From 60dd425f77570d1fbb965f9aa9e10a17e26f1844 Mon Sep 17 00:00:00 2001 From: Ollie Spires Date: Mon, 15 Dec 2025 10:35:43 +0000 Subject: [PATCH 01/18] test readme change --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index ce71a352b65..2c69432ad5d 100644 --- a/README.md +++ b/README.md @@ -27,7 +27,7 @@ Note: If you are a first time contributor to this repository, [General GitHub Fo ## General Steps Brand new or update to a contribution via these methods: -* Submit for review directly on GitHub website +* Submit for review directly on GitHub website test * Browse to the folder you want to upload your file to * Choose Upload Files and browse to your file. * You will be required to create your own branch and then submit the Pull Request for review. From f47522c534d4b6496d137966523c0b96975a6dd0 Mon Sep 17 00:00:00 2001 From: Ollie Spires Date: Mon, 15 Dec 2025 10:36:39 +0000 Subject: [PATCH 02/18] indid the test commit --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 2c69432ad5d..0c34558d6f8 100644 --- a/README.md +++ b/README.md @@ -27,7 +27,7 @@ Note: If you are a first time contributor to this repository, [General GitHub Fo ## General Steps Brand new or update to a contribution via these methods: -* Submit for review directly on GitHub website test +* Submit for review directly on GitHub website * Browse to the folder you want to upload your file to * Choose Upload Files and browse to your file. * You will be required to create your own branch and then submit the Pull Request for review. From c3c2439762cc8d0a416ba2ce127402f1e37713c4 Mon Sep 17 00:00:00 2001 From: Ollie Spires Date: Mon, 15 Dec 2025 10:39:24 +0000 Subject: [PATCH 03/18] Replaced the egress logo with the knowbe4 one --- Logos/Egress-logo.svg | 1 - Logos/Knowbe4-logo.svg | 17 +++++++++++++++++ 2 files changed, 17 insertions(+), 1 deletion(-) delete mode 100644 Logos/Egress-logo.svg create mode 100644 Logos/Knowbe4-logo.svg diff --git a/Logos/Egress-logo.svg b/Logos/Egress-logo.svg deleted file mode 100644 index a4c8bbe46d6..00000000000 --- a/Logos/Egress-logo.svg +++ /dev/null @@ -1 +0,0 @@ - \ No newline at end of file diff --git a/Logos/Knowbe4-logo.svg b/Logos/Knowbe4-logo.svg new file mode 100644 index 00000000000..339633480d1 --- /dev/null +++ b/Logos/Knowbe4-logo.svg @@ -0,0 +1,17 @@ + + + + + + + + + + + + + + + + + From 2589abc5601fbb3517d574c4a83403f616ce66cd Mon Sep 17 00:00:00 2001 From: Ollie Spires Date: Mon, 15 Dec 2025 11:44:19 +0000 Subject: [PATCH 04/18] Changes so far --- .../DangerousAttachmentReceived.yaml | 2 +- .../Analytic Rules/DangerousLinksClicked.yaml | 2 +- .../Data Connectors/DefendAPIConnector.json | 14 +++++++------- .../Egress Defend/Data/Solution_EgressDefend.json | 12 ++++++------ Solutions/Egress Defend/SolutionMetadata.json | 6 +++--- 5 files changed, 18 insertions(+), 18 deletions(-) diff --git a/Solutions/Egress Defend/Analytic Rules/DangerousAttachmentReceived.yaml b/Solutions/Egress Defend/Analytic Rules/DangerousAttachmentReceived.yaml index 6b2937ec3d5..ee6e8076572 100644 --- a/Solutions/Egress Defend/Analytic Rules/DangerousAttachmentReceived.yaml +++ b/Solutions/Egress Defend/Analytic Rules/DangerousAttachmentReceived.yaml @@ -1,5 +1,5 @@ id: a0e55dd4-8454-4396-91e6-f28fec3d2cab -name: Egress Defend - Dangerous Attachment Detected +name: KnowBe4 Defend - Dangerous Attachment Detected description: | 'Defend has detected a user has a suspicious file type from a suspicious sender in their mailbox.' severity: Medium diff --git a/Solutions/Egress Defend/Analytic Rules/DangerousLinksClicked.yaml b/Solutions/Egress Defend/Analytic Rules/DangerousLinksClicked.yaml index 41c74c61e2b..a7324c446d7 100644 --- a/Solutions/Egress Defend/Analytic Rules/DangerousLinksClicked.yaml +++ b/Solutions/Egress Defend/Analytic Rules/DangerousLinksClicked.yaml @@ -1,5 +1,5 @@ id: a896123e-03a5-4a4d-a7e3-fd814846dfb2 -name: Egress Defend - Dangerous Link Click +name: KnowBe4 Defend - Dangerous Link Click description: | 'Defend has detected a user has clicked a dangerous link in their mailbox.' severity: Medium diff --git a/Solutions/Egress Defend/Data Connectors/DefendAPIConnector.json b/Solutions/Egress Defend/Data Connectors/DefendAPIConnector.json index 2f0dfea8b97..3f311c26a43 100644 --- a/Solutions/Egress Defend/Data Connectors/DefendAPIConnector.json +++ b/Solutions/Egress Defend/Data Connectors/DefendAPIConnector.json @@ -20,14 +20,14 @@ "properties": { "connectorUiConfig": { "id": "EgressDefendPolling", - "title": "Egress Defend", + "title": "KnowBe4 Defend", "publisher": "Egress Software Technologies", - "descriptionMarkdown": "The Egress Defend audit connector provides the capability to ingest Egress Defend Data into Microsoft Sentinel.", + "descriptionMarkdown": "The KnowBe4 Defend audit connector provides the capability to ingest KnowBe4 Defend Data into Microsoft Sentinel.", "graphQueriesTableName": "EgressDefend_CL", "graphQueries": [ { "metricName": "Total data received", - "legend": "Egress Defend Events", + "legend": "KnowBe4 Defend Events", "baseQuery": "{{graphQueriesTableName}}" } ], @@ -72,15 +72,15 @@ ], "customs": [ { - "name": "Egress API Token", - "description": "An Egress API token is required to ingest audit records to Microsoft Sentinel." + "name": "KnowBe4 API Token", + "description": "A KnowBe4 API token is required to ingest audit records to Microsoft Sentinel." } ] }, "instructionSteps": [ { - "title": "Connect Egress Defend with Microsoft Sentinel", - "description": "Enter your Egress Defend API URl, Egress Domain and API token.", + "title": "Connect KnowBe4 Defend with Microsoft Sentinel", + "description": "Enter your KnowBe4 Defend API URl, KnowBe4 Domain and API token.", "instructions": [ { "parameters": { diff --git a/Solutions/Egress Defend/Data/Solution_EgressDefend.json b/Solutions/Egress Defend/Data/Solution_EgressDefend.json index 3da9491b0da..307e4ee9786 100644 --- a/Solutions/Egress Defend/Data/Solution_EgressDefend.json +++ b/Solutions/Egress Defend/Data/Solution_EgressDefend.json @@ -1,9 +1,9 @@ { - "Name": "Egress Defend", - "Author": "Egress - support@egress.com", - "Logo": "", - "Description": "Egress Defend for Microsoft Sentinel provides details of processed emails, including the type of phishing attack, payload type and information to show if the user interacted with the email in a positive (clicking on banners or submitting the phish sample) or negative (clicking on an unsafe URL) manner.", - "WorkbookDescription": "Egress Defend Workbooks provides insight into Egress Defend audit logs", + "Name": "KnowBe4 Defend", + "Author": "KnowBe4 - support@knowbe4.com", + "Logo": "", + "Description": "KnowBe4 Defend for Microsoft Sentinel provides details of processed emails, including the type of phishing attack, payload type and information to show if the user interacted with the email in a positive (clicking on banners or submitting the phish sample) or negative (clicking on an unsafe URL) manner.", + "WorkbookDescription": "KnowBe4 Defend Workbooks provides insight into KnowBe4 Defend audit logs", "Workbooks": [ "Workbooks/DefendMetrics.json" ], @@ -17,7 +17,7 @@ ], "Data Connectors": ["Data Connectors/DefendAPIConnector.json"], "BasePath": "C:\\GitHub\\Azure-Sentinel\\Solutions\\Egress Defend", - "Version": "3.0.0", + "Version": "4.0.0", "Metadata": "SolutionMetadata.json", "TemplateSpec": true } diff --git a/Solutions/Egress Defend/SolutionMetadata.json b/Solutions/Egress Defend/SolutionMetadata.json index 4fe79ab0262..6959b36685a 100644 --- a/Solutions/Egress Defend/SolutionMetadata.json +++ b/Solutions/Egress Defend/SolutionMetadata.json @@ -3,7 +3,7 @@ "offerId": "azure-sentinel-solution-egress-defend", "firstPublishDate": "2023-07-27", "providers": [ - "Egress" + "KnowBe4" ], "categories": { "domains": [ @@ -12,8 +12,8 @@ }, "support": { "name": "egress1589289169584", - "email": "support@egress.com", + "email": "support@knowbe4.com", "tier": "Partner", - "link": "https://support.egress.com/s/" + "link": "https://support.knowbe4.com" } } \ No newline at end of file From 33070f148d45b6edebb1ae7a3530b2d36fa66741 Mon Sep 17 00:00:00 2001 From: Ollie Spires Date: Mon, 15 Dec 2025 14:22:54 +0000 Subject: [PATCH 05/18] Changed the folder name, icon and many other things --- Logos/Knowbe4-logo.svg | 21 +- .../DangerousAttachmentReceived.yaml | 2 +- .../Analytic Rules/DangerousLinksClicked.yaml | 2 +- .../Data Connectors/DefendAPIConnector.json | 0 .../Data/Solution_EgressDefend.json | 2 +- .../DangerousLinksClicked.yaml | 2 +- .../Package/3.0.0.zip | Bin Solutions/KnowBe4 Defend/Package/4.0.0.zip | Bin 0 -> 18626 bytes .../Package/createUiDefinition.json | 12 +- .../Package/mainTemplate.json | 476 +++++++++--------- .../Parsers/DefendAuditData.txt | 0 .../Parsers/DefendAuditData.yaml | 0 .../ReleaseNotes.md | 0 .../SolutionMetadata.json | 0 .../Workbooks/DefendMetrics.json | 0 .../EgressDefendMetricWorkbookBlack01.png | Bin .../EgressDefendMetricWorkbookWhite01.png | Bin .../WorkbookMetadata/WorkbooksMetadata.json | 4 +- Workbooks/WorkbooksMetadata.json | 6 +- 19 files changed, 267 insertions(+), 260 deletions(-) rename Solutions/{Egress Defend => KnowBe4 Defend}/Analytic Rules/DangerousAttachmentReceived.yaml (99%) rename Solutions/{Egress Defend => KnowBe4 Defend}/Analytic Rules/DangerousLinksClicked.yaml (98%) rename Solutions/{Egress Defend => KnowBe4 Defend}/Data Connectors/DefendAPIConnector.json (100%) rename Solutions/{Egress Defend => KnowBe4 Defend}/Data/Solution_EgressDefend.json (93%) rename Solutions/{Egress Defend => KnowBe4 Defend}/Hunting Queries/DangerousLinksClicked.yaml (96%) rename Solutions/{Egress Defend => KnowBe4 Defend}/Package/3.0.0.zip (100%) create mode 100644 Solutions/KnowBe4 Defend/Package/4.0.0.zip rename Solutions/{Egress Defend => KnowBe4 Defend}/Package/createUiDefinition.json (84%) rename Solutions/{Egress Defend => KnowBe4 Defend}/Package/mainTemplate.json (69%) rename Solutions/{Egress Defend => KnowBe4 Defend}/Parsers/DefendAuditData.txt (100%) rename Solutions/{Egress Defend => KnowBe4 Defend}/Parsers/DefendAuditData.yaml (100%) rename Solutions/{Egress Defend => KnowBe4 Defend}/ReleaseNotes.md (100%) rename Solutions/{Egress Defend => KnowBe4 Defend}/SolutionMetadata.json (100%) rename Solutions/{Egress Defend => KnowBe4 Defend}/Workbooks/DefendMetrics.json (100%) rename Solutions/{Egress Defend => KnowBe4 Defend}/Workbooks/Images/Preview/EgressDefendMetricWorkbookBlack01.png (100%) rename Solutions/{Egress Defend => KnowBe4 Defend}/Workbooks/Images/Preview/EgressDefendMetricWorkbookWhite01.png (100%) diff --git a/Logos/Knowbe4-logo.svg b/Logos/Knowbe4-logo.svg index 339633480d1..a7d8515c538 100644 --- a/Logos/Knowbe4-logo.svg +++ b/Logos/Knowbe4-logo.svg @@ -1,17 +1,6 @@ - - - - - - - - - - - - - - - - + + + + + diff --git a/Solutions/Egress Defend/Analytic Rules/DangerousAttachmentReceived.yaml b/Solutions/KnowBe4 Defend/Analytic Rules/DangerousAttachmentReceived.yaml similarity index 99% rename from Solutions/Egress Defend/Analytic Rules/DangerousAttachmentReceived.yaml rename to Solutions/KnowBe4 Defend/Analytic Rules/DangerousAttachmentReceived.yaml index ee6e8076572..0e7ccd1883f 100644 --- a/Solutions/Egress Defend/Analytic Rules/DangerousAttachmentReceived.yaml +++ b/Solutions/KnowBe4 Defend/Analytic Rules/DangerousAttachmentReceived.yaml @@ -6,7 +6,7 @@ severity: Medium status: Available requiredDataConnectors: - connectorId: EgressDefend - dataTypes: + datatypes: - EgressDefend_CL queryFrequency: 30m queryPeriod: 30m diff --git a/Solutions/Egress Defend/Analytic Rules/DangerousLinksClicked.yaml b/Solutions/KnowBe4 Defend/Analytic Rules/DangerousLinksClicked.yaml similarity index 98% rename from Solutions/Egress Defend/Analytic Rules/DangerousLinksClicked.yaml rename to Solutions/KnowBe4 Defend/Analytic Rules/DangerousLinksClicked.yaml index a7324c446d7..f3f49063827 100644 --- a/Solutions/Egress Defend/Analytic Rules/DangerousLinksClicked.yaml +++ b/Solutions/KnowBe4 Defend/Analytic Rules/DangerousLinksClicked.yaml @@ -6,7 +6,7 @@ severity: Medium status: Available requiredDataConnectors: - connectorId: EgressDefend - dataTypes: + datatypes: - EgressDefend_CL queryFrequency: 30m queryPeriod: 30m diff --git a/Solutions/Egress Defend/Data Connectors/DefendAPIConnector.json b/Solutions/KnowBe4 Defend/Data Connectors/DefendAPIConnector.json similarity index 100% rename from Solutions/Egress Defend/Data Connectors/DefendAPIConnector.json rename to Solutions/KnowBe4 Defend/Data Connectors/DefendAPIConnector.json diff --git a/Solutions/Egress Defend/Data/Solution_EgressDefend.json b/Solutions/KnowBe4 Defend/Data/Solution_EgressDefend.json similarity index 93% rename from Solutions/Egress Defend/Data/Solution_EgressDefend.json rename to Solutions/KnowBe4 Defend/Data/Solution_EgressDefend.json index 307e4ee9786..55d71ba96b2 100644 --- a/Solutions/Egress Defend/Data/Solution_EgressDefend.json +++ b/Solutions/KnowBe4 Defend/Data/Solution_EgressDefend.json @@ -16,7 +16,7 @@ "Hunting Queries/DangerousLinksClicked.yaml" ], "Data Connectors": ["Data Connectors/DefendAPIConnector.json"], - "BasePath": "C:\\GitHub\\Azure-Sentinel\\Solutions\\Egress Defend", + "BasePath": "/Users/olliespires/Repos/Azure-Sentinel/Solutions/KnowBe4 Defend", "Version": "4.0.0", "Metadata": "SolutionMetadata.json", "TemplateSpec": true diff --git a/Solutions/Egress Defend/Hunting Queries/DangerousLinksClicked.yaml b/Solutions/KnowBe4 Defend/Hunting Queries/DangerousLinksClicked.yaml similarity index 96% rename from Solutions/Egress Defend/Hunting Queries/DangerousLinksClicked.yaml rename to Solutions/KnowBe4 Defend/Hunting Queries/DangerousLinksClicked.yaml index 6fc7513b329..00cb9f7052a 100644 --- a/Solutions/Egress Defend/Hunting Queries/DangerousLinksClicked.yaml +++ b/Solutions/KnowBe4 Defend/Hunting Queries/DangerousLinksClicked.yaml @@ -4,7 +4,7 @@ description: | 'This will check for emails that Defend has identified as dangerous and a user has clicked a link.' requiredDataConnectors: - connectorId: EgressDefend - dataTypes: + datatypes: - EgressDefend_CL tactics: diff --git a/Solutions/Egress Defend/Package/3.0.0.zip b/Solutions/KnowBe4 Defend/Package/3.0.0.zip similarity index 100% rename from Solutions/Egress Defend/Package/3.0.0.zip rename to Solutions/KnowBe4 Defend/Package/3.0.0.zip diff --git a/Solutions/KnowBe4 Defend/Package/4.0.0.zip b/Solutions/KnowBe4 Defend/Package/4.0.0.zip new file mode 100644 index 0000000000000000000000000000000000000000..d2106c8703402c1e7022493d8987a2c74baf1d9d GIT binary patch literal 18626 zcmV)JK)b(CO9KQH000080Fr5sTV*D>Cp{(r0COe)00{s905dKyE-)^7X>fI#Q*b2! zx2%(iCU$nri8HZn+qRt@+n8{oiEU1t?CjX~#I|kT`fuI3=RBO#PwSyqKX=vF%5qT9 zSP&2p-yxzbB(=;C=BAY4As_;%ARqt`5D;cS3lldB4I6O_OB+WUHybBMMq5`W#|_;N z$MrV!uWsQjll+$J+WM+yWUQaDhbXl~>qOg46?@?PYkWwp-CAw6LQ&OC?uuYRIg%Qs zIXu-o`WLgkXT~;CW(FYp)?HS?u~PR3vhcMpCMCZ`FB$Z&W)M&Ih^;<4}J+BnlL;ODcCM>S95`!I>(v#NO?LTdP51e-x6n`fq?hAkLOYI+kL z1`w6bU-9Bp6*&T8p3R>qls6npuz2V$Qre&#wn#e5Ge`2DKt0*d7-=nIw|i4VU#Uj-HVjT$obVldO5Izumm!_q zK*g=?!jZP@f=1=hl?q*2Heb-(dV0k`7&1wcqrNGrrP|{E7FGF(Tzum zn=Yq;V1b0OmbH0G7+0;y-B>F<&eBpgBXw#>#dnuwUtcd`Mam=DE-Y9!4}RZ&y2L*+ zeBbdeuh-ygC;q8^_?YcTb30BtJ(?>P9dbEkjl?rm0wg{364eM#l7zlQ-{$`MY=JHO zPgXk}xA3ugf(q?(_&V`x0jw-m06=~5hb^+{NxJgXj-XGL1dc=v3%_Ik=m3%NZ~9OU zuSpXu8FYh08uKP&orr(mtbfzuRMfSoPS8R}lpL3^Tv+)Hz9MPEN?0x@^(R=BnIYlb zAoi9W!#5(uV>3!<+K8>R3k7d%EXfxQP2TC1{Kb(q;GmbnOXkuPch;1?{DW%!@<#58 z@L9C2`~2XK;qEe)F-2N3QXfutF6`x#v3Ff1o5%7_@Tz~h-uZRF`(%n87b=6uGgIMk zY#of?NDifO9M%2ky(fHDr~v68{mysT5Yy$YVRl{pXZ?@QQjGlPZ@dr;Hoc-@g(+qZ zD{o5wA+(4Z*JpusUIzV{OESqI%)}yna^j491+NwU^%esvjRDw=@SZ8tiSkM0Q!?^+ zQ2*goIDJj@DD)zs=6Xn7-2$C^MVxeu_ZjAd@I`dIM=McLh@HuR=xwFZdVvr2%vBTJ zZSH3*^UDF82~D`m(rMvj`D^ogiRrpqF)znz4Q+pblt)oqnUs^A+Nv&kh#S~0XK^P{ zF##A%Y1^E%(VCKU6jJ?t3Z64fRMjYaP+^ZH^wJ!Mdqtc^Y)XLMA7TpL7;O(enYW`} zXsGbC6hOap@F0C_Z;`Ar{Hw@C8YiCGcW*rZ?DXmTwFiw1hJ?Ss^W}jz7n=)j-LK@R zTNVMyi(PRM^4#;L%AI8*5u4;gN-URqR-U4-`;d)pJMlW~E7o|FTMyx$Z?#6>xdkms@ecI0`&GF%aWEr>}An!ea- zUWxej_5P6rYULW_!!2BR$-di#o6(BExG{#+7xpK?Jh;d^V>kl-Bv30=9UCguU5^cG zhc7s^nu+T+1*m6D{KQgtQ4gE6DsE9|pm`ijq5Vnfg;pu)o<%%W8fUmkrYnte=W3F} z`J`%kT;cS{s!~f zDqHkTCD96rtv>-wP)Y8`6&b2QX8K2h{UU^fE^{^y1OsJ4T}WChqi4_JO?W2){lVFqi)3- zkhYmDA=!7iO&G+OCK*|Xd%c|59%y$dS#h%?&On;{sxQ?c#I&{jmvW16q`{xCQ@X<- z;R0)dw`c36Zf)Y^Ts)uC08?>3vbH<&_3lze7f_x<6Xqn?@1l?$r-OuMk&#%bd+h9ASqoT3Esm`Ew8-f zW`_1+ZQgiNRA0;;;&b@BW*5P+-ZH+B`7zNGc5Ux7qE5@kYF2p{HlB?SUF{4cqvHzn zQ3jHrW!GzN83Sd7v^P}BP#@6r7jY2OF4Uv>%{;9Muf}dNh`J3%12YO+U`!a3=P?4x z7S0TQIccrxfn2|Ca{a`dOB*&3o5kAu<=j6{X16qe_f8`_0;zCv(}|9GFqh4~ti6pt z$FIv}+ybAA-mjK)co0%TgYBj^68{3G4aI#C(=LWDX2G8kEU}wXp=)_Do1uNVQJekv zjxn3fmPSxMp50wqmBEbG#7DHbT_QILVx{ zDumMg-yZqpi#*8#Zgg#8r;(ZUc5(qM=1jEOhhBJ{g7%BF}tUlSlY{Oy41$Sv!Th_4kY8@0zjSq(b& znUXP4e=pu$r&M&k?5Nz|=w;f!o#g@iM*Qd~U5nz*PdbjYwI9Mg_ekhY#KbFmEXI=i8>VP4z|79UxJr_*`dSj-4w+Duss# za6sk2UxHDBCH>3F%7y}01#CBlDq=~Zq(jj}YuI9qr=qE{XQ;0)66OD2!lZ-5v}R`= zbtwrUAhc&8AkZNoARJ6=9Mvrxob65AEdFo(x)8AQTx&_%ddmJlKS@p^)?y6tAT%kEr{qf@_lUyh1w&>T_+tjv5$d8^#1}?|ig~iknNM_s#q(h18 z`R*?QvYhUr$JnWwDYdx_N*P?Ci>H^=&Gp+F+8i~Z6P<1*^3}#rP#fSWk}s5cBd7Cn zD*tL`2GJ4iGImOATGsk1&t?0oq;V3q4oWE4S7@Hb1BzrA@808@#3fJ>bG#m7U>nmg zNN$ll0|q^$D^rp^UM6iIh8d}FUvG?&l&*t^z&Jj1_CLF=Z8e&ZFUYd{@%u|S#!>>NEzdH& zjAhEZ54JeK#d@WQe)c_8e^TF9ay^}!9mr%dB7-%7_nbwM#Ca^;;q;QG2a-Kt%$jYL z9$DOfg+Tfa<>=T^rZ$8JxkD&tI?4ca2$~I=rvbtMQKpp05z_>0_gdpFV(mD&_CMlk zY7!n?rxie^mX?lo><32sUITFA8Q(kLOZP`wJF*6v&9vq4Rc;rXi%3zZ;CWzPT>MXW zZim=)!cx`n;Ccu1V+@#D!+2bN3ZI#ULoBQ@aN!grPQpgb}G ziK3AuV$=nQ`LYOTjUInE-BWsX)GJ^$jrX(hFrbh>mCXNMZ9{<4U@D)>MmQZ>e3TUG z-%DAI8BuUl_2Xfz$%0iNPdww zSW9R$SZ9mGgE^Evcb(~VGyCV`2wi9!K{kSvnoBo80Wc~-17Bz(N-jS>lBbQQ)za$K zrH-%Sl8?M681u-u&a>`mBqKJG<6O{w;8KhYjCz%`5gE7Q|17-XzZ|g0Df_Z4Y(>5x{&aZZgwS5X;k8GIpDdP8O4p?+pI8k;HYU$zNE761w@EL5$ zDT;y5x#Jfs!3h_LFnT9{6{t4%icg=N+ijin^{xj+u(VSnl}dyBvRENCQe@4I28l5l zncVy&Eo|t`43ir9MGzNqf6nk^e42?A5wJ~aly_`2e&PD{Kv{LaE#nKGUS3>WxaINZ za&K%DbUIxrX6JP7kW!R@NZdK@l?h<0*T$_>Xf%8>hd7ZwB?jys^-{g?tbWf^;+ON) zKc2Ui=)5(D$Y%5^%+uC`;*${@4cka*Fg<;xmlAIlxyR3*;5Xx7JUbGbYodAnskk}M;7D? z*a}@yZM+_-ZJF?O7MbBXN=LqW;re`!bHESP!4ih$pr0WUkW1OC^s6_&|TcSm0` zgY^nvvB}(|Jhm>Cl2*`?E%YDc0EQNFa18B{=$WlJ*B=wkqyP{wS?7-zcwbHiC}O{O zwhr_MNxwjjejHKE2Sd+d#m}>-QGJjgUNn~U@vI*@l?vEg+We3U5IhL9rK};uoTeDc z)EJHQpx0Vuq$jn31Jq788S^)ipISr6h6o;C686m52tV-T-FpO!B+P}O?%>1S(^zuh z^=`{y?7Q}MD%MZ0u_92NNJA2G!E%BVUve-e8~if<7|uYo$<-c!y48*-^X!i1%PF9( z7rc4KI#^pcZS-a2Y&Sq{|3NF?mJZfu#qXBn3*AG`I9ews|F%S$lVgz4~j)^zOP1qhv zi*8vRE*~+^;YX{0g+wBWAgZ`1WPIS|T2C!}mJE_XzqrS?-7Xbz*$jBl52>yf+KU=; zJcu{D9QsY_klYu}95#ulQ4qsZF{9W3agGPE_H}Ew0ht&T)#KWg9^P|^Hr`AYhKwfXnf!V_nn@0G^!ax7mvtK72Y|i=eErie)v>f?lWzST>CD z>`LD|0$F#KVwmhye>B+**85s|Bk&`7;LPdyMEWw=%X>MR$?)rXG=0Cq|C$h*P69o> zcyg`3o*iz1FaJd2H5w4s@g?C!cnHf8W8if249jIz{J?fuU1gPZU(~uvZHi?tv?~$F zJZNp8C+jGXBam}!2{GU8E0rds9YdA$<7n`vFu&_BS0i05FTzBf*@H?UYzyXKm_y+8 zz?Ie|GM<`a6AvRBT9uZwN5I)Mok04#Kzc$FP8KEbmn{h_r{#hDG;GLx8Tt$Mt)OmE zb-ZNQvs_PG*$B*JXsOvp>LhNdSC+ZPsLdCC-)i#&vwp%J<(NK6UarQ8bPI^~5XBs? zsZU737eJOTBjc6kC82dlS`Bdz4wW>CWbce8E`b|whaXDFa#cIHML25Dd&gMIy@ke<4!ac`w#VuEjI8p?WA8vA>Z*;{GTv>@Nc!L){BnH{>*cfg z=JKwjOhzIYAU1$OI6VuWTx7QmtwqwHJjNA9TPfzRvcOd#^pM+U^punvB+Ea+V=5or z1-Zd_DDaDMV8bbDpPpxcmf<=zT#t}Ok>qiWcH*$5Y)+S&vWIiRjv0ha6-e&dJm%1h zjrS^8tVXufrfAdzJQR1WrMd4Y&nGowY!}4xo?rCFHda`rKWYkOpry#k6HRH?5%}~T zK*F_&S)H1%Y>7yZY5-vum@@X!H$iChjYTLKqdqkH=|dtsZpOsp8*OhqHC(>Abf3r* zNl@aJjX(Jt&iUP6mOwJ0bwd;ND$+8N3axJ5Bm-D9*mAqQib&!)k{Lc!t+^+wZ(OUu z?0x+)lfN-VI67Pj zUE(}bBeoSyAL3JA;nHw|f~PiN+P)241nfkp|I{SuW8yoi2W^lPor57MN71s1Qjs7R zwUDE2DDO_nP@Oc%jfjWeA8uQxOhBjpEj&k(tnYBAmw|g(kbT*Pu$a&F=-&6VD1OLl zb|SIQ0oZQbb;bFD@+TmRaHTryF6ZtFCpQvN1_hoy*Xi3O$>-JDrnTF{jgVB1!%Ujv zal=VJ1amGDGgJq@)8-IddQfP*5|Yc0mVhk@tk0`8dorad56{g^6Qv#$)NI=x+(is` zxOtid7l7{HFdn9nLQ*y+38cg)J}(2fugYAuV0$&=A`)!4JzsNn{G3S!0Tyvg^ARr` zujP+;oWucHob!sYA~`f^afvmOq7FS9%_rj?`F;>&Va-N_6%*Um#Hv7MO|C0 z4Ku99eZ+kbzLVtHlixzpLW9c_XThwuJMx>n#K`utC+5-x%}3F|>>bzNb!a`^I7LrW=PQFdn*-Jp!jc)iAg<|GMfjrDQZlSi z2)|VyJ4Tz0@6w>qr*@x(-Z*G0-u_9NHTGUm*=Hksb`wZ}l!CDQjY}%NpWOXPOq6A@ zzqqjJr|!&UKm|;>HM~Yw`M*e>%E7FpX5EsLuX5dEYdAGi#R*T>)SL%tYMLG>X!ZLn$u{V*=Svi7VV8#B&e<9Rw0Z>?c|E`14i9@m8{HHCEEQwECl4TCyK! z$10|H);Hv_r&0|-qZ{_?PfK2^IfMEQ<@Bhc1f!UYhP4`=ZLJtBogvj!H_G;3sAq|C zIP4y$)g8KTr^v&FXAoRAg#5lUke5OV5;Mi#sC5lU!^AHaJ9CCqfV)VW&+5M>%g9-gJEIJi0$ycEW6 zidh?y2!Qm&yTUxiqx>rT9){h&}v4kAW+T^qROM;d{~(&e|UCJ!wU3&665lMx;2UY>3b zOZzX#b@QFZB^N^PT5PTh{|+Qmws!D8)_hhM!Jd?a&bd z#m`UtihnKZ&&4bcv!y)JvtbaRUvqYeKYR1W3{>a?M>f1YMgMMa{~GkAoH7e|BGecw zXFIhoxky=+o&}Yt%UOPOhwHGJ2^W$E(lg5j83|LKM6Sa-!y zPJaJ)=YkMuy3qm8FwA^4(|)sk$s>u(o~*Uuz>-vENu3kh(U$;FejiQVQx)8<(+*K@IQ>;w!mB$oL5F+nNUizyT)UvlG5y50EcX)qr;zz%+kG}; zx5T|p7#i`p)IJ`=+{!@;PHTzUO-7B}ieXK=PfMe8TM!o}fYfa8x)_bumgUc0W?lv)FyT}8YK?*PSUTeqgj@!+G)xao))Sz9WA^7st)aQSIJ~o z1F*&5&x?G{h$Tj=tNG^%_Gt>S=&%^^RRDsIR1S@+f%nxNT{yvwy;GOT?y!5c#Nn@t{EbE` zUMjo(ntX>(lO9KCDKqw2YUTbG=Cvd?9aZerv*H(Asw%BLp+d2`PF#Alpch%o2gu7phj)u z4tBB8kf&iHWkrLyV}Px*h8@kRA#R(V!^ftG+`cn7tzqnbCoOreZ!H5mU-yjr;5~2P zt>D4g2fH?~%&maPw?JOz5~*j$^c-{(OTbjvYm@K26kE_qe(F?n+y`Ha8$4~P{ zpc7*lJw7{=T=qL|hhd*#C?2SV@Qy*6A;GR&nvnJ{Nm}zDrU?)DV6+FLU-AnNKfWgY zQ!K(l(0?vz`*HDFzx=Uc1~`Zpz{?_+z7@FccVmrul??aQraRfn@t1fa~vIt7e6lAjj3G%!mECOWu* z*;MTMwsQ3C&c;*Yy$oWy@AsQ)icE0FOLn3~wyJ z6yi#2G(0XhmF4Cht)>fbH<+Oth2M=Q{=+#@eQ!dD<9J&NHlg@+&%DM9K6{RRxBNy+ z<5M`}2BK?;ehVIoIi27E-SW;S4WDghR4LJl9j7rN7xmvX#t*dY0rA$BueTqe{b)9# z5w;MaqrF1^e#l?^*hb7=#lT-G*8R21jPL~_-DMC}(=@569=VlpxE9>k)QdBV9gRS+ zgLBF|II&pOe0BgWe9a3WY&c@SyG-a2zEMNcKpAqcqQecItm3jaZU3v3p~-$@kFm87 zUHS5!u>w7`eLc-&e*3oxiz0wTm7GrX)$9GJY+^W{Qg_tKo^j*))Kw-aA|l3V`p_%| z|J=MMk<>naLS&}5P2nKtvauZR?e{&ADAg4z?{clxV3^1E^x${3%k^x6{&k4+@RhR5#j6GpfX1JOfIVQ2URV6-$Gc0sPK zT`+U*R%L_oA`aok(kb5t5Wc5ne8tzh@n&eO66SP2`WW*}E0kHEIIzZ5(i{4eAHWZt z%dDD9h*-?}Pc{JwHnzPyJF>&#%s&w{_=E!6;nA*>m=9^Ecg?_*IXOg$1q0g@x!Q zB?`$&c=tQqWN`UmhdiA>V@+(Ot?WeRSZx)VjUL}zxuyAvZX%oxMT5D6w1R^4imOo} zY_a>rFpz`9I}4OASY^jIHgB&#KHC&ggupkfU!^i+|7$fCPB~eH!yl}25zZ5(u4kvB zVWy&?cT@jDSZPN+!GW3Dj1g`-I<^`m$$`GQJR5CGN^E@5ugZanY)7=Zz|CInQ2y7Z zyvCxu%A`Do2Mg0yg9CwA(pD|`8g7Xk%SxBb{Gl1PIcu=e4iSF=>v*MB23e$kHMqnM z7O8*N>KA@6_{U&cH9RwQgPwei$z|ZfeAVQ`-+cZu&NL(ZqHM5{!c>>eauXf3)5sv# zNH5o9C)YFxz@E%99B>7Cc+Gxg1>Lvs+=KV0s$35hfCrPneGSmfA=LXp z1$LtBe!ubG4{JNUN`>Q9=+Zk-JVVU28P^VH&BSN= zHE6Rj;Ms4#AM2I?Ketk4bGqSsV!u(ZL&#($bz(#G*K;w3F8|ETBUvb6V8}K?Jj8gxQ=pgDV?pd;dqwJ;bP_s@vLDA z{3FE6DY4(>pCWV(xW*5dqPc`WxjN$QTPU>#^3FLkOG_lXN1sfm znvOX+q%)Rw)l}@CLYq8Z9u#>pA?~gI+$~H36t~l7+NVzVP~zjMl^4Q^WvX*7VFRv} z{9TOu({3}U3;YkXz~0uIK@UNPg@J>{F(9NX)-=riEcib{UFuC-+a&l($VYjH=~{Vy zZcCvW;!JY6?0rI$N2+SWUPr3%vkGg#s6MxaywV^fzN6PLFe1~74Q`*S&pMIdlvDZ~ z4E?D{#Y3Z=ZLCZ#RQWuZ|G40WhfgXaEjQ~AFX{_N)=Z@>?CCV4N$8!8M^6VL06vRI zKO*oyOcC-M7R3KP?fQ=(AxQt<^}h_g{(H#(geLzhBpm*K0F}yeFtGoze1rG~5e5MP zu|oNukN*QuO9KQH0000808Da^TT^=K+~NoT0JtOo02crN0Aq4xVRU6xX+&jaX>MtB zX>V>WYIARH-C1pK+_(|`?q4xb3wYPq)!Igj7DjUipB>yC&S}%cm!Pl>gDZ_B))c95 zC~r2Y|9dgi%Sy5w$BFZT`x0l#(Qr5~&pgt+-vS8!Oi_lp2o4~~oGa*Hv8YzUTxgME zj@pIdU1>3lOkVHNVmI6i_veMhYl*AHkwxL~_g{}Oky<)wboi`PPQJ>+|B}&v3TAv% zCUmUO@=?!ZWDS|bg@;~sM?ocfjh3X*EZaM(+AV|?IXbiy9Kic60DvGeI+1Dn8z7MM zTD}uD4h|p@ig4C!ECtDE^Qd2oks>P#S0DNhnWsQDdUD>n#fnv!N|%+(lF&v*J9Z5_ z#owX&cm5K!lN!|`7v#_`PE2ZO@tZcQpYShpWl|H;b$TAaO2#gGavuEcuf^N*05X(m z=Gxysoa=MFv-3~m@L*>LE>APG2)S6p65;Gho0SGhR3cqW8Uw|Z2y$&^jTt)G0UvE|UZ=Yrz>53I!opOwd-_n8OkiV-ch#CzO&p4KLZa`buz&3F;UU zW1)>IG+uzhnrj&&L5xmFMPL$Mi;xIoz?|1+Aa$h5*xQsLxOIVEE|Zk;qHs<`S2HNY zS{V^n0z$_ibz*ET*myRVGP44icqJSoklLXYk;52P(q(?bp9xZffWnY;@)}_hDH&by zQAWd3XpNS@SfFy5OXnKHyg@)BFBDFBUt=n6D-aq=O(H?~{l&=?a<4C}0(vZ*fFq+d zM$TB`*zV0>XXm-Fgq`27jlEhLbG2DH)IzPDjNnD7&@b=v@-HQOI)#6iXl1p&$48x= zps*Tp4xLz<(v3vtR_gdVZ}Mjf|AX6Fnq;95Kino?Y@(?z+PcoDTy_g>Q-J`1MKYz0 z@OhOqzPisk0?-AHe-&tbOEwP zI+bjEaLV|YNX4xNmg|j^2wWx{Am4?-g#G!VzB>531EE5Op04W1=-Bs1R(_WHu4g9- zb?UN7&vlb&$k&_BcBdCz4Hn;&NNyx2GQ*uN`1$E+F9(A{xXd3H8662X=~m!m8p?RK z-O2ioEtDTcA?J0MezL#2zdPUk`+RqAdwLPvj_B;}*sVS;Y)2-~jSi2kDUQubcZHQ$ zqGIXM3@DU{Ff%Hyh{sDG6cC+s|3KtpYl@g#?Mf;IieqiG>ZCy@3+Q2KK+X!O9gUU< z#;=4bkvD_0TojWk1t(Q8Ot$+8zda4FS$qby+!UVt08CJX)HHGC#H`TPd!dY{GicUE zQ*Jt)!9+UDy`F+Q)1=Ow?f2)Ezt4k%^I&@hEasn@!S;DDI}f}ivWbD z<6B_R@zw@*IwDnWUDPN+4vTw0f)O)n8}DcW4VrUTW~oGsr_y;dJ|u|BccNkI8UXdU zQG0WTZ{4ti+*u5#_}2ZTOmsDT!uZ-ArdFkl4`|Z6!NP{yF{mN1P0$+UiCv%Th43F! zLL{{BC<7iCmE=tBdy7{jHLOiJ$_?8p3gIwuo~|_%(;Lz>^BG%{$h2e$3Su2;DPy4{rmj$NgjOZ+yF}RSbQ`o9q~AxzZtm;Ee$5EtNB~7uueJgv zXN4xF$W>&ePLY@l*O75%EG(KSwUY19llok^5csTH%XJ(GmgqQok+Bw4MaE46u}l)Q zsGXiH zSgF$)WEC0qFBCFn^-^CWImtBLGxHcMQeiY9P=s1oX*_V>_QT_5hm!hg|BL1YpD?oC z#kX5zzBZ7Hr5lIAsa{EGW%nCFY$6Kt)^2_a_WZwn`&`tz=d5_%C?4p&x!c8CLvDN@ zi5Rl)J}yN+{2nk zYtvV5A9M?S8cQZLi}AEj_z$#5#vyhheJ_itau4=CRUIC1Zz{r8fw%5=$p-w^{U(!8|{ zbO8O-@%YYn%h<^@uiln^e0>_`(WQ)^JU7+}HE(Zu>4yrJ-SNnyVsPX1FNVQ$I2JlZYf6Gc z{*0e-Wx=s`L+_)=XFzj%i*EzX^;I+BryLcH5!C>K*91^Wg^VQoAdy^)JiqYoLA^af z9s9!Mf|M3`P_Z;`KM%+skOcc*BMDBVzJep3mOO6k_rJ^7`>~K;idzpb`aE)wAJnbu zm*h9qz-Y8(4~9y2e+c`4;KQ0|->C1blh(#TZQZ>c)RsQFgu^HOOHrwv|EN~?fIHhM zd|p2tc=Qk0RO=f)Zb$66ZT)y%af5%=$h#Uxv&&kHcpNzFng4Ad(U+7Tm_!*yS3cM4 zTlM}ntobqNN^C}PEHZLdJyK+E-fZ1${U1{hnWe z#deMDJEASgk2ucqw7yB&cp5jF*lA`>l}dB6^~wxTDSGw8z!njxQW!p|W^n+}=9@7Pwq z+k0krckFI&%SC}l<|5r0ngt%@X!GBU_&-=3QNBZbj(q+Hq6`yXRMXq+ihrWlGsK|_ zxv2l<2><|CFyvE0MZ({Fa`jKN18l&;ARv_geBqO;5!w+gk=bSWGf_1Y8BU28a!h={ zGfuHTiR%?j$Nn4S zPx#b20KN37i^eeY_#e;A)4t#`Mn39=H{^kgz8H7~D&#nBw zlrI2Qxx6NFElRMZoIX0lcOYM1dxs`c7YK+n6tF}+k|ANhwgE#z5rnRYjwKBR40*^A ze_HEgin6|zykFbc_*BzrwXfzr8MUiPUq2*u0UypHZGS^1;K+yGoMVT9t0|%goM49% zM#dbRBA;U)d162r;$dL!!-$ZJo-N8gCD9#STGq6f#WC=E?0Vyw5j|E$0Nthe`UcYi0ccQ%WKWhWWzD6Q>AmLwL|dA_`l zX^rb^*_*YEWWHNy2C*k)XtrwSX(F{a`A{h->3eKkd#QCTCU_AU;bT`Oc_n)hjm!z+ z6gwXhAr|t*8B!Z|?5?k+%Cwmb>Q<7Rt#yFX+;Z)5))eYU7LC&YIbvjc>LgaDUOKVX zHacte)yQ7!gg*W&M3FA8D>a{MtIq1yyf4aHS3<7svMKLU!Ib1QOXc)7KvWtH=%pe{ zXReT$p_f^GFrLuwLJt`STTSHT`USgach_}y?ERhH9eZc{*`EEZhxY7oe}9aeZMW~h zQ7Rg9F{*g6rEJ zY|KOxvNi;eGDM9tEP9={8Ic)13SG=!LJsYLOp}g`E{i%Q#rMi+M6XhnEmTyfp}A&n zt#wNE%iQWT6rw*{wtP^m)Y(NbDD z4TZZf`JWKcxlx7GM0xAF`xLrx-`%yJ!v3DUv$NB+pFJJB_IBUdb+*TDcc5zaah?Pc)9vfOuZ!;acZ~q^g*e zSBh+f8~cLzK5{rI7=WsJDzd3{8j_jnPf9@79Qi^sGsk6pk=b40v~)n#I+1HtQE7~w zQcQuiTPDF&NMu2kbDb)cGk3tyin5(Z1D7;NwGO~XnY9#zWpYl2lWlROUrM+I1FS$W z{cgW+cl&lXu_ypoaiphpf=j~6q?!j!tdCmJrSX3*ABU4HDvN9ac3tGBfmiAzmm@2U z2di=N%xSM5cnA3F5Tq=^xF zEY&ZdkJb$9$E)CLrbW+%>Ba; zU@*mODnyZJ&Ct5-45fa^Bph9HV1qsJI4g3ySftvf-~RHBIhv(S`b&7k@=YP891iJl z=zob(W6XRaYyzLJ%SH(+xRE58UE1h6fWDw0+_?{D*wLh7;cNye{*1sY0bRZzq0bK; z@q2v(jOKuo*on%rcEB6#U$7S*b}o>c6hx8lA_^Shg)`roLds=N82&7J-|Y-7j=2{} z==X3oLKKiOc!@Z2IC3MQ0#UxuEU>c=rX-|Hmcj81$r*MXi_Q%r$M-}GTkmOqzbk%j z6Tyj6;yM$n5I-7P8Rkba_ZgSnXIb$jW}(m}nM`I6ea4~a_6Sm$ME3L)aS_Le*4zxO z>!WKd{y4N!nMI;N6eIQqj*zEh5Ly?#5jrok<-{v1As(Uf6%}etFJjdyB!MJx;`nxJd&vnYA}C%o~m&3_Ds!{O$-OPnt*ajwO$*_Xf_ zf4TOU`0rZ$nthq_nfK*04mN&V|H;N1YRhEg=7Iq7semCk1BW66W9VEwT2E(Eu}vEr z##x<}wfQQE3pG<0rX`x^Z)H*O81y;K~Kz_&d?I%W8(H4yD~{iKbiR&*^t=tl6ex>Yl8VS97#_r^+UFfg22NuGn}k0 zc2X4E8hK>2HG_;J8oOty!y+BAp>;d-b&Fy=iQ^bnyKJf?NgIbeEx~~tO$eP!MsmZd-w>taTF7I~h)UtphyB z_&N(btc~ELJ1Jte4F#QO<4fh;xu0*6f`3EvL$k_02OgP_U$BS7%5oUHc(!=B$u1|) zfl}^admr&R5CbDu`j;{$L%xF%J3O5;j%J&0NB>3+|M=-ShzI0&1}BIm&C#TbmHSYl zGtYrER)+?5`*|8ey+a=4_!12upC0C7E;*H+0~U^=qT(Xrx1wExX)>4F`?r*wj&?Ed!045pO=IYlmicL`|E_ zyBZ2PI7V`t*8o!Pr<7SCk%#?@9HtPJzNwbpsK2ga4NRSmR{d!6+0pMW^(}HJ<{}C# zApyycuITdAQZ3~9i#OW3a@s6BUkOBM6Xw^x=;u>eFtrhMGnA7hW=a@gY5R1>7(n5% z3wzJ6Rt0`%`^`kDptmRpUMT0DL*X@wQiQ{G zdw3o`BwnLWcYur6h1)$ayC*K6rL0MQ%lIBJHf zAJyz!Q?l#K!%k&1m%5(L6uF_NgVUFV>s!WUv1y$`1w(;i%QuzJU=eBoLiEvI=-fLN zfjHO~yKXTB!rdE@>rI_|UTx)VkWMrOK}*3}U4h6KgC`_Ah8{zj6cSI-Y?CtMgepp? z#RwII&}xJYHpc}sRIoiJXf;OX&hQNVihSYIiq8hj5Mc+LhBDyofL|z?b-P+Wp6gTow--w`{{T||!u zdI(7l-!ByX6(Zk}<2X3m?w%Nv4iLq}txU(zB@zZhni1sUP#1>CXhk^UnD{Sa;4mt+ z_qrzet6H7p6i+6IzEz@%UxkVxdNzexF~m89CbB8&q#{Nm;45@JuZLsyy* zCzhDLy646ax9Fo5xm!h81XDJds2Iy=)1}LCA+wWh)+xqCx`N7qj;3IXLq{ymhDKYj zu8~s#4IKNJW9S_@4q{B7WFXcB#*yzJLjsB~v4(6@q zt|1CP>+bJv8(;02UiEhO_KdG~Dql6~lkgq+`~(Jp0L$BH;20y%t;uT6E{lk0!(=%s z8#iO{4S3FdC!UIKA@)B`~J@)nzQHot7P93Gq zeC1yVok4-fS~9i)Hn_PdYt`+obler!JaYj{TVynlUml73Tasis(8A1=6+U5FC0kYl zptYfNO08^3>(qV8rHya%uupS-rwP0em+;8(JaRl$98a}fd#DV9@;To3i3qQRVdy_H z4E;t7gZhQ#_o+``nPG?ox-`R}Vq<@2ZXsvxzEf_Y)W^RIx8TH3Fa#-*4#Zl&Y7#+A zCLkx%U2zBMbOrwfx)rQ~LK(8gW6UOON9E#0t*Qs3H?Gk-5lua5 zc&G`~QBxidauc>0I`%a%@|^#vfaSsgeT2#H4kqt^J(xT>|7ro4yuTWly#MuJa#K~0 zF!>`){(ZvahI70gJU||w5SIwKHHMf6DS-SHmDv~-uPWo7W8y}w(4TDg{p_?ism&b# z;6@oQeeg^JwSCA4cTwlQI<~E|qv{Ef&7kP6>42Bkes1oFz^{*2qcb=WW&fiAz^p%C z)A$kkDVzmjv^2@ap)XGkKk_hS4U0}O=%HVL00l@KP$ITxgP|`H=k|3Uib(IAccNFX zE|Jd-XsTt;qFL zUB1=M@d_WQxo@=a9KKh+lo4>L^PTD;ll$f)E$kbaeWFEtA-xY&?awsvj9U9TigTg& zZ7O}5#=eYNjox=@?6WlYRVsaycD~6y;SVY=n0W9k!fT~>tJ-BBmkDH{iyz~YFXo=} z2{l?$WEFImygYnvp<0>lfMKYS`pUQ1D;>mjT=_Q?j2b4{G82VFG?whUW+b0Ad&<6M zD@%k%X0i>&5I2;yhAfdS``TDCizIvVF@rJ19T|p^<)ct&ban4J_uliJ?|a`L-t(UG zKF=TUKF@hlg~8j{GSK!&48JyYnsy!oP_%c0k1cE}o?n0~W_+dT%Y(?oHCXTM9Gej% z=??==7M3--svn)qw1nu_veyH%76yZw5n@>YRfv_E_=Gsx5tz8sBYHMoyZ=f{33ss~ zOl?uPytQjjC|xj>JSIxUCpJ+n^Wq7THa|(o`I}T13e?1(T$av7#BBm!9=~m^0;!(0VJgm)h zKvr*~A=Z@EGxj`UN@QOD`?$`x97>(9pVY-{C=6xTr01#5gv%)A! zfPb17nTG00Id8Z~oqmx%2j!;0puX4;d-Q$;W;L?P51X9uyoVUEBNe$X(f>&&!4}Hb zd1-3r+ZF^b7j`^fUwxfOFxyHC(JS1KHrDx~QDkmlH3bCiuZ>I^ByPWzb#=f5I#wDY z42zamVpwtMC=L#tx96AWT=FOuuP@FGHCw98zhk>|<=!*0=V!t+_nShyv)BB-&tFT` za6eu&8<9Qw&qHWR0nSjicJuK)rrFEP0r}{2boa8#AnAenP$k(4=!sfg+qaF zY_uS3LhKBkz!mQ%86~2k@{Hd2s6@nT=;j)F1)LmkkV6}tAn>PMhm2D7y0V8U^4zbd zvs@3O16tkL#FIpE-ec={>Nu@NE;m#~xh9%Sw|>8@eufZwq4o1{F$;L0c3|>t*pr>A z8K1%jyG_lmiDOt|34Kfft~*75$Q$|?<5#WDa&JNfnj^VU69N#k!3H*xXkMVhGeUzi zF3}iwQf+qy)|TGkj>xFU4@3OGuZec&`HT=u#?eCz?y~DfRy?VCX`DDILB_%e#z4}g zYLUs;>SP*NJERh0=+GlAgs6)fP%cF4ZaT*lm?SOLKIu3q2JkC3GioG*Pv~ok08tUL zmD3lb%*OBL{%&^usx?>+=QVtZNwQerLk9Smwq|k-etPUFDY)3wv*Ai4nn6+SHdtSa z3otJQ7*B+#hK}TVGCBItuQXijDq4r3;D*GPrLbn5cA zU%0Jyx@J#KRkm7BB5jMA*E5%WpXVmZXAf%BGFBvX%0K=p;3E+T*o^&L5JwPWcr<-$ z-JKL4k6%80FW{n><%=(PT1G0|<>TbL^~+-7kG$JE>bMSS2V%nCcodJFwo)vrt7;0F z$kE8*aFG}}@qKQsC$%#$=CY_u2J@~~_s)yn@>W9c!S-owS@E@t-QLBQ6}RHtn_lCw#aX|H^$ZN&r$Y4*}x z>W95jr!XkoW=mo5&SDWkGr){cPdsaQDd16)*1+c&g|B;Y(9&XRQ|#{kPH$-B8|qTD z-l3u6DWP!P{HOt@)m}phKQ(H2sx=|0Ker>qQc1hwNjB)9njQym?OtXzSz&m(r$RDy z-g9%d1!`bBqpd$B5v!l}4(BV~qBJw(wM=MN8#S#o$+hg28lsmS3Jg$!_tOn!AP*k~ zc481>{@&E*1o4UBVvp!nzid1DA(_?nI_+|yXr>7n;cEN2L~n!L&1ZBA zAbdcAYpk}-u)$OadhrgHl73eyA|Ilmv|s{>Jw*8JkjzkwL#6Ph*XzDFZgz|_5A=YO zaaqPPO44fd@F%?sM-L}f%v`Vm>-AvXD-yRpBMJO?t**!Z$HujtHo0yJSp8Nms7GtR zgrK!=4vvHGvrYzmOIf$&BtkLQBQOYSUHqvGf@D0>@XptM=9l0?oY1BA>VA)jc|Ovo z%VV-(s>&-H4%|iL8Q`6}aP0f-_HaHsc=!Iy#N<-urSggl_E-s)r}1yDQ`5L*51 z`^=G87mEZntYKLu4cDk&eODIzl0Di%dPJ$v!Pb^CkqcZI8UXu;XLXiD;zGJx^KN^h zyhE*&)r{p`$f-bPpE>3hrx*2^91ikZI6}9D7f5}27;^2PV1+>D=0zZy*&732e1+A+ zOrA0lpUVWi)e;(S*=AUC9_GI&pkE<~I?Z^iyaU88X&OzT#0)wh%hB)DL1&P)7(-vl z>_48mdpuHzqDin0+cvK|Eui#B9H%TZcocomZe^9O;U&RKlgW7b*UnVD@ZQ{-wlMsl zXzm_u_v4qaIUtKsuG)-tuQ~UR1!%sWZRg(JJwC`$mI(?iZa=>JDKVwn9)Ix`x;lS8M}vE~%} zCF43g$!@iNsU7ZF*WDxs6NZe^+%GH|4^?D2mChRMCD>WB9~0vE`^cXo>EYj1nfPn` zHvs7WVSnY~_z#GUtuoR7C_CtHJRN@~`LpKnKayDWzfeHztU0-Uop2mA_GoTd{M!Bn D1&!L3 literal 0 HcmV?d00001 diff --git a/Solutions/Egress Defend/Package/createUiDefinition.json b/Solutions/KnowBe4 Defend/Package/createUiDefinition.json similarity index 84% rename from Solutions/Egress Defend/Package/createUiDefinition.json rename to Solutions/KnowBe4 Defend/Package/createUiDefinition.json index f29db2bb6cc..49e17f94eff 100644 --- a/Solutions/Egress Defend/Package/createUiDefinition.json +++ b/Solutions/KnowBe4 Defend/Package/createUiDefinition.json @@ -6,7 +6,7 @@ "config": { "isWizard": false, "basics": { - "description": "\n\n**Note:** Please refer to the following before installing the solution: \r \n • Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Egress%20Defend/ReleaseNotes.md)\r \n • There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing.\n\nEgress Defend for Microsoft Sentinel provides details of processed emails, including the type of phishing attack, payload type and information to show if the user interacted with the email in a positive (clicking on banners or submitting the phish sample) or negative (clicking on an unsafe URL) manner. \n\n**Data Connectors:** 1, **Parsers:** 1, **Workbooks:** 1, **Analytic Rules:** 2, **Hunting Queries:** 1\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)", + "description": "\n\n**Note:** _There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing._\n\nKnowBe4 Defend for Microsoft Sentinel provides details of processed emails, including the type of phishing attack, payload type and information to show if the user interacted with the email in a positive (clicking on banners or submitting the phish sample) or negative (clicking on an unsafe URL) manner.\n\n**Data Connectors:** 1, **Parsers:** 1, **Workbooks:** 1, **Analytic Rules:** 2, **Hunting Queries:** 1\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)", "subscription": { "resourceProviders": [ "Microsoft.OperationsManagement/solutions", @@ -60,7 +60,7 @@ "name": "dataconnectors1-text", "type": "Microsoft.Common.TextBlock", "options": { - "text": "This Solution installs the data connector for Egress Defend. You can get Egress Defend custom log data in your Microsoft Sentinel workspace. After installing the solution, configure and enable this data connector by following guidance in Manage solution view." + "text": "This Solution installs the data connector for KnowBe4 Defend. You can get KnowBe4 Defend custom log data in your Microsoft Sentinel workspace. After installing the solution, configure and enable this data connector by following guidance in Manage solution view." } }, { @@ -111,13 +111,13 @@ { "name": "workbook1", "type": "Microsoft.Common.Section", - "label": "Egress Defend Insights", + "label": "KnowBe4 Defend Insights", "elements": [ { "name": "workbook1-text", "type": "Microsoft.Common.TextBlock", "options": { - "text": "A workbook providing insights into the data ingested from Egress Defend." + "text": "A workbook providing insights into KnowBe4 Defend." } } ] @@ -153,7 +153,7 @@ { "name": "analytic1", "type": "Microsoft.Common.Section", - "label": "Egress Defend - Dangerous Attachment Detected", + "label": "KnowBe4 Defend - Dangerous Attachment Detected", "elements": [ { "name": "analytic1-text", @@ -167,7 +167,7 @@ { "name": "analytic2", "type": "Microsoft.Common.Section", - "label": "Egress Defend - Dangerous Link Click", + "label": "KnowBe4 Defend - Dangerous Link Click", "elements": [ { "name": "analytic2-text", diff --git a/Solutions/Egress Defend/Package/mainTemplate.json b/Solutions/KnowBe4 Defend/Package/mainTemplate.json similarity index 69% rename from Solutions/Egress Defend/Package/mainTemplate.json rename to Solutions/KnowBe4 Defend/Package/mainTemplate.json index 0fddb3616b4..f99e91223fa 100644 --- a/Solutions/Egress Defend/Package/mainTemplate.json +++ b/Solutions/KnowBe4 Defend/Package/mainTemplate.json @@ -2,8 +2,8 @@ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "1.0.0.0", "metadata": { - "author": "Egress - support@egress.com", - "comments": "Solution template for Egress Defend" + "author": "KnowBe4 - support@knowbe4.com", + "comments": "Solution template for KnowBe4 Defend" }, "parameters": { "location": { @@ -30,7 +30,7 @@ }, "workbook1-name": { "type": "string", - "defaultValue": "Egress Defend Insights", + "defaultValue": "KnowBe4 Defend Insights", "minLength": 1, "metadata": { "description": "Name for the workbook" @@ -38,68 +38,77 @@ } }, "variables": { - "email": "support@egress.com", - "_email": "[variables('email')]", - "_solutionName": "Egress Defend", - "_solutionVersion": "3.0.0", - "solutionId": "egress1589289169584.egress-sentinel-defend", + "solutionId": "egress1589289169584.azure-sentinel-solution-egress-defend", "_solutionId": "[variables('solutionId')]", + "email": "support@knowbe4.com", + "_email": "[variables('email')]", "workbookVersion1": "1.0.0", "workbookContentId1": "EgressDefendMetricWorkbook", "workbookId1": "[resourceId('Microsoft.Insights/workbooks', variables('workbookContentId1'))]", - "workbookTemplateSpecName1": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-wb-',uniquestring(variables('_workbookContentId1'))))]", + "workbookTemplateSpecName1": "[concat(parameters('workspace'),'-wb-',uniquestring(variables('_workbookContentId1')))]", "_workbookContentId1": "[variables('workbookContentId1')]", "workspaceResourceId": "[resourceId('microsoft.OperationalInsights/Workspaces', parameters('workspace'))]", - "_workbookcontentProductId1": "[concat(take(variables('_solutionId'),50),'-','wb','-', uniqueString(concat(variables('_solutionId'),'-','Workbook','-',variables('_workbookContentId1'),'-', variables('workbookVersion1'))))]", "analyticRuleVersion1": "1.0.0", "analyticRulecontentId1": "a0e55dd4-8454-4396-91e6-f28fec3d2cab", "_analyticRulecontentId1": "[variables('analyticRulecontentId1')]", "analyticRuleId1": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', variables('analyticRulecontentId1'))]", - "analyticRuleTemplateSpecName1": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring(variables('_analyticRulecontentId1'))))]", - "_analyticRulecontentProductId1": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-',variables('_analyticRulecontentId1'),'-', variables('analyticRuleVersion1'))))]", + "analyticRuleTemplateSpecName1": "[concat(parameters('workspace'),'-ar-',uniquestring(variables('_analyticRulecontentId1')))]", "analyticRuleVersion2": "1.0.0", "analyticRulecontentId2": "a896123e-03a5-4a4d-a7e3-fd814846dfb2", "_analyticRulecontentId2": "[variables('analyticRulecontentId2')]", "analyticRuleId2": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', variables('analyticRulecontentId2'))]", - "analyticRuleTemplateSpecName2": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring(variables('_analyticRulecontentId2'))))]", - "_analyticRulecontentProductId2": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-',variables('_analyticRulecontentId2'),'-', variables('analyticRuleVersion2'))))]", + "analyticRuleTemplateSpecName2": "[concat(parameters('workspace'),'-ar-',uniquestring(variables('_analyticRulecontentId2')))]", + "parserVersion1": "1.0.0", + "parserContentId1": "DefendAuditData-Parser", + "_parserContentId1": "[variables('parserContentId1')]", "parserName1": "DefendAuditData", "_parserName1": "[concat(parameters('workspace'),'/',variables('parserName1'))]", "parserId1": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), variables('parserName1'))]", "_parserId1": "[variables('parserId1')]", - "parserTemplateSpecName1": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pr-',uniquestring(variables('_parserContentId1'))))]", - "parserVersion1": "1.0.0", - "parserContentId1": "DefendAuditData-Parser", - "_parserContentId1": "[variables('parserContentId1')]", - "_parsercontentProductId1": "[concat(take(variables('_solutionId'),50),'-','pr','-', uniqueString(concat(variables('_solutionId'),'-','Parser','-',variables('_parserContentId1'),'-', variables('parserVersion1'))))]", + "parserTemplateSpecName1": "[concat(parameters('workspace'),'-pr-',uniquestring(variables('_parserContentId1')))]", "huntingQueryVersion1": "1.0.0", "huntingQuerycontentId1": "57ada8d5-7a26-4440-97fd-32c5c3fd0421", "_huntingQuerycontentId1": "[variables('huntingQuerycontentId1')]", "huntingQueryId1": "[resourceId('Microsoft.OperationalInsights/savedSearches', variables('_huntingQuerycontentId1'))]", - "huntingQueryTemplateSpecName1": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-hq-',uniquestring(variables('_huntingQuerycontentId1'))))]", - "_huntingQuerycontentProductId1": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('_huntingQuerycontentId1'),'-', variables('huntingQueryVersion1'))))]", + "huntingQueryTemplateSpecName1": "[concat(parameters('workspace'),'-hq-',uniquestring(variables('_huntingQuerycontentId1')))]", "uiConfigId1": "EgressDefendPolling", "_uiConfigId1": "[variables('uiConfigId1')]", "dataConnectorContentId1": "EgressDefendPolling", "_dataConnectorContentId1": "[variables('dataConnectorContentId1')]", "dataConnectorId1": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectors', variables('_dataConnectorContentId1'))]", "_dataConnectorId1": "[variables('dataConnectorId1')]", - "dataConnectorTemplateSpecName1": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-dc-',uniquestring(variables('_dataConnectorContentId1'))))]", - "dataConnectorVersion1": "1.0.0", - "_dataConnectorcontentProductId1": "[concat(take(variables('_solutionId'),50),'-','dc','-', uniqueString(concat(variables('_solutionId'),'-','DataConnector','-',variables('_dataConnectorContentId1'),'-', variables('dataConnectorVersion1'))))]", - "_solutioncontentProductId": "[concat(take(variables('_solutionId'),50),'-','sl','-', uniqueString(concat(variables('_solutionId'),'-','Solution','-',variables('_solutionId'),'-', variables('_solutionVersion'))))]" + "dataConnectorTemplateSpecName1": "[concat(parameters('workspace'),'-dc-',uniquestring(variables('_dataConnectorContentId1')))]", + "dataConnectorVersion1": "1.0.0" }, "resources": [ { - "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates", - "apiVersion": "2023-04-01-preview", + "type": "Microsoft.Resources/templateSpecs", + "apiVersion": "2022-02-01", "name": "[variables('workbookTemplateSpecName1')]", "location": "[parameters('workspace-location')]", + "tags": { + "hidden-sentinelWorkspaceId": "[variables('workspaceResourceId')]", + "hidden-sentinelContentType": "Workbook" + }, + "properties": { + "description": "KnowBe4 Defend Workbook with template", + "displayName": "KnowBe4 Defend workbook template" + } + }, + { + "type": "Microsoft.Resources/templateSpecs/versions", + "apiVersion": "2022-02-01", + "name": "[concat(variables('workbookTemplateSpecName1'),'/',variables('workbookVersion1'))]", + "location": "[parameters('workspace-location')]", + "tags": { + "hidden-sentinelWorkspaceId": "[variables('workspaceResourceId')]", + "hidden-sentinelContentType": "Workbook" + }, "dependsOn": [ - "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" + "[resourceId('Microsoft.Resources/templateSpecs', variables('workbookTemplateSpecName1'))]" ], "properties": { - "description": "DefendMetricsWorkbook Workbook with template version 3.0.0", + "description": "DefendMetricsWorkbook with template version 4.0.0", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('workbookVersion1')]", @@ -113,11 +122,11 @@ "kind": "shared", "apiVersion": "2021-08-01", "metadata": { - "description": "A workbook providing insights into Egress Defend." + "description": "A workbook providing insights into KnowBe4 Defend." }, "properties": { "displayName": "[parameters('workbook1-name')]", - "serializedData": "{\"version\":\"Notebook/1.0\",\"items\":[{\"type\":1,\"content\":{\"json\":\"## Phishing Insights\"},\"name\":\"text - 6\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"DefendAuditData\\r\\n| where isnotempty(PhishType)\\r\\n| mv-expand todynamic(PhishType)\\r\\n| summarize EmailCount=count() by tostring(PhishType), LinksClicked\\r\\n| render columnchart\",\"size\":0,\"title\":\"Number of Detected Phish Types in 48 hours\",\"timeContext\":{\"durationMs\":172800000},\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"unstackedbar\",\"chartSettings\":{\"xAxis\":\"PhishType\",\"seriesLabelSettings\":[{\"seriesName\":\"LinksClicked\",\"color\":\"redDark\"},{\"seriesName\":\"EmailCount\",\"color\":\"blue\"}]}},\"name\":\"query-2\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"DefendAuditData\\r\\n| where ThreatLevel == \\\"suspicious\\\" or ThreatLevel == \\\"dangerous\\\"\\r\\n| mv-expand todynamic(Attachments)\\r\\n| where Attachments.name matches regex @\\\"(?i)^.*\\\\.(doc|docx|docm|pdf|xls|xlsx|xlsm|html|zip)$(?-i)\\\"\\r\\n| extend path_parts = parse_path(tostring(Attachments.name))\\r\\n| where isnotempty(path_parts.Extension)\\r\\n| summarize attachmentCount=count() by tostring(path_parts.Extension)\\r\\n| render piechart\",\"size\":0,\"title\":\"Number of suspicious files detected in 48 hours\",\"timeContext\":{\"durationMs\":172800000},\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"chartSettings\":{\"yAxis\":[\"attachmentCount\"]}},\"name\":\"query - 1\"}],\"fromTemplateId\":\"sentinel-EgressDefendMetricWorkbook\",\"$schema\":\"https://github.com/Microsoft/Application-Insights-Workbooks/blob/master/schema/workbook.json\"}\r\n", + "serializedData": "{\"version\":\"Notebook/1.0\",\"items\":[{\"type\":1,\"content\":{\"json\":\"## Phishing Insights\"},\"name\":\"text - 6\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"DefendAuditData\\r\\n| where isnotempty(PhishType)\\r\\n| mv-expand todynamic(PhishType)\\r\\n| summarize EmailCount=count() by tostring(PhishType), LinksClicked\\r\\n| render columnchart\",\"size\":0,\"title\":\"Number of Detected Phish Types in 48 hours\",\"timeContext\":{\"durationMs\":172800000},\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"unstackedbar\",\"chartSettings\":{\"xAxis\":\"PhishType\",\"seriesLabelSettings\":[{\"seriesName\":\"LinksClicked\",\"color\":\"redDark\"},{\"seriesName\":\"EmailCount\",\"color\":\"blue\"}]}},\"name\":\"query-2\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"DefendAuditData\\r\\n| where ThreatLevel == \\\"suspicious\\\" or ThreatLevel == \\\"dangerous\\\"\\r\\n| mv-expand todynamic(Attachments)\\r\\n| where Attachments.name matches regex @\\\"(?i)^.*\\\\.(doc|docx|docm|pdf|xls|xlsx|xlsm|html|zip)$(?-i)\\\"\\r\\n| extend path_parts = parse_path(tostring(Attachments.name))\\r\\n| where isnotempty(path_parts.Extension)\\r\\n| summarize attachmentCount=count() by tostring(path_parts.Extension)\\r\\n| render piechart\",\"size\":0,\"title\":\"Number of suspicious files detected in 48 hours\",\"timeContext\":{\"durationMs\":172800000},\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"chartSettings\":{\"yAxis\":[\"attachmentCount\"]}},\"name\":\"query - 1\"}],\"fromTemplateId\":\"sentinel-EgressDefendMetricWorkbook\",\"$schema\":\"https://github.com/Microsoft/Application-Insights-Workbooks/blob/master/schema/workbook.json\"}\n", "version": "1.0", "sourceId": "[variables('workspaceResourceId')]", "category": "sentinel" @@ -128,25 +137,25 @@ "apiVersion": "2022-01-01-preview", "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Workbook-', last(split(variables('workbookId1'),'/'))))]", "properties": { - "description": "@{workbookKey=EgressDefendMetricWorkbook; logoFileName=; description=A workbook providing insights into Egress Defend.; dataTypesDependencies=System.Object[]; previewImagesFileNames=System.Object[]; version=1.0.0; title=Egress Defend Insights; templateRelativePath=DefendMetrics.json; subtitle=Defend Metrics; provider=Egress Software Technologies}.description", + "description": "@{workbookKey=EgressDefendMetricWorkbook; logoFileName=KnowBe4-logo.svg; description=A workbook providing insights into KnowBe4 Defend.; dataTypesDependencies=System.Object[]; previewImagesFileNames=System.Object[]; version=1.0.0; title=KnowBe4 Defend Insights; templateRelativePath=DefendMetrics.json; subtitle=Defend Metrics; provider=Egress Software Technologies}.description", "parentId": "[variables('workbookId1')]", "contentId": "[variables('_workbookContentId1')]", "kind": "Workbook", "version": "[variables('workbookVersion1')]", "source": { "kind": "Solution", - "name": "Egress Defend", + "name": "KnowBe4 Defend", "sourceId": "[variables('_solutionId')]" }, "author": { - "name": "Egress", + "name": "KnowBe4", "email": "[variables('_email')]" }, "support": { - "name": "Egress", - "email": "support@egress.com", + "name": "egress1589289169584", + "email": "support@knowbe4.com", "tier": "Partner", - "link": "https://support.egress.com/s/" + "link": "https://support.knowbe4.com" }, "dependencies": { "operator": "AND", @@ -158,33 +167,40 @@ ] } }, - "description": "Egress Defend Workbooks provides insight into Egress Defend audit logs" + "description": "KnowBe4 Defend Workbooks provides insight into KnowBe4 Defend audit logs" } ] - }, - "packageKind": "Solution", - "packageVersion": "[variables('_solutionVersion')]", - "packageName": "[variables('_solutionName')]", - "packageId": "[variables('_solutionId')]", - "contentSchemaVersion": "3.0.0", - "contentId": "[variables('_workbookContentId1')]", - "contentKind": "Workbook", - "displayName": "[parameters('workbook1-name')]", - "contentProductId": "[variables('_workbookcontentProductId1')]", - "id": "[variables('_workbookcontentProductId1')]", - "version": "[variables('workbookVersion1')]" + } } }, { - "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates", - "apiVersion": "2023-04-01-preview", + "type": "Microsoft.Resources/templateSpecs", + "apiVersion": "2022-02-01", "name": "[variables('analyticRuleTemplateSpecName1')]", "location": "[parameters('workspace-location')]", + "tags": { + "hidden-sentinelWorkspaceId": "[variables('workspaceResourceId')]", + "hidden-sentinelContentType": "AnalyticsRule" + }, + "properties": { + "description": "KnowBe4 Defend Analytics Rule 1 with template", + "displayName": "KnowBe4 Defend Analytics Rule template" + } + }, + { + "type": "Microsoft.Resources/templateSpecs/versions", + "apiVersion": "2022-02-01", + "name": "[concat(variables('analyticRuleTemplateSpecName1'),'/',variables('analyticRuleVersion1'))]", + "location": "[parameters('workspace-location')]", + "tags": { + "hidden-sentinelWorkspaceId": "[variables('workspaceResourceId')]", + "hidden-sentinelContentType": "AnalyticsRule" + }, "dependsOn": [ - "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" + "[resourceId('Microsoft.Resources/templateSpecs', variables('analyticRuleTemplateSpecName1'))]" ], "properties": { - "description": "DangerousAttachmentReceived_AnalyticalRules Analytics Rule with template version 3.0.0", + "description": "DangerousAttachmentReceived_AnalyticalRules Analytics Rule with template version 4.0.0", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('analyticRuleVersion1')]", @@ -193,13 +209,13 @@ "resources": [ { "type": "Microsoft.SecurityInsights/AlertRuleTemplates", - "name": "[variables('analyticRulecontentId1')]", + "name": "[variables('AnalyticRulecontentId1')]", "apiVersion": "2022-04-01-preview", "kind": "Scheduled", "location": "[parameters('workspace-location')]", "properties": { "description": "Defend has detected a user has a suspicious file type from a suspicious sender in their mailbox.", - "displayName": "Egress Defend - Dangerous Attachment Detected", + "displayName": "KnowBe4 Defend - Dangerous Attachment Detected", "enabled": false, "query": "DefendAuditData\n| where ThreatLevel == \"suspicious\" or ThreatLevel == \"dangerous\"\n| mv-expand todynamic(Attachments)\n| where Attachments.name matches regex @\"(?i)^.*\\.(doc|docx|docm|pdf|xls|xlsx|xlsm|html|zip)$(?-i)\"\n| summarize attachmentCount=count() by TimeGenerated, tostring(Attachments.name), Subject, From, Account_0_FullName = trim(@\"[^@.\\w]+\",Recipients), timesClicked = LinksClicked, SenderIP\n", "queryFrequency": "PT30M", @@ -212,10 +228,10 @@ "status": "Available", "requiredDataConnectors": [ { - "connectorId": "EgressDefend", - "dataTypes": [ + "datatypes": [ "EgressDefend_CL" - ] + ], + "connectorId": "EgressDefend" } ], "tactics": [ @@ -280,53 +296,60 @@ "apiVersion": "2022-01-01-preview", "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('AnalyticsRule-', last(split(variables('analyticRuleId1'),'/'))))]", "properties": { - "description": "Egress Defend Analytics Rule 1", + "description": "KnowBe4 Defend Analytics Rule 1", "parentId": "[variables('analyticRuleId1')]", "contentId": "[variables('_analyticRulecontentId1')]", "kind": "AnalyticsRule", "version": "[variables('analyticRuleVersion1')]", "source": { "kind": "Solution", - "name": "Egress Defend", + "name": "KnowBe4 Defend", "sourceId": "[variables('_solutionId')]" }, "author": { - "name": "Egress", + "name": "KnowBe4", "email": "[variables('_email')]" }, "support": { - "name": "Egress", - "email": "support@egress.com", + "name": "egress1589289169584", + "email": "support@knowbe4.com", "tier": "Partner", - "link": "https://support.egress.com/s/" + "link": "https://support.knowbe4.com" } } } ] - }, - "packageKind": "Solution", - "packageVersion": "[variables('_solutionVersion')]", - "packageName": "[variables('_solutionName')]", - "packageId": "[variables('_solutionId')]", - "contentSchemaVersion": "3.0.0", - "contentId": "[variables('_analyticRulecontentId1')]", - "contentKind": "AnalyticsRule", - "displayName": "Egress Defend - Dangerous Attachment Detected", - "contentProductId": "[variables('_analyticRulecontentProductId1')]", - "id": "[variables('_analyticRulecontentProductId1')]", - "version": "[variables('analyticRuleVersion1')]" + } } }, { - "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates", - "apiVersion": "2023-04-01-preview", + "type": "Microsoft.Resources/templateSpecs", + "apiVersion": "2022-02-01", "name": "[variables('analyticRuleTemplateSpecName2')]", "location": "[parameters('workspace-location')]", + "tags": { + "hidden-sentinelWorkspaceId": "[variables('workspaceResourceId')]", + "hidden-sentinelContentType": "AnalyticsRule" + }, + "properties": { + "description": "KnowBe4 Defend Analytics Rule 2 with template", + "displayName": "KnowBe4 Defend Analytics Rule template" + } + }, + { + "type": "Microsoft.Resources/templateSpecs/versions", + "apiVersion": "2022-02-01", + "name": "[concat(variables('analyticRuleTemplateSpecName2'),'/',variables('analyticRuleVersion2'))]", + "location": "[parameters('workspace-location')]", + "tags": { + "hidden-sentinelWorkspaceId": "[variables('workspaceResourceId')]", + "hidden-sentinelContentType": "AnalyticsRule" + }, "dependsOn": [ - "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" + "[resourceId('Microsoft.Resources/templateSpecs', variables('analyticRuleTemplateSpecName2'))]" ], "properties": { - "description": "DangerousLinksClicked_AnalyticalRules Analytics Rule with template version 3.0.0", + "description": "DangerousLinksClicked_AnalyticalRules Analytics Rule with template version 4.0.0", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('analyticRuleVersion2')]", @@ -335,13 +358,13 @@ "resources": [ { "type": "Microsoft.SecurityInsights/AlertRuleTemplates", - "name": "[variables('analyticRulecontentId2')]", + "name": "[variables('AnalyticRulecontentId2')]", "apiVersion": "2022-04-01-preview", "kind": "Scheduled", "location": "[parameters('workspace-location')]", "properties": { "description": "Defend has detected a user has clicked a dangerous link in their mailbox.", - "displayName": "Egress Defend - Dangerous Link Click", + "displayName": "KnowBe4 Defend - Dangerous Link Click", "enabled": false, "query": "DefendAuditData\n| where LinksClicked > 0\n| where ThreatLevel == \"dangerous\" or ThreatLevel == \"suspicious\"\n| extend Account_0_FullName = trim(@\"[^@.\\w]+\",Recipients)\n", "queryFrequency": "PT30M", @@ -354,10 +377,10 @@ "status": "Available", "requiredDataConnectors": [ { - "connectorId": "EgressDefend", - "dataTypes": [ + "datatypes": [ "EgressDefend_CL" - ] + ], + "connectorId": "EgressDefend" } ], "tactics": [ @@ -406,9 +429,9 @@ } ], "customDetails": { + "timesClicked": "LinksClicked", "DefendSender": "From", - "DefendSenderIP": "SenderIP", - "timesClicked": "LinksClicked" + "DefendSenderIP": "SenderIP" }, "alertDetailsOverride": { "alertDisplayNameFormat": "Alert - {{Account_0_FullName}} as clicked a suspicious link." @@ -420,53 +443,60 @@ "apiVersion": "2022-01-01-preview", "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('AnalyticsRule-', last(split(variables('analyticRuleId2'),'/'))))]", "properties": { - "description": "Egress Defend Analytics Rule 2", + "description": "KnowBe4 Defend Analytics Rule 2", "parentId": "[variables('analyticRuleId2')]", "contentId": "[variables('_analyticRulecontentId2')]", "kind": "AnalyticsRule", "version": "[variables('analyticRuleVersion2')]", "source": { "kind": "Solution", - "name": "Egress Defend", + "name": "KnowBe4 Defend", "sourceId": "[variables('_solutionId')]" }, "author": { - "name": "Egress", + "name": "KnowBe4", "email": "[variables('_email')]" }, "support": { - "name": "Egress", - "email": "support@egress.com", + "name": "egress1589289169584", + "email": "support@knowbe4.com", "tier": "Partner", - "link": "https://support.egress.com/s/" + "link": "https://support.knowbe4.com" } } } ] - }, - "packageKind": "Solution", - "packageVersion": "[variables('_solutionVersion')]", - "packageName": "[variables('_solutionName')]", - "packageId": "[variables('_solutionId')]", - "contentSchemaVersion": "3.0.0", - "contentId": "[variables('_analyticRulecontentId2')]", - "contentKind": "AnalyticsRule", - "displayName": "Egress Defend - Dangerous Link Click", - "contentProductId": "[variables('_analyticRulecontentProductId2')]", - "id": "[variables('_analyticRulecontentProductId2')]", - "version": "[variables('analyticRuleVersion2')]" + } } }, { - "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates", - "apiVersion": "2023-04-01-preview", + "type": "Microsoft.Resources/templateSpecs", + "apiVersion": "2022-02-01", "name": "[variables('parserTemplateSpecName1')]", "location": "[parameters('workspace-location')]", + "tags": { + "hidden-sentinelWorkspaceId": "[variables('workspaceResourceId')]", + "hidden-sentinelContentType": "Parser" + }, + "properties": { + "description": "DefendAuditData Data Parser with template", + "displayName": "DefendAuditData Data Parser template" + } + }, + { + "type": "Microsoft.Resources/templateSpecs/versions", + "apiVersion": "2022-02-01", + "name": "[concat(variables('parserTemplateSpecName1'),'/',variables('parserVersion1'))]", + "location": "[parameters('workspace-location')]", + "tags": { + "hidden-sentinelWorkspaceId": "[variables('workspaceResourceId')]", + "hidden-sentinelContentType": "Parser" + }, "dependsOn": [ - "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" + "[resourceId('Microsoft.Resources/templateSpecs', variables('parserTemplateSpecName1'))]" ], "properties": { - "description": "DefendAuditData Data Parser with template version 3.0.0", + "description": "DefendAuditData Data Parser with template version 4.0.0", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('parserVersion1')]", @@ -475,7 +505,7 @@ "resources": [ { "name": "[variables('_parserName1')]", - "apiVersion": "2022-10-01", + "apiVersion": "2020-08-01", "type": "Microsoft.OperationalInsights/workspaces/savedSearches", "location": "[parameters('workspace-location')]", "properties": { @@ -483,8 +513,7 @@ "displayName": "DefendAuditData", "category": "Samples", "functionAlias": "DefendAuditData", - "query": "\nEgressDefend_CL\r\n| project \r\n TimeGenerated=time_t,\r\n Event=event_s,\r\n Recipients=email_rcptTo_s,\r\n From=email_mailFrom_s,\r\n Subject=columnifexists('email_subject_s', \"\"),\r\n Attachments=email_attachments_s,\r\n MessageId=email_messageId_s,\r\n ThreatLevel=email_threat_s,\r\n TrustLevel=email_trust_s,\r\n FirstTimeSender=email_firstTimeSender_b,\r\n PayLoad=columnifexists('email_payload_Type_s', \"\"),\r\n LinksClicked=email_linksClicked_d,\r\n SenderIP=email_senderIp_s,\r\n Url=linkClicked_s,\r\n PhishType=email_phishType_s\r\n ", - "functionParameters": "", + "query": "\nEgressDefend_CL\n| project \n TimeGenerated=time_t,\n Event=event_s,\n Recipients=email_rcptTo_s,\n From=email_mailFrom_s,\n Subject=columnifexists('email_subject_s', \"\"),\n Attachments=email_attachments_s,\n MessageId=email_messageId_s,\n ThreatLevel=email_threat_s,\n TrustLevel=email_trust_s,\n FirstTimeSender=email_firstTimeSender_b,\n PayLoad=columnifexists('email_payload_Type_s', \"\"),\n LinksClicked=email_linksClicked_d,\n SenderIP=email_senderIp_s,\n Url=linkClicked_s,\n PhishType=email_phishType_s\n ", "version": 1, "tags": [ { @@ -499,7 +528,7 @@ "apiVersion": "2022-01-01-preview", "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Parser-', last(split(variables('_parserId1'),'/'))))]", "dependsOn": [ - "[variables('_parserName1')]" + "[variables('_parserId1')]" ], "properties": { "parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), variables('parserName1'))]", @@ -507,40 +536,29 @@ "kind": "Parser", "version": "[variables('parserVersion1')]", "source": { - "name": "Egress Defend", + "name": "KnowBe4 Defend", "kind": "Solution", "sourceId": "[variables('_solutionId')]" }, "author": { - "name": "Egress", + "name": "KnowBe4", "email": "[variables('_email')]" }, "support": { - "name": "Egress", - "email": "support@egress.com", + "name": "egress1589289169584", + "email": "support@knowbe4.com", "tier": "Partner", - "link": "https://support.egress.com/s/" + "link": "https://support.knowbe4.com" } } } ] - }, - "packageKind": "Solution", - "packageVersion": "[variables('_solutionVersion')]", - "packageName": "[variables('_solutionName')]", - "packageId": "[variables('_solutionId')]", - "contentSchemaVersion": "3.0.0", - "contentId": "[variables('_parserContentId1')]", - "contentKind": "Parser", - "displayName": "DefendAuditData", - "contentProductId": "[variables('_parsercontentProductId1')]", - "id": "[variables('_parsercontentProductId1')]", - "version": "[variables('parserVersion1')]" + } } }, { "type": "Microsoft.OperationalInsights/workspaces/savedSearches", - "apiVersion": "2022-10-01", + "apiVersion": "2021-06-01", "name": "[variables('_parserName1')]", "location": "[parameters('workspace-location')]", "properties": { @@ -548,15 +566,8 @@ "displayName": "DefendAuditData", "category": "Samples", "functionAlias": "DefendAuditData", - "query": "\nEgressDefend_CL\r\n| project \r\n TimeGenerated=time_t,\r\n Event=event_s,\r\n Recipients=email_rcptTo_s,\r\n From=email_mailFrom_s,\r\n Subject=columnifexists('email_subject_s', \"\"),\r\n Attachments=email_attachments_s,\r\n MessageId=email_messageId_s,\r\n ThreatLevel=email_threat_s,\r\n TrustLevel=email_trust_s,\r\n FirstTimeSender=email_firstTimeSender_b,\r\n PayLoad=columnifexists('email_payload_Type_s', \"\"),\r\n LinksClicked=email_linksClicked_d,\r\n SenderIP=email_senderIp_s,\r\n Url=linkClicked_s,\r\n PhishType=email_phishType_s\r\n ", - "functionParameters": "", - "version": 1, - "tags": [ - { - "name": "description", - "value": "DefendAuditData" - } - ] + "query": "\nEgressDefend_CL\n| project \n TimeGenerated=time_t,\n Event=event_s,\n Recipients=email_rcptTo_s,\n From=email_mailFrom_s,\n Subject=columnifexists('email_subject_s', \"\"),\n Attachments=email_attachments_s,\n MessageId=email_messageId_s,\n ThreatLevel=email_threat_s,\n TrustLevel=email_trust_s,\n FirstTimeSender=email_firstTimeSender_b,\n PayLoad=columnifexists('email_payload_Type_s', \"\"),\n LinksClicked=email_linksClicked_d,\n SenderIP=email_senderIp_s,\n Url=linkClicked_s,\n PhishType=email_phishType_s\n ", + "version": 1 } }, { @@ -574,31 +585,49 @@ "version": "[variables('parserVersion1')]", "source": { "kind": "Solution", - "name": "Egress Defend", + "name": "KnowBe4 Defend", "sourceId": "[variables('_solutionId')]" }, "author": { - "name": "Egress", + "name": "KnowBe4", "email": "[variables('_email')]" }, "support": { - "name": "Egress", - "email": "support@egress.com", + "name": "egress1589289169584", + "email": "support@knowbe4.com", "tier": "Partner", - "link": "https://support.egress.com/s/" + "link": "https://support.knowbe4.com" } } }, { - "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates", - "apiVersion": "2023-04-01-preview", + "type": "Microsoft.Resources/templateSpecs", + "apiVersion": "2022-02-01", "name": "[variables('huntingQueryTemplateSpecName1')]", "location": "[parameters('workspace-location')]", + "tags": { + "hidden-sentinelWorkspaceId": "[variables('workspaceResourceId')]", + "hidden-sentinelContentType": "HuntingQuery" + }, + "properties": { + "description": "KnowBe4 Defend Hunting Query 1 with template", + "displayName": "KnowBe4 Defend Hunting Query template" + } + }, + { + "type": "Microsoft.Resources/templateSpecs/versions", + "apiVersion": "2022-02-01", + "name": "[concat(variables('huntingQueryTemplateSpecName1'),'/',variables('huntingQueryVersion1'))]", + "location": "[parameters('workspace-location')]", + "tags": { + "hidden-sentinelWorkspaceId": "[variables('workspaceResourceId')]", + "hidden-sentinelContentType": "HuntingQuery" + }, "dependsOn": [ - "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" + "[resourceId('Microsoft.Resources/templateSpecs', variables('huntingQueryTemplateSpecName1'))]" ], "properties": { - "description": "DangerousLinksClicked_HuntingQueries Hunting Query with template version 3.0.0", + "description": "DangerousLinksClicked_HuntingQueries Hunting Query with template version 4.0.0", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('huntingQueryVersion1')]", @@ -607,8 +636,8 @@ "resources": [ { "type": "Microsoft.OperationalInsights/savedSearches", - "apiVersion": "2022-10-01", - "name": "Egress_Defend_Hunting_Query_1", + "apiVersion": "2020-08-01", + "name": "KnowBe4_Defend_Hunting_Query_1", "location": "[parameters('workspace-location')]", "properties": { "eTag": "*", @@ -637,53 +666,60 @@ "apiVersion": "2022-01-01-preview", "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('HuntingQuery-', last(split(variables('huntingQueryId1'),'/'))))]", "properties": { - "description": "Egress Defend Hunting Query 1", + "description": "KnowBe4 Defend Hunting Query 1", "parentId": "[variables('huntingQueryId1')]", "contentId": "[variables('_huntingQuerycontentId1')]", "kind": "HuntingQuery", "version": "[variables('huntingQueryVersion1')]", "source": { "kind": "Solution", - "name": "Egress Defend", + "name": "KnowBe4 Defend", "sourceId": "[variables('_solutionId')]" }, "author": { - "name": "Egress", + "name": "KnowBe4", "email": "[variables('_email')]" }, "support": { - "name": "Egress", - "email": "support@egress.com", + "name": "egress1589289169584", + "email": "support@knowbe4.com", "tier": "Partner", - "link": "https://support.egress.com/s/" + "link": "https://support.knowbe4.com" } } } ] - }, - "packageKind": "Solution", - "packageVersion": "[variables('_solutionVersion')]", - "packageName": "[variables('_solutionName')]", - "packageId": "[variables('_solutionId')]", - "contentSchemaVersion": "3.0.0", - "contentId": "[variables('_huntingQuerycontentId1')]", - "contentKind": "HuntingQuery", - "displayName": "Dangerous emails with links clicked", - "contentProductId": "[variables('_huntingQuerycontentProductId1')]", - "id": "[variables('_huntingQuerycontentProductId1')]", - "version": "[variables('huntingQueryVersion1')]" + } } }, { - "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates", - "apiVersion": "2023-04-01-preview", + "type": "Microsoft.Resources/templateSpecs", + "apiVersion": "2022-02-01", "name": "[variables('dataConnectorTemplateSpecName1')]", "location": "[parameters('workspace-location')]", + "tags": { + "hidden-sentinelWorkspaceId": "[variables('workspaceResourceId')]", + "hidden-sentinelContentType": "DataConnector" + }, + "properties": { + "description": "KnowBe4 Defend data connector with template", + "displayName": "KnowBe4 Defend template" + } + }, + { + "type": "Microsoft.Resources/templateSpecs/versions", + "apiVersion": "2022-02-01", + "name": "[concat(variables('dataConnectorTemplateSpecName1'),'/',variables('dataConnectorVersion1'))]", + "location": "[parameters('workspace-location')]", + "tags": { + "hidden-sentinelWorkspaceId": "[variables('workspaceResourceId')]", + "hidden-sentinelContentType": "DataConnector" + }, "dependsOn": [ - "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" + "[resourceId('Microsoft.Resources/templateSpecs', variables('dataConnectorTemplateSpecName1'))]" ], "properties": { - "description": "Egress Defend data connector with template version 3.0.0", + "description": "KnowBe4 Defend data connector with template version 4.0.0", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('dataConnectorVersion1')]", @@ -699,14 +735,14 @@ "properties": { "connectorUiConfig": { "id": "[variables('_uiConfigId1')]", - "title": "Egress Defend", + "title": "KnowBe4 Defend", "publisher": "Egress Software Technologies", - "descriptionMarkdown": "The Egress Defend audit connector provides the capability to ingest Egress Defend Data into Microsoft Sentinel.", + "descriptionMarkdown": "The KnowBe4 Defend audit connector provides the capability to ingest KnowBe4 Defend Data into Microsoft Sentinel.", "graphQueriesTableName": "EgressDefend_CL", "graphQueries": [ { "metricName": "Total data received", - "legend": "Egress Defend Events", + "legend": "KnowBe4 Defend Events", "baseQuery": "{{graphQueriesTableName}}" } ], @@ -751,14 +787,14 @@ ], "customs": [ { - "name": "Egress API Token", - "description": "An Egress API token is required to ingest audit records to Microsoft Sentinel." + "name": "KnowBe4 API Token", + "description": "A KnowBe4 API token is required to ingest audit records to Microsoft Sentinel." } ] }, "instructionSteps": [ { - "description": "Enter your Egress Defend API URl, Egress Domain and API token.", + "description": "Enter your KnowBe4 Defend API URl, KnowBe4 Domain and API token.", "instructions": [ { "parameters": { @@ -779,7 +815,7 @@ "type": "APIKey" } ], - "title": "Connect Egress Defend with Microsoft Sentinel" + "title": "Connect KnowBe4 Defend with Microsoft Sentinel" } ] }, @@ -818,7 +854,7 @@ }, { "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", - "apiVersion": "2023-04-01-preview", + "apiVersion": "2022-01-01-preview", "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('DataConnector-', last(split(variables('_dataConnectorId1'),'/'))))]", "properties": { "parentId": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectors', variables('_dataConnectorContentId1'))]", @@ -827,39 +863,28 @@ "version": "[variables('dataConnectorVersion1')]", "source": { "kind": "Solution", - "name": "Egress Defend", + "name": "KnowBe4 Defend", "sourceId": "[variables('_solutionId')]" }, "author": { - "name": "Egress", + "name": "KnowBe4", "email": "[variables('_email')]" }, "support": { - "name": "Egress", - "email": "support@egress.com", + "name": "egress1589289169584", + "email": "support@knowbe4.com", "tier": "Partner", - "link": "https://support.egress.com/s/" + "link": "https://support.knowbe4.com" } } } ] - }, - "packageKind": "Solution", - "packageVersion": "[variables('_solutionVersion')]", - "packageName": "[variables('_solutionName')]", - "packageId": "[variables('_solutionId')]", - "contentSchemaVersion": "3.0.0", - "contentId": "[variables('_dataConnectorContentId1')]", - "contentKind": "DataConnector", - "displayName": "Egress Defend", - "contentProductId": "[variables('_dataConnectorcontentProductId1')]", - "id": "[variables('_dataConnectorcontentProductId1')]", - "version": "[variables('dataConnectorVersion1')]" + } } }, { "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", - "apiVersion": "2023-04-01-preview", + "apiVersion": "2022-01-01-preview", "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('DataConnector-', last(split(variables('_dataConnectorId1'),'/'))))]", "dependsOn": [ "[variables('_dataConnectorId1')]" @@ -872,18 +897,18 @@ "version": "[variables('dataConnectorVersion1')]", "source": { "kind": "Solution", - "name": "Egress Defend", + "name": "KnowBe4 Defend", "sourceId": "[variables('_solutionId')]" }, "author": { - "name": "Egress", + "name": "KnowBe4", "email": "[variables('_email')]" }, "support": { - "name": "Egress", - "email": "support@egress.com", + "name": "egress1589289169584", + "email": "support@knowbe4.com", "tier": "Partner", - "link": "https://support.egress.com/s/" + "link": "https://support.knowbe4.com" } } }, @@ -896,14 +921,14 @@ "properties": { "connectorUiConfig": { "id": "[variables('_uiConfigId1')]", - "title": "Egress Defend", + "title": "KnowBe4 Defend", "publisher": "Egress Software Technologies", - "descriptionMarkdown": "The Egress Defend audit connector provides the capability to ingest Egress Defend Data into Microsoft Sentinel.", + "descriptionMarkdown": "The KnowBe4 Defend audit connector provides the capability to ingest KnowBe4 Defend Data into Microsoft Sentinel.", "graphQueriesTableName": "EgressDefend_CL", "graphQueries": [ { "metricName": "Total data received", - "legend": "Egress Defend Events", + "legend": "KnowBe4 Defend Events", "baseQuery": "{{graphQueriesTableName}}" } ], @@ -948,14 +973,14 @@ ], "customs": [ { - "name": "Egress API Token", - "description": "An Egress API token is required to ingest audit records to Microsoft Sentinel." + "name": "KnowBe4 API Token", + "description": "A KnowBe4 API token is required to ingest audit records to Microsoft Sentinel." } ] }, "instructionSteps": [ { - "description": "Enter your Egress Defend API URl, Egress Domain and API token.", + "description": "Enter your KnowBe4 Defend API URl, KnowBe4 Domain and API token.", "instructions": [ { "parameters": { @@ -976,7 +1001,7 @@ "type": "APIKey" } ], - "title": "Connect Egress Defend with Microsoft Sentinel" + "title": "Connect KnowBe4 Defend with Microsoft Sentinel" } ] }, @@ -1014,36 +1039,29 @@ } }, { - "type": "Microsoft.OperationalInsights/workspaces/providers/contentPackages", - "apiVersion": "2023-04-01-preview", + "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", + "apiVersion": "2022-01-01-preview", "location": "[parameters('workspace-location')]", "properties": { - "version": "3.0.0", + "version": "4.0.0", "kind": "Solution", - "contentSchemaVersion": "3.0.0", - "displayName": "Egress Defend", - "publisherDisplayName": "egress1589289169584", - "descriptionHtml": "

Note: There may be known issues pertaining to this Solution, please refer to them before installing.

\n

Egress Defend for Microsoft Sentinel provides details of processed emails, including the type of phishing attack, payload type and information to show if the user interacted with the email in a positive (clicking on banners or submitting the phish sample) or negative (clicking on an unsafe URL) manner.

\n

Data Connectors: 1, Parsers: 1, Workbooks: 1, Analytic Rules: 2, Hunting Queries: 1

\n

Learn more about Microsoft Sentinel | Learn more about Solutions

\n", - "contentKind": "Solution", - "contentProductId": "[variables('_solutioncontentProductId')]", - "id": "[variables('_solutioncontentProductId')]", - "icon": "", + "contentSchemaVersion": "2.0.0", "contentId": "[variables('_solutionId')]", "parentId": "[variables('_solutionId')]", "source": { "kind": "Solution", - "name": "Egress Defend", + "name": "KnowBe4 Defend", "sourceId": "[variables('_solutionId')]" }, "author": { - "name": "Egress", + "name": "KnowBe4", "email": "[variables('_email')]" }, "support": { - "name": "Egress", - "email": "support@egress.com", + "name": "egress1589289169584", + "email": "support@knowbe4.com", "tier": "Partner", - "link": "https://support.egress.com/s/" + "link": "https://support.knowbe4.com" }, "dependencies": { "operator": "AND", @@ -1082,7 +1100,7 @@ }, "firstPublishDate": "2023-07-27", "providers": [ - "Egress" + "KnowBe4" ], "categories": { "domains": [ diff --git a/Solutions/Egress Defend/Parsers/DefendAuditData.txt b/Solutions/KnowBe4 Defend/Parsers/DefendAuditData.txt similarity index 100% rename from Solutions/Egress Defend/Parsers/DefendAuditData.txt rename to Solutions/KnowBe4 Defend/Parsers/DefendAuditData.txt diff --git a/Solutions/Egress Defend/Parsers/DefendAuditData.yaml b/Solutions/KnowBe4 Defend/Parsers/DefendAuditData.yaml similarity index 100% rename from Solutions/Egress Defend/Parsers/DefendAuditData.yaml rename to Solutions/KnowBe4 Defend/Parsers/DefendAuditData.yaml diff --git a/Solutions/Egress Defend/ReleaseNotes.md b/Solutions/KnowBe4 Defend/ReleaseNotes.md similarity index 100% rename from Solutions/Egress Defend/ReleaseNotes.md rename to Solutions/KnowBe4 Defend/ReleaseNotes.md diff --git a/Solutions/Egress Defend/SolutionMetadata.json b/Solutions/KnowBe4 Defend/SolutionMetadata.json similarity index 100% rename from Solutions/Egress Defend/SolutionMetadata.json rename to Solutions/KnowBe4 Defend/SolutionMetadata.json diff --git a/Solutions/Egress Defend/Workbooks/DefendMetrics.json b/Solutions/KnowBe4 Defend/Workbooks/DefendMetrics.json similarity index 100% rename from Solutions/Egress Defend/Workbooks/DefendMetrics.json rename to Solutions/KnowBe4 Defend/Workbooks/DefendMetrics.json diff --git a/Solutions/Egress Defend/Workbooks/Images/Preview/EgressDefendMetricWorkbookBlack01.png b/Solutions/KnowBe4 Defend/Workbooks/Images/Preview/EgressDefendMetricWorkbookBlack01.png similarity index 100% rename from Solutions/Egress Defend/Workbooks/Images/Preview/EgressDefendMetricWorkbookBlack01.png rename to Solutions/KnowBe4 Defend/Workbooks/Images/Preview/EgressDefendMetricWorkbookBlack01.png diff --git a/Solutions/Egress Defend/Workbooks/Images/Preview/EgressDefendMetricWorkbookWhite01.png b/Solutions/KnowBe4 Defend/Workbooks/Images/Preview/EgressDefendMetricWorkbookWhite01.png similarity index 100% rename from Solutions/Egress Defend/Workbooks/Images/Preview/EgressDefendMetricWorkbookWhite01.png rename to Solutions/KnowBe4 Defend/Workbooks/Images/Preview/EgressDefendMetricWorkbookWhite01.png diff --git a/Tools/Create-Azure-Sentinel-Solution/V2/WorkbookMetadata/WorkbooksMetadata.json b/Tools/Create-Azure-Sentinel-Solution/V2/WorkbookMetadata/WorkbooksMetadata.json index 653ca6be1fc..cbbd9ec9e0d 100644 --- a/Tools/Create-Azure-Sentinel-Solution/V2/WorkbookMetadata/WorkbooksMetadata.json +++ b/Tools/Create-Azure-Sentinel-Solution/V2/WorkbookMetadata/WorkbooksMetadata.json @@ -5386,11 +5386,11 @@ { "workbookKey": "EgressDefendMetricWorkbook", "logoFileName": "", - "description": "A workbook providing insights into Egress Defend.", + "description": "A workbook providing insights into KnowBe4 Defend.", "dataTypesDependencies": ["EgressDefend_CL"], "previewImagesFileNames": [ "EgressDefendMetricWorkbookBlack01.png", "EgressDefendMetricWorkbookWhite01.png" ], "version": "1.0.0", - "title": "Egress Defend Insights", + "title": "KnowBe4 Defend Insights", "templateRelativePath": "DefendMetrics.json", "subtitle": "Defend Metrics", "provider": "Egress Software Technologies" diff --git a/Workbooks/WorkbooksMetadata.json b/Workbooks/WorkbooksMetadata.json index ef1b7995f41..fe8c200eeea 100644 --- a/Workbooks/WorkbooksMetadata.json +++ b/Workbooks/WorkbooksMetadata.json @@ -7612,8 +7612,8 @@ }, { "workbookKey": "EgressDefendMetricWorkbook", - "logoFileName": "Egress-logo.svg", - "description": "A workbook providing insights into Egress Defend.", + "logoFileName": "KnowBe4-logo.svg", + "description": "A workbook providing insights into KnowBe4 Defend.", "dataTypesDependencies": [ "EgressDefend_CL" ], @@ -7622,7 +7622,7 @@ "EgressDefendMetricWorkbookWhite01.png" ], "version": "1.0.0", - "title": "Egress Defend Insights", + "title": "KnowBe4 Defend Insights", "templateRelativePath": "DefendMetrics.json", "subtitle": "Defend Metrics", "provider": "Egress Software Technologies" From 9aee468d6a2e3964cb8228d7231094252d071113 Mon Sep 17 00:00:00 2001 From: Ollie Spires Date: Mon, 15 Dec 2025 14:48:36 +0000 Subject: [PATCH 06/18] Renaming the rest of EgressDefend bits --- .../CustomTables/EgressDefend_CL.json | 2 +- .../ValidConnectorIds.json | 2 +- .../DangerousAttachmentReceived.yaml | 4 +-- .../Analytic Rules/DangerousLinksClicked.yaml | 4 +-- .../Data Connectors/DefendAPIConnector.json | 4 +-- .../DangerousLinksClicked.yaml | 6 ++-- Solutions/KnowBe4 Defend/Package/4.0.0.zip | Bin 18626 -> 18625 bytes .../Package/createUiDefinition.json | 2 +- .../KnowBe4 Defend/Package/mainTemplate.json | 30 +++++++++--------- .../Parsers/DefendAuditData.txt | 2 +- .../Parsers/DefendAuditData.yaml | 2 +- .../Workbooks/DefendMetrics.json | 2 +- .../WorkbookMetadata/WorkbooksMetadata.json | 6 ++-- Workbooks/WorkbooksMetadata.json | 8 ++--- 14 files changed, 37 insertions(+), 37 deletions(-) diff --git a/.script/tests/KqlvalidationsTests/CustomTables/EgressDefend_CL.json b/.script/tests/KqlvalidationsTests/CustomTables/EgressDefend_CL.json index e61084d3f4c..bbf2821b405 100644 --- a/.script/tests/KqlvalidationsTests/CustomTables/EgressDefend_CL.json +++ b/.script/tests/KqlvalidationsTests/CustomTables/EgressDefend_CL.json @@ -1,5 +1,5 @@ { - "Name": "EgressDefend_CL", + "Name": "KnowBe4Defend_CL", "Properties": [ { "Name": "TimeGenerated", diff --git a/.script/tests/detectionTemplateSchemaValidation/ValidConnectorIds.json b/.script/tests/detectionTemplateSchemaValidation/ValidConnectorIds.json index 717bc3e233b..0f5974080be 100644 --- a/.script/tests/detectionTemplateSchemaValidation/ValidConnectorIds.json +++ b/.script/tests/detectionTemplateSchemaValidation/ValidConnectorIds.json @@ -83,7 +83,7 @@ "DragosSitestoreCCP", "Dynamics365", "Dynamics365Finance", - "EgressDefend", + "KnowBe4Defend", "ESETEnterpriseInspector", "ESETPROTECT", "EsetSMC", diff --git a/Solutions/KnowBe4 Defend/Analytic Rules/DangerousAttachmentReceived.yaml b/Solutions/KnowBe4 Defend/Analytic Rules/DangerousAttachmentReceived.yaml index 0e7ccd1883f..96bafc03e0c 100644 --- a/Solutions/KnowBe4 Defend/Analytic Rules/DangerousAttachmentReceived.yaml +++ b/Solutions/KnowBe4 Defend/Analytic Rules/DangerousAttachmentReceived.yaml @@ -5,9 +5,9 @@ description: | severity: Medium status: Available requiredDataConnectors: - - connectorId: EgressDefend + - connectorId: KnowBe4Defend datatypes: - - EgressDefend_CL + - KnowBe4Defend_CL queryFrequency: 30m queryPeriod: 30m triggerOperator: gt diff --git a/Solutions/KnowBe4 Defend/Analytic Rules/DangerousLinksClicked.yaml b/Solutions/KnowBe4 Defend/Analytic Rules/DangerousLinksClicked.yaml index f3f49063827..4d6bf2f4b1a 100644 --- a/Solutions/KnowBe4 Defend/Analytic Rules/DangerousLinksClicked.yaml +++ b/Solutions/KnowBe4 Defend/Analytic Rules/DangerousLinksClicked.yaml @@ -5,9 +5,9 @@ description: | severity: Medium status: Available requiredDataConnectors: - - connectorId: EgressDefend + - connectorId: KnowBe4Defend datatypes: - - EgressDefend_CL + - KnowBe4Defend_CL queryFrequency: 30m queryPeriod: 30m triggerOperator: gt diff --git a/Solutions/KnowBe4 Defend/Data Connectors/DefendAPIConnector.json b/Solutions/KnowBe4 Defend/Data Connectors/DefendAPIConnector.json index 3f311c26a43..6729964769d 100644 --- a/Solutions/KnowBe4 Defend/Data Connectors/DefendAPIConnector.json +++ b/Solutions/KnowBe4 Defend/Data Connectors/DefendAPIConnector.json @@ -19,11 +19,11 @@ "kind": "APIPolling", "properties": { "connectorUiConfig": { - "id": "EgressDefendPolling", + "id": "KnowBe4DefendPolling", "title": "KnowBe4 Defend", "publisher": "Egress Software Technologies", "descriptionMarkdown": "The KnowBe4 Defend audit connector provides the capability to ingest KnowBe4 Defend Data into Microsoft Sentinel.", - "graphQueriesTableName": "EgressDefend_CL", + "graphQueriesTableName": "KnowBe4Defend_CL", "graphQueries": [ { "metricName": "Total data received", diff --git a/Solutions/KnowBe4 Defend/Hunting Queries/DangerousLinksClicked.yaml b/Solutions/KnowBe4 Defend/Hunting Queries/DangerousLinksClicked.yaml index 00cb9f7052a..0b39efc44a8 100644 --- a/Solutions/KnowBe4 Defend/Hunting Queries/DangerousLinksClicked.yaml +++ b/Solutions/KnowBe4 Defend/Hunting Queries/DangerousLinksClicked.yaml @@ -3,9 +3,9 @@ name: Dangerous emails with links clicked description: | 'This will check for emails that Defend has identified as dangerous and a user has clicked a link.' requiredDataConnectors: - - connectorId: EgressDefend + - connectorId: KnowBe4Defend datatypes: - - EgressDefend_CL + - KnowBe4Defend_CL tactics: - Collection @@ -14,6 +14,6 @@ relevantTechniques: - T1039 query: | - EgressDefend_CL + KnowBe4Defend_CL | where event_s == "linkClick" | where email_threat_s == "dangerous" diff --git a/Solutions/KnowBe4 Defend/Package/4.0.0.zip b/Solutions/KnowBe4 Defend/Package/4.0.0.zip index d2106c8703402c1e7022493d8987a2c74baf1d9d..3e09ca15cb1fd601499aa6a45bd83960ec5890fc 100644 GIT binary patch delta 7863 zcmV;o9!TNBkpaPx0kCc+4b^pzTaK92G~oyU0J@WVCLw=M+(;7s&aWu>PGSblcmUn% zPUx~L7FN5fCAYbRO>_c;dhD{@N4wkUYBQPS`0uA`zl?262nl)7ehHcGa&>jRJoVW1 zZVMpzD@7URA~=8`bFQF+#iCjXbD>3wIcgV*x244}GI_m6i`{T9+@BW~uO+S)M;3*{ zKYl&NL~4KOq|xEiQaSlD5C2O>|0S65QJK)OLd!=zm60`M5*HqN)g1+u>@`}FMzd`1 zsA{(mR^;f=Qg8t8wg3Qv$mm3-?QeiU(kuB^*f=lQ0kVJcl#E=xii8SU6L>=b{8>fe9)3)D_(REu1YL%TRJsiDPh+N^%W zzs;3NO-R@2c>pUJyX?t%@b~YEH|GIlDAUZfzrR1%=Xz)7U&i6V&JJ9jW@r&|v4$nW z*_Adc4U(utx|lQuiYpQ3w4mAoGOFb3ke9B6r%<4ELTaf~a0Xl^30~BKGbj`aLa>;i zt+szLhb1P)B1lb6C?$0oUb1oZmEaf?)G;K+LK{_Rya0tY*D^+e7@d%cz$CmDArZ!a zIj_w?>PVHbw<$w#>jJ%8CMn}Z;hc!BW>AQ=G9s=7gpNV##MoT0@oX+-W(6|wN;pO! zwL>c+hcT?A%lw8v6Ql+Kg(2zWHNqrPGP-}_ql|{7&>Ag)u|VZAm(DeYd4qsNUMQUM zzQ$DCRvS#L18uI96GTyr5lOPt<>>#-sH~|{s%F) zwKT~>?|-;WzSu-lU$k|dQMv3E+NJ^l0*hoy8{xAmX?%5`bp)Ub9KRQ6edOtBlSnCp zfBp1E5~pl%0M3>jEnD5cwayJzH;K@}Y%Ov&CP>kp9KLGp?^we~(eF2H{)UG(KP=>t z(asvxd&n4dD%tqpl<_fn78XuQ#3TPA|F|e=NQ(k=#g5WQIFk@bgcny&Mb*;WB?*WOO9l zq+5ZLX(;2_b|>pUv`~H!g`C%2`pN$8{_cGDAM@S4?de5uJEF6@W4HRSupOB^H#$7F zrZ_e$-4#}1iHfC1GoVl+!px|+A|5Y%P(XCj{XLP7ttnz|wJWI&qsuY}5#W30KC;av_yk_wk)N)gJ@;xv?5mM8{nG>@@ zTknN3p3b0I8%??CbOsaYF!y>2?o5+9cedZ1SN=W^4$gz^8L*gtY6jcq!R$QnmW=P- zY)_}XWUkX$T8wXjLC0Gg*y)H=f4Oy0qXaoD?g0r#%&2X=qX{%<&Rv)(7v(DH6(^Bh;^i;jD?Pvx5@EN~ZP03vejgaSxvvxZ zB_oI<0Tfle+6tJQ6`GhLSCN%EMPf2sN5+}4uxO^#O1?!;>T}^j;InQm*Kr_NqT}dA z##&Sr88->UGD*;)cAl<#f8y_t_4H%2>DMX{BIfY1Wj>8Mo;x$=gfgXzOpXMEB3DSH z)*Mj6sI=0pAvan&W2H`KkX2;Zzfj1S)k}Siz=dX zd82rs_vUUFZw$;{sBsT#BCSndxP8zq^l2=a(3ERALsc;PLn@?~@+7hX9{-~6@9FFsBBLsn zbVn`T*C5CV>!74&f2T3zGeQ5x`P%y$|-^ z3&twbCI5X#45&!+)-sg8qq=UJI&SV*m3>^??}>e{;tn@CUA?Svs`pE3z|w}%8pdn* z`{JYFxBZAP3ct;VtH*%fv6DUten*Xa82q+2eRcR{4{hjge`6QelG!rmg%S?wezNVq zN_3faPZND6Ox?Kg&y1-tIwnOfV<*$RdRzM8)oGYVmok3x%vdMXyuIb6A1YjS$0Lu5 z!Hv^D8wSteSm+e3DG3hwGk(UE1;^eEy^kWF0L|?!z790kSIvZ}0KxE-zxZ|1X^f6Y7N-ry{emfYkc zM?XTxQ9Q8u*zwN{Uzb8r^Ms$@G{?8*@+_w}C-SqN<__ICPj`+ToHaitU5U*wjzvb! zs)vf~&6};8t^Wg1O9KQH000080M&JmTaebgUq=`K0MxURFTDbPx2KFvG&CoOQ|x?5 zq*%xp=SYp%vAe#OYSU&is#{5Nw$=ekd&||!X;Y{pSv5`r zS0j6^6Z-hC5Jk$kuGD<4tvah)^S&r-T?x6i%ci_b1yhpKES1yS08wc*pqGj)ow`D1 zhF)g%!FWc$3q53i9Bnm`lj|4kqTOBB-Ldy~c6aQZ?Pq)TvmV;B$Nl{=a<<*R14pT7 z%*CkU(Wg>Gq$a3Vqf_LB6!Up1n-TKNG)GtV@^vl?U$}#IV8#9>< z?mye>^|z7T-G;mN4%~5V_!Mp1V|Tx|v%j3z~X7ng@F@Fg;vX;PYE29y;N>#Q{QK5$Bn!UBw zDb+7?tAi0euAa9#vzFGxwivub?kR%QnN}IOoR%0`6Zg?5KAqeaoc2Mb3YAAoY2`E& z{=(#cLPY0(Mio*M<*n=PQ|Q8dch`Oj`+N4z&Q8~U_H^vp+kI!(*&e&yoqjJBh`AV5 zI{H+KsMG}Q2fH}Js-#R+>+4={u%>@i4VJM9SsOz9g7{-R(RoG#;(3{mYn>O;s&ZCd zDZ&+w>q4QUbc>$QQbQnYk|Oi_Gr|x1|HBR*GD!ifUu* zlwu6D-7*QLLLv()o$FL7ow);sR+KG88oQ)%s&xQ9%B-b0ER%CGoNS9L{Zb+>7+?j3 z>392myW6+BiA@2(ii16^8(b1rCe=J{Vtv$#E`~dN0Xq?5O`%sJ=(^dtP1c-911dX~lv=HMa<$){Arzr%bw#UUR@ZemCPm@29 zbe2^Yo4411t;=ZC7gL3JIyBRWqH|FUP?c%?-6@TW0_3~wt)EU-`Pi_W8pcW=KWikN zp--RMs;wILGriJ+SY^PD;=0JPW)S;Hb8@wR+&z?>)>DR*KUV6TI=m&^_cr$~hZf~u zm5p)oqYA+=HOojzu1)zV*ARqIvMxB2()<_LmotS;Aw_QaeaT+*?C!p5FEahm0eB`& zi~wY*egP$y*v0-tpwd!Q0Q;O2!28Wa>64$_5LHbAlMOCOD}z0Ck`m}4q8NJkGje5r z6m|fto1qoYm!Wkq6hJ)^rEK*!yF;rpv@l0AHna{t-VCK`46TD+XPBt*&^ovoT0+fb z?jL>tgDGZHA&Nw6hSqIoDD^`o;pmzJ8|;b4S&`etBGoqi_Lq0e(JXD!U&1GrZwgW6 za7c$k|4R%UW9AcK6Zm{xHcD8*jU>r`?9xWp0rUk6;m& z34MO(h~MiQU^EAu#79)LcfQz5u$*M!Ar!E!;u>a6^QbMW`Ui3FeM>nvJ8%ANY1e9Safa}Ild=^{qiFEI;+F3Dsvd+0L`MYl(g$|SODiPb$lst#t&cc|&Q$V@8~Li0H=B}!nL#e1VL;IYU4x%R$?HGijel+aV>lcRH`iU_d~u0$ zEq=|u1n&6Dwa3JN*W%ag%aqT&FQ0L+@#FeWHr`NMCL=c&1dvY!5WyLLI20imL+9er zdODMeZQ9r{&g!hJ%~wfWsF}JjEzvxGD~pOJZ-7zbnVXFu7-J6!0y3V;_h$NP=H@(} zn;(Z(L1;ruH$8w2dSd2uhL+$T6SwEsl}S3(-IuW z(S*>s^i*QWlpKO574AU;N390ajNBAN*;eZ4)H_QevJ(FW6kTF;RpI&7LbnyL%33EO zzLVj!*E+z1jIXo6!`cu|`jaAP+fd+%HqKPupZobHDfl-uKdjJy+2_C`6Y>l8kXT!i zl(u-d$u1|)fl}~cdoS@h5F;bk`j;{)L%xF%J3O5;j%J&0NB>3+|M=-Sh)3jj1}BIm z&C#Tbwfj)wGtYrESBD0Q`*|8gy+a=4_!12upC0C-E;*N;0~U^=qT(Xrx1wEgbHWs}ip z6T!u~BWs~mOr`#0PmrbrW#$$32x-%r44A_IiBF_L?|29R<;rOgV7JnUcOP=%;}^i8$&M*VdaYhdbhwC+bc z(2jn8sc(@(F&A-Q2@6PmbVZk^R?bA8zj&jqET_)G`IT6dHer7Ci+(9Z zVyA=^mc~zKjR6!+yD<1H-)OZNStD;(19~nCdsl8Cc<|77xP7f!ACc)*MjcED*U zBi;`9g_2nZ967R>^X~aCq36k6*N1>pJX`;HXnp+G&zr;H)u;a)TAg>u!2y=t?*M_u zCEzlDILtx$9kKu1Mf7-}2a)9P{X)@SA@UtLj)Sx9?ujw!08vcb%5)4}B4IG389^=% zb#aIcS44<|iT^Uj4x>_guWOROs?|wO@nnMNTP3XcRj3%EXH%#ZL!3isBAXIV6yDXf zfS#)~ICRAFY-qOi>KZu}=)kd$IfmYm;~>WLNd{tNU>x}lG9;k*5_@QZUNHv> zJc#&Kv!)BEM{Y7Qwf?Nv?-~N}v+n-xw(-@T=~ZucZ_oH@r}9;!J_+xU&re_w2*kX9 zoeqvM^4yxN=IpYFh&xOcq_TN4hTi~K*cFW*$8bfO!;s;&mF`DkNuBAaU0S8@d`o#{ z3&y$MN?La%DS_DDKQS$#Rwt1=HK2F~>HNrb#VT_bl8Y<4cfw2jgXSW;Lm?dx7GHRv zh)Z4~4zb7HULs1dYlNz!w3)a33!yWAC_q_DMmN9)H#cRiy1kXIyW*T@PGD)Dj0W_} zV{v~=qAUknnAx(zmrSc<%xWOCHmpvml`WZ_x(~Xv5pEv%X-@Gp0T|*E9%-IOnx~59 zskUnmm19u8%KJVs;gxU<{YQ?W--u&SKeYTl_30~f43R*W<``6T?C;Djw;R>-h&exC%=sbUf!|U-@2S^ZG$QdGh~@n|t#x_?;gMrRrO)?#x+_eqNyi;4G%TJI%>+}L2kk}!^ge`N}lsT6}ViuppQWL-2vtO zuLqPT2VpG$l=oKyl=r_LP;RQ~5h#BI%D+#b+;E`RgNMlDqv8@Fw?+~3Fa?mmqB0xf z;#Fnbb5z`@75XFYzMtLpCbhW(2;3;+rO%&fptcVg<1XslS4X#Xc2qroDzX_E-8G%_ z(%R3>ofY`?5o>e?C!*|sG=P}(2W=WZML&hJK#Z0q**Ns&8RADChOA-HDGELGiy)xD zi33W+9&Ir6Me5weVIk`5_X&&sqE|1C0-*YjRGVfS-}{y@>SUH{zH0 zYx*wU9DW!D+IWnvG2_X9q15LrdV4PH$Iu#D8*wgW(_mb1wo8enWuG9%-~=7JN#)7k z(-aDR9;e~*NtS?yEdO3S$a;n;<3d_dfEuS6=bxUB;?x5;e?y>a=xYGy9)a$;u*ani ztKoHAi>H!&ZX(V&P>$0?A66U(X@lQW?@(k+@+HsHBVXc-LGt&1a~3724la6{xA9um z0vAn;OZ5lnQPs(b@I}>chI%{(>o2qDrVxS4KP3>_28Esfk1CpVoCdtKPniF%XL9qTegQL%;SV-3MfHOtTg}hHR zmN%b5aS%~|`b|T+JAPY=?HO zG<)6cXOEEnqEV>2=9**C!ewoDxV^66{I%I#S88NSq`mISx?C|y*q8HJnxpPb*2uVo z$IW$**!%anxvu(3yayi}=f2chRd6h12GWnL7LAR6?|C#_rx?X>SbMAC!;gn+6zC2D z;yS@E5fQi0B2Ts#3p>c-^jaY?tt_^Y^;0KE_Tzr5GINZ_I7s z_NKc2KEAQnmwSCy-vaMN^i|+1p>TFq0RlBsHE94!y|M(fA~9LqIFE6ivi{m2IWu)J>5v0M-aH6a^sS zO28X!|8H+w+}og!3*-iag#}Z*fYI}!iy4f6y)vDNuxvll3wql3Au+0E8Jh|01H)NuG zV42nj#IlqefFah3=tLEnCGSY;mxMx3l}~v^vr-SfDlc@!Y7sS>9g1p-e4Ul6T@PBE|9YJlxHL{9$okM8hSEKh;1lj(Cgn zSwbmgQ?=B!Z8{bva=@x%S%Lq5oBbE@_ADSRzO-A>B?V|wO70HiTl;PMP5XJ}5 z#@Xa-uf{ewR?Uj`D|)J+PTBO^`lGicnQXT8QvfH}pPUdE9g^{wA^snciXJMuYUqwA z_yqB3bVk~*$TTa2KT74s;v>!}9)&y&ebYCltjKq@8RO@sY|*X8SUnSeWj>$J?UNJR zb7;gz+u=$iSIQdc~%=#6*PiDwlsWm1kMmjZs6ec4_ zD$@sWf==;gq~`GO4A*9V5aR51TTCJr5TBX&OQCskg8VllzPPQn@@TprH#adyGsBTc zTJP#f-IK>n0PAZxqM>3(dJbn@b{{~F#+PSM3JGLX$@(H&&&`|7H#%UgLKt}nInRo; zLcS}v7#Itx++&dEftqhJXv9UtMLg~@c-&=hzrXNX&Bs6Y*m5?1`lP2^kcN_7^=FFT zovB{dMAw?;B~0?;cShgScShfchi}fm-vRHwu>Gmv*^RcTj#qEVr#Ir!7v#_HCvUzW zUtZ0Vmjb8uym)Iqd?6k@=ep$0WhLKT>R?lTyCJV_ZkL(AHf{oH&R2hXp4!~;Mtrm} zVz1+$D|qJ$zWGys!?suQ$wnTzia*Zp46EXcoAAWC_X5F$KUDCx8r5mT(|%okw$MrAe5&PN>+Ju^`PO=#RjXzVc-3Zn>Y_Yq z1)blTH(i1)T#P3*a(vBu)r=2adC%(j&t*3#)bX3QwP&?|t%S!kAWuq2S;bT8`N?`- zvLPSYn1?Lx^49Z?cg;7}@{9}ci!FJ@CHTZj9Q{2lpgKFE0g_v>A zJP4>7P{Zecw&om<0OrF2FqQU46a?~}GHq)SN^DNLM( zf|aw9^&@?zggeRcI2wx@IpSs4$U4eANVPW_Zhh6nc8*L{*VRO>qGs7Ui-bG~dGwj; zliMf%50mjnLk-n+k6VtI)HLA;006p^K}a|s)pd_skk-6kM;HJA)V}}#5dZ)H00000 V00000q=9;qm`EfB@J9du004e3W%K|5 delta 7864 zcmV;p9!KH9kpaSy0kCc+4NP*6TT^=K+~NoT0JxKTCLw=s+_(|`?q4xb3wYPq)!Igj z7DjUipB>yC&S}%cm!Pl>gDZ_B))c95C~r2Y|9dgi%Sy5w$BFZT`x0l#(Qr5~&pgt+ z-vS8!Oi_lp2o4~~oGa*Hv8YzUTxgMEj@pIdU1>3lOkVHNVmI6i_veMhYl*AHkwxL~ z_g{}Oky?K`X>|CkR8GFi!~c@ee+p)NR3>z+(DG5wWMmDQ#D#}mbw@!ZdyST)(Jb3L zs@g4t6*)Sz6db_&EdYQZGCGlI`x_vT^jf|XHVzIT5sGluY%B%IX!EFFi;*HL3s)cd z51FSxHhOa2y2XlBm`azG%aYJWMmu&5JH_9j`gec+619^W)gl+<&@N6)YH0DBHmjfT zFLPy56Vi2h9>7Y*E_-qw{OzyB+w%Z2lxgPL-#?t|bG@_kPvh`lX9q4%Gqeb~Si=(G z>`I%J21!&RT}&DS#gzziT2O5P8CCLi$V*qkQz+0nA+^*gI0G(|1TSmB859ZyAy`b% zR@;A=!x9r?5u_$3l#)6PFWI>IN^pz`>KGDZp^YjuUVy@yYZ)U!j7~^JU=m)7kO*VI zoY!U`b)?GJ+ms==b%9XXm-Fgq`27jlEhLbG2DH z)IzPDjNnD7&@b=v@-HQOI)#6iXl1p&$48x=ps*Tp4xLz<(v3vtR_gdVZ}Mjf|AR5x zTAE~`4?o-{Uu>eOFWS1!s9bgnZBu~&fkiT0B6gNmaXpJTIU9y48LTqYbK--W@1{rRH4I{3Q-p+bh9uIk9>*!M?P zewO;KXD14E>at1Cb(3kx*PG6Erx#rfe-_`ANNyx2GQ*uN`1$E+F9(A{xXd3H8662X z=~m!m8p?RK-O2ioEtDTcA?J0MezL#2zdPUk`+RqAdwLPvj_B;}*sVS;Y)2-~jSi2k zDUQubcZHQ$qGIXM3@DU{Ff%Hyh{sDG6cC+s|3KtpYl@g#?Mf;IieqiG>ZCy@e+%eg zX+X{jsU3}$2*$63Dv>vXvs@IDDg`H1F-*4m3BNrJuUUKswcHe*`~XZ)gw!-~=ESVf z)_b9hr!#2QMpJG&oxwyp%)Oq1JJY1jo$dGMmA}t}gY#f}1}x^En!)yYFgp*tCF8p{ z+tX<;nd@|x7UNrB(DBv=b~++ee{NmWC_xU3dq9E_Gin>}XaWtIb5~}mM2x4>c{4sF zh{|`OVe1+I^|(=cbBAx;u!G!L45#?k{iIBEHGIPO+8(A>rHl_~(!0UJhTAcyA+Sx* z8s&*ypX-J2A5%gkwC^Yb9vGG6OzwM&S0pv8O*zU9+bRm-Fmax)H5Ahuf6_Gb8C#Rc zv}6*ZV?ZsIic60xv~TQk4T<3jVjXEIW1%Cau26A=RweMeMA+?g8?+jv-$%x7?(4*U z%?RR107X@=wgM(+g(jxRRb-`3k(dnEk#S}$ESf2`lJC%y`dqjW_^eyYbsPwm=s0?j zu@+TD#!UjTOcJ!Hou})bfB5@jJ^k2h`n3v#h&g<0nNOpR=g!PIp-kx_lOqA4$Q2T) zH3yV1Dy?*D$c>iHSgF$)WEC0qFBCFn^-^CWImtBLGxHcMQeiY9P=s1oX*_V>_QT_5 zhm!hg|BL1YpD?oC#kX5zzBZ7Hr5lIAsa{EGW%nCFY$6Kt)^2_afA;*pefwP0y63ET z-Y6dEy}8@PTSIPqABh;U?>;ZMwM*slq!#G)-@@W6p=8`J@8GD#9xkDAo*xv3T>r6S zqdQFc=FV0!YTUz`NNdwqZXa|DeHu$9H04^(P!){+kP7LgJc+D;$G_Oa9zo8D%8A2);afYU&aq8-v>Bx@1yiv=$u(V;chVdHy zzW8MLZ9gK6!f*58>M`JV?4-|v-%;Zp2EVOM-yD9~LmT?rf7k`KWVVcXp@c)apKSZD z5?!X<(?nkgQ#Wq>BV%fej!BWr*vT}n-j;rReH!M`rHr3EH`WO?Z*O_&hYFY7@yMfM zaO3nZhQV_<7CJ?1N`gcFjGu93!LfHk@1w|PKy!PGZv)NsRWsqI92Jcb)c}Im1W-wZ zj3oOYkz9*Bf4}hWLA^af9s9!Mf|M3`P_Z;`KM%+skOcc*BMDBVzJep3mOO6k_rJ^7 z`>~K;idzpb`aE)wAJnbum*h9qz-Y8(4~9y2e+c`4;KQ0|->C1blh(#TZQZ>c)RsQF zgu^HOOHrwv|EN~?fIHhMd|p2tc=Qk0RO=f)Zb$66e{KDEU2%hd)yTUVN3+XXjCdS4 z?3w>s$Mek{!tO-{@o_86o*wZsR28o}(zr9^=oEl6s}Jh8PRf zG4c5QX=;(EK4tKIc+%axJUW4D?#{FPQ>MDpM~30vkiwL%D0>s1&Gc*D8TJNeiL~S< zpE&ptQaa{w&8H53X85KQikc_<^rkt!HJ2wjy(y8O^fY(qPI@6aWAK2mnlSk6WiH@GnOg0070akuSXhe^(}XC3_K#%n9NY zJ0B7u7V^azQX6*cuCJxaw3!U*R+5~pb%4^`a_w@~6zWJ8jne=*Vq|;jBvz+hI@Do^~>DqU__6r=dI4Hr8TiF1}~9&iXe5SRYoqSC5G0-eKd+sC$|NseNd@F<$>|Cx^Um!wV%TNp1rfP)3u*H9lQ2+-`RDx$8LA0-%ABz zE=HA(K9wRWH9`BqE{?D&DO1(@x)&U*>0ecYWo$y$h7i9X{uoa*j?sX4UgqIi=Y^!I zn3Y$GY=s;9g7`jiI4Kx_s(LE2sdXBXnd(nUK-V1ke?l`e$7Owy*g4ohp?xcfin!vYki+mo!MV4!}p5wG@P9a!!VmZE>YvO1K3B ztUxgRZohAL`*t_6C;(V-q^EU)OTx;eng>m+k6O{C@qaEKhm$NSi);dRUF4^MSL!5} zBP)#uf3B8YE-N05vsiQ=ieY2gs(_LJQI3^}Q5S?30^FoLaE19a#h=vnxR?bVoD1=3 z@+Xqcvg!i!_8PEt8IAg4st`|yW*Sj+EsD{pGL64GrEyV!e3!lT)5$6y8x~W;Sm~o@ zjifW^=~G*^Ril2US6UFO4A@Z|7g^Q}Vn1n4f3B9h$C1-|%6Rg}N}W@Ow*>m$=HBI? zqWr6}F;0F|AsD7+87IlLDL>^JLJ&&U1!q#4{{s7Rrm!ib$SuDw*^8dt-B;~JrXM== z&ZLPEdMwp1pyU#}*q;bUT8au_pOXS|znLg~@{=2)s!3q7!6j*Bn5Rxs0y;z#Ll1vO zf3A$d4uEwtwBq?Pv<`*>rAMNat=?vLXmy4b=4i%-*1^Y{p;V2bbk!a1(y6p_5e#j&oU2|ZAJ@Ggza=Tch+NR(B@{T#0rA_)vc*OEe zA*LJ->2TTT zTkmOqzbk%j6Tyj6;yM$n5I-7P8Rkba_ZgSnXIb$jW}(m}nM`I6ea4~a_6Sm$ME3L) zaS_Le*4zxO>!WKd{y4N!nMI;N6eIQqj*zEh5Ly?#5jrok<-{v1As(Uf6%}etFJjdy zT>r_&8*0mBek&A_QaT zTs&G&XHv0E8ym)1ot3ruDv1j>99 zwvK|p!!a|QtS)v^6x$kke`K^ZgN!2@yJxAxA|0`zbvyKRi()*9;}}-EY^o$l8;3kC z!GRo22%SquB^FG{A9zyX9W?OMY5>j1OF@)vrG8GmuOtF1@ozxUB}P{jj$bWqTY;*q zbrRA$8BTkx13bw1Itx6kjo_p^DPpz_1)XT)OXc0UpKp?ae?#*_f3wOy2OgP_U$BS7 z%5oUHc(!=B$u1|)fl}^admr&R5CbDu`j;{$L%xF%J3O5;j%J&0NB>3+|M=-ShzI0& z1}BIm&C#TbmHSYlGtYrER)+?5`*|8ey+a=4_!12upC0C7E;*H+0~U^=qT(Xrx1wE< zmc=3jr)12ppjhXSe>3%oMI9ygu``vcpg3^UZYQUfQ#3NeHm;#K?JfG`WlbURG4q z?*>5EYw0}z(HrbIYKE#G)$CkTvg^#lPGvNgx}MGyxuK_n)0c(oTgGLvX`Mm^LxEz; zH zP+Wp6e}lsuj^7bG&s{{12YLue4&N^n{S_kLk>fZx+wPtilMWEY#H~!n&?OQELz)rf z;!qcc$Y@14;+Xg^W8g3#ieH6_A$m52S~0{qgeI~n@kHTW zT`M@`q5R_I=n`U2v_n^#5GR(HzPjhe5Vz=~e-^o0MOXw=Hkqgx%V^W3%W)yIlWo>1 z#zne<%7KoiV2eXXEY5~TTd%H>QvnSe`G& zpa6r2Z#8SWz5$WH~AuH)HS(fQ4Pr_;HL?q&W;3Zd<8-B$m{bj@qSF`p&nM zSGHW7`>mvPSCSHN?fnze5^8l4Ia33QXOPa1Tvyn@yO3O5(Y+I1;vF;>*&Pb$c(C}w z14UHw5^;z<_VyA{id`d49i`2D(qV8rHya%uupS-rwP0em+;8(JaRl$ z98a}fd#DV9@;To3i3qQRVdy_H4E;t7gZhQ#_o+``nPG?ox-`R}Vq<@2ZXsvxf4)<0 zq14B}3%B6JP%s23k`BaLziJXeOeP>F(_L`~>U0JF1-ccif5owQJ%ZA|7P{T2o=3#_0VB>20S)|?@_A3a=Asda??5c?-)W80BLu$;1mDQCIU(a@ z7GumNY)9qdMXjm_qc^V6IuT7he`$EA3Di+j9uIO8wi!D1H8Ap=|EYlG!U27R$?py( z?|(g*JURbr0hqkM8koHQ^ID3Zr0+$b7rzm| z#9z~Q@xJiGD9*-Xbd4ELe@>!4XVKepVLpb|(AtP|DLV$^g0n43EG_#4F$O2-*i9-= z{+^~#!1Fi_mrt?;G-Ubr;z8CkOc@u_isI8a%{c$`d=#f1!1)^jT|-|3IQIy2&xJWI zby$tA<61nG;d2vl#&L3-CiY%rMDES7fXDd$F}`1gkEcC0aIZG#H#w^d zhisAE~)-wD26hSH6@HaH;d1>LHW+ z<|8fa8<~BgMSLN>4^-{XH1UjD`#Oqqq4#YneVWF;j9QJ}cWLaiH1}01eUx^-$vxo@ zDleFL@GQb>rFW~^WgnLbWTA^6cbeFt5e|&DCTAA*EVW^S%%D31n z9mI$gH1xZnAN0z34>s7>-X63JDN$H+&*ShZ9^-Q~g_okxt4$BH6}N zM@XnTE!tE?G8E!WknLxWPHpN1)o(G&MaxUZ* zqOrL76p9mwf6~tx(!GJM*hrRrz93Hj(SG4z*jCnVLuAsaWXpA3hh7jbzNB_#HD}wi zYo*!iZa;ej^cM|6)g{*)iWV+tyTiS81>djD*1A$7TjK0>*VN^TNus`-%hDWkZ?Z(j zB|Pq|dqm#9&z*JE7vVkl&^Y&z)~aG-Av2JEV6|vye|*n_;X1`AM#I{>3?F_tT%$mD z5D(W0eu;p%g&sfT*w>(n-);xqa&BU~Yf+W@b+qetrDMBb}Uc#;a^9C8KT%gaNQdkfA94 z5cdGyXuE%V+v2_keOMrO7c4B8;;oCG7hT9;f9#d%G=ydQk>1PGz7L5_HOtsMxRA-# zCkMILk5~S9WwBWR9D*6VUeE2l*wEgnCX#F{E2wzV;!DiuFBZORB(dtroc#^^F8f3G z$y@>0F@1##a%R|&sC?x}yS~Hd5C&BV%DzL;mB{4>p-n(Z2#7q11-u~> z<>Shl5CBxWuWsQD%>C8s`UbVKW2K%YTd2zs7 zoX-+TDVwULu4~hgFp&dR9m)#$f8XrCh_`2XIT==s=xs8(|7#xw*se%^%%Tj({(vw( zh_=lpr+PKE!Le#qv|rIv1$4@$-_{?!ElFgvt)Buo!T#igxag3K#|-iRh*b1Y(N#lt zM8PMBPovY(enqBPA^cG)w-q08PVp$@Y2=%}F=a)*tIZfcH)V^iGREq8e<<_$d~Tnd z*sgo_`t`wVcEH%?cs%|;QxOz#I+u6G=t=pko)6e}$8S%v>wUvj`{kXY_Ihq-c zL(+OzPwJjL?g3a|%kc~q`_XeS>$2MbaxA_)eNspuV@lQ+*?4Z=YQE6{YZb!CBglDD zq!sX8xx>I%P~{ebJPp)*k3l0UA}-=_lfmOAgZuq?-)cVnxyP2Xf6)g$<$^Sf?5e*} z{O(NkvL?FLG%sP2AHOpCp1v~rMl^hL`uz@Q_l50G1O?9+-OFF#~jlLj#em`mR z#pv>Cn!FS@wWq~f)8Pxz;5pAFZ!Ih7?otPv(%TJbZF9TK^tEvdP;UEG8w)`jP*p@r`s9lQt)+>HKhLHpLz zy|pxN9lcva>sCi}1^S_aw$-Rk8=Cg((zAt58s}3j{aR=LS5CLq)2v!GYe1_uqf-~9 zQ7hQ|*0kvoWZ_~osgdGq-m7MG=*oLmM}IE6KcSA^ysbT_e{Cf+rU7_TBFZY7Qcq9T z(~=G8$i_5eagVp2cD!r4v6g0BfL?4#D=tANR?>(K=)*>|VFg{-m?pe6J8^nCun7&= zl>Tc>`<$;|eWx_HP(6IF7O9lRypqb)Az8O^8UM$26 zd*(4f)qom4f3`K}c*HLs7JjL;KVl$|@03|vizs*A9sT~Y@J&?XfIQIy5lD>)DPNUX zp`=%Fo@(aQguN%ZRoJ~1`QPj|6?6NW-*Ddc+VXGT4gKY!Ew7bXs2hgkZkIeyxB2;S z3pKj()PR*7QPB3_frYwJy)$7o8zEX#X)PlJc^2m&O#<{^MxT|6MSt7wKDGN#b4y|3 zG!(3ym8>7>GbP+f&c@ML)W{JpyGGVg=0U2x(NOEF=CyNNs=BTwauqep-dQB%LCB+z zRG-{F`G1q}M?(!va*tb6dg|Qb2mk=MlR!u~A53zOTc;`TFGm;v0L8xm01*HH00000 W000000HlF?lb1*&2JuG#0002^J3Wm6 diff --git a/Solutions/KnowBe4 Defend/Package/createUiDefinition.json b/Solutions/KnowBe4 Defend/Package/createUiDefinition.json index 49e17f94eff..b53edf01b6d 100644 --- a/Solutions/KnowBe4 Defend/Package/createUiDefinition.json +++ b/Solutions/KnowBe4 Defend/Package/createUiDefinition.json @@ -211,7 +211,7 @@ "name": "huntingquery1-text", "type": "Microsoft.Common.TextBlock", "options": { - "text": "This will check for emails that Defend has identified as dangerous and a user has clicked a link. This hunting query depends on EgressDefend data connector (EgressDefend_CL Parser or Table)" + "text": "This will check for emails that Defend has identified as dangerous and a user has clicked a link. This hunting query depends on KnowBe4Defend data connector (KnowBe4Defend_CL Parser or Table)" } } ] diff --git a/Solutions/KnowBe4 Defend/Package/mainTemplate.json b/Solutions/KnowBe4 Defend/Package/mainTemplate.json index f99e91223fa..a5c624adb06 100644 --- a/Solutions/KnowBe4 Defend/Package/mainTemplate.json +++ b/Solutions/KnowBe4 Defend/Package/mainTemplate.json @@ -43,7 +43,7 @@ "email": "support@knowbe4.com", "_email": "[variables('email')]", "workbookVersion1": "1.0.0", - "workbookContentId1": "EgressDefendMetricWorkbook", + "workbookContentId1": "KnowBe4DefendMetricWorkbook", "workbookId1": "[resourceId('Microsoft.Insights/workbooks', variables('workbookContentId1'))]", "workbookTemplateSpecName1": "[concat(parameters('workspace'),'-wb-',uniquestring(variables('_workbookContentId1')))]", "_workbookContentId1": "[variables('workbookContentId1')]", @@ -71,9 +71,9 @@ "_huntingQuerycontentId1": "[variables('huntingQuerycontentId1')]", "huntingQueryId1": "[resourceId('Microsoft.OperationalInsights/savedSearches', variables('_huntingQuerycontentId1'))]", "huntingQueryTemplateSpecName1": "[concat(parameters('workspace'),'-hq-',uniquestring(variables('_huntingQuerycontentId1')))]", - "uiConfigId1": "EgressDefendPolling", + "uiConfigId1": "KnowBe4DefendPolling", "_uiConfigId1": "[variables('uiConfigId1')]", - "dataConnectorContentId1": "EgressDefendPolling", + "dataConnectorContentId1": "KnowBe4DefendPolling", "_dataConnectorContentId1": "[variables('dataConnectorContentId1')]", "dataConnectorId1": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectors', variables('_dataConnectorContentId1'))]", "_dataConnectorId1": "[variables('dataConnectorId1')]", @@ -126,7 +126,7 @@ }, "properties": { "displayName": "[parameters('workbook1-name')]", - "serializedData": "{\"version\":\"Notebook/1.0\",\"items\":[{\"type\":1,\"content\":{\"json\":\"## Phishing Insights\"},\"name\":\"text - 6\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"DefendAuditData\\r\\n| where isnotempty(PhishType)\\r\\n| mv-expand todynamic(PhishType)\\r\\n| summarize EmailCount=count() by tostring(PhishType), LinksClicked\\r\\n| render columnchart\",\"size\":0,\"title\":\"Number of Detected Phish Types in 48 hours\",\"timeContext\":{\"durationMs\":172800000},\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"unstackedbar\",\"chartSettings\":{\"xAxis\":\"PhishType\",\"seriesLabelSettings\":[{\"seriesName\":\"LinksClicked\",\"color\":\"redDark\"},{\"seriesName\":\"EmailCount\",\"color\":\"blue\"}]}},\"name\":\"query-2\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"DefendAuditData\\r\\n| where ThreatLevel == \\\"suspicious\\\" or ThreatLevel == \\\"dangerous\\\"\\r\\n| mv-expand todynamic(Attachments)\\r\\n| where Attachments.name matches regex @\\\"(?i)^.*\\\\.(doc|docx|docm|pdf|xls|xlsx|xlsm|html|zip)$(?-i)\\\"\\r\\n| extend path_parts = parse_path(tostring(Attachments.name))\\r\\n| where isnotempty(path_parts.Extension)\\r\\n| summarize attachmentCount=count() by tostring(path_parts.Extension)\\r\\n| render piechart\",\"size\":0,\"title\":\"Number of suspicious files detected in 48 hours\",\"timeContext\":{\"durationMs\":172800000},\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"chartSettings\":{\"yAxis\":[\"attachmentCount\"]}},\"name\":\"query - 1\"}],\"fromTemplateId\":\"sentinel-EgressDefendMetricWorkbook\",\"$schema\":\"https://github.com/Microsoft/Application-Insights-Workbooks/blob/master/schema/workbook.json\"}\n", + "serializedData": "{\"version\":\"Notebook/1.0\",\"items\":[{\"type\":1,\"content\":{\"json\":\"## Phishing Insights\"},\"name\":\"text - 6\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"DefendAuditData\\r\\n| where isnotempty(PhishType)\\r\\n| mv-expand todynamic(PhishType)\\r\\n| summarize EmailCount=count() by tostring(PhishType), LinksClicked\\r\\n| render columnchart\",\"size\":0,\"title\":\"Number of Detected Phish Types in 48 hours\",\"timeContext\":{\"durationMs\":172800000},\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"unstackedbar\",\"chartSettings\":{\"xAxis\":\"PhishType\",\"seriesLabelSettings\":[{\"seriesName\":\"LinksClicked\",\"color\":\"redDark\"},{\"seriesName\":\"EmailCount\",\"color\":\"blue\"}]}},\"name\":\"query-2\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"DefendAuditData\\r\\n| where ThreatLevel == \\\"suspicious\\\" or ThreatLevel == \\\"dangerous\\\"\\r\\n| mv-expand todynamic(Attachments)\\r\\n| where Attachments.name matches regex @\\\"(?i)^.*\\\\.(doc|docx|docm|pdf|xls|xlsx|xlsm|html|zip)$(?-i)\\\"\\r\\n| extend path_parts = parse_path(tostring(Attachments.name))\\r\\n| where isnotempty(path_parts.Extension)\\r\\n| summarize attachmentCount=count() by tostring(path_parts.Extension)\\r\\n| render piechart\",\"size\":0,\"title\":\"Number of suspicious files detected in 48 hours\",\"timeContext\":{\"durationMs\":172800000},\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"chartSettings\":{\"yAxis\":[\"attachmentCount\"]}},\"name\":\"query - 1\"}],\"fromTemplateId\":\"sentinel-KnowBe4DefendMetricWorkbook\",\"$schema\":\"https://github.com/Microsoft/Application-Insights-Workbooks/blob/master/schema/workbook.json\"}\n", "version": "1.0", "sourceId": "[variables('workspaceResourceId')]", "category": "sentinel" @@ -137,7 +137,7 @@ "apiVersion": "2022-01-01-preview", "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Workbook-', last(split(variables('workbookId1'),'/'))))]", "properties": { - "description": "@{workbookKey=EgressDefendMetricWorkbook; logoFileName=KnowBe4-logo.svg; description=A workbook providing insights into KnowBe4 Defend.; dataTypesDependencies=System.Object[]; previewImagesFileNames=System.Object[]; version=1.0.0; title=KnowBe4 Defend Insights; templateRelativePath=DefendMetrics.json; subtitle=Defend Metrics; provider=Egress Software Technologies}.description", + "description": "@{workbookKey=KnowBe4DefendMetricWorkbook; logoFileName=KnowBe4-logo.svg; description=A workbook providing insights into KnowBe4 Defend.; dataTypesDependencies=System.Object[]; previewImagesFileNames=System.Object[]; version=1.0.0; title=KnowBe4 Defend Insights; templateRelativePath=DefendMetrics.json; subtitle=Defend Metrics; provider=Egress Software Technologies}.description", "parentId": "[variables('workbookId1')]", "contentId": "[variables('_workbookContentId1')]", "kind": "Workbook", @@ -161,7 +161,7 @@ "operator": "AND", "criteria": [ { - "contentId": "EgressDefend_CL", + "contentId": "KnowBe4Defend_CL", "kind": "DataType" } ] @@ -229,9 +229,9 @@ "requiredDataConnectors": [ { "datatypes": [ - "EgressDefend_CL" + "KnowBe4Defend_CL" ], - "connectorId": "EgressDefend" + "connectorId": "KnowBe4Defend" } ], "tactics": [ @@ -378,9 +378,9 @@ "requiredDataConnectors": [ { "datatypes": [ - "EgressDefend_CL" + "KnowBe4Defend_CL" ], - "connectorId": "EgressDefend" + "connectorId": "KnowBe4Defend" } ], "tactics": [ @@ -513,7 +513,7 @@ "displayName": "DefendAuditData", "category": "Samples", "functionAlias": "DefendAuditData", - "query": "\nEgressDefend_CL\n| project \n TimeGenerated=time_t,\n Event=event_s,\n Recipients=email_rcptTo_s,\n From=email_mailFrom_s,\n Subject=columnifexists('email_subject_s', \"\"),\n Attachments=email_attachments_s,\n MessageId=email_messageId_s,\n ThreatLevel=email_threat_s,\n TrustLevel=email_trust_s,\n FirstTimeSender=email_firstTimeSender_b,\n PayLoad=columnifexists('email_payload_Type_s', \"\"),\n LinksClicked=email_linksClicked_d,\n SenderIP=email_senderIp_s,\n Url=linkClicked_s,\n PhishType=email_phishType_s\n ", + "query": "\nKnowBe4Defend_CL\n| project \n TimeGenerated=time_t,\n Event=event_s,\n Recipients=email_rcptTo_s,\n From=email_mailFrom_s,\n Subject=columnifexists('email_subject_s', \"\"),\n Attachments=email_attachments_s,\n MessageId=email_messageId_s,\n ThreatLevel=email_threat_s,\n TrustLevel=email_trust_s,\n FirstTimeSender=email_firstTimeSender_b,\n PayLoad=columnifexists('email_payload_Type_s', \"\"),\n LinksClicked=email_linksClicked_d,\n SenderIP=email_senderIp_s,\n Url=linkClicked_s,\n PhishType=email_phishType_s\n ", "version": 1, "tags": [ { @@ -566,7 +566,7 @@ "displayName": "DefendAuditData", "category": "Samples", "functionAlias": "DefendAuditData", - "query": "\nEgressDefend_CL\n| project \n TimeGenerated=time_t,\n Event=event_s,\n Recipients=email_rcptTo_s,\n From=email_mailFrom_s,\n Subject=columnifexists('email_subject_s', \"\"),\n Attachments=email_attachments_s,\n MessageId=email_messageId_s,\n ThreatLevel=email_threat_s,\n TrustLevel=email_trust_s,\n FirstTimeSender=email_firstTimeSender_b,\n PayLoad=columnifexists('email_payload_Type_s', \"\"),\n LinksClicked=email_linksClicked_d,\n SenderIP=email_senderIp_s,\n Url=linkClicked_s,\n PhishType=email_phishType_s\n ", + "query": "\nKnowBe4Defend_CL\n| project \n TimeGenerated=time_t,\n Event=event_s,\n Recipients=email_rcptTo_s,\n From=email_mailFrom_s,\n Subject=columnifexists('email_subject_s', \"\"),\n Attachments=email_attachments_s,\n MessageId=email_messageId_s,\n ThreatLevel=email_threat_s,\n TrustLevel=email_trust_s,\n FirstTimeSender=email_firstTimeSender_b,\n PayLoad=columnifexists('email_payload_Type_s', \"\"),\n LinksClicked=email_linksClicked_d,\n SenderIP=email_senderIp_s,\n Url=linkClicked_s,\n PhishType=email_phishType_s\n ", "version": 1 } }, @@ -643,7 +643,7 @@ "eTag": "*", "displayName": "Dangerous emails with links clicked", "category": "Hunting Queries", - "query": "EgressDefend_CL \n| where event_s == \"linkClick\" \n| where email_threat_s == \"dangerous\"\n", + "query": "KnowBe4Defend_CL \n| where event_s == \"linkClick\" \n| where email_threat_s == \"dangerous\"\n", "version": 2, "tags": [ { @@ -738,7 +738,7 @@ "title": "KnowBe4 Defend", "publisher": "Egress Software Technologies", "descriptionMarkdown": "The KnowBe4 Defend audit connector provides the capability to ingest KnowBe4 Defend Data into Microsoft Sentinel.", - "graphQueriesTableName": "EgressDefend_CL", + "graphQueriesTableName": "KnowBe4Defend_CL", "graphQueries": [ { "metricName": "Total data received", @@ -924,7 +924,7 @@ "title": "KnowBe4 Defend", "publisher": "Egress Software Technologies", "descriptionMarkdown": "The KnowBe4 Defend audit connector provides the capability to ingest KnowBe4 Defend Data into Microsoft Sentinel.", - "graphQueriesTableName": "EgressDefend_CL", + "graphQueriesTableName": "KnowBe4Defend_CL", "graphQueries": [ { "metricName": "Total data received", diff --git a/Solutions/KnowBe4 Defend/Parsers/DefendAuditData.txt b/Solutions/KnowBe4 Defend/Parsers/DefendAuditData.txt index f506c691004..c8f662ce4f6 100644 --- a/Solutions/KnowBe4 Defend/Parsers/DefendAuditData.txt +++ b/Solutions/KnowBe4 Defend/Parsers/DefendAuditData.txt @@ -1,4 +1,4 @@ -EgressDefend_CL +KnowBe4Defend_CL | project TimeGenerated=time_t, Event=event_s, diff --git a/Solutions/KnowBe4 Defend/Parsers/DefendAuditData.yaml b/Solutions/KnowBe4 Defend/Parsers/DefendAuditData.yaml index 966f87f1144..a8cb7895d7e 100644 --- a/Solutions/KnowBe4 Defend/Parsers/DefendAuditData.yaml +++ b/Solutions/KnowBe4 Defend/Parsers/DefendAuditData.yaml @@ -7,7 +7,7 @@ Category: Microsoft Sentinel Parser FunctionName: DefendAuditData FunctionAlias: DefendAuditData FunctionQuery: | - EgressDefend_CL + KnowBe4Defend_CL | project TimeGenerated=time_t, Event=event_s, diff --git a/Solutions/KnowBe4 Defend/Workbooks/DefendMetrics.json b/Solutions/KnowBe4 Defend/Workbooks/DefendMetrics.json index 6be5abcf5f4..e0e95758172 100644 --- a/Solutions/KnowBe4 Defend/Workbooks/DefendMetrics.json +++ b/Solutions/KnowBe4 Defend/Workbooks/DefendMetrics.json @@ -58,6 +58,6 @@ "name": "query - 1" } ], - "fromTemplateId": "sentinel-EgressDefendMetricWorkbook", + "fromTemplateId": "sentinel-KnowBe4DefendMetricWorkbook", "$schema": "https://github.com/Microsoft/Application-Insights-Workbooks/blob/master/schema/workbook.json" } \ No newline at end of file diff --git a/Tools/Create-Azure-Sentinel-Solution/V2/WorkbookMetadata/WorkbooksMetadata.json b/Tools/Create-Azure-Sentinel-Solution/V2/WorkbookMetadata/WorkbooksMetadata.json index cbbd9ec9e0d..d8c87a3609a 100644 --- a/Tools/Create-Azure-Sentinel-Solution/V2/WorkbookMetadata/WorkbooksMetadata.json +++ b/Tools/Create-Azure-Sentinel-Solution/V2/WorkbookMetadata/WorkbooksMetadata.json @@ -5384,11 +5384,11 @@ "provider": "Cofense" }, { - "workbookKey": "EgressDefendMetricWorkbook", + "workbookKey": "KnowBe4DefendMetricWorkbook", "logoFileName": "", "description": "A workbook providing insights into KnowBe4 Defend.", - "dataTypesDependencies": ["EgressDefend_CL"], - "previewImagesFileNames": [ "EgressDefendMetricWorkbookBlack01.png", "EgressDefendMetricWorkbookWhite01.png" ], + "dataTypesDependencies": ["KnowBe4Defend_CL"], + "previewImagesFileNames": [ "KnowBe4DefendMetricWorkbookBlack01.png", "KnowBe4DefendMetricWorkbookWhite01.png" ], "version": "1.0.0", "title": "KnowBe4 Defend Insights", "templateRelativePath": "DefendMetrics.json", diff --git a/Workbooks/WorkbooksMetadata.json b/Workbooks/WorkbooksMetadata.json index fe8c200eeea..fc333c542a6 100644 --- a/Workbooks/WorkbooksMetadata.json +++ b/Workbooks/WorkbooksMetadata.json @@ -7611,15 +7611,15 @@ "provider": "Cofense" }, { - "workbookKey": "EgressDefendMetricWorkbook", + "workbookKey": "KnowBe4DefendMetricWorkbook", "logoFileName": "KnowBe4-logo.svg", "description": "A workbook providing insights into KnowBe4 Defend.", "dataTypesDependencies": [ - "EgressDefend_CL" + "KnowBe4Defend_CL" ], "previewImagesFileNames": [ - "EgressDefendMetricWorkbookBlack01.png", - "EgressDefendMetricWorkbookWhite01.png" + "KnowBe4DefendMetricWorkbookBlack01.png", + "KnowBe4DefendMetricWorkbookWhite01.png" ], "version": "1.0.0", "title": "KnowBe4 Defend Insights", From 8bcd51517b8ad5369180a36a4db1ae8df916136b Mon Sep 17 00:00:00 2001 From: Ollie Spires Date: Mon, 15 Dec 2025 15:00:11 +0000 Subject: [PATCH 07/18] File renames --- ...ssDefend_CL.json => KnowBe4Defend_CL.json} | 0 ...wLogs.json => KnowBe4 Defend_RawLogs.json} | 0 ...d_Schema.csv => KnowBe4 Defend_Schema.csv} | 0 ...leData.csv => KnowBe4DefendSampleData.csv} | 0 ...efend.json => Solution_KnowBe4Defend.json} | 0 Solutions/KnowBe4 Defend/Package/4.0.0.zip | Bin 18625 -> 18625 bytes ...=> KnowBe4DefendMetricWorkbookBlack01.png} | Bin ...=> KnowBe4DefendMetricWorkbookWhite01.png} | Bin 8 files changed, 0 insertions(+), 0 deletions(-) rename .script/tests/KqlvalidationsTests/CustomTables/{EgressDefend_CL.json => KnowBe4Defend_CL.json} (100%) rename Sample Data/{Egress Defend_RawLogs.json => KnowBe4 Defend_RawLogs.json} (100%) rename Sample Data/{Egress Defend_Schema.csv => KnowBe4 Defend_Schema.csv} (100%) rename Sample Data/{EgressDefendSampleData.csv => KnowBe4DefendSampleData.csv} (100%) rename Solutions/KnowBe4 Defend/Data/{Solution_EgressDefend.json => Solution_KnowBe4Defend.json} (100%) rename Solutions/KnowBe4 Defend/Workbooks/Images/Preview/{EgressDefendMetricWorkbookBlack01.png => KnowBe4DefendMetricWorkbookBlack01.png} (100%) rename Solutions/KnowBe4 Defend/Workbooks/Images/Preview/{EgressDefendMetricWorkbookWhite01.png => KnowBe4DefendMetricWorkbookWhite01.png} (100%) diff --git a/.script/tests/KqlvalidationsTests/CustomTables/EgressDefend_CL.json b/.script/tests/KqlvalidationsTests/CustomTables/KnowBe4Defend_CL.json similarity index 100% rename from .script/tests/KqlvalidationsTests/CustomTables/EgressDefend_CL.json rename to .script/tests/KqlvalidationsTests/CustomTables/KnowBe4Defend_CL.json diff --git a/Sample Data/Egress Defend_RawLogs.json b/Sample Data/KnowBe4 Defend_RawLogs.json similarity index 100% rename from Sample Data/Egress Defend_RawLogs.json rename to Sample Data/KnowBe4 Defend_RawLogs.json diff --git a/Sample Data/Egress Defend_Schema.csv b/Sample Data/KnowBe4 Defend_Schema.csv similarity index 100% rename from Sample Data/Egress Defend_Schema.csv rename to Sample Data/KnowBe4 Defend_Schema.csv diff --git a/Sample Data/EgressDefendSampleData.csv b/Sample Data/KnowBe4DefendSampleData.csv similarity index 100% rename from Sample Data/EgressDefendSampleData.csv rename to Sample Data/KnowBe4DefendSampleData.csv diff --git a/Solutions/KnowBe4 Defend/Data/Solution_EgressDefend.json b/Solutions/KnowBe4 Defend/Data/Solution_KnowBe4Defend.json similarity index 100% rename from Solutions/KnowBe4 Defend/Data/Solution_EgressDefend.json rename to Solutions/KnowBe4 Defend/Data/Solution_KnowBe4Defend.json diff --git a/Solutions/KnowBe4 Defend/Package/4.0.0.zip b/Solutions/KnowBe4 Defend/Package/4.0.0.zip index 3e09ca15cb1fd601499aa6a45bd83960ec5890fc..a2118495c5ba73fd96ba59c309ed458575ab23ed 100644 GIT binary patch delta 39 pcmX>&k@4U}#tnIDOoru~3)Dn7L3Eq`S_vRM+0?@sL{)jX0{|1R4HW&k@4U}#tnIDOjk=c7pRGFg6KB=wGu#jvZ;qNh^q2%2LL}|51jx2 diff --git a/Solutions/KnowBe4 Defend/Workbooks/Images/Preview/EgressDefendMetricWorkbookBlack01.png b/Solutions/KnowBe4 Defend/Workbooks/Images/Preview/KnowBe4DefendMetricWorkbookBlack01.png similarity index 100% rename from Solutions/KnowBe4 Defend/Workbooks/Images/Preview/EgressDefendMetricWorkbookBlack01.png rename to Solutions/KnowBe4 Defend/Workbooks/Images/Preview/KnowBe4DefendMetricWorkbookBlack01.png diff --git a/Solutions/KnowBe4 Defend/Workbooks/Images/Preview/EgressDefendMetricWorkbookWhite01.png b/Solutions/KnowBe4 Defend/Workbooks/Images/Preview/KnowBe4DefendMetricWorkbookWhite01.png similarity index 100% rename from Solutions/KnowBe4 Defend/Workbooks/Images/Preview/EgressDefendMetricWorkbookWhite01.png rename to Solutions/KnowBe4 Defend/Workbooks/Images/Preview/KnowBe4DefendMetricWorkbookWhite01.png From 93f0376d8d82a8fc57f1f5996c6e1ef0884c3113 Mon Sep 17 00:00:00 2001 From: Ollie Spires Date: Mon, 15 Dec 2025 15:01:04 +0000 Subject: [PATCH 08/18] rerun zip --- Solutions/KnowBe4 Defend/Package/4.0.0.zip | Bin 18625 -> 18625 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/Solutions/KnowBe4 Defend/Package/4.0.0.zip b/Solutions/KnowBe4 Defend/Package/4.0.0.zip index a2118495c5ba73fd96ba59c309ed458575ab23ed..089b7cb78ccab147e38fe7c09cfd4f97e35e1352 100644 GIT binary patch delta 39 pcmX>&k@4U}#tnIDOyU)r3)Dn7L3Eq`S_vRM+0?@sL{)jX0{{%}46y(J delta 39 pcmX>&k@4U}#tnIDOoru~3)Dn7L3Eq`S_vRM+0?@sL{)jX0{|1R4HW Date: Mon, 15 Dec 2025 15:29:13 +0000 Subject: [PATCH 09/18] Removed the workbook description as other templates didn't have this and it was breaking the json --- .../Data/Solution_KnowBe4Defend.json | 1 - Solutions/KnowBe4 Defend/Package/4.0.0.zip | Bin 18625 -> 18603 bytes .../KnowBe4 Defend/Package/mainTemplate.json | 3 +-- 3 files changed, 1 insertion(+), 3 deletions(-) diff --git a/Solutions/KnowBe4 Defend/Data/Solution_KnowBe4Defend.json b/Solutions/KnowBe4 Defend/Data/Solution_KnowBe4Defend.json index 55d71ba96b2..071e2839db3 100644 --- a/Solutions/KnowBe4 Defend/Data/Solution_KnowBe4Defend.json +++ b/Solutions/KnowBe4 Defend/Data/Solution_KnowBe4Defend.json @@ -3,7 +3,6 @@ "Author": "KnowBe4 - support@knowbe4.com", "Logo": "", "Description": "KnowBe4 Defend for Microsoft Sentinel provides details of processed emails, including the type of phishing attack, payload type and information to show if the user interacted with the email in a positive (clicking on banners or submitting the phish sample) or negative (clicking on an unsafe URL) manner.", - "WorkbookDescription": "KnowBe4 Defend Workbooks provides insight into KnowBe4 Defend audit logs", "Workbooks": [ "Workbooks/DefendMetrics.json" ], diff --git a/Solutions/KnowBe4 Defend/Package/4.0.0.zip b/Solutions/KnowBe4 Defend/Package/4.0.0.zip index 089b7cb78ccab147e38fe7c09cfd4f97e35e1352..4fc5964e4ee8df52e62fdb7783a26d060059a7e6 100644 GIT binary patch delta 6267 zcmV->7=-7+kpZib0kCc+0&jb>a3&N94R3poTg(OFtuYt?0Be(xFDU^mle;e>e?A0~ z03VW^*s0vsO-MWs4uEs^J_K%`0AT&doC%sj>kwEI&I5M1y&XMiPoWRTXo`H^hMz-< z+76k<@7Q*)(|u-lcI{4g+eLv#W+L4=ng$-^sQqt7{2#2ADBmGIM?U`pQHF^xs_C{n z;-BdC6mjT6F6zI10ssIO4Ecmmf06JvpIrYF?E)LHFbD|cKVSOfdWd#KOJsIg{!~=W zM20isg&Y$f@VFshL?}p#d5K2IcdaJ?+{vl~NZ}N5MA^J@k2p}2kUjyx;vzII$dKCt!;k|XAs4xT6A(bg0Hjl!^Gm=H{sb8?CvbY;Gj)H@3DuRdibItGQ1`?W)t)4@q6Xhto*g-;gml_Mtc9 z*kRy$f+zx~*r9}x5eH|;=h#P{7*K|I7?}GoB;>Mdi*gqkwCtn+V0>JJ^lZJDbJAvXcyU zl-72ml_VC{MYg<;X^op3^EVq?$$Yoa6k<=x(7dW$q>0qxGq$Vg=qch}$6!Tdsn_~}AF7hR+k<%+v-TKNG z)GtWO^vl?U(lP7R8#9><9z5Ic_I8ln*@1iZF5Go(_!RBfBln=Yd$7Cjj)uMRG3(VD zvz~FxdiOqNf4#b6*1NYc6HS=6A%K)2YMf!w>+G5lEu+Vwi}_2)q1~5h(vi_+QO6|z zUKx$(RjRVNigGp7*X-?$R-t~GTOEw(arwN}Eo*5_Y@5L=T-!rs2UySv-5pFJJ9 z_D;{)b9P2Z z9_uWlKJmP{jcZ-x(yDS+UMa#AhU^RC`^e!Ww*r(_RFY4v)R4^7fTRR;!;vp^b8fn9 zE;7GMf6SH^DBCGAt;(y7u~W)opzW4PFeMUMQ0ZK!OzF%WFtnn$Ql!31>Ze+V;G@i1 z@WbYEPKJ|hbERL3#{~ndpfJ5ouV;69b|+a=0I*_bPiqDjgf*9H7B{gzYDJeq0GWIo zj^~b9v?^fNMSkjgrDk%`xzgC+YT3oI;?X#de?|8p?>VNe3MdH>DG%gB| z@3OakI$7mo!**&IE4}}$k@OsW`qWfyRllF#kWs|_P z1{b6?hdp(Y66hhK7<%|Ka-|n`2&~(Ie-+P{fps_#Ks^$rY8hSce~P z2U0Z#)?v3bNYr>>9o`Nsq2@C84?lqZ1ha_{MWQtW>#jAB`XQ5Wbi;uS_Qm6QkvsV! z)i(Y1mv_R^G;Pvf!X}n)a$eFd_ocAe{awg^1#s% z7z_p$3t502OhP991_;$9a-ly)G)_~d*2kPfXCisVt!&lGo3`X&rjQG77*I4uH{fSc z^5#!?>tF4E3U8^W(tE32k8MrU$S=SInH&z!LmpV)mT4GD*rnl~6Xa zC9&xxGbOgy81qRul%`f{h-@DRfrn#uIN4t8q$svM^vG~~3K>TvqL>7ROGkcHdNak|q{;T7m;P8WTE`mP#y{f}vcRCj0R3DT6H%)DHTkT$Jp0aN&Y(b7WJ zf{&sGIo;N1mA*OJ2!SYWpmsCj2!yJ3XhI|^+GGxG$mQS|$yl#Gq})$wvs@w%`o zgVYs@k_W1F@imVhtgg_fdqAu!#J&t_o%rf=@Ae&Xe~<`Cy-4~AJy9>qtLk?HZR@r4 z0l?ceqJiq+-NzMCWlDD4@~~U#W~C;fGeK_X>45HKf%JwBQ@pfJpn`5d5syvfGnfZK zfDnBYsGNDnB6tP+A|w`5Ak45KxoPXn=JHkE2I)jou&oqE)fI?*F?d3bH-mRAa285Ov;}^l zWZDA9jx6S)bMZ^)c`_LK2ylw0n?Db%kN^6)Js4bn`p<#YdWRewVA=f^5FlBC`GTVi z!rl^L;Vz;leLc1#hwm4P{tA)r$Z_nS?{rR$e@Xj@V&ayjW9SNr1w$?)$i<<~J&<06 z@H{Z_U&fGLRBHEiMe{*>j}d*VSo^;U6+`rV0<~g@a|lgj6XJ=&JGxeI$V2%# z%JCJ%o@j@zG$Bqb(RMW&#^6ury$KmdB31-bHkqj4V`vkm`*AL}GmoPwI4ru7iXMoj ze`Je8M{LiAW?QdrkW=EcpZJ(#=p8!_VoaZ;FLnmTk?$Zw0*bG&hsNj?bD)4}h;P+v zx%Jrp=oAX9)RNu}u)*zZQLFCmr0K30=W`>l5WZ50#r-Y$f2#~^ zVJ5M19~iBY$f|(QnvgApRyHJDs=l+*dbnBOr#|yi2VjUxShFu{_N9z{DPPwfE61RG zEcbn4!YknzdTWlMSBqm%zkmEb_30~f43R*W<``6T?C;DjWR|<{lwBzF@$bSeI58Lu zL5igVvDdGfMi7$;$jNkH?14I6f5Cr&P6@A|&<0vsLFFBknA=4#_cfTl2GbuDnEti! z?OOG$G3Q5&IX?zG@LS5~J@x8~MkKxmvAln$U7gk-{4yYXt)iWj3KZDjzRu zRc#pk;u`G}(bSU*4>iF$YRZ#-X2RCP$G!$ip0Pj`xLlZ^YoPr8fb!nge*?;s^Qjg9 z%6qE;%6nfAC^uEL2Flk!`S%Hw8_wB!^bmP`f?Fcw#wcPIrU3F+RAy~lysV4|j*1(# zLVxny_Y-YzQk#2#z>P9q`dFA6YWtWm?!3-@b#z;|j;bd()&rwErsG!{+qsz|{JuV7 zjn3g%l>Lty5VQXLOXC;fe`jzSh|$s{8->0++WXkUkku?YMWF|N9t0FPaX^WP(FOxw zq|O9)9|>3Qg14equda~KkC6C%!Qy9g(D+E2CKuER_&G`63r{b8BYug$rtjk5@T17l z#v^ot8BflNzF^VY3$cC-tbw%^=Td?O3oVpKZZwPb^eGTBuBhbAN>v5sOs(T&R;;AH` zn}{=Zl;bqfhZQG5+Ti!pI}#a_e980lB$ha1ko^6EMG4BCi>~Hvyq7h=MU%y){JZd| z>g1sIyz19OJ=V^6f591#wo0=XK0m{@)B)F93+Zdkz7dCmJ*fbuD%awSWB!d#{H^Kp zn-5RcI@y_{nd`Xu<>o>y2fvByUJnddJNRn{e-%ca_Ef+9O0VB!tuE}dnfw!-ZCKwX ztgr=}*nn%>Z*BXn%Jx%jzSU0h5+kX;akTIxeo)4g5ptZ_jiN=2 zA-xe)ZqU>*jT##}iglqkZc2@s+Qy7pjox^vZM4)kR!WVOX2!__VGv5MfOzyg!fT~> ztBSOb%LKB}#Sinz7W2Rvg$gan^9s6aSROySP_9h(z%f)vedS^HN(V7wISu`82nfA$ zK7b(m%KLqmf1xFEd+tT-KE-2vA*FHAec<#%8qh8`Y!>OHbR?2MrYcH8)oIbDGMXXp zXo7iAd+b0)0qdzlGO*Mn8GlT3Voo^-*865~^!Wq}$$B1eCdj#z*L=qE<`XCmB1*q$ zNW%kN5lc4zhCv(xr2Wjn5LwnNCNk+%5_MhGp%=u9e=m|*$`>3x=AimOyc%sY?k_{d!0QpE@2&9x5nPT&)~Z9 zo9Z6DZ=Cs3YgNv%kQqonvRc$Pe&F74m15-GVeMsukKZ4zP@sEoh^qv@gh$*!j~}!1 zYf!~+e;0(eoSE3{-cqH09r3zTYS=DeUuUmdUA>Q;eoE0l$zEjJ!0b(R{e66quE`p~ zMaxTj_ikQ%;+BoNHeL`8JVF0WlWGHe##7%v-+Wz0& zHMmYe?-$4bgM|f?zZcQ-#05Dey)vDNuxvlldvluiAz4(-GByt`WU}?if$r7gl|5!z ze}oHwBQS+Go0;f~E$y9WBFWaWf{JG?zQTO=V&Tg`l4U)aw7+5BWq;^Co68|PrY~_p zW*s&pD&7dvtnV;7ia{<;hJ{)^x(Hf8QbKO6c-~&?cZH1Vo<40^X3Z@_}Vq9}wG8 zasYaI@q@ zO+{p$S87wshP7;93m#EP%Je)X$rI49Y#z$gf+cw;&LU#G??DH>CZ2E_PW&L`rR}Y5 zbrx$$mbplv=8LYBobrq$#-m&Ke||&KAbyt2 zzU6u!Yfr^7-S;j5S2m-D1WMoQ&4@T>>6)6DJ;(hM(W}O*s$u<99lhA&&Ch2Er4*N{ zrEXKxu`rPVR_@CR{NHT9h_~liIT?11=xs8(|7#xy*e*$a!lDc(exESje~$uZle4{Q zufefumb72dQw4RJPrvOyy4#Y;X4^jnaE$%&DRI#e8I2g?{}HL^k)o@H?udd<5uZe7 zr2UFavqIRTR0b9wb58Lv8S%v>vZY7U{n&0}e~zYxBayV$)sw0x z>mY#5jSSIH5|N(4S(l9i$k6!m3`!w^IaRW`Na(pa*nF!6HcEt%g^;tXNF(ICG{nGI zP-%=omItaIWKfHXh>KW98LXoW9`+Z0tNHln0k533KIthIq@iS2{h8u-w^T2?L{~1& zODxIj?~J~u?~J|?e-B@uf4>Lbec|<|gl9LdO;x;lLq5G0kG>#({xEs-1^M!Fp1j~V zHRr_}^Wh8e;2F~;yIhv?-GvU;<+p3{+U9nd`DYPP+UPd4(%W&CkAGOUa*uEP`S{PWfD!VixRUW5m(f5-ne;C-w4-b$Xgir=l^ zb<1749REAmtHG<*<5L&qQA_Cj#=Pkg zY~f-&sgdKW->Z6j=*oLm#eXgvpisqc-c_E}wh|uGfIKNKWf@PY=O?Rq$(np*Z5}co z<*nx(@0)L|f8-e#;1?V6ic9c`r95H{{;(ErSi%?9<_Yi2Mx34xtiuD=<^O8)erCR} z@JWK6->bpv8Th=+u3Qsld1OaPnZOJMH7tDlQUU-baHhDIZwl46=L<38o>>r3T|f<= z+nRH%0nEn*U@Gm8C`McURP%GGzrzrW0V6;<0Ie^2y4I8sAGiZ>>fDCu>ar<^)9 zf$vFf6?bpM{@1%w#oYe-7o9h~z5LsELx0C;!@Fe`>W1OS+a=G`t$#$^LX9pxH((`) z6f`}0V4-f5hbF8h5~4Ae*3d(c$8q)}ME_;f4)Ex z;6suVJGI-o35n;y!NECugTT!b0IVOGGet9K9RO>}dB6^~wxTDSGw8z!njxQW!p|W^ zn+}=9@7Pwq+k0krckFI&%SC}l<|5r0ngt%@X!GBU_&-=3QNBZbj(q+Hq6`yXRMXq+ zihrWlGsK|_xv2l<2><|CFyvE0e?`LId~)?qv;%Cw!XO}&|9s(-s}b4}Es@z}`7=>9 z6B$m47jjH|z~hF1F`*zS<|P^<-?g3qa4V}0AcZr;5oKBB9&w;3A$k zKZ)xVO~?KlCRKb=e@ZF}AufqI z6bEs0tltR-AwzBlj6x24gk0nTPCx(|1CY*a&MyE*jDtVl#8ud*QxbZv{X60IKau?! zQr96aa{t@}-~$5KXB1CAnN0rX z2&5T=RK?G&{J)eh09LuYeAKO}VlAI>6ee?unV$cNsX zV~2sODWV9RV22V$#vGg?pJN|+Vn7+(k(Ey`VF(DIWGe;oS^Po|vJ&7Nj6 zA?d5o!lbE%j-<2v5>gCD9#STGq6f#WC=E?0Vyw5j|E$0Nthe`UcYi0ccQ%WKWhWWz zD6Q>AmLwL|dA_`lX^rb^*_*YEWWHNy2C*k)XtrwSX(F{a`A{h->3eKkd#QCTCU_AU z;bXU_j7>B&Cx}z*e|$)!SjZUXNR8OByS|oc(`GWNTS;=Z)&WX;%hk(iQ>Y_ZHBJNM zh@tJNvsj&b>C9T&=&adSBYUkA`uML9MasCY)O@b3I;&grz9?*63Awh*ro2l9Qdct*bqJ!BkhHIb9+7wn?le_hwzvG;d&ckG?*XM6Uu z9@?|V{rxd=w%xu1N2zGc#i-)Zr&2_uCa6}UQ{;pc^LZ+pBM(t7@+GQK&?{5j`pOs7 zFG#EO%h-go*#+ zzH!X@cRptQf2L#Bzq2tDO~~31K*|s`&amip-eyE*^eA*Oe+fCX2Qp1MGP*44m=xbD zqY=GIRkl!3p@!y~y|vaU)h~0agAqNhp0_%)me$0!7`#O8DT36QRvEdRmKa(S_t7Xm zo!l0j_Ccizl}Afy+VzNf5Lrt*M187d-l%GPS<|+bnM#O zeP`F%9=qM0elHb>xfoSC`c#Uj)CBDZyEwwCq)b)o>t1lMrhiopmaz$08$$eo_+vcL zc}4@`d6|!Eofp!oa#mg`!WE9}3*!68;iO;zDl4kUr&el6W@ykid?ITYGdq_Vhpt1G6|+aA`2>=>r^S7xdVn)lr2RXyQFcdbpSrftfe?C zlXEhhY>O-XQX(!GUmommy;3*199(I9aJB4mS@CF`#iILAe~cW{Rt1y&E;y6Y{1@1lGlfkdMQ-_h z$zJsA?!Ia-GX2m2cqUDZ0A#6t0VS8%#r{N~(o$3a`eSYYO-|HJ-GzXl-PE?k)1Kwc&g1zvtbAjBXAc}k!QQ#0S zocYcaQZ9SK@MqEcZf9t5%)LlLzlXCCqJWISOT>}GksApWi1LMIft`IYB_U<9431|= z&amrPbZ!_qz9(YXdQbcNUGa09e+W*L64#knh4|6X%1}R&xzD)lKFf+PF$;w*$z(En z=rayQw?~l5B(kTch>J)@wB}}LT_0Uz@yDT+$}AEEq8PC^aD+T1gV4I@jnH|SEhk=C z3GoP(uc%OKdJ(HuAzwCvgK`x?UK+yzUgP%po>p$U* ze{KF_I2;Z)*InX#afx#+e$BoF?)b~K$Hafv;@9lUl+U~`pK-A9a48IS4mu`nYu77(L8@Ei;5?2fKlU_n~fkC zV-E=eGM>u!X8LO8<~*L8ABR>!XhTakJ%9~*V&-&)mf#-~x98ZENm2%?g0hh!!++wDHK(5**0UgwVP4RAR}L9D*km?m+`btp?MK+!RFFR_f@~J4+(668{Di zU1D@q;rZ13XBud~3z+7M3qlOkx_P~eF+&Q#u?`}rm*_%}2^ ztkBu#z#|j#3-*v$e_N82ws^S7E+@}{Qt)AWFY!4LBO}-Pmoh3tzJn1vJe@O+W}9zE z|3(h~_~|)_N91@0Cx|7@(WHyD`%vOD&w(^ohX#uKc^XB%LmuS#5)B}q9_FGhIhURT z7LKB#;v(X=qFs@i9lnx;GdLwRa-<7QWThFlhJ4s!Ns{FYoS$4rT%13kfsD><`wn`Y15hvn8N>ymX@-XVia|g z(@ld`>6@e7ArS2wXxxl=2SQytG+QKU+GO6^P{_eCl6$=dka9nz%?gP;>|f+ig{bsR zwe&{)brox1f9iC!?ngV&j(&fsZ;?YW7ja+-3rK!+MVF^m&P1NSc%!W>r_RFpl~|NE zVSe?Cem<2YQyWA#13Fn^r-T)j#!qLB0TfQVF!(IrXtfzxBX3s&dM*olS8gD9@X&X< zK}>XSRrq(d>r9jidW+)Vg>vpW8eXF)MMPY;k>}x~f8sUzbO+FQjo6og#}iN>3!~p5 z2Z_C}=Se@IC+cNIRsC)-biJ0|1021wJnU4)bE)s?OpzOUIz)Y0 z#J*)@7Ms>7RA3Y+Hhxq23>MKAAVeSSh|axZ5srg>vG*2JApE@%x!% z(67iBPObQOz>E@hz-cHW-VXSMl352FIkK4Z?)fjF=gD2yhk#Q&TmN}zef-zYo5SJN zr~e#Uop;E=0hZnG0D;CO;4(POLHQlA|J+6Ne|Vq=k>v3GLeXC#@*O#jgR|}Ki81K_ zQB2&*bPQc0VKAf_K`st;afl38M2Lfl|1!o7qf&dXYm&dJ)k#kAWP<2hC9L>Ws2HMW zQ>Ya~oI_|Ln-WhH-qp2&LmtZSUXCsy_Cz~$r3rCj3G1udZVZ8oK5UU2R)j?`Ws`|Y zf5D74VY(g{ay!|Eol<0^E2$jnXiBy?bj0#(Xtwq08aWl{z_E`xhTf6mAjb4b24ZDk z9Qh71B%t^bduW1QF$W4fi1=2srVFS?ZZa~p{;b#U8UpdN?*8t!@ztK`Rd081&-iMm z@>Qcg3Gb25Phb!T#JrsjjxqAwnylvRf3k>(J4_a&vUxLx-vC(H6^$Rqa7CKKkm0tK z?nh!to$07uTBYxNOL=7r#<|~0T6ZNWf!N+ZF)g81Cy_ffpm+x9{K$31DsvZ-iz~W! z!b|*v<|4a8Asr7EUwEL1OI{)lvB%zCB1*AqgsP*onYa84p))8zSxZJYzy>!re`T$@ zy_K%J;+$trU}>L>2K38gaeqsqEC*Yd*|NfyOsizfY9O>WtWK$wEt#FV54yAwZXWn) zPVqDW7~&EhX`V-#r;6sOwrdZSV^F@z`#v$@m2eFGM~%&z z11+tf@(#-8-bFC?M=<>nOutuP`q#p@8`blOIX_^``61we-%>vBsn=XIBJmxF<^4OY zb$SHhmjU4$nKmb6oXldB*@W(>e7vYt^fGk;LlNqo^G@{Y)g|)zArimOS^O*mjSr=3 za!#FqpON&vi1gw&;+Obq`Yzraei#MXc#N(wbbBF;Eaj?+XRRvZUugWpr{P-INrC>Z-D$P-Nc35s@0Iv5I z($|`GBi;`7qz0I(wZ*x>{2L!F+%V=hpVF)ivU6uZHwp8r-GxR0ew)y}85r;w;6DcV zt8ntP#|Q4!M*Svlb>W!J6rbpP!{$C=jW5{72YmGX9(})6fBAl@&$rr1Ug0D)ca9dG z#P`aXGD0qO&Qm>Ta^IY!g`Fd_Q?!UPq<4a<9hxStQEO*M@hUIv4VzvHw1)UIq$(H``U|ymZ2pIYwmd*KE-2vE~RnayXW*n zx}jYz*eudX8Av1>nd&GBRi{Ops%VB{pb4@~?QsAZZCFnOlA)z0$;D%u6LYFTu>LoL zqtB*TNY?X!GeypYyiYWiH=jar5K;O~L%KcC6?@6De{UGXAwb&C91J_l+U9=CuB_&4hjy(rd)@74kC6VNQK-7+nq$$zWo>u3y{_Q=wb@-)YGg~Kz3$4o zTro-5m-AVgqwY=C$hd^Z&2^91`}euIuKG&62Ok^fzSLS(a4cj7(vPebjg9YlG+d_` z#c)`Af2-lckB4g%=newnI>9dy5x3CehaCJGRPozw!duQwY$78b$kI}dW%+h4LUlNYHZHJ%X;y~x(l_#|&bKr6HqO~ine zZKdSYO_4AF)(A2b1t8)|z#DDVc%tc=sue(AUmcnaY4=w8xobT9%PSjLH=6R(ywQ5+a2DTItRisSMQ<6LZ4Xfs%Of6WF zcj7D}#s?mB&}-s}pyAjLLSEV4fBIJEv6jTlMFKV7sHNnTXCyHmUHA7Jk`4h3@GIX9 z2=;lCB7&?>i9x%$fdPI`J(JH@qkPNtKGvR^W4iBL0JE9$al3F@+6Wevqe_p>nn9U9t+Z>O_|7R+KB2MS>?if8QpVjjL`!2aU_D`@_ z(sm6=#ddTO@?-y0oRQ&5_q^XVi55Y(dd(3B`k+Ae3}!bNZwX+q`IIs^`BEj!`W3xT zX2@HqH6|%WIyHb4CL>2G(+6;ZPVr}?=J4~>pBA{G#zf0_78p?PwG{5K=M zxUIJGXu2OaH!(*u!;wf@@9Ih2lgCW}>uWipp<+jR4rg68nr|{_#6`qKJnk}h++}dTzwlel$3OSj zayI&;r(BSRl3n#@e~RCosb1DZ*P7-fO!DJ*M&HwSM&F2sZ_dBp0q?%B{i)#Djkc+d zS8vIuH{#J3$*7J^c%{SKaj0^CKEqTQy_{2&cu>pVBh&Qa@ z3mfxbs-gUlzWK zY8;R!dLRO+5h3Lp6DySTD$Y|)otnV+B)5vYw_^XBU8!PjfAfpZ+umOO?Yp7BW3=Vn zG7ELXaOCZhXX-XTB5t8ZSDqWNl0ypG9zC#7H>$TLtY#-fYc8#2gdmUO97Krz%jm;W zvFLBxL*1u#|7mV1Oq_;-m9vudBYmcXJIV1l8jBh^;$_#!I?6mqwKp1WebvNvj!ae8 z)kLnMX4yN7gggj&^qK0D+b91IliEi^0vC9bA4o$D7kH0bkk-6kM;HJA)RS*WHU{uV H00000wT3t{ diff --git a/Solutions/KnowBe4 Defend/Package/mainTemplate.json b/Solutions/KnowBe4 Defend/Package/mainTemplate.json index a5c624adb06..bd06103402c 100644 --- a/Solutions/KnowBe4 Defend/Package/mainTemplate.json +++ b/Solutions/KnowBe4 Defend/Package/mainTemplate.json @@ -166,8 +166,7 @@ } ] } - }, - "description": "KnowBe4 Defend Workbooks provides insight into KnowBe4 Defend audit logs" + } } ] } From edbac4ed7aa5232148b4ddd03cbb731200a52919 Mon Sep 17 00:00:00 2001 From: Ollie Spires Date: Mon, 15 Dec 2025 16:30:46 +0000 Subject: [PATCH 10/18] Used V3 update script --- .../Data/Solution_KnowBe4Defend.json | 2 +- Solutions/KnowBe4 Defend/Package/3.1.0.zip | Bin 0 -> 9568 bytes Solutions/KnowBe4 Defend/Package/4.0.0.zip | Bin 18603 -> 0 bytes .../Package/createUiDefinition.json | 4 +- .../KnowBe4 Defend/Package/mainTemplate.json | 426 +++++++++--------- .../Package/testParameters.json | 32 ++ 6 files changed, 238 insertions(+), 226 deletions(-) create mode 100644 Solutions/KnowBe4 Defend/Package/3.1.0.zip delete mode 100644 Solutions/KnowBe4 Defend/Package/4.0.0.zip create mode 100644 Solutions/KnowBe4 Defend/Package/testParameters.json diff --git a/Solutions/KnowBe4 Defend/Data/Solution_KnowBe4Defend.json b/Solutions/KnowBe4 Defend/Data/Solution_KnowBe4Defend.json index 071e2839db3..20215c17716 100644 --- a/Solutions/KnowBe4 Defend/Data/Solution_KnowBe4Defend.json +++ b/Solutions/KnowBe4 Defend/Data/Solution_KnowBe4Defend.json @@ -16,7 +16,7 @@ ], "Data Connectors": ["Data Connectors/DefendAPIConnector.json"], "BasePath": "/Users/olliespires/Repos/Azure-Sentinel/Solutions/KnowBe4 Defend", - "Version": "4.0.0", + "Version": "3.1.0", "Metadata": "SolutionMetadata.json", "TemplateSpec": true } diff --git a/Solutions/KnowBe4 Defend/Package/3.1.0.zip b/Solutions/KnowBe4 Defend/Package/3.1.0.zip new file mode 100644 index 0000000000000000000000000000000000000000..e84ea34298f670bff078bc5a1858c44e0db2c6ec GIT binary patch literal 9568 zcmZ{KV{j#4ll6@`u{E)68x!Y-6Wg{YwvCBx+s=)1Gf5`KgcIBN=H2ht?$&l!SNHQ& zSO4p(Q+$+Yd330 z2WA^rM~6*qd&i9q^p6WeHWgj3-z!UN(x^F={dnhq+m^vB2A# zwV3{D0KVZ*29(dK2vh=R*u_xJ&!!oXXMTV!o`pWVtEPuS-I_a)jp$4>gu9SGZWKRW z*aNW+$lYfy9a-*6x7J^~oxNJx;gqou#TzmUU@Qkp;iG_)jHLzxM3|=NCDb&jf6()2 ziV=lp(Hm+$-;esQ7JoKyAmA!Drq1Ysmnwwqy%)~MU2z(P_nPItyUvObU*wwv^XF+S z^j@*XjMpGGFdxzBgeue+#XC9I&Zve^(y#GH+M-)<7Te6}Sl(1mjhceM{A8^nT!hjX zi!TbK+bz0n)^&-kRq7F{&fj9gsO1WUx%ZbhKzIlyZsPQiDOcY^CGnsv1i2w9DKth} zDK_Y3`kB*GZwj20B!6RqM&9A!hgjg8*!z{Nt&1nW`$|k+t%p)%5kupGG;XEZq z=yqOS9NFzn&&e~^byIl{%B0EUM9X(g@J~`ONaJu zI70AEZ7|(nKm@U+iAZFpmU&j?`xks)rD?@o*q&x|K9cs6EBxVpV>LO5I$fA>@)Xk57x_armdE#-JfQ0E*nqM zs*Up@+XbC$rYf+N6BDuac5I8ehGOv5_H~V;IWfsFleW2}p!K5a`O|(%eNxf{q=3(l zjzr_Lr^jYSR6M?yU!q*DGXk9skK{&5Ou1|(oRg*vD-?CvbqDG!=$6?u@=CPb-JboCteL}oz%!a2)Vg>9V7jj&K--j z`La6V=w;WurzpkY?-P7=R84SUnT zhUj%HI^yCJBk~TW1o7tbp&*XY<`})eHwZCVcYq*HEnuM zJ-V((O|TaatJ&VDH7}lz%1r~WPX^&ZX_2g4^vqF<9G6&VwN3#MN2aznnGENu^f1x> z_ANGHVho7KKa53Z5i5zml);b9h0!O{gv2Q97qdgln6t-vbVKwDpg4LxLsz+*dfhRx z?qaC^0%dVDOX|*qv6CnlkPsqwUVA}O{AIm$aj8=%ruXpJHb{TyLyl(-*+jTv|6GFh zU)j+y5E#@8Yi_}F3>2Hvv0brdqBA|M5=U^!+=jr2%>=4>!9i7M<*eHt z%8ht2=W6ZgBLSb~7FqO#3P?0hj83jvPqh+jC!FHzHy>-lJ&z+j~8PIAm5cS>=TYTkVDQO!rdy*V&-?YMy&BqH`@ zVP7typXiV!O_vSEX}xvZ#0==KE&qBdE20^U#ukylbZfnMy_iJ@mrAE+#!g9!l_gHz zY7&7V9hT+*lLcPDXSg?kw3ZEj4-+3_G&muoq{%AtwIB(RnvA1{j#fcph=aRO6cDs? zqphq*6}Hy9LV?<|_gg2uO$*Lpv=_PaxEDucSa&38jG~<;=zU&0eGYJa&e3QpXY|rR zx|rzQboi4i%+nVmdAI7BfonId$|h2c<96ccaNViGUYF(Rv|xlOb>LOA1x>^Zl zqW14@O+}{n>?dD1zRQ||voBDtoroOEnWC%80e{62f6>U3Odr@|dHKkhts`ZxGLzMH zxvqm0Q~C}Ev&7L#o)7=>8|P8`ajE1!gtCqSPbn;06U2Y;a{lXy9|@$qZ$x5F)c0IDPVM`~{sB)KFI(+lZz>z# z1Hnf@xqkIF`ufR+X8d0o(QjoFY>^` z+yM1zn}KB)#IIV)zBup1I7=s?sJiI77P>-u8hU$%t2fN+V7n$*3KCcpfs+9IZ+CPD zgw()jaBIT-$>ImF2`1|!PKi1hJ$c*3mV)h(ND|nFCn6(vQnHL_G7TIbIe)BrQeVF# ziImA*&7iSV@!0D888B<+`8FWBVXc-qbRboJ)O-=3sC&M(L!OkraSWv^B0j#+@I3!8 z2W^Ng4tx*0++JMgIdNer|3!1toA-izF09<0K&-bYB7Kg1YC*(;zfx^O-^AtU>EQW+ zs`B43RWwK5padZRa5fJBp#Q^E_Quu@>gM)NcK?vof1#;!eP7RY?(|QQe8>on?lwy* z?d0o?;JgoIUDm zNcrZ6L%Ya|hssWJC&)9rXCRE|{$n)q6Stb;q&;dbX)Zu4)%Z`01#EBMlVR!^8458- z>Xjz}02l}+%SWeY|JX^X?l0D#hhap96n}2V749S`)(2y1>n&eKm1WU7$!#Q>{(&O# zgjRruk>#ofLqEsg!w2fFx&i3!&}350<%W!0t1~#Sft8itLOZA})QCnl8-Gv|g(CA2 zv!d`_p}QnP@j^hDA&Z{4^YsIW*ie4>;_`rna+BuWyF@Uy-UUwj!WJ8&LUOi!0B_NN z2Yi`%^j1h=iJf)^ahC4@`$a|mXTpwbV_#TSD3qcn3_c_AD4OPe0cdLoF^y|ihEImS zNP!x4^$7YgSa!1IsNC1~AReBr;>vv(NOBYyM&krCIlN;J2#H{H==#VYDq73+T=iR=8mk^*j3`k#)@2eoqJwG>anW#N~v8m*2dp2Ciw7yX(eCz z$PpCjOzaxkKixV$-L9VgZhbgV26Z#$^*N{(5FVWKzdRJZETWsyO|oJTjBOH@sCH%U zYEVum5*fH%gi21Pp0*T3bdu1*%d>jDrNl4n5v(bZhFmu z1>xMXsgwqFh5y3tYFt`fneB3pK1($Dw@c07N`}o|0#6?P!h`@+U<)O8+K+r&fjT$+ zltNzPE_xS<41e$Zg;q%m7UFGXh$2-lF&<(QdNJsUFT;y>JX=f3w9euJ=N<}7C@d=R z$n?M5A6|kT2y^4AufyNqB0-)6Ni224-}P`5R~V}b;{N~{2(qc)^766pV}1~P zBCYxr$cb{TwirQIF8Z-`n(z+_udTc0Y+ig^Y&m#(9{t_B_yys!k&FCD1KM&9=O(hm zuDn-gDaQCD>56m#GHVl=umb6Z)w@0+`%)!%B545+Ohe654CV?~>r#NVQyFa?+Xp3{uDbI8x~v+QeV0I6ib zVqu*R(NDrne00-3<`UQki_%|K6^Osti2f#e4whk`@p4UaHz>sR6kYmAJJlG>V~Z0i zx3P^dCs%-xx(M?m?w(|1M>Ql9WljOJ&-`vhtetJd-NHAl_NQB?9y88B#yVd?Dl=X1 zbDl;*&gw)$Z1T zF`;UVIEFu*Xdv6WA*3?!^v(H9MHOs|GtzY&>a|!^PD4EYmatma<%B@)3!Kr2l!m?e zeUdZp3R)QsRMw1he&TDsu&H6vBA^|77dvz_%8zDdOT_!wLA=$5y)~3}g;Q5i)I1bB zqiIgIJ-iV5YAs-n8X51|q>-oSU!+9m5WTLagR(JAlcuF|Q;ad#P&65+SEt;HB-XCX zAcd=kVEv4ACeJo*kw{*iW1uq=;t@uGA9BeLdXpG`?bq0iC$1MMOz_Mc&zN(N&zMGxo zzK$>Zk*Lkvby$Ez5;LcrCNN6BB>aBW?K_f`;qlkAFmx(4n2e183^? zPQgA8^jzsTs@JnKB&Dg0B;OXpS{eBww4En5dGHPILn5|s8(*8qm8WPvp^!%!D-ppf zj<<==g}ew7*uTTr(2Z(AS)#B!*ch>o*c~r>6q@8Eg7b^pi+$rVCVxHDsVKc;Mv{Ic zUs^L9CB-gf;6PEF+b>F+)=SnRWmF>HnKoP~T-_pxLP$z4Q>loDhvM|*iXbK+z9!WI zoepg@vNyzZpB@JKw-jCQk$EGLw>iZKl{z(WaQTkhqE@`q4i>3&%pp>G`FwnxC|^#; zJ;HOY%#tITG$4XG2?+&dz>2f!I|$Ow6odU5msCAtBIpAP%&Uy8`_%>IJj*S{@!+SX zs?UP?u^2M|Srm+=AL1xA^K*NrHsIldn;=fQS21EGpUA{8#&D~AAj_}IBkSq2_36Mr z+j;K&4i2U5qw84_*RfJ4{lUG7PBgZ$SA z>dGfLPLYb8)uRC_wHsoOq!r!d9R2IYapv;5Ak}LzU#4q5G!BZ#m){G^5`A�=&5# z@jV8iVLzUph(D=qPH)0t(0QYjbnvrEnh7e`Ry=~jhzyG`L6&fQ&GL1n zM}c8`6;&P4yc%~5Ce0x{>;w=w$q4||S{3L@OIyrH6nO1PgHZvg$GvX%P zmCI#tJ@SLKf5H5XRv)Ot(pu7p^kXXyZo)ifFPR`KL{-F#!Cz2=5Ms(H5A@cgz^msA z&4BPa-xa84OY{gAx)Zty+sCm~owhQ7%L#Y!b{p_a^&)n%nzEUFJ=zYdV+eUh1(dI> zzj>JXKOMFAf{#!30%B`sea-d&Q@fslqB9t1ctrc8kMX?AJET5tMR30Rcm6WqOR^h# zz62Uefp=5WWlTvnXZl+c%?pkdb@6 z$s`0rC0VgkvgD*AxJ|p9apl&vLlq{1!At7gvYcGHL~ABrdEC~0T;t9V89qScL=unl zZRn;ij5H>eMnuot>}CZ|7~NLUTdahL8{toy&2>oMq{j|2eFC`g9=^cdY6k>3j%VJj zq;jtKzO7`oymn}h!vs$rjkCf-`)$U9sqs3M6oIbJ+EV)^nuaqFePx%E!d zbj~bnOkSCHoW5+S!sw3WR#eOL;mVs`^(ond`quJ4vu0A@5MvB%2B>74O@f(-WN#*$ z4Ptq%PRQq{gKn8{u8XAIHK8W@$H?g4?@`1QQt|RA#sQo0=xjE_SvMl(rX%srcJQh^ z05pQ}Dj`ynC5XFZI|e=S=y8ctbf7-9+}joTMR4m^qjNYfl^=m~Ff;!y zaB(F8gWp~<0$sLf{C|`=xGqFady1y#Z`+psT5D~HwJl7tYL*y_!Zkgjj+OmFg;ra| zA8XJd{VLgVSF%$`?Ib(n?Ut!8J8y_1k#M1(wHc1L~jy&V?KC&>F$={8@S1W}~y?70P%r?^Y@G?hxbo4G^_`#Q2dO^aoB=gTLHkVD4KsGvg|+)Eh=X znYHuAhZr>F4no&hEKU1PelzX89w;S=tEuges$7Moo->Z_*g{tVx~XdAHv;7kC0E*y zAYRlA!zN@-vuC$!GD7^aSR@-MSg#z*rc-Q=aX8}m!;qOqqo(OKUFiJpz2E?x; zwH;OMzhpu9P!P^}$J0~5M2{!S6Ozba+0K1mA6q3o)^8uemcVd&VL@P6V(C=YUuY;r z`UrdUKa#W>`40)%N(M2s%*hr{a|G$MgBaj&+c65{ZV7kfB7;WR6v8uM_LqI&7e6fq zu&c`GyZ&0u9muNh7(482-kquo-7tQGXxXYboimtyEf8zQD1j@rF`WIQL`9lVTSbyZ zuBf2%(580BWXI@Q3-V9*Ud(UE-{{3}(xUk2&qd=61@MMUXGJ_SCvk&RjI&|J*q9#$ z&6jI6@p8U(am4Ly+shB@RcGx!-HML&f6rQaG#3V#ZOszQeLu&$gM;NCG+euFjOlIz z&sixNHfArXWZb^S`nQtnPg*H6Im-M!FSpUHh|*YEQ<HsMS}uM&)V?S+uzGP&V}~ z@61)R-fn5Ob?E18Pdj8QiK{g@_$g_NyPQj;>HQN-L;?FpBq%4Oe!N*@&Jpz(g@rg} z$?IqKYbWB(jo|XZp0`Lw3-4D!rvOcYZqhKOm?w3cR@r^S+ywapS8zFfzXtdOVwEm& zB|A#Vt7PpOq}se63pI28ed*ir)m9IVB?lwzY1cp=*{is)Eb*_Oa|OH%*(8v1d)CD0 zep$pX=(s|E3%xNvVc$5^TXNP>u{%Sq41jb0LmL0-$ z7e6cMFK*lNzz^HTF!Yr4qGhCQ|2So7>4<1-zr|{;>RzxfaS=s20v8Dc=$-OYdz^pM z5l9w}p|Cav0`KVYDMwv&_UYdgo40WvmMTo?z3p^>4)@Fz5h68jzP!C3xVVS9@B8O3 z#IvP?Nx>x4$6ppCmJCr*OuW1wKg4}Ano-t-`1Nl?50y%VnnP7U{b{{ER#ZaV9xkZ? zVLf5m$u}=^*9^zh?uxhEVGp}^VM#F&k#+XhoO;n?RXgn58(gX;QOucF!TD+WLcNQ7}Nye=zKYs$-@pCJVX1hgBN05T3E2*aVx*7$RNWzIOI~svuO78D(9tcvv zcTsJYK^%+iX zWoEOc$B8|X``fgBS;J7qK&YL;(-}QzQ2Ilze3H4Xw)ki@j-iQgK-xPTE><=CubEu7@O#9itbOEc&s4ARnaVK4g|3(~H*1 z(t=(pZ011+gQgVuK^XZ@l?aFs#D#d;xZffV_~nIWQEKtQ2Rs`*!ZKLXvfpCp(@BTt zE;p4Pa^VH!nHN(f58X>WT5WWysoTsjH1-u(@=`v?2sCRYvUI)1w_@bi@kE>pT+2qY!@$@AnKL8wY@Wio1k{e(jOP7UM3HEZE!_ z0DLOwrz~g<`%T3OALeCi5nSXz#-B+;A*z?1-bZ$rl`1ISd9+J{GzgoAButhKB~P^Tl*08XUt??c`L_Y8>puQP{4X1= zgp)qOksZ{O(?4~=A}$&A*~PQBXbqAS8SsmsQSFUxOv(f@Tt8C#g3HOHlsIe+X^Z`` zaw#im3QI}7QGOIt;)urh;U~d_3Z7)h(E_9tw2HpS8t#Fim3o*h6-SM}+Uc(GUnciS z(5Q}t4lXD1YDr^*{U;&qhMRr;cXIXXM;R;Izu{*3%0et2v6jGs*?TBOyg2D1*g!(* zRdw7_Fgt%SP<<>IjEBmBXgYWtb5aqLjJ+j1S>*0EDh|Zv6XIoIW+*{wWI9z&a|i<@(b3(q&uzZA$W z2BDm5E2a(($1s1VtSZpv6pNt^emM?Ws|f0{3d*JpvI#8MnW>6|oNrJftp7Z^f53&c z)>CfXdh7aPbg=d6Q{S6DL*VuIr}q)={iGIjM9aev%dW4%^r^!g9?w?|j?0%x8O{TJ9ylCtI-D&rlMu}NHeRmz>Yuh64Crny$oGbN zb}cY$4iIjFko0%`9nReQxEP#$E?qF|UDO<1Oj(*%ef9Wviym=!t}qCDhCB5;$!440 zAX@iXm&hw_svxvrgcx%xssNBbefbG|NmWaV3mCK{oU7RH(tR?(id2lc(;WoBbY41ibie453** zF9SYsdopg5rvL_`ti@I?ta1kjShw1|>6Viyqko%@J$Y7*+W4fb)&l%?q@A8( zBf|~fAHhq%?5^|<*UlS~61I`jj!=A~nbW0K;B7MKlSq6Sz$Ahir`#t9PxO02;H+jp zu#H&hI{5{YQJas5Ya52fDWI6bjK#6sE&nsUg`)8l(pPPuqBb#fsM>%s0Gea`K2r+F z7`Bx}CrhRBn@VlLG~-tiOkKmUB^<@+gn^S#(*SamKlA&mIY&kY*xA8{ZeGviy!)le zPpgwj*DF8CF=M!&v8adZ$J5@aUyO$-Blm8I+`{>85y~#Ft|r4clJ#kJHh+0w z{N*qF79*eGap`qWmW^SpDvE(G`FKawC@oe0)EX^}GL}h+aAXP0yIyXu$Da@?@(_?% zQ2)1%=^yR(Use+IpY(sIn*QgI|4H2a{}BK{Ns#(KiPZn1@l@ntVE@ws`OicDCp{(r0COe)00{s905dKyE-)^7X>fI#Q*b2! zx2%(iCU$nri8HZn+qRt@+n8{oiEU1t?CjX~#I|kT`fuI3=RBO#PwSyqKX=vF%5qT9 zSP&2p-yxzbB(=;C=BAY4As_;%ARqt`5D;cS3lldB4I6O_OB+WUHybBMMq5`W#|_;N z$MrV!uWsQjll+$J+WM+yWUQaDhbXl~>qOg46?@?PYkWwp-CAw6LQ&OC?uuYRIg%Qs zIXu-o`WLgkXT~;CW(FYp)?HS?u~PR3vhcMpCMCZ`FB$Z&W)M&Ih^;<4}J+BnlL;ODcCM>S95`!I>(v#NO?LTdP51e-x6n`fq?hAkLOYI+kL z1`w6bU-9Bp6*&T8p3R>qls6npuz2V$Qre&#wn#e5Ge`2DKt0*d7-=nIw|i4VU#Uj-HVjT$obVldO5Izumm!_q zK*g=?!jZP@f=1=hl?q*2Heb-(dV0k`7&1wcqrNGrrP|{E7FGF(Tzum zn=Yq;V1b0OmbH0G7+0;y-B>F<&eBpgBXw#>#dnuwUtcd`Mam=DE-Y9!4}RZ&y2L*+ zeBbdeuh-ygC;q8^_?YcTb30BtJ(?>P9dbEkjl?rm0wg{364eM#l7zlQ-{$`MY=JHO zPgXk}xA3ugf(q?(_&V`x0jw-m06=~5hb^+{NxJgXj-XGL1dc=v3%_Ik=m3%NZ~9OU zuSpXu8FYh08uKP&orr(mtbfzuRMfSoPS8R}lpL3^Tv+)Hz9MPEN?0x@^(R=BnIYlb zAoi9W!#5(uV>3!<+K8>R3k7d%EXfxQP2TC1{Kb(q;GmbnOXkuPch;1?{DW%!@<#58 z@L9C2`~2XK;qEe)F-2N3QXfutF6`x#v3Ff1o5%7_@Tz~h-uZRF`(%n87b=6uGgIMk zY#of?NDifO9M%2ky(fHDr~v68{mysT5Yy$YVRl{pXZ?@QQjGlPZ@dr;Hoc-@g(+qZ zD{o5wA+(4Z*JpusUIzV{OESqI%)}yna^j491+NwU^%esvjRDw=@SZ8tiSkM0Q!?^+ zQ2*goIDJj@DD)zs=6Xn7-2$C^MVxeu_ZjAd@I`dIM=McLh@HuR=xwFZdVvr2%vBTJ zZSH3*^UDF82~D`m(rMvj`D^ogiRrpqF)znz4Q+pblt)oqnUs^A+Nv&kh#S~0XK^P{ zF##A%Y1^E%(VCKU6jJ?t3Z64fRMjYaP+^ZH^wJ!Mdqtc^Y)XLMA7TpL7;O(enYW`} zXsGbC6hOap@F0C_Z;`Ar{Hw@C8YiCGcW*rZ?DXmTwFiw1hJ?Ss^W}jz7n=)j-LK@R zTNVMyi(PRM^4#;L%AI8*5u4;gN-URqR-U4-`;d)pJMlW~E7o|FTMyx$Z?#6>xdkms@ecI0`&GF%aWEr>}An!ea- zUWxej_5P6rYULW_!!2BR$-di#o6(BExG{#+7xpK?Jh;d^V>kl-Bv30=9UCguU5^cG zhc7s^nu+T+1*m6D{KQgtQ4gE6DsE9|pm`ijq5Vnfg;pu)o<%%W8fUmkrYnte=W3F} z`J`%kT;cS{s!~f zDqHkTCD96rtv>-wP)Y8`6&b2QX8K2h{UU^fE^{^y1OsJ4T}WChqi4_JO?W2){lVFqi)3- zkhYmDA=!7iO&G+OCK*|Xd%c|59%y$dS#h%?&On;{sxQ?c#I&{jmvW16q`{xCQ@X<- z;R0)dw`c36Zf)Y^Ts)uC08?>3vbH<&_3lze7f_x<6Xqn?@1l?$r-OuMk&#%bd+h9ASqoT3Esm`Ew8-f zW`_1+ZQgiNRA0;;;&b@BW*5P+-ZH+B`7zNGc5Ux7qE5@kYF2p{HlB?SUF{4cqvHzn zQ3jHrW!GzN83Sd7v^P}BP#@6r7jY2OF4Uv>%{;9Muf}dNh`J3%12YO+U`!a3=P?4x z7S0TQIccrxfn2|Ca{a`dOB*&3o5kAu<=j6{X16qe_f8`_0;zCv(}|9GFqh4~ti6pt z$FIv}+ybAA-mjK)co0%TgYBj^68{3G4aI#C(=LWDX2G8kEU}wXp=)_Do1uNVQJekv zjxn3fmPSxMp50wqmBEbG#7DHbT_QILVx{ zDumMg-yZqpi#*8#Zgg#8r;(ZUc5(qM=1jEOhhBJ{g7%BF}tUlSlY{Oy41$Sv!Th_4kY8@0zjSq(b& znUXP4e=pu$r&M&k?5Nz|=w;f!o#g@iM*Qd~U5nz*PdbjYwI9Mg_ekhY#KbFmEXI=i8>VP4z|79UxJr_*`dSj-4w+Duss# za6sk2UxHDBCH>3F%7y}01#CBlDq=~Zq(jj}YuI9qr=qE{XQ;0)66OD2!lZ-5v}R`= zbtwrUAhc&8AkZNoARJ6=9Mvrxob65AEdFo(x)8AQTx&_%ddmJlKS@p^)?y6tAT%kEr{qf@_lUyh1w&>T_+tjv5$d8^#1}?|ig~iknNM_s#q(h18 z`R*?QvYhUr$JnWwDYdx_N*P?Ci>H^=&Gp+F+8i~Z6P<1*^3}#rP#fSWk}s5cBd7Cn zD*tL`2GJ4iGImOATGsk1&t?0oq;V3q4oWE4S7@Hb1BzrA@808@#3fJ>bG#m7U>nmg zNN$ll0|q^$D^rp^UM6iIh8d}FUvG?&l&*t^z&Jj1_CLF=Z8e&ZFUYd{@%u|S#!>>NEzdH& zjAhEZ54JeK#d@WQe)c_8e^TF9ay^}!9mr%dB7-%7_nbwM#Ca^;;q;QG2a-Kt%$jYL z9$DOfg+Tfa<>=T^rZ$8JxkD&tI?4ca2$~I=rvbtMQKpp05z_>0_gdpFV(mD&_CMlk zY7!n?rxie^mX?lo><32sUITFA8Q(kLOZP`wJF*6v&9vq4Rc;rXi%3zZ;CWzPT>MXW zZim=)!cx`n;Ccu1V+@#D!+2bN3ZI#ULoBQ@aN!grPQpgb}G ziK3AuV$=nQ`LYOTjUInE-BWsX)GJ^$jrX(hFrbh>mCXNMZ9{<4U@D)>MmQZ>e3TUG z-%DAI8BuUl_2Xfz$%0iNPdww zSW9R$SZ9mGgE^Evcb(~VGyCV`2wi9!K{kSvnoBo80Wc~-17Bz(N-jS>lBbQQ)za$K zrH-%Sl8?M681u-u&a>`mBqKJG<6O{w;8KhYjCz%`5gE7Q|17-XzZ|g0Df_Z4Y(>5x{&aZZgwS5X;k8GIpDdP8O4p?+pI8k;HYU$zNE761w@EL5$ zDT;y5x#Jfs!3h_LFnT9{6{t4%icg=N+ijin^{xj+u(VSnl}dyBvRENCQe@4I28l5l zncVy&Eo|t`43ir9MGzNqf6nk^e42?A5wJ~aly_`2e&PD{Kv{LaE#nKGUS3>WxaINZ za&K%DbUIxrX6JP7kW!R@NZdK@l?h<0*T$_>Xf%8>hd7ZwB?jys^-{g?tbWf^;+ON) zKc2Ui=)5(D$Y%5^%+uC`;*${@4cka*Fg<;xmlAIlxyR3*;5Xx7JUbGbYodAnskk}M;7D? z*a}@yZM+_-ZJF?O7MbBXN=LqW;re`!bHESP!4ih$pr0WUkW1OC^s6_&|TcSm0` zgY^nvvB}(|Jhm>Cl2*`?E%YDc0EQNFa18B{=$WlJ*B=wkqyP{wS?7-zcwbHiC}O{O zwhr_MNxwjjejHKE2Sd+d#m}>-QGJjgUNn~U@vI*@l?vEg+We3U5IhL9rK};uoTeDc z)EJHQpx0Vuq$jn31Jq788S^)ipISr6h6o;C686m52tV-T-FpO!B+P}O?%>1S(^zuh z^=`{y?7Q}MD%MZ0u_92NNJA2G!E%BVUve-e8~if<7|uYo$<-c!y48*-^X!i1%PF9( z7rc4KI#^pcZS-a2Y&Sq{|3NF?mJZfu#qXBn3*AG`I9ews|F%S$lVgz4~j)^zOP1qhv zi*8vRE*~+^;YX{0g+wBWAgZ`1WPIS|T2C!}mJE_XzqrS?-7Xbz*$jBl52>yf+KU=; zJcu{D9QsY_klYu}95#ulQ4qsZF{9W3agGPE_H}Ew0ht&T)#KWg9^P|^Hr`AYhKwfXnf!V_nn@0G^!ax7mvtK72Y|i=eErie)v>f?lWzST>CD z>`LD|0$F#KVwmhye>B+**85s|Bk&`7;LPdyMEWw=%X>MR$?)rXG=0Cq|C$h*P69o> zcyg`3o*iz1FaJd2H5w4s@g?C!cnHf8W8if249jIz{J?fuU1gPZU(~uvZHi?tv?~$F zJZNp8C+jGXBam}!2{GU8E0rds9YdA$<7n`vFu&_BS0i05FTzBf*@H?UYzyXKm_y+8 zz?Ie|GM<`a6AvRBT9uZwN5I)Mok04#Kzc$FP8KEbmn{h_r{#hDG;GLx8Tt$Mt)OmE zb-ZNQvs_PG*$B*JXsOvp>LhNdSC+ZPsLdCC-)i#&vwp%J<(NK6UarQ8bPI^~5XBs? zsZU737eJOTBjc6kC82dlS`Bdz4wW>CWbce8E`b|whaXDFa#cIHML25Dd&gMIy@ke<4!ac`w#VuEjI8p?WA8vA>Z*;{GTv>@Nc!L){BnH{>*cfg z=JKwjOhzIYAU1$OI6VuWTx7QmtwqwHJjNA9TPfzRvcOd#^pM+U^punvB+Ea+V=5or z1-Zd_DDaDMV8bbDpPpxcmf<=zT#t}Ok>qiWcH*$5Y)+S&vWIiRjv0ha6-e&dJm%1h zjrS^8tVXufrfAdzJQR1WrMd4Y&nGowY!}4xo?rCFHda`rKWYkOpry#k6HRH?5%}~T zK*F_&S)H1%Y>7yZY5-vum@@X!H$iChjYTLKqdqkH=|dtsZpOsp8*OhqHC(>Abf3r* zNl@aJjX(Jt&iUP6mOwJ0bwd;ND$+8N3axJ5Bm-D9*mAqQib&!)k{Lc!t+^+wZ(OUu z?0x+)lfN-VI67Pj zUE(}bBeoSyAL3JA;nHw|f~PiN+P)241nfkp|I{SuW8yoi2W^lPor57MN71s1Qjs7R zwUDE2DDO_nP@Oc%jfjWeA8uQxOhBjpEj&k(tnYBAmw|g(kbT*Pu$a&F=-&6VD1OLl zb|SIQ0oZQbb;bFD@+TmRaHTryF6ZtFCpQvN1_hoy*Xi3O$>-JDrnTF{jgVB1!%Ujv zal=VJ1amGDGgJq@)8-IddQfP*5|Yc0mVhk@tk0`8dorad56{g^6Qv#$)NI=x+(is` zxOtid7l7{HFdn9nLQ*y+38cg)J}(2fugYAuV0$&=A`)!4JzsNn{G3S!0Tyvg^ARr` zujP+;oWucHob!sYA~`f^afvmOq7FS9%_rj?`F;>&Va-N_6%*Um#Hv7MO|C0 z4Ku99eZ+kbzLVtHlixzpLW9c_XThwuJMx>n#K`utC+5-x%}3F|>>bzNb!a`^I7LrW=PQFdn*-Jp!jc)iAg<|GMfjrDQZlSi z2)|VyJ4Tz0@6w>qr*@x(-Z*G0-u_9NHTGUm*=Hksb`wZ}l!CDQjY}%NpWOXPOq6A@ zzqqjJr|!&UKm|;>HM~Yw`M*e>%E7FpX5EsLuX5dEYdAGi#R*T>)SL%tYMLG>X!ZLn$u{V*=Svi7VV8#B&e<9Rw0Z>?c|E`14i9@m8{HHCEEQwECl4TCyK! z$10|H);Hv_r&0|-qZ{_?PfK2^IfMEQ<@Bhc1f!UYhP4`=ZLJtBogvj!H_G;3sAq|C zIP4y$)g8KTr^v&FXAoRAg#5lUke5OV5;Mi#sC5lU!^AHaJ9CCqfV)VW&+5M>%g9-gJEIJi0$ycEW6 zidh?y2!Qm&yTUxiqx>rT9){h&}v4kAW+T^qROM;d{~(&e|UCJ!wU3&665lMx;2UY>3b zOZzX#b@QFZB^N^PT5PTh{|+Qmws!D8)_hhM!Jd?a&bd z#m`UtihnKZ&&4bcv!y)JvtbaRUvqYeKYR1W3{>a?M>f1YMgMMa{~GkAoH7e|BGecw zXFIhoxky=+o&}Yt%UOPOhwHGJ2^W$E(lg5j83|LKM6Sa-!y zPJaJ)=YkMuy3qm8FwA^4(|)sk$s>u(o~*Uuz>-vENu3kh(U$;FejiQVQx)8<(+*K@IQ>;w!mB$oL5F+nNUizyT)UvlG5y50EcX)qr;zz%+kG}; zx5T|p7#i`p)IJ`=+{!@;PHTzUO-7B}ieXK=PfMe8TM!o}fYfa8x)_bumgUc0W?lv)FyT}8YK?*PSUTeqgj@!+G)xao))Sz9WA^7st)aQSIJ~o z1F*&5&x?G{h$Tj=tNG^%_Gt>S=&%^^RRDsIR1S@+f%nxNT{yvwy;GOT?y!5c#Nn@t{EbE` zUMjo(ntX>(lO9KCDKqw2YUTbG=Cvd?9aZerv*H(Asw%BLp+d2`PF#Alpch%o2gu7phj)u z4tBB8kf&iHWkrLyV}Px*h8@kRA#R(V!^ftG+`cn7tzqnbCoOreZ!H5mU-yjr;5~2P zt>D4g2fH?~%&maPw?JOz5~*j$^c-{(OTbjvYm@K26kE_qe(F?n+y`Ha8$4~P{ zpc7*lJw7{=T=qL|hhd*#C?2SV@Qy*6A;GR&nvnJ{Nm}zDrU?)DV6+FLU-AnNKfWgY zQ!K(l(0?vz`*HDFzx=Uc1~`Zpz{?_+z7@FccVmrul??aQraRfn@t1fa~vIt7e6lAjj3G%!mECOWu* z*;MTMwsQ3C&c;*Yy$oWy@AsQ)icE0FOLn3~wyJ z6yi#2G(0XhmF4Cht)>fbH<+Oth2M=Q{=+#@eQ!dD<9J&NHlg@+&%DM9K6{RRxBNy+ z<5M`}2BK?;ehVIoIi27E-SW;S4WDghR4LJl9j7rN7xmvX#t*dY0rA$BueTqe{b)9# z5w;MaqrF1^e#l?^*hb7=#lT-G*8R21jPL~_-DMC}(=@569=VlpxE9>k)QdBV9gRS+ zgLBF|II&pOe0BgWe9a3WY&c@SyG-a2zEMNcKpAqcqQecItm3jaZU3v3p~-$@kFm87 zUHS5!u>w7`eLc-&e*3oxiz0wTm7GrX)$9GJY+^W{Qg_tKo^j*))Kw-aA|l3V`p_%| z|J=MMk<>naLS&}5P2nKtvauZR?e{&ADAg4z?{clxV3^1E^x${3%k^x6{&k4+@RhR5#j6GpfX1JOfIVQ2URV6-$Gc0sPK zT`+U*R%L_oA`aok(kb5t5Wc5ne8tzh@n&eO66SP2`WW*}E0kHEIIzZ5(i{4eAHWZt z%dDD9h*-?}Pc{JwHnzPyJF>&#%s&w{_=E!6;nA*>m=9^Ecg?_*IXOg$1q0g@x!Q zB?`$&c=tQqWN`UmhdiA>V@+(Ot?WeRSZx)VjUL}zxuyAvZX%oxMT5D6w1R^4imOo} zY_a>rFpz`9I}4OASY^jIHgB&#KHC&ggupkfU!^i+|7$fCPB~eH!yl}25zZ5(u4kvB zVWy&?cT@jDSZPN+!GW3Dj1g`-I<^`m$$`GQJR5CGN^E@5ugZanY)7=Zz|CInQ2y7Z zyvCxu%A`Do2Mg0yg9CwA(pD|`8g7Xk%SxBb{Gl1PIcu=e4iSF=>v*MB23e$kHMqnM z7O8*N>KA@6_{U&cH9RwQgPwei$z|ZfeAVQ`-+cZu&NL(ZqHM5{!c>>eauXf3)5sv# zNH5o9C)YFxz@E%99B>7Cc+Gxg1>Lvs+=KV0s$35hfCrPneGSmfA=LXp z1$LtBe!ubG4{JNUN`>Q9=+Zk-JVVU28P^VH&BSN= zHE6Rj;Ms4#AM2I?Ketk4bGqSsV!u(ZL&#($bz(#G*K;w3F8|ETBUvb6V8}K?Jj8gxQ=pgDV?pd;dqwJ;bP_s@vLDA z{3FE6DY4(>pCWV(xW*5dqPc`WxjN$QTPU>#^3FLkOG_lXN1sfm znvOX+q%)Rw)l}@CLYq8Z9u#>pA?~gI+$~H36t~l7+NVzVP~zjMl^4Q^WvX*7VFRv} z{9TOu({3}U3;YkXz~0uIK@UNPg@J>{F(9NX)-=riEcib{UFuC-+a&l($VYjH=~{Vy zZcCvW;!JY6?0rI$N2+SWUPr3%vkGg#s6MxaywV^fzN6PLFe1~74Q`*S&pMIdlvDZ~ z4E?D{#Y3Z=ZLCZ#RQWuZ|G40WhfgXaEjQ~AFX{_N)=Z@>?CCV4N$8!8M^6VL06vRI zKO*oyOcC-M7R3KP?fQ=(AxQt<^}h_g{(H#(geLzhBpm*K0F}yeFtGoze1rG~5e5MP zu|oNukN*QuO9KQH000080B?JbTaK92G~oyU0JMtB zX>V>WYIARH-C1o<+(;7s&aWu>PGSblcmUn%PUx~L7FN5fCAYbRO>_c;dhD{@N4wkU zYBQPS`0uA`zl?262nl)7ehHcGa&>jRJoVW1ZVMpzD@7URA~=8`bFQF+#iCjXbD>3w zIcgV*x244}GI_m6i`{T9+@BW~uO+S)M;3*{KYl&NL~7}z(c#llIr%aV|4T;yC7AJ1 znb5I9%SSzxku_uz7an@m9R-!_HCmEJvuy9EYPS$p=tQRNZ-7A3 zEBRK~I5>brD8gB@u@oeu&7*!TMvAN~Tz%+2Wu5}r=*fBO7Asa^DqU7COF|nN?btQ! z6n}^6-}wvFPHI$(T#!S%I5DZA#c$fIe#F1cl}SxV*XelxD;c}&$$9Yi?}|6)0c0rC z%(cJ2KiB7aXXjtW;la)hT%KlV5puDHCBoU2HY*L1s6@J$GzN+*5$3d@+5$4FcrSwu<>jzWo893@k%&GAhkm)B8M@oq|5wAg)u|VZAm(DeYd4qsNUMQUMzQ$DCRvS# zL18uI96GTyr5lOPt<>>#-sH~|{s*_UG|58mf4EJ)*hEubv~`_Px$G9&rUC&1i)2b0 z;j=1fe08671fUBXzZYnIz!E7yZHYP~XogBVu?eAE_NYU>%ZT^ObHa{%nk8T;FR$(k&0UlEY}++5x7h^K)wru3H$STeRc462SSAmJzdq2(XsE3to$tXUC&Mw z>eOYEp6e#lkgqqL?M^Sc8Z5ppk=#g5WQIFk@bgcny&Mb*;WB?*WOO9lq+5ZLX(;2_ zb|>pUv`~H!g`C%2`pN$8{_cGDAM@S4?de5uJEF6@W4HRSupOB^H#$7FrZ_e$-4#}1 ziHfC1GoVl+!px|+A|5Y%P(XCj{XLP7ttnz|wJWI^$(6jPKrTPp7?PuG3js zjBkNK$6FiN>4;Rhby1@PIV|o02}aDQZM>riG-%FUnWYjjo=WGa zM(xcVzH!42a%VA|;v4s)GSSuW3FB*fm|B%GKA=hO1`8W*$DoG5HbHBYCw6_V7s7u` z36apgqYQXpRFX5f?=4=D)UYiiZSSl_( zuF$@*%QYm1D~NTZrHqA+n7Ts65n7eN?-F6R({0ddkbWN+ySc9u`z0fYBLNguz1j+x zoE4gwB3F@>Iz?hKTt~*4v9M^S)JncZPwI2wLg2G*E!S}%SfbDMX{BIfY1Wj>8Mo;x$=gfgXzOpXMEB3DSH)*Mj6sI=0pAvan& zW2H`KkX2;Zzfj1S)k}SiDl5xYlgQFIExP-=eeoz>4{l|`t?l9?_J6p-9aSv-E ztxaFJeb6oRX)Kx0lxsOdRWSNPDx{b4B(ee?|Dx~j>FgRJqbinkM=jphAjk>pprmG} zG2}Br|Hk9K>b{w>ew4y>CBvyu^BP&_+`oMpKcIXc;KaQT_TLM}D$^zZeMbzaNb}Y* zl)t08Zksx8?pT$5T-@)8eXrsUH#uFstZ}OMOKQN3*{9ze;qOc25(1CQRM9@z0E@ zF*+tiE@LOtyn0*u;niuFN0%~w^2}H#)V#grr5`F>cE=-+iouQ3KN|+m;aKPtttkl( z`7?gTl?BJ%4ZV*dp8(D6Exryk*H_JipK??*MpOd`UK2ni6*7|SgG6#I^8CWT2le&{ zb?gh13sPF(LB-O%`7|JZKoabKi6l6Y`U;MCTJpHD-~T3K@5e%ZDQ-Q$=<~=yeo(ir zUy@%}1EbNFJs2w8{UPi}0KxE-Xp_SVk}U{#N+q6`P9b@J`hiOyO&2N zP)*)>nt#evnR7ytlkzW@Lc0001OVQFquWo>Y5VRU6KYIARH?Okhk+qRbdo?n5* zc8%>jqAbaeIL`94zDe468aJBQX=Y87>p~wMS(|VBHcNf1|H<7{clG6AFP%r-yuFnKK}zzhKVn#>9#xKpXl`zap*!W z>c4#g000&Y`GioB@Hd}a{}b&38?Z142<1Ot`s8|uc125Mc3J*ZRLw+&Gvb9D6Cd!n zAz(x(NQ!xhM#y)qCji{Zssl*j6mdk^ymF5?P?V590l?z30EyBWr`R9I^@^rr{|)lT zd}1AfZu-h94A0ZdHfD;fv#sH*KoAXP+5#!*`H*ppA*@T3iYyVET{ZC}ShSYV4i`+lk0DM3I z`-~&#ic$feAn@lkp_eRx4ziO*{t2!p*qH##fQu-;LM|9lGL^~S9D_82kgE8(lmD0U z1;8qnS4XaS2{x3|M~C{sb z8?CvbY;Gj)H@3DuRdibItGQ1`?W)t)4@q6Xhto*g-;gml_Mtc9*kRy$f+zx~*r9}x z5eH|;=h#P{7*K|I7?}GoB;>Mdi*gqkwCtn+T&q>m5An?myc**p1dZo5jMilMHs0)^?+nBo@|1w!DvN zjhh?uHyc~Ye7DdPVo%D@ysBNKiPYlcL#3po@A2Z=O;^`^f)~*ueBySMv5AJ}6mg23 z4~Z0W8RH!3B6i|#Zlv1OPDXV*NzOJ}KxuEWdO2-!btJpSS%4fdv|V);t8*`%SsPoe z4f}d%Z?r-m{}rN088?-hFSJ$9>(;!_3tLx0rtPvR?^3}OvOM!yR^WE^cZk(22c?4Z3p*WI-bcK3Ge-JNIq_OmY9w@1B$5ps6io&$%e zXw1c^;?bv4M5HDtSEDoJgcS2xDw|^uQ7-Z&s*%$xQ{DQ?7t}9E%k<0GgwiqV)f+RJ z3?4k&@Ah_(-PwVA_AcCYZTJ-J*dzC#yL+&^?~aDO@-gex8nd2p%zF1eX1%&&*1NYc z6HS=6A%K)2YMf!w>+G5lEu+Vwi}_2)q1~5h(vi_+QO6|zUKx$(RjRVNigGp7*X-?$ zR-t~GTOEw(arwN}Eo*5_Y@5L=OybU3KLHrRO>nx)_@w~Z>YhC2hs&ZCd zDZ&+o>C1FWDh zy-u%ZcY1awSyKS8VrNfl1{Z`imueO_u|8@=mqGxUd>oGFj#;!SVAn-{>U*VTa?!cc z*x+i}#j@hjIFCj5A@4b+tqLd!5an2L8g+hX&c{v41J{^OQV2?IkBeF0!I==BCVwL7 zc~+fo-dqE=ucA?3OcmnkP){TB#zo#iRi^QGr!+1Kkngg$emYs@W5af87%RR1tdaB_ zefrc?ZB@UY>6I45Dg$;E(?ymwh1gG;ld0wYq2#olBBcDWROi&;E#SU)nRgkqDEq3o z7$-lf5DZhZh?Hd7l$~-lK?o)5f-@=2e~EoLQ`iJj#kWs|_P1{b6?hdp(Y66hhK7<%|Ka-|n` z2&~(I70;J}bvO_}JrbpCciWwT)f!lsqbVC$haYbTQZ)wFVYf9%)OcVW-VQ9G<}&vW zKY;!OvxyKzqBR5St~HSQA(L=)!+{O<#p8LAJNY8jHvRUOcf!#$ZPH)DCYEn;(T6R{@n*`{oiSOvF|B-1M!-2~7VEQCAr;S@WXR4klMA;q5&cqP!w7bNug zkt2R@Zh_$pa1t9)^QI>*%O98i{5uy1B+ws zMH2cwoDLBMWCUI!jvS8MNT@)RFEk769)Jl6DU)SzJVkPb-Nd4E!^rSG6~oqj+B@io zpSwhGqLjGKWL1bC4XiopN9N`;E}GA>;w#KTp-VEE%pUrTL(%Oaq%w)@=^5g}lM$`C z9auNVH(2~}V5KsPM1d$q>tF4E3>)uw##8yhOkd61oW*nV&r*v;T4Dq1Zs6;7#dsFSPONs{RC$sn7I|8N134NKI+K=4 zESZ8q@T9~%s9~s8V49Jcf+*Wg4V`LZNqAP`-+-bkjIK*8ze?z~1XkH-CB%0!oc2Zw zc#!c;7I;|e!by8lIBi=BJki9M%Gz^3-zEkBhGs`4I{O@WWK4d+9uj*?lF}9r+w5xm z94G}JHMbI<12HmkuYW1MGUPiLv7@sY<7nD`JN!3t_{UGrK|CTSQ#eK}X^tjctldWv zpLq`Ca&=^&xSyw9)H~!sj;~N3^2t%g>ymTnIbh*1Dk?4_ek~zSP_{1Y)jM!aU6~AV_1dvLf!Q@mJyotGoRm`g8RkcMVE=7)6HZ2-WJh(V_v|4Bt zQ>j0R3DT6H%)DHTkT$Jp0aN&Y(b7WJf{&sGIo;N1mA*OJ2!SYWpmsCj2!yJ3XhI|^ z+GGxG$mQS|$yl#Gq})$wvs@w%`fznT6;WkMcHQ!@Tk2+|CZRJyZs_TN z?qz}Wh7MD_v`(OcZa@)_P31F~2SI=keH5sidB-An1^Xf-7E>V1upzl=>&)izRo({a zL{qS>6h_q*h{*>j}d*VSo^;U6+`rV z0<~g@a|lgj6XJ=&JGxeI$V2%#%JCJ%o@j@zG$Bqb(RMW&#^6ury$KmdB31-bHkqj4 zV`vkm`*AL}GmoPwI4ru7iXMojWQ#*bY|n;fTd!`AQ{uFr_?Tnp9Xk$UOrNALb_T|g z?;t}0im$MT#^@Dupnz$JZ`EtMKwxC-kE!+N-CoDwAD?#)_I8Y~_D!$4d;9ywSG%RJ zYV}E2k9>9tgFpb;&2(^tk>^%qHD{MaM3i2#Ar+T5qgM=ogiWj3KZDjzRuRc#pk;u`G}(bSU*4>iF$YRZ#-X2RCP$G!$ip0Pj`xLlZ^ zYoPr8fb!ng1Im;0sTKgrd#eG;dtVPIH&wL;%GW^o_X(66&e?kO5P5upTO#DfC}I|- z0P;{f`W57*W#%ppPPs?c9i2Z(T5c$LE7N=)H@OxlYGhZ^dy!zW03s)f<+0+or|vK zZM>H?z(teArTn|_sOsdP_PpxXLp|2cc)=Nuwo0=XK0m{@)B)F93+Zdkz7dCmJ*fbu zD%awSWB!d#{H^Kpn-5RcI@y_{nd`Xu<>o>y2fvByUJnddJNRn{e-%ca_Ef+9O0VB! ztuE}dnfw!-ZCKwXtgr=}*nn%>Z*BXn%Jx%jzSU0h5+kX;akTIxeo)4g5ptoR= z5K6Crc=SBNYo&LqinNc*1hUY@5A(?u^S~K}3N6X=3c71p9zVNKu1xp9F;qx>0djHR)TWS%8U z$TnnomL$(Ij9r#&#WNU{?JUJlUbkm7xFUpxp4xzmk3cj7#1_l%$mJSTDkH9p`O+$(Sn%4d_y}aw zvVjTrQZ*d zXdEOPp5-au8|)Brq+d{gF4_u*xr{vqcBNm+b#bI}_*W3VcXf1z>Dl{FT>orcz@lj% zCH%gfb}hKPk2QKHD*j%`x4zXJVsrJ=S5!d$_dlabU{Hv=gmZHblRP}t$}ajWNeU|7 zw)VFhYRCqe={Gu!YQ{`4gCBa#PPnh260#X473f>ZIlg84qSD~L_g9sR$$T{%5#yGZQi-MbKJ;aYQJt)@73R1`L$Fq@MU*M zodeIflxz=&uTRJ&f*Vl-jPH6dP_bHu<|3#jb;$Kd4JGl17P)QP@fI#q*Yy7A-?7XU zA3m1i`ixH7k_$?JpMNHj*^Lo>hoDp!>AG_fz+OtX4Z1AR%^&tBC)8hFGh74qaU~@2 z<&l9jP8XlHJPBHI?`eSko2XFiH?X5E6{;Z!@oL>+ek`t`e5Wr9dxY4tkiSSpxsh>MNuVYvu19|7J-h8J#Z=lcQ2kt~`zc(pbCiTz; zG+_JQU(ZhT)uSfCECh?4Frx5Cj@Jm+%frlWV8@}Hq=XpOx4DwX&p!d!dF2zp)sw=v zVRm|RqEy7it;V)Nu;JdQ`Hda*WYr;=r`KE5j>A-eCoy3c%k34x#v`?PL&lN_3pItd z8!^Lt z(hzaPL#-JlhZr(?F4U+aBT+5L{g`T7?85W;;d{YNvqqN2UO0O{n}Ou#0d4}4znb@N z=*m+7BToY)`$yyDBNT^ZJlfU_kCGH{!Q$6;rDrQvY6HW>{LS-Q%pT3B*F7j^XUO%G z-PnqOzmdjp$IKDAJM`*pj8xWa8XrwCJGsbJILbU8**+I3Lz(-N^uQYV(4l zHt239>o;iYfxpzzafo?L=aUnPF{LWZEFPb{CX!!$M}uGfvzs&*p`8L{p8j-js+yJa1fRT`8gF%~)X1lNFYRj6mGLs$pTwj>udS=hRxcH` ztD=nC@zm4$ny7ThnV!#uN=@$ryi0K(>Z10)Z%*Hd>~n}x6W=SX=1y@VzR`Bc4i6K=q44R+l; zPR#?%l0oa;@{JXyZ}-LnJ?~d0%jP_zkLA@UE=gmknI~vS;T&9tV?pMTzL72V2?RJ! z+pe+2jMbt&9*yVIKqTfQWj7JbWM_$LU9TLFz8Qx3M{A_Kkm>2E=?#dBiikG<^o3O|K6+g>6X*+Zxn7br_>8SPbvbxQDNX)O6D6Ft3ImFS~c zXKB|K3D+ZuWwlGk?yE#___o=%acxst>I>axIMV{_Q=qr31z)J8elJK5tTfntsNE0^C?Vrg-D|+oE@$jZ zr(l+#YvR$m-UE#(G=7_jz%{2$)=q^DxU`-0VDaPC(N)^1PRqHw^phi-Mw41N+H8O`dCy51cNIrHf7p)&1oV=sgy z-(qynK~Ny8>IFr71O*%I^_wJAYOZ!cVy!5MFbe`s0nf10EWX^U(DgXE|5PlPoF^|Vh;yac=TWy1N&H(QSFH`fvS10(?FGTNH^KdBy zSH3I=IzIMdK|pl|=O~19F*sSuz=jgI2YdP4lvlEp_-A#DKhS0R$HIHb-z4e-i68oGy z-N%q09<7Zv`gkQ10@HMpPZ3drMY=r>e2}6*P!N8iT0kFxXZMDDl{Gp*ZMavDZ-g%o z*$}^}HHj*izylvPd>zA%A7FWX6Z5Jt(Tj200szZH(?KGNyDPn zE(o)wXK6k)R;##OeWV39kI0dK_Vzg>8U7vRaX;FBoqqoR?C<0n|2g8~Dv$FzGzt0# j@y1_4{>pCr4\n\n**Note:** _There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing._\n\nKnowBe4 Defend for Microsoft Sentinel provides details of processed emails, including the type of phishing attack, payload type and information to show if the user interacted with the email in a positive (clicking on banners or submitting the phish sample) or negative (clicking on an unsafe URL) manner.\n\n**Data Connectors:** 1, **Parsers:** 1, **Workbooks:** 1, **Analytic Rules:** 2, **Hunting Queries:** 1\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)", + "description": "\n\n**Note:** Please refer to the following before installing the solution: \n\n• Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/KnowBe4%20Defend/ReleaseNotes.md)\n\n • There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing.\n\nKnowBe4 Defend for Microsoft Sentinel provides details of processed emails, including the type of phishing attack, payload type and information to show if the user interacted with the email in a positive (clicking on banners or submitting the phish sample) or negative (clicking on an unsafe URL) manner.\n\n**Data Connectors:** 1, **Parsers:** 1, **Workbooks:** 1, **Analytic Rules:** 2, **Hunting Queries:** 1\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)", "subscription": { "resourceProviders": [ "Microsoft.OperationsManagement/solutions", @@ -71,7 +71,7 @@ } }, { - "name": "dataconnectors-link2", + "name": "dataconnectors-link1", "type": "Microsoft.Common.TextBlock", "options": { "link": { diff --git a/Solutions/KnowBe4 Defend/Package/mainTemplate.json b/Solutions/KnowBe4 Defend/Package/mainTemplate.json index bd06103402c..f085dbb8632 100644 --- a/Solutions/KnowBe4 Defend/Package/mainTemplate.json +++ b/Solutions/KnowBe4 Defend/Package/mainTemplate.json @@ -38,77 +38,67 @@ } }, "variables": { - "solutionId": "egress1589289169584.azure-sentinel-solution-egress-defend", - "_solutionId": "[variables('solutionId')]", "email": "support@knowbe4.com", "_email": "[variables('email')]", + "_solutionName": "KnowBe4 Defend", + "_solutionVersion": "3.1.0", + "solutionId": "egress1589289169584.azure-sentinel-solution-egress-defend", + "_solutionId": "[variables('solutionId')]", "workbookVersion1": "1.0.0", "workbookContentId1": "KnowBe4DefendMetricWorkbook", "workbookId1": "[resourceId('Microsoft.Insights/workbooks', variables('workbookContentId1'))]", - "workbookTemplateSpecName1": "[concat(parameters('workspace'),'-wb-',uniquestring(variables('_workbookContentId1')))]", + "workbookTemplateSpecName1": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-wb-',uniquestring(variables('_workbookContentId1'))))]", "_workbookContentId1": "[variables('workbookContentId1')]", "workspaceResourceId": "[resourceId('microsoft.OperationalInsights/Workspaces', parameters('workspace'))]", - "analyticRuleVersion1": "1.0.0", - "analyticRulecontentId1": "a0e55dd4-8454-4396-91e6-f28fec3d2cab", - "_analyticRulecontentId1": "[variables('analyticRulecontentId1')]", - "analyticRuleId1": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', variables('analyticRulecontentId1'))]", - "analyticRuleTemplateSpecName1": "[concat(parameters('workspace'),'-ar-',uniquestring(variables('_analyticRulecontentId1')))]", - "analyticRuleVersion2": "1.0.0", - "analyticRulecontentId2": "a896123e-03a5-4a4d-a7e3-fd814846dfb2", - "_analyticRulecontentId2": "[variables('analyticRulecontentId2')]", - "analyticRuleId2": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', variables('analyticRulecontentId2'))]", - "analyticRuleTemplateSpecName2": "[concat(parameters('workspace'),'-ar-',uniquestring(variables('_analyticRulecontentId2')))]", - "parserVersion1": "1.0.0", - "parserContentId1": "DefendAuditData-Parser", - "_parserContentId1": "[variables('parserContentId1')]", - "parserName1": "DefendAuditData", - "_parserName1": "[concat(parameters('workspace'),'/',variables('parserName1'))]", - "parserId1": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), variables('parserName1'))]", - "_parserId1": "[variables('parserId1')]", - "parserTemplateSpecName1": "[concat(parameters('workspace'),'-pr-',uniquestring(variables('_parserContentId1')))]", - "huntingQueryVersion1": "1.0.0", - "huntingQuerycontentId1": "57ada8d5-7a26-4440-97fd-32c5c3fd0421", - "_huntingQuerycontentId1": "[variables('huntingQuerycontentId1')]", - "huntingQueryId1": "[resourceId('Microsoft.OperationalInsights/savedSearches', variables('_huntingQuerycontentId1'))]", - "huntingQueryTemplateSpecName1": "[concat(parameters('workspace'),'-hq-',uniquestring(variables('_huntingQuerycontentId1')))]", + "_workbookcontentProductId1": "[concat(take(variables('_solutionId'),50),'-','wb','-', uniqueString(concat(variables('_solutionId'),'-','Workbook','-',variables('_workbookContentId1'),'-', variables('workbookVersion1'))))]", + "analyticRuleObject1": { + "analyticRuleVersion1": "1.0.0", + "_analyticRulecontentId1": "a0e55dd4-8454-4396-91e6-f28fec3d2cab", + "analyticRuleId1": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', 'a0e55dd4-8454-4396-91e6-f28fec3d2cab')]", + "analyticRuleTemplateSpecName1": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('a0e55dd4-8454-4396-91e6-f28fec3d2cab')))]", + "_analyticRulecontentProductId1": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','a0e55dd4-8454-4396-91e6-f28fec3d2cab','-', '1.0.0')))]" + }, + "analyticRuleObject2": { + "analyticRuleVersion2": "1.0.0", + "_analyticRulecontentId2": "a896123e-03a5-4a4d-a7e3-fd814846dfb2", + "analyticRuleId2": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', 'a896123e-03a5-4a4d-a7e3-fd814846dfb2')]", + "analyticRuleTemplateSpecName2": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('a896123e-03a5-4a4d-a7e3-fd814846dfb2')))]", + "_analyticRulecontentProductId2": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','a896123e-03a5-4a4d-a7e3-fd814846dfb2','-', '1.0.0')))]" + }, + "parserObject1": { + "_parserName1": "[concat(parameters('workspace'),'/','DefendAuditData')]", + "_parserId1": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'DefendAuditData')]", + "parserTemplateSpecName1": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pr-',uniquestring('DefendAuditData-Parser')))]", + "parserVersion1": "1.0.0", + "parserContentId1": "DefendAuditData-Parser" + }, + "huntingQueryObject1": { + "huntingQueryVersion1": "1.0.0", + "_huntingQuerycontentId1": "57ada8d5-7a26-4440-97fd-32c5c3fd0421", + "huntingQueryTemplateSpecName1": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-hq-',uniquestring('57ada8d5-7a26-4440-97fd-32c5c3fd0421')))]" + }, "uiConfigId1": "KnowBe4DefendPolling", "_uiConfigId1": "[variables('uiConfigId1')]", "dataConnectorContentId1": "KnowBe4DefendPolling", "_dataConnectorContentId1": "[variables('dataConnectorContentId1')]", "dataConnectorId1": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectors', variables('_dataConnectorContentId1'))]", "_dataConnectorId1": "[variables('dataConnectorId1')]", - "dataConnectorTemplateSpecName1": "[concat(parameters('workspace'),'-dc-',uniquestring(variables('_dataConnectorContentId1')))]", - "dataConnectorVersion1": "1.0.0" + "dataConnectorTemplateSpecName1": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-dc-',uniquestring(variables('_dataConnectorContentId1'))))]", + "dataConnectorVersion1": "1.0.0", + "_dataConnectorcontentProductId1": "[concat(take(variables('_solutionId'),50),'-','dc','-', uniqueString(concat(variables('_solutionId'),'-','DataConnector','-',variables('_dataConnectorContentId1'),'-', variables('dataConnectorVersion1'))))]", + "_solutioncontentProductId": "[concat(take(variables('_solutionId'),50),'-','sl','-', uniqueString(concat(variables('_solutionId'),'-','Solution','-',variables('_solutionId'),'-', variables('_solutionVersion'))))]" }, "resources": [ { - "type": "Microsoft.Resources/templateSpecs", - "apiVersion": "2022-02-01", + "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates", + "apiVersion": "2023-04-01-preview", "name": "[variables('workbookTemplateSpecName1')]", "location": "[parameters('workspace-location')]", - "tags": { - "hidden-sentinelWorkspaceId": "[variables('workspaceResourceId')]", - "hidden-sentinelContentType": "Workbook" - }, - "properties": { - "description": "KnowBe4 Defend Workbook with template", - "displayName": "KnowBe4 Defend workbook template" - } - }, - { - "type": "Microsoft.Resources/templateSpecs/versions", - "apiVersion": "2022-02-01", - "name": "[concat(variables('workbookTemplateSpecName1'),'/',variables('workbookVersion1'))]", - "location": "[parameters('workspace-location')]", - "tags": { - "hidden-sentinelWorkspaceId": "[variables('workspaceResourceId')]", - "hidden-sentinelContentType": "Workbook" - }, "dependsOn": [ - "[resourceId('Microsoft.Resources/templateSpecs', variables('workbookTemplateSpecName1'))]" + "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "DefendMetricsWorkbook with template version 4.0.0", + "description": "DefendMetrics Workbook with template version 3.1.0", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('workbookVersion1')]", @@ -169,47 +159,40 @@ } } ] - } - } - }, - { - "type": "Microsoft.Resources/templateSpecs", - "apiVersion": "2022-02-01", - "name": "[variables('analyticRuleTemplateSpecName1')]", - "location": "[parameters('workspace-location')]", - "tags": { - "hidden-sentinelWorkspaceId": "[variables('workspaceResourceId')]", - "hidden-sentinelContentType": "AnalyticsRule" - }, - "properties": { - "description": "KnowBe4 Defend Analytics Rule 1 with template", - "displayName": "KnowBe4 Defend Analytics Rule template" + }, + "packageKind": "Solution", + "packageVersion": "[variables('_solutionVersion')]", + "packageName": "[variables('_solutionName')]", + "packageId": "[variables('_solutionId')]", + "contentSchemaVersion": "3.0.0", + "contentId": "[variables('_workbookContentId1')]", + "contentKind": "Workbook", + "displayName": "[parameters('workbook1-name')]", + "contentProductId": "[variables('_workbookcontentProductId1')]", + "id": "[variables('_workbookcontentProductId1')]", + "version": "[variables('workbookVersion1')]" } }, { - "type": "Microsoft.Resources/templateSpecs/versions", - "apiVersion": "2022-02-01", - "name": "[concat(variables('analyticRuleTemplateSpecName1'),'/',variables('analyticRuleVersion1'))]", + "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates", + "apiVersion": "2023-04-01-preview", + "name": "[variables('analyticRuleObject1').analyticRuleTemplateSpecName1]", "location": "[parameters('workspace-location')]", - "tags": { - "hidden-sentinelWorkspaceId": "[variables('workspaceResourceId')]", - "hidden-sentinelContentType": "AnalyticsRule" - }, "dependsOn": [ - "[resourceId('Microsoft.Resources/templateSpecs', variables('analyticRuleTemplateSpecName1'))]" + "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "DangerousAttachmentReceived_AnalyticalRules Analytics Rule with template version 4.0.0", + "description": "DangerousAttachmentReceived_AnalyticalRules Analytics Rule with template version 3.1.0", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "[variables('analyticRuleVersion1')]", + "contentVersion": "[variables('analyticRuleObject1').analyticRuleVersion1]", "parameters": {}, "variables": {}, "resources": [ { "type": "Microsoft.SecurityInsights/AlertRuleTemplates", - "name": "[variables('AnalyticRulecontentId1')]", - "apiVersion": "2022-04-01-preview", + "name": "[variables('analyticRuleObject1')._analyticRulecontentId1]", + "apiVersion": "2023-02-01-preview", "kind": "Scheduled", "location": "[parameters('workspace-location')]", "properties": { @@ -244,7 +227,6 @@ "T0853", "T0863", "T1566", - "T1546", "T1546" ], "entityMappings": [ @@ -293,13 +275,13 @@ { "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", "apiVersion": "2022-01-01-preview", - "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('AnalyticsRule-', last(split(variables('analyticRuleId1'),'/'))))]", + "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('AnalyticsRule-', last(split(variables('analyticRuleObject1').analyticRuleId1,'/'))))]", "properties": { "description": "KnowBe4 Defend Analytics Rule 1", - "parentId": "[variables('analyticRuleId1')]", - "contentId": "[variables('_analyticRulecontentId1')]", + "parentId": "[variables('analyticRuleObject1').analyticRuleId1]", + "contentId": "[variables('analyticRuleObject1')._analyticRulecontentId1]", "kind": "AnalyticsRule", - "version": "[variables('analyticRuleVersion1')]", + "version": "[variables('analyticRuleObject1').analyticRuleVersion1]", "source": { "kind": "Solution", "name": "KnowBe4 Defend", @@ -318,47 +300,40 @@ } } ] - } - } - }, - { - "type": "Microsoft.Resources/templateSpecs", - "apiVersion": "2022-02-01", - "name": "[variables('analyticRuleTemplateSpecName2')]", - "location": "[parameters('workspace-location')]", - "tags": { - "hidden-sentinelWorkspaceId": "[variables('workspaceResourceId')]", - "hidden-sentinelContentType": "AnalyticsRule" - }, - "properties": { - "description": "KnowBe4 Defend Analytics Rule 2 with template", - "displayName": "KnowBe4 Defend Analytics Rule template" + }, + "packageKind": "Solution", + "packageVersion": "[variables('_solutionVersion')]", + "packageName": "[variables('_solutionName')]", + "packageId": "[variables('_solutionId')]", + "contentSchemaVersion": "3.0.0", + "contentId": "[variables('analyticRuleObject1')._analyticRulecontentId1]", + "contentKind": "AnalyticsRule", + "displayName": "KnowBe4 Defend - Dangerous Attachment Detected", + "contentProductId": "[variables('analyticRuleObject1')._analyticRulecontentProductId1]", + "id": "[variables('analyticRuleObject1')._analyticRulecontentProductId1]", + "version": "[variables('analyticRuleObject1').analyticRuleVersion1]" } }, { - "type": "Microsoft.Resources/templateSpecs/versions", - "apiVersion": "2022-02-01", - "name": "[concat(variables('analyticRuleTemplateSpecName2'),'/',variables('analyticRuleVersion2'))]", + "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates", + "apiVersion": "2023-04-01-preview", + "name": "[variables('analyticRuleObject2').analyticRuleTemplateSpecName2]", "location": "[parameters('workspace-location')]", - "tags": { - "hidden-sentinelWorkspaceId": "[variables('workspaceResourceId')]", - "hidden-sentinelContentType": "AnalyticsRule" - }, "dependsOn": [ - "[resourceId('Microsoft.Resources/templateSpecs', variables('analyticRuleTemplateSpecName2'))]" + "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "DangerousLinksClicked_AnalyticalRules Analytics Rule with template version 4.0.0", + "description": "DangerousLinksClicked_AnalyticalRules Analytics Rule with template version 3.1.0", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "[variables('analyticRuleVersion2')]", + "contentVersion": "[variables('analyticRuleObject2').analyticRuleVersion2]", "parameters": {}, "variables": {}, "resources": [ { "type": "Microsoft.SecurityInsights/AlertRuleTemplates", - "name": "[variables('AnalyticRulecontentId2')]", - "apiVersion": "2022-04-01-preview", + "name": "[variables('analyticRuleObject2')._analyticRulecontentId2]", + "apiVersion": "2023-02-01-preview", "kind": "Scheduled", "location": "[parameters('workspace-location')]", "properties": { @@ -440,13 +415,13 @@ { "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", "apiVersion": "2022-01-01-preview", - "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('AnalyticsRule-', last(split(variables('analyticRuleId2'),'/'))))]", + "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('AnalyticsRule-', last(split(variables('analyticRuleObject2').analyticRuleId2,'/'))))]", "properties": { "description": "KnowBe4 Defend Analytics Rule 2", - "parentId": "[variables('analyticRuleId2')]", - "contentId": "[variables('_analyticRulecontentId2')]", + "parentId": "[variables('analyticRuleObject2').analyticRuleId2]", + "contentId": "[variables('analyticRuleObject2')._analyticRulecontentId2]", "kind": "AnalyticsRule", - "version": "[variables('analyticRuleVersion2')]", + "version": "[variables('analyticRuleObject2').analyticRuleVersion2]", "source": { "kind": "Solution", "name": "KnowBe4 Defend", @@ -465,46 +440,39 @@ } } ] - } - } - }, - { - "type": "Microsoft.Resources/templateSpecs", - "apiVersion": "2022-02-01", - "name": "[variables('parserTemplateSpecName1')]", - "location": "[parameters('workspace-location')]", - "tags": { - "hidden-sentinelWorkspaceId": "[variables('workspaceResourceId')]", - "hidden-sentinelContentType": "Parser" - }, - "properties": { - "description": "DefendAuditData Data Parser with template", - "displayName": "DefendAuditData Data Parser template" + }, + "packageKind": "Solution", + "packageVersion": "[variables('_solutionVersion')]", + "packageName": "[variables('_solutionName')]", + "packageId": "[variables('_solutionId')]", + "contentSchemaVersion": "3.0.0", + "contentId": "[variables('analyticRuleObject2')._analyticRulecontentId2]", + "contentKind": "AnalyticsRule", + "displayName": "KnowBe4 Defend - Dangerous Link Click", + "contentProductId": "[variables('analyticRuleObject2')._analyticRulecontentProductId2]", + "id": "[variables('analyticRuleObject2')._analyticRulecontentProductId2]", + "version": "[variables('analyticRuleObject2').analyticRuleVersion2]" } }, { - "type": "Microsoft.Resources/templateSpecs/versions", - "apiVersion": "2022-02-01", - "name": "[concat(variables('parserTemplateSpecName1'),'/',variables('parserVersion1'))]", + "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates", + "apiVersion": "2023-04-01-preview", + "name": "[variables('parserObject1').parserTemplateSpecName1]", "location": "[parameters('workspace-location')]", - "tags": { - "hidden-sentinelWorkspaceId": "[variables('workspaceResourceId')]", - "hidden-sentinelContentType": "Parser" - }, "dependsOn": [ - "[resourceId('Microsoft.Resources/templateSpecs', variables('parserTemplateSpecName1'))]" + "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "DefendAuditData Data Parser with template version 4.0.0", + "description": "DefendAuditData Data Parser with template version 3.1.0", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "[variables('parserVersion1')]", + "contentVersion": "[variables('parserObject1').parserVersion1]", "parameters": {}, "variables": {}, "resources": [ { - "name": "[variables('_parserName1')]", - "apiVersion": "2020-08-01", + "name": "[variables('parserObject1')._parserName1]", + "apiVersion": "2022-10-01", "type": "Microsoft.OperationalInsights/workspaces/savedSearches", "location": "[parameters('workspace-location')]", "properties": { @@ -513,6 +481,7 @@ "category": "Samples", "functionAlias": "DefendAuditData", "query": "\nKnowBe4Defend_CL\n| project \n TimeGenerated=time_t,\n Event=event_s,\n Recipients=email_rcptTo_s,\n From=email_mailFrom_s,\n Subject=columnifexists('email_subject_s', \"\"),\n Attachments=email_attachments_s,\n MessageId=email_messageId_s,\n ThreatLevel=email_threat_s,\n TrustLevel=email_trust_s,\n FirstTimeSender=email_firstTimeSender_b,\n PayLoad=columnifexists('email_payload_Type_s', \"\"),\n LinksClicked=email_linksClicked_d,\n SenderIP=email_senderIp_s,\n Url=linkClicked_s,\n PhishType=email_phishType_s\n ", + "functionParameters": "", "version": 1, "tags": [ { @@ -525,15 +494,15 @@ { "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", "apiVersion": "2022-01-01-preview", - "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Parser-', last(split(variables('_parserId1'),'/'))))]", + "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Parser-', last(split(variables('parserObject1')._parserId1,'/'))))]", "dependsOn": [ - "[variables('_parserId1')]" + "[variables('parserObject1')._parserId1]" ], "properties": { - "parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), variables('parserName1'))]", - "contentId": "[variables('_parserContentId1')]", + "parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'DefendAuditData')]", + "contentId": "[variables('parserObject1').parserContentId1]", "kind": "Parser", - "version": "[variables('parserVersion1')]", + "version": "[variables('parserObject1').parserVersion1]", "source": { "name": "KnowBe4 Defend", "kind": "Solution", @@ -552,13 +521,24 @@ } } ] - } + }, + "packageKind": "Solution", + "packageVersion": "[variables('_solutionVersion')]", + "packageName": "[variables('_solutionName')]", + "packageId": "[variables('_solutionId')]", + "contentSchemaVersion": "3.0.0", + "contentId": "[variables('parserObject1').parserContentId1]", + "contentKind": "Parser", + "displayName": "DefendAuditData", + "contentProductId": "[concat(take(variables('_solutionId'),50),'-','pr','-', uniqueString(concat(variables('_solutionId'),'-','Parser','-',variables('parserObject1').parserContentId1,'-', '1.0.0')))]", + "id": "[concat(take(variables('_solutionId'),50),'-','pr','-', uniqueString(concat(variables('_solutionId'),'-','Parser','-',variables('parserObject1').parserContentId1,'-', '1.0.0')))]", + "version": "[variables('parserObject1').parserVersion1]" } }, { "type": "Microsoft.OperationalInsights/workspaces/savedSearches", - "apiVersion": "2021-06-01", - "name": "[variables('_parserName1')]", + "apiVersion": "2022-10-01", + "name": "[variables('parserObject1')._parserName1]", "location": "[parameters('workspace-location')]", "properties": { "eTag": "*", @@ -566,22 +546,29 @@ "category": "Samples", "functionAlias": "DefendAuditData", "query": "\nKnowBe4Defend_CL\n| project \n TimeGenerated=time_t,\n Event=event_s,\n Recipients=email_rcptTo_s,\n From=email_mailFrom_s,\n Subject=columnifexists('email_subject_s', \"\"),\n Attachments=email_attachments_s,\n MessageId=email_messageId_s,\n ThreatLevel=email_threat_s,\n TrustLevel=email_trust_s,\n FirstTimeSender=email_firstTimeSender_b,\n PayLoad=columnifexists('email_payload_Type_s', \"\"),\n LinksClicked=email_linksClicked_d,\n SenderIP=email_senderIp_s,\n Url=linkClicked_s,\n PhishType=email_phishType_s\n ", - "version": 1 + "functionParameters": "", + "version": 1, + "tags": [ + { + "name": "description", + "value": "DefendAuditData" + } + ] } }, { "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", "apiVersion": "2022-01-01-preview", "location": "[parameters('workspace-location')]", - "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Parser-', last(split(variables('_parserId1'),'/'))))]", + "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Parser-', last(split(variables('parserObject1')._parserId1,'/'))))]", "dependsOn": [ - "[variables('_parserId1')]" + "[variables('parserObject1')._parserId1]" ], "properties": { - "parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), variables('parserName1'))]", - "contentId": "[variables('_parserContentId1')]", + "parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'DefendAuditData')]", + "contentId": "[variables('parserObject1').parserContentId1]", "kind": "Parser", - "version": "[variables('parserVersion1')]", + "version": "[variables('parserObject1').parserVersion1]", "source": { "kind": "Solution", "name": "KnowBe4 Defend", @@ -600,42 +587,24 @@ } }, { - "type": "Microsoft.Resources/templateSpecs", - "apiVersion": "2022-02-01", - "name": "[variables('huntingQueryTemplateSpecName1')]", - "location": "[parameters('workspace-location')]", - "tags": { - "hidden-sentinelWorkspaceId": "[variables('workspaceResourceId')]", - "hidden-sentinelContentType": "HuntingQuery" - }, - "properties": { - "description": "KnowBe4 Defend Hunting Query 1 with template", - "displayName": "KnowBe4 Defend Hunting Query template" - } - }, - { - "type": "Microsoft.Resources/templateSpecs/versions", - "apiVersion": "2022-02-01", - "name": "[concat(variables('huntingQueryTemplateSpecName1'),'/',variables('huntingQueryVersion1'))]", + "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates", + "apiVersion": "2023-04-01-preview", + "name": "[variables('huntingQueryObject1').huntingQueryTemplateSpecName1]", "location": "[parameters('workspace-location')]", - "tags": { - "hidden-sentinelWorkspaceId": "[variables('workspaceResourceId')]", - "hidden-sentinelContentType": "HuntingQuery" - }, "dependsOn": [ - "[resourceId('Microsoft.Resources/templateSpecs', variables('huntingQueryTemplateSpecName1'))]" + "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "DangerousLinksClicked_HuntingQueries Hunting Query with template version 4.0.0", + "description": "DangerousLinksClicked_HuntingQueries Hunting Query with template version 3.1.0", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "[variables('huntingQueryVersion1')]", + "contentVersion": "[variables('huntingQueryObject1').huntingQueryVersion1]", "parameters": {}, "variables": {}, "resources": [ { "type": "Microsoft.OperationalInsights/savedSearches", - "apiVersion": "2020-08-01", + "apiVersion": "2022-10-01", "name": "KnowBe4_Defend_Hunting_Query_1", "location": "[parameters('workspace-location')]", "properties": { @@ -663,13 +632,13 @@ { "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", "apiVersion": "2022-01-01-preview", - "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('HuntingQuery-', last(split(variables('huntingQueryId1'),'/'))))]", + "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('HuntingQuery-', last(split(resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject1')._huntingQuerycontentId1),'/'))))]", "properties": { "description": "KnowBe4 Defend Hunting Query 1", - "parentId": "[variables('huntingQueryId1')]", - "contentId": "[variables('_huntingQuerycontentId1')]", + "parentId": "[resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject1')._huntingQuerycontentId1)]", + "contentId": "[variables('huntingQueryObject1')._huntingQuerycontentId1]", "kind": "HuntingQuery", - "version": "[variables('huntingQueryVersion1')]", + "version": "[variables('huntingQueryObject1').huntingQueryVersion1]", "source": { "kind": "Solution", "name": "KnowBe4 Defend", @@ -688,37 +657,30 @@ } } ] - } + }, + "packageKind": "Solution", + "packageVersion": "[variables('_solutionVersion')]", + "packageName": "[variables('_solutionName')]", + "packageId": "[variables('_solutionId')]", + "contentSchemaVersion": "3.0.0", + "contentId": "[variables('huntingQueryObject1')._huntingQuerycontentId1]", + "contentKind": "HuntingQuery", + "displayName": "Dangerous emails with links clicked", + "contentProductId": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject1')._huntingQuerycontentId1,'-', '1.0.0')))]", + "id": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject1')._huntingQuerycontentId1,'-', '1.0.0')))]", + "version": "1.0.0" } }, { - "type": "Microsoft.Resources/templateSpecs", - "apiVersion": "2022-02-01", + "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates", + "apiVersion": "2023-04-01-preview", "name": "[variables('dataConnectorTemplateSpecName1')]", "location": "[parameters('workspace-location')]", - "tags": { - "hidden-sentinelWorkspaceId": "[variables('workspaceResourceId')]", - "hidden-sentinelContentType": "DataConnector" - }, - "properties": { - "description": "KnowBe4 Defend data connector with template", - "displayName": "KnowBe4 Defend template" - } - }, - { - "type": "Microsoft.Resources/templateSpecs/versions", - "apiVersion": "2022-02-01", - "name": "[concat(variables('dataConnectorTemplateSpecName1'),'/',variables('dataConnectorVersion1'))]", - "location": "[parameters('workspace-location')]", - "tags": { - "hidden-sentinelWorkspaceId": "[variables('workspaceResourceId')]", - "hidden-sentinelContentType": "DataConnector" - }, "dependsOn": [ - "[resourceId('Microsoft.Resources/templateSpecs', variables('dataConnectorTemplateSpecName1'))]" + "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "KnowBe4 Defend data connector with template version 4.0.0", + "description": "KnowBe4 Defend data connector with template version 3.1.0", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('dataConnectorVersion1')]", @@ -767,7 +729,7 @@ ], "availability": { "status": 1, - "isPreview": true + "isPreview": false }, "permissions": { "resourceProvider": [ @@ -853,7 +815,7 @@ }, { "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", - "apiVersion": "2022-01-01-preview", + "apiVersion": "2023-04-01-preview", "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('DataConnector-', last(split(variables('_dataConnectorId1'),'/'))))]", "properties": { "parentId": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectors', variables('_dataConnectorContentId1'))]", @@ -878,12 +840,23 @@ } } ] - } + }, + "packageKind": "Solution", + "packageVersion": "[variables('_solutionVersion')]", + "packageName": "[variables('_solutionName')]", + "packageId": "[variables('_solutionId')]", + "contentSchemaVersion": "3.0.0", + "contentId": "[variables('_dataConnectorContentId1')]", + "contentKind": "DataConnector", + "displayName": "KnowBe4 Defend", + "contentProductId": "[variables('_dataConnectorcontentProductId1')]", + "id": "[variables('_dataConnectorcontentProductId1')]", + "version": "[variables('dataConnectorVersion1')]" } }, { "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", - "apiVersion": "2022-01-01-preview", + "apiVersion": "2023-04-01-preview", "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('DataConnector-', last(split(variables('_dataConnectorId1'),'/'))))]", "dependsOn": [ "[variables('_dataConnectorId1')]" @@ -953,7 +926,7 @@ ], "availability": { "status": 1, - "isPreview": true + "isPreview": false }, "permissions": { "resourceProvider": [ @@ -1038,13 +1011,20 @@ } }, { - "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", - "apiVersion": "2022-01-01-preview", + "type": "Microsoft.OperationalInsights/workspaces/providers/contentPackages", + "apiVersion": "2023-04-01-preview", "location": "[parameters('workspace-location')]", "properties": { - "version": "4.0.0", + "version": "3.1.0", "kind": "Solution", - "contentSchemaVersion": "2.0.0", + "contentSchemaVersion": "3.0.0", + "displayName": "KnowBe4 Defend", + "publisherDisplayName": "egress1589289169584", + "descriptionHtml": "

Note: Please refer to the following before installing the solution:

\n

• Review the solution Release Notes

\n

• There may be known issues pertaining to this Solution, please refer to them before installing.

\n

KnowBe4 Defend for Microsoft Sentinel provides details of processed emails, including the type of phishing attack, payload type and information to show if the user interacted with the email in a positive (clicking on banners or submitting the phish sample) or negative (clicking on an unsafe URL) manner.

\n

Data Connectors: 1, Parsers: 1, Workbooks: 1, Analytic Rules: 2, Hunting Queries: 1

\n

Learn more about Microsoft Sentinel | Learn more about Solutions

\n", + "contentKind": "Solution", + "contentProductId": "[variables('_solutioncontentProductId')]", + "id": "[variables('_solutioncontentProductId')]", + "icon": "", "contentId": "[variables('_solutionId')]", "parentId": "[variables('_solutionId')]", "source": { @@ -1072,23 +1052,23 @@ }, { "kind": "AnalyticsRule", - "contentId": "[variables('analyticRulecontentId1')]", - "version": "[variables('analyticRuleVersion1')]" + "contentId": "[variables('analyticRuleObject1')._analyticRulecontentId1]", + "version": "[variables('analyticRuleObject1').analyticRuleVersion1]" }, { "kind": "AnalyticsRule", - "contentId": "[variables('analyticRulecontentId2')]", - "version": "[variables('analyticRuleVersion2')]" + "contentId": "[variables('analyticRuleObject2')._analyticRulecontentId2]", + "version": "[variables('analyticRuleObject2').analyticRuleVersion2]" }, { "kind": "Parser", - "contentId": "[variables('_parserContentId1')]", - "version": "[variables('parserVersion1')]" + "contentId": "[variables('parserObject1').parserContentId1]", + "version": "[variables('parserObject1').parserVersion1]" }, { "kind": "HuntingQuery", - "contentId": "[variables('_huntingQuerycontentId1')]", - "version": "[variables('huntingQueryVersion1')]" + "contentId": "[variables('huntingQueryObject1')._huntingQuerycontentId1]", + "version": "[variables('huntingQueryObject1').huntingQueryVersion1]" }, { "kind": "DataConnector", diff --git a/Solutions/KnowBe4 Defend/Package/testParameters.json b/Solutions/KnowBe4 Defend/Package/testParameters.json new file mode 100644 index 00000000000..1a44e741243 --- /dev/null +++ b/Solutions/KnowBe4 Defend/Package/testParameters.json @@ -0,0 +1,32 @@ +{ + "location": { + "type": "string", + "minLength": 1, + "defaultValue": "[resourceGroup().location]", + "metadata": { + "description": "Not used, but needed to pass arm-ttk test `Location-Should-Not-Be-Hardcoded`. We instead use the `workspace-location` which is derived from the LA workspace" + } + }, + "workspace-location": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "[concat('Region to deploy solution resources -- separate from location selection',parameters('location'))]" + } + }, + "workspace": { + "defaultValue": "", + "type": "string", + "metadata": { + "description": "Workspace name for Log Analytics where Microsoft Sentinel is setup" + } + }, + "workbook1-name": { + "type": "string", + "defaultValue": "KnowBe4 Defend Insights", + "minLength": 1, + "metadata": { + "description": "Name for the workbook" + } + } +} From 962ce3ee76b41109547bf42019cd59a2709d60fa Mon Sep 17 00:00:00 2001 From: Ollie Spires Date: Tue, 16 Dec 2025 09:11:14 +0000 Subject: [PATCH 11/18] Updated release notes file --- Solutions/KnowBe4 Defend/ReleaseNotes.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/Solutions/KnowBe4 Defend/ReleaseNotes.md b/Solutions/KnowBe4 Defend/ReleaseNotes.md index df6cdfdfc02..ff8e573bc6c 100644 --- a/Solutions/KnowBe4 Defend/ReleaseNotes.md +++ b/Solutions/KnowBe4 Defend/ReleaseNotes.md @@ -1,3 +1,5 @@ | **Version** | **Date Modified (DD-MM-YYYY)** | **Change History** | |-------------|--------------------------------|---------------------------------------------| | 3.0.0 | 02-08-2023 | Initial Solution Release. | +|-------------|--------------------------------|---------------------------------------------| +| 3.1.0 | 16-12-2025 | KnowBe4 Rebrand. | \ No newline at end of file From 98bb2b015c9303f8d4060de287f77464443a738a Mon Sep 17 00:00:00 2001 From: Ollie Spires Date: Tue, 16 Dec 2025 09:12:59 +0000 Subject: [PATCH 12/18] formatting --- Solutions/KnowBe4 Defend/ReleaseNotes.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Solutions/KnowBe4 Defend/ReleaseNotes.md b/Solutions/KnowBe4 Defend/ReleaseNotes.md index ff8e573bc6c..a577440518d 100644 --- a/Solutions/KnowBe4 Defend/ReleaseNotes.md +++ b/Solutions/KnowBe4 Defend/ReleaseNotes.md @@ -2,4 +2,4 @@ |-------------|--------------------------------|---------------------------------------------| | 3.0.0 | 02-08-2023 | Initial Solution Release. | |-------------|--------------------------------|---------------------------------------------| -| 3.1.0 | 16-12-2025 | KnowBe4 Rebrand. | \ No newline at end of file +| 3.1.0 | 16-12-2025 | KnowBe4 Rebrand. | \ No newline at end of file From 03b9b77cd11bc6a33d96d5f681d323a99aca1704 Mon Sep 17 00:00:00 2001 From: Ollie Spires Date: Thu, 18 Dec 2025 13:45:39 +0000 Subject: [PATCH 13/18] Copied KnowBe4 logo into the workbook logos folder --- .../KnowBe4 Defend/Workbooks/Images/Logos/KnowBe4-logo.svg | 6 ++++++ 1 file changed, 6 insertions(+) create mode 100644 Solutions/KnowBe4 Defend/Workbooks/Images/Logos/KnowBe4-logo.svg diff --git a/Solutions/KnowBe4 Defend/Workbooks/Images/Logos/KnowBe4-logo.svg b/Solutions/KnowBe4 Defend/Workbooks/Images/Logos/KnowBe4-logo.svg new file mode 100644 index 00000000000..a7d8515c538 --- /dev/null +++ b/Solutions/KnowBe4 Defend/Workbooks/Images/Logos/KnowBe4-logo.svg @@ -0,0 +1,6 @@ + + + + + + From 7af8ccf759f2c3e3fa9f6b5a4aa5b6498ae44baa Mon Sep 17 00:00:00 2001 From: Ollie Spires Date: Fri, 19 Dec 2025 09:03:16 +0000 Subject: [PATCH 14/18] Added logo into root workbooks images logos folder --- Workbooks/Images/Logos/KnowBe4-logo.svg | 6 ++++++ 1 file changed, 6 insertions(+) create mode 100644 Workbooks/Images/Logos/KnowBe4-logo.svg diff --git a/Workbooks/Images/Logos/KnowBe4-logo.svg b/Workbooks/Images/Logos/KnowBe4-logo.svg new file mode 100644 index 00000000000..a7d8515c538 --- /dev/null +++ b/Workbooks/Images/Logos/KnowBe4-logo.svg @@ -0,0 +1,6 @@ + + + + + + From 13ed280d063d14375f8dea7080696cffa869bdae Mon Sep 17 00:00:00 2001 From: Ollie Spires Date: Mon, 5 Jan 2026 10:05:11 +0000 Subject: [PATCH 15/18] Changed the version to 3.0.1 as per MR comment and rezipped --- .../Data/Solution_KnowBe4Defend.json | 4 +-- Solutions/KnowBe4 Defend/Package/3.0.1.zip | Bin 0 -> 9564 bytes Solutions/KnowBe4 Defend/Package/3.1.0.zip | Bin 9568 -> 0 bytes .../KnowBe4 Defend/Package/mainTemplate.json | 28 +++++++++--------- Solutions/KnowBe4 Defend/ReleaseNotes.md | 4 +-- 5 files changed, 18 insertions(+), 18 deletions(-) create mode 100644 Solutions/KnowBe4 Defend/Package/3.0.1.zip delete mode 100644 Solutions/KnowBe4 Defend/Package/3.1.0.zip diff --git a/Solutions/KnowBe4 Defend/Data/Solution_KnowBe4Defend.json b/Solutions/KnowBe4 Defend/Data/Solution_KnowBe4Defend.json index 20215c17716..3e7004190bc 100644 --- a/Solutions/KnowBe4 Defend/Data/Solution_KnowBe4Defend.json +++ b/Solutions/KnowBe4 Defend/Data/Solution_KnowBe4Defend.json @@ -15,8 +15,8 @@ "Hunting Queries/DangerousLinksClicked.yaml" ], "Data Connectors": ["Data Connectors/DefendAPIConnector.json"], - "BasePath": "/Users/olliespires/Repos/Azure-Sentinel/Solutions/KnowBe4 Defend", - "Version": "3.1.0", + "BasePath": "C:\\GitHub\\Azure-Sentinel\\Solutions\\KnowBe4 Defend", + "Version": "3.0.1", "Metadata": "SolutionMetadata.json", "TemplateSpec": true } diff --git a/Solutions/KnowBe4 Defend/Package/3.0.1.zip b/Solutions/KnowBe4 Defend/Package/3.0.1.zip new file mode 100644 index 0000000000000000000000000000000000000000..117611efac5f75d5109050ffae73dcf34d2d76a9 GIT binary patch literal 9564 zcmZ{KV{j%wmv!ukIk9cq<`a8j+jb_l&53Q>wll#K+r~HVe!q6Nw!6Ac-&?0{RsZQa zRp%(lf5kv~3eC))NIX#iUgr-f$ zBzh@wTT+KDK~Z^R(LzWN61KRtA2W1#F;wXAvN>CtE=8Zi#^a+)MVV*5*E@D12!ZyO z27^c4!n1OerQx^S{(v!K2YJ4(cW`R)d{;}O8g~{vEsKi`s8Vy`Qe8DW z(N2?2i)BrGbA@V{vZGXVD1}Uc0LQ_~))+Rdk&6foSkjGVh!{4w86O8|IjP!EGwBwM zWG_QX@?E}zg4inB*su%^N*a7ftnk^;nw-Zd7kF|e`PdNrUOIR=zBUSXv>~Yu9!}Di&Xr0$zZ4upTV#Y`! z7idzu3{|B4@7C`dtc~#rztX81i}RbWDqg>BCsilJjK<_}cu?Re zy@0yRCU`}oz`SC`Qtcs#R2X;{B7CwH6M^g$t$?z^$ozU?o%&QBT@$kL_JIxo1RA~f z8%gWPuG)43h_Ah7GQ{;=m~47&Ww#A~+KlrJ6=;!4D9eO;mVU79_1h?k?^KRx^zFCx zA$t#-Mxbsk_GJ|yCoURroS1?%gF}E;-sUpk)69VyC>siX(8!ct$DgMz3GMGjq&haY zh>4Gb|L!$Az=+usxtSo+?QmLV+%eB}0F0r02UfN~MAgEPaU!FY?@i!;ybO9$LIvx# zE!kt?;KOoSneSTQO?WhHM!r4ECtr&(lwzEFxU~7V32uL%yL=nC`(W63xioCMPd+)Myh2pC8hbp@Gwq=& zFOFrfHj3#?hq4eT<`du|wBLGwk)AT$J2}-hBh`~+Xo0wYFn>a(o-9sSBStmrSE{EMyCT*JfOkLG_p6Xk7R~C z7;-d#dhmc(nI%R&{(J)UGlR36=5vks>T!qI+U@5FvDHt;=-Ep@i`#TUL8k- zF1nnE3qskjuH%{GZ?}}3T5UFez?kMqcm{1Uo}oN2V=e4brd6U+|E0V1xQcgUX+iZMWah9q`g_Zz+ocR@=wxbL6BaTe^b8S_W}`4v ziO>`~$c*^~9NI@CFiYv*pP?cnboytwWRw{t-ev^B;uA3x5Rppov@y_E^1OUDE>z{U zNCK9+H;CXsTc1s$`;?$;I$Oa9w?`2;+D&_c`UtA2pWUw;=db?Gui0u1rF0(J@K@vA z+jjdo0-QZjVh`)?X;?N>%FKe5m@a4bcDL$B5!KBVyS&V#<#ERnHnON3KMA^r`sAZ zVFgWS$Ys`Ml02BVRm^9t=jGzZV6qxoY=zKF^)a5qx68#Bf>UoK(jGxN0pltb+q)fh zvAD>k*3_>z`t|1Wv$_sZttUgj-ofXbXkPtM7f&sq(shYy+@HtpYNFN9`&e9i_IbD2qjGjrr0ycny$U_bUBY9G);Rot?``9PE zKhoJ0%Gnwv1!ZwlUrc1X=cl8PUmOwF2cED4#Up#RL+gQ|um6kM+uzpE52Y>5fcfLV z9G_Y%J-x(VDL;z(6Su8tZ2e)pM+e?9=4+IHX^~ea2g`Kw(w5P8xx>EydXohd9 zL;#s_oM%pqrHhnz-MMcFmja5NarnARf)bY)=Vo|}IBS(wG!5+b?so29NJ{@r zQ;q&o^%KMe0lAn10YUkvsca1`?Nm)|9c=z7tN&6{mwKOWn;fa%f{KBI8G4(IiFD&` zJvrr+(zy0XE4ZDPxiJk4Vj`#`=>1^%w(Pgu?{x1L?_}N}sAN)LAMpokmWSNHk)h|| z;oqXbAfJh%yE~Avn;T&leHzf`ee)b%m@9iE{c{ul30kq^ z^V811?z~`*5$@h+LV^!{XqNnqL3pta7ww-DJ~;xfV=c?B|b-d zkiid?VH8Yvud{P;Cgn)z%%}h?UrA|nyXyy4G{WZ0NHHlZBZgta1^i>^0pX$eRZw7f zFbFY{X8;yCQ>!EqJy98rpWT5!xi6^0 z#3OrwbwUvR=|ewxApGmoiZ@$Imypm@K>+oWlFEQkD?B!8G?9lmf}ATl(*dc*hjnEV z^TboC%+AL8t0t?3Z`BjCR(s{Rra!_TW?MM_Y4IYK?P^ri@ED--R-VJlxgeTX*0@{z4poLP!ZZ zGY6N)hsn#!`0id(@aTIz#8rdITStWu=gj8g)aCHwDe0JUlOfelif!Ct<&N|{Q@W|R z?m&(;kE(0r(zQ?VX^8>@WfF|vqko^&CsO!_@jGdFH_t$-7Y~mP?`WF}-0~KY+l>UE zI@sn`9Xdo>-FS35wKx?LZ~;?TmhLS)u75f;fLH32a5wfSk!eFME7#7(qs=wAEa;R| zs^WGh4UE?+9jRk{ilfiQ;brLhbBbZbXy2!sljqY+r4rI^jFw?{_vW7910DN}CLMp@8uhM}L4?cviC!@E536szr z5KBq6@DlMdvuW|P1!xyV!Qiu-*8+b9*RHRw`90TsS%i=}llFkHPS0Hh@S|GdUi{0G zWkbD^0)@KCDzc(-cj`$;tOT?Vy9$^%#lzw&4#?|O+GZx?P`_O)p%mOL=F{3z%|s({ zw-To?;}}~V(>&cZ2RjExx@esTMimJVe|wj0?gT?``?g)X?vXaF=6J+GzsEfjdL`Y? zjdTvO-`E8o;oe`})OfVc6J`Fp5Zu@$5ij4^!BC4X5joBRlQH+rDjPAZ$t4rQUTMb+ zW2qD2D*u#Qw#w-kb|UDLT%!x0%~U+iAeLQ7Zzb@eR2XJ3!}DL}j{U{ZWWI75p20F7 zvt~QWyuTNW3UT87jDwjE4TOImBy?b1Kn!2Hw+EO;vWmMai(H zn@l)BR{^e3e_ctOyBi?Op#!b@<0P|4=timp$DXlqhPG)Rv23H)shehvwWa=8)fQN1 z6H=Z(mUB~ctezqMv}X-5X4;@#^4hUduF z3+E}!o4IZK2X)8L3C&~%h>-+tchi!SclYl=9>Qo@%1~+NLq7DvK4U>BYWjoYPAtdB z`+RTE(guRf4|C1aQ91d1GO=Xi9~rEHzC0a60W2T=7)Ol=N4?R0~%tK3C!_AT{B7uWF@Sd-{@a-nGAiEz6CNkO&crEU73 z2PI`z7$$msbPszXdz0i=rc~V#%3#_O=%R$*v3&Ks5j+Ah*(Tl5*`=g=8X|?M+rqVi zPCTU0&TQtS$ERV6q~kyTVLq#}4WCo4-%swKY17l*56J8(rYu-xsu~<_&YXk;q>Rua zYs8M-f|qQyc8x0K>&55Z*HOIbMTSp`WQPo8CNc?9o}Z9;XoApYpeQVXj4h_6Gnm91 z0Ij1mJs11|A+G5zaggIR_5-7NA4KXe{J>SPbARc=0K$&_=O;vLMi9yffh3H}fL5+H z14iEqeIi9QF~BY{obJBleP537#Gw@SmtJ(w4h}b-vtY>_(!5VJ6%pDEoa2Gh!LS%) zpS^r$nL#+s`L4`bx;J1?_su;k#V@2ztY45gLyhN?30E1MIGOS(xG z1cNzkM|&-ZJO<6dun+!%?Xzb%qmvjmQ{!?mx+b6Gw;PZ=-Y%`fcVd_d>#`)jVP z*Yl^HP7lfJj3q@rWDxVlreT*K$0e)5zxU(IJtU)Bd|XlktcE2ZgCY1e27Q4uS;$dhqIM9{|v zDiMb}7v5Rcbu^xF?@BZxnGal97hju%CHIf|lJ|jVEaN=vLE~WdI{E4XYhR(Gu9~uV zBF!5{5a*J_^dE+|)_LG!$-Vu*X zu89&y&P0!#4nORDbE`KKBnX=1UF`9>Av7t^fHLl+xZo(f3gp$li`MpR`ieOm^0dLG|divVjD4t(;)%EpwyuC6II-XrlQ@?8oCzH$nvJ$3G zSS`5>VCTL4?HN$TgcnnRq80oJS4z=QUM$6iRjHS+onXSE@TWv2oP04Q9Rs3}=B-!#7UIj zbRlJge$C}t8n*9W3nGT-&AMBuZG&5M3g-h@t2X(pWY_ZgHJPg)4gYMXoP}Q@cqZ73 z^k|5$=x8fN5Hkh;+yWi;1f%KgC!qlw@)-(zYG=a)(sLmbZ>NJ5q{WQ8&K65zx#b0E zEkd3~F7?%*Yp|<@gE1EcHK3ianv4+_Acb`b8=2PI&ThZ=Uxy zn(+&xqt&tyil#|Pp-}6@hmj_A6HUVzMjD`Y$uRY_t@LMQUesE9CaUn|kh~R@eECyq zBFs19uq6^x6LTd@hcnV#XLAB&LgSV24!mwTzh3l4fio+VHxQF_GroP z2aI&a>X3=WZRE%0$VG?K>us#kl>!H3h*f;gM-76 zs-@qNvRrkE%6x7Se-{MQZZdB`knU7cTQM?JhU0r$tx``iRnpT~-!(Ym4Vq`xjAvKdsm*)HZtbi50b z{VF!4Qa9M=<87OC@aOZG1CT%~&0B2r{A(ySfn>B?bj{ypG#tD6Q0_Hvk$Injivyw@ z7X&88c$)yZ{wzS(we|32Zk62w^bLanWg2Ms5PrgdM(^i=GEyR7DC?E*v<+c<%(jl5uypBmU18QpyH_u5mwW9z{at)3-qN)EP?uU{M z!!!$vd(8loHV!G{o~Uf44py3rep79y^?f=2EIWcgra6K7>eYMcwE!jX9%O|4HpgY@4AnPBR|cLPJ=`E;ggM8TuFQf~6+mwjcJ6QesXs>nn zb7+6{_uH`@#@5EEmfhAS(WiBLDWy0};0MO9`{z;6hv_L7^HSW*n@&GZGqgJ2HT;Jd zjl(AW&30UtUOtkznO)VT&sHd8uRzaph5Nh#PpYGtcw1D+yX62kuT(5 za*K&=pM%&^eP}K*I2x_Hd5v6;x?@QRtWIu;%Gzb-%8r;iBMTin#3RMZ1wS?XOS##; zg%ZOi8MUB(*86n4#K$10j6gOUCGn55j{EZyQnoAZ?$Zb6npP3(zCd^#gOyVK(B!;J zQuo>3Jf(J`m=jK<6u5W7E5ZMYcnd4crz!0zZ9O7`6n%W=j$&24-HTud!Bd%$qr}Em z=C+AKrY%tQ-4L|X?#2Y@l1<;_{h$K`k?;Rljg{1N3p>LWYcxut;9T=Hc^D7=`BI}^ zc$^>E+1aFZp0Mo0ObfSOa4zFQ+K$)GT{SO3ZwX=A1WKLRPk>8h3~u@%T@cODkRPs} zEGFzcy{t7j+_!gE3qj^Sid73)Ln`qa6Tm`prxs@@jnbpPHf)o*j2ld=nJqg=!|~B? zveT@EpYo)O%WG%cYkSe^x^DmImbI?Wx^C%NT^y*lGDa}@^cB|%37K|LdE~adpnOEI zX{c_{p0lkMck&na-AcYAc{x{mJCtbUOVqcjQUI znYVPI$I^Ut%g5G^cFL)eKB1G9Sl*{=HdWkubNH<4Hebrm3{@9LOtr73!17Q^1)g?5NJh50N~w=tc6v z!uvqV@WGM`-wpj?0-Eza^F}rTwtpb6|_C? zQ_665-HaP@*gVXxzn~vJIbq-Xh^4*NzqaWaslBXs%CW$mA9`=Go+DW9iiXzdNM?&C z{c9+psi}<0D}^r6h@IXE|Epx(UiRJUfjNbbqnfJK4{Pa@Q2mQPTmQQf{=VAp&g~xY zcw$#d7zynG>a_h*5E0SH)ARXC#9N~gaf6>n?>^*6{||p-kkVLhO1GZ{IX{P+Q?`F- zSEyFv-J9Y#?FonL^bJSo?cM{)>(Hc(e9A7<&-e6cqd(PW^W@HswwArY4+EqciB0CL zsveneLVNl1E1oRoV7o$np~QH`gwD5B1bzMJ%=%SA1mN*;`hR?g@yhR**%l8eK)6)k z2DQL=b6`<1V^35C1(Rt1esyQH`z*>ddq{9S7;8x;Y2edw{oYk(!$4C{OO^?#6qiW^ka$rJ}MbT<1rhQhT^7^Pv6&R>tQ4iuf$Hdyh>LaP3TEk@k5X)+px6B z(;YLpUIr38-lz0R{|ccC5M>Hm-E4=6#|QGJkxb51gvhAV_YC>mI-Nr2Cu?d%sjnel zm@fkM!Sc;J>p>0<>c|&IF-8%AwARHA4KP-pk+`AST}5;;yK9k+^HHb zYc<4k4}nQ0l)6{B(9Llz>psHio^TX{@5I_ zvFI)pA9kTGStlltoUo4{6BGVn*Jk}&bvO|F@;ipSmW&$ASCVpcH(Hk{t9JMUu2VlV zY5}AX&z-zNs;W!r0QHR703f`9^5^z#6cosoNar{KXnXtp&a)dH1Q}rg7)CXDIqlvV z??E#(9}mq;9P6ohs8N@rcB*Sb{MK{{^it<6A45Q?r?wmXFNsQ@l9$@YH0TeP5Nm^Lw2i&asu`ojD2~51KOMHi^rt zwHYzB&P@E9U0~Uu)aLc_i*GFj1;OU|nmBvk;4RkUBwmgJ;nqJ!>p=;qHt8TXe2ttp zoF?rTW>YCbRjew(N$99>%e7yAnN_kDS=h&lDc7?ZIm|d^{CQV4Y*c^JuO;el*w-MvP3jrv$zqP2}`w5LpnZ)FB)%Bv`s zcY!Ns!<9SLS)z&c-7(ES0}t2;%|%4^k~z)bIxS9%e*&LP1}?H&h9 z*7<%*kf2jq?MBheJ#w8GsRqo_*s#`CI~rLWF_sUJZT|JdaZ)vgnuOUwNvXJn1gW{0 z@-PLWFF8|mMWUOh_RxGK}Oxh}$S4akn}?t;ggGmMwkm=;D}=Nvgs1=w3gWCJf$QtzvF-Z$wX*pOyV#X~+3WtC zBcR#)`n>x|g2Q_EkNr{3uNB%~D0mAS@V!CTp4_#a%f?$is?%NP)`VI)oW9ErX*~9? z@|TBs*0+(Ieay67f6eUOyVE)g+&k+vIz24pg{+`Ozx`5le zkTSZ2KDXDezK+xkWpq!V6xm`P+hD5FFZ1u_7+#(*k9scH;JcC|ZGORFF zI&=lE`RS#}15g8n;COandlD*^k`&gc`MvLAdh#PrR_e<0WuF_E46%qMh#Z?Mup|Ek zMkx>^cXE#=7W$L2=>_)I*NJ@QGj2WvrjpqJPez(y5yR~D;nnWN2%Qh<*T>HH2crk$ zF?kv&UzmZ!{DDLA#3c1mqXpe;GJeFO>FssRhJhQmxP?0+j--nQAmfsP?Jdnvuw>!N zo9vw)YS7Es{-8^$2junimBAdheVx@x)|5L+-8W)UT4ih^&v4gzpc-*w-fqs$l>D}h^2%K6$+Yd330 z2WA^rM~6*qd&i9q^p6WeHWgj3-z!UN(x^F={dnhq+m^vB2A# zwV3{D0KVZ*29(dK2vh=R*u_xJ&!!oXXMTV!o`pWVtEPuS-I_a)jp$4>gu9SGZWKRW z*aNW+$lYfy9a-*6x7J^~oxNJx;gqou#TzmUU@Qkp;iG_)jHLzxM3|=NCDb&jf6()2 ziV=lp(Hm+$-;esQ7JoKyAmA!Drq1Ysmnwwqy%)~MU2z(P_nPItyUvObU*wwv^XF+S z^j@*XjMpGGFdxzBgeue+#XC9I&Zve^(y#GH+M-)<7Te6}Sl(1mjhceM{A8^nT!hjX zi!TbK+bz0n)^&-kRq7F{&fj9gsO1WUx%ZbhKzIlyZsPQiDOcY^CGnsv1i2w9DKth} zDK_Y3`kB*GZwj20B!6RqM&9A!hgjg8*!z{Nt&1nW`$|k+t%p)%5kupGG;XEZq z=yqOS9NFzn&&e~^byIl{%B0EUM9X(g@J~`ONaJu zI70AEZ7|(nKm@U+iAZFpmU&j?`xks)rD?@o*q&x|K9cs6EBxVpV>LO5I$fA>@)Xk57x_armdE#-JfQ0E*nqM zs*Up@+XbC$rYf+N6BDuac5I8ehGOv5_H~V;IWfsFleW2}p!K5a`O|(%eNxf{q=3(l zjzr_Lr^jYSR6M?yU!q*DGXk9skK{&5Ou1|(oRg*vD-?CvbqDG!=$6?u@=CPb-JboCteL}oz%!a2)Vg>9V7jj&K--j z`La6V=w;WurzpkY?-P7=R84SUnT zhUj%HI^yCJBk~TW1o7tbp&*XY<`})eHwZCVcYq*HEnuM zJ-V((O|TaatJ&VDH7}lz%1r~WPX^&ZX_2g4^vqF<9G6&VwN3#MN2aznnGENu^f1x> z_ANGHVho7KKa53Z5i5zml);b9h0!O{gv2Q97qdgln6t-vbVKwDpg4LxLsz+*dfhRx z?qaC^0%dVDOX|*qv6CnlkPsqwUVA}O{AIm$aj8=%ruXpJHb{TyLyl(-*+jTv|6GFh zU)j+y5E#@8Yi_}F3>2Hvv0brdqBA|M5=U^!+=jr2%>=4>!9i7M<*eHt z%8ht2=W6ZgBLSb~7FqO#3P?0hj83jvPqh+jC!FHzHy>-lJ&z+j~8PIAm5cS>=TYTkVDQO!rdy*V&-?YMy&BqH`@ zVP7typXiV!O_vSEX}xvZ#0==KE&qBdE20^U#ukylbZfnMy_iJ@mrAE+#!g9!l_gHz zY7&7V9hT+*lLcPDXSg?kw3ZEj4-+3_G&muoq{%AtwIB(RnvA1{j#fcph=aRO6cDs? zqphq*6}Hy9LV?<|_gg2uO$*Lpv=_PaxEDucSa&38jG~<;=zU&0eGYJa&e3QpXY|rR zx|rzQboi4i%+nVmdAI7BfonId$|h2c<96ccaNViGUYF(Rv|xlOb>LOA1x>^Zl zqW14@O+}{n>?dD1zRQ||voBDtoroOEnWC%80e{62f6>U3Odr@|dHKkhts`ZxGLzMH zxvqm0Q~C}Ev&7L#o)7=>8|P8`ajE1!gtCqSPbn;06U2Y;a{lXy9|@$qZ$x5F)c0IDPVM`~{sB)KFI(+lZz>z# z1Hnf@xqkIF`ufR+X8d0o(QjoFY>^` z+yM1zn}KB)#IIV)zBup1I7=s?sJiI77P>-u8hU$%t2fN+V7n$*3KCcpfs+9IZ+CPD zgw()jaBIT-$>ImF2`1|!PKi1hJ$c*3mV)h(ND|nFCn6(vQnHL_G7TIbIe)BrQeVF# ziImA*&7iSV@!0D888B<+`8FWBVXc-qbRboJ)O-=3sC&M(L!OkraSWv^B0j#+@I3!8 z2W^Ng4tx*0++JMgIdNer|3!1toA-izF09<0K&-bYB7Kg1YC*(;zfx^O-^AtU>EQW+ zs`B43RWwK5padZRa5fJBp#Q^E_Quu@>gM)NcK?vof1#;!eP7RY?(|QQe8>on?lwy* z?d0o?;JgoIUDm zNcrZ6L%Ya|hssWJC&)9rXCRE|{$n)q6Stb;q&;dbX)Zu4)%Z`01#EBMlVR!^8458- z>Xjz}02l}+%SWeY|JX^X?l0D#hhap96n}2V749S`)(2y1>n&eKm1WU7$!#Q>{(&O# zgjRruk>#ofLqEsg!w2fFx&i3!&}350<%W!0t1~#Sft8itLOZA})QCnl8-Gv|g(CA2 zv!d`_p}QnP@j^hDA&Z{4^YsIW*ie4>;_`rna+BuWyF@Uy-UUwj!WJ8&LUOi!0B_NN z2Yi`%^j1h=iJf)^ahC4@`$a|mXTpwbV_#TSD3qcn3_c_AD4OPe0cdLoF^y|ihEImS zNP!x4^$7YgSa!1IsNC1~AReBr;>vv(NOBYyM&krCIlN;J2#H{H==#VYDq73+T=iR=8mk^*j3`k#)@2eoqJwG>anW#N~v8m*2dp2Ciw7yX(eCz z$PpCjOzaxkKixV$-L9VgZhbgV26Z#$^*N{(5FVWKzdRJZETWsyO|oJTjBOH@sCH%U zYEVum5*fH%gi21Pp0*T3bdu1*%d>jDrNl4n5v(bZhFmu z1>xMXsgwqFh5y3tYFt`fneB3pK1($Dw@c07N`}o|0#6?P!h`@+U<)O8+K+r&fjT$+ zltNzPE_xS<41e$Zg;q%m7UFGXh$2-lF&<(QdNJsUFT;y>JX=f3w9euJ=N<}7C@d=R z$n?M5A6|kT2y^4AufyNqB0-)6Ni224-}P`5R~V}b;{N~{2(qc)^766pV}1~P zBCYxr$cb{TwirQIF8Z-`n(z+_udTc0Y+ig^Y&m#(9{t_B_yys!k&FCD1KM&9=O(hm zuDn-gDaQCD>56m#GHVl=umb6Z)w@0+`%)!%B545+Ohe654CV?~>r#NVQyFa?+Xp3{uDbI8x~v+QeV0I6ib zVqu*R(NDrne00-3<`UQki_%|K6^Osti2f#e4whk`@p4UaHz>sR6kYmAJJlG>V~Z0i zx3P^dCs%-xx(M?m?w(|1M>Ql9WljOJ&-`vhtetJd-NHAl_NQB?9y88B#yVd?Dl=X1 zbDl;*&gw)$Z1T zF`;UVIEFu*Xdv6WA*3?!^v(H9MHOs|GtzY&>a|!^PD4EYmatma<%B@)3!Kr2l!m?e zeUdZp3R)QsRMw1he&TDsu&H6vBA^|77dvz_%8zDdOT_!wLA=$5y)~3}g;Q5i)I1bB zqiIgIJ-iV5YAs-n8X51|q>-oSU!+9m5WTLagR(JAlcuF|Q;ad#P&65+SEt;HB-XCX zAcd=kVEv4ACeJo*kw{*iW1uq=;t@uGA9BeLdXpG`?bq0iC$1MMOz_Mc&zN(N&zMGxo zzK$>Zk*Lkvby$Ez5;LcrCNN6BB>aBW?K_f`;qlkAFmx(4n2e183^? zPQgA8^jzsTs@JnKB&Dg0B;OXpS{eBww4En5dGHPILn5|s8(*8qm8WPvp^!%!D-ppf zj<<==g}ew7*uTTr(2Z(AS)#B!*ch>o*c~r>6q@8Eg7b^pi+$rVCVxHDsVKc;Mv{Ic zUs^L9CB-gf;6PEF+b>F+)=SnRWmF>HnKoP~T-_pxLP$z4Q>loDhvM|*iXbK+z9!WI zoepg@vNyzZpB@JKw-jCQk$EGLw>iZKl{z(WaQTkhqE@`q4i>3&%pp>G`FwnxC|^#; zJ;HOY%#tITG$4XG2?+&dz>2f!I|$Ow6odU5msCAtBIpAP%&Uy8`_%>IJj*S{@!+SX zs?UP?u^2M|Srm+=AL1xA^K*NrHsIldn;=fQS21EGpUA{8#&D~AAj_}IBkSq2_36Mr z+j;K&4i2U5qw84_*RfJ4{lUG7PBgZ$SA z>dGfLPLYb8)uRC_wHsoOq!r!d9R2IYapv;5Ak}LzU#4q5G!BZ#m){G^5`A�=&5# z@jV8iVLzUph(D=qPH)0t(0QYjbnvrEnh7e`Ry=~jhzyG`L6&fQ&GL1n zM}c8`6;&P4yc%~5Ce0x{>;w=w$q4||S{3L@OIyrH6nO1PgHZvg$GvX%P zmCI#tJ@SLKf5H5XRv)Ot(pu7p^kXXyZo)ifFPR`KL{-F#!Cz2=5Ms(H5A@cgz^msA z&4BPa-xa84OY{gAx)Zty+sCm~owhQ7%L#Y!b{p_a^&)n%nzEUFJ=zYdV+eUh1(dI> zzj>JXKOMFAf{#!30%B`sea-d&Q@fslqB9t1ctrc8kMX?AJET5tMR30Rcm6WqOR^h# zz62Uefp=5WWlTvnXZl+c%?pkdb@6 z$s`0rC0VgkvgD*AxJ|p9apl&vLlq{1!At7gvYcGHL~ABrdEC~0T;t9V89qScL=unl zZRn;ij5H>eMnuot>}CZ|7~NLUTdahL8{toy&2>oMq{j|2eFC`g9=^cdY6k>3j%VJj zq;jtKzO7`oymn}h!vs$rjkCf-`)$U9sqs3M6oIbJ+EV)^nuaqFePx%E!d zbj~bnOkSCHoW5+S!sw3WR#eOL;mVs`^(ond`quJ4vu0A@5MvB%2B>74O@f(-WN#*$ z4Ptq%PRQq{gKn8{u8XAIHK8W@$H?g4?@`1QQt|RA#sQo0=xjE_SvMl(rX%srcJQh^ z05pQ}Dj`ynC5XFZI|e=S=y8ctbf7-9+}joTMR4m^qjNYfl^=m~Ff;!y zaB(F8gWp~<0$sLf{C|`=xGqFady1y#Z`+psT5D~HwJl7tYL*y_!Zkgjj+OmFg;ra| zA8XJd{VLgVSF%$`?Ib(n?Ut!8J8y_1k#M1(wHc1L~jy&V?KC&>F$={8@S1W}~y?70P%r?^Y@G?hxbo4G^_`#Q2dO^aoB=gTLHkVD4KsGvg|+)Eh=X znYHuAhZr>F4no&hEKU1PelzX89w;S=tEuges$7Moo->Z_*g{tVx~XdAHv;7kC0E*y zAYRlA!zN@-vuC$!GD7^aSR@-MSg#z*rc-Q=aX8}m!;qOqqo(OKUFiJpz2E?x; zwH;OMzhpu9P!P^}$J0~5M2{!S6Ozba+0K1mA6q3o)^8uemcVd&VL@P6V(C=YUuY;r z`UrdUKa#W>`40)%N(M2s%*hr{a|G$MgBaj&+c65{ZV7kfB7;WR6v8uM_LqI&7e6fq zu&c`GyZ&0u9muNh7(482-kquo-7tQGXxXYboimtyEf8zQD1j@rF`WIQL`9lVTSbyZ zuBf2%(580BWXI@Q3-V9*Ud(UE-{{3}(xUk2&qd=61@MMUXGJ_SCvk&RjI&|J*q9#$ z&6jI6@p8U(am4Ly+shB@RcGx!-HML&f6rQaG#3V#ZOszQeLu&$gM;NCG+euFjOlIz z&sixNHfArXWZb^S`nQtnPg*H6Im-M!FSpUHh|*YEQ<HsMS}uM&)V?S+uzGP&V}~ z@61)R-fn5Ob?E18Pdj8QiK{g@_$g_NyPQj;>HQN-L;?FpBq%4Oe!N*@&Jpz(g@rg} z$?IqKYbWB(jo|XZp0`Lw3-4D!rvOcYZqhKOm?w3cR@r^S+ywapS8zFfzXtdOVwEm& zB|A#Vt7PpOq}se63pI28ed*ir)m9IVB?lwzY1cp=*{is)Eb*_Oa|OH%*(8v1d)CD0 zep$pX=(s|E3%xNvVc$5^TXNP>u{%Sq41jb0LmL0-$ z7e6cMFK*lNzz^HTF!Yr4qGhCQ|2So7>4<1-zr|{;>RzxfaS=s20v8Dc=$-OYdz^pM z5l9w}p|Cav0`KVYDMwv&_UYdgo40WvmMTo?z3p^>4)@Fz5h68jzP!C3xVVS9@B8O3 z#IvP?Nx>x4$6ppCmJCr*OuW1wKg4}Ano-t-`1Nl?50y%VnnP7U{b{{ER#ZaV9xkZ? zVLf5m$u}=^*9^zh?uxhEVGp}^VM#F&k#+XhoO;n?RXgn58(gX;QOucF!TD+WLcNQ7}Nye=zKYs$-@pCJVX1hgBN05T3E2*aVx*7$RNWzIOI~svuO78D(9tcvv zcTsJYK^%+iX zWoEOc$B8|X``fgBS;J7qK&YL;(-}QzQ2Ilze3H4Xw)ki@j-iQgK-xPTE><=CubEu7@O#9itbOEc&s4ARnaVK4g|3(~H*1 z(t=(pZ011+gQgVuK^XZ@l?aFs#D#d;xZffV_~nIWQEKtQ2Rs`*!ZKLXvfpCp(@BTt zE;p4Pa^VH!nHN(f58X>WT5WWysoTsjH1-u(@=`v?2sCRYvUI)1w_@bi@kE>pT+2qY!@$@AnKL8wY@Wio1k{e(jOP7UM3HEZE!_ z0DLOwrz~g<`%T3OALeCi5nSXz#-B+;A*z?1-bZ$rl`1ISd9+J{GzgoAButhKB~P^Tl*08XUt??c`L_Y8>puQP{4X1= zgp)qOksZ{O(?4~=A}$&A*~PQBXbqAS8SsmsQSFUxOv(f@Tt8C#g3HOHlsIe+X^Z`` zaw#im3QI}7QGOIt;)urh;U~d_3Z7)h(E_9tw2HpS8t#Fim3o*h6-SM}+Uc(GUnciS z(5Q}t4lXD1YDr^*{U;&qhMRr;cXIXXM;R;Izu{*3%0et2v6jGs*?TBOyg2D1*g!(* zRdw7_Fgt%SP<<>IjEBmBXgYWtb5aqLjJ+j1S>*0EDh|Zv6XIoIW+*{wWI9z&a|i<@(b3(q&uzZA$W z2BDm5E2a(($1s1VtSZpv6pNt^emM?Ws|f0{3d*JpvI#8MnW>6|oNrJftp7Z^f53&c z)>CfXdh7aPbg=d6Q{S6DL*VuIr}q)={iGIjM9aev%dW4%^r^!g9?w?|j?0%x8O{TJ9ylCtI-D&rlMu}NHeRmz>Yuh64Crny$oGbN zb}cY$4iIjFko0%`9nReQxEP#$E?qF|UDO<1Oj(*%ef9Wviym=!t}qCDhCB5;$!440 zAX@iXm&hw_svxvrgcx%xssNBbefbG|NmWaV3mCK{oU7RH(tR?(id2lc(;WoBbY41ibie453** zF9SYsdopg5rvL_`ti@I?ta1kjShw1|>6Viyqko%@J$Y7*+W4fb)&l%?q@A8( zBf|~fAHhq%?5^|<*UlS~61I`jj!=A~nbW0K;B7MKlSq6Sz$Ahir`#t9PxO02;H+jp zu#H&hI{5{YQJas5Ya52fDWI6bjK#6sE&nsUg`)8l(pPPuqBb#fsM>%s0Gea`K2r+F z7`Bx}CrhRBn@VlLG~-tiOkKmUB^<@+gn^S#(*SamKlA&mIY&kY*xA8{ZeGviy!)le zPpgwj*DF8CF=M!&v8adZ$J5@aUyO$-Blm8I+`{>85y~#Ft|r4clJ#kJHh+0w z{N*qF79*eGap`qWmW^SpDvE(G`FKawC@oe0)EX^}GL}h+aAXP0yIyXu$Da@?@(_?% zQ2)1%=^yR(Use+IpY(sIn*QgI|4H2a{}BK{Ns#(KiPZn1@l@ntVE@ws`OicD Date: Thu, 8 Jan 2026 16:08:01 +0000 Subject: [PATCH 16/18] Removed the defendauditdata.txt on MR request, have checked the function query in the yaml matches the list that was in there --- .../KnowBe4 Defend/Parsers/DefendAuditData.txt | 18 ------------------ 1 file changed, 18 deletions(-) delete mode 100644 Solutions/KnowBe4 Defend/Parsers/DefendAuditData.txt diff --git a/Solutions/KnowBe4 Defend/Parsers/DefendAuditData.txt b/Solutions/KnowBe4 Defend/Parsers/DefendAuditData.txt deleted file mode 100644 index c8f662ce4f6..00000000000 --- a/Solutions/KnowBe4 Defend/Parsers/DefendAuditData.txt +++ /dev/null @@ -1,18 +0,0 @@ -KnowBe4Defend_CL -| project - TimeGenerated=time_t, - Event=event_s, - Recipients=email_rcptTo_s, - From=email_mailFrom_s, - Subject=columnifexists('email_subject_s', ""), - Attachments=email_attachments_s, - MessageId=email_messageId_s, - ThreatLevel=email_threat_s, - TrustLevel=email_trust_s, - FirstTimeSender=email_firstTimeSender_b, - PayLoad=columnifexists('email_payload_Type_s', ""), - LinksClicked=email_linksClicked_d, - SenderIP=email_senderIp_s, - Url=linkClicked_s, - PhishType=email_phishType_s - \ No newline at end of file From 4242db2df2f3b7cb32e292f3ba398a47c2fcfc81 Mon Sep 17 00:00:00 2001 From: Ollie Spires Date: Fri, 9 Jan 2026 08:08:23 +0000 Subject: [PATCH 17/18] Renamed the other logos in the root --- ...1.png => KnowBe4DefendMetricWorkbookBlack01.png} | Bin ...1.png => KnowBe4DefendMetricWorkbookWhite01.png} | Bin 2 files changed, 0 insertions(+), 0 deletions(-) rename Workbooks/Images/Preview/{EgressDefendMetricWorkbookBlack01.png => KnowBe4DefendMetricWorkbookBlack01.png} (100%) rename Workbooks/Images/Preview/{EgressDefendMetricWorkbookWhite01.png => KnowBe4DefendMetricWorkbookWhite01.png} (100%) diff --git a/Workbooks/Images/Preview/EgressDefendMetricWorkbookBlack01.png b/Workbooks/Images/Preview/KnowBe4DefendMetricWorkbookBlack01.png similarity index 100% rename from Workbooks/Images/Preview/EgressDefendMetricWorkbookBlack01.png rename to Workbooks/Images/Preview/KnowBe4DefendMetricWorkbookBlack01.png diff --git a/Workbooks/Images/Preview/EgressDefendMetricWorkbookWhite01.png b/Workbooks/Images/Preview/KnowBe4DefendMetricWorkbookWhite01.png similarity index 100% rename from Workbooks/Images/Preview/EgressDefendMetricWorkbookWhite01.png rename to Workbooks/Images/Preview/KnowBe4DefendMetricWorkbookWhite01.png From 811e78956cfc3828b98099ef53d422bef3488beb Mon Sep 17 00:00:00 2001 From: Ollie Spires Date: Fri, 9 Jan 2026 08:25:02 +0000 Subject: [PATCH 18/18] updated parser to yaml --- Solutions/KnowBe4 Defend/Data/Solution_KnowBe4Defend.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Solutions/KnowBe4 Defend/Data/Solution_KnowBe4Defend.json b/Solutions/KnowBe4 Defend/Data/Solution_KnowBe4Defend.json index 3e7004190bc..07564361d0d 100644 --- a/Solutions/KnowBe4 Defend/Data/Solution_KnowBe4Defend.json +++ b/Solutions/KnowBe4 Defend/Data/Solution_KnowBe4Defend.json @@ -10,7 +10,7 @@ "Analytic Rules/DangerousAttachmentReceived.yaml", "Analytic Rules/DangerousLinksClicked.yaml" ], - "Parsers": [ "Parsers/DefendAuditData.txt"], + "Parsers": [ "Parsers/DefendAuditData.yaml"], "Hunting Queries": [ "Hunting Queries/DangerousLinksClicked.yaml" ],