From 1edcc21ad6ccd85013f6f3e889ca8d9eb0d6044f Mon Sep 17 00:00:00 2001 From: Splunk Git Pusher Date: Thu, 12 Feb 2026 22:19:24 +0100 Subject: [PATCH] tests Pushed by: admin License: 61BF9B31-726 (Enterprise) Timestamp: 2026-02-12T22:19:24.545034 --- apps/Splunk_TA_linux/VERSION | 2 + apps/Splunk_TA_linux/app.manifest | 63 ++++ apps/Splunk_TA_linux/default/app.conf | 28 ++ apps/Splunk_TA_linux/default/eventtypes.conf | 76 +++++ apps/Splunk_TA_linux/default/props.conf | 284 ++++++++++++++++++ apps/Splunk_TA_linux/default/tags.conf | 90 ++++++ apps/Splunk_TA_linux/default/transforms.conf | 70 +++++ apps/Splunk_TA_linux/metadata/default.meta | 7 + apps/Splunk_TA_linux/static/appIcon.png | Bin 0 -> 3348 bytes apps/Splunk_TA_linux/static/appIconAlt.png | Bin 0 -> 3348 bytes apps/Splunk_TA_linux/static/appIconAlt_2x.png | Bin 0 -> 6738 bytes apps/Splunk_TA_linux/static/appIcon_2x.png | Bin 0 -> 6738 bytes 12 files changed, 620 insertions(+) create mode 100755 apps/Splunk_TA_linux/VERSION create mode 100755 apps/Splunk_TA_linux/app.manifest create mode 100755 apps/Splunk_TA_linux/default/app.conf create mode 100755 apps/Splunk_TA_linux/default/eventtypes.conf create mode 100755 apps/Splunk_TA_linux/default/props.conf create mode 100755 apps/Splunk_TA_linux/default/tags.conf create mode 100755 apps/Splunk_TA_linux/default/transforms.conf create mode 100755 apps/Splunk_TA_linux/metadata/default.meta create mode 100755 apps/Splunk_TA_linux/static/appIcon.png create mode 100755 apps/Splunk_TA_linux/static/appIconAlt.png create mode 100755 apps/Splunk_TA_linux/static/appIconAlt_2x.png create mode 100755 apps/Splunk_TA_linux/static/appIcon_2x.png diff --git a/apps/Splunk_TA_linux/VERSION b/apps/Splunk_TA_linux/VERSION new file mode 100755 index 00000000..dd36387e --- /dev/null +++ b/apps/Splunk_TA_linux/VERSION @@ -0,0 +1,2 @@ +2.1.0 +2.1.0 \ No newline at end of file diff --git a/apps/Splunk_TA_linux/app.manifest b/apps/Splunk_TA_linux/app.manifest new file mode 100755 index 00000000..6d531f13 --- /dev/null +++ b/apps/Splunk_TA_linux/app.manifest @@ -0,0 +1,63 @@ +{ + "dependencies": null, + "incompatibleApps": null, + "info": { + "author": [ + { + "name": "Splunk", + "email": null, + "company": null + } + ], + "classification": { + "categories": [ + "IT Operations" + ], + "developmentStatus": "Production/Stable", + "intendedAudience": "IT" + }, + "commonInformationModels": { + "Alerts": "==5.0.1", + "Authentication": "==5.0.1", + "Change": "==5.0.1", + "Intrusion Detection": "==5.0.1" + }, + "description": "Splunk Add-on for Linux", + "id": { + "group": null, + "name": "Splunk_TA_linux", + "version": "2.1.0" + }, + "license": { + "name": "Splunk Software License Agreement", + "text": "LICENSES/LicenseRef-Splunk-8-2021.txt", + "uri": "http://www.splunk.com/view/SP-CAAAAFA" + }, + "privacyPolicy": { + "name": null, + "text": null, + "uri": null + }, + "releaseDate": null, + "releaseNotes": { + "name": "README", + "text": "./README.txt", + "uri": "https://docs.splunk.com/Documentation/AddOns/released/Linux/Releasenotes" + }, + "title": "Splunk Add-on for Linux" + }, + "inputGroups": null, + "platformRequirements": null, + "schemaVersion": "2.0.0", + "supportedDeployments": [ + "_standalone", + "_distributed", + "_search_head_clustering" + ], + "targetWorkloads": [ + "_search_heads", + "_indexers", + "_forwarders" + ], + "tasks": null +} \ No newline at end of file diff --git a/apps/Splunk_TA_linux/default/app.conf b/apps/Splunk_TA_linux/default/app.conf new file mode 100755 index 00000000..42a94915 --- /dev/null +++ b/apps/Splunk_TA_linux/default/app.conf @@ -0,0 +1,28 @@ +## +## SPDX-FileCopyrightText: 2021 Splunk, Inc. +## SPDX-License-Identifier: LicenseRef-Splunk-8-2021 +## +## + +[install] +is_configured = false +state = enabled +build = 1658326316 + +[launcher] +author = Splunk +version = 2.1.0 +description = Splunk Add-on for Linux + +[ui] +is_visible = false +label = Splunk Add-on for Linux +docs_section_override = AddOns:released + +[package] +id = Splunk_TA_linux + +[id] +name = Splunk_TA_linux +version = 2.1.0 + diff --git a/apps/Splunk_TA_linux/default/eventtypes.conf b/apps/Splunk_TA_linux/default/eventtypes.conf new file mode 100755 index 00000000..74bc89a9 --- /dev/null +++ b/apps/Splunk_TA_linux/default/eventtypes.conf @@ -0,0 +1,76 @@ +## +## SPDX-FileCopyrightText: 2021 Splunk, Inc. +## SPDX-License-Identifier: LicenseRef-Splunk-8-2021 +## +## +[linux_collectd_cpu] +search = (sourcetype=linux:collectd:graphite OR sourcetype=linux:collectd:http:json) linux_collectd_plugin=cpu +#tags = performance oshost cpu inventory + +[linux_collectd_memory] +search = (sourcetype=linux:collectd:graphite OR sourcetype=linux:collectd:http:json) linux_collectd_plugin=memory +#tags = performance oshost memory inventory + +[linux_collectd_swap] +search = (sourcetype=linux:collectd:graphite OR sourcetype=linux:collectd:http:json) linux_collectd_plugin=swap +#tags = performance oshost memory + +[linux_collectd_df] +search = (sourcetype=linux:collectd:graphite OR sourcetype=linux:collectd:http:json) linux_collectd_plugin=df +#tags = performance oshost storage inventory + +[linux_collectd_interface] +search = (sourcetype=linux:collectd:graphite OR sourcetype=linux:collectd:http:json) linux_collectd_plugin=interface +#tags = performance oshost network inventory + +[linux_collectd_disk] +search = (sourcetype=linux:collectd:graphite OR sourcetype=linux:collectd:http:json) linux_collectd_plugin=disk +#tags = performance oshost storage + +[linux_collectd_load] +search = (sourcetype=linux:collectd:graphite OR sourcetype=linux:collectd:http:json) linux_collectd_plugin=load +#tags = performance oshost + +[linux_collectd_processes] +search = (sourcetype=linux:collectd:graphite OR sourcetype=linux:collectd:http:json) linux_collectd_plugin=processes +#tags = performance oshost process cpu + +[linux_collectd_protocols] +search = (sourcetype=linux:collectd:graphite OR sourcetype=linux:collectd:http:json) linux_collectd_plugin=protocols +#tags = performance oshost + +[linux_collectd_irq] +search = (sourcetype=linux:collectd:graphite OR sourcetype=linux:collectd:http:json) linux_collectd_plugin=irq +#tags = performance oshost + +[linux_collectd_tcpconns] +search = (sourcetype=linux:collectd:graphite OR sourcetype=linux:collectd:http:json) linux_collectd_plugin=tcpconns +#tags = performance oshost network + +[linux_collectd_thermal] +search = (sourcetype=linux:collectd:graphite OR sourcetype=linux:collectd:http:json) linux_collectd_plugin=thermal +#tags = performance oshost + +[linux_collectd_uptime] +search = (sourcetype=linux:collectd:graphite OR sourcetype=linux:collectd:http:json) linux_collectd_plugin=uptime +#tags = performance oshost os + +[linux_audit_anomalies] +search = sourcetype=linux:audit type=ANOM_* +#tags = ids attack alert + +[linux_audit_account_change] +search = sourcetype=linux:audit type IN ("ADD_GROUP", "DEL_GROUP", "GRP_MGMT", "USER_ACCT", "ADD_USER", "DEL_USER", "USER_MGMT", "USER_CHAUTHTOK") +#tags = change account + +[linux_audit_authentication] +search = sourcetype=linux:audit type IN ("LOGIN", "USER_LOGIN", "USER_START", "CRED_ACQ") +#tags = authentication + +[linux_audit_endpoint] +search = sourcetype=linux:audit (type=USER_CMD) +#tags = process report + +[linux_audit_endpoint_services] +search = sourcetype=linux:audit type IN ("SERVICE_START", "SERVICE_STOP") +#tags = service report diff --git a/apps/Splunk_TA_linux/default/props.conf b/apps/Splunk_TA_linux/default/props.conf new file mode 100755 index 00000000..a43affd5 --- /dev/null +++ b/apps/Splunk_TA_linux/default/props.conf @@ -0,0 +1,284 @@ +## +## SPDX-FileCopyrightText: 2021 Splunk, Inc. +## SPDX-License-Identifier: LicenseRef-Splunk-8-2021 +## +## +[linux:collectd:graphite] +category = Operating System +description = Metrics collected from linux host using collectd-write_graphite plugin +pulldown_type = true +# Load balancing on UF +EVENT_BREAKER_ENABLE = true +SHOULD_LINEMERGE = false +KV_MODE = none +TIME_PREFIX = \S+\s+\S+\s+ +TIME_FORMAT = %s.%3N +MAX_TIMESTAMP_LOOKAHEAD = 12 + +EXTRACT-KVFORLINUX = ^[^\.]+[^\.\n]*\.[^\.]+\.(?<_KEY_1>\S+)\s+(?<_VAL_1>\S+) + + +EXTRACT-collectd_data = ^(?[^.\s]+)\.(?[^.\s]+)\.(?P\S+)\s+(?P\S+)\s+(?\S+) +EXTRACT-plugin_info = (?[^\-]\w+)-*(?.*) in object +EXTRACT-metric_type = (?[^\-\.]\w+)-*(?[^\.]\w+)?\.* in metric + +FIELDALIAS-linux_collectd_plugin = linux_collectd_plugin AS plugin +EVAL-dsname = mvindex(split(metric, "."),1) +FIELDALIAS-linux_host = collectd_host as host +FIELDALIAS-linux_dest = collectd_host as dest + +## HOST_OS Model.Performance.Memory +EVAL-mem_free = if(isnotnull(memory_free_value), memory_free_value/1024/1024, null()) +EVAL-mem_used = if(isnotnull(memory_used_value), memory_used_value/1024/1024, null()) +EVAL-swap_used = if(isnotnull(swap_used_value), swap_used_value/1024/1024, null()) +EVAL-swap_free = if(isnotnull(swap_free_value), swap_free_value/1024/1024, null()) +EVAL-swap_percent = if(plugin=="swap" and isnotnull(percent_used_value), percent_used_value, null()) + +## HOST_OS Model.Performance.Storage +EVAL-storage_free = if(isnotnull(df_complex_free_value), df_complex_free_value/1024/1024, null()) +EVAL-storage_used = if(isnotnull(df_complex_used_value), df_complex_used_value/1024/1024, null()) + +## HOST_OS Model.Performance.Network +EVAL-interface = if(plugin=="interface" and isnotnull(plugin_instance), plugin_instance, null()) +EVAL-bytes_in = if(plugin=="interface" and isnotnull(if_octets_rx), if(isnum(if_octets_rx), if_octets_rx, 0), null()) +EVAL-bytes_out = if(plugin=="interface" and isnotnull(if_octets_tx), if(isnum(if_octets_tx), if_octets_tx, 0), null()) + +## HOST_OS Model.Inventory.Machine Information + +## HOST_OS Model.Inventory.Storage Information +EVAL-mount = if((plugin=="df" OR plugin=="disk") and isnotnull(plugin_instance), plugin_instance, null()) + +## HOST_OS Model.Performance.CPU +FIELDALIAS-cpu_interrupts = cpu_interrupt_value AS cpu_interrupts +FIELDALIAS-cpu_load_percent = cpu_system_value AS cpu_load_percent +FIELDALIAS-cpu_time = ps_cputime_syst AS cpu_time +FIELDALIAS-cpu_user_percent = cpu_user_value AS cpu_user_percent + +## HOST_OS Model.Performance.Memory +FIELDALIAS-mem_free_percent = percent_free_value AS mem_free_percent +FIELDALIAS-mem_used_percent = percent_used_value AS mem_used_percent + +## HOST_OS Model.Performance.Storage +FIELDALIAS-read_ops = disk_ops_read AS read_ops +FIELDALIAS-storage_free_percent = percent_bytes_free_value AS storage_free_percent +FIELDALIAS-storage_used_percent = percent_bytes_used_value AS storage_used_percent +FIELDALIAS-write_ops = disk_ops_write AS write_ops + +## HOST_OS Model.Performance.Network +FIELDALIAS-packets_in = if_packets_rx AS packets_in +FIELDALIAS-packets_out = if_packets_tx AS packets_out + +## HOST_OS Model.Performance.OS +FIELDALIAS-uptime = uptime_value AS uptime + +## HOST_OS Model.Inventory.Storage Information + +## HOST_OS Model.Inventory.Network Information + +[linux:collectd:http:json] +category = Operating System +description = Metrics collected from linux host using collectd-write_http plugin in json +pulldown_type = true +# Load balancing on UF +EVENT_BREAKER_ENABLE = true +EVENT_BREAKER = ([\[|\,]){\"values\": +SHOULD_LINEMERGE = false +LINE_BREAKER = ([\[|\,]){\"values\": +SEDCMD-remove_tail = s/\}]$/}/ +KV_MODE = json +TIME_PREFIX = "time":\s* +TIME_FORMAT = %s.%3N + +TRANSFORMS-linux_one_fields = http_one_item_field, http_one_item_field_no_type_instance +TRANSFORMS-linux_two_fields = http_two_item_fields, http_two_item_fields_no_type_instance +TRANSFORMS-linux_three_fields = http_three_item_fields, http_three_item_fields_no_type_instance + +EXTRACT-linux_collectd_host = \s*"host":\s*(?:"|)(?[^"]*)(?:"|) +EXTRACT-linux_collectd_http_plugin = "plugin":\s*(?:"|)(?[^"]+)(?:"|),\s*"plugin_instance": + +FIELDALIAS-dsnames = dsnames{} as dsname +FIELDALIAS-linux_value = values{} as value +FIELDALIAS-linux_host = collectd_host as host +FIELDALIAS-linux_dest = collectd_host as dest + +## HOST_OS Model.Performance.CPU +FIELDALIAS-linux_cpu_interrupts = cpu_interrupt_value as cpu_interrupts +FIELDALIAS-linux_load_percent = cpu_system_value as cpu_load_percent +FIELDALIAS-linux_cpu_time = ps_cputime_syst as cpu_time +FIELDALIAS-linux_cpu_user_percent = cpu_user_value as cpu_user_percent +FIELDALIAS-system_threads_count = ps_count_threads as system_threads_count + +## HOST_OS Model.Performance.Memory +FIELDALIAS-linux_mem_free_percent = percent_free_value as mem_free_percent +FIELDALIAS-linux_mem_used_percent = percent_used_value as mem_used_percent + +EVAL-mem_free = if(isnotnull(memory_free_value), memory_free_value/1024/1024, null()) +EVAL-mem_used = if(isnotnull(memory_used_value), memory_used_value/1024/1024, null()) +EVAL-swap_used = if(isnotnull(swap_used_value), swap_used_value/1024/1024, null()) +EVAL-swap_free = if(isnotnull(swap_free_value), swap_free_value/1024/1024, null()) +EVAL-swap_percent = if(plugin=="swap" and isnotnull(percent_used_value), percent_used_value, null()) + +## HOST_OS Model.Performance.Storage +FIELDALIAS-linux_read_ops = disk_ops_read as read_ops +FIELDALIAS-linux_write_ops = disk_ops_write as write_ops +EVAL-mount = if((plugin=="df" OR plugin=="disk") and isnotnull(plugin_instance), plugin_instance, null()) + +EVAL-storage_free = if(isnotnull(df_complex_free_value), df_complex_free_value/1024/1024, null()) +EVAL-storage_free_percent = percent_bytes_free_value +EVAL-storage_used = if(isnotnull(df_complex_used_value), df_complex_used_value/1024/1024, null()) +EVAL-storage_used_percent = percent_bytes_used_value +EVAL-total_ops = disk_ops_read + disk_ops_write + +## HOST_OS Model.Performance.Network +FIELDALIAS-linux_packets_in = if_packets_rx as packets_in +FIELDALIAS-linux_packets_out = if_packets_tx as packets_out + +EVAL-interface = if(plugin=="interface" and isnotnull(plugin_instance), plugin_instance, null()) +EVAL-bytes_in = if(plugin=="interface" and isnotnull(if_octets_rx), if(isnum(if_octets_rx), if_octets_rx, 0), null()) +EVAL-bytes_out = if(plugin=="interface" and isnotnull(if_octets_tx), if(isnum(if_octets_tx), if_octets_tx, 0), null()) +EVAL-bytes = if(plugin=="interface" and isnotnull(if_octets_rx) and isnotnull(if_octets_tx), if(isnum(if_octets_rx), if_octets_rx, 0) + if(isnum(if_octets_tx), if_octets_tx, 0), null()) +EVAL-packets = packets_in + packets_out + +## HOST_OS Model.Performance.OS +FIELDALIAS-linux_uptime = uptime_value as uptime + +[linux:collectd:http:metrics] +category = Operating System +description = Metrics collected from linux host using collectd-write_http plugin for metrics index +# Load balancing on UF +EVENT_BREAKER_ENABLE = true +SHOULD_LINEMERGE = false + +## uncomment METRICS_PROTOCOL property if you want to collect metrics data in metrics index +#METRICS_PROTOCOL = COLLECTD_HTTP +KV_MODE = json +TIME_PREFIX = "time":\s* +TIME_FORMAT = %s.%3N + +# uncomment below stanza if you are collecting data using syslog server with sourcetype syslog +#[syslog] +#TRANSFORMS-linux_syslog = linux_syslog_audit + +[source::.../var/log/audit/audit.log(.\d+)?] +sourcetype = linux:audit + +[linux:audit] +category = Operating System +description = Audit events from linux host using monitoring audit logs +# Load balancing on UF +EVENT_BREAKER_ENABLE = true +SHOULD_LINEMERGE = false +TIME_PREFIX = msg=audit\( +TIME_FORMAT = %s.%3N +MAX_TIMESTAMP_LOOKAHEAD = 12 +FIELDALIAS-subj = subj AS subject +FIELDALIAS-obj = obj AS object +REPORT-event_id = event_id +REPORT-op = op +REPORT-subject = subject +REPORT-object = object +REPORT-res = res + +EVAL-vendor_product = "Linux Audit" +FIELDALIAS-host = host AS dest + +# DM Endpoint.Processes +EVAL-process = if(type=="USER_CMD" AND isnotnull(cmd), if(match(cmd,"^[0-9A-F]+$"),urldecode(replace(cmd,"([0-9A-F]{2})","%\1")),cmd), null()) +EVAL-process_current_directory = if(type=="USER_CMD" AND isnotnull(cwd), cwd, null()) +EVAL-process_path = mvindex(split(if(match(cmd,"^[0-9A-F]+$"),urldecode(replace(cmd,"([0-9A-F]{2})","%\1")),cmd)," "),0) +EVAL-process_exec = mvindex(split(if(match(cmd,"^[0-9A-F]+$"),urldecode(replace(cmd,"([0-9A-F]{2})","%\1")),cmd)," "),0) +EVAL-process_name = mvindex(split(mvindex(split(if(match(cmd,"^[0-9A-F]+$"),urldecode(replace(cmd,"([0-9A-F]{2})","%\1")),cmd)," "),0),"/"),-1) + +# DM Endpoint.Services +EVAL-service = if(type IN ("SERVICE_START", "SERVICE_STOP") AND isnotnull(unit), unit, null()) +EVAL-service_name = if(type IN ("SERVICE_START", "SERVICE_STOP") AND isnotnull(unit), unit, null()) + + +# # DM Authentication:Authentication +EVAL-src = if(type IN ("LOGIN", "USER_LOGIN", "USER_START", "CRED_ACQ"),case(isnotnull(hostname) AND hostname!="?", hostname,isnotnull(addr) AND addr!="?", addr), null()) +EVAL-src_ip = if(type IN ("LOGIN", "USER_LOGIN", "USER_START", "CRED_ACQ") AND isnotnull(addr) AND addr!="?", addr, null()) +EVAL-signature = if(type IN ("LOGIN", "USER_LOGIN", "USER_START", "CRED_ACQ"), type, null()) +EVAL-signature_id = if(type IN ("LOGIN", "USER_LOGIN", "USER_START", "CRED_ACQ") AND isnotnull(event_id), event_id, null()) +EVAL-app = if(type IN ("LOGIN", "USER_LOGIN", "USER_START", "CRED_ACQ") AND isnotnull(exe), exe, null()) +EVAL-reason = if(type IN ("USER_LOGIN") AND isnotnull(acct) AND match(acct,"^[0-9A-F]+$"), mvindex(split(mvindex(split(urldecode(replace(acct,"([0-9A-F]{2})","%\1")),"("),1),")"),0), null()) +EVAL-src_user_id = if(type IN ("USER_START") AND isnotnull(auid), auid, null()) + +# DM Change:Account_Management +EVAL-change_type = if(type IN ("ADD_GROUP", "DEL_GROUP", "GRP_MGMT", "USER_ACCT", "ADD_USER", "DEL_USER", "USER_MGMT", "USER_CHAUTHTOK"), "AAA", null()) +EVAL-command = if(type IN ("ADD_GROUP", "DEL_GROUP", "GRP_MGMT", "USER_ACCT", "ADD_USER", "DEL_USER", "USER_MGMT", "USER_CHAUTHTOK") AND isnotnull(exe), exe, null()) +EVAL-dvc = if(type IN ("ADD_GROUP", "DEL_GROUP", "GRP_MGMT", "USER_ACCT", "ADD_USER", "DEL_USER", "USER_MGMT", "USER_CHAUTHTOK") AND isnotnull(dest), dest, null()) +EVAL-result = if(type IN ("ADD_GROUP", "DEL_GROUP", "GRP_MGMT", "USER_ACCT", "ADD_USER", "DEL_USER", "USER_MGMT", "USER_CHAUTHTOK") AND isnotnull(res), res, null()) +EVAL-object_id = if(type IN ("ADD_GROUP", "DEL_GROUP", "GRP_MGMT", "USER_ACCT", "ADD_USER", "DEL_USER", "USER_MGMT", "USER_CHAUTHTOK") AND isnotnull(id), id, null()) +EVAL-linux_ev_ch_mgmt_user = if(type IN ("ADD_GROUP", "DEL_GROUP", "GRP_MGMT", "USER_ACCT", "ADD_USER", "DEL_USER", "USER_MGMT", "USER_CHAUTHTOK") AND isnotnull(AUID), AUID, if(type IN ("ADD_GROUP", "DEL_GROUP", "GRP_MGMT", "USER_ACCT", "ADD_USER", "DEL_USER", "USER_MGMT", "USER_CHAUTHTOK") AND isnotnull(aiud), aiud, null())) +EVAL-user_name = case(type IN ("ADD_GROUP") AND isnotnull(AUID), AUID,\ + type IN ("ADD_GROUP") AND isnotnull(auid), auid,\ + type IN ("DEL_GROUP") AND isnotnull(AUID), AUID,\ + type IN ("DEL_GROUP") AND isnotnull(auid), auid,\ + type IN ("ADD_USER") AND isnotnull(acct), acct,\ + type IN ("DEL_USER") AND isnotnull(ID), ID,\ + type IN ("GRP_MGMT") AND isnotnull(AUID), AUID,\ + type IN ("GRP_MGMT") AND isnotnull(auid), auid,\ + type IN ("USER_ACCT") AND isnotnull(AUID), AUID,\ + type IN ("USER_ACCT") AND isnotnull(auid), auid,\ + ((type=="USER_MGMT" AND op=="deleting-user-from-group") OR (type=="DEL_USER" AND op=="deleting user from group")) AND isnotnull(ID), ID,\ + ((type=="USER_MGMT" AND op=="add-user-to-group") OR (type=="ADD_USER" AND op=="adding user to group")) AND isnotnull(acct), acct,\ + ((type=="USER_MGMT" AND op=="changing-uid") OR (type=="USER_CHAUTHTOK" AND op=="changing uid")) AND isnotnull(AUID), AUID,\ + ((type=="USER_MGMT" AND op=="changing-uid") OR (type=="USER_CHAUTHTOK" AND op=="changing uid")) AND isnotnull(auid), auid,\ + true(), null()) +EVAL-object = case(type IN ("USER_ACCT") AND isnotnull(acct), acct,\ + ((type=="USER_MGMT" AND op=="add-user-to-group") OR (type=="ADD_USER")) AND isnotnull(acct), acct,\ + ((type=="USER_MGMT" AND op=="deleting-user-from-group") OR (type=="DEL_USER")) AND isnotnull(ID), ID,\ + type IN ("DEL_GROUP", "ADD_GROUP", "GRP_MGMT", "USER_CHAUTHTOK") AND isnotnull(ID), ID,\ + true(), null()) +EVAL-object_category = case(type IN ("ADD_USER", "DEL_USER", "USER_MGMT", "USER_CHAUTHTOK"), "user",\ + type=="USER_ACCT" AND op=="PAM:accounting", "user",\ + type IN ("ADD_GROUP", "DEL_GROUP", "GRP_MGMT", "USER_ACCT"), "group",\ + true(), null()) +EVAL-src_user_name = if(type IN ("ADD_USER", "DEL_USER", "USER_MGMT", "USER_CHAUTHTOK", "USER_ACCT") AND isnotnull(AUID), AUID, null()) + +# DM Authentication:Authentication, DM Endpoint.Processes, DM Change:Account_Management +EVAL-action = case(type=="USER_CMD" AND (res=="success" OR res=="1"), "allowed",\ + type IN ("LOGIN", "USER_LOGIN", "USER_START", "CRED_ACQ") AND (res=="success" OR res=="1"), "success",\ + type IN ("LOGIN", "USER_LOGIN", "USER_START", "CRED_ACQ") AND (res=="failed" OR res=="0"), "failure",\ + (type IN ("GRP_MGMT", "USER_ACCT", "USER_CHAUTHTOK", "USER_MGMT") OR \ + ((type=="DEL_USER" AND op=="deleting user from group") OR \ + (type=="ADD_USER" AND op=="adding user to group"))) AND (res=="success" OR res=="1"), "modified",\ + type IN ("DEL_USER", "DEL_GROUP") AND (res=="success" OR res=="1"), "deleted",\ + type IN ("ADD_GROUP", "ADD_USER") AND (res=="success" OR res=="1"), "created",\ + true(), null()) + +# DM Authentication:Authentication, DM Endpoint.Processes, DM Endpoint.Services, DM Change:Account_Management +EVAL-user_id = case(type IN ("USER_CMD") AND isnotnull(auid), auid,\ + type IN ("USER_START") AND isnotnull(uid), uid,\ + type IN ("LOGIN", "USER_LOGIN", "CRED_ACQ") AND isnotnull(auid), auid,\ + true(), null()) +EVAL-user = case(type IN ("SERVICE_START", "SERVICE_STOP") AND isnotnull(UID), UID,\ + type IN ("USER_LOGIN", "LOGIN", "USER_CMD", "DEL_GROUP", "GRP_MGMT", "USER_ACCT", "ADD_GROUP") AND isnotnull(AUID) AND AUID!="unset", AUID,\ + type IN ("USER_START") AND isnotnull(acct), acct,\ + type IN ("DEL_GROUP", "USER_ACCT", "GRP_MGMT", "ADD_GROUP") AND isnotnull(auid), auid,\ + type IN ("ADD_USER") AND isnotnull(acct), acct,\ + type IN ("DEL_USER") AND isnotnull(ID), ID,\ + ((type=="USER_MGMT" AND op=="deleting-user-from-group") OR \ + (type=="DEL_USER" AND op=="deleting user from group")) AND isnotnull(ID), ID,\ + ((type=="USER_MGMT" AND op=="add-user-to-group") OR \ + (type=="ADD_USER" AND op=="adding user to group")) AND isnotnull(acct), acct,\ + ((type=="USER_MGMT" AND op=="changing-uid") OR \ + (type=="USER_CHAUTHTOK" AND op=="changing uid")) AND isnotnull(AUID) AND AUID!="unset", AUID,\ + ((type=="USER_MGMT" AND op=="changing-uid") OR \ + (type=="USER_CHAUTHTOK" AND op=="changing uid")) AND isnotnull(auid), auid,\ + true(), null()) + +# DM Endpoint.Services, DM Endpoint.Processes +EVAL-process_id = if(type IN ("USER_CMD", "SERVICE_START", "SERVICE_STOP") AND isnotnull(pid), pid, null()) + +# DM Endpoint.Services, DM Change:Account_Management +EVAL-status = case(type IN ("ADD_GROUP", "DEL_GROUP", "GRP_MGMT", "USER_ACCT", "ADD_USER", "DEL_USER", "USER_MGMT", "USER_CHAUTHTOK") AND \ + isnotnull(res) AND (res=="success" OR res=="1"), "success",\ + type IN ("ADD_GROUP", "DEL_GROUP", "GRP_MGMT", "USER_ACCT", "ADD_USER", "DEL_USER", "USER_MGMT", "USER_CHAUTHTOK") AND \ + isnotnull(res) AND (res=="failed" OR res=="0"), "failure",\ + type IN ("SERVICE_START") AND (res=="success" OR res=="1"), "started",\ + type IN ("SERVICE_STOP") AND (res=="success" OR res=="1"), "stopped",\ + true(), null()) + +# DM Authentication:Authentication, DM Change:Account_Management +EVAL-src_user = case(type IN ("ADD_USER", "DEL_USER", "USER_ACCT", "USER_CHAUTHTOK", "USER_START") AND isnotnull(AUID), AUID, true(), null()) diff --git a/apps/Splunk_TA_linux/default/tags.conf b/apps/Splunk_TA_linux/default/tags.conf new file mode 100755 index 00000000..1f5d0ecb --- /dev/null +++ b/apps/Splunk_TA_linux/default/tags.conf @@ -0,0 +1,90 @@ +## +## SPDX-FileCopyrightText: 2021 Splunk, Inc. +## SPDX-License-Identifier: LicenseRef-Splunk-8-2021 +## +## +[eventtype=linux_collectd_cpu] +performance = enabled +oshost = enabled +cpu = enabled + +[eventtype=linux_collectd_memory] +performance = enabled +oshost = enabled +memory = enabled + +[eventtype=linux_collectd_swap] +performance = enabled +oshost = enabled +memory = enabled + +[eventtype=linux_collectd_df] +performance = enabled +oshost = enabled +storage = enabled + +[eventtype=linux_collectd_interface] +performance = enabled +oshost = enabled +network = enabled + +[eventtype=linux_collectd_disk] +performance = enabled +oshost = enabled +storage = enabled + +[eventtype=linux_collectd_load] +performance = enabled +oshost = enabled + +[eventtype=linux_collectd_processes] +performance = enabled +oshost = enabled +process = enabled +cpu = enabled + +[eventtype=linux_collectd_protocols] +performance = enabled +oshost = enabled + +[eventtype=linux_collectd_irq] +performance = enabled +oshost = enabled + +[eventtype=linux_collectd_tcpconns] +performance = enabled +oshost = enabled +network = enabled + +[eventtype=linux_collectd_thermal] +performance = enabled +oshost = enabled + +[eventtype=linux_collectd_uptime] +performance = enabled +oshost = enabled +os = enabled +uptime = enabled + +# [eventtype=linux_audit_anomalies] +# ids = enabled +# attack = enabled +# alert = enabled + +[eventtype=linux_audit_account_change] +change = enabled +account = enabled + +[eventtype=linux_audit_authentication] +authentication = enabled + +[eventtype=linux_audit_endpoint] +process = enabled +report = enabled + +# [eventtype=linux_audit_privileged] +# privileged = enabled + +[eventtype=linux_audit_endpoint_services] +service = enabled +report = enabled diff --git a/apps/Splunk_TA_linux/default/transforms.conf b/apps/Splunk_TA_linux/default/transforms.conf new file mode 100755 index 00000000..bda86090 --- /dev/null +++ b/apps/Splunk_TA_linux/default/transforms.conf @@ -0,0 +1,70 @@ +## +## SPDX-FileCopyrightText: 2021 Splunk, Inc. +## SPDX-License-Identifier: LicenseRef-Splunk-8-2021 +## +## +[http_one_item_field] +# $1 = value[0], $2 = dsnames[0], $3 = type, $4 = type_instance +REGEX = "values":\s*\[(?:"|)([^",]+)(?:"|)\].*dsnames":\s*\[(?:"|)([^",]+)(?:"|)\].*,"type":(?:"|)([^"]*)(?:"|),"type_instance":(?:"|)([^"]+)(?:"|)(?:,|\}) +FORMAT = $3_$4_$2::$1 +WRITE_META = true + +[http_one_item_field_no_type_instance] +# $1 = value[0], $2 = dsnames[0], $3 = type +REGEX = "values":\s*\[(?:"|)([^",]+)(?:"|)\].*dsnames":\s*\[(?:"|)([^",]+)(?:"|)\].*,"type":(?:"|)([^"]*)(?:"|),"type_instance":(?:""|)(?:,|\}) +FORMAT = $3_$2::$1 +WRITE_META = true + +[http_two_item_fields] +# $1 = value[0], $2 = value[1], $3 = dsnames[0], $4 = dsnames[1], $5 = type, +# $6 = type_instance +REGEX = "values":\s*\[(?:"|)([^",]+)(?:"|),(?:"|)([^",]+)(?:"|)\].*dsnames":\s*\[(?:"|)([^",]+)(?:"|),(?:"|)([^",]+)(?:"|)\].*,"type":(?:"|)([^"]*)(?:"|),"type_instance":(?:"|)([^"]+)(?:"|)(?:,|\}) +FORMAT = $5_$6_$3::$1 $5_$6_$4::$2 +WRITE_META = true + +[http_two_item_fields_no_type_instance] +# $1 = value[0], $2 = value[1], $3 = dsnames[0], $4 = dsnames[1], $5 = type +REGEX = "values":\s*\[(?:"|)([^",]+)(?:"|),(?:"|)([^",]+)(?:"|)\].*dsnames":\s*\[(?:"|)([^",]+)(?:"|),(?:"|)([^",]+)(?:"|)\].*,"type":(?:"|)([^"]*)(?:"|),"type_instance":(?:""|)(?:,|\}) +FORMAT = $5_$3::$1 $5_$4::$2 +WRITE_META = true + +[http_three_item_fields] +# $1 = value[0], $2 = value[1], $3 = value[2], $4 = dsnames[0], $5 = dsnames[1], +# $6 = dsnames[2], $7 = type, $8 = type_instance +REGEX = "values":\s*\[(?:"|)([^",]+)(?:"|),(?:"|)([^",]+)(?:"|),(?:"|)([^",]+)(?:"|)\].*dsnames":\s*\[(?:"|)([^",]+)(?:"|),(?:"|)([^",]+)(?:"|),(?:"|)([^",]+)(?:"|)\].*,"type":(?:"|)([^"]*)(?:"|),"type_instance":(?:"|)([^"]+)(?:"|)(?:,|\}) +FORMAT = $7_$8_$4::$1 $7_$8_$5::$2 $7_$8_$6::$3 +WRITE_META = true + +[http_three_item_fields_no_type_instance] +# $1 = value[0], $2 = value[1], $3 = value[2], $4 = dsnames[0], $5 = dsnames[1], +# $6 = dsnames[2], $7 = type +REGEX = "values":\s*\[(?:"|)([^",]+)(?:"|),(?:"|)([^",]+)(?:"|),(?:"|)([^",]+)(?:"|)\].*dsnames":\s*\[(?:"|)([^",]+)(?:"|),(?:"|)([^",]+)(?:"|),(?:"|)([^",]+)(?:"|)\].*,"type":(?:"|)([^"]*)(?:"|),"type_instance":(?:""|)(?:,|\}) +FORMAT = $7_$4::$1 $7_$5::$2 $7_$6::$3 +WRITE_META = true + +# uncomment below stanza if you are collecting data using syslog server with sourcetype syslog + +#[linux_syslog_audit] +#DEST_KEY = MetaData:Sourcetype +#REGEX = type=\S+\s+msg=audit +#FORMAT = sourcetype::linux:audit + +[event_id] +REGEX = msg=audit\(([^:]+):(.+)\): +FORMAT = time_stamp::$1 event_id::$2 + +[op] +REGEX = op=([^=]+)\s+\S+= +FORMAT = op::$1 + +[subject] +REGEX = subj=([^:]+):([^:]+):([^:]+):(\S+) +FORMAT = subj_context_user::$1 subj_context_role::$2 subj_context_domain::$3 subj_context_sensitivity::$4 + +[object] +REGEX = obj=([^:]+):([^:]+):([^:]+):(\S+) +FORMAT = obj_context_user::$1 obj_context_role::$2 obj_context_type::$3 obj_context_sensitivity::$4 + +[res] +REGEX = res=(1|0|success|failed) +FORMAT = res::$1 diff --git a/apps/Splunk_TA_linux/metadata/default.meta b/apps/Splunk_TA_linux/metadata/default.meta new file mode 100755 index 00000000..1231cfad --- /dev/null +++ b/apps/Splunk_TA_linux/metadata/default.meta @@ -0,0 +1,7 @@ + +# Application-level permissions + +[] +owner = admin +access = read : [ * ], write : [ admin, sc_admin ] +export = system diff --git a/apps/Splunk_TA_linux/static/appIcon.png b/apps/Splunk_TA_linux/static/appIcon.png new file mode 100755 index 0000000000000000000000000000000000000000..88f67e7257157937dd747b21af2c7af4d3432386 GIT binary patch literal 3348 zcma)<2{=@HAIGO|3uDQ?moauRW5!r!EEzL)(?znh&=`Y>SRYdl!8)Zv)O(+#g zWeN4h;963WrLIC_DM?ACYw*rUx9(H#a-QdZ&j0++@B8^J|K)j3it}Du5ugGP004;C z+hJXKPc?oM*v7k$1M>2Ck4+3$TPr}-eWjPY7eShx7XttglH|8dfPz9f0ANcT$<34L ziE}~`sALG$f+iA+2wf*ed?pd!q{>lP?ppFa!*gVs%$LFQmj zoHGbRr4vDh5ClXYYykv;KxTA5f0QfMW<$<8Xg`F2{(XH=>bp}5{ZQB z!=Z4v9?wFL5lLauI7$ z6b2JdArS4c7CaJ!MDjx+;0A_Nn5&Fh(eIpYX3=K2FV6aGxwK38dV}n3^C4VRV zMmB@~knZ{-`!e@mYw@E~0~0Hl3DO3Qurfr#VAh5va5&c5NZ$sIHa37EOnB*RaKA~v zbNc0*{g0K}z#{(__B-hh*k9?S01^csjQ!@CKN0_5slG(^6U29J_-hTtGvQ4Gp1*M{ zU}n%C#=f)XF;N&g5znO3-Kf-H3pD>c067OznN&s~l?K9KKyZB+0;Gk*6G#;Pp!RzC z{wCVsnL+ux^t)aALALwBV5I=*)v4>X zwX+{a+pA^=!tAn#heIF~)nLr4j6lcD*ks4uodkOl8WbXKC$KeTyIOpNB~Zf7%x!X$ zbQdNvFy7%}mYl#C@+H47Lp2)Du10fg zde`di-%{fATaQ~kzNd3$oBaOJM#n%FJ88l1oKY|^UcuEeaOkD_gKDeF=ij>}J;ON~^pKfzzsO(Sp#_0@Jc1q!ErIK4{>gZodm;R6RbYq*FLt=_xz` z?|-RNCH5vcdr;f?f|yc@yO3~{cy)WrFS*@kR`i3;aZNNFGxw#4g*t%QQTg^U99J=d z(3WsjEJdhH80n_I{~>$U6Z=H#s<^gDfvfu9WRKc$y@Cq~rB12$u!;H7*26mwd1GT= zAGlDO;*i*RRxR~OnwV^Od4%l90zzRCBXId~lduZ1r+SOL3fxDdMZyh?7LmCQ?h<3u zMPJ^N!p}P2GRSnVv?bS%;;)|}L?29z7wm?(c(~)e)EBZX-N-b*qOOh;LNZ}z=cw*ymOw-05m z$u+vA)s^>+akBTcPH(@Hi8mY>y}EivH};A`j29iH;d(w-mj%^EfWN6*M5?nobdalE4@FF($u$Je7(Fra2uD1v*9 za>HRE*vewYA)9N`ZN1m36qHJ2B(NXVHn#ikdpsj=Ef# z2Zx@=#W)?puCZ+2_NOS1-F>6!B6*p8^OMGdU32V9zsAU#n=XrsCcq40L|T_$*i}7i z9WS28;Jh*16he(7JTa=snmZOE{4t}X_LAa|tVYQ7Pu(W zx?7VRYTV!#O=5TKxi0(o;nA*&gg*Nle*S6qK?@%=kVRRyXu&qlT2_0WkOGejls&ctH)svUP&w9>tZFM(=V-k-?xR!>^#1s(9#erJyxijE zzVpcRp;ayr-XMH`bxx$|Sh;L&fXzb*#qxy;1qb==nF}>9{kX5$#`+77j_2i{v)MPA z^tLa><)1O{+QPLu;AMkhL$x}x=-N~6=${2TG)=tgU)3dPSDS_&{FeP1Bd`u)?T5^cGcf6Vq0L!hmIptQK18ZJ_>gE7K32kS{obhwh<(Yc$C>{vD?)EFO9r#Gkv&vUABWOo;vSEv10kese%; zhLeI48K`Y^Q6#mxeta&6)2zv+nP*^18z5JTY(pb74e!h4FkS>^h*)ZFPM{~k4H8k! z%8jmRXD1C2Z!U%is>=>KKa!LD-~t!=gWG9|y>QV9*OlFH@?cp0l-|(-@rQKeq=upC zU{YX4<%2dW44{opu!lItZ&)jm7 zOw0~hM%}C_B@5(-gIl{6?&8k*FDdVRwop?Q7n2rNgfe2)L({HW>71cw*0tZbI8^_L zGl-4-X!_1+l}$mf9C}TBwh5OfE)+js!r5*2mbj@z+2b0z_qI-7a%?pB_f+p5;1*U> zbNWZovzv;nBs8}vD@rX{o3YTyWWlao{_o}5mf*{>#B_tKL5lc zIDw|woFCd$@y_OX@_dq3)FzeRRjj1Lj%kd)w^tvY-CgJ7n=5*r9kF;ySxMbO6gc;h zF+7GA^IcP`4>&5ZF+hUZ3iHu<@$u9!r}(@CpUFc2B=Fg_FrqdA%=kBAy$Mgrzk)B^`T~cd-KKdJyu|Mjc69 zJ7iSpg*e@kExF_R!reX#xw;ZAD2JC!ySRYdl!8)Zv)O(+#g zWeN4h;963WrLIC_DM?ACYw*rUx9(H#a-QdZ&j0++@B8^J|K)j3it}Du5ugGP004;C z+hJXKPc?oM*v7k$1M>2Ck4+3$TPr}-eWjPY7eShx7XttglH|8dfPz9f0ANcT$<34L ziE}~`sALG$f+iA+2wf*ed?pd!q{>lP?ppFa!*gVs%$LFQmj zoHGbRr4vDh5ClXYYykv;KxTA5f0QfMW<$<8Xg`F2{(XH=>bp}5{ZQB z!=Z4v9?wFL5lLauI7$ z6b2JdArS4c7CaJ!MDjx+;0A_Nn5&Fh(eIpYX3=K2FV6aGxwK38dV}n3^C4VRV zMmB@~knZ{-`!e@mYw@E~0~0Hl3DO3Qurfr#VAh5va5&c5NZ$sIHa37EOnB*RaKA~v zbNc0*{g0K}z#{(__B-hh*k9?S01^csjQ!@CKN0_5slG(^6U29J_-hTtGvQ4Gp1*M{ zU}n%C#=f)XF;N&g5znO3-Kf-H3pD>c067OznN&s~l?K9KKyZB+0;Gk*6G#;Pp!RzC z{wCVsnL+ux^t)aALALwBV5I=*)v4>X zwX+{a+pA^=!tAn#heIF~)nLr4j6lcD*ks4uodkOl8WbXKC$KeTyIOpNB~Zf7%x!X$ zbQdNvFy7%}mYl#C@+H47Lp2)Du10fg zde`di-%{fATaQ~kzNd3$oBaOJM#n%FJ88l1oKY|^UcuEeaOkD_gKDeF=ij>}J;ON~^pKfzzsO(Sp#_0@Jc1q!ErIK4{>gZodm;R6RbYq*FLt=_xz` z?|-RNCH5vcdr;f?f|yc@yO3~{cy)WrFS*@kR`i3;aZNNFGxw#4g*t%QQTg^U99J=d z(3WsjEJdhH80n_I{~>$U6Z=H#s<^gDfvfu9WRKc$y@Cq~rB12$u!;H7*26mwd1GT= zAGlDO;*i*RRxR~OnwV^Od4%l90zzRCBXId~lduZ1r+SOL3fxDdMZyh?7LmCQ?h<3u zMPJ^N!p}P2GRSnVv?bS%;;)|}L?29z7wm?(c(~)e)EBZX-N-b*qOOh;LNZ}z=cw*ymOw-05m z$u+vA)s^>+akBTcPH(@Hi8mY>y}EivH};A`j29iH;d(w-mj%^EfWN6*M5?nobdalE4@FF($u$Je7(Fra2uD1v*9 za>HRE*vewYA)9N`ZN1m36qHJ2B(NXVHn#ikdpsj=Ef# z2Zx@=#W)?puCZ+2_NOS1-F>6!B6*p8^OMGdU32V9zsAU#n=XrsCcq40L|T_$*i}7i z9WS28;Jh*16he(7JTa=snmZOE{4t}X_LAa|tVYQ7Pu(W zx?7VRYTV!#O=5TKxi0(o;nA*&gg*Nle*S6qK?@%=kVRRyXu&qlT2_0WkOGejls&ctH)svUP&w9>tZFM(=V-k-?xR!>^#1s(9#erJyxijE zzVpcRp;ayr-XMH`bxx$|Sh;L&fXzb*#qxy;1qb==nF}>9{kX5$#`+77j_2i{v)MPA z^tLa><)1O{+QPLu;AMkhL$x}x=-N~6=${2TG)=tgU)3dPSDS_&{FeP1Bd`u)?T5^cGcf6Vq0L!hmIptQK18ZJ_>gE7K32kS{obhwh<(Yc$C>{vD?)EFO9r#Gkv&vUABWOo;vSEv10kese%; zhLeI48K`Y^Q6#mxeta&6)2zv+nP*^18z5JTY(pb74e!h4FkS>^h*)ZFPM{~k4H8k! z%8jmRXD1C2Z!U%is>=>KKa!LD-~t!=gWG9|y>QV9*OlFH@?cp0l-|(-@rQKeq=upC zU{YX4<%2dW44{opu!lItZ&)jm7 zOw0~hM%}C_B@5(-gIl{6?&8k*FDdVRwop?Q7n2rNgfe2)L({HW>71cw*0tZbI8^_L zGl-4-X!_1+l}$mf9C}TBwh5OfE)+js!r5*2mbj@z+2b0z_qI-7a%?pB_f+p5;1*U> zbNWZovzv;nBs8}vD@rX{o3YTyWWlao{_o}5mf*{>#B_tKL5lc zIDw|woFCd$@y_OX@_dq3)FzeRRjj1Lj%kd)w^tvY-CgJ7n=5*r9kF;ySxMbO6gc;h zF+7GA^IcP`4>&5ZF+hUZ3iHu<@$u9!r}(@CpUFc2B=Fg_FrqdA%=kBAy$Mgrzk)B^`T~cd-KKdJyu|Mjc69 zJ7iSpg*e@kExF_R!reX#xw;ZAD2JC!yfEWWevqD=L=qorQyv3j{ z2q&0WkT>!I4FD(wDO@~y!_ZJ*khhnQpF)r__b-IP#q-Z*5I67_1nsHJZDn8#)I^|Q zKxr{4F>!7c3Lp@ugmQ6JFwxTfgMRU*%2dWz~Dcj zeEj~%>mox?5EKali;080y+QxR^h2A#{xbQmOh2<=Bn)H%^F#QfoM9Jmo_`ZU!(IOe zou6NRS@<{FMZN!b-~Xw}MaoJSXafTUEf@+O0CUksA-sPT1_?#^!G4-l=Kj;=-&sG2 zztU8I`}m=uKF%MjUpe{Yx%`VV!N3w3QxS#2;_R!Uq}LR>};3|0rrXliQ7Yu=ER zm(|pklKNBmZ`8k(l|cVU_tzl%z3>05#Xo~e%4vY*4 z)MX{XQgRpR{Gt07^>0Cc{|5PIrT&nW|G#AaM*WAZ5en`G_knt8{T2FWNBsXv^}Dlw zk@#DfpJPqo0&>v}(4P}W1*`=6N88`<7n%y1C>RutK$#&BUMlK8*8`xjI|7aHb4MV7 znwmffaj+Cn&;aTT_xag){a5+^8|e={CD6}V`nOs8`;zdh^p}1iFxxT1SluW}i z002ffL`&T)hyZtsG9kCuUuC~#e{+03cK@^8i*I&6BEexqGQIvzRL>L0b#<|X8V?Gd zLKqsJK7VTQ{0bku+@jcEyySY?-6C^$v)>A?lTd)cpi5VsoujD37Mt2VU+f15ZrwQ! zbvrxU3g4Rd&oF;q-&S`L=sNaTUUDtRZ*1gb-)SMUvq|}CQgP23!_Hyoqe9-`xDSw6 z3A^d>$Xfovt?gES+9amwv6TS}6(hTu`=KL_G#@L~I`o7~;w8s;`Bk!eiSl%;buh$h z@7qr46N&f8iBFek4++xJ?Y(0BlC&Lb%PL&3){wsOqk6k09ZV0G7E<>R0FGFuU5u1& zfzvlG`b|vR2C!04WR!}79CJ(>PE6UVG_nlxxtD6IA9*Q!(IevBQKSKoVbJABUf`!^ zH9$fwVeUDD2|Jzb47(T%26ugga;n5k^gJ!5oX&N;^qyR+IqBj75r9m$){qLbQrt_7 zAt2$WlW4Iqrr|N{=0{9pDg1^_vzYOW6QbcE zn!QT(?4j$f_LM`+vI3qegm<-uYl7&mHUOEV1iPJBQb$rH^X21oB2C0OKIACAh`$tc z1=vuIp-I?iHDG?b=JJ8XD9?k50nlSX%(q&wAs;dIHsU^dBvm3-h*;|ZhUM9kSs2z? z-37Uik|+%A2x9fWA(5;Gclz`eW9UOh!NXQFet1$c{_>zcf{w~2nTVpUfG8(YpOp-f z7}s!KDRuQlo)WDY?^Y*ug{idh+@SHYss{0EwwlWWdFnYc#{Y*G1GOHI3Y^aS5i_b$V(42)B<7 zvk#UDEg6zh7&okF5HuRY%#tSDl);(h1@A!7CG(_+s4I2}YJx!GKGD|`t0ZDoDfV-I zYEvv)FMdN->;d=tfR-cdqH@|!OG#1D%Nm<9h`Ax|GJ@M2)|dBW=Cwdi8(5s*mdD7v zb`nV)9E9>T%#ESavZqp-nk47V+pN#ZB^af~N{kG(3~%-ln}e9VqDferhO#ruj%!&y zQftZYp^9h4$J0e#jFv9feb2^QhppCqUjFui9#~`?-oUN1-^_B;`KvFW&g3gqvsq_F zkNk+sNjCmB+86eM!fGMqI#g4u^7Xit|VLD->TE;}TNB11nh1N~qDtJpfPmJ%7yrtiQ2p;kVK_n~8@+1)P$u4KEqW%`~*?Bf~N za|Xvo-;V?l$H^$m`O?JacFk@;d$}$ZvC9!B3{qp$v>m++k+staRbF}@bR+1ayAl$5 zK$<(3LzY=cg|B4{Qaz8-?9;lf<72yHiyaSWzs0ec$+;D(q0K-X#IXp75-rCTOJK#?shjj*=qLKT&ZvNG%@(;vOD65x zyzKV~o258BFqd{=*)*uskB%X;el6pt2ouWMO(Ri=)d(3@}P zG*62-CuBuz+d2eoEzTd+ON*wvL(J&Qif%QdE$kJyYnAplRk;fcb;;tHwlC2UYNR|( zc`L+1#?y}>cxlF81-mV<=RBix^74IJ<8ahW2e&k(2ksK+r2S>^l0#ABcbmJ>zI}8! zKGhnqnD#p@BfleezzEz*xAS{r<->`-fcmU@r)eSU`cg|$CxN0?bX?ImID$2u7q3@C z%llA86dV$rqdQKbm13NbF_5J`%$nB>wB$D&iu=T4V%s>2(G(PIH&ph@yNt|uK zaa@0p=45Zp%69EFq4^*-g9eVU7o!|1$F;ScSv?Pl=gZ)T@XzbQ>^Yi}4fQ^3pQ5iC zzzld?2bGOm>C9y{`|?VHb8p%%o1|M4d|@}ryBz*mcm0ic*OYs;c<4ddl_)D2O3#Sn zggy|&?lX05MR7bk>Szg)<)pje$yVIvdo3-5_H>(CI_yEC+5pI z*<8?;$61hPcGeKzG%Q+~-)&ay$jY$ITJ(l$E8V}6cJP~QsP3y4sVRXZ)#E^XY|^|y zlFI2MRuy@m>pbCBVmoLLmy5Lv7g!;Mxi2-}n*0v8I^E(aF&}13=xd~rT?)a^Bm>bIK#Gaui*BaTasrwW*Mnz}-n)MuV+++0;Rn6v##d8c{~R zIs}-xRb#z5^Mk~?vDtL6u;#M${Ot#Qbo9++-(Zx*WmPw3UO0~I8+G#7;iR!9{<*V+ z@(9j5=00t{v1XPZFo+tn7@=ZP+{SaZ>6e=p4Wu?OAYB?`ZaH1lX6C}3r5UV!Xs4IM zZfH-fME1S@YQf?oWI>LlSE|6(+jK;FPud0|Y4-;_x0Hp?Dr)Ks$9qG8D?NAcM(2B$wbk|7 z9L>AXGTUYyOUaC8?k4mC4pZm3rH7{loy2{$Ixd(!EDzL!$YHE9v}e~NJ=4o8f}Aw? z>7A{ldS0)vjC=q&??55E3?Ik3>^SWCotF!3O83s!s!CTDZz2YjXE;*$Mu%M>;}Y<) zX6r{x^+Tmi^My=>BY8TKY zNrJgI^>F>x+x3Ez{h2odv`OuelB3+y=u;+mmBYw~NIVZZbWO>`>xxkNhzf1?lBvdbzGzM^icu3UV<*@NJ3CT zM}nl_VCPemgm?(#%LhsiKv-O7Vg1#mb z)bhk-j$j0G!_mV!E@l{4nVK|Q#@S9JYdA1i!+^E*iwfDLG!j-bYR3~De%w?|7yXbs z1yxPMtI>)Cm-Y0I8gzy1QAO5sv@+91D!r(e^?wdZ>ea?QI8{y8(+s7v68dr*k<$CX z8*4nn+f@HG*);TKjWeILTGhrZ@J)wl(ziCtD8*6;p!wL2V`I|V(p)6%!Ccc2&vAb8 zrAHR<6GtM;JAnD!&38?()B6uvhioTi#RRy*CuiotWg}7*vdwNqZs600(Bq2&@qF6-4D*cjYT$UkZOGI--U+ z)l31JLHv<7_QQO6l>N&P`;N2s0WIQOs4HvF)>O{x343x~cN+o+ctA_Q;7tPS`HAaS zEqqcC=AA+?WJ}CP?QcfWug{*59(rGG`XUxMQ*sTj-VY@{A;s}IlQF$FwH7|F*+RJV z;y<8vABkdXiu5?n9=sS*&J45Nr~x)mj&A-q>abkt4eS&iz3d$PkyA{=MM7MMgCqNO zfp00s<2GJEbX|BdiZ4*kDJnLb)M+EvPl=W_>WW!Q*FUiTL_@u#X%2IT>{lv#eZ#nKewBIH)xoHy^ zAF@sRpMZl`1yoJKLEU3huYT;vs^3IPNr_r7e;!L&hTTGMwdT*9KP)yZO#;&~YQor8a z0L;4^tnFD;8eA#z>{0FtPLc+NGr7n8eE4j!MW4 ze|G-kPaT=CQ*7J!M480FPTv)h?VB}p|{n%;x1EP zN725T(AbxokY{EVjovBP6qJ0>h8qh0U8>@xS)j>TvS~P}QeH~2Cz}?5LI*QIz7s_q z?fW8|J=L$~G);gSrrazkiseysHWO0h3ax2!VTo-$au?l{o)iC^{5|Pf$`h?ldk0}n z^)jIrrofg{aodL__^aO)URyFUBhwwf7LZJ8e|*c4URT3o!dw>5|JgTT zmtTY}LCUm9P^q*dq_DB{iJ(!ZCIcsAp@)@SPu#NJ*Yav&e(G+Gvq>bt#G!-Wl2)H+ z9lV-$m>HZTrz6VfIYPqPALqr^i8gTKjU?ya5wX>aI18}-F*Q$VLf;Ex03JdMUpX3E zW=JmIxhB+?d#@?bp8Oy$MqT>B;^V%tu10aO#91ck3}{M-!RtZp*3Zvt9sqXf^(EIJ zIg_M$edOYZ?avAF%hj~b8iHi@&19gwuU}}19UuDoGq+Nw#$AJ&E0krLCMt|d5SvD^O0eh2q8D&o$D z2ojPc@Q(HK;#c-%L-!bCYUNhfwsWZ5#H^k{N^)E8a4JT)G4p8B2paNcenq3M*h+M< z7CWjw4+?WY*@$I~5@w|YQkjg%1xO8nC9drwS69;e>|0#!tO{C`WTrR-^q~o!QuMrj zYZqZAt1Rn?C0j{7bBe;n=T*s!=Skw~mP2lZ%^t% zb&4$#{hzq3CT`I}WEc^_t>nqE*ZURQhvqZb!!HlId>64v>`u%moNC#Sy8q)hd*O#I z@AC6Ve1Tc59h;85T+g$gd~Ie{l;GO8iD>d-DGB>{-NxQFe<<6i=H$?<$<=LzUaqCA zc6SOdl$TiIZc9x%fuS;95myaYe+5-bl=lG5n3Dtx&)3Qro-PJXxCoDwqE<~s!d3P* z8m7Nz3%#ph>r!(bEL$grqYHG8SV$REZmG|k<1_3?nXb?muPa*U`UQFC_1hPjJO&9g z=`aUUZ5{L;P*rA$V6S9V)BpvY#5JNQlZ)SCu2h_W1%GX*%+A8=m7-gQWer~8jo^8W zuNIf^4$)g1O6%_Drq%4~6v^OgPsvzU@L5^H{)xWS;0ySuSU$DA7@Z^BS=Z&R}#v$!OKCp3jM;=2oO?Jn|^wq1&6S0k0b z8tzq)cd5Bq$Yu-7A{S&8@!qEEQy(WT;CL(v6P4V+`$fGaiW@3EA#G$gvV3ELHzL-L zS<<&(TGA<6I}iVOMVbBfaAUi8lTvgrmjiST&y0Oxk#CT%6m0x~_m=H5St=6NbFbtH z*YTx#e0!!uR^Ggm{WLr;Wg1Mmdp&`Kc-TR$!^8h#$AhfM^SamxTGvIWW7Kcp1lnG{ zB5K4sz-5*9Iz%B%uj!;wB{k#%H&BdQ^tBHZ)E-I=OtI)RF|5ZCtyBgNo06i)F1En( z6Bn?eot1BRFHDr7s5K_;T@jTa0LGG%b}!eTI>qEFJUlPF@?vwtC-JNgBMyfxu1q^} zPORyn&=U!qh9(i{Edil=?o-Y3*g=UmxY-YnGnSq%h8C{Btna&ec{e8d34(*qU-%SD zxGjgUDC^+3Qg?t-h)0|ru21d}UsekamsekHdBk4$&LPT*{T_MyKr>6SB=FU3zyfa= z$OMoWD7=?Z+C755vO2zF+lp)2%U-GbEO|prosje(T>1)Smzpqvn%Cm~+xskJCxKBV zr~UKw!?#Wfpl=%hG>b)VE9}{df;xa4pgEOyf~^``ty;U?0{kyK?W(do%u(WAnEmkcM-SwNp;ncKBj&#V DQ5yUX literal 0 HcmV?d00001 diff --git a/apps/Splunk_TA_linux/static/appIcon_2x.png b/apps/Splunk_TA_linux/static/appIcon_2x.png new file mode 100755 index 0000000000000000000000000000000000000000..c638b3f159fc4047a35e86d577c49cb0234f6933 GIT binary patch literal 6738 zcma)Bby!sC+a6LH1W6HwMrs(kTV&{^Lt=mdhMHj*O36V$1OaJ8LMf4uP6?$`9h8t1 z7(i5F5NY_(-Tm!;*X|eRx=y|4zVGLLo;Ut@Pn@ygO==1@3IG5=4bjmuxwz~6JjqBe zuIAtBZeH97{7i0Y0IJ5=KVQ6%BXz9(002scpCfEWWevqD=L=qorQyv3j{ z2q&0WkT>!I4FD(wDO@~y!_ZJ*khhnQpF)r__b-IP#q-Z*5I67_1nsHJZDn8#)I^|Q zKxr{4F>!7c3Lp@ugmQ6JFwxTfgMRU*%2dWz~Dcj zeEj~%>mox?5EKali;080y+QxR^h2A#{xbQmOh2<=Bn)H%^F#QfoM9Jmo_`ZU!(IOe zou6NRS@<{FMZN!b-~Xw}MaoJSXafTUEf@+O0CUksA-sPT1_?#^!G4-l=Kj;=-&sG2 zztU8I`}m=uKF%MjUpe{Yx%`VV!N3w3QxS#2;_R!Uq}LR>};3|0rrXliQ7Yu=ER zm(|pklKNBmZ`8k(l|cVU_tzl%z3>05#Xo~e%4vY*4 z)MX{XQgRpR{Gt07^>0Cc{|5PIrT&nW|G#AaM*WAZ5en`G_knt8{T2FWNBsXv^}Dlw zk@#DfpJPqo0&>v}(4P}W1*`=6N88`<7n%y1C>RutK$#&BUMlK8*8`xjI|7aHb4MV7 znwmffaj+Cn&;aTT_xag){a5+^8|e={CD6}V`nOs8`;zdh^p}1iFxxT1SluW}i z002ffL`&T)hyZtsG9kCuUuC~#e{+03cK@^8i*I&6BEexqGQIvzRL>L0b#<|X8V?Gd zLKqsJK7VTQ{0bku+@jcEyySY?-6C^$v)>A?lTd)cpi5VsoujD37Mt2VU+f15ZrwQ! zbvrxU3g4Rd&oF;q-&S`L=sNaTUUDtRZ*1gb-)SMUvq|}CQgP23!_Hyoqe9-`xDSw6 z3A^d>$Xfovt?gES+9amwv6TS}6(hTu`=KL_G#@L~I`o7~;w8s;`Bk!eiSl%;buh$h z@7qr46N&f8iBFek4++xJ?Y(0BlC&Lb%PL&3){wsOqk6k09ZV0G7E<>R0FGFuU5u1& zfzvlG`b|vR2C!04WR!}79CJ(>PE6UVG_nlxxtD6IA9*Q!(IevBQKSKoVbJABUf`!^ zH9$fwVeUDD2|Jzb47(T%26ugga;n5k^gJ!5oX&N;^qyR+IqBj75r9m$){qLbQrt_7 zAt2$WlW4Iqrr|N{=0{9pDg1^_vzYOW6QbcE zn!QT(?4j$f_LM`+vI3qegm<-uYl7&mHUOEV1iPJBQb$rH^X21oB2C0OKIACAh`$tc z1=vuIp-I?iHDG?b=JJ8XD9?k50nlSX%(q&wAs;dIHsU^dBvm3-h*;|ZhUM9kSs2z? z-37Uik|+%A2x9fWA(5;Gclz`eW9UOh!NXQFet1$c{_>zcf{w~2nTVpUfG8(YpOp-f z7}s!KDRuQlo)WDY?^Y*ug{idh+@SHYss{0EwwlWWdFnYc#{Y*G1GOHI3Y^aS5i_b$V(42)B<7 zvk#UDEg6zh7&okF5HuRY%#tSDl);(h1@A!7CG(_+s4I2}YJx!GKGD|`t0ZDoDfV-I zYEvv)FMdN->;d=tfR-cdqH@|!OG#1D%Nm<9h`Ax|GJ@M2)|dBW=Cwdi8(5s*mdD7v zb`nV)9E9>T%#ESavZqp-nk47V+pN#ZB^af~N{kG(3~%-ln}e9VqDferhO#ruj%!&y zQftZYp^9h4$J0e#jFv9feb2^QhppCqUjFui9#~`?-oUN1-^_B;`KvFW&g3gqvsq_F zkNk+sNjCmB+86eM!fGMqI#g4u^7Xit|VLD->TE;}TNB11nh1N~qDtJpfPmJ%7yrtiQ2p;kVK_n~8@+1)P$u4KEqW%`~*?Bf~N za|Xvo-;V?l$H^$m`O?JacFk@;d$}$ZvC9!B3{qp$v>m++k+staRbF}@bR+1ayAl$5 zK$<(3LzY=cg|B4{Qaz8-?9;lf<72yHiyaSWzs0ec$+;D(q0K-X#IXp75-rCTOJK#?shjj*=qLKT&ZvNG%@(;vOD65x zyzKV~o258BFqd{=*)*uskB%X;el6pt2ouWMO(Ri=)d(3@}P zG*62-CuBuz+d2eoEzTd+ON*wvL(J&Qif%QdE$kJyYnAplRk;fcb;;tHwlC2UYNR|( zc`L+1#?y}>cxlF81-mV<=RBix^74IJ<8ahW2e&k(2ksK+r2S>^l0#ABcbmJ>zI}8! zKGhnqnD#p@BfleezzEz*xAS{r<->`-fcmU@r)eSU`cg|$CxN0?bX?ImID$2u7q3@C z%llA86dV$rqdQKbm13NbF_5J`%$nB>wB$D&iu=T4V%s>2(G(PIH&ph@yNt|uK zaa@0p=45Zp%69EFq4^*-g9eVU7o!|1$F;ScSv?Pl=gZ)T@XzbQ>^Yi}4fQ^3pQ5iC zzzld?2bGOm>C9y{`|?VHb8p%%o1|M4d|@}ryBz*mcm0ic*OYs;c<4ddl_)D2O3#Sn zggy|&?lX05MR7bk>Szg)<)pje$yVIvdo3-5_H>(CI_yEC+5pI z*<8?;$61hPcGeKzG%Q+~-)&ay$jY$ITJ(l$E8V}6cJP~QsP3y4sVRXZ)#E^XY|^|y zlFI2MRuy@m>pbCBVmoLLmy5Lv7g!;Mxi2-}n*0v8I^E(aF&}13=xd~rT?)a^Bm>bIK#Gaui*BaTasrwW*Mnz}-n)MuV+++0;Rn6v##d8c{~R zIs}-xRb#z5^Mk~?vDtL6u;#M${Ot#Qbo9++-(Zx*WmPw3UO0~I8+G#7;iR!9{<*V+ z@(9j5=00t{v1XPZFo+tn7@=ZP+{SaZ>6e=p4Wu?OAYB?`ZaH1lX6C}3r5UV!Xs4IM zZfH-fME1S@YQf?oWI>LlSE|6(+jK;FPud0|Y4-;_x0Hp?Dr)Ks$9qG8D?NAcM(2B$wbk|7 z9L>AXGTUYyOUaC8?k4mC4pZm3rH7{loy2{$Ixd(!EDzL!$YHE9v}e~NJ=4o8f}Aw? z>7A{ldS0)vjC=q&??55E3?Ik3>^SWCotF!3O83s!s!CTDZz2YjXE;*$Mu%M>;}Y<) zX6r{x^+Tmi^My=>BY8TKY zNrJgI^>F>x+x3Ez{h2odv`OuelB3+y=u;+mmBYw~NIVZZbWO>`>xxkNhzf1?lBvdbzGzM^icu3UV<*@NJ3CT zM}nl_VCPemgm?(#%LhsiKv-O7Vg1#mb z)bhk-j$j0G!_mV!E@l{4nVK|Q#@S9JYdA1i!+^E*iwfDLG!j-bYR3~De%w?|7yXbs z1yxPMtI>)Cm-Y0I8gzy1QAO5sv@+91D!r(e^?wdZ>ea?QI8{y8(+s7v68dr*k<$CX z8*4nn+f@HG*);TKjWeILTGhrZ@J)wl(ziCtD8*6;p!wL2V`I|V(p)6%!Ccc2&vAb8 zrAHR<6GtM;JAnD!&38?()B6uvhioTi#RRy*CuiotWg}7*vdwNqZs600(Bq2&@qF6-4D*cjYT$UkZOGI--U+ z)l31JLHv<7_QQO6l>N&P`;N2s0WIQOs4HvF)>O{x343x~cN+o+ctA_Q;7tPS`HAaS zEqqcC=AA+?WJ}CP?QcfWug{*59(rGG`XUxMQ*sTj-VY@{A;s}IlQF$FwH7|F*+RJV z;y<8vABkdXiu5?n9=sS*&J45Nr~x)mj&A-q>abkt4eS&iz3d$PkyA{=MM7MMgCqNO zfp00s<2GJEbX|BdiZ4*kDJnLb)M+EvPl=W_>WW!Q*FUiTL_@u#X%2IT>{lv#eZ#nKewBIH)xoHy^ zAF@sRpMZl`1yoJKLEU3huYT;vs^3IPNr_r7e;!L&hTTGMwdT*9KP)yZO#;&~YQor8a z0L;4^tnFD;8eA#z>{0FtPLc+NGr7n8eE4j!MW4 ze|G-kPaT=CQ*7J!M480FPTv)h?VB}p|{n%;x1EP zN725T(AbxokY{EVjovBP6qJ0>h8qh0U8>@xS)j>TvS~P}QeH~2Cz}?5LI*QIz7s_q z?fW8|J=L$~G);gSrrazkiseysHWO0h3ax2!VTo-$au?l{o)iC^{5|Pf$`h?ldk0}n z^)jIrrofg{aodL__^aO)URyFUBhwwf7LZJ8e|*c4URT3o!dw>5|JgTT zmtTY}LCUm9P^q*dq_DB{iJ(!ZCIcsAp@)@SPu#NJ*Yav&e(G+Gvq>bt#G!-Wl2)H+ z9lV-$m>HZTrz6VfIYPqPALqr^i8gTKjU?ya5wX>aI18}-F*Q$VLf;Ex03JdMUpX3E zW=JmIxhB+?d#@?bp8Oy$MqT>B;^V%tu10aO#91ck3}{M-!RtZp*3Zvt9sqXf^(EIJ zIg_M$edOYZ?avAF%hj~b8iHi@&19gwuU}}19UuDoGq+Nw#$AJ&E0krLCMt|d5SvD^O0eh2q8D&o$D z2ojPc@Q(HK;#c-%L-!bCYUNhfwsWZ5#H^k{N^)E8a4JT)G4p8B2paNcenq3M*h+M< z7CWjw4+?WY*@$I~5@w|YQkjg%1xO8nC9drwS69;e>|0#!tO{C`WTrR-^q~o!QuMrj zYZqZAt1Rn?C0j{7bBe;n=T*s!=Skw~mP2lZ%^t% zb&4$#{hzq3CT`I}WEc^_t>nqE*ZURQhvqZb!!HlId>64v>`u%moNC#Sy8q)hd*O#I z@AC6Ve1Tc59h;85T+g$gd~Ie{l;GO8iD>d-DGB>{-NxQFe<<6i=H$?<$<=LzUaqCA zc6SOdl$TiIZc9x%fuS;95myaYe+5-bl=lG5n3Dtx&)3Qro-PJXxCoDwqE<~s!d3P* z8m7Nz3%#ph>r!(bEL$grqYHG8SV$REZmG|k<1_3?nXb?muPa*U`UQFC_1hPjJO&9g z=`aUUZ5{L;P*rA$V6S9V)BpvY#5JNQlZ)SCu2h_W1%GX*%+A8=m7-gQWer~8jo^8W zuNIf^4$)g1O6%_Drq%4~6v^OgPsvzU@L5^H{)xWS;0ySuSU$DA7@Z^BS=Z&R}#v$!OKCp3jM;=2oO?Jn|^wq1&6S0k0b z8tzq)cd5Bq$Yu-7A{S&8@!qEEQy(WT;CL(v6P4V+`$fGaiW@3EA#G$gvV3ELHzL-L zS<<&(TGA<6I}iVOMVbBfaAUi8lTvgrmjiST&y0Oxk#CT%6m0x~_m=H5St=6NbFbtH z*YTx#e0!!uR^Ggm{WLr;Wg1Mmdp&`Kc-TR$!^8h#$AhfM^SamxTGvIWW7Kcp1lnG{ zB5K4sz-5*9Iz%B%uj!;wB{k#%H&BdQ^tBHZ)E-I=OtI)RF|5ZCtyBgNo06i)F1En( z6Bn?eot1BRFHDr7s5K_;T@jTa0LGG%b}!eTI>qEFJUlPF@?vwtC-JNgBMyfxu1q^} zPORyn&=U!qh9(i{Edil=?o-Y3*g=UmxY-YnGnSq%h8C{Btna&ec{e8d34(*qU-%SD zxGjgUDC^+3Qg?t-h)0|ru21d}UsekamsekHdBk4$&LPT*{T_MyKr>6SB=FU3zyfa= z$OMoWD7=?Z+C755vO2zF+lp)2%U-GbEO|prosje(T>1)Smzpqvn%Cm~+xskJCxKBV zr~UKw!?#Wfpl=%hG>b)VE9}{df;xa4pgEOyf~^``ty;U?0{kyK?W(do%u(WAnEmkcM-SwNp;ncKBj&#V DQ5yUX literal 0 HcmV?d00001