From d6c650aba5024ac82122999581e7b32c5c74a5c4 Mon Sep 17 00:00:00 2001 From: ygalnezri Date: Tue, 24 Dec 2024 11:43:18 +0100 Subject: [PATCH] Upgrade documentation --- Watcher/README.md | 198 ++++++++++++------ Watcher/static/Watcher-favicon.ico | Bin 0 -> 15406 bytes Watcher/static/Watcher-logo-documentation.png | Bin 0 -> 11182 bytes 3 files changed, 137 insertions(+), 61 deletions(-) create mode 100644 Watcher/static/Watcher-favicon.ico create mode 100644 Watcher/static/Watcher-logo-documentation.png diff --git a/Watcher/README.md b/Watcher/README.md index bde5552..3c9b140 100755 --- a/Watcher/README.md +++ b/Watcher/README.md @@ -19,8 +19,8 @@ Please wait until you see: watcher | Performing system checks... watcher | watcher | System check identified no issues (0 silenced). - watcher | October 08, 2022 - 10:28:02 - watcher | Django version 4.1.4, using settings 'watcher.settings' + watcher | January 08, 2025 - 11:43:02 + watcher | Django version 5.0.10, using settings 'watcher.settings' watcher | Starting development server at http://0.0.0.0:9002/ watcher | Quit the server with CONTROL-C. @@ -92,36 +92,6 @@ Please use this syntax: ALLOWED_HOST=X.X.X.X or ALLOWED_HOST=mywebsite.com -Now, you can restart your instance and the parameters will be taken into account: - - docker compose down - docker compose up - -### SMTP Server Settings (Email Notifications) -In the `.env` file: - - EMAIL_FROM=watcher@example.com - SMTP_SERVER=smtp.example.com - -Website url, which will be the link in the email notifications body: - - WATCHER_URL=https://example.watcher.local - -Now, you can restart your instance and the parameters will be taken into account: - - docker compose down - docker compose up - -### TheHive Settings -If you want to use **TheHive export**, please fill the **IP** of your TheHive instance and a **generated API key**. - -In the `.env` file: - - # THE HIVE SETUP - THE_HIVE_URL= - THE_HIVE_KEY= - THE_HIVE_CASE_ASSIGNEE=watcher - Now, you can restart your instance and the parameters will be taken into account: docker compose down @@ -198,14 +168,136 @@ Connect to the `/admin` page: - You may enter an **Email address** for email notifications. - Click on **SAVE**. -## Add email notifications subscriber -Receive email notifications when subscribing to a topic. +## Subscribe to notifications + +Receive notifications via different channels when subscribing to a topic. + +To add a subscriber, follow these steps: + +1. Go to the `/admin` page. +2. Click on **Subscribers**. +3. Click on **ADD SUBSCRIBER**. +4. Select the **USER**. +5. Choose your preferred notification channel from the following options: + - **EMAIL** + - **THEHIVE** + - **SLACK** + - **CITADEL** + +Make sure to configure the necessary settings for each channel in your `.env` file. + +### Configure your Email notifications + +To configure Email, you need the following variables, in the `.env` file: + + # DJANGO EMAIL Configuration + SMTP_SERVER= + EMAIL_PORT=25 + EMAIL_USE_TLS=False + EMAIL_USE_SSL=False + EMAIL_HOST_USER= + EMAIL_HOST_PASSWORD= + EMAIL_FROM= + +Follow these steps to get the required information: + +1. Choose your email provider (example: Gmail, Outlook...). +2. Go to the email provider’s settings and generate the **SMTP configuration**: + - For **Gmail**, detailed instructions can be found in [Google's SMTP documentation](https://support.google.com/a/answer/176600?hl=en). + - For **Outlook**, you can refer to the [Outlook SMTP documentation](https://support.microsoft.com/en-us/office/pop-imap-and-smtp-settings-for-outlook-com-d088b986-291d-42b8-9564-9c414e2aa040) for more information. +3. Follow the instructions to retrieve the SMTP server, email port, and other necessary credentials. +4. Save these values in your `.env` file. + - `SMTP_SERVER` + - `EMAIL_PORT` + - `EMAIL_USE_TLS` + - `EMAIL_USE_SSL` + - `EMAIL_HOST_USER` + - `EMAIL_HOST_PASSWORD` + - `EMAIL_FROM` -Connect to the `/admin` page: +Now, you can restart your instance and the parameters will be taken into account: + + docker compose down + docker compose up + +### Configure your TheHive notifications + +To configure TheHive, you need the following variables, in the `.env` file: + + # THE HIVE Setup + THE_HIVE_URL= + THE_HIVE_VERIFY_SSL=False + THE_HIVE_KEY= + # Ensure the custom field referenced here is CREATED IN THEHIVE. Otherwise, Alert exports to TheHive will be impacted + THE_HIVE_CUSTOM_FIELD=watcher-id + THE_HIVE_EMAIL_SENDER=watcher@watcher.com + +Follow these steps to get the required information: + +1. Go to your TheHive instance’s API section (typically located at `/account/api`). +2. Copy the API Key from this page and save it as `THEHIVE_API_TOKEN` in your `.env` file. + + +3. Also, you need to set the URL of your TheHive instance as `THEHIVE_URL` in your `.env` file. +4. For proper integration, Watcher uses a custom field in TheHive for its ticketing system. By default, this field is named **watcher-id** and should be set as `THE_HIVE_CUSTOM_FIELD` in your .env file. - - Click on **Subscribers**. - - Click on **ADD SUBSCRIBER**. - - Select the **User** and Click on **SAVE**. + # Note: Ensure the custom field referenced here is CREATED IN THEHIVE. Otherwise, Alert exports to TheHive will be impacted + + You can modify the name of this custom field in your .env file to match your specific TheHive instance setup. + +5. The **second custom** field is used to track the email sender and is defined as `THE_HIVE_EMAIL_SENDER`. By default, this is set to watcher@watcher.com. You can update this value in your .env file as needed. + +Now, you can restart your instance and the parameters will be taken into account: + + docker compose down + docker compose up + +### Configure your Slack notifications + +To configure Slack, you need the following variables, in the `.env` file: + + # SLACK Setup + SLACK_API_TOKEN= + SLACK_CHANNEL= + +Follow these steps to get the required information: + +1. Go to the [Slack API page](https://api.slack.com/apps). +2. Click on **Create New App**. +3. Choose **From scratch**. +4. Once your app is created, go to **OAuth & Permissions**. +5. Under **OAuth Scopes**, ensure you add the required permission: + - `chat:write` (This allows your app to send messages to channels). +6. On **OAuth Tokens**, click on **Install App** to install the app to your workspace. +7. After installation, you will be provided with an **OAuth Access Token**. Copy this token and save it as `SLACK_API_TOKEN` in your `.env` file. +8. Lastly, create the channel in Slack if you haven’t already and save its name as `SLACK_CHANNEL` in the `.env` file. + +Now, you can restart your instance and the parameters will be taken into account: + + docker compose down + docker compose up + +### Configure your Citadel notifications + +To configure Citadel, you need the following variables, in the `.env` file: + + # CITADEL Setup + CITADEL_API_TOKEN= + CITADEL_CHANNEL= + CITADEL_URL= + +Follow these steps to get the required information: + +1. If you don't have an account, go to this link to create one: Citadel Team Documentation. +2. Create a **New Room**. +3. Retrieve the `CITADEL_ROOM_ID` from the room's settings. Copy the room's link, then extract the ID after `/#/room/` and add it to your .env file. +4. Next, visit this link: [Citadel Team Website](https://cds.thalesgroup.com/en/ercom/citadel) to request your `CITADEL_API_TOKEN`. This token will allow you to send automatic notifications. +5. For the `CITADEL_URL` variable, if you're using a public instance, the URL should be: [https://join.citadel.team/](https://join.citadel.team/). Otherwise, enter your customized instance URL. + +Now, you can restart your instance and the parameters will be taken into account: + + docker compose down + docker compose up ## Add your RSS source to Threats Detection As you know this feature allow the detection of emerging vulnerabilities, malwares using social networks & other RSS sources (www.cert.ssi.gouv.fr, www.cert.europa.eu, www.us-cert.gov, www.cyber.gov.au...). @@ -311,12 +403,6 @@ Below, you will find our 4 modules with their API functions: - **DELETE:** Removes an alert related to site monitoring. - **Usage:** Used to get, add, update, or delete current alerts regarding site monitoring. -`^api/site_monitoring/thehive/$` -- **HTTP Method:** POST -- **Description:** - - **POST:** Adds a new integration with TheHive. -- **Usage:** Used to get, add, update, or delete current integrations with TheHive. - `^api/site_monitoring/misp/$` - **HTTP Method:** POST - **Description:** @@ -365,14 +451,6 @@ Below, you will find our 4 modules with their API functions: - **DELETE:** Removes a DNS alert. - **Usage:** Used to get, add, update, or delete current DNS alerts. -`^api/dns_finder/thehive/$` -- **HTTP Method:** POST, PATCH, DELETE -- **Description:** - - **POST:** Adds a new integration with TheHive for DNS. - - **PATCH:** Updates an existing integration with TheHive for DNS. - - **DELETE:** Removes an integration with TheHive for DNS. -- **Usage:** Used to get, add, update, or delete current integrations with TheHive for DNS. - `^api/dns_finder/misp/$` - **HTTP Method:** POST, PATCH, DELETE - **Description:** @@ -386,7 +464,7 @@ Below, you will find our 4 modules with their API functions: ### Specific Details -To obtain detailed information about a specific item, such as an alert, a monitored site, or any other entity in the system, you can access its details by appending /(?P[^/.]+)/$ to the end of the corresponding API URL. +To obtain detailed information about a specific item, such as an alert, a monitored site, or any other entity in the system, you can access its details by appending `/(?P[^/.]+)/$` to the end of the corresponding API URL. For instance, let's say you want to retrieve information about an alert with the ID "1". You would construct the URL as follows: `http://0.0.0.0:9002/api/site_monitoring/alert/1` @@ -395,22 +473,20 @@ By making a GET request to this URL using your web browser, CURL, or any HTTP cl Following this pattern, you can easily navigate and retrieve specific information for any item in the system, ensuring efficient use of the available API endpoints. -## Thehive & MISP Export -You can export **monitored DNS** to [TheHive](https://thehive-project.org/) or [MISP](https://www.misp-project.org/): +## MISP Export +You can export **monitored DNS** to [MISP](https://www.misp-project.org/): - Go to **/website_monitoring** page. - Add new DNS to monitored. - Click on the **blue upload/cloud button**. - - Choose which service you want to use. ### Troubleshooting If the export do not work as expected, this may be related with -the version of your TheHive or MISP instance. +the version of your MISP instance. -In fact, if you are using an outdated TheHive/MISP instance, the client API version will not correspond with your -TheHive/MISP instance version: +In fact, if you are using an outdated MISP instance, the client API version will not correspond with your MISP instance version: -- Update Thehive or MISP. +- Update MISP. ## Remove & Add to Blocklist There is a **blocklist** to prevent a **false positive trendy words** from reappearing again. @@ -561,8 +637,8 @@ If you are working on a test environment and willing to have email alerts, here - Run the command: `docker compose up` - The mails will be available here by default: `localhost:5000` - Modify the mail settings in the environment variables: `vi /.env` - - `EMAIL_FROM=from@from.com` - `SMTP_SERVER=localhost` + - `EMAIL_FROM=from@from.com` - Launch Watcher: `python3 Watcher/Watcher/manage.py runserver` ## Modify the frontend diff --git a/Watcher/static/Watcher-favicon.ico b/Watcher/static/Watcher-favicon.ico new file mode 100644 index 0000000000000000000000000000000000000000..ec7727a07ebe7ec5b58bbcceac1002353a423743 GIT binary patch literal 15406 zcmeHO2Ut|evYuU8b7ED@h#(?JPAclEYZi0PYsAQ64v3DxkfRbsBqNd~i4sK-#f%6j z1{4e+h>8&j^{N}r*_mMmao2ml_ujqd`+j;(S9Mi&pYA?=stOM0Cr&F)*RC8aWjGrp zI2>ILha)4?a6d$n!|}m7b@fL2U=Am%2Zu8Rd9Vq#XsE}cMOQj^j6{r?=Ja@;wta$y zc33#91HOLw0H+V>LXzW5sI94n!ixbwXi@uBYoqq5 zZseB{Vx%}VY==@^*v_F4zFQSOS5-jq?X!^Pwi2>K_CwM2Sa|!Q5D1+hbf;47sa=W_ zh>T+foL^2F4tX46I0OjJ+0BQFCwJglm>JxTbwIr#ka27ie0=)~qD@9qo(5ip!mtIL zRsjZbvjaB_0tPoCt>OOpU`Vi>4JA3LC@U8t_Ub|Ltt80w*~Rivegj#3zcn(herpB- zgOZ$d$ULzJ0@lmpIAkF%Q`)sKYj|)elI0`(KC5J$yq5J(II&zB2z*u!gz8UK5V>z6 zy}y%i4DQ5x(%Alp zzuQcgY2AUqd+89k5@ZAZYqa2Iv9^SszTCe?jrX7E2 zt<`3tg;wha7MiU=6nL6#?wf125zx!up8V!=I1)UyR{Cbjt(?r1e?CoMuH4Fzr_yRF z(_i5>|Ky(RGct&=2(mx@s4L!Tlw`b>&TsKn+RM*a>ue&3v(#A@YpyjaY_C?AAEk$1 zPL!oiw>X~mwm1vzjCh{TTipMuL;?52H^`TU`{LH%eJZ#E|FbKMtJE=?tI3Ns)2fU! z)2{wLXjR0TY90!87~byhSP^wlV?^{JjmM`CY19+MnUAP1Nb{^ONcXJ25p{^xF|-&{ zo%;MV4@$dv+EjoReNf|mxUq)z_t+4zPjyAq0ktm(V36s%37G5i`wECMQD5J!Q=DJh>i2X?GiG z`KewkO-RnCQ@d3(McELxS*hcx9ZHWwcPN1{qKtK+uJ$Xw>q_CQ-E6A=VOAK+SM{oh zzFW^&>r*>kKh0%n!m?1uz0mFbn#{?QMv7Laj1)l>GCU2a&XPMR5V~ENzRSpaoA5>* z(1ZHAI(VL!0jIVp!RPmtXlpG*8IKSti^|`wXu>}R!3Kl7pWLeO0Rf_rpW;pR=fpWv z`pbe#P*+!r?{8f=@3Dc>a?iL?+Oxaq^!}pvpCV;7%6}7RIH)sYL*PdF-9ek=K^!Wc zy9n?jxG}m>&{7y$ZNc-EdPLxK@C*tJM`i+CPu=+O)x)x}FXB81RWu$@Q zS%c5D4$nxslqbz~J=KvD=K@dh{6gNP5qm~bTC(FxN~!`f<<js2A4Zy<)%! zujSHfeO3&>GmvPM7u}(0Ng$6gMCkdvo9wdYo+X>Yf9+66cG^JUvvQCCPv8c1h}=5~Vz_g_ca?$wEnuCp*mnGS zJQw%h=&_*R+G7jwoco>dTRjva_e_S<2WCRp_OW_rc|xl zEGZBNuSK$WW_87HmIBD|+zTf+kA!QX4)7xH3fgg-p5>G5H{#iPJmjA7h4RODA%V9- ztURh`rd0K@>Al;NJ-~H(k8A{pLio-pP+pV=7radH8=()Lzo%09`6(grIQty#`&Xd& z=6QH>BMt3H0?)b9;J;b}X=mYHS~xzFfgO4vEJpven7>t`&&V>gCUNCG*lKB(lti@ zkp1^cpbhf<3eR&d!--`ov`v!T7Wnk;H6&UYurjFpiIT5v^tyFw=zYUq$MKRpr}15Z zf%61O+*jOi3?sl*zb~yXxt$3fb7b+mWe=;H`9Z#i+-FMTbK=4|+s%~!e#U9|_@*4~ zQDfy2`HmAL_wnl{zwIXW?BFoA%R`5;oq-=o_J2ZIVGf)!oD47T-2}7~vQIj}#BaI3 zaAKJz&aG5DTYiR!U2`GSXd3vg)Wtq^r{ha>zkXVXW84e!lR{~qFC04zj^ln6kb|<{ z+m7n0DoQs~XE&dTs9l1j#^bRZkyo{$JvDp-1rtyMmlc0;1vkLJe{Uj(( z2-#y+nMl+6!LGb1RNS- zYb;NDUK~&7V1k8CK!TM{a=fKZPJ*TGBP>f2taOX9d>C)3eH+W9I163hSPLDK7z^#W zvDRAB=%fDm-)uHf_tP0uZ5{NP2cci+A(pS=d0JKICwku^Aa9&GZBrO)uI(So(-QgZ z{-gVK#&A%ZNE3CnSW~UQSToIc=y&?^W1v+PYpU%X%~exJ-&X4%Z8wn@!BvsP_yP~( z4J9#$HEUxTm}=L?ndz{=zWqgGcp6IqK5P?v_%B`}6Y(VGkh*!ufua3>WFNv!)P|x@ z?MC!L^%};vM#`AO+V%OV?)6pWPwJ~G8bJJQ{5;I>IE#_>?_ND-`QALwufO2Ex(P4Q zfw&xIqN4Io`)~y3OPH~;KKj~TGyXdMGR}M?ekWXJjw-aQe3mcZ!(;d}eKyeZEW=EE z4><`o7-RX%-^cKhGSWn?G<=`hq+jaqCMn#QE-8^D=T1|0AJ*OH7G62qI~bl9>JFnmGpPzvphIsHBpe4 z&o_$x+WLrnDrLl$?|B9%cPMJ0fAY1EkFtsH^8N)sY6lt1te{=+xzVnNS*HYeh|~oqLpDp4_80v?YBA-lifOwo@rHY!}83o5OAu zcvt$6+ChBN@w|ypfxcXFku?ypSDkI2=KcqMPrO3=>mV=L6JuSLl#lfLR*VhH*Q~ys z%9jH7sPt>D4+8K5dJxE1*W%j94lzbw@f`Xr2yLb3BaD?{h>*o)U;kA+ai9@#!h5VG`)ZXfk?{K~>r@rP-7&9hU zP4#DpG#)PAr_ArW-lkY|^3TEIzBzshHXITd^5>9x1T=?JMoQ>kOQibA9JuIXMENiI z?w~$!vKQTqvc@_^jDKpPFEp7r1AxRRVh)X?yu~?5Z2L^#?ak`rv!y=RP|-`&`1@}e zGUDXc!PTPtQ3SWY@Cl6(#6H z*Jf$ovLkTQU|(|fWu8O8X1PIu8wV94pe4x0v8(y|nd&Ba2BAB&8r#X^8jh#+AK#Qx z+cUfj*|mD{#CBGG#GVo8hbp1GUp~Brv$l&^S_^D=>a}hVyBGNz3|fkQ|94Cbpt&-5 zlOo*1dkAGi+e*!#$RV_3dZf2yO8@B*cg=Wr$X z5KC)LKcS(m?}IkT%_8GZz90P8$y#FkppGwwAU3`bVyFS7_p@2Omje$9@Wvk2$33Xw zot%1fJ=*U;dEZw&2mf_)EN|cj1@trev*U0tJqYKI5=(E^mUXhV0qbN{kfnm;@LMVd*Itqqz}fPwg+dmLR}K^kknjrSAm7 zP+E8m=i#s>JYwvr_gOtKz-DH*PRG~w`xWzAvVB)!tfmD>c3Q)pc|N`=!*!?Eq}`M2 zXQ|C8&TG-v*)V^u1e-SDJ7>R=?JF6J(+8(C;SpyO+MMqD$ADh03kLM^ULjp19D@;e zUy#xe!yyK~ewvT^E#@r%N_axuw?aLynkNmlp9wL}u)YvxW;B>k- zCONFZyeeBDb3c67m?pfwf5_n)zQoEax|Z04N0c3;4s9;+SkhPCZf>suUQ7DD_g;#z zu5Tb>&v^FCLzI$umZ&ztn>6vf`4oMitKn*>4YiTfiQ>H#?ZVnm=8*3yd69fg+AfnW z^Ij&SU^lJTfMbjLR`JKL#Qi35vD>j8EP^*{3&h8mb|j{j>0^RxV=Tt^7D1}ZR*cul zisX&jKZTV?WQ&u@$Y#qW{Y#1cWd3+9>|2h2|4Z;((7V`qZg=_PGo*TY&g=d7*nEr? z{vi0SQiRyU3ot)zE5_A!;rJWk{e19St@OimU>@HcSDgDK#^f=t_vMzv8Ab76-*L^! zV~lSsTn;pcm-nyZH*qDN4W84r{^t23T9W%uZ_DBN-7K722l2f88_sh%jAQj~QA|>V z?o?+SdlDVYE3C0W4Y5X$TaWlrUw!y{Y#&F4(i?J(X zNIPnTF{F(&H?bt=BIVCZ3W7MZB^bx+E1akJt^0bnSv~z+$Mon(-oY+2dYHS-kgCIY zE3_0r8+7s9n~Gyvf%&5mm}iQy=EZUly?+*-_cLj%=~LBfs46R=@2HP&UO~y7Ow7m7 z$C$J{j{onNFBwnUllW-hdYu;QcAbH7;Tb*l{dSQIFKgOs`q3YE$oFkX*0w#B=W?_(D#cH;pNi=ahQH2;+@7 z<}-UiyxDTB&w+}feB7&6P&vXnh40;__ju>3-+dZ$es#`&wr=9ZrK*axpLCVV5p1s-I^U~D=cb5Ua^C0xngW7a-7_~H)B6}4o9YR^Ex^O&lXc@ZohSjcsT7@gQp79PpUk zAJ@VT{7!p?`L0u087G!2<1;9r@9i7mF8FNvvNU0vFs|;#XFL6gd9vz9CP{u`;@teD z+l;H>Ng9_PszkDt(8Uf6ze?>I@)*J*-e zJ&BR?!&Sczp5r}fY&OnxCF<|a(*0NK;u)+6^CH&Jx^tL&ENnZ|2Vxt;ciMO%JiC(x z#}_Hmc1Nd3!K2G(;R~K2$n*1Fs?6$OY$3KeO_X#IWjm>}9oJdTaeUVjr{6K&F9Z_n zzY^?#d;1%lyC!gSa!<+=wRawT#JS);O9u0pyW`&T*LjSwn<>dNxEjO>o^t3Y_;yKMGR9F^=93_x!;)Pwryw z`3U^x(!(=eHoQf-iB=l{?PT@w*-`BNcWh7`*4IOeKwWF4>8wjDbAOk zVs)VnMfRg5zbhtVJ4$k-?Z^(#F+ZYSINyT*p4f6F$dRsX^85?ZqHtYafx-)M=nHE2 zwqiO^fw>?LG86C}_Z-JO5A%Xd;K-ytO>#0A`9!ykUWdolqdVy_W82b_%rndvS%G+l zfN#NLwgNs61GpaQhH;5B+Mf>UA1nt=skm=AA%GV5`>|_YHivO_m1NX|lLhw`wIe(-;Vf!`tXr|tbX?YILtT`dN2dKeGk e^yVsX`Vf%cq>j)KZT}b9{2krf|L@7|EKc|sL2w3w zz9Af-pkkmbuP^`H85fEXni&_Zjk_+ACfa63K;1{Y#AQu+U~~(dK;KyleO6Ep-{V zylhgx{OSDoe&V>}?snzTH%C=upI?!Gn*YlKZP9Y%RQ}73^`X~`73LFHCK{~|JME|m z3@8;FPD0WMezYN6?C-UJ{Si-pP!M8R3QSH)E@Mm`Sfx|@622TMLb#*Jc2aP?ksa7E zkII*5wVyLBJM3gr-IbMBLYbUA5D)mG(QD3XnK*6d=H+QT<8t zgo)Dx#zPE{mMvurv0as=6ayF{1(<3jLv!R=8hy_dfaHSc+m+`VPFWDVIu(Ab>cuPH zJ6`bNeC>|h+j4VwyD@jSz4d#2M;Ng@e}h~7a-P4kDWNZkp>R0CG&n1mnQgnWV%cPr zq{7q)=9Z%e;2b2(X$4Tg`KbI97B68|8Npje<6%wR61_N@`ld*lg`kznE3$&t$u-M@VR9vBf zEu?>aBS(ZePD3*d_gp#R5b$qx@%RPSP=@}FkLzvEAwrZTjiuS{Pw_;ZcvkRf9@`~+ z`{L`bu{|#+5Q@JRPgStJt!_ewDn_-Bts*Pw8hbmb{MRRK&x#Ou7R+$u-cEsMV@@~Wk z_)H%BP|Sc>gM$+~SiDXDd>N{-gNJ$iZ_;fk^35KzC2sfpy*Ck>;}G*I{Mc_Kho_MK z2Dsvup*HO_8BKF~JRkb{S-W&5@zw+Y1PC~Tgif56@9!lW?pnERRf@!{-?6-!JGn|- zEE7g;wg#IW#!wPK%!IzYdd#`HB%o3+6jj{{B~rMTb4Hj?(Ao~khNGOYq|3a`EH%{y ztcJ~!$yZfQ8naE;tw5rFV8X9YDQn>@Oihhei6H}-l5<^y4GT$t%!I`iKbUxNNn*51 zr2x%#Yc?a7OddH}+asHY9Y1-%I~M%E^%ULy3|Oa2J{!`PKQ#{vb^zAs;)g2J@^9xi ze?ioTDjg>dW!1M_f2yYhe}npz8ibyAvG%;g{dF!z&#%Wwqy4pW4c)gbFIyW%K~12` za3?Z^($bUl+T-6;leQ_Y*H?$z=8Oombq z0pZWGa|m-+5wlk@9V~XQyKh-ZTXOhm&~g_SO0?sJgQ(O^pWHun{_D2S2FBe3X)uH_;cRsUp9yk%ONLg-qgKSi)MO?;b!{@3t~pnIS$UK zd3ugv-)r;Wv4wtb|fwcO+#@1R#lh8W*g$!a46q{-+@ZD8dBNfA9B>!^u8hxLD*$I|Ds)z~R2yI+fBVe(ceZ}Ixm z#R@KCRK!P-@>fa>@z!x4LaA!Ahc0F<>pK^=U=K5<|M+#maXiFni~y0AT|QDNfT-E& z-AV4P`3JD_ z8zPeJcTk`3!MJ1{SuMMUyFy_v*T;KHs-dr7hys(O?J^)|xOeb8eX#MpE^!`LW7nUJ zIpbZgK0`Wtqc=H}1)dV9gO=sh?MWdV#BTdMIG&muEoQJB!I`pnad4WVtnrVizKcxw zim-X(odc1M`NnZ9P`1kB9oVrSmDXx*gcM}X%jLLv1nQ_QfF0KuL1MtCK=jgC*>7t` z6M5>$*#3T;Q`;3Od zfeoU7r2f=8slyqUv+ArqJ+4JRu|~b99pA43&s$5AoEuw>HF{A`pIxeG6YFPkEu6|K z^UcbXjWL|~z5jLeeP6%7&U2gYKb`x4msY14FG=TTD8kjS12Wma&K5HCGu)%kQ<)*t zJLG8`(wB`%lyO|KE3pwqqIgxQ(BkBfp2Hc7L%{qB4t#E_acXzRj2KmR5!1ijaWcUy zX}j)BInCb%)*PH#G4uIpb_GpZY-MHf0eErS%T|>&(mG?e@Z6Zn%iSDBP zyNbS)!^}rWHqxm{&B3KMfppb>sp6@T*4NAJC+M!66?ITFazWv-)hs&_ZL zuBnJNtPuYG^T2tz+KYVLE7nvYyfR{RS$l1=nF=r3MJ=9So)tplyX|))ZHzWP3PAVW z!+k4`wF`a!KkC56t%x0O+&c{lp_@Mv|=oM$0+yezK%v& z%O&n_N$(l94Yh14cd_s!)pUBgTcnuXJItyl6EHo9`tC{i;hEDa?D3zunJlfom>?!< zk$OY7ce&bzJ4ttK0`+;bx!DzWZ-1MEvK|?t1>IcMXsX{SI0wVls0@&c7838htAv)V zg5uAB7G>GX`=#{Oou%r!);#19CSaI=#h3B^pFY)=l)Q-Z<$-JOxA!&Wr8y=mCQ|CZ zR;~ga8iz}*57LF0UJO?WN)yF%fdN&>0?!3&-tRx=LI=$^{4m84rvxD}Z4u`$F*cWIohyYq}lpVlOIEPZdOLRL??a`L;MI2XN`d8H8jb)cNIY2C6|vx zxXv?-9&Ism#lH&E#vORrTsyw6l;FLi1ukH~^e3^g8a5`u`*(}JzcHH~WAoLdnWObq zfX72kmcR9yOoO`%{yQ_YKXH&$^;R#>^?NJRGJPNYV#t0qKKnSMe6{Xwn`vm>c5nUx zhLo@%U+lc|#U8(z5-8{vG%`;3ZM+I?zE8r#f1!5*%fB4>P~V+1UMZc~!Fo;n(665lhzfK$wqI!SB-R+87l24R)>2W zO_|z{aN^JyOcq}EzMC@FdVM*I0{aCM(1#fCCFj=~BaWn&eC;M0ab9EtXK((Auw2H1 z|B}q+?rUt#B3t2K_bX+k4uw3LL}DO8isnZqIHd~Mbb7uU?(*#9ZKJ*AaQO0!kgTjp zK!v9yEcF=%J6`}ieryG!yuL4^>Niy!i#oC=h29U0ZaH+1tsGb$J~mcMf`916o7&39 z;e>KGRApS+cx0;X`W-_&`$@WskyCDH(WetizM8>gYXbA+}NNlXk78BCln?k*Db|>RSlE zwOz+*Z}KFL?&x27_VGwv&!Jgp{^y8kRZUaX1NPTYOFztj>y{gMHapMH=Glp#rRVD& zpRGYBmL!t0X{rkz-w1nGCM!{-RUd@WScL0I!@ktp0O=2qX&-0LH%7F+4NHJX`d@N} zH>i@6pguhap|NOl6M+((Z@zilR>ox7@^is{lli(N7WI8j41ga&1DiiNx{8}i+yBSI%3UbD&VB0;nR$Njwcdv zWXN$p7r(LjZZhG<-5XQntGBw0)I-f^UR&6OtzDYw=x6FB*eu+Vo!xsGG&hH{SMj*?OXD$EqcMt^TatnzIJ8E2$3=rd4V-5a$6Qcg%Af-c4Q#PU_3|d{~ z05!?y{d^hO{5|iRn!7!5+S}V(Y_*9Z0gR>RgsBYX!P4PlIHb66W$?x-Xsm|M#rIQ) zFK>DBB6+aEYL}i$sLLM#pM$GkvfB7XgI*dFxom%j_8l%>hBQ=)22av4HeXM)5a}QK z)7KMmJxiD_V-K+kL6MCas}Cza)>`clX2!f+C2WMwwYO!?G{MTBy)yCdPrn%n#IBf& zd!$)Xr(4I1q5qDZ^;fLV4N3T|h8mWJpNKy}XuJgUV>{f(MxpOI-b4$a)0}2C2{?qP zn3i4=>1{tLv&~|Jn=@NY`2o$2WwPd*YXJ!ga{rsDh}iP>ZZ^V;j5 zj28zG?0>wowmbi4lU<(4@UQd1n*DEj9gjDmU<{$B`z)cW6NRg^nx??V`N-DCBThO7 z`+fMzR;Sbqzt)(&sV(+r_882vv|aBGRx7FFGTB3`HBUZr+DQiEj9RE-8K1SfK?FsU zZjVAv?fcuAMXarc$0Y0r9j0vcv8&eI6Ja(nFFWkIjk6aM|p-iFX zz?d#NBBC~aQ@u|~gCcwKjN20lWdspL?%wNqZ%=c28r?HJNBcw%$Kzhh9nE1{zbU%z zYUf*@wnH*IZ3tKI?`!KJIg0vi!9*h73<|o&&u@BNk39nLeWS{AhK%2o12R@W3d4vH zb$+(HW^{)gA8QX&uOS)!0O7}9flE70PD}NQ>r;x|S>bT||9rO8?{k5>$I)ZmsXTb{ zL#{Sv-IBFdK-A`s6iQt$3(Yr!wUsRj-bS}}#R8e!lS&<_rkU=-non;{`H5!aZhqUe z4?KT0gVnyfvwsa!*y}W(=qWYdQ{jp$Di@WSHXxqYfD=M1lY>pf_H@j<20weXKBllb z9d!WSuFF&r-Lsrg2U_0F_Wz^1y;g~%W}A#FO0s6}E0ih$KfRdgHZVfV>6Yf7y5{{0 zHyRm*=rGYXao@dY+)3Z9w`tPEU*A&JWONw&FrWGoOS{Ta-Q8bhvM4b=LQAW;Giy#9 zz1}*K?xvm3e3|P5M-4Z@hon)lRLK4l9rf+pSWkMjHStP4lgr~)v)s}8!mU|LZZ4lM z1dwoAkleGdaojmZ(Q!Vh;XYq_5U2h});~9^mnV0Q?=H8l_Z%i6au+Smp71+sFFgX; z9-aK0HCpp#RB78$-_*VDSJZW`sT-UcLIXeeehGvQ{7P>5UBM=5?t zwCWFqPaNq)O(tDGuFlH&|LTTl%K1=$IjF-ZY_vaL@IMZGLw;Ptk)ucUfVMb~zRECn zyBOYgb;{+9z(ye9rH4D$SD&8D`5x!=_eWcwP?s&)aZ}@tqs2rCKt*3y=36bgZi3{t z<&XCM23KjBLiyxr`kieY&Jw06I9j3~2oHDFdWMrji)$@^WCH@*B4Dbz+&`0f+zZJD zl0u~mgtb1`M!!5lI;rOOf_W>h;xMRm(H_5!?~TT{L2NpoqvSJ^bzjLt^zwL}X~?+2 zRha-W1F95&g1*uys%CayS%Q_LHsk}cR~M>wmlMaJ8#HP(m;&tay~OJr&Fl$}@uJ;2 zP$(ska0TAdf+)9ucg&tCx(Mlm4}Meonk|KFX8Cf5grGn2N&y z9V{$-keFCKzMS3qadbHiKEe=VOTEqY(E`8C!Rrj|a9UI-F8WetWc$kq0v(q#9b9?V zsYepQ^ykOH9c_>8q*nx&HS9Q=LF5pTeTeMm)!PH^pDWb+U-o@5bmym{iYtn3ATX+^ zh*5Ojse;S{zwwy=)g{$`v_yMQtMfcPszm7z!x_vcmPF*3ypCclS-L}7a#r6(ilaWF zFk`EST4^pK6iSs?{KhV|K?D~`3S{K4c>|KUCb`= zH!Ii0h^Xt_BG#zKk}6PTX6yIwR=^!s)tivf;>n|A^4d?;!fuNnN5yss_+fK0;%o6* z5bvA7M;&)75>qV$@_MaCQ+?LsO{@LM^>r>6RC6YV@u8i$ORr39vUotEd9N9C=+PfjwQ&C3JSJ7>s10swL9mJAjTTl&_C`@bLU-b@?b--6zXuYCVp2FfCENSh zD$RuuvZXTb9}zs>%!TEjm1d_=m#yt_RL3ddgkhcEzyRc{9fvu8BOxFY2W%tuWIb(j^NQ#`9e-ssW z1KP#E@@Sz;t1rwmr0lm+bGhizZ-W{g_h9KA zL_%O^Da&oWqan^dYtB&JvZ-3q!*$hesHJf#?sBwfFjQF8)Q26%atDom~0Lf2>ArTBf76@ymSN3=L1Yo0s%|`}&h^NcL1$cpN`>Zi3l1#&xrzI(*3ypmBlFC0MS3LPcr-^jO#(a+}S|;11jB{dYIxSyaew^w9}H$aC*g6FMtqIMQsBJAkkT% z$Y_-CGW42<>Nr~Qr=3P*WTtcuP%xdTD`9=ZSnWuraLzVZQWG&T4h1nqB14UpF5^H$ z^yLL$7qAorE& z-F+Aqij-=?F%!eDHkwFTIpQW5T||r@wkf6@$6o=xE-6e~b)05~%VFkG7Akd55Ml50 zdpmof;%b|ZrUS|T-7ixb6rR)FRhMJ;>Ipl~2zXe=n=YuB=|5`pdOSPV7q#u${U&nO z{-$Fk2TL$2a^t1#aBRnO(To}`LqR*KtLmR9?%APdxeUmPgA0-9?@JI1jJp24L00ha zYrRRr^00!#+ZJKA(1BRXUrBqfxT_5#R+aX^iK32P&@_ZJ0>&11nyGhZ4p=zha1Vt3 zV9mXS;EPu2;n9yXm>-^fX{Y-@E;K0=bZygl+xpMy+K71^0H=5ntz5T;8!W}$Y58hK z^nZO9!~JfCy6o9DB~%HaPHftk20yg?uYU0|lJD#yJ6TJ(>pli0KMRIh9!Hzq?a^K* zI0PqRH(~Zk0rF-tvk}F=BT!^yQbG*;_Sr~YXFIZ(Zdywi?npFk6Z$E%l-wTpF&u)O z@g8;6aGql$tE=R2r|Ae(Rd~;iDL5!c6Lgry>)Heaqc^fi3zsT)uD!mbCmxP=X-UiW zict-oHT8C6-LyD=I5sqiPJZCT-rjbB$cDD5aN9;QQ7(+uCI0uGFU<*YQ)0Bnrs?E- z5<&&)tr1p#2PV1sc)-!C38d?Re#*`cR)cUy8LHwspN!szIIcHk}I4pRWYSEIoydA z5qUD#6~lNMPOtp7Rv(}1sVsYO(J%3w>z@Krw8RUVBACy)cO?uv=7}MU@P+MA-C(e&(rnZ{Ihl^NI!(wenKzjUGz8FaRNm z1h09PVJPw}dE53%R$S_Fh)z3Kz+GXP`aYHxG&!P7|f2+ z2~4%NIq=S8DGpmP&BpF5C5jb)p zVFRA1mR?hcer){4f4plEz6J>)HB*O2M+gc!Cz;YD!_)WQhCz2RK8XF`X)i$qI*H2? zNP`g~QxZ!+{2M@aMh7~`uo1iPQG-Lr;u^!9!SJ0eJ+O9yw5K1N-^ypWoo z)z-@TsBfh%IoWJ%%B|GV`p8Qq%fZ2_K<@bqzcn~_04QigZ+8Hy~W@wP@39iF~!TX0&LV> z!@WL)wTeq5r)aw7_d~oK$^<#X-+(>8A;4O283Qj<#;I{87Sn}5nzAz6UeDLP-2Ia; zH^UaSYI<>UfET+dW*nb1Dg}Q)y&|))(7B{;5;s6vg4=6#DThDDtE7zXFHO z*bttsh8uC^8OJJijK6>9WB^F<2g`nyc*aN`%Ty-j*YKg6EE`#C2s2d#wNPoJ@ddXoS86eBKKBRtSG4XU!|A}}sGiPJX&0OD$n@F^fh3-l^u(;> zUa%jo7!691a2IfQ>#)#erPGC%B{*ScvDf{E(S7yu!v6Gk2#H3P zvxGEae_nWTla$2X6PXW(rX3oFR(+<}5fqxCFmv$H6t606!HESCRXl#BGz=*%XINU^4dfNzK^kloLz99yFkiYeLc7V2k)k>gn1MzLi+PndkH_2lE<$mo_j304E|w9 z6=ZU_XRajQW$CE;s>dM#xiIH%Ig zRu?@nmpInyou*1iPNL<0_WBYIX(Pej0<}{aN5m^z7vj+sf4bO8!}7{pPCJyj3IsOb z7mO~J-|9>IJX)eB^}G9lR{`{L&70o=o~d(2Z-eBk0wQLDow~`*NcL1-$46xZRvx+( z?3>Nd)#YPQ$>agwIiu`*Qb2MWS!MO9_#@6w#tdj0ZiRfVIII6A6f1$OdrUTr z#+|1mL;D5I{>;nFMoiE9f`*~{24j*Y&lM2`h-(vSOkbAhbY0J zd!OP-l7F(1hVxFzlQeYQS#b`Sws1RvB+a?t*XSC=xM@1Qn6C}<|8M3<$iG+zt21ygeDFy=t^Td=8jqcVJk+WJQ4Z+ zk^CN%9bWCB;U?9Q!gCcoOoL}a>B;YqIlu&#Svg##;sPb(XEbeB3L!beq-x=gxS#Dpd!O}_ zG=Cp6(RXt{!H>gk_~(G(lE#f+Xy9s!p-&oS|6$)I`_kkHZDXNw;XW*(P(H8zttyrb zJQAD5qeEa##kU|+;k+dUDzQVN$WQqFhvYN}Wmx(+j$b|GL0Dl=Geimke;bO`a63Gt z)}|s0Z)CZGAf54>a}03NN<2}H7X36;hm(>1?6d?>kcty`<_~Tgb;aWe>3%kp4Rs^2 zZuvO4PWS2#JY*nWs1NzI{O$!R%RvnA**-4&+anegBh=ilj_X+p@JLJA2mE;z{tUlk zyg8ihfB_SG9-nW%$mr1m|!zBrAfTAt_6iGz|X)Gn1lkgdw><0UGh@7v=sU~`sZp|k-0r%Hz))@1WVZXV& zL-ftQxlH_Y#%+wnCGOGp%mXG4n+)bk*n&A{A(pKAeRY)sVehb+8k;+}uwjS{kr!n_ zALmDs@jzxkdX#!^*e=@Zs@V54@)7r^ISE_uYbg+=M-3j5bMrOo=oj)8ds@vXrIMdW zEM#iq5`3i&_~DgbZ)tbW7Wd_D*@d3Z*p+|di;B}z0e$*Y{;=~(VWM*g)(vUiACk6z zH%}bI(uGk&^E4UtNcglXWV#W<9r(NieFPu??cP(^5bBTvG|a^U$-9(G9g@?o`X2?q z1g?Z7q=j+XBI#{slxU3}(*1)ku?X-+H&XG#DAtH+?Bzu0t#RomOCJ-ACxT&^T=&w7 zf7X)3Uz=G@SqEpIjf-+U-35=Ag!oe4+*E37o|g>AQ6w1F6*ERnKKS() z)bge~kjD<;{aF$4H&kR2R7Q+XS8{7T`G=b9eDgzPIOS+(H)oS8E-&lha&XD-Or;+I9dgHCBEOHQE`JR8>{4U3nqpTAz{r57s zZ#x-=fr+N|Ek!?JViVlQsN$N?80q`X6z|#mmjA?adkpuc$Zz)pKcILc5Wc%(y>fDd zzs;KQ1E{^T?y^YmxwiwL~*{eW9x4aCI)hEbC=mak55p7R6m8C$Kp5>Y_Q@$X= zEWQT{+M>n8iUAIi0ymFKygX6&yBtGnNo)tsZY%t5s(@AY5eIecOSx%CZ7P^?XzlWc zzRj3dPJmiKFka2$ey6X@FLw7(h|>E^jj!Gz$D&Ko+M;}Cj>!CYeX|a?DUKpR)=Ra% z7)uNOdQ<{7i;zY`kE=UtUE%|_c$E^y-yCFopxG@UMoA;#kzq>KcOsk($vj&_3zk1G zeAe$5k@VI*i7*`Ec$-h!cPqZK-{KpZ@!j%84Fr7{ajqETO6$L>nIPKeS{*#j4->pxIT-g~F5*j3Y1dX+fJNh?wc zYXV=_dprQibdv08IoGNtQ0WmOvDgy1ZJ&$^Fpl^^TGJ`T1t5gXud9XwpSk72yRHzm zN#CYcd8F(Z$-g-Nb|W<+aZ20Ar!-3+fTUnrk7TGhHdXR#m?U%7e*a31D2m``cPaC0 zD4xb)WHT-w3RdlV4|LuMSp1@_X0EzDX`L_k)12NMUs9jCa9AFm-=KAOwoZsJsi!m) zeKL&W_j%6w~(ikr4+fh~B7Xj^CF*h862;m0Q_CgK~9*Nujm*HEw*7X@)! zqDo$(<#H2Df8J<|*+2o3>Nj1zO?$DlTH#N(8na?p0=NRWB41>8HhsTZOpV&O|2uPQ zJLZ2XhWRJc_VOf%@43V8o#IP4PehfhfqzM-7aP_v!+tu;AoXih4O=QO5n}JvanKZw zez`@vkwKj|7XG35^U<^ eYzVghA9Q&CuMtlNnu-q{DBw2*$trP!!2bit^5FLX literal 0 HcmV?d00001