defender.Settings" + } + } + }, + "description": "Settings is the Defender settings" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "manageDefenders" + }, + "operationId": "get-settings-defender", + "summary": "Get Advanced Defender Settings" + } + }, + "/api/v33.03/settings/intelligence": { + "get": { + "description": { + "$ref": "desc/settings/intelligence_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/intelligence.IntelligenceSettings" + } + } + }, + "description": "IntelligenceSettings are the intelligence service settings" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "systemOperations" + }, + "operationId": "get-settings-intelligence", + "summary": "Get Intelligence Stream Settings" + }, + "post": { + "description": { + "$ref": "desc/settings/intelligence_post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/intelligence.IntelligenceSettings" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "systemOperations" + }, + "operationId": "post-settings-intelligence", + "summary": "Add Intelligence Stream Settings" + } + }, + "/api/v33.03/settings/ldap": { + "get": { + "description": { + "$ref": "desc/settings/ldap_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/identity.LdapSettings" + } + } + }, + "description": "LdapSettings are the ldap connectivity settings" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "authConfiguration" + }, + "operationId": "get-settings-ldap", + "summary": "Get LDAP Integration Settings" + }, + "post": { + "description": { + "$ref": "desc/settings/ldap_post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/identity.LdapSettings" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "authConfiguration" + }, + "operationId": "post-settings-ldap", + "summary": "Add LDAP Integration Settings" + } + }, + "/api/v33.03/settings/license": { + "get": { + "description": { + "$ref": "desc/settings/license_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.License" + } + } + }, + "description": "License represent the customer license" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "accessUI" + }, + "operationId": "get-settings-license", + "summary": "Get Prisma Cloud Compute License" + }, + "post": { + "description": { + "$ref": "desc/settings/license_post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/api.LicenseRequest" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "privilegedOperations" + }, + "operationId": "post-settings-license", + "summary": "Add Prisma Cloud Compute License" + } + }, + "/api/v33.03/settings/logging": { + "get": { + "description": { + "$ref": "desc/settings/logging_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.LoggingSettings" + } + } + }, + "description": "LoggingSettings are the logging settings" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "manageAlerts" + }, + "operationId": "get-settings-logging", + "summary": "Get Logging Settings" + }, + "post": { + "description": { + "$ref": "desc/settings/logging_post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.LoggingSettings" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "manageAlerts" + }, + "operationId": "post-settings-logging", + "summary": "Add Logging Settings" + } + }, + "/api/v33.03/settings/logon": { + "get": { + "description": { + "$ref": "desc/settings/logon_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/types.LogonSettings" + } + } + }, + "description": "LogonSettings are settings associated with the login properties" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "authConfiguration" + }, + "operationId": "get-settings-logon", + "summary": "Get Logon Settings" + }, + "post": { + "description": { + "$ref": "desc/settings/logon_post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/types.LogonSettings" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "authConfiguration" + }, + "operationId": "post-settings-logon", + "summary": "Add Logon Settings" + } + }, + "/api/v33.03/settings/oauth": { + "get": { + "description": { + "$ref": "desc/settings/oauth_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/identity.ProviderSettings" + } + } + }, + "description": "ProviderSettings are the Oauth/ OpenID Connect connectivity settings" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "authConfiguration" + }, + "operationId": "get-settings-oauth", + "summary": "Get OAuth Settings" + }, + "post": { + "description": { + "$ref": "desc/settings/oauth_post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/identity.ProviderSettings" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "authConfiguration" + }, + "operationId": "post-settings-oauth", + "summary": "Add OAuth Settings" + } + }, + "/api/v33.03/settings/oidc": { + "get": { + "description": { + "$ref": "desc/settings/oidc_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/identity.ProviderSettings" + } + } + }, + "description": "ProviderSettings are the Oauth/ OpenID Connect connectivity settings" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "authConfiguration" + }, + "operationId": "get-settings-oidc", + "summary": "Get Open ID Connect Settings" + }, + "post": { + "description": { + "$ref": "desc/settings/oidc_post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/identity.ProviderSettings" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "authConfiguration" + }, + "operationId": "post-settings-oidc", + "summary": "Add Open ID Connect Settings" + } + }, + "/api/v33.03/settings/proxy": { + "get": { + "description": { + "$ref": "desc/settings/proxy_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/common.ProxySettings" + } + } + }, + "description": "ProxySettings are the http proxy settings" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "systemOperations" + }, + "operationId": "get-settings-proxy", + "summary": "Get Proxy Settings of Prisma Cloud Compute" + }, + "post": { + "description": { + "$ref": "desc/settings/proxy_post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/common.ProxySettings" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "systemOperations" + }, + "operationId": "post-settings-proxy", + "summary": "Add Proxy Settings for Prisma Cloud Compute" + } + }, + "/api/v33.03/settings/registry": { + "get": { + "description": { + "$ref": "desc/settings/registry_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.RegistrySettings" + } + } + }, + "description": "RegistrySettings contains each registry's unique settings" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "policyContainers" + }, + "operationId": "get-settings-registry", + "summary": "Get Registry Settings" + }, + "post": { + "description": { + "$ref": "desc/settings/registry_post.md" + }, + "parameters": [ + { + "description": "ScanLater indicates to save the setting without starting a scan.\n", + "in": "query", + "name": "scanLater", + "schema": { + "type": "boolean" + } + } + ], + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.RegistrySpecification" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "policyContainers" + }, + "operationId": "post-settings-registry", + "summary": "Add Registry Settings" + }, + "put": { + "description": { + "$ref": "desc/settings/registry_put.md" + }, + "parameters": [ + { + "description": "ScanLater indicates to save the setting without starting a scan.\n", + "in": "query", + "name": "scanLater", + "schema": { + "type": "boolean" + } + } + ], + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.RegistrySettings" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "policyContainers" + }, + "operationId": "put-settings-registry", + "summary": "Update Registry Settings" + } + }, + "/api/v33.03/settings/saml": { + "get": { + "description": { + "$ref": "desc/settings/saml_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/identity.SamlSettings" + } + } + }, + "description": "SamlSettings are the saml connectivity settings" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "authConfiguration" + }, + "operationId": "get-settings-saml", + "summary": "Get SAML Settings of Prisma Cloud Compute" + }, + "post": { + "description": { + "$ref": "desc/settings/saml_post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/identity.SamlSettings" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "authConfiguration" + }, + "operationId": "post-settings-saml", + "summary": "Add SAML Settings for Prisma Cloud Compute" + } + }, + "/api/v33.03/settings/scan": { + "get": { + "description": { + "$ref": "desc/settings/scan_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.ScanSettings" + } + } + }, + "description": "ScanSettings are global settings for image/host/container and registry scanning" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "systemOperations" + }, + "operationId": "get-settings-scan", + "summary": "Get Global Scan Settings" + }, + "post": { + "description": { + "$ref": "desc/settings/scan_post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.ScanSettings" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "systemOperations" + }, + "operationId": "post-settings-scan", + "summary": "Add Global Scan Settings" + } + }, + "/api/v33.03/settings/tas": { + "get": { + "description": { + "$ref": "desc/settings/tas_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.TASDropletSpecification" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "policyContainers" + }, + "operationId": "get-settings-tas", + "summary": "Get TAS Settings" + }, + "post": { + "description": { + "$ref": "desc/settings/tas_post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.TASDropletSpecification" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "policyContainers" + }, + "operationId": "post-settings-tas", + "summary": "Add TAS Settings" + } + }, + "/api/v33.03/settings/telemetry": { + "get": { + "description": { + "$ref": "desc/settings/telemetry_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/types.TelemetrySettings" + } + } + }, + "description": "TelemetrySettings is the telemetry settings" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "systemOperations" + }, + "operationId": "get-settings-telemetry", + "summary": "Get Telemetry Settings" + }, + "post": { + "description": { + "$ref": "desc/settings/telemetry_post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/types.TelemetrySettings" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "systemOperations" + }, + "operationId": "post-settings-telemetry", + "summary": "Enable or Disable Telemetry Settings" + } + }, + "/api/v33.03/settings/trusted-certificate": { + "post": { + "description": { + "$ref": "desc/settings/telemetry_get.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/types.CertData" + } + } + } + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.TrustedCertSignature" + } + } + }, + "description": "TrustedCertSignature represents a trusted cert settings" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "authConfiguration" + }, + "operationId": "post-settings-trusted-certificate", + "summary": "Add a Certificate to a Trusted Certificate List" + } + }, + "/api/v33.03/settings/trusted-certificates": { + "post": { + "description": { + "$ref": "desc/settings/telemetry_post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.TrustedCertSettings" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "authConfiguration" + }, + "operationId": "post-settings-trusted-certificates", + "summary": "Add Trusted Certificate Settings" + } + }, + "/api/v33.03/settings/vm": { + "get": { + "description": { + "$ref": "desc/settings/vm_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.VMSpecification" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "policyHosts" + }, + "operationId": "get-settings-vm", + "summary": "Get VM Image Scan Settings" + }, + "put": { + "description": { + "$ref": "desc/settings/vm_put.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.VMSpecification" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "policyHosts" + }, + "operationId": "put-settings-vm", + "summary": "Update VM Image Scan Settings" + } + }, + "/api/v33.03/settings/wildfire": { + "get": { + "description": { + "$ref": "desc/settings/wildfire_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.WildFireSettings" + } + } + }, + "description": "WildFireSettings are the settings for WildFire API requests" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorCI" + }, + "operationId": "get-settings-wildfire", + "summary": "Wild Fire Settings" + } + }, + "/api/v33.03/stats/app-firewall/count": { + "get": { + "description": { + "$ref": "desc/stats/app_firewall_count_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/int" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Stats" + ], + "x-prisma-cloud-target-env": { + "permission": "systemOperations" + }, + "operationId": "get-stats-app-firewall-count", + "summary": "Application Firewall Count" + } + }, + "/api/v33.03/stats/compliance": { + "get": { + "description": { + "$ref": "desc/stats/compliance_get.md" + }, + "parameters": [ + { + "description": "Scopes query by collection.\n", + "in": "query", + "name": "collections", + "schema": { + "description": "Scopes query by collection.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes query by account ID.\n", + "in": "query", + "name": "accountIDs", + "schema": { + "description": "Scopes query by account ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters results by rule name.\n", + "in": "query", + "name": "ruleName", + "schema": { + "type": "string" + } + }, + { + "description": "Filters results by policy type. Used to further scope queries because rule names do not need to be unique between policies.\n", + "in": "query", + "name": "policyType", + "schema": { + "description": "PolicyType represents the type of the policy", + "enum": [ + [ + "containerVulnerability", + "containerCompliance", + "ciImagesVulnerability", + "ciImagesCompliance", + "hostVulnerability", + "hostCompliance", + "vmVulnerability", + "vmCompliance", + "serverlessCompliance", + "ciServerlessCompliance", + "serverlessVulnerability", + "ciServerlessVulnerability", + "containerRuntime", + "appEmbeddedRuntime", + "containerAppFirewall", + "hostAppFirewall", + "outOfBandAppFirewall", + "agentlessAppFirewall", + "serverObserverAppFirewall", + "appEmbeddedAppFirewall", + "serverlessAppFirewall", + "networkFirewall", + "secrets", + "hostRuntime", + "serverlessRuntime", + "kubernetesAudit", + "trust", + "admission", + "codeRepoCompliance", + "ciCodeRepoCompliance", + "ciCodeRepoVulnerability", + "codeRepoVulnerability" + ] + ], + "type": "string" + } + }, + { + "description": "Filters results by category. For example, a benchmark or resource type.\n", + "in": "query", + "name": "category", + "schema": { + "description": "ComplianceCategory represents the compliance category", + "enum": [ + [ + "Docker", + "Docker (DISA STIG)", + "Twistlock Labs", + "Custom", + "Istio", + "Linux", + "Kubernetes", + "CRI", + "OpenShift", + "Application Control", + "GKE", + "Prisma Cloud Labs", + "EKS", + "AKS" + ] + ], + "type": "string" + } + }, + { + "description": "Filters results by compliance template.\n", + "in": "query", + "name": "template", + "schema": { + "description": "ComplianceTemplate represents the compliance template", + "enum": [ + [ + "PCI", + "HIPAA", + "NIST SP 800-190", + "GDPR", + "DISA STIG" + ] + ], + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/types.ComplianceStats" + } + } + }, + "description": "ComplianceStats holds compliance data" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Stats" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorCompliance" + }, + "operationId": "get-stats-compliance", + "summary": "Get Compliance Stats" + } + }, + "/api/v33.03/stats/compliance/download": { + "get": { + "description": { + "$ref": "desc/stats/compliance_download_get.md" + }, + "parameters": [ + { + "description": "Scopes query by collection.\n", + "in": "query", + "name": "collections", + "schema": { + "description": "Scopes query by collection.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes query by account ID.\n", + "in": "query", + "name": "accountIDs", + "schema": { + "description": "Scopes query by account ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters results by rule name.\n", + "in": "query", + "name": "ruleName", + "schema": { + "type": "string" + } + }, + { + "description": "Filters results by policy type. Used to further scope queries because rule names do not need to be unique between policies.\n", + "in": "query", + "name": "policyType", + "schema": { + "description": "PolicyType represents the type of the policy", + "enum": [ + [ + "containerVulnerability", + "containerCompliance", + "ciImagesVulnerability", + "ciImagesCompliance", + "hostVulnerability", + "hostCompliance", + "vmVulnerability", + "vmCompliance", + "serverlessCompliance", + "ciServerlessCompliance", + "serverlessVulnerability", + "ciServerlessVulnerability", + "containerRuntime", + "appEmbeddedRuntime", + "containerAppFirewall", + "hostAppFirewall", + "outOfBandAppFirewall", + "agentlessAppFirewall", + "serverObserverAppFirewall", + "appEmbeddedAppFirewall", + "serverlessAppFirewall", + "networkFirewall", + "secrets", + "hostRuntime", + "serverlessRuntime", + "kubernetesAudit", + "trust", + "admission", + "codeRepoCompliance", + "ciCodeRepoCompliance", + "ciCodeRepoVulnerability", + "codeRepoVulnerability" + ] + ], + "type": "string" + } + }, + { + "description": "Filters results by category. For example, a benchmark or resource type.\n", + "in": "query", + "name": "category", + "schema": { + "description": "ComplianceCategory represents the compliance category", + "enum": [ + [ + "Docker", + "Docker (DISA STIG)", + "Twistlock Labs", + "Custom", + "Istio", + "Linux", + "Kubernetes", + "CRI", + "OpenShift", + "Application Control", + "GKE", + "Prisma Cloud Labs", + "EKS", + "AKS" + ] + ], + "type": "string" + } + }, + { + "description": "Filters results by compliance template.\n", + "in": "query", + "name": "template", + "schema": { + "description": "ComplianceTemplate represents the compliance template", + "enum": [ + [ + "PCI", + "HIPAA", + "NIST SP 800-190", + "GDPR", + "DISA STIG" + ] + ], + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Stats" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorCompliance" + }, + "operationId": "get-stats-compliance-download", + "summary": "Download Compliance Stats" + } + }, + "/api/v33.03/stats/compliance/refresh": { + "post": { + "description": { + "$ref": "desc/stats/compliance_refresh.md" + }, + "parameters": [ + { + "description": "Scopes query by collection.\n", + "in": "query", + "name": "collections", + "schema": { + "description": "Scopes query by collection.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes query by account ID.\n", + "in": "query", + "name": "accountIDs", + "schema": { + "description": "Scopes query by account ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters results by rule name.\n", + "in": "query", + "name": "ruleName", + "schema": { + "type": "string" + } + }, + { + "description": "Filters results by policy type. Used to further scope queries because rule names do not need to be unique between policies.\n", + "in": "query", + "name": "policyType", + "schema": { + "description": "PolicyType represents the type of the policy", + "enum": [ + [ + "containerVulnerability", + "containerCompliance", + "ciImagesVulnerability", + "ciImagesCompliance", + "hostVulnerability", + "hostCompliance", + "vmVulnerability", + "vmCompliance", + "serverlessCompliance", + "ciServerlessCompliance", + "serverlessVulnerability", + "ciServerlessVulnerability", + "containerRuntime", + "appEmbeddedRuntime", + "containerAppFirewall", + "hostAppFirewall", + "outOfBandAppFirewall", + "agentlessAppFirewall", + "serverObserverAppFirewall", + "appEmbeddedAppFirewall", + "serverlessAppFirewall", + "networkFirewall", + "secrets", + "hostRuntime", + "serverlessRuntime", + "kubernetesAudit", + "trust", + "admission", + "codeRepoCompliance", + "ciCodeRepoCompliance", + "ciCodeRepoVulnerability", + "codeRepoVulnerability" + ] + ], + "type": "string" + } + }, + { + "description": "Filters results by category. For example, a benchmark or resource type.\n", + "in": "query", + "name": "category", + "schema": { + "description": "ComplianceCategory represents the compliance category", + "enum": [ + [ + "Docker", + "Docker (DISA STIG)", + "Twistlock Labs", + "Custom", + "Istio", + "Linux", + "Kubernetes", + "CRI", + "OpenShift", + "Application Control", + "GKE", + "Prisma Cloud Labs", + "EKS", + "AKS" + ] + ], + "type": "string" + } + }, + { + "description": "Filters results by compliance template.\n", + "in": "query", + "name": "template", + "schema": { + "description": "ComplianceTemplate represents the compliance template", + "enum": [ + [ + "PCI", + "HIPAA", + "NIST SP 800-190", + "GDPR", + "DISA STIG" + ] + ], + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/types.ComplianceStats" + } + } + }, + "description": "ComplianceStats holds compliance data" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Stats" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorCompliance" + }, + "operationId": "post-stats-compliance-refresh", + "summary": "Refresh Compliance Stats" + } + }, + "/api/v33.03/stats/daily": { + "get": { + "description": { + "$ref": "desc/stats/daily_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_types.Stats" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Stats" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorRuntimeContainers" + }, + "operationId": "get-stats-daily", + "summary": "Get Daily Compliance Stats" + } + }, + "/api/v33.03/stats/dashboard": { + "get": { + "description": { + "$ref": "desc/stats/dashboard_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/types.Trends" + } + } + }, + "description": "Trends contains data on global trends in the system" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Stats" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorVuln" + }, + "operationId": "get-stats-dashboard", + "summary": "Get Dashboard Stats" + } + }, + "/api/v33.03/stats/events": { + "get": { + "description": { + "$ref": "desc/stats/events_get.md" + }, + "parameters": [ + { + "description": "Collections are collections scoping the query.\n", + "in": "query", + "name": "collections", + "schema": { + "description": "Collections are collections scoping the query.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AccountIDs are the account IDs scoping the query.\n", + "in": "query", + "name": "accountIDs", + "schema": { + "description": "AccountIDs are the account IDs scoping the query.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/types.EventStats" + } + } + }, + "description": "EventStats holds counters for all event types" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Stats" + ], + "x-prisma-cloud-target-env": { + "permission": "accessUI" + }, + "operationId": "get-stats-events", + "summary": "Get Event Stats" + } + }, + "/api/v33.03/stats/license": { + "get": { + "description": { + "$ref": "desc/stats/license_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/types.LicenseStats" + } + } + }, + "description": "LicenseStats holds the console license stats" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Stats" + ], + "x-prisma-cloud-target-env": { + "permission": "systemOperations" + }, + "operationId": "get-stats-license", + "summary": "Get Event Stats" + } + }, + "/api/v33.03/stats/vulnerabilities": { + "get": { + "description": { + "$ref": "desc/stats/vulnerabilities_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "CVE is the single CVE ID to return vulnerability data for.\n", + "in": "query", + "name": "cve", + "schema": { + "type": "string" + } + }, + { + "description": "SeverityThreshold is the minimum severity indicating that all retrieved CVEs severities are greater than or equal to the threshold.\n", + "in": "query", + "name": "severityThreshold", + "schema": { + "type": "string" + } + }, + { + "description": "CVSSThreshold is the minimum CVSS score indicating that all retrieved CVEs CVSS scores are greater than or equal to the threshold.\n", + "in": "query", + "name": "cvssThreshold", + "schema": { + "format": "float", + "type": "number" + } + }, + { + "description": "ResourceType is the single resource type to return vulnerability data for.\n", + "in": "query", + "name": "resourceType", + "schema": { + "description": "ResourceType represents the resource type", + "enum": [ + [ + "container", + "image", + "host", + "istio", + "vm", + "function", + "registryImage" + ] + ], + "type": "string" + } + }, + { + "description": "Agentless indicates whether to retrieve vulnerability data for agentless hosts/images.\n", + "in": "query", + "name": "agentless", + "schema": { + "type": "boolean" + } + }, + { + "description": "Stopped indicates whether to retrieve vulnerability data for hosts that were not running during agentless scan.\n", + "in": "query", + "name": "stopped", + "schema": { + "type": "boolean" + } + }, + { + "description": "Packages filter by impacted packages.\n", + "in": "query", + "name": "packages", + "schema": { + "description": "Packages filter by impacted packages.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RiskFactors filter by CVE risk factors.\n", + "in": "query", + "name": "riskFactors", + "schema": { + "description": "RiskFactors filter by CVE risk factors.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "EnvRiskFactors filter by environmental risk factors.\n", + "in": "query", + "name": "envRiskFactors", + "schema": { + "description": "EnvRiskFactors filter by environmental risk factors.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_types.VulnerabilityStats" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Stats" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorVuln" + }, + "operationId": "get-stats-vulnerabilities", + "summary": "Get Vulnerability (CVEs) Stats" + } + }, + "/api/v33.03/stats/vulnerabilities/download": { + "get": { + "description": { + "$ref": "desc/stats/vulnerabilities_download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "CVE is the single CVE ID to return vulnerability data for.\n", + "in": "query", + "name": "cve", + "schema": { + "type": "string" + } + }, + { + "description": "SeverityThreshold is the minimum severity indicating that all retrieved CVEs severities are greater than or equal to the threshold.\n", + "in": "query", + "name": "severityThreshold", + "schema": { + "type": "string" + } + }, + { + "description": "CVSSThreshold is the minimum CVSS score indicating that all retrieved CVEs CVSS scores are greater than or equal to the threshold.\n", + "in": "query", + "name": "cvssThreshold", + "schema": { + "format": "float", + "type": "number" + } + }, + { + "description": "ResourceType is the single resource type to return vulnerability data for.\n", + "in": "query", + "name": "resourceType", + "schema": { + "description": "ResourceType represents the resource type", + "enum": [ + [ + "container", + "image", + "host", + "istio", + "vm", + "function", + "registryImage" + ] + ], + "type": "string" + } + }, + { + "description": "Agentless indicates whether to retrieve vulnerability data for agentless hosts/images.\n", + "in": "query", + "name": "agentless", + "schema": { + "type": "boolean" + } + }, + { + "description": "Stopped indicates whether to retrieve vulnerability data for hosts that were not running during agentless scan.\n", + "in": "query", + "name": "stopped", + "schema": { + "type": "boolean" + } + }, + { + "description": "Packages filter by impacted packages.\n", + "in": "query", + "name": "packages", + "schema": { + "description": "Packages filter by impacted packages.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RiskFactors filter by CVE risk factors.\n", + "in": "query", + "name": "riskFactors", + "schema": { + "description": "RiskFactors filter by CVE risk factors.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "EnvRiskFactors filter by environmental risk factors.\n", + "in": "query", + "name": "envRiskFactors", + "schema": { + "description": "EnvRiskFactors filter by environmental risk factors.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Stats" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorVuln" + }, + "operationId": "get-stats-vulnerabilities-download", + "summary": "Download Vulnerability (CVEs) Stats" + } + }, + "/api/v33.03/stats/vulnerabilities/impacted-resources": { + "get": { + "description": { + "$ref": "desc/stats/vulnerabilities_impacted_resources_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "CVE is used to as a pivot for the impacted resource search.\n", + "in": "query", + "name": "cve", + "schema": { + "type": "string" + } + }, + { + "description": "SeverityThreshold is the minimum severity indicating that all retrieved CVEs severities are greater than or equal to the threshold.\n", + "in": "query", + "name": "severityThreshold", + "schema": { + "type": "string" + } + }, + { + "description": "CVSSThreshold is the minimum CVSS score indicating that all retrieved CVEs CVSS scores are greater than or equal to the threshold.\n", + "in": "query", + "name": "cvssThreshold", + "schema": { + "format": "float", + "type": "number" + } + }, + { + "description": "ResourceType is the single resource type to return vulnerability data for.\n", + "in": "query", + "name": "resourceType", + "schema": { + "description": "ResourceType represents the resource type", + "enum": [ + [ + "container", + "image", + "host", + "istio", + "vm", + "function", + "registryImage" + ] + ], + "type": "string" + } + }, + { + "description": "Agentless indicates whether to retrieve vulnerability data for agentless hosts/images.\n", + "in": "query", + "name": "agentless", + "schema": { + "type": "boolean" + } + }, + { + "description": "Stopped indicates whether to retrieve vulnerability data for hosts that were not running during agentless scan.\n", + "in": "query", + "name": "stopped", + "schema": { + "type": "boolean" + } + }, + { + "description": "Packages filter by impacted packages.\n", + "in": "query", + "name": "packages", + "schema": { + "description": "Packages filter by impacted packages.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RiskFactors filter by CVE risk factors.\n", + "in": "query", + "name": "riskFactors", + "schema": { + "description": "RiskFactors filter by CVE risk factors.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "EnvRiskFactors filter by environmental risk factors.\n", + "in": "query", + "name": "envRiskFactors", + "schema": { + "description": "EnvRiskFactors filter by environmental risk factors.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/types.VulnImpactedResources" + } + } + }, + "description": "VulnImpactedResources holds details about the resources impacted by vulnerability" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Stats" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorVuln" + }, + "operationId": "get-stats-vulnerabilities-impacted-resources", + "summary": "Get Impacted Resources Vulnerability (CVE) Stats" + } + }, + "/api/v33.03/stats/vulnerabilities/impacted-resources/download": { + "get": { + "description": { + "$ref": "desc/stats/vulnerabilities_impacted_resources_download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "CVE is used to as a pivot for the impacted resource search.\n", + "in": "query", + "name": "cve", + "schema": { + "type": "string" + } + }, + { + "description": "SeverityThreshold is the minimum severity indicating that all retrieved CVEs severities are greater than or equal to the threshold.\n", + "in": "query", + "name": "severityThreshold", + "schema": { + "type": "string" + } + }, + { + "description": "CVSSThreshold is the minimum CVSS score indicating that all retrieved CVEs CVSS scores are greater than or equal to the threshold.\n", + "in": "query", + "name": "cvssThreshold", + "schema": { + "format": "float", + "type": "number" + } + }, + { + "description": "ResourceType is the single resource type to return vulnerability data for.\n", + "in": "query", + "name": "resourceType", + "schema": { + "description": "ResourceType represents the resource type", + "enum": [ + [ + "container", + "image", + "host", + "istio", + "vm", + "function", + "registryImage" + ] + ], + "type": "string" + } + }, + { + "description": "Agentless indicates whether to retrieve vulnerability data for agentless hosts/images.\n", + "in": "query", + "name": "agentless", + "schema": { + "type": "boolean" + } + }, + { + "description": "Stopped indicates whether to retrieve vulnerability data for hosts that were not running during agentless scan.\n", + "in": "query", + "name": "stopped", + "schema": { + "type": "boolean" + } + }, + { + "description": "Packages filter by impacted packages.\n", + "in": "query", + "name": "packages", + "schema": { + "description": "Packages filter by impacted packages.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RiskFactors filter by CVE risk factors.\n", + "in": "query", + "name": "riskFactors", + "schema": { + "description": "RiskFactors filter by CVE risk factors.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "EnvRiskFactors filter by environmental risk factors.\n", + "in": "query", + "name": "envRiskFactors", + "schema": { + "description": "EnvRiskFactors filter by environmental risk factors.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Stats" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorVuln" + }, + "operationId": "get-stats-vulnerabilities-impacted-resources-download", + "summary": "Download Impacted Resources Vulnerability (CVE) Stats" + } + }, + "/api/v33.03/stats/vulnerabilities/refresh": { + "post": { + "description": { + "$ref": "desc/stats/vulnerabilities_refresh_post.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_types.VulnerabilityStats" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Stats" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorVuln" + }, + "operationId": "post-stats-vulnerabilities-refresh", + "summary": "Refresh Vulnerability Stats" + } + }, + "/api/v33.03/statuses/buildah": { + "get": { + "description": { + "$ref": "desc/statuses/buildah_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/api.BuildahFeatureStatus" + } + } + }, + "description": "BuildahFeatureStatus holds the response for the buildah feature status" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Statuses" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorCI" + }, + "operationId": "get-statuses-buildah", + "summary": "Buildah Feature Status returns the buildah feature status" + } + }, + "/api/v33.03/statuses/registry": { + "get": { + "description": { + "$ref": "desc/statuses/registry_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/defender.ScanStatus" + } + } + }, + "description": "ScanStatus represents the status of current scan" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Statuses" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages" + }, + "operationId": "get-statuses-registry", + "summary": "Get Registry Scan Status" + } + }, + "/api/v33.03/tags": { + "get": { + "description": { + "$ref": "desc/tags/get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.Tag" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Tags" + ], + "x-prisma-cloud-target-env": { + "permission": "collections" + }, + "operationId": "get-tags", + "summary": "Get Tags" + }, + "post": { + "description": { + "$ref": "desc/tags/post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.Tag" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Tags" + ], + "x-prisma-cloud-target-env": { + "permission": "collections" + }, + "operationId": "post-tags", + "summary": "Add Tags" + } + }, + "/api/v33.03/tags/{id}": { + "delete": { + "description": { + "$ref": "desc/tags/name_delete.md" + }, + "parameters": [ + { + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Tags" + ], + "x-prisma-cloud-target-env": { + "permission": "collections" + }, + "operationId": "delete-tags-id", + "summary": "Delete a Tag" + }, + "put": { + "description": { + "$ref": "desc/tags/name_put.md" + }, + "parameters": [ + { + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.Tag" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Tags" + ], + "x-prisma-cloud-target-env": { + "permission": "collections" + }, + "operationId": "put-tags-id", + "summary": "Update a Tag" + } + }, + "/api/v33.03/tags/{id}/vuln": { + "delete": { + "description": { + "$ref": "desc/tags/tag_cve_delete.md" + }, + "parameters": [ + { + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Tags" + ], + "x-prisma-cloud-target-env": { + "permission": "collections" + }, + "operationId": "delete-tags-id-vuln", + "summary": "Delete Tag Vulnerability Metadata" + }, + "post": { + "description": { + "$ref": "desc/tags/tag_cve_post.md" + }, + "parameters": [ + { + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.TagVulnMetadata" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Tags" + ], + "x-prisma-cloud-target-env": { + "permission": "collections" + }, + "operationId": "post-tags-id-vuln", + "summary": "Set Tag Vulnerability Metadata" + } + }, + "/api/v33.03/tas-droplets": { + "get": { + "description": { + "$ref": "desc/tas-droplets/get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Retrieves a list of cloud function IDs.\n", + "in": "query", + "name": "id", + "schema": { + "description": "Retrieves a list of cloud function IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Retrieves a list of cloud controller addresses that contains the cloud functions.\n", + "in": "query", + "name": "cloudControllerAddresses", + "schema": { + "description": "Retrieves a list of cloud controller addresses that contains the cloud functions.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud runtimes.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Filters the result based on cloud runtimes.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud function's versions.\n", + "in": "query", + "name": "version", + "schema": { + "description": "Filters the result based on cloud function's versions.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on AWS Lambda Layers.\n", + "in": "query", + "name": "functionLayers", + "schema": { + "description": "Filters the result based on AWS Lambda Layers.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters result based on cloud functions that are connected and protected by a Defender.\n", + "in": "query", + "name": "defended", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters result based on compliance IDs.\n", + "in": "query", + "name": "complianceIDs", + "schema": { + "description": "Filters result based on compliance IDs.\n", + "items": { + "$ref": "#/components/schemas/int" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on applied compliance rule name.\n", + "in": "query", + "name": "complianceRuleName", + "schema": { + "type": "string" + } + }, + { + "description": "Filters result based on platforms (OS and architecture) such as Windows, Linux ARM x64, Linux x86, and so on.\n", + "in": "query", + "name": "platform", + "schema": { + "description": "Filters result based on platforms (OS and architecture) such as Windows, Linux ARM x64, Linux x86, and so on.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Retrieves the result in the normalized form of low, medium, high, and critical based on vulnerability's severity level.\nDefault is false.\n", + "in": "query", + "name": "normalizedSeverity", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters results by issue type.\n", + "in": "query", + "name": "issueType", + "schema": { + "description": "IssueType is used to filter scan results by issue type", + "enum": [ + [ + "vulnerabilities", + "compliance", + "" + ] + ], + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_serverless.FunctionInfo" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Tas-Droplets" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages" + }, + "operationId": "get-tas-droplets", + "summary": "Get TAS Droplets" + } + }, + "/api/v33.03/tas-droplets/addresses": { + "get": { + "description": { + "$ref": "desc/tas-droplets/get_tas_addresses.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Retrieves a list of cloud function IDs.\n", + "in": "query", + "name": "id", + "schema": { + "description": "Retrieves a list of cloud function IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Retrieves a list of cloud controller addresses that contains the cloud functions.\n", + "in": "query", + "name": "cloudControllerAddresses", + "schema": { + "description": "Retrieves a list of cloud controller addresses that contains the cloud functions.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud runtimes.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Filters the result based on cloud runtimes.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud function's versions.\n", + "in": "query", + "name": "version", + "schema": { + "description": "Filters the result based on cloud function's versions.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on AWS Lambda Layers.\n", + "in": "query", + "name": "functionLayers", + "schema": { + "description": "Filters the result based on AWS Lambda Layers.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters result based on cloud functions that are connected and protected by a Defender.\n", + "in": "query", + "name": "defended", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters result based on compliance IDs.\n", + "in": "query", + "name": "complianceIDs", + "schema": { + "description": "Filters result based on compliance IDs.\n", + "items": { + "$ref": "#/components/schemas/int" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on applied compliance rule name.\n", + "in": "query", + "name": "complianceRuleName", + "schema": { + "type": "string" + } + }, + { + "description": "Filters result based on platforms (OS and architecture) such as Windows, Linux ARM x64, Linux x86, and so on.\n", + "in": "query", + "name": "platform", + "schema": { + "description": "Filters result based on platforms (OS and architecture) such as Windows, Linux ARM x64, Linux x86, and so on.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Retrieves the result in the normalized form of low, medium, high, and critical based on vulnerability's severity level.\nDefault is false.\n", + "in": "query", + "name": "normalizedSeverity", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters results by issue type.\n", + "in": "query", + "name": "issueType", + "schema": { + "description": "IssueType is used to filter scan results by issue type", + "enum": [ + [ + "vulnerabilities", + "compliance", + "" + ] + ], + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_string" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Tas-Droplets" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages" + }, + "operationId": "get-tas-droplets-addresses", + "summary": "TAS Cloud Controller Addresses" + } + }, + "/api/v33.03/tas-droplets/download": { + "get": { + "description": { + "$ref": "desc/tas-droplets/download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Retrieves a list of cloud function IDs.\n", + "in": "query", + "name": "id", + "schema": { + "description": "Retrieves a list of cloud function IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Retrieves a list of cloud controller addresses that contains the cloud functions.\n", + "in": "query", + "name": "cloudControllerAddresses", + "schema": { + "description": "Retrieves a list of cloud controller addresses that contains the cloud functions.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud runtimes.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Filters the result based on cloud runtimes.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud function's versions.\n", + "in": "query", + "name": "version", + "schema": { + "description": "Filters the result based on cloud function's versions.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on AWS Lambda Layers.\n", + "in": "query", + "name": "functionLayers", + "schema": { + "description": "Filters the result based on AWS Lambda Layers.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters result based on cloud functions that are connected and protected by a Defender.\n", + "in": "query", + "name": "defended", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters result based on compliance IDs.\n", + "in": "query", + "name": "complianceIDs", + "schema": { + "description": "Filters result based on compliance IDs.\n", + "items": { + "$ref": "#/components/schemas/int" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on applied compliance rule name.\n", + "in": "query", + "name": "complianceRuleName", + "schema": { + "type": "string" + } + }, + { + "description": "Filters result based on platforms (OS and architecture) such as Windows, Linux ARM x64, Linux x86, and so on.\n", + "in": "query", + "name": "platform", + "schema": { + "description": "Filters result based on platforms (OS and architecture) such as Windows, Linux ARM x64, Linux x86, and so on.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Retrieves the result in the normalized form of low, medium, high, and critical based on vulnerability's severity level.\nDefault is false.\n", + "in": "query", + "name": "normalizedSeverity", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters results by issue type.\n", + "in": "query", + "name": "issueType", + "schema": { + "description": "IssueType is used to filter scan results by issue type", + "enum": [ + [ + "vulnerabilities", + "compliance", + "" + ] + ], + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Tas-Droplets" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages" + }, + "operationId": "get-tas-droplets-download", + "summary": "Download TAS Droplets" + } + }, + "/api/v33.03/tas-droplets/progress": { + "get": { + "description": { + "$ref": "desc/tas-droplets/progress_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.Progress" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Tas-Droplets" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages" + }, + "operationId": "get-tas-droplets-progress", + "summary": "View TAS Droplets Scan Progress" + } + }, + "/api/v33.03/tas-droplets/scan": { + "post": { + "description": { + "$ref": "desc/tas-droplets/scan_post.md" + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Tas-Droplets" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages" + }, + "operationId": "post-tas-droplets-scan", + "summary": "Scan TAS Droplets" + } + }, + "/api/v33.03/tas-droplets/stop": { + "post": { + "description": { + "$ref": "desc/tas-droplets/stop_post.md" + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Tas-Droplets" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages" + }, + "operationId": "post-tas-droplets-stop", + "summary": "Stop TAS Droplets Ongoing Scan" + } + }, + "/api/v33.03/trust/data": { + "get": { + "description": { + "$ref": "desc/trust/data_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/trust.Data" + } + } + }, + "description": "Data holds the image trust data" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Trust" + ], + "x-prisma-cloud-target-env": { + "permission": "policyContainers" + }, + "operationId": "get-trust-data", + "summary": "Get Trusted Repository, Image, and Registry" + }, + "put": { + "description": { + "$ref": "desc/trust/data_put.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/trust.Data" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Trust" + ], + "x-prisma-cloud-target-env": { + "permission": "policyContainers" + }, + "operationId": "put-trust-data", + "summary": "Update Trusted Repository, Image, and Registry" + } + }, + "/api/v33.03/users": { + "get": { + "description": { + "$ref": "desc/users/get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/api.UserList" + } + } + }, + "description": "UserList represents a list of users" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Users" + ], + "x-prisma-cloud-target-env": { + "permission": "userManagement" + }, + "operationId": "get-users", + "summary": "Get Users" + }, + "post": { + "description": { + "$ref": "desc/users/post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/api.User" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Users" + ], + "x-prisma-cloud-target-env": { + "permission": "userManagement" + }, + "operationId": "post-users", + "summary": "Add Users" + }, + "put": { + "description": { + "$ref": "desc/users/put.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/api.User" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Users" + ], + "x-prisma-cloud-target-env": { + "permission": "userManagement" + }, + "operationId": "put-users", + "summary": "Update Users" + } + }, + "/api/v33.03/users/password": { + "put": { + "description": { + "$ref": "desc/users/password_put.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/types.UserPassword" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Users" + ], + "x-prisma-cloud-target-env": { + "permission": "user" + }, + "operationId": "put-users-password", + "summary": "Update User Password" + } + }, + "/api/v33.03/users/{id}": { + "delete": { + "description": { + "$ref": "desc/users/id_delete.md" + }, + "parameters": [ + { + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Users" + ], + "x-prisma-cloud-target-env": { + "permission": "userManagement" + }, + "operationId": "delete-users-id", + "summary": "Delete Users" + } + }, + "/api/v33.03/util/arm64/twistcli": { + "get": { + "description": { + "$ref": "desc/util/twistcli_arm64_get.md" + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Util" + ], + "x-prisma-cloud-target-env": { + "permission": "downloads" + }, + "operationId": "get-util-arm64-twistcli", + "summary": "Download ARM64 twistcli for Linux OS" + } + }, + "/api/v33.03/util/osx/arm64/twistcli": { + "get": { + "description": { + "$ref": "desc/util/osx_twistcli_arm64_get.md" + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Util" + ], + "x-prisma-cloud-target-env": { + "permission": "downloads" + }, + "operationId": "get-util-osx-arm64-twistcli", + "summary": "Download ARM64 twistcli for MacOS" + } + }, + "/api/v33.03/util/osx/twistcli": { + "get": { + "description": { + "$ref": "desc/util/osx_twistcli_get.md" + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Util" + ], + "x-prisma-cloud-target-env": { + "permission": "downloads" + }, + "operationId": "get-util-osx-twistcli", + "summary": "Download twistcli for MacOS" + } + }, + "/api/v33.03/util/twistcli": { + "get": { + "description": { + "$ref": "desc/util/twistcli_get.md" + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Util" + ], + "x-prisma-cloud-target-env": { + "permission": "downloads" + }, + "operationId": "get-util-twistcli", + "summary": "Download twistcli for Linux OS" + } + }, + "/api/v33.03/util/windows/twistcli.exe": { + "get": { + "description": { + "$ref": "desc/util/windows_twistcli_get.md" + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Util" + ], + "x-prisma-cloud-target-env": { + "permission": "downloads" + }, + "operationId": "get-util-windows-twistcli.exe", + "summary": "Download twistcli for Microsoft Windows" + } + }, + "/api/v33.03/version": { + "get": { + "description": { + "$ref": "desc/version/get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/string" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Version" + ], + "x-prisma-cloud-target-env": { + "permission": "user" + }, + "operationId": "get-version", + "summary": "Get Prisma Cloud Compute Version" + } + }, + "/api/v33.03/vms": { + "get": { + "description": { + "$ref": "desc/vms/get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters the result based on VM IDs.\n", + "in": "query", + "name": "id", + "schema": { + "description": "Filters the result based on VM IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on image names.\n", + "in": "query", + "name": "name", + "schema": { + "description": "Filters the result based on image names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud credentials.\n", + "in": "query", + "name": "credential", + "schema": { + "description": "Filters the result based on cloud credentials.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on OS distribution names.\n", + "in": "query", + "name": "distro", + "schema": { + "description": "Filters the result based on OS distribution names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on release versions.\n", + "in": "query", + "name": "release", + "schema": { + "description": "Filters the result based on release versions.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud image types. Example: Use marketplace, managed, or gallery for Microsoft Azure.\n", + "in": "query", + "name": "imageType", + "schema": { + "description": "Filters the result based on cloud image types. Example: Use marketplace, managed, or gallery for Microsoft Azure.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on compliance IDs.\n", + "in": "query", + "name": "complianceIDs", + "schema": { + "description": "Filters the result based on compliance IDs.\n", + "items": { + "$ref": "#/components/schemas/int" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on applied compliance rule name.\n", + "in": "query", + "name": "complianceRuleName", + "schema": { + "type": "string" + } + }, + { + "description": "Retrieves the result in the normalized form of low, medium, high, and critical based on vulnerability's severity level.\nDefault is false.\n", + "in": "query", + "name": "normalizedSeverity", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters results by issue type.\n", + "in": "query", + "name": "issueType", + "schema": { + "description": "IssueType is used to filter scan results by issue type", + "enum": [ + [ + "vulnerabilities", + "compliance", + "" + ] + ], + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.ImageScanResult" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Vms" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorHosts" + }, + "operationId": "get-vms", + "summary": "Get VM Image Scan Results" + } + }, + "/api/v33.03/vms/download": { + "get": { + "description": { + "$ref": "desc/vms/download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters the result based on VM IDs.\n", + "in": "query", + "name": "id", + "schema": { + "description": "Filters the result based on VM IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on image names.\n", + "in": "query", + "name": "name", + "schema": { + "description": "Filters the result based on image names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud credentials.\n", + "in": "query", + "name": "credential", + "schema": { + "description": "Filters the result based on cloud credentials.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on OS distribution names.\n", + "in": "query", + "name": "distro", + "schema": { + "description": "Filters the result based on OS distribution names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on release versions.\n", + "in": "query", + "name": "release", + "schema": { + "description": "Filters the result based on release versions.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud image types. Example: Use marketplace, managed, or gallery for Microsoft Azure.\n", + "in": "query", + "name": "imageType", + "schema": { + "description": "Filters the result based on cloud image types. Example: Use marketplace, managed, or gallery for Microsoft Azure.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on compliance IDs.\n", + "in": "query", + "name": "complianceIDs", + "schema": { + "description": "Filters the result based on compliance IDs.\n", + "items": { + "$ref": "#/components/schemas/int" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on applied compliance rule name.\n", + "in": "query", + "name": "complianceRuleName", + "schema": { + "type": "string" + } + }, + { + "description": "Retrieves the result in the normalized form of low, medium, high, and critical based on vulnerability's severity level.\nDefault is false.\n", + "in": "query", + "name": "normalizedSeverity", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters results by issue type.\n", + "in": "query", + "name": "issueType", + "schema": { + "description": "IssueType is used to filter scan results by issue type", + "enum": [ + [ + "vulnerabilities", + "compliance", + "" + ] + ], + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Vms" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorHosts" + }, + "operationId": "get-vms-download", + "summary": "Download VM Image Scan Results" + } + }, + "/api/v33.03/vms/labels": { + "get": { + "description": { + "$ref": "desc/vms/labels_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters the result based on VM IDs.\n", + "in": "query", + "name": "id", + "schema": { + "description": "Filters the result based on VM IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on image names.\n", + "in": "query", + "name": "name", + "schema": { + "description": "Filters the result based on image names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud credentials.\n", + "in": "query", + "name": "credential", + "schema": { + "description": "Filters the result based on cloud credentials.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on OS distribution names.\n", + "in": "query", + "name": "distro", + "schema": { + "description": "Filters the result based on OS distribution names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on release versions.\n", + "in": "query", + "name": "release", + "schema": { + "description": "Filters the result based on release versions.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud image types. Example: Use marketplace, managed, or gallery for Microsoft Azure.\n", + "in": "query", + "name": "imageType", + "schema": { + "description": "Filters the result based on cloud image types. Example: Use marketplace, managed, or gallery for Microsoft Azure.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on compliance IDs.\n", + "in": "query", + "name": "complianceIDs", + "schema": { + "description": "Filters the result based on compliance IDs.\n", + "items": { + "$ref": "#/components/schemas/int" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on applied compliance rule name.\n", + "in": "query", + "name": "complianceRuleName", + "schema": { + "type": "string" + } + }, + { + "description": "Retrieves the result in the normalized form of low, medium, high, and critical based on vulnerability's severity level.\nDefault is false.\n", + "in": "query", + "name": "normalizedSeverity", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters results by issue type.\n", + "in": "query", + "name": "issueType", + "schema": { + "description": "IssueType is used to filter scan results by issue type", + "enum": [ + [ + "vulnerabilities", + "compliance", + "" + ] + ], + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_string" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Vms" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorHosts" + }, + "operationId": "get-vms-labels", + "summary": "Get VM Image Tags" + } + }, + "/api/v33.03/vms/names": { + "get": { + "description": { + "$ref": "desc/vms/names_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters the result based on VM IDs.\n", + "in": "query", + "name": "id", + "schema": { + "description": "Filters the result based on VM IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on image names.\n", + "in": "query", + "name": "name", + "schema": { + "description": "Filters the result based on image names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud credentials.\n", + "in": "query", + "name": "credential", + "schema": { + "description": "Filters the result based on cloud credentials.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on OS distribution names.\n", + "in": "query", + "name": "distro", + "schema": { + "description": "Filters the result based on OS distribution names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on release versions.\n", + "in": "query", + "name": "release", + "schema": { + "description": "Filters the result based on release versions.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud image types. Example: Use marketplace, managed, or gallery for Microsoft Azure.\n", + "in": "query", + "name": "imageType", + "schema": { + "description": "Filters the result based on cloud image types. Example: Use marketplace, managed, or gallery for Microsoft Azure.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on compliance IDs.\n", + "in": "query", + "name": "complianceIDs", + "schema": { + "description": "Filters the result based on compliance IDs.\n", + "items": { + "$ref": "#/components/schemas/int" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on applied compliance rule name.\n", + "in": "query", + "name": "complianceRuleName", + "schema": { + "type": "string" + } + }, + { + "description": "Retrieves the result in the normalized form of low, medium, high, and critical based on vulnerability's severity level.\nDefault is false.\n", + "in": "query", + "name": "normalizedSeverity", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters results by issue type.\n", + "in": "query", + "name": "issueType", + "schema": { + "description": "IssueType is used to filter scan results by issue type", + "enum": [ + [ + "vulnerabilities", + "compliance", + "" + ] + ], + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_string" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Vms" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorHosts" + }, + "operationId": "get-vms-names", + "summary": "Get VM Image Names" + } + }, + "/api/v33.03/vms/scan": { + "post": { + "description": { + "$ref": "desc/vms/scan_post.md" + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Vms" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorHosts" + }, + "operationId": "post-vms-scan", + "summary": "Start VM Image Scan" + } + }, + "/api/v33.03/vms/stop": { + "post": { + "description": { + "$ref": "desc/vms/stop_post.md" + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Vms" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorHosts" + }, + "operationId": "post-vms-stop", + "summary": "Stop VM Image Scan" + } + }, + "/api/v33.03/waas/openapi-scans": { + "post": { + "description": { + "$ref": "desc/waas/openapi-scans_post.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/waas.OpenAPIScan" + } + } + }, + "description": "OpenAPIScan represents the OpenAPI file scan" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Waas" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorWAAS" + }, + "operationId": "post-waas-openapi-scans", + "summary": "Scan OpenAPI Specification File for WAAS Observations" + } + } + }, + "tags": [ + { + "name": "Agentless", + "description": { + "$ref": "desc/agentless/agentless.md" + } + }, + { + "name": "Ais-Api" + }, + { + "name": "Alert-Profiles" + }, + { + "name": "Application-Control", + "description": { + "$ref": "desc/application-control/application-control.md" + } + }, + { + "name": "Audits", + "description": { + "$ref": "desc/audits/audits.md" + } + }, + { + "name": "Authenticate", + "description": { + "$ref": "desc/authenticate/authenticate.md" + } + }, + { + "name": "Authenticate-Client", + "description": { + "$ref": "desc/authenticate-client/authenticate-client.md" + } + }, + { + "name": "Backups" + }, + { + "name": "Bff" + }, + { + "name": "Ccs" + }, + { + "name": "Certs", + "description": { + "$ref": "desc/certs/certs.md" + } + }, + { + "name": "Cloud", + "description": { + "$ref": "desc/cloud/cloud.md" + } + }, + { + "name": "Cloud-Scan-Rules" + }, + { + "name": "Cloud-Security-Agent" + }, + { + "name": "Clustered-Db" + }, + { + "name": "Coderepos-Ci" + }, + { + "name": "Collections", + "description": { + "$ref": "desc/collections/collections.md" + } + }, + { + "name": "Config" + }, + { + "name": "Containers", + "description": { + "$ref": "desc/containers/containers.md" + } + }, + { + "name": "Credentials", + "description": { + "$ref": "desc/credentials/credentials.md" + } + }, + { + "name": "Current" + }, + { + "name": "Custom-Compliance", + "description": { + "$ref": "desc/custom-compliance/custom-compliance.md" + } + }, + { + "name": "Custom-Rules", + "description": { + "$ref": "desc/custom-rules/custom-rules.md" + } + }, + { + "name": "Cves" + }, + { + "name": "Defenders", + "description": { + "$ref": "desc/defenders/defenders.md" + } + }, + { + "name": "Deployment" + }, + { + "name": "Feeds", + "description": { + "$ref": "desc/feeds/feeds.md" + } + }, + { + "name": "Forensic" + }, + { + "name": "Groups", + "description": { + "$ref": "desc/groups/groups.md" + } + }, + { + "name": "Harbor" + }, + { + "name": "Hosts", + "description": { + "$ref": "desc/hosts/hosts.md" + } + }, + { + "name": "Images", + "description": { + "$ref": "desc/images/images.md" + } + }, + { + "name": "Kubernetes" + }, + { + "name": "Logout" + }, + { + "name": "Logs" + }, + { + "name": "Policies", + "description": { + "$ref": "desc/policies/policies.md" + } + }, + { + "name": "Profiles", + "description": { + "$ref": "desc/profiles/profiles.md" + } + }, + { + "name": "Projects" + }, + { + "name": "Radar" + }, + { + "name": "Rbac" + }, + { + "name": "Registry", + "description": { + "$ref": "desc/registry/registry.md" + } + }, + { + "name": "Registry-Count" + }, + { + "name": "Runtime" + }, + { + "name": "Sandbox", + "description": { + "$ref": "desc/sandbox/sandbox.md" + } + }, + { + "name": "Sbom", + "description": { + "$ref": "desc/sbom/sbom_intro.md" + } + }, + { + "name": "Scans", + "description": { + "$ref": "desc/scans/scans.md" + } + }, + { + "name": "Scripts" + }, + { + "name": "Security-Advisor" + }, + { + "name": "Serverless", + "description": { + "$ref": "desc/serverless/serverless.md" + } + }, + { + "name": "Settings", + "description": { + "$ref": "desc/settings/settings.md" + } + }, + { + "name": "Signup", + "description": { + "$ref": "desc/signup/signup.md" + } + }, + { + "name": "Static" + }, + { + "name": "Stats", + "description": { + "$ref": "desc/stats/stats.md" + } + }, + { + "name": "Statuses", + "description": { + "$ref": "desc/statuses/statuses.md" + } + }, + { + "description": "This API is an officially supported route", + "externalDocs": { + "url": "https://cdn.twistlock.com/docs/api/twistlock_api.html" + }, + "name": "Supported API" + }, + { + "name": "Tags", + "description": { + "$ref": "desc/tags/tags.md" + } + }, + { + "name": "Tas-Droplets" + }, + { + "name": "Trust", + "description": { + "$ref": "desc/trust/trust.md" + } + }, + { + "name": "Trusted-Images" + }, + { + "name": "Users", + "description": { + "$ref": "desc/users/users.md" + } + }, + { + "name": "Util", + "description": { + "$ref": "desc/util/util.md" + } + }, + { + "name": "Version", + "description": { + "$ref": "desc/version/version.md" + } + }, + { + "name": "Vms", + "description": { + "$ref": "desc/vms/vms.md" + } + }, + { + "name": "Waas" + }, + { + "name": "Xsoar-Alerts" + }, + { + "name": "_Ping", + "description": { + "$ref": "desc/_ping/_ping.md" + } + } + ] +} \ No newline at end of file diff --git a/openapi-specs/cwpp/openapi-33-02-130-saas.json b/openapi-specs/cwpp/33-02/openapi-33-02-130-saas.json similarity index 100% rename from openapi-specs/cwpp/openapi-33-02-130-saas.json rename to openapi-specs/cwpp/33-02/openapi-33-02-130-saas.json diff --git a/openapi-specs/cwpp/openapi-33-03-138-saas.json b/openapi-specs/cwpp/openapi-33-03-138-saas.json new file mode 100644 index 000000000..b077c4de8 --- /dev/null +++ b/openapi-specs/cwpp/openapi-33-03-138-saas.json @@ -0,0 +1,51554 @@ +{ + "components": { + "schemas": { + "-_admission.Audit": { + "items": { + "$ref": "#/components/schemas/admission.Audit" + }, + "type": "array" + }, + "-_ais.ScanInstancesRequest": { + "items": { + "$ref": "#/components/schemas/ais.ScanInstancesRequest" + }, + "type": "array" + }, + "-_ais.ScanInstancesResult": { + "items": { + "$ref": "#/components/schemas/ais.ScanInstancesResult" + }, + "type": "array" + }, + "-_api.AggregationPeriod": { + "items": { + "$ref": "#/components/schemas/api.AggregationPeriod" + }, + "type": "array" + }, + "-_api.AlertProfile": { + "items": { + "$ref": "#/components/schemas/api.AlertProfile" + }, + "type": "array" + }, + "-_applicationcontrol.Rule": { + "items": { + "$ref": "#/components/schemas/applicationcontrol.Rule" + }, + "type": "array" + }, + "-_ccs.ConsoleMessage": { + "items": { + "$ref": "#/components/schemas/ccs.ConsoleMessage" + }, + "type": "array" + }, + "-_collection.Collection": { + "items": { + "$ref": "#/components/schemas/collection.Collection" + }, + "type": "array" + }, + "-_collection.Usage": { + "items": { + "$ref": "#/components/schemas/collection.Usage" + }, + "type": "array" + }, + "-_cred.Credential": { + "items": { + "$ref": "#/components/schemas/cred.Credential" + }, + "type": "array" + }, + "-_customrules.Rule": { + "items": { + "$ref": "#/components/schemas/customrules.Rule" + }, + "type": "array" + }, + "-_defender.Defender": { + "items": { + "$ref": "#/components/schemas/defender.Defender" + }, + "type": "array" + }, + "-_deployment.DaemonSet": { + "items": { + "$ref": "#/components/schemas/deployment.DaemonSet" + }, + "type": "array" + }, + "-_forensic.ContainerEvent": { + "items": { + "$ref": "#/components/schemas/forensic.ContainerEvent" + }, + "type": "array" + }, + "-_forensic.HostEvent": { + "items": { + "$ref": "#/components/schemas/forensic.HostEvent" + }, + "type": "array" + }, + "-_kubeaudit.Audit": { + "items": { + "$ref": "#/components/schemas/kubeaudit.Audit" + }, + "type": "array" + }, + "-_kubeaudit.AuditSpecification": { + "items": { + "$ref": "#/components/schemas/kubeaudit.AuditSpecification" + }, + "type": "array" + }, + "-_log.LogEntry": { + "items": { + "$ref": "#/components/schemas/log.LogEntry" + }, + "type": "array" + }, + "-_prisma.AlertIntegration": { + "items": { + "$ref": "#/components/schemas/prisma.AlertIntegration" + }, + "type": "array" + }, + "-_rbac.Role": { + "items": { + "$ref": "#/components/schemas/rbac.Role" + }, + "type": "array" + }, + "-_runtime.ContainerProfileHost": { + "items": { + "$ref": "#/components/schemas/runtime.ContainerProfileHost" + }, + "type": "array" + }, + "-_runtime.HostProfile": { + "items": { + "$ref": "#/components/schemas/runtime.HostProfile" + }, + "type": "array" + }, + "-_sandbox.ScanResult": { + "items": { + "$ref": "#/components/schemas/sandbox.ScanResult" + }, + "type": "array" + }, + "-_serverless.FunctionInfo": { + "items": { + "$ref": "#/components/schemas/serverless.FunctionInfo" + }, + "type": "array" + }, + "-_serverless.RadarFilter": { + "items": { + "$ref": "#/components/schemas/serverless.RadarFilter" + }, + "type": "array" + }, + "-_shared.AppEmbeddedRuntimeProfile": { + "items": { + "$ref": "#/components/schemas/shared.AppEmbeddedRuntimeProfile" + }, + "type": "array" + }, + "-_shared.AppFirewallAudit": { + "items": { + "$ref": "#/components/schemas/shared.AppFirewallAudit" + }, + "type": "array" + }, + "-_shared.Audit": { + "items": { + "$ref": "#/components/schemas/shared.Audit" + }, + "type": "array" + }, + "-_shared.BackupSpec": { + "items": { + "$ref": "#/components/schemas/shared.BackupSpec" + }, + "type": "array" + }, + "-_shared.CLIScanResult": { + "items": { + "$ref": "#/components/schemas/shared.CLIScanResult" + }, + "type": "array" + }, + "-_shared.CloudDiscoveryAccount": { + "items": { + "$ref": "#/components/schemas/shared.CloudDiscoveryAccount" + }, + "type": "array" + }, + "-_shared.CloudDiscoveryEntity": { + "items": { + "$ref": "#/components/schemas/shared.CloudDiscoveryEntity" + }, + "type": "array" + }, + "-_shared.CloudDiscoveryRadar": { + "items": { + "$ref": "#/components/schemas/shared.CloudDiscoveryRadar" + }, + "type": "array" + }, + "-_shared.CloudDiscoveryResult": { + "items": { + "$ref": "#/components/schemas/shared.CloudDiscoveryResult" + }, + "type": "array" + }, + "-_shared.CloudScanRule": { + "items": { + "$ref": "#/components/schemas/shared.CloudScanRule" + }, + "type": "array" + }, + "-_shared.ContainerNetworkFirewallProfileAudits": { + "items": { + "$ref": "#/components/schemas/shared.ContainerNetworkFirewallProfileAudits" + }, + "type": "array" + }, + "-_shared.ContainerRuntimeProfile": { + "items": { + "$ref": "#/components/schemas/shared.ContainerRuntimeProfile" + }, + "type": "array" + }, + "-_shared.ContainerScanResult": { + "items": { + "$ref": "#/components/schemas/shared.ContainerScanResult" + }, + "type": "array" + }, + "-_shared.CustomComplianceCheck": { + "items": { + "$ref": "#/components/schemas/shared.CustomComplianceCheck" + }, + "type": "array" + }, + "-_shared.FileIntegrityEvent": { + "items": { + "$ref": "#/components/schemas/shared.FileIntegrityEvent" + }, + "type": "array" + }, + "-_shared.HostActivity": { + "items": { + "$ref": "#/components/schemas/shared.HostActivity" + }, + "type": "array" + }, + "-_shared.HostInfo": { + "items": { + "$ref": "#/components/schemas/shared.HostInfo" + }, + "type": "array" + }, + "-_shared.HostNetworkFirewallProfileAudits": { + "items": { + "$ref": "#/components/schemas/shared.HostNetworkFirewallProfileAudits" + }, + "type": "array" + }, + "-_shared.ImageScanResult": { + "items": { + "$ref": "#/components/schemas/shared.ImageScanResult" + }, + "type": "array" + }, + "-_shared.Incident": { + "items": { + "$ref": "#/components/schemas/shared.Incident" + }, + "type": "array" + }, + "-_shared.LambdaRuntimeType": { + "items": { + "$ref": "#/components/schemas/shared.LambdaRuntimeType" + }, + "type": "array" + }, + "-_shared.LogInspectionEvent": { + "items": { + "$ref": "#/components/schemas/shared.LogInspectionEvent" + }, + "type": "array" + }, + "-_shared.MgmtAudit": { + "items": { + "$ref": "#/components/schemas/shared.MgmtAudit" + }, + "type": "array" + }, + "-_shared.Progress": { + "items": { + "$ref": "#/components/schemas/shared.Progress" + }, + "type": "array" + }, + "-_shared.RegionData": { + "items": { + "$ref": "#/components/schemas/shared.RegionData" + }, + "type": "array" + }, + "-_shared.RegistryScanProgress": { + "items": { + "$ref": "#/components/schemas/shared.RegistryScanProgress" + }, + "type": "array" + }, + "-_shared.RegistryScanRequest": { + "items": { + "$ref": "#/components/schemas/shared.RegistryScanRequest" + }, + "type": "array" + }, + "-_shared.RuntimeAudit": { + "items": { + "$ref": "#/components/schemas/shared.RuntimeAudit" + }, + "type": "array" + }, + "-_shared.TASDropletSpecification": { + "items": { + "$ref": "#/components/schemas/shared.TASDropletSpecification" + }, + "type": "array" + }, + "-_shared.Tag": { + "items": { + "$ref": "#/components/schemas/shared.Tag" + }, + "type": "array" + }, + "-_shared.TrustAudits": { + "items": { + "$ref": "#/components/schemas/shared.TrustAudits" + }, + "type": "array" + }, + "-_shared.VMSpecification": { + "items": { + "$ref": "#/components/schemas/shared.VMSpecification" + }, + "type": "array" + }, + "-_string": { + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "-_types.AgentlessHostStatus": { + "items": { + "$ref": "#/components/schemas/types.AgentlessHostStatus" + }, + "type": "array" + }, + "-_types.AlertProfileOption": { + "items": { + "$ref": "#/components/schemas/types.AlertProfileOption" + }, + "type": "array" + }, + "-_types.AuditTimeslice": { + "items": { + "$ref": "#/components/schemas/types.AuditTimeslice" + }, + "type": "array" + }, + "-_types.BaseImagesRule": { + "items": { + "$ref": "#/components/schemas/types.BaseImagesRule" + }, + "type": "array" + }, + "-_types.CVEStats": { + "items": { + "$ref": "#/components/schemas/types.CVEStats" + }, + "type": "array" + }, + "-_types.CVEVulnerability": { + "items": { + "$ref": "#/components/schemas/types.CVEVulnerability" + }, + "type": "array" + }, + "-_types.ClusterRadarInfo": { + "items": { + "$ref": "#/components/schemas/types.ClusterRadarInfo" + }, + "type": "array" + }, + "-_types.CredentialUsage": { + "items": { + "$ref": "#/components/schemas/types.CredentialUsage" + }, + "type": "array" + }, + "-_types.DefenderSummary": { + "items": { + "$ref": "#/components/schemas/types.DefenderSummary" + }, + "type": "array" + }, + "-_types.DefendersVersionCount": { + "items": { + "$ref": "#/components/schemas/types.DefendersVersionCount" + }, + "type": "array" + }, + "-_types.DiscoveredVM": { + "items": { + "$ref": "#/components/schemas/types.DiscoveredVM" + }, + "type": "array" + }, + "-_types.Endpoint": { + "items": { + "$ref": "#/components/schemas/types.Endpoint" + }, + "type": "array" + }, + "-_types.ImpactedOutOfBandEntity": { + "items": { + "$ref": "#/components/schemas/types.ImpactedOutOfBandEntity" + }, + "type": "array" + }, + "-_types.Project": { + "items": { + "$ref": "#/components/schemas/types.Project" + }, + "type": "array" + }, + "-_types.Stats": { + "items": { + "$ref": "#/components/schemas/types.Stats" + }, + "type": "array" + }, + "-_types.UserCollection": { + "items": { + "$ref": "#/components/schemas/types.UserCollection" + }, + "type": "array" + }, + "-_types.UserProject": { + "items": { + "$ref": "#/components/schemas/types.UserProject" + }, + "type": "array" + }, + "-_types.VulnerabilityStats": { + "items": { + "$ref": "#/components/schemas/types.VulnerabilityStats" + }, + "type": "array" + }, + "-_uint8": { + "items": { + "$ref": "#/components/schemas/uint8" + }, + "type": "array" + }, + "-_vuln.WildFireMalware": { + "items": { + "$ref": "#/components/schemas/vuln.WildFireMalware" + }, + "type": "array" + }, + "-_waas.APIChangeDetails": { + "items": { + "$ref": "#/components/schemas/waas.APIChangeDetails" + }, + "type": "array" + }, + "-_waas.DiscoveredAPI": { + "items": { + "$ref": "#/components/schemas/waas.DiscoveredAPI" + }, + "type": "array" + }, + "-_waas.NetworkList": { + "items": { + "$ref": "#/components/schemas/waas.NetworkList" + }, + "type": "array" + }, + "-_waas.OpenAPIScan": { + "items": { + "$ref": "#/components/schemas/waas.OpenAPIScan" + }, + "type": "array" + }, + "-_waas.UnprotectedContainersWebApps": { + "items": { + "$ref": "#/components/schemas/waas.UnprotectedContainersWebApps" + }, + "type": "array" + }, + "-_waas.UnprotectedHostsWebApps": { + "items": { + "$ref": "#/components/schemas/waas.UnprotectedHostsWebApps" + }, + "type": "array" + }, + "-_waas.VPCConfigMirroredResource": { + "items": { + "$ref": "#/components/schemas/waas.VPCConfigMirroredResource" + }, + "type": "array" + }, + "-_waas.VPCConfigResource": { + "items": { + "$ref": "#/components/schemas/waas.VPCConfigResource" + }, + "type": "array" + }, + "admission.Audit": { + "description": "Audit represents an admission audit", + "properties": { + "accountID": { + "description": "AccountID is the cloud account ID.\n", + "type": "string" + }, + "attackTechniques": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/mitre.Technique" + }, + "type": "array" + }, + "cluster": { + "description": "Cluster is the cluster where the audit took place.\n", + "type": "string" + }, + "collections": { + "description": "Collections are collections to which this audit applies.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "effect": { + "description": "Effect is the rule effect which was applied to the review which led to this audit.\n", + "type": "string" + }, + "kind": { + "description": "Kind is the type of object being manipulated. For example: Pod.\n", + "type": "string" + }, + "message": { + "description": "Message is the rule user defined message which appears on audit.\n", + "type": "string" + }, + "namespace": { + "description": "Namespace is the namespace associated with the request (if any).\n", + "type": "string" + }, + "operation": { + "description": "Operation is the operation being performed.\n", + "type": "string" + }, + "rawRequest": { + "description": "RawRequest is the original review request that caused this audit.\n", + "type": "string" + }, + "resource": { + "description": "Resource is the name of the resource being requested. This is not the kind. For example: pods.\n", + "type": "string" + }, + "ruleName": { + "description": "RuleName is the name of the rule which issued this audit.\n", + "type": "string" + }, + "time": { + "description": "Time is the time at which the audit was generated.\n", + "format": "date-time", + "type": "string" + }, + "userGroups": { + "description": "UserGroups is the names of groups this user is a part of.\n", + "type": "string" + }, + "userUid": { + "description": "UserUID is a unique value that identifies this user across time. If this user is\ndeleted and another user by the same name is added, they will have\ndifferent UIDs.\n", + "type": "string" + }, + "username": { + "description": "Username is the name that uniquely identifies this user among all active users.\n", + "type": "string" + } + }, + "type": "object" + }, + "admission.Policy": { + "description": "Policy represents a policy enforced on Kubernetes admission reviews", + "properties": { + "_id": { + "description": "ID is the policy ID.\n", + "type": "string" + }, + "rules": { + "description": "Rules is a list of rules associated with the admission policy.\n", + "items": { + "$ref": "#/components/schemas/admission.Rule" + }, + "type": "array" + } + }, + "type": "object" + }, + "admission.Rule": { + "description": "Rule represents an admission rule", + "properties": { + "attackTechniques": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/mitre.Technique" + }, + "type": "array" + }, + "description": { + "description": "Description is the rule description.\n", + "type": "string" + }, + "disabled": { + "description": "Indicates whether the rule is currently disabled. Values: true (disabled) or false (enabled).\n", + "type": "boolean" + }, + "effect": { + "$ref": "#/components/schemas/common.PolicyEffect" + }, + "modified": { + "description": "Specifies the date and time when the rule was last modified.\n", + "format": "date-time", + "type": "string" + }, + "name": { + "description": "Name of the rule.\n", + "type": "string" + }, + "notes": { + "description": "Describes any noteworthy points for a rule. You can include any text.\n", + "type": "string" + }, + "owner": { + "description": "User who created or last modified the rule.\n", + "type": "string" + }, + "previousName": { + "description": "Previous name of the rule. Required for rule renaming.\n", + "type": "string" + }, + "script": { + "description": "Script is the Rego script.\n", + "type": "string" + }, + "skipRawReq": { + "description": "SkipRawReq signals to exclude raw review request in a resulting admission audit.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "agentless.ImageScanResultErrCode": { + "description": "ImageScanResultErrCode represents the asset status error", + "type": "integer" + }, + "ais.ScanInstancesRequest": { + "properties": { + "cloudAccountID": { + "description": ".\n", + "type": "string" + }, + "cloudInstanceIds": { + "description": ".\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "cloudProvider": { + "$ref": "#/components/schemas/common.CloudProvider" + }, + "region": { + "description": ".\n", + "type": "string" + } + }, + "type": "object" + }, + "ais.ScanInstancesResult": { + "properties": { + "description": { + "description": ".\n", + "type": "string" + }, + "instances": { + "description": ".\n", + "items": { + "$ref": "#/components/schemas/ais.ScanInstancesRequest" + }, + "type": "array" + }, + "status": { + "description": ".\n", + "type": "integer" + } + }, + "type": "object" + }, + "api.AggregationPeriod": { + "description": "AggregationPeriod represents a period over which alerts are aggregated", + "properties": { + "displayName": { + "description": "The display name of the aggregation period.\n", + "type": "string" + }, + "periodMS": { + "description": "The aggregation period's duration in milliseconds.\n", + "type": "integer" + } + }, + "type": "object" + }, + "api.AlertClientType": { + "description": "AlertClientType represents the type of alert client (e.g., email, slack, ...)", + "type": "string" + }, + "api.AlertProfile": { + "description": "AlertProfile represents an alert profile (event type and recipients)", + "properties": { + "_id": { + "description": "ID is the alert profile ID.\n", + "type": "string" + }, + "consoleIdentifier": { + "description": "ConsoleIdentifier is the console identifier.\n", + "type": "string" + }, + "cortex": { + "$ref": "#/components/schemas/api.AlertProfileCortexSettings" + }, + "disabled": { + "description": "Indicates whether the rule is currently disabled. Values: true (disabled) or false (enabled).\n", + "type": "boolean" + }, + "email": { + "$ref": "#/components/schemas/api.AlertProfileEmailSettings" + }, + "external": { + "description": "External indicates that the profile is integrated through Prisma Cloud.\n", + "type": "boolean" + }, + "gcpPubsub": { + "$ref": "#/components/schemas/api.AlertProfileGcpPubsubSettings" + }, + "integrationID": { + "description": "IntegrationID is the ID identifying the provider configured in Prisma Cloud.\n", + "type": "string" + }, + "jira": { + "$ref": "#/components/schemas/api.AlertProfileJIRASettings" + }, + "lastError": { + "description": "LastError represents the last error when sending the profile.\n", + "type": "string" + }, + "modified": { + "description": "Specifies the date and time when the rule was last modified.\n", + "format": "date-time", + "type": "string" + }, + "name": { + "description": "Name of the rule.\n", + "type": "string" + }, + "notes": { + "description": "Describes any noteworthy points for a rule. You can include any text.\n", + "type": "string" + }, + "owner": { + "description": "User who created or last modified the rule.\n", + "type": "string" + }, + "pagerduty": { + "$ref": "#/components/schemas/api.AlertProfilePagerDutySettings" + }, + "policy": { + "additionalProperties": { + "$ref": "#/components/schemas/api.AlertRule" + }, + "description": "Policy contains the mapping between alert type to the applied alert rules.\n", + "type": "object" + }, + "previousName": { + "description": "Previous name of the rule. Required for rule renaming.\n", + "type": "string" + }, + "securityAdvisor": { + "$ref": "#/components/schemas/api.AlertProfileSecurityAdvisor" + }, + "securityCenter": { + "$ref": "#/components/schemas/api.AlertProfileSecurityCenterSettings" + }, + "securityHub": { + "$ref": "#/components/schemas/api.AlertProfileSecurityHubSettings" + }, + "serviceNow": { + "$ref": "#/components/schemas/api.AlertProfileServiceNowSettings" + }, + "slack": { + "$ref": "#/components/schemas/api.AlertProfileSlackSettings" + }, + "splunk": { + "$ref": "#/components/schemas/api.AlertProfileSplunkSettings" + }, + "sqs": { + "$ref": "#/components/schemas/api.AlertProfileSQSSettings" + }, + "vulnerabilityImmediateAlertsEnabled": { + "description": "VulnerabilityImmediateAlertsEnabled indicates whether an immediate vulnerability alert will be sent upon new image scan.\n", + "type": "boolean" + }, + "webhook": { + "$ref": "#/components/schemas/api.AlertProfileWebhookSettings" + } + }, + "type": "object" + }, + "api.AlertProfileCortexSettings": { + "description": "AlertProfileCortexSettings represents Cortex applications alert profile settings", + "properties": { + "application": { + "$ref": "#/components/schemas/api.CortexApp" + }, + "caCert": { + "description": "CACert is the certificate used to verify the server.\n", + "type": "string" + }, + "credentialId": { + "description": "CredentialID is the id of the basic authentication credential.\n", + "type": "string" + }, + "enabled": { + "description": "Enabled is Webhook provider enabled/disabled indicator.\n", + "type": "boolean" + }, + "json": { + "description": "JSON is the custom JSON we send to the URL.\n", + "type": "string" + }, + "url": { + "description": "URL is the Webhook address.\n", + "type": "string" + } + }, + "type": "object" + }, + "api.AlertProfileEmailSettings": { + "description": "AlertProfileEmailSettings represents the alert profile Email settings", + "properties": { + "credentialId": { + "description": "CredentialID is the Email authentication credentials id.\n", + "type": "string" + }, + "enabled": { + "description": ".\n", + "type": "boolean" + }, + "from": { + "description": "From is the from address of the mail.\n", + "type": "string" + }, + "labels": { + "description": "Labels are custom label names from which the mail recipients are extracted, allowing to dynamically extract the target of the alerts.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "port": { + "description": ".\n", + "type": "integer" + }, + "recipients": { + "description": ".\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "smtpAddress": { + "description": ".\n", + "type": "string" + }, + "ssl": { + "description": ".\n", + "type": "boolean" + } + }, + "type": "object" + }, + "api.AlertProfileGcpPubsubSettings": { + "description": "AlertProfileGcpPubsubSettings is the GCP Pub/Sub alert profile settings", + "properties": { + "credentialId": { + "description": "CredentialID is the GCP Pub/Sub authentication credentials id.\n", + "type": "string" + }, + "enabled": { + "description": "Enabled indicates whether the GCP Pub/Sub settings are enabled.\n", + "type": "boolean" + }, + "topic": { + "description": "Topic is the GCP Pub/Sub topic (used by subscribers to listen for messages).\n", + "type": "string" + } + }, + "type": "object" + }, + "api.AlertProfileJIRASettings": { + "description": "AlertProfileJIRASettings represents the alert profile JIRA settings", + "properties": { + "assignee": { + "$ref": "#/components/schemas/api.JIRADynamicField" + }, + "baseUrl": { + "description": "BaseURL is the JIRA address.\n", + "type": "string" + }, + "caCert": { + "description": "CACert is the certificate used to verify the server.\n", + "type": "string" + }, + "credentialId": { + "description": "CredentialID is the JIRA authentication credentials id.\n", + "type": "string" + }, + "enabled": { + "description": "Enabled controls whether the rule is enabled.\n", + "type": "boolean" + }, + "issueType": { + "description": "IssueType is the type of the JIRA issue.\n", + "type": "string" + }, + "labels": { + "$ref": "#/components/schemas/api.JIRADynamicLabels" + }, + "priority": { + "description": "Priority is the issue priority.\n", + "type": "string" + }, + "projectKey": { + "$ref": "#/components/schemas/api.JIRADynamicField" + } + }, + "type": "object" + }, + "api.AlertProfilePagerDutySettings": { + "description": "AlertProfilePagerDutySettings represents the alert profile PagerDuty settings", + "properties": { + "enabled": { + "description": "Enabled is PagerDuty provider enabled/disabled indicator.\n", + "type": "boolean" + }, + "routingKey": { + "$ref": "#/components/schemas/common.Secret" + }, + "severity": { + "$ref": "#/components/schemas/api.PagerDutyAlertSeverity" + }, + "summary": { + "description": "Summary is the PagerDuty's event summary.\n", + "type": "string" + } + }, + "type": "object" + }, + "api.AlertProfileSQSSettings": { + "description": "AlertProfileSQSSettings represents the alert profile SQS settings", + "properties": { + "enabled": { + "description": "Enabled is the SQS provider enabled/disabled indicator.\n", + "type": "boolean" + }, + "json": { + "description": "JSON is the custom json we send to SQS.\n", + "type": "string" + } + }, + "type": "object" + }, + "api.AlertProfileSecurityAdvisor": { + "description": "AlertProfileSecurityAdvisor is the IBM security advisor alert profile settings", + "properties": { + "auto": { + "description": "Automatic means the configuration was automatically provisioned by security advisor, and only notes should be created.\n", + "type": "boolean" + }, + "credentialID": { + "description": "CredentialID is the IBM security advisor credential.\n", + "type": "string" + }, + "enabled": { + "description": "Enabled indicates whether the security advisor settings are enabled.\n", + "type": "boolean" + }, + "findingsURL": { + "description": "FindingsURL is the URL to which findings should be sent.\n", + "type": "string" + }, + "providerId": { + "description": "ProviderID is the configured providerID (default twistlock).\n", + "type": "string" + }, + "tokenURL": { + "description": "TokenURL is the url from which security tokens should be fetched.\n", + "type": "string" + } + }, + "type": "object" + }, + "api.AlertProfileSecurityCenterSettings": { + "description": "AlertProfileSecurityCenterSettings is the google cloud security center alert profile settings", + "properties": { + "credentialId": { + "description": "CredentialID is the Security Center authentication credentials id.\n", + "type": "string" + }, + "enabled": { + "description": ".\n", + "type": "boolean" + }, + "sourceID": { + "description": "SourceID is the google cloud security center organization source ID (used to construct security advisor findings).\n", + "type": "string" + } + }, + "type": "object" + }, + "api.AlertProfileSecurityHubSettings": { + "description": "AlertProfileSecurityHubSettings is the AWS security hub alert profile settings", + "properties": { + "accountID": { + "description": "AccountID is the AWS account ID.\n", + "type": "string" + }, + "credentialId": { + "description": "CredentialID is the SecurityHub authentication credentials id.\n", + "type": "string" + }, + "enabled": { + "description": "Enabled indicates whether the security hub settings are enabled.\n", + "type": "boolean" + }, + "region": { + "description": "Region is the aws region.\n", + "type": "string" + } + }, + "type": "object" + }, + "api.AlertProfileServiceNowSettings": { + "description": "AlertProfileServiceNowSettings represents the ServiceNow provider alert profile settings", + "properties": { + "application": { + "$ref": "#/components/schemas/api.ServiceNowApp" + }, + "assignee": { + "description": "Assignee is the ServiceNow user to whom will assign ServiceNow incidents\\items.\n", + "type": "string" + }, + "assignmentGroup": { + "description": "AssignmentGroup is the ServiceNow group of users handling security incidents.\n", + "type": "string" + }, + "auditPriority": { + "description": "AuditPriority is the priority at which to set audit alerts in security incidents.\n", + "type": "string" + }, + "caCert": { + "description": "CA certificate for on-premise ssl (optional).\n", + "type": "string" + }, + "credentialID": { + "description": "CredentialID is the ServiceNow authentication credentials id.\n", + "type": "string" + }, + "enabled": { + "description": "Enabled is the ServiceNow provider enabled/disabled indicator.\n", + "type": "boolean" + }, + "project": { + "description": "Project is the name of the prisma compute project that was used to generate this configuration. It's required as secondary consoles do not store their project name.\n", + "type": "string" + }, + "securityIncidentBaseURL": { + "description": "SecurityIncidentBaseURL is the ServiceNow address, used to send security incidents.\n", + "type": "string" + }, + "vulnerabilityEndpointUrl": { + "description": "VulnerabilityEndpointURL to report ServiceNow vulnerabilities, customer defined scripted REST API, see: https://docs.servicenow.com/bundle/orlando-application-development/page/integrate/custom-web-services/concept/c_CustomWebServices.html.\n", + "type": "string" + } + }, + "type": "object" + }, + "api.AlertProfileSlackSettings": { + "description": "AlertProfileSlackSettings represents the alert profile Slack settings", + "properties": { + "enabled": { + "description": ".\n", + "type": "boolean" + }, + "users": { + "description": ".\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "webhookUrl": { + "description": ".\n", + "type": "string" + } + }, + "type": "object" + }, + "api.AlertProfileSplunkSettings": { + "description": "AlertProfileSplunkSettings represents the alert profile Splunk settings", + "properties": { + "authToken": { + "$ref": "#/components/schemas/common.Secret" + }, + "caCert": { + "description": "CACert is the certificate used to verify the server (optional).\n", + "type": "string" + }, + "enabled": { + "description": "Enabled is Splunk provider enabled/disabled indicator.\n", + "type": "boolean" + }, + "json": { + "description": "JSON is the custom json we send to Splunk.\n", + "type": "string" + }, + "sourceType": { + "description": "SourceType is the alert source type.\n", + "type": "string" + }, + "url": { + "description": "URL is the Splunk HTTP event collector URL.\n", + "type": "string" + } + }, + "type": "object" + }, + "api.AlertProfileWebhookSettings": { + "description": "AlertProfileWebhookSettings represents the alert profile Webhook settings", + "properties": { + "caCert": { + "description": "CACert is the certificate used to verify the server.\n", + "type": "string" + }, + "credentialId": { + "description": "CredentialID is the id of the basic authentication credential.\n", + "type": "string" + }, + "enabled": { + "description": "Enabled is Webhook provider enabled/disabled indicator.\n", + "type": "boolean" + }, + "json": { + "description": "JSON is the custom JSON we send to the URL.\n", + "type": "string" + }, + "url": { + "description": "URL is the Webhook address.\n", + "type": "string" + } + }, + "type": "object" + }, + "api.AlertRule": { + "description": "AlertRule represents the configuration of an alert type", + "properties": { + "allRules": { + "description": "AllRules controls whether an alert is sent out for audits on all policy rules.\n", + "type": "boolean" + }, + "enabled": { + "description": "Enabled controls whether the rule is enabled.\n", + "type": "boolean" + }, + "rules": { + "description": "AssociatedRules defines the specific rules whose audits will generate alerts (relevant only if AllRules is false).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + "type": "object" + }, + "api.AlertSettings": { + "description": "AlertSettings are the global alert settings", + "properties": { + "aggregationPeriodMs": { + "description": "AggregationPeriodMs is the alert aggregation period in milliseconds.\n", + "type": "integer" + }, + "securityAdvisorWebhook": { + "description": "SecurityAdvisorWebhook is a webhook for IBM security advisor alert wizard, used to authenticate the wizard with the console and to pull data.\n", + "type": "string" + } + }, + "type": "object" + }, + "api.AlertType": { + "description": "AlertType represents an alert type", + "enum": [ + [ + "", + "defender", + "containerRuntime", + "appEmbeddedRuntime", + "containerAppFirewall", + "hostAppFirewall", + "appEmbeddedAppFirewall", + "serverlessAppFirewall", + "agentlessAppFirewall", + "networkFirewall", + "containerVulnerability", + "registryVulnerability", + "containerCompliance", + "hostVulnerability", + "hostCompliance", + "hostRuntime", + "incident", + "serverlessRuntime", + "kubernetesAudit", + "cloudDiscovery", + "admission", + "containerComplianceScan", + "hostComplianceScan", + "waasHealth", + "vmVulnerability", + "vmCompliance", + "containerSecurityEvents", + "hostSecurityEvents" + ] + ], + "type": "string" + }, + "api.AuthType": { + "description": "AuthType is the user authentication type", + "enum": [ + [ + "saml", + "ldap", + "basic", + "oauth", + "oidc" + ] + ], + "type": "string" + }, + "api.AuthenticationRequest": { + "description": "AuthenticationRequest is the required user input for authentication requests", + "properties": { + "password": { + "description": "Password is the password used for authentication.\n", + "type": "string" + }, + "token": { + "description": "Token is the Prisma JWT token used for authentication.\n", + "type": "string" + }, + "username": { + "description": "Username is the username used for authentication.\n", + "type": "string" + } + }, + "type": "object" + }, + "api.AuthenticationResponse": { + "description": "AuthenticationResponse returns the result of calling the authentication endpoint", + "properties": { + "token": { + "description": "Token is the new JWT token.\n", + "type": "string" + } + }, + "type": "object" + }, + "api.BuildahFeatureStatus": { + "description": "BuildahFeatureStatus holds the response for the buildah feature status", + "properties": { + "enabled": { + "description": "Enabled is the buildah feature enabled/disabled indicator.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "api.ConsoleAuthResponse": { + "description": "ConsoleAuthResponse represents the console certificates authentication response", + "properties": { + "role": { + "description": "UserRole is the authenticated user role.\n", + "type": "string" + }, + "token": { + "description": "Token is the console authentication response token.\n", + "type": "string" + } + }, + "type": "object" + }, + "api.CortexApp": { + "description": "CortexApp identifies a Cortex application (there are several)", + "enum": [ + [ + "xsoar", + "xdr" + ] + ], + "type": "string" + }, + "api.DefenderInstallScriptOptions": { + "description": "DefenderInstallScriptOptions holds the parameters for defender install script download", + "properties": { + "port": { + "description": "Port is the communication port between the defender and the console.\n", + "type": "integer" + }, + "proxy": { + "$ref": "#/components/schemas/common.DefenderProxyOpt" + } + }, + "type": "object" + }, + "api.InitStatus": { + "description": "InitStatus returns whether the console is initialized (i.e., if initial user/password is set)", + "properties": { + "initialized": { + "description": "Initialized indicates whether the console is initialized.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "api.JIRADynamicField": { + "description": "JIRADynamicField represents a value that can be given as a string or as a dynamic label\nSee more: https://developer.atlassian.com/cloud/jira/platform/rest/v2/api-group-issues/#api-rest-api-2-issue-post", + "properties": { + "id": { + "description": "ID is the field ID.\n", + "type": "string" + }, + "labels": { + "description": "Labels are the dynamic labels of which the value is based on.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "name": { + "description": "Name is the static string field.\n", + "type": "string" + } + }, + "type": "object" + }, + "api.JIRADynamicLabels": { + "description": "JIRADynamicLabels represents JIRA labels that can be given as strings or as a dynamic label", + "properties": { + "labels": { + "description": "Labels are the dynamic labels of which JIRA labels are based on.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "names": { + "description": "Names are the static strings field.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + "type": "object" + }, + "api.LicenseRequest": { + "description": "LicenseRequest is a request to setup a new license", + "properties": { + "key": { + "description": "Key is the license key.\n", + "type": "string" + } + }, + "type": "object" + }, + "api.PagerDutyAlertSeverity": { + "description": "PagerDutyAlertSeverity is the severity of an alert triggered in PagerDuty", + "enum": [ + [ + "critical", + "error", + "warning", + "info" + ] + ], + "type": "string" + }, + "api.Permission": { + "description": "Permission represents a user or group's permission to access a specific resource.\nCurrently supported resources are:\n- Project - Access to a specific project (if empty, the Master Project by default)\n- Collection - The set of collections in the project that may be accessed (all if empty)\nIf no permissions are assigned, all projects and collections may be accessed", + "properties": { + "collections": { + "description": "List of collections the user can access.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "project": { + "description": "Names of projects which the user can access.\n", + "type": "string" + } + }, + "type": "object" + }, + "api.Permissions": { + "description": "Permissions is a list of permissions", + "items": { + "$ref": "#/components/schemas/api.Permission" + }, + "type": "array" + }, + "api.ProjectSettings": { + "description": "ProjectSettings are settings for supporting federated console", + "properties": { + "master": { + "description": "Master indicates that project feature is enabled and that this console is the master console.\n", + "type": "boolean" + }, + "redirectURL": { + "description": "RedirectURL is the redirectURL for the given project.\n", + "type": "string" + } + }, + "type": "object" + }, + "api.ResolveFunctionsReq": { + "description": "ResolveFunctionsReq represents the parameters supported by the functions resolution API", + "properties": { + "functions": { + "description": "Functions is the list of functions to evaluate.\n", + "items": { + "$ref": "#/components/schemas/serverless.FunctionInfo" + }, + "type": "array" + } + }, + "type": "object" + }, + "api.ResolveFunctionsResp": { + "description": "ResolveFunctionsResp represents the functions resolution API output", + "properties": { + "functions": { + "description": "Functions is the list of functions that were resolved.\n", + "items": { + "$ref": "#/components/schemas/serverless.FunctionInfo" + }, + "type": "array" + } + }, + "type": "object" + }, + "api.ResolveImagesReq": { + "description": "ResolveImagesReq represents the parameters supported by the images resolution API", + "properties": { + "images": { + "description": "Images is the list of image to resolve.\n", + "items": { + "$ref": "#/components/schemas/shared.ImageScanResult" + }, + "type": "array" + } + }, + "type": "object" + }, + "api.ResolveImagesResp": { + "description": "ResolveImagesResp represents the images resolution API output", + "properties": { + "images": { + "description": "Images is the list of images that were resolved.\n", + "items": { + "$ref": "#/components/schemas/shared.ImageScanResult" + }, + "type": "array" + } + }, + "type": "object" + }, + "api.ServiceNowApp": { + "description": "ServiceNowApp identifies a ServiceNow application (there are several)\nfor more details, see:\nhttps://docs.servicenow.com/bundle/orlando-security-management/page/product/security-operations/concept/security-operations-intro.html", + "enum": [ + [ + "securityIncidentsResponse", + "vulnerabilityResponse" + ] + ], + "type": "string" + }, + "api.User": { + "description": "User represents a user in Twistlock", + "properties": { + "authType": { + "$ref": "#/components/schemas/api.AuthType" + }, + "lastModified": { + "description": "Datetime when the user was created or last modified.\n", + "format": "date-time", + "type": "string" + }, + "password": { + "description": "Password for authentication.\n", + "type": "string" + }, + "permissions": { + "$ref": "#/components/schemas/api.Permissions" + }, + "role": { + "description": "User role.\n", + "type": "string" + }, + "username": { + "description": "Username for authentication.\n", + "type": "string" + } + }, + "type": "object" + }, + "api.UserList": { + "description": "UserList represents a list of users", + "items": { + "$ref": "#/components/schemas/api.User" + }, + "type": "array" + }, + "appembedded.FargateTask": { + "additionalProperties": { + "$ref": "#/components/schemas/string" + }, + "description": "FargateTask represents the generic fargate task AWS template", + "type": "object" + }, + "applicationcontrol.Application": { + "description": "Application contains data about allowed installed versions for an application", + "properties": { + "allowedVersions": { + "$ref": "#/components/schemas/vulnerability.Conditions" + }, + "name": { + "description": "Name is the name of the application.\n", + "type": "string" + } + }, + "type": "object" + }, + "applicationcontrol.Rule": { + "description": "Rule represents an application control policy rule", + "properties": { + "_id": { + "description": "ID is the ID of the rule.\n", + "type": "integer" + }, + "applications": { + "description": "Applications are rules configuring the desired effect per application.\n", + "items": { + "$ref": "#/components/schemas/applicationcontrol.Application" + }, + "type": "array" + }, + "description": { + "description": "Description is the rule description.\n", + "type": "string" + }, + "disabled": { + "description": "Indicates whether the rule is currently disabled. Values: true (disabled) or false (enabled).\n", + "type": "boolean" + }, + "modified": { + "description": "Specifies the date and time when the rule was last modified.\n", + "format": "date-time", + "type": "string" + }, + "name": { + "description": "Name of the rule.\n", + "type": "string" + }, + "notes": { + "description": "Describes any noteworthy points for a rule. You can include any text.\n", + "type": "string" + }, + "owner": { + "description": "User who created or last modified the rule.\n", + "type": "string" + }, + "previousName": { + "description": "Previous name of the rule. Required for rule renaming.\n", + "type": "string" + }, + "severity": { + "description": "Severity is the rule's severity.\n", + "type": "string" + } + }, + "type": "object" + }, + "bool": { + "type": "boolean" + }, + "byte": { + "format": "byte", + "type": "string" + }, + "ccs.AccountMessage": { + "description": "AccountMessage is a cloud account message", + "properties": { + "accountID": { + "description": "AccountID is the account ID.\n", + "type": "string" + }, + "awsRegionType": { + "$ref": "#/components/schemas/shared.RegionType" + }, + "cloudType": { + "description": "CloudType is the account type.\n", + "type": "string" + }, + "deleted": { + "description": "Deleted is true if this account is marked deleted.\n", + "type": "boolean" + }, + "enrichedFeatures": { + "description": "Features is a list of enabled features and their mode.\n", + "items": { + "$ref": "#/components/schemas/ccs.Feature" + }, + "type": "array" + }, + "features": { + "description": "EnabledFeatures is a list of enabled feature names, kept for bc.\n", + "items": { + "$ref": "#/components/schemas/ccs.FeatureName" + }, + "type": "array" + }, + "lastModified": { + "description": "LastModified is the last time this account was modified.\n", + "format": "int64", + "type": "integer" + }, + "name": { + "description": "AccountName is the account name.\n", + "type": "string" + }, + "organizationName": { + "description": "OrganizationName is the organization the account belongs to (if any).\n", + "type": "string" + } + }, + "type": "object" + }, + "ccs.ConsoleMessage": { + "description": "ConsoleMessage is a generic console message which contains one type of message, e.g. account, alert rule, etc.", + "properties": { + "accountMessage": { + "$ref": "#/components/schemas/ccs.AccountMessage" + }, + "type": { + "$ref": "#/components/schemas/ccs.MsgType" + } + }, + "type": "object" + }, + "ccs.Feature": { + "properties": { + "mode": { + "$ref": "#/components/schemas/cloudaccount.FeatureMode" + }, + "name": { + "$ref": "#/components/schemas/ccs.FeatureName" + } + }, + "type": "object" + }, + "ccs.FeatureName": { + "description": "FeatureName is the account feature name", + "enum": [ + [ + "agentless", + "serverless", + "cloud-discovery", + "auto-protect" + ] + ], + "type": "string" + }, + "ccs.MsgType": { + "description": "MsgType is the message type, e.g. `account`, `alert-rule`, etc", + "enum": [ + [ + "account" + ] + ], + "type": "string" + }, + "cloudaccount.FeatureMode": { + "enum": [ + [ + "cloud-scan", + "target-scan", + "hub-scan", + "hub" + ] + ], + "type": "string" + }, + "clustereddb.AddMemberRequest": { + "description": "AddMemberRequest represents a request for adding a member to the clustered DB pool", + "properties": { + "address": { + "description": "Address is the member address to add.\n", + "type": "string" + } + }, + "type": "object" + }, + "clustereddb.ReplicaSetMemberStateStr": { + "description": "ReplicaSetMemberStateStr is a string representation of a member's state\nRef. https://docs.mongodb.com/v4.4/reference/replica-states/", + "enum": [ + [ + "STARTUP", + "PRIMARY", + "SECONDARY", + "RECOVERING", + "STARTUP2", + "UNKNOWN", + "ARBITER", + "DOWN", + "ROLLBACK", + "REMOVED" + ] + ], + "type": "string" + }, + "clustereddb.ReplicaSetMemberStatus": { + "description": "ReplicaSetMemberStatus represents replica set member's status\nRef. https://docs.mongodb.com/v4.4/reference/command/replSetGetStatus/#mongodb-data-replSetGetStatus.members", + "properties": { + "name": { + "description": "Name is the member's name (hostname address).\n", + "type": "string" + }, + "stateStr": { + "$ref": "#/components/schemas/clustereddb.ReplicaSetMemberStateStr" + } + }, + "type": "object" + }, + "clustereddb.Settings": { + "description": "Settings represents the clustered DB settings", + "properties": { + "loadBalancerAddress": { + "description": "LoadBalancerAddress is the address of the customer's load balancer in clustered DB mode. All clients (including Defenders) are reaching the Console through the load balancer.\n", + "type": "string" + }, + "seedConsoleAddress": { + "description": "SeedConsoleAddress allows editing the address of the seed Console (optional).\n", + "type": "string" + } + }, + "type": "object" + }, + "clustereddb.StatusResponse": { + "description": "StatusResponse represents the response to a clustered DB status request", + "properties": { + "date": { + "description": "Date indicates the current time according to the queried Mongo server.\n", + "format": "date-time", + "type": "string" + }, + "loadBalancerAddress": { + "description": "LoadBalancerAddress represents the address of the load balancer.\n", + "type": "string" + }, + "members": { + "description": "Members are the replica set members.\n", + "items": { + "$ref": "#/components/schemas/clustereddb.ReplicaSetMemberStatus" + }, + "type": "array" + } + }, + "type": "object" + }, + "cnnf.AllowAllConnections": { + "description": "AllowAllConnections indicates if connections are allowed to/from any entity of the specified types\ne.g. if inbound contains the type subnet, the entity is allowed to receive connections from any subnet", + "properties": { + "inbound": { + "description": "Inbound indicates if connections are allowed from any entity of the specified types.\n", + "items": { + "$ref": "#/components/schemas/cnnf.RuleEntityType" + }, + "type": "array" + }, + "outbound": { + "description": "Outbound indicates if connections are allowed to any entity of the specified types.\n", + "items": { + "$ref": "#/components/schemas/cnnf.RuleEntityType" + }, + "type": "array" + } + }, + "type": "object" + }, + "cnnf.ContainerAudit": { + "description": "ContainerAudit represents a network firewall audit event", + "properties": { + "block": { + "description": "Block indicates whether the connection was blocked.\n", + "type": "boolean" + }, + "count": { + "description": "Count is the event occurrences count.\n", + "type": "integer" + }, + "dstContainerName": { + "description": "DstContainerName is the destination container name.\n", + "type": "string" + }, + "dstDomain": { + "description": "DstDomain is the destination domain that was queried.\n", + "type": "string" + }, + "dstImageName": { + "description": "DstImage is the destination image name.\n", + "type": "string" + }, + "dstPort": { + "description": "DstPort is the connection destination port.\n", + "type": "integer" + }, + "dstProfileHash": { + "$ref": "#/components/schemas/common.ProfileHash" + }, + "dstProfileID": { + "description": "DstProfileID is the destination profile ID.\n", + "type": "string" + }, + "dstSubnet": { + "description": "DstSubnet is the destination subnet.\n", + "type": "string" + }, + "labels": { + "additionalProperties": { + "$ref": "#/components/schemas/string" + }, + "description": "Labels are the custom labels associated with the target container.\n", + "type": "object" + }, + "msg": { + "description": "Message is the event message.\n", + "type": "string" + }, + "ruleID": { + "$ref": "#/components/schemas/cnnf.RuleID" + }, + "srcContainerName": { + "description": "SrcContainerName is the source container name.\n", + "type": "string" + }, + "srcImageName": { + "description": "SrcImage is the source image name.\n", + "type": "string" + }, + "srcProfileHash": { + "$ref": "#/components/schemas/common.ProfileHash" + }, + "srcProfileID": { + "description": "SrcProfileID is the source profile ID.\n", + "type": "string" + }, + "time": { + "description": "Time is the UTC time of the audit event.\n", + "format": "date-time", + "type": "string" + }, + "type": { + "$ref": "#/components/schemas/cnnf.NetworkFirewallAttackType" + } + }, + "type": "object" + }, + "cnnf.EntityID": { + "description": "EntityID represents the ID of each network firewall entity.\n20 bits are used. Max legal value: 2^20-1", + "type": "integer" + }, + "cnnf.HostAudit": { + "description": "HostAudit represents a host network firewall audit event", + "properties": { + "accountID": { + "description": "AccountID is the host account ID.\n", + "type": "string" + }, + "block": { + "description": "Block indicates whether the connection was blocked.\n", + "type": "boolean" + }, + "cluster": { + "description": "Cluster is the cluster from which the audit originated.\n", + "type": "string" + }, + "count": { + "description": "Count is the event occurrences count.\n", + "type": "integer" + }, + "dstHostname": { + "description": "DstHostname is the destination hostname.\n", + "type": "string" + }, + "dstPort": { + "description": "DstPort is the connection destination port.\n", + "type": "integer" + }, + "dstSubnet": { + "description": "DstSubnet is the destination subnet.\n", + "type": "string" + }, + "msg": { + "description": "Message is the event message.\n", + "type": "string" + }, + "ruleID": { + "$ref": "#/components/schemas/cnnf.RuleID" + }, + "srcHash": { + "$ref": "#/components/schemas/common.ProfileHash" + }, + "srcHostname": { + "description": "SrcHostname is the source hostname.\n", + "type": "string" + }, + "srcSubnet": { + "description": "SrcSubnet is the source subnet.\n", + "type": "string" + }, + "time": { + "description": "Time is the UTC time of the audit event.\n", + "format": "date-time", + "type": "string" + }, + "type": { + "$ref": "#/components/schemas/cnnf.NetworkFirewallAttackType" + } + }, + "type": "object" + }, + "cnnf.NetworkEntities": { + "description": "NetworkEntities represents a list of network firewall entities", + "items": { + "$ref": "#/components/schemas/cnnf.NetworkEntity" + }, + "type": "array" + }, + "cnnf.NetworkEntity": { + "description": "NetworkEntity represents a network firewall entity", + "properties": { + "_id": { + "$ref": "#/components/schemas/cnnf.EntityID" + }, + "allowAll": { + "$ref": "#/components/schemas/cnnf.AllowAllConnections" + }, + "collections": { + "description": "Collections indicate the collection the entity is part of.\n", + "items": { + "$ref": "#/components/schemas/collection.Collection" + }, + "type": "array" + }, + "domains": { + "description": "Domains is a list of domains.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "name": { + "description": "Name is the entity name.\n", + "type": "string" + }, + "subnets": { + "description": "Subnets are the CIDR format network.\n", + "items": { + "$ref": "#/components/schemas/cnnf.Subnet" + }, + "type": "array" + }, + "type": { + "$ref": "#/components/schemas/cnnf.RuleEntityType" + } + }, + "type": "object" + }, + "cnnf.NetworkFirewallAttackType": { + "description": "NetworkFirewallAttackType is the network firewall type of attack", + "enum": [ + [ + "unexpectedConnection" + ] + ], + "type": "string" + }, + "cnnf.Policy": { + "description": "Policy holds the data for firewall policies (host and container)", + "properties": { + "_id": { + "description": ".\n", + "type": "string" + }, + "containerEnabled": { + "description": "ContainerEnabled indicates whether container network firewall feature is enabled.\n", + "type": "boolean" + }, + "containerRules": { + "description": "ContainerRules holds the container firewall rules.\n", + "items": { + "$ref": "#/components/schemas/cnnf.Rule" + }, + "type": "array" + }, + "hostEnabled": { + "description": "HostEnabled indicates whether host network firewall feature is enabled.\n", + "type": "boolean" + }, + "hostRules": { + "description": "HostRules holds the host firewall rules.\n", + "items": { + "$ref": "#/components/schemas/cnnf.Rule" + }, + "type": "array" + }, + "modified": { + "description": ".\n", + "format": "date-time", + "type": "string" + }, + "networkEntities": { + "$ref": "#/components/schemas/cnnf.NetworkEntities" + }, + "owner": { + "description": ".\n", + "type": "string" + } + }, + "type": "object" + }, + "cnnf.RadarConnectionInstance": { + "description": "RadarConnectionInstance is an instance of a connection between two radar endpoints", + "properties": { + "dst": { + "description": "Dst is the dst of the connection instance. Typically kept as an IP or a hostname.\n", + "type": "string" + }, + "policyRule": { + "$ref": "#/components/schemas/cnnf.RadarPolicyRule" + }, + "port": { + "$ref": "#/components/schemas/common.PortData" + }, + "src": { + "description": "Src is the src of the connection instance. Typically kept as an IP or a hostname.\n", + "type": "string" + }, + "time": { + "description": "Time is the time the connection instance was added.\n", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "cnnf.RadarConnectionInstances": { + "description": "RadarConnectionInstances holds the recent connections history between 2 entities (hosts, subnet entities, etc)", + "properties": { + "instances": { + "description": "Instances are connection samples.\n", + "items": { + "$ref": "#/components/schemas/cnnf.RadarConnectionInstance" + }, + "type": "array" + } + }, + "type": "object" + }, + "cnnf.RadarPolicyRule": { + "description": "RadarPolicyRule holds the data of a single policy rule", + "properties": { + "effect": { + "$ref": "#/components/schemas/common.Effect" + }, + "portRanges": { + "description": "PortRanges specify the ranges of ports.\n", + "items": { + "$ref": "#/components/schemas/common.PortRange" + }, + "type": "array" + } + }, + "type": "object" + }, + "cnnf.Rule": { + "description": "Rule contains the properties common to both host and container network firewall", + "properties": { + "disabled": { + "description": "Indicates whether the rule is currently disabled. Values: true (disabled) or false (enabled).\n", + "type": "boolean" + }, + "dst": { + "$ref": "#/components/schemas/cnnf.EntityID" + }, + "effect": { + "$ref": "#/components/schemas/common.Effect" + }, + "id": { + "$ref": "#/components/schemas/cnnf.RuleID" + }, + "modified": { + "description": "Specifies the date and time when the rule was last modified.\n", + "format": "date-time", + "type": "string" + }, + "name": { + "description": "Name of the rule.\n", + "type": "string" + }, + "notes": { + "description": "Describes any noteworthy points for a rule. You can include any text.\n", + "type": "string" + }, + "owner": { + "description": "User who created or last modified the rule.\n", + "type": "string" + }, + "ports": { + "description": "Ports are the entity port range specifications.\n", + "items": { + "$ref": "#/components/schemas/common.PortRange" + }, + "type": "array" + }, + "previousName": { + "description": "Previous name of the rule. Required for rule renaming.\n", + "type": "string" + }, + "src": { + "$ref": "#/components/schemas/cnnf.EntityID" + } + }, + "type": "object" + }, + "cnnf.RuleEntityType": { + "description": "RuleEntityType is the network firewall rule entity type", + "enum": [ + [ + "container", + "host", + "subnet", + "dns" + ] + ], + "type": "string" + }, + "cnnf.RuleID": { + "description": "RuleID represents the ID of each container network firewall policy rule", + "type": "integer" + }, + "cnnf.Subnet": { + "description": "Subnet is a network firewall subnet", + "properties": { + "cidr": { + "description": "CIDR is the IP range of the defined entity.\n", + "type": "string" + }, + "name": { + "description": "Name is the given name to represent the range.\n", + "type": "string" + } + }, + "type": "object" + }, + "coderepos.ManifestFile": { + "description": "ManifestFile holds the data of a specific manifest file (can also be of a dependency manifest file)", + "properties": { + "dependencies": { + "description": "Packages listed in the manifest file.\n", + "items": { + "$ref": "#/components/schemas/coderepos.PkgDependency" + }, + "type": "array" + }, + "distribution": { + "$ref": "#/components/schemas/vuln.Distribution" + }, + "path": { + "description": "Path to the file.\n", + "type": "string" + }, + "type": { + "$ref": "#/components/schemas/packages.Type" + } + }, + "type": "object" + }, + "coderepos.PkgDependency": { + "description": "PkgDependency represents a required package", + "properties": { + "devDependency": { + "description": "Indicates if this dependency is used only for the development of the package (true) or not (false).\n", + "type": "boolean" + }, + "lastResolved": { + "description": "Date/time of the last version resolution. If the value is zero, it means the version is explicit and does not require resolving.\n", + "format": "date-time", + "type": "string" + }, + "licenseSeverity": { + "description": "Maximum severity of the detected licenses according to the compliance policy.\n", + "type": "string" + }, + "licenses": { + "description": "Detected licenses of the dependant package.\n", + "items": { + "$ref": "#/components/schemas/license.SPDXLicense" + }, + "type": "array" + }, + "name": { + "description": "Package name that the dependency refers to.\n", + "type": "string" + }, + "rawRequirement": { + "description": "Line in which the package is declared.\n", + "type": "string" + }, + "unsupported": { + "description": "Indicates if this package is unsupported by the remote package manager DB (e.g., due to a bad name or private package) (true) or not (false).\n", + "type": "boolean" + }, + "version": { + "description": "Package version, either explicitly specified in a manifest or resolved by the scanner.\n", + "type": "string" + }, + "vulnerabilities": { + "description": "Vulnerabilities in the package.\n", + "items": { + "$ref": "#/components/schemas/vuln.Vulnerability" + }, + "type": "array" + } + }, + "type": "object" + }, + "coderepos.Repository": { + "description": "Repository is the metadata for a code repository", + "properties": { + "build": { + "description": "CI build.\n", + "type": "string" + }, + "defaultBranch": { + "description": "Default branch in the repository, usually master.\n", + "type": "string" + }, + "digest": { + "description": "Repository content digest. Used to indicate if the content of the repository has changed.\n", + "type": "string" + }, + "fullName": { + "description": "Full name that represents the repository (/).\n", + "type": "string" + }, + "jobName": { + "description": "CI job name.\n", + "type": "string" + }, + "name": { + "description": "Repository name.\n", + "type": "string" + }, + "owner": { + "description": "GitHub username or organization name of the repository's owner.\n", + "type": "string" + }, + "private": { + "description": "Indicates if the repository is private (true) or not (false).\n", + "type": "boolean" + }, + "size": { + "description": "Size of the repository (in KB).\n", + "type": "integer" + }, + "url": { + "description": "URL is the repository address.\n", + "type": "string" + } + }, + "type": "object" + }, + "coderepos.ScanResult": { + "description": "ScanResult holds a specific repository data", + "properties": { + "_id": { + "description": "Scan report ID in the database.\n", + "type": "string" + }, + "collections": { + "description": "List of matching code repo collections.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "complianceRiskScore": { + "description": "Code repository's compliance risk score. Used for sorting.\n", + "format": "float", + "type": "number" + }, + "files": { + "description": "Scan result for each manifest file in the repository.\n", + "items": { + "$ref": "#/components/schemas/coderepos.ManifestFile" + }, + "type": "array" + }, + "pass": { + "description": "Indicates whether the scan passed or failed.\n", + "type": "boolean" + }, + "repository": { + "$ref": "#/components/schemas/coderepos.Repository" + }, + "scanTime": { + "description": "Date/time when this repository was last scanned. The results might be from the DB and not updated if the repository contents have not changed.\n", + "format": "date-time", + "type": "string" + }, + "type": { + "$ref": "#/components/schemas/shared.CodeRepoProviderType" + }, + "updateTime": { + "description": "Date/time when this repository was last updated.\n", + "format": "date-time", + "type": "string" + }, + "vulnInfo": { + "$ref": "#/components/schemas/shared.ImageInfo" + }, + "vulnerabilityRiskScore": { + "description": "Code repository's CVE risk score. Used for sorting.\n", + "format": "float", + "type": "number" + }, + "vulnerableFiles": { + "description": "Counts how many files have vulnerabilities. Vulnerability info is calculated on demand.\n", + "type": "integer" + } + }, + "type": "object" + }, + "collection.Collection": { + "description": "Collection is a collection of resources", + "properties": { + "accountIDs": { + "description": "List of account IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "appIDs": { + "description": "List of application IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "clusters": { + "description": "List of Kubernetes cluster names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "color": { + "$ref": "#/components/schemas/common.Color" + }, + "containers": { + "description": "List of containers.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "description": { + "description": "Free-form text.\n", + "type": "string" + }, + "functions": { + "description": "List of functions.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "hosts": { + "description": "List of hosts.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "images": { + "description": "List of images.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "labels": { + "description": "List of labels.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "modified": { + "description": "Datetime when the collection was last modified.\n", + "format": "date-time", + "type": "string" + }, + "name": { + "description": "Collection name. Must be unique.\n", + "type": "string" + }, + "namespaces": { + "description": "List of Kubernetes namespaces.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "owner": { + "description": "User who created or last modified the collection.\n", + "type": "string" + }, + "prisma": { + "description": "Indicates whether this collection originates from Prisma Cloud.\n", + "type": "boolean" + }, + "system": { + "description": "Indicates whether this collection was created by the system (i.e., a non user) (true) or a real user (false).\n", + "type": "boolean" + } + }, + "type": "object" + }, + "collection.Usage": { + "description": "Usage represents details of a collection being used", + "properties": { + "name": { + "description": "Name of the consumer (e.g., container runtime, username, etc.).\n", + "type": "string" + }, + "type": { + "$ref": "#/components/schemas/collection.UsageType" + } + }, + "type": "object" + }, + "collection.UsageType": { + "description": "UsageType represents a collection usage type", + "enum": [ + [ + "policy", + "settings", + "user", + "group", + "registryScan" + ] + ], + "type": "string" + }, + "common.CloudMetadata": { + "description": "CloudMetadata is the metadata for a cloud provider managed asset (e.g., as part of AWS/GCP/Azure/OCI)", + "properties": { + "accountID": { + "description": "Cloud account ID.\n", + "type": "string" + }, + "awsExecutionEnv": { + "description": "AWS execution environment (e.g. EC2/Fargate).\n", + "type": "string" + }, + "image": { + "description": "The name of the image the cloud managed host or container is based on.\n", + "type": "string" + }, + "labels": { + "description": "Cloud provider metadata labels.\n", + "items": { + "$ref": "#/components/schemas/common.ExternalLabel" + }, + "type": "array" + }, + "name": { + "description": "Resource name.\n", + "type": "string" + }, + "provider": { + "$ref": "#/components/schemas/common.CloudProvider" + }, + "region": { + "description": "Resource's region.\n", + "type": "string" + }, + "resourceID": { + "description": "Unique ID of the resource.\n", + "type": "string" + }, + "resourceURL": { + "description": "Server-defined URL for the resource.\n", + "type": "string" + }, + "type": { + "description": "Instance type.\n", + "type": "string" + }, + "vmID": { + "description": "Azure unique vm ID.\n", + "type": "string" + }, + "vmImageID": { + "description": "VMImageID holds the VM instance's image ID.\n", + "type": "string" + } + }, + "type": "object" + }, + "common.CloudProvider": { + "description": "CloudProvider specifies the cloud provider name", + "enum": [ + [ + "aws", + "azure", + "gcp", + "alibaba", + "oci", + "others" + ] + ], + "type": "string" + }, + "common.ClusterType": { + "description": "ClusterType is the cluster type", + "enum": [ + [ + "AKS", + "ECS", + "EKS", + "GKE", + "Kubernetes" + ] + ], + "type": "string" + }, + "common.Color": { + "description": "Color is a hexadecimal representation of color code value", + "type": "string" + }, + "common.ContainerRuntime": { + "description": "ContainerRuntime represents the supported container runtime types", + "enum": [ + [ + "docker", + "containerd", + "crio" + ] + ], + "type": "string" + }, + "common.DaemonSetOptions": { + "description": "DaemonSetOptions are options for creating the daemonset install script for defenders", + "properties": { + "annotations": { + "additionalProperties": { + "$ref": "#/components/schemas/string" + }, + "description": "Annotations is mapping of key-value pairs of annotations metadata - optional.\n", + "type": "object" + }, + "bottlerocket": { + "description": "Bottlerocket indicates whether to be deployed on a Bottlerocket Linux OS.\n", + "type": "boolean" + }, + "cluster": { + "description": "Cluster is the kubernetes or ecs cluster name.\n", + "type": "string" + }, + "clusterNameResolvingMethod": { + "description": "ClusterNameResolvingMethod is the method used to resolve the cluster name, could be default, manual or api-server.\n", + "type": "string" + }, + "collectPodLabels": { + "description": "CollectPodLabels indicates whether to collect pod related labels resource labels.\n", + "type": "boolean" + }, + "consoleAddr": { + "description": "ConsoleAddr is the console address for defender communication.\n", + "type": "string" + }, + "containerRuntime": { + "$ref": "#/components/schemas/common.ContainerRuntime" + }, + "cpuLimit": { + "description": "CPULimit is the cpu limit for the defender deamonset - optional.\n", + "type": "integer" + }, + "credentialID": { + "description": "CredentialID is the name of the credential used.\n", + "type": "string" + }, + "dockerSocketPath": { + "description": "DockerSocketPath is the path of the docker socket file.\n", + "type": "string" + }, + "gkeAutopilot": { + "description": "GKEAutopilot indicates the deployment is requested for GKE Autopilot.\n", + "type": "boolean" + }, + "image": { + "description": "Image is the full daemonset image name.\n", + "type": "string" + }, + "istio": { + "description": "MonitorIstio indicates whether to monitor Istio.\n", + "type": "boolean" + }, + "memoryLimit": { + "description": "MemoryLimit is a memory limit for the defender deamonset - optional.\n", + "type": "integer" + }, + "namespace": { + "description": "Namespace is the target deamonset namespaces.\n", + "type": "string" + }, + "nodeSelector": { + "description": "NodeSelector is a key/value node selector.\n", + "type": "string" + }, + "orchestration": { + "description": "Orchestration is the orchestration type.\n", + "type": "string" + }, + "priorityClassName": { + "description": "PriorityClassName is the name of the priority class for the defender - optional.\n", + "type": "string" + }, + "privileged": { + "description": "Privileged indicates whether to run defenders as privileged.\n", + "type": "boolean" + }, + "projectID": { + "description": "ProjectID is the kubernetes cluster project ID.\n", + "type": "string" + }, + "proxy": { + "$ref": "#/components/schemas/common.DefenderProxyOpt" + }, + "region": { + "description": "Region is the kubernetes cluster location region.\n", + "type": "string" + }, + "roleARN": { + "description": "RoleARN is the role's ARN to associate with the created service account - optional.\n", + "type": "string" + }, + "secretsname": { + "description": "SecretsName is the name of the secret to pull.\n", + "type": "string" + }, + "selinux": { + "description": "SelinuxEnforced indicates whether selinux is enforced on the target host.\n", + "type": "boolean" + }, + "serviceaccounts": { + "description": "MonitorServiceAccounts indicates whether to monitor service accounts.\n", + "type": "boolean" + }, + "talos": { + "description": "Talos indicates if the daemonset is to be deployed on a Talos Linux k8s cluster.\n", + "type": "boolean" + }, + "tolerations": { + "description": "Tolerations is a list of tolerations for the defender deamonset - optional.\n", + "items": { + "$ref": "#/components/schemas/common.Toleration" + }, + "type": "array" + }, + "uniqueHostname": { + "description": "UniqueHostname indicates whether to assign unique hostnames.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "common.DefenderProxyOpt": { + "description": "DefenderProxyOpt holds options for defender proxy configuration\nIt embeds ProxySettings but override it's Password field with a simple string\nThis is needed in order to avoid Secret's MarshalJSON method, which depends on existence of master key file", + "properties": { + "ca": { + "description": "Proxy's CA for Defender to trust. Required when using TLS intercept proxies.\n", + "type": "string" + }, + "httpProxy": { + "description": "Proxy address.\n", + "type": "string" + }, + "noProxy": { + "description": "List of addresses for which the proxy should not be used.\n", + "type": "string" + }, + "password": { + "description": ".\n", + "type": "string" + }, + "user": { + "description": "Username to authenticate with the proxy.\n", + "type": "string" + } + }, + "type": "object" + }, + "common.Effect": { + "description": "Effect is the effect that is used in the CNNF rule", + "enum": [ + [ + "allow", + "alert", + "prevent", + "monitor", + "" + ] + ], + "type": "string" + }, + "common.ExternalLabel": { + "description": "ExternalLabel holds an external label with a source and timestamp", + "properties": { + "key": { + "description": "Label key.\n", + "type": "string" + }, + "sourceName": { + "description": "Source name (e.g., for a namespace, the source name can be 'twistlock').\n", + "type": "string" + }, + "sourceType": { + "$ref": "#/components/schemas/common.ExternalLabelSourceType" + }, + "timestamp": { + "description": "Time when the label was fetched.\n", + "format": "date-time", + "type": "string" + }, + "value": { + "description": "Value of the label.\n", + "type": "string" + } + }, + "type": "object" + }, + "common.ExternalLabelSourceType": { + "description": "ExternalLabelSourceType indicates the source of the labels", + "enum": [ + [ + "namespace", + "deployment", + "aws", + "azure", + "gcp", + "oci" + ] + ], + "type": "string" + }, + "common.HostForensicSettings": { + "description": "HostForensicSettings indicates how to perform host forensic", + "properties": { + "activitiesDisabled": { + "description": "ActivitiesDisabled indicates if the host activity collection is enabled/disabled.\n", + "type": "boolean" + }, + "dockerEnabled": { + "description": "DockerEnabled indicates whether docker commands are collected.\n", + "type": "boolean" + }, + "readonlyDockerEnabled": { + "description": "ReadonlyDockerEnabled indicates whether docker readonly commands are collected.\n", + "type": "boolean" + }, + "serviceActivitiesEnabled": { + "description": "ServiceActivitiesEnabled indicates whether activities from services are collected.\n", + "type": "boolean" + }, + "sshdEnabled": { + "description": "SshdEnabled indicates whether ssh commands are collected.\n", + "type": "boolean" + }, + "sudoEnabled": { + "description": "SudoEnabled indicates whether sudo commands are collected.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "common.ImageType": { + "description": "ImageType is the type of a VM image.\nFor example, in the case of Azure this is one of marketplace/managed/gallery.", + "type": "string" + }, + "common.NetworkDeviceIP": { + "description": "NetworkDeviceIP represents a network device name and address pair", + "properties": { + "ip": { + "description": "Network device IPv4 address.\n", + "type": "string" + }, + "name": { + "description": "Network device name.\n", + "type": "string" + } + }, + "type": "object" + }, + "common.OSDistroInfo": { + "description": "OSDistroInfo represents information regarding the OS distribution", + "properties": { + "distro": { + "description": "Distro is the OS distro name (e.g. ubuntu).\n", + "type": "string" + }, + "distroRelease": { + "description": "DistroRelease is the OS distro release (e.g. willy).\n", + "type": "string" + }, + "fullName": { + "description": "FullName is the full name of the distro (e.g. Ubuntu 19.10).\n", + "type": "string" + }, + "underlyingDistro": { + "description": "UnderlyingDistro is used in cases OS an OS is built on top of another, and we need to know both.\n", + "type": "string" + }, + "underlyingDistroRelease": { + "description": "UnderlyingDistroRelease is used in cases OS an OS is built on top of another, and we need to know both.\n", + "type": "string" + }, + "version": { + "description": "Version is the OS release numeric version (e.g. 19.10).\n", + "type": "string" + } + }, + "type": "object" + }, + "common.PolicyBlockMsg": { + "description": "PolicyBlockMsg represent the block message in a Policy", + "type": "string" + }, + "common.PolicyEffect": { + "description": "PolicyEffect state the effect of evaluating the given policy", + "enum": [ + [ + "allow", + "deny", + "block", + "alert" + ] + ], + "type": "string" + }, + "common.PolicyType": { + "description": "PolicyType represents the type of the policy", + "enum": [ + [ + "containerVulnerability", + "containerCompliance", + "ciImagesVulnerability", + "ciImagesCompliance", + "hostVulnerability", + "hostCompliance", + "vmVulnerability", + "vmCompliance", + "serverlessCompliance", + "ciServerlessCompliance", + "serverlessVulnerability", + "ciServerlessVulnerability", + "containerRuntime", + "appEmbeddedRuntime", + "containerAppFirewall", + "hostAppFirewall", + "outOfBandAppFirewall", + "agentlessAppFirewall", + "serverObserverAppFirewall", + "appEmbeddedAppFirewall", + "serverlessAppFirewall", + "networkFirewall", + "secrets", + "hostRuntime", + "serverlessRuntime", + "kubernetesAudit", + "trust", + "admission", + "codeRepoCompliance", + "ciCodeRepoCompliance", + "ciCodeRepoVulnerability", + "codeRepoVulnerability" + ] + ], + "type": "string" + }, + "common.PortData": { + "description": "PortData is a port of connections with his metadata", + "properties": { + "effect": { + "$ref": "#/components/schemas/common.Effect" + }, + "port": { + "description": "Port is the port number.\n", + "type": "integer" + }, + "protocol": { + "description": "Protocol is the protocol used in the port.\n", + "type": "string" + } + }, + "type": "object" + }, + "common.PortRange": { + "description": "PortRange represents a port range", + "properties": { + "deny": { + "description": "Deny indicates whether the connection is denied.\n", + "type": "boolean" + }, + "end": { + "description": ".\n", + "type": "integer" + }, + "start": { + "description": ".\n", + "type": "integer" + } + }, + "type": "object" + }, + "common.ProfileHash": { + "description": "ProfileHash represents the profile hash\nIt is allowed to contain up to uint32 numbers, and represented by int64 since mongodb does not support unsigned data types", + "format": "int64", + "type": "integer" + }, + "common.ProfilePort": { + "description": "ProfilePort represents a networking profile port", + "properties": { + "port": { + "description": "Port is the port number.\n", + "type": "integer" + }, + "time": { + "description": "Time is the learning timestamp of this port.\n", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "common.ProfilePortData": { + "description": "ProfilePortData represents a runtime profile ports data", + "properties": { + "all": { + "description": "All indicates that this port data represents any arbitrary ports.\n", + "type": "boolean" + }, + "ports": { + "description": "Ports is the list of profile runtime ports.\n", + "items": { + "$ref": "#/components/schemas/common.ProfilePort" + }, + "type": "array" + } + }, + "type": "object" + }, + "common.ProxySettings": { + "description": "ProxySettings are the http proxy settings", + "properties": { + "ca": { + "description": "Proxy's CA for Defender to trust. Required when using TLS intercept proxies.\n", + "type": "string" + }, + "httpProxy": { + "description": "Proxy address.\n", + "type": "string" + }, + "noProxy": { + "description": "List of addresses for which the proxy should not be used.\n", + "type": "string" + }, + "password": { + "$ref": "#/components/schemas/common.Secret" + }, + "user": { + "description": "Username to authenticate with the proxy.\n", + "type": "string" + } + }, + "type": "object" + }, + "common.RuntimeResource": { + "description": "RuntimeResource represents on which resource in the system a rule applies (e.g., specific host or image)\nEmpty resource or wildcard (*) represents all resources of a given type", + "properties": { + "accountIDs": { + "description": "List of account IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "appIDs": { + "description": "List of application IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "clusters": { + "description": "List of Kubernetes cluster names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "containers": { + "description": "List of containers.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "functions": { + "description": "List of functions.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "hosts": { + "description": "List of hosts.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "images": { + "description": "List of images.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "labels": { + "description": "List of labels.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "namespaces": { + "description": "List of Kubernetes namespaces.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + "type": "object" + }, + "common.Secret": { + "description": "Secret Stores the plain and encrypted version of a value. The plain version is not stored in a database", + "properties": { + "encrypted": { + "description": "Specifies an encrypted value of the secret.\n", + "type": "string" + }, + "plain": { + "description": "Specifies the plain text value of the secret.\n", + "type": "string" + } + }, + "type": "object" + }, + "common.Toleration": { + "description": "Toleration holds options for pod toleration\nref: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/\ncode ref: k8s.io/api/core/v1/types.go", + "properties": { + "effect": { + "description": "Effect indicates the taint effect to match. Empty means match all taint effects.\nWhen specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.\n+optional.\n", + "type": "string" + }, + "key": { + "description": "Key is the taint key that the toleration applies to. Empty means match all taint keys.\nIf the key is empty, operator must be Exists; this combination means to match all values and all keys.\n+optional.\n", + "type": "string" + }, + "operator": { + "description": "Operator represents a key's relationship to the value.\nValid operators are Exists and Equal. Defaults to Equal.\nExists is equivalent to wildcard for value, so that a pod can\ntolerate all taints of a particular category.\n+optional.\n", + "type": "string" + }, + "tolerationSeconds": { + "description": "TolerationSeconds represents the period of time the toleration (which must be\nof effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,\nit is not set, which means tolerate the taint forever (do not evict). Zero and\nnegative values will be treated as 0 (evict immediately) by the system.\n+optional.\n", + "format": "int64", + "type": "integer" + }, + "value": { + "description": "Value is the taint value the toleration matches to.\nIf the operator is Exists, the value should be empty, otherwise just a regular string.\n+optional.\n", + "type": "string" + } + }, + "type": "object" + }, + "cred.AzureMIType": { + "enum": [ + [ + "user-assigned", + "system-assigned" + ] + ], + "type": "string" + }, + "cred.AzureSPInfo": { + "description": "AzureSPInfo contains the Azure credentials needed for certificate based authentications", + "properties": { + "clientId": { + "description": "ClientID is the client identifier.\n", + "type": "string" + }, + "miType": { + "$ref": "#/components/schemas/cred.AzureMIType" + }, + "subscriptionId": { + "description": "SubscriptionID is a GUID that uniquely identifies the subscription to use Azure services.\n", + "type": "string" + }, + "tenantId": { + "description": "TenantID is the ID of the AAD directory in which the application was created.\n", + "type": "string" + } + }, + "type": "object" + }, + "cred.Credential": { + "description": "Credential specifies the authentication data of an external provider", + "properties": { + "_id": { + "description": "Specifies the unique ID for credential.\n", + "type": "string" + }, + "accountGUID": { + "description": "Specifies the unique ID for an IBM Cloud account.\n", + "type": "string" + }, + "accountID": { + "description": "Specifies the account identifier. Example: a username, access key, account GUID, and so on.\n", + "type": "string" + }, + "accountName": { + "description": "Specifies the name of the cloud account.\n", + "type": "string" + }, + "apiToken": { + "$ref": "#/components/schemas/common.Secret" + }, + "azureSPInfo": { + "$ref": "#/components/schemas/cred.AzureSPInfo" + }, + "caCert": { + "description": "Specifies the CA certificate for a certificate-based authentication.\n", + "type": "string" + }, + "cloudProviderAccountID": { + "description": "Specifies the cloud provider account ID.\n", + "type": "string" + }, + "created": { + "description": "Specifies the time when the credential was created (or, when the account ID was changed for AWS).\n", + "format": "date-time", + "type": "string" + }, + "description": { + "description": "Specifies the description for a credential.\n", + "type": "string" + }, + "external": { + "description": "Indicates whether the credential was onboarded from the Prisma platform.\n", + "type": "boolean" + }, + "global": { + "description": "Indicates whether the credential scope is global.\nAvailable values are:\ntrue: Global\nfalse: Not Global\nNote: For GCP, the credential scope is the organization.\n", + "type": "boolean" + }, + "lastModified": { + "description": "Specifies the time when the credential was last modified.\n", + "format": "date-time", + "type": "string" + }, + "ociCred": { + "$ref": "#/components/schemas/cred.OCICred" + }, + "owner": { + "description": "Specifies the user who created or modified the credential.\n", + "type": "string" + }, + "prismaLastModified": { + "description": "Specifies the time when the account was last modified by Prisma Cloud Compute.\n", + "format": "int64", + "type": "integer" + }, + "roleArn": { + "description": "Specifies the Amazon Resource Name (ARN) of the role to be assumed.\n", + "type": "string" + }, + "secret": { + "$ref": "#/components/schemas/common.Secret" + }, + "skipVerify": { + "description": "Indicates whether to skip the certificate verification in TLS communication.\n", + "type": "boolean" + }, + "stsEndpoints": { + "description": "Specifies a list of specific endpoints for use in STS sessions in various regions.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "tokens": { + "$ref": "#/components/schemas/cred.TemporaryToken" + }, + "type": { + "$ref": "#/components/schemas/cred.Type" + }, + "url": { + "description": "Specifies the base server URL.\n", + "type": "string" + }, + "useAWSRole": { + "description": "Indicates whether to authenticate using the IAM Role attached to the instance.\nAvailable values are:\ntrue: Authenticate with the attached credentials\nfalse: Don\u2019t authenticate with the attached credentials.\n", + "type": "boolean" + }, + "useSTSRegionalEndpoint": { + "description": "Indicates whether to use the regional STS endpoint for an STS session.\nAvailable values are:\ntrue: Use the regional STS\nfalse: Don\u2019t use the regional STS.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "cred.OCICred": { + "description": "OCICred are additional parameters required for OCI credentials", + "properties": { + "fingerprint": { + "description": "Fingerprint is the public key signature.\n", + "type": "string" + }, + "tenancyId": { + "description": "TenancyID is the OCID of the tenancy.\n", + "type": "string" + } + }, + "type": "object" + }, + "cred.TemporaryToken": { + "description": "TemporaryToken is a temporary session token for cloud provider APIs\nAWS - https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp.html\nGCP - https://cloud.google.com/iam/docs/creating-short-lived-service-account-credentials\nAzure - https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/what-is-single-sign-on", + "properties": { + "awsAccessKeyId": { + "description": "Specifies a temporary access key.\n", + "type": "string" + }, + "awsSecretAccessKey": { + "$ref": "#/components/schemas/common.Secret" + }, + "duration": { + "description": "Specifies a duration for the token.\n", + "format": "int64", + "type": "integer" + }, + "expirationTime": { + "description": "Specifies an expiration time for the token.\n", + "format": "date-time", + "type": "string" + }, + "token": { + "$ref": "#/components/schemas/common.Secret" + } + }, + "type": "object" + }, + "cred.Type": { + "description": "Type specifies the credential type", + "enum": [ + [ + "aws", + "azure", + "gcp", + "ibmCloud", + "oci", + "apiToken", + "basic", + "dtr", + "kubeconfig", + "certificate", + "gitlabToken" + ] + ], + "type": "string" + }, + "cred.UsageType": { + "description": "UsageType represents the credential usage type", + "enum": [ + [ + "Alert settings", + "Alert profile", + "Registry Scan", + "Serverless Scan", + "Cloud Scan", + "Secret Store", + "Serverless Auto-Deploy", + "Host Auto-deploy", + "VM Scan", + "Agentless Scan Hub", + "Custom Intelligence Endpoint", + "VMware Tanzu blobstore Scan", + "Kubernetes Audit settings", + "Agentless app firewall" + ] + ], + "type": "string" + }, + "customrules.Action": { + "description": "Action is the action to perform if the custom rule applies", + "enum": [ + [ + "audit", + "incident" + ] + ], + "type": "string" + }, + "customrules.Effect": { + "description": "Effect is the effect that will be used for custom rule", + "enum": [ + [ + "block", + "prevent", + "alert", + "allow", + "ban", + "disable" + ] + ], + "type": "string" + }, + "customrules.Ref": { + "description": "Ref represents a custom rule that is referenced by a policy rule", + "properties": { + "_id": { + "description": "Custom rule ID.\n", + "type": "integer" + }, + "action": { + "$ref": "#/components/schemas/customrules.Action" + }, + "effect": { + "$ref": "#/components/schemas/customrules.Effect" + } + }, + "type": "object" + }, + "customrules.Rule": { + "description": "Rule represents a custom rule", + "properties": { + "_id": { + "description": "Rule ID. Must be unique.\n", + "type": "integer" + }, + "attackTechniques": { + "description": "List of attack techniques.\n", + "items": { + "$ref": "#/components/schemas/mitre.Technique" + }, + "type": "array" + }, + "description": { + "description": "Description of the rule.\n", + "type": "string" + }, + "message": { + "description": "Macro that is printed as part of the audit/incident message.\n", + "type": "string" + }, + "minVersion": { + "description": "Minimum version required to support the rule.\n", + "type": "string" + }, + "modified": { + "description": "Datetime when the rule was created or last modified.\n", + "format": "int64", + "type": "integer" + }, + "name": { + "description": "Name of the rule.\n", + "type": "string" + }, + "owner": { + "description": "User who created or modified the rule.\n", + "type": "string" + }, + "script": { + "description": "Custom script.\n", + "type": "string" + }, + "type": { + "$ref": "#/components/schemas/customrules.Type" + }, + "vulnIDs": { + "$ref": "#/components/schemas/customrules.VulnIDs" + } + }, + "type": "object" + }, + "customrules.Type": { + "description": "Type is the type of the custom rule", + "enum": [ + [ + "processes", + "filesystem", + "network-outgoing", + "kubernetes-audit", + "waas-request", + "waas-response" + ] + ], + "type": "string" + }, + "customrules.VulnIDs": { + "description": "VulnIDs is the list of vulnerability IDs", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "defender.Category": { + "description": "Category represents the defender target category", + "enum": [ + [ + "container", + "host", + "serverless", + "appEmbedded", + "hostAgentless", + "containerAgentless", + "cloudSecurityAgent" + ] + ], + "type": "string" + }, + "defender.Defender": { + "description": "Defender is an update about an agent starting", + "properties": { + "category": { + "$ref": "#/components/schemas/defender.Category" + }, + "certificateExpiration": { + "description": "Client certificate expiration time.\n", + "format": "date-time", + "type": "string" + }, + "cloudMetadata": { + "$ref": "#/components/schemas/common.CloudMetadata" + }, + "cluster": { + "description": "Cluster name (fallback is internal IP).\n", + "type": "string" + }, + "clusterID": { + "description": "Unique ID generated for each DaemonSet. Used to group Defenders by clusters. Note: Kubernetes does not provide a cluster name as part of its API.\n", + "type": "string" + }, + "clusterType": { + "$ref": "#/components/schemas/common.ClusterType" + }, + "collections": { + "description": "Collections to which this Defender belongs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "compatibleVersion": { + "description": "Indicates if Defender has a compatible version for communication (e.g., request logs) (true) or not (false).\n", + "type": "boolean" + }, + "connected": { + "description": "Indicates whether Defender is connected (true) or not (false).\n", + "type": "boolean" + }, + "features": { + "$ref": "#/components/schemas/defender.Features" + }, + "firewallProtection": { + "$ref": "#/components/schemas/waas.ProtectionStatus" + }, + "fqdn": { + "description": "Full domain name of the host. Used in audit alerts to identify specific hosts.\n", + "type": "string" + }, + "hostname": { + "description": "Name of host where Defender is deployed.\n", + "type": "string" + }, + "isARM64": { + "description": "IsARM64 indicates whether the defender runs on aarch64 architecture.\n", + "type": "boolean" + }, + "lastModified": { + "description": "Datetime when the Defender's connectivity status last changed.\n", + "format": "date-time", + "type": "string" + }, + "port": { + "description": "Port that Defender uses to connect to Console.\n", + "type": "integer" + }, + "proxy": { + "$ref": "#/components/schemas/common.ProxySettings" + }, + "remoteLoggingSupported": { + "description": "Indicates if Defender logs can be retrieved remotely (true) or not (false).\n", + "type": "boolean" + }, + "remoteMgmtSupported": { + "description": "Indicates if Defender can be remotely managed (upgraded, restarted) (true) or not (false).\n", + "type": "boolean" + }, + "status": { + "$ref": "#/components/schemas/defender.Status" + }, + "systemInfo": { + "$ref": "#/components/schemas/defender.SystemInfo" + }, + "tasBlobstoreScanner": { + "description": "Indicates TAS blobstore scanning only Defender.\n", + "type": "boolean" + }, + "tasClusterID": { + "description": "TAS cluster ID where Defender runs. This is typically set to the Cloud controller's API address.\n", + "type": "string" + }, + "tasFoundation": { + "description": "TASFoundation is the foundation the Defender is running on.\n", + "type": "string" + }, + "type": { + "$ref": "#/components/schemas/defender.Type" + }, + "usingOldCA": { + "description": "UsingOldCA indicates whether the defender client is using an old certificate signed by an old CA for TLS handshake.\n", + "type": "boolean" + }, + "version": { + "description": "Defender version.\n", + "type": "string" + }, + "vpcObserver": { + "description": "VPCObserver indicates whether the defender runs in a VPC observer.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "defender.FeatureStatus": { + "description": "FeatureStatus holds data about defender features", + "properties": { + "enabled": { + "description": "Indicates if the feature is enabled (true) or not (false).\n", + "type": "boolean" + }, + "err": { + "description": "Error string, if an error occurred.\n", + "type": "string" + }, + "hostname": { + "description": "Name of host where Defender runs.\n", + "type": "string" + } + }, + "type": "object" + }, + "defender.Features": { + "description": "Features is the defender features that can be updated", + "properties": { + "clusterMonitoring": { + "description": "Indicates whether any of the cluster monitoring features are enabled (monitor service accounts, monitor Istio, collect Kubernetes pod labels).\n", + "type": "boolean" + }, + "proxyListenerType": { + "$ref": "#/components/schemas/defender.ProxyListenerType" + } + }, + "type": "object" + }, + "defender.ProxyListenerType": { + "description": "ProxyListenerType is the proxy listener type of defenders", + "type": "string" + }, + "defender.ScanStatus": { + "description": "ScanStatus represents the status of current scan", + "properties": { + "completed": { + "description": "Indicates if scanning has successfully completed (true) or not (false).\n", + "type": "boolean" + }, + "errors": { + "description": "List of errors that occurred during the last scan.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "hostname": { + "description": "Name of the host where Defender runs.\n", + "type": "string" + }, + "scanTime": { + "description": "Datetime of the last completed scan.\n", + "format": "date-time", + "type": "string" + }, + "scanning": { + "description": "Indicates whether scanning is in progress (true) or not (false).\n", + "type": "boolean" + }, + "selective": { + "description": "Indicates if the scan is for a specific resource (true) or not (false).\n", + "type": "boolean" + } + }, + "type": "object" + }, + "defender.Settings": { + "description": "Settings is the Defender settings", + "properties": { + "admissionControlEnabled": { + "description": "Indicates if the admission controller is enabled (true) or not (false).\n", + "type": "boolean" + }, + "admissionControlWebhookSuffix": { + "description": "Relative path to the admission control webhook HTTP endpoint.\n", + "type": "string" + }, + "appEmbeddedFileSystemTracingEnabled": { + "description": "AppEmbeddedFileSystemTracingEnabled is the default deployment state for app embedded Defenders file system tracing.\n", + "type": "boolean" + }, + "automaticUpgrade": { + "description": "Deprecated: indicates if defenders should be automatically upgraded to the latest version.\n", + "type": "boolean" + }, + "disconnectPeriodDays": { + "description": "Number of consecutive days a Defender must remain disconnected for it to be considered decommissioned.\n", + "type": "integer" + }, + "hostCustomComplianceEnabled": { + "description": "Indicates if Defenders support host custom compliance checks (true) or not (false).\n", + "type": "boolean" + }, + "listeningPort": { + "description": "Port on which Defenders listen.\n", + "type": "integer" + } + }, + "type": "object" + }, + "defender.Status": { + "description": "Status is the generic status state per defender or global", + "properties": { + "appFirewall": { + "$ref": "#/components/schemas/defender.FeatureStatus" + }, + "container": { + "$ref": "#/components/schemas/defender.ScanStatus" + }, + "containerNetworkFirewall": { + "$ref": "#/components/schemas/defender.FeatureStatus" + }, + "features": { + "$ref": "#/components/schemas/defender.FeatureStatus" + }, + "filesystem": { + "$ref": "#/components/schemas/defender.FeatureStatus" + }, + "hostCustomCompliance": { + "$ref": "#/components/schemas/defender.FeatureStatus" + }, + "hostNetworkFirewall": { + "$ref": "#/components/schemas/defender.FeatureStatus" + }, + "image": { + "$ref": "#/components/schemas/defender.ScanStatus" + }, + "lastModified": { + "description": "Datetime the status was last modified.\n", + "format": "date-time", + "type": "string" + }, + "network": { + "$ref": "#/components/schemas/defender.FeatureStatus" + }, + "outOfBandAppFirewall": { + "$ref": "#/components/schemas/defender.FeatureStatus" + }, + "process": { + "$ref": "#/components/schemas/defender.FeatureStatus" + }, + "runc": { + "$ref": "#/components/schemas/defender.FeatureStatus" + }, + "runtime": { + "$ref": "#/components/schemas/defender.FeatureStatus" + }, + "tasDroplets": { + "$ref": "#/components/schemas/defender.ScanStatus" + }, + "upgrade": { + "$ref": "#/components/schemas/defender.UpgradeStatus" + } + }, + "type": "object" + }, + "defender.SystemInfo": { + "description": "SystemInfo is the OS information of the host", + "properties": { + "cpuCount": { + "description": "CPU count on the host where Defender runs.\n", + "type": "integer" + }, + "freeDiskSpaceGB": { + "description": "Free disk space (in GB) on the host where Defender runs.\n", + "type": "integer" + }, + "kernelVersion": { + "description": "Kernel version on the host where Defender runs.\n", + "type": "string" + }, + "memoryGB": { + "description": "Total memory (in GB) on the host where Defender runs.\n", + "format": "double", + "type": "number" + }, + "totalDiskSpaceGB": { + "description": "Total disk space (in GB) on the host where Defender runs.\n", + "type": "integer" + } + }, + "type": "object" + }, + "defender.Type": { + "description": "Type is the type to be given at startup", + "enum": [ + [ + "none", + "docker", + "dockerWindows", + "containerdWindows", + "swarm", + "daemonset", + "serverLinux", + "serverWindows", + "cri", + "fargate", + "appEmbedded", + "tas", + "tasWindows", + "serverless", + "ecs", + "podman" + ] + ], + "type": "string" + }, + "defender.UpgradeStatus": { + "description": "UpgradeStatus represents the status of current twistlock defender upgrade", + "properties": { + "err": { + "description": "Error string, if an error occurred.\n", + "type": "string" + }, + "hostname": { + "description": "Name of the host where Defender runs.\n", + "type": "string" + }, + "lastModified": { + "description": "Datetime of the last upgrade.\n", + "format": "date-time", + "type": "string" + }, + "progress": { + "description": "Upgrade progress.\n", + "type": "integer" + } + }, + "type": "object" + }, + "deployment.CommandError": { + "description": "CommandError is the command error on specific instance", + "properties": { + "error": { + "description": "Error is the error in case the command failed.\n", + "type": "string" + }, + "hostname": { + "description": "Hostname is the instance hostname.\n", + "type": "string" + }, + "instanceID": { + "description": "InstanceID is the instance id.\n", + "type": "string" + }, + "instanceName": { + "description": "InstanceName is the instance name.\n", + "type": "string" + }, + "projectID": { + "description": "ProjectID is instance GCP project id.\n", + "type": "string" + }, + "region": { + "description": "Region is the instance region for AWS or zone for GCP.\n", + "type": "string" + }, + "state": { + "description": "State is the error state in which the deployment failed (e.g. timed out/failed due to some other reason).\n", + "type": "string" + }, + "vmImage": { + "description": "VMImage is the instance image.\n", + "type": "string" + } + }, + "type": "object" + }, + "deployment.DaemonSet": { + "description": "DaemonSet holds information about deployed defender DaemonSet\nTODO #12377 - Implement Resource interface for collections filtering, after retrieving correct value to Cluster field", + "properties": { + "address": { + "description": "Address is the kubernetes cluster address.\n", + "type": "string" + }, + "cluster": { + "description": "Cluster is the kubernetes cluster name.\n", + "type": "string" + }, + "credentialID": { + "description": "CredentialID is the name of the credential used.\n", + "type": "string" + }, + "defendersVersion": { + "description": "DefendersVersion is the version of the defenders deployed.\n", + "type": "string" + }, + "desiredDefenders": { + "description": "DesiredDefenders is the number of desired defenders.\n", + "type": "integer" + }, + "error": { + "description": "Error indicates any related errors found.\n", + "type": "string" + }, + "hasDefender": { + "description": "HasDefender indicates if the cluster has at least one running defender.\n", + "type": "boolean" + }, + "projectID": { + "description": "ProjectID is the kubernetes cluster project ID.\n", + "type": "string" + }, + "region": { + "description": "Region is the kubernetes cluster location region.\n", + "type": "string" + }, + "runningDefenders": { + "description": "RunningDefenders is the number of defenders running.\n", + "type": "integer" + }, + "upgradable": { + "description": "Upgradable indicates if the cluster is upgradable.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "float32": { + "format": "float", + "type": "number" + }, + "float64": { + "format": "double", + "type": "number" + }, + "forensic.ContainerEvent": { + "description": "ContainerEvent holds forensic event information (in flat structure)", + "properties": { + "allPorts": { + "description": "AllPorts indicates all listening ports are allowed.\n", + "type": "boolean" + }, + "attack": { + "$ref": "#/components/schemas/shared.RuntimeAttackType" + }, + "category": { + "$ref": "#/components/schemas/shared.IncidentCategory" + }, + "command": { + "description": "Command is the event command.\n", + "type": "string" + }, + "containerId": { + "description": "ContainerID is the event container id.\n", + "type": "string" + }, + "domainName": { + "description": "DomainName is the event queried domain name.\n", + "type": "string" + }, + "domainType": { + "description": "DomainType is the event queried domain type.\n", + "type": "string" + }, + "dstIP": { + "description": "DstIP is the destination IP of the connection.\n", + "type": "string" + }, + "dstPort": { + "description": "DstPort is the destination port.\n", + "type": "integer" + }, + "dstProfileID": { + "description": "DstProfileID is the profile ID of the connection destination.\n", + "type": "string" + }, + "effect": { + "description": "Effect is the runtime audit effect.\n", + "type": "string" + }, + "listeningStartTime": { + "description": "listeningStartTime is the port listening start time.\n", + "format": "date-time", + "type": "string" + }, + "message": { + "description": "Message is the runtime audit message.\n", + "type": "string" + }, + "networkCollectionType": { + "$ref": "#/components/schemas/forensic.NetworkCollection" + }, + "outbound": { + "description": "Outbound indicates if the port is outbound.\n", + "type": "boolean" + }, + "path": { + "description": "Path is the event path.\n", + "type": "string" + }, + "pid": { + "description": "Pid is the event process id.\n", + "type": "integer" + }, + "port": { + "description": "Port is the listening port.\n", + "type": "integer" + }, + "ppid": { + "description": "PPid is the event parent process id.\n", + "type": "integer" + }, + "process": { + "description": "Process is the event process.\n", + "type": "string" + }, + "srcIP": { + "description": "SrcIP is the source IP of the connection.\n", + "type": "string" + }, + "srcProfileID": { + "description": "SrcProfileID is the profile ID of the connection source.\n", + "type": "string" + }, + "static": { + "description": "Static indicates the event was added to the profile without behavioral indication.\n", + "type": "boolean" + }, + "timestamp": { + "description": "Timestamp is the event timestamp.\n", + "format": "date-time", + "type": "string" + }, + "type": { + "$ref": "#/components/schemas/forensic.ContainerEventType" + }, + "user": { + "description": "User is the event user.\n", + "type": "string" + } + }, + "type": "object" + }, + "forensic.ContainerEventType": { + "description": "ContainerEventType represents the kind of event", + "enum": [ + [ + "Process spawned", + "Binary created", + "Container started", + "Listening port", + "Connection established", + "Runtime audit", + "Runtime profile process", + "Runtime profile filesystem", + "Runtime profile networking", + "Incident", + "DNS query" + ] + ], + "type": "string" + }, + "forensic.HostEvent": { + "description": "HostEvent holds host forensic event information", + "properties": { + "app": { + "description": "App is the application associated with the event.\n", + "type": "string" + }, + "attack": { + "$ref": "#/components/schemas/shared.RuntimeAttackType" + }, + "category": { + "$ref": "#/components/schemas/shared.IncidentCategory" + }, + "command": { + "description": "Command is the event command.\n", + "type": "string" + }, + "country": { + "description": "Country is the country associated with the event.\n", + "type": "string" + }, + "domainName": { + "description": "DomainName is the event queried domain name.\n", + "type": "string" + }, + "domainType": { + "description": "DomainType is the event queried domain type.\n", + "type": "string" + }, + "effect": { + "description": "Effect is the runtime audit effect.\n", + "type": "string" + }, + "interactive": { + "description": "Interactive indicates if the event is interactive.\n", + "type": "boolean" + }, + "ip": { + "description": "IP is the IP address associated with the event.\n", + "type": "string" + }, + "listeningStartTime": { + "description": "ListeningStartTime is the listening port start time.\n", + "format": "date-time", + "type": "string" + }, + "message": { + "description": "Message is the runtime audit message.\n", + "type": "string" + }, + "path": { + "description": "Path is the event path.\n", + "type": "string" + }, + "pid": { + "description": "Pid is the event process id.\n", + "type": "integer" + }, + "port": { + "description": "Port is the listening port.\n", + "type": "integer" + }, + "ppath": { + "description": "Path is the event parent path.\n", + "type": "string" + }, + "ppid": { + "description": "PPid is the event parent process id.\n", + "type": "integer" + }, + "process": { + "description": "Process is the event process.\n", + "type": "string" + }, + "timestamp": { + "description": "Timestamp is the event timestamp.\n", + "format": "date-time", + "type": "string" + }, + "type": { + "$ref": "#/components/schemas/forensic.HostEventType" + }, + "user": { + "description": "User is the event user.\n", + "type": "string" + } + }, + "type": "object" + }, + "forensic.HostEventType": { + "description": "HostEventType represents the kind of host event", + "enum": [ + [ + "Process spawned", + "Listening port", + "Binary created", + "Runtime audit", + "SSH event", + "Incident", + "DNS query" + ] + ], + "type": "string" + }, + "forensic.NetworkCollection": { + "description": "NetworkCollection describe the different types of collection of network events", + "type": "string" + }, + "identity.LdapSettings": { + "description": "LdapSettings are the ldap connectivity settings", + "properties": { + "accountPassword": { + "$ref": "#/components/schemas/common.Secret" + }, + "accountUpn": { + "description": "AccountUpn is the user principle name used to connect to the active directory server.\n", + "type": "string" + }, + "caCert": { + "description": "CaCert is cert in PEM format (optional, if not specified, skip_verify flag will be used).\n", + "type": "string" + }, + "enabled": { + "description": "Enabled indicates whether LDAP is enabled.\n", + "type": "boolean" + }, + "groupSearchBase": { + "description": "GroupSearchBase is the LDAP search pattern for groups.\n", + "type": "string" + }, + "searchBase": { + "description": "SearchBase is the LDAP search pattern.\n", + "type": "string" + }, + "type": { + "description": "Type specifies the LDAP server type (AD or OpenLDAP).\n", + "type": "string" + }, + "url": { + "description": "URL is the ldap server url.\n", + "type": "string" + }, + "userSearchBase": { + "description": "UserSearchBase is the LDAP search pattern for users.\n", + "type": "string" + }, + "userSearchIdentifier": { + "description": "UserSearchIdentifier is the user identifier to use for querying open ldap (e.g., cn -> cn=user).\n", + "type": "string" + } + }, + "type": "object" + }, + "identity.ProviderName": { + "description": "ProviderName is the identity provider name", + "enum": [ + [ + "github", + "openshift" + ] + ], + "type": "string" + }, + "identity.ProviderSettings": { + "description": "ProviderSettings are the Oauth/ OpenID Connect connectivity settings", + "properties": { + "authURL": { + "description": "AuthURL specifies auth URL.\n", + "type": "string" + }, + "cert": { + "description": "Cert is idp certificate.\n", + "type": "string" + }, + "clientID": { + "description": "ClientID is the client identifier issued to the client during the registration process.\n", + "type": "string" + }, + "clientSecret": { + "$ref": "#/components/schemas/common.Secret" + }, + "enabled": { + "description": "Enabled indicates whether Auth settings are enabled.\n", + "type": "boolean" + }, + "groupClaim": { + "description": "GroupClaim is the name of the group claim property.\n", + "type": "string" + }, + "groupScope": { + "description": "GroupScope specifies name of group scope.\n", + "type": "string" + }, + "openIDIssuesURL": { + "description": "OpenIDIssuesURL is the base URL for OpenID connect providers.\n", + "type": "string" + }, + "openshiftBaseURL": { + "description": "OpenshiftBaseURL is openshift base URL.\n", + "type": "string" + }, + "providerAlias": { + "description": "ProviderAlias is the provider alias used for display.\n", + "type": "string" + }, + "providerName": { + "$ref": "#/components/schemas/identity.ProviderName" + }, + "tokenURL": { + "description": "TokenURL specifies token URL.\n", + "type": "string" + }, + "userClaim": { + "description": "UserClaim is the name of the user claim property.\n", + "type": "string" + } + }, + "type": "object" + }, + "identity.RedirectURLResponse": { + "description": "RedirectURLResponse is the response for identity redirect endpoint", + "properties": { + "enabled": { + "description": "Enabled identify if auth provider is enabled.\n", + "type": "boolean" + }, + "url": { + "description": "URL is the redirect URL.\n", + "type": "string" + } + }, + "type": "object" + }, + "identity.SamlSettings": { + "description": "SamlSettings are the saml connectivity settings", + "properties": { + "appId": { + "description": "AppID is the Azure application ID.\n", + "type": "string" + }, + "appSecret": { + "$ref": "#/components/schemas/common.Secret" + }, + "audience": { + "description": "Audience specifies the SAML audience used in the verification of the SAML response.\n", + "type": "string" + }, + "cert": { + "description": "Cert is idp certificate in PEM format.\n", + "type": "string" + }, + "consoleURL": { + "description": "ConsoleURL is the external Console URL that is used by the IDP for routing the browser after login.\n", + "type": "string" + }, + "enabled": { + "description": "Enabled indicates whether saml settings are enabled.\n", + "type": "boolean" + }, + "groupAttribute": { + "description": "GroupAttribute is the name of the group attribute.\n", + "type": "string" + }, + "issuer": { + "description": "Issuer is idp issuer id.\n", + "type": "string" + }, + "providerAlias": { + "description": "ProviderAlias is the provider alias used for display.\n", + "type": "string" + }, + "skipAuthnContext": { + "description": "SkipAuthnContext indicates whether request authentication contexts should be skipped.\n", + "type": "boolean" + }, + "tenantId": { + "description": "TenantID is the Azure Tenant ID.\n", + "type": "string" + }, + "type": { + "$ref": "#/components/schemas/identity.SamlType" + }, + "url": { + "description": "URL is idp sso url.\n", + "type": "string" + } + }, + "type": "object" + }, + "identity.SamlType": { + "description": "SamlType represents the type of a SAML configured settings", + "enum": [ + [ + "okta", + "gsuite", + "ping", + "shibboleth", + "azure", + "adfs" + ] + ], + "type": "string" + }, + "identity.Settings": { + "description": "Settings hold the identity settings for supported providers", + "properties": { + "ldap": { + "$ref": "#/components/schemas/identity.LdapSettings" + }, + "oauth": { + "$ref": "#/components/schemas/identity.ProviderSettings" + }, + "openid": { + "$ref": "#/components/schemas/identity.ProviderSettings" + }, + "saml": { + "$ref": "#/components/schemas/identity.SamlSettings" + } + }, + "type": "object" + }, + "int": { + "type": "integer" + }, + "int16": { + "type": "integer" + }, + "int64": { + "format": "int64", + "type": "integer" + }, + "intelligence.IntelligenceSettings": { + "description": "IntelligenceSettings are the intelligence service settings", + "properties": { + "address": { + "description": "Address is the intelligence service address.\n", + "type": "string" + }, + "customEndpoint": { + "description": "CustomEndpoint is the user defined custom endpoint.\n", + "type": "string" + }, + "customEndpointCACert": { + "description": "CustomEndpointCACert is the custom CA cert bundle for trusting the custom endpoint.\n", + "type": "string" + }, + "customEndpointCredentialID": { + "description": "CustomEndpointCredentialID is the custom endpoint credential ID.\n", + "type": "string" + }, + "customEndpointEnabled": { + "description": "CustomEndpointEnabled indicates that the user custom endpoint is enabled.\n", + "type": "boolean" + }, + "enabled": { + "description": "Enabled indicates whether intelligence service is enabled.\n", + "type": "boolean" + }, + "token": { + "description": "Token is the token used to access intelligence service.\n", + "type": "string" + }, + "uploadDisabled": { + "description": "UploadDisabled indicates whether logs uploading is disabled.\n", + "type": "boolean" + }, + "windowsFeedEnabled": { + "description": "WindowsFeedEnabled indicates whether windows feed is enabled.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "istio.AuthorizationPolicy": { + "description": "AuthorizationPolicy is a compact version of Istio AuthorizationPolicy resource\nSee https://istio.io/docs/reference/config/security/authorization-policy/#AuthorizationPolicy", + "properties": { + "effect": { + "$ref": "#/components/schemas/common.Effect" + }, + "name": { + "description": "Name is the authorization policy name.\n", + "type": "string" + }, + "namespace": { + "description": "Namespace is the namespace of the authorization policy.\n", + "type": "string" + }, + "rules": { + "description": "Rules are the access rules this authorization policy defines.\n", + "items": { + "$ref": "#/components/schemas/istio.AuthorizationPolicyRule" + }, + "type": "array" + }, + "targetServices": { + "description": "TargetServices is the list of services the authorization policy applies on.\n", + "items": { + "$ref": "#/components/schemas/istio.AuthorizationPolicyService" + }, + "type": "array" + } + }, + "type": "object" + }, + "istio.AuthorizationPolicyDestination": { + "description": "AuthorizationPolicyDestination is a compact version of Istio Operation resource\nSee https://istio.io/docs/reference/config/security/authorization-policy/#Operation", + "properties": { + "methods": { + "description": "Methods are the destination endpoint HTTP methods, such as: \"GET\", \"POST\".\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "paths": { + "description": "Paths are the destination HTTP paths.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "ports": { + "description": "Ports are the destination endpoint ports.\n", + "items": { + "$ref": "#/components/schemas/int" + }, + "type": "array" + } + }, + "type": "object" + }, + "istio.AuthorizationPolicyRule": { + "description": "AuthorizationPolicyRule is a compact version of Istio Rule resource\nSee https://istio.io/docs/reference/config/security/authorization-policy/#Rule", + "properties": { + "destinations": { + "description": "Destinations are the endpoint definitions the rule grants access to.\n", + "items": { + "$ref": "#/components/schemas/istio.AuthorizationPolicyDestination" + }, + "type": "array" + }, + "sources": { + "description": "Sources are the metadatas of the services the rule grants access to.\n", + "items": { + "$ref": "#/components/schemas/istio.AuthorizationPolicySource" + }, + "type": "array" + } + }, + "type": "object" + }, + "istio.AuthorizationPolicyService": { + "description": "AuthorizationPolicyService represents a service an authorization policy applies on\nSee https://istio.io/docs/reference/config/security/authorization-policy/#Source", + "properties": { + "name": { + "description": "Name is the service name.\n", + "type": "string" + }, + "namespace": { + "description": "Namespace is the service namespace.\n", + "type": "string" + } + }, + "type": "object" + }, + "istio.AuthorizationPolicySource": { + "description": "AuthorizationPolicySource is a compact version of Istio Source resource\nSee https://istio.io/docs/reference/config/security/authorization-policy/#Source", + "properties": { + "namespaces": { + "description": "Namespaces are the source services namespaces.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "principals": { + "description": "Principals are the source services principals.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + "type": "object" + }, + "kubeaudit.Audit": { + "description": "Audit represents a Kubernetes audit - this is the data that is stored for matched audits", + "properties": { + "accountID": { + "description": "AccountID is the account ID the Kubernetes audit belongs to.\n", + "type": "string" + }, + "attackTechniques": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/mitre.Technique" + }, + "type": "array" + }, + "authorizationInfo": { + "additionalProperties": { + "$ref": "#/components/schemas/string" + }, + "description": "AuthorizationInfo holds the original event authorization info.\n", + "type": "object" + }, + "cluster": { + "description": "Cluster is the cluster the Kubernetes audit belongs to.\n", + "type": "string" + }, + "collections": { + "description": "Collections that apply to the Kubernetes audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "eventBlob": { + "description": "EventBlob is the original event that caused this audit.\n", + "type": "string" + }, + "message": { + "description": "Message is the user defined message which appears on audit.\n", + "type": "string" + }, + "provider": { + "$ref": "#/components/schemas/common.CloudProvider" + }, + "requestURI": { + "description": "RequestURI is the request URI as sent by the client to a server.\n", + "type": "string" + }, + "resources": { + "description": "Resource represents the resource that is impacted by this event.\n", + "type": "string" + }, + "sourceIPs": { + "description": "Source IPs, from where the request originated and intermediate proxies (optional).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "time": { + "description": "Time is the time at which the request was generated.\n", + "format": "date-time", + "type": "string" + }, + "user": { + "$ref": "#/components/schemas/kubeaudit.EventUserInfo" + }, + "verb": { + "description": "Verb is the kubernetes verb associated with the request.\n", + "type": "string" + } + }, + "type": "object" + }, + "kubeaudit.AuditSettings": { + "description": "AuditSettings represents the kubernetes audits settings", + "properties": { + "lastPollingTime": { + "description": "LastPollingTime holds the last time the logs were polled.\n", + "format": "date-time", + "type": "string" + }, + "specifications": { + "description": "Specifications are the K8s audits fetching CSP specifications.\n", + "items": { + "$ref": "#/components/schemas/kubeaudit.AuditSpecification" + }, + "type": "array" + }, + "webhookUrlSuffix": { + "description": "WebhookSuffix is the relative path to the webhook http endpoint, used for auditing K8S events sent to the console from a cluster.\n", + "type": "string" + } + }, + "type": "object" + }, + "kubeaudit.AuditSpecification": { + "description": "AuditSpecification is the specification for fetching audits from a CSP", + "properties": { + "awsRegion": { + "description": "AWSRegion is the cloud region to fetch from.\n", + "type": "string" + }, + "azureResourceGroups": { + "description": "AzureResourceGroups holds the resource groups to filter by.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "azureWorkspaceName": { + "description": "AzureWorkspaceName holds the workspace name to fetch from.\n", + "type": "string" + }, + "clusters": { + "description": "Clusters are the clusters to fetch.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "credentialID": { + "description": "CredentialID is the credential to use for CSP authentication for this specification.\n", + "type": "string" + }, + "deploymentType": { + "$ref": "#/components/schemas/kubeaudit.DeploymentType" + }, + "filter": { + "description": "Filter is a provider specific query using the provider's query syntax for additional filtering.\n", + "type": "string" + }, + "gcpProjectIDs": { + "description": "GCPProjectIDs holds the IDs of projects to fetch from.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "name": { + "description": "Name is the specification unique identification as provided by the user.\n", + "type": "string" + } + }, + "type": "object" + }, + "kubeaudit.DeploymentType": { + "description": "DeploymentType specifies the type of Kubernetes deployment", + "enum": [ + [ + "gke", + "aks", + "eks" + ] + ], + "type": "string" + }, + "kubeaudit.EventUserInfo": { + "description": "EventUserInfo holds the information about the user that authenticated to Kubernentes", + "properties": { + "groups": { + "description": "The names of groups this user is a part of (optional).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "uid": { + "description": "A unique value that identifies this user across time. If this user is\ndeleted and another user by the same name is added, they will have\ndifferent UIDs (optional).\n", + "type": "string" + }, + "username": { + "description": "The name that uniquely identifies this user among all active users (optional).\n", + "type": "string" + } + }, + "type": "object" + }, + "kubeaudit.Policy": { + "description": "Policy represents a Kubernetes audit policy enforced on Kubernetes audits", + "properties": { + "_id": { + "description": "ID is the Kubernetes audit policy ID.\n", + "type": "string" + }, + "customRulesIDs": { + "description": "CustomRulesIDs is a list of the custom runtime rules ids that apply to this policy.\n", + "items": { + "$ref": "#/components/schemas/int" + }, + "type": "array" + }, + "enabled": { + "description": "Enabled specifies if Kubernetes audits are enabled.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "license.SPDXLicense": { + "description": "SPDXLicense represents a SPDX license ID", + "enum": [ + [ + "0BSD", + "AAL", + "ADSL", + "AFL-1.1", + "AFL-1.2", + "AFL-2.0", + "AFL-2.1", + "AFL-3.0", + "AGPL-1.0", + "AGPL-1.0-only", + "AGPL-1.0-or-later", + "AGPL-3.0", + "AGPL-3.0-only", + "AGPL-3.0-or-later", + "AMDPLPA", + "AML", + "AMPAS", + "ANTLR-PD", + "ANTLR-PD-fallback", + "APAFML", + "APL-1.0", + "APSL-1.0", + "APSL-1.1", + "APSL-1.2", + "APSL-2.0", + "Abstyles", + "Adobe-2006", + "Adobe-Glyph", + "Afmparse", + "Aladdin", + "Apache-1.0", + "Apache-1.1", + "Apache-2.0", + "Artistic-1.0", + "Artistic-1.0-Perl", + "Artistic-1.0-cl8", + "Artistic-2.0", + "BSD-1-Clause", + "BSD-2-Clause", + "BSD-2-Clause-FreeBSD", + "BSD-2-Clause-NetBSD", + "BSD-2-Clause-Patent", + "BSD-2-Clause-Views", + "BSD-3-Clause", + "BSD-3-Clause-Attribution", + "BSD-3-Clause-Clear", + "BSD-3-Clause-LBNL", + "BSD-3-Clause-No-Nuclear-License", + "BSD-3-Clause-No-Nuclear-License-2014", + "BSD-3-Clause-No-Nuclear-Warranty", + "BSD-3-Clause-Open-MPI", + "BSD-4-Clause", + "BSD-4-Clause-UC", + "BSD-Protection", + "BSD-Source-Code", + "BSL-1.0", + "BUSL-1.1", + "Bahyph", + "Barr", + "Beerware", + "BitTorrent-1.0", + "BitTorrent-1.1", + "BlueOak-1.0.0", + "Borceux", + "CAL-1.0", + "CAL-1.0-Combined-Work-Exception", + "CATOSL-1.1", + "CC-BY-1.0", + "CC-BY-2.0", + "CC-BY-2.5", + "CC-BY-3.0", + "CC-BY-3.0-AT", + "CC-BY-3.0-US", + "CC-BY-4.0", + "CC-BY-NC-1.0", + "CC-BY-NC-2.0", + "CC-BY-NC-2.5", + "CC-BY-NC-3.0", + "CC-BY-NC-4.0", + "CC-BY-NC-ND-1.0", + "CC-BY-NC-ND-2.0", + "CC-BY-NC-ND-2.5", + "CC-BY-NC-ND-3.0", + "CC-BY-NC-ND-3.0-IGO", + "CC-BY-NC-ND-4.0", + "CC-BY-NC-SA-1.0", + "CC-BY-NC-SA-2.0", + "CC-BY-NC-SA-2.5", + "CC-BY-NC-SA-3.0", + "CC-BY-NC-SA-4.0", + "CC-BY-ND-1.0", + "CC-BY-ND-2.0", + "CC-BY-ND-2.5", + "CC-BY-ND-3.0", + "CC-BY-ND-4.0", + "CC-BY-SA-1.0", + "CC-BY-SA-2.0", + "CC-BY-SA-2.0-UK", + "CC-BY-SA-2.5", + "CC-BY-SA-3.0", + "CC-BY-SA-3.0-AT", + "CC-BY-SA-4.0", + "CC-PDDC", + "CC0-1.0", + "CDDL-1.0", + "CDDL-1.1", + "CDLA-Permissive-1.0", + "CDLA-Sharing-1.0", + "CECILL-1.0", + "CECILL-1.1", + "CECILL-2.0", + "CECILL-2.1", + "CECILL-B", + "CECILL-C", + "CERN-OHL-1.1", + "CERN-OHL-1.2", + "CERN-OHL-P-2.0", + "CERN-OHL-S-2.0", + "CERN-OHL-W-2.0", + "CNRI-Jython", + "CNRI-Python", + "CNRI-Python-GPL-Compatible", + "CPAL-1.0", + "CPL-1.0", + "CPOL-1.02", + "CUA-OPL-1.0", + "Caldera", + "ClArtistic", + "Condor-1.1", + "Crossword", + "CrystalStacker", + "Cube", + "D-FSL-1.0", + "DOC", + "DSDP", + "Dotseqn", + "ECL-1.0", + "ECL-2.0", + "EFL-1.0", + "EFL-2.0", + "EPICS", + "EPL-1.0", + "EPL-2.0", + "EUDatagrid", + "EUPL-1.0", + "EUPL-1.1", + "EUPL-1.2", + "Entessa", + "ErlPL-1.1", + "Eurosym", + "FSFAP", + "FSFUL", + "FSFULLR", + "FTL", + "Fair", + "Frameworx-1.0", + "FreeImage", + "GFDL-1.1", + "GFDL-1.1-invariants-only", + "GFDL-1.1-invariants-or-later", + "GFDL-1.1-no-invariants-only", + "GFDL-1.1-no-invariants-or-later", + "GFDL-1.1-only", + "GFDL-1.1-or-later", + "GFDL-1.2", + "GFDL-1.2-invariants-only", + "GFDL-1.2-invariants-or-later", + "GFDL-1.2-no-invariants-only", + "GFDL-1.2-no-invariants-or-later", + "GFDL-1.2-only", + "GFDL-1.2-or-later", + "GFDL-1.3", + "GFDL-1.3-invariants-only", + "GFDL-1.3-invariants-or-later", + "GFDL-1.3-no-invariants-only", + "GFDL-1.3-no-invariants-or-later", + "GFDL-1.3-only", + "GFDL-1.3-or-later", + "GL2PS", + "GLWTPL", + "GPL-1.0", + "GPL-1.0+", + "GPL-1.0-only", + "GPL-1.0-or-later", + "GPL-2.0", + "GPL-2.0+", + "GPL-2.0-only", + "GPL-2.0-or-later", + "GPL-2.0-with-GCC-exception", + "GPL-2.0-with-autoconf-exception", + "GPL-2.0-with-bison-exception", + "GPL-2.0-with-classpath-exception", + "GPL-2.0-with-font-exception", + "GPL-3.0", + "GPL-3.0+", + "GPL-3.0-only", + "GPL-3.0-or-later", + "GPL-3.0-with-GCC-exception", + "GPL-3.0-with-autoconf-exception", + "Giftware", + "Glide", + "Glulxe", + "HPND", + "HPND-sell-variant", + "HTMLTIDY", + "HaskellReport", + "Hippocratic-2.1", + "IBM-pibs", + "ICU", + "IJG", + "IPA", + "IPL-1.0", + "ISC", + "ImageMagick", + "Imlib2", + "Info-ZIP", + "Intel", + "Intel-ACPI", + "Interbase-1.0", + "JPNIC", + "JSON", + "JasPer-2.0", + "LAL-1.2", + "LAL-1.3", + "LGPL-2.0", + "LGPL-2.0+", + "LGPL-2.0-only", + "LGPL-2.0-or-later", + "LGPL-2.1", + "LGPL-2.1+", + "LGPL-2.1-only", + "LGPL-2.1-or-later", + "LGPL-3.0", + "LGPL-3.0+", + "LGPL-3.0-only", + "LGPL-3.0-or-later", + "LGPLLR", + "LPL-1.0", + "LPL-1.02", + "LPPL-1.0", + "LPPL-1.1", + "LPPL-1.2", + "LPPL-1.3a", + "LPPL-1.3c", + "Latex2e", + "Leptonica", + "LiLiQ-P-1.1", + "LiLiQ-R-1.1", + "LiLiQ-Rplus-1.1", + "Libpng", + "Linux-OpenIB", + "MIT", + "MIT-0", + "MIT-CMU", + "MIT-advertising", + "MIT-enna", + "MIT-feh", + "MIT-open-group", + "MITNFA", + "MPL-1.0", + "MPL-1.1", + "MPL-2.0", + "MPL-2.0-no-copyleft-exception", + "MS-PL", + "MS-RL", + "MTLL", + "MakeIndex", + "MirOS", + "Motosoto", + "MulanPSL-1.0", + "MulanPSL-2.0", + "Multics", + "Mup", + "NASA-1.3", + "NBPL-1.0", + "NCGL-UK-2.0", + "NCSA", + "NGPL", + "NIST-PD", + "NIST-PD-fallback", + "NLOD-1.0", + "NLPL", + "NOSL", + "NPL-1.0", + "NPL-1.1", + "NPOSL-3.0", + "NRL", + "NTP", + "NTP-0", + "Naumen", + "Net-SNMP", + "NetCDF", + "Newsletr", + "Nokia", + "Noweb", + "Nunit", + "O-UDA-1.0", + "OCCT-PL", + "OCLC-2.0", + "ODC-By-1.0", + "ODbL-1.0", + "OFL-1.0", + "OFL-1.0-RFN", + "OFL-1.0-no-RFN", + "OFL-1.1", + "OFL-1.1-RFN", + "OFL-1.1-no-RFN", + "OGC-1.0", + "OGL-Canada-2.0", + "OGL-UK-1.0", + "OGL-UK-2.0", + "OGL-UK-3.0", + "OGTSL", + "OLDAP-1.1", + "OLDAP-1.2", + "OLDAP-1.3", + "OLDAP-1.4", + "OLDAP-2.0", + "OLDAP-2.0.1", + "OLDAP-2.1", + "OLDAP-2.2", + "OLDAP-2.2.1", + "OLDAP-2.2.2", + "OLDAP-2.3", + "OLDAP-2.4", + "OLDAP-2.5", + "OLDAP-2.6", + "OLDAP-2.7", + "OLDAP-2.8", + "OML", + "OPL-1.0", + "OSET-PL-2.1", + "OSL-1.0", + "OSL-1.1", + "OSL-2.0", + "OSL-2.1", + "OSL-3.0", + "OpenSSL", + "PDDL-1.0", + "PHP-3.0", + "PHP-3.01", + "PSF-2.0", + "Parity-6.0.0", + "Parity-7.0.0", + "Plexus", + "PolyForm-Noncommercial-1.0.0", + "PolyForm-Small-Business-1.0.0", + "PostgreSQL", + "Python-2.0", + "QPL-1.0", + "Qhull", + "RHeCos-1.1", + "RPL-1.1", + "RPL-1.5", + "RPSL-1.0", + "RSA-MD", + "RSCPL", + "Rdisc", + "Ruby", + "SAX-PD", + "SCEA", + "SGI-B-1.0", + "SGI-B-1.1", + "SGI-B-2.0", + "SHL-0.5", + "SHL-0.51", + "SISSL", + "SISSL-1.2", + "SMLNJ", + "SMPPL", + "SNIA", + "SPL-1.0", + "SSH-OpenSSH", + "SSH-short", + "SSPL-1.0", + "SWL", + "Saxpath", + "Sendmail", + "Sendmail-8.23", + "SimPL-2.0", + "Sleepycat", + "Spencer-86", + "Spencer-94", + "Spencer-99", + "StandardML-NJ", + "SugarCRM-1.1.3", + "TAPR-OHL-1.0", + "TCL", + "TCP-wrappers", + "TMate", + "TORQUE-1.1", + "TOSL", + "TU-Berlin-1.0", + "TU-Berlin-2.0", + "UCL-1.0", + "UPL-1.0", + "Unicode-DFS-2015", + "Unicode-DFS-2016", + "Unicode-TOU", + "Unlicense", + "VOSTROM", + "VSL-1.0", + "Vim", + "W3C", + "W3C-19980720", + "W3C-20150513", + "WTFPL", + "Watcom-1.0", + "Wsuipa", + "X11", + "XFree86-1.1", + "XSkat", + "Xerox", + "Xnet", + "YPL-1.0", + "YPL-1.1", + "ZPL-1.1", + "ZPL-2.0", + "ZPL-2.1", + "Zed", + "Zend-2.0", + "Zimbra-1.3", + "Zimbra-1.4", + "Zlib", + "blessing", + "bzip2-1.0.5", + "bzip2-1.0.6", + "copyleft-next-0.3.0", + "copyleft-next-0.3.1", + "curl", + "diffmark", + "dvipdfm", + "eCos-2.0", + "eGenix", + "etalab-2.0", + "gSOAP-1.3b", + "gnuplot", + "iMatix", + "libpng-2.0", + "libselinux-1.0", + "libtiff", + "mpich2", + "psfrag", + "psutils", + "wxWindows", + "xinetd", + "xpp", + "zlib-acknowledgement" + ] + ], + "type": "string" + }, + "log.LogEntry": { + "description": "LogEntry represents a single log line", + "properties": { + "level": { + "description": "Level is the log level.\n", + "type": "string" + }, + "log": { + "description": "Log is the log text.\n", + "type": "string" + }, + "time": { + "description": "Time is the log time.\n", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "mitre.Technique": { + "description": "Technique is the MITRE framework attack technique", + "enum": [ + [ + "exploitationForPrivilegeEscalation", + "exploitPublicFacingApplication", + "applicationExploitRCE", + "networkServiceScanning", + "endpointDenialOfService", + "exfiltrationGeneral", + "systemNetworkConfigurationDiscovery", + "unsecuredCredentials", + "credentialDumping", + "systemInformationDiscovery", + "systemNetworkConnectionDiscovery", + "systemUserDiscovery", + "accountDiscovery", + "cloudInstanceMetadataAPI", + "accessKubeletMainAPI", + "queryKubeletReadonlyAPI", + "accessKubernetesAPIServer", + "softwareDeploymentTools", + "ingressToolTransfer", + "lateralToolTransfer", + "commandAndControlGeneral", + "resourceHijacking", + "manInTheMiddle", + "nativeBinaryExecution", + "foreignBinaryExecution", + "createAccount", + "accountManipulation", + "abuseElevationControlMechanisms", + "supplyChainCompromise", + "obfuscatedFiles", + "hijackExecutionFlow", + "impairDefences", + "scheduledTaskJob", + "exploitationOfRemoteServices", + "eventTriggeredExecution", + "accountAccessRemoval", + "privilegedContainer", + "writableVolumes", + "execIntoContainer", + "softwareDiscovery", + "createContainer", + "kubernetesSecrets", + "fileAndDirectoryDiscovery", + "masquerading", + "webShell", + "compileAfterDelivery" + ] + ], + "type": "string" + }, + "packages.Type": { + "description": "Type describes the package type", + "enum": [ + [ + "nodejs", + "gem", + "python", + "jar", + "package", + "windows", + "binary", + "nuget", + "go", + "app", + "unknown" + ] + ], + "type": "string" + }, + "prisma.AlertIntegration": { + "description": "AlertIntegration has the relevant fields for Prisma Cloud defined integrations\nhttps://prisma.pan.dev/api/cloud/cspm/integrations#operation/get-all-integrations", + "properties": { + "id": { + "description": "ID of the integration in Prisma Cloud.\n", + "type": "string" + }, + "integrationConfig": { + "$ref": "#/components/schemas/prisma.IntegrationConfig" + }, + "integrationType": { + "description": "IntegrationType is the provider type.\n", + "type": "string" + }, + "name": { + "description": "Name of the integration in Prisma Cloud.\n", + "type": "string" + } + }, + "type": "object" + }, + "prisma.AssetType": { + "description": "AssetType is the integral value that we need to pass to PC in the UAI and Unified Alerts integrations to identify the asset type\nMappings of the asset types agreed upon with PC can be found here - https://docs.google.com/spreadsheets/d/1M0Aj5U4vpFGEnpd0v_xK-CsxSH4lovE7p93hkzE4DTY\nAdditional asset types can be found here - https://redlock.atlassian.net/browse/RLP-57240\nThis value will be identical to resource api id in case of Unified Alerts", + "enum": [ + [ + "15", + "16", + "18", + "5109", + "39", + "45", + "65", + "5051", + "5070", + "7075", + "7077", + "10523", + "10524", + "10562", + "15000", + "20019", + "20028", + "20042", + "20051", + "20125", + "20126", + "20127", + "20155", + "25001", + "30012", + "30013", + "30014", + "30015", + "30016", + "30018", + "30020" + ] + ], + "type": "integer" + }, + "prisma.CloudType": { + "description": "CloudType is the prisma cloud type of the resource that is used for policy verdict creation\nCloud type values are documented here - https://docs.google.com/spreadsheets/d/1ZRlPl2IdEX22-7pSnqxeJGwwS0jyUbJJ16IkuPoiHMU", + "enum": [ + [ + "1", + "2", + "3", + "4", + "5", + "6" + ] + ], + "type": "integer" + }, + "prisma.IntegrationConfig": { + "description": "IntegrationConfig holds the additional configuration data for each integration", + "properties": { + "accountId": { + "description": "SecurityHubAccountID is the AWS account ID.\n", + "type": "string" + }, + "regions": { + "description": "SecurityHubIntegrationRegions holds AWS account available regions.\n", + "items": { + "$ref": "#/components/schemas/prisma.SecurityHubIntegrationRegions" + }, + "type": "array" + }, + "tables": { + "description": "ServiceNowIntegrationConfig holds ServiceNow tables info.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + "type": "object" + }, + "prisma.SecurityHubIntegrationRegions": { + "description": "SecurityHubIntegrationRegions holds AWS Security Hub regions info", + "properties": { + "apiIdentifier": { + "description": "APIIdentifier represents the AWS region.\n", + "type": "string" + }, + "name": { + "description": "Name is the region name.\n", + "type": "string" + } + }, + "type": "object" + }, + "prisma.ServiceProvider": { + "description": "ServiceProvider represents service provider id or \"other\" in case it is non cloud.", + "enum": [ + [ + "aws", + "azure", + "gcp", + "alibaba_cloud", + "oci", + "other" + ] + ], + "type": "string" + }, + "rbac.PermName": { + "description": "PermName is a name of permission to a single resource type", + "enum": [ + [ + "radarsContainers", + "radarsHosts", + "radarsServerless", + "radarsCloud", + "policyContainers", + "policyHosts", + "policyServerless", + "policyCloud", + "policyComplianceCustomRules", + "policyRuntimeContainer", + "policyRuntimeHosts", + "policyRuntimeServerless", + "policyCustomRules", + "policyWAAS", + "policyCNNF", + "policyAccessSecrets", + "policyAccessKubernetes", + "monitorVuln", + "monitorCompliance", + "monitorImages", + "monitorHosts", + "monitorServerless", + "monitorCloud", + "monitorCI", + "monitorRuntimeContainers", + "monitorRuntimeHosts", + "monitorRuntimeServerless", + "monitorRuntimeIncidents", + "sandbox", + "monitorWAAS", + "monitorCNNF", + "monitorAccessDocker", + "monitorAccessKubernetes", + "systemLogs", + "manageDefenders", + "manageAlerts", + "collections", + "manageCreds", + "authConfiguration", + "userManagement", + "systemOperations", + "privilegedOperations", + "downloads", + "accessUI", + "uIEventSubscriber", + "user", + "none" + ] + ], + "type": "string" + }, + "rbac.Permission": { + "description": "Permission is a named resource permission", + "properties": { + "name": { + "$ref": "#/components/schemas/rbac.PermName" + }, + "readWrite": { + "description": "ReadWrite indicates RW or RO permission.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "rbac.Role": { + "description": "Role represents the role of a given user/group", + "properties": { + "description": { + "description": "Description is the role's description.\n", + "type": "string" + }, + "name": { + "description": "Name is the role name.\n", + "type": "string" + }, + "perms": { + "description": "Perms are the role resource permissions.\n", + "items": { + "$ref": "#/components/schemas/rbac.Permission" + }, + "type": "array" + }, + "system": { + "description": "System indicates predefined immutable system role.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "runtime.AntiMalwareRule": { + "description": "AntiMalwareRule represents restrictions/suppression for suspected anti-malware", + "properties": { + "allowedProcesses": { + "description": "AllowedProcesses contains paths of files and processes for which we skip anti-malware checks.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "cryptoMiner": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "customFeed": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "deniedProcesses": { + "$ref": "#/components/schemas/runtime.DenyListRule" + }, + "detectCompilerGeneratedBinary": { + "description": "DetectCompilerGeneratedBinary represents what happens when a compiler service writes a binary.\n", + "type": "boolean" + }, + "encryptedBinaries": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "executionFlowHijack": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "intelligenceFeed": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "reverseShell": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "serviceUnknownOriginBinary": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "skipSSHTracking": { + "description": "SkipSSHTracking indicates whether host SSH tracking should be skipped.\n", + "type": "boolean" + }, + "suspiciousELFHeaders": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "tempFSProc": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "userUnknownOriginBinary": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "webShell": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "wildFireAnalysis": { + "$ref": "#/components/schemas/runtime.RuleEffect" + } + }, + "type": "object" + }, + "runtime.App": { + "description": "App represents the applications runtime data", + "properties": { + "listeningPorts": { + "description": "ListeningPorts represents the applications listening ports.\n", + "items": { + "$ref": "#/components/schemas/runtime.HostProfileListeningPort" + }, + "type": "array" + }, + "name": { + "description": "Name is the app name.\n", + "type": "string" + }, + "outgoingPorts": { + "description": "OutgoingPorts represents the applications outgoing ports.\n", + "items": { + "$ref": "#/components/schemas/runtime.HostProfileOutgoingPort" + }, + "type": "array" + }, + "processes": { + "description": "Processes is a list of the app's descendant processes.\n", + "items": { + "$ref": "#/components/schemas/runtime.ProfileProcess" + }, + "type": "array" + }, + "startupProcess": { + "$ref": "#/components/schemas/runtime.ProfileProcess" + } + }, + "type": "object" + }, + "runtime.AppEmbeddedPolicy": { + "description": "AppEmbeddedPolicy represents a runtime policy enforced for a given running resource", + "properties": { + "_id": { + "description": "Internal identifier.\n", + "type": "string" + }, + "rules": { + "description": "Rules in the policy.\n", + "items": { + "$ref": "#/components/schemas/runtime.AppEmbeddedPolicyRule" + }, + "type": "array" + } + }, + "type": "object" + }, + "runtime.AppEmbeddedPolicyRule": { + "description": "AppEmbeddedPolicyRule represents a single rule in the app embedded runtime policy", + "properties": { + "advancedProtection": { + "description": "Indicates whether advanced protection (e.g., custom or premium feeds for container, added whitelist rules for serverless) is enabled (true) or not (false).\n", + "type": "boolean" + }, + "collections": { + "description": "List of collections. Used to scope the rule.\n", + "items": { + "$ref": "#/components/schemas/collection.Collection" + }, + "type": "array" + }, + "customRules": { + "description": "List of custom runtime rules.\n", + "items": { + "$ref": "#/components/schemas/customrules.Ref" + }, + "type": "array" + }, + "disabled": { + "description": "Indicates whether the rule is currently disabled. Values: true (disabled) or false (enabled).\n", + "type": "boolean" + }, + "dns": { + "$ref": "#/components/schemas/runtime.DNSRule" + }, + "filesystem": { + "$ref": "#/components/schemas/runtime.FilesystemRule" + }, + "modified": { + "description": "Specifies the date and time when the rule was last modified.\n", + "format": "date-time", + "type": "string" + }, + "name": { + "description": "Name of the rule.\n", + "type": "string" + }, + "network": { + "$ref": "#/components/schemas/runtime.NetworkRule" + }, + "notes": { + "description": "Describes any noteworthy points for a rule. You can include any text.\n", + "type": "string" + }, + "owner": { + "description": "User who created or last modified the rule.\n", + "type": "string" + }, + "previousName": { + "description": "Previous name of the rule. Required for rule renaming.\n", + "type": "string" + }, + "processes": { + "$ref": "#/components/schemas/runtime.ProcessesRule" + }, + "wildFireAnalysis": { + "$ref": "#/components/schemas/runtime.RuleEffect" + } + }, + "type": "object" + }, + "runtime.AppListeningPorts": { + "description": "AppListeningPorts is an association of an app and list of listening ports", + "properties": { + "app": { + "description": "App is the name of the app.\n", + "type": "string" + }, + "portsData": { + "$ref": "#/components/schemas/common.ProfilePortData" + } + }, + "type": "object" + }, + "runtime.ContainerCapabilities": { + "description": "ContainerCapabilities are a set of static capabilities for a given container", + "properties": { + "ci": { + "description": "CI indicates the container allowed to write binaries to disk and run them.\n", + "type": "boolean" + }, + "cloudMetadata": { + "description": "CloudMetadata indicates the given container can query cloud metadata api.\n", + "type": "boolean" + }, + "dnsCache": { + "description": "DNSCache are DNS services that are used by all the pods in the cluster.\n", + "type": "boolean" + }, + "dynamicDNSQuery": { + "description": "DynamicDNSQuery indicates capped behavioral dns queries.\n", + "type": "boolean" + }, + "dynamicFileCreation": { + "description": "DynamicFileCreation indicates capped behavioral filesystem paths.\n", + "type": "boolean" + }, + "dynamicProcessCreation": { + "description": "DynamicProcessCreation indicates capped behavioral processes.\n", + "type": "boolean" + }, + "k8s": { + "description": "Kubernetes indicates the given container can perform k8s networking tasks (e.g., contact to api server).\n", + "type": "boolean" + }, + "proxy": { + "description": "Proxy indicates the container can listen on any port and perform multiple outbound connection.\n", + "type": "boolean" + }, + "pullImage": { + "description": "PullImage indicates that the container is allowed pull images (might include files with high entropy).\n", + "type": "boolean" + }, + "sshd": { + "description": "Sshd indicates whether the container can run sshd process.\n", + "type": "boolean" + }, + "unpacker": { + "description": "Unpacker indicates the container is allowed to write shared libraries to disk.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "runtime.ContainerDNSRule": { + "description": "ContainerDNSRule is the DNS runtime rule for container", + "properties": { + "defaultEffect": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "disabled": { + "description": "Disabled a global disable for the DNS rule.\n", + "type": "boolean" + }, + "domainList": { + "$ref": "#/components/schemas/runtime.DNSListRule" + } + }, + "type": "object" + }, + "runtime.ContainerFilesystemRule": { + "description": "ContainerFilesystemRule represents restrictions/suppression for filesystem changes", + "properties": { + "allowedList": { + "description": "AllowedList is the list of allowed file system path.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "backdoorFilesEffect": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "defaultEffect": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "deniedList": { + "$ref": "#/components/schemas/runtime.DenyListRule" + }, + "disabled": { + "description": "Disabled a global disable for the filesystem rule.\n", + "type": "boolean" + }, + "encryptedBinariesEffect": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "newFilesEffect": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "suspiciousELFHeadersEffect": { + "$ref": "#/components/schemas/runtime.RuleEffect" + } + }, + "type": "object" + }, + "runtime.ContainerNetworkRule": { + "description": "ContainerNetworkRule represents the restrictions/suppression for networking", + "properties": { + "allowedIPs": { + "description": "AllowedIPs the allow-listed IP addresses.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "defaultEffect": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "deniedIPs": { + "description": "DeniedIPs the deny-listed IP addresses.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "deniedIPsEffect": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "disabled": { + "description": "Disabled a global disable for the network rule.\n", + "type": "boolean" + }, + "listeningPorts": { + "$ref": "#/components/schemas/runtime.PortListRule" + }, + "modifiedProcEffect": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "outboundPorts": { + "$ref": "#/components/schemas/runtime.PortListRule" + }, + "portScanEffect": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "rawSocketsEffect": { + "$ref": "#/components/schemas/runtime.RuleEffect" + } + }, + "type": "object" + }, + "runtime.ContainerPolicy": { + "description": "ContainerPolicy represents a runtime policy enforced for a given running resource", + "properties": { + "_id": { + "description": "Internal identifier.\n", + "type": "string" + }, + "learningDisabled": { + "description": "Indicates whether automatic behavioural learning is enabled (true) or not (false).\n", + "type": "boolean" + }, + "rules": { + "description": "Rules in the policy.\n", + "items": { + "$ref": "#/components/schemas/runtime.ContainerPolicyRule" + }, + "type": "array" + } + }, + "type": "object" + }, + "runtime.ContainerPolicyRule": { + "description": "ContainerPolicyRule represents a single rule in the runtime policy", + "properties": { + "advancedProtectionEffect": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "cloudMetadataEnforcementEffect": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "collections": { + "description": "List of collections. Used to scope the rule.\n", + "items": { + "$ref": "#/components/schemas/collection.Collection" + }, + "type": "array" + }, + "customRules": { + "description": "List of custom runtime rules.\n", + "items": { + "$ref": "#/components/schemas/customrules.Ref" + }, + "type": "array" + }, + "disabled": { + "description": "Indicates whether the rule is currently disabled. Values: true (disabled) or false (enabled).\n", + "type": "boolean" + }, + "dns": { + "$ref": "#/components/schemas/runtime.ContainerDNSRule" + }, + "filesystem": { + "$ref": "#/components/schemas/runtime.ContainerFilesystemRule" + }, + "kubernetesEnforcementEffect": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "modified": { + "description": "Specifies the date and time when the rule was last modified.\n", + "format": "date-time", + "type": "string" + }, + "name": { + "description": "Name of the rule.\n", + "type": "string" + }, + "network": { + "$ref": "#/components/schemas/runtime.ContainerNetworkRule" + }, + "notes": { + "description": "Describes any noteworthy points for a rule. You can include any text.\n", + "type": "string" + }, + "owner": { + "description": "User who created or last modified the rule.\n", + "type": "string" + }, + "previousName": { + "description": "Previous name of the rule. Required for rule renaming.\n", + "type": "string" + }, + "processes": { + "$ref": "#/components/schemas/runtime.ContainerProcessesRule" + }, + "skipExecSessions": { + "description": "Indicates whether to skip runtime validation for events triggered by docker/kubectl exec.\n", + "type": "boolean" + }, + "wildFireAnalysis": { + "$ref": "#/components/schemas/runtime.RuleEffect" + } + }, + "type": "object" + }, + "runtime.ContainerProcessesRule": { + "description": "ContainerProcessesRule represents restrictions/suppression for running processes", + "properties": { + "allowedList": { + "description": "AllowedList is the list of processes to allow.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "checkParentChild": { + "description": "Indicates whether checking for parent child relationship when comparing spawned processes in the model is enabled.\n", + "type": "boolean" + }, + "cryptoMinersEffect": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "defaultEffect": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "deniedList": { + "$ref": "#/components/schemas/runtime.DenyListRule" + }, + "disabled": { + "description": "Disabled a global disable for the processes rule.\n", + "type": "boolean" + }, + "lateralMovementEffect": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "modifiedProcessEffect": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "reverseShellEffect": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "suidBinariesEffect": { + "$ref": "#/components/schemas/runtime.RuleEffect" + } + }, + "type": "object" + }, + "runtime.ContainerProfileHost": { + "description": "ContainerProfileHost represents a host that runs a container with a specific profile ID", + "properties": { + "agentless": { + "description": "Agentless indicates if the host was scanned by agentless.\n", + "type": "boolean" + }, + "hostname": { + "description": "Hostname is the name of the host.\n", + "type": "string" + }, + "profileID": { + "description": "ProfileID is the profile ID that matches the container running in the host.\n", + "type": "string" + } + }, + "type": "object" + }, + "runtime.DNSListRule": { + "description": "DNSListRule represents an explicitly allowed/denied domains list rule", + "properties": { + "allowed": { + "description": "Allowed the allow-listed domain names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "denied": { + "description": "Denied the deny-listed domain names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "effect": { + "$ref": "#/components/schemas/runtime.RuleEffect" + } + }, + "type": "object" + }, + "runtime.DNSQuery": { + "description": "DNSQuery is the data of a DNS query", + "properties": { + "domainName": { + "description": "DomainName is the queried domain name.\n", + "type": "string" + }, + "domainType": { + "description": "DomainType is the queried domain type.\n", + "type": "string" + } + }, + "type": "object" + }, + "runtime.DNSRule": { + "description": "DNSRule is the DNS runtime rule", + "properties": { + "blacklist": { + "description": "List of deny-listed domain names (e.g., www.bad-url.com, *.bad-url.com).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "effect": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "whitelist": { + "description": "List of allow-listed domain names (e.g., *.gmail.com, *.s3.*.amazon.com).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + "type": "object" + }, + "runtime.DenyListRule": { + "description": "DenyListRule represents a rule containing paths of files and processes to alert/prevent and the required effect", + "properties": { + "effect": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "paths": { + "description": "Paths are the paths to alert/prevent when an event with one of the paths is triggered.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + "type": "object" + }, + "runtime.FSFileType": { + "description": "FSFileType represents the file type", + "type": "integer" + }, + "runtime.FileIntegrityRule": { + "description": "FileIntegrityRule represents a single file integrity monitoring rule", + "properties": { + "dir": { + "description": "Dir indicates that the path is a directory.\n", + "type": "boolean" + }, + "exclusions": { + "description": "Exclusions are filenames that should be ignored while generating audits\nThese filenames may contain a wildcard regex pattern, e.g. foo*.log, *.cache.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "metadata": { + "description": "Metadata indicates that metadata changes should be monitored (e.g. chmod, chown).\n", + "type": "boolean" + }, + "path": { + "description": "Path is the path to monitor.\n", + "type": "string" + }, + "procWhitelist": { + "description": "ProcWhitelist are the processes to ignore\nFilesystem events caused by these processes DO NOT generate file integrity events.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "read": { + "description": "Read indicates that reads operations should be monitored.\n", + "type": "boolean" + }, + "recursive": { + "description": "Recursive indicates that monitoring should be recursive.\n", + "type": "boolean" + }, + "write": { + "description": "Write indicates that write operations should be monitored.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "runtime.FilesystemRule": { + "description": "FilesystemRule represents restrictions/suppression for filesystem changes", + "properties": { + "backdoorFiles": { + "description": "Monitors files that can create and/or persist backdoors (currently SSH and admin account config files) (true).\n", + "type": "boolean" + }, + "blacklist": { + "description": "List of denied file system path.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "checkNewFiles": { + "description": "Detects changes to binaries and certificates (true).\n", + "type": "boolean" + }, + "effect": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "skipEncryptedBinaries": { + "description": "Indicates that encrypted binaries check should be skipped.\n", + "type": "boolean" + }, + "suspiciousELFHeaders": { + "description": "Indicates whether malware detection based on suspicious ELF headers is enabled.\n", + "type": "boolean" + }, + "whitelist": { + "description": "List of allowed file system path.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + "type": "object" + }, + "runtime.GeoIP": { + "description": "GeoIP represents an ip address with it's origin country code", + "properties": { + "code": { + "description": "Code is the country iso code.\n", + "type": "string" + }, + "ip": { + "description": "IP is the ip address.\n", + "type": "string" + }, + "modified": { + "description": "Modified is the last modified time of this entry.\n", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "runtime.HostDNSRule": { + "description": "HostDNSRule represents a host DNS runtime rule", + "properties": { + "allow": { + "description": "Allow is a list of user-defined domains to skip checks for.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "deny": { + "description": "Deny is a list of user-defined domains to deny.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "denyListEffect": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "intelligenceFeed": { + "$ref": "#/components/schemas/runtime.RuleEffect" + } + }, + "type": "object" + }, + "runtime.HostNetworkRule": { + "description": "HostNetworkRule represents the restrictions/suppression for host networking", + "properties": { + "allowedOutboundIPs": { + "description": "AllowedOutboundIPs is a list of IPs to skip checks for.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "customFeed": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "deniedListeningPorts": { + "description": "DeniedListeningPorts is a list of listening ports to deny.\n", + "items": { + "$ref": "#/components/schemas/common.PortRange" + }, + "type": "array" + }, + "deniedOutboundIPs": { + "description": "DeniedOutboundIPs is a list of outbound IPs to deny.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "deniedOutboundPorts": { + "description": "DeniedOutboundPorts is a list of outbound ports to deny.\n", + "items": { + "$ref": "#/components/schemas/common.PortRange" + }, + "type": "array" + }, + "denyListEffect": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "intelligenceFeed": { + "$ref": "#/components/schemas/runtime.RuleEffect" + } + }, + "type": "object" + }, + "runtime.HostPolicy": { + "description": "HostPolicy represents a host runtime policy enforced for a given running resource", + "properties": { + "_id": { + "description": "ID is the host runtime policy internal id.\n", + "type": "string" + }, + "owner": { + "description": "Owner is the host runtime policy owner.\n", + "type": "string" + }, + "rules": { + "description": "Rules is the list of host runtime rules.\n", + "items": { + "$ref": "#/components/schemas/runtime.HostPolicyRule" + }, + "type": "array" + } + }, + "type": "object" + }, + "runtime.HostPolicyRule": { + "description": "HostPolicyRule represents a single rule in the runtime policy", + "properties": { + "antiMalware": { + "$ref": "#/components/schemas/runtime.AntiMalwareRule" + }, + "collections": { + "description": "Collections is a list of collections the rule applies to.\n", + "items": { + "$ref": "#/components/schemas/collection.Collection" + }, + "type": "array" + }, + "customRules": { + "description": "CustomRules is a list of custom rules associated with the container runtime policy.\n", + "items": { + "$ref": "#/components/schemas/customrules.Ref" + }, + "type": "array" + }, + "disabled": { + "description": "Indicates whether the rule is currently disabled. Values: true (disabled) or false (enabled).\n", + "type": "boolean" + }, + "dns": { + "$ref": "#/components/schemas/runtime.HostDNSRule" + }, + "fileIntegrityRules": { + "description": "FileIntegrityRules are the file integrity monitoring rules.\n", + "items": { + "$ref": "#/components/schemas/runtime.FileIntegrityRule" + }, + "type": "array" + }, + "forensic": { + "$ref": "#/components/schemas/common.HostForensicSettings" + }, + "logInspectionRules": { + "description": "LogInspectionRules is a list of log inspection rules.\n", + "items": { + "$ref": "#/components/schemas/runtime.LogInspectionRule" + }, + "type": "array" + }, + "modified": { + "description": "Specifies the date and time when the rule was last modified.\n", + "format": "date-time", + "type": "string" + }, + "name": { + "description": "Name of the rule.\n", + "type": "string" + }, + "network": { + "$ref": "#/components/schemas/runtime.HostNetworkRule" + }, + "notes": { + "description": "Describes any noteworthy points for a rule. You can include any text.\n", + "type": "string" + }, + "owner": { + "description": "User who created or last modified the rule.\n", + "type": "string" + }, + "previousName": { + "description": "Previous name of the rule. Required for rule renaming.\n", + "type": "string" + } + }, + "type": "object" + }, + "runtime.HostProfile": { + "description": "HostProfile represents a host runtime profile", + "properties": { + "_id": { + "description": "ID is the profile ID (hostname).\n", + "type": "string" + }, + "accountID": { + "description": "AccountID is the cloud account ID associated with the profile.\n", + "type": "string" + }, + "apps": { + "description": "Apps are the host's apps metadata.\n", + "items": { + "$ref": "#/components/schemas/runtime.App" + }, + "type": "array" + }, + "collections": { + "description": "Collections is a list of collections to which this profile applies.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "created": { + "description": "Created is the profile creation time.\n", + "format": "date-time", + "type": "string" + }, + "geoip": { + "$ref": "#/components/schemas/runtime.ProfileNetworkGeoIP" + }, + "hash": { + "$ref": "#/components/schemas/common.ProfileHash" + }, + "labels": { + "description": "Labels are the labels associated with the profile.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "sshEvents": { + "description": "SSHEvents represents a list SSH events occurred on the host.\n", + "items": { + "$ref": "#/components/schemas/runtime.SSHEvent" + }, + "type": "array" + }, + "time": { + "description": "Time is the last time when this profile was modified.\n", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "runtime.HostProfileListeningPort": { + "description": "HostProfileListeningPort holds a metadata on listening port stored in host runtime profile", + "properties": { + "command": { + "description": "Command represents the command that triggered the connection.\n", + "type": "string" + }, + "modified": { + "description": "Modified is a timestamp of when the event occurred.\n", + "format": "date-time", + "type": "string" + }, + "port": { + "description": "Port is the port number.\n", + "type": "integer" + }, + "processPath": { + "description": "ProcessPath represents the path to the process that uses the port.\n", + "type": "string" + } + }, + "type": "object" + }, + "runtime.HostProfileOutgoingPort": { + "description": "HostProfileOutgoingPort holds a metadata on outgoing port stored in host runtime profile", + "properties": { + "command": { + "description": "Command represents the command that triggered the connection.\n", + "type": "string" + }, + "country": { + "description": "Country is the country ISO code for the given IP address.\n", + "type": "string" + }, + "ip": { + "description": "IP is the IP address captured over this port.\n", + "type": "string" + }, + "modified": { + "description": "Modified is a timestamp of when the event occurred.\n", + "format": "date-time", + "type": "string" + }, + "port": { + "description": "Port is the port number.\n", + "type": "integer" + }, + "processPath": { + "description": "ProcessPath represents the path to the process that uses the port.\n", + "type": "string" + } + }, + "type": "object" + }, + "runtime.LogInspectionRule": { + "description": "LogInspectionRule represents a single log inspection rule", + "properties": { + "path": { + "description": "Path is the log path.\n", + "type": "string" + }, + "regex": { + "description": "Regex are the regular expressions associated with the rule if it is a custom one.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + "type": "object" + }, + "runtime.NetworkRule": { + "description": "NetworkRule represents the restrictions/suppression for networking", + "properties": { + "blacklistIPs": { + "description": "Deny-listed IP addresses.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "blacklistListeningPorts": { + "description": "Deny-listed listening ports.\n", + "items": { + "$ref": "#/components/schemas/common.PortRange" + }, + "type": "array" + }, + "blacklistOutboundPorts": { + "description": "Deny-listed outbound ports.\n", + "items": { + "$ref": "#/components/schemas/common.PortRange" + }, + "type": "array" + }, + "effect": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "whitelistIPs": { + "description": "Allow-listed IP addresses.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "whitelistListeningPorts": { + "description": "Allow-listed listening ports.\n", + "items": { + "$ref": "#/components/schemas/common.PortRange" + }, + "type": "array" + }, + "whitelistOutboundPorts": { + "description": "Allow-listed outbound ports.\n", + "items": { + "$ref": "#/components/schemas/common.PortRange" + }, + "type": "array" + } + }, + "type": "object" + }, + "runtime.PortListRule": { + "description": "PortListRule represents a rule containing ports to allowed/denied and the required effect", + "properties": { + "allowed": { + "description": "Allowed the allow-listed listening ports.\n", + "items": { + "$ref": "#/components/schemas/common.PortRange" + }, + "type": "array" + }, + "denied": { + "description": "Denied the deny-listed listening ports.\n", + "items": { + "$ref": "#/components/schemas/common.PortRange" + }, + "type": "array" + }, + "effect": { + "$ref": "#/components/schemas/runtime.RuleEffect" + } + }, + "type": "object" + }, + "runtime.ProcessesRule": { + "description": "ProcessesRule represents restrictions/suppression for running processes", + "properties": { + "blacklist": { + "description": "List of processes to deny.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "blockAllBinaries": { + "description": "Indicates that all processes are blocked except the main process.\n", + "type": "boolean" + }, + "checkCryptoMiners": { + "description": "Detect crypto miners.\n", + "type": "boolean" + }, + "checkLateralMovement": { + "description": "Indicates whether dectection of processes that can be used for lateral movement exploits is enabled.\n", + "type": "boolean" + }, + "checkNewBinaries": { + "description": "Indicates whether binaries which do not belong to the original image are allowed to run.\n", + "type": "boolean" + }, + "effect": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "skipModified": { + "description": "Indicates whether to trigger audits/incidents when a modified proc is spawned.\n", + "type": "boolean" + }, + "whitelist": { + "description": "List of processes to allow.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + "type": "object" + }, + "runtime.ProfileFilesystem": { + "description": "ProfileFilesystem defines the filesystem features profile", + "properties": { + "behavioral": { + "description": "Behavioral is filesystem data learned from behavioral analysis.\n", + "items": { + "$ref": "#/components/schemas/runtime.ProfileFilesystemPath" + }, + "type": "array" + }, + "static": { + "description": "Static is filesystem data learned from static analysis.\n", + "items": { + "$ref": "#/components/schemas/runtime.ProfileFilesystemPath" + }, + "type": "array" + } + }, + "type": "object" + }, + "runtime.ProfileFilesystemPath": { + "description": "ProfileFilesystemPath represents the filesystem static data", + "properties": { + "mount": { + "description": "Mount indicates whether the given folder is a mount.\n", + "type": "boolean" + }, + "path": { + "description": "Path is the file path.\n", + "type": "string" + }, + "process": { + "description": "Process is the process that accessed the file.\n", + "type": "string" + }, + "time": { + "description": "Time is the time in which the file was added.\n", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "runtime.ProfileNetwork": { + "description": "ProfileNetwork represents networking data that is learned", + "properties": { + "behavioral": { + "$ref": "#/components/schemas/runtime.ProfileNetworkBehavioral" + }, + "geoip": { + "$ref": "#/components/schemas/runtime.ProfileNetworkGeoIP" + }, + "static": { + "$ref": "#/components/schemas/runtime.ProfileNetworkStatic" + } + }, + "type": "object" + }, + "runtime.ProfileNetworkBehavioral": { + "description": "ProfileNetworkBehavioral represents the behavioral data learned for networking", + "properties": { + "dnsQueries": { + "description": "DNSQueries is the learned DNS queries.\n", + "items": { + "$ref": "#/components/schemas/runtime.DNSQuery" + }, + "type": "array" + }, + "listeningPorts": { + "description": "Listening is the learned listening ports.\n", + "items": { + "$ref": "#/components/schemas/runtime.AppListeningPorts" + }, + "type": "array" + }, + "outboundPorts": { + "$ref": "#/components/schemas/common.ProfilePortData" + } + }, + "type": "object" + }, + "runtime.ProfileNetworkGeoIP": { + "description": "ProfileNetworkGeoIP represents a cache of last ip-country pairs attached to each profile", + "properties": { + "countries": { + "description": "Countries is a list of ip addresses with their corresponding country codes.\n", + "items": { + "$ref": "#/components/schemas/runtime.GeoIP" + }, + "type": "array" + }, + "modified": { + "description": "Modified is the last modified time of the cache.\n", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "runtime.ProfileNetworkStatic": { + "description": "ProfileNetworkStatic represent the static section of the networking profile", + "properties": { + "listeningPorts": { + "description": "Listening are the listening ports learned by static analysis.\n", + "items": { + "$ref": "#/components/schemas/runtime.AppListeningPorts" + }, + "type": "array" + } + }, + "type": "object" + }, + "runtime.ProfileProcess": { + "description": "ProfileProcess represents a single process data", + "properties": { + "command": { + "description": "Command is the executed command.\n", + "type": "string" + }, + "interactive": { + "description": "Interactive indicates whether the process belongs to an interactive session.\n", + "type": "boolean" + }, + "md5": { + "description": "MD5 is the process binary MD5 sum.\n", + "type": "string" + }, + "modified": { + "description": "Modified indicates the process binary was modified after the container has started.\n", + "type": "boolean" + }, + "path": { + "description": "Path is the process binary path.\n", + "type": "string" + }, + "ppath": { + "description": "PPath is the parent process path.\n", + "type": "string" + }, + "time": { + "description": "Time is the time in which the process was added. If the process was modified, Time is the modification time.\n", + "format": "date-time", + "type": "string" + }, + "user": { + "description": "User represents the username that started the process.\n", + "type": "string" + } + }, + "type": "object" + }, + "runtime.ProfileProcesses": { + "description": "ProfileProcesses represents the process data that is learned for a specific image", + "properties": { + "behavioral": { + "description": "Behavioral are process details learned from behavioral analysis.\n", + "items": { + "$ref": "#/components/schemas/runtime.ProfileProcess" + }, + "type": "array" + }, + "static": { + "description": "Static are process details learned from static analysis.\n", + "items": { + "$ref": "#/components/schemas/runtime.ProfileProcess" + }, + "type": "array" + } + }, + "type": "object" + }, + "runtime.RuleEffect": { + "description": "RuleEffect is the effect that will be used in the runtime rule", + "enum": [ + [ + "block", + "prevent", + "alert", + "disable" + ] + ], + "type": "string" + }, + "runtime.SSHEvent": { + "description": "SSHEvent represents an SSH event data", + "properties": { + "command": { + "description": "Command is the executed command.\n", + "type": "string" + }, + "country": { + "description": "Country represents the SSH client's origin country.\n", + "type": "string" + }, + "interactive": { + "description": "Interactive indicates whether the process belongs to an interactive session.\n", + "type": "boolean" + }, + "ip": { + "description": "IP address represents the connection client IP address.\n", + "type": "integer" + }, + "loginTime": { + "description": "LoginTime represents the SSH login time.\n", + "format": "int64", + "type": "integer" + }, + "md5": { + "description": "MD5 is the process binary MD5 sum.\n", + "type": "string" + }, + "modified": { + "description": "Modified indicates the process binary was modified after the container has started.\n", + "type": "boolean" + }, + "path": { + "description": "Path is the process binary path.\n", + "type": "string" + }, + "ppath": { + "description": "PPath is the parent process path.\n", + "type": "string" + }, + "time": { + "description": "Time is the time in which the process was added. If the process was modified, Time is the modification time.\n", + "format": "date-time", + "type": "string" + }, + "user": { + "description": "User represents the username that started the process.\n", + "type": "string" + } + }, + "type": "object" + }, + "runtime.SecretScrubbingSpec": { + "description": "SecretScrubbingSpec defined a single runtime secret scrubbing specification", + "properties": { + "disabled": { + "description": "Indicates whether the rule is currently disabled. Values: true (disabled) or false (enabled).\n", + "type": "boolean" + }, + "modified": { + "description": "Specifies the date and time when the rule was last modified.\n", + "format": "date-time", + "type": "string" + }, + "name": { + "description": "Name of the rule.\n", + "type": "string" + }, + "notes": { + "description": "Describes any noteworthy points for a rule. You can include any text.\n", + "type": "string" + }, + "owner": { + "description": "User who created or last modified the rule.\n", + "type": "string" + }, + "pattern": { + "description": "Pattern is the regex pattern to mask sensitive data.\n", + "type": "string" + }, + "placeholder": { + "description": "Placeholder is the placeholder text to replace the matched field content.\n", + "type": "string" + }, + "previousName": { + "description": "Previous name of the rule. Required for rule renaming.\n", + "type": "string" + } + }, + "type": "object" + }, + "runtime.ServerlessPolicy": { + "description": "ServerlessPolicy represents a serverless runtime policy enforced for a given running resource", + "properties": { + "_id": { + "description": "Internal identifier.\n", + "type": "string" + }, + "learningDisabled": { + "description": "Indicates whether automatic behavioural learning is enabled (true) or not (false).\n", + "type": "boolean" + }, + "rules": { + "description": "Rules in the policy.\n", + "items": { + "$ref": "#/components/schemas/runtime.ServerlessPolicyRule" + }, + "type": "array" + } + }, + "type": "object" + }, + "runtime.ServerlessPolicyRule": { + "description": "ServerlessPolicyRule represents a single rule in the serverless runtime policy", + "properties": { + "advancedProtection": { + "description": "Indicates whether advanced protection (e.g., custom or premium feeds for container, added whitelist rules for serverless) is enabled (true) or not (false).\n", + "type": "boolean" + }, + "cloudMetadataEnforcement": { + "description": "Catches containers that access the cloud provider metadata API.\n", + "type": "boolean" + }, + "collections": { + "description": "List of collections. Used to scope the rule.\n", + "items": { + "$ref": "#/components/schemas/collection.Collection" + }, + "type": "array" + }, + "customRules": { + "description": "List of custom runtime rules.\n", + "items": { + "$ref": "#/components/schemas/customrules.Ref" + }, + "type": "array" + }, + "disabled": { + "description": "Indicates whether the rule is currently disabled. Values: true (disabled) or false (enabled).\n", + "type": "boolean" + }, + "dns": { + "$ref": "#/components/schemas/runtime.DNSRule" + }, + "filesystem": { + "$ref": "#/components/schemas/runtime.FilesystemRule" + }, + "kubernetesEnforcement": { + "description": "Detects containers that attempt to compromise the orchestrator.\n", + "type": "boolean" + }, + "modified": { + "description": "Specifies the date and time when the rule was last modified.\n", + "format": "date-time", + "type": "string" + }, + "name": { + "description": "Name of the rule.\n", + "type": "string" + }, + "network": { + "$ref": "#/components/schemas/runtime.NetworkRule" + }, + "notes": { + "description": "Describes any noteworthy points for a rule. You can include any text.\n", + "type": "string" + }, + "owner": { + "description": "User who created or last modified the rule.\n", + "type": "string" + }, + "previousName": { + "description": "Previous name of the rule. Required for rule renaming.\n", + "type": "string" + }, + "processes": { + "$ref": "#/components/schemas/runtime.ProcessesRule" + }, + "skipExecSessions": { + "description": "Indicates whether to skip runtime validation for events triggered by docker/kubectl exec.\n", + "type": "boolean" + }, + "wildFireAnalysis": { + "$ref": "#/components/schemas/runtime.RuleEffect" + } + }, + "type": "object" + }, + "sandbox.ConnectionEvent": { + "description": "ConnectionEvent represents a network connection event", + "properties": { + "countryCode": { + "description": "CountryCode is the country code for the network IP.\n", + "type": "string" + }, + "ip": { + "description": "IP is the network IP.\n", + "type": "string" + }, + "port": { + "description": "Port is the network port.\n", + "type": "integer" + }, + "process": { + "$ref": "#/components/schemas/sandbox.ProcessEvent" + }, + "protocol": { + "description": "Protocol is the transport layer protocol (UDP / TCP).\n", + "type": "string" + }, + "time": { + "description": "Time is the event time.\n", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "sandbox.DNSQueryEvent": { + "description": "DNSQueryEvent represents a DNS query event with it's connection details", + "properties": { + "countryCode": { + "description": "CountryCode is the country code for the network IP.\n", + "type": "string" + }, + "domainName": { + "description": "DomainName is the domain name for a DNS query.\n", + "type": "string" + }, + "domainType": { + "description": "DomainType is the domain type for a DNS query.\n", + "type": "string" + }, + "ip": { + "description": "IP is the network IP.\n", + "type": "string" + }, + "process": { + "$ref": "#/components/schemas/sandbox.ProcessEvent" + }, + "time": { + "description": "Time is the event time.\n", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "sandbox.Event": { + "description": "Event is a single event in a chain that lead to finding detection", + "properties": { + "description": { + "description": "Description describes what happened in the event.\n", + "type": "string" + }, + "time": { + "description": "Time is the time of event detection.\n", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "sandbox.FilesystemAccessType": { + "description": "FilesystemAccessType represents a type of accessing a file", + "enum": [ + [ + "open", + "modify", + "create" + ] + ], + "type": "string" + }, + "sandbox.FilesystemEvent": { + "description": "FilesystemEvent represents a filesystem event during sandbox scan", + "properties": { + "accessType": { + "$ref": "#/components/schemas/sandbox.FilesystemAccessType" + }, + "path": { + "description": "Path is the file path.\n", + "type": "string" + }, + "process": { + "$ref": "#/components/schemas/sandbox.ProcessEvent" + }, + "time": { + "description": "Time is the event time.\n", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "sandbox.Finding": { + "description": "Finding represents a finding detected during sandbox scan", + "properties": { + "description": { + "description": "Description is the finding description.\n", + "type": "string" + }, + "events": { + "description": "Events are the events that lead to the finding detection.\n", + "items": { + "$ref": "#/components/schemas/sandbox.Event" + }, + "type": "array" + }, + "severity": { + "$ref": "#/components/schemas/sandbox.FindingSeverity" + }, + "time": { + "description": "Time is the detection time (time of triggering event).\n", + "format": "date-time", + "type": "string" + }, + "type": { + "$ref": "#/components/schemas/sandbox.FindingType" + } + }, + "type": "object" + }, + "sandbox.FindingSeverity": { + "description": "FindingSeverity represents a finding severity level", + "enum": [ + [ + "critical", + "high", + "medium", + "low" + ] + ], + "type": "string" + }, + "sandbox.FindingType": { + "description": "FindingType represents a unique sandbox-detected finding type", + "enum": [ + [ + "dropper", + "modifiedBinary", + "executableCreation", + "filelessExecutableCreation", + "wildFireMalware", + "verticalPortScan", + "cryptoMiner", + "suspiciousELFHeader", + "kernelModule", + "modifiedBinaryExecution", + "filelessExecution" + ] + ], + "type": "string" + }, + "sandbox.ListeningEvent": { + "description": "ListeningEvent represents a network listening event", + "properties": { + "port": { + "description": "Port is the network port.\n", + "type": "integer" + }, + "process": { + "$ref": "#/components/schemas/sandbox.ProcessEvent" + }, + "time": { + "description": "Time is the event time.\n", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "sandbox.ProcessEvent": { + "description": "ProcessEvent represents a process event during sandbox scan", + "properties": { + "command": { + "description": "Command is the command line.\n", + "type": "string" + }, + "md5": { + "description": "MD5 is the md5 hash for the process binary.\n", + "type": "string" + }, + "parent": { + "$ref": "#/components/schemas/sandbox.ProcessInfo" + }, + "path": { + "description": "Path is the binary path.\n", + "type": "string" + }, + "time": { + "description": "Time is the process start time.\n", + "format": "date-time", + "type": "string" + }, + "user": { + "description": "User is the username/id.\n", + "type": "string" + } + }, + "type": "object" + }, + "sandbox.ProcessInfo": { + "description": "ProcessInfo holds process information", + "properties": { + "command": { + "description": "Command is the command line.\n", + "type": "string" + }, + "md5": { + "description": "MD5 is the md5 hash for the process binary.\n", + "type": "string" + }, + "path": { + "description": "Path is the binary path.\n", + "type": "string" + }, + "time": { + "description": "Time is the process start time.\n", + "format": "date-time", + "type": "string" + }, + "user": { + "description": "User is the username/id.\n", + "type": "string" + } + }, + "type": "object" + }, + "sandbox.ScanResult": { + "description": "ScanResult represents sandbox scan results", + "properties": { + "_id": { + "description": "ID is a unique scan identifier.\n", + "type": "string" + }, + "collections": { + "description": "Collections to which this result applies.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "connection": { + "description": "Connection is a list of connection events detected during this scan.\n", + "items": { + "$ref": "#/components/schemas/sandbox.ConnectionEvent" + }, + "type": "array" + }, + "dns": { + "description": "DNS is a list of DNS queries detected during this scan.\n", + "items": { + "$ref": "#/components/schemas/sandbox.DNSQueryEvent" + }, + "type": "array" + }, + "entrypoint": { + "description": "Entrypoint is the command executed in the sandbox scan.\n", + "type": "string" + }, + "filesystem": { + "description": "Filesystem is a list of filesystem events detected during this scan.\n", + "items": { + "$ref": "#/components/schemas/sandbox.FilesystemEvent" + }, + "type": "array" + }, + "findings": { + "description": "Findings are the detected findings during scan.\n", + "items": { + "$ref": "#/components/schemas/sandbox.Finding" + }, + "type": "array" + }, + "image": { + "$ref": "#/components/schemas/shared.ImageInfo" + }, + "imageName": { + "description": "ImageName is the image name (e.g. registry/repo:tag).\n", + "type": "string" + }, + "listening": { + "description": "Listening is a list of listening events detected during this scan.\n", + "items": { + "$ref": "#/components/schemas/sandbox.ListeningEvent" + }, + "type": "array" + }, + "pass": { + "description": "Pass indicates if the scan passed or failed.\n", + "type": "boolean" + }, + "procs": { + "description": "Procs are the different detected process during this scan.\n", + "items": { + "$ref": "#/components/schemas/sandbox.ProcessEvent" + }, + "type": "array" + }, + "riskScore": { + "description": "RiskScore is the weighted total risk score.\n", + "format": "double", + "type": "number" + }, + "scanDuration": { + "description": "ScanDuration is the provided scan duration in nanoseconds.\n", + "format": "int64", + "type": "integer" + }, + "scanTime": { + "description": "Start is the scan start time.\n", + "format": "date-time", + "type": "string" + }, + "suspiciousFiles": { + "description": "SuspiciousFiles are suspicious files detected during scan.\n", + "items": { + "$ref": "#/components/schemas/sandbox.SuspiciousFile" + }, + "type": "array" + } + }, + "type": "object" + }, + "sandbox.SuspiciousFile": { + "description": "SuspiciousFile represents a suspicious file", + "properties": { + "containerPath": { + "description": "ContainerPath is the path of the file in the running container.\n", + "type": "string" + }, + "created": { + "description": "Created indicates if the file was created during runtime.\n", + "type": "boolean" + }, + "md5": { + "description": "MD5 is the file MD5 hash.\n", + "type": "string" + }, + "path": { + "description": "Path is the path to the copy of the file.\n", + "type": "string" + } + }, + "type": "object" + }, + "secrets.SecretScanMetrics": { + "description": "SecretScanMetrics represents metrics collected during secret scan", + "properties": { + "failedScans": { + "description": "FailedScans represents number of failed scans caused by scanner errors.\n", + "format": "int64", + "type": "integer" + }, + "foundSecrets": { + "description": "FoundSecrets represents number of detected secrets.\n", + "type": "integer" + }, + "scanTime": { + "description": "ScanTime represents cumulative secret scan time in microseconds.\n", + "format": "int64", + "type": "integer" + }, + "scanTimeouts": { + "description": "ScanTimeouts represents number of failed scans caused by timeout.\n", + "format": "int64", + "type": "integer" + }, + "scannedFileSize": { + "description": "ScannedFileSize represents accumulated size of scanned files.\n", + "format": "int64", + "type": "integer" + }, + "scannedFiles": { + "description": "ScannedFiles represents number of text files scanned for secrets.\n", + "format": "int64", + "type": "integer" + }, + "totalBytes": { + "description": "TotalBytes represents accumulated file size.\n", + "format": "int64", + "type": "integer" + }, + "totalFiles": { + "description": "TotalFiles represents number of files read for secrets.\n", + "format": "int64", + "type": "integer" + }, + "totalTime": { + "description": "TotalTime represents the total time in microseconds.\n", + "format": "int64", + "type": "integer" + }, + "typesCount": { + "additionalProperties": { + "$ref": "#/components/schemas/int" + }, + "description": "TypesCount represents distribution of secrets by its type.\n", + "type": "object" + } + }, + "type": "object" + }, + "serverless.ActionResources": { + "description": "ActionResources is a single action resources", + "properties": { + "resources": { + "description": "Resources are the resources granted to the action.\n", + "items": { + "$ref": "#/components/schemas/serverless.Resource" + }, + "type": "array" + }, + "serviceAPI": { + "$ref": "#/components/schemas/serverless.ServiceAPI" + } + }, + "type": "object" + }, + "serverless.AssociatedVersion": { + "description": "AssociatedVersion is a single function version associated with the alias", + "properties": { + "version": { + "description": "Version is the function version.\n", + "type": "string" + }, + "weight": { + "description": "Weight is the possibility that the function will be called when triggering the alias.\n", + "type": "string" + } + }, + "type": "object" + }, + "serverless.Condition": { + "description": "Condition contains limitations on resources, such as a specific prefix", + "properties": { + "conditions": { + "description": "Conditions contain the limitations.\n", + "items": { + "$ref": "#/components/schemas/shared.KeyValues" + }, + "type": "array" + }, + "name": { + "description": "Condition in AWS such as: StringLike, StringNotLike, StringEquals, StringNotEquals, StringEqualsIgnoreCase, StringNotEqualsIgnoreCase, ForAllValues:StringLike,...\n", + "type": "string" + } + }, + "type": "object" + }, + "serverless.FunctionInfo": { + "description": "FunctionInfo contains function information collected during function scan", + "properties": { + "Secrets": { + "description": "Secrets are paths to embedded secrets inside the image\nNote: capital letter JSON annotation is kept to avoid converting all images for backward-compatibility support.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "_id": { + "description": "ID of the function.\n", + "type": "string" + }, + "accountID": { + "description": "Cloud account ID.\n", + "type": "string" + }, + "allCompliance": { + "$ref": "#/components/schemas/vuln.AllCompliance" + }, + "applicationName": { + "description": "Name of the application with which the function is associated.\n", + "type": "string" + }, + "applications": { + "description": "Products in the image.\n", + "items": { + "$ref": "#/components/schemas/vuln.Application" + }, + "type": "array" + }, + "architecture": { + "description": "Architecture that the function supports.\n", + "type": "string" + }, + "baseImage": { + "description": "Image\u2019s base image name. Used when filtering the vulnerabilities by base images.\n", + "type": "string" + }, + "binaries": { + "description": "Binaries in the image.\n", + "items": { + "$ref": "#/components/schemas/shared.Binary" + }, + "type": "array" + }, + "cloudControllerAddress": { + "description": "Address of the TAS cloud controller API.\n", + "type": "string" + }, + "cloudMetadata": { + "$ref": "#/components/schemas/common.CloudMetadata" + }, + "clusterType": { + "$ref": "#/components/schemas/common.ClusterType" + }, + "clusters": { + "description": "Cluster names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "collections": { + "description": "Matched function collections.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "complianceDistribution": { + "$ref": "#/components/schemas/vuln.Distribution" + }, + "complianceIssues": { + "description": "All the compliance issues.\n", + "items": { + "$ref": "#/components/schemas/vuln.Vulnerability" + }, + "type": "array" + }, + "complianceIssuesCount": { + "description": "Number of compliance issues.\n", + "type": "integer" + }, + "complianceRiskScore": { + "description": "Compliance risk score for the image.\n", + "format": "float", + "type": "number" + }, + "compressed": { + "description": "Compressed indicates if this image seems to be compressed - currently only relevant for buildah images.\n", + "type": "boolean" + }, + "compressedLayerTimes": { + "$ref": "#/components/schemas/shared.CompressedLayerTimes" + }, + "creationTime": { + "description": "Specifies the time of creation for the latest version of the image.\n", + "format": "date-time", + "type": "string" + }, + "defended": { + "description": "Indicates status of runtime defense. Covers both manually and automatically deployed function defense.\n", + "type": "boolean" + }, + "defenderLayerARN": { + "description": "Prisma Defender Layer ARN, if it exists.\n", + "type": "string" + }, + "description": { + "description": "User-provided description of the function.\n", + "type": "string" + }, + "distro": { + "description": "Full name of the distribution.\n", + "type": "string" + }, + "ecsClusterName": { + "description": "ECS cluster name.\n", + "type": "string" + }, + "envvars": { + "description": "Function environment variables.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "err": { + "description": "Description of an error that occurred during the scan.\n", + "type": "string" + }, + "externalLabels": { + "description": "Kubernetes external labels of all containers running this image.\n", + "items": { + "$ref": "#/components/schemas/common.ExternalLabel" + }, + "type": "array" + }, + "files": { + "description": "Files in the container.\n", + "items": { + "$ref": "#/components/schemas/shared.FileDetails" + }, + "type": "array" + }, + "firstScanTime": { + "description": "Specifies the time of the scan for the first version of the image. This time is preserved even after the version update.\n", + "format": "date-time", + "type": "string" + }, + "foundSecrets": { + "description": "FoundSecrets are secrets with metadata that were found in the secrets' scan. Requires json tag for reporting secrets from image scan.\n", + "items": { + "$ref": "#/components/schemas/vuln.Secret" + }, + "type": "array" + }, + "functionLayers": { + "description": "Layer ARNs used by this function.\n", + "items": { + "$ref": "#/components/schemas/serverless.LayerInfo" + }, + "type": "array" + }, + "functionTags": { + "description": "Cloud provider metadata tags.\n", + "items": { + "$ref": "#/components/schemas/common.ExternalLabel" + }, + "type": "array" + }, + "handler": { + "description": "Handler is the function handler.\n", + "type": "string" + }, + "hash": { + "description": "Hash of the function.\n", + "type": "string" + }, + "history": { + "description": "Docker image history.\n", + "items": { + "$ref": "#/components/schemas/shared.ImageHistory" + }, + "type": "array" + }, + "hostDevices": { + "description": "Map from host network device name to IP address.\n", + "items": { + "$ref": "#/components/schemas/common.NetworkDeviceIP" + }, + "type": "array" + }, + "hostname": { + "description": "Hostname of the scanner.\n", + "type": "string" + }, + "id": { + "description": "Image ID.\n", + "type": "string" + }, + "image": { + "$ref": "#/components/schemas/shared.Image" + }, + "installedProducts": { + "$ref": "#/components/schemas/shared.InstalledProducts" + }, + "invocations": { + "description": "Invocations is the function invocation count.\n", + "format": "double", + "type": "number" + }, + "isARM64": { + "description": "IsARM64 indicates if the architecture of the image is aarch64.\n", + "type": "boolean" + }, + "k8sClusterAddr": { + "description": "Endpoint of the Kubernetes API server.\n", + "type": "string" + }, + "labels": { + "description": "Image labels.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "lastModified": { + "description": "Date/time when the function was last modified.\n", + "format": "date-time", + "type": "string" + }, + "layers": { + "description": "Image's filesystem layers. Each layer is a SHA256 digest of the filesystem diff\nSee: https://windsock.io/explaining-docker-image-ids/.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "memory": { + "description": "Memory size, in MB, configured for the function.\n", + "format": "int64", + "type": "integer" + }, + "missingDistroVulnCoverage": { + "description": "Indicates if the image OS is covered in the IS (true) or not (false).\n", + "type": "boolean" + }, + "name": { + "description": "Name of the function.\n", + "type": "string" + }, + "namespaces": { + "description": "k8s namespaces of all the containers running this image.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "osDistro": { + "description": "Name of the OS distribution.\n", + "type": "string" + }, + "osDistroRelease": { + "description": "OS distribution release.\n", + "type": "string" + }, + "osDistroVersion": { + "description": "OS distribution version.\n", + "type": "string" + }, + "packageManager": { + "description": "Indicates if the package manager is installed for the OS.\n", + "type": "boolean" + }, + "packages": { + "description": "Packages which exist in the image.\n", + "items": { + "$ref": "#/components/schemas/shared.Packages" + }, + "type": "array" + }, + "platform": { + "description": "Platform is the function OS.\n", + "type": "string" + }, + "provider": { + "$ref": "#/components/schemas/common.CloudProvider" + }, + "pushTime": { + "description": "PushTime is the image push time to the registry.\n", + "format": "date-time", + "type": "string" + }, + "redHatNonRPMImage": { + "description": "RedHatNonRPMImage indicates whether the image is a Red Hat image with non-RPM content.\n", + "type": "boolean" + }, + "region": { + "description": "Function's region.\n", + "type": "string" + }, + "registryNamespace": { + "description": "IBM cloud namespace to which the image belongs.\n", + "type": "string" + }, + "registryTags": { + "description": "RegistryTags are the tags of the registry this image is stored.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "registryType": { + "description": "RegistryType indicates the registry type where the image is stored.\n", + "type": "string" + }, + "repoDigests": { + "description": "Digests of the image. Used for content trust (notary). Has one digest per tag.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "repoTag": { + "$ref": "#/components/schemas/shared.ImageTag" + }, + "resourceGroupName": { + "description": "Name of the resource group to which the resource belongs (only for Azure).\n", + "type": "string" + }, + "rhelRepos": { + "description": "RhelRepositories are the (RPM) repositories IDs from which the packages in this image were installed\nUsed for matching vulnerabilities by Red Hat CPEs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "riskFactors": { + "$ref": "#/components/schemas/vulnerability.RiskFactors" + }, + "role": { + "description": "AWS execution role.\n", + "type": "string" + }, + "runtime": { + "description": "Runtime environment for the function (e.g., nodejs).\n", + "type": "string" + }, + "scanBuildDate": { + "description": "Scanner build date that published the image.\n", + "type": "string" + }, + "scanTime": { + "description": "Date/time when the scan of the function was performed.\n", + "format": "date-time", + "type": "string" + }, + "scanVersion": { + "description": "Scanner version that published the image.\n", + "type": "string" + }, + "scannerVersion": { + "description": "Scanner version.\n", + "type": "string" + }, + "secretScanMetrics": { + "$ref": "#/components/schemas/secrets.SecretScanMetrics" + }, + "startupBinaries": { + "description": "Binaries which are expected to run when the container is created from this image.\n", + "items": { + "$ref": "#/components/schemas/shared.Binary" + }, + "type": "array" + }, + "status": { + "description": "Status of the function (e.g., running).\n", + "type": "string" + }, + "tags": { + "description": "Tags associated with the given image.\n", + "items": { + "$ref": "#/components/schemas/shared.ImageTag" + }, + "type": "array" + }, + "timeout": { + "description": "Function execution time at which the function will be terminated.\n", + "format": "int64", + "type": "integer" + }, + "topLayer": { + "description": "SHA256 of the image's last layer that is the last element of the Layers field.\n", + "type": "string" + }, + "twistlockImage": { + "description": "Indicates if the image is a Twistlock image (true) or not (false).\n", + "type": "boolean" + }, + "type": { + "$ref": "#/components/schemas/shared.ScanType" + }, + "underlyingDistro": { + "description": "UnderlyingDistro is used in cases OS an OS is built on top of another, and we need to know both.\n", + "type": "string" + }, + "underlyingDistroRelease": { + "description": "UnderlyingDistroRelease is used in cases OS an OS is built on top of another, and we need to know both.\n", + "type": "string" + }, + "version": { + "description": "Version of the function.\n", + "type": "string" + }, + "vulnerabilities": { + "description": "CVE vulnerabilities of the image.\n", + "items": { + "$ref": "#/components/schemas/vuln.Vulnerability" + }, + "type": "array" + }, + "vulnerabilitiesCount": { + "description": "Total number of vulnerabilities.\n", + "type": "integer" + }, + "vulnerabilityDistribution": { + "$ref": "#/components/schemas/vuln.Distribution" + }, + "vulnerabilityRiskScore": { + "description": "Image's CVE risk score.\n", + "format": "float", + "type": "number" + } + }, + "type": "object" + }, + "serverless.LayerInfo": { + "description": "LayerInfo contains information about a lambda layer", + "properties": { + "id": { + "description": "ID of the layer.\n", + "type": "string" + }, + "name": { + "description": "Name of the layer.\n", + "type": "string" + }, + "version": { + "description": "Version of the layer.\n", + "type": "string" + } + }, + "type": "object" + }, + "serverless.Permissions": { + "description": "Permissions contain service function permissions", + "properties": { + "actions": { + "description": "Actions is API actions of the service that the function has access to.\n", + "items": { + "$ref": "#/components/schemas/serverless.ActionResources" + }, + "type": "array" + }, + "service": { + "description": "Service is the service name.\n", + "type": "string" + } + }, + "type": "object" + }, + "serverless.RadarData": { + "description": "RadarData represent all data relevant to the serverless radar", + "properties": { + "serverlessRadar": { + "description": "ServerlessRadar holds all radar entities.\n", + "items": { + "$ref": "#/components/schemas/serverless.RadarEntity" + }, + "type": "array" + } + }, + "type": "object" + }, + "serverless.RadarEntity": { + "description": "RadarEntity is the extended serverless radar entity", + "properties": { + "_id": { + "description": "ID is unique identifier of the function (for AWS - ARN).\n", + "type": "string" + }, + "accountID": { + "description": "AccountID is the cloud account ID.\n", + "type": "string" + }, + "alias": { + "description": "Alias states that the current entity is an alias of the function.\n", + "type": "boolean" + }, + "applicationName": { + "description": "ApplicationName is the name of the application the function is associated with.\n", + "type": "string" + }, + "associatedVersions": { + "description": "AssociatedVersions contain the alias associated versions, or empty if the entity isn't an alias.\n", + "items": { + "$ref": "#/components/schemas/serverless.AssociatedVersion" + }, + "type": "array" + }, + "collections": { + "description": "Collections are the matched function collections.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "complianceDistribution": { + "$ref": "#/components/schemas/vuln.Distribution" + }, + "credentialId": { + "description": "CredentialID is the id reference of the credential used.\n", + "type": "string" + }, + "defended": { + "description": "Defended denotes weather the function is defended by a serverless defender.\n", + "type": "boolean" + }, + "description": { + "description": "Description is the user provided description of the function.\n", + "type": "string" + }, + "incidentCount": { + "description": "IncidentCount is the number of incidents.\n", + "type": "integer" + }, + "invocations": { + "description": "Invocations is the function invocation count.\n", + "format": "double", + "type": "number" + }, + "lastModified": { + "description": "LastModified is the modification time of the function.\n", + "format": "date-time", + "type": "string" + }, + "name": { + "description": "Name is the name of the function.\n", + "type": "string" + }, + "networkCount": { + "description": "NetworkCount contain the runtime network events count.\n", + "type": "integer" + }, + "permissions": { + "description": "Permissions are the function permissions.\n", + "items": { + "$ref": "#/components/schemas/serverless.Permissions" + }, + "type": "array" + }, + "permissionsBoundary": { + "description": "PermissionsBoundary are limitations of the permissions, acting as AND.\n", + "items": { + "$ref": "#/components/schemas/serverless.Permissions" + }, + "type": "array" + }, + "processesCount": { + "description": "ProcessesCount contain the runtime processes events count.\n", + "type": "integer" + }, + "provider": { + "$ref": "#/components/schemas/common.CloudProvider" + }, + "region": { + "description": "Region is the region that was scanned, for example: GCP - \"us-east-1\", Azure - \"westus\".\n", + "type": "string" + }, + "runtime": { + "description": "Runtime is runtime environment for the function, i.e. nodejs.\n", + "type": "string" + }, + "scanned": { + "description": "Scanned indicates if the function was scanned for vulnerabilities and compliance.\n", + "type": "boolean" + }, + "tags": { + "description": "Tags are the cloud provider metadata tags.\n", + "items": { + "$ref": "#/components/schemas/common.ExternalLabel" + }, + "type": "array" + }, + "triggers": { + "description": "Triggers contain invocation paths for functions.\n", + "items": { + "$ref": "#/components/schemas/serverless.Triggers" + }, + "type": "array" + }, + "version": { + "description": "Version is the version of the function, or the alias name if it's an alias.\n", + "type": "string" + }, + "vulnerabilityDistribution": { + "$ref": "#/components/schemas/vuln.Distribution" + } + }, + "type": "object" + }, + "serverless.RadarFilter": { + "description": "RadarFilter contains filter options for serverless radar entities", + "properties": { + "accountIDs": { + "description": "AccountIDs are cloud provider account IDs with discovered entities.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "credentials": { + "description": "Credentials are cloud provider credential ID's with discovered entities.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "provider": { + "$ref": "#/components/schemas/common.CloudProvider" + }, + "regions": { + "description": "Regions are cloud provider regions with discovered entities.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + "type": "object" + }, + "serverless.Resource": { + "description": "Resource is a single action resources", + "properties": { + "allow": { + "description": "Allow states if the resource is allowed or denied.\n", + "type": "boolean" + }, + "condition": { + "description": "Conditions contain limitations on resources, such as a specific prefix.\n", + "items": { + "$ref": "#/components/schemas/serverless.Condition" + }, + "type": "array" + }, + "name": { + "description": "Name is the resource name.\n", + "type": "string" + }, + "negate": { + "description": "Negate indicates that the policy apply to all except the given resource.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "serverless.ServiceAPI": { + "description": "ServiceAPI describes a service API", + "properties": { + "api": { + "description": "API is the service API.\n", + "type": "string" + }, + "negate": { + "description": "Negate indicates the policy apply to all APIs except the given API.\n", + "type": "boolean" + }, + "service": { + "description": "Service is the AWS service.\n", + "type": "string" + } + }, + "type": "object" + }, + "serverless.Trigger": { + "description": "Trigger contains function triggers", + "properties": { + "properties": { + "description": "Properties are the trigger properties. There may be multiple values per key, for example AWS S3 event types: ObjectCreatedByPost, ObjectCreatedByCopy, ObjectCreatedByPut.\n", + "items": { + "$ref": "#/components/schemas/shared.KeyValues" + }, + "type": "array" + }, + "sourceID": { + "description": "SourceID is the id of the service instance that caused the trigger. For example AWS S3 bucket ARN, AWS apigateway ARN, etc.\n", + "type": "string" + } + }, + "type": "object" + }, + "serverless.Triggers": { + "description": "Triggers contain a service function triggers", + "properties": { + "service": { + "description": "Service is the service name.\n", + "type": "string" + }, + "triggers": { + "description": "Triggers are the function invocation paths from the service.\n", + "items": { + "$ref": "#/components/schemas/serverless.Trigger" + }, + "type": "array" + } + }, + "type": "object" + }, + "shared.AISOperationType": { + "description": "AISOperationType represents a scan operation type", + "enum": [ + [ + "discovery", + "create-snapshot", + "deploy-scanner", + "cleanup" + ] + ], + "type": "string" + }, + "shared.ActivityType": { + "description": "ActivityType is the type of user activity", + "enum": [ + [ + "app restart", + "app install", + "app modified", + "cron modified", + "system update", + "system reboot", + "source modified", + "source added", + "iptables changed", + "secret modified", + "login", + "sudo", + "accounts modified", + "sensitive files modified", + "docker" + ] + ], + "type": "string" + }, + "shared.AgentlessAccountScanStatus": { + "description": "AgentlessAccountScanStatus represents agentless cloud account scan status", + "type": "integer" + }, + "shared.AgentlessAccountState": { + "description": "AgentlessAccountState holds the information about the agentless account state", + "properties": { + "lastScan": { + "description": "LastScan is a timestamp of the end of the last scan.\n", + "format": "date-time", + "type": "string" + }, + "regions": { + "description": "Regions is an array of regions scanned in account.\n", + "items": { + "$ref": "#/components/schemas/shared.AgentlessRegionState" + }, + "type": "array" + }, + "scanStatus": { + "$ref": "#/components/schemas/shared.AgentlessAccountScanStatus" + } + }, + "type": "object" + }, + "shared.AgentlessHostTag": { + "description": "AgentlessHostTag is the tag to be checked on a discovered host", + "properties": { + "key": { + "description": "Key is the tag key.\n", + "type": "string" + }, + "value": { + "description": "Value is the tag value.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.AgentlessRegionState": { + "description": "AgentlessRegionState holds information about the statuses scans in a region", + "properties": { + "availabilityDomain": { + "description": "AvailabilityDomain is the code name of OCI availabilityDomain.\n", + "type": "string" + }, + "errorsInfo": { + "description": "ErrorsInfo holds information about the errors that occured during in region scan.\n", + "items": { + "$ref": "#/components/schemas/shared.ScanErrorInfo" + }, + "type": "array" + }, + "lastScan": { + "description": "LastScan is a timestamp of the end of the last scan.\n", + "format": "date-time", + "type": "string" + }, + "region": { + "description": "Region is the code name of the region.\n", + "type": "string" + }, + "scanCoverage": { + "$ref": "#/components/schemas/shared.AgentlessScanHostCoverage" + }, + "scanID": { + "description": "ScanID is the id of scan cycle the region was last scanned in.\n", + "type": "integer" + }, + "score": { + "description": "Score is an aggregated score of the errors in the region.\n", + "type": "integer" + } + }, + "type": "object" + }, + "shared.AgentlessScanHostCoverage": { + "description": "AgentlessScanHostCoverage contains the scan coverage stats", + "properties": { + "excluded": { + "description": "Excluded is the number of hosts that were excluded from the scan.\n", + "type": "integer" + }, + "issued": { + "description": "Issued is the number of hosts that are failed to scanned.\n", + "type": "integer" + }, + "pending": { + "description": "Pending is the number of hosts that are pending ais scan.\n", + "type": "integer" + }, + "successful": { + "description": "Successful is the number of hosts that were successfully scanned.\n", + "type": "integer" + }, + "unsupported": { + "description": "Unsupported is the number of hosts that are unsupported.\n", + "type": "integer" + } + }, + "type": "object" + }, + "shared.AgentlessScanSpecification": { + "description": "AgentlessScanSpecification contains information for setting up an agentless scan for a group of accounts", + "properties": { + "autoScale": { + "description": "AutoScale indicates that the number of concurrent scanners should be selected automatically.\n", + "type": "boolean" + }, + "cloudScan": { + "description": "CloudScan indicates whether the account is being scanned with prisma.\n", + "type": "boolean" + }, + "consoleAddr": { + "description": "ConsoleAddr is a network-accessible address that scanners can use to publish scan results to Console.\n", + "type": "string" + }, + "customTags": { + "description": "CustomTags are optional tags that can be added to the resources created by the scan.\n", + "items": { + "$ref": "#/components/schemas/shared.AgentlessHostTag" + }, + "type": "array" + }, + "enabled": { + "description": "Enabled indicates whether agentless scanning is enabled.\n", + "type": "boolean" + }, + "excludedTags": { + "description": "ExcludedTags are the tags used to exclude instances from the scan.\n", + "items": { + "$ref": "#/components/schemas/shared.AgentlessHostTag" + }, + "type": "array" + }, + "hubAccount": { + "description": "HubAccount indicates whether the account is configured as a hub account.\n", + "type": "boolean" + }, + "hubCredentialID": { + "description": "HubCredentialID is the ID of the credentials in the credentials store to use for authenticating with the cloud provider on behalf of the scan hub account. Optional.\n", + "type": "string" + }, + "includedTags": { + "description": "IncludedTags are tags that are used to filter hosts to scan. If set, only hosts that have one or more of these tags are scanned.\n", + "items": { + "$ref": "#/components/schemas/shared.AgentlessHostTag" + }, + "type": "array" + }, + "ociCompartment": { + "description": "OCICompartment is the resource group that holds all scan related resources for OCI.\n", + "type": "string" + }, + "ociExcludedCompartments": { + "description": "OCIExcludedCompartments are the compartments excluded from scan (OCI).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "ociVcn": { + "description": "OCIVcn is the Virtual Cloud Network to use for the instance launched for scanning. Default value is empty string, which represents the default VCN.\n", + "type": "string" + }, + "proxyAddress": { + "description": "ProxyAddress is the optional HTTP proxy address for a setup that includes a proxy server.\n", + "type": "string" + }, + "proxyCA": { + "description": "ProxyCA is the optional proxy CA certificate for a setup that includes a TLS proxy.\n", + "type": "string" + }, + "regions": { + "description": "Regions are the cloud provider regions applicable for the scan. Default is all.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "scanNonRunning": { + "description": "ScanNonRunning indicates whether to scan non running instances.\n", + "type": "boolean" + }, + "scanners": { + "description": "Scanners is the number of concurrent scanners to perform the scan (when auto-scale is off).\n", + "type": "integer" + }, + "securityGroup": { + "description": "SecurityGroup is the security group that scanners should use (for isolation and internet access). Default is empty value to use the cloud account default security group.\n", + "type": "string" + }, + "skipPermissionsCheck": { + "description": "SkipPermissionsCheck indicates whether permissions check should be skipped for the account. This allows users to attempt scanning when permissions check fails.\n", + "type": "boolean" + }, + "subnet": { + "description": "Subnet is the network subnet to use for the instance launched for scanning. Default value is empty string, which represents the default subnet in the default VPC.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.AlertThreshold": { + "description": "AlertThreshold is the vulnerability policy alert threshold\nThreshold values typically vary between 0 and 10 (noninclusive)", + "properties": { + "disabled": { + "description": "Suppresses alerts for all vulnerabilities (true).\n", + "type": "boolean" + }, + "value": { + "description": "Minimum severity to trigger alerts. Supported values range from 0 to 9, where 0=off, 1=low, 4=medium, 7=high, and 9=critical.\n", + "format": "float", + "type": "number" + } + }, + "type": "object" + }, + "shared.AllowedCVE": { + "description": "AllowedCVE is a CVE to ignore across the product", + "properties": { + "cve": { + "description": "CVE is the CVE to allow.\n", + "type": "string" + }, + "description": { + "description": "Description is the description of why this CVE is allowed.\n", + "type": "string" + }, + "expiration": { + "description": "Expiration is the expiration date for the allowed CVE.\n", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "shared.AppEmbeddedEmbedRequest": { + "description": "AppEmbeddedEmbedRequest represents the arguments required for a AppEmbedded defender embed request", + "properties": { + "appID": { + "description": "AppID identifies the app that the embedded app defender defender is protecting.\n", + "type": "string" + }, + "consoleAddr": { + "description": "ConsoleAddr is the console address.\n", + "type": "string" + }, + "dataFolder": { + "description": "DataFolder is the path to the Twistlock data folder in the container.\n", + "type": "string" + }, + "dockerfile": { + "description": "Dockerfile is the Dockerfile to embed AppEmbedded defender into.\n", + "type": "string" + }, + "filesystemMonitoring": { + "description": "FilesystemMonitoring is the flag of filesystem monitoring for this Defender.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "shared.AppEmbeddedRuntimeProfile": { + "description": "AppEmbeddedRuntimeProfile represents the app embedded runtime profile", + "properties": { + "_id": { + "description": "ID is the profile ID.\n", + "type": "string" + }, + "appID": { + "description": "AppID is the app embedded defender name.\n", + "type": "string" + }, + "cloudMetadata": { + "$ref": "#/components/schemas/common.CloudMetadata" + }, + "cluster": { + "description": "Cluster is the ECS Fargate cluster name.\n", + "type": "string" + }, + "clusterType": { + "$ref": "#/components/schemas/common.ClusterType" + }, + "collections": { + "description": "Collections are collections to which this profile applies.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "container": { + "description": "Container is the app embedded container name.\n", + "type": "string" + }, + "image": { + "description": "Image is the image name.\n", + "type": "string" + }, + "imageID": { + "description": "ImageID is the image ID.\n", + "type": "string" + }, + "startTime": { + "description": "StartTime is the time when the defender starts.\n", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "shared.AppFirewallAudit": { + "description": "AppFirewallAudit represents a firewall audit event", + "properties": { + "_id": { + "description": "ID is internal id representation.\n", + "type": "string" + }, + "accountID": { + "description": "AccountID is the cloud account ID where the audit was generated.\n", + "type": "string" + }, + "additionalHash": { + "description": "AdditionalHash for internal use only. This parameter is used to add an additional level of uniqueness to the audit.\n", + "type": "string" + }, + "appID": { + "description": "AppID is the application ID.\n", + "type": "string" + }, + "attackField": { + "$ref": "#/components/schemas/waas.HTTPField" + }, + "attackTechniques": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/mitre.Technique" + }, + "type": "array" + }, + "cloudProviderName": { + "$ref": "#/components/schemas/prisma.ServiceProvider" + }, + "cluster": { + "description": "Cluster is the cluster on which the audit was originated.\n", + "type": "string" + }, + "collections": { + "description": "Collections are collections to which this audit applies.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "connectingIPs": { + "description": "ConnectingIPs are the requests connecting IPs such as proxy and load-balancer.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "containerId": { + "description": "ContainerID is the firewall container ID.\n", + "type": "string" + }, + "containerName": { + "description": "ContainerName is the firewall container name.\n", + "type": "string" + }, + "count": { + "description": "Count is the number of audit occurrences.\n", + "type": "integer" + }, + "country": { + "description": "Country is the source IP country.\n", + "type": "string" + }, + "effect": { + "$ref": "#/components/schemas/waas.Effect" + }, + "eventID": { + "description": "EventID is the event identifier of the audit relevant request.\n", + "type": "string" + }, + "firewallType": { + "$ref": "#/components/schemas/waas.FirewallType" + }, + "fqdn": { + "description": "FQDN is the current hostname's FQDN.\n", + "type": "string" + }, + "function": { + "description": "Function is the name of the serverless function that caused the audit.\n", + "type": "string" + }, + "functionID": { + "description": "FunctionID is the id of the function called.\n", + "type": "string" + }, + "host": { + "description": "Host indicates this audit is either for host firewall or out of band firewall or agentless firewall.\n", + "type": "boolean" + }, + "hostname": { + "description": "Hostname is the current hostname.\n", + "type": "string" + }, + "imageID": { + "description": "ImageID is the firewall image ID.\n", + "type": "string" + }, + "imageName": { + "description": "ImageName is the firewall image name.\n", + "type": "string" + }, + "labels": { + "additionalProperties": { + "$ref": "#/components/schemas/string" + }, + "description": "Labels are the custom labels associated with the container.\n", + "type": "object" + }, + "method": { + "description": "HTTPMethod is the request HTTP method.\n", + "type": "string" + }, + "modelPath": { + "description": "ModelPath for internal use only. This parameter is a correlated path for the mapped API Model.\n", + "type": "string" + }, + "msg": { + "description": "Message is the blocking message text.\n", + "type": "string" + }, + "ns": { + "description": "Namespaces are the k8s namespaces.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "os": { + "description": "OS is the operating system distribution.\n", + "type": "string" + }, + "owaspAPITop10": { + "$ref": "#/components/schemas/waas.OWASPAPITop10" + }, + "owaspTop10": { + "$ref": "#/components/schemas/waas.OWASPTop10" + }, + "prismaAccountID": { + "description": "PrismaAccountID is the Prisma format account ID.\n", + "type": "string" + }, + "prismaCloudProvider": { + "$ref": "#/components/schemas/prisma.CloudType" + }, + "prismaRegion": { + "description": "PrismaRegion is the Prisma format cloud region.\n", + "type": "string" + }, + "profileId": { + "description": "ProfileID is the profile of the audit.\n", + "type": "string" + }, + "protection": { + "$ref": "#/components/schemas/waas.Protection" + }, + "provider": { + "$ref": "#/components/schemas/common.CloudProvider" + }, + "rawEvent": { + "description": "RawEvent contains unparsed function handler event input.\n", + "type": "string" + }, + "region": { + "description": "Region is the name of the region in which the serverless function is located.\n", + "type": "string" + }, + "requestHeaderNames": { + "description": "RequestHeaderNames are the request header names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "requestHeaders": { + "description": "RequestHeaders represent the request headers.\n", + "type": "string" + }, + "requestHost": { + "description": "RequestHost is the request host.\n", + "type": "string" + }, + "requestID": { + "description": "RequestID is lambda function invocation request id.\n", + "type": "string" + }, + "resource": { + "$ref": "#/components/schemas/common.RuntimeResource" + }, + "responseHeaderNames": { + "description": "ResponseHeaderNames are the response header names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "ruleAppID": { + "description": "RuleAppID is the ID of the rule's app that was applied.\n", + "type": "string" + }, + "ruleName": { + "description": "RuleName is the name of the rule that was applied.\n", + "type": "string" + }, + "runtime": { + "$ref": "#/components/schemas/shared.LambdaRuntimeType" + }, + "statusCode": { + "description": "StatusCode is the response status code.\n", + "type": "integer" + }, + "subnet": { + "description": "Subnet is the source IP subnet.\n", + "type": "string" + }, + "time": { + "description": "Time is the UTC time of the audit event.\n", + "format": "date-time", + "type": "string" + }, + "type": { + "$ref": "#/components/schemas/waas.AttackType" + }, + "url": { + "description": "URL is the requests full URL (partial on server side - path and query only).\n", + "type": "string" + }, + "urlPath": { + "description": "URLPath is the requests url path.\n", + "type": "string" + }, + "urlQuery": { + "description": "URLQuery is the requests url query.\n", + "type": "string" + }, + "userAgentHeader": { + "description": "UserAgentHeader is the requests User-Agent header.\n", + "type": "string" + }, + "version": { + "description": "Version is the defender version.\n", + "type": "string" + }, + "workloadAssetType": { + "$ref": "#/components/schemas/prisma.AssetType" + }, + "workloadExternalResourceID": { + "description": "WorkloadExternalResourceID is the workload external resource ID (Asset External ID).\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.Audit": { + "description": "Audit represents an event in the system", + "properties": { + "accountID": { + "description": "AccountID is the cloud account ID where the audit was created.\n", + "type": "string" + }, + "allow": { + "description": "Allow indicates whether the command was allowe or denied.\n", + "type": "boolean" + }, + "api": { + "description": "API is the api that is being audited.\n", + "type": "string" + }, + "cluster": { + "description": "Cluster is the cluster from which the audit originated.\n", + "type": "string" + }, + "collections": { + "description": "Collections are collections to which this audit applies.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "containerName": { + "description": "ContainerName is the name of the container.\n", + "type": "string" + }, + "fqdn": { + "description": "FQDN is the fully qualified domain name from which the audit originated.\n", + "type": "string" + }, + "hostname": { + "description": "Hostname is the hostname from which the audit originated.\n", + "type": "string" + }, + "imageName": { + "description": "ImageName is the name of the image.\n", + "type": "string" + }, + "labels": { + "additionalProperties": { + "$ref": "#/components/schemas/string" + }, + "description": "Labels are the labels associated with the target audit (for containers/images).\n", + "type": "object" + }, + "msg": { + "description": "Msg is the message explaining the audit.\n", + "type": "string" + }, + "namespace": { + "description": "Namespace is the container namespace.\n", + "type": "string" + }, + "ruleName": { + "description": "RulesName is contains the name of the rule that was applied, when blocked.\n", + "type": "string" + }, + "sourceIP": { + "description": "SourceIP is the remote agent's source IP.\n", + "type": "string" + }, + "time": { + "description": "Time is the UTC time of the audit event.\n", + "format": "date-time", + "type": "string" + }, + "type": { + "description": "Type is the audit type.\n", + "type": "string" + }, + "user": { + "description": "User is the user that run the command.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.BackupSpec": { + "description": "BackupSpec is the backup specification", + "properties": { + "id": { + "description": "ID is the full backup file name, used as the instance id in API calls.\n", + "type": "string" + }, + "name": { + "description": "Name is the backup name.\n", + "type": "string" + }, + "release": { + "description": "Release is the backup release.\n", + "type": "string" + }, + "time": { + "description": "Time is the backup creation time.\n", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "shared.Binary": { + "description": "Binary represents a detected binary file (ELF)", + "properties": { + "altered": { + "description": "Indicates if the binary was installed from a package manager and modified/replaced (true) or not (false).\n", + "type": "boolean" + }, + "cveCount": { + "description": "Total number of CVEs for this specific binary.\n", + "type": "integer" + }, + "deps": { + "description": "Third-party package files which are used by the binary.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "fileMode": { + "description": "Represents the file's mode and permission bits.\n", + "type": "integer" + }, + "functionLayer": { + "description": "ID of the serverless layer in which the package was discovered.\n", + "type": "string" + }, + "md5": { + "description": "Md5 hashset of the binary.\n", + "type": "string" + }, + "missingPkg": { + "description": "Indicates if this binary is not related to any package (true) or not (false).\n", + "type": "boolean" + }, + "name": { + "description": "Name of the binary.\n", + "type": "string" + }, + "path": { + "description": "Path is the path of the binary.\n", + "type": "string" + }, + "pkgRootDir": { + "description": "Path for searching packages used by the binary.\n", + "type": "string" + }, + "services": { + "description": "Names of services which use the binary.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "version": { + "description": "Version of the binary.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.BlockThreshold": { + "description": "BlockThreshold is the vulnerability policy block threshold\nThreshold values typically vary between 0 and 10 (noninclusive)", + "properties": { + "enabled": { + "description": "Enables blocking (true).\n", + "type": "boolean" + }, + "value": { + "description": "Minimum severity to trigger blocking. Supported values range from 0 to 9, where 0=off, 1=low, 4=medium, 7=high, and 9=critical.\n", + "format": "float", + "type": "number" + } + }, + "type": "object" + }, + "shared.CLIScanResult": { + "description": "CLIScanResult describes a CLI scan result", + "properties": { + "_id": { + "description": "ID of the scan result.\n", + "type": "string" + }, + "build": { + "description": "CI build.\n", + "type": "string" + }, + "complianceFailureSummary": { + "description": "Scan compliance failure summary.\n", + "type": "string" + }, + "entityInfo": { + "$ref": "#/components/schemas/shared.ImageScanResult" + }, + "jobName": { + "description": "CI job name.\n", + "type": "string" + }, + "pass": { + "description": "Indicates if the scan passed (true) or failed (false).\n", + "type": "boolean" + }, + "time": { + "description": "Time of the scan.\n", + "format": "date-time", + "type": "string" + }, + "version": { + "description": "Scanner version.\n", + "type": "string" + }, + "vulnFailureSummary": { + "description": "Scan vulnerability failure summary.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.CVEAllowList": { + "description": "CVEAllowList is a collection of allowed CVE's", + "properties": { + "_id": { + "description": "ID is the id of the feed.\n", + "type": "string" + }, + "digest": { + "description": "Digest is the feed digest.\n", + "type": "string" + }, + "rules": { + "description": "Rules is the list of allowed CVEs.\n", + "items": { + "$ref": "#/components/schemas/shared.AllowedCVE" + }, + "type": "array" + } + }, + "type": "object" + }, + "shared.CVERule": { + "description": "CVERule is a vuln rule for specific vulnerability", + "properties": { + "description": { + "description": "Free-form text for documenting the exception.\n", + "type": "string" + }, + "effect": { + "$ref": "#/components/schemas/vuln.Effect" + }, + "expiration": { + "$ref": "#/components/schemas/vuln.ExpirationDate" + }, + "id": { + "description": "CVE ID.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.CloudDiscoveryAccount": { + "description": "CloudDiscoveryAccount holds data about a discovered account", + "properties": { + "accountName": { + "description": "AccountName is the cloud account name.\n", + "type": "string" + }, + "agentless": { + "description": "Agentless indicates whether the account is scan by agentless.\n", + "type": "boolean" + }, + "credentialId": { + "description": "CredentialID is the id reference of the credential used.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.CloudDiscoveryEntity": { + "description": "CloudDiscoveryEntity holds data about a discovered entity", + "properties": { + "accountID": { + "description": "AccountID is the cloud provider account ID.\n", + "type": "string" + }, + "activeServicesCount": { + "description": "ActiveServicesCount is the number of active services in ecs cluster.\n", + "format": "int64", + "type": "integer" + }, + "arn": { + "description": "The Amazon Resource Name (ARN) assigned to the entity.\n", + "type": "string" + }, + "collections": { + "description": "Collections are the matched result collections.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "containerGroup": { + "description": "ContainerGroup is the azure aci container group the container belongs to.\n", + "type": "string" + }, + "createdAt": { + "description": "CreatedAt is the time when the entity was created.\n", + "format": "date-time", + "type": "string" + }, + "defended": { + "description": "Defended indicates if the entity is defended.\n", + "type": "boolean" + }, + "endpoints": { + "description": "Endpoints are the cluster endpoints.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "image": { + "description": "Image is the image of an aci container.\n", + "type": "string" + }, + "lastModified": { + "description": "LastModified is the modification time of the function.\n", + "format": "date-time", + "type": "string" + }, + "name": { + "description": "Name is the name of the entity.\n", + "type": "string" + }, + "nodesCount": { + "description": "NodesCount is the number of nodes in the cluster (aks, gke).\n", + "type": "integer" + }, + "provider": { + "$ref": "#/components/schemas/common.CloudProvider" + }, + "region": { + "description": "Region is the region that was scanned, for example: GCP - \"us-east-1\", Azure - \"westus\".\n", + "type": "string" + }, + "registry": { + "description": "Registry is the Azure registry that was scanned, for example: testcloudscanregistry.azurecr.io.\n", + "type": "string" + }, + "resourceGroup": { + "description": "ResourceGroup is the the azure resource group containing the entity.\n", + "type": "string" + }, + "runningTasksCount": { + "description": "RunningTasksCount is the number of running tasks in ecs cluster.\n", + "format": "int64", + "type": "integer" + }, + "runtime": { + "description": "Runtime is runtime environment for the function, i.e. nodejs.\n", + "type": "string" + }, + "serviceType": { + "$ref": "#/components/schemas/shared.ScanResultType" + }, + "status": { + "description": "Status is the current status of entity.\n", + "type": "string" + }, + "timestamp": { + "description": "Timestamp is the time in which the instance info was fetched.\n", + "format": "date-time", + "type": "string" + }, + "version": { + "description": "Version is the version of the entity.\n", + "type": "string" + }, + "zone": { + "description": "Zone is the GCP zone that was scanned.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.CloudDiscoveryRadar": { + "description": "CloudDiscoveryRadar represents a cloud radar", + "properties": { + "accounts": { + "description": "Accounts is the number of accounts.\n", + "type": "integer" + }, + "agentlessDisabledAccounts": { + "description": "AgentlessDisabledAccounts is the number of accounts with agentless is disable.\n", + "type": "integer" + }, + "appEmbedded": { + "description": "AppEmbedded indicates whether the region includes app Embedded.\n", + "type": "boolean" + }, + "clusters": { + "description": "Clusters indicates whether the region includes clusters.\n", + "type": "boolean" + }, + "defended": { + "description": "Defended is the number of defended entities.\n", + "type": "integer" + }, + "errCount": { + "description": "ErrCount is the number of errors.\n", + "type": "integer" + }, + "functions": { + "description": "Functions indicates whether the region includes functions.\n", + "type": "boolean" + }, + "nodes": { + "description": "NodesCount is the number of nodes.\n", + "type": "integer" + }, + "provider": { + "$ref": "#/components/schemas/common.CloudProvider" + }, + "region": { + "description": "Region is the region that was scanned, for example: GCP - \"us-east-1\", Azure - \"westus\".\n", + "type": "string" + }, + "registries": { + "description": "Registries indicates whether the region includes registries.\n", + "type": "boolean" + }, + "total": { + "description": "Total is total number of entities found in cloud scan.\n", + "type": "integer" + }, + "vms": { + "description": "VMs indicates whether the region includes VMs.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "shared.CloudDiscoveryResult": { + "description": "CloudDiscoveryResult represents a cloud scan result for a specific cloud provider, service and region", + "properties": { + "accountID": { + "description": "AccountID is the cloud account ID.\n", + "type": "string" + }, + "accountName": { + "description": "AccountName is the cloud account name.\n", + "type": "string" + }, + "agentless": { + "description": "Agentless indicates whether the account is scan by agentless.\n", + "type": "boolean" + }, + "collections": { + "description": "Collections are the matched result collections.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "credentialId": { + "description": "CredentialID is the id reference of the credential used.\n", + "type": "string" + }, + "defended": { + "description": "Defended is the number of defended entities (registries, functions, clusters).\n", + "type": "integer" + }, + "defenseCoverage": { + "description": "DefenseCoverage is the defense coverage percentage (0-100).\n", + "type": "integer" + }, + "err": { + "description": "Err holds any error found during a scan.\n", + "type": "string" + }, + "nodes": { + "description": "Nodes is the number of nodes.\n", + "type": "integer" + }, + "project": { + "description": "Project is the GCP project that was scanned.\n", + "type": "string" + }, + "provider": { + "$ref": "#/components/schemas/common.CloudProvider" + }, + "region": { + "description": "Region is the region that was scanned, for example: GCP - \"us-east-1\", Azure - \"westus\".\n", + "type": "string" + }, + "registry": { + "description": "Registry is the registry that was scanned, for example: testcloudscanregistry.azurecr.io.\n", + "type": "string" + }, + "registryTags": { + "additionalProperties": { + "$ref": "#/components/schemas/string" + }, + "description": "RegistryTags are the registry tags.\n", + "type": "object" + }, + "serviceType": { + "$ref": "#/components/schemas/shared.ScanResultType" + }, + "total": { + "description": "Total is total number of entities found in cloud scan.\n", + "type": "integer" + }, + "undefended": { + "description": "Undefended is the number of undefended entities (registries, functions, clusters).\n", + "type": "integer" + }, + "zone": { + "description": "Zone is the zone that was scanned, only relevant to GCP.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.CloudScanRule": { + "description": "CloudScanRule is a rule for discovery/compliance/serverless radar scanning", + "properties": { + "agentlessAccountState": { + "$ref": "#/components/schemas/shared.AgentlessAccountState" + }, + "agentlessScanSpec": { + "$ref": "#/components/schemas/shared.AgentlessScanSpecification" + }, + "awsRegionType": { + "$ref": "#/components/schemas/shared.RegionType" + }, + "complianceCheckIDs": { + "description": "ComplianceCheckIDs are the compliance checks IDs.\n", + "items": { + "$ref": "#/components/schemas/int" + }, + "type": "array" + }, + "credential": { + "$ref": "#/components/schemas/cred.Credential" + }, + "credentialId": { + "description": "CredentialID is the id reference of the credential.\n", + "type": "string" + }, + "deleted": { + "description": "Deleted reports whether the account is deleted.\n", + "type": "boolean" + }, + "discoverAllFunctionVersions": { + "description": "DiscoverAllFunctionVersions indicates whether serverless discovery and radar scans should scan all function versions or only latest.\n", + "type": "boolean" + }, + "discoveryEnabled": { + "description": "DiscoveryEnabled indicates whether discovery scan is enabled.\n", + "type": "boolean" + }, + "modified": { + "description": "Modified holds the last modified time (in Compute).\n", + "format": "int64", + "type": "integer" + }, + "organizationName": { + "description": "OrganizationName is the organization the account belongs to (if any).\n", + "type": "string" + }, + "prismaLastModified": { + "description": "PrismaLastModified reports the last time the account was modified by Prisma (unix milliseconds).\n", + "format": "int64", + "type": "integer" + }, + "serverlessRadarCap": { + "description": "ServerlessRadarCap is the maximum number of functions to scan in serverless radar.\n", + "type": "integer" + }, + "serverlessRadarEnabled": { + "description": "ServerlessRadarEnabled indicates whether serverless radar scan is enabled.\n", + "type": "boolean" + }, + "serverlessScanSpec": { + "$ref": "#/components/schemas/shared.ServerlessScanSpecification" + }, + "vmTagsEnabled": { + "description": "VMTagsEnabled indicates whether fetching VM instance tags is enabled.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "shared.CodeRepoProviderType": { + "description": "CodeRepoProviderType is the type of provider for the code repository, e.g., GitHub, GitLab etc", + "enum": [ + [ + "github", + "CI" + ] + ], + "type": "string" + }, + "shared.CompressedLayerTimes": { + "description": "CompressedLayerTimes represent the compressed layer times of the image apps and pkgs", + "properties": { + "appTimes": { + "description": ".\n", + "items": { + "$ref": "#/components/schemas/int64" + }, + "type": "array" + }, + "pkgsTimes": { + "description": ".\n", + "items": { + "$ref": "#/components/schemas/shared.PkgsTimes" + }, + "type": "array" + } + }, + "type": "object" + }, + "shared.Conditions": { + "description": "Conditions contains rule conditions. Conditions apply only for their respective policy type", + "properties": { + "device": { + "description": "Allowed volume host device (wildcard). If a \"container create\" command specifies a non matching host device, th action is blocked. Only applies to rules in certain policy types.\n", + "type": "string" + }, + "readonly": { + "description": "Indicates if the condition applies only to read-only commands (i.e., HTTP GET requests) (true) or not (false).\n", + "type": "boolean" + }, + "vulnerabilities": { + "description": "Block and scan severity-based vulnerabilities conditions.\n", + "items": { + "$ref": "#/components/schemas/vuln.Condition" + }, + "type": "array" + } + }, + "type": "object" + }, + "shared.Connection": { + "description": "Connection is a radar internet connection", + "properties": { + "port": { + "description": ".\n", + "type": "integer" + }, + "protocol": { + "description": ".\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.ContainerHistoryEvent": { + "description": "ContainerHistoryEvent is a container process event created by interactive user", + "properties": { + "_id": { + "description": "ID is the history event entity.\n", + "type": "string" + }, + "command": { + "description": "Command is the process that was executed.\n", + "type": "string" + }, + "hostname": { + "description": "Hostname is the hostname on which the command was invoked.\n", + "type": "string" + }, + "time": { + "description": "Time is the time of the event.\n", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "shared.ContainerInfo": { + "description": "ContainerInfo contains all information gathered on a specific container", + "properties": { + "allCompliance": { + "$ref": "#/components/schemas/vuln.AllCompliance" + }, + "app": { + "description": "App is the app that is hosted in the container.\n", + "type": "string" + }, + "cloudMetadata": { + "$ref": "#/components/schemas/common.CloudMetadata" + }, + "cluster": { + "description": "Cluster is the provided cluster name.\n", + "type": "string" + }, + "clusterType": { + "$ref": "#/components/schemas/common.ClusterType" + }, + "complianceDistribution": { + "$ref": "#/components/schemas/vuln.Distribution" + }, + "complianceIssues": { + "description": "ComplianceIssues are all the container compliance issues.\n", + "items": { + "$ref": "#/components/schemas/vuln.Vulnerability" + }, + "type": "array" + }, + "complianceIssuesCount": { + "description": ".\n", + "type": "integer" + }, + "complianceRiskScore": { + "description": "ComplianceRiskScore is the container's compliance risk score.\n", + "format": "float", + "type": "number" + }, + "externalLabels": { + "description": "ExternalLabels is the external labels e.g., kubernetes namespace labels.\n", + "items": { + "$ref": "#/components/schemas/common.ExternalLabel" + }, + "type": "array" + }, + "id": { + "description": "ID is the container id.\n", + "type": "string" + }, + "image": { + "description": "Image is the canonical image name.\n", + "type": "string" + }, + "imageID": { + "description": "ImageID is the image id.\n", + "type": "string" + }, + "imageName": { + "description": "The image name as stated in the docker run command.\n", + "type": "string" + }, + "infra": { + "description": "Infra represents any container that belongs to the infrastructure.\n", + "type": "boolean" + }, + "installedProducts": { + "$ref": "#/components/schemas/shared.InstalledProducts" + }, + "labels": { + "description": "Labels are the container labels (https://docs.docker.com/engine/userguide/labels-custom-metadata/).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "name": { + "description": "Name is the container name.\n", + "type": "string" + }, + "namespace": { + "description": "Namespace is the k8s deployment namespace.\n", + "type": "string" + }, + "network": { + "$ref": "#/components/schemas/shared.ContainerNetwork" + }, + "networkSettings": { + "$ref": "#/components/schemas/shared.DockerNetworkInfo" + }, + "processes": { + "description": "Processes are the processes that are running inside the container.\n", + "items": { + "$ref": "#/components/schemas/shared.ContainerProcess" + }, + "type": "array" + }, + "profileID": { + "description": "ProfileID is the container profile id.\n", + "type": "string" + }, + "sizeBytes": { + "description": ".\n", + "format": "int64", + "type": "integer" + }, + "startTime": { + "description": "StartTime is the starting time of the container.\n", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "shared.ContainerNetwork": { + "description": "ContainerNetwork contains details about the container network (ports, IPs, type etc...)", + "properties": { + "ports": { + "description": "Ports are the ports details associated with the container.\n", + "items": { + "$ref": "#/components/schemas/shared.ContainerPort" + }, + "type": "array" + } + }, + "type": "object" + }, + "shared.ContainerNetworkFirewallProfileAudits": { + "description": "ContainerNetworkFirewallProfileAudits represents the container network firewall profile audits", + "properties": { + "_id": { + "description": "ProfileID is the runtime profile ID.\n", + "type": "string" + }, + "audits": { + "additionalProperties": { + "$ref": "#/components/schemas/shared.ContainerNetworkFirewallSubtypeAudits" + }, + "description": "Audits is a map from the audit sub-type to the audit events list.\n", + "type": "object" + }, + "cluster": { + "description": "Cluster is the cluster from which the audit originated.\n", + "type": "string" + }, + "collections": { + "description": "Collections are collections to which this audit applies.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "imageName": { + "description": "ImageName is the container image name.\n", + "type": "string" + }, + "label": { + "description": "Label represents the container deployment label.\n", + "type": "string" + }, + "os": { + "description": "OS is the operating system distribution.\n", + "type": "string" + }, + "resource": { + "$ref": "#/components/schemas/common.RuntimeResource" + }, + "time": { + "description": "Time is the UTC time of the last audit event.\n", + "format": "date-time", + "type": "string" + }, + "total": { + "description": "Total is the total count of audits per runtime profile.\n", + "type": "integer" + } + }, + "type": "object" + }, + "shared.ContainerNetworkFirewallSubtypeAudits": { + "description": "ContainerNetworkFirewallSubtypeAudits represents the container network firewall sub type audits per profile", + "properties": { + "audits": { + "description": "Audits are the container network firewall audits associated with the sub-type, limited to the determined capacity.\n", + "items": { + "$ref": "#/components/schemas/cnnf.ContainerAudit" + }, + "type": "array" + }, + "count": { + "description": "Count is the total count of the sub-type audits.\n", + "type": "integer" + } + }, + "type": "object" + }, + "shared.ContainerPort": { + "description": "ContainerPort represents the state of a port in a given container", + "properties": { + "container": { + "description": "Container is the mapped port inside the container.\n", + "type": "integer" + }, + "host": { + "description": "Host is the host port number.\n", + "type": "integer" + }, + "hostIP": { + "description": "HostIP is the host IP.\n", + "type": "string" + }, + "listening": { + "description": "Listening indicates whether the port is in listening mode.\n", + "type": "boolean" + }, + "nat": { + "description": "NAT indicates the port is exposed using NAT.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "shared.ContainerProcess": { + "description": "ContainerProcess represents a process inside a container", + "properties": { + "name": { + "description": "Name is a process name.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.ContainerRadarIncomingConnection": { + "description": "ContainerRadarIncomingConnection is an incoming connection in the network radar", + "properties": { + "policyRules": { + "description": "PolicyRules are the policy rules that are applicable for source/dest. Used for radar display of connections deduced from policy rules.\n", + "items": { + "$ref": "#/components/schemas/cnnf.RadarPolicyRule" + }, + "type": "array" + }, + "ports": { + "description": "Ports are all the ports used by the sender.\n", + "items": { + "$ref": "#/components/schemas/common.PortData" + }, + "type": "array" + }, + "profileHash": { + "$ref": "#/components/schemas/common.ProfileHash" + }, + "profileID": { + "description": "ProfileID is the sender's profile ID.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.ContainerRuntimeProfile": { + "description": "ContainerRuntimeProfile represents the image runtime profile", + "properties": { + "_id": { + "description": "ID is the profile ID.\n", + "type": "string" + }, + "accountIDs": { + "description": "AccountIDs are the cloud account IDs associated with the container runtime profile.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "archived": { + "description": "Archive indicates whether this profile is archived.\n", + "type": "boolean" + }, + "capabilities": { + "$ref": "#/components/schemas/runtime.ContainerCapabilities" + }, + "cluster": { + "description": "Cluster is the provided cluster name.\n", + "type": "string" + }, + "collections": { + "description": "Collections are collections to which this profile applies.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "created": { + "description": "Created is the profile creation time.\n", + "format": "date-time", + "type": "string" + }, + "entrypoint": { + "description": "Entrypoint is the image entrypoint.\n", + "type": "string" + }, + "events": { + "description": "Events are the last historical interactive process events for this profile, they are updated in a designated flow.\n", + "items": { + "$ref": "#/components/schemas/shared.ContainerHistoryEvent" + }, + "type": "array" + }, + "filesystem": { + "$ref": "#/components/schemas/runtime.ProfileFilesystem" + }, + "hash": { + "$ref": "#/components/schemas/common.ProfileHash" + }, + "hostNetwork": { + "description": "HostNetwork whether the instance share the network namespace with the host.\n", + "type": "boolean" + }, + "hostPid": { + "description": "HostPid indicates whether the instance share the pid namespace with the host.\n", + "type": "boolean" + }, + "image": { + "description": "Image is the image name that represents the image.\n", + "type": "string" + }, + "imageID": { + "description": "ImageID is the profile's image ID.\n", + "type": "string" + }, + "infra": { + "description": "InfraContainer indicates this is an infrastructure container.\n", + "type": "boolean" + }, + "istio": { + "description": "Istio states whether it is an istio-monitored profile.\n", + "type": "boolean" + }, + "k8s": { + "$ref": "#/components/schemas/shared.ProfileKubernetesData" + }, + "label": { + "description": "Label is the profile's label.\n", + "type": "string" + }, + "lastUpdate": { + "description": "Modified is the last time when this profile was modified.\n", + "format": "date-time", + "type": "string" + }, + "learnedStartup": { + "description": "LearnedStartup indicates that startup events were learned.\n", + "type": "boolean" + }, + "namespace": { + "description": "Namespace is the k8s deployment namespace.\n", + "type": "string" + }, + "network": { + "$ref": "#/components/schemas/runtime.ProfileNetwork" + }, + "os": { + "description": "OS is the profile image OS.\n", + "type": "string" + }, + "processes": { + "$ref": "#/components/schemas/runtime.ProfileProcesses" + }, + "relearningCause": { + "description": "RelearningCause is a string that describes the reasoning for a profile to enter the learning mode after\nbeing activated.\n", + "type": "string" + }, + "remainingLearningDurationSec": { + "description": "RemainingLearningDurationSec represents the total time left that the system need to finish learning this image.\n", + "format": "double", + "type": "number" + }, + "state": { + "$ref": "#/components/schemas/shared.RuntimeProfileState" + } + }, + "type": "object" + }, + "shared.ContainerScanResult": { + "description": "ContainerScanResult contains the result of a scanning a container", + "properties": { + "_id": { + "description": "ID is the container ID.\n", + "type": "string" + }, + "agentless": { + "description": "Agentless indicates if the result was received by an agentless scanner.\n", + "type": "boolean" + }, + "agentlessScanID": { + "description": "AgentlessScanID is the ID of the agentless scan in which the result was received.\n", + "type": "integer" + }, + "ais": { + "description": "AIS indicates the scan was performed by AIS.\n", + "type": "boolean" + }, + "collections": { + "description": "Collections are collections to which this container applies.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "csa": { + "description": "CSA indicates the scan was performed by the CSA.\n", + "type": "boolean" + }, + "firewallProtection": { + "$ref": "#/components/schemas/waas.ProtectionStatus" + }, + "hostname": { + "description": "Hostname is the hostname on which the container is deployed.\n", + "type": "string" + }, + "info": { + "$ref": "#/components/schemas/shared.ContainerInfo" + }, + "runtimeEnabled": { + "description": "RuntimeEnabled indicates if any runtime rule applies to the container.\n", + "type": "boolean" + }, + "scanTime": { + "description": "ScanTime is the container scan time.\n", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "shared.Coordinates": { + "description": "Coordinates represents a region coordinates type", + "properties": { + "latitude": { + "description": "Latitude coordinate.\n", + "format": "float", + "type": "number" + }, + "longitude": { + "description": "Longitude coordinate.\n", + "format": "float", + "type": "number" + } + }, + "type": "object" + }, + "shared.CustomComplianceCheck": { + "description": "CustomComplianceCheck represents a custom compliance check entry", + "properties": { + "_id": { + "description": "ID is the compliance check ID.\n", + "type": "integer" + }, + "disabled": { + "description": "Indicates whether the rule is currently disabled. Values: true (disabled) or false (enabled).\n", + "type": "boolean" + }, + "modified": { + "description": "Specifies the date and time when the rule was last modified.\n", + "format": "date-time", + "type": "string" + }, + "name": { + "description": "Name of the rule.\n", + "type": "string" + }, + "notes": { + "description": "Describes any noteworthy points for a rule. You can include any text.\n", + "type": "string" + }, + "owner": { + "description": "User who created or last modified the rule.\n", + "type": "string" + }, + "previousName": { + "description": "Previous name of the rule. Required for rule renaming.\n", + "type": "string" + }, + "script": { + "description": "Script is the custom check script.\n", + "type": "string" + }, + "severity": { + "description": "Severity is the custom check defined severity.\n", + "type": "string" + }, + "title": { + "description": "Title is the custom check title.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.CustomIPFeed": { + "description": "CustomIPFeed represent the custom IP feed", + "properties": { + "_id": { + "description": "ID is the custom feed id.\n", + "type": "string" + }, + "digest": { + "description": "Digest is an internal digest of the custom ip feed.\n", + "type": "string" + }, + "feed": { + "$ref": "#/components/schemas/shared.IPs" + }, + "modified": { + "description": "Modified is the last time the custom feed was modified.\n", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "shared.CustomLabelsSettings": { + "description": "CustomLabelsSettings are customized label names that are used to augment audit events\nThey can either be docker labels (which appears in the container label specification)\nor k8s/openshift labels (which appears in the pause container that monitors the target container)", + "properties": { + "labels": { + "description": "Labels are the custom labels.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + "type": "object" + }, + "shared.CustomMalwareFeed": { + "description": "CustomMalwareFeed represent the custom malware", + "properties": { + "_id": { + "description": "ID is the custom feed id.\n", + "type": "string" + }, + "digest": { + "description": "Digest is an internal digest of the feed.\n", + "type": "string" + }, + "feed": { + "description": "Feed is the list of custom malware signatures.\n", + "items": { + "$ref": "#/components/schemas/shared.Malware" + }, + "type": "array" + }, + "modified": { + "description": "Modified is the last time the custom feed was modified.\n", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "shared.DefenderInstallBundle": { + "description": "DefenderInstallBundle represents the install bundle for the defender", + "properties": { + "installBundle": { + "description": "InstallBundle is the base64 bundle of certificates used to communicate with the console.\n", + "type": "string" + }, + "wsAddress": { + "description": "WSAddress is the websocket address (console ) the TAS defender connects to.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.DefenderLicenseDetails": { + "description": "DefenderLicenseDetails represents a single defender license details", + "properties": { + "category": { + "$ref": "#/components/schemas/defender.Category" + }, + "count": { + "description": "Count is the amount of licensed defenders.\n", + "type": "integer" + } + }, + "type": "object" + }, + "shared.DockerNetworkInfo": { + "description": "DockerNetworkInfo contains network-related information about a container", + "properties": { + "ipAddress": { + "description": "IPAddress is the container IP.\n", + "type": "string" + }, + "macAddress": { + "description": "MacAddress is the container MAC.\n", + "type": "string" + }, + "networks": { + "description": "Networks are the networks the container is connected to.\n", + "items": { + "$ref": "#/components/schemas/shared.NetworkInfo" + }, + "type": "array" + }, + "ports": { + "description": "Ports are the container network binding that are externally mapped.\n", + "items": { + "$ref": "#/components/schemas/shared.Port" + }, + "type": "array" + } + }, + "type": "object" + }, + "shared.EncodeServerlessRuleOpts": { + "description": "EncodeServerlessRuleOpts represents the arguments to serverless rule encoding request", + "properties": { + "accountID": { + "description": "AccountID is the cloud account ID.\n", + "type": "string" + }, + "consoleAddr": { + "description": "ConsoleAddr is the remote console address.\n", + "type": "string" + }, + "function": { + "description": "Function is the name of the function.\n", + "type": "string" + }, + "provider": { + "$ref": "#/components/schemas/common.CloudProvider" + }, + "proxy": { + "$ref": "#/components/schemas/common.ProxySettings" + }, + "region": { + "description": "Region is the function's cloud provider region.\n", + "type": "string" + }, + "updateIntervalMs": { + "description": "UpdateIntervalMs is the interval between defender policy requests from the console in milliseconds.\n", + "type": "integer" + } + }, + "type": "object" + }, + "shared.EncodedServerlessRule": { + "description": "EncodedServerlessRule represents a base64-encoded serverless rule", + "properties": { + "data": { + "description": "Data is a base64-encoded serverless runtime rule.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.EntityType": { + "description": "EntityType represents the type of the resource identifier", + "enum": [ + [ + "", + "docker", + "kubernetes", + "tas", + "istio", + "internet", + "podman" + ] + ], + "type": "string" + }, + "shared.FileDetails": { + "description": "FileDetails contains file details as the file path, hash checksum", + "properties": { + "md5": { + "description": "Hash sum of the file using md5.\n", + "type": "string" + }, + "original_file_location": { + "description": "Path of the original file in a case of archive analysis.\n", + "type": "string" + }, + "path": { + "description": "Path of the file.\n", + "type": "string" + }, + "sha1": { + "description": "Hash sum of the file using SHA-1.\n", + "type": "string" + }, + "sha256": { + "description": "Hash sum of the file using SHA256.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.FileIntegrityEvent": { + "description": "FileIntegrityEvent represents a single file integrity event detected according to the file integrity monitoring rules", + "properties": { + "_id": { + "description": "ID is activity's unique identifier.\n", + "type": "string" + }, + "accountID": { + "description": "AccountID is the cloud account ID.\n", + "type": "string" + }, + "cluster": { + "description": "Cluster is the cluster on which the event was found.\n", + "type": "string" + }, + "collections": { + "description": "Collections are collections to which this event applies.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "description": { + "description": "Description is a human readable description of the action performed on the path.\n", + "type": "string" + }, + "eventType": { + "$ref": "#/components/schemas/shared.FileIntegrityEventType" + }, + "fileType": { + "$ref": "#/components/schemas/runtime.FSFileType" + }, + "fqdn": { + "description": "FQDN is the current fully qualified domain name used in audit alerts.\n", + "type": "string" + }, + "hostname": { + "description": "Hostname is the hostname on which the event was found.\n", + "type": "string" + }, + "metadata": { + "$ref": "#/components/schemas/shared.FileMetadata" + }, + "path": { + "description": "Path is the absolute path of the event.\n", + "type": "string" + }, + "processName": { + "description": "ProcessName is the name of the process initiated the event.\n", + "type": "string" + }, + "ruleName": { + "description": "RuleName is the name of the applied rule for auditing file integrity rules.\n", + "type": "string" + }, + "time": { + "description": "Time is the time of the event.\n", + "format": "date-time", + "type": "string" + }, + "user": { + "description": "User is the user initiated the event.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.FileIntegrityEventType": { + "description": "FileIntegrityEventType represents the type of the file integrity event", + "enum": [ + [ + "metadata", + "read", + "write" + ] + ], + "type": "string" + }, + "shared.FileMetadata": { + "description": "FileMetadata represents the metadata of a single file/directory", + "properties": { + "gid": { + "description": "GID is the ID of the group that owns the file/directory.\n", + "type": "integer" + }, + "permissions": { + "description": "Permissions are the file/directory permission bits.\n", + "type": "integer" + }, + "uid": { + "description": "UID is the ID of the user that owns the file/directory.\n", + "type": "integer" + } + }, + "type": "object" + }, + "shared.ForensicSettings": { + "description": "ForensicSettings are settings for the forensic data collection", + "properties": { + "appEmbeddedDiskUsageMb": { + "description": "AppEmbeddedDiskUsageMb is the maximum amount of disk space used to\nstore the app embedded historical forensic events.\n", + "type": "integer" + }, + "collectNetworkFirewall": { + "description": "CollectNetworkFirewall indicates whether network firewall collection is enabled.\n", + "type": "boolean" + }, + "collectNetworkSnapshot": { + "description": "CollectNetworkSnapshot indicates whether network snapshot collection is enabled.\n", + "type": "boolean" + }, + "containerDiskUsageMb": { + "description": "ContainerDiskUsageMb is the maximum amount of disk space used to\nstore the container historical forensic events.\n", + "type": "integer" + }, + "enabled": { + "description": "Enabled indicates whether host and container forensic data collection is enabled.\n", + "type": "boolean" + }, + "hostDiskUsageMb": { + "description": "HostDiskUsageMb is the maximum amount of disk space used to store\nthe host historical forensic events.\n", + "type": "integer" + }, + "incidentSnapshotsCap": { + "description": "IncidentSnapshotCap is the maximum amount of incident snapshots we store.\n", + "type": "integer" + } + }, + "type": "object" + }, + "shared.GitlabRegistrySpec": { + "description": "GitlabRegistrySpec represents a specification for registry scanning in GitLab", + "properties": { + "apiDomainName": { + "description": ".\n", + "type": "string" + }, + "excludedGroupIDs": { + "description": ".\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "groupIDs": { + "description": ".\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "projectIDs": { + "description": ".\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "userID": { + "description": ".\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.GraceDaysPolicy": { + "description": "GraceDaysPolicy indicates the grace days policy by severity", + "properties": { + "critical": { + "description": ".\n", + "type": "integer" + }, + "enabled": { + "description": "Enabled is an indication whether the the grace days by severity is enabled.\n", + "type": "boolean" + }, + "high": { + "description": ".\n", + "type": "integer" + }, + "low": { + "description": ".\n", + "type": "integer" + }, + "medium": { + "description": ".\n", + "type": "integer" + } + }, + "type": "object" + }, + "shared.HostActivity": { + "description": "HostActivity holds information for a user activity", + "properties": { + "_id": { + "description": "ID is activity's unique identifier.\n", + "type": "string" + }, + "accountID": { + "description": "AccountID is the cloud account ID.\n", + "type": "string" + }, + "affectedServices": { + "description": "AffectedServices is the affected systemd service.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "cluster": { + "description": "Cluster is the cluster from which the audit originated.\n", + "type": "string" + }, + "collections": { + "description": "Collections are collections to which this host activity applies.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "command": { + "description": "Command is the original (with arguments) command the user invoked.\n", + "type": "string" + }, + "hostname": { + "description": "Hostname the activity originated from.\n", + "type": "string" + }, + "interactive": { + "description": "Interactive indicates that the target process was spawned in an interactive session.\n", + "type": "boolean" + }, + "modifiedFiles": { + "description": "ModifiedFiles is the related modified files.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "msg": { + "description": "Message contains additional non-structured information about the activity, e.g. throttling message.\n", + "type": "string" + }, + "ruleName": { + "description": "RuleName is the name of the rule applied to the host activity.\n", + "type": "string" + }, + "service": { + "description": "Service is the owning systemd service.\n", + "type": "string" + }, + "time": { + "description": "Time is time of the activity.\n", + "format": "date-time", + "type": "string" + }, + "type": { + "$ref": "#/components/schemas/shared.ActivityType" + }, + "user": { + "description": "Username of the user that triggered the activity.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.HostAutoDeploySpecification": { + "description": "HostAutoDeploySpecification contains the information for host defender auto-deploy", + "properties": { + "awsRegionType": { + "$ref": "#/components/schemas/shared.RegionType" + }, + "bucketRegion": { + "description": "BucketRegion is the bucket region for Cloud Storage on GCP.\n", + "type": "string" + }, + "collections": { + "description": "Collections is a list of collections the rule applies to.\n", + "items": { + "$ref": "#/components/schemas/collection.Collection" + }, + "type": "array" + }, + "consoleHostname": { + "description": "ConsoleHostname represents the hostname of the console to connect to.\n", + "type": "string" + }, + "credentialID": { + "description": "CredentialID is the service provider authentication data.\n", + "type": "string" + }, + "lastModified": { + "description": "LastModified is the last modified time of the specification.\n", + "format": "date-time", + "type": "string" + }, + "name": { + "description": "Name is the name of the spec.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.HostAutoDeploySpecifications": { + "description": "HostAutoDeploySpecifications is a list of host auto-deploy specifications", + "items": { + "$ref": "#/components/schemas/shared.HostAutoDeploySpecification" + }, + "type": "array" + }, + "shared.HostInfo": { + "description": "HostInfo is a collection of information about the host and it's runtime state", + "properties": { + "Secrets": { + "description": "Secrets are paths to embedded secrets inside the image\nNote: capital letter JSON annotation is kept to avoid converting all images for backward-compatibility support.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "_id": { + "description": "Image identifier (image ID or repo:tag).\n", + "type": "string" + }, + "agentless": { + "description": "Agentless indicates that the host was scanned with the agentless scanner.\n", + "type": "boolean" + }, + "aisUUID": { + "description": "AISUUID is the unique instance ID in the agentless instance scanning system.\n", + "type": "string" + }, + "allCompliance": { + "$ref": "#/components/schemas/vuln.AllCompliance" + }, + "appEmbedded": { + "description": "Indicates that this image was scanned by an App-Embedded Defender.\n", + "type": "boolean" + }, + "applications": { + "description": "Products in the image.\n", + "items": { + "$ref": "#/components/schemas/vuln.Application" + }, + "type": "array" + }, + "baseImage": { + "description": "Image\u2019s base image name. Used when filtering the vulnerabilities by base images.\n", + "type": "string" + }, + "binaries": { + "description": "Binaries in the image.\n", + "items": { + "$ref": "#/components/schemas/shared.Binary" + }, + "type": "array" + }, + "cloudMetadata": { + "$ref": "#/components/schemas/common.CloudMetadata" + }, + "clusterType": { + "$ref": "#/components/schemas/common.ClusterType" + }, + "clusters": { + "description": "Cluster names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "collections": { + "description": "Collections to which this result applies.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "complianceDistribution": { + "$ref": "#/components/schemas/vuln.Distribution" + }, + "complianceIssues": { + "description": "All the compliance issues.\n", + "items": { + "$ref": "#/components/schemas/vuln.Vulnerability" + }, + "type": "array" + }, + "complianceIssuesCount": { + "description": "Number of compliance issues.\n", + "type": "integer" + }, + "complianceRiskScore": { + "description": "Compliance risk score for the image.\n", + "format": "float", + "type": "number" + }, + "compressed": { + "description": "Compressed indicates if this image seems to be compressed - currently only relevant for buildah images.\n", + "type": "boolean" + }, + "compressedLayerTimes": { + "$ref": "#/components/schemas/shared.CompressedLayerTimes" + }, + "creationTime": { + "description": "Specifies the time of creation for the latest version of the image.\n", + "format": "date-time", + "type": "string" + }, + "csa": { + "description": "CSA indicates the scan was performed by the CSA.\n", + "type": "boolean" + }, + "csaWindows": { + "description": "CSAWindows indicates the scan was performed by the Ivanti agent(CSA Windows - Cortex server).\n", + "type": "boolean" + }, + "distro": { + "description": "Full name of the distribution.\n", + "type": "string" + }, + "ecsClusterName": { + "description": "ECS cluster name.\n", + "type": "string" + }, + "err": { + "description": "Description of an error that occurred during image scan.\n", + "type": "string" + }, + "errCode": { + "$ref": "#/components/schemas/agentless.ImageScanResultErrCode" + }, + "externalLabels": { + "description": "Kubernetes external labels of all containers running this image.\n", + "items": { + "$ref": "#/components/schemas/common.ExternalLabel" + }, + "type": "array" + }, + "files": { + "description": "Files in the container.\n", + "items": { + "$ref": "#/components/schemas/shared.FileDetails" + }, + "type": "array" + }, + "firewallProtection": { + "$ref": "#/components/schemas/waas.ProtectionStatus" + }, + "firstScanTime": { + "description": "Specifies the time of the scan for the first version of the image. This time is preserved even after the version update.\n", + "format": "date-time", + "type": "string" + }, + "foundSecrets": { + "description": "FoundSecrets are secrets with metadata that were found in the secrets' scan. Requires json tag for reporting secrets from image scan.\n", + "items": { + "$ref": "#/components/schemas/vuln.Secret" + }, + "type": "array" + }, + "history": { + "description": "Docker image history.\n", + "items": { + "$ref": "#/components/schemas/shared.ImageHistory" + }, + "type": "array" + }, + "hostDevices": { + "description": "Map from host network device name to IP address.\n", + "items": { + "$ref": "#/components/schemas/common.NetworkDeviceIP" + }, + "type": "array" + }, + "hostRuntimeEnabled": { + "description": "HostRuntimeEnabled indicates if any runtime rule applies to the host.\n", + "type": "boolean" + }, + "hostname": { + "description": "Name of the host that was scanned.\n", + "type": "string" + }, + "hosts": { + "$ref": "#/components/schemas/shared.ImageHosts" + }, + "id": { + "description": "Image ID.\n", + "type": "string" + }, + "image": { + "$ref": "#/components/schemas/shared.Image" + }, + "installedProducts": { + "$ref": "#/components/schemas/shared.InstalledProducts" + }, + "instances": { + "description": "Details about each occurrence of the image (tag + host).\n", + "items": { + "$ref": "#/components/schemas/shared.ImageInstance" + }, + "type": "array" + }, + "isARM64": { + "description": "IsARM64 indicates if the architecture of the image is aarch64.\n", + "type": "boolean" + }, + "k8sClusterAddr": { + "description": "Endpoint of the Kubernetes API server.\n", + "type": "string" + }, + "labels": { + "description": "Image labels.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "layers": { + "description": "Image's filesystem layers. Each layer is a SHA256 digest of the filesystem diff\nSee: https://windsock.io/explaining-docker-image-ids/.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "malwareAnalyzedTime": { + "description": "MalwareAnalyzedTime is the WildFire evaluator analyzing time shown as progress in UI and cannot to be overwritten by a new scan result.\n", + "format": "date-time", + "type": "string" + }, + "missingDistroVulnCoverage": { + "description": "Indicates if the image OS is covered in the IS (true) or not (false).\n", + "type": "boolean" + }, + "namespaces": { + "description": "k8s namespaces of all the containers running this image.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "osDistro": { + "description": "Name of the OS distribution.\n", + "type": "string" + }, + "osDistroRelease": { + "description": "OS distribution release.\n", + "type": "string" + }, + "osDistroVersion": { + "description": "OS distribution version.\n", + "type": "string" + }, + "packageManager": { + "description": "Indicates if the package manager is installed for the OS.\n", + "type": "boolean" + }, + "packages": { + "description": "Packages which exist in the image.\n", + "items": { + "$ref": "#/components/schemas/shared.Packages" + }, + "type": "array" + }, + "pullDuration": { + "description": "PullDuration is the time it took to pull the image.\n", + "format": "int64", + "type": "integer" + }, + "pushTime": { + "description": "PushTime is the image push time to the registry.\n", + "format": "date-time", + "type": "string" + }, + "redHatNonRPMImage": { + "description": "RedHatNonRPMImage indicates whether the image is a Red Hat image with non-RPM content.\n", + "type": "boolean" + }, + "registryNamespace": { + "description": "IBM cloud namespace to which the image belongs.\n", + "type": "string" + }, + "registryTags": { + "description": "RegistryTags are the tags of the registry this image is stored.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "registryType": { + "description": "RegistryType indicates the registry type where the image is stored.\n", + "type": "string" + }, + "repoDigests": { + "description": "Digests of the image. Used for content trust (notary). Has one digest per tag.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "repoTag": { + "$ref": "#/components/schemas/shared.ImageTag" + }, + "rhelRepos": { + "description": "RhelRepositories are the (RPM) repositories IDs from which the packages in this image were installed\nUsed for matching vulnerabilities by Red Hat CPEs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "riskFactors": { + "$ref": "#/components/schemas/vulnerability.RiskFactors" + }, + "scanBuildDate": { + "description": "Scanner build date that published the image.\n", + "type": "string" + }, + "scanDuration": { + "description": "ScanDuration is the total time it took to scan the image.\n", + "format": "int64", + "type": "integer" + }, + "scanID": { + "description": "ScanID is the ID of the scan.\n", + "type": "integer" + }, + "scanTime": { + "description": "Specifies the time of the last scan of the image.\n", + "format": "date-time", + "type": "string" + }, + "scanVersion": { + "description": "Scanner version that published the image.\n", + "type": "string" + }, + "secretScanMetrics": { + "$ref": "#/components/schemas/secrets.SecretScanMetrics" + }, + "startupBinaries": { + "description": "Binaries which are expected to run when the container is created from this image.\n", + "items": { + "$ref": "#/components/schemas/shared.Binary" + }, + "type": "array" + }, + "stopped": { + "description": "Stopped indicates whether the host was running during the agentless scan.\n", + "type": "boolean" + }, + "tags": { + "description": "Tags associated with the given image.\n", + "items": { + "$ref": "#/components/schemas/shared.ImageTag" + }, + "type": "array" + }, + "topLayer": { + "description": "SHA256 of the image's last layer that is the last element of the Layers field.\n", + "type": "string" + }, + "trustResult": { + "$ref": "#/components/schemas/trust.ImageResult" + }, + "trustStatus": { + "$ref": "#/components/schemas/trust.Status" + }, + "twistlockImage": { + "description": "Indicates if the image is a Twistlock image (true) or not (false).\n", + "type": "boolean" + }, + "type": { + "$ref": "#/components/schemas/shared.ScanType" + }, + "underlyingDistro": { + "description": "UnderlyingDistro is used in cases OS an OS is built on top of another, and we need to know both.\n", + "type": "string" + }, + "underlyingDistroRelease": { + "description": "UnderlyingDistroRelease is used in cases OS an OS is built on top of another, and we need to know both.\n", + "type": "string" + }, + "vulnerabilities": { + "description": "CVE vulnerabilities of the image.\n", + "items": { + "$ref": "#/components/schemas/vuln.Vulnerability" + }, + "type": "array" + }, + "vulnerabilitiesCount": { + "description": "Total number of vulnerabilities.\n", + "type": "integer" + }, + "vulnerabilityDistribution": { + "$ref": "#/components/schemas/vuln.Distribution" + }, + "vulnerabilityRiskScore": { + "description": "Image's CVE risk score.\n", + "format": "float", + "type": "number" + }, + "wildFireUsage": { + "$ref": "#/components/schemas/wildfire.Usage" + } + }, + "type": "object" + }, + "shared.HostNetworkFirewallProfileAudits": { + "description": "HostNetworkFirewallProfileAudits represents the host network firewall profile audits", + "properties": { + "_id": { + "description": "ProfileID is the runtime profile ID.\n", + "type": "string" + }, + "audits": { + "additionalProperties": { + "$ref": "#/components/schemas/shared.HostNetworkFirewallSubtypeAudits" + }, + "description": "Audits is a map from the audit sub-type to the audit events list.\n", + "type": "object" + }, + "cluster": { + "description": "Cluster is the cluster from which the audit originated.\n", + "type": "string" + }, + "collections": { + "description": "Collections are collections to which this audit applies.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "imageName": { + "description": "ImageName is the container image name.\n", + "type": "string" + }, + "label": { + "description": "Label represents the container deployment label.\n", + "type": "string" + }, + "os": { + "description": "OS is the operating system distribution.\n", + "type": "string" + }, + "resource": { + "$ref": "#/components/schemas/common.RuntimeResource" + }, + "time": { + "description": "Time is the UTC time of the last audit event.\n", + "format": "date-time", + "type": "string" + }, + "total": { + "description": "Total is the total count of audits per runtime profile.\n", + "type": "integer" + } + }, + "type": "object" + }, + "shared.HostNetworkFirewallSubtypeAudits": { + "description": "HostNetworkFirewallSubtypeAudits represents the host network firewall sub type audits per profile", + "properties": { + "audits": { + "description": "Audits are the host network firewall audits associated with the sub-type, limited to the determined capacity.\n", + "items": { + "$ref": "#/components/schemas/cnnf.HostAudit" + }, + "type": "array" + }, + "count": { + "description": "Count is the total count of the sub-type audits.\n", + "type": "integer" + } + }, + "type": "object" + }, + "shared.HostRadarIncomingConnection": { + "description": "HostRadarIncomingConnection is the incoming connection between two apps in two hosts", + "properties": { + "dstHost": { + "description": "DstHost is the src hostname.\n", + "type": "string" + }, + "policyRules": { + "description": "PolicyRules are the policy rules that are applicable for source/dest. Used for radar display of connections deduced from policy rules.\n", + "items": { + "$ref": "#/components/schemas/cnnf.RadarPolicyRule" + }, + "type": "array" + }, + "ports": { + "description": "Ports are the destination ports.\n", + "items": { + "$ref": "#/components/schemas/common.PortData" + }, + "type": "array" + }, + "srcHash": { + "$ref": "#/components/schemas/common.ProfileHash" + }, + "srcHost": { + "description": "SrcHost is the src hostname.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.IPs": { + "description": "IPs represents a list of IPs", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "shared.Image": { + "description": "Image represents a container image", + "properties": { + "created": { + "description": "Date/time when the image was created.\n", + "format": "date-time", + "type": "string" + }, + "entrypoint": { + "description": "Combined entrypoint of the image (entrypoint + CMD).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "env": { + "description": "Image environment variables.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "healthcheck": { + "description": "Indicates if health checks are enabled (true) or not (false).\n", + "type": "boolean" + }, + "history": { + "description": "Holds the image history.\n", + "items": { + "$ref": "#/components/schemas/shared.ImageHistory" + }, + "type": "array" + }, + "id": { + "description": "ID of the image.\n", + "type": "string" + }, + "labels": { + "additionalProperties": { + "$ref": "#/components/schemas/string" + }, + "description": "Image labels.\n", + "type": "object" + }, + "layers": { + "description": "Image filesystem layers.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "os": { + "description": "Image os type.\n", + "type": "string" + }, + "repoDigest": { + "description": "Image repo digests.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "repoTags": { + "description": "Image repo tags.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "user": { + "description": "Image user.\n", + "type": "string" + }, + "workingDir": { + "description": "Base working directory of the image.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.ImageHistory": { + "description": "ImageHistory represent a layer in the image's history", + "properties": { + "baseLayer": { + "description": "Indicates if this layer originated from the base image (true) or not (false).\n", + "type": "boolean" + }, + "created": { + "description": "Date/time when the image layer was created.\n", + "format": "int64", + "type": "integer" + }, + "emptyLayer": { + "description": "Indicates if this instruction didn't create a separate layer (true) or not (false).\n", + "type": "boolean" + }, + "id": { + "description": "ID of the layer.\n", + "type": "string" + }, + "instruction": { + "description": "Docker file instruction and arguments used to create this layer.\n", + "type": "string" + }, + "sizeBytes": { + "description": "Size of the layer (in bytes).\n", + "format": "int64", + "type": "integer" + }, + "tags": { + "description": "Holds the image tags.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "vulnerabilities": { + "description": "Vulnerabilities which originated from this layer.\n", + "items": { + "$ref": "#/components/schemas/vuln.Vulnerability" + }, + "type": "array" + } + }, + "type": "object" + }, + "shared.ImageHost": { + "description": "ImageHost holds information about image scan result per host", + "properties": { + "accountID": { + "description": "AccountID is the cloud account ID the image is associated with.\n", + "type": "string" + }, + "agentless": { + "description": "Agentless indicates if the image was scanned as part of an agentless scan.\n", + "type": "boolean" + }, + "agentlessScanID": { + "description": "AgentlessScanID is the ID of the agentless scan in which the result was received.\n", + "type": "integer" + }, + "ais": { + "description": "AIS indicates the scan was performed by AIS.\n", + "type": "boolean" + }, + "appEmbedded": { + "description": "AppEmbedded indicates if the host is an app embedded host.\n", + "type": "boolean" + }, + "cluster": { + "description": "Cluster is the cluster on which the image is deployed.\n", + "type": "string" + }, + "csa": { + "description": "CSA indicates if the image was scanned by CSA.\n", + "type": "boolean" + }, + "modified": { + "description": "Modified is the last scan time.\n", + "format": "date-time", + "type": "string" + }, + "namespaces": { + "description": "Namespaces are the namespaces on which the image is deployed.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + "type": "object" + }, + "shared.ImageHosts": { + "additionalProperties": { + "$ref": "#/components/schemas/shared.ImageHost" + }, + "description": "ImageHosts is a fast index for image scan results metadata per host", + "type": "object" + }, + "shared.ImageInfo": { + "description": "ImageInfo contains image information collected during image scan", + "properties": { + "Secrets": { + "description": "Secrets are paths to embedded secrets inside the image\nNote: capital letter JSON annotation is kept to avoid converting all images for backward-compatibility support.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "allCompliance": { + "$ref": "#/components/schemas/vuln.AllCompliance" + }, + "applications": { + "description": "Products in the image.\n", + "items": { + "$ref": "#/components/schemas/vuln.Application" + }, + "type": "array" + }, + "baseImage": { + "description": "Image\u2019s base image name. Used when filtering the vulnerabilities by base images.\n", + "type": "string" + }, + "binaries": { + "description": "Binaries in the image.\n", + "items": { + "$ref": "#/components/schemas/shared.Binary" + }, + "type": "array" + }, + "cloudMetadata": { + "$ref": "#/components/schemas/common.CloudMetadata" + }, + "clusterType": { + "$ref": "#/components/schemas/common.ClusterType" + }, + "clusters": { + "description": "Cluster names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "complianceDistribution": { + "$ref": "#/components/schemas/vuln.Distribution" + }, + "complianceIssues": { + "description": "All the compliance issues.\n", + "items": { + "$ref": "#/components/schemas/vuln.Vulnerability" + }, + "type": "array" + }, + "complianceIssuesCount": { + "description": "Number of compliance issues.\n", + "type": "integer" + }, + "complianceRiskScore": { + "description": "Compliance risk score for the image.\n", + "format": "float", + "type": "number" + }, + "compressed": { + "description": "Compressed indicates if this image seems to be compressed - currently only relevant for buildah images.\n", + "type": "boolean" + }, + "compressedLayerTimes": { + "$ref": "#/components/schemas/shared.CompressedLayerTimes" + }, + "creationTime": { + "description": "Specifies the time of creation for the latest version of the image.\n", + "format": "date-time", + "type": "string" + }, + "distro": { + "description": "Full name of the distribution.\n", + "type": "string" + }, + "ecsClusterName": { + "description": "ECS cluster name.\n", + "type": "string" + }, + "externalLabels": { + "description": "Kubernetes external labels of all containers running this image.\n", + "items": { + "$ref": "#/components/schemas/common.ExternalLabel" + }, + "type": "array" + }, + "files": { + "description": "Files in the container.\n", + "items": { + "$ref": "#/components/schemas/shared.FileDetails" + }, + "type": "array" + }, + "firstScanTime": { + "description": "Specifies the time of the scan for the first version of the image. This time is preserved even after the version update.\n", + "format": "date-time", + "type": "string" + }, + "foundSecrets": { + "description": "FoundSecrets are secrets with metadata that were found in the secrets' scan. Requires json tag for reporting secrets from image scan.\n", + "items": { + "$ref": "#/components/schemas/vuln.Secret" + }, + "type": "array" + }, + "history": { + "description": "Docker image history.\n", + "items": { + "$ref": "#/components/schemas/shared.ImageHistory" + }, + "type": "array" + }, + "hostDevices": { + "description": "Map from host network device name to IP address.\n", + "items": { + "$ref": "#/components/schemas/common.NetworkDeviceIP" + }, + "type": "array" + }, + "id": { + "description": "Image ID.\n", + "type": "string" + }, + "image": { + "$ref": "#/components/schemas/shared.Image" + }, + "installedProducts": { + "$ref": "#/components/schemas/shared.InstalledProducts" + }, + "isARM64": { + "description": "IsARM64 indicates if the architecture of the image is aarch64.\n", + "type": "boolean" + }, + "k8sClusterAddr": { + "description": "Endpoint of the Kubernetes API server.\n", + "type": "string" + }, + "labels": { + "description": "Image labels.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "layers": { + "description": "Image's filesystem layers. Each layer is a SHA256 digest of the filesystem diff\nSee: https://windsock.io/explaining-docker-image-ids/.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "missingDistroVulnCoverage": { + "description": "Indicates if the image OS is covered in the IS (true) or not (false).\n", + "type": "boolean" + }, + "namespaces": { + "description": "k8s namespaces of all the containers running this image.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "osDistro": { + "description": "Name of the OS distribution.\n", + "type": "string" + }, + "osDistroRelease": { + "description": "OS distribution release.\n", + "type": "string" + }, + "osDistroVersion": { + "description": "OS distribution version.\n", + "type": "string" + }, + "packageManager": { + "description": "Indicates if the package manager is installed for the OS.\n", + "type": "boolean" + }, + "packages": { + "description": "Packages which exist in the image.\n", + "items": { + "$ref": "#/components/schemas/shared.Packages" + }, + "type": "array" + }, + "pushTime": { + "description": "PushTime is the image push time to the registry.\n", + "format": "date-time", + "type": "string" + }, + "redHatNonRPMImage": { + "description": "RedHatNonRPMImage indicates whether the image is a Red Hat image with non-RPM content.\n", + "type": "boolean" + }, + "registryNamespace": { + "description": "IBM cloud namespace to which the image belongs.\n", + "type": "string" + }, + "registryTags": { + "description": "RegistryTags are the tags of the registry this image is stored.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "registryType": { + "description": "RegistryType indicates the registry type where the image is stored.\n", + "type": "string" + }, + "repoDigests": { + "description": "Digests of the image. Used for content trust (notary). Has one digest per tag.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "repoTag": { + "$ref": "#/components/schemas/shared.ImageTag" + }, + "rhelRepos": { + "description": "RhelRepositories are the (RPM) repositories IDs from which the packages in this image were installed\nUsed for matching vulnerabilities by Red Hat CPEs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "riskFactors": { + "$ref": "#/components/schemas/vulnerability.RiskFactors" + }, + "scanBuildDate": { + "description": "Scanner build date that published the image.\n", + "type": "string" + }, + "scanVersion": { + "description": "Scanner version that published the image.\n", + "type": "string" + }, + "secretScanMetrics": { + "$ref": "#/components/schemas/secrets.SecretScanMetrics" + }, + "startupBinaries": { + "description": "Binaries which are expected to run when the container is created from this image.\n", + "items": { + "$ref": "#/components/schemas/shared.Binary" + }, + "type": "array" + }, + "tags": { + "description": "Tags associated with the given image.\n", + "items": { + "$ref": "#/components/schemas/shared.ImageTag" + }, + "type": "array" + }, + "topLayer": { + "description": "SHA256 of the image's last layer that is the last element of the Layers field.\n", + "type": "string" + }, + "twistlockImage": { + "description": "Indicates if the image is a Twistlock image (true) or not (false).\n", + "type": "boolean" + }, + "underlyingDistro": { + "description": "UnderlyingDistro is used in cases OS an OS is built on top of another, and we need to know both.\n", + "type": "string" + }, + "underlyingDistroRelease": { + "description": "UnderlyingDistroRelease is used in cases OS an OS is built on top of another, and we need to know both.\n", + "type": "string" + }, + "vulnerabilities": { + "description": "CVE vulnerabilities of the image.\n", + "items": { + "$ref": "#/components/schemas/vuln.Vulnerability" + }, + "type": "array" + }, + "vulnerabilitiesCount": { + "description": "Total number of vulnerabilities.\n", + "type": "integer" + }, + "vulnerabilityDistribution": { + "$ref": "#/components/schemas/vuln.Distribution" + }, + "vulnerabilityRiskScore": { + "description": "Image's CVE risk score.\n", + "format": "float", + "type": "number" + } + }, + "type": "object" + }, + "shared.ImageInstance": { + "description": "ImageInstance represents an image on a single host", + "properties": { + "host": { + "description": ".\n", + "type": "string" + }, + "image": { + "description": ".\n", + "type": "string" + }, + "modified": { + "description": ".\n", + "format": "date-time", + "type": "string" + }, + "registry": { + "description": ".\n", + "type": "string" + }, + "repo": { + "description": ".\n", + "type": "string" + }, + "tag": { + "description": ".\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.ImageScanResult": { + "description": "ImageScanResult holds the result of an image scan", + "properties": { + "Secrets": { + "description": "Secrets are paths to embedded secrets inside the image\nNote: capital letter JSON annotation is kept to avoid converting all images for backward-compatibility support.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "_id": { + "description": "Image identifier (image ID or repo:tag).\n", + "type": "string" + }, + "agentless": { + "description": "Agentless indicates that the host was scanned with the agentless scanner.\n", + "type": "boolean" + }, + "aisUUID": { + "description": "AISUUID is the unique instance ID in the agentless instance scanning system.\n", + "type": "string" + }, + "allCompliance": { + "$ref": "#/components/schemas/vuln.AllCompliance" + }, + "appEmbedded": { + "description": "Indicates that this image was scanned by an App-Embedded Defender.\n", + "type": "boolean" + }, + "applications": { + "description": "Products in the image.\n", + "items": { + "$ref": "#/components/schemas/vuln.Application" + }, + "type": "array" + }, + "baseImage": { + "description": "Image\u2019s base image name. Used when filtering the vulnerabilities by base images.\n", + "type": "string" + }, + "binaries": { + "description": "Binaries in the image.\n", + "items": { + "$ref": "#/components/schemas/shared.Binary" + }, + "type": "array" + }, + "cloudMetadata": { + "$ref": "#/components/schemas/common.CloudMetadata" + }, + "clusterType": { + "$ref": "#/components/schemas/common.ClusterType" + }, + "clusters": { + "description": "Cluster names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "collections": { + "description": "Collections to which this result applies.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "complianceDistribution": { + "$ref": "#/components/schemas/vuln.Distribution" + }, + "complianceIssues": { + "description": "All the compliance issues.\n", + "items": { + "$ref": "#/components/schemas/vuln.Vulnerability" + }, + "type": "array" + }, + "complianceIssuesCount": { + "description": "Number of compliance issues.\n", + "type": "integer" + }, + "complianceRiskScore": { + "description": "Compliance risk score for the image.\n", + "format": "float", + "type": "number" + }, + "compressed": { + "description": "Compressed indicates if this image seems to be compressed - currently only relevant for buildah images.\n", + "type": "boolean" + }, + "compressedLayerTimes": { + "$ref": "#/components/schemas/shared.CompressedLayerTimes" + }, + "creationTime": { + "description": "Specifies the time of creation for the latest version of the image.\n", + "format": "date-time", + "type": "string" + }, + "csa": { + "description": "CSA indicates the scan was performed by the CSA.\n", + "type": "boolean" + }, + "csaWindows": { + "description": "CSAWindows indicates the scan was performed by the Ivanti agent(CSA Windows - Cortex server).\n", + "type": "boolean" + }, + "distro": { + "description": "Full name of the distribution.\n", + "type": "string" + }, + "ecsClusterName": { + "description": "ECS cluster name.\n", + "type": "string" + }, + "err": { + "description": "Description of an error that occurred during image scan.\n", + "type": "string" + }, + "errCode": { + "$ref": "#/components/schemas/agentless.ImageScanResultErrCode" + }, + "externalLabels": { + "description": "Kubernetes external labels of all containers running this image.\n", + "items": { + "$ref": "#/components/schemas/common.ExternalLabel" + }, + "type": "array" + }, + "files": { + "description": "Files in the container.\n", + "items": { + "$ref": "#/components/schemas/shared.FileDetails" + }, + "type": "array" + }, + "firewallProtection": { + "$ref": "#/components/schemas/waas.ProtectionStatus" + }, + "firstScanTime": { + "description": "Specifies the time of the scan for the first version of the image. This time is preserved even after the version update.\n", + "format": "date-time", + "type": "string" + }, + "foundSecrets": { + "description": "FoundSecrets are secrets with metadata that were found in the secrets' scan. Requires json tag for reporting secrets from image scan.\n", + "items": { + "$ref": "#/components/schemas/vuln.Secret" + }, + "type": "array" + }, + "history": { + "description": "Docker image history.\n", + "items": { + "$ref": "#/components/schemas/shared.ImageHistory" + }, + "type": "array" + }, + "hostDevices": { + "description": "Map from host network device name to IP address.\n", + "items": { + "$ref": "#/components/schemas/common.NetworkDeviceIP" + }, + "type": "array" + }, + "hostRuntimeEnabled": { + "description": "HostRuntimeEnabled indicates if any runtime rule applies to the host.\n", + "type": "boolean" + }, + "hostname": { + "description": "Name of the host that was scanned.\n", + "type": "string" + }, + "hosts": { + "$ref": "#/components/schemas/shared.ImageHosts" + }, + "id": { + "description": "Image ID.\n", + "type": "string" + }, + "image": { + "$ref": "#/components/schemas/shared.Image" + }, + "installedProducts": { + "$ref": "#/components/schemas/shared.InstalledProducts" + }, + "instances": { + "description": "Details about each occurrence of the image (tag + host).\n", + "items": { + "$ref": "#/components/schemas/shared.ImageInstance" + }, + "type": "array" + }, + "isARM64": { + "description": "IsARM64 indicates if the architecture of the image is aarch64.\n", + "type": "boolean" + }, + "k8sClusterAddr": { + "description": "Endpoint of the Kubernetes API server.\n", + "type": "string" + }, + "labels": { + "description": "Image labels.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "layers": { + "description": "Image's filesystem layers. Each layer is a SHA256 digest of the filesystem diff\nSee: https://windsock.io/explaining-docker-image-ids/.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "malwareAnalyzedTime": { + "description": "MalwareAnalyzedTime is the WildFire evaluator analyzing time shown as progress in UI and cannot to be overwritten by a new scan result.\n", + "format": "date-time", + "type": "string" + }, + "missingDistroVulnCoverage": { + "description": "Indicates if the image OS is covered in the IS (true) or not (false).\n", + "type": "boolean" + }, + "namespaces": { + "description": "k8s namespaces of all the containers running this image.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "osDistro": { + "description": "Name of the OS distribution.\n", + "type": "string" + }, + "osDistroRelease": { + "description": "OS distribution release.\n", + "type": "string" + }, + "osDistroVersion": { + "description": "OS distribution version.\n", + "type": "string" + }, + "packageManager": { + "description": "Indicates if the package manager is installed for the OS.\n", + "type": "boolean" + }, + "packages": { + "description": "Packages which exist in the image.\n", + "items": { + "$ref": "#/components/schemas/shared.Packages" + }, + "type": "array" + }, + "pullDuration": { + "description": "PullDuration is the time it took to pull the image.\n", + "format": "int64", + "type": "integer" + }, + "pushTime": { + "description": "PushTime is the image push time to the registry.\n", + "format": "date-time", + "type": "string" + }, + "redHatNonRPMImage": { + "description": "RedHatNonRPMImage indicates whether the image is a Red Hat image with non-RPM content.\n", + "type": "boolean" + }, + "registryNamespace": { + "description": "IBM cloud namespace to which the image belongs.\n", + "type": "string" + }, + "registryTags": { + "description": "RegistryTags are the tags of the registry this image is stored.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "registryType": { + "description": "RegistryType indicates the registry type where the image is stored.\n", + "type": "string" + }, + "repoDigests": { + "description": "Digests of the image. Used for content trust (notary). Has one digest per tag.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "repoTag": { + "$ref": "#/components/schemas/shared.ImageTag" + }, + "rhelRepos": { + "description": "RhelRepositories are the (RPM) repositories IDs from which the packages in this image were installed\nUsed for matching vulnerabilities by Red Hat CPEs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "riskFactors": { + "$ref": "#/components/schemas/vulnerability.RiskFactors" + }, + "scanBuildDate": { + "description": "Scanner build date that published the image.\n", + "type": "string" + }, + "scanDuration": { + "description": "ScanDuration is the total time it took to scan the image.\n", + "format": "int64", + "type": "integer" + }, + "scanID": { + "description": "ScanID is the ID of the scan.\n", + "type": "integer" + }, + "scanTime": { + "description": "Specifies the time of the last scan of the image.\n", + "format": "date-time", + "type": "string" + }, + "scanVersion": { + "description": "Scanner version that published the image.\n", + "type": "string" + }, + "secretScanMetrics": { + "$ref": "#/components/schemas/secrets.SecretScanMetrics" + }, + "startupBinaries": { + "description": "Binaries which are expected to run when the container is created from this image.\n", + "items": { + "$ref": "#/components/schemas/shared.Binary" + }, + "type": "array" + }, + "stopped": { + "description": "Stopped indicates whether the host was running during the agentless scan.\n", + "type": "boolean" + }, + "tags": { + "description": "Tags associated with the given image.\n", + "items": { + "$ref": "#/components/schemas/shared.ImageTag" + }, + "type": "array" + }, + "topLayer": { + "description": "SHA256 of the image's last layer that is the last element of the Layers field.\n", + "type": "string" + }, + "trustResult": { + "$ref": "#/components/schemas/trust.ImageResult" + }, + "trustStatus": { + "$ref": "#/components/schemas/trust.Status" + }, + "twistlockImage": { + "description": "Indicates if the image is a Twistlock image (true) or not (false).\n", + "type": "boolean" + }, + "type": { + "$ref": "#/components/schemas/shared.ScanType" + }, + "underlyingDistro": { + "description": "UnderlyingDistro is used in cases OS an OS is built on top of another, and we need to know both.\n", + "type": "string" + }, + "underlyingDistroRelease": { + "description": "UnderlyingDistroRelease is used in cases OS an OS is built on top of another, and we need to know both.\n", + "type": "string" + }, + "vulnerabilities": { + "description": "CVE vulnerabilities of the image.\n", + "items": { + "$ref": "#/components/schemas/vuln.Vulnerability" + }, + "type": "array" + }, + "vulnerabilitiesCount": { + "description": "Total number of vulnerabilities.\n", + "type": "integer" + }, + "vulnerabilityDistribution": { + "$ref": "#/components/schemas/vuln.Distribution" + }, + "vulnerabilityRiskScore": { + "description": "Image's CVE risk score.\n", + "format": "float", + "type": "number" + }, + "wildFireUsage": { + "$ref": "#/components/schemas/wildfire.Usage" + } + }, + "type": "object" + }, + "shared.ImageTag": { + "description": "ImageTag represents an image repository and its associated tag or registry digest", + "properties": { + "digest": { + "description": "Image digest (requires V2 or later registry).\n", + "type": "string" + }, + "id": { + "description": "ID of the image.\n", + "type": "string" + }, + "registry": { + "description": "Registry name to which the image belongs.\n", + "type": "string" + }, + "repo": { + "description": "Repository name to which the image belongs.\n", + "type": "string" + }, + "tag": { + "description": "Image tag.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.Incident": { + "description": "Incident represents an incident", + "properties": { + "_id": { + "description": "Internal ID of the incident.\n", + "type": "string" + }, + "accountID": { + "description": "Cloud account ID.\n", + "type": "string" + }, + "acknowledged": { + "description": "Indicates if the incident has been acknowledged (true) or not (false).\n", + "type": "boolean" + }, + "app": { + "description": "Application that caused the incident.\n", + "type": "string" + }, + "appID": { + "description": "Application ID.\n", + "type": "string" + }, + "audits": { + "description": "All runtime audits of the incident.\n", + "items": { + "$ref": "#/components/schemas/shared.RuntimeAudit" + }, + "type": "array" + }, + "category": { + "$ref": "#/components/schemas/shared.IncidentCategory" + }, + "cluster": { + "description": "Cluster on which the incident was found.\n", + "type": "string" + }, + "collections": { + "description": "Collections to which this incident applies.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "containerID": { + "description": "ID of the container that triggered the incident.\n", + "type": "string" + }, + "containerName": { + "description": "Unique container name.\n", + "type": "string" + }, + "customRuleName": { + "description": "Name of the custom runtime rule that triggered the incident.\n", + "type": "string" + }, + "fqdn": { + "description": "Current hostname's full domain name.\n", + "type": "string" + }, + "function": { + "description": "Name of the serverless function.\n", + "type": "string" + }, + "functionID": { + "description": "ID of the function that triggered the incident.\n", + "type": "string" + }, + "hostname": { + "description": "Current hostname.\n", + "type": "string" + }, + "imageID": { + "description": "Container image ID.\n", + "type": "string" + }, + "imageName": { + "description": "Container image name.\n", + "type": "string" + }, + "labels": { + "additionalProperties": { + "$ref": "#/components/schemas/string" + }, + "description": "Custom labels associated with the container.\n", + "type": "object" + }, + "namespace": { + "description": "k8s deployment namespace.\n", + "type": "string" + }, + "profileID": { + "description": "Runtime profile ID.\n", + "type": "string" + }, + "provider": { + "$ref": "#/components/schemas/common.CloudProvider" + }, + "region": { + "description": "Region of the resource on which the incident was found.\n", + "type": "string" + }, + "resourceID": { + "description": "Unique ID of the resource on which the incident was found.\n", + "type": "string" + }, + "runtime": { + "description": "Runtime of the serverless function.\n", + "type": "string" + }, + "serialNum": { + "description": "Serial number of the incident.\n", + "type": "integer" + }, + "shouldCollect": { + "description": "Indicates if this incident should be collected (true) or not (false).\n", + "type": "boolean" + }, + "time": { + "description": "Time of the incident (in UTC time).\n", + "format": "date-time", + "type": "string" + }, + "type": { + "$ref": "#/components/schemas/shared.IncidentType" + }, + "vmID": { + "description": "Azure unique VM ID on which the incident was found.\n", + "type": "string" + }, + "windows": { + "description": "Windows indicates if defender OS type is Windows.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "shared.IncidentCategory": { + "description": "IncidentCategory is the incident category", + "enum": [ + [ + "portScanning", + "hijackedProcess", + "dataExfiltration", + "kubernetes", + "backdoorAdministrativeAccount", + "backdoorSSHAccess", + "cryptoMiner", + "lateralMovement", + "bruteForce", + "customRule", + "alteredBinary", + "suspiciousBinary", + "executionFlowHijackAttempt", + "reverseShell", + "malware", + "cloudProvider" + ] + ], + "type": "string" + }, + "shared.IncidentType": { + "description": "IncidentType is the type of the incident", + "enum": [ + [ + "host", + "container", + "function", + "appEmbedded", + "fargate" + ] + ], + "type": "string" + }, + "shared.InstalledProducts": { + "description": "InstalledProducts contains data regarding products running in environment\nTODO #34713: Swarm support was deprecated in Joule, remove swarm node/manager boolean (and related compliance) in Lagrange", + "properties": { + "agentless": { + "description": "Agentless indicates whether the scan was performed with agentless approach.\n", + "type": "boolean" + }, + "apache": { + "description": "Apache indicates the apache server version, empty in case apache not running.\n", + "type": "string" + }, + "awsCloud": { + "description": "AWSCloud indicates whether AWS cloud is used.\n", + "type": "boolean" + }, + "clusterType": { + "$ref": "#/components/schemas/common.ClusterType" + }, + "crio": { + "description": "CRI indicates whether the container runtime is CRI (and not docker).\n", + "type": "boolean" + }, + "docker": { + "description": "Docker represents the docker daemon version.\n", + "type": "string" + }, + "dockerEnterprise": { + "description": "DockerEnterprise indicates whether the enterprise version of Docker is installed.\n", + "type": "boolean" + }, + "hasPackageManager": { + "description": "HasPackageManager indicates whether package manager is installed on the OS.\n", + "type": "boolean" + }, + "k8sApiServer": { + "description": "K8sAPIServer indicates whether a kubernetes API server is running.\n", + "type": "boolean" + }, + "k8sControllerManager": { + "description": "K8sControllerManager indicates whether a kubernetes controller manager is running.\n", + "type": "boolean" + }, + "k8sEtcd": { + "description": "K8sEtcd indicates whether etcd is running.\n", + "type": "boolean" + }, + "k8sFederationApiServer": { + "description": "K8sFederationAPIServer indicates whether a federation API server is running.\n", + "type": "boolean" + }, + "k8sFederationControllerManager": { + "description": "K8sFederationControllerManager indicates whether a federation controller manager is running.\n", + "type": "boolean" + }, + "k8sKubelet": { + "description": "K8sKubelet indicates whether kubelet is running.\n", + "type": "boolean" + }, + "k8sProxy": { + "description": "K8sProxy indicates whether a kubernetes proxy is running.\n", + "type": "boolean" + }, + "k8sScheduler": { + "description": "K8sScheduler indicates whether the kubernetes scheduler is running.\n", + "type": "boolean" + }, + "kubernetes": { + "description": "Kubernetes represents the kubernetes version.\n", + "type": "string" + }, + "managedClusterVersion": { + "description": "ManagedClusterVersion is the version of the managed Kubernetes service, e.g. AKS/EKS/GKE/etc.\n", + "type": "string" + }, + "openshift": { + "description": "Openshift indicates whether openshift is deployed.\n", + "type": "boolean" + }, + "openshiftVersion": { + "description": "OpenshiftVersion represents the running openshift version.\n", + "type": "string" + }, + "osDistro": { + "description": "OSDistro specifies the os distribution.\n", + "type": "string" + }, + "serverless": { + "description": "Serverless indicates whether evaluated on a serverless environment.\n", + "type": "boolean" + }, + "swarmManager": { + "description": "SwarmManager indicates whether a swarm manager is running.\n", + "type": "boolean" + }, + "swarmNode": { + "description": "SwarmNode indicates whether the node is part of an active swarm.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "shared.InternetConnections": { + "description": "InternetConnections represents the radar internet connections", + "properties": { + "incoming": { + "description": "Incoming is the incoming connections.\n", + "items": { + "$ref": "#/components/schemas/shared.Connection" + }, + "type": "array" + }, + "outgoing": { + "description": "Outgoing is the outgoing connections.\n", + "items": { + "$ref": "#/components/schemas/shared.Connection" + }, + "type": "array" + } + }, + "type": "object" + }, + "shared.JFrogRepoType": { + "description": "JFrogRepoType represents the type of JFrog Artifactory repository", + "enum": [ + [ + "local", + "remote", + "virtual" + ] + ], + "type": "string" + }, + "shared.KeyValues": { + "description": "KeyValues is a generic key values struct", + "properties": { + "key": { + "description": ".\n", + "type": "string" + }, + "values": { + "description": ".\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + "type": "object" + }, + "shared.KubeClusterRole": { + "description": "KubeClusterRole is a compact version of Kubernetes ClusterRole\nSee https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#clusterrole-v1-rbac-authorization-k8s-io", + "properties": { + "labels": { + "description": "Labels are the labels associated with the role.\n", + "items": { + "$ref": "#/components/schemas/shared.KubeLabel" + }, + "type": "array" + }, + "name": { + "description": "Name is the kubernetes role name.\n", + "type": "string" + }, + "roleBinding": { + "description": "RoleBinding is the name of the role binding used for display.\n", + "type": "string" + }, + "rules": { + "description": "Rules are the policy rules associated with the role.\n", + "items": { + "$ref": "#/components/schemas/shared.KubePolicyRule" + }, + "type": "array" + }, + "version": { + "description": "Version is the resource version of the role object maintained by Kubernetes.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.KubeLabel": { + "description": "KubeLabel represents a label\nThese are stored as an array to allow special characters in key names,\nsee https://docs.mongodb.com/manual/reference/limits/#Restrictions-on-Field-Names\nFor example: kubernetes.io/bootstrapping", + "properties": { + "key": { + "description": "Key is the key of the label.\n", + "type": "string" + }, + "value": { + "description": "Value is the value of the label.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.KubePolicyRule": { + "description": "KubePolicyRule is a compact version of Kubernetes PolicyRule\nSee https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#policyrule-v1-rbac-authorization-k8s-io", + "properties": { + "apiGroups": { + "description": ".\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "nonResourceURLs": { + "description": ".\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "resourceNames": { + "description": ".\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "resources": { + "description": ".\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "verbs": { + "description": ".\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + "type": "object" + }, + "shared.KubeRole": { + "description": "KubeRole is a compact version of Kubernetes Role\nSee https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#role-v1-rbac-authorization-k8s-io", + "properties": { + "labels": { + "description": "Labels are the labels associated with the role.\n", + "items": { + "$ref": "#/components/schemas/shared.KubeLabel" + }, + "type": "array" + }, + "name": { + "description": "Name is the role name.\n", + "type": "string" + }, + "namespace": { + "description": "Namespace is the namespace associated with the role.\n", + "type": "string" + }, + "roleBinding": { + "description": "RoleBinding is the name of the role binding used for display.\n", + "type": "string" + }, + "rules": { + "description": "Rules are the list of rules associated with the cluster role.\n", + "items": { + "$ref": "#/components/schemas/shared.KubePolicyRule" + }, + "type": "array" + }, + "version": { + "description": "Version is the resource version of the role object maintained by Kubernetes.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.LambdaRuntimeType": { + "description": "LambdaRuntimeType represents the runtime type of the serverless function\nThe constants used are taken from: https://docs.aws.amazon.com/lambda/latest/dg/API_CreateFunction.html#SSS-CreateFunction-request-Runtime", + "enum": [ + [ + "python", + "python3.6", + "python3.7", + "python3.8", + "python3.9", + "python3.10", + "python3.11", + "python3.12", + "nodejs", + "nodejs12.x", + "nodejs14.x", + "nodejs16.x", + "nodejs18.x", + "nodejs20.x", + "dotnet", + "dotnetcore2.1", + "dotnetcore3.1", + "dotnet6", + "java", + "java8", + "java11", + "java17", + "java21", + "ruby", + "ruby2.7" + ] + ], + "type": "string" + }, + "shared.License": { + "description": "License represent the customer license", + "properties": { + "access_token": { + "description": "AccessToken is the customer access token.\n", + "type": "string" + }, + "contract_id": { + "description": "ContractID is the customer contract ID.\n", + "type": "string" + }, + "contract_type": { + "$ref": "#/components/schemas/shared.LicenseContractType" + }, + "credits": { + "description": "Credits the total amount of credits purchased by the customer.\n", + "type": "integer" + }, + "customer_id": { + "description": "CustomerID is the customer ID.\n", + "type": "string" + }, + "defender_details": { + "description": "DefenderDetails represents the defenders license details.\n", + "items": { + "$ref": "#/components/schemas/shared.DefenderLicenseDetails" + }, + "type": "array" + }, + "defenders": { + "description": "Deprecated: Defenders is the maximum number of defender allowed in this license. Use DefenderDetails field instead.\n", + "type": "integer" + }, + "expiration_date": { + "description": "ExpirationDate is the license expiration date.\n", + "format": "date-time", + "type": "string" + }, + "issue_date": { + "description": "IssueDate is the license issue date.\n", + "format": "date-time", + "type": "string" + }, + "type": { + "$ref": "#/components/schemas/shared.LicenseTier" + }, + "workloads": { + "description": "Deprecated: Workloads is the number of workloads per license kept for backward compatibility. Use Credits instead.\n", + "type": "integer" + } + }, + "type": "object" + }, + "shared.LicenseConfig": { + "description": "LicenseConfig is the compliance policy license configuration", + "properties": { + "alertThreshold": { + "$ref": "#/components/schemas/shared.LicenseThreshold" + }, + "blockThreshold": { + "$ref": "#/components/schemas/shared.LicenseThreshold" + }, + "critical": { + "description": "Critical is the list of licenses with critical severity.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "high": { + "description": "High is the list of licenses with high severity.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "low": { + "description": "Low is the list of licenses with low severity.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "medium": { + "description": "Medium is the list of licenses with medium severity.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + "type": "object" + }, + "shared.LicenseContractType": { + "description": "LicenseContractType is the license contract type", + "enum": [ + [ + "", + "host", + "avg", + "burndown" + ] + ], + "type": "string" + }, + "shared.LicenseThreshold": { + "description": "LicenseThreshold is the license severity threshold to indicate whether to perform an action (alert/block)\nThreshold values typically vary between 0 and 10 (noninclusive)", + "properties": { + "enabled": { + "description": "Enabled indicates that the action is enabled.\n", + "type": "boolean" + }, + "value": { + "description": "Value is the minimum severity score for which the action is enabled.\n", + "format": "float", + "type": "number" + } + }, + "type": "object" + }, + "shared.LicenseTier": { + "description": "LicenseTier represents the license tier of the customer", + "enum": [ + [ + "", + "developer", + "enterprise", + "evaluation", + "oem" + ] + ], + "type": "string" + }, + "shared.LogInspectionEvent": { + "description": "LogInspectionEvent is a log inspection event detected according to the log inspection rules", + "properties": { + "_id": { + "description": "ID is event's unique identifier.\n", + "type": "string" + }, + "accountID": { + "description": "AccountID is the cloud account ID.\n", + "type": "string" + }, + "cluster": { + "description": "Cluster is the cluster on which the event was found.\n", + "type": "string" + }, + "collections": { + "description": "Collections are collections to which this event applies.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "hostname": { + "description": "Hostname is the hostname on which the event was found.\n", + "type": "string" + }, + "line": { + "description": "Line is the matching log line.\n", + "type": "string" + }, + "logfile": { + "description": "Logfile is the log file which triggered the event.\n", + "type": "string" + }, + "ruleName": { + "description": "RuleName is the name of the applied rule for auditing log inspection events.\n", + "type": "string" + }, + "time": { + "description": "Time is the time of the event.\n", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "shared.LoggerSetting": { + "description": "LoggerSetting are a specific logger settings", + "properties": { + "allProcEvents": { + "description": "AllProcEvents indicates whether any new spawned container process should generate an event source entry.\n", + "type": "boolean" + }, + "enabled": { + "description": "Enabled indicates whether log feature is enabled.\n", + "type": "boolean" + }, + "verboseScan": { + "description": "VerboseScan indicates whether detailed scan (Compliance/Vulnerability) result should be written to event logger.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "shared.LoggingSettings": { + "description": "LoggingSettings are the logging settings", + "properties": { + "consoleAddress": { + "description": "ConsoleAddress is the console address used by the admin to access the console, used for creating links for runtime events.\n", + "type": "string" + }, + "enableMetricsCollection": { + "description": "EnableMetricsCollection indicates whether metric collections feature is enabled.\n", + "type": "boolean" + }, + "includeRuntimeLink": { + "description": "IncludeRuntimeLink indicates whether link to forensic event should be included in the output.\n", + "type": "boolean" + }, + "stdout": { + "$ref": "#/components/schemas/shared.LoggerSetting" + }, + "syslog": { + "$ref": "#/components/schemas/shared.SyslogSettings" + } + }, + "type": "object" + }, + "shared.Malware": { + "description": "Malware is an executable and its md5", + "properties": { + "allowed": { + "description": "Allowed indicates if this signature is on the allowed list.\n", + "type": "boolean" + }, + "md5": { + "description": ".\n", + "type": "string" + }, + "modified": { + "description": "Modified is the time the malware was added to the DB.\n", + "format": "int64", + "type": "integer" + }, + "name": { + "description": ".\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.MgmtAudit": { + "description": "MgmtAudit represents a management audit in the system", + "properties": { + "api": { + "description": "API is the api used in the audit process.\n", + "type": "string" + }, + "diff": { + "description": "Diff is the diff between old and new values.\n", + "type": "string" + }, + "failure": { + "description": "Failure states whether the request failed or not.\n", + "type": "boolean" + }, + "sourceIP": { + "description": "SourceIP is the request's source IP.\n", + "type": "string" + }, + "status": { + "description": "Status is the request's response status.\n", + "type": "string" + }, + "time": { + "description": "Time is the time of the request.\n", + "format": "date-time", + "type": "string" + }, + "type": { + "$ref": "#/components/schemas/shared.MgmtType" + }, + "username": { + "description": "Username is the username of the user who performed the action.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.MgmtType": { + "description": "MgmtType represents management audit types", + "enum": [ + [ + "login", + "profile", + "settings", + "rule", + "user", + "group", + "credential", + "tag", + "role", + "pairing" + ] + ], + "type": "string" + }, + "shared.NetworkInfo": { + "description": "NetworkInfo contains data about a container regarding a specific network", + "properties": { + "ipAddress": { + "description": "IPAddress is the container IP.\n", + "type": "string" + }, + "macAddress": { + "description": "MacAddress is the container MAC.\n", + "type": "string" + }, + "name": { + "description": "Name is the network name.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.NodeJSModuleType": { + "description": "NodeJSModuleType is the type of a NodeJS module", + "enum": [ + [ + "commonjs", + "ecmascript" + ] + ], + "type": "string" + }, + "shared.Package": { + "description": "Package stores relevant package information", + "properties": { + "author": { + "description": "Author is the package's author.\n", + "type": "string" + }, + "binaryIdx": { + "description": "Indexes of the top binaries which use the package.\n", + "items": { + "$ref": "#/components/schemas/int16" + }, + "type": "array" + }, + "binaryPkgs": { + "description": "Names of the distro binary packages (packages which are built on the source of the package).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "cveCount": { + "description": "Total number of CVEs for this specific package.\n", + "type": "integer" + }, + "defaultGem": { + "description": "DefaultGem indicates this is a gem default package (and not a bundled package).\n", + "type": "boolean" + }, + "files": { + "description": "List of package-related files and their hashes. Only included when the appropriate scan option is set.\n", + "items": { + "$ref": "#/components/schemas/shared.FileDetails" + }, + "type": "array" + }, + "functionLayer": { + "description": "ID of the serverless layer in which the package was discovered.\n", + "type": "string" + }, + "goPkg": { + "description": "GoPkg indicates this is a Go package (and not module).\n", + "type": "boolean" + }, + "isRPMModule": { + "description": "IsRPMModule indicates whether this package data represents an RPM module.\n", + "type": "boolean" + }, + "jarIdentifier": { + "description": "JarIdentifier holds an additional identification detail of a JAR package.\n", + "type": "string" + }, + "layerTime": { + "description": "Image layer to which the package belongs (layer creation time).\n", + "format": "int64", + "type": "integer" + }, + "license": { + "description": "License information for the package.\n", + "type": "string" + }, + "name": { + "description": "Name of the package.\n", + "type": "string" + }, + "originPackageName": { + "description": "OriginPackageName is the name of the third-party origin package.\n", + "type": "string" + }, + "osPackage": { + "description": "OSPackage indicates that a python/java package was installed as an OS package.\n", + "type": "boolean" + }, + "path": { + "description": "Full package path (e.g., JAR or Node.js package path).\n", + "type": "string" + }, + "purl": { + "description": "PURL is a package URL identifier for this package.\n", + "type": "string" + }, + "rpmModule": { + "description": "RPMModule represents the RPM module in which this package is included.\n", + "type": "string" + }, + "securityRepoPkg": { + "description": "SecurityRepoPkg determines if this package is available in a security repository.\n", + "type": "boolean" + }, + "symbols": { + "description": "Symbols contains names of vulnerable functions that are linked in the executable binary, empty if the entire package is vulnerable.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "version": { + "description": "Package version.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.Packages": { + "description": "Packages is a collection of packages", + "properties": { + "pkgs": { + "description": "List of packages.\n", + "items": { + "$ref": "#/components/schemas/shared.Package" + }, + "type": "array" + }, + "pkgsType": { + "$ref": "#/components/schemas/packages.Type" + } + }, + "type": "object" + }, + "shared.PkgTypeThreshold": { + "description": "PkgTypeThreshold represents specific vulnerability alert and block thresholds for a package type", + "properties": { + "alertThreshold": { + "$ref": "#/components/schemas/shared.AlertThreshold" + }, + "blockThreshold": { + "$ref": "#/components/schemas/shared.BlockThreshold" + }, + "type": { + "$ref": "#/components/schemas/packages.Type" + } + }, + "type": "object" + }, + "shared.PkgsTimes": { + "description": "PkgsTimes are the compressed layer times for pkgs of the specific type", + "properties": { + "pkgTimes": { + "description": ".\n", + "items": { + "$ref": "#/components/schemas/int64" + }, + "type": "array" + }, + "pkgsType": { + "$ref": "#/components/schemas/packages.Type" + } + }, + "type": "object" + }, + "shared.Policy": { + "description": "Policy represents a policy that should be enforced by the Auditor", + "properties": { + "_id": { + "description": "Internal identifier.\n", + "type": "string" + }, + "policyType": { + "$ref": "#/components/schemas/common.PolicyType" + }, + "rules": { + "description": "Rules holds all policy rules.\n", + "items": { + "$ref": "#/components/schemas/shared.PolicyRule" + }, + "type": "array" + } + }, + "type": "object" + }, + "shared.PolicyRule": { + "description": "PolicyRule is a single rule in the policy", + "properties": { + "action": { + "description": "Action to take.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "alertThreshold": { + "$ref": "#/components/schemas/shared.AlertThreshold" + }, + "allCompliance": { + "description": "Reports the results of all compliance checks (both passed and failed) (true).\n", + "type": "boolean" + }, + "auditAllowed": { + "description": "Specifies if Prisma Cloud audits successful transactions.\n", + "type": "boolean" + }, + "blockMsg": { + "$ref": "#/components/schemas/common.PolicyBlockMsg" + }, + "blockThreshold": { + "$ref": "#/components/schemas/shared.BlockThreshold" + }, + "collections": { + "description": "List of collections. Used to scope the rule.\n", + "items": { + "$ref": "#/components/schemas/collection.Collection" + }, + "type": "array" + }, + "condition": { + "$ref": "#/components/schemas/shared.Conditions" + }, + "createPR": { + "description": "CreatePR indicates whether to create a pull request for vulnerability fixes (relevant for code repos).\n", + "type": "boolean" + }, + "cveRules": { + "description": "List of CVE IDs classified for special handling (also known as exceptions).\n", + "items": { + "$ref": "#/components/schemas/shared.CVERule" + }, + "type": "array" + }, + "disabled": { + "description": "Indicates whether the rule is currently disabled. Values: true (disabled) or false (enabled).\n", + "type": "boolean" + }, + "effect": { + "$ref": "#/components/schemas/common.PolicyEffect" + }, + "excludeBaseImageVulns": { + "description": "ExcludeBaseImageVulns indicates whether to exclude vulnerabilities coming from the base image.\n", + "type": "boolean" + }, + "graceDays": { + "description": "Number of days to suppress the rule's block effect. Measured from date the vuln was fixed. If there's no fix, measured from the date the vuln was published.\n", + "type": "integer" + }, + "graceDaysPolicy": { + "$ref": "#/components/schemas/shared.GraceDaysPolicy" + }, + "group": { + "description": "Applicable groups.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "license": { + "$ref": "#/components/schemas/shared.LicenseConfig" + }, + "modified": { + "description": "Specifies the date and time when the rule was last modified.\n", + "format": "date-time", + "type": "string" + }, + "name": { + "description": "Name of the rule.\n", + "type": "string" + }, + "notes": { + "description": "Describes any noteworthy points for a rule. You can include any text.\n", + "type": "string" + }, + "onlyFixed": { + "description": "Applies rule only when vendor fixes are available (true).\n", + "type": "boolean" + }, + "owner": { + "description": "User who created or last modified the rule.\n", + "type": "string" + }, + "pkgTypesThresholds": { + "description": "PkgTypesThresholds holds package type specific alert and block thresholds.\n", + "items": { + "$ref": "#/components/schemas/shared.PkgTypeThreshold" + }, + "type": "array" + }, + "previousName": { + "description": "Previous name of the rule. Required for rule renaming.\n", + "type": "string" + }, + "principal": { + "description": "Applicable users.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "riskFactorsEffects": { + "description": "RiskFactorsEffects indicates the effect (alert/block) of each risk factor.\n", + "items": { + "$ref": "#/components/schemas/shared.RiskFactorEffect" + }, + "type": "array" + }, + "tags": { + "description": "List of tags classified for special handling (also known as exceptions).\n", + "items": { + "$ref": "#/components/schemas/shared.TagRule" + }, + "type": "array" + }, + "verbose": { + "description": "Displays a detailed message when an operation is blocked (true).\n", + "type": "boolean" + } + }, + "type": "object" + }, + "shared.Port": { + "description": "Port is a container port", + "properties": { + "containerPort": { + "description": "ContainerPort is the mapped port inside the container.\n", + "type": "string" + }, + "hostIP": { + "description": "HostIP is the host IP.\n", + "type": "string" + }, + "hostPort": { + "description": "HostPort is the host port.\n", + "type": "integer" + } + }, + "type": "object" + }, + "shared.ProfileKubernetesData": { + "description": "ProfileKubernetesData holds Kubernetes data", + "properties": { + "clusterRoles": { + "description": "ClusterRoles are the cluster roles of the associated service account.\n", + "items": { + "$ref": "#/components/schemas/shared.KubeClusterRole" + }, + "type": "array" + }, + "roles": { + "description": "Roles are the roles of the associated service account.\n", + "items": { + "$ref": "#/components/schemas/shared.KubeRole" + }, + "type": "array" + }, + "serviceAccount": { + "description": "ServiceAccount is the service account used to access Kubernetes apiserver\nThis field will be empty if the container is not running inside of a Pod.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.Progress": { + "description": "Progress displays the scan progress", + "properties": { + "aisInitialScanInProgress": { + "description": "AISInitialScanInProgress indicates whether agentless next-gen first scheduled scan is in progress.\n", + "type": "boolean" + }, + "aisOnDemandScanInProgress": { + "description": "AISOnDemandScanInProgress indicates whether agentless next-gen on demand scan is in progress.\n", + "type": "boolean" + }, + "discovery": { + "description": "Discovery indicates whether the scan is in discovery phase.\n", + "type": "boolean" + }, + "error": { + "description": "Error is the error that happened during scan.\n", + "type": "string" + }, + "hostname": { + "description": "Hostname is the hostname for which the progress apply.\n", + "type": "string" + }, + "id": { + "description": "ID is the ID of the entity being scanned.\n", + "type": "string" + }, + "onDemand": { + "description": "OnDemand indicates whether the scan was triggered by the user or not (scheduled scan).\n", + "type": "boolean" + }, + "scanTime": { + "description": "ScanTime is the time of scan.\n", + "format": "date-time", + "type": "string" + }, + "scanned": { + "description": "Scanned is the number of entities for which the scan completed.\n", + "type": "integer" + }, + "title": { + "description": "Title is the progress title (set by the scanning process).\n", + "type": "string" + }, + "total": { + "description": "Total is the total amount of entities that should be scanned.\n", + "type": "integer" + }, + "type": { + "$ref": "#/components/schemas/shared.ScanType" + } + }, + "type": "object" + }, + "shared.RegionData": { + "description": "RegionData contains data regarding a region", + "properties": { + "coordinates": { + "$ref": "#/components/schemas/shared.Coordinates" + }, + "name": { + "description": "Name is the region display name.\n", + "type": "string" + }, + "region": { + "description": "Region is the region code name.\n", + "type": "string" + }, + "regionType": { + "$ref": "#/components/schemas/shared.RegionType" + }, + "supportedServices": { + "description": "SupportedServices is a list of cloud service types the region supports.\n", + "items": { + "$ref": "#/components/schemas/shared.ScanResultType" + }, + "type": "array" + } + }, + "type": "object" + }, + "shared.RegionDataByCloudProvider": { + "additionalProperties": { + "$ref": "#/components/schemas/-_shared.RegionData" + }, + "description": "RegionDataByCloudProvider represents the region data per cloud provider", + "type": "object" + }, + "shared.RegionType": { + "description": "RegionType specifies the region type that runs the Amazon services", + "enum": [ + [ + "regular", + "gov", + "china", + "all" + ] + ], + "type": "string" + }, + "shared.RegistryOSType": { + "description": "RegistryOSType specifies the registry images base OS type", + "enum": [ + [ + "linux", + "linuxARM64", + "windows" + ] + ], + "type": "string" + }, + "shared.RegistryScanProgress": { + "description": "RegistryScanProgress represents the registry scan progress", + "properties": { + "discovery": { + "$ref": "#/components/schemas/shared.Progress" + }, + "imageScan": { + "$ref": "#/components/schemas/shared.Progress" + }, + "isScanOngoing": { + "description": "IsScanOngoing indicates if a scan is currently ongoing.\n", + "type": "boolean" + }, + "specScanStartTime": { + "description": "SpecScanStartTime indicates when the current spec scan started.\n", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "shared.RegistryScanRequest": { + "description": "RegistryScanRequest represents a registry scan request", + "properties": { + "onDemandScan": { + "description": "OnDemandScan indicates whether to handle request using the on-demand scanner.\n", + "type": "boolean" + }, + "scanID": { + "description": "ScanID is the ID of the scan.\n", + "type": "integer" + }, + "settings": { + "$ref": "#/components/schemas/shared.RegistrySpecification" + }, + "tag": { + "$ref": "#/components/schemas/shared.ImageTag" + }, + "type": { + "description": "Type indicates the type of the scan request.\n", + "type": "integer" + } + }, + "type": "object" + }, + "shared.RegistrySettings": { + "description": "RegistrySettings contains each registry's unique settings", + "properties": { + "harborScannerUrlSuffix": { + "description": "Relative path to the Harbor scanner endpoint.\n", + "type": "string" + }, + "specifications": { + "description": "Information for connecting to the registries to be scanned.\n", + "items": { + "$ref": "#/components/schemas/shared.RegistrySpecification" + }, + "type": "array" + }, + "webhookUrlSuffix": { + "description": "Relative path to the webhook HTTP endpoint.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.RegistrySpecification": { + "description": "RegistrySpecification contains information for connecting to local/remote registry", + "properties": { + "azureCloudMetadata": { + "$ref": "#/components/schemas/common.CloudMetadata" + }, + "caCert": { + "description": "CACert is the Certificate Authority that signed the registry certificate.\n", + "type": "string" + }, + "cap": { + "description": "Specifies the maximum number of images from each repo to fetch and scan, sorted by most recently modified.\n", + "type": "integer" + }, + "collections": { + "description": "Specifies the set of Defenders in-scope for working on a scan job.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "credential": { + "$ref": "#/components/schemas/cred.Credential" + }, + "credentialID": { + "description": "ID of the credentials in the credentials store to use for authenticating with the registry.\n", + "type": "string" + }, + "excludedRepositories": { + "description": "Repositories to exclude from scanning.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "excludedTags": { + "description": "Tags to exclude from scanning.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "gitlabRegistrySpec": { + "$ref": "#/components/schemas/shared.GitlabRegistrySpec" + }, + "harborDeploymentSecurity": { + "description": "Indicates whether the Prisma Cloud plugin uses temporary tokens provided by Harbor to scan images in projects where Harbor's deployment security setting is enabled.\n", + "type": "boolean" + }, + "id": { + "description": "ID is a unique identifier of the registry spec.\n", + "type": "string" + }, + "jfrogRepoTypes": { + "description": "JFrog Artifactory repository types to scan.\n", + "items": { + "$ref": "#/components/schemas/shared.JFrogRepoType" + }, + "type": "array" + }, + "lastScanStatus": { + "description": "LastScanStatus is the last scan status. we keep both LastScanStatus and ScanStatus in order to not lose the latest scan status when a scan starts.\n", + "type": "string" + }, + "lastScanTime": { + "description": "LastScanTime specifies the last time a scan was completed.\n", + "format": "date-time", + "type": "string" + }, + "namespace": { + "description": "IBM Bluemix namespace https://console.bluemix.net/docs/services/Registry/registry_overview.html#registry_planning.\n", + "type": "string" + }, + "os": { + "$ref": "#/components/schemas/shared.RegistryOSType" + }, + "registry": { + "description": "Registry address (e.g., https://gcr.io).\n", + "type": "string" + }, + "repository": { + "description": "Repositories to scan.\n", + "type": "string" + }, + "scanError": { + "description": "ScanError is the error received while scanning the specification.\n", + "type": "string" + }, + "scanStatus": { + "description": "ScanStatus is the scan status that's updated dynamically during the scan, when the scan finishes - its value is passed to the LastScanStatus field in the DB.\n", + "type": "string" + }, + "scanTime": { + "description": "ScanTime specifies the time a scan was started.\n", + "format": "date-time", + "type": "string" + }, + "scannedImagesSuccessTotal": { + "description": "ScannedImagesSuccessTotal is the total number of registry images that were scanned successfully on the last registry specification scan.\n", + "type": "integer" + }, + "scanners": { + "description": "Number of Defenders that can be utilized for each scan job.\n", + "type": "integer" + }, + "tag": { + "description": "Tags to scan.\n", + "type": "string" + }, + "version": { + "description": "Registry type. Determines the protocol Prisma Cloud uses to communicate with the registry.\n", + "type": "string" + }, + "versionPattern": { + "description": "Pattern heuristic for quickly filtering images by tags without having to query all images for modification dates.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.RiskFactorEffect": { + "description": "RiskFactorEffect represents the effect which is applied by a risk factor", + "properties": { + "effect": { + "$ref": "#/components/schemas/vuln.Effect" + }, + "riskFactor": { + "$ref": "#/components/schemas/vulnerability.RiskFactor" + } + }, + "type": "object" + }, + "shared.RuntimeAttackType": { + "description": "RuntimeAttackType is the sub-category of the attack (e.g., malware process, process not in model, etc...)", + "enum": [ + [ + "", + "cloudMetadataProbing", + "kubeletAPIAccess", + "kubeletReadonlyAccess", + "kubectlSpawned", + "kubectlDownloaded", + "horizontalPortScanning", + "verticalPortScanning", + "explicitlyDeniedIP", + "customFeedIP", + "feedIP", + "unexpectedOutboundPort", + "suspiciousNetworkActivity", + "unexpectedListeningPort", + "explicitlyDeniedListeningPort", + "explicitlyDeniedOutboundPort", + "listeningPortModifiedProcess", + "outboundPortModifiedProcess", + "feedDNS", + "explicitlyDeniedDNS", + "dnsQuery", + "unexpectedProcess", + "portScanProcess", + "malwareProcessCustom", + "malwareProcessFeed", + "explicitlyDeniedProcess", + "modifiedProcess", + "cryptoMinerProcess", + "lateralMovementProcess", + "tmpfsProcess", + "policyHijacked", + "reverseShell", + "suidBinaries", + "unknownOriginBinary", + "webShell", + "administrativeAccount", + "encryptedBinary", + "sshAccess", + "explicitlyDeniedFile", + "malwareFileCustom", + "malwareFileFeed", + "execFileAccess", + "elfFileAccess", + "secretFileAccess", + "regFileAccess", + "wildfireMalware", + "unknownOriginBinary", + "webShell", + "fileIntegrity", + "alteredBinary", + "malwareDownloaded", + "suspiciousELFHeader", + "executionFlowHijackAttempt", + "customRule" + ] + ], + "type": "string" + }, + "shared.RuntimeAudit": { + "description": "RuntimeAudit represents a runtime audit event (fires when a runtime policy is violated)", + "properties": { + "_id": { + "description": "Internal ID (used for in-place updates).\n", + "type": "string" + }, + "accountID": { + "description": "ID of the cloud account where the audit was generated.\n", + "type": "string" + }, + "app": { + "description": "Name of the service which violated the host policy.\n", + "type": "string" + }, + "appID": { + "description": "Application ID.\n", + "type": "string" + }, + "attackTechniques": { + "description": "MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/mitre.Technique" + }, + "type": "array" + }, + "attackType": { + "$ref": "#/components/schemas/shared.RuntimeAttackType" + }, + "cluster": { + "description": "Cluster name.\n", + "type": "string" + }, + "collections": { + "description": "Collections to which this audit applies.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "command": { + "description": "ScrubbedCommand is the command executed by the process with scrubbed PII.\n", + "type": "string" + }, + "container": { + "description": "Indicates if this is a container audit (true) or host audit (false).\n", + "type": "boolean" + }, + "containerId": { + "description": "ID of the container that violates the rule.\n", + "type": "string" + }, + "containerName": { + "description": "Container name.\n", + "type": "string" + }, + "count": { + "description": "Attack type audits count.\n", + "type": "integer" + }, + "country": { + "description": "Outbound country for outgoing network audits.\n", + "type": "string" + }, + "domain": { + "description": "Domain is the requested domain.\n", + "type": "string" + }, + "effect": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "err": { + "description": "Unknown error in the audit process.\n", + "type": "string" + }, + "filepath": { + "description": "Filepath is the path of the modified file.\n", + "type": "string" + }, + "fqdn": { + "description": "Current full domain name used in audit alerts.\n", + "type": "string" + }, + "function": { + "description": "Name of the serverless function that caused the audit.\n", + "type": "string" + }, + "functionID": { + "description": "ID of the function invoked.\n", + "type": "string" + }, + "hostname": { + "description": "Current hostname.\n", + "type": "string" + }, + "imageId": { + "description": "Container image ID.\n", + "type": "string" + }, + "imageName": { + "description": "Container image name.\n", + "type": "string" + }, + "interactive": { + "description": "Indicates if the audit was triggered from a process that was spawned in interactive mode (e.g., docker exec ...) (true) or not (false).\n", + "type": "boolean" + }, + "ip": { + "description": "IP is the connection destination IP address.\n", + "type": "string" + }, + "label": { + "description": "Container deployment label.\n", + "type": "string" + }, + "labels": { + "additionalProperties": { + "$ref": "#/components/schemas/string" + }, + "description": "Custom labels which augment the audit data.\n", + "type": "object" + }, + "md5": { + "description": "MD5 is the MD5 of the modified file (only for executables.\n", + "type": "string" + }, + "msg": { + "description": "Blocking message text.\n", + "type": "string" + }, + "namespace": { + "description": "K8s deployment namespace.\n", + "type": "string" + }, + "os": { + "description": "Operating system distribution.\n", + "type": "string" + }, + "pid": { + "description": "ID of the process that caused the audit event.\n", + "type": "integer" + }, + "port": { + "description": "Port is the connection destination port.\n", + "type": "integer" + }, + "processPath": { + "description": "Path of the process that caused the audit event.\n", + "type": "string" + }, + "profileId": { + "description": "Profile ID of the audit.\n", + "type": "string" + }, + "provider": { + "$ref": "#/components/schemas/common.CloudProvider" + }, + "rawEvent": { + "description": "Unparsed function handler event input.\n", + "type": "string" + }, + "region": { + "description": "Region of the resource where the audit was generated.\n", + "type": "string" + }, + "requestID": { + "description": "ID of the lambda function invocation request.\n", + "type": "string" + }, + "resourceID": { + "description": "Unique ID of the resource where the audit was generated.\n", + "type": "string" + }, + "ruleName": { + "description": "Name of the rule that was applied, if blocked.\n", + "type": "string" + }, + "runtime": { + "$ref": "#/components/schemas/shared.LambdaRuntimeType" + }, + "severity": { + "$ref": "#/components/schemas/shared.RuntimeSeverity" + }, + "time": { + "description": "Time of the audit event (in UTC time).\n", + "format": "date-time", + "type": "string" + }, + "type": { + "$ref": "#/components/schemas/shared.RuntimeType" + }, + "user": { + "description": "Service user.\n", + "type": "string" + }, + "version": { + "description": "Defender version.\n", + "type": "string" + }, + "vmID": { + "description": "Azure unique VM ID where the audit was generated.\n", + "type": "string" + }, + "wildFireReportURL": { + "description": "WildFireReportURL is a URL link of the report generated by wildFire.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.RuntimeProfileState": { + "description": "RuntimeProfileState represents the state of an image profile", + "enum": [ + [ + "learning", + "dryRun", + "learningExtended", + "manualLearning", + "manualRelearning", + "active", + "manualActive" + ] + ], + "type": "string" + }, + "shared.RuntimeSecretScrubbingSettings": { + "description": "RuntimeSecretScrubbingSettings holds the runtime secret scrubbing settings", + "properties": { + "customSpecs": { + "description": "CustomSpecs is a collection of generic sensitive data masking patterns.\n", + "items": { + "$ref": "#/components/schemas/runtime.SecretScrubbingSpec" + }, + "type": "array" + }, + "skipDefault": { + "description": "SkipDefault indicates whether default secret scrubbing should be skipped.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "shared.RuntimeSeverity": { + "description": "RuntimeSeverity represents the runtime severity", + "enum": [ + [ + "low", + "medium", + "high" + ] + ], + "type": "string" + }, + "shared.RuntimeType": { + "description": "RuntimeType represents the runtime protection type", + "enum": [ + [ + "processes", + "network", + "kubernetes", + "filesystem" + ] + ], + "type": "string" + }, + "shared.ScanErrorInfo": { + "description": "ScanErrorInfo holds information about the errors that occurred during the scan", + "properties": { + "category": { + "description": "Category is the category of error.\n", + "type": "string" + }, + "cause": { + "description": "Cause describes what caused the error.\n", + "type": "string" + }, + "detectedDuring": { + "$ref": "#/components/schemas/shared.AISOperationType" + }, + "error": { + "description": "Error holds the full error string.\n", + "type": "string" + }, + "recommendation": { + "description": "Recommendation provides more information about error and suggestions for possible fixes.\n", + "type": "string" + }, + "score": { + "description": "Score is a rating of how relevant the error is to the customer.\n", + "type": "integer" + }, + "source": { + "description": "Source is details on where the error occurred.\n", + "type": "string" + }, + "updatedAt": { + "description": "UpdatedAt holds the timestamp of the current error, relevant only for AIS scans.\n", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "shared.ScanResultType": { + "description": "ScanResultType represents a cloud scan result type", + "enum": [ + [ + "aws-ecr", + "aws-lambda", + "aws-ec2", + "aws-eks", + "aws-ecs", + "aws-s3", + "aws-config", + "aws-cloud-trail", + "aws-kms", + "aws-cloud-watch", + "aws-sns", + "aws-security-hub", + "aws-secrets-manager", + "aws-parameter-store", + "azure-acr", + "azure-functions", + "azure-aks", + "azure-aci", + "azure-vm", + "gcp-gcr", + "gcp-gcf", + "gcp-gke", + "gcp-vm", + "gcp-artifact", + "oci-instance" + ] + ], + "type": "string" + }, + "shared.ScanSettings": { + "description": "ScanSettings are global settings for image/host/container and registry scanning", + "properties": { + "agentlessScanPeriodMs": { + "description": "AgentlessScanPeriodMS is the agentless scan period in ms - validated for minimum 1 hour or disabled with zero.\n", + "format": "int64", + "type": "integer" + }, + "cloudPlatformsScanPeriodMs": { + "description": "CloudPlatformsScanPeriodMS is the cloud platforms scan period in ms - validated for minimum 1 hour or disabled with zero.\n", + "format": "int64", + "type": "integer" + }, + "containersScanPeriodMs": { + "description": "ContainersScanPeriodMS is the container scan period in ms - validated for minimum 1 hour or disabled with zero.\n", + "format": "int64", + "type": "integer" + }, + "extractArchive": { + "description": "ExtractArchive indicates whether to search within archive during scan is enabled.\n", + "type": "boolean" + }, + "imagesScanPeriodMs": { + "description": "ImageScanPeriodMS is the image scan period in ms - validated for minimum 1 hour or disabled with zero.\n", + "format": "int64", + "type": "integer" + }, + "includeJsDependencies": { + "description": "IncludeJsDependencies indicates whether to include packages from the \"dependencies\".\n", + "type": "boolean" + }, + "registryScanPeriodMs": { + "description": "RegistryScanPeriodMS is the registry scan period in ms - validated for minimum 1 hour or disabled with zero.\n", + "format": "int64", + "type": "integer" + }, + "registryScanRetentionDays": { + "description": "RegistryScanRetentionDays is the number of days to keep deleted registry images.\n", + "type": "integer" + }, + "scanRunningImages": { + "description": "ScanRunningImages indicates only images that are used by containers should be used.\n", + "type": "boolean" + }, + "serverlessScanPeriodMs": { + "description": "ServerlessScanPeriodMS is the serverless vulnerability scan period in ms - validated for minimum 1 hour or disabled with zero.\n", + "format": "int64", + "type": "integer" + }, + "showInfraContainers": { + "description": "ShowInfraContainers indicates infra containers should be shown.\n", + "type": "boolean" + }, + "showNegligibleVulnerabilities": { + "description": "ShowNegligibleVulnerabilities indicates whether to display negligible vulnerabilities (low severity or will not be fixed).\n", + "type": "boolean" + }, + "systemScanPeriodMs": { + "description": "SystemScanPeriodMS is the host scan period in ms - validated for minimum 1 hour or disabled with zero.\n", + "format": "int64", + "type": "integer" + }, + "tasDropletsScanPeriodMs": { + "description": "TASDropletsScanPeriodMS is the TAS scan period in ms - validated for minimum 1 hour or disabled with zero.\n", + "format": "int64", + "type": "integer" + }, + "vmScanPeriodMs": { + "description": "VMScanPeriodMS is the VM image scan period in ms - validated for minimum 1 hour or disabled with zero.\n", + "format": "int64", + "type": "integer" + } + }, + "type": "object" + }, + "shared.ScanType": { + "description": "ScanType displays the components for an ongoing scan", + "enum": [ + [ + "image", + "ciImage", + "container", + "host", + "agentlessHost", + "registry", + "serverlessScan", + "ciServerless", + "vm", + "tas", + "ciTas", + "cloudDiscovery", + "serverlessRadar", + "serverlessAutoDeploy", + "hostAutoDeploy", + "codeRepo", + "ciCodeRepo" + ] + ], + "type": "string" + }, + "shared.SecretStoreType": { + "description": "SecretStoreType is the secrets store type", + "enum": [ + [ + "hashicorp", + "hashicorp010", + "cyberark", + "awsParameterStore", + "awsSecretsManager", + "azure" + ] + ], + "type": "string" + }, + "shared.SecretsInjectionType": { + "description": "SecretsInjectionType is the method used to inject secrets to containers", + "enum": [ + [ + "envvar", + "filesystem" + ] + ], + "type": "string" + }, + "shared.SecretsPolicy": { + "description": "SecretsPolicy defines policy for distribution of secrets to containers", + "properties": { + "_id": { + "description": "ID is the internal secret policy id.\n", + "type": "string" + }, + "rules": { + "description": "Rules is the list of secret injection rules.\n", + "items": { + "$ref": "#/components/schemas/shared.SecretsRule" + }, + "type": "array" + } + }, + "type": "object" + }, + "shared.SecretsRule": { + "description": "SecretsRule defines distribution of secrets to containers", + "properties": { + "collections": { + "description": "Collections is a list of collections the rule applies to.\n", + "items": { + "$ref": "#/components/schemas/collection.Collection" + }, + "type": "array" + }, + "disabled": { + "description": "Indicates whether the rule is currently disabled. Values: true (disabled) or false (enabled).\n", + "type": "boolean" + }, + "injection": { + "$ref": "#/components/schemas/shared.SecretsInjectionType" + }, + "modified": { + "description": "Specifies the date and time when the rule was last modified.\n", + "format": "date-time", + "type": "string" + }, + "name": { + "description": "Name of the rule.\n", + "type": "string" + }, + "notes": { + "description": "Describes any noteworthy points for a rule. You can include any text.\n", + "type": "string" + }, + "owner": { + "description": "User who created or last modified the rule.\n", + "type": "string" + }, + "previousName": { + "description": "Previous name of the rule. Required for rule renaming.\n", + "type": "string" + }, + "readAllPerm": { + "description": "ReadAllPerm indicates whether file permissions of injected secrets allow read by root only or by all users.\n", + "type": "boolean" + }, + "secrets": { + "description": "Secrets are the encrypted secrets to inject.\n", + "items": { + "$ref": "#/components/schemas/shared.VaultSecret" + }, + "type": "array" + }, + "targetDir": { + "description": "TargetDir is the target directory to inject secret files to if we choose filesystem injection.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.SecretsStore": { + "description": "SecretsStore represents a secret storage entity", + "properties": { + "appID": { + "description": "AppID is the twistlock application id, as set in Cyberark store.\n", + "type": "string" + }, + "caCert": { + "$ref": "#/components/schemas/common.Secret" + }, + "clientCert": { + "$ref": "#/components/schemas/common.Secret" + }, + "credentialId": { + "description": "CredentialID is the authentication credential id.\n", + "type": "string" + }, + "name": { + "description": "Name is the name of the secret store defined by the user.\n", + "type": "string" + }, + "region": { + "description": "Region is the secrets store's region.\n", + "type": "string" + }, + "type": { + "$ref": "#/components/schemas/shared.SecretStoreType" + }, + "url": { + "description": "URL is the secrets store's endpoint point.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.SecretsStores": { + "description": "SecretsStores are settings for connecting with secrets storage vaults", + "properties": { + "refreshPeriodHours": { + "description": "RefreshPeriodHours is the secret stores refresh time in hours.\n", + "type": "integer" + }, + "secretsStores": { + "description": "Stores is the list of stores to fetch secrets from.\n", + "items": { + "$ref": "#/components/schemas/shared.SecretsStore" + }, + "type": "array" + } + }, + "type": "object" + }, + "shared.ServerlessAutoDeploySpecification": { + "description": "ServerlessAutoDeploySpecification contains the information for auto-deploying serverless functions protection", + "properties": { + "awsRegionType": { + "$ref": "#/components/schemas/shared.RegionType" + }, + "collections": { + "description": "Collections is a list of collections the rule applies to.\n", + "items": { + "$ref": "#/components/schemas/collection.Collection" + }, + "type": "array" + }, + "consoleAddr": { + "description": "ConsoleAddr represents the hostname of the console to connect to.\n", + "type": "string" + }, + "credentialID": { + "description": "CredentialID is the service provider authentication data.\n", + "type": "string" + }, + "lastModified": { + "description": "LastModified is the last modified time of the specification.\n", + "format": "date-time", + "type": "string" + }, + "name": { + "description": "Name is the name of the spec.\n", + "type": "string" + }, + "proxy": { + "$ref": "#/components/schemas/common.ProxySettings" + }, + "runtimes": { + "description": "Runtimes is the list of runtimes to which the spec applies.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + "type": "object" + }, + "shared.ServerlessAutoDeploySpecifications": { + "description": "ServerlessAutoDeploySpecifications is a list of serverless auto-deploy specifications", + "items": { + "$ref": "#/components/schemas/shared.ServerlessAutoDeploySpecification" + }, + "type": "array" + }, + "shared.ServerlessBundleRequest": { + "description": "ServerlessBundleRequest represents the arguments to serverless bundle request", + "properties": { + "provider": { + "$ref": "#/components/schemas/common.CloudProvider" + }, + "proxyCA": { + "description": "ProxyCA is the proxy\u2019s CA certificate for Defender to trust.\n", + "type": "string" + }, + "runtime": { + "$ref": "#/components/schemas/shared.LambdaRuntimeType" + } + }, + "type": "object" + }, + "shared.ServerlessLayerBundleRequest": { + "description": "ServerlessLayerBundleRequest represents the arguments to a serverless layer bundle request", + "properties": { + "nodeJSModuleType": { + "$ref": "#/components/schemas/shared.NodeJSModuleType" + }, + "provider": { + "$ref": "#/components/schemas/common.CloudProvider" + }, + "proxyCA": { + "description": "ProxyCA is the proxy\u2019s CA certificate for Defender to trust.\n", + "type": "string" + }, + "runtime": { + "$ref": "#/components/schemas/shared.LambdaRuntimeType" + } + }, + "type": "object" + }, + "shared.ServerlessScanSpecification": { + "description": "ServerlessScanSpecification describes how to connect to a serverless provider", + "properties": { + "cap": { + "description": "Specifies the maximum number of functions to fetch and scan, ordered by most recently modified.\n", + "type": "integer" + }, + "enabled": { + "description": "Enabled indicates whether serverless scanning is enabled.\n", + "type": "boolean" + }, + "scanAllVersions": { + "description": "Specifies whether to scan all image versions. If set to false, scans only $LATEST. Default: false.\n", + "type": "boolean" + }, + "scanLayers": { + "description": "Specifies whether to scan a function's layers. Default: true.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "shared.SubnetConnections": { + "description": "SubnetConnections holds the entity incoming and outgoing connections from/to subnets", + "properties": { + "incoming": { + "additionalProperties": { + "$ref": "#/components/schemas/cnnf.RadarConnectionInstances" + }, + "description": "Incoming holds connection from radar entity to subnet.\n", + "type": "object" + }, + "outgoing": { + "additionalProperties": { + "$ref": "#/components/schemas/cnnf.RadarConnectionInstances" + }, + "description": "Outgoing holds connection from subnet to radar entity.\n", + "type": "object" + } + }, + "type": "object" + }, + "shared.SyslogSettings": { + "description": "SyslogSettings are the syslog settings", + "properties": { + "addr": { + "description": "Addr is the remote address for sending events.\n", + "type": "string" + }, + "allProcEvents": { + "description": "AllProcEvents indicates whether any new spawned container process should generate an event source entry.\n", + "type": "boolean" + }, + "cert": { + "description": "Cert is the server cert for dialing TLS syslogger.\n", + "type": "string" + }, + "enabled": { + "description": "Enabled indicates whether log feature is enabled.\n", + "type": "boolean" + }, + "id": { + "description": "ID represents the user's custom identifier string.\n", + "type": "string" + }, + "verboseScan": { + "description": "VerboseScan indicates whether detailed scan (Compliance/Vulnerability) result should be written to event logger.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "shared.TASDropletSpecification": { + "description": "TASDropletSpecification specify which droplets to scan", + "properties": { + "cap": { + "description": "Cap indicates only the last k images should be fetched.\n", + "type": "integer" + }, + "cloudControllerAddress": { + "description": "CloudControllerAddress is the address of the local cloud controller in TAS env.\n", + "type": "string" + }, + "hostname": { + "description": "Hostname is the hostname of the defender that is used as the blobstore scanner.\n", + "type": "string" + }, + "pattern": { + "description": "Name is the droplet name.\n", + "type": "string" + }, + "remote": { + "description": "Remote indicates whether the blobstore is remote or local.\n", + "type": "boolean" + }, + "remoteConfig": { + "$ref": "#/components/schemas/shared.TASRemoteBlobstoreConfig" + } + }, + "type": "object" + }, + "shared.TASRemoteBlobstoreConfig": { + "description": "TASRemoteBlobstoreConfig contains remote blobstore details", + "properties": { + "blobstoreAddress": { + "description": "BlobstoreAddress is the address of the remote cloud controller.\n", + "type": "string" + }, + "cACert": { + "description": "CACert Ops manager CA root certificate in case the user chooses not to skip TLS validation.\n", + "type": "string" + }, + "credential": { + "$ref": "#/components/schemas/cred.Credential" + }, + "credentialID": { + "description": "CredentialID is the id in the credentials store to use for authenticating with the remote blobstore.\n", + "type": "string" + }, + "foundation": { + "description": " Foundation is the name of TAS foundation.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.Tag": { + "description": "Tag represents a single tag", + "properties": { + "color": { + "$ref": "#/components/schemas/common.Color" + }, + "description": { + "description": "Description is the tag description.\n", + "type": "string" + }, + "name": { + "description": "Name is the tag name.\n", + "type": "string" + }, + "vulns": { + "description": "Vulns are the tagged vulnerabilities.\n", + "items": { + "$ref": "#/components/schemas/shared.TagVulnMetadata" + }, + "type": "array" + } + }, + "type": "object" + }, + "shared.TagRule": { + "description": "TagRule is a tag rule for specific vulnerabilities", + "properties": { + "description": { + "description": "Free-form text for documenting the exception.\n", + "type": "string" + }, + "effect": { + "$ref": "#/components/schemas/vuln.Effect" + }, + "expiration": { + "$ref": "#/components/schemas/vuln.ExpirationDate" + }, + "name": { + "description": "Tag name.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.TagVulnMetadata": { + "description": "TagVulnMetadata contains the tag vulnerability metadata", + "properties": { + "checkBaseLayer": { + "description": "(Applies only to the resource type 'image') Checks whether the base layer in an image is the resource image.\n", + "type": "boolean" + }, + "comment": { + "description": "Adds a comment.\n", + "type": "string" + }, + "id": { + "description": "Specifies the Common Vulnerability and Exposures (CVE) ID.\n", + "type": "string" + }, + "packageName": { + "description": "Specifies the source or the binary package name where the vulnerability is found.\nUse the source package name for tagging if only source package exists.\nUse the wildcard `*` for tagging all the packages.\n", + "type": "string" + }, + "resourceType": { + "$ref": "#/components/schemas/vuln.TagType" + }, + "resources": { + "description": "(Required when you define the resource type) Specifies the resources for tagging where the vulnerability is found. Either specify the resource names separated by a comma or use the wildcard `*` to apply the tag to all the resources where the vulnerability is found.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + "type": "object" + }, + "shared.TrustAudit": { + "description": "TrustAudit represents a trust audit", + "properties": { + "_id": { + "description": "ID is the registry-repo of the created container.\n", + "type": "string" + }, + "accountID": { + "description": "AccountID is the cloud account ID where the audit was generated.\n", + "type": "string" + }, + "cluster": { + "description": "Cluster is the cluster where the audit was generated.\n", + "type": "string" + }, + "count": { + "description": "Count is the number of times this audit occurred.\n", + "type": "integer" + }, + "effect": { + "$ref": "#/components/schemas/vuln.Effect" + }, + "imageID": { + "description": "ImageID is the container image id.\n", + "type": "string" + }, + "imageName": { + "description": "ImageName is the container image name.\n", + "type": "string" + }, + "msg": { + "description": "Message is the blocking message text.\n", + "type": "string" + }, + "ruleName": { + "description": "If blocked, contains the name of the rule that was applied.\n", + "type": "string" + }, + "time": { + "description": "Time is the UTC time of the audit event.\n", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "shared.TrustAudits": { + "description": "TrustAudits represents the trust profile audits", + "properties": { + "_id": { + "description": "ProfileID is the runtime profile ID.\n", + "type": "string" + }, + "audits": { + "additionalProperties": { + "$ref": "#/components/schemas/shared.TrustRegistryRepoAudits" + }, + "description": "Audits is a map from trust status (audits are only for untrusted type) to the audit events list.\n", + "type": "object" + }, + "cluster": { + "description": "Cluster is the cluster from which the audit originated.\n", + "type": "string" + }, + "collections": { + "description": "Collections are collections to which this audit applies.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "imageName": { + "description": "ImageName is the container image name.\n", + "type": "string" + }, + "label": { + "description": "Label represents the container deployment label.\n", + "type": "string" + }, + "os": { + "description": "OS is the operating system distribution.\n", + "type": "string" + }, + "resource": { + "$ref": "#/components/schemas/common.RuntimeResource" + }, + "time": { + "description": "Time is the UTC time of the last audit event.\n", + "format": "date-time", + "type": "string" + }, + "total": { + "description": "Total is the total count of audits per runtime profile.\n", + "type": "integer" + } + }, + "type": "object" + }, + "shared.TrustRegistryRepoAudits": { + "description": "TrustRegistryRepoAudits represents the trust registry/repo audits per profile", + "properties": { + "audits": { + "description": "Audits are the trust audits associated with the registry/repo, limited to the determined capacity.\n", + "items": { + "$ref": "#/components/schemas/shared.TrustAudit" + }, + "type": "array" + }, + "count": { + "description": "Count is the total count of the sub-type audits.\n", + "type": "integer" + } + }, + "type": "object" + }, + "shared.TrustedCertSettings": { + "description": "TrustedCertSettings are settings for trusted certs", + "properties": { + "certs": { + "description": "Certs are the list of trusted certificates to use in access scenarios.\n", + "items": { + "$ref": "#/components/schemas/shared.TrustedCertSignature" + }, + "type": "array" + }, + "checkRevocation": { + "description": "CheckRevocation indicates whether to check the certificate revocation.\n", + "type": "boolean" + }, + "enabled": { + "description": "Enabled indicates whether the trusted certificate feature is enabled.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "shared.TrustedCertSignature": { + "description": "TrustedCertSignature represents a trusted cert settings", + "properties": { + "cn": { + "description": "CN is the certificate common name.\n", + "type": "string" + }, + "issuer": { + "description": "Issuer is the certificate issuer.\n", + "type": "string" + }, + "notAfter1": { + "description": "NotAfter is the certificate expiration time\nRemark: the 1 suffix required for backward compatibility (previous values were strings and cannot be serialized).\n", + "format": "date-time", + "type": "string" + }, + "notBefore1": { + "description": "NotBefore is the minimum time for which the cert is valid\nRemark: the 1 suffix required for backward compatibility (previous values were strings and cannot be serialized).\n", + "format": "date-time", + "type": "string" + }, + "raw": { + "description": "Raw is the raw certificate (in PEM format).\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.UploadScanResult": { + "description": "UploadScanResult is the result uploading the scanning result", + "properties": { + "scanId": { + "description": "ID is the scan result ID.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.User": { + "description": "User represents a local user in Twistlock", + "properties": { + "username": { + "description": "Name of a user.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.VMSpecification": { + "description": "VMSpecification contains information for setting up and connecting to the image", + "properties": { + "cap": { + "description": "Specifies the maximum number of images to fetch and scan, ordered by most recently modified.\n", + "type": "integer" + }, + "consoleAddr": { + "description": "Network-accessible address that Defender can use to publish scan results to Console.\n", + "type": "string" + }, + "credentialID": { + "description": "ID of the credentials in the credentials store to use for authenticating with the cloud provider.\n", + "type": "string" + }, + "enableSecureBoot": { + "description": "EnableSecureBoot indicates secure boot should be enabled for the instance launched for scanning (currently only supported with GCP).\n", + "type": "boolean" + }, + "excludedImages": { + "description": "Images to exclude from scanning.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "gcpProjectID": { + "description": "GCP project ID to use for listing VM images instead of the default associated with the GCP credential (optional).\n", + "type": "string" + }, + "imageType": { + "$ref": "#/components/schemas/common.ImageType" + }, + "images": { + "description": "The names of images to scan.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "instanceType": { + "description": "InstanceType is the instance type to use for the instance launched for scanning. For example, the default instance type for AWS is \"m4.large\".\n", + "type": "string" + }, + "labels": { + "description": "The labels to use to target images to scan.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "region": { + "description": "Cloud provider region.\n", + "type": "string" + }, + "scanners": { + "description": "Number of Defenders that can be utilized for each scan job.\n", + "type": "integer" + }, + "subnetID": { + "description": "SubnetID is the network subnet ID to use for the instance launched for scanning. Default value is empty string, which represents the default subnet in the VPC.\n", + "type": "string" + }, + "vpcID": { + "description": "VPCID is the network VPC ID to use for the instance launched for scanning. Default value is empty string, which represents the default VPC in the region.\n", + "type": "string" + }, + "zone": { + "description": "Cloud provider zone (part of a region). On GCP, designates in which zone to deploy the VM scan instance.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.VMSpecifications": { + "description": "VMSpecifications is a list of VM specifications", + "items": { + "$ref": "#/components/schemas/shared.VMSpecification" + }, + "type": "array" + }, + "shared.VaultSecret": { + "description": "VaultSecret represents a secret held by a secret store", + "properties": { + "folder": { + "description": "Folder is one of the following:\nCyberark: Name of the folder for secrets held in Cyberark store\nHashicorp: The directory path for secrets held in Hashicorp store\nAWS: The name of the secret in AWS Secrets Manager or AWS Parameter Store.\n", + "type": "string" + }, + "key": { + "description": "Key is the secret's identifier in the secrets store.\n", + "type": "string" + }, + "name": { + "description": "Name is the name of the secret as input from the user.\n", + "type": "string" + }, + "safe": { + "description": "Safe is the name of the safe, for secrets held in Cyberark store.\n", + "type": "string" + }, + "store": { + "description": "Store is the name of the secrets store where the secret is held.\n", + "type": "string" + }, + "value": { + "$ref": "#/components/schemas/common.Secret" + }, + "version": { + "description": "Version is the Azure secret version.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.WildFirePolicy": { + "description": "WildFirePolicy is the global wildfire usage policy, set by the client", + "properties": { + "agentlessEnabled": { + "description": "AgentlessEnabled indicates whether agentless scan will consult WF.\n", + "type": "boolean" + }, + "complianceEnabled": { + "description": "ComplianceEnabled indicates whether compliance malware scan will consult WF.\n", + "type": "boolean" + }, + "graywareAsMalware": { + "description": "GraywareAsMalware indicates whether files with WF verdict of Grayware will be treated as malware.\n", + "type": "boolean" + }, + "region": { + "description": "Region is the WF server region to query.\n", + "type": "string" + }, + "runtimeEnabled": { + "description": "RuntimeEnabled indicates whether runtime malware scan will consult WF.\n", + "type": "boolean" + }, + "uploadEnabled": { + "description": "UploadEnabled indicates whether files will be uploaded to WF.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "shared.WildFireSettings": { + "description": "WildFireSettings are the settings for WildFire API requests", + "properties": { + "apiKey": { + "description": "APIKey is the key identifier used for WF APIs.\n", + "type": "string" + }, + "apiKeyExpiration": { + "description": "APIKeyExpiration is the expiration time of the API key.\n", + "format": "date-time", + "type": "string" + }, + "lastError": { + "description": "LastError is the last error that occurred when trying to create/update the wildfire key.\n", + "type": "string" + }, + "policy": { + "$ref": "#/components/schemas/shared.WildFirePolicy" + } + }, + "type": "object" + }, + "string": { + "type": "string" + }, + "time.Duration": { + "format": "int64", + "type": "integer" + }, + "time.Time": { + "format": "date-time", + "type": "string" + }, + "trust.Data": { + "description": "Data holds the image trust data", + "properties": { + "groups": { + "description": "Groups are the trust groups.\n", + "items": { + "$ref": "#/components/schemas/trust.Group" + }, + "type": "array" + }, + "policy": { + "$ref": "#/components/schemas/trust.Policy" + } + }, + "type": "object" + }, + "trust.Group": { + "description": "Group represents a group of images", + "properties": { + "_id": { + "description": "Name of the group.\n", + "type": "string" + }, + "disabled": { + "description": "Indicates whether the rule is currently disabled. Values: true (disabled) or false (enabled).\n", + "type": "boolean" + }, + "images": { + "description": "Image names or IDs (e.g., docker.io/library/ubuntu:16.04 / SHA264@...).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "layers": { + "description": "Filesystem layers. The image is trusted if its layers have a prefix of the trusted groups layer in the same order.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "modified": { + "description": "Specifies the date and time when the rule was last modified.\n", + "format": "date-time", + "type": "string" + }, + "name": { + "description": "Name of the rule.\n", + "type": "string" + }, + "notes": { + "description": "Describes any noteworthy points for a rule. You can include any text.\n", + "type": "string" + }, + "owner": { + "description": "User who created or last modified the rule.\n", + "type": "string" + }, + "previousName": { + "description": "Previous name of the rule. Required for rule renaming.\n", + "type": "string" + } + }, + "type": "object" + }, + "trust.HostStatus": { + "description": "HostStatus represents an image trust status on a host", + "properties": { + "host": { + "description": "Host name.\n", + "type": "string" + }, + "status": { + "$ref": "#/components/schemas/trust.Status" + } + }, + "type": "object" + }, + "trust.ImageResult": { + "description": "ImageResult represents an aggregated image trust result", + "properties": { + "groups": { + "description": "Trust groups which apply to the image.\n", + "items": { + "$ref": "#/components/schemas/trust.Group" + }, + "type": "array" + }, + "hostsStatuses": { + "description": "Image trust status on each host. Can be set to \"trusted\" or \"untrusted\".\n", + "items": { + "$ref": "#/components/schemas/trust.HostStatus" + }, + "type": "array" + } + }, + "type": "object" + }, + "trust.Policy": { + "description": "Policy represents the trust policy", + "properties": { + "_id": { + "description": "ID is the trust group policy ID.\n", + "type": "string" + }, + "enabled": { + "description": "Enabled indicates whether the policy is enabled.\n", + "type": "boolean" + }, + "rules": { + "description": "Rules is the list of rules in the policy.\n", + "items": { + "$ref": "#/components/schemas/trust.PolicyRule" + }, + "type": "array" + } + }, + "type": "object" + }, + "trust.PolicyRule": { + "description": "PolicyRule represents an trust policy rule", + "properties": { + "allowedGroups": { + "description": "AllowedGroups are the ids of the groups that are whitelisted by this rule.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "blockMsg": { + "$ref": "#/components/schemas/common.PolicyBlockMsg" + }, + "collections": { + "description": "Collections is a list of collections the rule applies to.\n", + "items": { + "$ref": "#/components/schemas/collection.Collection" + }, + "type": "array" + }, + "deniedGroups": { + "description": "DeniedGroups are the ids of the groups that are blacklisted by this rule.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "disabled": { + "description": "Indicates whether the rule is currently disabled. Values: true (disabled) or false (enabled).\n", + "type": "boolean" + }, + "effect": { + "$ref": "#/components/schemas/vuln.Effect" + }, + "modified": { + "description": "Specifies the date and time when the rule was last modified.\n", + "format": "date-time", + "type": "string" + }, + "name": { + "description": "Name of the rule.\n", + "type": "string" + }, + "notes": { + "description": "Describes any noteworthy points for a rule. You can include any text.\n", + "type": "string" + }, + "owner": { + "description": "User who created or last modified the rule.\n", + "type": "string" + }, + "previousName": { + "description": "Previous name of the rule. Required for rule renaming.\n", + "type": "string" + } + }, + "type": "object" + }, + "trust.Status": { + "description": "Status is the trust status for an image", + "enum": [ + [ + "trusted", + "untrusted" + ] + ], + "type": "string" + }, + "types.AccessStats": { + "description": "AccessStats are stats for the access flows", + "properties": { + "docker": { + "$ref": "#/components/schemas/types.AccessStatsCount" + }, + "sshd": { + "$ref": "#/components/schemas/types.AccessStatsCount" + }, + "sudo": { + "$ref": "#/components/schemas/types.AccessStatsCount" + } + }, + "type": "object" + }, + "types.AccessStatsCount": { + "description": "AccessStatsCount stores the total amount of access audits", + "properties": { + "allowed": { + "description": ".\n", + "type": "integer" + }, + "denied": { + "description": ".\n", + "type": "integer" + } + }, + "type": "object" + }, + "types.AgentlessHostStatus": { + "description": "AgentlessHostStatus holds the status of a host handled by an agentless scan", + "properties": { + "account": { + "description": "Account is the cloud account the host belongs to.\n", + "type": "string" + }, + "availabilityDomain": { + "description": "AvailabilityDomain is the host availability domain.\n", + "type": "string" + }, + "category": { + "description": "Category indicates the status category.\n", + "type": "string" + }, + "cause": { + "description": "Cause describes what caused the error category.\n", + "type": "string" + }, + "collections": { + "description": "Collections is a list of the matched collections.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "createdAt": { + "description": "CreatedAt is the time when the instance was launched.\n", + "format": "date-time", + "type": "string" + }, + "details": { + "description": "Details provides more information about status.\n", + "type": "string" + }, + "detectedDuring": { + "$ref": "#/components/schemas/shared.AISOperationType" + }, + "excludedTags": { + "description": "ExcludedTags lists of exclude tags cause the host to be excluded from the scan.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "hostname": { + "description": "Hostname is the hostname. E.g. \"ip-192-0-2-0\" or \"custom\".\n", + "type": "string" + }, + "includedTags": { + "description": "IncludedTags lists of include tags cause the host to be excluded from the scan.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "name": { + "description": "Name is the host's cloud name e.g. \"dimako-test\".\n", + "type": "string" + }, + "ociCompartment": { + "description": "OCICompartment is the compartment the instance belongs to (OCI only).\n", + "type": "string" + }, + "recommendation": { + "description": "Recommendation provides suggestions for possible fixes.\n", + "type": "string" + }, + "region": { + "description": "Region is the region the host belongs to.\n", + "type": "string" + }, + "regionError": { + "description": "RegionError indicates the status origin is a region error.\n", + "type": "boolean" + }, + "resourceID": { + "description": "Unique ID of the resource.\n", + "type": "string" + }, + "scanID": { + "description": "ScanID indicates the scan id in which the status was collected.\n", + "type": "integer" + }, + "scanTime": { + "description": "ScanTime indicates the scan time of the host.\n", + "format": "date-time", + "type": "string" + }, + "source": { + "description": "Source is details on where the status was collected.\n", + "type": "string" + }, + "vmTags": { + "description": "VMTags are the tags of the VM instance.\n", + "items": { + "$ref": "#/components/schemas/common.ExternalLabel" + }, + "type": "array" + } + }, + "type": "object" + }, + "types.AgentlessResourceTemplatesRequest": { + "description": "AgentlessResourceTemplatesRequest is the agentless resource templates request for populating\ntemplates that are needed to be applied prior to an agentless scan with the credential", + "properties": { + "awsRegionType": { + "$ref": "#/components/schemas/shared.RegionType" + }, + "credential": { + "$ref": "#/components/schemas/cred.Credential" + }, + "credentialID": { + "description": "(Required) Specifies the ID for which the templates are generated.\n", + "type": "string" + } + }, + "type": "object" + }, + "types.AlertProfileOption": { + "description": "AlertProfileOption describes options available for configuring an alert type", + "properties": { + "alertType": { + "$ref": "#/components/schemas/api.AlertType" + }, + "hasPolicy": { + "description": "HasPolicy defines whether the alerts are triggered by policy (e.g., this is false for defender alerts).\n", + "type": "boolean" + }, + "name": { + "description": "Name is the display name for the option.\n", + "type": "string" + }, + "rules": { + "description": "Rules are the rule names for the policy associated with this alert type (only relevant if HasPolicy is true).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "supportedClients": { + "description": "SupportedClients are the supported alert clients for this alert (e.g., jira, email).\n", + "items": { + "$ref": "#/components/schemas/api.AlertClientType" + }, + "type": "array" + } + }, + "type": "object" + }, + "types.AllDefendersUsage": { + "description": "AllDefendersUsage holds stats about the usage of different modules and the sample time", + "properties": { + "appEmbedded": { + "$ref": "#/components/schemas/types.DefenderUsage" + }, + "cloudSecurityAgent": { + "$ref": "#/components/schemas/types.DefenderUsage" + }, + "container": { + "$ref": "#/components/schemas/types.DefenderUsage" + }, + "containerAgentless": { + "$ref": "#/components/schemas/types.DefenderUsage" + }, + "host": { + "$ref": "#/components/schemas/types.DefenderUsage" + }, + "hostAgentless": { + "$ref": "#/components/schemas/types.DefenderUsage" + }, + "period": { + "description": "Period is the date beginning of the usage period.\n", + "format": "date-time", + "type": "string" + }, + "remainingCredits": { + "description": "RemainingCredits is the amount of credits left at the beginning of the period.\n", + "type": "integer" + }, + "serverless": { + "$ref": "#/components/schemas/types.ServerlessUsage" + }, + "waas": { + "$ref": "#/components/schemas/types.DefenderUsage" + }, + "waasOutOfBand": { + "$ref": "#/components/schemas/types.DefenderUsage" + } + }, + "type": "object" + }, + "types.AppFirewallAttackCount": { + "description": "AppFirewallAttackCount holds app firewall attack type and the amount of audits", + "properties": { + "count": { + "description": "Count is the count for the attack type.\n", + "type": "integer" + }, + "type": { + "$ref": "#/components/schemas/waas.AttackType" + } + }, + "type": "object" + }, + "types.AppFirewallStats": { + "additionalProperties": { + "$ref": "#/components/schemas/int" + }, + "description": "AppFirewallStats are the daily stats for app firewall audits\nTODO #20802 - replace string key with WAAS attack type type when mongo changed to avoid encoding map keys without stringer", + "type": "object" + }, + "types.ArtifactoryWebhookRequest": { + "description": "ArtifactoryWebhookRequest is an artifactory webhook request\nArtifactory doesn't have native webhook support, instead it comes as a plugin\nhttps://github.com/jfrog/artifactory-user-plugins/tree/master/webhook\nThe relevant fields in the this struct were reverse engineered from the webhook groovy code and from the fields that were sent by a real artifactory environment", + "type": "object" + }, + "types.AssetsSummary": { + "properties": { + "containerImages": { + "$ref": "#/components/schemas/types.ImageAssetsSummary" + }, + "hosts": { + "$ref": "#/components/schemas/types.HostAssetsSummary" + } + }, + "type": "object" + }, + "types.AttackTechniqueStats": { + "additionalProperties": { + "$ref": "#/components/schemas/int" + }, + "description": "AttackTechniqueStats represents statistics grouped by attack technique", + "type": "object" + }, + "types.AuditTimeslice": { + "description": "AuditTimeslice counts the number of audit events for a given time period", + "properties": { + "count": { + "description": "Count is the number of audit occurrences.\n", + "type": "integer" + }, + "end": { + "description": "End is the end time of the bucket.\n", + "format": "date-time", + "type": "string" + }, + "start": { + "description": "Start is the start time of the bucket.\n", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "types.AvailableVulnerabilities": { + "description": "AvailableVulnerabilities contains all available vulnerabilities types", + "properties": { + "complianceVulnerabilities": { + "description": "Compliance is the list of all available compliance issues.\n", + "items": { + "$ref": "#/components/schemas/vuln.Vulnerability" + }, + "type": "array" + }, + "cveVulnerabilities": { + "description": "CVE is all available cve vulnerabilities.\n", + "items": { + "$ref": "#/components/schemas/vuln.Vulnerability" + }, + "type": "array" + } + }, + "type": "object" + }, + "types.BFFHostQueryOptions": { + "properties": { + "hasVulnerabilities": { + "description": ".\n", + "type": "boolean" + }, + "limit": { + "description": ".\n", + "type": "integer" + }, + "nextPageToken": { + "description": ".\n", + "type": "string" + }, + "offset": { + "description": ".\n", + "type": "integer" + }, + "reverse": { + "description": ".\n", + "type": "boolean" + }, + "search": { + "description": ".\n", + "type": "string" + }, + "sort": { + "description": ".\n", + "type": "string" + } + }, + "type": "object" + }, + "types.BFFImageQueryOptions": { + "properties": { + "hasRunningContainers": { + "description": ".\n", + "type": "boolean" + }, + "hasVulnerabilities": { + "description": ".\n", + "type": "boolean" + }, + "limit": { + "description": ".\n", + "type": "integer" + }, + "nextPageToken": { + "description": ".\n", + "type": "string" + }, + "offset": { + "description": ".\n", + "type": "integer" + }, + "reverse": { + "description": ".\n", + "type": "boolean" + }, + "scanPassed": { + "description": ".\n", + "type": "boolean" + }, + "search": { + "description": ".\n", + "type": "string" + }, + "sort": { + "description": ".\n", + "type": "string" + }, + "stage": { + "description": ".\n", + "type": "string" + } + }, + "type": "object" + }, + "types.BFFPaginatedResponse": { + "description": "BFFPaginatedResponse is the paginated response", + "properties": { + "nextPageToken": { + "description": ".\n", + "type": "string" + }, + "total": { + "description": ".\n", + "type": "integer" + } + }, + "type": "object" + }, + "types.BaseImage": { + "description": "BaseImage represents an image which is defined as a base image", + "properties": { + "creationTime": { + "description": "CreationTime is the time when the image was created.\n", + "format": "date-time", + "type": "string" + }, + "imageName": { + "description": "ImageName is the image name repository:tag.\n", + "type": "string" + }, + "topLayer": { + "description": "TopLayer is the SHA256 of the image's last filesystem layer.\n", + "type": "string" + } + }, + "type": "object" + }, + "types.BaseImagesRule": { + "description": "BaseImagesRule holds the base images defined by a single scope", + "properties": { + "_id": { + "description": "Pattern is the scope configuration identification, e.g. image name regex pattern.\n", + "type": "string" + }, + "description": { + "description": "Description is the base images scope description.\n", + "type": "string" + }, + "images": { + "description": "Images holds the base images which matches the scope configuration, capped to 50 image digests per scope.\n", + "items": { + "$ref": "#/components/schemas/types.BaseImage" + }, + "type": "array" + } + }, + "type": "object" + }, + "types.BffQueryPermissions": { + "description": "BffQueryPermissions are user permissions", + "type": "object" + }, + "types.CSAPairingSettings": { + "description": "CSAPairingSettings is the settings which are received from the CSA during the pairing process", + "properties": { + "apiKey": { + "description": "APIKey is the key to call the CSA API.\n", + "type": "string" + }, + "apiKeyID": { + "description": "APIKeyID is the key ID to call the CSA API.\n", + "type": "string" + }, + "apiURL": { + "description": "APIURL is the CSA API URL.\n", + "type": "string" + }, + "fqdn": { + "description": "FQDN is the fully qualified domain name of CSA tenant.\n", + "type": "string" + }, + "gcpBucketName": { + "description": "GCPBucketName is the name of the GCP bucket.\n", + "type": "string" + }, + "pubSubSubscription": { + "description": "PubSubSubscription is the subscription name to the pub/sub.\n", + "type": "string" + }, + "pubSubSubscriptionDebug": { + "description": "PubSubSubscriptionDebug is the subscription name to the pub/sub for debugging purposes.\n", + "type": "string" + }, + "region": { + "description": "Region is the (GCP) region where the tenant is deployed.\n", + "type": "string" + }, + "serviceAccountKey": { + "description": "ServiceAccountKey is the service account to the pub/sub and bucket.\n", + "type": "string" + } + }, + "type": "object" + }, + "types.CSAStatus": { + "description": "CSAStatus is the CSA status", + "properties": { + "tenantURL": { + "description": "TenantURL is the CSA tenant URL.\n", + "type": "string" + } + }, + "type": "object" + }, + "types.CVEStats": { + "description": "CVEStats represents statistics about a CVE type", + "properties": { + "count": { + "description": "Count is the number of CVEs from the specific type.\n", + "type": "integer" + }, + "distro": { + "description": "Distro is the impacted image distro (e.g., ubuntu).\n", + "type": "string" + }, + "distro_release": { + "description": "DistroRelase is the impacted image distro release (bionic).\n", + "type": "string" + }, + "modified": { + "description": "Modified is the max unix timestamp for the specific CVE.\n", + "format": "int64", + "type": "integer" + }, + "type": { + "description": "Type is the vulnerability type.\n", + "type": "string" + } + }, + "type": "object" + }, + "types.CVEVulnerability": { + "description": "CVEVulnerability holds data on package and files vulnerabilities", + "properties": { + "affected_cpes": { + "$ref": "#/components/schemas/vulnerability.RHELCpeHashes" + }, + "affected_cpes_uuid": { + "description": "AffectedCpesUUID is used to create unique records for vulnerabilities that only differ in their affected CPEs.\n", + "type": "string" + }, + "app_vuln_id": { + "description": "AppVulnID is the unique ID of the application vulnerability (app+cve+internal custom ID).\n", + "type": "string" + }, + "archs": { + "$ref": "#/components/schemas/vulnerability.CPUArchs" + }, + "conditions": { + "$ref": "#/components/schemas/vulnerability.Conditions" + }, + "cpe_ids": { + "$ref": "#/components/schemas/vulnerability.CpeIDs" + }, + "custom": { + "description": "Custom indicates if this is a custom vulnerability.\n", + "type": "boolean" + }, + "cve": { + "description": ".\n", + "type": "string" + }, + "cvss": { + "description": ".\n", + "format": "float", + "type": "number" + }, + "description": { + "description": "Description is the vulnerability description.\n", + "type": "string" + }, + "distro": { + "description": ".\n", + "type": "string" + }, + "distro_release": { + "description": ".\n", + "type": "string" + }, + "exploit": { + "$ref": "#/components/schemas/vulnerability.ExploitType" + }, + "exploits": { + "$ref": "#/components/schemas/vulnerability.Exploits" + }, + "fixDate": { + "description": "FixDate is the date this CVE was fixed (unix timestamp).\n", + "format": "int64", + "type": "integer" + }, + "go_package": { + "description": "GoPackage indicates a Go vulnerability at package-level and holds the package import path.\n", + "type": "string" + }, + "is_rpm_module": { + "description": "IsRPMModule indicates whether this vulnerability is specific to an RPM module.\n", + "type": "boolean" + }, + "jar_identifier": { + "description": "JarIdentifier holds an additional identification detail of the vulnerable JAR.\n", + "type": "string" + }, + "link": { + "description": "Link is the link for information about the vulnerability (used for custom vulnerabilities).\n", + "type": "string" + }, + "link_id": { + "description": "LinkID is the ID required to construct the vendor link to the CVE.\n", + "type": "string" + }, + "modified": { + "description": "Modified is the last time this CVE was modified (unix timestamp).\n", + "format": "int64", + "type": "integer" + }, + "non_vulnerable": { + "description": "NonVulnerable indicates that the CVE in not vulnerable on its own, but only when it comes together with conditional combination of CVE.\n", + "type": "boolean" + }, + "originBuilder": { + "description": "OriginBuilder indicates the origin of the CVE.\n", + "type": "string" + }, + "package": { + "description": ".\n", + "type": "string" + }, + "rh_general_severity": { + "description": "RHGeneralSeverity is the Red Hat's general severity of this CVE.\n", + "type": "string" + }, + "rpm_module": { + "description": "RPMModule represents the RPM module containing the package affected by this vulnerability.\n", + "type": "string" + }, + "rules": { + "$ref": "#/components/schemas/vulnerability.Rules" + }, + "running_on_with": { + "description": "RunningOnWith is NVD \"running On/With\" conditions.\n", + "type": "string" + }, + "security_repo_pkg": { + "description": "SecurityRepoPkg determines if the package belongs to a security repository (e.g. bullseye-security).\n", + "type": "boolean" + }, + "severity": { + "description": ".\n", + "type": "string" + }, + "status": { + "description": "Status is the official vendor state for the CVE.\n", + "type": "string" + }, + "symbols": { + "$ref": "#/components/schemas/vulnerability.Symbols" + }, + "type": { + "$ref": "#/components/schemas/vulnerability.CVEType" + }, + "vecStr": { + "description": "VectorString is the NVD vulnerability string.\n", + "type": "string" + } + }, + "type": "object" + }, + "types.CertData": { + "description": "CertData is used to add a custom certificate to the product", + "properties": { + "certificate": { + "description": "Data is the certificate pem data.\n", + "type": "string" + } + }, + "type": "object" + }, + "types.CertSettings": { + "description": "CertSettings are the certificates settings", + "properties": { + "caExpiration": { + "description": "CAExpiration holds the expiration date of the CA cert.\n", + "format": "date-time", + "type": "string" + }, + "consoleSAN": { + "description": "ConsoleSAN if specified, use this list as the SAN for the console server certificate. Used for websocket and API.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "defenderOldCAExpiration": { + "description": "DefenderOldCAExpiration holds the expiration time of the defender old CA cert.\n", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "types.CertificateSettings": { + "description": "CertificateSettings are the certificate settings", + "properties": { + "accessCaCert": { + "description": "AccessCACert is a custom CA certificate.\n", + "type": "string" + }, + "certificatePeriodDays": { + "description": "CertificatePeriodDays is the certificates period in days.\n", + "type": "integer" + } + }, + "type": "object" + }, + "types.CloudComputeInfo": { + "description": "CloudComputeInfo holds some fields from the compute structure that may be contained in the raw cloud info", + "properties": { + "vmId": { + "description": "VMID (\"vmId\") is a field used in Azure raw struct.\n", + "type": "string" + } + }, + "type": "object" + }, + "types.CloudInfo": { + "description": "CloudInfo holds cloud information of a CSA agent\nTODO #CWP-52951: - Cortex should send us normalized cloud attributes instead of raw data.", + "properties": { + "cloud_provider": { + "$ref": "#/components/schemas/types.CloudProvider" + }, + "raw": { + "$ref": "#/components/schemas/types.CloudRawInfo" + } + }, + "type": "object" + }, + "types.CloudProvider": { + "description": "CloudProvider identifies a cloud provider in the CSA Endpoints API", + "enum": [ + [ + "AWS", + "GCP", + "Azure" + ] + ], + "type": "string" + }, + "types.CloudProviders": { + "items": { + "$ref": "#/components/schemas/common.CloudProvider" + }, + "type": "array" + }, + "types.CloudRawInfo": { + "description": "CloudRawInfo holds some fields that may appear in the raw cloud info, depending on cloud provider\nTODO #CWP-52951: - Cortex should send us normalized cloud attributes instead of raw data.", + "properties": { + "compute": { + "$ref": "#/components/schemas/types.CloudComputeInfo" + }, + "id": { + "description": "ID (\"id\") is a field used in GCP raw struct.\n", + "type": "string" + }, + "instance-id": { + "description": "InstanceID (\"instance-id\") is a field used in AWS raw struct.\n", + "type": "string" + } + }, + "type": "object" + }, + "types.ClusterRadarInfo": { + "description": "ClusterRadarInfo contains cluster information to display on the radar", + "properties": { + "cloudProivder": { + "$ref": "#/components/schemas/common.CloudProvider" + }, + "hostCount": { + "description": "HostCount is the number of host running the cluster.\n", + "type": "integer" + }, + "name": { + "description": "Name of the cluster.\n", + "type": "string" + }, + "namespaceCount": { + "description": "Namespace is the number of namespace in the cluster.\n", + "type": "integer" + } + }, + "type": "object" + }, + "types.ComplianceCategoryStats": { + "description": "ComplianceCategoryStats holds data regarding a compliance category", + "properties": { + "failed": { + "description": "Failed is the count of impacted resources by the category IDs.\n", + "type": "integer" + }, + "name": { + "$ref": "#/components/schemas/vuln.ComplianceCategory" + }, + "total": { + "description": "Total is the count of evaluations of category IDs.\n", + "type": "integer" + } + }, + "type": "object" + }, + "types.ComplianceDailyStats": { + "description": "ComplianceDailyStats is the compliance daily stats", + "properties": { + "_id": { + "description": "Date holds the date the data was collected.\n", + "type": "string" + }, + "distribution": { + "$ref": "#/components/schemas/vuln.Distribution" + }, + "modified": { + "description": "Modified is the time the data was modified.\n", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "types.ComplianceIDStats": { + "description": "ComplianceIDStats holds data regarding applied compliance ID", + "properties": { + "benchmarkID": { + "description": "BenchmarkID is the benchmark ID.\n", + "type": "string" + }, + "category": { + "$ref": "#/components/schemas/vuln.ComplianceCategory" + }, + "description": { + "description": "Description is the compliance description.\n", + "type": "string" + }, + "failed": { + "description": "Failed is the number of occurrences of compliance ID in resources.\n", + "type": "integer" + }, + "id": { + "description": "ID is the compliance ID.\n", + "type": "integer" + }, + "severity": { + "description": "Severity is the compliance severity.\n", + "type": "string" + }, + "templateTitle": { + "description": "TemplateTitle is the template title.\n", + "type": "string" + }, + "total": { + "description": "Total is the count of resources evaluated with the compliance.\n", + "type": "integer" + }, + "type": { + "$ref": "#/components/schemas/vulnerability.Type" + } + }, + "type": "object" + }, + "types.ComplianceStats": { + "description": "ComplianceStats holds compliance data", + "properties": { + "categories": { + "description": "Compliance stats by category.\n", + "items": { + "$ref": "#/components/schemas/types.ComplianceCategoryStats" + }, + "type": "array" + }, + "daily": { + "description": "Daily compliance stats.\n", + "items": { + "$ref": "#/components/schemas/types.ComplianceDailyStats" + }, + "type": "array" + }, + "ids": { + "description": "Compliance data by check ID.\n", + "items": { + "$ref": "#/components/schemas/types.ComplianceIDStats" + }, + "type": "array" + }, + "rules": { + "description": "Compliance stats by policy rules.\n", + "items": { + "$ref": "#/components/schemas/types.RuleComplianceStats" + }, + "type": "array" + }, + "templates": { + "description": "Compliance stats by template.\n", + "items": { + "$ref": "#/components/schemas/types.ComplianceTemplateStats" + }, + "type": "array" + } + }, + "type": "object" + }, + "types.ComplianceTemplateStats": { + "description": "ComplianceTemplateStats holds data regarding a compliance template", + "properties": { + "failed": { + "description": "Failed is the count of impacted resources by the template IDs.\n", + "type": "integer" + }, + "name": { + "$ref": "#/components/schemas/vuln.ComplianceTemplate" + }, + "total": { + "description": "Total is the count of evaluations of template IDs.\n", + "type": "integer" + } + }, + "type": "object" + }, + "types.ConsoleCertificateSettings": { + "description": "ConsoleCertificateSettings are the console certificate settings", + "properties": { + "checkRevocation": { + "description": "CheckRevocation indicates whether cert revocation status is required.\n", + "type": "boolean" + }, + "consoleCaCert": { + "description": "ConsoleCACert is a custom CA certificate for the console.\n", + "type": "string" + }, + "consoleCustomCert": { + "$ref": "#/components/schemas/common.Secret" + }, + "hpkp": { + "$ref": "#/components/schemas/types.HPKPSettings" + } + }, + "type": "object" + }, + "types.ContainerRadarData": { + "description": "ContainerRadarData represent all data relevant to the network radar", + "properties": { + "containerCount": { + "description": "ContainerCount is the total number of containers.\n", + "type": "integer" + }, + "radar": { + "description": "Radar holds all radar entities.\n", + "items": { + "$ref": "#/components/schemas/types.ContainerRadarEntity" + }, + "type": "array" + }, + "radarSubnets": { + "description": "RadarSubnets holds all the radar subnets.\n", + "items": { + "$ref": "#/components/schemas/cnnf.NetworkEntity" + }, + "type": "array" + } + }, + "type": "object" + }, + "types.ContainerRadarEntity": { + "description": "ContainerRadarEntity is the extended container radar entity (include presentation metadata)", + "properties": { + "_id": { + "description": ".\n", + "type": "string" + }, + "agentless": { + "description": "Agentless indicates whether this container was scanned by the agentless scanner.\n", + "type": "boolean" + }, + "allowAll": { + "$ref": "#/components/schemas/cnnf.AllowAllConnections" + }, + "appFirewallAttackCounts": { + "description": "AppFirewallAttackCounts is the counts for the app firewall attacks.\n", + "items": { + "$ref": "#/components/schemas/types.AppFirewallAttackCount" + }, + "type": "array" + }, + "cluster": { + "description": "Cluster is the provided cluster name.\n", + "type": "string" + }, + "complianceDistribution": { + "$ref": "#/components/schemas/vuln.Distribution" + }, + "containerCount": { + "description": "ContainerCount is the amount of containers per entity.\n", + "type": "integer" + }, + "distro": { + "description": ".\n", + "type": "string" + }, + "dns": { + "description": "DNS states whether this is a DNS node.\n", + "type": "boolean" + }, + "filesystemCount": { + "description": ".\n", + "type": "integer" + }, + "firewallProtection": { + "$ref": "#/components/schemas/waas.ProtectionStatus" + }, + "geoip": { + "$ref": "#/components/schemas/runtime.ProfileNetworkGeoIP" + }, + "hasDNSConnection": { + "description": "HasDNSConnection states whether the node has DNS connection.\n", + "type": "boolean" + }, + "hostCount": { + "description": ".\n", + "type": "integer" + }, + "hostname": { + "description": ".\n", + "type": "string" + }, + "imageID": { + "description": "ImageID is the entity's image ID.\n", + "type": "string" + }, + "imageName": { + "description": "ImageName is the entity's image name.\n", + "type": "string" + }, + "imageNames": { + "description": "ImageNames are the names of the image associated with the radar entity.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "incidentCount": { + "description": "IncidentCount is the number of incidents.\n", + "type": "integer" + }, + "incomingConnections": { + "description": "IncomingConnections are the radar entity incoming connections.\n", + "items": { + "$ref": "#/components/schemas/shared.ContainerRadarIncomingConnection" + }, + "type": "array" + }, + "internet": { + "$ref": "#/components/schemas/shared.InternetConnections" + }, + "istio": { + "description": "Istio states whether it is an istio-monitored entity.\n", + "type": "boolean" + }, + "istioAuthorizationPolicies": { + "description": "IstioAuthorizationPolicies are the Istio authorization policies.\n", + "items": { + "$ref": "#/components/schemas/istio.AuthorizationPolicy" + }, + "type": "array" + }, + "k8s": { + "$ref": "#/components/schemas/shared.ProfileKubernetesData" + }, + "label": { + "description": "Label is the entity's label.\n", + "type": "string" + }, + "labels": { + "description": "Labels are the radar entity labels.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "learning": { + "description": "Learning indicates whether the runtime profile associated with the entity is in learning state.\n", + "type": "boolean" + }, + "namespace": { + "description": "Namespace is the kubernetes namespace the entity belongs to (for kubernetes type).\n", + "type": "string" + }, + "networkCount": { + "description": ".\n", + "type": "integer" + }, + "processesCount": { + "description": ".\n", + "type": "integer" + }, + "profileHash": { + "$ref": "#/components/schemas/common.ProfileHash" + }, + "region": { + "description": "Region is the cloud provider region.\n", + "type": "string" + }, + "resolved": { + "description": "Resolved indicates if the entity has all data resolved or just contains the ID and hash, used to indicate if the console should be updated on entity resolving.\n", + "type": "boolean" + }, + "serviceIP": { + "description": "ServiceIP the ip of the kubernetes service (for kubernetes type).\n", + "type": "string" + }, + "serviceName": { + "description": "ServiceName is kubernetes service the entity belongs to (for kubernetes type).\n", + "type": "string" + }, + "servicePorts": { + "description": "ServicePorts are the ports the kubernetes service exposes (for kubernetes type).\n", + "items": { + "$ref": "#/components/schemas/int" + }, + "type": "array" + }, + "shouldSkipNetwork": { + "description": "ShouldSkipNetwork indicates whether network monitoring for this container should be skipeed or not.\n", + "type": "boolean" + }, + "subnetConnections": { + "$ref": "#/components/schemas/shared.SubnetConnections" + }, + "type": { + "$ref": "#/components/schemas/shared.EntityType" + }, + "vulnerabilityDistribution": { + "$ref": "#/components/schemas/vuln.Distribution" + }, + "waasStats": { + "$ref": "#/components/schemas/waas.MonitoringStats" + } + }, + "type": "object" + }, + "types.Count": { + "properties": { + "value": { + "description": ".\n", + "type": "integer" + } + }, + "type": "object" + }, + "types.CredentialUsage": { + "description": "CredentialUsage represents a single credential usage", + "properties": { + "description": { + "description": "Resource description (e.g., repository name for registry scan).\n", + "type": "string" + }, + "type": { + "$ref": "#/components/schemas/cred.UsageType" + } + }, + "type": "object" + }, + "types.DefenderSummary": { + "description": "DefenderSummary is a summary for a type of defender", + "properties": { + "category": { + "$ref": "#/components/schemas/defender.Category" + }, + "connected": { + "description": "Connected counts how many defenders are connected for this category.\n", + "type": "integer" + }, + "deployed": { + "description": "Deployed counts how many defenders are deployed for this category.\n", + "type": "integer" + }, + "licensed": { + "description": "Licensed counts how many defenders are licensed for this category.\n", + "type": "integer" + } + }, + "type": "object" + }, + "types.DefenderUsage": { + "description": "DefenderUsage holds the number of defenders and the credits used for a specific defender type", + "properties": { + "creditCount": { + "description": "CreditCount is credits that was used for this defender type.\n", + "format": "double", + "type": "number" + }, + "defendersCount": { + "description": "DefendersCount is the number of defenders that was used for this defender type.\n", + "format": "double", + "type": "number" + } + }, + "type": "object" + }, + "types.DefendersVersionCount": { + "description": "DefendersVersionCount holds the defenders count per each version", + "properties": { + "count": { + "description": "Defenders count per version.\n", + "type": "integer" + }, + "version": { + "description": "Release version.\n", + "type": "string" + } + }, + "type": "object" + }, + "types.DiscoveredVM": { + "description": "DiscoveredVM represents the information about the instance, fetched from the cloud compute interface", + "properties": { + "_id": { + "description": "ID is the instance id. E.g. \"i-5cd23551\".\n", + "type": "string" + }, + "accountID": { + "description": "AccountID is the cloud provider account ID.\n", + "type": "string" + }, + "architecture": { + "description": "Architecture is the architecture of the image.\n", + "type": "string" + }, + "arn": { + "description": "The Amazon Resource Name (ARN) assigned to the instance.\n", + "type": "string" + }, + "awsSubnetID": { + "description": "AWSSubnetID is the ID of the subnet associated with the VM (AWS only).\n", + "type": "string" + }, + "awsVPCID": { + "description": "AWSVPCID is the ID of the VPC associated with the VM (AWS only).\n", + "type": "string" + }, + "cluster": { + "description": "Cluster is the cluster name that is associated with the vm.\n", + "type": "string" + }, + "collections": { + "description": "Collections is a list of the matched collections.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "createdAt": { + "description": "CreatedAt is the time when the instance was launched.\n", + "format": "date-time", + "type": "string" + }, + "fqdn": { + "description": "FQDN is the host's fully qualified domain name . E.g. \"ip-192-0-2-0.us-east-2.compute.internal\".\n", + "type": "string" + }, + "hasDefender": { + "description": "HasDefender indicates that the instance has a defender installed on it.\n", + "type": "boolean" + }, + "hostname": { + "description": "Hostname is the hostname. E.g. \"ip-192-0-2-0\" or \"custom\".\n", + "type": "string" + }, + "imageID": { + "description": "ImageID is the ID of the AMI used to launch the instance. E.g. \"ami-35501205\".\n", + "type": "string" + }, + "imageName": { + "description": "ImageName is the name of the AMI used to launch the instance.\n", + "type": "string" + }, + "name": { + "description": "Name is the instance name.\n", + "type": "string" + }, + "os": { + "description": "OS is the Operating System installed on the instance.\n", + "type": "string" + }, + "osInfo": { + "$ref": "#/components/schemas/common.OSDistroInfo" + }, + "provider": { + "$ref": "#/components/schemas/common.CloudProvider" + }, + "region": { + "description": "Region is the region the VM is located at.\n", + "type": "string" + }, + "tags": { + "description": "Tags are the tags of the VM instance.\n", + "items": { + "$ref": "#/components/schemas/common.ExternalLabel" + }, + "type": "array" + }, + "timestamp": { + "description": "Timestamp is the time in which the instance info was fetched.\n", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "types.EcsTaskDefinitionOptions": { + "description": "EcsTaskDefinitionOptions holds the ecs deployment options", + "properties": { + "annotations": { + "additionalProperties": { + "$ref": "#/components/schemas/string" + }, + "description": "Annotations is mapping of key-value pairs of annotations metadata - optional.\n", + "type": "object" + }, + "bottlerocket": { + "description": "Bottlerocket indicates whether to be deployed on a Bottlerocket Linux OS.\n", + "type": "boolean" + }, + "cluster": { + "description": "Cluster is the kubernetes or ecs cluster name.\n", + "type": "string" + }, + "clusterNameResolvingMethod": { + "description": "ClusterNameResolvingMethod is the method used to resolve the cluster name, could be default, manual or api-server.\n", + "type": "string" + }, + "collectPodLabels": { + "description": "CollectPodLabels indicates whether to collect pod related labels resource labels.\n", + "type": "boolean" + }, + "consoleAddr": { + "description": "ConsoleAddr is the console address for defender communication.\n", + "type": "string" + }, + "containerRuntime": { + "$ref": "#/components/schemas/common.ContainerRuntime" + }, + "cpuLimit": { + "description": "CPULimit is the cpu limit for the defender deamonset - optional.\n", + "type": "integer" + }, + "credentialID": { + "description": "CredentialID is the name of the credential used.\n", + "type": "string" + }, + "dockerSocketPath": { + "description": "DockerSocketPath is the path of the docker socket file.\n", + "type": "string" + }, + "gkeAutopilot": { + "description": "GKEAutopilot indicates the deployment is requested for GKE Autopilot.\n", + "type": "boolean" + }, + "hostCustomComplianceEnabled": { + "description": "HostCustomComplianceEnabled indicates whether host custom compliance checks are enabled.\n", + "type": "boolean" + }, + "image": { + "description": "Image is the full daemonset image name.\n", + "type": "string" + }, + "istio": { + "description": "MonitorIstio indicates whether to monitor Istio.\n", + "type": "boolean" + }, + "memoryLimit": { + "description": "MemoryLimit is a memory limit for the defender deamonset - optional.\n", + "type": "integer" + }, + "namespace": { + "description": "Namespace is the target deamonset namespaces.\n", + "type": "string" + }, + "nodeSelector": { + "description": "NodeSelector is a key/value node selector.\n", + "type": "string" + }, + "orchestration": { + "description": "Orchestration is the orchestration type.\n", + "type": "string" + }, + "priorityClassName": { + "description": "PriorityClassName is the name of the priority class for the defender - optional.\n", + "type": "string" + }, + "privileged": { + "description": "Privileged indicates whether to run defenders as privileged.\n", + "type": "boolean" + }, + "projectID": { + "description": "ProjectID is the kubernetes cluster project ID.\n", + "type": "string" + }, + "proxy": { + "$ref": "#/components/schemas/common.DefenderProxyOpt" + }, + "region": { + "description": "Region is the kubernetes cluster location region.\n", + "type": "string" + }, + "roleARN": { + "description": "RoleARN is the role's ARN to associate with the created service account - optional.\n", + "type": "string" + }, + "secretsname": { + "description": "SecretsName is the name of the secret to pull.\n", + "type": "string" + }, + "selinux": { + "description": "SelinuxEnforced indicates whether selinux is enforced on the target host.\n", + "type": "boolean" + }, + "serviceaccounts": { + "description": "MonitorServiceAccounts indicates whether to monitor service accounts.\n", + "type": "boolean" + }, + "talos": { + "description": "Talos indicates if the daemonset is to be deployed on a Talos Linux k8s cluster.\n", + "type": "boolean" + }, + "taskName": { + "description": "TaskName is the name used for the task definition.\n", + "type": "string" + }, + "tolerations": { + "description": "Tolerations is a list of tolerations for the defender deamonset - optional.\n", + "items": { + "$ref": "#/components/schemas/common.Toleration" + }, + "type": "array" + }, + "uniqueHostname": { + "description": "UniqueHostname indicates whether to assign unique hostnames.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "types.Endpoint": { + "description": "Endpoint represents a Cortex XDR agent", + "properties": { + "active_directory": { + "description": ".\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "alias": { + "description": ".\n", + "type": "string" + }, + "assigned_extensions_policy": { + "description": ".\n", + "type": "string" + }, + "assigned_prevention_policy": { + "description": ".\n", + "type": "string" + }, + "cloud_info": { + "$ref": "#/components/schemas/types.CloudInfo" + }, + "cloud_labels": { + "description": ".\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "cloud_provider_account_id": { + "description": ".\n", + "type": "string" + }, + "cloud_security_agent_capable": { + "description": ".\n", + "type": "boolean" + }, + "cloud_security_agent_mode": { + "description": ".\n", + "type": "boolean" + }, + "cluster_name": { + "description": ".\n", + "type": "string" + }, + "content_release_timestamp": { + "description": ".\n", + "format": "int64", + "type": "integer" + }, + "content_status": { + "description": ".\n", + "type": "string" + }, + "content_version": { + "description": ".\n", + "type": "string" + }, + "domain": { + "description": ".\n", + "type": "string" + }, + "endpoint_id": { + "description": "EndpointID is the Endpoint unique identifier.\n", + "type": "string" + }, + "endpoint_name": { + "description": "EndpointName is the hostname.\n", + "type": "string" + }, + "endpoint_status": { + "description": ".\n", + "type": "string" + }, + "endpoint_type": { + "description": ".\n", + "type": "string" + }, + "endpoint_version": { + "description": ".\n", + "type": "string" + }, + "first_seen": { + "description": ".\n", + "format": "int64", + "type": "integer" + }, + "group_name": { + "description": ".\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "install_date": { + "description": ".\n", + "format": "int64", + "type": "integer" + }, + "installation_package": { + "description": ".\n", + "type": "string" + }, + "ip": { + "description": ".\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "ipv6": { + "description": ".\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "is_isolated": { + "description": ".\n", + "type": "string" + }, + "isolated_date": { + "description": ".\n", + "format": "int64", + "type": "integer" + }, + "last_content_update_time": { + "description": ".\n", + "format": "int64", + "type": "integer" + }, + "last_seen": { + "description": "LastSeen is the last time the Endpoint was seen connected (UTC epoch milliseconds).\n", + "format": "int64", + "type": "integer" + }, + "mac_address": { + "description": ".\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "operating_system": { + "description": ".\n", + "type": "string" + }, + "operational_status": { + "description": ".\n", + "type": "string" + }, + "operational_status_description": { + "description": ".\n", + "type": "string" + }, + "operational_status_details": { + "description": ".\n", + "items": { + "$ref": "#/components/schemas/types.OperationalStatusDetail" + }, + "type": "array" + }, + "os_type": { + "description": ".\n", + "type": "string" + }, + "os_version": { + "description": ".\n", + "type": "string" + }, + "public_ip": { + "description": ".\n", + "type": "string" + }, + "scan_status": { + "description": ".\n", + "type": "string" + }, + "tags": { + "$ref": "#/components/schemas/types.Tags" + }, + "token_hash": { + "description": ".\n", + "type": "string" + }, + "users": { + "description": ".\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + "type": "object" + }, + "types.EventStats": { + "description": "EventStats holds counters for all event types", + "properties": { + "admissionAudits": { + "description": ".\n", + "type": "integer" + }, + "agentlessAppFirewall": { + "description": ".\n", + "type": "integer" + }, + "appEmbeddedAppFirewall": { + "description": ".\n", + "type": "integer" + }, + "appEmbeddedRuntime": { + "description": ".\n", + "type": "integer" + }, + "containerAppFirewall": { + "description": ".\n", + "type": "integer" + }, + "containerNetworkFirewall": { + "description": ".\n", + "type": "integer" + }, + "containerRuntime": { + "description": ".\n", + "type": "integer" + }, + "containerSecurityEvents": { + "description": "Cloud Security Agent event stats.\n", + "type": "integer" + }, + "dockerAccess": { + "description": ".\n", + "type": "integer" + }, + "fileIntegrity": { + "description": ".\n", + "type": "integer" + }, + "hostActivities": { + "description": ".\n", + "type": "integer" + }, + "hostAppFirewall": { + "description": ".\n", + "type": "integer" + }, + "hostNetworkFirewall": { + "description": ".\n", + "type": "integer" + }, + "hostRuntime": { + "description": ".\n", + "type": "integer" + }, + "hostSecurityEvents": { + "description": ".\n", + "type": "integer" + }, + "kubernetesAudits": { + "description": ".\n", + "type": "integer" + }, + "logInspection": { + "description": ".\n", + "type": "integer" + }, + "serverlessAppFirewall": { + "description": ".\n", + "type": "integer" + }, + "serverlessRuntime": { + "description": ".\n", + "type": "integer" + }, + "trustAudits": { + "description": ".\n", + "type": "integer" + } + }, + "type": "object" + }, + "types.Group": { + "description": "Group represents a console group", + "properties": { + "_id": { + "description": "Group name.\n", + "type": "string" + }, + "groupId": { + "description": "Group identifier in the Azure SAML identification process.\n", + "type": "string" + }, + "groupName": { + "description": "Group name.\n", + "type": "string" + }, + "lastModified": { + "description": "Datetime when the group was created or last modified.\n", + "format": "date-time", + "type": "string" + }, + "ldapGroup": { + "description": "Indicates if the group is an LDAP group (true) or not (false).\n", + "type": "boolean" + }, + "oauthGroup": { + "description": "Indicates if the group is an OAuth group (true) or not (false).\n", + "type": "boolean" + }, + "oidcGroup": { + "description": "Indicates if the group is an OpenID Connect group (true) or not (false).\n", + "type": "boolean" + }, + "owner": { + "description": "User who created or modified the group.\n", + "type": "string" + }, + "permissions": { + "$ref": "#/components/schemas/api.Permissions" + }, + "role": { + "description": "Role of the group.\n", + "type": "string" + }, + "samlGroup": { + "description": "Indicates if the group is a SAML group (true) or not (false).\n", + "type": "boolean" + }, + "user": { + "description": "Users in the group.\n", + "items": { + "$ref": "#/components/schemas/shared.User" + }, + "type": "array" + } + }, + "type": "object" + }, + "types.Groups": { + "description": "Groups represents a list of groups", + "items": { + "$ref": "#/components/schemas/types.Group" + }, + "type": "array" + }, + "types.HPKPSettings": { + "description": "HPKPSettings represents the public key pinning settings", + "properties": { + "certs": { + "description": "Certs are the public certs used for fingerprinting.\n", + "type": "string" + }, + "enabled": { + "description": ".\n", + "type": "boolean" + }, + "fingerprints": { + "description": "SHA256 fingerprints of the certificates.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + "type": "object" + }, + "types.HostAssetInfo": { + "properties": { + "accountID": { + "description": ".\n", + "type": "string" + }, + "cluster": { + "description": ".\n", + "type": "string" + }, + "collections": { + "description": "Collections to which this result applies.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "distro": { + "description": ".\n", + "type": "string" + }, + "docker": { + "description": ".\n", + "type": "string" + }, + "kubernetes": { + "description": ".\n", + "type": "string" + }, + "lastScanTime": { + "description": ".\n", + "format": "date-time", + "type": "string" + }, + "name": { + "description": ".\n", + "type": "string" + }, + "osDistro": { + "description": ".\n", + "type": "string" + }, + "osRelease": { + "description": ".\n", + "type": "string" + }, + "provider": { + "$ref": "#/components/schemas/common.CloudProvider" + }, + "region": { + "description": ".\n", + "type": "string" + }, + "resourceName": { + "description": ".\n", + "type": "string" + }, + "scanPassed": { + "description": ".\n", + "type": "boolean" + }, + "scannedBy": { + "description": ".\n", + "type": "string" + }, + "stage": { + "description": ".\n", + "type": "string" + }, + "vmImage": { + "description": ".\n", + "type": "string" + } + }, + "type": "object" + }, + "types.HostAssetsSummary": { + "properties": { + "cloudProviders": { + "$ref": "#/components/schemas/types.CloudProviders" + }, + "total": { + "description": ".\n", + "type": "integer" + }, + "vulnerable": { + "description": "Vulnerable is the number of images with impactful vulnerabilities.\n", + "type": "integer" + } + }, + "type": "object" + }, + "types.HostAutoDeploySpecStatus": { + "description": "HostAutoDeploySpecStatus contains the discovery and deployment status for a particular host auto-deploy spec", + "properties": { + "defended": { + "description": "Defended is the number of already defended VMs.\n", + "type": "integer" + }, + "discovered": { + "description": "Discovered is the number of discovered unprodected VMs.\n", + "type": "integer" + }, + "error": { + "description": "Error is an error logged during the the auto-deploy scan (if occurred).\n", + "type": "string" + }, + "errors": { + "description": "Errors are the errors occurred in the command invocations.\n", + "items": { + "$ref": "#/components/schemas/deployment.CommandError" + }, + "type": "array" + }, + "failed": { + "description": "Failed is the number of instances where deployment failed.\n", + "type": "integer" + }, + "missingPermissions": { + "description": "MissingPermissions is the number of instances in regions that the credential don't have permissions to them.\n", + "type": "integer" + }, + "name": { + "description": "Name is the spec name.\n", + "type": "string" + }, + "skipped": { + "description": "Skipped is the number of instances that the deployment was skipped for due to having a running Docker engine or being a worker node in a k8s cluster.\n", + "type": "integer" + }, + "unmatched": { + "description": "Unmatched is the number of discovered instances for which the scope does not apply.\n", + "type": "integer" + }, + "unsupported": { + "description": "Unsupported is the number of instances with missing prerequisites.\n", + "type": "integer" + }, + "windows": { + "description": "Windows is the number of windows instances discovered.\n", + "type": "integer" + } + }, + "type": "object" + }, + "types.HostAutoDeployStatus": { + "description": "HostAutoDeployStatus is the status of the deployment tasks per spec during the host auto-deploy action", + "properties": { + "scanning": { + "description": "Scanning indicates whether scanning is running.\n", + "type": "boolean" + }, + "status": { + "description": "Status contains the deploy status for each spec.\n", + "items": { + "$ref": "#/components/schemas/types.HostAutoDeploySpecStatus" + }, + "type": "array" + } + }, + "type": "object" + }, + "types.HostRadarData": { + "description": "HostRadarData represent all data relevant to the network radar", + "properties": { + "hostCount": { + "description": "HostCount is the total number of hosts.\n", + "type": "integer" + }, + "radar": { + "description": "Radar holds all radar entities.\n", + "items": { + "$ref": "#/components/schemas/types.HostRadarEntity" + }, + "type": "array" + }, + "radarSubnets": { + "description": "RadarSubnets holds all the radar subnets.\n", + "items": { + "$ref": "#/components/schemas/cnnf.NetworkEntity" + }, + "type": "array" + } + }, + "type": "object" + }, + "types.HostRadarEntity": { + "description": "HostRadarEntity is the extended host radar entity (include presentation metadata)", + "properties": { + "OSDistro": { + "description": "OSDistro is the OS distro name (e.g., ubuntu).\n", + "type": "string" + }, + "_id": { + "description": "ID is the host name.\n", + "type": "string" + }, + "activitiesCount": { + "description": "ActivitiesCount is the number of activities detected in the host.\n", + "type": "integer" + }, + "agentless": { + "description": "Agentless indicates whether this host was scanned by the agentless scanner.\n", + "type": "boolean" + }, + "allowAll": { + "$ref": "#/components/schemas/cnnf.AllowAllConnections" + }, + "appFirewallAttackCounts": { + "description": "AppFirewallAttackCounts is the counts for the app firewall attacks.\n", + "items": { + "$ref": "#/components/schemas/types.AppFirewallAttackCount" + }, + "type": "array" + }, + "cloudMetadata": { + "$ref": "#/components/schemas/common.CloudMetadata" + }, + "cluster": { + "description": "Cluster is the cluster the host is deployed on.\n", + "type": "string" + }, + "complianceDistribution": { + "$ref": "#/components/schemas/vuln.Distribution" + }, + "created": { + "description": "Created is the profile creation time.\n", + "format": "date-time", + "type": "string" + }, + "fileIntegrityCount": { + "description": "FileIntegrityCount is the number of file integrity events detected in the host.\n", + "type": "integer" + }, + "filesystemCount": { + "description": "FilesystemCount is number of filesystem events triggered by the entity.\n", + "type": "integer" + }, + "firewallProtection": { + "$ref": "#/components/schemas/waas.ProtectionStatus" + }, + "geoip": { + "$ref": "#/components/schemas/runtime.ProfileNetworkGeoIP" + }, + "incidentCount": { + "description": "IncidentCount is the number of incidents triggered by the entity.\n", + "type": "integer" + }, + "incoming": { + "description": "Incoming are the incoming connections from the host.\n", + "items": { + "$ref": "#/components/schemas/shared.HostRadarIncomingConnection" + }, + "type": "array" + }, + "internet": { + "$ref": "#/components/schemas/shared.InternetConnections" + }, + "labels": { + "description": "Labels are the labels associated with the profile.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "listeningPorts": { + "$ref": "#/components/schemas/common.ProfilePortData" + }, + "logInspectionCount": { + "description": "LogInspectionCount is the number of log inspection events detected in the host.\n", + "type": "integer" + }, + "networkCount": { + "description": "NetworkCount is number of network events triggered by the entity.\n", + "type": "integer" + }, + "outboundPorts": { + "$ref": "#/components/schemas/common.ProfilePortData" + }, + "processesCount": { + "description": "ProcessesCount is the number of processes events triggered by the entity.\n", + "type": "integer" + }, + "profileHash": { + "$ref": "#/components/schemas/common.ProfileHash" + }, + "subnetConnections": { + "$ref": "#/components/schemas/shared.SubnetConnections" + }, + "vulnerabilityDistribution": { + "$ref": "#/components/schemas/vuln.Distribution" + }, + "waasStats": { + "$ref": "#/components/schemas/waas.MonitoringStats" + } + }, + "type": "object" + }, + "types.ImageAssetInfo": { + "properties": { + "collections": { + "description": "Collections to which this result applies.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "digest": { + "description": ".\n", + "type": "string" + }, + "distro": { + "description": ".\n", + "type": "string" + }, + "imageID": { + "description": ".\n", + "type": "string" + }, + "lastScanTime": { + "description": ".\n", + "format": "date-time", + "type": "string" + }, + "name": { + "description": ".\n", + "type": "string" + }, + "osDistro": { + "description": ".\n", + "type": "string" + }, + "osRelease": { + "description": ".\n", + "type": "string" + }, + "registry": { + "description": ".\n", + "type": "string" + }, + "repository": { + "description": ".\n", + "type": "string" + }, + "scanPassed": { + "description": ".\n", + "type": "boolean" + }, + "scannedBy": { + "description": ".\n", + "type": "string" + }, + "stage": { + "description": ".\n", + "type": "string" + } + }, + "type": "object" + }, + "types.ImageAssetsSummary": { + "properties": { + "cloudProviders": { + "$ref": "#/components/schemas/types.CloudProviders" + }, + "stages": { + "$ref": "#/components/schemas/types.Stages" + }, + "vulnerable": { + "description": "Vulnerable is the number of images with impactful vulnerabilities.\n", + "type": "integer" + } + }, + "type": "object" + }, + "types.ImageScanOptions": { + "description": "ImageScanOptions holds the options for image scanning", + "properties": { + "hostname": { + "description": "Hostname is the optional host name to scan.\n", + "type": "string" + }, + "imageTag": { + "$ref": "#/components/schemas/shared.ImageTag" + } + }, + "type": "object" + }, + "types.ImpactedContainer": { + "description": "ImpactedContainer contains details of a running container with an impacted image", + "properties": { + "container": { + "description": ".\n", + "type": "string" + }, + "factors": { + "$ref": "#/components/schemas/types.RiskScoreFactors" + }, + "host": { + "description": ".\n", + "type": "string" + }, + "image": { + "description": ".\n", + "type": "string" + }, + "imageID": { + "description": ".\n", + "type": "string" + }, + "namespace": { + "description": ".\n", + "type": "string" + } + }, + "type": "object" + }, + "types.ImpactedOutOfBandEntity": { + "description": "ImpactedOutOfBandEntity holds the info of an impacted out of band entity", + "properties": { + "containerName": { + "description": "ContainerName is the name of the container or empty for host.\n", + "type": "string" + }, + "hostname": { + "description": "Hostname is the name of the host that was scanned or host on which the container is deployed.\n", + "type": "string" + }, + "image": { + "description": "Image is the image name of the container or empty for host.\n", + "type": "string" + } + }, + "type": "object" + }, + "types.ImpactedPackage": { + "description": "ImpactedPackage holds the vulnerability details for a package", + "properties": { + "cvss": { + "description": "CVSS is the vulnerability cvss score for this package.\n", + "format": "float", + "type": "number" + }, + "package": { + "description": "Package is the impacted package name and version.\n", + "type": "string" + }, + "severity": { + "description": "Severity is the vulnerability severity for this package.\n", + "type": "string" + } + }, + "type": "object" + }, + "types.ImpactedResourceDetails": { + "description": "ImpactedResourceDetails holds the vulnerability details for a specific impacted resource", + "properties": { + "containers": { + "description": "Containers are the running containers of this image found in the environment.\n", + "items": { + "$ref": "#/components/schemas/types.ImpactedContainer" + }, + "type": "array" + }, + "functionDetails": { + "description": "FunctionDetails is a formatted string holding function details.\n", + "type": "string" + }, + "packages": { + "description": "Packages holds vulnerability details per impacted package found in this resource.\n", + "items": { + "$ref": "#/components/schemas/types.ImpactedPackage" + }, + "type": "array" + }, + "resourceID": { + "description": "ResourceID is a resource identifier (e.g. image ID, hostname).\n", + "type": "string" + } + }, + "type": "object" + }, + "types.IntelligenceStatus": { + "description": "IntelligenceStatus stores the status on the intelligence service", + "properties": { + "connected": { + "description": ".\n", + "type": "boolean" + }, + "err": { + "description": ".\n", + "type": "string" + }, + "lastUpdate": { + "description": ".\n", + "format": "date-time", + "type": "string" + }, + "modified": { + "description": ".\n", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "types.IssueType": { + "description": "IssueType is used to filter scan results by issue type", + "enum": [ + [ + "vulnerabilities", + "compliance", + "" + ] + ], + "type": "string" + }, + "types.LatestVersion": { + "description": "LatestVersion represents the latest remote product version", + "properties": { + "latestVersion": { + "description": "LatestVersion is the latest official product version.\n", + "type": "string" + } + }, + "type": "object" + }, + "types.LicenseStats": { + "description": "LicenseStats holds the console license stats", + "properties": { + "avg": { + "description": "Avg is the average number of credits.\n", + "format": "double", + "type": "number" + }, + "containerDefenders": { + "description": "ContainerDefenders is the total number of container defenders.\n", + "type": "integer" + }, + "dailySamplesDefenders": { + "description": "DailySamplesDefenders holds the last 30 daily credits averages.\n", + "items": { + "$ref": "#/components/schemas/float64" + }, + "type": "array" + }, + "exceeded": { + "description": "Exceeded indicates the number of credits exceeded license.\n", + "type": "boolean" + }, + "hostDefenders": { + "description": "HostDefenders is the total number of host defenders.\n", + "type": "integer" + }, + "hourAvg": { + "description": "HourAvg is the average number of credits per hour.\n", + "format": "double", + "type": "number" + }, + "hourSamples": { + "description": "HourSamples is the number of hourly samples collected.\n", + "format": "double", + "type": "number" + }, + "monthlyUsage": { + "description": "MonthlyUsage holds the last 24 monthly usage averages.\n", + "items": { + "$ref": "#/components/schemas/types.AllDefendersUsage" + }, + "type": "array" + }, + "msg": { + "description": "Msg is the license exceeded error/warning message to show.\n", + "type": "string" + }, + "onDemandCredits": { + "description": "OnDemandCredits is the number of on demand credits used during the current contract.\n", + "type": "integer" + }, + "protectedFunctions": { + "description": "ProtectedFunctions is the number of serverless functions that have a defender installed.\n", + "format": "double", + "type": "number" + }, + "scannedFunctions": { + "description": "ScannedFunctions is the number functions being scanned for vulnerabilities and compliance issues without a defender installed.\n", + "format": "double", + "type": "number" + }, + "serverlessTimestamp": { + "description": "ServerlessTimestamp is the timestamp for the last serverless credit calculation.\n", + "format": "date-time", + "type": "string" + }, + "timestamp": { + "description": "Timestamp is the last collection timestamp.\n", + "format": "date-time", + "type": "string" + }, + "totalCreditUsage": { + "description": "TotalCreditUsage is the total amount of credits used from the beginning of the current contract.\n", + "type": "integer" + } + }, + "type": "object" + }, + "types.LogUploadResponse": { + "description": "LogUploadResponse returns the result of uploading a file to the intelligence", + "properties": { + "remotePath": { + "description": "Path returned by the intelligence.\n", + "type": "string" + } + }, + "type": "object" + }, + "types.LogonSettings": { + "description": "LogonSettings are settings associated with the login properties", + "properties": { + "basicAuthDisabled": { + "description": "Indicates whether the user can use basic auth.\n", + "type": "boolean" + }, + "includeTLS": { + "description": "IncludeTLS indicates that TLS checks should be included in copy links.\n", + "type": "boolean" + }, + "sessionTimeoutSec": { + "description": "SessionTimeoutSec defines the session timeout in seconds.\n", + "format": "int64", + "type": "integer" + }, + "strongPassword": { + "description": "StrongPassword indicates whether strong password enforcement is applied.\n", + "type": "boolean" + }, + "useSupportCredentials": { + "description": "UseSupportCredentials indicates whether to include credentials in the URL.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "types.MgmtAuditFilters": { + "description": "MgmtAuditFilters are filters for management audit queries", + "properties": { + "type": { + "description": "Type is the management audit type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "username": { + "description": "Usernames is a filter for specific users.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + "type": "object" + }, + "types.NetworkFirewallStats": { + "description": "NetworkFirewallStats stores the total amount of network firewall audits", + "properties": { + "alerted": { + "description": ".\n", + "type": "integer" + }, + "blocked": { + "description": ".\n", + "type": "integer" + } + }, + "type": "object" + }, + "types.OperationalStatusDetail": { + "properties": { + "reason": { + "description": ".\n", + "type": "string" + }, + "title": { + "description": ".\n", + "type": "string" + } + }, + "type": "object" + }, + "types.ProfileStateUpdate": { + "description": "ProfileStateUpdate is the request for updating profile state", + "properties": { + "profileID": { + "description": "ID is the profile ID to relearn.\n", + "type": "string" + }, + "state": { + "$ref": "#/components/schemas/shared.RuntimeProfileState" + } + }, + "type": "object" + }, + "types.Project": { + "description": "Project represent the project details", + "properties": { + "_id": { + "description": "ID is the project name (primary index).\n", + "type": "string" + }, + "address": { + "description": "Address is the project address.\n", + "type": "string" + }, + "ca": { + "description": "CACertificate is the remote console CA certificate.\n", + "items": { + "$ref": "#/components/schemas/byte" + }, + "type": "array" + }, + "creationTime": { + "description": "CreationTime is the remote project creation time.\n", + "format": "date-time", + "type": "string" + }, + "err": { + "description": "Err are errors that happened during project synchronization / setup.\n", + "type": "string" + }, + "password": { + "$ref": "#/components/schemas/common.Secret" + }, + "skipCertificateVerification": { + "description": "SkipCertificateVerification indicates that the connection to the secondary project is done on insecure channel, this is used when secondary\nproject is behind a proxy or when customer is using custom certs.\n", + "type": "boolean" + }, + "username": { + "description": "Username is the remote project username.\n", + "type": "string" + } + }, + "type": "object" + }, + "types.ProjectCredentials": { + "description": "ProjectCredentials are the supervisor project credentials", + "properties": { + "password": { + "description": "Password is the password used for the deleted project access.\n", + "type": "string" + }, + "user": { + "description": "User is the user used for the deleted project access.\n", + "type": "string" + } + }, + "type": "object" + }, + "types.RegistryWebhookRequest": { + "description": "RegistryWebhookRequest is a registry scanning webhook request.\nSchema supports multiple webhook providers:\nhttps://docs.docker.com/docker-hub/webhooks/\nhttps://docs.docker.com/registry/notifications/", + "properties": { + "action": { + "description": "Action is the webhook action.\n", + "type": "string" + }, + "artifactory": { + "$ref": "#/components/schemas/types.ArtifactoryWebhookRequest" + }, + "domain": { + "description": "Domain indicates the artifactory webhook domain (e.g., artifact, docker, build, etc). Used to avoid filter docker events.\n", + "type": "string" + }, + "event_type": { + "description": "EventType is the artifactory webhook action performed (e.g., push).\n", + "type": "string" + }, + "type": { + "description": "Type is the event type (Harbor registry).\n", + "type": "string" + } + }, + "type": "object" + }, + "types.RelatedImage": { + "properties": { + "name": { + "description": ".\n", + "type": "string" + }, + "scanStatus": { + "description": ".\n", + "type": "boolean" + }, + "uaiID": { + "description": ".\n", + "type": "string" + } + }, + "type": "object" + }, + "types.RelatedImages": { + "properties": { + "build": { + "description": ".\n", + "items": { + "$ref": "#/components/schemas/types.RelatedImage" + }, + "type": "array" + }, + "deploy": { + "description": ".\n", + "items": { + "$ref": "#/components/schemas/types.RelatedImage" + }, + "type": "array" + }, + "run": { + "description": ".\n", + "items": { + "$ref": "#/components/schemas/types.RelatedImage" + }, + "type": "array" + } + }, + "type": "object" + }, + "types.ResourceVulnerabilityStats": { + "description": "ResourceVulnerabilityStats holds vulnerability stats of a single resource type", + "properties": { + "count": { + "description": "Count is the total number of vulnerabilities.\n", + "type": "integer" + }, + "cves": { + "$ref": "#/components/schemas/vuln.Distribution" + }, + "impacted": { + "$ref": "#/components/schemas/vuln.Distribution" + }, + "vulnerabilities": { + "description": "All resource vulnerabilities.\n", + "items": { + "$ref": "#/components/schemas/types.VulnerabilityInfo" + }, + "type": "array" + } + }, + "type": "object" + }, + "types.RiskScoreFactors": { + "description": "RiskScoreFactors holds factors used to calculate risk score", + "properties": { + "envVarSecrets": { + "description": "EnvVarSecrets indicates whether a container has access to secrets via environment variables.\n", + "type": "boolean" + }, + "hostAccess": { + "description": "HostAccess indicates whether a container has access to the host network or namespace.\n", + "type": "boolean" + }, + "internet": { + "description": "Internet indicates whether a container has internet access.\n", + "type": "boolean" + }, + "network": { + "description": "Network indicates whether a container is listening to ports.\n", + "type": "boolean" + }, + "noSecurityProfile": { + "description": "NoSecurityProfile indicates whether a container has security profile issue.\n", + "type": "boolean" + }, + "privilegedContainer": { + "description": "PrivilegedContainer indicates whether a container runs using the --privileged flag.\n", + "type": "boolean" + }, + "rootMount": { + "description": "RootMount indicates whether a container has access to the host file system using a root mount.\n", + "type": "boolean" + }, + "rootPrivilege": { + "description": "RootPrivilege indicates whether a container runs as root.\n", + "type": "boolean" + }, + "runtimeSocket": { + "description": "RuntimeSocket indicates whether a container has the runtime socket mounted.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "types.RuleComplianceStats": { + "description": "RuleComplianceStats holds data regarding applied compliance rule", + "properties": { + "failed": { + "description": "Failed is the count of the rule compliance IDs in resources.\n", + "type": "integer" + }, + "name": { + "description": "Name is the name of the applied rule.\n", + "type": "string" + }, + "policyType": { + "$ref": "#/components/schemas/common.PolicyType" + }, + "total": { + "description": "Total is the count of evaluations done by rule.\n", + "type": "integer" + } + }, + "type": "object" + }, + "types.RuntimeStats": { + "description": "RuntimeStats are stats for runtime flows (sum of audits per flow)", + "properties": { + "filesystem": { + "description": ".\n", + "type": "integer" + }, + "kubernetes": { + "description": ".\n", + "type": "integer" + }, + "network": { + "description": ".\n", + "type": "integer" + }, + "processes": { + "description": ".\n", + "type": "integer" + } + }, + "type": "object" + }, + "types.SecretsStatus": { + "description": "SecretsStatus holds the update status for the secrets", + "properties": { + "err": { + "description": ".\n", + "type": "string" + }, + "lastUpdate": { + "description": ".\n", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "types.SecurityAdvisorConfiguration": { + "description": "SecurityAdvisorConfiguration is the security configuration associated with security advisor", + "properties": { + "accountID": { + "description": "AccountID is the customer account ID.\n", + "type": "string" + }, + "apikey": { + "description": "APIKey is the security advisor secret.\n", + "type": "string" + }, + "findingsURL": { + "description": "FindingsURL is the url to which findings should be sent.\n", + "type": "string" + }, + "providerId": { + "description": "ProviderID is the id assigned to Twistlock.\n", + "type": "string" + }, + "tokenURL": { + "description": "TokenURL is the url from which token should be fetched.\n", + "type": "string" + } + }, + "type": "object" + }, + "types.SecurityAdvisorDashboardResp": { + "description": "SecurityAdvisorDashboardResp is the response to security advisor dashboard", + "properties": { + "url": { + "description": "URL is the console URL link.\n", + "type": "string" + } + }, + "type": "object" + }, + "types.SecurityAdvisorNotes": { + "description": "SecurityAdvisorNotes security advisor the security advisor finding metadata", + "properties": { + "changedSince": { + "description": "ChangedSince is the last time entries were modified.\n", + "type": "string" + } + }, + "type": "object" + }, + "types.ServerlessAutoDeploySpecStatus": { + "description": "ServerlessAutoDeploySpecStatus contains status for a particular serverless auto-deploy spec", + "properties": { + "defended": { + "description": "Defended is the number of already defended functions.\n", + "type": "integer" + }, + "discovered": { + "description": "Discovered is the number of functions to protect.\n", + "type": "integer" + }, + "name": { + "description": "Name is the spec name.\n", + "type": "string" + } + }, + "type": "object" + }, + "types.ServerlessAutoDeployStatus": { + "description": "ServerlessAutoDeployStatus is the status of the serverless auto-deploy scan", + "properties": { + "errors": { + "description": "Errors is the collection of errors for the auto-deploy scan.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "scanning": { + "description": "Scanning indicates whether scanning is running.\n", + "type": "boolean" + }, + "specs": { + "description": "Specs contains the status for each spec.\n", + "items": { + "$ref": "#/components/schemas/types.ServerlessAutoDeploySpecStatus" + }, + "type": "array" + } + }, + "type": "object" + }, + "types.ServerlessRadarStatus": { + "description": "ServerlessRadarStatus holds the status for serverless radar scans", + "properties": { + "err": { + "description": ".\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + "type": "object" + }, + "types.ServerlessUsage": { + "description": "ServerlessUsage holds the number of defenders, invocations and credits used for serverless defenders", + "properties": { + "creditCount": { + "description": "CreditCount is credits that was used for this defender type.\n", + "format": "double", + "type": "number" + }, + "defendersCount": { + "description": "DefendersCount is the number of defenders that was used for this defender type.\n", + "format": "double", + "type": "number" + }, + "protectedFunctions": { + "description": "ProtectedFunctions is the number of serverless functions that have a defender installed.\n", + "format": "double", + "type": "number" + }, + "scannedFunctions": { + "description": "ScannedFunctions is the number functions being scanned for vulnerabilities and compliance issues without a defender installed.\n", + "format": "double", + "type": "number" + } + }, + "type": "object" + }, + "types.Settings": { + "description": "Settings are the global system settings", + "properties": { + "WAASLogScrubbingSpecs": { + "$ref": "#/components/schemas/waas.SensitiveDataSpecs" + }, + "accessCaCert": { + "description": "AccessCACert is a custom CA certificate.\n", + "type": "string" + }, + "address": { + "description": "Address is the intelligence service address.\n", + "type": "string" + }, + "alerts": { + "$ref": "#/components/schemas/api.AlertSettings" + }, + "certSettings": { + "$ref": "#/components/schemas/types.CertSettings" + }, + "certificatePeriodDays": { + "description": "ClientCertificatePeriodDays is the certificates period in days of client certificates.\n", + "type": "integer" + }, + "checkRevocation": { + "description": "CheckRevocation indicates whether cert revocation status is required.\n", + "type": "boolean" + }, + "clusteredDB": { + "$ref": "#/components/schemas/clustereddb.Settings" + }, + "communicationPort": { + "description": "MgmtPortHTTP is the Console HTTP port.\n", + "type": "integer" + }, + "consoleCaCert": { + "description": "ConsoleCACert is a custom CA certificate for the console.\n", + "type": "string" + }, + "consoleCustomCert": { + "$ref": "#/components/schemas/common.Secret" + }, + "consoleNames": { + "description": "ConsoleNames is a list of names to use when generating the console SAN certificate.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "credentialsCountLimit": { + "description": "CredentialsCountLimit is the maximum amount of allowed credentials.\n", + "type": "integer" + }, + "csaAPairingSettings": { + "$ref": "#/components/schemas/types.CSAPairingSettings" + }, + "customEndpoint": { + "description": "CustomEndpoint is the user defined custom endpoint.\n", + "type": "string" + }, + "customEndpointCACert": { + "description": "CustomEndpointCACert is the custom CA cert bundle for trusting the custom endpoint.\n", + "type": "string" + }, + "customEndpointCredentialID": { + "description": "CustomEndpointCredentialID is the custom endpoint credential ID.\n", + "type": "string" + }, + "customEndpointEnabled": { + "description": "CustomEndpointEnabled indicates that the user custom endpoint is enabled.\n", + "type": "boolean" + }, + "customLabels": { + "$ref": "#/components/schemas/shared.CustomLabelsSettings" + }, + "defenderSettings": { + "$ref": "#/components/schemas/defender.Settings" + }, + "enabled": { + "description": "Enabled indicates whether intelligence service is enabled.\n", + "type": "boolean" + }, + "fipsEnabled": { + "description": "FIPSEnabled indicates whether FIPS-compliant cryptography is enforced.\n", + "type": "boolean" + }, + "forensic": { + "$ref": "#/components/schemas/shared.ForensicSettings" + }, + "hasAdmin": { + "description": "HasAdmin indicates whether the admin account is initialized.\n", + "type": "boolean" + }, + "hostAutoDeploy": { + "$ref": "#/components/schemas/shared.HostAutoDeploySpecifications" + }, + "hpkp": { + "$ref": "#/components/schemas/types.HPKPSettings" + }, + "identitySettings": { + "$ref": "#/components/schemas/identity.Settings" + }, + "ldapEnabled": { + "description": "LdapEnabled indicates whether ldap is enabled.\n", + "type": "boolean" + }, + "licenseKey": { + "description": "LicenseKey is the license key.\n", + "type": "string" + }, + "logging": { + "$ref": "#/components/schemas/shared.LoggingSettings" + }, + "logon": { + "$ref": "#/components/schemas/types.LogonSettings" + }, + "oauthEnabled": { + "description": "OauthEnabled indicates whether Oauth is enabled.\n", + "type": "boolean" + }, + "oidcEnabled": { + "description": "OidcEnabled indicates whether OpenID connect is enabled.\n", + "type": "boolean" + }, + "projects": { + "$ref": "#/components/schemas/api.ProjectSettings" + }, + "proxy": { + "$ref": "#/components/schemas/common.ProxySettings" + }, + "registry": { + "$ref": "#/components/schemas/shared.RegistrySettings" + }, + "runtimeSecretScrubbingSettings": { + "$ref": "#/components/schemas/shared.RuntimeSecretScrubbingSettings" + }, + "samlEnabled": { + "description": "SamlEnabled indicates whether saml is enabled.\n", + "type": "boolean" + }, + "scan": { + "$ref": "#/components/schemas/shared.ScanSettings" + }, + "secretsStores": { + "$ref": "#/components/schemas/shared.SecretsStores" + }, + "securedConsolePort": { + "description": "MgmtPortHTTPS is the Console HTTPS port.\n", + "type": "integer" + }, + "serverlessAutoDeploy": { + "$ref": "#/components/schemas/shared.ServerlessAutoDeploySpecifications" + }, + "tasDroplets": { + "description": "TASDropletsSpecification is the TAS droplets scanning settings.\n", + "items": { + "$ref": "#/components/schemas/shared.TASDropletSpecification" + }, + "type": "array" + }, + "telemetry": { + "$ref": "#/components/schemas/types.TelemetrySettings" + }, + "token": { + "description": "Token is the token used to access intelligence service.\n", + "type": "string" + }, + "trustedCerts": { + "description": "TrustedCerts is the list of trusted cert to allow in docker access scenarios.\n", + "items": { + "$ref": "#/components/schemas/shared.TrustedCertSignature" + }, + "type": "array" + }, + "trustedCertsEnabled": { + "description": "TrustedCertsEnabled indicates whether to enable the trusted certificate feature.\n", + "type": "boolean" + }, + "uploadDisabled": { + "description": "UploadDisabled indicates whether logs uploading is disabled.\n", + "type": "boolean" + }, + "version": { + "description": "Version is the current console version.\n", + "type": "string" + }, + "vms": { + "$ref": "#/components/schemas/shared.VMSpecifications" + }, + "webAppsDiscoverySettings": { + "$ref": "#/components/schemas/waas.WebAppsDiscoverySettings" + }, + "wildFireSettings": { + "$ref": "#/components/schemas/shared.WildFireSettings" + }, + "windowsFeedEnabled": { + "description": "WindowsFeedEnabled indicates whether windows feed is enabled.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "types.Stages": { + "properties": { + "build": { + "description": "Build is the count of CI scan.\n", + "type": "integer" + }, + "deploy": { + "description": "Deploy is the count of registry Images.\n", + "type": "integer" + }, + "run": { + "description": "Run is the count of deployed Images.\n", + "type": "integer" + } + }, + "type": "object" + }, + "types.Stats": { + "description": "Stats represents the status model that is stored in the DB", + "properties": { + "AgentlessAppFirewall": { + "$ref": "#/components/schemas/types.AppFirewallStats" + }, + "_id": { + "description": "ID is the metric type.\n", + "type": "string" + }, + "access": { + "$ref": "#/components/schemas/types.AccessStats" + }, + "appEmbeddedAppFirewall": { + "$ref": "#/components/schemas/types.AppFirewallStats" + }, + "container": { + "$ref": "#/components/schemas/types.RuntimeStats" + }, + "containerAppFirewall": { + "$ref": "#/components/schemas/types.AppFirewallStats" + }, + "containerNetworkFirewall": { + "$ref": "#/components/schemas/types.NetworkFirewallStats" + }, + "host": { + "$ref": "#/components/schemas/types.RuntimeStats" + }, + "hostAppFirewall": { + "$ref": "#/components/schemas/types.AppFirewallStats" + }, + "hostComplianceCount": { + "description": "HostComplianceCount is the host compliance count.\n", + "type": "integer" + }, + "hostNetworkFirewall": { + "$ref": "#/components/schemas/types.NetworkFirewallStats" + }, + "incidentsCount": { + "description": "IncidentsCount is the incidents count.\n", + "type": "integer" + }, + "serverless": { + "$ref": "#/components/schemas/types.RuntimeStats" + }, + "serverlessAppFirewall": { + "$ref": "#/components/schemas/types.AppFirewallStats" + }, + "time": { + "description": "UnixTimestamp is the unix timestamp.\n", + "format": "int64", + "type": "integer" + }, + "vulnerabilities": { + "$ref": "#/components/schemas/types.VulnerabilitiesStats" + } + }, + "type": "object" + }, + "types.Status": { + "description": "Status stores the status of a specific defender or for global features such as intelligence or LDAP", + "properties": { + "_id": { + "description": "ID is the defender identifier if the status is per defender or the type for global statuses.\n", + "type": "string" + }, + "appFirewall": { + "$ref": "#/components/schemas/defender.FeatureStatus" + }, + "container": { + "$ref": "#/components/schemas/defender.ScanStatus" + }, + "containerNetworkFirewall": { + "$ref": "#/components/schemas/defender.FeatureStatus" + }, + "features": { + "$ref": "#/components/schemas/defender.FeatureStatus" + }, + "filesystem": { + "$ref": "#/components/schemas/defender.FeatureStatus" + }, + "hostAutoDeploy": { + "$ref": "#/components/schemas/types.HostAutoDeployStatus" + }, + "hostCustomCompliance": { + "$ref": "#/components/schemas/defender.FeatureStatus" + }, + "hostNetworkFirewall": { + "$ref": "#/components/schemas/defender.FeatureStatus" + }, + "image": { + "$ref": "#/components/schemas/defender.ScanStatus" + }, + "intelligence": { + "$ref": "#/components/schemas/types.IntelligenceStatus" + }, + "lastModified": { + "description": "Datetime the status was last modified.\n", + "format": "date-time", + "type": "string" + }, + "network": { + "$ref": "#/components/schemas/defender.FeatureStatus" + }, + "outOfBandAppFirewall": { + "$ref": "#/components/schemas/defender.FeatureStatus" + }, + "process": { + "$ref": "#/components/schemas/defender.FeatureStatus" + }, + "runc": { + "$ref": "#/components/schemas/defender.FeatureStatus" + }, + "runtime": { + "$ref": "#/components/schemas/defender.FeatureStatus" + }, + "secrets": { + "$ref": "#/components/schemas/types.SecretsStatus" + }, + "serverlessAutoDeploy": { + "$ref": "#/components/schemas/types.ServerlessAutoDeployStatus" + }, + "serverlessRadar": { + "$ref": "#/components/schemas/types.ServerlessRadarStatus" + }, + "tasDroplets": { + "$ref": "#/components/schemas/defender.ScanStatus" + }, + "type": { + "$ref": "#/components/schemas/types.StatusType" + }, + "upgrade": { + "$ref": "#/components/schemas/defender.UpgradeStatus" + } + }, + "type": "object" + }, + "types.StatusType": { + "description": "StatusType holds the status of a given flow (defender/intelligence/etc...)\nTODO: Use type in shared.Status object", + "enum": [ + [ + "intelligence", + "secrets", + "serverlessRadar", + "serverlessAutoDeploy", + "hostAutoDeploy" + ] + ], + "type": "string" + }, + "types.Suggestions": { + "properties": { + "suggestions": { + "description": ".\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + "type": "object" + }, + "types.Tags": { + "properties": { + "endpoint_tags": { + "description": ".\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "server_tags": { + "description": ".\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + "type": "object" + }, + "types.TelemetrySettings": { + "description": "TelemetrySettings is the telemetry settings", + "properties": { + "enabled": { + "description": "Enabled determines whether the telemetry settings are enabled.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "types.Trends": { + "description": "Trends contains data on global trends in the system", + "properties": { + "complianceTrend": { + "description": "ComplianceTrend represents the compliance trend.\n", + "items": { + "$ref": "#/components/schemas/types.ComplianceDailyStats" + }, + "type": "array" + }, + "defendersSummary": { + "additionalProperties": { + "$ref": "#/components/schemas/int" + }, + "description": "DefendersSummary represents the defenders count of each category.\n", + "type": "object" + }, + "vulnerabilitySummary": { + "$ref": "#/components/schemas/types.VulnerabilitySummary" + } + }, + "type": "object" + }, + "types.UserCollection": { + "description": "UserCollection holds general collection properties that are accessible to all users", + "properties": { + "color": { + "$ref": "#/components/schemas/common.Color" + }, + "name": { + "description": "Unique name associated with this collection.\n", + "type": "string" + } + }, + "type": "object" + }, + "types.UserPassword": { + "description": "UserPassword represents a new user password", + "properties": { + "newPassword": { + "description": "New password to assign to the user who is invoking the API.\n", + "type": "string" + }, + "oldPassword": { + "description": "User's existing password to replace.\n", + "type": "string" + } + }, + "type": "object" + }, + "types.UserPreferences": { + "description": "UserPreferences are the user global project reference that are persistent between versions", + "properties": { + "_id": { + "description": "User is the user name.\n", + "type": "string" + }, + "hideGuidedTour": { + "description": "HideGuidedTour indicates that guided tour should be hidden.\n", + "type": "boolean" + }, + "hideProjectDialog": { + "description": "HideProjectsDialog indicates the initial project selection dialog should be hidden.\n", + "type": "boolean" + }, + "waasRulesNotificationDismissed": { + "description": "WaasRulesNotificationDismiss indicates the time the user dismissed the waas added rules top bar.\n", + "format": "int64", + "type": "integer" + } + }, + "type": "object" + }, + "types.UserProject": { + "description": "UserProject holds general project properties that are accessible to all users", + "properties": { + "_id": { + "description": "ID is the project id.\n", + "type": "string" + }, + "address": { + "description": "Address is project address.\n", + "type": "string" + }, + "connected": { + "description": "Connected indicates if the project is currently disconnected due to an error.\n", + "type": "boolean" + }, + "creationTime": { + "description": "CreationTime is the project creation time.\n", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "types.VulnImpactedResources": { + "description": "VulnImpactedResources holds details about the resources impacted by vulnerability", + "properties": { + "_id": { + "description": "ID is the CVE ID (index for the impacted resources).\n", + "type": "string" + }, + "functions": { + "description": "Functions is a map between function id to its details.\n", + "items": { + "$ref": "#/components/schemas/types.ImpactedResourceDetails" + }, + "type": "array" + }, + "functionsCount": { + "description": "FunctionsCount is the total impacted functions count.\n", + "type": "integer" + }, + "hosts": { + "description": "Hosts is the list of impacted hosts.\n", + "items": { + "$ref": "#/components/schemas/types.ImpactedResourceDetails" + }, + "type": "array" + }, + "hostsCount": { + "description": "HostsCount is the total impacted hosts count.\n", + "type": "integer" + }, + "images": { + "description": "Images is the list of impacted hosts.\n", + "items": { + "$ref": "#/components/schemas/types.ImpactedResourceDetails" + }, + "type": "array" + }, + "imagesCount": { + "description": "ImagesCount is the total impacted images count.\n", + "type": "integer" + }, + "registryImages": { + "description": "RegistryImages is a list of impacted registry images.\n", + "items": { + "$ref": "#/components/schemas/types.ImpactedResourceDetails" + }, + "type": "array" + }, + "registryImagesCount": { + "description": "RegistryImagesCount is the total impacted registry images count.\n", + "type": "integer" + } + }, + "type": "object" + }, + "types.VulnSummary": { + "properties": { + "highestCVSSScore": { + "description": ".\n", + "format": "float", + "type": "number" + }, + "vulnFunnel": { + "$ref": "#/components/schemas/vuln.Funnel" + } + }, + "type": "object" + }, + "types.VulnerabilitiesStats": { + "description": "VulnerabilitiesStats are measures the total number of vulnerabilities in a specific images", + "properties": { + "containerCompliance": { + "description": "ContainerCompliance is the sum of all compliance issues for all running containers.\n", + "type": "integer" + }, + "imageCompliance": { + "description": "ImageCompliance is the sum of all compliance issues of all running images.\n", + "type": "integer" + }, + "imageCve": { + "description": "ImageCVE is the sum of cve vulnerabilities of all running images.\n", + "type": "integer" + } + }, + "type": "object" + }, + "types.VulnerabilityInfo": { + "description": "VulnerabilityInfo holds information about vulnerability used for VulnerabilityExplorer", + "properties": { + "cve": { + "description": "CVE ID.\n", + "type": "string" + }, + "description": { + "description": "Vulnerability description.\n", + "type": "string" + }, + "exploits": { + "$ref": "#/components/schemas/vulnerability.Exploits" + }, + "highestCVSS": { + "description": "HighestCVSS is the highest CVSS score of the vulnerability.\n", + "format": "float", + "type": "number" + }, + "highestRiskFactors": { + "$ref": "#/components/schemas/types.RiskScoreFactors" + }, + "highestSeverity": { + "description": "HighestSeverity is the highest severity of the vulnerability.\n", + "type": "string" + }, + "impactedPkgs": { + "description": "Packages impacted by the vulnerability.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "impactedResourceType": { + "$ref": "#/components/schemas/vuln.ResourceType" + }, + "impactedResourcesCnt": { + "description": "Number of resources impacted by this vulnerability.\n", + "type": "integer" + }, + "link": { + "description": "Link to CVE.\n", + "type": "string" + }, + "riskFactors": { + "$ref": "#/components/schemas/vulnerability.RiskFactors" + }, + "riskScore": { + "description": "Risk score.\n", + "format": "float", + "type": "number" + }, + "status": { + "description": "CVE status.\n", + "type": "string" + } + }, + "type": "object" + }, + "types.VulnerabilityStats": { + "description": "VulnerabilityStats holds statistics about vulnerabilities issues", + "properties": { + "_id": { + "description": "ID of the vulnerability stats.\n", + "type": "string" + }, + "containers": { + "$ref": "#/components/schemas/types.ResourceVulnerabilityStats" + }, + "functions": { + "$ref": "#/components/schemas/types.ResourceVulnerabilityStats" + }, + "hosts": { + "$ref": "#/components/schemas/types.ResourceVulnerabilityStats" + }, + "images": { + "$ref": "#/components/schemas/types.ResourceVulnerabilityStats" + }, + "modified": { + "description": "Date/time when the entity was modified.\n", + "format": "date-time", + "type": "string" + }, + "registryImages": { + "$ref": "#/components/schemas/types.ResourceVulnerabilityStats" + } + }, + "type": "object" + }, + "types.VulnerabilitySummary": { + "description": "VulnerabilitySummary represents the stats of each impacted entity", + "properties": { + "containers": { + "$ref": "#/components/schemas/vuln.Distribution" + }, + "functions": { + "$ref": "#/components/schemas/vuln.Distribution" + }, + "hosts": { + "$ref": "#/components/schemas/vuln.Distribution" + }, + "images": { + "$ref": "#/components/schemas/vuln.Distribution" + }, + "registryImages": { + "$ref": "#/components/schemas/vuln.Distribution" + } + }, + "type": "object" + }, + "types.XSOARAlerts": { + "description": "XSOARAlerts is a list of XSOAR alerts", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "uint": { + "type": "integer" + }, + "uint32": { + "type": "integer" + }, + "uint64": { + "type": "integer" + }, + "uint8": { + "type": "integer" + }, + "vuln.AllCompliance": { + "description": "AllCompliance contains data regarding passed compliance checks", + "properties": { + "compliance": { + "description": "Compliance are all the passed compliance checks.\n", + "items": { + "$ref": "#/components/schemas/vuln.Vulnerability" + }, + "type": "array" + }, + "enabled": { + "description": "Enabled indicates whether passed compliance checks is enabled by policy.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "vuln.Application": { + "description": "Application represents a detected application", + "properties": { + "installedFromPackage": { + "description": "Indicates that the app was installed as an OS package.\n", + "type": "boolean" + }, + "knownVulnerabilities": { + "description": "Total number of vulnerabilities for this application.\n", + "type": "integer" + }, + "layerTime": { + "description": "Image layer to which the application belongs - layer creation time.\n", + "format": "int64", + "type": "integer" + }, + "name": { + "description": "Name of the application.\n", + "type": "string" + }, + "originPackageName": { + "description": "OriginPackageName is the name of the app origin package.\n", + "type": "string" + }, + "path": { + "description": "Path of the detected application.\n", + "type": "string" + }, + "rpmModule": { + "description": "RPMModule represents the RPM module in which this application is included.\n", + "type": "string" + }, + "service": { + "description": "Service indicates whether the application is installed as a service.\n", + "type": "boolean" + }, + "version": { + "description": "Version of the application.\n", + "type": "string" + } + }, + "type": "object" + }, + "vuln.ComplianceCategory": { + "description": "ComplianceCategory represents the compliance category", + "enum": [ + [ + "Docker", + "Docker (DISA STIG)", + "Twistlock Labs", + "Custom", + "Istio", + "Linux", + "Kubernetes", + "CRI", + "OpenShift", + "Application Control", + "GKE", + "Prisma Cloud Labs", + "EKS", + "AKS" + ] + ], + "type": "string" + }, + "vuln.ComplianceTemplate": { + "description": "ComplianceTemplate represents the compliance template", + "enum": [ + [ + "PCI", + "HIPAA", + "NIST SP 800-190", + "GDPR", + "DISA STIG" + ] + ], + "type": "string" + }, + "vuln.Condition": { + "description": "Condition are extended options for vulnerability assessment in authorization flows", + "properties": { + "block": { + "description": "Specifies the effect. If true, the effect is block.\n", + "type": "boolean" + }, + "id": { + "description": "Vulnerability ID.\n", + "type": "integer" + } + }, + "type": "object" + }, + "vuln.CustomVulnerabilities": { + "description": "CustomVulnerabilities is a collection of custom vulnerabilities\nTBD: this storage usage is not best practice, should be migrate to a 1 document per vulnerability", + "properties": { + "_id": { + "description": "ID is the custom vulnerabilities feed ID.\n", + "type": "string" + }, + "digest": { + "description": "Digest is the internal custom vulnerabilities feed digest.\n", + "type": "string" + }, + "rules": { + "description": "Rules is the list of custom vulnerabilities rules.\n", + "items": { + "$ref": "#/components/schemas/vuln.CustomVulnerability" + }, + "type": "array" + } + }, + "type": "object" + }, + "vuln.CustomVulnerability": { + "description": "CustomVulnerability is a user customized vulnerability", + "properties": { + "_id": { + "description": ".\n", + "type": "string" + }, + "maxVersionInclusive": { + "description": ".\n", + "type": "string" + }, + "md5": { + "description": ".\n", + "type": "string" + }, + "minVersionInclusive": { + "description": ".\n", + "type": "string" + }, + "name": { + "description": ".\n", + "type": "string" + }, + "package": { + "description": ".\n", + "type": "string" + }, + "type": { + "$ref": "#/components/schemas/packages.Type" + } + }, + "type": "object" + }, + "vuln.Distribution": { + "description": "Distribution counts the number of vulnerabilities per type", + "properties": { + "critical": { + "description": ".\n", + "type": "integer" + }, + "high": { + "description": ".\n", + "type": "integer" + }, + "low": { + "description": ".\n", + "type": "integer" + }, + "medium": { + "description": ".\n", + "type": "integer" + }, + "total": { + "description": ".\n", + "type": "integer" + } + }, + "type": "object" + }, + "vuln.Effect": { + "description": "Effect specifies relevant action for a vulnerability", + "enum": [ + [ + "ignore", + "alert", + "block" + ] + ], + "type": "string" + }, + "vuln.ExpirationDate": { + "description": "ExpirationDate is the vulnerability expiration date", + "properties": { + "date": { + "description": "Date is the vulnerability expiration date.\n", + "format": "date-time", + "type": "string" + }, + "enabled": { + "description": "Enabled indicates that the grace period is enabled.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "vuln.Funnel": { + "description": "Funnel is the vulnerability funnel", + "properties": { + "exploitable": { + "description": ".\n", + "type": "integer" + }, + "packageInUse": { + "description": ".\n", + "type": "integer" + }, + "patchable": { + "description": ".\n", + "type": "integer" + }, + "total": { + "description": ".\n", + "type": "integer" + }, + "urgent": { + "description": "Urgent is the number of critical and high CVEs.\n", + "type": "integer" + } + }, + "type": "object" + }, + "vuln.ResourceType": { + "description": "ResourceType represents the resource type", + "enum": [ + [ + "container", + "image", + "host", + "istio", + "vm", + "function", + "registryImage" + ] + ], + "type": "string" + }, + "vuln.Secret": { + "description": "Secret represents a secret found on the scanned workload", + "properties": { + "group": { + "description": "Group is a group name or ID of owner the file metadata containing the secret.\n", + "type": "string" + }, + "locationInFile": { + "description": "LocationInFile is the line and offset in the file where the secret was found.\n", + "type": "string" + }, + "metadataModifiedTime": { + "description": "MetadataModifiedTime is the modification time of the file metadata containing the secret.\n", + "format": "int64", + "type": "integer" + }, + "modifiedTime": { + "description": "ModifiedTime is the modification time of the file containing the secret.\n", + "format": "int64", + "type": "integer" + }, + "originalFileLocation": { + "description": ".\n", + "type": "string" + }, + "path": { + "description": "Path is the path of the file in which the secret was found.\n", + "type": "string" + }, + "permissions": { + "description": "Permissions are permission bits of the file metadata containing the secret.\n", + "type": "string" + }, + "secretID": { + "description": "SecretID is the SHA1 of the secret content.\n", + "type": "string" + }, + "size": { + "description": "Size is the size in bytes of the file in which the secret was found.\n", + "format": "int64", + "type": "integer" + }, + "snippet": { + "description": "Snippet is the partial plain secret.\n", + "type": "string" + }, + "type": { + "$ref": "#/components/schemas/vuln.SecretType" + }, + "user": { + "description": "User is a username or ID of owner the file metadata containing the secret.\n", + "type": "string" + } + }, + "type": "object" + }, + "vuln.SecretType": { + "description": "SecretType represents a secret type", + "enum": [ + [ + "AWS Access Key ID", + "AWS Secret Key", + "AWS MWS Auth Token", + "Azure Storage Account Access Key", + "Azure Service Principal", + "GCP Service Account Auth Key", + "Private Encryption Key", + "Public Encryption Key", + "PEM X509 Certificate Header", + "SSH Authorized Keys", + "Artifactory API Token", + "Artifactory Password", + "Basic Auth Credentials", + "Mailchimp Access Key", + "NPM Token", + "Slack Token", + "Slack Webhook", + "Square OAuth Secret", + "Notion Integration Token", + "Airtable API Key", + "Atlassian Oauth2 Keys", + "CircleCI Personal Token", + "Databricks Authentication Token", + "GitHub Token", + "GitLab Token", + "Google API key", + "Grafana Token", + "Python Package Index Key (PYPI)", + "Typeform API Token", + "Scalr Token", + "Braintree Access Token", + "Braintree Payments Key", + "Paypal Token Key", + "Braintree Payments ID", + "Datadog Client Token", + "ClickUp Personal API Token", + "OpenAI API Key", + "Java DB Connectivity (JDBC)", + "MongoDB", + ".Net SQL Server" + ] + ], + "type": "string" + }, + "vuln.TagInfo": { + "description": "TagInfo is the tag info in a specific vulnerability context", + "properties": { + "color": { + "$ref": "#/components/schemas/common.Color" + }, + "comment": { + "description": "Tag comment in a specific vulnerability context.\n", + "type": "string" + }, + "name": { + "description": "Name of the tag.\n", + "type": "string" + } + }, + "type": "object" + }, + "vuln.TagType": { + "description": "TagType specifies the resource type for tagging where the vulnerability is found. Use the wildcard `*` to apply the tag to all the resource types where the vulnerability is found", + "enum": [ + [ + "image", + "host", + "function", + "" + ] + ], + "type": "string" + }, + "vuln.Vulnerability": { + "description": "Vulnerability is a general schema for vulnerabilities (e.g., for compliance or packages)", + "properties": { + "applicableRules": { + "description": "Rules applied on the package.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "binaryPkgs": { + "description": "Names of the distro binary package names (packages which are built from the source of the package).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "block": { + "description": "Indicates if the vulnerability has a block effect (true) or not (false).\n", + "type": "boolean" + }, + "cause": { + "description": "Additional information regarding the root cause for the vulnerability.\n", + "type": "string" + }, + "cri": { + "description": "Indicates if this is a CRI-specific vulnerability (true) or not (false).\n", + "type": "boolean" + }, + "custom": { + "description": "Indicates if the vulnerability is a custom vulnerability (e.g., openscap, sandbox) (true) or not (false).\n", + "type": "boolean" + }, + "cve": { + "description": "CVE ID of the vulnerability (if applied).\n", + "type": "string" + }, + "cvss": { + "description": "CVSS score of the vulnerability.\n", + "format": "float", + "type": "number" + }, + "description": { + "description": "Description of the vulnerability.\n", + "type": "string" + }, + "discovered": { + "description": "Specifies the time of discovery for the vulnerability.\n", + "format": "date-time", + "type": "string" + }, + "exploit": { + "$ref": "#/components/schemas/vulnerability.ExploitType" + }, + "exploits": { + "$ref": "#/components/schemas/vulnerability.Exploits" + }, + "fixDate": { + "description": "Date/time when the vulnerability was fixed (in Unix time).\n", + "format": "int64", + "type": "integer" + }, + "fixLink": { + "description": "Link to the vendor's fixed-version information.\n", + "type": "string" + }, + "functionLayer": { + "description": "Specifies the serverless layer ID in which the vulnerability was discovered.\n", + "type": "string" + }, + "gracePeriodDays": { + "description": "Number of grace days left for a vulnerability, based on the configured grace period. Nil if no block vulnerability rule applies.\n", + "type": "integer" + }, + "id": { + "description": "ID of the violation.\n", + "type": "integer" + }, + "isRPMModule": { + "description": "IsRPMModule indicates whether this vulnerability is specific to an RPM module.\n", + "type": "boolean" + }, + "layerTime": { + "description": "Date/time of the image layer to which the CVE belongs.\n", + "format": "int64", + "type": "integer" + }, + "link": { + "description": "Vendor link to the CVE.\n", + "type": "string" + }, + "packageName": { + "description": "Name of the package that caused the vulnerability.\n", + "type": "string" + }, + "packageType": { + "$ref": "#/components/schemas/packages.Type" + }, + "packageVersion": { + "description": "Version of the package that caused the vulnerability (or null).\n", + "type": "string" + }, + "published": { + "description": "Date/time when the vulnerability was published (in Unix time).\n", + "format": "int64", + "type": "integer" + }, + "riskFactors": { + "$ref": "#/components/schemas/vulnerability.RiskFactors" + }, + "rpmModule": { + "description": "RPMModule specifies the RPM module containing the package affected by this vulnerability.\n", + "type": "string" + }, + "secret": { + "$ref": "#/components/schemas/vuln.Secret" + }, + "severity": { + "description": "Textual representation of the vulnerability's severity.\n", + "type": "string" + }, + "status": { + "description": "Vendor status for the vulnerability.\n", + "type": "string" + }, + "templates": { + "description": "List of templates with which the vulnerability is associated.\n", + "items": { + "$ref": "#/components/schemas/vuln.ComplianceTemplate" + }, + "type": "array" + }, + "text": { + "description": "Description of the violation.\n", + "type": "string" + }, + "title": { + "description": "Compliance title.\n", + "type": "string" + }, + "twistlock": { + "description": "Indicates if this is a Twistlock-specific vulnerability (true) or not (false).\n", + "type": "boolean" + }, + "type": { + "$ref": "#/components/schemas/vulnerability.Type" + }, + "vecStr": { + "description": "Textual representation of the metric values used to score the vulnerability.\n", + "type": "string" + }, + "vulnTagInfos": { + "description": "Tag information for the vulnerability.\n", + "items": { + "$ref": "#/components/schemas/vuln.TagInfo" + }, + "type": "array" + }, + "wildfireMalware": { + "$ref": "#/components/schemas/vuln.WildFireMalware" + } + }, + "type": "object" + }, + "vuln.WildFireMalware": { + "description": "WildFireMalware holds the data for WildFire malicious MD5", + "properties": { + "md5": { + "description": "MD5 is the hash of the malicious binary.\n", + "type": "string" + }, + "path": { + "description": "Path is the path to malicious binary.\n", + "type": "string" + }, + "verdict": { + "description": "Verdict is the malicious source like grayware, malware and phishing.\n", + "type": "string" + } + }, + "type": "object" + }, + "vulnerability.CPUArch": { + "description": "CPUArch represents the CPU architecture", + "type": "integer" + }, + "vulnerability.CPUArchs": { + "description": "CPUArchs represents list of cpu architectures", + "items": { + "$ref": "#/components/schemas/vulnerability.CPUArch" + }, + "type": "array" + }, + "vulnerability.CVEType": { + "description": "CVEType represents the type of a CVE", + "enum": [ + [ + "python", + "gem", + "nodejs", + "jar", + "package", + "product", + "app", + "go", + "nuget", + "osConditions", + "excludedCve" + ] + ], + "type": "string" + }, + "vulnerability.Conditions": { + "description": "Conditions represents a list of CVE rules (used to determine whether a CVE applies to a given package)", + "items": { + "$ref": "#/components/schemas/vulnerability.Rules" + }, + "type": "array" + }, + "vulnerability.CpeIDs": { + "items": { + "$ref": "#/components/schemas/uint32" + }, + "type": "array" + }, + "vulnerability.ExploitData": { + "description": "ExploitData holds information about an exploit", + "properties": { + "kind": { + "$ref": "#/components/schemas/vulnerability.ExploitKind" + }, + "link": { + "description": "Link is a link to information about the exploit.\n", + "type": "string" + }, + "source": { + "$ref": "#/components/schemas/vulnerability.ExploitType" + } + }, + "type": "object" + }, + "vulnerability.ExploitKind": { + "description": "ExploitKind represents the kind of the exploit", + "enum": [ + [ + "poc", + "in-the-wild" + ] + ], + "type": "string" + }, + "vulnerability.ExploitType": { + "description": "ExploitType represents the source of an exploit", + "enum": [ + [ + "", + "exploit-db", + "exploit-windows", + "cisa-kev" + ] + ], + "type": "string" + }, + "vulnerability.Exploits": { + "description": "Exploits represents the exploits data found for a CVE", + "items": { + "$ref": "#/components/schemas/vulnerability.ExploitData" + }, + "type": "array" + }, + "vulnerability.RHELCpeHashes": { + "description": "RHELCpeHashes represent the CPE hashes associated with a given Red Hat repository", + "items": { + "$ref": "#/components/schemas/uint32" + }, + "type": "array" + }, + "vulnerability.RiskFactor": { + "description": "RiskFactor represents a vulnerability risk factor, used in determining a vulnerability risk score", + "enum": [ + [ + "Critical severity", + "High severity", + "Medium severity", + "Has fix", + "Remote execution", + "DoS - Low", + "DoS - High", + "Recent vulnerability", + "Exploit exists - in the wild", + "Exploit exists - POC", + "Attack complexity: low", + "Attack vector: network", + "Reachable from the internet", + "Listening ports", + "Container is running as root", + "No mandatory security profile applied", + "Running as privileged container", + "Package in use", + "Sensitive information", + "Root mount", + "Runtime socket", + "Host access" + ] + ], + "type": "string" + }, + "vulnerability.RiskFactors": { + "additionalProperties": { + "$ref": "#/components/schemas/string" + }, + "description": "RiskFactors maps the existence of vulnerability risk factors", + "type": "object" + }, + "vulnerability.Rules": { + "description": "Rules represents a list of CVE assessment rules (used to determine whether a CVE applies to a given package)", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "vulnerability.Symbols": { + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "vulnerability.Type": { + "description": "Type represents the vulnerability type", + "enum": [ + [ + "container", + "image", + "host_config", + "daemon_config", + "daemon_config_files", + "security_operations", + "k8s_master", + "k8s_worker", + "k8s_federation", + "linux", + "windows", + "istio", + "serverless", + "custom", + "docker_stig", + "openshift_master", + "openshift_worker", + "application_control_linux", + "gke_worker", + "image_malware", + "host_malware", + "aks_worker", + "eks_worker", + "image_secret", + "host_secret" + ] + ], + "type": "string" + }, + "waas.APIChangeDetails": { + "description": "APIChangeDetails contains the details of the API change", + "properties": { + "changeType": { + "$ref": "#/components/schemas/waas.APIChangesType" + }, + "date": { + "description": "Date is the change date.\n", + "format": "date-time", + "type": "string" + }, + "value": { + "description": "Value the value of the change - if applicable.\n", + "type": "string" + } + }, + "type": "object" + }, + "waas.APIChangesType": { + "description": "APIChangesType is used to represent the supported API changes types", + "type": "integer" + }, + "waas.APIProtectionStatus": { + "enum": [ + [ + "unprotected", + "monitored", + "protected" + ] + ], + "type": "string" + }, + "waas.APIRequest": { + "description": "APIRequest represents a single API request and its data", + "properties": { + "bodySchema": { + "$ref": "#/components/schemas/waas.BodySchema" + }, + "bodySchemaDiffExceededLimit": { + "description": "BodySchemaDiffExceededLimit is the date that the request body schema exceeded the size limit for finding body schema changes.\n", + "format": "date-time", + "type": "string" + }, + "clientTypes": { + "description": "ClientTypes are the client types used to access this path.\n", + "items": { + "$ref": "#/components/schemas/waas.ClientType" + }, + "type": "array" + }, + "contentType": { + "description": "ContentType is the request content type.\n", + "type": "string" + }, + "firstSeen": { + "description": "FirstSeen is the date when this path was first seen.\n", + "format": "date-time", + "type": "string" + }, + "hits": { + "description": "Hits are amount of hits on this path.\n", + "type": "integer" + }, + "lastChanged": { + "description": "LastChanged is the date when this path was last changed.\n", + "format": "date-time", + "type": "string" + }, + "lastSeen": { + "description": "LastSeen is the date when this path was last seen.\n", + "format": "date-time", + "type": "string" + }, + "method": { + "description": "Method is the HTTP method of the API request.\n", + "type": "string" + }, + "owaspAPIAttacks": { + "description": "OWASPAPIAttacks are the OWASP API Top10 attacks that were found on the API.\n", + "items": { + "$ref": "#/components/schemas/waas.OWASPAPITop10" + }, + "type": "array" + }, + "path": { + "description": "Path is the path of the API request.\n", + "type": "string" + }, + "protected": { + "description": "Protected indicates that the method+path are protected by WAAS API Protection.\n", + "type": "boolean" + }, + "public": { + "description": "Public indicates this path may be accessed from the internet.\n", + "type": "boolean" + }, + "queryParameters": { + "description": "QueryParameters are the query parameters of the API request.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "requestSizeDistribution": { + "$ref": "#/components/schemas/waas.SizeRangeDistribution" + }, + "requestSizeTotal": { + "description": "RequestSizeTotal is the total request body size.\n", + "type": "integer" + }, + "requiresAuthentication": { + "description": "RequiresAuthentication indicated this path requires authentication to access.\n", + "type": "boolean" + }, + "responseContentType": { + "description": "ResponseContentType is the response content type.\n", + "type": "string" + }, + "responseSensitiveData": { + "description": "ResponseSensitiveData indicated this path may be used with sensitive data attached in response.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "responseSizeDistribution": { + "$ref": "#/components/schemas/waas.SizeRangeDistribution" + }, + "responseSizeTotal": { + "description": "ResponseSizeTotal is the total response body size.\n", + "type": "integer" + }, + "sensitiveData": { + "description": "RequestSensitiveData indicated this path may be used with sensitive data attached in request.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "servers": { + "description": "Servers are the destination servers (including port and schema) of the API request.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "sourceIP": { + "description": "SourceIP is the source IP of the API request.\n", + "type": "string" + }, + "statusCodeDistribution": { + "$ref": "#/components/schemas/waas.StatusCodeDistribution" + } + }, + "type": "object" + }, + "waas.APISpec": { + "description": "APISpec is an API specification", + "properties": { + "description": { + "description": "Description of the app.\n", + "type": "string" + }, + "effect": { + "$ref": "#/components/schemas/waas.Effect" + }, + "endpoints": { + "description": "The app's endpoints.\n", + "items": { + "$ref": "#/components/schemas/waas.Endpoint" + }, + "type": "array" + }, + "fallbackEffect": { + "$ref": "#/components/schemas/waas.Effect" + }, + "paths": { + "description": "Paths of the API's endpoints.\n", + "items": { + "$ref": "#/components/schemas/waas.Path" + }, + "type": "array" + }, + "queryParamFallbackEffect": { + "$ref": "#/components/schemas/waas.Effect" + } + }, + "type": "object" + }, + "waas.APIStats": { + "description": "APIStats contains the API stats that occurred since the last stats dump", + "properties": { + "actionCounts": { + "$ref": "#/components/schemas/waas.ActionStats" + }, + "attackTypeStats": { + "$ref": "#/components/schemas/waas.AttackTypeStats" + }, + "blockedRequests": { + "description": "BlockedRequests is the number of blocked requests since last dump.\n", + "type": "integer" + }, + "forwardedRequests": { + "description": "ForwardedRequests is the number of forwarded requests since last dump.\n", + "type": "integer" + }, + "geoData": { + "$ref": "#/components/schemas/waas.GeoData" + }, + "inspectedBodyBytes": { + "description": "InspectedBodyBytes are the total request and response inspected body bytes.\n", + "type": "integer" + }, + "inspectionLimitExceeded": { + "description": "InspectionLimitExceeded is the total number of requests in which the body size exceeds inspection limit.\n", + "type": "integer" + }, + "interstitialPages": { + "description": "InterstitialPages is the number of interstitial pages served.\n", + "type": "integer" + }, + "lastErrs": { + "description": "LastErrs is the last errors that occurred, storing up to 20 errors.\n", + "items": { + "$ref": "#/components/schemas/waas.ReqErrorCtx" + }, + "type": "array" + }, + "maxRequestInspectionDuration": { + "description": "MaxRequestInspectionDuration is the maximum request inspection duration (time spent in waas until request was forwarded).\n", + "format": "int64", + "type": "integer" + }, + "maxResponseSizeBytes": { + "description": "MaxResponseSizeBytes contains the max response size.\n", + "type": "integer" + }, + "parsingErrs": { + "description": "ParsingErrs is a counter of the parsing errors that occurred.\n", + "type": "integer" + }, + "reCAPTCHAs": { + "description": "ReCAPTCHAs is the number of reCAPTCHA pages served.\n", + "type": "integer" + }, + "responseCodeStats": { + "$ref": "#/components/schemas/waas.ResponseCodeStats" + }, + "totalErrs": { + "description": "TotalErrs is a counter of the errors that occurred.\n", + "type": "integer" + }, + "totalForwardedRequestsDuration": { + "description": "TotalForwardedRequestsDuration is the total request duration for forwarded requests.\n", + "format": "int64", + "type": "integer" + }, + "totalRequestInspectionDuration": { + "description": "TotalRequestInspectionDuration is the total request inspection duration (time spent in waas until request was forwarded).\n", + "format": "int64", + "type": "integer" + }, + "totalRequests": { + "description": "TotalRequests is the number of incoming requests since last dump.\n", + "type": "integer" + }, + "totalResponseSizeBytes": { + "description": "TotalResponsesSizeBytes is the total APIs response size.\n", + "type": "integer" + }, + "totalTimeouts": { + "description": "TotalTimeouts is the number of timed out responses.\n", + "type": "integer" + } + }, + "type": "object" + }, + "waas.AccessControls": { + "description": "AccessControls contains the access controls config (e.g., denied/allowed sources)", + "properties": { + "alert": { + "description": "Alert are the denied sources for which we alert.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "allow": { + "description": "Allow are the allowed sources for which we don't alert or prevent.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "allowMode": { + "description": "AllowMode indicates allowlist (true) or denylist (false) mode.\n", + "type": "boolean" + }, + "enabled": { + "description": "Enabled indicates if access controls protection is enabled.\n", + "type": "boolean" + }, + "fallbackEffect": { + "$ref": "#/components/schemas/waas.Effect" + }, + "prevent": { + "description": "Prevent are the denied sources.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + "type": "object" + }, + "waas.ActionStats": { + "description": "ActionStats contains the WAAS action stats", + "properties": { + "alert": { + "description": "Alerts is the number of Alert actions.\n", + "type": "integer" + }, + "ban": { + "description": "Bans is the number of Ban actions.\n", + "type": "integer" + }, + "prevent": { + "description": "Prevents is the number of Prevent actions.\n", + "type": "integer" + }, + "reCAPTCHA": { + "description": "ReCAPTCHAs is the number of reCAPTCHA actions.\n", + "type": "integer" + } + }, + "type": "object" + }, + "waas.AgentlessPolicyState": { + "description": "AgentlessPolicyState is the state of the agentless policy", + "properties": { + "deletedRules": { + "description": "DeletedRules are rules that were deleted but their VPC deployments have not been terminated.\n", + "items": { + "$ref": "#/components/schemas/waas.Rule" + }, + "type": "array" + }, + "states": { + "description": "States are the VPC configuration states.\n", + "items": { + "$ref": "#/components/schemas/waas.VPCConfigState" + }, + "type": "array" + } + }, + "type": "object" + }, + "waas.AppProtectionStats": { + "description": "AppProtectionStats contains the app protection status statistics", + "properties": { + "protected": { + "description": "Protected indicates the amount of protected WAAS app entities (containers/hosts).\n", + "type": "integer" + }, + "unprotected": { + "description": "Unprotected indicates the amount of unprotected WAAS app entities (containers/hosts).\n", + "type": "integer" + } + }, + "type": "object" + }, + "waas.AppStats": { + "description": "AppStats contains the WAAS app policy statistics", + "properties": { + "accessControl": { + "description": "AccessControl is the total amount of apps with Access Control policy.\n", + "type": "integer" + }, + "bot": { + "description": "Bot is the total amount of apps with Bot Protection policy.\n", + "type": "integer" + }, + "customRulesEnabled": { + "description": "CustomRulesEnabled is the total amount of apps with Custom Rules enabled.\n", + "type": "integer" + }, + "dos": { + "description": "DoS is the total amount of apps with DoS Protection policy.\n", + "type": "integer" + }, + "waf": { + "description": "WAF is the total amount of apps with WAF policy.\n", + "type": "integer" + } + }, + "type": "object" + }, + "waas.ApplicationSpec": { + "description": "ApplicationSpec is an application of a firewall instance", + "properties": { + "apiSpec": { + "$ref": "#/components/schemas/waas.APISpec" + }, + "appID": { + "description": "Unique ID for the app.\n", + "type": "string" + }, + "attackTools": { + "$ref": "#/components/schemas/waas.ProtectionConfig" + }, + "autoApplyPatchesSpec": { + "$ref": "#/components/schemas/waas.AutoApplyPatchesSpec" + }, + "banDurationMinutes": { + "description": "Ban duration, in minutes.\n", + "type": "integer" + }, + "body": { + "$ref": "#/components/schemas/waas.BodyConfig" + }, + "botProtectionSpec": { + "$ref": "#/components/schemas/waas.BotProtectionSpec" + }, + "certificate": { + "$ref": "#/components/schemas/common.Secret" + }, + "clickjackingEnabled": { + "description": "Indicates whether clickjacking protection is enabled (true) or not (false).\n", + "type": "boolean" + }, + "cmdi": { + "$ref": "#/components/schemas/waas.ProtectionConfig" + }, + "codeInjection": { + "$ref": "#/components/schemas/waas.ProtectionConfig" + }, + "csrfEnabled": { + "description": "Indicates whether Cross-Site Request Forgery (CSRF) protection is enabled (true) or not (false).\n", + "type": "boolean" + }, + "customBlockResponse": { + "$ref": "#/components/schemas/waas.CustomBlockResponseConfig" + }, + "customRules": { + "description": "List of custom runtime rules.\n", + "items": { + "$ref": "#/components/schemas/customrules.Ref" + }, + "type": "array" + }, + "disableEventIDHeader": { + "description": "Indicates if event ID header should be attached to the response or not.\n", + "type": "boolean" + }, + "dosConfig": { + "$ref": "#/components/schemas/waas.DoSConfig" + }, + "headerSpecs": { + "description": "Configuration for inspecting HTTP headers.\n", + "items": { + "$ref": "#/components/schemas/waas.HeaderSpec" + }, + "type": "array" + }, + "intelGathering": { + "$ref": "#/components/schemas/waas.IntelGatheringConfig" + }, + "lfi": { + "$ref": "#/components/schemas/waas.ProtectionConfig" + }, + "malformedReq": { + "$ref": "#/components/schemas/waas.ProtectionConfig" + }, + "maliciousUpload": { + "$ref": "#/components/schemas/waas.MaliciousUploadConfig" + }, + "networkControls": { + "$ref": "#/components/schemas/waas.NetworkControls" + }, + "remoteHostForwarding": { + "$ref": "#/components/schemas/waas.RemoteHostForwardingConfig" + }, + "responseHeaderSpecs": { + "description": "Configuration for modifying HTTP response headers.\n", + "items": { + "$ref": "#/components/schemas/waas.ResponseHeaderSpec" + }, + "type": "array" + }, + "sessionCookieBan": { + "description": "Indicates if bans in this app are made by session cookie ID (true) or false (not).\n", + "type": "boolean" + }, + "sessionCookieEnabled": { + "description": "Indicates if session cookies are enabled (true) or not (false).\n", + "type": "boolean" + }, + "sessionCookieSameSite": { + "$ref": "#/components/schemas/waas.SameSite" + }, + "sessionCookieSecure": { + "description": "Indicates the Secure attribute of the session cookie.\n", + "type": "boolean" + }, + "shellshock": { + "$ref": "#/components/schemas/waas.ProtectionConfig" + }, + "sqli": { + "$ref": "#/components/schemas/waas.ProtectionConfig" + }, + "tlsConfig": { + "$ref": "#/components/schemas/waas.TLSConfig" + }, + "xss": { + "$ref": "#/components/schemas/waas.ProtectionConfig" + } + }, + "type": "object" + }, + "waas.AttackType": { + "description": "AttackType is the type of the attack", + "enum": [ + [ + "xss", + "sqli", + "cmdi", + "lfi", + "codeInjection", + "deniedIP", + "deniedCountry", + "header", + "violationsExceeded", + "attackTools", + "shellshock", + "disallowedFile", + "malformedRequest", + "inspectionLimitExceeded", + "informationLeak", + "unexpectedAPI", + "dos", + "searchEngineCrawler", + "businessAnalyticsBot", + "educationalBot", + "newsBot", + "financialBot", + "contentFeedClient", + "archivingBot", + "careerSearchBot", + "mediaSearchBot", + "genericBot", + "webAutomationTool", + "webScraper", + "apiLibrary", + "httpLibrary", + "sessionValidation", + "javascriptTimeout", + "missingCookie", + "browserImpersonation", + "botImpersonation", + "requestAnomalies", + "userDefinedBot", + "recaptchaRequired", + "recaptchaVerificationFailed", + "customRule", + "publicSensitiveDataWithoutAuthentication", + "publicSensitiveDataWithoutEncryption" + ] + ], + "type": "string" + }, + "waas.AttackTypeStats": { + "description": "AttackTypeStats are the WAAS attack type stats", + "properties": { + "accessControl": { + "description": "AccessControl is the count of access control attacks.\n", + "type": "integer" + }, + "apiProtection": { + "description": "APIProtection is the count of API Protection attacks.\n", + "type": "integer" + }, + "attackTools": { + "description": "AttackTools is the count of attack tool attacks.\n", + "type": "integer" + }, + "bots": { + "description": "Bots is the count of Bot attacks.\n", + "type": "integer" + }, + "cmdInjection": { + "description": "CMDInjection is the count of command injection attacks.\n", + "type": "integer" + }, + "codeInjection": { + "description": "CodeInjection is the count of code injection attacks.\n", + "type": "integer" + }, + "customRules": { + "description": "CustomRules is the count of attacks detected by custom rules.\n", + "type": "integer" + }, + "dos": { + "description": "DoS is the count of DoS attacks.\n", + "type": "integer" + }, + "lfi": { + "description": "LFI is the count of local file injection attacks.\n", + "type": "integer" + }, + "sqlInjection": { + "description": "SQLInjection is the count of SQL injection attacks.\n", + "type": "integer" + }, + "waf": { + "description": "WAF is the count of WAF protection attacks.\n", + "type": "integer" + }, + "xss": { + "description": "XSS is the count of XSS attacks.\n", + "type": "integer" + } + }, + "type": "object" + }, + "waas.AutoApplyPatchesSpec": { + "description": "AutoApplyPatchesSpec is the configuration for automation apply patches protection", + "properties": { + "effect": { + "$ref": "#/components/schemas/waas.Effect" + } + }, + "type": "object" + }, + "waas.BodyConfig": { + "description": "BodyConfig represents app configuration related to HTTP Body", + "properties": { + "inspectionLimitExceededEffect": { + "$ref": "#/components/schemas/waas.Effect" + }, + "inspectionSizeBytes": { + "description": "InspectionSizeBytes represents the max amount of data to inspect in request body.\n", + "type": "integer" + }, + "skip": { + "description": "Skip indicates that body inspection should be skipped.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "waas.BodySchema": { + "description": "BodySchema is the request's body schema", + "properties": { + "contentType": { + "description": "ContentType is the content type the schema represents.\n", + "type": "string" + }, + "head": { + "$ref": "#/components/schemas/waas.BodySchemaNode" + } + }, + "type": "object" + }, + "waas.BodySchemaChildren": { + "additionalProperties": { + "$ref": "#/components/schemas/waas.BodySchemaNode" + }, + "description": "BodySchemaChildren represents a set of body schema children, uniquely identified by the body field's name", + "type": "object" + }, + "waas.BodySchemaNode": { + "description": "BodySchemaNode represents a single body schema node", + "properties": { + "children": { + "$ref": "#/components/schemas/waas.BodySchemaChildren" + }, + "name": { + "description": "Name is the body schema item name (key for json, tag name for xml).\n", + "type": "string" + }, + "type": { + "$ref": "#/components/schemas/waas.ParamType" + } + }, + "type": "object" + }, + "waas.BotProtectionSpec": { + "description": "BotProtectionSpec is the bot protections spec", + "properties": { + "interstitialPage": { + "description": "Indicates if an interstitial page is served (true) or not (false).\n", + "type": "boolean" + }, + "jsInjectionSpec": { + "$ref": "#/components/schemas/waas.JSInjectionSpec" + }, + "knownBotProtectionsSpec": { + "$ref": "#/components/schemas/waas.KnownBotProtectionsSpec" + }, + "reCAPTCHASpec": { + "$ref": "#/components/schemas/waas.ReCAPTCHASpec" + }, + "sessionValidation": { + "$ref": "#/components/schemas/waas.Effect" + }, + "unknownBotProtectionSpec": { + "$ref": "#/components/schemas/waas.UnknownBotProtectionSpec" + }, + "userDefinedBots": { + "description": "Effects to perform when user-defined bots are detected.\n", + "items": { + "$ref": "#/components/schemas/waas.UserDefinedBot" + }, + "type": "array" + } + }, + "type": "object" + }, + "waas.CertificateMeta": { + "description": "CertificateMeta is the certificate metadata", + "properties": { + "issuerName": { + "description": "IssuerName is the certificate issuer common name.\n", + "type": "string" + }, + "notAfter": { + "description": "NotAfter is the time the certificate is not valid (expiry time).\n", + "format": "date-time", + "type": "string" + }, + "subjectName": { + "description": "SubjectName is the certificate subject common name.\n", + "type": "string" + } + }, + "type": "object" + }, + "waas.ClientType": { + "description": "ClientType is an HTTP client type", + "enum": [ + [ + "browser", + "mobile", + "httpLib", + "apiLib" + ] + ], + "type": "string" + }, + "waas.CustomBlockResponseConfig": { + "description": "CustomBlockResponseConfig is a custom block message config for a policy", + "properties": { + "body": { + "description": "Custom HTML for the block response.\n", + "type": "string" + }, + "code": { + "description": "Custom HTTP response code for the block response.\n", + "type": "integer" + }, + "enabled": { + "description": "Indicates if the custom block response is enabled (true) or not (false).\n", + "type": "boolean" + } + }, + "type": "object" + }, + "waas.CustomReCAPTCHAPageSpec": { + "description": "CustomReCAPTCHAPageSpec is the custom reCAPTCHA page spec", + "properties": { + "body": { + "description": "Custom HTML for the reCAPTCHA page.\n", + "type": "string" + }, + "enabled": { + "description": "Indicates if the custom reCAPTCHA page is enabled.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "waas.DailyStats": { + "description": "DailyStats represents the WAAS daily stats", + "properties": { + "_id": { + "description": "Date is date that the daily stats are relevant to.\n", + "type": "string" + }, + "actionStats": { + "$ref": "#/components/schemas/waas.ActionStats" + }, + "attackTypeStats": { + "$ref": "#/components/schemas/waas.AttackTypeStats" + }, + "geoData": { + "$ref": "#/components/schemas/waas.GeoData" + }, + "inspectedBytes": { + "description": "InspectedBytes is total amount body bytes inspected by WAAS.\n", + "type": "integer" + }, + "policyChangeCount": { + "description": "PolicyChangeCount is the amount of policy changes for this day.\n", + "type": "integer" + }, + "totalRequests": { + "description": "TotalRequests is the total request count.\n", + "type": "integer" + }, + "unprotectedAppsVulnStats": { + "$ref": "#/components/schemas/waas.UnprotectedAppsVulnStats" + } + }, + "type": "object" + }, + "waas.Dashboard": { + "description": "Dashboard contains the data of the WAAS Dashboard", + "properties": { + "appProtectionStats": { + "$ref": "#/components/schemas/waas.AppProtectionStats" + }, + "dailyStats": { + "description": "DailyStats are the WAAS daily stats.\n", + "items": { + "$ref": "#/components/schemas/waas.DailyStats" + }, + "type": "array" + }, + "insights": { + "description": "Insights are the current WAAS insights.\n", + "items": { + "$ref": "#/components/schemas/waas.Insight" + }, + "type": "array" + }, + "policyStats": { + "$ref": "#/components/schemas/waas.PolicyStats" + } + }, + "type": "object" + }, + "waas.DiscoveredAPI": { + "description": "DiscoveredAPI represents a single discovered API path+method information's", + "properties": { + "appID": { + "description": "AppID is the app ID.\n", + "type": "string" + }, + "clientTypes": { + "description": "ClientTypes are the client types used to access this path.\n", + "items": { + "$ref": "#/components/schemas/waas.ClientType" + }, + "type": "array" + }, + "firstSeen": { + "description": "FirstSeen is the date when this path was first seen.\n", + "format": "date-time", + "type": "string" + }, + "hits": { + "description": "Hits are amount of hits on this path.\n", + "type": "integer" + }, + "host": { + "description": "Host is the host seen for this API.\n", + "type": "string" + }, + "image": { + "description": "Image is the image names seen for this API.\n", + "type": "string" + }, + "lastChanged": { + "description": "LastChanged is the date when this path was last changed.\n", + "format": "date-time", + "type": "string" + }, + "lastSeen": { + "description": "LastSeen is the date when this path was last seen.\n", + "format": "date-time", + "type": "string" + }, + "lbWorkload": { + "description": "LBWorkload indicates if the API was discovered by a load balancer observer.\n", + "type": "boolean" + }, + "method": { + "description": "Method is the API method.\n", + "type": "string" + }, + "owaspAPIAttacks": { + "description": "OWASPAPIAttacks indicates whether OWASP API Top-10 attacks were found on the API.\n", + "type": "boolean" + }, + "path": { + "description": "Path is the API path.\n", + "type": "string" + }, + "protectionStatus": { + "$ref": "#/components/schemas/waas.APIProtectionStatus" + }, + "public": { + "description": "Public indicates this path may be accessed from the internet.\n", + "type": "boolean" + }, + "requiresAuthentication": { + "description": "RequiresAuthentication indicated this path requires authentication to access.\n", + "type": "boolean" + }, + "responseSensitiveData": { + "description": "ResponseSensitiveData indicated this path may be used with sensitive data attached in response.\n", + "type": "boolean" + }, + "riskFactors": { + "$ref": "#/components/schemas/vulnerability.RiskFactors" + }, + "riskScore": { + "description": "RiskScore is the sum of all risk factors (used for sorting and filter by risk factors).\n", + "type": "integer" + }, + "ruleID": { + "description": "RuleID is the rule ID.\n", + "type": "string" + }, + "sensitiveData": { + "description": "SensitiveData indicated this path may be used with sensitive data attached in request.\n", + "type": "boolean" + }, + "servers": { + "description": "Servers are the servers seen for this API.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "vulnerabilityDistribution": { + "$ref": "#/components/schemas/vuln.Distribution" + } + }, + "type": "object" + }, + "waas.DoSConfig": { + "description": "DoSConfig is a dos policy specification", + "properties": { + "alert": { + "$ref": "#/components/schemas/waas.DoSRates" + }, + "ban": { + "$ref": "#/components/schemas/waas.DoSRates" + }, + "enabled": { + "description": "Enabled indicates if dos protection is enabled.\n", + "type": "boolean" + }, + "excludedNetworkLists": { + "description": "Network IPs to exclude from DoS tracking.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "matchConditions": { + "description": "Conditions on which to match to track a request. The conditions are \\\"OR\\\"'d together during the check.\n", + "items": { + "$ref": "#/components/schemas/waas.DoSMatchCondition" + }, + "type": "array" + }, + "trackSession": { + "description": "Indicates if the custom session ID generated during bot protection flow is tracked (true) or not (false).\n", + "type": "boolean" + } + }, + "type": "object" + }, + "waas.DoSMatchCondition": { + "description": "DoSMatchCondition is used for matching a request for tracking", + "properties": { + "fileTypes": { + "description": "File types for request matching.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "methods": { + "description": "HTTP methods for request matching.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "responseCodeRanges": { + "description": "Response codes for the request's response matching.\n", + "items": { + "$ref": "#/components/schemas/waas.StatusCodeRange" + }, + "type": "array" + } + }, + "type": "object" + }, + "waas.DoSRates": { + "description": "DoSRates specifies dos requests rates (thresholds)", + "properties": { + "average": { + "description": "Average request rate (requests / second).\n", + "type": "integer" + }, + "burst": { + "description": "Burst request rate (requests / second).\n", + "type": "integer" + } + }, + "type": "object" + }, + "waas.Effect": { + "description": "Effect is the effect that will be used in the rule", + "enum": [ + [ + "ban", + "prevent", + "alert", + "allow", + "disable", + "reCAPTCHA" + ] + ], + "type": "string" + }, + "waas.Endpoint": { + "description": "Endpoint is an application endpoint", + "properties": { + "basePath": { + "description": "Base path for the endpoint.\n", + "type": "string" + }, + "exposedPort": { + "description": "Exposed port that the proxy is listening on.\n", + "type": "integer" + }, + "grpc": { + "description": "Indicates if the proxy supports gRPC (true) or not (false).\n", + "type": "boolean" + }, + "host": { + "description": "URL address (name or IP) of the endpoint's API specification (e.g., petstore.swagger.io). The address can be prefixed with a wildcard (e.g., *.swagger.io).\n", + "type": "string" + }, + "http2": { + "description": "Indicates if the proxy supports HTTP/2 (true) or not (false).\n", + "type": "boolean" + }, + "internalPort": { + "description": "Internal port that the application is listening on.\n", + "type": "integer" + }, + "tls": { + "description": "Indicates if the connection is secured (true) or not (false).\n", + "type": "boolean" + } + }, + "type": "object" + }, + "waas.ExceptionField": { + "description": "ExceptionField is used to perform the protection exception fields", + "properties": { + "key": { + "description": "Field in HTTP request.\n", + "type": "string" + }, + "keyPattern": { + "description": "Match and scrub by keys, relevant when location is not defined.\n", + "type": "boolean" + }, + "location": { + "$ref": "#/components/schemas/waas.ExceptionLocation" + }, + "response": { + "description": "Indicates that sensitive data should be checked in response, only relevant for pattern based sensitive data rule.\n", + "type": "boolean" + }, + "valuePattern": { + "description": "Match and scrub by values, relevant when location is not defined.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "waas.ExceptionLocation": { + "description": "ExceptionLocation indicates exception http field location", + "enum": [ + [ + "path", + "query", + "queryValues", + "cookie", + "UserAgentHeader", + "header", + "body", + "rawBody", + "XMLPath", + "JSONPath" + ] + ], + "type": "string" + }, + "waas.FeatureExceptions": { + "description": "FeatureExceptions represents subnets that should bypass WAAS features", + "properties": { + "subnets": { + "description": "Subnets are network lists for which requests bypass WAAS features.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + "type": "object" + }, + "waas.FileType": { + "description": "FileType is the type of an uploaded file", + "enum": [ + [ + "pdf", + "officeLegacy", + "officeOoxml", + "odf", + "jpeg", + "png", + "gif", + "bmp", + "ico", + "avi", + "mp4", + "aac", + "mp3", + "wav", + "zip", + "gzip", + "rar", + "7zip" + ] + ], + "type": "string" + }, + "waas.FirewallType": { + "description": "FirewallType represents the firewall type", + "enum": [ + [ + "host-proxy", + "host-out-of-band", + "container-proxy", + "container-out-of-band", + "app-embedded", + "agentless", + "REST" + ] + ], + "type": "string" + }, + "waas.GeoData": { + "additionalProperties": { + "$ref": "#/components/schemas/waas.TrafficStats" + }, + "description": "GeoData are the per-country traffic stats", + "type": "object" + }, + "waas.HSTSConfig": { + "description": "HSTSConfig is the HTTP Strict Transport Security configuration in order to enforce HSTS header\nsee: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security", + "properties": { + "enabled": { + "description": "Enabled indicates if HSTS enforcement is enabled.\n", + "type": "boolean" + }, + "includeSubdomains": { + "description": "IncludeSubdomains indicates if this rule applies to all of the site's subdomains as well.\n", + "type": "boolean" + }, + "maxAgeSeconds": { + "description": "maxAgeSeconds is the time (in seconds) that the browser should remember that a site is only be accessed using HTTPS.\n", + "type": "integer" + }, + "preload": { + "description": "Preload indicates if it should support preload.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "waas.HTTPField": { + "description": "HTTPField is used to perform checks on flags and fields", + "properties": { + "key": { + "description": "Key is the key of the field, if exists (e.g. header and cookie).\n", + "type": "string" + }, + "type": { + "$ref": "#/components/schemas/waas.HTTPFieldType" + }, + "value": { + "description": "Value is the value of the field, if exists.\n", + "type": "string" + } + }, + "type": "object" + }, + "waas.HTTPFieldType": { + "description": "HTTPFieldType indicates type of http field", + "enum": [ + [ + "method", + "xmlBody", + "jsonBody", + "formBody", + "multipartBody", + "rawBody", + "rawBodyResponse", + "protobufBody", + "query", + "queryParamName", + "cookie", + "header", + "url" + ] + ], + "type": "string" + }, + "waas.HeaderSpec": { + "description": "HeaderSpec is specification for a single header and its allowed or blocked values", + "properties": { + "allow": { + "description": "Indicates if the flow is to be allowed (true) or blocked (false).\n", + "type": "boolean" + }, + "effect": { + "$ref": "#/components/schemas/waas.Effect" + }, + "name": { + "description": "Header name.\n", + "type": "string" + }, + "required": { + "description": "Indicates if the header must be present (true) or not (false).\n", + "type": "boolean" + }, + "values": { + "description": "Wildcard expressions that represent the header value.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + "type": "object" + }, + "waas.Insight": { + "description": "Insight represents an insight on the dashboard", + "properties": { + "message": { + "description": "Message is the display message of the insight.\n", + "type": "string" + }, + "type": { + "$ref": "#/components/schemas/waas.InsightType" + } + }, + "type": "object" + }, + "waas.InsightType": { + "description": "InsightType is the insight type", + "enum": [ + [ + "vulnerableUnprotectedApps", + "expiredCertificate", + "upcomingCertificateExpiry", + "noAPIProtection" + ] + ], + "type": "string" + }, + "waas.IntelGatheringConfig": { + "description": "IntelGatheringConfig is the configuration for intelligence gathering protections", + "properties": { + "infoLeakageEffect": { + "$ref": "#/components/schemas/waas.Effect" + }, + "removeFingerprintsEnabled": { + "description": "Indicates if server fingerprints should be removed (true) or not (false).\n", + "type": "boolean" + } + }, + "type": "object" + }, + "waas.JSInjectionSpec": { + "description": "JSInjectionSpec is the js injection protection spec", + "properties": { + "enabled": { + "description": "Indicates if JavaScript injection is enabled (true) or not (false).\n", + "type": "boolean" + }, + "timeoutEffect": { + "$ref": "#/components/schemas/waas.Effect" + } + }, + "type": "object" + }, + "waas.KnownBotProtectionsSpec": { + "description": "KnownBotProtectionsSpec is the known bot protections spec", + "properties": { + "archiving": { + "$ref": "#/components/schemas/waas.Effect" + }, + "businessAnalytics": { + "$ref": "#/components/schemas/waas.Effect" + }, + "careerSearch": { + "$ref": "#/components/schemas/waas.Effect" + }, + "contentFeedClients": { + "$ref": "#/components/schemas/waas.Effect" + }, + "educational": { + "$ref": "#/components/schemas/waas.Effect" + }, + "financial": { + "$ref": "#/components/schemas/waas.Effect" + }, + "mediaSearch": { + "$ref": "#/components/schemas/waas.Effect" + }, + "news": { + "$ref": "#/components/schemas/waas.Effect" + }, + "searchEngineCrawlers": { + "$ref": "#/components/schemas/waas.Effect" + } + }, + "type": "object" + }, + "waas.MaliciousUploadConfig": { + "description": "MaliciousUploadConfig is the configuration for file upload protection", + "properties": { + "allowedExtensions": { + "description": "Allowed file extensions.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "allowedFileTypes": { + "description": "Allowed file types.\n", + "items": { + "$ref": "#/components/schemas/waas.FileType" + }, + "type": "array" + }, + "effect": { + "$ref": "#/components/schemas/waas.Effect" + } + }, + "type": "object" + }, + "waas.Method": { + "description": "Method is a method information", + "properties": { + "method": { + "description": "Type of HTTP request (e.g., PUT, GET, etc.).\n", + "type": "string" + }, + "parameters": { + "description": "Parameters that are part of the HTTP request.\n", + "items": { + "$ref": "#/components/schemas/waas.Param" + }, + "type": "array" + } + }, + "type": "object" + }, + "waas.MinTLSVersion": { + "description": "MinTLSVersion is the list of acceptable TLS versions", + "enum": [ + [ + "1.0", + "1.1", + "1.2", + "1.3" + ] + ], + "type": "string" + }, + "waas.MonitoringStats": { + "description": "MonitoringStats are the waas per-profile monitoring stats", + "properties": { + "aggregationStart": { + "description": "AggregationStart indicates when stats aggregation started.\n", + "format": "date-time", + "type": "string" + }, + "firewallType": { + "$ref": "#/components/schemas/waas.FirewallType" + }, + "lastUpdate": { + "description": "LastUpdate indicates when the stats were last updated.\n", + "format": "date-time", + "type": "string" + }, + "profileID": { + "description": "ProfileID is the profile ID.\n", + "type": "string" + }, + "stats": { + "$ref": "#/components/schemas/waas.APIStats" + } + }, + "type": "object" + }, + "waas.NetworkControls": { + "description": "NetworkControls contains the network controls config (e.g., access controls for IPs and countries)", + "properties": { + "advancedProtectionEffect": { + "$ref": "#/components/schemas/waas.Effect" + }, + "countries": { + "$ref": "#/components/schemas/waas.AccessControls" + }, + "exceptionSubnets": { + "description": "Network lists for which requests completely bypass WAAS checks and protections.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "networkControlsExceptionSubnets": { + "$ref": "#/components/schemas/waas.FeatureExceptions" + }, + "subnets": { + "$ref": "#/components/schemas/waas.AccessControls" + } + }, + "type": "object" + }, + "waas.NetworkList": { + "description": "NetworkList represent network list of IP/CIDR in waas", + "properties": { + "_id": { + "description": "Unique ID.\n", + "type": "string" + }, + "description": { + "description": "Description of the network list.\n", + "type": "string" + }, + "disabled": { + "description": "Indicates whether the rule is currently disabled. Values: true (disabled) or false (enabled).\n", + "type": "boolean" + }, + "modified": { + "description": "Specifies the date and time when the rule was last modified.\n", + "format": "date-time", + "type": "string" + }, + "name": { + "description": "Name of the rule.\n", + "type": "string" + }, + "notes": { + "description": "Describes any noteworthy points for a rule. You can include any text.\n", + "type": "string" + }, + "owner": { + "description": "User who created or last modified the rule.\n", + "type": "string" + }, + "previousName": { + "description": "Previous name of the rule. Required for rule renaming.\n", + "type": "string" + }, + "subnets": { + "description": "List of the IPv4 addresses and IP CIDR blocks.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + "type": "object" + }, + "waas.OWASPAPITop10": { + "description": "OWASPAPITop10 represents OWASP API top 10 attacks", + "enum": [ + [ + "excessiveDataExposure", + "lackOfResources&RateLimiting", + "brokenFunctionLevelAuthorization", + "securityMisconfiguration", + "injection" + ] + ], + "type": "string" + }, + "waas.OWASPTop10": { + "description": "OWASPTop10 represents OWASP top 10 attacks", + "enum": [ + [ + "brokenAccessControl", + "cryptographicFailures", + "injection", + "insecureDesign" + ] + ], + "type": "string" + }, + "waas.OpenAPIScan": { + "description": "OpenAPIScan represents the OpenAPI file scan", + "properties": { + "_id": { + "description": "ID is the scan identifier.\n", + "type": "string" + }, + "issueResults": { + "description": "IssueResults are the scanned issues results.\n", + "items": { + "$ref": "#/components/schemas/waas.OpenAPIScanIssueResult" + }, + "type": "array" + }, + "scanInfo": { + "$ref": "#/components/schemas/waas.OpenAPIScanInfo" + }, + "scanStartTime": { + "description": "ScanStartTime is the scan started.\n", + "format": "date-time", + "type": "string" + }, + "severityDistribution": { + "$ref": "#/components/schemas/waas.OpenAPIScanIssuesSeverityDistribution" + }, + "specInfo": { + "$ref": "#/components/schemas/waas.OpenAPISpecInfo" + } + }, + "type": "object" + }, + "waas.OpenAPIScanInfo": { + "description": "OpenAPIScanInfo is the OpenAPI scan info", + "properties": { + "appID": { + "description": "AppID is the WAAS app id the file was imported from.\n", + "type": "string" + }, + "policyType": { + "$ref": "#/components/schemas/common.PolicyType" + }, + "ruleID": { + "description": "RuleID is the WAAS rule id the file was imported from.\n", + "type": "string" + }, + "source": { + "$ref": "#/components/schemas/waas.OpenAPIScanSource" + } + }, + "type": "object" + }, + "waas.OpenAPIScanIssueMetadata": { + "description": "OpenAPIScanIssueMetadata represents the static metadata of an API definition issue\nFields reflect the KICS metadata,\nExample: https://github.com/Checkmarx/kics/blob/master/assets/queries/openAPI/general/items_undefined/metadata.json", + "properties": { + "category": { + "description": "Category is the issue category.\n", + "type": "string" + }, + "descriptionText": { + "description": "DescriptionText is the issue description.\n", + "type": "string" + }, + "descriptionUrl": { + "description": "DescriptionURL is the issue information url.\n", + "type": "string" + }, + "id": { + "description": "ID is the unique identifier of the issue metadata.\n", + "type": "string" + }, + "override": { + "additionalProperties": { + "$ref": "#/components/schemas/waas.OpenAPIScanIssueMetadata" + }, + "description": "Override is the list of possible override fields by OpenAPI version.\n", + "type": "object" + }, + "queryName": { + "description": "Name is the issue name.\n", + "type": "string" + }, + "severity": { + "$ref": "#/components/schemas/waas.OpenAPIScanIssueSeverity" + } + }, + "type": "object" + }, + "waas.OpenAPIScanIssueResult": { + "description": "OpenAPIScanIssueResult represents a specific issue result in the OpenAPI spec file\nFields reflect the KICS rego queries result,\nExample: https://github.com/Checkmarx/kics/blob/master/assets/queries/openAPI/general/items_undefined/query.rego", + "properties": { + "_id": { + "description": "ID is the issue result ID.\n", + "type": "integer" + }, + "category": { + "description": "Category is the issue category.\n", + "type": "string" + }, + "descriptionText": { + "description": "DescriptionText is the issue description.\n", + "type": "string" + }, + "descriptionUrl": { + "description": "DescriptionURL is the issue information url.\n", + "type": "string" + }, + "id": { + "description": "ID is the unique identifier of the issue metadata.\n", + "type": "string" + }, + "override": { + "additionalProperties": { + "$ref": "#/components/schemas/waas.OpenAPIScanIssueMetadata" + }, + "description": "Override is the list of possible override fields by OpenAPI version.\n", + "type": "object" + }, + "queryName": { + "description": "Name is the issue name.\n", + "type": "string" + }, + "searchKey": { + "description": "SearchKey is the issue location in the spec file.\n", + "type": "string" + }, + "severity": { + "$ref": "#/components/schemas/waas.OpenAPIScanIssueSeverity" + }, + "status": { + "description": "Status is the issue status.\n", + "type": "string" + } + }, + "type": "object" + }, + "waas.OpenAPIScanIssueSeverity": { + "description": "OpenAPIScanIssueSeverity is the OpenAPI spec file issue severity", + "enum": [ + [ + "INFO", + "LOW", + "MEDIUM", + "HIGH" + ] + ], + "type": "string" + }, + "waas.OpenAPIScanIssueStatus": { + "description": "OpenAPIScanIssueStatus represents an OpenAPI file issue status", + "properties": { + "id": { + "description": "ID is the issue result ID.\n", + "type": "integer" + }, + "status": { + "description": "Status is the issue status.\n", + "type": "string" + } + }, + "type": "object" + }, + "waas.OpenAPIScanIssuesSeverityDistribution": { + "description": "OpenAPIScanIssuesSeverityDistribution counts the number of issues per severity type", + "properties": { + "high": { + "description": "High is the high severity issues count.\n", + "type": "integer" + }, + "info": { + "description": "Info is the info severity issues count.\n", + "type": "integer" + }, + "low": { + "description": "Low is the low severity issues count.\n", + "type": "integer" + }, + "medium": { + "description": "Medium is the medium severity issues count.\n", + "type": "integer" + } + }, + "type": "object" + }, + "waas.OpenAPIScanSource": { + "description": "OpenAPIScanSource is the scan trigger source", + "enum": [ + [ + "app", + "cli", + "manual" + ] + ], + "type": "string" + }, + "waas.OpenAPISpecInfo": { + "description": "OpenAPISpecInfo is the OpenAPI spec info", + "properties": { + "content": { + "description": "Content is the OpenAPI spec content.\n", + "items": { + "$ref": "#/components/schemas/byte" + }, + "type": "array" + }, + "contentType": { + "description": "ContentType is the OpenAPI spec file content type.\n", + "type": "string" + }, + "fileName": { + "description": "FileName is the OpenAPI spec file name.\n", + "type": "string" + } + }, + "type": "object" + }, + "waas.OutOfBandMode": { + "description": "OutOfBandMode holds the app firewall out-of-band mode", + "enum": [ + [ + "", + "Observation", + "Protection" + ] + ], + "type": "string" + }, + "waas.OutOfBandRuleScope": { + "description": "OutOfBandRuleScope represents the Out-of-Band Rule Scope", + "enum": [ + [ + "container", + "host", + "" + ] + ], + "type": "string" + }, + "waas.Param": { + "description": "Param contains a parameter information", + "properties": { + "allowEmptyValue": { + "description": "Indicates if an empty value is allowed (true) or not (false).\n", + "type": "boolean" + }, + "array": { + "description": "Indicates if multiple values of the specified type are allowed (true) or not (false).\n", + "type": "boolean" + }, + "explode": { + "description": "Indicates if arrays should generate separate parameters for each array item or object property.\n", + "type": "boolean" + }, + "location": { + "$ref": "#/components/schemas/waas.ParamLocation" + }, + "max": { + "description": "Maximum allowable value for a numeric parameter.\n", + "format": "double", + "type": "number" + }, + "min": { + "description": "Minimum allowable value for a numeric parameter.\n", + "format": "double", + "type": "number" + }, + "name": { + "description": "Name of the parameter.\n", + "type": "string" + }, + "required": { + "description": "Indicates if the parameter is required (true) or not (false).\n", + "type": "boolean" + }, + "style": { + "$ref": "#/components/schemas/waas.ParamStyle" + }, + "type": { + "$ref": "#/components/schemas/waas.ParamType" + } + }, + "type": "object" + }, + "waas.ParamLocation": { + "description": "ParamLocation is the location of a parameter", + "enum": [ + [ + "path", + "query", + "cookie", + "header", + "body", + "json", + "xml", + "formData", + "multipart" + ] + ], + "type": "string" + }, + "waas.ParamStyle": { + "description": "ParamStyle is a param format style, defined by OpenAPI specification\nIt describes how the parameter value will be serialized depending on the type of the parameter value.\nRef: https://swagger.io/docs/specification/serialization/\nhttps://github.com/OAI/OpenAPI-Specification/blob/master/versions/3.0.0.md#style-examples", + "enum": [ + [ + "simple", + "spaceDelimited", + "tabDelimited", + "pipeDelimited", + "form", + "matrix", + "label" + ] + ], + "type": "string" + }, + "waas.ParamType": { + "description": "ParamType is the type of a parameter, defined by OpenAPI specification\nRef: https://github.com/OAI/OpenAPI-Specification/blob/master/versions/2.0.md#data-types", + "enum": [ + [ + "integer", + "number", + "string", + "boolean", + "array", + "object" + ] + ], + "type": "string" + }, + "waas.Path": { + "description": "Path is an API path information", + "properties": { + "methods": { + "description": "Supported operations for the path (e.g., PUT, GET, etc.).\n", + "items": { + "$ref": "#/components/schemas/waas.Method" + }, + "type": "array" + }, + "path": { + "description": "Relative path to an endpoint such as \\\"/pet/{petId}\\\".\n", + "type": "string" + } + }, + "type": "object" + }, + "waas.Policy": { + "description": "Policy representation details", + "properties": { + "_id": { + "description": "Unique internal ID.\n", + "type": "string" + }, + "maxPort": { + "description": "Specifies the upper limit (maxima) for a port number to use in an application firewall.\n", + "type": "integer" + }, + "minPort": { + "description": "Specifies the lower limit (minima) for a port number to use in an application firewall.\n", + "type": "integer" + }, + "rules": { + "description": "Specifies the rules in a policy.\n", + "items": { + "$ref": "#/components/schemas/waas.Rule" + }, + "type": "array" + } + }, + "type": "object" + }, + "waas.PolicyStats": { + "description": "PolicyStats contains the WAAS policy statistics", + "properties": { + "appStats": { + "$ref": "#/components/schemas/waas.AppStats" + }, + "apps": { + "description": "Apps is the total amount of apps in the WAAS policies.\n", + "type": "integer" + }, + "rules": { + "description": "Rules is the total amount of rules in the WAAS policies.\n", + "type": "integer" + } + }, + "type": "object" + }, + "waas.Protection": { + "description": "Protection is the type of protection", + "enum": [ + [ + "firewall", + "dos", + "bot", + "custom", + "accessControl" + ] + ], + "type": "string" + }, + "waas.ProtectionConfig": { + "description": "ProtectionConfig represents a WAAS protection config", + "properties": { + "effect": { + "$ref": "#/components/schemas/waas.Effect" + }, + "exceptionFields": { + "description": "Exceptions.\n", + "items": { + "$ref": "#/components/schemas/waas.ExceptionField" + }, + "type": "array" + } + }, + "type": "object" + }, + "waas.ProtectionStatus": { + "description": "ProtectionStatus describes the status of the WAAS protection", + "properties": { + "enabled": { + "description": "Enabled indicates if WAAS proxy protection is enabled (true) or not (false).\n", + "type": "boolean" + }, + "outOfBandMode": { + "$ref": "#/components/schemas/waas.OutOfBandMode" + }, + "ports": { + "description": "Ports indicates http open ports associated with the container.\n", + "items": { + "$ref": "#/components/schemas/int" + }, + "type": "array" + }, + "supported": { + "description": "Supported indicates if WAAS protection is supported (true) or not (false).\n", + "type": "boolean" + }, + "tlsPorts": { + "description": "TLSPorts indicates https open ports associated with the container.\n", + "items": { + "$ref": "#/components/schemas/int" + }, + "type": "array" + }, + "unprotectedProcesses": { + "description": "UnprotectedProcesses holds the processes that support HTTP/HTTPS without WAAS protection.\n", + "items": { + "$ref": "#/components/schemas/waas.UnprotectedProcess" + }, + "type": "array" + } + }, + "type": "object" + }, + "waas.ReCAPTCHASpec": { + "description": "ReCAPTCHASpec is the reCAPTCHA spec", + "properties": { + "allSessions": { + "description": "Indicates if the reCAPTCHA page is served at the start of every new session (true) or not (false).\n", + "type": "boolean" + }, + "customPageSpec": { + "$ref": "#/components/schemas/waas.CustomReCAPTCHAPageSpec" + }, + "enabled": { + "description": "Indicates if reCAPTCHA integration is enabled (true) or not (false).\n", + "type": "boolean" + }, + "secretKey": { + "$ref": "#/components/schemas/common.Secret" + }, + "siteKey": { + "description": "ReCAPTCHA site key to use when invoking the reCAPTCHA service.\n", + "type": "string" + }, + "successExpirationHours": { + "description": "Duration for which the indication of reCAPTCHA success is kept. Maximum value is 30 days * 24 = 720 hours.\n", + "type": "integer" + }, + "type": { + "$ref": "#/components/schemas/waas.ReCAPTCHAType" + } + }, + "type": "object" + }, + "waas.ReCAPTCHAType": { + "description": "ReCAPTCHAType is the reCAPTCHA configured type", + "enum": [ + [ + "checkbox", + "invisible" + ] + ], + "type": "string" + }, + "waas.RemoteHostForwardingConfig": { + "description": "RemoteHostForwardingConfig defines a remote host to forward requests to", + "properties": { + "enabled": { + "description": "Indicates if remote host forwarding is enabled (true) or not (false).\n", + "type": "boolean" + }, + "target": { + "description": "Remote host to forward requests to.\n", + "type": "string" + } + }, + "type": "object" + }, + "waas.ReqErrorCtx": { + "description": "ReqErrorCtx is the request error context", + "properties": { + "defender": { + "description": "Defender is the defender name from which the error originated.\n", + "type": "string" + }, + "err": { + "description": "Err is the API error.\n", + "type": "string" + }, + "requestInspectionDuration": { + "description": "RequestInspectionDuration is the request inspection handling time by the WAAS plugins (time spent in WAAS before forwarding the request and handling the response).\n", + "format": "int64", + "type": "integer" + }, + "requestStart": { + "description": "RequestStart is the request start time.\n", + "format": "date-time", + "type": "string" + }, + "route": { + "description": "Route is the API route.\n", + "type": "string" + }, + "serveDuration": { + "description": "ServeDuration is the total request handling time including forwarding and response until the error.\n", + "format": "int64", + "type": "integer" + } + }, + "type": "object" + }, + "waas.RequestAnomalies": { + "description": "RequestAnomalies is the request anomalies spec", + "properties": { + "effect": { + "$ref": "#/components/schemas/waas.Effect" + }, + "threshold": { + "$ref": "#/components/schemas/waas.RequestAnomalyThreshold" + } + }, + "type": "object" + }, + "waas.RequestAnomalyThreshold": { + "description": "RequestAnomalyThreshold is the score threshold for which request anomaly violation is triggered", + "enum": [ + [ + "3", + "6", + "9" + ] + ], + "type": "integer" + }, + "waas.ResponseCodeStats": { + "description": "ResponseCodeStats holds counts of different response types\nCategories taken from: https://developer.mozilla.org/en-US/docs/Web/HTTP/Status", + "properties": { + "clientErrors": { + "description": "ClientErrors are the codes in the 400-499 range.\n", + "type": "integer" + }, + "informational": { + "description": "Informational are the codes in the 100-199 range.\n", + "type": "integer" + }, + "redirects": { + "description": "Redirects are the codes in the 300-399 range.\n", + "type": "integer" + }, + "serverErrors": { + "description": "ServerErrors are the codes in the 500-599 range.\n", + "type": "integer" + }, + "successful": { + "description": "Successful are the codes in the 200-299 range.\n", + "type": "integer" + } + }, + "type": "object" + }, + "waas.ResponseHeaderSpec": { + "description": "ResponseHeaderSpec is specification for a single response header to modify", + "properties": { + "name": { + "description": "Header name (will be canonicalized when possible).\n", + "type": "string" + }, + "override": { + "description": "Indicates whether to override existing values (true) or add to them (false).\n", + "type": "boolean" + }, + "values": { + "description": "New header values.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + "type": "object" + }, + "waas.Rule": { + "description": "Rule details for an application firewall", + "properties": { + "allowMalformedHttpHeaderNames": { + "description": "Indicates whether to allow non-compliant characters in the HTTP request header.\n", + "type": "boolean" + }, + "applicationsSpec": { + "description": "Lists the OpenAPI specifications in a rule.\n", + "items": { + "$ref": "#/components/schemas/waas.ApplicationSpec" + }, + "type": "array" + }, + "autoProtectPorts": { + "description": "Indicates whether to automatically detect and protect the HTTP ports.\n", + "type": "boolean" + }, + "collections": { + "description": "Scopes the rule based on a list of collections.\n", + "items": { + "$ref": "#/components/schemas/collection.Collection" + }, + "type": "array" + }, + "disabled": { + "description": "Indicates whether the rule is currently disabled. Values: true (disabled) or false (enabled).\n", + "type": "boolean" + }, + "modified": { + "description": "Specifies the date and time when the rule was last modified.\n", + "format": "date-time", + "type": "string" + }, + "name": { + "description": "Name of the rule.\n", + "type": "string" + }, + "notes": { + "description": "Describes any noteworthy points for a rule. You can include any text.\n", + "type": "string" + }, + "outOfBandScope": { + "$ref": "#/components/schemas/waas.OutOfBandRuleScope" + }, + "owner": { + "description": "User who created or last modified the rule.\n", + "type": "string" + }, + "previousName": { + "description": "Previous name of the rule. Required for rule renaming.\n", + "type": "string" + }, + "readTimeoutSeconds": { + "description": "Specifies the timeout of the request reads in seconds. Default: 5 seconds.\n", + "type": "integer" + }, + "skipAPILearning": { + "description": "Indicates whether to skip the API discovery. Values: true (skipped) or false (Do not skip).\n", + "type": "boolean" + }, + "trafficMirroring": { + "$ref": "#/components/schemas/waas.TrafficMirroringConfig" + }, + "windows": { + "description": "Indicates whether the operating system of the app is Microsoft Windows. The default is Linux.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "waas.SameSite": { + "description": "SameSite allows a server to define a cookie attribute making it impossible for\nthe browser to send this cookie along with cross-site requests. The main\ngoal is to mitigate the risk of cross-origin information leakage, and provide\nsome protection against cross-site request forgery attacks.\n\nSee https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite for details", + "enum": [ + [ + "Lax", + "Strict", + "None" + ] + ], + "type": "string" + }, + "waas.SensitiveDataSpec": { + "description": "SensitiveDataSpec defined a single sensitive data specification", + "properties": { + "disabled": { + "description": "Indicates whether the rule is currently disabled. Values: true (disabled) or false (enabled).\n", + "type": "boolean" + }, + "key": { + "description": "Field in HTTP request.\n", + "type": "string" + }, + "keyPattern": { + "description": "Match and scrub by keys, relevant when location is not defined.\n", + "type": "boolean" + }, + "location": { + "$ref": "#/components/schemas/waas.ExceptionLocation" + }, + "modified": { + "description": "Specifies the date and time when the rule was last modified.\n", + "format": "date-time", + "type": "string" + }, + "name": { + "description": "Name of the rule.\n", + "type": "string" + }, + "notes": { + "description": "Describes any noteworthy points for a rule. You can include any text.\n", + "type": "string" + }, + "owner": { + "description": "User who created or last modified the rule.\n", + "type": "string" + }, + "placeholder": { + "description": "Placeholder is the placeholder text to replace the matched field content.\n", + "type": "string" + }, + "previousName": { + "description": "Previous name of the rule. Required for rule renaming.\n", + "type": "string" + }, + "response": { + "description": "Indicates that sensitive data should be checked in response, only relevant for pattern based sensitive data rule.\n", + "type": "boolean" + }, + "sensitiveData": { + "description": "SensitiveData indicates this spec is used for marking APIs as using sensitive data for API discovery.\n", + "type": "boolean" + }, + "skipLogScrubbing": { + "description": "SkipLogScrubbing indicates this spec is not used for log scrubbing.\n", + "type": "boolean" + }, + "valuePattern": { + "description": "Match and scrub by values, relevant when location is not defined.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "waas.SensitiveDataSpecs": { + "description": "SensitiveDataSpecs is the sensitive data specifications", + "items": { + "$ref": "#/components/schemas/waas.SensitiveDataSpec" + }, + "type": "array" + }, + "waas.SizeRangeDistribution": { + "additionalProperties": { + "$ref": "#/components/schemas/int" + }, + "type": "object" + }, + "waas.StatusCodeDistribution": { + "additionalProperties": { + "$ref": "#/components/schemas/int" + }, + "type": "object" + }, + "waas.StatusCodeRange": { + "description": "StatusCodeRange represents a status code range", + "properties": { + "end": { + "description": "End of the range. Can be omitted if using a single status code.\n", + "type": "integer" + }, + "start": { + "description": "Start of the range. Can also be used for a single, non-range value.\n", + "type": "integer" + } + }, + "type": "object" + }, + "waas.TLSConfig": { + "description": "TLSConfig holds the user TLS configuration and the certificate data", + "properties": { + "HSTSConfig": { + "$ref": "#/components/schemas/waas.HSTSConfig" + }, + "metadata": { + "$ref": "#/components/schemas/waas.CertificateMeta" + }, + "minTLSVersion": { + "$ref": "#/components/schemas/waas.MinTLSVersion" + } + }, + "type": "object" + }, + "waas.TrafficMirroringConfig": { + "description": "TrafficMirroringConfig specifies the traffic mirroring configuration is fine in that case", + "properties": { + "enabled": { + "description": "TODO #41884 - remove traffic mirroring enabled flag when no longer needed for BC\nEnabled indicates if traffic mirroring is enabled.\n", + "type": "boolean" + }, + "sampling": { + "description": "Sampling indicates if this is a sampling VPC.\n", + "type": "boolean" + }, + "vpcConfig": { + "$ref": "#/components/schemas/waas.VPCConfig" + } + }, + "type": "object" + }, + "waas.TrafficStats": { + "description": "TrafficStats are traffic stats", + "properties": { + "attacks": { + "description": ".\n", + "type": "integer" + }, + "requests": { + "description": ".\n", + "type": "integer" + } + }, + "type": "object" + }, + "waas.UnknownBotProtectionSpec": { + "description": "UnknownBotProtectionSpec is the unknown bot protection spec", + "properties": { + "apiLibraries": { + "$ref": "#/components/schemas/waas.Effect" + }, + "botImpersonation": { + "$ref": "#/components/schemas/waas.Effect" + }, + "browserImpersonation": { + "$ref": "#/components/schemas/waas.Effect" + }, + "generic": { + "$ref": "#/components/schemas/waas.Effect" + }, + "httpLibraries": { + "$ref": "#/components/schemas/waas.Effect" + }, + "requestAnomalies": { + "$ref": "#/components/schemas/waas.RequestAnomalies" + }, + "webAutomationTools": { + "$ref": "#/components/schemas/waas.Effect" + }, + "webScrapers": { + "$ref": "#/components/schemas/waas.Effect" + } + }, + "type": "object" + }, + "waas.UnprotectedAppsVulnStats": { + "description": "UnprotectedAppsVulnStats contains vulnerability statistics of unprotected web apps", + "properties": { + "critical": { + "description": ".\n", + "type": "integer" + }, + "high": { + "description": ".\n", + "type": "integer" + }, + "low": { + "description": ".\n", + "type": "integer" + }, + "medium": { + "description": ".\n", + "type": "integer" + }, + "none": { + "description": ".\n", + "type": "integer" + } + }, + "type": "object" + }, + "waas.UnprotectedContainersWebApps": { + "description": "UnprotectedContainersWebApps contains the result of scanning unprotected containers summary", + "properties": { + "_id": { + "description": "Image is the image name.\n", + "type": "string" + }, + "count": { + "description": "Count is the sum of containers using this image.\n", + "type": "integer" + }, + "ports": { + "description": "Ports is the open http ports on containers using this image.\n", + "items": { + "$ref": "#/components/schemas/int" + }, + "type": "array" + }, + "tlsPorts": { + "description": "TLSPorts is the open https ports on containers using this image.\n", + "items": { + "$ref": "#/components/schemas/int" + }, + "type": "array" + } + }, + "type": "object" + }, + "waas.UnprotectedHostsWebApps": { + "description": "UnprotectedHostsWebApps contains the result of scanning unprotected hosts summary", + "properties": { + "hostname": { + "description": "Hostname is the host name.\n", + "type": "string" + }, + "unprotectedProcesses": { + "description": "UnprotectedProcesses is processes that uses HTTP/HTTPs but are unprotected by WAAS.\n", + "items": { + "$ref": "#/components/schemas/waas.UnprotectedProcess" + }, + "type": "array" + } + }, + "type": "object" + }, + "waas.UnprotectedProcess": { + "description": "UnprotectedProcess holds unprotected processes alongside the port", + "properties": { + "port": { + "description": "Port is the process port.\n", + "type": "integer" + }, + "process": { + "description": "Process is the process name.\n", + "type": "string" + }, + "tls": { + "description": "TLS is the port TLS indication.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "waas.UserDefinedBot": { + "description": "UserDefinedBot indicates a user-defined bot and its effect", + "properties": { + "effect": { + "$ref": "#/components/schemas/waas.Effect" + }, + "headerName": { + "description": "Header name which defines the bot.\n", + "type": "string" + }, + "headerValues": { + "description": "Header values corresponding to the header name. Can contain wildcards.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "name": { + "description": "Name of the bot.\n", + "type": "string" + }, + "subnets": { + "description": "Subnets where the bot originates. Specify using network lists.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + "type": "object" + }, + "waas.VPCConfig": { + "description": "VPCConfig is the VPC configuration (there is a 1-to-1 relation with the rule, only one configuration per rule)", + "properties": { + "autoScalingEnabled": { + "description": "AutoScalingEnabled indicates that the deployment is made with auto VPC observer instances scaling.\n", + "type": "boolean" + }, + "autoScalingMaxInstances": { + "description": "AutoScalingMaxInstances is the maximum deployed instances when auto scaling is enabled.\n", + "type": "integer" + }, + "configID": { + "description": "ConfigID is a unique ID for the configuration.\n", + "type": "string" + }, + "consoleHostname": { + "description": "ConsoleHostname represents the hostname of the console to connect to.\n", + "type": "string" + }, + "credentialID": { + "description": "CredentialID is the service provider authentication data.\n", + "type": "string" + }, + "instanceNames": { + "description": "InstanceNames are the names of the instances to mirror (can be wildcard).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "instanceType": { + "description": "InstanceType is the instance type to use for the defender instance.\n", + "type": "string" + }, + "lbARN": { + "description": "LBARN is the ARN of the observed load balancer.\n", + "type": "string" + }, + "lbName": { + "description": "LBName is the name of the observed load balancer.\n", + "type": "string" + }, + "lbType": { + "description": "LBType is the type of the observed load balancer (currentlly only ALB is supported).\n", + "type": "string" + }, + "ports": { + "description": "Ports are the ports to mirror.\n", + "items": { + "$ref": "#/components/schemas/int" + }, + "type": "array" + }, + "region": { + "description": "Region is the AWS region the mirrored VMs are located in.\n", + "type": "string" + }, + "subnetID": { + "description": "SubnetID is the ID of the subnet the defender will be deployed in.\n", + "type": "string" + }, + "tags": { + "description": "Tags are the tags to filter for instances to mirror in Key:Value format or \"*\".\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "vpcID": { + "description": "VPCID is the ID of the VPC to look for instances to mirror and to deploy the defender in.\n", + "type": "string" + } + }, + "type": "object" + }, + "waas.VPCConfigMirroredResource": { + "description": "VPCConfigMirroredResource is a resource(vm or LB) mirrored by a VPC configuration deployment", + "properties": { + "id": { + "description": "ID is the resource ID.\n", + "type": "string" + }, + "name": { + "description": "Name is the resource name.\n", + "type": "string" + } + }, + "type": "object" + }, + "waas.VPCConfigResource": { + "description": "VPCConfigResource is a resource created by a VPC configuration deployment", + "properties": { + "id": { + "description": "ID is the resource ID.\n", + "type": "string" + }, + "name": { + "description": "Name is the resource name.\n", + "type": "string" + }, + "type": { + "description": "Type is the resource type.\n", + "type": "string" + } + }, + "type": "object" + }, + "waas.VPCConfigState": { + "description": "VPCConfigState is the state of a VPC configuration\nThis includes only the state needed by the frontend\nbson bindings do not omit empty as the structure is updated using upsert and fields may need to be set to empty value", + "properties": { + "configID": { + "description": "ConfigID is the ID of the VPC configuration.\n", + "type": "string" + }, + "error": { + "description": "Error is the error received during deployment (on failure).\n", + "type": "string" + }, + "lastUpdate": { + "description": "LastUpdate is the time when the deployment was last updated.\n", + "format": "date-time", + "type": "string" + }, + "status": { + "$ref": "#/components/schemas/waas.VPCConfigStatus" + } + }, + "type": "object" + }, + "waas.VPCConfigStatus": { + "description": "VPCConfigStatus is the status of a VPC configuration deployment", + "enum": [ + [ + "inProcess", + "error", + "ready", + "deletionInProgress", + "deleteError", + "deleted" + ] + ], + "type": "string" + }, + "waas.WebAppsDiscoverySettings": { + "description": "WebAppsDiscoverySettings is the web apps discovery settings", + "properties": { + "disabled": { + "description": "Disabled indicates whether web apps discovery is disabled.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "wildfire.Usage": { + "description": "Usage holds wildfire usage stats, period for the usage varies with context", + "properties": { + "bytes": { + "description": "Bytes is the total number of bytes uploaded to the WildFire API.\n", + "format": "int64", + "type": "integer" + }, + "queries": { + "description": "Queries is the number of queries to the WildFire API.\n", + "format": "int64", + "type": "integer" + }, + "uploads": { + "description": "Uploads is the number of uploads to the WildFire API.\n", + "format": "int64", + "type": "integer" + } + }, + "type": "object" + } + } + }, + "info": { + "title": "Prisma Cloud Compute API", + "version": "33.03.138", + "description": { + "$ref": "desc/intro.md" + } + }, + "openapi": "3.0.3", + "paths": { + "/api/v1/certs/ca.pem": { + "get": { + "description": { + "$ref": "desc/certs/capem_get.md" + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Certs" + ], + "x-prisma-cloud-target-env": { + "permission": "accessUI" + }, + "operationId": "get-certs-ca.pem", + "summary": "Get CA PEM Certificate File" + } + }, + "/api/v1/certs/server-certs.sh": { + "get": { + "description": { + "$ref": "desc/certs/server-certs_get.md" + }, + "parameters": [ + { + "description": "OS is the target os.\n", + "in": "query", + "name": "os", + "schema": { + "type": "string" + } + }, + { + "description": "IPs is the list of addresses for which the certificates are generated.\n", + "in": "query", + "name": "ip", + "schema": { + "type": "string" + } + }, + { + "description": "Hostname is the target defender hostname.\n", + "in": "query", + "name": "hostname", + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_uint8" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Certs" + ], + "x-prisma-cloud-target-env": { + "permission": "manageDefenders" + }, + "operationId": "get-certs-server-certs.sh", + "summary": "Get Server Certificates" + } + }, + "/api/v1/registry/webhook/webhook": { + "delete": { + "description": { + "$ref": "desc/registry/webhook_webhook_delete.md" + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Registry" + ], + "x-prisma-cloud-target-env": { + "permission": "none" + }, + "operationId": "delete-registry-webhook-webhook", + "summary": "Delete a Registry Webhook" + }, + "post": { + "description": { + "$ref": "desc/registry/webhook_webhook_post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/types.RegistryWebhookRequest" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Registry" + ], + "x-prisma-cloud-target-env": { + "permission": "none" + }, + "operationId": "post-registry-webhook-webhook", + "summary": "Registry Webhook" + } + }, + "/api/v1/util/prisma-cloud-jenkins-plugin.hpi": { + "get": { + "description": { + "$ref": "desc/util/twistlock_jenkins_plugin_get.md" + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Util" + ], + "x-prisma-cloud-target-env": { + "permission": "downloads" + }, + "operationId": "get-util-prisma-cloud-jenkins-plugin.hpi", + "summary": "Download Jenkins Plugin for Prisma Cloud Compute" + } + }, + "/api/v1/util/tas-tile": { + "get": { + "description": { + "$ref": "desc/util/twistlock_tas_tile_get.md" + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Util" + ], + "x-prisma-cloud-target-env": { + "permission": "manageDefenders" + }, + "operationId": "get-util-tas-tile", + "summary": "Download VMware TAS Tile for Prisma Cloud Compute" + } + }, + "/api/v33.03/_ping": { + "get": { + "description": { + "$ref": "desc/_ping/get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_uint8" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "_Ping" + ], + "x-prisma-cloud-target-env": { + "permission": "none" + }, + "operationId": "get-_ping", + "summary": "Ping" + } + }, + "/api/v33.03/agentless/progress": { + "get": { + "description": { + "$ref": "desc/agentless/get_agentless_progress.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.Progress" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Agentless" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorHosts" + }, + "operationId": "get-agentless-progress", + "summary": "View the Agentless Scan Progress" + } + }, + "/api/v33.03/agentless/scan": { + "post": { + "description": { + "$ref": "desc/agentless/post_agentless_scan.md" + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Agentless" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorHosts" + }, + "operationId": "post-agentless-scan", + "summary": "Start Agentless Scan" + } + }, + "/api/v33.03/agentless/stop": { + "post": { + "description": { + "$ref": "desc/agentless/post_agentless_stop.md" + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Agentless" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorHosts" + }, + "operationId": "post-agentless-stop", + "summary": "Stop an Ongoing Scan" + } + }, + "/api/v33.03/agentless/templates": { + "post": { + "description": { + "$ref": "desc/agentless/post_agentless_templates.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/types.AgentlessResourceTemplatesRequest" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Agentless" + ], + "x-prisma-cloud-target-env": { + "permission": "manageCreds" + }, + "operationId": "post-agentless-templates", + "summary": "Download Agentless Permission Templates" + } + }, + "/api/v33.03/application-control/host": { + "get": { + "description": { + "$ref": "desc/application-control/get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_applicationcontrol.Rule" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Application-Control" + ], + "x-prisma-cloud-target-env": { + "permission": "policyHosts" + }, + "operationId": "get-application-control-host", + "summary": "Host Application Control Rule" + }, + "put": { + "description": { + "$ref": "desc/application-control/put.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/applicationcontrol.Rule" + } + } + } + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/applicationcontrol.Rule" + } + } + }, + "description": "Rule represents an application control policy rule" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Application-Control" + ], + "x-prisma-cloud-target-env": { + "permission": "policyHosts" + }, + "operationId": "put-application-control-host", + "summary": "Update Host Application Control Rules" + } + }, + "/api/v33.03/application-control/host/{id}": { + "delete": { + "description": { + "$ref": "desc/application-control/id_delete.md" + }, + "parameters": [ + { + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Application-Control" + ], + "x-prisma-cloud-target-env": { + "permission": "policyHosts" + }, + "operationId": "delete-application-control-host-id", + "summary": "Delete a Host Application Control Rule" + } + }, + "/api/v33.03/audits/access": { + "get": { + "description": { + "$ref": "desc/audits/access_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Type is the audit type.\n", + "in": "query", + "name": "type", + "schema": { + "type": "string" + } + }, + { + "description": "RuleNames are the rules names to filter by.\n", + "in": "query", + "name": "ruleName", + "schema": { + "description": "RuleNames are the rules names to filter by.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "APIs are apis to filter by.\n", + "in": "query", + "name": "api", + "schema": { + "description": "APIs are apis to filter by.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hosts are hosts to filter by.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hosts are hosts to filter by.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Users are users to filter by.\n", + "in": "query", + "name": "user", + "schema": { + "description": "Users are users to filter by.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Allow indicated whether allowed requests should be shown.\n", + "in": "query", + "name": "allow", + "schema": { + "type": "string" + } + }, + { + "description": "Clusters is the cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Clusters is the cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.Audit" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorAccessDocker" + }, + "operationId": "get-audits-access", + "summary": "Get Docker Access Audit Events" + } + }, + "/api/v33.03/audits/access/download": { + "get": { + "description": { + "$ref": "desc/audits/access_download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Type is the audit type.\n", + "in": "query", + "name": "type", + "schema": { + "type": "string" + } + }, + { + "description": "RuleNames are the rules names to filter by.\n", + "in": "query", + "name": "ruleName", + "schema": { + "description": "RuleNames are the rules names to filter by.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "APIs are apis to filter by.\n", + "in": "query", + "name": "api", + "schema": { + "description": "APIs are apis to filter by.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hosts are hosts to filter by.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hosts are hosts to filter by.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Users are users to filter by.\n", + "in": "query", + "name": "user", + "schema": { + "description": "Users are users to filter by.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Allow indicated whether allowed requests should be shown.\n", + "in": "query", + "name": "allow", + "schema": { + "type": "string" + } + }, + { + "description": "Clusters is the cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Clusters is the cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorAccessDocker" + }, + "operationId": "get-audits-access-download", + "summary": "Download Docker Access Audit Events" + } + }, + "/api/v33.03/audits/admission": { + "get": { + "description": { + "$ref": "desc/audits/admission_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "From is an optional minimum time constraints for the activity.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the activity.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "in": "query", + "name": "namespace", + "schema": { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Operations is the list of operations to use for filtering.\n", + "in": "query", + "name": "operation", + "schema": { + "description": "Operations is the list of operations to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Clusters is the cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Clusters is the cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_admission.Audit" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorAccessKubernetes" + }, + "operationId": "get-audits-admission", + "summary": "Get Admission Audit Events" + } + }, + "/api/v33.03/audits/admission/download": { + "get": { + "description": { + "$ref": "desc/audits/admission_download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "From is an optional minimum time constraints for the activity.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the activity.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "in": "query", + "name": "namespace", + "schema": { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Operations is the list of operations to use for filtering.\n", + "in": "query", + "name": "operation", + "schema": { + "description": "Operations is the list of operations to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Clusters is the cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Clusters is the cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorAccessKubernetes" + }, + "operationId": "get-audits-admission-download", + "summary": "Download Admission Audit Events" + } + }, + "/api/v33.03/audits/firewall/app/agentless": { + "get": { + "description": { + "$ref": "desc/audits/waas_agentless_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Images is the image names filter.\n", + "in": "query", + "name": "imageName", + "schema": { + "description": "Images is the image names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Containers is the container names filter.\n", + "in": "query", + "name": "containerName", + "schema": { + "description": "Containers is the container names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hosts is the hostnames filter.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hosts is the hostnames filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RuleNames is the rule names filter.\n", + "in": "query", + "name": "ruleName", + "schema": { + "description": "RuleNames is the rule names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Types is the firewall audit type filter.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Types is the firewall audit type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Effect is used to filter by runtime audit effect.\n", + "in": "query", + "name": "effect", + "schema": { + "type": "string" + } + }, + { + "description": "RuleAppIDs is the rule app IDs filter.\n", + "in": "query", + "name": "ruleAppID", + "schema": { + "description": "RuleAppIDs is the rule app IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "FunctionName is used to filter by function name.\n", + "in": "query", + "name": "function", + "schema": { + "description": "FunctionName is used to filter by function name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Runtime is used to filter by runtime.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Runtime is used to filter by runtime.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "in": "query", + "name": "ns", + "schema": { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AppIDs is the app embedded appID filter.\n", + "in": "query", + "name": "appID", + "schema": { + "description": "AppIDs is the app embedded appID filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Subnets is the source IPs filter.\n", + "in": "query", + "name": "subnet", + "schema": { + "description": "Subnets is the source IPs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ConnectingIPs is the connecting IPs filter.\n", + "in": "query", + "name": "connectingIPs", + "schema": { + "description": "ConnectingIPs is the connecting IPs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Countries is the source IP country filter.\n", + "in": "query", + "name": "country", + "schema": { + "description": "Countries is the source IP country filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "UserAgents is the user agent header filter.\n", + "in": "query", + "name": "userAgentHeader", + "schema": { + "description": "UserAgents is the user agent header filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "URLs is the URL filter.\n", + "in": "query", + "name": "url", + "schema": { + "description": "URLs is the URL filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestHosts is the request host filter.\n", + "in": "query", + "name": "requestHost", + "schema": { + "description": "RequestHosts is the request host filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Paths is the URL path filter.\n", + "in": "query", + "name": "urlPath", + "schema": { + "description": "Paths is the URL path filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Queries is the URL query filter.\n", + "in": "query", + "name": "urlQuery", + "schema": { + "description": "Queries is the URL query filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Methods is the request method filter.\n", + "in": "query", + "name": "method", + "schema": { + "description": "Methods is the request method filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestHeaderNames is the request header names filter.\n", + "in": "query", + "name": "requestHeaderNames", + "schema": { + "description": "RequestHeaderNames is the request header names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OS is the OS filter.\n", + "in": "query", + "name": "os", + "schema": { + "description": "OS is the OS filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Messages is the audit message text filter.\n", + "in": "query", + "name": "msg", + "schema": { + "description": "Messages is the audit message text filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Cluster is the audit cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Cluster is the audit cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Aggregate indicates whether the result audits should be aggregated according to the Select field.\n", + "in": "query", + "name": "aggregate", + "schema": { + "type": "boolean" + } + }, + { + "description": "Protections is the firewall audit protection type filter.\n", + "in": "query", + "name": "protection", + "schema": { + "description": "Protections is the firewall audit protection type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "EventID is the event IDs filter.\n", + "in": "query", + "name": "eventID", + "schema": { + "description": "EventID is the event IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OWASPTop10 is the OWASP top 10 filter.\n", + "in": "query", + "name": "owaspTop10", + "schema": { + "description": "OWASPTop10 is the OWASP top 10 filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OWASPAPITop10 is the OWASP API top 10 filter.\n", + "in": "query", + "name": "owaspAPITop10", + "schema": { + "description": "OWASPAPITop10 is the OWASP API top 10 filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AdditionalHash is used to filter by the additional hash value.\n", + "in": "query", + "name": "additionalHash", + "schema": { + "description": "AdditionalHash is used to filter by the additional hash value.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ModelPath is used to filter by the API model path.\n", + "in": "query", + "name": "modelPath", + "schema": { + "description": "ModelPath is used to filter by the API model path.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.AppFirewallAudit" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorWAAS" + }, + "operationId": "get-audits-firewall-app-agentless", + "summary": "Get WAAS Agentless Audit Events" + } + }, + "/api/v33.03/audits/firewall/app/agentless/download": { + "get": { + "description": { + "$ref": "desc/audits/waas_agentless_download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Images is the image names filter.\n", + "in": "query", + "name": "imageName", + "schema": { + "description": "Images is the image names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Containers is the container names filter.\n", + "in": "query", + "name": "containerName", + "schema": { + "description": "Containers is the container names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hosts is the hostnames filter.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hosts is the hostnames filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RuleNames is the rule names filter.\n", + "in": "query", + "name": "ruleName", + "schema": { + "description": "RuleNames is the rule names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Types is the firewall audit type filter.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Types is the firewall audit type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Effect is used to filter by runtime audit effect.\n", + "in": "query", + "name": "effect", + "schema": { + "type": "string" + } + }, + { + "description": "RuleAppIDs is the rule app IDs filter.\n", + "in": "query", + "name": "ruleAppID", + "schema": { + "description": "RuleAppIDs is the rule app IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "FunctionName is used to filter by function name.\n", + "in": "query", + "name": "function", + "schema": { + "description": "FunctionName is used to filter by function name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Runtime is used to filter by runtime.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Runtime is used to filter by runtime.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "in": "query", + "name": "ns", + "schema": { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AppIDs is the app embedded appID filter.\n", + "in": "query", + "name": "appID", + "schema": { + "description": "AppIDs is the app embedded appID filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Subnets is the source IPs filter.\n", + "in": "query", + "name": "subnet", + "schema": { + "description": "Subnets is the source IPs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ConnectingIPs is the connecting IPs filter.\n", + "in": "query", + "name": "connectingIPs", + "schema": { + "description": "ConnectingIPs is the connecting IPs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Countries is the source IP country filter.\n", + "in": "query", + "name": "country", + "schema": { + "description": "Countries is the source IP country filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "UserAgents is the user agent header filter.\n", + "in": "query", + "name": "userAgentHeader", + "schema": { + "description": "UserAgents is the user agent header filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "URLs is the URL filter.\n", + "in": "query", + "name": "url", + "schema": { + "description": "URLs is the URL filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestHosts is the request host filter.\n", + "in": "query", + "name": "requestHost", + "schema": { + "description": "RequestHosts is the request host filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Paths is the URL path filter.\n", + "in": "query", + "name": "urlPath", + "schema": { + "description": "Paths is the URL path filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Queries is the URL query filter.\n", + "in": "query", + "name": "urlQuery", + "schema": { + "description": "Queries is the URL query filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Methods is the request method filter.\n", + "in": "query", + "name": "method", + "schema": { + "description": "Methods is the request method filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestHeaderNames is the request header names filter.\n", + "in": "query", + "name": "requestHeaderNames", + "schema": { + "description": "RequestHeaderNames is the request header names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OS is the OS filter.\n", + "in": "query", + "name": "os", + "schema": { + "description": "OS is the OS filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Messages is the audit message text filter.\n", + "in": "query", + "name": "msg", + "schema": { + "description": "Messages is the audit message text filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Cluster is the audit cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Cluster is the audit cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Aggregate indicates whether the result audits should be aggregated according to the Select field.\n", + "in": "query", + "name": "aggregate", + "schema": { + "type": "boolean" + } + }, + { + "description": "Protections is the firewall audit protection type filter.\n", + "in": "query", + "name": "protection", + "schema": { + "description": "Protections is the firewall audit protection type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "EventID is the event IDs filter.\n", + "in": "query", + "name": "eventID", + "schema": { + "description": "EventID is the event IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OWASPTop10 is the OWASP top 10 filter.\n", + "in": "query", + "name": "owaspTop10", + "schema": { + "description": "OWASPTop10 is the OWASP top 10 filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OWASPAPITop10 is the OWASP API top 10 filter.\n", + "in": "query", + "name": "owaspAPITop10", + "schema": { + "description": "OWASPAPITop10 is the OWASP API top 10 filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AdditionalHash is used to filter by the additional hash value.\n", + "in": "query", + "name": "additionalHash", + "schema": { + "description": "AdditionalHash is used to filter by the additional hash value.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ModelPath is used to filter by the API model path.\n", + "in": "query", + "name": "modelPath", + "schema": { + "description": "ModelPath is used to filter by the API model path.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorWAAS" + }, + "operationId": "get-audits-firewall-app-agentless-download", + "summary": "Download WAAS Agentless Audit Events" + } + }, + "/api/v33.03/audits/firewall/app/agentless/timeslice": { + "get": { + "description": { + "$ref": "desc/audits/waas_agentless_timeslice_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Images is the image names filter.\n", + "in": "query", + "name": "imageName", + "schema": { + "description": "Images is the image names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Containers is the container names filter.\n", + "in": "query", + "name": "containerName", + "schema": { + "description": "Containers is the container names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hosts is the hostnames filter.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hosts is the hostnames filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RuleNames is the rule names filter.\n", + "in": "query", + "name": "ruleName", + "schema": { + "description": "RuleNames is the rule names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Types is the firewall audit type filter.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Types is the firewall audit type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Effect is used to filter by runtime audit effect.\n", + "in": "query", + "name": "effect", + "schema": { + "type": "string" + } + }, + { + "description": "RuleAppIDs is the rule app IDs filter.\n", + "in": "query", + "name": "ruleAppID", + "schema": { + "description": "RuleAppIDs is the rule app IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "FunctionName is used to filter by function name.\n", + "in": "query", + "name": "function", + "schema": { + "description": "FunctionName is used to filter by function name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Runtime is used to filter by runtime.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Runtime is used to filter by runtime.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "in": "query", + "name": "ns", + "schema": { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AppIDs is the app embedded appID filter.\n", + "in": "query", + "name": "appID", + "schema": { + "description": "AppIDs is the app embedded appID filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Subnets is the source IPs filter.\n", + "in": "query", + "name": "subnet", + "schema": { + "description": "Subnets is the source IPs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ConnectingIPs is the connecting IPs filter.\n", + "in": "query", + "name": "connectingIPs", + "schema": { + "description": "ConnectingIPs is the connecting IPs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Countries is the source IP country filter.\n", + "in": "query", + "name": "country", + "schema": { + "description": "Countries is the source IP country filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "UserAgents is the user agent header filter.\n", + "in": "query", + "name": "userAgentHeader", + "schema": { + "description": "UserAgents is the user agent header filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "URLs is the URL filter.\n", + "in": "query", + "name": "url", + "schema": { + "description": "URLs is the URL filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestHosts is the request host filter.\n", + "in": "query", + "name": "requestHost", + "schema": { + "description": "RequestHosts is the request host filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Paths is the URL path filter.\n", + "in": "query", + "name": "urlPath", + "schema": { + "description": "Paths is the URL path filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Queries is the URL query filter.\n", + "in": "query", + "name": "urlQuery", + "schema": { + "description": "Queries is the URL query filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Methods is the request method filter.\n", + "in": "query", + "name": "method", + "schema": { + "description": "Methods is the request method filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestHeaderNames is the request header names filter.\n", + "in": "query", + "name": "requestHeaderNames", + "schema": { + "description": "RequestHeaderNames is the request header names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OS is the OS filter.\n", + "in": "query", + "name": "os", + "schema": { + "description": "OS is the OS filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Messages is the audit message text filter.\n", + "in": "query", + "name": "msg", + "schema": { + "description": "Messages is the audit message text filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Cluster is the audit cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Cluster is the audit cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Aggregate indicates whether the result audits should be aggregated according to the Select field.\n", + "in": "query", + "name": "aggregate", + "schema": { + "type": "boolean" + } + }, + { + "description": "Protections is the firewall audit protection type filter.\n", + "in": "query", + "name": "protection", + "schema": { + "description": "Protections is the firewall audit protection type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "EventID is the event IDs filter.\n", + "in": "query", + "name": "eventID", + "schema": { + "description": "EventID is the event IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OWASPTop10 is the OWASP top 10 filter.\n", + "in": "query", + "name": "owaspTop10", + "schema": { + "description": "OWASPTop10 is the OWASP top 10 filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OWASPAPITop10 is the OWASP API top 10 filter.\n", + "in": "query", + "name": "owaspAPITop10", + "schema": { + "description": "OWASPAPITop10 is the OWASP API top 10 filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AdditionalHash is used to filter by the additional hash value.\n", + "in": "query", + "name": "additionalHash", + "schema": { + "description": "AdditionalHash is used to filter by the additional hash value.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ModelPath is used to filter by the API model path.\n", + "in": "query", + "name": "modelPath", + "schema": { + "description": "ModelPath is used to filter by the API model path.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Buckets is the number of buckets to return.\n", + "in": "query", + "name": "buckets", + "schema": { + "type": "integer" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_types.AuditTimeslice" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorWAAS" + }, + "operationId": "get-audits-firewall-app-agentless-timeslice", + "summary": "Get WAAS Agentless Audit Events for a Timeframe" + } + }, + "/api/v33.03/audits/firewall/app/app-embedded": { + "get": { + "description": { + "$ref": "desc/audits/waas_app_embedded_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Images is the image names filter.\n", + "in": "query", + "name": "imageName", + "schema": { + "description": "Images is the image names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Containers is the container names filter.\n", + "in": "query", + "name": "containerName", + "schema": { + "description": "Containers is the container names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hosts is the hostnames filter.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hosts is the hostnames filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RuleNames is the rule names filter.\n", + "in": "query", + "name": "ruleName", + "schema": { + "description": "RuleNames is the rule names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Types is the firewall audit type filter.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Types is the firewall audit type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Effect is used to filter by runtime audit effect.\n", + "in": "query", + "name": "effect", + "schema": { + "type": "string" + } + }, + { + "description": "RuleAppIDs is the rule app IDs filter.\n", + "in": "query", + "name": "ruleAppID", + "schema": { + "description": "RuleAppIDs is the rule app IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "FunctionName is used to filter by function name.\n", + "in": "query", + "name": "function", + "schema": { + "description": "FunctionName is used to filter by function name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Runtime is used to filter by runtime.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Runtime is used to filter by runtime.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "in": "query", + "name": "ns", + "schema": { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AppIDs is the app embedded appID filter.\n", + "in": "query", + "name": "appID", + "schema": { + "description": "AppIDs is the app embedded appID filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Subnets is the source IPs filter.\n", + "in": "query", + "name": "subnet", + "schema": { + "description": "Subnets is the source IPs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ConnectingIPs is the connecting IPs filter.\n", + "in": "query", + "name": "connectingIPs", + "schema": { + "description": "ConnectingIPs is the connecting IPs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Countries is the source IP country filter.\n", + "in": "query", + "name": "country", + "schema": { + "description": "Countries is the source IP country filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "UserAgents is the user agent header filter.\n", + "in": "query", + "name": "userAgentHeader", + "schema": { + "description": "UserAgents is the user agent header filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "URLs is the URL filter.\n", + "in": "query", + "name": "url", + "schema": { + "description": "URLs is the URL filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestHosts is the request host filter.\n", + "in": "query", + "name": "requestHost", + "schema": { + "description": "RequestHosts is the request host filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Paths is the URL path filter.\n", + "in": "query", + "name": "urlPath", + "schema": { + "description": "Paths is the URL path filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Queries is the URL query filter.\n", + "in": "query", + "name": "urlQuery", + "schema": { + "description": "Queries is the URL query filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Methods is the request method filter.\n", + "in": "query", + "name": "method", + "schema": { + "description": "Methods is the request method filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestHeaderNames is the request header names filter.\n", + "in": "query", + "name": "requestHeaderNames", + "schema": { + "description": "RequestHeaderNames is the request header names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OS is the OS filter.\n", + "in": "query", + "name": "os", + "schema": { + "description": "OS is the OS filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Messages is the audit message text filter.\n", + "in": "query", + "name": "msg", + "schema": { + "description": "Messages is the audit message text filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Cluster is the audit cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Cluster is the audit cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Aggregate indicates whether the result audits should be aggregated according to the Select field.\n", + "in": "query", + "name": "aggregate", + "schema": { + "type": "boolean" + } + }, + { + "description": "Protections is the firewall audit protection type filter.\n", + "in": "query", + "name": "protection", + "schema": { + "description": "Protections is the firewall audit protection type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "EventID is the event IDs filter.\n", + "in": "query", + "name": "eventID", + "schema": { + "description": "EventID is the event IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OWASPTop10 is the OWASP top 10 filter.\n", + "in": "query", + "name": "owaspTop10", + "schema": { + "description": "OWASPTop10 is the OWASP top 10 filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OWASPAPITop10 is the OWASP API top 10 filter.\n", + "in": "query", + "name": "owaspAPITop10", + "schema": { + "description": "OWASPAPITop10 is the OWASP API top 10 filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AdditionalHash is used to filter by the additional hash value.\n", + "in": "query", + "name": "additionalHash", + "schema": { + "description": "AdditionalHash is used to filter by the additional hash value.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ModelPath is used to filter by the API model path.\n", + "in": "query", + "name": "modelPath", + "schema": { + "description": "ModelPath is used to filter by the API model path.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.AppFirewallAudit" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorWAAS" + }, + "operationId": "get-audits-firewall-app-app-embedded", + "summary": "Get WAAS App-embedded Audit Events" + } + }, + "/api/v33.03/audits/firewall/app/app-embedded/download": { + "get": { + "description": { + "$ref": "desc/audits/waas_app_embedded_download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Images is the image names filter.\n", + "in": "query", + "name": "imageName", + "schema": { + "description": "Images is the image names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Containers is the container names filter.\n", + "in": "query", + "name": "containerName", + "schema": { + "description": "Containers is the container names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hosts is the hostnames filter.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hosts is the hostnames filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RuleNames is the rule names filter.\n", + "in": "query", + "name": "ruleName", + "schema": { + "description": "RuleNames is the rule names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Types is the firewall audit type filter.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Types is the firewall audit type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Effect is used to filter by runtime audit effect.\n", + "in": "query", + "name": "effect", + "schema": { + "type": "string" + } + }, + { + "description": "RuleAppIDs is the rule app IDs filter.\n", + "in": "query", + "name": "ruleAppID", + "schema": { + "description": "RuleAppIDs is the rule app IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "FunctionName is used to filter by function name.\n", + "in": "query", + "name": "function", + "schema": { + "description": "FunctionName is used to filter by function name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Runtime is used to filter by runtime.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Runtime is used to filter by runtime.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "in": "query", + "name": "ns", + "schema": { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AppIDs is the app embedded appID filter.\n", + "in": "query", + "name": "appID", + "schema": { + "description": "AppIDs is the app embedded appID filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Subnets is the source IPs filter.\n", + "in": "query", + "name": "subnet", + "schema": { + "description": "Subnets is the source IPs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ConnectingIPs is the connecting IPs filter.\n", + "in": "query", + "name": "connectingIPs", + "schema": { + "description": "ConnectingIPs is the connecting IPs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Countries is the source IP country filter.\n", + "in": "query", + "name": "country", + "schema": { + "description": "Countries is the source IP country filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "UserAgents is the user agent header filter.\n", + "in": "query", + "name": "userAgentHeader", + "schema": { + "description": "UserAgents is the user agent header filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "URLs is the URL filter.\n", + "in": "query", + "name": "url", + "schema": { + "description": "URLs is the URL filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestHosts is the request host filter.\n", + "in": "query", + "name": "requestHost", + "schema": { + "description": "RequestHosts is the request host filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Paths is the URL path filter.\n", + "in": "query", + "name": "urlPath", + "schema": { + "description": "Paths is the URL path filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Queries is the URL query filter.\n", + "in": "query", + "name": "urlQuery", + "schema": { + "description": "Queries is the URL query filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Methods is the request method filter.\n", + "in": "query", + "name": "method", + "schema": { + "description": "Methods is the request method filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestHeaderNames is the request header names filter.\n", + "in": "query", + "name": "requestHeaderNames", + "schema": { + "description": "RequestHeaderNames is the request header names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OS is the OS filter.\n", + "in": "query", + "name": "os", + "schema": { + "description": "OS is the OS filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Messages is the audit message text filter.\n", + "in": "query", + "name": "msg", + "schema": { + "description": "Messages is the audit message text filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Cluster is the audit cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Cluster is the audit cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Aggregate indicates whether the result audits should be aggregated according to the Select field.\n", + "in": "query", + "name": "aggregate", + "schema": { + "type": "boolean" + } + }, + { + "description": "Protections is the firewall audit protection type filter.\n", + "in": "query", + "name": "protection", + "schema": { + "description": "Protections is the firewall audit protection type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "EventID is the event IDs filter.\n", + "in": "query", + "name": "eventID", + "schema": { + "description": "EventID is the event IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OWASPTop10 is the OWASP top 10 filter.\n", + "in": "query", + "name": "owaspTop10", + "schema": { + "description": "OWASPTop10 is the OWASP top 10 filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OWASPAPITop10 is the OWASP API top 10 filter.\n", + "in": "query", + "name": "owaspAPITop10", + "schema": { + "description": "OWASPAPITop10 is the OWASP API top 10 filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AdditionalHash is used to filter by the additional hash value.\n", + "in": "query", + "name": "additionalHash", + "schema": { + "description": "AdditionalHash is used to filter by the additional hash value.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ModelPath is used to filter by the API model path.\n", + "in": "query", + "name": "modelPath", + "schema": { + "description": "ModelPath is used to filter by the API model path.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorWAAS" + }, + "operationId": "get-audits-firewall-app-app-embedded-download", + "summary": "Download WAAS App-embedded Audit Events" + } + }, + "/api/v33.03/audits/firewall/app/app-embedded/timeslice": { + "get": { + "description": { + "$ref": "desc/audits/waas_app_embedded_timeslice_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Images is the image names filter.\n", + "in": "query", + "name": "imageName", + "schema": { + "description": "Images is the image names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Containers is the container names filter.\n", + "in": "query", + "name": "containerName", + "schema": { + "description": "Containers is the container names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hosts is the hostnames filter.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hosts is the hostnames filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RuleNames is the rule names filter.\n", + "in": "query", + "name": "ruleName", + "schema": { + "description": "RuleNames is the rule names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Types is the firewall audit type filter.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Types is the firewall audit type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Effect is used to filter by runtime audit effect.\n", + "in": "query", + "name": "effect", + "schema": { + "type": "string" + } + }, + { + "description": "RuleAppIDs is the rule app IDs filter.\n", + "in": "query", + "name": "ruleAppID", + "schema": { + "description": "RuleAppIDs is the rule app IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "FunctionName is used to filter by function name.\n", + "in": "query", + "name": "function", + "schema": { + "description": "FunctionName is used to filter by function name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Runtime is used to filter by runtime.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Runtime is used to filter by runtime.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "in": "query", + "name": "ns", + "schema": { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AppIDs is the app embedded appID filter.\n", + "in": "query", + "name": "appID", + "schema": { + "description": "AppIDs is the app embedded appID filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Subnets is the source IPs filter.\n", + "in": "query", + "name": "subnet", + "schema": { + "description": "Subnets is the source IPs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ConnectingIPs is the connecting IPs filter.\n", + "in": "query", + "name": "connectingIPs", + "schema": { + "description": "ConnectingIPs is the connecting IPs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Countries is the source IP country filter.\n", + "in": "query", + "name": "country", + "schema": { + "description": "Countries is the source IP country filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "UserAgents is the user agent header filter.\n", + "in": "query", + "name": "userAgentHeader", + "schema": { + "description": "UserAgents is the user agent header filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "URLs is the URL filter.\n", + "in": "query", + "name": "url", + "schema": { + "description": "URLs is the URL filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestHosts is the request host filter.\n", + "in": "query", + "name": "requestHost", + "schema": { + "description": "RequestHosts is the request host filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Paths is the URL path filter.\n", + "in": "query", + "name": "urlPath", + "schema": { + "description": "Paths is the URL path filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Queries is the URL query filter.\n", + "in": "query", + "name": "urlQuery", + "schema": { + "description": "Queries is the URL query filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Methods is the request method filter.\n", + "in": "query", + "name": "method", + "schema": { + "description": "Methods is the request method filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestHeaderNames is the request header names filter.\n", + "in": "query", + "name": "requestHeaderNames", + "schema": { + "description": "RequestHeaderNames is the request header names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OS is the OS filter.\n", + "in": "query", + "name": "os", + "schema": { + "description": "OS is the OS filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Messages is the audit message text filter.\n", + "in": "query", + "name": "msg", + "schema": { + "description": "Messages is the audit message text filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Cluster is the audit cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Cluster is the audit cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Aggregate indicates whether the result audits should be aggregated according to the Select field.\n", + "in": "query", + "name": "aggregate", + "schema": { + "type": "boolean" + } + }, + { + "description": "Protections is the firewall audit protection type filter.\n", + "in": "query", + "name": "protection", + "schema": { + "description": "Protections is the firewall audit protection type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "EventID is the event IDs filter.\n", + "in": "query", + "name": "eventID", + "schema": { + "description": "EventID is the event IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OWASPTop10 is the OWASP top 10 filter.\n", + "in": "query", + "name": "owaspTop10", + "schema": { + "description": "OWASPTop10 is the OWASP top 10 filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OWASPAPITop10 is the OWASP API top 10 filter.\n", + "in": "query", + "name": "owaspAPITop10", + "schema": { + "description": "OWASPAPITop10 is the OWASP API top 10 filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AdditionalHash is used to filter by the additional hash value.\n", + "in": "query", + "name": "additionalHash", + "schema": { + "description": "AdditionalHash is used to filter by the additional hash value.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ModelPath is used to filter by the API model path.\n", + "in": "query", + "name": "modelPath", + "schema": { + "description": "ModelPath is used to filter by the API model path.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Buckets is the number of buckets to return.\n", + "in": "query", + "name": "buckets", + "schema": { + "type": "integer" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_types.AuditTimeslice" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorWAAS" + }, + "operationId": "get-audits-firewall-app-app-embedded-timeslice", + "summary": "Get WAAS App-embedded Audit Events for a Timeframe" + } + }, + "/api/v33.03/audits/firewall/app/container": { + "get": { + "description": { + "$ref": "desc/audits/waas_container_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Images is the image names filter.\n", + "in": "query", + "name": "imageName", + "schema": { + "description": "Images is the image names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Containers is the container names filter.\n", + "in": "query", + "name": "containerName", + "schema": { + "description": "Containers is the container names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hosts is the hostnames filter.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hosts is the hostnames filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RuleNames is the rule names filter.\n", + "in": "query", + "name": "ruleName", + "schema": { + "description": "RuleNames is the rule names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Types is the firewall audit type filter.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Types is the firewall audit type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Effect is used to filter by runtime audit effect.\n", + "in": "query", + "name": "effect", + "schema": { + "type": "string" + } + }, + { + "description": "RuleAppIDs is the rule app IDs filter.\n", + "in": "query", + "name": "ruleAppID", + "schema": { + "description": "RuleAppIDs is the rule app IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "FunctionName is used to filter by function name.\n", + "in": "query", + "name": "function", + "schema": { + "description": "FunctionName is used to filter by function name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Runtime is used to filter by runtime.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Runtime is used to filter by runtime.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "in": "query", + "name": "ns", + "schema": { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AppIDs is the app embedded appID filter.\n", + "in": "query", + "name": "appID", + "schema": { + "description": "AppIDs is the app embedded appID filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Subnets is the source IPs filter.\n", + "in": "query", + "name": "subnet", + "schema": { + "description": "Subnets is the source IPs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ConnectingIPs is the connecting IPs filter.\n", + "in": "query", + "name": "connectingIPs", + "schema": { + "description": "ConnectingIPs is the connecting IPs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Countries is the source IP country filter.\n", + "in": "query", + "name": "country", + "schema": { + "description": "Countries is the source IP country filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "UserAgents is the user agent header filter.\n", + "in": "query", + "name": "userAgentHeader", + "schema": { + "description": "UserAgents is the user agent header filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "URLs is the URL filter.\n", + "in": "query", + "name": "url", + "schema": { + "description": "URLs is the URL filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestHosts is the request host filter.\n", + "in": "query", + "name": "requestHost", + "schema": { + "description": "RequestHosts is the request host filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Paths is the URL path filter.\n", + "in": "query", + "name": "urlPath", + "schema": { + "description": "Paths is the URL path filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Queries is the URL query filter.\n", + "in": "query", + "name": "urlQuery", + "schema": { + "description": "Queries is the URL query filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Methods is the request method filter.\n", + "in": "query", + "name": "method", + "schema": { + "description": "Methods is the request method filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestHeaderNames is the request header names filter.\n", + "in": "query", + "name": "requestHeaderNames", + "schema": { + "description": "RequestHeaderNames is the request header names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OS is the OS filter.\n", + "in": "query", + "name": "os", + "schema": { + "description": "OS is the OS filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Messages is the audit message text filter.\n", + "in": "query", + "name": "msg", + "schema": { + "description": "Messages is the audit message text filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Cluster is the audit cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Cluster is the audit cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Aggregate indicates whether the result audits should be aggregated according to the Select field.\n", + "in": "query", + "name": "aggregate", + "schema": { + "type": "boolean" + } + }, + { + "description": "Protections is the firewall audit protection type filter.\n", + "in": "query", + "name": "protection", + "schema": { + "description": "Protections is the firewall audit protection type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "EventID is the event IDs filter.\n", + "in": "query", + "name": "eventID", + "schema": { + "description": "EventID is the event IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OWASPTop10 is the OWASP top 10 filter.\n", + "in": "query", + "name": "owaspTop10", + "schema": { + "description": "OWASPTop10 is the OWASP top 10 filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OWASPAPITop10 is the OWASP API top 10 filter.\n", + "in": "query", + "name": "owaspAPITop10", + "schema": { + "description": "OWASPAPITop10 is the OWASP API top 10 filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AdditionalHash is used to filter by the additional hash value.\n", + "in": "query", + "name": "additionalHash", + "schema": { + "description": "AdditionalHash is used to filter by the additional hash value.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ModelPath is used to filter by the API model path.\n", + "in": "query", + "name": "modelPath", + "schema": { + "description": "ModelPath is used to filter by the API model path.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.AppFirewallAudit" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorWAAS" + }, + "operationId": "get-audits-firewall-app-container", + "summary": "Get WAAS Container Audit Events" + } + }, + "/api/v33.03/audits/firewall/app/container/download": { + "get": { + "description": { + "$ref": "desc/audits/waas_container_download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Images is the image names filter.\n", + "in": "query", + "name": "imageName", + "schema": { + "description": "Images is the image names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Containers is the container names filter.\n", + "in": "query", + "name": "containerName", + "schema": { + "description": "Containers is the container names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hosts is the hostnames filter.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hosts is the hostnames filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RuleNames is the rule names filter.\n", + "in": "query", + "name": "ruleName", + "schema": { + "description": "RuleNames is the rule names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Types is the firewall audit type filter.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Types is the firewall audit type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Effect is used to filter by runtime audit effect.\n", + "in": "query", + "name": "effect", + "schema": { + "type": "string" + } + }, + { + "description": "RuleAppIDs is the rule app IDs filter.\n", + "in": "query", + "name": "ruleAppID", + "schema": { + "description": "RuleAppIDs is the rule app IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "FunctionName is used to filter by function name.\n", + "in": "query", + "name": "function", + "schema": { + "description": "FunctionName is used to filter by function name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Runtime is used to filter by runtime.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Runtime is used to filter by runtime.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "in": "query", + "name": "ns", + "schema": { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AppIDs is the app embedded appID filter.\n", + "in": "query", + "name": "appID", + "schema": { + "description": "AppIDs is the app embedded appID filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Subnets is the source IPs filter.\n", + "in": "query", + "name": "subnet", + "schema": { + "description": "Subnets is the source IPs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ConnectingIPs is the connecting IPs filter.\n", + "in": "query", + "name": "connectingIPs", + "schema": { + "description": "ConnectingIPs is the connecting IPs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Countries is the source IP country filter.\n", + "in": "query", + "name": "country", + "schema": { + "description": "Countries is the source IP country filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "UserAgents is the user agent header filter.\n", + "in": "query", + "name": "userAgentHeader", + "schema": { + "description": "UserAgents is the user agent header filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "URLs is the URL filter.\n", + "in": "query", + "name": "url", + "schema": { + "description": "URLs is the URL filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestHosts is the request host filter.\n", + "in": "query", + "name": "requestHost", + "schema": { + "description": "RequestHosts is the request host filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Paths is the URL path filter.\n", + "in": "query", + "name": "urlPath", + "schema": { + "description": "Paths is the URL path filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Queries is the URL query filter.\n", + "in": "query", + "name": "urlQuery", + "schema": { + "description": "Queries is the URL query filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Methods is the request method filter.\n", + "in": "query", + "name": "method", + "schema": { + "description": "Methods is the request method filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestHeaderNames is the request header names filter.\n", + "in": "query", + "name": "requestHeaderNames", + "schema": { + "description": "RequestHeaderNames is the request header names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OS is the OS filter.\n", + "in": "query", + "name": "os", + "schema": { + "description": "OS is the OS filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Messages is the audit message text filter.\n", + "in": "query", + "name": "msg", + "schema": { + "description": "Messages is the audit message text filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Cluster is the audit cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Cluster is the audit cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Aggregate indicates whether the result audits should be aggregated according to the Select field.\n", + "in": "query", + "name": "aggregate", + "schema": { + "type": "boolean" + } + }, + { + "description": "Protections is the firewall audit protection type filter.\n", + "in": "query", + "name": "protection", + "schema": { + "description": "Protections is the firewall audit protection type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "EventID is the event IDs filter.\n", + "in": "query", + "name": "eventID", + "schema": { + "description": "EventID is the event IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OWASPTop10 is the OWASP top 10 filter.\n", + "in": "query", + "name": "owaspTop10", + "schema": { + "description": "OWASPTop10 is the OWASP top 10 filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OWASPAPITop10 is the OWASP API top 10 filter.\n", + "in": "query", + "name": "owaspAPITop10", + "schema": { + "description": "OWASPAPITop10 is the OWASP API top 10 filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AdditionalHash is used to filter by the additional hash value.\n", + "in": "query", + "name": "additionalHash", + "schema": { + "description": "AdditionalHash is used to filter by the additional hash value.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ModelPath is used to filter by the API model path.\n", + "in": "query", + "name": "modelPath", + "schema": { + "description": "ModelPath is used to filter by the API model path.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorWAAS" + }, + "operationId": "get-audits-firewall-app-container-download", + "summary": "Download WAAS Container Audit Events" + } + }, + "/api/v33.03/audits/firewall/app/container/timeslice": { + "get": { + "description": { + "$ref": "desc/audits/waas_container_timeslice_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Images is the image names filter.\n", + "in": "query", + "name": "imageName", + "schema": { + "description": "Images is the image names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Containers is the container names filter.\n", + "in": "query", + "name": "containerName", + "schema": { + "description": "Containers is the container names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hosts is the hostnames filter.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hosts is the hostnames filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RuleNames is the rule names filter.\n", + "in": "query", + "name": "ruleName", + "schema": { + "description": "RuleNames is the rule names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Types is the firewall audit type filter.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Types is the firewall audit type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Effect is used to filter by runtime audit effect.\n", + "in": "query", + "name": "effect", + "schema": { + "type": "string" + } + }, + { + "description": "RuleAppIDs is the rule app IDs filter.\n", + "in": "query", + "name": "ruleAppID", + "schema": { + "description": "RuleAppIDs is the rule app IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "FunctionName is used to filter by function name.\n", + "in": "query", + "name": "function", + "schema": { + "description": "FunctionName is used to filter by function name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Runtime is used to filter by runtime.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Runtime is used to filter by runtime.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "in": "query", + "name": "ns", + "schema": { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AppIDs is the app embedded appID filter.\n", + "in": "query", + "name": "appID", + "schema": { + "description": "AppIDs is the app embedded appID filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Subnets is the source IPs filter.\n", + "in": "query", + "name": "subnet", + "schema": { + "description": "Subnets is the source IPs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ConnectingIPs is the connecting IPs filter.\n", + "in": "query", + "name": "connectingIPs", + "schema": { + "description": "ConnectingIPs is the connecting IPs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Countries is the source IP country filter.\n", + "in": "query", + "name": "country", + "schema": { + "description": "Countries is the source IP country filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "UserAgents is the user agent header filter.\n", + "in": "query", + "name": "userAgentHeader", + "schema": { + "description": "UserAgents is the user agent header filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "URLs is the URL filter.\n", + "in": "query", + "name": "url", + "schema": { + "description": "URLs is the URL filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestHosts is the request host filter.\n", + "in": "query", + "name": "requestHost", + "schema": { + "description": "RequestHosts is the request host filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Paths is the URL path filter.\n", + "in": "query", + "name": "urlPath", + "schema": { + "description": "Paths is the URL path filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Queries is the URL query filter.\n", + "in": "query", + "name": "urlQuery", + "schema": { + "description": "Queries is the URL query filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Methods is the request method filter.\n", + "in": "query", + "name": "method", + "schema": { + "description": "Methods is the request method filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestHeaderNames is the request header names filter.\n", + "in": "query", + "name": "requestHeaderNames", + "schema": { + "description": "RequestHeaderNames is the request header names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OS is the OS filter.\n", + "in": "query", + "name": "os", + "schema": { + "description": "OS is the OS filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Messages is the audit message text filter.\n", + "in": "query", + "name": "msg", + "schema": { + "description": "Messages is the audit message text filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Cluster is the audit cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Cluster is the audit cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Aggregate indicates whether the result audits should be aggregated according to the Select field.\n", + "in": "query", + "name": "aggregate", + "schema": { + "type": "boolean" + } + }, + { + "description": "Protections is the firewall audit protection type filter.\n", + "in": "query", + "name": "protection", + "schema": { + "description": "Protections is the firewall audit protection type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "EventID is the event IDs filter.\n", + "in": "query", + "name": "eventID", + "schema": { + "description": "EventID is the event IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OWASPTop10 is the OWASP top 10 filter.\n", + "in": "query", + "name": "owaspTop10", + "schema": { + "description": "OWASPTop10 is the OWASP top 10 filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OWASPAPITop10 is the OWASP API top 10 filter.\n", + "in": "query", + "name": "owaspAPITop10", + "schema": { + "description": "OWASPAPITop10 is the OWASP API top 10 filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AdditionalHash is used to filter by the additional hash value.\n", + "in": "query", + "name": "additionalHash", + "schema": { + "description": "AdditionalHash is used to filter by the additional hash value.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ModelPath is used to filter by the API model path.\n", + "in": "query", + "name": "modelPath", + "schema": { + "description": "ModelPath is used to filter by the API model path.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Buckets is the number of buckets to return.\n", + "in": "query", + "name": "buckets", + "schema": { + "type": "integer" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_types.AuditTimeslice" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorWAAS" + }, + "operationId": "get-audits-firewall-app-container-timeslice", + "summary": "Get WAAS Container Audit Timeslice" + } + }, + "/api/v33.03/audits/firewall/app/host": { + "get": { + "description": { + "$ref": "desc/audits/waas_host_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Images is the image names filter.\n", + "in": "query", + "name": "imageName", + "schema": { + "description": "Images is the image names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Containers is the container names filter.\n", + "in": "query", + "name": "containerName", + "schema": { + "description": "Containers is the container names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hosts is the hostnames filter.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hosts is the hostnames filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RuleNames is the rule names filter.\n", + "in": "query", + "name": "ruleName", + "schema": { + "description": "RuleNames is the rule names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Types is the firewall audit type filter.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Types is the firewall audit type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Effect is used to filter by runtime audit effect.\n", + "in": "query", + "name": "effect", + "schema": { + "type": "string" + } + }, + { + "description": "RuleAppIDs is the rule app IDs filter.\n", + "in": "query", + "name": "ruleAppID", + "schema": { + "description": "RuleAppIDs is the rule app IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "FunctionName is used to filter by function name.\n", + "in": "query", + "name": "function", + "schema": { + "description": "FunctionName is used to filter by function name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Runtime is used to filter by runtime.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Runtime is used to filter by runtime.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "in": "query", + "name": "ns", + "schema": { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AppIDs is the app embedded appID filter.\n", + "in": "query", + "name": "appID", + "schema": { + "description": "AppIDs is the app embedded appID filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Subnets is the source IPs filter.\n", + "in": "query", + "name": "subnet", + "schema": { + "description": "Subnets is the source IPs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ConnectingIPs is the connecting IPs filter.\n", + "in": "query", + "name": "connectingIPs", + "schema": { + "description": "ConnectingIPs is the connecting IPs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Countries is the source IP country filter.\n", + "in": "query", + "name": "country", + "schema": { + "description": "Countries is the source IP country filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "UserAgents is the user agent header filter.\n", + "in": "query", + "name": "userAgentHeader", + "schema": { + "description": "UserAgents is the user agent header filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "URLs is the URL filter.\n", + "in": "query", + "name": "url", + "schema": { + "description": "URLs is the URL filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestHosts is the request host filter.\n", + "in": "query", + "name": "requestHost", + "schema": { + "description": "RequestHosts is the request host filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Paths is the URL path filter.\n", + "in": "query", + "name": "urlPath", + "schema": { + "description": "Paths is the URL path filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Queries is the URL query filter.\n", + "in": "query", + "name": "urlQuery", + "schema": { + "description": "Queries is the URL query filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Methods is the request method filter.\n", + "in": "query", + "name": "method", + "schema": { + "description": "Methods is the request method filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestHeaderNames is the request header names filter.\n", + "in": "query", + "name": "requestHeaderNames", + "schema": { + "description": "RequestHeaderNames is the request header names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OS is the OS filter.\n", + "in": "query", + "name": "os", + "schema": { + "description": "OS is the OS filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Messages is the audit message text filter.\n", + "in": "query", + "name": "msg", + "schema": { + "description": "Messages is the audit message text filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Cluster is the audit cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Cluster is the audit cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Aggregate indicates whether the result audits should be aggregated according to the Select field.\n", + "in": "query", + "name": "aggregate", + "schema": { + "type": "boolean" + } + }, + { + "description": "Protections is the firewall audit protection type filter.\n", + "in": "query", + "name": "protection", + "schema": { + "description": "Protections is the firewall audit protection type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "EventID is the event IDs filter.\n", + "in": "query", + "name": "eventID", + "schema": { + "description": "EventID is the event IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OWASPTop10 is the OWASP top 10 filter.\n", + "in": "query", + "name": "owaspTop10", + "schema": { + "description": "OWASPTop10 is the OWASP top 10 filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OWASPAPITop10 is the OWASP API top 10 filter.\n", + "in": "query", + "name": "owaspAPITop10", + "schema": { + "description": "OWASPAPITop10 is the OWASP API top 10 filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AdditionalHash is used to filter by the additional hash value.\n", + "in": "query", + "name": "additionalHash", + "schema": { + "description": "AdditionalHash is used to filter by the additional hash value.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ModelPath is used to filter by the API model path.\n", + "in": "query", + "name": "modelPath", + "schema": { + "description": "ModelPath is used to filter by the API model path.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.AppFirewallAudit" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorWAAS" + }, + "operationId": "get-audits-firewall-app-host", + "summary": "Get WAAS Host Audit Events" + } + }, + "/api/v33.03/audits/firewall/app/host/download": { + "get": { + "description": { + "$ref": "desc/audits/waas_host_download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Images is the image names filter.\n", + "in": "query", + "name": "imageName", + "schema": { + "description": "Images is the image names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Containers is the container names filter.\n", + "in": "query", + "name": "containerName", + "schema": { + "description": "Containers is the container names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hosts is the hostnames filter.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hosts is the hostnames filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RuleNames is the rule names filter.\n", + "in": "query", + "name": "ruleName", + "schema": { + "description": "RuleNames is the rule names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Types is the firewall audit type filter.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Types is the firewall audit type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Effect is used to filter by runtime audit effect.\n", + "in": "query", + "name": "effect", + "schema": { + "type": "string" + } + }, + { + "description": "RuleAppIDs is the rule app IDs filter.\n", + "in": "query", + "name": "ruleAppID", + "schema": { + "description": "RuleAppIDs is the rule app IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "FunctionName is used to filter by function name.\n", + "in": "query", + "name": "function", + "schema": { + "description": "FunctionName is used to filter by function name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Runtime is used to filter by runtime.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Runtime is used to filter by runtime.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "in": "query", + "name": "ns", + "schema": { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AppIDs is the app embedded appID filter.\n", + "in": "query", + "name": "appID", + "schema": { + "description": "AppIDs is the app embedded appID filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Subnets is the source IPs filter.\n", + "in": "query", + "name": "subnet", + "schema": { + "description": "Subnets is the source IPs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ConnectingIPs is the connecting IPs filter.\n", + "in": "query", + "name": "connectingIPs", + "schema": { + "description": "ConnectingIPs is the connecting IPs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Countries is the source IP country filter.\n", + "in": "query", + "name": "country", + "schema": { + "description": "Countries is the source IP country filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "UserAgents is the user agent header filter.\n", + "in": "query", + "name": "userAgentHeader", + "schema": { + "description": "UserAgents is the user agent header filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "URLs is the URL filter.\n", + "in": "query", + "name": "url", + "schema": { + "description": "URLs is the URL filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestHosts is the request host filter.\n", + "in": "query", + "name": "requestHost", + "schema": { + "description": "RequestHosts is the request host filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Paths is the URL path filter.\n", + "in": "query", + "name": "urlPath", + "schema": { + "description": "Paths is the URL path filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Queries is the URL query filter.\n", + "in": "query", + "name": "urlQuery", + "schema": { + "description": "Queries is the URL query filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Methods is the request method filter.\n", + "in": "query", + "name": "method", + "schema": { + "description": "Methods is the request method filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestHeaderNames is the request header names filter.\n", + "in": "query", + "name": "requestHeaderNames", + "schema": { + "description": "RequestHeaderNames is the request header names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OS is the OS filter.\n", + "in": "query", + "name": "os", + "schema": { + "description": "OS is the OS filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Messages is the audit message text filter.\n", + "in": "query", + "name": "msg", + "schema": { + "description": "Messages is the audit message text filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Cluster is the audit cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Cluster is the audit cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Aggregate indicates whether the result audits should be aggregated according to the Select field.\n", + "in": "query", + "name": "aggregate", + "schema": { + "type": "boolean" + } + }, + { + "description": "Protections is the firewall audit protection type filter.\n", + "in": "query", + "name": "protection", + "schema": { + "description": "Protections is the firewall audit protection type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "EventID is the event IDs filter.\n", + "in": "query", + "name": "eventID", + "schema": { + "description": "EventID is the event IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OWASPTop10 is the OWASP top 10 filter.\n", + "in": "query", + "name": "owaspTop10", + "schema": { + "description": "OWASPTop10 is the OWASP top 10 filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OWASPAPITop10 is the OWASP API top 10 filter.\n", + "in": "query", + "name": "owaspAPITop10", + "schema": { + "description": "OWASPAPITop10 is the OWASP API top 10 filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AdditionalHash is used to filter by the additional hash value.\n", + "in": "query", + "name": "additionalHash", + "schema": { + "description": "AdditionalHash is used to filter by the additional hash value.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ModelPath is used to filter by the API model path.\n", + "in": "query", + "name": "modelPath", + "schema": { + "description": "ModelPath is used to filter by the API model path.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorWAAS" + }, + "operationId": "get-audits-firewall-app-host-download", + "summary": "Download WAAS Host Audit Events" + } + }, + "/api/v33.03/audits/firewall/app/host/timeslice": { + "get": { + "description": { + "$ref": "desc/audits/waas_host_timeslice_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Images is the image names filter.\n", + "in": "query", + "name": "imageName", + "schema": { + "description": "Images is the image names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Containers is the container names filter.\n", + "in": "query", + "name": "containerName", + "schema": { + "description": "Containers is the container names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hosts is the hostnames filter.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hosts is the hostnames filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RuleNames is the rule names filter.\n", + "in": "query", + "name": "ruleName", + "schema": { + "description": "RuleNames is the rule names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Types is the firewall audit type filter.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Types is the firewall audit type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Effect is used to filter by runtime audit effect.\n", + "in": "query", + "name": "effect", + "schema": { + "type": "string" + } + }, + { + "description": "RuleAppIDs is the rule app IDs filter.\n", + "in": "query", + "name": "ruleAppID", + "schema": { + "description": "RuleAppIDs is the rule app IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "FunctionName is used to filter by function name.\n", + "in": "query", + "name": "function", + "schema": { + "description": "FunctionName is used to filter by function name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Runtime is used to filter by runtime.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Runtime is used to filter by runtime.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "in": "query", + "name": "ns", + "schema": { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AppIDs is the app embedded appID filter.\n", + "in": "query", + "name": "appID", + "schema": { + "description": "AppIDs is the app embedded appID filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Subnets is the source IPs filter.\n", + "in": "query", + "name": "subnet", + "schema": { + "description": "Subnets is the source IPs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ConnectingIPs is the connecting IPs filter.\n", + "in": "query", + "name": "connectingIPs", + "schema": { + "description": "ConnectingIPs is the connecting IPs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Countries is the source IP country filter.\n", + "in": "query", + "name": "country", + "schema": { + "description": "Countries is the source IP country filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "UserAgents is the user agent header filter.\n", + "in": "query", + "name": "userAgentHeader", + "schema": { + "description": "UserAgents is the user agent header filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "URLs is the URL filter.\n", + "in": "query", + "name": "url", + "schema": { + "description": "URLs is the URL filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestHosts is the request host filter.\n", + "in": "query", + "name": "requestHost", + "schema": { + "description": "RequestHosts is the request host filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Paths is the URL path filter.\n", + "in": "query", + "name": "urlPath", + "schema": { + "description": "Paths is the URL path filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Queries is the URL query filter.\n", + "in": "query", + "name": "urlQuery", + "schema": { + "description": "Queries is the URL query filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Methods is the request method filter.\n", + "in": "query", + "name": "method", + "schema": { + "description": "Methods is the request method filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestHeaderNames is the request header names filter.\n", + "in": "query", + "name": "requestHeaderNames", + "schema": { + "description": "RequestHeaderNames is the request header names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OS is the OS filter.\n", + "in": "query", + "name": "os", + "schema": { + "description": "OS is the OS filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Messages is the audit message text filter.\n", + "in": "query", + "name": "msg", + "schema": { + "description": "Messages is the audit message text filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Cluster is the audit cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Cluster is the audit cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Aggregate indicates whether the result audits should be aggregated according to the Select field.\n", + "in": "query", + "name": "aggregate", + "schema": { + "type": "boolean" + } + }, + { + "description": "Protections is the firewall audit protection type filter.\n", + "in": "query", + "name": "protection", + "schema": { + "description": "Protections is the firewall audit protection type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "EventID is the event IDs filter.\n", + "in": "query", + "name": "eventID", + "schema": { + "description": "EventID is the event IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OWASPTop10 is the OWASP top 10 filter.\n", + "in": "query", + "name": "owaspTop10", + "schema": { + "description": "OWASPTop10 is the OWASP top 10 filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OWASPAPITop10 is the OWASP API top 10 filter.\n", + "in": "query", + "name": "owaspAPITop10", + "schema": { + "description": "OWASPAPITop10 is the OWASP API top 10 filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AdditionalHash is used to filter by the additional hash value.\n", + "in": "query", + "name": "additionalHash", + "schema": { + "description": "AdditionalHash is used to filter by the additional hash value.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ModelPath is used to filter by the API model path.\n", + "in": "query", + "name": "modelPath", + "schema": { + "description": "ModelPath is used to filter by the API model path.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Buckets is the number of buckets to return.\n", + "in": "query", + "name": "buckets", + "schema": { + "type": "integer" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_types.AuditTimeslice" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorWAAS" + }, + "operationId": "get-audits-firewall-app-host-timeslice", + "summary": "Get WAAS Host Audit Timeslice" + } + }, + "/api/v33.03/audits/firewall/app/serverless": { + "get": { + "description": { + "$ref": "desc/audits/waas_serverless_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Images is the image names filter.\n", + "in": "query", + "name": "imageName", + "schema": { + "description": "Images is the image names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Containers is the container names filter.\n", + "in": "query", + "name": "containerName", + "schema": { + "description": "Containers is the container names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hosts is the hostnames filter.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hosts is the hostnames filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RuleNames is the rule names filter.\n", + "in": "query", + "name": "ruleName", + "schema": { + "description": "RuleNames is the rule names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Types is the firewall audit type filter.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Types is the firewall audit type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Effect is used to filter by runtime audit effect.\n", + "in": "query", + "name": "effect", + "schema": { + "type": "string" + } + }, + { + "description": "RuleAppIDs is the rule app IDs filter.\n", + "in": "query", + "name": "ruleAppID", + "schema": { + "description": "RuleAppIDs is the rule app IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "FunctionName is used to filter by function name.\n", + "in": "query", + "name": "function", + "schema": { + "description": "FunctionName is used to filter by function name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Runtime is used to filter by runtime.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Runtime is used to filter by runtime.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "in": "query", + "name": "ns", + "schema": { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AppIDs is the app embedded appID filter.\n", + "in": "query", + "name": "appID", + "schema": { + "description": "AppIDs is the app embedded appID filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Subnets is the source IPs filter.\n", + "in": "query", + "name": "subnet", + "schema": { + "description": "Subnets is the source IPs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ConnectingIPs is the connecting IPs filter.\n", + "in": "query", + "name": "connectingIPs", + "schema": { + "description": "ConnectingIPs is the connecting IPs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Countries is the source IP country filter.\n", + "in": "query", + "name": "country", + "schema": { + "description": "Countries is the source IP country filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "UserAgents is the user agent header filter.\n", + "in": "query", + "name": "userAgentHeader", + "schema": { + "description": "UserAgents is the user agent header filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "URLs is the URL filter.\n", + "in": "query", + "name": "url", + "schema": { + "description": "URLs is the URL filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestHosts is the request host filter.\n", + "in": "query", + "name": "requestHost", + "schema": { + "description": "RequestHosts is the request host filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Paths is the URL path filter.\n", + "in": "query", + "name": "urlPath", + "schema": { + "description": "Paths is the URL path filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Queries is the URL query filter.\n", + "in": "query", + "name": "urlQuery", + "schema": { + "description": "Queries is the URL query filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Methods is the request method filter.\n", + "in": "query", + "name": "method", + "schema": { + "description": "Methods is the request method filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestHeaderNames is the request header names filter.\n", + "in": "query", + "name": "requestHeaderNames", + "schema": { + "description": "RequestHeaderNames is the request header names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OS is the OS filter.\n", + "in": "query", + "name": "os", + "schema": { + "description": "OS is the OS filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Messages is the audit message text filter.\n", + "in": "query", + "name": "msg", + "schema": { + "description": "Messages is the audit message text filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Cluster is the audit cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Cluster is the audit cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Aggregate indicates whether the result audits should be aggregated according to the Select field.\n", + "in": "query", + "name": "aggregate", + "schema": { + "type": "boolean" + } + }, + { + "description": "Protections is the firewall audit protection type filter.\n", + "in": "query", + "name": "protection", + "schema": { + "description": "Protections is the firewall audit protection type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "EventID is the event IDs filter.\n", + "in": "query", + "name": "eventID", + "schema": { + "description": "EventID is the event IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OWASPTop10 is the OWASP top 10 filter.\n", + "in": "query", + "name": "owaspTop10", + "schema": { + "description": "OWASPTop10 is the OWASP top 10 filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OWASPAPITop10 is the OWASP API top 10 filter.\n", + "in": "query", + "name": "owaspAPITop10", + "schema": { + "description": "OWASPAPITop10 is the OWASP API top 10 filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AdditionalHash is used to filter by the additional hash value.\n", + "in": "query", + "name": "additionalHash", + "schema": { + "description": "AdditionalHash is used to filter by the additional hash value.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ModelPath is used to filter by the API model path.\n", + "in": "query", + "name": "modelPath", + "schema": { + "description": "ModelPath is used to filter by the API model path.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.AppFirewallAudit" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorWAAS" + }, + "operationId": "get-audits-firewall-app-serverless", + "summary": "Get WAAS Serverless Audit Events" + } + }, + "/api/v33.03/audits/firewall/app/serverless/download": { + "get": { + "description": { + "$ref": "desc/audits/waas_serverless_download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Images is the image names filter.\n", + "in": "query", + "name": "imageName", + "schema": { + "description": "Images is the image names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Containers is the container names filter.\n", + "in": "query", + "name": "containerName", + "schema": { + "description": "Containers is the container names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hosts is the hostnames filter.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hosts is the hostnames filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RuleNames is the rule names filter.\n", + "in": "query", + "name": "ruleName", + "schema": { + "description": "RuleNames is the rule names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Types is the firewall audit type filter.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Types is the firewall audit type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Effect is used to filter by runtime audit effect.\n", + "in": "query", + "name": "effect", + "schema": { + "type": "string" + } + }, + { + "description": "RuleAppIDs is the rule app IDs filter.\n", + "in": "query", + "name": "ruleAppID", + "schema": { + "description": "RuleAppIDs is the rule app IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "FunctionName is used to filter by function name.\n", + "in": "query", + "name": "function", + "schema": { + "description": "FunctionName is used to filter by function name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Runtime is used to filter by runtime.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Runtime is used to filter by runtime.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "in": "query", + "name": "ns", + "schema": { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AppIDs is the app embedded appID filter.\n", + "in": "query", + "name": "appID", + "schema": { + "description": "AppIDs is the app embedded appID filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Subnets is the source IPs filter.\n", + "in": "query", + "name": "subnet", + "schema": { + "description": "Subnets is the source IPs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ConnectingIPs is the connecting IPs filter.\n", + "in": "query", + "name": "connectingIPs", + "schema": { + "description": "ConnectingIPs is the connecting IPs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Countries is the source IP country filter.\n", + "in": "query", + "name": "country", + "schema": { + "description": "Countries is the source IP country filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "UserAgents is the user agent header filter.\n", + "in": "query", + "name": "userAgentHeader", + "schema": { + "description": "UserAgents is the user agent header filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "URLs is the URL filter.\n", + "in": "query", + "name": "url", + "schema": { + "description": "URLs is the URL filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestHosts is the request host filter.\n", + "in": "query", + "name": "requestHost", + "schema": { + "description": "RequestHosts is the request host filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Paths is the URL path filter.\n", + "in": "query", + "name": "urlPath", + "schema": { + "description": "Paths is the URL path filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Queries is the URL query filter.\n", + "in": "query", + "name": "urlQuery", + "schema": { + "description": "Queries is the URL query filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Methods is the request method filter.\n", + "in": "query", + "name": "method", + "schema": { + "description": "Methods is the request method filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestHeaderNames is the request header names filter.\n", + "in": "query", + "name": "requestHeaderNames", + "schema": { + "description": "RequestHeaderNames is the request header names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OS is the OS filter.\n", + "in": "query", + "name": "os", + "schema": { + "description": "OS is the OS filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Messages is the audit message text filter.\n", + "in": "query", + "name": "msg", + "schema": { + "description": "Messages is the audit message text filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Cluster is the audit cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Cluster is the audit cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Aggregate indicates whether the result audits should be aggregated according to the Select field.\n", + "in": "query", + "name": "aggregate", + "schema": { + "type": "boolean" + } + }, + { + "description": "Protections is the firewall audit protection type filter.\n", + "in": "query", + "name": "protection", + "schema": { + "description": "Protections is the firewall audit protection type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "EventID is the event IDs filter.\n", + "in": "query", + "name": "eventID", + "schema": { + "description": "EventID is the event IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OWASPTop10 is the OWASP top 10 filter.\n", + "in": "query", + "name": "owaspTop10", + "schema": { + "description": "OWASPTop10 is the OWASP top 10 filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OWASPAPITop10 is the OWASP API top 10 filter.\n", + "in": "query", + "name": "owaspAPITop10", + "schema": { + "description": "OWASPAPITop10 is the OWASP API top 10 filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AdditionalHash is used to filter by the additional hash value.\n", + "in": "query", + "name": "additionalHash", + "schema": { + "description": "AdditionalHash is used to filter by the additional hash value.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ModelPath is used to filter by the API model path.\n", + "in": "query", + "name": "modelPath", + "schema": { + "description": "ModelPath is used to filter by the API model path.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorWAAS" + }, + "operationId": "get-audits-firewall-app-serverless-download", + "summary": "Download WAAS Serverless Audit Events" + } + }, + "/api/v33.03/audits/firewall/app/serverless/timeslice": { + "get": { + "description": { + "$ref": "desc/audits/waas_serverless_timeslice_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Images is the image names filter.\n", + "in": "query", + "name": "imageName", + "schema": { + "description": "Images is the image names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Containers is the container names filter.\n", + "in": "query", + "name": "containerName", + "schema": { + "description": "Containers is the container names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hosts is the hostnames filter.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hosts is the hostnames filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RuleNames is the rule names filter.\n", + "in": "query", + "name": "ruleName", + "schema": { + "description": "RuleNames is the rule names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Types is the firewall audit type filter.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Types is the firewall audit type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Effect is used to filter by runtime audit effect.\n", + "in": "query", + "name": "effect", + "schema": { + "type": "string" + } + }, + { + "description": "RuleAppIDs is the rule app IDs filter.\n", + "in": "query", + "name": "ruleAppID", + "schema": { + "description": "RuleAppIDs is the rule app IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "FunctionName is used to filter by function name.\n", + "in": "query", + "name": "function", + "schema": { + "description": "FunctionName is used to filter by function name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Runtime is used to filter by runtime.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Runtime is used to filter by runtime.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "in": "query", + "name": "ns", + "schema": { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AppIDs is the app embedded appID filter.\n", + "in": "query", + "name": "appID", + "schema": { + "description": "AppIDs is the app embedded appID filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Subnets is the source IPs filter.\n", + "in": "query", + "name": "subnet", + "schema": { + "description": "Subnets is the source IPs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ConnectingIPs is the connecting IPs filter.\n", + "in": "query", + "name": "connectingIPs", + "schema": { + "description": "ConnectingIPs is the connecting IPs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Countries is the source IP country filter.\n", + "in": "query", + "name": "country", + "schema": { + "description": "Countries is the source IP country filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "UserAgents is the user agent header filter.\n", + "in": "query", + "name": "userAgentHeader", + "schema": { + "description": "UserAgents is the user agent header filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "URLs is the URL filter.\n", + "in": "query", + "name": "url", + "schema": { + "description": "URLs is the URL filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestHosts is the request host filter.\n", + "in": "query", + "name": "requestHost", + "schema": { + "description": "RequestHosts is the request host filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Paths is the URL path filter.\n", + "in": "query", + "name": "urlPath", + "schema": { + "description": "Paths is the URL path filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Queries is the URL query filter.\n", + "in": "query", + "name": "urlQuery", + "schema": { + "description": "Queries is the URL query filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Methods is the request method filter.\n", + "in": "query", + "name": "method", + "schema": { + "description": "Methods is the request method filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestHeaderNames is the request header names filter.\n", + "in": "query", + "name": "requestHeaderNames", + "schema": { + "description": "RequestHeaderNames is the request header names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OS is the OS filter.\n", + "in": "query", + "name": "os", + "schema": { + "description": "OS is the OS filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Messages is the audit message text filter.\n", + "in": "query", + "name": "msg", + "schema": { + "description": "Messages is the audit message text filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Cluster is the audit cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Cluster is the audit cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Aggregate indicates whether the result audits should be aggregated according to the Select field.\n", + "in": "query", + "name": "aggregate", + "schema": { + "type": "boolean" + } + }, + { + "description": "Protections is the firewall audit protection type filter.\n", + "in": "query", + "name": "protection", + "schema": { + "description": "Protections is the firewall audit protection type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "EventID is the event IDs filter.\n", + "in": "query", + "name": "eventID", + "schema": { + "description": "EventID is the event IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OWASPTop10 is the OWASP top 10 filter.\n", + "in": "query", + "name": "owaspTop10", + "schema": { + "description": "OWASPTop10 is the OWASP top 10 filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OWASPAPITop10 is the OWASP API top 10 filter.\n", + "in": "query", + "name": "owaspAPITop10", + "schema": { + "description": "OWASPAPITop10 is the OWASP API top 10 filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AdditionalHash is used to filter by the additional hash value.\n", + "in": "query", + "name": "additionalHash", + "schema": { + "description": "AdditionalHash is used to filter by the additional hash value.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ModelPath is used to filter by the API model path.\n", + "in": "query", + "name": "modelPath", + "schema": { + "description": "ModelPath is used to filter by the API model path.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Buckets is the number of buckets to return.\n", + "in": "query", + "name": "buckets", + "schema": { + "type": "integer" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_types.AuditTimeslice" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorWAAS" + }, + "operationId": "get-audits-firewall-app-serverless-timeslice", + "summary": "Get WAAS Serverless Audit Events for a Timeframe" + } + }, + "/api/v33.03/audits/firewall/network/container": { + "get": { + "description": { + "$ref": "desc/audits/firewall_network_container_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "From is an optional minimum time constraints for the audits.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audits.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "SrcImages are the source images filter.\n", + "in": "query", + "name": "srcImageName", + "schema": { + "description": "SrcImages are the source images filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "DstImages are the destination images filter.\n", + "in": "query", + "name": "dstImageName", + "schema": { + "description": "DstImages are the destination images filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Block is the block/audit filter.\n", + "in": "query", + "name": "block", + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.ContainerNetworkFirewallProfileAudits" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorCNNF" + }, + "operationId": "get-audits-firewall-network-container", + "summary": "Get CNNS Container Audit Events" + } + }, + "/api/v33.03/audits/firewall/network/container/download": { + "get": { + "description": { + "$ref": "desc/audits/firewall_network_container_download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "From is an optional minimum time constraints for the audits.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audits.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "SrcImages are the source images filter.\n", + "in": "query", + "name": "srcImageName", + "schema": { + "description": "SrcImages are the source images filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "DstImages are the destination images filter.\n", + "in": "query", + "name": "dstImageName", + "schema": { + "description": "DstImages are the destination images filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Block is the block/audit filter.\n", + "in": "query", + "name": "block", + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorCNNF" + }, + "operationId": "get-audits-firewall-network-container-download", + "summary": "Download CNNS Container Audit Events" + } + }, + "/api/v33.03/audits/firewall/network/host": { + "get": { + "description": { + "$ref": "desc/audits/firewall_network_host_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "From is an optional minimum time constraints for the audits.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audits.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "SrcHostname are the source hostnames filter.\n", + "in": "query", + "name": "srcHostnames", + "schema": { + "description": "SrcHostname are the source hostnames filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "DstHostname are the destination hostnames filter.\n", + "in": "query", + "name": "dstHostnames", + "schema": { + "description": "DstHostname are the destination hostnames filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.HostNetworkFirewallProfileAudits" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorCNNF" + }, + "operationId": "get-audits-firewall-network-host", + "summary": "Get CNNS Host Audit Events" + } + }, + "/api/v33.03/audits/firewall/network/host/download": { + "get": { + "description": { + "$ref": "desc/audits/firewall_network_host_download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "From is an optional minimum time constraints for the audits.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audits.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "SrcHostname are the source hostnames filter.\n", + "in": "query", + "name": "srcHostnames", + "schema": { + "description": "SrcHostname are the source hostnames filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "DstHostname are the destination hostnames filter.\n", + "in": "query", + "name": "dstHostnames", + "schema": { + "description": "DstHostname are the destination hostnames filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorCNNF" + }, + "operationId": "get-audits-firewall-network-host-download", + "summary": "Download CNNS Host Audit Events" + } + }, + "/api/v33.03/audits/incidents": { + "get": { + "description": { + "$ref": "desc/audits/incidents_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters results from a start datetime.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Filters results from an end datetime.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Filters results by hostname where the incident occurred.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Filters results by hostname where the incident occurred.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters results by incident category.\n", + "in": "query", + "name": "category", + "schema": { + "description": "Filters results by incident category.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters results by incident type.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Filters results by incident type.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters results by runtime profile ID.\n", + "in": "query", + "name": "profileID", + "schema": { + "description": "Filters results by runtime profile ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters results by incidents that have been acknowledged.\n", + "in": "query", + "name": "acknowledged", + "schema": { + "type": "string" + } + }, + { + "description": "Filters results by region (for functions)\nFilters results by cluster name.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Filters results by region (for functions)\nFilters results by cluster name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters results by ID.\n", + "in": "query", + "name": "id", + "schema": { + "description": "Filters results by ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters results by app IDs.\n", + "in": "query", + "name": "appID", + "schema": { + "description": "Filters results by app IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters results by container IDs.\n", + "in": "query", + "name": "containerID", + "schema": { + "description": "Filters results by container IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters results by function IDs.\n", + "in": "query", + "name": "functionID", + "schema": { + "description": "Filters results by function IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters results by custom rule names.\n", + "in": "query", + "name": "customRuleName", + "schema": { + "description": "Filters results by custom rule names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.Incident" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorRuntimeIncidents" + }, + "operationId": "get-audits-incidents", + "summary": "Get Incident Audit Events" + } + }, + "/api/v33.03/audits/incidents/acknowledge/{id}": { + "patch": { + "description": { + "$ref": "desc/audits/incidents_archive_patch.md" + }, + "parameters": [ + { + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.Incident" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorRuntimeIncidents" + }, + "operationId": "patch-audits-incidents-acknowledge-id", + "summary": "Archive an Incident Audit Event" + } + }, + "/api/v33.03/audits/incidents/download": { + "get": { + "description": { + "$ref": "desc/audits/incidents_download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters results from a start datetime.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Filters results from an end datetime.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Filters results by hostname where the incident occurred.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Filters results by hostname where the incident occurred.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters results by incident category.\n", + "in": "query", + "name": "category", + "schema": { + "description": "Filters results by incident category.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters results by incident type.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Filters results by incident type.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters results by runtime profile ID.\n", + "in": "query", + "name": "profileID", + "schema": { + "description": "Filters results by runtime profile ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters results by incidents that have been acknowledged.\n", + "in": "query", + "name": "acknowledged", + "schema": { + "type": "string" + } + }, + { + "description": "Filters results by region (for functions)\nFilters results by cluster name.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Filters results by region (for functions)\nFilters results by cluster name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters results by ID.\n", + "in": "query", + "name": "id", + "schema": { + "description": "Filters results by ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters results by app IDs.\n", + "in": "query", + "name": "appID", + "schema": { + "description": "Filters results by app IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters results by container IDs.\n", + "in": "query", + "name": "containerID", + "schema": { + "description": "Filters results by container IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters results by function IDs.\n", + "in": "query", + "name": "functionID", + "schema": { + "description": "Filters results by function IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters results by custom rule names.\n", + "in": "query", + "name": "customRuleName", + "schema": { + "description": "Filters results by custom rule names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorRuntimeIncidents" + }, + "operationId": "get-audits-incidents-download", + "summary": "Download Incident Audit Events" + } + }, + "/api/v33.03/audits/kubernetes": { + "get": { + "description": { + "$ref": "desc/audits/kubernetes_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "From is an optional minimum time constraints for the activity.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the activity.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Users is the list of users to use for filtering.\n", + "in": "query", + "name": "user", + "schema": { + "description": "Users is the list of users to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Clusters is the list of clusters for filtering.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Clusters is the list of clusters for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_kubeaudit.Audit" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorAccessKubernetes" + }, + "operationId": "get-audits-kubernetes", + "summary": "Get Kubernetes Audit Events" + } + }, + "/api/v33.03/audits/kubernetes/download": { + "get": { + "description": { + "$ref": "desc/audits/kubernetes_download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "From is an optional minimum time constraints for the activity.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the activity.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Users is the list of users to use for filtering.\n", + "in": "query", + "name": "user", + "schema": { + "description": "Users is the list of users to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Clusters is the list of clusters for filtering.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Clusters is the list of clusters for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorAccessKubernetes" + }, + "operationId": "get-audits-kubernetes-download", + "summary": "Download Kubernetes Audit Events" + } + }, + "/api/v33.03/audits/mgmt": { + "get": { + "description": { + "$ref": "desc/audits/mgmt_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Types is the audit type filter.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Types is the audit type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Usernames is the username filter.\n", + "in": "query", + "name": "username", + "schema": { + "description": "Usernames is the username filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.MgmtAudit" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "systemLogs" + }, + "operationId": "get-audits-mgmt", + "summary": "Get Management Audit Events" + } + }, + "/api/v33.03/audits/mgmt/download": { + "get": { + "description": { + "$ref": "desc/audits/mgmt_download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Types is the audit type filter.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Types is the audit type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Usernames is the username filter.\n", + "in": "query", + "name": "username", + "schema": { + "description": "Usernames is the username filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "systemLogs" + }, + "operationId": "get-audits-mgmt-download", + "summary": "Download Management Audit Events" + } + }, + "/api/v33.03/audits/mgmt/filters": { + "get": { + "description": { + "$ref": "desc/audits/mgmt_filters_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Types is the audit type filter.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Types is the audit type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Usernames is the username filter.\n", + "in": "query", + "name": "username", + "schema": { + "description": "Usernames is the username filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/types.MgmtAuditFilters" + } + } + }, + "description": "MgmtAuditFilters are filters for management audit queries" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "systemLogs" + }, + "operationId": "get-audits-mgmt-filters", + "summary": "Get Management Audit Event Filters" + } + }, + "/api/v33.03/audits/runtime/app-embedded": { + "get": { + "description": { + "$ref": "desc/audits/runtime_app_embedded_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "IDs are the audit IDs to filter.\n", + "in": "query", + "name": "id", + "schema": { + "description": "IDs are the audit IDs to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ProfileIDs are the profile IDs to filter.\n", + "in": "query", + "name": "profileID", + "schema": { + "description": "ProfileIDs are the profile IDs to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Time is used to filter by audit time.\n", + "in": "query", + "name": "time", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "ImageNames is the image name filter.\n", + "in": "query", + "name": "imageName", + "schema": { + "description": "ImageNames is the image name filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Containers is the container name filter.\n", + "in": "query", + "name": "container", + "schema": { + "description": "Containers is the container name filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ContainerID is used to filter by container ID.\n", + "in": "query", + "name": "containerID", + "schema": { + "description": "ContainerID is used to filter by container ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RuleNames is used to filter by rule name.\n", + "in": "query", + "name": "ruleName", + "schema": { + "description": "RuleNames is used to filter by rule name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Types is used to filter by runtime audit type.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Types is used to filter by runtime audit type.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Effect is used to filter by runtime audit effect (e.g., block/alert).\n", + "in": "query", + "name": "effect", + "schema": { + "description": "Effect is used to filter by runtime audit effect (e.g., block/alert).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Users is used to filter by host users.\n", + "in": "query", + "name": "user", + "schema": { + "description": "Users is used to filter by host users.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OS is the image OS distro filter.\n", + "in": "query", + "name": "os", + "schema": { + "description": "OS is the image OS distro filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces is the namespaces filter.\n", + "in": "query", + "name": "namespace", + "schema": { + "description": "Namespaces is the namespaces filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Fields is used to fetch specific runtime audit fields.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "Fields is used to fetch specific runtime audit fields.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Clusters is the cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Clusters is the cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTypes is used to filter by runtime audit attack type.\n", + "in": "query", + "name": "attackType", + "schema": { + "description": "AttackTypes is used to filter by runtime audit attack type.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hostname is the hostname filter.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hostname is the hostname filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Message is the audit message text filter.\n", + "in": "query", + "name": "msg", + "schema": { + "description": "Message is the audit message text filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Interactive is the audit interactive filter.\n", + "in": "query", + "name": "interactive", + "schema": { + "description": "Interactive is the audit interactive filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Function is used to filter by function name.\n", + "in": "query", + "name": "function", + "schema": { + "description": "Function is used to filter by function name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Runtime is used to filter by runtime.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Runtime is used to filter by runtime.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "App is the name constraint of the service that triggered the audit.\n", + "in": "query", + "name": "app", + "schema": { + "description": "App is the name constraint of the service that triggered the audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ProcessPath is the path constraint of the process that triggered the audit.\n", + "in": "query", + "name": "processPath", + "schema": { + "description": "ProcessPath is the path constraint of the process that triggered the audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestID is used to filter by request ID.\n", + "in": "query", + "name": "requestID", + "schema": { + "description": "RequestID is used to filter by request ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "FunctionID is used to filter by function ID.\n", + "in": "query", + "name": "functionID", + "schema": { + "description": "FunctionID is used to filter by function ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Aggregate indicates whether the result audits should be aggregated according to the Select field.\n", + "in": "query", + "name": "aggregate", + "schema": { + "type": "boolean" + } + }, + { + "description": "AppID is used to filter by embedded app or Fargate task that triggered the audit.\n", + "in": "query", + "name": "appID", + "schema": { + "description": "AppID is used to filter by embedded app or Fargate task that triggered the audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.RuntimeAudit" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorRuntimeServerless" + }, + "operationId": "get-audits-runtime-app-embedded", + "summary": "Get Runtime App-embedded Audit Events" + } + }, + "/api/v33.03/audits/runtime/app-embedded/download": { + "get": { + "description": { + "$ref": "desc/audits/runtime_app_embedded_download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "IDs are the audit IDs to filter.\n", + "in": "query", + "name": "id", + "schema": { + "description": "IDs are the audit IDs to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ProfileIDs are the profile IDs to filter.\n", + "in": "query", + "name": "profileID", + "schema": { + "description": "ProfileIDs are the profile IDs to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Time is used to filter by audit time.\n", + "in": "query", + "name": "time", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "ImageNames is the image name filter.\n", + "in": "query", + "name": "imageName", + "schema": { + "description": "ImageNames is the image name filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Containers is the container name filter.\n", + "in": "query", + "name": "container", + "schema": { + "description": "Containers is the container name filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ContainerID is used to filter by container ID.\n", + "in": "query", + "name": "containerID", + "schema": { + "description": "ContainerID is used to filter by container ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RuleNames is used to filter by rule name.\n", + "in": "query", + "name": "ruleName", + "schema": { + "description": "RuleNames is used to filter by rule name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Types is used to filter by runtime audit type.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Types is used to filter by runtime audit type.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Effect is used to filter by runtime audit effect (e.g., block/alert).\n", + "in": "query", + "name": "effect", + "schema": { + "description": "Effect is used to filter by runtime audit effect (e.g., block/alert).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Users is used to filter by host users.\n", + "in": "query", + "name": "user", + "schema": { + "description": "Users is used to filter by host users.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OS is the image OS distro filter.\n", + "in": "query", + "name": "os", + "schema": { + "description": "OS is the image OS distro filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces is the namespaces filter.\n", + "in": "query", + "name": "namespace", + "schema": { + "description": "Namespaces is the namespaces filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Fields is used to fetch specific runtime audit fields.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "Fields is used to fetch specific runtime audit fields.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Clusters is the cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Clusters is the cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTypes is used to filter by runtime audit attack type.\n", + "in": "query", + "name": "attackType", + "schema": { + "description": "AttackTypes is used to filter by runtime audit attack type.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hostname is the hostname filter.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hostname is the hostname filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Message is the audit message text filter.\n", + "in": "query", + "name": "msg", + "schema": { + "description": "Message is the audit message text filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Interactive is the audit interactive filter.\n", + "in": "query", + "name": "interactive", + "schema": { + "description": "Interactive is the audit interactive filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Function is used to filter by function name.\n", + "in": "query", + "name": "function", + "schema": { + "description": "Function is used to filter by function name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Runtime is used to filter by runtime.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Runtime is used to filter by runtime.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "App is the name constraint of the service that triggered the audit.\n", + "in": "query", + "name": "app", + "schema": { + "description": "App is the name constraint of the service that triggered the audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ProcessPath is the path constraint of the process that triggered the audit.\n", + "in": "query", + "name": "processPath", + "schema": { + "description": "ProcessPath is the path constraint of the process that triggered the audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestID is used to filter by request ID.\n", + "in": "query", + "name": "requestID", + "schema": { + "description": "RequestID is used to filter by request ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "FunctionID is used to filter by function ID.\n", + "in": "query", + "name": "functionID", + "schema": { + "description": "FunctionID is used to filter by function ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Aggregate indicates whether the result audits should be aggregated according to the Select field.\n", + "in": "query", + "name": "aggregate", + "schema": { + "type": "boolean" + } + }, + { + "description": "AppID is used to filter by embedded app or Fargate task that triggered the audit.\n", + "in": "query", + "name": "appID", + "schema": { + "description": "AppID is used to filter by embedded app or Fargate task that triggered the audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorRuntimeServerless" + }, + "operationId": "get-audits-runtime-app-embedded-download", + "summary": "Download Runtime App-embedded Audit Events" + } + }, + "/api/v33.03/audits/runtime/container": { + "get": { + "description": { + "$ref": "desc/audits/runtime_container_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "IDs are the audit IDs to filter.\n", + "in": "query", + "name": "id", + "schema": { + "description": "IDs are the audit IDs to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ProfileIDs are the profile IDs to filter.\n", + "in": "query", + "name": "profileID", + "schema": { + "description": "ProfileIDs are the profile IDs to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Time is used to filter by audit time.\n", + "in": "query", + "name": "time", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "ImageNames is the image name filter.\n", + "in": "query", + "name": "imageName", + "schema": { + "description": "ImageNames is the image name filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Containers is the container name filter.\n", + "in": "query", + "name": "container", + "schema": { + "description": "Containers is the container name filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ContainerID is used to filter by container ID.\n", + "in": "query", + "name": "containerID", + "schema": { + "description": "ContainerID is used to filter by container ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RuleNames is used to filter by rule name.\n", + "in": "query", + "name": "ruleName", + "schema": { + "description": "RuleNames is used to filter by rule name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Types is used to filter by runtime audit type.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Types is used to filter by runtime audit type.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Effect is used to filter by runtime audit effect (e.g., block/alert).\n", + "in": "query", + "name": "effect", + "schema": { + "description": "Effect is used to filter by runtime audit effect (e.g., block/alert).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Users is used to filter by host users.\n", + "in": "query", + "name": "user", + "schema": { + "description": "Users is used to filter by host users.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OS is the image OS distro filter.\n", + "in": "query", + "name": "os", + "schema": { + "description": "OS is the image OS distro filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces is the namespaces filter.\n", + "in": "query", + "name": "namespace", + "schema": { + "description": "Namespaces is the namespaces filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Fields is used to fetch specific runtime audit fields.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "Fields is used to fetch specific runtime audit fields.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Clusters is the cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Clusters is the cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTypes is used to filter by runtime audit attack type.\n", + "in": "query", + "name": "attackType", + "schema": { + "description": "AttackTypes is used to filter by runtime audit attack type.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hostname is the hostname filter.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hostname is the hostname filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Message is the audit message text filter.\n", + "in": "query", + "name": "msg", + "schema": { + "description": "Message is the audit message text filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Interactive is the audit interactive filter.\n", + "in": "query", + "name": "interactive", + "schema": { + "description": "Interactive is the audit interactive filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Function is used to filter by function name.\n", + "in": "query", + "name": "function", + "schema": { + "description": "Function is used to filter by function name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Runtime is used to filter by runtime.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Runtime is used to filter by runtime.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "App is the name constraint of the service that triggered the audit.\n", + "in": "query", + "name": "app", + "schema": { + "description": "App is the name constraint of the service that triggered the audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ProcessPath is the path constraint of the process that triggered the audit.\n", + "in": "query", + "name": "processPath", + "schema": { + "description": "ProcessPath is the path constraint of the process that triggered the audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestID is used to filter by request ID.\n", + "in": "query", + "name": "requestID", + "schema": { + "description": "RequestID is used to filter by request ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "FunctionID is used to filter by function ID.\n", + "in": "query", + "name": "functionID", + "schema": { + "description": "FunctionID is used to filter by function ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Aggregate indicates whether the result audits should be aggregated according to the Select field.\n", + "in": "query", + "name": "aggregate", + "schema": { + "type": "boolean" + } + }, + { + "description": "AppID is used to filter by embedded app or Fargate task that triggered the audit.\n", + "in": "query", + "name": "appID", + "schema": { + "description": "AppID is used to filter by embedded app or Fargate task that triggered the audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.RuntimeAudit" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorRuntimeContainers" + }, + "operationId": "get-audits-runtime-container", + "summary": "Get Runtime Container Audit Events" + } + }, + "/api/v33.03/audits/runtime/container/download": { + "get": { + "description": { + "$ref": "desc/audits/runtime_container_download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "IDs are the audit IDs to filter.\n", + "in": "query", + "name": "id", + "schema": { + "description": "IDs are the audit IDs to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ProfileIDs are the profile IDs to filter.\n", + "in": "query", + "name": "profileID", + "schema": { + "description": "ProfileIDs are the profile IDs to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Time is used to filter by audit time.\n", + "in": "query", + "name": "time", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "ImageNames is the image name filter.\n", + "in": "query", + "name": "imageName", + "schema": { + "description": "ImageNames is the image name filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Containers is the container name filter.\n", + "in": "query", + "name": "container", + "schema": { + "description": "Containers is the container name filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ContainerID is used to filter by container ID.\n", + "in": "query", + "name": "containerID", + "schema": { + "description": "ContainerID is used to filter by container ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RuleNames is used to filter by rule name.\n", + "in": "query", + "name": "ruleName", + "schema": { + "description": "RuleNames is used to filter by rule name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Types is used to filter by runtime audit type.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Types is used to filter by runtime audit type.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Effect is used to filter by runtime audit effect (e.g., block/alert).\n", + "in": "query", + "name": "effect", + "schema": { + "description": "Effect is used to filter by runtime audit effect (e.g., block/alert).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Users is used to filter by host users.\n", + "in": "query", + "name": "user", + "schema": { + "description": "Users is used to filter by host users.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OS is the image OS distro filter.\n", + "in": "query", + "name": "os", + "schema": { + "description": "OS is the image OS distro filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces is the namespaces filter.\n", + "in": "query", + "name": "namespace", + "schema": { + "description": "Namespaces is the namespaces filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Fields is used to fetch specific runtime audit fields.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "Fields is used to fetch specific runtime audit fields.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Clusters is the cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Clusters is the cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTypes is used to filter by runtime audit attack type.\n", + "in": "query", + "name": "attackType", + "schema": { + "description": "AttackTypes is used to filter by runtime audit attack type.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hostname is the hostname filter.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hostname is the hostname filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Message is the audit message text filter.\n", + "in": "query", + "name": "msg", + "schema": { + "description": "Message is the audit message text filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Interactive is the audit interactive filter.\n", + "in": "query", + "name": "interactive", + "schema": { + "description": "Interactive is the audit interactive filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Function is used to filter by function name.\n", + "in": "query", + "name": "function", + "schema": { + "description": "Function is used to filter by function name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Runtime is used to filter by runtime.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Runtime is used to filter by runtime.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "App is the name constraint of the service that triggered the audit.\n", + "in": "query", + "name": "app", + "schema": { + "description": "App is the name constraint of the service that triggered the audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ProcessPath is the path constraint of the process that triggered the audit.\n", + "in": "query", + "name": "processPath", + "schema": { + "description": "ProcessPath is the path constraint of the process that triggered the audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestID is used to filter by request ID.\n", + "in": "query", + "name": "requestID", + "schema": { + "description": "RequestID is used to filter by request ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "FunctionID is used to filter by function ID.\n", + "in": "query", + "name": "functionID", + "schema": { + "description": "FunctionID is used to filter by function ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Aggregate indicates whether the result audits should be aggregated according to the Select field.\n", + "in": "query", + "name": "aggregate", + "schema": { + "type": "boolean" + } + }, + { + "description": "AppID is used to filter by embedded app or Fargate task that triggered the audit.\n", + "in": "query", + "name": "appID", + "schema": { + "description": "AppID is used to filter by embedded app or Fargate task that triggered the audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorRuntimeContainers" + }, + "operationId": "get-audits-runtime-container-download", + "summary": "Download Runtime Container Audit Events" + } + }, + "/api/v33.03/audits/runtime/container/timeslice": { + "get": { + "description": { + "$ref": "desc/audits/runtime_container_timeslice_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "IDs are the audit IDs to filter.\n", + "in": "query", + "name": "id", + "schema": { + "description": "IDs are the audit IDs to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ProfileIDs are the profile IDs to filter.\n", + "in": "query", + "name": "profileID", + "schema": { + "description": "ProfileIDs are the profile IDs to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Time is used to filter by audit time.\n", + "in": "query", + "name": "time", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "ImageNames is the image name filter.\n", + "in": "query", + "name": "imageName", + "schema": { + "description": "ImageNames is the image name filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Containers is the container name filter.\n", + "in": "query", + "name": "container", + "schema": { + "description": "Containers is the container name filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ContainerID is used to filter by container ID.\n", + "in": "query", + "name": "containerID", + "schema": { + "description": "ContainerID is used to filter by container ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RuleNames is used to filter by rule name.\n", + "in": "query", + "name": "ruleName", + "schema": { + "description": "RuleNames is used to filter by rule name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Types is used to filter by runtime audit type.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Types is used to filter by runtime audit type.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Effect is used to filter by runtime audit effect (e.g., block/alert).\n", + "in": "query", + "name": "effect", + "schema": { + "description": "Effect is used to filter by runtime audit effect (e.g., block/alert).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Users is used to filter by host users.\n", + "in": "query", + "name": "user", + "schema": { + "description": "Users is used to filter by host users.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OS is the image OS distro filter.\n", + "in": "query", + "name": "os", + "schema": { + "description": "OS is the image OS distro filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces is the namespaces filter.\n", + "in": "query", + "name": "namespace", + "schema": { + "description": "Namespaces is the namespaces filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Fields is used to fetch specific runtime audit fields.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "Fields is used to fetch specific runtime audit fields.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Clusters is the cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Clusters is the cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTypes is used to filter by runtime audit attack type.\n", + "in": "query", + "name": "attackType", + "schema": { + "description": "AttackTypes is used to filter by runtime audit attack type.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hostname is the hostname filter.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hostname is the hostname filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Message is the audit message text filter.\n", + "in": "query", + "name": "msg", + "schema": { + "description": "Message is the audit message text filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Interactive is the audit interactive filter.\n", + "in": "query", + "name": "interactive", + "schema": { + "description": "Interactive is the audit interactive filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Function is used to filter by function name.\n", + "in": "query", + "name": "function", + "schema": { + "description": "Function is used to filter by function name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Runtime is used to filter by runtime.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Runtime is used to filter by runtime.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "App is the name constraint of the service that triggered the audit.\n", + "in": "query", + "name": "app", + "schema": { + "description": "App is the name constraint of the service that triggered the audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ProcessPath is the path constraint of the process that triggered the audit.\n", + "in": "query", + "name": "processPath", + "schema": { + "description": "ProcessPath is the path constraint of the process that triggered the audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestID is used to filter by request ID.\n", + "in": "query", + "name": "requestID", + "schema": { + "description": "RequestID is used to filter by request ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "FunctionID is used to filter by function ID.\n", + "in": "query", + "name": "functionID", + "schema": { + "description": "FunctionID is used to filter by function ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Aggregate indicates whether the result audits should be aggregated according to the Select field.\n", + "in": "query", + "name": "aggregate", + "schema": { + "type": "boolean" + } + }, + { + "description": "AppID is used to filter by embedded app or Fargate task that triggered the audit.\n", + "in": "query", + "name": "appID", + "schema": { + "description": "AppID is used to filter by embedded app or Fargate task that triggered the audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Buckets is the number of buckets to return.\n", + "in": "query", + "name": "buckets", + "schema": { + "type": "integer" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_types.AuditTimeslice" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorRuntimeContainers" + }, + "operationId": "get-audits-runtime-container-timeslice", + "summary": "Get Runtime Container Audit Events for a Timeframe" + } + }, + "/api/v33.03/audits/runtime/file-integrity": { + "get": { + "description": { + "$ref": "desc/audits/runtime_file-integrity_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "IDs is the list of IDs to use for filtering.\n", + "in": "query", + "name": "id", + "schema": { + "description": "IDs is the list of IDs to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "From is an optional minimum time constraints for the event.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the event.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Hosts is the list of hosts to use for filtering.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hosts is the list of hosts to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Paths is the list of paths to use for filtering.\n", + "in": "query", + "name": "path", + "schema": { + "description": "Paths is the list of paths to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "EventTypes is the list of file intergrity events to use for filtering.\n", + "in": "query", + "name": "eventType", + "schema": { + "description": "EventTypes is the list of file intergrity events to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Clusters is the cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Clusters is the cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.FileIntegrityEvent" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorRuntimeHosts" + }, + "operationId": "get-audits-runtime-file-integrity", + "summary": "Get Runtime File Integrity Audit Events" + } + }, + "/api/v33.03/audits/runtime/file-integrity/download": { + "get": { + "description": { + "$ref": "desc/audits/runtime_file-integrity_download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "IDs is the list of IDs to use for filtering.\n", + "in": "query", + "name": "id", + "schema": { + "description": "IDs is the list of IDs to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "From is an optional minimum time constraints for the event.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the event.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Hosts is the list of hosts to use for filtering.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hosts is the list of hosts to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Paths is the list of paths to use for filtering.\n", + "in": "query", + "name": "path", + "schema": { + "description": "Paths is the list of paths to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "EventTypes is the list of file intergrity events to use for filtering.\n", + "in": "query", + "name": "eventType", + "schema": { + "description": "EventTypes is the list of file intergrity events to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Clusters is the cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Clusters is the cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorRuntimeHosts" + }, + "operationId": "get-audits-runtime-file-integrity-download", + "summary": "Download Runtime File Integrity Audit Events" + } + }, + "/api/v33.03/audits/runtime/host": { + "get": { + "description": { + "$ref": "desc/audits/runtime_host_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "IDs are the audit IDs to filter.\n", + "in": "query", + "name": "id", + "schema": { + "description": "IDs are the audit IDs to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ProfileIDs are the profile IDs to filter.\n", + "in": "query", + "name": "profileID", + "schema": { + "description": "ProfileIDs are the profile IDs to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Time is used to filter by audit time.\n", + "in": "query", + "name": "time", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "ImageNames is the image name filter.\n", + "in": "query", + "name": "imageName", + "schema": { + "description": "ImageNames is the image name filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Containers is the container name filter.\n", + "in": "query", + "name": "container", + "schema": { + "description": "Containers is the container name filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ContainerID is used to filter by container ID.\n", + "in": "query", + "name": "containerID", + "schema": { + "description": "ContainerID is used to filter by container ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RuleNames is used to filter by rule name.\n", + "in": "query", + "name": "ruleName", + "schema": { + "description": "RuleNames is used to filter by rule name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Types is used to filter by runtime audit type.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Types is used to filter by runtime audit type.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Effect is used to filter by runtime audit effect (e.g., block/alert).\n", + "in": "query", + "name": "effect", + "schema": { + "description": "Effect is used to filter by runtime audit effect (e.g., block/alert).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Users is used to filter by host users.\n", + "in": "query", + "name": "user", + "schema": { + "description": "Users is used to filter by host users.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OS is the image OS distro filter.\n", + "in": "query", + "name": "os", + "schema": { + "description": "OS is the image OS distro filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces is the namespaces filter.\n", + "in": "query", + "name": "namespace", + "schema": { + "description": "Namespaces is the namespaces filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Fields is used to fetch specific runtime audit fields.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "Fields is used to fetch specific runtime audit fields.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Clusters is the cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Clusters is the cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTypes is used to filter by runtime audit attack type.\n", + "in": "query", + "name": "attackType", + "schema": { + "description": "AttackTypes is used to filter by runtime audit attack type.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hostname is the hostname filter.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hostname is the hostname filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Message is the audit message text filter.\n", + "in": "query", + "name": "msg", + "schema": { + "description": "Message is the audit message text filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Interactive is the audit interactive filter.\n", + "in": "query", + "name": "interactive", + "schema": { + "description": "Interactive is the audit interactive filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Function is used to filter by function name.\n", + "in": "query", + "name": "function", + "schema": { + "description": "Function is used to filter by function name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Runtime is used to filter by runtime.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Runtime is used to filter by runtime.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "App is the name constraint of the service that triggered the audit.\n", + "in": "query", + "name": "app", + "schema": { + "description": "App is the name constraint of the service that triggered the audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ProcessPath is the path constraint of the process that triggered the audit.\n", + "in": "query", + "name": "processPath", + "schema": { + "description": "ProcessPath is the path constraint of the process that triggered the audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestID is used to filter by request ID.\n", + "in": "query", + "name": "requestID", + "schema": { + "description": "RequestID is used to filter by request ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "FunctionID is used to filter by function ID.\n", + "in": "query", + "name": "functionID", + "schema": { + "description": "FunctionID is used to filter by function ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Aggregate indicates whether the result audits should be aggregated according to the Select field.\n", + "in": "query", + "name": "aggregate", + "schema": { + "type": "boolean" + } + }, + { + "description": "AppID is used to filter by embedded app or Fargate task that triggered the audit.\n", + "in": "query", + "name": "appID", + "schema": { + "description": "AppID is used to filter by embedded app or Fargate task that triggered the audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.RuntimeAudit" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorRuntimeHosts" + }, + "operationId": "get-audits-runtime-host", + "summary": "Get Runtime Host Audit Events" + } + }, + "/api/v33.03/audits/runtime/host/download": { + "get": { + "description": { + "$ref": "desc/audits/runtime_host_download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "IDs are the audit IDs to filter.\n", + "in": "query", + "name": "id", + "schema": { + "description": "IDs are the audit IDs to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ProfileIDs are the profile IDs to filter.\n", + "in": "query", + "name": "profileID", + "schema": { + "description": "ProfileIDs are the profile IDs to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Time is used to filter by audit time.\n", + "in": "query", + "name": "time", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "ImageNames is the image name filter.\n", + "in": "query", + "name": "imageName", + "schema": { + "description": "ImageNames is the image name filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Containers is the container name filter.\n", + "in": "query", + "name": "container", + "schema": { + "description": "Containers is the container name filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ContainerID is used to filter by container ID.\n", + "in": "query", + "name": "containerID", + "schema": { + "description": "ContainerID is used to filter by container ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RuleNames is used to filter by rule name.\n", + "in": "query", + "name": "ruleName", + "schema": { + "description": "RuleNames is used to filter by rule name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Types is used to filter by runtime audit type.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Types is used to filter by runtime audit type.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Effect is used to filter by runtime audit effect (e.g., block/alert).\n", + "in": "query", + "name": "effect", + "schema": { + "description": "Effect is used to filter by runtime audit effect (e.g., block/alert).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Users is used to filter by host users.\n", + "in": "query", + "name": "user", + "schema": { + "description": "Users is used to filter by host users.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OS is the image OS distro filter.\n", + "in": "query", + "name": "os", + "schema": { + "description": "OS is the image OS distro filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces is the namespaces filter.\n", + "in": "query", + "name": "namespace", + "schema": { + "description": "Namespaces is the namespaces filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Fields is used to fetch specific runtime audit fields.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "Fields is used to fetch specific runtime audit fields.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Clusters is the cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Clusters is the cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTypes is used to filter by runtime audit attack type.\n", + "in": "query", + "name": "attackType", + "schema": { + "description": "AttackTypes is used to filter by runtime audit attack type.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hostname is the hostname filter.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hostname is the hostname filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Message is the audit message text filter.\n", + "in": "query", + "name": "msg", + "schema": { + "description": "Message is the audit message text filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Interactive is the audit interactive filter.\n", + "in": "query", + "name": "interactive", + "schema": { + "description": "Interactive is the audit interactive filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Function is used to filter by function name.\n", + "in": "query", + "name": "function", + "schema": { + "description": "Function is used to filter by function name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Runtime is used to filter by runtime.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Runtime is used to filter by runtime.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "App is the name constraint of the service that triggered the audit.\n", + "in": "query", + "name": "app", + "schema": { + "description": "App is the name constraint of the service that triggered the audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ProcessPath is the path constraint of the process that triggered the audit.\n", + "in": "query", + "name": "processPath", + "schema": { + "description": "ProcessPath is the path constraint of the process that triggered the audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestID is used to filter by request ID.\n", + "in": "query", + "name": "requestID", + "schema": { + "description": "RequestID is used to filter by request ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "FunctionID is used to filter by function ID.\n", + "in": "query", + "name": "functionID", + "schema": { + "description": "FunctionID is used to filter by function ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Aggregate indicates whether the result audits should be aggregated according to the Select field.\n", + "in": "query", + "name": "aggregate", + "schema": { + "type": "boolean" + } + }, + { + "description": "AppID is used to filter by embedded app or Fargate task that triggered the audit.\n", + "in": "query", + "name": "appID", + "schema": { + "description": "AppID is used to filter by embedded app or Fargate task that triggered the audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorRuntimeHosts" + }, + "operationId": "get-audits-runtime-host-download", + "summary": "Download Runtime Host Audit Events" + } + }, + "/api/v33.03/audits/runtime/host/timeslice": { + "get": { + "description": { + "$ref": "desc/audits/runtime_host_timeslice_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "IDs are the audit IDs to filter.\n", + "in": "query", + "name": "id", + "schema": { + "description": "IDs are the audit IDs to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ProfileIDs are the profile IDs to filter.\n", + "in": "query", + "name": "profileID", + "schema": { + "description": "ProfileIDs are the profile IDs to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Time is used to filter by audit time.\n", + "in": "query", + "name": "time", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "ImageNames is the image name filter.\n", + "in": "query", + "name": "imageName", + "schema": { + "description": "ImageNames is the image name filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Containers is the container name filter.\n", + "in": "query", + "name": "container", + "schema": { + "description": "Containers is the container name filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ContainerID is used to filter by container ID.\n", + "in": "query", + "name": "containerID", + "schema": { + "description": "ContainerID is used to filter by container ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RuleNames is used to filter by rule name.\n", + "in": "query", + "name": "ruleName", + "schema": { + "description": "RuleNames is used to filter by rule name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Types is used to filter by runtime audit type.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Types is used to filter by runtime audit type.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Effect is used to filter by runtime audit effect (e.g., block/alert).\n", + "in": "query", + "name": "effect", + "schema": { + "description": "Effect is used to filter by runtime audit effect (e.g., block/alert).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Users is used to filter by host users.\n", + "in": "query", + "name": "user", + "schema": { + "description": "Users is used to filter by host users.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OS is the image OS distro filter.\n", + "in": "query", + "name": "os", + "schema": { + "description": "OS is the image OS distro filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces is the namespaces filter.\n", + "in": "query", + "name": "namespace", + "schema": { + "description": "Namespaces is the namespaces filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Fields is used to fetch specific runtime audit fields.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "Fields is used to fetch specific runtime audit fields.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Clusters is the cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Clusters is the cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTypes is used to filter by runtime audit attack type.\n", + "in": "query", + "name": "attackType", + "schema": { + "description": "AttackTypes is used to filter by runtime audit attack type.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hostname is the hostname filter.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hostname is the hostname filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Message is the audit message text filter.\n", + "in": "query", + "name": "msg", + "schema": { + "description": "Message is the audit message text filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Interactive is the audit interactive filter.\n", + "in": "query", + "name": "interactive", + "schema": { + "description": "Interactive is the audit interactive filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Function is used to filter by function name.\n", + "in": "query", + "name": "function", + "schema": { + "description": "Function is used to filter by function name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Runtime is used to filter by runtime.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Runtime is used to filter by runtime.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "App is the name constraint of the service that triggered the audit.\n", + "in": "query", + "name": "app", + "schema": { + "description": "App is the name constraint of the service that triggered the audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ProcessPath is the path constraint of the process that triggered the audit.\n", + "in": "query", + "name": "processPath", + "schema": { + "description": "ProcessPath is the path constraint of the process that triggered the audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestID is used to filter by request ID.\n", + "in": "query", + "name": "requestID", + "schema": { + "description": "RequestID is used to filter by request ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "FunctionID is used to filter by function ID.\n", + "in": "query", + "name": "functionID", + "schema": { + "description": "FunctionID is used to filter by function ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Aggregate indicates whether the result audits should be aggregated according to the Select field.\n", + "in": "query", + "name": "aggregate", + "schema": { + "type": "boolean" + } + }, + { + "description": "AppID is used to filter by embedded app or Fargate task that triggered the audit.\n", + "in": "query", + "name": "appID", + "schema": { + "description": "AppID is used to filter by embedded app or Fargate task that triggered the audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Buckets is the number of buckets to return.\n", + "in": "query", + "name": "buckets", + "schema": { + "type": "integer" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_types.AuditTimeslice" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorRuntimeHosts" + }, + "operationId": "get-audits-runtime-host-timeslice", + "summary": "Get Runtime Host Audit Events for a Timeframe" + } + }, + "/api/v33.03/audits/runtime/log-inspection": { + "get": { + "description": { + "$ref": "desc/audits/runtime_log-inspection_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "IDs is the list of IDs to use for filtering.\n", + "in": "query", + "name": "id", + "schema": { + "description": "IDs is the list of IDs to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "From is an optional minimum time constraints for the event.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the event.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Hosts is the list of hosts to use for filtering.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hosts is the list of hosts to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Logfiles is the list of log files to use for filtering.\n", + "in": "query", + "name": "logfile", + "schema": { + "description": "Logfiles is the list of log files to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Clusters is the cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Clusters is the cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.LogInspectionEvent" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorRuntimeHosts" + }, + "operationId": "get-audits-runtime-log-inspection", + "summary": "Get Runtime Log Inspection Audit Events" + } + }, + "/api/v33.03/audits/runtime/log-inspection/download": { + "get": { + "description": { + "$ref": "desc/audits/runtime_log-inspection_download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "IDs is the list of IDs to use for filtering.\n", + "in": "query", + "name": "id", + "schema": { + "description": "IDs is the list of IDs to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "From is an optional minimum time constraints for the event.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the event.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Hosts is the list of hosts to use for filtering.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hosts is the list of hosts to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Logfiles is the list of log files to use for filtering.\n", + "in": "query", + "name": "logfile", + "schema": { + "description": "Logfiles is the list of log files to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Clusters is the cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Clusters is the cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorRuntimeHosts" + }, + "operationId": "get-audits-runtime-log-inspection-download", + "summary": "Download Runtime Log Inspection Audit Events" + } + }, + "/api/v33.03/audits/runtime/serverless": { + "get": { + "description": { + "$ref": "desc/audits/runtime_serverless_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "ProfileIDs are the profile ids to filter.\n", + "in": "query", + "name": "profileID", + "schema": { + "description": "ProfileIDs are the profile ids to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Time is an optional exact time constraint for the audit.\n", + "in": "query", + "name": "time", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "RuleNames is used to filter by rule name.\n", + "in": "query", + "name": "ruleName", + "schema": { + "description": "RuleNames is used to filter by rule name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Types is a filter by runtime audit type.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Types is a filter by runtime audit type.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Effect is used to filter by runtime audit effect (block/alert).\n", + "in": "query", + "name": "effect", + "schema": { + "description": "Effect is used to filter by runtime audit effect (block/alert).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Function is used to filter by function name.\n", + "in": "query", + "name": "function", + "schema": { + "description": "Function is used to filter by function name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Runtime is used to filter by runtime.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Runtime is used to filter by runtime.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestID is used to filter by request id.\n", + "in": "query", + "name": "requestID", + "schema": { + "description": "RequestID is used to filter by request id.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Message is the audit message text filter.\n", + "in": "query", + "name": "msg", + "schema": { + "description": "Message is the audit message text filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTypes is used to filter by runtime audit attack type.\n", + "in": "query", + "name": "attackType", + "schema": { + "description": "AttackTypes is used to filter by runtime audit attack type.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Aggregate indicates whether the result audits should be aggregated according to the Select field.\n", + "in": "query", + "name": "aggregate", + "schema": { + "type": "boolean" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.RuntimeAudit" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorRuntimeServerless" + }, + "operationId": "get-audits-runtime-serverless", + "summary": "Get Runtime Serverless Audit Events" + } + }, + "/api/v33.03/audits/runtime/serverless/download": { + "get": { + "description": { + "$ref": "desc/audits/runtime_serverless_download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "IDs are the audit IDs to filter.\n", + "in": "query", + "name": "id", + "schema": { + "description": "IDs are the audit IDs to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ProfileIDs are the profile IDs to filter.\n", + "in": "query", + "name": "profileID", + "schema": { + "description": "ProfileIDs are the profile IDs to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Time is used to filter by audit time.\n", + "in": "query", + "name": "time", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "ImageNames is the image name filter.\n", + "in": "query", + "name": "imageName", + "schema": { + "description": "ImageNames is the image name filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Containers is the container name filter.\n", + "in": "query", + "name": "container", + "schema": { + "description": "Containers is the container name filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ContainerID is used to filter by container ID.\n", + "in": "query", + "name": "containerID", + "schema": { + "description": "ContainerID is used to filter by container ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RuleNames is used to filter by rule name.\n", + "in": "query", + "name": "ruleName", + "schema": { + "description": "RuleNames is used to filter by rule name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Types is used to filter by runtime audit type.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Types is used to filter by runtime audit type.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Effect is used to filter by runtime audit effect (e.g., block/alert).\n", + "in": "query", + "name": "effect", + "schema": { + "description": "Effect is used to filter by runtime audit effect (e.g., block/alert).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Users is used to filter by host users.\n", + "in": "query", + "name": "user", + "schema": { + "description": "Users is used to filter by host users.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OS is the image OS distro filter.\n", + "in": "query", + "name": "os", + "schema": { + "description": "OS is the image OS distro filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces is the namespaces filter.\n", + "in": "query", + "name": "namespace", + "schema": { + "description": "Namespaces is the namespaces filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Fields is used to fetch specific runtime audit fields.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "Fields is used to fetch specific runtime audit fields.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Clusters is the cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Clusters is the cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTypes is used to filter by runtime audit attack type.\n", + "in": "query", + "name": "attackType", + "schema": { + "description": "AttackTypes is used to filter by runtime audit attack type.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hostname is the hostname filter.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hostname is the hostname filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Message is the audit message text filter.\n", + "in": "query", + "name": "msg", + "schema": { + "description": "Message is the audit message text filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Interactive is the audit interactive filter.\n", + "in": "query", + "name": "interactive", + "schema": { + "description": "Interactive is the audit interactive filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Function is used to filter by function name.\n", + "in": "query", + "name": "function", + "schema": { + "description": "Function is used to filter by function name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Runtime is used to filter by runtime.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Runtime is used to filter by runtime.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "App is the name constraint of the service that triggered the audit.\n", + "in": "query", + "name": "app", + "schema": { + "description": "App is the name constraint of the service that triggered the audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ProcessPath is the path constraint of the process that triggered the audit.\n", + "in": "query", + "name": "processPath", + "schema": { + "description": "ProcessPath is the path constraint of the process that triggered the audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestID is used to filter by request ID.\n", + "in": "query", + "name": "requestID", + "schema": { + "description": "RequestID is used to filter by request ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "FunctionID is used to filter by function ID.\n", + "in": "query", + "name": "functionID", + "schema": { + "description": "FunctionID is used to filter by function ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Aggregate indicates whether the result audits should be aggregated according to the Select field.\n", + "in": "query", + "name": "aggregate", + "schema": { + "type": "boolean" + } + }, + { + "description": "AppID is used to filter by embedded app or Fargate task that triggered the audit.\n", + "in": "query", + "name": "appID", + "schema": { + "description": "AppID is used to filter by embedded app or Fargate task that triggered the audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorRuntimeServerless" + }, + "operationId": "get-audits-runtime-serverless-download", + "summary": "Download Serverless Audit Events" + } + }, + "/api/v33.03/audits/runtime/serverless/timeslice": { + "get": { + "description": { + "$ref": "desc/audits/runtime_serverless_timeslice_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "IDs are the audit IDs to filter.\n", + "in": "query", + "name": "id", + "schema": { + "description": "IDs are the audit IDs to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ProfileIDs are the profile IDs to filter.\n", + "in": "query", + "name": "profileID", + "schema": { + "description": "ProfileIDs are the profile IDs to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Time is used to filter by audit time.\n", + "in": "query", + "name": "time", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "ImageNames is the image name filter.\n", + "in": "query", + "name": "imageName", + "schema": { + "description": "ImageNames is the image name filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Containers is the container name filter.\n", + "in": "query", + "name": "container", + "schema": { + "description": "Containers is the container name filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ContainerID is used to filter by container ID.\n", + "in": "query", + "name": "containerID", + "schema": { + "description": "ContainerID is used to filter by container ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RuleNames is used to filter by rule name.\n", + "in": "query", + "name": "ruleName", + "schema": { + "description": "RuleNames is used to filter by rule name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Types is used to filter by runtime audit type.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Types is used to filter by runtime audit type.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Effect is used to filter by runtime audit effect (e.g., block/alert).\n", + "in": "query", + "name": "effect", + "schema": { + "description": "Effect is used to filter by runtime audit effect (e.g., block/alert).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Users is used to filter by host users.\n", + "in": "query", + "name": "user", + "schema": { + "description": "Users is used to filter by host users.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OS is the image OS distro filter.\n", + "in": "query", + "name": "os", + "schema": { + "description": "OS is the image OS distro filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces is the namespaces filter.\n", + "in": "query", + "name": "namespace", + "schema": { + "description": "Namespaces is the namespaces filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Fields is used to fetch specific runtime audit fields.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "Fields is used to fetch specific runtime audit fields.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Clusters is the cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Clusters is the cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTypes is used to filter by runtime audit attack type.\n", + "in": "query", + "name": "attackType", + "schema": { + "description": "AttackTypes is used to filter by runtime audit attack type.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hostname is the hostname filter.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hostname is the hostname filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Message is the audit message text filter.\n", + "in": "query", + "name": "msg", + "schema": { + "description": "Message is the audit message text filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Interactive is the audit interactive filter.\n", + "in": "query", + "name": "interactive", + "schema": { + "description": "Interactive is the audit interactive filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Function is used to filter by function name.\n", + "in": "query", + "name": "function", + "schema": { + "description": "Function is used to filter by function name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Runtime is used to filter by runtime.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Runtime is used to filter by runtime.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "App is the name constraint of the service that triggered the audit.\n", + "in": "query", + "name": "app", + "schema": { + "description": "App is the name constraint of the service that triggered the audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ProcessPath is the path constraint of the process that triggered the audit.\n", + "in": "query", + "name": "processPath", + "schema": { + "description": "ProcessPath is the path constraint of the process that triggered the audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestID is used to filter by request ID.\n", + "in": "query", + "name": "requestID", + "schema": { + "description": "RequestID is used to filter by request ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "FunctionID is used to filter by function ID.\n", + "in": "query", + "name": "functionID", + "schema": { + "description": "FunctionID is used to filter by function ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Aggregate indicates whether the result audits should be aggregated according to the Select field.\n", + "in": "query", + "name": "aggregate", + "schema": { + "type": "boolean" + } + }, + { + "description": "AppID is used to filter by embedded app or Fargate task that triggered the audit.\n", + "in": "query", + "name": "appID", + "schema": { + "description": "AppID is used to filter by embedded app or Fargate task that triggered the audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Buckets is the number of buckets to return.\n", + "in": "query", + "name": "buckets", + "schema": { + "type": "integer" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_types.AuditTimeslice" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorRuntimeServerless" + }, + "operationId": "get-audits-runtime-serverless-timeslice", + "summary": "Get Runtime Serverless Audit Events for a Timeframe" + } + }, + "/api/v33.03/audits/trust": { + "get": { + "description": { + "$ref": "desc/audits/trust_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "RuleNames is used to filter by rulename.\n", + "in": "query", + "name": "ruleName", + "schema": { + "description": "RuleNames is used to filter by rulename.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Effect is used to filter by runtime audit effect (block/alert).\n", + "in": "query", + "name": "effect", + "schema": { + "description": "Effect is used to filter by runtime audit effect (block/alert).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "IDs is used to filter by registry/repo.\n", + "in": "query", + "name": "_id", + "schema": { + "description": "IDs is used to filter by registry/repo.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.TrustAudits" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages" + }, + "operationId": "get-audits-trust", + "summary": "Get Trust Audit Events" + } + }, + "/api/v33.03/audits/trust/download": { + "get": { + "description": { + "$ref": "desc/audits/trust_download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "RuleNames is used to filter by rulename.\n", + "in": "query", + "name": "ruleName", + "schema": { + "description": "RuleNames is used to filter by rulename.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Effect is used to filter by runtime audit effect (block/alert).\n", + "in": "query", + "name": "effect", + "schema": { + "description": "Effect is used to filter by runtime audit effect (block/alert).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "IDs is used to filter by registry/repo.\n", + "in": "query", + "name": "_id", + "schema": { + "description": "IDs is used to filter by registry/repo.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages" + }, + "operationId": "get-audits-trust-download", + "summary": "Download Trust Audit Events" + } + }, + "/api/v33.03/authenticate": { + "post": { + "description": { + "$ref": "desc/authenticate/post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/api.AuthenticationRequest" + } + } + } + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/api.AuthenticationResponse" + } + } + }, + "description": "AuthenticationResponse returns the result of calling the authentication endpoint" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Authenticate" + ], + "x-prisma-cloud-target-env": { + "permission": "none" + }, + "operationId": "post-authenticate", + "summary": "Get User Authentication Access Token" + } + }, + "/api/v33.03/cloud/discovery": { + "get": { + "description": { + "$ref": "desc/cloud/discovery_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Provider is the provider filter.\n", + "in": "query", + "name": "provider", + "schema": { + "description": "Provider is the provider filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "CredentialID is the account filter.\n", + "in": "query", + "name": "credentialID", + "schema": { + "description": "CredentialID is the account filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ServiceType is the service type filter.\n", + "in": "query", + "name": "serviceType", + "schema": { + "description": "ServiceType is the service type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Registry is the registry filter.\n", + "in": "query", + "name": "registry", + "schema": { + "description": "Registry is the registry filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AccountName is the account name filter.\n", + "in": "query", + "name": "accountName", + "schema": { + "description": "AccountName is the account name filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Agentless is the agentless filter.\n", + "in": "query", + "name": "agentless", + "schema": { + "type": "boolean" + } + }, + { + "description": "Zone is the zone filter.\n", + "in": "query", + "name": "zone", + "schema": { + "description": "Zone is the zone filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.CloudDiscoveryResult" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Cloud" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorCloud" + }, + "operationId": "get-cloud-discovery", + "summary": "Get Cloud Discovery Scan Results" + } + }, + "/api/v33.03/cloud/discovery/download": { + "get": { + "description": { + "$ref": "desc/cloud/discovery_download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Provider is the provider filter.\n", + "in": "query", + "name": "provider", + "schema": { + "description": "Provider is the provider filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "CredentialID is the account filter.\n", + "in": "query", + "name": "credentialID", + "schema": { + "description": "CredentialID is the account filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ServiceType is the service type filter.\n", + "in": "query", + "name": "serviceType", + "schema": { + "description": "ServiceType is the service type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Registry is the registry filter.\n", + "in": "query", + "name": "registry", + "schema": { + "description": "Registry is the registry filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AccountName is the account name filter.\n", + "in": "query", + "name": "accountName", + "schema": { + "description": "AccountName is the account name filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Agentless is the agentless filter.\n", + "in": "query", + "name": "agentless", + "schema": { + "type": "boolean" + } + }, + { + "description": "Zone is the zone filter.\n", + "in": "query", + "name": "zone", + "schema": { + "description": "Zone is the zone filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Cloud" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorCloud" + }, + "operationId": "get-cloud-discovery-download", + "summary": "Download Cloud Discovery Scan Results" + } + }, + "/api/v33.03/cloud/discovery/entities": { + "get": { + "description": { + "$ref": "desc/cloud/discovery_entities_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "CredentialID is the account filter.\n", + "in": "query", + "name": "credentialID", + "schema": { + "description": "CredentialID is the account filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ServiceType is the service type filter.\n", + "in": "query", + "name": "serviceType", + "schema": { + "description": "ServiceType is the service type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Registry is the registry filter.\n", + "in": "query", + "name": "registry", + "schema": { + "description": "Registry is the registry filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Zone is the zone filter.\n", + "in": "query", + "name": "zone", + "schema": { + "description": "Zone is the zone filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Defended is the defended filter.\n", + "in": "query", + "name": "defended", + "schema": { + "type": "boolean" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.CloudDiscoveryEntity" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Cloud" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorCloud" + }, + "operationId": "get-cloud-discovery-entities", + "summary": "Get Discovered Cloud Entities" + } + }, + "/api/v33.03/cloud/discovery/scan": { + "post": { + "description": { + "$ref": "desc/cloud/discovery_scan_post.md" + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Cloud" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorCloud" + }, + "operationId": "post-cloud-discovery-scan", + "summary": "Start a Cloud Discovery Scan" + } + }, + "/api/v33.03/cloud/discovery/stop": { + "post": { + "description": { + "$ref": "desc/cloud/discovery_stop_post.md" + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Cloud" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorCloud" + }, + "operationId": "post-cloud-discovery-stop", + "summary": "Stop a Cloud Discovery Scan" + } + }, + "/api/v33.03/cloud/discovery/vms": { + "get": { + "description": { + "$ref": "desc/cloud/discovery_vms_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Provider is the provider filter.\n", + "in": "query", + "name": "provider", + "schema": { + "description": "Provider is the provider filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Region is the region filter.\n", + "in": "query", + "name": "region", + "schema": { + "description": "Region is the region filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "HasDefender indicates only VMs with or without a defender should return.\n", + "in": "query", + "name": "hasDefender", + "schema": { + "type": "boolean" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_types.DiscoveredVM" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Cloud" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorCloud" + }, + "operationId": "get-cloud-discovery-vms", + "summary": "Get Discovered VMs" + } + }, + "/api/v33.03/coderepos-ci/evaluate": { + "post": { + "description": { + "$ref": "desc/coderepos-ci/post_resolve.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/coderepos.ScanResult" + } + } + } + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/coderepos.ScanResult" + } + } + }, + "description": "ScanResult holds a specific repository data" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Coderepos-Ci" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorCI" + }, + "operationId": "post-coderepos-ci-evaluate", + "summary": "Resolve Code Repos" + } + }, + "/api/v33.03/collections": { + "get": { + "description": { + "$ref": "desc/collections/get.md" + }, + "parameters": [ + { + "description": "ExcludePrisma indicates to exclude Prisma collections.\n", + "in": "query", + "name": "excludePrisma", + "schema": { + "type": "boolean" + } + }, + { + "description": "Prisma filters the collections originates from Prisma Cloud.\n", + "in": "query", + "name": "prisma", + "schema": { + "type": "boolean" + } + }, + { + "description": "System.\n", + "in": "query", + "name": "system", + "schema": { + "type": "boolean" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_collection.Collection" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Collections" + ], + "x-prisma-cloud-target-env": { + "permission": "collections" + }, + "operationId": "get-collections", + "summary": "Get Collections" + }, + "post": { + "description": { + "$ref": "desc/collections/post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/collection.Collection" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Collections" + ], + "x-prisma-cloud-target-env": { + "permission": "collections" + }, + "operationId": "post-collections", + "summary": "Add a New Collection" + } + }, + "/api/v33.03/collections/{id}": { + "delete": { + "description": { + "$ref": "desc/collections/name_delete.md" + }, + "parameters": [ + { + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Collections" + ], + "x-prisma-cloud-target-env": { + "permission": "collections" + }, + "operationId": "delete-collections-id", + "summary": "Delete an Existing Collection" + }, + "put": { + "description": { + "$ref": "desc/collections/name_put.md" + }, + "parameters": [ + { + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/collection.Collection" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Collections" + ], + "x-prisma-cloud-target-env": { + "permission": "collections" + }, + "operationId": "put-collections-id", + "summary": "Update an Existing Collection" + } + }, + "/api/v33.03/collections/{id}/usages": { + "get": { + "description": { + "$ref": "desc/collections/name_usages_get.md" + }, + "parameters": [ + { + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_collection.Usage" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Collections" + ], + "x-prisma-cloud-target-env": { + "permission": "collections" + }, + "operationId": "get-collections-id-usages", + "summary": "Get Policies for a Collection" + } + }, + "/api/v33.03/containers": { + "get": { + "description": { + "$ref": "desc/containers/get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Hosts is used to filter containers by host.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hosts is used to filter containers by host.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Images is used to filter containers by image name.\n", + "in": "query", + "name": "image", + "schema": { + "description": "Images is used to filter containers by image name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ImageIDs is used to filter containers by image ids.\n", + "in": "query", + "name": "imageId", + "schema": { + "description": "ImageIDs is used to filter containers by image ids.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "IDs is used to filter container by container ID.\n", + "in": "query", + "name": "id", + "schema": { + "description": "IDs is used to filter container by container ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ProfileIDs is used to filter container by runtime profile ID.\n", + "in": "query", + "name": "profileId", + "schema": { + "description": "ProfileIDs is used to filter container by runtime profile ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces are the namespaces to filter.\n", + "in": "query", + "name": "namespaces", + "schema": { + "description": "Namespaces are the namespaces to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Fields are used to fetch specific container field.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "Fields are used to fetch specific container field.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "FirewallSupported is used to fetch containers with app firewall supported.\n", + "in": "query", + "name": "firewallSupported", + "schema": { + "type": "boolean" + } + }, + { + "description": "Clusters is used to filter containers by cluster name.\n", + "in": "query", + "name": "clusters", + "schema": { + "description": "Clusters is used to filter containers by cluster name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ComplianceIDs is used to filter containers by compliance IDs.\n", + "in": "query", + "name": "complianceIDs", + "schema": { + "description": "ComplianceIDs is used to filter containers by compliance IDs.\n", + "items": { + "$ref": "#/components/schemas/int" + }, + "type": "array" + } + }, + { + "description": "ComplianceRuleName is used to filter containers by applied compliance rule name.\n", + "in": "query", + "name": "complianceRuleName", + "schema": { + "type": "string" + } + }, + { + "description": "Agentless indicates that we should return only containers that were scanned by an agentless scanner.\n", + "in": "query", + "name": "agentless", + "schema": { + "type": "boolean" + } + }, + { + "description": "CSA indicates that we should return only containers that were scanned by CSA.\n", + "in": "query", + "name": "csa", + "schema": { + "type": "boolean" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.ContainerScanResult" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Containers" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages" + }, + "operationId": "get-containers", + "summary": "Get Container Scan Results" + } + }, + "/api/v33.03/containers/count": { + "get": { + "description": { + "$ref": "desc/containers/count_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Hosts is used to filter containers by host.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hosts is used to filter containers by host.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Images is used to filter containers by image name.\n", + "in": "query", + "name": "image", + "schema": { + "description": "Images is used to filter containers by image name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ImageIDs is used to filter containers by image ids.\n", + "in": "query", + "name": "imageId", + "schema": { + "description": "ImageIDs is used to filter containers by image ids.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "IDs is used to filter container by container ID.\n", + "in": "query", + "name": "id", + "schema": { + "description": "IDs is used to filter container by container ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ProfileIDs is used to filter container by runtime profile ID.\n", + "in": "query", + "name": "profileId", + "schema": { + "description": "ProfileIDs is used to filter container by runtime profile ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces are the namespaces to filter.\n", + "in": "query", + "name": "namespaces", + "schema": { + "description": "Namespaces are the namespaces to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Fields are used to fetch specific container field.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "Fields are used to fetch specific container field.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "FirewallSupported is used to fetch containers with app firewall supported.\n", + "in": "query", + "name": "firewallSupported", + "schema": { + "type": "boolean" + } + }, + { + "description": "Clusters is used to filter containers by cluster name.\n", + "in": "query", + "name": "clusters", + "schema": { + "description": "Clusters is used to filter containers by cluster name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ComplianceIDs is used to filter containers by compliance IDs.\n", + "in": "query", + "name": "complianceIDs", + "schema": { + "description": "ComplianceIDs is used to filter containers by compliance IDs.\n", + "items": { + "$ref": "#/components/schemas/int" + }, + "type": "array" + } + }, + { + "description": "ComplianceRuleName is used to filter containers by applied compliance rule name.\n", + "in": "query", + "name": "complianceRuleName", + "schema": { + "type": "string" + } + }, + { + "description": "Agentless indicates that we should return only containers that were scanned by an agentless scanner.\n", + "in": "query", + "name": "agentless", + "schema": { + "type": "boolean" + } + }, + { + "description": "CSA indicates that we should return only containers that were scanned by CSA.\n", + "in": "query", + "name": "csa", + "schema": { + "type": "boolean" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/int" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Containers" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages" + }, + "operationId": "get-containers-count", + "summary": "Get Containers Count" + } + }, + "/api/v33.03/containers/download": { + "get": { + "description": { + "$ref": "desc/containers/download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Hosts is used to filter containers by host.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hosts is used to filter containers by host.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Images is used to filter containers by image name.\n", + "in": "query", + "name": "image", + "schema": { + "description": "Images is used to filter containers by image name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ImageIDs is used to filter containers by image ids.\n", + "in": "query", + "name": "imageId", + "schema": { + "description": "ImageIDs is used to filter containers by image ids.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "IDs is used to filter container by container ID.\n", + "in": "query", + "name": "id", + "schema": { + "description": "IDs is used to filter container by container ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ProfileIDs is used to filter container by runtime profile ID.\n", + "in": "query", + "name": "profileId", + "schema": { + "description": "ProfileIDs is used to filter container by runtime profile ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces are the namespaces to filter.\n", + "in": "query", + "name": "namespaces", + "schema": { + "description": "Namespaces are the namespaces to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Fields are used to fetch specific container field.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "Fields are used to fetch specific container field.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "FirewallSupported is used to fetch containers with app firewall supported.\n", + "in": "query", + "name": "firewallSupported", + "schema": { + "type": "boolean" + } + }, + { + "description": "Clusters is used to filter containers by cluster name.\n", + "in": "query", + "name": "clusters", + "schema": { + "description": "Clusters is used to filter containers by cluster name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ComplianceIDs is used to filter containers by compliance IDs.\n", + "in": "query", + "name": "complianceIDs", + "schema": { + "description": "ComplianceIDs is used to filter containers by compliance IDs.\n", + "items": { + "$ref": "#/components/schemas/int" + }, + "type": "array" + } + }, + { + "description": "ComplianceRuleName is used to filter containers by applied compliance rule name.\n", + "in": "query", + "name": "complianceRuleName", + "schema": { + "type": "string" + } + }, + { + "description": "Agentless indicates that we should return only containers that were scanned by an agentless scanner.\n", + "in": "query", + "name": "agentless", + "schema": { + "type": "boolean" + } + }, + { + "description": "CSA indicates that we should return only containers that were scanned by CSA.\n", + "in": "query", + "name": "csa", + "schema": { + "type": "boolean" + } + }, + { + "description": "When set to true, an additional field \"Labels\" is included for each container in the output CSV/JSON file.\nThis field will provide a concatenated list of all the labels for the respective container in the format:\nkey1:value1,key2:value2,...,keyN:valueN. The default value for this parameter is \"false\".\n", + "in": "query", + "name": "includeLabels", + "schema": { + "type": "boolean" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Containers" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages" + }, + "operationId": "get-containers-download", + "summary": "Download Container Scan Results" + } + }, + "/api/v33.03/containers/names": { + "get": { + "description": { + "$ref": "desc/containers/names_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Hosts is used to filter containers by host.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hosts is used to filter containers by host.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Images is used to filter containers by image name.\n", + "in": "query", + "name": "image", + "schema": { + "description": "Images is used to filter containers by image name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ImageIDs is used to filter containers by image ids.\n", + "in": "query", + "name": "imageId", + "schema": { + "description": "ImageIDs is used to filter containers by image ids.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "IDs is used to filter container by container ID.\n", + "in": "query", + "name": "id", + "schema": { + "description": "IDs is used to filter container by container ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ProfileIDs is used to filter container by runtime profile ID.\n", + "in": "query", + "name": "profileId", + "schema": { + "description": "ProfileIDs is used to filter container by runtime profile ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces are the namespaces to filter.\n", + "in": "query", + "name": "namespaces", + "schema": { + "description": "Namespaces are the namespaces to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Fields are used to fetch specific container field.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "Fields are used to fetch specific container field.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "FirewallSupported is used to fetch containers with app firewall supported.\n", + "in": "query", + "name": "firewallSupported", + "schema": { + "type": "boolean" + } + }, + { + "description": "Clusters is used to filter containers by cluster name.\n", + "in": "query", + "name": "clusters", + "schema": { + "description": "Clusters is used to filter containers by cluster name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ComplianceIDs is used to filter containers by compliance IDs.\n", + "in": "query", + "name": "complianceIDs", + "schema": { + "description": "ComplianceIDs is used to filter containers by compliance IDs.\n", + "items": { + "$ref": "#/components/schemas/int" + }, + "type": "array" + } + }, + { + "description": "ComplianceRuleName is used to filter containers by applied compliance rule name.\n", + "in": "query", + "name": "complianceRuleName", + "schema": { + "type": "string" + } + }, + { + "description": "Agentless indicates that we should return only containers that were scanned by an agentless scanner.\n", + "in": "query", + "name": "agentless", + "schema": { + "type": "boolean" + } + }, + { + "description": "CSA indicates that we should return only containers that were scanned by CSA.\n", + "in": "query", + "name": "csa", + "schema": { + "type": "boolean" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_string" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Containers" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages" + }, + "operationId": "get-containers-names", + "summary": "Get Container Names" + } + }, + "/api/v33.03/containers/scan": { + "post": { + "description": { + "$ref": "desc/containers/scan_post.md" + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Containers" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages" + }, + "operationId": "post-containers-scan", + "summary": "Start a Container Scan" + } + }, + "/api/v33.03/credentials": { + "get": { + "description": { + "$ref": "desc/credentials/get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "IDs are the credential IDs to filter.\n", + "in": "query", + "name": "ids", + "schema": { + "description": "IDs are the credential IDs to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Cloud indicates whether to fetch cloud credentials (AWS/GCP/OCI/Azure) or other types of credentials.\n", + "in": "query", + "name": "cloud", + "schema": { + "type": "boolean" + } + }, + { + "description": "External indicates whether to fetch credentials imported from Prisma.\n", + "in": "query", + "name": "external", + "schema": { + "type": "boolean" + } + }, + { + "description": "AutoImported indicates whether to fetch credentials imported from Prisma automatically.\n", + "in": "query", + "name": "autoImported", + "schema": { + "type": "boolean" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_cred.Credential" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Credentials" + ], + "x-prisma-cloud-target-env": { + "permission": "manageCreds" + }, + "operationId": "get-credentials", + "summary": "Get All Credentials" + }, + "post": { + "description": { + "$ref": "desc/credentials/post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/cred.Credential" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Credentials" + ], + "x-prisma-cloud-target-env": { + "permission": "manageCreds" + }, + "operationId": "post-credentials", + "summary": "Add Credentials" + } + }, + "/api/v33.03/credentials/{id}": { + "delete": { + "description": { + "$ref": "desc/credentials/id_delete.md" + }, + "parameters": [ + { + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Credentials" + ], + "x-prisma-cloud-target-env": { + "permission": "manageCreds" + }, + "operationId": "delete-credentials-id", + "summary": "Delete a Credential" + } + }, + "/api/v33.03/credentials/{id}/usages": { + "get": { + "description": { + "$ref": "desc/credentials/id_usages_get.md" + }, + "parameters": [ + { + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_types.CredentialUsage" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Credentials" + ], + "x-prisma-cloud-target-env": { + "permission": "manageCreds" + }, + "operationId": "get-credentials-id-usages", + "summary": "Get Credential Usages" + } + }, + "/api/v33.03/current/collections": { + "get": { + "description": { + "$ref": "desc/current/collections_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_types.UserCollection" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Current" + ], + "x-prisma-cloud-target-env": { + "permission": "accessUI" + }, + "operationId": "get-current-collections", + "summary": "User Collections" + } + }, + "/api/v33.03/custom-compliance": { + "get": { + "description": { + "$ref": "desc/custom-compliance/get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.CustomComplianceCheck" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Custom-Compliance" + ], + "x-prisma-cloud-target-env": { + "permission": "policyComplianceCustomRules" + }, + "operationId": "get-custom-compliance", + "summary": "Get Custom Compliance Checks" + }, + "put": { + "description": { + "$ref": "desc/custom-compliance/put.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.CustomComplianceCheck" + } + } + } + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.CustomComplianceCheck" + } + } + }, + "description": "CustomComplianceCheck represents a custom compliance check entry" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Custom-Compliance" + ], + "x-prisma-cloud-target-env": { + "permission": "policyComplianceCustomRules" + }, + "operationId": "put-custom-compliance", + "summary": "Update Custom Compliance Checks" + } + }, + "/api/v33.03/custom-compliance/{id}": { + "delete": { + "description": { + "$ref": "desc/custom-compliance/id_delete.md" + }, + "parameters": [ + { + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Custom-Compliance" + ], + "x-prisma-cloud-target-env": { + "permission": "policyComplianceCustomRules" + }, + "operationId": "delete-custom-compliance-id", + "summary": "Delete a Custom Compliance Check" + } + }, + "/api/v33.03/custom-rules": { + "get": { + "description": { + "$ref": "desc/custom-rules/get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_customrules.Rule" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Custom-Rules" + ], + "x-prisma-cloud-target-env": { + "permission": "policyCustomRules" + }, + "operationId": "get-custom-rules", + "summary": "Get Custom Rules" + } + }, + "/api/v33.03/custom-rules/{id}": { + "delete": { + "description": { + "$ref": "desc/custom-rules/id_delete.md" + }, + "parameters": [ + { + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Custom-Rules" + ], + "x-prisma-cloud-target-env": { + "permission": "policyCustomRules" + }, + "operationId": "delete-custom-rules-id", + "summary": "Delete a Custom Rule" + }, + "put": { + "description": { + "$ref": "desc/custom-rules/id_put.md" + }, + "parameters": [ + { + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/customrules.Rule" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Custom-Rules" + ], + "x-prisma-cloud-target-env": { + "permission": "policyCustomRules" + }, + "operationId": "put-custom-rules-id", + "summary": "Update a Custom Rule" + } + }, + "/api/v33.03/defenders": { + "get": { + "description": { + "$ref": "desc/defenders/get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Hostname is a name of a specific Defender to retrieve.\n", + "in": "query", + "name": "hostname", + "schema": { + "type": "string" + } + }, + { + "description": "Roles are the defender api.Roles to filter.\n", + "in": "query", + "name": "role", + "schema": { + "description": "Roles are the defender api.Roles to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Indicates whether to return only connected Defenders (true) or disconnected Defenders (false).\n", + "in": "query", + "name": "connected", + "schema": { + "type": "boolean" + } + }, + { + "description": "Indicates the Defender types to return (e.g., docker, dockerWindows, cri, etc).\n", + "in": "query", + "name": "type", + "schema": { + "description": "Indicates the Defender types to return (e.g., docker, dockerWindows, cri, etc).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Indicates whether to return a list of Defenders that are running the latest version of Prisma Cloud (true)\nor defenders with older versions (false).\n", + "in": "query", + "name": "latest", + "schema": { + "type": "boolean" + } + }, + { + "description": "SupportedVersion indicates only Defenders of supported versions should be fetched.\n", + "in": "query", + "name": "supportedVersion", + "schema": { + "type": "boolean" + } + }, + { + "description": "Scopes the query by cluster name.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Scopes the query by cluster name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by TAS cluster IDs.\n", + "in": "query", + "name": "tasClusterIDs", + "schema": { + "description": "Scopes the query by TAS cluster IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by TAS blobstore scanning only Defenders (true) or TAS full coverage Defenders (false).\n", + "in": "query", + "name": "tasBlobstoreScanner", + "schema": { + "type": "boolean" + } + }, + { + "description": "Scopes the query by TAS foundations.\n", + "in": "query", + "name": "tasFoundations", + "schema": { + "description": "Scopes the query by TAS foundations.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query to defenders which are using old certificate.\n", + "in": "query", + "name": "usingOldCA", + "schema": { + "type": "boolean" + } + }, + { + "description": "Scopes the query to defenders which are using expired certificate.\n", + "in": "query", + "name": "usingExpiredCA", + "schema": { + "type": "boolean" + } + }, + { + "description": "Scopes the query by provider type\nIndicates whether to return only defenders running on ARM64 architecture.\n", + "in": "query", + "name": "isARM64", + "schema": { + "type": "boolean" + } + }, + { + "description": "Indicates whether to return only defenders running as VPC Observer.\n", + "in": "query", + "name": "isVPCObserver", + "schema": { + "type": "boolean" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_defender.Defender" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Defenders" + ], + "x-prisma-cloud-target-env": { + "permission": "manageDefenders" + }, + "operationId": "get-defenders", + "summary": "Get Deployed Defenders" + } + }, + "/api/v33.03/defenders/app-embedded": { + "post": { + "description": { + "$ref": "desc/defenders/app_embedded_post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.AppEmbeddedEmbedRequest" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Defenders" + ], + "x-prisma-cloud-target-env": { + "permission": "manageDefenders" + }, + "operationId": "post-defenders-app-embedded", + "summary": "Generate a Docker File for App-embedded Defender" + } + }, + "/api/v33.03/defenders/daemonset.yaml": { + "post": { + "description": { + "$ref": "desc/defenders/daemonset_yaml_post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/common.DaemonSetOptions" + } + } + } + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_uint8" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Defenders" + ], + "x-prisma-cloud-target-env": { + "permission": "manageDefenders" + }, + "operationId": "post-defenders-daemonset.yaml", + "summary": "Generate Daemonset Deployment YAML File" + } + }, + "/api/v33.03/defenders/download": { + "get": { + "description": { + "$ref": "desc/defenders/download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Hostname is a name of a specific Defender to retrieve.\n", + "in": "query", + "name": "hostname", + "schema": { + "type": "string" + } + }, + { + "description": "Roles are the defender api.Roles to filter.\n", + "in": "query", + "name": "role", + "schema": { + "description": "Roles are the defender api.Roles to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Indicates whether to return only connected Defenders (true) or disconnected Defenders (false).\n", + "in": "query", + "name": "connected", + "schema": { + "type": "boolean" + } + }, + { + "description": "Indicates the Defender types to return (e.g., docker, dockerWindows, cri, etc).\n", + "in": "query", + "name": "type", + "schema": { + "description": "Indicates the Defender types to return (e.g., docker, dockerWindows, cri, etc).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Indicates whether to return a list of Defenders that are running the latest version of Prisma Cloud (true)\nor defenders with older versions (false).\n", + "in": "query", + "name": "latest", + "schema": { + "type": "boolean" + } + }, + { + "description": "SupportedVersion indicates only Defenders of supported versions should be fetched.\n", + "in": "query", + "name": "supportedVersion", + "schema": { + "type": "boolean" + } + }, + { + "description": "Scopes the query by cluster name.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Scopes the query by cluster name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by TAS cluster IDs.\n", + "in": "query", + "name": "tasClusterIDs", + "schema": { + "description": "Scopes the query by TAS cluster IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by TAS blobstore scanning only Defenders (true) or TAS full coverage Defenders (false).\n", + "in": "query", + "name": "tasBlobstoreScanner", + "schema": { + "type": "boolean" + } + }, + { + "description": "Scopes the query by TAS foundations.\n", + "in": "query", + "name": "tasFoundations", + "schema": { + "description": "Scopes the query by TAS foundations.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query to defenders which are using old certificate.\n", + "in": "query", + "name": "usingOldCA", + "schema": { + "type": "boolean" + } + }, + { + "description": "Scopes the query to defenders which are using expired certificate.\n", + "in": "query", + "name": "usingExpiredCA", + "schema": { + "type": "boolean" + } + }, + { + "description": "Scopes the query by provider type\nIndicates whether to return only defenders running on ARM64 architecture.\n", + "in": "query", + "name": "isARM64", + "schema": { + "type": "boolean" + } + }, + { + "description": "Indicates whether to return only defenders running as VPC Observer.\n", + "in": "query", + "name": "isVPCObserver", + "schema": { + "type": "boolean" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Defenders" + ], + "x-prisma-cloud-target-env": { + "permission": "manageDefenders" + }, + "operationId": "get-defenders-download", + "summary": "Download Deployed Defenders" + } + }, + "/api/v33.03/defenders/fargate.json": { + "post": { + "description": { + "$ref": "desc/defenders/fargate_json_post.md" + }, + "parameters": [ + { + "description": "ConsoleAddr is the remote console address.\n", + "in": "query", + "name": "consoleaddr", + "schema": { + "type": "string" + } + }, + { + "description": "DefenderType is the type of the defender to create the install bundle for.\n", + "in": "query", + "name": "defenderType", + "schema": { + "description": "Type is the type to be given at startup", + "enum": [ + [ + "none", + "docker", + "dockerWindows", + "containerdWindows", + "swarm", + "daemonset", + "serverLinux", + "serverWindows", + "cri", + "fargate", + "appEmbedded", + "tas", + "tasWindows", + "serverless", + "ecs", + "podman" + ] + ], + "type": "string" + } + }, + { + "description": "Interpreter is a custom interpreter set by the user to run the fargate defender entrypoint script.\n", + "in": "query", + "name": "interpreter", + "schema": { + "type": "string" + } + }, + { + "description": "CloudFormation indicates if the given fargate task definition is in Cloud Formation format.\n", + "in": "query", + "name": "cloudFormation", + "schema": { + "type": "boolean" + } + }, + { + "description": "FilesystemMonitoring is the filesystem monitoring flag.\n", + "in": "query", + "name": "filesystemMonitoring", + "schema": { + "type": "boolean" + } + }, + { + "description": "ExtractEntrypoint indicates if entrypoint will be extracted automatically.\n", + "in": "query", + "name": "extractEntrypoint", + "schema": { + "type": "boolean" + } + }, + { + "description": "RegistryType is the registry type for fetching image details needed to create fargate task definition (e.g., dockerhub).\n", + "in": "query", + "name": "registryType", + "schema": { + "type": "string" + } + }, + { + "description": "RegistryCredentialID of the credentials in the credentials store to use for authenticating with the registry.\n", + "in": "query", + "name": "registryCredentialID", + "schema": { + "type": "string" + } + }, + { + "description": "DefenderImage is the full path to the Defender image, if not specified Prisma's private registry is used.\n", + "in": "query", + "name": "defenderImage", + "schema": { + "type": "string" + } + }, + { + "description": "DefenderImagePullSecret is the name of the secret required to pull the Defender image from private registry.\n", + "in": "query", + "name": "defenderImagePullSecret", + "schema": { + "type": "string" + } + } + ], + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/appembedded.FargateTask" + } + } + } + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/appembedded.FargateTask" + } + } + }, + "description": "FargateTask represents the generic fargate task AWS template" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Defenders" + ], + "x-prisma-cloud-target-env": { + "permission": "manageDefenders" + }, + "operationId": "post-defenders-fargate.json", + "summary": "Generate a Protected JSON Fargate Task Definition" + } + }, + "/api/v33.03/defenders/fargate.yaml": { + "post": { + "description": { + "$ref": "desc/defenders/fargate_yaml_post.md" + }, + "parameters": [ + { + "description": "ConsoleAddr is the remote console address.\n", + "in": "query", + "name": "consoleaddr", + "schema": { + "type": "string" + } + }, + { + "description": "DefenderType is the type of the defender to create the install bundle for.\n", + "in": "query", + "name": "defenderType", + "schema": { + "description": "Type is the type to be given at startup", + "enum": [ + [ + "none", + "docker", + "dockerWindows", + "containerdWindows", + "swarm", + "daemonset", + "serverLinux", + "serverWindows", + "cri", + "fargate", + "appEmbedded", + "tas", + "tasWindows", + "serverless", + "ecs", + "podman" + ] + ], + "type": "string" + } + }, + { + "description": "Interpreter is a custom interpreter set by the user to run the fargate defender entrypoint script.\n", + "in": "query", + "name": "interpreter", + "schema": { + "type": "string" + } + }, + { + "description": "CloudFormation indicates if the given fargate task definition is in Cloud Formation format.\n", + "in": "query", + "name": "cloudFormation", + "schema": { + "type": "boolean" + } + }, + { + "description": "FilesystemMonitoring is the filesystem monitoring flag.\n", + "in": "query", + "name": "filesystemMonitoring", + "schema": { + "type": "boolean" + } + }, + { + "description": "ExtractEntrypoint indicates if entrypoint will be extracted automatically.\n", + "in": "query", + "name": "extractEntrypoint", + "schema": { + "type": "boolean" + } + }, + { + "description": "RegistryType is the registry type for fetching image details needed to create fargate task definition (e.g., dockerhub).\n", + "in": "query", + "name": "registryType", + "schema": { + "type": "string" + } + }, + { + "description": "RegistryCredentialID of the credentials in the credentials store to use for authenticating with the registry.\n", + "in": "query", + "name": "registryCredentialID", + "schema": { + "type": "string" + } + }, + { + "description": "DefenderImage is the full path to the Defender image, if not specified Prisma's private registry is used.\n", + "in": "query", + "name": "defenderImage", + "schema": { + "type": "string" + } + }, + { + "description": "DefenderImagePullSecret is the name of the secret required to pull the Defender image from private registry.\n", + "in": "query", + "name": "defenderImagePullSecret", + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_uint8" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Defenders" + ], + "x-prisma-cloud-target-env": { + "permission": "manageDefenders" + }, + "operationId": "post-defenders-fargate.yaml", + "summary": "Generate a Protected YAML Fargate Task Definition" + } + }, + "/api/v33.03/defenders/helm/twistlock-defender-helm.tar.gz": { + "post": { + "description": { + "$ref": "desc/defenders/helm_post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/common.DaemonSetOptions" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Defenders" + ], + "x-prisma-cloud-target-env": { + "permission": "manageDefenders" + }, + "operationId": "post-defenders-helm-twistlock-defender-helm.tar.gz", + "summary": "Generate a Helm Deployment Chart for Defender" + } + }, + "/api/v33.03/defenders/image-name": { + "get": { + "description": { + "$ref": "desc/defenders/image-name_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/string" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Defenders" + ], + "x-prisma-cloud-target-env": { + "permission": "manageDefenders" + }, + "operationId": "get-defenders-image-name", + "summary": "Get Docker Image Name for Defender" + } + }, + "/api/v33.03/defenders/install-bundle": { + "get": { + "description": { + "$ref": "desc/defenders/install-bundle_get.md" + }, + "parameters": [ + { + "description": "ConsoleAddr is the remote console address.\n", + "in": "query", + "name": "consoleaddr", + "schema": { + "type": "string" + } + }, + { + "description": "DefenderType is the type of the defender to create the install bundle for.\n", + "in": "query", + "name": "defenderType", + "schema": { + "description": "Type is the type to be given at startup", + "enum": [ + [ + "none", + "docker", + "dockerWindows", + "containerdWindows", + "swarm", + "daemonset", + "serverLinux", + "serverWindows", + "cri", + "fargate", + "appEmbedded", + "tas", + "tasWindows", + "serverless", + "ecs", + "podman" + ] + ], + "type": "string" + } + }, + { + "description": "Interpreter is a custom interpreter set by the user to run the fargate defender entrypoint script.\n", + "in": "query", + "name": "interpreter", + "schema": { + "type": "string" + } + }, + { + "description": "CloudFormation indicates if the given fargate task definition is in Cloud Formation format.\n", + "in": "query", + "name": "cloudFormation", + "schema": { + "type": "boolean" + } + }, + { + "description": "FilesystemMonitoring is the filesystem monitoring flag.\n", + "in": "query", + "name": "filesystemMonitoring", + "schema": { + "type": "boolean" + } + }, + { + "description": "ExtractEntrypoint indicates if entrypoint will be extracted automatically.\n", + "in": "query", + "name": "extractEntrypoint", + "schema": { + "type": "boolean" + } + }, + { + "description": "RegistryType is the registry type for fetching image details needed to create fargate task definition (e.g., dockerhub).\n", + "in": "query", + "name": "registryType", + "schema": { + "type": "string" + } + }, + { + "description": "RegistryCredentialID of the credentials in the credentials store to use for authenticating with the registry.\n", + "in": "query", + "name": "registryCredentialID", + "schema": { + "type": "string" + } + }, + { + "description": "DefenderImage is the full path to the Defender image, if not specified Prisma's private registry is used.\n", + "in": "query", + "name": "defenderImage", + "schema": { + "type": "string" + } + }, + { + "description": "DefenderImagePullSecret is the name of the secret required to pull the Defender image from private registry.\n", + "in": "query", + "name": "defenderImagePullSecret", + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.DefenderInstallBundle" + } + } + }, + "description": "DefenderInstallBundle represents the install bundle for the defender" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Defenders" + ], + "x-prisma-cloud-target-env": { + "permission": "manageDefenders" + }, + "operationId": "get-defenders-install-bundle", + "summary": "Get Certificate Bundle for Defender" + } + }, + "/api/v33.03/defenders/names": { + "get": { + "description": { + "$ref": "desc/defenders/names_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Hostname is a name of a specific Defender to retrieve.\n", + "in": "query", + "name": "hostname", + "schema": { + "type": "string" + } + }, + { + "description": "Roles are the defender api.Roles to filter.\n", + "in": "query", + "name": "role", + "schema": { + "description": "Roles are the defender api.Roles to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Indicates whether to return only connected Defenders (true) or disconnected Defenders (false).\n", + "in": "query", + "name": "connected", + "schema": { + "type": "boolean" + } + }, + { + "description": "Indicates the Defender types to return (e.g., docker, dockerWindows, cri, etc).\n", + "in": "query", + "name": "type", + "schema": { + "description": "Indicates the Defender types to return (e.g., docker, dockerWindows, cri, etc).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Indicates whether to return a list of Defenders that are running the latest version of Prisma Cloud (true)\nor defenders with older versions (false).\n", + "in": "query", + "name": "latest", + "schema": { + "type": "boolean" + } + }, + { + "description": "SupportedVersion indicates only Defenders of supported versions should be fetched.\n", + "in": "query", + "name": "supportedVersion", + "schema": { + "type": "boolean" + } + }, + { + "description": "Scopes the query by cluster name.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Scopes the query by cluster name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by TAS cluster IDs.\n", + "in": "query", + "name": "tasClusterIDs", + "schema": { + "description": "Scopes the query by TAS cluster IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by TAS blobstore scanning only Defenders (true) or TAS full coverage Defenders (false).\n", + "in": "query", + "name": "tasBlobstoreScanner", + "schema": { + "type": "boolean" + } + }, + { + "description": "Scopes the query by TAS foundations.\n", + "in": "query", + "name": "tasFoundations", + "schema": { + "description": "Scopes the query by TAS foundations.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query to defenders which are using old certificate.\n", + "in": "query", + "name": "usingOldCA", + "schema": { + "type": "boolean" + } + }, + { + "description": "Scopes the query to defenders which are using expired certificate.\n", + "in": "query", + "name": "usingExpiredCA", + "schema": { + "type": "boolean" + } + }, + { + "description": "Scopes the query by provider type\nIndicates whether to return only defenders running on ARM64 architecture.\n", + "in": "query", + "name": "isARM64", + "schema": { + "type": "boolean" + } + }, + { + "description": "Indicates whether to return only defenders running as VPC Observer.\n", + "in": "query", + "name": "isVPCObserver", + "schema": { + "type": "boolean" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_string" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Defenders" + ], + "x-prisma-cloud-target-env": { + "permission": "manageDefenders" + }, + "operationId": "get-defenders-names", + "summary": "Get Defender Names" + } + }, + "/api/v33.03/defenders/serverless/bundle": { + "post": { + "description": { + "$ref": "desc/defenders/serverless-bundle_post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.ServerlessBundleRequest" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Defenders" + ], + "x-prisma-cloud-target-env": { + "permission": "manageDefenders" + }, + "operationId": "post-defenders-serverless-bundle", + "summary": "Generate Serverless Bundle for Defender" + } + }, + "/api/v33.03/defenders/summary": { + "get": { + "description": { + "$ref": "desc/defenders/summary_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_types.DefenderSummary" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Defenders" + ], + "x-prisma-cloud-target-env": { + "permission": "manageDefenders" + }, + "operationId": "get-defenders-summary", + "summary": "Get Defenders Summary" + } + }, + "/api/v33.03/defenders/tas-cloud-controller-address": { + "get": { + "description": { + "$ref": "desc/defenders/tas-cloud-controller-address_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Hostname is a name of a specific Defender to retrieve.\n", + "in": "query", + "name": "hostname", + "schema": { + "type": "string" + } + }, + { + "description": "Roles are the defender api.Roles to filter.\n", + "in": "query", + "name": "role", + "schema": { + "description": "Roles are the defender api.Roles to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Indicates whether to return only connected Defenders (true) or disconnected Defenders (false).\n", + "in": "query", + "name": "connected", + "schema": { + "type": "boolean" + } + }, + { + "description": "Indicates the Defender types to return (e.g., docker, dockerWindows, cri, etc).\n", + "in": "query", + "name": "type", + "schema": { + "description": "Indicates the Defender types to return (e.g., docker, dockerWindows, cri, etc).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Indicates whether to return a list of Defenders that are running the latest version of Prisma Cloud (true)\nor defenders with older versions (false).\n", + "in": "query", + "name": "latest", + "schema": { + "type": "boolean" + } + }, + { + "description": "SupportedVersion indicates only Defenders of supported versions should be fetched.\n", + "in": "query", + "name": "supportedVersion", + "schema": { + "type": "boolean" + } + }, + { + "description": "Scopes the query by cluster name.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Scopes the query by cluster name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by TAS cluster IDs.\n", + "in": "query", + "name": "tasClusterIDs", + "schema": { + "description": "Scopes the query by TAS cluster IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by TAS blobstore scanning only Defenders (true) or TAS full coverage Defenders (false).\n", + "in": "query", + "name": "tasBlobstoreScanner", + "schema": { + "type": "boolean" + } + }, + { + "description": "Scopes the query by TAS foundations.\n", + "in": "query", + "name": "tasFoundations", + "schema": { + "description": "Scopes the query by TAS foundations.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query to defenders which are using old certificate.\n", + "in": "query", + "name": "usingOldCA", + "schema": { + "type": "boolean" + } + }, + { + "description": "Scopes the query to defenders which are using expired certificate.\n", + "in": "query", + "name": "usingExpiredCA", + "schema": { + "type": "boolean" + } + }, + { + "description": "Scopes the query by provider type\nIndicates whether to return only defenders running on ARM64 architecture.\n", + "in": "query", + "name": "isARM64", + "schema": { + "type": "boolean" + } + }, + { + "description": "Indicates whether to return only defenders running as VPC Observer.\n", + "in": "query", + "name": "isVPCObserver", + "schema": { + "type": "boolean" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_string" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Defenders" + ], + "x-prisma-cloud-target-env": { + "permission": "manageDefenders" + }, + "operationId": "get-defenders-tas-cloud-controller-address", + "summary": "Defenders Tas Cloud Controller Address" + } + }, + "/api/v33.03/defenders/upgrade": { + "post": { + "description": { + "$ref": "desc/defenders/upgrade_post.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Hostname is a name of a specific Defender to retrieve.\n", + "in": "query", + "name": "hostname", + "schema": { + "type": "string" + } + }, + { + "description": "Roles are the defender api.Roles to filter.\n", + "in": "query", + "name": "role", + "schema": { + "description": "Roles are the defender api.Roles to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Indicates whether to return only connected Defenders (true) or disconnected Defenders (false).\n", + "in": "query", + "name": "connected", + "schema": { + "type": "boolean" + } + }, + { + "description": "Indicates the Defender types to return (e.g., docker, dockerWindows, cri, etc).\n", + "in": "query", + "name": "type", + "schema": { + "description": "Indicates the Defender types to return (e.g., docker, dockerWindows, cri, etc).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Indicates whether to return a list of Defenders that are running the latest version of Prisma Cloud (true)\nor defenders with older versions (false).\n", + "in": "query", + "name": "latest", + "schema": { + "type": "boolean" + } + }, + { + "description": "SupportedVersion indicates only Defenders of supported versions should be fetched.\n", + "in": "query", + "name": "supportedVersion", + "schema": { + "type": "boolean" + } + }, + { + "description": "Scopes the query by cluster name.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Scopes the query by cluster name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by TAS cluster IDs.\n", + "in": "query", + "name": "tasClusterIDs", + "schema": { + "description": "Scopes the query by TAS cluster IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by TAS blobstore scanning only Defenders (true) or TAS full coverage Defenders (false).\n", + "in": "query", + "name": "tasBlobstoreScanner", + "schema": { + "type": "boolean" + } + }, + { + "description": "Scopes the query by TAS foundations.\n", + "in": "query", + "name": "tasFoundations", + "schema": { + "description": "Scopes the query by TAS foundations.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query to defenders which are using old certificate.\n", + "in": "query", + "name": "usingOldCA", + "schema": { + "type": "boolean" + } + }, + { + "description": "Scopes the query to defenders which are using expired certificate.\n", + "in": "query", + "name": "usingExpiredCA", + "schema": { + "type": "boolean" + } + }, + { + "description": "Scopes the query by provider type\nIndicates whether to return only defenders running on ARM64 architecture.\n", + "in": "query", + "name": "isARM64", + "schema": { + "type": "boolean" + } + }, + { + "description": "Indicates whether to return only defenders running as VPC Observer.\n", + "in": "query", + "name": "isVPCObserver", + "schema": { + "type": "boolean" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Defenders" + ], + "x-prisma-cloud-target-env": { + "permission": "manageDefenders" + }, + "operationId": "post-defenders-upgrade", + "summary": "Upgrade Connected Single Linux Defenders" + } + }, + "/api/v33.03/defenders/{id}": { + "delete": { + "description": { + "$ref": "desc/defenders/id_delete.md" + }, + "parameters": [ + { + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Defenders" + ], + "x-prisma-cloud-target-env": { + "permission": "manageDefenders" + }, + "operationId": "delete-defenders-id", + "summary": "Delete a Defender" + } + }, + "/api/v33.03/defenders/{id}/features": { + "post": { + "description": { + "$ref": "desc/defenders/id_features_post.md" + }, + "parameters": [ + { + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/defender.Features" + } + } + } + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/defender.Defender" + } + } + }, + "description": "Defender is an update about an agent starting" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Defenders" + ], + "x-prisma-cloud-target-env": { + "permission": "manageDefenders" + }, + "operationId": "post-defenders-id-features", + "summary": "Update Defender Configuration" + } + }, + "/api/v33.03/defenders/{id}/restart": { + "post": { + "description": { + "$ref": "desc/defenders/id_restart_post.md" + }, + "parameters": [ + { + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Defenders" + ], + "x-prisma-cloud-target-env": { + "permission": "manageDefenders" + }, + "operationId": "post-defenders-id-restart", + "summary": "Restart a Defender" + } + }, + "/api/v33.03/defenders/{id}/upgrade": { + "post": { + "description": { + "$ref": "desc/defenders/id_upgrade_post.md" + }, + "parameters": [ + { + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Defenders" + ], + "x-prisma-cloud-target-env": { + "permission": "manageDefenders" + }, + "operationId": "post-defenders-id-upgrade", + "summary": "Upgrade a Defender" + } + }, + "/api/v33.03/feeds/custom/custom-vulnerabilities": { + "get": { + "description": { + "$ref": "desc/feeds/custom-vulnerabilities_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/vuln.CustomVulnerabilities" + } + } + }, + "description": "CustomVulnerabilities is a collection of custom vulnerabilities\nTBD: this storage usage is not best practice, should be migrate to a 1 document per vulnerability" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Feeds" + ], + "x-prisma-cloud-target-env": { + "permission": "systemOperations" + }, + "operationId": "get-feeds-custom-custom-vulnerabilities", + "summary": "Get Custom Vulnerability Feed" + }, + "put": { + "description": { + "$ref": "desc/feeds/custom-vulnerabilities_put.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/vuln.CustomVulnerabilities" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Feeds" + ], + "x-prisma-cloud-target-env": { + "permission": "systemOperations" + }, + "operationId": "put-feeds-custom-custom-vulnerabilities", + "summary": "Update Custom Vulnerability Feed" + } + }, + "/api/v33.03/feeds/custom/malware": { + "get": { + "description": { + "$ref": "desc/feeds/malware_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.CustomMalwareFeed" + } + } + }, + "description": "CustomMalwareFeed represent the custom malware" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Feeds" + ], + "x-prisma-cloud-target-env": { + "permission": "user" + }, + "operationId": "get-feeds-custom-malware", + "summary": "Get Custom Malware Feed" + }, + "put": { + "description": { + "$ref": "desc/feeds/malware_put.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.CustomMalwareFeed" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Feeds" + ], + "x-prisma-cloud-target-env": { + "permission": "systemOperations" + }, + "operationId": "put-feeds-custom-malware", + "summary": "Update Custom Malware Feed" + } + }, + "/api/v33.03/groups": { + "get": { + "description": { + "$ref": "desc/groups/get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/types.Groups" + } + } + }, + "description": "Groups represents a list of groups" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Groups" + ], + "x-prisma-cloud-target-env": { + "permission": "userManagement" + }, + "operationId": "get-groups", + "summary": "Get Groups" + } + }, + "/api/v33.03/groups/names": { + "get": { + "description": { + "$ref": "desc/groups/names.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_string" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Groups" + ], + "x-prisma-cloud-target-env": { + "permission": "userManagement" + }, + "operationId": "get-groups-names", + "summary": "Get Group Names" + } + }, + "/api/v33.03/hosts": { + "get": { + "description": { + "$ref": "desc/hosts/get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters the result based on hostnames.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Filters the result based on hostnames.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on OS distribution names.\n", + "in": "query", + "name": "distro", + "schema": { + "description": "Filters the result based on OS distribution names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Provides the minimal image data. Information about vulnerabilities, compliance, and extended image metadata are skipped.\nDefault is false.\n", + "in": "query", + "name": "compact", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters the result based on cluster names.\n", + "in": "query", + "name": "clusters", + "schema": { + "description": "Filters the result based on cluster names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on compliance IDs.\n", + "in": "query", + "name": "complianceIDs", + "schema": { + "description": "Filters the result based on compliance IDs.\n", + "items": { + "$ref": "#/components/schemas/int" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on applied compliance rule name.\n", + "in": "query", + "name": "complianceRuleName", + "schema": { + "type": "string" + } + }, + { + "description": "Retrieves the host names that were scanned by the agentless scanner.\n", + "in": "query", + "name": "agentless", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters only images scanned by CSA.\n", + "in": "query", + "name": "csa", + "schema": { + "type": "boolean" + } + }, + { + "description": "Retrieves the host names that were skipped during an agentless scan.\nDefault is false.\n", + "in": "query", + "name": "stopped", + "schema": { + "type": "boolean" + } + }, + { + "description": "Retrieves the result in the normalized form of low, medium, high, and critical based on vulnerability's severity level.\nDefault is false.\n", + "in": "query", + "name": "normalizedSeverity", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters results by uaiID.\n", + "in": "query", + "name": "uaiID", + "schema": { + "type": "string" + } + }, + { + "description": "Filters results by issue type.\n", + "in": "query", + "name": "issueType", + "schema": { + "description": "IssueType is used to filter scan results by issue type", + "enum": [ + [ + "vulnerabilities", + "compliance", + "" + ] + ], + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.ImageScanResult" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Hosts" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorHosts" + }, + "operationId": "get-hosts", + "summary": "Get Host Scan Results" + } + }, + "/api/v33.03/hosts/download": { + "get": { + "description": { + "$ref": "desc/hosts/download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters the result based on hostnames.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Filters the result based on hostnames.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on OS distribution names.\n", + "in": "query", + "name": "distro", + "schema": { + "description": "Filters the result based on OS distribution names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Provides the minimal image data. Information about vulnerabilities, compliance, and extended image metadata are skipped.\nDefault is false.\n", + "in": "query", + "name": "compact", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters the result based on cluster names.\n", + "in": "query", + "name": "clusters", + "schema": { + "description": "Filters the result based on cluster names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on compliance IDs.\n", + "in": "query", + "name": "complianceIDs", + "schema": { + "description": "Filters the result based on compliance IDs.\n", + "items": { + "$ref": "#/components/schemas/int" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on applied compliance rule name.\n", + "in": "query", + "name": "complianceRuleName", + "schema": { + "type": "string" + } + }, + { + "description": "Retrieves the host names that were scanned by the agentless scanner.\n", + "in": "query", + "name": "agentless", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters only images scanned by CSA.\n", + "in": "query", + "name": "csa", + "schema": { + "type": "boolean" + } + }, + { + "description": "Retrieves the host names that were skipped during an agentless scan.\nDefault is false.\n", + "in": "query", + "name": "stopped", + "schema": { + "type": "boolean" + } + }, + { + "description": "Retrieves the result in the normalized form of low, medium, high, and critical based on vulnerability's severity level.\nDefault is false.\n", + "in": "query", + "name": "normalizedSeverity", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters results by uaiID.\n", + "in": "query", + "name": "uaiID", + "schema": { + "type": "string" + } + }, + { + "description": "Filters results by issue type.\n", + "in": "query", + "name": "issueType", + "schema": { + "description": "IssueType is used to filter scan results by issue type", + "enum": [ + [ + "vulnerabilities", + "compliance", + "" + ] + ], + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Hosts" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorHosts" + }, + "operationId": "get-hosts-download", + "summary": "Download Host Scan Results" + } + }, + "/api/v33.03/hosts/evaluate": { + "post": { + "description": { + "$ref": "desc/hosts/evaluate_get.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/api.ResolveImagesReq" + } + } + } + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/api.ResolveImagesResp" + } + } + }, + "description": "ResolveImagesResp represents the images resolution API output" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Hosts" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorCI" + }, + "operationId": "post-hosts-evaluate", + "summary": "Resolve Hosts" + } + }, + "/api/v33.03/hosts/info": { + "get": { + "description": { + "$ref": "desc/hosts/info_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters the result based on hostnames.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Filters the result based on hostnames.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on OS distribution names.\n", + "in": "query", + "name": "distro", + "schema": { + "description": "Filters the result based on OS distribution names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Provides the minimal image data. Information about vulnerabilities, compliance, and extended image metadata are skipped.\nDefault is false.\n", + "in": "query", + "name": "compact", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters the result based on cluster names.\n", + "in": "query", + "name": "clusters", + "schema": { + "description": "Filters the result based on cluster names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on compliance IDs.\n", + "in": "query", + "name": "complianceIDs", + "schema": { + "description": "Filters the result based on compliance IDs.\n", + "items": { + "$ref": "#/components/schemas/int" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on applied compliance rule name.\n", + "in": "query", + "name": "complianceRuleName", + "schema": { + "type": "string" + } + }, + { + "description": "Retrieves the host names that were scanned by the agentless scanner.\n", + "in": "query", + "name": "agentless", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters only images scanned by CSA.\n", + "in": "query", + "name": "csa", + "schema": { + "type": "boolean" + } + }, + { + "description": "Retrieves the host names that were skipped during an agentless scan.\nDefault is false.\n", + "in": "query", + "name": "stopped", + "schema": { + "type": "boolean" + } + }, + { + "description": "Retrieves the result in the normalized form of low, medium, high, and critical based on vulnerability's severity level.\nDefault is false.\n", + "in": "query", + "name": "normalizedSeverity", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters results by uaiID.\n", + "in": "query", + "name": "uaiID", + "schema": { + "type": "string" + } + }, + { + "description": "Filters results by issue type.\n", + "in": "query", + "name": "issueType", + "schema": { + "description": "IssueType is used to filter scan results by issue type", + "enum": [ + [ + "vulnerabilities", + "compliance", + "" + ] + ], + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.HostInfo" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Hosts" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorRuntimeHosts" + }, + "operationId": "get-hosts-info", + "summary": "Get Host Information" + } + }, + "/api/v33.03/hosts/scan": { + "post": { + "description": { + "$ref": "desc/hosts/scan_post.md" + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Hosts" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorHosts" + }, + "operationId": "post-hosts-scan", + "summary": "Start a Host Scan" + } + }, + "/api/v33.03/images": { + "get": { + "description": { + "$ref": "desc/images/get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters the result based on image IDs.\n", + "in": "query", + "name": "id", + "schema": { + "description": "Filters the result based on image IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on hostnames.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Filters the result based on hostnames.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on image repository names.\n", + "in": "query", + "name": "repository", + "schema": { + "description": "Filters the result based on image repository names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on image registry names.\n", + "in": "query", + "name": "registry", + "schema": { + "description": "Filters the result based on image registry names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "List of fields to retrieve.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "List of fields to retrieve.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on image names.\n", + "in": "query", + "name": "name", + "schema": { + "description": "Filters the result based on image names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Indicates whether the CVEs are mapped to a specific image layer.\nDefault is false.\n", + "in": "query", + "name": "layers", + "schema": { + "type": "boolean" + } + }, + { + "description": "Indicates whether to filter the base image for vulnerabilities. Requires predefined base images that have already been scanned.\nDefault is false.\n", + "in": "query", + "name": "filterBaseImage", + "schema": { + "type": "boolean" + } + }, + { + "description": "Provides the minimal image data. Information about vulnerabilities, compliance, and extended image metadata are skipped.\nDefault is false.\n", + "in": "query", + "name": "compact", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters the result based on whether an image is trusted or not trusted by a trusted image policy.\nUse filters: trusted or untrusted.\n", + "in": "query", + "name": "trustStatuses", + "schema": { + "description": "Filters the result based on whether an image is trusted or not trusted by a trusted image policy.\nUse filters: trusted or untrusted.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cluster names.\n", + "in": "query", + "name": "clusters", + "schema": { + "description": "Filters the result based on cluster names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result by compliance IDs.\n", + "in": "query", + "name": "complianceIDs", + "schema": { + "description": "Filters the result by compliance IDs.\n", + "items": { + "$ref": "#/components/schemas/int" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on applied compliance rule name.\n", + "in": "query", + "name": "complianceRuleName", + "schema": { + "type": "string" + } + }, + { + "description": "Filters the result based on whether the images are scanned by App-Embedded Defenders.\nDefault is false.\n", + "in": "query", + "name": "appEmbedded", + "schema": { + "type": "boolean" + } + }, + { + "description": "Retrieves the result in the normalized form of low, medium, high, and critical based on vulnerability's severity level.\nDefault is false.\n", + "in": "query", + "name": "normalizedSeverity", + "schema": { + "type": "boolean" + } + }, + { + "description": "Indicates whether to retrieve host names that are scanned by agentless scanner.\nDefault is false.\n", + "in": "query", + "name": "agentless", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters only images scanned by CSA.\n", + "in": "query", + "name": "csa", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters results by uaiID.\n", + "in": "query", + "name": "uaiID", + "schema": { + "type": "string" + } + }, + { + "description": "Filters results by issue type.\n", + "in": "query", + "name": "issueType", + "schema": { + "description": "IssueType is used to filter scan results by issue type", + "enum": [ + [ + "vulnerabilities", + "compliance", + "" + ] + ], + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.ImageScanResult" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Images" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages" + }, + "operationId": "get-images", + "summary": "Get Image Scan Results" + } + }, + "/api/v33.03/images/download": { + "get": { + "description": { + "$ref": "desc/images/download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters the result based on image IDs.\n", + "in": "query", + "name": "id", + "schema": { + "description": "Filters the result based on image IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on hostnames.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Filters the result based on hostnames.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on image repository names.\n", + "in": "query", + "name": "repository", + "schema": { + "description": "Filters the result based on image repository names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on image registry names.\n", + "in": "query", + "name": "registry", + "schema": { + "description": "Filters the result based on image registry names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "List of fields to retrieve.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "List of fields to retrieve.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on image names.\n", + "in": "query", + "name": "name", + "schema": { + "description": "Filters the result based on image names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Indicates whether the CVEs are mapped to a specific image layer.\nDefault is false.\n", + "in": "query", + "name": "layers", + "schema": { + "type": "boolean" + } + }, + { + "description": "Indicates whether to filter the base image for vulnerabilities. Requires predefined base images that have already been scanned.\nDefault is false.\n", + "in": "query", + "name": "filterBaseImage", + "schema": { + "type": "boolean" + } + }, + { + "description": "Provides the minimal image data. Information about vulnerabilities, compliance, and extended image metadata are skipped.\nDefault is false.\n", + "in": "query", + "name": "compact", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters the result based on whether an image is trusted or not trusted by a trusted image policy.\nUse filters: trusted or untrusted.\n", + "in": "query", + "name": "trustStatuses", + "schema": { + "description": "Filters the result based on whether an image is trusted or not trusted by a trusted image policy.\nUse filters: trusted or untrusted.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cluster names.\n", + "in": "query", + "name": "clusters", + "schema": { + "description": "Filters the result based on cluster names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result by compliance IDs.\n", + "in": "query", + "name": "complianceIDs", + "schema": { + "description": "Filters the result by compliance IDs.\n", + "items": { + "$ref": "#/components/schemas/int" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on applied compliance rule name.\n", + "in": "query", + "name": "complianceRuleName", + "schema": { + "type": "string" + } + }, + { + "description": "Filters the result based on whether the images are scanned by App-Embedded Defenders.\nDefault is false.\n", + "in": "query", + "name": "appEmbedded", + "schema": { + "type": "boolean" + } + }, + { + "description": "Retrieves the result in the normalized form of low, medium, high, and critical based on vulnerability's severity level.\nDefault is false.\n", + "in": "query", + "name": "normalizedSeverity", + "schema": { + "type": "boolean" + } + }, + { + "description": "Indicates whether to retrieve host names that are scanned by agentless scanner.\nDefault is false.\n", + "in": "query", + "name": "agentless", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters only images scanned by CSA.\n", + "in": "query", + "name": "csa", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters results by uaiID.\n", + "in": "query", + "name": "uaiID", + "schema": { + "type": "string" + } + }, + { + "description": "Filters results by issue type.\n", + "in": "query", + "name": "issueType", + "schema": { + "description": "IssueType is used to filter scan results by issue type", + "enum": [ + [ + "vulnerabilities", + "compliance", + "" + ] + ], + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Images" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages" + }, + "operationId": "get-images-download", + "summary": "Download Image Scan Results" + } + }, + "/api/v33.03/images/evaluate": { + "post": { + "description": { + "$ref": "desc/images/evaluate_get.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/api.ResolveImagesReq" + } + } + } + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/api.ResolveImagesResp" + } + } + }, + "description": "ResolveImagesResp represents the images resolution API output" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Images" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorCI" + }, + "operationId": "post-images-evaluate", + "summary": "Resolve Images" + } + }, + "/api/v33.03/images/names": { + "get": { + "description": { + "$ref": "desc/images/names_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters the result based on image IDs.\n", + "in": "query", + "name": "id", + "schema": { + "description": "Filters the result based on image IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on hostnames.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Filters the result based on hostnames.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on image repository names.\n", + "in": "query", + "name": "repository", + "schema": { + "description": "Filters the result based on image repository names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on image registry names.\n", + "in": "query", + "name": "registry", + "schema": { + "description": "Filters the result based on image registry names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "List of fields to retrieve.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "List of fields to retrieve.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on image names.\n", + "in": "query", + "name": "name", + "schema": { + "description": "Filters the result based on image names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Indicates whether the CVEs are mapped to a specific image layer.\nDefault is false.\n", + "in": "query", + "name": "layers", + "schema": { + "type": "boolean" + } + }, + { + "description": "Indicates whether to filter the base image for vulnerabilities. Requires predefined base images that have already been scanned.\nDefault is false.\n", + "in": "query", + "name": "filterBaseImage", + "schema": { + "type": "boolean" + } + }, + { + "description": "Provides the minimal image data. Information about vulnerabilities, compliance, and extended image metadata are skipped.\nDefault is false.\n", + "in": "query", + "name": "compact", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters the result based on whether an image is trusted or not trusted by a trusted image policy.\nUse filters: trusted or untrusted.\n", + "in": "query", + "name": "trustStatuses", + "schema": { + "description": "Filters the result based on whether an image is trusted or not trusted by a trusted image policy.\nUse filters: trusted or untrusted.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cluster names.\n", + "in": "query", + "name": "clusters", + "schema": { + "description": "Filters the result based on cluster names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result by compliance IDs.\n", + "in": "query", + "name": "complianceIDs", + "schema": { + "description": "Filters the result by compliance IDs.\n", + "items": { + "$ref": "#/components/schemas/int" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on applied compliance rule name.\n", + "in": "query", + "name": "complianceRuleName", + "schema": { + "type": "string" + } + }, + { + "description": "Filters the result based on whether the images are scanned by App-Embedded Defenders.\nDefault is false.\n", + "in": "query", + "name": "appEmbedded", + "schema": { + "type": "boolean" + } + }, + { + "description": "Retrieves the result in the normalized form of low, medium, high, and critical based on vulnerability's severity level.\nDefault is false.\n", + "in": "query", + "name": "normalizedSeverity", + "schema": { + "type": "boolean" + } + }, + { + "description": "Indicates whether to retrieve host names that are scanned by agentless scanner.\nDefault is false.\n", + "in": "query", + "name": "agentless", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters only images scanned by CSA.\n", + "in": "query", + "name": "csa", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters results by uaiID.\n", + "in": "query", + "name": "uaiID", + "schema": { + "type": "string" + } + }, + { + "description": "Filters results by issue type.\n", + "in": "query", + "name": "issueType", + "schema": { + "description": "IssueType is used to filter scan results by issue type", + "enum": [ + [ + "vulnerabilities", + "compliance", + "" + ] + ], + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_string" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Images" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages" + }, + "operationId": "get-images-names", + "summary": "Get Image Names" + } + }, + "/api/v33.03/images/scan": { + "post": { + "description": { + "$ref": "desc/images/scan_post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/types.ImageScanOptions" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Images" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages" + }, + "operationId": "post-images-scan", + "summary": "Start Image Scan" + } + }, + "/api/v33.03/images/twistlock_defender_app_embedded.tar.gz": { + "get": { + "description": { + "$ref": "desc/images/twistlock_defender_app_embedded_tar_gz_get.md" + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Images" + ], + "x-prisma-cloud-target-env": { + "permission": "manageDefenders" + }, + "operationId": "get-images-twistlock_defender_app_embedded.tar.gz", + "summary": "Download App Embedded Defender" + } + }, + "/api/v33.03/images/twistlock_defender_layer.zip": { + "post": { + "description": { + "$ref": "desc/images/twistlock_defender_layer_zip_post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.ServerlessLayerBundleRequest" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Images" + ], + "x-prisma-cloud-target-env": { + "permission": "manageDefenders" + }, + "operationId": "post-images-twistlock_defender_layer.zip", + "summary": "Download Serverless Layer Bundle" + } + }, + "/api/v33.03/policies/compliance/ci/images": { + "get": { + "description": { + "$ref": "desc/policies/compliance_ci_images_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.Policy" + } + } + }, + "description": "Policy represents a policy that should be enforced by the Auditor" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyContainers" + }, + "operationId": "get-policies-compliance-ci-images", + "summary": "Get Continuous Integration (CI) Image Compliance Policy" + }, + "put": { + "description": { + "$ref": "desc/policies/compliance_ci_images_put.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.Policy" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyContainers" + }, + "operationId": "put-policies-compliance-ci-images", + "summary": "Update Continuous Integration (CI) Image Compliance Policy" + } + }, + "/api/v33.03/policies/compliance/ci/serverless": { + "get": { + "description": { + "$ref": "desc/policies/compliance_ci_serverless_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.Policy" + } + } + }, + "description": "Policy represents a policy that should be enforced by the Auditor" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyServerless" + }, + "operationId": "get-policies-compliance-ci-serverless", + "summary": "Get Continuous Integration (CI) Serverless Compliance Policy" + }, + "put": { + "description": { + "$ref": "desc/policies/compliance_ci_serverless_put.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.Policy" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyServerless" + }, + "operationId": "put-policies-compliance-ci-serverless", + "summary": "Update Continuous Integration (CI) Serverless Compliance Policy" + } + }, + "/api/v33.03/policies/compliance/container": { + "get": { + "description": { + "$ref": "desc/policies/compliance_container_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.Policy" + } + } + }, + "description": "Policy represents a policy that should be enforced by the Auditor" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyContainers" + }, + "operationId": "get-policies-compliance-container", + "summary": "Get Container Compliance Policy" + }, + "put": { + "description": { + "$ref": "desc/policies/compliance_container_put.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.Policy" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyContainers" + }, + "operationId": "put-policies-compliance-container", + "summary": "Update Container Compliance Policy" + } + }, + "/api/v33.03/policies/compliance/container/impacted": { + "get": { + "description": { + "$ref": "desc/policies/compliance_container_impacted_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "RuleName is the rule name to apply.\n", + "in": "query", + "name": "ruleName", + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.ImageScanResult" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyContainers" + }, + "operationId": "get-policies-compliance-container-impacted", + "summary": "Get Impacted Container Compliance Policy" + } + }, + "/api/v33.03/policies/compliance/host": { + "get": { + "description": { + "$ref": "desc/policies/compliance_host_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.Policy" + } + } + }, + "description": "Policy represents a policy that should be enforced by the Auditor" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyHosts" + }, + "operationId": "get-policies-compliance-host", + "summary": "Get Host Compliance Policy" + }, + "put": { + "description": { + "$ref": "desc/policies/compliance_host_put.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.Policy" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyHosts" + }, + "operationId": "put-policies-compliance-host", + "summary": "Update Host Compliance Policy" + } + }, + "/api/v33.03/policies/compliance/serverless": { + "get": { + "description": { + "$ref": "desc/policies/compliance_serverless_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.Policy" + } + } + }, + "description": "Policy represents a policy that should be enforced by the Auditor" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyServerless" + }, + "operationId": "get-policies-compliance-serverless", + "summary": "Get Serverless Compliance Policy" + }, + "put": { + "description": { + "$ref": "desc/policies/compliance_serverless_put.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.Policy" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyServerless" + }, + "operationId": "put-policies-compliance-serverless", + "summary": "Update Serverless Compliance Policy" + } + }, + "/api/v33.03/policies/compliance/vms/impacted": { + "get": { + "description": { + "$ref": "desc/policies/compliance_vms_impacted_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "RuleName is the rule name to apply.\n", + "in": "query", + "name": "ruleName", + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.ImageScanResult" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyHosts" + }, + "operationId": "get-policies-compliance-vms-impacted", + "summary": "Get Impacted VMs Compliance Policy" + } + }, + "/api/v33.03/policies/firewall/app/agentless": { + "get": { + "description": { + "$ref": "desc/policies/firewall_app_agentless_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/waas.Policy" + } + } + }, + "description": "Policy representation details" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyWAAS" + }, + "operationId": "get-policies-firewall-app-agentless", + "summary": "Get Agentless App Firewall Policy" + }, + "put": { + "description": { + "$ref": "desc/policies/firewall_app_agentless_put.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/waas.Policy" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyWAAS" + }, + "operationId": "put-policies-firewall-app-agentless", + "summary": "Set Agentless App Firewall Policy" + } + }, + "/api/v33.03/policies/firewall/app/agentless/impacted": { + "get": { + "description": { + "$ref": "desc/policies/firewall_app_agentless_impacted_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "RuleName is the rule name to apply.\n", + "in": "query", + "name": "ruleName", + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_waas.VPCConfigMirroredResource" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyWAAS" + }, + "operationId": "get-policies-firewall-app-agentless-impacted", + "summary": "Get Agentless App Firewall Policy Impacted" + } + }, + "/api/v33.03/policies/firewall/app/agentless/resources": { + "get": { + "description": { + "$ref": "desc/policies/firewall_app_agentless_resources_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "ConfigID is the ID of the VPC configuration.\n", + "in": "query", + "name": "configID", + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_waas.VPCConfigResource" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyWAAS" + }, + "operationId": "get-policies-firewall-app-agentless-resources", + "summary": "Get Agentless App Firewall Policy Resources" + } + }, + "/api/v33.03/policies/firewall/app/agentless/state": { + "get": { + "description": { + "$ref": "desc/policies/firewall_app_agentless_state_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/waas.AgentlessPolicyState" + } + } + }, + "description": "AgentlessPolicyState is the state of the agentless policy" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyWAAS" + }, + "operationId": "get-policies-firewall-app-agentless-state", + "summary": "Get Agentless App Firewall Policy State" + } + }, + "/api/v33.03/policies/firewall/app/apispec": { + "post": { + "description": { + "$ref": "desc/policies/firewall_app_apispec_post.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/waas.APISpec" + } + } + }, + "description": "APISpec is an API specification" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyWAAS" + }, + "operationId": "post-policies-firewall-app-apispec", + "summary": "Generate a WAAS API Specification Object" + } + }, + "/api/v33.03/policies/firewall/app/app-embedded": { + "get": { + "description": { + "$ref": "desc/policies/firewall_app-embedded_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/waas.Policy" + } + } + }, + "description": "Policy representation details" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyWAAS" + }, + "operationId": "get-policies-firewall-app-app-embedded", + "summary": "Get WAAS App-embedded Policy" + }, + "put": { + "description": { + "$ref": "desc/policies/firewall_app-embedded_put.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/waas.Policy" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyWAAS" + }, + "operationId": "put-policies-firewall-app-app-embedded", + "summary": "Update WAAS App-embedded Policy" + } + }, + "/api/v33.03/policies/firewall/app/container": { + "get": { + "description": { + "$ref": "desc/policies/firewall_app_container_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/waas.Policy" + } + } + }, + "description": "Policy representation details" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyWAAS" + }, + "operationId": "get-policies-firewall-app-container", + "summary": "Get WAAS Container Policy" + }, + "put": { + "description": { + "$ref": "desc/policies/firewall_app_container_put.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/waas.Policy" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyWAAS" + }, + "operationId": "put-policies-firewall-app-container", + "summary": "Update WAAS Container Policy" + } + }, + "/api/v33.03/policies/firewall/app/container/impacted": { + "get": { + "description": { + "$ref": "desc/policies/firewall_app_container_impacted_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "RuleName is the rule name to apply.\n", + "in": "query", + "name": "ruleName", + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.ContainerScanResult" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyWAAS" + }, + "operationId": "get-policies-firewall-app-container-impacted", + "summary": "Container App Firewall Policy Impacted" + } + }, + "/api/v33.03/policies/firewall/app/host": { + "get": { + "description": { + "$ref": "desc/policies/firewall_app_host_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/waas.Policy" + } + } + }, + "description": "Policy representation details" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyWAAS" + }, + "operationId": "get-policies-firewall-app-host", + "summary": "Get WAAS Host Policy" + }, + "put": { + "description": { + "$ref": "desc/policies/firewall_app_host_put.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/waas.Policy" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyWAAS" + }, + "operationId": "put-policies-firewall-app-host", + "summary": "Update WAAS Host Policy" + } + }, + "/api/v33.03/policies/firewall/app/host/impacted": { + "get": { + "description": { + "$ref": "desc/policies/firewall_app_host_impacted_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "RuleName is the rule name to apply.\n", + "in": "query", + "name": "ruleName", + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.ImageScanResult" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyWAAS" + }, + "operationId": "get-policies-firewall-app-host-impacted", + "summary": "Host App Firewall Policy Impacted" + } + }, + "/api/v33.03/policies/firewall/app/network-list": { + "get": { + "description": { + "$ref": "desc/policies/firewall_app_network_list_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_waas.NetworkList" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyWAAS" + }, + "operationId": "get-policies-firewall-app-network-list", + "summary": "Get WAAS Network List" + }, + "post": { + "description": { + "$ref": "desc/policies/firewall_app_network_list_post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/waas.NetworkList" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyWAAS" + }, + "operationId": "post-policies-firewall-app-network-list", + "summary": "Add WAAS Network List" + }, + "put": { + "description": { + "$ref": "desc/policies/firewall_app_network_list_put.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/waas.NetworkList" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyWAAS" + }, + "operationId": "put-policies-firewall-app-network-list", + "summary": "Update WAAS Network List" + } + }, + "/api/v33.03/policies/firewall/app/network-list/{id}": { + "delete": { + "description": { + "$ref": "desc/policies/firewall_app_network_list_id_delete.md" + }, + "parameters": [ + { + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyWAAS" + }, + "operationId": "delete-policies-firewall-app-network-list-id", + "summary": "Delete WAAS Network List" + } + }, + "/api/v33.03/policies/firewall/app/out-of-band": { + "get": { + "description": { + "$ref": "desc/policies/firewall_app_out-of-band_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/waas.Policy" + } + } + }, + "description": "Policy representation details" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyWAAS" + }, + "operationId": "get-policies-firewall-app-out-of-band", + "summary": "Get Out-of-Band WAAS Policy" + }, + "put": { + "description": { + "$ref": "desc/policies/firewall_app_out-of-band_put.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/waas.Policy" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyWAAS" + }, + "operationId": "put-policies-firewall-app-out-of-band", + "summary": "Update Out-of-Band WAAS Policy" + } + }, + "/api/v33.03/policies/firewall/app/out-of-band/impacted": { + "get": { + "description": { + "$ref": "desc/policies/firewall_app_out-of-band_impacted_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "RuleName is the rule name to apply.\n", + "in": "query", + "name": "ruleName", + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_types.ImpactedOutOfBandEntity" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyWAAS" + }, + "operationId": "get-policies-firewall-app-out-of-band-impacted", + "summary": "Get Impacted Resources for Out-of-Band WAAS Policy" + } + }, + "/api/v33.03/policies/firewall/app/serverless": { + "get": { + "description": { + "$ref": "desc/policies/firewall_app_serverless_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/waas.Policy" + } + } + }, + "description": "Policy representation details" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyWAAS" + }, + "operationId": "get-policies-firewall-app-serverless", + "summary": "Get WAAS Serverless Policy" + }, + "put": { + "description": { + "$ref": "desc/policies/firewall_app_serverless_put.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/waas.Policy" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyWAAS" + }, + "operationId": "put-policies-firewall-app-serverless", + "summary": "Update WAAS Serverless Policy" + } + }, + "/api/v33.03/policies/firewall/network": { + "get": { + "description": { + "$ref": "desc/policies/firewall_network_container_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/cnnf.Policy" + } + } + }, + "description": "Policy holds the data for firewall policies (host and container)" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyCNNF" + }, + "operationId": "get-policies-firewall-network", + "summary": "Get CNNS Container and Host Policy" + }, + "put": { + "description": { + "$ref": "desc/policies/firewall_network_container_put.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/cnnf.Policy" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyCNNF" + }, + "operationId": "put-policies-firewall-network", + "summary": "Update CNNS Container and Host Policy" + } + }, + "/api/v33.03/policies/runtime/app-embedded": { + "get": { + "description": { + "$ref": "desc/policies/runtime_app-embedded_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/runtime.AppEmbeddedPolicy" + } + } + }, + "description": "AppEmbeddedPolicy represents a runtime policy enforced for a given running resource" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyRuntimeServerless" + }, + "operationId": "get-policies-runtime-app-embedded", + "summary": "Get Runtime App-embedded Policy" + }, + "post": { + "description": { + "$ref": "desc/policies/runtime_app-embedded_post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/runtime.AppEmbeddedPolicyRule" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyRuntimeServerless" + }, + "operationId": "post-policies-runtime-app-embedded", + "summary": "Add Runtime App-embedded Policy" + }, + "put": { + "description": { + "$ref": "desc/policies/runtime_app-embedded_put.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/runtime.AppEmbeddedPolicy" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyRuntimeServerless" + }, + "operationId": "put-policies-runtime-app-embedded", + "summary": "Update Runtime App-embedded Policy" + } + }, + "/api/v33.03/policies/runtime/container": { + "get": { + "description": { + "$ref": "desc/policies/runtime_container_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/runtime.ContainerPolicy" + } + } + }, + "description": "ContainerPolicy represents a runtime policy enforced for a given running resource" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyRuntimeContainer" + }, + "operationId": "get-policies-runtime-container", + "summary": "Get Runtime Container Policy" + }, + "post": { + "description": { + "$ref": "desc/policies/runtime_container_post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/runtime.ContainerPolicyRule" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyRuntimeContainer" + }, + "operationId": "post-policies-runtime-container", + "summary": "Update Runtime Container Policy" + }, + "put": { + "description": { + "$ref": "desc/policies/runtime_container_put.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/runtime.ContainerPolicy" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyRuntimeContainer" + }, + "operationId": "put-policies-runtime-container", + "summary": "Set Container Runtime Policy" + } + }, + "/api/v33.03/policies/runtime/container/impacted": { + "get": { + "description": { + "$ref": "desc/policies/runtime_container_impacted_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "RuleName is the rule name to apply.\n", + "in": "query", + "name": "ruleName", + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.ContainerScanResult" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyRuntimeContainer" + }, + "operationId": "get-policies-runtime-container-impacted", + "summary": "Update Runtime Impacted Container Policy" + } + }, + "/api/v33.03/policies/runtime/host": { + "get": { + "description": { + "$ref": "desc/policies/runtime_host_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/runtime.HostPolicy" + } + } + }, + "description": "HostPolicy represents a host runtime policy enforced for a given running resource" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyRuntimeHosts" + }, + "operationId": "get-policies-runtime-host", + "summary": "Get Runtime Host Policy" + }, + "post": { + "description": { + "$ref": "desc/policies/runtime_host_post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/runtime.HostPolicyRule" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyRuntimeHosts" + }, + "operationId": "post-policies-runtime-host", + "summary": "Update Runtime Host Policy" + }, + "put": { + "description": { + "$ref": "desc/policies/runtime_host_put.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/runtime.HostPolicy" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyRuntimeHosts" + }, + "operationId": "put-policies-runtime-host", + "summary": "Set Host Runtime Policy" + } + }, + "/api/v33.03/policies/runtime/serverless": { + "get": { + "description": { + "$ref": "desc/policies/runtime_serverless_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/runtime.ServerlessPolicy" + } + } + }, + "description": "ServerlessPolicy represents a serverless runtime policy enforced for a given running resource" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyRuntimeServerless" + }, + "operationId": "get-policies-runtime-serverless", + "summary": "Get Runtime Serverless Policy" + }, + "post": { + "description": { + "$ref": "desc/policies/runtime_serverless_post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/runtime.ServerlessPolicyRule" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyRuntimeServerless" + }, + "operationId": "post-policies-runtime-serverless", + "summary": "Update Runtime Serverless Policy" + }, + "put": { + "description": { + "$ref": "desc/policies/runtime_serverless_put.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/runtime.ServerlessPolicy" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyRuntimeServerless" + }, + "operationId": "put-policies-runtime-serverless", + "summary": "Set Serverless Runtime Policy" + } + }, + "/api/v33.03/policies/vulnerability/base-images": { + "get": { + "description": { + "$ref": "desc/policies/vulnerability_base_images_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_types.BaseImagesRule" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyContainers" + }, + "operationId": "get-policies-vulnerability-base-images", + "summary": "Get Base Images Rules" + }, + "post": { + "description": { + "$ref": "desc/policies/vulnerability_base_images_post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/types.BaseImagesRule" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyContainers" + }, + "operationId": "post-policies-vulnerability-base-images", + "summary": "Add Base Images Rule" + } + }, + "/api/v33.03/policies/vulnerability/base-images/download": { + "get": { + "description": { + "$ref": "desc/policies/vulnerability_base_images_download.md" + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyContainers" + }, + "operationId": "get-policies-vulnerability-base-images-download", + "summary": "Download Base Images Rules" + } + }, + "/api/v33.03/policies/vulnerability/base-images/{id}": { + "delete": { + "description": { + "$ref": "desc/policies/vulnerability_base_images_id_delete.md" + }, + "parameters": [ + { + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyContainers" + }, + "operationId": "delete-policies-vulnerability-base-images-id", + "summary": "Delete Base Images Rule" + } + }, + "/api/v33.03/policies/vulnerability/ci/images": { + "get": { + "description": { + "$ref": "desc/policies/vulnerability_ci_images_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.Policy" + } + } + }, + "description": "Policy represents a policy that should be enforced by the Auditor" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyContainers" + }, + "operationId": "get-policies-vulnerability-ci-images", + "summary": "Get CI Image Vulnerability Policy" + }, + "put": { + "description": { + "$ref": "desc/policies/vulnerability_ci_images_put.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.Policy" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyContainers" + }, + "operationId": "put-policies-vulnerability-ci-images", + "summary": "Update CI Image Vulnerability Policy" + } + }, + "/api/v33.03/policies/vulnerability/ci/serverless": { + "get": { + "description": { + "$ref": "desc/policies/vulnerability_ci_serverless_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.Policy" + } + } + }, + "description": "Policy represents a policy that should be enforced by the Auditor" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyServerless" + }, + "operationId": "get-policies-vulnerability-ci-serverless", + "summary": "Get CI Serverless Vulnerability Policy" + }, + "put": { + "description": { + "$ref": "desc/policies/vulnerability_ci_serverless_put.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.Policy" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyServerless" + }, + "operationId": "put-policies-vulnerability-ci-serverless", + "summary": "Update CI Serverless Vulnerability Policy" + } + }, + "/api/v33.03/policies/vulnerability/host": { + "get": { + "description": { + "$ref": "desc/policies/vulnerability_host_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.Policy" + } + } + }, + "description": "Policy represents a policy that should be enforced by the Auditor" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyHosts" + }, + "operationId": "get-policies-vulnerability-host", + "summary": "Get Host Vulnerability Policy" + }, + "put": { + "description": { + "$ref": "desc/policies/vulnerability_host_put.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.Policy" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyHosts" + }, + "operationId": "put-policies-vulnerability-host", + "summary": "Update Host Vulnerability Policy" + } + }, + "/api/v33.03/policies/vulnerability/host/impacted": { + "get": { + "description": { + "$ref": "desc/policies/vulnerability_host_impacted_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "RuleName is the rule name to apply.\n", + "in": "query", + "name": "ruleName", + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.ImageScanResult" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyHosts" + }, + "operationId": "get-policies-vulnerability-host-impacted", + "summary": "Get Impacted Host Vulnerability Policy" + } + }, + "/api/v33.03/policies/vulnerability/images": { + "get": { + "description": { + "$ref": "desc/policies/vulnerability_images_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.Policy" + } + } + }, + "description": "Policy represents a policy that should be enforced by the Auditor" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyContainers" + }, + "operationId": "get-policies-vulnerability-images", + "summary": "Get Image Vulnerability Policy" + }, + "put": { + "description": { + "$ref": "desc/policies/vulnerability_images_put.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.Policy" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyContainers" + }, + "operationId": "put-policies-vulnerability-images", + "summary": "Update Image Vulnerability Policy" + } + }, + "/api/v33.03/policies/vulnerability/images/impacted": { + "get": { + "description": { + "$ref": "desc/policies/vulnerability_images_impacted_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "RuleName is the rule name to apply.\n", + "in": "query", + "name": "ruleName", + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.ImageScanResult" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyContainers" + }, + "operationId": "get-policies-vulnerability-images-impacted", + "summary": "Get Impacted Image Vulnerability Policy" + } + }, + "/api/v33.03/policies/vulnerability/serverless": { + "get": { + "description": { + "$ref": "desc/policies/vulnerability_serverless_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.Policy" + } + } + }, + "description": "Policy represents a policy that should be enforced by the Auditor" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyServerless" + }, + "operationId": "get-policies-vulnerability-serverless", + "summary": "Get Serverless Vulnerability Policy" + }, + "put": { + "description": { + "$ref": "desc/policies/vulnerability_serverless_put.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.Policy" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyServerless" + }, + "operationId": "put-policies-vulnerability-serverless", + "summary": "Update Serverless Vulnerability Policy" + } + }, + "/api/v33.03/profiles/app-embedded": { + "get": { + "description": { + "$ref": "desc/profiles/app-embedded_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "IDs is the runtime profile id filter.\n", + "in": "query", + "name": "id", + "schema": { + "description": "IDs is the runtime profile id filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AppIDs is the app embedded profile app IDs filter.\n", + "in": "query", + "name": "appID", + "schema": { + "description": "AppIDs is the app embedded profile app IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Containers is the app embedded container filter.\n", + "in": "query", + "name": "container", + "schema": { + "description": "Containers is the app embedded container filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Images is the app embedded images filter.\n", + "in": "query", + "name": "image", + "schema": { + "description": "Images is the app embedded images filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Clusters is the app embedded clusters filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Clusters is the app embedded clusters filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ImageIDs is the app embedded image IDs filter.\n", + "in": "query", + "name": "imageID", + "schema": { + "description": "ImageIDs is the app embedded image IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.AppEmbeddedRuntimeProfile" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Profiles" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorRuntimeServerless" + }, + "operationId": "get-profiles-app-embedded", + "summary": "Get App-embedded Profiles" + } + }, + "/api/v33.03/profiles/app-embedded/download": { + "get": { + "description": { + "$ref": "desc/profiles/app-embedded_download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "IDs is the runtime profile id filter.\n", + "in": "query", + "name": "id", + "schema": { + "description": "IDs is the runtime profile id filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AppIDs is the app embedded profile app IDs filter.\n", + "in": "query", + "name": "appID", + "schema": { + "description": "AppIDs is the app embedded profile app IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Containers is the app embedded container filter.\n", + "in": "query", + "name": "container", + "schema": { + "description": "Containers is the app embedded container filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Images is the app embedded images filter.\n", + "in": "query", + "name": "image", + "schema": { + "description": "Images is the app embedded images filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Clusters is the app embedded clusters filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Clusters is the app embedded clusters filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ImageIDs is the app embedded image IDs filter.\n", + "in": "query", + "name": "imageID", + "schema": { + "description": "ImageIDs is the app embedded image IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Profiles" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorRuntimeServerless" + }, + "operationId": "get-profiles-app-embedded-download", + "summary": "Download App-embedded Profiles" + } + }, + "/api/v33.03/profiles/container": { + "get": { + "description": { + "$ref": "desc/profiles/container_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "IDs is the runtime profile id filter.\n", + "in": "query", + "name": "id", + "schema": { + "description": "IDs is the runtime profile id filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OS is the service runtime profile OS filter.\n", + "in": "query", + "name": "os", + "schema": { + "description": "OS is the service runtime profile OS filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "States is the runtime profile state filter.\n", + "in": "query", + "name": "state", + "schema": { + "description": "States is the runtime profile state filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ImageIDs is the runtime profile image id filter.\n", + "in": "query", + "name": "imageID", + "schema": { + "description": "ImageIDs is the runtime profile image id filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Images is the runtime profile image filter.\n", + "in": "query", + "name": "image", + "schema": { + "description": "Images is the runtime profile image filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hosts is the runtime profile hostname filter.\n", + "in": "query", + "name": "hostName", + "schema": { + "description": "Hosts is the runtime profile hostname filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces is the runtime profile k8s namespace filter.\n", + "in": "query", + "name": "namespace", + "schema": { + "description": "Namespaces is the runtime profile k8s namespace filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Clusters is the runtime profile k8s cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Clusters is the runtime profile k8s cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.ContainerRuntimeProfile" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Profiles" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorRuntimeContainers" + }, + "operationId": "get-profiles-container", + "summary": "Get Runtime Container Profiles" + } + }, + "/api/v33.03/profiles/container/download": { + "get": { + "description": { + "$ref": "desc/profiles/container_download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "IDs is the runtime profile id filter.\n", + "in": "query", + "name": "id", + "schema": { + "description": "IDs is the runtime profile id filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OS is the service runtime profile OS filter.\n", + "in": "query", + "name": "os", + "schema": { + "description": "OS is the service runtime profile OS filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "States is the runtime profile state filter.\n", + "in": "query", + "name": "state", + "schema": { + "description": "States is the runtime profile state filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ImageIDs is the runtime profile image id filter.\n", + "in": "query", + "name": "imageID", + "schema": { + "description": "ImageIDs is the runtime profile image id filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Images is the runtime profile image filter.\n", + "in": "query", + "name": "image", + "schema": { + "description": "Images is the runtime profile image filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hosts is the runtime profile hostname filter.\n", + "in": "query", + "name": "hostName", + "schema": { + "description": "Hosts is the runtime profile hostname filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces is the runtime profile k8s namespace filter.\n", + "in": "query", + "name": "namespace", + "schema": { + "description": "Namespaces is the runtime profile k8s namespace filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Clusters is the runtime profile k8s cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Clusters is the runtime profile k8s cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Profiles" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorRuntimeContainers" + }, + "operationId": "get-profiles-container-download", + "summary": "Download Runtime Container Profiles" + } + }, + "/api/v33.03/profiles/container/learn": { + "post": { + "description": { + "$ref": "desc/profiles/container_learn_post.md" + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Profiles" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorRuntimeContainers" + }, + "operationId": "post-profiles-container-learn", + "summary": "Learn Runtime Container Profiles" + } + }, + "/api/v33.03/profiles/host": { + "get": { + "description": { + "$ref": "desc/profiles/host_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "IDs is the runtime profile id filter.\n", + "in": "query", + "name": "id", + "schema": { + "description": "IDs is the runtime profile id filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OS is the service runtime profile OS filter.\n", + "in": "query", + "name": "os", + "schema": { + "description": "OS is the service runtime profile OS filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "States is the runtime profile state filter.\n", + "in": "query", + "name": "state", + "schema": { + "description": "States is the runtime profile state filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ImageIDs is the runtime profile image id filter.\n", + "in": "query", + "name": "imageID", + "schema": { + "description": "ImageIDs is the runtime profile image id filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Images is the runtime profile image filter.\n", + "in": "query", + "name": "image", + "schema": { + "description": "Images is the runtime profile image filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hosts is the runtime profile hostname filter.\n", + "in": "query", + "name": "hostName", + "schema": { + "description": "Hosts is the runtime profile hostname filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces is the runtime profile k8s namespace filter.\n", + "in": "query", + "name": "namespace", + "schema": { + "description": "Namespaces is the runtime profile k8s namespace filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Clusters is the runtime profile k8s cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Clusters is the runtime profile k8s cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_runtime.HostProfile" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Profiles" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorRuntimeHosts" + }, + "operationId": "get-profiles-host", + "summary": "Get Runtime Host Profiles" + } + }, + "/api/v33.03/profiles/host/download": { + "get": { + "description": { + "$ref": "desc/profiles/host_download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "IDs is the runtime profile id filter.\n", + "in": "query", + "name": "id", + "schema": { + "description": "IDs is the runtime profile id filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OS is the service runtime profile OS filter.\n", + "in": "query", + "name": "os", + "schema": { + "description": "OS is the service runtime profile OS filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "States is the runtime profile state filter.\n", + "in": "query", + "name": "state", + "schema": { + "description": "States is the runtime profile state filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ImageIDs is the runtime profile image id filter.\n", + "in": "query", + "name": "imageID", + "schema": { + "description": "ImageIDs is the runtime profile image id filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Images is the runtime profile image filter.\n", + "in": "query", + "name": "image", + "schema": { + "description": "Images is the runtime profile image filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hosts is the runtime profile hostname filter.\n", + "in": "query", + "name": "hostName", + "schema": { + "description": "Hosts is the runtime profile hostname filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces is the runtime profile k8s namespace filter.\n", + "in": "query", + "name": "namespace", + "schema": { + "description": "Namespaces is the runtime profile k8s namespace filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Clusters is the runtime profile k8s cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Clusters is the runtime profile k8s cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Profiles" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorRuntimeHosts" + }, + "operationId": "get-profiles-host-download", + "summary": "Download Runtime Host Profiles" + } + }, + "/api/v33.03/registry": { + "get": { + "description": { + "$ref": "desc/registry/get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters results by registry image.\n", + "in": "query", + "name": "id", + "schema": { + "description": "Filters results by registry image.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result by image IDs that are available in daemonset.\n", + "in": "query", + "name": "imageID", + "schema": { + "description": "Filters the result by image IDs that are available in daemonset.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on image repository names.\n", + "in": "query", + "name": "repository", + "schema": { + "description": "Filters the result based on image repository names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on image registry names.\n", + "in": "query", + "name": "registry", + "schema": { + "description": "Filters the result based on image registry names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on full image names.\n", + "in": "query", + "name": "name", + "schema": { + "description": "Filters the result based on full image names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Indicates whether the CVEs are mapped to an image layer.\nDefault is false.\n", + "in": "query", + "name": "layers", + "schema": { + "type": "boolean" + } + }, + { + "description": "Provides the minimal image data. Information about vulnerabilities, compliance, and extended image metadata are skipped.\nDefault is false.\n", + "in": "query", + "name": "compact", + "schema": { + "type": "boolean" + } + }, + { + "description": "Indicates whether to filter the base image for vulnerabilities. Requires predefined base images that have already been scanned.\nDefault is false.\n", + "in": "query", + "name": "filterBaseImage", + "schema": { + "type": "boolean" + } + }, + { + "description": "Retrieves the result in the normalized form of low, medium, high, and critical based on vulnerability's severity level.\nDefault is false.\n", + "in": "query", + "name": "normalizedSeverity", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters results by uaiID.\n", + "in": "query", + "name": "uaiID", + "schema": { + "type": "string" + } + }, + { + "description": "Filters results by issue type.\n", + "in": "query", + "name": "issueType", + "schema": { + "description": "IssueType is used to filter scan results by issue type", + "enum": [ + [ + "vulnerabilities", + "compliance", + "" + ] + ], + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.ImageScanResult" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Registry" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages" + }, + "operationId": "get-registry", + "summary": "Get Registry Scan Results" + } + }, + "/api/v33.03/registry/download": { + "get": { + "description": { + "$ref": "desc/registry/download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters results by registry image.\n", + "in": "query", + "name": "id", + "schema": { + "description": "Filters results by registry image.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result by image IDs that are available in daemonset.\n", + "in": "query", + "name": "imageID", + "schema": { + "description": "Filters the result by image IDs that are available in daemonset.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on image repository names.\n", + "in": "query", + "name": "repository", + "schema": { + "description": "Filters the result based on image repository names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on image registry names.\n", + "in": "query", + "name": "registry", + "schema": { + "description": "Filters the result based on image registry names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on full image names.\n", + "in": "query", + "name": "name", + "schema": { + "description": "Filters the result based on full image names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Indicates whether the CVEs are mapped to an image layer.\nDefault is false.\n", + "in": "query", + "name": "layers", + "schema": { + "type": "boolean" + } + }, + { + "description": "Provides the minimal image data. Information about vulnerabilities, compliance, and extended image metadata are skipped.\nDefault is false.\n", + "in": "query", + "name": "compact", + "schema": { + "type": "boolean" + } + }, + { + "description": "Indicates whether to filter the base image for vulnerabilities. Requires predefined base images that have already been scanned.\nDefault is false.\n", + "in": "query", + "name": "filterBaseImage", + "schema": { + "type": "boolean" + } + }, + { + "description": "Retrieves the result in the normalized form of low, medium, high, and critical based on vulnerability's severity level.\nDefault is false.\n", + "in": "query", + "name": "normalizedSeverity", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters results by uaiID.\n", + "in": "query", + "name": "uaiID", + "schema": { + "type": "string" + } + }, + { + "description": "Filters results by issue type.\n", + "in": "query", + "name": "issueType", + "schema": { + "description": "IssueType is used to filter scan results by issue type", + "enum": [ + [ + "vulnerabilities", + "compliance", + "" + ] + ], + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Registry" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages" + }, + "operationId": "get-registry-download", + "summary": "Download Registry Scan Results" + } + }, + "/api/v33.03/registry/names": { + "get": { + "description": { + "$ref": "desc/registry/names_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters results by registry image.\n", + "in": "query", + "name": "id", + "schema": { + "description": "Filters results by registry image.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result by image IDs that are available in daemonset.\n", + "in": "query", + "name": "imageID", + "schema": { + "description": "Filters the result by image IDs that are available in daemonset.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on image repository names.\n", + "in": "query", + "name": "repository", + "schema": { + "description": "Filters the result based on image repository names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on image registry names.\n", + "in": "query", + "name": "registry", + "schema": { + "description": "Filters the result based on image registry names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on full image names.\n", + "in": "query", + "name": "name", + "schema": { + "description": "Filters the result based on full image names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Indicates whether the CVEs are mapped to an image layer.\nDefault is false.\n", + "in": "query", + "name": "layers", + "schema": { + "type": "boolean" + } + }, + { + "description": "Provides the minimal image data. Information about vulnerabilities, compliance, and extended image metadata are skipped.\nDefault is false.\n", + "in": "query", + "name": "compact", + "schema": { + "type": "boolean" + } + }, + { + "description": "Indicates whether to filter the base image for vulnerabilities. Requires predefined base images that have already been scanned.\nDefault is false.\n", + "in": "query", + "name": "filterBaseImage", + "schema": { + "type": "boolean" + } + }, + { + "description": "Retrieves the result in the normalized form of low, medium, high, and critical based on vulnerability's severity level.\nDefault is false.\n", + "in": "query", + "name": "normalizedSeverity", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters results by uaiID.\n", + "in": "query", + "name": "uaiID", + "schema": { + "type": "string" + } + }, + { + "description": "Filters results by issue type.\n", + "in": "query", + "name": "issueType", + "schema": { + "description": "IssueType is used to filter scan results by issue type", + "enum": [ + [ + "vulnerabilities", + "compliance", + "" + ] + ], + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_string" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Registry" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages" + }, + "operationId": "get-registry-names", + "summary": "Get Registry Image Names" + } + }, + "/api/v33.03/registry/progress": { + "get": { + "description": { + "$ref": "desc/registry/get_registry_progress.md" + }, + "parameters": [ + { + "description": "OnDemand indicates the requested progress is for an on-demand scan.\n", + "in": "query", + "name": "onDemand", + "schema": { + "type": "boolean" + } + }, + { + "description": "Registry is the image's registry.\n", + "in": "query", + "name": "registry", + "schema": { + "type": "string" + } + }, + { + "description": "Repository is the image's repository.\n", + "in": "query", + "name": "repo", + "schema": { + "type": "string" + } + }, + { + "description": "Tag is the image's tag.\n", + "in": "query", + "name": "tag", + "schema": { + "type": "string" + } + }, + { + "description": "Digest is the image's digest.\n", + "in": "query", + "name": "digest", + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.RegistryScanProgress" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Registry" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages" + }, + "operationId": "get-registry-progress", + "summary": "View Registry Scan Progress" + } + }, + "/api/v33.03/registry/scan": { + "post": { + "description": { + "$ref": "desc/registry/scan_post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.RegistryScanRequest" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Registry" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages" + }, + "operationId": "post-registry-scan", + "summary": "Start a Registry Scan" + } + }, + "/api/v33.03/registry/scan/select": { + "post": { + "description": { + "$ref": "desc/registry/scan_select_post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.RegistryScanRequest" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Registry" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages" + }, + "operationId": "post-registry-scan-select", + "summary": "Scan Registries" + } + }, + "/api/v33.03/registry/stop": { + "post": { + "description": { + "$ref": "desc/registry/stop_post.md" + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Registry" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages" + }, + "operationId": "post-registry-stop", + "summary": "Stop a Registry Scan" + } + }, + "/api/v33.03/registry/stop/{id}": { + "post": { + "description": { + "$ref": "desc/registry/stop_id_post.md" + }, + "parameters": [ + { + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Registry" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages" + }, + "operationId": "post-registry-stop-id", + "summary": "Stop a Registry spec Scan" + } + }, + "/api/v33.03/sandbox": { + "post": { + "description": { + "$ref": "desc/sandbox/post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/sandbox.ScanResult" + } + } + } + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/sandbox.ScanResult" + } + } + }, + "description": "ScanResult represents sandbox scan results" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Sandbox" + ], + "x-prisma-cloud-target-env": { + "permission": "sandbox" + }, + "operationId": "post-sandbox", + "summary": "AddSandboxScanResult" + } + }, + "/api/v33.03/sbom/download/cli-images": { + "get": { + "description": { + "$ref": "desc/sbom/download_ci_images_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "ID is the ID of the entity of which the SBOM is generated for.\n", + "in": "query", + "name": "id", + "schema": { + "description": "ID is the ID of the entity of which the SBOM is generated for.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "sbomFormat is the file format of the SBOM.\n", + "in": "query", + "name": "sbomFormat", + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Sbom" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages" + }, + "operationId": "get-sbom-download-cli-images", + "summary": "Download SBOM CI Images" + } + }, + "/api/v33.03/sbom/download/cli-serverless": { + "get": { + "description": { + "$ref": "desc/sbom/download_cli_serverless_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "ID is the ID of the entity of which the SBOM is generated for.\n", + "in": "query", + "name": "id", + "schema": { + "description": "ID is the ID of the entity of which the SBOM is generated for.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "sbomFormat is the file format of the SBOM.\n", + "in": "query", + "name": "sbomFormat", + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Sbom" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages" + }, + "operationId": "get-sbom-download-cli-serverless", + "summary": "Download SBOM CLI Serverless" + } + }, + "/api/v33.03/sbom/download/hosts": { + "get": { + "description": { + "$ref": "desc/sbom/download_hosts_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "ID is the ID of the entity of which the SBOM is generated for.\n", + "in": "query", + "name": "id", + "schema": { + "description": "ID is the ID of the entity of which the SBOM is generated for.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "sbomFormat is the file format of the SBOM.\n", + "in": "query", + "name": "sbomFormat", + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Sbom" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages" + }, + "operationId": "get-sbom-download-hosts", + "summary": "Download SBOM Hosts" + } + }, + "/api/v33.03/sbom/download/images": { + "get": { + "description": { + "$ref": "desc/sbom/download_images_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "ID is the ID of the entity of which the SBOM is generated for.\n", + "in": "query", + "name": "id", + "schema": { + "description": "ID is the ID of the entity of which the SBOM is generated for.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "sbomFormat is the file format of the SBOM.\n", + "in": "query", + "name": "sbomFormat", + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Sbom" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages" + }, + "operationId": "get-sbom-download-images", + "summary": "Download SBOM Images" + } + }, + "/api/v33.03/sbom/download/registry": { + "get": { + "description": { + "$ref": "desc/sbom/download_registry_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "ID is the ID of the entity of which the SBOM is generated for.\n", + "in": "query", + "name": "id", + "schema": { + "description": "ID is the ID of the entity of which the SBOM is generated for.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "sbomFormat is the file format of the SBOM.\n", + "in": "query", + "name": "sbomFormat", + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Sbom" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages" + }, + "operationId": "get-sbom-download-registry", + "summary": "Download SBOM Registry" + } + }, + "/api/v33.03/sbom/download/serverless": { + "get": { + "description": { + "$ref": "desc/sbom/download_serverless_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "ID is the ID of the entity of which the SBOM is generated for.\n", + "in": "query", + "name": "id", + "schema": { + "description": "ID is the ID of the entity of which the SBOM is generated for.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "sbomFormat is the file format of the SBOM.\n", + "in": "query", + "name": "sbomFormat", + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Sbom" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages" + }, + "operationId": "get-sbom-download-serverless", + "summary": "Download SBOM Serverless" + } + }, + "/api/v33.03/sbom/download/vms": { + "get": { + "description": { + "$ref": "desc/sbom/download_vms_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "ID is the ID of the entity of which the SBOM is generated for.\n", + "in": "query", + "name": "id", + "schema": { + "description": "ID is the ID of the entity of which the SBOM is generated for.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "sbomFormat is the file format of the SBOM.\n", + "in": "query", + "name": "sbomFormat", + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Sbom" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages" + }, + "operationId": "get-sbom-download-vms", + "summary": "Download SBOM VMs" + } + }, + "/api/v33.03/scans": { + "get": { + "description": { + "$ref": "desc/scans/get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Scan ID used in the image layers fetch.\n", + "in": "query", + "name": "_id", + "schema": { + "type": "string" + } + }, + { + "description": "Jenkins job name.\n", + "in": "query", + "name": "jobName", + "schema": { + "description": "Jenkins job name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scan type.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Scan type.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Indicates whether to filter on passed scans (true) or not (false).\n", + "in": "query", + "name": "pass", + "schema": { + "type": "boolean" + } + }, + { + "description": "Build number.\n", + "in": "query", + "name": "build", + "schema": { + "type": "string" + } + }, + { + "description": "Image ID of scanned image.\n", + "in": "query", + "name": "imageID", + "schema": { + "type": "string" + } + }, + { + "description": "Indicates if CVEs are mapped to image layer (true) or not (false).\n", + "in": "query", + "name": "layers", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters results by start datetime. Based on scan time.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Filters results by end datetime. Based on scan time.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "List of fields to retrieve.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "List of fields to retrieve.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Indicates if base image vulnerabilities are to be filtered (true) or not (false). Requires predefined base images that have already been scanned.\n", + "in": "query", + "name": "filterBaseImage", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters results by uaiID.\n", + "in": "query", + "name": "uaiID", + "schema": { + "type": "string" + } + }, + { + "description": "Filters results by issue type.\n", + "in": "query", + "name": "issueType", + "schema": { + "description": "IssueType is used to filter scan results by issue type", + "enum": [ + [ + "vulnerabilities", + "compliance", + "" + ] + ], + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.CLIScanResult" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Scans" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorCI" + }, + "operationId": "get-scans", + "summary": "Get All CI Image Scan Results" + }, + "post": { + "description": { + "$ref": "desc/scans/post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.CLIScanResult" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Scans" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorCI" + }, + "operationId": "post-scans", + "summary": "Add CLI Scan Result" + } + }, + "/api/v33.03/scans/download": { + "get": { + "description": { + "$ref": "desc/scans/download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Scan ID used in the image layers fetch.\n", + "in": "query", + "name": "_id", + "schema": { + "type": "string" + } + }, + { + "description": "Jenkins job name.\n", + "in": "query", + "name": "jobName", + "schema": { + "description": "Jenkins job name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scan type.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Scan type.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Indicates whether to filter on passed scans (true) or not (false).\n", + "in": "query", + "name": "pass", + "schema": { + "type": "boolean" + } + }, + { + "description": "Build number.\n", + "in": "query", + "name": "build", + "schema": { + "type": "string" + } + }, + { + "description": "Image ID of scanned image.\n", + "in": "query", + "name": "imageID", + "schema": { + "type": "string" + } + }, + { + "description": "Indicates if CVEs are mapped to image layer (true) or not (false).\n", + "in": "query", + "name": "layers", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters results by start datetime. Based on scan time.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Filters results by end datetime. Based on scan time.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "List of fields to retrieve.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "List of fields to retrieve.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Indicates if base image vulnerabilities are to be filtered (true) or not (false). Requires predefined base images that have already been scanned.\n", + "in": "query", + "name": "filterBaseImage", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters results by uaiID.\n", + "in": "query", + "name": "uaiID", + "schema": { + "type": "string" + } + }, + { + "description": "Filters results by issue type.\n", + "in": "query", + "name": "issueType", + "schema": { + "description": "IssueType is used to filter scan results by issue type", + "enum": [ + [ + "vulnerabilities", + "compliance", + "" + ] + ], + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Scans" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorCI" + }, + "operationId": "get-scans-download", + "summary": "Download CI Image Scan Results" + } + }, + "/api/v33.03/scans/{id}": { + "get": { + "description": { + "$ref": "desc/scans/id_get.md" + }, + "parameters": [ + { + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Scans" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorCI" + }, + "operationId": "get-scans-id", + "summary": "Get CI Image Scan Results" + } + }, + "/api/v33.03/serverless": { + "get": { + "description": { + "$ref": "desc/serverless/get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Retrieves a list of cloud function IDs.\n", + "in": "query", + "name": "id", + "schema": { + "description": "Retrieves a list of cloud function IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Retrieves a list of cloud controller addresses that contains the cloud functions.\n", + "in": "query", + "name": "cloudControllerAddresses", + "schema": { + "description": "Retrieves a list of cloud controller addresses that contains the cloud functions.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud runtimes.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Filters the result based on cloud runtimes.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud function's versions.\n", + "in": "query", + "name": "version", + "schema": { + "description": "Filters the result based on cloud function's versions.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on AWS Lambda Layers.\n", + "in": "query", + "name": "functionLayers", + "schema": { + "description": "Filters the result based on AWS Lambda Layers.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters result based on cloud functions that are connected and protected by a Defender.\n", + "in": "query", + "name": "defended", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters result based on compliance IDs.\n", + "in": "query", + "name": "complianceIDs", + "schema": { + "description": "Filters result based on compliance IDs.\n", + "items": { + "$ref": "#/components/schemas/int" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on applied compliance rule name.\n", + "in": "query", + "name": "complianceRuleName", + "schema": { + "type": "string" + } + }, + { + "description": "Filters result based on platforms (OS and architecture) such as Windows, Linux ARM x64, Linux x86, and so on.\n", + "in": "query", + "name": "platform", + "schema": { + "description": "Filters result based on platforms (OS and architecture) such as Windows, Linux ARM x64, Linux x86, and so on.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Retrieves the result in the normalized form of low, medium, high, and critical based on vulnerability's severity level.\nDefault is false.\n", + "in": "query", + "name": "normalizedSeverity", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters results by issue type.\n", + "in": "query", + "name": "issueType", + "schema": { + "description": "IssueType is used to filter scan results by issue type", + "enum": [ + [ + "vulnerabilities", + "compliance", + "" + ] + ], + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_serverless.FunctionInfo" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Serverless" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorServerless" + }, + "operationId": "get-serverless", + "summary": "Get Serverless Function Scan Results" + } + }, + "/api/v33.03/serverless/download": { + "get": { + "description": { + "$ref": "desc/serverless/download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Retrieves a list of cloud function IDs.\n", + "in": "query", + "name": "id", + "schema": { + "description": "Retrieves a list of cloud function IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Retrieves a list of cloud controller addresses that contains the cloud functions.\n", + "in": "query", + "name": "cloudControllerAddresses", + "schema": { + "description": "Retrieves a list of cloud controller addresses that contains the cloud functions.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud runtimes.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Filters the result based on cloud runtimes.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud function's versions.\n", + "in": "query", + "name": "version", + "schema": { + "description": "Filters the result based on cloud function's versions.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on AWS Lambda Layers.\n", + "in": "query", + "name": "functionLayers", + "schema": { + "description": "Filters the result based on AWS Lambda Layers.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters result based on cloud functions that are connected and protected by a Defender.\n", + "in": "query", + "name": "defended", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters result based on compliance IDs.\n", + "in": "query", + "name": "complianceIDs", + "schema": { + "description": "Filters result based on compliance IDs.\n", + "items": { + "$ref": "#/components/schemas/int" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on applied compliance rule name.\n", + "in": "query", + "name": "complianceRuleName", + "schema": { + "type": "string" + } + }, + { + "description": "Filters result based on platforms (OS and architecture) such as Windows, Linux ARM x64, Linux x86, and so on.\n", + "in": "query", + "name": "platform", + "schema": { + "description": "Filters result based on platforms (OS and architecture) such as Windows, Linux ARM x64, Linux x86, and so on.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Retrieves the result in the normalized form of low, medium, high, and critical based on vulnerability's severity level.\nDefault is false.\n", + "in": "query", + "name": "normalizedSeverity", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters results by issue type.\n", + "in": "query", + "name": "issueType", + "schema": { + "description": "IssueType is used to filter scan results by issue type", + "enum": [ + [ + "vulnerabilities", + "compliance", + "" + ] + ], + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Serverless" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorServerless" + }, + "operationId": "get-serverless-download", + "summary": "Download Serverless Function Scan Results" + } + }, + "/api/v33.03/serverless/evaluate": { + "post": { + "description": { + "$ref": "desc/serverless/evaluate_post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/api.ResolveFunctionsReq" + } + } + } + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/api.ResolveFunctionsResp" + } + } + }, + "description": "ResolveFunctionsResp represents the functions resolution API output" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Serverless" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorCI" + }, + "operationId": "post-serverless-evaluate", + "summary": "Resolve Functions" + } + }, + "/api/v33.03/serverless/names": { + "get": { + "description": { + "$ref": "desc/serverless/names_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Retrieves a list of cloud function IDs.\n", + "in": "query", + "name": "id", + "schema": { + "description": "Retrieves a list of cloud function IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Retrieves a list of cloud controller addresses that contains the cloud functions.\n", + "in": "query", + "name": "cloudControllerAddresses", + "schema": { + "description": "Retrieves a list of cloud controller addresses that contains the cloud functions.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud runtimes.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Filters the result based on cloud runtimes.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud function's versions.\n", + "in": "query", + "name": "version", + "schema": { + "description": "Filters the result based on cloud function's versions.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on AWS Lambda Layers.\n", + "in": "query", + "name": "functionLayers", + "schema": { + "description": "Filters the result based on AWS Lambda Layers.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters result based on cloud functions that are connected and protected by a Defender.\n", + "in": "query", + "name": "defended", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters result based on compliance IDs.\n", + "in": "query", + "name": "complianceIDs", + "schema": { + "description": "Filters result based on compliance IDs.\n", + "items": { + "$ref": "#/components/schemas/int" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on applied compliance rule name.\n", + "in": "query", + "name": "complianceRuleName", + "schema": { + "type": "string" + } + }, + { + "description": "Filters result based on platforms (OS and architecture) such as Windows, Linux ARM x64, Linux x86, and so on.\n", + "in": "query", + "name": "platform", + "schema": { + "description": "Filters result based on platforms (OS and architecture) such as Windows, Linux ARM x64, Linux x86, and so on.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Retrieves the result in the normalized form of low, medium, high, and critical based on vulnerability's severity level.\nDefault is false.\n", + "in": "query", + "name": "normalizedSeverity", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters results by issue type.\n", + "in": "query", + "name": "issueType", + "schema": { + "description": "IssueType is used to filter scan results by issue type", + "enum": [ + [ + "vulnerabilities", + "compliance", + "" + ] + ], + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_string" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Serverless" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorServerless" + }, + "operationId": "get-serverless-names", + "summary": "Get Serverless Function Names" + } + }, + "/api/v33.03/serverless/scan": { + "post": { + "description": { + "$ref": "desc/serverless/scan_post.md" + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Serverless" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorServerless" + }, + "operationId": "post-serverless-scan", + "summary": "Start Serverless Function Scan" + } + }, + "/api/v33.03/serverless/stop": { + "post": { + "description": { + "$ref": "desc/serverless/stop_post.md" + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Serverless" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorServerless" + }, + "operationId": "post-serverless-stop", + "summary": "Stop Serverless Function Scan" + } + }, + "/api/v33.03/settings/certs": { + "get": { + "description": { + "$ref": "desc/settings/certs_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/types.CertSettings" + } + } + }, + "description": "CertSettings are the certificates settings" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "manageDefenders" + }, + "operationId": "get-settings-certs", + "summary": "Get Certificate Settings for Prisma Cloud Compute" + } + }, + "/api/v33.03/settings/custom-labels": { + "get": { + "description": { + "$ref": "desc/settings/custom-labels_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.CustomLabelsSettings" + } + } + }, + "description": "CustomLabelsSettings are customized label names that are used to augment audit events\nThey can either be docker labels (which appears in the container label specification)\nor k8s/openshift labels (which appears in the pause container that monitors the target container)" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "user" + }, + "operationId": "get-settings-custom-labels", + "summary": "Get Alert Labels" + }, + "post": { + "description": { + "$ref": "desc/settings/custom-labels_post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.CustomLabelsSettings" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "manageAlerts" + }, + "operationId": "post-settings-custom-labels", + "summary": "Add Alert Labels" + } + }, + "/api/v33.03/settings/defender": { + "get": { + "description": { + "$ref": "desc/settings/defender_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/defender.Settings" + } + } + }, + "description": "Settings is the Defender settings" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "manageDefenders" + }, + "operationId": "get-settings-defender", + "summary": "Get Advanced Defender Settings" + } + }, + "/api/v33.03/settings/intelligence": { + "get": { + "description": { + "$ref": "desc/settings/intelligence_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/intelligence.IntelligenceSettings" + } + } + }, + "description": "IntelligenceSettings are the intelligence service settings" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "systemOperations" + }, + "operationId": "get-settings-intelligence", + "summary": "Get Intelligence Stream Settings" + } + }, + "/api/v33.03/settings/license": { + "get": { + "description": { + "$ref": "desc/settings/license_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.License" + } + } + }, + "description": "License represent the customer license" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "accessUI" + }, + "operationId": "get-settings-license", + "summary": "Get Prisma Cloud Compute License" + } + }, + "/api/v33.03/settings/logging": { + "get": { + "description": { + "$ref": "desc/settings/logging_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.LoggingSettings" + } + } + }, + "description": "LoggingSettings are the logging settings" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "manageAlerts" + }, + "operationId": "get-settings-logging", + "summary": "Get Logging Settings" + }, + "post": { + "description": { + "$ref": "desc/settings/logging_post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.LoggingSettings" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "manageAlerts" + }, + "operationId": "post-settings-logging", + "summary": "Add Logging Settings" + } + }, + "/api/v33.03/settings/logon": { + "get": { + "description": { + "$ref": "desc/settings/logon_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/types.LogonSettings" + } + } + }, + "description": "LogonSettings are settings associated with the login properties" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "authConfiguration" + }, + "operationId": "get-settings-logon", + "summary": "Get Logon Settings" + } + }, + "/api/v33.03/settings/proxy": { + "get": { + "description": { + "$ref": "desc/settings/proxy_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/common.ProxySettings" + } + } + }, + "description": "ProxySettings are the http proxy settings" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "systemOperations" + }, + "operationId": "get-settings-proxy", + "summary": "Get Proxy Settings of Prisma Cloud Compute" + }, + "post": { + "description": { + "$ref": "desc/settings/proxy_post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/common.ProxySettings" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "systemOperations" + }, + "operationId": "post-settings-proxy", + "summary": "Add Proxy Settings for Prisma Cloud Compute" + } + }, + "/api/v33.03/settings/registry": { + "get": { + "description": { + "$ref": "desc/settings/registry_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.RegistrySettings" + } + } + }, + "description": "RegistrySettings contains each registry's unique settings" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "policyContainers" + }, + "operationId": "get-settings-registry", + "summary": "Get Registry Settings" + }, + "post": { + "description": { + "$ref": "desc/settings/registry_post.md" + }, + "parameters": [ + { + "description": "ScanLater indicates to save the setting without starting a scan.\n", + "in": "query", + "name": "scanLater", + "schema": { + "type": "boolean" + } + } + ], + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.RegistrySpecification" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "policyContainers" + }, + "operationId": "post-settings-registry", + "summary": "Add Registry Settings" + }, + "put": { + "description": { + "$ref": "desc/settings/registry_put.md" + }, + "parameters": [ + { + "description": "ScanLater indicates to save the setting without starting a scan.\n", + "in": "query", + "name": "scanLater", + "schema": { + "type": "boolean" + } + } + ], + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.RegistrySettings" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "policyContainers" + }, + "operationId": "put-settings-registry", + "summary": "Update Registry Settings" + } + }, + "/api/v33.03/settings/saml": { + "get": { + "description": { + "$ref": "desc/settings/saml_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/identity.SamlSettings" + } + } + }, + "description": "SamlSettings are the saml connectivity settings" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "authConfiguration" + }, + "operationId": "get-settings-saml", + "summary": "Get SAML Settings of Prisma Cloud Compute" + } + }, + "/api/v33.03/settings/scan": { + "get": { + "description": { + "$ref": "desc/settings/scan_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.ScanSettings" + } + } + }, + "description": "ScanSettings are global settings for image/host/container and registry scanning" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "systemOperations" + }, + "operationId": "get-settings-scan", + "summary": "Get Global Scan Settings" + }, + "post": { + "description": { + "$ref": "desc/settings/scan_post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.ScanSettings" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "systemOperations" + }, + "operationId": "post-settings-scan", + "summary": "Add Global Scan Settings" + } + }, + "/api/v33.03/settings/tas": { + "get": { + "description": { + "$ref": "desc/settings/tas_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.TASDropletSpecification" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "policyContainers" + }, + "operationId": "get-settings-tas", + "summary": "Get TAS Settings" + }, + "post": { + "description": { + "$ref": "desc/settings/tas_post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.TASDropletSpecification" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "policyContainers" + }, + "operationId": "post-settings-tas", + "summary": "Add TAS Settings" + } + }, + "/api/v33.03/settings/vm": { + "get": { + "description": { + "$ref": "desc/settings/vm_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.VMSpecification" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "policyHosts" + }, + "operationId": "get-settings-vm", + "summary": "Get VM Image Scan Settings" + }, + "put": { + "description": { + "$ref": "desc/settings/vm_put.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.VMSpecification" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "policyHosts" + }, + "operationId": "put-settings-vm", + "summary": "Update VM Image Scan Settings" + } + }, + "/api/v33.03/settings/wildfire": { + "get": { + "description": { + "$ref": "desc/settings/wildfire_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.WildFireSettings" + } + } + }, + "description": "WildFireSettings are the settings for WildFire API requests" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorCI" + }, + "operationId": "get-settings-wildfire", + "summary": "Wild Fire Settings" + } + }, + "/api/v33.03/stats/app-firewall/count": { + "get": { + "description": { + "$ref": "desc/stats/app_firewall_count_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/int" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Stats" + ], + "x-prisma-cloud-target-env": { + "permission": "systemOperations" + }, + "operationId": "get-stats-app-firewall-count", + "summary": "Application Firewall Count" + } + }, + "/api/v33.03/stats/compliance": { + "get": { + "description": { + "$ref": "desc/stats/compliance_get.md" + }, + "parameters": [ + { + "description": "Scopes query by collection.\n", + "in": "query", + "name": "collections", + "schema": { + "description": "Scopes query by collection.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes query by account ID.\n", + "in": "query", + "name": "accountIDs", + "schema": { + "description": "Scopes query by account ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters results by rule name.\n", + "in": "query", + "name": "ruleName", + "schema": { + "type": "string" + } + }, + { + "description": "Filters results by policy type. Used to further scope queries because rule names do not need to be unique between policies.\n", + "in": "query", + "name": "policyType", + "schema": { + "description": "PolicyType represents the type of the policy", + "enum": [ + [ + "containerVulnerability", + "containerCompliance", + "ciImagesVulnerability", + "ciImagesCompliance", + "hostVulnerability", + "hostCompliance", + "vmVulnerability", + "vmCompliance", + "serverlessCompliance", + "ciServerlessCompliance", + "serverlessVulnerability", + "ciServerlessVulnerability", + "containerRuntime", + "appEmbeddedRuntime", + "containerAppFirewall", + "hostAppFirewall", + "outOfBandAppFirewall", + "agentlessAppFirewall", + "serverObserverAppFirewall", + "appEmbeddedAppFirewall", + "serverlessAppFirewall", + "networkFirewall", + "secrets", + "hostRuntime", + "serverlessRuntime", + "kubernetesAudit", + "trust", + "admission", + "codeRepoCompliance", + "ciCodeRepoCompliance", + "ciCodeRepoVulnerability", + "codeRepoVulnerability" + ] + ], + "type": "string" + } + }, + { + "description": "Filters results by category. For example, a benchmark or resource type.\n", + "in": "query", + "name": "category", + "schema": { + "description": "ComplianceCategory represents the compliance category", + "enum": [ + [ + "Docker", + "Docker (DISA STIG)", + "Twistlock Labs", + "Custom", + "Istio", + "Linux", + "Kubernetes", + "CRI", + "OpenShift", + "Application Control", + "GKE", + "Prisma Cloud Labs", + "EKS", + "AKS" + ] + ], + "type": "string" + } + }, + { + "description": "Filters results by compliance template.\n", + "in": "query", + "name": "template", + "schema": { + "description": "ComplianceTemplate represents the compliance template", + "enum": [ + [ + "PCI", + "HIPAA", + "NIST SP 800-190", + "GDPR", + "DISA STIG" + ] + ], + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/types.ComplianceStats" + } + } + }, + "description": "ComplianceStats holds compliance data" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Stats" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorCompliance" + }, + "operationId": "get-stats-compliance", + "summary": "Get Compliance Stats" + } + }, + "/api/v33.03/stats/compliance/download": { + "get": { + "description": { + "$ref": "desc/stats/compliance_download_get.md" + }, + "parameters": [ + { + "description": "Scopes query by collection.\n", + "in": "query", + "name": "collections", + "schema": { + "description": "Scopes query by collection.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes query by account ID.\n", + "in": "query", + "name": "accountIDs", + "schema": { + "description": "Scopes query by account ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters results by rule name.\n", + "in": "query", + "name": "ruleName", + "schema": { + "type": "string" + } + }, + { + "description": "Filters results by policy type. Used to further scope queries because rule names do not need to be unique between policies.\n", + "in": "query", + "name": "policyType", + "schema": { + "description": "PolicyType represents the type of the policy", + "enum": [ + [ + "containerVulnerability", + "containerCompliance", + "ciImagesVulnerability", + "ciImagesCompliance", + "hostVulnerability", + "hostCompliance", + "vmVulnerability", + "vmCompliance", + "serverlessCompliance", + "ciServerlessCompliance", + "serverlessVulnerability", + "ciServerlessVulnerability", + "containerRuntime", + "appEmbeddedRuntime", + "containerAppFirewall", + "hostAppFirewall", + "outOfBandAppFirewall", + "agentlessAppFirewall", + "serverObserverAppFirewall", + "appEmbeddedAppFirewall", + "serverlessAppFirewall", + "networkFirewall", + "secrets", + "hostRuntime", + "serverlessRuntime", + "kubernetesAudit", + "trust", + "admission", + "codeRepoCompliance", + "ciCodeRepoCompliance", + "ciCodeRepoVulnerability", + "codeRepoVulnerability" + ] + ], + "type": "string" + } + }, + { + "description": "Filters results by category. For example, a benchmark or resource type.\n", + "in": "query", + "name": "category", + "schema": { + "description": "ComplianceCategory represents the compliance category", + "enum": [ + [ + "Docker", + "Docker (DISA STIG)", + "Twistlock Labs", + "Custom", + "Istio", + "Linux", + "Kubernetes", + "CRI", + "OpenShift", + "Application Control", + "GKE", + "Prisma Cloud Labs", + "EKS", + "AKS" + ] + ], + "type": "string" + } + }, + { + "description": "Filters results by compliance template.\n", + "in": "query", + "name": "template", + "schema": { + "description": "ComplianceTemplate represents the compliance template", + "enum": [ + [ + "PCI", + "HIPAA", + "NIST SP 800-190", + "GDPR", + "DISA STIG" + ] + ], + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Stats" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorCompliance" + }, + "operationId": "get-stats-compliance-download", + "summary": "Download Compliance Stats" + } + }, + "/api/v33.03/stats/compliance/refresh": { + "post": { + "description": { + "$ref": "desc/stats/compliance_refresh.md" + }, + "parameters": [ + { + "description": "Scopes query by collection.\n", + "in": "query", + "name": "collections", + "schema": { + "description": "Scopes query by collection.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes query by account ID.\n", + "in": "query", + "name": "accountIDs", + "schema": { + "description": "Scopes query by account ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters results by rule name.\n", + "in": "query", + "name": "ruleName", + "schema": { + "type": "string" + } + }, + { + "description": "Filters results by policy type. Used to further scope queries because rule names do not need to be unique between policies.\n", + "in": "query", + "name": "policyType", + "schema": { + "description": "PolicyType represents the type of the policy", + "enum": [ + [ + "containerVulnerability", + "containerCompliance", + "ciImagesVulnerability", + "ciImagesCompliance", + "hostVulnerability", + "hostCompliance", + "vmVulnerability", + "vmCompliance", + "serverlessCompliance", + "ciServerlessCompliance", + "serverlessVulnerability", + "ciServerlessVulnerability", + "containerRuntime", + "appEmbeddedRuntime", + "containerAppFirewall", + "hostAppFirewall", + "outOfBandAppFirewall", + "agentlessAppFirewall", + "serverObserverAppFirewall", + "appEmbeddedAppFirewall", + "serverlessAppFirewall", + "networkFirewall", + "secrets", + "hostRuntime", + "serverlessRuntime", + "kubernetesAudit", + "trust", + "admission", + "codeRepoCompliance", + "ciCodeRepoCompliance", + "ciCodeRepoVulnerability", + "codeRepoVulnerability" + ] + ], + "type": "string" + } + }, + { + "description": "Filters results by category. For example, a benchmark or resource type.\n", + "in": "query", + "name": "category", + "schema": { + "description": "ComplianceCategory represents the compliance category", + "enum": [ + [ + "Docker", + "Docker (DISA STIG)", + "Twistlock Labs", + "Custom", + "Istio", + "Linux", + "Kubernetes", + "CRI", + "OpenShift", + "Application Control", + "GKE", + "Prisma Cloud Labs", + "EKS", + "AKS" + ] + ], + "type": "string" + } + }, + { + "description": "Filters results by compliance template.\n", + "in": "query", + "name": "template", + "schema": { + "description": "ComplianceTemplate represents the compliance template", + "enum": [ + [ + "PCI", + "HIPAA", + "NIST SP 800-190", + "GDPR", + "DISA STIG" + ] + ], + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/types.ComplianceStats" + } + } + }, + "description": "ComplianceStats holds compliance data" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Stats" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorCompliance" + }, + "operationId": "post-stats-compliance-refresh", + "summary": "Refresh Compliance Stats" + } + }, + "/api/v33.03/stats/daily": { + "get": { + "description": { + "$ref": "desc/stats/daily_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_types.Stats" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Stats" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorRuntimeContainers" + }, + "operationId": "get-stats-daily", + "summary": "Get Daily Compliance Stats" + } + }, + "/api/v33.03/stats/dashboard": { + "get": { + "description": { + "$ref": "desc/stats/dashboard_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/types.Trends" + } + } + }, + "description": "Trends contains data on global trends in the system" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Stats" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorVuln" + }, + "operationId": "get-stats-dashboard", + "summary": "Get Dashboard Stats" + } + }, + "/api/v33.03/stats/events": { + "get": { + "description": { + "$ref": "desc/stats/events_get.md" + }, + "parameters": [ + { + "description": "Collections are collections scoping the query.\n", + "in": "query", + "name": "collections", + "schema": { + "description": "Collections are collections scoping the query.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AccountIDs are the account IDs scoping the query.\n", + "in": "query", + "name": "accountIDs", + "schema": { + "description": "AccountIDs are the account IDs scoping the query.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/types.EventStats" + } + } + }, + "description": "EventStats holds counters for all event types" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Stats" + ], + "x-prisma-cloud-target-env": { + "permission": "accessUI" + }, + "operationId": "get-stats-events", + "summary": "Get Event Stats" + } + }, + "/api/v33.03/stats/license": { + "get": { + "description": { + "$ref": "desc/stats/license_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/types.LicenseStats" + } + } + }, + "description": "LicenseStats holds the console license stats" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Stats" + ], + "x-prisma-cloud-target-env": { + "permission": "systemOperations" + }, + "operationId": "get-stats-license", + "summary": "Get Event Stats" + } + }, + "/api/v33.03/stats/vulnerabilities": { + "get": { + "description": { + "$ref": "desc/stats/vulnerabilities_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "CVE is the single CVE ID to return vulnerability data for.\n", + "in": "query", + "name": "cve", + "schema": { + "type": "string" + } + }, + { + "description": "SeverityThreshold is the minimum severity indicating that all retrieved CVEs severities are greater than or equal to the threshold.\n", + "in": "query", + "name": "severityThreshold", + "schema": { + "type": "string" + } + }, + { + "description": "CVSSThreshold is the minimum CVSS score indicating that all retrieved CVEs CVSS scores are greater than or equal to the threshold.\n", + "in": "query", + "name": "cvssThreshold", + "schema": { + "format": "float", + "type": "number" + } + }, + { + "description": "ResourceType is the single resource type to return vulnerability data for.\n", + "in": "query", + "name": "resourceType", + "schema": { + "description": "ResourceType represents the resource type", + "enum": [ + [ + "container", + "image", + "host", + "istio", + "vm", + "function", + "registryImage" + ] + ], + "type": "string" + } + }, + { + "description": "Agentless indicates whether to retrieve vulnerability data for agentless hosts/images.\n", + "in": "query", + "name": "agentless", + "schema": { + "type": "boolean" + } + }, + { + "description": "Stopped indicates whether to retrieve vulnerability data for hosts that were not running during agentless scan.\n", + "in": "query", + "name": "stopped", + "schema": { + "type": "boolean" + } + }, + { + "description": "Packages filter by impacted packages.\n", + "in": "query", + "name": "packages", + "schema": { + "description": "Packages filter by impacted packages.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RiskFactors filter by CVE risk factors.\n", + "in": "query", + "name": "riskFactors", + "schema": { + "description": "RiskFactors filter by CVE risk factors.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "EnvRiskFactors filter by environmental risk factors.\n", + "in": "query", + "name": "envRiskFactors", + "schema": { + "description": "EnvRiskFactors filter by environmental risk factors.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_types.VulnerabilityStats" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Stats" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorVuln" + }, + "operationId": "get-stats-vulnerabilities", + "summary": "Get Vulnerability (CVEs) Stats" + } + }, + "/api/v33.03/stats/vulnerabilities/download": { + "get": { + "description": { + "$ref": "desc/stats/vulnerabilities_download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "CVE is the single CVE ID to return vulnerability data for.\n", + "in": "query", + "name": "cve", + "schema": { + "type": "string" + } + }, + { + "description": "SeverityThreshold is the minimum severity indicating that all retrieved CVEs severities are greater than or equal to the threshold.\n", + "in": "query", + "name": "severityThreshold", + "schema": { + "type": "string" + } + }, + { + "description": "CVSSThreshold is the minimum CVSS score indicating that all retrieved CVEs CVSS scores are greater than or equal to the threshold.\n", + "in": "query", + "name": "cvssThreshold", + "schema": { + "format": "float", + "type": "number" + } + }, + { + "description": "ResourceType is the single resource type to return vulnerability data for.\n", + "in": "query", + "name": "resourceType", + "schema": { + "description": "ResourceType represents the resource type", + "enum": [ + [ + "container", + "image", + "host", + "istio", + "vm", + "function", + "registryImage" + ] + ], + "type": "string" + } + }, + { + "description": "Agentless indicates whether to retrieve vulnerability data for agentless hosts/images.\n", + "in": "query", + "name": "agentless", + "schema": { + "type": "boolean" + } + }, + { + "description": "Stopped indicates whether to retrieve vulnerability data for hosts that were not running during agentless scan.\n", + "in": "query", + "name": "stopped", + "schema": { + "type": "boolean" + } + }, + { + "description": "Packages filter by impacted packages.\n", + "in": "query", + "name": "packages", + "schema": { + "description": "Packages filter by impacted packages.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RiskFactors filter by CVE risk factors.\n", + "in": "query", + "name": "riskFactors", + "schema": { + "description": "RiskFactors filter by CVE risk factors.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "EnvRiskFactors filter by environmental risk factors.\n", + "in": "query", + "name": "envRiskFactors", + "schema": { + "description": "EnvRiskFactors filter by environmental risk factors.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Stats" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorVuln" + }, + "operationId": "get-stats-vulnerabilities-download", + "summary": "Download Vulnerability (CVEs) Stats" + } + }, + "/api/v33.03/stats/vulnerabilities/impacted-resources": { + "get": { + "description": { + "$ref": "desc/stats/vulnerabilities_impacted_resources_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "CVE is used to as a pivot for the impacted resource search.\n", + "in": "query", + "name": "cve", + "schema": { + "type": "string" + } + }, + { + "description": "SeverityThreshold is the minimum severity indicating that all retrieved CVEs severities are greater than or equal to the threshold.\n", + "in": "query", + "name": "severityThreshold", + "schema": { + "type": "string" + } + }, + { + "description": "CVSSThreshold is the minimum CVSS score indicating that all retrieved CVEs CVSS scores are greater than or equal to the threshold.\n", + "in": "query", + "name": "cvssThreshold", + "schema": { + "format": "float", + "type": "number" + } + }, + { + "description": "ResourceType is the single resource type to return vulnerability data for.\n", + "in": "query", + "name": "resourceType", + "schema": { + "description": "ResourceType represents the resource type", + "enum": [ + [ + "container", + "image", + "host", + "istio", + "vm", + "function", + "registryImage" + ] + ], + "type": "string" + } + }, + { + "description": "Agentless indicates whether to retrieve vulnerability data for agentless hosts/images.\n", + "in": "query", + "name": "agentless", + "schema": { + "type": "boolean" + } + }, + { + "description": "Stopped indicates whether to retrieve vulnerability data for hosts that were not running during agentless scan.\n", + "in": "query", + "name": "stopped", + "schema": { + "type": "boolean" + } + }, + { + "description": "Packages filter by impacted packages.\n", + "in": "query", + "name": "packages", + "schema": { + "description": "Packages filter by impacted packages.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RiskFactors filter by CVE risk factors.\n", + "in": "query", + "name": "riskFactors", + "schema": { + "description": "RiskFactors filter by CVE risk factors.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "EnvRiskFactors filter by environmental risk factors.\n", + "in": "query", + "name": "envRiskFactors", + "schema": { + "description": "EnvRiskFactors filter by environmental risk factors.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/types.VulnImpactedResources" + } + } + }, + "description": "VulnImpactedResources holds details about the resources impacted by vulnerability" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Stats" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorVuln" + }, + "operationId": "get-stats-vulnerabilities-impacted-resources", + "summary": "Get Impacted Resources Vulnerability (CVE) Stats" + } + }, + "/api/v33.03/stats/vulnerabilities/impacted-resources/download": { + "get": { + "description": { + "$ref": "desc/stats/vulnerabilities_impacted_resources_download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "CVE is used to as a pivot for the impacted resource search.\n", + "in": "query", + "name": "cve", + "schema": { + "type": "string" + } + }, + { + "description": "SeverityThreshold is the minimum severity indicating that all retrieved CVEs severities are greater than or equal to the threshold.\n", + "in": "query", + "name": "severityThreshold", + "schema": { + "type": "string" + } + }, + { + "description": "CVSSThreshold is the minimum CVSS score indicating that all retrieved CVEs CVSS scores are greater than or equal to the threshold.\n", + "in": "query", + "name": "cvssThreshold", + "schema": { + "format": "float", + "type": "number" + } + }, + { + "description": "ResourceType is the single resource type to return vulnerability data for.\n", + "in": "query", + "name": "resourceType", + "schema": { + "description": "ResourceType represents the resource type", + "enum": [ + [ + "container", + "image", + "host", + "istio", + "vm", + "function", + "registryImage" + ] + ], + "type": "string" + } + }, + { + "description": "Agentless indicates whether to retrieve vulnerability data for agentless hosts/images.\n", + "in": "query", + "name": "agentless", + "schema": { + "type": "boolean" + } + }, + { + "description": "Stopped indicates whether to retrieve vulnerability data for hosts that were not running during agentless scan.\n", + "in": "query", + "name": "stopped", + "schema": { + "type": "boolean" + } + }, + { + "description": "Packages filter by impacted packages.\n", + "in": "query", + "name": "packages", + "schema": { + "description": "Packages filter by impacted packages.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RiskFactors filter by CVE risk factors.\n", + "in": "query", + "name": "riskFactors", + "schema": { + "description": "RiskFactors filter by CVE risk factors.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "EnvRiskFactors filter by environmental risk factors.\n", + "in": "query", + "name": "envRiskFactors", + "schema": { + "description": "EnvRiskFactors filter by environmental risk factors.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Stats" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorVuln" + }, + "operationId": "get-stats-vulnerabilities-impacted-resources-download", + "summary": "Download Impacted Resources Vulnerability (CVE) Stats" + } + }, + "/api/v33.03/stats/vulnerabilities/refresh": { + "post": { + "description": { + "$ref": "desc/stats/vulnerabilities_refresh_post.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_types.VulnerabilityStats" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Stats" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorVuln" + }, + "operationId": "post-stats-vulnerabilities-refresh", + "summary": "Refresh Vulnerability Stats" + } + }, + "/api/v33.03/statuses/buildah": { + "get": { + "description": { + "$ref": "desc/statuses/buildah_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/api.BuildahFeatureStatus" + } + } + }, + "description": "BuildahFeatureStatus holds the response for the buildah feature status" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Statuses" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorCI" + }, + "operationId": "get-statuses-buildah", + "summary": "Buildah Feature Status returns the buildah feature status" + } + }, + "/api/v33.03/statuses/registry": { + "get": { + "description": { + "$ref": "desc/statuses/registry_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/defender.ScanStatus" + } + } + }, + "description": "ScanStatus represents the status of current scan" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Statuses" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages" + }, + "operationId": "get-statuses-registry", + "summary": "Get Registry Scan Status" + } + }, + "/api/v33.03/tags": { + "get": { + "description": { + "$ref": "desc/tags/get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.Tag" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Tags" + ], + "x-prisma-cloud-target-env": { + "permission": "collections" + }, + "operationId": "get-tags", + "summary": "Get Tags" + }, + "post": { + "description": { + "$ref": "desc/tags/post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.Tag" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Tags" + ], + "x-prisma-cloud-target-env": { + "permission": "collections" + }, + "operationId": "post-tags", + "summary": "Add Tags" + } + }, + "/api/v33.03/tags/{id}": { + "delete": { + "description": { + "$ref": "desc/tags/name_delete.md" + }, + "parameters": [ + { + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Tags" + ], + "x-prisma-cloud-target-env": { + "permission": "collections" + }, + "operationId": "delete-tags-id", + "summary": "Delete a Tag" + }, + "put": { + "description": { + "$ref": "desc/tags/name_put.md" + }, + "parameters": [ + { + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.Tag" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Tags" + ], + "x-prisma-cloud-target-env": { + "permission": "collections" + }, + "operationId": "put-tags-id", + "summary": "Update a Tag" + } + }, + "/api/v33.03/tags/{id}/vuln": { + "delete": { + "description": { + "$ref": "desc/tags/tag_cve_delete.md" + }, + "parameters": [ + { + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Tags" + ], + "x-prisma-cloud-target-env": { + "permission": "collections" + }, + "operationId": "delete-tags-id-vuln", + "summary": "Delete Tag Vulnerability Metadata" + }, + "post": { + "description": { + "$ref": "desc/tags/tag_cve_post.md" + }, + "parameters": [ + { + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.TagVulnMetadata" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Tags" + ], + "x-prisma-cloud-target-env": { + "permission": "collections" + }, + "operationId": "post-tags-id-vuln", + "summary": "Set Tag Vulnerability Metadata" + } + }, + "/api/v33.03/tas-droplets": { + "get": { + "description": { + "$ref": "desc/tas-droplets/get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Retrieves a list of cloud function IDs.\n", + "in": "query", + "name": "id", + "schema": { + "description": "Retrieves a list of cloud function IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Retrieves a list of cloud controller addresses that contains the cloud functions.\n", + "in": "query", + "name": "cloudControllerAddresses", + "schema": { + "description": "Retrieves a list of cloud controller addresses that contains the cloud functions.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud runtimes.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Filters the result based on cloud runtimes.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud function's versions.\n", + "in": "query", + "name": "version", + "schema": { + "description": "Filters the result based on cloud function's versions.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on AWS Lambda Layers.\n", + "in": "query", + "name": "functionLayers", + "schema": { + "description": "Filters the result based on AWS Lambda Layers.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters result based on cloud functions that are connected and protected by a Defender.\n", + "in": "query", + "name": "defended", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters result based on compliance IDs.\n", + "in": "query", + "name": "complianceIDs", + "schema": { + "description": "Filters result based on compliance IDs.\n", + "items": { + "$ref": "#/components/schemas/int" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on applied compliance rule name.\n", + "in": "query", + "name": "complianceRuleName", + "schema": { + "type": "string" + } + }, + { + "description": "Filters result based on platforms (OS and architecture) such as Windows, Linux ARM x64, Linux x86, and so on.\n", + "in": "query", + "name": "platform", + "schema": { + "description": "Filters result based on platforms (OS and architecture) such as Windows, Linux ARM x64, Linux x86, and so on.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Retrieves the result in the normalized form of low, medium, high, and critical based on vulnerability's severity level.\nDefault is false.\n", + "in": "query", + "name": "normalizedSeverity", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters results by issue type.\n", + "in": "query", + "name": "issueType", + "schema": { + "description": "IssueType is used to filter scan results by issue type", + "enum": [ + [ + "vulnerabilities", + "compliance", + "" + ] + ], + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_serverless.FunctionInfo" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Tas-Droplets" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages" + }, + "operationId": "get-tas-droplets", + "summary": "Get TAS Droplets" + } + }, + "/api/v33.03/tas-droplets/addresses": { + "get": { + "description": { + "$ref": "desc/tas-droplets/get_tas_addresses.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Retrieves a list of cloud function IDs.\n", + "in": "query", + "name": "id", + "schema": { + "description": "Retrieves a list of cloud function IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Retrieves a list of cloud controller addresses that contains the cloud functions.\n", + "in": "query", + "name": "cloudControllerAddresses", + "schema": { + "description": "Retrieves a list of cloud controller addresses that contains the cloud functions.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud runtimes.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Filters the result based on cloud runtimes.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud function's versions.\n", + "in": "query", + "name": "version", + "schema": { + "description": "Filters the result based on cloud function's versions.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on AWS Lambda Layers.\n", + "in": "query", + "name": "functionLayers", + "schema": { + "description": "Filters the result based on AWS Lambda Layers.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters result based on cloud functions that are connected and protected by a Defender.\n", + "in": "query", + "name": "defended", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters result based on compliance IDs.\n", + "in": "query", + "name": "complianceIDs", + "schema": { + "description": "Filters result based on compliance IDs.\n", + "items": { + "$ref": "#/components/schemas/int" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on applied compliance rule name.\n", + "in": "query", + "name": "complianceRuleName", + "schema": { + "type": "string" + } + }, + { + "description": "Filters result based on platforms (OS and architecture) such as Windows, Linux ARM x64, Linux x86, and so on.\n", + "in": "query", + "name": "platform", + "schema": { + "description": "Filters result based on platforms (OS and architecture) such as Windows, Linux ARM x64, Linux x86, and so on.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Retrieves the result in the normalized form of low, medium, high, and critical based on vulnerability's severity level.\nDefault is false.\n", + "in": "query", + "name": "normalizedSeverity", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters results by issue type.\n", + "in": "query", + "name": "issueType", + "schema": { + "description": "IssueType is used to filter scan results by issue type", + "enum": [ + [ + "vulnerabilities", + "compliance", + "" + ] + ], + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_string" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Tas-Droplets" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages" + }, + "operationId": "get-tas-droplets-addresses", + "summary": "TAS Cloud Controller Addresses" + } + }, + "/api/v33.03/tas-droplets/download": { + "get": { + "description": { + "$ref": "desc/tas-droplets/download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Retrieves a list of cloud function IDs.\n", + "in": "query", + "name": "id", + "schema": { + "description": "Retrieves a list of cloud function IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Retrieves a list of cloud controller addresses that contains the cloud functions.\n", + "in": "query", + "name": "cloudControllerAddresses", + "schema": { + "description": "Retrieves a list of cloud controller addresses that contains the cloud functions.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud runtimes.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Filters the result based on cloud runtimes.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud function's versions.\n", + "in": "query", + "name": "version", + "schema": { + "description": "Filters the result based on cloud function's versions.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on AWS Lambda Layers.\n", + "in": "query", + "name": "functionLayers", + "schema": { + "description": "Filters the result based on AWS Lambda Layers.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters result based on cloud functions that are connected and protected by a Defender.\n", + "in": "query", + "name": "defended", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters result based on compliance IDs.\n", + "in": "query", + "name": "complianceIDs", + "schema": { + "description": "Filters result based on compliance IDs.\n", + "items": { + "$ref": "#/components/schemas/int" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on applied compliance rule name.\n", + "in": "query", + "name": "complianceRuleName", + "schema": { + "type": "string" + } + }, + { + "description": "Filters result based on platforms (OS and architecture) such as Windows, Linux ARM x64, Linux x86, and so on.\n", + "in": "query", + "name": "platform", + "schema": { + "description": "Filters result based on platforms (OS and architecture) such as Windows, Linux ARM x64, Linux x86, and so on.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Retrieves the result in the normalized form of low, medium, high, and critical based on vulnerability's severity level.\nDefault is false.\n", + "in": "query", + "name": "normalizedSeverity", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters results by issue type.\n", + "in": "query", + "name": "issueType", + "schema": { + "description": "IssueType is used to filter scan results by issue type", + "enum": [ + [ + "vulnerabilities", + "compliance", + "" + ] + ], + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Tas-Droplets" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages" + }, + "operationId": "get-tas-droplets-download", + "summary": "Download TAS Droplets" + } + }, + "/api/v33.03/tas-droplets/progress": { + "get": { + "description": { + "$ref": "desc/tas-droplets/progress_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.Progress" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Tas-Droplets" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages" + }, + "operationId": "get-tas-droplets-progress", + "summary": "View TAS Droplets Scan Progress" + } + }, + "/api/v33.03/tas-droplets/scan": { + "post": { + "description": { + "$ref": "desc/tas-droplets/scan_post.md" + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Tas-Droplets" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages" + }, + "operationId": "post-tas-droplets-scan", + "summary": "Scan TAS Droplets" + } + }, + "/api/v33.03/tas-droplets/stop": { + "post": { + "description": { + "$ref": "desc/tas-droplets/stop_post.md" + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Tas-Droplets" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages" + }, + "operationId": "post-tas-droplets-stop", + "summary": "Stop TAS Droplets Ongoing Scan" + } + }, + "/api/v33.03/trust/data": { + "get": { + "description": { + "$ref": "desc/trust/data_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/trust.Data" + } + } + }, + "description": "Data holds the image trust data" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Trust" + ], + "x-prisma-cloud-target-env": { + "permission": "policyContainers" + }, + "operationId": "get-trust-data", + "summary": "Get Trusted Repository, Image, and Registry" + }, + "put": { + "description": { + "$ref": "desc/trust/data_put.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/trust.Data" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Trust" + ], + "x-prisma-cloud-target-env": { + "permission": "policyContainers" + }, + "operationId": "put-trust-data", + "summary": "Update Trusted Repository, Image, and Registry" + } + }, + "/api/v33.03/users": { + "get": { + "description": { + "$ref": "desc/users/get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/api.UserList" + } + } + }, + "description": "UserList represents a list of users" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Users" + ], + "x-prisma-cloud-target-env": { + "permission": "userManagement" + }, + "operationId": "get-users", + "summary": "Get Users" + } + }, + "/api/v33.03/util/arm64/twistcli": { + "get": { + "description": { + "$ref": "desc/util/twistcli_arm64_get.md" + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Util" + ], + "x-prisma-cloud-target-env": { + "permission": "downloads" + }, + "operationId": "get-util-arm64-twistcli", + "summary": "Download ARM64 twistcli for Linux OS" + } + }, + "/api/v33.03/util/osx/arm64/twistcli": { + "get": { + "description": { + "$ref": "desc/util/osx_twistcli_arm64_get.md" + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Util" + ], + "x-prisma-cloud-target-env": { + "permission": "downloads" + }, + "operationId": "get-util-osx-arm64-twistcli", + "summary": "Download ARM64 twistcli for MacOS" + } + }, + "/api/v33.03/util/osx/twistcli": { + "get": { + "description": { + "$ref": "desc/util/osx_twistcli_get.md" + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Util" + ], + "x-prisma-cloud-target-env": { + "permission": "downloads" + }, + "operationId": "get-util-osx-twistcli", + "summary": "Download twistcli for MacOS" + } + }, + "/api/v33.03/util/twistcli": { + "get": { + "description": { + "$ref": "desc/util/twistcli_get.md" + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Util" + ], + "x-prisma-cloud-target-env": { + "permission": "downloads" + }, + "operationId": "get-util-twistcli", + "summary": "Download twistcli for Linux OS" + } + }, + "/api/v33.03/util/windows/twistcli.exe": { + "get": { + "description": { + "$ref": "desc/util/windows_twistcli_get.md" + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Util" + ], + "x-prisma-cloud-target-env": { + "permission": "downloads" + }, + "operationId": "get-util-windows-twistcli.exe", + "summary": "Download twistcli for Microsoft Windows" + } + }, + "/api/v33.03/version": { + "get": { + "description": { + "$ref": "desc/version/get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/string" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Version" + ], + "x-prisma-cloud-target-env": { + "permission": "user" + }, + "operationId": "get-version", + "summary": "Get Prisma Cloud Compute Version" + } + }, + "/api/v33.03/vms": { + "get": { + "description": { + "$ref": "desc/vms/get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters the result based on VM IDs.\n", + "in": "query", + "name": "id", + "schema": { + "description": "Filters the result based on VM IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on image names.\n", + "in": "query", + "name": "name", + "schema": { + "description": "Filters the result based on image names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud credentials.\n", + "in": "query", + "name": "credential", + "schema": { + "description": "Filters the result based on cloud credentials.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on OS distribution names.\n", + "in": "query", + "name": "distro", + "schema": { + "description": "Filters the result based on OS distribution names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on release versions.\n", + "in": "query", + "name": "release", + "schema": { + "description": "Filters the result based on release versions.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud image types. Example: Use marketplace, managed, or gallery for Microsoft Azure.\n", + "in": "query", + "name": "imageType", + "schema": { + "description": "Filters the result based on cloud image types. Example: Use marketplace, managed, or gallery for Microsoft Azure.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on compliance IDs.\n", + "in": "query", + "name": "complianceIDs", + "schema": { + "description": "Filters the result based on compliance IDs.\n", + "items": { + "$ref": "#/components/schemas/int" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on applied compliance rule name.\n", + "in": "query", + "name": "complianceRuleName", + "schema": { + "type": "string" + } + }, + { + "description": "Retrieves the result in the normalized form of low, medium, high, and critical based on vulnerability's severity level.\nDefault is false.\n", + "in": "query", + "name": "normalizedSeverity", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters results by issue type.\n", + "in": "query", + "name": "issueType", + "schema": { + "description": "IssueType is used to filter scan results by issue type", + "enum": [ + [ + "vulnerabilities", + "compliance", + "" + ] + ], + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.ImageScanResult" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Vms" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorHosts" + }, + "operationId": "get-vms", + "summary": "Get VM Image Scan Results" + } + }, + "/api/v33.03/vms/download": { + "get": { + "description": { + "$ref": "desc/vms/download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters the result based on VM IDs.\n", + "in": "query", + "name": "id", + "schema": { + "description": "Filters the result based on VM IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on image names.\n", + "in": "query", + "name": "name", + "schema": { + "description": "Filters the result based on image names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud credentials.\n", + "in": "query", + "name": "credential", + "schema": { + "description": "Filters the result based on cloud credentials.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on OS distribution names.\n", + "in": "query", + "name": "distro", + "schema": { + "description": "Filters the result based on OS distribution names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on release versions.\n", + "in": "query", + "name": "release", + "schema": { + "description": "Filters the result based on release versions.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud image types. Example: Use marketplace, managed, or gallery for Microsoft Azure.\n", + "in": "query", + "name": "imageType", + "schema": { + "description": "Filters the result based on cloud image types. Example: Use marketplace, managed, or gallery for Microsoft Azure.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on compliance IDs.\n", + "in": "query", + "name": "complianceIDs", + "schema": { + "description": "Filters the result based on compliance IDs.\n", + "items": { + "$ref": "#/components/schemas/int" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on applied compliance rule name.\n", + "in": "query", + "name": "complianceRuleName", + "schema": { + "type": "string" + } + }, + { + "description": "Retrieves the result in the normalized form of low, medium, high, and critical based on vulnerability's severity level.\nDefault is false.\n", + "in": "query", + "name": "normalizedSeverity", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters results by issue type.\n", + "in": "query", + "name": "issueType", + "schema": { + "description": "IssueType is used to filter scan results by issue type", + "enum": [ + [ + "vulnerabilities", + "compliance", + "" + ] + ], + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Vms" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorHosts" + }, + "operationId": "get-vms-download", + "summary": "Download VM Image Scan Results" + } + }, + "/api/v33.03/vms/labels": { + "get": { + "description": { + "$ref": "desc/vms/labels_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters the result based on VM IDs.\n", + "in": "query", + "name": "id", + "schema": { + "description": "Filters the result based on VM IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on image names.\n", + "in": "query", + "name": "name", + "schema": { + "description": "Filters the result based on image names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud credentials.\n", + "in": "query", + "name": "credential", + "schema": { + "description": "Filters the result based on cloud credentials.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on OS distribution names.\n", + "in": "query", + "name": "distro", + "schema": { + "description": "Filters the result based on OS distribution names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on release versions.\n", + "in": "query", + "name": "release", + "schema": { + "description": "Filters the result based on release versions.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud image types. Example: Use marketplace, managed, or gallery for Microsoft Azure.\n", + "in": "query", + "name": "imageType", + "schema": { + "description": "Filters the result based on cloud image types. Example: Use marketplace, managed, or gallery for Microsoft Azure.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on compliance IDs.\n", + "in": "query", + "name": "complianceIDs", + "schema": { + "description": "Filters the result based on compliance IDs.\n", + "items": { + "$ref": "#/components/schemas/int" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on applied compliance rule name.\n", + "in": "query", + "name": "complianceRuleName", + "schema": { + "type": "string" + } + }, + { + "description": "Retrieves the result in the normalized form of low, medium, high, and critical based on vulnerability's severity level.\nDefault is false.\n", + "in": "query", + "name": "normalizedSeverity", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters results by issue type.\n", + "in": "query", + "name": "issueType", + "schema": { + "description": "IssueType is used to filter scan results by issue type", + "enum": [ + [ + "vulnerabilities", + "compliance", + "" + ] + ], + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_string" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Vms" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorHosts" + }, + "operationId": "get-vms-labels", + "summary": "Get VM Image Tags" + } + }, + "/api/v33.03/vms/names": { + "get": { + "description": { + "$ref": "desc/vms/names_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters the result based on VM IDs.\n", + "in": "query", + "name": "id", + "schema": { + "description": "Filters the result based on VM IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on image names.\n", + "in": "query", + "name": "name", + "schema": { + "description": "Filters the result based on image names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud credentials.\n", + "in": "query", + "name": "credential", + "schema": { + "description": "Filters the result based on cloud credentials.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on OS distribution names.\n", + "in": "query", + "name": "distro", + "schema": { + "description": "Filters the result based on OS distribution names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on release versions.\n", + "in": "query", + "name": "release", + "schema": { + "description": "Filters the result based on release versions.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud image types. Example: Use marketplace, managed, or gallery for Microsoft Azure.\n", + "in": "query", + "name": "imageType", + "schema": { + "description": "Filters the result based on cloud image types. Example: Use marketplace, managed, or gallery for Microsoft Azure.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on compliance IDs.\n", + "in": "query", + "name": "complianceIDs", + "schema": { + "description": "Filters the result based on compliance IDs.\n", + "items": { + "$ref": "#/components/schemas/int" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on applied compliance rule name.\n", + "in": "query", + "name": "complianceRuleName", + "schema": { + "type": "string" + } + }, + { + "description": "Retrieves the result in the normalized form of low, medium, high, and critical based on vulnerability's severity level.\nDefault is false.\n", + "in": "query", + "name": "normalizedSeverity", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters results by issue type.\n", + "in": "query", + "name": "issueType", + "schema": { + "description": "IssueType is used to filter scan results by issue type", + "enum": [ + [ + "vulnerabilities", + "compliance", + "" + ] + ], + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_string" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Vms" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorHosts" + }, + "operationId": "get-vms-names", + "summary": "Get VM Image Names" + } + }, + "/api/v33.03/vms/scan": { + "post": { + "description": { + "$ref": "desc/vms/scan_post.md" + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Vms" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorHosts" + }, + "operationId": "post-vms-scan", + "summary": "Start VM Image Scan" + } + }, + "/api/v33.03/vms/stop": { + "post": { + "description": { + "$ref": "desc/vms/stop_post.md" + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Vms" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorHosts" + }, + "operationId": "post-vms-stop", + "summary": "Stop VM Image Scan" + } + }, + "/api/v33.03/waas/openapi-scans": { + "post": { + "description": { + "$ref": "desc/waas/openapi-scans_post.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/waas.OpenAPIScan" + } + } + }, + "description": "OpenAPIScan represents the OpenAPI file scan" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Waas" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorWAAS" + }, + "operationId": "post-waas-openapi-scans", + "summary": "Scan OpenAPI Specification File for WAAS Observations" + } + } + }, + "tags": [ + { + "name": "Agentless", + "description": { + "$ref": "desc/agentless/agentless.md" + } + }, + { + "name": "Ais-Api" + }, + { + "name": "Alert-Profiles" + }, + { + "name": "Application-Control", + "description": { + "$ref": "desc/application-control/application-control.md" + } + }, + { + "name": "Audits", + "description": { + "$ref": "desc/audits/audits.md" + } + }, + { + "name": "Authenticate", + "description": { + "$ref": "desc/authenticate/authenticate.md" + } + }, + { + "name": "Authenticate-Client", + "description": { + "$ref": "desc/authenticate-client/authenticate-client.md" + } + }, + { + "name": "Backups" + }, + { + "name": "Bff" + }, + { + "name": "Ccs" + }, + { + "name": "Certs", + "description": { + "$ref": "desc/certs/certs.md" + } + }, + { + "name": "Cloud", + "description": { + "$ref": "desc/cloud/cloud.md" + } + }, + { + "name": "Cloud-Scan-Rules" + }, + { + "name": "Cloud-Security-Agent" + }, + { + "name": "Clustered-Db" + }, + { + "name": "Coderepos-Ci" + }, + { + "name": "Collections", + "description": { + "$ref": "desc/collections/collections.md" + } + }, + { + "name": "Config" + }, + { + "name": "Containers", + "description": { + "$ref": "desc/containers/containers.md" + } + }, + { + "name": "Credentials", + "description": { + "$ref": "desc/credentials/credentials.md" + } + }, + { + "name": "Current" + }, + { + "name": "Custom-Compliance", + "description": { + "$ref": "desc/custom-compliance/custom-compliance.md" + } + }, + { + "name": "Custom-Rules", + "description": { + "$ref": "desc/custom-rules/custom-rules.md" + } + }, + { + "name": "Cves" + }, + { + "name": "Defenders", + "description": { + "$ref": "desc/defenders/defenders.md" + } + }, + { + "name": "Deployment" + }, + { + "name": "Feeds", + "description": { + "$ref": "desc/feeds/feeds.md" + } + }, + { + "name": "Forensic" + }, + { + "name": "Groups", + "description": { + "$ref": "desc/groups/groups.md" + } + }, + { + "name": "Harbor" + }, + { + "name": "Hosts", + "description": { + "$ref": "desc/hosts/hosts.md" + } + }, + { + "name": "Images", + "description": { + "$ref": "desc/images/images.md" + } + }, + { + "name": "Kubernetes" + }, + { + "name": "Logout" + }, + { + "name": "Logs" + }, + { + "name": "Policies", + "description": { + "$ref": "desc/policies/policies.md" + } + }, + { + "name": "Profiles", + "description": { + "$ref": "desc/profiles/profiles.md" + } + }, + { + "name": "Projects" + }, + { + "name": "Radar" + }, + { + "name": "Rbac" + }, + { + "name": "Registry", + "description": { + "$ref": "desc/registry/registry.md" + } + }, + { + "name": "Registry-Count" + }, + { + "name": "Runtime" + }, + { + "name": "Sandbox", + "description": { + "$ref": "desc/sandbox/sandbox.md" + } + }, + { + "name": "Sbom", + "description": { + "$ref": "desc/sbom/sbom_intro.md" + } + }, + { + "name": "Scans", + "description": { + "$ref": "desc/scans/scans.md" + } + }, + { + "name": "Scripts" + }, + { + "name": "Security-Advisor" + }, + { + "name": "Serverless", + "description": { + "$ref": "desc/serverless/serverless.md" + } + }, + { + "name": "Settings", + "description": { + "$ref": "desc/settings/settings.md" + } + }, + { + "name": "Signup", + "description": { + "$ref": "desc/signup/signup.md" + } + }, + { + "name": "Static" + }, + { + "name": "Stats", + "description": { + "$ref": "desc/stats/stats.md" + } + }, + { + "name": "Statuses", + "description": { + "$ref": "desc/statuses/statuses.md" + } + }, + { + "description": "This API is an officially supported route", + "externalDocs": { + "url": "https://cdn.twistlock.com/docs/api/twistlock_api.html" + }, + "name": "Supported API" + }, + { + "name": "Tags", + "description": { + "$ref": "desc/tags/tags.md" + } + }, + { + "name": "Tas-Droplets" + }, + { + "name": "Trust", + "description": { + "$ref": "desc/trust/trust.md" + } + }, + { + "name": "Trusted-Images" + }, + { + "name": "Users", + "description": { + "$ref": "desc/users/users.md" + } + }, + { + "name": "Util", + "description": { + "$ref": "desc/util/util.md" + } + }, + { + "name": "Version", + "description": { + "$ref": "desc/version/version.md" + } + }, + { + "name": "Vms", + "description": { + "$ref": "desc/vms/vms.md" + } + }, + { + "name": "Waas" + }, + { + "name": "Xsoar-Alerts" + }, + { + "name": "_Ping", + "description": { + "$ref": "desc/_ping/_ping.md" + } + } + ], + "servers": [ + { + "url": "PATH_TO_CONSOLE" + } + ] +} \ No newline at end of file diff --git a/products/compute/api/33-02/access-api-self-hosted.md b/products/compute/api/33-02/access-api-self-hosted.md new file mode 100644 index 000000000..40445b655 --- /dev/null +++ b/products/compute/api/33-02/access-api-self-hosted.md @@ -0,0 +1,150 @@ +--- +id: access-api-self-hosted +title: Access the Prisma Cloud Compute Edition (PCCE) APIs +--- + +The Prisma Cloud Compute API is exposed on the host that runs Console on port 8083 (HTTPS). +The port is specified at install time in _twistlock.cfg_. + +All example commands specify a variable called `CONSOLE`, which represents the address for your Console. +The address for your Console depends on how you installed it. + +For Onebox installs, where you install Console on a stand-alone host, the value for `CONSOLE` is the IP address or DNS name of the host. +HTTPS access to Console is servered on port 8083, so the full address would be: + +```bash +CONSOLE = https://:8083 +``` + +For the default Kubernetes installation procedure, the Console service is exposed by a LoadBalancer, and so the address for `CONSOLE` is + +```bash +CONSLE = https://:8083 +``` + +Access to the API requires authentication. +You can either: + +- Retrieve a token, then pass the token in the Authorization field of all subsequent requests. +- Use Basic HTTP authentication for each request. + +:::note +The default install of Prisma Cloud Compute Edition uses self-signed certificates. +By default, curl validates the server's certificate. +Because the certificate for the CA that signed the server's cert isn't in your CA store, curl can't validate the server's cert. + +You've got two options: + +- Pass the --insecure flag to curl. + With this flag, validation that the server is who it claims to be is bypassed. + The connection is still encrypted. + +- Configure Prisma Cloud Compute to use your own custom certs. + ::: + +## Accessing the API using Basic authentication + +The basic token is a Base64 encoded string of type username:password. + +1. Generate the Base64 encoding of your username and password. + Assume your username is api, and your password is api. + +```bash +$ echo -n "api:api" | openssl base64 +YXBpOmFwaQ== +``` + +2. To access any other endpoint, set the Authorization field of your HTTP header to Basic and add the encoded string. + For example, to get all your runtime container policies: + +```bash +$ curl --insecure \ + -H 'Authorization: Basic YWRtaW46YWRtaW4=' \ + "https:///api/v/policies/runtime/container +``` + +:::note +The curl command can handle basic auth for you with the `--user` option. +::: + +## Accessing the API using token authentication + +To access the API using a token: + +1. Retrieve a token from the [Authenticate](/prisma-cloud/api/cwpp/post-authenticate/) ![alt text](/icons/api-icon-pan-dev.svg) endpoint with your user credentials. + +By default, access tokens are valid for 30 minutes. You can set the validity period in Console under **Manage** > **Authentication** > **Logon**. + +You can also retrieve tokens using client certificates. + +```bash +$ curl \ + -H "Content-Type: application/json" \ + -d '{"username":"admin", "password":"admin"}' \ + "https:///api/v/authenticate" +{ + "token":"eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9..." +} +``` + +If you integrated Prisma Cloud Compute Console with Active Directory, and you're using the sAMAccountName _user identifier_, escape the backslash in the `DOMAIN\sAMAccountName` username value. +For example: + +```bash +$ curl \ + -H "Content-Type: application/json" \ + -d '{"username":"DOMAIN\\admin", "password":"admin"}' \ + "https:///api/v/authenticate" +{ + "token":"eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9..." +} +``` + +2. Call the Prisma Cloud Compute API, submitting the token in the Authorization field in the HTTP header of your request. + For example, test connection to the API using the [Get Runtime Container Policies](/compute/api/get-policies-runtime-container/) ![alt text](/icons/api-icon-pan-dev.svg) endpoint: + +```bash +$ curl --insecure \ + -H "Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9..." \ + "https:///api/v/policies/runtime/container" +``` + +## Accessing the API using a client certificate + +You can retrieve a token using client certificates issued by your public key infrastructure. + +**Prerequisites:** + +- You have configured Prisma Cloud Compute Console with your server certificate. + Go to **Manage > Authentication > Certificates > TLS certificate for Console**, and upload your certificate (cat the cert and private key into a single file). + +1. Install your client certificate on your local machine. + +2. Request a token using your client certificate. + +```bash +$ curl --insecure \ + -X POST \ + --cert cert.pem \ + "https:///api/v/authenticate-client" +{ + "token":"eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9..." +} +``` + +3. Call the Prisma Cloud Compute API, submitting the token in the Authorization field in the HTTP header of your request. + For example, to get all policies: + +```bash +$ curl --insecure \ + -H "Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9..." \ + "https:///api/v/policies/runtime/container" +``` + +## Accessing the API in a Multi-Tenant Environment + +Requests to the Prisma Cloud Compute API with Projects enabled will be made against all available tenants. To query for a specific tenant, include the `project=name` query parameter to restrict requests to the given tenant. (This does not apply to authentication endpoints.) + +:::note +This parameter is required if the authenticated user does not have access to all tenants. +::: diff --git a/products/compute/api/33-02/set-up-console.md b/products/compute/api/33-02/set-up-console.md new file mode 100644 index 000000000..f84b07761 --- /dev/null +++ b/products/compute/api/33-02/set-up-console.md @@ -0,0 +1,77 @@ +--- +id: set-up-console +title: Set Up Console +--- + +After first installing Prisma Cloud Compute console, you must create an initial admin user and set up your license. +The Prisma Cloud API provides endpoints to complete the set up of a freshly installed Console. + +:::note +This section pertains to the Prisma Cloud Compute Edition consoles only. +::: + +## Create your first admin user + +After Console is first installed, you must create the first admin user. +To do this, use the [Signup](/compute/api/post-signup/) ![alt text](/icons/api-icon-pan-dev.svg) endpoint. + +The following example curl command creates the initial admin user named butterbean. + +```bash +$ curl -k \ + -H 'Content-Type: application/json' \ + -X POST \ + -d '{"username": "butterbean", "password": ""}' \ + https://:8083/api/v1/signup +``` + +The signup process can only be executed once, whether from the Console UI or the API. +Calling this endpoint after the initial sign up has been completed results in a 400 error response. + +## Set up your license + +Console isn't functional until you provide your license key. +The Prisma Cloud API provides an endpoint for setting up your license. + +In this procedure, you access the Prisma Cloud API using an auth token. + +:::note +Prisma Cloud provides a single license that protects a specific number of nodes. +The number of nodes covered depends on your subscription. +You can use the same license to install multiple instances of Console. +There is need to get a new license when building out new environments with Prisma Cloud. + +For example, if you have licensed 100 nodes and you have deployed to 10 separate tenants, each with its own Console, use the same license key for each instance of Console. +::: + +1. Get an auth token from the [Authenticate](/prisma-cloud/api/cwpp/post-authenticate/) ![alt text](/icons/api-icon-pan-dev.svg) endpoint. + +```bash +$ curl -H "Content-Type: application/json" \ + -d '{"username":"admin", "password":"admin"}' \ + https://localhost:8083/api/vVERSION/authenticate +{ "token":"eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9..." } +``` + +2. Set environment variables for your auth token and license key. + +```bash +$ echo $LICENSE_KEY +{"key":"your license key here"} +``` + +```bash +$ echo $TOKEN +eyJ0eXAiOiJK... +``` + +3. Execute the command referencing these vars to set the license using the [License](/compute/api/post-settings-license/) ![alt text](/icons/api-icon-pan-dev.svg) endpoint. + +```bash +$ curl -H "Authorization: Bearer $TOKEN" \ + -H "Content-Type: application/json" \ + -d $LICENSE_KEY \ + https://localhost:8083/api/v/settings/license +``` + +The result should be 200 OK with an empty body "{}". diff --git a/products/compute/api/33-02/stable-endpoints.md b/products/compute/api/33-02/stable-endpoints.md new file mode 100644 index 000000000..6acb0882d --- /dev/null +++ b/products/compute/api/33-02/stable-endpoints.md @@ -0,0 +1,105 @@ +--- +id: stable-endpoints +title: Supported Endpoints +--- + +With every release, the Compute APIs are versioned to indicate the release number to which they correspond. +The version-specific APIs are supported for the subsequent two major releases. + +With API versioning, as your Console is upgraded to newer versions, you can continue to use older versioned APIs with stability and migrate to newer version APIs at your convenience within the N-2 support lifecycle. + +:memo: **Note:** Starting from release 33.00, Prisma Cloud does not restrict connections and REST API calls from the n-3 release as well. So the current release will allow Defenders and REST API calls from release 30.xx also. + +The deployment scripts and Twistcli that you download from Console, uses the APIs associated with the specific version of Console. + +### Previous API Versions of Prisma Cloud Compute Edition + +All minor or maintenance versions (xx) of 32.xx release have n-2 support for backward compatibility. The documentation for all the supported releases is available at: + +* [Prisma Cloud Compute Edition - 33.02](/compute/api/) +* [Prisma Cloud Compute Edition - 32.07](/compute/api/32-07/) +* [Prisma Cloud Compute Edition - 31.02](/compute/api/31-02/) + +## Versioning + +The Compute API is versioned as follows: + +`/api/vX/route` + +Where: + +- `v1` - Always points to the latest API. This represents a larger set of APIs. Only the following v1 endpoints are supported and documented: + - api/v1/certs/ca.pem, get + - api/v1/certs/server-certs.sh, get + - api/v1/cloud/discovery/entities, get + - api/v1/registry/webhook/webhook, delete + - api/v1/registry/webhook/webhook, post + - api/v1/signup, post + - api/v1/util/prisma-cloud-jenkins-plugin.hpi, get + - api/v1/util/tas-tile, get + +- `vVersion` - Points to a version-specific API, where `Version` specifies the major and minor parts of a release's version string. + +As a best practice, update your scripts to use the version-specific API endpoints to ensure that your implementation is fully supported. +For the version-specific APIs, you will have access to the API Reference and Release Notes documentation for changes or updates that may impact you. + +When using the version-specific endpoints, you will need to update your automation scripts approximately once a year to stay in sync with the product [Support lifecycle for connected components](https://docs.prismacloud.io/en/classic/compute-admin-guide/upgrade/support-lifecycle). If you are upgraded to Darwin, see [Support Lifecycle for Connected Components](https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/upgrade/support-lifecycle). + +Starting with version 30.xx, each maintenance release (like 30.01, 30.02, and so on) may contain new features and improvements. As a result, the URLs for the APIs will be updated to reflect the version. + +You can continue to use different .xx versions of the API for your automation requirements, as we’ll continue to support backward compatibility for two major releases, including minor (maintenance) release versions before the current one (n-2). For example, while on build 30.01, you can continue to use the API paths such as api/v30.00, api/v22.12, and api/v22.06 due to backward compatibility. + +Though we recommend you to update scripts to use the current or new API paths, you won't need to worry about making changes to your code immediately when a new major or minor (maintenance) release is announced. + +**Note**: If you have a mixed environment of different Defenders versions, then use the version of the API that matches the earliest version. + +If you use the /v1 APIs, Palo Alto Networks recommends that you consider revising your scripts to target the versioned API endpoints. +If you opt to continue using the v1 API endpoints, adhere to the following guidelines: + +- Review the list of v1 endpoints you are using and make sure the corresponding versioned endpoints are available. +- If you are using an API that is only in the /v1 category and does not have a corresponding versioned API, you must review your implementation and update your scripts to ensure that you do not experience a disruption. +- If you are using /v1 endpoints that are unsupported and not versioned, you can submit a feature request. + Your request to support the endpoint will be considered when planning the product roadmap for future releases. + +## Supported Endpoints + +The API Reference documentation includes the supported endpoints only. +You can download a copy of the OpenAPI spec file from the Prisma Cloud Compute Console. The spec file lists all available endpoints, including unsupported endpoints. +Use the supported endpoints to ensure stability. +As the unsupported endpoints are not documented for use, they are subject to change, deprecation, or removal without notice. + +In the OpenAPI spec file, supported endpoints are tagged as supported. +For example, the `POST /api/vX/authenticate` endpoint is tagged as follows: + +``` +"tags": [ + "Authenticate", + "Supported API" +] +``` + +## Supported Endpoint Categories + +Supported endpoints tend to fall into one of the following categories: + +- Reporting endpoints +- Config-as-code +- Deployment and config + +### Reporting Endpoints + +Reporting API calls are the ones used to download the health or scan data such as vulnerabilities/compliance/runtime. +Access to the underlying data in JSON and CSV formats allows customers to easily access and transform data into business intelligence in the forms that meet their needs. +The output may be human-readable reports or, in other cases, the reporting data may feed automated decisions and processes. + +These are mostly under the **Monitor** section in the Compute Console. + +### Config-as-Code + +Configuration as code is the formal migration of config between environments, backed by a version control system. +Customers who want to programmatically store and manage the configuration of infrastructure components can automate these components using the same approaches as production code and services. + +### Deployment and Config + +Deployment and config endpoints are essential to automate the installation of Console, Defenders, as well as any configuration that deals with integrations. +These are useful to those who base their management of environments on automation, using tools such as Ansible, Puppet, Terraform, etc to define desired configurations. diff --git a/products/compute/api/33-02/welcome-prisma-cloud-apis.md b/products/compute/api/33-02/welcome-prisma-cloud-apis.md new file mode 100644 index 000000000..7bcda5ee1 --- /dev/null +++ b/products/compute/api/33-02/welcome-prisma-cloud-apis.md @@ -0,0 +1,125 @@ +--- +id: compute-api-reference-home +title: Welcome to the Compute APIs +slug: /compute/api/33-02 +keywords: + - Developer + - Prisma + - Prisma Cloud + - Reference + - API +--- + +### About + +The Prisma Cloud Workload Protection REST API lets you automate workflows and integrate with external systems. +Use the API to: + +- Set up, configure, reconfigure, and deploy Prisma Cloud Compute components to secure your hosts, containers, and serverless functions against vulnerabilities, malware, and compliance violations. +- Extract the security data that Prisma Cloud Compute has collected about your environment and send it to your monitoring, alerting, and reporting systems. + +### How to find your version + +To find the the version of Prisma Cloud Workload Protection that you're running: + +1. Log into your Prisma Cloud Compute console. + +2. Click the bell icon in the top right of the page. + + The drop-down shows the currently running version: + + ![Console screenshot](/img/compute-version.png) + +### cURL Examples + +All the cURL examples in these documents specify a `` variable, which represents the address for Console. +The Console address will depend on how Console was installed. + +The Prisma Cloud Compute API is exposed on port `8083` (HTTPS). +This port is specified at install time in `twistlock.cfg`. + +- **(Default) Kubernetes installations:** Console service is exposed by a LoadBalancer. + + The value for `` is the LoadBalancer followed by port `8083`: + + ```bash + $ https://:8083 + ``` + +- **Onebox installations:** Console installed on a stand-alone host. + + The value for `` is the IP address or DNS name of the host followed by port `8083`: + + ```bash + $ https://:8083 + ``` + +The cURL example for each endpoint is called with a username (`-u `) only. +The cURL command can be modified to use any of the following: + +- **Authentication Token:** Use the `-H` option to pass the authentication token from the [Authenticate](/prisma-cloud/api/cwpp/post-authenticate/) ![alt text](/icons/api-icon-pan-dev.svg) endpoint into the request header. + +For example, replace `` with the token from the [Authenticate](/prisma-cloud/api/cwpp/post-authenticate/) ![alt text](/icons/api-icon-pan-dev.svg) endpoint. + +```bash +$ curl -k \ +-H 'Authorization: Bearer ' \ +-X POST \ +https:///api/vVERSION/ +``` + +- **Username and Password:** Use the `-u` and `-p` options to include the username and password, eliminating the need to enter a password in a secondary step. + +For example, replace `` with the username string and `` with the password string. + +```bash +$ curl -k \ +-u \ +-p \ +-X POST \ +https:///api/vVERSION/ +``` + +- **Username Only:** This will require the user's password to be entered as a secondary step. + +For example, replace `` with the username string. + +```bash +$ curl -k \ +-u \ +-X POST \ +https:///api/vVERSION/ +``` + +**Note:** This is a more secure method than including the `-p` option since your terminal history won't contain the password. + +### Paginated Responses + +Paginated API requests are capped to a max of 250 returned objects because very large responses could DoS Console. The default value is 50 objects per page. + +If the response contains more than 250 objects, cycle through the collection with the `offset` query parameter to retrieve more objects. + +For example: + +```bash +$ https:///api/v/images?limit=250&offset=X +``` + +### API Rate Limits + +Rate limiting is applied to some endpoints. The documentation for each such endpoint has details of the rate limits enforced on it. For example, [Get Container Scan Results](https://pan.dev/prisma-cloud/api/cwpp/get-containers/). + +### View parameter descriptions + +The parameter descriptions are available for each endpoint. The body or query (wherever applicable) parameters are listed after the endpoint description. +The response parameters are hidden under the label `Response` 200. + +Click `>` to view hidden parameters. + +#### View API endpoint parameters + +![Expand Body Parameters](/img/expandingbodyparameters.gif) + +#### View API endpoint response parameters + +![Expand Response Parameters](/img/expandingresponse.gif) diff --git a/products/compute/sidebars.ts b/products/compute/sidebars.ts index 5785111cb..69d39039c 100644 --- a/products/compute/sidebars.ts +++ b/products/compute/sidebars.ts @@ -15,7 +15,7 @@ module.exports = { { type: "html", defaultStyle: true, - value: versionCrumb(`33-02`), + value: versionCrumb(`33-03`), }, "compute/api/compute-api-reference-home", "compute/api/access-api-self-hosted", @@ -115,4 +115,18 @@ module.exports = { ], }, ], + compute_3302: [ + { + type: "category", + label: "Prisma Cloud Compute Edition - 33.00", + collapsed: true, + items: [ + "compute/api/33-02/compute-api-reference-home", + "compute/api/33-02/access-api-self-hosted", + "compute/api/33-02/set-up-console", + "compute/api/33-02/stable-endpoints", + require("./api/33-02/sidebar"), + ], + }, + ], }; From c335c1cef481d0841714b070cfc9a3bd92812e66 Mon Sep 17 00:00:00 2001 From: smitapaloalto <156162707+smitapaloalto@users.noreply.github.com> Date: Wed, 8 Jan 2025 16:01:50 +0530 Subject: [PATCH 10/14] Update stable-endpoints.md Signed-off-by: smitapaloalto <156162707+smitapaloalto@users.noreply.github.com> --- products/compute/api/stable-endpoints.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/products/compute/api/stable-endpoints.md b/products/compute/api/stable-endpoints.md index 6acb0882d..eae49a84f 100644 --- a/products/compute/api/stable-endpoints.md +++ b/products/compute/api/stable-endpoints.md @@ -16,7 +16,7 @@ The deployment scripts and Twistcli that you download from Console, uses the API All minor or maintenance versions (xx) of 32.xx release have n-2 support for backward compatibility. The documentation for all the supported releases is available at: -* [Prisma Cloud Compute Edition - 33.02](/compute/api/) +* [Prisma Cloud Compute Edition - 33.03](/compute/api/) * [Prisma Cloud Compute Edition - 32.07](/compute/api/32-07/) * [Prisma Cloud Compute Edition - 31.02](/compute/api/31-02/) From 80a6fe8b96e53e6093fa04e5333e82d9067272a3 Mon Sep 17 00:00:00 2001 From: sra Date: Wed, 8 Jan 2025 21:21:05 +0530 Subject: [PATCH 11/14] DOCS-7072 staging the changes --- openapi-specs/sase/sspm/SSPMconsolidated.yaml | 43 ++++++++++--------- 1 file changed, 22 insertions(+), 21 deletions(-) diff --git a/openapi-specs/sase/sspm/SSPMconsolidated.yaml b/openapi-specs/sase/sspm/SSPMconsolidated.yaml index 4a0c530f8..9b18d5eba 100644 --- a/openapi-specs/sase/sspm/SSPMconsolidated.yaml +++ b/openapi-specs/sase/sspm/SSPMconsolidated.yaml @@ -683,15 +683,16 @@ info: contact: email: support@paloaltonetworks.com description: "This Open API spec file represents the APIs available for [Palo Alto\ - \ Networks SSPM](https://docs.paloaltonetworks.com/NEED-URL) APIs. \nSaaS Security\ - \ Posture Management (SSPM) APIs provide tools for continuous monitoring, detection\ - \ of misconfigured SaaS application settings.\nThese APIs use the common SASE\ - \ authentication mechanism and base URL. \nSee the [Prisma SASE API Get Started](https://pan.dev/sase/docs/getstarted)\ - \ guide for more information.\n\nThis Open API spec file was created on January\ - \ 06, 2025. To check for a more recent version of this file, see\n[SaaS Security\ - \ Posture Management APIs on pan.dev](https://pan.dev/sase/api/sspm/sspm-api.html).\n\ - \n\xA9 2024 Palo Alto Networks, Inc. Palo Alto Networks is a registered trademark\ - \ of Palo\nAlto Networks. A list of our trademarks can be found at\n\n[https://www.paloaltonetworks.com/company/trademarks.html](https://www.paloaltonetworks.com/company/trademarks.html)\n\ + \ Networks SSPM](https://docs.paloaltonetworks.com/saas-security/saas-security-admin/saas-security-sspm).\ + \ \nSaaS Security Posture Management (SSPM) APIs provide tools for continuous\ + \ monitoring, detection of misconfigured SaaS application settings.\nThese APIs\ + \ use the common SASE authentication mechanism and base URL. \nSee the [Prisma\ + \ SASE API Get Started](https://pan.dev/sase/docs/getstarted) guide for more information.\n\ + \nThis Open API spec file was created on January 08, 2025. To check for a more\ + \ recent version of this file, see\n[SaaS Security Posture Management APIs on\ + \ pan.dev](https://pan.dev/sase/api/sspm/).\n\n\xA9 2024 Palo Alto Networks, Inc.\ + \ Palo Alto Networks is a registered trademark of Palo\nAlto Networks. A list\ + \ of our trademarks can be found at\n\n[https://www.paloaltonetworks.com/company/trademarks.html](https://www.paloaltonetworks.com/company/trademarks.html)\n\ \nAll other marks mentioned herein may be trademarks of their respective companies.\n" title: SaaS Security Posture Management APIs version: '1.0' @@ -867,7 +868,7 @@ paths: description: Successful operation security: - Bearer: [] - summary: Catalog of supported SSPM apps + summary: Catalog of supported SSPM applications tags: - Catalog Information /sspm/api/v1/catalog/apps/{app}: @@ -977,9 +978,9 @@ paths: summary: Compliance profile mappings tags: - Catalog Information - /sspm/api/v1/integration/integrations/{integration_id}/{integration_type}/issue/{key}: + /sspm/api/v1/integration/integrations/:integration_id/JIRA_TICKETING/issue/{key}: get: - operationId: get-sspm-api-v1-integration-integrations-integration_id-integration_type-issue-key + operationId: get-sspm-api-v1-integration-integrations-:integration_id-jira_ticketing-issue-key parameters: - description: integration ID example: 65dcec42a2f1d37173e6294c @@ -1013,12 +1014,12 @@ paths: description: Jira-ticketing integration not registered. security: - Bearer: [] - summary: Fetch onboarded JIRA ticketing issue details by key. + summary: JIRA ticket issue details tags: - JIRA - /sspm/api/v1/integration/integrations/{integration_id}/{integration_type}/project/{key}: + /sspm/api/v1/integration/integrations/:integration_id/JIRA_TICKETING/project/{key}: get: - operationId: get-sspm-api-v1-integration-integrations-integration_id-integration_type-project-key + operationId: get-sspm-api-v1-integration-integrations-:integration_id-jira_ticketing-project-key parameters: - description: integration ID example: 65dcec42a2f1d37173e6294c @@ -1052,14 +1053,14 @@ paths: description: The Jira-ticketing integration is not registered. security: - Bearer: [] - summary: Fetch onboarded JIRA ticketing project details by key. + summary: Project information using issue key tags: - JIRA - /sspm/api/v1/integration/integrations/{integration_id}/{integration_type}/projects: + /sspm/api/v1/integration/integrations/:integration_id/JIRA_TICKETING/projects: get: - operationId: get-sspm-api-v1-integration-integrations-integration_id-integration_type-projects + operationId: get-sspm-api-v1-integration-integrations-:integration_id-jira_ticketing-projects parameters: - - description: integration id + - description: Integration ID example: 65dcec42a2f1d37173e6294c in: path name: integration_id @@ -1084,11 +1085,11 @@ paths: description: The Jira-ticketing integration is not registered. security: - Bearer: [] - summary: Fetch onboarded JIRA ticketing project list. + summary: List JIRA Projects tags: - JIRA servers: -- url: https://api.sase.paloaltonetworks.com +- url: https://api.strata.paloaltonetworks.com tags: - description: 'Get registered application From 5b1253c1e554dba314cb1850f43657bbb424b01e Mon Sep 17 00:00:00 2001 From: sra Date: Wed, 8 Jan 2025 21:46:52 +0530 Subject: [PATCH 12/14] DOCS-7072 staging the changes made. --- openapi-specs/sase/sspm/consolidated.yaml | 1105 +++++++++++++++++++++ 1 file changed, 1105 insertions(+) create mode 100644 openapi-specs/sase/sspm/consolidated.yaml diff --git a/openapi-specs/sase/sspm/consolidated.yaml b/openapi-specs/sase/sspm/consolidated.yaml new file mode 100644 index 000000000..9b18d5eba --- /dev/null +++ b/openapi-specs/sase/sspm/consolidated.yaml @@ -0,0 +1,1105 @@ +components: + schemas: + Application: + description: 'Represents a registered SSPM application with its properties and + status. + + ' + properties: + app_id: + description: Unique identifier for the application. + type: string + app_settings: + additionalProperties: + type: string + description: Custom settings for the application as key-value pairs. + type: object + changed_at: + description: Timestamp of the last change to the application. + format: date-time + type: string + changed_by: + description: Identifier of the user who last modified the application. + type: string + configs: + additionalProperties: + type: string + description: Configuration settings for the application as key-value pairs. + type: object + created_at: + description: Timestamp of when the application was created. + format: date-time + type: string + created_by: + description: Identifier of the user who created the application. + type: string + fawkes_url: + description: URL associated with the Fawkes system for this application. + type: string + features_metadata: + additionalProperties: + additionalProperties: + type: string + type: object + description: Metadata for application features. + type: object + features_state: + additionalProperties: + $ref: '#/components/schemas/FeatureState' + description: Current state of application features. + type: object + health_status: + description: Current health status of the application. + enum: + - Up + - Unhealthy + - Down + - Unknown + - Scanning + type: string + instance_label: + description: Label indicating the type of instance. + enum: + - Default + - Production + - Sandbox + - Internal + - QA + - Dev + type: string + last_scanned_at: + description: Timestamp of the last scan performed on the application. + format: date-time + type: string + last_validated_at: + description: Timestamp of the last validation performed on the application. + format: date-time + type: string + missing_configs: + description: List of configuration items that are missing. + items: + type: string + type: array + name: + description: Display name of the application. + type: string + owner: + $ref: '#/components/schemas/User' + description: User who owns the application. + remediation_enabled: + description: Indicates if automated remediation is enabled for this application. + type: boolean + scan_interval_minutes: + description: Interval between scans in minutes. + format: int32 + type: integer + status: + description: Current operational status of the application. + enum: + - Registered + - Active + - Disabled + type: string + tenant: + description: Identifier for the tenant associated with this application. + type: string + tsg_id: + description: Identifier for the TSG associated with this application. + type: string + type: + description: Type of the application. + type: string + type: object + ApplicationAuthInfo: + description: 'Contains authentication information for an application, including + fields and SSO strategy. + + ' + properties: + fields: + description: List of authentication form elements. + items: + $ref: '#/components/schemas/AuthFormElement' + type: array + sso_fields: + description: List of SSO-specific fields. + items: + $ref: '#/components/schemas/SsoFields' + type: array + strategy: + description: Authentication strategy used by the application. + enum: + - REDIRECT_URL + - PROVIDED_CREDENTIALS + type: string + type: object + ApplicationPage: + description: 'Defines a paginated list of applications with metadata. + + ' + properties: + items: + description: List of application objects. + items: + type: object + type: array + limit: + description: Maximum number of items per page. + format: int32 + type: integer + next_path: + description: Path to retrieve the next page of results. + type: string + prev_path: + description: Path to retrieve the previous page of results. + type: string + total: + description: Total number of items across all pages. + format: int64 + type: integer + type: object + AuthFormElement: + description: 'Represents an element in an authentication form. + + ' + discriminator: + propertyName: kind + properties: + kind: + description: Type of form element (FIELD or DOC) + enum: + - FIELD + - DOC + type: string + type: object + CatalogApplication: + description: 'Describes an application in the SSPM catalog, including features + and metadata. + + ' + properties: + display_name: + description: Name of the application. + type: string + enabled: + description: Indicates if the application is enabled in the catalog. + type: boolean + features: + description: List of features supported by the application. + items: + enum: + - SCAN + - REMEDIATE + - RISKY_ACCOUNTS + - THIRD_PARTY_APPS + - THIRD_PARTY_APPS_USER_REVOKE + - IDENTITY + type: string + type: array + uniqueItems: true + features_metadata: + additionalProperties: + additionalProperties: + type: string + type: object + description: Additional metadata for application features. + type: object + lambda: + description: Indicates if the application is a lambda function. + type: boolean + name: + description: Unique identifier for the application in the catalog. + type: string + type: object + CatalogConfig: + description: 'Specifies a configuration setting in the application catalog with + its properties and remediation options. + + ' + properties: + __metadata: + additionalProperties: + type: object + description: Additional metadata for the configuration. + properties: + empty: + type: boolean + type: object + category: + description: Category of the configuration setting. + type: string + common_control: + description: Common control identifier associated with this configuration. + type: string + console_url: + description: URL to the console for managing this configuration. + type: string + description: + description: Detailed description of the configuration setting. + description_url: + description: URL to additional documentation for this configuration. + type: string + enabled: + description: Indicates if this configuration is enabled. + type: boolean + id: + description: Unique identifier for the configuration. + type: string + name: + description: Display name of the configuration. + type: string + native_category: + description: Original category in the native system. + type: string + native_name: + description: Original name in the native system. + type: string + operator: + $ref: '#/components/schemas/CatalogConfigOperator' + description: Operator used for comparing configuration values. + optional: + description: Indicates if this configuration is optional. + type: boolean + remediation: + $ref: '#/components/schemas/RemediationConfig' + description: Remediation steps and options for this configuration. + remediation_steps: + description: Detailed steps for remediating issues with this configuration. + type: string + severity: + description: Severity level of the configuration. + type: string + value: + $ref: '#/components/schemas/ConfigValue' + description: Expected or recommended value for the configuration. + type: object + CatalogConfigOperator: + description: 'Defines an operator for comparing configuration values. + + ' + discriminator: + propertyName: operator + properties: + displayValue: + description: Representation of the operator. + type: string + operator: + description: Type of comparison operator. + enum: + - equal + - not_equal + - substring + - not_substring + - greater + - greater_or_equal + - less + - less_or_equal + - one_of + - not_one_of + - in_range + - not_in_range + type: string + valueType: + description: Data type of the values being compared. + enum: + - int + - double + - string + - bool + type: string + type: object + CommonControlProfiles: + description: 'Lists compliance profiles associated with a common control. + + ' + properties: + id: + description: Unique identifier for the common control. + type: string + name: + description: Display name of the common control. + type: string + profiles: + description: List of compliance profiles associated with this control. + items: + $ref: '#/components/schemas/ComplianceProfile' + type: array + type: object + ComplianceCategory: + description: 'Represents a category of compliance controls. + + ' + properties: + controls: + description: List of compliance controls in this category. + items: + $ref: '#/components/schemas/ComplianceControl' + type: array + name: + description: Name of the compliance category. + type: string + type: object + ComplianceControl: + description: 'Defines a specific compliance control. + + ' + properties: + description: + description: Detailed description of the compliance control. + id: + description: Unique identifier for the compliance control. + type: string + type: object + ComplianceProfile: + description: 'Represents a compliance profile with categories and controls. + + ' + properties: + categories: + description: List of compliance categories in this profile. + items: + $ref: '#/components/schemas/ComplianceCategory' + type: array + id: + description: Unique identifier for the compliance profile. + type: string + name: + description: Display name of the compliance profile. + type: string + type: object + Config: + description: 'Represents a scanned configuration for an application, including + its status and related tickets. + + ' + properties: + app_id: + description: Identifier of the associated application. + type: string + category: + description: Category of the configuration. + type: string + common_control_id: + description: Identifier of the associated common control. + type: string + config_id: + description: Unique identifier for this configuration. + type: string + console_url: + description: URL to the console for managing this configuration. + type: string + current_value: + description: Current value of the configuration. + type: string + description: + description: Detailed description of the configuration. + descriptionUrl: + description: URL to additional documentation for this configuration. + type: string + id: + description: Unique identifier for this configuration instance. + type: string + locked: + description: Indicates if the configuration is locked. + type: boolean + locked_value: + description: Value of the configuration when locked. + type: string + monitored: + description: Indicates if the configuration is being monitored. + type: boolean + monitored_attestation: + description: Attestation for monitored configurations. + type: string + name: + description: Display name of the configuration. + type: string + operator: + description: Operator used for comparing configuration values. + type: string + operator_display_value: + description: Human-readable representation of the operator. + type: string + overridden: + description: Indicates if the configuration has been overridden. + type: boolean + overridden_value: + description: Value of the configuration when overridden. + type: string + recommended_value: + description: Recommended value for the configuration. + type: string + remediation_enabled: + description: Indicates if automated remediation is enabled for this configuration. + type: boolean + remediation_steps: + description: Steps for remediating issues with this configuration. + type: string + status: + description: Current status of the configuration. + type: string + subcategory: + description: Subcategory of the configuration. + type: string + tenant: + description: Identifier of the associated tenant. + type: string + tickets: + description: List of tickets related to this configuration. + items: + $ref: '#/components/schemas/Ticket' + type: array + type: object + ConfigValue: + description: 'Defines the value and type for a configuration setting. + + ' + properties: + choices: + description: Available choices for the configuration value. + type: string + default_value: + description: Default value for the configuration. + type: string + type: + description: Data type of the configuration value. + type: string + type: object + FeatureState: + description: 'Indicates the current state of an application feature, including + scan status and timestamps. + + ' + properties: + last_scanned_at: + description: Timestamp of the last scan for this feature. + format: date-time + type: string + status: + description: Current status of the feature. + enum: + - UNKNOWN + - OK + - UNHEALTHY + - AUTH_REQUIRED + - SCANNING + type: string + status_details: + description: Additional details about the feature's status. + type: string + updated_at: + description: Timestamp of the last update to the feature state. + format: date-time + type: string + type: object + JiraIdentity: + description: 'Represents a user identity in Jira. + + ' + properties: + accountId: + description: Unique identifier for the Jira account. + type: string + displayName: + description: Display name of the Jira user. + type: string + type: object + JiraIssueFields: + description: 'Contains fields for a Jira issue. + + ' + properties: + assignee: + $ref: '#/components/schemas/JiraIdentity' + description: User assigned to the Jira issue. + reporter: + $ref: '#/components/schemas/JiraIdentity' + description: User who reported the Jira issue. + status: + $ref: '#/components/schemas/Status' + description: Current status of the Jira issue. + type: object + JiraIssueResponse: + description: 'Contains details of a Jira issue, including fields like assignee, + reporter, and status. + + ' + properties: + fields: + $ref: '#/components/schemas/JiraIssueFields' + description: Fields of the Jira issue. + type: object + JiraIssueType: + description: 'Represents a type of issue in Jira. + + ' + properties: + id: + description: Unique identifier for the issue type. + type: string + name: + description: Name of the issue type. + type: string + type: object + JiraProjectDetailResponse: + description: 'Provides information about a Jira project, including available + issue types. + + ' + properties: + issueTypes: + description: List of issue types available in the Jira project. + items: + $ref: '#/components/schemas/JiraIssueType' + type: array + type: object + RemediationConfig: + description: 'Defines remediation configuration for a setting. + + ' + properties: + auto_fix: + description: Indicates if automatic fixing is enabled. + type: boolean + guide_footer: + description: Footer text for the remediation guide. + type: string + guide_header: + description: Header text for the remediation guide. + type: string + guide_steps: + description: Step-by-step instructions for remediation. + items: + type: string + type: array + remediation_value: + description: Value to be set during remediation. + type: string + type: object + ScopeConfig: + description: 'Defines a plugin scope configuration for an application. + + ' + properties: + description: + description: Detailed description of the scope configuration. + enabled: + description: Indicates if this scope is enabled. + type: boolean + id: + description: Unique identifier for the scope configuration. + type: string + name: + description: Display name of the scope configuration. + type: string + native_name: + description: Original name in the native system. + type: string + severity: + description: Severity level of the scope configuration. + type: string + type: object + SsoFields: + properties: + fields: + items: + $ref: '#/components/schemas/AuthFormElement' + type: array + sso_provider: + enum: + - NONE + - OKTA + - AZURE + - GOOGLE + type: string + required: + - fields + - sso_provider + type: object + Status: + description: 'Represents the status of an item. + + ' + properties: + name: + description: Name of the status. + type: string + type: object + Ticket: + description: 'Represents a ticket associated with a configuration or issue. + + ' + properties: + createdAt: + description: Timestamp when the ticket was created. + format: date-time + type: string + integrationId: + description: Identifier of the integration associated with this ticket. + type: string + summary: + description: Brief summary of the ticket. + type: string + tenant: + description: Identifier of the tenant associated with this ticket. + type: string + ticketKey: + description: Unique key for the ticket. + type: string + ticketUrl: + description: URL to view the ticket. + type: string + type: + description: Type of ticketing system used. + enum: + - JIRA_TICKETING + - SNOW_TICKETING + type: string + type: object + User: + description: 'Represents a user in the system with basic identification information. + + ' + properties: + email: + description: Email address of the user. + type: string + full_name: + description: Full name of the user. + type: string + user_id: + description: Unique identifier for the user. + type: string + required: + - email + - full_name + - user_id + type: object + securitySchemes: + Bearer: + scheme: bearer + type: http +info: + contact: + email: support@paloaltonetworks.com + description: "This Open API spec file represents the APIs available for [Palo Alto\ + \ Networks SSPM](https://docs.paloaltonetworks.com/saas-security/saas-security-admin/saas-security-sspm).\ + \ \nSaaS Security Posture Management (SSPM) APIs provide tools for continuous\ + \ monitoring, detection of misconfigured SaaS application settings.\nThese APIs\ + \ use the common SASE authentication mechanism and base URL. \nSee the [Prisma\ + \ SASE API Get Started](https://pan.dev/sase/docs/getstarted) guide for more information.\n\ + \nThis Open API spec file was created on January 08, 2025. To check for a more\ + \ recent version of this file, see\n[SaaS Security Posture Management APIs on\ + \ pan.dev](https://pan.dev/sase/api/sspm/).\n\n\xA9 2024 Palo Alto Networks, Inc.\ + \ Palo Alto Networks is a registered trademark of Palo\nAlto Networks. A list\ + \ of our trademarks can be found at\n\n[https://www.paloaltonetworks.com/company/trademarks.html](https://www.paloaltonetworks.com/company/trademarks.html)\n\ + \nAll other marks mentioned herein may be trademarks of their respective companies.\n" + title: SaaS Security Posture Management APIs + version: '1.0' +openapi: 3.0.1 +paths: + /sspm/api/v1/apps: + get: + description: 'Retrieve the list of onboarded SaaS applications. + + ' + operationId: get-sspm-api-v1-apps + parameters: + - description: List of filters + example: filter=type:office365 + in: query + name: filter + schema: + type: string + - description: 'defines sorting of the result.Format: FIELD_NAME:DIRECTION|FIELD_NAME:DIRECTION|... + .' + example: order_by=name:asc|type:desc + in: query + name: order_by + schema: + type: string + - description: applies page_token to get requested page of items + example: page_token=MSM2Iw== + in: query + name: page_token + schema: + type: string + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/ApplicationPage' + description: Successful operation + security: + - Bearer: [] + summary: Get registered application + tags: + - Registered Application + /sspm/api/v1/apps/{app_id}: + get: + description: 'Retrieve the basic details of the application by providing app + ID and tenant name. + + ' + operationId: get-sspm-api-v1-apps-app_id + parameters: + - description: application id + example: f1700e7b-e60f-4d5e-bfce-aba3543adf8e + in: path + name: app_id + required: true + schema: + type: string + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/Application' + description: Successful operation + '404': + description: Application not registered + security: + - Bearer: [] + summary: Application details + tags: + - Registered Application + /sspm/api/v1/apps/{app_id}/configs: + get: + description: 'Retrieve details on the application configuration by providing + app ID and tenant name. + + ' + operationId: get-sspm-api-v1-apps-app_id-configs + parameters: + - description: Application ID + example: f1700e7b-e60f-4d5e-bfce-aba3543adf8e + in: path + name: app_id + required: true + schema: + type: string + responses: + '200': + content: + application/json: + schema: + items: + $ref: '#/components/schemas/Config' + type: array + description: Successful operation + '404': + description: Application not registered + security: + - Bearer: [] + summary: Application configuration details + tags: + - Registered Application + /sspm/api/v1/apps/{app_id}/settings: + get: + description: "Retrieve details on the settings of the SaaS application by providing\ + \ app ID and tenant name. \n" + operationId: get-sspm-api-v1-apps-app_id-settings + parameters: + - description: Application ID + example: f1700e7b-e60f-4d5e-bfce-aba3543adf8e + in: path + name: app_id + required: true + schema: + type: string + responses: + '200': + content: + application/json: + schema: + items: + $ref: '#/components/schemas/Config' + type: array + description: Successful operation + '404': + description: Application not registered + security: + - Bearer: [] + summary: Application settings details + tags: + - Registered Application + /sspm/api/v1/auth/{app}/info: + get: + description: 'Retrieve details on the application authorization in the catalog. + + ' + operationId: get-sspm-api-v1-auth-app-info + parameters: + - description: application type + example: office365 + in: path + name: app + required: true + schema: + type: string + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/ApplicationAuthInfo' + description: Successful operation + '404': + description: Application not registered + security: + - Bearer: [] + summary: Authorization information + tags: + - Authorization + /sspm/api/v1/catalog/apps: + get: + description: "Retrieve details on all the supported SSPM applications. \n" + operationId: get-sspm-api-v1-catalog-apps + responses: + '200': + content: + application/json: + schema: + items: + $ref: '#/components/schemas/CatalogApplication' + type: array + description: Successful operation + security: + - Bearer: [] + summary: Catalog of supported SSPM applications + tags: + - Catalog Information + /sspm/api/v1/catalog/apps/{app}: + get: + description: "Retrieve details on the catalog settings for the application by\ + \ providing application type. \n" + operationId: get-sspm-api-v1-catalog-apps-app + parameters: + - description: application name + example: servicenow + in: path + name: app + required: true + schema: + type: string + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/CatalogApplication' + description: Successful operation + security: + - Bearer: [] + summary: Catalog setting details + tags: + - Catalog Information + /sspm/api/v1/catalog/apps/{app}/configs: + get: + description: 'Retrieve details on the catalog configuration settings by providing + application type. + + ' + operationId: get-sspm-api-v1-catalog-apps-app-configs + parameters: + - description: application name + example: servicenow + in: path + name: app + required: true + schema: + type: string + responses: + '200': + content: + application/json: + schema: + items: + $ref: '#/components/schemas/CatalogConfig' + type: array + description: Successful operation + security: + - Bearer: [] + summary: Catalog configuration settings details + tags: + - Catalog Information + /sspm/api/v1/catalog/apps/{app}/scopes: + get: + description: "Retrieve plugin scope catalog for the application using application\ + \ type. \n" + operationId: get-sspm-api-v1-catalog-apps-app-scopes + parameters: + - description: Application Name + example: servicenow + in: path + name: app + required: true + schema: + type: string + responses: + '200': + content: + application/json: + schema: + items: + $ref: '#/components/schemas/ScopeConfig' + type: array + description: Successful operation + security: + - Bearer: [] + summary: Plugin scope catalog + tags: + - Catalog Information + /sspm/api/v1/catalog/controls/{common_control_id}: + get: + description: 'Retrieve a compliance profile mappings for common control ID. + + ' + operationId: get-sspm-api-v1-catalog-controls-common_control_id + parameters: + - description: Common Control ID + example: PAN-00000001 + in: path + name: common_control_id + required: true + schema: + type: string + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/CommonControlProfiles' + description: Successful operation + security: + - Bearer: [] + summary: Compliance profile mappings + tags: + - Catalog Information + /sspm/api/v1/integration/integrations/:integration_id/JIRA_TICKETING/issue/{key}: + get: + operationId: get-sspm-api-v1-integration-integrations-:integration_id-jira_ticketing-issue-key + parameters: + - description: integration ID + example: 65dcec42a2f1d37173e6294c + in: path + name: integration_id + required: true + schema: + type: string + - description: Integration type + example: JIRA_TICKETING + in: path + name: integration_type + required: true + schema: + type: string + - description: issue key + example: '10001' + in: path + name: key + required: true + schema: + type: string + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/JiraIssueResponse' + description: Successful operation + '404': + description: Jira-ticketing integration not registered. + security: + - Bearer: [] + summary: JIRA ticket issue details + tags: + - JIRA + /sspm/api/v1/integration/integrations/:integration_id/JIRA_TICKETING/project/{key}: + get: + operationId: get-sspm-api-v1-integration-integrations-:integration_id-jira_ticketing-project-key + parameters: + - description: integration ID + example: 65dcec42a2f1d37173e6294c + in: path + name: integration_id + required: true + schema: + type: string + - description: Integration type + example: JIRA_TICKETING + in: path + name: integration_type + required: true + schema: + type: string + - description: project key + example: TestProject + in: path + name: key + required: true + schema: + type: string + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/JiraProjectDetailResponse' + description: Successful operation + '404': + description: The Jira-ticketing integration is not registered. + security: + - Bearer: [] + summary: Project information using issue key + tags: + - JIRA + /sspm/api/v1/integration/integrations/:integration_id/JIRA_TICKETING/projects: + get: + operationId: get-sspm-api-v1-integration-integrations-:integration_id-jira_ticketing-projects + parameters: + - description: Integration ID + example: 65dcec42a2f1d37173e6294c + in: path + name: integration_id + required: true + schema: + type: string + - description: Integration type + example: JIRA_TICKETING + in: path + name: integration_type + required: true + schema: + type: string + responses: + '200': + content: + application/json: + schema: + type: object + description: Successful operation + '404': + description: The Jira-ticketing integration is not registered. + security: + - Bearer: [] + summary: List JIRA Projects + tags: + - JIRA +servers: +- url: https://api.strata.paloaltonetworks.com +tags: +- description: 'Get registered application + + ' + name: Registered Application +- description: "Get authorization details for the given application. \n" + name: Authorization information +- description: "Get catalog information for the application. \n" + name: Catalog Information +- description: 'Get JIRA issue details. + + ' + name: JIRA Issue From 20940e0563192a1b5684e4407e79879ac9889894 Mon Sep 17 00:00:00 2001 From: sra Date: Wed, 8 Jan 2025 22:14:30 +0530 Subject: [PATCH 13/14] DOCS-7072 Resolved the issue. Staging the changes --- openapi-specs/sase/sspm/SSPMconsolidated.yaml | 1105 ----------------- openapi-specs/sase/sspm/consolidated.yaml | 5 + 2 files changed, 5 insertions(+), 1105 deletions(-) delete mode 100644 openapi-specs/sase/sspm/SSPMconsolidated.yaml diff --git a/openapi-specs/sase/sspm/SSPMconsolidated.yaml b/openapi-specs/sase/sspm/SSPMconsolidated.yaml deleted file mode 100644 index 9b18d5eba..000000000 --- a/openapi-specs/sase/sspm/SSPMconsolidated.yaml +++ /dev/null @@ -1,1105 +0,0 @@ -components: - schemas: - Application: - description: 'Represents a registered SSPM application with its properties and - status. - - ' - properties: - app_id: - description: Unique identifier for the application. - type: string - app_settings: - additionalProperties: - type: string - description: Custom settings for the application as key-value pairs. - type: object - changed_at: - description: Timestamp of the last change to the application. - format: date-time - type: string - changed_by: - description: Identifier of the user who last modified the application. - type: string - configs: - additionalProperties: - type: string - description: Configuration settings for the application as key-value pairs. - type: object - created_at: - description: Timestamp of when the application was created. - format: date-time - type: string - created_by: - description: Identifier of the user who created the application. - type: string - fawkes_url: - description: URL associated with the Fawkes system for this application. - type: string - features_metadata: - additionalProperties: - additionalProperties: - type: string - type: object - description: Metadata for application features. - type: object - features_state: - additionalProperties: - $ref: '#/components/schemas/FeatureState' - description: Current state of application features. - type: object - health_status: - description: Current health status of the application. - enum: - - Up - - Unhealthy - - Down - - Unknown - - Scanning - type: string - instance_label: - description: Label indicating the type of instance. - enum: - - Default - - Production - - Sandbox - - Internal - - QA - - Dev - type: string - last_scanned_at: - description: Timestamp of the last scan performed on the application. - format: date-time - type: string - last_validated_at: - description: Timestamp of the last validation performed on the application. - format: date-time - type: string - missing_configs: - description: List of configuration items that are missing. - items: - type: string - type: array - name: - description: Display name of the application. - type: string - owner: - $ref: '#/components/schemas/User' - description: User who owns the application. - remediation_enabled: - description: Indicates if automated remediation is enabled for this application. - type: boolean - scan_interval_minutes: - description: Interval between scans in minutes. - format: int32 - type: integer - status: - description: Current operational status of the application. - enum: - - Registered - - Active - - Disabled - type: string - tenant: - description: Identifier for the tenant associated with this application. - type: string - tsg_id: - description: Identifier for the TSG associated with this application. - type: string - type: - description: Type of the application. - type: string - type: object - ApplicationAuthInfo: - description: 'Contains authentication information for an application, including - fields and SSO strategy. - - ' - properties: - fields: - description: List of authentication form elements. - items: - $ref: '#/components/schemas/AuthFormElement' - type: array - sso_fields: - description: List of SSO-specific fields. - items: - $ref: '#/components/schemas/SsoFields' - type: array - strategy: - description: Authentication strategy used by the application. - enum: - - REDIRECT_URL - - PROVIDED_CREDENTIALS - type: string - type: object - ApplicationPage: - description: 'Defines a paginated list of applications with metadata. - - ' - properties: - items: - description: List of application objects. - items: - type: object - type: array - limit: - description: Maximum number of items per page. - format: int32 - type: integer - next_path: - description: Path to retrieve the next page of results. - type: string - prev_path: - description: Path to retrieve the previous page of results. - type: string - total: - description: Total number of items across all pages. - format: int64 - type: integer - type: object - AuthFormElement: - description: 'Represents an element in an authentication form. - - ' - discriminator: - propertyName: kind - properties: - kind: - description: Type of form element (FIELD or DOC) - enum: - - FIELD - - DOC - type: string - type: object - CatalogApplication: - description: 'Describes an application in the SSPM catalog, including features - and metadata. - - ' - properties: - display_name: - description: Name of the application. - type: string - enabled: - description: Indicates if the application is enabled in the catalog. - type: boolean - features: - description: List of features supported by the application. - items: - enum: - - SCAN - - REMEDIATE - - RISKY_ACCOUNTS - - THIRD_PARTY_APPS - - THIRD_PARTY_APPS_USER_REVOKE - - IDENTITY - type: string - type: array - uniqueItems: true - features_metadata: - additionalProperties: - additionalProperties: - type: string - type: object - description: Additional metadata for application features. - type: object - lambda: - description: Indicates if the application is a lambda function. - type: boolean - name: - description: Unique identifier for the application in the catalog. - type: string - type: object - CatalogConfig: - description: 'Specifies a configuration setting in the application catalog with - its properties and remediation options. - - ' - properties: - __metadata: - additionalProperties: - type: object - description: Additional metadata for the configuration. - properties: - empty: - type: boolean - type: object - category: - description: Category of the configuration setting. - type: string - common_control: - description: Common control identifier associated with this configuration. - type: string - console_url: - description: URL to the console for managing this configuration. - type: string - description: - description: Detailed description of the configuration setting. - description_url: - description: URL to additional documentation for this configuration. - type: string - enabled: - description: Indicates if this configuration is enabled. - type: boolean - id: - description: Unique identifier for the configuration. - type: string - name: - description: Display name of the configuration. - type: string - native_category: - description: Original category in the native system. - type: string - native_name: - description: Original name in the native system. - type: string - operator: - $ref: '#/components/schemas/CatalogConfigOperator' - description: Operator used for comparing configuration values. - optional: - description: Indicates if this configuration is optional. - type: boolean - remediation: - $ref: '#/components/schemas/RemediationConfig' - description: Remediation steps and options for this configuration. - remediation_steps: - description: Detailed steps for remediating issues with this configuration. - type: string - severity: - description: Severity level of the configuration. - type: string - value: - $ref: '#/components/schemas/ConfigValue' - description: Expected or recommended value for the configuration. - type: object - CatalogConfigOperator: - description: 'Defines an operator for comparing configuration values. - - ' - discriminator: - propertyName: operator - properties: - displayValue: - description: Representation of the operator. - type: string - operator: - description: Type of comparison operator. - enum: - - equal - - not_equal - - substring - - not_substring - - greater - - greater_or_equal - - less - - less_or_equal - - one_of - - not_one_of - - in_range - - not_in_range - type: string - valueType: - description: Data type of the values being compared. - enum: - - int - - double - - string - - bool - type: string - type: object - CommonControlProfiles: - description: 'Lists compliance profiles associated with a common control. - - ' - properties: - id: - description: Unique identifier for the common control. - type: string - name: - description: Display name of the common control. - type: string - profiles: - description: List of compliance profiles associated with this control. - items: - $ref: '#/components/schemas/ComplianceProfile' - type: array - type: object - ComplianceCategory: - description: 'Represents a category of compliance controls. - - ' - properties: - controls: - description: List of compliance controls in this category. - items: - $ref: '#/components/schemas/ComplianceControl' - type: array - name: - description: Name of the compliance category. - type: string - type: object - ComplianceControl: - description: 'Defines a specific compliance control. - - ' - properties: - description: - description: Detailed description of the compliance control. - id: - description: Unique identifier for the compliance control. - type: string - type: object - ComplianceProfile: - description: 'Represents a compliance profile with categories and controls. - - ' - properties: - categories: - description: List of compliance categories in this profile. - items: - $ref: '#/components/schemas/ComplianceCategory' - type: array - id: - description: Unique identifier for the compliance profile. - type: string - name: - description: Display name of the compliance profile. - type: string - type: object - Config: - description: 'Represents a scanned configuration for an application, including - its status and related tickets. - - ' - properties: - app_id: - description: Identifier of the associated application. - type: string - category: - description: Category of the configuration. - type: string - common_control_id: - description: Identifier of the associated common control. - type: string - config_id: - description: Unique identifier for this configuration. - type: string - console_url: - description: URL to the console for managing this configuration. - type: string - current_value: - description: Current value of the configuration. - type: string - description: - description: Detailed description of the configuration. - descriptionUrl: - description: URL to additional documentation for this configuration. - type: string - id: - description: Unique identifier for this configuration instance. - type: string - locked: - description: Indicates if the configuration is locked. - type: boolean - locked_value: - description: Value of the configuration when locked. - type: string - monitored: - description: Indicates if the configuration is being monitored. - type: boolean - monitored_attestation: - description: Attestation for monitored configurations. - type: string - name: - description: Display name of the configuration. - type: string - operator: - description: Operator used for comparing configuration values. - type: string - operator_display_value: - description: Human-readable representation of the operator. - type: string - overridden: - description: Indicates if the configuration has been overridden. - type: boolean - overridden_value: - description: Value of the configuration when overridden. - type: string - recommended_value: - description: Recommended value for the configuration. - type: string - remediation_enabled: - description: Indicates if automated remediation is enabled for this configuration. - type: boolean - remediation_steps: - description: Steps for remediating issues with this configuration. - type: string - status: - description: Current status of the configuration. - type: string - subcategory: - description: Subcategory of the configuration. - type: string - tenant: - description: Identifier of the associated tenant. - type: string - tickets: - description: List of tickets related to this configuration. - items: - $ref: '#/components/schemas/Ticket' - type: array - type: object - ConfigValue: - description: 'Defines the value and type for a configuration setting. - - ' - properties: - choices: - description: Available choices for the configuration value. - type: string - default_value: - description: Default value for the configuration. - type: string - type: - description: Data type of the configuration value. - type: string - type: object - FeatureState: - description: 'Indicates the current state of an application feature, including - scan status and timestamps. - - ' - properties: - last_scanned_at: - description: Timestamp of the last scan for this feature. - format: date-time - type: string - status: - description: Current status of the feature. - enum: - - UNKNOWN - - OK - - UNHEALTHY - - AUTH_REQUIRED - - SCANNING - type: string - status_details: - description: Additional details about the feature's status. - type: string - updated_at: - description: Timestamp of the last update to the feature state. - format: date-time - type: string - type: object - JiraIdentity: - description: 'Represents a user identity in Jira. - - ' - properties: - accountId: - description: Unique identifier for the Jira account. - type: string - displayName: - description: Display name of the Jira user. - type: string - type: object - JiraIssueFields: - description: 'Contains fields for a Jira issue. - - ' - properties: - assignee: - $ref: '#/components/schemas/JiraIdentity' - description: User assigned to the Jira issue. - reporter: - $ref: '#/components/schemas/JiraIdentity' - description: User who reported the Jira issue. - status: - $ref: '#/components/schemas/Status' - description: Current status of the Jira issue. - type: object - JiraIssueResponse: - description: 'Contains details of a Jira issue, including fields like assignee, - reporter, and status. - - ' - properties: - fields: - $ref: '#/components/schemas/JiraIssueFields' - description: Fields of the Jira issue. - type: object - JiraIssueType: - description: 'Represents a type of issue in Jira. - - ' - properties: - id: - description: Unique identifier for the issue type. - type: string - name: - description: Name of the issue type. - type: string - type: object - JiraProjectDetailResponse: - description: 'Provides information about a Jira project, including available - issue types. - - ' - properties: - issueTypes: - description: List of issue types available in the Jira project. - items: - $ref: '#/components/schemas/JiraIssueType' - type: array - type: object - RemediationConfig: - description: 'Defines remediation configuration for a setting. - - ' - properties: - auto_fix: - description: Indicates if automatic fixing is enabled. - type: boolean - guide_footer: - description: Footer text for the remediation guide. - type: string - guide_header: - description: Header text for the remediation guide. - type: string - guide_steps: - description: Step-by-step instructions for remediation. - items: - type: string - type: array - remediation_value: - description: Value to be set during remediation. - type: string - type: object - ScopeConfig: - description: 'Defines a plugin scope configuration for an application. - - ' - properties: - description: - description: Detailed description of the scope configuration. - enabled: - description: Indicates if this scope is enabled. - type: boolean - id: - description: Unique identifier for the scope configuration. - type: string - name: - description: Display name of the scope configuration. - type: string - native_name: - description: Original name in the native system. - type: string - severity: - description: Severity level of the scope configuration. - type: string - type: object - SsoFields: - properties: - fields: - items: - $ref: '#/components/schemas/AuthFormElement' - type: array - sso_provider: - enum: - - NONE - - OKTA - - AZURE - - GOOGLE - type: string - required: - - fields - - sso_provider - type: object - Status: - description: 'Represents the status of an item. - - ' - properties: - name: - description: Name of the status. - type: string - type: object - Ticket: - description: 'Represents a ticket associated with a configuration or issue. - - ' - properties: - createdAt: - description: Timestamp when the ticket was created. - format: date-time - type: string - integrationId: - description: Identifier of the integration associated with this ticket. - type: string - summary: - description: Brief summary of the ticket. - type: string - tenant: - description: Identifier of the tenant associated with this ticket. - type: string - ticketKey: - description: Unique key for the ticket. - type: string - ticketUrl: - description: URL to view the ticket. - type: string - type: - description: Type of ticketing system used. - enum: - - JIRA_TICKETING - - SNOW_TICKETING - type: string - type: object - User: - description: 'Represents a user in the system with basic identification information. - - ' - properties: - email: - description: Email address of the user. - type: string - full_name: - description: Full name of the user. - type: string - user_id: - description: Unique identifier for the user. - type: string - required: - - email - - full_name - - user_id - type: object - securitySchemes: - Bearer: - scheme: bearer - type: http -info: - contact: - email: support@paloaltonetworks.com - description: "This Open API spec file represents the APIs available for [Palo Alto\ - \ Networks SSPM](https://docs.paloaltonetworks.com/saas-security/saas-security-admin/saas-security-sspm).\ - \ \nSaaS Security Posture Management (SSPM) APIs provide tools for continuous\ - \ monitoring, detection of misconfigured SaaS application settings.\nThese APIs\ - \ use the common SASE authentication mechanism and base URL. \nSee the [Prisma\ - \ SASE API Get Started](https://pan.dev/sase/docs/getstarted) guide for more information.\n\ - \nThis Open API spec file was created on January 08, 2025. To check for a more\ - \ recent version of this file, see\n[SaaS Security Posture Management APIs on\ - \ pan.dev](https://pan.dev/sase/api/sspm/).\n\n\xA9 2024 Palo Alto Networks, Inc.\ - \ Palo Alto Networks is a registered trademark of Palo\nAlto Networks. A list\ - \ of our trademarks can be found at\n\n[https://www.paloaltonetworks.com/company/trademarks.html](https://www.paloaltonetworks.com/company/trademarks.html)\n\ - \nAll other marks mentioned herein may be trademarks of their respective companies.\n" - title: SaaS Security Posture Management APIs - version: '1.0' -openapi: 3.0.1 -paths: - /sspm/api/v1/apps: - get: - description: 'Retrieve the list of onboarded SaaS applications. - - ' - operationId: get-sspm-api-v1-apps - parameters: - - description: List of filters - example: filter=type:office365 - in: query - name: filter - schema: - type: string - - description: 'defines sorting of the result.Format: FIELD_NAME:DIRECTION|FIELD_NAME:DIRECTION|... - .' - example: order_by=name:asc|type:desc - in: query - name: order_by - schema: - type: string - - description: applies page_token to get requested page of items - example: page_token=MSM2Iw== - in: query - name: page_token - schema: - type: string - responses: - '200': - content: - application/json: - schema: - $ref: '#/components/schemas/ApplicationPage' - description: Successful operation - security: - - Bearer: [] - summary: Get registered application - tags: - - Registered Application - /sspm/api/v1/apps/{app_id}: - get: - description: 'Retrieve the basic details of the application by providing app - ID and tenant name. - - ' - operationId: get-sspm-api-v1-apps-app_id - parameters: - - description: application id - example: f1700e7b-e60f-4d5e-bfce-aba3543adf8e - in: path - name: app_id - required: true - schema: - type: string - responses: - '200': - content: - application/json: - schema: - $ref: '#/components/schemas/Application' - description: Successful operation - '404': - description: Application not registered - security: - - Bearer: [] - summary: Application details - tags: - - Registered Application - /sspm/api/v1/apps/{app_id}/configs: - get: - description: 'Retrieve details on the application configuration by providing - app ID and tenant name. - - ' - operationId: get-sspm-api-v1-apps-app_id-configs - parameters: - - description: Application ID - example: f1700e7b-e60f-4d5e-bfce-aba3543adf8e - in: path - name: app_id - required: true - schema: - type: string - responses: - '200': - content: - application/json: - schema: - items: - $ref: '#/components/schemas/Config' - type: array - description: Successful operation - '404': - description: Application not registered - security: - - Bearer: [] - summary: Application configuration details - tags: - - Registered Application - /sspm/api/v1/apps/{app_id}/settings: - get: - description: "Retrieve details on the settings of the SaaS application by providing\ - \ app ID and tenant name. \n" - operationId: get-sspm-api-v1-apps-app_id-settings - parameters: - - description: Application ID - example: f1700e7b-e60f-4d5e-bfce-aba3543adf8e - in: path - name: app_id - required: true - schema: - type: string - responses: - '200': - content: - application/json: - schema: - items: - $ref: '#/components/schemas/Config' - type: array - description: Successful operation - '404': - description: Application not registered - security: - - Bearer: [] - summary: Application settings details - tags: - - Registered Application - /sspm/api/v1/auth/{app}/info: - get: - description: 'Retrieve details on the application authorization in the catalog. - - ' - operationId: get-sspm-api-v1-auth-app-info - parameters: - - description: application type - example: office365 - in: path - name: app - required: true - schema: - type: string - responses: - '200': - content: - application/json: - schema: - $ref: '#/components/schemas/ApplicationAuthInfo' - description: Successful operation - '404': - description: Application not registered - security: - - Bearer: [] - summary: Authorization information - tags: - - Authorization - /sspm/api/v1/catalog/apps: - get: - description: "Retrieve details on all the supported SSPM applications. \n" - operationId: get-sspm-api-v1-catalog-apps - responses: - '200': - content: - application/json: - schema: - items: - $ref: '#/components/schemas/CatalogApplication' - type: array - description: Successful operation - security: - - Bearer: [] - summary: Catalog of supported SSPM applications - tags: - - Catalog Information - /sspm/api/v1/catalog/apps/{app}: - get: - description: "Retrieve details on the catalog settings for the application by\ - \ providing application type. \n" - operationId: get-sspm-api-v1-catalog-apps-app - parameters: - - description: application name - example: servicenow - in: path - name: app - required: true - schema: - type: string - responses: - '200': - content: - application/json: - schema: - $ref: '#/components/schemas/CatalogApplication' - description: Successful operation - security: - - Bearer: [] - summary: Catalog setting details - tags: - - Catalog Information - /sspm/api/v1/catalog/apps/{app}/configs: - get: - description: 'Retrieve details on the catalog configuration settings by providing - application type. - - ' - operationId: get-sspm-api-v1-catalog-apps-app-configs - parameters: - - description: application name - example: servicenow - in: path - name: app - required: true - schema: - type: string - responses: - '200': - content: - application/json: - schema: - items: - $ref: '#/components/schemas/CatalogConfig' - type: array - description: Successful operation - security: - - Bearer: [] - summary: Catalog configuration settings details - tags: - - Catalog Information - /sspm/api/v1/catalog/apps/{app}/scopes: - get: - description: "Retrieve plugin scope catalog for the application using application\ - \ type. \n" - operationId: get-sspm-api-v1-catalog-apps-app-scopes - parameters: - - description: Application Name - example: servicenow - in: path - name: app - required: true - schema: - type: string - responses: - '200': - content: - application/json: - schema: - items: - $ref: '#/components/schemas/ScopeConfig' - type: array - description: Successful operation - security: - - Bearer: [] - summary: Plugin scope catalog - tags: - - Catalog Information - /sspm/api/v1/catalog/controls/{common_control_id}: - get: - description: 'Retrieve a compliance profile mappings for common control ID. - - ' - operationId: get-sspm-api-v1-catalog-controls-common_control_id - parameters: - - description: Common Control ID - example: PAN-00000001 - in: path - name: common_control_id - required: true - schema: - type: string - responses: - '200': - content: - application/json: - schema: - $ref: '#/components/schemas/CommonControlProfiles' - description: Successful operation - security: - - Bearer: [] - summary: Compliance profile mappings - tags: - - Catalog Information - /sspm/api/v1/integration/integrations/:integration_id/JIRA_TICKETING/issue/{key}: - get: - operationId: get-sspm-api-v1-integration-integrations-:integration_id-jira_ticketing-issue-key - parameters: - - description: integration ID - example: 65dcec42a2f1d37173e6294c - in: path - name: integration_id - required: true - schema: - type: string - - description: Integration type - example: JIRA_TICKETING - in: path - name: integration_type - required: true - schema: - type: string - - description: issue key - example: '10001' - in: path - name: key - required: true - schema: - type: string - responses: - '200': - content: - application/json: - schema: - $ref: '#/components/schemas/JiraIssueResponse' - description: Successful operation - '404': - description: Jira-ticketing integration not registered. - security: - - Bearer: [] - summary: JIRA ticket issue details - tags: - - JIRA - /sspm/api/v1/integration/integrations/:integration_id/JIRA_TICKETING/project/{key}: - get: - operationId: get-sspm-api-v1-integration-integrations-:integration_id-jira_ticketing-project-key - parameters: - - description: integration ID - example: 65dcec42a2f1d37173e6294c - in: path - name: integration_id - required: true - schema: - type: string - - description: Integration type - example: JIRA_TICKETING - in: path - name: integration_type - required: true - schema: - type: string - - description: project key - example: TestProject - in: path - name: key - required: true - schema: - type: string - responses: - '200': - content: - application/json: - schema: - $ref: '#/components/schemas/JiraProjectDetailResponse' - description: Successful operation - '404': - description: The Jira-ticketing integration is not registered. - security: - - Bearer: [] - summary: Project information using issue key - tags: - - JIRA - /sspm/api/v1/integration/integrations/:integration_id/JIRA_TICKETING/projects: - get: - operationId: get-sspm-api-v1-integration-integrations-:integration_id-jira_ticketing-projects - parameters: - - description: Integration ID - example: 65dcec42a2f1d37173e6294c - in: path - name: integration_id - required: true - schema: - type: string - - description: Integration type - example: JIRA_TICKETING - in: path - name: integration_type - required: true - schema: - type: string - responses: - '200': - content: - application/json: - schema: - type: object - description: Successful operation - '404': - description: The Jira-ticketing integration is not registered. - security: - - Bearer: [] - summary: List JIRA Projects - tags: - - JIRA -servers: -- url: https://api.strata.paloaltonetworks.com -tags: -- description: 'Get registered application - - ' - name: Registered Application -- description: "Get authorization details for the given application. \n" - name: Authorization information -- description: "Get catalog information for the application. \n" - name: Catalog Information -- description: 'Get JIRA issue details. - - ' - name: JIRA Issue diff --git a/openapi-specs/sase/sspm/consolidated.yaml b/openapi-specs/sase/sspm/consolidated.yaml index 9b18d5eba..116046926 100644 --- a/openapi-specs/sase/sspm/consolidated.yaml +++ b/openapi-specs/sase/sspm/consolidated.yaml @@ -980,6 +980,8 @@ paths: - Catalog Information /sspm/api/v1/integration/integrations/:integration_id/JIRA_TICKETING/issue/{key}: get: + description: Retrieve detailed information about a specific issue using the + issue key. operationId: get-sspm-api-v1-integration-integrations-:integration_id-jira_ticketing-issue-key parameters: - description: integration ID @@ -1019,6 +1021,8 @@ paths: - JIRA /sspm/api/v1/integration/integrations/:integration_id/JIRA_TICKETING/project/{key}: get: + description: Retrieve detailed information about a project. The response includes + issue keys that you can use in the next step. operationId: get-sspm-api-v1-integration-integrations-:integration_id-jira_ticketing-project-key parameters: - description: integration ID @@ -1058,6 +1062,7 @@ paths: - JIRA /sspm/api/v1/integration/integrations/:integration_id/JIRA_TICKETING/projects: get: + description: Retrieve a list of JIRA tickets. operationId: get-sspm-api-v1-integration-integrations-:integration_id-jira_ticketing-projects parameters: - description: Integration ID From 1ee6957eaa31e549fa7c514b2a6b1102d5fc818e Mon Sep 17 00:00:00 2001 From: sra Date: Thu, 9 Jan 2025 00:00:14 +0530 Subject: [PATCH 14/14] DOCS-7072 changes base URL in workflow --- products/sase/api/sspm/sspm-api-workflow.md | 24 ++++++++++----------- 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/products/sase/api/sspm/sspm-api-workflow.md b/products/sase/api/sspm/sspm-api-workflow.md index c84019187..01013c52c 100644 --- a/products/sase/api/sspm/sspm-api-workflow.md +++ b/products/sase/api/sspm/sspm-api-workflow.md @@ -21,7 +21,7 @@ Use the [List of Applications](/sase/api/sspm/get-sspm-api-v-1-apps/) API to fet #### Request Example ```bash -curl -L 'https://api.sase.paloaltonetworks.com/sspm/api/v1/apps' \ +curl -L 'https://api.strata.paloaltonetworks.com/sspm/api/v1/apps' \ -H 'Accept: application/json' \ -H 'Authorization: Bearer ' ``` @@ -34,7 +34,7 @@ Use the [Application Details](/sase/api/sspm/get-sspm-api-v-1-apps-app-id/) API #### Request Example ```bash -curl -L 'https://api.sase.paloaltonetworks.com/sspm/api/v1/apps/:app_id' \ +curl -L 'https://api.strata.paloaltonetworks.com/sspm/api/v1/apps/:app_id' \ -H 'Accept: application/json' \ -H 'Authorization: Bearer ' ``` @@ -44,7 +44,7 @@ Call [Application Configuration](/sase/api/sspm/get-sspm-api-v-1-apps-app-id-con #### Request Example ```bash -curl -L 'https://api.sase.paloaltonetworks.com/sspm/api/v1/apps/:app_id/configs' \ +curl -L 'https://api.strata.paloaltonetworks.com/sspm/api/v1/apps/:app_id/configs' \ -H 'Accept: application/json' \ -H 'Authorization: Bearer ' ``` @@ -54,7 +54,7 @@ Use the [Application Settings](/sase/api/sspm/get-sspm-api-v-1-apps-app-id-setti #### Request Example ```bash -curl -L 'https://api.sase.paloaltonetworks.com/sspm/api/v1/apps/:app_id/settings' \ +curl -L 'https://api.strata.paloaltonetworks.com/sspm/api/v1/apps/:app_id/settings' \ -H 'Accept: application/json' \ -H 'Authorization: Bearer ' ``` @@ -64,7 +64,7 @@ Use the [Supported SSPM Application Catalog](/sase/api/sspm/get-sspm-api-v-1-cat #### Request Example ```bash -curl -L 'https://api.sase.paloaltonetworks.com/sspm/api/v1/catalog/apps' \ +curl -L 'https://api.strata.paloaltonetworks.com/sspm/api/v1/catalog/apps' \ -H 'Accept: application/json' \ -H 'Authorization: Bearer ' ``` @@ -74,7 +74,7 @@ Retrieve detailed information about a specific app using the app name. #### Request Example ```bash -curl -L 'https://api.sase.paloaltonetworks.com/sspm/api/v1/catalog/apps/:app' \ +curl -L 'https://api.strata.paloaltonetworks.com/sspm/api/v1/catalog/apps/:app' \ -H 'Accept: application/json' \ -H 'Authorization: Bearer ' ``` @@ -84,7 +84,7 @@ Call the [Configuration Details](/sase/api/sspm/get-sspm-api-v-1-catalog-apps-ap #### Request Example ```bash -curl -L 'https://api.sase.paloaltonetworks.com/sspm/api/v1/catalog/apps/:app/configs' \ +curl -L 'https://api.strata.paloaltonetworks.com/sspm/api/v1/catalog/apps/:app/configs' \ -H 'Accept: application/json' \ -H 'Authorization: Bearer ' ``` @@ -94,7 +94,7 @@ Use the [Application Catalog Scope](/sase/api/sspm/get-sspm-api-v-1-catalog-apps #### Request Example ```bash -curl -L 'https://api.sase.paloaltonetworks.com/sspm/api/v1/catalog/apps/:app/scopes' \ +curl -L 'https://api.strata.paloaltonetworks.com/sspm/api/v1/catalog/apps/:app/scopes' \ -H 'Accept: application/json' \ -H 'Authorization: Bearer ' ``` @@ -104,7 +104,7 @@ Call [Application Authorization](/sase/api/sspm/get-sspm-api-v-1-auth-app-info/) #### Request Example ```bash -curl -L 'https://api.sase.paloaltonetworks.com/sspm/api/v1/auth/:app/info' \ +curl -L 'https://api.strata.paloaltonetworks.com/sspm/api/v1/auth/:app/info' \ -H 'Accept: application/json' \ -H 'Authorization: Bearer ' ``` @@ -121,7 +121,7 @@ Call [JIRA Ticket Details](/sase/api/sspm/get-sspm-api-v-1-integration-integrati #### Request Example ```bash -curl -L 'https://api.sase.paloaltonetworks.com/sspm/api/v1/integration/integrations/:integration_id/:integration_type/projects' \ +curl -L 'https://api.strata.paloaltonetworks.com/sspm/api/v1/integration/integrations/:integration_id/:JIRA_TICKETING/projects' \ -H 'Accept: application/json' \ -H 'Authorization: Bearer ' ``` @@ -131,7 +131,7 @@ Use [Specific Project Details](/sase/api/sspm/get-sspm-api-v-1-integration-integ #### Request Example ```bash -curl -L 'https://api.sase.paloaltonetworks.com/sspm/api/v1/integration/integrations/:integration_id/:integration_type/project/:key' \ +curl -L 'https://api.strata.paloaltonetworks.com/sspm/api/v1/integration/integrations/:integration_id/:JIRA_TICKETING/project/:key' \ -H 'Accept: application/json' \ -H 'Authorization: Bearer ' ``` @@ -141,6 +141,6 @@ Call [Specific Issue Details](/sase/api/sspm/get-sspm-api-v-1-integration-integr #### Request Example ```bash -curl -L 'https://api.sase.paloaltonetworks.com/sspm/api/v1/integration/integrations/:integration_id/:integration_type/issue/:key' \ +curl -L 'https://api.strata.paloaltonetworks.com/sspm/api/v1/integration/integrations/:integration_id/:JIRA_TICKETING/issue/:key' \ -H 'Accept: application/json' \ -H 'Authorization: Bearer '

1*KEl&lj!3}$kiBQq z%h7~zo#{NldMaqT-CH9uLSV=#Kg92fzE)^lX2Veg`E5Z~JJgo?LsN(Jg(6uqRQ8$~dnXco-h(+!5@h#RiWfAr45FW#-eqj@XnW?4BzV7Io9uA7B z3R6$&wV8ZF3hr~@i(rR^e;$C#2jwUq2HErClnQp8H`X~s1AHUL*29%{m&yeuB=mKr ztlDh$pE^A6V^H`uM1+ZgA2Nn|!z9-w{CG@F;kzB53>*h1AoJ0paP`e~1Wz2#t=2Y5 z2=eS!;PFZ-_^s6pS|7Cnmv!dQ>r2s1`Q=6u5whX0#y{1-) zXv?JfkBvb#^Jqz#lwF}-gUhLuzAAK;DVc9t!f2?r?FEFstG>7FXhlmnN<(7GuMIJ0 zAEr4U>?gQrdCxrr49kQ9-^(|tuLE6VrdGL==7@PwcydWF3QJo$d+YXyOiviryFBQ= zjRKlBunn?l<^c5#_}TtztjeQ)6Goeu5h@3{Y~A6-rPW6I+gkT$=SGrm{+ z9O-9mZtX3~P-Q;84UBqP^0DOZsP)ZT&V&hDpW%148;WEuWSM5UW&MZ+#wi-3Cp)vp<(R$Hb$b8bj_md@xHP-}Xi0#f z1c=&oh;1Wu^)*t0O5xtAtjdpLexQ?wM$WJ*J0pGv2_THdeG!%tnr*%ZxhSmZLVW1f zV&ty#6qgr@y*MQN9YQD7xI?kZ+(0R#_(p3S#RWE5#Y>vs0W)S>nYlJ>7#7K>bUZ*m z#fgr&c6zmY{rJWWG1mm^X6tM1k$My;Ls{S45{p6&s4`)Z`7K-oO51Pt4%ZBfC5zhg zbj~wnDgx}j#Ia{O^0}+H(q#7BR|j$s2r zHUN+CG|Hlz%BLu2=bWj4JH#46&BL_q7k;eW*kl?=jB~d1|16|jIbFUS1_1DTC4ap> zXw($K)%H*~g(SkRCO609*g zqEYSoobu`hF-U@Fh&s-6L2_)WtWb2g?Ugy=j+W$O6h zAhTJmoCyyJ-CuUb%_zFT-p7C4EK9TAC#d$(6Hj%`2cNBRpAf3Ko@*zF@IXZpwxFmrtz)Z&{kcEDOZcuXn@{{o{?2+gZqYNce z&MGD6tg`mD-Z;ZkzVcv($uV>zDCOB8v1Z&ZI(cp}QzLe==u%<`KHHYru*4J!p-kvw zJ)0d?E<3i?Q?`1kGZRL%y#i&mS;yLX{B{AG3YHjh6iHl)>@s+gvZ|te-g7j9#*7WMn-4Ir}S{_qjIhfZ{##=CcLkJhPQFX~tSX+u>jZO2^uKA_3TIsEE{ z-X4*hNO4#w6(}~xsj&Kh8H_xnPv6{^vWkvtP0#Zo2L4?1ZnYnwok*TOcpxaLC&?RB z_=N1MK1V`C?^qZ-ajZr4RRZ)JEPFTy1?wq{L!;YOmv1H{ zU{!@i{fnKwLbil>OpxeNF3nR3qtLH&L`%y9LB|VWUN5c2I>u8RRxobK-QJ+lu*`Xr z&cn+YM82_$^d@DY$`KFQYAXX$VuEG0<@EHf^NMB7#>?H({ zaS2ObrTWy`S^K=fVfF=*;@95wo77$y~m5%P3`lC9V`uMv65@xOTqNh|a_9iR>xezwa-#L* zx#0PD1^2@(!+ES=Io?*OF-XP;X_P^#r8zJZ=hp8m3d)1u;3Ypcwx_a-nQ*XO`15@V zlD>byYhDqQdQBm8xHo!OP$uU?fX>1MBKO+1e}?Z{B6|jTVK?YOh^()B;b`$jC6y?iPeGkq5_^ukOe?Tx=qoiPWew@5fOI)Cf=)lwnlglKxi9rI^0uU~ z*F0*>W(Zi>uL}rpzYNtX1L+W+;+6+8`NxM=A~)BB37r=Mt4+moJCn2VLs#mq)etUP z*`0k>-!iQQ^(#%>ow83+#t~oDy9`uSVz3i}bK?vNZBf09Sl^G84KY&T#9KJ|p|6l% zUJyZKb8KlFw_lo|b+3NWg~Nhnh-R9Roe%9$9pS#f%ic%MKL#DrtJ+3}BR2B$5dCx7 zlhcCFvPFhxGL2?rCXXIo#v{!wM@1vs>%S8p_K`$+2>Vrh|oAiP6y!6;suH2;b*vWyLj3xc{n`Tos%%eDnY^=q zSuAV5c7f3A{L1R>I5A0R=j-7wZv#3V^52n?`|~&w4mu|DQen=E@xIcsikfC9IcIUX zX1XjCZe_1na=qia;?Mas^JM1v~kjk3=-iJ8{@SEem*>GrzqxAxALKsJLb z-S8fmg9YOqStpc((SFxKPmiNHP6X|vU&MZezF_|qH;D3P}>qgfWB$t>)e5RyH*eL&8&Su4-BYAAT3`2@R@QrlyJ!isK6 zp1yK31mLkL_f3ZQS!lhH%X(xtar5y#78?Ewq=milkrMJ~XwK@7mvRg|j&Tdg6I+XP zMAK18g8a1Er13bm$nuDFY^C!~nU$AXw_C3|+VO`K|Kim0qQ4832$-t%>8xD&haQbC zL9@zU8hFd&T_bu&E16BkSa(w{rBQgiA=+G=&RKt;iSsB#O3jaeR^ocXm1%o^rewl3 zXUAo3v8fuL0X3~%65A2oGhq&QcmGz_r-!4k2Jv%Ut5CM(RVbJHE^Tu&J+8 zV2<>=QxfwkcG7TieAmLsxw{2Z$0;y-&{_dJ=gvq?xA4$P_^U=a{-H+iSzF|Ny24#N z`buG_#z?Lzvh_8j#->Z5b?@N~h_fk=dlj*^YTgR_7InL#yxwTYTM_4XK@*)BaK0Qe z{S8-lDm@@=Kh`v_6*RM2w!DX<%?bv-2UI_CR-0%_N7ET> zEzT2avl`}s1%M^5X}J-JIX|7)5v3M5h1LaPl42AA$ZZ~_SV9CN$XS=nAwrlBtrLUO ztb7fo@$`#Ot$7_`K2MyDoi&} z9@@Y_r68I>zyz|XOheMcZ_3XF{^nZwYLY|mw0jdX5VGBKTN=6Ir~sWS{Xe@~{)K-h z3{Tf{OIT80<6TA#;?Rq^KjLlW>y%A0WL*q~(k6EoGJfw;27}qhz$SqE&*GvpU=6@^ zf?tGfwV;r?7TKTlTbo-WaW!&mucUPu!UuA@ml-3Q%IxPZomybNS$iQ&;zkVDhG}Sn zlN;lLGLAOol@43Y-fwx=4+}_{7R=4cpvY_5k3oUZU&`8$bw1bQD0b(Ok{F&Z-P-o| zEXrNdVR@l%K6QQxiLEjyjZTQYz|t)1E7*VWFzMy~v%yZhW-$2XAnIw}##5ilhSZJW z9=y$(NWVIV0z2Wu4)kWG*wD6KZp1KW)W?#iau7jRI)Puh6&1gTMo-Yjf`xKLA3$?& zA5;0rC2v-ERtt0aF)lR*-$o(qrT6pUfk)Mm=wMH*@ za`(b9r8E^T&LSe&2q3D#bWgX1-RBewt3<>LqMcTD4jLIuI$S2<;ZPpE|}wb9SD%DQ5{kUTFpKUAuoLn0vT&cB!3 zo7>3r>W{i=yUd~t<{X+}t@|P)qPbG>Rf*ZpRRZx^rgY72NCX3Zt0T?1QOu3Dqhu?}&pN-MJ~pIEhMgj=S6DEZ)jG|Vw@KbUdT2zS zb{G*m6b*N9j{6Pt1&b{HHN9%Yj+d?sT?t^Mq~EwG0DW$?W8o+Mjpv*oF(MZ|XRxy|bwLkT(9-iXq0LN7>QtX=Wwba9bl}YbKBUs5?x{jn1q1 z3)4l7Cl3mNUen%AQc!O0o&1zrufr#rN(6uKs56VQ_MU6KUlqhWlkPR*-HEx2ZpD>_HMNbWxS7g(XZaBKJ1mPN$@pEC*Ux>m2&?B>0p%g0RX^UHyWjOC z<;-}hG&(CQb*E+?qknL~rb6pdBr5~F1vMN@Eh9@qLp{+lfqZfj{WlLC<`FL%4RUv*;y~A>eW#g4g zUG=Hf^@8exE^e0Xa@kvx%>$^i9v`GAJE(*3Yyr`cqUyJ_VpjleNj5CyIs3XJz=*y2lGe@!K#g9k1T3!lqbxMkBwaAg!$6v01pCA(w>y8NofvfipVF;P?-->uO@xW@gO!@2~ve zNsG?>`PnL*4BAS1QI-WYDSJ9J%s%sUkrPWdgj!3!@UFc>;P$3r5_u6jWob*K>loCXlvq~TxxBZeiS~u9HozO zxYioSIA~aDGoATUj9%JYmX!{aD>nmVQ_25;X!~)S<5OejL_Y@gO|*HPe+PGe^aJ)u zvjoU7uAP4SczA02F^tF(08V+O|huN_C+wCn78eua+K=MUgB{`5ct$Iw|EnqGBO zv$dneiA(;5bIqHpP>Ink!0S^qU+?}v{0_S-a(g+a4h$|EGeZNH%w4BzeXC%T;IbOy zGIQ4&#uCWWCr_@aJd{zfyC0vt*nThVUgA!+WcxiybzaHWj~^XyA>*qQ$9J;qiL(to z9EpQ0nSK4wlzTUPrp_r?*<6D+EHu0gJWS@O6i_>yQ;tp`DT9`Y7>{LeT`$ z44?K`CIiraLuQy@xjyBc7vY1OcX)yh{_an4rx|w(b)TH=|||+^si{9VUW~9clU*=w(Aa z=eO*1u^<_keQkM9FK$RZmHgY3VWGaDcfo4iR?9|DJ>8RtPfx@%8DA&uOt_xHlwO>h zx>4L93u@l07_i=oem~UXajt|iOr-6-`rC_09(y~focitSIF{jDBbQ06KkAz<*3n;n z>02lum@~CD6vcA=w#8@BwvC6%TMf&P+9Oc@r}^-8PjLs`?hS4-Kj*T=aywf$09|>a zdoxRQm9So%4>9-rxOUX@`tQt(B}N6bc)=34+m4RMjZKuS1;kyC&-x9N<-~%ukKm{ zGv4Xz=^_gcji)=W6)6hx;*wLnUtjccU4V22KDZFn=8>}=!i8~5^+j64AsNa9>{opw z0=@)Zzobx+OXqwXWN``p2$~ySf8THEev)?{I4h^~&dB3W6aiW50L0y4YFsz)xv z7M6~j<5s3?AC0l=i23`TfBdt8S9#KtMh~E##e4mOj-=+P&ZcSe(ubPU?ZeoKaVlUV zh78HxJBLAgC8jhrS!!Bc8eF+_-{}{Rqrl|ZxAd)h)`WHOAzKo75TaB7xQFh*gR-kg zvtmv*AK@X*P-710_p3TaKm$(#?-0adl6L!e%p0?GJRSb+=bjx#pT)isE7mUi@kTuR zXUgwF;~R%FM|WR3!fWeyH+75ZHfovqZQrFmd@rqkkS%7f-MeVkWGg41R~8hUd&w(p zpkg=2F`?DEIQOHuVfE6JrEQn$j&$>6*(0HVGqLow;m^tEpowSn2kg%MtbTiF;@U8& zg(we`?27(A#eCJaYCi3D86F`a3I@`ZB}97mPek%Zz1JX!uYMe>bBRTK-VAsrWwY$j zOL=(I;?UjyW`v=}e!f!xr9&uzazv?Tl)($LdfFRP?_keOnO5j{=W@I64XpU^E$&Hw&#-Tcfnh%neZns79ki+pcJI|Eh-O2Z}Epe%BC z7>&~NH;DfH+aPJtPee0!S<}vIe5s;7@Mm~)L$+ToC#vq+AQjJ6RD%7in<0zDn-lFf z{Fngwo;N~@ZS?MB8`yY8RgVr0flhNhzxzgdI+efSz<#UsrFU=EqP2IZt$9xB{2>ts z@6{XztTc&725zo{g7&lJDq!%# zl@ux8LX|i`LWp&l=XS{y&VKAW6Anr8SuL2fVY{bi;N~x7c;(X2O11l2?NSrV{5wS< zTB%yW5=d03Z*+nG9%XQ%xoOakg3CaJo1FqY{&Kf_4__I z$(;eCdhL$9cYT|BSU%>YZn+RT6=eS;-i^4F(eN;D{LIHHo!NnohIO~jNx z7?z+coG@u2dAZB+t)G1S`jk0Z6sH<+cVaH* z1*d{ganTz}n$#&^Ik*?GBn|kq=S|5IdmSIVy?AM8xH+35+*9jl3N@U5^!s#dktkU; z*tmR*J)rCOVFO+4$xGw8bl{YQtT<)DdT6j-BG%8;y5Wjht>{)|PAs+Jm9UUTTNWhk zLl&VJGmduZu9U5DSdR!K?W{J;R4Q`NZ{e`)gAWy3h@%7PmE4Q8l6M*^h|tHX-UavH zh>guFye+90HoX&`;hYDbhSEvTN}V)R9|zth1s&x_eao{p@8Q zZMQl1QK5CDt9iZiQ)oykD#V~hDGS{IG9o=#(PcI_sTRouJYF7F15`OhfBkCU)1Oq` zW5Yf>@yXQqXZXg#Z{ZMOBlm#z^)Q>ozCnes%cT{W$!w^?28h{?Z|>&=oq>yj&pV#C z!9Lw_?0#y7seXLCDoIZqCC(Fyr^7BKq$k>LmRO0F`u9I*klx&%InWs4u2Sq2=H<)9 zJ4WZ_k2x; zm(W34AoL<7peUjsAiYWGH6-+2f*>HFw@^Y6=?M@i0jc?zcdh4{XU&;;X68L}{`uDX z7mM6w?|WbUy7vBEgW^o^^ZE--+JB}JOCvTj9MFz+NP9vX-tDDHaZjtP*PEsd!B42(_V#WEGf=apGa+O z^hSh~cXOAX_WRV09$bs7ZTa~cXF4lIFg3zgr*=E`t=&KmtOXBjk=AUrw1>|^ZEDh( zPBvH6T|}}y%?rnS4^q6QilIsdm0{t%_ABY?$E|ur$8nFXs|!KPjl|Y*gLuoOx(ySN z?w1545C&autvF7zS~V}~?wt*eiPT^#v9-_44Kuuz!mMUeE!CAa&bym~y`NaK8d;AsvB5?*VVPBC2b;N|e3fh8RIKV+-ynGB8qT1&)Cu+1e>CIPy~GlB`5!I3v`ZVJbm+e_ZM?q0+Sp{k#T7lUyx-7g%_&Yu zb6bD^^%=zE2&VQihr>Zn$Drdepc@KkznatUe?Y z*T=`i?t0|579dBp9R!G~1sH%QU^Z^Mz_aVbxl!9?cEkPk;9lRBGY&p@u?;Xm9m>B9~zDFuoZux<2gE2Pm|U1f4BhV4be(x zZ3%HbIGJKUIwQMflW7}u081(W8E08Z>~_#tq{>x42jY;T=OV0=b&zbshU6rY|5-3bfM zeg~B#Lv1-n4 z=cfbOhwnb`)y!*a{6#@ViB2}$aI_3)Y*noBXu|F74}cn2dJXhPU&s!&FM9%tdX0vk zm0xL!*{e!aW$9ILRa%f$@9)?Uxg};%v(XmbsFWWg<|2oUg$!X9JtZ z&Vg1BGsL|@=Z{`du~E3qq5{dzm1VgG;9tm*{_nT2VlFORdU*71hkCjWWh`wGWF|1* zqr3HqzJW#kv10HCe>Wk`U1ZuU0=r83^?t`eT{pBvC$r3=cxT0Md7x2M@gDXf#l0Wg z>pQ6(#DnEP;t+w9lN%$Y;9;#XU1f);Wg2%vi~Hf?9zL(MurL=PDz?-IH*Jv?>7-nb zjFrSD97juH3~ui(sJp%n_AdQlogmo-OG$L!w_7ioVp=O*d>3fQ?xO%Rd@xs`+LV>WZucbr#X}W{civtn|Lly;?B!1w*XUU)D+)Wg9jqdUXgXKb<7lo37 zf2F~Wt2ckuo2Kd4pxVe_#$N&eQJFp!t)9B3ucF7FSPsIiGIO&(8`YNcnp=lfZ3S-8 z0sTms)yHqwRX+f-BhzIu4oa@GM;%QG3)FD%d~f;B7v=$@iQMn;&sz@06j?mGA!$|@ zyK;09_~01yL@8!&qu4V&aQEn7Ub}{&^oN(~Q=W{x*lm2x@n{|K{o%Ie{u)_SCio&@ zK>GPYK~T}^E?KaE$lYG60*-l&p=vIfQWB3UK^!(vj3K~rUCz=_3G}99RCAP}%Il)93wiK^$J~lE z!V(kteB$6QX7g$oGgNj)@&##;+c~3}7>^!;lU?FykSiNJepHGuh3H>C+9Yu3w@9le zhY-T09tqvE(!&5l7Ce{(mK5>KoQ6~m_D6}Ez5ba#xQCU9K*c6lAV_UBqlj$WX;ei` zky82E@?oxUcb^+iYZiIn60KL1S`>rx-W2RX{$$2kTe%nK zkSx&~%8_|9Es6*|seafK;Bd?hJpEP>E#$J#OWmJddYGJ1mc4nQmF+gvKGY(xz$IiR z6WX}pU(12qZiNw|b5{GIL4{q{2eoZ`d<88{9bsysH9t3M3BQ0eVtX~OVM+nuyJM@c zI6JMiFMa~zi+PKQ>Fn?lXeKzBqOMN{Y@yZ9KGxVe(|f%nmz_W4=VaNQym^wQjBCk= zjmvaRt6-7yNGhjHK27+sWl{H7)3MO1#pzadh-25&su*fJP}K?Dpu_xgqtDBNIZj4q zS#~IY&}|Ztr@@yM{&~#NVCz^N4oFP@x%<5F$79l9ZghmX{k@#-w4pA)aqaDQXS+wi z<0(%@Max=16yoquS-g)^gwh{9=Kh*=^YsOaHxa$EO7jhZMg$Z}!L)W0gM{Q)s&qRq zePxz%8jy(^j9BlIAdFRjnt~c4_*v-Vw+pA&Mep9} z=2l*x#o1>_`%PY`xlt6iO1_`&Ha;XVKbEGEiJwI{Gq{F|ykqnKtSP&AZ8_D7dY;dB zO{Nno7u&&BEGcWvgo%t+;Zj=ZTCbkc`0oAW6oSTt5=AK1n%!Q8u_z z=r|L<7c(z6hKK-i8%dan=tRyL7Z})G@4WA@UN5RO+)#Bg*yPG^TyFCv(P7Oka&8pn z83v*;V-6(AyGzt*Pa0vuVsV}Gw`WYF*%4#P4k;$-mz%^i`n9h?}8QL2V#bL)h5`Dv=p@ER;3j*#pSHEOPZIzx7}ph0D5LAK-IMlm>_b|>#&appmpPUp zP|32=h%d4#isyfQM+ybU`u88S?4NZXy_mY$u=x9Ovlpi)1Vu3;vc5_DBSs|kBUgFHriX`7x)bh;Ww*MKfc|e zVTJ8PKm4L6iJ8khm?LW-N2!1WSFUO47%Rn6OncTI44oQ1 zJAiGCUo2biIKAi233PkTBBA9M1XL_b7b$=^%ZeE-eiXYSK4&)E>lw0dP z__#4;InfZky7vV{hdgMv&tLvH@*#P?`R7i11v8NUXIOF**UPG73MofGHj(f;d3+2LWig$3Z{k$X|5?h*5b_!;I{ z7P#O_lS#$l13BH-9a*L4m|&^+wzu+JTJ`0oDGrtc$0>Uzjb|6b&vv(XKs!5B5gPrN zu|+1F_v&%L&&?pz!~JU7jlWo?(!%{K0U1F4?hVodAZZH(JYG|b&>R?hTim^#9If9Rbnp2GjaW+H<9cX{omh?Tz4|G?r?&UKLP< zQwbke-$ z8dxxDFAaH*7X<0nOztDY2d}|3c?T)^;vMjBf6!F>cix0vRW)u_;Sp?N+rb==eEV$?dTpbKB$J#Le;i4o;vCVMRy`E+n zDdR`bs%}L-pCJ7#L`T(fptH#~n;Kkmg98Xv5gh)nw;In0YbHM5vo82#l;fL(ZBemrRPa$`hyVoV(|8&;*OAp~rt-c;$;zFg8jy(F$~=+3 zQL#wOC4~66Q%4W~?{VzEa5cz@to~~9WFaruF^Ze^$sPLF?^Cu_ zV_upoxyd1tS?qavIG+QIa#ejp3YL|wQ%j#w+9|y&4qkdWl~8uT0R;(mYwCj)K7v@l zHO{+~iM5m7BgsznTV_N~HBt8}-R;cH3){(wK7SC(pUVk5N<_AG&zb#`y&j7@VH!vy#Q)#$WLvPSJW5Je)UG*YjP?AZJpU0G$h-7nPM zdDV88(H$SfBqy=(xESPdT8KCWMv>`2j{gz+I(=MSI+BFRkJ7`uD=89_LL2|ENFvmltIDT`Jh}HQ3)VBnw z|Fl+AU&yb%p>%yp@n@}(RU6sWH!LC`mOrf*SSZ!GSkAn^`G@fn{=o~{UY*OmxK*{- z$3F>8>?#@4oooE{H@N;GBmcn*uP@Nuxdv`?bh`B)k=?%|3Ri{BV<>k{)xXQc{{#^3 zUs}~m=Rw-otKkumKTFbR&CVo1xT&`yIU@+pAT>$H{bftlC(SZzgcU4iQ@gU zT321YmU2G8C1tgae;_FT5+VP$XP>xVXwM40t#k3uV$)k9=L1~+nDp+?vN`|HApBGA z{(lDHpXtiqrqK(g*G*s-BoEFCJ z&jJL9udcYly&hj)D)nwKD=8__eev{dTzotO8ymFkP2RoVnd58CPi$>-S4~=r8>V(2 zxYc2=wCV-?-&xH6xd>LT$bFL})^QG$)wSgwuL5%pg`3*;vWEk9c37h{BR51lUxmph zCMOHrm9^mGE+#Iz%Jv}YE75x8}v1o7IzxW@V!OxQ; zT!;U!kEbFGk3a3YK55TNOG~3aXO)ykk6eB?b~y}>SPkU<-S7W4w_JC4T@w}+zWbB; z*qXn*`0LbaEX}i93E0i8-6uuA*CcP$UacN~@sYVj{X6dcTN?fT;lK4?SlKUXAX^$Tlmt+`=@ypio)j}aJJm#kAKJg{0RKtrZjJ=0LgPf%ux-zT$`@My*T56$@y!n33TQTX6@o9HErBnYwp;e_H=* z){Cz@?p-S>7|yp8TpHq?2T7!l*)h*5* zNq-t`J&6t2wlB(k>S}e<-4OpQ^*Bfl#H;7rJO8KTL<&I96;M|6pvZ2 z8yFcBcP{Jt_|(M3#nHRg3GhjpczAeR8WZUMI}qNE*rCk-!UFhPUjFCYAD-Nnb^T4F zlTItUSuH8+DMGu*Ide8w{1`_pj8taTH`V`LnE!f+4BgvXv?-u zcSW<|DcWRc&`3rI-$V|PCiHQk|ctCY~$Cb@YzJOam_}`P0fA_c7XLMKbsDh)i z{B*|U1LyN{>kGsBgmD1f?X&uzjZF)@ShcCo*pDfpS6X*qRNlk!)?X85ZFg=?HrR%sPe~K3q}Jab?5wp@_F!YfAZg~z|}iH=kJL?j9t2s zzXtqDH^Ng1!G38xF5vBlI;TUR1Mc7x#PgEFb+QavJA7-b_!U9g;32_1+e_!0?$(jX zR7Vw^u=L8KdPh*i&D>2O(^`0qt6zLA1j|;PUpj1?;OGaRSx86>(=#8>OV~)Uz}Gx3 z(I2HR9!nUYYM!8UdHP+A`@3(GzKKcxTAqIA^r@W84Dzyp{?3K@s2uj(xO+IJ(y;odqmfe^NvTl44I$uNzD&a9j#%q!zvH!k z?mhfZes24IBSp$DrG3WLoHz*TfnXMRp83N#z zG=JD5AL&o|@}lbz2}FhPQoZYb>uNm+cPV;g*`0g_gT0&%1eqv?TK2Zoc-+C(&(S=M zlKQXjY6~fR0)Zf8&wkmmd3?Qr?x8r5G1b=25;Uz{o3xEFP*7-R3SDr2yyPv_L?li* zWIDCKrGP!bKuqg=T{30-E92s@?4byeA{-7E4T*}1s+^9DjKmu=q5Ix31;eGcj$_g^ zZt4UGGo;~b*H8Pyg2o&bF%s^eW~m?LGk@zxT6dY03Lfci9P$|WbDOH7 z_=50?Ycb|TbOoQJ*?g>p!eSY9y$Jw3o|5SRTZ}W zC3Tp8w#lf>waD;;bLCe39eEm=xx+Jy5UUz7aVJ~G0vtg3PEo<%Y z-!g@0m@XJWzqb{xbj=Y&-+(z9=B|t{Sc&{MMY0*oL$g32(B67sX281C!B+1k z%DrsD?PGPy&HQG6aYCHfk!7&tyh4kuQ@1Ov)cS5tUI*qA6Nd+?x4r967}`yaD@sfi zwCrQlA1g@oc71(N87jm$j}W3Qh>xnY!Vb1VODx!3<4>b~ zAe^;R-cz3!8h3xuYp6dY(D?RzJ=~AM;9|=k7|a8oCX@C=HRM9xA~Wa<>6=Wk2bi@h zq)CJlm+YlIk7u{j;2L##`~qEKX(>DhP{{4f2EPoXh)-PQO=7%gmG_tW$J7t)cBq_* z=}dn3?9F~Q#C`kw>oH8%hfQ*A6J3K`*i7@#l|lJ)Rr3!0*_mu&*4l1v2#S*JuicOe zt1lO`kq@s-nby`RBV@0r-O``kV&ix5SC)fGN?fD-pLBi90r{LcIm zxS#5chv?gqeT8O&RsF>AX-kXzfI{Y&e&l5ReY+P0{Ezy$>zZ_=Yc~_I?1<*!4tjeb z5UPi4hJIr@`v~KHZfAVww~Qu3zRXUSwgUr~94SUW#d0Rn4%;)hWa1Xx)JV*I>ySgDRz zq$!1>XCfQNf>T*`!A!MXw6k8Mi}gZ8l$I_y&Z+twf6Sm@2M3bWF!4$@@K$fu9T}nL zup?ww5Ayp(g8BLN&GDbA8ai3ABAs8k_<^G4!?Kt5Kh{+$adv&w)msi8HOgQvOVnjt zm_n6))JL6G1-LhT=AXAjvZ%Z43Xv)!UP--H{pvvm>m*GT1ZL)#4%*5Mm_OVmL-)NgmF zLo0nd`AJF|hR+PLdi=0MpIM`BJybBfli}-CPFjDoFniN2-sFUzeH1Jt!Q_c4Mk;AslR>)a+1!DQAx) zbytzjILEWlGW8+h=!C5x`{bk~F#*4qIjvISNk9jJ2upl+TE#+*A$9v=s@>}75ih1ZXDnJ__RQKYnVsg; zW)+(p{_=tIJ|KIC-`RGlI|CBr#xY=W5GKc7&aS47g)2vwn(4?_;B%$lhYE2D-{E!7m@Yp za#Ns&c>c8ctd&B@k3@PlP6zWSR_>y2lxxhuN4;i2!|0DS@cLGHE@~m_51Xu+VUh<4mh1e}TpTQ64x)SUb4 zH_@seMda0n`Gt{2N|34_@zQT{L8koUR$YSewni)7eA11gecj{Q1&pGtlht3NYj5*Y z*3^}10s`OOyctjL8d{mg0yZ$W$Z2d0SdRV%c&(cueAD!@wOY~Z_iB+w-fmDt2JuK=|7xgggY-MBBFQ(Mn^q`Qah<$*Q`kY8r<{aiU zq-j=@ZluPD$o-aI3ZVI+V%t-E9F8Fq*@QS6&K2Da?(W_6EzYxwVYv+gt}1+DY z;nZmpN8kEHv82rmzs8PdwKN?R4=)?)n}y!Y<6$VzwQ6IoL#t0ws#I-o zKjoJlew=PqKFtyyv2(!dviFQ`h29<+`7}RY1#MDcnaFJ>D8#8pVc$Z~uR=W~+Osm7 zOtHN-Xe|!C;;B(xI|d%y0!?ZBrmtXADcQ}&Oh-RpJ)7 zbZ9H|k(UtYi+ge9qp{NC_OtdNrIo0Mz85qj<}QB&{CCprwXj*+?UNNr!aw}&9imGBi0L&z0RP!%pM?7`pp1kJ0SCtjxmNZXVS z7`sOyO+|8Z!y2lzFvD_(>6%m962QYu8hx|T(!9I=X(S>6m)779^F$pU<%3+>-4W|B za)&kcU1=#It6=c9(CKbv6>)HnuojDl?=8;DAOJf?lSxzehfF^@q^7G6~YsdLQNn>~l$1Z;%WRp*w2D)=PRJdPwA z7j7r><^q3f%zbG8@8%W$rb_TyUZ~v4v$A02>)vDZl>es5LwmS5DOWUn&)5|z|Hfj* zczm%IW~khGe~m;j5MTU;!tpe)Y76;SJ1G|+Iz6qG!#v$?W;gI{2qd@EC@etr$OR}M(IwZTXIt)K+q4ahV3;215zId8C9hoKshR&>jk&UCo=T25tFu( zT73r{PiM%iGMdp&JK7^YFY+|xj#OgjBrfP;svXwZ1!2hr4{y{22%-cZ_f}bdI$6ye z@w$4Yrh}&G;58ZLTbvqg!nmU4(FXLXWgq4lT@KwsWng<&X2*J7hALxscx+iZe%><7P9AbutZkR+wK9YZS_eFa>ZidCx;zyJ#%_on- zLg$b(Ap=Q`@1Hm|6c_K&XWE6n@=ff~v2lHnI|5ba8&AUcCykCC?dv+5o3!$)*Xz4X zi`b>emh$aEHMPMniqYvfeS3w_5l-nhpFyT226h)e-TU!~!Rcbu%r=JVD-m2GCK0nF zrX`0789=jW-O|fzntH1${;WgFtsG{j$1UEv83%?GZ@={nn_3jJ+0$0?Z7b-t-p|d- zF$`3@Db6pA%!N94QRYWz^%^Gee1mUV)tig+7gdL5*{GX#(A#xQ0`lQqGiH%+X*X5O z(T|eLdH};*m20v6CshSwW8UKFzvV?+zr^?+4l-u*(*2hBDWM=Q1z-t(YL>m8i`2}I z;{Hvbi!8>=HuTXlkc>@Hd>xA@T9VO zOlot^{FcI<1dWQ}0*j!~k$5S5VHbmwkq$yt?Y21hS?TJp``pTD?v;<|E^{fR?tHkB z(LK##yLhJS+4HkYRY4n9N_ayLoOwZ_P$Wf%> z2|>a;#3Tn6a54eAc%y13Q(Q@p z)Q>I>e9WrQ@Hqlw5k=jJh1}z8!K-|uGU=F&V0Fvmt$CjxCuM8Vk!8s(0Lzf$(>IOy z+fe~N!?QavbwrMIg03Es=V&F71TUu(8uttKZK=Gufu3(xrlr&ITV&*t7WB*Lc`Qg@q@&AKuXkD9 zb)JRQc`w!(@%sK4P6G<*#8*jYj!K=Qi{x{Vl#J#Mg){cYP4^uMdOc z(Ju;k{3P%doXYE#RJp`S9Hrpgq8J}*hFM~0l!&PyJap_t2 z=WCd~@B_7F>JOCqh4`b0qgLWnP4KhcEynXqYfX2Kq`$3(NTkGMVfQ^KXsUdktTlyY z-Q?`9jv*(-dJjKxs_fjA_@QpB+5Lk5#dVI7U+=Xog%fSwrTpZ`^uW4UtM+PYkHh%I zjqg6^F5-J|&)~zp=eU?r5hk&OEYS4W)h~BnTH`kjedWykmg0h^VTqb_-ig_ts|S+R zk1GeCn{4yXn<8*G!$-pXSj1T*oK**0oF^!CRUa)VVSHBDigIeFK1%mCKQ=4) z@$Qj;<~O>UC4krRfMHk|4`1!+yGdiv7RCIB+i}ZuWa9~l7Vqbcu(E1`dxPmG4BwOL}*nC`qkl5D*}EB)AWD_wCR)r^}~U3SWN|GoU~jiEwl;eT&R z`)S9t#&Xp_TYE^}lQ;C-Q}5^qB)K|44yYri?P2kk$mPREEV{3U$cs)%N~(&>R{?hW zL|rCDGA(A0h%_(&O@i0nS7A4a!4OD#!C*@9-j7Hk95t8EMrElB^G{++n`KmFNKAuF ze_MCt^jH!PuphQ#Nn3yxNE-Uz==JW5nZx{ukoGYIJIbRu&NeI&p=h$r9m7huaWy#`+5#9^2%p9)p-K*yVg94&qXPqjI zYr?zLtC`L($X#dsms24gU5njLN6#I66CD0<)7mVi3-NqAZKaNb$0lWSqAlH_e*G~M zxmx2dYk|ZyhX_gM6jz{-Y1tr4Nl8Qi@MjnM=}%jMl;@PSvwGiFQ8AWtIhoheOPS96 zN^luMVJg^~K)-yUqfOU%><_*2WRvu%@Jp#SH*I}7O1(3H01GOG?((@IbB7G_Gg0e!$?%0&( z?BEO>3sxq=*TqQZRg!7?N!iVGpz?F*)zBR==UulB5EG*-SHD5e>_}3*Jwi=fxDrDz ztzSD|{MLnz_eDVgT34%FM}g+G0qmmrnOBqP_>4B9g-e_=Qhn_GT|S6#cx^JiS2nym z<$F#!OZ*Q*eg|g-)ABfM{!KbFdPZ0g{jN=!pQ>iGzK=;Rg}*1Cw3L~v(RpF{Oj(??9DQv@2i!~+2MDnCEr507 zCFODg_`PZ0Z1py9B(n=M7{Xr;x{h;k^WXjQnd!V*6D)Jx#;+*izm3U|$^`-1lAIic zu&^*T@$l zKAXJuoONIGf@6bGa{-U9A>Kiyz~AWLCwAprf7MFfEff3|;H+3RpzCO@tp(vV%H0+0 zmppUau$(D9yLvD*svxcbb|-=nLf*Qrz!tl{#si%K94IGN<@ z)t29~+oO#elPnl$NIFv31f%5g?d@Jpug&liA(;@gdX#=}svg(4221SC{FS4dTA%dH z-jO03VhzjnOe$E=8M>PFpT`rqAM>a)b3+G^-eFT<1JeclMv4Y-N$Ku2KFQ)y3}tv_ z!4pZ-8{GH5rKR;#l|K^nRR@wm#A^!qmEPUrrk8t>SDCvHFDaSMBc#r+@W}8RuA3+( zICjlrmjHF}chfB67|A}huNsvWlfE?sH8)}acEuI4<8pnM0*gZgxna|A&IabDgWbab0iFQf zEHu?O)W0bX(8Zvx?e z`0s1d;2g9~MMuzuHCSTme!8-hV1hQe(o=GmqM{;RvkT$$E89{KCb%c@rA5ZuS5Mh030r*LFC9r!qVTQbh-aQv0_0r2l^D zW9UBl3Znnhq28#-dMJj$THBs>EHA7H%x_rcPihux|8|9M%m-yJkoztn_gBMuz)|h3 zmg!l`4orjS6SPtJ!@GKQs47zlb=SgCHUQ_flAsUA4ajBtV!&)JgUgE?Z&!w_8VXIj ziJ@>D0uzF6-s`tNflGb%c5+rqmKt|m(c}#2YWX_hM&iwHYW!6^#GF+d?ZS0SURwh? z8A5fI!|oSx{qd5u_KFlq^9^bn)-Mhy8WVmZZ)dF-4n8&$ItcMi*J991Hy2bmtrmrA z2ku0SwF~Pta0!t=6_*H2l)T$$a9Wu+a~mF2@4 zSdratxHru!Dml0oIXp;<+Tlhxq`QfdA8+YcSd`pwXDI!+r*QbI`Bo{4T1Y#q;-cCJ$& zznGu)J3kG=1-C$B!a=a(TbroNxb}<7OE35Z$A3*#DN=5{XwK}lg*R_95dWHuzaI9A znXJZjwlTsW^}<(s+62jj!I-EhgmG|@vXn0_PcE3$(lwsCpt*cOYk4s>HB~%mbGpVk zYB&9ddf=1K?aZ47(<;hgFlU2g29}`RXEEE;xh;WYf;;S~V4<<>;7gKar`gyPE+8#UbFv693X*C+} zYaZHt(O&M4u}p&x9@QBHmDOS%h<4oX{}y4gty0p}j8Y3!MXLd#RvY6Tuj|NZxtJbz z#zqZCp=>guD%h4G@5maeTKXhrve{KXZ$-X@UU~yZOy8ihTP|5X$E$RUxxxE_Y_aakz)ZKD@)#IySt~t%w3EmG?#Q*OpD}CYb*u7E9oW89Rf3^DKWd24 z?yeR?KZr9{`AI_Wvc7%xjiMK&V>iqjAYX>B!=w7zS(k71o+w0}889obZn z&5^oxDY2daOK}0MfD&E5`QbZq2O*=M|+0Ye}O@ivoF~R=I`#9lpH(LD|cA)o0MK?M~h@FT&o9%8@1M|0y6JJZQWXd znfsb)gUn7Rw+kg;T){sThl4T zITd82Neng;aL@Ws`Dy*~ST$&mW;3_y9_#esa+T^M*?PDX{pw~#bUu7Qw7bKm30G+f z)Bl)Rrb`l$RkZr!RjjNhF;&w&NZppl!mF?B`aZ|s4)$g-p%WBCzyHmDxk=1N5}BAZ zH>c>#<2(FYV69NF&6`^0Z94m@>7jA&N3x2X*hLMnA5M$Y@= z+^duZebe!kcY9rV@g>D2rUU@Ca7R&_1Gk(bQP(!Q4;0@D?tRbkpXG#ds@0pJ4msTabIAoXF@O@c~XT)ft&aGni5I^mtsb|)j z5uR#r%d6&ki}~bRZTG@GVtvN5^RiYV-$0g`1k;Pvf>#E*?3yiHUGS(+9&DbkD?p1! zHn!Q@i(l~CJ}t-5OicF0lMMRI{Pv~7oINk+Zz)>oFFUU=fxWq#o*kxkk>*p{BJ5Qo zcM`y4@tYE?c_c!<(jou8$2S!EHnRGGS>IgSeC9DRk@>IAN|cbc9<9EMOKHvAj)Uk` zG%Gr@chyvs=8IytW=2AKy7Q^Nd4?n*W@g<pELHbVqLL5~x^F+Ajs7 z0liANQ4j~A2yi+htrv|5syd45Pwamf&WINpm2(SJF`B0{D3JCg_+o8s3ml%YzY2uKy}KXgq0wF{3&$b(IOH3czY5aoNh^LEEY zr86b>Gn`LY9e-s2zt#@D-#tYH;?&N;y&CCk0 zLAg=9(W;>U(N+O@Cd~_yHSl~~!tjfVhkq1u)~=ZXXUB+|4S(^?Ut$cLiT8IF9U~pe ziSI^SM}IqLhBaLDGGCFRsrzD2rTyuKcf3(t{$>+o$4@fRls->$)Apl;@%!nnx8UPB z7cN(9$@d{`@?VEVMMK4(KL>H{b|GKAze*l>s9eqLwu8V{MMc`NRWiSR+F)YBFQVXg zk<(_p&jR@D+a3gS&zMj8V>zp>Ol9Y5;Zg*?=IT|q{PTR|bVh6rTk!=j6WdG{WS^S`$I!5ZXL8zWSh;`4GVrZOwrdIHqlhIuhq>TT&k9}E)uytM%7~Aj?jF1xKf`YH z)89_a%_x>s6%k^*PE8#<+nwKjVz#`*gzlDm3IUC=Dj3wTdCjm-Dp+4=K=*0s1leS_ zheqi)jNG$xutzgGl2J0~pS61=N->~p!(D=3Q_@gXw1-e;C_5Us#-1poO&m>!voPH$ zEM#z8ox3JZLzMu}GnO=2NAnj=Im`!R0JF^oDV}~TudT3kaFKg`IHTC%vc4JJFcw1h z15V!3+An3P+pW*F^!B$}D5ELrbSZYdsuGe+tXhP&ii*&TCuz*tFC^dT*yIE$TuR8y z$Q=T((KCOCTP-SVh;e>&8XPc3d;Q{-7O+G}`D$w)!U`&xW4eQaDCtpizTV_&k*dY)_jY=XbPRQX>7(Je#jwsOY%gyl8&p|78Qfgm zGJU;yn+7thT8Vsv_REAY?rK#x*W1&ej8PNVd^|+emAzVj#&P@er5AjAYt0E;i>|;m zU@#?#?_888;Gn6{{;&rVK2yO0l(Y+ILF_;os~jw4jaB7VrRA6QhPf6yscmcq_H&zZDqTQ-*m_=Cyf_=FLfoS%0We5SjDG z*lv!Vd`Z_BqbUvdmog_}rQrnO7vqX2MNdlV8El&?lE%hfs8j$@oWP~AJ*gG3slx*a z)q&fl3_`-I0hDw_Qxk56_HAiH=LWX(L)*1;loO}J`KW8)9!q*QSxLJbBiefD^9-Ww zwfEI>x!pphakK0>!1Lu7axXftx>(!mYJ?^QWyw8O4@d}-XBVmE(aT}s(qy%ZZ)0cC zQplYJ;55~q<=n~$dzKM;gC$nLY3xp-a}nHqtK;L1yV4hyfJ-qYwcivi`p8##4zE1V|MHBxUxqO=XlbQ3GH+PSL2MLz4;q2@G}3%s&uzsZ?# z%nW=Y=H@xyT~S@4+f_#BsLHBl>mXmw^SqIaZ}y&(W_oeKTm1F4B4u0r-0jp>>jM?y z-f~P9;S%RiLyx3Yf;D(cqD^-UhK>%e(O=2VVY%ItquBD^3PAXPsB$Goul4xIh31=T zZcEUBe)ZlUz@D7@Q_8K3YmAotA2>#>$N_m(^XqRC-)xn{B&2*4vk44U3U6SqK|D;L zF$3UJUqD_-AIN9bHHHO*X0)PhG;402_ig{!V=ZTT`(Zg?g^KcgGh0Cng@o0`ax5yI zzHp5uh{SGE0Ty1AvGtLgS=m>ES6fZ*eqy9?;77C2hzK=>EswP?Y-$irWBWBz6S)D*19JEC}grk+1@?JBbvfr$>(jcY~f7>*(-Pf8hoNbDtql7DA5F1=Jj369`XxGlH zYeDDa*Ajef9anjRA>O0mD?dtoMrmW$KX|7pD@dd{NPmS5oErSuL(R)2cqiK`w`W)N zn?-Hc&5snJ5hT17xh014ad|ANzB{Yh1*K|o3PgnGSZ_hA36!GBfi@NCqV77G6w^8q z^mxZqFzuI>oyjiReKfMaJ2J=Z&-|$Q(br<<^XE&8CDv| zq+AJC)8ZwDI#1TiaXaSdjuzWttiLDp(vESBs@5!8(t(?mxHG{40Y3rPMzqbog_!DL z&Ir67{>{z(hfm5+Zp@}gCOnF~XWU~zo`UXb^|IY`QZ}f{Q`l}#R3Q`~9h?Q1_4O3o zv`2O5X35^&w~()x(1#nU7JkKKFTK$4Y+!`}TUjZV``f-OKDcG9!9%j$xz8tl=>2|h zj%j-+>u5g-V~abQM+#&p1W8*7D-A4t11f&yD1ddFaJ>=u1g;pHl)oMR6KkB z8jA<*O~Fy#YeQlxj!om=l+WMydquT63|G+4@?Rdvt@E?L@L1&0xEcQs6iY>2+qj1> zV!d#6bBl?8XZEs-ik+8N)6C4QWOPmEC#`4CIve40K=0o*68&o^=~QagU>KNvu%oxlR@ykSC;+OLVv7 zJbx@Aa;+!7ETVjN)deywD=)mv^40v;!(IP2%YN-JImO0bKBF~F`x+!2pLjUE;jzDP z;oW)AN~b_)1r1rUl#?seL2h2p5;G-J*=H~~%hst`QaVHo2~{t0?k9#ovuf@?{N-!@ zWXm@Not%(P)5V@5IHv?#V6DmXG+TS9B@5GUnOGS~t;F0d& zhOoXcho!3exA(jc*WdS+PpQbf#=_CfKt@SpsS8>BDS1fX@maV)e^JV}kdgP;o4;*C z{IyS5Dxv$I(x6T;G+U2)G_@&Oeyc#-y}1UX{YNzK%-_c9264SoNK@A@Y{-SF+kGe1DS;Qs?lnz~GEz?B z`(*efP+q&96BZV>zZ3NPj+vfEgdH>iA`KY8<$v8z$sy%fgbDM#Bf?wt4U zuUJ`Hewpl6#qUG93ejI$zeD*uYfIZCN>YIU@0;prSu(UA?C%R4E9#&99X0>S;saX31d%hS&cmzxO+) zf_($!$Y1P_l9mMi6Z`tzzx=!J1yB=6m<(jG{Ur?hqtyh&;)e@(Uw91sd$7r6sRlay zXs6oV49>rcgsCk2^eYnrjX!;R<39sJ8*%~MEY90GKS0ZWSCD_i`(HluVwJic9UGwa zYag+TyEl-(a|Qp5zyEIRaK;ZV z+>(og|250~{kQzDN&M5G^~)dr|C_}Bn!zu;|HWMX*9?Ady1#hTe}wn{fsx^V&ES8{ z;NJyO{}asMDXzpn9EsW5vQO%M@^?YiDKzKhYuB_2l^vqFSxV18=6kzGHwJ??X!zFUQ1ky+Wc&{$6(D6neEA&m zI<)NdUn2QGScVr1J{Jm6yC(Ce*#1YR_FtdT%HYd(EoxcHf0q;*Wbg^E*vs_m|E{0@ z18)3bnWE=9K4s?*W^?@8QaHx%DcsF#`1=$79w`L2T)uG;`asL>>VG4sKlS4qY7OgV z)%SEA2Hzh0+>)QyEoaU<3I6=Ym6ONRl3M#)Nn82MotdK9dy&N;{ zTk&Vz_xNuk;j^Mxx@QneO#dtDg_W-QPJn|u8p_N!osEmpobH=Z`jD$S&zB7P3gQ32 zZ!>bX#;&&ko^+SCtA3Yzu53%p&MIy@q>}9f!G@6tj97Y*Hlkht&yX!NBG-$ zoYY1DyVaRfRu&Q;5E&Wi=jXuI(LGp!m9*b48|7ckj@6nK=@59i{tt8Mc}y^O(00ov zVp=f2FMnYjRrEmhi+)>I$-S*k=WtE*L>(3wT$hU+nOVv{(b=&JUBSqp0)m`SoZoK7=oBH@9Z5BYC5Q&5o-+ zX4Y7Nt(}g6bjdJ_!8*F_k)+*yL0`gwBBp{-uT46p<+1mDq3e=@%U3v5JlWgM1h-xPNw_9Z72sXbIRT{Ao;RJT|}o2g5L00U^4RbaYwxTz>l4e zHagjL3X^GG8*J}nBy8~`{|t!+<}T&(J0syI;Y>KgyJ{lzmodEp-w6MtjJFHchaSH47? z=*24gnRvH^YaTunu^*`F6~PWgY_Wgs8=*9{n>S3&{X&&7ct(D{Je-I|DOyV{{Z%%$ zq?hiLU%(?rg$s8;lFGt&Ifoe>wN}S+*HR@irVSzOPI+KK(vo_VQt3QP`icU4Z@KMa zO4@veyAFhFTgE=FfOew(_!83@ezMWqxU|LVMB3hg^j4_ggZ+>^**A#!TXFgM_p`FH zzRp4YA;X7{RgR*(UP$U7yss96g({*$v8hz|3E`=#FD- zT{$$ny={}83a4vSy=ya;r8fDojgxh-pVV_X{2K#XTf%KoYMS%lmedXbU*2(`T%LV< z$LoLwDI%ghv>-x)cXzZ_!XWx*6#R1}v0WyJ*wDLlgd#N%L8R966BvLK>J{+gUULx+ z*kz_xZtQgW_nzIN)PURhS?40ba_kbz5ZRVXFa3Q*O>SMZmxKg;^*-nXwDAr}3e4$- z)Z;IO`gU(>g$X*-U1y+)NG_zKUQ=6M7H+wB`5dsSE@EOk_6REIGw|CQehq14@qGGn%^wv7{Gf-Db+%1eseLQb4e=DV3+1-_0L7>6n7pC2qoF8cY_ps7M5)IPQa4(x{4KwY#*xRbzlbN z-Spkeoj>Iu^K=cR)vRHws}A@>FDl|b+Z(kMil-#Gp-WOl!f)mO9Qh({f?SLAIUD*z zr1-<}b^?57ggH>Y(02R;W8#=}T)=l&zhyp%Sw)?crDR0b$P}NcM}FX+Cj=)7W^+3J zmW%M!2Pi{Ai1f_Vh;n`Nk=|Q-mHOOPowvk=K^6Xoj&EH0QjHzq+kIK638<1P{_OlP z?qivdG0w=N_`@B`y#AtGpOc9*a_=;b%AN*K?AaC%I!)vf7{2n^q06sftWt1^*eaw| z#3J;&?dNL?%UoJbC}}(ib49jmeG9COuGn<$dpEk*9ZwLzCgFx8VS}3x(=mJ&73PE$kfJ;s>+k^<>Yxj02CGb(ey_L1=m_*UeCZGr(TQJom9G zeR%nrhB#)>&++kN^{1FFTK}0BaQ~-sI8y8IUz`@<&Q26R#(-@$j7o){W(FCi?Q+B>F`xB=r`r zW=6DbBePIXdSpTDO&}PIo%t)QijeiZjvx1vJrVr%wtI@Q2Ya?la|_FZ z;rei&3G;G4v{@beX|-R1X<9QAydAc`&98hiMSA44%B*yhn0xU0h~IjeFnLVivwdrn zV+qLzalGG=MJb!48|w!RCW)TkE={pe@iS@CK=%SRhwVLgEcU%ds$-Cf$+X~aKfx4T z><4_6-0h}~8PQCgpsiX|3Mzy&*5F_^Elwy|*elbi#_1ISsI~?kaAYy3^!Ypb?YSHn zHxo9)eEVXX*g89t*j}BnK~gR*6>P-BX;NUkL`33@R6pXP&Ap&Y4&5DJ|GGJt9k08b z%60hh?a=Fe>*Jg)&PDL;bBjBUG@&(?!SfU2nscpItzq$5HKTsH2PV6EH6+jZEWSaO zscZ`|LZ~Q5sGfJsyVUvmH0lLEGy4AQHiW(sRs!=dJk<*(63dXsm_MVk;vA?fOncC4 zV_!W*R9Evf-Xn7^&#JN>J{R~^1Y%(;TSyD%pu9A|^U1%Qik|8Zf_zB4lz&_6zO82g za-|+8uFgRW_0uG{C7Nfv_i}TU?Q5@%GwtM(-)3^fx?+^+Wt#!++5qr*cB5RaKMNT0J<>Drl68y@L5in|iwR@$8KQRm=bqnb^WtHG} zU>mfn9Q-UAOv!+;TlX>;CjoDsZOMX00-&+!*p~bWsW0PK5)0)sAf1ah%<}+wQJX z)s$cyhlN;+9l)tL4rCQ*RDxQ{`g0d9A(aJM!u_$fpL=}EYlN4N^3xUV$@G42qaA`es=lrxc{=$ggyq z;fSuXu0G~dvF8uj7;+kPlVKVxFa{7wX~Rjn`z>ov7uEMLhtc^E6d5w#?#W>X86xn$xQIh36NS@j~ zz$JN{8!72qG5v-%&wTg=?+jh|bxB!aeDmhYdfmV$K^X++!IP*fpSC-huZHtpd$T=I zrNnRJm|$6&XWUB0rlQ<~Y6+^PbBpX_CQnT-13IrvKj=1eBz#n+G5R=mTJShs5OSP8 zN0)6o2s)crps_Mpt)wgJ+17hs@k~8u7J4KNg|5*!lT5X=%()&#LRZ3p)X``s#G|{Z zB4Rwc%TY)xlfr0@r;3)-_l&TqM`Q9@F47fV5|$+afWv$|-4?sG^RRtqb?w|5jl@On zs{q$6!anGzrlz?R`Z<@=P|!g(((6Vx`mZRPV8aC@j*Fc{N9*bn;J_*GyDb;4pxF0D zIdtANIC$Qej%@MYx@RG2N2cy5%Gwc=jhysPAN6lXmJ~9^FppYl7i>+va)NZpGi4Yn zfy?F@-IkYhShV#Z#KwMG@jh#CqLIzDYt5qFP-5?nq3tAmvmVokuAnEGu4{TtqX;gt zWks!Cb%)e3W9Gm^yRC&kK@t?IW^}uC z?`+_9VsR0JQKrmoj6;g8$$a#i}f29)kb1iOwYXo#$IsCX~ zzS4cKPJjVq?hIr#%9uo?<`sJi#q1mr5P2@=nzWv?Z(io`LBFP(_1!jCUZv44UN^US zUr>8UChLxdG0F>L`{6MOeAb~NA_%0lZ@!Aqu@KC7?@fK;L2b)OL~oMlxPmgPB%;7f zur~WpgSDXb_40ZwOq-p0Wj!x8Z*ivET^fMv)bF4?+L_1hmkX)h?1fQMyv?s09b8-j zpJ=Wj4D$OEh;jg}oNXPC2NN>=Zf`?FRK$x*z?2MDgg=xoggy~XOL{d{1(k&*@{srJ zweUBxo`@*Gciiq4CS`9=^HQ26RjNx20FUKjt0LMSj~dUo#I;xH&v{xc@P4S&O{$be zU8>Pp;US%yVJh%gGX$s}Qh|LlXD_04wLHm2YaXT^mD%lyWbH}{+w&f&Gp zP#$QTH=}}3tc+yH=bkk0gm2yw$Mlqko3aiwkFQSQjfjH)%;h!=)Zv~uO} zxG6@PHf@gyF@s#Ot{kPLpfDqP81Jd+CPYti(Vf}C7s(xSs`M@Nh#;sMz&1FL7i0r& z5B7vBh(Di1!N+cO`TF=Y#o!0El4D^Qj5FpT^59s! ziR8JxTKL415n99~2 zCNLd5QHWb-xFtDLla`q}(I+b?R(J`s-tUXr?w7O}KYBpNuPR6Hv%n6wdFk@rOdXnS z?D2Zusk>Jc2P(*$M5H&4ngfSkoR2UQlS=;{jGtbJW&?B!fVP&83;=#qa~9+%FsB<@ ziE7fNl9G^8bcz!s2CVW6-||*ycmMX*5DQj4miMOaL>7qbJeW@|aPmVk5b{sI8-`;J z3*^{2LAYh1qXR5|!a)NEd?$>YQh)Bwc~#Tv_%rq(#5Y=(eRVnFM@*EK{>*N8r`g1q zkmY+GSlUwQCuy2!zHc~_;-IM(Q*$>l=2Ijs>_kOeo;ewhJuS9pTiMn#=h*6$#$Qk^ zMb;WAAMvOc8qL;!?8TiNN#;4A@=joE3#tRv;IX~A>v_U|X*+o74ve3_}ZnM>7&Po_vSjj3n1)Gi~>tFZq0_Eo#5sh46igT^&X{ zf|ZY2K-)q~Gvs_dyW;C?ov1=~!Ms=sLgd>S4!|6v*eu#OeM*2CaQNkzg#5KySly$U z6``*2YFqOcJF=5?MIFn%7orvx%L5%@n=kp<2l88c2fZxlJ*l!}7mwqaY#&F?x2YOr zwR6@h)Fc`5FJ%yR)}}{^`GSTDeKvG{meBuI-`%LB{<6!_G$P038x21<2>NQkCmskizbkw6SaVg3odn z5qv7So$Y|RrbQ(_Yx8Uk&CzIv;dzsMrV`ift&j^Mj!$%rCB3043GT%$oI?d~2l3L5 zg6QV9v-|)S0|Hn#wpJaf9@V@ltVp>XnevoSibD(Ta<{5-EB;ucvep_1 zGzP2HPh{^K(bOQdd>3UA9allAUY-TnVJ9J?-`eLP(pMwO4LX#LyT(h}JMQwHOGG>e zjj=wJ*s~`>e#SfBrPad?4)Vn*l$r3WSpDj|@F%Q` z16sk1bYR~}fy`uN%^D`9vM-?X&8!Kxiiu!|hm2Ec{dVa+vfi`cM5bG|Ixl{Wp3l?> zJLqV(*T+Y9moko9F4*_a=NFGSqQK9cc-K=Fzb;IA`%a>u^!QOD@{!}-?L!asX&hkPP}KlmAqeb=c;W6*bwKu3^3J?I zuq~4M;q#81OKuzLRjCJnSLr2@)0JR8&ATn{r*txqx9&083@JOLyXfd#hYY}i-5af z+i2lRyhR-RrQY}R|BtP6ywDRM;7(fm_929BZe`MFCN(Z=M&@u9Un|u_RGsBI7cL_0 z+qNT2lf}T#$JRs4uh>&N;5Q@Jx{iKDUKXifbO;R%n>>ivaBF{__QX4JKivCaXBgaC zl&jf>e{qi3URcX5rC#Ya7fm+ler0c05U-X)+3YK!!dt{`4pmVU(|kpMxYkjv)ULRL z_8NJQGHAZv72@hKLL)9725JtEM&Y?`7G8m=|g43LQ%?lJAJg`g{({XJN*AyE>rK22o znlD%w+;wZMi$h?CB5)b#IxMVrNoZng8~7j+Wa@*nGv;@#3ce^IpF+RjQ=xo-Yp7hU zEnZ8lEiA{UTm);r$wn@^?JYv<4&E(C_&Q#7NyCRapl<4QK;5XME7J^~(fM*>UQZFr zXRgTpeq$xDNjB{;^U{o;qiV2KcVSs*`SQtIyuzu(rM4Q2&Y1)JTUuhH^`54DQy0Ft zI{qnP1M8g2+eDDRDIjxBE9phA+p~QB?rKj*tE`e@ffr*7MsZQhxQLSZb8?aRVW%Ch zbFOxk&r{NwE#)?6wT)vw49;E`eEz_R#AAF@nsOm_D6)RUz;r$v1>2e=>NqPnI zg0t4O9m~(eH~g0m#C5**GwtE$XIQBSrTZ?|w~Ojy1iKRe;<1tgKzcn?^~bq2KI8)2 zA|=tjo35wuaMe9ablg+MEe6h|vPr&{SKKNO*k4wL&%$fmCyHTZGqGIJ=6<%9eRsqu zJ;j|HmQUaM*D(38fh#AZm;saTs9!3odfVc;*hoPa%7nSIUNcBo5)katclbE9djG*_ z?PX*5`UvzwEi%z}4=kCZnghnhpFa8ijF5D9mnhc}k^!7(&Il7V+%Em}dS@%|~NwPC8d8}5UI4 zg~3hvD@$t8ILQ0ZvB1wqBQLe`2B-5s^leLO$L%FQI4Q7ihpMdl{%oDvD+0}%XXzsZ zn+pW;RWGp5uY?Py+RY_Q#+Z+v0iAfXi18|ucGE$`6JuBECP}W*_UpVTtXHWV=e9lh z)NyLxa*FusvqxlFN++$+mPYiI^TIO$cJPA;F5m;9Pu;z99547qS#?QGj0&$3NR&ef zD{CJvywqj9IEW-`KSid{6{15KpOu=sTwkn9zoII)K37Ajfd0p860HUHF=r!28P>3o zXJFf3pHnLC&9QPk7E^s;!H#&$>T%D0osPGB1Kf_adHBAqgdbXtI$E~jTgABXgBJuq zJif_(FEW6A4eajyYl5twQR6hJC0F-9)fg8Zw0Pv|OeQ^hgdKBE5pLR!<8=<60J(jT zFx(FJST`!fh0TQBW#=v1m}A$DRE8CUBCTneMLv-Gw~)}mIp!QUe!fz3s;;34?VmFd zNaXWu=qadJRJVI#_Z8>v>H{LW0|vvGt1Zs)Jlbmv2mbu)88czs1&3?pXbZ7g?-CrH zMcLEU9RP#ac(wsuuGvS^$6VtcPofzOW1*g@hJ|$iaJk~8`h^Z!MKmuU^(X^8Ea!fL zdO_RY#n7Q$F88FnOPiVI=L7DxmVq;njvoBxo9)-=Z*YJ~tv~lekJw8FY5o-JXgjf^ zx^Z+tCDx!2$LG85ho2a)jW|SGz>WundeJjM%adP5)nI!fJ2BS!s+GA0H7$=YQOx$o zVT?YQ@oIy^HLlPT$J`Wte}5HU)9&k@@!L<42Lk$NyI2>@LpPSm1wnViX5QRU?LfPh8Cb)rlLoO>b@1Zh=C@vY0ab$=G{g#@fzH*a#iT|EVU><$ScXkyy^H2oukTG zlr{=`K74TU#lS|rO)X=lb)p>aCT1PA!Aff7SvJ^UrVF)+722cr`=}7fRXErf=~Qj} zn&__2em@t`C+1~|eNf!5TUnQ-ridwv_JrJV!!SOxUX`qT??03f7%Wd}P_8U?hI97zs9+mSvIn4>FP6CgEK*>+ISq!=%u3oOG zT`TDXA}~wm3A!lu%y*|@9q!q84cJYeFCTkv2{FTj3fPO9+bE{-41dxKqmCTdn)NGR z5tp(EiO@-;dbe-C{9<3AG%X!7DsdPq@w$7ERkfoZb2O^eQ7Fh(_r=#YBaB z2M4(&3eZv+=jk2pLk$sE$Q}BJNdz%}jyJzB{g!K4_`faE*Sd$|e z3dgeV$}sV)3zR<+tQ9kIo*XmuZxly<>elrQtC3xc5LMR&z7d)VwI6N$oWyt=lzPXe zO;-+tx#NSIV(S`cqsRFd$wWQ_SO*kO-sfAFGFr7CTEg@~WDQr^lniXkD#4dEK^3|A ziHwrTZj(>N1-4)(HfV{443>SNh!c$qte0;P5;NRNdrpx4(u9ccQNq)Yine`kG_n+; zA_BG}o(DYER9Bal_Qp@Sqh!5e&+?J^W@f!_>_bj0!N)s(IB(8MQBht|j6S2ar!x+* zHTgilU4|g$uAz3FafjCncQ(yWo5j}a`6Cv!clQUYpF@WW9N4n-f4;VJBaP6WJR#3@ zG;tBv0H7TPRn(h^t7Y5d=AVE^b>_mKBC=IC_7MDgYnA15T4{s%A|GQ#^uhI3iFfY} zxzs*=Zug*QUJSJ_ad!fbUzhERHfgTAD$v<%4}8Y9mV@UO`smIweequSY8=}U?%D;Y z)$Wg5&*GXV+5Ij1`7IaT7$O$(tuKHJOZM%s-y9LFM)>D#6{p~e{JfnPu}%Avdwx(I zo*L-&ZncE<(yEPQgchz#obe{U!CIiSSa;4LLSv)praP-z^UwxYDDj?ZvmX?ymQIZj zOY$hz{=qhH@RAtq*(9h0KSBr%AG~J1((D5V?M15?SHqe}W0g4M+Y$~0`=)27jQae* z$9p}*Ya&;3&OP7~=0&=g$-BR0Yh6Y5Yh(#KE8>EEhDNii>(A>?^*W7@hz^&2&j z@=^l^0@m#(X79$}TotrdOd&5i?2b&J8Rx=j^XxDmmV2@wEuBU;C1*ZfK7G9|qi0~K z3^O!mPri(WV{KCLEad)RLEU+5_eaUHnK!CPL?=6K&xx`!H-TJp>XtUseL+#WAfk2D z4&Y`F*Y2*N6`W^P zl#v|DEQ+hTrb`CSdmSaIZF$Amj>jxG^m^;D^s#B~LLZ_-`1v7q{8?#Xxb{G>_tm-4 z?3iWL&I3mJ3ct=4vVkMcxIaU1qV*s)qH)ox}xZ`Nb|;!y@4w`VOl`bM}N2Ia?mW zn5}At+t{Pmi;nTn2b}~)YBq;13Hz35Ay@Uo#Dbd#U?kziLI}?osw7grSjXPtsy)#i z)m<3441LIfG2eytCkT8?^OkTfPnk#8tSLDh`Te}9lbIR-IF99?>C~7fIWd_qq*J9k zsT>uueVn|wqGn2VDAigJl7NzzC0v4FF?`;#?r#wTEpdm~nzqL4TMr9BdE^yGbp4Ag zYbHApPS?*y)oGg58Q)11u1im}%YWdcG|A{2eqW;ol}I3}FF02?sgT_heiKyzSfvh` zAvxNcyQOUE>@eCU(M%a8Xkih{@3gcyH%d}B4|#g~nfB`J`goI=PB5L|K%)OmE@W2a zdwBef^3CG?0Q-41RY%%<#}lInm`Ur7L*L6yC3n%>vu~@6I)3)tV_atpL&g$>GGNvF zE3JdJ4I>uw-hh+Iozcx8vZTmkSc@=P6RLSjzK@P35azj&SXX9Ya ztIbC*YRTX!!_2qIoG+KL43#E=oq}PH%>-3f`h{n(UmHacGWw%(qL9Vom*a<{Rlau= zA*!;Hn)Z&~TR-mP#%oVOSS90YJ|Hu42lGu}$O{rm)^+A4Os?K89Ai~4k3waTV{i(M7JpQk>7Bp)F z`H&=xuIKveGUGkij60O!*YhRsg(2m+B&@`0w;}~VAQpA7DQJcU#J`{`JR;9B_0V0b zh!=9`ZhOM$c)}_rnU7A*xp?6e*cVeF*y+kDvuwT&^af-`oSPVo;CBm;%nEq1auup4 z5+a*!{Nd22GCyQul=|qNMWoH7_VG}qgyC#$DfiTzk0+J+{A%fkzLZp*yNb-GnwJAx zwHu%-lP!_AG9fvvY4$i^I@r#<~$pQdh0|LULD4*7&yjRE_dJ@7R_VN%IJTt<@RA{;5|Tb(V8E zA$Oe@;=Wxti9OPtT#YYTZj&w3(!d$0JXx>0CK=ru0r zD7EUB6S=tBh-meGyKp{NYhC^|J|%y;R_HuA>D(OET?8+6CpOw%M5oZV+Q0$j?q-RK z1+asAKamJ~K8y`#N?lD3T{<%BPQ(b0S()A!`1Et^!LbeL%Fiod?i*|0Rq7P@za5%F0`51e0ZIpU%#z*VMT(2(?+r|w(j2E_hK*_>Cr zMo6h;VK!@FjLsx~NSTWz-I~EFN98Le5tki!lIyB=<-8kgIVwbEnp>q}M_3y*{*}H6 zv`H6^b8>&yG8MRtLw%%k!uXd5RKedM4wC*nr3_U z7x)-zBSTLr4XaP`1n?KWI4Td6#;~=C^GHb^yUJx3XZiA4)N;4T0JpHxIOZ9&s z2$=|2oP@2ndM|`u1q|f0#IhN&K)M)l{f;xAhw8N0!@W2wy+_0Ha*yBK_@nl6DY3w$ zEKs@mz$GAKsX=3lQlSn=Naq5&-UGblEuP$|?wuE=9U_{SZF> z`=)h}Of2)YMT8pCzCg>%%Vcf1TtXT6mga{I!!Kb3{U_Dt>w{6_8K!(6iXzulw*}U5 zLr=%h6a{mnC)zWO-P!v|59^XtLdD5zTVS^`nOUwlx=Q0{*a^wCc{XQeq_q_bYS9 zQz(7ykHQ+EM(`r{wImf|;yzw&IzV4ZIL}eT`+-?)n`j>$*36t&H^SEhWGaTCfX$wY ztsPfXM7Kn5urqGu_5AHJe;-~9-CbqiOCko1(Fmrt!6R8v@eK2kwGrS18*4n`K=__x z&Y|#C4`#&Y?&sQS9)@hd@Q}%tH~dw)lS$8Td!<&b1Lcfz#GCgQ39Z<+KTU0JIT|Pl z%c!ihqQL`1zFc*OgU?{s_1ldg;jpN4g}ZvcdriQwDG#Wt}5uKcKWjN+I3mTD_G~E^V6=YC#qDq1ll2Z=)>@|o2c;Aq?G)D z$Gj58P##V)m*MqnE|;Kinl7_x0CyxlZ5>MtfPp;1Q$~%~Tj)ZajYkUB-EcI5P-@gz zc>C;u;w1~eqWQZQ)7sa(4&Sy=cz#qP%1HbxVi_ z?PFdbh}g|1Ok-Kc-&O~>W7{$`VqlS9o)@s$3Tb9CC0g>FVE1J+P7qjc6I6I2wD z>(U5~B+<*NTLcWvhj1`@+m_DpR@Gh&-l>}HwhJXKr9YC>`-WC?etG?XlvYIY&PBIPO0S! zh81Kf21O2KY_V;Hui9I&xYqz^?>BK6FTt*X?^VO)h3Z@!>jNn4oGMdpY+kHp&+D`M z#}H7P#;iV&u1-rPZ;syv!L*R<&4xpmsQ#{&(Upf&VA#e*`yDfTj?BsHkrKbmEm{O5 z{&_8K*EU(so!`Hob*do14FVKh%$@jU767{v=iY#?F%#_M5mM}ZJ!DpTzdF{>m@XEa z*3trEED(?u0qwjmq2_?;h|AfnrF+;ph00gs1`zspt=i3<<7Tz?Xtn!|&J+ED%zk!9 zfgLQDuTk8^CzrHZlHk5^-gP9?AhhgBC2!KPYr?0nSmP}JlVJA+u?`((Ra5n1h&XVJ z_+iq3Womgem0$g5KLkX#f@Q|P8{@ilKRej*ylrP|M$A!H=QRaN)oAO^x{t3(#2;P| z2$Yu2j&+2rT%)JYA7f-(GFUi*uJ#NJE*I@rDeiLiFpsyjI?lIjhC|1F@}CHnu1`qZ z1X6Cxo2#7T?8Y4Dgyn1u1rva9SA zakqZGTzi<2g57yAUiLoViETi{sY@b%{AH}qM9pDB6kO?X|Gx4S-*`813F zDUomYh#UxBJWubdNo;IvY+ExkzMQo^vD1{#B_?KcfJ39AR3&Jrud`K%hmbQ3evM-8 zluj2D7q^JoJJnG#l|sl#L@4&5bt3npi$hAn<(1z`+I?&d#hwPuUs9>gbeZ*~%bMWV zuSIm7oe3!(P7Y>al-3pveG z{OOb{c)jHTKoU!{K7lrcI9(F`k(hrfsDJGbG)e(a)o1|V zUV}ee<8Orir%zuj2?$@bS&Bxl|4lSVwOqk7tYyTsjOqtKd#WJ)3&;OM8hGM=YE0u9 zCd)c?i1uHym48hH#5dj+6B3_`Dc+%m{XuKUf4Jx${w?syJt^*-ClxYFWT!mIUr7Vr z?>(2c%0H3?{AS5NEaA_}=0?*2`LlU$0$kC`9foBh)ZpiB{Ii$3KBiE;b%TYppJeOxN#Py`u5^XWO#W{y>)(;(jkBcq0CN^CmhcBi@;4{= zC!T0bzhf;hQ{UOYN#b7`zGJNh(a7vmZA1TE$oqF~ORD8NIBl5>+5Yn?^T)E`DGC6c za}rhlb^PF8E$#b+Dyb5%H`H7Pna!ND?XjvRCMLyiB0B^d(-`B8rDgu=-}}e+eW52n z6&Uw-CJM%|>v9T*zo?5GpyjAc>3HGcMCJb`r9wISBKThVRa-riYS+x4*0 zI%j^(2Y-`Mi|G*HH;KbY39XjB9zA*)K`)#>H8s`Rb`zFdt_ld0X9YjbamNhSm4D&L zo1OJ?27cxe&z0tPjDSLnO%XOKDU%u15)$kA!>JrdUQV*jQl9TM$p11?so-m`E+Vp> z2lEH0N5KP<{>N~C_J_jaq`5{haQo5X@RY77ZH&P{UmvE+;CSs`jH}9g*=;tXvnIJ2 z<0umQ)`*xA(qowzdk@9I&tK~*JRDP_SNDe~)xV*zd!O_TD%a%qk`W*Cg)!}rF81aA z1?4%HqBot^$MuIO59QRFhloR$CpRm)e734-mxnS6q1W6>zfjjaTlsV{P4p?K+ub&r?JRWvSMouJeKo5 z#E^WROX)3w>li;deu-)sR6rcT**Q;~>E`W@M_?kWo(dJ5j6T^K#=x~vV=J+w>8;PH z!Zm<+5wgR_9^G97x)}Cm(`K<>`SiV{;6Q(voxNHI>s`^wRUuqO+Y|JdXo}*Q4mo&gkF_SLXi%kiHIm& zI-z%x0Fe?pL`8Zhgx;hRnv~GXmwWHbz0R8X&ARigx&LInYeC>W=j^k~v-f`X3j>4% z^mN+&u>QQp8m;~CqjFn3QX4hp!zJsVLo*oG*f>xIk1AP6$y{Frv398coh&+8b!KFH z58^Onw#^}`HBQr*YPo+aGD5cAP*4735@j=d^k66U{U68oAD^PVFPmQ!4}M4g#c$vt zHNUCx#>Pgi-*M%{#6%q7f|)e>ikA=r9~I8EMj=#^1)c5oB?!n}x=-BtYABjONNgD8dUn=f!pj>Q$Y-W%9};s`_8 zk46_-_v{YY%XiTYHoJISR$0{tKIetrc+kdi)}8c1nA)isu(IuMehr`xM-8P$O+!T( zZUvr;awgIh25EH>iDu8L@0jpbLg&9axz^boPGLX~PcXul-_*L;CPUq!IXtYOLWd}8 zmtpetu`**yAJky;p%H%1m1%JufSWX`;bUcF^xQcSubr6^D={Hi^aSn)qY?fg{D{yeb*_FH>f zpvt`)Su3599bYCj6DiaNN{#s2B@qjoM9JAHZbbjyr2O;}zhMG*Cod7yUfd7?^CLtU zgwGlE{B4C$DuDo%h*0JmT$A*4K!OfVtFJHeA{K8D_07O__Id72fbVj|+F8!~#YDh7 zI`Z+`b!%KsQ?L93vS5F3G0ZexeKH|~m_kwvGFPQyUB_J93r)MsQ!WxSVb~G=nn6;0 z9kb$Xqz`u^BKZzAK03(66)W^C2Q$u9Jr~)dAKAJRhB9zDD6|81lC<#(=6<^I>Q%ii zQ+1IwrqWg)?<*jl0*5XcG>AI{Ss&p0K4*{S6>5;L3hCVx$AK_q&Ms9^j^C9daE0L0 z1Oi_P321vkzxi84%(UkYe&~}z8F&9Pq{)#fLrmlss^PLulElK{m>{kJuiO?9UZzCH z?yf=quv}w2%K7lv1r_G_IF^QduvVASPr^KY>MR>s17)YLh|4o}TTeVsf+s)y47bja zNT$5sgtYrSaJmf#XwE@~BJJc1;`vi_undud$E&9mQhYD;avPzeMw`VGIW|W12nz=G z*7>EYe;ij}++{U?S8Y+J)^}bFu~pO1-odpuX`$4g?q}oD%)5R=$X=j6e`FP+wu@ER zq~I*L&?LG-DBQzJAj7Z=?Z4>_LTaPh!#?uNQ%IZKIVhl*e{9v&XLU*24vBYK=nmP90%%m&opz*v%zTEUTCTNTot zU_Sfi48P+&gOA*Jo?hvFV_fovMPzPzdt+3J&k4M;7pgZUHNSnZ?gja^@bwpm%u+5e zfTlj@VoMW|&O06@D$))LN*K>I(37M(%{TpK39l?T zV%3iPE}bz@95!BY;u~F~;?*YLPG70d1gOK6v$Dhw3oKv?e`E#>mM;-m@eVxcoC4dI zG>yrA{C=U<1YThnwZ=$G+Mzu(^aaQ(U5493rNOkR^P=84#>C!K0lf;ISgd~;h+c(w z<<`?DlyR)CjkeWCfCG%fl+iA>(3_+nB>jF`akIQ3Cy(^~A1&CPYrk8bN7ghWl+kYA zw2eYipWfwQxyw!Y+t2nN-{lf~LQtKYOTbfY)ZVKFVIuzkDTi~vky|>yQH(@8U-nQt z(b`jM1`IA)xeIT+l&F6dnJwt(Y5TAI^#9&z|9p|^;pI1624$A;jJJWA<|(#>LnR}! zA|qW`S%KYRRcfOW3+40r>3+9&Bp(=|1Q=gk43OOIF+##a)fEo4i;H`L z@^O~$t=8`)`VYt5lirQldf}sx!3CN);`OWWkE%)k^f?HA^mPYxw&6)LF2eivk}nL@ zQk!n1&T6Rm^8|+WD_v(@>K>7YfJ*1@^JV(EiE9&z`IM2}l%58;DKsY{D%$UF+7@o~ z5q}t(RF?ZV6a?^Dd?7xfKjb1glO%r6Gi#ahn-D_)fFFIPqShJSqLmKqzmVEE?$J}< zGu3Xypo{E>erW8l&d8j7o0szyQ0K#+_MR)7u9Mj4lABTz0A^+6L!p`sP?z?TqAWfW z;!xS^QD;+%%DD0BMVUw%#ZXv|PbZ&sa6>1i0|d@_J-IYzqhmW`dim)SnEpj%^=@h& z3Fvf;9{`U~H>Uq7)kC2;b27zCKUf?A(m~oAvy{L@YwL5meKzl4CL1Bo%AewOVru~l zb3g-fD60Q$Fax#aow;VU$4j&@xy#HBqW)qA68VX^p~BqS?su(4kpsP}OKtn8mKMN9 zC|q}y)ty;Tf#jl`c^LS-FaPNwSuLG^ff}Zx;bKY>#)%;jg=AzXfB+CUSC-p@D9X(w zjH(rnOs`%fLI{=|SCY&gpCSBPC})1TC1PxWNxJMBp33XZcomRY-HH+IzVK4 z(sz1QjGoS42a$hG7XtxwqZdR#_yp^KTIGH;nPL^k%x4jnhu$O>;U(sm#E@Au>pr%l zdI9>v!_ch}?awEYt`U`F4gSxX>QGvEB^ij{!RBJ^{U&~JcL;$KZYykYx^Pv*9=2~? zG-So{+G{uN$T<*j`T-Ws|I6D2Dn7e=GK7Ynv|3TyOFilF5CLteDNHst0_)=D7&d04AFnDrokuK+A{ho=#nCDXcP#h;}=P|g) z4|yuu=X+gZtHLUyglWY_EyJI!Zz4Ue)x)mWh8ecA%8xK)#fZCHY;Z_rIrm@b5qDAA zw@Vg%aZ>YRl^DO?r==4i0Uxr@+z4U^Zyx3bv9~6CXZXV+{HLe3Yef04)d{xyxoYW! zER_p68#Z@2^z?>vMKba$b_-cl8C33<``xm8U~uooC(lSj3VnDgHPmi?5Yk~4pp5pf z(GCkIF->)0H48lNxrvirPzJ1sD_!J4A3wE^-fkQO=>Kde)d#^iw;?-SkIZZO_-quf>A{hv&_u zcwThJu^L%5tf!f{`ky~K4;};x6pUC5JnJ@e(Z0^t3;GQF5G0_W@OF7owUc4b!M?l$ z%UW3vFskY*_n2UsD;`$BqMuyf34J|{q@VWS+Qiu=_v^d3`Fu(BaNnec$?xLU6v7mG zbGP@~TKy_;o8S(k%C}D|3)#tPn@*?2Jid<;Dx7u_OG~1E)e6SXoSokPmIZAjA4CQ8l+)JYuFW?LtV~g zNOf>3Z5DCZxqTqxPYfh?wEv|d( z-nq};$~Y$GTvglU5Y6XM?LEs)VAwO_%QMqR(;C$l$q3^+5j5&P@-2d-5!+g$Z5Fcc zuAe(bw0JndW&mb5y!mL{*x`$@9>3ysr2&g$ejz_Bc;SK$1n;1_Y^J96G7&$ws9s@@ zagN{d8zZeu8uK&Eb31NvMBxCBYs}V)R!-rZh@0VCOGwd`5LslQ+|;fZUuk93{GTLN zWh#246qu>PTUuTY94azkw$Bm#F|=`Jhr2ehvTJ)Z{{>;SipxQjhjaiIUmk2zBUZb5 zbxCT<3MQxR`leQDZ%)aL zhNlF1UT0^6IWlG=I?M>VI`B+g;a&`{Jze`3pUbXx`@lrMk|XDZ40a^0}n{ar`PC9z_S@0a8Er3$Q@Xu;cA zL-fW+YSFzp$5+9VdKm4yY>!sgS7lcwu_3$LUmbATe2Wqlp)2izy|`77yYL=KKzI4J z6_JQX3738!R*V?+F-@M&qA~OGXfjVbBTUhzd=FZqkjL|z+xLR>?G%BfCej4>aZhNj zM4$$O(rmc1Qvn`Rf^E#WIoFOmyRD}ycbK|`PZgPACnB|2Gqj8K%u_7G_b(dmro)OVN>0$TqL28mgP9kpJ* z%#VQMv(4lz*PS1CoPJoRo&FV=ib{C2+bM3mQ>ACJzf3zgI#vg^W#q>nS!bWf;o#3E z!lX7D7pjn(gBW>TJM*yR*Fdeewbu^yP5IS_mrG=vseKX&3~`$vyOm`Vh@ZE7o`+1* zkn40cd7fbGD|-s^3B(!Vdf}snEhwPS)Odv~ezm3B$TedK&w`+)x|#R#;@HaJo&Kr3 zj4+w&?-B3mem}bZWN{x6vakA-r0^#nZn=1P^jJ!x116szPv-0+dFk>OKYhM=lYQH)nF%Ljqqo|Me&3`cD6-QTCkXD8JQSYtQ zNzo%Zh3hBB+&IZ%=(82AXVdLZO#g|qKr^}5d@FWcEmKmpXz>?(kophgxAZbRfemG^RiCQ8QXaLp4LJ4&KSxr za4`~>eY%ur7m3XCv^Qw{Blpf!|C;k|6Cd!$U`eBMVCJn#^LAw7d`tn*_-^3{-V`-0 zVC@OokC_{&ko=OVL;(@~1%uwqo7QcoGIj49=LaJ=?@dur+vOOyI<_d+pv#9$h0y5Y zOpjkZ%5aWX_J_h2Qsp|mBF$7x{_L;33QF>JyT9SbykJq##m4=rXOrt-NXAX&qsk9gFHzS~!1w(hYu1T^18**aT#`pJBTB)*^9}KO zZ{xchz>NUf^~8v@Fk-#(dTT19SXAp}PCR=h-){?L;tgD7Uxb?VXj(iG3M(yhixQ>A zW1mEvZ->(e^Sks$h%`_+858~v=RD4HjQKX(IR6oBATa@}sG!gxzWLnM9JCZRbtMK9%P$ahJww8VN#Fwo!YU9w*3^p@eIiZP6UJP(ub zg$va6g0)Z+(6j#O4io=R>0#bRzM;VeKQW^}3V+=IyeSQy_;jZCdZoC9H|Clx^g#ll zHn>4oWj(>SfYpWw+cOs<^N=WI(H9h5)0o>KR_%q53nqJBELc#JxLoYLGiFrOyJTxq zYHuiZhSf&Vp>!9<)d#LkhtjONO3(2T>Is8dnn)LJO}uA@?1;LW?r(cCrB`vJc70tq zPXi$74z%ud-g!DhU=F1jdN+E${6eFU>vrqxsZG~V#48{Ne7T*|=EKNnwG;4eVgLF# zuI}|4XsLgtQk{59v9g$}-R2WN=amGU8lB~J5$b?bSa(px!X^R&#!9$zTkT3(!wq*7 zE@P1}r-bXk+|B$ak4w#Wwtnq1{51>qK=f0cVdq*hc0-CQn4h3)_!6{B1v=P zezOTBpt-*|Nqij#djV6)#=_X<%c@TL57**vjEd95x!&UE5Y(|I*bSxA=O|6f-@G~w zB3acD^Qn!VK-KucNriv_VRewqR{FR#IMHM)AWz`5@g#V|C`A5 zi?rzugiTONaU>PqzxBrsGrcEV(cMyy8G$*H_t57~Wl6DVYLgOn?lM)}O%lij2Br68Rzl82c&r8ng%nZL8?tWFl>wE}kPrX^T^Jww6l&++K| z6%CCfT;%z)b+QN73*BD0$abH+Of7lqq}$`xxcG8i3=-9kvtK3%`Oy>^CM{MS<8(P=5<;dT%u*)X0 zd-m#;cSq{+$#BaiCFi9eK`W&d-#(nHSxV9uL2`%i3~WtwnD^HEn_e{@f(4kNse%QA z$}F}XaN#G0vm@tmNQBTE`MqTW6*GPZrhwS4KbiTaGyFXENP__VX})^(DK%~Lezp2L zn%b(C>G8>j`<3fHeCw7{IkR>XZ(aGBfsA%(WtPZnB7-%zja4(A(5Hl^%)#~Lka}L- z2j$TXk2q0u4~^2Vd(`d@<1JlS(Qz!&<7+j;{Nv zRS}7RC;E6@+Q*d~1`gRuycjJ0C|$fuc{OfB@^N$O8h+=J8SnARlkD_&A*mQe7Gk^M zU?ZBYpvm{q6c3AOgRS+T9?OmjrK~dzjx?J&$ zv^eEPJ)Mak$_}BV_~GOAG2E(aI<($8i_0hfp9ktb@;Q@=03mtRiJ zznc@~5oM%?7b_xDf}Y(Z?TC5D`VTWX^ODTc8JR`aQVO50U8rTW8;xoEvHb7`Blo;+ zUof@Ajoa2Azn??_tvWPIEjqp!xh8A@A{iZan+_rtPqw&g-0w*w6>@f?Y6UtF!t?9tTRH|J+3ge4EM&+Lr}gO&9PCNPyC6`f zTbj+u#?_VU1c`^(G`!{%IFq_Srl zAKB=ikg#>oBeK~Qzo!3G^JXBlo;^@OyZTV_ncom$E6S*XV?gvTiH4hoqR`gY+6s z7)P9ocZ!ltZC9N%aCsPALA%B~v0#v*X1&uXuXHBF98UcV`*p-DI}0R=A+P{{(aXo@ zDTSs#X^=m3$-h1YhV#rUEhXCTtgo$UXFs_@$n~EdZ=xmqj@-(;4L(*p!l~b9H`&-y zLpk>?4=ckkWux?!Bl7FuMBU|u^Kg=J8+xZiKzh&fd!GmQE&T8`TyVcIiH_A&ul!Tn{LxJ60B^5X`0@d6kQIn;9L1tDHzS}S%^ zHW!!^y`~W9x|ps_^5mm)7KSN^3V=3?DO0q2QrA$Uu4Y zKA+uqYgmQsH-(_YYXY)eOh#f4W^&a`uM6-Kzg6H8+)g-rFc>!zgRUm49_!?^v52s% zS7KqS!2XC$(J+!*~wO6DKgZzF4mMI+3b4@ z0}O2@Yc^i;ZlxR6#M@zVwwXlegl6t}=pZh2U~g=;ud&1R$dLmW2LKI`U8 zIc2e(>LT3HYq-;+u#R;%qvJ{>W`N%bG`@ET7X-zH3gfb5oc8oK(~EVa2*BHExiWLl z$zuZ34dP4h6Ov1+j>iNH(zeBjdeEWY9>qw*G0heq-_54sgB~xmV({0_;FbI(HAe<; zU}^Pk0(f+}sIHurr8W`mp4NIB9+=H0GQ@eh_vI^tE6$$@Tt06Anv#z}gWB1K-;M0< z)><)r<1%pocw0yD5}f-*H&5LwscP zT`)cd01yVcYA^LF+^1YdC8>e57UA*s!sg}-4Fj$p49Q>VMd^V%n(nCttQjLHJdY4^ zO9Y7R&MDB}uw^b+0$PQ;4d9y4FuUfZEPlMFiz>LfyqJvMZLhC!!Br|@=yUyzqagt? zV}f?S2J;la7d>B_I%109V@a)P-*`(sxr!R|Tx@5Nlx~Y2ygSNUx0Y&;<2(zFK#7}o z8b%#I9l1M{$ZhN$ZSJQTHd;1FLHvspkkonvcWo&BxOUz#r>vwCGoX@UCZRR7EJ)`+oeqlJU<;K zM#zWg;p6l~4$sTwg?fnLxlX&CPl`a-lK&8c|MWyC=KCf8IXY?(aDH0lI9bc8H@uvv zZ8PI2{Ue|98ji0$W4-iQQ}$E4QQUJ-l|GjSP8_u&qaIPYtA#vgHM1MFM%pdaM**r= z1t&>S9~1Y5a6)#dF&cr5CrVA0n=P*QO_M{skkiX} zr`?1WPf$UDbm}dg80Ao$3YH&T%C?Ujf=g$+5I_`I$1m$03bOr!1|bGu;D=GetwV_jW6HbZMdG{K!ADT>;zTZL zwbQrwfwTTGi15*uqs_$b{{5}78E>}_8@2^+7Zw1WZyW^jsPF}n%qj&nD1`?F+ z6WHIOHk7f+s`L{CGMm-&)fH`Q^PRq#N|Dq4Hb33%^{*rF3xF{oC)CI8xy;dSYfhbg+47P6;O$_kivD5Q`m8mM;a1v$>iaW1N^cBJ;Y z^|dH?0~|J5p#s@xA{NFt^av0>?waarL@lJ3I7aZ%aQ zaq-$}*3Phe9Iw+&?7Gy`i_=_IIt*?9)H(K#BDjC8qO!acm?G-LHrjPSfYj+!0yCL* z=NA_VBgxNw#)@E(A=0Clh%YPTd9u6-3W^_RSrCmX*cXBEdk6lAwg74DkW;U1eMqRp ztI4qZ)CTpR)X5)){ZBnHy?>;w9jB7<{yk}Ma4@Ho)P$7Nm=~cmkZ0^ghmA#Sk5hZa zh}`biM!(}OAwt3WFZp}p>%fPFEQ*o8KzFx@-w5Wh>P=N__^Uog@fMGBX=cA25V|{< z_xf+Y6kfvU_Ut-T7q4-?^4fYfsUZ>pK|OnCFB|cflv#Rt5#@h=N+?e2fC3OTH}kD9 zz6m@AOr|-4qX}1tHZ9{FjN$@8)^Z!1`e_zz_uLu5* za>x!MLM02AX}woRvc8Wx(G!wd_C`hYr{bUjk&UzIoM{ciKU;nGt1AApA3vUvULqz2 z5$J29o)~F?-=?G(fef@vGMLlWj^vl6WB+H1{O8sGxJ_DJTbr-UKRG#x$xCmA z-8ycCmG4sjDLMS_MLLG&$KKu$VUQJ}sW{b*m|IIVFmrpp-9n*fw{v!RnK0L(uMXa) zy{DN(N{r`NyFB)1xA4FFz0dMAp9qOELdg=d3->_d;cRo*>cQ5W-E~573xO-(m_y}K z5QJ)v$l<4C)&Efl_22IS;TwTgBme(a);_ba5Lz1)t@ZkD{3D$GU+xw`7QOCVCJ2PshWpX)^|5tH| z3MX_h{*TMs2Nc1V{=o(CPa8w%3%`4NaISiIMd+{4V}!Lz2@?7oAeJ7N$$u)K_+K7M zV5{cmGv_s7zrVyNJetwG`Kh#2K$LawSksPn-Rl)mC50o<{@)Je{U7Km6{4++vI+_c z2AN3-a|O-4;Ex}JRelj_m2&Qtf1aK5ucGtcUYEZS{X#96nNv9SFj96U?Loy2NTR8> zHWjDVWvUy5Zn9@i19e29WL&Inauf~k-%u&==->GC`ptc!ti-;HxzT6cj${S{A~$3R zsnvUuu1iy%8z*1IQ<7_T2z}s>W*$>j14e=N_C?}!+S_k6C}zF;ZB{R@6(g1Ysu8Mf zpbNkOcA#A0w|Vt^OO1R7BO{}oEJszEcx)^CR0C}_xII&@>FdVnX#Zc-*0TX5yg@-y z(rv;KCd=mJ0fHBz!heCU&oqP%-|eEBHUV3ruXkw0sgq^|kM|Z`+cM z$UqCa4gMNM`znAm>DJ>?sWGAlL6C}o^Hk}-LVJ9czVR&mZyhZyY?Dk6kSUG|9x|VZ z_9*OoSH%8`fA=>cioi$aWd+}QLuTT{f>p>ytjlDue=fc9|8w)pG+tY37`%VZ@z;n0 zfpx2#a6BDFxAA|~8UlH!?$T+~nBOA%|5^W^aah`l{??u;$oG2PeJ# zYr2LBms^ngkziq0s3!AYwnuUoj(Nfr{xUI|NheE{a95(`H-3hqkn!Gb8y*(L`t6rR zTWaiUWmx<*8s^6hvP&c++z%c+Ay9@TA`sw&jF&1Z;XN6$8K8-ZTaS~uGOm&-p(0=p zJvS!G%FC5q&nG7y3l`SFlW*{&?jta}MJ^<5!1c3F}vr5@CBvpl#9B*B@b7h#rka_1Xs=!~88P ziof1p-zZcri4<_Dh-%2W-Og|fKp^?&O#2et<-41&l2rENSon@CS9s!GU7wl8yZ^Lb zOwR&GmS6bouP8Z;?uA`XCmq24xb3~fl}Xk+sEw%P)sd(Qqp5Jn&08`S_BmCGcT=4! zW8pJoF>1(7)7!DbEY_4=JvMTu-&4YT8%4aU^c4{4KK&p$n~elD-47@}UZhPE^Hk-V z^2S?sKgIRu1iMJ;o5~uW?fY~mRmq`GU7v{Bo8a~HmIm{c)un;oSOiiJg@gq59k29# z#hT%!Etae{zvr;02WX~2Ds;b8+~J9g^JP&RUql!8Uyxmaab~Q4v+WHt1t+X%+iECoa=a{g{{KKrr$u&7JKJ4P2YotZJ#>erbG1y$o;ke0bJf$rx`Yl${_NiG@A1!Z#E;ikPRi{{ z^7+Pdn`}y8&w@CiqD3bcJ&1=q_dzpC?rSv~3ea%OxAZ8Z>1gQBj^d9t(j-dpG_kD0 zwlu;reiC3Yl4CM(;bg?P{P)B}!9Uj(5Kv30EA?<{TsNEj`yv$o~B7A)wC8r}&6n z4rS&5(+gb~%wq{4422s#vgoz*t9%i?<}hnya%ht`wwKNtV&1zNG1a|r)5l=C#4!7N zng^)wYcoijyR)*bjwQ?Fa4v;& zO0rq=CKSZjse8hOqnImUA>UHPF9bK;xkq1m5Ts4{SRwe%07=8~>M_eO&-hfC`&p|{ znI~^CA0vo$UErfPb#Zcq-)hH(_i2UiJ|~v0?EMpss@YF}6vX_)-S^bFyFG@4+B|sU z;$A*HU7qk9Kg+&egCJr3yH`XJ_bA+&=W1L~Vh-Qt4(8*JS}xr7BMLg7%-t29e=j~0 zl7Z3XuGrkuC|%V!5B#&&5Wk9V&xo)Fb0Jb$6PJO^7c;1BVw3%?nzyvVZaQ;nBz|qO z@)6@eO~(B*Ba(zO!-q_j4;d;SGWi(VGt}TZ*3yaN?(_`+0|BmrthrC4xHieI0oFaum#CSXk3(dHN(3N2=ao~B<0wZB2g9ciyua$Ux0pJiP`(e$6PC}KcUvBOO!%+HMLW@-@2-{QTxC%BOQc=KQ`B_%}Ctm?Vn*i)-L?=ssSTr zbqndnQ2qzu1F zqnTh5%oG?=`4;d%ek}A1z95tyvScq#`P0t-?4r%&f5u)6n4V~Ru|8798&e#1@~$G@ z=IhAzHR#0NM%V6YB}L5RrU~_k!H(eKxZ;O%XrWAV(Vyfks_2onW$xjGL&OthK0ZD= zi6q>7Z-y-A%{W*f=e;<)=jk^(sF2S-)(Lqm^h*15wbo&nrC5FQa)~0>@eC9 z-|6@sG~Au>MbR3(k9sC8UZkjXp96DUvY?)R5Eb{8-yXZ|nzdLv)N<`w67s#6-HZ{c zYyDP$7ZoU1rn$ilw5nK3zt0sBT zcJ>&(MbdTRE}a&2ZYF=)o*Vz(NhN$ox#dC45a0KLCaa~S;}Ukl_Oc6|mQ|it0eh?T z1!_h|C)9vrKSN=kSsuJl+9p&le7JT#2_@zF*cNvKx4qE0_*O&QbwO)uws`>uJ@YB~ z;J}PkKUTzlE1#`bw>M)!2WPBguq;_-@FL-&-ttv%HkPNfo6f@qD>p^i8C`}8gitd( z#bi>hIwezw+Ib!yPidy}+X{hlhG-FXih{QJ1MlFzoA=EKOqvN&&Hv4u&<(c41JF zbB%>}yx6zIbZBG8{v`6>??#}a?u#B;_HYtoZ@kCF)mxY2ZKvfc!NlO5c}Cp4-t^b? zZ?v&)EFx;;#Mn{}G$ul>o5WUbCrguxVrKRqbtKx|F+IbU7ht^x=3x=gd8HHM~@fVKRz-cNxHNUT^ zkx3`|s&}{pwTd5Kq-|@MM?lYXBjTuUDIIm;^%VDsIvne7&?Q;(a`Le~sVh-f{s5}U z8?jYr8EfyCi6HTH?uTLmK1H@t$4nPpa9Mi%LZWQ#_h3kn{S#bAzPJbQL})z3cKa)K z%;!g(d78`e3Iu8Q3^~k0{4(v>qCB7fOuLTa&TxbnJ2fBvt?9~$Q3Tg<5(Pbk?-9A# z)xIS64BT!i1!|GRBLC_p)DV4=*5%HXwTHKmoELRy^w^Lz-@wGWL&3J23C{y4o`z%$ zj0Imf0*yOKxPONlyHaaS4nyGkV4avq&$$6JsJLB;v(xcwIrBT(g@bdDJQIFENsMTg zTB=8J3LX0;LW9?s%&o#zZ5zC|* zTL9*miKhb3qREiz*BO>1&X&JQ6bNZQA68+d0j9klT>Vf^$-L3{1y=i&m)2DDCEwYohZiNoti5o@L z9QuEB*5hc}GzIst!!Sj^Ua<*LqWl-G| z33Uv96`mRds8asaqM{EEP&dmp&b4gDM|V`2x(&j5Dku~5G0+_OWcbl{KgFG1Uj{Gd|vatPh?PXp(UiT*~i zddfp|!&&Tn&w5O`fO!dH`y233@j0YChM~X;hp-brKckzf^1HXqckOE=LO zWuF@rm}B|zZ|oN#B_T=MwrrXR*q`j$#~9w8Q`J=&MxT|Vyj!P3J@z!qW#+Io`G^G7 z^df%$v10C<9$Y$kk;IW}IoTy!o6;?4X1fCQQ$yP~(}Y0;GvO24@xY8NW}Mye#qE?C zB%{wo>IK{IV7tDjEIuOf7G>W%=q8O+*2b5yXA;6-!hPS45_pMB+fMY=a=Ok?Vi+t< z#mH1RgxtplcMem5qlXGjC$AZ0esSYv)cisu&bD2I!#cnY!~^(QvAlzp`7{(f1=Y)l zBlCWHhXd=7$P6@FfqjimDTooZ*{{Z0K6yvfwCbt5j=yJ~VVY6i2kuHPjtNbSj8TrD zp^LK~>-z}DL4 zm`G~Bxrzjpv=UzQNuFz>d{@f{Nr$y^yKzqjO3}lgY1;_xsGsA0w8tHAqF75O;vV80 z`5ZS|Zhwr9mXvtQ+0tM-i~O|d&d>CD&TLFtkx`K+et(YNZX|@iZG7XMM?i!2g~YE5 zsnY9|WJiY=$&+gp$m=3BGT6hoa9?lw?JVf7qldHsw@l4HkR9qV)`eye$6a28dUwPBsVC`QYRfBo07cX}6zR_9EC;ai=#vzoQyrj4A zBe1dnTa#3BAM%sO1sQqc`Qo>uma3B&YW+`Z6}%XXXlv>w&lWnD zGES_!ASU_^VLr)orbpZ(2Nght{S=CsTNKNL5fa`2uYId_0<<*b0`8i87nNhPppEcJ z0K{<9b)H=n&Ak@$cy!E%?n9;)d2IHph3G7aJ4^_&bdo{%OB0hQckO;bb(qy~m3FIF z|9xlYU9Q{|qYrtUvMeQMg&cDR(^H<)+Qpq;7D-%950#dKTO6V5fxWe}tbo*J{A2!IVm-+U9gL_kbv3wQ z(O1GmQGVNY>;1t6&{6r|X7@$K14xW2I_mE%PLbB@07ko~9403`X)& zhMHyaMb;q*eMdb)<5{lqyy zOR#Vq1F;=^cLTL~oNyG^fgFjx>sJMWAECFRh-5NgzG@z@y(qa~PCHOheP;E8EW>_M zN1@(_gSXT1(-4JHUK`MC?_+v1Zh`ihwCdb5Mo_mWHp;@M?VOfwI&HI1D{GBR;-Kzh zwOvYysCP?}>d4c?vuhfw{#WDXVEMQmHTH#9?*|$)hCn^X()i&+x}$1`LlsXcu3cHx z6@h1HNveJf0L-}wZ1Hrmf1B^InTc1l$JT>I@w~BSqTx1!DZ@qB1Pgb3tuva3yN4Z< zmiKGi|M^^D=G)PS#ddLtMuP$0dSmtL(a1UVF=6il3AK_GRzFhlMjdIAjW}>JyLOJH zNPO=c7q~=Eh+dwWdbPZ_p7%+G<3G*(d0RVZ=Ij;XodmeLeATh4TDNC&iz z;Mdts4|=I%9$W1VKlyhkY~VNzL0#+RZ`9FU31)L+C?0YmPYl>MKJx6;Za9BQp-|-B zSE`f-aD?zTr;g`%Dyj^=KC40XpjEZdIdXf5@j`yA>wztPHx%0fYXUUxTT+J|>F7Yv z#dN1TtKT9Q=*6vK-nhmM$LVfaR2J7%*~+}{ulnHRq4#~s5cIjusZD17EfHJq;PE60 ztRsKa#gj81CUk;w)zDLINKy@>^*481oPlz~qCRkYL^h6{G%p?1nklME(d6YRFSZQ3 z3*qQ{$MW$67RQh~gV{!&?)>RSFPA9ny4MbI_#NhLGig-?6URtr*?RvN;*%P)_zZ|v zUb#5p#lXSgLC&a6A2PgU^4pViAX1IRy}{nKLDHc*e7scRM<*yEz4Gy8dJipRKA@XK zqP`-dg^yIb_2s6WO7NS|dKYbF887wmH>p^sSIpQR#|NL(=O&k@+1-cHjlFQ?bIon% z$iAuzz=~zRxl?RM%3xo$I@mB_Zv{sEI2f=t+0GTqpVGs8rZd-iz&U~_A>MVcE@`6p zNz>i%s<26RJG6T!>QM=ome_7@v>gEwrIYl2`nal--=(eb3CAa6&Dtb%yc1qu%!XG7*w zs$3$~e6ElN0R^6`KSeRRq~D&V2@RKdb{fm|6JJapPBmo!Y$1Tqp^8u9EvUJx6+4D+ zl|0tCLoCayA9&1l1ms|=HD`5C3iQ73qx_vuu5LQ_->ap+<)C>lB{6Z}Xmu|Gz(V~> zOuu_7!=hfB){I;D{?p364OnF$l-bcQ?IC%PYpfFlX>6$|6kIbCXrPnsyk&U!fIMQbXmkm^svyT)gjt()l)k z1zC2vr6o5{)l@^=edRr5nzj2{jhsdKa8<>Kim`x-y)@6E`ZJyG@8xjU)B@u>J=Y?;2;X1hC8Or~t&z zF;6g+k(iptz3r`S;G-`|*lj=O`ls~XSMxazeszmM{n`BD@+mW6O@&*;r8+Pzoe~l#XuE38&HR=7 z&fhBcgceuGqoiCaBhD?(SGd$yT8r@&4lT?$bY|my`90g#cn0_&G6kgj0o}-<34a59 zaEE0U$4`&4Mw_PY)r{$=R4bO;hZNb1`x%|H`fXc8pWv(s2uJC;@2?y&QpQ9dhtK;a zKEI&0Kh+$NX7ilZg?t&W-WT@E(*{3ENc~Yfoi*gI=XW-)V8t!0#f$qkt=1N-Zz87E32jlX>=yQ5Zg8#miK! zn)vxY)W^%{7fz8FJP`sNSBYH2PApkZ_Bj1tb7jJ=YrqdnnQV0djZ?{%gI zUa&=DsXbABlyS|{!UB16xKqHrIiD;qo~AO_<-mi3rlX1{0~8|I{NWoqv+N`ZOv6AO zUu@y%IK9xi6EBk%C+FUR?0NtDV1y3xlcLsWG4~3dJI7h{yPgPLtgs@(^Yk%9jQWY# zmK2hF2zbHBO`DOEFs5vdccBPFP<5 zEQW>YN<_3#{hZkP+{E=l^?o6tJgXCnU#z=Afl$y*qixT0lo#Z(L{?s&*2qefWMh4! zbZzcsZCix$gwkO$(%DWS;79D#9ht|xW^m+E1|Pd<-9e&x%rKv8=jDK@vX0*(ms@v8rkkr}PHEQ!~d@jAGF=Mpb!-5tX+Rs8RFE*y1xYWO~ zSOeq(VMb%6KR1nz5mjE_qClF<^%j_L#!HKLH0BMIn61pbxvYiR?*e$JP1#GayY?9& zsh{Ts#}&U4Z5Zy|z89UQ+@D*UxEGdcXYMMk9+)-;0HNKnwk` zlx7~W6X7HgrTxQ}kZx%i>A~(-`7W5*Bwl=HUWGX{rt)2@F`ABJ)X?6|w|0bJ5Zh$|!RKv2k2gdB zP>fg_DW~UXU4nL4Ku?RJ?$JP45@*ztE5DnTM^A}7BE1QDGu9!$e5-q^e*5YUjkijM z89i5eqd7($>GCDa*oWSqhlhp5BYK~QeH}PG%1a?oX?gFrU8k>KGS`x{*{mHaJ4?%T zkZhHD{vq?$)eMl1KE$W0QSg?OJKjApr@(2pIC5AX+vIjMg2Z$KkRL|Y{F#d}E+4f^fz ziTKV7JbOS(i_dl@C9rY^B`c%P#<=p|XLM`p<^x0Nsl%T4z>&l^6m(EQgpb7BbgNI? zu)|ynJt+OL;ChDrCwx~) z`0<mJDZ2%|-D0*&x|1bKN9O9dqZZQh>S-3-`t@Z{ zF|jNmJDk!Fr(`uLpK6bNwV#Al*wHPxo8&ro25Ig}-(IkYG?&3IQ5|>QPdamgrBzcn z&SNKgrAK;$@w%l3-g30}F1s3$+ebzRJv&O*W?;%1r7K#ah$U8aJJQQr*y3+oSAD?d znrHi_++jBa;*daC&5OAkGo z?2hY#iv|6WmOl-L`|?`GO++LA3&M;_7EJ|>sFH9FLN4UX?YZyzn8i0(=XMbuak|_Q zuu1%kdD6To5+iPASv8-vUnU1U+HQ-ZGAw~mZa$L13{%?p#db5s)y^%C3=SXAo}*?}!1{PiNKOTiGJrg$;qc$mH2 zL;zmtuUQIwq{dKZJON80H}70Pc4D&l_1AT3UfSGaYS$kuB-wj&9&{`r6uU~QLRbB_ zVo9(BrQ5a_e_QP@)Q-1uBpl6xJa#yt+WdBJKhUA$Zuh94MT5*w+|Wt31Bd6R*|1<|rA@6 zcCT*4mll!|LgDI4d~)eGMGss)AM+hS1Yk4wT7KWTZ=aat7nVp^lzagh#2q7IxwGmt zU2OrUV3z0^Xc!n;o8m1-m1p~lSNqy zO=aVVy^W8JBmlsx77i^zwFCF`l`U?sCM3)DJHT7NL^bXIZuIXLxy>Xk}4&eF5FX zai-3nXA<{*vk+cI2UC$F;xLvoJ8jpyB35%HzWuw2g^TxF^X&>-em4P#vtNVMDecr` zw4JlcAG43{m2`_@KkUlEz8LgV&1IdiR9Aw9Tj4XGV*6`pAxp1zvWE3}AOR(Xw1r<= zIP^rF%8S)QwP>{G7B9Ql)c0zhG^1A6d%EY>W^PJBZ{!?WibP8UHs zkr1?GACuaS@06y2?9O-DlqFBE@ODoo;|7yOk(eacCi1wHhZ;f~%!8QXA~IZY@2N0& zf!UN-(=g7Q)7mS!Eiz?@Ec37h?s}wsQhK4Wb5BpW7k2FRnUN%DzR`dbn(d7H>rRLDG)dr3{RolU zg1q1oKX(~o+JO9RR#ecVnYKq~$DQKlr+%^pJMV>9h0bU?R}-nobgrxX&}4eTN>auU z7R0VKl41PxGRSI zp3{>X!wi0sbQJeI<-fOnb4t>+RqhDib#UtP@A^Gva0|LFJ9BL)9-Tz2I3%}L@}}m3 z_4j-G9%DAE*7jahDJ?Vz$%Uwri`5zhp;M>tBR}_e11JKA#L5@Mijv_sZ}4XdAI+=z zB05;V%jK)?@%sUjPPf~sFS*KcE!-;UF8wH{*ihpHYrpW9}zs+;EoQ{7nI zHRNNHVP5@dJ^e^QPEuTO-0(7l&a9X1JtkzQ)YT*h=9f%31`d0RC|a~iwHvdUi-RV0 zDt&lkZLSi@^16L?6FZg`wvC30a$mueW*W;OEYjMlIF->iu9Z6|#qROYscp*Uc@gBOL&BM`y+@VqCb;gR)uA!r>7H@ zrfivGVL@#83liOs;VB8)+u+`Mx}X;dCkB3Xa#Q^>I+0zx>Y2UlS#cS!nh4lj2NPAe zx|~s#Nr#}hQq`KER$U|&l8*rCX4I3XbuM1i9&PEZl(z7$|8ng9LDZ9#`RL|%Z(M&- z>}Njb;nzNx__SUwP)bWk?cM0^A64Ct%{-cgOZF5ZwvWezKSU=IJh)rhj)#_{a-kq+04?&9X0GJgH+OX(a{n-ufbIEG2w*WN8C>kxGJ?M{B5^mD( zr$^3jz-QWeg)xuc8E~-fq_g%)K3sahw|sjhjqk3}y$atp(S;ZH>~5`{bNq(9njacT z^X9g;juIm%+=&P*xq&qs_}If@?XPtN@+@iWtW2tifzP&u zrFl9IL~QNK&vN~>IB+Z2mCZ%a_FH#euyCd(Lc2iww0HvZmLI$&t~Ti>-H8@BH?=8x zWs|9OP%}Xd4a1r-g(bx43j?>^hT3lzlY4biO{2hpNiZT1gaW4F_T7wK`e{qf7JCG^ z&U4CR!qToBcGtO+lURn;32JCz znG7HeX=1Vade!u14fp2ux(TXK?=Zy!BRm{MwO5m>=3Ej9ep)g58Y=;CSb0$_ku*8#!? zB89dOg6cO+IZ{L{g725hL<~{pBK5@h7=kF@g2b#)%>(S5(n(?{m_33`aP^nE$C2c`@(auMHe0w!zSo{F6H%9X};*>h+|v4CBds%jbL|6G4)Z)cyiBl)t>vrZ5+lr^7zXG%{e<| zuG!B|OATw4y~m2}CqM3;WH#m%-ZUA!8+a6ZB)GPxMdyKGG&W|V;L__eNyJRsV~uv| zrTr^HqpDnU297FL20oyT(1(I!ivdOqo_tnicE@*!*vjBG-n1GG^YF((nE($1`ZCgT zpB-S#tL-oprOztdW(mD#8Fz)K>RQ8CmOfD9sPAA7PrK4X3;$xC2Hw9yGxj1uI(Zam zrQxkvweyA?x{zO8VwNlOc~Zz)-foxwF!;ZWwcE)>t(+6A!=95@;E|!<_*>9YtDg~g zytYlkDbXa7%3DokhHTtXVN)D8;9TkN9bkAQweIP(>0N42t}b5RGgzq~F&%hS+kqN7 zXRV!8KK2?kQs`#{5s~$J3lq63My-_PLBVgdKG3rsI<#D{)7llpR_U-!PH^MV-iac+ zf2Z*|`WU4>HCzg;QVoU zaT?m;t1fQC@!`WY0<lJ@@NGxYiB(0%64oNjiHJ&MBBlNkO-(y9ddzw^0s=k*hpfp?5NI zlO?GhqYA58>sb!_y-$&o7D(m#R+*08nc9K}OVL<12A+|VDf9RU_pGHhuU!hauKM=3 z0mvv_!YdT0^ViIsjWJW8%9764m7pryPXXc>aeap2?(p4qZOd1`gZ-?7KTf_3@#xS4 z@(k7nmizF+=~>XiN6|_EI;|;54l~LJA{?)UM~bOoIsUeXZWR8`*>An*%Un#;iWSwV zNC-90E9?mDn;xY@7!%Un?MaVnU6O-^+R~KKC&X+i;2`X-<&MtWYex2 za4+}n`W)M+B8qJ7&+`Xdmxi z8m^nOu7ot^B;^iBdsf5w!L;!h#JfMP1xg;c@m{Yxm4~(_mIjM@h5Zn#uUcx3TI}(i zgmJWf)K_*qL^^48Bx75Sh}TeYsulVN%R3WKNwV|qOMc_NVzOmy@ zR8I!LaF4JVeYGRrtbMv5ziCRKx3PD4T4$3x6_s#yHeTLgUR?INg9jolH4Tr8xs_ee z5Kv{ZtZ+{0Y%W<+O$$E9RppA26Sb@QNQ0IDk0XON_D?iefg_j>pG3d9& z=IjIo)vBAqG@~vS47txcdBKBrHyt)ToGSzTUDQN3#Cwll)IPJMi?4Cxz^(z5*Uk8E z|I#_$Qehy92Clp=3=q?1;|=A2oV5)Fj(VcU9ye)>-M|n1Dw0(B;!G1O(wcTe&W)fl zUuVaNKEn^U9yW>j$LkN`CaPRMg{IPyJDql?s8D1%BB%)fX0K|GqW08S(I+=$2+Ese z#vI~)aQl@G9RB+=VYNBA#r)Pkjz-D7iwgQ`z(`m{DxN!Qv2Of+*vG3v+_^Q<#sxe{ z5(xQJVOQ5s;Ta&GD9R=vi3gbV#*W;kX;T+ywS)(nu`wOxe3(ZL$aS(&J-!Pp!RBk3 zvkQ%@``t(yPHQfNLz|VA=)gT@`e22u{!p-teob}6!iJ7)RcdAbsn6t)|F`OVe}~f1 z(K^ubXnNE9AGER#dJ{W zaF>8C@Z9##FQ>N3%XFU7 zn351uO7;Ch1e?yCDmb2og7>_miKk#MqODkT_%+EU+;R7*o)^0Hr8v!;glVTp$!erY?M~LWX@f>_0`^LcJ^9^%u)0y+o9vyw*ew(s#pnc_#-eN zf;d7oz8&LN5t+I>vYLfA3S~9VH(RC@CA~IC$w1-mD5|t~eVTK?l@im>pFdl7477Lz zT_eW1y1Q>P;!&#s-A=%@vt@GhKkaB&1ikf4QdB8tkOm7){3ZvIqo=-@v{G#ub$;;zP1u>QKc{Wp)g1B}d zKr@j4?g5<#GO{70Ix@8+HiM>EwkciP6MpghSgGRDMZ9jPLruoD4%xI)YiIGX)0{vC zp1w3#rq1-5OL$}8Q%E(mtZr#;XbN-o{FL_F(9c8q$ovh5)zfXA5FBPVfh^n4h2UU$FXr_V@nD#lb_DZwM0< z@2ykXx3pqun&vB?F|qWT9O#K_!Wkl^3Yb9>S zSCbAHE?}8cw?#=ASVBD6sWeJm?q?t8-<*Q~=|A||lc*}Cms@V{?RAAej@G?(qJVP} z|DhZ9Ki&K94?_`{ZQq{@fb5riZf@3@a#hRWxTCu1VvH>bx2H zhS*Wr>>4cn-%ZV*#^-;t{r~dCZqX!bYisc`L1&Q3h%SaE#TZ6_|DJu}?_G>3*nPJ94ohREnX)KeBBRRxkmVx?)=}(2ff^d*r!tA7_Xk6 zWa0le5BjGYV1t(UhAC0Z4ZxqGGXCxP`Nvs~&Lws~)3?k3mi|-yqz5qK8#dC+N$CDh zto=WJt6&8!qP2~lbQ&UgycPcOQ~ys#{>MD_7w7DmLjR#z z_())UVP$2tp**`p7~nhJKEL;#a84J_^!J^0|I+~ft)=!->7n0j5z#{5Bp>wNDWCV^ z;Vj?oyY}uDF6Rj7!T5jno}ULrmiw`^J=4<4s+(94VSDZWOK*g6E+ASXhGuSV9DxCy0vSWL}Qt@Dge1?G5yATpSCFIRDMwDEj}* zvT@70K^(y!hhWDkH65Mv1|q3w2|8|7Zv%Tm6!I3va^ohetTibWEH3?@8m1q+P@96t zU87}UlCGM?9bNcxJ{(82PlheTZ)1CSiJ?o`QTrbW)?x#onM_%`E>z8ZHtPthXfNSbuI$!f& zI?|*_na{WRbcnJ(hhmKMc@sf`cLe19Ox~uG-8g zJSaK?OJw}8={40%$STeg1ylnK8K}Bl%v5fMm{7d;LMzu5x{uwVDh*ZxIYQhnI8Ri| zdRst%RklS!EE#CCzTTOD^u@C;bngB7_@hY&qg`w?fYMWqcWiehWn68j#+CL+Y?MV$ zFv#q9iB>JM%0ObDe)zVrenMdGTfjc9Xer#^V5n17Ri}9rPHeyZrp7boE??1fE(er+ zz%y%8>Aql|XD*nCOG00zxa(YWk%eJ|%XNQb6?@ZINSMGo+?85FBzzbNi+JSG3sl6? zH0Cx}N)X}Jbgcj?R(5soUB>!PJPAL>%tt@K(lGbN3V zbN%1}8mLbKh;S$AZf=J0U@hcc40waM&?0BqQGS!!6LQr5IGJt=7quP*rED@SurC$y zL?EZMxM}`+D18j!aKo*ZfdG~@t$~CJv#yQP7nxt2_W(lnnINIeQskLAX#8HC3)5%9 z;C$->AFy;i$`xe5(TV3&=Zf#z<2a&)O#%SSe|APm0wd30G_5nA`1^eh9RZ-hleVOyJ+zgWB)Pj zIsW9xjiSUr?Y24esaa1oz~|H)TH{i-?Fy3*IIBw~3o_fScO5?LjdIYMm_?M6Fk}`o z^t?v;o_zlsl}AA75X!1UgoxMGfmvzUGbg8xqu(TMG~^tYjw5ZtOzM3P$w;`f3QaLt z1Bnz&)~@$vW_Oxc{0nw<#p8)W+n0X3Crvn!Q4Ufq;P=ONlUqt5~+_8x}JICjim zKX%`gb50pC><>kvD*%Y~^ent(!4;hL0g0T6L{2XiH!#T`0~$_T@NXY%7ifIvh(V4u zWO(rcpH{7H1(z2P#StbF9gg2o9URI0Nn=MxZ8l z5e3(Nn1Fxyl_?ioWFtM8N5AyxWg)I{9qMdKI2QCtWvI$1eG%>dpm#^S5}WM(XRew? z=F6jn)`Si{y-hxEY5nUvS&f39e*MV<@D04Io-UR%&-zM$El_|+Bfu6UaL^mW6uOXQ z$m8-19$JuOglqX)~c?)?R7vC1wd9O zaGuzVJpY<5E8uEueLM)u=?Ju4Z7qQ2RURI6BBk8(t~4d`*BkRB>`LXe-Wze)2~)>q z3>t?w<^@mLa!Pu!FmVhh9*N1rwn}lX@ToK};ikDZ|D}jKiPp*@Z9@Crt9w4U@$xLv z*S7k_|PB+a*`iyEB)g$hzVgEJ)4BRB`=E%>^V zm*3EwZ(?swX=~-56v~Stw#QPB^O*Vy17v?qDdt^E1eHdN7#R)o2fK0xAxgp- zQ?QDR$#L}l7nh#~U(2<1uqJ&>Sfoo>kr91Ld?=TlYf#nlkZxIP%`J(mWVhiNrjJAe z`%3PKZd?g76J)zhb3Q_GG{26#o7r<6$58pv^Q&P&#}M}Fg5}+(L^-mZR>#DI=U4Mu zJ=U{0#-VdjX4C^bB6s5Jf|KS#5?2{=O{H<6<$}hxH_GeqLWkMvBdb-e=wApk%%l0b#6F=K)0k&WP zw%0`FAK-MOpN;y1me|UdRs+DHNtG8$-8YOhov3ix#E#x>DG)}@8mueLy{ ziaXvXzk;x!qMJ#sU(=iGWW(TBODeF*#a_+f>}&fNBYwvy5$6-7BHqb&4X&g>$01Xx z87_)@&n!L_;a3jB#v8$?i>PF7cT3Lo2k6R^B3Db1pWEU;D!&*XzvtoBQ*uYR+&F=) zDh8z{I>xt&ylv%;c>YAV*p_V=rsXD^54r^h0ngskiqq^3R$jTD_u2#i;!w@v!QGr) z!D9@nXSmW?pU&N)04ZASJ4_^2fchDuonQ{6Ly&gHs@<-_%BX!n?8EZgMD=u>sFQB) z?I4l6?sWxx_l%cfy3>z*YXYTd^OdE`J`joDQ|`%+tvb)ZRXgbeZwm=Oe57o!B~wp9 zkKnG;F+P@mJv9V-ujp40ArOAszC^5Ep{mY5x~Ba#386G_RfAI{;X3h5;c)R8{;^78 zIbN)KO};BW5k85lJN6&htbb9@loeU0+hkc$1Yxl zQui4!wO&~+x@0$>Qt;kiBNMJqN47ktrGuYxRUpTutJ{Do`$DHyJH~i%?{s#g9k*I$ zgq&whoKF@sOzSAh_QrM*M(Aps!NG>q#4e^paD$C+5EXisV4_{Di4Yw^LhKT@8qU)y zGI4QVzWqMlGo9dH-**}bTZK!X%#Z=RwhJW(Y_(Q6y@t@>OP$bLyDu*Kxc0rSvGs} zS~U%zmjqKTt&cs{CzfP~&D(l7KDX=mnRDjJJ2w;$L}(o_bUDA`BNQrG71Cm!lYJ%M z$WJFxMm}AoN8*)j<=$RJXf&rD59ZVk^U!6?`%DLUmkzGkWH}s|w~}IIFHzftti= zlL|E^u&;vi*^Tra^jPaeRoYf21W+~meejiX{V1vK)b|g=92thYeMq0)tlB>NM-6R&o1PMPyu&;ayTT;djVw%1~E?!}*^ zN_J*iE+;%+%PIyH9Nw z$wYr8Uxas^k>I_Xy+PZ0-yydj_1Awi7X=MWCLAw(KB^icC%-fxdr@R}e4 zP9V=HlVV`g{fl`^+^ZqQ@z@tu-NMdl>&G39t$*+BOHyB4e66wgMI(%de_`>pRB ziwqU?WaTevXYbz(P@c%&u4v4EiaG>s?SBW{*EKtu3-~Z26_~goW;5^}X&4*t=GmDi zp2a(GkdX$OlyfaLOXMh!-mfmPYwLsPk#t;&C@$xf3dU6USR9_bG?f;>ADpg(b}~dCuTmi7R2@F|9`bkd zq(eQ}oj(_n0WIr&P0}a>OHiuPG(ttTPTZ)qDP7SSN@pCufeqUpQ0ct##_0(JD)!9| z=p-t)fHt+9V6FD>J-Vji9@2BfowXk&&AIkHKM&G<-7><^OT2mm(&=5m%(|Gyb)ZUL zLVJhzxOS6E5BgI*U$N;W&xreTwII07x;J3mP&Wf|Tc>Pq0|5Rep_aj~EOC%NSoo5( z)x44Wk3&_`{9;Za0W|KD=YPMw8j>H?XEz4{8LaYmfR_{!a7QtV2i=AD8Yqz?wfyz5 zWxv{r;%oj=Fa#Zz7zqLn`bc!$gKm}~zN$EfjQiy~f}4tv@w zz6aQ)PCfhG4>d#FsOX+^F}11&9w3EPWUgpkQ$N$lWh~jVem}Qt4$~)* z5sEnAI;*!zb{VUcJ3)z2PWN<0f6hEXWL#^5dvb$+qjWELv`}ebgl87=%^LXX01APWxu& zx-Q|Mz8yV30h&N%4v2>?2Z7r_B{5E12g7{8q1|clQf4(cS@Y%He=L80`+j*N2+FdZ zgnpa4k2q>r_i9DI1K{tMou;74eYe<3O^y&zBkT?-ms|$Dq^%B<_IrS(`xWtJo~C&E zezTSIXH~95OcU*C)Bcq}BnOXq`O!l@0!_A$L>DkMwra@7+V03tF$juL;#v%}WeyRz z`;KreU`?h^Ak)=eA5=JjuEj z;j1Wa;DE{NhH0@C+YN`ILvdv*A0_Y!et1i7UDxBpqd?G%)X6Y%)s86*uM;8NTv=O; z+IOW#eR^)pZv7@MieeM4l(nyUSZ9vKjM#gvy?c6YJoI!ibrj!DZ~Z;6&UDkpU7<=vYq+Hg4(}EQU>pOP+4RM$6Y#i4W?Sa;>P|&o(W2i3ZD;rVfc8!#)^diHLqI-BDeK+El)% zio8uyAnIIJZCcmZk&;fQ`NA9gc=m93iL^EY4EXydV5EOXAzrA8w)@QoOveec{|P+BV=XMQF%$V`mr1# z5h%J(f$+PE;`C`VLuxakY-XqlIJkMg9}X(^4A_ae4{`b#eg2F7L&m*yo56O$mH7hq ziMEoF<@5T&DkGFu+8K7TUYw^zRK089K=fHW#+gC9rIC}hFl5_rVKdO5fEOcaMQZf8 zkJkf`j|IB&R|_8(Uon%G4sV*W1-eWhg8f{(r2^FOZ9F0_?DACtB%z(t{eu0{`%zl1 zc1>U@p{FIuufABe4vp(nVKzm`dtp+;93%{oLOF+`o zyos)?uw$w^k!8t@XBxJWt1I5QDm8cEHH2q`6j~T{;UuA9Q4vkG#4|uJqR`6Y;2MI; zOXD52#{}BXMo^TiA#w@{oW_FaSWb%_?%lx8F6;W|x7iX9vtkK~%%6tQtwHf z;KD@N+?iOwyQs_J4n2kKoOcPL24Q#kijy}DvGjY0)^*qHK$3f`<}i$C^&g(E@9^dN zE{5W82NRx9EXaV12M&;@Qi;}Ypg|dRl#AYn`z%5csHC!l81WA6MC}7ZpIbDA;0;%Y zHhZQ=xlNYXwjB`xK;Gs z$ZIPV37dguQV7Uj<;g7v;^a}Gj&A1#9eexCw_Wu)y^GF{B9?oqM}&h8dC@iRjhy@v zS+nfTis4BPiUsi_yAbU1S;%5~Ljip&^lkp4;1oXrNq_Tz-57SANZJ(O)TnLKx#Cp7 znK}kW(m=%xd{iNotDyJc2kW`Y1-Tn?3tXDAUb&D_iGq>wZb#34-VlNNyM=d+8$GJA zOKEAG6)1?Om&1blc$pEQX<)H41n+G$!raC&w&)(v?xLcN_{0PH>JhQ}=9E*bNq)_( z+!i07myz)xeSkH2gkpmIjh=x1gFJ_IOS26vWj-pe5l3vO!%k%gr^MI&t2oQIyV*-( zg&3YJXBY;9ykGMG+)^h>QIi!?k)>BM#f(zb;*$~@q2OY6MoK;z^hqC_#EoSl!1oVE z4gaJBr2Xt;;wo3z`cm8X5E#`t0EBz%z)2Bj->Ars#y&5vMbe|=t8lpjxMPx`k;YKukxk`>^@VjK zO$m^+e-t;3o=wcSQ!3)4gxbQ=+C$?FI(agqGU?k@7J(r%N3wQJB-Ca-j0JZtdNx41kFN`PHwLv5z-N? zn*wY_^W(r`)QTt&X>DB;RiSH81)Kv@yMAtHn_bIjuOC*t5A17JIyaM{G<7LD7H`}; zY6SwcPA)BMxr>yWZjQua$~u-;=H-+2@gv6Tft5&e^eWqer`jQY zae46rNZ6vGqdKdM%q-e(^wZ(QRLj#l7NX=9vSC@WoQ!MrEY%f0pM4j@^DT`4V~2S@ z-JoNvCtI~wB4# zA!U0b`Em@%*2eGhDQJ(TWTmGuq&U$PXmPc>XkdnruIT3sVbGJI=Lzns20xa(V%baQ z5%(p6hZa4xQ48y<@G+IbaA+i!?l^E-X5fnuf6E`tIuExdujNOnUvZIsp)ewuIJeJx z-^-cn%6Ae`HmKjaVppLyPI|QnW2)`;HHp*MU&Uz+o}efv59qLF4&LbiKIh$+aqyfV zBOjeN1qS9t3iz|0Q7-yE9sPqR@S|<;bMQe&&!^{v4#RWO$m_oZc%|*9KC{8pg(?T# z(V@XpQ&T_k!NlpkK}5_~j_-Hb1YVya1NceFDl>i{c8xF0EOHI`ip#f%w3HsF%^1vV zz*Iq1XJ7)|kol3+jpARo-(#D;PYE5(wE96n&q~u0o%#+NskO^ev&1B|J^(^lRmo2$vN)YG^CtPr zj!lUKV5*mVhx`9lflyZA_PLWpcI32iP0iqz5cpG1Kq% zbQ!ONrjWBy$D>!L=G7NTsi9N(RwH!c#(9j!Sqr{gLaJY73Gdm5SiQ zi&16bd$HS^nRRsbm6sNsSeB0XHZZy?~uuXcAA?~F|+S=XS&O_T?ux*Wn#qEi>^z|7B zA!k~3It&6UmHouqN-ck6TfSW&ajJ`g?0F}f2r{d_2L*Ooaa!dX^dTI{YJKYeDBEq_ zx*X++^B|0*_lh>16w-LvT4?!N@ssY7BDs24N+BLOX1|`%?{*E|BQ3^kF z;W6n7Z%}m6$vztEUjBQd&z1p6kID7K5U^gIf{Y@0(Btoq?6~DnU6a`exxqG6wS@!@ zNE;L5v-F&0cx8ASel_8A>fTw@ZWo;}RmUk|pTtL0%~;C#LfoZFhn_Yg0cd(?;2U26gXk4qcukD+T4@^h1~(K^SL}( z($!K*EX%wRd!waPDL`t?+p|Oxao6=ld?p&yM4HOc@3-z3S%CJIF-4WjlxuQ(DsI+m<&ByJZ1~MH0`tlNxW;;*w383z1fa)#u^i zi53z?1BvGjCY z@gU&Eq?<5X$nkfRcP0U#Nwv!qQ={z_+2OuoE77ZMv))N7GtM9f=2!I_<|$^|WZcNy|E7nbH*bKs$0>{t@ZYmN+#`N+GJUUIFfN;0 z^ziCKOq}0`_)UQ{zUNR`3!E+PcUqn_m+M^^{cAZz{GMX_NeRhh#@<2u=B-ZRwC zMZ_sw=q$U00kBDF3b0SeZ^SThejk)+Mc*!{-T<%GwrjuZ4NxACO`|bc$l2Y1oOnOnkuX);3$}=yhF3fa9K1Zy zzU^D52T3_Mm4Rx~>Z=dVw^(_K8(;4($zXaqX-zT80-b5C7W)ox5|b#34!qF*ysg3+ zwWueOPM`K_O7ep`o+c{B=jdQ4XYdI{SDcRY##2sUJq~&zb7yI*DKG!8;wFDrC$cA@ z-#b=Tw<7JpuPma{?|UDFMUbu zgfTHOAtxti_VJl$B9k81l9B3X@TP2^lNw-@%eQEz-^dbg4QdjDLpEpYp$;MPq@(O) zm}5{Z3uq^f=lKW0MSD4Unz;N~ZX#dWU~g~@)@s-u8<-bget7)#)X7J&QFMz?cPc9P zcB=0KSTuptnda`(7Jlm=BBtM_FOoDw>+yo`=JuCXeQTJzP7_L!g^hd!ty&EjGETIj z5%Z(eIS4>_SseJ5W`PxZGFgU%H}fEm35SVFAR*rrGq{Wi7}7{Bc&k{0;oOCDait_n zCf&tPQ@T*#R6V;@Rr=wGX97O3upuaK;;tZTYjc1+F2ArlC69hEsQSh|>N_Psm8kYl z?fL~e;>I}Td@tZvJRQJdvLv!$vaU`8Gjk(Be>%x3Lahj+)p>9Q2a2LG5?Q)bP^Z8M zPgb9haVQ;Y2obX1$d;W+wsN5Y9h+Wi5@W##JjbVQzqtN`&GSjewNVec8k?}adauBk zK+!iw>q2fzm*r?!P?eFXweQrmhe(eLyb=#J+)2o8~65x}`Rzmap><~TE?x1s%>lJ4hn==_d z&c~eBlYw)~FhXkt1xnm@aDZP*H|I-)^3pnQ!>_Mh!eDb4vCuGBiolX;Qo`t`7l@Myu0o>`|aggVG{_Dq|W5}ebX zyF>v$C$B;+@z37KnleVhDDO~GNCp)%hDX+xUT@(0GMu9S3bip{m*mRzyzZc+<9ro1 zKP}O?d6-*KuE1~xO&k1sn5=L7MK<+xMS;eUkPsq3jtk5Pe;!J@G81&JR?b5acGIA@ zP^s~DLG+V{;03Y-s5Q`8#%92H(3shg3}L>bb@<_4YU92m`WJWEwu)gOlg#exY=%n5 zrAOEjLhLJ4#?W!yT;+Pb`yJNqsV&qVqUb$u7Sgb^wEvB_hsr`Ju_%X_>kH;wSoN;q zcl^m5eYxZ2i65CHX&!3AyQ!^eX{3b%`y5+#I@`L^e&{g)9_v)jlfGDFSL63@^F<(_3M+fG@z&-!D^VCH zv4dr>7&-5w1zzfb8J7m+vg%1jPm2l|jI zLIFzpRdoZhu1UNPL*J^|fhjfF0f|AnRJ;TrqLx_NM z4lzRt3_aw~@r|eS-gEB#&b`0ufA28E`|fw`wbxpE?e#n>CNEHLkTlktl3P3H%H`{n zn$2LLd*4J$NdL0Sae}Qa=$0K|Bg?vN+E0g%`vn?%# zhMO-QA$lv;VBnrO&n3O#kp-1qzYc|Dlw;K!!kS9ijeB!$5OMoxra1X# z5<-i%0rm7% z;5_N&!TYeG(T8C+66GT%ZsI+w^$&!?uAH7VYDnNb%$JRi7VWkP?9`aGCTa~5qOwYRH?pRQ#*>J6OFK_MtbM6ndNQg@7ExuN{Ls^lc3|(a z;7TD61#)SDzoFL6vdB1C%Yb&2F+1D_R8g*IUH{zqR?!oNx>4kvp<#VKxXrApqgUAn z>r|nFXm+8I#%2k&yk}Kyf>ye+7Xsu~>b)SEMxiPp@Ge`~{mo|8c9Oi^fw$D@^L1%!3izoilW!9=7yx}a55^oh!0obWP(VTJX|nJ%H@ z>eTbYVAmP?eXG#|4U1vN7FC*(daKbxTE6R~L(e(+`czJJ1y=w?zJok(SHdVD9H4fd zXj68r!#TQuFrk<_%CMO+dnl4N>cxt7jTwT1vzwN`nz=y3%HstlerW(u_ zH=yb5>}D^qU0cb-eb6nKqgfx#r%ri;AdDL3j!g#yz!^ zD|@7;Bk$^kAkLk+bi9)N7Y)=4oYqE)(cFE-VY(4S>{w^dY0b}?16i;KB;JYX8+N5% zUIi@_tlUDn9JkQfbqWAwxlge{jtw>#7l_(<`(=ea9Yz+_M~rM`a{d{r7bP-;Vjj)d z5_4EKemCK90yv09B#h_70uP@j2TWfM8Q6Ncljw@WY1278cJ`EMFLb#8TQ|X1EZQSD zk;Y7?X{wxg^0eochkt_CP!o$uRO68pOut?r>06%RKIoz)EOd1Zs2wDP-{0L~&v`!Q zQ)^nEJb+})?c_Wco#?QHQ}i$xlh93e5&1(@Ju#U{#>d| zK3&G@#OpCIz2d0S>g5Glm0gPHaUR*B%TCHOn3t}H3oo*{sKEQj(s}`|TvwBv>xjj$D2;4I?j9x$Xji4yya&{~!49`aq3X|5Kk`F)+jZ~5F96=#)?Oce-$EO#;f ze2V~aK+zWkD8b#F<;B8IhUlWeXq${fs`8Sxsa}^3Nt6S+cKL(2^`6svf_(U{KJQag zZ~~Blp1#k4Q9TD-%c7Y_IF)Y(7tFUsd{N4B5?jBb4)$8Vv(!ex2ij&Wur`c^n1$Bu zMvG7n_$#Pv#9W_W zir1xM8W}8KpcyXLB!L({nR3f;Dsx*M%VJpJJ$v_&90tgf^Sn;guVI#{#~4xXvh|U^ zBtA-~l5CFSWcWpo=1KZgGHJS8n=Q8~r?|~CXO%`nXFt&AB!$Ph0#VJJTMR*mymwhW zdDvgfAyr4O@HsEIm6Ve?CqW!&$R4380#K&XA#+M8V&T_T(C>|||HB&py1z(K|HWPj z{X~+gtXXN7@h~(MvfSd%_~@gC#`f*Ox}S~jzE8_QT|wF<_mPk8M~7+(u_uPldt^&s zbaJ)y2|D9e#Ve@Tx~f%Gna>J0YSz^XV^u@?vbJ_q&7}4@BOq1VuwC#aMT*;=$^Af2 zl0xOec$MApFIP1^X8pB;ErP^5Ir_=xT3IUTQ)(BVP*x9O4@x_(q9g0V5RI}D|h z(V5XS-Tt0uS&nVsdYJG(JoI-k*VjBk2hj|#^>)4KuYC@iydN}eES`(Td;XeZ*tEpg z7I-4U5*sse6ka5VyxckPt>*k6%ijOt3Bskg)HF1pGZIS5!v6jjZ{NPv80qm*&Q-7? z?wjcC?d3HI2KwDbjFp*$(M9Cu=3?8Dk=%nPU0d0lZ7D&bq7Sgus32(!_ox7vuB3#{ zSia;PATP{JIw zXKI-1?QnvmSMxvIBf)mZ115M0D(jG_dZ$%8{Lx?QpUWzxNG}x5Ep#@0)%Y`6St)YId6WFLQqi9&fdO^Jk}Li zkN)yyTaIE;vHgMe?_2SZ)9+>I`ke*^KVD*ilIL>rluy@H%tBY zLS(quV?yxygjwgt-gFO)1Xxh`*5$iP@)g|6DenXjtl7>vSpw{%hkg&7$3 zr3f(G8W|c=Iow{54Og$c=sISLZ5ccfGdVVa`jRbc=j>cn1FK2*EY%#k`zM3)Pcr;3 zKc+}uu)mcXrS9S3p-kOvPu#Lq!>dW~k0Ht*>5>2P8Q=cx7V+l({wTItGx6=)QKm4K zx2WeYNZE{vv&{l4Y@M7&lKGq|AEnf6L>6O_#?sI5gD?D$*Y;^=o|(bcZfcYXqLgU8 z_iOAIM}*E#BG=x$zzzu2p!iXgEsuVd`N^d}?~?x^2>teE|Jjwx{R_^{&cuv>C7&Zf zhUB%>D4!<;Kj>M)Gp^VM?87@QBRs}G=n*ak7o{#?J|*E@`p2@w|9IW}vrYQr27Q@W z3WAjOvfigZ2EzNgiHHV^Nv1~up4|9RLZZYrk;m|-IEH?QO8K9vcgo$bY!***eSQ9r z+rJd(fAvMv&ZC(FeoBt^AHy`!6iNNk#KeSDrh74x?Qz@I^wqI*=Q;z$|7xs%ZJ58m z)yq5Y5)ZH#xIw(udWtG$Yb}VsB|ke3t)H8*0^Q{wqRE>ac%KyaZr{AAFMWxa`@!&# zi+1q1(*;Rn;^3|SsVaOkN6MN_NxL0MHy9rtM)HtGxgw{grb;0P9U01Q=bzk9aKe~L zhoNa{?cNT-{}a>pCuiY955SIqfuCPHJv}|9@2fAAO4iX%>A%TdAW66R8LP733q&M8 zws6~e>A*}O~nQ*rkC7WM6izgL3)9jC)O_HmzH{jO>A|9>I>Cv!-vhUJ0jAkGx{QSb1<7i&ReMC3&O)*j@) zdASba`=kK7R@1Qm=AZwL?q{W8Rap5($JEkk{=^U(9u$1>$@=koyj~T=LP3>Q@6If{F zVH3^A7RTKsC0txw0X2dS0rmEICzl8W@_Z|RoXg5B@4?&Ay!3Y;-%>GNO8#y$>XLGi z`eWg8A}7->e2>cE0FYKVO`x{2s{yPA;Bs0H3bP*6n(0QaXxdH5Uq~%_p}SAp;Pl+z z>}5+8W(d=b?G{PSb8%fQ+dMfU%K^hsRK(>GW#lO*ZZzg-rTs*9wdyQQWzps{i{r!S zycaqYyu-0Ykz#V}U5n9;jqu%?u8QL#L%d37wFYX?aJ9T-bZ2}gSjWyFfluO%?nuEI zMa7p``-E~=NMN>IWngU5^`ZD8c;2#OHFlP+TTk%FV(MJW=8t< zyK8m%c*Kxtd()KoI@6tPH&rX;?XxK0ORjH0$-lXpsUa$+wc~Y^Nq0umu8!HycQas_ zI^Mo{^9WnmB9r_uq)@l!*1eXb8!HD}b8cI$B!*p-POYP(`}$(EOXrUa9*#-h!jG~Df9LjPh|loi_nV10M(s9c9Dq>J%4SEG{ocCdU$$cWOgxc(a63 z(n5uo=j?3ZFl2FicIHmh+OErsO*m;G>QePxo~DgPmn z-vb91|BK!4Td-N-{Kpca=uR{3)O4D;7r)KojP#9S``!M_I=suq)wY=rr*2W&soD$a z6gjXqz63@_?B^EXlzqqc{BPV=Uv^XeWvPoGg%cx%i;k^QXAUd#(x9#so$(NF6x~meaooZADhlGdP_5>{(u=M_ead4=)? zk>WhZQGgJ#Y@%h`^NcR<(9uAl!lm^A$Z(yU+;$$B8|S1(1-64LyF#VXDEXA~JcZ|& zbKyr%-O^g;@q+{Y@7Ls|lwt6lHy3&`9Sy>#9$%;Dkl z7Vwt+9F^Uv4ss4TG{2i(WU@Q(j<^n(XY5RY+@1gJKy7eTzGhLZhTbP^H6&FY*8WuA3 zS$ILi4DTP+5DM&u@`tQzX;NhDI*SIcZQn|8rKiXRQPrbQ_AT zmq6dns{ZX3@5#k(>6GpH4*O~EEh3TDnRp^mof^B=h#QPLN4wkm`>}P$Edt*6h>kT* z9XwPC*OaJ6JN@D1omHuVU@w5m9n1dkCaq4@f8_JquLb-8uw?Zi;~ z-7((loU*_X@KCvtu>RXgL1@JeiFw!FB(LX||HP1q+JYMeyhgVp?gk#dU}mdI&N75* zZ~25cl1@P`J2^A9(z}eoIP&{Ocm)@YZJyCxUX&vPa3%s>mG8MGIDa@@5j-*&3^V6E zl!qASa>)UT!%g$dH)K>72n()NgWyZ*RXcm+qN!c?CK)ED0d_RP2! zuAeZO8Kxj%JUSmQu(13x)|CA_!iEUeU!nMy%U_~IJ&%V{YfWouY#PZKwX$OnoY2RF zXM(bV`~tsN?G${U=?3*Y@l?-jKYASE*?ER@-=aL-u2Asi$H~>_&9VDtZJ&4$C5vft zvkILljd4>}Bhs8Q#)Aj@_m&`rK6fBDE5N32N>B+owGEonYB%-OD%{$PJkNTpai^{T z5e2S*!{i)uo!oL4*&+L_=^($aNPv__KB=SK*q(|FBSI!cT>_5A(H@z#h$?8&u7Xly zH1)^F7L#l7h=U$hUe6BNFo$@IU2DS1@SaXK7ur6KWalI=dKr5fnP@@A<@Nqd&|W3F z?fNLUz%iqH4@1IG**o~t%Q_QjnwU1o?h>3#m)DQFrO=|q_b01~qf7IWpOdN4q3 zM1r$vPQC8Fm&WI87!5GDoeQ2^BcX$*K3(;!rXegrej;-#u`17q(FFMTJRy)!FOMxC z#=HZiQ+sT+_>FIHBgyui z{4|2oT5z$FiLQ0BUYXC zEO=HYsGUK+=2%5lWLuMWDF_%L^=NFRr$T%Yp8_eoQ5i)mIlmO6rIOP(s0c%vcha%4Bnb6l z;o<_Y1$(bVCrzqw#gIftRck$Gim4iP``kTc(?Z7;CH~~>o`}a375q;Ej;^O>;l#rn zW|vsW*ey#74*{xu))kQx+{EA9eP5NZ`XqCglU~d;9M&hgkcSDc zjq3Q|lDRZUW$Z9u(mu&yEpH>smV?~4^sL(6C#7+q`6%8}7hA1$7iO$N{U~#NAlkEH zdxjJAXsu{K-duz7m0YSoBbM$!f(1;ha3dDyTTq7lTDO1C98nY+Qny^tE^CggX|&6- z9~u`EGT%$uIy&1Ih9*oP4uWETHT*s%I`@^abZ_q|jouut^KQjVmeuC(4^9IMb@{HF zCF&78h%GnlVZOdPCY6j61JMuc^3iJ;P~;<2j}WP# z5|Ac#CQu8@_l6iYc|>p7g(v$3fE4+JR?;+tq}GoKRKwTIZo3?)o!T5bO%`a#Ooh@8 zhC1{9TF2w^2FIsPV#SX^FJH6n!iq9=tSBqx&9eGsyw{}QFq@3JQ1z(27HjbIA9 z3cT9alj{Mqz2k65R*_MCzk&Ipv8MMYX$-PL&D~oMSLay<{6Z>ts8ArG!W?W@L+80c zZxx=>xmqi))qbj|gW?XR2)n7yE_A9R=!(SR;93D|l%op0jN#w*b397`ytE2I;{ZgF%{b)N+?%Ve0ph`QsMwfo{V%_nVfQbzGriQ)nX6tK)T z5wmgtcgu7c7DGC^hYSX@gzO$}6M={7(sWPLYN%I3hsGApO|2mwF|fDT9ZCB%E+b^C zt-c(^y-G?HT=Wg%4AVn(%goK+=i`%X?Q!X7^F`gdZeCBw2J zW7{?irwS2eNyg5ItgBiI7Uod$n1|d7y+evvgmV>$n}=@u+5}uo447G)ZMH_3N=~zT zm@&$X4A+0C!>u7Szql|*WMbfH$=!u*>vGwAcEAEGU{EGW*os5-JZSBX$tEHD%@|m>T!iJ|EgSvVGa;LnO*NrQpjz>Z(i(Ba~!N=f#fghADc(2CO*SejS+b`GLx{ zU%ZP?F72!J{bsN(i*0hirL(*Tt6`7aq3_A2Gkq(RmnND}6-EujDotv1Ov9ynE?Zq&h(qV%7_VnXQwB~o zJB;2btKdnal06*@uv*4>7=DfGi?>HCqf2fLBS+lFjfG~=QFBySEN4yuC^Tw$s(Du| zHmWD?d>(XBq<(kZ2zFjKFcrK%Z-Ykwnv%)4jPC|dzO0t$;{!WiijjJm0${|rv*+>_ z>6tUDZ|7iA+Im#F9G8sWk@dQ?@=^}@s8wDdLq6tZu~2dBJ1orc+zc>Ar{vyB$!Qg_ z1GmTFA*Q{GRL|_SeztRih~|Dw;9Ig-uXa(vG)r6g1 zbUc>*B$RBjA+098zbO@1WKAWTIpEDyIG(;$6B2DoG?oNoN216sWa8EFET?MaW(=(l z-_MN|oG1gDtn8{PP?_NB9O)#6PJVD!5<=D{eV22;A=@<7!6q&ArFTI+pHN6nD=QbT zW*xp2%@hKUY)@eFU|$vM=#>_j4ir-VpjL>51|zv%w5+gT=fnZzbC^OFxAKa`d)@G!+xz z!OkjbLnkskuD9hIE_0w9R19y1575!bJGLy$ESb7~Zb3vk7&Ski416{6*^9MRMjkO+ zp|`kfr~an%x^~6|M>}z~$9Z3}^;BKvxOZnW2Jj$_52s%0Nw2;i{5?Lxp5K0`p0*u5 zy>Wm48nnPC%^-_S4NVuqmuE9V)`+i2eHRdn@BVdB`Ix9Q(JK3QFI!t-Hhd$fiqtGo1EB7~ z5PUu)0eqmWv_tLibdp@_I5C4-3=aQX=WYK))!>BbnfBB47&(z_iBEVJL5v&8buh*w z%aK_PDye(C@rl)&;~YAKRYPf&xZR8GYUf7GjI&_t?7_r7!?WrfXcj_ZCL4CSN=o7h zww<^1g4L9y!fKtxnZJtWz`!7Slzs2>cv*QZN|9nH%hhIM#mYW~A^B$U*04Oxl;9$$ z!)~u~BC*zi=hN+bGG?+)(Ltx9h>FvKm8yN<%v)zi{xKyB-Hq%LS;4{1pGi216ci?T zVcOguY2by@g-e2K2DrYZw63U%30XcbZn>gm-Qv%pFn6t=MdD>1whGp=zm30hG`1rI z0zYd*xfyK#U4nE)vDd;c6eR@CauZYK^g5=&RZrh9qI%jbMu#QrtWepz!HbAFGgii< zbW0UgzXwI8A?L>lM?G{Qo;=BS9t-6-&>d;272C@!K(NI*$nr0d<1HxuhRDyG7DtxH zPM%&%mros!k_xA5Ge3NIQIo?h@WpzZmo*`CPM#NHBs)4K=_i{U+U1LVM z4CWq$&un!XFZnOy&ea;&r27aZD8gjN1fRc@k<05Dv*KT?KAvB$wc_WvQC5@HYeFtz z-kQ63`zBd>17-u-OQ9l>khua!eWoA1*yCxDiSv<~xY(*1Y*VL3jjimQLueW#1s}{9 z!lgVneEf>}8qIc7$~po1<()3^s?A>I>xkJMRG@%vhc)u`&3T9ymJh9DUXcPuWPTcI zsP&HhkKo-W;3_T3d7^Q{zl&3B;wK0}FX@6A^NUye6NYC_XT>5BzY0zm??$n6PmV7x zej8r|zM7@l2RvSTr1oP)aCOyZ0XwZb$A`!(9!gCt(K#@7H71h6eo2Ul+0fu}r*4)n zVwW_Jtl=u_l#2b}t+xg08Bq5Ti<#rLkHYczD?MDE!)Khxro}CSxaYqPD?;hMR?pQ0 z(n?W_%C*6)W0ej{fGtg>h{WW-rp?*a| zrNU+Fa%EyFHK@ie#ADk@m4}tYK9R)c&F5ww`}+N;?YsCMZ!Vu$J&x_?XP^)JvZDJa z1Z9&9?I#E_qVmu#3)5BcI$yR6w((V6gS_XSj<`z<($H=h;0!>3_6JvV__Fp+F{9wH zh3K+myV}~$Y1T}M#+`6LZe%F*U_||SR>2CXNP$7+>uEx=^F{9*8p*KblWYjywFZmc zKu+;)4|EdZ%S{zlhP|hbUP;_aRW!*Q1>QArw0pnX#6M@&zRNJaZc-tZdhe6Q&(H5b z|75d7Th5Aqodqp7nk$e&yX)<|q057wh<`(78|2@(B{A`dJ}IL1l{0X2DtjZRXe5LI zeYB_gu9l#{XdT`=z}_4%4aGI2c>X47sOiqSV|PW?39?FQk@_(DDKrelUBF)$Dj@|cC8yjIe_74`xJ)to{bNP&gw z!d$0b!2+4+DzfIRj9s^L#*vdO%4e=9PC-_B?bY3e!<8rcL3rGh`QvBNbGLgntFnx= zyWG9CNAW?-Oq}hvYduVh4vR%YZJF^&m)u|1ao6DJKYauDAqFPi?ewmf& zPvFAiWET;pQ>ICob1leAo!aT=o6gkTxq_i>L$u$$Ul{F&xM^Ga8s4ReNfn9XeJ?F8 z$2&Kj#C_UK(7_rJwh!J&*5Wb#>gqp~UYxK~x9&}4!x5ZpoaC`@Pm1cgBBzhQ(ifXWSusp=N-_of~tUFV2ro-C>QE;Hmgwandfd zQnGq8O?UF<G{P~POo13X3F`BQ|5>`(6RUSB@$zBNMR;0EIM-MK!UuZL4-vD_TQ$d(aU z)8R`2W-LCubZVO$9dmj&4a=%l>f~tGrS2H#EeuaM?DCdkTIfvCsAW@e)bcQ8*-7)u zLImKRflH{8fo*m)fL{cprAn*rb~^G_W)|%L6mY!|Sn( z?Gi`@MVO%lHYwbuTgDq3_k%L1b%&ROs-lHt$tJl+R~jWd-hDflJ>&HGs3XZRIu&~4 zBtZyEbW2HSOzO(n*qp)F6fg`AbRf^LBSk}l*XET(b#`(`PN){m_w(!Q_8!rldkAtl zM()h-HsG2Id6nVS^T_Sg!rxVyrSj_lJ{ndLDC*`k^@uIpJZ*kPy&GZ7!f(vKsV2|D zK7AaV62~>S{^&i*1Z8UFgC`;J$U(mm<(jKmVL9=qMV1k|V1$rrfzUSvJ zgnv|@2uEDJwZmt<6S2&(-G6CLA8yQuo;9*MA5`194N8i(4)026`yCc7Wfllyk*sSu z@__fPJS(q{re&m-vLMvv@FE1~i&|G!^{tZ&0O~*9TXFU*(v&|2a<|YdnB&FWq`1+! z7YePAo@)}}!8`8oc44xzd7{!dah2vSz>+fb7m=RI=a!Knv3 zRc=a0wnY!Eg!0EjJgwS@UY&&wf^4g#gEl@j(?Kppb>%4?qgIxB?#H7qJ2J(!X%1Hb zZN;w(zMP<{&G0F?gSyh-B~@2A2}C7?6o80$H#?BhtnQ6PtSGM{i}MrcZuTX*Re^WA zpt{c;Xg(I9YB}!-$9{zJa(ByC_sGbSNhZp>UYQ>44>2io-xotck3@A{FPS}GOc+U@ zzEZ^;qc88$B%-`d*q3a{ygQrL?8n5PCLZxkiT-U0#9M8~+oYGjSj_$MWh@o3Vvg_& z?^8@HdGOB3;f_!-KdCLQrAb*^5BrG`0GiyMJxqBo7Gx9AQh}Pg7gp0&ig`Ye5c={zFL#sb8F>&wQqPd*;p zD7kxvNZw{fXKW}Msc!6va}G4tO)zpRC*!rw-}2I-f~wn`+E9h(@M7e3n+Jq-(sj~sePvvThd$@2XG>+#@O6GGf*2z^`(onhmMop8Q;gxaZ zd~#h-X*;u%{$kc+(2&K_m;K##vg|bGoj$Jx3?z9h11qu^j_xBV`3*SbY!g8UgzR0xWSiIbD{gUSq#u-tw{K5C* zdNi-06YND{DuSH=7@=om6QSZz7+CxPTOGF8aAmCZ*)K;6oE*m3GvuhXXZ;hz&LhPg*-ICO)IV zACO&|+zeKia4mrWdlpbf`OEBX2Z?>2+wvoqne-|XLXXcr zQMRK+1j}>HhBZ?mo(1txfa^|_ct6WEBQoiMfC29xVi3X1Voc2I~Dt#c-%_iBcfVb$$ zj*a{RhqWs!$hPEScqv!YZ%$BAJ?-G$bqqYPhir0HXA-Z1{f_%1@Z&jEuvzcYF_ly3 zc50n!yc$dYWh&?hy@gE&oG&x5{-E?Bi&NuHusWAtaSs7^kZM^G$$ zEc+hdX=9&Cf12zcsfF)Pcd zSmjax*y#aZy!ap&UO)EDaQ;uP?ic=9Lm1y|+&G{dd#xAIjqUTWxmZ#rZy?Ye%iGCzJQ^ zt64o0R8#9}{ZUOS>v3GS=Lg>6lQ`_7CtY@kB2DowMn4eq|8!fvl1-tv7Z3lsXV#va zqsm8YN;7Kn@sC2SrIfzLvaytcy7rkF|w8!yK*V|))a2r zU#y=0deMA8OJTG#C{zx$cp$&>WR!A;VD_~)w*QkGe?Pas4;~9R!$u?R&dC-(sw3@f z8sR5-w|7*3B;f1{7I4EMeh~OlIq-FIa@PO%$&Q< z0MQ=_hVNI7+t0M4!NPFl5R=f$S zwXZlm@@tGv!g=Rk9G{{-;XixW@QCh5DMbygoJgwNg>(a7p?F`B_}=yP^&Xu`DrUx- z<6KxS>*gn4k(#<1fm4X##s5rxe|L>#y||##pZjZ&6u&<^JBtcGa&gc7ikbU#u`oKUQf=&~LVgIY%>@sq5nLA1tTe11*)R_ur87mjITa-aR6HHr;2+3>JNjr6G*-v7#o{j-iqfw9vQ!6@PS zucFWY>x1u;;$p*z;5d#S2H~OwzJB>anmCjHM@_?rV4RD7G7@qL|B}e#FFn$?75M+X zieSWg$E-jl%Kxjh|J9SEBrdcYSqA0&^Ys5;2mbs0d~z9I?X79(GeqHbpHkjSS zM%!PYhBDo8PczBM$tmN`Y1y%{6s@D#uiSJ0YkB)D%FV36A-tYP<%eMT_J)Rr4$2#y zx34g!Hz`~Vrw6cN+Xi0+dK$RyDHedpepE!dC^NISjvT>mu<^s*z3bnaYsb=b>}vDS zVhkuEH6PGLHxk{>SRF<4k9<(hwT-Pyl#M`Md4`a!KzM+(`g)b7%mx|t1_r@Oi!3l; zMV{3e5l_&dO{&#M8{yvarVYL0scJF5a&ENER_w0%WEHScw1Iw*DdgL}iN6sie3pB6 ztE~b7JI6n@J@U1l3VDIeQ~*jnu2)zhMa9{22EX_ND^@ZRN7jyoaVIG^D`*(CPgj7W zYTTu(O+FQNSB}INz~$ce3m}S|6ca)ipTno5O0(P*R^$9uQ^})t`f`I?0muXmH4<1v+LE9RJ^i`%gtB=sx7K6d>oX9xohtkC0GpSb;>epd(e`-bLEampt7 z)lV1g@UCB%9|SI9+dN>IfAFqe4aX844d%#0AZkUL$S1gOcwM)%0*RT7<=rRzf=Ss0 zt%+<`gx+(_Ic&dvbD2N-^z|SE^I_F=FR4-^HI)TmkyTr5oXwT0CWN2G4Fb}&kv;wV zM5pdV$n&_vTAs96E0M7R-kGnnuwc6Xd7U0B*pq}i1g1rBy_9J87*VilSxV_a^|I6J zr~Z9{g9nO2{q7aD7KdXab`{=ihEk>;9pP2OSEyfA?`X1ka%$OeNPfp58OCtKVaozz z#Vr-UIt>gZVO+vUz~|@8i)2mC`g4)7q(v-bwN{B_1o?RjXH@3fBSV^#)Mr0sWBc9= zEiP_6(p!Ci>VxPH818&V0AR>A=-f=w!fYltj$9AMrogfB62y4uj(LO-3`gN4jdOKz z8QHS9JK&!lc17{*#*gh5qo1;p8f&sw!iP zmT-jPaYW*=QS!=SXLQ#ITgfMaE722jUs;zT=x+Air+02w%!8dfJjrXnei6jxIl(p9 z2oST0>N48dD@Tus=@pP?G~lb{!{3o31edQTp3L)VOjl*AdV5Mo^T`c5GdW#Tg-aJANJ=XrqQQ;h!q*aYS;j1pGTP3(*}h^}of3u{1H03O9qm=QGVagXJG_VAGzldy zs5OLNQVqU(5oE@og^@w|35992+0D&sdwMegSVPu8SdC_!!M46>sUsPg>~gO_eW9>V z{#0qk$lvZAr{H#E)=>!rhr=he&y~)}HKyddyzTn4fGrDTiZrv$^uu0bc-fFajg2Dm zY`I?PV>f3b^p(kAnQWy~nf9S0810Zdrwh^yE+W8D8B+`r$_Gm2dhXAJ9|!@U~bas*JJ#?e&*sHBrufDuz{`82L zhDVu6E#-;Hc|~n@C(sN!!z9U3<4q6GQx@?e27|3qJ9ypLhjZQ+ardf1xGnN0WZRzU zS!B(YjbO`Pv*hE)=viYKpi`+yBZaLrfFcR;XwJe7_z_EmLs9m|80cp&gayCRv;-$( zEH~vyQGq|S&J2^HS0L_1I;{(bjBux(KPzvLiG6J4bxLGV>lWWGgk2;sWB%du2t8N0 z*`NacbXl^4=W-o%Wilt6G0I(<7(A>T+dSlO@I}Yo^S86!uTw*-^YZLCcVQ+8IJY`4 z2Ux(NaPQcCYuG;TXWN-N#jDXAt^|Hsu9{TeF8vv9RE+8)Wv1sts*2(;r%Dek7JG>B zSDo_N`&0$xmav#6feMt{llD5Mc2J%MNDg9jBbox%=$a6i>-2Qgb6DttWDKM$f@;{M z(=J+ej?9KVwD7Rpu|>ivX+lIdbYJIHJtvyZ|MF>iGqUdy5;BMJZHN7&xGyuocVyf9 zYBJaXzIg`Ppd*v)aD;M&*nML>dU@vxp{2Rr@2l@e9b+TQTz<{Z~>Hu}Ib+?egv*|+Q zZ9IZ!8PcbGc@o*NJ^O6a=rKKH<7vCLv1nPX8*JHnXX~9BQ{0BWY93Fo2PLVO&T0;! zs^{GKt094ILlpdNp?9NjNQNfG9@EU{JC3HiwVj8+ z{E5~K2QgiyYT`5 z$Rem`2ilCfwjNAr>t5HyjHC$J#H~JmbCMYd>dIS=YeDVA3HdCJe(tMoKyM_6O0#XS zda^5nf;X1x3N`M`^SQo)TynI^H_xe2BnIcn7i}Fe@b+P`ORWp2r)chn?1f~=mN*)q z0w>uu?yBg!?)J^cXRrEDf;SZYRssf_;Ecl(HMs@98d*l>g0B7Ui7{IV)2ZPqa$ z5y2ar`=mMTi->d~ZCHVPkG#(5nfs0)<96Z0DsynQ9xenv!=PDZo18;n4oy5J0c(sB zquA(<9RSZwUq2)zG;W^~{h82WL{SY;twP0fmy{~Cn$EqQ!~BCFaLvFrRKN~qrBLUw zId!q1xM_O0cI!sRK5SqGJV~z*Zfi zeSY{*p(*c}@5D*jqKD^pcBLP^DZ1O1al>9oRxUnxLzMaat^ z)pxgO6o1_8?48p}&5DVAK&QPkQqyG`KXvUa5!r^S{zOUhGiI@sgYGQBy48+GSo&%ULk z-Z9;v^pFVnSuC1SOr?g8_VMP2pwX_Cgg&H;@XNq60)jBOX%-54BCCLA&C{E$ZjQ^K z_I1SWJQLMslE*NHoY9|KdWagrGcBw!7XC%Pc4gW-qYxlb~y_csRxr|3|oF&s+>P)Pn7dQ#htpOHr*M(ihkR z9wi3(O|ZiUsu^~=+4OxH^Q`P5Y!PYCQiBXKM=eWTzzomB`N3Z_ zG3B1mqqhM8?Z<(^^#6~&?~H14Tf5yGMHECt1OxN0A!F;*?;;G}6l!lU}k%429YSZ^> z5KFL4kry~YM`IyHd8e~{fh`H17X8Y8V(nc0^6qGg`s(C)r&G)Mhw|cM8%eb2ag3iG z;kKBco-VT`b+l1oB2nVhp1fOA=_!W_GT)p)erBKKTYb}ZIPrR^hxUa1x-GpRmIEQB+e6IAKH-fbiVf`O;O5^4bPZ z-3>5hni|yU=!rrTXCxZ_d=Cuntsv_Z6OVdq4-b1D)ao5$@4}BqxWo7Sh`MI?6L;(K zdy6;6D-2GiMExuIYMVg)93G-%?Sj@zy?T$uoLF_j3)l)q(>(T%FHC>@FjN*;qI0iG zK&WRdtXaRcarK|7Hit;>eC12#5%ZZkF-}a@MO_9%uv;|_3#Ao?Gn_SbT_wZH7(~fc z+D+k>Qy(nBvlK6&4}ea9a7&pWywUxSn)AW+3^$y#Te>?saO30mzCOZwJPqQN349t^ zSOO5|=;l~!nY+kV3sG$J*ko?%RSlWB+yLj=@bPyv6rypt>b?KoLWb2Gy?L8|QR0b? zT=u={4X8s3(824B`=cG#y8IXPO+*Z{ZG6Fma6%Nv4c$#Ts{We=lL`Yxoo~C_)K-2N z$=pYBIs4_$8(ouCS*E;O4%=LAp!bZ%t_3*OXq}QS`5ybw_RB~!SvA9IhwA5YL8Uw< z^~KMvAHgns)w7!zyvJxP?6ia65O-(%?O2>MqpS6;j6OZRh6LO1W=J~(YD9?(2{)Np zJFvsaX+4_Tp@t(~nWCKU+BBw+GAT6iy6Usay0k8|wV{g)9YhPid z?a6jauBRHC#y<%8}j!^PP%RSFp+kk(4JX5EOhEA5tJvvPR<^yrT9 z3}mP&8FWO@LX%A)jMgJAg|_Rj1iEOpoiyiUft-e@f~5{}cQYgePeF9)wct(F$&|^X zu4yIKO($?M!&GjEh8i~GN)cf$y7B~dvFX#{%<5ZsU=Ntr&xShpRX>sOC+HXV z(+kjdN~PVn^w;Nzdd_!M2}&{no=SpmWUZYw*UC+ozvMLpL?wx%#2I!?kqc^GG6ZX_)$;h!F-R zRg|y>y-_1r50a#3LsfXv>5N1y#5 z6a9~}$q5v~WvHh9Z!COQ+P~qAb^|jXs;-GT_RZ`DnfPj?eLe{ob2;;cF;Ve_7=~N> zd4Q|c?-x*YR1Ic^&!pB=WTofbxz578--St;sT}gC{q(|i^@W^l;IXZnTY@*?W~RvV znmg$tE^FPpOEb#kLZp!sJ_;#N72R=t9*0?;)*s$-OB{8Xw&kMNJe8-@==z0o2}B)6 zS^8+;v@>#f{|$Rt2zWMO*5s34`ynwjEMVEG<@nm=xUSjIM=Mq7LD3ER-%P6?^jdu; zFjWHe&YPcauA>trapL7LgJ6U9963Qf{0CEQ#LL`vG*(dtBY`JmI5xWv@| zl{SgcKUpQbQ}qMw#jg03j1Dt^{|rJ@dnT#cONf2_l(1V*=T!J9gCeCrn)gK0^RN_U zbnh)zawXcK9s;pFZ#v=eqRHy~TXIUtTt<=lZ&qnXfQM)#MpC+K)+Q!>)P11GOAQ#H zr`%wsGR0-vUyd@lRi(=8r`K)4D)2EyC_k3aZ0{ERwT&ZM>|~+sMJF+1RqF0+8910U zL6~7^S~k-NUe(*sFUzYQVb0Fk_jDK}>>HZOBst-mG?2vF{Mj#Bv&ZMDd9KD6D8fz? z{p>ro->*|nQ(OSJ4?K3b#i`wyKW1c@SZhne*810SJX*0o1!rgWG*F)n_o{Kz$^u&N_G|?2A=wQ*Rw)ZykWDJf(LS$89lA+d|tLY_%dqC+*~-7259>oo5V-qcwRnw0G=#JWaE5jm1Z5A>RG4 zQYE>b0KWy+Pk-s~MJ9*3YiB_+pmwZ3m2UNxDzBpvBRC}-37kJBq>A27cz&aM`wHW@ z5q9cq_-u30nETQnFcyA$ZY@=r|3<4w5XD%w1T`fME$4_NpJnV>HppiLxXfYb!>3U) zWHNZ2t=2a6%iEr_1|e{#?~KcBS!r+IRjq8{ zNJwGbGe54KvVs29tyXfYA4!qBX^*23%I=$yqd+aUq|dl_&^Ox(V5`U#!-wVdRnau< z3nZlsix>1gUiIBoXY;ljICIkP{yk3AQo%hJ!`(nm&vz5OoB@B?@Ma`KJF(4Sudc00 z?}i(C2y^CeyGAD!ZVjgEH!U{l2H8!&`PijdTrN(@m}5v9IU9d%4A}3lcsqR6elbb} zRcHTEvi!PkT-4i<<;XjiM($AjnhFbEqW|R%{?=zM7}+z^YUG0cG6wal$ps3VCmhb& z!5F1W4IiG^VwcdRwo`_Hj}zvxWw>* zeKhAKJUv&eDza2+CN1Wk>QuIz(v2r?6PJYEg`T=3k?tXHt117;_ZJUK-X)a!{Ub5lbt-r?~XkuQ&w-(-n zwtpjltv5Q7#MvRzjzl|uv;cm5=R8ql8FU4mF;r$!DAHiMEjLnjoyb6j-_-LM8U@cn z469TX9)LL!OonWO2WbAarIgu=bRI#FE$pnHEd=|Wk|<2{hVH1yCe1$GI%wFgr8eZ8b!em=*5Jn!5mlgo>b}au0`c?Ga0x zaXe~)7BtOS(uTpGq8KF_E#3frDVHCZKGOz~F9KR84{yIa&lCG2#2s^=WcBd=D7w!B zgKhqqyg86qnycN7xVUrOuX_=deKsv+e-{v$QT(B-n_O7h&9*D?RT+8O^WSrIJ2x-Z zu9i=cN!g$G*8)ybG`n@xdfC79(K2w#Y5?&-W)@eWdfwTA1Yj0jL{`oq^C@6CoYJ+b z1}`J#sZ1mwjuf46E{Yi2Mg`_kQnWj?C0BPDZ@VF)X(jJ?GXKWPy6UY(a_QHr4iwU! zh(Dm-OW6a_@t>LmItC&`k#7**x{eMB_oey59tFwDwtMN+oHP$-UcQo)2W4;hoRMey zCOl;1hN)s)TIpcVEDSst9YmlmdSNCr4h?tkwAN6G!3l&J(|a(sM;!y)$V7?Mzuj9B-sUpNEJjg!>32)6-2xv@ zRrti*UH`|4{0DgYlX&&5oyzmqm@am;waF8!)Z6cjU+VbeV~G5ubyB4cKBwGMJ2h<_ zFJ&~*;hQq?jKHg924l#zmpRYrP&E&X?Y#C4{5Z5+OD9%~Gw$To(3 z&S-Hw=xQB*hZlmivor-g*H78ULHzgeZlde70t{I zEvMQ3DmHR!@~WBm2IJwTT+czMTH4;VVH*{u=!&Dx1T$iRL)3oP!on@T!iW`&zX8jZ zva|l2IwLNJdJcTb2@qsyd1iOwiMzpO7ylL)4N2D!*!xG-2C2{-!*CEQO|o&l#vqIX?Z@3)Dz=TErx-;8j8N+U-YztBtGv6 zPf5By5*R~hn+F=4I+SD})bgBXGL~=4d=-7V1d{h}rg-54{2tb(7k~QZxtB5I&0t({##Gq%w&a)q z;Fclt&ff4~e~?~i&NRSx?JlkOnA)&m6*5wqsKci&ZX&ZEUR`Vorg37fayD@@k$eCM z5G4bvrq$>?3QyuYb$MKIc1b7r3T5$yn?I6bcU4;kMY0lMEWBq|EQR6yMiT%?7AX73}3H^5|_jp%9HQUr*=U#`S4;LiF2IiB+Kjt{JVj;e~z|tZVQ7mYQKP zX&JAbebi(ia1dAnzfibcfTIojE^r)n=$s6No!c65w03q|ye)bKl5r;9GzzNXrt8g_ zPJ8>k`PtzeRZe}z<8|~S--6kiaB*QtB}E2k_v#C8!t6^|c90?^=*jWQLr--ZUhT1C{;0t@eB!=T6!N?=NNx8aH=m0;rtV3K}$pqMsI*kwR>`jVH% zilqFKjO$175ngM@(N^{bI!tk44v(k9anW1uV+%kE3o+rP`>eZ$9~qmXTBLw0XLC#IQi%OZqmYI#@kd; zm^@>KjglrT#8j6`6lK5iE9i{ZE&$dHe>*JExoa}@(-SZSW;C3|=)f|j>Ai4Y#*2>N z)lr9tgQtg0xqQ+97RJlK&2OsY;jv!`*olk9xPzvyK}AzB!5gjF_kT7TPPBuTbPGDP zFH{){TgN}yoCajeS*xZE=q2n=olK?0KYUyIQg?ra#}St?_Bj$OS%tp8Wn?yZ5AC9^ z=FAMCQ|4{Wy6=d$!OTwi>-*xa@Rr85`QN1Tmiu~0Aa+vYDDp+sqSZHD{3Sdho}>#o zOx2=3$1UDGn?y3&{&e?`^R2&#NdKEn6}Jq3Ud;&3alQ`Fc$Q54K}asC?-Wu;vudv& zor|;5))w5s?>OH@D!eWebmnoxKm!hh<#yHNU+be`jUx$Idnb$>R&1{EzNuE?d_eK z$Dw}S`r(6Lq#4uTaCj7}OlE<3?+v71g`9Dt-4u65lMzvnj+}l0yf_X`l^Q(c^LY~8 zbdY4@j8*eEl`7}p{9R1&Pbz!M<>!t?0}v}IS(sibneQElb(eF7xEGeZ2Wwz{Bs=?0 zy@@|x`cXXaXNdpbeTGzR0akULDm{CqVQiefu(;^hu@bVk+K(3IugGXy@P`F!zkMl= zT`$af`RVlZR0piZuBao#Fp??dcXM?`wu{*Q-M|;$Tc18Llxk$t0nz`QTP}2a1Uy{0 zyto(#wy(8@i2ReX?Z3dTTOH>~xMw-kyRRIu$mj)3Jk6nd{YPx4&FOFtQHaI@3mA{@5j_@5ViMWWv#D8to-8={#UPQ zDgL#(hD4KShw5$RQTtON9*=u>6lQ*wg=j%DP0bF28TH6}z&Rho|Mi=HoB{v$AOH1F z@_FV^D2VHFSAmhb{3z*tYI=Ud3YK=UC%@VY_mc7V9~~k8_iy>L|7Prbu`aYHDjXR~2t@NFg{XSkTxZV4pyT9Cn|$tH zi%tLCUjGla_`^z!<6cKcM?>^rfvN#+${a~kg48R2O+w-?zv9QsmgI^1aJfw{L*y^^ z!2ECD@wk+lDA`o%!heC@xPzQfBOwr@aq%|*X`S~E-o(B0sj7t zjv$uI%sTgW6`sQLuJ;*q)Krse|DM55sgTfx%j-e`E1A5`f>7#MA^cw;u~9k z*BF9d5><$G9$H-c+c>G;i;1#@f;&3nP<5{x(9VAP-T5 zxF>AzZ`mQgjN!Y&&owV20&RVd{IIV z|MM;V7foQ-9UUB#ddV>{*>N1|AO_JUqJy|NK*KS#X-Rj1 zl(Z9p5ShlM7ZZ(94R!5rqH{{#d$rQTz%1rJRt?;*B?9{K%&T20=RFF(sp;K;Yr%8n z!%e{sQHZ)FeJhf`3v^~)yGTXlb@z=ReP(h@cEHIYv4?`7x|o&cXQz~{n6!xwgFM=V zSGSe5_dI(!yu$TBmLXe=;LsEQEGKv_CCK3bS~XnK-%IP47&Vxk(12Nsmq+R5y>QCp zc6<7ZEv56nO#4SKfL~A6+AAa^*EJU;Bv$)iZCg4qD z)!Hsu<(&~DH);KnFzI#w&9e55IyFZO9=m{BTg19Xo<8l}MrUn@HIgvd@4w$&AD!eW z-d#PIkF7I2!+MEd^Oc>!hObApQx!SSD$*`(1D$Oqv#<`~HhlU8%t0&~mEqCch(<*d z-$U(bL4w+rAkFY*@(p@Woh8ox;Be7*F|QvmIs27s2BFr6ckFSPVRSrm%eu2*0?0je z1n$cPdDIrhYwPV->BC=uq>oR@@Jw{K;ZJIcoGKooCh@mP>%~?H_~p0)Vppbnc#oZs zC5ED|8qoo5{7I1~HEUt=pgG*W)kwL@x+6=R$r|uU5a4mfCUtNe0ASwod?#7b>_GLX zZ&-Y-?vO@`Wiw5e*7{%X_s5Cn7w!bs;F-aX5l9Rn-PgWdoB+R#!c6to`wfz%>PrWu zI&%KO{dCQHEh23knI`$F4UDB_EsEBaS{S(pomCejUHofpP4+5Z^L`@s+zJbi?2UiA zE@*xI#*L!nr)9CY8%G7{@g3Cua#UfNCn89+SBgW`)j+|yiEwqhp{NR+v;g=%G~;T z$f~1*G1!u_vC?8=7&-9gy79+${O&>WDMw~)JkYXgUnl;#F063Hk%_ydTfUHhH8OKH z&UJoRiY%+qL$%s&j}F~VJ7|CZHFX+noVxMI>qTib3%sa2Beb)-Ew@&=HV_htzICvx&w`1GEclLZb!yjIoGa(miC6ny`!^F=49;*ayCg@Of@Nj0AgaJxNN;D5`s#IXcla(|#IS$r0Cn}$$T`@x3 zY8kG3^P?O2AGhS(J?aNEp*4mp1<$Z%qUg{|3Xs? zR(SS73`9zSgbri?(oy9&e7yF9zt)B1RzJnfy7$Bbd4WTSdW3-uJN)TusE0CGi`)7% z*@%ew$0Ik0(J12aXyY}uL5F^?b|C>FrvdWSwY**r{b)GL;6H8Jl76FhySB~H|AC5i zcf$9NJKz4;2v=)mNqfS(6+Qgag5x4Tuz8%Hg=a*W*5YwoOrO z^_(HfUIo1{h!%#-hEFi-X{lFV8YrhatHb4MSLzGeOWdmCQ?$Y2lF`tQ439mf)BW4w{0yuHfFzBq{98{yL>qUj2mlwcxajTVr+Vu z3(7)g0J2{6r11@U_RGg%(NlSc`zu9q;YdK&#(P5T`m2Ti=@$Na&_Cn4O4Dqzx=5o< z=k`ax6sx$`;VjVYLTw@L4o6SLQJ{OL>v%ZiI0$scT4=r zVIp*Rr)xilhl_s9c8W#DTK^H{8RyzLT39_W@-9YQp-@V=*mbjmEjzs)gSyMVsQtbT zq4#xSDmR%z#%_0>0t_<0M@f#|C?@GX(&Uwi);T~LUj2-G>Vc{ro@?0pm>qkE*1&0y5t4YFCuow>eqcDlt)K?zrquyrNGUYDw2}o=As99)G3gTNvP*bXnw9aD`eKwMuN4 zXKay2S8Q2+In#+ut#PnB!*v=e1+q_eBN4em5>NOOIP6M48FL3A2vKqxhgW*ZMgbPa z$uly{_WaM?&L-3K+-FcFn&)6>vT0!s#oPai!D3WN23I|;wC{fTW4ajVAHdC+j^@o1 z?4)%O{?p9N6{q-kwrhXFD*iLX_PXMA$`bg=J90g|Qp&|HmNu1(MEP9?qbEgA-cdk_ zfM{>G?){1L*3bJbnN}KNr+17N`#0W_!oZ4!p1_&>kA^iH`KzWz*;4J1tA|?_Yg!_} zF*&1%vqqkKlzNl8s)*`+Z@;Qx!gEKO#jll4qddNluWx}9wI5kFcS1~4s?=;9)eEYC zQ*U`OkCQspc6(?X{A+!s2S#e=PnnEN)(*|v{TYD=o!z3oW@6QtRZO9~a~#=$o>imv zX@XQlT_p+ECSR>h?wH-)3o?{WsICWQ3dzfdowTV)E-(RLOu;rz0=5dRo?imP6@jm`e7z>c{rg zHx#?NKG#(;a>jc(z`bIVwiHJDI%nS$2_-H}(M8_F^g7e%J<5wTFnQb%@E5}dC>fWGjoe0lz4Qv0Ct`9#}@yAn) z&(A{haVf`KCB46RBsUV`K4$ylPlp(#wXMgg*|g7r2FG|K1;YeyUk#dX{PHE8!NeFJ zFEdb!l@L(4eJ*nZ*R<_h>BV}$#hU*;&acX|@5#X|E^einCbxX%uzA;aH8ODGq@n>e zHU5m0+_bq<;=o<2rs|%;dZejI6?@M63zGY>#A=Vi{fn6S_MzguoT{Yn$CZ{T=e_1O~DK!p53Oayr;YIAmRJK4Mx@~z3>Q% zqWj{7q@jHduj=xdzUO^;h-xUao0d3KJGuH#^}DWhkNq*!Tf(u_SXyU(GvxJ@#G#Z1 z+vbLmJmc3ZXW}NIxoMEfBz%)|?n>zxzt=2^QKRlLWM(wPj!0;fNH8*PTwZlRqjeH; z;*L1bF==}Cl$=?ZOyNzv{UmGc%qL-*kEioA4ymVkU*tJXB91*e^4%(6MHEe1 zA*gCypFjdOVz0GHPeI@Cg2IimokTM41kBM3DZNzfc(l@*LpeLy$3*5UmcSu{ZF{ET zcY9EqpR$h4N1)?}M}fRmX7NI%L|oG_&&>BJAbfSWGhkB0e#$+A;$^Ar1sSXG8}z%O zI1h$m%jOy|^0ffB4(`4jl39e7jDrob@MeAQZzQ=Pm^kv-AGgxzxLs|~g zJ`Z#Lp{TmIBL2(#z@2B#ky`+RQh~yQgZer~B&-70Z&0Af%@8C}-tJ&rLyeoRDOHHb zf-Df|wk8M#&1W`AhDa`uG|j9=oU`fBKn#4uxzA!cu3wuDnU6MwGtBC_!Q*fdzOo|9 zv;!ZdWKhGfW-af@dh%D@W3wYS$-Oe{XboH+HKG7caKP42vuiQ}JMfYL1=l2> z+v_tg=Fq3qJ9SA2dyhg^abe!^`Asy$hS~;GAU^tO%vUTM^80e%*Qa zt4$9Z()c#d6xceNLFO*3YXhHvj3=ne%QYePB(<54R&&_nV4W!%c=4`-`-p#)()Gn{Ct2Yf1Sj4(=fkK5jG;_m^C02jfrbaLM#y6GNI|KWS^n0O+k&XUw2Lv-^;CcfMV9F)VKdhxwO}ko( zaNvg9d0e>?AgM+hz}Hl4-35MPV0jwlh8a&$0}i>zldEj!dkA?#zCsU}2S?$bO{8VF zFdF6OHKU#{&V4&GtpjeZ$TCMzM6TGO7g+P(Z@rv;TGRWftp=2NWeP^Q?`gl|;5FHG zHeEYYduu`+@6?;+f8+Pd;g_Mhetv9WJVcW|?H_InOyte7&-THK0#TqK+M&|Q67;*T z;TZh88-Pu5{cZcHb6$sNdIZk3kIg8nWeB$R)|%3>WAyl9M)a%ZPJXi&FUl!49D8q` zoz@+S@lJcGQ8fvwlTMqwT&B0YwzRO4WW!2d<6r&oGkto;tMkHFhQd-B3BV5O)qbuS z-@1hG(5$`j*$y+lQ8M+)(aNv%5p^rbMSc}+s8Osndv&ctOPaQO<;g86WMOz-QqVdM z^KX@SARHaUvrDhvJc$X0lHuW}t6a1SYU;z(^C1#{_oP zVdhRJ$TJoh!UA6tW|x}Q5fcV1`1FFu$LOCXrS#qlM3|H<0JN$j0ydc$t$p^&h_d9f zaX-2SVu0taF5il4cL>UFuxS)h65(qig91*jOzW=I)<>9u7#dhc2O#4a5Dd_*@VAI% z@R{yhPw60V;;yA-yTWO)fHPXBGm!?<)zUqiFbejniIN#pqv+^Cu%RQhUVc+^lwc}J zed-H!$;gMl0~8rQb>yd9q&HS+C5?@JMbD{a%pMVP^>7Q%T$lhGar3P-kTTM2BTpE4 z&^BAQ>G-=iT1*^CDDw2KDB6{Ayr5wBs;DJYN3#l5<9<0M$03*x9~CYJ2LRsl4%AlD zGUNNH;AU}IhNbp0StH6`7bd%CEY$6~sx=bqB%Wd;?taLTvD&HUVxwNH+oz5iTM2Fm zdcFJVnlq(eZM-jBs^9xX=hrASYagp|w&SYhNFZ_O(%9z_1Krbn3AE_^p9^$>dt^cO z6N@^W_!4isb6NMjb&Q40+AN@5?x=c-9=1$;DPDHKxV069Ur+ zr2kG=`o=1B!k%fnC5VN$C^majYdo=FE!-)3C>|pEH}8uz5)hq zrH8xnsDTf1+#rF6Z!WhbCe@4bfm+k(P{yZk$=%%slPJ8P`imcd#txt9)H6%gzBMdc zPx--J@G|6_NOjq5$)p*loV$|s9jz5;Q+wwtr7tQ#+; z9$($CGj3eJ+=O3Pmiv4d=Eu>e^G=(i(rvQCP`DK8iOvFbN^O?`6f(ge56vCn>oC5~=G9^~w&OS=ucn9?YL~Pu&fhW!1&6$&T}cJ!HHeISWB2 zvBuwvz1+3^<=3g6Te*JmzJvxWvNUsL;Y(l&$kuktb0h=nSg;VWG)0-^Nnnb=UQH{F z3+0Fj6g>L3-y0s}=>z_1?^RBJbXX+G-3`pwGXM6S2qBRl4+O$X;FGH~ST1*J$*hZG+=vJeY*!nIj!OGER9wKN+v@(TEFr@@foi_T+2v z-&HRhC@&R^Uh5E*j?q0R7m;kXF7InM5{5XiPx>gp(ujUFz>)PPaKrMfuyu&i zw?HMk%Y%XYsD^B<1VC0*W~()Y1_j=sI+GZIz1e@dX52`!Iqi6I=UqfdBw7E)p%qpA z&c$aqCvJ>YgwAtreJD{#s=30Xd!*D)UjC*TSZdJ8(D&>`lcZM#U4V!2?GoknFFB;` z2O1wyqn|Ma0{1(w$+FX8laz6Mj_Nw;h73r}@fwHv_U;+%kaV9vX9tI(PJXMh+J@3# zg!W&{@y*H5-lEp&dsP_V<<=LGu%&5oznyYwG~|Aph^3Wvw_Y7+yB-tL5bvUv9{vfc zs96{e-gN9@6oqtTNxzV(+LGGy6VEVPziT~N7XG>Yom$nwxZ-f>h^h#gRL(bEn0=Qh zhj5*N3tr6jqp?)DgZFekMeGnNeQ<0!6Ik#q(yelCj+By%0aS4I9=clT%Dph#QHw1q zOeDC;PLs0?k+lzF7$ws%!c&#)dH-aDN0(}S60|&IyzsQuYV~yuTYTI6N8hwfGn6C7eFKkI9=dccw{#cCV*SrRo59hmi+94v10zPha3{) z-=OomQ#=WT5~Ki#dJnTEDRZbepOYh%_2lF=Sr1m&ck-=DD_3=&2IJ=4ucIvspi#W( z;JKzekIk$_R}rU}wj_*32KwY^(H3nWe5pU_jt&LsM5I@AHZ zpq>EJ5lz_J)5@xEWvqEwF;bu8$$#4F{o#8C&_VLFzd2*33UQnPmzOvjE3wQm5Bm^R z4q(6cu3B`s%5-u0;)|Q7Hw9(qKW_UvJwh6>d(Ho7nDOsonWb5eom9>*udWt`Q&Sr} z5wJ8y_trM9wojA$B?6>tvhU-Q1zdqV*XD9U#%RJ+p1CAM3(UzbKCuvmjfkR*H;lu` z{JQa>WkKzO;^l6%lKo@9FH3>Gsu*4&z*(~C5bpu?BM z$@IkfJD@(jFssArXxUo!z|2Z;#smI z8rz>`t10$m(g}G{fzrLt?pXsW<|Bn@*?cU$&RnalG;O|cov0(cQPWB@y*R^jtZ`jZ#VFcQy6Eb$){|~3>s&ycZ!rP>rVgxkHr9=&38|ep2vDp zp9K~W6z&x5TN^p-Mg;4fUVhv`;tK!n>9Ov4!PJXg!^7I2K7BG^;8s6Wl{q&+*)s36 zt0jFj_uC$T9$Qfw(Bxr8`wP?Ge~@laW$KsXDl#Q2+$&Dk@!s?7WGwu+aa2g|hSMKv z>pl!S{JJg7XE9M!Wn?z|Ss&_qP`ejrC&V)8jWWaE5#Qec2GqQY4ij0weG*hgXTrmY z2_?n3v;~sJujg1~g0mRxvRHoX;jUI3p#%|F-JWvIo;NPD77oHBH!qB04J4J z(EFv(LOR2|!*gRg+j4cH1H@CjZz>+`GEhu{XO=I6Q(0je@o z_(%55TM9mYc_CvOO#%)zjpPppX_7L<9Y?M2f}|954|VZ*KFW!9J*TW0U-W764hX4F zT|M}V#R)9c^@gO4*WJvaR|;!`1s^l238Fxo7V(Sez+thwpFU($HJLN?W#f{9zPLE%Gng1j8`~6KzsRz6> z^=j!;jxWn**{>Uiyk$lUbZ?tT)^*hyi1gX#4>&)y5_!Ju-B_tD#_`+YE_no#AXqEd z@1ObZ!ql#hhCJgvLxt=fWuNG@b@YP!7FG%w4<_yOqsbLwF?ey-tYn=aVn7yEsdczr zT3-M(Iq)GU<=xVRGXz1+e~%yeUOImrRupxv5K`6v{X(dJk*3fNBYhq;TAJA=l51KP z75MOJP>&)1{z*0=f#Q+471BdHc-eQ|iS5#msF0`K?j)H`?csw$E6u2%VY}Ho83D^q zpMkBTSR79m01u=um*3+bMBM1et&uj#4`_cY&a!FTF7V|0f^$4ddA6?qbf(QpQL1f#sYxf3#lsBOCH(){a!4`#%45{mS+N3bMD{ z-K}!Iil_(7EafXaU9FSPJLfOrFyYAAq!654-w$zoXIAOb^AqhFQrjz@N>^u1x+FzP zk#07OQ6j%xL_ux3M5E*r%6-GLBy(Jyh7GsTJlV}N|3%Xg`=a3C*}bNtT`f}M`gw`9 zLn3fFowXy3Y>{(LY9GM%MrwP$mF~E^wKB zn3~})sZlQ>3{s=^y-MKc=-_H5bUNc*iH}leanjf&UGHHlbuFz$c>~`+zFXsK5_pMXSZl)$$$blOV!VWRcHmA4IPz z#6k@{{6^l7R)3d^)bFm;PWw^fHHFCxUoULv9&8@Wd=dtHc4Q=y)Bh7z7?nMG0PPkc z6hGwmH*zwy#<-WEd&#=OeogngR<$5uR09grIem^yT;Dk~;X!r!g%MLBO%jRa#4c?} z5)=EJs!(@b{}XWPaY=aBkvHNQ#J$er&_r}OcV?Ogx)G6ryC-cJ@P69EC+6iNLHL<3 zBm|zQ5;W`GVq%sc%o1TSd4C(_XKOAcVVkj=9cSoUyR(c|=3d<&DAhJYz4E3>*sHKR zi_SvzDoF?mr}d1bQ7zv%8;6ra_KO+MgU(vM76-~CgEEY1YmJOK^qi9-;}9$S;9Ev8;bTWw!UFnyrNS{kSfRX2$#3^E76H_Ut2 zW&yO?k_HczwLjN_`y-aQ>%BqJV~uiV_u;o-uU`Nf@J_1flL(iuwPM6PvN{_vk4$i& zDjLk!)nk1~^BEr|Z{%H#EDOUbgN;S360IU`S9e#*HrA%ZKI-ll)^4-!n+C zT_VUSFR1<3JpgX6VGH-F_n~}y182}HrD@Mu8pe|)ONiEkgSNF`S{xWOdjZe5o@>kU zyngUj6RpC{0L8d_pwffOFJB?7G+^ohdM*l?d9{`@b}PlKTBMzN{)1xB|=GiT$h_r!2E_iUEdk4ExNToujsU!Yo~tM^;>;xMhb z4H>8*ar=WQ|GK0UsMo`QoOQFtJULOb1c;9ITMqZ(uLu8!y|0XmGHv@_5fMQ^r4%F- z2}voD2Bo`)M(IX6hY?T_>23yTW@s3?6zOIdx|^XShK_f1?|XHhXLoP+d7phhz2B}M z%z0gB9DN@D<6skZ<}(=G*XCuD+KtVFL&5;WB$PB;BJ-S$6gFJ>W;}>mC)LKS`Rr9C zr&@NkoEY)|3sqZI+bhWtqRHcR3P3tw-W;sPd@h|>^|5PGtN1Bo8%(9ze9{83KOZct zO27B-n?-aSEB@BIP@x>2XG72yqjc^(bz<@67IJAxBc~m(Ft=-mZZMUyIC+dym}I?n z!pXi9OA<_tDZ3#LK3m*Dsw?B_N|`34SW#z)F(fDduH{!5KOu&JI_@2ciok^#o}GBi z*73@`+*Pfzbl&rl0&zpN8_QJ)E|8YPUv%;fxI}jqlOk)j&o*rioCdq@De^zS=)~8k zF!hHW`)MVdHW)%CGa{K;o%f!fc*5K!aqx7#<@4U=)UEL*LE=wx5Q1Em}MD7If`_e z`DKV=&B?+hKuLYmGD~Q8$Z8|5%j26o;ObGd!Y_?9h|Q;D>5bK>(FtLu|!V3UdIs^PB| z!5?z1PY`a>p-T>5$Y`!&xpjD`)sBvQW(EILp*p4FYSSVGCuP|G91##^b>+X|&J>=2 z&QBF~ACGG>_Z*Nt;cm-{G;rB06W`&Epi$3J`gju|hXn&o3$<3chjHAD(u&asm9l1+ zmo3GN7I#Fmv4KDrT`sZ}XRw9m4zfIC#D8Qj{OfODz&H!g5w(;UFxLW19J${p$f(f> zD4xwO+l3x*Uu38Qm!=NDJ^mm6YODV(FMiWLzyGmnV{5DArAwD~cJ|AC+{it5Tj6lR zRO?$`6R<^ZVg2c7pFEsHBHMgo_#~I>qDS5NIzJ!zO`5G&pCFp^3UvZ@(PV1aUC0}I z{}&nc94ueqh8!lHrqxsw9IWVc=OCT_TYo;IyQJ6=(m4Cw0W_j+ zRo=e&0ezyi`b}n*y6DrAgDFDoT|P@O*_w9fa=_!te>dQdGFtv;e|zbOb9j7Y()kGk z1EYjiK_6!>CYGdA`yWcOr?&Ayw`W8iZqK7zw8_+nV##!iDWUT;@0iB}1KD=}gl+z80zOGMULL4D zMe#=|Rahv9(bN6Z^$Inb(*2FiLpw@V?*oILuGcZzG6#hVc3IkyvA; z3wHjdpBgRFgFT_!o_gz6MjLL4*yp7n66L>1Z`1&6O=tc0f$hYOFK+!DXNYKA(Jdi+ zb^dd|{+}?@@K<4BRgq5rbG!fde}bNY+RbJyB}K2Yw~hRgA@I;>|qP&R1|C ze?9)c{g=Ap+6b%D-WQH6agLmc{jo<>f5xxhrGZc0wYUH%yX0%;<+E=Uzx~hkI_Wr`|`9AT# z|MYdK(%`PwO8X0nrW_2r6KGI9$rF>3oV;L(tqF#&P)0AH*ZB#`!=vMnD#=neklDfY zAnXJcrwSQW`n%k6hh%1~@w#gNPZX(`X(4gS64#?#Z7vWC~<(feoYneY!`me8L!PDi8oN^V9f{WB+oZjNdC6~(8;KK75T zVUz)_sjNRgAo@88{dai}-LOaNtESQj`r*p(e|NV;9^;@BLCD#!{bSuXjWy7K)_CId ze}qH6QgK)?hVAI>z<-R48l8y`m%$*XorQL;Wu-E6Wnv}`=I-h>Eh&ziwcOs3|J?)m zH(yS?##ru2R&{f$#35m3prQg>8@zb>)c5JLXYimz{re21+vu*1@UKY6t5-Y!-yj`t zkdS0O^T!|6u%QIxX|j)hD-lu!lQzkXU-?-^Dt_QcB^Ve)3xE;p6k2s4kCh+(9fMDoL694h_}_Q--!EHZ77xIYbQpPo1Vu|wMBiOmSw+Q`V7VjV$FG?0W>&f z+Fc@D!&d2J=aNN5I?->(M-9hVI@v16+k$V8V9Fm_L$wzUWQdJAX}Yb!z7mwM*xIzBOwTA6|{!J2tkhyLis^_M7F^W`!Y3X#=UiPXbJC zZ>{BP(5kWsA9vA1rsu98Qi}9aInWFb@gDu>1Iz)9%ykG?p#xQ=^h?9#?`g8>2xaE&rS zQKPH*K<}xbdIREev81!9QIj86xw@j8Nm=>mLGRhmFKfZuuuMprX>Yfu8mh3-j4^bg zOP;wRC8B@a@88%gz8s?I@GOUn71(eMLLGxHJ#;CUh=x{y!WOIJ_l{>s!3m?c6HHth2WET^4dyIt z^oymQ@q?ht8infP1F=H%#`l*Lcd;M`wKkBUIriWc6?t}gSF1(eBM+~<%I(IpgeV zQc#D*X1hXOfU@?H3W5B^%9e2^;0aeGJBl(-xM^Za{U*Pu=azUigp{y`rSinA zM|-CFfAR+Eoup~!)*b`{+ck&e-~Ea1=B0h@Wvz}j>${P8JNObJEf1HfJAT(AEwb5Odoc`QO%E%ykI)bi|hHAir{2X9{m1W zyy@%;fVFDpa|3s*U={a5MVM>p;f>w?|{zR#lo7p2*ho2jp55jt3w#7OFWxRM20vi5^mAV?s!`#^xaa0;{PL{7%g z9fuQHJk6bChsQ}7>UP{5!}JKi8QGCqHfo$~Z&Pthpx#jKxCwCcLo9a|~Yb zO3)aytL$s|0zmTGuf&$Z>oecE{BWQ}+Afqe^TT}knjh1%y#zqDnQhYbU)@n3dg4l; zp^rB!i~e& zbVdz}%$o>ipVTy~4y`ql-4=t^v=fJu1<&JE+Z@Iqs@v%5;ZYxZ9{RVqlfuuez?O(; z&m|7&{M{{DTw+7aL<-K@kgBA`SkEa_GL4aE%fjwDu1!=_!TVp5E{%B&iZ+qj_RmPT zGb03?HZIn1+}Zf^?%PZuRy+cxxsr!H^AxH9gJ}eS9G4JD#kUiVXZ0L_wv)d7IZEt? zgY4Qm(oR}C)qF2bi;wAZF=oGE)X$*`a1#1R1)UEho{q1uF$fKf}0A{7oeIwBoKO?ia5oY1KWcy<)lk5-k&)_C19U6iv3mO%2}3<nTYSDJdbl$J zKJ-at)l->I%vZmk6c z1GKFl4=)ery(QZ_dr&_psyE{-?m28^k@0|P=6Z1ns+`q!>G4(IW87-Rh9(HR zetp$gYk1wetD(kcbtQg`>RYLO{F2-SuH<#PxoP@Tu5A+<#)o+M;Df9&E=d0SMJ9+w zx`v12Cf1R^q;~Me`Z)?YUS9>#$jc!^X(RKSshB1huk!yu%~C=-J#9Vg{&YOvUa#&) z0>UXToAAw!ux}({dYP3gsJ=9gvJA}y&y2tyEC6kyyq1C^{DPfX?(rzZ5tb~42#MAf zZAk8(ud$hy^q8*;0%-Vh`ll4x;zMa+J(C9d;pv|4(XNWOCm<76?!-4;)DvwnY0cTZ zpXPp$E%R=bfIXbQbD`u5R8?Zx@(x_kD9ew*gT~KP(!PkBwzL_2@{G;YspJ7|b;x_{ zL7$p?JCN-pqB{kBhx8BaWyRlgW-Ee{Lpq>UOp@*0tdt%TwbtLcN+7(^ZZ}r!sgw*kO6Fe3vF)+Hq8i}z>5^3^H{Zj<<9qVtL#i+ugnwot{w3$%?RE<3A9&*+@vqv|zw9SM>Gv-(ZA0s&}-{R|6*&!%@J-u9= z#)}m>3S1n(Mn5cQO+%kd^@vw*^dh9-jn*^)FhY5vrev^kT1VM4=;{rPT7&@%3Q*Y~ znKy*IAMokM9jvo4ny0k7qVAdLa~zbCOT*)9l=%L718qZm`ryQ24+oHx+Y+uWMCFxU zDOh8Fs7mvw${tkZK}^%=?hIQWRAdr9;x5OBx3C!{ByRCv{amBq_)=5V(L+k^O=!KH zmn!*GV(Kv2ure*&)%qD6IFG8na{^4^m@h^?`PTxTQlFk1By6wAFIoy{7qmE^#xyZ8 zEc6Jm@REn!KjRde+Gr(ysM-r9dQOyyPKm|}tIFZTOUHvEfU!ep*s^m-M>x9pM! zckkYW=D2&>*@PU-6?ZIlSoV>UqBdIGkrNOfMsi1-H7<+ngU31zPPDm4bE>*W1>mEx zi3BJ?N}@uCK>dmx&*z{PzyHuU##6?LSE+{ZRX1eSX z={$1r5%$SHn&$T=lGGXoy2DgfqhbI{%qyj=SIQU0)C@d46`vCnHMC_0!}G8R+pWP; zWYUV%H*R`}>rLOzs$r|mT9u_^)ZtqVEgZI7$RmiZv9QClQ0FfnN^Gcu_RyC?bkJ2* z5}VxSr(!!7OOZB{-P;jUp4^4J2AVU4$bqz2*2?IJgT8uL6(TUJ0A0) zzW}Q%{j2tZ{c!ij`iMK!%HPm+L7-jx2dMd0rn0>jAg@`7#Vg|96ud|RDY_9a)X(RG zL+7Z*YQ*im)`vh76ib{aE`A+U^`mq2^r*w}&D^8Tiv!w6ht|BvRGy?)eF=V+MegpxxDoT{W#q%uNQ)}xJ_Drnl-wTR zln;c19i1*YDz@uUYmN!vh?y?9L)cjt6!}JyxqP3p1N^z6dHDM6jQIl^^?`W;?tEo& zR~icSA~9On0cF-PEv4GrN;rUEpK{8rZG(--^mB?J*OGH|gZsDuFS=yOeaLuiAeJkH z<>bkBN=P9ELxZqwC)D_bytx)2cI$OJryV;tFdgi{#d7pT;>iz)`v*R4U-&(icLO_A z9DH|LPFVztWbeU}E949&H`B-{L-F_Gqa@J1UI5vT)76nETaQw4`bojF$fct^)oGqh z^8-oMMPo77Gk8U!L?Nycw18r8_ULXk5S>?$%wsV56xU++uw%*e6Gmtb99rkxkGg^) z7ih1fOx6d401F9(G_&Broz1+YZhg=urmM(gz3jnGGk@e#Q2lI44p7qOy_ddTHJ)Ko@wx6exEPcT&*f^=@XNOQ$JGnh9NPq`_@|g|TRGunFcr!mjF*^;X>Lh<`4-Cn3_Au|6LATCp$h{1< z8IEl@g6082u2PtM>%c^ey=a(d)TtnAy(X^;raE`A`|_x6 zTpe__korE_lF>1S(KPg|wA%c$|0N{5SKM3T-u$*#vd0s4SsoR~@`*w^1xX4n#}2w? z-51(qkGxAd7P|8~TfO@V>O6`2O5StaCe^Y%Em7*|mursm8hKCmlh4m)t zp*o{YJPJEy+shT#>x+XLLpb>xvbyQ55#NoTm&}8v#55nEw3PIa;gM-anhqFx0!4b_wzki^T79k*iX&^s`pMbR%N09`Dv@_ z18(L>q^po6`^$VJ*|O^{RzrqUb+*C2ZQp`WK2h1MQC*5~9qSf(;U!LC4b`mxGK~+Z zPlLCz6@`xnv6UudxJ#cf@%Adv0;vN)6(F9%n&U#=Jem9xOJtae1Aa~J8UK*Q;(jC} zqONi~La2u`(pFC4529E;AlXK)hT`tE%Zu6t0UjZi`OG2rj=ff$f~E*cGD7Ep8{;eK2)GAhpH+5?8cN2cegq@H`hi7C`gX*aa^b=7iwZ_E z9-xmyW<`Jhme4Sd!Cm!ToNHSrqcubW5hhSnzU$TQ$`sK=o-Uq>^)S|BliKN%y@-Pj z1GRZ)JNa!^)|#2Mu^R7s30Io}E2fII;AO#EtGPjDW+bbyk4z|s&H}Ps34_rqNr(~) zNAA=nAP}}ju^Sjc$Rc(BHxcwzlZ3Tgp+tAs6EiY1qbDVeY8X zOxw!6Bmfj%6I2^x@|cq;A8v&VMCkERsc5SQ3Ra3dw~AF@a?Mlv5Qocvj*)WE#j7F0 z7r|16`|O@T9*d-Ne22b>WJh%lQ(uqKl125g-3aX) z!n&-%b+|vhFKh{#%ZMb~WnX5?xqszMJ$=;+I5#bd$H8mWl7lL7hUNqd87+`-<~BIJ ziFKY8Q3poT3Grh6(D#YRr>&@S$r|65H!?!-vEqDxVO#e2WBE~ceOaAF&g^NyQmN@F zJmvnBro|idm0_7-7vS{04yKs86_{lGow3q~eC&(@O0F19`5YMsU))x@Vbend@PYXX zglP+zkxDXq;-n^qAC0lqR*d-_os;WmK9_iz?#~i{aOW40dCYDyA6q(j$APE1r;)$H z#5h#Xnqo3)YRA>n8kx?snWCR|#ow;&V}222a5Yu*OaKk(i5ohq&E~0rskOxPru$sWkFDnEZ*S+}(HMOj=n3=)xvNVS=3s^5Wy-o!-eAShO| zDT&kk1mYd`HS0AdCraB#A0LZ-D6!u-4OE0!_9jtrTk6r!NJhm_)nsA-{UNrapO!jG z-C=_{DxKWxZW%}bo2|k)k8K)j&EvlMTnP~d$M@4iZGI5;~h%lDokihDeM{+vR9ed6;|H?qPo|)RW_6# za`-lY+SBF1T^c=cGeP%U>xbTmWSvm3})G038YN;iR>!`DHCm*az-q28R z{b)+1#-o3lO*~Mb5Rjl%O_bT*q#;F#Dzo2|;%(8TVbUp1DABjgs{md_Zk2ngwe6f) zJ&bwne0tIXzz^zgF{(hkT#_VHq0y1Uqg995GVQu_1kqokpuzphqKysIH_jaJEAA$% zjnf?0w(dQB&kierq7fcWbd@gFUuLscb=#7Gj6!3IaBY&{T)L-%l7;H~bdFrPfaVbh zE(uF+UtOVjbB5jCG2|`Z#zCYUVfobhgyvG=r{zG1HL9ifDDq@o&H7`j_2&y)0z847 zd*1%hrJF?ER9ZacPNN+#qYB>Mpv>o&fA4Sp>g^Kaj_`U|_-&uQJYFYAX=XU{Ei3K0 z&GJY;tE5bMb7X3qe`t80_Oj7dsX9bkx?w1%us6%5FD}_HBAKmRae6{dX;~4WP}M&pc`WxUvPw{k1BQGNy&_V z25rp(3-NZGI=d52}z3`41eKc-UJMP=OWp+rS@+gI)9jX}$wC3Z}@ zC9WMAlp|vsmDHh&ChGqAerDFxIV+c47`HYvru{-%mvqkOoijZPbgZcvI(^o;{mBzg z_BM7R2iC8COs#FLBl{ZII0#*AU}WS_)3a1BB?{I{yq|UEEUXK=OklOO@q7^oL%)+j z7Tv3&QOTYzTW3J)yVsZ@e@VxGrNN@cqbti6<+Jtj<$kDM({uFoYndumQdy8n( zG((uV-s-Nq)p6S`jn;KNoR-b$Cmh;%9zfC>yRnhI?t>0e&U2debvO2I4#3t+n%U_qO4g{)qUGPp)FWuRKXjd!mz7E*EHY zyuyRLZZ)KIHQ4b=XGH0yp-rO7SV>|A%FeNz{Aiuq{_GZlbE?EfKZUKJBsvA)r=1LY z-bKl+Gbz9)7|^hx7YNZ)>@*Huc^a)>P`F%x7*1kIce3vjT70x_OBtUDeQ^`QXA5iL z?j=?AWRGSxkbfa>Y0+A%jAI33-^a4Ql}Jzin-&wf>(dQyh)qx2#%h^ZC8DIH1b!|q z!XoL;8Ksg()V&~&Vx?;YB^kC)F-P}KLgdP|C7!>t@OM6xowozg+>WwHD>ADU4lX5i z0DSJ}TzW2(B@|a^=85vUf!zU-SWA8duNkyIv?O-7NysWIKOcv)KXX~@YH9MI9pGI# zO;%-JeQX)YQ&$cuQ#R8MQqm`oyrRd;*f4F^KA(BjCn<)a`om0^q8e-O%-MWtylgnV%H8@Y|9} z2TytsBbMQht;SJ4mMMtETu*(&g?A(9C|pOu#e!KG6L7F1z@-H$$T%PouZS6kmQiui zk@e(-%A5*N3qKEt+I?52RNVQThrhsiB#QR#PmZ@@`Ie}mc3$ngKX&maA@?aTt$lv& zu?g?-;a3?2VmT9k+|v18LcO%!%qI6CZHrNEAotgO7eU^tboBUew0IZMT2XXdz}#P$ zoF>HH(=Jq>+FZBF$GB{KX!ijZY+ z_*A0XMe8{_F_~<>n6aOy)JVUY?7Yovhe|43Jqoj}n&e*kY&!p@!q0H|AszR$Ujm^m ztx1XzFqBk%U{YC<4sUQ`cSEgE!A20w3H;O%5oTDm1Splf1D$y6Vv97v?A$81sX4z+ zmcL903@?;V5>e`JhLgUp?{!)Cj!Ss=TuCEm{l}T19Xsk9gTlLt)Kf$upsa9Eo(9}% zHs$g2@Z1n0&GqD6b5z8v<$y^E((4I2J|B)#-kx_XIMtuXJum-UIzw<5b1&zrAMXoH zD+h1Z*#$S%*S4-k4)T3f;~FsI@`{vC-ji{fn=ASnSL?l|84V_qPk2HSUE!p_5?mVl zHNzi5mZKy^u07D$pn(2{X-zx1Lt6{fqjMTb+qJxKn_cMqPMx;*Jtc}#-Qk*+&+Br{ z5(#Uvd3n#OeHnGitquLVEYOkLw&99M#I|*ai^fS-awND*9#~F zm@!}B^f@j_iE--nR^Kadm%E^hSqY=jn7dlC$;4e4_ly}0AQp4cma5KBfoby&@bb$x zU8+euo;PXl^^-V>%dP3$&&G3q;We}ULXGb2E$#2rJb1(lr~_?s($Ko2W$}<(Fupst z=ZNS=4PhEj5YObq>1-PBS`ik()D2^WN4{P#+h|E0;Q3&<=LbfsxT5bz@xXxkaNjnc z>)bmAAL7vbK0xiIESzAvFN1?%Y9UT4i(aP0vFimZsRPS{EU%1^^+^aCK{9ODs(?gx zk4vOxt{8>0$Ck+tm+CnPV9y*Ey|uebS>R#gOT4P41ie}xL9Jt4+2CR~l~Ff+n$w_= z9C?xKiF55*bg7w`_0%~N>8fU=f=B+8!hAP%4^A~zrV4D_qWw_2*q!yQL|bW>7jQi> zPEW2}4uzVXlj`2rOFy6|fSh; zRE0p;t{d?(Yl;Ach;Sa~vj3tXudtjsR_HR6c&2mbqi5!V5P$Tb58CKxa2<=oG-DRO zm3&C7$Fv;ZkAEuh2U&|!XBZ!OLM%F4D315DoA{j1OE7$WyOTpo1Qxd6-OK2m%V3y4 zLh|1Xe-G+?Xj`1IR2n7SAt0%$50(#H z3!mQ~K4m^wmK&xbB)~GMy}Ps`1pLx(OChl1&#GJXp>byA#IL2MRr9}OEY4wPw1_Be zZf@dS=jv{D+i6y7ZKyk~FyqQlq<`~P@R5^4nDwoIO=B5{N0j^y(#H2o(v|7n#PpID zgbhO-%k0f9CULOUTjVHPYRtjb?OWE_jt7clZ}RCsi@nz4Y=BKLEvK^?F6=m{uQWfa zHk9+&mN7O&cd#$tPg&}DGgT&sWZ&BPZrA_fBX;F@xHoq*QPFC>hcjWE*&xmRmMrt2 zecU==ZxEdWkz?9T5cFI{+46Cgi=kFz)Y6Q88#W1QB@gX><-5!eLqC&mwN-$+G2e=`>^5!BZ!@hX>N8$<4_b~ewNq9jM2 z1mHONMm7dr5nI~DAb;{7QFer9i>|wlf0w;ViY@2L(>-}P**=!or2cvAV8Xtk zfv2x??Ty-RvpvsWd}8&RVTQgWIjw&lZl6CcS{lo$Oyd6<5I?;!scxXiNr$pU9v^l@ z#M7L5@5y3L>_}eC*5obA^a2&BFJG$L)0ifWruWpK0B>r81QR|k) z76CTK9^O$T*KuN9!4Huf<^knwD=e*Xvd1^?Epw+Xk{?f20DNJg5wUCuatI+s*As>MoeP}6l&OnXdk8$1v`Ri?9X(bX znd}_9ST(IP!rWL{PBsANyP-ts%D<71O6IGJty1Sb{WwcScLNGXy6ZVkZY|HdPj)Dd z{I`^{i0UO~^%;(ZHd2^G8Fe0opY*aDmhZ<8c6j=3b1ImHdKaQ_>8wUGSUWTF{e@TasqNnU0SG7vJti3hAUwHc8)%Wm~D=e$^0Y(?x2RM5k&f&|O;j zIX7JX>qh$wQs1ET`h!^~r8 z+Mx!TSX1*`3|%E`jig$eqpTR{evoI zRI5RDCpqxqONM>7;+_1^DSn#?FlWpuYk(s3%=1hWmRJXH=Ev)6448}-4&4?wf>}Ti z4*t&K>%UJe)68svEJ=C>nDe-!_vwM@mBP z#3HMle1uKGN+eyVpcm0Pn0qz@1mM?aJxQg zu*BbgT4+8tAsmz#;5^8E;ur8*I=A#?;gmyB00&(d$RxL?7GK~Z!1UBvmKPZkD~Y2Z z;{ zh0mcJaCbd==$E^!It$y1*0hTj^9D?;@-bQ(h)KT7gauqNaZJk&deW$SAmO@Gm1|!! z@;>&?VDUO1loi(3o$UFX%YW3KXKfv_#HsSwjLlYfZBPmCDP2nR6i?_TK6YBZN zL-HQNxq}~0>&tInGWPgTbM#`DE!&!Nx*~YI@eCR}zu96v{!lT1k?hcg$4FSkKZsgG zffAwKKdEe1as06B*h>AXmv>ljKD3%NsNQ=ihV7UPQG7CV5NtOAn^Mep;iwYM%GS1b z&>XZiuO;>-@dSKp-d%G%WQ&jF0UST6T7H;MmxY8pkd9YP|&iFi*~ORw-xxR z0ZJP|J$x72*YzIj8xlTM{y029SmzconKifXml;*V`rogI*fZ&Esgb-&!ed zy*{Z{;(;5yp(B>ncu>)l54I`qu#zJW=GgRX*5im>XYix}Zp|6Y(UBi?`IcGtn#{+q zyk)fYcxZROGf&)r5$MCiJ$ix{&6ohVqkA`aSuJl(G2^!MzpmSU&Bzf+AbjGu)b*^@ z+RQBb(;M7QB5Y(~!}-9`?lM(E?BxL52i`*oZu%-zG>@|6?eX;aW##v~-uGA-6<&`o zLB8n--dh?;=|~C+m{zA#P@9rC<0_iGf%nB*{z^$TasWKNQs-{K2oI#-LN+spuFDT` z%n!~sU)JW#hSFhO*GS)aLu|iX>td&stLGndHLiXv=lVW=!k&k+v(9RIac4=6YWFRi zI`@vaRN-DX*#i6Ug;}-|pz-+K?}a1X9$!JHB3Q0=1Ry7Y5nfmoLp=lBdk(8h7 z!MpTjTf1ydyv*rXTs7H{-YU&|gX923&T+diF#B>|<$=;J-ec%>dzYuS7dfFq)x`9) z9`K%zvUqE;vSE}wv!~0B!6Hgli&1qYmY#aU1DUdD->l_nFruV7)_5&1*U>Y_z4ri7 zq7zpQ^AKO9DOiKUWKps&`GU2D`1U1CRo0w(GNmHI8`2UR-`BG ztd3W@DQqyU<>w6fK60}h*iAhu+)5VCZJ0PUv0Bc1dSy2b?!cV{;p#Ttoy}4nT_ayS6fKTsR&(`GG?w9N}>=Be@qY-GPo-EgsNfaEszbs=b+Kjzqf` z&aN<2&nkAUHPy+((S15DDet@S7{T;%V@53*4X`7rY>S=EOTf|#Hg2o!2wyueqCAtc>>%Xkb4Iw|0P))j4L1-?nA)x& zd%$A{``%QqW=6=?>te{tYFdd=7V^lh+ESv`wpy?`M#|Bk&J$8wIgMN@xsTSYwOU)T?5SE3Rj&7 zV7`Mxz~!3&%JJjmkwRRhkC<E7lIZ&Z;zD=I9DbK`IC!dP$Uz`=Kb6_NO>~cU_PZw0HNa#zuX2T>D_1TD%GYZ-5!a2|Sbe$`qk7b{ZsG zFzvDOSM_lddQ=c!K3E=Yp;I{D>Ct^XPD6@)J8jGU$XbqxiU>&1dnj&HVI%Mx#w%fSyxJg#*3t;#axD1!7WKecg1LIi4UZtZJO;QVVvfM_0C}gopN|g+F&Tv;N-FY;3|rXPW8i>7iPw zKr82GCk~E*DGkR(92xXP)VI~1M$*evInF)np7hqP%VJhd_FW~qMe?EVipvJ9DZZgueb#pod(<;Hi2|3Yg+0c28hi3g8meZ|( zU?F7Txo)-;vQ=E@-@1^x8#{wd(*P>$E~*n#IJA7y0M}@+BSIGmkkfZpt5yccuMR0U zmp-BY(xzz~)=_DLU=uATo1{Cwca9lvcngCq51t`?EtJoF(9QZ$PDPd%HC!j5iIuW1 z$^GgrwFse#?3>pixx9jo?W|+f4-!p}3i>~}(ldO1octc$;Ni~Jb!BI`oKGAruXD`W zNxhfjvE_EPUc&Ja-)M~|#9Gkk*6~b1$9&QrywGK1Oe=w>5R|;mqWZp0RvCB!1M_wd z3Hi~1iWIDtdWRJnj&^n%vYp}`Azr0Z$l-=M#OL7DHF8A3qyv;MdvC>hs#nu3#HA2w zI<;A19-b7FH;@f381AvESe&uNtYDc|69S&(cqzceny<<>UGsKeT~9|)*$%wM<1t=~ zP;TxRg4d3osXwHv9Q2#8{%*@ZP@ieCxVkVCW6;!L3^czP%iN8)f1nF2GfD8hn&)m_ zpKhDp_Vl020SM%<_=&R7Vybvkh; zKja8XfKkZjt~OXrU~0ABm8t#6;+^k(is;flTo322lWQ2FTE|h@n~zv(>{SJq_J;P> z6S>pQMdXoQdiA(hA!*z7R|;#z5oI=PEJ(5(%JDSW_^GG7z#+P5|OG;oDv-Ldj#@>kt!LZ%QOTaJI4kVt(`z-6+aF^OBDT7KG$@I1Xw)2OyO z!urIlfUV&nDc6gS63*6Da+~^B)Ur*?^1(?8-E{{oOP(WdgOi~xg}bT+@s4G{cD4L# z*8y4UM<|DMQ8FcZ|0+$Hpyd}Ek>7H^zieTzqa%VlQ&XYVwJq=7dQ_Bxr$&Lwxa7;; z##0NFU3-RRG>wI^rfj;MTdsq3^4^Zlv^r%7p=lTy!YXs~?HGgS zM^f&W#~#jY(TV>?YG3)=k;%dcYoW?Yk}e+tZ8z3By3ETkd9aal&Y6INf+9 zBWPR3a@aMuM9y1224JgI9ar_)e6hA#(g>>uzVV2Ekxf}E5)h=K#|Drk+2zYU%EM`% zmi{Er%5V^2spr`6_();Ux3eP1EKX3p+QT#dc0Y}`jmAkcmiz!yYpZ3`-nEVhXeybr z?Qz82^)RQ?-Yf|7%?_Bwv^Ksdvta&M;wOeSp%u7tE*nU_1Vta!v4pv z0kILxsTwo6XoXQ)1_mjuQe){+nMjrKSpH0VicIo~JjWVdX$ncH%hM$aiXZFFD9~Y7 zoo<+&nE_Ng{r+aIMl@N+Vx2y8jI@le<(td&J$Ufr)5Y7yX(s*^XRt8rOXp?A<;_Do zr+cF|`cu=A@^4S`&V)~?0sLz@l+c8sKE_tcW5ZJC=Lln-r@x)bcb_^L<6^GVCztTG z{&yMjTRd5jPN_;)%Y;GD0L%>8Yr~01*b0w+`8`AY*K1K}3}t0yjx#YaF$QL4IW%-> z$wqZH=nkhg;zfs7574@E|HD0B)Y)^uhfHYMcupf-#6+fG1Dp%jYK1DO-;|x+2~6+@+Vm~^z_+L7O%9$9_0`n zONLb-bXkgYG7#fKmVG<8)ufE>ZcA$MmccOOh63XXhBJ<`D&Ft)`S)`dAtQQ;vM$K4 z-%n_8D4n7#(Kz?H=g>ZryDY0du!k5|Pk$##ruL%kcSQSr_|p;P@{zcxrY9?)!cD@9O=+|`i|1n|wuw%df{w-1l&7xFRz3PnA z)YQ+M5AGq*PIc9CitN*#sLr{Sm7Ko5K6*%>+GB2JOg|YsFb44VXgET*o?KaIk8H=sHo?I(VN4_=@fFQ{tLP*2n{@b}(%B!sppozzxnhYP7T8z85xPIG1SVA@$L`30KeL}D14~>7aHzA@5x`t z!AOybMn$wT*I>vxtF*A+)iyC+j=xz1GL_iL@p=7PMtD7ZNsy7S^>2z6YQ(i9A-YLi zDd)+wXFnq~GBQL?pDUuP?G}Gbo1>C#cgbZ!VP^zCSDKX=EH!9|JwK*JwZRGh?Kl3# zihlfwTdjy&CDELCb^CTBOjrDvij@KoXQV!`wKG~ zp*6z5$S9M=Ejvb3B%j!1I`}u=@dL>7uS}B+{7b6T3^8RaB9C&)&W<=e{`1!SeID=u ziBjAC!az=*D7jB<;gr8HRtneHJ3r z9X$%lqYl|V;T&Q=wQEwi7`j-c$O**_#9noT) zakm5o1x?J%4*KRV7SLyT7Fj*`EhhDog6{`$`yWP#kP&`4I2f)fHS11)Y(vVd`KbBw z(|8O~LB=9@dK;BGD>}I?l<_!}qV%lQGRyF%M8RM1@1Jn3lqv?gMrScPGx2h0(7V0> zLV9#6K~&b=2!73z1rjOwBb)RGHQ4jRs?0ZC9=|V>_P)Y%ar*ag| z%E-oEAub5KrLGFLA&>9ylsWj$kmu7F;j^2g(JnI&C8Ls*Jk|O1Q~#6~T{poQg_~ISbD&PE~MY3WgOMz$!)g zP;{&~%|-ASVkqPa^=i-E9q!ezXl_y5TaLFXaRn)uK)97EgzOj&n(pRlzpo+8EQ|?; zzg9PZp4R3kC^O1V_+2Y++C0nkNq&nIle)(;$|dWbL|85Pc5*PS9|)Um?Mx`O3YDqh zr^{)*2rahkKUu?E?V*HSzqod7p!=Hg3vI5-$j5i9GDT&1a+9UBfUk9 zTQxB&b+8(zxdFXJsIa1}WZjppko}%^Jmi4un;q^%h!#**xOCq5`Hw96WdUPJL}9t- zAu|`3R`f!5tRgzG8J%4iUQ<)UVcLWJ;(4A6??Pu?~5LR z(t0q11s>d+U7ztcmJ4oY{cv*t-s~F@#JI_;rHHK&IxsS*L%vVz0cV;#;a6LTy5cf&Q=H~DHBiG>&E}C1&~j+7r(Ur1p3AX_rVxy zJey=SvGXA6BKU(tIZRnojA#(OYROr z!W)ct&{wDIa()`8Im=eCp;wQ^i9P1+Y;<8Nf(<9~okI$$ArDeK#n52QmfR_ii_!+d z>+JoQs*kdKXi(V=buD?`^!*}AFML326k8vUcLpcLphXY#$3fEj1-($oWdO4@N4Wb! z;msN<(0pvBU)g3XE=16f)+cptz9{s+nHLv1A}f}*aoyx<1IZ)3b9iXb*;V1o)xUPy`S0(1D>Ac4YdK^AiqMa8 zSsr9WdAbJQ#Dvsj1vAj}P6P;FM(1rvDKx00)qO@{SGlY3Y)!{*1TY0q(EYwPKwlL- zHl_*AsWA@bq8%oP&vie~VYxkBpe58Ifcyqyru)YFdK8OJc~rr^0d%Y3%(xeh<;zi= zEk&XuP+%@|8rU5IiH+u`3r zNDCW?mnYxTfhP6yPj^kQjE-1|c&?F~gitOHR@!HZ$p{FoF4=LyW&xo8L)&-9HMwT% zZYwrGMLM(^Mm)>>PbLi_vmL_^Wfxw{yN7Zhm`nUu@Zmd=@n1=&Nu<3gu8S znbPHQAcgH*NV$3398DowxpJEMVs}xTwy+~fb&lqTK*;g8;<0QZyvCJip1@MSb?h4Z z61l7GPlzANjHNld7GU>?>YpSPy4+7bxaZw=%@Xzb6wSE5CE(gjCj5w>sOTu3v_Y45&KwzH-WFCN>3`nNCdk`>1rQ{q*#Ix(cH>=^Mu!{B|R)T*O&E z(Zy2KS1Hi`m4D5FkaG6U6VE-;$5@%-T!-C?k+=Ef{c|(BD;;_szl=8u6Xm^3#|UC+ zEWhH|+155wK~*dx=`|ZeNv>)=BrAiMeLwqL7@I0MA-}QM^-VG2^OEcmGNDLA)|FP* zNbZL~h|#SVzgCGRhp+88x7|Agkwro7d58QE1-T;q_)e~m>}c2DL_zYjJ$a{>sm(mL z+)ln;&7I0Pp5ynwwpec97I!{Q-s!>QL>v#WqW-LL&FN=R2<|}g1lL%aj#HnBqa{J4 zZoFPHGnPyIa?-+6h@lT9(G;+aTp4PBZ-4erG@I)*>b~|v6hvy0)=RQma9bvJ5S<$# zuowdTLlgvehRnjJrl8E4Drq5kn!^0&_lET4Da{Yz7n=7{UJmx8JIYNcxGz+jOJXb= z^~5S0IWsyEcCfMgT_)nS_S^nIy~L~#4%D%3f}nZWNeu^w4R&SjKZyc3 zslB^44b{tg5PulSdamn%-Gy^AD=Y3)=aM;`jcNHz^bm;n>^Ts3rZH~I2|RiHvF=oF zXvy}tc@b-fG;~zqma%r-+>Lw)F@qRhLx~b1s%g82=nSN~_CZ8Tuty(Xb7-| z(X09ZlX{II#L%2xa8T9yp!A}|$z%ads$}G_)?q*kDCF`;|9h_qxBf9&bJ9K(Ua6a7 zDJVg_dGyG{+vF!5%H%ZN$~}j%$u5KkDUt3@sa}a(C0^8mwRcwsKRZ+fu(iq=6*7PS zMjs|$R%5g`usrP~sU%{~S;nzB%k5<|YthH`D%I!EW!&9J#`f9gY-~)fN>%7Ui!5*u zVR?eA5hA#4Ep}8R2p3*HA8wxPmTrD!AOu^JsX*AVXgKZKuI&ds4m2C@RQ4BDXX4(8-Xxr9fFH` zj6SxskWtRuVsLNxWTH5VYu*I}7vBBjzd#ixhgeq@{PgO~E|t4k)OMBT(aMM&jWRT_ z)F_)WXD>Ia#UD|{_EV3hd~)A+W0nt86c=D11=TYWM$jczpB7z;BQK$gv{!nuTY@3| z$&HV?vf!@?qD#5U{Jfq0Rhj7Jp?!GG{3I(E?R7Wg;%+oFq+0+4tX1M$`KFF^o*a)R z54V-8@2J=Da$Iy~+$7ltA7Miz8EED9S}M?T7B=buXx48l)AqUVQZlR zG_>F>W?icp?j?79V2P$+u#9*DWqMq($Dr_*qzA4c!4r=Ok}Z#2Yw8SOJ*@u(WDWHNeCz3jDjz!$ ztXhqn=RWtvAw&DhFH6(%1I-mXwtykHd4|Z@ePidPYJWE-Oje_XJac2Ax1>htaWyyW zVW^gugFwG8IvbEyu*Ro#=)*W#TYqEfGgPa;>aNNJr;9})n!X3uK@lQh_0_o~>qR$= zSlSoBfo%M+k~7GJq#gtxH%5udz|jYlreeTg*4I} z#G#beOv;DbW!8>kzTG9DWj`fwW(=U>h!^!19OA{QZF@(=DHfDvQD8KR7N3~={JQ+9 zM>#mDVUTj3&(i%?wKIrGa(u- z6@{56RSpw1r6i^p-n@HP0{ZZy3x0Wn>xEp{t1oZ@&b91hRPA8lZo!QGXCZl?hXtIU zkJaiKeGJjFVm9XM$H8%XSv~nwvU|`#pQ+fueVpT3gD>st=I6x{7~39tIzK@0DCJ<0 zw;+@}$#MqsJzq04xTH<EZ z+_e7~z0M-6{-UY~2hr?6g)GZ}rRhq`SHR+_ExX+|V1}uZn4(O_!K92XNBS~rx$Oa1 z=Jre$ckv11pV7(5>ZZ(278Sz@4ZLS{b%x*3o$Do=w1ds}&+8@Q-PD0$wqeyt2-Bi`6{)zL%)pN+36Os{&pCN%c_1iQ(!&>#d&+pv4 z`HrVLwmfDXq%qV^X1ZK=Z|*5-X|bB!lZfAE%JJb@4mmz+;c`=TI~4;zlE){+ z*y&N5U2Q+;T=m%GOSc2}rp8Qbw0o`xyxM$ar&qIOMV?8>-pbB1cGsn@=d>y`ZH^mN zX03TbKd#HLuFT9k)KDxolCC1U0H}kXh~n2iU>`$hawMq_dd%0Uq4 zF3<3FfwwPNfVUc#%o^;&dMF+b?HBM-ms;+JM2=hafcjrD%f`!>o;u9uz>xx{)n8b7UzPbHeP$gLf`I9SFs-m>^?SB zM)~QAQ13c{P-W1&FALF%)V(W371AfMdB>Rq;N8splZTtT?f#5kmnF)F_p*bs7B{ia zt<2VA2fcR8dESUX4vu6%>~2z}PgQ1OYtN6)&-OYG2E5ZK5*#%-94F*&Qhk$JBdMB6 zRn*2=o0mGdMiN*Iw^)b3|6 zX3F?G96CUsJ3s{&lNqNFsW}N&LE8m|uJ1c2AIy<4M)|Q}|X|9;%votFrvd14S( z&_GSm0&vKS@k3+gh#tU80<&0AFYoO23Ffaw$dE>D;nL~jXQe;YDSj5OR-d1YZx~9> zC%UOT$YYRghmtbcP=yXEhb`{eoI1-zU*d0g=P3cTO~0tV0md&Z>5GUtKIC*Y@8?8p ze+%Qn+Agw?SR{3toAax^#?`c!q|Nq#sFO%Lfrrh(qy|95-zM?HAR4?#yNL1o@pMtyt<@FI= zv3`d0i>!Ag_U6m7_hh?y3F1%6njnhchZu|UY)1=v{(4PPtR$k?-V!~&_eC&OrAgNO zMR5Q8NcxHx_~6EFAhtjENSiNw=1)T>n)FUmlZQ?}dyA?{tg4!MVIg?!vn|!uQTnXy z+1zwxGNV+$_F3R_k7r{F98LVDEyBm{rCo^OlI}-sMtQmR{q@kAa!4kft4U$ga!Oeb zc{~bsn*v0{p>otI8#7LY$b+BtjC*})(l#{WBa5PR8WhFWVl4GD&#yR-cNQ~VclX?; zu9qSdsJnmE?rB+{aa_7bpI_A2!5gY&>^jo}5At^-qUfSY!{sTkkFos+?gw z|4>5EvMe%qgvT4t+5EU^L5d@~xeB@G4dRksY3lk0G48u1vDxatgmUV<2dSGan>ods z)~ft+*J-*k$4;Z)sCW|&!@?U~RxGjfto&FQG#D)49XsxnAk7g`{PU>r{Rd(5Y8c`1 zFLO*AzBaq-$QoTsc0M!O9(n%3iT(SBK(?)bixm^fm#Z6 z$divds+=*ZhSQ0Yx2ozcl>Mz%n05a7nS)Y$hr{FoQlkehZLF#qK&oy>m7HNJ1ce*e zE1gFxDw4&2D>8Lq;|Jv+YnkBBLZ0w#QBeE|idZqB+OKF z^PP+3C1`OL^hwe_dFYcAIWu*nGj?_w1{HeDn#V3B{%JzE8nEwWM z;N%ssxtKbrS;e>4#aPd-`sJo;k%1Hc_zO+5BdS*yKVJC7h<~CGUHzMqxCVm&JjVCS z4HWdTf5=!#>otCBpr-VZKxuHab*)SUWI&Y-7FsH?Er7$mO=;iY^YLI?TpK@aBs43S zk>XP@LJa4u@-A3p2g98GBTeHTD;iCt>F$!N*M%vkV$I%g2hedkNBg4Q20M8LL1TjO zXe?7JdVmpqlO&X#*RwcP;7#RISy2J3aT&HDa2$S{PPbyn(&|kgHNlGEo%iPpg;>32 z=}3IG{*rG28us0Gea_nLjt2+Uq@%Z2Jrvvz4>DECM+!&kWxjV^MaYy{Gt&tGrQ<)7 z%cnAS);(#ydsqh)_{q0;#=6S51nCG;1Y~Y{7O%ie_$XtT)Mg&6O4m2nj5dmdC1W!I! zOJ@!jawssWGRUJ)D*mNPbmH_8{A8#4=@}xCm)z4i=23vfcgtbfT5?Z7WSx1crp%Zv zj*Bu#a6#%RR|L7Brqpq&byI`ZotM@;BE};!mrr^T(1lk=Q{+U#YnMBiJi7+6Pt$-_MNr& z7kMQ~CZ8zH)3oLtt=^R^%#Ce7J@&h3frrG0_5QRB-u%kf7OVpdUs!AtdXssJ+E>y> zL!<+1J#s!PxE~4nCRFrK6Y_k|noOLo^y;JmZqG)pfrgIv>s$xAGIZsE2zE}stWgQo z;JMK93zm;T@8A`Qcy@^?6|iDo)NqVL1f)TZu=Y!|_<#GGrE zXy#YQbICkEkJ7X4BX_Ayk+uFuCZzLr{@MliCQi58kMmFI{{k@7PDpo@kspQ)Z>swn z!;SGH(?)j+c=D9*p5$GNntheh*^&w|zMQ^3eNWQSDD3T*rzhB-RbGAcyWG#DKmEPh zkg(e^ywZ5{X#=H?hlS%yvCd36y(7gCi2$g==S-&@yE3v9b3dr=yN9TD_`)=jdGm>P zQfxn@s_8-PvZj+5XSgs4~B5dEHg(d|KS~&i)NB`857H9`Qk5S!?4> zGL?64j9J@{TYMO>IIbGX+2kG+fa$FivN9H3r6mRqRlG5SR{?u(D;24$6Hp#QNQr$1T!b#{k_Bk`42C`8y zKoY+Ke*@@DdMNh}^&Go_a|+UqjK2-O#oo`ukOcg!8Kiw;5we~!RmklU+zWde9WK}C zHPj?nkE6pR$Ff=}d$l1lTr*VWpYKr?Sd&@ zdq9#|0R56|wP{r9rLJz@FN!n@rf1Y`TKhzz!O%xmU$F|QD~w+1u^eQ86%Fi!*|WN1 z^Qurr-0o7!*9FgwqxQW*;*&fPE*Mx)I(Gm6`#XS>?CHExM70IH@;DB%f{>@txB>0G(06Re->C(lVb zXvj#8_w<>ww1?}yPhB=qR(EiheR23$FYSgb`7v5nl@Zz|&b2tH%gwwwexF`Eg>(3+ zF*?~sOIAXG=C_|Bq9?{|ny__mu&q1PMnY~Ol#VHyvO_F`Bi&)3`8^70do(nXotvZA=FB!4BzAP5~@q*WF7le(+A89PtY>=dfgnDSg^dC5fh>UL7SYwyr;1ohaQ-NrMc&?2LInTcpUVK*^`=^eLKb;>PjY556Bk!Fr>ju3YD6zJk+SIu{^~8s^A8LaOXOy-) zZm})e=%}zt+;8&95wzx7d1;7hu=d!cc;3kiNi|9#`Wdm-XLJwiq(0MT$h1bmm>5Fv z2jY?|Wz^`qlT%CiZ$smVu(i7hzE^3cv=v;Jgfna-@WPdrRllt0>bbCGvEV`X(KFg# z1N9B9yGgG`wteSZNyUq}W+<~)90AM2%G6nyZxpJA-KRCEo1J`vQ==oTs?f`s=OPlt z;j2uxVkHjAO3A^DDM>LEF1v>{QK_AFsN<10&9h4yVj||r@;r}88VsbqngXfE>}fpd zH{TETnjfW8VBeP2d9-TZ&93TB z(d|v;z}kK9Lt>pNBZJ+IF_WgN>}A1OQ~f{BvAr|9Ihi$6ti)pb3>I#9Vxz~I;-Juu zJQXkQBi$bewzu}((ggjyon9R*HnS*2F4DarCr$c6bV~+e^a@k5crsGIZVok8BI`#Q zS4>nG9w{-LVquF7ZQaCmvTpWOIt7Gk2>Peu3(R!tKck=KZYV^CT=}LDn%*sAi$H%I zf6{X72+rrE=Kr*~P^yLwz2+j5wPcgI)44o&UH8;fc?aL`@VPhTzS1XC%;8K*C4f0^ zt$c%>Ft(IOioX0_=nX{I5d%kn)IV1aPSDR}erMTG( zLWhxafXW<5rGKRZ+M?1lK_r_pQt!L8MoJj{6Y!Uu&|q5^8Fq%G3JKc^DMtB{xDP9P z3#&)28TFHjlr7ns=JaA(VKReOirD&X} zq?gHx@EfpRy*S(qRzED&Dou13A z7k6aOEoEU?1JSNtX_rrlh=Ry;cXxE^giy59!f2Qo3N=-(a{tuAIC1*>#cRv5J$|d> zRuh=T66%)v%b}_MvbU$BQgj*NY&gEia2wuxb*XwQK~CVq68{m@UiA&UCbR?zTwDem zH?0mo0H@cfpUH?DI*=1fj9E!8N!6&6Cd?1o&)UH&l5e*nKwE(&(^)MIBlh+3Z|+J8 z1xtfd!nLc{9v)$1Ankg?98X`Vc^69hPyj&wC^Y5FgX|H_eXhL06UcY`_u0A_HOxO z?Z>~0ess{kilcf%vVN>Tvi9D8>Q<#p06!%9hHO`P9JiYPr zw(At@&7F)lg+hHcB{yDl!{^er+OzK*+OSu6uEPq2S>pBrJ5*k9eOli<>@TRS02}Sg zq!b!1OY)!R(V;M(kZ56e*bJF}D|BXeq@{5F(|yeTtuSTp=k>=>p==7~OwS)poUl;c z$^IVG1_$<&F8w7M`77!Jz7FYoiZh^~9M_x;MVRlpM-Naocpa{cPVaJTO8P##;)@B^ zAnW0638ZuyhXBh~bkFR+V0U&|h^l=}me2@G?zoDLKg@PBzg4h|-!T~#JZplDjJwb$ z9~Nmn_U$!i6-;~yDrYKtZP9lGM#=OucmCx{hX42NwhXQ zjul^ymR(Lj2MZ~yo^gJ!iz|Qdd`vDMQu{0!`oIgmKJCViMP_o%66UcFN!ij?NFYC3 zPK=ds^EM~n`|iL*kqFY>c4JIxn-XDtm$!0TEfYrG2(~iyGxSp|c25O%&U|9Cl)9?G zu}!Zl`%9neNbzK-Wz){PzON(0oj4q@SV^x$H)m+3JC)TWm0A7bU1(8~-wH2ujWJaq6BJL&SQlU4uAJJv^4O{X?Xt-EDQH?Y|u2nBm_h}`b&8%sj zw}`*r;8b*Bs3WUL(v9L2gpBxg((AQm>a+7-rRT5*%4}k9Cjk7+eOCJ# zfFa(tjqZUqV+ldXz_(s>l675bz!19RLb^qnH|P>P&)>4vv4AY6p%))gDdAQo>v+C# zqhM=sO}BcqM=lYB6HdsMv#a->lm$cT^mR)_;%%w zN%BP^$5;B)SuHjUnpMCg1BBLv=3sRSxsg&D1vkc~ptm-mu00C`kT*UyL$s=q^8l}( z95oC0xP(Tz511YL^=h}$`G~QGv;MT+c)`mo-UgQK{KmMK$WH^}Y7@&A2u$iJBj=B| z>#x)JXlov;GkX`V7=VdFI?d8z0C8Pu%bl6Gau$u+3yp%fgIRwT^r`AUGPg+v+H=%0 z2xW(ZV3b#;GAb{cYcq*cK~E|F5SP zzNSi}juKl5D5v-gyK3xocJPc@Q9UDoho|J#=t!+i^DgEcb2C2X=&R$-4jo9$u3Rc^ z9f0FZP8yecfMz~2iKgC#+I9GMt$^y2bIKJiN+Qy77gi9skJ+SY8;iMJ(CCHo`iJUC zYo+h~f!E8WBr}{RO2;)u8%ubut?N(DOrZQ{E=c-X6?dY@Fgl)aX8(6Tc!WNaQod`b zgUQ$7?6yOZdgq!ZMl zfs3_>kTshYWxZG5t5a|9m}j$0ByCKa?uEeCB%VfW62CE<)rqfN+)QA6W0%AGo zYaw^3+kBpY^AZISWl>Ier8AX&^90t2>iL}eGsK7f?^O&sivQ_EEOVfYOBEJ(gz2}{fO;3LU-dMgOUAm zvR4z+#0qqw9+q-$I??04ydSn4AKrjJ!d(IB-}189ohnOOo-nzhI1Y?Aw*Dwu`zAV~ z#FLJ%0KxXMR7-_ee>&dl(#S6m`02Y1?#r3yy2umNOLQOxYERydjqz^)b9%2FN;h*d z0C?&rBpVf@eJlYb9v6-H@>*id7mkoeKFTg#@HU9cC^9WwRRzGb$(NMRo-#) z0_xeO0;Us>G^QYi$ZD3{Y-T1|@AW2sHI>`2?2RFwZrF>F7Izd?Su?MLu6y(5I&Vg0 zVd9%}UBakl$L%wWS7nunwV(Clw>feSI5t&MC1K6Jr7sU(YutPOlgGN#d#jRp~7*+#4$__|dNxYO*FzZNhw}NP9QRc<^~euo1U!MqLeeq$zBa53^>Pht1q}8VbX-X99#_cCkLQOiq$n ziJ^N~lxAw(RHktVMBJo!Q)5eD7yNL-b3@KNP`4Qs@Isu=G(VUr)p2U+W_{6yJ`~q* zz4JFS6Ya6P&E*Zwsi;|>3i-!dL?7eMOg?VdBz_5d;`gGH9M1FjPFa9BXZ_&eNZC(bZz14a zUvrYw40V4(BpY}^r?lTeuvDjj9&QWS57jNe(P3|M_%7eH-RQQ?JMrR|;;anJKXrWa9$UD3$oNaYz?C}+V|Wn_|jye!^9e>*D6 z9H!XrKiw_cAip`8Offi=mCYnN6&)(t=(ZIxq`lBHO^)}0&FNH3b5&FOp}CEZ#Jdto zUIl2IKvN|7w;dDq7n5QknQMH5_p~8R0NVg?Qgh(h6E^VH&=#$i5# z`|04w^#~wn`1$*W04^n#_9GaxD%`s9pp$Sa`A?@b|IP_eqYP8EBx;c1)!=;h)JL+r zYD@aa|1~hlN_HboE`D;VJB$Dti?oHobSs^qHnBuID=8O zg&~GGz`cA%kb5B!>Sl1LVOU(Nf~tom^S*?)2X#uThG3n?)xAc}EMOohZ0zn-&Tg*R zhuO!}4tBzsw^N#69Ef~pK?DeQ;kUY)U5kDG_S_Yvv~doJ$pKbrgr&dxR6If+0Z$OGt-s-mO) zKMAy#EaW664n#j#9qe$Txqj^$WJJ|Js|*0eM})GC_c8O5zV(FvQ1*THfxS0Ij%Q7S z5z54SPg^Z)PV1p<_nujZ1X^xXc21HgiU0TcTVW*}ud^h}Zb|4m z&Ln`Pyf+IG;|;v#WZ(GNS__p~Gr)wsAnSocFpt7HSX~AxCVGiJ4@)g%M0i3gDnUbe znLKkF0pE8{|FX)H%GX}S#icA*+u0R?>#FC(?adcp{S35-uCu(*rJomLC|8F zWLaio<2u<+zAMT&?O$X4;&}P;<=iTV9vPj1I&uHt;F)jVuGAhD^2R5IN80J>!gK=v zr#1MyyZPld{%a@v>(>nKtnzV%YkbqYY7{zVXApUkqw1#kc_U#s7tA={u2acg*I@Nt zXRb@m^wa8pe`)`tdkQ;#`II}-5X6_AoejM*`y%Sm@q^fu_rG=${(&O#i>dvJr~ZxK zyPt5lISIH-(lDH*}49nxf3kp88eqiCvhAvgTeSL{wy2Jm4 z;;&ixBl{E5($e#S1&V-Vg47oydgk?;;aL zsa64HHN6^aqYg!EoBwRq$A4f=f7+aXG6KIVXVlJ;ZXXRXi2T!*{{Q;}{rfYQ5jn{o z9`HDX_AgVJuu?japwRpZ4Q~G*h&%t^U!phWx6a(`bn7$BKf(6D-oyX%s{g}h!|3&& z+UW^?cZUf5JWT%|?x4Rf_&@*HI}x_~!le$gKn2zR;J*H3EB|oUe}0$jWZ#Bfp}_n_ zawUGor(IlJK3hf}1{v=u%O4$|b~!$#YJ2k+eVcdem*v+Cy}hexqnxBeOb;52X@|-A z71{U5Z@}$t{(qa)Kl=l{1@}ML{Sdd9wbNUpc_14vRnzq=Z9fqVx) z0Gy1>*Z~7MGA~0@OXfsIY#WkqgavLdbChHlK}u3CbrJ6T^TyxL7U2Ku6*=~Zi;GA7 zKnRI5ZP(rg3q@c`|98;bf45FQ@zdlmVq)d;!)1L%hpPM|b@88B#(((Qs^Gbgy1&`m z+HQPd`H0;A615oQc4jeWG<(3~FAAEcPF8eg+sGfEQnWe8O%~gD6b$=|92wc93iHYC z*x*W{-ha3(|F(VH*C0p5WCJ0>U-liKcgWrt@R9x6Ulet3zBV9RSP>v*?=M>;o(r!p z@z4sLfAOz3`M0=Y;(u%!34l!_2)KKZgSSuVA^q#pkf&+^1+X`sB%zNpisf^$iWhd*|5L*uW$L zmVHX@4!J_GPDa@YF19?ITU#j*2>#TzJcgN!(J~r7{xuR&lV@n^{5OgPEb1Pzpqykw zj}D;Om%EbA5gtWCSX7SQ`j}Qd4mKGmsp;K5x| zp+``1cxl$7;$|)j)?kt`B(W6~zJ0|-Oej!zn7W>2A`!BLY+$B_j~zhFOm1x?lD;vx z$dz zt2r)UHddBlyju^#IE)&7A)P2;?z_S`R{D}^-vReN+}YlDh2E%iWF}0}YYT=@+%J)R z61o^S|4MqK!KFof)EO45YfA2d}^4gQ?sO{2NCax_| zPXaY~dMD>Xln(&$%zm(``!_M2WA1c` zBzn=bsEu{;OQcsS?ab?TnW3IjXXle|EE@|c9_l&`XSI!Z&8NAY)f`?=)vKa99E8D; zMzRC#lZ>>a8ORr<86$~B+$C$I(#*A==t3svB!)LRH8h2L1YJL}A^BUt?~){|IrJun zDwO>9d{t-2gKf!^OKD;yriWOJV23Fh+T+DVD1IDpCq(n3(up7b;$5i81e>ch>HJ+@9%=+-*gMsL$CjX7D?rzPz zyu9_*RlU8<1@Oi!rtW(2b3KRNY@@z><*BZ0@3zs=eRV~4(6Oiur_`rY7g+A{?w>&A zpuRUM7;Mt`@O(_G%Nh#E-=^1xgV$m+i4s86Z-55N~?ZlZN>9?uuXY} z4}>cs$Ovn%r&$!)kQYoe20bLUGB!V|Vw{PR)Kyc^GMrw0Cofu~DH!atwOp{DsT6CD zMi?gwT%1WlM~#r2ZVTeEdCbnDC~GfE^Gd^J>z;>B_5>iSZJ9g;JS4LRWPP(hAZN#d zcQ$@7k0xY9yxG!X(;7&vH+LoiP^xl~eBk&gze3`m0qYO<~1y2O?A04j{!uu z=1e?p{*3`Z4n@6h-a*?`Z2C??)b}=T9QMrf{4kiOYsogp4Tb&y#lr8OIN&PD^3 z9#7V-I@_%jrSQ6U?M9}OYMK}&5J^hWs`U7Ka;DCqEl|!XAID9&sSTs3@r+g~_VG|h zhF4zv%jqrAo>L!08;)-)7nehq;9Q;E#Q%Sx`Od@p_VI+{>B|27EJT#hodik2QB zqPz&$v$kTcOQz*3MqeyiLIDks{n%4WWXh_N2@6T1R>|GA;98XufI*m%o;H1zf zs?YtknVnDIBiZZs{s1QD&m8pf4f>vV1e5kH+u90MHLN)Z_4D)=^eF+zRX`o7D(nSntd;;)D!e|69)OXauf9{}Fe}-2a_qMBoOdohtiS@%a zt#@#1S|9ZG3{d;F0^D4Ve=r3u_~^(n4%EJVhFrpusTf|F)9s>0*`r?7JpoC$gmO4w zfNLg^s^GTUo$7~IP}jE~Tim{5Xki|q1#)AzAU}@&Y9}l49?9FP@ty&^;#UA#{$a=3 zhCW<@!Q$Z5dUoOICaZEQ#nzX&80e$jCm0LsbmqnB(6I@FUbQW;nNLRksZ8|b^UwwZ z#uzSdBfv*y%)z{kMNBTQH3QKHHal|-*#48U@@|8F6_0s67x>#I%a0Pq{~a;PPwvYt3t`JzdB<x^V*OY3>JWw!!76nVZn(bJl2R9tMXwz+gW#@ zQZ?z8qWdvycZ#C)5eCL%eMF0O?Kd_|aW&MNK8z{>)*8OxS-R#k2aH|VeQ8y$XI0*Q zLxe(DoBjC7vU$K1Duc(mrU}$EWZ{k(&NaWHZ%om!gN-2IYbtn>1(7gt#sZ|Mk@k^M z_^%B3!ZWOvuOS8ToZ_F-`QlFE_qx45taT15MiQ)d{9q6A^NqX!c%}X9!kfV8D`t0n zpWkpPD|kMB&sN}5TC3+XKc~^{*(Kw)ep8@mO%q)FZYuNF{rFvxdLixPh_XOyR@V%K zjT5V&LPB})Sxg$*B)Ho_m{s~Ho<`wYr7ypoKvYy66a!r8gg<1e@;C?(uMr@8pF%W- zmK&sb5GJRMjNEn8VNvH3#Fd|C^~JtYvxjB%jmdm+FW;*ioI>odsjC8=BU(6=)qSA8>X@-y$|#YWyF3BDwn$X{>*%VB4b9kVr+NYkpm~x2dgm> zz-DqZ7twAx$`brdCn5ZNy@!_JOK&m63$zWpZF#;i{-xunZ)#$h=B+<=wXWgh5K_dO zVD%gnSN4c32vMew^y^-Mt2fZO1|LI&9oy02LmsxDItL$LAXiR!N*^Z*3FYOJ zFextxBb8wu@u(~wAiTti&0&5gc0ZDqyeFOUF;_q?K{=_s*80fiKGTchECvVJ_#J=b zo3ybyv_(<=t~AOtLe8vtjvl_uIoCKgIQfk{yb9FX2b_kI+q{J%<1)m>ce}!NaAh zK^%#^FvIKg0V#p0I1JfQQVgs%#&*%hY+zv^d~jOL@w@|g%w7Dm{(dnSGodR+5W}Sn z6U$mU5;qo;j_YsDZhVD?n#V6}<($IIR0*ERh~HgZ@mUy+A2+NuM#4SM4EP3GlEhm^ z<1Nw0coxsYw8t@v1p)0B)wCv-D9yZw0?n5vB!rl!3EQmB_d8}`b{|UtC`3SP8loWN zy|L}%f3pO?BX}Y0D!HO2&w={L`COPICLkj+cMOkDlnRRKGGJ4QqDoV;-)HZ-6L2Z) z(_MM6o2-&=bj_D)`>EtMZK+)n1*4o7+*5QBs(^8BS8n$IZV8sj)VJKbWZ-U_umu$~ z2EETX-#|39*vOa_#$BX7P=;h|e&N_oAV~W)t=oBHXA-TQj{*}(*mz*ImxthRo6;rf zJ<9>9Eo?27KS?7tqs#bKL4LtAF;uW-FrB_ZxM~ypnOt^**Me_(y0~Sz?peo`ez(~n zi8uj3^m}*`!kZ>G)6{%nDV%h;Y-Hx9wdbM3>h+u4&yZ>57eSOXFTF$4`1~kB$v!g8e4>4|la^fw~KmiGC$A3_0K zbMr%BaqYb!KO)$TvMXn(X{x&q_6_9or5WAid9@s1t!in+%|}`TRH{ge z0LD<23E4)SK=+8!kC_lm2lYjn$2yZ42)lmOZsU8g`Mrll6S1ca+VITZ_gqXPlP1z_ z%_PCqS;0Kc1{)T$-`{!Bf6h4*#CN{xGt*i~66wj8@kaUU9Ilumdg=+i9a(v7DZt7% z#_m*2oYSVkFo+=Kn9DQkw@x$b7xDPNMD6^(oi+v&3%8Fu3p`c?4EkKit@pVrv8b>)>l4c%O5U?2=1JQrUvhq~za?Ad6kVvfxMycU(3vv`{kS$jH- zR5$eQS4FK?*Y?Hcq`*CTIlA=n>R)OtLNAdu1wx(_&^2LA<#)@!H0iV%lJ&!aZIxe; zr%}<3c(xn!?{5x#$(Ow5xfD}_oXEADBS3>g1pk|)fW?ku6j@S0Hh@l)RnV~hO&7sW zZ?u@jcv~54SVVndZoAYlr`40!z*y`;vHtm~JSbe1u2lV)8qnDN5W{R@;dY^4mqOgp z207bM`>57zM!kU7Iu4sD;sbv)vBqf71ANrJJuuE3NFqXJVcG9Zx&3{3c2BAAH6DH% zLlA1W9E^6X-L)A220h;-NLVf+Dq!Cfmv_GQ!B+)?SxKFu5&Ghi9$P@S?i_SS!QZsXQS0H=~OwT`|5 zF3sAD#hP}txd=u%=iFQF1552O9Z(IrW4^sUQvEP#%$Ads%Cij<2sTuw;LqFnc^3ES z)BF#}G};?uRYhtA?>~XezSw7St{j+mXU>V&HU~b6q?({KdcUkV^IFLYYL1TALxF}O z*1BXZ_a)3P6tJBHbKU&_d%!3tIBb?YHgRw5+hzXa0c&?HYiBK3)!>CokxAvvfeEfI zOR|{Q*5&6D)Cmvyp=sw~GTtJqap>FmE5M4svD;VZGjX>c^f)QSE34c_G-M2LBJ262 zK1>`q<#0aA=hC#L(A7-fJ$`jZQ=utGEOvw1u-@yXO-7yHv!IyH$YKtkrfeT|&43Z| z?8>j67KVpokU-d!^(`L2O{9#a3%E_~F3N30hZ{9|hj`8KrDr-RbtW^eJ0uZ|{X2Qy9n-lPmwad7v!Chi-d#OGDKBO2%a*~d zy?DkJP8TWRvN)D3+t}z4JgnkFwGc~MjO1-gdVc1pR8b|rKQ&_85VM}L5q|Q8X6f)L z^S6J*uCNle%XF*ZblGb_1eMnmLa5%s6+YrbPyAAbGQeDcdQJ|=&kWAWRweOs_W934 zkYbCi)}+14W`cq6th9+gpw!W032vcCgRaYO16Mf>)Z%8+_nA>p!_KkzXJ;-z%?iE> zC_8_DZIl3HcFhp6h!etn(nv*?#Q+%{KYTxu!h53E>kAKjLdZ^Va665(fZXq(JDdMRcemtNuvBSrYE`{6Sp$aAhz-6MEM-Lh0K@|v ziT~i0c++1$jV$64Lyo0Kd`#U8r4`F_nbL>ME zt8#K(JS3-Y07v#R4AIwj%VT5><(gu$YEQdOc0AQ zkLMAjDKavNYFOMW89DYeG-YXHlwTh zP@LX_uyT^Ng5Dm#0Z4IrihkxV<9RB%rD^k1{B)P$91bCvP6F*0vh3 zZB3NVAg)s-q4w@D1z-)znt_fT(0-FHT;pf;FxXmUrtd(0A=wQ`GyWOhSot(tC~Qgq z6z^p^I9ODl^&8MT{`(CXrF*rMcluS{bbDf?L8FcglA@x@WvRSrm#c(*l&+go!q7RL z#Ek@i{0dVho|{-$!(xcCSQ@=O1AjfeA{-6ZuG@$JW}?c)KMaJK3*WlYpqR+9tft8d z9vIjq7mSlG>>QF-ubH+}-ZR^@9|t1rfWV{_YEl-P&wtj&W?#E|eR${qz#`FjfTQQ! z$xk!6yjO53yr(?LZ?kMnY;pLg`z?M){U*qM$-VxuJo{%BB;GTtNv~x^sW6oQwqi6FGqkqF*axgr?G67ANj0jU7X--~JSisvQUyS!N zNn;{=mG_2SJ6yEx0OpPxbQ!;-*RPO1uQsWUQ!4==v<_5ac&KS z_i3p&WRR1&nO7&il!+MLE`G=NP14iFozqPHxyRAsc!j)fcCyAKKx32hN1FF$P+8M~ z#i3q>(NE${9~@Yc{9|~DVK}c(eRhSquYsB#9tRk=85^aIzDgZWIh+!D z2)s>aNX2V>Vnb8PGVgT1>PG=>_l_|3r5rSL<-NY9x#5fU zt*rLj3+)eG`@#C$4HSCin8?r6AFX@PlUppP3$s6BJDS#ZP4^g=HkFBjlkEKFOCMjO z(d=fWApJiu6(9SVaQImm$|h(b($qvWW1FXZPC9B`_SDn zXDuF)AoBkGMo~`9ZfZ|OtJ7OB!$0Jh;%@xV6Hae%5-A@L=n z={_`dhFbVImmKR+t_V8o!R<4LceME6uf(4-2ff#(gkPuGjh^DWArr8WEH5C;tyO=e zPj|Fg z3Jr$R3D-#Ep1XJaZ~}gQ)%-5+)%&Mj9nU`cp1Q4#jvBXIV1B*l!|2(6u;XK#wK(C| zzvdt0BqG*1;I03C6V+cm?`-d3qt~5BK@)A2;8lyMO{Pp4%B-qMir-;jF!X)OVSezU zeWfJbokvjn4XyreVh(W-EsCD;p{ z3lK2{Ej!JuxbmDAASMAFxZ8uP#oObM0Koisw1>p=@TMDFuy~6Q=u`J@Cb#U}lJJil zOY#1X*z65?k!bU}jkWWchf9j^3_kE>g&Lia&BpDw=8|sF!5tBo$N*eol$4^j>gzo? z`uL3)%%(%u)v%@)y0!Uvk<)=UOd&(x{b{XUREl4U`pqTDsv`oYwIWYf(kel8MJ|s1 zHzF4gP2=vBJQdmuF{QQhn28<9ck$Ng*`Yex@K zmC+-0V+g9irB|Lo73xfMAMZ8peSt89PYLdQWcqVWHZum-p4#4JBO@atB_pE?x0p`7 zdBBxHFn=5xnohBG=Yn@Xk3+;aF&fSa$sQ>kI@@aQlbx_ng#I7eF^Pjxa(CH=USJb@ zi*r;|whePEKa_+wvZgU%eV~&_CKT`JH~Cpy){97euLlET#v;@f>TblT-6Hf3?tvX9 z;rs)!GNO*+KYHK(>bQ{h4}KodPJ46Bai?|kDwxoGbEB%~==!}yfZOQZfFN9rd{(AC z%?^8tdU8-!j@s5qBGTSqha;xP!8bgO((}dl@J_pvZ{$=?{MuVbBdV3xHL|BTX6?$e zCDY8V*3cTV@h|7KA224EzoqpR9-kz;q%&ycKu38*OXDe%53U`I+DhHV!F*sb?6^=I zcso!lw>I!=%4B=%t&JM<^w1v`?>1UK<@hcP&j=U_`n8j#ZFHl(3k%j;ngM&yV~i?C zgdpRhbHg*q{J6oXSgaTG=e*^j>u#2ov#_&jtAUjDE`8H^5xAMrB+AH8u6$sH-+-LY z-#7$*7H0~KX8IG!ZZWv1bnudV;YMOY$X@X`xcAa+)$e|F?4C|5pQ;oWitO9A_i=ZB zZ7VFFo(L~d2H6$lPLg+R=TtOr7{vTO=RLUN-Ust#y~>JyST3mhCz<5?6Eq_bR5b0= zzFeQM(7M4f^^u;iKF*hZgVeAopmWnJEv3&fp>dQGF9Ack+$lV-aE+6!U)gu8*90QO zrQ`kTU8I!isgmwUAAaWM){%i-*}PJw!$;3HDh8TjjUd%$W=30T#*nsy2WVc~-y91K z-I?v83UZ-yXN7Qv+yfqi?koQFCuFWduSm-1PR-LOho@E^f;1M31+oKRm)q}qZq&Y; z3BSE(`Fu;<^_F(`$xvcvpMu^A%2r(+H^FYm>g;xKc`?L1U7&di^~|Ta>%PF0%ppIw zC0Na+Bg6E2Vf%8s31l3Zru0#7#OAp3OgMj$Jbxc4%L$|7VipLUwhe4vb|Ocum&-F; z{gpfXSF7ODhL+BF)_4h0IyyQkHcjawY0cABCk$49K{*4|RGdUvM70aabD@PW|Q6^%uQ_=SMH_GUoCyDA@T<*CODm zmPp;A81c+fkDVT^mBURscc2?bI6aZ4i&`aEUwy7IE1_O-8miCEFTE(Z5 zj+4I3T4(7RxnRa6MtR%&m#k6SfO9h3$xmv?VOjHG3;o$lQiixq3}{x_AObSM02ryw zr}a#Owy(6JPv9J`(M@^0NyKRe*QhB>9)Bj>ZGyUnjSF@uyfH<`&SH83vg&DXYT|kZ zT3v;8BWgT)c-AJo&a0+gez<>=Do{QjTRmKpe-?(VDU5P3g+3YZ%Dz}#;{rU^?M?i+ z?-ZNApbs$B)8iyV<-ZeR0HLHWWF9Sv^%|Z?S(c9)GbMD}I7#S*xWJl;8S7p@g{O#tJAZj2U^!*YK9T46pJYM@fhFCpJmgMvGmy-dyX*KyM3T_0?zr5bPx z1`8AL>Xw`$^*(IQvB_x1eNAMBYRlIG-!Alr!e#5AoB^f-TiJ47S0Tx&z$(w01%_y! zI-$T!{`N(r8ug-Wx9~2xWSxqSA?1k5YLe8g(8Hi|uSTvRI>+(i=M_fe^{)B?iv-So zS%!qRDV9LD<=>kI*PoJnI!|fSWfo)!6O?u8Bz&3E%Bj6R?4KW)`au~sEUeaHwx}(O zT1x^Y9}J=GY;r`0%kO%XNFQ(Ruy9X(Fhtg_YR9XN&`#BaWRwW$qL} zrkvM-aPhQzmkK%481ucW~p^ZGn4juIzbM$VUQUJ_mfx2LK z2@_O(6^orZHTK!T6^6;XvCS+`gZccD=p*e93&6H6l1e+Ov_Er`E%CQf_|{_RCrm*q zTOO<%PaPQCN;GoaX=|NJ``+sE@vK)4xPHYPYV9l|f^j@LMsJQeaX-d_|u z$hr*tcr{X6@GAMQ&aGc*x&LN$>JdCDt=ZStC+fYP<1~%p*2DNo=^dF$Eh_Q_66r=` z@xA$U^Nk0uMWYRJXeD{bDWZX+D`yx^S1w1UNtzyC9{Kv*{JxH|u-_hawfn3??`CGX zeD)P|;>$-q7M&$wj#D~oQITs0>rM5P%-2BW^-GBXs}}HaNjqCr z4kWMm;Tt@O%aW!~@)d11x;E^P(p_3VND<4Th8{J$!2awW`TajI4oGLbY}DZ9K4_{N z;Wf(R^;$!}wVdXB{0VGg;98=Z=>;eXu&3&sxuYlP$!h#j()XiB$S#?o{nPjqB|?SI zCDZf$WnaI9abag51fNiW)7gOrIaYg-f|qd>PR0I75C;1 zMx!w)?eVD3;t8j{-)Rn6%+Ah^B23HyozFfFGxia{K%5~!SzT={{k(*EtW?88U z;W9;HOc|wHLwJbxo4AO8nXr|q)rvbJ_HQb38`P>@hWHo0d|_|dtMe3oK^?frk{HoJ zGxkfJFaq!1pQ~%vFe({@hvJTX+iua*I*~9?pbK?^?C>eJwAiW?l*uGlTd!DAd7-6w zpWS{0z;4nzc%ss~L}9iDEP|D%@bh;ZP={zVE|uSN11z*&@5*dWxIS@TRr%VLt|@rJ zR9S;~0h|9tji%CkB9Ejn(JyCFV+iwkRXU;_{&x}@H3afSn#!D8)t$gabNFrH) zsue9Wa3b6u1fd7_JHjfBt!$k$g3!1UpKAwq0ypA-zXs6fePZV~n`QtRAQ zdJ*Df+D#0cbk-Dx6{;evsv`?N<_N(@vL<7jID}}xaEXGaTW9s-Y;WVr@ZXBRw=OO> z(7>quw(Az3ay081W>*^*MSEopl{VC`8VDg$O&((Hh6r3~g7)?Pp*uRy5;7|nIrH!m zlDeTR2R*%scEhTTR=k**zHkrD9_2BA<>I~lM7u=R1x7XHMRkL*x-VXxcOvgd8lT4k z65;j=i6vOgA-yQw60C%d;5IBI*~Xzp3EbrJ-nT4;2jXr3TtKI#jUIWp1sE=VN^7=7 zEvTmDM+zv|Iz6i!q}i%7DVvZ95d{E}H#m$<%a^nAX`VDLeeb9sax zsx=mh20QLYpa18v#rMlb zqm!VW!(-T_)bRsry6!JjfjgYt{iuAD0p@-n)$X5dcKmhh|F)Wu;<(1Zz&+Ib<;&AI zp`o1j?|*7?7R@9kpA0e*p&5yZ^HmpalMeov!I%aCYUl8H*elY@?Fc*a3m*IH-|EbV z)ISj!XsYM%>6?t`q~THRalPPkqzOr9bIXj79M;y0K#Eo&P$7FpsdU)|`CHqa+L6X7 zYR*757G7(^15CK^!}kdL+bMtg}!>}LZZT& zLsqRnpw%iW$pKs@dAXm1O?9&;;R!FWl(SjOac-8xgH~(k%0DUpt@n^Wwzey#sB#22 zZiq(WYmG4HpUlt2D!oxj#_T^#2i4~+3iz#N-1#Th|C|0YqC|=#f5KcgcXtDQ$@Z^A z^l&_4V-tnfx@!jn1lKRipTPK;Av^qk;rT9;LBP;yD-)GO~A z8xv`pS0jb%fYLtwXJPwqO!xohE9z*A|W$m0sic-fol@`+r-I7C8Jq;|Dq>YufC{nV2~Pm z^6XLvhDzd3MlS!;!~Ig}Zr}`rI8Wp9tsxge^}Z!Hx$An*&y$?$!zpt8uMo%J(>&=< z&wfL^KGWPdFMCYgAI=9cY7v^3Xa7Uj$gdpb|G~zhf9XpZ`j2WxbRpoYBhJzXHOqVGzHxnB6an*M)qV*WvpS_JN1qg!U* z-JyB>Q2k!wxe+Lr#$N=gC7RS=L87e!(mo&j>u{oAqMk3*joAE$r~E&BYtppj*RF6- z@Y$08MV9K?Q#g?%T$@wD=dVyvKX3Xj1(B;g@okFW|3~QXueC*iF3}c3sq)4D8d1D> zH|FiR8r#v^YJZXKICD+|II}!f)!;j?9B2L|<6(HERd1TbRQyk#^Y~$i^Ix+ySu$sX zf`UjdT=TMlOi z?lC#qAjaq6)fL(aAUs{2=eh)PY+f-j^Mme9)1HjO3t5}As7O2f)(;rA!uG3G4U~y(?UF=k=0K$Dl4(tyt~+9%UmFj*~xC{y9jn0O(`0H zOUf9u)EVpY7)IFNw5+Up&utZmJn64Z;|nSbJUOb9EzJad80NGas7N>ITe8yPA*LBQ zh*gcDjC+&ScGIM4QzwaCbz_FrUd`uEgCbpejo|@7OrU44BVG3sfJoiRoe|D@ZkU3+ z5vJXzs(OAY+kF=tGr>PU!U>oLM%Q@ESvVfZFD`O#AuMLEGDv!;36;@A?3FZN_v|2q zGS3AeVnZsh-i{%B_aS0fre8!nzlUk*2=s-MgT zB;zox*7GTdBq83QCbw+avLI+0g<{F@dSaS3_fbH<0AMeN5gowI4xZ-Tmu@{iflxyn zzCsEG9*C`O`6ZW(YtEufHa0p>vJcEdvu_hIFsB(!T!ythzPaD&?4}X*t`F<1@8E;< z0|lsU7NdiH96GW$YPg`Crwp7y+v+tz@}c(X(?Z~#BZ{5WW@U;di8x-BtABXne{Mv? zKfDx)8Nv;bQ(jg9(fMpHBtjq%*(Xot7Z!@#O-veGj(v^jie756s%L2agwPH$da@F6 zQIz9yd56(?y>gik;$wPr#yS%MyW%oG-B)wdVssKnyZHTMT&O_7-)UK2wzx50^T)9w zryWzS8r8!y+PX^=LNIgRY~Y;MC+ITAaD?AD%Z_P<(asSl#x$EDt!X~N3ZUZqspfP; zbP9_Kv^Z>8A(doBqUPzlmTYv3_zz((YUYd zJA>=3Y62x*sMFoP8ncplM@jg^q%cXss#54>Z;Ra?At=)0p$VSAc?feV}`TE9l} zT3J55XyY{*<3NYRA%1+e_67y-!%HWMBQW`7TxIWGSepBfhZ^b6R>muohu&5X0H!_g zMl4q60^KcQ{2Qy$BR6Yc(=Y^fK^?Mnx*VH5?S1UOUNoX=a~(6eH`HkRBQ3-iYNA46 zGY^mH4n=qlaO~{koVoP{w20+@OUtFaJzq~f=^JOgn4k39pS)7*T7UknPH5~`oVV|M znZzUoa>3DaX^A)aq*mkgz<&zS2&|;4GBLDGQ_>QcfLvOWC|lR7vAK)Gh{eaG7SOzV z=0_ZUMdG%DtIYNfsD3+>@E^tFV1b%YtJTM@(?bOFS-G99$U(2UD>W3ZrgPY9v ztX)N$)@Gt@mmLt^56k5RBzzf%uxP0gUlwW+i{*U(DAT3U%CRuJU1%w{ayz}hlo=%A zq8uJQ=*nMF?c z83ZhR?u7QUj!@u{D)U*p{b&#lT3jje+T=F9s_K+)L#KztKyxfFDE?9&L==2_=*eM! zRA%shK6rbivgdbkR&v0!tfwtwq@ql;&;|2Dm}{R{cwm7orR}(W*qV$)-Vr#~j2aN| z%*&A=q3I#kROYzVthzvwU+uOa9ci*t6(;;6e|Eg+fdS8OQ0)coDabM))Nc1{npfAb zCPL4x#B51J&|))?o5rXw<7D!SndqIl9G4|4-267*#}*g{mhTWiYrncJX{YZN5>`KI zuOs)mG@nnk;t3kZM7F(WpL6N2ZAG;Q_$L=Iz7HLTB9g*ac9Bbo6$#y_5R@z!&v zJcrUjB(HJvCqp+#U-4(wAVX`x?shDSvxaXIBf}3d-GyHbrECYFhVOy*Us2j)rG)2j zL-K{jD>vt*Y-DGy`z89-=lbfsqadLg(yr+$Pw|Rky!xp5kSQB}T>A;=`2zFP!?;2h z>OlJy8slU-2Bk`V)nloHErPBuOETeJ+lw6VWEXagW%Tao?68U&4On)S;9|0VKG+W2 zQDT@ar0UbTHOUXBLvcYCYv2W^yTxJ*^JT|bKFIDMMcgcjspsEUz=$kJ&Vn7#f%AJcG zo^nJRi77V~CVSl#!4F-9R)lNtZmfKT(V|T57$)!T|+t3}fI)_-)_WoZJ1IL$y*T zP|jep%`b6^<)|r5;`rd$a5dGB=G|hjEq+`TC}5{^U1Pg7+d2WUX~9kSP{7BxkS5fV zSqPtA9vUkNcI}KY=GAq~SY zBJ6Y8?+yU@lap&_Dl7#?$L>ti5zHy${f`4i*d`-fhrgKcK1kKL|926T#$JAHbYv{R z+B;NcO3D6cP`&w(Lm_F zt(MlTOBR)pNG}d5FtS9fjwrQF_Lm%pAwA{~x!t~gRW3(bIk8&9ap2v+OXgBwDaSO3 zWx5xB9a>W9stoz0FzMw->oFvj)}0oVY~qyffl?Fv=#?8N>2AU^77ksk6f_I?=eo)I9wbCh**6oN$YKZ zj;HhOUAQl+4#O_N6Zclez!OzZjUTuS~Rgup{t8KXvpcA@#1=`J5b; z&gjR+u_oZ}814Ek--o7Oz8rY&Jv3)DGCqonXScbL&$)(PJlKnA)b< z6N)7kuTUhm1%~xG@V$D2yt#EMKX5&5+$%?2elcmSG|&|(;LM|CdE-w-t26H}rJR#Y zJx9bsw-pgd*d@Ap+t47H;9yGho1gXXF-hE6an57Kx5nCgyHBVzt1A@L>GHVR1r|aB z_4B_C)o@s^?Bb_BxK2P#PW>tyvcBZ#GBlPv5z=FrLIU0N{PSKqv^E9-}z*HvteC6t}t4mUPI0_(#nkts3* zTD5?B9kBp916hf~NMLa3YJ<{Vw9z4ZV77sjOF&bs-uGa~HaY zJ)P%2Fm7~It!x-N%lpg1^dpJQ$hHiRUR|%Za;B$F*$!m8y2=X;sSRB?UM-2ghfe6= z+g(yjSl|+45ljA#*J9fU?fdcN8Yu~hzM!+^$^*UR(ZkyY?4qOlxc*9yo_xl3SZmP= zcCF~lQy~sqnm2y~(!M8zg4hG8qVTAAuI9C4TGyE0g6?+#<+3*kg=8iYKP%-s9yy^G z)ZsVvpmJBO;Ya4teY7&Uu8%(lip3D3dEzRHD=U-wpYbe#c;c&1Ue{z?0!9<~7M;5u zAtC9Jq4$lH6W`kld{dWOm!hpWuC4?f>lYfW+^}-{HC=U`jUgth#)T(50!#vFX*;oYaakGmkJpo4kc=|Y^DF}c6&6p)R20upSyQGLfd9_Bq(? z)xxYdu529Zc_;%3P=MhvcXOmb;&GpK|9VRZUVPcjgO1;5Qar!f5q~XmiO*o_+Yzv= zgDh=8I8=SjI5$^^rBf=vMa}m1)|jaHI;DrLuzqr8IIR1n)@I+2oSQ-Z`JI>hCCJsV zzf)TFkuYu_Ru`LFJBD!---i2r5sR-nI9Vas9#dsGha94=ZP9gCW=&RaK4+w06fuym zY+TwL2%r`Iq<4}97%ul>u5uskJ;qNwe_7fs3@DprNF3``fKUdO<4|ij&2@S;8XpJT_7-p7%nlaE)(Is|m0{cIi+RjhOYp0)c(D~Gk96eI@;b3EUF{D+$0S*g z^IE=2Gl+(?_Zw2S3{#q|;U_X0H#Ct-OSU z880o^$ki_3CH)Ggc<#8JT1@va($?WAk)y@=Z}-^DP9%|wRS0m!@oVK8_EJMuYS_xm zyl;T-jQSd>%B4c_ipm`)gH#yaD0enYvXAGZ_H7(IjPw_C?y^@HPnZ#@8xAEw!cdW=?o;AOx8 zUrbX~_H7)x-!7anr*Wemq-*#4T2sUR0YLY6OZ@kw)qhjB6;}%OBf7?s-Pm@8s3@qZ z&5}~qQ2g@IYW#f-*IWJ4)3weH!i+DXH5)%V0y*4z`Jxn z9^624=X!J4goH$V=Cjj1Z0@EQzFZ-HkppSmBS^T*{4x#!w~zBEb)4*V44tf8W)2Kh zLeNN^1|9_qANQV3f8K2{-q6a%jv>q=Ul;1(CXkm<;WK-Pl#_)n2#o(`PkWZuUB5x9xWHCn8r=1$gMyv^+9vO zCr^yS-)X0>wmolD+4g;Qc!yL@#71tK`sRG>uT5UJA^CKU(q=94S|WbPAhEm6|D?~f z_%-bWuI!VaPZW7Y0-|x^r6oeA3i36yHx_Bom5Cjo{Yn&9C2F_U zf~UAmm-Bsb5{*sE4i=V{CHtKAucrtytwerOx*;K$N9VRz*COa+UfZ@uukWGzp8UZ` z-BD)FR*x3Ug3#xH1tX`y-E?Y$Xlg0lMlf&ckSl<(7~8%!HC;CKT)cSgytWe6Hlx8&~i*$`TeEq2yOm=ged@$dXm6t zDnpGI9)5MtZF~2v%!2D$`N@;95(*3?prkF4^H@8vE?`f5rP|e4z_Rzk=<$Ijlig7%^rNx*J1&CL%SHTT4Xqb;aSmGF$i@u+etvDG8wl%OtWMT1*5x7pa} zk#p|ZZ{&?sPJN!WN}~Qrjqu3(Pn^=a<=z?($M_ssf*%(djbVWK_N)eErh~Ohi*^Hb zjG~NqNHp!d+9*TEFVp`oR_iGw+BYtCb#y59^;K+fGY++!v`!LBVv$qgiqZJ4=gq)r z_-J9fgnf7KyDsr? zrj-SJ*pPMy8EE7yOY0|m2M7t?nPsscQd)oyYkwlV;aRq>mGf5Sa;jp_Ny=ajr7b6! zLGN5K&eYTwIcf^hZTWTGm#>%qy7&IZmk8q?J7la(vW|Q#%7&N9^F%h3nkRua(4y>U zcCP;cr`V3K81DVps*mVWz9b*z*EUb9*#ursJ_M+n;-N2$Z%vjvl3Z=v9CkAdP`@UL1uOAc?>6OZvX>fjs z&jNdCOwNl$oT$kdgF}z4&~7Tgb~lvv(%`3zg_%^vR9R>CfcJgAnDN$(q;(DN zuQHJYLUkpO9!fp2eDfb1oOdM4Mq$v`8wX3}E+K+jMmIqv+6JUm9VA=;4_pQ`3p)`Q$BGyjsNOnQ1ejfUeY$+Q6-3x6Pu13Ltz6J)XTR@_&UTr@_S44_(0UIDuY7cybv ziuDpJRQ|XeU8c=s#fs!vJkP;wnyjoB%nDKdeek(w9+5!1M4DNDHpB#SQ}D~*hD_OV z%*5nYw>2?y8d4&@;L6NGrF3kDU)J3XWnUToSR!Xc>$a*jj`=z zN^92e*I};kaN_9kzO~*i+hP| zhBDXH@VF`i=37%=c{@pMZq%y&n(Fnh{DXqRGr>87+FMSBN>Y>l!l$??f$vlj?k)F; zV7w1wq6>o=wn+4__m75eBkZoO@3h|~Cc|nOiuNMjKiM1ap(L_oN21&bp0DWz9tJ+1 z+P+(x9?9pj;LwA&u2}J$;hqZt--bGZKIqir63Th*;J=NHlTOqA&2vW zQPD*m9KU5;7g09$-4n~5-NFf63NIk9$KUfpptC6y9Ao|o?TGh2U+&gK=w%XxcUp2A7xJH873`FK9HBXsf`mzTc=_rqdnnM?ggWCZW4*lF3RBB+bybOl- zN7x1-a9BzOZ6;e+6lEW0(OmTTc&MH2ZkPHKvILEqD>T1!k}dBu%asC+WL5O1)XUZ8 z8y4^^F&U9?6s#s-T4(1RA7z*jt@e{Z;}Ls8bn>>=n=5G|r!o8qc*tNGpNu#I($3~! zn5|d8PI;??5}l!u3H*)_#S0XtZ`MBuGQ7Jz=(u%BZIs|+WC)dPEeLdrMjegq>A!fr zT-infSN0eO{=N}2GNh|+0mShXWzNEmgJsBO{FlzE1{cn!xw&SpJ>Gk?BR(Uy7@V*M zE3^S-rRwv=GvfmsT7~b6uEOYrVV8-hY<=HXBM0D<+f;fj)mtwyw&6m5%K*;sU99uI zbJj19`4&A@VQ992yS0hV@MOJK^tW3*#w6Kcmt+(A**EsgFikuQ{2h_i(kKPgCO%rJMJW zC0?_u&BX9L<(+!&n~8M?{SV#1xe-@gJ-VHi*D$f+_xSVlSULP!^!GpW1oR+3Ej4Ed zFYcAb4pnAUtgE)Z6+u|`H6M1Tuu>nTzq7peI|%pRB?D%(E{R75=NK6qQ{A$uzvyY# zKRw(YKXs$u)n|}dS^l&(k__b-Z*Y&RuvczW|ALmXEwZ31Kp-fUAHxJ`lThiBx~rOH zlI8n#Wa}~Z$Fk#)a#gv3I~7e}Thnug1&8+5rM=NgYftUbgK3Y>louHy@5yG>KyXL? zG{cLHjGoa+Uu1vP%v07N0WQk3_&FuM@I5i4MPq4l&EZKNhQsmEDAKu6Bev|WHxKS(>M9|%m$}FlN78=pKx4QRIcXHYN|WpwzOet{oX$x9^M!zVdsXjxizm3A9vS zgW@9X?G&3nW{lTMpJLI2)}}kU?}A>^OAK`m=znHC(fvB69;$Kr?7<}SorKtK5)W-nT(KrlgDx7UCOA8HSpL9mZ2EwQYbT5!lMr84S1 zQIQBAm!Ov6qiUL#C}s^XAvg`iKDulD5z*$!$)| zwQ{QHX315RLVo>f-y^J0CM7XtB+8c!p|284-)f!ZuDoM-kDqO@X({#D^|n#}KkUoD zkdc{ziv@z$5<)^kh+W{3@{i3|Po>fZ#Qorsgr00xn;Vv@Czk|R+{Awafg`w2S74u< zve5H)IejF4g227O34J*^-JCn2d?G9-p0@phsSBV)$5hrp*Suo_-1L#|;$_UJTE~rf zV+kgKSR(JIrKQ)0fwuBJgM{}{R|XB3-`)CSyu3jg=1#{mWU-&kvOB!Vq~6}ozoz)w z=qn*Q)OKw?g(}AU@@RdMb}a$tZg~oHH1(I;EwdbM>ktqU>owI_&B)!&#}v<`KLNn~ zb{>rH^H#W2Q_{xgzVppf#+df4h-BR3|YpH%f+nHO)gg!p4KnL04)4-ioJ~bz*L#VTS z_cOf;OV#pbRR%~48{G~)!H!_@2eb=g)ytny?Iy6svDloR+!wydh<6PF=jc3E43ulj z1Bxy&OC_r;2%`o421_(X>#eosg&T|ggoGzi-Vau10kXaT5mp)K{~~F$OFGQ8k-*x8!Bu?h@3mmD+}T zc1uj(4H&I|uYCIpHzli|JS(kU9)3^tX{SUnWCx}D>E@R0URlL6rRwW3he5Xuf~}i} zhna;F;P_{$=Y+>Z=QO7)X*_(UA0PX+Zk|r<@`YOv(fV1DuIb}njB>LMJlgvNZae;j zDmQUk&&3tSZqn}Y{sEQuuY_vjQih}l$5>yfqr=?nEHe>)#jF_hW1`-zGwC6-?O7|? z2P>P>(Bo;Y(t9NkD6V$sIo@!ri`n=Bl@GLNif&Zh1gigLdH&v$grk)c+6l9FqF#2T zO*9$q8`H=%3H#bXD*GZ-+u*cY1dVbt#HwxA79HV4OE+o^FkRQ0gS#DiZn>`PKf$i2 zW{W$l2+qOJ;Vb;3B*Aeey{4R{AC_1Vlg_$5A&))xmS6oM(jzkGwTuiH4p~uXO=ryt zdcCk;VFPJVDc^p?(qOoR9h=2&_3{{B*#jnHKXPPucFIDqerQ2Nt0)}BMYTFHB#xWP zlWq$6klu{n>OY<>{Je}EwHjOkMC3sBM*9LKbQl!Mlb(zu14Xt#2L}fR3A@{6g%`@L zl1do>{zis?HGl@ZA+*G!HOw`<306MBHL!M%2QQYN{hWERh}bv)DPFf1_1tWz?{~w< z_Lf^mGbN^1W%5->lx$8J1Yn79lFRYVt6g4!tH_(MP;N{p@; zL)P<1vZEu4tLXVmy>kQ_lH8TAsu=0bZ1vo~iDlMPEx1g<%ina-;c}<5{$$MiuZ4G-1%hFG74k+6wu^(O{yQh_&k#0KPf4p9aD&a$_9F+<^UgQ7&J;o; ztobPAvmO_wrZ;PSEH)QS%+HEAYCu%V@i{Q7la=^_SaTBGl+@E2D;G>m_#u)!H zVS&aJnAEzi?Rt9Jgjud{gi)~!9M%aqOxktY8){eK3%?`&q80czTI;i<^a5$GEC~fn zd-PhFzHLo`6PbpQ$#ixh5QgcAAhL9B-DX=E4 zO39M$c@7QtNw`<}87B6`o19pmj1z zyvI)i_}0P-ZniGvSlAnU^F+$_q?*cQPe)r!JK0Dif`hC&5T{$8_~L87VinA}!xc7K zRtxz& z6-XiJC97!U`~{1ZnVPEau`QCqXwVNK#DX)`Dk|>3>hD1Jru8e9DSUX;;SLf+&Fk(M zi^@tcQ$km}-%$C^e;DBbbJLZ((vF|52B2WfigvT(NWnTaN`Uim(WbXPZf|YGX0~4s zSh(mvd+OZt8K77WrUlz0B(p}9^82dMC2ek;-`i3URaI428AJ6nXxhZ!F4l<8o!r4iuOb9IMzF7zuE_4j>lN5Je z{d`dlZHd>mG!}f4?!`5NQE~1ZV6F;7Y08){R)_n&Z1RTSXs=1=a*iCpwr;Td1#8<4 zPU)2g@oBC}>>Cx{%4Q|~<&>Tno?D#)2wDedIT|!*PZK_980xKoUc5#OTJ}NX0EV{u zOJ2ao0pHKaW*sy_6P9itGdjQny>vI#R(sC(!w2dr-n%h~b50508Qy=t)LSADntiGy zV0DsEe0?v2Ci0mkq8CS;tj`97&SR>=%dFEPc_BnrR!N)W-GCmuL7e68t0KGJ%sRFzOSpx9U zBTKKTdAAazd;u#mQ;S*oqLzVth^mQu-Q!A4WXZZ%K`cE5b1JiDYm3r3ma(_}fEP10 z9}8oHmfe)Uw5?n^Bws6)6<;5->V|i3JQojt@FfqdPFJK&;HAea6#QoLpY)W>g<-o_@Z3)%Ib1VSH`f%G~t0-uhOPb8ksG{pQ09QLQi7ozRQ2WTNi+ zA?D3=tm3GK#ctQIQv0$qz{M+G0hU!v$B)rL@OweAfu&Pv)^3o+ zFt@6DJlAXgQZN?O%PJb!N$S(-mnEwmn|-g7zS5u+BwdxDBF55ok{oZiZzj67={I{Y z`S(MFftMSXHwyR7o{oGu|4QFA{hg%IFKswO>BIUfx>c@%`Qeu&-*b(Kl|ZCljS*wM zG&9jyojXr4X3I7>l6jeQU;HyGSCgY;mn<@;>Bv=65y1QUK87l2=(jDA%8o_udc&Oh zn7){T1*zl4{;c5N?RU2MFFXvifZ)OBF$}^+EH7Mn%qFgKZ=0HH7$3Zs5@mk70*Ug< zyq81OBjU8_au{a9WAvVO=kv}lrP))Gl`a*6dM})MB@SaSB_@Xb-IiMhb!i{9(f(pW zXH*J;w|ghdu!iyl1{wBiBSc%hw9>xbn1ymtQ)~`hzEYW-PS2rE_nP@r_j=|kRqt0K z$c4FJMq%5;#5ozHnQAcRjpQ#Ct97JTdumjD5il@HY4Q{) zckG=+(W`#bbRy-qA_=C2R^ASXdF$Gc7_5MvFS}XM8N5IIsIhhZmA}&o^iv~%7{W>C z1-Pc-cBq?#<-M<4h`M`dXPFCi_Hh`VaJF?ms?=#V<%wCFS8Za%Y8upfa&aSUN9vx# z&bV%8lrnrCf(4kXo2y*Ysp0ks0pH)<#J~0P*i0)km=SZrG&@&&Z|Q#?9^2_k?f1vY zk%1uOsZ2lBvj3Rs_nW6@B3MY>_MdKES_6{S;%kW-#Z<`;gnJqdT6Khv1TrqXXFf1e zUj%p*gt1h~saSUaPLqzIDz(h7ul6x5p6YAm`~PZ+`l@h_^H*k)=L&xxiP*PWSMYpG(E4NyjpSDeX5XAac-t^G(fes7zg6u&BOlDOx$3$MA9bKIT3={b zMnH%Em?m%TgA9udmF;M8RAZDf{PT?4t*jIWYW5Kh$jpHJP4N?bx>uD5r(gDSrGIi& zzOP&^j%;CRNqMH;HD9SGx#V-bdMl@8Uxv8*(JMBwY#K{&owv)+Si;+^*K8#b(DeXzpN!9016t-U<=;&Hv}N`FB?M z#47MMDT%tr2ix8`kT0lpJO4R;r~3`_Gt&K@cZK~-euiIu{+Uq8^V~cYXR}D;`ywD=RCTPJNm5U0!csxa(5Z+G=d|nwtKuq4`VRmBtBU&%S0% zVZZAV=S4lctbFIkKh4iSMIUednXbE<wLf_H8w4YUUKSzOs$e9EM(ey`Fw|`1|{@hDRBtOu* z`Sxll7qgcq$G=p`KmF40Q>Tw1-AEa;q57|(QYfZS!ts>XH%93;>7q)}cWe7FA%4^W>YNa<(R_;Pbl3Xr%~V;O zo~^Ady{bpRUiH*Wp=d2=^3vlAb(4&$RR7Ex{=YD2sFKdthOTUGZf@PKTsy5xb@%#v zQqlZx&G!pUDgQh2_*Y`c`QEDI->F|R$U5RmyUN{^m6nz^J?5UMB)W3~C2XIkF%>E{ zY-$QQ!9<@jBj|?O3>R%}ZQbMJ(`ZXcN-9uJN7TErF@dbclyZxUi~0M8r+I5_v>gLL z3a9(&QSP_#@i&r^lHvm!L^MKs3ng7^PFLPz9^Fp6)ID7LT{x%V2+U~;=U1)ksj|Q5 zD=WifRPG1N_=)K^bzZR%sAdy?{%<%L|5{Ugymd*RGoUos@@k>YmED`2<@N!6r#X+` z_mp0nWFRg;ZbtrVdj2hitZn&ASMC~5q3r3ZfCst1eBaUs>hJ$8?f(-G?^2TtPrLOr z)#-}&x&MU=T+MJlS^KY=>c90%sJy|~4EOekoM3#(xFB!a&hSu^=dvmKr1xQ0?umL3 z;dJFc>iwsMu0+6et>aL85TUcL&vlb7IVA-iCx2q>Jln+nQdR7P3qC98QTRQ$SxN90%%ggc=Y(Lu8uH#Te%wX zgUYW1H;eCOFcKRHd%j0$w5WWbJmekSB1jQ#3+N*!z=JQYGnDa;2`R5PJI)HpiMt&y zBLL9Zroi=L-l#j$Zp=jSCTAJq(R#eW4#F6WxZ{~+8g1cjX1shMamw<&r8xU5PXA5O|+-fE!m%V_{tu+g?5WFIwAPov|oa$I=fR|Wb%6I zGTG*3+Jc9udzatKx@DC0{Q2xj_damWQvfbi;W>;Pv(Mk0DYAx#+AAs*QK6c`e9G$3 z(JYoxD2iK@L_P~qi{M~=(~NzAIkszz1SQicckx(%%xj5{kCe*wKCZf#4cBisUyWF1 znJ+8ERH(Q|GHm$q&J&Sg;Y;h*NnQl#dpJd`S8{)aBjELq_4;8)2M5m-yv7y=t2mL` zQGET?5vCm>#G~9vs}%;&kU25BC!nsZF6QCi?a2ec&0^jRL#(G*m!HVOVF_%-TK!*2 z<0lqQ?X1p{4<9~QNUxI)5?EMXhWDlk=X;^YzstnI;c||%^>b}q zx2_srUGANw74UuQeo$i5&ECaIOjE6!3skR2MW6p`Zlt|(tr~bJ;1{+v%^!1l@C-zK zkDlm}`Fyhr2h$R^o&xX0xL$ChIph;U!K>sWLu3O1NH5Dw{NN)Hnu`Id@hUrSqA|S^L7h0kI^Osf z`{HVcy;$V5&OST=U8SqHJ-({~wR8{UGh79$FbY2}C{C5(KapGNm#}LPN8*cMFw3p< zvD&)7`1r<|=Mo}12>WxaZ{%>+E^UfYP)Dbwzdt5&CNvsjxGQC!$msDXJICqVxi|mX zHXn7JLBUAiQBp|D5&S){Vf-5 zjmKFzfaMxG?bb*>o6ZLlsJ6MjcH1)As#;i%1aXpO)pW*+NF=8{zA)VS)!sL`b#t)9Ve{ASI2Q zb#XHx{JIA)Gvt^PIPliMxx3;onMNAU(6kYY2(G%jqZXM<4*Y+J^`{)Jw{%{zqz$(1 z$j-qFFS{cCrMy1?+$h#Om!w`hT5a2dU@~-bb9=EqUB_`lzxt8T9es}{9IsXRyMEK| z@|E@9dF(2_!{Xk4X!q*3rvdAA40rpFE|jciV-8~qSpJjsivoR85zoAZRp*Hy*J^T% zRn+csT&`WGyGXj)ruK1QPiLnSbp8DyxlWlSF6@btwTzSX$Gphh3s zTY`nAJ6BM3#3F1AJ0Pa>)d7lS<L!nP{eTU1UMqc#(U7;H*o^z5W z?UFx93{4g9T}}M2dj2nRdGLxP*t!1u8^uG2f`lB3_-* zHm&8s@dizH0Hf&T&@V)C{5<)OvjEy|+Fz5qk9Tji+F2dpT(4X0-!F>Zm;_n61WkgG zH6hWl$3F8ySH{ga#Wui?u7cOFI)-We5}v~Z;Ft*#K`?M|1BAn$2Tg1?=!J53bHFBfG~?zP)>+P@X&_58*P=&M=9$1p zOI&r9U>KEq(bXtBx>X%J%_A9uj|-&->wFYo*Sk+IXn8*_!X0r_08RXuX2x z4g6gsjbPwPvnX|i)cOshm}aqY*R1T$vhstd(fy=x+3EkRthGZztC8*~yr)(;Q$2}*+O9FsQ-Jr(OZ)r+u-9iWhrUk7JA8z~{>%GwYnh|oN>d*iQ3+Nc zJtTH>_lj7wtB<@yW&3hL@#84BSHE-Lk>D8tgsjjW!uCNq*aDgUzTzTmvj-cVqiTO# zp`U_|Oqh@)m)J>5J=hBZu6%N}K7QE_+(QdM-=KFQf&>DcVuv9bjy)AEGP|A z)=$=mxL7I8xi*NiC<1r<|Ar9`LcT^UC=mJxEg|J8(WCl(2{Za zprz27?i>EZW9qhGHY)pAh`AZRGucjr=?wa8OKc>l1nb$)0+u8d!`jd-v|2hv1J;{o8CMfG6c z)z1=#oyXQS8e;00DoaLROcSoZ%B$>s>_3YWL#4>>QpvGX$&c0Re@_cXo2EwOl2Rv5GeK?L^sLHl z-o|PujA{4HzOV;=T?Z1r*!O~7b+Xow7<=e&1*_cAeim@6fC5@AeKnHm!d_Jbemj5` z8fwW)7slxIkg-YKBJgN-r4c{wX}u;C62arMn(Sm`dVr8{Snfd0w2Gou?$|5svwNai zD2Pl(<^jR22TK&V$znEE^h9{UhL(1t>f-AKq!N}V}%9ggr@BW!ih3KwOJ9M za;*aqeXaGzk8oJTkHqX%sF*Jao#<-&+U`;_bi!v3QzLfS^c`j7(#x}n>~#X*m^7E9L=oJ zVjKE|{t!ObmcV_#@qvo1zW5^eXyg)bs0-a!@ual1eC5@xz5Oac8Xx}?<34Fe{pyY) zz<|c?3~FV*#3$rWTil!Ti7$-lW+{Sq>V+oqCuT8V9E=$=vf52 zkrI3z9@8W(<~SoGR9(u??CW+A3LFEoUC05tmCscK9c|*AaR)U6uv&BR==xptC39g1 zp5NK{ncTTx-*3^k0=uX{9Ygle!CimlF0CB6UYr~?R*UXdhL?lRGD!!tWbch70ta=7 zv=xTt;$oH{jqAyHh9SX2qp8@o3Ec``+2nT8+r6`{S2JA1g9iu zKoAc3YLS)aaKs5*PMUyz9w2hM1z=z+Qyv@3!BXX-yoN5g7czeHRDw2`_8KmINGEze z`iT0X%4Zjf3g6w?V>bJNL}a(%E9-81VkAIQjx&}!=yp3}gK1_+R}4rI25EGh9F!ou z?Eqvg!TQ0msb&hd$#-+>-a~ zxGyg#j2vxiS+fo4Ztb5EfgF}h?b~MkOM`w}nMuQ%A-=ioNmtrqB;g-c*ocDy+GLEfGip`;=ngh*t24##RK`}n`KIGxuM`vyqWcD zOZP(ld&cq>!OiZi()g}$^Vr9A{)?DzI1`+R6qA2efFC5%7T-I*V>`%OrPjthP(qdKC-jiVI}Q z5^s^fk0xAo-ZO6lPNfO*#fz+cu|f}6JVoOdw3s8=RN7c%y=4UU)~dfwB|6VV{25~> zUN4RwV$q6ZR=E~Iy6jrD&v#X`1@=)?1wN?7WBrMv>_hh&fx#m&SNO^Iu-w7pj666b z@aD}?*J<|G?hqX5&XgWEAIGOcHi_w)=Yzx}u>^OziLB=anB#?29o+-FR*@2kak<0P z6-(`1Gh=MhM7Vj#di;cAnsIZ`_NXDD-#pJ5nd!Xifi0uTTi*(a3aVer;5G&AtAbWz z$Li+)sCct*ZjLcksd)ELBX`a=M2(iDCK*P{Ww;m#|H_gr-=;Z1%`V-Wx%IHzqnio% zt&(SaC&y#@8gOGHAN6t~B${lZ%KxL1Ul#>%UJV79GItLbiy%vdfdjo~k54{K;@04R z=R%VDPODUC+843GXEmd(QclD-SlSJ_Z=e>qUWVQ7U7%oc-S^-Bmc(a71vYU3NCOtc^4M_oYM#SA^Z@E(^LzFX&%y;zL%6jdXoGBFyl5C;P z6&di0N;!t&5kthZ>lMjTA4sv8m(p^drh0k%b)q;vD!j*z{gsse0l#QOZi1^k<1qq~ zxS)#6?GrEEFx}4XP2KB?u3oV`(3FvGl4xGvnn+jF9*dd2OZBMF+tc5x$>&G?A+(U| z?Ns?1qSp4c{5V-|htnfK(kvW_(#faP(rUjqwqHQT64B{E!?`h+KW^-rEH9;;+3I9! z?%k6uIzxq!Wv`bzN=jc}=nfKSqwgX5-#Erl=g7;kUTfMpT#;T$mv9^@a4y|Sw`b>{ z&7r4`NGRRW7Bwg#!zY?ax;hh^MH*6TSdUJo2bmh4%rJ(=a()1sUqM zc$V?e1Iov`LP7sU9DDqH3178Ef&v+Zk_`o5x$&Xd?mt+sJSE zx-|zUX`ZN*>SzhnW|Hm<3*x}g#-=`;YJ4?yy7DAnDNF+ZS40-Tv%x&9@mEVfY_6{$ zh~aB%qXFQ6oCvk%W%!kg*^GT|vLgH~>rsv9&eBGKY@)+Lt%Z0jdXB$B%Py)kEJ&Z0 ze-2~|Nzohb2Z{_}vrC!f+amG&&Z!3GVhd19VN4u1+_Uh9E7k*Ra1Vod#r3m-ZI~$>fXF$C-5H8pQuT13_} zXhpA6NQu|`t{@$zT3I87r{TYL^hb?|qmNoZdg8f8{pr2S5jGlp$?4lm2j!WXBpC)8 z4iPzupe{LC!DNKrATf)Q6$D7nfO*Ea+g=PERat^ooe9W|R$yR$Lh47Z6&-9S5Nn{K+|zpjpI|W4|L#X{kRJX?5KtKx*C2m;Z*mO;84)m5 z9E$EXt|7_+QFIv-m%a;IdaU8^;ngSWyKl#;oy%Ldy6gH^2sy(!w?&W3980`qJ(p#a zvM1OC3{s8=UInwsz}+BmNO62V62u@7DP1WkpKR`$c!2IIg8xcQ1?K7lOzlg@%iKX?M(85SEB4c zly=*jpCnE9o8)!p7g{n^u9mu)9a~J01ZutQrv&N&K>gfUvlsdvFYnXb5>CL;R8OW+ z^T`xj>A=ZMZR9D?ckj<~i)Gb=;LSJvC|CUA9 zfbhtk)gMWW@3Gkf*E8^|E0kgLM1#z|$;MkvsI5BDk~){y$6?BQd?7IxRa$8>T)nke z)AVgIzD`8bnel>;CTMEPuDqqWt)3$OsG$B^3}qWZ7SU36HIno`bL=;63#PQp6WPak zjkzmM;3>>%uKNscvqyLLtqac|X2n=Imm4@oNpCc>wF{(gOZS&?vd}dcUX4cc&+~e0 zwTw+S@V~CI^f0_>Xah&QaTgg_B2{rRnsa;ude7y$viPc{0YlIBLMRrOBjnyW- zS8Tl0&L7#p;+9VhTCtH7p7l|*Cw|s9wbE($rt6|;BErt~w)3vIchUX7Gf){qfzvNbgnQ>=T2r2;v4`nPyJI%10+gpN%n~i-}b$A%qz1+}|eB zFZDuuCjjVDo2tT!>BX>He;u;tu;@Uc_bp>U6PXO+IYHXIZ6{=)5tlBu;eEHLKP(Yr zsFx4@&8~@e?((rJ*d{6E`CzM~R+pScw`DgSk|hdu*EesFl-&}TW>+>RSlwhiu#&;4 z0Wrac^`di9%i?ic*pTo%h~N8JL}1ZzUL$X{nZE2@0k)Q185YXnkOObvx9kR(Ez1ez zSw!=FJGIQ-zX5u2gd)P( zBImlfw*=VEC?`giZ?6e6HM#ZcXCTHTOnHBia`|0w^L;VIZhX3!r&&o=komw=uWLy6 zPdIkueA*L=+N4g^I8q}qwFk2 zH6%pz;$susK5(6m6RsvtGLntW3N@{D$j13~WYL5`M40>0U5_n1DH7k-bTggv37!Z0 zuWd~dc3P|p<_2OjViBd|*AHdmV(PX$kab}5MAdrJx#Cuvz^4*h9S%cQQ4$9eMVg%G zHOd+(*vr;sAG14#7JiG87Fkq8w*i-W{nA$ZGI8)5U2tvtW9iorS+Nf)#bf&WAtf-{*MI98qenZWJ7+ni&NlX zN3FwLaD*hK0y~P2#OS+BiF<$KEp%udz_63}tj>x947q!OMnQG!J-6VcFbGy*2EyI6 zI-uL#*&ih;HYKSkUG4LZI)pi~hr1Mil779E*AH1g&d!r;=G7swm-&dYjvBYOv*X!L zy3X*AhFF?}2Q&OUu=Yolv9W#C)?Y5_=?0YacqxI!Gs~CEkvr{K$Qe$72p^Ss+OBN{ zcvY*SMguj42^%+$9i*U&sIQm&lq-8jS7v8B+Sn<-ZMb{6J|3}MJb4fIHFBBXPqY%e zyS>ubUoyl7Y%hJE9E)aQ=o8{br7u@SP}tc(acJJOD|5|gODaNFxLQu5oSeqp#M#AP zOBW2fy49*e_@{RyWcy|PvBsWIx1oAlO=LhI>o*&wWc>8RVx|U@ciH7XndF}iazCGg z#W09ZkglCE87ecXdd%?>zmTYfBsE>6Ih#?}k%`PE3D&{gbqk6%+Ep1tmJ2|~!YPJ* z(rnVx{2-h1`p@-1ykkhr-fp9$e@9J!q}vQLHGISK;Z-^RxD}9%TOe^r4Y)`>0HrL$ z(smeP?`zGlPcSnRDo#9RgAYFg$7@l58Lt4P!*}k;9E#`&I3m^;e;APO>RlrdP(_V; zD`*6F6!!@~D`qCD8hj!Ie04&NQ`>sDl!m6+<+* z+pgj=CCc2io?Kj>>9r5goWBAhW_xPgHE`B`{bvSS^b9(y(d-?QrzZwHA`DKpRqPpe z1so=kAv=Y&qF%=G0Te%B;jr;y<0W&NoPjL0-;*)lGy@9`Z2LXL(fXx^6Y|W%z~& zZ!jNg*P7J$wQe~sOZW|1B74tL#LV{XMQ0HzZt$swM8K8j(hoF>1CHwS$~f{|(!Ucv zXngL(YvVmmyPWnSrrGa>lfez_5ek366`!%08dSzCXVgH7g$CaB1{tC=Up#o{>Zy=< zXl=J6g&bDYEiiFSncl=q*6nBDHZO-M6Hu{{FMm%>76IYZM#{=%)TpDx@zgQjZ09t= zgYYCkoEm@Ba(5(PlZzBrdIj+$E`zV3r={F(0WE9SgI##dvK+YcO&D8(;S%4vK@k_T z%9#RQWbS^9O`2JP1jru?!!%}unip*$_C!Bc<;-K#EN^obLUU%#lZ~A?IeCMk2q(oq zTODn~j_379|MVt#mCv~PUkjhf ze#*yuE6D5!1vNr`mbQq@tL`<<8}R^**I$GmhGAIBUZe_#YPZb8q0@d8Ff*kzVE2ZB zIDKzS!RAa05>vBW?wXCj`XnkGuO9{EiNq%s@3f?#wsMAtiR=U2g4L_ zUt`qZ1^I4qXnrYSJG=VGd1n_&+8m#UF2ija8VEduH~qOgre<)ivK-CttM^QJ(3W&Lj zFXPgJWU68$r0te?nU*ta4lz(iH1;a^eml3O+&BNg==QDB+U5miJMW8Kxl7tQf4X-W z4@__=g2-Wlb>HzoxL$*$Xrx^-huc~voqX`I#Z$i%1K_k^8LVa>Lq~SR;4$|mpZa(G zXIy>`&m5xmv~9NdRuHibh?GU;%Sa0t8n@lTXe9yHH|B=Z?e8-80=FvmmG{w=(P3_25jUcvlZe()TQlrU z03-%Z6gBLvAlN#aH%QBxS_<7)m2zPr2#jpfUUHLkC}`XpB|@ZLiECtZIH|Z(Ee_1x zH20Qcwd?Vu4twfp7|jrDfB`Qm5Ajw#DsTSwtHfTt8R`R*w>sJqtt^W{d-QWO#mVE3 z^eeV?|1|(cn zadStqOTTcK%#D$mjv~0y6=_X#S@>c)YvT=*wc`53F|_7!%nS`1Gr|@9|KZ5}uw{Rw zqf*VkhSA1_uWR`VTLiAxb@rtn8;*pV`K-`3EHTm$o59?_tYD7I{}iYnUeiCTMgFI^ zM`b@Cb;IAaTwGk#F*T(pjZ1bH)Tis5Q^elev_wbm1dtEYiwwfP`v8&eQc`G1K%2^l zboC3nt3^5EE}TZe8JD29P#`)HccbB0 z7QfqX>9Xu*{U<>`KX`zm?j+TYm}UJ%=6~V8z}9mwQ?9N0{W7Uh^QM~j%HW_Cl&je<&nrl&+S~J_wkPK* z^OU*KroP`IsMy5C8~WE1$%WBlrhp%r=l{f=fBo=J|MCoU^Dzg|DV$wi9{fKEJgc!E zI5;6-^GRrjaeVVl4k`t{x>4QVfoC2b9(f-=*t8?r31V-Qgo(wrQm;Sv;RunHv8L* z42H6b`su)3SKcfkhMot}|B-b$ohkk=ghi3?3h784ar@Kd(Eo)#s7uK zzD~EuM6uIdUsCKKBqXH!s3h2(7bO%cuX%erZYD|gM`HRXZ0KL*T*d*@RVlp$GjfM zo+mXRmRgcjPsy(To54WA8=ZeQIJzWcz~G(JHa1Cr7#nJ8YEf+0WjoUBC?6SsIjNLQ zX!t^BXJ`G%C0Z;h&_ljm*O=CZO!ZE6Ne6e%l~O%qN7!2?TqaGrCdJJC=nNHyX8HbY zS`x6%KTh%D>3$D#F5z-cg4!+tGg4LIvgePEiX#C}qXs}CRHykN<8$Zl2AQ6tFg;5l zSrdx7tny!M%YR$hXj6R0Z-o|cosL2Olf2yb-|<@xI=EA1YLd~~y-vb!F&n3!GCcDf zy(tMG_lAZ#?sN>}pN`!BzrcU@W&h_EI27YwJNE9B_ANK!l6txbS0Ocx@{=b|^bHNg z;!TKtBfXuS;hCA44p}L*q-J}<_J!(8>r?i%R@agT=3h$prwX#Es;cF;mh;l1iG0G8 zBfZ`Iv6*&#dA2>tWOA#DzZFVhFMKXzfBZe>BtJR)d&F66>l1le0zzN&z>)QR7X=Dl zMEQmU0#b>h;iKPvPFn_|rlp0GP;z=tY?C)exzgDa>W!CfZqj9q*eIw4?k#D3Y;BdH zJPcsv5fRq;kOKWkmqff9O0*2-N7e!7?jey#|G46k z{+4;|?I8uB;=>0cf5C|TsVe@h!AFTJ>O8#BM@L6cpi|UrW&-?sJ zeU)1&dqDx|p3bOdQMcbJ5&$_Sy1LkS(J{XX1}8bG#}`Cd9Gd^z=Hm~NX;eZJ6s_MX zNj7yMU#R~BN)~Nx;K32Ywq zt(<0#OOn}>S(?K$oj01YA6(TeafI*)Ub-(I6l}R2=Q?D(e4B2Rg&_G+{4}lg_hNQB z$qjI16gw@c{_&oWa?*Q4${X5F+2uVqOmaR|Q6Enk`G5TYK(haMK-+rEDe2`Op2b^^ zw^{YJrxnNMDnC1*2||@Tfr`%DNE>Q3u;87m3)oq0QNjd#svIgP*ded^#l-d8nM5!n z{jpDooaw5j+M#2x?gR%Mr_<7^ONsjP5p=DU##l{fkX<~Vs867XjSz<(=`L-R{$ zlK32JvTJtIEk{4~9FaS6zRPWmM3fJ5h>#QQ%-nou+###xQty}R8R-vd49lQP419^{ z-nJ%Bj&|0Uas6sq1r{NQrG>_A_ZCr6%58QMf98M3zYj6fpFN#i6MfXDdd{pH0lZVy zb`pzF6bk?TB7DUN5jUcF=pz%nyCmvmcu9mNGJX(a<@^(EaxvJz)&(mA7x$Q~j~q|CUPp%frSm&R3hhh~+l+5iPeEZh+z!Ri^cX6Y@@hmG8y>mN zif)xp+QWYtYRJ7UHt+I)(f`N<7v~dF?r5YVCW+_VFu+Pb(|$Mc&ai@1A`En?o|hU5 z!7>EvQ3)QRdh(uS$$_vj22TPL_Nx)VDM!KQ8Kh48ImP)`t`}e>Y;L663{v`r8bH)H zX=$KcKEcdAIeXqB(%&kK_g==K7HA85zv)QT+!Klos2QIKU{8v1HI0J!O1TUQiuNN} zLQ3hd2R_6bA<{r?mpQQI&6_SHyp;Fz+0Dt!Ch3GGy6ncoyh)#wUqA{-PyEa*3!3I? zaYWivQWYlvu#y{Oy{#b@{gPZfB9w%k0WgPfR%ieasd9c!F5a-2p{;jX3S_MUfk5oi+p3BHge>zHEVl^kArEja{He~?Vp1MbNCWG#U0Mnkl75hgNiGC5c`dj zRVp*3-;CbD1muqeECTj$jVlm1Dm#WEa)>Q9T5O801WziVLLsEO-}VTWHf>e&2osg6 zBf}+kSbxttM&50*;B^j!1P;1EJhEPUIOk{!jc(k=JOV7Bz&U&#!-P19)vNwEAk;QK zabmLrzk=^TUjs>uB1W;4hqzGmgAQFqj9&g@7% zOMj_(IZv0&R`Z6=-u^g%VP~ADoIl$}hW5<>{xmZxRECN&d}j+1gUN}F9k63$@Fl3yIn^`UJ9}AzC4h;iLc=NH;6lUE$o9%r} zIPjIPM%BuiLhYIyas8acJgdoDJpt+Z zUeg!mBjd)2%iG6^h@!%jnL>lL<5x2mAV6_Bsx&_a$cFh|ER0SGm%|B%_0jG|=Xfy3 zCMV{xdwG1S><|AipXcR4iUFux-x9Z(z1C=uax7CKM z%jQs<^91GmXg?e-Bs&~^k%gryC@AQvbe*2xOuE0&VFninO^$#ZC~g{iYieXIu1QzD z-d=_@sbn%%sdGiH@5zZ=oBwFL;NITvK`Rn69|!az&I1t{QD^#+XP%rrBl`5&P(u)T z&WgK6)!{XB0GMf;M?|t-3+#)l-$wN^xW@rbsx6|MUV!z3qL>6?RaA~8>0Jlw9}?07 zLE8oS)}yrNLEn_omDP^@Cnp6f2BTvTdcqSyyn7om&OAGEuPJS4b+m#N9~%W{KID&;2u|Fp zrj!2)6AA1%ik?ZJvQzJ-*`rKIF$lF`M)%nF^ zEvfa|RQj0iDraOD8ATwSd!I&J(aALbUay9h25yomL*;}T3;jgf9*%8xr$V13MB+wL zYDkB3@$j#j3Yz6{R62X5j!aa=Mhb772#Jn8!q=&_ExWhtydZ9i4Pi$gE)(GJs(c#f>2RQOoDZmYzwWd6g?;b;btx4!jmcG;yCL%xI zo%K?wZAuL)o+mDRScj_PsKg%gd?*x`5^oRbQHhJ{k69~(RYnk_L$G0!hp{YdfULry z5Lj)apM^%|;+kyHlzfc(d4;-3tH)PasvWeB$4es%TN%#AO7mG{-t z%1i|&(T6xBuN;y}w>-P^EEDAJxVAF9p`*Lwx5Mn~EQ0p1mhqkW+Br~~T|tzN_r#=Net;$bs7h~7{2^OO~6nxNxcZa z#w4vYu@MG)Juyq$*D%Fd*@oR%nf)M=neV$7287O>*J;pMZhQf{UA(Z4UaE_`!|6&% zwmcBcgXJSfI!?D+j%q+y0ttgui^9CwyWY|K_o6HMC8X;$&nX8h>{-+-BNBe7hDxEw`6a8X}7m$L^-vkC~KzSjq}c@6?reJ|VWKplvIRnZLtB!~695 z05$(To=EI`2Cd{SLyDzzN$Z1e@4^6sxe6r{=g;;>WQVO&h3$ZaNG&TbR<}cdy?Aon zSE7jbK3C<|H@9vV+gN$mnCAtIWZp~P)9<~<6~wGGlKrI4lDO%ri?t=STs7LS?G&YO zrcgr(DRc4DDMjRKpnI3rQl{rLB_*t_Side6JXu_Ko_^BR`eh~a(o3hNv1!4RopDew zY%S41cZ4^@S&m)FvY<5Mg#*E?uN!R_BrE36{6e?&sH0WF_fvS|(Z}&cuR7cZ-b>s~ z^{tud$4wU0#OgZsM^y>V7J6}(Lf4(KTP+mR;+1j>v5oeVMZnFkdxAc&9#T6+5uC<; zj+QNs_xO714*n5vHD(`@krSA5usbSIkEylak!y2*(K+zsGp05uY{hqq4e0QBrE&2D zgj?Mo$qOc-LJ%N(CE}xca}J9qzeaYr{Oxc2fG3Iy`rmv6oeubLlQmV)2Ki&g-Ek+T zxswQ{h z-=2E?^)@8}62)YenRQ>ndX?ojdxV#LW@?Lth{gxe;Ckbnq@d9~*grq1FUR7ChBPGuE56XEhtR9`1`@^g$JwY_nF`W=vMh+!-P^p4I*Q zOg_X@2Ls#$6fm_*apKOl?z|vg%!wkKaBp8=X z=Tq>7js4C@GXvFKOa<6D+6h&@$n~xvr-mA2ds%Gp^H-9IDn(!1)7@T7>Jr7|z|PCz z&T^3~*+=*C1~}s5+kzPNMB?7(VQ>@?P(`k{-{EH_ z^H6U_!j{W3{b=s!vGRsXqIws8(f5Rq(CMs$ZyJ)`Ys@5t>T-JajhOV>aHeKv#*55DJk9k3mK*e@ zcFAuB)YX1d5LLx|?#+y$49bouap!#5DOGeo>h6?QR`B3lf0BKW7+z2z<2wbE{?NRZFm2Yqn17=M z`*l4-C9Fm(t`=ku7oBLQZFxEg!WhP@uQK8h5umOTBNa`5)82bkCKwy5Cr>?W1{`W; zhJc?3QLKP*abVA&v-Kb-D1T&|jjch`v=_fuNotsJ&I42_011eO|I^-eM>V-E`+F={ zKtPZp(v>0*dao)10*5BO1tHSgL8L=+ghLGw>75_}L8{as^&lw%0@7OmO=uE|5PE&_ zmUYj%_pPJe$3Jhan}4&v`My0fd-lxi*}s7;?@8b@6og}l90%gtDj|15-t8yWT1*(^}1<=MJ<;PiKm+$iAg;S_I+YJh|r$ z;jcVVg~t(IwtJ#=qO-#Ukv4+4EbGogeJ9=m{w@x1B~bgA0)D^G5tZi~NBE@Cs(tQ3 zU0kkf+A$#5BG8wr<)oK6U`l8GBS-`TFl}K(S{)(B%DiC>A3Yt_nsCE{vX8;*IN7bR zfd1edlPcqpe9>Zq8YWbMXIsp^V=^i`{OZ<{JsL>%9)>T>V<|GA6DbH2e8Iw$jfO=& zkrX0h?!ajze$i!zs1h9>9i+?A_}D>>$AhHeIq*vhB^g_6yK+d;0es-0cvxA4-}0M= zRkmi(8anpIg%UTEtmb%(;Da%OE0vq8-I0)Mo86QK*uApRIi|SvfZ$kKm zr6%NDe5%E+;4>kX8&vJBNP>-mepfnBpK2EN!p!U7m-sGVQ9r@dz$VTtcs?YMoyUg- zqo#4_yW20XVRHkyB}|#HbnV7ME8UbHM9O2&%Qw49*W>WZ=9pRf?kC@#+e-P8L)FHt zKHKM`MT-fb?f52*rU-NG_iswhQ))Y)W6gOOBAnCHkPqpp1*w41&=V^~e&wvB>qtdk zo!UNtwRa>n8)&i)9Ch}>6pLxFzdzMjzUHiyjlvRduCWCki*6(e?^jtzTRQz4hSz_P z<8zI=6R3`8a6$!C_1$H{CNb?qtN60eD;y=7KF=7HE!5v7WEZ-;hbwRy1B+HC=C%NS z3S3@byI|SF7XI-khz6gxWn;^StFQKPJ_jgypS74#kA40akxpnN_ft|T}OSqb-lJOo%@)J71Jfm`@D7s#+==73|(Tf)}h1HSd~(D(kcs5(X+ zIRkKet1I@mcd_myqPp%xsQ<#?E3w@-9Cl583m6p15^MLy0J;xYaI_3H4)m(k;oQLTb11LAlQKOh^& za*&o47$fGjC&KWC=*G4HRFRZl7zTJw@HXi-?~`!pHN6!5pVFEmH@c*D3+mTe{w4NO z`3x>scjeMVJXqF@Ak+CDnJJ;fR7E#(UB&yYbiogBv=qXyUn7&Ug)7rx(Kf zDjR*?o3JHzlm11t55jUV`*Mish+2Elg2rftwP17W?Gk3{y6RQqaW9XckS9Z)UOxxW z8kx7%?a1=^?031_Br^n@O5VAf;hl9+5S2oqsu2I}sAnM+vH9l<+s|%ga?o{hMqY<2 z(P~4v(`8o+hsFRq6J>|&8E+=h?LANI_IE!SeCa(Y6sOxid?9(03!tR1?>Q`adAd=V zx5e9AK;h9s5>t3-GEJhaX7{_ea)q@UOh6g=?XK>4cw3`uM!-erPU-E14vi4jFpNml zi=tYn#}!6s#{+FB(Aol%C)|^7*+fxwz#E5ueO6^WN2+pK)JZ!Mbpjfe-yDy&1 zmmrmL`8TZyl@zu%>QJrv@*a);+M@iK*G2iq7%X;2lTieii2bpmN_SU`1D%HVGFT(R0(23G^l=6c0b$B1}I4z{Z!3Si^?dFU*G#VP9 zBZ%;4u$-_Mq|2bP$i%D$nin2 zxulA&G7=P!)df#h?hWs>VTr!!*^z{wA5_4$oQ1)1d_U7Q`AqW&vnna=Tl?xQ*PA8U z&0%f8-OX_a*w?ll0?ifjhH zz$l&rYd<1^Dxo)}U9L&AvD5R-Y?_ofI~)NB+3uNW+;tK3?_vbOr*IiUN5hwh^#l_> znO@~a{LJqh!Mpq9INb*qJgkr~Sf=sR<+<^+AJI^OcS#ur!EG88I7-GDPD%?@Lc@91 zdz)+kjk-C2C^)^`#m+a63yw-kB7oCRX0TpeL~p{|=`6IlyM&-rx3pztip$P6Q+Hpa z*~qWjlyl~Tp?QhY=$dKW@HDBZ3h&3l^^RJX+hRu@dk+|9LL2tOIr0mBdDwiir)Pi! zdps^=K*ORRRpciQG()SYS9FOteCQ3BJ+H9QdNN!~VJMo0@oIOE|D+uf z1FKd*IrHsAA6wQ#4;=!$e2~`pPt~Cjt4dCz{tYK%4I3S|6Qnm)qG^i^L2JC@P?oZf zk`^a>PhOuS<)Hfj}VI=Y|ryq=}b*L9*y>-Yh?FCW~ibUe_%Betk_4N+H^FbJEzSl=R6lTRaY zlUs2VKI||i<&3L3$Oe8E;nXjZdn;W13n;8z3pFH`J;;se${-Y<bJgMt)DAA8ba4(bD~+| zV#__~MBX>K&5^vUay_uv`3xGg3=K`37+YUdPv&r(r%E7TwIRT0s9Sq^*c^J{ULp3m zicbt_6@0sQ?cm}0+**0LDzxwg)JLu&4dQa_yWUA954n)F#el6bS^GBj{=&)J{zmf_ z{@r-3f{$?=sTP%@ z+-EO{<0KWBCKP45CaY56U&?8*BF0bM zSJ{RecaV0w9>hK(((5+NIe%!jf8Kh;`BQVur7&`~1#@MlC$?Ef*UW{^x;@Ag1);Y! zaHMLJq{h`4merU5Z%H8LdE3?@KDCRI{PiX9>!6b-=8B?TzE9hVv6U8OV{^FAeVC?b z4yVD^Bk{}hoq5A-=j!Zg%8r38@{+Leq}5nIM+Vb|aTHUf7LVcT2iLI6bHe|(V~@X= zP}-kclAchGI9d7lP7}^Cn&a$d$1#m)y&QUG$+>VjS z8W#`ko0c13ob>sch`s>a6`fceCU?|X&1_h%?zUUxQ6+bLJR(QwESL)fb+xu>DAk1QxmNR- z_`_BF?kzRyPSpt}Hx={iGhR#)(uugo(~&Te4ALR*%*uq=i7$D4Cp#Itrgsqog+fBn zpH)JbDq%s~#}ciaBgEjJalW0$-B$Ccuj$;KzUW*fnz)`34`vmxqHslqsGzjm@$Z*I zE-Ndl2($V+u)ZcZR6W8V$+yN#F+<^32$g9*r5`GmxgE>vqX$h1b4)7HXQ^@WF)tzX zAa$#&eZ3C~*rac}8t><(=CYmD8xx{F!FsNsB65Rf)&FJ0!HBK)osf$m7lX3?{G zDE}bP!B^7UHD_^vP{915v|C&QsBc9J50T?BKC!;*OgrKShp>==#dup$mTHq*-f81I zJ0`&!n$BNLJ|%}5jgHTRT!qi-#%;=vSM^5_(`ZbMzUTx?6h0L`kEXP14}Hr|v}`k; zG~@I8JQ=V66^$Ym*F^KsZ*3-YgZ2a14qcjtE7T;VWY%Og1ow_&p5)wb}sD-Eu3 zcm2>PZMF}SC`aG5FzC_|M@}ew?#nQC-V2(q1e`(@l#tD%cY`9>=QBRoMdDwCg0{hT)5EOY7SOnBAuV@dy$+0UN5Ao4;YgU6g zS%?B66zllE+}<1ApIrXH-6*96^UG!DV8bw?TiLR(V0WULiKeFF&bHoqU*9}B;esbi zP7M=Gz+(M;TKL8-jR(1vs~W&8K|+s=U|WpCB>T0|8J`b{Y|^c_ru|82A7bvWEVhOb zj;?2+p%4{0aj@D9;khbdj?FJF10JteyKJRA(x|Y^k;V%wB^d0IaJ!G^Lx+YS{O0NJ z8q+z}boqa_mT}5tb2oi^T&fdP2_&grM!*3hF)xBV z-k>h1nh(wfCAn|Ia%@=HWvCRTczgL{BKFD=uJAU@IJVBR*<5l8e`w}7AmP>SJc`-G z%lA7#bL`%&oVBYw3}l!{v6gfTv9Q8a}U14L`~5+`$@XOqtknr)_@DX!K}aSHXV{@_nUmngT_{%a`2S*@@hYd#tIh+vLAe z*hI#c0WXHi?#~Z=EFO3Zqw^M8nf%nH0WwP~EIPKA!U-SmeR65l>7M?gkd&W3?&a{M>JdUo)^LP1KIF|!Zvt+a=vDIC2 ze-)-+%5Re+f@#}Vb5p37Jbd+(&D$6UfOa_|~g z_^W?QNMwg@SkCwCiV8Q|1{Vx>#?`<)njYd@4me#Oawc;Y4@_lCyKXP5^+yRhNA_h% z@MX%l)+eeT%+S;fZnNe0*N>u;I{eD&JDa`dY`r!*(Ca8l8ug^u6#5H3?<;cbrn!*l z;$w!vFAh4)SFNd;8ACWAT!Hn)Htw$CqNiXhXgOa8UJBmcTOeDx8x_E$3Up1ma~}u~ zHC2O=L5^bQv(U!}t1RvtS(vwY^YtFACmNyGN@t$6%(OG3>{Mv)D74Z)BAHa!Qze~T zUhKWT48zZc>BjmMT~lky*^XzMsEfhF`B0QF6?%HQHx?JD8~G@^xf_S}Zirq?6=xN>>N&xYNFy*(zi9Ce4fCbH&!X5Pn$IK}WSflOw0$ zm)5Ml`#k*zQ56YExh6MKU9Jf7KR1Vvn5E}e8x}B@_-HRrRPiW0eluIWs-Nu9pg;%e z$dwJ#UuM;&TCXc{SA@83w{Fzh$eRVo)+K4WE(Ve|ew49QgL7;FfNr6~s@7)mQb9xGiWm_FJbx zVlD$CUlq5H=6hefN?1nd@>yteE2!&F0i$ zJA;6~Z7EFFrt@ytPkNZO<%b!zbzEOmm}n`Cqcy%P-55TYfg}NM61IRT>F?Iu5_9`+ zQLi1Op@@FILw`egJB5t--;A4?{h80D%eo%l1{e6jSHAx3SJ7gg2iJb^v2TXNOt)O#)sOp|Q~NR96XN2ea=Aoz{s-px zJqGugF&~-kuzAxdw^_UM=+aNN`r6O=|H+!uVMv)gnQm$CM9z<~@7sE*eeq(LMdHEO9>{Rs_9CA(B7kTA?Jr|JlScL7B`durjM@(4mj>*me#B3Scj1n zyom;PO0~@TpucvaBp0q>dOdYA%{Jt2!6Om*zbaYuBjhWVTe@D2biRv9Oib*Os(4nO z=&e`rX@}i)sS#2+7*oqcQOE7F|7~7s5c2Ob9cd}e!bz`Eq2%UXFl(Bo)djO?DJt3bd@HR3lB4%ofq-wzpR!OWg_Auzmu*SK3as+@C^vzT8rxz{tq>@*ZxU?`^8f zQjxudU4{>xt+9DVMnY1O;g%Yox|!jq_4Ve?^XCo7-L1ML0iHLhO0wU62WZs~neaT9 zGlFy!DZo0*C7mC7@H+Lf3QGz@-oS8tucL>?SF);^Cw$*%2jd{be+fjkNo+biGFL$@GVZNlFUa} zPMgEUvE+E9i{DxGlmzyVc@*=KZT#>#SF=;7I{c%{eaHT*;M6s5oHkvlOBcgRc+EOa z`>MRaO|sy`wI=?keW$_e63sizMpEr8si(a;UndJL#bDrn2Yvbz&Hu(<`Z{Oc=9OF; zdHs!X|4^Vm3jNQf_^gW@=aj@IN}o1e7drAv)_EO4z6bbc@Ben_^e>Masgng~pIm!d zp7%c(Wt2o-$u6N%LO=XPf3BK&;$*=IAPTOWHr@Y!Ciu(APv>htv|0F`JN^s#r>UlU KzvAAb(EkCSFjk8I literal 0 HcmV?d00001 diff --git a/openapi-specs/compute/33-02/desc/tags/img/Tagging-only-Vulnerability.png b/openapi-specs/compute/33-02/desc/tags/img/Tagging-only-Vulnerability.png new file mode 100644 index 0000000000000000000000000000000000000000..b7425204da27e8bd0c0364c3ef608d1770ab69a5 GIT binary patch literal 284883 zcmeFYcUV)|_BZZaN5OF@7DPc{Kmn09ihzKSks?Kkf`EV!0RicqNJ%m(0#c<*S9(iA zO@I(Gf`D`>p(KPzF9AYLfV5xc{oeb&dhhSw_j&)h=Xvs+bM`6OXRWo@`s~kI`|Sf$ zeV$*0emQpR7>}WWuKBTJXCcRq{anrc4^GSPPUCZ&-6=lFk3HTW8qUVd{Pcap zAO9HE`2PHu!Ea$)KQx^BztRb2+@myD#ER-fuHV8LH~R=CfmCgx@WaP!y*?u&cil*f z5NI`+bK7I@J)+E%9?}DuY$qq_dG6=SB(PKh&9zpZ&zJLXBms#cLNTRrl@!h|tjpNH>Ts<*z!&Zqpqu>uHdrW2cI|3FA$^|b<>3~By1%LP0Lza2)~VWX?V zHWei0+2u+@8q^q8o*j;aKQ9lwz266NfUe^Bq^+a)4F{Un%*wj2(}7U)+w&hM!L z69|=`_`a9NpJMMdFJbJCK2by&UN#XqggUkurMbk8S?wV&9?37^4nyywEA6nOWx{sJ5E!=#3L(FO&!V zB3mdP*=hyOhs-4fk0M2$RLcR`ae+gks309~aargWE(GbU_BGq>vEec;QO_?F#_|Mf zyzEHQzsfZ+be_o94b=qq?4;-PTC9x?cn-tKEUtZx&8DCBmCWb8`vB;}Jzx@#xUPBK z$tU|LQa(O}eBZ0qsb5oYdWUARINXq1iiK=e+&v`3+--x9-_Rm%B5p>eHMCAdVe>Oz z=y!T9weEJI3zFzzGleC>s_7Gz7AVJEq$UmE_rc)UXUz9k66t!};_~Qi zdxREAUKR6VV6RLJ>^e4CAv-Qm;x;iu+tcs`VC_dN|Bo0sM}R*Fyh$5T6JiCTz~$i9 zqe!d9Dgn@4k9(;(^jnF(`j$DxnZXOSS))&jdODlyAe1$(mq$$yOZ)tS++D$9zv-| zUneylL~{=u%cUN^WEf)+dDfOd^CZJJw0 z9hCy0Dab^=5D<~G|JPn&oku6k3LLy#HxfIkE|2aQYFUyVr?t*Zh+G1iHTgbkG!U_1T-M4y1L&#DAvO7TOvhI$mV3>=qWh@RDo#~76B=wc zOnr0D*$E29=bFD~oJr4=3w2%XItZDHMm&*T@HL-cQl>T$XFu?CW z1<(V&*BVQmMyUn##nZc0o40y$KVlhS&N~GJbf~2j|Mvp;#s!!9RFfxbdsDH^w9jL- z@?L1Yh#EP2)0d6(D95)hi&fvICysrNntSzdNM61guR8+QbfZM>Aam7TJlz?-V8Yi- z?_`s+B3gK40Gjm!2l}pW__Z6>S$rAOP$zP6qMq*^e!c~s!>O0J`-FO@{sMZ%{Y_Tgy#IKiWpOX*4%ai+L`{J-nlJy1FMlME&+k_7wJ00#>?LBB=pf$OD^z1{&KIr2c8)h+~tWo&s>5!HFa zjJdJY+VDb4sU)-vf`ycO9#)irTT5?8_6kC1OIc?5=#m!P(&8JA1LQr9XkAzk4X31M z<)4*s4-Gc?5sN`CQ@@U(1v%6c<13Ac(5qcnGB6=D{tb!GITJS()&K zYuv+c3vqNS5hmDr6yTMd1zP#DwVD(9T0gqrT&MM9e-X