From 686becb94de94cc36132c1d65ec3204a3bc3814d Mon Sep 17 00:00:00 2001 From: Fenil Savani Date: Tue, 16 Jun 2026 12:32:08 +0530 Subject: [PATCH 1/3] change in ui page of Function App data connector --- .../BitSight_API_FunctionApp.json | 60 +- Solutions/BitSight/Package/3.2.0.zip | Bin 50129 -> 50423 bytes Solutions/BitSight/Package/mainTemplate.json | 16674 ++++++++-------- Solutions/BitSight/ReleaseNotes.md | 2 +- 4 files changed, 8332 insertions(+), 8404 deletions(-) diff --git a/Solutions/BitSight/Data Connectors/BitSightDataConnector/BitSight_API_FunctionApp.json b/Solutions/BitSight/Data Connectors/BitSightDataConnector/BitSight_API_FunctionApp.json index 758b02030db..541e7ca8c14 100644 --- a/Solutions/BitSight/Data Connectors/BitSightDataConnector/BitSight_API_FunctionApp.json +++ b/Solutions/BitSight/Data Connectors/BitSightDataConnector/BitSight_API_FunctionApp.json @@ -2,7 +2,7 @@ "id": "BitSight", "title": "Bitsight data connector", "publisher": "BitSight Technologies, Inc.", - "descriptionMarkdown": "The [BitSight](https://www.BitSight.com/) Data Connector supports evidence-based cyber risk monitoring by bringing BitSight data in Microsoft Sentinel.", + "descriptionMarkdown": "The [BitSight](https://www.BitSight.com/) Data Connector supports evidence-based cyber risk monitoring by bringing BitSight data into Microsoft Sentinel using the [Logs Ingestion API](https://learn.microsoft.com/azure/azure-monitor/logs/logs-ingestion-api-overview).", "graphQueries": [ { "metricName": "Total Alerts data received", @@ -236,30 +236,27 @@ "read": true, "delete": true } + } + ], + "customs": [ + { + "name": "Microsoft.Web/sites permissions", + "description": "Read and write permissions to Azure Functions to create a Function App is required. [See the documentation to learn more about Azure Functions](https://docs.microsoft.com/azure/azure-functions/)." }, { - "provider": "Microsoft.OperationalInsights/workspaces/sharedKeys", - "permissionsDisplayText": "read permissions to shared keys for the workspace are required. [See the documentation to learn more about workspace keys](https://docs.microsoft.com/azure/azure-monitor/platform/agent-windows#obtain-workspace-id-and-key).", - "providerDisplayName": "Keys", - "scope": "Workspace", - "requiredPermissions": { - "action": true - } + "name": "Permission to assign a role to the registered application", + "description": "Permission to assign a role to the registered application in Microsoft Entra ID is required." + }, + { + "name": "REST API Credentials/permissions", + "description": "BitSight API Token is required. See the documentation to [learn more](https://help.bitsighttech.com/hc/en-us/articles/115014888388-API-Token-Management) about API Token." } - ], - "customs": [{ - "name": "Microsoft.Web/sites permissions", - "description": "Read and write permissions to Azure Functions to create a Function App is required. [See the documentation to learn more about Azure Functions](https://docs.microsoft.com/azure/azure-functions/)." - }, - { - "name": "REST API Credentials/permissions", - "description": "BitSight API Token is required. See the documentation to [learn more](https://help.bitsighttech.com/hc/en-us/articles/115014888388-API-Token-Management) about API Token." - } ] }, - "instructionSteps": [{ + "instructionSteps": [ + { "title": "", - "description": ">**NOTE:** This connector uses Azure Functions to connect to the BitSight API to pull its logs into Microsoft Sentinel. This might result in additional data ingestion costs. Check the [Azure Functions pricing page](https://azure.microsoft.com/pricing/details/functions/) for details." + "description": ">**NOTE:** This connector uses Azure Functions to connect to the BitSight API to pull its logs into Microsoft Sentinel using the Logs Ingestion API (DCR). This might result in additional data ingestion costs. Check the [Azure Functions pricing page](https://azure.microsoft.com/pricing/details/functions/) for details." }, { "title": "", @@ -287,30 +284,11 @@ }, { "title": "", - "description": "**STEP 6 - Choose ONE from the following two deployment options to deploy the connector and the associated Azure Function**\n\n>**IMPORTANT:** Before deploying the BitSight data connector, have the Workspace ID and Workspace Primary Key (can be copied from the following) readily available.., as well as the BitSight API Token.", - "instructions": [{ - "parameters": { - "fillWith": [ - "WorkspaceId" - ], - "label": "Workspace ID" - }, - "type": "CopyableLabel" - }, - { - "parameters": { - "fillWith": [ - "PrimaryKey" - ], - "label": "Primary Key" - }, - "type": "CopyableLabel" - } - ] + "description": "**STEP 6 - Choose ONE from the following two deployment options to deploy the connector and the associated Azure Function**\n\n>**IMPORTANT:** Before deploying the BitSight data connector, have the BitSight API Token and Azure credentials (Client ID, Client Secret, Tenant ID, Object ID) readily available." }, { "title": "Option 1 - Azure Resource Manager (ARM) Template", - "description": "Use this method for automated deployment of the BitSight connector.\n\n1. Click the **Deploy to Azure** button below. \n\n\t[![Deploy To Azure](https://aka.ms/deploytoazurebutton)](https://aka.ms/sentinel-BitSight-azuredeploy)\n2. Select the preferred **Subscription**, **Resource Group** and **Location**. \n3. Enter the below information : \n\n\t a. **FunctionName** - Name of the Azure Function App to be created. Default is BitSight. \n\n\t b. **API_token** - Enter API Token of your BitSight account. \n\n\t c. **Azure_Client_Id** - Enter Azure Client Id that you have created during app registration. \n\n\t d. **Azure_Client_Secret** - Enter Azure Client Secret that you have created during creating the client secret. \n\n\t e. **Azure_Tenant_Id** - Enter Azure Tenant Id of your Microsoft Entra ID. \n\n\t f. **Azure_Entra_Object_Id** - Enter Object id of your Microsoft Entra App. \n\n\t g. **Companies** - Please add valid company names separated by asterisk(*). For example: Actors Films*Goliath Investments LLC*HCL Group*Saperix, Inc. \n\n\t h. **Location** - The location in which the data collection rules and data collection endpoints should be deployed. \n\n\t i. **WorkspaceName** - Log analytics workspace name. Can be found under Log analytics \"Settings\". \n\n\t j. **Portfolio_Companies_Table_Name** - Name of the table to store portfolio companies. Default is BitsightPortfolio_Companies. Please do not keep this field as empty else you will get validation error. \n\n\t k. **Alerts_Table_Name** - Name of the table to store alerts. Default is BitsightAlerts_data. Please do not keep this field as empty else you will get validation error. \n\n\t l. **Breaches_Table_Name** - Name of the table to store breaches. Default is BitsightBreaches_data. Please do not keep this field as empty else you will get validation error. \n\n\t m. **Company_Table_Name** - Name of the table to store company details. Default is BitsightCompany_details. Please do not keep this field as empty else you will get validation error. \n\n\t n. **Company_Rating_Details_Table_Name** - Name of the table to store company rating details. Default is BitsightCompany_rating_details. Please do not keep this field as empty else you will get validation error. \n\n\t o. **Diligence_Historical_Statistics_Table_Name** - Name of the table to store diligence historical statistics. Default is BitsightDiligence_historical_statistics. Please do not keep this field as empty else you will get validation error. \n\n\t p. **Diligence_Statistics_Table_Name** - Name of the table to store diligence statistics. Default is BitsightDiligence_statistics. Please do not keep this field as empty else you will get validation error. \n\n\t q. **Findings_Summary_Table_Name** - Name of the table to store findings summary. Default is BitsightFindings_summary. Please do not keep this field as empty else you will get validation error. \n\n\t r. **Findings_Table_Name** - Name of the table to store findings data. Default is BitsightFindings_data. Please do not keep this field as empty else you will get validation error. \n\n\t s. **Graph_Table_Name** - Name of the table to store graph data. Default is BitsightGraph_data. Please do not keep this field as empty else you will get validation error. \n\n\t t. **Industrial_Statistics_Table_Name** - Name of the table to store industrial statistics. Default is BitsightIndustrial_statistics. Please do not keep this field as empty else you will get validation error. \n\n\t u. **Observation_Statistics_Table_Name** - Name of the table to store observation statistics. Default is BitsightObservation_statistics. Please do not keep this field as empty else you will get validation error. \n\n\t v. **LogLevel** - Select log level or log severity value from DEBUG, INFO, ERROR. By default it is set to INFO. \n\n\t w. **Schedule** - Please enter a valid Quartz cron-expression. (Example: 0 0 * * * *). \n\n\t x. **Schedule_Portfolio** - Please enter a valid Quartz cron-expression. (Example: 0 */30 * * * *). \n\n\t y. **AppInsightsWorkspaceResourceID** - Use 'Log Analytic Workspace-->Properties' blade having 'Resource ID' property value. This is a fully qualified resourceId which is in format '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}'. \n4. Once all application settings have been entered, click **Review + create** to deploy.." + "description": "Use this method for automated deployment of the BitSight connector.\n\n1. Click the **Deploy to Azure** button below. \n\n\t[![Deploy To Azure](https://aka.ms/deploytoazurebutton)](https://aka.ms/sentinel-BitSight-azuredeploy)\n2. Select the preferred **Subscription**, **Resource Group** and **Location**. \n3. Enter the below information : \n\n\t a. **FunctionName** - Name of the Azure Function App to be created. Default is BitSight. \n\n\t b. **API_token** - Enter API Token of your BitSight account. \n\n\t c. **Azure_Client_Id** - Enter Azure Client Id that you have created during app registration. \n\n\t d. **Azure_Client_Secret** - Enter Azure Client Secret that you have created during creating the client secret. \n\n\t e. **Azure_Tenant_Id** - Enter Azure Tenant Id of your Microsoft Entra ID. \n\n\t f. **Azure_Entra_Object_Id** - Enter Object id of your Microsoft Entra App. \n\n\t g. **Companies** - Please add valid company names separated by asterisk(*). For example: Actors Films*Goliath Investments LLC*HCL Group*Saperix, Inc. \n\n\t h. **Location** - The location in which the data collection rules and data collection endpoints should be deployed. \n\n\t i. **WorkspaceName** - Log analytics workspace name. Can be found under Log analytics \"Settings\". \n\n\t j. **Portfolio_Companies_Table_Name** - Name of the table to store portfolio companies. Default is BitsightPortfolio_Companies. Please do not keep this field as empty else you will get validation error. \n\n\t k. **Alerts_Table_Name** - Name of the table to store alerts. Default is BitsightAlerts_data. Please do not keep this field as empty else you will get validation error. \n\n\t l. **Breaches_Table_Name** - Name of the table to store breaches. Default is BitsightBreaches_data. Please do not keep this field as empty else you will get validation error. \n\n\t m. **Company_Table_Name** - Name of the table to store company details. Default is BitsightCompany_details. Please do not keep this field as empty else you will get validation error. \n\n\t n. **Company_Rating_Details_Table_Name** - Name of the table to store company rating details. Default is BitsightCompany_rating_details. Please do not keep this field as empty else you will get validation error. \n\n\t o. **Diligence_Historical_Statistics_Table_Name** - Name of the table to store diligence historical statistics. Default is BitsightDiligence_historical_statistics. Please do not keep this field as empty else you will get validation error. \n\n\t p. **Diligence_Statistics_Table_Name** - Name of the table to store diligence statistics. Default is BitsightDiligence_statistics. Please do not keep this field as empty else you will get validation error. \n\n\t q. **Findings_Summary_Table_Name** - Name of the table to store findings summary. Default is BitsightFindings_summary. Please do not keep this field as empty else you will get validation error. \n\n\t r. **Findings_Table_Name** - Name of the table to store findings data. Default is BitsightFindings_data. Please do not keep this field as empty else you will get validation error. \n\n\t s. **Graph_Table_Name** - Name of the table to store graph data. Default is BitsightGraph_data. Please do not keep this field as empty else you will get validation error. \n\n\t t. **Industrial_Statistics_Table_Name** - Name of the table to store industrial statistics. Default is BitsightIndustrial_statistics. Please do not keep this field as empty else you will get validation error. \n\n\t u. **Observation_Statistics_Table_Name** - Name of the table to store observation statistics. Default is BitsightObservation_statistics. Please do not keep this field as empty else you will get validation error. \n\n\t v. **LogLevel** - Select log level or log severity value from DEBUG, INFO, ERROR. By default it is set to INFO. \n\n\t w. **Schedule** - Please enter a valid Quartz cron-expression. (Example: 0 0 * * * *). \n\n\t x. **Schedule_Portfolio** - Please enter a valid Quartz cron-expression. (Example: 0 */30 * * * *). \n\n\t y. **AppInsightsWorkspaceResourceID** - Use 'Log Analytic Workspace-->Properties' blade having 'Resource ID' property value. This is a fully qualified resourceId which is in format '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}'. \n4. Mark the checkbox labeled **I agree to the terms and conditions stated above**. \n5. Click **Review + Create** and then **Create** to deploy." }, { "title": "Option 2 - Manual Deployment of Azure Functions", @@ -325,4 +303,4 @@ "description": "**2. Configure the Function App**\n\n1. In the Function App, select the Function App Name and select **Configuration**.\n2. In the **Application settings** tab, select **+ New application setting**.\n3. Add each of the following application settings individually, with their respective values (case-sensitive): \n\n\t a. **FunctionName** - Name of the Azure Function App to be created. Default is BitSight. \n\n\t b. **API_token** - Enter API Token of your BitSight account. \n\n\t c. **Azure_Client_Id** - Enter Azure Client Id that you have created during app registration. \n\n\t d. **Azure_Client_Secret** - Enter Azure Client Secret that you have created during creating the client secret. \n\n\t e. **Azure_Tenant_Id** - Enter Azure Tenant Id of your Microsoft Entra ID. \n\n\t f. **Azure_Entra_Object_Id** - Enter Object id of your Microsoft Entra App. \n\n\t g. **Companies** - Please add valid company names separated by asterisk(*). For example: Actors Films*Goliath Investments LLC*HCL Group*Saperix, Inc. \n\n\t h. **Location** - The location in which the data collection rules and data collection endpoints should be deployed. \n\n\t i. **WorkspaceName** - Log analytics workspace name. Can be found under Log analytics \"Settings\". \n\n\t j. **Portfolio_Companies_Table_Name** - Name of the table to store portfolio companies. Default is BitsightPortfolio_Companies. Please do not keep this field as empty else you will get validation error. \n\n\t k. **Alerts_Table_Name** - Name of the table to store alerts. Default is BitsightAlerts_data. Please do not keep this field as empty else you will get validation error. \n\n\t l. **Breaches_Table_Name** - Name of the table to store breaches. Default is BitsightBreaches_data. Please do not keep this field as empty else you will get validation error. \n\n\t m. **Company_Table_Name** - Name of the table to store company details. Default is BitsightCompany_details. Please do not keep this field as empty else you will get validation error. \n\n\t n. **Company_Rating_Details_Table_Name** - Name of the table to store company rating details. Default is BitsightCompany_rating_details. Please do not keep this field as empty else you will get validation error. \n\n\t o. **Diligence_Historical_Statistics_Table_Name** - Name of the table to store diligence historical statistics. Default is BitsightDiligence_historical_statistics. Please do not keep this field as empty else you will get validation error. \n\n\t p. **Diligence_Statistics_Table_Name** - Name of the table to store diligence statistics. Default is BitsightDiligence_statistics. Please do not keep this field as empty else you will get validation error. \n\n\t q. **Findings_Summary_Table_Name** - Name of the table to store findings summary. Default is BitsightFindings_summary. Please do not keep this field as empty else you will get validation error. \n\n\t r. **Findings_Table_Name** - Name of the table to store findings data. Default is BitsightFindings_data. Please do not keep this field as empty else you will get validation error. \n\n\t s. **Graph_Table_Name** - Name of the table to store graph data. Default is BitsightGraph_data. Please do not keep this field as empty else you will get validation error. \n\n\t t. **Industrial_Statistics_Table_Name** - Name of the table to store industrial statistics. Default is BitsightIndustrial_statistics. Please do not keep this field as empty else you will get validation error. \n\n\t u. **Observation_Statistics_Table_Name** - Name of the table to store observation statistics. Default is BitsightObservation_statistics. Please do not keep this field as empty else you will get validation error. \n\n\t v. **LogLevel** - Select log level or log severity value from DEBUG, INFO, ERROR. By default it is set to INFO. \n\n\t w. **Schedule** - Please enter a valid Quartz cron-expression. (Example: 0 0 * * * *). \n\n\t x. **Schedule_Portfolio** - Please enter a valid Quartz cron-expression. (Example: 0 */30 * * * *). \n\n\t y. **AppInsightsWorkspaceResourceID** - Use 'Log Analytic Workspace-->Properties' blade having 'Resource ID' property value. This is a fully qualified resourceId which is in format '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}'. \n4. Once all application settings have been entered, click **Save**." } ] -} \ No newline at end of file +} diff --git a/Solutions/BitSight/Package/3.2.0.zip b/Solutions/BitSight/Package/3.2.0.zip index 19d3c5cfc6d1081853115b8f4f09a6f9de2e310b..b9338a34e328043a7224cc9bdf40dc84e940dbbe 100644 GIT binary patch literal 50423 zcmZsBV{oQX(`IZ;Y&)4?Vp|j2HYRyu+s4GUZQI7gwrxGh=6!c-Yrm@fbN8t}_m9)n zeXesg6r{l+&_O^zU_ex(W^_8E1oNt3K|qM;K|rv+wZ;ynhEArcmZGL+mbR8omH=A@ zD@TCsr54b3eH7(uTmF}UwgxKsxC?`&A*<`?>Td?Wf4I$zLWX#K5%`MQjIQoH(i80q zf;mO8OH?#wuQcH?`-5`xdSBsW4zAtD91RU#J)l26vh#6@Nmqgmj&#I3_U&)UWr8tb zi%WH>eWvI`;(t%LvTnh(3}h*q-74*Qb($-3e!MR7%M~Td;SzLDCnW&pZ>~)qt^-IK z(qRec8Yj=1qAE#PoOfB|+r@G@&Rd3nR)Cx~#m1^OyIY2-HMo-FQ&bC4P z3tR5g4fhSOiiJ^-DzMOmn5~-M%zr7Fm>x+L`zBk0nG}?mH)&R;hK4&ec>P6N8?_iI zHY{)>i13vdDa~3a9WEmdb@4Jl71<{$;z=Hx40cM(gk(yo%i!aK|9s)>;D$E{`KbN` z0@L{a1@`Gj4Q%#-AYs4>*K&%%Py1z%$V4ldF*t*vW#UE>vvK923+z6ds7#k%fc<-W z7Wjgc*z%HQ+-z9mZSqltN^(xvv3^EZt-w&=c-^9v4SQ6L($FEI?FFw@&LX9Ht}f18UCBAkDnKmifnXpwuQ?2fV`D=AWxrDQ=l#RvAyaEn)9;-f}i$}y!|7RdCIJM_D`GEsjp zl-ZY|VM!7b4q)F!n95OaBG_P@C=Hw%`s-COJ=dlz zF`d-0&1h8A^^2C;!@80Al=C9MvpHBO@7X!w>kJE@MH|LD9Hu6O8OQbrC+V3(M%(18 zP=_IKt(o$K{g4A7mxx;h_n%>ubx}HZ$B@My6qFWnmlwWp++oEq~)1`5+oG%)iK-MVkYS{WatEKN+ z&DM?F|MBPPB{8v@)hJPt7TT-b62b>Bxfg87{0R?uo|v*mmLVnUu`8d<3|MNvfBRad zSEfM=XJ9Ehfe7pycf6u7!7r#;5cnNJP%4RF7!#KZehN2v$g4&Pswj>uWE0qIKyTj) zj3cLltC-GHJ{b>XtQu=j9fJfPxu=7Yn34@|aE}}pe+T?-IF%|Fv~Z@Jp| zC0nBCY{wZ|I5>WwRhFB%U67R0C*4h@mM@swzG3U{sRuA_@f^A3?brqm(|0UhM?z*2 z;n}Hg;+RVM7q&_N6mQ4qiDauD54a~#VR&FlZNc|X{s%EL7w!9836D09c0rXubaOMu z`*B~pL@39*?Weu%I*X;1Q!7BW8F19zr4bHGtG9^*nudxp9TgFY`M$yfDN45?u=Bc- z9!1ADS)`P^vMgSqhTWL&cZCUcP#L$TXdYqkAzq6AYHF7rQK=qeP$L<#b>z?scp8w_ z;}3GsCCc`hiAHh_TyQ+SA_b-_F5!;)i#c z378_eVeYYp$uRG``FZo#si$k};yERt4Z+;L+U0NYE-K8 zYSA=^R$2cg8ybZXZ~S!RZCt_9DD^hNTAlLIlB$BYv!X6;-{HISkO~b;T3m5X6A2izT1q7=Eefu8WyS` zbLG&dVzRY3iqvuP<6)7JL(l@wg-RGs%|`Bd@|3zATTLtKw}9e;!{J|l)LWqP)P%3d zfKB&R?-g9@ygdiGL4-sp{0r+(0K3~wSYWfTVPRqSiu!I>y0a57GNs~O;Q?&slc z9J)lavFXvERm>R0L-4x;Nvz3^WT9NxJpvq5Iaqyzg{4vl?vClOft^k3E>nq$w+78h zs6KO}4(}s%d}g@Vz?3ym`gfaxLA-<=gyX5%Alw1&CyZ)m|oTJ8MHn))iB zIBHuu&xOlVr&RIu17#UXzxldFM_qj5)8d`L5n!}d@@gugGGyo6hZx?;pxxr73k$T2 z=^k2@9s?>#Zf%VtZhf2X*Ohz< z56VLkcM6P5OhoByB{2QN*0sB}NH zg~|}OE8+H^h(3r!Q}VT!uGeyRTaS8FRg}*cHawZY)qw#G12$IgzJAs$Fc(1ox-6vM zJ?f8BKB+H;r5F5);LS1My7O6`fM`%$+w};&-GH95UnR6$Z^(~acfE6&6?)S=%=N;< zkeaSD@_c?cJ-4EMS8t(0AsNTGoOMl}(RP&La8M9xM=nvsRz@D>k9ojUr1V&%9qM^w zbqsSvcf_D~H}X^V(?zo%`dQun$rU+Z?h%VBx#xFy(7@oz5IEOI2Vi5DLv#O}3wSGn zX?FE)Mr|}?zMl`XS<^%0EApBAPgOTOOK){A((`Fd1jFz%_h&kvD2C77l4-_PyKdV06!mgQ+Fe*T*>_3bML*Xj@e(^Nxo-O?>~IUg7d9Hd$?;>miO-1 z-sUm7ddzB^EcEMI1W4fIDu}wCB93@q^yd32KC%O=+`H_%Ziy8B2gBw4?o>n|Y9jn^?BBiUGTC*^a|3}^Gd%YT}@ z&HsQ$gWgUgsDGLAB-wwj+MC~PZqxiEmju&k)Nl}<;d1;(x+I(jq5>>GJC}#C`OvnA z9)kdMisJ24-wmX6bbO>tLv*-_QVvFQzg$}iawl`3Z1-<&={<{iUgvf#Z#IQryTvM8 zCChk0OBCL3=N*3<7eHQWXXBx8yk$X62Ey$^ zxX;LR;^G^6+-wFE<}1Zb@#m6@gv)Koyizhme$gykDPu^(?N;P0E4d3iVlj#XY+ZOX zDe@~P0tyo4CG}erDXRF1K0plXGNX>e`Qpiw(W-~?Qs3S{J6ra`*ZId=An{oUN*{Y; zME)u~`Q*S4EDvmD>nMw`Kd7^wMg@jDvKqH7CDhd*D#1N~3tt>>l(o?o z_26nvxTV5>R1=Q$_%=3r2`Kwu$o8M2c_s*LgZd$7m%En6^I?JMq4r5O34zhGgcn&%Mh$<9!r zF)lR9TY;N2ZbDB=(*xy6s zg<1;^!E=jlOoK$uA*0NqXJ69}$Lnb|G=RAfaby0MG;rLqYJe|y-OT#luy*XzpYzq0 z^HmgY_^h(rgk?(*XULrqH(iQSo)Hd{YUOc(gb3HSuX^U`GKn_=Fon}j%>yyt}@`n=FBq zM}21YTny) z>#{1$wL&(Z`}#?3rX#7i@W!?U_4+F1=E}#kZ9-~If+}!-0BwWNsbl04+}duQpG3FA zM%&FU4A~B_a-Qzy>I>@7BK(}>?&_=R&@xY6et-3eJGx1$Tu$$bEamo`%Y1$JS3=k5 z+PH%6gy7-Z{41aLL2leeWcip5iG#RKH~S5i+pE5hPVJ)i@lMZL(yc1?@U!oQ$5s_< z(ORdcMt?_Wl6y)LzEg+D`kKHWqD!KzM&zH?HQw`=-wV&=O)|cT=G*LWSLEa4P1;TM zqs;+~Tid4JD#x1xi}$ugG>b=@1*ltmpQ4qDYQ!*=^_6 z9~&t|{QUx^A+-E1qeFi=E_7GatB{xM6%GjKrB+GR1z|Dp-F=O4xW1VNQ;*zBI`&os zqC1q5Mcz#f99*nfIuT{WjOA`~jd#7vCSQUdlS>jEZ(Sui-j@mw=iA!1ZxeZHJAQgx z(6yu?#Z$bsfE|C}8n4}vtk(s9b^?s@NH6TW{1_}G`279AXT&QB-wvEko&GdNrKBOW z*%l|$&2V33r+qZpSqvQ4fdM4G5n*z+JknC2ywX5*Fa7Pn_9T6!WU%cducO6I+Q6&Z za4&r*-F`BymqV+Zmr}3@(!?PwozjYb8b=I5r@cxB$8?#9#9-5C4Qo`VpVmrSxSgm- zEB(3V;R%gq(c8;IremYgG!4Elq&PRNIk{S)oUd6oH~Y=v?S+@>ugl7b0iDi6DnK{Cq(*uc1^H*r;Kvgd;)nR2{ z1Uf6=C>#qa+wB*N{Duq_8b0sY>fR9TiZBN$pLwSS+Vl^y>Rx=t@w7k;nyWlP`DSya z#LLB_IDN2-*eOzx#uw4aJfbKe!{!#F?l5R=G0SFkA?xAsR4v9GsDib|?yZOUrV^%^ zJGx4Xk8tb)Cmkq4%_cQfjw{*=C9$#e`Fczzm0m8&BD!~lSVw*YVbqNVF-FrYs>Qx! z zC92j=k>(1)bw-7npvFZ`ok{I7jw^}T?pJX!%xZ<$o>{Ne0fR~MaNPJG)YH7n6lw=J zGAj1_kfw_<2tzVi&*(S0JoIRWaMbmv z`z1CQTr{aAH9v?|M^Eto+FGMvTd$|D+WJ<%~mK}$PHK<0YX1Q$~C{ay%{FY6` zat(Su3buYHjE?TFb3Ca&>w&`4Ajo=)wgDyz7&JRgAI7QPf?sE^k;7oL#iInT{xZW` zYX3sOzwj~hna%;*<5?lq&H#t13;ZhK?p8HRT*yn)={qud1X7tk0@Ew?*!OW(ySswf!BeX`z#cmaZ`3N!PAq+sZlg>0{srA%FF3dfHKZnqwVDt6z_eCw?WFx`^&12 zQb{$zI9jM*w4nwA+d&PJf$hVorpBD&AE7RTrYkmm7IK?lgeZ@J770~J?p zj+WEv^3oS=+2^AN>{4|gZ06rbu^wss{4MDxkbot%^GfdbERo0KyyT8G^yQX2#|dj{ zKa+x7#(}%E1);3YAX8p)DDe{ZJ|^)tTPN?}DXpf@f0XElzpb>bq_=k}|0+xVr9z6$ zuDW%}#a2AumFwwCqiVi^U=N&GF#XGbzwfv5dfkS&X>*;`_>8LK+)u<^;)BNV8Bhkl zD}-(N!QkKbjM|4UE=87T~ z$G{%f#@(AM-e57x%^;lTs0#>B!r}+C$8#72^P%m&_IXSl^E-Mx;}4Y*XaOqOE^6F! zfG?N2Lp%c+b9iXR&n#^0CQV4smjHx|z=H1w$hgAW&W`g>&&sz=m%ssF!q(?4$ThMC zc#=nWsO=bR(-k{DFEP@)stg*aNS(Zql%Nl;UP4bXD=||wb?V=x&0&3IRNne@56PWP zT|3v~PvrVts}n87_FX*GU%AL7N}NxG)9#be-v)?W1RZ2t2>;yIJ7>UDxgDo81noRH z$$u?~M1#$Dw?o|x>#vt9W;m=T`;#ZVe70fZ_1@szf+8N%wZ*#3G$&2Vqrk#q5rduzyv{anj`36*%zJ7YW>d`hA_+_+3?tc?w}@{w25)MEJ?E{?Pb`+rd5@5eb4^aHf|8Zf0nJOkXnC)QI6G-&*yb~Kw_xKJ!aJ`8( z5DFwyjt&GLNC^aH?@o-xm&rZ1n&S#x-vpO+6?B0sS21XFibO)|8YkET(gC5H3E=-) z_VIHvcV~}*nRS=;`(rQKJg44_+(UA)c870Vm#fz$ zoS{F&bz{RqRi2bjpV&zCML!Wb`9tuF@ z$=DZESBg{txj08g8Qg`w6Ae`wPi01~yQDuc)hcxt#NWN_hoI^m9jUWEY{u0x{ z{!{xz(c`V{7p5&iL%CXDbgLmr0|pnG+XgiR{P&dpOw&MC!!^+{s1r*-Ram5?McVG3}3G)gYCO1H4_$BD# zJ%ZA0q&0Q`_nd0TJZ$*xsbCt=(>vzd`h1y@tc)y^3FqBqW=(vJ1#cpaab$Tg*}@rR z3uAwNXX>D(MaczT6R-K`DEN&P9j^@Bz-PN6x*?Y@%z z6>JV9Fd?*Ggup=>uklTZ{{1kxsg>2|CdUtEI zYJ#r7(}n5(e1jQd=7!%V1mEQ;^zf$0A4JCd8f}NFp8#7&a~{wU%L_(OGsZ-`i+!P^ zoXc$vus8_R*xPCm=%KIEop7`kTMk)PZe@`c+Hi4#RAIN{g-v2eNJ?#wremD5SZqeW2tMG2zz9c|=Ms9cG zjMRlaT2|M?3qKNgN22*fFIy}p`pPEW#Nl3>`i-9Kns_qz5^W2n0+s%WVJX^4KkE2} zJ9rQ=e<^g|M3X4u5$!qdC$yGyd4&^%vM_T*XL8HkA*}x%d{Ne1st5O^Rqg8glUz5& zUvW=4^t*Cl>1diVpJDB-{GtJ{J__$p)8tilNwnAMv6euUAN)+vynKMez0bEmGGI}x zZNd0Sf`WHZcM>NlsmL46Tj$*!`ff$ASh)K~K%=yiI!eS4ow$Lzb0|ARcP&RIqJ_=6 z$4we~YoV#-251p^iqWFY*W4v`PfsqUD(B1K10eAdID?m#Wu~^RUH?19)Yk0mfxOhy z5#0%^pf;G7A!Q{k6n?Q37M{6D zaQlXRRZAsM{Y1%-GiTG^vaEOT7e=>T1Qcz#^X@`@QokCx<%8akVN1Mz_Mls~`(+jq zNd)y*MFsF=54NdUZa0O=T1nPJq$ZAfEtYqy8)$hwgOmixEy9~Oz2D6AJ3B#A#Y-Z; z&RqJvq!~pU^GaUBa1|yF546kF#;5b)G|nr}5S_WBT?frf@0hi1eZ`i9olG|N&lSPb zSBsOP>@LX zclEq#dkinY*3m-kQlTMuv>m$FPrkZ^-?OkP+csKq^z*u=2_;-Q3mDXO`+S9=CBI6} zcS>^u16#po%&@UZXslf9m1c+RHy~rMt=yX#+C8)QjENXch%T1l62eRk<;HIzt@WOy zJy#i_0MF!}oRGe@L(h|#5!%*y@L0qzg~8Kki~&&y1|yl3QAUO7oXvP`wbKs%EK2!3 z@l%e6vVG%bQtDs_w?}?0sc)k7Vf{9hgTV@5W7h$Y@WhU5Bxmpc9`g*Z*g(KkTEn|a z?a|&@7KO)M$?svoG0QzVm==07B)99NeUkpVGp}nNb1XI5X&F-#Ew6=%@1Oc{l?^fI zbd+>o!w7^mI~`k16!&lX?<2ZUaYjiJ^R64|Gae1NwA@}!FLGhS()|de^iPbXhQ&1PF(Uzf!oGH%cQ{bM{796w~mLMD8 zTlIHRZ9k5xUqVnyn=M(!xu>y_YQxtn3GqvuP~Q~iF=zBvd<*Z4N&e==k*bpjh(<%- zMeAJpPW4Xo17nxVF^HmC?DtDV&nFM>(OijudmVX%l)YvhcM95#c2dDYB3kBW#1P6W zl@Vadjrl7oOTH#Nkjz8A+KzQPKH##*H{XtXXED!pTEl)0K#M>+*7ZCwsI~G zxs~^S78j7kiW9ek9U20}Hsxm7y=`}bqRc1t@q_PY;)#reaWcQ?8#w52idj@irTh@^ z)H%a+P*32w7J!v+ngYDMgW-9rZ9_l@$yub5WU>BQ`V!S}sOI`@*`S>i_+}HllIxkr z{YJ1^M1{=zv}E7*;(P7r5_Q90bZ_Q>Cf%accO96vk3Wbk)%=Oe0prZuBU*@3I)!iS zJzmx8wL3mLF-ta1b!`O#F*XW7CU)VfZKh?wA0>|2OSg1~oFNz4B@j z01f--BQ8OU{ysHcZ@G!!Z+l=VYtLtzKw~5kK;ZO@_I~rmJuz*2GDS#p@P{b{k;93+ z>>=kxNHrz$Sz(2mM}bOtm};A${FTa2ezt&P9amS)M~?eN?;}n!yfr`N_PImhpJurE z4eC|5TQ9#4nfesZ@nvXp*cv<9Hff}?R&4@g=&45++;?76Y`IMp^@~>qk$wn>+K!dZByVWi0RDzF+HIuNxy0Ty9Q_24tm`U_WEUr_hMgMrAl`Bi9`%!4^Hh7u(wW0_p` zo9uwB_Ej~f=pR_gNRp#@sjsLqL&yYz2Z&6!i2ea57-s}gUui+1l9`Lf#z@W*(A>RaZ!uYQ|$5$437$_jp_qb?ggw4Y_;!Ry8Qc|_UQ*m^?u zoRP)aE2E+Zl)|quD{mu9!r&e0K*;RaxcJi3_$antDGExEp?WDi@b)mhSlIClYoUhW zwiw?mKj2$<$#cLRjg38UKc{jtA?aHC3lDi`B(oK?h8 zx`%&~=JYh4Gd$n!mOK3bWmsX3Hr&S*EseCq2Aep4wEfWx-|?g08>rkuyf(njo(QRQZC7tORyFV z)?8XpKdbK#;`&MnA64QNRD2Ymi-sBaIq28>k0!TS(S~t+7#eXTZ=}&r#FRYn9Hbt{ z8(1E7yxxMO@%LH>#Rz(EL;B&-n)IRDyQ9Og2K5!jm4iB7vJ0^N*^-UmWih6ih(OOD zuSd!+g}pLkcQ6Jng)d`=Y6h(n9kS3=Dy!obgnUYk;;%*O@bF$#N-CzmIr4~Xi4$FO zYS-~ALt+BZmEz)RZ}u;>kGUqymY_ku=+`m}^t3yoT6Ggm`*JPD^xMaeDt7k4;Si0H zkd;z0tm2qVO&62JM9R5e%N=zp`kLM^;oSA2v0SbR@Nw}o`q!&;bDmGQUB>|r+1F#> z9ar6;SbanqyJ?4s(dH~cy97QzKj8HMCK?xDa2ijT~*5}B1OL&DN zSO*l3K$9eb3Ahbb(Z?1qE4N#!We4cI)yhN3g`J~1+JFP^qe z?YK|yHJH9J5gtnq?(l%B6k~Xt*wu+y(#6MQ4d_T}YOxh97;#;JzO<1I=B=3!6d5)3e<@Rqmn2HlyDY0q!45Q(z~) z!yRPw!&xZw&W}s_HszyfPTLpD7HdOps2Xpey!-<1wda-3-|r9&~=+G3)7W`O~#5K{<>&P6Dg^(PC)km zsos|r!J;8Ql~u_9I~Z*N3T z5pRFj&TKhFdguuc_og*~J|RY17luvE4&I;X1`MB9Z;ejD!I7Ii_3*L(XT|$xc+w`8 ze%MeJ0#@}k_cSYdA&e{rjLft)^dHqURI zzMG9-ElgtV4q(0NhXSkSYMKm_(uG{TSOw1N5~eDhSQ6=)Xk9#mI1{c3uSNcmGkGpE z{2dIJz{85o=VRp#>tWuSwXP+eKQva)R@eG-Rs}AAg{$Z_Z`p+_4AT*?@9!cO%gK(c zV_3#YO;upc>H!$U;r((SQR2xCGA_YKzLDwZiQd_Lx#GYvr$TK@zuR^J?q@G`KMUH| z?ZS;qW+t`YaYfW0-WJ-eg)2wZ5vsCVT#64gx?K#u$ntnV;*IQ1+@oTD3vCc)*@7`A z!G;MYD?qTGsGIZ81z5E1j%UznO)tZbZE{>|K{URjaK)F^1`eBc#5G5yy}MQ)|DtZqa={o1`? z;~F(J9;9hOt_~Wcsn}{=@6FQCbr+6PLNU$v>6eydm%dN$aQAvn87t+KAQ5frU{6x* z4t7DrH|(5zC@L2GuUn$(AYReLobr=wu$8bjy0#X3Ilt`?x-A*!;uy)1Pnk1Ty+)zM zY$xVh)cAybi`h?MBYQvo-6(g6^*YMMDG>h}zXBqS%u@`=6x%)9O5yM~z5I z#J%~)!ByA(BJV~ozS}u352J6FEut-ZaQ+mN*SYMY)UtUPjLvSIL#qkTZvA$d0;lBw zix<>kt>uP2nnY9509%HRpPiTOxFHcV3GCm>n2(+YI715AgG#s}#Eh50rU7KzGsL>v za7#ghmu2B_S4+Te@2&6Vpk|Ur2E7TBEudxAtglM!4r04&b{Z9DhPbjp` zgMnTXAisN?Y-W5(p$=8667Fv+xVeKWano77XLqK>l%*WH$JApQ1O*n&!bWF21{*0Ka$rSf%QbEjKwbnh_(Zx;;AYHh|M4#OrHDN_Ag-@oT( zSfuH@mVdJa<<00h{q(=nGFzLN;)Sh0c~et1vJ^}B7B)_7t1NBEl^QxktYAlP>@ky% z0Mb9zMExUsZ*a7-%K?(58=+m=OCjMt_0huI#mql(Gg6^q>Vi44jT3rV!${t>c%ile z!qM}Cg{4Z(0ym7p0K?;?V=2|Pg95kZXM`x+KC;G6!angHC2G5rw5x0(SxSvq5igx# zp^>i*srPX1<#D=jTzLlZQ_`aXqik~Ud}2ZTMV;E<#c4{ORjJ|vgk!A!#%8$QQ(S4o ztY3JjIBSVH(JUw~B&7@*N`RFF31E^3^aiz>`eUPz&Y2e9L6$;S7TyKn^GaHMJ>Fu# zq=}DZJ|4j4ZX#O~Xx$pEzqSdMRr5)J<6CXF-qYA|E5e}Hy~c5p=;M|QZT$vo;M3ha zYo--*&hQ~dOA73`kiophv`U=9dU}7=_fJ|FahSoB;E&B?+Uu%jq);yt6;U5c4l0>j zfgcwqa18VjGzln6z(ag*x)ba#yY>`PN%A@QZ_;4#D6l6}lUyRL3}&Qpz|h(+bYSHU zN!a+EHJniq5)$q~9Ldla$_|WX#N`smX)+u)XR2jG4dp*kWhs0nFaP^AJHpl+%smNf z6Z4v(b`~>z^;%jAiapQeuO`E*$KB7gNENfsRY!;CF$xk$phu(73ibSMTtAsv|3hY9 z6_`zg6zK^69&l*>Z*!TJh_ps8@MmYolx@lPctxO8Nt(}+W2#~+qZ+VkIX=ny@JInT zRk_7}>hB!Uy!!N8c1Q~`SgSzN8r?FQv`Vp%Euv98eu;X1Nk3k#TJRs;v=dyzLqc6Z zfJ_axw4San13Xx~V`R-0lE8hHZ8V0FxS$vxqz2btLtS)Tc#lC`4DEZm#)pVXqeYcE zkBa7gsYOQ%3>AuqvT-zTf4qiFR;Fw|=fLE;sXS|5{ybx2Heqgbq6-UX>^j-~3TJN~+qE8k~CtmPyhtvbO!!*^qR$G(_m9oJ!LFF|&1Zk!H z(SQ(^EvVG+jY^MUnn5g3^F(5acs37EWU1g-hAb%Fq=6SHJJkXt21nP|Dq`06h-;>P zu#NYNYpzhkiv{rCKgaepT zcY2e-0eXaX>0yGYqH;(L?w(_Zq}`;@)if++Yu(;0O;yeO-uRXbZk;YZSi?H+_{|lY z!qwi{0Z+f<+)vXi&UGN20s==+i4$g|AL)XTr8z9&c9U%Cf0#Ra#Fl|;pBD(g)yis2 zL)av;Yt{-JQs5X(A%J=EIrHm-jDA98^YzIF6_gQ{vpe%U7WxX9h`p20X+t4;irBFt zJ_IHy6Gbo|HA8TJWgX9tf)DhkaX2^miNPLR%kR~D!^2?_pTpVvs`mPjc6WgeQ70Y- zQxB&Z;0Yf<9uGnv&=6PrQ3V}z=M;`}A{d#=MXYz}O^e680ZlB4;PM)OYh zz&npTnepSrtkUyz>m`AXF)SoogijZ3;WG5I@Opw7Qg-zp6I^4j25oneTDN_1K|a)5 z9t%O5_U$!t)K6*Pdmt)d7lOXL?)u!{zac=-cMXO2pAU$tRkMtx&sQj|$D7~02R+uH zAMS~&(&W`GD2$brQq))o7;76w)h%+NJaS9;aAS=7R8p@&bnh@sDXY}3K&y{3;~HkK z>;2SbVp=1~lt;4RHC^j@)~;vL>+^2kR|_y~i4|M5qR;U}uHHAyd-v$1thFh3GLDR> z!-myZwCd8UW!3(8;WzbBRc${QYkPaH)FNu|SbTfW`Ww1{K=(LODSmpocyb+$B^YK^ z;h`>~S>QpHa>dkZh%Q6VNlo`Gs=R3BbetouC~Y4W=vuZ@CbtQwYAK9Ua`Os_bg15}+6H`sKPKLut2A?IZMw_{LSRUMWn<#DKj z53BmK{Y~0o_o8YF(bQr|V7~QlPJ%%?og&14m!dW$FCh*r1cT2y2^_Mei8LiB0#6SR8ihs1qrrxsA!}w^a>ci$RLj=pY?u%W=mx~tmn9&I z-h*AWQ_GfCX(><7_>k|e_oNs%%K^*f@^g2grjN%)x9c@Gn(CXe)IiFLr+H?9EGZ&! zNXF#9BQkSzMLUp29(pQX{ODa!w3`ozuFrex?u(w!GA$=>DLZe=D_U4{Z&>4RuKk*} z&Z+=Y)0E1H6smjE(th2N7cgZXHkx)j^i9f$*w;I0!Qh70HGAFXk1G2pT)9Cd`Tj8(Y6@sY?2^)??Bvv8Q1Lt0b=`Ijv3_MF$lblh^0$R$RK z%0LfCc0>@|{-G`A!J~eYNUgK}Cd8{U)tWHW-Fx^A4s+Bc`1WDlX}3$7u6@-mty6$m z&)!WYrwPPg@p&oy?xXjIBEFHs?vHuBT?jb=j&b?SJ^0XOpMA*84>rBtM-YFw>D~D) z{Z1^qcA)tgWM((+)INM?PAJM1;|x|Sf;pL%m6t!B{?0I#+hKRFX}uvzcdvNr!kZ_= z`RM%yZ-DiTp*YEx3~#^`@r3g&48sZ|{5?GT^PC_i-l!3{rp)*F(6{(Q9EoUB=l_#E zZV0M=<^SycKgvqg0{@?8|DS(H|F6y(M)Qvm$|p!2%tUUevoQ*8Zpb-KWG#$RD{hpVLpwTF%H2^V>AzdUw9glCkki;*PB-Vbw1!K1_r-Eb$Bxj zm*p;J)jgJ4pJkEtTR#D&1SZZy1LO82iFTYlfbXJpm+0Zev~o{Te&4I!==J-892n_U$pMKC1*f`!VyciBJ>G#spVC#t*?l- zD6@yO*6G7luTAO*NE!=)Y!67gDm=gbQB0Qy8fpEx15xPD9XKfi)jO0gTbk-6g_u^{-}j11eZHcBNJ6Z5gh=Mb#Ix!l&V<5vfl zgF7`wAI#82i)Pn~y*EY2RX=g#MEQc#9G-g`k+G2fO16CQ`H>$5NZ=o-T8B;qN+fpi ziAf{!=KD*q-h?F$kd2!R^zWj~z+>l;%{WFTYJb1xCE#`ju8L(|?Z$a7cZEBTr z)^XN|4mPHvO=M&am!(40^e}BMas=F@)nYzHB;=k=wcwWWme`8t&>-~`KPlnpGMgv` zn+qEGX;=h-$<}^=n{Qf+>8ZiInaISA!a* z`yb%^!9t53d*2%qbLSCXaM%|!t_PQ21m&{O8-u$t zH*P5LALOYmC}-?=lpr}RecVuxY&vEtnDnKjCU01>&{dFJY?Wyb@9h(=E;7~O@=-eFKxav{4)`DW#|!S!&IEDxc}__gmIt?`*$-+rKTi{1MttR zQ&Pl%c_QA%o9hzWc#tbZ0~l|lFrCB;O=x99Z$U{cEw4`>u0L8mDwPgayeVVhe@M6J z1rd;~(FD|ZL*6%foP?~TzImIkXdO)%ui!ylF&9ln(qS-5?6#{*$Zb~o zmwxK?Ggb+hGiLD-bijGCkCsmAClp)p+hpINw>8FM#YRcBd~L)lM)rvi96S4rObm!5 zb%lOk2g33`5jMBdr2V|_>mYoqFoO-IGSrD)L1&*1MJa34B#hV28dp5uSMyN4&4RpTHV-nh9d-mj!3Z?gp^I zOaC6B*B{CZuaB)S?>O82Ei=3b97f}@`w*j0jrX3CII1a?N7{>};9zv{`9DQQE0nnS zkBt&D@`I#c;P;F}u_*kz7@K^kh>=(xmp17Uq$m=YBaflv14QpdBo{Nz%vK4a9OZm= zM!8;Z(L~cIKok!>I&20wGl-9UiHO*L67qvy)CGpWK=mKzZc7{A_}950!a$+~oot z0XQ-g{brp1!dCDzB@vCoBOl!t1htrQ*9@T_slbXEq>-!)fi7_rZ|vxrSTGKcbVC;$ z{#?^HtH|2{#tknDtc0$nC26;b%sIkCp)zx~igv7t6F^i;J**3Dl9_V3N=%q`IObX6 z6)7=wf6;PEfYm_hzxq7%e8L`{?9Z_}4||nPay@)Op~_^SPd3fpy}A0JJIkF|Jim~|~x{8ir=*G8rw+OqLiG<&h)?Q*I(-am`~ zq5J%=?&N3j9A#HO@{Wb3*$4{cS{pV|wG^Ql#%A5IgPR(w~^+RUx1wj4qn9{_I{JFX2?5WPvU|h?4 z;jH;DEE|fvub*Ly`a7z7NL)&4*D9nv>0MKtk}BtxM{7e2fB)1EOTIvKm&f0v?36rJ zV5LJdJ@warKI*AMBB@b6XYJ|0Il7yQafZoAqkosd#JJ^=XuCL!KHPOPgCSCdrO3W^89b+-13DlTU13zBSf_U3wE`};}-`t+OU>B3y@%7hZ)f6tfG z%U!J>M8@jkjf-K~4t_xHZtr@)sA5N~RK;UC>?rdt$h%%F*|pr37*2@EFk8?mtt-$| zL^i3Sx&N^srBEb`ZC5PsCRIX2ECu_eFAyIVa#qf}G)){oHXG1B|8=Q|)%Wi;NhBnm zBU&=|uFT`d7r(RLE!0AuT^)nbrq+dLHb`zgJG&1?@O(^!lP>&!1miTE&Pc-`M9`=90X+mVHC@r4Y3Z)oAM`RSy$U&>8B z(x81a-PdRNh5u8Lv_Ui8O%fN1p><+0kThYda)(X}u+USn)@lDll z{3YE~y-TlpeAbwoJ8t{Vq`o0o=`+o(GL>!r{HQK}oeADmYtCu@B<)qdz})s>GCDgA z$mVe*K2!PeU-9z`m(Q`lTrVlR4fOL9q<5Ry+g^94Mo6G@t5?5@&`pRtyREio=xqz? zecixUJp_1ph11uw*#!mcAbz-J1brG25O=@`&J(pvid}+uoq#H%=4=r84kf7fjNPLW zAt0s;MfY^nLU}Dn10_Dy*IMYz(a!a-3FgN{W&H6BtyuQ)K*<0JY%QqG zPfEj);3Y_f^x3VKI-k}{1R*KV^n9+}Wga|!G!QM1ACyEfL56o-tS@5Vpm$;-I{5GL#ryVfG!$qfGZDIo|5ilW zSv0An@61XiQGgC10W(xI*DL%s8pQQUTA6I^bpYxaR#e2#zYsMI>lhVWJEYXlTzC6P?sp$FCp~^njYN1Ee ze-zQIS=l8b#?<#IR^v-(G7w?<7cN-BFA<59l}tH`C{8m)rX7B;2q|G&;x0o8Qt&NMj^X+CjS}lD=^e`zdr)$bg(*KLCbBxg>YS(q!w)wVg8`HKiZQJIw zZQHhO+qR}{P2=>p&)&&N_W8GJ{i;+_m8|Qz@2iX;yHw4w6lp$yi7dCX_LMa&b$=F7 z2b3(LpT1T^mZl@VI89p1IcAFfWHv8@ZFdy?b$?Aw{GYJ`=`lvNjhEejI~yJM%=X}J za&}Vy6CkJieBud&bhI!sth9=?_e2wlu=LQ$)z(eDBAW^KWRzEZ(v2xo&_OOAXNey`QO?g+2dyv{M6U!^O?%m(b{lkqt5h)EBBH@D7W-0S z_*Sd%QLvRwb!}}0GZrfeHH)a4o2YHiL+6X`C}0yJ=aF2FF|sv|59&sX&FF z7DP+&`PCC*4Tdf|2fwA@i`F#dZ5CWxF>g*2(^~B9SreY=t3Fk!!lvmE2K#a zWdbaTEa?xql&?UM_;m&8uYGwcnm3?x0n)lQ+cm=?vUJl0VXGKCoD1Qm=m%FHB2+*V zk*V)`Ji%o%yHMg-y0fzv%*poWnOM%yVZb@9yS%U=7JZU!xJcW< z7F3VaY_7TBc3z)fbrjzlAiHi)q;{I=?=7RyvPWO@p@Q0dYEIF9IJpLG`B@e2U4Y@c#FZ`gHAVnY^O;%nH;43GC zew4mrN@yf325eWMECBwbv7?XpWJ^S9f`w|T_*YTJb=)WS>*@Ur#^5EOD5Gg5&u>Ph zk`9QdmKr81N?8%6-HqW$LXAZoogs6z3ju3$90KnoS*!{HKT`!IG}TVV}CyDY5(p2NMX zgKmAQep?I>8DxT1@_J6uFj{r$LMAhSHAHcHY)d3?q^!K+7Q;6;;Zt&%I zbGda{w9m%#wIonguMN>Al+yCYX%bjgxU)gLY(TsaYXW87WtL&nGs$J1awyRH+7YNB zvZuVYNSE;%nXxEmt~9~H)B4CwZa3R%(DCbR)iIN@rZ$HWeTGFsEok6=4DUZy6Id2G zR&^f>W%Qbwvnl!g(_McHUf5*gu`l=a8Xz zA8Fu)x-{2>q%;!Kx%h3{1Y&UIAoa>5vtZ!)fs-+$Glu65!^4R5{x!<$v@jN;O{waA zsgP}1e^G@p;hC;z($LY`9MGn2UpAU7o9S#jZx>H9LbJBUbz4uYC_CMcn5KwBg2VP8 z31b;uE)@l}dxuVWzp+_hui+A^Ou9l2mq_3)aJ=Xx>`QkK6SrOD>&6&_Vq`*P~>DEZH2{ud1XY}?+0 zHyY(wR6DmJ*7ZCSTSU+7ub6_e6qdQddodi1+voY*V-z}BahK*^plP7!&t~_uB=f*U zgIASP)I12!V8<_t&2?%-BNQZ2kyX${gU7K5JBEfJJo@54CnFzOl#0KcbfjRf zy5G2z3PZHonH8Nm&QC=%J(ebmMJt@keRGzyc*Ap8bSr3zq@fGi0|ca{ROXe{Da6m^ zzOv2~6%%!(!Y`{ox#shFY&(oTZ!A(pRTvHQDgyY^z^JR}i{RO|~ym0t(z*$Lv zUku9LDC5eiCKdJ^01i=2N#U(e`1K?%gb;QPSlv(JjxN-Ss;^O`CVOY9HO0Be1RmP| zyjlWw-iG!X@6MFQH9mFcks9LSTnNbEsc7OGMwCnP&56ZMJziLgswFl;aw0k7Dg;__ zMykZesO6hOQi7YRUe~P3G$e-K?S?|~g2A%)P1-}ysy}Fle?n|qzt9QR-XRwukPKmJ zmutQ_H}dwAZ%IAFL)M_j<=UCexovyI{wx&4ZJAka{ z%AyXM{W5_ueU2hz=;dIB0=E$zUz?Mhu}ROUet9*)K3UY!-U8*_U#v2(Fg_i`K}YvR(c}ytgHaEq{jgC!VY7`gWznPodmedB`11<`z{*><6M5t?@#f zk4U0GW{Gb>W$1}Wal`>c>;pYF3j3xS*^ewQ!2ZKS$yWo>AW`(Q%2su789I7fTY>6$ z+^}KrUruY#Zf1uaU`1Xo;kMngL$Xdt%#L%VLBS}d*r=m7a6|bx$Uj~N6YDFKRz7$) z2PDNw;(gmzueMb_PA;x>0WOQ&-?}ZDt5`w( zv$0-Z9%iSXp_`GZJUnNvG9ttOoNy8pIukvh$F0iQ!g-J6@ge6aMfYYj`u&)1_`_Rf zW@}n`ym?VqTz^L6sKB5`nBLgkF!)O~Bpg^Hzdm*}VbK1bW@lF;UiM-gM7(bD@Pu(`p`IcK5Ky?Vce0b>{6`Fs z=jW92Ekn>cU~>dc3E~^%r>tIeVt0i68B;2^H2&p3^oCCoCA>nMfn*h>izBCRYq*9iW1G!&9mA4T2E+yGbl3vxJ+lj z25X8H(0kAWwDt$r6q;{h}cb&s!5adw5(N|)aXPXnX{XzA_bIYnSr9tO`Y4vr7&M%+abGes> zllLV=LnOR{J4k${*Eae5HI(`XsG}C+|`2*fmpgMV-hF5yZYXRY%oab7(`ny!K8G{+(rP9NGiZihvQvK&|=td~6cIItiSQu&$PPQ%oot^K9c7KsW-E+B>i zcw~&GN~ZEA?b`po_i+M!0hr6&W^LFs*c)O=&c)jF_wd%B{BrMLhY1G_-J6Mt!3ebD z?_h_{gX*NbylhI)($wnf=%qj`-*xAK#5Yd^gCa#bIaiXa$@rwM7eEsf^AIDMEfSk=uIqhb#pnAsW!M+B#Yj|4Xp3XAvb7 z1%MtIr8>{~c_^brOyU%ZcLiyuh^!~WK#fauH#$k{T#9EkK^Y3)GTVCvgWQ=tv4=5s zPQm?^Fy2=)+#2$h?LmqhE(87>&&gF}DCw-9+abWB1VbEvckUZPvselfK+u;bx4{mt zVHMlS-cAv7dh^9rymHDo0Gws*9lf#kLIWOKwtn)=JUq%DhPWxNQ6nW$2i!B466tpGQq@n$8VimFD1H^`PNc3Y>3=C`91VsqzDTGdxP|6d5eweU3+{IRtGs$#QL zhhQy@LLp-v<h3ak}?=yfDDYi|=(6tWk3q_FcicX!n~_d+|P?s_>g|2cKq*(z8O4U{Oz+=YJkj zqYyv-L@5Dkno~|6Ox;`!9dG~O(uaP8)HMzo14tnloGorHiBgfYC2W0Ddwo-b+>LPP zYi2T!en#W22Lp~i8;>Y#;(08DFn2RD(Gu&d zQT)dpqtcqo{S3|Yxn5YQvETk$AGcK0Jg5CYk4O148(D@n^#dQ$4eSOy|L!&Q3#HND ze(h!OKX=9DA>J^ctdEJYD%0@0Q$kOL@d~I_-|A`JiOy50L8kOIQfePJeTCf|=DNAk z@9O%r_3-)l!B*a7zzN}wWF~FMh}2DBm=$F8Bwf^{!^A$BlTkZ1k=eSXo>o8VHYW4B zYmEmqM)z5ZW&Z+P79(iJtn3+4)<~nGMDx*C-Lc-24-hlu|6}CaPs70{GE={n^2N)F zOhz6l%*JO;6OTVF0Cwnt?4h|XkpI3&q;#i&q4wOGZDWBJ6P+0|s+!zfn?Z*OCg`Ap zTs0l`*uLW7;7T!Y=3hkUzp^tsHRTQ~2QC;R3Uzbci8zb%mcE%(=WQA-2`b}x41^Zo z|4qUq6vSh0_KP{k{iGH7Lu7%ab`z`u-Vk|N=+tb)o2%S3y^(CRmqKn6I`!|mt z2hG%#vyK#Z-Evxo{W+sVlfN-U=vzvx7(4u zr7kHQZn5gs_ULogJ7wIe{uYz2Za&9dh@G(z^J7kkNZ~z8nfMZiaT52g3n+{lFrba# zds9gujisLH2Jy4-AOD1oDFQUXuiDVnqfMe#1MWtA;g)~#BB?eR$-Rlu8Z9LnU+}MB zHEm5V+?L^bji4J~7rHIaKeP$@Ad_2!jN9k=6>}B)fTS?7A(o`%btD1_d;%s!qPaF4 zD6_ykV^QjITpP&jKTW1Kr z5WVAS2AsBxV+s(#-K+>{W8Qakhd$3CeD_|pJuz5be7@du=n3$2{>!K#SWljPAuHqT z;U0w+>x0;YhyvRPlD;c%Ln~}E?)-dE%^KB5g~zi-b@%G;@4*&`W|-v=YK0pfLIIrX zM};VldWibT){BHD0kuh-Fe1x?Lr?>W4TAkLcj8dl+1tNXe-dE0vg>T%_9_hO)KmV3 zr~Q&02UX;98CreatqPYVIuL>sY61Dm0^3^e`xp3A-q#=4T5lJ1NAr)*Bt;-Wk$F8F zxz~v?gkAp)(tOa@Nui@^Pl-+%;TmTYp(1-QBln?QwMq@ej(+O7*T)>9abUOZ9?dC5 zET~<&defqq#cbk14Nx_KjJSK=tB3#21Qn&y;!$Q!gLW;&Y6~OoYv}8(eh{T`k!O0( z4p9!N&fHiMG0Tx{v6@4;WxmnyldxFDHSN?*Kxu*%PDKX5mtbf~B>{1NOT#EKRx+Yh z5&9GO=k401jXOhZIe*l$uU0pOvO*QM32ypDjpY186d;;1o?tw|V;L_eg(WeNL`%Ud zLF9cQ&>02dmy2+p9Y~|;GnzrJqy-YF?X?I}?U#`n$R}Ee z3W`B<3o_b+)ccEZD_wkqa8F^u7Y1DlPZ5>kK=8i?Y5G{N%=k*BVtMp%riWAk2}D2< z5~cN&iS#M?BDtlWeUugZmxyLTu=WA}IULdpYWQn15JtoS5~w{UrKQ4FbC;pNN0RS; zwbh;~gAVSpJq=|5i8d7rmGn6zz9ie+x`upxNoh`(kCbw_Zmbo$r6E35H(Zr|Bs~Ns z6$-7qAD4*CS@Dc6%~s2CS9nV%fR|39MvJFMy{2R+Yj634#Xx3B#vu5o&kJb4eatD} zY^rG&xx{u%x)NY^>4yoQgrG{-xIo83Oq~k`r^c#Z9>N}@0-Pnau`jG| z+8X4l38OLP5DGT79=R!Vh)+g|MepdICn)-zo!@TX zLun-^*deG*rDq*(zo-(3+a!BaK3yY87td!WLpccjN_&ZjEaBT^vLDwZB0&!&VApG1 zr5x>2Q7^}~Qa-}HtWk<{p<}O{JH1z$oh0Agj99g^|QOX&&)$Y|8&`DzE?5M0i;_xjuP*ZlPcH)+F$# zdu^L1lSh&75zSk<+gcm4vLkz5sh+NQ+_5GGrEAePZ}i71FBf7N@%YmSh3oF7%wb1R z$1PQ&R!(fglS?)0ldeUe+y5`fYw2348ybP-X;{)GOcg!$Xv8TEHlP2h6Qw7Ms_m)x zsNf_FHDZLp2Fu9z&{BN5FfvU%JCdQ85Gh^%{78Jzx0*N3{v6b{#Trnb{rW$t@Fjcr zcWUJ0{`DGrq;}C!01|FaM{a)H($PEx%eIgK!u2CW9sxx0RGX#q1sjc)w8D-|>l zQkODTKHC4Ac`k^K;DXYqaAW1s9o_wTi5lO%#o6`4dFI_EcuSs|0cIyL(<%Sd{prCg zd-m#oY7*4$>ivP?Wbag{#P%XM#OtEXEY_1G=O~%9zUQoZ0>BXN{w-W zIeD7dPSM2zW*ZfTmfqbp=_?KnpGc2Oo@oV!^Sak#P0oC|?THQ);|!;@4gbsfh9*oL zaHHLk0>TC4UUtRDm;f|!oM;UQ@Bq3Qw#}eDP$5@?Lg~UJ0fF7q8o>U)g!lI74-^d= zulN=+=PUdk;q48pP6IF2VW~Ikh?IdamV`o-0Vaq*!}n^;AC{JS`AudSQ3$K{eueM2 zjgZ>=Qp4dsFcL(q`vsQ^;ItsGj5|pP5=NJ=?8`Xh{U|ji-MZXvQV(`!H%&DCkN-=cW1OZFS*eNiU5uMZBG6ci#6;r#WhxJMSA= z93m}ppG7pRO?~SOrV|g-PW_3IEOo0n3KlgopE8ci7#!f~qQ1}NXn;=I^k^lgYv?<) zyJj=RtO6y0FX!y`Up4YizrDzlQDx65Ose=_KH$bTt>o)Gdn7*Lrk|$IyC2aP(;E4H zg=TPVtg>==ty`|n^!K#1uU^bFO@LeaI91MaZ^E=zHP2@McDrue>d29|eOxcE=S1NR z^+?^_Tw!Z{n_{8sSgCfnzVCRTYX_<^vAyqbs`6#idD%L2G5dWu)ArmxJdL?%$u$&h zpSxhZ3eF{#D;9GrU?wa?7esrJ{ooZGr1^rkVuRorZGq^b;hR9*y02tyFRN5}6g%nk=Noh>$vo^ERdLT0SMw6Q`&;9oLWsN6gx?H%?4^y%8_S#s z&H*;McaBX6ILGX<{EEL_n3?vYPs?A7ZBnbLRrh+-aqBV>(lZX(aQHI^n3rx_&mvsb zE)@UMRP(UxxDR8Z>yV6a{?#65cO)h-(CKWgQ~UI!8o1h(b{J|Ap3@%j)+1P=Qx2kc zVpz^+AZphlw50KkB(Qy<1XN|rV^)HiGZ7Ng1EgLp2Jy*T5B zvbPis?KS#$ThuWt8mT4cLg{)uEGDdXfvT1bF2e8`LgTtgklYH`!a{jdT)j+nHiX<% zux8bV_!1*t^1swPXN%Ee4OU(&Xn~J+(}W&zugv!IL1cGW?u(S0{c!yTtxgDsT$nQ; zAmlm)#zTX=Vp&jER8F!b%6Mu-S5r0@EdPqld1td~8EkDe&x;!Y539C(HS+*8X$K%? z$G*}a@PuIk)X`WU0}{jNb2EOD@3Hl`G;)2P6dr#Xky)tHsJm_KS|` zLJ1L$&4lVG$tjl1Im&`$_c@L@!TRTaU#9?a=1A@w_W&6Y6iYV@24W9VvBNQuuO$bh zXrcx3$SRE!^?0{RLG4qs)lCwZ_n>C{xVYdX2jWOnSVV;W@b<%ys&U~^VRL;F=2DXZ zKxo{*xji(I1iO8HzC5<%AEsAOw zT`xTtp3plM?EauAIL;RkBMLQz@Saq3W!xT`73uL!CU`g6rK{O7cjTeUQy$Li3b(Q zT?4&9_=(gAUE#2`I)0|)&g@7rk~JYc+p1KIV7$0`2oisFT4*XomOUvm%5)eDiX(F! z{}OMI1DX@r%Qc+jfwUb8$zm`C%S<1FuAz;{Q=uy+{MQlytO(4G9mACrhVr9QG0nm9%FVTj zmQ@>7Hl9!HHiJg}JAml-uPHphA1vW}(69(JAH(!PbqURWQHi3)`jUl^|7L$W|6zYy zg+7M!#6=?eH?Bu>#M)yBp3)S&(aJYKIz@#JX~}}Lxm=edNYp&5L-!!s7Je*A*oCh~ zz-MJK>c@y3Layu`YrZ*aY@}w#C0;n8KVR!5Uhm8yNIuHP)Hmrt$S)yrWTaKa$p??dxI?+PKZHZPooNYnA;^C)4ck+R zX%gb*J`j9A5yVKY&{yHe(yw^ju1Pr0kYcE6ybbZ)Mb@H!qJqkE;{KKuBowM#R6!Y$ zRIR+BX!wW;E=}W8%c#PZL-SBDP&En7@|sm>Dd*(3cug)I@3z{GXouu&dR&3o2gew~ zZOH%*Y1@L9Y~AqJgY+yJXmEqR{4!vV6=Tde6p6ZdvI_-Dpf`6?c`nFraJx#3+~1M- z3?Hgs5$LN0{H|YQHF*ik3Pi4j6Ev$x^b@^=X6Vgz%t;Vj-7qKtkTWp(u7~|k zF_MdfEvorHGMuA}9d8}1&fy@6rv3c}XPQaXrdoQW3k_G7Iz655_C8+kUl?Uy8E~5C zIx9s>C^!k5&76%#k8wJylPacFzi1SR3+WtaI(hAiZ^EjNgchU_;%vZ9(9d~E4D6i7 zyldTZ_7PPw0XSYdV+R&TvO&NKvYDwF8oXBNXfZbp))UO>LlLLcBA^HEh|JZ;rQc7I zXkF;wPT_~IKqRsCBz8ufyq!9k=%+5N9)WED;<(u+CVQUEb;U)u0CT1>)iK=(F}~e` zfA?(gSM^lI3rXFgvN$>9@bZZvrILe-Mf(;Dx2zWK8LYhjzwH$cctla)6Hn4U8~84U zv3^hx@{#Op>7ZZ0Sefm|0wn!lK+x>w!kjR)qCid%Y{Y=VlZrr*axBFrAH2arO9&GJ zd)wcq5wP%OJTb{r0a|d_L#k5s8-ayjAWbfwpSHN$Fm!JqDxwwV@M!B-{YJQ79FUAk zO?D7`*ctk%CLAYY<+O~p(vp9C{u?hy{tsTDnS;2cywMP_)UvTlyRwxtF;O?Yn(_Av zW=AIT7YCxLtJ=|@(Jzw|AVL}^{PZ1^NnqJ?KlE#E59#1562ck=-{7B&|N0MI0F2ko z;IWLABbCBorf?ew8N7En-SoTgT3^gXG7dVjZTY$}5Wws~&c$&T{h{v>1%_~P(2pig zZ64wh8guxC4?UPJLkdDIKDQqLj2s3|I~TvP&#`1M@*C?I?D0Y$N*Vo$(0ibYk=@En zpcpoamym0Yn31E;IxQ#t7C3M`oEwaGUjI?5q0dQ6K^mAaT#(z`9~8nWyca5QWin`A ze-{$0b*byVVnjvukbp++=UpUYF%Z^uV-a2h7P}<{Ip(QHc2T~fa}DC*fjO6?bUt=x z2hK<*oD9RxNJEeJ4o~YlV>F<|V`T;rTh1{oFL@&OMe8}LFx(1IybV5-2G^FVf|jc$ zI4lM$KLAJUA`TT zC-MiCo!7o#G{zZWyGyp9Av?DTizz7SszP9&+DJ z%j7nXbQaHkWqkF!g)A{nLr@%xQe<=iMkttjjeurs+T{ueHa@K=u0Qdq-SNwDsWSDmYid^D5!UJ;pG^RuB zX`}nRlWRDyWDt8UN>}oHr? zM}o|L5lb5JI5bK|VwP1B(dgy%By9g{)551(f-o&`+~E-i zI0Tsh>3{^plGm^m4B%~c3c=E-xE#lm@iDI)Z^Dut-bM?3jz=XfcJSN697a72RBM_i zYr>lv5;79)+g+{?5xrz>bBleIkEb)@p}ewO!Av&aa)PS+o_2;OGcx%+)MVR#U^% zXVdiPK5@sA8BErSlAYMh5D3~IUVRs@Fhnv=!7tU7&&_v*Yj&MS- z`+LItAfM3*V8S4q0&*E6skVeck%Lpc=HX4w#)q7-Q7I9;tfI8hqCxGr4Kad?GNM$- z4DkSYusKg$DjUrQl%4uO2L>j{qC43AuR8ZgBZH=>^0C>W_$02(qwefjAvomm3fi=4 zKNfq+qQM>yI8tWh>N+T@{}KkuAB{mct&jZyn$MO2q$X*rQp>C;9T)NT@`KhxogOd&bi zgtQL_)SG2wSLr(VHvHDHu~>{KoSR{#)9gHHI%Q8UjMr}Z9~vbj^30!dM02>{FT`DRnEK@Ju4DEh+aKBx*nP-M{^y&{0!p1 ztP%#>DJW%$(UaBgl$4~JV|?ea2P?;ok{j3Cqb}=#kerLg?x~g~jDDz7luLO0tZRv>(M{?N(8J9}w<1<`H%PCEm>!B|u{j$vW~j2RJ_egUE|^gU2sghW@Z%aJ z$m^c9_g~S;0>rHzG@l@LEN@;!vGFcNyKd^q)CHhj6WH`KU}D24q>~()trY#slS10Y zlrAZ8vymkg12iPw_zDIQ=jV^82&~31HdV5E6>1FIj;53DJmZ3k(2?)ESmPY%zry}< zuv#)dw#j`p9r0L%4j?F}`$!lPP|plLS&uk850}92dm{GgF44=& zJa*J&UTQSfQHAveOk@YO4#K*zovCl2=h@x^C#;B1Sj`-k?7F(J+dOwP990m5KH^uS zU)&nmU$K_EY5$ zzL*v$=&<6Do6nFhtOvly5^LBHNo_5IvCj!1uxA2?OB!7>xGl37Jaqaz^Vf;;FzmxW zzNiOTiL5;Q%SG7LXTEdsViu|o+cw=H5#aA$={g1#{rzYsS7j+{^D+lW5ytg06 zwJKec7ulxikT|rO+Z`nCW@7B8eyXLz+^;fe3m1=9!%tVT#}4%sMBo~_wn{dUGBpcw zGuMBnROG;7h;62r%DPNXveqfS-`@`&FIOY6O9{1gH@#0CY5lWUFB$P`h{!{#diakx zd%eBhCWrquMy{X58+$~ok*o+Z>6+DvqN0VVqzQ*?ggI3m7f<{gMg2e7CI;3T*=hNo>d}^|*8@)DkP^NBu0vgEaNosY9W>3=%%JNlGRBzgBA3vlL+V z8MgCZVuFYX;*T9oKAxWom|lDk=Z$ej_9sR4NipiExiU03iNpBE2Z91B21-OyWW|dp zVLkSKbQL+Q!&`KQY4A)g+-w?uLeREkD<~6^Etg!%q^05^1&%!Zuhs7%`E< zQq)*xFK1$!>PmE^?Hk7`dt8Mz#+zi(uCtj>RjDfo%`4JF^k37KeI}Rj!IKV)$})e- zaXS)P)0xs{j%%wN5*M*AD&B+atN&VRL1uj`XiO(wxAD$rg~w=iJo@~tQ)eT?Er<^e z0!WqAnCG;BgcRCe2tqz|{EhzD0w#Xd=ksl+_iFeUSfrB-`gp*yWPJKnEM{OB{$~ne z*KFuWKZdWpv?G%~xtZ<`-2Bm0$!+PDdR)dwj2wcz>Xshzy6xcpCwbJKkt=Jqk@Kxt zQ%WN=i>8wbL`3J-x8@eI0J(>gT)?f}xm~kjpV9fMqEl8KF{r)1q^K{NGOM@Vf`AM6 zHs%3jQRc{8>f>-6Oqqhi^4W?yOJ@Ejm4`SR*$@wK01|yW01j9C7I_-w5W|V%P9<^- zC&mK?sH#>&aH;#ns8R^=WZf5)I%*}G_Z4;_tujL+tckF6*3t$(oNkU0sdxs%OOvM* zFkYEA*58XT;&&ZEe=A_x@9DodmC^lnEh`?S zRm}7tU`l2Qca7=crbq!rss^!24KqTaNZ4bj_*&O)R7UN^n*FQIoPj}7e&~Wgs!)lY zO{>)yOLRB%JJdn2?|V6hG$@PEiV0qTv%H ze^eer!bO!v1co+Pjy{<1am)LkoPg=oJ=d(L!dh-JflSigK1jP9;;>tPSAmglb?m7B zlIo^3ga_l0Yh@x=Kb6xc9#0Cm5Cftx_x9?0&l633yJL_LTvXOk-E;LQah;Gou@rD_7v4! zF!#qJ)!0CP@U3PELhmiLPDY756a_lbWev+|KJjWKAuDC)DK}JzW%f+ znlp)iGlcDISu3AV|F)hTV+dzCn2?^BA&hmU$ zky?2MI16&`6=S;NdbHn29^K6{w7K$C*I0Zu&sw}>(EpCo6)Qd!N%gyBP#2b+7LZ7G zVMk8|$YoAdCODZaC?2bJCD2X>=|#yNMt8@yyna~T{fvGvCG=uH9#2oXIqKUjrerhN z#n!XXO!Ecp1K1bCS$-2oJD}*wf2`l4_{`bZqv8^lj|;KxD83AB%zn_mATO25089vP zBg1}-US}{G4l?7V8d-|>R42V-l;;t8=9W@l>6xx2-t>#>#{vXqFkQl2x~=N{!bb@m zzby7>D48n}QIn{vReG9)G@EJvF**W!#2v?OI3BGE%DLO7JaIM47{o+Q$wkJ$H#Z{d z-aW0?A^+S+T|C+-`(47;C`?E}DtL`!agtx@LD9uTUkD%^cEUDR#S)J)UfH5pY$trm z-2ym35{SRhF< zP@f%UtQScI=wSw)DR#^(7>ol2tNlnFuOMC~;#<2xAprkdT=Wlj3T=io@iuQMi%_@W z0!!ahai8{Z*X%)EflollgnLxiF&=-#Gt4ilW$}GKs1ATVB~+qcm^SQfmlMKi_N%R@ zI<^77$22lVFNVH$O$c)Ep{g7>R>~ENPlj|H^Y1qodxsaAJk1iCS<0Pk5k9g&4x2evVe;wO4Sd$a-Yl_vE0zj>=p2$PX$;9rgW!WU7g_THds_^ zJGu@|Usi1qG}vIbQ=Nyw?5gw=PI|y4Z+DXC=KuN3;1@x^uBew7+e&#r+In~Lf)NAT z8qg2^F#70oLg(A&5R|qsywsu(P)(3!LWOc)z`P*g*QHiKU^yx~-dAx{R3tKldBSH1 z0D%S6PG_`;4$5{v(LwvrwVPDR)KD)5A8Qog>&Yk@P<5_LE4j+p+8+!v=PIR3e;07g zu=eQk8HW>SPhz{uP`g(2Q74IdAJ_e4396FBpciU#MxYN~H0??66(W6!Af@-9YCPqQ z;>kKxC-!h`vKsVua|mi4eS$_=d-v~=8$E<~nQ%mJWFD6ekte^1m_m)YqCwCxYVS^h zL3)=$Lcj5KD)9X_+rPfP_uBSXOtCh7d5#S}O{(UKuPUf#0JS4ExFYjh=OoECt!2xo@eW)@ul~LR!yIn5ctm0gf{HBsGlCq!C7d&gWQqz2Dotp` z{Hh`$_V0-W3Op*uwgoSN2IGPI`15=xs_18CUhEcYDfsiJAfUn6r)b}_*p%WwCBdT3*S4k zj`ADh2qpKZ@#lHMfx7_)azeqBc0Ro7wwT+1ui;WOc~KgISRL@3bd7NK>&OUnO>DAQ zyt70|@Z+J*9PdCUp~2TRZA6IDhJ81YFHi(ZeosU=k{|{vwCXg2ly_SY8Lo8z8;l_u zQi+DGCiT^8Cw;<|y-b{ff<%i2jpH?8Ip8a0NLPp**zEZ}l)gsqEgY;OV?Mpfn9rKT zZ|YLkg++=Z+7MVaUK=*kAf9d^I^II5AB=OEJMF{bWMH(rc1$Y|p*z+->}a2CdSokC zZt*N9R1ozf6cC8$*hE~H-$1<3N$R)&eT9HWKSoR>^~$1}EkLvT^2@XE`Fr=nkUbGW zlid?J0nUbE!!YfAl;;?y^KPu~C<86=mC!w#o*Glt*V$vZ(G1NammY@1YzGqc#(-9V zI1)LbZJMfypNmv7$E;cwDO!u=YjRGhs~vlS3vA!W1FWf)IEKCP8YGc6(WZ#Q7aDY0 zm#KoUewms|YAZ7JpnI^hvfZ**P02+-mp>KwcBIHk=g}y^a8&1|gDL9ZaGMxBp*GQC zc~+v0B~Cl_wHlfLwJi9vyfe-2QKNPJvJ(n$-4f{K^l@`vZrhPz8MFODF2wd~?O;Ad z&OSKX=LE9oa9}pR&<__O856&}_uU}-Yr;ropcxn+%(XULSr9!W`n>$Of&w96@>e#M zm?T!&F$pCL5lNw-ahLUvYU3sC&^(>IVgtwqAY)i1H%u;5uSR)SR%0u$MxG5W#Dz#( zB$O`tb3uBK;#}Jw^Lp?|3m?b~-|RJa(wjXzyO<`o-}x_DTF8 z6iWT7LmcHJn0|fV|BOg3?~dIlZZkOAWW@i@ZF6vt-?&5D-3Y?W41n|puZK6tK zxIq72nI~(twaAh<1HaqS3A^)+I|RP=EnJY8yn271zQBkI1dlw0*~FO2IR+m{uJvJ@ zA973ctowya0q7`1;7YZCQZH$do|mbk2dc&ZUxej~C_zS?LL0z9ZooldgA2k{DC<24 zW9<%NU_zB_C1t#PFuEMN$Y)Y1MACvTweWsV;*z8R9R5YCGiYddmRDn-U!kZl3Sr|>vDiw= zkp<5iLjD>9HHo1PUxf~p7ehDMB~JrR52xe>1zNN+Gx)6lEn_D_FV>G+psKCEOeiH9 z`tg}Jm-&1PKYtDzcnGje?!%o2@3`wT4=r_vG>cKgRKx+V8PFBd1Ts}WfDiAZ`qNyf zlmxrVD<)N*R#98T0Ww5(?j+IE>_#|uqX>$UjKFE4!$eqU@`Q|x_ z>}o4LxAc@g1Fhe{lBXRFtb1&|%33(ttjt;hE6EB(`WnC*m}<{Bq}1i|$BVHQmIN3Y zQ>2Pl!>GgAK;4?cYFkl?|3(5(JzSv?8L0chx9(bw3JMncwfp@+7}V``Ywhnv&<+jE zwlqHv`}i`+Q9J9vD@2g3v`_!ht1uwJq_r_~ioYn*Dm*of%$SNR#rr}*yyYX;Z#KiU zns;(Ii{%z5UQE5#)c8jtL&DzgeTQ1Um0s%K`3$6Uaz3I) zD;Thv(LU93iD5LIB(R&OfRXB7OH^5W`7v1WSft38`Cb*Z_vJYdjb7;+ul}kaCUNSe zPM%g5)BG<@>U=xWxU@Y7Y+g0AWk{0|7r*WGheC;V%wN1)bC@?RGBv-h-+D$)dDM?v z4OJl^k*f&MfjhbZH_gjsl$GAdP?n;Av=N5$qU}6Uf87#03rNpIEtHU!Z#rKf_(0m* z)fuF0Zaq&F&AqDlDMY_@m$~L!j2~C~U4Xs7fIa*(3`M<) zgczen@F`X(%@kFw+eE}5$^wnG!Q_0y5wnr`=864m3H{0-c2GvO_byNPD0pfC{Q+Do ztA>fQNC7E66BCDTYVIEunA?Eug@%ZoAxo0MT!rpNBcQ5T$AgF!xO+q>CT2Kwg`eyppUg@4`_XsKn6k3!bz^*dGqJL zxk9>Zzrh#rSo9q;an|kT#J%l0_1)t25s2zjItN`4Ch1& zr-!v13a{%6dL&}n+wub=JfKQ_%w0??z41zQk9V>W=7FSmjBEntMO>%$6S$Xv@pI+a zV`VbY>=@;>iyC%`cgOfgZYx4Fpfy7wN(kr*Wsht^|AzWRXcGd@4nW#On(+tMMoR=x zT9ZN)niBrogZ3$GtP}#QBhKGnDOGHu4WV4exWtq8;c0%-zueE1!_y>mS{7C-0ehrY z3_~o;^%{x`P%%UN-d{A^&_rh3nQJ)G#?CD=nH8C;v}X`U zS`)@x%!CXz(+VSq&_r}###(SLNk66Uqn3vXDM7LPtxUu4@RO&)Sir*mi{E~!t@(*y zXcY@7`7u&YZ2H(RnTNjt6oDi1oiGZL+M=aT8zD~6>BzXif1Ef>;`16PT(SH{dZM^=ARIY35l zNfuX&Bu%x(>fAZYrr+{m)(fRiHJ^n#+|o_cg2pjr?3Nenx42gvDX5KH=rM&XeVX9P z0pBG@6@_{g^9Z@bQxd=L=t176bk3S<77ZARVfbO}1_oD2D<6a)mf-vOb)#QfY=PY| z&!R~UBgZJ^aF(rkGmm}++Xc31CKrIP{I4xU}&o21+{io>STHHR6^VsoVG04)whto@I* zA{`r%22G?Dy1+S71*)i0%rpxDwJBMuGfBi@y_2dUvQ~6xzG6kPnfG6WbY+XHbUWHv zIJ((A9zJWYN6sYIks}cA*?d%sQDrI~`+tY3oopPw=oe4{svA#Qz}2t*vC1&*lXBM= z6?%eA{Iw4<4C9OIg9&!N*;v_WHeu3!YEW@8D{%Ug2cyuJEinw$>eb=9qG$>Ig7gMl zq03(~3`2tEt942m{?X3Iup)S9DF7}31F#!avOVpwcvW(<6gIni9eCFC;T*OTM+kV} zsFkFUa#E1RD)v}D>Sv>wL6UpWf(3^#qW+5*>dY z&&!ea`S5c@S#1+ri@??PF6~p)Clzm{PYM!S9K}P7aEuSMc;^A1oG7mDYKJ9JF^{zbg+fmxKOfG*|tU;h?c}9(w zQ|`pZY?R&QuluII%%bbKUjIfQ5AHSG%Tu7+@o-b@RiPo1q1ZT1(VD~r?-F7N`+yQ+ zVz|xAbv&@ z;!%=6!DnMVp$hPS!Kbbq;lZjp(I>SgzQ#vEfQ_T>MU$tdOkh(GZ?w%{uvehTi2b*JeW4%l|1hr@q6~VMG#pduF&L_T><1JO! z9Tar)0+++>^ZxidS1)MrVXl(qx9kQl-*xOQg^FZJ$zV_bs&2av9rJbBk8~$Q5>Q zagM0DRTe>?m;sT-UthbOp^f12QulkW@CP40Zm$2^d(j#lR=Ng{h~6H%sFu2`&;Oc? zm~dSv=H0yWtS--n^cs%`zlBCe}NJek>(+!?@`jz=jpq|vS=JzY@*ONaY%=uuYI6P3+k zXFfdH=`XnAtq0s{!?NCQcoFY4vRtA^wjQac$1F^Z46QV*RzHSLZYNti>+x7!q|K@( z#BI45EFI~i@ynR+X&wf6tlc#D^{rXwvYMUOQ;JuF#`Tr%$NR|d zChI77uY=lp+YlPTwtle9GX3k3RdXJ$@ za@BVblb_Sad;u$zO2EAU|I(56hl@HmB{+uwTcE3z4-pe#^^hYuR@SW!pc0n_SqbMD z*uaHi`O0HFX`qE{k zLcbCS#$i0^Vz>;}81%Opej1=obS5`Y9W@!vAZ~uWUGMZrt_;Y>p5HA=%;HcKg}9Q6 zGweKsd1-?lJQ41!atMKYmylf<(YfQ|C&0!wid@|GHt)u^iWWo15Rnm>jyn>Cy5shi5E?i+oR6mr}mn+EG1cHH2HViMg8_@(>cQE+C)iz|ypv zLO4ce7(?2laHFaXXt%;y%eY=kuPEwZj3$|KEx7@lDc@MC1v$1 ztQSOWIzg4tWryA8Abad7c?1MjMbcxJh*S`2_a?Sb7=}pdCpI&a^%`tL_X;RX=Ka-h z5!Z(z%2E;qSokV=xm+66I?YmZq4#5a;{M> zwXY>VbMfA-E@9E_YG1g!ce%FOzws25Nm?dy+r6U}Pil-}l@L4Ph^lQ+86TQFLVRoA z<3%OaxF|GWkF@s=m%zFiR^%TQm`pZzDRy@I*Ym@J^M(dLT@YEF^MJm&KRWu2t+cH) zhUQ#wuxR)J?P{LB2RV9K*tp%?>4{y+T#WE!;%sS%T-!yhQV}Z4YI4_iXO)Y3a=Lig zQ(|@%SX0O}K#yD)PYAF=`IwIq&}o74kiT+eC{v_L^RklnMzG3wWPXmmyJCXbp_N2PZhKY%9?vIq3=(nz+`%Q4XR~-HaTw3&LXC5oC}qx03*0=KDhKcp;#k=r!p zPOAkr6?nNh7?PaHIc9_U``n`}cehjkyczW;oV?J^P9f)mAl@}RqST#R@W1u1pyic3 za2)Ig!fILof3U&gZ&sPY+@@fzV;LcT$2jw6sAj$6K1HZJyogkGF(xSMAsqM44!|?$7zYDtY#FMj^u-(YpAMeiwlnv!`*W5PYz$}QqsK>PqO

~dJ0WGL0@ zwp=x4BIGKmNqbMpN>YkiCi8tc&)-}vlZtmr);X3$!5zKfQN+qT8($L=C`xvw%wKCW z(2RPBQiAb)H#{dk_l!B5!Wxo)7QPlDb6n12u!emJ3^!85zO-p^zJc4$si_^alw-gpUK_n5etyWqZ zr{3=Le=tIi-osrrS~C=Qx`NBCrFhPDz*|s2F)jUY0KCG63gN+%)BNR?jeO^K1D!tA-^$UT1WNS%yPENusXIlb2h; z#w|7n5&f*2VxM6Z?#tY@)N<)@&$bkH$ zx4X;16%OT~(k+cHguMP?mR`zkAp7+U|PL=_~=qt8i?51!x~2fZ3NP-2roJ& z;ACYuZm-fV%(dJX6QtMK-gx3f!|2c;T*bh@zX$Ln`yg>9AWJ;l+}!+^rmF|?7zym2 z@MpDtf^jre){=q5yiXt&Q#(Jw`mIajmvau{W1}I1bBQS|UVkRmxNE*&_TJ8xkIri8 zYC*-qYJWG+-!Asw=eLme@zB3(NbQ^+k8G|BAQaAO*&sXJUS5t4PbUUK`+77ZRm+ zNli+Cez7@Bi%5B(>(nU^#VgJ`e3U?4RgU`#&mPr5P|wt^n$M;JZczzCQR|Vj&erIJ z&2S#)_aUTjjeWf&=q(zYulL8(^bphd%O;+|wF$7oZ0%sRYd@8c=!A|OHrN*A&&>-D z`P@faA{>&YW>63To?D9Kv6%)h1&^cuduZ&{L9U1EmEDv?y!-Vo(0Nn{7`WCOjrvaH zQR|MQ{Zzj$=A`}&*QTUTseyf@;N}NDF?rB9eGIoOC%z88v7{6JQndpPHl& z$EBWEcY|23F>1Xi0P@D^DX2nw$EoN+Pgp5}&=l9|@z6$*HOLo|V zl0?|m;KYhwHo($FhO<*ZNGOue3wvVSveo4)6-rjV&ESe)cs{lj6R^CRjWxGaA#qh4 zrj9IJujUM|Zx2U@D*q33COhqu=Wm4m

l6OUZ8Y{tyVgZ_EM=(np*0N-= zqKP2+*$Dq?@MX!-&*47J(6$wvzT_HBFngCjslJh1A7!w6h+O$hp=#6(Ky94GxLMd3yMgULdFy$aS2N>1+2+An79}SH=HlZcueN<@lnLR9A^J1ir`LXIigTM> zqXy>f(wFM%%e7Yt)H5V|>Q6UJ_}}M=;cD2|bLvjc);>Cf*NJW{&auj%uISB@psrVD z=lIoCFb@^8tX=6kDzLIG3 zz(Em(gw#^xv?Hy?o2a2}aXq`cXD^`LzI2Y+xIb#RLW$MtSbHwhcc~&y51^i?MrFx= zO-I>1oP>2%k=(`;6U?PRbu~XGkGB50bQ%jal8(l8771mhIG5FNKak*cL_0`pNN1BE z!TY#)gh?t2RB_P_7I2l?qK4wBAtGr@y{+jw+wa%%|00$QK6dx>zjrAqToT~za@jqX zQ_1a?x8S1ntGDgT!WG5Oe?3NW!UmVfO%u4p9NmZE^ z@OyTRZ%(R_<7=e!RDOb%XlcZPrI(J9KWWT4JU{4&CQ#qZfu^gX)~r?do=sZNXGkM# zou9yw+AiOTd)B-tMb8bx(@@u!7g53uj1-YzjsU`D{%!RWH$n9i6!#tUCqoGAW16}% z0GQ;g#IO!}HXx8Ip17P~alearOHN!EUYPzhx$k~tNMsfs7i^R7x|6F5{2!I{5Ai7q z@n~%E=PlH)^5GfDXLDltGOvIrz{;&)4Hkn7|2UcnNeKSVb&Qp<|~!tcR6_m`lqNm+ z8j!kfVd{qL1df?Y_%JJTRQ@epTIw!9$IIm87%G#KbicZBprpKU4c6<~V=23uVOqJ) z@eXJ@@_C@;Z5w^%6WeIyhd|5Bv2x72*3i~{r+I|3($5F;Uc z_j!=Gz}-FMVFcQ8d3%dflB0~cHprpqO6y|Cm(MO~{mW8V<<_J#JUB=jOG1T}Cio%L z5M>n4FlLK6tBG|4BGyY3N2Uw=sTv!WLVc;7=hY68*nYd)*N!;Tb`AOyRN?o-@xz@Z zhz>GXP(tP>N>J?YJ25pibbevX*McSc2}_EgYCBkmN|ih3A0XW8SpC=vjY!x4qHB%G7wa$eJJ@d=$BrJ^Du zlWf39?-whPM$iijQ77CtnBL6X@4+VF~3!T5?oPg#;=o)bG;J?9UEaBm;<)pcy3JD{)(xMIXA zhYn?O$CG(-{WzjtL`EkCUCAe=0#^m!OHalDJu-vxl~#{uSp!3Tutn1BCoDORQ%!)| znv^?Ky2*5%zA(?!O-_SLxq1Ld1Q##|GIPNvF|$-Ax2_fb`6qIBw|g@-%l!)WIl@RK zImMUlbQnn(BZ;r$gwU$8-9fbxEshDQ$`McPQJd38r`#RKvxL(Lb`DMwAATi>(03X( zLeA&ioJ(_Nv7wnU8n-f4Z&5{t;W)XCOxiRF{xg2=mfDty3Jur#r!EGE^)^VF7-`0Z z@(QZxv4x8-fJuF|DT*d+=;_}{WbhKLdfB#>I8uQ=@Qz%0Gefi!{Y!0BH(`8E+Xhs* zvYuz5$60&P0x_kBk>05-ZvMH*uc6k7YVu69(b0{C0!%yok#)p*%Z{D zWs*oYdnxt<6*MNM767r`CGjg(%d4p2h)M%(4GFFM7#O1JoPiqH0G2BFRsLf`&JsmW zGIF(eeb z%QS$Fo9OCh^86gm@YF~pZjE)_-PP$OVYp9w4~@eq8~@7S8R~A{^Z@Ri03g4Ir!u^) zQ`|G{!DD2{KI)qn9fTA5LXxd8q}5s!0Cl% z9FZAD=v|}ghOJ=WBJx$hx&t*LNwf<=fbo#4w{BzlV$6j4*~@K)kInUI~V#! z{mZQXoM0-{HR(;G)LNo3lb4Ve*JBUt1)g{dk#+zU0ki!-l*0l05eYGDM_z1or21Ob z996V}TFDecetRI$6=Zj6F=O7gofCZ5P=g>PO1MZ-^04VP1l{2wguDW)@HDR)T|^1d z2>tGJK2Q+bWWIZ>H0_n%7{%{qXc(=7@S{-$k3t6qwZ*78CKt%)8@%g6w?$x#*||c3_8i5#uBfN6UAFXo=++p5&;r;tEzsjI-ruph% z0PYA->i_bN1Qjb-ZA8Rfk{%-?Z2M5u=LieK6FRr}fO2kH8+98)C-Q~rX1%~hht1eH z+H)NtKImt-b8SA5mZ~rk+uu64o^T?#kJc&mu5-i5IF0nsnQJ614lFM;Rq@fGySg@j z>Jy>hJ1q6Cl-fAm_3e`2q^_bDNm@ath}}p{_qopxqe?C@zqf>2^+hWjh$shSAS?BU zX!zZ2e+B<>qDm&5F;tonxL?k|TKRzK&_g+tj^6rrMlb3|5nphWDBq*i#L1CTYP z0doC0n|OA8Y3@rsRtSdnF+d1FW3qEeZOFB6ut^SRtJEEh#z_-os~4#$rlC$SBg>gg zMbqvNF^D&+e+pKi@q11+M|?GIge7G9p4bPjJ6;eXuFHgK7R#7eM42D~#vi6LH93)v4nS_XySCz%8D2kcmO9w_HcO zVgGr}vT`Zq(sFl5*{6$N)-0;p_=9fo^&Y_7{~{WFka5DO&L!J00$|;@$UvL`RC4`f zyvcg9zX8#8ul#T|JJR8HIC5$(I;5Y`ZYbf~X!o|@Pq^*UdrL{<kMH8;~w>Y_S`QSSbnw3Ed-(185gZ} zYnNmJ3?K?G$gdS3QBQd3Lvgi2i1VIk(q2pfH{!vgha1WJ8#Owg@=^7oz+QT2Y~=|t z6+SHuzHOTM23YjJqPLY9e9)f-v+DG6o5yhmlg^8p{SdU$&d}7{@N3K+VN=D$`mEt4 zI=8H+z`OjoZZO;yciWTurEPX7LxsmT7G#Pi5IM5{4QDuhv;M!~j07oVUf@n`#X*qu zuCC*Ba@w5c%>|DJ7F=S7v>`$+U}@KAR~Wy3rlS6(33syBC)xE3v;h%Pn_Cb8Ky_;+xUCIf4|W7X+wbs(z5qOMG8L2V$9=c`sI<~phQg#mWZFQ5G02Y< zGsEPGH}5Bp4)O!@CVlUeOh(LS=@Y&lz61}so#7gKCunYcG5db!%gW{FdJ1FX-Q%Eu zSKLXvZF9CF&URXSKaSEV@l|Z6J7zo7J1{-Khiw+f`;!Op{n62?_-lIv2+G7sm5Hwk%qZER>#WVEVrzM72E z!s#=fvGpaHwmp8|A%sdt+(W52+h&AJXZ4)Ea1LHVyq&g`Rh&t*Ex|;~Gg8o-;EZF6 z<8NwtI<;_`J7~rIAJ6pmZ~LJvW8W|$gLx)Uj5dNn-xpO`%~8f_4ow5R8@&QYf=PYX zV#L~eT6rT1g2x}o9sG){@H|WeaC;zJ42yjXJ(&8NH7DCZx|VFlvDDnddga~2^rX^% zj9EEUt$-f9_dTEu2~4)Pej`_34?gMI0LH~cs1=H^P$)K|6TG_9*9lFrauL+^dB4SG z&_d^^v1k^T*pmT+ie;Ranv5o`gmu%lTd*7GpT|6u3U$9L7yn{#;=%mvkXqzE>=|? zeVGs5?kQ*IQ!KN;jcjEhmF79R z|yrD;dm%5KNz|m(R1bUk^*n>I_D2W~%?d zrCl2>2ZCGqMOibf;ZYoKoe+%(+T+n%KY*#JCoezINW0l5&w?vBrlz%QGfc^f?ZfOF zR%Z|?VYK+LcH||-j~O6v6**C!mDYEhx!+=H57}SMCc#LsG+UOB&{@r9eXqG(7GKOJ z`XbTLe?C>!74Gd83KVahs5h_-=BIAh5kvYe<@?wM{>X2+9_)U;pru9D^zq7Jhv3K0 z$-#@~Aw;jv6klZs%Q`!;G5}-t-j=ynQV=nH?@O}1aPF_@LLz1`{1Ptim+ZPx#3RNJ z>N^bTV#X;!rYy~6krJBVG*6EGb?QlvC7(?0%~gAXTWU*-#{Piq|do z0MYQ!J&P0kyMIo$DM>yFu9ApHd&h#K3!10seB{xC`l3w(g)Bm9Ij9ePs~+@{GK9Qg zP70EJC$7}8K4B-Q?*%i$Ic2j4{K{IZKCEJe8A+jV<5e{>yhe*~9Y?w}-5bSCR*4xP zccb@Q>b5#Q?jrtdSM4(?pCuF8hWlf$P&Gvqn&17t)8=m|BDT%x|h z_!NLe0Q=s?7i7-2&b#_~16dI12bd5HDeM9qmGbGj6}nO3ax{klfm=b)+ZM%m@);WP zhw%sH;7%AICcX}!7GPoVv2!BqqJG5j*^pHn`2Udah|Z-KIEMkY7Ty2a_=p>q=0H)4P@9V7yfsXzp$7F#2&8V5 zqf{?d9YJ=64aPBE;gcZ9*+E;y?_$ldZ-ipI`z%2@T=qp>ZS=>#20yw|V}PNNDF4fh zS^Qv3H}r!?xV&%dQ*r2z2{|k|t1y`9Cf9lAfV7?auaB37IK`j5MDKF0&ekh}(tA6G zb9Y&pY&!>mBj@R}1Y{Ix4Eb{(_%Y&U@x5W2aaw3N(D#XuO{yymwq(X|`s#k&t92e1 zCZ(aB0)?`hc5a#2ieh+z8aHk?T%_74!aU!f#ypueE3V?pqt`)`{0e^WOd303MWnPj z{F-9Dx#06O|MJ20wUf7c(=HqLBXn%leQ5Q+B9_y7yf9UisREKvSt3|PyoH?1Hul@} zQj?Bjgs4{C=-}6WkFNbUw#x1)m*h3R%T~sO&hG?iZX?MuJehQe)Nyh1$-`8Zp1i%x z;|RnX)^{>#vFByNd&ZmuZdWDT>b)Lrkv_W_!nGc~vxDyIC^;^SQ*K$8Zr+LuJNnk68 zHP5oZL8b~8c%&z%_WvMxnz<`mdl*X(1xTMT?uPD9a}7lIk?-@=Ki&9YNqk?_R=4Z^ zm<)**0&?UGhmW@^2q>lVOy3(9zsn?*AGp*oq4}W1EE6{^vFAzrPDyui*vKdnSMsh4 ziD+O}Or$MzwDy=tvJIe?O|6fxtf;DpIf_sWhf|E76^yQ5lbjBr?30;PQtDegCMu9` zKW<18a@Trh)429Ea>w*6dInK*_x_eNB-Zp_b^W?HkDI7G{|}nmTMmJJKGDJ*gikh3 zj?`I@0R(ZwZ%_Nv*&)=G8y}8r|7Et7cs1(d7KUcvEpnO*+&#cxkPZeOJF=?uX~Ct| zsZZD)Bnqc3)0cUG8hI;KLo$_BTv}#~Qh9yGcfK_rQ*#o-`6L|{)xVZLEI0!rQKaev zH*|nmNQ<2pxy%zEwTUbd`c`WU|)z_85QuflO^PY7Sk`~}a)Dyqe zpcz=LnJkugkRJ432sh*U|Albtnv{M`3c}TLUPlxg_V-a}^Pfqx9*ArKr;Zjr-xTCF zH$i$lcr2xbN9*RMu)IVQ({%oC7Hlnz<4c=*kWL78Hm3h9YT-vuaziR6y_X*hk`a=+ zCvn=UM3_kthL;Zl1qb@?WW-uDwrzilCcxOtpeb6&U(X#bb;#Eq9%dh!$hNruVNL!$ zxgVcm#v7+6o6wunH_)$xm3Y{l&Ih0;2YkwxKzT)ZLl&w;1MbBB_`*R29NJq-g%bl7 zIgASy9b!qBDk@xTKIhA?-d&cLc1c4DUM^N{&9KU!emue*vC(d9qPa}*0h{LcfJ(EH zYV{TTuLpHy+7Bvw{9yRB((A5eADv~iQKCWBg$O%u%_0n737-fB&MkWYk@vi(Hp&N& z$^zd>4>WVf63z`@&UL_FJQDbAt*>h{H zyQW3v_C~A%mq9=MsYy-`fbMM>Wvk@4{};O9Iv9om=JKoK_fY+cP7p?&of#w0?wF?0 zu>pzs+d4Mg{t8#ugz|9F3Xj?FU~%}K7Oyi+j8ae1MhJsZ5)%h1%x1$h7g&q8o(G&IfPUjxtN z3TISiwrEi&M6r$YcJZ`2_SdU!g*W|x9{3_DgwQRLME*t60Av!dG9vP(E;T%hzg*Na zT<0am4}BB?hlIgkP_V8Al<4RP%n$q?)|@w3$BoEHP4wUj=KX)r+nV{24dW02&)qgX zc@!9T>eFk|>$rvVMD;%cRzYdTNr3;zPI$Ip_Y}ONyc(Zd{_K#ylB(33et4bxPK5p@3RIxg#d%_Ibb%M7ZAVYhtvv#ly<=y~Q%m+!jm3Otk7j?2AEiXU z3QBBRxxK;mjB|$X6_F@&q8{zM#^UtI-xmi^vPxBzf5aQzg@VTky|l`oolpDZ@j`W%+Md23-cFgD? zAT}sm3b*5k!U8mAB}l~GXcUSgmM=?~T;AcP-4XUtHugF8fYa0gp}bCskNN*EA&C(K zh5Lgkg*qkG3+(Dz_pf@|D6dc$EZluyP5_o)u<)mr`|Dj?#ldxrV&`F3WSyDodH*ccshWGpoHzjc8ss;IVgN2hr?meH)xo&`@gX1lv2-3yL|Fw? zrneOMAC+jJ=TNG-XJLE_x8H$#`!MLzh3!x6eoM{#21dAXcPtC-AZGv7A_eDiBgyil zkFYoQeP8T1fq0vUXs`-!@_#^E0_gvOHnEG%e+82~o7KD08SGv$8J?YX6P6kUuvG&= z+AA|$w`kb6Cr&iA_cVOw8?D}whR{S+&+o7duO(xzf4E`MplK%Go2#k+$!=fiZYMnc zHlMz5`7BYTduPghGA7zV+Ukdg(aUAFlP0(N*mhE*kqP`)CyKO_+BA(h&&!SV+-G8* zSn$XFuTR8kDWHs7rl+2 zC%a&cETjw+_sPx$-kQ|YUlNm9KjI(!2&m&RAjCHzx9Fl4^V@yZ9M#SS!_qv~BR1 z5(d3fLusVn(qB!=)^85@62t9RNPFtL#Xi9JBAx0_{?0++=4G85z3x)q_D(a&aGbhH z)t58g`9TfrQ&O=7d6BM$7pvOe?0y{L9!%I~qN`!HLajumIrgIF3~MdDNF-rQtzrb2 z?6NUpo2i;6VAVTn%Y>fS$N82lCB4^%^Tm>ZfW>NTT(g;`=#VjnN-)L@?Q!C>^01vE zzEuZcH9ID_A3Af&xHrl5k3`0ZM2NvJPk1W@ycRJbMdKgXyk!|1 zBv7r6n0hBahZTaSf;o~?f>=Fj=8IZ;ca}gVVj4A4s$t@(Ku)ZpC!_S)c`Jh`SB$pH*@4)eMr6FkbC{LhRy(2^r_dCR^V%QrG?isIn*!w}c zvU%>O&yxR`3rv7LBX@BypwY%rgs0Vv@rGZ%xwJpZ$(THSb^-k#)dofwrKfhn8R$A+alhw=F<@wv&WPN*mcyRwXeX)grTc%&{g6aM6{xm+noEg=B zG1!RI%>j<_RpwfQ!*FuK(sg4?e)kIOn6m+PYi6LP6`wQMXQn#tzlFeO>Sq?<7yB<_ z8_N8m(?A&gaNNDuiv2ID*9{HA5vuwAg__lv_eG{Z*j45IvX_(7VEEAl%qv@(!*I?J z9c%9xLwk{*VEfI>i&RumRN2PU9`hXnMNR$R&`Iu?d-#jB{d;OK&q~REq;kap5eW=N} z>8Wrrqj9xsc64L0_glBoqb7AyX`Rw$gQ5G(K1!i@qORz&VTXXyD|Ve0x@rOlVNdp4 zwsc!pl+QtfuXDm|Ak2kocEzQoa?M4XUz~q*4L#;WWoSoSsoj*zx13HDB!~~Op>>f3 z3uZp2x@^>)MjJ(mAG&Ylrs(!gS0x4%B>b>YVL=^5bR^Pu*jNhT* z2Fq-Z;yp*vdmPqX4PZR{YUYY3;QNO&7C$Wl#^{VM^q))62qI^EKJHjv5nck0r4vEu z6A)-f`a9!(AS}-5TmZ>jKrIwz8MJ6KF=M=4FA!*je*oQ`fv!8S-CQR(T4ciGjqVAi)T!>tlkUmE6KQUiwUgdSZXp1_fo?0>_>+VMM8R=!RgzV!i5em-lBkBl;xNzF0{SB}K#?B{6(M66Y zPrB;HsMkeXRiM#CTdj|}P-h?2(H^C(DO`il(H47b9(93kfJ$@W7m?b*X_5FAtcT3r zf~`5-i-fIF$E>06Nz4GFj^1`ILC&TaJ|}>(p=y{0pn1hB?aA~y&nScyc^DfVNZ+>` zJBSO=CQ?kU@96l3xt=ksCgL_eX(!Q|A~YsWZXS z^)1Hn1WtN%?q<5O7i$aIB+p4(Lg!U9iCVhV&G@W|ZP6IlxoM1BbQ!)orfyYoGynDr zKZmwcu#-0$>5AhHT#~dt|C7{$X&D{t0sT`|rV7$Dodk`0zXmUw$G(beNvuL5fYI1~(R4*WU~_ zuL(85<=_g_HyWa!ARKrLR0(e`TpHs`GX* znI-Bg`T_?jFJE)`I2v2vHgza0ue-Z2i)&>u!dkteiFi#m-XbBGqb@q8( zj4_FnGcFM89AQOl4?Zwh3>;Ggc(P?L4Z!R%3ZQCf(I8^m1?{#&c-p%Kl>KvGm`2uRyJ zY$6Sv)8sjKK|&Yqva>Ej_MAbBi8%u*#(t+~ZpM+FoWnt&*JUE5gV8mtA>s_iwZ@Z! z%C!at>ppxzC0+x#d#c)=98$Aq(2;5C+v|vf58Y_xX*Xb$Bv_u;t4Z;57hO||FhzMoXitX z+w1nWY=zasI~m;<{tw|{DqD{J=D&g(o-oy2BFTK#U6IID1}h@aMEUc1EpH`;)!?8OxLi4WGDz2E%pr1_G^t8;Anq=zzWRr->UydyR__c11YQ`o%t zu_k%*&*ap{y5!|< zKlONB0-;#}a=ATZlP;yt>}|#;3#Qg4;vb#J9I?j#voB{3W}ns7JsCfJ(esZww#6TU zioLx*onQK*(#ZR~%$`ekE=~GVs9Cjd{?c^5xQx6^&wtxRZ0*lnGG<>7G{o=Ux9yQt z|F%ik)@xt-yuI|o=aOmjmUmzLyv5`EWgzddj;+0(+xdRis=AodwY&0n1bi3Y6Zk!S z-Ic#vFQf^oU(f!}4?NwS zNrYL1fq{X8A++aw%$^>Hg=;w(802*s7{r01FtDT%#7ZtoO)Nmjm}NX%nM1)Eyw{H1=Y^V22#ZYge^ci I_6Udv08V-%X#fBK literal 50129 zcmY(pb8x0XvpyW#+1TEVZ5z9>ZQHhOI~&{flP9)q+fKfH-#X{3^ZV!Oxx4PEn(6Mj zs=KS@WxyeRfPjF&fG~Cgw0+T@1zTZ3Kq%=!K(PL4jT}u3oJ~|LL`_UBY%QEE>}=^R zo$PEcH9uwXM^V4O$$LdC62mtauV{A~(FBK*h zr7(>m=iV-swTp<#nzC8u|M-n>=NjWOaMG7};bsiw>0TNEC|b3pzFp{P{gU1U@F>1_ zVhC!3N9FS=b!$EHQxp;&-3Tr*LmY1*EeBKn4iT6hIs;i{W((Q3kh)4qKp5ni_Z(P2 zb{y_gzsH{SJIAW}(p4o3@Oi=;pbriT8RQxIwf1jq{p3nRFlN>*RUIP%im@ zDG(EEH>4talZ=v6Wq!;j<3xFS<{O%n2-tf~>;vA8NckW2`$e*Nc^44fpbNe{lx+v3SLCh(AVR zR5GD|_tl%E;*Eo|gkoujUJ(y_WHL`itkB>b0naFm!*Rh3OWGAg<3>@o4ulI$o#-Wh znlTQO7^e#T9V19A0;M-7chs>$VJ^1$3!yd@Uo4Au02&o$C{k#~&uUp{ z<&IlLN@96nCczx|y}^@#o8@23k)|%nW*#Ym+WEfSSMs0bvX%_ajEuOKNj6rhp&(bc z*y2SZC5V{4ts8w>#nZ>qIangB4Kx|*nuL7{^fQP86q$|SiExUMcI;~Hm$11Q-VTat z!pOUMb<)M+E$bZ1Fc=m3>IY@a#p&K#Q@^UM!FMcJsh2?sEnWHtNwX%`X!3JtzIB5p z&bhhdtfp*gIBbmfRA9xF8mdOs{Y^7fHcEfzx5(DF%Ad#E1KUk*10p?kRK#Im^5PO=;q-h?mMt(&5AG}fo6#wNOI_vsV_SX7QO1hCu-E7rlg*mF2 zI2JWac+pcGH zN7j~UDKs(2yyv@Dsb!Y#=v9CNLNY=+K~sEiS*mMrpdb{2~QlodNa9wx)kX!stCH8q0bIxfv(+!4j0BoQf4R_X8IM<~nC7{0RFQu9 z>+W3r&VZw#%&uc4Mk+9Tm@9>bnYNZrLOrM(LQ~2CF-H5&?EbDmYeeV!hzxYM_`vw_(m4sTWav~ z@@?S$%xLYK?c;6I>!@|LbXGY}nMagN(}Ceoa*K%0TSY&%rF&_A5YC}J+5H=5eY3UJ z_(Of;z|PH2beL^KqgCzQ}UT5^dcF7$^hFLiSqS5g~CY zQ#*KIEu8fgw5+vkiJ76IXMZqSICvV{!IN~37E$e}5t!oQDVj5eBE?h+21kfnod2ir zQ|K$z+NVg%b?}D_(B%GbsNGYCFy5qw=P8oS6KaZ|0dj$E`0Iy!bIUaqId}P)!G`G^!~T6d%O)x#mi0$+ z-Bi(8xyR3Iue6_ske|ny%SkcsAxEb8dMytAiYSKWu@*eWU~jGZfOkk@hC&`s6L_>` z-+}qvZ=cD}ArwgJL^KJHK1eF0hB&+I`K*$G*6{h{ zY0cmOdKHB)N}aabz24PJ^Q_NqHW`2jkc62U=3!Om1X5H@{0A>R%9gO=~U#+r>*!fTukO zzW3DA^Y`~RNz<)ey^{pceV<~jO(v1ix4m=R?=-qTPQv*2$KRmuOwqsl5JtCjTbGwE zdQHzrYhIf=X~DXTA&wlz_@103Ip2}s-$ZzHO9ALFu(wIuQa|SV!hAb&_+Ii}_$gss z9l*$5@O%Z$!Q~P=i31C-%h4en7=O#-4J9!m6dr63-*I50*af?=gpvT{&$(|XVG+HP z!$AuSPzsh=+e?Z%jlnIw_jAHH2aFQqe=c=AgF%ZtK2Qa-Ct676Uvfs22_$X~yp(^( zz7!qU?o*tV2y_~UQ|aFEJW*C{m4*ZQ$sI?g6&PV#TX-7MraiS-now+pWJN`oN@BJH zA^sTdwan-z66c|$wf%&Z58ub$HQ$g;WcW$q5cu^d>pa)f15cT|{zWIbRx9<6h2Ji_ zgZ8XP5d1|P{^lTD2VY%y5S#DE2Qiz*2|%(KH~50*+fX=0n#FD>FMI}w4gSP#+`E=d zsOT$$_v^XswHGF9Vp=z5dpm;F$kNWs?sKzmX!Z~jkNyP)(7+r@lsi}hlx>PLf!2VO z1iX&+7pA)d0(xy)6l+%3lD9cpTLsdl`B)AEGgjNH=aRqUKS_wYa;UG^W5vYn4~BTc9o%oZi?4KOOCaKo6%+56owE-#8GN_T4}8loVCmx(HlK*QVp+>NirI#6UmxE4A0Ym3?u~h2EPzz+DY9jzdcl@4~v28@XKe?}I%78uZE5 zBC_4*h)U_{k*k#x2f;9#110L85=-8!>V~z;Fd?r-w%gM@^nq4jD*H{3!@=7MBE_AI zi6t422YV)s*cy&>Y1Ib_Icld(T`6VxlxKd2Nnr^peES76+(twZ6g^Dp4g?^n-M#ni*FQObLa3SxS9PNKZ#E3CAYhMII_Ln%DJY7yB}<+eaKg3_gbEz;nz`){v&Vrnm8$vT_frQCVZM0i-*1$*;iHz(e0sc|w z^RhSO@V>LcWr-ZhH^;v==tUJ<k~rRM&7bi)OqF_o-&KTU46(Z+jsWJW+K3t+t75 zaf5w$QMxE4ZQ-=QqI-y43p<7JaQd$)=1}uGY!gNysfsjr4&XDOo08M6glNukE zXe3D=ahKM~RAQ~iIB497jK~oa{j3D0g4#e_p5+f#z2Gzutb2|2hMP3KIxz#*Gj0^( zs6Kr){~2ISJggal>WP6JkW$a83xIoPS6!){gfr{s1bjVYlc#&Khpzbj4*iLnkU{s9 zmrmC}Rx^PAj*%Xe^6R27Tnx#Y){&7RN_#i>t;kTE%NUKZ4S4nf5Vm9aL!BoQ~t#0F(ANIIR!wjKSx`3+aX(W^5XdWi>!- zIHKZyAO=ZjU=sQMGkEo>igR7pM*Nj)U{|Lflr+cb4*j_9o0ZdHzo^^gT#GzK1WI!H{ z%G7c{`)d_qkAp7z+>hAm{sU` z4!Vr8J>i08W@)MdWHP;HX->?4`9m^{ZEHB5cjzjmF&eSzQmgyrXm+ub>@o(Mjkj2D z_6uJvhp6Rrn%n1oHR?7f9Uk)S`n>_&2K}jH8XfI67jrK3$<7Dod+W)F_q)>>`1VOh zD}oj5<#f=7)?O2Me%u>Pa9BS{;kvJU5Ae1Mh><_kiL|goPt+iPG3=+SWoR)kn^R}e z0dL;p#%|tSaC)q#?wLQ&N+&(bfe-K7u=ADhlzx?y4&_5z8)=!*DU4oulgX1KTwLF3 z4qg_z9b=`w`xI}0W8U*v?bp!+`XJ&o=G+B3QjrRsr0(u5eq@DNBr-?2(I8c2&RRS^ zHnZT0i+53Yy}H}cwkhfXp_W1!;l0jVXn|sw_s>%b&C$S>*FcFX0z5KvAtZh)yY!zh zQVxHbE^wWMQ`+*SQdB|X}C)_QR$U<4yMqY8+`4$4o7HS~U^>SPbWBe_fl7KD{D*YqL8 z%+276zX@uCg2hvOMz!4#28e(4Y@*;Dx$Ym*1&5K$OxU(Ix^>QWZ05t_47cJj2z>gC zyYIQ~o3t)>q-cA0-p$CKDVUSHw88XPA`d&Z@&E5B0sna zPy-w&W`mn-Ili*v&BrV=t5NOjiq^HhdlTRrimu65Lu;i5svg1F&9;jL#j5Ox<|u!kadNt+ITMJPVX07Mf6|`2?g6 z!wS?BdtRq|pm+DrE6e)|{ybf>c3N-fCU%qxhEn>uEH_SqQfHjO2q$4$ayv8xt0h>&8IFccH}hf!c9s&{c1PwF z*?vNxC1=A`o@Y%FAcM~h%!P?d(RjdAY+U_nddAV!4(xEDanmsAL2x;L;(gd$;sQOc8)DUHa1<_eN%~otu2pQ((9u&fZ7^cnr<8yIkZSpOd!wc`d|`PJXoY4 zDsCO}gN%G{DzPrYoK&3XN(vC0V4`PiUo__qHqFbGyp9<62528t80cy2HEG{HKUIVC z>)w<+9vK&hpgIt7lpuZDK?675?EGxN*wXz}}wUnRse(+q+uZuuvA>rfuUSe#VZDdQcjPy?;PW zIH-@wUC;{mqgbet*IN_Z9%21tXYchX_mq(3A(aPx9%RS< zOe)ZC4WG6nn|K&F)4ImP%7UxqVe2k`IaT65n?@sV)r}Unbn}uJ{0yQeoGMZae0^+Q7LWWm-X@`_D82>A{KPVH_E7?fdcAWsN^0(p z7Z{V%c^bscMzd^xL>Jyg1#Vi*hJ(HgaD=iRzT{uU$O+4Oy`p&$ni<#Nay@oE;It$W z?#C5tj3Zyv=X*x2(UxZUs6PJ*O;Rtfp3M0p>eKYt+A`f^Q$(EUQ9YTu_C-=tIo$1m zrup-_uAB0DhU-v14k4-i?@aC+2_O54(JWa6r`RnyEa2&t@L-X9=I^1cfclw-0`}#A zr~d@FdlVmHXOjRSmYvm-?`>*qV8pfU?)xm}AV#YeUrV>xJso*m1wrj6f_8$ zg%2-e*}|tBa7l>{J(IV?YnOksvhR%zd@|9{;(R+Qi|zk5=UOkr#-g1c>U!7rnp}XbqYv9>NI-aLIrglde0K@I=U`Q}XV?jJ3w!18 z*{k-;%(a& zX>Fevks}$R#`Rx>{xz$d@Q6G_(_G`t2qu|He)SqXC}ojVT_w8XS5xWQqV7zk4y%W= zHRHRXVQWvFdYh%Azz>s7hmCF1jMWWF%7x(u&G2NIHMevxH__Su`m|eps5O40o^JjY z)n$a+QjBYlshrMv@qLi{+x$?mFnE=BAz*I{IG#{TeL3MS*A zQ7?#PbYq=T#F~uG`yB~M{7PkrEXS7NN4>p3v$q?(l_ZnBF&Q6dQ{`9a&b+f&;5MaQ zanc$qt3BTW;{ed6wc$@^KOSFTaA~PwDz9iqJPpW@gRy)}ioVAeMCYFiKce8W@$A^d7J zf0iAs&s#h)tY+3?sAFzBO1esZu`b&MYm>w#W#ns61WAu;iJQK?Htv=%cp;p9FPxpT zY{PiSXX(KkOKSkprcKzFX3dmrFy;r9Q-+h6muOOcKXMyJ)T{>aqoXsTt2o!U`d7VM z^(*OrNmAkg{nbi9rvP3Pt)f_ETKlkMRtbjIU*%@TI+xrt4J0( zmz~m^{F!NzudhfRaphlbWaVQvTfC3=lh|4${8hv=30Z--k&Fc3&Y%SXg2S8;%!O)Y zZuZa9to&kUbhS-V3q%R&uwK8}+GBi$-G5k@v$wQ!!w2%i5ZQ9$C&IiVt%`p`Us_ZQ z#f$D-2TRO2Xq};&Szem*TiabbKR?agn#X)Vz_IB>u%63ok8!V;rqEeJh?lmazB&ne zhoN3Hc-b;|NRi?)LiKc=5_}j&_yQL-32A4THLHia3Ku=!dKo4k3aNfZ| zej!4(tS8VLOEwsyp3QqPFZ(A!F;C|=m+Xb61(a{bK+vWTocD3m?ASjt#TczXVCEwW zM;L7LJ(9rLpg}f{QE6QR+V>4?tHIk&340g;IEz27l$Lxdm|mf&fklgE@xpl~`KNm}^t%wB zx`Io(up?_$f=k7LRlNz&lm@+!-@`WB|CfD>IG;>7$B#e(n&Ycdo>#K`d^XD8B9)|lm zHz29Y?86|z(Ka6ro{#I7Q2C1`wa0c3gj?uovOp(iM^_gICkNNJSPpQ1GbyqOxkMr4 z3w>y}&}4Qn`xo~|dY22?n2COr0B%vKDu2g%aD=d3Tl|5Wd8n3Z5_KiD47^xR>V=p6 z#ZF9UZO*cf`{Ag2D6X%s1f!muJaB7oCZu{JFAiNnRrZUVhO~9Xg1sQHvNkPn>L>Kf z-`o2r`Fm?t+`%^uCMoc^`Z4x$5BP*1w-tSv5qy&R2O_tCFYFBa7qGzsFv7hb2JDJ6 zcZ;1NZO0M$FK_v+yn)lql_Y+25Oq;Ijs$ey?{*Fye(z9@Vn`F>JCDIX9+;?%bEWA) zAM$OHwu;eAIPK{-xde2(!PR+9_@J`yp>_uX;%>I>wsGq|c)-W+r}N-jpRx5l?1btz z7%xKl?>uV@7X1$~^oj~sp=j;;?x1M(oa(yH>KhR1xE6 zf+UL;LxXh1pac7xg?ng3Tq(ZDQh2Wj~hc}(ND`>qt#HCwJ(X7lkDbxK~Eg!-#WM??~euF9sgbk_NQ+CcM#gicYeTE8eXudxYm50Gvb?_p_qcgao;uO zr$8Oy)$8eZ`blr4qpa9XQ*wO;)-uQnu5XW~KkKPM(5C?NQ*A$S2Wfu)7v6;K#$5!q`0>E2>$KpK(`&O77DZ zfcpE(Fa<07^c=H6+ZSVZ?7q|iJ@l|sMCAVNBE;(j+x%oV(7eoG1-_`@5wO0PUx1N^ z^)HqYZDwYm5OthboBqY}MEW7c^e~sd{5q{Nde~#Y%zw=P<5SmvrU;Grp$t?wji5E# z%+L-jZTjXPH8pOy!3Pj(Am4vH_$Bupg16A6Vzp^EJ!2<~zs6EV4b$h18^0~mEL2^OIa4O{k|Mj{K$T7%1S>^OtV)^c&`JgRG`M%%BS z`yz?1u{$pU6nsQG{^Kg{JStLxy`Pi{nH0(2JaNM39ujyzJRN>y9v^|>Llw!0-(JI6 zva_U6*gTW&hDt{TI4f&CRJw`_MD91+s#Xs&zJ@lD?#6(ZiJFQ%PX9K|NA$d|70 zu&CF@^m{muig+D3t^)mpOPLXY5wwCgt0C5-Tgj3LUY_}MEBX=E zmRG$bz+B0Pbxy<#qL52}BBo7Y*9C)1gnbdj`B_Ga#A6DzqVR%=YgWr1p%=PpTSICg zXbN3EGuGFId4rf_uYIQ&O2c7wd5@Yqly=*uhV}J5exM7KeeSVNmJj}lUOQb=2H#o? zLjbA%=!YXu($Jq;QbaKN`2Fj&8^x+n2{njJnt>%m!p)so4>)%B2jO9H!oXZUwj(gS ziIK)O6SR*I>(!B2?u~U@n-&hOEQ6-euRzKPqyz4MQvqveHtLm)72eTZo`_>NSL~fR zwr0rmEMyCxT~tiRv%TKDn_%@S{*RbK$j8Iu)nyH+UFoGuot1PA)rYl*S(#6IsiH+}NJkJrzS0~vmh0RqiD3+k8wU)G& zkz(jT(HaE}C{|Qqg;j~}#`MWd!z&TiDv&HpxElr4F$yZV<5ifHn}39#t>3p2pKH*K zc*a1kD$Mq4AzlaGi-B@ zs7$QA{oQCQ5YO~m3cL~p5VZK(k|&qtFECezJwT+kX2?0UgCdjD4+gJabtO~#7Yg`t zKqLIwUYLQ|G6A4oYeQwMYs;+u7zs52k>|v|H)47-3ThVopZ)p9IxnVsO-|i5)U4Zf z3PzWHLT%Ds4tB?wm<>k|zDrcc-6vH8vb4+H*R_$+B3BZc_AOe76|LeF?Ncpv)S*dfe0?-Z!;4rHUIdUgq&=Tb=qmgsTJQK zc6M{4Aa+Mh4s#>dQQW3_Aw0bQ01>>6^#zC@Cr_W^N?i*jY31SPzquiI`c+xtF9eT_=DdZ$d zI`x(bUu=bfwmf83LKX8u&Rr_hXtkhV8U1=3ukEXL_wa{K;{(1ph}E9YuA`)Ysn|Pj ziUf}SL+Xw(S_U*tDgO_X3me$-U7wwKa*#hm8jQCwj3qx9-;7jRt_63&x~fqStH3}b ztsyY2m8>6xt)1v^Ua;`tskcP|BgSr=stBo~fGPdnofl?O5j3$Iz!S-5cy+gY>iJ+! z2mz0YUqG(JQ2?Y7*mji*!^gS3H;(8i6Y{?3`a^oNcazrH zR5SH1nH2Ry;oQP#|aEsGi0B%59jhoZVh0 z4x~y`>aHxPQs_>C_ru=hjG#o)PEPSE%&=tZfR{@mF9d&5ujFUKeX3Wj_4HdN?iuiSJm551&C3<`(VU0r@ia)zIBCFI@$kxYci9p@A-Jan^475!3)PQdyc_6lkG6TOJ-AsO-XVuL(%kN;$$mrMCi0k0L=#yqw zI9c_eSk41vtMxVBNz>QOYm?O;{Np#??SnvF+^k{XQGLC~LZ-PjA>RLdSpPrEs0a6$ zNh72Cl@(rg_PAAnn8_mDih7TO?f>2Te||Ui`(LH^zXc`X9x@hk{epYFE3ar){ay!9 zgqBrWJ5^=YPytmY8ab;h{EsrAIWp2+KPJ+BMpR5&Oj(qE@Jq5DRS6S4#AQmeXeAt4 zBdhb{=Oj;UL=2}Da=O8-L~OkJR%-(eZN;cy&X|5I;T?g_?92G|Z+E{iXh4wZ-Ht4U z{4ms!F%ULB7Ids$h|}~02)3Hu{OjoE>GZD?wrDJFJA+vu^25`R98uv#kUJF5NN+iV z)By;%31NQKjK+@1QC94)?FiHjk3VSHB!WjaOPqy=_(Zr8O>lNxmo@G7$f~>Hsh7K} zJcTB*-60#ZNTz!J(3Q>-G#GxON-;c|`>{)HMb*_jny2;kzuj0Xe{_DyT2ONT@~i1K z+e=pULvzxFm>&C8y%W&oD{BF%Wqw*?@zj$!Y{~nq^+Q0^AJZk+Qzf&nwU7!d(^F>uN zqdO#0^8{MnFeQL~r`|N$8I&lpvYsQi*>*c%di?RGb*?h~_bJQbo&jx7s{7?yj_dM} zOx?;o!*iKxiYaKoN9jjaccw({(As)9@`ylc!8(*a1n~ipgSGO5QN~cAaX*EDVw|^n z4G%}AP_?3cCH}#j3~k@KDgz>(9@d>9$^3eMz4R4(i_fMgf-M4DDnz@5Tp;|jJw_<* zDq#=0NX*c0RwT3j_Cb|Q^W+{mF{PLYaihZ7bn~j}2=RZm_C}8}GtD+AoN0{0*8Y!` zL8r$!i$FTH)%K%@na0(10XtC86V4ku{)k8`|3AF^cIX3!UWGLl&_F&|uFtH3beS25 zaO6E|zsh(qowuV2*3{=(RUI#ld0vfJ^0_UjPtz@WUj6Ujl2JI+>^YL&ESsk8{0Bn{@!$t~`nUH8?ZN z{w?d#Jh(<^+Td&n&-h-CVs+6+4fBjG#0Uz%Z4M!KH ztti`?d+GVp6T0H|TDASciwFKL(KQvF2eBa6GAHEMv8i9>*Lm9>e49jkq*-8Xq5yIx z;PfI+=Zpwqf|P4#owFlnbl!wuE}FDLzfq*J!fo=8TUum8sE&k7eUvx;R2SECZ&Oep9d7vR;_t1^M&%9$56 zD2^wW3NuURIuLy__}=Vf5eLA28$Z7f)XZMOcP>%;?ToA}g2!Hbeuz^_1@jfPqJJA# zzhNpB_0FRxb#~5A3+ZRC{Diq+k?}!^wv}c5n(H;oJBBo;Zr{@hgOEsbW9?~t(HfG^ zCyGRSDlQ(?iVFoE7EAe^%+6>&o8m$h!GyUHJM=~r5=Z{IB=@Z6H#oeo>EZb%kkw^b zNOiZ(Bbb2nU;h)YKMl7;anoEY?ZLs?#{8bZ^Xq-MbWxc3g z9?u20+|7OC)(s``_`K)a@|E4~`1G(reX*);)}IIDwi0vCe-duDk5el2_97}eX3)I7W+&EZH$V)6YKJi@yO?e)&ntc(9;?g4`s3D|1(A~ zl825)1?VOn3y2aEVgPaA@73r%8k!Jy%5CYr~h)>CN z+x#${JQ6_NXZpO!+DJK(J{tS*TYH>AP%F3G0t0WJ%=)pXOv$Q_!tGp%qoW7^+hBun zq`Y&=TkD^afeynu2AV%2Aw^l{B835@47~uJ6Y$~ANKdYN>FKckt5}^*3~~9k57!tt z=Qb+a{;Wql2Wo~7G?aTz-|+SCn7zdc+1luaqWxhv^+f1~!vg`c){8hq7)w2*_Gz7W z`AjT7|FwD}nM3^D60+EWx@3H+vBD;u5|(5#f32?u9HY9S`Cy8e(V)Diuq zh#sX~iKA9Hc7ovrfdoH$ zR>Km=Q3-yd?KyrVXaWl(AKUl&=&X{L81&SUFd^2#h0o;Ki22#^rVXrt6`p z?;z!U-_fnysV4H;uIHG!JakWU(7{Mh2??ze!ZPDn zmqMrmNu}6)U(!-S?!}&LS+LN#f18Id=ZBARJt)SeSZQ z<|$`grN>xOoF}*VG=71~KfJ1GpNVCCl1FwCFM~GQ=d-UB6xMh6j3))6T%Xo~9fl26 zmOd!kv>jOKg_#h%T;Hm(n?IFJ2?=1covMJYKm2LKOSvPr&s2}VR|3_n+eTG+lRolv zO%YG`iSbA=4DwnM|wo*>B)OZs%f(-I%u661YJmUtH z7q2eDFlq#`3)K`#6~xDRI&>mh9MuAB9-L^5ax0mMio79U#i@t21*ucvU00o_&!uED zYd%qUNi|j+|KCx7}+3sIyw2=t8#C+U!HrPJNTJGyl$j= zE9QG{DcYYNNQcBzF-;g?LC&OQS_AT`landUK%UKymy>P%j-2Fm-2%U;6|Z^D%wz1+ z+LQ1GqK-t;rB9W2ZwBt6DA}_@bX_yhaWk9K;{oTxJfL2Qetb;t@24Tp-5&Lj-rp@@ z$JY#GHPIp3rn(b_!wjmY%u11Y|MKj#44_GgLxzS{TE@RTyPTc{iq`tG+w?cNr>ic@ ze;AhFrmD*nuJ4iUA(QDU_mF2Qy~D!aQllBP0x!Sgf4~f89b^$vo=(%;{|u_kmo&eF ziT`UiI!*@lcnvtr9_+Ch6E`V&*N~q-bP*?mvJd=fs~6CvdEdXvT?A?GTvjJ$SOj}D zlazfPB+r=Tlu4dqT)@>JYD}<%Ii28~%&MsuSlZDVT8}gF(B9bPm8ZA5y)`5*hfN13 zW-^n<6CLh-+HK^M4`RDP_->e+7&d%y<|IdL0U0$!tD$b9S2vLMIv-xE-Q^XMuIHG| zzG=!q_6%xm#nIazOn|}rR{L1s%`@pT6uyfo*de#!&$H!l7o~tQ&|>`6%*B~&QlYDU z5BFX)0Qyq2S2GP3r%>k(g_JxNWaxlG;pl=Io0BSwj?a_PKwh{~J#L>Ji+$q}DlI7xK??<}~I5TceO5Ee&1MjH82)Ig;bG>)e}V zQJW8SDvKeyQMMwfet8H}y}dPp$6#8PDzynP{G!(&fTv8;>jNgDf3c=!(+n&+pMDQq zUR4jIvTP6EHyByudU1X+XK~>=V-ZTy2QndV(83_##dJyYpUtYLW+!jEoF;) z8+=}JP9Au;re@#&HoDT<(a>QwJrk8IrKE=FkpQ%LP&Y_yH=T6J3-bUJOcTkB)ADr`1Fu4M&@frQw1 z^PB~;A4ch;E@rV}Iju{hziYBYa_{z8uX};NWkrU5TYsrzI;FhlLW{`YnMEABpT~if zW|Wu+;n4DT4_$Rt;Z7InS8pJ%x_L2|dZF#2CamI4-7aKLL|~ndAISS)$?aoM{-{KJ zsUEaizKAQXR%Cm_LTgG_6+_XrWznu3)Kw2t(W1?XaZ#c7hW36>RA~@1vWD=(H7Y6= z#K=T&*>&xtVPYS9y!DQW`8~X9=qjNDJ~pdUzNyge&VXxm5sTYd1iUi$xr`l)i!ELu zNa>!-4S-EdP@JBIu!yyo@FC%4K>tfhY##GFeynxwt|~$L-BK_m!xFJ<&Y$|f5JMti zG@^h(P;NJ3@c$8ZkHM8jUH_ni6P(x`+ji2iZL?!{Y}>YN+qP|VY`c?m@XzzSQ!`Wb zPSuGY zEEn^Oe|^nIae1(u6wK&c7%$CFb{{<)u-f*GlnD=FMR|Q{sNpSh=R*0Ny+F*Ep+4^;kP)7pyi9rq@fUF{fjE21;qo@W8U z?@rEeO@e(Zs2}+bYTuYoaj&d)6~3QpM7WEeIbLC{xnfE_yXezRY~TL`|IzOgPmZv_b9q-Qs+`I#c5 z6Ke{7bn&Q%rpM(b9q%)abZoJf2O5Rm2a^onvl)U!_TxUEM0gKM z)0fePk2E7Rn4+?H4)-3N@kWMbDTb!>RLwh(y>L^vjP)GjIPsh=5 zB-Yy1({XhFy+JyT&i8j&6qs==N}3uyXGO<(Mp=)0uyaxq+E39t#H5b7GA-RVj%dY+lQ*b`&=CIVIg!5blG; zMM|%)7WqSFOGZwhd~z_%L(Me&LU5+Ji+DB$6BzE=BKH+uHfU}GpjsEqb-TY0ljXLt zLJ>BsQC>qhtwt(4u$Fe*Gv1wliP6KiMBPC;nL+H*7m?fwP!PkDcD_P$i!EfZx$VQ) zJ&wtfZ)l#?erqQ2HQ{#7v}#@+Ahy363hV3mhhTwdC!=#H14SyNuNpDpFP{hk0_mm= zzsqp@_YzdZoAsYtldK^?()ZIyh`6Ul>?&6E3*797B=N*GD*Io;etfPcXqiBGa$%rw^)mM8U} zdIoe6A~xf%rnJ$Sy2*JB*IDp%JR?=24U@yBbSyITJg@5^YLbDD=kv&utuL_Ad(aMb zp-p+T54Ir74qtN3S?l_gd6pv}HR#F&m zH1ca4<#nwLlN-%m!GEMVkVm@w88@Y=b;z)A>OQ)()sEWkK&xwMlrl8OIGxN7S$V;c`c&G>DffS^*_64-qlMV0XTc zcqbE`M-%wEvZ^F()FRKNdx7=RWOZoZG)%3pPI19TJ0T@A?EE=kU>!xpt zGkk`lV^ML5lYXiE>kMs4N##@Em{rL8D`bOGFXYgmI6^l8~be7t$G-E z+>lY9*lb*!@zPv*RQ7)>r|L7YVY9x`J+ohEM0aPB{WC|8K%Kad0(B6p&T zM)WX9Boz3eKFk$`tif-&vB008wzG9R@OtJ#zUmHke(8&NlB z*WTNS69<@ILgn$ulvKSuFQie+hhsxKQPIKOKd}^kpVT{&@WrV9r7IO7IOwJ`lE3~- zpEn}{=}b~c7P&Q(u1AkMOJ6L3+|`vr3+(#TDOUtS*2=|20lucpmCz{|ip747_?kMU zfpapDNxBbood{*S`#mb%tAw%tm3S<_`;Bxg_?Sb!*ce7my5ED+oQt#&bU}^T&0F8<*lHAYP|PY6yKBNdkw%q39yx$C{d&``}c zjPC%NQ<}ml7;z|8gK=f>A zNNx7(E;>%c2s@A^X_$rbVAq*yD3d=y4sNgH1_ zNZxseBDmon(4u*&=)i$u*8Sk8L!9&=bz0#*mRrO;q~GnFF?u26sjF4 z0;?}0!KB|$=G=R*r1~^xGo5>G-?)Ao8B~;uE>($=tgEr)4@T*Lu2ItWLlMAMO8pyp zb_h|yomW@JMILkGL>cAXwTqci`$-__{c`37j+2MG{|xbdKqu+*{-2-aSy~Qyzw$D7 zVecBzgw-Ovr6f~OPGa2hVbtP~PGaUyX4c7kJW+1;Df45*_y5@ZwX5~Cb8u+zby(o* z?lNzz*}O>(eQD8w{8zA|mkdUFi7zrv?>;eo*AIG&}qI^xEa#-WX_eZC>^I zE@y~>^O~CK*9+FqLX!xf%yPpokc{fm2beBN>fdJ^Wk+ichYg`JfJRzfb|mQ$EgZOr z7`DX8AyL>vW&c4wfxUQE_AxdP!Mk0Dzmw25zwXQZ16gob(+BC=T-|4beCKJVx?;+I zb@|&{|I0AMnRIJ=U2rNo$4wcqt96X=pev?@ZyfYFjP;*?dUzB1nrD~mh5KpP@%jNO$)@#8gkD+7D<(!vPZz$di#^Dw{bB#DfFJo=$ zDa;tL>t<;z66BRqJT+NYo*6p;7GdxYC+>}5D4Fwy7!W^CKdhvmRH*b_yv0cCbfs6; zCNUTM^elsPi)5EV^^_v%BHepw^v}UTPkWcvLSG`IM^^mJLwv3~XH0ov$`RSVbpt(r z__5RoUgT$MWlZ(sz6J*P-@Y3vxOsG}dCt88t_Un~>G{|11oFh7rg0!%*IgoXVWeaK z#^q&+kC0damObL=Z>tcZh(|t3--SCmSU$G33-eClDF5UFCS2+JW3_;U@01)p&Zcya zbIngBmk`2&Fw z!TKX*`6+gjca*5PesNJt+}s>Pqdo(Yk%Svi41x4BnxIdbsqaXp#FKF`A`LWjMe+Mq z_sN{Jq{z60<)PB#QW8)t679Cd+&)~RAu&1W^z*Wo{c zI(_BJ9?0bE0Dp1x3fU0`lh9LFkDnvtUS{w+kfP3v@fzct2*{+3PgghZ!9kJ}X!W3WxC4WzhW!7gFy$t zEC|D8$8kDw2CEt{*d5LjX^$azh>s@G$=`tNpOU)Tf7)?5>#i-lcdfS*%OSOE{mZP^ zP&maX;yX7RseA}UZ4=?aAKG#L2%bQN;j{|clVl1~cE*<3J@Y~oM~+_qv*izk zm~K%#(BCj~GQnSW(PE#eTr*A48qqkiG+Qy73vM?=yjwK*1UQkxukv`yVm8&!#EC)H zHrLqm!#q1cG6PG!zibHTSzI?E5Mw2O+cj#tD%78PdmdvHG}@Oh3X}3qMO>#q z+*Zj_wDGyGqK-ywf{?k~c%?*GG5$SN4D~NbxRcJdOTmuUGg7y?rNiohaNz}-f^bSxDvv(6dIecI~xr@JAP zresI>OItzc8Ek1^T|sdjq82KTBGz>E7|kjY{aA0IIehb#Vh#mI_o?3(P!Dq*KuCT% zXluKGnn18*mq39CDm7?dK&T=C`<09?pD$Z4PzU2Lye?#hOxBa^yRqKx=KH#Le*D;q zqY<}i4E=&>o8Vk|kh>liPB$a2AY`F;C{6yc$6PQKiH%f4$5{!*I2AY0&dD-q4d7xt zmyK7D_bghp=x^~L%z^sK?l*#H&~F8w^Dj4a^fTmDVCS*_2swVJ;fc=yzktV4fS&o(Z zlZ>-*7*iTs?2DjZGBi8q4zFsI0wjzSEXLk^;BlThOS%6EG6YJlzXc56;C3H}$ro--kuC)2l zwG5nyz!mr0n;IQ?u_!J3=&X?yU0k-qk=ox|Hd7^jG>w)7l_8!x&}(*!7zRMQ&dtQ| z#6h5~h~55>oYkZQQLxUlxk2Ef5H8`!t0(RuCBzo^SDO06yF}0+`oX`LTI{t)0hVIU zd^u!r!_VOH6}5X-M0*(pC(o@*uMGohFq=`q2r@S@yNxB=j&fiH`Acgn-2=Qnk|_{& z%tms9E_7SQF)=Tz(wvRvM zo;6E2rCc{Sc~`R@q#by07~!y+fbbKr!G|jtT!xO4x#o`JrEB*eQAp4A93}=dN@OH) zC4n<-Ak1*&J(1*aD>G_sf8w~JHsP0-eFfE1nbp+v=)}Gt5w3ddPsnenmN_dVv<<5X zUBql|n9(EiQ)6^&IRt#-@)&}G-WBkb_L(q4-MfkQhu{DF6X1>Q-obLcEhbbX&Cl2b zcpG?4bdOZXgEhj8*jwS7S7O#e9jL}=E{pRZsYV&iaC%f5E*&^s$XUT@U7MB{b42r= zs5VE;|9d-i2WjpJqv9AfZfjL4{%L}jsm9a{Qj*e9Sfn`jW-*qD?dYUhRk!2_UFz4o8;FZd_1*j*2~Dr#G-O$eG@yJobHSo(VbgDBy)k zjrC16+mQ(_yVG5TfJ2% zY!jwF84HW2T$Q2aU!5h~Zt!OKOn_czx0`%uFn@oSl##M zXJOdx_Kr8ZWx?9L2y_<1#E3mvO{i0hhWZZFSX4QgXlNrydjGFcfcUuHSU6bk zcdZlI05T7+=}9bN)6*RB>h{aJa;5jY`fu`Ws|G)J=f9Ae5}89-VT+C$5wm0?;3e9I zzElvqASEBVkUh+C^CrJ;g$jM9`L01~-zF^mv+NUV59bbG8Ws&zI*wYJ5nGPOHsZU5 zGZq09AhXC7UJAz21)66Nh1%4PV`Y2m_Sg0!_s4asu4Z<(;{KmrmM=(*uM(5N^4}9* zt#8~`hNxj~ATY#rY5+ndxKB(R&*Ad$GSgoAx-%9)+At)Spub1u=f;t8$6 zXsYyZeBWehOUKMCXzT1>-8*8`KbEBK2=P)OArw3rtp|P0qCnWpH&V_lqdtI;Df%I? z?uo0_4`_xRrI;Ub2S668>^4>bGk@upi#bHvq3uS5_!T?GslT0EO}((Clq6CsT)+D6 zD4SJ3<=v?RFyhnQLy>tdfo~rfSimU*=-SVfKYp^c@1Cg|NkO%Bt zjKM5{211k$$NV;9kRA8iT~AOK*_KJhK?fb1-p<{iHbF=(AjBvbE4SM)=anjrCc- zKuM&CO4Biz+s@!y&;YSO55R9>1Ql1RFmb$TC553RL2z6q9M&h%JaGo)Uw}9!;gRjUC1NI=3y`x66Z3&8nf8eo9PN}~*jpxY-tH`~y@hIVyfMHThGow)nWjA>v> zOHwjqGU0j8W)LcMvci8!xc89C?c~IXF1^K$87ldnu;T)!i4HrO3e%FLftsbsJ0eXb zhbCf<1c4}!1_HtN7=@JuUn9%JP@R}n|7FcQ$F*c&RIOb?zsd)MwVU@Vq)BeK#?UY| z;WZD^e3?Pm;6l{bd}4FDslP!|FN17#Z-moKc1a~+z^rRbIl(yzL0MQ5&qaGk1|efU zHo=6aWHBtL(}ymMRliXPOXRj0Et8>7JJ(Dx#xzFBWBLSBjx`q6MgAIr3?=HGwWCKXwNv3ftXci+K zBAxk>3e?4kL`|<%-*k?_;`g;czOy>N0GGq$F-#^>W+66HpCv|_zgX} z&=*jPB2l)c%#*k`6GgWUW8LkESEp^Ddk2x$Ev_t$`jN@pn1;pW32Rc7Z-Q73>L}lw z-u#e!PXO)gmX|K}WotTMj)bo1I1q!3B=HI(Jx^WkYy!3FcS^O&2^E}5#Nem@BmA3NvL?bE%<_z}|Ier+4H{?NF&y~&ZA3yZt8j@MZq zR48Qwz>v=7B4DV%H99B%lxTnR3F%Ja-33$UjM8VmCG^oqGFZmh-+J}`5k(2W0M9n5 z$uJ$i#TVDx+Vw|S_kL5`&(NCXK$M2hs8 zrY-76K;Hg%@m#@VK|L29W|)T0@h?Sk%w7CYULW*@+hfC{V*UfrXCF{?=~|Qs>g4DO z;AJNEdaX3o+4c)hHCEp)gVjwlB}8{~oXY1>Z*a$8c}ihI%zqIQ>Qu8OSG~v0JTWY5 zpIWy|-pgt%k1K3*Q)+~#HL{Va3|7j{&q?d%BbiBbTH|?up`%L$NN4;FNYwp=EAIIn zqnS+c!6t83vaNJN)Km~TRZ3}XJD${3F`0(03^&7+obbEzSkjn=&gi9_+OGaXnb)Gm z-E`$`GOeftUFUZSTf$C8sfBGG^yZ{w1ZTg#udd|6MClD3dWw|elbS3==N6#*2sSs@ z0wTV`sb;ycoA2p2O}K9HLv><|v#zO*C~GCp9kzvXuE(dNq-AlC2I=hCn}Tt;u^YK# zE#X7j~9GDWW4M{KGz#~TmW==A1j zT%&XU4m+gbU&$=Kz%qu1p{OHSRGo9(NI7k0?fxw3;Ng?AT4X6XR89}_6?a%p!tgZ* zs321RigVHux%})0t|*Ml6`!Mg#LDJS-+v)W=116u5G1fa5&YmMO+R)Es)ERd$)RU@ zur4>a(VsqswMBe9&UtNZEd~Pqam1EfOMbACO(BZDTH}CeTfb|0S6m>y@mGIFnKEwb<; z;hUtGkfT|yB*V-|221UKkt7zTK}zSoBu=TNla^tb`ldUoLDv7XFD0R)H7!kkZ8&{o zHhd_YiqqCEv#|Kea-??${i|qdz}}(INd3ZdLJKRhES_FB3?e+;cKR<%nI47vVyayL z4$Y#hOdR!;OFRbt)ER8wfP-TT9$OCv_9E3htUK*=r%`1aTJrnajLMDO=XN4*1`*Ps zG15pJUD3t+Wb2M-{Fsf~nRb$;Z?i4=hl4Z{AFS*FVn<*BVUjS+ij4xGPfiz)CemK^ z6Qx+_5q}NH{KJqDUshA>bdO#*s0Ay+!)*7@i08JIJu~aOI*wnL9rRl)g z*$ZpyO*qqutYn}9Sm{USGZ<%-7?fVi z@Jpc?ZAKrt>O{K3?E33^2d&i1r?3N$zwZkGhhATo(}geF9O>Eo6e`(l=A4u2LT4l} zE;pgDQk@z9jGNVO>Hni16@DW_%YJaR_!JOay^PpgGq6|3i1y*?@ zll;M}8}({GZhu0nSs{hWW@$p0x^0cE#_k}?82hns#G6|yIl7r6o+(v8720c30%`U; z-ks3VPSUr-PJjLXIxNo`r&A-{cvgu%t)Tt?`>_VvhN^^F z$!GAMEqGP}0B=Z3WZ{(UW*lK*0ULt33nIg`Cmz^YJrnjwA=dFe>R;SC1XrGzI+-Rg zL8;bVbcR1?qjE(phF>v9X*Z4wDv6m#g`_}Q%=Dpo>>lZhkks*QEJJ5VZD;01$UjC( z0F^x6EFuqGJzj_hzTp~NdhMQkg2#qV5lJc*y z#9!<|C>^qHNQPKcs2@czA3+Yhjj?ZSo?crVsp`_$ZYW~0EDjRk_#&rMfk8ttS}Cc- zq%0TriRLxNTg;|&F3a_rh|lg==nf2h!9K;o2k2*m#gy(^OkbR_SBDhFq#4M6iH2NE zyibXIRYg4MPTWeBU>wQf1j23?woZu$+cDmLac@7Amk%?(l+R>wLzMn{ka@lotQsw3 zpBJhd6UR_-`Bu*vEp~ehFB)N34MS+D>aP-qj7iEn;thzRg5CH{l~0doNaFl<7|mJr zWC0W>m*#+H(!B)W6IB>rV||)C`2#;;tAJ^L$P(1eMjKnBjl*vqM5mtqX-w}nsACF5 z+I7#+qq(qPzoh7m?%@L#TNa@R+8X9-=C~A5bPT2}Q8}w`8SNvi(;>fY$9NRDV|$gt zJ@!L{5{(!%?Q;JilZbE=;_o42uusjfLo%U4pmAX46$-b+;XTI0xX%r3gT6FV zeDf#LH-F~%W6dOI)9eG{E1P?%@6C2cQ?m z%CcZ@(Sm8&6wt3X5O^fUWN6S4;+*;TKmB!Eqc^i0tohniv#3gZQk-XS{XG0ZoTjH? zW|DE$pOSu>MAqzoPIjbwucNr*MIZ*m^C8s#ZFe&5{r7}7O@G5!fKzBy4 zjfF!^xsr%TS#o`i^Sae_`ow@Uqs3}+xu{vAmK@sbFbm{K|F*=5l;$!q<-4bLH#$)wvy zUIGIAKh&x5O`WhFgZBiY{-G`Oayz!tC5CVi0Vx!mQq^so5!%etaJMoZVkbX@CG*Zc zl9Z4jaU-#NX!bK9`6f}xIL`u{$EX7T%bf7v%vtqc=45^k1}H@S4|6t@v4cuDGm#&F zhHLoHq(K$2Z>%e3;$jjE=^9BPMUN##KePq_1dn!nR{v@D32+a ziVxW1awgH4WAr1Ry}7v1Z|nKAb^QFef`tCcfYTiESSgYL7)g4q?Z1POB|QuDur3hL zlT0|h`cYcf$$dFtgD>Qxa*jqf?A}m_Sfn9t0m42s}$-V>gr&FTNz1{Z>t5 zuTgB)G9#^6`5*l#-%rOaA*yNs^ahAb-%hqwy zQiUYRC%0=6R>EJmgoSCoZv?p_{Wywt@mH&_BOYSLPiGcB^*ii}gyXYd5fgiON7ssbjiRn9AMcI_K9C4Gg$CD4vA86~z z5v5yvyk3Z4iT?{yR#>4|!CDHKo;A0fY~oTm+PApmiHbZU=5JVY7?nrErNNyr+KfA4 zy!!^ucrTzW;2{USd?O3DbvYr{iyBuJz*5A@=`MXIl;N9zm8(??I>`dN#Mz>-;R<;vJCeh zM}g8$GMZcV`=zS><^>I0JZ-Pa{(x&s1?0C;hg5;|;y@D+68>8v(ciSo>yQ@YJU7R% zCT_yO-VIxqDrW%ua8JL-^$SAor#md7J4Y(hLWR>IjhmaP_U*4DD!Z^HhxW`fNF!D_ zMEaq~zqsun-qu){z5onTi!n>=2VpV7Vk#z6mP)JzaWYUlcBjsneo5Kq5DEoSx`7M;C~x!4rgqKkB*Wb;vJay^Y!m%g z@)7=7{$YNqdzRF|kA%e44WF=%>}#OBP$Zg)cXgRtaR-^KsLl6`^$u+l5^b5zG#M*v zLd13N_scFu&Hem|3<UKaw&_@+~Rj z|F@(F{Z~>@za_;!8B+2;lA>Sqza_<3>Q3}OlCu5A6v_!j3K|ehYWRD^#(GEeyXebK zvI~`m$`{h^3#P+$8#(>yj>UL?0{Uj!jpFC@+iA$;fG=Scf_rDpnURp>+;xr$dSnYF zim15WW|fpKqoE2W*olq#mw8~#!7G>^0iO~$y zXBR)TiB%y#E?L){!}>^NWoC9;`i7w7|C9 zBO;g8y(_1JClO5(0Wn4T!%ePl5sQ3%bE{>Qm%9^fag5A0hr6?Z4d)~A#OFt)`?%nc z*S#xmZ2O2oZsk!(O)}zkm&7{hwGF$BN=Bp3loVv|CRjFcSuBs8tkeTXF9ZyzHS=rn zk%BLstN>yJMX|$lX~$>lT04mm99>x-(q-z52E^U`KH{zIosDhnzknMQgB64$V~YQ| ze7=2X&aiDm?w?94mp*8=P~&8^uq8jcTG2~$eb&8B74&XXFlcGTBT78`tNr5BUm`q~9<%^E2K zPm6~e2N#G@aXb`m8ND7SD!KG^*)UiV0q294onqci$BAs2FF)LI}~|+bgi6u&}d5i0qa)@R%G} zL3dtQJ$CYgf4Z?UGBdJq(KU0ECr62#kwt#feyYKzsGN`4gpdm$zAG4Ib?5&q zh+$cduX#lXHmsSvHY;6R;txt)_Xfvil09k&hMy3u%ouESg3ojUVum6*B;RGB$NF`S z4r@VkN&aH^G;Bisa`)49Y+1gkWcI;+Olc&TpNA8a7)ZfPxJ#J!llaP`NY zy&?sy*>HRDRa0;hDzm%cBriN3n8QFtjhk9r#E2^4y8BKZX#71WiWy_F#3K(UDs-1wvO*)2eK``;pszs0dro_dmrm`B8oZ(r}`WP6`g55y26)C~359+N{eoW=av4P-mNvzTkeg5>dKqSTQ znHR6XNQiMhBu1H;Q4x8297pKSWJ27Lx=%}d?5J)<*JaBruA}@j=~Wg{Od_yo&MR;| zPWgT~nCs51gnO=^j4^w9_9)0aDQOvWy?vKeFz!up($0ihU@60!by8?WU520;U!(jB z<0XJ7K}T9><{UR5gndU8CEg=sRN10l5Rg6cZ6Y96DRk9D4%*rzbWHe0LJ;;7U0}(C z%7*a|EABqe6c+2~<$wvpK#ky=0HZMEF#y!_Oz*rQ#PADDdvQDsi+|9_nEF<$BswIm z1n=y~Im70c>CPK-Hs7Sj?d0?{nMX8{n_Ej+oM{@6L)w*4E(9o$$0^3m9Z1-2bU=1% zG^E3#@4;+W$L&DjK{Oar~k*altu?G<-1A zblW*LSYaW}wdTzKQVK*&me`+REck9s_jyfi)@ed`kc$m2>NfSX8CM3!M}y}d9@0hfsaEgE{-=qK_fkr|sbQ`YGt_bZ$CGunqRXRTm-9Qlb_t`w~)c_QxuVC216Jw*9u zobE}m%|Ofg3q4;cwhU_K=h-&BQKAZ=pGQb$b(6mvvx0TewJcAR+c><&MoZ$t^N8EN z8o3YMUHSHN6@A~5r7J?dsobwd7_KMU+z#bHlbDS+O zNKFGM-UW;QM$@C!!%Vfy)WNd216qlTY3X}zXmZsH6s*uMobe&{jH*&Mp4e(Tw>A;f zYFtc^+gqq7ANZ3?M><}FFmqhquBVr$ouBgSJM8G|CUm+tF@QzI+c}bPGS2crCZcM= z#(|5+C;1T2w{PduXX^~M$7KFWAg!-r$In2A{klDw7K8}GhBvMF!}t9^!?U(N+@35H zvI~a`Qo&ndzHx%Ev}*0+!SW~|OKtVTNR9*oqUf5|)nyLPdml&3p?`m@+Rpr2{c`ty zIR5D3F=7;%r+VU&@KRWNrN=h90qqkk(FM0&_DDQEc*?B&yx{1~`t-Tmvy|I6j<#oQ zC^|#Ovgp%bN<$gYG?xTaXf?^;uO5>ra#}UavUUE-6~jGuc7u`qGwAanitP6c)xRp9 zD8kHnV`Vp4_M(;i;kicSN}CgI!xSaV6?n8_uBsGxwfhFPATR+*^nvNlhArXkWEt{oE|kQh8aY5nV-PFj(O{T4yIXu;GzzYs``a5Wsd-e{_}MHR4$W{;)6W%3hrL_S;2UyS;dRRB~U2Sx(SFl=>}*oT=I zm3vb!GrPvM3*sW7wCO4>j3SkEd3w|%q&YiCHn>uEFWs7Z%7U%5$T#;R-j`2U2p^Jy z<6-}wtOur`gs9K;)AmQtCTMN36mh1Hx6{pET`|7XOvq{RSN}xeU9`ep+;+op>!&*C z1M+OQ?2(0~m>JswZHj;iCGDP5k%sFM#_st-BmpqiQ`SNH{~p_8+8-}tS&n*^qYXMp zDV!BOSqi&sPlTwK?tj%@_H65>|9ktc^NjGs;`|KaRVO0M;aLivM)r+|V6K|AG}N1F zd(kdbDNFbp2@!@=eGAd>_BHvGnO=_1HMG{yb0dSkm({ACY}|%XOmhtL$In$CNwbth zTm^&6FN*2OG-SqSI%J;;SB3|;XQ9NE!73L}roc=&f8Ber2UAs#Ng9Dl##b-;+fQV) zBg2p!1FW@&LXkV?R%FP*5}m3a{19oU9-q9f8sm0ZbHY^Px96bdB8`ovLo*L?qmL-g zg@e55pm$cTu4-3t%=cg&saECdsT6y^T0((a>VuNg$e*`$Uu5j54Bf8{2PrM3jkrcM zX1t&6?Q1{ndFrTWJlewu8L4GMp~pO*Yx+_nrI%s3=cCAnG4?Hoi2w!s4W5Zj7+9j` z)jjk^{!=jW{3)0yRo~;|oMP{vu%JT9w&&Z~js7eusulyAi4 zlZ&w>GOBl+g-B^T9?-z4B_CPRYbRRoKZXC?!(l}~BO>920k%&6CQu6&{I<$tN0&60 zA%9RRG^iD7eQjzTIl4t{Vh7v-kPnwMLNhJ8Z7!Y?j5Yk&vBIroLk16qtC#iNZaYc| z7G!R_p0JdP<3#|Tm0SU;r+uZRz#(Dn#QZ}eJ~ixlLTH|V4^`e~BRA7pM5xBQsz5ZN zgw*PO325_YBE%nUFnk|i<8dSxWD#Pk7uhh;@ezm|5+uS}Avga3M`+nj zvFApTdm`lj)nWT*YZ5RQLfYiMTxU>fi6KFiGI({bn(H{>8jj3o@U-xW7ZW@d{`;gH zpg((vuR%T|2BR|E@^J?_8|7hRdUCIkgW_i!A)397FyFJ3pMY+9zb3u3YJXhWhsfS- z*3YI8)uh&@8U{W|PtkYjlcF9?qjxH;R~5M=xK|?GA10EF+4KXXos< z?cVL@GQ*)ArqhBkpz5TGG>NB68e_=o9yAov+(aao*p`G=_5BL?N{%Tn z3&&ok65@lu`8FAsElLZ;$b)Jy$VccUjkw-QkR{Bp#fRANKSXG%jPSB*fe z)@S9c7+dw15#9I#F5%D`YfAgacuI>PT~3eT8`#-JeD3GF&Ivg?M|8X7VhLqt;s7lg zH2s_@kJIs_NjQ(_s++H-jwpdUjo0vqqUAkGbmS6m=kp@}WGLX3idzy3_)biG8xGU) ztbwa>{}ZD$*(>IifjOmTA2-7$+4uOkhH7*YE$TIvBE6+vK~7ynjS;oIe>jxYJL*Tw_UAcoW=gwS@$TRC{lXDCRP=Lj52<)p;&Y~k~Pu-6x14x zuNQJyxjsrk{OCovrWcD%5rW1Yv?GybOlUgRqe60zK+otZlRc9WRjS>N^g*)!HyRp( zkQ-YOM>4a*~z{{tg-t0PC`0N*c%5i_7aiRyiNr6iF*!E79%ldue}zK zMRV+pag2Tio2Lr7cu04Wr{1j2`BKgf^Cdh-Rxcr#_Ab1o2ZH#^&gpi^by0gV40{4L zw(cdm@5+HK$`8NRft<1VckbDu4p`gWgl)iNXDWzWxY{GV^c>^QQQSBwaEJ)tOrVM- z6F|lZj51ye8t>;sb$VAH3#YhOvfsoeoP2!gHdu3*G{K}l=wb6I1i!~D-tHV0h8 z6avf{?`xDPgeDgsvstS<{Sq@qZkN|UQ$E#^LS-Jp4b3_BUi;QeSEuokW}ESKc#g(K z2hXtQ3dDI?S8CCRUvONsRI5#QAo^W zwF|II_mF7E3#{EEX{?7X+ln)`a1&|!NtHD;BOJ*@skn(qvfS#YnpLsc4L*z9u(@lQ zY{L0BVX>d(sADV2*po!O;On)NwDU4v%NJ^jG0OH^bs15pW<}-W;wbC@v)!fj5)#|& z?sl^+0^5_WW)xOr@;`93Hj+G2o}ik*_q;rkd8kHXT{iQz$3U%>=nnOUx{R}m?aZC& z*aT}K27Zw#U;ZV^CFo6jkyb)UDRg^nLKj`Z2$L4w{au@r+wJbTE_`AuFUJsDBkw6; z!g@^otYL`chL2`#l zLcj5P!vFO;`}ykrbyyU9q{vX9ip&9@CUtSmTNN=jpj``DJ<*oWUT@YjsjR{*BL1_0 z2s-!tR|&HopMQI)6|8i6PsGt5`Z>Iuh}ifxGLMOSVT@>6OJxT%(X>P&eYQZSh2vy$ zf-`F*@(gmDjyt!@7X7jKwCsbwrD1P{d7)e1x!mUu0b_9!-XbE;s!)kbI4#alY_Ej@ zatH-6(cU1SUo^G73;tiZ$L#H!YPtqc3`=JUv)MJyxb@aY-6-<3d?LSJSR0!Gb?kv2 z&4P_9un8}Y9m79y8CWn;{*n_HhSdQ>wLK+#(D=hIx2v!2aaUHabshPM?t%^>>=CNR znv$sH8@wW|S1W~vWiVn zEnFms31@~8X(&3@}`5q_Jh*(>$nRCxDV@hFFf>2&8GH{?JO7kU>QJVZ}p4 z_@-bYw(7>LdDm8HXwa}fkjWGAjfR>vEMOX3%=$_U%nyuv(Rp;RbAa-a*Hk|Wyakq{7?vC3&J3|n%&}LlXl&=$ z*CCk|qz1N%A*E7bf0(>g-m|IZy_$AI4dK=kUV!bDByf#a&TPbouud9g-EkWyVxd{% zaPhe67}Z6Fcgh_fE4rw0(}#Uk(wC_9^SrcjBjBZj`NJ8Ox=<2n_z2nZcr`+BGvKUM zHiYL^KmSjPHvlsLyyg2jA6PdhO3({_v@LnFe}DNg?~KF6JH6W#4Ha)Xv;B;%E8-MU z7@7zoa*tsi|9$KxM?M^JahI=Ne4h*FUaJR=M{oip(S z=(vx!Wfz~(44xG@<5c}f{?l5wmtYVX>6i@n&+?M4I!dfB<2&Rl(o**@&`B{G*Iv(y zdw#ip4IHSMtT!p4f`q*+2!{Q}XmKrahQn-3I>b#>EnrNRv>I$ZoS$Nug zcahWYV3FB^nhYTgx}07WVRFU%(B)?{dUG^oVst6Ys!E&${Pw0&Ka2-jBo9BE;U-2L<6q3mYlr%*K}*^>e)v&Y!E;)04R*bux_2Z?eaTn zrk*9AZ~S+NBk9B67di`ZbLmbCO>`=VtSIXJPTErQOMg^mkfzDf2lxFyIYPf$XzY|? zYubwCV3UOS!zlcOqy7frA|`>5B;V;=Z*$o0G#R1MU4zu<+YCQzZ!_s=Zh>d2c!icj zX}7>z7I2@(!KMQogC~a3q#zEU6*?6e3E~gTK~?)@{5_C~DhrecHQSKG-e_VZU?X2) zSmLSp!2XHykH~e=3kkC!aCs&hUa)DY1Z_|LZR(BDm58y9c~1>A)6$5={2;xytVu-Ok7pu8J0F2e!GUP5x=a!9c*8hiAM_uc z1MDChlpa*%H$%`bHB4E&ODXq>@;9F`g1A)+!iY;vc>Hjfhy6uNw<%PKuSnc+Sc?>l z)C`jw7NUoQOQATa5+g!ke&~;fa_6t#`f-#58CQ9Cps*6NzWkFIxvi>hNhw$^6F}p=je+8lo?@UE$jacyqX@(Lcq^>o#f#bW5 zGby4@e0m-p)IW{||ENc#_hF;2=zy@7D6T8_)v68FIy+ApRE84o^TxDVFIszmBkIW`CTB_buG1^ehNaOn7Zlo1+b?a)9ug_?b?p1KB3z z%p}@giHv#z>KLs3r7g3aVTe-msFT=xtjy|2)Ohj1YEmZ9C z3Vj@~gx_!0Du|J`MawBsXb^L59z`ax))tQ1j9f_ZMuhq@o&j^0q?&iT$=%+0k&CRy<6ONk= zIe(1-bsFoHS}Ja4;%H)XmSk*v|DN8-^S{5ibuMojILnCWDWrj%lVCSuxKCEdL^=?lS+FvmeK=lf7? z6R?OB^%G!GnH=D&uWGv%hjxj8-d@CGR(P)!hU~F3_S+7aMP<(_5aK{M`e?x` zGi^qM6-)@5TO2W!-iX12$g_Bpan0i|Z!<7I+1ZDhGaCc*y+W8fJ3;zKZ?A~9_1AIP zKI&6K;*s!$98pqu&i2bKS_oILZ-+Z#{;@{h4LlpE$%Uv4)q92TjaGWMKJus9_sFUw zr;0ea-B(jU4trt09tKJOY~_WyAg0I3&RhS-LLiGny$Gz*2tXt?YSW+Vpxs1bk77s9*i}V(v(uL!?4s9?ygy^SxKBbGl6VoDm`Wda~ z#;QXWFO2V@F0s)vkM8>t6FelI73aFYJZxZ?U^3 z!@7OE=YJz?)dYdL&Er8@2_2t0sxn zS@&I*ASYQ(2PyvuANE5tsmva#h0>MA5PZI?G z;D*cheGc4Zk9t4-CCB5w30p3r{}Ryz!jCwr>?3;94CCYKHdtzUD(SkW0w7%#K2?b> zYA2O}wc{$Qih%GBu;(_J3~*Ipxdydm2fbQI##LBF_Rk=GWDm zp9l<1Xd7N7u#BRtmh?@#L%6&MgmQq{Ums(G`*jdtrKOSq?%SlGY;yM7kJ!E;XK$@3 zPcGV|pGYq2iNUSHh!DF8H`8l#?vp)pZ`={uibo{Q80_ob>y44wiXeE(FD8x?b_m05 ziN#Hsc0yGrsYDY2hv}2FQ`Sn|4*$)K*x^~D*n(LaOM}}qQ*URT*8WT+Qxn&W9&nmiUSfhA69w}^ zRaQ~rL}qcI_y}cTd5=0wm$(eB+8c5t;`)3tvNiQsblKEq7rWU$Tsso82&B^YIA-Z- z&_ZLNo!|}{t)s0J-7G!=#qJ)ZT>ZY2eL~@YoO`>h@CEE4(e43%a*BAiDe+=#`!%7> zxuglr;j5t1%JA&mx^9~^R+!9j8yB5EKS-8ME+<}Mq zz=7KHEJc3os#RQXD^dia2-eW)ZPZ%AYIBc)M^6{1NVlPehtgyOm9%5(NGwfsIHCtU zSd91pz$*DB(+1H~P*D5{7LT|pe_3Vcobi!)7_;J>XMx8U-Dmv5&+_RBavQ3_DQfJ9 z?S6Z!6RNv-JWm<(8ucSUtTdqQboLoG$>r!}&`WXU#L2b_3P0*;&qwt0l?ZBkIAZSg zj+Z^)cF&!Bw9R;Ic|N17XG@3==jyrjW2?tzZR6yJA2JQQ?ltgcT(tVhV+9%K(0M3a z^&eF2H|E0<5+ASAlAi2u#R7_^Hwm_|=C$|nVU+WUtJ_Qxc|}{yI=h3~r$r6T=HbA= z9)a4!Y3Q$ehzkw0!8%nU#Xv9$_3sndyI7;L+)FOmmPd`#8jHeEfqmF zbOm)uk=$dO5$0z{dKg72vO+-mW?aB@@T}kfk48KpPY7wc1PxNjn1uma!<} z+hkH-)BDP+Not4&JhsFMq3?Tl^Fr~$Z`Pzhu#NnD6uH6zjA&Rf&A+CzD=qaqAdQU; zlIanc3Z)9EYx0@)|AN0lv0A|_DjK4wsfK6Fr7H&Ll|vWv2NCWJutW!v13AuDfTJdq zTOZ&KM7YV3y~PY*G(G7g*8y|_J1Qsd9|*&8Is%gXd3gRFZ&b>JqnA#hA)5`R*&bXW z_vO|5yg?a!goW|p;P869|2sb{llu@uH~YHWOMU%vx;kWNTl$-FrVX+i{@a!9Ar{Jg z3k@FsB@SdB!4eo@=dqM0+fIy^RC}@<)76WOz37@$B_^OPK zg?ldlhMa_G!z%9G-0b6}Xo^iA!_(Wt)yLKQpQl$EQxVQVOfDfeoa^_=&4cM6#a={~ zlZhu3S`Q#Y2|1WMu$v#0?io9y zQf5o6tOXnG=2>!&tIMKN$O=3gBVl| zWf4{>N)^{iHYs2N!T7L?ofsYWytNQa& z1d&r07-Xboi8@A9C^$y;5K&0IGwKYHRy#|Tgiq}KnU^`Ry8`0Sb+$b=fWikHfYHQ2 z!O z%krtFd z{wL4R%_G2~t!?BmtQ5j-`=X+Z#e;p0ol$-h1X%=%f%Wh48@Q0i?*I^fV8l~!=&+wX zJ$XzI$f6jYE;7>r)% z!HPVG^0(71QY>Fu1gytXBZR#YQr7F%-J42zME!FT!SpFK(?W-^` zyZP(9)cB!{A>xuT7z81z-?rzrUs=;^q8Q19!ZStHzGkQ|&KuZ`gKgokTQ9n$)t%xr zce{eI7nk*7gXI^r#;$%AxG$9U$VTL40|sig4z$X)Q^XVArOIk@DQed}aP;=`Y8+7q zXiE`R@@L2o;iC#2+`BmG#29R)(skYCcLywKQ8gN;ucB7QgVZ|uPgU6hS!Kzxs;!B} zDsyDC)P8x6<-ZfvuE+*Wb?oQX>;4ulN&wiZ7CYd!x5ttT^h0#!oheW?Q?Y^RgpXO3 z8iY5RU=tWjg<=Hkk5s6V#%K-O7#unBfk1YK;ZRi|jhCj@vHv_6*rg^i*+|^$9nX6twFMu-iPg!`)zwvo^Gi3YwfJVfaH8RO1-T<}+2Qw6w_kd_I33JY2tRtej8Gtnk&<%FSif zb_gg`%?&>iJOi%3=rD(^MY(YX@{TL*xW=U0Zyz%7r~&BrOaMWX7mRdw9p!~QD2kOqSUrq|8DBpfijZLUiv zcXg-f36*M*7jr{!8TNhZ=Ar>w?8Qv$sxhl5EuTlreRp9Ov@jMGD;}Ena9+!(gdmsF zN=r@h9-qCLLl5rq{YLz>vqEe*9aHrgn&~iUK-KAUd)QpDK%+Yz54Ei*IhY@J+_6zRxmKrWgd7hcQct};h!ZMJq{-YJVws@d|kA6;#3BJPY@ zp}7UbV#SRI0^>E{9lEMGti@w3(rqc(y+{$C(!WOG)p{x(c3lgw>>wJ;~n1{ zZ!)!DyOwb<8ZpYD|1^62rq#~|XduLS)I)^TMTYPUPgOA@`Pn2{>MVdZjjN-G*q-A= zN%bUhHYEoR0G8)W=nXb-N8W?rs-AUSkbu{N0zfNk$zO%UZ|Z% z6A^^ftn4!K@_+sElv^M5I=6PCZwowG#2WNqEZdG1epJK6%)9|YT8K#mWpTpjSJi~t zGExz_dvx-Sph+(CrX%L@cFGlz7HY zOmHJ;*zEXwNlr~!hW}2+W$GG5R@AvJ!z{h=!X~6Sa@?Qpg401-HP*@;=KXPI79~^hllgk+ zuIMbsfZ*1rpmfcdz=0EJ!Axcc;Q-ZsjtTp@tgO5#N?FD1{#E+dGi64b438sA78x&9 z(Z1EtO5p%exP@^<^rulyo*ravVzOewy6d7^IfGJtlPR>EPX!m{I^T{~w#1=wv0!!Uwe)^i8bwifGQB%4TL!asR>b=<}6 znjpHk`tH>ZW^kJNU9ms?ogtbHBirDSI?RA&)7?n5k5NV?^-jChkOkU+6*~no>W_8MPO} z6~Ll@7>8!Ex%nyDWV3l|ZQ>4Aw&wY|DXFNN`;uG5u8rU0P{54#pJAg5A^UKnE03!{VYOk%S5JI6=?YL~l9ay{ zw_q=3-y9(^F0V%tF8jy_``{{v4jLZe;`f1LSing5czAdO;%!z=Vlm=4JmK2cd_`ld zWNf4YNO^C8ysC`BkOQ_IT)PQ}@$qr6VFlzd!OwtS4eupix8ILVmsL$^b+sR3Vs(1I zDYuP2cOPe1N~`zV-yfXW-QEcX|K3PDwW^UeyWMO&y}q8SJ`PU4m93z?Ny>DpDUevQjhjK4& z3`Ro)Jm3$+RNZ>@>&QhHCz;wmISO}odwY3ZiXG)j3;1*;9jt46-5&F-ka8JM9aXqGhw6l7*Yy-|Ab8;SuJKz7`k%{oysy?4 zu|8ejo4d>#VYfIXCz6DYh&gEyab}#fA8d0#B2K?~@_W~T{0ph#;IPrF+VRncyy0G! z>JdNwZmC{*$p|Y7YuYW6wOJfS+3BX2-jJ@}5mmck&Uz5GI#JRd8dAF%l=}%hEaIpo zNF1IBo11P~L@(JVQeO@G(ofYLnyNYWSaopYh&(-MOUl2o?A%r69(LAxnVe3Z$86bJ z%RUh$szpJ>^AJ59V93X8cj7`N*EqO-476XZ6@)12cu%m%C!1NrQsak74$0QQMJVdn zLZOuq0kRAfLXoyD#Vc>&N~ch*4Jc!l{H2v%F;K=8E!n)JuY@bgL@sJHBcD{crmqC0 zuXK*>!-@XWLttg75;+W4AZc-pP$`1&$HW>$Bgx&iVKE_Tju35-N!3nP4X#4vM?!lwAvlTgk?4Zv!1L_c)*~a_~$Jpp&NMd;h2+vrl=Wsv6_^NpaytRIRH*P%ccW(k@LUN|AKUlZx?^& zKIo!=C2sNR{|PLFEt?tFtZ3Ry@^>r))*ag(xc#YgYk=06CAj^jG#h}{xc#M2&H!81 zQ@H)B|Be0^Of8?bK-V4Z;@~td^IQH;sDiBN>Ei6^_V9hbIQ!bznxcbIo{HH4DBEC! zv*@u4A*z_R8_AyxWlYs3vsgEknxxbCkQoY}`;*FA+$xQOs;Cti#L!F1)tbJ<^KWRt z)~>5>XDe3QEbE6VZf!!f8uqU9#C@xCVM(PsXx_Tgd6z=H(PTyrnc z?t=KQ5hcx~`6SBt3UT##NcotK644c7p5rRKcIJYFbN__k0XO|`g!?>=;wQdn@4b;K zcHaoZ6zD^i7ZoxKa7y0)2!FBjpBoc`-sig`fljy&PDoVgtsLG1!*0;%qjVHMu`dpmkJ0YJdHH{&4uu?!r8Y6QimYD!ip8WX9QHDxZ=wWf2&=X zcg9S`}qv%7?(uwsDn0$;`$?+egMTjY9-OLVJPC@NC7|Y~bU+UQNPEuH~T+)!p zn$ldt(wg~4?I4>>7R$ui`U<12X~hYt$wZYI%Jf%;pGhp09&)r5OB%4R zO_`XA3mj@xSZ(6J6gFsGgrSp6n}20pWt+simrP=SN>g5Jp6ZgGA!@=86QMHud{o7Gp;^?(8OrP9`(}%MLY0DQs$x= zE9s%HAWHE_h?Q1+v zS)$*@P?6V#`@n(U?n(k6&tOAg-csotHnK(&w&gTTUkYNnnk&8Xra+D+c=J3lT_;}(n6jV6(kvfhPY!gu9tkp(7C(mL`qpD%0VA8UbKPQIvP%@2uDw4Dy z(}w=fw8uLNUw0Lnw_-^|YW{|2YRp5Bt}Ue$k3s3uL$3j88#VYy+$YLd6Q1x z$Fd6daC-W#SPzk~dFc;pyFg3In|ES;p0k#+8}Fvp6OaE~reoiF+WS8-us;RO#=o<( z?EeI_22?%y@_ODl)-T4pqWDDg&%l;P?wx~hCHgGT0&V$89iUZv|AecGYYv1E0|~HTiwU<N)`Z7NA@K9AwsP895CrN@T>K2FU3 z5R!-hA0%8R)HH2wiSShcxK_X$RTONO*YRbe81lByPdR9@R}{UPNL627Tqr95n@t%9 zYD+|InWDO7U9V46KiJ;&>0f4wCJC$OOY}%aZ6df{dyBU4n5XYQ@wuE9f9aFJ^`WJ8OU6~hdiC<+Gb<*I zrvG>G{to2eru(bF9HXD%%*t203jj3;(F=Kb4H4u5C?E$Wo6(g?bzE%5X;7Y0KLS^D zl|4L6PlczN!)M;s{>m@=tn!U-RxoO;nit7;o9$g_^Eh+k@YU}A#HOu<`vrx(k2IF8ae+;UV} zIdJl+XgvwiT}D*)pZRh@0Ey3h1#=>F{sk>K-R~gkifxb6=F0oP!_4yqfpDlxaAc&D zY}mZX=w-=G2==h5o{~Tfs#ME*Zay8CZ&f_U8^u_G85CX9d{@a}+#aOb)7P-#nOTFR z2UMiI$1HCVLL;b;u{J063KD0D>B^WG;1XS~%hiS~bGT@gFwYs`cAy>5QFi&v(d~y= zu(GxY6q~C0LMK^TTLy{O*nBETnlz-q63Me^>A17d#IO*w*)CM7rLwY5&I$w~1#0z} z1*>k6{!)1N38xWY;aZ4SBlDqx&L*eWbiFlV?Y_)=>uH`0kbX5Wc~tVqut9TFNzP83 zLBIM)Cq?)LA2fUkm-0dU>=`IlbERnzQ{c&i8*i;b5ZFzxysc>>oduqk@V?CM&#pk!+%8u*RvU*{t(%x!3^AFHn;Ov8%RbMX6VW5 z0^3DicDIqkgM=rToQ^mUyy3Zocpf)IKtI;~WUpc>4t8?q2~N3t>r^a=e_*a-8KDTl zGI`a?Zx!;CvlhLV1}BrU3&QMi-p}wIpaFwT`bmaE5b25R1r9KHPy#$#CJ)1*fEg~( zXMnr)tEE9W6-wM`rVG5-^gxX1@ruoA^7i3;Ao5!{_lxtdZ)pSQE|L86NjCRS%JLdP zX@WfeQ#b;C{tCt05A{HB37Z3lt#_cdde6&=<8T(n)nQ(qj&`OV}U8a2er{t*zLWz0tisne(~+Z@P+(}I3xCS?d^m_v4^99BSMwz(eI zw>GFk(;zUiUuG>FnE@GY9Cg+rm@lkAZQy^VZ*ly(2#aLS>B#~!$w?R+Ho{}U$C%o_zla4n7`Ejz8XVqJ-y}=x>6(!hy9q?3HG%VnoEaSo4y^ZK zjzPi?P}=~=B;@TTBnq^eRlQ2T4UR8Yv9zgM0ZqM}n>NBz2Sv_l=hv19+=D4*#I8&-oWWW>>81&baHF!{#0CpDawaaisrE7cgK#y&K6nE*jpB|XAGTdg=ywrq zjsb!<;H&k(WNI?W zRhwm?@co@ z+csfiSuCOjxwQe~S~TAQi#bEq0YeW#4tT!3%9}{HFPx#s=(^_S=Hs^3=EJ=6q*GQ+ zDhUu(p|}5V1$sz~?*-2d^o)}Lr091~Ei18Lv?X7>UB{PWdV90L!==5P@Ryy9eUz?y zZ&$J@hPVm`hZLtH6uZNug+@tHTf%GZn902N|@Ih5rv;b$~d*H!^--mzYgFbrUr0BuDb{IIV(rdM(RD=J^wbQ^jC(@ zgeOXqL5anXtSfPVvU%aG+V}(c9UiJ^uaB@u*0=T{_(-e|AH{hdx;lRh=0?T zhC2WCIy@papE=buMvIL|sq(m^zM@I`vI zdz^W8BiM-WvaZ0a9*hU?Lo8Nfg3}G9!z?c8gHMJxg>i`yTBRZ!G^!2x zWC8!oO@lMJcm%Zr$NcO-Mz=`{IKYo{vGv_wNM!GI`9gyzm)_Y2UGc})?duxrlMz>R z)yqQe6jC$k4HsLAtl0*k4d>04`a51Q;M-=aoeQnTIBMiBef;ykQBfcd&uK&gu3SfU zL7%Ad#;;g*a|}*7E>_i@{aKIR?y2V&(=2mRkI_rBq*2=QgLjO%rhA5_wk9XythGwU zR82U>p(^Pffvz`CPP|UlG^c7g^N~UoxNKYZnLPZVNsLZJrZ2v}Np^|t97bI~B2YO@ z%G6r_v_B(?j{}toRTmWdy^9oRW+Rh7vN^zG$ecr*6E_Nqah^ zE`podZ}7(!tPU2Dpl=Xem!*?L`e2a5-kWEGg{b1h%)sZOZc_#O9I+Pbd5Ry zL-{%B>+4r`1|2@T{2O4K)VBb>P+sV&snjUb$V4G|lWlHC}*hhOUy*`#C> zSMpzoF3Bw4>$nZ+NT*24h>MuhA5I~}%9L5Fq-C=q9A2J+oHNy!t;(K0fH6%n$<5hD zIfB@Qh}Ca_{%CX$Oo^t8r7}-87teDgLgMS)gIc|cT5gwQ4yNLfE1rD>;iI4)&WF+2 zC(J6Kl8f@#yW}M*DMim7Pj@lh!wmRm-5Vy?XY?5!43l$mRco2t&0 z<@H{I?}Rj<$=Oa}u1?Z~ydOL8(y%r3aTl>?zwTH)$^N=uVtgc;ImPoqirs5qkoQ2mblO!yV%W)U$nwYyvN_h3;M5S_CXC&6 zufXk4e>_vD)y*b?_Owj(u!08R>raMZA3oyML(xEr_rSQI8}#rB17}_q`^1Yf;bs|clt9LKlI*UcAGiAQL6aoN!q4)>#mPx?#uvN1=1gvH6D25P6NPyNtCS*346zA>BZ# zna*mGgDH>=Y%p{bWATttJgHtA?vR+Ws~Yiu;7C4MPn zSX!4G%}$Rx8f-R+U;e$3q3lvzL>vAWa;fl#by7;ou`fbT(O3Xq;b9?4w}_6@EUVP> zcuo4KF5z{)HcPUKC>H?}9=JZ?i28HAAf3N4fot2mb^3362r{CbeA2$cS(_!4W5vbq z{Ln{>vCL3=HSziLY=REg=)ZDsa7$B^@t8pgj8}rxB{g9r@4zc!%f!`T!8f=agT@76 z+9fvv$hAe@XN3O2@&3V%F#+{CeOOEkKZN3i-kqKXltTYWb0h^+?Z(~*1^-j$68-SB zf5o||vH{X=5@Aato54M7M_}>{B>Yj-*9{ceUqZDVxz*@GtPpKG3mOqLemh@ zD7i#hKi_Q$H+|ommXRdM3M8=DN9iZU6o1804NOdVqzY(ODhsDk_)i6A!mG_|Xj@87 zAf?E>Ae(9V_Yx--n`x|lC#h?eNoUKGwV*sCGX&5GX4gew7ppguOXN%ENs9N1-_}hV zGCHMH0h&?;6#?t5#3c$`cR>G$LAFiexx8h??^~QDfT6gMzCOy+gESKhfZQRE0wg!&3IlG>_RL^AM)jj=}IyQggrT~<&; zUEf*(zfw*uAItLH)n){IhMGDEgVUrwoTP;;g7CjCI4U?uujj@SPxhw@cRzj8gM5vI zuz7)>%|x3Z>sud5=k*9j<`|Gw*1jfBi-jZQM>*W~vd|aOg;CZJDNt_UczrozXR-d# z=$LUta#~$ChzzhK41Edy=&480WL(^vIhXs5+xcs27HrTGVcv^$h-bnON|#bwppAfK zf+wje;^!*Q>m|)GFndYVPYs;>HBjOAl;y#2_^)e`xVf-)k%<^5ug>`o)8@Ml?5KJK zhk$y~uUYhCMRVrG_R#vwR9b83&LU8LV!1i66YS0EocVvG)1_8asyE{Yc2yU4q#Kmj z8AqXQcK;yLA;iq85DEbd!(2W~^zN)QyUY2d zP^>ZmqR#+1hGvCdff)DU$V@1&AV6gIxQ%UPGgw<&OUZ8i*YrltFx+t0*A`V^IM#OX z0l_lb!altnKPhe0U+73D)_0oVQK{e?v<{^G8~}y61wB1QSL_S@f44q3h-nOh3)I%u z(9bwbmj&JmA9_P(4dTWws>!y)<9;U^AjtWbLk8dz+o}LLhom=nVF>APsU$5(zu`^% z9ik)F`Zws=WfD1rU~O>%b4`&dsKXtSLLDPcZrMAgJ6L5}`2gs;)Ap@^Bj%hw91II( zaFdEHMJLyf7%ragjd*f7h1tg#YUi?tZg#eFe90k3U6%<6cV2NDDqx{J7HaySbU<## zP+?xE_<~X9<*Gn`u|i&41@L7sBv#I$fd&tDC+DeUkx?WOk6?xPR`Uj7-?QOE*_i zrqrC_fF`Yj|BUICclYkAQ6OI+D45zcAt_=R9+oh(G*oIpI%t+>cvvv9Hh?KIRwZ^w zF#LD)C#9l98O5qD0AR=4;%23uSurTPl8E(O3me4b)cz1!ph%m0#ZrR2m3R&rHKOXS z?V=NEG|j6dz}%N(ib=_4ZE-O6tb*-jO!ty~G0n@s2r z{4`#31l*&|6SE5BT?023^2gZgJZ9e%?Bvn=3>wdHlfzo!N%0KU4U5}Gmj9F10A7Ek zHFs*brF_EaY}9D{Qqpdd zvImthxc&acwVT2joF`J@lnQu|dza!z_7`fFI0%Oj0zXAra?oK=t!%IPJ+aOQWMGoB z|1IGjak?hOaa1deo~}& zUhLQIO#Vd~!4TaL`{*4$pe7coy~nVi@2sKPhHG;3|D}e|boCQJ=|`jJhttg$&3k1~ z+X>n%(4u(?*3h8okyrXtv*z$Fg9!#Sy{7)XH|CcpZOrLelYhNPo59c0ncb-{$vOT zGx6NVT=Q|Ve@fsa_@o8@I?){~lL!5n2K?v*P#I4tYWgfo!a-vhRY_~Z#^O!3z!sK*X8h8|5raXMJ)mv6NAK;Ug9=f8! z>%TmkbBd)}5`jt{vIi3V5uP5NHk9BF#JWqAF+UCtpo-ZY%Hd=2cwy~h>yPW85w+pS zcPV^0=?^aD;c9(Ke_?OtKAoVnuI?t1E(Xbmhu|wm<5C|GBM7^k2FvamVxnXu;)l(8 zF{rG&$5KzoK)Q}+J;h>$1bcPaVR$TX+Tj7>R@AQjUh?vE^m2N7+!zwmGa{7gZj2wg`#!eHQw($C;quObM)^Y#C zfsl@3Ul~5Qpg*B;F$ z)Iyf$2o)gME7xlFeY9)w_DDe`xB%ijZ*ZA)}o7m(5DxsZ}yal&Pxs~#*eO?Lb6nb#qc*@>r zgRr7a32FJz&yR6h+3@1nZNy}|XI??k@);Cj#YqTqVduginzIA05K zUj-wiiKf=Ug3z&nL{LsHt3Zi3w+n`FQ$x7Clk$aJhU-Nb!o1;ekK~~pUp4VRL(-m1 zdtRIb4m;KSUM}W-)_UH%{yWOMF86wJtNV7<{R)Jf6rEx z?}r3?6JlEbNDT;@RNs*bgm?UMCJ;1htB0f)#iL(Gpf6(9^bWIhE*Je><;t0S4BX1^ zDuq}$m5Xqdhg8u2&5-mIa9JC@t%o|~_Gtzi@sYam5x3=;FkB+U!vSjG0V(<__*}1x z9UkdM1rn6tx|)lJg;t}&Qi|cQ!lIq`$HT$=KS7~|liv7CU;J75x<8(E0Kq1=50t)G zh@TUr7#1YBaVv|9FwCzAjUW_VrD|O)%>53~IehFL5nk!}T?UY|8RYCy5I3Z8%kH-c z`VgPvG3O_7QS%VrB$V5$SeRcq5big_)mC%@$yB(XG$9SM+Pv{(lAHsue)|OCa9z z?lcK-uV!ekbn^F0P##84uJNKEZq9L|jrg!9l@{aSp-nk(cW3`GO+fe-$_cPR+*{;1 zazs4ExIyfmso_mP{2E~VKM4%|{>y|GjECv$N#24+IEwLy+KhvD!&`k*x2wO8k_o60 zs(zq^`d@v!m?y1)tgsMdX2>*uth=I@p8unZD6)4zbqB`{$crY8@^0^k4@NfRTw{}6j^BoGD7P$~v#GF5^Gu6L z|DQUtu9@)*op!s^plgYpq*V;zpggij#<_pHC?Qf8g=YF7rF?54-5b$$~J_V za~7w>!v>6h8B~6NI>$yEM2nWkRJeM@PHkOQxx5m6HshleU5>xvR*MPn^x^+X$4XcC zO}wOUXj?KCm)gP+YE!l2t0OE%$NG^Ejr45=cK*0uCjE22E2j@?Ga)bg78JKAao0O; z6J-2HkrjV7tc{^VN=Whk0Be>wSLHq_aHThB)>qFC^?BdKCLrzmZKC%bLdzY9DS(KX z05Jj>Ne&VNGzWcC!6z!j2t^cFK4*C4aR=?Kwsm)^_dH~V|MmO+pO>G{pR+_dsak+{ z&>{(8(LP^k(l>?}@`?DV8?j&B81W~o(EGzdc>EisDP8!(GH|1}(CsJj?j8uyn%;%a zmM5u?;CqSg<5j~}ehnE3k$D8(TpXropv|4$ie75=lX8rz5Pjg1_)n>b8Prj41?j# zRjj@&WCkR1|HfZHo{!APeWV}Z)kC<5BAsaEh*jv~I!^dXAyg24jKD+i7@#B!yP`$V z4dwBe7f$;Caa4Yie;%4W*#2{V_WnL<2ap;>vV=wWi^1UDI**6sFt0F*0^>iz3n&hQ zMB8wlp6GQI_Qq#bsNw}}GB7A#dh?Qyl$(%{N5Nbgh#H=PgapYmExZw6bEr4!ANI2V zHQ_B_J24h$BiI=v!qdWU3EeqNq4It%O%12ht#_L6F7Q>FHC9~&(>*X9hL9B`v90T$ zmL36()a*+3jtt%)F z2rox7fEIz|YvU_Ia(xCR9P&E^ZO%U5?LqvuJ@7c*EZief_&t7CioTOf2 zH+#OFLj1N|6+5c|TW%=gb@=Yj!XShM6%(vEpKYN^gflFOo5OMLg&OKM&sCQ7Jl_5sO19KFcx~wlGF993v!6p zaR+u~`)&`pslb-={c3+|!ylZ(Z<`P9Z~J#^R;pn^!W+tNsVNdZIijXsVP6cmL}o#5 z)9i?ong-inEWpe}vSQX*1f7#uA#R*;oA9H#m|+~ax;rV%-1EQ9eVR{!wKSxBi%US! zIvvrt7T%McOSQA8qd0?NDmxrK2a7Yb$vY~8P_F)jcWPVgZZ^v3fiN=};z-l_T6L`8 zHOj~lOn?d1^UX_WJhn!L}PiA>JI)O7K!|)+Mq#GCqLWgT)7(h-yTN}G7yp~+ zz)wTvjby3(b53ZY_f4=uK6MMsAQ^|ZiiqKr&U-JJ1`M0O5KZ) zd4-IFywm=opi6#Zpfo`qnpgoTfM_Wl)7D(zJGp= 0.0, \\\"Minor\\\", \\r\\n toreal(Severity) <= 6.9 and toreal(Severity) >= 4.0, \\\"Moderate\\\",\\r\\n toreal(Severity) <= 8.9 and toreal(Severity) >= 7.0, \\\"Material\\\",\\r\\n toreal(Severity) <= 10.0 and toreal(Severity) >= 9.0, \\\"Severe\\\",\\r\\n \\\"\\\")\\r\\n| distinct Filter\",\"typeSettings\":{\"additionalResourceOptions\":[\"value::all\"],\"selectAllValue\":\"*\",\"showDefault\":false},\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"value\":[\"value::all\"]}],\"style\":\"pills\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"name\":\"parameters - 10\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"BitSightFindingsSummary\\r\\n| where todatetime(StartDate) {Timer} and Company == '{company}'\\r\\n| distinct Name, Severity, StartDate, EndDate, Description\\r\\n| extend [\\\"Severity Details\\\"] = case(toreal(Severity) <= 3.9 and toreal(Severity) >= 0.0, \\\"Minor\\\", \\r\\n toreal(Severity) <= 6.9 and toreal(Severity) >= 4.0, \\\"Moderate\\\",\\r\\n toreal(Severity) <= 8.9 and toreal(Severity) >= 7.0, \\\"Material\\\",\\r\\n toreal(Severity) <= 10.0 and toreal(Severity) >= 9.0, \\\"Severe\\\",\\r\\n \\\"\\\")\\r\\n| where ('*' in ({Severity}) or [\\\"Severity Details\\\"] in ({Severity}))\\r\\n| project-rename Name = Name, [\\\"Start Date\\\"] = StartDate, [\\\"End Date\\\"] = EndDate\\r\\n| project Name, [\\\"Severity Details\\\"], [\\\"Start Date\\\"], [\\\"End Date\\\"], Description\\r\\n\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"gridSettings\":{\"rowLimit\":10000,\"filter\":true}},\"name\":\"query - 9\",\"styleSettings\":{\"showBorder\":true}}]},\"name\":\"My Company\"}]},\"name\":\"Main\",\"styleSettings\":{\"showBorder\":true}}],\"fromTemplateId\":\"sentinel-BitSightWorkbook\",\"$schema\":\"https://github.com/Microsoft/Application-Insights-Workbooks/blob/master/schema/workbook.json\"}\r\n", - "version": "1.0", - "sourceId": "[variables('workspaceResourceId')]", - "category": "sentinel" - } - }, - { - "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", - "apiVersion": "2022-01-01-preview", - "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Workbook-', last(split(variables('workbookId1'),'/'))))]", - "properties": { - "description": "@{workbookKey=BitSightWorkbook; logoFileName=BitSight.svg; description=Gain insights into BitSight data.; dataTypesDependencies=System.Object[]; dataConnectorsDependencies=System.Object[]; previewImagesFileNames=System.Object[]; version=1.0.0; title=BitSight; templateRelativePath=BitSightWorkbook.json; subtitle=; provider=BitSight}.description", - "parentId": "[variables('workbookId1')]", - "contentId": "[variables('_workbookContentId1')]", - "kind": "Workbook", - "version": "[variables('workbookVersion1')]", - "source": { - "kind": "Solution", - "name": "BitSight", - "sourceId": "[variables('_solutionId')]" - }, - "author": { - "name": "Microsoft", - "email": "[variables('_email')]" - }, - "support": { - "name": "BitSight Support", - "email": "support@bitsight.com", - "tier": "Partner", - "link": "https://www.bitsight.com/customer-success-support" - }, - "dependencies": { - "operator": "AND", - "criteria": [ - { - "contentId": "Alerts_data_CL", - "kind": "DataType" - }, - { - "contentId": "BitsightBreaches_data_CL", - "kind": "DataType" - }, - { - "contentId": "BitsightCompany_details_CL", - "kind": "DataType" - }, - { - "contentId": "BitsightCompany_rating_details_CL", - "kind": "DataType" - }, - { - "contentId": "BitsightDiligence_historical_statistics_CL", - "kind": "DataType" - }, - { - "contentId": "BitsightDiligence_statistics_CL", - "kind": "DataType" - }, - { - "contentId": "BitsightFindings_summary_CL", - "kind": "DataType" - }, - { - "contentId": "BitsightFindings_data_CL", - "kind": "DataType" - }, - { - "contentId": "BitsightGraph_data_CL", - "kind": "DataType" - }, - { - "contentId": "BitsightIndustrial_statistics_CL", - "kind": "DataType" - }, - { - "contentId": "BitsightObservation_statistics_CL", - "kind": "DataType" - }, - { - "contentId": "BitSightDatConnector", - "kind": "DataConnector" - } - ] - } - } - } - ] - }, - "packageKind": "Solution", - "packageVersion": "[variables('_solutionVersion')]", - "packageName": "[variables('_solutionName')]", - "packageId": "[variables('_solutionId')]", - "contentSchemaVersion": "3.0.0", - "contentId": "[variables('_workbookContentId1')]", - "contentKind": "Workbook", - "displayName": "[parameters('workbook1-name')]", - "contentProductId": "[variables('_workbookcontentProductId1')]", - "id": "[variables('_workbookcontentProductId1')]", - "version": "[variables('workbookVersion1')]" - } - }, - { - "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates", - "apiVersion": "2023-04-01-preview", - "name": "[variables('analyticRuleObject1').analyticRuleTemplateSpecName1]", - "location": "[parameters('workspace-location')]", - "dependsOn": [ - "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" - ], - "properties": { - "description": "BitSightDropInCompanyRatings_AnalyticalRules Analytics Rule with template version 3.2.0", - "mainTemplate": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "[variables('analyticRuleObject1').analyticRuleVersion1]", - "parameters": {}, - "variables": {}, - "resources": [ - { - "type": "Microsoft.SecurityInsights/AlertRuleTemplates", - "name": "[variables('analyticRuleObject1')._analyticRulecontentId1]", - "apiVersion": "2023-02-01-preview", - "kind": "Scheduled", - "location": "[parameters('workspace-location')]", - "properties": { - "description": "Rule helps to detect when there is a drop of 10% or more in BitSight company ratings.", - "displayName": "BitSight - drop in company ratings", - "enabled": false, - "query": "let timeframe = 24h;\nBitSightGraphData\n| where ingestion_time() > ago(timeframe)and toint(RatingDifferance) < 0\n| extend percentage = -(toreal(RatingDifferance)/toreal(Rating))*100\n| where percentage >= 10\n| project RatingDate, Rating, CompanyName, percentage\n", - "queryFrequency": "P1D", - "queryPeriod": "PT24H", - "severity": "High", - "suppressionDuration": "PT1H", - "suppressionEnabled": false, - "triggerOperator": "GreaterThan", - "triggerThreshold": 0, - "status": "Available", - "requiredDataConnectors": [ - { - "dataTypes": [ - "BitSightGraphData" - ], - "connectorId": "BitSight" - } - ], - "tactics": [ - "Reconnaissance", - "CommandAndControl" - ], - "techniques": [ - "T1591", - "T1090" - ], - "eventGroupingSettings": { - "aggregationKind": "AlertPerResult" - }, - "customDetails": { - "CompanyName": "CompanyName", - "CompanyRating": "Rating" - }, - "alertDetailsOverride": { - "alertDisplayNameFormat": "BitSight : Alert for >10% drop in ratings of {{CompanyName}}.", - "alertDescriptionFormat": "Alert is generated for {{CompanyName}}.\\n\\nRating Date: {{RatingDate}}\\nPercentage Drop: {{percentage}}%" - }, - "incidentConfiguration": { - "createIncident": false - } - } - }, - { - "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", - "apiVersion": "2022-01-01-preview", - "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('AnalyticsRule-', last(split(variables('analyticRuleObject1').analyticRuleId1,'/'))))]", - "properties": { - "description": "BitSight Analytics Rule 1", - "parentId": "[variables('analyticRuleObject1').analyticRuleId1]", - "contentId": "[variables('analyticRuleObject1')._analyticRulecontentId1]", - "kind": "AnalyticsRule", - "version": "[variables('analyticRuleObject1').analyticRuleVersion1]", - "source": { - "kind": "Solution", - "name": "BitSight", - "sourceId": "[variables('_solutionId')]" - }, - "author": { - "name": "Microsoft", - "email": "[variables('_email')]" - }, - "support": { - "name": "BitSight Support", - "email": "support@bitsight.com", - "tier": "Partner", - "link": "https://www.bitsight.com/customer-success-support" - } - } - } - ] - }, - "packageKind": "Solution", - "packageVersion": "[variables('_solutionVersion')]", - "packageName": "[variables('_solutionName')]", - "packageId": "[variables('_solutionId')]", - "contentSchemaVersion": "3.0.0", - "contentId": "[variables('analyticRuleObject1')._analyticRulecontentId1]", - "contentKind": "AnalyticsRule", - "displayName": "BitSight - drop in company ratings", - "contentProductId": "[variables('analyticRuleObject1')._analyticRulecontentProductId1]", - "id": "[variables('analyticRuleObject1')._analyticRulecontentProductId1]", - "version": "[variables('analyticRuleObject1').analyticRuleVersion1]" - } - }, - { - "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates", - "apiVersion": "2023-04-01-preview", - "name": "[variables('analyticRuleObject2').analyticRuleTemplateSpecName2]", - "location": "[parameters('workspace-location')]", - "dependsOn": [ - "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" - ], - "properties": { - "description": "BitSightNewAlertFound_AnalyticalRules Analytics Rule with template version 3.2.0", - "mainTemplate": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "[variables('analyticRuleObject2').analyticRuleVersion2]", - "parameters": {}, - "variables": {}, - "resources": [ - { - "type": "Microsoft.SecurityInsights/AlertRuleTemplates", - "name": "[variables('analyticRuleObject2')._analyticRulecontentId2]", - "apiVersion": "2023-02-01-preview", - "kind": "Scheduled", - "location": "[parameters('workspace-location')]", - "properties": { - "description": "Rule helps to detect a new alerts generated in BitSight.", - "displayName": "BitSight - new alert found", - "enabled": false, - "query": "let timeframe = 24h;\nBitSightAlerts\n| where ingestion_time() > ago(timeframe)\n| extend Severity = case( Severity contains \"INCREASE\", \"Low\",\n Severity contains \"WARN\" or Severity contains \"DECREASE\", \"Medium\",\n Severity contains \"CRITICAL\", \"High\",\n \"Informational\")\n| extend CompanyURL = strcat(\"https://service.bitsighttech.com/app/spm\",CompanyURL)\n| project CompanyName, Severity, Trigger, CompanyURL, AlertDate, GUID\n", - "queryFrequency": "P1D", - "queryPeriod": "PT24H", - "severity": "High", - "suppressionDuration": "PT1H", - "suppressionEnabled": false, - "triggerOperator": "GreaterThan", - "triggerThreshold": 0, - "status": "Available", - "requiredDataConnectors": [ - { - "dataTypes": [ - "BitSightAlerts" - ], - "connectorId": "BitSight" - } - ], - "tactics": [ - "Impact", - "InitialAccess" - ], - "techniques": [ - "T1491", - "T1190" - ], - "entityMappings": [ - { - "fieldMappings": [ - { - "columnName": "CompanyURL", - "identifier": "Url" - } - ], - "entityType": "URL" - } - ], - "eventGroupingSettings": { - "aggregationKind": "AlertPerResult" - }, - "alertDetailsOverride": { - "alertSeverityColumnName": "Severity", - "alertDisplayNameFormat": "BitSight: Alert for {{Trigger}} in {{CompanyName}} from bitsight.", - "alertDescriptionFormat": "Alert generated on {{AlertDate}} in BitSight.\\n\\nCompany URL: {{CompanyURL}}\\nAlert GUID: {{GUID}}" - }, - "incidentConfiguration": { - "createIncident": false - } - } - }, - { - "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", - "apiVersion": "2022-01-01-preview", - "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('AnalyticsRule-', last(split(variables('analyticRuleObject2').analyticRuleId2,'/'))))]", - "properties": { - "description": "BitSight Analytics Rule 2", - "parentId": "[variables('analyticRuleObject2').analyticRuleId2]", - "contentId": "[variables('analyticRuleObject2')._analyticRulecontentId2]", - "kind": "AnalyticsRule", - "version": "[variables('analyticRuleObject2').analyticRuleVersion2]", - "source": { - "kind": "Solution", - "name": "BitSight", - "sourceId": "[variables('_solutionId')]" - }, - "author": { - "name": "Microsoft", - "email": "[variables('_email')]" - }, - "support": { - "name": "BitSight Support", - "email": "support@bitsight.com", - "tier": "Partner", - "link": "https://www.bitsight.com/customer-success-support" - } - } - } - ] - }, - "packageKind": "Solution", - "packageVersion": "[variables('_solutionVersion')]", - "packageName": "[variables('_solutionName')]", - "packageId": "[variables('_solutionId')]", - "contentSchemaVersion": "3.0.0", - "contentId": "[variables('analyticRuleObject2')._analyticRulecontentId2]", - "contentKind": "AnalyticsRule", - "displayName": "BitSight - new alert found", - "contentProductId": "[variables('analyticRuleObject2')._analyticRulecontentProductId2]", - "id": "[variables('analyticRuleObject2')._analyticRulecontentProductId2]", - "version": "[variables('analyticRuleObject2').analyticRuleVersion2]" - } - }, - { - "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates", - "apiVersion": "2023-04-01-preview", - "name": "[variables('analyticRuleObject3').analyticRuleTemplateSpecName3]", - "location": "[parameters('workspace-location')]", - "dependsOn": [ - "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" - ], - "properties": { - "description": "BitSightCompromisedSystemsDetected_AnalyticalRules Analytics Rule with template version 3.2.0", - "mainTemplate": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "[variables('analyticRuleObject3').analyticRuleVersion3]", - "parameters": {}, - "variables": {}, - "resources": [ - { - "type": "Microsoft.SecurityInsights/AlertRuleTemplates", - "name": "[variables('analyticRuleObject3')._analyticRulecontentId3]", - "apiVersion": "2023-02-01-preview", - "kind": "Scheduled", - "location": "[parameters('workspace-location')]", - "properties": { - "description": "Rule helps to detect whenever there is a compromised systems found in BitSight.", - "displayName": "BitSight - compromised systems detected", - "enabled": false, - "query": "let timeframe = 24h;\nBitSightFindingsData\n| where ingestion_time() > ago(timeframe)\n| where RiskCategory == \"Compromised Systems\"\n| extend Severity = toreal(Severity)\n| extend Severity = case( Severity <= 6.9 and Severity >= 4.0, \"Low\",\n Severity <= 8.9 and Severity >= 7.0, \"Medium\",\n Severity <= 10.0 and Severity >= 9.0, \"High\",\n \"Informational\")\n| project FirstSeen, CompanyName, Severity, RiskCategory, RiskVector, TemporaryId\n", - "queryFrequency": "P1D", - "queryPeriod": "PT24H", - "severity": "Medium", - "suppressionDuration": "PT1H", - "suppressionEnabled": false, - "triggerOperator": "GreaterThan", - "triggerThreshold": 0, - "status": "Available", - "requiredDataConnectors": [ - { - "dataTypes": [ - "BitSightFindingsData" - ], - "connectorId": "BitSight" - } - ], - "tactics": [ - "Execution" - ], - "techniques": [ - "T1203" - ], - "entityMappings": [ - { - "fieldMappings": [ - { - "columnName": "RiskVector", - "identifier": "Name" - }, - { - "columnName": "RiskCategory", - "identifier": "Category" - } - ], - "entityType": "Malware" - } - ], - "eventGroupingSettings": { - "aggregationKind": "AlertPerResult" - }, - "alertDetailsOverride": { - "alertSeverityColumnName": "Severity", - "alertDisplayNameFormat": "BitSight: Alert for {{RiskVector}} in {{CompanyName}} from BitSight", - "alertDescriptionFormat": "Alert is generated for {{CompanyName}}.\\n\\nRisk Vector: {{RiskVector}}\\nTemporaryId: {{TemporaryId}}\\nRisk Category: Compromised Systems" - }, - "incidentConfiguration": { - "createIncident": true - } - } - }, - { - "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", - "apiVersion": "2022-01-01-preview", - "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('AnalyticsRule-', last(split(variables('analyticRuleObject3').analyticRuleId3,'/'))))]", - "properties": { - "description": "BitSight Analytics Rule 3", - "parentId": "[variables('analyticRuleObject3').analyticRuleId3]", - "contentId": "[variables('analyticRuleObject3')._analyticRulecontentId3]", - "kind": "AnalyticsRule", - "version": "[variables('analyticRuleObject3').analyticRuleVersion3]", - "source": { - "kind": "Solution", - "name": "BitSight", - "sourceId": "[variables('_solutionId')]" - }, - "author": { - "name": "Microsoft", - "email": "[variables('_email')]" - }, - "support": { - "name": "BitSight Support", - "email": "support@bitsight.com", - "tier": "Partner", - "link": "https://www.bitsight.com/customer-success-support" - } - } - } - ] - }, - "packageKind": "Solution", - "packageVersion": "[variables('_solutionVersion')]", - "packageName": "[variables('_solutionName')]", - "packageId": "[variables('_solutionId')]", - "contentSchemaVersion": "3.0.0", - "contentId": "[variables('analyticRuleObject3')._analyticRulecontentId3]", - "contentKind": "AnalyticsRule", - "displayName": "BitSight - compromised systems detected", - "contentProductId": "[variables('analyticRuleObject3')._analyticRulecontentProductId3]", - "id": "[variables('analyticRuleObject3')._analyticRulecontentProductId3]", - "version": "[variables('analyticRuleObject3').analyticRuleVersion3]" - } - }, - { - "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates", - "apiVersion": "2023-04-01-preview", - "name": "[variables('analyticRuleObject4').analyticRuleTemplateSpecName4]", - "location": "[parameters('workspace-location')]", - "dependsOn": [ - "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" - ], - "properties": { - "description": "BitSightDiligenceRiskCategoryDetected_AnalyticalRules Analytics Rule with template version 3.2.0", - "mainTemplate": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "[variables('analyticRuleObject4').analyticRuleVersion4]", - "parameters": {}, - "variables": {}, - "resources": [ - { - "type": "Microsoft.SecurityInsights/AlertRuleTemplates", - "name": "[variables('analyticRuleObject4')._analyticRulecontentId4]", - "apiVersion": "2023-02-01-preview", - "kind": "Scheduled", - "location": "[parameters('workspace-location')]", - "properties": { - "description": "Rule helps to detect whenever there is a diligence risk category found in BitSight.", - "displayName": "BitSight - diligence risk category detected", - "enabled": false, - "query": "let timeframe = 24h;\nBitSightFindingsData\n| where ingestion_time() > ago(timeframe)\n| where RiskCategory == \"Diligence\"\n| extend Severity = toreal(Severity)\n| extend Severity = case( Severity <= 6.9 and Severity >= 4.0, \"Low\",\n Severity <= 8.9 and Severity >= 7.0, \"Medium\",\n Severity <= 10.0 and Severity >= 9.0, \"High\",\n \"Informational\")\n| project FirstSeen, CompanyName, Severity, RiskCategory, TemporaryId, RiskVector\n", - "queryFrequency": "P1D", - "queryPeriod": "PT24H", - "severity": "Medium", - "suppressionDuration": "PT1H", - "suppressionEnabled": false, - "triggerOperator": "GreaterThan", - "triggerThreshold": 0, - "status": "Available", - "requiredDataConnectors": [ - { - "dataTypes": [ - "BitSightFindingsData" - ], - "connectorId": "BitSight" - } - ], - "tactics": [ - "Execution", - "Reconnaissance" - ], - "subTechniques": [ - "T1595.002" - ], - "techniques": [ - "T1203", - "T1595" - ], - "entityMappings": [ - { - "fieldMappings": [ - { - "columnName": "RiskVector", - "identifier": "Name" - }, - { - "columnName": "RiskCategory", - "identifier": "Category" - } - ], - "entityType": "Malware" - } - ], - "eventGroupingSettings": { - "aggregationKind": "AlertPerResult" - }, - "alertDetailsOverride": { - "alertSeverityColumnName": "Severity", - "alertDisplayNameFormat": "BitSight: Alert for {{RiskVector}} in {{CompanyName}} from BitSight", - "alertDescriptionFormat": "Alert is generated for {{CompanyName}}.\\n\\nRisk Vector: {{RiskVector}}\\nTemporaryId: {{TemporaryId}}\\nRisk Category: Diligence" - }, - "incidentConfiguration": { - "createIncident": false - } - } - }, - { - "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", - "apiVersion": "2022-01-01-preview", - "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('AnalyticsRule-', last(split(variables('analyticRuleObject4').analyticRuleId4,'/'))))]", - "properties": { - "description": "BitSight Analytics Rule 4", - "parentId": "[variables('analyticRuleObject4').analyticRuleId4]", - "contentId": "[variables('analyticRuleObject4')._analyticRulecontentId4]", - "kind": "AnalyticsRule", - "version": "[variables('analyticRuleObject4').analyticRuleVersion4]", - "source": { - "kind": "Solution", - "name": "BitSight", - "sourceId": "[variables('_solutionId')]" - }, - "author": { - "name": "Microsoft", - "email": "[variables('_email')]" - }, - "support": { - "name": "BitSight Support", - "email": "support@bitsight.com", - "tier": "Partner", - "link": "https://www.bitsight.com/customer-success-support" - } - } - } - ] - }, - "packageKind": "Solution", - "packageVersion": "[variables('_solutionVersion')]", - "packageName": "[variables('_solutionName')]", - "packageId": "[variables('_solutionId')]", - "contentSchemaVersion": "3.0.0", - "contentId": "[variables('analyticRuleObject4')._analyticRulecontentId4]", - "contentKind": "AnalyticsRule", - "displayName": "BitSight - diligence risk category detected", - "contentProductId": "[variables('analyticRuleObject4')._analyticRulecontentProductId4]", - "id": "[variables('analyticRuleObject4')._analyticRulecontentProductId4]", - "version": "[variables('analyticRuleObject4').analyticRuleVersion4]" - } - }, - { - "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates", - "apiVersion": "2023-04-01-preview", - "name": "[variables('analyticRuleObject5').analyticRuleTemplateSpecName5]", - "location": "[parameters('workspace-location')]", - "dependsOn": [ - "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" - ], - "properties": { - "description": "BitSightDropInHeadlineRating_AnalyticalRules Analytics Rule with template version 3.2.0", - "mainTemplate": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "[variables('analyticRuleObject5').analyticRuleVersion5]", - "parameters": {}, - "variables": {}, - "resources": [ - { - "type": "Microsoft.SecurityInsights/AlertRuleTemplates", - "name": "[variables('analyticRuleObject5')._analyticRulecontentId5]", - "apiVersion": "2023-02-01-preview", - "kind": "Scheduled", - "location": "[parameters('workspace-location')]", - "properties": { - "description": "Rule helps to detect if headline ratings is drop in BitSight.", - "displayName": "BitSight - drop in the headline rating", - "enabled": false, - "query": "let timeframe = 24h;\nBitSightGraphData\n| where ingestion_time() > ago(timeframe)\n| where toint(RatingDifferance) < 0\n| project RatingDate, Rating, CompanyName, RatingDifferance\n", - "queryFrequency": "P1D", - "queryPeriod": "PT24H", - "severity": "High", - "suppressionDuration": "PT1H", - "suppressionEnabled": false, - "triggerOperator": "GreaterThan", - "triggerThreshold": 0, - "status": "Available", - "requiredDataConnectors": [ - { - "dataTypes": [ - "BitSightGraphData" - ], - "connectorId": "BitSight" - } - ], - "tactics": [ - "Reconnaissance", - "CommandAndControl" - ], - "techniques": [ - "T1591", - "T1090" - ], - "eventGroupingSettings": { - "aggregationKind": "AlertPerResult" - }, - "customDetails": { - "CompanyName": "CompanyName", - "CompanyRating": "Rating" - }, - "alertDetailsOverride": { - "alertDisplayNameFormat": "BitSight : Alert for drop in the headline rating of {{CompanyName}}.", - "alertDescriptionFormat": "Alert is generated for {{CompanyName}}.\\n\\nRating Date: {{RatingDate}}\\nRating Drop: {{RatingDifferance}}" - }, - "incidentConfiguration": { - "createIncident": false - } - } - }, - { - "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", - "apiVersion": "2022-01-01-preview", - "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('AnalyticsRule-', last(split(variables('analyticRuleObject5').analyticRuleId5,'/'))))]", - "properties": { - "description": "BitSight Analytics Rule 5", - "parentId": "[variables('analyticRuleObject5').analyticRuleId5]", - "contentId": "[variables('analyticRuleObject5')._analyticRulecontentId5]", - "kind": "AnalyticsRule", - "version": "[variables('analyticRuleObject5').analyticRuleVersion5]", - "source": { - "kind": "Solution", - "name": "BitSight", - "sourceId": "[variables('_solutionId')]" - }, - "author": { - "name": "Microsoft", - "email": "[variables('_email')]" - }, - "support": { - "name": "BitSight Support", - "email": "support@bitsight.com", - "tier": "Partner", - "link": "https://www.bitsight.com/customer-success-support" - } - } - } - ] - }, - "packageKind": "Solution", - "packageVersion": "[variables('_solutionVersion')]", - "packageName": "[variables('_solutionName')]", - "packageId": "[variables('_solutionId')]", - "contentSchemaVersion": "3.0.0", - "contentId": "[variables('analyticRuleObject5')._analyticRulecontentId5]", - "contentKind": "AnalyticsRule", - "displayName": "BitSight - drop in the headline rating", - "contentProductId": "[variables('analyticRuleObject5')._analyticRulecontentProductId5]", - "id": "[variables('analyticRuleObject5')._analyticRulecontentProductId5]", - "version": "[variables('analyticRuleObject5').analyticRuleVersion5]" - } - }, - { - "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates", - "apiVersion": "2023-04-01-preview", - "name": "[variables('analyticRuleObject6').analyticRuleTemplateSpecName6]", - "location": "[parameters('workspace-location')]", - "dependsOn": [ - "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" - ], - "properties": { - "description": "BitSightNewBreachFound_AnalyticalRules Analytics Rule with template version 3.2.0", - "mainTemplate": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "[variables('analyticRuleObject6').analyticRuleVersion6]", - "parameters": {}, - "variables": {}, - "resources": [ - { - "type": "Microsoft.SecurityInsights/AlertRuleTemplates", - "name": "[variables('analyticRuleObject6')._analyticRulecontentId6]", - "apiVersion": "2023-02-01-preview", - "kind": "Scheduled", - "location": "[parameters('workspace-location')]", - "properties": { - "description": "Rule helps to detect a new breach generated in BitSight.", - "displayName": "BitSight - new breach found", - "enabled": false, - "query": "let timeframe = 24h;\nBitSightBreaches\n| where ingestion_time() > ago(timeframe)\n| extend Severity = toreal(Severity)\n| extend Severity = case( Severity == 1, \"Low\",\n Severity == 2, \"Medium\",\n Severity == 3, \"High\",\n \"Informational\")\n| project DateCreated, Companyname, Severity, PreviwURL, GUID\n", - "queryFrequency": "P1D", - "queryPeriod": "PT24H", - "severity": "Medium", - "suppressionDuration": "PT1H", - "suppressionEnabled": false, - "triggerOperator": "GreaterThan", - "triggerThreshold": 0, - "status": "Available", - "requiredDataConnectors": [ - { - "dataTypes": [ - "BitSightBreaches" - ], - "connectorId": "BitSight" - } - ], - "tactics": [ - "Impact", - "InitialAccess" - ], - "techniques": [ - "T1491", - "T1190" - ], - "entityMappings": [ - { - "fieldMappings": [ - { - "columnName": "PreviwURL", - "identifier": "Url" - } - ], - "entityType": "URL" - } - ], - "eventGroupingSettings": { - "aggregationKind": "AlertPerResult" - }, - "alertDetailsOverride": { - "alertSeverityColumnName": "Severity", - "alertDisplayNameFormat": "BitSight: Alert for new breach in {{Companyname}}.", - "alertDescriptionFormat": "Alert is generated on {{DateCreated}} at BitSight.\\n\\nGUID: {{GUID}}\\nPreview URL: {{PreviwURL}}" - }, - "incidentConfiguration": { - "createIncident": false - } - } - }, - { - "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", - "apiVersion": "2022-01-01-preview", - "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('AnalyticsRule-', last(split(variables('analyticRuleObject6').analyticRuleId6,'/'))))]", - "properties": { - "description": "BitSight Analytics Rule 6", - "parentId": "[variables('analyticRuleObject6').analyticRuleId6]", - "contentId": "[variables('analyticRuleObject6')._analyticRulecontentId6]", - "kind": "AnalyticsRule", - "version": "[variables('analyticRuleObject6').analyticRuleVersion6]", - "source": { - "kind": "Solution", - "name": "BitSight", - "sourceId": "[variables('_solutionId')]" - }, - "author": { - "name": "Microsoft", - "email": "[variables('_email')]" - }, - "support": { - "name": "BitSight Support", - "email": "support@bitsight.com", - "tier": "Partner", - "link": "https://www.bitsight.com/customer-success-support" - } - } - } - ] - }, - "packageKind": "Solution", - "packageVersion": "[variables('_solutionVersion')]", - "packageName": "[variables('_solutionName')]", - "packageId": "[variables('_solutionId')]", - "contentSchemaVersion": "3.0.0", - "contentId": "[variables('analyticRuleObject6')._analyticRulecontentId6]", - "contentKind": "AnalyticsRule", - "displayName": "BitSight - new breach found", - "contentProductId": "[variables('analyticRuleObject6')._analyticRulecontentProductId6]", - "id": "[variables('analyticRuleObject6')._analyticRulecontentProductId6]", - "version": "[variables('analyticRuleObject6').analyticRuleVersion6]" - } - }, - { - "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates", - "apiVersion": "2023-04-01-preview", - "name": "[variables('parserObject1').parserTemplateSpecName1]", - "location": "[parameters('workspace-location')]", - "dependsOn": [ - "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" - ], - "properties": { - "description": "BitSightAlerts Data Parser with template version 3.2.0", - "mainTemplate": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "[variables('parserObject1').parserVersion1]", - "parameters": {}, - "variables": {}, - "resources": [ - { - "name": "[variables('parserObject1')._parserName1]", - "apiVersion": "2025-07-01", - "type": "Microsoft.OperationalInsights/workspaces/savedSearches", - "location": "[parameters('workspace-location')]", - "properties": { - "eTag": "*", - "displayName": "Parser for BitSightAlerts", - "category": "Microsoft Sentinel Parser", - "functionAlias": "BitSightAlerts", - "query": "union isfuzzy=true\n (\n BitsightAlerts_data_CL\n | extend\n EventVendor = \"BitSight\",\n EventProduct = \"Alert\",\n GUID = column_ifexists('guid', ''),\n AlertType = column_ifexists('alert_type', ''),\n AlertDate = column_ifexists('alert_date', ''),\n StartDate = column_ifexists('start_date', ''),\n CompanyName = column_ifexists('company_name', ''),\n CompanyGUID = column_ifexists('company_guid', ''),\n CompanyURL = column_ifexists('company_url', ''),\n FolderGUID = column_ifexists('folder_guid', ''),\n FolderName = column_ifexists('folder_name', ''),\n Severity = column_ifexists('severity', ''),\n Trigger = column_ifexists('trigger', '')\n | project\n TimeGenerated,\n EventVendor,\n EventProduct,\n GUID,\n AlertType,\n AlertDate,\n StartDate,\n CompanyName,\n CompanyGUID,\n CompanyURL,\n FolderGUID,\n FolderName,\n Severity,\n Trigger\n ),\n (\n BitSightAlerts_CL\n | extend\n EventVendor = \"BitSight\",\n EventProduct = \"Alert\"\n | project\n TimeGenerated,\n EventVendor,\n EventProduct,\n Guid,\n AlertType,\n AlertDate,\n StartDate,\n CompanyName,\n CompanyGuid,\n CompanyUrl,\n FolderGuid,\n FolderName,\n Severity,\n Trigger,\n AlertSetName,\n AlertSetGuid,\n ConnectorName\n )\n", - "functionParameters": "", - "version": 2, - "tags": [ - { - "name": "description", - "value": "" - } - ] - } - }, - { - "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", - "apiVersion": "2022-01-01-preview", - "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Parser-', last(split(variables('parserObject1')._parserId1,'/'))))]", - "dependsOn": [ - "[variables('parserObject1')._parserId1]" - ], - "properties": { - "parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'BitSightAlerts')]", - "contentId": "[variables('parserObject1').parserContentId1]", - "kind": "Parser", - "version": "[variables('parserObject1').parserVersion1]", - "source": { - "name": "BitSight", - "kind": "Solution", - "sourceId": "[variables('_solutionId')]" - }, - "author": { - "name": "Microsoft", - "email": "[variables('_email')]" - }, - "support": { - "name": "BitSight Support", - "email": "support@bitsight.com", - "tier": "Partner", - "link": "https://www.bitsight.com/customer-success-support" - } - } - } - ] - }, - "packageKind": "Solution", - "packageVersion": "[variables('_solutionVersion')]", - "packageName": "[variables('_solutionName')]", - "packageId": "[variables('_solutionId')]", - "contentSchemaVersion": "3.0.0", - "contentId": "[variables('parserObject1').parserContentId1]", - "contentKind": "Parser", - "displayName": "Parser for BitSightAlerts", - "contentProductId": "[concat(take(variables('_solutionId'),50),'-','pr','-', uniqueString(concat(variables('_solutionId'),'-','Parser','-',variables('parserObject1').parserContentId1,'-', '1.1.0')))]", - "id": "[concat(take(variables('_solutionId'),50),'-','pr','-', uniqueString(concat(variables('_solutionId'),'-','Parser','-',variables('parserObject1').parserContentId1,'-', '1.1.0')))]", - "version": "[variables('parserObject1').parserVersion1]" - } - }, - { - "type": "Microsoft.OperationalInsights/workspaces/savedSearches", - "apiVersion": "2025-07-01", - "name": "[variables('parserObject1')._parserName1]", - "location": "[parameters('workspace-location')]", - "properties": { - "eTag": "*", - "displayName": "Parser for BitSightAlerts", - "category": "Microsoft Sentinel Parser", - "functionAlias": "BitSightAlerts", - "query": "union isfuzzy=true\n (\n BitsightAlerts_data_CL\n | extend\n EventVendor = \"BitSight\",\n EventProduct = \"Alert\",\n GUID = column_ifexists('guid', ''),\n AlertType = column_ifexists('alert_type', ''),\n AlertDate = column_ifexists('alert_date', ''),\n StartDate = column_ifexists('start_date', ''),\n CompanyName = column_ifexists('company_name', ''),\n CompanyGUID = column_ifexists('company_guid', ''),\n CompanyURL = column_ifexists('company_url', ''),\n FolderGUID = column_ifexists('folder_guid', ''),\n FolderName = column_ifexists('folder_name', ''),\n Severity = column_ifexists('severity', ''),\n Trigger = column_ifexists('trigger', '')\n | project\n TimeGenerated,\n EventVendor,\n EventProduct,\n GUID,\n AlertType,\n AlertDate,\n StartDate,\n CompanyName,\n CompanyGUID,\n CompanyURL,\n FolderGUID,\n FolderName,\n Severity,\n Trigger\n ),\n (\n BitSightAlerts_CL\n | extend\n EventVendor = \"BitSight\",\n EventProduct = \"Alert\"\n | project\n TimeGenerated,\n EventVendor,\n EventProduct,\n Guid,\n AlertType,\n AlertDate,\n StartDate,\n CompanyName,\n CompanyGuid,\n CompanyUrl,\n FolderGuid,\n FolderName,\n Severity,\n Trigger,\n AlertSetName,\n AlertSetGuid,\n ConnectorName\n )\n", - "functionParameters": "", - "version": 2, - "tags": [ - { - "name": "description", - "value": "" - } - ] - } - }, - { - "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", - "apiVersion": "2022-01-01-preview", - "location": "[parameters('workspace-location')]", - "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Parser-', last(split(variables('parserObject1')._parserId1,'/'))))]", - "dependsOn": [ - "[variables('parserObject1')._parserId1]" - ], - "properties": { - "parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'BitSightAlerts')]", - "contentId": "[variables('parserObject1').parserContentId1]", - "kind": "Parser", - "version": "[variables('parserObject1').parserVersion1]", - "source": { - "kind": "Solution", - "name": "BitSight", - "sourceId": "[variables('_solutionId')]" - }, - "author": { - "name": "Microsoft", - "email": "[variables('_email')]" - }, - "support": { - "name": "BitSight Support", - "email": "support@bitsight.com", - "tier": "Partner", - "link": "https://www.bitsight.com/customer-success-support" - } - } - }, - { - "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates", - "apiVersion": "2023-04-01-preview", - "name": "[variables('parserObject2').parserTemplateSpecName2]", - "location": "[parameters('workspace-location')]", - "dependsOn": [ - "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" - ], - "properties": { - "description": "BitSightBreaches Data Parser with template version 3.2.0", - "mainTemplate": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "[variables('parserObject2').parserVersion2]", - "parameters": {}, - "variables": {}, - "resources": [ - { - "name": "[variables('parserObject2')._parserName2]", - "apiVersion": "2025-07-01", - "type": "Microsoft.OperationalInsights/workspaces/savedSearches", - "location": "[parameters('workspace-location')]", - "properties": { - "eTag": "*", - "displayName": "Parser for BitSightBreaches", - "category": "Microsoft Sentinel Parser", - "functionAlias": "BitSightBreaches", - "query": "union isfuzzy=true\n (\n BitsightBreaches_data_CL\n | extend\n EventVendor = \"BitSight\",\n EventProduct = \"Breaches\",\n GUID = column_ifexists('guid', ''),\n Date = column_ifexists('date', ''),\n Severity = column_ifexists('severity', ''),\n Text = column_ifexists('text', ''),\n DateCreated = column_ifexists('date_created', ''),\n PreviwURL = column_ifexists('preview_url', ''),\n EventType = column_ifexists('event_type', ''),\n EventTypeDescription = column_ifexists('event_type_description', ''),\n BreachedCompanies = column_ifexists('breached_companies', ''),\n DependentCompanies = column_ifexists('dependent_companies', ''),\n Companyname = column_ifexists('company_name', ''),\n CompanyGUID = column_ifexists('company_guid', '')\n | project\n TimeGenerated,\n EventVendor,\n EventProduct,\n GUID,\n Date,\n Severity,\n Text,\n DateCreated,\n PreviwURL,\n EventType,\n EventTypeDescription,\n BreachedCompanies,\n DependentCompanies,\n Companyname,\n CompanyGUID\n ),\n (\n BitSightBreaches_CL\n | summarize arg_max(TimeGenerated, *) by Guid, CompanyGuid\n | extend\n EventVendor = \"BitSight\",\n EventProduct = \"Breaches\"\n | project\n TimeGenerated,\n EventVendor,\n EventProduct,\n Guid,\n CompanyName,\n CompanyGuid,\n BreachDate,\n DateCreated,\n Text,\n PreviewUrl,\n EventType,\n EventTypeDescription,\n Severity,\n BreachedCompanies,\n DependentCompanies,\n ConnectorName\n )\n", - "functionParameters": "", - "version": 2, - "tags": [ - { - "name": "description", - "value": "" - } - ] - } - }, - { - "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", - "apiVersion": "2022-01-01-preview", - "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Parser-', last(split(variables('parserObject2')._parserId2,'/'))))]", - "dependsOn": [ - "[variables('parserObject2')._parserId2]" - ], - "properties": { - "parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'BitSightBreaches')]", - "contentId": "[variables('parserObject2').parserContentId2]", - "kind": "Parser", - "version": "[variables('parserObject2').parserVersion2]", - "source": { - "name": "BitSight", - "kind": "Solution", - "sourceId": "[variables('_solutionId')]" - }, - "author": { - "name": "Microsoft", - "email": "[variables('_email')]" - }, - "support": { - "name": "BitSight Support", - "email": "support@bitsight.com", - "tier": "Partner", - "link": "https://www.bitsight.com/customer-success-support" - } - } - } - ] - }, - "packageKind": "Solution", - "packageVersion": "[variables('_solutionVersion')]", - "packageName": "[variables('_solutionName')]", - "packageId": "[variables('_solutionId')]", - "contentSchemaVersion": "3.0.0", - "contentId": "[variables('parserObject2').parserContentId2]", - "contentKind": "Parser", - "displayName": "Parser for BitSightBreaches", - "contentProductId": "[concat(take(variables('_solutionId'),50),'-','pr','-', uniqueString(concat(variables('_solutionId'),'-','Parser','-',variables('parserObject2').parserContentId2,'-', '1.1.0')))]", - "id": "[concat(take(variables('_solutionId'),50),'-','pr','-', uniqueString(concat(variables('_solutionId'),'-','Parser','-',variables('parserObject2').parserContentId2,'-', '1.1.0')))]", - "version": "[variables('parserObject2').parserVersion2]" - } - }, - { - "type": "Microsoft.OperationalInsights/workspaces/savedSearches", - "apiVersion": "2025-07-01", - "name": "[variables('parserObject2')._parserName2]", - "location": "[parameters('workspace-location')]", - "properties": { - "eTag": "*", - "displayName": "Parser for BitSightBreaches", - "category": "Microsoft Sentinel Parser", - "functionAlias": "BitSightBreaches", - "query": "union isfuzzy=true\n (\n BitsightBreaches_data_CL\n | extend\n EventVendor = \"BitSight\",\n EventProduct = \"Breaches\",\n GUID = column_ifexists('guid', ''),\n Date = column_ifexists('date', ''),\n Severity = column_ifexists('severity', ''),\n Text = column_ifexists('text', ''),\n DateCreated = column_ifexists('date_created', ''),\n PreviwURL = column_ifexists('preview_url', ''),\n EventType = column_ifexists('event_type', ''),\n EventTypeDescription = column_ifexists('event_type_description', ''),\n BreachedCompanies = column_ifexists('breached_companies', ''),\n DependentCompanies = column_ifexists('dependent_companies', ''),\n Companyname = column_ifexists('company_name', ''),\n CompanyGUID = column_ifexists('company_guid', '')\n | project\n TimeGenerated,\n EventVendor,\n EventProduct,\n GUID,\n Date,\n Severity,\n Text,\n DateCreated,\n PreviwURL,\n EventType,\n EventTypeDescription,\n BreachedCompanies,\n DependentCompanies,\n Companyname,\n CompanyGUID\n ),\n (\n BitSightBreaches_CL\n | summarize arg_max(TimeGenerated, *) by Guid, CompanyGuid\n | extend\n EventVendor = \"BitSight\",\n EventProduct = \"Breaches\"\n | project\n TimeGenerated,\n EventVendor,\n EventProduct,\n Guid,\n CompanyName,\n CompanyGuid,\n BreachDate,\n DateCreated,\n Text,\n PreviewUrl,\n EventType,\n EventTypeDescription,\n Severity,\n BreachedCompanies,\n DependentCompanies,\n ConnectorName\n )\n", - "functionParameters": "", - "version": 2, - "tags": [ - { - "name": "description", - "value": "" - } - ] - } - }, - { - "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", - "apiVersion": "2022-01-01-preview", - "location": "[parameters('workspace-location')]", - "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Parser-', last(split(variables('parserObject2')._parserId2,'/'))))]", - "dependsOn": [ - "[variables('parserObject2')._parserId2]" - ], - "properties": { - "parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'BitSightBreaches')]", - "contentId": "[variables('parserObject2').parserContentId2]", - "kind": "Parser", - "version": "[variables('parserObject2').parserVersion2]", - "source": { - "kind": "Solution", - "name": "BitSight", - "sourceId": "[variables('_solutionId')]" - }, - "author": { - "name": "Microsoft", - "email": "[variables('_email')]" - }, - "support": { - "name": "BitSight Support", - "email": "support@bitsight.com", - "tier": "Partner", - "link": "https://www.bitsight.com/customer-success-support" - } - } - }, - { - "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates", - "apiVersion": "2023-04-01-preview", - "name": "[variables('parserObject3').parserTemplateSpecName3]", - "location": "[parameters('workspace-location')]", - "dependsOn": [ - "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" - ], - "properties": { - "description": "BitSightCompanyDetails Data Parser with template version 3.2.0", - "mainTemplate": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "[variables('parserObject3').parserVersion3]", - "parameters": {}, - "variables": {}, - "resources": [ - { - "name": "[variables('parserObject3')._parserName3]", - "apiVersion": "2025-07-01", - "type": "Microsoft.OperationalInsights/workspaces/savedSearches", - "location": "[parameters('workspace-location')]", - "properties": { - "eTag": "*", - "displayName": "Parser for BitSightCompanyDetails", - "category": "Microsoft Sentinel Parser", - "functionAlias": "BitSightCompanyDetails", - "query": "union isfuzzy=true\n (\n BitsightCompany_details_CL\n | extend\n EventVendor = \"BitSight\",\n EventProduct = \"CompanyDetails\",\n PrimaryCompanyGUID = column_ifexists('primary_company_guid', ''),\n PrimaryCompanyName = column_ifexists('primary_company_name', ''),\n AvailableUpgradeTypes = column_ifexists('available_upgrade_types', ''),\n BulkEmailSenderStatus = column_ifexists('bulk_email_sender_status', ''),\n CompanyFeatures = column_ifexists('company_features', ''),\n CustomerMonitoringCount = column_ifexists('customer_monitoring_count', ''),\n Description = column_ifexists('description', ''),\n DisplayURL = column_ifexists('display_url', ''),\n GUID = column_ifexists('guid', ''),\n HasCompanyTree = column_ifexists('has_company_tree', ''),\n HasPreferredContact = column_ifexists('has_preferred_contact', ''),\n Hompage = column_ifexists('homepage', ''),\n InSpmPortfolio = column_ifexists('in_spm_portfolio', ''),\n Industry = column_ifexists('industry', ''),\n IndustrySlug = column_ifexists('industry_slug', ''),\n Ipv4Count = column_ifexists('ipv4_count', ''),\n IsBundle = column_ifexists('is_bundle', ''),\n IsCsp = column_ifexists('is_csp', ''),\n IsMycompMysubsBundle = column_ifexists('is_mycomp_mysubs_bundle', ''),\n IsPrimary = column_ifexists('is_primary', ''),\n IsUnsampledAllowed = column_ifexists('is_unsampled_allowed', ''),\n Name = column_ifexists('name', ''),\n PeopleCount = column_ifexists('people_count', ''),\n PermissionCanAnnotate = column_ifexists('permissions_can_annotate', ''),\n PermissionCanDownloadCompanyReport = column_ifexists('permissions_can_download_company_report', ''),\n PermissionCanEnableVendorAccess = column_ifexists('permissions_can_enable_vendor_access', ''),\n PermissionCanViewCompanyReports = column_ifexists('permissions_can_view_company_reports', ''),\n PermissionCanViewForensics = column_ifexists('permissions_can_view_forensics', ''),\n PermissionCanViewInfrastructure = column_ifexists('permissions_can_view_infrastructure', ''),\n PermissionCanViewIpAttributions = column_ifexists('permissions_can_view_ip_attributions', ''),\n PermissionCanViewServiceProviders = column_ifexists('permissions_can_view_service_providers', ''),\n PermissionsHasControl = column_ifexists('permissions_has_control', ''),\n PrimaryDomain = column_ifexists('primary_domain', ''),\n RatingIndustryMedian = column_ifexists('rating_industry_median', ''),\n Ratings = column_ifexists('ratings', ''),\n RelatedCompanies = column_ifexists('related_companies', ''),\n SearchCount = column_ifexists('search_count', ''),\n ServiceProvider = column_ifexists('service_provider', ''),\n Shortname = column_ifexists('shortname', ''),\n Sparkline = column_ifexists('sparkline', ''),\n SubIndustry = column_ifexists('sub_industry', ''),\n SubIndustrySlug = column_ifexists('sub_industry_slug', ''),\n SubscriptionType = column_ifexists('subscription_type', ''),\n SubscriptionTypeKey = column_ifexists('subscription_type_key', ''),\n ComplianceClaimCertifications = column_ifexists('compliance_claim_certifications', ''),\n ComplianceClaimTrustPage = column_ifexists('compliance_claim_trust_page', ''),\n type = column_ifexists('type', '')\n | project\n TimeGenerated,\n EventVendor,\n EventProduct,\n PrimaryCompanyGUID,\n PrimaryCompanyName,\n AvailableUpgradeTypes,\n BulkEmailSenderStatus,\n CompanyFeatures,\n CustomerMonitoringCount,\n Description,\n DisplayURL,\n GUID,\n HasCompanyTree,\n HasPreferredContact,\n Hompage,\n InSpmPortfolio,\n Industry,\n IndustrySlug,\n Ipv4Count,\n IsBundle,\n IsCsp,\n IsMycompMysubsBundle,\n IsPrimary,\n IsUnsampledAllowed,\n Name,\n PeopleCount,\n PermissionCanAnnotate,\n PermissionCanDownloadCompanyReport,\n PermissionCanEnableVendorAccess,\n PermissionCanViewCompanyReports,\n PermissionCanViewForensics,\n PermissionCanViewInfrastructure,\n PermissionCanViewIpAttributions,\n PermissionCanViewServiceProviders,\n PermissionsHasControl,\n PrimaryDomain,\n RatingIndustryMedian,\n Ratings,\n RelatedCompanies,\n SearchCount,\n ServiceProvider,\n Shortname,\n Sparkline,\n SubIndustry,\n SubIndustrySlug,\n SubscriptionType,\n SubscriptionTypeKey,\n ComplianceClaimCertifications,\n ComplianceClaimTrustPage,\n type\n ),\n (\n BitSightCompanyDetails_CL\n | summarize arg_max(TimeGenerated, *) by Guid\n | extend\n EventVendor = \"BitSight\",\n EventProduct = \"CompanyDetails\"\n | project\n TimeGenerated,\n EventVendor,\n EventProduct,\n Guid,\n Name,\n CompanyType,\n Shortname,\n Description,\n PrimaryDomain,\n Homepage,\n DisplayUrl,\n Sparkline,\n Industry,\n IndustrySlug,\n SubIndustry,\n SubIndustrySlug,\n Ipv4Count,\n PeopleCount,\n SearchCount,\n CustomerMonitoringCount,\n CurrentRating,\n RatingIndustryMedian,\n Ratings,\n SubscriptionType,\n SubscriptionTypeKey,\n SubscriptionEndDate,\n BulkEmailSenderStatus,\n SecurityGrade,\n ServiceProvider,\n HasCompanyTree,\n HasPreferredContact,\n IsBundle,\n IsPrimary,\n InSpmPortfolio,\n IsMycompMysubsBundle,\n IsCsp,\n HasDelegatedSecurityControls,\n CustomId,\n AvailableUpgradeTypes,\n CompanyFeatures,\n RelatedCompanies,\n PrimaryCompany,\n ComplianceClaim,\n Permissions,\n ConnectorName\n )\n", - "functionParameters": "", - "version": 2, - "tags": [ - { - "name": "description", - "value": "" - } - ] - } - }, - { - "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", - "apiVersion": "2022-01-01-preview", - "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Parser-', last(split(variables('parserObject3')._parserId3,'/'))))]", - "dependsOn": [ - "[variables('parserObject3')._parserId3]" - ], - "properties": { - "parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'BitSightCompanyDetails')]", - "contentId": "[variables('parserObject3').parserContentId3]", - "kind": "Parser", - "version": "[variables('parserObject3').parserVersion3]", - "source": { - "name": "BitSight", - "kind": "Solution", - "sourceId": "[variables('_solutionId')]" - }, - "author": { - "name": "Microsoft", - "email": "[variables('_email')]" - }, - "support": { - "name": "BitSight Support", - "email": "support@bitsight.com", - "tier": "Partner", - "link": "https://www.bitsight.com/customer-success-support" - } - } - } - ] - }, - "packageKind": "Solution", - "packageVersion": "[variables('_solutionVersion')]", - "packageName": "[variables('_solutionName')]", - "packageId": "[variables('_solutionId')]", - "contentSchemaVersion": "3.0.0", - "contentId": "[variables('parserObject3').parserContentId3]", - "contentKind": "Parser", - "displayName": "Parser for BitSightCompanyDetails", - "contentProductId": "[concat(take(variables('_solutionId'),50),'-','pr','-', uniqueString(concat(variables('_solutionId'),'-','Parser','-',variables('parserObject3').parserContentId3,'-', '1.1.0')))]", - "id": "[concat(take(variables('_solutionId'),50),'-','pr','-', uniqueString(concat(variables('_solutionId'),'-','Parser','-',variables('parserObject3').parserContentId3,'-', '1.1.0')))]", - "version": "[variables('parserObject3').parserVersion3]" - } - }, - { - "type": "Microsoft.OperationalInsights/workspaces/savedSearches", - "apiVersion": "2025-07-01", - "name": "[variables('parserObject3')._parserName3]", - "location": "[parameters('workspace-location')]", - "properties": { - "eTag": "*", - "displayName": "Parser for BitSightCompanyDetails", - "category": "Microsoft Sentinel Parser", - "functionAlias": "BitSightCompanyDetails", - "query": "union isfuzzy=true\n (\n BitsightCompany_details_CL\n | extend\n EventVendor = \"BitSight\",\n EventProduct = \"CompanyDetails\",\n PrimaryCompanyGUID = column_ifexists('primary_company_guid', ''),\n PrimaryCompanyName = column_ifexists('primary_company_name', ''),\n AvailableUpgradeTypes = column_ifexists('available_upgrade_types', ''),\n BulkEmailSenderStatus = column_ifexists('bulk_email_sender_status', ''),\n CompanyFeatures = column_ifexists('company_features', ''),\n CustomerMonitoringCount = column_ifexists('customer_monitoring_count', ''),\n Description = column_ifexists('description', ''),\n DisplayURL = column_ifexists('display_url', ''),\n GUID = column_ifexists('guid', ''),\n HasCompanyTree = column_ifexists('has_company_tree', ''),\n HasPreferredContact = column_ifexists('has_preferred_contact', ''),\n Hompage = column_ifexists('homepage', ''),\n InSpmPortfolio = column_ifexists('in_spm_portfolio', ''),\n Industry = column_ifexists('industry', ''),\n IndustrySlug = column_ifexists('industry_slug', ''),\n Ipv4Count = column_ifexists('ipv4_count', ''),\n IsBundle = column_ifexists('is_bundle', ''),\n IsCsp = column_ifexists('is_csp', ''),\n IsMycompMysubsBundle = column_ifexists('is_mycomp_mysubs_bundle', ''),\n IsPrimary = column_ifexists('is_primary', ''),\n IsUnsampledAllowed = column_ifexists('is_unsampled_allowed', ''),\n Name = column_ifexists('name', ''),\n PeopleCount = column_ifexists('people_count', ''),\n PermissionCanAnnotate = column_ifexists('permissions_can_annotate', ''),\n PermissionCanDownloadCompanyReport = column_ifexists('permissions_can_download_company_report', ''),\n PermissionCanEnableVendorAccess = column_ifexists('permissions_can_enable_vendor_access', ''),\n PermissionCanViewCompanyReports = column_ifexists('permissions_can_view_company_reports', ''),\n PermissionCanViewForensics = column_ifexists('permissions_can_view_forensics', ''),\n PermissionCanViewInfrastructure = column_ifexists('permissions_can_view_infrastructure', ''),\n PermissionCanViewIpAttributions = column_ifexists('permissions_can_view_ip_attributions', ''),\n PermissionCanViewServiceProviders = column_ifexists('permissions_can_view_service_providers', ''),\n PermissionsHasControl = column_ifexists('permissions_has_control', ''),\n PrimaryDomain = column_ifexists('primary_domain', ''),\n RatingIndustryMedian = column_ifexists('rating_industry_median', ''),\n Ratings = column_ifexists('ratings', ''),\n RelatedCompanies = column_ifexists('related_companies', ''),\n SearchCount = column_ifexists('search_count', ''),\n ServiceProvider = column_ifexists('service_provider', ''),\n Shortname = column_ifexists('shortname', ''),\n Sparkline = column_ifexists('sparkline', ''),\n SubIndustry = column_ifexists('sub_industry', ''),\n SubIndustrySlug = column_ifexists('sub_industry_slug', ''),\n SubscriptionType = column_ifexists('subscription_type', ''),\n SubscriptionTypeKey = column_ifexists('subscription_type_key', ''),\n ComplianceClaimCertifications = column_ifexists('compliance_claim_certifications', ''),\n ComplianceClaimTrustPage = column_ifexists('compliance_claim_trust_page', ''),\n type = column_ifexists('type', '')\n | project\n TimeGenerated,\n EventVendor,\n EventProduct,\n PrimaryCompanyGUID,\n PrimaryCompanyName,\n AvailableUpgradeTypes,\n BulkEmailSenderStatus,\n CompanyFeatures,\n CustomerMonitoringCount,\n Description,\n DisplayURL,\n GUID,\n HasCompanyTree,\n HasPreferredContact,\n Hompage,\n InSpmPortfolio,\n Industry,\n IndustrySlug,\n Ipv4Count,\n IsBundle,\n IsCsp,\n IsMycompMysubsBundle,\n IsPrimary,\n IsUnsampledAllowed,\n Name,\n PeopleCount,\n PermissionCanAnnotate,\n PermissionCanDownloadCompanyReport,\n PermissionCanEnableVendorAccess,\n PermissionCanViewCompanyReports,\n PermissionCanViewForensics,\n PermissionCanViewInfrastructure,\n PermissionCanViewIpAttributions,\n PermissionCanViewServiceProviders,\n PermissionsHasControl,\n PrimaryDomain,\n RatingIndustryMedian,\n Ratings,\n RelatedCompanies,\n SearchCount,\n ServiceProvider,\n Shortname,\n Sparkline,\n SubIndustry,\n SubIndustrySlug,\n SubscriptionType,\n SubscriptionTypeKey,\n ComplianceClaimCertifications,\n ComplianceClaimTrustPage,\n type\n ),\n (\n BitSightCompanyDetails_CL\n | summarize arg_max(TimeGenerated, *) by Guid\n | extend\n EventVendor = \"BitSight\",\n EventProduct = \"CompanyDetails\"\n | project\n TimeGenerated,\n EventVendor,\n EventProduct,\n Guid,\n Name,\n CompanyType,\n Shortname,\n Description,\n PrimaryDomain,\n Homepage,\n DisplayUrl,\n Sparkline,\n Industry,\n IndustrySlug,\n SubIndustry,\n SubIndustrySlug,\n Ipv4Count,\n PeopleCount,\n SearchCount,\n CustomerMonitoringCount,\n CurrentRating,\n RatingIndustryMedian,\n Ratings,\n SubscriptionType,\n SubscriptionTypeKey,\n SubscriptionEndDate,\n BulkEmailSenderStatus,\n SecurityGrade,\n ServiceProvider,\n HasCompanyTree,\n HasPreferredContact,\n IsBundle,\n IsPrimary,\n InSpmPortfolio,\n IsMycompMysubsBundle,\n IsCsp,\n HasDelegatedSecurityControls,\n CustomId,\n AvailableUpgradeTypes,\n CompanyFeatures,\n RelatedCompanies,\n PrimaryCompany,\n ComplianceClaim,\n Permissions,\n ConnectorName\n )\n", - "functionParameters": "", - "version": 2, - "tags": [ - { - "name": "description", - "value": "" - } - ] - } - }, - { - "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", - "apiVersion": "2022-01-01-preview", - "location": "[parameters('workspace-location')]", - "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Parser-', last(split(variables('parserObject3')._parserId3,'/'))))]", - "dependsOn": [ - "[variables('parserObject3')._parserId3]" - ], - "properties": { - "parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'BitSightCompanyDetails')]", - "contentId": "[variables('parserObject3').parserContentId3]", - "kind": "Parser", - "version": "[variables('parserObject3').parserVersion3]", - "source": { - "kind": "Solution", - "name": "BitSight", - "sourceId": "[variables('_solutionId')]" - }, - "author": { - "name": "Microsoft", - "email": "[variables('_email')]" - }, - "support": { - "name": "BitSight Support", - "email": "support@bitsight.com", - "tier": "Partner", - "link": "https://www.bitsight.com/customer-success-support" - } - } - }, - { - "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates", - "apiVersion": "2023-04-01-preview", - "name": "[variables('parserObject4').parserTemplateSpecName4]", - "location": "[parameters('workspace-location')]", - "dependsOn": [ - "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" - ], - "properties": { - "description": "BitSightCompanyRatingDetails Data Parser with template version 3.2.0", - "mainTemplate": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "[variables('parserObject4').parserVersion4]", - "parameters": {}, - "variables": {}, - "resources": [ - { - "name": "[variables('parserObject4')._parserName4]", - "apiVersion": "2025-07-01", - "type": "Microsoft.OperationalInsights/workspaces/savedSearches", - "location": "[parameters('workspace-location')]", - "properties": { - "eTag": "*", - "displayName": "Parser for BitSightCompanyRatingDetails", - "category": "Microsoft Sentinel Parser", - "functionAlias": "BitSightCompanyRatingDetails", - "query": "BitSightCompanyRatingDetails_CL\n| summarize arg_max(TimeGenerated, *) by CompanyGuid, RiskVectorLabel\n| extend\n EventVendor = \"BitSight\",\n EventProduct = \"CompanyRatingDetails\"\n| project\n TimeGenerated,\n EventVendor,\n EventProduct,\n CompanyName,\n CompanyGuid,\n RiskVectorSlug,\n RiskVectorLabel,\n RiskCategory,\n CategoryOrder,\n Rating,\n Grade,\n Percentile,\n GradeColor,\n RiskVectorOrder,\n DisplayUrl,\n Beta,\n ConnectorName\n", - "functionParameters": "", - "version": 2, - "tags": [ - { - "name": "description", - "value": "" - } - ] - } - }, - { - "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", - "apiVersion": "2022-01-01-preview", - "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Parser-', last(split(variables('parserObject4')._parserId4,'/'))))]", - "dependsOn": [ - "[variables('parserObject4')._parserId4]" - ], - "properties": { - "parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'BitSightCompanyRatingDetails')]", - "contentId": "[variables('parserObject4').parserContentId4]", - "kind": "Parser", - "version": "[variables('parserObject4').parserVersion4]", - "source": { - "name": "BitSight", - "kind": "Solution", - "sourceId": "[variables('_solutionId')]" - }, - "author": { - "name": "Microsoft", - "email": "[variables('_email')]" - }, - "support": { - "name": "BitSight Support", - "email": "support@bitsight.com", - "tier": "Partner", - "link": "https://www.bitsight.com/customer-success-support" - } - } - } - ] - }, - "packageKind": "Solution", - "packageVersion": "[variables('_solutionVersion')]", - "packageName": "[variables('_solutionName')]", - "packageId": "[variables('_solutionId')]", - "contentSchemaVersion": "3.0.0", - "contentId": "[variables('parserObject4').parserContentId4]", - "contentKind": "Parser", - "displayName": "Parser for BitSightCompanyRatingDetails", - "contentProductId": "[concat(take(variables('_solutionId'),50),'-','pr','-', uniqueString(concat(variables('_solutionId'),'-','Parser','-',variables('parserObject4').parserContentId4,'-', '1.0.0')))]", - "id": "[concat(take(variables('_solutionId'),50),'-','pr','-', uniqueString(concat(variables('_solutionId'),'-','Parser','-',variables('parserObject4').parserContentId4,'-', '1.0.0')))]", - "version": "[variables('parserObject4').parserVersion4]" - } - }, - { - "type": "Microsoft.OperationalInsights/workspaces/savedSearches", - "apiVersion": "2025-07-01", - "name": "[variables('parserObject4')._parserName4]", - "location": "[parameters('workspace-location')]", - "properties": { - "eTag": "*", - "displayName": "Parser for BitSightCompanyRatingDetails", - "category": "Microsoft Sentinel Parser", - "functionAlias": "BitSightCompanyRatingDetails", - "query": "BitSightCompanyRatingDetails_CL\n| summarize arg_max(TimeGenerated, *) by CompanyGuid, RiskVectorLabel\n| extend\n EventVendor = \"BitSight\",\n EventProduct = \"CompanyRatingDetails\"\n| project\n TimeGenerated,\n EventVendor,\n EventProduct,\n CompanyName,\n CompanyGuid,\n RiskVectorSlug,\n RiskVectorLabel,\n RiskCategory,\n CategoryOrder,\n Rating,\n Grade,\n Percentile,\n GradeColor,\n RiskVectorOrder,\n DisplayUrl,\n Beta,\n ConnectorName\n", - "functionParameters": "", - "version": 2, - "tags": [ - { - "name": "description", - "value": "" - } - ] - } - }, - { - "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", - "apiVersion": "2022-01-01-preview", - "location": "[parameters('workspace-location')]", - "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Parser-', last(split(variables('parserObject4')._parserId4,'/'))))]", - "dependsOn": [ - "[variables('parserObject4')._parserId4]" - ], - "properties": { - "parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'BitSightCompanyRatingDetails')]", - "contentId": "[variables('parserObject4').parserContentId4]", - "kind": "Parser", - "version": "[variables('parserObject4').parserVersion4]", - "source": { - "kind": "Solution", - "name": "BitSight", - "sourceId": "[variables('_solutionId')]" - }, - "author": { - "name": "Microsoft", - "email": "[variables('_email')]" - }, - "support": { - "name": "BitSight Support", - "email": "support@bitsight.com", - "tier": "Partner", - "link": "https://www.bitsight.com/customer-success-support" - } - } - }, - { - "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates", - "apiVersion": "2023-04-01-preview", - "name": "[variables('parserObject5').parserTemplateSpecName5]", - "location": "[parameters('workspace-location')]", - "dependsOn": [ - "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" - ], - "properties": { - "description": "BitSightCompanyRatings Data Parser with template version 3.2.0", - "mainTemplate": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "[variables('parserObject5').parserVersion5]", - "parameters": {}, - "variables": {}, - "resources": [ - { - "name": "[variables('parserObject5')._parserName5]", - "apiVersion": "2025-07-01", - "type": "Microsoft.OperationalInsights/workspaces/savedSearches", - "location": "[parameters('workspace-location')]", - "properties": { - "eTag": "*", - "displayName": "Parser for BitSightCompanyRatings", - "category": "Microsoft Sentinel Parser", - "functionAlias": "BitSightCompanyRatings", - "query": "union isfuzzy=true\n (\n BitsightCompany_rating_details_CL\n | extend\n EventVendor = \"BitSight\",\n EventProduct = \"CompanyRating\",\n CompanyName = column_ifexists('Company_name', ''),\n Beta = column_ifexists('beta', ''),\n Category = column_ifexists('category', ''),\n CategoryOrder = column_ifexists('category_order', ''),\n DisplayURL = column_ifexists('display_url', ''),\n Grade = column_ifexists('grade', ''),\n GradeColor = column_ifexists('grade_color', ''),\n Name = column_ifexists('name', ''),\n Order = column_ifexists('order', ''),\n Percentile = column_ifexists('percentile', ''),\n Rating = column_ifexists('rating', '')\n | project\n TimeGenerated,\n EventVendor,\n EventProduct,\n CompanyName,\n Beta,\n Category,\n CategoryOrder,\n DisplayURL,\n Grade,\n GradeColor,\n Name,\n Order,\n Percentile,\n Rating\n ),\n (\n BitSightCompanyRatingDetails_CL\n | summarize arg_max(TimeGenerated, *) by CompanyGuid, RiskVectorLabel\n | extend\n EventVendor = \"BitSight\",\n EventProduct = \"CompanyRating\"\n | project\n TimeGenerated,\n EventVendor,\n EventProduct,\n CompanyName,\n CompanyGuid,\n RiskVectorSlug,\n RiskVectorLabel,\n RiskCategory,\n CategoryOrder,\n Rating,\n Grade,\n Percentile,\n GradeColor,\n RiskVectorOrder,\n DisplayUrl,\n Beta,\n ConnectorName\n )\n", - "functionParameters": "", - "version": 2, - "tags": [ - { - "name": "description", - "value": "" - } - ] - } - }, - { - "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", - "apiVersion": "2022-01-01-preview", - "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Parser-', last(split(variables('parserObject5')._parserId5,'/'))))]", - "dependsOn": [ - "[variables('parserObject5')._parserId5]" - ], - "properties": { - "parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'BitSightCompanyRatings')]", - "contentId": "[variables('parserObject5').parserContentId5]", - "kind": "Parser", - "version": "[variables('parserObject5').parserVersion5]", - "source": { - "name": "BitSight", - "kind": "Solution", - "sourceId": "[variables('_solutionId')]" - }, - "author": { - "name": "Microsoft", - "email": "[variables('_email')]" - }, - "support": { - "name": "BitSight Support", - "email": "support@bitsight.com", - "tier": "Partner", - "link": "https://www.bitsight.com/customer-success-support" - } - } - } - ] - }, - "packageKind": "Solution", - "packageVersion": "[variables('_solutionVersion')]", - "packageName": "[variables('_solutionName')]", - "packageId": "[variables('_solutionId')]", - "contentSchemaVersion": "3.0.0", - "contentId": "[variables('parserObject5').parserContentId5]", - "contentKind": "Parser", - "displayName": "Parser for BitSightCompanyRatings", - "contentProductId": "[concat(take(variables('_solutionId'),50),'-','pr','-', uniqueString(concat(variables('_solutionId'),'-','Parser','-',variables('parserObject5').parserContentId5,'-', '1.1.0')))]", - "id": "[concat(take(variables('_solutionId'),50),'-','pr','-', uniqueString(concat(variables('_solutionId'),'-','Parser','-',variables('parserObject5').parserContentId5,'-', '1.1.0')))]", - "version": "[variables('parserObject5').parserVersion5]" - } - }, - { - "type": "Microsoft.OperationalInsights/workspaces/savedSearches", - "apiVersion": "2025-07-01", - "name": "[variables('parserObject5')._parserName5]", - "location": "[parameters('workspace-location')]", - "properties": { - "eTag": "*", - "displayName": "Parser for BitSightCompanyRatings", - "category": "Microsoft Sentinel Parser", - "functionAlias": "BitSightCompanyRatings", - "query": "union isfuzzy=true\n (\n BitsightCompany_rating_details_CL\n | extend\n EventVendor = \"BitSight\",\n EventProduct = \"CompanyRating\",\n CompanyName = column_ifexists('Company_name', ''),\n Beta = column_ifexists('beta', ''),\n Category = column_ifexists('category', ''),\n CategoryOrder = column_ifexists('category_order', ''),\n DisplayURL = column_ifexists('display_url', ''),\n Grade = column_ifexists('grade', ''),\n GradeColor = column_ifexists('grade_color', ''),\n Name = column_ifexists('name', ''),\n Order = column_ifexists('order', ''),\n Percentile = column_ifexists('percentile', ''),\n Rating = column_ifexists('rating', '')\n | project\n TimeGenerated,\n EventVendor,\n EventProduct,\n CompanyName,\n Beta,\n Category,\n CategoryOrder,\n DisplayURL,\n Grade,\n GradeColor,\n Name,\n Order,\n Percentile,\n Rating\n ),\n (\n BitSightCompanyRatingDetails_CL\n | summarize arg_max(TimeGenerated, *) by CompanyGuid, RiskVectorLabel\n | extend\n EventVendor = \"BitSight\",\n EventProduct = \"CompanyRating\"\n | project\n TimeGenerated,\n EventVendor,\n EventProduct,\n CompanyName,\n CompanyGuid,\n RiskVectorSlug,\n RiskVectorLabel,\n RiskCategory,\n CategoryOrder,\n Rating,\n Grade,\n Percentile,\n GradeColor,\n RiskVectorOrder,\n DisplayUrl,\n Beta,\n ConnectorName\n )\n", - "functionParameters": "", - "version": 2, - "tags": [ - { - "name": "description", - "value": "" - } - ] - } - }, - { - "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", - "apiVersion": "2022-01-01-preview", - "location": "[parameters('workspace-location')]", - "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Parser-', last(split(variables('parserObject5')._parserId5,'/'))))]", - "dependsOn": [ - "[variables('parserObject5')._parserId5]" - ], - "properties": { - "parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'BitSightCompanyRatings')]", - "contentId": "[variables('parserObject5').parserContentId5]", - "kind": "Parser", - "version": "[variables('parserObject5').parserVersion5]", - "source": { - "kind": "Solution", - "name": "BitSight", - "sourceId": "[variables('_solutionId')]" - }, - "author": { - "name": "Microsoft", - "email": "[variables('_email')]" - }, - "support": { - "name": "BitSight Support", - "email": "support@bitsight.com", - "tier": "Partner", - "link": "https://www.bitsight.com/customer-success-support" - } - } - }, - { - "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates", - "apiVersion": "2023-04-01-preview", - "name": "[variables('parserObject6').parserTemplateSpecName6]", - "location": "[parameters('workspace-location')]", - "dependsOn": [ - "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" - ], - "properties": { - "description": "BitSightDiligenceHistoricalStatistics Data Parser with template version 3.2.0", - "mainTemplate": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "[variables('parserObject6').parserVersion6]", - "parameters": {}, - "variables": {}, - "resources": [ - { - "name": "[variables('parserObject6')._parserName6]", - "apiVersion": "2025-07-01", - "type": "Microsoft.OperationalInsights/workspaces/savedSearches", - "location": "[parameters('workspace-location')]", - "properties": { - "eTag": "*", - "displayName": "Parser for BitSightDiligenceHistoricalStatistics", - "category": "Microsoft Sentinel Parser", - "functionAlias": "BitSightDiligenceHistoricalStatistics", - "query": "union isfuzzy=true\n (\n BitsightDiligence_historical_statistics_CL\n | extend\n EventVendor = \"BitSight\",\n EventProduct = \"DiligenceHistoricalStatistics\",\n Count = column_ifexists('count', ''),\n Category = column_ifexists('category', ''),\n Date = column_ifexists('date', ''),\n CompanyName = column_ifexists('company_name', '')\n | project\n TimeGenerated,\n EventVendor,\n EventProduct,\n Count,\n Category,\n Date,\n CompanyName\n ),\n (\n BitSightDiligenceHistoricalStatistics_CL\n | summarize arg_max(TimeGenerated, *) by CompanyGuid, RecordDate\n | mv-expand CountEntry = Counts\n | extend\n EventVendor = \"BitSight\",\n EventProduct = \"DiligenceHistoricalStatistics\",\n Count = toint(CountEntry[\"count\"]),\n Category = tostring(CountEntry[\"category\"])\n | project\n TimeGenerated,\n EventVendor,\n EventProduct,\n CompanyName,\n CompanyGuid,\n RecordDate,\n Grade,\n Count,\n Category,\n ConnectorName\n )\n", - "functionParameters": "", - "version": 2, - "tags": [ - { - "name": "description", - "value": "" - } - ] - } - }, - { - "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", - "apiVersion": "2022-01-01-preview", - "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Parser-', last(split(variables('parserObject6')._parserId6,'/'))))]", - "dependsOn": [ - "[variables('parserObject6')._parserId6]" - ], - "properties": { - "parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'BitSightDiligenceHistoricalStatistics')]", - "contentId": "[variables('parserObject6').parserContentId6]", - "kind": "Parser", - "version": "[variables('parserObject6').parserVersion6]", - "source": { - "name": "BitSight", - "kind": "Solution", - "sourceId": "[variables('_solutionId')]" - }, - "author": { - "name": "Microsoft", - "email": "[variables('_email')]" - }, - "support": { - "name": "BitSight Support", - "email": "support@bitsight.com", - "tier": "Partner", - "link": "https://www.bitsight.com/customer-success-support" - } - } - } - ] - }, - "packageKind": "Solution", - "packageVersion": "[variables('_solutionVersion')]", - "packageName": "[variables('_solutionName')]", - "packageId": "[variables('_solutionId')]", - "contentSchemaVersion": "3.0.0", - "contentId": "[variables('parserObject6').parserContentId6]", - "contentKind": "Parser", - "displayName": "Parser for BitSightDiligenceHistoricalStatistics", - "contentProductId": "[concat(take(variables('_solutionId'),50),'-','pr','-', uniqueString(concat(variables('_solutionId'),'-','Parser','-',variables('parserObject6').parserContentId6,'-', '1.1.0')))]", - "id": "[concat(take(variables('_solutionId'),50),'-','pr','-', uniqueString(concat(variables('_solutionId'),'-','Parser','-',variables('parserObject6').parserContentId6,'-', '1.1.0')))]", - "version": "[variables('parserObject6').parserVersion6]" - } - }, - { - "type": "Microsoft.OperationalInsights/workspaces/savedSearches", - "apiVersion": "2025-07-01", - "name": "[variables('parserObject6')._parserName6]", - "location": "[parameters('workspace-location')]", - "properties": { - "eTag": "*", - "displayName": "Parser for BitSightDiligenceHistoricalStatistics", - "category": "Microsoft Sentinel Parser", - "functionAlias": "BitSightDiligenceHistoricalStatistics", - "query": "union isfuzzy=true\n (\n BitsightDiligence_historical_statistics_CL\n | extend\n EventVendor = \"BitSight\",\n EventProduct = \"DiligenceHistoricalStatistics\",\n Count = column_ifexists('count', ''),\n Category = column_ifexists('category', ''),\n Date = column_ifexists('date', ''),\n CompanyName = column_ifexists('company_name', '')\n | project\n TimeGenerated,\n EventVendor,\n EventProduct,\n Count,\n Category,\n Date,\n CompanyName\n ),\n (\n BitSightDiligenceHistoricalStatistics_CL\n | summarize arg_max(TimeGenerated, *) by CompanyGuid, RecordDate\n | mv-expand CountEntry = Counts\n | extend\n EventVendor = \"BitSight\",\n EventProduct = \"DiligenceHistoricalStatistics\",\n Count = toint(CountEntry[\"count\"]),\n Category = tostring(CountEntry[\"category\"])\n | project\n TimeGenerated,\n EventVendor,\n EventProduct,\n CompanyName,\n CompanyGuid,\n RecordDate,\n Grade,\n Count,\n Category,\n ConnectorName\n )\n", - "functionParameters": "", - "version": 2, - "tags": [ - { - "name": "description", - "value": "" - } - ] - } - }, - { - "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", - "apiVersion": "2022-01-01-preview", - "location": "[parameters('workspace-location')]", - "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Parser-', last(split(variables('parserObject6')._parserId6,'/'))))]", - "dependsOn": [ - "[variables('parserObject6')._parserId6]" - ], - "properties": { - "parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'BitSightDiligenceHistoricalStatistics')]", - "contentId": "[variables('parserObject6').parserContentId6]", - "kind": "Parser", - "version": "[variables('parserObject6').parserVersion6]", - "source": { - "kind": "Solution", - "name": "BitSight", - "sourceId": "[variables('_solutionId')]" - }, - "author": { - "name": "Microsoft", - "email": "[variables('_email')]" - }, - "support": { - "name": "BitSight Support", - "email": "support@bitsight.com", - "tier": "Partner", - "link": "https://www.bitsight.com/customer-success-support" - } - } - }, - { - "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates", - "apiVersion": "2023-04-01-preview", - "name": "[variables('parserObject7').parserTemplateSpecName7]", - "location": "[parameters('workspace-location')]", - "dependsOn": [ - "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" - ], - "properties": { - "description": "BitSightDiligenceStatistics Data Parser with template version 3.2.0", - "mainTemplate": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "[variables('parserObject7').parserVersion7]", - "parameters": {}, - "variables": {}, - "resources": [ - { - "name": "[variables('parserObject7')._parserName7]", - "apiVersion": "2025-07-01", - "type": "Microsoft.OperationalInsights/workspaces/savedSearches", - "location": "[parameters('workspace-location')]", - "properties": { - "eTag": "*", - "displayName": "Parser for BitSightDiligenceStatistics", - "category": "Microsoft Sentinel Parser", - "functionAlias": "BitSightDiligenceStatistics", - "query": "union isfuzzy=true\n (\n BitsightDiligence_statistics_CL\n | extend\n EventVendor = \"BitSight\",\n EventProduct = \"DiligenceStatistics\",\n Unknown = column_ifexists('unknown', ''),\n Bad = column_ifexists('bad', ''),\n Warn = column_ifexists('warn', ''),\n Neutral = column_ifexists('neutral', ''),\n Fair = column_ifexists('fair', ''),\n Good = column_ifexists('good', ''),\n RiskVector = column_ifexists('risk_vector', ''),\n CompanyName = column_ifexists('Company_name', ''),\n SpearPhishing = column_ifexists('spear_phishing', ''),\n BitFlip = column_ifexists('bit_flip', ''),\n TypographicalErrors = column_ifexists('typographical_errors', ''),\n TLDVariant = column_ifexists('tld_variant', ''),\n TotalCount = column_ifexists('total_count', '')\n | project\n TimeGenerated,\n EventVendor,\n EventProduct,\n Unknown,\n Bad,\n Warn,\n Neutral,\n Fair,\n Good,\n RiskVector,\n CompanyName,\n SpearPhishing,\n BitFlip,\n TypographicalErrors,\n TLDVariant,\n TotalCount\n ),\n (\n BitSightDiligenceStatistics_CL\n | extend\n EventVendor = \"BitSight\",\n EventProduct = \"DiligenceStatistics\"\n | project\n TimeGenerated,\n EventVendor,\n EventProduct,\n CompanyName,\n CompanyGuid,\n RiskVector,\n Unknown,\n Bad,\n Warn,\n Neutral,\n Fair,\n Good,\n SpearPhishing,\n BitFlip,\n TypographicalErrors,\n TldVariant,\n TotalCount,\n ConnectorName\n )\n", - "functionParameters": "", - "version": 2, - "tags": [ - { - "name": "description", - "value": "" - } - ] - } - }, - { - "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", - "apiVersion": "2022-01-01-preview", - "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Parser-', last(split(variables('parserObject7')._parserId7,'/'))))]", - "dependsOn": [ - "[variables('parserObject7')._parserId7]" - ], - "properties": { - "parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'BitSightDiligenceStatistics')]", - "contentId": "[variables('parserObject7').parserContentId7]", - "kind": "Parser", - "version": "[variables('parserObject7').parserVersion7]", - "source": { - "name": "BitSight", - "kind": "Solution", - "sourceId": "[variables('_solutionId')]" - }, - "author": { - "name": "Microsoft", - "email": "[variables('_email')]" - }, - "support": { - "name": "BitSight Support", - "email": "support@bitsight.com", - "tier": "Partner", - "link": "https://www.bitsight.com/customer-success-support" - } - } - } - ] - }, - "packageKind": "Solution", - "packageVersion": "[variables('_solutionVersion')]", - "packageName": "[variables('_solutionName')]", - "packageId": "[variables('_solutionId')]", - "contentSchemaVersion": "3.0.0", - "contentId": "[variables('parserObject7').parserContentId7]", - "contentKind": "Parser", - "displayName": "Parser for BitSightDiligenceStatistics", - "contentProductId": "[concat(take(variables('_solutionId'),50),'-','pr','-', uniqueString(concat(variables('_solutionId'),'-','Parser','-',variables('parserObject7').parserContentId7,'-', '1.1.0')))]", - "id": "[concat(take(variables('_solutionId'),50),'-','pr','-', uniqueString(concat(variables('_solutionId'),'-','Parser','-',variables('parserObject7').parserContentId7,'-', '1.1.0')))]", - "version": "[variables('parserObject7').parserVersion7]" - } - }, - { - "type": "Microsoft.OperationalInsights/workspaces/savedSearches", - "apiVersion": "2025-07-01", - "name": "[variables('parserObject7')._parserName7]", - "location": "[parameters('workspace-location')]", - "properties": { - "eTag": "*", - "displayName": "Parser for BitSightDiligenceStatistics", - "category": "Microsoft Sentinel Parser", - "functionAlias": "BitSightDiligenceStatistics", - "query": "union isfuzzy=true\n (\n BitsightDiligence_statistics_CL\n | extend\n EventVendor = \"BitSight\",\n EventProduct = \"DiligenceStatistics\",\n Unknown = column_ifexists('unknown', ''),\n Bad = column_ifexists('bad', ''),\n Warn = column_ifexists('warn', ''),\n Neutral = column_ifexists('neutral', ''),\n Fair = column_ifexists('fair', ''),\n Good = column_ifexists('good', ''),\n RiskVector = column_ifexists('risk_vector', ''),\n CompanyName = column_ifexists('Company_name', ''),\n SpearPhishing = column_ifexists('spear_phishing', ''),\n BitFlip = column_ifexists('bit_flip', ''),\n TypographicalErrors = column_ifexists('typographical_errors', ''),\n TLDVariant = column_ifexists('tld_variant', ''),\n TotalCount = column_ifexists('total_count', '')\n | project\n TimeGenerated,\n EventVendor,\n EventProduct,\n Unknown,\n Bad,\n Warn,\n Neutral,\n Fair,\n Good,\n RiskVector,\n CompanyName,\n SpearPhishing,\n BitFlip,\n TypographicalErrors,\n TLDVariant,\n TotalCount\n ),\n (\n BitSightDiligenceStatistics_CL\n | extend\n EventVendor = \"BitSight\",\n EventProduct = \"DiligenceStatistics\"\n | project\n TimeGenerated,\n EventVendor,\n EventProduct,\n CompanyName,\n CompanyGuid,\n RiskVector,\n Unknown,\n Bad,\n Warn,\n Neutral,\n Fair,\n Good,\n SpearPhishing,\n BitFlip,\n TypographicalErrors,\n TldVariant,\n TotalCount,\n ConnectorName\n )\n", - "functionParameters": "", - "version": 2, - "tags": [ - { - "name": "description", - "value": "" - } - ] - } - }, - { - "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", - "apiVersion": "2022-01-01-preview", - "location": "[parameters('workspace-location')]", - "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Parser-', last(split(variables('parserObject7')._parserId7,'/'))))]", - "dependsOn": [ - "[variables('parserObject7')._parserId7]" - ], - "properties": { - "parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'BitSightDiligenceStatistics')]", - "contentId": "[variables('parserObject7').parserContentId7]", - "kind": "Parser", - "version": "[variables('parserObject7').parserVersion7]", - "source": { - "kind": "Solution", - "name": "BitSight", - "sourceId": "[variables('_solutionId')]" - }, - "author": { - "name": "Microsoft", - "email": "[variables('_email')]" - }, - "support": { - "name": "BitSight Support", - "email": "support@bitsight.com", - "tier": "Partner", - "link": "https://www.bitsight.com/customer-success-support" - } - } - }, - { - "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates", - "apiVersion": "2023-04-01-preview", - "name": "[variables('parserObject8').parserTemplateSpecName8]", - "location": "[parameters('workspace-location')]", - "dependsOn": [ - "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" - ], - "properties": { - "description": "BitSightFindingsData Data Parser with template version 3.2.0", - "mainTemplate": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "[variables('parserObject8').parserVersion8]", - "parameters": {}, - "variables": {}, - "resources": [ - { - "name": "[variables('parserObject8')._parserName8]", - "apiVersion": "2025-07-01", - "type": "Microsoft.OperationalInsights/workspaces/savedSearches", - "location": "[parameters('workspace-location')]", - "properties": { - "eTag": "*", - "displayName": "Parser for BitSightFindingsData", - "category": "Microsoft Sentinel Parser", - "functionAlias": "BitSightFindingsData", - "query": "union isfuzzy=true\n (\n BitsightFindings_data_CL\n | extend\n EventVendor = \"BitSight\",\n EventProduct = \"FindingsData\",\n RemediationHistoryLastRequestedRefreshDate = column_ifexists('remediation_history_last_requested_refresh_date', ''),\n RemediationHistoryLastRefreshStatusDate = column_ifexists('remediation_history_last_refresh_status_date', ''),\n RemediationHistoryLastRefreshStatusLabel = column_ifexists('remediation_history_last_refresh_status_label', ''),\n RemediationHistoryLastRefreshReasonCode = column_ifexists('remediation_history_last_refresh_reason_code', ''),\n Comments = column_ifexists('comments', ''),\n TemporaryId = column_ifexists('temporary_id', ''),\n PcapID = column_ifexists('pcap_id', ''),\n AffectsRating = column_ifexists('affects_rating', ''),\n Assets = column_ifexists('assets', ''),\n Details = column_ifexists('details', ''),\n EvidenceKey = column_ifexists('evidence_key', ''),\n FirstSeen = column_ifexists('first_seen', ''),\n LastSeen = column_ifexists('last_seen', ''),\n RelatedFindings = column_ifexists('related_findings', ''),\n RiskCategory = column_ifexists('risk_category', ''),\n RiskVector = column_ifexists('risk_vector', ''),\n RiskVectorLabel = column_ifexists('risk_vector_label', ''),\n RolledupObservationId = column_ifexists('rolledup_observation_id', ''),\n Severity = column_ifexists('severity', ''),\n SeverityCategory = column_ifexists('severity_category', ''),\n Tags = column_ifexists('tags', ''),\n AssetOverrides = column_ifexists('asset_overrides', ''),\n Duration = column_ifexists('duration', ''),\n AttributedCompanies = column_ifexists('attributed_companies', ''),\n CompanyName = column_ifexists('company_name', ''),\n RemainingDecay = column_ifexists('remaining_decay', '')\n | project\n TimeGenerated,\n EventVendor,\n EventProduct,\n RemediationHistoryLastRequestedRefreshDate,\n RemediationHistoryLastRefreshStatusDate,\n RemediationHistoryLastRefreshStatusLabel,\n RemediationHistoryLastRefreshReasonCode,\n Comments,\n TemporaryId,\n PcapID,\n AffectsRating,\n Assets,\n Details,\n EvidenceKey,\n FirstSeen,\n LastSeen,\n RelatedFindings,\n RiskCategory,\n RiskVector,\n RiskVectorLabel,\n RolledupObservationId,\n Severity,\n SeverityCategory,\n Tags,\n AssetOverrides,\n Duration,\n AttributedCompanies,\n CompanyName,\n RemainingDecay\n ),\n (\n BitSightFindings_CL\n | extend\n EventVendor = \"BitSight\",\n EventProduct = \"FindingsData\"\n | project\n TimeGenerated,\n EventVendor,\n EventProduct,\n TemporaryId,\n CompanyName,\n CompanyGuid,\n RiskCategory,\n RiskVector,\n RiskVectorLabel,\n SeverityCategory,\n Severity,\n FirstSeen,\n LastSeen,\n CurrentlyActive,\n AssetCategory,\n Assets,\n Details,\n EvidenceKey,\n AttributedCompanies,\n RemediationHistory,\n AffectsRating,\n Comments,\n Duration,\n GracePeriodEndDate,\n GuestNetworkEndDate,\n ImpactsRiskVectorDetails,\n NoRvGradeImpactEndDate,\n RelatedFindings,\n RemainingDecay,\n Remediated,\n RolledupObservationId,\n Tags,\n ConnectorName\n )\n", - "functionParameters": "", - "version": 2, - "tags": [ - { - "name": "description", - "value": "" - } - ] - } - }, - { - "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", - "apiVersion": "2022-01-01-preview", - "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Parser-', last(split(variables('parserObject8')._parserId8,'/'))))]", - "dependsOn": [ - "[variables('parserObject8')._parserId8]" - ], - "properties": { - "parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'BitSightFindingsData')]", - "contentId": "[variables('parserObject8').parserContentId8]", - "kind": "Parser", - "version": "[variables('parserObject8').parserVersion8]", - "source": { - "name": "BitSight", - "kind": "Solution", - "sourceId": "[variables('_solutionId')]" - }, - "author": { - "name": "Microsoft", - "email": "[variables('_email')]" - }, - "support": { - "name": "BitSight Support", - "email": "support@bitsight.com", - "tier": "Partner", - "link": "https://www.bitsight.com/customer-success-support" - } - } - } - ] - }, - "packageKind": "Solution", - "packageVersion": "[variables('_solutionVersion')]", - "packageName": "[variables('_solutionName')]", - "packageId": "[variables('_solutionId')]", - "contentSchemaVersion": "3.0.0", - "contentId": "[variables('parserObject8').parserContentId8]", - "contentKind": "Parser", - "displayName": "Parser for BitSightFindingsData", - "contentProductId": "[concat(take(variables('_solutionId'),50),'-','pr','-', uniqueString(concat(variables('_solutionId'),'-','Parser','-',variables('parserObject8').parserContentId8,'-', '1.1.0')))]", - "id": "[concat(take(variables('_solutionId'),50),'-','pr','-', uniqueString(concat(variables('_solutionId'),'-','Parser','-',variables('parserObject8').parserContentId8,'-', '1.1.0')))]", - "version": "[variables('parserObject8').parserVersion8]" - } - }, - { - "type": "Microsoft.OperationalInsights/workspaces/savedSearches", - "apiVersion": "2025-07-01", - "name": "[variables('parserObject8')._parserName8]", - "location": "[parameters('workspace-location')]", - "properties": { - "eTag": "*", - "displayName": "Parser for BitSightFindingsData", - "category": "Microsoft Sentinel Parser", - "functionAlias": "BitSightFindingsData", - "query": "union isfuzzy=true\n (\n BitsightFindings_data_CL\n | extend\n EventVendor = \"BitSight\",\n EventProduct = \"FindingsData\",\n RemediationHistoryLastRequestedRefreshDate = column_ifexists('remediation_history_last_requested_refresh_date', ''),\n RemediationHistoryLastRefreshStatusDate = column_ifexists('remediation_history_last_refresh_status_date', ''),\n RemediationHistoryLastRefreshStatusLabel = column_ifexists('remediation_history_last_refresh_status_label', ''),\n RemediationHistoryLastRefreshReasonCode = column_ifexists('remediation_history_last_refresh_reason_code', ''),\n Comments = column_ifexists('comments', ''),\n TemporaryId = column_ifexists('temporary_id', ''),\n PcapID = column_ifexists('pcap_id', ''),\n AffectsRating = column_ifexists('affects_rating', ''),\n Assets = column_ifexists('assets', ''),\n Details = column_ifexists('details', ''),\n EvidenceKey = column_ifexists('evidence_key', ''),\n FirstSeen = column_ifexists('first_seen', ''),\n LastSeen = column_ifexists('last_seen', ''),\n RelatedFindings = column_ifexists('related_findings', ''),\n RiskCategory = column_ifexists('risk_category', ''),\n RiskVector = column_ifexists('risk_vector', ''),\n RiskVectorLabel = column_ifexists('risk_vector_label', ''),\n RolledupObservationId = column_ifexists('rolledup_observation_id', ''),\n Severity = column_ifexists('severity', ''),\n SeverityCategory = column_ifexists('severity_category', ''),\n Tags = column_ifexists('tags', ''),\n AssetOverrides = column_ifexists('asset_overrides', ''),\n Duration = column_ifexists('duration', ''),\n AttributedCompanies = column_ifexists('attributed_companies', ''),\n CompanyName = column_ifexists('company_name', ''),\n RemainingDecay = column_ifexists('remaining_decay', '')\n | project\n TimeGenerated,\n EventVendor,\n EventProduct,\n RemediationHistoryLastRequestedRefreshDate,\n RemediationHistoryLastRefreshStatusDate,\n RemediationHistoryLastRefreshStatusLabel,\n RemediationHistoryLastRefreshReasonCode,\n Comments,\n TemporaryId,\n PcapID,\n AffectsRating,\n Assets,\n Details,\n EvidenceKey,\n FirstSeen,\n LastSeen,\n RelatedFindings,\n RiskCategory,\n RiskVector,\n RiskVectorLabel,\n RolledupObservationId,\n Severity,\n SeverityCategory,\n Tags,\n AssetOverrides,\n Duration,\n AttributedCompanies,\n CompanyName,\n RemainingDecay\n ),\n (\n BitSightFindings_CL\n | extend\n EventVendor = \"BitSight\",\n EventProduct = \"FindingsData\"\n | project\n TimeGenerated,\n EventVendor,\n EventProduct,\n TemporaryId,\n CompanyName,\n CompanyGuid,\n RiskCategory,\n RiskVector,\n RiskVectorLabel,\n SeverityCategory,\n Severity,\n FirstSeen,\n LastSeen,\n CurrentlyActive,\n AssetCategory,\n Assets,\n Details,\n EvidenceKey,\n AttributedCompanies,\n RemediationHistory,\n AffectsRating,\n Comments,\n Duration,\n GracePeriodEndDate,\n GuestNetworkEndDate,\n ImpactsRiskVectorDetails,\n NoRvGradeImpactEndDate,\n RelatedFindings,\n RemainingDecay,\n Remediated,\n RolledupObservationId,\n Tags,\n ConnectorName\n )\n", - "functionParameters": "", - "version": 2, - "tags": [ - { - "name": "description", - "value": "" - } - ] - } - }, - { - "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", - "apiVersion": "2022-01-01-preview", - "location": "[parameters('workspace-location')]", - "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Parser-', last(split(variables('parserObject8')._parserId8,'/'))))]", - "dependsOn": [ - "[variables('parserObject8')._parserId8]" - ], - "properties": { - "parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'BitSightFindingsData')]", - "contentId": "[variables('parserObject8').parserContentId8]", - "kind": "Parser", - "version": "[variables('parserObject8').parserVersion8]", - "source": { - "kind": "Solution", - "name": "BitSight", - "sourceId": "[variables('_solutionId')]" - }, - "author": { - "name": "Microsoft", - "email": "[variables('_email')]" - }, - "support": { - "name": "BitSight Support", - "email": "support@bitsight.com", - "tier": "Partner", - "link": "https://www.bitsight.com/customer-success-support" - } - } - }, - { - "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates", - "apiVersion": "2023-04-01-preview", - "name": "[variables('parserObject9').parserTemplateSpecName9]", - "location": "[parameters('workspace-location')]", - "dependsOn": [ - "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" - ], - "properties": { - "description": "BitSightFindingsSummary Data Parser with template version 3.2.0", - "mainTemplate": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "[variables('parserObject9').parserVersion9]", - "parameters": {}, - "variables": {}, - "resources": [ - { - "name": "[variables('parserObject9')._parserName9]", - "apiVersion": "2025-07-01", - "type": "Microsoft.OperationalInsights/workspaces/savedSearches", - "location": "[parameters('workspace-location')]", - "properties": { - "eTag": "*", - "displayName": "Parser for BitSightFindingsSummary", - "category": "Microsoft Sentinel Parser", - "functionAlias": "BitSightFindingsSummary", - "query": "union isfuzzy=true\n (\n BitsightFindings_summary_CL\n | extend\n EventVendor = \"BitSight\",\n EventProduct = \"FindingsSummary\",\n Company = column_ifexists('Company', ''),\n Confidence = column_ifexists('confidence', ''),\n EndDate = column_ifexists('end_date', ''),\n EventCount = column_ifexists('event_count', ''),\n FirstSeen = column_ifexists('first_seen', ''),\n HostCount = column_ifexists('host_count', ''),\n Id = column_ifexists('id', ''),\n Name = column_ifexists('name', ''),\n Severity = column_ifexists('severity', ''),\n StartDate = column_ifexists('start_date', ''),\n Description = column_ifexists('description', '')\n | project\n TimeGenerated,\n EventVendor,\n EventProduct,\n Company,\n Confidence,\n EndDate,\n EventCount,\n FirstSeen,\n HostCount,\n Id,\n Name,\n Severity,\n StartDate,\n Description\n ),\n (\n BitSightFindingsSummary_CL\n | summarize arg_max(TimeGenerated, *) by CompanyGuid, StartDate, EndDate\n | mv-expand StatEntry = Stats\n | extend\n EventVendor = \"BitSight\",\n EventProduct = \"FindingsSummary\",\n StatName = tostring(StatEntry[\"name\"]),\n StatId = tostring(StatEntry[\"id\"]),\n Confidence = tostring(StatEntry[\"confidence\"]),\n EventCount = toint(StatEntry[\"event_count\"]),\n HostCount = toint(StatEntry[\"host_count\"]),\n FirstSeen = tostring(StatEntry[\"first_seen\"])\n | join kind=leftouter (\n BitsightVulnerabilitiesFindingsSummary_CL\n | summarize arg_max(TimeGenerated, *) by DisplayName\n | project DisplayName, VulnSeverity = Severity, VulnDescription = Description\n ) on $left.StatName == $right.DisplayName\n | project\n TimeGenerated,\n EventVendor,\n EventProduct,\n CompanyName,\n CompanyGuid,\n StartDate,\n EndDate,\n StatName,\n StatId,\n Confidence,\n EventCount,\n HostCount,\n FirstSeen,\n VulnSeverity,\n VulnDescription,\n ConnectorName\n )\n", - "functionParameters": "", - "version": 2, - "tags": [ - { - "name": "description", - "value": "" - } - ] - } - }, - { - "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", - "apiVersion": "2022-01-01-preview", - "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Parser-', last(split(variables('parserObject9')._parserId9,'/'))))]", - "dependsOn": [ - "[variables('parserObject9')._parserId9]" - ], - "properties": { - "parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'BitSightFindingsSummary')]", - "contentId": "[variables('parserObject9').parserContentId9]", - "kind": "Parser", - "version": "[variables('parserObject9').parserVersion9]", - "source": { - "name": "BitSight", - "kind": "Solution", - "sourceId": "[variables('_solutionId')]" - }, - "author": { - "name": "Microsoft", - "email": "[variables('_email')]" - }, - "support": { - "name": "BitSight Support", - "email": "support@bitsight.com", - "tier": "Partner", - "link": "https://www.bitsight.com/customer-success-support" - } - } - } - ] - }, - "packageKind": "Solution", - "packageVersion": "[variables('_solutionVersion')]", - "packageName": "[variables('_solutionName')]", - "packageId": "[variables('_solutionId')]", - "contentSchemaVersion": "3.0.0", - "contentId": "[variables('parserObject9').parserContentId9]", - "contentKind": "Parser", - "displayName": "Parser for BitSightFindingsSummary", - "contentProductId": "[concat(take(variables('_solutionId'),50),'-','pr','-', uniqueString(concat(variables('_solutionId'),'-','Parser','-',variables('parserObject9').parserContentId9,'-', '1.1.0')))]", - "id": "[concat(take(variables('_solutionId'),50),'-','pr','-', uniqueString(concat(variables('_solutionId'),'-','Parser','-',variables('parserObject9').parserContentId9,'-', '1.1.0')))]", - "version": "[variables('parserObject9').parserVersion9]" - } - }, - { - "type": "Microsoft.OperationalInsights/workspaces/savedSearches", - "apiVersion": "2025-07-01", - "name": "[variables('parserObject9')._parserName9]", - "location": "[parameters('workspace-location')]", - "properties": { - "eTag": "*", - "displayName": "Parser for BitSightFindingsSummary", - "category": "Microsoft Sentinel Parser", - "functionAlias": "BitSightFindingsSummary", - "query": "union isfuzzy=true\n (\n BitsightFindings_summary_CL\n | extend\n EventVendor = \"BitSight\",\n EventProduct = \"FindingsSummary\",\n Company = column_ifexists('Company', ''),\n Confidence = column_ifexists('confidence', ''),\n EndDate = column_ifexists('end_date', ''),\n EventCount = column_ifexists('event_count', ''),\n FirstSeen = column_ifexists('first_seen', ''),\n HostCount = column_ifexists('host_count', ''),\n Id = column_ifexists('id', ''),\n Name = column_ifexists('name', ''),\n Severity = column_ifexists('severity', ''),\n StartDate = column_ifexists('start_date', ''),\n Description = column_ifexists('description', '')\n | project\n TimeGenerated,\n EventVendor,\n EventProduct,\n Company,\n Confidence,\n EndDate,\n EventCount,\n FirstSeen,\n HostCount,\n Id,\n Name,\n Severity,\n StartDate,\n Description\n ),\n (\n BitSightFindingsSummary_CL\n | summarize arg_max(TimeGenerated, *) by CompanyGuid, StartDate, EndDate\n | mv-expand StatEntry = Stats\n | extend\n EventVendor = \"BitSight\",\n EventProduct = \"FindingsSummary\",\n StatName = tostring(StatEntry[\"name\"]),\n StatId = tostring(StatEntry[\"id\"]),\n Confidence = tostring(StatEntry[\"confidence\"]),\n EventCount = toint(StatEntry[\"event_count\"]),\n HostCount = toint(StatEntry[\"host_count\"]),\n FirstSeen = tostring(StatEntry[\"first_seen\"])\n | join kind=leftouter (\n BitsightVulnerabilitiesFindingsSummary_CL\n | summarize arg_max(TimeGenerated, *) by DisplayName\n | project DisplayName, VulnSeverity = Severity, VulnDescription = Description\n ) on $left.StatName == $right.DisplayName\n | project\n TimeGenerated,\n EventVendor,\n EventProduct,\n CompanyName,\n CompanyGuid,\n StartDate,\n EndDate,\n StatName,\n StatId,\n Confidence,\n EventCount,\n HostCount,\n FirstSeen,\n VulnSeverity,\n VulnDescription,\n ConnectorName\n )\n", - "functionParameters": "", - "version": 2, - "tags": [ - { - "name": "description", - "value": "" - } - ] - } - }, - { - "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", - "apiVersion": "2022-01-01-preview", - "location": "[parameters('workspace-location')]", - "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Parser-', last(split(variables('parserObject9')._parserId9,'/'))))]", - "dependsOn": [ - "[variables('parserObject9')._parserId9]" - ], - "properties": { - "parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'BitSightFindingsSummary')]", - "contentId": "[variables('parserObject9').parserContentId9]", - "kind": "Parser", - "version": "[variables('parserObject9').parserVersion9]", - "source": { - "kind": "Solution", - "name": "BitSight", - "sourceId": "[variables('_solutionId')]" - }, - "author": { - "name": "Microsoft", - "email": "[variables('_email')]" - }, - "support": { - "name": "BitSight Support", - "email": "support@bitsight.com", - "tier": "Partner", - "link": "https://www.bitsight.com/customer-success-support" - } - } - }, - { - "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates", - "apiVersion": "2023-04-01-preview", - "name": "[variables('parserObject10').parserTemplateSpecName10]", - "location": "[parameters('workspace-location')]", - "dependsOn": [ - "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" - ], - "properties": { - "description": "BitSightGraphData Data Parser with template version 3.2.0", - "mainTemplate": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "[variables('parserObject10').parserVersion10]", - "parameters": {}, - "variables": {}, - "resources": [ - { - "name": "[variables('parserObject10')._parserName10]", - "apiVersion": "2025-07-01", - "type": "Microsoft.OperationalInsights/workspaces/savedSearches", - "location": "[parameters('workspace-location')]", - "properties": { - "eTag": "*", - "displayName": "Parser for BitSightGraphData", - "category": "Microsoft Sentinel Parser", - "functionAlias": "BitSightGraphData", - "query": "union isfuzzy=true\n (\n BitsightGraph_data_CL\n | extend\n EventVendor = \"BitSight\",\n EventProduct = \"GraphData\",\n RatingDate = column_ifexists('Rating_Date', ''),\n Rating = column_ifexists('Rating', ''),\n CompanyName = column_ifexists('Company_name', ''),\n RatingDifferance = column_ifexists('Rating_differance', '')\n | project\n TimeGenerated,\n EventVendor,\n EventProduct,\n RatingDate,\n Rating,\n CompanyName,\n RatingDifferance\n ),\n (\n BitSightCompanyDetails_CL\n | summarize arg_max(TimeGenerated, *) by Guid\n | mv-expand RatingEntry = Ratings\n | extend\n EventVendor = \"BitSight\",\n EventProduct = \"GraphData\",\n CompanyName = Name,\n RatingDate = tostring(RatingEntry[\"rating_date\"]),\n Rating = toint(RatingEntry[\"rating\"]),\n RatingRange = tostring(RatingEntry[\"range\"]),\n RatingColor = tostring(RatingEntry[\"rating_color\"])\n | sort by Guid asc, RatingDate asc\n | serialize\n | extend\n PrevGuid = prev(Guid, 1),\n PrevRating = prev(Rating, 1)\n | extend\n RatingDifference = iff(Guid == PrevGuid, Rating - PrevRating, int(null)),\n RatingDifferance = iff(Guid == PrevGuid, Rating - PrevRating, int(null))\n | project-away PrevGuid, PrevRating\n | project\n TimeGenerated,\n EventVendor,\n EventProduct,\n CompanyName,\n Guid,\n RatingDate,\n Rating,\n RatingRange,\n RatingColor,\n RatingDifference,\n RatingDifferance,\n ConnectorName\n )\n", - "functionParameters": "", - "version": 2, - "tags": [ - { - "name": "description", - "value": "" - } - ] - } - }, - { - "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", - "apiVersion": "2022-01-01-preview", - "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Parser-', last(split(variables('parserObject10')._parserId10,'/'))))]", - "dependsOn": [ - "[variables('parserObject10')._parserId10]" - ], - "properties": { - "parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'BitSightGraphData')]", - "contentId": "[variables('parserObject10').parserContentId10]", - "kind": "Parser", - "version": "[variables('parserObject10').parserVersion10]", - "source": { - "name": "BitSight", - "kind": "Solution", - "sourceId": "[variables('_solutionId')]" - }, - "author": { - "name": "Microsoft", - "email": "[variables('_email')]" - }, - "support": { - "name": "BitSight Support", - "email": "support@bitsight.com", - "tier": "Partner", - "link": "https://www.bitsight.com/customer-success-support" - } - } - } - ] - }, - "packageKind": "Solution", - "packageVersion": "[variables('_solutionVersion')]", - "packageName": "[variables('_solutionName')]", - "packageId": "[variables('_solutionId')]", - "contentSchemaVersion": "3.0.0", - "contentId": "[variables('parserObject10').parserContentId10]", - "contentKind": "Parser", - "displayName": "Parser for BitSightGraphData", - "contentProductId": "[concat(take(variables('_solutionId'),50),'-','pr','-', uniqueString(concat(variables('_solutionId'),'-','Parser','-',variables('parserObject10').parserContentId10,'-', '1.1.0')))]", - "id": "[concat(take(variables('_solutionId'),50),'-','pr','-', uniqueString(concat(variables('_solutionId'),'-','Parser','-',variables('parserObject10').parserContentId10,'-', '1.1.0')))]", - "version": "[variables('parserObject10').parserVersion10]" - } - }, - { - "type": "Microsoft.OperationalInsights/workspaces/savedSearches", - "apiVersion": "2025-07-01", - "name": "[variables('parserObject10')._parserName10]", - "location": "[parameters('workspace-location')]", - "properties": { - "eTag": "*", - "displayName": "Parser for BitSightGraphData", - "category": "Microsoft Sentinel Parser", - "functionAlias": "BitSightGraphData", - "query": "union isfuzzy=true\n (\n BitsightGraph_data_CL\n | extend\n EventVendor = \"BitSight\",\n EventProduct = \"GraphData\",\n RatingDate = column_ifexists('Rating_Date', ''),\n Rating = column_ifexists('Rating', ''),\n CompanyName = column_ifexists('Company_name', ''),\n RatingDifferance = column_ifexists('Rating_differance', '')\n | project\n TimeGenerated,\n EventVendor,\n EventProduct,\n RatingDate,\n Rating,\n CompanyName,\n RatingDifferance\n ),\n (\n BitSightCompanyDetails_CL\n | summarize arg_max(TimeGenerated, *) by Guid\n | mv-expand RatingEntry = Ratings\n | extend\n EventVendor = \"BitSight\",\n EventProduct = \"GraphData\",\n CompanyName = Name,\n RatingDate = tostring(RatingEntry[\"rating_date\"]),\n Rating = toint(RatingEntry[\"rating\"]),\n RatingRange = tostring(RatingEntry[\"range\"]),\n RatingColor = tostring(RatingEntry[\"rating_color\"])\n | sort by Guid asc, RatingDate asc\n | serialize\n | extend\n PrevGuid = prev(Guid, 1),\n PrevRating = prev(Rating, 1)\n | extend\n RatingDifference = iff(Guid == PrevGuid, Rating - PrevRating, int(null)),\n RatingDifferance = iff(Guid == PrevGuid, Rating - PrevRating, int(null))\n | project-away PrevGuid, PrevRating\n | project\n TimeGenerated,\n EventVendor,\n EventProduct,\n CompanyName,\n Guid,\n RatingDate,\n Rating,\n RatingRange,\n RatingColor,\n RatingDifference,\n RatingDifferance,\n ConnectorName\n )\n", - "functionParameters": "", - "version": 2, - "tags": [ - { - "name": "description", - "value": "" - } - ] - } - }, - { - "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", - "apiVersion": "2022-01-01-preview", - "location": "[parameters('workspace-location')]", - "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Parser-', last(split(variables('parserObject10')._parserId10,'/'))))]", - "dependsOn": [ - "[variables('parserObject10')._parserId10]" - ], - "properties": { - "parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'BitSightGraphData')]", - "contentId": "[variables('parserObject10').parserContentId10]", - "kind": "Parser", - "version": "[variables('parserObject10').parserVersion10]", - "source": { - "kind": "Solution", - "name": "BitSight", - "sourceId": "[variables('_solutionId')]" - }, - "author": { - "name": "Microsoft", - "email": "[variables('_email')]" - }, - "support": { - "name": "BitSight Support", - "email": "support@bitsight.com", - "tier": "Partner", - "link": "https://www.bitsight.com/customer-success-support" - } - } - }, - { - "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates", - "apiVersion": "2023-04-01-preview", - "name": "[variables('parserObject11').parserTemplateSpecName11]", - "location": "[parameters('workspace-location')]", - "dependsOn": [ - "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" - ], - "properties": { - "description": "BitSightIndustrialStatistics Data Parser with template version 3.2.0", - "mainTemplate": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "[variables('parserObject11').parserVersion11]", - "parameters": {}, - "variables": {}, - "resources": [ - { - "name": "[variables('parserObject11')._parserName11]", - "apiVersion": "2025-07-01", - "type": "Microsoft.OperationalInsights/workspaces/savedSearches", - "location": "[parameters('workspace-location')]", - "properties": { - "eTag": "*", - "displayName": "Parser for BitSightIndustrialStatistics", - "category": "Microsoft Sentinel Parser", - "functionAlias": "BitSightIndustrialStatistics", - "query": "union isfuzzy=true\n (\n BitsightIndustrial_statistics_CL\n | extend\n EventVendor = \"BitSight\",\n EventProduct = \"IndustrialStatistics\",\n Count = column_ifexists('count', ''),\n CountPeriod = column_ifexists('count_period', ''),\n AverageDurationDays = column_ifexists('average_duration_days', ''),\n RiskVector = column_ifexists('risk_vector', ''),\n CompanyName = column_ifexists('Company_name', '')\n | project\n TimeGenerated,\n EventVendor,\n EventProduct,\n Count,\n CountPeriod,\n AverageDurationDays,\n RiskVector,\n CompanyName\n ),\n (\n BitsightIndustrialStatistics_CL\n | extend\n EventVendor = \"BitSight\",\n EventProduct = \"IndustrialStatistics\"\n | project\n TimeGenerated,\n EventVendor,\n EventProduct,\n CompanyName,\n CompanyGuid,\n RiskVector,\n IncidentCount,\n CountPeriod,\n AverageDurationDays,\n ConnectorName\n )\n", - "functionParameters": "", - "version": 2, - "tags": [ - { - "name": "description", - "value": "" - } - ] - } - }, - { - "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", - "apiVersion": "2022-01-01-preview", - "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Parser-', last(split(variables('parserObject11')._parserId11,'/'))))]", - "dependsOn": [ - "[variables('parserObject11')._parserId11]" - ], - "properties": { - "parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'BitSightIndustrialStatistics')]", - "contentId": "[variables('parserObject11').parserContentId11]", - "kind": "Parser", - "version": "[variables('parserObject11').parserVersion11]", - "source": { - "name": "BitSight", - "kind": "Solution", - "sourceId": "[variables('_solutionId')]" - }, - "author": { - "name": "Microsoft", - "email": "[variables('_email')]" - }, - "support": { - "name": "BitSight Support", - "email": "support@bitsight.com", - "tier": "Partner", - "link": "https://www.bitsight.com/customer-success-support" - } - } - } - ] - }, - "packageKind": "Solution", - "packageVersion": "[variables('_solutionVersion')]", - "packageName": "[variables('_solutionName')]", - "packageId": "[variables('_solutionId')]", - "contentSchemaVersion": "3.0.0", - "contentId": "[variables('parserObject11').parserContentId11]", - "contentKind": "Parser", - "displayName": "Parser for BitSightIndustrialStatistics", - "contentProductId": "[concat(take(variables('_solutionId'),50),'-','pr','-', uniqueString(concat(variables('_solutionId'),'-','Parser','-',variables('parserObject11').parserContentId11,'-', '1.1.0')))]", - "id": "[concat(take(variables('_solutionId'),50),'-','pr','-', uniqueString(concat(variables('_solutionId'),'-','Parser','-',variables('parserObject11').parserContentId11,'-', '1.1.0')))]", - "version": "[variables('parserObject11').parserVersion11]" - } - }, - { - "type": "Microsoft.OperationalInsights/workspaces/savedSearches", - "apiVersion": "2025-07-01", - "name": "[variables('parserObject11')._parserName11]", - "location": "[parameters('workspace-location')]", - "properties": { - "eTag": "*", - "displayName": "Parser for BitSightIndustrialStatistics", - "category": "Microsoft Sentinel Parser", - "functionAlias": "BitSightIndustrialStatistics", - "query": "union isfuzzy=true\n (\n BitsightIndustrial_statistics_CL\n | extend\n EventVendor = \"BitSight\",\n EventProduct = \"IndustrialStatistics\",\n Count = column_ifexists('count', ''),\n CountPeriod = column_ifexists('count_period', ''),\n AverageDurationDays = column_ifexists('average_duration_days', ''),\n RiskVector = column_ifexists('risk_vector', ''),\n CompanyName = column_ifexists('Company_name', '')\n | project\n TimeGenerated,\n EventVendor,\n EventProduct,\n Count,\n CountPeriod,\n AverageDurationDays,\n RiskVector,\n CompanyName\n ),\n (\n BitsightIndustrialStatistics_CL\n | extend\n EventVendor = \"BitSight\",\n EventProduct = \"IndustrialStatistics\"\n | project\n TimeGenerated,\n EventVendor,\n EventProduct,\n CompanyName,\n CompanyGuid,\n RiskVector,\n IncidentCount,\n CountPeriod,\n AverageDurationDays,\n ConnectorName\n )\n", - "functionParameters": "", - "version": 2, - "tags": [ - { - "name": "description", - "value": "" - } - ] - } - }, - { - "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", - "apiVersion": "2022-01-01-preview", - "location": "[parameters('workspace-location')]", - "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Parser-', last(split(variables('parserObject11')._parserId11,'/'))))]", - "dependsOn": [ - "[variables('parserObject11')._parserId11]" - ], - "properties": { - "parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'BitSightIndustrialStatistics')]", - "contentId": "[variables('parserObject11').parserContentId11]", - "kind": "Parser", - "version": "[variables('parserObject11').parserVersion11]", - "source": { - "kind": "Solution", - "name": "BitSight", - "sourceId": "[variables('_solutionId')]" - }, - "author": { - "name": "Microsoft", - "email": "[variables('_email')]" - }, - "support": { - "name": "BitSight Support", - "email": "support@bitsight.com", - "tier": "Partner", - "link": "https://www.bitsight.com/customer-success-support" - } - } - }, - { - "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates", - "apiVersion": "2023-04-01-preview", - "name": "[variables('parserObject12').parserTemplateSpecName12]", - "location": "[parameters('workspace-location')]", - "dependsOn": [ - "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" - ], - "properties": { - "description": "BitSightObservationStatistics Data Parser with template version 3.2.0", - "mainTemplate": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "[variables('parserObject12').parserVersion12]", - "parameters": {}, - "variables": {}, - "resources": [ - { - "name": "[variables('parserObject12')._parserName12]", - "apiVersion": "2025-07-01", - "type": "Microsoft.OperationalInsights/workspaces/savedSearches", - "location": "[parameters('workspace-location')]", - "properties": { - "eTag": "*", - "displayName": "Parser for BitSightObservationStatistics", - "category": "Microsoft Sentinel Parser", - "functionAlias": "BitSightObservationStatistics", - "query": "union isfuzzy=true\n (\n BitsightObservation_statistics_CL\n | extend\n EventVendor = \"BitSight\",\n EventProduct = \"ObservationStatistics\",\n Count = column_ifexists('count', ''),\n CountPeriod = column_ifexists('count_period', ''),\n AverageDurationDays = column_ifexists('average_duration_days', ''),\n RiskVector = column_ifexists('risk_vector', ''),\n CompanyName = column_ifexists('Company_name', '')\n | project\n TimeGenerated,\n EventVendor,\n EventProduct,\n Count,\n CountPeriod,\n AverageDurationDays,\n RiskVector,\n CompanyName\n ),\n (\n BitSightObservationStatistics_CL\n | extend\n EventVendor = \"BitSight\",\n EventProduct = \"ObservationStatistics\"\n | project\n TimeGenerated,\n EventVendor,\n EventProduct,\n CompanyName,\n CompanyGuid,\n RiskVector,\n ObservationCount,\n CountPeriod,\n AverageDurationDays,\n ConnectorName\n )\n", - "functionParameters": "", - "version": 2, - "tags": [ - { - "name": "description", - "value": "" - } - ] - } - }, - { - "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", - "apiVersion": "2022-01-01-preview", - "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Parser-', last(split(variables('parserObject12')._parserId12,'/'))))]", - "dependsOn": [ - "[variables('parserObject12')._parserId12]" - ], - "properties": { - "parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'BitSightObservationStatistics')]", - "contentId": "[variables('parserObject12').parserContentId12]", - "kind": "Parser", - "version": "[variables('parserObject12').parserVersion12]", - "source": { - "name": "BitSight", - "kind": "Solution", - "sourceId": "[variables('_solutionId')]" - }, - "author": { - "name": "Microsoft", - "email": "[variables('_email')]" - }, - "support": { - "name": "BitSight Support", - "email": "support@bitsight.com", - "tier": "Partner", - "link": "https://www.bitsight.com/customer-success-support" - } - } - } - ] - }, - "packageKind": "Solution", - "packageVersion": "[variables('_solutionVersion')]", - "packageName": "[variables('_solutionName')]", - "packageId": "[variables('_solutionId')]", - "contentSchemaVersion": "3.0.0", - "contentId": "[variables('parserObject12').parserContentId12]", - "contentKind": "Parser", - "displayName": "Parser for BitSightObservationStatistics", - "contentProductId": "[concat(take(variables('_solutionId'),50),'-','pr','-', uniqueString(concat(variables('_solutionId'),'-','Parser','-',variables('parserObject12').parserContentId12,'-', '1.1.0')))]", - "id": "[concat(take(variables('_solutionId'),50),'-','pr','-', uniqueString(concat(variables('_solutionId'),'-','Parser','-',variables('parserObject12').parserContentId12,'-', '1.1.0')))]", - "version": "[variables('parserObject12').parserVersion12]" - } - }, - { - "type": "Microsoft.OperationalInsights/workspaces/savedSearches", - "apiVersion": "2025-07-01", - "name": "[variables('parserObject12')._parserName12]", - "location": "[parameters('workspace-location')]", - "properties": { - "eTag": "*", - "displayName": "Parser for BitSightObservationStatistics", - "category": "Microsoft Sentinel Parser", - "functionAlias": "BitSightObservationStatistics", - "query": "union isfuzzy=true\n (\n BitsightObservation_statistics_CL\n | extend\n EventVendor = \"BitSight\",\n EventProduct = \"ObservationStatistics\",\n Count = column_ifexists('count', ''),\n CountPeriod = column_ifexists('count_period', ''),\n AverageDurationDays = column_ifexists('average_duration_days', ''),\n RiskVector = column_ifexists('risk_vector', ''),\n CompanyName = column_ifexists('Company_name', '')\n | project\n TimeGenerated,\n EventVendor,\n EventProduct,\n Count,\n CountPeriod,\n AverageDurationDays,\n RiskVector,\n CompanyName\n ),\n (\n BitSightObservationStatistics_CL\n | extend\n EventVendor = \"BitSight\",\n EventProduct = \"ObservationStatistics\"\n | project\n TimeGenerated,\n EventVendor,\n EventProduct,\n CompanyName,\n CompanyGuid,\n RiskVector,\n ObservationCount,\n CountPeriod,\n AverageDurationDays,\n ConnectorName\n )\n", - "functionParameters": "", - "version": 2, - "tags": [ - { - "name": "description", - "value": "" - } - ] - } - }, - { - "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", - "apiVersion": "2022-01-01-preview", - "location": "[parameters('workspace-location')]", - "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Parser-', last(split(variables('parserObject12')._parserId12,'/'))))]", - "dependsOn": [ - "[variables('parserObject12')._parserId12]" - ], - "properties": { - "parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'BitSightObservationStatistics')]", - "contentId": "[variables('parserObject12').parserContentId12]", - "kind": "Parser", - "version": "[variables('parserObject12').parserVersion12]", - "source": { - "kind": "Solution", - "name": "BitSight", - "sourceId": "[variables('_solutionId')]" - }, - "author": { - "name": "Microsoft", - "email": "[variables('_email')]" - }, - "support": { - "name": "BitSight Support", - "email": "support@bitsight.com", - "tier": "Partner", - "link": "https://www.bitsight.com/customer-success-support" - } - } - }, - { - "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates", - "apiVersion": "2023-04-01-preview", - "name": "[variables('parserObject13').parserTemplateSpecName13]", - "location": "[parameters('workspace-location')]", - "dependsOn": [ - "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" - ], - "properties": { - "description": "BitSightVulnerabilitiesFindingsSummary Data Parser with template version 3.2.0", - "mainTemplate": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "[variables('parserObject13').parserVersion13]", - "parameters": {}, - "variables": {}, - "resources": [ - { - "name": "[variables('parserObject13')._parserName13]", - "apiVersion": "2025-07-01", - "type": "Microsoft.OperationalInsights/workspaces/savedSearches", - "location": "[parameters('workspace-location')]", - "properties": { - "eTag": "*", - "displayName": "Parser for BitSightVulnerabilitiesFindingsSummary", - "category": "Microsoft Sentinel Parser", - "functionAlias": "BitSightVulnerabilitiesFindingsSummary", - "query": "BitsightVulnerabilitiesFindingsSummary_CL\n| summarize arg_max(TimeGenerated, *) by DisplayName\n| extend\n EventVendor = \"BitSight\",\n EventProduct = \"VulnerabilitiesFindingsSummary\"\n| project\n TimeGenerated,\n EventVendor,\n EventProduct,\n DisplayName,\n Severity,\n Description,\n ConnectorName\n", - "functionParameters": "", - "version": 2, - "tags": [ - { - "name": "description", - "value": "" - } - ] - } - }, - { - "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", - "apiVersion": "2022-01-01-preview", - "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Parser-', last(split(variables('parserObject13')._parserId13,'/'))))]", - "dependsOn": [ - "[variables('parserObject13')._parserId13]" - ], - "properties": { - "parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'BitSightVulnerabilitiesFindingsSummary')]", - "contentId": "[variables('parserObject13').parserContentId13]", - "kind": "Parser", - "version": "[variables('parserObject13').parserVersion13]", - "source": { - "name": "BitSight", - "kind": "Solution", - "sourceId": "[variables('_solutionId')]" - }, - "author": { - "name": "Microsoft", - "email": "[variables('_email')]" - }, - "support": { - "name": "BitSight Support", - "email": "support@bitsight.com", - "tier": "Partner", - "link": "https://www.bitsight.com/customer-success-support" - } - } - } - ] - }, - "packageKind": "Solution", - "packageVersion": "[variables('_solutionVersion')]", - "packageName": "[variables('_solutionName')]", - "packageId": "[variables('_solutionId')]", - "contentSchemaVersion": "3.0.0", - "contentId": "[variables('parserObject13').parserContentId13]", - "contentKind": "Parser", - "displayName": "Parser for BitSightVulnerabilitiesFindingsSummary", - "contentProductId": "[concat(take(variables('_solutionId'),50),'-','pr','-', uniqueString(concat(variables('_solutionId'),'-','Parser','-',variables('parserObject13').parserContentId13,'-', '1.0.0')))]", - "id": "[concat(take(variables('_solutionId'),50),'-','pr','-', uniqueString(concat(variables('_solutionId'),'-','Parser','-',variables('parserObject13').parserContentId13,'-', '1.0.0')))]", - "version": "[variables('parserObject13').parserVersion13]" - } - }, - { - "type": "Microsoft.OperationalInsights/workspaces/savedSearches", - "apiVersion": "2025-07-01", - "name": "[variables('parserObject13')._parserName13]", - "location": "[parameters('workspace-location')]", - "properties": { - "eTag": "*", - "displayName": "Parser for BitSightVulnerabilitiesFindingsSummary", - "category": "Microsoft Sentinel Parser", - "functionAlias": "BitSightVulnerabilitiesFindingsSummary", - "query": "BitsightVulnerabilitiesFindingsSummary_CL\n| summarize arg_max(TimeGenerated, *) by DisplayName\n| extend\n EventVendor = \"BitSight\",\n EventProduct = \"VulnerabilitiesFindingsSummary\"\n| project\n TimeGenerated,\n EventVendor,\n EventProduct,\n DisplayName,\n Severity,\n Description,\n ConnectorName\n", - "functionParameters": "", - "version": 2, - "tags": [ - { - "name": "description", - "value": "" - } - ] - } - }, - { - "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", - "apiVersion": "2022-01-01-preview", - "location": "[parameters('workspace-location')]", - "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Parser-', last(split(variables('parserObject13')._parserId13,'/'))))]", - "dependsOn": [ - "[variables('parserObject13')._parserId13]" - ], - "properties": { - "parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'BitSightVulnerabilitiesFindingsSummary')]", - "contentId": "[variables('parserObject13').parserContentId13]", - "kind": "Parser", - "version": "[variables('parserObject13').parserVersion13]", - "source": { - "kind": "Solution", - "name": "BitSight", - "sourceId": "[variables('_solutionId')]" - }, - "author": { - "name": "Microsoft", - "email": "[variables('_email')]" - }, - "support": { - "name": "BitSight Support", - "email": "support@bitsight.com", - "tier": "Partner", - "link": "https://www.bitsight.com/customer-success-support" - } - } - }, - { - "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates", - "apiVersion": "2023-04-01-preview", - "name": "[variables('dataConnectorTemplateSpecName1')]", - "location": "[parameters('workspace-location')]", - "dependsOn": [ - "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" - ], - "properties": { - "description": "BitSight data connector with template version 3.2.0", - "mainTemplate": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "[variables('dataConnectorVersion1')]", - "parameters": {}, - "variables": {}, - "resources": [ - { - "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',variables('_dataConnectorContentId1'))]", - "apiVersion": "2021-03-01-preview", - "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectors", - "location": "[parameters('workspace-location')]", - "kind": "GenericUI", - "properties": { - "connectorUiConfig": { - "id": "[variables('_uiConfigId1')]", - "title": "Bitsight data connector (using Azure Functions)", - "publisher": "BitSight Technologies, Inc.", - "descriptionMarkdown": "The [BitSight](https://www.BitSight.com/) Data Connector supports evidence-based cyber risk monitoring by bringing BitSight data in Microsoft Sentinel.", - "graphQueries": [ - { - "metricName": "Total Alerts data received", - "legend": "BitsightAlerts_data_CL", - "baseQuery": "BitsightAlerts_data_CL" - }, - { - "metricName": "Total Breaches data received", - "legend": "BitsightBreaches_data_CL", - "baseQuery": "BitsightBreaches_data_CL" - }, - { - "metricName": "Total Company Details received", - "legend": "BitsightCompany_details_CL", - "baseQuery": "BitsightCompany_details_CL" - }, - { - "metricName": "Total Company Ratings received", - "legend": "BitsightCompany_rating_details_CL", - "baseQuery": "BitsightCompany_rating_details_CL" - }, - { - "metricName": "Total Diligence Historical Statistics data received", - "legend": "BitsightDiligence_historical_statistics_CL", - "baseQuery": "BitsightDiligence_historical_statistics_CL" - }, - { - "metricName": "Total Diligence Statistics data received", - "legend": "BitsightDiligence_statistics_CL", - "baseQuery": "BitsightDiligence_statistics_CL" - }, - { - "metricName": "Total Findings data received", - "legend": "BitsightFindings_data_CL", - "baseQuery": "BitsightFindings_data_CL" - }, - { - "metricName": "Total Findings Summary data received", - "legend": "BitsightFindings_summary_CL", - "baseQuery": "BitsightFindings_summary_CL" - }, - { - "metricName": "Total Graph data received", - "legend": "BitsightGraph_data_CL", - "baseQuery": "BitsightGraph_data_CL" - }, - { - "metricName": "Total Industrial Statistics data received", - "legend": "BitsightIndustrial_statistics_CL", - "baseQuery": "BitsightIndustrial_statistics_CL" - }, - { - "metricName": "Total Observation Statistics data received", - "legend": "BitsightObservation_statistics_CL", - "baseQuery": "BitsightObservation_statistics_CL" - } - ], - "sampleQueries": [ - { - "description": "BitSight Alert Events - Alerts Event for all Companies in portfolio.", - "query": "BitsightAlerts_data_CL\n | sort by TimeGenerated desc" - }, - { - "description": "BitSight Breaches Events - Breaches Event for all Companies in portfolio.", - "query": "BitsightBreaches_data_CL\n | sort by TimeGenerated desc" - }, - { - "description": "BitSight Company Details Events - Company Details Event for all Companies in portfolio.", - "query": "BitsightCompany_details_CL\n | sort by TimeGenerated desc" - }, - { - "description": "BitSight Company Ratings Events - Company Ratings Event for all Companies.", - "query": "BitsightCompany_rating_details_CL\n | sort by TimeGenerated desc" - }, - { - "description": "BitSight Diligence Historical Statistics Events - Diligence Historical Statistics Event for all Companies.", - "query": "BitsightDiligence_historical_statistics_CL\n | sort by TimeGenerated desc" - }, - { - "description": "BitSight Diligence Statistics Events - Diligence Statistics Event for all Companies.", - "query": "BitsightDiligence_statistics_CL\n | sort by TimeGenerated desc" - }, - { - "description": "BitSight Findings Events - Findings Event for all Companies.", - "query": "BitsightFindings_data_CL\n | sort by TimeGenerated desc" - }, - { - "description": "BitSight Findings Summary Events - Findings Summary Event for all Companies.", - "query": "BitsightFindings_summary_CL\n | sort by TimeGenerated desc" - }, - { - "description": "BitSight Graph Events - Graph Event for all Companies.", - "query": "BitsightGraph_data_CL\n | sort by TimeGenerated desc" - }, - { - "description": "BitSight Industrial Statistics Events - Industrial Statistics Event for all Companies.", - "query": "BitsightIndustrial_statistics_CL\n | sort by TimeGenerated desc" - }, - { - "description": "BitSight Observation Statistics Events - Observation Statistics Event for all Companies.", - "query": "BitsightObservation_statistics_CL\n | sort by TimeGenerated desc" - } - ], - "dataTypes": [ - { - "name": "BitsightAlerts_data_CL", - "lastDataReceivedQuery": "BitsightAlerts_data_CL\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" - }, - { - "name": "BitsightBreaches_data_CL", - "lastDataReceivedQuery": "BitsightBreaches_data_CL\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" - }, - { - "name": "BitsightCompany_details_CL", - "lastDataReceivedQuery": "BitsightCompany_details_CL\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" - }, - { - "name": "BitsightCompany_rating_details_CL", - "lastDataReceivedQuery": "BitsightCompany_rating_details_CL\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" - }, - { - "name": "BitsightDiligence_historical_statistics_CL", - "lastDataReceivedQuery": "BitsightDiligence_historical_statistics_CL\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" - }, - { - "name": "BitsightDiligence_statistics_CL", - "lastDataReceivedQuery": "BitsightDiligence_statistics_CL\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" - }, - { - "name": "BitsightFindings_data_CL", - "lastDataReceivedQuery": "BitsightFindings_data_CL\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" - }, - { - "name": "BitsightFindings_summary_CL", - "lastDataReceivedQuery": "BitsightFindings_summary_CL\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" - }, - { - "name": "BitsightGraph_data_CL", - "lastDataReceivedQuery": "BitsightGraph_data_CL\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" - }, - { - "name": "BitsightIndustrial_statistics_CL", - "lastDataReceivedQuery": "BitsightIndustrial_statistics_CL\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" - }, - { - "name": "BitsightObservation_statistics_CL", - "lastDataReceivedQuery": "BitsightObservation_statistics_CL\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" - } - ], - "connectivityCriterias": [ - { - "type": "IsConnectedQuery", - "value": [ - "BitsightAlerts_data_CL\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)" - ] - }, - { - "type": "IsConnectedQuery", - "value": [ - "BitsightBreaches_data_CL\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)" - ] - }, - { - "type": "IsConnectedQuery", - "value": [ - "BitsightCompany_details_CL\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)" - ] - }, - { - "type": "IsConnectedQuery", - "value": [ - "BitsightCompany_rating_details_CL\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)" - ] - }, - { - "type": "IsConnectedQuery", - "value": [ - "BitsightDiligence_historical_statistics_CL\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)" - ] - }, - { - "type": "IsConnectedQuery", - "value": [ - "BitsightDiligence_statistics_CL\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)" - ] - }, - { - "type": "IsConnectedQuery", - "value": [ - "BitsightFindings_data_CL\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)" - ] - }, - { - "type": "IsConnectedQuery", - "value": [ - "BitsightFindings_summary_CL\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)" - ] - }, - { - "type": "IsConnectedQuery", - "value": [ - "BitsightGraph_data_CL\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)" - ] - }, - { - "type": "IsConnectedQuery", - "value": [ - "BitsightIndustrial_statistics_CL\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)" - ] - }, - { - "type": "IsConnectedQuery", - "value": [ - "BitsightObservation_statistics_CL\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)" - ] - } - ], - "availability": { - "status": 1, - "isPreview": false - }, - "permissions": { - "resourceProvider": [ - { - "provider": "Microsoft.OperationalInsights/workspaces", - "permissionsDisplayText": "read and write permissions on the workspace are required.", - "providerDisplayName": "Workspace", - "scope": "Workspace", - "requiredPermissions": { - "write": true, - "read": true, - "delete": true - } - }, - { - "provider": "Microsoft.OperationalInsights/workspaces/sharedKeys", - "permissionsDisplayText": "read permissions to shared keys for the workspace are required. [See the documentation to learn more about workspace keys](https://docs.microsoft.com/azure/azure-monitor/platform/agent-windows#obtain-workspace-id-and-key).", - "providerDisplayName": "Keys", - "scope": "Workspace", - "requiredPermissions": { - "action": true - } - } - ], - "customs": [ - { - "name": "Microsoft.Web/sites permissions", - "description": "Read and write permissions to Azure Functions to create a Function App is required. [See the documentation to learn more about Azure Functions](https://docs.microsoft.com/azure/azure-functions/)." - }, - { - "name": "REST API Credentials/permissions", - "description": "BitSight API Token is required. See the documentation to [learn more](https://help.bitsighttech.com/hc/en-us/articles/115014888388-API-Token-Management) about API Token." - } - ] - }, - "instructionSteps": [ - { - "description": ">**NOTE:** This connector uses Azure Functions to connect to the BitSight API to pull its logs into Microsoft Sentinel. This might result in additional data ingestion costs. Check the [Azure Functions pricing page](https://azure.microsoft.com/pricing/details/functions/) for details." - }, - { - "description": ">**(Optional Step)** Securely store workspace and API authorization key(s) or token(s) in Azure Key Vault. Azure Key Vault provides a secure mechanism to store and retrieve key values. [Follow these instructions](https://docs.microsoft.com/azure/app-service/app-service-key-vault-references) to use Azure Key Vault with an Azure Function App." - }, - { - "description": "**STEP 1 - Steps to Create/Get Bitsight API Token**\n\n Follow these instructions to get a BitSight API Token.\n 1. For SPM App: Refer to the [User Preference](https://service.bitsight.com/app/spm/account) tab of your Account page, \n\t\tGo to Settings > Account > User Preferences > API Token.\n 2. For TPRM App: Refer to the [User Preference](https://service.bitsight.com/app/tprm/account) tab of your Account page, \n\t\tGo to Settings > Account > User Preferences > API Token.\n 3. For Classic BitSight: Go to your [Account](https://service.bitsight.com/settings) page, \n\t\tGo to Settings > Account > API Token." - }, - { - "description": "**STEP 2 - App Registration steps for the Application in Microsoft Entra ID**\n\n This integration requires an App registration in the Azure portal. Follow the steps in this section to create a new application in Microsoft Entra ID:\n 1. Sign in to the [Azure portal](https://portal.azure.com/).\n 2. Search for and select **Microsoft Entra ID**.\n 3. Under **Manage**, select **App registrations > New registration**.\n 4. Enter a display **Name** for your application.\n 5. Select **Register** to complete the initial app registration.\n 6. When registration finishes, the Azure portal displays the app registration's Overview pane. You see the **Application (client) ID** and **Tenant ID**. The client ID and Tenant ID is required as configuration parameters for the execution of BitSight Data Connector. \n\n> **Reference link:** [https://learn.microsoft.com/azure/active-directory/develop/quickstart-register-app](https://learn.microsoft.com/azure/active-directory/develop/quickstart-register-app)" - }, - { - "description": "**STEP 3 - Add a client secret for application in Microsoft Entra ID**\n\n Sometimes called an application password, a client secret is a string value required for the execution of BitSight Data Connector. Follow the steps in this section to create a new Client Secret:\n 1. In the Azure portal, in **App registrations**, select your application.\n 2. Select **Certificates & secrets > Client secrets > New client secret**.\n 3. Add a description for your client secret.\n 4. Select an expiration for the secret or specify a custom lifetime. Limit is 24 months.\n 5. Select **Add**. \n 6. *Record the secret's value for use in your client application code. This secret value is never displayed again after you leave this page.* The secret value is required as configuration parameter for the execution of BitSight Data Connector. \n\n> **Reference link:** [https://learn.microsoft.com/azure/active-directory/develop/quickstart-register-app#add-a-client-secret](https://learn.microsoft.com/azure/active-directory/develop/quickstart-register-app#add-a-client-secret)" - }, - { - "description": "**STEP 4 - Get Object ID of your application in Microsoft Entra ID**\n\n After creating your app registration, follow the steps in this section to get Object ID:\n 1. Go to **Microsoft Entra ID**.\n 2. Select **Enterprise applications** from the left menu.\n 3. Find your newly created application in the list (you can search by the name you provided).\n 4. Click on the application.\n 5. On the overview page, copy the **Object ID**. This is the **AzureEntraObjectId** needed for your ARM template role assignment.\n" - }, - { - "description": "**STEP 5 - Assign role of Contributor to application in Microsoft Entra ID**\n\n Follow the steps in this section to assign the role:\n 1. In the Azure portal, Go to **Resource Group** and select your resource group.\n 2. Go to **Access control (IAM)** from left panel.\n 3. Click on **Add**, and then select **Add role assignment**.\n 4. Select **Contributor** as role and click on next.\n 5. In **Assign access to**, select `User, group, or service principal`.\n 6. Click on **add members** and type **your app name** that you have created and select it.\n 7. Now click on **Review + assign** and then again click on **Review + assign**. \n\n> **Reference link:** [https://learn.microsoft.com/azure/role-based-access-control/role-assignments-portal](https://learn.microsoft.com/azure/role-based-access-control/role-assignments-portal)" - }, - { - "description": "**STEP 6 - Choose ONE from the following two deployment options to deploy the connector and the associated Azure Function**\n\n>**IMPORTANT:** Before deploying the BitSight data connector, have the Workspace ID and Workspace Primary Key (can be copied from the following) readily available.., as well as the BitSight API Token.", - "instructions": [ - { - "parameters": { - "fillWith": [ - "WorkspaceId" - ], - "label": "Workspace ID" - }, - "type": "CopyableLabel" - }, - { - "parameters": { - "fillWith": [ - "PrimaryKey" - ], - "label": "Primary Key" - }, - "type": "CopyableLabel" - } - ] - }, - { - "description": "Use this method for automated deployment of the BitSight connector.\n\n1. Click the **Deploy to Azure** button below. \n\n\t[![Deploy To Azure](https://aka.ms/deploytoazurebutton)](https://aka.ms/sentinel-BitSight-azuredeploy)\n2. Select the preferred **Subscription**, **Resource Group** and **Location**. \n3. Enter the below information : \n\n\t a. **FunctionName** - Name of the Azure Function App to be created. Default is BitSight. \n\n\t b. **API_token** - Enter API Token of your BitSight account. \n\n\t c. **Azure_Client_Id** - Enter Azure Client Id that you have created during app registration. \n\n\t d. **Azure_Client_Secret** - Enter Azure Client Secret that you have created during creating the client secret. \n\n\t e. **Azure_Tenant_Id** - Enter Azure Tenant Id of your Microsoft Entra ID. \n\n\t f. **Azure_Entra_Object_Id** - Enter Object id of your Microsoft Entra App. \n\n\t g. **Companies** - Please add valid company names separated by asterisk(*). For example: Actors Films*Goliath Investments LLC*HCL Group*Saperix, Inc. \n\n\t h. **Location** - The location in which the data collection rules and data collection endpoints should be deployed. \n\n\t i. **WorkspaceName** - Log analytics workspace name. Can be found under Log analytics \"Settings\". \n\n\t j. **Portfolio_Companies_Table_Name** - Name of the table to store portfolio companies. Default is BitsightPortfolio_Companies. Please do not keep this field as empty else you will get validation error. \n\n\t k. **Alerts_Table_Name** - Name of the table to store alerts. Default is BitsightAlerts_data. Please do not keep this field as empty else you will get validation error. \n\n\t l. **Breaches_Table_Name** - Name of the table to store breaches. Default is BitsightBreaches_data. Please do not keep this field as empty else you will get validation error. \n\n\t m. **Company_Table_Name** - Name of the table to store company details. Default is BitsightCompany_details. Please do not keep this field as empty else you will get validation error. \n\n\t n. **Company_Rating_Details_Table_Name** - Name of the table to store company rating details. Default is BitsightCompany_rating_details. Please do not keep this field as empty else you will get validation error. \n\n\t o. **Diligence_Historical_Statistics_Table_Name** - Name of the table to store diligence historical statistics. Default is BitsightDiligence_historical_statistics. Please do not keep this field as empty else you will get validation error. \n\n\t p. **Diligence_Statistics_Table_Name** - Name of the table to store diligence statistics. Default is BitsightDiligence_statistics. Please do not keep this field as empty else you will get validation error. \n\n\t q. **Findings_Summary_Table_Name** - Name of the table to store findings summary. Default is BitsightFindings_summary. Please do not keep this field as empty else you will get validation error. \n\n\t r. **Findings_Table_Name** - Name of the table to store findings data. Default is BitsightFindings_data. Please do not keep this field as empty else you will get validation error. \n\n\t s. **Graph_Table_Name** - Name of the table to store graph data. Default is BitsightGraph_data. Please do not keep this field as empty else you will get validation error. \n\n\t t. **Industrial_Statistics_Table_Name** - Name of the table to store industrial statistics. Default is BitsightIndustrial_statistics. Please do not keep this field as empty else you will get validation error. \n\n\t u. **Observation_Statistics_Table_Name** - Name of the table to store observation statistics. Default is BitsightObservation_statistics. Please do not keep this field as empty else you will get validation error. \n\n\t v. **LogLevel** - Select log level or log severity value from DEBUG, INFO, ERROR. By default it is set to INFO. \n\n\t w. **Schedule** - Please enter a valid Quartz cron-expression. (Example: 0 0 * * * *). \n\n\t x. **Schedule_Portfolio** - Please enter a valid Quartz cron-expression. (Example: 0 */30 * * * *). \n\n\t y. **AppInsightsWorkspaceResourceID** - Use 'Log Analytic Workspace-->Properties' blade having 'Resource ID' property value. This is a fully qualified resourceId which is in format '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}'. \n4. Once all application settings have been entered, click **Review + create** to deploy..", - "title": "Option 1 - Azure Resource Manager (ARM) Template" - }, - { - "description": "Use the following step-by-step instructions to deploy the BitSight data connector manually with Azure Functions (Deployment via Visual Studio Code).", - "title": "Option 2 - Manual Deployment of Azure Functions" - }, - { - "description": "**1. Deploy a Function App**\n\n> **NOTE:** You will need to [prepare VS code](https://docs.microsoft.com/azure/azure-functions/functions-create-first-function-python#prerequisites) for Azure function development.\n\n1. Download the [Azure Function App](https://aka.ms/sentinel-BitSight310-functionapp) file. Extract archive to your local development computer.\n2. Start VS Code. Choose File in the main menu and select Open Folder.\n3. Select the top level folder from extracted files.\n4. Choose the Azure icon in the Activity bar, then in the **Azure: Functions** area, choose the **Deploy to function app** button.\nIf you aren't already signed in, choose the Azure icon in the Activity bar, then in the **Azure: Functions** area, choose **Sign in to Azure**\nIf you're already signed in, go to the next step.\n5. Provide the following information at the prompts:\n\n\ta. **Select folder:** Choose a folder from your workspace or browse to one that contains your function app.\n\n\tb. **Select Subscription:** Choose the subscription to use.\n\n\tc. Select **Create new Function App in Azure** (Don't choose the Advanced option)\n\n\td. **Enter a globally unique name for the function app:** Type a name that is valid in a URL path. The name you type is validated to make sure that it's unique in Azure Functions. (e.g. BitSightXXXXX).\n\n\te. **Select a runtime:** Choose Python 3.8 or above.\n\n\tf. Select a location for new resources. For better performance and lower costs choose the same [region](https://azure.microsoft.com/regions/) where Microsoft Sentinel is located.\n\n6. Deployment will begin. A notification is displayed after your function app is created and the deployment package is applied.\n7. Go to Azure Portal for the Function App configuration." - }, - { - "description": "**2. Configure the Function App**\n\n1. In the Function App, select the Function App Name and select **Configuration**.\n2. In the **Application settings** tab, select **+ New application setting**.\n3. Add each of the following application settings individually, with their respective values (case-sensitive): \n\n\t a. **FunctionName** - Name of the Azure Function App to be created. Default is BitSight. \n\n\t b. **API_token** - Enter API Token of your BitSight account. \n\n\t c. **Azure_Client_Id** - Enter Azure Client Id that you have created during app registration. \n\n\t d. **Azure_Client_Secret** - Enter Azure Client Secret that you have created during creating the client secret. \n\n\t e. **Azure_Tenant_Id** - Enter Azure Tenant Id of your Microsoft Entra ID. \n\n\t f. **Azure_Entra_Object_Id** - Enter Object id of your Microsoft Entra App. \n\n\t g. **Companies** - Please add valid company names separated by asterisk(*). For example: Actors Films*Goliath Investments LLC*HCL Group*Saperix, Inc. \n\n\t h. **Location** - The location in which the data collection rules and data collection endpoints should be deployed. \n\n\t i. **WorkspaceName** - Log analytics workspace name. Can be found under Log analytics \"Settings\". \n\n\t j. **Portfolio_Companies_Table_Name** - Name of the table to store portfolio companies. Default is BitsightPortfolio_Companies. Please do not keep this field as empty else you will get validation error. \n\n\t k. **Alerts_Table_Name** - Name of the table to store alerts. Default is BitsightAlerts_data. Please do not keep this field as empty else you will get validation error. \n\n\t l. **Breaches_Table_Name** - Name of the table to store breaches. Default is BitsightBreaches_data. Please do not keep this field as empty else you will get validation error. \n\n\t m. **Company_Table_Name** - Name of the table to store company details. Default is BitsightCompany_details. Please do not keep this field as empty else you will get validation error. \n\n\t n. **Company_Rating_Details_Table_Name** - Name of the table to store company rating details. Default is BitsightCompany_rating_details. Please do not keep this field as empty else you will get validation error. \n\n\t o. **Diligence_Historical_Statistics_Table_Name** - Name of the table to store diligence historical statistics. Default is BitsightDiligence_historical_statistics. Please do not keep this field as empty else you will get validation error. \n\n\t p. **Diligence_Statistics_Table_Name** - Name of the table to store diligence statistics. Default is BitsightDiligence_statistics. Please do not keep this field as empty else you will get validation error. \n\n\t q. **Findings_Summary_Table_Name** - Name of the table to store findings summary. Default is BitsightFindings_summary. Please do not keep this field as empty else you will get validation error. \n\n\t r. **Findings_Table_Name** - Name of the table to store findings data. Default is BitsightFindings_data. Please do not keep this field as empty else you will get validation error. \n\n\t s. **Graph_Table_Name** - Name of the table to store graph data. Default is BitsightGraph_data. Please do not keep this field as empty else you will get validation error. \n\n\t t. **Industrial_Statistics_Table_Name** - Name of the table to store industrial statistics. Default is BitsightIndustrial_statistics. Please do not keep this field as empty else you will get validation error. \n\n\t u. **Observation_Statistics_Table_Name** - Name of the table to store observation statistics. Default is BitsightObservation_statistics. Please do not keep this field as empty else you will get validation error. \n\n\t v. **LogLevel** - Select log level or log severity value from DEBUG, INFO, ERROR. By default it is set to INFO. \n\n\t w. **Schedule** - Please enter a valid Quartz cron-expression. (Example: 0 0 * * * *). \n\n\t x. **Schedule_Portfolio** - Please enter a valid Quartz cron-expression. (Example: 0 */30 * * * *). \n\n\t y. **AppInsightsWorkspaceResourceID** - Use 'Log Analytic Workspace-->Properties' blade having 'Resource ID' property value. This is a fully qualified resourceId which is in format '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}'. \n4. Once all application settings have been entered, click **Save**." - } - ] - } - } - }, - { - "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", - "apiVersion": "2023-04-01-preview", - "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('DataConnector-', last(split(variables('_dataConnectorId1'),'/'))))]", - "properties": { - "parentId": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectors', variables('_dataConnectorContentId1'))]", - "contentId": "[variables('_dataConnectorContentId1')]", - "kind": "DataConnector", - "version": "[variables('dataConnectorVersion1')]", - "source": { - "kind": "Solution", - "name": "BitSight", - "sourceId": "[variables('_solutionId')]" - }, - "author": { - "name": "Microsoft", - "email": "[variables('_email')]" - }, - "support": { - "name": "BitSight Support", - "email": "support@bitsight.com", - "tier": "Partner", - "link": "https://www.bitsight.com/customer-success-support" - } - } - } - ] - }, - "packageKind": "Solution", - "packageVersion": "[variables('_solutionVersion')]", - "packageName": "[variables('_solutionName')]", - "packageId": "[variables('_solutionId')]", - "contentSchemaVersion": "3.0.0", - "contentId": "[variables('_dataConnectorContentId1')]", - "contentKind": "DataConnector", - "displayName": "Bitsight data connector (using Azure Functions)", - "contentProductId": "[variables('_dataConnectorcontentProductId1')]", - "id": "[variables('_dataConnectorcontentProductId1')]", - "version": "[variables('dataConnectorVersion1')]" - } - }, - { - "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", - "apiVersion": "2023-04-01-preview", - "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('DataConnector-', last(split(variables('_dataConnectorId1'),'/'))))]", - "dependsOn": [ - "[variables('_dataConnectorId1')]" - ], - "location": "[parameters('workspace-location')]", - "properties": { - "parentId": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectors', variables('_dataConnectorContentId1'))]", - "contentId": "[variables('_dataConnectorContentId1')]", - "kind": "DataConnector", - "version": "[variables('dataConnectorVersion1')]", - "source": { - "kind": "Solution", - "name": "BitSight", - "sourceId": "[variables('_solutionId')]" - }, - "author": { - "name": "Microsoft", - "email": "[variables('_email')]" - }, - "support": { - "name": "BitSight Support", - "email": "support@bitsight.com", - "tier": "Partner", - "link": "https://www.bitsight.com/customer-success-support" - } - } - }, - { - "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',variables('_dataConnectorContentId1'))]", - "apiVersion": "2021-03-01-preview", - "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectors", - "location": "[parameters('workspace-location')]", - "kind": "GenericUI", - "properties": { - "connectorUiConfig": { - "title": "Bitsight data connector (using Azure Functions)", - "publisher": "BitSight Technologies, Inc.", - "descriptionMarkdown": "The [BitSight](https://www.BitSight.com/) Data Connector supports evidence-based cyber risk monitoring by bringing BitSight data in Microsoft Sentinel.", - "graphQueries": [ - { - "metricName": "Total Alerts data received", - "legend": "BitsightAlerts_data_CL", - "baseQuery": "BitsightAlerts_data_CL" - }, - { - "metricName": "Total Breaches data received", - "legend": "BitsightBreaches_data_CL", - "baseQuery": "BitsightBreaches_data_CL" - }, - { - "metricName": "Total Company Details received", - "legend": "BitsightCompany_details_CL", - "baseQuery": "BitsightCompany_details_CL" - }, - { - "metricName": "Total Company Ratings received", - "legend": "BitsightCompany_rating_details_CL", - "baseQuery": "BitsightCompany_rating_details_CL" - }, - { - "metricName": "Total Diligence Historical Statistics data received", - "legend": "BitsightDiligence_historical_statistics_CL", - "baseQuery": "BitsightDiligence_historical_statistics_CL" - }, - { - "metricName": "Total Diligence Statistics data received", - "legend": "BitsightDiligence_statistics_CL", - "baseQuery": "BitsightDiligence_statistics_CL" - }, - { - "metricName": "Total Findings data received", - "legend": "BitsightFindings_data_CL", - "baseQuery": "BitsightFindings_data_CL" - }, - { - "metricName": "Total Findings Summary data received", - "legend": "BitsightFindings_summary_CL", - "baseQuery": "BitsightFindings_summary_CL" - }, - { - "metricName": "Total Graph data received", - "legend": "BitsightGraph_data_CL", - "baseQuery": "BitsightGraph_data_CL" - }, - { - "metricName": "Total Industrial Statistics data received", - "legend": "BitsightIndustrial_statistics_CL", - "baseQuery": "BitsightIndustrial_statistics_CL" - }, - { - "metricName": "Total Observation Statistics data received", - "legend": "BitsightObservation_statistics_CL", - "baseQuery": "BitsightObservation_statistics_CL" - } - ], - "dataTypes": [ - { - "name": "BitsightAlerts_data_CL", - "lastDataReceivedQuery": "BitsightAlerts_data_CL\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" - }, - { - "name": "BitsightBreaches_data_CL", - "lastDataReceivedQuery": "BitsightBreaches_data_CL\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" - }, - { - "name": "BitsightCompany_details_CL", - "lastDataReceivedQuery": "BitsightCompany_details_CL\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" - }, - { - "name": "BitsightCompany_rating_details_CL", - "lastDataReceivedQuery": "BitsightCompany_rating_details_CL\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" - }, - { - "name": "BitsightDiligence_historical_statistics_CL", - "lastDataReceivedQuery": "BitsightDiligence_historical_statistics_CL\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" - }, - { - "name": "BitsightDiligence_statistics_CL", - "lastDataReceivedQuery": "BitsightDiligence_statistics_CL\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" - }, - { - "name": "BitsightFindings_data_CL", - "lastDataReceivedQuery": "BitsightFindings_data_CL\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" - }, - { - "name": "BitsightFindings_summary_CL", - "lastDataReceivedQuery": "BitsightFindings_summary_CL\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" - }, - { - "name": "BitsightGraph_data_CL", - "lastDataReceivedQuery": "BitsightGraph_data_CL\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" - }, - { - "name": "BitsightIndustrial_statistics_CL", - "lastDataReceivedQuery": "BitsightIndustrial_statistics_CL\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" - }, - { - "name": "BitsightObservation_statistics_CL", - "lastDataReceivedQuery": "BitsightObservation_statistics_CL\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" - } - ], - "connectivityCriterias": [ - { - "type": "IsConnectedQuery", - "value": [ - "BitsightAlerts_data_CL\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)" - ] - }, - { - "type": "IsConnectedQuery", - "value": [ - "BitsightBreaches_data_CL\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)" - ] - }, - { - "type": "IsConnectedQuery", - "value": [ - "BitsightCompany_details_CL\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)" - ] - }, - { - "type": "IsConnectedQuery", - "value": [ - "BitsightCompany_rating_details_CL\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)" - ] - }, - { - "type": "IsConnectedQuery", - "value": [ - "BitsightDiligence_historical_statistics_CL\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)" - ] - }, - { - "type": "IsConnectedQuery", - "value": [ - "BitsightDiligence_statistics_CL\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)" - ] - }, - { - "type": "IsConnectedQuery", - "value": [ - "BitsightFindings_data_CL\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)" - ] - }, - { - "type": "IsConnectedQuery", - "value": [ - "BitsightFindings_summary_CL\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)" - ] - }, - { - "type": "IsConnectedQuery", - "value": [ - "BitsightGraph_data_CL\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)" - ] - }, - { - "type": "IsConnectedQuery", - "value": [ - "BitsightIndustrial_statistics_CL\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)" - ] - }, - { - "type": "IsConnectedQuery", - "value": [ - "BitsightObservation_statistics_CL\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)" - ] - } - ], - "sampleQueries": [ - { - "description": "BitSight Alert Events - Alerts Event for all Companies in portfolio.", - "query": "BitsightAlerts_data_CL\n | sort by TimeGenerated desc" - }, - { - "description": "BitSight Breaches Events - Breaches Event for all Companies in portfolio.", - "query": "BitsightBreaches_data_CL\n | sort by TimeGenerated desc" - }, - { - "description": "BitSight Company Details Events - Company Details Event for all Companies in portfolio.", - "query": "BitsightCompany_details_CL\n | sort by TimeGenerated desc" - }, - { - "description": "BitSight Company Ratings Events - Company Ratings Event for all Companies.", - "query": "BitsightCompany_rating_details_CL\n | sort by TimeGenerated desc" - }, - { - "description": "BitSight Diligence Historical Statistics Events - Diligence Historical Statistics Event for all Companies.", - "query": "BitsightDiligence_historical_statistics_CL\n | sort by TimeGenerated desc" - }, - { - "description": "BitSight Diligence Statistics Events - Diligence Statistics Event for all Companies.", - "query": "BitsightDiligence_statistics_CL\n | sort by TimeGenerated desc" - }, - { - "description": "BitSight Findings Events - Findings Event for all Companies.", - "query": "BitsightFindings_data_CL\n | sort by TimeGenerated desc" - }, - { - "description": "BitSight Findings Summary Events - Findings Summary Event for all Companies.", - "query": "BitsightFindings_summary_CL\n | sort by TimeGenerated desc" - }, - { - "description": "BitSight Graph Events - Graph Event for all Companies.", - "query": "BitsightGraph_data_CL\n | sort by TimeGenerated desc" - }, - { - "description": "BitSight Industrial Statistics Events - Industrial Statistics Event for all Companies.", - "query": "BitsightIndustrial_statistics_CL\n | sort by TimeGenerated desc" - }, - { - "description": "BitSight Observation Statistics Events - Observation Statistics Event for all Companies.", - "query": "BitsightObservation_statistics_CL\n | sort by TimeGenerated desc" - } - ], - "availability": { - "status": 1, - "isPreview": false - }, - "permissions": { - "resourceProvider": [ - { - "provider": "Microsoft.OperationalInsights/workspaces", - "permissionsDisplayText": "read and write permissions on the workspace are required.", - "providerDisplayName": "Workspace", - "scope": "Workspace", - "requiredPermissions": { - "write": true, - "read": true, - "delete": true - } - }, - { - "provider": "Microsoft.OperationalInsights/workspaces/sharedKeys", - "permissionsDisplayText": "read permissions to shared keys for the workspace are required. [See the documentation to learn more about workspace keys](https://docs.microsoft.com/azure/azure-monitor/platform/agent-windows#obtain-workspace-id-and-key).", - "providerDisplayName": "Keys", - "scope": "Workspace", - "requiredPermissions": { - "action": true - } - } - ], - "customs": [ - { - "name": "Microsoft.Web/sites permissions", - "description": "Read and write permissions to Azure Functions to create a Function App is required. [See the documentation to learn more about Azure Functions](https://docs.microsoft.com/azure/azure-functions/)." - }, - { - "name": "REST API Credentials/permissions", - "description": "BitSight API Token is required. See the documentation to [learn more](https://help.bitsighttech.com/hc/en-us/articles/115014888388-API-Token-Management) about API Token." - } - ] - }, - "instructionSteps": [ - { - "description": ">**NOTE:** This connector uses Azure Functions to connect to the BitSight API to pull its logs into Microsoft Sentinel. This might result in additional data ingestion costs. Check the [Azure Functions pricing page](https://azure.microsoft.com/pricing/details/functions/) for details." - }, - { - "description": ">**(Optional Step)** Securely store workspace and API authorization key(s) or token(s) in Azure Key Vault. Azure Key Vault provides a secure mechanism to store and retrieve key values. [Follow these instructions](https://docs.microsoft.com/azure/app-service/app-service-key-vault-references) to use Azure Key Vault with an Azure Function App." - }, - { - "description": "**STEP 1 - Steps to Create/Get Bitsight API Token**\n\n Follow these instructions to get a BitSight API Token.\n 1. For SPM App: Refer to the [User Preference](https://service.bitsight.com/app/spm/account) tab of your Account page, \n\t\tGo to Settings > Account > User Preferences > API Token.\n 2. For TPRM App: Refer to the [User Preference](https://service.bitsight.com/app/tprm/account) tab of your Account page, \n\t\tGo to Settings > Account > User Preferences > API Token.\n 3. For Classic BitSight: Go to your [Account](https://service.bitsight.com/settings) page, \n\t\tGo to Settings > Account > API Token." - }, - { - "description": "**STEP 2 - App Registration steps for the Application in Microsoft Entra ID**\n\n This integration requires an App registration in the Azure portal. Follow the steps in this section to create a new application in Microsoft Entra ID:\n 1. Sign in to the [Azure portal](https://portal.azure.com/).\n 2. Search for and select **Microsoft Entra ID**.\n 3. Under **Manage**, select **App registrations > New registration**.\n 4. Enter a display **Name** for your application.\n 5. Select **Register** to complete the initial app registration.\n 6. When registration finishes, the Azure portal displays the app registration's Overview pane. You see the **Application (client) ID** and **Tenant ID**. The client ID and Tenant ID is required as configuration parameters for the execution of BitSight Data Connector. \n\n> **Reference link:** [https://learn.microsoft.com/azure/active-directory/develop/quickstart-register-app](https://learn.microsoft.com/azure/active-directory/develop/quickstart-register-app)" - }, - { - "description": "**STEP 3 - Add a client secret for application in Microsoft Entra ID**\n\n Sometimes called an application password, a client secret is a string value required for the execution of BitSight Data Connector. Follow the steps in this section to create a new Client Secret:\n 1. In the Azure portal, in **App registrations**, select your application.\n 2. Select **Certificates & secrets > Client secrets > New client secret**.\n 3. Add a description for your client secret.\n 4. Select an expiration for the secret or specify a custom lifetime. Limit is 24 months.\n 5. Select **Add**. \n 6. *Record the secret's value for use in your client application code. This secret value is never displayed again after you leave this page.* The secret value is required as configuration parameter for the execution of BitSight Data Connector. \n\n> **Reference link:** [https://learn.microsoft.com/azure/active-directory/develop/quickstart-register-app#add-a-client-secret](https://learn.microsoft.com/azure/active-directory/develop/quickstart-register-app#add-a-client-secret)" - }, - { - "description": "**STEP 4 - Get Object ID of your application in Microsoft Entra ID**\n\n After creating your app registration, follow the steps in this section to get Object ID:\n 1. Go to **Microsoft Entra ID**.\n 2. Select **Enterprise applications** from the left menu.\n 3. Find your newly created application in the list (you can search by the name you provided).\n 4. Click on the application.\n 5. On the overview page, copy the **Object ID**. This is the **AzureEntraObjectId** needed for your ARM template role assignment.\n" - }, - { - "description": "**STEP 5 - Assign role of Contributor to application in Microsoft Entra ID**\n\n Follow the steps in this section to assign the role:\n 1. In the Azure portal, Go to **Resource Group** and select your resource group.\n 2. Go to **Access control (IAM)** from left panel.\n 3. Click on **Add**, and then select **Add role assignment**.\n 4. Select **Contributor** as role and click on next.\n 5. In **Assign access to**, select `User, group, or service principal`.\n 6. Click on **add members** and type **your app name** that you have created and select it.\n 7. Now click on **Review + assign** and then again click on **Review + assign**. \n\n> **Reference link:** [https://learn.microsoft.com/azure/role-based-access-control/role-assignments-portal](https://learn.microsoft.com/azure/role-based-access-control/role-assignments-portal)" - }, - { - "description": "**STEP 6 - Choose ONE from the following two deployment options to deploy the connector and the associated Azure Function**\n\n>**IMPORTANT:** Before deploying the BitSight data connector, have the Workspace ID and Workspace Primary Key (can be copied from the following) readily available.., as well as the BitSight API Token.", - "instructions": [ - { - "parameters": { - "fillWith": [ - "WorkspaceId" - ], - "label": "Workspace ID" - }, - "type": "CopyableLabel" - }, - { - "parameters": { - "fillWith": [ - "PrimaryKey" - ], - "label": "Primary Key" - }, - "type": "CopyableLabel" - } - ] - }, - { - "description": "Use this method for automated deployment of the BitSight connector.\n\n1. Click the **Deploy to Azure** button below. \n\n\t[![Deploy To Azure](https://aka.ms/deploytoazurebutton)](https://aka.ms/sentinel-BitSight-azuredeploy)\n2. Select the preferred **Subscription**, **Resource Group** and **Location**. \n3. Enter the below information : \n\n\t a. **FunctionName** - Name of the Azure Function App to be created. Default is BitSight. \n\n\t b. **API_token** - Enter API Token of your BitSight account. \n\n\t c. **Azure_Client_Id** - Enter Azure Client Id that you have created during app registration. \n\n\t d. **Azure_Client_Secret** - Enter Azure Client Secret that you have created during creating the client secret. \n\n\t e. **Azure_Tenant_Id** - Enter Azure Tenant Id of your Microsoft Entra ID. \n\n\t f. **Azure_Entra_Object_Id** - Enter Object id of your Microsoft Entra App. \n\n\t g. **Companies** - Please add valid company names separated by asterisk(*). For example: Actors Films*Goliath Investments LLC*HCL Group*Saperix, Inc. \n\n\t h. **Location** - The location in which the data collection rules and data collection endpoints should be deployed. \n\n\t i. **WorkspaceName** - Log analytics workspace name. Can be found under Log analytics \"Settings\". \n\n\t j. **Portfolio_Companies_Table_Name** - Name of the table to store portfolio companies. Default is BitsightPortfolio_Companies. Please do not keep this field as empty else you will get validation error. \n\n\t k. **Alerts_Table_Name** - Name of the table to store alerts. Default is BitsightAlerts_data. Please do not keep this field as empty else you will get validation error. \n\n\t l. **Breaches_Table_Name** - Name of the table to store breaches. Default is BitsightBreaches_data. Please do not keep this field as empty else you will get validation error. \n\n\t m. **Company_Table_Name** - Name of the table to store company details. Default is BitsightCompany_details. Please do not keep this field as empty else you will get validation error. \n\n\t n. **Company_Rating_Details_Table_Name** - Name of the table to store company rating details. Default is BitsightCompany_rating_details. Please do not keep this field as empty else you will get validation error. \n\n\t o. **Diligence_Historical_Statistics_Table_Name** - Name of the table to store diligence historical statistics. Default is BitsightDiligence_historical_statistics. Please do not keep this field as empty else you will get validation error. \n\n\t p. **Diligence_Statistics_Table_Name** - Name of the table to store diligence statistics. Default is BitsightDiligence_statistics. Please do not keep this field as empty else you will get validation error. \n\n\t q. **Findings_Summary_Table_Name** - Name of the table to store findings summary. Default is BitsightFindings_summary. Please do not keep this field as empty else you will get validation error. \n\n\t r. **Findings_Table_Name** - Name of the table to store findings data. Default is BitsightFindings_data. Please do not keep this field as empty else you will get validation error. \n\n\t s. **Graph_Table_Name** - Name of the table to store graph data. Default is BitsightGraph_data. Please do not keep this field as empty else you will get validation error. \n\n\t t. **Industrial_Statistics_Table_Name** - Name of the table to store industrial statistics. Default is BitsightIndustrial_statistics. Please do not keep this field as empty else you will get validation error. \n\n\t u. **Observation_Statistics_Table_Name** - Name of the table to store observation statistics. Default is BitsightObservation_statistics. Please do not keep this field as empty else you will get validation error. \n\n\t v. **LogLevel** - Select log level or log severity value from DEBUG, INFO, ERROR. By default it is set to INFO. \n\n\t w. **Schedule** - Please enter a valid Quartz cron-expression. (Example: 0 0 * * * *). \n\n\t x. **Schedule_Portfolio** - Please enter a valid Quartz cron-expression. (Example: 0 */30 * * * *). \n\n\t y. **AppInsightsWorkspaceResourceID** - Use 'Log Analytic Workspace-->Properties' blade having 'Resource ID' property value. This is a fully qualified resourceId which is in format '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}'. \n4. Once all application settings have been entered, click **Review + create** to deploy..", - "title": "Option 1 - Azure Resource Manager (ARM) Template" - }, - { - "description": "Use the following step-by-step instructions to deploy the BitSight data connector manually with Azure Functions (Deployment via Visual Studio Code).", - "title": "Option 2 - Manual Deployment of Azure Functions" - }, - { - "description": "**1. Deploy a Function App**\n\n> **NOTE:** You will need to [prepare VS code](https://docs.microsoft.com/azure/azure-functions/functions-create-first-function-python#prerequisites) for Azure function development.\n\n1. Download the [Azure Function App](https://aka.ms/sentinel-BitSight310-functionapp) file. Extract archive to your local development computer.\n2. Start VS Code. Choose File in the main menu and select Open Folder.\n3. Select the top level folder from extracted files.\n4. Choose the Azure icon in the Activity bar, then in the **Azure: Functions** area, choose the **Deploy to function app** button.\nIf you aren't already signed in, choose the Azure icon in the Activity bar, then in the **Azure: Functions** area, choose **Sign in to Azure**\nIf you're already signed in, go to the next step.\n5. Provide the following information at the prompts:\n\n\ta. **Select folder:** Choose a folder from your workspace or browse to one that contains your function app.\n\n\tb. **Select Subscription:** Choose the subscription to use.\n\n\tc. Select **Create new Function App in Azure** (Don't choose the Advanced option)\n\n\td. **Enter a globally unique name for the function app:** Type a name that is valid in a URL path. The name you type is validated to make sure that it's unique in Azure Functions. (e.g. BitSightXXXXX).\n\n\te. **Select a runtime:** Choose Python 3.8 or above.\n\n\tf. Select a location for new resources. For better performance and lower costs choose the same [region](https://azure.microsoft.com/regions/) where Microsoft Sentinel is located.\n\n6. Deployment will begin. A notification is displayed after your function app is created and the deployment package is applied.\n7. Go to Azure Portal for the Function App configuration." - }, - { - "description": "**2. Configure the Function App**\n\n1. In the Function App, select the Function App Name and select **Configuration**.\n2. In the **Application settings** tab, select **+ New application setting**.\n3. Add each of the following application settings individually, with their respective values (case-sensitive): \n\n\t a. **FunctionName** - Name of the Azure Function App to be created. Default is BitSight. \n\n\t b. **API_token** - Enter API Token of your BitSight account. \n\n\t c. **Azure_Client_Id** - Enter Azure Client Id that you have created during app registration. \n\n\t d. **Azure_Client_Secret** - Enter Azure Client Secret that you have created during creating the client secret. \n\n\t e. **Azure_Tenant_Id** - Enter Azure Tenant Id of your Microsoft Entra ID. \n\n\t f. **Azure_Entra_Object_Id** - Enter Object id of your Microsoft Entra App. \n\n\t g. **Companies** - Please add valid company names separated by asterisk(*). For example: Actors Films*Goliath Investments LLC*HCL Group*Saperix, Inc. \n\n\t h. **Location** - The location in which the data collection rules and data collection endpoints should be deployed. \n\n\t i. **WorkspaceName** - Log analytics workspace name. Can be found under Log analytics \"Settings\". \n\n\t j. **Portfolio_Companies_Table_Name** - Name of the table to store portfolio companies. Default is BitsightPortfolio_Companies. Please do not keep this field as empty else you will get validation error. \n\n\t k. **Alerts_Table_Name** - Name of the table to store alerts. Default is BitsightAlerts_data. Please do not keep this field as empty else you will get validation error. \n\n\t l. **Breaches_Table_Name** - Name of the table to store breaches. Default is BitsightBreaches_data. Please do not keep this field as empty else you will get validation error. \n\n\t m. **Company_Table_Name** - Name of the table to store company details. Default is BitsightCompany_details. Please do not keep this field as empty else you will get validation error. \n\n\t n. **Company_Rating_Details_Table_Name** - Name of the table to store company rating details. Default is BitsightCompany_rating_details. Please do not keep this field as empty else you will get validation error. \n\n\t o. **Diligence_Historical_Statistics_Table_Name** - Name of the table to store diligence historical statistics. Default is BitsightDiligence_historical_statistics. Please do not keep this field as empty else you will get validation error. \n\n\t p. **Diligence_Statistics_Table_Name** - Name of the table to store diligence statistics. Default is BitsightDiligence_statistics. Please do not keep this field as empty else you will get validation error. \n\n\t q. **Findings_Summary_Table_Name** - Name of the table to store findings summary. Default is BitsightFindings_summary. Please do not keep this field as empty else you will get validation error. \n\n\t r. **Findings_Table_Name** - Name of the table to store findings data. Default is BitsightFindings_data. Please do not keep this field as empty else you will get validation error. \n\n\t s. **Graph_Table_Name** - Name of the table to store graph data. Default is BitsightGraph_data. Please do not keep this field as empty else you will get validation error. \n\n\t t. **Industrial_Statistics_Table_Name** - Name of the table to store industrial statistics. Default is BitsightIndustrial_statistics. Please do not keep this field as empty else you will get validation error. \n\n\t u. **Observation_Statistics_Table_Name** - Name of the table to store observation statistics. Default is BitsightObservation_statistics. Please do not keep this field as empty else you will get validation error. \n\n\t v. **LogLevel** - Select log level or log severity value from DEBUG, INFO, ERROR. By default it is set to INFO. \n\n\t w. **Schedule** - Please enter a valid Quartz cron-expression. (Example: 0 0 * * * *). \n\n\t x. **Schedule_Portfolio** - Please enter a valid Quartz cron-expression. (Example: 0 */30 * * * *). \n\n\t y. **AppInsightsWorkspaceResourceID** - Use 'Log Analytic Workspace-->Properties' blade having 'Resource ID' property value. This is a fully qualified resourceId which is in format '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}'. \n4. Once all application settings have been entered, click **Save**." - } - ], - "id": "[variables('_uiConfigId1')]" - } - } - }, - { - "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates", - "apiVersion": "2023-04-01-preview", - "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/', variables('dataConnectorTemplateNameConnectorDefinition2'), variables('dataConnectorCCPVersion'))]", - "location": "[parameters('workspace-location')]", - "dependsOn": [ - "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" - ], - "properties": { - "contentId": "[variables('_dataConnectorContentIdConnectorDefinition2')]", - "displayName": "BitSight Security Events (via Codeless Connector Framework)", - "contentKind": "DataConnector", - "mainTemplate": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "[variables('dataConnectorCCPVersion')]", - "parameters": {}, - "variables": {}, - "resources": [ - { - "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',variables('_dataConnectorContentIdConnectorDefinition2'))]", - "apiVersion": "2022-09-01-preview", - "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectorDefinitions", - "location": "[parameters('workspace-location')]", - "kind": "Customizable", - "properties": { - "connectorUiConfig": { - "id": "BitSightEventsConnector", - "title": "BitSight Security Events (via Codeless Connector Framework)", - "publisher": "Microsoft", - "descriptionMarkdown": "The [BitSight](https://www.bitsight.com/) data connector provides the capability to ingest security alerts, breaches, and findings from your BitSight portfolio into Microsoft Sentinel through the BitSight REST API. The connector monitors portfolio companies for rating changes, news alerts, data breaches, and detailed security findings across Diligence, Compromised Systems, and User Behavior risk categories. Refer to the [BitSight API documentation](https://help.bitsighttech.com/hc/en-us/articles/115014888388-API-Token-Management) for more information.", - "graphQueriesTableName": "BitSightAlerts", - "graphQueries": [ - { - "metricName": "Total Alerts received", - "legend": "BitSight Alerts", - "baseQuery": "{{graphQueriesTableName}}" - }, - { - "metricName": "Total Breaches received", - "legend": "BitSight Breaches", - "baseQuery": "BitSightBreaches" - }, - { - "metricName": "Total Findings received", - "legend": "BitSight Findings", - "baseQuery": "BitSightFindings" - } - ], - "sampleQueries": [ - { - "description": "Get sample of BitSight Alerts", - "query": "BitSightAlerts\n | take 10" - }, - { - "description": "Get recent high-severity alerts", - "query": "BitSightAlerts\n | where severity in ('WARN', 'CRITICAL') and TimeGenerated > ago(7d)\n | project TimeGenerated, company_name, alert_type, severity\n | order by TimeGenerated desc" - }, - { - "description": "Get sample of BitSight Findings", - "query": "BitSightFindings\n | take 10" - }, - { - "description": "Get active severe findings", - "query": "BitSightFindings\n | where currently_active == true and severity_category in ('MATERIAL', 'SEVERE')\n | project TimeGenerated, company_name, risk_vector_label, severity_category, severity, first_seen\n | order by severity desc" - }, - { - "description": "Get sample of BitSight Breaches", - "query": "BitSightBreaches\n | take 10" - } - ], - "dataTypes": [ - { - "name": "{{graphQueriesTableName}}", - "lastDataReceivedQuery": "{{graphQueriesTableName}}\n | where TimeGenerated > ago(12h)\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" - }, - { - "name": "BitSightBreaches", - "lastDataReceivedQuery": "BitSightBreaches\n | where TimeGenerated > ago(12h)\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" - }, - { - "name": "BitSightFindings", - "lastDataReceivedQuery": "BitSightFindings\n | where TimeGenerated > ago(12h)\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" - } - ], - "connectivityCriteria": [ - { - "type": "HasDataConnectors" - } - ], - "availability": { - "isPreview": true, - "status": 1 - }, - "permissions": { - "resourceProvider": [ - { - "provider": "Microsoft.OperationalInsights/workspaces", - "permissionsDisplayText": "Read and Write permissions are required.", - "providerDisplayName": "Workspace", - "scope": "Workspace", - "requiredPermissions": { - "write": true, - "read": true, - "delete": true, - "action": false - } - } - ], - "customs": [ - { - "name": "BitSight API Token", - "description": "A BitSight API Token is required to authenticate requests to the BitSight REST API. [See the documentation](https://help.bitsighttech.com/hc/en-us/articles/115014888388-API-Token-Management) to learn more about API Token management." - } - ] - }, - "instructionSteps": [ - { - "title": "1. Connection Management", - "description": "Manage your BitSight data stream connections", - "instructions": [ - { - "type": "Markdown", - "parameters": { - "content": "## BitSight Connections\n\nManage multiple BitSight data stream connections. Each connection selects a specific data type - **Alerts**, **Breaches**, or **Findings** - and assigns a **Connection Name** that is stored in the `ConnectorName` column of every ingested record.\n\n> **Authentication**: BitSight uses HTTP Basic Authentication where the API token is used as **both** the username and password." - } - }, - { - "type": "DataConnectorsGrid", - "parameters": { - "mapping": [ - { - "columnName": "Connection Name", - "columnValue": "properties.addOnAttributes.friendlyName" - }, - { - "columnName": "Data Stream", - "columnValue": "properties.addOnAttributes.userStream" - }, - { - "columnName": "API URL", - "columnValue": "properties.request.apiEndpoint" - } - ], - "menuItems": [ - "DeleteConnector" - ] - } - }, - { - "type": "ContextPane", - "parameters": { - "isPrimary": true, - "label": "Add Connection", - "title": "Add BitSight Connection", - "subtitle": "Configure a new BitSight data stream connection", - "contextPaneType": "DataConnectorsContextPane", - "instructionSteps": [ - { - "instructions": [ - { - "type": "Markdown", - "parameters": { - "content": "## 1. Select Data Stream\n\nChoose which BitSight data type to collect for this connection. Create separate connections for each stream you want to ingest." - } - }, - { - "type": "Dropdown", - "parameters": { - "label": "Data Stream", - "name": "dataStream", - "options": [ - { - "key": "ALERTS", - "text": "Alerts - Rating changes and news events (BitSightAlerts)" - }, - { - "key": "BREACHES", - "text": "Breaches - Data breach events for portfolio companies (BitSightBreaches)" - }, - { - "key": "DILIGENCE", - "text": "Diligence Findings - Web, app, and network risk factors (BitSightFindings)" - }, - { - "key": "COMPROMISED_SYSTEMS", - "text": "Compromised Systems Findings - Botnet and malware activity (BitSightFindings)" - }, - { - "key": "USER_BEHAVIOR", - "text": "User Behavior Findings - Credential and employee risk activity (BitSightFindings)" - } - ], - "required": true - } - }, - { - "type": "Markdown", - "parameters": { - "content": "## 2. API Configuration" - } - }, - { - "type": "Textbox", - "parameters": { - "label": "BitSight API Base URL", - "placeholder": "https://api.bitsighttech.com", - "type": "text", - "name": "bitSightApiUrl", - "validations": { - "required": true - } - } - }, - { - "type": "Markdown", - "parameters": { - "content": "## 3. Authentication\n\nBitSight uses your API token as **both** the username and password for HTTP Basic Authentication." - } - }, - { - "type": "Textbox", - "parameters": { - "label": "BitSight API Token (Username)", - "placeholder": "Paste your BitSight API Token", - "type": "text", - "name": "username", - "validations": { - "required": true - } - } - }, - { - "type": "Textbox", - "parameters": { - "label": "BitSight API Token (Password)", - "placeholder": "Paste your BitSight API Token again", - "type": "password", - "name": "password", - "validations": { - "required": true - } - } - }, - { - "type": "InfoMessage", - "parameters": { - "text": "Both fields must contain the **same API token value**. Entering different values will cause authentication to fail.", - "visible": true, - "inline": false - } - }, - { - "type": "InfoMessage", - "parameters": { - "text": "Obtain your API Token from **Settings > Account > User Preferences > API Token** in the BitSight portal.", - "visible": true, - "inline": false - } - }, - { - "type": "Markdown", - "parameters": { - "content": "## 4. Connection Name\n\nAssign a unique name to identify this connection in the grid and in every ingested log record." - } - }, - { - "type": "Textbox", - "parameters": { - "label": "Connection Name", - "placeholder": "e.g. BitSight-Alerts-Prod", - "type": "text", - "name": "friendlyName", - "validations": { - "required": true - } - } - }, - { - "type": "InfoMessage", - "parameters": { - "text": "The connection name is stored in the `ConnectorName` column of every ingested record, enabling you to trace data back to this specific connection.", - "visible": true, - "inline": true - } - } - ] - } - ] - } - } - ] - } - ] - } - } - }, - { - "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('DataConnector-', variables('_dataConnectorContentIdConnectorDefinition2')))]", - "apiVersion": "2022-01-01-preview", - "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", - "properties": { - "parentId": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectorDefinitions', variables('_dataConnectorContentIdConnectorDefinition2'))]", - "contentId": "[variables('_dataConnectorContentIdConnectorDefinition2')]", - "kind": "DataConnector", - "version": "[variables('dataConnectorCCPVersion')]", - "source": { - "sourceId": "[variables('_solutionId')]", - "name": "[variables('_solutionName')]", - "kind": "Solution" - }, - "author": { - "name": "Microsoft", - "email": "[variables('_email')]" - }, - "support": { - "name": "BitSight Support", - "email": "support@bitsight.com", - "tier": "Partner", - "link": "https://www.bitsight.com/customer-success-support" - }, - "dependencies": { - "criteria": [ - { - "version": "[variables('dataConnectorCCPVersion')]", - "contentId": "[variables('_dataConnectorContentIdConnections2')]", - "kind": "ResourcesDataConnector" - } - ] - } - } - }, - { - "name": "BitSightEventsDCR", - "apiVersion": "2022-06-01", - "type": "Microsoft.Insights/dataCollectionRules", - "location": "[parameters('workspace-location')]", - "kind": "[variables('blanks')]", - "properties": { - "dataCollectionEndpointId": "[variables('dataCollectionEndpointId2')]", - "streamDeclarations": { - "Custom-BitSightAlerts_CL": { - "columns": [ - { - "name": "guid", - "type": "string" - }, - { - "name": "alert_type", - "type": "string" - }, - { - "name": "alert_date", - "type": "string" - }, - { - "name": "start_date", - "type": "string" - }, - { - "name": "company_name", - "type": "string" - }, - { - "name": "company_guid", - "type": "string" - }, - { - "name": "company_url", - "type": "string" - }, - { - "name": "folder_guid", - "type": "string" - }, - { - "name": "folder_name", - "type": "string" - }, - { - "name": "severity", - "type": "string" - }, - { - "name": "trigger", - "type": "string" - }, - { - "name": "alert_set_name", - "type": "string" - }, - { - "name": "alert_set_guid", - "type": "string" - }, - { - "name": "friendlyName", - "type": "string" - } - ] - }, - "Custom-BitSightBreaches_CL": { - "columns": [ - { - "name": "company_guid", - "type": "string" - }, - { - "name": "company_name", - "type": "string" - }, - { - "name": "guid", - "type": "string" - }, - { - "name": "date", - "type": "string" - }, - { - "name": "date_created", - "type": "string" - }, - { - "name": "text", - "type": "string" - }, - { - "name": "preview_url", - "type": "string" - }, - { - "name": "event_type", - "type": "string" - }, - { - "name": "event_type_description", - "type": "string" - }, - { - "name": "severity", - "type": "int" - }, - { - "name": "breached_companies", - "type": "dynamic" - }, - { - "name": "dependent_companies", - "type": "dynamic" - }, - { - "name": "friendlyName", - "type": "string" - } - ] - }, - "Custom-BitSightFindings_CL": { - "columns": [ - { - "name": "temporary_id", - "type": "string" - }, - { - "name": "company_name", - "type": "string" - }, - { - "name": "company_guid", - "type": "string" - }, - { - "name": "risk_category", - "type": "string" - }, - { - "name": "risk_vector", - "type": "string" - }, - { - "name": "risk_vector_label", - "type": "string" - }, - { - "name": "severity_category", - "type": "string" - }, - { - "name": "severity", - "type": "real" - }, - { - "name": "first_seen", - "type": "string" - }, - { - "name": "last_seen", - "type": "string" - }, - { - "name": "currently_active", - "type": "boolean" - }, - { - "name": "asset_category", - "type": "string" - }, - { - "name": "assets", - "type": "dynamic" - }, - { - "name": "details", - "type": "dynamic" - }, - { - "name": "evidence_key", - "type": "string" - }, - { - "name": "attributed_companies", - "type": "dynamic" - }, - { - "name": "remediation_history", - "type": "dynamic" - }, - { - "name": "affects_rating", - "type": "boolean" - }, - { - "name": "comments", - "type": "dynamic" - }, - { - "name": "duration", - "type": "int" - }, - { - "name": "grace_period_end_date", - "type": "string" - }, - { - "name": "guest_network_end_date", - "type": "string" - }, - { - "name": "impacts_risk_vector_details", - "type": "dynamic" - }, - { - "name": "no_rv_grade_impact_end_date", - "type": "string" - }, - { - "name": "related_findings", - "type": "dynamic" - }, - { - "name": "remaining_decay", - "type": "int" - }, - { - "name": "remediated", - "type": "boolean" - }, - { - "name": "rolledup_observation_id", - "type": "string" - }, - { - "name": "tags", - "type": "dynamic" - }, - { - "name": "friendlyName", - "type": "string" - } - ] - } - }, - "destinations": { - "logAnalytics": [ - { - "workspaceResourceId": "[variables('workspaceResourceId')]", - "name": "clv2ws1" - } - ] - }, - "dataFlows": [ - { - "streams": [ - "Custom-BitSightAlerts_CL" - ], - "destinations": [ - "clv2ws1" - ], - "outputStream": "Custom-BitSightAlerts_CL", - "transformKql": "source | extend TimeGenerated = iff(isnull(['alert_date']) or todatetime(['alert_date']) < ago(2d), now(), todatetime(['alert_date'])) , Guid = ['guid'] , AlertType = ['alert_type'] , AlertDate = ['alert_date'] , StartDate = ['start_date'] , CompanyName = ['company_name'] , CompanyGuid = ['company_guid'] , CompanyUrl = ['company_url'] , FolderGuid = ['folder_guid'] , FolderName = ['folder_name'] , Severity = ['severity'] , Trigger = ['trigger'] , AlertSetName = ['alert_set_name'] , AlertSetGuid = ['alert_set_guid'] , ConnectorName = ['friendlyName'] | project TimeGenerated , Guid , AlertType , AlertDate , StartDate , CompanyName , CompanyGuid , CompanyUrl , FolderGuid , FolderName , Severity , Trigger , AlertSetName , AlertSetGuid , ConnectorName" - }, - { - "streams": [ - "Custom-BitSightBreaches_CL" - ], - "destinations": [ - "clv2ws1" - ], - "outputStream": "Custom-BitSightBreaches_CL", - "transformKql": "source | extend TimeGenerated = iff(isnull(['date']) or todatetime(['date']) < ago(2d), now(), todatetime(['date'])) , CompanyGuid = ['company_guid'] , CompanyName = ['company_name'] , Guid = ['guid'] , BreachDate = ['date'] , DateCreated = ['date_created'] , Text = ['text'] , PreviewUrl = ['preview_url'] , EventType = ['event_type'] , EventTypeDescription = ['event_type_description'] , Severity = ['severity'] , BreachedCompanies = ['breached_companies'] , DependentCompanies = ['dependent_companies'] , ConnectorName = ['friendlyName'] | project TimeGenerated , CompanyGuid , CompanyName , Guid , BreachDate , DateCreated , Text , PreviewUrl , EventType , EventTypeDescription , Severity , BreachedCompanies , DependentCompanies , ConnectorName" - }, - { - "streams": [ - "Custom-BitSightFindings_CL" - ], - "destinations": [ - "clv2ws1" - ], - "outputStream": "Custom-BitSightFindings_CL", - "transformKql": "source | extend TimeGenerated = iff(isnull(['last_seen']) or todatetime(['last_seen']) < ago(2d), now(), todatetime(['last_seen'])) , TemporaryId = ['temporary_id'] , CompanyName = ['company_name'] , CompanyGuid = ['company_guid'] , RiskCategory = ['risk_category'] , RiskVector = ['risk_vector'] , RiskVectorLabel = ['risk_vector_label'] , SeverityCategory = ['severity_category'] , Severity = ['severity'] , FirstSeen = ['first_seen'] , LastSeen = ['last_seen'] , CurrentlyActive = ['currently_active'] , AssetCategory = ['asset_category'] , Assets = ['assets'] , Details = ['details'] , EvidenceKey = ['evidence_key'] , AttributedCompanies = ['attributed_companies'] , RemediationHistory = ['remediation_history'] , AffectsRating = ['affects_rating'] , Comments = ['comments'] , Duration = ['duration'] , GracePeriodEndDate = ['grace_period_end_date'] , GuestNetworkEndDate = ['guest_network_end_date'] , ImpactsRiskVectorDetails = ['impacts_risk_vector_details'] , NoRvGradeImpactEndDate = ['no_rv_grade_impact_end_date'] , RelatedFindings = ['related_findings'] , RemainingDecay = ['remaining_decay'] , Remediated = ['remediated'] , RolledupObservationId = ['rolledup_observation_id'] , Tags = ['tags'] , ConnectorName = ['friendlyName'] | project TimeGenerated , TemporaryId , CompanyName , CompanyGuid , RiskCategory , RiskVector , RiskVectorLabel , SeverityCategory , Severity , FirstSeen , LastSeen , CurrentlyActive , AssetCategory , Assets , Details , EvidenceKey , AttributedCompanies , RemediationHistory , AffectsRating , Comments , Duration , GracePeriodEndDate , GuestNetworkEndDate , ImpactsRiskVectorDetails , NoRvGradeImpactEndDate , RelatedFindings , RemainingDecay , Remediated , RolledupObservationId , Tags , ConnectorName" - } - ] - } - }, - { - "name": "BitSightFindings_CL", - "apiVersion": "2022-10-01", - "type": "Microsoft.OperationalInsights/workspaces/tables", - "location": "[parameters('workspace-location')]", - "kind": null, - "properties": { - "retentionInDays": 180, - "schema": { - "name": "BitSightFindings_CL", - "description": "The BitSightFindings table contains security findings from the BitSight API including Diligence, Compromised Systems, and User Behavior findings for portfolio companies ingested into Microsoft Sentinel.", - "columns": [ - { - "name": "TimeGenerated", - "type": "datetime", - "isDefaultDisplay": true - }, - { - "name": "TemporaryId", - "type": "string", - "description": "The temporary identifier for a finding." - }, - { - "name": "CompanyName", - "type": "string", - "description": "Name of the company associated with the finding." - }, - { - "name": "CompanyGuid", - "type": "string", - "description": "GUID of the company associated with the finding." - }, - { - "name": "RiskCategory", - "type": "string", - "description": "The risk category (e.g., Diligence, Compromised Systems, User Behavior)." - }, - { - "name": "RiskVector", - "type": "string", - "description": "The risk vector slug for this finding." - }, - { - "name": "RiskVectorLabel", - "type": "string", - "description": "Human-readable label for the risk vector." - }, - { - "name": "SeverityCategory", - "type": "string", - "description": "Severity category (MINOR, MODERATE, MATERIAL, SEVERE)." - }, - { - "name": "Severity", - "type": "real", - "description": "Numeric severity score." - }, - { - "name": "FirstSeen", - "type": "string", - "description": "Date the finding was first observed (YYYY-MM-DD)." - }, - { - "name": "LastSeen", - "type": "string", - "description": "Date the finding was most recently observed (YYYY-MM-DD)." - }, - { - "name": "CurrentlyActive", - "type": "boolean", - "description": "Indicates if the finding is currently active." - }, - { - "name": "AssetCategory", - "type": "string", - "description": "Category of the affected asset." - }, - { - "name": "Assets", - "type": "dynamic", - "description": "Array of assets associated with this finding." - }, - { - "name": "Details", - "type": "dynamic", - "description": "Detailed finding data object (CVE info, diligence annotations, remediations, etc.)." - }, - { - "name": "EvidenceKey", - "type": "string", - "description": "Key identifying the source of evidence for the finding." - }, - { - "name": "AttributedCompanies", - "type": "dynamic", - "description": "Array of companies to which this finding has been attributed." - }, - { - "name": "RemediationHistory", - "type": "dynamic", - "description": "Remediation history object (last_requested_refresh_date, last_refresh_status, etc.)." - }, - { - "name": "AffectsRating", - "type": "boolean", - "description": "Indicates whether this finding contributes to the company's overall rating." - }, - { - "name": "Comments", - "type": "dynamic", - "description": "Array of analyst comments attached to this finding." - }, - { - "name": "Duration", - "type": "int", - "description": "Number of days the finding has been active." - }, - { - "name": "GracePeriodEndDate", - "type": "string", - "description": "Date until which the finding is in a grace period and does not affect the rating (YYYY-MM-DD)." - }, - { - "name": "GuestNetworkEndDate", - "type": "string", - "description": "Date until which the finding is suppressed as a guest network (YYYY-MM-DD)." - }, - { - "name": "ImpactsRiskVectorDetails", - "type": "dynamic", - "description": "Object describing which risk vectors are impacted by this finding." - }, - { - "name": "NoRvGradeImpactEndDate", - "type": "string", - "description": "Date until which the finding has no risk vector grade impact (YYYY-MM-DD)." - }, - { - "name": "RelatedFindings", - "type": "dynamic", - "description": "Array of finding identifiers related to this finding." - }, - { - "name": "RemainingDecay", - "type": "int", - "description": "Number of days remaining in the finding's decay window." - }, - { - "name": "Remediated", - "type": "boolean", - "description": "Indicates whether this finding has been remediated." - }, - { - "name": "RolledupObservationId", - "type": "string", - "description": "Identifier of the rolled-up observation this finding belongs to." - }, - { - "name": "Tags", - "type": "dynamic", - "description": "Array of tags applied to this finding." - }, - { - "name": "ConnectorName", - "type": "string", - "description": "Connection name assigned during connector setup." - } - ] - } - } - }, - { - "name": "BitSightCompanyDetails_CL", - "apiVersion": "2022-10-01", - "type": "Microsoft.OperationalInsights/workspaces/tables", - "location": "[parameters('workspace-location')]", - "kind": null, - "properties": { - "retentionInDays": 180, - "schema": { - "name": "BitSightCompanyDetails_CL", - "description": "The BitSightCompanyDetails table contains full company snapshots from the BitSight API per company GUID ingested into Microsoft Sentinel.", - "columns": [ - { - "name": "TimeGenerated", - "type": "datetime", - "isDefaultDisplay": true - }, - { - "name": "Guid", - "type": "string", - "description": "Unique identifier (GUID) for the company in BitSight." - }, - { - "name": "Name", - "type": "string", - "description": "Name of the company." - }, - { - "name": "Shortname", - "type": "string", - "description": "Short name of the company." - }, - { - "name": "CompanyType", - "type": "string", - "description": "The type of entity (e.g., CURATED,PRIVATE)." - }, - { - "name": "Description", - "type": "string", - "description": "Description of the company." - }, - { - "name": "PrimaryDomain", - "type": "string", - "description": "Primary internet domain of the company." - }, - { - "name": "Homepage", - "type": "string", - "description": "URL of the company homepage." - }, - { - "name": "DisplayUrl", - "type": "string", - "description": "URL to the company overview page in BitSight portal." - }, - { - "name": "Sparkline", - "type": "string", - "description": "URL to the company rating sparkline image." - }, - { - "name": "Industry", - "type": "string", - "description": "Industry sector name." - }, - { - "name": "IndustrySlug", - "type": "string", - "description": "URL-friendly identifier for the industry." - }, - { - "name": "SubIndustry", - "type": "string", - "description": "Sub-industry name." - }, - { - "name": "SubIndustrySlug", - "type": "string", - "description": "URL-friendly identifier for the sub-industry." - }, - { - "name": "Ipv4Count", - "type": "int", - "description": "Number of IPv4 addresses attributed to the company." - }, - { - "name": "PeopleCount", - "type": "int", - "description": "Number of people associated with the company." - }, - { - "name": "SearchCount", - "type": "int", - "description": "Number of searches for the company." - }, - { - "name": "CustomerMonitoringCount", - "type": "int", - "description": "Number of customers monitoring this company." - }, - { - "name": "CurrentRating", - "type": "int", - "description": "Current overall BitSight security rating." - }, - { - "name": "RatingIndustryMedian", - "type": "string", - "description": "Comparison of company rating to industry median (e.g., above, below)." - }, - { - "name": "Ratings", - "type": "dynamic", - "description": "Array of historical rating snapshots, each with rating_date, rating, range, and rating_color." - }, - { - "name": "SubscriptionType", - "type": "string", - "description": "Type of BitSight subscription (e.g., Continuous Monitoring)." - }, - { - "name": "SubscriptionTypeKey", - "type": "string", - "description": "Machine-readable subscription type key." - }, - { - "name": "SubscriptionEndDate", - "type": "string", - "description": "Date the subscription ends (YYYY-MM-DD), or null." - }, - { - "name": "BulkEmailSenderStatus", - "type": "string", - "description": "Bulk email sender classification (e.g., NONE)." - }, - { - "name": "SecurityGrade", - "type": "string", - "description": "Security grade, if available." - }, - { - "name": "ServiceProvider", - "type": "boolean", - "description": "Indicates whether this company is a service provider." - }, - { - "name": "HasCompanyTree", - "type": "boolean", - "description": "Indicates whether the company has a company tree." - }, - { - "name": "HasPreferredContact", - "type": "boolean", - "description": "Indicates whether the company has a preferred contact." - }, - { - "name": "IsBundle", - "type": "boolean", - "description": "Indicates whether this is a bundle entry." - }, - { - "name": "IsPrimary", - "type": "boolean", - "description": "Indicates whether this is the primary company record." - }, - { - "name": "InSpmPortfolio", - "type": "boolean", - "description": "Indicates whether the company is in the SPM portfolio." - }, - { - "name": "IsMycompMysubsBundle", - "type": "boolean", - "description": "Indicates whether this is a my-company/my-subsidiaries bundle." - }, - { - "name": "IsCsp", - "type": "boolean", - "description": "Indicates whether the company is a cloud service provider." - }, - { - "name": "HasDelegatedSecurityControls", - "type": "boolean", - "description": "Indicates whether security controls have been delegated." - }, - { - "name": "CustomId", - "type": "dynamic", - "description": "Customer-assigned identifier for the company." - }, - { - "name": "AvailableUpgradeTypes", - "type": "dynamic", - "description": "Array of available upgrade types for this company." - }, - { - "name": "CompanyFeatures", - "type": "dynamic", - "description": "Array of feature flags enabled for the company." - }, - { - "name": "RelatedCompanies", - "type": "dynamic", - "description": "Array of related company references." - }, - { - "name": "PrimaryCompany", - "type": "dynamic", - "description": "Primary company object (guid, name), or null." - }, - { - "name": "ComplianceClaim", - "type": "dynamic", - "description": "Compliance claim object, or null." - }, - { - "name": "Permissions", - "type": "dynamic", - "description": "Object of permission flags for this company (can_annotate, can_view_forensics, etc.)." - }, - { - "name": "ConnectorName", - "type": "string", - "description": "Connection name identifier for multi-instance tracking." - } - ] - } - } - }, - { - "name": "BitSightCompanyRatingDetails_CL", - "apiVersion": "2022-10-01", - "type": "Microsoft.OperationalInsights/workspaces/tables", - "location": "[parameters('workspace-location')]", - "kind": null, - "properties": { - "retentionInDays": 180, - "schema": { - "name": "BitSightCompanyRatingDetails_CL", - "description": "The BitSightCompanyRatingDetails table contains per-risk-vector rating breakdowns for each portfolio company from the BitSight API ingested into Microsoft Sentinel.", - "columns": [ - { - "name": "TimeGenerated", - "type": "datetime", - "isDefaultDisplay": true - }, - { - "name": "CompanyName", - "type": "string", - "description": "Name of the company." - }, - { - "name": "CompanyGuid", - "type": "string", - "description": "GUID of the company." - }, - { - "name": "RiskVectorSlug", - "type": "string", - "description": "URL-friendly identifier for the risk vector (dict key — always null due to CCF JSONPath limitation; use RiskVectorLabel)." - }, - { - "name": "RiskVectorLabel", - "type": "string", - "description": "Human-readable name of the risk vector (API field: name)." - }, - { - "name": "RiskCategory", - "type": "string", - "description": "Parent risk category for the risk vector (API field: category)." - }, - { - "name": "CategoryOrder", - "type": "int", - "description": "Display order of the category." - }, - { - "name": "Rating", - "type": "int", - "description": "Numeric score for this risk vector." - }, - { - "name": "Grade", - "type": "string", - "description": "Letter grade for this risk vector." - }, - { - "name": "Percentile", - "type": "int", - "description": "Percentile rank compared to peers for this risk vector (0-100)." - }, - { - "name": "GradeColor", - "type": "string", - "description": "Hex color code associated with the grade for UI display (e.g., '#239563')." - }, - { - "name": "RiskVectorOrder", - "type": "int", - "description": "Display order of the risk vector within its category." - }, - { - "name": "DisplayUrl", - "type": "string", - "description": "URL to the risk vector detail page in BitSight portal." - }, - { - "name": "Beta", - "type": "boolean", - "description": "Indicates if this risk vector is in beta status." - }, - { - "name": "ConnectorName", - "type": "string", - "description": "Connection name identifier for multi-instance tracking." - } - ] - } - } - }, - { - "name": "BitSightDiligenceHistoricalStatistics_CL", - "apiVersion": "2022-10-01", - "type": "Microsoft.OperationalInsights/workspaces/tables", - "location": "[parameters('workspace-location')]", - "kind": null, - "properties": { - "retentionInDays": 180, - "schema": { - "name": "BitSightDiligenceHistoricalStatistics_CL", - "description": "The BitSightDiligenceHistoricalStatistics table contains historical diligence statistics per company over time from the BitSight API ingested into Microsoft Sentinel.", - "columns": [ - { - "name": "TimeGenerated", - "type": "datetime", - "isDefaultDisplay": true - }, - { - "name": "CompanyName", - "type": "string", - "description": "Name of the company." - }, - { - "name": "CompanyGuid", - "type": "string", - "description": "GUID of the company." - }, - { - "name": "RecordDate", - "type": "string", - "description": "The date of the historical record (YYYY-MM-DD)." - }, - { - "name": "Grade", - "type": "string", - "description": "Letter grade for this record period." - }, - { - "name": "Counts", - "type": "dynamic", - "description": "Array of per-category count objects ({ count, category }). Expanded row-per-category at query time by the KQL parser via mv-expand." - }, - { - "name": "ConnectorName", - "type": "string", - "description": "Connection name identifier for multi-instance tracking." - } - ] - } - } - }, - { - "name": "BitSightDiligenceStatistics_CL", - "apiVersion": "2022-10-01", - "type": "Microsoft.OperationalInsights/workspaces/tables", - "location": "[parameters('workspace-location')]", - "kind": null, - "properties": { - "retentionInDays": 180, - "schema": { - "name": "BitSightDiligenceStatistics_CL", - "description": "The BitSightDiligenceStatistics table contains diligence statistics per risk vector for each portfolio company from the BitSight API ingested into Microsoft Sentinel.", - "columns": [ - { - "name": "TimeGenerated", - "type": "datetime", - "isDefaultDisplay": true - }, - { - "name": "CompanyName", - "type": "string", - "description": "Name of the company." - }, - { - "name": "CompanyGuid", - "type": "string", - "description": "GUID of the company." - }, - { - "name": "RiskVector", - "type": "string", - "description": "Risk vector slug (dict key — always null due to CCF JSONPath limitation)." - }, - { - "name": "Unknown", - "type": "int", - "description": "Count of findings with unknown severity." - }, - { - "name": "Bad", - "type": "int", - "description": "Count of bad findings." - }, - { - "name": "Warn", - "type": "int", - "description": "Count of warn findings." - }, - { - "name": "Neutral", - "type": "int", - "description": "Count of neutral findings." - }, - { - "name": "Fair", - "type": "int", - "description": "Count of fair findings." - }, - { - "name": "Good", - "type": "int", - "description": "Count of good findings." - }, - { - "name": "SpearPhishing", - "type": "int", - "description": "[domain_squatting] Count of spear-phishing lookalike domains." - }, - { - "name": "BitFlip", - "type": "int", - "description": "[domain_squatting] Count of bit-flip lookalike domains." - }, - { - "name": "TypographicalErrors", - "type": "int", - "description": "[domain_squatting] Count of typographical-error lookalike domains." - }, - { - "name": "TldVariant", - "type": "int", - "description": "[domain_squatting] Count of TLD-variant lookalike domains." - }, - { - "name": "TotalCount", - "type": "int", - "description": "[domain_squatting] Total count of all lookalike domain types." - }, - { - "name": "ConnectorName", - "type": "string", - "description": "Connection name identifier for multi-instance tracking." - } - ] - } - } - }, - { - "name": "BitSightFindingsSummary_CL", - "apiVersion": "2022-10-01", - "type": "Microsoft.OperationalInsights/workspaces/tables", - "location": "[parameters('workspace-location')]", - "kind": null, - "properties": { - "retentionInDays": 180, - "schema": { - "name": "BitSightFindingsSummary_CL", - "description": "The BitSightFindingsSummary table contains findings summary statistics per risk vector for each monitored company. Severity and description enrichment is resolved at query time by joining with BitsightVulnerabilitiesFindingsSummary on Name == DisplayName.", - "columns": [ - { - "name": "TimeGenerated", - "type": "datetime", - "isDefaultDisplay": true - }, - { - "name": "CompanyName", - "type": "string", - "description": "Name of the company associated with the findings summary." - }, - { - "name": "CompanyGuid", - "type": "string", - "description": "GUID of the company associated with the findings summary." - }, - { - "name": "StartDate", - "type": "string", - "description": "Start date of the reporting period (YYYY-MM-DD)." - }, - { - "name": "EndDate", - "type": "string", - "description": "End date of the reporting period (YYYY-MM-DD)." - }, - { - "name": "Stats", - "type": "dynamic", - "description": "Array of per-stat objects. Expanded row-per-stat at query time by the KQL parser via mv-expand into Name, StatId, Confidence, EventCount, HostCount, FirstSeen columns." - }, - { - "name": "ConnectorName", - "type": "string", - "description": "Connection name identifier for multi-instance tracking." - } - ] - } - } - }, - { - "name": "BitsightIndustrialStatistics_CL", - "apiVersion": "2022-10-01", - "type": "Microsoft.OperationalInsights/workspaces/tables", - "location": "[parameters('workspace-location')]", - "kind": null, - "properties": { - "retentionInDays": 180, - "schema": { - "name": "BitsightIndustrialStatistics_CL", - "description": "The BitsightIndustrialStatistics table contains industry peer comparison statistics per risk vector for each portfolio company from the BitSight API ingested into Microsoft Sentinel.", - "columns": [ - { - "name": "TimeGenerated", - "type": "datetime", - "isDefaultDisplay": true - }, - { - "name": "CompanyName", - "type": "string", - "description": "Name of the company." - }, - { - "name": "CompanyGuid", - "type": "string", - "description": "GUID of the company." - }, - { - "name": "RiskVector", - "type": "string", - "description": "Risk vector slug (dict key — always null due to CCF JSONPath limitation)." - }, - { - "name": "IncidentCount", - "type": "int", - "description": "Number of incidents for this risk vector in the industry over the measured period." - }, - { - "name": "CountPeriod", - "type": "string", - "description": "Measurement period (e.g., 'year')." - }, - { - "name": "AverageDurationDays", - "type": "real", - "description": "Average duration in days for incidents of this risk vector in the industry." - }, - { - "name": "ConnectorName", - "type": "string", - "description": "Connection name identifier for multi-instance tracking." - } - ] - } - } - }, - { - "name": "BitSightObservationStatistics_CL", - "apiVersion": "2022-10-01", - "type": "Microsoft.OperationalInsights/workspaces/tables", - "location": "[parameters('workspace-location')]", - "kind": null, - "properties": { - "retentionInDays": 180, - "schema": { - "name": "BitSightObservationStatistics_CL", - "description": "The BitSightObservationStatistics table contains observations statistics per risk vector for each portfolio company from the BitSight API ingested into Microsoft Sentinel.", - "columns": [ - { - "name": "TimeGenerated", - "type": "datetime", - "isDefaultDisplay": true - }, - { - "name": "CompanyName", - "type": "string", - "description": "Name of the company." - }, - { - "name": "CompanyGuid", - "type": "string", - "description": "GUID of the company." - }, - { - "name": "RiskVector", - "type": "string", - "description": "Risk vector slug (dict key — always null due to CCF JSONPath limitation)." - }, - { - "name": "ObservationCount", - "type": "int", - "description": "Total number of observations for this risk vector in the measurement period." - }, - { - "name": "CountPeriod", - "type": "string", - "description": "Measurement period (e.g., 'year')." - }, - { - "name": "AverageDurationDays", - "type": "real", - "description": "Average duration in days for observations." - }, - { - "name": "ConnectorName", - "type": "string", - "description": "Connection name identifier for multi-instance tracking." - } - ] - } - } - }, - { - "name": "BitsightVulnerabilitiesFindingsSummary_CL", - "apiVersion": "2022-10-01", - "type": "Microsoft.OperationalInsights/workspaces/tables", - "location": "[parameters('workspace-location')]", - "kind": null, - "properties": { - "retentionInDays": 180, - "schema": { - "name": "BitsightVulnerabilitiesFindingsSummary_CL", - "description": "The BitsightVulnerabilitiesFindingsSummary table contains vulnerability reference data from the BitSight defaults API. Used at query time to enrich BitSightFindingsSummary with Severity and Description via the KQL parser.", - "columns": [ - { - "name": "TimeGenerated", - "type": "datetime", - "isDefaultDisplay": true - }, - { - "name": "Name", - "type": "string", - "description": "Slug identifier for the vulnerability type (e.g., 'patching_cadence')." - }, - { - "name": "DisplayName", - "type": "string", - "description": "Human-readable name of the vulnerability type." - }, - { - "name": "Description", - "type": "string", - "description": "Description of what the vulnerability type measures." - }, - { - "name": "Severity", - "type": "string", - "description": "Severity level of the vulnerability type (e.g., 'high', 'medium', 'low')." - }, - { - "name": "ConnectorName", - "type": "string", - "description": "Connection name identifier for multi-instance tracking." - } - ] - } - } - }, - { - "name": "BitSightAlerts_CL", - "apiVersion": "2022-10-01", - "type": "Microsoft.OperationalInsights/workspaces/tables", - "location": "[parameters('workspace-location')]", - "kind": null, - "properties": { - "retentionInDays": 180, - "schema": { - "name": "BitSightAlerts_CL", - "description": "The BitSightAlerts table contains alert records from the BitSight API representing changes and news triggers for monitored portfolio companies ingested into Microsoft Sentinel.", - "columns": [ - { - "name": "TimeGenerated", - "type": "datetime", - "isDefaultDisplay": true - }, - { - "name": "Guid", - "type": "string", - "description": "Unique identifier of the alert." - }, - { - "name": "AlertType", - "type": "string", - "description": "The type of alert (e.g., THIRD_PARTY_INTEL)." - }, - { - "name": "AlertDate", - "type": "string", - "description": "The date the alert was triggered (YYYY-MM-DD)." - }, - { - "name": "StartDate", - "type": "string", - "description": "The start date of the alert (YYYY-MM-DD)." - }, - { - "name": "CompanyName", - "type": "string", - "description": "Name of the company associated with the alert." - }, - { - "name": "CompanyGuid", - "type": "string", - "description": "GUID of the company associated with the alert." - }, - { - "name": "CompanyUrl", - "type": "string", - "description": "URL of the company associated with the alert." - }, - { - "name": "FolderGuid", - "type": "string", - "description": "Folder GUID associated with the alert." - }, - { - "name": "FolderName", - "type": "string", - "description": "Folder name associated with the alert." - }, - { - "name": "Severity", - "type": "string", - "description": "Alert severity level (e.g., INFORMATIONAL)." - }, - { - "name": "Trigger", - "type": "string", - "description": "What triggered the alert." - }, - { - "name": "AlertSetName", - "type": "string", - "description": "Name of the alert set." - }, - { - "name": "AlertSetGuid", - "type": "string", - "description": "GUID of the alert set." - }, - { - "name": "ConnectorName", - "type": "string", - "description": "Connection name assigned during connector setup." - } - ] - } - } - }, - { - "name": "BitSightBreaches_CL", - "apiVersion": "2022-10-01", - "type": "Microsoft.OperationalInsights/workspaces/tables", - "location": "[parameters('workspace-location')]", - "kind": null, - "properties": { - "retentionInDays": 180, - "schema": { - "name": "BitSightBreaches_CL", - "description": "The BitSightBreaches table contains data breach records from the BitSight API for monitored portfolio companies ingested into Microsoft Sentinel.", - "columns": [ - { - "name": "TimeGenerated", - "type": "datetime", - "isDefaultDisplay": true - }, - { - "name": "CompanyGuid", - "type": "string", - "description": "GUID of the company that experienced the breach (enriched)." - }, - { - "name": "CompanyName", - "type": "string", - "description": "Name of the company that experienced the breach (enriched)." - }, - { - "name": "Guid", - "type": "string", - "description": "Unique identifier of the breach event." - }, - { - "name": "BreachDate", - "type": "string", - "description": "Date the breach event was recorded (YYYY-MM-DD)." - }, - { - "name": "DateCreated", - "type": "string", - "description": "Date this breach record was created in BitSight." - }, - { - "name": "Text", - "type": "string", - "description": "Description of the breach event." - }, - { - "name": "PreviewUrl", - "type": "string", - "description": "URL to a preview article about the breach." - }, - { - "name": "EventType", - "type": "string", - "description": "Breach event category (e.g., Human Error, Hacking)." - }, - { - "name": "EventTypeDescription", - "type": "string", - "description": "Detailed description of the breach event type." - }, - { - "name": "Severity", - "type": "int", - "description": "Numeric severity level of the breach." - }, - { - "name": "BreachedCompanies", - "type": "dynamic", - "description": "Array of companies directly affected by the breach." - }, - { - "name": "DependentCompanies", - "type": "dynamic", - "description": "Array of dependent companies impacted by this breach." - }, - { - "name": "ConnectorName", - "type": "string", - "description": "Connection name assigned during connector setup." - } - ] - } - } - } - ] - }, - "packageKind": "Solution", - "packageVersion": "[variables('_solutionVersion')]", - "packageName": "[variables('_solutionName')]", - "contentProductId": "[concat(take(variables('_solutionId'), 50),'-','dc','-', uniqueString(concat(variables('_solutionId'),'-','DataConnector','-',variables('_dataConnectorContentIdConnectorDefinition2'),'-', variables('dataConnectorCCPVersion'))))]", - "packageId": "[variables('_solutionId')]", - "contentSchemaVersion": "3.0.0", - "version": "[variables('dataConnectorCCPVersion')]" - } - }, - { - "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',variables('_dataConnectorContentIdConnectorDefinition2'))]", - "apiVersion": "2022-09-01-preview", - "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectorDefinitions", - "location": "[parameters('workspace-location')]", - "kind": "Customizable", - "properties": { - "connectorUiConfig": { - "id": "BitSightEventsConnector", - "title": "BitSight Security Events (via Codeless Connector Framework)", - "publisher": "Microsoft", - "descriptionMarkdown": "The [BitSight](https://www.bitsight.com/) data connector provides the capability to ingest security alerts, breaches, and findings from your BitSight portfolio into Microsoft Sentinel through the BitSight REST API. The connector monitors portfolio companies for rating changes, news alerts, data breaches, and detailed security findings across Diligence, Compromised Systems, and User Behavior risk categories. Refer to the [BitSight API documentation](https://help.bitsighttech.com/hc/en-us/articles/115014888388-API-Token-Management) for more information.", - "graphQueriesTableName": "BitSightAlerts", - "graphQueries": [ - { - "metricName": "Total Alerts received", - "legend": "BitSight Alerts", - "baseQuery": "{{graphQueriesTableName}}" - }, - { - "metricName": "Total Breaches received", - "legend": "BitSight Breaches", - "baseQuery": "BitSightBreaches" - }, - { - "metricName": "Total Findings received", - "legend": "BitSight Findings", - "baseQuery": "BitSightFindings" - } - ], - "sampleQueries": [ - { - "description": "Get sample of BitSight Alerts", - "query": "BitSightAlerts\n | take 10" - }, - { - "description": "Get recent high-severity alerts", - "query": "BitSightAlerts\n | where severity in ('WARN', 'CRITICAL') and TimeGenerated > ago(7d)\n | project TimeGenerated, company_name, alert_type, severity\n | order by TimeGenerated desc" - }, - { - "description": "Get sample of BitSight Findings", - "query": "BitSightFindings\n | take 10" - }, - { - "description": "Get active severe findings", - "query": "BitSightFindings\n | where currently_active == true and severity_category in ('MATERIAL', 'SEVERE')\n | project TimeGenerated, company_name, risk_vector_label, severity_category, severity, first_seen\n | order by severity desc" - }, - { - "description": "Get sample of BitSight Breaches", - "query": "BitSightBreaches\n | take 10" - } - ], - "dataTypes": [ - { - "name": "{{graphQueriesTableName}}", - "lastDataReceivedQuery": "{{graphQueriesTableName}}\n | where TimeGenerated > ago(12h)\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" - }, - { - "name": "BitSightBreaches", - "lastDataReceivedQuery": "BitSightBreaches\n | where TimeGenerated > ago(12h)\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" - }, - { - "name": "BitSightFindings", - "lastDataReceivedQuery": "BitSightFindings\n | where TimeGenerated > ago(12h)\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" - } - ], - "connectivityCriteria": [ - { - "type": "HasDataConnectors" - } - ], - "availability": { - "isPreview": true, - "status": 1 - }, - "permissions": { - "resourceProvider": [ - { - "provider": "Microsoft.OperationalInsights/workspaces", - "permissionsDisplayText": "Read and Write permissions are required.", - "providerDisplayName": "Workspace", - "scope": "Workspace", - "requiredPermissions": { - "write": true, - "read": true, - "delete": true, - "action": false - } - } - ], - "customs": [ - { - "name": "BitSight API Token", - "description": "A BitSight API Token is required to authenticate requests to the BitSight REST API. [See the documentation](https://help.bitsighttech.com/hc/en-us/articles/115014888388-API-Token-Management) to learn more about API Token management." - } - ] - }, - "instructionSteps": [ - { - "title": "1. Connection Management", - "description": "Manage your BitSight data stream connections", - "instructions": [ - { - "type": "Markdown", - "parameters": { - "content": "## BitSight Connections\n\nManage multiple BitSight data stream connections. Each connection selects a specific data type - **Alerts**, **Breaches**, or **Findings** - and assigns a **Connection Name** that is stored in the `ConnectorName` column of every ingested record.\n\n> **Authentication**: BitSight uses HTTP Basic Authentication where the API token is used as **both** the username and password." - } - }, - { - "type": "DataConnectorsGrid", - "parameters": { - "mapping": [ - { - "columnName": "Connection Name", - "columnValue": "properties.addOnAttributes.friendlyName" - }, - { - "columnName": "Data Stream", - "columnValue": "properties.addOnAttributes.userStream" - }, - { - "columnName": "API URL", - "columnValue": "properties.request.apiEndpoint" - } - ], - "menuItems": [ - "DeleteConnector" - ] - } - }, - { - "type": "ContextPane", - "parameters": { - "isPrimary": true, - "label": "Add Connection", - "title": "Add BitSight Connection", - "subtitle": "Configure a new BitSight data stream connection", - "contextPaneType": "DataConnectorsContextPane", - "instructionSteps": [ - { - "instructions": [ - { - "type": "Markdown", - "parameters": { - "content": "## 1. Select Data Stream\n\nChoose which BitSight data type to collect for this connection. Create separate connections for each stream you want to ingest." - } - }, - { - "type": "Dropdown", - "parameters": { - "label": "Data Stream", - "name": "dataStream", - "options": [ - { - "key": "ALERTS", - "text": "Alerts - Rating changes and news events (BitSightAlerts)" - }, - { - "key": "BREACHES", - "text": "Breaches - Data breach events for portfolio companies (BitSightBreaches)" - }, - { - "key": "DILIGENCE", - "text": "Diligence Findings - Web, app, and network risk factors (BitSightFindings)" - }, - { - "key": "COMPROMISED_SYSTEMS", - "text": "Compromised Systems Findings - Botnet and malware activity (BitSightFindings)" - }, - { - "key": "USER_BEHAVIOR", - "text": "User Behavior Findings - Credential and employee risk activity (BitSightFindings)" - } - ], - "required": true - } - }, - { - "type": "Markdown", - "parameters": { - "content": "## 2. API Configuration" - } - }, - { - "type": "Textbox", - "parameters": { - "label": "BitSight API Base URL", - "placeholder": "https://api.bitsighttech.com", - "type": "text", - "name": "bitSightApiUrl", - "validations": { - "required": true - } - } - }, - { - "type": "Markdown", - "parameters": { - "content": "## 3. Authentication\n\nBitSight uses your API token as **both** the username and password for HTTP Basic Authentication." - } - }, - { - "type": "Textbox", - "parameters": { - "label": "BitSight API Token (Username)", - "placeholder": "Paste your BitSight API Token", - "type": "text", - "name": "username", - "validations": { - "required": true - } - } - }, - { - "type": "Textbox", - "parameters": { - "label": "BitSight API Token (Password)", - "placeholder": "Paste your BitSight API Token again", - "type": "password", - "name": "password", - "validations": { - "required": true - } - } - }, - { - "type": "InfoMessage", - "parameters": { - "text": "Both fields must contain the **same API token value**. Entering different values will cause authentication to fail.", - "visible": true, - "inline": false - } - }, - { - "type": "InfoMessage", - "parameters": { - "text": "Obtain your API Token from **Settings > Account > User Preferences > API Token** in the BitSight portal.", - "visible": true, - "inline": false - } - }, - { - "type": "Markdown", - "parameters": { - "content": "## 4. Connection Name\n\nAssign a unique name to identify this connection in the grid and in every ingested log record." - } - }, - { - "type": "Textbox", - "parameters": { - "label": "Connection Name", - "placeholder": "e.g. BitSight-Alerts-Prod", - "type": "text", - "name": "friendlyName", - "validations": { - "required": true - } - } - }, - { - "type": "InfoMessage", - "parameters": { - "text": "The connection name is stored in the `ConnectorName` column of every ingested record, enabling you to trace data back to this specific connection.", - "visible": true, - "inline": true - } - } - ] - } - ] - } - } - ] - } - ] - } - } - }, - { - "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('DataConnector-', variables('_dataConnectorContentIdConnectorDefinition2')))]", - "apiVersion": "2022-01-01-preview", - "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", - "properties": { - "parentId": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectorDefinitions', variables('_dataConnectorContentIdConnectorDefinition2'))]", - "contentId": "[variables('_dataConnectorContentIdConnectorDefinition2')]", - "kind": "DataConnector", - "version": "[variables('dataConnectorCCPVersion')]", - "source": { - "sourceId": "[variables('_solutionId')]", - "name": "[variables('_solutionName')]", - "kind": "Solution" - }, - "author": { - "name": "Microsoft", - "email": "[variables('_email')]" - }, - "support": { - "name": "BitSight Support", - "email": "support@bitsight.com", - "tier": "Partner", - "link": "https://www.bitsight.com/customer-success-support" - }, - "dependencies": { - "criteria": [ - { - "version": "[variables('dataConnectorCCPVersion')]", - "contentId": "[variables('_dataConnectorContentIdConnections2')]", - "kind": "ResourcesDataConnector" - } - ] - } - } - }, - { - "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates", - "apiVersion": "2023-04-01-preview", - "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/', variables('dataConnectorTemplateNameConnections2'), variables('dataConnectorCCPVersion'))]", - "location": "[parameters('workspace-location')]", - "dependsOn": [ - "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" - ], - "properties": { - "contentId": "[variables('_dataConnectorContentIdConnections2')]", - "displayName": "BitSight Security Events (via Codeless Connector Framework)", - "contentKind": "ResourcesDataConnector", - "mainTemplate": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "[variables('dataConnectorCCPVersion')]", - "parameters": { - "guidValue": { - "defaultValue": "[[newGuid()]", - "type": "securestring" - }, - "innerWorkspace": { - "defaultValue": "[parameters('workspace')]", - "type": "securestring" - }, - "connectorDefinitionName": { - "defaultValue": "BitSight Security Events (via Codeless Connector Framework)", - "type": "securestring", - "minLength": 1 - }, - "workspace": { - "defaultValue": "[parameters('workspace')]", - "type": "securestring" - }, - "dcrConfig": { - "defaultValue": { - "dataCollectionEndpoint": "data collection Endpoint", - "dataCollectionRuleImmutableId": "data collection rule immutableId" - }, - "type": "object" - }, - "dataStream": { - "defaultValue": "dataStream", - "type": "array" - }, - "bitSightApiUrl": { - "defaultValue": "bitSightApiUrl", - "type": "securestring", - "minLength": 1 - }, - "username": { - "defaultValue": "username", - "type": "securestring", - "minLength": 1 - }, - "password": { - "defaultValue": "password", - "type": "securestring", - "minLength": 1 - }, - "friendlyName": { - "defaultValue": "friendlyName", - "type": "securestring", - "minLength": 1 - } - }, - "variables": { - "_dataConnectorContentIdConnections2": "[variables('_dataConnectorContentIdConnections2')]" - }, - "resources": [ - { - "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('DataConnector-', variables('_dataConnectorContentIdConnections2')))]", - "apiVersion": "2022-01-01-preview", - "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", - "properties": { - "parentId": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectors', variables('_dataConnectorContentIdConnections2'))]", - "contentId": "[variables('_dataConnectorContentIdConnections2')]", - "kind": "ResourcesDataConnector", - "version": "[variables('dataConnectorCCPVersion')]", - "source": { - "sourceId": "[variables('_solutionId')]", - "name": "[variables('_solutionName')]", - "kind": "Solution" - }, - "author": { - "name": "Microsoft", - "email": "[variables('_email')]" - }, - "support": { - "name": "BitSight Support", - "email": "support@bitsight.com", - "tier": "Partner", - "link": "https://www.bitsight.com/customer-success-support" - } - } - }, - { - "name": "[[concat('parameters('workspace')', '/Microsoft.SecurityInsights/','BitSightAlerts' , uniqueString(parameters('friendlyName')) )]", - "apiVersion": "2023-02-01-preview", - "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectors", - "location": "[parameters('workspace-location')]", - "kind": "RestApiPoller", - "properties": { - "auth": { - "type": "Basic", - "UserName": "[[parameters('username')]", - "Password": "[[parameters('password')]" - }, - "request": { - "apiEndpoint": "[[concat(parameters('bitSightApiUrl'), '/v2/alerts/')]", - "httpMethod": "GET", - "rateLimitQPS": 1, - "paginatedCallsPerSecond": 1.0, - "queryWindowInMin": 1440, - "queryWindowDelayInMin": 30, - "queryTimeFormat": "yyyy-MM-dd", - "retryCount": 3, - "timeoutInSeconds": 30, - "headers": { - "Accept": "application/json", - "X-BITSIGHT-CALLING-PLATFORM-VERSION": "Microsoft-Sentinel", - "X-BITSIGHT-CONNECTOR-NAME-VERSION": "3.0.2" - }, - "queryParameters": { - "sort": "alert_date", - "alert_date_gte": "{_QueryWindowStartTime}", - "alert_date_lte": "{_QueryWindowEndTime}" - } - }, - "response": { - "eventsJsonPaths": [ - "$.results[*]" - ], - "format": "json" - }, - "paging": { - "pagingType": "Offset", - "offsetParaName": "offset", - "pageSize": 1000, - "pageSizeParameterName": "limit" - }, - "connectorDefinitionName": "BitSightEventsConnector", - "dataType": "BitSightAlerts", - "dcrConfig": { - "streamName": "Custom-BitSightAlerts_CL", - "dataCollectionEndpoint": "[[parameters('dcrConfig').dataCollectionEndpoint]", - "dataCollectionRuleImmutableId": "[[parameters('dcrConfig').dataCollectionRuleImmutableId]" - }, - "addOnAttributes": { - "friendlyName": "[[parameters('friendlyName')]", - "userStream": "ALERTS" - } - }, - "condition": "[[equals(parameters('dataStream')[0], 'ALERTS')]" - }, - { - "name": "[[concat('parameters('workspace')', '/Microsoft.SecurityInsights/','BitSightBreaches' , uniqueString(parameters('friendlyName')) )]", - "apiVersion": "2023-02-01-preview", - "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectors", - "location": "[parameters('workspace-location')]", - "kind": "RestApiPoller", - "properties": { - "auth": { - "type": "Basic", - "UserName": "[[parameters('username')]", - "Password": "[[parameters('password')]" - }, - "request": { - "apiEndpoint": "[[concat(parameters('bitSightApiUrl'), '/ratings/v2/portfolio')]", - "httpMethod": "GET", - "rateLimitQPS": 1, - "paginatedCallsPerSecond": 1.0, - "queryWindowInMin": 1440, - "queryWindowDelayInMin": 60, - "retryCount": 3, - "timeoutInSeconds": 30, - "headers": { - "Accept": "application/json", - "X-BITSIGHT-CALLING-PLATFORM-VERSION": "Microsoft-Sentinel", - "X-BITSIGHT-CONNECTOR-NAME-VERSION": "3.0.2" - }, - "queryParameters": { - "fields": "name,guid" - } - }, - "response": { - "eventsJsonPaths": [ - "$.results[*]" - ], - "format": "json" - }, - "paging": { - "pagingType": "Offset", - "offsetParaName": "offset", - "pageSize": 500, - "pageSizeParameterName": "limit" - }, - "stepInfo": { - "stepType": "Nested", - "nextSteps": [ - { - "stepId": "fetch_company_breaches", - "stepPlaceholdersParsingKql": "source | project res = parse_json(data) | project company_guid_PlaceHolder = tostring(res['guid']), company_name_PlaceHolder = tostring(res['name'])" - } - ] - }, - "stepCollectorConfigs": { - "fetch_company_breaches": { - "shouldJoinNestedData": false, - "request": { - "apiEndpoint": "[[concat(parameters('bitSightApiUrl'), '/v1/companies/$company_guid_PlaceHolder$/providers/breaches')]", - "httpMethod": "GET", - "queryWindowInMin": 1440, - "queryTimeFormat": "yyyy-MM-dd", - "retryCount": 3, - "timeoutInSeconds": 30, - "headers": { - "Accept": "application/json", - "X-BITSIGHT-CALLING-PLATFORM-VERSION": "Microsoft-Sentinel", - "X-BITSIGHT-CONNECTOR-NAME-VERSION": "3.0.2" - }, - "queryParameters": { - "date_created_gte": "{_QueryWindowStartTime}", - "date_created_lte": "{_QueryWindowEndTime}" - } - }, - "response": { - "eventsJsonPaths": [ - "$.results[*]" - ], - "format": "json" - }, - "paging": { - "pagingType": "Offset", - "offsetParaName": "offset", - "pageSize": 500, - "pageSizeParaName": "limit" - } - } - }, - "connectorDefinitionName": "BitSightEventsConnector", - "dataType": "BitSightBreaches", - "dcrConfig": { - "streamName": "Custom-BitSightBreaches_CL", - "dataCollectionEndpoint": "[[parameters('dcrConfig').dataCollectionEndpoint]", - "dataCollectionRuleImmutableId": "[[parameters('dcrConfig').dataCollectionRuleImmutableId]" - }, - "addOnAttributes": { - "company_guid": "$company_guid_PlaceHolder$", - "company_name": "$company_name_PlaceHolder$", - "friendlyName": "[[parameters('friendlyName')]", - "userStream": "BREACHES" - } - }, - "condition": "[[equals(parameters('dataStream')[0], 'BREACHES')]" - }, - { - "name": "[[concat('parameters('workspace')', '/Microsoft.SecurityInsights/','BitSightFindings' , uniqueString(parameters('friendlyName')), uniqueString('Diligence') )]", - "apiVersion": "2023-02-01-preview", - "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectors", - "location": "[parameters('workspace-location')]", - "kind": "RestApiPoller", - "properties": { - "auth": { - "type": "Basic", - "UserName": "[[parameters('username')]", - "Password": "[[parameters('password')]" - }, - "request": { - "apiEndpoint": "[[concat(parameters('bitSightApiUrl'), '/ratings/v2/portfolio')]", - "httpMethod": "GET", - "rateLimitQPS": 1, - "paginatedCallsPerSecond": 1.0, - "queryWindowInMin": 1, - "queryWindowDelayInMin": 60, - "retryCount": 3, - "timeoutInSeconds": 30, - "headers": { - "Accept": "application/json", - "X-BITSIGHT-CALLING-PLATFORM-VERSION": "Microsoft-Sentinel", - "X-BITSIGHT-CONNECTOR-NAME-VERSION": "3.0.2" - }, - "queryParameters": { - "fields": "name,guid" - } - }, - "response": { - "eventsJsonPaths": [ - "$.results[*]" - ], - "format": "json" - }, - "paging": { - "pagingType": "Offset", - "offsetParaName": "offset", - "pageSize": 500, - "pageSizeParameterName": "limit" - }, - "stepInfo": { - "stepType": "Nested", - "nextSteps": [ - { - "stepId": "fetch_company_findings", - "stepPlaceholdersParsingKql": "source | project res = parse_json(data) | project company_guid_PlaceHolder = tostring(res['guid']), company_name_PlaceHolder = tostring(res['name'])" - } - ] - }, - "stepCollectorConfigs": { - "fetch_company_findings": { - "shouldJoinNestedData": false, - "request": { - "apiEndpoint": "[[concat(parameters('bitSightApiUrl'), '/ratings/v1/companies/$company_guid_PlaceHolder$/findings')]", - "httpMethod": "GET", - "queryWindowInMin": 1440, - "queryTimeFormat": "yyyy-MM-dd", - "retryCount": 3, - "timeoutInSeconds": 30, - "headers": { - "Accept": "application/json", - "X-BITSIGHT-CALLING-PLATFORM-VERSION": "Microsoft-Sentinel", - "X-BITSIGHT-CONNECTOR-NAME-VERSION": "3.0.2" - }, - "queryParameters": { - "sort": "last_seen", - "expand": "attributed_companies", - "risk_category": "Diligence", - "last_seen_gte": "{_QueryWindowStartTime}", - "last_seen_lte": "{_QueryWindowEndTime}" - } - }, - "response": { - "eventsJsonPaths": [ - "$.results[*]" - ], - "format": "json" - }, - "paging": { - "pagingType": "Offset", - "offsetParaName": "offset", - "pageSize": 1000, - "pageSizeParaName": "limit" - } - } - }, - "connectorDefinitionName": "BitSightEventsConnector", - "dataType": "BitSightFindings", - "dcrConfig": { - "streamName": "Custom-BitSightFindings_CL", - "dataCollectionEndpoint": "[[parameters('dcrConfig').dataCollectionEndpoint]", - "dataCollectionRuleImmutableId": "[[parameters('dcrConfig').dataCollectionRuleImmutableId]" - }, - "addOnAttributes": { - "company_guid": "$company_guid_PlaceHolder$", - "company_name": "$company_name_PlaceHolder$", - "userStream": "DILIGENCE", - "friendlyName": "[[parameters('friendlyName')]" - } - }, - "condition": "[[equals(parameters('dataStream')[0], 'DILIGENCE')]" - }, - { - "name": "[[concat('parameters('workspace')', '/Microsoft.SecurityInsights/','BitSightFindings' , uniqueString(parameters('friendlyName')), uniqueString('Compromised Systems') )]", - "apiVersion": "2023-02-01-preview", - "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectors", - "location": "[parameters('workspace-location')]", - "kind": "RestApiPoller", - "properties": { - "auth": { - "type": "Basic", - "UserName": "[[parameters('username')]", - "Password": "[[parameters('password')]" - }, - "request": { - "apiEndpoint": "[[concat(parameters('bitSightApiUrl'), '/ratings/v2/portfolio')]", - "httpMethod": "GET", - "rateLimitQPS": 1, - "paginatedCallsPerSecond": 1.0, - "queryWindowInMin": 1, - "queryWindowDelayInMin": 60, - "retryCount": 3, - "timeoutInSeconds": 30, - "headers": { - "Accept": "application/json", - "X-BITSIGHT-CALLING-PLATFORM-VERSION": "Microsoft-Sentinel", - "X-BITSIGHT-CONNECTOR-NAME-VERSION": "3.0.2" - }, - "queryParameters": { - "fields": "name,guid" - } - }, - "response": { - "eventsJsonPaths": [ - "$.results[*]" - ], - "format": "json" - }, - "paging": { - "pagingType": "Offset", - "offsetParaName": "offset", - "pageSize": 500, - "pageSizeParameterName": "limit" - }, - "stepInfo": { - "stepType": "Nested", - "nextSteps": [ - { - "stepId": "fetch_company_findings", - "stepPlaceholdersParsingKql": "source | project res = parse_json(data) | project company_guid_PlaceHolder = tostring(res['guid']), company_name_PlaceHolder = tostring(res['name'])" - } - ] - }, - "stepCollectorConfigs": { - "fetch_company_findings": { - "shouldJoinNestedData": false, - "request": { - "apiEndpoint": "[[concat(parameters('bitSightApiUrl'), '/ratings/v1/companies/$company_guid_PlaceHolder$/findings')]", - "httpMethod": "GET", - "queryWindowInMin": 1440, - "queryTimeFormat": "yyyy-MM-dd", - "retryCount": 3, - "timeoutInSeconds": 30, - "headers": { - "Accept": "application/json", - "X-BITSIGHT-CALLING-PLATFORM-VERSION": "Microsoft-Sentinel", - "X-BITSIGHT-CONNECTOR-NAME-VERSION": "3.0.2" - }, - "queryParameters": { - "sort": "last_seen", - "expand": "attributed_companies", - "risk_category": "Compromised Systems", - "last_seen_gte": "{_QueryWindowStartTime}", - "last_seen_lte": "{_QueryWindowEndTime}" - } - }, - "response": { - "eventsJsonPaths": [ - "$.results[*]" - ], - "format": "json" - }, - "paging": { - "pagingType": "Offset", - "offsetParaName": "offset", - "pageSize": 1000, - "pageSizeParaName": "limit" - } - } - }, - "connectorDefinitionName": "BitSightEventsConnector", - "dataType": "BitSightFindings", - "dcrConfig": { - "streamName": "Custom-BitSightFindings_CL", - "dataCollectionEndpoint": "[[parameters('dcrConfig').dataCollectionEndpoint]", - "dataCollectionRuleImmutableId": "[[parameters('dcrConfig').dataCollectionRuleImmutableId]" - }, - "addOnAttributes": { - "company_guid": "$company_guid_PlaceHolder$", - "company_name": "$company_name_PlaceHolder$", - "userStream": "COMPROMISED_SYSTEMS", - "friendlyName": "[[parameters('friendlyName')]" - } - }, - "condition": "[[equals(parameters('dataStream')[0], 'COMPROMISED_SYSTEMS')]" - }, - { - "name": "[[concat('parameters('workspace')', '/Microsoft.SecurityInsights/','BitSightFindings' , uniqueString(parameters('friendlyName')), uniqueString('User Behavior') )]", - "apiVersion": "2023-02-01-preview", - "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectors", - "location": "[parameters('workspace-location')]", - "kind": "RestApiPoller", - "properties": { - "auth": { - "type": "Basic", - "UserName": "[[parameters('username')]", - "Password": "[[parameters('password')]" - }, - "request": { - "apiEndpoint": "[[concat(parameters('bitSightApiUrl'), '/ratings/v2/portfolio')]", - "httpMethod": "GET", - "rateLimitQPS": 1, - "paginatedCallsPerSecond": 1.0, - "queryWindowInMin": 1, - "queryWindowDelayInMin": 60, - "retryCount": 3, - "timeoutInSeconds": 30, - "headers": { - "Accept": "application/json", - "X-BITSIGHT-CALLING-PLATFORM-VERSION": "Microsoft-Sentinel", - "X-BITSIGHT-CONNECTOR-NAME-VERSION": "3.0.2" - }, - "queryParameters": { - "fields": "name,guid" - } - }, - "response": { - "eventsJsonPaths": [ - "$.results[*]" - ], - "format": "json" - }, - "paging": { - "pagingType": "Offset", - "offsetParaName": "offset", - "pageSize": 500, - "pageSizeParameterName": "limit" - }, - "stepInfo": { - "stepType": "Nested", - "nextSteps": [ - { - "stepId": "fetch_company_findings", - "stepPlaceholdersParsingKql": "source | project res = parse_json(data) | project company_guid_PlaceHolder = tostring(res['guid']), company_name_PlaceHolder = tostring(res['name'])" - } - ] - }, - "stepCollectorConfigs": { - "fetch_company_findings": { - "shouldJoinNestedData": false, - "request": { - "apiEndpoint": "[[concat(parameters('bitSightApiUrl'), '/ratings/v1/companies/$company_guid_PlaceHolder$/findings')]", - "httpMethod": "GET", - "queryWindowInMin": 1440, - "queryTimeFormat": "yyyy-MM-dd", - "retryCount": 3, - "timeoutInSeconds": 30, - "headers": { - "Accept": "application/json", - "X-BITSIGHT-CALLING-PLATFORM-VERSION": "Microsoft-Sentinel", - "X-BITSIGHT-CONNECTOR-NAME-VERSION": "3.0.2" - }, - "queryParameters": { - "sort": "last_seen", - "expand": "attributed_companies", - "risk_category": "User Behavior", - "last_seen_gte": "{_QueryWindowStartTime}", - "last_seen_lte": "{_QueryWindowEndTime}" - } - }, - "response": { - "eventsJsonPaths": [ - "$.results[*]" - ], - "format": "json" - }, - "paging": { - "pagingType": "Offset", - "offsetParaName": "offset", - "pageSize": 1000, - "pageSizeParaName": "limit" - } - } - }, - "connectorDefinitionName": "BitSightEventsConnector", - "dataType": "BitSightFindings", - "dcrConfig": { - "streamName": "Custom-BitSightFindings_CL", - "dataCollectionEndpoint": "[[parameters('dcrConfig').dataCollectionEndpoint]", - "dataCollectionRuleImmutableId": "[[parameters('dcrConfig').dataCollectionRuleImmutableId]" - }, - "addOnAttributes": { - "company_guid": "$company_guid_PlaceHolder$", - "company_name": "$company_name_PlaceHolder$", - "userStream": "USER_BEHAVIOR", - "friendlyName": "[[parameters('friendlyName')]" - } - }, - "condition": "[[equals(parameters('dataStream')[0], 'USER_BEHAVIOR')]" - } - ] - }, - "packageKind": "Solution", - "packageVersion": "[variables('_solutionVersion')]", - "packageName": "[variables('_solutionName')]", - "contentProductId": "[concat(take(variables('_solutionId'), 50),'-','rdc','-', uniqueString(concat(variables('_solutionId'),'-','ResourcesDataConnector','-',variables('_dataConnectorContentIdConnections2'),'-', variables('dataConnectorCCPVersion'))))]", - "packageId": "[variables('_solutionId')]", - "contentSchemaVersion": "3.0.0", - "version": "[variables('dataConnectorCCPVersion')]" - } - }, - { - "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates", - "apiVersion": "2023-04-01-preview", - "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/', variables('dataConnectorTemplateNameConnectorDefinition3'), variables('dataConnectorCCPVersion'))]", - "location": "[parameters('workspace-location')]", - "dependsOn": [ - "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" - ], - "properties": { - "contentId": "[variables('_dataConnectorContentIdConnectorDefinition3')]", - "displayName": "BitSight Security Statistics (via Codeless Connector Framework)", - "contentKind": "DataConnector", - "mainTemplate": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "[variables('dataConnectorCCPVersion')]", - "parameters": {}, - "variables": {}, - "resources": [ - { - "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',variables('_dataConnectorContentIdConnectorDefinition3'))]", - "apiVersion": "2022-09-01-preview", - "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectorDefinitions", - "location": "[parameters('workspace-location')]", - "kind": "Customizable", - "properties": { - "connectorUiConfig": { - "id": "BitSightStatisticsConnector", - "title": "BitSight Security Statistics (via Codeless Connector Framework)", - "publisher": "Microsoft", - "descriptionMarkdown": "The [BitSight](https://www.bitsight.com/) data connector provides the capability to ingest security statistics, company profiles, rating details, diligence history, risk vector statistics, and vulnerability data from your BitSight portfolio into Microsoft Sentinel through the BitSight REST API. Refer to the [BitSight API documentation](https://help.bitsighttech.com/hc/en-us/articles/115014888388-API-Token-Management) for more information.", - "graphQueriesTableName": "BitSightCompanyDetails", - "graphQueries": [ - { - "metricName": "Total Company Detail records received", - "legend": "BitSight Company Details", - "baseQuery": "{{graphQueriesTableName}}" - }, - { - "metricName": "Total Company Rating Details received", - "legend": "BitSight Company Rating Details", - "baseQuery": "BitSightCompanyRatingDetails" - }, - { - "metricName": "Total Diligence Historical Statistics received", - "legend": "BitSight Diligence Historical Statistics", - "baseQuery": "BitSightDiligenceHistoricalStatistics" - }, - { - "metricName": "Total Diligence Statistics received", - "legend": "BitSight Diligence Statistics", - "baseQuery": "BitSightDiligenceStatistics" - }, - { - "metricName": "Total Observations Statistics received", - "legend": "BitSight Observations Statistics", - "baseQuery": "BitSightObservationStatistics" - }, - { - "metricName": "Total Industries Statistics received", - "legend": "BitSight Industries Statistics", - "baseQuery": "BitsightIndustrialStatistics" - }, - { - "metricName": "Total Findings Summary records received", - "legend": "BitSight Findings Summary", - "baseQuery": "BitSightFindingsSummary" - }, - { - "metricName": "Total Vulnerabilities received", - "legend": "BitSight Vulnerabilities", - "baseQuery": "BitsightVulnerabilitiesFindingsSummary" - } - ], - "sampleQueries": [ - { - "description": "Get sample of BitSight Company Details", - "query": "{{graphQueriesTableName}}\n | take 10" - }, - { - "description": "Get company security ratings over time", - "query": "{{graphQueriesTableName}}\n | where TimeGenerated > ago(90d)\n | summarize LatestRating = arg_max(TimeGenerated, CurrentRating) by Name\n | order by LatestRating asc" - }, - { - "description": "Get sample of BitSight Company Rating Details", - "query": "BitSightCompanyRatingDetails\n | take 10" - }, - { - "description": "Get findings summary with latest data per company/stat", - "query": "BitSightFindingsSummary\n | where TimeGenerated > ago(1d)\n | take 10" - }, - { - "description": "Get sample of BitSight Vulnerabilities", - "query": "BitsightVulnerabilitiesFindingsSummary\n | take 10" - } - ], - "dataTypes": [ - { - "name": "{{graphQueriesTableName}}", - "lastDataReceivedQuery": "{{graphQueriesTableName}}\n | where TimeGenerated > ago(12h)\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" - }, - { - "name": "BitSightCompanyRatingDetails", - "lastDataReceivedQuery": "BitSightCompanyRatingDetails\n | where TimeGenerated > ago(12h)\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" - }, - { - "name": "BitSightFindingsSummary", - "lastDataReceivedQuery": "BitSightFindingsSummary\n | where TimeGenerated > ago(12h)\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" - }, - { - "name": "BitSightDiligenceHistoricalStatistics", - "lastDataReceivedQuery": "BitSightDiligenceHistoricalStatistics\n| where TimeGenerated > ago(12h)\n| summarize Time = max(TimeGenerated)\n| where isnotempty(Time)" - }, - { - "name": "BitSightDiligenceStatistics", - "lastDataReceivedQuery": "BitSightDiligenceStatistics\n| where TimeGenerated > ago(12h)\n| summarize Time = max(TimeGenerated)\n| where isnotempty(Time)" - }, - { - "name": "BitSightObservationStatistics", - "lastDataReceivedQuery": "BitSightObservationStatistics\n| where TimeGenerated > ago(12h)\n| summarize Time = max(TimeGenerated)\n| where isnotempty(Time)" - }, - { - "name": "BitsightIndustrialStatistics", - "lastDataReceivedQuery": "BitsightIndustrialStatistics\n| where TimeGenerated > ago(12h)\n| summarize Time = max(TimeGenerated)\n| where isnotempty(Time)" - }, - { - "name": "BitsightVulnerabilitiesFindingsSummary", - "lastDataReceivedQuery": "BitsightVulnerabilitiesFindingsSummary\n| where TimeGenerated > ago(12h)\n| summarize Time = max(TimeGenerated)\n| where isnotempty(Time)" - } - ], - "connectivityCriteria": [ - { - "type": "HasDataConnectors" - } - ], - "availability": { - "isPreview": true, - "status": 1 - }, - "permissions": { - "resourceProvider": [ - { - "provider": "Microsoft.OperationalInsights/workspaces", - "permissionsDisplayText": "Read and Write permissions are required.", - "providerDisplayName": "Workspace", - "scope": "Workspace", - "requiredPermissions": { - "write": true, - "read": true, - "delete": true, - "action": false - } - } - ], - "customs": [ - { - "name": "BitSight API Token", - "description": "A BitSight API Token is required to authenticate requests to the BitSight REST API. [See the documentation](https://help.bitsighttech.com/hc/en-us/articles/115014888388-API-Token-Management) to learn more about API Token management." - } - ] - }, - "instructionSteps": [ - { - "title": "1. Connection Management", - "description": "Manage your BitSight statistics data stream connections", - "instructions": [ - { - "type": "Markdown", - "parameters": { - "content": "## BitSight Statistics Connections\n\nManage multiple BitSight statistics connections. Each connection selects one or more **data streams** to ingest and assigns a **Connection Name** stored in the `connectionName` column of every ingested record.\n\n> **Authentication**: BitSight uses HTTP Basic Authentication where the API token is used as **both** the username and password." - } - }, - { - "type": "DataConnectorsGrid", - "parameters": { - "mapping": [ - { - "columnName": "Connection Name", - "columnValue": "properties.addOnAttributes.connectionName" - }, - { - "columnName": "Active Streams", - "columnValue": "properties.addOnAttributes.streams" - }, - { - "columnName": "API URL", - "columnValue": "properties.request.apiEndpoint" - } - ], - "menuItems": [ - "DeleteConnector" - ] - } - }, - { - "type": "ContextPane", - "parameters": { - "isPrimary": true, - "label": "Add Connection", - "title": "Add BitSight Statistics Connection", - "subtitle": "Configure a new BitSight statistics connection", - "contextPaneType": "DataConnectorsContextPane", - "instructionSteps": [ - { - "instructions": [ - { - "type": "Markdown", - "parameters": { - "content": "## 1. Select Data Streams\n\nChoose which BitSight statistics data types to collect for this connection. You can select multiple streams." - } - }, - { - "type": "Dropdown", - "parameters": { - "label": "Data Streams", - "name": "streams", - "options": [ - { - "key": "FindingsSummary", - "text": "FindingsSummary" - }, - { - "key": "CompanyDetails", - "text": "CompanyDetails" - }, - { - "key": "CompanyRatingDetails", - "text": "CompanyRatingDetails" - }, - { - "key": "DiligenceHistoricalStatistics", - "text": "DiligenceHistoricalStatistics" - }, - { - "key": "RiskVectorStatistics", - "text": "RiskVectorStatistics" - }, - { - "key": "IndustriesStatistics", - "text": "IndustriesStatistics" - }, - { - "key": "Vulnerabilities", - "text": "Vulnerabilities" - }, - { - "key": "ObservationsStatistics", - "text": "ObservationsStatistics" - } - ], - "isMultiSelect": true, - "defaultAllSelected": false, - "required": true - } - }, - { - "type": "Markdown", - "parameters": { - "content": "## 2. API Configuration" - } - }, - { - "type": "Textbox", - "parameters": { - "label": "BitSight API Base URL", - "placeholder": "https://api.bitsighttech.com", - "type": "text", - "name": "bitSightApiUrl", - "validations": { - "required": true - } - } - }, - { - "type": "Markdown", - "parameters": { - "content": "## 3. Authentication\n\nBitSight uses your API token as **both** the username and password for HTTP Basic Authentication." - } - }, - { - "type": "Textbox", - "parameters": { - "label": "BitSight API Token (Username)", - "placeholder": "Paste your BitSight API Token", - "type": "text", - "name": "username", - "validations": { - "required": true - } - } - }, - { - "type": "Textbox", - "parameters": { - "label": "BitSight API Token (Password)", - "placeholder": "Paste your BitSight API Token again", - "type": "password", - "name": "password", - "validations": { - "required": true - } - } - }, - { - "type": "InfoMessage", - "parameters": { - "text": "Obtain your API Token from **Settings > Account > User Preferences > API Token** in the BitSight portal.", - "visible": true, - "inline": false - } - }, - { - "type": "Markdown", - "parameters": { - "content": "## 4. Connection Name\n\nAssign a unique name to identify this connection in the grid and in every ingested log record." - } - }, - { - "type": "Textbox", - "parameters": { - "label": "Connection Name", - "placeholder": "e.g. BitSight-Statistics-Prod", - "type": "text", - "name": "connectionName", - "validations": { - "required": true - } - } - }, - { - "type": "InfoMessage", - "parameters": { - "text": "The connection name is stored in the `connectionName` column of every ingested record, enabling you to trace data back to this specific connection.", - "visible": true, - "inline": true - } - } - ] - } - ] - } - } - ] - } - ] - } - } - }, - { - "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('DataConnector-', variables('_dataConnectorContentIdConnectorDefinition3')))]", - "apiVersion": "2022-01-01-preview", - "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", - "properties": { - "parentId": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectorDefinitions', variables('_dataConnectorContentIdConnectorDefinition3'))]", - "contentId": "[variables('_dataConnectorContentIdConnectorDefinition3')]", - "kind": "DataConnector", - "version": "[variables('dataConnectorCCPVersion')]", - "source": { - "sourceId": "[variables('_solutionId')]", - "name": "[variables('_solutionName')]", - "kind": "Solution" - }, - "author": { - "name": "Microsoft", - "email": "[variables('_email')]" - }, - "support": { - "name": "BitSight Support", - "email": "support@bitsight.com", - "tier": "Partner", - "link": "https://www.bitsight.com/customer-success-support" - }, - "dependencies": { - "criteria": [ - { - "version": "[variables('dataConnectorCCPVersion')]", - "contentId": "[variables('_dataConnectorContentIdConnections3')]", - "kind": "ResourcesDataConnector" - } - ] - } - } - }, - { - "name": "BitSightStatisticsDCR", - "apiVersion": "2022-06-01", - "type": "Microsoft.Insights/dataCollectionRules", - "location": "[parameters('workspace-location')]", - "kind": "[variables('blanks')]", - "properties": { - "dataCollectionEndpointId": "[variables('dataCollectionEndpointId3')]", - "streamDeclarations": { - "Custom-BitSightFindingsSummary_CL": { - "columns": [ - { - "name": "company_name", - "type": "string" - }, - { - "name": "company_guid", - "type": "string" - }, - { - "name": "start_date", - "type": "string" - }, - { - "name": "end_date", - "type": "string" - }, - { - "name": "stats", - "type": "dynamic" - }, - { - "name": "connectionName", - "type": "string" - } - ] - }, - "Custom-BitSightCompanyDetails_CL": { - "columns": [ - { - "name": "guid", - "type": "string" - }, - { - "name": "name", - "type": "string" - }, - { - "name": "shortname", - "type": "string" - }, - { - "name": "type", - "type": "string" - }, - { - "name": "description", - "type": "string" - }, - { - "name": "primary_domain", - "type": "string" - }, - { - "name": "homepage", - "type": "string" - }, - { - "name": "display_url", - "type": "string" - }, - { - "name": "sparkline", - "type": "string" - }, - { - "name": "industry", - "type": "string" - }, - { - "name": "industry_slug", - "type": "string" - }, - { - "name": "sub_industry", - "type": "string" - }, - { - "name": "sub_industry_slug", - "type": "string" - }, - { - "name": "ipv4_count", - "type": "int" - }, - { - "name": "people_count", - "type": "int" - }, - { - "name": "search_count", - "type": "int" - }, - { - "name": "customer_monitoring_count", - "type": "int" - }, - { - "name": "current_rating", - "type": "int" - }, - { - "name": "rating_industry_median", - "type": "string" - }, - { - "name": "ratings", - "type": "dynamic" - }, - { - "name": "subscription_type", - "type": "string" - }, - { - "name": "subscription_type_key", - "type": "string" - }, - { - "name": "subscription_end_date", - "type": "string" - }, - { - "name": "bulk_email_sender_status", - "type": "string" - }, - { - "name": "security_grade", - "type": "string" - }, - { - "name": "service_provider", - "type": "boolean" - }, - { - "name": "has_company_tree", - "type": "boolean" - }, - { - "name": "has_preferred_contact", - "type": "boolean" - }, - { - "name": "is_bundle", - "type": "boolean" - }, - { - "name": "is_primary", - "type": "boolean" - }, - { - "name": "in_spm_portfolio", - "type": "boolean" - }, - { - "name": "is_mycomp_mysubs_bundle", - "type": "boolean" - }, - { - "name": "is_csp", - "type": "boolean" - }, - { - "name": "has_delegated_security_controls", - "type": "boolean" - }, - { - "name": "custom_id", - "type": "dynamic" - }, - { - "name": "available_upgrade_types", - "type": "dynamic" - }, - { - "name": "company_features", - "type": "dynamic" - }, - { - "name": "related_companies", - "type": "dynamic" - }, - { - "name": "primary_company", - "type": "dynamic" - }, - { - "name": "compliance_claim", - "type": "dynamic" - }, - { - "name": "permissions", - "type": "dynamic" - }, - { - "name": "connectionName", - "type": "string" - } - ] - }, - "Custom-BitSightCompanyRatingDetails_CL": { - "columns": [ - { - "name": "company_name", - "type": "string" - }, - { - "name": "company_guid", - "type": "string" - }, - { - "name": "risk_vector_slug", - "type": "string" - }, - { - "name": "name", - "type": "string" - }, - { - "name": "category", - "type": "string" - }, - { - "name": "category_order", - "type": "int" - }, - { - "name": "rating", - "type": "int" - }, - { - "name": "grade", - "type": "string" - }, - { - "name": "percentile", - "type": "int" - }, - { - "name": "grade_color", - "type": "string" - }, - { - "name": "order", - "type": "int" - }, - { - "name": "display_url", - "type": "string" - }, - { - "name": "beta", - "type": "boolean" - }, - { - "name": "connectionName", - "type": "string" - } - ] - }, - "Custom-BitSightDiligenceHistoricalStatistics_CL": { - "columns": [ - { - "name": "company_name", - "type": "string" - }, - { - "name": "company_guid", - "type": "string" - }, - { - "name": "date", - "type": "string" - }, - { - "name": "grade", - "type": "string" - }, - { - "name": "counts", - "type": "dynamic" - }, - { - "name": "connectionName", - "type": "string" - } - ] - }, - "Custom-BitSightDiligenceStatistics_CL": { - "columns": [ - { - "name": "company_name", - "type": "string" - }, - { - "name": "company_guid", - "type": "string" - }, - { - "name": "risk_vector", - "type": "string" - }, - { - "name": "unknown", - "type": "int" - }, - { - "name": "bad", - "type": "int" - }, - { - "name": "warn", - "type": "int" - }, - { - "name": "neutral", - "type": "int" - }, - { - "name": "fair", - "type": "int" - }, - { - "name": "good", - "type": "int" - }, - { - "name": "spear_phishing", - "type": "int" - }, - { - "name": "bit_flip", - "type": "int" - }, - { - "name": "typographical_errors", - "type": "int" - }, - { - "name": "tld_variant", - "type": "int" - }, - { - "name": "total_count", - "type": "int" - }, - { - "name": "connectionName", - "type": "string" - } - ] - }, - "Custom-BitSightObservationStatistics_CL": { - "columns": [ - { - "name": "company_name", - "type": "string" - }, - { - "name": "company_guid", - "type": "string" - }, - { - "name": "risk_vector", - "type": "string" - }, - { - "name": "count", - "type": "int" - }, - { - "name": "count_period", - "type": "string" - }, - { - "name": "average_duration_days", - "type": "real" - }, - { - "name": "connectionName", - "type": "string" - } - ] - }, - "Custom-BitsightVulnerabilitiesFindingsSummary_CL": { - "columns": [ - { - "name": "name", - "type": "string" - }, - { - "name": "display_name", - "type": "string" - }, - { - "name": "description", - "type": "string" - }, - { - "name": "severity", - "type": "string" - }, - { - "name": "connectionName", - "type": "string" - } - ] - }, - "Custom-BitsightIndustrialStatistics_CL": { - "columns": [ - { - "name": "company_name", - "type": "string" - }, - { - "name": "company_guid", - "type": "string" - }, - { - "name": "risk_vector", - "type": "string" - }, - { - "name": "count", - "type": "int" - }, - { - "name": "count_period", - "type": "string" - }, - { - "name": "average_duration_days", - "type": "real" - }, - { - "name": "connectionName", - "type": "string" - } - ] - } - }, - "destinations": { - "logAnalytics": [ - { - "workspaceResourceId": "[variables('workspaceResourceId')]", - "name": "clv2ws1" - } - ] - }, - "dataFlows": [ - { - "streams": [ - "Custom-BitSightFindingsSummary_CL" - ], - "destinations": [ - "clv2ws1" - ], - "outputStream": "Custom-BitSightFindingsSummary_CL", - "transformKql": "source | extend TimeGenerated = iff(isnull(['end_date']) or todatetime(['end_date']) < ago(2d), now(), todatetime(['end_date'])) , CompanyName = ['company_name'] , CompanyGuid = ['company_guid'] , StartDate = ['start_date'] , EndDate = ['end_date'] , Stats = ['stats'] , ConnectorName = ['connectionName'] | project TimeGenerated , CompanyName , CompanyGuid , StartDate , EndDate , Stats , ConnectorName" - }, - { - "streams": [ - "Custom-BitSightCompanyDetails_CL" - ], - "destinations": [ - "clv2ws1" - ], - "outputStream": "Custom-BitSightCompanyDetails_CL", - "transformKql": "source | extend TimeGenerated = now() , Guid = ['guid'] , Name = ['name'] , Shortname = ['shortname'] , CompanyType = ['type'] , Description = ['description'] , PrimaryDomain = ['primary_domain'] , Homepage = ['homepage'] , DisplayUrl = ['display_url'] , Sparkline = ['sparkline'] , Industry = ['industry'] , IndustrySlug = ['industry_slug'] , SubIndustry = ['sub_industry'] , SubIndustrySlug = ['sub_industry_slug'] , Ipv4Count = ['ipv4_count'] , PeopleCount = ['people_count'] , SearchCount = ['search_count'] , CustomerMonitoringCount = ['customer_monitoring_count'] , CurrentRating = ['current_rating'] , RatingIndustryMedian = ['rating_industry_median'] , Ratings = ['ratings'] , SubscriptionType = ['subscription_type'] , SubscriptionTypeKey = ['subscription_type_key'] , SubscriptionEndDate = ['subscription_end_date'] , BulkEmailSenderStatus = ['bulk_email_sender_status'] , SecurityGrade = ['security_grade'] , ServiceProvider = ['service_provider'] , HasCompanyTree = ['has_company_tree'] , HasPreferredContact = ['has_preferred_contact'] , IsBundle = ['is_bundle'] , IsPrimary = ['is_primary'] , InSpmPortfolio = ['in_spm_portfolio'] , IsMycompMysubsBundle = ['is_mycomp_mysubs_bundle'] , IsCsp = ['is_csp'] , HasDelegatedSecurityControls = ['has_delegated_security_controls'] , CustomId = ['custom_id'] , AvailableUpgradeTypes = ['available_upgrade_types'] , CompanyFeatures = ['company_features'] , RelatedCompanies = ['related_companies'] , PrimaryCompany = ['primary_company'] , ComplianceClaim = ['compliance_claim'] , Permissions = ['permissions'] , ConnectorName = ['connectionName'] | project TimeGenerated , Guid , Name , Shortname , CompanyType , Description , PrimaryDomain , Homepage , DisplayUrl , Sparkline , Industry , IndustrySlug , SubIndustry , SubIndustrySlug , Ipv4Count , PeopleCount , SearchCount , CustomerMonitoringCount , CurrentRating , RatingIndustryMedian , Ratings , SubscriptionType , SubscriptionTypeKey , SubscriptionEndDate , BulkEmailSenderStatus , SecurityGrade , ServiceProvider , HasCompanyTree , HasPreferredContact , IsBundle , IsPrimary , InSpmPortfolio , IsMycompMysubsBundle , IsCsp , HasDelegatedSecurityControls , CustomId , AvailableUpgradeTypes , CompanyFeatures , RelatedCompanies , PrimaryCompany , ComplianceClaim , Permissions , ConnectorName" - }, - { - "streams": [ - "Custom-BitSightCompanyRatingDetails_CL" - ], - "destinations": [ - "clv2ws1" - ], - "outputStream": "Custom-BitSightCompanyRatingDetails_CL", - "transformKql": "source | extend TimeGenerated = now() , CompanyName = ['company_name'] , CompanyGuid = ['company_guid'] , RiskVectorSlug = ['risk_vector_slug'] , RiskVectorLabel = ['name'] , RiskCategory = ['category'] , CategoryOrder = ['category_order'] , Rating = ['rating'] , Grade = ['grade'] , Percentile = ['percentile'] , GradeColor = ['grade_color'] , RiskVectorOrder = ['order'] , DisplayUrl = ['display_url'] , Beta = ['beta'] , ConnectorName = ['connectionName'] | project TimeGenerated , CompanyName , CompanyGuid , RiskVectorSlug , RiskVectorLabel , RiskCategory , CategoryOrder , Rating , Grade , Percentile , GradeColor , RiskVectorOrder , DisplayUrl , Beta , ConnectorName" - }, - { - "streams": [ - "Custom-BitSightDiligenceHistoricalStatistics_CL" - ], - "destinations": [ - "clv2ws1" - ], - "outputStream": "Custom-BitSightDiligenceHistoricalStatistics_CL", - "transformKql": "source | extend TimeGenerated = now() , CompanyName = ['company_name'] , CompanyGuid = ['company_guid'] , RecordDate = ['date'] , Grade = ['grade'] , Counts = ['counts'] , ConnectorName = ['connectionName'] | project TimeGenerated , CompanyName , CompanyGuid , RecordDate , Grade , Counts , ConnectorName" - }, - { - "streams": [ - "Custom-BitSightDiligenceStatistics_CL" - ], - "destinations": [ - "clv2ws1" - ], - "outputStream": "Custom-BitSightDiligenceStatistics_CL", - "transformKql": "source | extend TimeGenerated = now() , CompanyName = ['company_name'] , CompanyGuid = ['company_guid'] , RiskVector = ['risk_vector'] , Unknown = ['unknown'] , Bad = ['bad'] , Warn = ['warn'] , Neutral = ['neutral'] , Fair = ['fair'] , Good = ['good'] , SpearPhishing = ['spear_phishing'] , BitFlip = ['bit_flip'] , TypographicalErrors = ['typographical_errors'] , TldVariant = ['tld_variant'] , TotalCount = ['total_count'] , ConnectorName = ['connectionName'] | project TimeGenerated , CompanyName , CompanyGuid , RiskVector , Unknown , Bad , Warn , Neutral , Fair , Good , SpearPhishing , BitFlip , TypographicalErrors , TldVariant , TotalCount , ConnectorName" - }, - { - "streams": [ - "Custom-BitSightObservationStatistics_CL" - ], - "destinations": [ - "clv2ws1" - ], - "outputStream": "Custom-BitSightObservationStatistics_CL", - "transformKql": "source | extend TimeGenerated = now() , CompanyName = ['company_name'] , CompanyGuid = ['company_guid'] , RiskVector = ['risk_vector'] , ObservationCount = ['count'] , CountPeriod = ['count_period'] , AverageDurationDays = ['average_duration_days'] , ConnectorName = ['connectionName'] | project TimeGenerated , CompanyName , CompanyGuid , RiskVector , ObservationCount , CountPeriod , AverageDurationDays , ConnectorName" - }, - { - "streams": [ - "Custom-BitsightIndustrialStatistics_CL" - ], - "destinations": [ - "clv2ws1" - ], - "outputStream": "Custom-BitsightIndustrialStatistics_CL", - "transformKql": "source | extend TimeGenerated = now() , CompanyName = ['company_name'] , CompanyGuid = ['company_guid'] , RiskVector = ['risk_vector'] , IncidentCount = ['count'] , CountPeriod = ['count_period'] , AverageDurationDays = ['average_duration_days'] , ConnectorName = ['connectionName'] | project TimeGenerated , CompanyName , CompanyGuid , RiskVector , IncidentCount , CountPeriod , AverageDurationDays , ConnectorName" - }, - { - "streams": [ - "Custom-BitsightVulnerabilitiesFindingsSummary_CL" - ], - "destinations": [ - "clv2ws1" - ], - "outputStream": "Custom-BitsightVulnerabilitiesFindingsSummary_CL", - "transformKql": "source | extend TimeGenerated = now() , Name = ['name'] , DisplayName = ['display_name'] , Description = ['description'] , Severity = ['severity'] , ConnectorName = ['connectionName'] | project TimeGenerated , Name , DisplayName , Description , Severity , ConnectorName" - } - ] - } - }, - { - "name": "BitsightVulnerabilitiesFindingsSummary_CL", - "apiVersion": "2022-10-01", - "type": "Microsoft.OperationalInsights/workspaces/tables", - "location": "[parameters('workspace-location')]", - "kind": null, - "properties": { - "retentionInDays": 180, - "schema": { - "name": "BitsightVulnerabilitiesFindingsSummary_CL", - "description": "The BitsightVulnerabilitiesFindingsSummary table contains vulnerability reference data from the BitSight defaults API. Used at query time to enrich BitSightFindingsSummary with Severity and Description via the KQL parser.", - "columns": [ - { - "name": "TimeGenerated", - "type": "datetime", - "isDefaultDisplay": true - }, - { - "name": "Name", - "type": "string", - "description": "Slug identifier for the vulnerability type (e.g., 'patching_cadence')." - }, - { - "name": "DisplayName", - "type": "string", - "description": "Human-readable name of the vulnerability type." - }, - { - "name": "Description", - "type": "string", - "description": "Description of what the vulnerability type measures." - }, - { - "name": "Severity", - "type": "string", - "description": "Severity level of the vulnerability type (e.g., 'high', 'medium', 'low')." - }, - { - "name": "ConnectorName", - "type": "string", - "description": "Connection name identifier for multi-instance tracking." - } - ] - } - } - } - ] - }, - "packageKind": "Solution", - "packageVersion": "[variables('_solutionVersion')]", - "packageName": "[variables('_solutionName')]", - "contentProductId": "[concat(take(variables('_solutionId'), 50),'-','dc','-', uniqueString(concat(variables('_solutionId'),'-','DataConnector','-',variables('_dataConnectorContentIdConnectorDefinition3'),'-', variables('dataConnectorCCPVersion'))))]", - "packageId": "[variables('_solutionId')]", - "contentSchemaVersion": "3.0.0", - "version": "[variables('dataConnectorCCPVersion')]" - } - }, - { - "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',variables('_dataConnectorContentIdConnectorDefinition3'))]", - "apiVersion": "2022-09-01-preview", - "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectorDefinitions", - "location": "[parameters('workspace-location')]", - "kind": "Customizable", - "properties": { - "connectorUiConfig": { - "id": "BitSightStatisticsConnector", - "title": "BitSight Security Statistics (via Codeless Connector Framework)", - "publisher": "Microsoft", - "descriptionMarkdown": "The [BitSight](https://www.bitsight.com/) data connector provides the capability to ingest security statistics, company profiles, rating details, diligence history, risk vector statistics, and vulnerability data from your BitSight portfolio into Microsoft Sentinel through the BitSight REST API. Refer to the [BitSight API documentation](https://help.bitsighttech.com/hc/en-us/articles/115014888388-API-Token-Management) for more information.", - "graphQueriesTableName": "BitSightCompanyDetails", - "graphQueries": [ - { - "metricName": "Total Company Detail records received", - "legend": "BitSight Company Details", - "baseQuery": "{{graphQueriesTableName}}" - }, - { - "metricName": "Total Company Rating Details received", - "legend": "BitSight Company Rating Details", - "baseQuery": "BitSightCompanyRatingDetails" - }, - { - "metricName": "Total Diligence Historical Statistics received", - "legend": "BitSight Diligence Historical Statistics", - "baseQuery": "BitSightDiligenceHistoricalStatistics" - }, - { - "metricName": "Total Diligence Statistics received", - "legend": "BitSight Diligence Statistics", - "baseQuery": "BitSightDiligenceStatistics" - }, - { - "metricName": "Total Observations Statistics received", - "legend": "BitSight Observations Statistics", - "baseQuery": "BitSightObservationStatistics" - }, - { - "metricName": "Total Industries Statistics received", - "legend": "BitSight Industries Statistics", - "baseQuery": "BitsightIndustrialStatistics" - }, - { - "metricName": "Total Findings Summary records received", - "legend": "BitSight Findings Summary", - "baseQuery": "BitSightFindingsSummary" - }, - { - "metricName": "Total Vulnerabilities received", - "legend": "BitSight Vulnerabilities", - "baseQuery": "BitsightVulnerabilitiesFindingsSummary" - } - ], - "sampleQueries": [ - { - "description": "Get sample of BitSight Company Details", - "query": "{{graphQueriesTableName}}\n | take 10" - }, - { - "description": "Get company security ratings over time", - "query": "{{graphQueriesTableName}}\n | where TimeGenerated > ago(90d)\n | summarize LatestRating = arg_max(TimeGenerated, CurrentRating) by Name\n | order by LatestRating asc" - }, - { - "description": "Get sample of BitSight Company Rating Details", - "query": "BitSightCompanyRatingDetails\n | take 10" - }, - { - "description": "Get findings summary with latest data per company/stat", - "query": "BitSightFindingsSummary\n | where TimeGenerated > ago(1d)\n | take 10" - }, - { - "description": "Get sample of BitSight Vulnerabilities", - "query": "BitsightVulnerabilitiesFindingsSummary\n | take 10" - } - ], - "dataTypes": [ - { - "name": "{{graphQueriesTableName}}", - "lastDataReceivedQuery": "{{graphQueriesTableName}}\n | where TimeGenerated > ago(12h)\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" - }, - { - "name": "BitSightCompanyRatingDetails", - "lastDataReceivedQuery": "BitSightCompanyRatingDetails\n | where TimeGenerated > ago(12h)\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" - }, - { - "name": "BitSightFindingsSummary", - "lastDataReceivedQuery": "BitSightFindingsSummary\n | where TimeGenerated > ago(12h)\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" - }, - { - "name": "BitSightDiligenceHistoricalStatistics", - "lastDataReceivedQuery": "BitSightDiligenceHistoricalStatistics\n| where TimeGenerated > ago(12h)\n| summarize Time = max(TimeGenerated)\n| where isnotempty(Time)" - }, - { - "name": "BitSightDiligenceStatistics", - "lastDataReceivedQuery": "BitSightDiligenceStatistics\n| where TimeGenerated > ago(12h)\n| summarize Time = max(TimeGenerated)\n| where isnotempty(Time)" - }, - { - "name": "BitSightObservationStatistics", - "lastDataReceivedQuery": "BitSightObservationStatistics\n| where TimeGenerated > ago(12h)\n| summarize Time = max(TimeGenerated)\n| where isnotempty(Time)" - }, - { - "name": "BitsightIndustrialStatistics", - "lastDataReceivedQuery": "BitsightIndustrialStatistics\n| where TimeGenerated > ago(12h)\n| summarize Time = max(TimeGenerated)\n| where isnotempty(Time)" - }, - { - "name": "BitsightVulnerabilitiesFindingsSummary", - "lastDataReceivedQuery": "BitsightVulnerabilitiesFindingsSummary\n| where TimeGenerated > ago(12h)\n| summarize Time = max(TimeGenerated)\n| where isnotempty(Time)" - } - ], - "connectivityCriteria": [ - { - "type": "HasDataConnectors" - } - ], - "availability": { - "isPreview": true, - "status": 1 - }, - "permissions": { - "resourceProvider": [ - { - "provider": "Microsoft.OperationalInsights/workspaces", - "permissionsDisplayText": "Read and Write permissions are required.", - "providerDisplayName": "Workspace", - "scope": "Workspace", - "requiredPermissions": { - "write": true, - "read": true, - "delete": true, - "action": false - } - } - ], - "customs": [ - { - "name": "BitSight API Token", - "description": "A BitSight API Token is required to authenticate requests to the BitSight REST API. [See the documentation](https://help.bitsighttech.com/hc/en-us/articles/115014888388-API-Token-Management) to learn more about API Token management." - } - ] - }, - "instructionSteps": [ - { - "title": "1. Connection Management", - "description": "Manage your BitSight statistics data stream connections", - "instructions": [ - { - "type": "Markdown", - "parameters": { - "content": "## BitSight Statistics Connections\n\nManage multiple BitSight statistics connections. Each connection selects one or more **data streams** to ingest and assigns a **Connection Name** stored in the `connectionName` column of every ingested record.\n\n> **Authentication**: BitSight uses HTTP Basic Authentication where the API token is used as **both** the username and password." - } - }, - { - "type": "DataConnectorsGrid", - "parameters": { - "mapping": [ - { - "columnName": "Connection Name", - "columnValue": "properties.addOnAttributes.connectionName" - }, - { - "columnName": "Active Streams", - "columnValue": "properties.addOnAttributes.streams" - }, - { - "columnName": "API URL", - "columnValue": "properties.request.apiEndpoint" - } - ], - "menuItems": [ - "DeleteConnector" - ] - } - }, - { - "type": "ContextPane", - "parameters": { - "isPrimary": true, - "label": "Add Connection", - "title": "Add BitSight Statistics Connection", - "subtitle": "Configure a new BitSight statistics connection", - "contextPaneType": "DataConnectorsContextPane", - "instructionSteps": [ - { - "instructions": [ - { - "type": "Markdown", - "parameters": { - "content": "## 1. Select Data Streams\n\nChoose which BitSight statistics data types to collect for this connection. You can select multiple streams." - } - }, - { - "type": "Dropdown", - "parameters": { - "label": "Data Streams", - "name": "streams", - "options": [ - { - "key": "FindingsSummary", - "text": "FindingsSummary" - }, - { - "key": "CompanyDetails", - "text": "CompanyDetails" - }, - { - "key": "CompanyRatingDetails", - "text": "CompanyRatingDetails" - }, - { - "key": "DiligenceHistoricalStatistics", - "text": "DiligenceHistoricalStatistics" - }, - { - "key": "RiskVectorStatistics", - "text": "RiskVectorStatistics" - }, - { - "key": "IndustriesStatistics", - "text": "IndustriesStatistics" - }, - { - "key": "Vulnerabilities", - "text": "Vulnerabilities" - }, - { - "key": "ObservationsStatistics", - "text": "ObservationsStatistics" - } - ], - "isMultiSelect": true, - "defaultAllSelected": false, - "required": true - } - }, - { - "type": "Markdown", - "parameters": { - "content": "## 2. API Configuration" - } - }, - { - "type": "Textbox", - "parameters": { - "label": "BitSight API Base URL", - "placeholder": "https://api.bitsighttech.com", - "type": "text", - "name": "bitSightApiUrl", - "validations": { - "required": true - } - } - }, - { - "type": "Markdown", - "parameters": { - "content": "## 3. Authentication\n\nBitSight uses your API token as **both** the username and password for HTTP Basic Authentication." - } - }, - { - "type": "Textbox", - "parameters": { - "label": "BitSight API Token (Username)", - "placeholder": "Paste your BitSight API Token", - "type": "text", - "name": "username", - "validations": { - "required": true - } - } - }, - { - "type": "Textbox", - "parameters": { - "label": "BitSight API Token (Password)", - "placeholder": "Paste your BitSight API Token again", - "type": "password", - "name": "password", - "validations": { - "required": true - } - } - }, - { - "type": "InfoMessage", - "parameters": { - "text": "Obtain your API Token from **Settings > Account > User Preferences > API Token** in the BitSight portal.", - "visible": true, - "inline": false - } - }, - { - "type": "Markdown", - "parameters": { - "content": "## 4. Connection Name\n\nAssign a unique name to identify this connection in the grid and in every ingested log record." - } - }, - { - "type": "Textbox", - "parameters": { - "label": "Connection Name", - "placeholder": "e.g. BitSight-Statistics-Prod", - "type": "text", - "name": "connectionName", - "validations": { - "required": true - } - } - }, - { - "type": "InfoMessage", - "parameters": { - "text": "The connection name is stored in the `connectionName` column of every ingested record, enabling you to trace data back to this specific connection.", - "visible": true, - "inline": true - } - } - ] - } - ] - } - } - ] - } - ] - } - } - }, - { - "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('DataConnector-', variables('_dataConnectorContentIdConnectorDefinition3')))]", - "apiVersion": "2022-01-01-preview", - "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", - "properties": { - "parentId": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectorDefinitions', variables('_dataConnectorContentIdConnectorDefinition3'))]", - "contentId": "[variables('_dataConnectorContentIdConnectorDefinition3')]", - "kind": "DataConnector", - "version": "[variables('dataConnectorCCPVersion')]", - "source": { - "sourceId": "[variables('_solutionId')]", - "name": "[variables('_solutionName')]", - "kind": "Solution" - }, - "author": { - "name": "Microsoft", - "email": "[variables('_email')]" - }, - "support": { - "name": "BitSight Support", - "email": "support@bitsight.com", - "tier": "Partner", - "link": "https://www.bitsight.com/customer-success-support" - }, - "dependencies": { - "criteria": [ - { - "version": "[variables('dataConnectorCCPVersion')]", - "contentId": "[variables('_dataConnectorContentIdConnections3')]", - "kind": "ResourcesDataConnector" - } - ] - } - } - }, - { - "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates", - "apiVersion": "2023-04-01-preview", - "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/', variables('dataConnectorTemplateNameConnections3'), variables('dataConnectorCCPVersion'))]", - "location": "[parameters('workspace-location')]", - "dependsOn": [ - "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" - ], - "properties": { - "contentId": "[variables('_dataConnectorContentIdConnections3')]", - "displayName": "BitSight Security Statistics (via Codeless Connector Framework)", - "contentKind": "ResourcesDataConnector", - "mainTemplate": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "[variables('dataConnectorCCPVersion')]", - "parameters": { - "guidValue": { - "defaultValue": "[[newGuid()]", - "type": "securestring" - }, - "innerWorkspace": { - "defaultValue": "[parameters('workspace')]", - "type": "securestring" - }, - "connectorDefinitionName": { - "defaultValue": "BitSight Security Statistics (via Codeless Connector Framework)", - "type": "securestring", - "minLength": 1 - }, - "workspace": { - "defaultValue": "[parameters('workspace')]", - "type": "securestring" - }, - "dcrConfig": { - "defaultValue": { - "dataCollectionEndpoint": "data collection Endpoint", - "dataCollectionRuleImmutableId": "data collection rule immutableId" - }, - "type": "object" - }, - "streams": { - "defaultValue": "streams", - "type": "array" - }, - "bitSightApiUrl": { - "defaultValue": "bitSightApiUrl", - "type": "securestring", - "minLength": 1 - }, - "username": { - "defaultValue": "username", - "type": "securestring", - "minLength": 1 - }, - "password": { - "defaultValue": "password", - "type": "securestring", - "minLength": 1 - }, - "connectionName": { - "defaultValue": "connectionName", - "type": "securestring", - "minLength": 1 - } - }, - "variables": { - "_dataConnectorContentIdConnections3": "[variables('_dataConnectorContentIdConnections3')]" - }, - "resources": [ - { - "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('DataConnector-', variables('_dataConnectorContentIdConnections3')))]", - "apiVersion": "2022-01-01-preview", - "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", - "properties": { - "parentId": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectors', variables('_dataConnectorContentIdConnections3'))]", - "contentId": "[variables('_dataConnectorContentIdConnections3')]", - "kind": "ResourcesDataConnector", - "version": "[variables('dataConnectorCCPVersion')]", - "source": { - "sourceId": "[variables('_solutionId')]", - "name": "[variables('_solutionName')]", - "kind": "Solution" - }, - "author": { - "name": "Microsoft", - "email": "[variables('_email')]" - }, - "support": { - "name": "BitSight Support", - "email": "support@bitsight.com", - "tier": "Partner", - "link": "https://www.bitsight.com/customer-success-support" - } - } - }, - { - "name": "[[concat('parameters('workspace')', '/Microsoft.SecurityInsights/','BitSightFindingsSummary' , uniqueString(parameters('connectionName')) )]", - "apiVersion": "2023-02-01-preview", - "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectors", - "location": "[parameters('workspace-location')]", - "kind": "RestApiPoller", - "properties": { - "auth": { - "type": "Basic", - "UserName": "[[parameters('username')]", - "Password": "[[parameters('password')]" - }, - "request": { - "apiEndpoint": "[[concat(parameters('bitSightApiUrl'), '/ratings/v2/portfolio')]", - "httpMethod": "GET", - "rateLimitQPS": 1, - "paginatedCallsPerSecond": 1.0, - "queryWindowInMin": 1440, - "queryWindowDelayInMin": 60, - "retryCount": 3, - "timeoutInSeconds": 30, - "headers": { - "Accept": "application/json", - "X-BITSIGHT-CALLING-PLATFORM-VERSION": "Microsoft-Sentinel", - "X-BITSIGHT-CONNECTOR-NAME-VERSION": "3.0.2" - }, - "queryParameters": { - "fields": "name,guid" - } - }, - "response": { - "eventsJsonPaths": [ - "$.results[*]" - ], - "format": "json" - }, - "paging": { - "pagingType": "Offset", - "offsetParaName": "offset", - "pageSize": 500, - "pageSizeParameterName": "limit" - }, - "stepInfo": { - "stepType": "Nested", - "nextSteps": [ - { - "stepId": "fetch_findings_summary", - "stepPlaceholdersParsingKql": "source | project res = parse_json(data) | project company_guid_PlaceHolder = tostring(res['guid']), company_name_PlaceHolder = tostring(res['name'])" - } - ] - }, - "stepCollectorConfigs": { - "fetch_findings_summary": { - "shouldJoinNestedData": false, - "request": { - "apiEndpoint": "[[concat(parameters('bitSightApiUrl'), '/ratings/v1/companies/$company_guid_PlaceHolder$/findings/summary')]", - "httpMethod": "GET", - "queryWindowInMin": 1440, - "retryCount": 3, - "timeoutInSeconds": 30, - "headers": { - "Accept": "application/json", - "X-BITSIGHT-CALLING-PLATFORM-VERSION": "Microsoft-Sentinel", - "X-BITSIGHT-CONNECTOR-NAME-VERSION": "3.0.2" - } - }, - "response": { - "eventsJsonPaths": [ - "$[*]" - ], - "format": "json" - } - } - }, - "connectorDefinitionName": "BitSightStatisticsConnector", - "dataType": "BitSightFindingsSummary", - "dcrConfig": { - "streamName": "Custom-BitSightFindingsSummary_CL", - "dataCollectionEndpoint": "[[parameters('dcrConfig').dataCollectionEndpoint]", - "dataCollectionRuleImmutableId": "[[parameters('dcrConfig').dataCollectionRuleImmutableId]" - }, - "addOnAttributes": { - "company_guid": "$company_guid_PlaceHolder$", - "company_name": "$company_name_PlaceHolder$", - "connectionName": "[[parameters('connectionName')]", - "streams": "[[string(parameters('streams'))]" - } - }, - "condition": "[[contains(parameters('streams'), 'FindingsSummary')]" - }, - { - "name": "[[concat('parameters('workspace')', '/Microsoft.SecurityInsights/','BitSightCompanyDetails' , uniqueString(parameters('connectionName')) )]", - "apiVersion": "2023-02-01-preview", - "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectors", - "location": "[parameters('workspace-location')]", - "kind": "RestApiPoller", - "properties": { - "auth": { - "type": "Basic", - "UserName": "[[parameters('username')]", - "Password": "[[parameters('password')]" - }, - "request": { - "apiEndpoint": "[[concat(parameters('bitSightApiUrl'), '/ratings/v2/portfolio')]", - "httpMethod": "GET", - "rateLimitQPS": 1, - "paginatedCallsPerSecond": 1.0, - "queryWindowInMin": 1440, - "queryWindowDelayInMin": 60, - "retryCount": 3, - "timeoutInSeconds": 30, - "headers": { - "Accept": "application/json", - "X-BITSIGHT-CALLING-PLATFORM-VERSION": "Microsoft-Sentinel", - "X-BITSIGHT-CONNECTOR-NAME-VERSION": "3.0.2" - }, - "queryParameters": { - "fields": "name,guid" - } - }, - "response": { - "eventsJsonPaths": [ - "$.results[*]" - ], - "format": "json" - }, - "paging": { - "pagingType": "Offset", - "offsetParaName": "offset", - "pageSize": 500, - "pageSizeParameterName": "limit" - }, - "stepInfo": { - "stepType": "Nested", - "nextSteps": [ - { - "stepId": "fetch_company_detail", - "stepPlaceholdersParsingKql": "source | project res = parse_json(data) | project company_guid_PlaceHolder = tostring(res['guid'])" - } - ] - }, - "stepCollectorConfigs": { - "fetch_company_detail": { - "shouldJoinNestedData": false, - "request": { - "apiEndpoint": "[[concat(parameters('bitSightApiUrl'), '/ratings/v1/companies/$company_guid_PlaceHolder$')]", - "httpMethod": "GET", - "queryWindowInMin": 1440, - "retryCount": 3, - "timeoutInSeconds": 30, - "headers": { - "Accept": "application/json", - "X-BITSIGHT-CALLING-PLATFORM-VERSION": "Microsoft-Sentinel", - "X-BITSIGHT-CONNECTOR-NAME-VERSION": "3.0.2" - } - }, - "response": { - "eventsJsonPaths": [ - "$" - ], - "format": "json" - } - } - }, - "connectorDefinitionName": "BitSightStatisticsConnector", - "dataType": "BitSightCompanyDetails", - "dcrConfig": { - "streamName": "Custom-BitSightCompanyDetails_CL", - "dataCollectionEndpoint": "[[parameters('dcrConfig').dataCollectionEndpoint]", - "dataCollectionRuleImmutableId": "[[parameters('dcrConfig').dataCollectionRuleImmutableId]" - }, - "addOnAttributes": { - "connectionName": "[[parameters('connectionName')]", - "streams": "[[string(parameters('streams'))]" - } - }, - "condition": "[[contains(parameters('streams'), 'CompanyDetails')]" - }, - { - "name": "[[concat('parameters('workspace')', '/Microsoft.SecurityInsights/','BitSightCompanyRatingDetails' , uniqueString(parameters('connectionName')) )]", - "apiVersion": "2023-02-01-preview", - "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectors", - "location": "[parameters('workspace-location')]", - "kind": "RestApiPoller", - "properties": { - "auth": { - "type": "Basic", - "UserName": "[[parameters('username')]", - "Password": "[[parameters('password')]" - }, - "request": { - "apiEndpoint": "[[concat(parameters('bitSightApiUrl'), '/ratings/v2/portfolio')]", - "httpMethod": "GET", - "rateLimitQPS": 1, - "paginatedCallsPerSecond": 1.0, - "queryWindowInMin": 1440, - "queryWindowDelayInMin": 60, - "retryCount": 3, - "timeoutInSeconds": 30, - "headers": { - "Accept": "application/json", - "X-BITSIGHT-CALLING-PLATFORM-VERSION": "Microsoft-Sentinel", - "X-BITSIGHT-CONNECTOR-NAME-VERSION": "3.0.2" - }, - "queryParameters": { - "fields": "name,guid" - } - }, - "response": { - "eventsJsonPaths": [ - "$.results[*]" - ], - "format": "json" - }, - "paging": { - "pagingType": "Offset", - "offsetParaName": "offset", - "pageSize": 500, - "pageSizeParameterName": "limit" - }, - "stepInfo": { - "stepType": "Nested", - "nextSteps": [ - { - "stepId": "fetch_rating_details", - "stepPlaceholdersParsingKql": "source | project res = parse_json(data) | project company_guid_PlaceHolder = tostring(res['guid']), company_name_PlaceHolder = tostring(res['name'])" - } - ] - }, - "stepCollectorConfigs": { - "fetch_rating_details": { - "shouldJoinNestedData": false, - "request": { - "apiEndpoint": "[[concat(parameters('bitSightApiUrl'), '/ratings/v1/companies/$company_guid_PlaceHolder$')]", - "httpMethod": "GET", - "queryWindowInMin": 1440, - "retryCount": 3, - "timeoutInSeconds": 30, - "headers": { - "Accept": "application/json", - "X-BITSIGHT-CALLING-PLATFORM-VERSION": "Microsoft-Sentinel", - "X-BITSIGHT-CONNECTOR-NAME-VERSION": "3.0.2" - } - }, - "response": { - "eventsJsonPaths": [ - "$.rating_details.*" - ], - "format": "json" - } - } - }, - "connectorDefinitionName": "BitSightStatisticsConnector", - "dataType": "BitSightCompanyRatingDetails", - "dcrConfig": { - "streamName": "Custom-BitSightCompanyRatingDetails_CL", - "dataCollectionEndpoint": "[[parameters('dcrConfig').dataCollectionEndpoint]", - "dataCollectionRuleImmutableId": "[[parameters('dcrConfig').dataCollectionRuleImmutableId]" - }, - "addOnAttributes": { - "company_guid": "$company_guid_PlaceHolder$", - "company_name": "$company_name_PlaceHolder$", - "connectionName": "[[parameters('connectionName')]", - "streams": "[[string(parameters('streams'))]" - } - }, - "condition": "[[contains(parameters('streams'), 'CompanyRatingDetails')]" - }, - { - "name": "[[concat('parameters('workspace')', '/Microsoft.SecurityInsights/','BitSightDiligenceHistoricalStatistics' , uniqueString(parameters('connectionName')) )]", - "apiVersion": "2023-02-01-preview", - "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectors", - "location": "[parameters('workspace-location')]", - "kind": "RestApiPoller", - "properties": { - "auth": { - "type": "Basic", - "UserName": "[[parameters('username')]", - "Password": "[[parameters('password')]" - }, - "request": { - "apiEndpoint": "[[concat(parameters('bitSightApiUrl'), '/ratings/v2/portfolio')]", - "httpMethod": "GET", - "rateLimitQPS": 1, - "paginatedCallsPerSecond": 1.0, - "queryWindowInMin": 1440, - "queryWindowDelayInMin": 60, - "retryCount": 3, - "timeoutInSeconds": 30, - "headers": { - "Accept": "application/json", - "X-BITSIGHT-CALLING-PLATFORM-VERSION": "Microsoft-Sentinel", - "X-BITSIGHT-CONNECTOR-NAME-VERSION": "3.0.2" - }, - "queryParameters": { - "fields": "name,guid" - } - }, - "response": { - "eventsJsonPaths": [ - "$.results[*]" - ], - "format": "json" - }, - "paging": { - "pagingType": "Offset", - "offsetParaName": "offset", - "pageSize": 500, - "pageSizeParameterName": "limit" - }, - "stepInfo": { - "stepType": "Nested", - "nextSteps": [ - { - "stepId": "fetch_diligence_historical", - "stepPlaceholdersParsingKql": "source | project res = parse_json(data) | project company_guid_PlaceHolder = tostring(res['guid']), company_name_PlaceHolder = tostring(res['name'])" - } - ] - }, - "stepCollectorConfigs": { - "fetch_diligence_historical": { - "shouldJoinNestedData": false, - "request": { - "apiEndpoint": "[[concat(parameters('bitSightApiUrl'), '/ratings/v1/companies/$company_guid_PlaceHolder$/diligence/historical-statistics')]", - "httpMethod": "GET", - "queryWindowInMin": 1440, - "retryCount": 3, - "timeoutInSeconds": 30, - "headers": { - "Accept": "application/json", - "X-BITSIGHT-CALLING-PLATFORM-VERSION": "Microsoft-Sentinel", - "X-BITSIGHT-CONNECTOR-NAME-VERSION": "3.0.2" - } - }, - "response": { - "eventsJsonPaths": [ - "$.results[*]" - ], - "format": "json" - } - } - }, - "connectorDefinitionName": "BitSightStatisticsConnector", - "dataType": "BitSightDiligenceHistoricalStatistics", - "dcrConfig": { - "streamName": "Custom-BitSightDiligenceHistoricalStatistics_CL", - "dataCollectionEndpoint": "[[parameters('dcrConfig').dataCollectionEndpoint]", - "dataCollectionRuleImmutableId": "[[parameters('dcrConfig').dataCollectionRuleImmutableId]" - }, - "addOnAttributes": { - "company_guid": "$company_guid_PlaceHolder$", - "company_name": "$company_name_PlaceHolder$", - "connectionName": "[[parameters('connectionName')]", - "streams": "[[string(parameters('streams'))]" - } - }, - "condition": "[[contains(parameters('streams'), 'DiligenceHistoricalStatistics')]" - }, - { - "name": "[[concat('parameters('workspace')', '/Microsoft.SecurityInsights/','BitSightDiligenceStatistics' , uniqueString(parameters('connectionName')) )]", - "apiVersion": "2023-02-01-preview", - "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectors", - "location": "[parameters('workspace-location')]", - "kind": "RestApiPoller", - "properties": { - "auth": { - "type": "Basic", - "UserName": "[[parameters('username')]", - "Password": "[[parameters('password')]" - }, - "request": { - "apiEndpoint": "[[concat(parameters('bitSightApiUrl'), '/ratings/v2/portfolio')]", - "httpMethod": "GET", - "rateLimitQPS": 1, - "paginatedCallsPerSecond": 1.0, - "queryWindowInMin": 1440, - "queryWindowDelayInMin": 60, - "retryCount": 3, - "timeoutInSeconds": 30, - "headers": { - "Accept": "application/json", - "X-BITSIGHT-CALLING-PLATFORM-VERSION": "Microsoft-Sentinel", - "X-BITSIGHT-CONNECTOR-NAME-VERSION": "3.0.2" - }, - "queryParameters": { - "fields": "name,guid" - } - }, - "response": { - "eventsJsonPaths": [ - "$.results[*]" - ], - "format": "json" - }, - "paging": { - "pagingType": "Offset", - "offsetParaName": "offset", - "pageSize": 500, - "pageSizeParameterName": "limit" - }, - "stepInfo": { - "stepType": "Nested", - "nextSteps": [ - { - "stepId": "fetch_diligence_statistics", - "stepPlaceholdersParsingKql": "source | project res = parse_json(data) | project company_guid_PlaceHolder = tostring(res['guid']), company_name_PlaceHolder = tostring(res['name'])" - } - ] - }, - "stepCollectorConfigs": { - "fetch_diligence_statistics": { - "shouldJoinNestedData": false, - "request": { - "apiEndpoint": "[[concat(parameters('bitSightApiUrl'), '/ratings/v1/companies/$company_guid_PlaceHolder$/diligence/statistics')]", - "httpMethod": "GET", - "queryWindowInMin": 1440, - "retryCount": 3, - "timeoutInSeconds": 30, - "headers": { - "Accept": "application/json", - "X-BITSIGHT-CALLING-PLATFORM-VERSION": "Microsoft-Sentinel", - "X-BITSIGHT-CONNECTOR-NAME-VERSION": "3.0.2" - } - }, - "response": { - "eventsJsonPaths": [ - "$.risk_vectors.*" - ], - "format": "json" - } - } - }, - "connectorDefinitionName": "BitSightStatisticsConnector", - "dataType": "BitSightDiligenceStatistics", - "dcrConfig": { - "streamName": "Custom-BitSightDiligenceStatistics_CL", - "dataCollectionEndpoint": "[[parameters('dcrConfig').dataCollectionEndpoint]", - "dataCollectionRuleImmutableId": "[[parameters('dcrConfig').dataCollectionRuleImmutableId]" - }, - "addOnAttributes": { - "company_guid": "$company_guid_PlaceHolder$", - "company_name": "$company_name_PlaceHolder$", - "connectionName": "[[parameters('connectionName')]", - "streams": "[[string(parameters('streams'))]" - } - }, - "condition": "[[contains(parameters('streams'), 'RiskVectorStatistics')]" - }, - { - "name": "[[concat('parameters('workspace')', '/Microsoft.SecurityInsights/','BitSightObservationStatistics' , uniqueString(parameters('connectionName')), uniqueString('Obs') )]", - "apiVersion": "2023-02-01-preview", - "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectors", - "location": "[parameters('workspace-location')]", - "kind": "RestApiPoller", - "properties": { - "auth": { - "type": "Basic", - "UserName": "[[parameters('username')]", - "Password": "[[parameters('password')]" - }, - "request": { - "apiEndpoint": "[[concat(parameters('bitSightApiUrl'), '/ratings/v2/portfolio')]", - "httpMethod": "GET", - "rateLimitQPS": 1, - "paginatedCallsPerSecond": 1.0, - "queryWindowInMin": 1440, - "queryWindowDelayInMin": 60, - "retryCount": 3, - "timeoutInSeconds": 30, - "headers": { - "Accept": "application/json", - "X-BITSIGHT-CALLING-PLATFORM-VERSION": "Microsoft-Sentinel", - "X-BITSIGHT-CONNECTOR-NAME-VERSION": "3.0.2" - }, - "queryParameters": { - "fields": "name,guid" - } - }, - "response": { - "eventsJsonPaths": [ - "$.results[*]" - ], - "format": "json" - }, - "paging": { - "pagingType": "Offset", - "offsetParaName": "offset", - "pageSize": 500, - "pageSizeParameterName": "limit" - }, - "stepInfo": { - "stepType": "Nested", - "nextSteps": [ - { - "stepId": "fetch_observations_statistics", - "stepPlaceholdersParsingKql": "source | project res = parse_json(data) | project company_guid_PlaceHolder = tostring(res['guid']), company_name_PlaceHolder = tostring(res['name'])" - } - ] - }, - "stepCollectorConfigs": { - "fetch_observations_statistics": { - "shouldJoinNestedData": false, - "request": { - "apiEndpoint": "[[concat(parameters('bitSightApiUrl'), '/ratings/v1/companies/$company_guid_PlaceHolder$/observations/statistics')]", - "httpMethod": "GET", - "queryWindowInMin": 1440, - "retryCount": 3, - "timeoutInSeconds": 30, - "headers": { - "Accept": "application/json", - "X-BITSIGHT-CALLING-PLATFORM-VERSION": "Microsoft-Sentinel", - "X-BITSIGHT-CONNECTOR-NAME-VERSION": "3.0.2" - } - }, - "response": { - "eventsJsonPaths": [ - "$.risk_vectors.*" - ], - "format": "json" - } - } - }, - "connectorDefinitionName": "BitSightStatisticsConnector", - "dataType": "BitSightObservationStatistics", - "dcrConfig": { - "streamName": "Custom-BitSightObservationStatistics_CL", - "dataCollectionEndpoint": "[[parameters('dcrConfig').dataCollectionEndpoint]", - "dataCollectionRuleImmutableId": "[[parameters('dcrConfig').dataCollectionRuleImmutableId]" - }, - "addOnAttributes": { - "company_guid": "$company_guid_PlaceHolder$", - "company_name": "$company_name_PlaceHolder$", - "connectionName": "[[parameters('connectionName')]", - "streams": "[[string(parameters('streams'))]" - } - }, - "condition": "[[contains(parameters('streams'), 'ObservationsStatistics')]" - }, - { - "name": "[[concat('parameters('workspace')', '/Microsoft.SecurityInsights/','BitsightIndustrialStatistics' , uniqueString(parameters('connectionName')) )]", - "apiVersion": "2023-02-01-preview", - "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectors", - "location": "[parameters('workspace-location')]", - "kind": "RestApiPoller", - "properties": { - "auth": { - "type": "Basic", - "UserName": "[[parameters('username')]", - "Password": "[[parameters('password')]" - }, - "request": { - "apiEndpoint": "[[concat(parameters('bitSightApiUrl'), '/ratings/v2/portfolio')]", - "httpMethod": "GET", - "rateLimitQPS": 1, - "paginatedCallsPerSecond": 1.0, - "queryWindowInMin": 1440, - "queryWindowDelayInMin": 60, - "retryCount": 3, - "timeoutInSeconds": 30, - "headers": { - "Accept": "application/json", - "X-BITSIGHT-CALLING-PLATFORM-VERSION": "Microsoft-Sentinel", - "X-BITSIGHT-CONNECTOR-NAME-VERSION": "3.0.2" - }, - "queryParameters": { - "fields": "name,guid" - } - }, - "response": { - "eventsJsonPaths": [ - "$.results[*]" - ], - "format": "json" - }, - "paging": { - "pagingType": "Offset", - "offsetParaName": "offset", - "pageSize": 500, - "pageSizeParameterName": "limit" - }, - "stepInfo": { - "stepType": "Nested", - "nextSteps": [ - { - "stepId": "fetch_industries_statistics", - "stepPlaceholdersParsingKql": "source | project res = parse_json(data) | project company_guid_PlaceHolder = tostring(res['guid']), company_name_PlaceHolder = tostring(res['name'])" - } - ] - }, - "stepCollectorConfigs": { - "fetch_industries_statistics": { - "shouldJoinNestedData": false, - "request": { - "apiEndpoint": "[[concat(parameters('bitSightApiUrl'), '/ratings/v1/companies/$company_guid_PlaceHolder$/industries/statistics')]", - "httpMethod": "GET", - "queryWindowInMin": 1440, - "retryCount": 3, - "timeoutInSeconds": 30, - "headers": { - "Accept": "application/json", - "X-BITSIGHT-CALLING-PLATFORM-VERSION": "Microsoft-Sentinel", - "X-BITSIGHT-CONNECTOR-NAME-VERSION": "3.0.2" - } - }, - "response": { - "eventsJsonPaths": [ - "$.risk_vectors.*" - ], - "format": "json" - } - } - }, - "connectorDefinitionName": "BitSightStatisticsConnector", - "dataType": "BitsightIndustrialStatistics", - "dcrConfig": { - "streamName": "Custom-BitsightIndustrialStatistics_CL", - "dataCollectionEndpoint": "[[parameters('dcrConfig').dataCollectionEndpoint]", - "dataCollectionRuleImmutableId": "[[parameters('dcrConfig').dataCollectionRuleImmutableId]" - }, - "addOnAttributes": { - "company_guid": "$company_guid_PlaceHolder$", - "company_name": "$company_name_PlaceHolder$", - "connectionName": "[[parameters('connectionName')]", - "streams": "[[string(parameters('streams'))]" - } - }, - "condition": "[[contains(parameters('streams'), 'IndustriesStatistics')]" - }, - { - "name": "[[concat('parameters('workspace')', '/Microsoft.SecurityInsights/','BitsightVulnerabilitiesFindingsSummary' , uniqueString(parameters('connectionName')) )]", - "apiVersion": "2023-02-01-preview", - "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectors", - "location": "[parameters('workspace-location')]", - "kind": "RestApiPoller", - "properties": { - "auth": { - "type": "Basic", - "UserName": "[[parameters('username')]", - "Password": "[[parameters('password')]" - }, - "request": { - "apiEndpoint": "https://service.bitsighttech.com/customer-api/v1/defaults/vulnerabilities", - "httpMethod": "GET", - "rateLimitQPS": 1, - "paginatedCallsPerSecond": 1.0, - "queryWindowInMin": 1440, - "queryWindowDelayInMin": 60, - "retryCount": 3, - "timeoutInSeconds": 30, - "headers": { - "Accept": "application/json" - }, - "queryParameters": { - "fields": "name,display_name,description,severity" - } - }, - "response": { - "eventsJsonPaths": [ - "$[*]" - ], - "format": "json" - }, - "paging": { - "pagingType": "Offset", - "offsetParaName": "offset", - "pageSize": 500, - "pageSizeParameterName": "limit" - }, - "connectorDefinitionName": "BitSightStatisticsConnector", - "dataType": "BitsightVulnerabilitiesFindingsSummary", - "dcrConfig": { - "streamName": "Custom-BitsightVulnerabilitiesFindingsSummary_CL", - "dataCollectionEndpoint": "[[parameters('dcrConfig').dataCollectionEndpoint]", - "dataCollectionRuleImmutableId": "[[parameters('dcrConfig').dataCollectionRuleImmutableId]" - }, - "addOnAttributes": { - "connectionName": "[[parameters('connectionName')]", - "streams": "[[string(parameters('streams'))]" - } - }, - "condition": "[[contains(parameters('streams'), 'Vulnerabilities')]" - } - ] - }, - "packageKind": "Solution", - "packageVersion": "[variables('_solutionVersion')]", - "packageName": "[variables('_solutionName')]", - "contentProductId": "[concat(take(variables('_solutionId'), 50),'-','rdc','-', uniqueString(concat(variables('_solutionId'),'-','ResourcesDataConnector','-',variables('_dataConnectorContentIdConnections3'),'-', variables('dataConnectorCCPVersion'))))]", - "packageId": "[variables('_solutionId')]", - "contentSchemaVersion": "3.0.0", - "version": "[variables('dataConnectorCCPVersion')]" - } - }, - { - "type": "Microsoft.OperationalInsights/workspaces/providers/contentPackages", - "apiVersion": "2023-04-01-preview", - "location": "[parameters('workspace-location')]", - "properties": { - "version": "3.2.0", - "kind": "Solution", - "contentSchemaVersion": "3.0.0", - "displayName": "BitSight", - "publisherDisplayName": "BitSight Support", - "descriptionHtml": "

Note: Please refer to the following before installing the solution:

\n

• Review the solution Release Notes

\n

• There may be known issues pertaining to this Solution, please refer to them before installing.

\n

The BitSight solution enables security operations teams to integrate insights from BitSight's Security Ratings platform into Microsoft Sentinel via the Codeless Connector Framework (CCF). The connector ingests Security Ratings, Company Profiles, Risk Vector breakdowns, Diligence Historical Statistics, Findings Summaries, Industry peer comparisons, and Vulnerability reference data for companies in your BitSight portfolio.

\n

Underlying Microsoft Technologies used:

\n

This solution takes a dependency on the following technologies, and some of these dependencies either may be in Preview state or might result in additional ingestion or operational costs:

\n
    \n
  1. Codeless Connector Framework (CCF)
    2. \n
\n

Data Connectors: 3, Parsers: 13, Workbooks: 1, Analytic Rules: 6

\n

Learn more about Microsoft Sentinel | Learn more about Solutions

\n", - "contentKind": "Solution", - "contentProductId": "[variables('_solutioncontentProductId')]", - "id": "[variables('_solutioncontentProductId')]", - "icon": "", - "contentId": "[variables('_solutionId')]", - "parentId": "[variables('_solutionId')]", - "source": { - "kind": "Solution", - "name": "BitSight", - "sourceId": "[variables('_solutionId')]" - }, - "author": { - "name": "Microsoft", - "email": "[variables('_email')]" - }, - "support": { - "name": "BitSight Support", - "email": "support@bitsight.com", - "tier": "Partner", - "link": "https://www.bitsight.com/customer-success-support" - }, - "dependencies": { - "operator": "AND", - "criteria": [ - { - "kind": "Workbook", - "contentId": "[variables('_workbookContentId1')]", - "version": "[variables('workbookVersion1')]" - }, - { - "kind": "AnalyticsRule", - "contentId": "[variables('analyticRuleObject1')._analyticRulecontentId1]", - "version": "[variables('analyticRuleObject1').analyticRuleVersion1]" - }, - { - "kind": "AnalyticsRule", - "contentId": "[variables('analyticRuleObject2')._analyticRulecontentId2]", - "version": "[variables('analyticRuleObject2').analyticRuleVersion2]" - }, - { - "kind": "AnalyticsRule", - "contentId": "[variables('analyticRuleObject3')._analyticRulecontentId3]", - "version": "[variables('analyticRuleObject3').analyticRuleVersion3]" - }, - { - "kind": "AnalyticsRule", - "contentId": "[variables('analyticRuleObject4')._analyticRulecontentId4]", - "version": "[variables('analyticRuleObject4').analyticRuleVersion4]" - }, - { - "kind": "AnalyticsRule", - "contentId": "[variables('analyticRuleObject5')._analyticRulecontentId5]", - "version": "[variables('analyticRuleObject5').analyticRuleVersion5]" - }, - { - "kind": "AnalyticsRule", - "contentId": "[variables('analyticRuleObject6')._analyticRulecontentId6]", - "version": "[variables('analyticRuleObject6').analyticRuleVersion6]" - }, - { - "kind": "Parser", - "contentId": "[variables('parserObject1').parserContentId1]", - "version": "[variables('parserObject1').parserVersion1]" - }, - { - "kind": "Parser", - "contentId": "[variables('parserObject2').parserContentId2]", - "version": "[variables('parserObject2').parserVersion2]" - }, - { - "kind": "Parser", - "contentId": "[variables('parserObject3').parserContentId3]", - "version": "[variables('parserObject3').parserVersion3]" - }, - { - "kind": "Parser", - "contentId": "[variables('parserObject4').parserContentId4]", - "version": "[variables('parserObject4').parserVersion4]" - }, - { - "kind": "Parser", - "contentId": "[variables('parserObject5').parserContentId5]", - "version": "[variables('parserObject5').parserVersion5]" - }, - { - "kind": "Parser", - "contentId": "[variables('parserObject6').parserContentId6]", - "version": "[variables('parserObject6').parserVersion6]" - }, - { - "kind": "Parser", - "contentId": "[variables('parserObject7').parserContentId7]", - "version": "[variables('parserObject7').parserVersion7]" - }, - { - "kind": "Parser", - "contentId": "[variables('parserObject8').parserContentId8]", - "version": "[variables('parserObject8').parserVersion8]" - }, - { - "kind": "Parser", - "contentId": "[variables('parserObject9').parserContentId9]", - "version": "[variables('parserObject9').parserVersion9]" - }, - { - "kind": "Parser", - "contentId": "[variables('parserObject10').parserContentId10]", - "version": "[variables('parserObject10').parserVersion10]" - }, - { - "kind": "Parser", - "contentId": "[variables('parserObject11').parserContentId11]", - "version": "[variables('parserObject11').parserVersion11]" - }, - { - "kind": "Parser", - "contentId": "[variables('parserObject12').parserContentId12]", - "version": "[variables('parserObject12').parserVersion12]" - }, - { - "kind": "Parser", - "contentId": "[variables('parserObject13').parserContentId13]", - "version": "[variables('parserObject13').parserVersion13]" - }, - { - "kind": "DataConnector", - "contentId": "[variables('_dataConnectorContentId1')]", - "version": "[variables('dataConnectorVersion1')]" - }, - { - "kind": "DataConnector", - "contentId": "[variables('_dataConnectorContentIdConnections2')]", - "version": "[variables('dataConnectorCCPVersion')]" - }, - { - "kind": "DataConnector", - "contentId": "[variables('_dataConnectorContentIdConnections3')]", - "version": "[variables('dataConnectorCCPVersion')]" - } - ] - }, - "firstPublishDate": "2023-02-20", - "lastPublishDate": "2024-02-20", - "providers": [ - "Bitsight" - ], - "categories": { - "domains": [ - "Security - Others" - ] - } - }, - "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/', variables('_solutionId'))]" - } - ], - "outputs": {} -} +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "author": "Microsoft - support@microsoft.com", + "comments": "Solution template for BitSight" + }, + "parameters": { + "location": { + "type": "string", + "minLength": 1, + "defaultValue": "[resourceGroup().location]", + "metadata": { + "description": "Not used, but needed to pass arm-ttk test `Location-Should-Not-Be-Hardcoded`. We instead use the `workspace-location` which is derived from the LA workspace" + } + }, + "workspace-location": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "[concat('Region to deploy solution resources -- separate from location selection',parameters('location'))]" + } + }, + "workspace": { + "defaultValue": "", + "type": "string", + "metadata": { + "description": "Workspace name for Log Analytics where Microsoft Sentinel is setup" + } + }, + "workbook1-name": { + "type": "string", + "defaultValue": "BitSight", + "minLength": 1, + "metadata": { + "description": "Name for the workbook" + } + }, + "resourceGroupName": { + "type": "string", + "defaultValue": "[resourceGroup().name]", + "metadata": { + "description": "resource group name where Microsoft Sentinel is setup" + } + }, + "subscription": { + "type": "string", + "defaultValue": "[last(split(subscription().id, '/'))]", + "metadata": { + "description": "subscription id where Microsoft Sentinel is setup" + } + } + }, + "variables": { + "email": "support@microsoft.com", + "_email": "[variables('email')]", + "_solutionName": "BitSight", + "_solutionVersion": "3.2.0", + "solutionId": "bitsight_technologies_inc.bitsight_sentinel", + "_solutionId": "[variables('solutionId')]", + "workbookVersion1": "1.0.0", + "workbookContentId1": "BitSightWorkbook", + "workbookId1": "[resourceId('Microsoft.Insights/workbooks', variables('workbookContentId1'))]", + "workbookTemplateSpecName1": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-wb-',uniquestring(variables('_workbookContentId1'))))]", + "_workbookContentId1": "[variables('workbookContentId1')]", + "workspaceResourceId": "[resourceId('microsoft.OperationalInsights/Workspaces', parameters('workspace'))]", + "_workbookcontentProductId1": "[concat(take(variables('_solutionId'),50),'-','wb','-', uniqueString(concat(variables('_solutionId'),'-','Workbook','-',variables('_workbookContentId1'),'-', variables('workbookVersion1'))))]", + "analyticRuleObject1": { + "analyticRuleVersion1": "1.0.2", + "_analyticRulecontentId1": "d8844f11-3a36-4b97-9062-1e6d57c00e37", + "analyticRuleId1": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', 'd8844f11-3a36-4b97-9062-1e6d57c00e37')]", + "analyticRuleTemplateSpecName1": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('d8844f11-3a36-4b97-9062-1e6d57c00e37')))]", + "_analyticRulecontentProductId1": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','d8844f11-3a36-4b97-9062-1e6d57c00e37','-', '1.0.2')))]" + }, + "analyticRuleObject2": { + "analyticRuleVersion2": "1.0.1", + "_analyticRulecontentId2": "a1275c5e-0ff4-4d15-a7b7-96018cd979f5", + "analyticRuleId2": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', 'a1275c5e-0ff4-4d15-a7b7-96018cd979f5')]", + "analyticRuleTemplateSpecName2": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('a1275c5e-0ff4-4d15-a7b7-96018cd979f5')))]", + "_analyticRulecontentProductId2": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','a1275c5e-0ff4-4d15-a7b7-96018cd979f5','-', '1.0.1')))]" + }, + "analyticRuleObject3": { + "analyticRuleVersion3": "1.0.2", + "_analyticRulecontentId3": "d68b758a-b117-4cb8-8e1d-dcab5a4a2f21", + "analyticRuleId3": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', 'd68b758a-b117-4cb8-8e1d-dcab5a4a2f21')]", + "analyticRuleTemplateSpecName3": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('d68b758a-b117-4cb8-8e1d-dcab5a4a2f21')))]", + "_analyticRulecontentProductId3": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','d68b758a-b117-4cb8-8e1d-dcab5a4a2f21','-', '1.0.2')))]" + }, + "analyticRuleObject4": { + "analyticRuleVersion4": "1.0.2", + "_analyticRulecontentId4": "161ed3ac-b242-4b13-8c6b-58716e5e9972", + "analyticRuleId4": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', '161ed3ac-b242-4b13-8c6b-58716e5e9972')]", + "analyticRuleTemplateSpecName4": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('161ed3ac-b242-4b13-8c6b-58716e5e9972')))]", + "_analyticRulecontentProductId4": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','161ed3ac-b242-4b13-8c6b-58716e5e9972','-', '1.0.2')))]" + }, + "analyticRuleObject5": { + "analyticRuleVersion5": "1.0.2", + "_analyticRulecontentId5": "b11fdc35-6368-4cc0-8128-52cd2e2cdda0", + "analyticRuleId5": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', 'b11fdc35-6368-4cc0-8128-52cd2e2cdda0')]", + "analyticRuleTemplateSpecName5": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('b11fdc35-6368-4cc0-8128-52cd2e2cdda0')))]", + "_analyticRulecontentProductId5": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','b11fdc35-6368-4cc0-8128-52cd2e2cdda0','-', '1.0.2')))]" + }, + "analyticRuleObject6": { + "analyticRuleVersion6": "1.0.1", + "_analyticRulecontentId6": "a5526ba9-5997-47c6-bf2e-60a08b681e9b", + "analyticRuleId6": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', 'a5526ba9-5997-47c6-bf2e-60a08b681e9b')]", + "analyticRuleTemplateSpecName6": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('a5526ba9-5997-47c6-bf2e-60a08b681e9b')))]", + "_analyticRulecontentProductId6": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','a5526ba9-5997-47c6-bf2e-60a08b681e9b','-', '1.0.1')))]" + }, + "parserObject1": { + "_parserName1": "[concat(parameters('workspace'),'/','BitSightAlerts')]", + "_parserId1": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'BitSightAlerts')]", + "parserTemplateSpecName1": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pr-',uniquestring('BitSightAlerts-Parser')))]", + "parserVersion1": "1.1.0", + "parserContentId1": "BitSightAlerts-Parser" + }, + "parserObject2": { + "_parserName2": "[concat(parameters('workspace'),'/','BitSightBreaches')]", + "_parserId2": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'BitSightBreaches')]", + "parserTemplateSpecName2": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pr-',uniquestring('BitSightBreaches-Parser')))]", + "parserVersion2": "1.1.0", + "parserContentId2": "BitSightBreaches-Parser" + }, + "parserObject3": { + "_parserName3": "[concat(parameters('workspace'),'/','BitSightCompanyDetails')]", + "_parserId3": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'BitSightCompanyDetails')]", + "parserTemplateSpecName3": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pr-',uniquestring('BitSightCompanyDetails-Parser')))]", + "parserVersion3": "1.1.0", + "parserContentId3": "BitSightCompanyDetails-Parser" + }, + "parserObject4": { + "_parserName4": "[concat(parameters('workspace'),'/','BitSightCompanyRatingDetails')]", + "_parserId4": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'BitSightCompanyRatingDetails')]", + "parserTemplateSpecName4": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pr-',uniquestring('BitSightCompanyRatingDetails-Parser')))]", + "parserVersion4": "1.0.0", + "parserContentId4": "BitSightCompanyRatingDetails-Parser" + }, + "parserObject5": { + "_parserName5": "[concat(parameters('workspace'),'/','BitSightCompanyRatings')]", + "_parserId5": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'BitSightCompanyRatings')]", + "parserTemplateSpecName5": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pr-',uniquestring('BitSightCompanyRatings-Parser')))]", + "parserVersion5": "1.1.0", + "parserContentId5": "BitSightCompanyRatings-Parser" + }, + "parserObject6": { + "_parserName6": "[concat(parameters('workspace'),'/','BitSightDiligenceHistoricalStatistics')]", + "_parserId6": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'BitSightDiligenceHistoricalStatistics')]", + "parserTemplateSpecName6": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pr-',uniquestring('BitSightDiligenceHistoricalStatistics-Parser')))]", + "parserVersion6": "1.1.0", + "parserContentId6": "BitSightDiligenceHistoricalStatistics-Parser" + }, + "parserObject7": { + "_parserName7": "[concat(parameters('workspace'),'/','BitSightDiligenceStatistics')]", + "_parserId7": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'BitSightDiligenceStatistics')]", + "parserTemplateSpecName7": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pr-',uniquestring('BitSightDiligenceStatistics-Parser')))]", + "parserVersion7": "1.1.0", + "parserContentId7": "BitSightDiligenceStatistics-Parser" + }, + "parserObject8": { + "_parserName8": "[concat(parameters('workspace'),'/','BitSightFindingsData')]", + "_parserId8": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'BitSightFindingsData')]", + "parserTemplateSpecName8": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pr-',uniquestring('BitSightFindingsData-Parser')))]", + "parserVersion8": "1.1.0", + "parserContentId8": "BitSightFindingsData-Parser" + }, + "parserObject9": { + "_parserName9": "[concat(parameters('workspace'),'/','BitSightFindingsSummary')]", + "_parserId9": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'BitSightFindingsSummary')]", + "parserTemplateSpecName9": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pr-',uniquestring('BitSightFindingsSummary-Parser')))]", + "parserVersion9": "1.1.0", + "parserContentId9": "BitSightFindingsSummary-Parser" + }, + "parserObject10": { + "_parserName10": "[concat(parameters('workspace'),'/','BitSightGraphData')]", + "_parserId10": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'BitSightGraphData')]", + "parserTemplateSpecName10": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pr-',uniquestring('BitSightGraphData-Parser')))]", + "parserVersion10": "1.1.0", + "parserContentId10": "BitSightGraphData-Parser" + }, + "parserObject11": { + "_parserName11": "[concat(parameters('workspace'),'/','BitSightIndustrialStatistics')]", + "_parserId11": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'BitSightIndustrialStatistics')]", + "parserTemplateSpecName11": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pr-',uniquestring('BitSightIndustrialStatistics-Parser')))]", + "parserVersion11": "1.1.0", + "parserContentId11": "BitSightIndustrialStatistics-Parser" + }, + "parserObject12": { + "_parserName12": "[concat(parameters('workspace'),'/','BitSightObservationStatistics')]", + "_parserId12": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'BitSightObservationStatistics')]", + "parserTemplateSpecName12": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pr-',uniquestring('BitSightObservationStatistics-Parser')))]", + "parserVersion12": "1.1.0", + "parserContentId12": "BitSightObservationStatistics-Parser" + }, + "parserObject13": { + "_parserName13": "[concat(parameters('workspace'),'/','BitSightVulnerabilitiesFindingsSummary')]", + "_parserId13": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'BitSightVulnerabilitiesFindingsSummary')]", + "parserTemplateSpecName13": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pr-',uniquestring('BitSightVulnerabilitiesFindingsSummary-Parser')))]", + "parserVersion13": "1.0.0", + "parserContentId13": "BitSightVulnerabilitiesFindingsSummary-Parser" + }, + "uiConfigId1": "BitSight", + "_uiConfigId1": "[variables('uiConfigId1')]", + "dataConnectorContentId1": "BitSight", + "_dataConnectorContentId1": "[variables('dataConnectorContentId1')]", + "dataConnectorId1": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectors', variables('_dataConnectorContentId1'))]", + "_dataConnectorId1": "[variables('dataConnectorId1')]", + "dataConnectorTemplateSpecName1": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-dc-',uniquestring(variables('_dataConnectorContentId1'))))]", + "dataConnectorVersion1": "1.0.0", + "_dataConnectorcontentProductId1": "[concat(take(variables('_solutionId'),50),'-','dc','-', uniqueString(concat(variables('_solutionId'),'-','DataConnector','-',variables('_dataConnectorContentId1'),'-', variables('dataConnectorVersion1'))))]", + "dataConnectorCCPVersion": "3.2.0", + "_dataConnectorContentIdConnectorDefinition2": "BitSightEventsConnector", + "dataConnectorTemplateNameConnectorDefinition2": "[concat(parameters('workspace'),'-dc-',uniquestring(variables('_dataConnectorContentIdConnectorDefinition2')))]", + "_dataConnectorContentIdConnections2": "BitSightEventsConnectorConnections", + "dataConnectorTemplateNameConnections2": "[concat(parameters('workspace'),'-dc-',uniquestring(variables('_dataConnectorContentIdConnections2')))]", + "dataCollectionEndpointId2": "[concat('/subscriptions/',parameters('subscription'),'/resourceGroups/',parameters('resourceGroupName'),'/providers/Microsoft.Insights/dataCollectionEndpoints/',parameters('workspace'))]", + "blanks": "[replace('b', 'b', '')]", + "_dataConnectorContentIdConnectorDefinition3": "BitSightStatisticsConnector", + "dataConnectorTemplateNameConnectorDefinition3": "[concat(parameters('workspace'),'-dc-',uniquestring(variables('_dataConnectorContentIdConnectorDefinition3')))]", + "_dataConnectorContentIdConnections3": "BitSightStatisticsConnectorConnections", + "dataConnectorTemplateNameConnections3": "[concat(parameters('workspace'),'-dc-',uniquestring(variables('_dataConnectorContentIdConnections3')))]", + "dataCollectionEndpointId3": "[concat('/subscriptions/',parameters('subscription'),'/resourceGroups/',parameters('resourceGroupName'),'/providers/Microsoft.Insights/dataCollectionEndpoints/',parameters('workspace'))]", + "_solutioncontentProductId": "[concat(take(variables('_solutionId'),50),'-','sl','-', uniqueString(concat(variables('_solutionId'),'-','Solution','-',variables('_solutionId'),'-', variables('_solutionVersion'))))]" + }, + "resources": [ + { + "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates", + "apiVersion": "2023-04-01-preview", + "name": "[variables('workbookTemplateSpecName1')]", + "location": "[parameters('workspace-location')]", + "dependsOn": [ + "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" + ], + "properties": { + "description": "BitSightWorkbook Workbook with template version 3.2.0", + "mainTemplate": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "[variables('workbookVersion1')]", + "parameters": {}, + "variables": {}, + "resources": [ + { + "type": "Microsoft.Insights/workbooks", + "name": "[variables('workbookContentId1')]", + "location": "[parameters('workspace-location')]", + "kind": "shared", + "apiVersion": "2021-08-01", + "metadata": { + "description": "Gain insights into BitSight data." + }, + "properties": { + "displayName": "[parameters('workbook1-name')]", + "serializedData": "{\"version\":\"Notebook/1.0\",\"items\":[{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":1,\"content\":{\"json\":\"# My Company\"},\"name\":\"text - 2\"},{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"parameters\":[{\"id\":\"df9ebd46-967c-445f-9328-d3538237ba3b\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"company\",\"label\":\"Company Name\",\"type\":2,\"isRequired\":true,\"query\":\"BitSightCompanyDetails\\r\\n| distinct Name\",\"typeSettings\":{\"showDefault\":false},\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"value\":\"Kati Communications, Inc.\"}],\"style\":\"pills\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"0\",\"name\":\"parameters - 1\"},{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"parameters\":[{\"id\":\"ae71f2b2-2245-4937-827e-20960f9ae3b8\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"Timer\",\"label\":\"Time Range\",\"type\":4,\"isRequired\":true,\"typeSettings\":{\"selectableValues\":[{\"durationMs\":300000},{\"durationMs\":900000},{\"durationMs\":1800000},{\"durationMs\":3600000},{\"durationMs\":14400000},{\"durationMs\":43200000},{\"durationMs\":86400000},{\"durationMs\":172800000},{\"durationMs\":259200000},{\"durationMs\":604800000},{\"durationMs\":1209600000},{\"durationMs\":2419200000},{\"durationMs\":2592000000},{\"durationMs\":5184000000},{\"durationMs\":7776000000}],\"allowCustom\":true},\"timeContext\":{\"durationMs\":86400000},\"value\":{\"durationMs\":604800000}}],\"style\":\"pills\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"0\",\"name\":\"parameters - 0\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let latest_Rating = toscalar(BitSightGraphData\\r\\n| where todatetime(RatingDate) {Timer} and CompanyName == '{company}'\\r\\n| distinct CompanyName, RatingDate, Rating\\r\\n| summarize High = max(Rating), Low = min(Rating), any(RatingDate, Rating)\\r\\n| order by any_RatingDate desc\\r\\n| project strcat_delim(\\\"-\\\",any_Rating, High, Low)\\r\\n| limit 1);\\r\\nBitSightCompanyDetails\\r\\n| where Name == '{company}'\\r\\n| sort by TimeGenerated\\r\\n| extend LatestRating = toint(todecimal(split(latest_Rating, \\\"-\\\")[0])), High = toint(todecimal(split(latest_Rating, \\\"-\\\")[1])), Low = toint(todecimal(split(latest_Rating, \\\"-\\\")[2]))\\r\\n| project-rename Name = Name, Subscription = SubscriptionType , Industry = Industry, [\\\"Customer Monitoring Count\\\"] = CustomerMonitoringCount, [\\\"Latest Rating\\\"] = LatestRating\\r\\n| project Name, [\\\"Latest Rating\\\"], High, Low, Industry, [\\\"Customer Monitoring Count\\\"]\\r\\n| limit 1\",\"size\":4,\"timeContext\":{\"durationMs\":2592000000},\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"name\":\"query - 3\",\"styleSettings\":{\"margin\":\"0px\",\"padding\":\"0px\"}},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"BitSightGraphData\\r\\n| where todatetime(RatingDate) {Timer} and CompanyName == '{company}'\\r\\n| distinct CompanyName, RatingDate, Rating\\r\\n| project CompanyName, RatingDate, Rating\\r\\n| order by RatingDate asc\",\"size\":0,\"aggregation\":4,\"title\":\"Security Ratings Over Time\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"linechart\",\"chartSettings\":{\"xAxis\":\"RatingDate\",\"createOtherGroup\":0,\"showDataPoints\":true,\"ySettings\":{\"min\":300,\"max\":850}}},\"name\":\"query - 4\",\"styleSettings\":{\"showBorder\":true}},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"BitSightFindingsData\\r\\n| where todatetime(LastSeen) {Timer} and CompanyName == '{company}'\\r\\n| summarize count() by RiskVectorLabel\\r\\n| order by count_ desc\",\"size\":0,\"title\":\"Count of Observations by Risk Vector\",\"exportFieldName\":\"x\",\"exportParameterName\":\"SelectedRiskVectorLabel\",\"exportDefaultValue\":\"none\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"categoricalbar\",\"chartSettings\":{\"xAxis\":\"RiskVectorLabel\",\"createOtherGroup\":0,\"showLegend\":true}},\"name\":\"query - 5\",\"styleSettings\":{\"showBorder\":true}},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"BitSightFindingsData\\r\\n| where todatetime(LastSeen) {Timer} and CompanyName == '{company}'\\r\\n| where RiskVectorLabel == '{SelectedRiskVectorLabel}'\\r\\n| project-away EventVendor, EventProduct\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"gridSettings\":{\"rowLimit\":10000,\"sortBy\":[{\"itemKey\":\"RemediationHistoryLastRefreshStatusDate\",\"sortOrder\":2}]},\"sortBy\":[{\"itemKey\":\"RemediationHistoryLastRefreshStatusDate\",\"sortOrder\":2}]},\"conditionalVisibility\":{\"parameterName\":\"SelectedRiskVectorLabel\",\"comparison\":\"isNotEqualTo\",\"value\":\"none\"},\"name\":\"query - 16\",\"styleSettings\":{\"showBorder\":true}},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"BitSightFindingsData\\r\\n| where todatetime(LastSeen) {Timer} and CompanyName == '{company}' and RiskCategory == \\\"Compromised Systems\\\"\\r\\n| extend Date = format_datetime(todatetime(LastSeen), 'yyyy-MM')\\r\\n| summarize count() by RiskVectorLabel,Date\\r\\n| project Date, count_, RiskVectorLabel\\r\\n| order by Date asc\\r\\n\",\"size\":0,\"aggregation\":4,\"title\":\"Compromised Systems by Risk Vector Over Time\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"linechart\",\"graphSettings\":{\"type\":0,\"topContent\":{\"columnMatch\":\"Date\",\"formatter\":1},\"centerContent\":{\"columnMatch\":\"count_\",\"formatter\":1,\"numberFormat\":{\"unit\":17,\"options\":{\"maximumSignificantDigits\":3,\"maximumFractionDigits\":2}}}},\"chartSettings\":{\"xAxis\":\"Date\",\"yAxis\":[\"count_\"],\"group\":\"RiskVectorLabel\",\"showDataPoints\":true}},\"name\":\"query - 6\",\"styleSettings\":{\"showBorder\":true}},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"BitSightFindingsData\\r\\n| where todatetime(LastSeen) {Timer} and CompanyName == '{company}' and RiskCategory == \\\"User Behavior\\\"\\r\\n| extend Date = format_datetime(todatetime(LastSeen), 'yyyy-MM')\\r\\n| summarize count() by RiskVectorLabel,Date\\r\\n| project Date, count_, RiskVectorLabel\\r\\n| order by Date asc\\r\\n\",\"size\":0,\"aggregation\":4,\"title\":\"User Behavior by Risk Vector Over Time\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"linechart\",\"chartSettings\":{\"xAxis\":\"Date\",\"yAxis\":[\"count_\"],\"group\":\"RiskVectorLabel\"}},\"name\":\"query - 15\"},{\"type\":1,\"content\":{\"json\":\"##### Diligence by Risk Vector Over Time\"},\"name\":\"text - 13\"},{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"parameters\":[{\"id\":\"4d26ba1c-db98-437a-9a0c-63126f341afb\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"Risk_Vector\",\"label\":\"Risk Vector\",\"type\":2,\"isRequired\":true,\"multiSelect\":true,\"quote\":\"'\",\"delimiter\":\",\",\"query\":\"BitSightFindingsData\\r\\n| where todatetime(LastSeen) {Timer} and CompanyName == '{company}' and RiskCategory == \\\"Diligence\\\"\\r\\n| distinct RiskVectorLabel\\r\\n\",\"typeSettings\":{\"additionalResourceOptions\":[\"value::all\"],\"selectAllValue\":\"*\",\"showDefault\":false},\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"value\":[\"value::all\"]}],\"style\":\"pills\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"name\":\"parameters - 12\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"BitSightFindingsData\\r\\n| where todatetime(LastSeen) {Timer} and CompanyName == '{company}' and RiskCategory == \\\"Diligence\\\" and ('*' in ({Risk_Vector}) or RiskVectorLabel in ({Risk_Vector}))\\r\\n| extend Date = format_datetime(todatetime(LastSeen), 'yyyy-MM')\\r\\n| summarize count() by RiskVectorLabel,Date\\r\\n| project Date, count_, RiskVectorLabel\\r\\n| order by Date asc\\r\\n\",\"size\":0,\"aggregation\":4,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"linechart\",\"tileSettings\":{\"showBorder\":false,\"titleContent\":{\"columnMatch\":\"Date\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"count_\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"},\"numberFormat\":{\"unit\":17,\"options\":{\"maximumSignificantDigits\":3,\"maximumFractionDigits\":2}}}},\"chartSettings\":{\"xAxis\":\"Date\",\"yAxis\":[\"count_\"],\"group\":\"RiskVectorLabel\",\"createOtherGroup\":0,\"showDataPoints\":true}},\"name\":\"query - 14\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"BitSightDiligenceHistoricalStatistics\\r\\n| where todatetime(Date) {Timer} and CompanyName == '{company}'\\r\\n| extend yyyy_mm = format_datetime(todatetime(Date), 'yyyy-MM')\\r\\n| summarize round(avg(Count),2) by yyyy_mm, Category\\r\\n| project Category, avg_Count, yyyy_mm = strcat(yyyy_mm,\\\" (Avg)\\\")\\r\\n| order by yyyy_mm asc, Category asc\\r\\n| limit 15\",\"size\":0,\"aggregation\":4,\"title\":\"Diligence Observations by Severity\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"unstackedbar\",\"chartSettings\":{\"xAxis\":\"yyyy_mm\",\"yAxis\":[\"avg_Count\"],\"group\":\"Category\"}},\"name\":\"query - 8\",\"styleSettings\":{\"showBorder\":true}},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"BitSightFindingsData\\r\\n| where todatetime(LastSeen) {Timer} and CompanyName == '{company}' and RiskCategory == \\\"Compromised Systems\\\" and RiskVectorLabel == \\\"Botnet Infections\\\"\\r\\n| extend d=parse_json(Details) \\r\\n| mv-expand asset = todynamic(Assets)\\r\\n| project Infection = dynamic_to_json(d[0].infection.family), [\\\"Detection Method\\\"] = dynamic_to_json(d[0].detection_method), [\\\"Last Seen\\\"] = column_ifexists(\\\"LastSeen\\\",\\\"\\\"), Asset = dynamic_to_json(asset.asset)\\r\\n| distinct Infection, [\\\"Detection Method\\\"], Asset, [\\\"Last Seen\\\"]\\r\\n| order by [\\\"Last Seen\\\"] desc\",\"size\":0,\"title\":\"Infections\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"gridSettings\":{\"rowLimit\":10000,\"filter\":true}},\"name\":\"query - 7\",\"styleSettings\":{\"showBorder\":true}},{\"type\":1,\"content\":{\"json\":\"##### Vulnerabilities\"},\"name\":\"text - 11\"},{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"parameters\":[{\"id\":\"c7ff4374-c346-4c43-9354-8936687c2704\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"Severity\",\"type\":2,\"isRequired\":true,\"multiSelect\":true,\"quote\":\"'\",\"delimiter\":\",\",\"query\":\"BitSightFindingsSummary\\r\\n| where todatetime(StartDate) {Timer} and Company == '{company}'\\r\\n| extend Filter = case(toreal(Severity) <= 3.9 and toreal(Severity) >= 0.0, \\\"Minor\\\", \\r\\n toreal(Severity) <= 6.9 and toreal(Severity) >= 4.0, \\\"Moderate\\\",\\r\\n toreal(Severity) <= 8.9 and toreal(Severity) >= 7.0, \\\"Material\\\",\\r\\n toreal(Severity) <= 10.0 and toreal(Severity) >= 9.0, \\\"Severe\\\",\\r\\n \\\"\\\")\\r\\n| distinct Filter\",\"typeSettings\":{\"additionalResourceOptions\":[\"value::all\"],\"selectAllValue\":\"*\",\"showDefault\":false},\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"value\":[\"value::all\"]}],\"style\":\"pills\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"name\":\"parameters - 10\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"BitSightFindingsSummary\\r\\n| where todatetime(StartDate) {Timer} and Company == '{company}'\\r\\n| distinct Name, Severity, StartDate, EndDate, Description\\r\\n| extend [\\\"Severity Details\\\"] = case(toreal(Severity) <= 3.9 and toreal(Severity) >= 0.0, \\\"Minor\\\", \\r\\n toreal(Severity) <= 6.9 and toreal(Severity) >= 4.0, \\\"Moderate\\\",\\r\\n toreal(Severity) <= 8.9 and toreal(Severity) >= 7.0, \\\"Material\\\",\\r\\n toreal(Severity) <= 10.0 and toreal(Severity) >= 9.0, \\\"Severe\\\",\\r\\n \\\"\\\")\\r\\n| where ('*' in ({Severity}) or [\\\"Severity Details\\\"] in ({Severity}))\\r\\n| project-rename Name = Name, [\\\"Start Date\\\"] = StartDate, [\\\"End Date\\\"] = EndDate\\r\\n| project Name, [\\\"Severity Details\\\"], [\\\"Start Date\\\"], [\\\"End Date\\\"], Description\\r\\n\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"gridSettings\":{\"rowLimit\":10000,\"filter\":true}},\"name\":\"query - 9\",\"styleSettings\":{\"showBorder\":true}}]},\"name\":\"My Company\"}]},\"name\":\"Main\",\"styleSettings\":{\"showBorder\":true}}],\"fromTemplateId\":\"sentinel-BitSightWorkbook\",\"$schema\":\"https://github.com/Microsoft/Application-Insights-Workbooks/blob/master/schema/workbook.json\"}\n", + "version": "1.0", + "sourceId": "[variables('workspaceResourceId')]", + "category": "sentinel" + } + }, + { + "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", + "apiVersion": "2022-01-01-preview", + "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Workbook-', last(split(variables('workbookId1'),'/'))))]", + "properties": { + "description": "@{workbookKey=BitSightWorkbook; logoFileName=BitSight.svg; description=Gain insights into BitSight data.; dataTypesDependencies=System.Object[]; dataConnectorsDependencies=System.Object[]; previewImagesFileNames=System.Object[]; version=1.0.0; title=BitSight; templateRelativePath=BitSightWorkbook.json; subtitle=; provider=BitSight}.description", + "parentId": "[variables('workbookId1')]", + "contentId": "[variables('_workbookContentId1')]", + "kind": "Workbook", + "version": "[variables('workbookVersion1')]", + "source": { + "kind": "Solution", + "name": "BitSight", + "sourceId": "[variables('_solutionId')]" + }, + "author": { + "name": "Microsoft", + "email": "[variables('_email')]" + }, + "support": { + "name": "BitSight Support", + "email": "support@bitsight.com", + "tier": "Partner", + "link": "https://www.bitsight.com/customer-success-support" + }, + "dependencies": { + "operator": "AND", + "criteria": [ + { + "contentId": "Alerts_data_CL", + "kind": "DataType" + }, + { + "contentId": "BitsightBreaches_data_CL", + "kind": "DataType" + }, + { + "contentId": "BitsightCompany_details_CL", + "kind": "DataType" + }, + { + "contentId": "BitsightCompany_rating_details_CL", + "kind": "DataType" + }, + { + "contentId": "BitsightDiligence_historical_statistics_CL", + "kind": "DataType" + }, + { + "contentId": "BitsightDiligence_statistics_CL", + "kind": "DataType" + }, + { + "contentId": "BitsightFindings_summary_CL", + "kind": "DataType" + }, + { + "contentId": "BitsightFindings_data_CL", + "kind": "DataType" + }, + { + "contentId": "BitsightGraph_data_CL", + "kind": "DataType" + }, + { + "contentId": "BitsightIndustrial_statistics_CL", + "kind": "DataType" + }, + { + "contentId": "BitsightObservation_statistics_CL", + "kind": "DataType" + }, + { + "contentId": "BitSightDatConnector", + "kind": "DataConnector" + } + ] + } + } + } + ] + }, + "packageKind": "Solution", + "packageVersion": "[variables('_solutionVersion')]", + "packageName": "[variables('_solutionName')]", + "packageId": "[variables('_solutionId')]", + "contentSchemaVersion": "3.0.0", + "contentId": "[variables('_workbookContentId1')]", + "contentKind": "Workbook", + "displayName": "[parameters('workbook1-name')]", + "contentProductId": "[variables('_workbookcontentProductId1')]", + "id": "[variables('_workbookcontentProductId1')]", + "version": "[variables('workbookVersion1')]" + } + }, + { + "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates", + "apiVersion": "2023-04-01-preview", + "name": "[variables('analyticRuleObject1').analyticRuleTemplateSpecName1]", + "location": "[parameters('workspace-location')]", + "dependsOn": [ + "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" + ], + "properties": { + "description": "BitSightDropInCompanyRatings_AnalyticalRules Analytics Rule with template version 3.2.0", + "mainTemplate": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "[variables('analyticRuleObject1').analyticRuleVersion1]", + "parameters": {}, + "variables": {}, + "resources": [ + { + "type": "Microsoft.SecurityInsights/AlertRuleTemplates", + "name": "[variables('analyticRuleObject1')._analyticRulecontentId1]", + "apiVersion": "2023-02-01-preview", + "kind": "Scheduled", + "location": "[parameters('workspace-location')]", + "properties": { + "description": "Rule helps to detect when there is a drop of 10% or more in BitSight company ratings.", + "displayName": "BitSight - drop in company ratings", + "enabled": false, + "query": "let timeframe = 24h;\nBitSightGraphData\n| where ingestion_time() > ago(timeframe)and toint(RatingDifferance) < 0\n| extend percentage = -(toreal(RatingDifferance)/toreal(Rating))*100\n| where percentage >= 10\n| project RatingDate, Rating, CompanyName, percentage\n", + "queryFrequency": "P1D", + "queryPeriod": "PT24H", + "severity": "High", + "suppressionDuration": "PT1H", + "suppressionEnabled": false, + "triggerOperator": "GreaterThan", + "triggerThreshold": 0, + "status": "Available", + "requiredDataConnectors": [ + { + "dataTypes": [ + "BitSightGraphData" + ], + "connectorId": "BitSight" + } + ], + "tactics": [ + "Reconnaissance", + "CommandAndControl" + ], + "techniques": [ + "T1591", + "T1090" + ], + "eventGroupingSettings": { + "aggregationKind": "AlertPerResult" + }, + "customDetails": { + "CompanyName": "CompanyName", + "CompanyRating": "Rating" + }, + "alertDetailsOverride": { + "alertDisplayNameFormat": "BitSight : Alert for >10% drop in ratings of {{CompanyName}}.", + "alertDescriptionFormat": "Alert is generated for {{CompanyName}}.\\n\\nRating Date: {{RatingDate}}\\nPercentage Drop: {{percentage}}%" + }, + "incidentConfiguration": { + "createIncident": false + } + } + }, + { + "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", + "apiVersion": "2022-01-01-preview", + "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('AnalyticsRule-', last(split(variables('analyticRuleObject1').analyticRuleId1,'/'))))]", + "properties": { + "description": "BitSight Analytics Rule 1", + "parentId": "[variables('analyticRuleObject1').analyticRuleId1]", + "contentId": "[variables('analyticRuleObject1')._analyticRulecontentId1]", + "kind": "AnalyticsRule", + "version": "[variables('analyticRuleObject1').analyticRuleVersion1]", + "source": { + "kind": "Solution", + "name": "BitSight", + "sourceId": "[variables('_solutionId')]" + }, + "author": { + "name": "Microsoft", + "email": "[variables('_email')]" + }, + "support": { + "name": "BitSight Support", + "email": "support@bitsight.com", + "tier": "Partner", + "link": "https://www.bitsight.com/customer-success-support" + } + } + } + ] + }, + "packageKind": "Solution", + "packageVersion": "[variables('_solutionVersion')]", + "packageName": "[variables('_solutionName')]", + "packageId": "[variables('_solutionId')]", + "contentSchemaVersion": "3.0.0", + "contentId": "[variables('analyticRuleObject1')._analyticRulecontentId1]", + "contentKind": "AnalyticsRule", + "displayName": "BitSight - drop in company ratings", + "contentProductId": "[variables('analyticRuleObject1')._analyticRulecontentProductId1]", + "id": "[variables('analyticRuleObject1')._analyticRulecontentProductId1]", + "version": "[variables('analyticRuleObject1').analyticRuleVersion1]" + } + }, + { + "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates", + "apiVersion": "2023-04-01-preview", + "name": "[variables('analyticRuleObject2').analyticRuleTemplateSpecName2]", + "location": "[parameters('workspace-location')]", + "dependsOn": [ + "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" + ], + "properties": { + "description": "BitSightNewAlertFound_AnalyticalRules Analytics Rule with template version 3.2.0", + "mainTemplate": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "[variables('analyticRuleObject2').analyticRuleVersion2]", + "parameters": {}, + "variables": {}, + "resources": [ + { + "type": "Microsoft.SecurityInsights/AlertRuleTemplates", + "name": "[variables('analyticRuleObject2')._analyticRulecontentId2]", + "apiVersion": "2023-02-01-preview", + "kind": "Scheduled", + "location": "[parameters('workspace-location')]", + "properties": { + "description": "Rule helps to detect a new alerts generated in BitSight.", + "displayName": "BitSight - new alert found", + "enabled": false, + "query": "let timeframe = 24h;\nBitSightAlerts\n| where ingestion_time() > ago(timeframe)\n| extend Severity = case( Severity contains \"INCREASE\", \"Low\",\n Severity contains \"WARN\" or Severity contains \"DECREASE\", \"Medium\",\n Severity contains \"CRITICAL\", \"High\",\n \"Informational\")\n| extend CompanyURL = strcat(\"https://service.bitsighttech.com/app/spm\",CompanyURL)\n| project CompanyName, Severity, Trigger, CompanyURL, AlertDate, GUID\n", + "queryFrequency": "P1D", + "queryPeriod": "PT24H", + "severity": "High", + "suppressionDuration": "PT1H", + "suppressionEnabled": false, + "triggerOperator": "GreaterThan", + "triggerThreshold": 0, + "status": "Available", + "requiredDataConnectors": [ + { + "dataTypes": [ + "BitSightAlerts" + ], + "connectorId": "BitSight" + } + ], + "tactics": [ + "Impact", + "InitialAccess" + ], + "techniques": [ + "T1491", + "T1190" + ], + "entityMappings": [ + { + "fieldMappings": [ + { + "columnName": "CompanyURL", + "identifier": "Url" + } + ], + "entityType": "URL" + } + ], + "eventGroupingSettings": { + "aggregationKind": "AlertPerResult" + }, + "alertDetailsOverride": { + "alertSeverityColumnName": "Severity", + "alertDisplayNameFormat": "BitSight: Alert for {{Trigger}} in {{CompanyName}} from bitsight.", + "alertDescriptionFormat": "Alert generated on {{AlertDate}} in BitSight.\\n\\nCompany URL: {{CompanyURL}}\\nAlert GUID: {{GUID}}" + }, + "incidentConfiguration": { + "createIncident": false + } + } + }, + { + "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", + "apiVersion": "2022-01-01-preview", + "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('AnalyticsRule-', last(split(variables('analyticRuleObject2').analyticRuleId2,'/'))))]", + "properties": { + "description": "BitSight Analytics Rule 2", + "parentId": "[variables('analyticRuleObject2').analyticRuleId2]", + "contentId": "[variables('analyticRuleObject2')._analyticRulecontentId2]", + "kind": "AnalyticsRule", + "version": "[variables('analyticRuleObject2').analyticRuleVersion2]", + "source": { + "kind": "Solution", + "name": "BitSight", + "sourceId": "[variables('_solutionId')]" + }, + "author": { + "name": "Microsoft", + "email": "[variables('_email')]" + }, + "support": { + "name": "BitSight Support", + "email": "support@bitsight.com", + "tier": "Partner", + "link": "https://www.bitsight.com/customer-success-support" + } + } + } + ] + }, + "packageKind": "Solution", + "packageVersion": "[variables('_solutionVersion')]", + "packageName": "[variables('_solutionName')]", + "packageId": "[variables('_solutionId')]", + "contentSchemaVersion": "3.0.0", + "contentId": "[variables('analyticRuleObject2')._analyticRulecontentId2]", + "contentKind": "AnalyticsRule", + "displayName": "BitSight - new alert found", + "contentProductId": "[variables('analyticRuleObject2')._analyticRulecontentProductId2]", + "id": "[variables('analyticRuleObject2')._analyticRulecontentProductId2]", + "version": "[variables('analyticRuleObject2').analyticRuleVersion2]" + } + }, + { + "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates", + "apiVersion": "2023-04-01-preview", + "name": "[variables('analyticRuleObject3').analyticRuleTemplateSpecName3]", + "location": "[parameters('workspace-location')]", + "dependsOn": [ + "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" + ], + "properties": { + "description": "BitSightCompromisedSystemsDetected_AnalyticalRules Analytics Rule with template version 3.2.0", + "mainTemplate": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "[variables('analyticRuleObject3').analyticRuleVersion3]", + "parameters": {}, + "variables": {}, + "resources": [ + { + "type": "Microsoft.SecurityInsights/AlertRuleTemplates", + "name": "[variables('analyticRuleObject3')._analyticRulecontentId3]", + "apiVersion": "2023-02-01-preview", + "kind": "Scheduled", + "location": "[parameters('workspace-location')]", + "properties": { + "description": "Rule helps to detect whenever there is a compromised systems found in BitSight.", + "displayName": "BitSight - compromised systems detected", + "enabled": false, + "query": "let timeframe = 24h;\nBitSightFindingsData\n| where ingestion_time() > ago(timeframe)\n| where RiskCategory == \"Compromised Systems\"\n| extend Severity = toreal(Severity)\n| extend Severity = case( Severity <= 6.9 and Severity >= 4.0, \"Low\",\n Severity <= 8.9 and Severity >= 7.0, \"Medium\",\n Severity <= 10.0 and Severity >= 9.0, \"High\",\n \"Informational\")\n| project FirstSeen, CompanyName, Severity, RiskCategory, RiskVector, TemporaryId\n", + "queryFrequency": "P1D", + "queryPeriod": "PT24H", + "severity": "Medium", + "suppressionDuration": "PT1H", + "suppressionEnabled": false, + "triggerOperator": "GreaterThan", + "triggerThreshold": 0, + "status": "Available", + "requiredDataConnectors": [ + { + "dataTypes": [ + "BitSightFindingsData" + ], + "connectorId": "BitSight" + } + ], + "tactics": [ + "Execution" + ], + "techniques": [ + "T1203" + ], + "entityMappings": [ + { + "fieldMappings": [ + { + "columnName": "RiskVector", + "identifier": "Name" + }, + { + "columnName": "RiskCategory", + "identifier": "Category" + } + ], + "entityType": "Malware" + } + ], + "eventGroupingSettings": { + "aggregationKind": "AlertPerResult" + }, + "alertDetailsOverride": { + "alertSeverityColumnName": "Severity", + "alertDisplayNameFormat": "BitSight: Alert for {{RiskVector}} in {{CompanyName}} from BitSight", + "alertDescriptionFormat": "Alert is generated for {{CompanyName}}.\\n\\nRisk Vector: {{RiskVector}}\\nTemporaryId: {{TemporaryId}}\\nRisk Category: Compromised Systems" + }, + "incidentConfiguration": { + "createIncident": true + } + } + }, + { + "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", + "apiVersion": "2022-01-01-preview", + "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('AnalyticsRule-', last(split(variables('analyticRuleObject3').analyticRuleId3,'/'))))]", + "properties": { + "description": "BitSight Analytics Rule 3", + "parentId": "[variables('analyticRuleObject3').analyticRuleId3]", + "contentId": "[variables('analyticRuleObject3')._analyticRulecontentId3]", + "kind": "AnalyticsRule", + "version": "[variables('analyticRuleObject3').analyticRuleVersion3]", + "source": { + "kind": "Solution", + "name": "BitSight", + "sourceId": "[variables('_solutionId')]" + }, + "author": { + "name": "Microsoft", + "email": "[variables('_email')]" + }, + "support": { + "name": "BitSight Support", + "email": "support@bitsight.com", + "tier": "Partner", + "link": "https://www.bitsight.com/customer-success-support" + } + } + } + ] + }, + "packageKind": "Solution", + "packageVersion": "[variables('_solutionVersion')]", + "packageName": "[variables('_solutionName')]", + "packageId": "[variables('_solutionId')]", + "contentSchemaVersion": "3.0.0", + "contentId": "[variables('analyticRuleObject3')._analyticRulecontentId3]", + "contentKind": "AnalyticsRule", + "displayName": "BitSight - compromised systems detected", + "contentProductId": "[variables('analyticRuleObject3')._analyticRulecontentProductId3]", + "id": "[variables('analyticRuleObject3')._analyticRulecontentProductId3]", + "version": "[variables('analyticRuleObject3').analyticRuleVersion3]" + } + }, + { + "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates", + "apiVersion": "2023-04-01-preview", + "name": "[variables('analyticRuleObject4').analyticRuleTemplateSpecName4]", + "location": "[parameters('workspace-location')]", + "dependsOn": [ + "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" + ], + "properties": { + "description": "BitSightDiligenceRiskCategoryDetected_AnalyticalRules Analytics Rule with template version 3.2.0", + "mainTemplate": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "[variables('analyticRuleObject4').analyticRuleVersion4]", + "parameters": {}, + "variables": {}, + "resources": [ + { + "type": "Microsoft.SecurityInsights/AlertRuleTemplates", + "name": "[variables('analyticRuleObject4')._analyticRulecontentId4]", + "apiVersion": "2023-02-01-preview", + "kind": "Scheduled", + "location": "[parameters('workspace-location')]", + "properties": { + "description": "Rule helps to detect whenever there is a diligence risk category found in BitSight.", + "displayName": "BitSight - diligence risk category detected", + "enabled": false, + "query": "let timeframe = 24h;\nBitSightFindingsData\n| where ingestion_time() > ago(timeframe)\n| where RiskCategory == \"Diligence\"\n| extend Severity = toreal(Severity)\n| extend Severity = case( Severity <= 6.9 and Severity >= 4.0, \"Low\",\n Severity <= 8.9 and Severity >= 7.0, \"Medium\",\n Severity <= 10.0 and Severity >= 9.0, \"High\",\n \"Informational\")\n| project FirstSeen, CompanyName, Severity, RiskCategory, TemporaryId, RiskVector\n", + "queryFrequency": "P1D", + "queryPeriod": "PT24H", + "severity": "Medium", + "suppressionDuration": "PT1H", + "suppressionEnabled": false, + "triggerOperator": "GreaterThan", + "triggerThreshold": 0, + "status": "Available", + "requiredDataConnectors": [ + { + "dataTypes": [ + "BitSightFindingsData" + ], + "connectorId": "BitSight" + } + ], + "tactics": [ + "Execution", + "Reconnaissance" + ], + "subTechniques": [ + "T1595.002" + ], + "techniques": [ + "T1203", + "T1595" + ], + "entityMappings": [ + { + "fieldMappings": [ + { + "columnName": "RiskVector", + "identifier": "Name" + }, + { + "columnName": "RiskCategory", + "identifier": "Category" + } + ], + "entityType": "Malware" + } + ], + "eventGroupingSettings": { + "aggregationKind": "AlertPerResult" + }, + "alertDetailsOverride": { + "alertSeverityColumnName": "Severity", + "alertDisplayNameFormat": "BitSight: Alert for {{RiskVector}} in {{CompanyName}} from BitSight", + "alertDescriptionFormat": "Alert is generated for {{CompanyName}}.\\n\\nRisk Vector: {{RiskVector}}\\nTemporaryId: {{TemporaryId}}\\nRisk Category: Diligence" + }, + "incidentConfiguration": { + "createIncident": false + } + } + }, + { + "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", + "apiVersion": "2022-01-01-preview", + "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('AnalyticsRule-', last(split(variables('analyticRuleObject4').analyticRuleId4,'/'))))]", + "properties": { + "description": "BitSight Analytics Rule 4", + "parentId": "[variables('analyticRuleObject4').analyticRuleId4]", + "contentId": "[variables('analyticRuleObject4')._analyticRulecontentId4]", + "kind": "AnalyticsRule", + "version": "[variables('analyticRuleObject4').analyticRuleVersion4]", + "source": { + "kind": "Solution", + "name": "BitSight", + "sourceId": "[variables('_solutionId')]" + }, + "author": { + "name": "Microsoft", + "email": "[variables('_email')]" + }, + "support": { + "name": "BitSight Support", + "email": "support@bitsight.com", + "tier": "Partner", + "link": "https://www.bitsight.com/customer-success-support" + } + } + } + ] + }, + "packageKind": "Solution", + "packageVersion": "[variables('_solutionVersion')]", + "packageName": "[variables('_solutionName')]", + "packageId": "[variables('_solutionId')]", + "contentSchemaVersion": "3.0.0", + "contentId": "[variables('analyticRuleObject4')._analyticRulecontentId4]", + "contentKind": "AnalyticsRule", + "displayName": "BitSight - diligence risk category detected", + "contentProductId": "[variables('analyticRuleObject4')._analyticRulecontentProductId4]", + "id": "[variables('analyticRuleObject4')._analyticRulecontentProductId4]", + "version": "[variables('analyticRuleObject4').analyticRuleVersion4]" + } + }, + { + "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates", + "apiVersion": "2023-04-01-preview", + "name": "[variables('analyticRuleObject5').analyticRuleTemplateSpecName5]", + "location": "[parameters('workspace-location')]", + "dependsOn": [ + "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" + ], + "properties": { + "description": "BitSightDropInHeadlineRating_AnalyticalRules Analytics Rule with template version 3.2.0", + "mainTemplate": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "[variables('analyticRuleObject5').analyticRuleVersion5]", + "parameters": {}, + "variables": {}, + "resources": [ + { + "type": "Microsoft.SecurityInsights/AlertRuleTemplates", + "name": "[variables('analyticRuleObject5')._analyticRulecontentId5]", + "apiVersion": "2023-02-01-preview", + "kind": "Scheduled", + "location": "[parameters('workspace-location')]", + "properties": { + "description": "Rule helps to detect if headline ratings is drop in BitSight.", + "displayName": "BitSight - drop in the headline rating", + "enabled": false, + "query": "let timeframe = 24h;\nBitSightGraphData\n| where ingestion_time() > ago(timeframe)\n| where toint(RatingDifferance) < 0\n| project RatingDate, Rating, CompanyName, RatingDifferance\n", + "queryFrequency": "P1D", + "queryPeriod": "PT24H", + "severity": "High", + "suppressionDuration": "PT1H", + "suppressionEnabled": false, + "triggerOperator": "GreaterThan", + "triggerThreshold": 0, + "status": "Available", + "requiredDataConnectors": [ + { + "dataTypes": [ + "BitSightGraphData" + ], + "connectorId": "BitSight" + } + ], + "tactics": [ + "Reconnaissance", + "CommandAndControl" + ], + "techniques": [ + "T1591", + "T1090" + ], + "eventGroupingSettings": { + "aggregationKind": "AlertPerResult" + }, + "customDetails": { + "CompanyName": "CompanyName", + "CompanyRating": "Rating" + }, + "alertDetailsOverride": { + "alertDisplayNameFormat": "BitSight : Alert for drop in the headline rating of {{CompanyName}}.", + "alertDescriptionFormat": "Alert is generated for {{CompanyName}}.\\n\\nRating Date: {{RatingDate}}\\nRating Drop: {{RatingDifferance}}" + }, + "incidentConfiguration": { + "createIncident": false + } + } + }, + { + "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", + "apiVersion": "2022-01-01-preview", + "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('AnalyticsRule-', last(split(variables('analyticRuleObject5').analyticRuleId5,'/'))))]", + "properties": { + "description": "BitSight Analytics Rule 5", + "parentId": "[variables('analyticRuleObject5').analyticRuleId5]", + "contentId": "[variables('analyticRuleObject5')._analyticRulecontentId5]", + "kind": "AnalyticsRule", + "version": "[variables('analyticRuleObject5').analyticRuleVersion5]", + "source": { + "kind": "Solution", + "name": "BitSight", + "sourceId": "[variables('_solutionId')]" + }, + "author": { + "name": "Microsoft", + "email": "[variables('_email')]" + }, + "support": { + "name": "BitSight Support", + "email": "support@bitsight.com", + "tier": "Partner", + "link": "https://www.bitsight.com/customer-success-support" + } + } + } + ] + }, + "packageKind": "Solution", + "packageVersion": "[variables('_solutionVersion')]", + "packageName": "[variables('_solutionName')]", + "packageId": "[variables('_solutionId')]", + "contentSchemaVersion": "3.0.0", + "contentId": "[variables('analyticRuleObject5')._analyticRulecontentId5]", + "contentKind": "AnalyticsRule", + "displayName": "BitSight - drop in the headline rating", + "contentProductId": "[variables('analyticRuleObject5')._analyticRulecontentProductId5]", + "id": "[variables('analyticRuleObject5')._analyticRulecontentProductId5]", + "version": "[variables('analyticRuleObject5').analyticRuleVersion5]" + } + }, + { + "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates", + "apiVersion": "2023-04-01-preview", + "name": "[variables('analyticRuleObject6').analyticRuleTemplateSpecName6]", + "location": "[parameters('workspace-location')]", + "dependsOn": [ + "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" + ], + "properties": { + "description": "BitSightNewBreachFound_AnalyticalRules Analytics Rule with template version 3.2.0", + "mainTemplate": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "[variables('analyticRuleObject6').analyticRuleVersion6]", + "parameters": {}, + "variables": {}, + "resources": [ + { + "type": "Microsoft.SecurityInsights/AlertRuleTemplates", + "name": "[variables('analyticRuleObject6')._analyticRulecontentId6]", + "apiVersion": "2023-02-01-preview", + "kind": "Scheduled", + "location": "[parameters('workspace-location')]", + "properties": { + "description": "Rule helps to detect a new breach generated in BitSight.", + "displayName": "BitSight - new breach found", + "enabled": false, + "query": "let timeframe = 24h;\nBitSightBreaches\n| where ingestion_time() > ago(timeframe)\n| extend Severity = toreal(Severity)\n| extend Severity = case( Severity == 1, \"Low\",\n Severity == 2, \"Medium\",\n Severity == 3, \"High\",\n \"Informational\")\n| project DateCreated, Companyname, Severity, PreviwURL, GUID\n", + "queryFrequency": "P1D", + "queryPeriod": "PT24H", + "severity": "Medium", + "suppressionDuration": "PT1H", + "suppressionEnabled": false, + "triggerOperator": "GreaterThan", + "triggerThreshold": 0, + "status": "Available", + "requiredDataConnectors": [ + { + "dataTypes": [ + "BitSightBreaches" + ], + "connectorId": "BitSight" + } + ], + "tactics": [ + "Impact", + "InitialAccess" + ], + "techniques": [ + "T1491", + "T1190" + ], + "entityMappings": [ + { + "fieldMappings": [ + { + "columnName": "PreviwURL", + "identifier": "Url" + } + ], + "entityType": "URL" + } + ], + "eventGroupingSettings": { + "aggregationKind": "AlertPerResult" + }, + "alertDetailsOverride": { + "alertSeverityColumnName": "Severity", + "alertDisplayNameFormat": "BitSight: Alert for new breach in {{Companyname}}.", + "alertDescriptionFormat": "Alert is generated on {{DateCreated}} at BitSight.\\n\\nGUID: {{GUID}}\\nPreview URL: {{PreviwURL}}" + }, + "incidentConfiguration": { + "createIncident": false + } + } + }, + { + "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", + "apiVersion": "2022-01-01-preview", + "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('AnalyticsRule-', last(split(variables('analyticRuleObject6').analyticRuleId6,'/'))))]", + "properties": { + "description": "BitSight Analytics Rule 6", + "parentId": "[variables('analyticRuleObject6').analyticRuleId6]", + "contentId": "[variables('analyticRuleObject6')._analyticRulecontentId6]", + "kind": "AnalyticsRule", + "version": "[variables('analyticRuleObject6').analyticRuleVersion6]", + "source": { + "kind": "Solution", + "name": "BitSight", + "sourceId": "[variables('_solutionId')]" + }, + "author": { + "name": "Microsoft", + "email": "[variables('_email')]" + }, + "support": { + "name": "BitSight Support", + "email": "support@bitsight.com", + "tier": "Partner", + "link": "https://www.bitsight.com/customer-success-support" + } + } + } + ] + }, + "packageKind": "Solution", + "packageVersion": "[variables('_solutionVersion')]", + "packageName": "[variables('_solutionName')]", + "packageId": "[variables('_solutionId')]", + "contentSchemaVersion": "3.0.0", + "contentId": "[variables('analyticRuleObject6')._analyticRulecontentId6]", + "contentKind": "AnalyticsRule", + "displayName": "BitSight - new breach found", + "contentProductId": "[variables('analyticRuleObject6')._analyticRulecontentProductId6]", + "id": "[variables('analyticRuleObject6')._analyticRulecontentProductId6]", + "version": "[variables('analyticRuleObject6').analyticRuleVersion6]" + } + }, + { + "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates", + "apiVersion": "2023-04-01-preview", + "name": "[variables('parserObject1').parserTemplateSpecName1]", + "location": "[parameters('workspace-location')]", + "dependsOn": [ + "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" + ], + "properties": { + "description": "BitSightAlerts Data Parser with template version 3.2.0", + "mainTemplate": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "[variables('parserObject1').parserVersion1]", + "parameters": {}, + "variables": {}, + "resources": [ + { + "name": "[variables('parserObject1')._parserName1]", + "apiVersion": "2025-07-01", + "type": "Microsoft.OperationalInsights/workspaces/savedSearches", + "location": "[parameters('workspace-location')]", + "properties": { + "eTag": "*", + "displayName": "Parser for BitSightAlerts", + "category": "Microsoft Sentinel Parser", + "functionAlias": "BitSightAlerts", + "query": "union isfuzzy=true\n (\n BitsightAlerts_data_CL\n | extend\n EventVendor = \"BitSight\",\n EventProduct = \"Alert\",\n GUID = column_ifexists('guid', ''),\n AlertType = column_ifexists('alert_type', ''),\n AlertDate = column_ifexists('alert_date', ''),\n StartDate = column_ifexists('start_date', ''),\n CompanyName = column_ifexists('company_name', ''),\n CompanyGUID = column_ifexists('company_guid', ''),\n CompanyURL = column_ifexists('company_url', ''),\n FolderGUID = column_ifexists('folder_guid', ''),\n FolderName = column_ifexists('folder_name', ''),\n Severity = column_ifexists('severity', ''),\n Trigger = column_ifexists('trigger', '')\n | project\n TimeGenerated,\n EventVendor,\n EventProduct,\n GUID,\n AlertType,\n AlertDate,\n StartDate,\n CompanyName,\n CompanyGUID,\n CompanyURL,\n FolderGUID,\n FolderName,\n Severity,\n Trigger\n ),\n (\n BitSightAlerts_CL\n | extend\n EventVendor = \"BitSight\",\n EventProduct = \"Alert\"\n | project\n TimeGenerated,\n EventVendor,\n EventProduct,\n Guid,\n AlertType,\n AlertDate,\n StartDate,\n CompanyName,\n CompanyGuid,\n CompanyUrl,\n FolderGuid,\n FolderName,\n Severity,\n Trigger,\n AlertSetName,\n AlertSetGuid,\n ConnectorName\n )\n", + "functionParameters": "", + "version": 2, + "tags": [ + { + "name": "description", + "value": "" + } + ] + } + }, + { + "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", + "apiVersion": "2022-01-01-preview", + "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Parser-', last(split(variables('parserObject1')._parserId1,'/'))))]", + "dependsOn": [ + "[variables('parserObject1')._parserId1]" + ], + "properties": { + "parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'BitSightAlerts')]", + "contentId": "[variables('parserObject1').parserContentId1]", + "kind": "Parser", + "version": "[variables('parserObject1').parserVersion1]", + "source": { + "name": "BitSight", + "kind": "Solution", + "sourceId": "[variables('_solutionId')]" + }, + "author": { + "name": "Microsoft", + "email": "[variables('_email')]" + }, + "support": { + "name": "BitSight Support", + "email": "support@bitsight.com", + "tier": "Partner", + "link": "https://www.bitsight.com/customer-success-support" + } + } + } + ] + }, + "packageKind": "Solution", + "packageVersion": "[variables('_solutionVersion')]", + "packageName": "[variables('_solutionName')]", + "packageId": "[variables('_solutionId')]", + "contentSchemaVersion": "3.0.0", + "contentId": "[variables('parserObject1').parserContentId1]", + "contentKind": "Parser", + "displayName": "Parser for BitSightAlerts", + "contentProductId": "[concat(take(variables('_solutionId'),50),'-','pr','-', uniqueString(concat(variables('_solutionId'),'-','Parser','-',variables('parserObject1').parserContentId1,'-', '1.1.0')))]", + "id": "[concat(take(variables('_solutionId'),50),'-','pr','-', uniqueString(concat(variables('_solutionId'),'-','Parser','-',variables('parserObject1').parserContentId1,'-', '1.1.0')))]", + "version": "[variables('parserObject1').parserVersion1]" + } + }, + { + "type": "Microsoft.OperationalInsights/workspaces/savedSearches", + "apiVersion": "2025-07-01", + "name": "[variables('parserObject1')._parserName1]", + "location": "[parameters('workspace-location')]", + "properties": { + "eTag": "*", + "displayName": "Parser for BitSightAlerts", + "category": "Microsoft Sentinel Parser", + "functionAlias": "BitSightAlerts", + "query": "union isfuzzy=true\n (\n BitsightAlerts_data_CL\n | extend\n EventVendor = \"BitSight\",\n EventProduct = \"Alert\",\n GUID = column_ifexists('guid', ''),\n AlertType = column_ifexists('alert_type', ''),\n AlertDate = column_ifexists('alert_date', ''),\n StartDate = column_ifexists('start_date', ''),\n CompanyName = column_ifexists('company_name', ''),\n CompanyGUID = column_ifexists('company_guid', ''),\n CompanyURL = column_ifexists('company_url', ''),\n FolderGUID = column_ifexists('folder_guid', ''),\n FolderName = column_ifexists('folder_name', ''),\n Severity = column_ifexists('severity', ''),\n Trigger = column_ifexists('trigger', '')\n | project\n TimeGenerated,\n EventVendor,\n EventProduct,\n GUID,\n AlertType,\n AlertDate,\n StartDate,\n CompanyName,\n CompanyGUID,\n CompanyURL,\n FolderGUID,\n FolderName,\n Severity,\n Trigger\n ),\n (\n BitSightAlerts_CL\n | extend\n EventVendor = \"BitSight\",\n EventProduct = \"Alert\"\n | project\n TimeGenerated,\n EventVendor,\n EventProduct,\n Guid,\n AlertType,\n AlertDate,\n StartDate,\n CompanyName,\n CompanyGuid,\n CompanyUrl,\n FolderGuid,\n FolderName,\n Severity,\n Trigger,\n AlertSetName,\n AlertSetGuid,\n ConnectorName\n )\n", + "functionParameters": "", + "version": 2, + "tags": [ + { + "name": "description", + "value": "" + } + ] + } + }, + { + "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", + "apiVersion": "2022-01-01-preview", + "location": "[parameters('workspace-location')]", + "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Parser-', last(split(variables('parserObject1')._parserId1,'/'))))]", + "dependsOn": [ + "[variables('parserObject1')._parserId1]" + ], + "properties": { + "parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'BitSightAlerts')]", + "contentId": "[variables('parserObject1').parserContentId1]", + "kind": "Parser", + "version": "[variables('parserObject1').parserVersion1]", + "source": { + "kind": "Solution", + "name": "BitSight", + "sourceId": "[variables('_solutionId')]" + }, + "author": { + "name": "Microsoft", + "email": "[variables('_email')]" + }, + "support": { + "name": "BitSight Support", + "email": "support@bitsight.com", + "tier": "Partner", + "link": "https://www.bitsight.com/customer-success-support" + } + } + }, + { + "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates", + "apiVersion": "2023-04-01-preview", + "name": "[variables('parserObject2').parserTemplateSpecName2]", + "location": "[parameters('workspace-location')]", + "dependsOn": [ + "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" + ], + "properties": { + "description": "BitSightBreaches Data Parser with template version 3.2.0", + "mainTemplate": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "[variables('parserObject2').parserVersion2]", + "parameters": {}, + "variables": {}, + "resources": [ + { + "name": "[variables('parserObject2')._parserName2]", + "apiVersion": "2025-07-01", + "type": "Microsoft.OperationalInsights/workspaces/savedSearches", + "location": "[parameters('workspace-location')]", + "properties": { + "eTag": "*", + "displayName": "Parser for BitSightBreaches", + "category": "Microsoft Sentinel Parser", + "functionAlias": "BitSightBreaches", + "query": "union isfuzzy=true\n (\n BitsightBreaches_data_CL\n | extend\n EventVendor = \"BitSight\",\n EventProduct = \"Breaches\",\n GUID = column_ifexists('guid', ''),\n Date = column_ifexists('date', ''),\n Severity = column_ifexists('severity', ''),\n Text = column_ifexists('text', ''),\n DateCreated = column_ifexists('date_created', ''),\n PreviwURL = column_ifexists('preview_url', ''),\n EventType = column_ifexists('event_type', ''),\n EventTypeDescription = column_ifexists('event_type_description', ''),\n BreachedCompanies = column_ifexists('breached_companies', ''),\n DependentCompanies = column_ifexists('dependent_companies', ''),\n Companyname = column_ifexists('company_name', ''),\n CompanyGUID = column_ifexists('company_guid', '')\n | project\n TimeGenerated,\n EventVendor,\n EventProduct,\n GUID,\n Date,\n Severity,\n Text,\n DateCreated,\n PreviwURL,\n EventType,\n EventTypeDescription,\n BreachedCompanies,\n DependentCompanies,\n Companyname,\n CompanyGUID\n ),\n (\n BitSightBreaches_CL\n | summarize arg_max(TimeGenerated, *) by Guid, CompanyGuid\n | extend\n EventVendor = \"BitSight\",\n EventProduct = \"Breaches\"\n | project\n TimeGenerated,\n EventVendor,\n EventProduct,\n Guid,\n CompanyName,\n CompanyGuid,\n BreachDate,\n DateCreated,\n Text,\n PreviewUrl,\n EventType,\n EventTypeDescription,\n Severity,\n BreachedCompanies,\n DependentCompanies,\n ConnectorName\n )\n", + "functionParameters": "", + "version": 2, + "tags": [ + { + "name": "description", + "value": "" + } + ] + } + }, + { + "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", + "apiVersion": "2022-01-01-preview", + "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Parser-', last(split(variables('parserObject2')._parserId2,'/'))))]", + "dependsOn": [ + "[variables('parserObject2')._parserId2]" + ], + "properties": { + "parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'BitSightBreaches')]", + "contentId": "[variables('parserObject2').parserContentId2]", + "kind": "Parser", + "version": "[variables('parserObject2').parserVersion2]", + "source": { + "name": "BitSight", + "kind": "Solution", + "sourceId": "[variables('_solutionId')]" + }, + "author": { + "name": "Microsoft", + "email": "[variables('_email')]" + }, + "support": { + "name": "BitSight Support", + "email": "support@bitsight.com", + "tier": "Partner", + "link": "https://www.bitsight.com/customer-success-support" + } + } + } + ] + }, + "packageKind": "Solution", + "packageVersion": "[variables('_solutionVersion')]", + "packageName": "[variables('_solutionName')]", + "packageId": "[variables('_solutionId')]", + "contentSchemaVersion": "3.0.0", + "contentId": "[variables('parserObject2').parserContentId2]", + "contentKind": "Parser", + "displayName": "Parser for BitSightBreaches", + "contentProductId": "[concat(take(variables('_solutionId'),50),'-','pr','-', uniqueString(concat(variables('_solutionId'),'-','Parser','-',variables('parserObject2').parserContentId2,'-', '1.1.0')))]", + "id": "[concat(take(variables('_solutionId'),50),'-','pr','-', uniqueString(concat(variables('_solutionId'),'-','Parser','-',variables('parserObject2').parserContentId2,'-', '1.1.0')))]", + "version": "[variables('parserObject2').parserVersion2]" + } + }, + { + "type": "Microsoft.OperationalInsights/workspaces/savedSearches", + "apiVersion": "2025-07-01", + "name": "[variables('parserObject2')._parserName2]", + "location": "[parameters('workspace-location')]", + "properties": { + "eTag": "*", + "displayName": "Parser for BitSightBreaches", + "category": "Microsoft Sentinel Parser", + "functionAlias": "BitSightBreaches", + "query": "union isfuzzy=true\n (\n BitsightBreaches_data_CL\n | extend\n EventVendor = \"BitSight\",\n EventProduct = \"Breaches\",\n GUID = column_ifexists('guid', ''),\n Date = column_ifexists('date', ''),\n Severity = column_ifexists('severity', ''),\n Text = column_ifexists('text', ''),\n DateCreated = column_ifexists('date_created', ''),\n PreviwURL = column_ifexists('preview_url', ''),\n EventType = column_ifexists('event_type', ''),\n EventTypeDescription = column_ifexists('event_type_description', ''),\n BreachedCompanies = column_ifexists('breached_companies', ''),\n DependentCompanies = column_ifexists('dependent_companies', ''),\n Companyname = column_ifexists('company_name', ''),\n CompanyGUID = column_ifexists('company_guid', '')\n | project\n TimeGenerated,\n EventVendor,\n EventProduct,\n GUID,\n Date,\n Severity,\n Text,\n DateCreated,\n PreviwURL,\n EventType,\n EventTypeDescription,\n BreachedCompanies,\n DependentCompanies,\n Companyname,\n CompanyGUID\n ),\n (\n BitSightBreaches_CL\n | summarize arg_max(TimeGenerated, *) by Guid, CompanyGuid\n | extend\n EventVendor = \"BitSight\",\n EventProduct = \"Breaches\"\n | project\n TimeGenerated,\n EventVendor,\n EventProduct,\n Guid,\n CompanyName,\n CompanyGuid,\n BreachDate,\n DateCreated,\n Text,\n PreviewUrl,\n EventType,\n EventTypeDescription,\n Severity,\n BreachedCompanies,\n DependentCompanies,\n ConnectorName\n )\n", + "functionParameters": "", + "version": 2, + "tags": [ + { + "name": "description", + "value": "" + } + ] + } + }, + { + "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", + "apiVersion": "2022-01-01-preview", + "location": "[parameters('workspace-location')]", + "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Parser-', last(split(variables('parserObject2')._parserId2,'/'))))]", + "dependsOn": [ + "[variables('parserObject2')._parserId2]" + ], + "properties": { + "parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'BitSightBreaches')]", + "contentId": "[variables('parserObject2').parserContentId2]", + "kind": "Parser", + "version": "[variables('parserObject2').parserVersion2]", + "source": { + "kind": "Solution", + "name": "BitSight", + "sourceId": "[variables('_solutionId')]" + }, + "author": { + "name": "Microsoft", + "email": "[variables('_email')]" + }, + "support": { + "name": "BitSight Support", + "email": "support@bitsight.com", + "tier": "Partner", + "link": "https://www.bitsight.com/customer-success-support" + } + } + }, + { + "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates", + "apiVersion": "2023-04-01-preview", + "name": "[variables('parserObject3').parserTemplateSpecName3]", + "location": "[parameters('workspace-location')]", + "dependsOn": [ + "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" + ], + "properties": { + "description": "BitSightCompanyDetails Data Parser with template version 3.2.0", + "mainTemplate": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "[variables('parserObject3').parserVersion3]", + "parameters": {}, + "variables": {}, + "resources": [ + { + "name": "[variables('parserObject3')._parserName3]", + "apiVersion": "2025-07-01", + "type": "Microsoft.OperationalInsights/workspaces/savedSearches", + "location": "[parameters('workspace-location')]", + "properties": { + "eTag": "*", + "displayName": "Parser for BitSightCompanyDetails", + "category": "Microsoft Sentinel Parser", + "functionAlias": "BitSightCompanyDetails", + "query": "union isfuzzy=true\n (\n BitsightCompany_details_CL\n | extend\n EventVendor = \"BitSight\",\n EventProduct = \"CompanyDetails\",\n PrimaryCompanyGUID = column_ifexists('primary_company_guid', ''),\n PrimaryCompanyName = column_ifexists('primary_company_name', ''),\n AvailableUpgradeTypes = column_ifexists('available_upgrade_types', ''),\n BulkEmailSenderStatus = column_ifexists('bulk_email_sender_status', ''),\n CompanyFeatures = column_ifexists('company_features', ''),\n CustomerMonitoringCount = column_ifexists('customer_monitoring_count', ''),\n Description = column_ifexists('description', ''),\n DisplayURL = column_ifexists('display_url', ''),\n GUID = column_ifexists('guid', ''),\n HasCompanyTree = column_ifexists('has_company_tree', ''),\n HasPreferredContact = column_ifexists('has_preferred_contact', ''),\n Hompage = column_ifexists('homepage', ''),\n InSpmPortfolio = column_ifexists('in_spm_portfolio', ''),\n Industry = column_ifexists('industry', ''),\n IndustrySlug = column_ifexists('industry_slug', ''),\n Ipv4Count = column_ifexists('ipv4_count', ''),\n IsBundle = column_ifexists('is_bundle', ''),\n IsCsp = column_ifexists('is_csp', ''),\n IsMycompMysubsBundle = column_ifexists('is_mycomp_mysubs_bundle', ''),\n IsPrimary = column_ifexists('is_primary', ''),\n IsUnsampledAllowed = column_ifexists('is_unsampled_allowed', ''),\n Name = column_ifexists('name', ''),\n PeopleCount = column_ifexists('people_count', ''),\n PermissionCanAnnotate = column_ifexists('permissions_can_annotate', ''),\n PermissionCanDownloadCompanyReport = column_ifexists('permissions_can_download_company_report', ''),\n PermissionCanEnableVendorAccess = column_ifexists('permissions_can_enable_vendor_access', ''),\n PermissionCanViewCompanyReports = column_ifexists('permissions_can_view_company_reports', ''),\n PermissionCanViewForensics = column_ifexists('permissions_can_view_forensics', ''),\n PermissionCanViewInfrastructure = column_ifexists('permissions_can_view_infrastructure', ''),\n PermissionCanViewIpAttributions = column_ifexists('permissions_can_view_ip_attributions', ''),\n PermissionCanViewServiceProviders = column_ifexists('permissions_can_view_service_providers', ''),\n PermissionsHasControl = column_ifexists('permissions_has_control', ''),\n PrimaryDomain = column_ifexists('primary_domain', ''),\n RatingIndustryMedian = column_ifexists('rating_industry_median', ''),\n Ratings = column_ifexists('ratings', ''),\n RelatedCompanies = column_ifexists('related_companies', ''),\n SearchCount = column_ifexists('search_count', ''),\n ServiceProvider = column_ifexists('service_provider', ''),\n Shortname = column_ifexists('shortname', ''),\n Sparkline = column_ifexists('sparkline', ''),\n SubIndustry = column_ifexists('sub_industry', ''),\n SubIndustrySlug = column_ifexists('sub_industry_slug', ''),\n SubscriptionType = column_ifexists('subscription_type', ''),\n SubscriptionTypeKey = column_ifexists('subscription_type_key', ''),\n ComplianceClaimCertifications = column_ifexists('compliance_claim_certifications', ''),\n ComplianceClaimTrustPage = column_ifexists('compliance_claim_trust_page', ''),\n type = column_ifexists('type', '')\n | project\n TimeGenerated,\n EventVendor,\n EventProduct,\n PrimaryCompanyGUID,\n PrimaryCompanyName,\n AvailableUpgradeTypes,\n BulkEmailSenderStatus,\n CompanyFeatures,\n CustomerMonitoringCount,\n Description,\n DisplayURL,\n GUID,\n HasCompanyTree,\n HasPreferredContact,\n Hompage,\n InSpmPortfolio,\n Industry,\n IndustrySlug,\n Ipv4Count,\n IsBundle,\n IsCsp,\n IsMycompMysubsBundle,\n IsPrimary,\n IsUnsampledAllowed,\n Name,\n PeopleCount,\n PermissionCanAnnotate,\n PermissionCanDownloadCompanyReport,\n PermissionCanEnableVendorAccess,\n PermissionCanViewCompanyReports,\n PermissionCanViewForensics,\n PermissionCanViewInfrastructure,\n PermissionCanViewIpAttributions,\n PermissionCanViewServiceProviders,\n PermissionsHasControl,\n PrimaryDomain,\n RatingIndustryMedian,\n Ratings,\n RelatedCompanies,\n SearchCount,\n ServiceProvider,\n Shortname,\n Sparkline,\n SubIndustry,\n SubIndustrySlug,\n SubscriptionType,\n SubscriptionTypeKey,\n ComplianceClaimCertifications,\n ComplianceClaimTrustPage,\n type\n ),\n (\n BitSightCompanyDetails_CL\n | summarize arg_max(TimeGenerated, *) by Guid\n | extend\n EventVendor = \"BitSight\",\n EventProduct = \"CompanyDetails\"\n | project\n TimeGenerated,\n EventVendor,\n EventProduct,\n Guid,\n Name,\n CompanyType,\n Shortname,\n Description,\n PrimaryDomain,\n Homepage,\n DisplayUrl,\n Sparkline,\n Industry,\n IndustrySlug,\n SubIndustry,\n SubIndustrySlug,\n Ipv4Count,\n PeopleCount,\n SearchCount,\n CustomerMonitoringCount,\n CurrentRating,\n RatingIndustryMedian,\n Ratings,\n SubscriptionType,\n SubscriptionTypeKey,\n SubscriptionEndDate,\n BulkEmailSenderStatus,\n SecurityGrade,\n ServiceProvider,\n HasCompanyTree,\n HasPreferredContact,\n IsBundle,\n IsPrimary,\n InSpmPortfolio,\n IsMycompMysubsBundle,\n IsCsp,\n HasDelegatedSecurityControls,\n CustomId,\n AvailableUpgradeTypes,\n CompanyFeatures,\n RelatedCompanies,\n PrimaryCompany,\n ComplianceClaim,\n Permissions,\n ConnectorName\n )\n", + "functionParameters": "", + "version": 2, + "tags": [ + { + "name": "description", + "value": "" + } + ] + } + }, + { + "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", + "apiVersion": "2022-01-01-preview", + "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Parser-', last(split(variables('parserObject3')._parserId3,'/'))))]", + "dependsOn": [ + "[variables('parserObject3')._parserId3]" + ], + "properties": { + "parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'BitSightCompanyDetails')]", + "contentId": "[variables('parserObject3').parserContentId3]", + "kind": "Parser", + "version": "[variables('parserObject3').parserVersion3]", + "source": { + "name": "BitSight", + "kind": "Solution", + "sourceId": "[variables('_solutionId')]" + }, + "author": { + "name": "Microsoft", + "email": "[variables('_email')]" + }, + "support": { + "name": "BitSight Support", + "email": "support@bitsight.com", + "tier": "Partner", + "link": "https://www.bitsight.com/customer-success-support" + } + } + } + ] + }, + "packageKind": "Solution", + "packageVersion": "[variables('_solutionVersion')]", + "packageName": "[variables('_solutionName')]", + "packageId": "[variables('_solutionId')]", + "contentSchemaVersion": "3.0.0", + "contentId": "[variables('parserObject3').parserContentId3]", + "contentKind": "Parser", + "displayName": "Parser for BitSightCompanyDetails", + "contentProductId": "[concat(take(variables('_solutionId'),50),'-','pr','-', uniqueString(concat(variables('_solutionId'),'-','Parser','-',variables('parserObject3').parserContentId3,'-', '1.1.0')))]", + "id": "[concat(take(variables('_solutionId'),50),'-','pr','-', uniqueString(concat(variables('_solutionId'),'-','Parser','-',variables('parserObject3').parserContentId3,'-', '1.1.0')))]", + "version": "[variables('parserObject3').parserVersion3]" + } + }, + { + "type": "Microsoft.OperationalInsights/workspaces/savedSearches", + "apiVersion": "2025-07-01", + "name": "[variables('parserObject3')._parserName3]", + "location": "[parameters('workspace-location')]", + "properties": { + "eTag": "*", + "displayName": "Parser for BitSightCompanyDetails", + "category": "Microsoft Sentinel Parser", + "functionAlias": "BitSightCompanyDetails", + "query": "union isfuzzy=true\n (\n BitsightCompany_details_CL\n | extend\n EventVendor = \"BitSight\",\n EventProduct = \"CompanyDetails\",\n PrimaryCompanyGUID = column_ifexists('primary_company_guid', ''),\n PrimaryCompanyName = column_ifexists('primary_company_name', ''),\n AvailableUpgradeTypes = column_ifexists('available_upgrade_types', ''),\n BulkEmailSenderStatus = column_ifexists('bulk_email_sender_status', ''),\n CompanyFeatures = column_ifexists('company_features', ''),\n CustomerMonitoringCount = column_ifexists('customer_monitoring_count', ''),\n Description = column_ifexists('description', ''),\n DisplayURL = column_ifexists('display_url', ''),\n GUID = column_ifexists('guid', ''),\n HasCompanyTree = column_ifexists('has_company_tree', ''),\n HasPreferredContact = column_ifexists('has_preferred_contact', ''),\n Hompage = column_ifexists('homepage', ''),\n InSpmPortfolio = column_ifexists('in_spm_portfolio', ''),\n Industry = column_ifexists('industry', ''),\n IndustrySlug = column_ifexists('industry_slug', ''),\n Ipv4Count = column_ifexists('ipv4_count', ''),\n IsBundle = column_ifexists('is_bundle', ''),\n IsCsp = column_ifexists('is_csp', ''),\n IsMycompMysubsBundle = column_ifexists('is_mycomp_mysubs_bundle', ''),\n IsPrimary = column_ifexists('is_primary', ''),\n IsUnsampledAllowed = column_ifexists('is_unsampled_allowed', ''),\n Name = column_ifexists('name', ''),\n PeopleCount = column_ifexists('people_count', ''),\n PermissionCanAnnotate = column_ifexists('permissions_can_annotate', ''),\n PermissionCanDownloadCompanyReport = column_ifexists('permissions_can_download_company_report', ''),\n PermissionCanEnableVendorAccess = column_ifexists('permissions_can_enable_vendor_access', ''),\n PermissionCanViewCompanyReports = column_ifexists('permissions_can_view_company_reports', ''),\n PermissionCanViewForensics = column_ifexists('permissions_can_view_forensics', ''),\n PermissionCanViewInfrastructure = column_ifexists('permissions_can_view_infrastructure', ''),\n PermissionCanViewIpAttributions = column_ifexists('permissions_can_view_ip_attributions', ''),\n PermissionCanViewServiceProviders = column_ifexists('permissions_can_view_service_providers', ''),\n PermissionsHasControl = column_ifexists('permissions_has_control', ''),\n PrimaryDomain = column_ifexists('primary_domain', ''),\n RatingIndustryMedian = column_ifexists('rating_industry_median', ''),\n Ratings = column_ifexists('ratings', ''),\n RelatedCompanies = column_ifexists('related_companies', ''),\n SearchCount = column_ifexists('search_count', ''),\n ServiceProvider = column_ifexists('service_provider', ''),\n Shortname = column_ifexists('shortname', ''),\n Sparkline = column_ifexists('sparkline', ''),\n SubIndustry = column_ifexists('sub_industry', ''),\n SubIndustrySlug = column_ifexists('sub_industry_slug', ''),\n SubscriptionType = column_ifexists('subscription_type', ''),\n SubscriptionTypeKey = column_ifexists('subscription_type_key', ''),\n ComplianceClaimCertifications = column_ifexists('compliance_claim_certifications', ''),\n ComplianceClaimTrustPage = column_ifexists('compliance_claim_trust_page', ''),\n type = column_ifexists('type', '')\n | project\n TimeGenerated,\n EventVendor,\n EventProduct,\n PrimaryCompanyGUID,\n PrimaryCompanyName,\n AvailableUpgradeTypes,\n BulkEmailSenderStatus,\n CompanyFeatures,\n CustomerMonitoringCount,\n Description,\n DisplayURL,\n GUID,\n HasCompanyTree,\n HasPreferredContact,\n Hompage,\n InSpmPortfolio,\n Industry,\n IndustrySlug,\n Ipv4Count,\n IsBundle,\n IsCsp,\n IsMycompMysubsBundle,\n IsPrimary,\n IsUnsampledAllowed,\n Name,\n PeopleCount,\n PermissionCanAnnotate,\n PermissionCanDownloadCompanyReport,\n PermissionCanEnableVendorAccess,\n PermissionCanViewCompanyReports,\n PermissionCanViewForensics,\n PermissionCanViewInfrastructure,\n PermissionCanViewIpAttributions,\n PermissionCanViewServiceProviders,\n PermissionsHasControl,\n PrimaryDomain,\n RatingIndustryMedian,\n Ratings,\n RelatedCompanies,\n SearchCount,\n ServiceProvider,\n Shortname,\n Sparkline,\n SubIndustry,\n SubIndustrySlug,\n SubscriptionType,\n SubscriptionTypeKey,\n ComplianceClaimCertifications,\n ComplianceClaimTrustPage,\n type\n ),\n (\n BitSightCompanyDetails_CL\n | summarize arg_max(TimeGenerated, *) by Guid\n | extend\n EventVendor = \"BitSight\",\n EventProduct = \"CompanyDetails\"\n | project\n TimeGenerated,\n EventVendor,\n EventProduct,\n Guid,\n Name,\n CompanyType,\n Shortname,\n Description,\n PrimaryDomain,\n Homepage,\n DisplayUrl,\n Sparkline,\n Industry,\n IndustrySlug,\n SubIndustry,\n SubIndustrySlug,\n Ipv4Count,\n PeopleCount,\n SearchCount,\n CustomerMonitoringCount,\n CurrentRating,\n RatingIndustryMedian,\n Ratings,\n SubscriptionType,\n SubscriptionTypeKey,\n SubscriptionEndDate,\n BulkEmailSenderStatus,\n SecurityGrade,\n ServiceProvider,\n HasCompanyTree,\n HasPreferredContact,\n IsBundle,\n IsPrimary,\n InSpmPortfolio,\n IsMycompMysubsBundle,\n IsCsp,\n HasDelegatedSecurityControls,\n CustomId,\n AvailableUpgradeTypes,\n CompanyFeatures,\n RelatedCompanies,\n PrimaryCompany,\n ComplianceClaim,\n Permissions,\n ConnectorName\n )\n", + "functionParameters": "", + "version": 2, + "tags": [ + { + "name": "description", + "value": "" + } + ] + } + }, + { + "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", + "apiVersion": "2022-01-01-preview", + "location": "[parameters('workspace-location')]", + "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Parser-', last(split(variables('parserObject3')._parserId3,'/'))))]", + "dependsOn": [ + "[variables('parserObject3')._parserId3]" + ], + "properties": { + "parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'BitSightCompanyDetails')]", + "contentId": "[variables('parserObject3').parserContentId3]", + "kind": "Parser", + "version": "[variables('parserObject3').parserVersion3]", + "source": { + "kind": "Solution", + "name": "BitSight", + "sourceId": "[variables('_solutionId')]" + }, + "author": { + "name": "Microsoft", + "email": "[variables('_email')]" + }, + "support": { + "name": "BitSight Support", + "email": "support@bitsight.com", + "tier": "Partner", + "link": "https://www.bitsight.com/customer-success-support" + } + } + }, + { + "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates", + "apiVersion": "2023-04-01-preview", + "name": "[variables('parserObject4').parserTemplateSpecName4]", + "location": "[parameters('workspace-location')]", + "dependsOn": [ + "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" + ], + "properties": { + "description": "BitSightCompanyRatingDetails Data Parser with template version 3.2.0", + "mainTemplate": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "[variables('parserObject4').parserVersion4]", + "parameters": {}, + "variables": {}, + "resources": [ + { + "name": "[variables('parserObject4')._parserName4]", + "apiVersion": "2025-07-01", + "type": "Microsoft.OperationalInsights/workspaces/savedSearches", + "location": "[parameters('workspace-location')]", + "properties": { + "eTag": "*", + "displayName": "Parser for BitSightCompanyRatingDetails", + "category": "Microsoft Sentinel Parser", + "functionAlias": "BitSightCompanyRatingDetails", + "query": "BitSightCompanyRatingDetails_CL\n| summarize arg_max(TimeGenerated, *) by CompanyGuid, RiskVectorLabel\n| extend\n EventVendor = \"BitSight\",\n EventProduct = \"CompanyRatingDetails\"\n| project\n TimeGenerated,\n EventVendor,\n EventProduct,\n CompanyName,\n CompanyGuid,\n RiskVectorSlug,\n RiskVectorLabel,\n RiskCategory,\n CategoryOrder,\n Rating,\n Grade,\n Percentile,\n GradeColor,\n RiskVectorOrder,\n DisplayUrl,\n Beta,\n ConnectorName\n", + "functionParameters": "", + "version": 2, + "tags": [ + { + "name": "description", + "value": "" + } + ] + } + }, + { + "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", + "apiVersion": "2022-01-01-preview", + "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Parser-', last(split(variables('parserObject4')._parserId4,'/'))))]", + "dependsOn": [ + "[variables('parserObject4')._parserId4]" + ], + "properties": { + "parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'BitSightCompanyRatingDetails')]", + "contentId": "[variables('parserObject4').parserContentId4]", + "kind": "Parser", + "version": "[variables('parserObject4').parserVersion4]", + "source": { + "name": "BitSight", + "kind": "Solution", + "sourceId": "[variables('_solutionId')]" + }, + "author": { + "name": "Microsoft", + "email": "[variables('_email')]" + }, + "support": { + "name": "BitSight Support", + "email": "support@bitsight.com", + "tier": "Partner", + "link": "https://www.bitsight.com/customer-success-support" + } + } + } + ] + }, + "packageKind": "Solution", + "packageVersion": "[variables('_solutionVersion')]", + "packageName": "[variables('_solutionName')]", + "packageId": "[variables('_solutionId')]", + "contentSchemaVersion": "3.0.0", + "contentId": "[variables('parserObject4').parserContentId4]", + "contentKind": "Parser", + "displayName": "Parser for BitSightCompanyRatingDetails", + "contentProductId": "[concat(take(variables('_solutionId'),50),'-','pr','-', uniqueString(concat(variables('_solutionId'),'-','Parser','-',variables('parserObject4').parserContentId4,'-', '1.0.0')))]", + "id": "[concat(take(variables('_solutionId'),50),'-','pr','-', uniqueString(concat(variables('_solutionId'),'-','Parser','-',variables('parserObject4').parserContentId4,'-', '1.0.0')))]", + "version": "[variables('parserObject4').parserVersion4]" + } + }, + { + "type": "Microsoft.OperationalInsights/workspaces/savedSearches", + "apiVersion": "2025-07-01", + "name": "[variables('parserObject4')._parserName4]", + "location": "[parameters('workspace-location')]", + "properties": { + "eTag": "*", + "displayName": "Parser for BitSightCompanyRatingDetails", + "category": "Microsoft Sentinel Parser", + "functionAlias": "BitSightCompanyRatingDetails", + "query": "BitSightCompanyRatingDetails_CL\n| summarize arg_max(TimeGenerated, *) by CompanyGuid, RiskVectorLabel\n| extend\n EventVendor = \"BitSight\",\n EventProduct = \"CompanyRatingDetails\"\n| project\n TimeGenerated,\n EventVendor,\n EventProduct,\n CompanyName,\n CompanyGuid,\n RiskVectorSlug,\n RiskVectorLabel,\n RiskCategory,\n CategoryOrder,\n Rating,\n Grade,\n Percentile,\n GradeColor,\n RiskVectorOrder,\n DisplayUrl,\n Beta,\n ConnectorName\n", + "functionParameters": "", + "version": 2, + "tags": [ + { + "name": "description", + "value": "" + } + ] + } + }, + { + "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", + "apiVersion": "2022-01-01-preview", + "location": "[parameters('workspace-location')]", + "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Parser-', last(split(variables('parserObject4')._parserId4,'/'))))]", + "dependsOn": [ + "[variables('parserObject4')._parserId4]" + ], + "properties": { + "parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'BitSightCompanyRatingDetails')]", + "contentId": "[variables('parserObject4').parserContentId4]", + "kind": "Parser", + "version": "[variables('parserObject4').parserVersion4]", + "source": { + "kind": "Solution", + "name": "BitSight", + "sourceId": "[variables('_solutionId')]" + }, + "author": { + "name": "Microsoft", + "email": "[variables('_email')]" + }, + "support": { + "name": "BitSight Support", + "email": "support@bitsight.com", + "tier": "Partner", + "link": "https://www.bitsight.com/customer-success-support" + } + } + }, + { + "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates", + "apiVersion": "2023-04-01-preview", + "name": "[variables('parserObject5').parserTemplateSpecName5]", + "location": "[parameters('workspace-location')]", + "dependsOn": [ + "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" + ], + "properties": { + "description": "BitSightCompanyRatings Data Parser with template version 3.2.0", + "mainTemplate": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "[variables('parserObject5').parserVersion5]", + "parameters": {}, + "variables": {}, + "resources": [ + { + "name": "[variables('parserObject5')._parserName5]", + "apiVersion": "2025-07-01", + "type": "Microsoft.OperationalInsights/workspaces/savedSearches", + "location": "[parameters('workspace-location')]", + "properties": { + "eTag": "*", + "displayName": "Parser for BitSightCompanyRatings", + "category": "Microsoft Sentinel Parser", + "functionAlias": "BitSightCompanyRatings", + "query": "union isfuzzy=true\n (\n BitsightCompany_rating_details_CL\n | extend\n EventVendor = \"BitSight\",\n EventProduct = \"CompanyRating\",\n CompanyName = column_ifexists('Company_name', ''),\n Beta = column_ifexists('beta', ''),\n Category = column_ifexists('category', ''),\n CategoryOrder = column_ifexists('category_order', ''),\n DisplayURL = column_ifexists('display_url', ''),\n Grade = column_ifexists('grade', ''),\n GradeColor = column_ifexists('grade_color', ''),\n Name = column_ifexists('name', ''),\n Order = column_ifexists('order', ''),\n Percentile = column_ifexists('percentile', ''),\n Rating = column_ifexists('rating', '')\n | project\n TimeGenerated,\n EventVendor,\n EventProduct,\n CompanyName,\n Beta,\n Category,\n CategoryOrder,\n DisplayURL,\n Grade,\n GradeColor,\n Name,\n Order,\n Percentile,\n Rating\n ),\n (\n BitSightCompanyRatingDetails_CL\n | summarize arg_max(TimeGenerated, *) by CompanyGuid, RiskVectorLabel\n | extend\n EventVendor = \"BitSight\",\n EventProduct = \"CompanyRating\"\n | project\n TimeGenerated,\n EventVendor,\n EventProduct,\n CompanyName,\n CompanyGuid,\n RiskVectorSlug,\n RiskVectorLabel,\n RiskCategory,\n CategoryOrder,\n Rating,\n Grade,\n Percentile,\n GradeColor,\n RiskVectorOrder,\n DisplayUrl,\n Beta,\n ConnectorName\n )\n", + "functionParameters": "", + "version": 2, + "tags": [ + { + "name": "description", + "value": "" + } + ] + } + }, + { + "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", + "apiVersion": "2022-01-01-preview", + "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Parser-', last(split(variables('parserObject5')._parserId5,'/'))))]", + "dependsOn": [ + "[variables('parserObject5')._parserId5]" + ], + "properties": { + "parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'BitSightCompanyRatings')]", + "contentId": "[variables('parserObject5').parserContentId5]", + "kind": "Parser", + "version": "[variables('parserObject5').parserVersion5]", + "source": { + "name": "BitSight", + "kind": "Solution", + "sourceId": "[variables('_solutionId')]" + }, + "author": { + "name": "Microsoft", + "email": "[variables('_email')]" + }, + "support": { + "name": "BitSight Support", + "email": "support@bitsight.com", + "tier": "Partner", + "link": "https://www.bitsight.com/customer-success-support" + } + } + } + ] + }, + "packageKind": "Solution", + "packageVersion": "[variables('_solutionVersion')]", + "packageName": "[variables('_solutionName')]", + "packageId": "[variables('_solutionId')]", + "contentSchemaVersion": "3.0.0", + "contentId": "[variables('parserObject5').parserContentId5]", + "contentKind": "Parser", + "displayName": "Parser for BitSightCompanyRatings", + "contentProductId": "[concat(take(variables('_solutionId'),50),'-','pr','-', uniqueString(concat(variables('_solutionId'),'-','Parser','-',variables('parserObject5').parserContentId5,'-', '1.1.0')))]", + "id": "[concat(take(variables('_solutionId'),50),'-','pr','-', uniqueString(concat(variables('_solutionId'),'-','Parser','-',variables('parserObject5').parserContentId5,'-', '1.1.0')))]", + "version": "[variables('parserObject5').parserVersion5]" + } + }, + { + "type": "Microsoft.OperationalInsights/workspaces/savedSearches", + "apiVersion": "2025-07-01", + "name": "[variables('parserObject5')._parserName5]", + "location": "[parameters('workspace-location')]", + "properties": { + "eTag": "*", + "displayName": "Parser for BitSightCompanyRatings", + "category": "Microsoft Sentinel Parser", + "functionAlias": "BitSightCompanyRatings", + "query": "union isfuzzy=true\n (\n BitsightCompany_rating_details_CL\n | extend\n EventVendor = \"BitSight\",\n EventProduct = \"CompanyRating\",\n CompanyName = column_ifexists('Company_name', ''),\n Beta = column_ifexists('beta', ''),\n Category = column_ifexists('category', ''),\n CategoryOrder = column_ifexists('category_order', ''),\n DisplayURL = column_ifexists('display_url', ''),\n Grade = column_ifexists('grade', ''),\n GradeColor = column_ifexists('grade_color', ''),\n Name = column_ifexists('name', ''),\n Order = column_ifexists('order', ''),\n Percentile = column_ifexists('percentile', ''),\n Rating = column_ifexists('rating', '')\n | project\n TimeGenerated,\n EventVendor,\n EventProduct,\n CompanyName,\n Beta,\n Category,\n CategoryOrder,\n DisplayURL,\n Grade,\n GradeColor,\n Name,\n Order,\n Percentile,\n Rating\n ),\n (\n BitSightCompanyRatingDetails_CL\n | summarize arg_max(TimeGenerated, *) by CompanyGuid, RiskVectorLabel\n | extend\n EventVendor = \"BitSight\",\n EventProduct = \"CompanyRating\"\n | project\n TimeGenerated,\n EventVendor,\n EventProduct,\n CompanyName,\n CompanyGuid,\n RiskVectorSlug,\n RiskVectorLabel,\n RiskCategory,\n CategoryOrder,\n Rating,\n Grade,\n Percentile,\n GradeColor,\n RiskVectorOrder,\n DisplayUrl,\n Beta,\n ConnectorName\n )\n", + "functionParameters": "", + "version": 2, + "tags": [ + { + "name": "description", + "value": "" + } + ] + } + }, + { + "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", + "apiVersion": "2022-01-01-preview", + "location": "[parameters('workspace-location')]", + "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Parser-', last(split(variables('parserObject5')._parserId5,'/'))))]", + "dependsOn": [ + "[variables('parserObject5')._parserId5]" + ], + "properties": { + "parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'BitSightCompanyRatings')]", + "contentId": "[variables('parserObject5').parserContentId5]", + "kind": "Parser", + "version": "[variables('parserObject5').parserVersion5]", + "source": { + "kind": "Solution", + "name": "BitSight", + "sourceId": "[variables('_solutionId')]" + }, + "author": { + "name": "Microsoft", + "email": "[variables('_email')]" + }, + "support": { + "name": "BitSight Support", + "email": "support@bitsight.com", + "tier": "Partner", + "link": "https://www.bitsight.com/customer-success-support" + } + } + }, + { + "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates", + "apiVersion": "2023-04-01-preview", + "name": "[variables('parserObject6').parserTemplateSpecName6]", + "location": "[parameters('workspace-location')]", + "dependsOn": [ + "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" + ], + "properties": { + "description": "BitSightDiligenceHistoricalStatistics Data Parser with template version 3.2.0", + "mainTemplate": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "[variables('parserObject6').parserVersion6]", + "parameters": {}, + "variables": {}, + "resources": [ + { + "name": "[variables('parserObject6')._parserName6]", + "apiVersion": "2025-07-01", + "type": "Microsoft.OperationalInsights/workspaces/savedSearches", + "location": "[parameters('workspace-location')]", + "properties": { + "eTag": "*", + "displayName": "Parser for BitSightDiligenceHistoricalStatistics", + "category": "Microsoft Sentinel Parser", + "functionAlias": "BitSightDiligenceHistoricalStatistics", + "query": "union isfuzzy=true\n (\n BitsightDiligence_historical_statistics_CL\n | extend\n EventVendor = \"BitSight\",\n EventProduct = \"DiligenceHistoricalStatistics\",\n Count = column_ifexists('count', ''),\n Category = column_ifexists('category', ''),\n Date = column_ifexists('date', ''),\n CompanyName = column_ifexists('company_name', '')\n | project\n TimeGenerated,\n EventVendor,\n EventProduct,\n Count,\n Category,\n Date,\n CompanyName\n ),\n (\n BitSightDiligenceHistoricalStatistics_CL\n | summarize arg_max(TimeGenerated, *) by CompanyGuid, RecordDate\n | mv-expand CountEntry = Counts\n | extend\n EventVendor = \"BitSight\",\n EventProduct = \"DiligenceHistoricalStatistics\",\n Count = toint(CountEntry[\"count\"]),\n Category = tostring(CountEntry[\"category\"])\n | project\n TimeGenerated,\n EventVendor,\n EventProduct,\n CompanyName,\n CompanyGuid,\n RecordDate,\n Grade,\n Count,\n Category,\n ConnectorName\n )\n", + "functionParameters": "", + "version": 2, + "tags": [ + { + "name": "description", + "value": "" + } + ] + } + }, + { + "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", + "apiVersion": "2022-01-01-preview", + "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Parser-', last(split(variables('parserObject6')._parserId6,'/'))))]", + "dependsOn": [ + "[variables('parserObject6')._parserId6]" + ], + "properties": { + "parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'BitSightDiligenceHistoricalStatistics')]", + "contentId": "[variables('parserObject6').parserContentId6]", + "kind": "Parser", + "version": "[variables('parserObject6').parserVersion6]", + "source": { + "name": "BitSight", + "kind": "Solution", + "sourceId": "[variables('_solutionId')]" + }, + "author": { + "name": "Microsoft", + "email": "[variables('_email')]" + }, + "support": { + "name": "BitSight Support", + "email": "support@bitsight.com", + "tier": "Partner", + "link": "https://www.bitsight.com/customer-success-support" + } + } + } + ] + }, + "packageKind": "Solution", + "packageVersion": "[variables('_solutionVersion')]", + "packageName": "[variables('_solutionName')]", + "packageId": "[variables('_solutionId')]", + "contentSchemaVersion": "3.0.0", + "contentId": "[variables('parserObject6').parserContentId6]", + "contentKind": "Parser", + "displayName": "Parser for BitSightDiligenceHistoricalStatistics", + "contentProductId": "[concat(take(variables('_solutionId'),50),'-','pr','-', uniqueString(concat(variables('_solutionId'),'-','Parser','-',variables('parserObject6').parserContentId6,'-', '1.1.0')))]", + "id": "[concat(take(variables('_solutionId'),50),'-','pr','-', uniqueString(concat(variables('_solutionId'),'-','Parser','-',variables('parserObject6').parserContentId6,'-', '1.1.0')))]", + "version": "[variables('parserObject6').parserVersion6]" + } + }, + { + "type": "Microsoft.OperationalInsights/workspaces/savedSearches", + "apiVersion": "2025-07-01", + "name": "[variables('parserObject6')._parserName6]", + "location": "[parameters('workspace-location')]", + "properties": { + "eTag": "*", + "displayName": "Parser for BitSightDiligenceHistoricalStatistics", + "category": "Microsoft Sentinel Parser", + "functionAlias": "BitSightDiligenceHistoricalStatistics", + "query": "union isfuzzy=true\n (\n BitsightDiligence_historical_statistics_CL\n | extend\n EventVendor = \"BitSight\",\n EventProduct = \"DiligenceHistoricalStatistics\",\n Count = column_ifexists('count', ''),\n Category = column_ifexists('category', ''),\n Date = column_ifexists('date', ''),\n CompanyName = column_ifexists('company_name', '')\n | project\n TimeGenerated,\n EventVendor,\n EventProduct,\n Count,\n Category,\n Date,\n CompanyName\n ),\n (\n BitSightDiligenceHistoricalStatistics_CL\n | summarize arg_max(TimeGenerated, *) by CompanyGuid, RecordDate\n | mv-expand CountEntry = Counts\n | extend\n EventVendor = \"BitSight\",\n EventProduct = \"DiligenceHistoricalStatistics\",\n Count = toint(CountEntry[\"count\"]),\n Category = tostring(CountEntry[\"category\"])\n | project\n TimeGenerated,\n EventVendor,\n EventProduct,\n CompanyName,\n CompanyGuid,\n RecordDate,\n Grade,\n Count,\n Category,\n ConnectorName\n )\n", + "functionParameters": "", + "version": 2, + "tags": [ + { + "name": "description", + "value": "" + } + ] + } + }, + { + "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", + "apiVersion": "2022-01-01-preview", + "location": "[parameters('workspace-location')]", + "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Parser-', last(split(variables('parserObject6')._parserId6,'/'))))]", + "dependsOn": [ + "[variables('parserObject6')._parserId6]" + ], + "properties": { + "parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'BitSightDiligenceHistoricalStatistics')]", + "contentId": "[variables('parserObject6').parserContentId6]", + "kind": "Parser", + "version": "[variables('parserObject6').parserVersion6]", + "source": { + "kind": "Solution", + "name": "BitSight", + "sourceId": "[variables('_solutionId')]" + }, + "author": { + "name": "Microsoft", + "email": "[variables('_email')]" + }, + "support": { + "name": "BitSight Support", + "email": "support@bitsight.com", + "tier": "Partner", + "link": "https://www.bitsight.com/customer-success-support" + } + } + }, + { + "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates", + "apiVersion": "2023-04-01-preview", + "name": "[variables('parserObject7').parserTemplateSpecName7]", + "location": "[parameters('workspace-location')]", + "dependsOn": [ + "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" + ], + "properties": { + "description": "BitSightDiligenceStatistics Data Parser with template version 3.2.0", + "mainTemplate": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "[variables('parserObject7').parserVersion7]", + "parameters": {}, + "variables": {}, + "resources": [ + { + "name": "[variables('parserObject7')._parserName7]", + "apiVersion": "2025-07-01", + "type": "Microsoft.OperationalInsights/workspaces/savedSearches", + "location": "[parameters('workspace-location')]", + "properties": { + "eTag": "*", + "displayName": "Parser for BitSightDiligenceStatistics", + "category": "Microsoft Sentinel Parser", + "functionAlias": "BitSightDiligenceStatistics", + "query": "union isfuzzy=true\n (\n BitsightDiligence_statistics_CL\n | extend\n EventVendor = \"BitSight\",\n EventProduct = \"DiligenceStatistics\",\n Unknown = column_ifexists('unknown', ''),\n Bad = column_ifexists('bad', ''),\n Warn = column_ifexists('warn', ''),\n Neutral = column_ifexists('neutral', ''),\n Fair = column_ifexists('fair', ''),\n Good = column_ifexists('good', ''),\n RiskVector = column_ifexists('risk_vector', ''),\n CompanyName = column_ifexists('Company_name', ''),\n SpearPhishing = column_ifexists('spear_phishing', ''),\n BitFlip = column_ifexists('bit_flip', ''),\n TypographicalErrors = column_ifexists('typographical_errors', ''),\n TLDVariant = column_ifexists('tld_variant', ''),\n TotalCount = column_ifexists('total_count', '')\n | project\n TimeGenerated,\n EventVendor,\n EventProduct,\n Unknown,\n Bad,\n Warn,\n Neutral,\n Fair,\n Good,\n RiskVector,\n CompanyName,\n SpearPhishing,\n BitFlip,\n TypographicalErrors,\n TLDVariant,\n TotalCount\n ),\n (\n BitSightDiligenceStatistics_CL\n | extend\n EventVendor = \"BitSight\",\n EventProduct = \"DiligenceStatistics\"\n | project\n TimeGenerated,\n EventVendor,\n EventProduct,\n CompanyName,\n CompanyGuid,\n RiskVector,\n Unknown,\n Bad,\n Warn,\n Neutral,\n Fair,\n Good,\n SpearPhishing,\n BitFlip,\n TypographicalErrors,\n TldVariant,\n TotalCount,\n ConnectorName\n )\n", + "functionParameters": "", + "version": 2, + "tags": [ + { + "name": "description", + "value": "" + } + ] + } + }, + { + "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", + "apiVersion": "2022-01-01-preview", + "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Parser-', last(split(variables('parserObject7')._parserId7,'/'))))]", + "dependsOn": [ + "[variables('parserObject7')._parserId7]" + ], + "properties": { + "parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'BitSightDiligenceStatistics')]", + "contentId": "[variables('parserObject7').parserContentId7]", + "kind": "Parser", + "version": "[variables('parserObject7').parserVersion7]", + "source": { + "name": "BitSight", + "kind": "Solution", + "sourceId": "[variables('_solutionId')]" + }, + "author": { + "name": "Microsoft", + "email": "[variables('_email')]" + }, + "support": { + "name": "BitSight Support", + "email": "support@bitsight.com", + "tier": "Partner", + "link": "https://www.bitsight.com/customer-success-support" + } + } + } + ] + }, + "packageKind": "Solution", + "packageVersion": "[variables('_solutionVersion')]", + "packageName": "[variables('_solutionName')]", + "packageId": "[variables('_solutionId')]", + "contentSchemaVersion": "3.0.0", + "contentId": "[variables('parserObject7').parserContentId7]", + "contentKind": "Parser", + "displayName": "Parser for BitSightDiligenceStatistics", + "contentProductId": "[concat(take(variables('_solutionId'),50),'-','pr','-', uniqueString(concat(variables('_solutionId'),'-','Parser','-',variables('parserObject7').parserContentId7,'-', '1.1.0')))]", + "id": "[concat(take(variables('_solutionId'),50),'-','pr','-', uniqueString(concat(variables('_solutionId'),'-','Parser','-',variables('parserObject7').parserContentId7,'-', '1.1.0')))]", + "version": "[variables('parserObject7').parserVersion7]" + } + }, + { + "type": "Microsoft.OperationalInsights/workspaces/savedSearches", + "apiVersion": "2025-07-01", + "name": "[variables('parserObject7')._parserName7]", + "location": "[parameters('workspace-location')]", + "properties": { + "eTag": "*", + "displayName": "Parser for BitSightDiligenceStatistics", + "category": "Microsoft Sentinel Parser", + "functionAlias": "BitSightDiligenceStatistics", + "query": "union isfuzzy=true\n (\n BitsightDiligence_statistics_CL\n | extend\n EventVendor = \"BitSight\",\n EventProduct = \"DiligenceStatistics\",\n Unknown = column_ifexists('unknown', ''),\n Bad = column_ifexists('bad', ''),\n Warn = column_ifexists('warn', ''),\n Neutral = column_ifexists('neutral', ''),\n Fair = column_ifexists('fair', ''),\n Good = column_ifexists('good', ''),\n RiskVector = column_ifexists('risk_vector', ''),\n CompanyName = column_ifexists('Company_name', ''),\n SpearPhishing = column_ifexists('spear_phishing', ''),\n BitFlip = column_ifexists('bit_flip', ''),\n TypographicalErrors = column_ifexists('typographical_errors', ''),\n TLDVariant = column_ifexists('tld_variant', ''),\n TotalCount = column_ifexists('total_count', '')\n | project\n TimeGenerated,\n EventVendor,\n EventProduct,\n Unknown,\n Bad,\n Warn,\n Neutral,\n Fair,\n Good,\n RiskVector,\n CompanyName,\n SpearPhishing,\n BitFlip,\n TypographicalErrors,\n TLDVariant,\n TotalCount\n ),\n (\n BitSightDiligenceStatistics_CL\n | extend\n EventVendor = \"BitSight\",\n EventProduct = \"DiligenceStatistics\"\n | project\n TimeGenerated,\n EventVendor,\n EventProduct,\n CompanyName,\n CompanyGuid,\n RiskVector,\n Unknown,\n Bad,\n Warn,\n Neutral,\n Fair,\n Good,\n SpearPhishing,\n BitFlip,\n TypographicalErrors,\n TldVariant,\n TotalCount,\n ConnectorName\n )\n", + "functionParameters": "", + "version": 2, + "tags": [ + { + "name": "description", + "value": "" + } + ] + } + }, + { + "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", + "apiVersion": "2022-01-01-preview", + "location": "[parameters('workspace-location')]", + "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Parser-', last(split(variables('parserObject7')._parserId7,'/'))))]", + "dependsOn": [ + "[variables('parserObject7')._parserId7]" + ], + "properties": { + "parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'BitSightDiligenceStatistics')]", + "contentId": "[variables('parserObject7').parserContentId7]", + "kind": "Parser", + "version": "[variables('parserObject7').parserVersion7]", + "source": { + "kind": "Solution", + "name": "BitSight", + "sourceId": "[variables('_solutionId')]" + }, + "author": { + "name": "Microsoft", + "email": "[variables('_email')]" + }, + "support": { + "name": "BitSight Support", + "email": "support@bitsight.com", + "tier": "Partner", + "link": "https://www.bitsight.com/customer-success-support" + } + } + }, + { + "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates", + "apiVersion": "2023-04-01-preview", + "name": "[variables('parserObject8').parserTemplateSpecName8]", + "location": "[parameters('workspace-location')]", + "dependsOn": [ + "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" + ], + "properties": { + "description": "BitSightFindingsData Data Parser with template version 3.2.0", + "mainTemplate": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "[variables('parserObject8').parserVersion8]", + "parameters": {}, + "variables": {}, + "resources": [ + { + "name": "[variables('parserObject8')._parserName8]", + "apiVersion": "2025-07-01", + "type": "Microsoft.OperationalInsights/workspaces/savedSearches", + "location": "[parameters('workspace-location')]", + "properties": { + "eTag": "*", + "displayName": "Parser for BitSightFindingsData", + "category": "Microsoft Sentinel Parser", + "functionAlias": "BitSightFindingsData", + "query": "union isfuzzy=true\n (\n BitsightFindings_data_CL\n | extend\n EventVendor = \"BitSight\",\n EventProduct = \"FindingsData\",\n RemediationHistoryLastRequestedRefreshDate = column_ifexists('remediation_history_last_requested_refresh_date', ''),\n RemediationHistoryLastRefreshStatusDate = column_ifexists('remediation_history_last_refresh_status_date', ''),\n RemediationHistoryLastRefreshStatusLabel = column_ifexists('remediation_history_last_refresh_status_label', ''),\n RemediationHistoryLastRefreshReasonCode = column_ifexists('remediation_history_last_refresh_reason_code', ''),\n Comments = column_ifexists('comments', ''),\n TemporaryId = column_ifexists('temporary_id', ''),\n PcapID = column_ifexists('pcap_id', ''),\n AffectsRating = column_ifexists('affects_rating', ''),\n Assets = column_ifexists('assets', ''),\n Details = column_ifexists('details', ''),\n EvidenceKey = column_ifexists('evidence_key', ''),\n FirstSeen = column_ifexists('first_seen', ''),\n LastSeen = column_ifexists('last_seen', ''),\n RelatedFindings = column_ifexists('related_findings', ''),\n RiskCategory = column_ifexists('risk_category', ''),\n RiskVector = column_ifexists('risk_vector', ''),\n RiskVectorLabel = column_ifexists('risk_vector_label', ''),\n RolledupObservationId = column_ifexists('rolledup_observation_id', ''),\n Severity = column_ifexists('severity', ''),\n SeverityCategory = column_ifexists('severity_category', ''),\n Tags = column_ifexists('tags', ''),\n AssetOverrides = column_ifexists('asset_overrides', ''),\n Duration = column_ifexists('duration', ''),\n AttributedCompanies = column_ifexists('attributed_companies', ''),\n CompanyName = column_ifexists('company_name', ''),\n RemainingDecay = column_ifexists('remaining_decay', '')\n | project\n TimeGenerated,\n EventVendor,\n EventProduct,\n RemediationHistoryLastRequestedRefreshDate,\n RemediationHistoryLastRefreshStatusDate,\n RemediationHistoryLastRefreshStatusLabel,\n RemediationHistoryLastRefreshReasonCode,\n Comments,\n TemporaryId,\n PcapID,\n AffectsRating,\n Assets,\n Details,\n EvidenceKey,\n FirstSeen,\n LastSeen,\n RelatedFindings,\n RiskCategory,\n RiskVector,\n RiskVectorLabel,\n RolledupObservationId,\n Severity,\n SeverityCategory,\n Tags,\n AssetOverrides,\n Duration,\n AttributedCompanies,\n CompanyName,\n RemainingDecay\n ),\n (\n BitSightFindings_CL\n | extend\n EventVendor = \"BitSight\",\n EventProduct = \"FindingsData\"\n | project\n TimeGenerated,\n EventVendor,\n EventProduct,\n TemporaryId,\n CompanyName,\n CompanyGuid,\n RiskCategory,\n RiskVector,\n RiskVectorLabel,\n SeverityCategory,\n Severity,\n FirstSeen,\n LastSeen,\n CurrentlyActive,\n AssetCategory,\n Assets,\n Details,\n EvidenceKey,\n AttributedCompanies,\n RemediationHistory,\n AffectsRating,\n Comments,\n Duration,\n GracePeriodEndDate,\n GuestNetworkEndDate,\n ImpactsRiskVectorDetails,\n NoRvGradeImpactEndDate,\n RelatedFindings,\n RemainingDecay,\n Remediated,\n RolledupObservationId,\n Tags,\n ConnectorName\n )\n", + "functionParameters": "", + "version": 2, + "tags": [ + { + "name": "description", + "value": "" + } + ] + } + }, + { + "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", + "apiVersion": "2022-01-01-preview", + "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Parser-', last(split(variables('parserObject8')._parserId8,'/'))))]", + "dependsOn": [ + "[variables('parserObject8')._parserId8]" + ], + "properties": { + "parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'BitSightFindingsData')]", + "contentId": "[variables('parserObject8').parserContentId8]", + "kind": "Parser", + "version": "[variables('parserObject8').parserVersion8]", + "source": { + "name": "BitSight", + "kind": "Solution", + "sourceId": "[variables('_solutionId')]" + }, + "author": { + "name": "Microsoft", + "email": "[variables('_email')]" + }, + "support": { + "name": "BitSight Support", + "email": "support@bitsight.com", + "tier": "Partner", + "link": "https://www.bitsight.com/customer-success-support" + } + } + } + ] + }, + "packageKind": "Solution", + "packageVersion": "[variables('_solutionVersion')]", + "packageName": "[variables('_solutionName')]", + "packageId": "[variables('_solutionId')]", + "contentSchemaVersion": "3.0.0", + "contentId": "[variables('parserObject8').parserContentId8]", + "contentKind": "Parser", + "displayName": "Parser for BitSightFindingsData", + "contentProductId": "[concat(take(variables('_solutionId'),50),'-','pr','-', uniqueString(concat(variables('_solutionId'),'-','Parser','-',variables('parserObject8').parserContentId8,'-', '1.1.0')))]", + "id": "[concat(take(variables('_solutionId'),50),'-','pr','-', uniqueString(concat(variables('_solutionId'),'-','Parser','-',variables('parserObject8').parserContentId8,'-', '1.1.0')))]", + "version": "[variables('parserObject8').parserVersion8]" + } + }, + { + "type": "Microsoft.OperationalInsights/workspaces/savedSearches", + "apiVersion": "2025-07-01", + "name": "[variables('parserObject8')._parserName8]", + "location": "[parameters('workspace-location')]", + "properties": { + "eTag": "*", + "displayName": "Parser for BitSightFindingsData", + "category": "Microsoft Sentinel Parser", + "functionAlias": "BitSightFindingsData", + "query": "union isfuzzy=true\n (\n BitsightFindings_data_CL\n | extend\n EventVendor = \"BitSight\",\n EventProduct = \"FindingsData\",\n RemediationHistoryLastRequestedRefreshDate = column_ifexists('remediation_history_last_requested_refresh_date', ''),\n RemediationHistoryLastRefreshStatusDate = column_ifexists('remediation_history_last_refresh_status_date', ''),\n RemediationHistoryLastRefreshStatusLabel = column_ifexists('remediation_history_last_refresh_status_label', ''),\n RemediationHistoryLastRefreshReasonCode = column_ifexists('remediation_history_last_refresh_reason_code', ''),\n Comments = column_ifexists('comments', ''),\n TemporaryId = column_ifexists('temporary_id', ''),\n PcapID = column_ifexists('pcap_id', ''),\n AffectsRating = column_ifexists('affects_rating', ''),\n Assets = column_ifexists('assets', ''),\n Details = column_ifexists('details', ''),\n EvidenceKey = column_ifexists('evidence_key', ''),\n FirstSeen = column_ifexists('first_seen', ''),\n LastSeen = column_ifexists('last_seen', ''),\n RelatedFindings = column_ifexists('related_findings', ''),\n RiskCategory = column_ifexists('risk_category', ''),\n RiskVector = column_ifexists('risk_vector', ''),\n RiskVectorLabel = column_ifexists('risk_vector_label', ''),\n RolledupObservationId = column_ifexists('rolledup_observation_id', ''),\n Severity = column_ifexists('severity', ''),\n SeverityCategory = column_ifexists('severity_category', ''),\n Tags = column_ifexists('tags', ''),\n AssetOverrides = column_ifexists('asset_overrides', ''),\n Duration = column_ifexists('duration', ''),\n AttributedCompanies = column_ifexists('attributed_companies', ''),\n CompanyName = column_ifexists('company_name', ''),\n RemainingDecay = column_ifexists('remaining_decay', '')\n | project\n TimeGenerated,\n EventVendor,\n EventProduct,\n RemediationHistoryLastRequestedRefreshDate,\n RemediationHistoryLastRefreshStatusDate,\n RemediationHistoryLastRefreshStatusLabel,\n RemediationHistoryLastRefreshReasonCode,\n Comments,\n TemporaryId,\n PcapID,\n AffectsRating,\n Assets,\n Details,\n EvidenceKey,\n FirstSeen,\n LastSeen,\n RelatedFindings,\n RiskCategory,\n RiskVector,\n RiskVectorLabel,\n RolledupObservationId,\n Severity,\n SeverityCategory,\n Tags,\n AssetOverrides,\n Duration,\n AttributedCompanies,\n CompanyName,\n RemainingDecay\n ),\n (\n BitSightFindings_CL\n | extend\n EventVendor = \"BitSight\",\n EventProduct = \"FindingsData\"\n | project\n TimeGenerated,\n EventVendor,\n EventProduct,\n TemporaryId,\n CompanyName,\n CompanyGuid,\n RiskCategory,\n RiskVector,\n RiskVectorLabel,\n SeverityCategory,\n Severity,\n FirstSeen,\n LastSeen,\n CurrentlyActive,\n AssetCategory,\n Assets,\n Details,\n EvidenceKey,\n AttributedCompanies,\n RemediationHistory,\n AffectsRating,\n Comments,\n Duration,\n GracePeriodEndDate,\n GuestNetworkEndDate,\n ImpactsRiskVectorDetails,\n NoRvGradeImpactEndDate,\n RelatedFindings,\n RemainingDecay,\n Remediated,\n RolledupObservationId,\n Tags,\n ConnectorName\n )\n", + "functionParameters": "", + "version": 2, + "tags": [ + { + "name": "description", + "value": "" + } + ] + } + }, + { + "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", + "apiVersion": "2022-01-01-preview", + "location": "[parameters('workspace-location')]", + "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Parser-', last(split(variables('parserObject8')._parserId8,'/'))))]", + "dependsOn": [ + "[variables('parserObject8')._parserId8]" + ], + "properties": { + "parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'BitSightFindingsData')]", + "contentId": "[variables('parserObject8').parserContentId8]", + "kind": "Parser", + "version": "[variables('parserObject8').parserVersion8]", + "source": { + "kind": "Solution", + "name": "BitSight", + "sourceId": "[variables('_solutionId')]" + }, + "author": { + "name": "Microsoft", + "email": "[variables('_email')]" + }, + "support": { + "name": "BitSight Support", + "email": "support@bitsight.com", + "tier": "Partner", + "link": "https://www.bitsight.com/customer-success-support" + } + } + }, + { + "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates", + "apiVersion": "2023-04-01-preview", + "name": "[variables('parserObject9').parserTemplateSpecName9]", + "location": "[parameters('workspace-location')]", + "dependsOn": [ + "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" + ], + "properties": { + "description": "BitSightFindingsSummary Data Parser with template version 3.2.0", + "mainTemplate": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "[variables('parserObject9').parserVersion9]", + "parameters": {}, + "variables": {}, + "resources": [ + { + "name": "[variables('parserObject9')._parserName9]", + "apiVersion": "2025-07-01", + "type": "Microsoft.OperationalInsights/workspaces/savedSearches", + "location": "[parameters('workspace-location')]", + "properties": { + "eTag": "*", + "displayName": "Parser for BitSightFindingsSummary", + "category": "Microsoft Sentinel Parser", + "functionAlias": "BitSightFindingsSummary", + "query": "union isfuzzy=true\n (\n BitsightFindings_summary_CL\n | extend\n EventVendor = \"BitSight\",\n EventProduct = \"FindingsSummary\",\n Company = column_ifexists('Company', ''),\n Confidence = column_ifexists('confidence', ''),\n EndDate = column_ifexists('end_date', ''),\n EventCount = column_ifexists('event_count', ''),\n FirstSeen = column_ifexists('first_seen', ''),\n HostCount = column_ifexists('host_count', ''),\n Id = column_ifexists('id', ''),\n Name = column_ifexists('name', ''),\n Severity = column_ifexists('severity', ''),\n StartDate = column_ifexists('start_date', ''),\n Description = column_ifexists('description', '')\n | project\n TimeGenerated,\n EventVendor,\n EventProduct,\n Company,\n Confidence,\n EndDate,\n EventCount,\n FirstSeen,\n HostCount,\n Id,\n Name,\n Severity,\n StartDate,\n Description\n ),\n (\n BitSightFindingsSummary_CL\n | summarize arg_max(TimeGenerated, *) by CompanyGuid, StartDate, EndDate\n | mv-expand StatEntry = Stats\n | extend\n EventVendor = \"BitSight\",\n EventProduct = \"FindingsSummary\",\n StatName = tostring(StatEntry[\"name\"]),\n StatId = tostring(StatEntry[\"id\"]),\n Confidence = tostring(StatEntry[\"confidence\"]),\n EventCount = toint(StatEntry[\"event_count\"]),\n HostCount = toint(StatEntry[\"host_count\"]),\n FirstSeen = tostring(StatEntry[\"first_seen\"])\n | join kind=leftouter (\n BitsightVulnerabilitiesFindingsSummary_CL\n | summarize arg_max(TimeGenerated, *) by DisplayName\n | project DisplayName, VulnSeverity = Severity, VulnDescription = Description\n ) on $left.StatName == $right.DisplayName\n | project\n TimeGenerated,\n EventVendor,\n EventProduct,\n CompanyName,\n CompanyGuid,\n StartDate,\n EndDate,\n StatName,\n StatId,\n Confidence,\n EventCount,\n HostCount,\n FirstSeen,\n VulnSeverity,\n VulnDescription,\n ConnectorName\n )\n", + "functionParameters": "", + "version": 2, + "tags": [ + { + "name": "description", + "value": "" + } + ] + } + }, + { + "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", + "apiVersion": "2022-01-01-preview", + "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Parser-', last(split(variables('parserObject9')._parserId9,'/'))))]", + "dependsOn": [ + "[variables('parserObject9')._parserId9]" + ], + "properties": { + "parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'BitSightFindingsSummary')]", + "contentId": "[variables('parserObject9').parserContentId9]", + "kind": "Parser", + "version": "[variables('parserObject9').parserVersion9]", + "source": { + "name": "BitSight", + "kind": "Solution", + "sourceId": "[variables('_solutionId')]" + }, + "author": { + "name": "Microsoft", + "email": "[variables('_email')]" + }, + "support": { + "name": "BitSight Support", + "email": "support@bitsight.com", + "tier": "Partner", + "link": "https://www.bitsight.com/customer-success-support" + } + } + } + ] + }, + "packageKind": "Solution", + "packageVersion": "[variables('_solutionVersion')]", + "packageName": "[variables('_solutionName')]", + "packageId": "[variables('_solutionId')]", + "contentSchemaVersion": "3.0.0", + "contentId": "[variables('parserObject9').parserContentId9]", + "contentKind": "Parser", + "displayName": "Parser for BitSightFindingsSummary", + "contentProductId": "[concat(take(variables('_solutionId'),50),'-','pr','-', uniqueString(concat(variables('_solutionId'),'-','Parser','-',variables('parserObject9').parserContentId9,'-', '1.1.0')))]", + "id": "[concat(take(variables('_solutionId'),50),'-','pr','-', uniqueString(concat(variables('_solutionId'),'-','Parser','-',variables('parserObject9').parserContentId9,'-', '1.1.0')))]", + "version": "[variables('parserObject9').parserVersion9]" + } + }, + { + "type": "Microsoft.OperationalInsights/workspaces/savedSearches", + "apiVersion": "2025-07-01", + "name": "[variables('parserObject9')._parserName9]", + "location": "[parameters('workspace-location')]", + "properties": { + "eTag": "*", + "displayName": "Parser for BitSightFindingsSummary", + "category": "Microsoft Sentinel Parser", + "functionAlias": "BitSightFindingsSummary", + "query": "union isfuzzy=true\n (\n BitsightFindings_summary_CL\n | extend\n EventVendor = \"BitSight\",\n EventProduct = \"FindingsSummary\",\n Company = column_ifexists('Company', ''),\n Confidence = column_ifexists('confidence', ''),\n EndDate = column_ifexists('end_date', ''),\n EventCount = column_ifexists('event_count', ''),\n FirstSeen = column_ifexists('first_seen', ''),\n HostCount = column_ifexists('host_count', ''),\n Id = column_ifexists('id', ''),\n Name = column_ifexists('name', ''),\n Severity = column_ifexists('severity', ''),\n StartDate = column_ifexists('start_date', ''),\n Description = column_ifexists('description', '')\n | project\n TimeGenerated,\n EventVendor,\n EventProduct,\n Company,\n Confidence,\n EndDate,\n EventCount,\n FirstSeen,\n HostCount,\n Id,\n Name,\n Severity,\n StartDate,\n Description\n ),\n (\n BitSightFindingsSummary_CL\n | summarize arg_max(TimeGenerated, *) by CompanyGuid, StartDate, EndDate\n | mv-expand StatEntry = Stats\n | extend\n EventVendor = \"BitSight\",\n EventProduct = \"FindingsSummary\",\n StatName = tostring(StatEntry[\"name\"]),\n StatId = tostring(StatEntry[\"id\"]),\n Confidence = tostring(StatEntry[\"confidence\"]),\n EventCount = toint(StatEntry[\"event_count\"]),\n HostCount = toint(StatEntry[\"host_count\"]),\n FirstSeen = tostring(StatEntry[\"first_seen\"])\n | join kind=leftouter (\n BitsightVulnerabilitiesFindingsSummary_CL\n | summarize arg_max(TimeGenerated, *) by DisplayName\n | project DisplayName, VulnSeverity = Severity, VulnDescription = Description\n ) on $left.StatName == $right.DisplayName\n | project\n TimeGenerated,\n EventVendor,\n EventProduct,\n CompanyName,\n CompanyGuid,\n StartDate,\n EndDate,\n StatName,\n StatId,\n Confidence,\n EventCount,\n HostCount,\n FirstSeen,\n VulnSeverity,\n VulnDescription,\n ConnectorName\n )\n", + "functionParameters": "", + "version": 2, + "tags": [ + { + "name": "description", + "value": "" + } + ] + } + }, + { + "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", + "apiVersion": "2022-01-01-preview", + "location": "[parameters('workspace-location')]", + "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Parser-', last(split(variables('parserObject9')._parserId9,'/'))))]", + "dependsOn": [ + "[variables('parserObject9')._parserId9]" + ], + "properties": { + "parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'BitSightFindingsSummary')]", + "contentId": "[variables('parserObject9').parserContentId9]", + "kind": "Parser", + "version": "[variables('parserObject9').parserVersion9]", + "source": { + "kind": "Solution", + "name": "BitSight", + "sourceId": "[variables('_solutionId')]" + }, + "author": { + "name": "Microsoft", + "email": "[variables('_email')]" + }, + "support": { + "name": "BitSight Support", + "email": "support@bitsight.com", + "tier": "Partner", + "link": "https://www.bitsight.com/customer-success-support" + } + } + }, + { + "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates", + "apiVersion": "2023-04-01-preview", + "name": "[variables('parserObject10').parserTemplateSpecName10]", + "location": "[parameters('workspace-location')]", + "dependsOn": [ + "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" + ], + "properties": { + "description": "BitSightGraphData Data Parser with template version 3.2.0", + "mainTemplate": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "[variables('parserObject10').parserVersion10]", + "parameters": {}, + "variables": {}, + "resources": [ + { + "name": "[variables('parserObject10')._parserName10]", + "apiVersion": "2025-07-01", + "type": "Microsoft.OperationalInsights/workspaces/savedSearches", + "location": "[parameters('workspace-location')]", + "properties": { + "eTag": "*", + "displayName": "Parser for BitSightGraphData", + "category": "Microsoft Sentinel Parser", + "functionAlias": "BitSightGraphData", + "query": "union isfuzzy=true\n (\n BitsightGraph_data_CL\n | extend\n EventVendor = \"BitSight\",\n EventProduct = \"GraphData\",\n RatingDate = column_ifexists('Rating_Date', ''),\n Rating = column_ifexists('Rating', ''),\n CompanyName = column_ifexists('Company_name', ''),\n RatingDifferance = column_ifexists('Rating_differance', '')\n | project\n TimeGenerated,\n EventVendor,\n EventProduct,\n RatingDate,\n Rating,\n CompanyName,\n RatingDifferance\n ),\n (\n BitSightCompanyDetails_CL\n | summarize arg_max(TimeGenerated, *) by Guid\n | mv-expand RatingEntry = Ratings\n | extend\n EventVendor = \"BitSight\",\n EventProduct = \"GraphData\",\n CompanyName = Name,\n RatingDate = tostring(RatingEntry[\"rating_date\"]),\n Rating = toint(RatingEntry[\"rating\"]),\n RatingRange = tostring(RatingEntry[\"range\"]),\n RatingColor = tostring(RatingEntry[\"rating_color\"])\n | sort by Guid asc, RatingDate asc\n | serialize\n | extend\n PrevGuid = prev(Guid, 1),\n PrevRating = prev(Rating, 1)\n | extend\n RatingDifference = iff(Guid == PrevGuid, Rating - PrevRating, int(null)),\n RatingDifferance = iff(Guid == PrevGuid, Rating - PrevRating, int(null))\n | project-away PrevGuid, PrevRating\n | project\n TimeGenerated,\n EventVendor,\n EventProduct,\n CompanyName,\n Guid,\n RatingDate,\n Rating,\n RatingRange,\n RatingColor,\n RatingDifference,\n RatingDifferance,\n ConnectorName\n )\n", + "functionParameters": "", + "version": 2, + "tags": [ + { + "name": "description", + "value": "" + } + ] + } + }, + { + "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", + "apiVersion": "2022-01-01-preview", + "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Parser-', last(split(variables('parserObject10')._parserId10,'/'))))]", + "dependsOn": [ + "[variables('parserObject10')._parserId10]" + ], + "properties": { + "parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'BitSightGraphData')]", + "contentId": "[variables('parserObject10').parserContentId10]", + "kind": "Parser", + "version": "[variables('parserObject10').parserVersion10]", + "source": { + "name": "BitSight", + "kind": "Solution", + "sourceId": "[variables('_solutionId')]" + }, + "author": { + "name": "Microsoft", + "email": "[variables('_email')]" + }, + "support": { + "name": "BitSight Support", + "email": "support@bitsight.com", + "tier": "Partner", + "link": "https://www.bitsight.com/customer-success-support" + } + } + } + ] + }, + "packageKind": "Solution", + "packageVersion": "[variables('_solutionVersion')]", + "packageName": "[variables('_solutionName')]", + "packageId": "[variables('_solutionId')]", + "contentSchemaVersion": "3.0.0", + "contentId": "[variables('parserObject10').parserContentId10]", + "contentKind": "Parser", + "displayName": "Parser for BitSightGraphData", + "contentProductId": "[concat(take(variables('_solutionId'),50),'-','pr','-', uniqueString(concat(variables('_solutionId'),'-','Parser','-',variables('parserObject10').parserContentId10,'-', '1.1.0')))]", + "id": "[concat(take(variables('_solutionId'),50),'-','pr','-', uniqueString(concat(variables('_solutionId'),'-','Parser','-',variables('parserObject10').parserContentId10,'-', '1.1.0')))]", + "version": "[variables('parserObject10').parserVersion10]" + } + }, + { + "type": "Microsoft.OperationalInsights/workspaces/savedSearches", + "apiVersion": "2025-07-01", + "name": "[variables('parserObject10')._parserName10]", + "location": "[parameters('workspace-location')]", + "properties": { + "eTag": "*", + "displayName": "Parser for BitSightGraphData", + "category": "Microsoft Sentinel Parser", + "functionAlias": "BitSightGraphData", + "query": "union isfuzzy=true\n (\n BitsightGraph_data_CL\n | extend\n EventVendor = \"BitSight\",\n EventProduct = \"GraphData\",\n RatingDate = column_ifexists('Rating_Date', ''),\n Rating = column_ifexists('Rating', ''),\n CompanyName = column_ifexists('Company_name', ''),\n RatingDifferance = column_ifexists('Rating_differance', '')\n | project\n TimeGenerated,\n EventVendor,\n EventProduct,\n RatingDate,\n Rating,\n CompanyName,\n RatingDifferance\n ),\n (\n BitSightCompanyDetails_CL\n | summarize arg_max(TimeGenerated, *) by Guid\n | mv-expand RatingEntry = Ratings\n | extend\n EventVendor = \"BitSight\",\n EventProduct = \"GraphData\",\n CompanyName = Name,\n RatingDate = tostring(RatingEntry[\"rating_date\"]),\n Rating = toint(RatingEntry[\"rating\"]),\n RatingRange = tostring(RatingEntry[\"range\"]),\n RatingColor = tostring(RatingEntry[\"rating_color\"])\n | sort by Guid asc, RatingDate asc\n | serialize\n | extend\n PrevGuid = prev(Guid, 1),\n PrevRating = prev(Rating, 1)\n | extend\n RatingDifference = iff(Guid == PrevGuid, Rating - PrevRating, int(null)),\n RatingDifferance = iff(Guid == PrevGuid, Rating - PrevRating, int(null))\n | project-away PrevGuid, PrevRating\n | project\n TimeGenerated,\n EventVendor,\n EventProduct,\n CompanyName,\n Guid,\n RatingDate,\n Rating,\n RatingRange,\n RatingColor,\n RatingDifference,\n RatingDifferance,\n ConnectorName\n )\n", + "functionParameters": "", + "version": 2, + "tags": [ + { + "name": "description", + "value": "" + } + ] + } + }, + { + "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", + "apiVersion": "2022-01-01-preview", + "location": "[parameters('workspace-location')]", + "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Parser-', last(split(variables('parserObject10')._parserId10,'/'))))]", + "dependsOn": [ + "[variables('parserObject10')._parserId10]" + ], + "properties": { + "parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'BitSightGraphData')]", + "contentId": "[variables('parserObject10').parserContentId10]", + "kind": "Parser", + "version": "[variables('parserObject10').parserVersion10]", + "source": { + "kind": "Solution", + "name": "BitSight", + "sourceId": "[variables('_solutionId')]" + }, + "author": { + "name": "Microsoft", + "email": "[variables('_email')]" + }, + "support": { + "name": "BitSight Support", + "email": "support@bitsight.com", + "tier": "Partner", + "link": "https://www.bitsight.com/customer-success-support" + } + } + }, + { + "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates", + "apiVersion": "2023-04-01-preview", + "name": "[variables('parserObject11').parserTemplateSpecName11]", + "location": "[parameters('workspace-location')]", + "dependsOn": [ + "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" + ], + "properties": { + "description": "BitSightIndustrialStatistics Data Parser with template version 3.2.0", + "mainTemplate": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "[variables('parserObject11').parserVersion11]", + "parameters": {}, + "variables": {}, + "resources": [ + { + "name": "[variables('parserObject11')._parserName11]", + "apiVersion": "2025-07-01", + "type": "Microsoft.OperationalInsights/workspaces/savedSearches", + "location": "[parameters('workspace-location')]", + "properties": { + "eTag": "*", + "displayName": "Parser for BitSightIndustrialStatistics", + "category": "Microsoft Sentinel Parser", + "functionAlias": "BitSightIndustrialStatistics", + "query": "union isfuzzy=true\n (\n BitsightIndustrial_statistics_CL\n | extend\n EventVendor = \"BitSight\",\n EventProduct = \"IndustrialStatistics\",\n Count = column_ifexists('count', ''),\n CountPeriod = column_ifexists('count_period', ''),\n AverageDurationDays = column_ifexists('average_duration_days', ''),\n RiskVector = column_ifexists('risk_vector', ''),\n CompanyName = column_ifexists('Company_name', '')\n | project\n TimeGenerated,\n EventVendor,\n EventProduct,\n Count,\n CountPeriod,\n AverageDurationDays,\n RiskVector,\n CompanyName\n ),\n (\n BitsightIndustrialStatistics_CL\n | extend\n EventVendor = \"BitSight\",\n EventProduct = \"IndustrialStatistics\"\n | project\n TimeGenerated,\n EventVendor,\n EventProduct,\n CompanyName,\n CompanyGuid,\n RiskVector,\n IncidentCount,\n CountPeriod,\n AverageDurationDays,\n ConnectorName\n )\n", + "functionParameters": "", + "version": 2, + "tags": [ + { + "name": "description", + "value": "" + } + ] + } + }, + { + "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", + "apiVersion": "2022-01-01-preview", + "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Parser-', last(split(variables('parserObject11')._parserId11,'/'))))]", + "dependsOn": [ + "[variables('parserObject11')._parserId11]" + ], + "properties": { + "parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'BitSightIndustrialStatistics')]", + "contentId": "[variables('parserObject11').parserContentId11]", + "kind": "Parser", + "version": "[variables('parserObject11').parserVersion11]", + "source": { + "name": "BitSight", + "kind": "Solution", + "sourceId": "[variables('_solutionId')]" + }, + "author": { + "name": "Microsoft", + "email": "[variables('_email')]" + }, + "support": { + "name": "BitSight Support", + "email": "support@bitsight.com", + "tier": "Partner", + "link": "https://www.bitsight.com/customer-success-support" + } + } + } + ] + }, + "packageKind": "Solution", + "packageVersion": "[variables('_solutionVersion')]", + "packageName": "[variables('_solutionName')]", + "packageId": "[variables('_solutionId')]", + "contentSchemaVersion": "3.0.0", + "contentId": "[variables('parserObject11').parserContentId11]", + "contentKind": "Parser", + "displayName": "Parser for BitSightIndustrialStatistics", + "contentProductId": "[concat(take(variables('_solutionId'),50),'-','pr','-', uniqueString(concat(variables('_solutionId'),'-','Parser','-',variables('parserObject11').parserContentId11,'-', '1.1.0')))]", + "id": "[concat(take(variables('_solutionId'),50),'-','pr','-', uniqueString(concat(variables('_solutionId'),'-','Parser','-',variables('parserObject11').parserContentId11,'-', '1.1.0')))]", + "version": "[variables('parserObject11').parserVersion11]" + } + }, + { + "type": "Microsoft.OperationalInsights/workspaces/savedSearches", + "apiVersion": "2025-07-01", + "name": "[variables('parserObject11')._parserName11]", + "location": "[parameters('workspace-location')]", + "properties": { + "eTag": "*", + "displayName": "Parser for BitSightIndustrialStatistics", + "category": "Microsoft Sentinel Parser", + "functionAlias": "BitSightIndustrialStatistics", + "query": "union isfuzzy=true\n (\n BitsightIndustrial_statistics_CL\n | extend\n EventVendor = \"BitSight\",\n EventProduct = \"IndustrialStatistics\",\n Count = column_ifexists('count', ''),\n CountPeriod = column_ifexists('count_period', ''),\n AverageDurationDays = column_ifexists('average_duration_days', ''),\n RiskVector = column_ifexists('risk_vector', ''),\n CompanyName = column_ifexists('Company_name', '')\n | project\n TimeGenerated,\n EventVendor,\n EventProduct,\n Count,\n CountPeriod,\n AverageDurationDays,\n RiskVector,\n CompanyName\n ),\n (\n BitsightIndustrialStatistics_CL\n | extend\n EventVendor = \"BitSight\",\n EventProduct = \"IndustrialStatistics\"\n | project\n TimeGenerated,\n EventVendor,\n EventProduct,\n CompanyName,\n CompanyGuid,\n RiskVector,\n IncidentCount,\n CountPeriod,\n AverageDurationDays,\n ConnectorName\n )\n", + "functionParameters": "", + "version": 2, + "tags": [ + { + "name": "description", + "value": "" + } + ] + } + }, + { + "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", + "apiVersion": "2022-01-01-preview", + "location": "[parameters('workspace-location')]", + "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Parser-', last(split(variables('parserObject11')._parserId11,'/'))))]", + "dependsOn": [ + "[variables('parserObject11')._parserId11]" + ], + "properties": { + "parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'BitSightIndustrialStatistics')]", + "contentId": "[variables('parserObject11').parserContentId11]", + "kind": "Parser", + "version": "[variables('parserObject11').parserVersion11]", + "source": { + "kind": "Solution", + "name": "BitSight", + "sourceId": "[variables('_solutionId')]" + }, + "author": { + "name": "Microsoft", + "email": "[variables('_email')]" + }, + "support": { + "name": "BitSight Support", + "email": "support@bitsight.com", + "tier": "Partner", + "link": "https://www.bitsight.com/customer-success-support" + } + } + }, + { + "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates", + "apiVersion": "2023-04-01-preview", + "name": "[variables('parserObject12').parserTemplateSpecName12]", + "location": "[parameters('workspace-location')]", + "dependsOn": [ + "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" + ], + "properties": { + "description": "BitSightObservationStatistics Data Parser with template version 3.2.0", + "mainTemplate": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "[variables('parserObject12').parserVersion12]", + "parameters": {}, + "variables": {}, + "resources": [ + { + "name": "[variables('parserObject12')._parserName12]", + "apiVersion": "2025-07-01", + "type": "Microsoft.OperationalInsights/workspaces/savedSearches", + "location": "[parameters('workspace-location')]", + "properties": { + "eTag": "*", + "displayName": "Parser for BitSightObservationStatistics", + "category": "Microsoft Sentinel Parser", + "functionAlias": "BitSightObservationStatistics", + "query": "union isfuzzy=true\n (\n BitsightObservation_statistics_CL\n | extend\n EventVendor = \"BitSight\",\n EventProduct = \"ObservationStatistics\",\n Count = column_ifexists('count', ''),\n CountPeriod = column_ifexists('count_period', ''),\n AverageDurationDays = column_ifexists('average_duration_days', ''),\n RiskVector = column_ifexists('risk_vector', ''),\n CompanyName = column_ifexists('Company_name', '')\n | project\n TimeGenerated,\n EventVendor,\n EventProduct,\n Count,\n CountPeriod,\n AverageDurationDays,\n RiskVector,\n CompanyName\n ),\n (\n BitSightObservationStatistics_CL\n | extend\n EventVendor = \"BitSight\",\n EventProduct = \"ObservationStatistics\"\n | project\n TimeGenerated,\n EventVendor,\n EventProduct,\n CompanyName,\n CompanyGuid,\n RiskVector,\n ObservationCount,\n CountPeriod,\n AverageDurationDays,\n ConnectorName\n )\n", + "functionParameters": "", + "version": 2, + "tags": [ + { + "name": "description", + "value": "" + } + ] + } + }, + { + "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", + "apiVersion": "2022-01-01-preview", + "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Parser-', last(split(variables('parserObject12')._parserId12,'/'))))]", + "dependsOn": [ + "[variables('parserObject12')._parserId12]" + ], + "properties": { + "parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'BitSightObservationStatistics')]", + "contentId": "[variables('parserObject12').parserContentId12]", + "kind": "Parser", + "version": "[variables('parserObject12').parserVersion12]", + "source": { + "name": "BitSight", + "kind": "Solution", + "sourceId": "[variables('_solutionId')]" + }, + "author": { + "name": "Microsoft", + "email": "[variables('_email')]" + }, + "support": { + "name": "BitSight Support", + "email": "support@bitsight.com", + "tier": "Partner", + "link": "https://www.bitsight.com/customer-success-support" + } + } + } + ] + }, + "packageKind": "Solution", + "packageVersion": "[variables('_solutionVersion')]", + "packageName": "[variables('_solutionName')]", + "packageId": "[variables('_solutionId')]", + "contentSchemaVersion": "3.0.0", + "contentId": "[variables('parserObject12').parserContentId12]", + "contentKind": "Parser", + "displayName": "Parser for BitSightObservationStatistics", + "contentProductId": "[concat(take(variables('_solutionId'),50),'-','pr','-', uniqueString(concat(variables('_solutionId'),'-','Parser','-',variables('parserObject12').parserContentId12,'-', '1.1.0')))]", + "id": "[concat(take(variables('_solutionId'),50),'-','pr','-', uniqueString(concat(variables('_solutionId'),'-','Parser','-',variables('parserObject12').parserContentId12,'-', '1.1.0')))]", + "version": "[variables('parserObject12').parserVersion12]" + } + }, + { + "type": "Microsoft.OperationalInsights/workspaces/savedSearches", + "apiVersion": "2025-07-01", + "name": "[variables('parserObject12')._parserName12]", + "location": "[parameters('workspace-location')]", + "properties": { + "eTag": "*", + "displayName": "Parser for BitSightObservationStatistics", + "category": "Microsoft Sentinel Parser", + "functionAlias": "BitSightObservationStatistics", + "query": "union isfuzzy=true\n (\n BitsightObservation_statistics_CL\n | extend\n EventVendor = \"BitSight\",\n EventProduct = \"ObservationStatistics\",\n Count = column_ifexists('count', ''),\n CountPeriod = column_ifexists('count_period', ''),\n AverageDurationDays = column_ifexists('average_duration_days', ''),\n RiskVector = column_ifexists('risk_vector', ''),\n CompanyName = column_ifexists('Company_name', '')\n | project\n TimeGenerated,\n EventVendor,\n EventProduct,\n Count,\n CountPeriod,\n AverageDurationDays,\n RiskVector,\n CompanyName\n ),\n (\n BitSightObservationStatistics_CL\n | extend\n EventVendor = \"BitSight\",\n EventProduct = \"ObservationStatistics\"\n | project\n TimeGenerated,\n EventVendor,\n EventProduct,\n CompanyName,\n CompanyGuid,\n RiskVector,\n ObservationCount,\n CountPeriod,\n AverageDurationDays,\n ConnectorName\n )\n", + "functionParameters": "", + "version": 2, + "tags": [ + { + "name": "description", + "value": "" + } + ] + } + }, + { + "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", + "apiVersion": "2022-01-01-preview", + "location": "[parameters('workspace-location')]", + "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Parser-', last(split(variables('parserObject12')._parserId12,'/'))))]", + "dependsOn": [ + "[variables('parserObject12')._parserId12]" + ], + "properties": { + "parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'BitSightObservationStatistics')]", + "contentId": "[variables('parserObject12').parserContentId12]", + "kind": "Parser", + "version": "[variables('parserObject12').parserVersion12]", + "source": { + "kind": "Solution", + "name": "BitSight", + "sourceId": "[variables('_solutionId')]" + }, + "author": { + "name": "Microsoft", + "email": "[variables('_email')]" + }, + "support": { + "name": "BitSight Support", + "email": "support@bitsight.com", + "tier": "Partner", + "link": "https://www.bitsight.com/customer-success-support" + } + } + }, + { + "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates", + "apiVersion": "2023-04-01-preview", + "name": "[variables('parserObject13').parserTemplateSpecName13]", + "location": "[parameters('workspace-location')]", + "dependsOn": [ + "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" + ], + "properties": { + "description": "BitSightVulnerabilitiesFindingsSummary Data Parser with template version 3.2.0", + "mainTemplate": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "[variables('parserObject13').parserVersion13]", + "parameters": {}, + "variables": {}, + "resources": [ + { + "name": "[variables('parserObject13')._parserName13]", + "apiVersion": "2025-07-01", + "type": "Microsoft.OperationalInsights/workspaces/savedSearches", + "location": "[parameters('workspace-location')]", + "properties": { + "eTag": "*", + "displayName": "Parser for BitSightVulnerabilitiesFindingsSummary", + "category": "Microsoft Sentinel Parser", + "functionAlias": "BitSightVulnerabilitiesFindingsSummary", + "query": "BitsightVulnerabilitiesFindingsSummary_CL\n| summarize arg_max(TimeGenerated, *) by DisplayName\n| extend\n EventVendor = \"BitSight\",\n EventProduct = \"VulnerabilitiesFindingsSummary\"\n| project\n TimeGenerated,\n EventVendor,\n EventProduct,\n DisplayName,\n Severity,\n Description,\n ConnectorName\n", + "functionParameters": "", + "version": 2, + "tags": [ + { + "name": "description", + "value": "" + } + ] + } + }, + { + "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", + "apiVersion": "2022-01-01-preview", + "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Parser-', last(split(variables('parserObject13')._parserId13,'/'))))]", + "dependsOn": [ + "[variables('parserObject13')._parserId13]" + ], + "properties": { + "parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'BitSightVulnerabilitiesFindingsSummary')]", + "contentId": "[variables('parserObject13').parserContentId13]", + "kind": "Parser", + "version": "[variables('parserObject13').parserVersion13]", + "source": { + "name": "BitSight", + "kind": "Solution", + "sourceId": "[variables('_solutionId')]" + }, + "author": { + "name": "Microsoft", + "email": "[variables('_email')]" + }, + "support": { + "name": "BitSight Support", + "email": "support@bitsight.com", + "tier": "Partner", + "link": "https://www.bitsight.com/customer-success-support" + } + } + } + ] + }, + "packageKind": "Solution", + "packageVersion": "[variables('_solutionVersion')]", + "packageName": "[variables('_solutionName')]", + "packageId": "[variables('_solutionId')]", + "contentSchemaVersion": "3.0.0", + "contentId": "[variables('parserObject13').parserContentId13]", + "contentKind": "Parser", + "displayName": "Parser for BitSightVulnerabilitiesFindingsSummary", + "contentProductId": "[concat(take(variables('_solutionId'),50),'-','pr','-', uniqueString(concat(variables('_solutionId'),'-','Parser','-',variables('parserObject13').parserContentId13,'-', '1.0.0')))]", + "id": "[concat(take(variables('_solutionId'),50),'-','pr','-', uniqueString(concat(variables('_solutionId'),'-','Parser','-',variables('parserObject13').parserContentId13,'-', '1.0.0')))]", + "version": "[variables('parserObject13').parserVersion13]" + } + }, + { + "type": "Microsoft.OperationalInsights/workspaces/savedSearches", + "apiVersion": "2025-07-01", + "name": "[variables('parserObject13')._parserName13]", + "location": "[parameters('workspace-location')]", + "properties": { + "eTag": "*", + "displayName": "Parser for BitSightVulnerabilitiesFindingsSummary", + "category": "Microsoft Sentinel Parser", + "functionAlias": "BitSightVulnerabilitiesFindingsSummary", + "query": "BitsightVulnerabilitiesFindingsSummary_CL\n| summarize arg_max(TimeGenerated, *) by DisplayName\n| extend\n EventVendor = \"BitSight\",\n EventProduct = \"VulnerabilitiesFindingsSummary\"\n| project\n TimeGenerated,\n EventVendor,\n EventProduct,\n DisplayName,\n Severity,\n Description,\n ConnectorName\n", + "functionParameters": "", + "version": 2, + "tags": [ + { + "name": "description", + "value": "" + } + ] + } + }, + { + "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", + "apiVersion": "2022-01-01-preview", + "location": "[parameters('workspace-location')]", + "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Parser-', last(split(variables('parserObject13')._parserId13,'/'))))]", + "dependsOn": [ + "[variables('parserObject13')._parserId13]" + ], + "properties": { + "parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'BitSightVulnerabilitiesFindingsSummary')]", + "contentId": "[variables('parserObject13').parserContentId13]", + "kind": "Parser", + "version": "[variables('parserObject13').parserVersion13]", + "source": { + "kind": "Solution", + "name": "BitSight", + "sourceId": "[variables('_solutionId')]" + }, + "author": { + "name": "Microsoft", + "email": "[variables('_email')]" + }, + "support": { + "name": "BitSight Support", + "email": "support@bitsight.com", + "tier": "Partner", + "link": "https://www.bitsight.com/customer-success-support" + } + } + }, + { + "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates", + "apiVersion": "2023-04-01-preview", + "name": "[variables('dataConnectorTemplateSpecName1')]", + "location": "[parameters('workspace-location')]", + "dependsOn": [ + "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" + ], + "properties": { + "description": "BitSight data connector with template version 3.2.0", + "mainTemplate": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "[variables('dataConnectorVersion1')]", + "parameters": {}, + "variables": {}, + "resources": [ + { + "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',variables('_dataConnectorContentId1'))]", + "apiVersion": "2021-03-01-preview", + "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectors", + "location": "[parameters('workspace-location')]", + "kind": "GenericUI", + "properties": { + "connectorUiConfig": { + "id": "[variables('_uiConfigId1')]", + "title": "Bitsight data connector (using Azure Functions)", + "publisher": "BitSight Technologies, Inc.", + "descriptionMarkdown": "The [BitSight](https://www.BitSight.com/) Data Connector supports evidence-based cyber risk monitoring by bringing BitSight data into Microsoft Sentinel using the [Logs Ingestion API](https://learn.microsoft.com/azure/azure-monitor/logs/logs-ingestion-api-overview).", + "graphQueries": [ + { + "metricName": "Total Alerts data received", + "legend": "BitsightAlerts_data_CL", + "baseQuery": "BitsightAlerts_data_CL" + }, + { + "metricName": "Total Breaches data received", + "legend": "BitsightBreaches_data_CL", + "baseQuery": "BitsightBreaches_data_CL" + }, + { + "metricName": "Total Company Details received", + "legend": "BitsightCompany_details_CL", + "baseQuery": "BitsightCompany_details_CL" + }, + { + "metricName": "Total Company Ratings received", + "legend": "BitsightCompany_rating_details_CL", + "baseQuery": "BitsightCompany_rating_details_CL" + }, + { + "metricName": "Total Diligence Historical Statistics data received", + "legend": "BitsightDiligence_historical_statistics_CL", + "baseQuery": "BitsightDiligence_historical_statistics_CL" + }, + { + "metricName": "Total Diligence Statistics data received", + "legend": "BitsightDiligence_statistics_CL", + "baseQuery": "BitsightDiligence_statistics_CL" + }, + { + "metricName": "Total Findings data received", + "legend": "BitsightFindings_data_CL", + "baseQuery": "BitsightFindings_data_CL" + }, + { + "metricName": "Total Findings Summary data received", + "legend": "BitsightFindings_summary_CL", + "baseQuery": "BitsightFindings_summary_CL" + }, + { + "metricName": "Total Graph data received", + "legend": "BitsightGraph_data_CL", + "baseQuery": "BitsightGraph_data_CL" + }, + { + "metricName": "Total Industrial Statistics data received", + "legend": "BitsightIndustrial_statistics_CL", + "baseQuery": "BitsightIndustrial_statistics_CL" + }, + { + "metricName": "Total Observation Statistics data received", + "legend": "BitsightObservation_statistics_CL", + "baseQuery": "BitsightObservation_statistics_CL" + } + ], + "sampleQueries": [ + { + "description": "BitSight Alert Events - Alerts Event for all Companies in portfolio.", + "query": "BitsightAlerts_data_CL\n | sort by TimeGenerated desc" + }, + { + "description": "BitSight Breaches Events - Breaches Event for all Companies in portfolio.", + "query": "BitsightBreaches_data_CL\n | sort by TimeGenerated desc" + }, + { + "description": "BitSight Company Details Events - Company Details Event for all Companies in portfolio.", + "query": "BitsightCompany_details_CL\n | sort by TimeGenerated desc" + }, + { + "description": "BitSight Company Ratings Events - Company Ratings Event for all Companies.", + "query": "BitsightCompany_rating_details_CL\n | sort by TimeGenerated desc" + }, + { + "description": "BitSight Diligence Historical Statistics Events - Diligence Historical Statistics Event for all Companies.", + "query": "BitsightDiligence_historical_statistics_CL\n | sort by TimeGenerated desc" + }, + { + "description": "BitSight Diligence Statistics Events - Diligence Statistics Event for all Companies.", + "query": "BitsightDiligence_statistics_CL\n | sort by TimeGenerated desc" + }, + { + "description": "BitSight Findings Events - Findings Event for all Companies.", + "query": "BitsightFindings_data_CL\n | sort by TimeGenerated desc" + }, + { + "description": "BitSight Findings Summary Events - Findings Summary Event for all Companies.", + "query": "BitsightFindings_summary_CL\n | sort by TimeGenerated desc" + }, + { + "description": "BitSight Graph Events - Graph Event for all Companies.", + "query": "BitsightGraph_data_CL\n | sort by TimeGenerated desc" + }, + { + "description": "BitSight Industrial Statistics Events - Industrial Statistics Event for all Companies.", + "query": "BitsightIndustrial_statistics_CL\n | sort by TimeGenerated desc" + }, + { + "description": "BitSight Observation Statistics Events - Observation Statistics Event for all Companies.", + "query": "BitsightObservation_statistics_CL\n | sort by TimeGenerated desc" + } + ], + "dataTypes": [ + { + "name": "BitsightAlerts_data_CL", + "lastDataReceivedQuery": "BitsightAlerts_data_CL\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" + }, + { + "name": "BitsightBreaches_data_CL", + "lastDataReceivedQuery": "BitsightBreaches_data_CL\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" + }, + { + "name": "BitsightCompany_details_CL", + "lastDataReceivedQuery": "BitsightCompany_details_CL\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" + }, + { + "name": "BitsightCompany_rating_details_CL", + "lastDataReceivedQuery": "BitsightCompany_rating_details_CL\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" + }, + { + "name": "BitsightDiligence_historical_statistics_CL", + "lastDataReceivedQuery": "BitsightDiligence_historical_statistics_CL\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" + }, + { + "name": "BitsightDiligence_statistics_CL", + "lastDataReceivedQuery": "BitsightDiligence_statistics_CL\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" + }, + { + "name": "BitsightFindings_data_CL", + "lastDataReceivedQuery": "BitsightFindings_data_CL\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" + }, + { + "name": "BitsightFindings_summary_CL", + "lastDataReceivedQuery": "BitsightFindings_summary_CL\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" + }, + { + "name": "BitsightGraph_data_CL", + "lastDataReceivedQuery": "BitsightGraph_data_CL\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" + }, + { + "name": "BitsightIndustrial_statistics_CL", + "lastDataReceivedQuery": "BitsightIndustrial_statistics_CL\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" + }, + { + "name": "BitsightObservation_statistics_CL", + "lastDataReceivedQuery": "BitsightObservation_statistics_CL\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" + } + ], + "connectivityCriterias": [ + { + "type": "IsConnectedQuery", + "value": [ + "BitsightAlerts_data_CL\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)" + ] + }, + { + "type": "IsConnectedQuery", + "value": [ + "BitsightBreaches_data_CL\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)" + ] + }, + { + "type": "IsConnectedQuery", + "value": [ + "BitsightCompany_details_CL\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)" + ] + }, + { + "type": "IsConnectedQuery", + "value": [ + "BitsightCompany_rating_details_CL\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)" + ] + }, + { + "type": "IsConnectedQuery", + "value": [ + "BitsightDiligence_historical_statistics_CL\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)" + ] + }, + { + "type": "IsConnectedQuery", + "value": [ + "BitsightDiligence_statistics_CL\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)" + ] + }, + { + "type": "IsConnectedQuery", + "value": [ + "BitsightFindings_data_CL\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)" + ] + }, + { + "type": "IsConnectedQuery", + "value": [ + "BitsightFindings_summary_CL\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)" + ] + }, + { + "type": "IsConnectedQuery", + "value": [ + "BitsightGraph_data_CL\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)" + ] + }, + { + "type": "IsConnectedQuery", + "value": [ + "BitsightIndustrial_statistics_CL\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)" + ] + }, + { + "type": "IsConnectedQuery", + "value": [ + "BitsightObservation_statistics_CL\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)" + ] + } + ], + "availability": { + "status": 1, + "isPreview": false + }, + "permissions": { + "resourceProvider": [ + { + "provider": "Microsoft.OperationalInsights/workspaces", + "permissionsDisplayText": "read and write permissions on the workspace are required.", + "providerDisplayName": "Workspace", + "scope": "Workspace", + "requiredPermissions": { + "write": true, + "read": true, + "delete": true + } + } + ], + "customs": [ + { + "name": "Microsoft.Web/sites permissions", + "description": "Read and write permissions to Azure Functions to create a Function App is required. [See the documentation to learn more about Azure Functions](https://docs.microsoft.com/azure/azure-functions/)." + }, + { + "name": "Permission to assign a role to the registered application", + "description": "Permission to assign a role to the registered application in Microsoft Entra ID is required." + }, + { + "name": "REST API Credentials/permissions", + "description": "BitSight API Token is required. See the documentation to [learn more](https://help.bitsighttech.com/hc/en-us/articles/115014888388-API-Token-Management) about API Token." + } + ] + }, + "instructionSteps": [ + { + "description": ">**NOTE:** This connector uses Azure Functions to connect to the BitSight API to pull its logs into Microsoft Sentinel using the Logs Ingestion API (DCR). This might result in additional data ingestion costs. Check the [Azure Functions pricing page](https://azure.microsoft.com/pricing/details/functions/) for details." + }, + { + "description": ">**(Optional Step)** Securely store workspace and API authorization key(s) or token(s) in Azure Key Vault. Azure Key Vault provides a secure mechanism to store and retrieve key values. [Follow these instructions](https://docs.microsoft.com/azure/app-service/app-service-key-vault-references) to use Azure Key Vault with an Azure Function App." + }, + { + "description": "**STEP 1 - Steps to Create/Get Bitsight API Token**\n\n Follow these instructions to get a BitSight API Token.\n 1. For SPM App: Refer to the [User Preference](https://service.bitsight.com/app/spm/account) tab of your Account page, \n\t\tGo to Settings > Account > User Preferences > API Token.\n 2. For TPRM App: Refer to the [User Preference](https://service.bitsight.com/app/tprm/account) tab of your Account page, \n\t\tGo to Settings > Account > User Preferences > API Token.\n 3. For Classic BitSight: Go to your [Account](https://service.bitsight.com/settings) page, \n\t\tGo to Settings > Account > API Token." + }, + { + "description": "**STEP 2 - App Registration steps for the Application in Microsoft Entra ID**\n\n This integration requires an App registration in the Azure portal. Follow the steps in this section to create a new application in Microsoft Entra ID:\n 1. Sign in to the [Azure portal](https://portal.azure.com/).\n 2. Search for and select **Microsoft Entra ID**.\n 3. Under **Manage**, select **App registrations > New registration**.\n 4. Enter a display **Name** for your application.\n 5. Select **Register** to complete the initial app registration.\n 6. When registration finishes, the Azure portal displays the app registration's Overview pane. You see the **Application (client) ID** and **Tenant ID**. The client ID and Tenant ID is required as configuration parameters for the execution of BitSight Data Connector. \n\n> **Reference link:** [https://learn.microsoft.com/azure/active-directory/develop/quickstart-register-app](https://learn.microsoft.com/azure/active-directory/develop/quickstart-register-app)" + }, + { + "description": "**STEP 3 - Add a client secret for application in Microsoft Entra ID**\n\n Sometimes called an application password, a client secret is a string value required for the execution of BitSight Data Connector. Follow the steps in this section to create a new Client Secret:\n 1. In the Azure portal, in **App registrations**, select your application.\n 2. Select **Certificates & secrets > Client secrets > New client secret**.\n 3. Add a description for your client secret.\n 4. Select an expiration for the secret or specify a custom lifetime. Limit is 24 months.\n 5. Select **Add**. \n 6. *Record the secret's value for use in your client application code. This secret value is never displayed again after you leave this page.* The secret value is required as configuration parameter for the execution of BitSight Data Connector. \n\n> **Reference link:** [https://learn.microsoft.com/azure/active-directory/develop/quickstart-register-app#add-a-client-secret](https://learn.microsoft.com/azure/active-directory/develop/quickstart-register-app#add-a-client-secret)" + }, + { + "description": "**STEP 4 - Get Object ID of your application in Microsoft Entra ID**\n\n After creating your app registration, follow the steps in this section to get Object ID:\n 1. Go to **Microsoft Entra ID**.\n 2. Select **Enterprise applications** from the left menu.\n 3. Find your newly created application in the list (you can search by the name you provided).\n 4. Click on the application.\n 5. On the overview page, copy the **Object ID**. This is the **AzureEntraObjectId** needed for your ARM template role assignment.\n" + }, + { + "description": "**STEP 5 - Assign role of Contributor to application in Microsoft Entra ID**\n\n Follow the steps in this section to assign the role:\n 1. In the Azure portal, Go to **Resource Group** and select your resource group.\n 2. Go to **Access control (IAM)** from left panel.\n 3. Click on **Add**, and then select **Add role assignment**.\n 4. Select **Contributor** as role and click on next.\n 5. In **Assign access to**, select `User, group, or service principal`.\n 6. Click on **add members** and type **your app name** that you have created and select it.\n 7. Now click on **Review + assign** and then again click on **Review + assign**. \n\n> **Reference link:** [https://learn.microsoft.com/azure/role-based-access-control/role-assignments-portal](https://learn.microsoft.com/azure/role-based-access-control/role-assignments-portal)" + }, + { + "description": "**STEP 6 - Choose ONE from the following two deployment options to deploy the connector and the associated Azure Function**\n\n>**IMPORTANT:** Before deploying the BitSight data connector, have the BitSight API Token and Azure credentials (Client ID, Client Secret, Tenant ID, Object ID) readily available." + }, + { + "description": "Use this method for automated deployment of the BitSight connector.\n\n1. Click the **Deploy to Azure** button below. \n\n\t[![Deploy To Azure](https://aka.ms/deploytoazurebutton)](https://aka.ms/sentinel-BitSight-azuredeploy)\n2. Select the preferred **Subscription**, **Resource Group** and **Location**. \n3. Enter the below information : \n\n\t a. **FunctionName** - Name of the Azure Function App to be created. Default is BitSight. \n\n\t b. **API_token** - Enter API Token of your BitSight account. \n\n\t c. **Azure_Client_Id** - Enter Azure Client Id that you have created during app registration. \n\n\t d. **Azure_Client_Secret** - Enter Azure Client Secret that you have created during creating the client secret. \n\n\t e. **Azure_Tenant_Id** - Enter Azure Tenant Id of your Microsoft Entra ID. \n\n\t f. **Azure_Entra_Object_Id** - Enter Object id of your Microsoft Entra App. \n\n\t g. **Companies** - Please add valid company names separated by asterisk(*). For example: Actors Films*Goliath Investments LLC*HCL Group*Saperix, Inc. \n\n\t h. **Location** - The location in which the data collection rules and data collection endpoints should be deployed. \n\n\t i. **WorkspaceName** - Log analytics workspace name. Can be found under Log analytics \"Settings\". \n\n\t j. **Portfolio_Companies_Table_Name** - Name of the table to store portfolio companies. Default is BitsightPortfolio_Companies. Please do not keep this field as empty else you will get validation error. \n\n\t k. **Alerts_Table_Name** - Name of the table to store alerts. Default is BitsightAlerts_data. Please do not keep this field as empty else you will get validation error. \n\n\t l. **Breaches_Table_Name** - Name of the table to store breaches. Default is BitsightBreaches_data. Please do not keep this field as empty else you will get validation error. \n\n\t m. **Company_Table_Name** - Name of the table to store company details. Default is BitsightCompany_details. Please do not keep this field as empty else you will get validation error. \n\n\t n. **Company_Rating_Details_Table_Name** - Name of the table to store company rating details. Default is BitsightCompany_rating_details. Please do not keep this field as empty else you will get validation error. \n\n\t o. **Diligence_Historical_Statistics_Table_Name** - Name of the table to store diligence historical statistics. Default is BitsightDiligence_historical_statistics. Please do not keep this field as empty else you will get validation error. \n\n\t p. **Diligence_Statistics_Table_Name** - Name of the table to store diligence statistics. Default is BitsightDiligence_statistics. Please do not keep this field as empty else you will get validation error. \n\n\t q. **Findings_Summary_Table_Name** - Name of the table to store findings summary. Default is BitsightFindings_summary. Please do not keep this field as empty else you will get validation error. \n\n\t r. **Findings_Table_Name** - Name of the table to store findings data. Default is BitsightFindings_data. Please do not keep this field as empty else you will get validation error. \n\n\t s. **Graph_Table_Name** - Name of the table to store graph data. Default is BitsightGraph_data. Please do not keep this field as empty else you will get validation error. \n\n\t t. **Industrial_Statistics_Table_Name** - Name of the table to store industrial statistics. Default is BitsightIndustrial_statistics. Please do not keep this field as empty else you will get validation error. \n\n\t u. **Observation_Statistics_Table_Name** - Name of the table to store observation statistics. Default is BitsightObservation_statistics. Please do not keep this field as empty else you will get validation error. \n\n\t v. **LogLevel** - Select log level or log severity value from DEBUG, INFO, ERROR. By default it is set to INFO. \n\n\t w. **Schedule** - Please enter a valid Quartz cron-expression. (Example: 0 0 * * * *). \n\n\t x. **Schedule_Portfolio** - Please enter a valid Quartz cron-expression. (Example: 0 */30 * * * *). \n\n\t y. **AppInsightsWorkspaceResourceID** - Use 'Log Analytic Workspace-->Properties' blade having 'Resource ID' property value. This is a fully qualified resourceId which is in format '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}'. \n4. Mark the checkbox labeled **I agree to the terms and conditions stated above**. \n5. Click **Review + Create** and then **Create** to deploy.", + "title": "Option 1 - Azure Resource Manager (ARM) Template" + }, + { + "description": "Use the following step-by-step instructions to deploy the BitSight data connector manually with Azure Functions (Deployment via Visual Studio Code).", + "title": "Option 2 - Manual Deployment of Azure Functions" + }, + { + "description": "**1. Deploy a Function App**\n\n> **NOTE:** You will need to [prepare VS code](https://docs.microsoft.com/azure/azure-functions/functions-create-first-function-python#prerequisites) for Azure function development.\n\n1. Download the [Azure Function App](https://aka.ms/sentinel-BitSight310-functionapp) file. Extract archive to your local development computer.\n2. Start VS Code. Choose File in the main menu and select Open Folder.\n3. Select the top level folder from extracted files.\n4. Choose the Azure icon in the Activity bar, then in the **Azure: Functions** area, choose the **Deploy to function app** button.\nIf you aren't already signed in, choose the Azure icon in the Activity bar, then in the **Azure: Functions** area, choose **Sign in to Azure**\nIf you're already signed in, go to the next step.\n5. Provide the following information at the prompts:\n\n\ta. **Select folder:** Choose a folder from your workspace or browse to one that contains your function app.\n\n\tb. **Select Subscription:** Choose the subscription to use.\n\n\tc. Select **Create new Function App in Azure** (Don't choose the Advanced option)\n\n\td. **Enter a globally unique name for the function app:** Type a name that is valid in a URL path. The name you type is validated to make sure that it's unique in Azure Functions. (e.g. BitSightXXXXX).\n\n\te. **Select a runtime:** Choose Python 3.8 or above.\n\n\tf. Select a location for new resources. For better performance and lower costs choose the same [region](https://azure.microsoft.com/regions/) where Microsoft Sentinel is located.\n\n6. Deployment will begin. A notification is displayed after your function app is created and the deployment package is applied.\n7. Go to Azure Portal for the Function App configuration." + }, + { + "description": "**2. Configure the Function App**\n\n1. In the Function App, select the Function App Name and select **Configuration**.\n2. In the **Application settings** tab, select **+ New application setting**.\n3. Add each of the following application settings individually, with their respective values (case-sensitive): \n\n\t a. **FunctionName** - Name of the Azure Function App to be created. Default is BitSight. \n\n\t b. **API_token** - Enter API Token of your BitSight account. \n\n\t c. **Azure_Client_Id** - Enter Azure Client Id that you have created during app registration. \n\n\t d. **Azure_Client_Secret** - Enter Azure Client Secret that you have created during creating the client secret. \n\n\t e. **Azure_Tenant_Id** - Enter Azure Tenant Id of your Microsoft Entra ID. \n\n\t f. **Azure_Entra_Object_Id** - Enter Object id of your Microsoft Entra App. \n\n\t g. **Companies** - Please add valid company names separated by asterisk(*). For example: Actors Films*Goliath Investments LLC*HCL Group*Saperix, Inc. \n\n\t h. **Location** - The location in which the data collection rules and data collection endpoints should be deployed. \n\n\t i. **WorkspaceName** - Log analytics workspace name. Can be found under Log analytics \"Settings\". \n\n\t j. **Portfolio_Companies_Table_Name** - Name of the table to store portfolio companies. Default is BitsightPortfolio_Companies. Please do not keep this field as empty else you will get validation error. \n\n\t k. **Alerts_Table_Name** - Name of the table to store alerts. Default is BitsightAlerts_data. Please do not keep this field as empty else you will get validation error. \n\n\t l. **Breaches_Table_Name** - Name of the table to store breaches. Default is BitsightBreaches_data. Please do not keep this field as empty else you will get validation error. \n\n\t m. **Company_Table_Name** - Name of the table to store company details. Default is BitsightCompany_details. Please do not keep this field as empty else you will get validation error. \n\n\t n. **Company_Rating_Details_Table_Name** - Name of the table to store company rating details. Default is BitsightCompany_rating_details. Please do not keep this field as empty else you will get validation error. \n\n\t o. **Diligence_Historical_Statistics_Table_Name** - Name of the table to store diligence historical statistics. Default is BitsightDiligence_historical_statistics. Please do not keep this field as empty else you will get validation error. \n\n\t p. **Diligence_Statistics_Table_Name** - Name of the table to store diligence statistics. Default is BitsightDiligence_statistics. Please do not keep this field as empty else you will get validation error. \n\n\t q. **Findings_Summary_Table_Name** - Name of the table to store findings summary. Default is BitsightFindings_summary. Please do not keep this field as empty else you will get validation error. \n\n\t r. **Findings_Table_Name** - Name of the table to store findings data. Default is BitsightFindings_data. Please do not keep this field as empty else you will get validation error. \n\n\t s. **Graph_Table_Name** - Name of the table to store graph data. Default is BitsightGraph_data. Please do not keep this field as empty else you will get validation error. \n\n\t t. **Industrial_Statistics_Table_Name** - Name of the table to store industrial statistics. Default is BitsightIndustrial_statistics. Please do not keep this field as empty else you will get validation error. \n\n\t u. **Observation_Statistics_Table_Name** - Name of the table to store observation statistics. Default is BitsightObservation_statistics. Please do not keep this field as empty else you will get validation error. \n\n\t v. **LogLevel** - Select log level or log severity value from DEBUG, INFO, ERROR. By default it is set to INFO. \n\n\t w. **Schedule** - Please enter a valid Quartz cron-expression. (Example: 0 0 * * * *). \n\n\t x. **Schedule_Portfolio** - Please enter a valid Quartz cron-expression. (Example: 0 */30 * * * *). \n\n\t y. **AppInsightsWorkspaceResourceID** - Use 'Log Analytic Workspace-->Properties' blade having 'Resource ID' property value. This is a fully qualified resourceId which is in format '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}'. \n4. Once all application settings have been entered, click **Save**." + } + ] + } + } + }, + { + "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", + "apiVersion": "2023-04-01-preview", + "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('DataConnector-', last(split(variables('_dataConnectorId1'),'/'))))]", + "properties": { + "parentId": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectors', variables('_dataConnectorContentId1'))]", + "contentId": "[variables('_dataConnectorContentId1')]", + "kind": "DataConnector", + "version": "[variables('dataConnectorVersion1')]", + "source": { + "kind": "Solution", + "name": "BitSight", + "sourceId": "[variables('_solutionId')]" + }, + "author": { + "name": "Microsoft", + "email": "[variables('_email')]" + }, + "support": { + "name": "BitSight Support", + "email": "support@bitsight.com", + "tier": "Partner", + "link": "https://www.bitsight.com/customer-success-support" + } + } + } + ] + }, + "packageKind": "Solution", + "packageVersion": "[variables('_solutionVersion')]", + "packageName": "[variables('_solutionName')]", + "packageId": "[variables('_solutionId')]", + "contentSchemaVersion": "3.0.0", + "contentId": "[variables('_dataConnectorContentId1')]", + "contentKind": "DataConnector", + "displayName": "Bitsight data connector (using Azure Functions)", + "contentProductId": "[variables('_dataConnectorcontentProductId1')]", + "id": "[variables('_dataConnectorcontentProductId1')]", + "version": "[variables('dataConnectorVersion1')]" + } + }, + { + "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", + "apiVersion": "2023-04-01-preview", + "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('DataConnector-', last(split(variables('_dataConnectorId1'),'/'))))]", + "dependsOn": [ + "[variables('_dataConnectorId1')]" + ], + "location": "[parameters('workspace-location')]", + "properties": { + "parentId": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectors', variables('_dataConnectorContentId1'))]", + "contentId": "[variables('_dataConnectorContentId1')]", + "kind": "DataConnector", + "version": "[variables('dataConnectorVersion1')]", + "source": { + "kind": "Solution", + "name": "BitSight", + "sourceId": "[variables('_solutionId')]" + }, + "author": { + "name": "Microsoft", + "email": "[variables('_email')]" + }, + "support": { + "name": "BitSight Support", + "email": "support@bitsight.com", + "tier": "Partner", + "link": "https://www.bitsight.com/customer-success-support" + } + } + }, + { + "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',variables('_dataConnectorContentId1'))]", + "apiVersion": "2021-03-01-preview", + "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectors", + "location": "[parameters('workspace-location')]", + "kind": "GenericUI", + "properties": { + "connectorUiConfig": { + "title": "Bitsight data connector (using Azure Functions)", + "publisher": "BitSight Technologies, Inc.", + "descriptionMarkdown": "The [BitSight](https://www.BitSight.com/) Data Connector supports evidence-based cyber risk monitoring by bringing BitSight data into Microsoft Sentinel using the [Logs Ingestion API](https://learn.microsoft.com/azure/azure-monitor/logs/logs-ingestion-api-overview).", + "graphQueries": [ + { + "metricName": "Total Alerts data received", + "legend": "BitsightAlerts_data_CL", + "baseQuery": "BitsightAlerts_data_CL" + }, + { + "metricName": "Total Breaches data received", + "legend": "BitsightBreaches_data_CL", + "baseQuery": "BitsightBreaches_data_CL" + }, + { + "metricName": "Total Company Details received", + "legend": "BitsightCompany_details_CL", + "baseQuery": "BitsightCompany_details_CL" + }, + { + "metricName": "Total Company Ratings received", + "legend": "BitsightCompany_rating_details_CL", + "baseQuery": "BitsightCompany_rating_details_CL" + }, + { + "metricName": "Total Diligence Historical Statistics data received", + "legend": "BitsightDiligence_historical_statistics_CL", + "baseQuery": "BitsightDiligence_historical_statistics_CL" + }, + { + "metricName": "Total Diligence Statistics data received", + "legend": "BitsightDiligence_statistics_CL", + "baseQuery": "BitsightDiligence_statistics_CL" + }, + { + "metricName": "Total Findings data received", + "legend": "BitsightFindings_data_CL", + "baseQuery": "BitsightFindings_data_CL" + }, + { + "metricName": "Total Findings Summary data received", + "legend": "BitsightFindings_summary_CL", + "baseQuery": "BitsightFindings_summary_CL" + }, + { + "metricName": "Total Graph data received", + "legend": "BitsightGraph_data_CL", + "baseQuery": "BitsightGraph_data_CL" + }, + { + "metricName": "Total Industrial Statistics data received", + "legend": "BitsightIndustrial_statistics_CL", + "baseQuery": "BitsightIndustrial_statistics_CL" + }, + { + "metricName": "Total Observation Statistics data received", + "legend": "BitsightObservation_statistics_CL", + "baseQuery": "BitsightObservation_statistics_CL" + } + ], + "dataTypes": [ + { + "name": "BitsightAlerts_data_CL", + "lastDataReceivedQuery": "BitsightAlerts_data_CL\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" + }, + { + "name": "BitsightBreaches_data_CL", + "lastDataReceivedQuery": "BitsightBreaches_data_CL\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" + }, + { + "name": "BitsightCompany_details_CL", + "lastDataReceivedQuery": "BitsightCompany_details_CL\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" + }, + { + "name": "BitsightCompany_rating_details_CL", + "lastDataReceivedQuery": "BitsightCompany_rating_details_CL\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" + }, + { + "name": "BitsightDiligence_historical_statistics_CL", + "lastDataReceivedQuery": "BitsightDiligence_historical_statistics_CL\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" + }, + { + "name": "BitsightDiligence_statistics_CL", + "lastDataReceivedQuery": "BitsightDiligence_statistics_CL\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" + }, + { + "name": "BitsightFindings_data_CL", + "lastDataReceivedQuery": "BitsightFindings_data_CL\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" + }, + { + "name": "BitsightFindings_summary_CL", + "lastDataReceivedQuery": "BitsightFindings_summary_CL\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" + }, + { + "name": "BitsightGraph_data_CL", + "lastDataReceivedQuery": "BitsightGraph_data_CL\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" + }, + { + "name": "BitsightIndustrial_statistics_CL", + "lastDataReceivedQuery": "BitsightIndustrial_statistics_CL\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" + }, + { + "name": "BitsightObservation_statistics_CL", + "lastDataReceivedQuery": "BitsightObservation_statistics_CL\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" + } + ], + "connectivityCriterias": [ + { + "type": "IsConnectedQuery", + "value": [ + "BitsightAlerts_data_CL\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)" + ] + }, + { + "type": "IsConnectedQuery", + "value": [ + "BitsightBreaches_data_CL\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)" + ] + }, + { + "type": "IsConnectedQuery", + "value": [ + "BitsightCompany_details_CL\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)" + ] + }, + { + "type": "IsConnectedQuery", + "value": [ + "BitsightCompany_rating_details_CL\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)" + ] + }, + { + "type": "IsConnectedQuery", + "value": [ + "BitsightDiligence_historical_statistics_CL\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)" + ] + }, + { + "type": "IsConnectedQuery", + "value": [ + "BitsightDiligence_statistics_CL\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)" + ] + }, + { + "type": "IsConnectedQuery", + "value": [ + "BitsightFindings_data_CL\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)" + ] + }, + { + "type": "IsConnectedQuery", + "value": [ + "BitsightFindings_summary_CL\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)" + ] + }, + { + "type": "IsConnectedQuery", + "value": [ + "BitsightGraph_data_CL\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)" + ] + }, + { + "type": "IsConnectedQuery", + "value": [ + "BitsightIndustrial_statistics_CL\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)" + ] + }, + { + "type": "IsConnectedQuery", + "value": [ + "BitsightObservation_statistics_CL\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)" + ] + } + ], + "sampleQueries": [ + { + "description": "BitSight Alert Events - Alerts Event for all Companies in portfolio.", + "query": "BitsightAlerts_data_CL\n | sort by TimeGenerated desc" + }, + { + "description": "BitSight Breaches Events - Breaches Event for all Companies in portfolio.", + "query": "BitsightBreaches_data_CL\n | sort by TimeGenerated desc" + }, + { + "description": "BitSight Company Details Events - Company Details Event for all Companies in portfolio.", + "query": "BitsightCompany_details_CL\n | sort by TimeGenerated desc" + }, + { + "description": "BitSight Company Ratings Events - Company Ratings Event for all Companies.", + "query": "BitsightCompany_rating_details_CL\n | sort by TimeGenerated desc" + }, + { + "description": "BitSight Diligence Historical Statistics Events - Diligence Historical Statistics Event for all Companies.", + "query": "BitsightDiligence_historical_statistics_CL\n | sort by TimeGenerated desc" + }, + { + "description": "BitSight Diligence Statistics Events - Diligence Statistics Event for all Companies.", + "query": "BitsightDiligence_statistics_CL\n | sort by TimeGenerated desc" + }, + { + "description": "BitSight Findings Events - Findings Event for all Companies.", + "query": "BitsightFindings_data_CL\n | sort by TimeGenerated desc" + }, + { + "description": "BitSight Findings Summary Events - Findings Summary Event for all Companies.", + "query": "BitsightFindings_summary_CL\n | sort by TimeGenerated desc" + }, + { + "description": "BitSight Graph Events - Graph Event for all Companies.", + "query": "BitsightGraph_data_CL\n | sort by TimeGenerated desc" + }, + { + "description": "BitSight Industrial Statistics Events - Industrial Statistics Event for all Companies.", + "query": "BitsightIndustrial_statistics_CL\n | sort by TimeGenerated desc" + }, + { + "description": "BitSight Observation Statistics Events - Observation Statistics Event for all Companies.", + "query": "BitsightObservation_statistics_CL\n | sort by TimeGenerated desc" + } + ], + "availability": { + "status": 1, + "isPreview": false + }, + "permissions": { + "resourceProvider": [ + { + "provider": "Microsoft.OperationalInsights/workspaces", + "permissionsDisplayText": "read and write permissions on the workspace are required.", + "providerDisplayName": "Workspace", + "scope": "Workspace", + "requiredPermissions": { + "write": true, + "read": true, + "delete": true + } + } + ], + "customs": [ + { + "name": "Microsoft.Web/sites permissions", + "description": "Read and write permissions to Azure Functions to create a Function App is required. [See the documentation to learn more about Azure Functions](https://docs.microsoft.com/azure/azure-functions/)." + }, + { + "name": "Permission to assign a role to the registered application", + "description": "Permission to assign a role to the registered application in Microsoft Entra ID is required." + }, + { + "name": "REST API Credentials/permissions", + "description": "BitSight API Token is required. See the documentation to [learn more](https://help.bitsighttech.com/hc/en-us/articles/115014888388-API-Token-Management) about API Token." + } + ] + }, + "instructionSteps": [ + { + "description": ">**NOTE:** This connector uses Azure Functions to connect to the BitSight API to pull its logs into Microsoft Sentinel using the Logs Ingestion API (DCR). This might result in additional data ingestion costs. Check the [Azure Functions pricing page](https://azure.microsoft.com/pricing/details/functions/) for details." + }, + { + "description": ">**(Optional Step)** Securely store workspace and API authorization key(s) or token(s) in Azure Key Vault. Azure Key Vault provides a secure mechanism to store and retrieve key values. [Follow these instructions](https://docs.microsoft.com/azure/app-service/app-service-key-vault-references) to use Azure Key Vault with an Azure Function App." + }, + { + "description": "**STEP 1 - Steps to Create/Get Bitsight API Token**\n\n Follow these instructions to get a BitSight API Token.\n 1. For SPM App: Refer to the [User Preference](https://service.bitsight.com/app/spm/account) tab of your Account page, \n\t\tGo to Settings > Account > User Preferences > API Token.\n 2. For TPRM App: Refer to the [User Preference](https://service.bitsight.com/app/tprm/account) tab of your Account page, \n\t\tGo to Settings > Account > User Preferences > API Token.\n 3. For Classic BitSight: Go to your [Account](https://service.bitsight.com/settings) page, \n\t\tGo to Settings > Account > API Token." + }, + { + "description": "**STEP 2 - App Registration steps for the Application in Microsoft Entra ID**\n\n This integration requires an App registration in the Azure portal. Follow the steps in this section to create a new application in Microsoft Entra ID:\n 1. Sign in to the [Azure portal](https://portal.azure.com/).\n 2. Search for and select **Microsoft Entra ID**.\n 3. Under **Manage**, select **App registrations > New registration**.\n 4. Enter a display **Name** for your application.\n 5. Select **Register** to complete the initial app registration.\n 6. When registration finishes, the Azure portal displays the app registration's Overview pane. You see the **Application (client) ID** and **Tenant ID**. The client ID and Tenant ID is required as configuration parameters for the execution of BitSight Data Connector. \n\n> **Reference link:** [https://learn.microsoft.com/azure/active-directory/develop/quickstart-register-app](https://learn.microsoft.com/azure/active-directory/develop/quickstart-register-app)" + }, + { + "description": "**STEP 3 - Add a client secret for application in Microsoft Entra ID**\n\n Sometimes called an application password, a client secret is a string value required for the execution of BitSight Data Connector. Follow the steps in this section to create a new Client Secret:\n 1. In the Azure portal, in **App registrations**, select your application.\n 2. Select **Certificates & secrets > Client secrets > New client secret**.\n 3. Add a description for your client secret.\n 4. Select an expiration for the secret or specify a custom lifetime. Limit is 24 months.\n 5. Select **Add**. \n 6. *Record the secret's value for use in your client application code. This secret value is never displayed again after you leave this page.* The secret value is required as configuration parameter for the execution of BitSight Data Connector. \n\n> **Reference link:** [https://learn.microsoft.com/azure/active-directory/develop/quickstart-register-app#add-a-client-secret](https://learn.microsoft.com/azure/active-directory/develop/quickstart-register-app#add-a-client-secret)" + }, + { + "description": "**STEP 4 - Get Object ID of your application in Microsoft Entra ID**\n\n After creating your app registration, follow the steps in this section to get Object ID:\n 1. Go to **Microsoft Entra ID**.\n 2. Select **Enterprise applications** from the left menu.\n 3. Find your newly created application in the list (you can search by the name you provided).\n 4. Click on the application.\n 5. On the overview page, copy the **Object ID**. This is the **AzureEntraObjectId** needed for your ARM template role assignment.\n" + }, + { + "description": "**STEP 5 - Assign role of Contributor to application in Microsoft Entra ID**\n\n Follow the steps in this section to assign the role:\n 1. In the Azure portal, Go to **Resource Group** and select your resource group.\n 2. Go to **Access control (IAM)** from left panel.\n 3. Click on **Add**, and then select **Add role assignment**.\n 4. Select **Contributor** as role and click on next.\n 5. In **Assign access to**, select `User, group, or service principal`.\n 6. Click on **add members** and type **your app name** that you have created and select it.\n 7. Now click on **Review + assign** and then again click on **Review + assign**. \n\n> **Reference link:** [https://learn.microsoft.com/azure/role-based-access-control/role-assignments-portal](https://learn.microsoft.com/azure/role-based-access-control/role-assignments-portal)" + }, + { + "description": "**STEP 6 - Choose ONE from the following two deployment options to deploy the connector and the associated Azure Function**\n\n>**IMPORTANT:** Before deploying the BitSight data connector, have the BitSight API Token and Azure credentials (Client ID, Client Secret, Tenant ID, Object ID) readily available." + }, + { + "description": "Use this method for automated deployment of the BitSight connector.\n\n1. Click the **Deploy to Azure** button below. \n\n\t[![Deploy To Azure](https://aka.ms/deploytoazurebutton)](https://aka.ms/sentinel-BitSight-azuredeploy)\n2. Select the preferred **Subscription**, **Resource Group** and **Location**. \n3. Enter the below information : \n\n\t a. **FunctionName** - Name of the Azure Function App to be created. Default is BitSight. \n\n\t b. **API_token** - Enter API Token of your BitSight account. \n\n\t c. **Azure_Client_Id** - Enter Azure Client Id that you have created during app registration. \n\n\t d. **Azure_Client_Secret** - Enter Azure Client Secret that you have created during creating the client secret. \n\n\t e. **Azure_Tenant_Id** - Enter Azure Tenant Id of your Microsoft Entra ID. \n\n\t f. **Azure_Entra_Object_Id** - Enter Object id of your Microsoft Entra App. \n\n\t g. **Companies** - Please add valid company names separated by asterisk(*). For example: Actors Films*Goliath Investments LLC*HCL Group*Saperix, Inc. \n\n\t h. **Location** - The location in which the data collection rules and data collection endpoints should be deployed. \n\n\t i. **WorkspaceName** - Log analytics workspace name. Can be found under Log analytics \"Settings\". \n\n\t j. **Portfolio_Companies_Table_Name** - Name of the table to store portfolio companies. Default is BitsightPortfolio_Companies. Please do not keep this field as empty else you will get validation error. \n\n\t k. **Alerts_Table_Name** - Name of the table to store alerts. Default is BitsightAlerts_data. Please do not keep this field as empty else you will get validation error. \n\n\t l. **Breaches_Table_Name** - Name of the table to store breaches. Default is BitsightBreaches_data. Please do not keep this field as empty else you will get validation error. \n\n\t m. **Company_Table_Name** - Name of the table to store company details. Default is BitsightCompany_details. Please do not keep this field as empty else you will get validation error. \n\n\t n. **Company_Rating_Details_Table_Name** - Name of the table to store company rating details. Default is BitsightCompany_rating_details. Please do not keep this field as empty else you will get validation error. \n\n\t o. **Diligence_Historical_Statistics_Table_Name** - Name of the table to store diligence historical statistics. Default is BitsightDiligence_historical_statistics. Please do not keep this field as empty else you will get validation error. \n\n\t p. **Diligence_Statistics_Table_Name** - Name of the table to store diligence statistics. Default is BitsightDiligence_statistics. Please do not keep this field as empty else you will get validation error. \n\n\t q. **Findings_Summary_Table_Name** - Name of the table to store findings summary. Default is BitsightFindings_summary. Please do not keep this field as empty else you will get validation error. \n\n\t r. **Findings_Table_Name** - Name of the table to store findings data. Default is BitsightFindings_data. Please do not keep this field as empty else you will get validation error. \n\n\t s. **Graph_Table_Name** - Name of the table to store graph data. Default is BitsightGraph_data. Please do not keep this field as empty else you will get validation error. \n\n\t t. **Industrial_Statistics_Table_Name** - Name of the table to store industrial statistics. Default is BitsightIndustrial_statistics. Please do not keep this field as empty else you will get validation error. \n\n\t u. **Observation_Statistics_Table_Name** - Name of the table to store observation statistics. Default is BitsightObservation_statistics. Please do not keep this field as empty else you will get validation error. \n\n\t v. **LogLevel** - Select log level or log severity value from DEBUG, INFO, ERROR. By default it is set to INFO. \n\n\t w. **Schedule** - Please enter a valid Quartz cron-expression. (Example: 0 0 * * * *). \n\n\t x. **Schedule_Portfolio** - Please enter a valid Quartz cron-expression. (Example: 0 */30 * * * *). \n\n\t y. **AppInsightsWorkspaceResourceID** - Use 'Log Analytic Workspace-->Properties' blade having 'Resource ID' property value. This is a fully qualified resourceId which is in format '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}'. \n4. Mark the checkbox labeled **I agree to the terms and conditions stated above**. \n5. Click **Review + Create** and then **Create** to deploy.", + "title": "Option 1 - Azure Resource Manager (ARM) Template" + }, + { + "description": "Use the following step-by-step instructions to deploy the BitSight data connector manually with Azure Functions (Deployment via Visual Studio Code).", + "title": "Option 2 - Manual Deployment of Azure Functions" + }, + { + "description": "**1. Deploy a Function App**\n\n> **NOTE:** You will need to [prepare VS code](https://docs.microsoft.com/azure/azure-functions/functions-create-first-function-python#prerequisites) for Azure function development.\n\n1. Download the [Azure Function App](https://aka.ms/sentinel-BitSight310-functionapp) file. Extract archive to your local development computer.\n2. Start VS Code. Choose File in the main menu and select Open Folder.\n3. Select the top level folder from extracted files.\n4. Choose the Azure icon in the Activity bar, then in the **Azure: Functions** area, choose the **Deploy to function app** button.\nIf you aren't already signed in, choose the Azure icon in the Activity bar, then in the **Azure: Functions** area, choose **Sign in to Azure**\nIf you're already signed in, go to the next step.\n5. Provide the following information at the prompts:\n\n\ta. **Select folder:** Choose a folder from your workspace or browse to one that contains your function app.\n\n\tb. **Select Subscription:** Choose the subscription to use.\n\n\tc. Select **Create new Function App in Azure** (Don't choose the Advanced option)\n\n\td. **Enter a globally unique name for the function app:** Type a name that is valid in a URL path. The name you type is validated to make sure that it's unique in Azure Functions. (e.g. BitSightXXXXX).\n\n\te. **Select a runtime:** Choose Python 3.8 or above.\n\n\tf. Select a location for new resources. For better performance and lower costs choose the same [region](https://azure.microsoft.com/regions/) where Microsoft Sentinel is located.\n\n6. Deployment will begin. A notification is displayed after your function app is created and the deployment package is applied.\n7. Go to Azure Portal for the Function App configuration." + }, + { + "description": "**2. Configure the Function App**\n\n1. In the Function App, select the Function App Name and select **Configuration**.\n2. In the **Application settings** tab, select **+ New application setting**.\n3. Add each of the following application settings individually, with their respective values (case-sensitive): \n\n\t a. **FunctionName** - Name of the Azure Function App to be created. Default is BitSight. \n\n\t b. **API_token** - Enter API Token of your BitSight account. \n\n\t c. **Azure_Client_Id** - Enter Azure Client Id that you have created during app registration. \n\n\t d. **Azure_Client_Secret** - Enter Azure Client Secret that you have created during creating the client secret. \n\n\t e. **Azure_Tenant_Id** - Enter Azure Tenant Id of your Microsoft Entra ID. \n\n\t f. **Azure_Entra_Object_Id** - Enter Object id of your Microsoft Entra App. \n\n\t g. **Companies** - Please add valid company names separated by asterisk(*). For example: Actors Films*Goliath Investments LLC*HCL Group*Saperix, Inc. \n\n\t h. **Location** - The location in which the data collection rules and data collection endpoints should be deployed. \n\n\t i. **WorkspaceName** - Log analytics workspace name. Can be found under Log analytics \"Settings\". \n\n\t j. **Portfolio_Companies_Table_Name** - Name of the table to store portfolio companies. Default is BitsightPortfolio_Companies. Please do not keep this field as empty else you will get validation error. \n\n\t k. **Alerts_Table_Name** - Name of the table to store alerts. Default is BitsightAlerts_data. Please do not keep this field as empty else you will get validation error. \n\n\t l. **Breaches_Table_Name** - Name of the table to store breaches. Default is BitsightBreaches_data. Please do not keep this field as empty else you will get validation error. \n\n\t m. **Company_Table_Name** - Name of the table to store company details. Default is BitsightCompany_details. Please do not keep this field as empty else you will get validation error. \n\n\t n. **Company_Rating_Details_Table_Name** - Name of the table to store company rating details. Default is BitsightCompany_rating_details. Please do not keep this field as empty else you will get validation error. \n\n\t o. **Diligence_Historical_Statistics_Table_Name** - Name of the table to store diligence historical statistics. Default is BitsightDiligence_historical_statistics. Please do not keep this field as empty else you will get validation error. \n\n\t p. **Diligence_Statistics_Table_Name** - Name of the table to store diligence statistics. Default is BitsightDiligence_statistics. Please do not keep this field as empty else you will get validation error. \n\n\t q. **Findings_Summary_Table_Name** - Name of the table to store findings summary. Default is BitsightFindings_summary. Please do not keep this field as empty else you will get validation error. \n\n\t r. **Findings_Table_Name** - Name of the table to store findings data. Default is BitsightFindings_data. Please do not keep this field as empty else you will get validation error. \n\n\t s. **Graph_Table_Name** - Name of the table to store graph data. Default is BitsightGraph_data. Please do not keep this field as empty else you will get validation error. \n\n\t t. **Industrial_Statistics_Table_Name** - Name of the table to store industrial statistics. Default is BitsightIndustrial_statistics. Please do not keep this field as empty else you will get validation error. \n\n\t u. **Observation_Statistics_Table_Name** - Name of the table to store observation statistics. Default is BitsightObservation_statistics. Please do not keep this field as empty else you will get validation error. \n\n\t v. **LogLevel** - Select log level or log severity value from DEBUG, INFO, ERROR. By default it is set to INFO. \n\n\t w. **Schedule** - Please enter a valid Quartz cron-expression. (Example: 0 0 * * * *). \n\n\t x. **Schedule_Portfolio** - Please enter a valid Quartz cron-expression. (Example: 0 */30 * * * *). \n\n\t y. **AppInsightsWorkspaceResourceID** - Use 'Log Analytic Workspace-->Properties' blade having 'Resource ID' property value. This is a fully qualified resourceId which is in format '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}'. \n4. Once all application settings have been entered, click **Save**." + } + ], + "id": "[variables('_uiConfigId1')]" + } + } + }, + { + "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates", + "apiVersion": "2023-04-01-preview", + "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/', variables('dataConnectorTemplateNameConnectorDefinition2'), variables('dataConnectorCCPVersion'))]", + "location": "[parameters('workspace-location')]", + "dependsOn": [ + "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" + ], + "properties": { + "contentId": "[variables('_dataConnectorContentIdConnectorDefinition2')]", + "displayName": "BitSight Security Events (via Codeless Connector Framework)", + "contentKind": "DataConnector", + "mainTemplate": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "[variables('dataConnectorCCPVersion')]", + "parameters": {}, + "variables": {}, + "resources": [ + { + "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',variables('_dataConnectorContentIdConnectorDefinition2'))]", + "apiVersion": "2022-09-01-preview", + "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectorDefinitions", + "location": "[parameters('workspace-location')]", + "kind": "Customizable", + "properties": { + "connectorUiConfig": { + "id": "BitSightEventsConnector", + "title": "BitSight Security Events (via Codeless Connector Framework)", + "publisher": "Microsoft", + "descriptionMarkdown": "The [BitSight](https://www.bitsight.com/) data connector provides the capability to ingest security alerts, breaches, and findings from your BitSight portfolio into Microsoft Sentinel through the BitSight REST API. The connector monitors portfolio companies for rating changes, news alerts, data breaches, and detailed security findings across Diligence, Compromised Systems, and User Behavior risk categories. Refer to the [BitSight API documentation](https://help.bitsighttech.com/hc/en-us/articles/115014888388-API-Token-Management) for more information.", + "graphQueriesTableName": "BitSightAlerts", + "graphQueries": [ + { + "metricName": "Total Alerts received", + "legend": "BitSight Alerts", + "baseQuery": "{{graphQueriesTableName}}" + }, + { + "metricName": "Total Breaches received", + "legend": "BitSight Breaches", + "baseQuery": "BitSightBreaches" + }, + { + "metricName": "Total Findings received", + "legend": "BitSight Findings", + "baseQuery": "BitSightFindings" + } + ], + "sampleQueries": [ + { + "description": "Get sample of BitSight Alerts", + "query": "BitSightAlerts\n | take 10" + }, + { + "description": "Get recent high-severity alerts", + "query": "BitSightAlerts\n | where severity in ('WARN', 'CRITICAL') and TimeGenerated > ago(7d)\n | project TimeGenerated, company_name, alert_type, severity\n | order by TimeGenerated desc" + }, + { + "description": "Get sample of BitSight Findings", + "query": "BitSightFindings\n | take 10" + }, + { + "description": "Get active severe findings", + "query": "BitSightFindings\n | where currently_active == true and severity_category in ('MATERIAL', 'SEVERE')\n | project TimeGenerated, company_name, risk_vector_label, severity_category, severity, first_seen\n | order by severity desc" + }, + { + "description": "Get sample of BitSight Breaches", + "query": "BitSightBreaches\n | take 10" + } + ], + "dataTypes": [ + { + "name": "{{graphQueriesTableName}}", + "lastDataReceivedQuery": "{{graphQueriesTableName}}\n | where TimeGenerated > ago(12h)\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" + }, + { + "name": "BitSightBreaches", + "lastDataReceivedQuery": "BitSightBreaches\n | where TimeGenerated > ago(12h)\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" + }, + { + "name": "BitSightFindings", + "lastDataReceivedQuery": "BitSightFindings\n | where TimeGenerated > ago(12h)\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" + } + ], + "connectivityCriteria": [ + { + "type": "HasDataConnectors" + } + ], + "availability": { + "isPreview": true, + "status": 1 + }, + "permissions": { + "resourceProvider": [ + { + "provider": "Microsoft.OperationalInsights/workspaces", + "permissionsDisplayText": "Read and Write permissions are required.", + "providerDisplayName": "Workspace", + "scope": "Workspace", + "requiredPermissions": { + "write": true, + "read": true, + "delete": true, + "action": false + } + } + ], + "customs": [ + { + "name": "BitSight API Token", + "description": "A BitSight API Token is required to authenticate requests to the BitSight REST API. [See the documentation](https://help.bitsighttech.com/hc/en-us/articles/115014888388-API-Token-Management) to learn more about API Token management." + } + ] + }, + "instructionSteps": [ + { + "title": "1. Connection Management", + "description": "Manage your BitSight data stream connections", + "instructions": [ + { + "type": "Markdown", + "parameters": { + "content": "## BitSight Connections\n\nManage multiple BitSight data stream connections. Each connection selects a specific data type - **Alerts**, **Breaches**, or **Findings** - and assigns a **Connection Name** that is stored in the `ConnectorName` column of every ingested record.\n\n> **Authentication**: BitSight uses HTTP Basic Authentication where the API token is used as **both** the username and password." + } + }, + { + "type": "DataConnectorsGrid", + "parameters": { + "mapping": [ + { + "columnName": "Connection Name", + "columnValue": "properties.addOnAttributes.friendlyName" + }, + { + "columnName": "Data Stream", + "columnValue": "properties.addOnAttributes.userStream" + }, + { + "columnName": "API URL", + "columnValue": "properties.request.apiEndpoint" + } + ], + "menuItems": [ + "DeleteConnector" + ] + } + }, + { + "type": "ContextPane", + "parameters": { + "isPrimary": true, + "label": "Add Connection", + "title": "Add BitSight Connection", + "subtitle": "Configure a new BitSight data stream connection", + "contextPaneType": "DataConnectorsContextPane", + "instructionSteps": [ + { + "instructions": [ + { + "type": "Markdown", + "parameters": { + "content": "## 1. Select Data Stream\n\nChoose which BitSight data type to collect for this connection. Create separate connections for each stream you want to ingest." + } + }, + { + "type": "Dropdown", + "parameters": { + "label": "Data Stream", + "name": "dataStream", + "options": [ + { + "key": "ALERTS", + "text": "Alerts - Rating changes and news events (BitSightAlerts)" + }, + { + "key": "BREACHES", + "text": "Breaches - Data breach events for portfolio companies (BitSightBreaches)" + }, + { + "key": "DILIGENCE", + "text": "Diligence Findings - Web, app, and network risk factors (BitSightFindings)" + }, + { + "key": "COMPROMISED_SYSTEMS", + "text": "Compromised Systems Findings - Botnet and malware activity (BitSightFindings)" + }, + { + "key": "USER_BEHAVIOR", + "text": "User Behavior Findings - Credential and employee risk activity (BitSightFindings)" + } + ], + "required": true + } + }, + { + "type": "Markdown", + "parameters": { + "content": "## 2. API Configuration" + } + }, + { + "type": "Textbox", + "parameters": { + "label": "BitSight API Base URL", + "placeholder": "https://api.bitsighttech.com", + "type": "text", + "name": "bitSightApiUrl", + "validations": { + "required": true + } + } + }, + { + "type": "Markdown", + "parameters": { + "content": "## 3. Authentication\n\nBitSight uses your API token as **both** the username and password for HTTP Basic Authentication." + } + }, + { + "type": "Textbox", + "parameters": { + "label": "BitSight API Token (Username)", + "placeholder": "Paste your BitSight API Token", + "type": "text", + "name": "username", + "validations": { + "required": true + } + } + }, + { + "type": "Textbox", + "parameters": { + "label": "BitSight API Token (Password)", + "placeholder": "Paste your BitSight API Token again", + "type": "password", + "name": "password", + "validations": { + "required": true + } + } + }, + { + "type": "InfoMessage", + "parameters": { + "text": "Both fields must contain the **same API token value**. Entering different values will cause authentication to fail.", + "visible": true, + "inline": false + } + }, + { + "type": "InfoMessage", + "parameters": { + "text": "Obtain your API Token from **Settings > Account > User Preferences > API Token** in the BitSight portal.", + "visible": true, + "inline": false + } + }, + { + "type": "Markdown", + "parameters": { + "content": "## 4. Connection Name\n\nAssign a unique name to identify this connection in the grid and in every ingested log record." + } + }, + { + "type": "Textbox", + "parameters": { + "label": "Connection Name", + "placeholder": "e.g. BitSight-Alerts-Prod", + "type": "text", + "name": "friendlyName", + "validations": { + "required": true + } + } + }, + { + "type": "InfoMessage", + "parameters": { + "text": "The connection name is stored in the `ConnectorName` column of every ingested record, enabling you to trace data back to this specific connection.", + "visible": true, + "inline": true + } + } + ] + } + ] + } + } + ] + } + ] + } + } + }, + { + "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('DataConnector-', variables('_dataConnectorContentIdConnectorDefinition2')))]", + "apiVersion": "2022-01-01-preview", + "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", + "properties": { + "parentId": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectorDefinitions', variables('_dataConnectorContentIdConnectorDefinition2'))]", + "contentId": "[variables('_dataConnectorContentIdConnectorDefinition2')]", + "kind": "DataConnector", + "version": "[variables('dataConnectorCCPVersion')]", + "source": { + "sourceId": "[variables('_solutionId')]", + "name": "[variables('_solutionName')]", + "kind": "Solution" + }, + "author": { + "name": "Microsoft", + "email": "[variables('_email')]" + }, + "support": { + "name": "BitSight Support", + "email": "support@bitsight.com", + "tier": "Partner", + "link": "https://www.bitsight.com/customer-success-support" + }, + "dependencies": { + "criteria": [ + { + "version": "[variables('dataConnectorCCPVersion')]", + "contentId": "[variables('_dataConnectorContentIdConnections2')]", + "kind": "ResourcesDataConnector" + } + ] + } + } + }, + { + "name": "BitSightEventsDCR", + "apiVersion": "2022-06-01", + "type": "Microsoft.Insights/dataCollectionRules", + "location": "[parameters('workspace-location')]", + "kind": "[variables('blanks')]", + "properties": { + "dataCollectionEndpointId": "[variables('dataCollectionEndpointId2')]", + "streamDeclarations": { + "Custom-BitSightAlerts_CL": { + "columns": [ + { + "name": "guid", + "type": "string" + }, + { + "name": "alert_type", + "type": "string" + }, + { + "name": "alert_date", + "type": "string" + }, + { + "name": "start_date", + "type": "string" + }, + { + "name": "company_name", + "type": "string" + }, + { + "name": "company_guid", + "type": "string" + }, + { + "name": "company_url", + "type": "string" + }, + { + "name": "folder_guid", + "type": "string" + }, + { + "name": "folder_name", + "type": "string" + }, + { + "name": "severity", + "type": "string" + }, + { + "name": "trigger", + "type": "string" + }, + { + "name": "alert_set_name", + "type": "string" + }, + { + "name": "alert_set_guid", + "type": "string" + }, + { + "name": "friendlyName", + "type": "string" + } + ] + }, + "Custom-BitSightBreaches_CL": { + "columns": [ + { + "name": "company_guid", + "type": "string" + }, + { + "name": "company_name", + "type": "string" + }, + { + "name": "guid", + "type": "string" + }, + { + "name": "date", + "type": "string" + }, + { + "name": "date_created", + "type": "string" + }, + { + "name": "text", + "type": "string" + }, + { + "name": "preview_url", + "type": "string" + }, + { + "name": "event_type", + "type": "string" + }, + { + "name": "event_type_description", + "type": "string" + }, + { + "name": "severity", + "type": "int" + }, + { + "name": "breached_companies", + "type": "dynamic" + }, + { + "name": "dependent_companies", + "type": "dynamic" + }, + { + "name": "friendlyName", + "type": "string" + } + ] + }, + "Custom-BitSightFindings_CL": { + "columns": [ + { + "name": "temporary_id", + "type": "string" + }, + { + "name": "company_name", + "type": "string" + }, + { + "name": "company_guid", + "type": "string" + }, + { + "name": "risk_category", + "type": "string" + }, + { + "name": "risk_vector", + "type": "string" + }, + { + "name": "risk_vector_label", + "type": "string" + }, + { + "name": "severity_category", + "type": "string" + }, + { + "name": "severity", + "type": "real" + }, + { + "name": "first_seen", + "type": "string" + }, + { + "name": "last_seen", + "type": "string" + }, + { + "name": "currently_active", + "type": "boolean" + }, + { + "name": "asset_category", + "type": "string" + }, + { + "name": "assets", + "type": "dynamic" + }, + { + "name": "details", + "type": "dynamic" + }, + { + "name": "evidence_key", + "type": "string" + }, + { + "name": "attributed_companies", + "type": "dynamic" + }, + { + "name": "remediation_history", + "type": "dynamic" + }, + { + "name": "affects_rating", + "type": "boolean" + }, + { + "name": "comments", + "type": "dynamic" + }, + { + "name": "duration", + "type": "int" + }, + { + "name": "grace_period_end_date", + "type": "string" + }, + { + "name": "guest_network_end_date", + "type": "string" + }, + { + "name": "impacts_risk_vector_details", + "type": "dynamic" + }, + { + "name": "no_rv_grade_impact_end_date", + "type": "string" + }, + { + "name": "related_findings", + "type": "dynamic" + }, + { + "name": "remaining_decay", + "type": "int" + }, + { + "name": "remediated", + "type": "boolean" + }, + { + "name": "rolledup_observation_id", + "type": "string" + }, + { + "name": "tags", + "type": "dynamic" + }, + { + "name": "friendlyName", + "type": "string" + } + ] + } + }, + "destinations": { + "logAnalytics": [ + { + "workspaceResourceId": "[variables('workspaceResourceId')]", + "name": "clv2ws1" + } + ] + }, + "dataFlows": [ + { + "streams": [ + "Custom-BitSightAlerts_CL" + ], + "destinations": [ + "clv2ws1" + ], + "outputStream": "Custom-BitSightAlerts_CL", + "transformKql": "source | extend TimeGenerated = iff(isnull(['alert_date']) or todatetime(['alert_date']) < ago(2d), now(), todatetime(['alert_date'])) , Guid = ['guid'] , AlertType = ['alert_type'] , AlertDate = ['alert_date'] , StartDate = ['start_date'] , CompanyName = ['company_name'] , CompanyGuid = ['company_guid'] , CompanyUrl = ['company_url'] , FolderGuid = ['folder_guid'] , FolderName = ['folder_name'] , Severity = ['severity'] , Trigger = ['trigger'] , AlertSetName = ['alert_set_name'] , AlertSetGuid = ['alert_set_guid'] , ConnectorName = ['friendlyName'] | project TimeGenerated , Guid , AlertType , AlertDate , StartDate , CompanyName , CompanyGuid , CompanyUrl , FolderGuid , FolderName , Severity , Trigger , AlertSetName , AlertSetGuid , ConnectorName" + }, + { + "streams": [ + "Custom-BitSightBreaches_CL" + ], + "destinations": [ + "clv2ws1" + ], + "outputStream": "Custom-BitSightBreaches_CL", + "transformKql": "source | extend TimeGenerated = iff(isnull(['date']) or todatetime(['date']) < ago(2d), now(), todatetime(['date'])) , CompanyGuid = ['company_guid'] , CompanyName = ['company_name'] , Guid = ['guid'] , BreachDate = ['date'] , DateCreated = ['date_created'] , Text = ['text'] , PreviewUrl = ['preview_url'] , EventType = ['event_type'] , EventTypeDescription = ['event_type_description'] , Severity = ['severity'] , BreachedCompanies = ['breached_companies'] , DependentCompanies = ['dependent_companies'] , ConnectorName = ['friendlyName'] | project TimeGenerated , CompanyGuid , CompanyName , Guid , BreachDate , DateCreated , Text , PreviewUrl , EventType , EventTypeDescription , Severity , BreachedCompanies , DependentCompanies , ConnectorName" + }, + { + "streams": [ + "Custom-BitSightFindings_CL" + ], + "destinations": [ + "clv2ws1" + ], + "outputStream": "Custom-BitSightFindings_CL", + "transformKql": "source | extend TimeGenerated = iff(isnull(['last_seen']) or todatetime(['last_seen']) < ago(2d), now(), todatetime(['last_seen'])) , TemporaryId = ['temporary_id'] , CompanyName = ['company_name'] , CompanyGuid = ['company_guid'] , RiskCategory = ['risk_category'] , RiskVector = ['risk_vector'] , RiskVectorLabel = ['risk_vector_label'] , SeverityCategory = ['severity_category'] , Severity = ['severity'] , FirstSeen = ['first_seen'] , LastSeen = ['last_seen'] , CurrentlyActive = ['currently_active'] , AssetCategory = ['asset_category'] , Assets = ['assets'] , Details = ['details'] , EvidenceKey = ['evidence_key'] , AttributedCompanies = ['attributed_companies'] , RemediationHistory = ['remediation_history'] , AffectsRating = ['affects_rating'] , Comments = ['comments'] , Duration = ['duration'] , GracePeriodEndDate = ['grace_period_end_date'] , GuestNetworkEndDate = ['guest_network_end_date'] , ImpactsRiskVectorDetails = ['impacts_risk_vector_details'] , NoRvGradeImpactEndDate = ['no_rv_grade_impact_end_date'] , RelatedFindings = ['related_findings'] , RemainingDecay = ['remaining_decay'] , Remediated = ['remediated'] , RolledupObservationId = ['rolledup_observation_id'] , Tags = ['tags'] , ConnectorName = ['friendlyName'] | project TimeGenerated , TemporaryId , CompanyName , CompanyGuid , RiskCategory , RiskVector , RiskVectorLabel , SeverityCategory , Severity , FirstSeen , LastSeen , CurrentlyActive , AssetCategory , Assets , Details , EvidenceKey , AttributedCompanies , RemediationHistory , AffectsRating , Comments , Duration , GracePeriodEndDate , GuestNetworkEndDate , ImpactsRiskVectorDetails , NoRvGradeImpactEndDate , RelatedFindings , RemainingDecay , Remediated , RolledupObservationId , Tags , ConnectorName" + } + ] + } + }, + { + "name": "BitSightFindings_CL", + "apiVersion": "2022-10-01", + "type": "Microsoft.OperationalInsights/workspaces/tables", + "location": "[parameters('workspace-location')]", + "kind": null, + "properties": { + "retentionInDays": 180, + "schema": { + "name": "BitSightFindings_CL", + "description": "The BitSightFindings table contains security findings from the BitSight API including Diligence, Compromised Systems, and User Behavior findings for portfolio companies ingested into Microsoft Sentinel.", + "columns": [ + { + "name": "TimeGenerated", + "type": "datetime", + "isDefaultDisplay": true + }, + { + "name": "TemporaryId", + "type": "string", + "description": "The temporary identifier for a finding." + }, + { + "name": "CompanyName", + "type": "string", + "description": "Name of the company associated with the finding." + }, + { + "name": "CompanyGuid", + "type": "string", + "description": "GUID of the company associated with the finding." + }, + { + "name": "RiskCategory", + "type": "string", + "description": "The risk category (e.g., Diligence, Compromised Systems, User Behavior)." + }, + { + "name": "RiskVector", + "type": "string", + "description": "The risk vector slug for this finding." + }, + { + "name": "RiskVectorLabel", + "type": "string", + "description": "Human-readable label for the risk vector." + }, + { + "name": "SeverityCategory", + "type": "string", + "description": "Severity category (MINOR, MODERATE, MATERIAL, SEVERE)." + }, + { + "name": "Severity", + "type": "real", + "description": "Numeric severity score." + }, + { + "name": "FirstSeen", + "type": "string", + "description": "Date the finding was first observed (YYYY-MM-DD)." + }, + { + "name": "LastSeen", + "type": "string", + "description": "Date the finding was most recently observed (YYYY-MM-DD)." + }, + { + "name": "CurrentlyActive", + "type": "boolean", + "description": "Indicates if the finding is currently active." + }, + { + "name": "AssetCategory", + "type": "string", + "description": "Category of the affected asset." + }, + { + "name": "Assets", + "type": "dynamic", + "description": "Array of assets associated with this finding." + }, + { + "name": "Details", + "type": "dynamic", + "description": "Detailed finding data object (CVE info, diligence annotations, remediations, etc.)." + }, + { + "name": "EvidenceKey", + "type": "string", + "description": "Key identifying the source of evidence for the finding." + }, + { + "name": "AttributedCompanies", + "type": "dynamic", + "description": "Array of companies to which this finding has been attributed." + }, + { + "name": "RemediationHistory", + "type": "dynamic", + "description": "Remediation history object (last_requested_refresh_date, last_refresh_status, etc.)." + }, + { + "name": "AffectsRating", + "type": "boolean", + "description": "Indicates whether this finding contributes to the company's overall rating." + }, + { + "name": "Comments", + "type": "dynamic", + "description": "Array of analyst comments attached to this finding." + }, + { + "name": "Duration", + "type": "int", + "description": "Number of days the finding has been active." + }, + { + "name": "GracePeriodEndDate", + "type": "string", + "description": "Date until which the finding is in a grace period and does not affect the rating (YYYY-MM-DD)." + }, + { + "name": "GuestNetworkEndDate", + "type": "string", + "description": "Date until which the finding is suppressed as a guest network (YYYY-MM-DD)." + }, + { + "name": "ImpactsRiskVectorDetails", + "type": "dynamic", + "description": "Object describing which risk vectors are impacted by this finding." + }, + { + "name": "NoRvGradeImpactEndDate", + "type": "string", + "description": "Date until which the finding has no risk vector grade impact (YYYY-MM-DD)." + }, + { + "name": "RelatedFindings", + "type": "dynamic", + "description": "Array of finding identifiers related to this finding." + }, + { + "name": "RemainingDecay", + "type": "int", + "description": "Number of days remaining in the finding's decay window." + }, + { + "name": "Remediated", + "type": "boolean", + "description": "Indicates whether this finding has been remediated." + }, + { + "name": "RolledupObservationId", + "type": "string", + "description": "Identifier of the rolled-up observation this finding belongs to." + }, + { + "name": "Tags", + "type": "dynamic", + "description": "Array of tags applied to this finding." + }, + { + "name": "ConnectorName", + "type": "string", + "description": "Connection name assigned during connector setup." + } + ] + } + } + }, + { + "name": "BitSightCompanyDetails_CL", + "apiVersion": "2022-10-01", + "type": "Microsoft.OperationalInsights/workspaces/tables", + "location": "[parameters('workspace-location')]", + "kind": null, + "properties": { + "retentionInDays": 180, + "schema": { + "name": "BitSightCompanyDetails_CL", + "description": "The BitSightCompanyDetails table contains full company snapshots from the BitSight API per company GUID ingested into Microsoft Sentinel.", + "columns": [ + { + "name": "TimeGenerated", + "type": "datetime", + "isDefaultDisplay": true + }, + { + "name": "Guid", + "type": "string", + "description": "Unique identifier (GUID) for the company in BitSight." + }, + { + "name": "Name", + "type": "string", + "description": "Name of the company." + }, + { + "name": "Shortname", + "type": "string", + "description": "Short name of the company." + }, + { + "name": "CompanyType", + "type": "string", + "description": "The type of entity (e.g., CURATED,PRIVATE)." + }, + { + "name": "Description", + "type": "string", + "description": "Description of the company." + }, + { + "name": "PrimaryDomain", + "type": "string", + "description": "Primary internet domain of the company." + }, + { + "name": "Homepage", + "type": "string", + "description": "URL of the company homepage." + }, + { + "name": "DisplayUrl", + "type": "string", + "description": "URL to the company overview page in BitSight portal." + }, + { + "name": "Sparkline", + "type": "string", + "description": "URL to the company rating sparkline image." + }, + { + "name": "Industry", + "type": "string", + "description": "Industry sector name." + }, + { + "name": "IndustrySlug", + "type": "string", + "description": "URL-friendly identifier for the industry." + }, + { + "name": "SubIndustry", + "type": "string", + "description": "Sub-industry name." + }, + { + "name": "SubIndustrySlug", + "type": "string", + "description": "URL-friendly identifier for the sub-industry." + }, + { + "name": "Ipv4Count", + "type": "int", + "description": "Number of IPv4 addresses attributed to the company." + }, + { + "name": "PeopleCount", + "type": "int", + "description": "Number of people associated with the company." + }, + { + "name": "SearchCount", + "type": "int", + "description": "Number of searches for the company." + }, + { + "name": "CustomerMonitoringCount", + "type": "int", + "description": "Number of customers monitoring this company." + }, + { + "name": "CurrentRating", + "type": "int", + "description": "Current overall BitSight security rating." + }, + { + "name": "RatingIndustryMedian", + "type": "string", + "description": "Comparison of company rating to industry median (e.g., above, below)." + }, + { + "name": "Ratings", + "type": "dynamic", + "description": "Array of historical rating snapshots, each with rating_date, rating, range, and rating_color." + }, + { + "name": "SubscriptionType", + "type": "string", + "description": "Type of BitSight subscription (e.g., Continuous Monitoring)." + }, + { + "name": "SubscriptionTypeKey", + "type": "string", + "description": "Machine-readable subscription type key." + }, + { + "name": "SubscriptionEndDate", + "type": "string", + "description": "Date the subscription ends (YYYY-MM-DD), or null." + }, + { + "name": "BulkEmailSenderStatus", + "type": "string", + "description": "Bulk email sender classification (e.g., NONE)." + }, + { + "name": "SecurityGrade", + "type": "string", + "description": "Security grade, if available." + }, + { + "name": "ServiceProvider", + "type": "boolean", + "description": "Indicates whether this company is a service provider." + }, + { + "name": "HasCompanyTree", + "type": "boolean", + "description": "Indicates whether the company has a company tree." + }, + { + "name": "HasPreferredContact", + "type": "boolean", + "description": "Indicates whether the company has a preferred contact." + }, + { + "name": "IsBundle", + "type": "boolean", + "description": "Indicates whether this is a bundle entry." + }, + { + "name": "IsPrimary", + "type": "boolean", + "description": "Indicates whether this is the primary company record." + }, + { + "name": "InSpmPortfolio", + "type": "boolean", + "description": "Indicates whether the company is in the SPM portfolio." + }, + { + "name": "IsMycompMysubsBundle", + "type": "boolean", + "description": "Indicates whether this is a my-company/my-subsidiaries bundle." + }, + { + "name": "IsCsp", + "type": "boolean", + "description": "Indicates whether the company is a cloud service provider." + }, + { + "name": "HasDelegatedSecurityControls", + "type": "boolean", + "description": "Indicates whether security controls have been delegated." + }, + { + "name": "CustomId", + "type": "dynamic", + "description": "Customer-assigned identifier for the company." + }, + { + "name": "AvailableUpgradeTypes", + "type": "dynamic", + "description": "Array of available upgrade types for this company." + }, + { + "name": "CompanyFeatures", + "type": "dynamic", + "description": "Array of feature flags enabled for the company." + }, + { + "name": "RelatedCompanies", + "type": "dynamic", + "description": "Array of related company references." + }, + { + "name": "PrimaryCompany", + "type": "dynamic", + "description": "Primary company object (guid, name), or null." + }, + { + "name": "ComplianceClaim", + "type": "dynamic", + "description": "Compliance claim object, or null." + }, + { + "name": "Permissions", + "type": "dynamic", + "description": "Object of permission flags for this company (can_annotate, can_view_forensics, etc.)." + }, + { + "name": "ConnectorName", + "type": "string", + "description": "Connection name identifier for multi-instance tracking." + } + ] + } + } + }, + { + "name": "BitSightCompanyRatingDetails_CL", + "apiVersion": "2022-10-01", + "type": "Microsoft.OperationalInsights/workspaces/tables", + "location": "[parameters('workspace-location')]", + "kind": null, + "properties": { + "retentionInDays": 180, + "schema": { + "name": "BitSightCompanyRatingDetails_CL", + "description": "The BitSightCompanyRatingDetails table contains per-risk-vector rating breakdowns for each portfolio company from the BitSight API ingested into Microsoft Sentinel.", + "columns": [ + { + "name": "TimeGenerated", + "type": "datetime", + "isDefaultDisplay": true + }, + { + "name": "CompanyName", + "type": "string", + "description": "Name of the company." + }, + { + "name": "CompanyGuid", + "type": "string", + "description": "GUID of the company." + }, + { + "name": "RiskVectorSlug", + "type": "string", + "description": "URL-friendly identifier for the risk vector (dict key — always null due to CCF JSONPath limitation; use RiskVectorLabel)." + }, + { + "name": "RiskVectorLabel", + "type": "string", + "description": "Human-readable name of the risk vector (API field: name)." + }, + { + "name": "RiskCategory", + "type": "string", + "description": "Parent risk category for the risk vector (API field: category)." + }, + { + "name": "CategoryOrder", + "type": "int", + "description": "Display order of the category." + }, + { + "name": "Rating", + "type": "int", + "description": "Numeric score for this risk vector." + }, + { + "name": "Grade", + "type": "string", + "description": "Letter grade for this risk vector." + }, + { + "name": "Percentile", + "type": "int", + "description": "Percentile rank compared to peers for this risk vector (0-100)." + }, + { + "name": "GradeColor", + "type": "string", + "description": "Hex color code associated with the grade for UI display (e.g., '#239563')." + }, + { + "name": "RiskVectorOrder", + "type": "int", + "description": "Display order of the risk vector within its category." + }, + { + "name": "DisplayUrl", + "type": "string", + "description": "URL to the risk vector detail page in BitSight portal." + }, + { + "name": "Beta", + "type": "boolean", + "description": "Indicates if this risk vector is in beta status." + }, + { + "name": "ConnectorName", + "type": "string", + "description": "Connection name identifier for multi-instance tracking." + } + ] + } + } + }, + { + "name": "BitSightDiligenceHistoricalStatistics_CL", + "apiVersion": "2022-10-01", + "type": "Microsoft.OperationalInsights/workspaces/tables", + "location": "[parameters('workspace-location')]", + "kind": null, + "properties": { + "retentionInDays": 180, + "schema": { + "name": "BitSightDiligenceHistoricalStatistics_CL", + "description": "The BitSightDiligenceHistoricalStatistics table contains historical diligence statistics per company over time from the BitSight API ingested into Microsoft Sentinel.", + "columns": [ + { + "name": "TimeGenerated", + "type": "datetime", + "isDefaultDisplay": true + }, + { + "name": "CompanyName", + "type": "string", + "description": "Name of the company." + }, + { + "name": "CompanyGuid", + "type": "string", + "description": "GUID of the company." + }, + { + "name": "RecordDate", + "type": "string", + "description": "The date of the historical record (YYYY-MM-DD)." + }, + { + "name": "Grade", + "type": "string", + "description": "Letter grade for this record period." + }, + { + "name": "Counts", + "type": "dynamic", + "description": "Array of per-category count objects ({ count, category }). Expanded row-per-category at query time by the KQL parser via mv-expand." + }, + { + "name": "ConnectorName", + "type": "string", + "description": "Connection name identifier for multi-instance tracking." + } + ] + } + } + }, + { + "name": "BitSightDiligenceStatistics_CL", + "apiVersion": "2022-10-01", + "type": "Microsoft.OperationalInsights/workspaces/tables", + "location": "[parameters('workspace-location')]", + "kind": null, + "properties": { + "retentionInDays": 180, + "schema": { + "name": "BitSightDiligenceStatistics_CL", + "description": "The BitSightDiligenceStatistics table contains diligence statistics per risk vector for each portfolio company from the BitSight API ingested into Microsoft Sentinel.", + "columns": [ + { + "name": "TimeGenerated", + "type": "datetime", + "isDefaultDisplay": true + }, + { + "name": "CompanyName", + "type": "string", + "description": "Name of the company." + }, + { + "name": "CompanyGuid", + "type": "string", + "description": "GUID of the company." + }, + { + "name": "RiskVector", + "type": "string", + "description": "Risk vector slug (dict key — always null due to CCF JSONPath limitation)." + }, + { + "name": "Unknown", + "type": "int", + "description": "Count of findings with unknown severity." + }, + { + "name": "Bad", + "type": "int", + "description": "Count of bad findings." + }, + { + "name": "Warn", + "type": "int", + "description": "Count of warn findings." + }, + { + "name": "Neutral", + "type": "int", + "description": "Count of neutral findings." + }, + { + "name": "Fair", + "type": "int", + "description": "Count of fair findings." + }, + { + "name": "Good", + "type": "int", + "description": "Count of good findings." + }, + { + "name": "SpearPhishing", + "type": "int", + "description": "[domain_squatting] Count of spear-phishing lookalike domains." + }, + { + "name": "BitFlip", + "type": "int", + "description": "[domain_squatting] Count of bit-flip lookalike domains." + }, + { + "name": "TypographicalErrors", + "type": "int", + "description": "[domain_squatting] Count of typographical-error lookalike domains." + }, + { + "name": "TldVariant", + "type": "int", + "description": "[domain_squatting] Count of TLD-variant lookalike domains." + }, + { + "name": "TotalCount", + "type": "int", + "description": "[domain_squatting] Total count of all lookalike domain types." + }, + { + "name": "ConnectorName", + "type": "string", + "description": "Connection name identifier for multi-instance tracking." + } + ] + } + } + }, + { + "name": "BitSightFindingsSummary_CL", + "apiVersion": "2022-10-01", + "type": "Microsoft.OperationalInsights/workspaces/tables", + "location": "[parameters('workspace-location')]", + "kind": null, + "properties": { + "retentionInDays": 180, + "schema": { + "name": "BitSightFindingsSummary_CL", + "description": "The BitSightFindingsSummary table contains findings summary statistics per risk vector for each monitored company. Severity and description enrichment is resolved at query time by joining with BitsightVulnerabilitiesFindingsSummary on Name == DisplayName.", + "columns": [ + { + "name": "TimeGenerated", + "type": "datetime", + "isDefaultDisplay": true + }, + { + "name": "CompanyName", + "type": "string", + "description": "Name of the company associated with the findings summary." + }, + { + "name": "CompanyGuid", + "type": "string", + "description": "GUID of the company associated with the findings summary." + }, + { + "name": "StartDate", + "type": "string", + "description": "Start date of the reporting period (YYYY-MM-DD)." + }, + { + "name": "EndDate", + "type": "string", + "description": "End date of the reporting period (YYYY-MM-DD)." + }, + { + "name": "Stats", + "type": "dynamic", + "description": "Array of per-stat objects. Expanded row-per-stat at query time by the KQL parser via mv-expand into Name, StatId, Confidence, EventCount, HostCount, FirstSeen columns." + }, + { + "name": "ConnectorName", + "type": "string", + "description": "Connection name identifier for multi-instance tracking." + } + ] + } + } + }, + { + "name": "BitsightIndustrialStatistics_CL", + "apiVersion": "2022-10-01", + "type": "Microsoft.OperationalInsights/workspaces/tables", + "location": "[parameters('workspace-location')]", + "kind": null, + "properties": { + "retentionInDays": 180, + "schema": { + "name": "BitsightIndustrialStatistics_CL", + "description": "The BitsightIndustrialStatistics table contains industry peer comparison statistics per risk vector for each portfolio company from the BitSight API ingested into Microsoft Sentinel.", + "columns": [ + { + "name": "TimeGenerated", + "type": "datetime", + "isDefaultDisplay": true + }, + { + "name": "CompanyName", + "type": "string", + "description": "Name of the company." + }, + { + "name": "CompanyGuid", + "type": "string", + "description": "GUID of the company." + }, + { + "name": "RiskVector", + "type": "string", + "description": "Risk vector slug (dict key — always null due to CCF JSONPath limitation)." + }, + { + "name": "IncidentCount", + "type": "int", + "description": "Number of incidents for this risk vector in the industry over the measured period." + }, + { + "name": "CountPeriod", + "type": "string", + "description": "Measurement period (e.g., 'year')." + }, + { + "name": "AverageDurationDays", + "type": "real", + "description": "Average duration in days for incidents of this risk vector in the industry." + }, + { + "name": "ConnectorName", + "type": "string", + "description": "Connection name identifier for multi-instance tracking." + } + ] + } + } + }, + { + "name": "BitSightObservationStatistics_CL", + "apiVersion": "2022-10-01", + "type": "Microsoft.OperationalInsights/workspaces/tables", + "location": "[parameters('workspace-location')]", + "kind": null, + "properties": { + "retentionInDays": 180, + "schema": { + "name": "BitSightObservationStatistics_CL", + "description": "The BitSightObservationStatistics table contains observations statistics per risk vector for each portfolio company from the BitSight API ingested into Microsoft Sentinel.", + "columns": [ + { + "name": "TimeGenerated", + "type": "datetime", + "isDefaultDisplay": true + }, + { + "name": "CompanyName", + "type": "string", + "description": "Name of the company." + }, + { + "name": "CompanyGuid", + "type": "string", + "description": "GUID of the company." + }, + { + "name": "RiskVector", + "type": "string", + "description": "Risk vector slug (dict key — always null due to CCF JSONPath limitation)." + }, + { + "name": "ObservationCount", + "type": "int", + "description": "Total number of observations for this risk vector in the measurement period." + }, + { + "name": "CountPeriod", + "type": "string", + "description": "Measurement period (e.g., 'year')." + }, + { + "name": "AverageDurationDays", + "type": "real", + "description": "Average duration in days for observations." + }, + { + "name": "ConnectorName", + "type": "string", + "description": "Connection name identifier for multi-instance tracking." + } + ] + } + } + }, + { + "name": "BitsightVulnerabilitiesFindingsSummary_CL", + "apiVersion": "2022-10-01", + "type": "Microsoft.OperationalInsights/workspaces/tables", + "location": "[parameters('workspace-location')]", + "kind": null, + "properties": { + "retentionInDays": 180, + "schema": { + "name": "BitsightVulnerabilitiesFindingsSummary_CL", + "description": "The BitsightVulnerabilitiesFindingsSummary table contains vulnerability reference data from the BitSight defaults API. Used at query time to enrich BitSightFindingsSummary with Severity and Description via the KQL parser.", + "columns": [ + { + "name": "TimeGenerated", + "type": "datetime", + "isDefaultDisplay": true + }, + { + "name": "Name", + "type": "string", + "description": "Slug identifier for the vulnerability type (e.g., 'patching_cadence')." + }, + { + "name": "DisplayName", + "type": "string", + "description": "Human-readable name of the vulnerability type." + }, + { + "name": "Description", + "type": "string", + "description": "Description of what the vulnerability type measures." + }, + { + "name": "Severity", + "type": "string", + "description": "Severity level of the vulnerability type (e.g., 'high', 'medium', 'low')." + }, + { + "name": "ConnectorName", + "type": "string", + "description": "Connection name identifier for multi-instance tracking." + } + ] + } + } + }, + { + "name": "BitSightAlerts_CL", + "apiVersion": "2022-10-01", + "type": "Microsoft.OperationalInsights/workspaces/tables", + "location": "[parameters('workspace-location')]", + "kind": null, + "properties": { + "retentionInDays": 180, + "schema": { + "name": "BitSightAlerts_CL", + "description": "The BitSightAlerts table contains alert records from the BitSight API representing changes and news triggers for monitored portfolio companies ingested into Microsoft Sentinel.", + "columns": [ + { + "name": "TimeGenerated", + "type": "datetime", + "isDefaultDisplay": true + }, + { + "name": "Guid", + "type": "string", + "description": "Unique identifier of the alert." + }, + { + "name": "AlertType", + "type": "string", + "description": "The type of alert (e.g., THIRD_PARTY_INTEL)." + }, + { + "name": "AlertDate", + "type": "string", + "description": "The date the alert was triggered (YYYY-MM-DD)." + }, + { + "name": "StartDate", + "type": "string", + "description": "The start date of the alert (YYYY-MM-DD)." + }, + { + "name": "CompanyName", + "type": "string", + "description": "Name of the company associated with the alert." + }, + { + "name": "CompanyGuid", + "type": "string", + "description": "GUID of the company associated with the alert." + }, + { + "name": "CompanyUrl", + "type": "string", + "description": "URL of the company associated with the alert." + }, + { + "name": "FolderGuid", + "type": "string", + "description": "Folder GUID associated with the alert." + }, + { + "name": "FolderName", + "type": "string", + "description": "Folder name associated with the alert." + }, + { + "name": "Severity", + "type": "string", + "description": "Alert severity level (e.g., INFORMATIONAL)." + }, + { + "name": "Trigger", + "type": "string", + "description": "What triggered the alert." + }, + { + "name": "AlertSetName", + "type": "string", + "description": "Name of the alert set." + }, + { + "name": "AlertSetGuid", + "type": "string", + "description": "GUID of the alert set." + }, + { + "name": "ConnectorName", + "type": "string", + "description": "Connection name assigned during connector setup." + } + ] + } + } + }, + { + "name": "BitSightBreaches_CL", + "apiVersion": "2022-10-01", + "type": "Microsoft.OperationalInsights/workspaces/tables", + "location": "[parameters('workspace-location')]", + "kind": null, + "properties": { + "retentionInDays": 180, + "schema": { + "name": "BitSightBreaches_CL", + "description": "The BitSightBreaches table contains data breach records from the BitSight API for monitored portfolio companies ingested into Microsoft Sentinel.", + "columns": [ + { + "name": "TimeGenerated", + "type": "datetime", + "isDefaultDisplay": true + }, + { + "name": "CompanyGuid", + "type": "string", + "description": "GUID of the company that experienced the breach (enriched)." + }, + { + "name": "CompanyName", + "type": "string", + "description": "Name of the company that experienced the breach (enriched)." + }, + { + "name": "Guid", + "type": "string", + "description": "Unique identifier of the breach event." + }, + { + "name": "BreachDate", + "type": "string", + "description": "Date the breach event was recorded (YYYY-MM-DD)." + }, + { + "name": "DateCreated", + "type": "string", + "description": "Date this breach record was created in BitSight." + }, + { + "name": "Text", + "type": "string", + "description": "Description of the breach event." + }, + { + "name": "PreviewUrl", + "type": "string", + "description": "URL to a preview article about the breach." + }, + { + "name": "EventType", + "type": "string", + "description": "Breach event category (e.g., Human Error, Hacking)." + }, + { + "name": "EventTypeDescription", + "type": "string", + "description": "Detailed description of the breach event type." + }, + { + "name": "Severity", + "type": "int", + "description": "Numeric severity level of the breach." + }, + { + "name": "BreachedCompanies", + "type": "dynamic", + "description": "Array of companies directly affected by the breach." + }, + { + "name": "DependentCompanies", + "type": "dynamic", + "description": "Array of dependent companies impacted by this breach." + }, + { + "name": "ConnectorName", + "type": "string", + "description": "Connection name assigned during connector setup." + } + ] + } + } + } + ] + }, + "packageKind": "Solution", + "packageVersion": "[variables('_solutionVersion')]", + "packageName": "[variables('_solutionName')]", + "contentProductId": "[concat(take(variables('_solutionId'), 50),'-','dc','-', uniqueString(concat(variables('_solutionId'),'-','DataConnector','-',variables('_dataConnectorContentIdConnectorDefinition2'),'-', variables('dataConnectorCCPVersion'))))]", + "packageId": "[variables('_solutionId')]", + "contentSchemaVersion": "3.0.0", + "version": "[variables('dataConnectorCCPVersion')]" + } + }, + { + "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',variables('_dataConnectorContentIdConnectorDefinition2'))]", + "apiVersion": "2022-09-01-preview", + "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectorDefinitions", + "location": "[parameters('workspace-location')]", + "kind": "Customizable", + "properties": { + "connectorUiConfig": { + "id": "BitSightEventsConnector", + "title": "BitSight Security Events (via Codeless Connector Framework)", + "publisher": "Microsoft", + "descriptionMarkdown": "The [BitSight](https://www.bitsight.com/) data connector provides the capability to ingest security alerts, breaches, and findings from your BitSight portfolio into Microsoft Sentinel through the BitSight REST API. The connector monitors portfolio companies for rating changes, news alerts, data breaches, and detailed security findings across Diligence, Compromised Systems, and User Behavior risk categories. Refer to the [BitSight API documentation](https://help.bitsighttech.com/hc/en-us/articles/115014888388-API-Token-Management) for more information.", + "graphQueriesTableName": "BitSightAlerts", + "graphQueries": [ + { + "metricName": "Total Alerts received", + "legend": "BitSight Alerts", + "baseQuery": "{{graphQueriesTableName}}" + }, + { + "metricName": "Total Breaches received", + "legend": "BitSight Breaches", + "baseQuery": "BitSightBreaches" + }, + { + "metricName": "Total Findings received", + "legend": "BitSight Findings", + "baseQuery": "BitSightFindings" + } + ], + "sampleQueries": [ + { + "description": "Get sample of BitSight Alerts", + "query": "BitSightAlerts\n | take 10" + }, + { + "description": "Get recent high-severity alerts", + "query": "BitSightAlerts\n | where severity in ('WARN', 'CRITICAL') and TimeGenerated > ago(7d)\n | project TimeGenerated, company_name, alert_type, severity\n | order by TimeGenerated desc" + }, + { + "description": "Get sample of BitSight Findings", + "query": "BitSightFindings\n | take 10" + }, + { + "description": "Get active severe findings", + "query": "BitSightFindings\n | where currently_active == true and severity_category in ('MATERIAL', 'SEVERE')\n | project TimeGenerated, company_name, risk_vector_label, severity_category, severity, first_seen\n | order by severity desc" + }, + { + "description": "Get sample of BitSight Breaches", + "query": "BitSightBreaches\n | take 10" + } + ], + "dataTypes": [ + { + "name": "{{graphQueriesTableName}}", + "lastDataReceivedQuery": "{{graphQueriesTableName}}\n | where TimeGenerated > ago(12h)\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" + }, + { + "name": "BitSightBreaches", + "lastDataReceivedQuery": "BitSightBreaches\n | where TimeGenerated > ago(12h)\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" + }, + { + "name": "BitSightFindings", + "lastDataReceivedQuery": "BitSightFindings\n | where TimeGenerated > ago(12h)\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" + } + ], + "connectivityCriteria": [ + { + "type": "HasDataConnectors" + } + ], + "availability": { + "isPreview": true, + "status": 1 + }, + "permissions": { + "resourceProvider": [ + { + "provider": "Microsoft.OperationalInsights/workspaces", + "permissionsDisplayText": "Read and Write permissions are required.", + "providerDisplayName": "Workspace", + "scope": "Workspace", + "requiredPermissions": { + "write": true, + "read": true, + "delete": true, + "action": false + } + } + ], + "customs": [ + { + "name": "BitSight API Token", + "description": "A BitSight API Token is required to authenticate requests to the BitSight REST API. [See the documentation](https://help.bitsighttech.com/hc/en-us/articles/115014888388-API-Token-Management) to learn more about API Token management." + } + ] + }, + "instructionSteps": [ + { + "title": "1. Connection Management", + "description": "Manage your BitSight data stream connections", + "instructions": [ + { + "type": "Markdown", + "parameters": { + "content": "## BitSight Connections\n\nManage multiple BitSight data stream connections. Each connection selects a specific data type - **Alerts**, **Breaches**, or **Findings** - and assigns a **Connection Name** that is stored in the `ConnectorName` column of every ingested record.\n\n> **Authentication**: BitSight uses HTTP Basic Authentication where the API token is used as **both** the username and password." + } + }, + { + "type": "DataConnectorsGrid", + "parameters": { + "mapping": [ + { + "columnName": "Connection Name", + "columnValue": "properties.addOnAttributes.friendlyName" + }, + { + "columnName": "Data Stream", + "columnValue": "properties.addOnAttributes.userStream" + }, + { + "columnName": "API URL", + "columnValue": "properties.request.apiEndpoint" + } + ], + "menuItems": [ + "DeleteConnector" + ] + } + }, + { + "type": "ContextPane", + "parameters": { + "isPrimary": true, + "label": "Add Connection", + "title": "Add BitSight Connection", + "subtitle": "Configure a new BitSight data stream connection", + "contextPaneType": "DataConnectorsContextPane", + "instructionSteps": [ + { + "instructions": [ + { + "type": "Markdown", + "parameters": { + "content": "## 1. Select Data Stream\n\nChoose which BitSight data type to collect for this connection. Create separate connections for each stream you want to ingest." + } + }, + { + "type": "Dropdown", + "parameters": { + "label": "Data Stream", + "name": "dataStream", + "options": [ + { + "key": "ALERTS", + "text": "Alerts - Rating changes and news events (BitSightAlerts)" + }, + { + "key": "BREACHES", + "text": "Breaches - Data breach events for portfolio companies (BitSightBreaches)" + }, + { + "key": "DILIGENCE", + "text": "Diligence Findings - Web, app, and network risk factors (BitSightFindings)" + }, + { + "key": "COMPROMISED_SYSTEMS", + "text": "Compromised Systems Findings - Botnet and malware activity (BitSightFindings)" + }, + { + "key": "USER_BEHAVIOR", + "text": "User Behavior Findings - Credential and employee risk activity (BitSightFindings)" + } + ], + "required": true + } + }, + { + "type": "Markdown", + "parameters": { + "content": "## 2. API Configuration" + } + }, + { + "type": "Textbox", + "parameters": { + "label": "BitSight API Base URL", + "placeholder": "https://api.bitsighttech.com", + "type": "text", + "name": "bitSightApiUrl", + "validations": { + "required": true + } + } + }, + { + "type": "Markdown", + "parameters": { + "content": "## 3. Authentication\n\nBitSight uses your API token as **both** the username and password for HTTP Basic Authentication." + } + }, + { + "type": "Textbox", + "parameters": { + "label": "BitSight API Token (Username)", + "placeholder": "Paste your BitSight API Token", + "type": "text", + "name": "username", + "validations": { + "required": true + } + } + }, + { + "type": "Textbox", + "parameters": { + "label": "BitSight API Token (Password)", + "placeholder": "Paste your BitSight API Token again", + "type": "password", + "name": "password", + "validations": { + "required": true + } + } + }, + { + "type": "InfoMessage", + "parameters": { + "text": "Both fields must contain the **same API token value**. Entering different values will cause authentication to fail.", + "visible": true, + "inline": false + } + }, + { + "type": "InfoMessage", + "parameters": { + "text": "Obtain your API Token from **Settings > Account > User Preferences > API Token** in the BitSight portal.", + "visible": true, + "inline": false + } + }, + { + "type": "Markdown", + "parameters": { + "content": "## 4. Connection Name\n\nAssign a unique name to identify this connection in the grid and in every ingested log record." + } + }, + { + "type": "Textbox", + "parameters": { + "label": "Connection Name", + "placeholder": "e.g. BitSight-Alerts-Prod", + "type": "text", + "name": "friendlyName", + "validations": { + "required": true + } + } + }, + { + "type": "InfoMessage", + "parameters": { + "text": "The connection name is stored in the `ConnectorName` column of every ingested record, enabling you to trace data back to this specific connection.", + "visible": true, + "inline": true + } + } + ] + } + ] + } + } + ] + } + ] + } + } + }, + { + "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('DataConnector-', variables('_dataConnectorContentIdConnectorDefinition2')))]", + "apiVersion": "2022-01-01-preview", + "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", + "properties": { + "parentId": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectorDefinitions', variables('_dataConnectorContentIdConnectorDefinition2'))]", + "contentId": "[variables('_dataConnectorContentIdConnectorDefinition2')]", + "kind": "DataConnector", + "version": "[variables('dataConnectorCCPVersion')]", + "source": { + "sourceId": "[variables('_solutionId')]", + "name": "[variables('_solutionName')]", + "kind": "Solution" + }, + "author": { + "name": "Microsoft", + "email": "[variables('_email')]" + }, + "support": { + "name": "BitSight Support", + "email": "support@bitsight.com", + "tier": "Partner", + "link": "https://www.bitsight.com/customer-success-support" + }, + "dependencies": { + "criteria": [ + { + "version": "[variables('dataConnectorCCPVersion')]", + "contentId": "[variables('_dataConnectorContentIdConnections2')]", + "kind": "ResourcesDataConnector" + } + ] + } + } + }, + { + "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates", + "apiVersion": "2023-04-01-preview", + "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/', variables('dataConnectorTemplateNameConnections2'), variables('dataConnectorCCPVersion'))]", + "location": "[parameters('workspace-location')]", + "dependsOn": [ + "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" + ], + "properties": { + "contentId": "[variables('_dataConnectorContentIdConnections2')]", + "displayName": "BitSight Security Events (via Codeless Connector Framework)", + "contentKind": "ResourcesDataConnector", + "mainTemplate": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "[variables('dataConnectorCCPVersion')]", + "parameters": { + "guidValue": { + "defaultValue": "[[newGuid()]", + "type": "securestring" + }, + "innerWorkspace": { + "defaultValue": "[parameters('workspace')]", + "type": "securestring" + }, + "connectorDefinitionName": { + "defaultValue": "BitSight Security Events (via Codeless Connector Framework)", + "type": "securestring", + "minLength": 1 + }, + "workspace": { + "defaultValue": "[parameters('workspace')]", + "type": "securestring" + }, + "dcrConfig": { + "defaultValue": { + "dataCollectionEndpoint": "data collection Endpoint", + "dataCollectionRuleImmutableId": "data collection rule immutableId" + }, + "type": "object" + }, + "dataStream": { + "defaultValue": "dataStream", + "type": "array" + }, + "bitSightApiUrl": { + "defaultValue": "bitSightApiUrl", + "type": "securestring", + "minLength": 1 + }, + "username": { + "defaultValue": "username", + "type": "securestring", + "minLength": 1 + }, + "password": { + "defaultValue": "password", + "type": "securestring", + "minLength": 1 + }, + "friendlyName": { + "defaultValue": "friendlyName", + "type": "securestring", + "minLength": 1 + } + }, + "variables": { + "_dataConnectorContentIdConnections2": "[variables('_dataConnectorContentIdConnections2')]" + }, + "resources": [ + { + "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('DataConnector-', variables('_dataConnectorContentIdConnections2')))]", + "apiVersion": "2022-01-01-preview", + "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", + "properties": { + "parentId": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectors', variables('_dataConnectorContentIdConnections2'))]", + "contentId": "[variables('_dataConnectorContentIdConnections2')]", + "kind": "ResourcesDataConnector", + "version": "[variables('dataConnectorCCPVersion')]", + "source": { + "sourceId": "[variables('_solutionId')]", + "name": "[variables('_solutionName')]", + "kind": "Solution" + }, + "author": { + "name": "Microsoft", + "email": "[variables('_email')]" + }, + "support": { + "name": "BitSight Support", + "email": "support@bitsight.com", + "tier": "Partner", + "link": "https://www.bitsight.com/customer-success-support" + } + } + }, + { + "name": "[[concat('parameters('workspace')', '/Microsoft.SecurityInsights/','BitSightAlerts' , uniqueString(parameters('friendlyName')) )]", + "apiVersion": "2023-02-01-preview", + "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectors", + "location": "[parameters('workspace-location')]", + "kind": "RestApiPoller", + "properties": { + "auth": { + "type": "Basic", + "UserName": "[[parameters('username')]", + "Password": "[[parameters('password')]" + }, + "request": { + "apiEndpoint": "[[concat(parameters('bitSightApiUrl'), '/v2/alerts/')]", + "httpMethod": "GET", + "rateLimitQPS": 1, + "paginatedCallsPerSecond": 1.0, + "queryWindowInMin": 1440, + "queryWindowDelayInMin": 30, + "queryTimeFormat": "yyyy-MM-dd", + "retryCount": 3, + "timeoutInSeconds": 30, + "headers": { + "Accept": "application/json", + "X-BITSIGHT-CALLING-PLATFORM-VERSION": "Microsoft-Sentinel", + "X-BITSIGHT-CONNECTOR-NAME-VERSION": "3.0.2" + }, + "queryParameters": { + "sort": "alert_date", + "alert_date_gte": "{_QueryWindowStartTime}", + "alert_date_lte": "{_QueryWindowEndTime}" + } + }, + "response": { + "eventsJsonPaths": [ + "$.results[*]" + ], + "format": "json" + }, + "paging": { + "pagingType": "Offset", + "offsetParaName": "offset", + "pageSize": 1000, + "pageSizeParameterName": "limit" + }, + "connectorDefinitionName": "BitSightEventsConnector", + "dataType": "BitSightAlerts", + "dcrConfig": { + "streamName": "Custom-BitSightAlerts_CL", + "dataCollectionEndpoint": "[[parameters('dcrConfig').dataCollectionEndpoint]", + "dataCollectionRuleImmutableId": "[[parameters('dcrConfig').dataCollectionRuleImmutableId]" + }, + "addOnAttributes": { + "friendlyName": "[[parameters('friendlyName')]", + "userStream": "ALERTS" + } + }, + "condition": "[[equals(parameters('dataStream')[0], 'ALERTS')]" + }, + { + "name": "[[concat('parameters('workspace')', '/Microsoft.SecurityInsights/','BitSightBreaches' , uniqueString(parameters('friendlyName')) )]", + "apiVersion": "2023-02-01-preview", + "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectors", + "location": "[parameters('workspace-location')]", + "kind": "RestApiPoller", + "properties": { + "auth": { + "type": "Basic", + "UserName": "[[parameters('username')]", + "Password": "[[parameters('password')]" + }, + "request": { + "apiEndpoint": "[[concat(parameters('bitSightApiUrl'), '/ratings/v2/portfolio')]", + "httpMethod": "GET", + "rateLimitQPS": 1, + "paginatedCallsPerSecond": 1.0, + "queryWindowInMin": 1440, + "queryWindowDelayInMin": 60, + "retryCount": 3, + "timeoutInSeconds": 30, + "headers": { + "Accept": "application/json", + "X-BITSIGHT-CALLING-PLATFORM-VERSION": "Microsoft-Sentinel", + "X-BITSIGHT-CONNECTOR-NAME-VERSION": "3.0.2" + }, + "queryParameters": { + "fields": "name,guid" + } + }, + "response": { + "eventsJsonPaths": [ + "$.results[*]" + ], + "format": "json" + }, + "paging": { + "pagingType": "Offset", + "offsetParaName": "offset", + "pageSize": 500, + "pageSizeParameterName": "limit" + }, + "stepInfo": { + "stepType": "Nested", + "nextSteps": [ + { + "stepId": "fetch_company_breaches", + "stepPlaceholdersParsingKql": "source | project res = parse_json(data) | project company_guid_PlaceHolder = tostring(res['guid']), company_name_PlaceHolder = tostring(res['name'])" + } + ] + }, + "stepCollectorConfigs": { + "fetch_company_breaches": { + "shouldJoinNestedData": false, + "request": { + "apiEndpoint": "[[concat(parameters('bitSightApiUrl'), '/v1/companies/$company_guid_PlaceHolder$/providers/breaches')]", + "httpMethod": "GET", + "queryWindowInMin": 1440, + "queryTimeFormat": "yyyy-MM-dd", + "retryCount": 3, + "timeoutInSeconds": 30, + "headers": { + "Accept": "application/json", + "X-BITSIGHT-CALLING-PLATFORM-VERSION": "Microsoft-Sentinel", + "X-BITSIGHT-CONNECTOR-NAME-VERSION": "3.0.2" + }, + "queryParameters": { + "date_created_gte": "{_QueryWindowStartTime}", + "date_created_lte": "{_QueryWindowEndTime}" + } + }, + "response": { + "eventsJsonPaths": [ + "$.results[*]" + ], + "format": "json" + }, + "paging": { + "pagingType": "Offset", + "offsetParaName": "offset", + "pageSize": 500, + "pageSizeParaName": "limit" + } + } + }, + "connectorDefinitionName": "BitSightEventsConnector", + "dataType": "BitSightBreaches", + "dcrConfig": { + "streamName": "Custom-BitSightBreaches_CL", + "dataCollectionEndpoint": "[[parameters('dcrConfig').dataCollectionEndpoint]", + "dataCollectionRuleImmutableId": "[[parameters('dcrConfig').dataCollectionRuleImmutableId]" + }, + "addOnAttributes": { + "company_guid": "$company_guid_PlaceHolder$", + "company_name": "$company_name_PlaceHolder$", + "friendlyName": "[[parameters('friendlyName')]", + "userStream": "BREACHES" + } + }, + "condition": "[[equals(parameters('dataStream')[0], 'BREACHES')]" + }, + { + "name": "[[concat('parameters('workspace')', '/Microsoft.SecurityInsights/','BitSightFindings' , uniqueString(parameters('friendlyName')), uniqueString('Diligence') )]", + "apiVersion": "2023-02-01-preview", + "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectors", + "location": "[parameters('workspace-location')]", + "kind": "RestApiPoller", + "properties": { + "auth": { + "type": "Basic", + "UserName": "[[parameters('username')]", + "Password": "[[parameters('password')]" + }, + "request": { + "apiEndpoint": "[[concat(parameters('bitSightApiUrl'), '/ratings/v2/portfolio')]", + "httpMethod": "GET", + "rateLimitQPS": 1, + "paginatedCallsPerSecond": 1.0, + "queryWindowInMin": 1, + "queryWindowDelayInMin": 60, + "retryCount": 3, + "timeoutInSeconds": 30, + "headers": { + "Accept": "application/json", + "X-BITSIGHT-CALLING-PLATFORM-VERSION": "Microsoft-Sentinel", + "X-BITSIGHT-CONNECTOR-NAME-VERSION": "3.0.2" + }, + "queryParameters": { + "fields": "name,guid" + } + }, + "response": { + "eventsJsonPaths": [ + "$.results[*]" + ], + "format": "json" + }, + "paging": { + "pagingType": "Offset", + "offsetParaName": "offset", + "pageSize": 500, + "pageSizeParameterName": "limit" + }, + "stepInfo": { + "stepType": "Nested", + "nextSteps": [ + { + "stepId": "fetch_company_findings", + "stepPlaceholdersParsingKql": "source | project res = parse_json(data) | project company_guid_PlaceHolder = tostring(res['guid']), company_name_PlaceHolder = tostring(res['name'])" + } + ] + }, + "stepCollectorConfigs": { + "fetch_company_findings": { + "shouldJoinNestedData": false, + "request": { + "apiEndpoint": "[[concat(parameters('bitSightApiUrl'), '/ratings/v1/companies/$company_guid_PlaceHolder$/findings')]", + "httpMethod": "GET", + "queryWindowInMin": 1440, + "queryTimeFormat": "yyyy-MM-dd", + "retryCount": 3, + "timeoutInSeconds": 30, + "headers": { + "Accept": "application/json", + "X-BITSIGHT-CALLING-PLATFORM-VERSION": "Microsoft-Sentinel", + "X-BITSIGHT-CONNECTOR-NAME-VERSION": "3.0.2" + }, + "queryParameters": { + "sort": "last_seen", + "expand": "attributed_companies", + "risk_category": "Diligence", + "last_seen_gte": "{_QueryWindowStartTime}", + "last_seen_lte": "{_QueryWindowEndTime}" + } + }, + "response": { + "eventsJsonPaths": [ + "$.results[*]" + ], + "format": "json" + }, + "paging": { + "pagingType": "Offset", + "offsetParaName": "offset", + "pageSize": 1000, + "pageSizeParaName": "limit" + } + } + }, + "connectorDefinitionName": "BitSightEventsConnector", + "dataType": "BitSightFindings", + "dcrConfig": { + "streamName": "Custom-BitSightFindings_CL", + "dataCollectionEndpoint": "[[parameters('dcrConfig').dataCollectionEndpoint]", + "dataCollectionRuleImmutableId": "[[parameters('dcrConfig').dataCollectionRuleImmutableId]" + }, + "addOnAttributes": { + "company_guid": "$company_guid_PlaceHolder$", + "company_name": "$company_name_PlaceHolder$", + "userStream": "DILIGENCE", + "friendlyName": "[[parameters('friendlyName')]" + } + }, + "condition": "[[equals(parameters('dataStream')[0], 'DILIGENCE')]" + }, + { + "name": "[[concat('parameters('workspace')', '/Microsoft.SecurityInsights/','BitSightFindings' , uniqueString(parameters('friendlyName')), uniqueString('Compromised Systems') )]", + "apiVersion": "2023-02-01-preview", + "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectors", + "location": "[parameters('workspace-location')]", + "kind": "RestApiPoller", + "properties": { + "auth": { + "type": "Basic", + "UserName": "[[parameters('username')]", + "Password": "[[parameters('password')]" + }, + "request": { + "apiEndpoint": "[[concat(parameters('bitSightApiUrl'), '/ratings/v2/portfolio')]", + "httpMethod": "GET", + "rateLimitQPS": 1, + "paginatedCallsPerSecond": 1.0, + "queryWindowInMin": 1, + "queryWindowDelayInMin": 60, + "retryCount": 3, + "timeoutInSeconds": 30, + "headers": { + "Accept": "application/json", + "X-BITSIGHT-CALLING-PLATFORM-VERSION": "Microsoft-Sentinel", + "X-BITSIGHT-CONNECTOR-NAME-VERSION": "3.0.2" + }, + "queryParameters": { + "fields": "name,guid" + } + }, + "response": { + "eventsJsonPaths": [ + "$.results[*]" + ], + "format": "json" + }, + "paging": { + "pagingType": "Offset", + "offsetParaName": "offset", + "pageSize": 500, + "pageSizeParameterName": "limit" + }, + "stepInfo": { + "stepType": "Nested", + "nextSteps": [ + { + "stepId": "fetch_company_findings", + "stepPlaceholdersParsingKql": "source | project res = parse_json(data) | project company_guid_PlaceHolder = tostring(res['guid']), company_name_PlaceHolder = tostring(res['name'])" + } + ] + }, + "stepCollectorConfigs": { + "fetch_company_findings": { + "shouldJoinNestedData": false, + "request": { + "apiEndpoint": "[[concat(parameters('bitSightApiUrl'), '/ratings/v1/companies/$company_guid_PlaceHolder$/findings')]", + "httpMethod": "GET", + "queryWindowInMin": 1440, + "queryTimeFormat": "yyyy-MM-dd", + "retryCount": 3, + "timeoutInSeconds": 30, + "headers": { + "Accept": "application/json", + "X-BITSIGHT-CALLING-PLATFORM-VERSION": "Microsoft-Sentinel", + "X-BITSIGHT-CONNECTOR-NAME-VERSION": "3.0.2" + }, + "queryParameters": { + "sort": "last_seen", + "expand": "attributed_companies", + "risk_category": "Compromised Systems", + "last_seen_gte": "{_QueryWindowStartTime}", + "last_seen_lte": "{_QueryWindowEndTime}" + } + }, + "response": { + "eventsJsonPaths": [ + "$.results[*]" + ], + "format": "json" + }, + "paging": { + "pagingType": "Offset", + "offsetParaName": "offset", + "pageSize": 1000, + "pageSizeParaName": "limit" + } + } + }, + "connectorDefinitionName": "BitSightEventsConnector", + "dataType": "BitSightFindings", + "dcrConfig": { + "streamName": "Custom-BitSightFindings_CL", + "dataCollectionEndpoint": "[[parameters('dcrConfig').dataCollectionEndpoint]", + "dataCollectionRuleImmutableId": "[[parameters('dcrConfig').dataCollectionRuleImmutableId]" + }, + "addOnAttributes": { + "company_guid": "$company_guid_PlaceHolder$", + "company_name": "$company_name_PlaceHolder$", + "userStream": "COMPROMISED_SYSTEMS", + "friendlyName": "[[parameters('friendlyName')]" + } + }, + "condition": "[[equals(parameters('dataStream')[0], 'COMPROMISED_SYSTEMS')]" + }, + { + "name": "[[concat('parameters('workspace')', '/Microsoft.SecurityInsights/','BitSightFindings' , uniqueString(parameters('friendlyName')), uniqueString('User Behavior') )]", + "apiVersion": "2023-02-01-preview", + "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectors", + "location": "[parameters('workspace-location')]", + "kind": "RestApiPoller", + "properties": { + "auth": { + "type": "Basic", + "UserName": "[[parameters('username')]", + "Password": "[[parameters('password')]" + }, + "request": { + "apiEndpoint": "[[concat(parameters('bitSightApiUrl'), '/ratings/v2/portfolio')]", + "httpMethod": "GET", + "rateLimitQPS": 1, + "paginatedCallsPerSecond": 1.0, + "queryWindowInMin": 1, + "queryWindowDelayInMin": 60, + "retryCount": 3, + "timeoutInSeconds": 30, + "headers": { + "Accept": "application/json", + "X-BITSIGHT-CALLING-PLATFORM-VERSION": "Microsoft-Sentinel", + "X-BITSIGHT-CONNECTOR-NAME-VERSION": "3.0.2" + }, + "queryParameters": { + "fields": "name,guid" + } + }, + "response": { + "eventsJsonPaths": [ + "$.results[*]" + ], + "format": "json" + }, + "paging": { + "pagingType": "Offset", + "offsetParaName": "offset", + "pageSize": 500, + "pageSizeParameterName": "limit" + }, + "stepInfo": { + "stepType": "Nested", + "nextSteps": [ + { + "stepId": "fetch_company_findings", + "stepPlaceholdersParsingKql": "source | project res = parse_json(data) | project company_guid_PlaceHolder = tostring(res['guid']), company_name_PlaceHolder = tostring(res['name'])" + } + ] + }, + "stepCollectorConfigs": { + "fetch_company_findings": { + "shouldJoinNestedData": false, + "request": { + "apiEndpoint": "[[concat(parameters('bitSightApiUrl'), '/ratings/v1/companies/$company_guid_PlaceHolder$/findings')]", + "httpMethod": "GET", + "queryWindowInMin": 1440, + "queryTimeFormat": "yyyy-MM-dd", + "retryCount": 3, + "timeoutInSeconds": 30, + "headers": { + "Accept": "application/json", + "X-BITSIGHT-CALLING-PLATFORM-VERSION": "Microsoft-Sentinel", + "X-BITSIGHT-CONNECTOR-NAME-VERSION": "3.0.2" + }, + "queryParameters": { + "sort": "last_seen", + "expand": "attributed_companies", + "risk_category": "User Behavior", + "last_seen_gte": "{_QueryWindowStartTime}", + "last_seen_lte": "{_QueryWindowEndTime}" + } + }, + "response": { + "eventsJsonPaths": [ + "$.results[*]" + ], + "format": "json" + }, + "paging": { + "pagingType": "Offset", + "offsetParaName": "offset", + "pageSize": 1000, + "pageSizeParaName": "limit" + } + } + }, + "connectorDefinitionName": "BitSightEventsConnector", + "dataType": "BitSightFindings", + "dcrConfig": { + "streamName": "Custom-BitSightFindings_CL", + "dataCollectionEndpoint": "[[parameters('dcrConfig').dataCollectionEndpoint]", + "dataCollectionRuleImmutableId": "[[parameters('dcrConfig').dataCollectionRuleImmutableId]" + }, + "addOnAttributes": { + "company_guid": "$company_guid_PlaceHolder$", + "company_name": "$company_name_PlaceHolder$", + "userStream": "USER_BEHAVIOR", + "friendlyName": "[[parameters('friendlyName')]" + } + }, + "condition": "[[equals(parameters('dataStream')[0], 'USER_BEHAVIOR')]" + } + ] + }, + "packageKind": "Solution", + "packageVersion": "[variables('_solutionVersion')]", + "packageName": "[variables('_solutionName')]", + "contentProductId": "[concat(take(variables('_solutionId'), 50),'-','rdc','-', uniqueString(concat(variables('_solutionId'),'-','ResourcesDataConnector','-',variables('_dataConnectorContentIdConnections2'),'-', variables('dataConnectorCCPVersion'))))]", + "packageId": "[variables('_solutionId')]", + "contentSchemaVersion": "3.0.0", + "version": "[variables('dataConnectorCCPVersion')]" + } + }, + { + "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates", + "apiVersion": "2023-04-01-preview", + "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/', variables('dataConnectorTemplateNameConnectorDefinition3'), variables('dataConnectorCCPVersion'))]", + "location": "[parameters('workspace-location')]", + "dependsOn": [ + "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" + ], + "properties": { + "contentId": "[variables('_dataConnectorContentIdConnectorDefinition3')]", + "displayName": "BitSight Security Statistics (via Codeless Connector Framework)", + "contentKind": "DataConnector", + "mainTemplate": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "[variables('dataConnectorCCPVersion')]", + "parameters": {}, + "variables": {}, + "resources": [ + { + "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',variables('_dataConnectorContentIdConnectorDefinition3'))]", + "apiVersion": "2022-09-01-preview", + "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectorDefinitions", + "location": "[parameters('workspace-location')]", + "kind": "Customizable", + "properties": { + "connectorUiConfig": { + "id": "BitSightStatisticsConnector", + "title": "BitSight Security Statistics (via Codeless Connector Framework)", + "publisher": "Microsoft", + "descriptionMarkdown": "The [BitSight](https://www.bitsight.com/) data connector provides the capability to ingest security statistics, company profiles, rating details, diligence history, risk vector statistics, and vulnerability data from your BitSight portfolio into Microsoft Sentinel through the BitSight REST API. Refer to the [BitSight API documentation](https://help.bitsighttech.com/hc/en-us/articles/115014888388-API-Token-Management) for more information.", + "graphQueriesTableName": "BitSightCompanyDetails", + "graphQueries": [ + { + "metricName": "Total Company Detail records received", + "legend": "BitSight Company Details", + "baseQuery": "{{graphQueriesTableName}}" + }, + { + "metricName": "Total Company Rating Details received", + "legend": "BitSight Company Rating Details", + "baseQuery": "BitSightCompanyRatingDetails" + }, + { + "metricName": "Total Diligence Historical Statistics received", + "legend": "BitSight Diligence Historical Statistics", + "baseQuery": "BitSightDiligenceHistoricalStatistics" + }, + { + "metricName": "Total Diligence Statistics received", + "legend": "BitSight Diligence Statistics", + "baseQuery": "BitSightDiligenceStatistics" + }, + { + "metricName": "Total Observations Statistics received", + "legend": "BitSight Observations Statistics", + "baseQuery": "BitSightObservationStatistics" + }, + { + "metricName": "Total Industries Statistics received", + "legend": "BitSight Industries Statistics", + "baseQuery": "BitsightIndustrialStatistics" + }, + { + "metricName": "Total Findings Summary records received", + "legend": "BitSight Findings Summary", + "baseQuery": "BitSightFindingsSummary" + }, + { + "metricName": "Total Vulnerabilities received", + "legend": "BitSight Vulnerabilities", + "baseQuery": "BitsightVulnerabilitiesFindingsSummary" + } + ], + "sampleQueries": [ + { + "description": "Get sample of BitSight Company Details", + "query": "{{graphQueriesTableName}}\n | take 10" + }, + { + "description": "Get company security ratings over time", + "query": "{{graphQueriesTableName}}\n | where TimeGenerated > ago(90d)\n | summarize LatestRating = arg_max(TimeGenerated, CurrentRating) by Name\n | order by LatestRating asc" + }, + { + "description": "Get sample of BitSight Company Rating Details", + "query": "BitSightCompanyRatingDetails\n | take 10" + }, + { + "description": "Get findings summary with latest data per company/stat", + "query": "BitSightFindingsSummary\n | where TimeGenerated > ago(1d)\n | take 10" + }, + { + "description": "Get sample of BitSight Vulnerabilities", + "query": "BitsightVulnerabilitiesFindingsSummary\n | take 10" + } + ], + "dataTypes": [ + { + "name": "{{graphQueriesTableName}}", + "lastDataReceivedQuery": "{{graphQueriesTableName}}\n | where TimeGenerated > ago(12h)\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" + }, + { + "name": "BitSightCompanyRatingDetails", + "lastDataReceivedQuery": "BitSightCompanyRatingDetails\n | where TimeGenerated > ago(12h)\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" + }, + { + "name": "BitSightFindingsSummary", + "lastDataReceivedQuery": "BitSightFindingsSummary\n | where TimeGenerated > ago(12h)\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" + }, + { + "name": "BitSightDiligenceHistoricalStatistics", + "lastDataReceivedQuery": "BitSightDiligenceHistoricalStatistics\n| where TimeGenerated > ago(12h)\n| summarize Time = max(TimeGenerated)\n| where isnotempty(Time)" + }, + { + "name": "BitSightDiligenceStatistics", + "lastDataReceivedQuery": "BitSightDiligenceStatistics\n| where TimeGenerated > ago(12h)\n| summarize Time = max(TimeGenerated)\n| where isnotempty(Time)" + }, + { + "name": "BitSightObservationStatistics", + "lastDataReceivedQuery": "BitSightObservationStatistics\n| where TimeGenerated > ago(12h)\n| summarize Time = max(TimeGenerated)\n| where isnotempty(Time)" + }, + { + "name": "BitsightIndustrialStatistics", + "lastDataReceivedQuery": "BitsightIndustrialStatistics\n| where TimeGenerated > ago(12h)\n| summarize Time = max(TimeGenerated)\n| where isnotempty(Time)" + }, + { + "name": "BitsightVulnerabilitiesFindingsSummary", + "lastDataReceivedQuery": "BitsightVulnerabilitiesFindingsSummary\n| where TimeGenerated > ago(12h)\n| summarize Time = max(TimeGenerated)\n| where isnotempty(Time)" + } + ], + "connectivityCriteria": [ + { + "type": "HasDataConnectors" + } + ], + "availability": { + "isPreview": true, + "status": 1 + }, + "permissions": { + "resourceProvider": [ + { + "provider": "Microsoft.OperationalInsights/workspaces", + "permissionsDisplayText": "Read and Write permissions are required.", + "providerDisplayName": "Workspace", + "scope": "Workspace", + "requiredPermissions": { + "write": true, + "read": true, + "delete": true, + "action": false + } + } + ], + "customs": [ + { + "name": "BitSight API Token", + "description": "A BitSight API Token is required to authenticate requests to the BitSight REST API. [See the documentation](https://help.bitsighttech.com/hc/en-us/articles/115014888388-API-Token-Management) to learn more about API Token management." + } + ] + }, + "instructionSteps": [ + { + "title": "1. Connection Management", + "description": "Manage your BitSight statistics data stream connections", + "instructions": [ + { + "type": "Markdown", + "parameters": { + "content": "## BitSight Statistics Connections\n\nManage multiple BitSight statistics connections. Each connection selects one or more **data streams** to ingest and assigns a **Connection Name** stored in the `connectionName` column of every ingested record.\n\n> **Authentication**: BitSight uses HTTP Basic Authentication where the API token is used as **both** the username and password." + } + }, + { + "type": "DataConnectorsGrid", + "parameters": { + "mapping": [ + { + "columnName": "Connection Name", + "columnValue": "properties.addOnAttributes.connectionName" + }, + { + "columnName": "Active Streams", + "columnValue": "properties.addOnAttributes.streams" + }, + { + "columnName": "API URL", + "columnValue": "properties.request.apiEndpoint" + } + ], + "menuItems": [ + "DeleteConnector" + ] + } + }, + { + "type": "ContextPane", + "parameters": { + "isPrimary": true, + "label": "Add Connection", + "title": "Add BitSight Statistics Connection", + "subtitle": "Configure a new BitSight statistics connection", + "contextPaneType": "DataConnectorsContextPane", + "instructionSteps": [ + { + "instructions": [ + { + "type": "Markdown", + "parameters": { + "content": "## 1. Select Data Streams\n\nChoose which BitSight statistics data types to collect for this connection. You can select multiple streams." + } + }, + { + "type": "Dropdown", + "parameters": { + "label": "Data Streams", + "name": "streams", + "options": [ + { + "key": "FindingsSummary", + "text": "FindingsSummary" + }, + { + "key": "CompanyDetails", + "text": "CompanyDetails" + }, + { + "key": "CompanyRatingDetails", + "text": "CompanyRatingDetails" + }, + { + "key": "DiligenceHistoricalStatistics", + "text": "DiligenceHistoricalStatistics" + }, + { + "key": "RiskVectorStatistics", + "text": "RiskVectorStatistics" + }, + { + "key": "IndustriesStatistics", + "text": "IndustriesStatistics" + }, + { + "key": "Vulnerabilities", + "text": "Vulnerabilities" + }, + { + "key": "ObservationsStatistics", + "text": "ObservationsStatistics" + } + ], + "isMultiSelect": true, + "defaultAllSelected": false, + "required": true + } + }, + { + "type": "Markdown", + "parameters": { + "content": "## 2. API Configuration" + } + }, + { + "type": "Textbox", + "parameters": { + "label": "BitSight API Base URL", + "placeholder": "https://api.bitsighttech.com", + "type": "text", + "name": "bitSightApiUrl", + "validations": { + "required": true + } + } + }, + { + "type": "Markdown", + "parameters": { + "content": "## 3. Authentication\n\nBitSight uses your API token as **both** the username and password for HTTP Basic Authentication." + } + }, + { + "type": "Textbox", + "parameters": { + "label": "BitSight API Token (Username)", + "placeholder": "Paste your BitSight API Token", + "type": "text", + "name": "username", + "validations": { + "required": true + } + } + }, + { + "type": "Textbox", + "parameters": { + "label": "BitSight API Token (Password)", + "placeholder": "Paste your BitSight API Token again", + "type": "password", + "name": "password", + "validations": { + "required": true + } + } + }, + { + "type": "InfoMessage", + "parameters": { + "text": "Obtain your API Token from **Settings > Account > User Preferences > API Token** in the BitSight portal.", + "visible": true, + "inline": false + } + }, + { + "type": "Markdown", + "parameters": { + "content": "## 4. Connection Name\n\nAssign a unique name to identify this connection in the grid and in every ingested log record." + } + }, + { + "type": "Textbox", + "parameters": { + "label": "Connection Name", + "placeholder": "e.g. BitSight-Statistics-Prod", + "type": "text", + "name": "connectionName", + "validations": { + "required": true + } + } + }, + { + "type": "InfoMessage", + "parameters": { + "text": "The connection name is stored in the `connectionName` column of every ingested record, enabling you to trace data back to this specific connection.", + "visible": true, + "inline": true + } + } + ] + } + ] + } + } + ] + } + ] + } + } + }, + { + "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('DataConnector-', variables('_dataConnectorContentIdConnectorDefinition3')))]", + "apiVersion": "2022-01-01-preview", + "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", + "properties": { + "parentId": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectorDefinitions', variables('_dataConnectorContentIdConnectorDefinition3'))]", + "contentId": "[variables('_dataConnectorContentIdConnectorDefinition3')]", + "kind": "DataConnector", + "version": "[variables('dataConnectorCCPVersion')]", + "source": { + "sourceId": "[variables('_solutionId')]", + "name": "[variables('_solutionName')]", + "kind": "Solution" + }, + "author": { + "name": "Microsoft", + "email": "[variables('_email')]" + }, + "support": { + "name": "BitSight Support", + "email": "support@bitsight.com", + "tier": "Partner", + "link": "https://www.bitsight.com/customer-success-support" + }, + "dependencies": { + "criteria": [ + { + "version": "[variables('dataConnectorCCPVersion')]", + "contentId": "[variables('_dataConnectorContentIdConnections3')]", + "kind": "ResourcesDataConnector" + } + ] + } + } + }, + { + "name": "BitSightStatisticsDCR", + "apiVersion": "2022-06-01", + "type": "Microsoft.Insights/dataCollectionRules", + "location": "[parameters('workspace-location')]", + "kind": "[variables('blanks')]", + "properties": { + "dataCollectionEndpointId": "[variables('dataCollectionEndpointId3')]", + "streamDeclarations": { + "Custom-BitSightFindingsSummary_CL": { + "columns": [ + { + "name": "company_name", + "type": "string" + }, + { + "name": "company_guid", + "type": "string" + }, + { + "name": "start_date", + "type": "string" + }, + { + "name": "end_date", + "type": "string" + }, + { + "name": "stats", + "type": "dynamic" + }, + { + "name": "connectionName", + "type": "string" + } + ] + }, + "Custom-BitSightCompanyDetails_CL": { + "columns": [ + { + "name": "guid", + "type": "string" + }, + { + "name": "name", + "type": "string" + }, + { + "name": "shortname", + "type": "string" + }, + { + "name": "type", + "type": "string" + }, + { + "name": "description", + "type": "string" + }, + { + "name": "primary_domain", + "type": "string" + }, + { + "name": "homepage", + "type": "string" + }, + { + "name": "display_url", + "type": "string" + }, + { + "name": "sparkline", + "type": "string" + }, + { + "name": "industry", + "type": "string" + }, + { + "name": "industry_slug", + "type": "string" + }, + { + "name": "sub_industry", + "type": "string" + }, + { + "name": "sub_industry_slug", + "type": "string" + }, + { + "name": "ipv4_count", + "type": "int" + }, + { + "name": "people_count", + "type": "int" + }, + { + "name": "search_count", + "type": "int" + }, + { + "name": "customer_monitoring_count", + "type": "int" + }, + { + "name": "current_rating", + "type": "int" + }, + { + "name": "rating_industry_median", + "type": "string" + }, + { + "name": "ratings", + "type": "dynamic" + }, + { + "name": "subscription_type", + "type": "string" + }, + { + "name": "subscription_type_key", + "type": "string" + }, + { + "name": "subscription_end_date", + "type": "string" + }, + { + "name": "bulk_email_sender_status", + "type": "string" + }, + { + "name": "security_grade", + "type": "string" + }, + { + "name": "service_provider", + "type": "boolean" + }, + { + "name": "has_company_tree", + "type": "boolean" + }, + { + "name": "has_preferred_contact", + "type": "boolean" + }, + { + "name": "is_bundle", + "type": "boolean" + }, + { + "name": "is_primary", + "type": "boolean" + }, + { + "name": "in_spm_portfolio", + "type": "boolean" + }, + { + "name": "is_mycomp_mysubs_bundle", + "type": "boolean" + }, + { + "name": "is_csp", + "type": "boolean" + }, + { + "name": "has_delegated_security_controls", + "type": "boolean" + }, + { + "name": "custom_id", + "type": "dynamic" + }, + { + "name": "available_upgrade_types", + "type": "dynamic" + }, + { + "name": "company_features", + "type": "dynamic" + }, + { + "name": "related_companies", + "type": "dynamic" + }, + { + "name": "primary_company", + "type": "dynamic" + }, + { + "name": "compliance_claim", + "type": "dynamic" + }, + { + "name": "permissions", + "type": "dynamic" + }, + { + "name": "connectionName", + "type": "string" + } + ] + }, + "Custom-BitSightCompanyRatingDetails_CL": { + "columns": [ + { + "name": "company_name", + "type": "string" + }, + { + "name": "company_guid", + "type": "string" + }, + { + "name": "risk_vector_slug", + "type": "string" + }, + { + "name": "name", + "type": "string" + }, + { + "name": "category", + "type": "string" + }, + { + "name": "category_order", + "type": "int" + }, + { + "name": "rating", + "type": "int" + }, + { + "name": "grade", + "type": "string" + }, + { + "name": "percentile", + "type": "int" + }, + { + "name": "grade_color", + "type": "string" + }, + { + "name": "order", + "type": "int" + }, + { + "name": "display_url", + "type": "string" + }, + { + "name": "beta", + "type": "boolean" + }, + { + "name": "connectionName", + "type": "string" + } + ] + }, + "Custom-BitSightDiligenceHistoricalStatistics_CL": { + "columns": [ + { + "name": "company_name", + "type": "string" + }, + { + "name": "company_guid", + "type": "string" + }, + { + "name": "date", + "type": "string" + }, + { + "name": "grade", + "type": "string" + }, + { + "name": "counts", + "type": "dynamic" + }, + { + "name": "connectionName", + "type": "string" + } + ] + }, + "Custom-BitSightDiligenceStatistics_CL": { + "columns": [ + { + "name": "company_name", + "type": "string" + }, + { + "name": "company_guid", + "type": "string" + }, + { + "name": "risk_vector", + "type": "string" + }, + { + "name": "unknown", + "type": "int" + }, + { + "name": "bad", + "type": "int" + }, + { + "name": "warn", + "type": "int" + }, + { + "name": "neutral", + "type": "int" + }, + { + "name": "fair", + "type": "int" + }, + { + "name": "good", + "type": "int" + }, + { + "name": "spear_phishing", + "type": "int" + }, + { + "name": "bit_flip", + "type": "int" + }, + { + "name": "typographical_errors", + "type": "int" + }, + { + "name": "tld_variant", + "type": "int" + }, + { + "name": "total_count", + "type": "int" + }, + { + "name": "connectionName", + "type": "string" + } + ] + }, + "Custom-BitSightObservationStatistics_CL": { + "columns": [ + { + "name": "company_name", + "type": "string" + }, + { + "name": "company_guid", + "type": "string" + }, + { + "name": "risk_vector", + "type": "string" + }, + { + "name": "count", + "type": "int" + }, + { + "name": "count_period", + "type": "string" + }, + { + "name": "average_duration_days", + "type": "real" + }, + { + "name": "connectionName", + "type": "string" + } + ] + }, + "Custom-BitsightVulnerabilitiesFindingsSummary_CL": { + "columns": [ + { + "name": "name", + "type": "string" + }, + { + "name": "display_name", + "type": "string" + }, + { + "name": "description", + "type": "string" + }, + { + "name": "severity", + "type": "string" + }, + { + "name": "connectionName", + "type": "string" + } + ] + }, + "Custom-BitsightIndustrialStatistics_CL": { + "columns": [ + { + "name": "company_name", + "type": "string" + }, + { + "name": "company_guid", + "type": "string" + }, + { + "name": "risk_vector", + "type": "string" + }, + { + "name": "count", + "type": "int" + }, + { + "name": "count_period", + "type": "string" + }, + { + "name": "average_duration_days", + "type": "real" + }, + { + "name": "connectionName", + "type": "string" + } + ] + } + }, + "destinations": { + "logAnalytics": [ + { + "workspaceResourceId": "[variables('workspaceResourceId')]", + "name": "clv2ws1" + } + ] + }, + "dataFlows": [ + { + "streams": [ + "Custom-BitSightFindingsSummary_CL" + ], + "destinations": [ + "clv2ws1" + ], + "outputStream": "Custom-BitSightFindingsSummary_CL", + "transformKql": "source | extend TimeGenerated = iff(isnull(['end_date']) or todatetime(['end_date']) < ago(2d), now(), todatetime(['end_date'])) , CompanyName = ['company_name'] , CompanyGuid = ['company_guid'] , StartDate = ['start_date'] , EndDate = ['end_date'] , Stats = ['stats'] , ConnectorName = ['connectionName'] | project TimeGenerated , CompanyName , CompanyGuid , StartDate , EndDate , Stats , ConnectorName" + }, + { + "streams": [ + "Custom-BitSightCompanyDetails_CL" + ], + "destinations": [ + "clv2ws1" + ], + "outputStream": "Custom-BitSightCompanyDetails_CL", + "transformKql": "source | extend TimeGenerated = now() , Guid = ['guid'] , Name = ['name'] , Shortname = ['shortname'] , CompanyType = ['type'] , Description = ['description'] , PrimaryDomain = ['primary_domain'] , Homepage = ['homepage'] , DisplayUrl = ['display_url'] , Sparkline = ['sparkline'] , Industry = ['industry'] , IndustrySlug = ['industry_slug'] , SubIndustry = ['sub_industry'] , SubIndustrySlug = ['sub_industry_slug'] , Ipv4Count = ['ipv4_count'] , PeopleCount = ['people_count'] , SearchCount = ['search_count'] , CustomerMonitoringCount = ['customer_monitoring_count'] , CurrentRating = ['current_rating'] , RatingIndustryMedian = ['rating_industry_median'] , Ratings = ['ratings'] , SubscriptionType = ['subscription_type'] , SubscriptionTypeKey = ['subscription_type_key'] , SubscriptionEndDate = ['subscription_end_date'] , BulkEmailSenderStatus = ['bulk_email_sender_status'] , SecurityGrade = ['security_grade'] , ServiceProvider = ['service_provider'] , HasCompanyTree = ['has_company_tree'] , HasPreferredContact = ['has_preferred_contact'] , IsBundle = ['is_bundle'] , IsPrimary = ['is_primary'] , InSpmPortfolio = ['in_spm_portfolio'] , IsMycompMysubsBundle = ['is_mycomp_mysubs_bundle'] , IsCsp = ['is_csp'] , HasDelegatedSecurityControls = ['has_delegated_security_controls'] , CustomId = ['custom_id'] , AvailableUpgradeTypes = ['available_upgrade_types'] , CompanyFeatures = ['company_features'] , RelatedCompanies = ['related_companies'] , PrimaryCompany = ['primary_company'] , ComplianceClaim = ['compliance_claim'] , Permissions = ['permissions'] , ConnectorName = ['connectionName'] | project TimeGenerated , Guid , Name , Shortname , CompanyType , Description , PrimaryDomain , Homepage , DisplayUrl , Sparkline , Industry , IndustrySlug , SubIndustry , SubIndustrySlug , Ipv4Count , PeopleCount , SearchCount , CustomerMonitoringCount , CurrentRating , RatingIndustryMedian , Ratings , SubscriptionType , SubscriptionTypeKey , SubscriptionEndDate , BulkEmailSenderStatus , SecurityGrade , ServiceProvider , HasCompanyTree , HasPreferredContact , IsBundle , IsPrimary , InSpmPortfolio , IsMycompMysubsBundle , IsCsp , HasDelegatedSecurityControls , CustomId , AvailableUpgradeTypes , CompanyFeatures , RelatedCompanies , PrimaryCompany , ComplianceClaim , Permissions , ConnectorName" + }, + { + "streams": [ + "Custom-BitSightCompanyRatingDetails_CL" + ], + "destinations": [ + "clv2ws1" + ], + "outputStream": "Custom-BitSightCompanyRatingDetails_CL", + "transformKql": "source | extend TimeGenerated = now() , CompanyName = ['company_name'] , CompanyGuid = ['company_guid'] , RiskVectorSlug = ['risk_vector_slug'] , RiskVectorLabel = ['name'] , RiskCategory = ['category'] , CategoryOrder = ['category_order'] , Rating = ['rating'] , Grade = ['grade'] , Percentile = ['percentile'] , GradeColor = ['grade_color'] , RiskVectorOrder = ['order'] , DisplayUrl = ['display_url'] , Beta = ['beta'] , ConnectorName = ['connectionName'] | project TimeGenerated , CompanyName , CompanyGuid , RiskVectorSlug , RiskVectorLabel , RiskCategory , CategoryOrder , Rating , Grade , Percentile , GradeColor , RiskVectorOrder , DisplayUrl , Beta , ConnectorName" + }, + { + "streams": [ + "Custom-BitSightDiligenceHistoricalStatistics_CL" + ], + "destinations": [ + "clv2ws1" + ], + "outputStream": "Custom-BitSightDiligenceHistoricalStatistics_CL", + "transformKql": "source | extend TimeGenerated = now() , CompanyName = ['company_name'] , CompanyGuid = ['company_guid'] , RecordDate = ['date'] , Grade = ['grade'] , Counts = ['counts'] , ConnectorName = ['connectionName'] | project TimeGenerated , CompanyName , CompanyGuid , RecordDate , Grade , Counts , ConnectorName" + }, + { + "streams": [ + "Custom-BitSightDiligenceStatistics_CL" + ], + "destinations": [ + "clv2ws1" + ], + "outputStream": "Custom-BitSightDiligenceStatistics_CL", + "transformKql": "source | extend TimeGenerated = now() , CompanyName = ['company_name'] , CompanyGuid = ['company_guid'] , RiskVector = ['risk_vector'] , Unknown = ['unknown'] , Bad = ['bad'] , Warn = ['warn'] , Neutral = ['neutral'] , Fair = ['fair'] , Good = ['good'] , SpearPhishing = ['spear_phishing'] , BitFlip = ['bit_flip'] , TypographicalErrors = ['typographical_errors'] , TldVariant = ['tld_variant'] , TotalCount = ['total_count'] , ConnectorName = ['connectionName'] | project TimeGenerated , CompanyName , CompanyGuid , RiskVector , Unknown , Bad , Warn , Neutral , Fair , Good , SpearPhishing , BitFlip , TypographicalErrors , TldVariant , TotalCount , ConnectorName" + }, + { + "streams": [ + "Custom-BitSightObservationStatistics_CL" + ], + "destinations": [ + "clv2ws1" + ], + "outputStream": "Custom-BitSightObservationStatistics_CL", + "transformKql": "source | extend TimeGenerated = now() , CompanyName = ['company_name'] , CompanyGuid = ['company_guid'] , RiskVector = ['risk_vector'] , ObservationCount = ['count'] , CountPeriod = ['count_period'] , AverageDurationDays = ['average_duration_days'] , ConnectorName = ['connectionName'] | project TimeGenerated , CompanyName , CompanyGuid , RiskVector , ObservationCount , CountPeriod , AverageDurationDays , ConnectorName" + }, + { + "streams": [ + "Custom-BitsightIndustrialStatistics_CL" + ], + "destinations": [ + "clv2ws1" + ], + "outputStream": "Custom-BitsightIndustrialStatistics_CL", + "transformKql": "source | extend TimeGenerated = now() , CompanyName = ['company_name'] , CompanyGuid = ['company_guid'] , RiskVector = ['risk_vector'] , IncidentCount = ['count'] , CountPeriod = ['count_period'] , AverageDurationDays = ['average_duration_days'] , ConnectorName = ['connectionName'] | project TimeGenerated , CompanyName , CompanyGuid , RiskVector , IncidentCount , CountPeriod , AverageDurationDays , ConnectorName" + }, + { + "streams": [ + "Custom-BitsightVulnerabilitiesFindingsSummary_CL" + ], + "destinations": [ + "clv2ws1" + ], + "outputStream": "Custom-BitsightVulnerabilitiesFindingsSummary_CL", + "transformKql": "source | extend TimeGenerated = now() , Name = ['name'] , DisplayName = ['display_name'] , Description = ['description'] , Severity = ['severity'] , ConnectorName = ['connectionName'] | project TimeGenerated , Name , DisplayName , Description , Severity , ConnectorName" + } + ] + } + }, + { + "name": "BitsightVulnerabilitiesFindingsSummary_CL", + "apiVersion": "2022-10-01", + "type": "Microsoft.OperationalInsights/workspaces/tables", + "location": "[parameters('workspace-location')]", + "kind": null, + "properties": { + "retentionInDays": 180, + "schema": { + "name": "BitsightVulnerabilitiesFindingsSummary_CL", + "description": "The BitsightVulnerabilitiesFindingsSummary table contains vulnerability reference data from the BitSight defaults API. Used at query time to enrich BitSightFindingsSummary with Severity and Description via the KQL parser.", + "columns": [ + { + "name": "TimeGenerated", + "type": "datetime", + "isDefaultDisplay": true + }, + { + "name": "Name", + "type": "string", + "description": "Slug identifier for the vulnerability type (e.g., 'patching_cadence')." + }, + { + "name": "DisplayName", + "type": "string", + "description": "Human-readable name of the vulnerability type." + }, + { + "name": "Description", + "type": "string", + "description": "Description of what the vulnerability type measures." + }, + { + "name": "Severity", + "type": "string", + "description": "Severity level of the vulnerability type (e.g., 'high', 'medium', 'low')." + }, + { + "name": "ConnectorName", + "type": "string", + "description": "Connection name identifier for multi-instance tracking." + } + ] + } + } + } + ] + }, + "packageKind": "Solution", + "packageVersion": "[variables('_solutionVersion')]", + "packageName": "[variables('_solutionName')]", + "contentProductId": "[concat(take(variables('_solutionId'), 50),'-','dc','-', uniqueString(concat(variables('_solutionId'),'-','DataConnector','-',variables('_dataConnectorContentIdConnectorDefinition3'),'-', variables('dataConnectorCCPVersion'))))]", + "packageId": "[variables('_solutionId')]", + "contentSchemaVersion": "3.0.0", + "version": "[variables('dataConnectorCCPVersion')]" + } + }, + { + "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',variables('_dataConnectorContentIdConnectorDefinition3'))]", + "apiVersion": "2022-09-01-preview", + "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectorDefinitions", + "location": "[parameters('workspace-location')]", + "kind": "Customizable", + "properties": { + "connectorUiConfig": { + "id": "BitSightStatisticsConnector", + "title": "BitSight Security Statistics (via Codeless Connector Framework)", + "publisher": "Microsoft", + "descriptionMarkdown": "The [BitSight](https://www.bitsight.com/) data connector provides the capability to ingest security statistics, company profiles, rating details, diligence history, risk vector statistics, and vulnerability data from your BitSight portfolio into Microsoft Sentinel through the BitSight REST API. Refer to the [BitSight API documentation](https://help.bitsighttech.com/hc/en-us/articles/115014888388-API-Token-Management) for more information.", + "graphQueriesTableName": "BitSightCompanyDetails", + "graphQueries": [ + { + "metricName": "Total Company Detail records received", + "legend": "BitSight Company Details", + "baseQuery": "{{graphQueriesTableName}}" + }, + { + "metricName": "Total Company Rating Details received", + "legend": "BitSight Company Rating Details", + "baseQuery": "BitSightCompanyRatingDetails" + }, + { + "metricName": "Total Diligence Historical Statistics received", + "legend": "BitSight Diligence Historical Statistics", + "baseQuery": "BitSightDiligenceHistoricalStatistics" + }, + { + "metricName": "Total Diligence Statistics received", + "legend": "BitSight Diligence Statistics", + "baseQuery": "BitSightDiligenceStatistics" + }, + { + "metricName": "Total Observations Statistics received", + "legend": "BitSight Observations Statistics", + "baseQuery": "BitSightObservationStatistics" + }, + { + "metricName": "Total Industries Statistics received", + "legend": "BitSight Industries Statistics", + "baseQuery": "BitsightIndustrialStatistics" + }, + { + "metricName": "Total Findings Summary records received", + "legend": "BitSight Findings Summary", + "baseQuery": "BitSightFindingsSummary" + }, + { + "metricName": "Total Vulnerabilities received", + "legend": "BitSight Vulnerabilities", + "baseQuery": "BitsightVulnerabilitiesFindingsSummary" + } + ], + "sampleQueries": [ + { + "description": "Get sample of BitSight Company Details", + "query": "{{graphQueriesTableName}}\n | take 10" + }, + { + "description": "Get company security ratings over time", + "query": "{{graphQueriesTableName}}\n | where TimeGenerated > ago(90d)\n | summarize LatestRating = arg_max(TimeGenerated, CurrentRating) by Name\n | order by LatestRating asc" + }, + { + "description": "Get sample of BitSight Company Rating Details", + "query": "BitSightCompanyRatingDetails\n | take 10" + }, + { + "description": "Get findings summary with latest data per company/stat", + "query": "BitSightFindingsSummary\n | where TimeGenerated > ago(1d)\n | take 10" + }, + { + "description": "Get sample of BitSight Vulnerabilities", + "query": "BitsightVulnerabilitiesFindingsSummary\n | take 10" + } + ], + "dataTypes": [ + { + "name": "{{graphQueriesTableName}}", + "lastDataReceivedQuery": "{{graphQueriesTableName}}\n | where TimeGenerated > ago(12h)\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" + }, + { + "name": "BitSightCompanyRatingDetails", + "lastDataReceivedQuery": "BitSightCompanyRatingDetails\n | where TimeGenerated > ago(12h)\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" + }, + { + "name": "BitSightFindingsSummary", + "lastDataReceivedQuery": "BitSightFindingsSummary\n | where TimeGenerated > ago(12h)\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" + }, + { + "name": "BitSightDiligenceHistoricalStatistics", + "lastDataReceivedQuery": "BitSightDiligenceHistoricalStatistics\n| where TimeGenerated > ago(12h)\n| summarize Time = max(TimeGenerated)\n| where isnotempty(Time)" + }, + { + "name": "BitSightDiligenceStatistics", + "lastDataReceivedQuery": "BitSightDiligenceStatistics\n| where TimeGenerated > ago(12h)\n| summarize Time = max(TimeGenerated)\n| where isnotempty(Time)" + }, + { + "name": "BitSightObservationStatistics", + "lastDataReceivedQuery": "BitSightObservationStatistics\n| where TimeGenerated > ago(12h)\n| summarize Time = max(TimeGenerated)\n| where isnotempty(Time)" + }, + { + "name": "BitsightIndustrialStatistics", + "lastDataReceivedQuery": "BitsightIndustrialStatistics\n| where TimeGenerated > ago(12h)\n| summarize Time = max(TimeGenerated)\n| where isnotempty(Time)" + }, + { + "name": "BitsightVulnerabilitiesFindingsSummary", + "lastDataReceivedQuery": "BitsightVulnerabilitiesFindingsSummary\n| where TimeGenerated > ago(12h)\n| summarize Time = max(TimeGenerated)\n| where isnotempty(Time)" + } + ], + "connectivityCriteria": [ + { + "type": "HasDataConnectors" + } + ], + "availability": { + "isPreview": true, + "status": 1 + }, + "permissions": { + "resourceProvider": [ + { + "provider": "Microsoft.OperationalInsights/workspaces", + "permissionsDisplayText": "Read and Write permissions are required.", + "providerDisplayName": "Workspace", + "scope": "Workspace", + "requiredPermissions": { + "write": true, + "read": true, + "delete": true, + "action": false + } + } + ], + "customs": [ + { + "name": "BitSight API Token", + "description": "A BitSight API Token is required to authenticate requests to the BitSight REST API. [See the documentation](https://help.bitsighttech.com/hc/en-us/articles/115014888388-API-Token-Management) to learn more about API Token management." + } + ] + }, + "instructionSteps": [ + { + "title": "1. Connection Management", + "description": "Manage your BitSight statistics data stream connections", + "instructions": [ + { + "type": "Markdown", + "parameters": { + "content": "## BitSight Statistics Connections\n\nManage multiple BitSight statistics connections. Each connection selects one or more **data streams** to ingest and assigns a **Connection Name** stored in the `connectionName` column of every ingested record.\n\n> **Authentication**: BitSight uses HTTP Basic Authentication where the API token is used as **both** the username and password." + } + }, + { + "type": "DataConnectorsGrid", + "parameters": { + "mapping": [ + { + "columnName": "Connection Name", + "columnValue": "properties.addOnAttributes.connectionName" + }, + { + "columnName": "Active Streams", + "columnValue": "properties.addOnAttributes.streams" + }, + { + "columnName": "API URL", + "columnValue": "properties.request.apiEndpoint" + } + ], + "menuItems": [ + "DeleteConnector" + ] + } + }, + { + "type": "ContextPane", + "parameters": { + "isPrimary": true, + "label": "Add Connection", + "title": "Add BitSight Statistics Connection", + "subtitle": "Configure a new BitSight statistics connection", + "contextPaneType": "DataConnectorsContextPane", + "instructionSteps": [ + { + "instructions": [ + { + "type": "Markdown", + "parameters": { + "content": "## 1. Select Data Streams\n\nChoose which BitSight statistics data types to collect for this connection. You can select multiple streams." + } + }, + { + "type": "Dropdown", + "parameters": { + "label": "Data Streams", + "name": "streams", + "options": [ + { + "key": "FindingsSummary", + "text": "FindingsSummary" + }, + { + "key": "CompanyDetails", + "text": "CompanyDetails" + }, + { + "key": "CompanyRatingDetails", + "text": "CompanyRatingDetails" + }, + { + "key": "DiligenceHistoricalStatistics", + "text": "DiligenceHistoricalStatistics" + }, + { + "key": "RiskVectorStatistics", + "text": "RiskVectorStatistics" + }, + { + "key": "IndustriesStatistics", + "text": "IndustriesStatistics" + }, + { + "key": "Vulnerabilities", + "text": "Vulnerabilities" + }, + { + "key": "ObservationsStatistics", + "text": "ObservationsStatistics" + } + ], + "isMultiSelect": true, + "defaultAllSelected": false, + "required": true + } + }, + { + "type": "Markdown", + "parameters": { + "content": "## 2. API Configuration" + } + }, + { + "type": "Textbox", + "parameters": { + "label": "BitSight API Base URL", + "placeholder": "https://api.bitsighttech.com", + "type": "text", + "name": "bitSightApiUrl", + "validations": { + "required": true + } + } + }, + { + "type": "Markdown", + "parameters": { + "content": "## 3. Authentication\n\nBitSight uses your API token as **both** the username and password for HTTP Basic Authentication." + } + }, + { + "type": "Textbox", + "parameters": { + "label": "BitSight API Token (Username)", + "placeholder": "Paste your BitSight API Token", + "type": "text", + "name": "username", + "validations": { + "required": true + } + } + }, + { + "type": "Textbox", + "parameters": { + "label": "BitSight API Token (Password)", + "placeholder": "Paste your BitSight API Token again", + "type": "password", + "name": "password", + "validations": { + "required": true + } + } + }, + { + "type": "InfoMessage", + "parameters": { + "text": "Obtain your API Token from **Settings > Account > User Preferences > API Token** in the BitSight portal.", + "visible": true, + "inline": false + } + }, + { + "type": "Markdown", + "parameters": { + "content": "## 4. Connection Name\n\nAssign a unique name to identify this connection in the grid and in every ingested log record." + } + }, + { + "type": "Textbox", + "parameters": { + "label": "Connection Name", + "placeholder": "e.g. BitSight-Statistics-Prod", + "type": "text", + "name": "connectionName", + "validations": { + "required": true + } + } + }, + { + "type": "InfoMessage", + "parameters": { + "text": "The connection name is stored in the `connectionName` column of every ingested record, enabling you to trace data back to this specific connection.", + "visible": true, + "inline": true + } + } + ] + } + ] + } + } + ] + } + ] + } + } + }, + { + "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('DataConnector-', variables('_dataConnectorContentIdConnectorDefinition3')))]", + "apiVersion": "2022-01-01-preview", + "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", + "properties": { + "parentId": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectorDefinitions', variables('_dataConnectorContentIdConnectorDefinition3'))]", + "contentId": "[variables('_dataConnectorContentIdConnectorDefinition3')]", + "kind": "DataConnector", + "version": "[variables('dataConnectorCCPVersion')]", + "source": { + "sourceId": "[variables('_solutionId')]", + "name": "[variables('_solutionName')]", + "kind": "Solution" + }, + "author": { + "name": "Microsoft", + "email": "[variables('_email')]" + }, + "support": { + "name": "BitSight Support", + "email": "support@bitsight.com", + "tier": "Partner", + "link": "https://www.bitsight.com/customer-success-support" + }, + "dependencies": { + "criteria": [ + { + "version": "[variables('dataConnectorCCPVersion')]", + "contentId": "[variables('_dataConnectorContentIdConnections3')]", + "kind": "ResourcesDataConnector" + } + ] + } + } + }, + { + "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates", + "apiVersion": "2023-04-01-preview", + "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/', variables('dataConnectorTemplateNameConnections3'), variables('dataConnectorCCPVersion'))]", + "location": "[parameters('workspace-location')]", + "dependsOn": [ + "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" + ], + "properties": { + "contentId": "[variables('_dataConnectorContentIdConnections3')]", + "displayName": "BitSight Security Statistics (via Codeless Connector Framework)", + "contentKind": "ResourcesDataConnector", + "mainTemplate": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "[variables('dataConnectorCCPVersion')]", + "parameters": { + "guidValue": { + "defaultValue": "[[newGuid()]", + "type": "securestring" + }, + "innerWorkspace": { + "defaultValue": "[parameters('workspace')]", + "type": "securestring" + }, + "connectorDefinitionName": { + "defaultValue": "BitSight Security Statistics (via Codeless Connector Framework)", + "type": "securestring", + "minLength": 1 + }, + "workspace": { + "defaultValue": "[parameters('workspace')]", + "type": "securestring" + }, + "dcrConfig": { + "defaultValue": { + "dataCollectionEndpoint": "data collection Endpoint", + "dataCollectionRuleImmutableId": "data collection rule immutableId" + }, + "type": "object" + }, + "streams": { + "defaultValue": "streams", + "type": "array" + }, + "bitSightApiUrl": { + "defaultValue": "bitSightApiUrl", + "type": "securestring", + "minLength": 1 + }, + "username": { + "defaultValue": "username", + "type": "securestring", + "minLength": 1 + }, + "password": { + "defaultValue": "password", + "type": "securestring", + "minLength": 1 + }, + "connectionName": { + "defaultValue": "connectionName", + "type": "securestring", + "minLength": 1 + } + }, + "variables": { + "_dataConnectorContentIdConnections3": "[variables('_dataConnectorContentIdConnections3')]" + }, + "resources": [ + { + "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('DataConnector-', variables('_dataConnectorContentIdConnections3')))]", + "apiVersion": "2022-01-01-preview", + "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", + "properties": { + "parentId": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectors', variables('_dataConnectorContentIdConnections3'))]", + "contentId": "[variables('_dataConnectorContentIdConnections3')]", + "kind": "ResourcesDataConnector", + "version": "[variables('dataConnectorCCPVersion')]", + "source": { + "sourceId": "[variables('_solutionId')]", + "name": "[variables('_solutionName')]", + "kind": "Solution" + }, + "author": { + "name": "Microsoft", + "email": "[variables('_email')]" + }, + "support": { + "name": "BitSight Support", + "email": "support@bitsight.com", + "tier": "Partner", + "link": "https://www.bitsight.com/customer-success-support" + } + } + }, + { + "name": "[[concat('parameters('workspace')', '/Microsoft.SecurityInsights/','BitSightFindingsSummary' , uniqueString(parameters('connectionName')) )]", + "apiVersion": "2023-02-01-preview", + "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectors", + "location": "[parameters('workspace-location')]", + "kind": "RestApiPoller", + "properties": { + "auth": { + "type": "Basic", + "UserName": "[[parameters('username')]", + "Password": "[[parameters('password')]" + }, + "request": { + "apiEndpoint": "[[concat(parameters('bitSightApiUrl'), '/ratings/v2/portfolio')]", + "httpMethod": "GET", + "rateLimitQPS": 1, + "paginatedCallsPerSecond": 1.0, + "queryWindowInMin": 1440, + "queryWindowDelayInMin": 60, + "retryCount": 3, + "timeoutInSeconds": 30, + "headers": { + "Accept": "application/json", + "X-BITSIGHT-CALLING-PLATFORM-VERSION": "Microsoft-Sentinel", + "X-BITSIGHT-CONNECTOR-NAME-VERSION": "3.0.2" + }, + "queryParameters": { + "fields": "name,guid" + } + }, + "response": { + "eventsJsonPaths": [ + "$.results[*]" + ], + "format": "json" + }, + "paging": { + "pagingType": "Offset", + "offsetParaName": "offset", + "pageSize": 500, + "pageSizeParameterName": "limit" + }, + "stepInfo": { + "stepType": "Nested", + "nextSteps": [ + { + "stepId": "fetch_findings_summary", + "stepPlaceholdersParsingKql": "source | project res = parse_json(data) | project company_guid_PlaceHolder = tostring(res['guid']), company_name_PlaceHolder = tostring(res['name'])" + } + ] + }, + "stepCollectorConfigs": { + "fetch_findings_summary": { + "shouldJoinNestedData": false, + "request": { + "apiEndpoint": "[[concat(parameters('bitSightApiUrl'), '/ratings/v1/companies/$company_guid_PlaceHolder$/findings/summary')]", + "httpMethod": "GET", + "queryWindowInMin": 1440, + "retryCount": 3, + "timeoutInSeconds": 30, + "headers": { + "Accept": "application/json", + "X-BITSIGHT-CALLING-PLATFORM-VERSION": "Microsoft-Sentinel", + "X-BITSIGHT-CONNECTOR-NAME-VERSION": "3.0.2" + } + }, + "response": { + "eventsJsonPaths": [ + "$[*]" + ], + "format": "json" + } + } + }, + "connectorDefinitionName": "BitSightStatisticsConnector", + "dataType": "BitSightFindingsSummary", + "dcrConfig": { + "streamName": "Custom-BitSightFindingsSummary_CL", + "dataCollectionEndpoint": "[[parameters('dcrConfig').dataCollectionEndpoint]", + "dataCollectionRuleImmutableId": "[[parameters('dcrConfig').dataCollectionRuleImmutableId]" + }, + "addOnAttributes": { + "company_guid": "$company_guid_PlaceHolder$", + "company_name": "$company_name_PlaceHolder$", + "connectionName": "[[parameters('connectionName')]", + "streams": "[[string(parameters('streams'))]" + } + }, + "condition": "[[contains(parameters('streams'), 'FindingsSummary')]" + }, + { + "name": "[[concat('parameters('workspace')', '/Microsoft.SecurityInsights/','BitSightCompanyDetails' , uniqueString(parameters('connectionName')) )]", + "apiVersion": "2023-02-01-preview", + "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectors", + "location": "[parameters('workspace-location')]", + "kind": "RestApiPoller", + "properties": { + "auth": { + "type": "Basic", + "UserName": "[[parameters('username')]", + "Password": "[[parameters('password')]" + }, + "request": { + "apiEndpoint": "[[concat(parameters('bitSightApiUrl'), '/ratings/v2/portfolio')]", + "httpMethod": "GET", + "rateLimitQPS": 1, + "paginatedCallsPerSecond": 1.0, + "queryWindowInMin": 1440, + "queryWindowDelayInMin": 60, + "retryCount": 3, + "timeoutInSeconds": 30, + "headers": { + "Accept": "application/json", + "X-BITSIGHT-CALLING-PLATFORM-VERSION": "Microsoft-Sentinel", + "X-BITSIGHT-CONNECTOR-NAME-VERSION": "3.0.2" + }, + "queryParameters": { + "fields": "name,guid" + } + }, + "response": { + "eventsJsonPaths": [ + "$.results[*]" + ], + "format": "json" + }, + "paging": { + "pagingType": "Offset", + "offsetParaName": "offset", + "pageSize": 500, + "pageSizeParameterName": "limit" + }, + "stepInfo": { + "stepType": "Nested", + "nextSteps": [ + { + "stepId": "fetch_company_detail", + "stepPlaceholdersParsingKql": "source | project res = parse_json(data) | project company_guid_PlaceHolder = tostring(res['guid'])" + } + ] + }, + "stepCollectorConfigs": { + "fetch_company_detail": { + "shouldJoinNestedData": false, + "request": { + "apiEndpoint": "[[concat(parameters('bitSightApiUrl'), '/ratings/v1/companies/$company_guid_PlaceHolder$')]", + "httpMethod": "GET", + "queryWindowInMin": 1440, + "retryCount": 3, + "timeoutInSeconds": 30, + "headers": { + "Accept": "application/json", + "X-BITSIGHT-CALLING-PLATFORM-VERSION": "Microsoft-Sentinel", + "X-BITSIGHT-CONNECTOR-NAME-VERSION": "3.0.2" + } + }, + "response": { + "eventsJsonPaths": [ + "$" + ], + "format": "json" + } + } + }, + "connectorDefinitionName": "BitSightStatisticsConnector", + "dataType": "BitSightCompanyDetails", + "dcrConfig": { + "streamName": "Custom-BitSightCompanyDetails_CL", + "dataCollectionEndpoint": "[[parameters('dcrConfig').dataCollectionEndpoint]", + "dataCollectionRuleImmutableId": "[[parameters('dcrConfig').dataCollectionRuleImmutableId]" + }, + "addOnAttributes": { + "connectionName": "[[parameters('connectionName')]", + "streams": "[[string(parameters('streams'))]" + } + }, + "condition": "[[contains(parameters('streams'), 'CompanyDetails')]" + }, + { + "name": "[[concat('parameters('workspace')', '/Microsoft.SecurityInsights/','BitSightCompanyRatingDetails' , uniqueString(parameters('connectionName')) )]", + "apiVersion": "2023-02-01-preview", + "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectors", + "location": "[parameters('workspace-location')]", + "kind": "RestApiPoller", + "properties": { + "auth": { + "type": "Basic", + "UserName": "[[parameters('username')]", + "Password": "[[parameters('password')]" + }, + "request": { + "apiEndpoint": "[[concat(parameters('bitSightApiUrl'), '/ratings/v2/portfolio')]", + "httpMethod": "GET", + "rateLimitQPS": 1, + "paginatedCallsPerSecond": 1.0, + "queryWindowInMin": 1440, + "queryWindowDelayInMin": 60, + "retryCount": 3, + "timeoutInSeconds": 30, + "headers": { + "Accept": "application/json", + "X-BITSIGHT-CALLING-PLATFORM-VERSION": "Microsoft-Sentinel", + "X-BITSIGHT-CONNECTOR-NAME-VERSION": "3.0.2" + }, + "queryParameters": { + "fields": "name,guid" + } + }, + "response": { + "eventsJsonPaths": [ + "$.results[*]" + ], + "format": "json" + }, + "paging": { + "pagingType": "Offset", + "offsetParaName": "offset", + "pageSize": 500, + "pageSizeParameterName": "limit" + }, + "stepInfo": { + "stepType": "Nested", + "nextSteps": [ + { + "stepId": "fetch_rating_details", + "stepPlaceholdersParsingKql": "source | project res = parse_json(data) | project company_guid_PlaceHolder = tostring(res['guid']), company_name_PlaceHolder = tostring(res['name'])" + } + ] + }, + "stepCollectorConfigs": { + "fetch_rating_details": { + "shouldJoinNestedData": false, + "request": { + "apiEndpoint": "[[concat(parameters('bitSightApiUrl'), '/ratings/v1/companies/$company_guid_PlaceHolder$')]", + "httpMethod": "GET", + "queryWindowInMin": 1440, + "retryCount": 3, + "timeoutInSeconds": 30, + "headers": { + "Accept": "application/json", + "X-BITSIGHT-CALLING-PLATFORM-VERSION": "Microsoft-Sentinel", + "X-BITSIGHT-CONNECTOR-NAME-VERSION": "3.0.2" + } + }, + "response": { + "eventsJsonPaths": [ + "$.rating_details.*" + ], + "format": "json" + } + } + }, + "connectorDefinitionName": "BitSightStatisticsConnector", + "dataType": "BitSightCompanyRatingDetails", + "dcrConfig": { + "streamName": "Custom-BitSightCompanyRatingDetails_CL", + "dataCollectionEndpoint": "[[parameters('dcrConfig').dataCollectionEndpoint]", + "dataCollectionRuleImmutableId": "[[parameters('dcrConfig').dataCollectionRuleImmutableId]" + }, + "addOnAttributes": { + "company_guid": "$company_guid_PlaceHolder$", + "company_name": "$company_name_PlaceHolder$", + "connectionName": "[[parameters('connectionName')]", + "streams": "[[string(parameters('streams'))]" + } + }, + "condition": "[[contains(parameters('streams'), 'CompanyRatingDetails')]" + }, + { + "name": "[[concat('parameters('workspace')', '/Microsoft.SecurityInsights/','BitSightDiligenceHistoricalStatistics' , uniqueString(parameters('connectionName')) )]", + "apiVersion": "2023-02-01-preview", + "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectors", + "location": "[parameters('workspace-location')]", + "kind": "RestApiPoller", + "properties": { + "auth": { + "type": "Basic", + "UserName": "[[parameters('username')]", + "Password": "[[parameters('password')]" + }, + "request": { + "apiEndpoint": "[[concat(parameters('bitSightApiUrl'), '/ratings/v2/portfolio')]", + "httpMethod": "GET", + "rateLimitQPS": 1, + "paginatedCallsPerSecond": 1.0, + "queryWindowInMin": 1440, + "queryWindowDelayInMin": 60, + "retryCount": 3, + "timeoutInSeconds": 30, + "headers": { + "Accept": "application/json", + "X-BITSIGHT-CALLING-PLATFORM-VERSION": "Microsoft-Sentinel", + "X-BITSIGHT-CONNECTOR-NAME-VERSION": "3.0.2" + }, + "queryParameters": { + "fields": "name,guid" + } + }, + "response": { + "eventsJsonPaths": [ + "$.results[*]" + ], + "format": "json" + }, + "paging": { + "pagingType": "Offset", + "offsetParaName": "offset", + "pageSize": 500, + "pageSizeParameterName": "limit" + }, + "stepInfo": { + "stepType": "Nested", + "nextSteps": [ + { + "stepId": "fetch_diligence_historical", + "stepPlaceholdersParsingKql": "source | project res = parse_json(data) | project company_guid_PlaceHolder = tostring(res['guid']), company_name_PlaceHolder = tostring(res['name'])" + } + ] + }, + "stepCollectorConfigs": { + "fetch_diligence_historical": { + "shouldJoinNestedData": false, + "request": { + "apiEndpoint": "[[concat(parameters('bitSightApiUrl'), '/ratings/v1/companies/$company_guid_PlaceHolder$/diligence/historical-statistics')]", + "httpMethod": "GET", + "queryWindowInMin": 1440, + "retryCount": 3, + "timeoutInSeconds": 30, + "headers": { + "Accept": "application/json", + "X-BITSIGHT-CALLING-PLATFORM-VERSION": "Microsoft-Sentinel", + "X-BITSIGHT-CONNECTOR-NAME-VERSION": "3.0.2" + } + }, + "response": { + "eventsJsonPaths": [ + "$.results[*]" + ], + "format": "json" + } + } + }, + "connectorDefinitionName": "BitSightStatisticsConnector", + "dataType": "BitSightDiligenceHistoricalStatistics", + "dcrConfig": { + "streamName": "Custom-BitSightDiligenceHistoricalStatistics_CL", + "dataCollectionEndpoint": "[[parameters('dcrConfig').dataCollectionEndpoint]", + "dataCollectionRuleImmutableId": "[[parameters('dcrConfig').dataCollectionRuleImmutableId]" + }, + "addOnAttributes": { + "company_guid": "$company_guid_PlaceHolder$", + "company_name": "$company_name_PlaceHolder$", + "connectionName": "[[parameters('connectionName')]", + "streams": "[[string(parameters('streams'))]" + } + }, + "condition": "[[contains(parameters('streams'), 'DiligenceHistoricalStatistics')]" + }, + { + "name": "[[concat('parameters('workspace')', '/Microsoft.SecurityInsights/','BitSightDiligenceStatistics' , uniqueString(parameters('connectionName')) )]", + "apiVersion": "2023-02-01-preview", + "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectors", + "location": "[parameters('workspace-location')]", + "kind": "RestApiPoller", + "properties": { + "auth": { + "type": "Basic", + "UserName": "[[parameters('username')]", + "Password": "[[parameters('password')]" + }, + "request": { + "apiEndpoint": "[[concat(parameters('bitSightApiUrl'), '/ratings/v2/portfolio')]", + "httpMethod": "GET", + "rateLimitQPS": 1, + "paginatedCallsPerSecond": 1.0, + "queryWindowInMin": 1440, + "queryWindowDelayInMin": 60, + "retryCount": 3, + "timeoutInSeconds": 30, + "headers": { + "Accept": "application/json", + "X-BITSIGHT-CALLING-PLATFORM-VERSION": "Microsoft-Sentinel", + "X-BITSIGHT-CONNECTOR-NAME-VERSION": "3.0.2" + }, + "queryParameters": { + "fields": "name,guid" + } + }, + "response": { + "eventsJsonPaths": [ + "$.results[*]" + ], + "format": "json" + }, + "paging": { + "pagingType": "Offset", + "offsetParaName": "offset", + "pageSize": 500, + "pageSizeParameterName": "limit" + }, + "stepInfo": { + "stepType": "Nested", + "nextSteps": [ + { + "stepId": "fetch_diligence_statistics", + "stepPlaceholdersParsingKql": "source | project res = parse_json(data) | project company_guid_PlaceHolder = tostring(res['guid']), company_name_PlaceHolder = tostring(res['name'])" + } + ] + }, + "stepCollectorConfigs": { + "fetch_diligence_statistics": { + "shouldJoinNestedData": false, + "request": { + "apiEndpoint": "[[concat(parameters('bitSightApiUrl'), '/ratings/v1/companies/$company_guid_PlaceHolder$/diligence/statistics')]", + "httpMethod": "GET", + "queryWindowInMin": 1440, + "retryCount": 3, + "timeoutInSeconds": 30, + "headers": { + "Accept": "application/json", + "X-BITSIGHT-CALLING-PLATFORM-VERSION": "Microsoft-Sentinel", + "X-BITSIGHT-CONNECTOR-NAME-VERSION": "3.0.2" + } + }, + "response": { + "eventsJsonPaths": [ + "$.risk_vectors.*" + ], + "format": "json" + } + } + }, + "connectorDefinitionName": "BitSightStatisticsConnector", + "dataType": "BitSightDiligenceStatistics", + "dcrConfig": { + "streamName": "Custom-BitSightDiligenceStatistics_CL", + "dataCollectionEndpoint": "[[parameters('dcrConfig').dataCollectionEndpoint]", + "dataCollectionRuleImmutableId": "[[parameters('dcrConfig').dataCollectionRuleImmutableId]" + }, + "addOnAttributes": { + "company_guid": "$company_guid_PlaceHolder$", + "company_name": "$company_name_PlaceHolder$", + "connectionName": "[[parameters('connectionName')]", + "streams": "[[string(parameters('streams'))]" + } + }, + "condition": "[[contains(parameters('streams'), 'RiskVectorStatistics')]" + }, + { + "name": "[[concat('parameters('workspace')', '/Microsoft.SecurityInsights/','BitSightObservationStatistics' , uniqueString(parameters('connectionName')), uniqueString('Obs') )]", + "apiVersion": "2023-02-01-preview", + "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectors", + "location": "[parameters('workspace-location')]", + "kind": "RestApiPoller", + "properties": { + "auth": { + "type": "Basic", + "UserName": "[[parameters('username')]", + "Password": "[[parameters('password')]" + }, + "request": { + "apiEndpoint": "[[concat(parameters('bitSightApiUrl'), '/ratings/v2/portfolio')]", + "httpMethod": "GET", + "rateLimitQPS": 1, + "paginatedCallsPerSecond": 1.0, + "queryWindowInMin": 1440, + "queryWindowDelayInMin": 60, + "retryCount": 3, + "timeoutInSeconds": 30, + "headers": { + "Accept": "application/json", + "X-BITSIGHT-CALLING-PLATFORM-VERSION": "Microsoft-Sentinel", + "X-BITSIGHT-CONNECTOR-NAME-VERSION": "3.0.2" + }, + "queryParameters": { + "fields": "name,guid" + } + }, + "response": { + "eventsJsonPaths": [ + "$.results[*]" + ], + "format": "json" + }, + "paging": { + "pagingType": "Offset", + "offsetParaName": "offset", + "pageSize": 500, + "pageSizeParameterName": "limit" + }, + "stepInfo": { + "stepType": "Nested", + "nextSteps": [ + { + "stepId": "fetch_observations_statistics", + "stepPlaceholdersParsingKql": "source | project res = parse_json(data) | project company_guid_PlaceHolder = tostring(res['guid']), company_name_PlaceHolder = tostring(res['name'])" + } + ] + }, + "stepCollectorConfigs": { + "fetch_observations_statistics": { + "shouldJoinNestedData": false, + "request": { + "apiEndpoint": "[[concat(parameters('bitSightApiUrl'), '/ratings/v1/companies/$company_guid_PlaceHolder$/observations/statistics')]", + "httpMethod": "GET", + "queryWindowInMin": 1440, + "retryCount": 3, + "timeoutInSeconds": 30, + "headers": { + "Accept": "application/json", + "X-BITSIGHT-CALLING-PLATFORM-VERSION": "Microsoft-Sentinel", + "X-BITSIGHT-CONNECTOR-NAME-VERSION": "3.0.2" + } + }, + "response": { + "eventsJsonPaths": [ + "$.risk_vectors.*" + ], + "format": "json" + } + } + }, + "connectorDefinitionName": "BitSightStatisticsConnector", + "dataType": "BitSightObservationStatistics", + "dcrConfig": { + "streamName": "Custom-BitSightObservationStatistics_CL", + "dataCollectionEndpoint": "[[parameters('dcrConfig').dataCollectionEndpoint]", + "dataCollectionRuleImmutableId": "[[parameters('dcrConfig').dataCollectionRuleImmutableId]" + }, + "addOnAttributes": { + "company_guid": "$company_guid_PlaceHolder$", + "company_name": "$company_name_PlaceHolder$", + "connectionName": "[[parameters('connectionName')]", + "streams": "[[string(parameters('streams'))]" + } + }, + "condition": "[[contains(parameters('streams'), 'ObservationsStatistics')]" + }, + { + "name": "[[concat('parameters('workspace')', '/Microsoft.SecurityInsights/','BitsightIndustrialStatistics' , uniqueString(parameters('connectionName')) )]", + "apiVersion": "2023-02-01-preview", + "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectors", + "location": "[parameters('workspace-location')]", + "kind": "RestApiPoller", + "properties": { + "auth": { + "type": "Basic", + "UserName": "[[parameters('username')]", + "Password": "[[parameters('password')]" + }, + "request": { + "apiEndpoint": "[[concat(parameters('bitSightApiUrl'), '/ratings/v2/portfolio')]", + "httpMethod": "GET", + "rateLimitQPS": 1, + "paginatedCallsPerSecond": 1.0, + "queryWindowInMin": 1440, + "queryWindowDelayInMin": 60, + "retryCount": 3, + "timeoutInSeconds": 30, + "headers": { + "Accept": "application/json", + "X-BITSIGHT-CALLING-PLATFORM-VERSION": "Microsoft-Sentinel", + "X-BITSIGHT-CONNECTOR-NAME-VERSION": "3.0.2" + }, + "queryParameters": { + "fields": "name,guid" + } + }, + "response": { + "eventsJsonPaths": [ + "$.results[*]" + ], + "format": "json" + }, + "paging": { + "pagingType": "Offset", + "offsetParaName": "offset", + "pageSize": 500, + "pageSizeParameterName": "limit" + }, + "stepInfo": { + "stepType": "Nested", + "nextSteps": [ + { + "stepId": "fetch_industries_statistics", + "stepPlaceholdersParsingKql": "source | project res = parse_json(data) | project company_guid_PlaceHolder = tostring(res['guid']), company_name_PlaceHolder = tostring(res['name'])" + } + ] + }, + "stepCollectorConfigs": { + "fetch_industries_statistics": { + "shouldJoinNestedData": false, + "request": { + "apiEndpoint": "[[concat(parameters('bitSightApiUrl'), '/ratings/v1/companies/$company_guid_PlaceHolder$/industries/statistics')]", + "httpMethod": "GET", + "queryWindowInMin": 1440, + "retryCount": 3, + "timeoutInSeconds": 30, + "headers": { + "Accept": "application/json", + "X-BITSIGHT-CALLING-PLATFORM-VERSION": "Microsoft-Sentinel", + "X-BITSIGHT-CONNECTOR-NAME-VERSION": "3.0.2" + } + }, + "response": { + "eventsJsonPaths": [ + "$.risk_vectors.*" + ], + "format": "json" + } + } + }, + "connectorDefinitionName": "BitSightStatisticsConnector", + "dataType": "BitsightIndustrialStatistics", + "dcrConfig": { + "streamName": "Custom-BitsightIndustrialStatistics_CL", + "dataCollectionEndpoint": "[[parameters('dcrConfig').dataCollectionEndpoint]", + "dataCollectionRuleImmutableId": "[[parameters('dcrConfig').dataCollectionRuleImmutableId]" + }, + "addOnAttributes": { + "company_guid": "$company_guid_PlaceHolder$", + "company_name": "$company_name_PlaceHolder$", + "connectionName": "[[parameters('connectionName')]", + "streams": "[[string(parameters('streams'))]" + } + }, + "condition": "[[contains(parameters('streams'), 'IndustriesStatistics')]" + }, + { + "name": "[[concat('parameters('workspace')', '/Microsoft.SecurityInsights/','BitsightVulnerabilitiesFindingsSummary' , uniqueString(parameters('connectionName')) )]", + "apiVersion": "2023-02-01-preview", + "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectors", + "location": "[parameters('workspace-location')]", + "kind": "RestApiPoller", + "properties": { + "auth": { + "type": "Basic", + "UserName": "[[parameters('username')]", + "Password": "[[parameters('password')]" + }, + "request": { + "apiEndpoint": "https://service.bitsighttech.com/customer-api/v1/defaults/vulnerabilities", + "httpMethod": "GET", + "rateLimitQPS": 1, + "paginatedCallsPerSecond": 1.0, + "queryWindowInMin": 1440, + "queryWindowDelayInMin": 60, + "retryCount": 3, + "timeoutInSeconds": 30, + "headers": { + "Accept": "application/json" + }, + "queryParameters": { + "fields": "name,display_name,description,severity" + } + }, + "response": { + "eventsJsonPaths": [ + "$[*]" + ], + "format": "json" + }, + "paging": { + "pagingType": "Offset", + "offsetParaName": "offset", + "pageSize": 500, + "pageSizeParameterName": "limit" + }, + "connectorDefinitionName": "BitSightStatisticsConnector", + "dataType": "BitsightVulnerabilitiesFindingsSummary", + "dcrConfig": { + "streamName": "Custom-BitsightVulnerabilitiesFindingsSummary_CL", + "dataCollectionEndpoint": "[[parameters('dcrConfig').dataCollectionEndpoint]", + "dataCollectionRuleImmutableId": "[[parameters('dcrConfig').dataCollectionRuleImmutableId]" + }, + "addOnAttributes": { + "connectionName": "[[parameters('connectionName')]", + "streams": "[[string(parameters('streams'))]" + } + }, + "condition": "[[contains(parameters('streams'), 'Vulnerabilities')]" + } + ] + }, + "packageKind": "Solution", + "packageVersion": "[variables('_solutionVersion')]", + "packageName": "[variables('_solutionName')]", + "contentProductId": "[concat(take(variables('_solutionId'), 50),'-','rdc','-', uniqueString(concat(variables('_solutionId'),'-','ResourcesDataConnector','-',variables('_dataConnectorContentIdConnections3'),'-', variables('dataConnectorCCPVersion'))))]", + "packageId": "[variables('_solutionId')]", + "contentSchemaVersion": "3.0.0", + "version": "[variables('dataConnectorCCPVersion')]" + } + }, + { + "type": "Microsoft.OperationalInsights/workspaces/providers/contentPackages", + "apiVersion": "2023-04-01-preview", + "location": "[parameters('workspace-location')]", + "properties": { + "version": "3.2.0", + "kind": "Solution", + "contentSchemaVersion": "3.0.0", + "displayName": "BitSight", + "publisherDisplayName": "BitSight Support", + "descriptionHtml": "

Note: Please refer to the following before installing the solution:

\n

• Review the solution Release Notes

\n

• There may be known issues pertaining to this Solution, please refer to them before installing.

\n

The BitSight solution enables security operations teams to integrate insights from BitSight's Security Ratings platform into Microsoft Sentinel via the Codeless Connector Framework (CCF). The connector ingests Security Ratings, Company Profiles, Risk Vector breakdowns, Diligence Historical Statistics, Findings Summaries, Industry peer comparisons, and Vulnerability reference data for companies in your BitSight portfolio.

\n

Underlying Microsoft Technologies used:

\n

This solution takes a dependency on the following technologies, and some of these dependencies either may be in Preview state or might result in additional ingestion or operational costs:

\n
    \n
  1. Codeless Connector Framework (CCF)
    2. \n
\n

Data Connectors: 3, Parsers: 13, Workbooks: 1, Analytic Rules: 6

\n

Learn more about Microsoft Sentinel | Learn more about Solutions

\n", + "contentKind": "Solution", + "contentProductId": "[variables('_solutioncontentProductId')]", + "id": "[variables('_solutioncontentProductId')]", + "icon": "", + "contentId": "[variables('_solutionId')]", + "parentId": "[variables('_solutionId')]", + "source": { + "kind": "Solution", + "name": "BitSight", + "sourceId": "[variables('_solutionId')]" + }, + "author": { + "name": "Microsoft", + "email": "[variables('_email')]" + }, + "support": { + "name": "BitSight Support", + "email": "support@bitsight.com", + "tier": "Partner", + "link": "https://www.bitsight.com/customer-success-support" + }, + "dependencies": { + "operator": "AND", + "criteria": [ + { + "kind": "Workbook", + "contentId": "[variables('_workbookContentId1')]", + "version": "[variables('workbookVersion1')]" + }, + { + "kind": "AnalyticsRule", + "contentId": "[variables('analyticRuleObject1')._analyticRulecontentId1]", + "version": "[variables('analyticRuleObject1').analyticRuleVersion1]" + }, + { + "kind": "AnalyticsRule", + "contentId": "[variables('analyticRuleObject2')._analyticRulecontentId2]", + "version": "[variables('analyticRuleObject2').analyticRuleVersion2]" + }, + { + "kind": "AnalyticsRule", + "contentId": "[variables('analyticRuleObject3')._analyticRulecontentId3]", + "version": "[variables('analyticRuleObject3').analyticRuleVersion3]" + }, + { + "kind": "AnalyticsRule", + "contentId": "[variables('analyticRuleObject4')._analyticRulecontentId4]", + "version": "[variables('analyticRuleObject4').analyticRuleVersion4]" + }, + { + "kind": "AnalyticsRule", + "contentId": "[variables('analyticRuleObject5')._analyticRulecontentId5]", + "version": "[variables('analyticRuleObject5').analyticRuleVersion5]" + }, + { + "kind": "AnalyticsRule", + "contentId": "[variables('analyticRuleObject6')._analyticRulecontentId6]", + "version": "[variables('analyticRuleObject6').analyticRuleVersion6]" + }, + { + "kind": "Parser", + "contentId": "[variables('parserObject1').parserContentId1]", + "version": "[variables('parserObject1').parserVersion1]" + }, + { + "kind": "Parser", + "contentId": "[variables('parserObject2').parserContentId2]", + "version": "[variables('parserObject2').parserVersion2]" + }, + { + "kind": "Parser", + "contentId": "[variables('parserObject3').parserContentId3]", + "version": "[variables('parserObject3').parserVersion3]" + }, + { + "kind": "Parser", + "contentId": "[variables('parserObject4').parserContentId4]", + "version": "[variables('parserObject4').parserVersion4]" + }, + { + "kind": "Parser", + "contentId": "[variables('parserObject5').parserContentId5]", + "version": "[variables('parserObject5').parserVersion5]" + }, + { + "kind": "Parser", + "contentId": "[variables('parserObject6').parserContentId6]", + "version": "[variables('parserObject6').parserVersion6]" + }, + { + "kind": "Parser", + "contentId": "[variables('parserObject7').parserContentId7]", + "version": "[variables('parserObject7').parserVersion7]" + }, + { + "kind": "Parser", + "contentId": "[variables('parserObject8').parserContentId8]", + "version": "[variables('parserObject8').parserVersion8]" + }, + { + "kind": "Parser", + "contentId": "[variables('parserObject9').parserContentId9]", + "version": "[variables('parserObject9').parserVersion9]" + }, + { + "kind": "Parser", + "contentId": "[variables('parserObject10').parserContentId10]", + "version": "[variables('parserObject10').parserVersion10]" + }, + { + "kind": "Parser", + "contentId": "[variables('parserObject11').parserContentId11]", + "version": "[variables('parserObject11').parserVersion11]" + }, + { + "kind": "Parser", + "contentId": "[variables('parserObject12').parserContentId12]", + "version": "[variables('parserObject12').parserVersion12]" + }, + { + "kind": "Parser", + "contentId": "[variables('parserObject13').parserContentId13]", + "version": "[variables('parserObject13').parserVersion13]" + }, + { + "kind": "DataConnector", + "contentId": "[variables('_dataConnectorContentId1')]", + "version": "[variables('dataConnectorVersion1')]" + }, + { + "kind": "DataConnector", + "contentId": "[variables('_dataConnectorContentIdConnections2')]", + "version": "[variables('dataConnectorCCPVersion')]" + }, + { + "kind": "DataConnector", + "contentId": "[variables('_dataConnectorContentIdConnections3')]", + "version": "[variables('dataConnectorCCPVersion')]" + } + ] + }, + "firstPublishDate": "2023-02-20", + "lastPublishDate": "2024-02-20", + "providers": [ + "Bitsight" + ], + "categories": { + "domains": [ + "Security - Others" + ] + } + }, + "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/', variables('_solutionId'))]" + } + ], + "outputs": {} +} diff --git a/Solutions/BitSight/ReleaseNotes.md b/Solutions/BitSight/ReleaseNotes.md index ce96cb6e882..1d5d3462872 100644 --- a/Solutions/BitSight/ReleaseNotes.md +++ b/Solutions/BitSight/ReleaseNotes.md @@ -1,6 +1,6 @@ | **Version** | **Date Modified (DD-MM-YYYY)** | **Change History** | |-------------|--------------------------------|--------------------------------------------------------------------| -| 3.2.0 | 04-06-2026 | Replaced legacy Function App connector with two **Codeless Connector Framework (CCF)** connectors: **BitSight Security Events** (Alerts, Breaches, Findings) and **BitSight Security Statistics** (CompanyDetails, CompanyRatingDetails, DiligenceHistoricalStatistics, DiligenceStatistics, ObservationStatistics, IndustrialStatistics, VulnerabilitiesFindingsSummary, FindingsSummary). Added parsers for **BitSightCompanyRatingDetails** and **BitSightVulnerabilitiesFindingsSummary**. | +| 3.2.0 | 04-06-2026 | Replaced legacy Function App connector with two **Codeless Connector Framework (CCF)** connectors: **BitSight Security Events** (Alerts, Breaches, Findings) and **BitSight Security Statistics** (CompanyDetails, CompanyRatingDetails, DiligenceHistoricalStatistics, DiligenceStatistics, ObservationStatistics, IndustrialStatistics, VulnerabilitiesFindingsSummary, FindingsSummary). Added parsers for **BitSightCompanyRatingDetails** and **BitSightVulnerabilitiesFindingsSummary**. Updated Function App UI page for Log Ingestion API. | | 3.1.1 | 22-04-2026 | Updated **Solution Package** with the fix of solutionId | | 3.1.0 | 31-03-2026 | Updated the python runtime version to 3.12. Added support for Log Ingestion API and updated parsers accordingly.
Reverted the solution id to fix the BitSight Solution publishing issue. | | 3.0.2 | 26-07-2024 | Update **Analytic rules** for missing TTP | From c06915593acd27a1ba24c8ff09cba838b4d9e998 Mon Sep 17 00:00:00 2001 From: Fenil Savani Date: Tue, 16 Jun 2026 15:23:42 +0530 Subject: [PATCH 2/3] Change in release note --- Solutions/BitSight/ReleaseNotes.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Solutions/BitSight/ReleaseNotes.md b/Solutions/BitSight/ReleaseNotes.md index 1d5d3462872..f85801603ea 100644 --- a/Solutions/BitSight/ReleaseNotes.md +++ b/Solutions/BitSight/ReleaseNotes.md @@ -1,6 +1,6 @@ | **Version** | **Date Modified (DD-MM-YYYY)** | **Change History** | |-------------|--------------------------------|--------------------------------------------------------------------| -| 3.2.0 | 04-06-2026 | Replaced legacy Function App connector with two **Codeless Connector Framework (CCF)** connectors: **BitSight Security Events** (Alerts, Breaches, Findings) and **BitSight Security Statistics** (CompanyDetails, CompanyRatingDetails, DiligenceHistoricalStatistics, DiligenceStatistics, ObservationStatistics, IndustrialStatistics, VulnerabilitiesFindingsSummary, FindingsSummary). Added parsers for **BitSightCompanyRatingDetails** and **BitSightVulnerabilitiesFindingsSummary**. Updated Function App UI page for Log Ingestion API. | +| 3.2.0 | 15-06-2026 | Replaced legacy Function App connector with two **Codeless Connector Framework (CCF)** connectors: **BitSight Security Events** (Alerts, Breaches, Findings) and **BitSight Security Statistics** (CompanyDetails, CompanyRatingDetails, DiligenceHistoricalStatistics, DiligenceStatistics, ObservationStatistics, IndustrialStatistics, VulnerabilitiesFindingsSummary, FindingsSummary). Added parsers for **BitSightCompanyRatingDetails** and **BitSightVulnerabilitiesFindingsSummary**. Updated Function App UI page for Log Ingestion API. | | 3.1.1 | 22-04-2026 | Updated **Solution Package** with the fix of solutionId | | 3.1.0 | 31-03-2026 | Updated the python runtime version to 3.12. Added support for Log Ingestion API and updated parsers accordingly.
Reverted the solution id to fix the BitSight Solution publishing issue. | | 3.0.2 | 26-07-2024 | Update **Analytic rules** for missing TTP | From a97f42561a08e963c3c9143d290ba364ba1c4878 Mon Sep 17 00:00:00 2001 From: Fenil Savani Date: Mon, 22 Jun 2026 15:21:55 +0530 Subject: [PATCH 3/3] resolving validation failures --- .../BitSight_API_FunctionApp.json | 15 ++-- Solutions/BitSight/Package/3.2.0.zip | Bin 50423 -> 50661 bytes Solutions/BitSight/Package/mainTemplate.json | 74 ++++++++++-------- 3 files changed, 52 insertions(+), 37 deletions(-) diff --git a/Solutions/BitSight/Data Connectors/BitSightDataConnector/BitSight_API_FunctionApp.json b/Solutions/BitSight/Data Connectors/BitSightDataConnector/BitSight_API_FunctionApp.json index 541e7ca8c14..72d5109883e 100644 --- a/Solutions/BitSight/Data Connectors/BitSightDataConnector/BitSight_API_FunctionApp.json +++ b/Solutions/BitSight/Data Connectors/BitSightDataConnector/BitSight_API_FunctionApp.json @@ -236,17 +236,22 @@ "read": true, "delete": true } - } + }, + { + "provider": "Microsoft.OperationalInsights/workspaces/sharedKeys", + "permissionsDisplayText": "read permissions to shared keys for the workspace are required. [See the documentation to learn more about workspace keys](https://docs.microsoft.com/azure/azure-monitor/platform/agent-windows#obtain-workspace-id-and-key).", + "providerDisplayName": "Keys", + "scope": "Workspace", + "requiredPermissions": { + "action": true + } + } ], "customs": [ { "name": "Microsoft.Web/sites permissions", "description": "Read and write permissions to Azure Functions to create a Function App is required. [See the documentation to learn more about Azure Functions](https://docs.microsoft.com/azure/azure-functions/)." }, - { - "name": "Permission to assign a role to the registered application", - "description": "Permission to assign a role to the registered application in Microsoft Entra ID is required." - }, { "name": "REST API Credentials/permissions", "description": "BitSight API Token is required. See the documentation to [learn more](https://help.bitsighttech.com/hc/en-us/articles/115014888388-API-Token-Management) about API Token." diff --git a/Solutions/BitSight/Package/3.2.0.zip b/Solutions/BitSight/Package/3.2.0.zip index b9338a34e328043a7224cc9bdf40dc84e940dbbe..572781d0c7dcb02240f1aa5f1714c3c2e15f7c10 100644 GIT binary patch delta 46824 zcmY&%{w!LHR*tTu-j&0kvc5K_WZTt57ySw-9{^`6<>Q!}BQpqRP zsi#oTgK$vT-%_AIP`-Wp2Jy|>W3d)?3ljK8wV-O*qPg0>ecP!4|AzQaYOQZ>qhxGt zXQl6COlRR}Yjf`H>A2P$clC8gY3Kc@!>G zs(yTWp|50oyorej#c#USor`J6(4*-TdCT;F96Rihzsu>kiVH>O5o*z7%5vi%tNe-r z`NG$PHQR!GPkFwvC5bTG7G}R#{Qi#r#Y4vEVh{82^#LjbVZCF{10_W9oW-S&0OpUu zD$kNB?Z@yLUHc9z+Lxy19g+J6Ku~S`*kmd4jW%G!V1W?24;o~5;s|T<5jdtkbMq7a z*BxYjfhD~i!@P1AK?5qkEJOqL0O3P$o)`wl!xkcd5&c&u_wVZhDJajw?p6)EaU)+K z2~<(8un&~~iIHg&Y1^}~C8ZR|jKY3^6H!q8gC#<~`LFe#r*ek-$h$}Y`oQ!baSGWW{8ngFpa|@>K}H51Mzo6v{@J)8j$v%7>9e)D z@sY1L`>J)}Sm&Uc+VV;FCd7y5$OoXq%%nzl45e@(dSJxH0)mGJGq0L+AN2+ zZ!AKOHXSB-MMlK|sWg9}fe4zB0q)2|&soZ^_F83BCe*cgA|-N)-dSVn)~5K6D|ejh znn?SYwm!@l@(=6DxF2PUbO3enQ}$ z@BxlW=6Ft<;M0pICA!?bUh}+#qDID&>ABc8c{MUz$DDN2T%#BJ+YbKgCVFwIt*}Tb z)ioO0?WvjNsxI!s#dDi0cxWQNFMjSYb`OU|ZY^`}(0<6CyI`-Gj<4qC^5*|c%Cntp zla@X7w%xPcXOot-aJ1c1p}UP7D7Sede z&uJZ>?2UbuMYGeXnfGsXJnO37Y)T~(jyB?9o3H-Os>j>auP-FvC#-NZP!B+LYkZzYJE&9R(0A_96nrCxPKh{ma-ElP61Uz zl$vwF<7l|<);GrEfFDFY=hunBP@L+843-;#)T0tA>`dg(y~_@N39UI0e9Kt zsJkAVX>YfWG(3fO?0f+xD7xZx#*t6CP&-kC>_T}pU)TG<=!{N8W0r6J>Tf(C_-FM zny7HNO{h@t@iLj@RA)ZgkLvnCoQcAWM6FQB&#l{0bG;D$@&c5Fr0Y}!rc>Qahs*5b zN@m>Ur8ug^?&_SsJ6P-_&yBv{CcV;ybVB18GUsRTk>;xf8y?2Yu{wtEts_;~Ym8%6 zh|Au&WVxB|geE)Q^-nnQ4DRHo(&|+C(@GOFIS!7&?!YkaB8}hFrEsdnzT-LE8-cTl ztOy#zy-@bY#{$|$A!ykloa6qr6ytD<x^FMfS=1$xM=q2}!KQ`8bocl-eu778!TB__5bnv>t?KJf(1d z-Sp5l)tf{YIj)(;6@~c6#u82_gFUTIH6C-Zp5ECWya1$Kz6UdD38m9jqE>ezwlW4G zX#Psg{B(YQrij8A6V8al*_)(OrU`vT54>kku5qRZSYXbY!)YuXZZ~9PPq(@ znv@cyJx=3?D4GGQ%u%%A|H8%7bm)Y)>fH8yvLQ`VJIz zXnVzH`v529a&a{xf%5PvPMnP;CWhrw>Y5FZ8*RL(*v)l;>H2+d-Er8_$H(~YsP?|h zr-cCYR53;DG^Mp299&VED!Kkoxz&ZY24s1P$6TR#Plfrmn0x&~SYl?gg+n2-Nk;+M zXt-yu=iRI;`FCYe{R5oV>bL5ipNnF}fT1S;0RW#u%e&_=TqfPSoz+Sb!O{|o7`Vb{ zg3Z?Yb(E6{$tup16FH|q5nsI13`B5$<_BMW?%IU^+@YXfx$JY_{=Dtp zU^c@8ArAyGY@QEJ$ulJcmbnC9GEj;-viDXXh9$%EPSJ5|8WJCn&4BoG{TA{Vz&_FK z4;1^^aPzd0w2bGfS$#>M2j#2sxK`=kRynwV7CFMvy5{k4a>YFe`A@of&S zgtjbSoTh(+W8?nOM!P$U;bsuYYsCF0bHw5kv;+7BlIqa(&}cuTmg*fgf(}tO=bIg0 zq;nYgkj&pf-6Fn`60u+xUx*BV=F^pL!|B9zdOFQ|x!?AhR9MlhU+*gVc=@$%*=eTEcw(!jp@r4R#Ll|?LZdUY@ zth7QxBM^_G6&pjb~blmKIe|s%**Kp^@!VOL@ z2ltbnk@Gxzvd6H=NxBz+3GT5y#(L{R0dUoy$GS;r@(|9A&{9NX`!gLZx`OfH;J2e= zsUO~?#;z_D$AbHiH6!zh$CC5=q7KGRLMvt8M26V>CU2xPJ;}kv{%TnNwM#;aUR@+p zwhgi!x|kzgYeJ{jxxR#3UhK(2=gD9`M3aJC$5VV92TdJGo)rQzjpA2L+e5kU2|9$~ zpJ)y8akO8!|%wn0VY# z4e(aYGNeJ9KU*?;v$cow+Q>p&(3trtxf=hKbU{Ih!)SE<8Ucp+n>q9yhf%@wVe-MSzJ7HpAR(*z7**4ucNm_P(vm;y zWpdbs3J)zK6Ba6jZwgqjwPnM7{uxTlu~`_kR!OB7UT6g}`CVL@No<1x2DW!m^uOi= z*ga6nmrB0^yo0y3jEgSB?lnH@efb3GwWMPZI^eyae#-zMlm4aneM9`ymL$+5TPvpW znei&MB-MFy++$2${YkA@Z7gN5EPYy5iemTl?tc%)__WXIv;!#h2UbO7oQA={dzrl( zqU<>ewDCO;nf9S=|{ibRu1p9P~0TRyynyP>VvK+hp<1sj?;NZR(m=!2W(U5^u zQdW|@Pzdj4azbR{F}~sLUxhO$S?&%Lu9|ocq0GJd9;+)+2EbCP7L%|kHpjBwmMf2aV%cQDz{J^yOm$P5poJ*DF_SWQs( zE;S;}QwBL|)6PD5FX0f~MEdx-+3zd0^#Mz*AI#W?F?};v!!ggdf(D1Pd$!S1?!uS~H+5(_;-{nGAU@sEA(#RH zaVK^F>?eNjeayk$LEQ*LfsF@k@AeKZ&cro`pFf%heDCu_z8A!h(L3}GNhg`%uEHXi zE57>=E}eKm@jS%kmLdV?$<66u@Y?>&Y5?%k)^C&DZX1^k?$|Q>g-HO8^{MF@oUmGF z)gnywpvm&e8bbe-VQ|GZd@TM<$L8Suw!fzD`G`s3JQ+Ab>}BfOsmBB9&lnjJZi7c$ z#M<7rHmY^Ca`J^GbQZP4NF=6@^&8ZhpO24^ZL4c*v(kZt1;fzjlIq={7d}{YhY-lS zq&OE&Ob_#gN_8}@bWJAIBA%n6aEru^>G`FG{!C7OU1a#h8-@Fsr^+2guRGrScj6KI z#xO99S@p0XyAlrDgzGZ?n)WSGHS1ODz1?ix8f-m)=4wOt*o~_*S2!E4#Q)>j500`; zxW@)Ddn+gf(`TV+Qq{+Ll=pJ}9uF9h%Z`)(B23(0^q+AnX3qB8^5=NQh(+ii{0CY6 zuenivl)l);L8vXDG1Pm!aa5j+G2-^%E6@dUk}#(xt_GLSzu>nZJQZKCY{`w>dI#@L25i@VJns=*oFolcar}a~E_suw;2K9xP#OY@&12&mF4PmCHi%#;;y9Zs6 z8oZa%Sg!c;CYEg)u#GL7WG}eK?~R8qnx^#u_otn#K zr5tX$F6+db9%nrLj)vK7`G<6HAB2h6mJMf!Yh&`JsLCY9R(u+i++(qW zd#MBt<=w)0VcQzm@s4aQ7kxgH;QULkF1O!y;O3|=*|@Ac!w<2=!^$u}TAn+6uRm(Y zX;?>cntN=-*!uQYCs%mYzApco$o#1zipnS$`-MT_IA))yY2|=BW&udr4)cCbe2-t( zEA~M#JYu$&Dy0P@tIX#EuE?uV`Bd1Adw zKI@?c#8SdtV`*4AZR6;Xk3qx`LsJ(Pyzg&PxVTNPr4m?6$vSeE#8EB=zT0knI9-c{ zkAhTw$5XtrS4|~P+>u5BVGEpAm~(6uPe|)quLG5&h~e!0RKs z2A_|9XFZ$uWHy*Tcl)eGxjpXAh=GIK$zj12EJi*-d~{s%atmBPm$<*)UhnVU2hO?M z+p!GoF_U&@e|l4T8C1qykPYfv@vh&&KQ={Z>v`@%z}>~@*@{iNqJL~H9oIa>v9jM? z3@sh!ICsb5UX@NMt6pbMe`oqi<>DAQ*%o(3XodkLCJ`B+lXYx$%Wdsu6sDb85_!vU z*1Om%Joo?5FaVGw(I&+?JM|vMe2nSe4z@3{jNps6r(m6@tOyn~K($}L^^n6l#kwIH z8GYkEG%_xTvDjU%I_M=E1Dg~N{S;-JN@VAxPN&p{iWy1=-848w9wEYNszpi`f+XpJ zMjQ7X#|$>RoSF~zZDIcg@q3r-v94FB?8XrpjPLMX6Sx%WA_V}hVy@kI=L6&=MrP!%6 z9(-YQc9v=Dz<{Kn_Ct-KmEhzBk9kr*H6aF#oXq#ThY_C+leO7m(`hh{Tsab*P2q=V zVz^pux;g-!Aqwl0U(e?#1zDaOC*ucHCXFv{$B_4m2}o-4CP}+@H8hZ~1MjrhpMgA` zlT4@lvFI@VP4k9X+oz7yt@xkF=CmDjP9<;TZ}<1>a|=OjL(&$@>rvgvcSY{$UAavQ&HMDKahBL!g^yTeKmp_CB|H!=XsJ%k@o2B ze4NRgMD^NOh`dyTO~zr=nZRZ$6`pLo>&~UQkPs&l|4MF89${6Kb|~Ma)?HvwX@bYs@x(X8Xj+6= z9(X$yO_;)uk!GZ=XSc*GVpcYg`~#z@$`Rp>lm_iS|5fp(&dFh?Z*KIMPe_JSt}ea)XNh~?v~jQ*qXBqPhjCT>F#l0cbDl2NZ8+%z;t~wdYT>a zZ~8DSEF8A6?#P??)aw2;MwCiOT!|3|FsRCFu#3`oO5#g3b|MwZiBt}Pcv}=}f#-XO zEa;65;|1Mw)u)!d2rEob*;G+>WCO-Igv>6Bz^6fYu3*Th)qOpMdUfHof6%{uKJ|iY zcs|ZgT05Yp;H+2??ZGHa=KT8&ae;yj(esrpIgB#n-iUSM_nlJ7f)ZNv>QNp`$JveX z{>t=@`10>cuP~;+)=N#pbQ;Z^fQqnIp1~pFT^S-2@Q{4T?$#aRKO2a@hy!A=e305P}=XpzTq5pZ@-9 z^BeNkH;NFQ{K=W)YzeoJesyh3#}a-L#I|O}v2D6n#2x*b{MF@yMUs#f0zj+eL{C8I zockY|)pg2Ie~7!4Bhyow7bCc| z@i&2jLh_;dO_HnSmcpt{IS3SHU2KZ&;VI6zl53pWHf7=oyfNKVkZ6-ZHyHO{LR)Qr zhzG_}uLBS<_Ehm0{4_g_)@` zz9nKgvN~@2E$Llor002pY3{U7!OvJ&3s+c&C|iXzaygiv4g)R5Vk$D`$hgoQ*w7D& z2f^7T#L)LC(CjTgFkjvuvNAzBOp6yi=_IaRsNMCJHk!7Ho^h#p>T$@aEFvChsd%_m z%rjG;n<}sShsohXI$$4)ON;g@O6HU%a=)LKC!R8KZkG5FDb6WT{b;`C5cl~e+C3jV zy`l27baysZpAJYJnlwDnxqYLlgQbd&sg2y4sscLJKrU)e&ISrM`#g7NPu!wpC#&0< zHty$4Ow%x zizu(BJzCmifdLJ&uaW?xk(`I{0#B+_HfqDWvOla@wBx|vST=ER)+YD zLm1du^{}`Vu*vo2cG8-;a8}73eo_f*sH0@7eZpFg)ZyHsT42_=sJY~EreWKGhHk_B& zN*scQ3_Y~DVe< z+-v1GxyMxHBB)Z)qEN_WPh(xrOgvT@a0c>a>qcnIm=a{=A)c-z|Xw+xQTVvnko z1Ek;W%h`4`)IX@%2=_1WGZ{J2f4D1`@0fD@u4x){+secG9H#1JM*jMozper#Wl?&m zl|BcuhUw8Ee$V8KHIX|4Ld6JvP%Y_Q7#y=Tx=ylVLPmI zaU9dAzSs)Z;dk*=U4S%d=LD@(FVW>x5p0#P=0xGuJD~VHzAQOMtJuPEXpH0NVcg{% z{*k=uNlXD9?dTIJZ{*Bj1D^*D|G+YWCnVsGh2Sab1TqCnbhE)P^vfH^3;bs#G}&De z+s)l1c3SB_lCb#RO#QT@Uju?I-lM+1s1N=#5}!9T+V4XuC;u6VHDnGb3lg^A08C+Q zm?~TKq^?r57|GiEVBqMY-t~DWC$b+?c*(LqTvzo;%z*)`mMLD2hac zFrZ*p;|Pb$+3n1ht=;)iWz{)awK|7KM_SPQ-`7KpN-oVOQc#TX!v897^s7_(y$Cf5 zEB`ww0apsfHuGyUU6|cG-OpmTxz47}AYLjaeoB|!T_Go(r_?!q4BCDISr52ktg5H^ z=ejZ;X)Q?QDu}oN=9??RLFa7ifWm=hw24Z-;l^>jF1wVomR|REpU72IP}hHiYeCrQ zAAw6o3J1N1Jc0q;r;;hl{tlx1U5vkmW6lzaPJ3v>4XLnfohKdksS;G0U;mGJlLzkI8 z^^Tn1x2OrG?dcgF6HirU{Je7SuqXVm$I7DQRFk{+slS7e!)P^@Ty-r@bNrjECn-v` zpWF^?(g>DG>;CAsBre8j*#74GP;$3TC3}VkTp(pKRg6&>9POzPrCAaGFHGdmxvozS zFW4FImRASz8G}wl_h2_m-roiflUt-)g;XvoSMHFQ#XkQXgFq084%=fU7F5)5=%|@5 zX4g{iqzi71ZC>+o5$Kwsh;gs=Q93tan|XRJ{SIXXUu9R6dCa=}PJOr(9Nf{-8E)wL z0i!mD|<&n;CAIQa*^>%JjfHfBBP#TjmeIzLA!fp z4fVaer%t)I@Fb4WwPeK94?mLbHx^56`O&QbQ`1Ru97aLZRnKo96- zn|9HNN~e2wry{y*JJ&+9J+er+K!1E2(Df~xA99$YqOO@qD#&5j?XaOERV@_|R-FV4 zv7-HI%;v+e$3ck~f`urvJCKCXp|BjCtA=76P4jgPo%_n9Fbmu?ykVbV)9~!!rIYrTG zDY#IYLas0it4e6Hrv}rm?UCn)l#PT{40(vL4&`xDPzQRWF!rX5hD1XLZ+dJD+gdi3 zvjW!6@y$m4ayR<_)k<*Z!CE@2B*Mq4RtunQZn(59*x+^x8qZ4ep8=fXlx8 zf$Fa#YC?i0DiNgBRs1SozA5(M^ze=uZz@eaP>j?$d1)XO7$Y^5VO6BO29;rz1E?A% zA}XC0RJt9?>iUIeoInIr8OVT=d0@h3tonCl*&8LnorH2TjUd01Ge=Qd=ZfP>*~m=| zBo8SMX79J>%7FA=`jMe*Ke`qqsO_0RS+1(Ex)SZjJdu8=>e$}tH5+-#1@9{GbxVOd ztS~6O9G3@P^X*Gn{dkL^x4&cvgio<<;KjS%;!{2VH?a`Ra0FU@Q~$+bo5uEye#v21 z)^!BNY|Dyqzb%@8DK_Ku3Q8DR#P98euI;5TjnZ|aY1BjWO4Y~A5p+HF3509TYwc&j zSvP&3#%CTK4LToj--)L$dUS?=!f~0}>yOjY2s)FrSKxEpr}xZNksjG=pol8kV}v`= z{jp=WjJ-$CeF7+pdA5~&4f|?vNuE*;y!>Raq@%N3f#C$UFyB*tzU{z&;(ID zI`1L9^^BC0`n2%UV0F%TTs>~hJlLC?z2H~$N=qmYCz$7|hiacZMX(UL(wb3-{9TS{ z!75~Z0ntdbQUeo^Ca7Nfg29TcpM@=2d5d$1ay9iM-vm&#wSf|yXjV)LQebY>p@z0J z)~}>70vhWWUdj^#8|!LR&=yB~iE5@+4^O^Mps1*w4br=Tn;R_~|2E-SF}Rz$ z{9=yaJ^*-6=35|FK5A{A#}nMmGBYl=K%HO&M}r9zLDDZ!qw>*g6wn5!{vFZENR$kE zvuA>-l~M}>GfZGpuVFtR#Wa|J1My^j;L`;e{`{H6y8|oLWf@Q=(=ml}vK6j2gD1D3 z`2*Hd%8mzi!aq?FKZNP=?+>mo@9jB`Z+*S)3=cr$9}&p?t4QUQEYLv580VJeE+##G z#G*|<1C-HQEtEYihM8=8k`ga$B;xo;y8;XvxX{cVpTQYr@t-6xJKpEQk}#T{$m&(# z#V9W42_Kjqcxm8h5s+T>ix;o#@i)o{gZ|z5zNL_-PkAHF?6JlUX%5BmI9R^5N?z0z zUVDH{usiHMku6t46H^O+T^&v4IzH;P8M_DbgZ7lTB-X?0xuNXEotZ)D>96<OIiF96!3sUwaY?jju@G@7Lm`&K`LAO!H=dgi&qMbfe@q|g{7ogaGku-O)dCsG zBgq45BxxQ4?Ip-Jt(rPj5}Y{*8@{7u{yX4<;ICd6d70k4W6f4yo>fZ{y&w1%bj`Fk zuMYAun{lhXhzO~ukV>Ogbu!Ha8h__himq}hox4NTCU5y-UxiM~r%(PqA#0z)2V=Rs zhX?AbCw2fr-YVtRg1{ohmc$Z%07qC~DJZz{NtRieM&KoxsXfjtU;SKiHb&-sjS5ih z1+bH}7sIv0Ro~3=inbfbb?iyqW7ZnZMfY`6p9bS+SD4LMUlILrHQW@LGA6CKxQ;lz zZT5vRT3*JHYg|=4noLQgF=MN1G9q7L^*u801Q#A2OR!_#J{2jiiC8`Y(NEn$cH}mX zs%c_{>Rmp3M;M8IJVnOwF=?@tSpW{iJRi*YuQZTk-Yf#g8uZ&Tk1zJOe%lmzJ5M#b z&;8O!^(s!Yvh0c(Qhb$bzI8OQY)~E|6vH5IYS1+uZ%pEJ>YTlfPaK$+U*4|gx$2y;PC0I(GUrsY4l{&FCQDFG7842xH!o`jE^DP(%}8m#Rt@kro}=X z`_+#iRX-u-?clVZ>|S)bPad;N(d}L>8bau=cW5H6?VLNiML4i$6fU5(-awW*yDgu< z=;C04?UvQxitB95%RB z{T~9WUO^bnY6R2<(JaOc{9ob!;r?TqRAR9jG2Z=ujsK^u$m9RztqTkr;D%pwhlr^C z;H|(4p9W!FA6E--kLe}t2}BDMPl3m+AVyk5gj_<4y&lGjy)KCoZ(a`xSPwmH3zbT- zOQNV?1m=VKNqHoN5C4m04P11&nWfn*T>AP`P}j+-v7E6?+4R*9vzsg9#Tv|FQIIP(O#rpZPwjXt8Q1`M-%*db5mP zkvDcK88=<()tL!qbI}2-DLK(0DE{qq~~oz%q-l?&1$Tq^A+vlm&tf68h? zR+H?f-Gy>tdGq1c$fQ=ASrBbdYV%vD(rct%Ue)diGwMUq?y+*6op6O1x&3gS*7mth~J433{g4tC&|aD2Z+0%`Mv{_ut~y zuD+TW9I-BMBxRvW8?mYhJ23DO8Ul%aFggzBE$$%Og?i(~A_i9Q0`w|V7y(s-kFxpxUmN}RGyNV^;%~Y@qq=vDxR0tE8X_yy0LfQ zPcnM}Kof)pZX*uWmo@G!^bm(_X5|%P;mP+ATe$VF?jVZP>7QJO9DzkJ#2&SXj8^gl za|XUMe-~XwjmCzIaDx)>2WE*57A<%_s#W$DEZQ|9Rm*QISam7~J&P>bvAP~{x0k}^ z?UipV(H_>AyQ?PxwWz&>=mWIIRErme8?jpcvhA;iqPDmw5HBSKXtm|w;UaAj^3OrU zb#N{FHx#pkmEPfgTR}oY4rHBNMIcy{(8x}}%yA!E5crF<{=w4x7Z?>z5#ul7I*C-G zr@=-YW93`W4d?ypXd*5Rr#y8)V2GQ1-3lX#Cp)+xIR5i4|+`L^UF5 zi+K6~;)C06COe6KNTH+-OWm4;$#-Q>?jHc|4{W^ zHYC(Y73(Srio(l9Jf2tJ{Vkqgjz>OA?}O&p8vH1kLQJ4WH8FVvWKU?gz*T`wn){rH@&<7 z3U~4GE?HzB0`M9(;D3&2JkS;my77ZbU+nn!K!NP_2MOwBtAlK^2fgIZ9BuNx@zD1c zDp8cBL-y<}goqMLwdX=W-IL`7c$=HQFXkif-Oe_%Umy2tJU!YY!3gtU_MpBp!T2*U zH6ou4cmyQYH@#f$vLiH`R4AOc@RCJ4B1km}M(|Rv0+d13ys&o-KF2}JDTm&sD;kdz zhAY@;ms1BkcACZ_74pw+)w=gGhPa@!GSs*sgWxe;8}Pb(CAV-L%00Mdo6zm53Q(p2ygVM zU8FZ*1!X;*3W>#x$7tgi+=4u<7MD{)eK4JYw&6InWvtNMS@R*R(Cy5s9(-L;>uS{h zkgZhfn!`G4BB|KYJZ(d0j@o(abdS;PmCvgI2F0;KZnlqfC|Epwh;oQZ8iN3N!(T(RXCJ77ml=(>*D*AU>N?$>)N{C>7L8wK=mW!s{r(KF&zA%j|R_aL&bOiPZYMPKm`lY{(cP%w+Y^=8NzfsP?Bu02Ty9l3t;N6OLS3Rq! zaYnD##TvwI8QhHyahNu)_`KQ4^~SXJcV2n;(im+0QT%LYzZAHc;EUjZGY0@He8`Z5t;0>w1Ed?G9e# z%wE+gO{OxogUf^(B#1z3r ziw#A1db)9QFBkO?p8xLMOaW+lJHzPsaXY$sPHKDe!3w5d@@8=|c963zPGQc?9w@ea zFj4m&#Z+?6@|X&Lp%?^f#m4-+EVPaEf(qWMCi$6I-l62m)59Pzfa8+)fu*%o{~ND8 zs$&AlkBd~sA;fY$!x*eqBw^8B>!FJ)%9543ph)qewRr4FMf{&@>i|&ik=+s51LxEo z4^B?kQNmbW^9omGa$OWlHc%EXi+=yxD?3Gcj3ZW^fL|!b)C7O-f4Sq$R6l=@&G-h& z*N-zB^)y4j%HUNNjdW4VIf}1xnfylc2DZq>qM20|s!xkKGi$8M|CcxV^*_AKAr_5d zK=m08hc;X~Lm8KrmTY3esi7gAF4-taZMctV>zBHx+9F<(p-ebu%mOz==F-id$7$CgN(%pw+KcDE`o(kImWybm1F+c!}`rTMOv zGpeDU(ZkO8Y$<)h>I#hDTI*1v=aepS^btYhM^UA0_5pSAYcIN{HBQcCIqJM!R8LIx zp{CdiXr6rSHvx0gTM0{CdIJ*-i`g|Q8HEt)7aG`KPK$%=5l--+tS70 z$FRIw+o>$x4-2Shx+`FZM!Fui>v^BsSX05im~8i7?i6B=UatT9n`|YB9WK#aHeK{h z5_wgVUj@D?lTe&cK#_&~-Q%dw6hvSQrgy(DmO=Vc7no^v=bLbQ3E0OL)`x3+@oHV$ zRo6)QTmjKiO82MEmtJtR)G-87xW54@TMzErj8KPD-M$Ly`$i}MwOZN%#KpODKg49q zXdo#ck97;iS9JpSvshoTdIIf(_dM1HmADC8R9TDy2Ra2VHkh_H~aw(2dfPr;~&r|}+JC?|Fzd{z<)WTef$cZJ7 zHVs?VvkQw3?aHR|2badp%eT3;g_4G=Z;2`uKzW!{{plJTa;nKpIqgM9I|5auIH0mO zYoWFJYG-cEO;@SCH=7h7b@qCRGCsQuYKw|BFdy0p8lvGTdTmbANQuzsB5I$2ndjaG zEFiFQ8}h?yR9a2lQFO=s^^CQ6mte3eQdiI6P09&>xj|EB%|hSMXkpjispeGDw-`%UxhNiZ*iUCqlY(cfzg1u4?MyhrFB(q?F8*v+EuOtL~?s`+IPFJf1YA=4!Uu8O5b&H^+8Nu}aL+1&?8eZ(B4PYkMwxC1uemBWu{?eZ_wjvA3Q!}k?Xc{(f z3j^8s6V}~i9Hqj!cwlEqvFVy+0 zRDR3ZNNcres|PU>DGD|Xt6&(d4$MKt^>59q7cvvsA=PP67N)i^6M?N%<8R3O%|`>O zA%Fku@pBo9I5P|PZ{EKMkn}PIrWu<*y@FyTa`UK;)tpyTuE87kS$=~Guy*FDM9-hb zaw!D%kiB&H(m*ZXBnqOjH4d8i(MXoiCq2@r!x+ow6qU%Mv5p#eQ-lk1kM7ops?$Ik zf0sa%2zi^&|4knMdBOch6K66+AhLxG%*H;&J<~MEY}1`}Jr5?FANDfu6(b=?Fpv5+ zUC-rUmeYm~$ryTmR3ldkP|r54n0x{KaaZ4SZpF-=J~57VSI35Xp(;$J=J>i4(dBhP z0S{2>o5ZM(dBLw3r(9?kSXA6)=1Uw@t?_C3a=G}qd7tYUq=Sp6YfGbVZKeh zd>UzmOgi1nPJT*yjEy9rQFbgijkJ75D|qTT7JDO2}DA zfPBPpiJF{?QA)5^2Q-Wj6v+hI>ypnJ;PvREqY_X%6jXT`UoW9I)C++kfk+aI#l5c8 zA{BCoLp4^^ol-^u!r{36T+jtYNg3b~_+id<7l%FiRkAMM7wjyI>Z3~UE*DaTqf&87 z?rPhV)&0xVK8ShY-@gYYM^O$}dSRReWQS2jERzio{*E5Rn}OwD!Trk|NdWeSY4z=1 zg~uvS+tD)Kd@Fw@B%qYnQz|1C->oMmuH-vosOI77Y8DU;^iA1ZcT)h|M91+~=h3(= z68Ly{8n>!{nO$2x)MzQfisB^@1`&yBHamsWym1iGIitOih(f+a4f@LMeVhNTS903N zzrAH{FZ{tF5EP7GEDh7=i4H?N{}4>#H8@VXD> zkO<9-T~A{Cz=Iukb*h&j_nzyxoB7J2fG~6mE%;*r5!8ZHR4b#V9kh@!*F|H$xMF#w zag^DCS$=}ePZJAO-?S5%#dOymZ%DwM4h1L{_TE9EyP(#o4zro|brbp@s5PkW7%S-QCk35{P`R#~NQHyWm9 zokHc9M_xJ+Ae^a;OJXo%yc+VvS8oRU!{HX3;JlK$1-@Xm_~dt5d4(e-Wsm4Nm^rmT z7aDv#h>RT$)LkkMC*MMy2>D^yY){1@ z8Q;$zgvPeU^OJid%p0LA5P4bxvMeP))fyd%n7zZBsbDH+!bV^LC1Sy+xtZcCAwdlP zeb!*~5n-gnur~%39~22yIW{Cu6iHNK64TA!7Gjlx)4pxos9o2d-&L}dWl-7n1+X|B zS>`8V0l__!JHD2=PgVxkFK$kSMl@elC6K97!&K36X$ghm>N}K*iY&=_;q9J)#cUFZ zwak<;j`%^gCaYl*u~BNVhRm3jMv~Y0g3@@Q!2`R2%(T|OD=u~G0%1u$NxT25;x6-{ z;H~cb&7mO}1D7n;yl|{%jwPQFJA^>bMfQW^Y#S;eA%|E%hDhp*Wk+XDC7Ur0a6JE# z<3B;hHA;E1s!wg*PY0I2)4m`9!e@j%biJM7c-w{14Sp2Ysixtl-*;kiV%|9m3GFY? zWUQalH2Lly+N>z6ZT5e}-xeO&RY_Jvmh_UfK0pat2zriHSf3|R9w9}SpjCp&L`?eF z^1ynYixJ}>J)z$=LlhssBZ7xCh4RG@gEQ@J>l92hS*zNL=Y?QYDa6lS9Q?ksFc0Q`B3p-xew#Bx82 z?XA%@?PHvk1F|z>{s0VsN>^U}$d4H_zMm6Lzte<`)l$rWrpCr!z66k7-tLb7i>-Hx z&ZUdObYt7LZS2^#ZQITl+qP}nw(TA7>?AujI)8VM?laCgw{z4*U976L>Y4L>3bro% zoR^G&i`tlRD?fe+8s)7j+CF%GL_q~stMZYWSVK4i`Ie%#ucLEh1es z!Q{e|Y|EiN9&t;eyu3WTynOcORhaCy>syc4=y8HFVYCTtWqz}C2H<-v=E`Y$?24Q; zb#i=-_wniX@96byZ4bAXU|Z6)Ek}-w(VdnV5C~kUWRC=8%k(BFatax+XbDNasEMc9 z>g4L*v%9^G(b^`CEYpW;Fu&|d$){X`RbO)rqKeZ#_Z7{V-}z+cd6AODKX(rb$H8=@ ze0%spB7Y7oaxmB?1zgG^_qVGDJ-<0QIGlmLGeX#qChzw0jr43rK1T>@rTtp)O-F|R zZ-RKKpKBUG5zn*85Ojq2g8U`t*O=9xAn|~k=j}xM4vJDP9l{i)8Ez??gZyO0W-dYd z7uOqZa5i|Sc^HXVPkKc-e-Gj(f(3L-8pNhfPaZ>&Owof6s7QX}%n6zG!O~?V14Rka zr`-x2{0XkI`eS$kPe)!DyRpl(wtKkvc!h3NOkzY`#k)|fJ_AS^rD1ZR!g_mozUL&= zg@r&xP)Kw3G;}L=UMqHm9fFZ|b$i35dWF{oQ9IEE{6Z{^HKOF9SHYQ68;)G_WuJ;C zJqdZ_nZStw7)Sgt5a-MpVdpX56Hn5hyRRO%dLJr4e7gx5!PfxQP=C?PyiEze9en=l z?dree@Vt2;3aob`{C6&h63A{VO+CUra%(4)i@Jjyq>JD7n~mtXl+(ZW5MEH^D9*Fs ztkCZN{))olnSQ_DG(A)zPzE`cBw1km=Gj7?xUsfk@?@UK}1LLxx0;Jw^S?#{G4y2a~tlEr%fwM;ckvM7xm= zS%1i+y)TA*dw{gF&AKRjGb^!APK;)R8QR+`u1qTftNCm&DRRNNH>U)PLqR+wDT*lS zyyA4hb!k&S+(k9ZCz-5+(sUBR?6FW1?WjPln>&xHr80P~C-&D+(ua#bxbPbk{H{RC(nC zkQoJ7N9$@`=iEE(G&n(FFXyIO!dp%>{APDD+#15SgUuJA$^-T#Lw*x5J|$uvK}sSN z3@JG;HbpidwgX4~omfRA8h4KS9^sp**!c-A1pbFOZ8n6<^#-bXXzy^M7_=>c{vj@o zS|@J~d89c~LP?z^x0B)0g2DEwE)q2aP`CEwPKJTj6*^7usB*OWIt;B#LI7v%*h3SW zfC$W4>IpK3W9%soCs@J{q2ejAABC+L zqayG#G$3*CBs#zzwhhX#!roAG&TW!2;Lb6Dq{Z2)g=?uO{0r{U2`X@a(c?)65Y#uj z$t(bECHgS<(<=-g%y_&?6p9%e$)C!me$?YP&FA%u7Z&W?oNTUQi&{i*>Aqg z5H})Zg+S}lbYs=XvY@l)M4}}vt}ZGNI_OGrE&UcrGRtoX1rF9exn&V2LP9Zp$aJ$H z|9tsbcg!|s=BRKFmQBrpB-}mt7WLadW5-gDvs?HABs<3x8r*0gvEp|(fM~@FlmB%H zq0ofmvzM_B{%R zD2mS6)8St()Zk=0;GxiWRK&+tI^xX`@pyckmW(385%%gzY7BM$gCYnZ={>Jsrqi*^9er}IJ!#;_T&Tx^|bxe4!sC@-j!bbp{VDuKs?b8QkRJO0!oKElA@^0-*8@cn zOPCF&EDsiLzMa;w=R8YzeX6O}eZJc;q9MLl;uIl2Lq33w-Zf5WqCkl0QIE}xrrR~N zo4zuqcUxKSlhf6W+~o3M#rVNq=|$TFmhbKa^@8RnemYG9rD8KGIXdTm=PRW3d zu{rA2n@RtKPT7CNPid6vH06GhMx0N+?b;+%XnL0pKEABc;)73}+1r4S53z3rwXxzf z1MayDK*e6(ax_X)hB2^$a_);FR+%2MRKX;nF^VhwfvXr4!6x4}KxvHLoL6Ged!Q;a z@6ek3mb_a?wxLTAPA^ax2!~JRcri9w|BK-bDp8Yx zoUIDx5EX!~yvr}xo{+nk>z(6hY%Pjq{R;mfP|g+eEi8}qB6nwof)eIoQZBn z(lY*gzs~wIde2)y?+fFvg~Rv4!YXO^og4*9R(0JRjScLEVRk^G;I<<*KWe&hi8M#H zfPSSZ@^-~Pqx6AoScE6LN49Hy+hBX_s7P|jl|d}{vb^VruN>oe1S(+1L|HV_JQz4t zpr|nBxWy;`lHS4M&;G~n%PxawGq)#zc;wT!{3mC_iw6CsxK+j7{>6Sxq#e-# zBeZIe*+~;#m=A!g@Q`d7oWd-CIXUN76A?<9sL`a++d%Ze;4{c&)1UTJNlJ?n8FmTKg zi@e0q7=nA3>BdMnV|Co@3a`vH(uoO~aybC~Kmz$UDA+RQBb4S;ys8HvaxVTCj-@o% zu%I6v3s>A5Ns3%Oia1y&GRlsi{8CY!lbTIXV06e~tJ|4JCJoHR+cxtM0aXSeGSz!z zbVa_kLnrCZ_VR+ZFfrYD^K1(Os|hyCFh;X^5+gGz6+MM)=(>vd!TFX3-D=OECyGS< z%kK%aM&sWv%7bYrHbE+Y>TyqMC0cOei||2EBnrVmL_U+UPY8|pi1an7xs7jzYa9Fv zZSz_kbKwCc08GbV18-{D#&4+Q!^}hs$f?|O{S2=pD2!H&=E2q+?5)ajdgr7>C!O< zlx-~E=%UaTYJu1o3TC~gqcYT8(q=y})Kdgi^~sqI@m2+6qK%M{nArm-IFKP&0w7x;Nw?e^3TAh_J|O=dyBUuwaBz_iCrPWcl@L6e;Bcn^~aZ}hGZ&yI1l#!;J+5|fg?vRP_{ z3HH!tzjjL8694AxUJP)}h203_}e0#s=}_p#aK z)%}WvfATeg!Y#~^%o*Y4%Ueg#pRpl^_@QMykh#PEQ-Zgf6LF)%%5I93tRR2D!?h>n zE9uducDCIeYiC!fSpk6~P^DzgDSBn+2%^GoIC}*Vq`1qoI8uB&$A>_@u~VFD7v`jR z(q*6h*wEYE-Tgj(i4_VkN-fXISq-)e937AErVBl#yd#Hbl|P_Gt?y3W(D7)SUh?S< zq-)u*E4aclE-8bU)jWfrBe6ZWvRm%)QoZ5I)UFJRx$-UJ9kjIek_G>VdcD{!^GLxp zvxZ68N*ORal=xiorlY^ z_0U^|n4+@JHBd*N%h+}^`TAgnhKdO-jv5BS2ELLc006)f0xz_LFK^sNyazvf$r5DO zUg9edqlcpgSAz@Ug&E$0fy?M#(y@YCT7GK651lSl5@sOESmtrDG4dkw${Y15n;W-p ztWX~RD={T^rRA?&(EA#1cJ9CR{IiK<7|-e)#(WIGhM@@)2maIPN`v4A@~pt+Wl92? zI!U%A0|a^j{iEiT!*HTOr3HiDi$)3rzrp_<6Pq*64~^`3M~rNaVZH(o^?QN*;DJx4 zLl}Fp;=nPfWFoFqY)5)Y{Om7-ncEma-AXYcVbPqX4|@y$5b{kGIH83YL-JZkOt0Gp z8X((Qj!|GiTkN;kpCtGJ$Cl(SL-xR#uy_6T0JSCS3YMPexBWk0&eHo>M7RGZI#KlQXTSvx9C{bPQ>@vBhA`i&u3$g=Z9M-{|h{1G2{R z0d>tc6R71ap-<9(Z1YZ~w5l0-1!mdp3Zc^!rmXS`d;9cy)BB7Mu|RveMnb8x6ucjieIXMRXRx{H&1?}uX-n}ez4%1q1p)acE{PJ|x@1+C<1lZFg zg3g%!9r|pSQ6%L1lzFXp!OJ5Vxb=Z!0tRAbfehT@PU^$5^A371W@vY?Ir#&-KaI5+ zl)BNcRWg)#DV_c{OOAYv>rz#eCYUv&R@WyoW#>`(fl4<2j+|eYEIdn_@FkU0TRwXw z$1xy1vh_W@VP7&2Mh&b_q?spee8z!(kVSF(R=V3nZj`hr6#`r9DY|hMOn;_Z130N1 z!fXKUxz6%hkX43y_*LQdH(!)=02nlL-;iQLSfIwFVq$4!ImWfmU|AzC>5Pzsz1(2^OM78k>pyw$R^uHy!uaM2CW)?=kGa}t5d9xvr& zVqYKWe1FRGD_LHvH%kGT4&q_&fO}MVu_8?K@|3rxgB4}YgVp&s5$u(emhT(~g3axV z3k$qPWZo8FB`Q;wBl=7;RE5sU|}(06?v zz9o7bJ?MdZTDAdwQU3-c51DyUf#p6|Pb6kAk>T8}W5>)C2Kai8P8e$uK=(nPc>6Id z(OEmu8!;@`6A+Di33|%pRtwl~qa@U2v=dc$jR#_6R+^Fe#pp$7iqTTjb`5Se46#ko zAMqzwPSR$Yrq0If`!&jh4Xrd<_aeJ`bIkjHdaTb--nr(Yw_n1?c54_VnhGpy+H2^3 zUC5iRy91fRO#FS5M?fe5-7tQfW>fr6LmV49!Rb%e>V1{Ua$+p42%<^(NJTi#^zbJepF*niLlv{%CpIblU2v|Bn9AZLiay=nUkdzO zy}i9Xy|;L~FF3T;BGpfxCz1QQtz4!#K zIeH3{V9Ks6oXm%OQ6q3$fk0MZ^<4=u4rn0{jB{1_lScsg7T88xtufA*_Na_^STE6j zp{8KlH)vl3KD-ySU+j!yrz*^Dc)xmVPh7n zDA~NX{@-L)d&37=bcBSwdc}IkAYSGlbbZuwVG!n8D;U}+i6JP5XU$h&pZA8-?+M|W zUfGqgJjnns4iThGZY*3D5n=yD4n!(nmq!AKZvZZ6_hO43# zQ4#>%foF$G*bNrR_SIPbeAS>$mCeH$GzE?Qbqe`Iw-;>P;5@ta zOieZ(?)-MHog9>RC@glI! z1ctZ7I4`978Pv!0ky1*kARRXEB?%IZ&-%|4vW5+SC+SbyiwW>~MZCrtqND^V!^8gu znw{MbJ79E?T~mrc|CG~ovc&con&pLAjq zc!940BT_@oZho}1#&a7{)p&DF_SPyKq8K5*)J!Ym#2oznDVqv@emu=4J}Al)V99U< z%3Kw;4+PjFbj%4oO3M2uB2SaS&l#qRk_vfhrAjgG0nPYui#VHCCG&uLgGxH;L%-7| z88|Xn<3QZdJCCQOn?OJUG1iFN3N%HJmLw9@#2}(^UY4B9+Hk}mY~#pkg0i%vr9Wi9 zf4p%bD_m%x1kz4kc;Cdo7C3}oVJ1=RQ#?=*4Y)@MPvr%%5y4A2s;4Cf!xm-*?L9|A zO>xYqJ^sRyE+9Clxd6q$~ilBi}{geuzu7RK5yc z?;I3w0zUtY<5WGx1yDY(o-~SbO_ds^@1z>Jm6<-xw2gCR(HH0gdC#>X#D0B>CI%^9 zRDlUwKVHhck(6OZC88-bVXmkjM!72c*G5#nySMlHy&7@7-J*XFWOY9Qc$#M>D@9va z#(V(6A`P35Y#s2(l8XIzQA%~fQetPS3p4fszcGRdb|6C(UXD#G81!&KAfP&CUMRbutnh zsTN$us~AlX(k(4n!N4O&D#~sC``mr5ZaJA=K(eIfP%vTtM3{Zk&k95;_inzJT*&;S zWo;RkGX-+w-hy}dj8?pF$!3<(QYi!KO3-224rT`wf0y@Id`5-{v3ZT5s@`Tcbq}|o zW{IikA}ZLo&yaFPkga~xNVciS2E`F?q*=&m0K5Or2nop~ z!@f>8f#610?Q=7#M8!ZWo9~7q@MRpRgYJc5rBffqZ$n&B1QG~l5zoLJ zHMt|GbPaH25F!2oJB7%AUuH$+7i8jAiVq-vlXOehG_5EOj2A^C`FZ$*TPqlcN*-y9 zxHg`N2jP#&=r3?oS}CwPB&p>Ws=JuULiV_zOl27eXTQEYZulJlOV21LX_ zDL0fV_9`G8t7;v8>c^NW%O~!@t;VSoqEhZ4b z?87rtNby5SZYizQLxsD{l3o$WYNLBJ;2yxntT{q3m!M`e{zM&Jlg*cOu!ibt0nkW) zpb2np>v$!vk0u3$!w)oho{K@Wx3@woy(9+acUR4}@+| zWOK&iEFhZ*8wi7{$ANz(lYT$ZD?*+Zo$aTBewI=}b7o|usIezQzU-4&h>l@h&?@*n z$=K8c)mrlZ{?KXJ=eF!W))5)lEzG$re%x0&_$JLAQIC0SM|mA^ds?lWU~Pcq2=poe z?W_QtnhQ{`dcWE_(kjT>oo3C1%nDa7^LkpLNLP*h==Lc^vSZQN>e-YY&D8(8oNCB? zgE-HoHQ6pLMb@!G#_xFf_Gh|BlS@3IJXO;>v~hcVfNVCY5OcUU3qqiGh8c<9h=L)4 zy~7}akAQ9sC}e<}+86Xe8O`*bL$KIe7!%sn zQ8fJPm!?-q_sNf{t*LS{p*OiU+D-1GR+ZMLR@nZtA*6KZsQn29*e=X3*Y_AILda2A zDu`IsSKJu*91s)2?}psd7FY~)SpdRfWc;`+WUxd@(=T7p(+H4Nw8zD{r+*gf{q~#- zPp@vzZ9e`__CDznby8wIC(sD`4IfZa$|0)QH)Cf`8^5F04vsDd<;n}aOj_nhRI7!3wey)j(K;ZrUGhL7D4p!#jW(Qo3bb+yVy>r)amPux-8>f*n%>S znf!6p%flTH^C@tnL5&G;5P-$|2UDuvc3EnHY6sTWvTtk&YO(pD^@1I!yRm@VHmsw{ zfO~dXFpbTa(kD+1o!Z zGF1b|nXSOLGo!y}&@#jjHy{Qx$^Zdz@mfH9Pk})E zT(}0m7Mn7HGwMYNjo@PHP7A3s+pB6dtX`F|4!SLgQTd2OV~~ePi&)*7f0UxB97Q$Un1g#i0zqLx7wQ5}*Y-UW(`?NqqhE-{08*dFBc#1Y{EWxd;6q5puMQ$UZ(5 zlcMbLFyOPys%@8IqB*J8kaSI)_W}W*_l#}`B8>pz|17B(7{~-@@xsN@L~vYS09z@@ z>SohnmW}6X(>FTnkNNg?jdS?0m#IHRhjBwW^qL)>#PDSWfRYj9t?j>%w-K@F1M$T7 zQ2~D@p^DdH(7omo`V4x_W{mi*6_m8zUxO4K0leOhkO@nI{h>FZHwt#jD}px=SfQN?8BqS z?okRd`2~zTz=F(vF4#&utVPoMu5-7d2=I45!v>~w!_69aH#K=%^+(=%(`IJsy^L?D zUsI1Bf&voERln4JMwGm>dtZ znnSE|E8S-GP87}6=n`i#O|5!=?aa908ZKPO!dag>AZsEdS(odB@2BfJMaR$`+|Y2J z=LiJu&`QP!r+E^h!WT7Ait|;t>#hlY+DyIyhKEZ?)K=8Ad`fU^MxIQytobGVqX9I1 zq%C##YF(zg7Yrt^*46;~M>l!;QGeN@37HSA;+@;u-P6}g&BvgQUIJ7-EmtL%2%)hx zx#^bx$efBCU@nQ}{&8*X4Gi{wMoOlg?)>tRp z^Kf8b^yd6_bMblgm)Bv+7A2BR(u_}l9P}R~BF+7pCYGN}0$;bWQ&zSzm$B)Pf;|6K_bV4e0jq+i z)ZvL8lbFoMY(E&lZ%9$FuTbEk;ild1aKaq!&}I@wRRUPE!_aG^LnwIPWc@I z@Q3TYdlYkwMQIBnw;gOMI`G-5LRu#-#RPMflya;d(OBl7vc2lyYX!*Q9?2|GrnNYad>6^W$Acc7dxV<)@5fVvqhKz` zftFV2_cPa5Qm{5ttzhfXJ=ZprA*r(4qQCd3UGz(f-U7?Ate_y`wRYQeca0VwC?f-c zg#X%y#EcxYHWUdg)#snl#5_0`$GLcsFB|UGa_;N&DketSBRZ3@1W+Wy+aZ;hXrr6y_EpE#M#RSXAE!`?&zjg?>hA%95_P1~1 zXr^9vYKU8glUci%p(6M{Oc($W&hKcGdzW+>PF5K{ys%0=zxK?FK&JM!6toWHPzwj! zFo`*go}-`z4pi~MtF`R^7 z=}b?N_)$&8;Y$s9*CoR&80TN!seI}@Q4dJKm23injjBSZR6|T;> zX|i-;Mq7*KHdo<>zdT1rU)?%M&r7@(7+fAqMOlXF2M3u#GiYdGzY7@+_lLjECNz7_ z6=mYJia0F1M%3phwgB937eQPEf-TN9dL(g?(qw}Ms=fCf?&TEz%=!!Mrd+dP%GGXh z#){QixpX-9@kF;Hdm&DO1K*Evq(M1^xJ(GUD&DN(P5%0+q?xB#UHOJYyzk=>ilT6) zpRy!+H|so6KdQ^Z6NsmgBs!8?2s#;-wD0}Bc7}F4)4yNyDgamN%Ayhyx5nI<Ba`f-?TQ1PxT+OCgp$k%l_s^KN`F+1r^HHHJdYN*CA^T zLXjP}eMRTtW&<1oTytVgDtO2N92)+Sh7ESRo?Vo zBM<7+*094%wC{BWMCjl$#Tb7K{3^x<50q%wpIS~IYzBC+y3-O)caZ}l^LgzS6BPhI zLA(>Aoq0!Qt^o(SNY6JY(bYHHCXLdAJeRN zJ@WaE8Je=gNr{4bNcwt!qG6aob+M!nOyIIm{DNoR@6DoX#kO5Q3|riF#4}2V8>Qkj zogx8|5(MlRnaTc6brO~JyNC~GaJu=`2r-)dx6p;&c@PTiz#au57@2f2w}XD|GbsA@ zrCRKlHO_fM#@mTFls*&xUE?#7ibbGcc;z2)b2!bGd?qyN)=DWx{eRbsd_1~S5o2tW zTw{zq2Ycc*;7BOy_+|kKyE(%>Rj1HYb(yX0OMd{3>;z;^86zzAvkK%QZ7cDlm#mT~ zciV(R`mu~uZ-|HDg`-%X{Y2g_&2pLfo_jyyV{^O3_YP2G^dq3Jh(9SazMq-lCjQ6Q z4~c|34*woxVEz^Gzp)oC?7tHnNcYB9FfLIEF3^6tm^&r;@dg4(Z%QoUToltbj7bWZ zw_*PrOu#+|_yzubG{@Ea0bc_C6OgWdV0V1dN0~S-(0{P?*wR(@xXxd`Yt!Y)?2ewA zhp6{8*slxA&i+lLwzjFNo5*FyQZGH1DkYJsaVy=#hU(AE5zG0+zjb(DJ-VzRYe3}3 zcek9M|95BPw2Yb4Y75QGML8oBWDtBymU0f@8Ok;$<;r(!F)Z^S)IKO@>svwrx#%ge zi)tfq-@GHCn9q`!;y1uZ5|&+2Kx;V4OrCG-BtBW5@l8@(LF->wN&RYJzm<8{DQl7b z?U_V<19RfKs}ByFD04wj9#~&6QNu5*Skf8|Cd*U^IFCXq2v zck`)NIu(e@m!@KPQL-GBf`d^gy?ns5@QtzvL#7HQVMNtQdr*JOL-`gD1Q7 z0qT+J4-7H|bll^3O426tk;lYmWl&gN!kpNTfJo+*H zj_NTIVi%n`5y!vtSJY_8jhpk&QN;VCqsFqq0N?QU*2AFRqn> z+%pNqY2hl9Vq$?2)GHo6U@&wEJsdV$DDa$*YwctYt;cD#ES*)dn1D2sNOxamvCz^> zb4IC6=+41N%xPa~GltLTQ?BI~_s0ZsZ(Dkc4d%*?N|0(rl-tx{YhwCFWejr3Zf_jQ zh<%H}*a;E(w?I6)K+=v2zF4ueb9L%qn--@je?K4hCjKec#DY}43d$aT!EGd|GJ{EP zXIqPM@TAd`J%T~u5`fr@%$OG2_mjFJ>JCo%A2XKGFCdoYTiEb^SaLaTV_b@ADnAZ+ z4Vr25?E8<)$LwkTUjP?pZ!cHBEeV=^Tf#`&W;q8j_OKuArIL}Id8VwCXfB-+z01$! z9PiTu@WRWKW2d%>*EzxP??}y<5uK;o#t+w5F%YgNeZS%5$Pz=Of6dB0}V0W?IdbsJ~F(i zX{RE2(S&!MS7Az?$^s*d{z8Nh3q+J65$mgfjN2yn<|9I}VIWhuEEtctNm?;f zVnntFz5{0S4>^Nmq75W;SI$@q`O?MgJqia%7;yMnyeek9qF3v9b6f-_21#`zDbEUK zLm4eCwU4*{a3~;aO!UtAIAl7Uxyjc$|5KHz3VM-_@`iJ2rS2;4!`*2ob6N#{!Np)( zqNP#!;*iUcqTG0S<(+;2x&x<8SqUafnFyXqEC8SikmwIQ$_Wj#1@|?N7DH9JNvfSM zuFdP~n{9JlC`J_0E6<~1c0w!o6NBo4?#LdJwJf%UZ6qt(k<@R>=kKKPcY5blw@kfa zM0K5HgEdu3?xNj0O;8BgsxXCM>hbIG-{27}}s0}7Zh$O;ooPM`TFG(Lv z2{D5f$2c`iuaDwDLEY3?){(*bNGavi3j;*(%1P|UH6uy1^NLNv zSSDLysQ8imvh(kp^W`*hg6-m8Wx`quw1vlSV|$`y#BOgS0yPuXWdjOUD{8tg^U!3m zwv(z$S`>uuj(uDh>q{dy!ts-HXuY|fWG-2xC(v+>>T1A4F=gL?ajDArwOF5ZzQh!|Y7(!iI2A(;}TJZ3QCEUL}$$(|~{1 zK`*0sb;c_?S*Aj7PJ>ZmzE^wB4o)2fod>$M*<(6oK!$84+{YjZn*gEQ=o#1gb|Dog zF^K=ih3l@*2^{!ej~tuw`M=8GRB^zsVWl^y97%8u(Yu>VialoE1WI{uVW9;tQ6s_>pIWCv76$&iFn|Q4stG+VY34Kfa z+G=-FPUNH!KW&-Ho3{gHSbk3UvHFQrc35}huQYVr^%n=tC;xWLxP#k2( zd#p4mef!_Pob@_PFc@@sw6;1-K53Xx8huZLqNw{u7lQ(PSBqsj|d*nN*;3L?^5zSD29O1q;8TNS7W^`bK2QcH;&b=HnYt>%+$sV}&ir zbINZ2us-qL>N$wfLa7T0u0{Z!p*O7V8Tl!Y2h^0o{$fZUFr!~iEjcqHO=v*+UV~2 zYtcHGB(I3!60~^`ze&lNdf_|Kz#Ssg?E=*RRLJ;u&%weDTf>~9)r?Sa$rWlK4x*Un zW1z+Od58Ep+}e7gR%jhC9^huc8G4bNWFX~mYjM&_47&Gd)TPE%eMx&zNa+>x#II|6 zeuBvojsFr%5SOj)Tg(9X13K~YrE<#1rW=N97eD5Z4`qlQwziIB^TCNNMRJ(u8LHcmU+XGP@!d<5 z)Q(nb!~pNU_G!9Ori6eZ`0W3F6@c=2KG+0$=56PJ)b$eQ(O zYW4LA)AgDuIjn!aDjpZ`{~kWl_o)G>^#~h?7v#Q0jMV_>F`97RwR0(uHQdE8+UBKV zbmA*ixO{~1nMs(%Nj5~DRSiy5_~6Z-Sz2#_tHGv->gCTK*4DE9uC405d(t^HeMfDc zbhQ+T)6my@4+bI-g?bjRU+wwK+Lk$*KX&i^V&^^TrW{7A;1EbO`Dj2~eWdnms+E+~ zUrCTwA|wG!u?8zr-9nK--Lm^j2oDskWN>!hIv+qdU|I+DxqPl~)FXW|x@h3f!MbjE z#R4cOd{A=}NBKw(+XDK9ND@e2k8#Fqy|_qwf|QFjVnu(BGtj4);iVYeGe>DE&f_EH zUl+`0p5?ta!A?YuG(OFkPoImnLd(dr+rMfFcQ^rfGx5>b+AXvcM9rcPsp7fzI9h}D zGNv((I9zR3=f@s+t?aMQTzA_zPc}&-N?HTArQ+AoYuh*$3z{Os_13&QfDf6>A{KhmSdJAeo*c24|dRJp^qukq@u;Ur(5M6LPPohG8~ zz9UuEb=TFtDKc}yM|#No&L=m$JH|f&JLez3EE3o2+=_k({g(7XmS~8p0-1CO1aT>T zCcxzzKO&-DcL^YGlGpc7?@(y275R~>WPx@Gle zmVKKXC9^fRNHZ;r3M5+6iewTL$1N(AoqYKUjkc|Kms)*Gu_osg!Gp<)y#PNoSJSr6 z3@$1K8=9vXT1X{G3*=w_Q;n>sbm=Le*gP`v{<$IvymaspbWrJNZA}8nz(H1ZiPj&V zJv&9ch=eJ!dQC3=HX>*Vjp>#Fhu3A7=V`0%p8F{x+ z?u_|Meexy;{Q5~3%ffcvNm~S~c+krGmMX)} zHL7x^RTU6mhWzjgo>22`uRbEp2}z_LYsGtW4! zB!T@E?PpZH?KLGBu~;42DU)4*u%_K4Bd@ar@4Iy=uB-5PvOeJ>(WDSdD8Osb@2I;a zy2(5TWArVa7iBaz-rc4m&d>iRaHG^r1!wr8)}^?07cUOhG!4p}fa?L$$%@rK>gPPK zh_`sFDaJerR~nVLMl|Atsb+V7mnPje^(?ep1!UR$$d+jgIW2SWcCrb7GI?`&e)pC? z+`PVCo}3t}LDam?xTl*(sF&aC<+t*3;!1xVH3t2bD?qy(U7_anJ1Q9}%%6Z1iBxr=3Nff7pgjLI1BSI=Ljw7C0msIb0Z!FiCUg<8W47$bzY9$Nt-- z5Qn!sg3v%TFq`WZn{eBQ@&+HzVf-b{HhYWP#fQi5;d4;FpY#0Dr*8S^TM!!avyN+e zCoNX6vO{F3Ui z8z{5tKCA~A+6@x?!@tBo2mdz{ZH2!rF={>%m&7C4n4IEQK@Q^-QcgyJynVe3xkwMo zym9^D^M1Ax34*aR;zQ$hkvTs*x$$-AQX@Bnflw*_QXDK14*@BFfPet0Y&t1T^OXw! zM@}-Nk?LtlsdU)lohF}ddmf$vS9*-Dy+_bA_pSB-@=om*2{FwVtclD_Hrm?~H|8u3 zbb@^vi>pBf=n7mB`r+zW2QE2LVlzavb8{|z@jAiuN5;?BtjWt{lk3h@2) zyFz--G3@FmbxenwNwy((*5cukjr9PrLP{uIJn5kLJDnZYz|YAlX(H!%b4n~( z#nAQh`uGDT!BZXyjIR>+bPmKh2Jw#)>8DMPcRt0&NuEo(|`N9sS|&OG3OFs9{2WlRuqAGhzdjT%dkYw)?AQRx-VJ0Pj z>w+G;sNSVDg>ye{V;*uRQT)}q8@vPzMr0?bURK`tc3u{W!x#$}4jvSJ*AVQ$!GP+= zwf=9rlJolhwo~CuITQKDnNIOqYqgkes0;=HU9&$t`;Kb0S;KPC+u&6@b4H#x-X%|K z)F3fr;zi&{F|?czoFRF;(}cbcgkXmNCWU=VS^52>M;SPP#aqGUc5 zN`!XL{sLXT@MB5i=@#o2;}Z4WJUJ)2%ha!_0k!13zH2yNe|*Ei-vR0o@mE@p2q zm3To=OPEKvL$iAdKF6(MRV9leg|G!ae==Fw+ec5}rUV1-t*I!@N-@$u6Q4?yr_&va7 ze%fz5m)#of7MFEKA5#e*KeMT(Voxizl?k+7M% z8aAsTqh$$G?*g|akus^E+tSBA5#Vyjb4;MckS@=o{D1YcyU7;h&Ei{jmx{p;C#T7pwPScKtrJyk@jOi2H_En0#qZ>a;}c96^lIxll~9b* z@K%ZMcYENLK<+v4dZ~>S*~T zG~AEV)NxDUI)I1Z6DyXwbGGT$<;6#QOcqn`^w{Ys+#Me4Nw%kgTaoZ)^_YQ^2I>XY z*!0B(RWPMzJGghae@WV9E)uIVq5;!!h;hZrclW#*tGF&pAc8Isw}E3CEr^(kUB+XP zKi=`N2c=lEusT|0URmQB{{cmZRYdKv`n2;pYKJp74#dEC3%KJd`x*#GYxXUUSCcw*#qTT{aY} zpz+(31VCxd0;#Fgzi*_-uuQCs&?+*=IbAzwc<|hZ*DOkSX}a*l?QusX6kc*|W{DZp z*!snt2@XPfn@SvL&Czzma=?U*l+y#-RiJs8$5L?$BECxw2My z6}tq1mE9=;ay1yRxCTXd@olQ7xf%LYKcG0%;1>-6cIl6=)NpSGPYybSz;^Uxw%mLK zwdAuqKgo|=x-KaZ=RmBUc zc>CglfcsvE@GL4u%ElFZM9tH0Zay;zFP$m3tm50ZuW$6@X-Xf@0i=r*c zH&G1hI{T>+fOSV!85U_c_OC-q`-9 zyk1kc7D-t*#;|j;JBn$25A3f8e0Ny^eGFw${s}{kN=mNrKvp28x{B(W7|=gNig>}< zJ>IiK(n}+I1I^Ra`vKajuwnxrXA|Yc5LBhsm4asRfWtm-yBR-U+uUE#+aa+q>5+uq z-gj{8QEKnWZMkx7CaM3OwA@(&mO0pD#x24#Gz3wkEk4oOa9UrB&M^%X|qZY7#9X64aDftY2+I3aD8c8lV1-uQ6mz+rQE<4T0AZ@6>h%#uF#?&;7XH4CD@U#uF^M9*g+O;VA)g_{6(1+$%+AtGx(ahV0wX)ew>CK#7t4ehzwW-x?m5`~ec1AE80k zKLx_37e+U5CRu+)Qtpk4V@~&3+n`4^_J=ymfQG#~0i_}g+oB|-WjvxI9=<<(U_5Aq z&Szq-*Yv9c@eCK$sFYDsO2#A2!D?N)V{o7RB;et;3!D+q^vlfRE?f?8Od^yH*byQk z5Ht+f-KLLj!F6HD>+LWS?P>eG;Z96#Y{xGHTp&ao4BE4J}xldF{DM zIG?*a04z9@K@L(>2_iFGWX)j>9EvtFjKv!ow0Ulw8yVJwVV$VQXp2e^Ti>r&f zo72OA(?vO=@=-lEe5c#{%iYt<#QxU(zvq$-ynZfE!#l@@sn?(Ilspub`Si#-(6N%s zfhh@Ckz5>&_m|rOwd>suIz5t~zw3gg8FX^rrZFy@v z04yu7CQM{V3HQxQ9JQbUZ$Qf50<87vp@iMgTTP}p_~G|6WM@l@UOx#U_!}-=vwq$V zX4>O^verL=oVD$q9wD<7N7Rx)zCVKZ#dRVU4WJwt`rya&blZJ2-4r^4Pv-?6b6T0$ za}!Wz0l7D-a@@filbJ1%`y|DpB_|I`K(WRxB%Q0;YGJhxFB)V*QVyNJdFN`1jZVXN zGsWH(PlFJ5NZ2hukJu4^B* zuq}dj3P4g%`U~+zNf$WU7XRR!V`jMFIJuFjc2Q-ko%}#REWs#btCbNfgM3}kpIL)nI8Ok?-aVl0Db;djsH{^yJnu%OU#{!d-Z3ZdJ` zmCsRL)uhvCjTe7zpeV<$wUfWN%=)2b0=(mU-lzUnm6mfI!jt4;8CWOxmXtsj{?$B) zu0Ew>canb0f7kmvDo~zIiP{;OTS?HK`y251d-Fm%gI2RbI-WS(!>6Zy?WL@fHWW(< zxQ}$>MzXkZ_dq*(=y&2SbieaSjGDb7alhx(I@XcVszW%ia$#B#-=2O2#ugu}#9WI}bmdF3c9$s88CcoDr3B_^Z}~r?K1?H!!|1<~d1;FVUr)i-fT(q-|$J zyq+A4vBK}m&uyetyEaEXZg)s~CPzk!TUjmhITlfS0N^a7E1Zml3GQrd7a=bpTF6M! z`X5Ew_GNn+@^fpksFFC}FGdEzz)lEUqDT|9vlK>5Zid#*i1qhmX z+M#!8r9a7z(8-1(3*N5adjGj{{wMHmcs=6$N{D7sHTwNRgnrqTfj|a-$LHJA>>W3= zf|YU>(&jpf;%1qaeDJG1ik7wg#qM;6ZGK+vYU- zH?T@4EIDnjSS@!U_8=a+ag%DmO#&CFR}&pQjA z>E2v_rzWM>^Uq0IT*M5f)D(NpRiyblxxLnZ@%C?H@_%sPrk7bJum)Pdo>U3lkb;ruz5bo86E6LDOBLU<;iv&Z-LyN#Wtf~^9a9}sAhns`5(ggDTp--42U7WQ?x# z4)az_GG@~?&X)_1Z4Q)PL6#q?lcjEbC|YEUf^FYiNRUlMk)v18~T*QAUnV}jNJt+kco7Amq%c&0u!t45PTz-BrdUlR%aAKkwy~MHR z;pXxf+TW|ahs|xDPIPT>_x*a>6u?A&A_2?p7AOt^NGY{iuk zi#EcO(%*0#@HT2nS&!?u)^Tr!#MWT)nU*U<;ej2!kDLcE$_aWcO~q2O0H@JJwzgx^ zo!uBHZ(Bs6Uixj4Go+jtT)jgTtRW!*V!I=FCr7Kb6YBtDz5G!YqePH-dOB0ps|nr; z?DNDjzbpDgbo~}_QJMl#SvcKbtX+mvsJDi zC)ccudb|#-A5S977sY_YhUMctospd-eR}#j&N_=(N#(i}D%r*@11bM+Y-}VLL#a@j z4BF@40t;tV7>)DwAZJVy>pZ&!VU~oUVj@u3Q$wTW4MR(Qu$q6AanTf;NyZ`RVE-l^ zIg2oSz5y9g`IJHwGJ>lv$lOslLzO~fhjA z+B-ZPgCHiRdRfU7&L8$r*vX^2GlBCI96==O8n5J>xJ~DKPqiEDcYRx1)sy#1f5zO^ zb};fbkHa``s)4cafii~1x8ww~qci@Rgt{6Ry#PmHJj5{EX?K26tggQU7H+O@qZb_H z`FrFYs`kjKQg49DT(953CZXm!*UMOx|4^#VskmBr9+p~Ps)_&81!Op=G=X{saWf)+ zreaY>hr;c(t_y#nBM(jbO8c?KYmoE1nBn`GuZ%C1&L@*Aq6Plni-5+3zy7_+z!4-8 zms^KH3b+zz3d=$}TW^a?a=eCI`A)SzXX}3PoJNpPz%j7ZXB@6S+-}%@;3V;@Zz37Z ziwu{EnXTP}WpAa6dzZ@YP$M)ahUjj1C8!5FGJRwvD5u(Yo9&8v$>DVu9t$;UZKsIi`_&nkJPUcPZq7NdN$T{Vk}jg$!Lzma&xgjqD?Qvw8BS;9Yvh((CqC_juF@Gz{q z?R=3W4WNxVq?d`(%c!WF#Iy#E{Qq#4LrFAHnGFMKCIr|N#9hQs@154qVs`tuzPn@^ zueKzhF-aDM#o9ftXr^REW?&d&c}p(C)7MNHl^*u>(N?FK$x|RcQ!Oekt#tvICfFaK z>J>jnOW}QD7ODuvQ9W(?sRDVEdRFXW*%AJLWkwQ*;4wK>QLZ*}A&O95jVetv3E-Y? z#NYyXdDzH)W(T3<&l8>dQedHui|@T<_2b9tJjyK~-!m+PxM4armd|C+2BD8m@x^yG zU-l6~taRT=&njykJ@6{xT(ijR{5#kqw;*SoV7+&<=iF+XD!j#Q*}hZ8%PhQ-;QVuS z-Th}9Areg3>vQ-58e=V<3(cZiZpWF)vo{EAS~OS%69*l<(9?0eO8k))n&X4$H1E-W z7o)h|)e|Stxb!u%p}4{ixk~=7ja_MVv=gKe&Q7xQ+S)7;VX1sxmvG-V4-3EQ6Jr^w z&f|v#9?fqtA#If>7fHRU?E=r(&biLs{wC_Uctybymm0ZGSLofcTaFnX<$1<;RXqSW z@FW#o45}lAwC_ zmYEB$wZCkJcHe-0M@ay7)BC_plCXuxYY*yimB-8CAO4)!OfWB{RMW3k zp{jVf$|ac-Mz338XVMRJYmAR=GSs_gD4DCnO{2(S)QjJvQhWF^ZaGOan{j~ZWLB=* zb*>w(TkgH|I%8ltFX=$^yzW~XnmOSU<^D?CtNlLt?wYFgEg6pNua=iqKkXX9mGN-Q z%p>}C5BqUay&IrXagmdmZ%u;!wVbCS#Jl-bO-0a!5|x$|zim>ftFpX${#a^Z??Scr zOg3>5zt)xb`ge@`Bz~T&dfimKiWn35@nHS|-8$Z}Y^vQcGsb&F{wdSxH#Q{^lf+-2 zcsjdoJL{RgN#p1)u^CYVPV|eSkCs48K(k-SXb4@{euixS!jN=E zMes0~{1v3az9{&7u%Hj_)v!3+)RTFz*HESds%Oo4yin&GSyaIb#Z*2ozUua!a0~kI zZOkKkbVRy?-=~B1W!B}`9xM?pew}=Ry;`v;kHW*XxpP#3lc%I%2t z5vh^JhYFyU*cXTbuNgk+l=vvD;eB{vX@tPg*v2%9v0p;RWl&P#AhPTji9cF6TNyxn z%e=%~quV{;8vb6z$T9241^L4B+ln`H=K2x_U&WoR(`E%tLIXANJKr ztD020>7<&ZJ2R;7`CkN}z~`$Vkez2m6$4pmvVDF#+tT_^r3 zc#`MM%aMy`AS~(eDX7eCkGE-_O8(>6n)g#ObLqs{dVd|B52F*KrC`*4-hRCTRU~dM z#@XH>12ca5))*j|d01e>2i@YLj;UcGA6q7QyUVx1FvUP*Rd3O5!SdrldM+^r3Kf#Kx0+s7FAPpK5u!wt``(n#<$CVe`xWRzL|-rM>&< zu&FmR7Kp=0@Xa##w*ehy>^&4i1#TP!3Unev`s_5Kejapnbt^kUJh<&pf&caQ_7wz; z_|xu8Y_&*cpPN<}LOlHxAU2>WgPn4XxY*jVNZs_H7(E@1om{-ta_P^PNR_l~5;FCN zIzbO3b$hOqfyIire{KwB%2<7}EPZ_EyK$URX2u%Y9<&Y*VYS8|FOKwX$)3YOIDk!< z4P1@~Duhtiwl4oHtX?UW3hDrH(!ROh6hf;q}HS9+Kt zD1VcI-2o48(=?_N#f_*J22}1!>qQ+G&U`+br?|0`)eUx<_cZ;Z`SE;ZzINIiU9dpn zW{>^pNgpj}yV;ae98v z$VBkahoqVUIekS?kYMNs(!*$r;=wijFr(@Lqj!q;8ls-&#E58n1cpblwC_GMLbeWRV4OC&?<5@VfaTD3=$4L;>fQlIFbR z$EPnYPDlgq7l}h|sicTO*+`tm-?hIDX{-f8M)@6~9b`t7`p$bPjANcg%tvK-jwKly z|0E|gDyuy>->7C06j8442CE^TJ3u1xtcL$Cigh3jA+#?AA_VqR<~JFPa5hur;A~o^ zZzPSNz4`_JNy>t#4283%BLjZOsKPs3{5+nSQn2;ApyX_<*p2@KS(+bMqBPX{Okeu7 z?H9o&x)qLovPZ5nr+EZeN@Pk;NtkOtI;CzGoo7V}F;O88qK??E^|`b8!-R&096r|- zf%c~O0izcA>xhy{4mV9=XY1?aHx+4fc1=-K{BVi7@aJ&l{l(jYRX{N$ib&36r?{Pi zr9nH~W~7mRU6s%asGhxqcYn`3y?YWc>|CJjOkAx+w(!znPlA`IuQkPBXZGiI%Z5#P zn46o3*_4)9MNcxVhwx~3sdmZ6OcxNF|MBu4S_i+W&>oW`8e%FL_%Gvd0Yx}9~phE8e+f|V~s6z~&u0Y;3DBXxZZ|+Vspr4Yi2$0kb z8(?<1hSs|!3j2fXAiOyOPbeio=l)q?vwZ+ovi9S;r*edN5 zFR3xXxDtxkoWi-ogkNt#w5g8qzR}gE{{}Vzx+VcOsvXg6%XpKX>un?xDU+nDoaOuL z=C9b#7YmEZMF5+5rdTl2gjxT_N_kq@Sgwv&9VqceH7a$@I353~`_q6OhMpb4Gs#<%-p~&7j4H6ZLbc=fUZ%|AqUoW z_GS+4s{T2cO1ZLyZXanQ@m(gdZ4)aqkf6k?2c00RD;6sRW2-^?v-KtKru1bi?~};Y z3CQX5drll;5+zqJ&`)xV6YRkkXQ1e=yg<67BqM>)`ow-Te7){o-~NfEi~K?12v7XYSQ(;8%N2c(gVFnuOiZbv<<36Ho|oPkip;U=rrLEaNI zNoCcwBeB}r^e4q?sz_D;F1s;R#FQ9@4&I17k6U3$3(Q{8G=dRe9)OA1#o|r z(qq`En6TtMN8fpRtCM$1sdDEpXYs9dX#q=W_>UUatf3_@&dJ$%Jj_wHTH#2szjY8! zJb(eA%NN-J2jSuU;gf07Kky848Du+m>{fbHPy;J29R;ARSk5J$&Wm3PYe`!<}=5`-@ytTp~b z#eu#)rE{&XIl>~bF<`y+G8>!92E@VY_>0Vf^avj>S*Kg-9`V#E-*~~afs2fBkX~i8 z2vF@sPOS)}5`@>c2l+cB!3#1+@OJV9)vI5a?FQ!f`4NirQQ?)%j}R>ebdP7{-MgZZ zapTX{?}Zz;GJP)G!g60wZCiMt$5ju8k4Jy>0<0I}@?_me7;lv`52_W`zN1t&Z{iSP}1m?!%g$$32@TpK&2>BmtR>)pf6ynbFn z(+B~=ami(%kUH;HOZiaImjb4*XpN6pgRCE`j*#qOy8mR$6a7DA<`A-9A!cxaA^A$I zC)if$k#upMvvOWgNBfU_d%D?b>YouRE8u6c9hog3Y1W$Rm7`{uEQjvmF9c=w9H)yL zjkc~E#fn+U_b}&9dc6)$#K&p$E?i{kG<{}UK72V}A7n>?fAmEr{qO{eP}Z`PSFWtR zib*FHO+g>nWWzltIFlE4BmQ&`fA=Z1yiXYgrYIGVI0UASk7pU;dOTS4!r3q5y6o8QP|;R#5{%q z6NKG(bfm%oarI~d1Gq8@(z<_Y@!$Wm%9FHGmlUeGDTS(9{iJJ!P2?z*D526r&Tc@K zcSd+@Mk16Xm#K)oTj0LoRfuW^U~$UIOS6kuC<}jwd@nWGaCsJYiDfn0Mz z^E8)`9R-P;VkSkO5}Qv8!e@cu4RNIXst<64lq$EDRv492wNket6Z1x!X)0(jH|pRy zQ)prfd_mFdIxz)c#CETBKoI<(qzJfnsmvfF=6(C0b_ZZv&b`=!rnp7MZ^^}sseI#n*#s^@^-n5r@?C!0s??` zsJ}^`gUKt%H9xcg)OCMyOtI}}Z_*DGj`n}jLkE?WuYJEr(IQRM==mSUK-*@euVuEz zphl}d`mW)MVWY4~sbI{cYXY9=wK;5?uAcJKx_{J;9lLah|0P9H>7l7FetogX#YiK#ng+y2K7flJGQ zK~5l~OnWN>u@g5b&Ey;0wC@lb@Uv12H|_fO3SlIP7Qt{%F+@6^Y4h-j zQY|x2Wojy217($OUDpce@-;XHW!?W033Gt?ALJb!#x}V)y}iCS0Zwd^52<}6z&TP# zKFud@7A8rG`Y}az>`G0}4=nC4h#`Qw!(;cd_arGNXYl4y6F0W@du}afts*c!C-vfy~|xaaUVD6|ZHexXD^MTTE)y|Q!8vRjpYC*PPvQ1`(8TayV)#XmqK zK)k^nF@P76ho>0h){B?Zbq?cpg0*5n_!F!QB;^tmeB0Dp77=Q)aRmK-EpwzDOlUq6 zl5sL7$B>`aPd<>a?svi;mDg&?AVysLR>I^?iF^Lr9acew4litXi_eRH-icc)zYx-U z98lyyWv8o(77z51Mz+v1W}XN!Rf&KEY`6f|@7VIe9^rgZ+R;a$oFKXveS9LJkm$O{ zU$w_Q?`So1*%Izw49G@24IuUJ_=*ZJDP%zDB09{}Btj{uK{PYfJurn&w{5 zhV8_MlVE~!C?gIZKwN9M{=8rI+}53z)#>W$AVx;%bZ~pTpKk5U|GN(Zek2|GxfCU- zn%L+ZMqUX*gjLLLr7c#;MOAHTA?OfhWSvY14Iha$IGhJ_bro-Wxrl@eQAXd+@%sqC zwXOKx;eCM#l8}3mPt318aBpyUa%Vb%nw#f8{e?2aAKL;+&1xPuP!z2HVsv^p1dca# z!njU%(&%>l`0*oLt#Zu=0Q|63&m`XTZ^Q87XkRGfUq808>&07xOSKVY9b|GyD2SJ& z)X5u?{X?4}>5qv@ zQ1T`ez4(e5b7KfS)&-Bb6R9F7_sG5n-?ayyrz?*aj7iVSx)JBpDu8$qCQ;;n4wz`x zTt1*@yvFsl>H-hrPIUVAiP^XXl4zI>Kl-86f>h1zfHcq3k3eWxLO`c0gc=5}!C{#6E( zf!+7mN4N6TyB_;vhd2zO=qQ(x&0k60 znWr7~?@%X)1#BNr@lXHUKJwOJ*i*+fCUUS%Xii}%x(+HL1*%mKR{ai!$~=vFhDrm> z#Twhlw&qA}EwLKZ*5=3~i>Om9LrkVqpU}j19?Q750DW}s7JRLLJ?QvaHEe*Eo+l+c zq8e7)u{1TeQs}%0#)^tz8kokFz*iwF2;kTWg%%Mwc3v0D^Mnhs1_ZBsa62W3HrTP@d*Tm@08I76HR zKHl{|+3~AjceGkgXLaVbav-_Fa6p;M5F{fHLE?7!D|*>;7}<&T)uK>Jtb1>JLpYx? zsHEgGK5e1W9u-CmJM!>KVxr6?cHA`Ci~RPw;xC$@?K^7p9b2PrqQWkLol!gSad9L? z*P!^eH!~Uix|5lhRio?w#-igk0-B;y9GPRHQ-fQpPN&>0N+ z!%ja%N-i{qxs!ag(0NiTIsOvS`K3dsYBNl$Xy`NHM@K@18t#@8V@U9~v2UD`>VBrO zRVia(-gJ;&2cx=z)K6-S!Sx!?l0%rs;F}9P#)AC(ZCSLcvLP+N4jClxsmN=^_d9Nal*b`*DVT3d%w8pegrV^`eF+q zw-6(Tf}zPlx5Dr;HWz(hMGVUzA%CeS22*~zTR_{2i@vCm#PR@OcaTBiD`8 z0=Z-T6&Jkrc0-&nFvONgM#|tt_?{vv`eu^~?ko@qy_}_w5of9^!?3ElccF{IuS4W} zF0+oPIkm?a{CRiF@12M{ckeF>E^`frgWP9&MZb|&>qX(Ax@+9zZF{LSh||4q1~5a^qu;IQ#hE_o}*DeyP5fo&Y5j;U4Ng zEW%)Z-uYFX7QhS|x*h8yBria*3q9ls{f3pBMwLu5Zx}^ z#inQxa6xr2=7rbXPa2*RZ<38^`?9r`1DtLy4`90T2nuYe)w zvE<oxmSVzQ^}XMD)ksa*$!ZTz+@xSgH&m@S!V;E7NHD3T_7*uO!h8u(Kpf9H1(M z^%{&3OT+?()Y_S*p+iW$amMzL**``~c&Dx3g#hU-m8Yg=p)@-LLdn+`mug5{1=F3J zEi+miAJLq<3M=w(gU#ru8a-u;>y-f8z()6G8|3XIhWgsz3|=2a2K#Io?)taoG8V@l zq#WujCS(uj)`3bS*J?@^NO@e*Wk7b2z#bHXb-)f3u}AxMEQtP156=7QsBXE&16<5o z?<_s@uKSV)xrZ5>(;f^`MyRjhy#t+FFN~r>X57V%;po6 zUnI+s?+bC58((E^hDqxLZMeXa@Z($rWtZpD%j)BH5u&E4@RsJwBWqv$I4MmaXKGzw zbO@YWIm=&hkr;Rq*%d&4A1hoA^NYMBqKW)->>${McYerw&nGsQVC8G9fXpM7s!ni zeNLnH3}FLRxF$m62fXBFxjs;=v*mNmcZbvaxAX` zo)~3{%U|8|QfS<-m#Irh`_E25Y;(uwe`K*Rmdj# z>2n=CTM*CmCpF|9#|Kxtoq{w(jLHh<+MqB$$J+#;H9DwJKwl)UT3a!4fGwI4iXm4+rgtiZk;`|{2C@@28rzEohs>lSQ1P|MEZ8&3TriEzLax1OfBoxL*npbzItTm3f5No1kW%$9=3l7b8JrJTj%twAdU^ zCEYD}by~-N%tKH-&2OBVLX#7Z-qh2nFU4~|d4w7QcMLSht6Vr!e`l@NOmCXu@(g7{ zbNa-DH?7iFZ3f^r^XRFieQ;6v(b&=LU)sXdA{wZXcFJ~8tEyQ7OxxrBWm32f^pg0Y z*F!*lzri%6L#E`BSK}~ruIqpo@UKmHNK`{Ka+ zB0(^6T3u{5f zLjwad=m6}Fe~MoNz=Yt8Uf}pjcYCA}u7-~;Z4s{uE8?rJ(``xdeF(bCpo$8%bNx)@ zsdCG^*0z9TST*Avb7+i8k|AR1z{-dYa%Sa#7zI+|A~=?;C3}Tu#jHNRtCqRvdiqjz zttWM@GwmB_qI>#|hA)v>Um=CVTtIaCu8fR^>_0{qbzepT%zJqQ*aSFl92^6-YX10} zZ(Y=&(fMQQ6-ktyr7vLYt%Dc-C{IN}XwMr&W6j`sQeDa#vuk{16=>9qV${X!KtiY|ebHYp zy(aDJb!Fz{_J@iEntDr6x6l8-NeIJMj7qMl)E| zGR80#TfD5-BmLD~&ao7yaqxTxKcN7GCd8?^O2|tgN~(jkeM~ol+fz){GNBGr0fx0X0 zkxmlgZA@o6hbMG8C9lu-*{;ndGjxOiC@Fq=OG?dRMSw*QKlkFVAv{fZb5xu9j2HpUDpMQtA;%S1*97Tslm zh*GPiYVyV6QGyZpdHgiFcr)NxVyb{7M%1_!Xwnk_qbF(IswHYWGLf#!vIAYT*4(po z|EHylb@rB_+Uh+Lx5!N&npmerQ-kM{{#;dZJo8T@wwrn%A9V@Cn{vFX5TY3RMw29q zc@E8De=5pU-}kDeF&h}eP;dGZOYaPNK`f{E9|n^`3;Vg-WpQ%g0{H;sSXwv+13d{I zr6DOUDXX0_4O_QpOXbi8lVTk((-OC?ln!~IS%Y-;~&0<{NoR`|*p%f)}e!_R! z8G&Ug%>z7nb?1F3^TjyCVfma1?6I_nHjy#NvK}skC+wdKdgWssx%e6*oqe27nAZm1 znJ|puX&ce^%j~iE=+XgYb*Q8oV<&{a9ckF-xPiFJU897> zYEMK9U1hT%SnBvhBs>qW2$;zO-}}Bou9pP?-4OCw#^0l1k-Silq2GUG@&KYSe*k4x z8*=aCt@^(tS#+zLJb|u4HupKGd=sXf;zDPpj?-i45`+g_%+;1NV;n1Z>rJ+oSJ3?T zsa}Vuv+piy-pc_pnj#7G&}{T$5_$AxCXRK$Sqk1}P~e8zZ9+0;z_u>W*anF1;X_#; z#3N+A%o7KlP-%&g*XHruA8XwoUcP zfP}v+0E6cvxB_8U6xSNnoq{DUFE~Fj?!fgWO*fIeN6DwS;A%(uUrHW@B6@(BG_KPm zO}=9>00Tfkj5jy3+==hLpp20o7joVjGf}v8h>mhjGF^_NGlNR4$e4Zj8*$*A|_0HlN*xxV{ zSy0u>V1#KDx@qyx907b&Udq-^q#Bu6N~2 zs|(N|C~52C=GzsDHbja~WVpjPT+1alp#UlJn}$3Fn0SMdiL6KfzF|^tDJLmwEp7Vm zrOgo|HFSZ-Odpw@O#>&-;}4X^U7HhKm5yBkbhdnyGF9G3;u-I$*e?yl&wm|cor^K< z0}RiYvDI%TsExt84o(VRilQ;#3ca1scOwQG6-${98!7AxyrN##eANd}f7A+id$xe_qMVIW}h)MgG^*kpnzTF{%kNwf0{l_0y z>CL{rEOC!vEUc>}*;9R{KsT{q#PEJczzKe55hj2L_gQX`im?#&+zdNiQgJBP#iloe z`Z5hES_v*5ehA zhA}Wra(2vg4Bt$G_zT?MH{IGKUguwN?h5A^*)X9CTBn%E^(N(bQN=G$vQxbS#4J09 zUzT{D1dJmq*k?$@@l%SOccVSdQihNR^Xz}A0X;}sLMqC2* zPHLXM39InDz;(v!y&Scg`x^cPBz;37F3=aI3*T{}ntTp|Sz^GH3JNXiQ6S`B?da@W zw;KGkrQ*`FQ?|o(hC$AmgLMafjss|g+IWo-#;|-uA&a2!KgIe~(b4n*%<7m4y3Nlj z7-`&#YQ~x(C23aB$VybBx5RGjT7@q_aPbVHn;j{g)$B%L9qzsW2S-bQ%oZ|ibpJ5j zz(-lA!vd{lo$4pt8*+d9g#3E^iN^aZ_A6w!6Pqab{fsM}2-hYW|6QpAB*~{lT>@i* zpJkq;yW(0pl{Z$(mQLy}1^0r+N{NPJKHiZ@7Jo5dvZ+Sv)W)m>dnuI zRN$}l86*tF#NprEPf2|Mu3h~jRj~hZR0S+bPLx;fv=7tg8h!xMrI!+!xK9JaMo+rUL zq4#RwPJ~~?2<1-{W;PKI|53Ca6W#Fx_@{JZ_7USZUuE;)-o9}FpzY}*D^(3eJ{#V@ z+rpOg3J1YV4(rJJU<$|^;{fY?c5CjUt4sR5wG|Iz{`&4pUJaDGnbagd67~23m%dy7 zD=(cAE zxCXkj;LdmfaH6_#R?=PEbA7dZeoIHIgAnb#Eue5OQ-c9u($(IgY;fj^vluY}0tuk8 zMV8XasCOAC3&KX)_MIO#Qaj)9!6Sm(9@eeBBK8-yn-zj6nQ3G7{&jUebFA>*mo=BL za&p9GraRc#89VimoAXge+I$H~OyPpr0oF2iwEuMm-!?m^FZiX!qS>U5Y6n=T-<_;d zh{N)n0kdfDK85e%Zqay9o(2NF%eeP;LM<&iZ+~esY*bzoPv24OBHsSCtUc}w z|9JcPi3>E^5v=lW-o7A0dP3>&;*BMVyO|)IZxnTxtdGb*}F56x&Ihd`57T`6=D*7K5P*1S6Tk?*HQc^<^z#QO6 z<|llLAg91i>rlV`dz!Vq)!heWskbw>3r<;cs365H12$x3!$tcTJ4=7GG4l_BixNPD z>XVXZrGh|eGGJBKg<`ws{o<_L#k(xPg-hKeMYUHmThu{(C(Sd#3U&-xa*e2WYpdpj*?;85m_ZpvruVaKerNcme*K_GvKl$ttd&|M8 zZr=dr85MNT5KDV>6)|fW^aI3TWIoHzcFOZZLfRl^EpTzk=xjWkRp*ACH=yEhZM<8V zJA88lO-WeHNY0nxlOoKG6#)}BP_~ATa=xo9(2h@(zPwNXhvBCw>?l3k0t6h==i<;A z43^*+#Gj+t)iEZ;nY^t8?e#M*K^&@uy@}JVhYI}@7P4C42RBE7!1Py%#)tv?>Y-3& z@bRl)C62$dC%G zn;5Yi4SE1?E@l?_aN+0}!5OU#5*Ga8@s8`|Wo1GzlKQ?0vXii6aC4sNJ*WkhX+Yrs zCjyEZqP5$zbWpOTxBvk~-g)hzzZN5s6oLUYzo#_!6KDpcMP&83Qsv!yo11Ai0DdV* zpHjp|=6DZzV>eP;1gES@*UzprT_hk3I;L)V_wqNIHxg8=T|U=eRJD>no}+p{z6%`9 zmkE0}P)5l*>ooAEVO;B_6fGoUWPd~rqrK3WI8J-9f5zk})d3+h~FRGc@Oh|^Qk;m3OmE3q0t#JQrGJfRQqQkih=tb1~7r(We>d{Y?tP|K~T@UdhL!xbpVb>Kv+6W%6dIQ(KtSzS1JMul-g; zg8ig1ap>(-DjC2+oFLD})WpMpSIVJ5E*pqQpv4=ZkA8x{w*abs)e#mD7>X=dZ65}? z$jl*^rAiLeGnHvXLbo<KDIq_xjbY*8_F}cH)-o-5T19gyZa$L9E{PwCxi%psovU`=aWR7&)V-NU5K%;$Hg1$;Kksr>Wa?ak5 z4B_Tz5=Y^Gr}TH5*WSq)+f!+xIzy=DR3t7ZN(zU(=V7(fD5u3$nm$G9l@S{4#!8p! zj6z(&#{hj#Pn`#zyG8#aUJ8P>K(&tfLor4R{K6)!nwzcXABU{{Drbc9^m$y(o$Z@+ zvN@~v!SYPBV+-CpFKG_^<|;;|D?`Yr!V=CC3Xq>5(60h|OM&*9B~k&6P|TLaJ&k{s zHA)>>8Ewu@Pw-rU4MKzX7`~?`g<8`DL{+8C@qn9~bl!jnaujEEIBgz%$olWWRuQa? z5VJ5w3zu7;(03z4At(-oH5l0JLwWMX(q$*(*?i8M+>SXNtD0`Hs5q&}GGhhlFX-~a zC`2L$NUS$VLBS_jr$jNI8Nb41vKLKFk=>;!&2V@u@HV7`DFkj?_qbczx!_EgVR3Bu z2?4*qbz-kded1iur3&Uj?l}CCo^#gAd~$8^P$OvtdUp8wj(a6b1wi|z+6<0&HUj_j zT>dccCeBOzry%l?iN0)d-*K8tfMA#y=o8~y=im#|drA@StcH#mT#m5DuC|RL150qE z4=KN6?*U+<3sC8}R1uM;K=)I=7wBbuwgNbPAJIjRzz3RMFW(bd`6={hy=f-$eK z#~SbBOO!`j$U7PL+q2Y&H=rbUja3W%sY z2s6aO4l)h}_Wh;HZ&k5pnHYgV8Z8)Y4iq=13_1JOi02Qgj5%HhB5VJ?(nm9a8QPG$ zf3PLL@A2>Kbge^wf%W8}O_b?&+y;CAa}oWl#&wbrnS>Gz$%SNbS7x0K#vx=0<(<$i zVDw|d7Fx;`^u2ze{G&w+(j|Afe=8{`mo(ZOeL%6si>>?T)XA15J?Yq;=HcmV@i)Dn zy)MFmsL7~=ZJ7gR#v4hqwuP=^xgKlg^&Pc_n|o*^OnWqJrJMq%G%j1m!wj&POg+!G z+}WURq~re_$=@gu&*zzhkdQcQbhXMb@B4_~eH?tBdo>QxdD#Po(@&zkn{mjiqGH^9 zrLw!qA$vA8)aw{ZBgO13a&BKPq<}?asgPr_L5M%lqg%$6j%Z{aB9`g-{7-k%$ z4>rAntYf{+58&bN?Bm+M5d+}f@<9od}MItw|9)S2%L}6Ghk$uD|jdLci|QpL^B9`%p~oV zCr@#busqIsdqmkx-uMj{f3xZ_kQb@=hvaoz``q=o2uMxiJ|T&jjIe zkFFYLe4O0fgyJ+}rAfMb# z+I!2q9stMZ?0o<5&n1(Q<7SqUV-4P2m(Q7QT}H`CO;tC!WL4}|$Gjeo&sj>Jm1Qas z!kk`~I|Ro`mBL_L*2&_M*0P-oSmVvhS=E!={o-3}kB{i94HW<}Jpz0LLNSp<$2-Sd zSVd*G<4VQ5+Yxg$BNFgwW#Bba5n&()mx>cb`gz`*AzoHvn}ia?sMVhn#i6YGtK379ctu|~}g4Xr(dJRq}V7SJh?BdGLoqqT*z*zP65t*`yV-zu*gNRc)b@|l= zY8iPY@*s8+$(6Uwu{$}{wG{+!pZnKx6j9t)AynEXRitP{oBRC-UjOw58<179!v(xg z>ri;rQd5U{O0Jl%52wgoOWIt$3r9Lr2c!G@5Z`2uuUwfS_c z)@eH;P`B2-^xclm=E>&DXx^sC!*SsIUK6YYwdRM73c+9I@4;=8?F2eulqaEPD_`F%T_Q=kr4Lq)j zu@eB&1GW|}T{T8&DsJ$p-Z2<_+l6CIPU6?PIHR0e?bzpyJ7OnHemG~o$cR#w-~ zm^5D;MH)$Zc`UdJicOE^xyweEG=0?MoIU zvYb44cNkD~(+0G?^a9S9 z{gmm-JDkNLwsG!WkAlWU{mxLZCI*=1nbtW8F>CSyPU9L^-wrri(8i$dWF2|2yXGZe znpmF_Yq?{G)p|e=0Nkx<0{)SEb9#ZF7<|D@&Saad%CB};Fo+6nT)Pu#UZbTYfHE)2 z*T;Y|mt1Y=yIvZ;>c(?RDy93{{?d}d(%1G~ZePx*<7M5Fq+=aioXKjv!OuwqN8D2n zB_u=t_DI(pB&wKMQh!hkwGr3H)&uHsmkZkuVcJvi&X18@1=V=twd$0C7CUiYq%I)h zi_Cq9nK%au?Z$XRt~XFGPJauk3oIhh&i;o5mFBSLP;FW((!QMe?eDf@;6JY`o|}@i z8aNBGQY`QH3xWX^?lCw1K+a;GgJmQN-F7J^i%8F-w(y+w#{SIMdr4BnN6A3dXU2p`mo-5 z!x=-mC1sE+OFz)b&tbxt1cnUmcXix*Zxg&RmBK+adV!%d{M$j|3x zu}DvA#~=P%Urj}w6m38jlNqanBXG{5zee&Fa=UwO1|4fa0DyiX!`fle{1MRH<74>e zSSbKp!4b>j>W+k6fS4z7T`&Bid;if;h)W$*L$v2>vW-f}>OPuOWk1eDEV}+33$rd* zY4;}8!t{bl3%XuCGRQ$>a|d1ex~q22=~S0BM=gAhwbwkxM;JiM?`}Lf=fn$oyBgI( z^-ri`0irV<*(TOU0GD8D)IZPdZw)Fd^~NsVRz9VvW`|!E@?9i0}ZlPV2qRoj2mlhCORMC&>X`sW7&$a6bcjTIVcu z?>@WVR3}3Gn9W4 z(JtvXOY1Ia{^GZ^^eg@>U#OOXpb>vR+bUhsIbRDC;k(H%;Up#uD&273ueSH2h3#Jy z?p5KrWGL~@$gdHJ*8g^<=}E}z3_}>ZI;S1Vz9uw6WXm!FmR!?S+E_F}HOq-90NcYO zWzcl>7Wcm(_o&v@#~%vAx=5kAMKZRS*0JO@D#ct;%~FX=w11Y25;bc@{xZzC!8hF} zH3SFC*Wt<;8UUCPz!P1g>n@Rn?`j-ku}q{yBn6?g`FYF!4B=zx-7z%ZM^&3F zsyFylwGPNGx>{kWQ$2n_;2;0*_<1PVwgTx}m#UNbghK zlwLn>^x$|R2jDSk-~y`BH22J)%eM`X0vPr!pD1B#3%4x#oyH$?k%zI~zOf*VnGYyq z71bRLyd|(CVxNomNQ4ez&X|_YKep#3dsj9kiVHW1=HCf@8(l3w2a@}3|+d)tcrg9fyRucMNu7 zJyp6+tGTZ%%CYD4IuK#P0#H39@A)C6x1i#1W0b}y&GuamPucEx?V?vpS1<)uAUy7X zzjXJPQ2~&IYI6A%z3uhax`+4w{<#oV^UF-Gx+7ii@rE*V^oDI|^sKe25H06|ZGkRm zb@`>6VW$l#rchL^4T#B%W1U4R()2~7?9Fgp+z7t-&LbWAVAzg3G8Q3dtDsf!Atf#i|qf)aEE=boQDvqRo!f> z?1cpHXinSZPXX`PE4s@B8%h(CNB;BnDSlYaOBPd8+ghRC>&@C+!y@oiaOvlb+xa_Z zMAxm5rAkYr<{P);Bj87Z_rDCQGkqwx;E+*t(xh3r2Zm4-IUZ~H-4y#qR7-cC_zDQU zvm#;mdIjwnNc&`NoqFLzDm;^EL~vh0cOj#1V;|7Dg8d4=iYkaJx!r|aivhxBl5b=T zdeBI|;!d1M_aP~2BvI@~t&semImds-AO;6Ac-&h8CE*UPlmL5;{s{0mq-XHX0FAx? z@}6$6VcO)wP}-4YoAw4@f$Z&=}4V0gbt1D_fQj9WvRFJ2n; zNfhbqGU(nI?gjp!Ol6@yTU7i0+j>r7V2KFJ6&EzXShxuPD88Cxhf-Mm%L?Dzr%m6J zqS@nIT2u)AS^(f6%Fw&HLWyCN1HFZy6L%vTDH*KK|Nb2Y0(;X|eq+2x(x{nZDSx^| zYdhZjii9xZe-6Mu(o~zhc>RjtlXZTQX9`<`|fn)L;|IRpCZ9gTtUlB+gMdA=yM`^E)t zK3&xH_LXj?(NPV!aN3JD-G=p?dhgFd<^dWS9S7s>uTRywBuzexuWvcO!xs=49!9IB z{{34#xr)URiLj~i(Gu4w@}Wt)WbHG?lxO0lWq6WMTeNXI&XZCRftgY?@;6zyGA%KD z_;8SMQUWl!P#Nu~_#%1_2fWAC%~_7cDe%AxlvR@i_%#-q1G`;Owqhl51hZ0DTL(ER zC-UN&3-f$v{P}6*TM-XMGNAB8$H>^aPZgJ|eU zKZ!@7Jekg;a=i7Cz`J_k=O+i-EDr8`!Ai?mM##Sd#AY$^iCFNFC#bqPV7}D0tVYG! zyge&Y5yPM)_p&r($y=zWUV6pSDn0eTQ$dv5t36qk%}U4RN~QVRaPx;_lbiLrYaOl4 zcv=96y6W){yKs&yi4+t|>hDqcd4`f5C=(w;bw44@ZfN?=dnC`Ny>;(J-zRzC$!prq z>+*^&&ipIR#H;6kj)S{~qq%unbyOP7oq73yLD@67S^yVahZE)|byWPzt(-_`Q`?%e z!P9$E9RtjE&_e`4q=1G5`77w zW5i&_>w>O(U!z<1pQA3gCY){$J8+jiMk%i~rBZWB*5H3#(&ig7)#P0d_J! z+}#unKR@gYFS;I9wT-lGP9F^}x*$YBVt|@_cY++97?%Q_m=g^ShafTG`}{krGaSYY zdMH+yZc^JX7;C_o{ueanEDcd{ay%qS(J)@{LBC^Zm?;*gWOP(;IWFa();k!2-%)6MVF>Zcb9@C%B`CjtopKCnhXFp|{M2*H4y5X(MpeTXOPz>dY4*!{38S)&X0J zKk3kT;u%&%KR_P!0$TNrRk2nT&QP}c{rFn-DV@P7<6%%8!5NpuXIH4D6sqU)El&c3 z12$jw0;qh-6Anz(t#i4;a$IFfc822l+H6Hl>pAl|4v)M(LTGPKZ27s@IEL|T>FRC6 zZ@D0Jluet5Fa$Jlakq^?1K9~S3g)3bS5|gXjYHnRsvY5!zJdjYn#hL>R*=v*qH^yj z{#jOBj@D04Jugkx#KoUbP*w;!eyX+C=hst>Y%H4lRdvX^-7oU`mwCt(E$3N=#^c;3r53hGw`t^){p6 zp!}8rehLOs9tBGi9%qRk@U7EsK(Mknii z-Td$`mf$h048+UmxHp&y5uuV3_6uI80HdN2+Xb&!{5q9=E}Jf?*eCf#FQkAAn7+D{ ziv82QWyDjUWuQ?OT)XD$uUv$7&1yy41Y0B*d-Jgt3JRBta?x5Q*me&^B7X8($$%0v zO5c`x2x}#4T$MAJZ;e!p)bI@1Ez}~dMa@EV93r4p+dw<4wl`}h`<8Il=m5q`K(TO~ zukmVx7mre~Cqs5Q*eAC;1yeAh5F<=Cv@vFj7YAVmnL3q-AOp;T9?W|bnK=+o-6Vpw zLcRwxPJIj_x{nHN5<&aXp`~QpKg;i?!S+tas13~&`H^IopCjNvg=b9`8uZU0q~T+8 zB#$bF#G8y~ub3ekT=_FYynHVdPzz>~8FWmLo%p)E6LU((om{p0m56#}t9)Tl6bC(K z{9RvM+^tVy(P4kwgdu!k3AD#TUmX6*{DiUee;}y7sFJ1gL7MDe`NM{?Ov^EA(G-B1 zma=Kd%0O9W5jZ;_@*}0w&W$w|ISj2n zO(Rnr7H1}UmDkQnG2D>=&GF}_lx7$nAGe8A9KqCBAsdA-x+3c)safW4T;8TlnfYoz5U{+{0%Bcb~ z>U4yLw+;WVlU)Q4rdUu9i)?yYs+1$)scl-C6sSPl-*j_bdYb@hg=7%xl^nKK zV)*q}3J37z@!b=(&8J%RV8x$09syMjX!whWVvR1i&L8To*#~eEwvztpZ@Hp-G;O*< z0DZ}FaJ9yogsGO9QG?Hb#V)_&MO6RMG9hR9FK>4rturkW z^7_}rjQT$#?$;>6uMB@NmLx%V_rbPtuURN(TCc5n2xnT=$F}tWNK209+PxSQOIOAH zuS~FKPhlP0khP}IJy*mBX->(s)vSLq1K$<@&;x3wzCC=e275Woc(I=IHy4~K^hmOQ z+|7NaBt>(_Uc+BD6SJFOmfi^2ygy3M~GDs z;T@*FWCZq2JgNT50U}%c8CJ+GHY?t;-3?HapV1v+Ul6nfK|fc2!EvtlYj$J_1g!Q0 zpyv>)SX1DRnlz>*{kxnWN72F9(9?gakv3=viSHX_7L*4mp`foRiBbuKH%Ts~aB&mK z0zN(RBPa=EaM$m~GWU>u=h1xZc(Yq&NQ%^daTTL9;`IxEDxB z11DjqOcEZjByVJ77Ws^<_2e){1~E$iko7ax5-+k73}S3CV-h*yN;l z>@zK)0jR3!$MtYubjStjBmd4Le2|~9v#5va^o2^u=#)j>HXP+Zok(Ja6lBlG1v>7b_+gN~ENZk89 z_hY=l$637#dsG2?ksjxY6zw(32S^rFj3@hif#J|zYG1TpCc0o^6F!9(~jdvW7#h{dWT&i3; zkHf^}03VwrwqIKB!V}8AS`W(u74pLZ1j29|@^<)u`wz550H{CUEKDyuo@sDBCkF^I zP>dSuoQ*&!Aj8%M@fCufz;EOqAo=|2u70N;w|EZK1EsR}+BBNmNzH1?4B zR5h>E$$K-qr+H=6&#aHuhM9lcHIB$U10Z`U6R*>D${wq5GGSOB2O2*f47H$;HL0I+ z_VnRhz0DBq0=z@* zZtwcQYT!n#)Fk4#?5GJWD0!YQIRS6Vj3*`K*{v8<*Oi&5qFXdDyzQ*WsZ=Q9J5(xr z$W@V$%E8%;gcBpePAdhLW=Ipq=Yl)_d|s&F^#6TH5f4k`iIvH}t?)tp6mk!|fnF$Z zYG5|m)IImj{g&Uz1pA{D+nNkF96+A6Z!jTLd}!goFtE*itAFpvx~Vu|UpLna#X276 z!8ywYC7l?-j$rTuZU3W^X*;^uE3ugQ_cc8Nt`LLV_H(7#N9Gj%9i2-`*}oEy$xRRa zzsJ1xx+q?fBWEq|#AQ&Ac5bI^hJ!@&LR%H*C4Fq?#Kfk?7Zj6kYTRbl03M#S=jV^x zzmlvkI9C10@TyMd+CMvLC|qYn@YJ1m`*V`*7D9?YJR+ITc{2}(J0ZtJ-r zpzQ)tR2D3=kZ*VSJAn|!H(ei8YLd8L#s5gpO;Sc=ZLAK?`i@#zHZ-J9Y)CrB4J^u@ow8b|9;mR|{Dh6fVCZzxUfy)I@{<9i9+nvGL3Qe0!d zN-d$Z4l@aMQ1OB_!V-yiMcK5gxXKJ`bjIO3ho~wxz#4xUO0Hs?9YI{hCd={OBX+BH zex1vwQ_6AqX|Ki8M>Js_RRJWtn+r$fDxl*_=5CfBpn1#d|!_r%%yV?d0 zbMq#zgdvNP4=#~BJ}jgO^M8LXJ<`72kKbR*2MO`7a^W16Rn4oorA55Zb$3L!;!i1s zyjZgeSB<_WPlQYU43OQ@pZ)exMD@2R3a`Ew$HpCeO*VJ(7beYgKh0yi57z(kd-a46!A7$~09Rzj6*pD{6ZOnkY=$+-C{Q7AQ#3Jiyf$^`pTg92zpBw1))FmrWrzL-1ASwxlIU3?KqFiT;i z!a|qjrgD_zkvx30f*dV~N-GhpDgc;9`qLV{=b$HIm9oVKDFeQl;t_5 z&y6qZ^kVPnuTOOlX)fZIWx zouz~8n{!t_ZT4#qjszKb{Z_5y8U!IaflfRGI%&kWIO<$E3X}z~pXK;{!aLj6&f=S6 z;+f$jW%7`NzGtywZvWzBV2h;7w9>{!h=L)29FeOSBNGR3pP%+@VFsfFq35416?WyZ z{%enyKfYD>0_;iGVO1C3kCP#@Bi)P>6@n5)Ie*jUpJ$siKa!v4tA&4CT{(a-LGw|v z6Ynxxp)!-;&66YEdsrR0%IoG@{&n~~TYbo;rlZGW%A9HayAC3FH%{P<(;R_AkyFdx zS`DkV_9R;(oqtz8DP{iBeoG4U&jw%n^_O=~(+f4CG$8VOCSdEuBb6KEdOC*&D{#+% zB-*93A}Xt$l))$D&?X#5pa^4B{v#V6NeCO3oq>TS$E}e%zi4`$gnEnolXQAbCB5 z>x2Ao@9Eb4gU0`Fx9j|8{u~0iS7dRZ4QyCDZYi4rZx77 z;a3u4nfGDdgJ)Sca>l0N?K`8y_h2rnrgS;VkR#YDHmaui;o9R}`k&W=4|t;4ww*ga zOxm%Sc77Aw%Xv1gsGeErxWe*Oj=7>+Nqp_=$N9WNbS4EU_m6M( z#?R`<82QjXp)MaZ>#OuArs${=;>!?8#`j}Ujx1p*jq2sKgv=!&M?&?Nr^gam-V2i@5|wTh0l5ph0+G2K29*rOa&U$1LBevf>ho$^G*YLE zAK51=DoF;ik>@oazWMwfht6ce!|@A19+bI-vPatQQn7^BvI2#}@IaA|IbVFiTqsU* zuqWg47utmK>Ph7tXG-Uo=Hy7=15pFHI|;O-Gj8{Tl#4sPipFych562jMr}zR8nL(D zn{R8-*2~aN)6I$MxHiaO9oB{9R3=K+mOa0UU`N23yo?5 zU$=W%46L7fpf(mjyi*dN96aWlVJWu(F#skC_F^jwVUop^IdP2z^gB62 zSyffpoV$HLEje_mrLT@HAE55IK^L_Vb)BrXx6`7t#0Vc^!bdp8-F)x#KnQfOz?a&h z%#N)p?qJw07ase`Q;Y_;7|K%UIieq6f0R2m=@Zkhq$$#;fHB%zsJ0D|=9GVi_wOM4 z#g==aqvlj`AoVyVJ{1eE&=p83a9yg>8Zxvy@mO8ow=FAm4C@K}PVH zjxfyafIJ3#mh2iro|%*aUy72Hd!Xk^dDlWa=bqyUEO2-z%I-2(_A35Qr}Nw(_%^le)f2tIW)>>8X_1yRM^6;z+@mT--VbG$pdg)o8aMNNY$3xFX`k2#mry~A` z8Ll)o!jWu$Ho^DP+w$ZiVlyU#kMGn&UTpZED_*j4XNouMxNQYT6hH7#i4c08T6}j# zyC2AUEg01@Gh5Tj=f{t};_}aO0-$U97f_z4b-?}*k{T=^6sV?Eb?kVE`Vn8IxHSG5IP^+L7Av|!nvG%` zYk;R{WbeH*X9_|DbC@qI6)A8(i1hX_;!1E08cB>+QfET}dil@3ZAF#t@%qW~ZmlPx zzZskr09vj;V2?A!4rsq^%mmR^R2Q&GZ&c^w<7&m$Dv#N)0~W4*a+^~9xncrD-(yk* z8(W^tbh{=cDbMvqio=vWV`9^KGM;(N;WG(yXSX*BccnN$lK9%x7}fO1rw{k_ z-96s_cbfeN??nteEH+PMr5`LW{SO(0AzPBdpU7BowtYLK_0k7_XEsz~8ldIPG+YhF z+FxotvDl!rB2pNDclKz8Oa_1Ij?<4je^>BlfR+4BE^x!X!N~+iW-h_LzlXmDP0Fi- z6D|roVs|D!9xK>Uu!9q}0H%}r;-V>8S4X$6qn8S~V#kXQn$Ri}0)`xQ4e9ctZ_vgv z0x_JWKoq>(6=o1q;8ug8e+EgYtKXV-zZGz%+7>5rsXjV4qyqiHLh0bsAHEcZf^1CJ z>fmBW3jCLB@5ClfEDiuaG|h0E1A41rL{H)sOLm3orHien!NH76cQ?Aq>0e0ZHo=&P z-mp6PhJoE$K5|AfcTOSvl{VYcG}#*RQ|Lj787>F?o5amiVj|;a^s_^VO%;wbh~O+B zoNloUE{LeFKyiZ;QQJ15le3*F{^a_ThTcu0-T6R4TAT_Xj^#n1&CjK=I%@o~3+X|(3UBU-iM5=vBZdZ5-a6KN zG=ob#iijVP$dch5wGtf8j{gG{x`Sa$t>p$+JPLO}3a#ji+yV(r41x3&R9re*u%3RO z4p>rUM8>a*89IjQZ;GA7B$&2oh@zfIG*I<2R5U21jam9r7>TeU?4sbivABNsfJCw+ z%Z}8T{CBCvSjg45(N%$-sV?n_ORTEJri{Cb#9YUTDpukk_< zD1`)Ci&#@Bm{1#}Au&sH0MXJY5ZF})!=2)AHd5-$b=5zx-IgSKQp6YnilK&k>w zJitTjg}%}%7LJ;Y;z{dRy43udXmGd74+omI_*PfR9y^ES)D>ocakn|Oo8%9!0YuzH z*#EF>l$#ZShKPOCISaYZh(&%6iB$#EG^d~3TX=eyxZH%`Ge*3J*EJ5B0mz}4+^nxJ zNHS3Lq#Xh>dIK^-y-e{KYpzX#)~~kAT~IJeONo8TDoGO1C9e`N_Jsdx@y+MA@W_s>O z8^V=!yisE&V(6SheGge1F(sGo=1h&UUyy=gLufGbuJV$TJ<3@Ze1@NK#2jhP=S;jd z_|z!A_eA?ElUHZ+%Y*I(_kJy-@w}-3Ko7L;@7rty5&V&y)D3yDx(O`HqTHU;^SUg! zghwk1T9+mY2hWU?>IZ|yG=4AL@u0@IK0Ap#DZs@qB%Sz`T~q2BIdrr*0miCZ_B+Y} zQkKGh%mRCvc!VUDT350G1i3M3s3XOBgzTA;Nhd|1&Rx(wbXP@6z_0TZYA-rCTA!`i zHa1uZ@tHBxs>#i@8BDk^q7DY=Rf}QoKbL%5Jn6=6f{RG~myVVv7QB%aphaUO5uP5~ z(Wi-ia@Uhu{7s{!q2+uJ!LUMtKgd`_LiwyLrC9U5j$2XR#TM9VHz6t!O;DFbPRz!d zzLTO+Ot6tqbDw{gf#yH|hUpym8Nu>R;H!5ziB4m+8rO3g;rP#F`g?edGSq|0UNs{I zFXcCI=_x*w@YTEKIbCtN5A|YsV(r{zf=CPanzaJ{reCxE**g4eG}S#q{%RXGULgCo za-zrir)F(rX^ZT%&OC+OiuH-bVp^XEVsLoAWp7^8zVvU8m_$RN?gM{cXgVx^&Z*<*i%J>~K0`HYm*dC#t{sOpQQF;Hx$Y z6@Idb$^FAk0a$pBBZzXH|E;qz#^y_yQsZOE1F_~kMF>e05pz7-u$oZ!_zUNWugc@w zit72eGq;?E@U@VDT?~XzZms>(j_N0SLG65lQ?I$pn7`gB?^*Tt7y0VuQ{uVADI2LE z_Jo)$!IP|c0BIyQY45s_@~ANr#t5MwjWo(w#;HN5AdpS)=sV6#6{G`s*@meVXCAv6 zbUPA&uq?%oqS0ik_$onfx|CveF1Uizv^BkOQ;zRDf@zFf?72LD-zMyjN@*QF?oL$Ft!~oeSZUfL539(Lmw!VLr8?H0v`{p_#wqLiLE< zDJDbE1f0^-^%oVxU6vFsZ%!HCugYLaBH>8FrR@8qJ%5@(aUzPtJF28b%mr_0PvizR z`eP)L9H%~5Bj1{74xp(xZZTI>l)+LFw4%O1naBD$|k_?jjPsqqBT9QHz(VO z8>y9Z5SIup6s!sJNsfVASRw}Mpuk&Aa4bghq>@!6BpPEum1pR-tX(A(${dJ#w3sSNHmRB zSJV-45dcUBBR1n@TIXD&O-^>_Q#DPSC1v`$J<8Dw}Ztu06tJO^r>@dY` z!kfU@k^FziLL^gW6U@g1Y~vN=@MOj^80iG1$o$Vl`lEv_NZqh(^jZg(-}#|JkSkEc z3NhZ(eK`yxW=rUm%wQtT-43jLFz*6yCDE2(tK-rBwQ6p1NkGYk0=*h~OLjMGVn6&|uhUpyhXl+;#e4g#V zah-g{483@Y8<9K=@YE1v#Cz6Qs8kVNYI>Z3(}PF7!vm`+QiFQL?5qPb84qqrqU_yS z=0{;ph*K1nP@Gi)S2bw+q?vMb;_vGEXI}~8qA}bLSVximCCIjDpy&Y|W#3%D2?SPh z-el1+bI>s0Og@uOnP;YPn4=OL4Yc16jhQoKlm!N6)EA@sQ~JE%fyJ6 z37pxD2uu>Zx(uWnx+-yc#2=6VPr0+^%uGW5eQcoF8sw>oq_Gggq#(a#vDOR|t)xi( z>y)x0f#=}y8~lJ9h(A!z&U>#B4A0fRKV3htb8WKv?`Mudv;zhuT(AxI}lnOMLFh9S%{7-y|m3!D4{9!h!?EfZmkX3 zI#N8XR8LnvY}=87GqmVgH3s5TREV&Rc!xB?;Cp$haXAvz@yeEJR*>5B{iK=o&(b9_ z=>He$yL6@64U5F~I4olysezdQJREV&gfA4l>_qFyrD=Qoby##9i5@+|WRGJSa9|@j zT^y4snHR(Kix?%#=hqyF_8CzN*aQ2+{l ze#g(k#HGXU{%Q%ih?AoZTGJqnXL-_MC7lFtLB=S|0bi8jD<=zBYlbSpYV(~nS88mo zq9^aRwjGf2Z&p42u8B?~jb*}WLUrz}pI=zR&Cp_+eeB4F4usdGk5!EJ|6rX9Wgt4I zHZ9&*dGNyYdRn3-^lEYQcz2t5a}V26qGf{HPRVgCJn?$G_syHV{GTQUt(R7Ra1_NG z4LYfl7#@&xUA&piZj$T_Er$_dXGg-=K}FevCG$YEpce+i5F{G;a|61^N6`xTB{`(~ zE~v(%M5ymK;T8wd#XyJ;D)d9EXniZmt6Ij$!8eB?FmxFFl3S?UFNnLuH`na? z4g5FHUP`2&;%3p~a;k9>VCc}LY-~K_} zy9M`i(9BTZ>{}TqGG_PByo*HCy;w~agTGLT?EsFyk_^@14mS%&Ri8I<_pxVGiN86Y zG0aN6_TV&a(J)m*&&mob+UlalQlA^;OZYo2Z~g8bPx3W&w%;~#xx`u&KT7D>oBGz7 zEGF)!UHemF*y>jEm91;!KjdAOv4C8VS>gdt6&Qd{`m8ur*DKgtjN4{QmE0m#p-;EG zcBvYr#~;3wY3K@PROVHJ&+iE1o3=`IK0VSO2-A<#XWb8&i{SGzUwxt zGyOd+?W^ZAO%sqd{;t1gc{kx&tD0x?et2FrZgu1k@zVQ zem8y2ebOt5V$oXs&i-Yp6z&`PjrD^eLQILie61cz&R>8e|s$Z4Bf z>=UN$O~g~CC0$^dEcP}VJqwIal;Hi1K*oHG8I}Rw(Pmj6zlo;R_n9-w<5?1yiFW+> zokp1+P1tz(t?v9OMEwv9gMv>(+rTdHNR(3wJG>k0rTEtniU`i=5!J^7Tb#n@ z?Zrax6es!g$17|Z**yF!&99y*p5`S)uh+%{b ziSK44SK--Ff~!4lUMN5o2=M7V-4my*)Eb1^m3BB?3xfno}_{i+z+{T_(xN`$@TRhgvu*`sjuzyDo7RW{THzZM`+d zHwW}FTRPb#w_>?^0vr~cH=(MQ4IbjC8Dg`#NwA-l@WsVS7WhEJ94!u{pBWI%8uv-1 zru>wDY57hUN06-w0zG)XR}?9bW${j%bp&8=l}aL_sX)d;v>br7hT2VlrKgRr{vm4!kk z4-=t}CiokZnZyCteG;k-_FKyK7?H?qcmP|M9>~uf&{R}Z|EQ=g7k^K3o_9_G8W6?TtrD!Vk2{yMhxPu*A-0XFE;ny* ztr8eJTQ541in(zPlW0NH%>c3lvd}=wP1v`S+h9-9G=~djOvf#KqD2G|vpc;i83z~| z)=qxPtLbGvoOih)R=tVpN7!VqqTiWBuM}DE$5i@eE%Ek*PNos|o2v%oCWKiWgk+Y&rN3x;0u+|AK z@dHDhF!%~lIGSGsmSoV0xS5)NJ zc1sBn+#fMEfMn*>?@(EjFnH4sf1z1}ojweeDtILgz=_80*fv>7XR0_Xlh7Hg_zm1# zn`l|J*Wlp$z-=>bG`ai>rk zZWa5R%#)Ug?Ol5u&XMYkA^FHr@yDrMgXotOJ7=Z|)BohTAVZ<$TOGOs)3XM$rQ#O9 zn1Y^`$7>xSkCl@#KA1Rl0cjDF;Qy8_-MrBwdl8rsZ|~C!up_S1YzBG4jW?@`_*6CC zy!@YVQ284UijNTlLgk9f%v`>_X=)7RHeeXRmnSo_wXS_nQa zUrxo_3l$_z0dV=vNF&iJ`OI+Yw>a-4WejqV*C~*JGp5NfWCGrrY2m0FU^6Yu5Cmqe zDWFPw7*ua4*K9ckCL}wEF#^;N8Lx7K(4Qibs3@x{llR_@i3f^_A;d%cotepw;iw_l zChZxdbjgWx???e3ND^e1n5zgBS(kjCS7h9$DDgBkekO!oVry~V*+aEC$v~S*GAa!o zn$T=u3{5M41O_2;vU}6`)H1rL&Comy9867evyx5~M*11$4MCH;_nU*B3&sIun;}nd z-u@AmXj>Y9OU|LFCC?!0Wj`xd9v0HLudp1{d&LYp5ly;op5k1Y8sycBT!{zz3)1m7 z*3Ta?giP-m5Yd>cMS>om6g34C5G0pRq4H2bfKf%P5mDl>g(cPYUf-kByMR;2to zcLLvO_o$-Ex>zn;yqc&2WFL|?>yYcWLQGaz(-J(j0PKC6X!I`d;-|^RVWc8uQf-F*^J;X8Q z89$k^qwAPot!MrovU&~x&sTqJ-}+D?6jWIuCnH;%-!=;){<^_#f;DR>`h->teBTS1 zwfd;+>rn=y3lq{c>fi;0ETNvv(XIL2dE(yc9oz;WO`L6FapK!tS6TE7vSJz2 z7&DlV5ZEdDcgKNvSx@t8A+=jv0WY5tQ7I+7OlEMgWY2oxhTYmLo1OpvH(udFL>31< z_95@HN9jwv;9LdX*3zY)J$!R|lBI}0$fdz6}iE_iyi-WjAagYLvk1K=4DsWVq z{0Rn&ZJ^AFoE(0fM8hMN^Tnr41?eK-4r$2NZv+=ZfHk@Md^q6$fn#_DQx~s1L&R9W z>^H^#v^FRE7ZVu{(`dVAa2B>TAn0e`- zXl|}$aXAy{8^(!B5hw{lS68)dG-Fh*C`5uXPW%xtD4)!>>vaHZZV&GeC=tOKhTIUG zO#1u}egKTu%@DASRiKn1V5jpMix|IkxnB3X^V^-z#V`-LaBKy5G7-V;LeC}gmV_|& zh=W48Ivd52W;74+h>SS{r3hgMv*gLaXeHys8^Ney zJ`(#4R55efS_=JwkL4%knImQ9>a)wt&$ zvW@D6Nm-c;-80&OhG<>tx~m*fS2!S|Q~drUDcFof4LsRI*FYtJH{@VPeD$dAYL^Ti zp?rLBXEM}oM_!zu*;&Msk+|8Jm`Q$7nSH0s#?%DttY8w$`6d;mkCXuzJ%^PhTR|!} zVFz-Mda_lpiq%91zaT2kAgxfmkcDxOy%`^3vz~YdmJq$I(+*=lu8V>e3M(lzJIpBs zj#2_6qM_)QZ-$eAB!S>Ed>}AWr!z=n`GV#^9%3>y3{NaNo6cnh1nelic~cB5)I4Tw8Ik=W_D6p z&LeL`CGRqniC)mq1qdbh!9#+IGDQVy%9d_B+njVD5ST=qxIw!omidpW?!niAg*hh! z6o)fm_*YQ6T3|jn)~LmSVDczrisJ=0P9my1-zi3We%~c?ic5KsGT;+1UHRRTkZ0Wq zDsfNhhzbJc_i0auJJHAW`K8rxUn$Gmrp@pW|Y zb8?j{rZz{0y{X4;%^HE0t)tg(yAcjj|Kt;sux?;(IEG+{dq4dpLXT>)u@tw9iUU47BCJ5z_-!hB)vfjxDWc-YRC!HEE$Pj(oVvoQ#F;asgjPvtf(jB z_7XqTF$7;1_yVCeEu2^Mzs>+hh2LOe9$&SFqNQ`qd8u&!v+~9ubwH zPa6c}7`>TUhBcSvX*YrJIupJehAdyd*rGzJsRj4m_1ZQ!&wF{=dG<_sAT={qgJDr}dr!&iu1$!Q*THF0BN|m~g z7bDx7i@-okXQgS4wwe)@HJfS3@PR*;#$>)$lIF@`iA2{@~Ce#?^Aagf$STbql$0i_P^-gp^OY#perTh zMG%sCu#S3h;)LT-CMoODYko`ksY?cXyb;J*QLF1 z)1Z}K0jlnsfNE%OaSRJq$4q66$N9r=GWiPLW-c71HP83$DYc?cqS@oCnV+dy(AGDL zxu&TXP1PDUvwb}=;EPS6xY&oc4+qs-X6IEII0rQR(6_fzd9$_- zm<~0n!dU4}CBk)OdAYjBQWHU)z)_3yuDsyE0`9Vdjfr|XvP_oYGSX+`7qSq>ZIVJH zNt=DzfgeW(x6zyxRZj~k*6ujA%pI>k9$g--|J|InCu*m}Y)TtF6|x}xOlkY9VBL+I z6^k0gtR5a+kH}G^yGmMq0t;MLkA&|OmbJm^$!&K{P1VRZyY=3MSL8+e8Qd73Ufaci z2n5@goG~?Q`aHvo$)rU=_Dg!(FUNSly?S`sf4h5NxEY%szQ$g~&f#bSnc4mn=%jzZ zy=YFmrh2Ui!&#{#M%yp-rZ`?Nvq*87&nNGyQVmj|ofLJQI9c$Xz)pEp=lBU*svbJh zf?=^Jljz_$l~tx|Ghp)yV`&aTA!Yi;4XjZ@zFZJeV@-u0QDwCfpIuBTyxU$dudeEy zKFs;lA}GZWa5W5p3n{QQ&CeMyD>EtmQcrS)Gc8$-O8X(%KRm2hiy|fv-|`{FxZ$BQ z_TVjAw))M}#Hb%9NSA+yYpzCUGtt9(!h4ijm|kaGgWO+lbgST0cZ2nsOBkZ*0DoC= zuwqB385m)47~w;hW`pqxnt(p6L4&>Q+WGwzpDaS&>cQ|2<;3yhN0u1xQgQ62oy=GO z*)fODIt3*)iA6cir`t+5x;QSTZ%pr!m9!jLQa8px;ZLe$5_5ZckB!D@jO5Uus8^@O za_DF}?k+GZI*%Cnx=k?4hy5!W2vmgEmH(Dv?rG{vCLncyz_{MUfCx9sBtWD6*GClYwO2Y=m>a8`GTUtAP$qA&B)Vz7@YuQy<$I%{?i*NtsYeStj9_U^ml zM1R2RM3kQ5Y1^D{GjF(YastSl|>oO;tbzU|XYM!b?JLK0!aT?}Hvmui-+awzUizu0Kr9oh_r#6Z7# zC%v)E4u96JTsTBa5uJHAPo%6@C|@sbS)=8FdL-^~;^RkrSJOOHy4fDRp zXD*ySTn;~8DjYf211m`&wGA9p?PKI?78GZ$LZ;LeA>v8xr&!9nERJ*6slMLc_8%@* zV{pre^$a%sPF&~%bJ;JL32R6w!>f7(54n5&d|xMr|24*}pC*}k$04@bKS1L)fjo{E zA~Hq^KM#u_icQ6*g_1RFyeS`E40irLN4{osWSsfO_2usB3%qrZ{4pOWpibNUM21~u zQ4>eG<_$tY)aV>E{e4Ny{q6C7$Jg8b>f#QQkp8S>Ci|KMsZ6p)d=g|IaGRVo*BwhN zH=07OW_6;ZWML|G!Z{CVPD9__hcKU6*8fQy}s62npTk0{2Hlc zEEDom8MSq-49H_|`zT34u@+wK|A;%5vQtJ3UgqPEs$U#jZ3L=US4sVn)IvMtE?oh& zCy~5Db~lAypIw*ilV}hVdp61ebgfdxaq=BmkrGi8xM_`6ZW}O8-h$7fKdm0qzr z>}NX~q^r-%7>eL$lJ<82*Pq$HoEpb|_jrhEk2fh` zT;;KTzY?^S#8#DA;YKf+%l?zggpjERCFMEaUA%2+-RT@TOP94(F6r}xXLY|p&eeY{ zwP3RWm2?&pFMkNmW<|&7w!QlT?J{O#qO3{x_k+k)HCg9$K}3|>pNYcX^#e^q8~_ti z^@Rd|vU;`sjjglD2K~L^*|I-?m5bR}Cf|D#V1;9|i3{Txq2AKAeAeVQoit!#`ZobJH_%0>J=~N+ zp6zb!I+c6OZkLsv3R=ja?e(Q4eR0&ez4g{aJoq>9_h5_ihgP!h2jdWGR9rSswzRqO z!1?c#AM$KWLlVFlMErFhG)nVJ>~WM!0xyv_gTy6@lmHZ{H#eq8#x$+Jkx;N~QzQ45<(f|K65b!t%YIufE-#uqLJP(gFeRT?X-8w}LF5}jh#s}P zh2#fKukL!}#unG|QV8Xc_x3?M=95O=1bPUKd}-mv{+9$ey&)=@Wyql5(1-M}KCT@A&B7M&3BVsQA3`t3OA#HXSLD7%f(QE0usX?!SFsVnNK7 zpJjvvI+gT&5fQM+VLBGDiNg03;s0 z?4>s;GUDv|-C1)$>-@|90wxl};z1dsf~r8D?BkWSD<2S@!3$k^rZpqsKMB=$o>}sLrXd&bH+9u zNx0xxmsAK6vi3F$F{_=vZnH?~tVJx-u<^I>Ol_^GwxFS*8d5-95;Lw7=GsbcuxMM0 z%W5|tyEteW0?PVWy?eFsM25!$n12Y#q3=%-by^4T(Vro0Dpo9#UrdqPTXt&4RQatR zJsCQB4}w?1;=|m5LMFTvY=*$&y-ebEKL11L=S{wki3h>C1H$m z-X?F2!i5)QK-ReYN(Gkfmz+=Zg#)7CCma&gZ3w87)U1C=Y)4IbS%U`2U=GLqUjlPDbC}WLj)YQWf{i%g#(GiILGEV| zSrW!9!yvfOaM};G2#S*AqrdbTl!FMrB*jB`)9JJ2NdNGcv59n>EU@)G{_4{k?wZ}N zEAkHtpYV$9IwBCPe1emrS(e-b!gK(fs9{ook$UhqU9Lzcc`pt=TDZo7-qWa9y;w$i zHNbGxumcT6NSyRbHveq7MAjd#?oQ6nbOjnknB9|T)N(T{QmG4Tt|r0v)G4|ML5~FB zOT}2C5kMDP%GyhW3{*o3-aATgsl$raUCRB+Q5T~?Q+i+6vx`!F`5EUpf{4r`=y2Dc zoo@}`)pdg}s};_qk#U z{NWOovo^WVWen0tR$xJg@mjz>ClfTFRYqbvEI-;)cTrIxF@bv|WC{X<2h>hyw*bWl z6}lf8VEq}|&40_+&@P4@X%`V1%BvXDbgs*(ddNFC?GLm5RLzq6D&m=8?=cWCiz3pS z#PyJ;^{DKlO%?Y$s{0NjRHaJ5F4W|Y!0tcmIFa8e#{`f-%k9F{_$ZksQFLfb?Bdzy zHW=>Y6V)cL8UU=!vCm*@iRU=QlYxJ=8uAG?*R6xhoZDNa>QJmv?~|RerhB_Fmmpe4 ztbMZN>xBZR?A{0Vu0>_k;@85*X=Q)LEv8L0tRM69`F|W2CCqFS{M0A-k@t`^!L=zx zwrRJhrxI6~&F!GBoufmkhNeO#r#_iWLWYV7iqD|B>>f}X+MGm}8Cu7|B zJQ4bOo$X&=-+gKOE1^=GwLHgxm?>LxDNq&KGk{*5EpM)`oH3)eb2JW#Tg1iVLt2@0 zrhlC3klC_j+IR~oZ&-iVfn|j-`)fpc3yOv!>LZ#G$vuiYmTZa!1twEu#p<#$IpOcI zH5wv1*B@(sB5me}*1`%RP(6HzlfiwuPh~pg z_hS%%KKDC0n>@MXI@BFMrXao+T3p}{5Q_dOo_^%f;*JEgy(eq`nF#a}y>nq76*R*W zN$b%REbu{q^aKp#M?k1X`rdM&qY%d?F+e4-ZP`nGnko}lLK zpYCykSa&$Hnw=X(iII&-Ufcz2Q2aG#rZCnCP732$8wUO^iW?GtT7FnTgAy|TtB^rT zmZ0X6ik6FvqFmIt!ycm1ctJlj&!D8z0JZ_h9#;PushDF}qqd`kAg_FNw8(0 zJ10}t9kz^kR$?vu0$53qI(@!rb&rqgu8Nb?8v!uB%TZsXkIxZ34&%-D%;;Crj8m#0 z7?oJ<2sW_q>z^sv#qE(N)lD{6o4n-TxlM0|i42pLjAo+62vd-JFquT=ROh(7 zbQ$|W+7kpm^s|&HCr&8_AjeKJR!MDBf@YeZs{S|(SkZI@u%Qt+(8AV5&5YZF~M z+Z_n|V`ZMA)xkPf`V{hZOF!~9An^e7Dxi2ldh+t^ZTcK5HW)JI1a1>+D*p&_Ag$J) zd49+<)2B`fp9;`XjKq^+4Wm`sA~!Ez#|To51-S^%6J3gmJcTiUh1!6J#(@xuuUy`{ zAIaVw%EW>$(@M^Kac_DtbY94!UW}p(TL!fDdrK8i@>|uLhYQv~QRdk92lLo?k4cb$ za7x4I?+8Qll85YUXxfSqqsrKO(Dx>(@sWcoW_&rid#85|wey3VB`O$ggl@B5trsXm z2A8?pelP|pE?^u+UHcQAx5+&$MXx_-VshvuvR|`X!%azq3m#ceV{BBZqC5&^@BMuc zYbEE(MdS~se2Isd#L_~n!h|V^XPE3#qJv~aQ1yiYFIkxx{8EOMcNAlk=*KV8&@);l zmKBe9|0tNtdAdQIKZ6fG0NAAU;m<>M-1b>TlzBm0#%p4$;6c_57>MYASZM7dM)lEz zG#9I;!msj6$W~-l)|POA4N;uAN&|bEJ&ETIRWA4r#|GUt`0aI|Z&r%cWc2kOa#O5i zaUmA0WG5 z@MNH{*kV=u+NK?D##(k%wtrM)1+S$6)x(wAF~J7U0_z?X=-?0upF3ag#G&23H+F%( zMD4Jk982@_@DI&rCxnY)t)f%YsLUDovi#3fq+9-q z{gyKU1NflR?^!m-Kn z{Ps)@@_asNT7dW{7i&FG%o9LxCTSBACHJh0*=6wdtEN6gVCN_(94wAjW~A8WzmSlR zkC8tb#+(Vl>woy+0Y6c+ipi;*rjG^Ib$bLPYWOWwZ&&|4%^wi=egXHKYXw$%X@3+l zk1_as>+GaguPzQ7;O8D{Jp6@}U}ivo>A= zHNeahwaQ$5Y|p0!pPRG{LgXwQpXHfF|;Oei@uqFCGNVEt?PZL7Lk%QUpUZ@~Go)WaEhfqU--NiTx*HEEc zb299B|Rf=#&h-6=mfMPBD#G=M;r*w^lIk3#G5<7(hJ z^fMy#{eek1)@3y87(J^0FO{+!NzJ-VG+gprsCauk-d92?dxcMd`1h9Zk8FUmI+l}P zMbf{b#}=qBu*LFf#02Yf$X|b@q*0oh`$t9QHjsJ|VB=?~QWfx45xTKS>1x)AVdF(^ zA5eb*SWZ1qCV&A+*buF2#jWDu?N-?nC+q=x^G@y$aaR0ow^nPs=32`z`8b}I_A`M~)=*Bonyhrk)M=~SX3`N%Ug*=e6?QQ{~$@b|o9)2!nmR%yPRz1x*el}jxodTiC(w|)D99119~$wl4M{W@J<-!%&%CFWcFbw z+@O?Al)!8dB6~dvFnL`XNd#JyPjAM@h_NzQ=#GTIK(!31i8j;<1G7>e#{0+l$-oMr z1&@z;__QLDUJ}7btrV_QgvS#J1H7s0v`3VAOJ5JQH(;aW}r< zXnRM`=rm3Yy0V@@LU~<8D=Bj-tQ=e15HfSg0pN_C=v=B%df&fV0Xp;~)r!}09h1X% zfl4zGYo`xkr=_;$N7A8HeDt)3XhW&#W0N!i;RYyFp6EBS7&vOaL2#GOxy|KL@c{@kI(ky@gM1IGzS zV@z#%FGdZzxD!S=9LW>DLKty${<+15A?3!esUpuRR$)@Y0pq+Sp|RQ3^((pd&Yx(m zi56tTPC%h_t^W?K&Bxov+0Q?~%lUEkd~sEaDkUIXi)3+?XceM(Y< z9cX6CXM`w_BSquzd3#1m%$%`q!)9Pql*3CARY))ajLUgnO|a!zahH#KJN}koowM2X z?8)Qp^xsEbfaBcxvwqp=R}dQGn}JJuI|F|G%85pTbF7-SXj74v)8lO7TguCAMb4*- zyhFKC;jmPLNXhbymLRXviM{10w|lbJW}w2N$G9P|eZ=X6n)f1-hyeXHswCV|)}6!Yt-aGHq(g z94Q?w@nB1jC9a!5Hh4k*zKCc8>Y%+C#ATWl3h4q(*cVhC%%ATSYtZaag_Bgpq2=DZ ziEkf4ia#Vo;#%5=4FL6Augm8Zjw$zso%yYbtzg?3oqd8=7$%`rx z3RDNrAl|m2r^_1V+?6eaeFXyAkti52QI?Bh0ku^qL;-8y;tRQ7=!FJ3u3e70V1rGS zp*2u|IyNyvdx@Pn@3%)e$v{<2@-_e=il_&kyR;@ziLh_MUb0 z$@Y)j-31Ms(dv1_-@@mo!1fd~LotA&Q`ki^_JylaoO%5eYuW0P=|jqQytZ4W9D-jo zkBMU2ljCxJiWHJw%lDJ3>kbLIen!sc_kVl%zQrzN@P4sh!%6PFANT1tb941t`hp&; zwj+lm`!4Mw6)AR_ zx98n;l*EE+$)D4>o^(@0J_UmSrC;6p`Qb<|0sLs@z@D(fbB#8i;jq#8ZL%fN=k~fs zE4T9+{@Z4mz(IG5QTfONX>f6lyt!2o)d;|X#t>+v-_FuT`f%~%bGP`51SJ7D*Z=9a zXorI&UqejJ>_kvfOW)NOctr&uTNjIav+8{Qw>NCdoX+3D-OVe&>$kkQM}HEnI9>~3 z$FK)`gRtjZ_rc{E!G$gfIvbutx2Pq3#1Tp2&(dStw*JpLp{qqYjopXZ4b+WEKrKA1 z(Xk~fOH~5jfd69XK~d2Mi_03gJs+9onhc|Q* za1H~wF|)ijpItPCY{H6o0R6+lvIny9@6&O?YMVN~VrkyIda^b5*>Cd2j@4h<^4C`H zP8jo<;uu;nxl9-DHw~OS1&sdKY0vcMyJ2;hPfu=g+)$~EW zpMOV$M7u@+E@SO}Ml*9jThXgsmU7wEfI&QAUVp0v{BSxEuOgBQ7sf9>`q1>yd{P3D zuK!inImSoQuw6cw*jC4$Xkyz=CbluLopfwY>||owwryi#+t}Rq`#ih*VfRZ_b^ofX zzt%a||D3Cd9~Bp6X^%58TF$i^w2XiiT?zl-n}IX+!nylM!swsJA2xr}3aky9&bZs{ z$FzL8B*i(;7&iBTUP}rgIG)T7YSkVU$-n zK{UxgB6zE3@U^mscXAZ2k%ujyy)O?~-0d@|f_XL*SK+S_ob~1(pNqFr-k9PrdTV1T zfvh&0=-(|kl)20TSFWzW z(P4RPgQNY01x}A>9A|~j;&!E6+vWWlt_m2}NE35cSM+`~K3y<=vEKO!SH)1Awh+dY zJCQn7Yse18yR^YA|8gtWpAOG2sESACdyIwf_9GK=pOPl%o{RjI_~ z!e_0vZ+#rmM^wNt7`)PiyLM6O0L+dxfN%(oX!09?h1qHuv9@Co5+VKOe4uOqlGZkf z81XplG8nYj&zh9=L$_IUj=rd0UJi7McIBtm&|C0SwVfkU1%RM(;R!w4D4W*DLV%@U z`%0H2|7xi_)Xl3zTkY>i62=%kGnLKuexnC1PJv1g1qsma6$knByQ;0_?1<^{=&*BX zVa=qquH}^4X0@|s3Gj5X38kF<8Z$G3% z=~gYl64<`PV){<@rPC7N`*wAxE#pXn{ujj7Vx_m_;6MYk%p*c4a zA{LQfi<*beZkApKfS`jXHNIV$n+cgxf;|P5dn3O|I!t9jP5$EgxNJ^OUY9U)T->%4 zZycQt{Ei#v9tBZ27xzvQKE+=F_6zX~W)4?rSO6+{-5s30?M|#5?~h#H@AETM$xR+; zTLv&GX9pb$o`JVsw3)-Mfb7`Bt1nQ*em>mn?Y=yZjPHEINbrS2v!@Oc zP^QZWGq@3n(7rqLt0h#2IlKF4yC>T9{(J1x-`&3JviX{zZ8s4rf}D+z&4 z6i%AssTzI*!;U!*0VWYztljMq?9c+!Q$D6uZv#zeEdyonDut!Z za+X~MS$-OUJZo&4#h~UUdq2a?H5rs}QvDu3C%COm*l9O_Z<&xZdGiYTcg+)INf|E^ zCx?NEniePs04nx!i8;h|9N{9G3HEE>u|S$?#tXrHn9A*=XvI=GieBa&EXGh=`XKP) zLKihlA|co8Xd300NH)yr%q`0_B;)BqLs#euM_CBT!(ExV~!A zS|svvk_$S96-=TN;rs{;wdIw~F`>X1ae{Sw-_(E_(Lj}qy)XG5^bX;aSHFczu|@Ez zji^`S!%V$+#%fWz(@9-sVjrdzfx*_sZ z{w?k^IvQcH3o+e>+=jKuoy&>M<4N?_%WP81)^VQh$le;DF)7t6{xGvg!xosu<|zAJ zt$N)>V=_#>jFzJ7h_Wy#zi}+rhwJ3o#Ui0#vv7rTUJTm73mHSa*rV<#E{?izbKLx? zDhaaneN0!K945kO~)F(h{n*s3T;hznoeZ)1Vf8XfCr5C%@rVtuBH1lF-$ zN1gMo@;@nNgz+Z(Mx%_D@CAQPfPJp<^d$uNG@(a)kAG_#gmF&nN$U{|HKUS5Sl#S; z9N`tITxDadV6lNKM~j=$x+yQ!hn4fr7D>hT%0y9r@FMNAH{Hi*fuR{%NFZ$S-eWE( zoCk`&+4E388IR98cL5oh&$!}dT(?+I1K53+uhz9AAbl((s3*b`$g$d$=4{_fRq0V< zGUSS2knE|J)oN;}uA%>ErrLfd%5pOGN8tcd9hWpkQ899tIxCvhW&D;+eOaH=Rxx8A z)Yx<_n|{(@5jjx`Zt105a*;n+T<(!HD4q!3ZxLCJE}-S(qzVj)zq?552(bu-fs?{q zoS`bQM2wkh2q67k`qt;AYiDd)kPad_D@KR9dkB(NEt+KLLaynCqS^(6z?uYHS^be< zQk^isn25V96}C7K*)ZR)eK4py3TZfKc+h8z*==fJz#?nNdJI6{FQ^?GpY+7IJ=c)q z>NlV|?CNN@cL5?{>=qs)oVps@nn5k>Hpf7{#;oo(yUUqe1?j;T|G36NzL^yKh&nL4 zv>UbJ)>520A0J;sR6hAd)B(Ve8m@DIFo|W>Qjs)lkS}&xs-4O8v_Ixnx@2Zx0Kb`E zYxAt9^dCFZ2=o2xBDO2pJ@RzFH>wSvp{P4U9rbDN0|Nw0sZj_Wnh!~V5MRDs<_x0` zL%R~?!^Q<0D+?v)Qrbeekbh@}^*r7li65;U>hD7;?fv_E7nytqBE|$_o|lJ*N8rqK zX;%R!j>7}_xC$r~LsxDkwbnRNb!)WFNOEvZ1-_;1$z?<|MmK(oz>}{$$bir!Brs_V5{53$Jy%P$mr(n z=JJOf${vvrhgawP)$r49DDN}u>LTxL0M+q& zoyTS3FQ?EJc`fw<-&$Y)VHgJm_JM$@U88s%G4bjkLw}sDaG?(bcGb(YhAH#22wOGp{sif&Q*o+WL-O z3S4Xlg(FyOq^2c83KHBmp@PdzyL357SECb7OR%HgQa1$b#eDOmbtN}j*04Q%{}|#s z3EMR7_jeA>9}TKRle$m62%KFE`ibI}=x3Mq;^xz{dyI6jn_1o>rJOo6EjD5N`K#%%;SJ$yk0SLz@!8foUM_XP(@Py0}(Mnvy+@hMxt^)n5 z41v1JJ!^%%&Jn3pYLY7yPVsOOUAlg0Jp$T zB7&fxwVvtJH^cXvHXZE7dvtNf^e?&Bq`Zp^?81fC-Z_TwIWL16i9&y(Nu(mllt2{I zLYCHpm9v0UCbT-tcRslpM0*a?>P3K3)lH1U<=HumNA`IjN)sox=qGAUOZ{>SlnO0~ zO!!%B(uwExq1AjKn?X~^Zru{f3G9ITYjWPhyofv?4bHLG}uJVc|D5jj#)Pa@z$(-?tDsyA%8=q8FN7|3yf2zP^xUS3%t|T;$1%L;5SqP=@ zBqZ5Fw2?2>vwLkf&50(w!A9UKCCa$p&56936BeYP8orf(LBR%^*))YF%;YaW1?Vh= zN(%((795}~tl5ea#q&o46sE#_E1(yohTaCcHG`WM@w*c%HKFXBL6UvKxnGMBw^6xs znS<46Yr&hje9J`t`R1e?nCGyTR~Nks@EyDIILfJ<^crh+=PHhn7lv~7_Eu2aI5SFz z@xT%L9O%|-IWxt-N~~0a@^bD@_VMA~E(7oEmpk%h7$EugdUT)y@#%!NjjO4f0p)45 z1CMLCETBDdtuUbdiNz^)X$i_*#Vlh>rkaNRLL+4?gN@?U9Y}+YBjiH^xt2+1I3gbh zdCO{M_B&B;3JX#_NHzFdKv*6Ltuz(=V3YA0W^i*%=hoKoBV>mUgF`04ry7B9e1$sR zw)4bwvZ&)Nqz9%^apG^&Ar5y(5nWX@*OB-*b7@Fj&DXL0_215I#=>udpO~^XIzPyq& zeh#;j-`7b=+>+2O@|m4y zE|EA$MwSe{468)zmnfC|jV zfG131{IuDp$`TP|%GyKA*UQk>6@%gvH``;aXovbsLZ( z)A!_;yzkN_M~GL#C+6O^|_)+0h|bHY?#~X?0ggdG!LS%cIjmZYj;Q zY=!d$%yjT=SIf&L^4vSR&IpJ?&%(KQz_->?;wDDNC#}*8oM=5LYaA!T0KbbKL=s1d zk`%dq+l`;)>F9Sif^0myy23BaQbt|wK30FEyS?9X~Wgj(D||t-e)a14q20gR9m20r5=S=*<4N&z!CI1Fd5lL z6l+8($S0_ot-7>o)vUtCSFCE@+2Zj5PKMecDrvN2pPD=(bqgpE#WJ+G=9@%u%;u-v zswqGsT2m=O;8eIjK2tOkuY;m3d8-#(CS;z3vD!Nrx_+Z zV}?a3QgA$MwjvPc589bby&f{D{{5)JHd?+@Ut8O1f9-~jEE*CIF0*EjZKmTJPNJ#(3 zLf9QyRO~EHkjio7V6Wl&gc0fLhCjcE_ICpVipWC$3|r#V`JUK%Z=P5)f~psm)<(@x z_=c;RNi$walj2=Dl1R;_c1 zx*tRs_cu;-mOpP~EYj&bx|T#IZ|EHzZVdp|n?=A0%3v84^}EeP2zdw-xsSuB@RG7E zaJRyU9^V90WuLcdzuED%P5zqmLDKOMkcFSXPgDjW{E-4c$$Gnv(+0qj4r96|}d!YEH$&^jub(5vwEN}J#?>4CV{ zNCs;;Dtv6bi}bK+WkX@LUpRV;xfh!t-o@4A;USdqzK%x13h$z$z0Fh7aEJZ|9-m7t z_KDFW*v-5icnj?n2dc15s4}pjQ_wl#&TC}LG31jI=}-8cQH6NoIZv55_+76I`-aR+ zk@)Qw-&2S-aZGjOQ$TYHD3>Reaaei?iC3knD?rh}S@iu6+a}zg6zLWWG0tta-io#9 zqcI0TVTfgHE(AFAd;RyCubsS?>hESfC&c5yE(y;Xz#=Qjx^zAgJ_7e`s7GY7byWIZ zL=@bXf26fN;0_HnWK%(WX|Uo#)f`i-lvc?UM`5Ga-vwf8d@gOqriBZ7%TR+jDMBRw zr_^5kRS>rQZ4gx{Ufxko1-7UXsuA|}+l;>uz+|RlxG3f6hcO25a(+VZlb!Q94HA;Ov-wrdQ>*C+xlAWUj#U+!MLKf8daZ_Z_XZzzUq zN)%V$O5yIsL1+zd{ZKcfiTwUzUvNI zxe-L`gqmQ0uSR6&rWjZjFv2`j5eUi?21yJ2S7pbkSR!hpqHd9Q8W{oXf-xV$ei>ngqy|r3plNa9d19$b4E0}EH-lCj3I|@}skbLp#pteV6b2@==RZo(3ps{u0mC)j zrr%zT%DBaW&v94kbC&op5%%cdmg={W$Xgq}ioPSHWz63mdxn%w>g(7o_&!c2hko0L z2Pvhq>sWqHSAK?;XX{i;A`hGrLS7nFkWP0@FLK2yVBhMsfr`lKUaC{{BnT8nvNA;3 zU3ADvRZyzhs|x`(9F#38`f_@mfL8|0V)hg5#_b2rl448gjMOg@Z2E@gZjXCumY*k) zdHtD|)WKr@)1;P!kfaL>Si7~>R35&eQpJ_pJr!1oVts#AtMM%{lRYgeMsO+W<08E>1dw*mpBWP2X%vwPX zHARJ!=;rVln4YUv0<)IvUt_%1OuJImH0?=$E}p&a4U@$Vb1`NrwmKyB5o}=`=lL)*agk}@>LM*U+*t| zEIp56k-KS!OzPZnwS%Bm-E)j&ao~j)_r_~%hdZk4cF8@q1!Ca z-U-A{$u=n^0S2~Fq|H4}nf_ZGRL;6qI%R~Y0G$xDQHoPVNHcfRAZ-z^a8t;$T49X;by`8Koa1gyJLmQz=BmJz;8pOqDR|j0cvC zC$rzBMBvcgYU0jnrOul|M2*-tPdzO5lDMc+@5Wl6X3bm!ydPgItECxo0LZLaMQVxl z-3X&e+iB%a5LQuJaB_C&1@5MZ>Cd^EjDdLu*Nl7r>)e$ zD?0T(ggoVcICO^(w*SMS$4M*meQVSH*$1)G-hPluMW5BMHtSx?NYr5k^x^fLaQX!Bq9&O=2xou_*btux&oVcTiIimg7T%#N zq4UVF8)+`V*Fxr2r&BN2K5X1T7vK?swO6OTB4I%r{f71Nq6GU8BFF(M{pYJmV=Hsnx9L0IOL&`m@J&&5h|$w1cm{pVD( z5junAL+b1abRpSB%6vvaI_ZWaGd=I%pRPD3d{ca1Q;VbV*`w?}OP+rix~tzUdvZ+O z1E`GV>EKb?C{t{ABvoDCN=GIVaqQmC3P4m?jW$6M5P&_Ik+g$ zcHjg!zjko+5Na-$9c}y>8Z()Ole70~l(+U$6N>&aWn|Gbfw}YDbVAm~G22`L2hZPc zy;HS8jSEOIOMfE5VOS51^65@o#MMX3htbyLd^JCnv}+|Qa(_A%17*gxV81YGZOB0c5LGGN!2m7zeAQxcj?Y+&l6)meU=oWlo0+m*BInU8nI11jjQu zl9)dF_{7_W$8s8#eYAw7F@IyBwWI$8%%VC_gO-_R=~6wy3Q-=KXg;}-O%#c;-yktU zJ`dql8%}s*7A~f-9ciX2a~abX{u&1}l&g4=oS(QLFk91HvNO;ug-#&-74&nrjT zRXl^4@kC30!9;520pF3`H6)FZ~rMUJAFEj|dSpSU%{Em+>j3)0NYf zeok)&OzJK!3}X_9AZM9Es&1)nM5sL7o}d4E0Q|Vmcf|Q>PwZ3RoeM1v6c)Mi-}I=tSEf`$ATr9?O77AI>N0>|LT5U01{S*JovkHq$Wp@*dvv z;6~xbu%9>nuY<0?K2~kgj`9q9yWdbUDRgC^=FJ$7p4=|Fv`%6|q&2jY;4rpQPAuY^ zFboedV@7NT@>T0ZS!Q}tSjJMOBvgEWyn3y4iBHfsP889jmZVB+15Zg-YqQ?>Gmo#_ z@0&SGmo0KJpTY;09ebAlp?MrvVnt{oOcl|Di{qh6V}HrZZUCMq=IeDF!o;+yhx*=k zI(6+n04iHY+)@`r&g*HTI?Do>JVsK*gtDnH$s-cxV|&T0ojKd-2VtndOSTtE8S#e& zlAG^sPedNlF<_s;(Qvb8n9dU#4dc{rjfS|MK`eF-4GOAQ)&Xa(=)Uf#Mk^7}9UvBd zlU{!wDt_R&C&-F?usfD=XXX{AW*4--=^`BbZDeIwkB$wPdlqn*!0z$^0192@iQ?-> zOq7Dur8Ed7iy=$56k@7@e5kN?d$4tWd=81Ykh0B#SGh4DU4md;Bdm}ljvohOf%jhY zFZ1K@iu{NQT;fNl^r+cx|1pk&-Xh}1Xo$Dzc&|eD;^o&&9PL zA4}w$B4I4prs4-9h@frn2tO*SVsE9sZCON*6{1xY&uwIi`ww|ZfTDQA6e|*Jvd|y* z)WqbTPc#oRH)Sh#W0`(GnM0Nh(MK+;i*SV4z%NrwVfvkR>BS-RUQMIG}YFfU8l2>(5SS`!Xc=|jC zEBDa^8$VjPMn=e}GVP^ZJl7B-8X=a(O>Ji5V?B35fXs25c_`AwC>x5%eJ^8YhP9%*uj6 zxDvIbfV8y=w`a$OqT9Wjt;e4adAo*S8F+~vWq<4FWi&{If{q?sQhNKvt=6Vb(h(qr zq%GT>zKa=tC0$8Ao>5R#Y>ZKMam;_RJ`+`W7{zrj6B5z0oH`&hi6EJ;>W$RDiXO5#_*fV zMOi3N1{QYxg?f9gWyKpcHf+8^_fYI+@YIb|Pbc~aSJ8`#9Flen^S5J4AhUzdk%j8FHB?l0jLcMuR zQK_SjrdXe&Ff#vRm+pHcf1=NDO12bX`-oBB`dKeL)RkDi4vv=PI@iJ8;OOG44}a z8^1|DdE}3~o0AhjJX4(}FjVI;3Wz;~f=|w9&?i*g2uZrX4+Vt2K{V$J)Nv&>QWM)f zM|k-k4{X_d-%JV{XO~wY&_1ZJQEX0pj#_bt8gPfp;NZiPnXR?ZzMz>3AT)FIw@S0U_*d908_SuI zgVWJrzfy|&NgZ9wM>XBjf2f(6$tLphkN}4`egLP8*>uBHC2OmtTTvb(I z&=2ra~|GP;ISiEw%%O4+Vw@A@h(;@x}#UJii zbNG82jvy!F#OP^@_Nr@wS(fw2Rl25x=^6;vyYrofJ;0M}(Y zv3kJ{G)>Z>WD1sKit69yB4XoZKSF)32!tpM<%H=8nWs$fIaO;*xc%m+u)2 zj}i?NM_w59Qu2GsXGV)8+O>YpFgA#zSsFC;N_+^(gHDEWp!yDBd8e5xX64mZ2pf-U zRQFvCmrwyaQVAk{l2(4@LpEZwrVB4IJmkx$IAde>UYP1-H9Hz z2uaB(|I}fSgsEyPOmV)8)e%Cl+%k!@fz;*ZQ(N_miFt9&+v{R*K5alTZFKp(fV!0O z57YhviW??&FeNr*W)fyXraBNICAgAbs5O#@IaG9sI_55$Whu5(4zt8|_MD&R8bX$L zKn3ET6`R7uF<*ObN(a0Mksb&e2E1-%${MCWyDbC`xS<3&(z56J{OYV7M0uOcm@Wkr z8j5-%9F3_`r$&hqc807}$Ws>h%4c`R#6m8h3T=OOOtnA3D=6E_2XC%^@e0Z0&5d#3 zW>=B@@xEwxrz43i*dk1BqD3qpL(k+AK$AfsVgg}E^j!jjDWgNORx-KnT zns+&G_GbS3DXO#50807qV+3eO{Kc^RDG}mi!L;o#+3iD^rmW3HeL zXGtE}_*{rE&rCZ%?((nK2|yUwpvpga-F!U0$`4P+%6evY%G8RgfcP0*TXq@+Amr8ub!$a2gOB<@|r*95f zt58>F25MTdS$*ARsw2MZDEy{CGe2PT->?lh^V2p15$wGYw=PSL-Aq0sWj70+j*fky`=ba?K=u^-fvkQ8wyt5umVBU4%jM&vbVPnc@#_6H%M$u` zLsb8c1eKo=lEtB(6V5l7C6Qj?W0?pQaUakBd%AypTxsIPRrZm!#4{x$v&A8=tZwxBLnt;y$FOe6~t#|Bx`JIg@@)YkDaC%(ugmg%*(mfyqq z+8bzwU+Rn*n@L4fJYMcYl(3U_own|wigX*R@7%=4Zqo5UrME=zonYwQ4d^cUG3~uK zaK{q!|HU7Uoe+g$av~D`=MXT6$`zYSFr1T57>94+2qX@^2ZszwePP=1N5nsx_9LJ6 ztAfKVh8JrfV~Vxy0*5U1^<%g;&~^J}JKe^E6fK=J)SVehUuttn5 zOM*Oz^TA{v+L5r>5xFRs)*3Ze;~b~P!>7RDR!VeR`j9vj3~l|2+lgV%We2iA9d>y48jh2 z!iMfvShta0I&07l{yd4$%nquKNRTs^P0DXS+i!qe@+4jKSgM5c4xAcYtR+P{O{}Gw zh*NcrAsy`@`pUdz7#(f#yM`fW_*%FWX8}>^P5eg551|^^%yq=dqwR3SN_AXd<&Vzz zG$`804W~l%OzMFXVmND>+6hp)C&Hr6bYHArhmSJ_nJJvmnJ7U!v&V0ITwO7fm%`l0 znJA*XZvLZXNlx1$THAr{;av*mB&3bt6kPg$z$ubIDavhg#q41$8SrUmdQi(k$miwA z(jleVrFpVN+`d9c8i2O)6dhIIxN5CoDWKMOQZXdo-PmYX=BCBiUP6#Qo_cI$Q^zO7 z<(P3Po}lhtJAvLLH$?QVqx0W6ed{H&gSfA^wa}kYdcl3BVEBragT?02v}F3R*VDc6 zD#m$t1NrgruNuQxoQkaqWbP(686TR1rfj-DMA+{|?4 zPM2ph$sZEdfx;){bn#lc6%9me@y(Gq7uhLH>kMf=o2IVi@{@me^4|J4k^qUTbqobD zyUqz(Z~sO%W@=h!TV;eK_OdM5;*E3%l?XF5-PnF0;E7e`Anzq+lU|)dMHd8AX`<6AA3M=@x%&@!3x#y zD|t0IO?`v7{`&L2DTjd8wAj!bY99eoLu`c3fj;Urqgq#18<(%d9-j#<@mb#@^9L3x z5GaHM-3V96myMLdG#ZO*Nf=be%$1orY``^M7WT{d@$vE4GiYitq{7Ss^9g&FlY)=G zA#?N}%A1@y9zs zSrp$!_74XMIG$>GnKLw@?46IEKfK)^0C~?|N zh{Tzv__*DWBdhP%=(GV1Q;*{V57Xdg)?Od@(*mi|?$9z`KUo^na^2x>*>WwTRX354 z5}yId1F}?=TaG0DMoe~lhy?jscYTX>C)RY!QQ`*QJpGdOoRD#AOJ)AH#Joyi`1{_HJzfjE zzIY;UMEh^EJ@USK9T{B`7b5!i_jsfd*5aERxqA`Jvv@6gJis2n%KAy}02O2VgKsC7 zuK0^}a-V<(m!M$J4LGRnJc00yyiBa zpo)>KM87Y_V{Mk{1B{b5VmG4rt#Un22IKYktlrOGujWGNSctFa-d|GVN67tPI77Cpu#Zi<~7W{E=yhh zH97LODtx?NJ@z&%cpPE6<71qAH9o)du`PIfH930Ul(~HT`W+Na2S2UwC6cKJP(4)lWxh>6@v7 zBX=h0DM0(|`t0vFduor)>;f}HU2~gXk{?azy!_*{%urQd50U$LXwvZbXvF3P(#+mA zIZxj@C1n*w%-q&XOwE0L`b*2pPcJqVBkJL!J?7nN3v5<+#A;W3G^?C{Z0p@6x`7lloYg-o~g&w*y$#s1<+E_nOjq*VJ2cZtp0VsLaNhsr$;7R>YtU6 z=u0riy%C2)Gf|eeh1H1BA}*WF`Wq}p%ZF9^*9Z_VtR16?K1c^OWDM}Vs0d|f?LjZsG)3;OP^RP%uod7Pa5`c2*zfw;%B*A(ARKL4 zyk7M~X)%h$0lHoj>L_)t8RMUkS4MqT=ksa$C(>7&Fc>;GItT~|G>A&%RJ`VZ5aQQa ayBEK5R;CpMgugPrbbu97r~m5?kpBfyLAk;J diff --git a/Solutions/BitSight/Package/mainTemplate.json b/Solutions/BitSight/Package/mainTemplate.json index 8e1e9f8afc0..703d67032af 100644 --- a/Solutions/BitSight/Package/mainTemplate.json +++ b/Solutions/BitSight/Package/mainTemplate.json @@ -405,12 +405,12 @@ "aggregationKind": "AlertPerResult" }, "customDetails": { - "CompanyName": "CompanyName", - "CompanyRating": "Rating" + "CompanyRating": "Rating", + "CompanyName": "CompanyName" }, "alertDetailsOverride": { - "alertDisplayNameFormat": "BitSight : Alert for >10% drop in ratings of {{CompanyName}}.", - "alertDescriptionFormat": "Alert is generated for {{CompanyName}}.\\n\\nRating Date: {{RatingDate}}\\nPercentage Drop: {{percentage}}%" + "alertDescriptionFormat": "Alert is generated for {{CompanyName}}.\\n\\nRating Date: {{RatingDate}}\\nPercentage Drop: {{percentage}}%", + "alertDisplayNameFormat": "BitSight : Alert for >10% drop in ratings of {{CompanyName}}." }, "incidentConfiguration": { "createIncident": false @@ -512,13 +512,13 @@ ], "entityMappings": [ { + "entityType": "URL", "fieldMappings": [ { "columnName": "CompanyURL", "identifier": "Url" } - ], - "entityType": "URL" + ] } ], "eventGroupingSettings": { @@ -526,8 +526,8 @@ }, "alertDetailsOverride": { "alertSeverityColumnName": "Severity", - "alertDisplayNameFormat": "BitSight: Alert for {{Trigger}} in {{CompanyName}} from bitsight.", - "alertDescriptionFormat": "Alert generated on {{AlertDate}} in BitSight.\\n\\nCompany URL: {{CompanyURL}}\\nAlert GUID: {{GUID}}" + "alertDescriptionFormat": "Alert generated on {{AlertDate}} in BitSight.\\n\\nCompany URL: {{CompanyURL}}\\nAlert GUID: {{GUID}}", + "alertDisplayNameFormat": "BitSight: Alert for {{Trigger}} in {{CompanyName}} from bitsight." }, "incidentConfiguration": { "createIncident": false @@ -627,6 +627,7 @@ ], "entityMappings": [ { + "entityType": "Malware", "fieldMappings": [ { "columnName": "RiskVector", @@ -636,8 +637,7 @@ "columnName": "RiskCategory", "identifier": "Category" } - ], - "entityType": "Malware" + ] } ], "eventGroupingSettings": { @@ -645,8 +645,8 @@ }, "alertDetailsOverride": { "alertSeverityColumnName": "Severity", - "alertDisplayNameFormat": "BitSight: Alert for {{RiskVector}} in {{CompanyName}} from BitSight", - "alertDescriptionFormat": "Alert is generated for {{CompanyName}}.\\n\\nRisk Vector: {{RiskVector}}\\nTemporaryId: {{TemporaryId}}\\nRisk Category: Compromised Systems" + "alertDescriptionFormat": "Alert is generated for {{CompanyName}}.\\n\\nRisk Vector: {{RiskVector}}\\nTemporaryId: {{TemporaryId}}\\nRisk Category: Compromised Systems", + "alertDisplayNameFormat": "BitSight: Alert for {{RiskVector}} in {{CompanyName}} from BitSight" }, "incidentConfiguration": { "createIncident": true @@ -751,6 +751,7 @@ ], "entityMappings": [ { + "entityType": "Malware", "fieldMappings": [ { "columnName": "RiskVector", @@ -760,8 +761,7 @@ "columnName": "RiskCategory", "identifier": "Category" } - ], - "entityType": "Malware" + ] } ], "eventGroupingSettings": { @@ -769,8 +769,8 @@ }, "alertDetailsOverride": { "alertSeverityColumnName": "Severity", - "alertDisplayNameFormat": "BitSight: Alert for {{RiskVector}} in {{CompanyName}} from BitSight", - "alertDescriptionFormat": "Alert is generated for {{CompanyName}}.\\n\\nRisk Vector: {{RiskVector}}\\nTemporaryId: {{TemporaryId}}\\nRisk Category: Diligence" + "alertDescriptionFormat": "Alert is generated for {{CompanyName}}.\\n\\nRisk Vector: {{RiskVector}}\\nTemporaryId: {{TemporaryId}}\\nRisk Category: Diligence", + "alertDisplayNameFormat": "BitSight: Alert for {{RiskVector}} in {{CompanyName}} from BitSight" }, "incidentConfiguration": { "createIncident": false @@ -874,12 +874,12 @@ "aggregationKind": "AlertPerResult" }, "customDetails": { - "CompanyName": "CompanyName", - "CompanyRating": "Rating" + "CompanyRating": "Rating", + "CompanyName": "CompanyName" }, "alertDetailsOverride": { - "alertDisplayNameFormat": "BitSight : Alert for drop in the headline rating of {{CompanyName}}.", - "alertDescriptionFormat": "Alert is generated for {{CompanyName}}.\\n\\nRating Date: {{RatingDate}}\\nRating Drop: {{RatingDifferance}}" + "alertDescriptionFormat": "Alert is generated for {{CompanyName}}.\\n\\nRating Date: {{RatingDate}}\\nRating Drop: {{RatingDifferance}}", + "alertDisplayNameFormat": "BitSight : Alert for drop in the headline rating of {{CompanyName}}." }, "incidentConfiguration": { "createIncident": false @@ -981,13 +981,13 @@ ], "entityMappings": [ { + "entityType": "URL", "fieldMappings": [ { "columnName": "PreviwURL", "identifier": "Url" } - ], - "entityType": "URL" + ] } ], "eventGroupingSettings": { @@ -995,8 +995,8 @@ }, "alertDetailsOverride": { "alertSeverityColumnName": "Severity", - "alertDisplayNameFormat": "BitSight: Alert for new breach in {{Companyname}}.", - "alertDescriptionFormat": "Alert is generated on {{DateCreated}} at BitSight.\\n\\nGUID: {{GUID}}\\nPreview URL: {{PreviwURL}}" + "alertDescriptionFormat": "Alert is generated on {{DateCreated}} at BitSight.\\n\\nGUID: {{GUID}}\\nPreview URL: {{PreviwURL}}", + "alertDisplayNameFormat": "BitSight: Alert for new breach in {{Companyname}}." }, "incidentConfiguration": { "createIncident": false @@ -3022,6 +3022,15 @@ "read": true, "delete": true } + }, + { + "provider": "Microsoft.OperationalInsights/workspaces/sharedKeys", + "permissionsDisplayText": "read permissions to shared keys for the workspace are required. [See the documentation to learn more about workspace keys](https://docs.microsoft.com/azure/azure-monitor/platform/agent-windows#obtain-workspace-id-and-key).", + "providerDisplayName": "Keys", + "scope": "Workspace", + "requiredPermissions": { + "action": true + } } ], "customs": [ @@ -3029,10 +3038,6 @@ "name": "Microsoft.Web/sites permissions", "description": "Read and write permissions to Azure Functions to create a Function App is required. [See the documentation to learn more about Azure Functions](https://docs.microsoft.com/azure/azure-functions/)." }, - { - "name": "Permission to assign a role to the registered application", - "description": "Permission to assign a role to the registered application in Microsoft Entra ID is required." - }, { "name": "REST API Credentials/permissions", "description": "BitSight API Token is required. See the documentation to [learn more](https://help.bitsighttech.com/hc/en-us/articles/115014888388-API-Token-Management) about API Token." @@ -3397,6 +3402,15 @@ "read": true, "delete": true } + }, + { + "provider": "Microsoft.OperationalInsights/workspaces/sharedKeys", + "permissionsDisplayText": "read permissions to shared keys for the workspace are required. [See the documentation to learn more about workspace keys](https://docs.microsoft.com/azure/azure-monitor/platform/agent-windows#obtain-workspace-id-and-key).", + "providerDisplayName": "Keys", + "scope": "Workspace", + "requiredPermissions": { + "action": true + } } ], "customs": [ @@ -3404,10 +3418,6 @@ "name": "Microsoft.Web/sites permissions", "description": "Read and write permissions to Azure Functions to create a Function App is required. [See the documentation to learn more about Azure Functions](https://docs.microsoft.com/azure/azure-functions/)." }, - { - "name": "Permission to assign a role to the registered application", - "description": "Permission to assign a role to the registered application in Microsoft Entra ID is required." - }, { "name": "REST API Credentials/permissions", "description": "BitSight API Token is required. See the documentation to [learn more](https://help.bitsighttech.com/hc/en-us/articles/115014888388-API-Token-Management) about API Token."