From 097eb8cf57fd03595511addaec638ee77e7c3768 Mon Sep 17 00:00:00 2001 From: Dympna Laverty <118898375+dlaverty-r7@users.noreply.github.com> Date: Wed, 11 Dec 2024 14:26:22 +0000 Subject: [PATCH] Remove unused files (#2993) (#2994) Co-authored-by: Dympna Laverty --- plugins/ec2_investigations/.CHECKSUM | 19 - plugins/ec2_investigations/.dockerignore | 9 - plugins/ec2_investigations/Dockerfile | 33 - plugins/ec2_investigations/Makefile | 53 -- .../bin/komand_ec2_investigations | 34 - plugins/ec2_investigations/extension.png | Bin 6635 -> 0 bytes plugins/ec2_investigations/help.md | 107 --- plugins/ec2_investigations/icon.png | Bin 4900 -> 0 bytes .../komand_ec2_investigations/__init__.py | 1 - .../actions/__init__.py | 3 - .../actions/clam_av/__init__.py | 2 - .../actions/clam_av/action.py | 70 -- .../actions/clam_av/schema.py | 121 ---- .../actions/clam_av_run.py | 61 -- .../actions/known_hosts | 0 .../actions/mount.sh | 50 -- .../actions/mount_drive/__init__.py | 2 - .../actions/mount_drive/action.py | 80 --- .../actions/mount_drive/schema.py | 105 --- .../connection/__init__.py | 2 - .../connection/connection.py | 18 - .../connection/schema.py | 58 -- .../triggers/__init__.py | 1 - .../util/__init__.py | 1 - plugins/ec2_investigations/plugin.spec.yaml | 114 ---- plugins/ec2_investigations/requirements.txt | 3 - plugins/ec2_investigations/setup.py | 14 - plugins/elastalert/.CHECKSUM | 15 - plugins/elastalert/.dockerignore | 9 - plugins/elastalert/Dockerfile | 25 - plugins/elastalert/Makefile | 53 -- plugins/elastalert/bin/komand_elastalert | 32 - plugins/elastalert/extension.png | Bin 2910 -> 0 bytes plugins/elastalert/help.md | 70 -- plugins/elastalert/icon.png | Bin 31888 -> 0 bytes .../elastalert/komand_elastalert/__init__.py | 1 - .../komand_elastalert/actions/__init__.py | 1 - .../komand_elastalert/connection/__init__.py | 2 - .../connection/connection.py | 21 - .../komand_elastalert/connection/schema.py | 56 -- .../komand_elastalert/triggers/__init__.py | 2 - .../triggers/receive/__init__.py | 2 - .../triggers/receive/schema.py | 80 --- .../triggers/receive/trigger.py | 118 ---- .../komand_elastalert/util/__init__.py | 1 - plugins/elastalert/plugin.spec.yaml | 58 -- plugins/elastalert/requirements.txt | 3 - plugins/elastalert/setup.py | 14 - plugins/elastalert/tests/elastpost.sh | 6 - plugins/elastalert/tests/listen.py | 100 --- plugins/elastalert/tests/listen_count.py | 63 -- plugins/try_bro/.CHECKSUM | 19 - plugins/try_bro/.dockerignore | 9 - plugins/try_bro/.state/state.bst | Bin 10 -> 0 bytes plugins/try_bro/Dockerfile | 25 - plugins/try_bro/Makefile | 53 -- plugins/try_bro/bin/komand_try_bro | 34 - plugins/try_bro/extension.png | Bin 4392 -> 0 bytes plugins/try_bro/help.md | 93 --- plugins/try_bro/icon.png | Bin 21153 -> 0 bytes plugins/try_bro/komand_try_bro/__init__.py | 1 - .../komand_try_bro/actions/__init__.py | 3 - .../komand_try_bro/actions/files/__init__.py | 2 - .../komand_try_bro/actions/files/action.py | 32 - .../komand_try_bro/actions/files/schema.py | 612 ------------------ .../komand_try_bro/actions/run/__init__.py | 2 - .../komand_try_bro/actions/run/action.py | 44 -- .../komand_try_bro/actions/run/schema.py | 99 --- .../komand_try_bro/connection/__init__.py | 2 - .../komand_try_bro/connection/connection.py | 13 - .../komand_try_bro/connection/schema.py | 31 - .../komand_try_bro/triggers/__init__.py | 1 - .../try_bro/komand_try_bro/util/__init__.py | 1 - plugins/try_bro/komand_try_bro/util/utils.py | 48 -- plugins/try_bro/plugin.spec.yaml | 395 ----------- plugins/try_bro/requirements.txt | 3 - plugins/try_bro/setup.py | 14 - 77 files changed, 3229 deletions(-) delete mode 100644 plugins/ec2_investigations/.CHECKSUM delete mode 100644 plugins/ec2_investigations/.dockerignore delete mode 100644 plugins/ec2_investigations/Dockerfile delete mode 100644 plugins/ec2_investigations/Makefile delete mode 100755 plugins/ec2_investigations/bin/komand_ec2_investigations delete mode 100644 plugins/ec2_investigations/extension.png delete mode 100644 plugins/ec2_investigations/help.md delete mode 100644 plugins/ec2_investigations/icon.png delete mode 100755 plugins/ec2_investigations/komand_ec2_investigations/__init__.py delete mode 100755 plugins/ec2_investigations/komand_ec2_investigations/actions/__init__.py delete mode 100755 plugins/ec2_investigations/komand_ec2_investigations/actions/clam_av/__init__.py delete mode 100755 plugins/ec2_investigations/komand_ec2_investigations/actions/clam_av/action.py delete mode 100755 plugins/ec2_investigations/komand_ec2_investigations/actions/clam_av/schema.py delete mode 100644 plugins/ec2_investigations/komand_ec2_investigations/actions/clam_av_run.py delete mode 100644 plugins/ec2_investigations/komand_ec2_investigations/actions/known_hosts delete mode 100755 plugins/ec2_investigations/komand_ec2_investigations/actions/mount.sh delete mode 100755 plugins/ec2_investigations/komand_ec2_investigations/actions/mount_drive/__init__.py delete mode 100755 plugins/ec2_investigations/komand_ec2_investigations/actions/mount_drive/action.py delete mode 100755 plugins/ec2_investigations/komand_ec2_investigations/actions/mount_drive/schema.py delete mode 100755 plugins/ec2_investigations/komand_ec2_investigations/connection/__init__.py delete mode 100755 plugins/ec2_investigations/komand_ec2_investigations/connection/connection.py delete mode 100755 plugins/ec2_investigations/komand_ec2_investigations/connection/schema.py delete mode 100755 plugins/ec2_investigations/komand_ec2_investigations/triggers/__init__.py delete mode 100755 plugins/ec2_investigations/komand_ec2_investigations/util/__init__.py delete mode 100644 plugins/ec2_investigations/plugin.spec.yaml delete mode 100755 plugins/ec2_investigations/requirements.txt delete mode 100644 plugins/ec2_investigations/setup.py delete mode 100644 plugins/elastalert/.CHECKSUM delete mode 100644 plugins/elastalert/.dockerignore delete mode 100755 plugins/elastalert/Dockerfile delete mode 100755 plugins/elastalert/Makefile delete mode 100755 plugins/elastalert/bin/komand_elastalert delete mode 100644 plugins/elastalert/extension.png delete mode 100644 plugins/elastalert/help.md delete mode 100644 plugins/elastalert/icon.png delete mode 100755 plugins/elastalert/komand_elastalert/__init__.py delete mode 100755 plugins/elastalert/komand_elastalert/actions/__init__.py delete mode 100755 plugins/elastalert/komand_elastalert/connection/__init__.py delete mode 100755 plugins/elastalert/komand_elastalert/connection/connection.py delete mode 100755 plugins/elastalert/komand_elastalert/connection/schema.py delete mode 100755 plugins/elastalert/komand_elastalert/triggers/__init__.py delete mode 100755 plugins/elastalert/komand_elastalert/triggers/receive/__init__.py delete mode 100755 plugins/elastalert/komand_elastalert/triggers/receive/schema.py delete mode 100755 plugins/elastalert/komand_elastalert/triggers/receive/trigger.py delete mode 100755 plugins/elastalert/komand_elastalert/util/__init__.py delete mode 100644 plugins/elastalert/plugin.spec.yaml delete mode 100755 plugins/elastalert/requirements.txt delete mode 100755 plugins/elastalert/setup.py delete mode 100755 plugins/elastalert/tests/elastpost.sh delete mode 100755 plugins/elastalert/tests/listen.py delete mode 100755 plugins/elastalert/tests/listen_count.py delete mode 100644 plugins/try_bro/.CHECKSUM delete mode 100644 plugins/try_bro/.dockerignore delete mode 100644 plugins/try_bro/.state/state.bst delete mode 100755 plugins/try_bro/Dockerfile delete mode 100755 plugins/try_bro/Makefile delete mode 100755 plugins/try_bro/bin/komand_try_bro delete mode 100644 plugins/try_bro/extension.png delete mode 100644 plugins/try_bro/help.md delete mode 100644 plugins/try_bro/icon.png delete mode 100755 plugins/try_bro/komand_try_bro/__init__.py delete mode 100755 plugins/try_bro/komand_try_bro/actions/__init__.py delete mode 100755 plugins/try_bro/komand_try_bro/actions/files/__init__.py delete mode 100755 plugins/try_bro/komand_try_bro/actions/files/action.py delete mode 100755 plugins/try_bro/komand_try_bro/actions/files/schema.py delete mode 100755 plugins/try_bro/komand_try_bro/actions/run/__init__.py delete mode 100644 plugins/try_bro/komand_try_bro/actions/run/action.py delete mode 100755 plugins/try_bro/komand_try_bro/actions/run/schema.py delete mode 100755 plugins/try_bro/komand_try_bro/connection/__init__.py delete mode 100755 plugins/try_bro/komand_try_bro/connection/connection.py delete mode 100755 plugins/try_bro/komand_try_bro/connection/schema.py delete mode 100755 plugins/try_bro/komand_try_bro/triggers/__init__.py delete mode 100755 plugins/try_bro/komand_try_bro/util/__init__.py delete mode 100644 plugins/try_bro/komand_try_bro/util/utils.py delete mode 100644 plugins/try_bro/plugin.spec.yaml delete mode 100755 plugins/try_bro/requirements.txt delete mode 100755 plugins/try_bro/setup.py diff --git a/plugins/ec2_investigations/.CHECKSUM b/plugins/ec2_investigations/.CHECKSUM deleted file mode 100644 index 0d1bd146df..0000000000 --- a/plugins/ec2_investigations/.CHECKSUM +++ /dev/null @@ -1,19 +0,0 @@ -{ - "spec": "2c4d3fec754a9c53c1b85054c85f2767", - "manifest": "230229b90f7401d13d7faaba0a507bbc", - "setup": "79504282d430015036d1963931f13d3d", - "schemas": [ - { - "identifier": "clam_av/schema.py", - "hash": "9a04b3865c53c7dd4d8fe5bbbae0b742" - }, - { - "identifier": "mount_drive/schema.py", - "hash": "2f37cf1ea462746d062b625c63424f49" - }, - { - "identifier": "connection/schema.py", - "hash": "534cb1c67de5e3a04bd8410d054203ca" - } - ] -} \ No newline at end of file diff --git a/plugins/ec2_investigations/.dockerignore b/plugins/ec2_investigations/.dockerignore deleted file mode 100644 index 93dc53fb01..0000000000 --- a/plugins/ec2_investigations/.dockerignore +++ /dev/null @@ -1,9 +0,0 @@ -unit_test/**/* -unit_test -examples/**/* -examples -tests -tests/**/* -**/*.json -**/*.tar -**/*.gz \ No newline at end of file diff --git a/plugins/ec2_investigations/Dockerfile b/plugins/ec2_investigations/Dockerfile deleted file mode 100644 index 519a7406c2..0000000000 --- a/plugins/ec2_investigations/Dockerfile +++ /dev/null @@ -1,33 +0,0 @@ -FROM komand/python-pypy3-plugin:2 -# The three supported python parent images are: -# - komand/python-2-plugin -# - komand/python-3-plugin -# - komand/python-pypy3-plugin -# -# Update the tag to a full semver version - -# Add any custom package dependencies here -# NOTE: Add pip packages to requirements.txt - -RUN pip install paramiko -RUN pip install boto -ADD ./plugin.spec.yaml /plugin.spec.yaml -ADD . /python/src -ADD ./komand_ec2_investigations/actions/known_hosts /root/.ssh/known_hosts -ADD ./komand_ec2_investigations/actions/mount.sh ./mount.sh -ADD ./komand_ec2_investigations/actions/clam_av_run.py ./clam_av_run.py - -# End package dependencies - -# Add source code -WORKDIR /python/src -ADD ./plugin.spec.yaml /plugin.spec.yaml -ADD . /python/src - -# Install pip dependencies -RUN if [ -f requirements.txt ]; then pip install -r requirements.txt; fi - -# Install plugin -RUN python setup.py build && python setup.py install - -ENTRYPOINT ["/usr/local/bin/komand_ec2_investigations"] diff --git a/plugins/ec2_investigations/Makefile b/plugins/ec2_investigations/Makefile deleted file mode 100644 index cb85f96b6c..0000000000 --- a/plugins/ec2_investigations/Makefile +++ /dev/null @@ -1,53 +0,0 @@ -# Include other Makefiles for improved functionality -INCLUDE_DIR = ../../tools/Makefiles -MAKEFILES := $(wildcard $(INCLUDE_DIR)/*.mk) -# We can't guarantee customers will have the include files -# - prefix to ignore Makefiles when not present -# https://www.gnu.org/software/make/manual/html_node/Include.html --include $(MAKEFILES) - -ifneq ($(MAKEFILES),) - $(info [$(YELLOW)*$(NORMAL)] Use ``make menu`` for available targets) - $(info [$(YELLOW)*$(NORMAL)] Including available Makefiles: $(MAKEFILES)) - $(info --) -else - $(warning Makefile includes directory not present: $(INCLUDE_DIR)) -endif - -VERSION?=$(shell grep '^version: ' plugin.spec.yaml | sed 's/version: //') -NAME?=$(shell grep '^name: ' plugin.spec.yaml | sed 's/name: //') -VENDOR?=$(shell grep '^vendor: ' plugin.spec.yaml | sed 's/vendor: //') -CWD?=$(shell basename $(PWD)) -_NAME?=$(shell echo $(NAME) | awk '{ print toupper(substr($$0,1,1)) tolower(substr($$0,2)) }') -PKG=$(VENDOR)-$(NAME)-$(VERSION).tar.gz - -# Set default target explicitly. Make's default behavior is the first target in the Makefile. -# We don't want that behavior due to includes which are read first -.DEFAULT_GOAL := default # Make >= v3.80 (make -version) - - -default: image tarball - -tarball: - $(info [$(YELLOW)*$(NORMAL)] Creating plugin tarball) - rm -rf build - rm -rf $(PKG) - tar -cvzf $(PKG) --exclude=$(PKG) --exclude=tests --exclude=run.sh * - -image: - $(info [$(YELLOW)*$(NORMAL)] Building plugin image) - docker build --pull -t $(VENDOR)/$(NAME):$(VERSION) . - docker tag $(VENDOR)/$(NAME):$(VERSION) $(VENDOR)/$(NAME):latest - -regenerate: - $(info [$(YELLOW)*$(NORMAL)] Regenerating schema from plugin.spec.yaml) - icon-plugin generate python --regenerate - -export: image - $(info [$(YELLOW)*$(NORMAL)] Exporting docker image) - @printf "\n ---> Exporting Docker image to ./$(VENDOR)_$(NAME)_$(VERSION).tar\n" - @docker save $(VENDOR)/$(NAME):$(VERSION) | gzip > $(VENDOR)_$(NAME)_$(VERSION).tar - -# Make will not run a target if a file of the same name exists unless setting phony targets -# https://www.gnu.org/software/make/manual/html_node/Phony-Targets.html -.PHONY: default tarball image regenerate diff --git a/plugins/ec2_investigations/bin/komand_ec2_investigations b/plugins/ec2_investigations/bin/komand_ec2_investigations deleted file mode 100755 index 2e2be4fa7e..0000000000 --- a/plugins/ec2_investigations/bin/komand_ec2_investigations +++ /dev/null @@ -1,34 +0,0 @@ -#!/usr/bin/env python -# GENERATED BY KOMAND SDK - DO NOT EDIT -import komand -from komand_ec2_investigations import connection, actions, triggers - - -Name = 'EC2 Investigations' -Vendor = 'rapid7' -Version = '1.0.1' -Description = 'EC2 Investigations runs security tools on the AWS EC2 platform. Using the EC2 Investigations plugin for Rapid7 InsightConnect will allow users to mount drives and scan directories with ClamAV' - - -class ICONEc2Investigations(komand.Plugin): - def __init__(self): - super(self.__class__, self).__init__( - name=Name, - vendor=Vendor, - version=Version, - description=Description, - connection=connection.Connection() - ) - self.add_action(actions.ClamAv()) - - self.add_action(actions.MountDrive()) - - -def main(): - """Run plugin""" - cli = komand.CLI(ICONEc2Investigations()) - cli.run() - - -if __name__ == "__main__": - main() diff --git a/plugins/ec2_investigations/extension.png b/plugins/ec2_investigations/extension.png deleted file mode 100644 index ffb1c63e89b9ec8894702c50944cd5e73bb43b4a..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 6635 zcmVG^7HeuwYt5)#Xd(>oua6bmY)Cj?CtLF z|N8U)uQ>mu9pK^PjFFlD{{H{kqJ4vm|NZ)2WpLKm+G}!r|HyW?y1!RnYX9xh|McYP z>g)gFwxXx4|LV$QYj*#`X>xdi|K`B|&xS%vSjNcB;XP zqubrz|FlH^yjcIhVgK>nnKJc|000=mNklyqSOn z;e-LhY{Eo3VNwf6ylB0UN$lcp3&OlG)JrJb@;lZ6t3_Fhqm~;;`65hU*Sz3^6x9n7 zbO?7cs159j*BSR`I}CQt!BEVsN3AdkQWFw4?})&*@XiG#RTY#1$h{R7Mz4hohQ#XJ z2@|kE*pu4uB$#hl4k3b?ggy2Xt@khu17p#KDu}|9I$**2P+CC*S~~`>k30o(5Uc|l z*3b$QRuV5yjR)$6!GppM!FM4E>U%~Rd4J|fMH|>)ew%{5`0no4;-H#A5~q!**0Nb=M=!S5v=ZMnD?2%X0#DF6yy;63t7K_ zG=$tP3M_`PBbM0FDC>O-j9;h#K_Oie@@HY4-f$osD!xskYQlnZ3w9^unXiCFDz3Oo z7$3+8!%j7*48&rXdn-&8+`dGF4qRn7Own&cRK=Be_olSG$a#}L@cvC>kufZ#D&YLk z6Sl%YiGPVu z%!%Y_bIvJPaM$PsG`THt_JK->TZWM{Qkw{dk^`rsJliW_5ClRjrDTcOH)m%+5Tp4E z<#SCKZaEq$k8ueWQSIi%AqL1$BUi=YBA?X;Yk%rLfk8Zo^0?s86CZ5madEx}meU1` z!o4L}6JsgyT4=t_U)8)WZf$8qP9BB`(2Y4vLu%rK#~2K|TY#3L{`( z#vL$V$K(VA6WL2JAYcmnu2CN6SE!J_iBie|#(-2&J7Bmha9l*xF2a!664gfI3^7yK z2m%)X$AkF>GoMx%RJkaqUkQUiB3Smp5g_dn;wPNevgL3d*9OxjtD%X6yr~05WJEb6 zH_AY49D(Pu3j*iw#gT>yvQ6T6Af!t$4B8k(1+z32$|$wT>jW$m%XEVIX95xcnN1ol_HLb9O&e4Ze^)d_=g)XTIY_++Y)+=G}lac@j9 zZAbG^ZP18T81@eo>f8!7k&Cc6LPXUsqTx+Z%2hJ_UwbhTxnd63x}#_f&Z1GB=9XR> z78lRZVzFA;4NE92b{v?<3l+$@w=067h5-zPh^DatU?v4E|^4pL{2D# zDzS;WhiaQ^)y~(_q%YFtgF9i#XGC$C#^idYpus3rIyI`kCt;}1STGen#?TFu#1RGX z&s5io5{TB~lU(Cj<%+kS|2L|hx5GrJ*QQa= ziHkE#m_!o7l(e|zI`Sab@efH98(T+iiPD3{mz;K*;O}gkIfsSW8;o|J-m;zetEtI*>L{y zb~}>mw?;Z$*J}MTG$U76UKaWJS2kZPy*bSenYlL4SP86t_Cs@H__U0aX!dRId^~zF z|DJ}u60ba){_F&4HD)B#T#XY6N>4?P`*E+#&Fssv2tU2)ZN2Q(+&%T3n!Zk{hAYfw`sslv~{Uc~F))GBF_tBo74fE_M#H?xnU{mk>wJ$k}5?~lrS z%v3fLvxsaNY;8{Hkfn^*Q<(K}yWRK+Wu(!gVad`yROUUX8r+f?&C{|vJE%hO~s z`TjE;SP4~=+uM&Ur^eXJa!O(E*O-G@aCSpdTI5zVm8OX5qE|S%^yl9{>(|%y!{jjT z8^~+&=(9+>Uy3(ow<+?X%%=Oho!5iAm#m)J_{)BHTfIF0%Z^w~Uwd)p#88&#oS^5E%H~Wu4wFWMCMr%=ONx?Dm;2oFqvuL)rQBV1`)}7v)edESD zprSH}@Q?}km=j8F_Te=2&AeXs>{17lB?t7``sL-Q7b>DyhKh^c7P8*o&!X~_imvN; zad0;I;jCr?WMnigb8n;b6+Hgeyj7ILXY1m z*v-+t`(#YAGKlcJuc6t3zLD|p7P7xLx3E7mGl{u#6>rgb6^&{L&1xPNVCmZzsa6)8 zDKu}s_Hq}z?0~NWt2WtJc*uRfGLpf!MJ|A6yf{tV+5yMbX8QMk#rrsSfJPoCcg?dd zyUYbr_uS*yO=}$n-lqc4^AV`w8F&X z`KTV~I5zZWKl(O~bNuV$&x4C5wF8(IHiCXULMk5}jMhYRL!$!}8Xb|qL;6@guSYrA zX_OD{A&*1HKYr^~ej49(R<=dVLoB^2`*&`)7z~{TfK(S9~%gQ zK|Gi+IN0g0B^F*&mTtN8onLL?c-6<-?yq_%&BnX(_depriMgJf4%cgtA8!y2@^0wP z)C3Rb{jHpCoM-*6k;|zMg@bcIU24L!w!0=OgiFf-KAR-ozAk=#e%{u1&%04#AM`dW zOad@>Q&`zpJW(B;402p6%8$tt^1-W@(A~f-tCGrax;KoYVca6kY?+SN3!O)%LlvsW zw{wzseoke3{o#0idiXri8boE}5+P?0;^@cPQ1favy-&A|2bVhdP!iG!YdK{$pM1`) zY7Ed9={kD5$H}ml=Xp))P4dw1yG+9Cl4VDE-m}3>tRymyB>=axuGaFSHSG(KTOm$hOp~m;7#KV{2i? zJc5Lmi*YQTq8uC^+p5_O-zv$&8rAR7eh?3x7w{BVgP!aSLq=_CSCk8}R&0EZr51mR zRCcPm+m1_sa?p zB2=+E(Y00jN3**(!4JzW%MI*J>1%YR3U~iKc2$I;PI$9BiD5$Dz>1oT@i}SHU%SCY zQD#riffSE^*REDjJOs^K^{vtwzyD;UxiLj3J#LItO#$HEn$7T;jvv&?*Yb1n(RbTm zulZL3hTm6}#^FHLrAe(d<4>W|Z51DCd+>&IaPfCmg)Jk+lQqiO!7!8g&L?;IbR_B4 zk1TJu(=3=?zE2jl`QFDm9h9R@n#=wA<}O>O{8A`Fz`Qdw4*D_e@i!fA$^8$`*=IkftL97E zi(S&s<1-aZAHLa-__&%xhC+SIwUf&j`8^xY%2_Nyu}y@>HW~;0mX5>m`TiZR)yRZk zPEVCe=W4nN{&2+%gS!;BE*aZxvjE~%4BP#%w?$>&Eq}SgZF1Yv=?|irw|_+=drQ6T zn=`8VeAgizw5?JVvE5F^c2P2~5O->akzFxe)R&M{7wr7aKccfM#`oXpL^_OE?~;D- z@SFM$2j|JaG-=QmCi>dRWPE5586Na(n;90BGr;K^XLmc)2Hd_!Q;6E1Ti<>W9^CsB zUGav-X{tf!&*!C|x@zqm=Q3O~0ehcJhEoS|3OVR-A6k;92-*Yv%Wh}`9-Z;mWRLrp z4&dEcblVSYa-sIO;DTGlhb#_Sn}(G!yJoUAc*N^AG*_z#I^Dn6i;SlOv5e_z%)GlaG<>aBvx#@{bosMK&3> z0xjO=kwiGzS{mwmkDLbjy|*2?IDWsmo9+jbr*d?C$j|ee>%9=!y2c@u_yR6e#{nnJ z^7fLiSihcp|9pD+*Zmcl3fsPGM{j{6j6W)ox3m@Zjv9o%jlqH!JC#QyWNvBaN>_K) zFAo8Fd~yBtfJUzZ>+6TEc+5JAcPp{on*+`Ps+3B*q4QArcu!p!PLUCV?Jn~9idA&$ zpUXhLAn>nu7)B8=e}Enr!%O?;N|)(=9Egx8j=!E%koOk)iF=p(pTkf7;b&wNqVW%W z_mkz*_zO4UqPV@YbbYpv*H}5(mj}xrp7RJGsYMhp>-8>+nQVts!~gx~kU*Qn0xd?s z2N}W7#gJo4Kal)CErq!7)(x)35Dd1&T@N}_I@yPmKp*h2VO;MhyvhErO6UeLSAD1W zGw=iSPsc$Vb?@X1aVbMQw`fd^Q%#?a!_hnv!dP&66!F=1gj)u$k4_;yW|@lZ29D%W zk;is-zaG-zh0g~&#jiIa8gN-ElB0AfeDbBjK8V{&`@%5n8DbG$Vh zW(_wVA08eqKY!3sj=xN7qqXdiOokWE2Jz4@*VStE*U9%skg7CU<_nicDpZsZN)zeA zGD|%zwK{zPmnhc+fm%w&k^61W-CD>;WjYS! zn!6&lYfMb7tl3TPb@O(OR@m&Q{n1$1?yA_XH?jP0nzf#Xi%KYF!-niuV_?>6-W2k<8+3TCyRBd=B|$I&d8VjUKo&Iea6;AWb(UIBDLYUuIDxQNpE!LbRfoF4s5q? zYg+K_+RV^F<-5GX(W4ACXyn0myK^$JG|is44V)B=OVcce6!_W!077DTj4TbbC8s-< z--L2`k`LQ;TPB@bh5D##$e2ZhECE1fO{mC{K-+!Kqxb8WgdO@hv0bBS5fu|m@28=Q zt2)HWG$9j8=!b$#3EH~Dr`otf-uH-Ps&{i@yZ%F{1wCLBW7_ppX5~incD?Sj77Txl zyq^+Y2&Qx{Y!|53DNqSrC|ir3V?ZXOBEK2v^r$>7mn|Z17v%LMFSbki(X&|>$Y|KD zp_5$g0~F4$^rdj3;q+T}q}E!&Nhf%(S)IJtE~W1dOszmzivHMxq0`vVIPjNfIK!5` zH1@0!;oN?3MjLy1v0XMy1{;dV{wmvp*|WFNyj`Q)8;}l!)?RH$KNyjB&D_{-)JVsl z72HS!SFMjneaBF+6ey*yv=2^aI<9M>ofH_{R?A^l;G7ssPBONO(|x%j^}G}|`eT!| zp7p}NlWC8q{jQPUZX)gPH=k^uS$QL`JRchDYaPN|qog=0u8qYo|>sXn@Lr)ZORaXlz@dby^7R)%w&8ztkYCWOr3p14#@P0EO64-lQ|N zm(Er6;7tF=vgfVl@Y&S`Cl(aZ4)D7D*=S+cO-&=#Od*;Fz5s7M8xh;MHO;@p1VD`H z;d+h`-^@X%8nAS9NA-x8A}=NCOx>OjM$KWT>nfc&!+Gw{rmeAEw|F;=4nlzl(Lu-H zzBCM2Y3?d2`5-aMTQ6u23J^9O=#FfnD%iYOcA-Fl_kD32s zI%++QYku1;N>*O_{DtL9zXu+6D1wvybc{U#+g*y5aC#fggef7`2dyj|8vnmZ4kZ~s zl{MM}UiUSeAUrTN*1~pWjxo5ixk+_i_ypOn;wY%e3Y^nvkK!V(88{B!df2YiGyvV} z4C>sI)ykQUBrwhI*^-Df~=t*7LIAS-5%z3V)-$CPW_- z8t^=wQ!k51nnHoi5ly2rmie+;C%L)Z*Cnt)t?sMiK(#UP z@4vJxt6p2QCcTdPU%__WZl~YtHQ6!i4g1f|i($J+4)8l33HA7dJ|qn~axcR<3z@lP zW&9CuY60RNM-VUiBa}AH0B1r{Xdq)xQh*G;sD}XI3Cm|vQ!m(Y1l482gK#0LOHb;j2P!o6%Z@q#RXphV&HA8 z7m&)aAniBgYOZ`ffOO(;OMk@8!Kn1;iH)M5qg>mMLtGC30UNHE&l`N`C;`%`m4E^LBZd^-p2D>11M(2aXE} zrN7cf0kW|MY*Mu9Aa3a;Zsi)=OcC3!dVC*b9Fx{{U00JyfNs3>JPVn$(z38M4L?G$ zJy#@ADIITDfp;^+WZaXI$aR2NfloP^xF;2eb?lVve9KxMZ=Y@!Ge zK!~qwOdnXp~e7;GBb%}Mq@smYuP+ZD$`M;lq$$;(hro9rh<^OC9+f9sB zDxX#+I#37H(#TfEc2i;l`8jDFyLDA;R~LhDkQ$qWbRSg;+Um-6XX|6Tu|VRVjSA$% zcBQ+KuBU7zplwF7+}Q5RnGUOuLw;=czMQjf^Z2w0%8ncO9!^ zjl8){W4mg20b<+gtpM6)Bzw=>eb3wduVA~YlIic*?mM=d!Kr`8cHgmGnNE32$2+$B p7QDE3Z1)}8-6Y4oW4mwR_!nXR$BKe@V*daD002ovPDHLkV1l~Y5extT diff --git a/plugins/ec2_investigations/help.md b/plugins/ec2_investigations/help.md deleted file mode 100644 index fa7d421a2f..0000000000 --- a/plugins/ec2_investigations/help.md +++ /dev/null @@ -1,107 +0,0 @@ -# Description - -The EC2 Investigation plugin runs security tools on AWS instances. -In many cases, actions require the security tool to be installed on the EC2 host. - -Using the EC2 Investigations plugin for Rapid7 InsightConnect will allow users to mount drives and scan -directories with ClamAV. - -# Key Features - -* Mount drives -* Scan directories with ClamAV - -# Requirements - -* Access key -* Secret key - -# Documentation - -## Setup - -The connection configuration accepts the following parameters: - -|Name|Type|Default|Required|Description|Enum| -|----|----|-------|--------|-----------|----| -|access_key|credential_secret_key|None|True|Access Key ID|None| -|secret_key|credential_secret_key|None|True|Secret access key|None| - -## Technical Details - -### Actions - -#### Mount Drive - -This action is used to mount a drive for analysis - -#### Input - -|Name|Type|Default|Required|Description|Enum| -|----|----|-------|--------|-----------|----| -|directory|string|None|True|Directory|None| -|device|string|None|True|Device|None| -|filesystem_type|string|None|True|Filesystem Type|None| - -#### Output - -|Name|Type|Required|Description| -|----|----|--------|-----------| -|instance_id|string|None|True|Instance ID|None| -|region|string|None|True|Region|None| -|private_key|string|None|True|Private Key|None| -|user|string|None|True|User Name|None| -|directory|string|False|Directory| -|status|string|False|Status| - -#### Clam AV - -This action is used to scan a directory with ClamAV. This action requires the host to have clamav installed. - -##### Input - -|Name|Type|Default|Required|Description|Enum| -|----|----|-------|--------|-----------|----| -|instance_id|string|None|True|Instance ID|None| -|region|string|None|True|Region|None| -|private_key|string|None|True|Private Key|None| -|user|string|None|True|User Name|None| -|directory|string|None|True|Directory|None| - -##### Output - -|Name|Type|Required|Description| -|----|----|--------|-----------| -|file_name|string|False|File Name| -|file_location|string|False|File Location| -|hash_value|string|False|Hash Value| -|owner|string|False|Owner| -|time_created|string|False|Time Created| - -### Triggers - -This plugin does not contain any triggers. - -### Custom Output Types - -_This plugin does not contain any custom output types._ - -## Troubleshooting - -In many cases, actions require the security tool to be installed on the EC2 host. -For example, the ClamAV action requires ClamAV to be installed on the destination EC2 host. - -# Version History - -* 1.0.1 - New spec and help.md format for the Extension Library -* 1.0.0 - Update to v2 Python plugin architecture | Support web server mode | Update to new credential types -* 0.1.1 - SSL bug fix in SDK -* 0.1.0 - Initial plugin - -# Links - -## References - -[Boto](http://boto.cloudhackers.com/en/latest/ref/manage.html) -[ClamAV](https://www.clamav.net/) - diff --git a/plugins/ec2_investigations/icon.png b/plugins/ec2_investigations/icon.png deleted file mode 100644 index 5ee7e2812a63655a5a2ea3edd93899f102e87b5f..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 4900 zcmcgw3pmql|NqU1lu`1py@z~}tp3QMNB^iID9Kx_1#x~n(Cf3N4PC5(G%v%mU zXm6xK4|*a=+KP~{9%4h0Q_j4QV}fHO^PqLbibBg0`I!;^A=!6eX#04|ggOoTf}6T*ld zL_#Plrjcj~08pI>uYHVtuDh`zlxPG&ib2FiQ$cM2u(XM#5<*Bs20WM;7D2Ys8Lg_( zfk%W|>FhXLTgGBR1JOhV0UjG2MW$n8t#m%w z#e!q$G*Sot3Bn**>3j}qpQ}6EjzS~C(Fl}b2+9lvH#0&QnV6cJoBsqiMj4@yC}X6N zv7wPU*2EZ#Lcza$bU<&k&;wWxd&e)nK*>rcoWY=Ckw_+!iC~%_D6}x75e9>i+AuaY z1QCXG7MVeaH6+uwe6?Utq=(QVsEh~-87{R*2&NolSm}U~etv~$>Nm4w`j>42Hw+m| zpdyVBDCsMG1-iQa@6hPzZ)iHhgZMq(e`uKQ#iA0C9z;6jAT0z;+<`4pS5&MWjYwcn zXkHXb)Yn~f52r9F^l%ClZs&=HyAnbo$Wr+e-qjWBOr|pky_F7V0TB@qigm!C zaOMtZGb4kb}`gGUKam=yzT7AL>d=A({$$ zwkOge4iQ5gX_RRAr&q>C{5TfVAKLq(8~Wo|&_C2gg25oAiTxjm{yGI#k97F0Y(e2$ z;SG2#B)+`oA>6Wg0wwU6#h^a$0)L{HXV)bXUOg?# z2*U^>F^y2DVw~)PBPJ8tvKi4RLYkDq3T-6q6Y(K=sB*Hnf~4e55xR+e9#7;Q{Jr&X zwz!BEDX*_M7tiHSWS8&ab^P?-M?%%yorHa%)&6YR4#NPKWmGC90~)6>xr$XyH@Bq0WOt(^>x&h`IecB=g++hbSvQw?G>fxZc$(QV^FGS9L2uHnUL#!C;0<)kTWRU^ zp^-f2u`?S-FDITks>NsSzrBrzOW)O+2s=75h_~JJ%p%XO>|^EjkuZ@n)R2Xo?P5sY zCToeTa&GDHbPI}s%2kzTo#Z-=NpeD0Aw*Vl1#O3X_$j{8n`GGP+LZM@VC03bXHAOXImPb^ zlaUFR#kbG^bpxVe`e9NA^i6WWT@p)c9~8h#rYa2vfS+^Q4axEI@KjMC44g~zT}KCG ze{4q%cbAd0hP&0 zLp^>DRG8G~ExchJNX}`dV+H=)OiN0-jhWw)2?}#?V`IU|4H(d2+&bfiI?U zizKP%f=NW_*~6(9XZkI3^wOUb9`|0a_Q#L9v~30#?@y0M?UpQC;Cn^+W2CpWjN|QX zHBTlU>&xyJW=*xXE)xHCub91EU^tv|qdY^5A5U~o!k6P}eA%iNY0$Cqu+6E+hg&2X z&jUS}%v{H(+P;_%7YrJ8XK>>|nS@HjKrLy(z4{L);b6r~>Rc)sps0vG93H8wz4x}K zL1>C z=696WVrYH~i2gZDE(t$fFj3Y9m_F5I;u;1uHgG(>-Sw0&4|;nlUp{ehR&`j`S4F@) zB2v#54n8`q22@wWB~w}DGCW<1Um~y1BD^*cf^!l=z(c3P$QDB46V@;)%}Qlz+t>e7 zN9X^2#{Vx~^Bz%@GXX>I~0c)U5db8HU~CNT-&37J@?|8Wf6-l zC`$_qX%{&4x8FOJQT=L`No&!U)y#h$r(V-DvsKXPGRD4m{v{*{w)g=qP>NY0t2wkT zed}oY8oI48cgHE#$n~+jLjW#CvHLFtG)};{HA4klA$<6+It>*@;p_L7)5YK}7Pea% z$w&6)|2%VKY^F($1Y`?y$#+Y@%`JQ#iOGd3V7=a*R|Aq@2dlCk3Bu*U`PRa^u8CI= zT*}FMl6X@apnz>{PNi~q4*|eWBkCknL5X`aAyD~v5{&e~XC6x+`p zJTl|7@+$V$@bvyJuPUDb)@{*LgCY$`?IEE>loL}`{I-|=jc0f1QT>_PMyXI!<)5>7sLehz+Y4u z8+HoCO_Y(GCPCsL6)m8!*gN~u+s@SKGBXyKLn1x?`G=-e+2Y-^G2JUQht@)B0`LRD zu)38A754juxogMF%KTW>w-kfY??oUGHKKKl!iUW?tbA-5UzzT)o*`K>AJQZNA64|G zkaC)H5!RaH9_pyH-n@#0nqT$^b2nM=v!L(xTK2GT!d#nP)^H58i&X@`B$1tBEAu2+ z_rkG-7wR0llh6lT<*REM;d}ifrz4en9E~l z<8&lKZtV48T@s)^euMWgG(J0iwZ1SrHm=J7mqM;L$xK+MFTAZVSIo0xTJJ>Mg*KmJ zHfO6cBp;Ju!eba*%E(h+i15N)In7G?3q=m1rdk2Zn9($~g?6oz*SrFr-X=aW38u-G zR|0QB;QnPE*z%!Z_Q51e%l32Sev!XbvQ+*C0r7uQLA}Ij`zQmew@8M)Wq~RAgr<`K zZ-kc;_DNd2p$3t{trX^VaUDo9oXVrs=f$~bh;27cgvsOYQv+HxCqF#?72qxLEOMc> zK$4c*>BCX`0e7ab??%k@M6u6Cpmo!vN_sbCt9GXhutz>YZ-`l<1PsCA^l^cuSfJ2C z^2eP*sO=)|Y*wGOb59OT3TjAu>oW?tCkXBQ*)?Hl^Tr`^z$98S20^T1S?}zd{&gZ! zxftMBgUCqr8n;DXu3=F^zq$2C8C!!hcNuFFxZ)k$Ss`u;cHC~u! z^|s*pE&N0$KzPu~S^J+RMwCmR15F7iV!ApQCGF`z$t zz47R>8d!Eyn|vTZ(nvCl!)t*GCc4U2fRtfLb?#TRbaCELkS`q^^b?dtDFF&`i~fh? zZH4kd&59sNAjo$6b%4(&4o}yYfK-kz>azsf7F^OAtt;3o9jxxVv{b7O$X=bZDwP3n z1?-r?ga@DGdgAo!Pf)|2M~BP>2}NKMhL~GeN3a~8i9*a^cUV5yBGXQ#G}pP(v~_cy ztbj|rkiknnw3Te+k$n)jWU|{EQ_?^hc4-5JR+35TD0_LU;4tgviTNBYy&PY81+3c1 z_Vzxj;h619yRM8BJhd_ubtqun%lo`hFCBFU4EiV8+XNP@15Hma1)7`iYQ&l2)4%x~ zC|OtpT_64VRztC`ob6SA+JB0o{y9OPxbf%W{9d2`K>l~tuOt=ZzTn+wUizhZCBYQ1 zAJqN4rT5Y((*W=--7b;R`pMx_Ji8PT4r==57qC6Hl>p(5CSXTg_(WHgs%J8C!!{J<=eOZSGD1{n#~^XD((!8Ux)h}@{oId*?+_yo_c z%DWf{e>{}6blqh{Sgpr;<_o3Do*nm(*^$yX_e_zq<#^T`cGvLwmDt-9BS8WQfJJP6 z-^bQS@5(0b~5Pb}4T(;$F+wGzwF<7zMk>YRkQ_nvPx# diff --git a/plugins/ec2_investigations/komand_ec2_investigations/__init__.py b/plugins/ec2_investigations/komand_ec2_investigations/__init__.py deleted file mode 100755 index bace8db897..0000000000 --- a/plugins/ec2_investigations/komand_ec2_investigations/__init__.py +++ /dev/null @@ -1 +0,0 @@ -# GENERATED BY KOMAND SDK - DO NOT EDIT diff --git a/plugins/ec2_investigations/komand_ec2_investigations/actions/__init__.py b/plugins/ec2_investigations/komand_ec2_investigations/actions/__init__.py deleted file mode 100755 index 339c3ddc10..0000000000 --- a/plugins/ec2_investigations/komand_ec2_investigations/actions/__init__.py +++ /dev/null @@ -1,3 +0,0 @@ -# GENERATED BY KOMAND SDK - DO NOT EDIT -from .clam_av.action import ClamAv -from .mount_drive.action import MountDrive diff --git a/plugins/ec2_investigations/komand_ec2_investigations/actions/clam_av/__init__.py b/plugins/ec2_investigations/komand_ec2_investigations/actions/clam_av/__init__.py deleted file mode 100755 index 54f3ae1ab9..0000000000 --- a/plugins/ec2_investigations/komand_ec2_investigations/actions/clam_av/__init__.py +++ /dev/null @@ -1,2 +0,0 @@ -# GENERATED BY KOMAND SDK - DO NOT EDIT -from .action import ClamAv diff --git a/plugins/ec2_investigations/komand_ec2_investigations/actions/clam_av/action.py b/plugins/ec2_investigations/komand_ec2_investigations/actions/clam_av/action.py deleted file mode 100755 index 252bfad97b..0000000000 --- a/plugins/ec2_investigations/komand_ec2_investigations/actions/clam_av/action.py +++ /dev/null @@ -1,70 +0,0 @@ -import komand -from .schema import ClamAvInput, ClamAvOutput - -# Custom imports below -import json -from boto.manage.cmdshell import sshclient_from_instance - - -class ClamAv(komand.Action): - def __init__(self): - super(self.__class__, self).__init__( - name="clam_av", - description="Scan directory with ClamAV", - input=ClamAvInput(), - output=ClamAvOutput(), - ) - - def run(self, params={}): - """TODO: Run action""" - directory = params.get("directory") - instance_id = params.get("instance_id") - private_key = params.get("private_key") - user = params.get("user") - region = params.get("region") - empty_json_output = {} - - # Create private key file - f = open("./pk.pem", "w") - f.write(private_key) - f.close() - - # Create command from user input - command = "python clam_av_run.py " + directory - - try: - # Connect to AWS instance - reservations = self.connection.aws.get_all_instances( - filters={"instance_id": instance_id} - ) - instance = reservations[0].instances[0] - ssh_client = sshclient_from_instance(instance, "./pk.pem", user_name=user) - - # Copy the mount.sh script to the instance and make it executable - ssh_client.put_file( - "./komand_ec2_investigations/actions/clam_av_run.py", "./clam_av_run.py" - ) - # Execute the command and return the standard output - status, stdout, stderr = ssh_client.run(command) - # Remove script after running - ssh_client.run("rm ./clam_av_run.py") - - if stdout.decode("utf-8").rstrip() == "0": - results = empty_json_output - self.logger.error("Clam scan is not installed on host and is required to run") - elif stderr.decode("utf-8") != "": - results = empty_json_output - self.logger.error(stderr.decode("utf-8").rstrip()) - else: - results = json.loads(stdout.decode("utf-8").rstrip()) - - except Exception: - self.logger.error("Something went wrong, command probably failed to run") - raise - - self.logger.info(results) - return results - - def test(self): - """TODO: Test action""" - return {} diff --git a/plugins/ec2_investigations/komand_ec2_investigations/actions/clam_av/schema.py b/plugins/ec2_investigations/komand_ec2_investigations/actions/clam_av/schema.py deleted file mode 100755 index d053086fcc..0000000000 --- a/plugins/ec2_investigations/komand_ec2_investigations/actions/clam_av/schema.py +++ /dev/null @@ -1,121 +0,0 @@ -# GENERATED BY KOMAND SDK - DO NOT EDIT -import komand -import json - - -class Component: - DESCRIPTION = "Scan directory with ClamAV" - - -class Input: - DIRECTORY = "directory" - INSTANCE_ID = "instance_id" - PRIVATE_KEY = "private_key" - REGION = "region" - USER = "user" - - -class Output: - MALWARE = "malware" - - -class ClamAvInput(komand.Input): - schema = json.loads(""" - { - "type": "object", - "title": "Variables", - "properties": { - "directory": { - "type": "string", - "title": "Directory", - "description": "Directory to scan", - "order": 5 - }, - "instance_id": { - "type": "string", - "title": "Instance Id", - "description": "Instance ID", - "order": 1 - }, - "private_key": { - "type": "string", - "title": "Private Key", - "description": "Private key", - "order": 3 - }, - "region": { - "type": "string", - "title": "Region", - "description": "Region", - "order": 2 - }, - "user": { - "type": "string", - "title": "User", - "description": "User name", - "order": 4 - } - }, - "required": [ - "directory", - "instance_id", - "private_key", - "region", - "user" - ] -} - """) - - def __init__(self): - super(self.__class__, self).__init__(self.schema) - - -class ClamAvOutput(komand.Output): - schema = json.loads(""" - { - "type": "object", - "title": "Variables", - "properties": { - "malware": { - "type": "array", - "title": "Malware", - "description": "Malware", - "items": { - "$ref": "#/definitions/malicious_files" - }, - "order": 1 - } - }, - "definitions": { - "malicious_files": { - "type": "object", - "title": "malicious_files", - "properties": { - "created_time": { - "type": "string", - "title": "Created Time", - "order": 4 - }, - "file": { - "type": "string", - "title": "File", - "order": 1 - }, - "hash_value": { - "type": "string", - "title": "Hash Value", - "order": 3 - }, - "owner": { - "type": "string", - "title": "Owner", - "order": 2 - } - } - } - } -} - """) - - def __init__(self): - super(self.__class__, self).__init__(self.schema) diff --git a/plugins/ec2_investigations/komand_ec2_investigations/actions/clam_av_run.py b/plugins/ec2_investigations/komand_ec2_investigations/actions/clam_av_run.py deleted file mode 100644 index a6f31758eb..0000000000 --- a/plugins/ec2_investigations/komand_ec2_investigations/actions/clam_av_run.py +++ /dev/null @@ -1,61 +0,0 @@ -#!/usr/bin/env python - -import os -import subprocess # noqa: B404 -from datetime import datetime -import json -import hashlib -import sys -from os import stat -from pwd import getpwuid - -file_paths = [] -json_output = {"malicious_files": []} -sha1 = hashlib.sha1() # noqa: B303 - -# Get output from scan result. -def open_file(s): - with open(s, "r") as f: - f.next() - f.next() - f.next() - for line in f: - if "FOUND" in line: - x = line.split(":") - file_paths.append(x[0]) - if len(file_paths) == 0: - return - for p in file_paths: - filename = p - get_time = os.path.getctime(p) - format_time = datetime.fromtimestamp(get_time).strftime("%Y-%m-%d %H:%M:%S") - hashvalue = hashlib.sha1(filename).hexdigest() # noqa: B303 - owner_name = getpwuid(stat(filename).st_uid).pw_name - json_output["malicious_files"].append( - {"file": p, "owner": owner_name, "hash_value": hashvalue, "time_created": format_time} - ) - - print(json.dumps(json_output)) - - -# Scan the directory -def get_scan(): - if (len(sys.argv)) != 2: - print("Usage: python clam_av.py ") - else: - _now = datetime.now().strftime("%Y_%m_%d_%H_%M_%S") - _file = "Result" + _now + ".txt" - s = sys.argv[1] - d = "/tmp" # noqa: B108 - try: - subprocess.check_call(["clamscan", "--quiet", "-r", s, "-l", d + "/" + _file]) # noqa: B603,B607 - except OSError as e: - # Error 0 - Clamscan is not installed on host - print("0") - return - except: # noqa: B110 - pass - open_file(d + "/" + _file) - - -get_scan() diff --git a/plugins/ec2_investigations/komand_ec2_investigations/actions/known_hosts b/plugins/ec2_investigations/komand_ec2_investigations/actions/known_hosts deleted file mode 100644 index e69de29bb2..0000000000 diff --git a/plugins/ec2_investigations/komand_ec2_investigations/actions/mount.sh b/plugins/ec2_investigations/komand_ec2_investigations/actions/mount.sh deleted file mode 100755 index b0e1f155ac..0000000000 --- a/plugins/ec2_investigations/komand_ec2_investigations/actions/mount.sh +++ /dev/null @@ -1,50 +0,0 @@ -#!/bin/bash - -# Make is executable first: chmod +x ./mount.sh -# To run the script: ./mount.sh suspect_mount2 /dev/xvdf1 - -# Test if the first input (the directory you want the volume mount to) is valid -if [ -d $1 ] -then - # Error 1 - Unable to mount. Directory already exisits. - echo "1" - exit 1 -else - errorline=$(mkdir $1 2>&1) - length=${#errorline} - if [ $length != 0 ] - then - # Error 2 - Invalid directory - echo "2" - exit 1 - fi -fi - -# Test if the second input (the directory of the volume) is vaild -if [ ! -b $2 ] -then - # Error 0 - Unable to mount. Device does not exist. - echo "0" - # Remove the directory we created in the first part so that the directory - # can be reused if the second part return error. - rm -r $1 - exit 1 -fi - -# Test if the volume is successfully mounted -errorFormat=$(mount -o ro $2 $1 2>&1) -length1=${#errorFormat} -if [ $length1 != 0 ] -then - errorMsg3="{\"directory\":\"$2\",\"status\":\"$errorFormat\"}" - echo $errorMsg3 - # Remove the directory we created in the first part so that the directory - # can be reused if the third part return error. - rm -r $1 - exit 1 -else - # Successfully mounted - successMsg="{\"directory\":\"$1\",\"status\":\"Successfully mounted\"}" - echo $successMsg -fi - diff --git a/plugins/ec2_investigations/komand_ec2_investigations/actions/mount_drive/__init__.py b/plugins/ec2_investigations/komand_ec2_investigations/actions/mount_drive/__init__.py deleted file mode 100755 index a6c56ae539..0000000000 --- a/plugins/ec2_investigations/komand_ec2_investigations/actions/mount_drive/__init__.py +++ /dev/null @@ -1,2 +0,0 @@ -# GENERATED BY KOMAND SDK - DO NOT EDIT -from .action import MountDrive diff --git a/plugins/ec2_investigations/komand_ec2_investigations/actions/mount_drive/action.py b/plugins/ec2_investigations/komand_ec2_investigations/actions/mount_drive/action.py deleted file mode 100755 index efd9da3b46..0000000000 --- a/plugins/ec2_investigations/komand_ec2_investigations/actions/mount_drive/action.py +++ /dev/null @@ -1,80 +0,0 @@ -import komand -from .schema import MountDriveInput, MountDriveOutput - -# Custom imports below -import json -from boto.manage.cmdshell import sshclient_from_instance - - -class MountDrive(komand.Action): - def __init__(self): - super(self.__class__, self).__init__( - name="mount_drive", - description="Mount drive", - input=MountDriveInput(), - output=MountDriveOutput(), - ) - - def run(self, params={}): - """TODO: Run action""" - directory = params.get("directory") - device = params.get("device") - instance_id = params.get("instance_id") - private_key = params.get("private_key") - user = params.get("user") - region = params.get("region") - empty_json_output = {} - - # Create private key file - f = open("./pk.pem", "w") - f.write(private_key) - f.close() - - # Create command from user input - command = "sudo ./mount.sh " + directory + " " + device - - try: - # Connect to AWS instance - reservations = self.connection.aws.get_all_instances( - filters={"instance_id": instance_id} - ) - instance = reservations[0].instances[0] - ssh_client = sshclient_from_instance(instance, "./pk.pem", user_name=user) - - # Copy the mount.sh script to the instance and make it executable - ssh_client.put_file("./komand_ec2_investigations/actions/mount.sh", "./mount.sh") - ssh_client.run("chmod +x mount.sh") - - # Execute the command and return the standard output - status, stdout, stderr = ssh_client.run(command) - # Remove script after running - ssh_client.run("rm ./mount.sh") - - if stdout.decode("utf-8").rstrip() == "0": - result = empty_json_output - self.logger.error("Unable to mount device: %s. Verify volume is attached", device) - elif stdout.decode("utf-8").rstrip() == "1": - result = json.loads( - '{"directory": "%s", "status": "Directory already mounted"}' % directory - ) - self.logger.info( - "Unable to mount directory: %s. Directory already mounted", directory - ) - elif stdout.decode("utf-8").rstrip() == "2": - result = empty_json_output - self.logger.error("Unable to mount directory: %s. Invalid directory", directory) - else: - result = json.loads(stdout.decode("utf-8").rstrip()) - - except Exception: - self.logger.error( - "No address associated with hostname %s. Verify instance is running and credentials are valid", - instance_id, - ) - raise - - return result - - def test(self): - """TODO: Test action""" - return {} diff --git a/plugins/ec2_investigations/komand_ec2_investigations/actions/mount_drive/schema.py b/plugins/ec2_investigations/komand_ec2_investigations/actions/mount_drive/schema.py deleted file mode 100755 index e82bb8102e..0000000000 --- a/plugins/ec2_investigations/komand_ec2_investigations/actions/mount_drive/schema.py +++ /dev/null @@ -1,105 +0,0 @@ -# GENERATED BY KOMAND SDK - DO NOT EDIT -import komand -import json - - -class Component: - DESCRIPTION = "Mount drive" - - -class Input: - DEVICE = "device" - DIRECTORY = "directory" - INSTANCE_ID = "instance_id" - PRIVATE_KEY = "private_key" - REGION = "region" - USER = "user" - - -class Output: - DIRECTORY = "directory" - STATUS = "status" - - -class MountDriveInput(komand.Input): - schema = json.loads(""" - { - "type": "object", - "title": "Variables", - "properties": { - "device": { - "type": "string", - "title": "Device", - "description": "Device", - "order": 6 - }, - "directory": { - "type": "string", - "title": "Directory", - "description": "Directory", - "order": 5 - }, - "instance_id": { - "type": "string", - "title": "Instance Id", - "description": "Instance ID", - "order": 1 - }, - "private_key": { - "type": "string", - "title": "Private Key", - "description": "Private key", - "order": 3 - }, - "region": { - "type": "string", - "title": "Region", - "description": "Region", - "order": 2 - }, - "user": { - "type": "string", - "title": "User", - "description": "User name", - "order": 4 - } - }, - "required": [ - "device", - "directory", - "instance_id", - "private_key", - "region", - "user" - ] -} - """) - - def __init__(self): - super(self.__class__, self).__init__(self.schema) - - -class MountDriveOutput(komand.Output): - schema = json.loads(""" - { - "type": "object", - "title": "Variables", - "properties": { - "directory": { - "type": "string", - "title": "Directory", - "description": "Directory", - "order": 1 - }, - "status": { - "type": "string", - "title": "Status", - "description": "Status", - "order": 2 - } - } -} - """) - - def __init__(self): - super(self.__class__, self).__init__(self.schema) diff --git a/plugins/ec2_investigations/komand_ec2_investigations/connection/__init__.py b/plugins/ec2_investigations/komand_ec2_investigations/connection/__init__.py deleted file mode 100755 index a515dcf6b0..0000000000 --- a/plugins/ec2_investigations/komand_ec2_investigations/connection/__init__.py +++ /dev/null @@ -1,2 +0,0 @@ -# GENERATED BY KOMAND SDK - DO NOT EDIT -from .connection import Connection diff --git a/plugins/ec2_investigations/komand_ec2_investigations/connection/connection.py b/plugins/ec2_investigations/komand_ec2_investigations/connection/connection.py deleted file mode 100755 index 76f336062b..0000000000 --- a/plugins/ec2_investigations/komand_ec2_investigations/connection/connection.py +++ /dev/null @@ -1,18 +0,0 @@ -import komand -from .schema import ConnectionSchema - -# Custom imports below -import boto.ec2 - - -class Connection(komand.Connection): - def __init__(self): - super(self.__class__, self).__init__(input=ConnectionSchema()) - - def connect(self, params={}): - self.logger.info("Connect: Connecting..") - access_key_id = params.get("access_key").get("secretKey") - secret_access_key = params.get("secret_key").get("secretKey") - self.aws = boto.connect_ec2( - aws_access_key_id=access_key_id, aws_secret_access_key=secret_access_key - ) diff --git a/plugins/ec2_investigations/komand_ec2_investigations/connection/schema.py b/plugins/ec2_investigations/komand_ec2_investigations/connection/schema.py deleted file mode 100755 index ef915457e5..0000000000 --- a/plugins/ec2_investigations/komand_ec2_investigations/connection/schema.py +++ /dev/null @@ -1,58 +0,0 @@ -# GENERATED BY KOMAND SDK - DO NOT EDIT -import komand -import json - - -class Input: - ACCESS_KEY = "access_key" - SECRET_KEY = "secret_key" - - -class ConnectionSchema(komand.Input): - schema = json.loads(""" - { - "type": "object", - "title": "Variables", - "properties": { - "access_key": { - "$ref": "#/definitions/credential_secret_key", - "title": "Access Key", - "description": "Access Key ID", - "order": 2 - }, - "secret_key": { - "$ref": "#/definitions/credential_secret_key", - "title": "Secret Key", - "description": "Secret access key", - "order": 1 - } - }, - "required": [ - "access_key", - "secret_key" - ], - "definitions": { - "credential_secret_key": { - "id": "credential_secret_key", - "type": "object", - "title": "Credential: Secret Key", - "description": "A shared secret key", - "properties": { - "secretKey": { - "type": "string", - "title": "Secret Key", - "displayType": "password", - "description": "The shared secret key", - "format": "password" - } - }, - "required": [ - "secretKey" - ] - } - } -} - """) - - def __init__(self): - super(self.__class__, self).__init__(self.schema) diff --git a/plugins/ec2_investigations/komand_ec2_investigations/triggers/__init__.py b/plugins/ec2_investigations/komand_ec2_investigations/triggers/__init__.py deleted file mode 100755 index bace8db897..0000000000 --- a/plugins/ec2_investigations/komand_ec2_investigations/triggers/__init__.py +++ /dev/null @@ -1 +0,0 @@ -# GENERATED BY KOMAND SDK - DO NOT EDIT diff --git a/plugins/ec2_investigations/komand_ec2_investigations/util/__init__.py b/plugins/ec2_investigations/komand_ec2_investigations/util/__init__.py deleted file mode 100755 index bace8db897..0000000000 --- a/plugins/ec2_investigations/komand_ec2_investigations/util/__init__.py +++ /dev/null @@ -1 +0,0 @@ -# GENERATED BY KOMAND SDK - DO NOT EDIT diff --git a/plugins/ec2_investigations/plugin.spec.yaml b/plugins/ec2_investigations/plugin.spec.yaml deleted file mode 100644 index e2e0d65496..0000000000 --- a/plugins/ec2_investigations/plugin.spec.yaml +++ /dev/null @@ -1,114 +0,0 @@ -plugin_spec_version: v2 -extension: plugin -products: [insightconnect] -name: ec2_investigations -title: EC2 Investigations -vendor: rapid7 -support: community -status: [] -description: "EC2 Investigations runs security tools on the AWS EC2 platform. Using the EC2 Investigations plugin -for Rapid7 InsightConnect will allow users to mount drives and scan directories with ClamAV" -version: 1.0.1 -resources: - source_url: https://github.com/rapid7/insightconnect-plugins/tree/master/plugins/ec2_investigations - license_url: https://github.com/rapid7/insightconnect-plugins/blob/master/LICENSE - vendor_url: https://www.amazon.com -tags: -- ec2 -- aws -hub_tags: - use_cases: [devops] - keywords: [ec2, aws] - features: [] -types: - malicious_files: - file: - type: string - required: false - owner: - type: string - required: false - hash_value: - type: string - required: false - created_time: - type: string - required: false -connection: - secret_key: - title: Secret Key - description: Secret access key - type: credential_secret_key - required: true - access_key: - title: Access Key - description: Access Key ID - type: credential_secret_key - required: true -actions: - mount_drive: - title: Mount Drive - description: Mount drive - input: - instance_id: - description: Instance ID - type: string - required: true - region: - description: Region - type: string - required: true - private_key: - description: Private key - type: string - required: true - user: - description: User name - type: string - required: true - directory: - type: string - description: Directory - required: true - device: - type: string - description: Device - required: true - output: - directory: - type: string - description: Directory - required: false - status: - type: string - description: Status - required: false - clam_av: - title: Clam AV - description: Scan directory with ClamAV - input: - instance_id: - description: Instance ID - type: string - required: true - region: - description: Region - type: string - required: true - private_key: - description: Private key - type: string - required: true - user: - description: User name - type: string - required: true - directory: - type: string - description: Directory to scan - required: true - output: - malware: - type: '[]malicious_files' - description: Malware - required: false diff --git a/plugins/ec2_investigations/requirements.txt b/plugins/ec2_investigations/requirements.txt deleted file mode 100755 index d0674c75e2..0000000000 --- a/plugins/ec2_investigations/requirements.txt +++ /dev/null @@ -1,3 +0,0 @@ -# List third-party dependencies here, separated by newlines. -# All dependencies must be version-pinned, eg. requests==1.2.0 -# See: https://pip.pypa.io/en/stable/user_guide/#requirements-files \ No newline at end of file diff --git a/plugins/ec2_investigations/setup.py b/plugins/ec2_investigations/setup.py deleted file mode 100644 index 1670f9b494..0000000000 --- a/plugins/ec2_investigations/setup.py +++ /dev/null @@ -1,14 +0,0 @@ -# GENERATED BY KOMAND SDK - DO NOT EDIT -from setuptools import setup, find_packages - - -setup(name='ec2_investigations-rapid7-plugin', - version='1.0.1', - description='EC2 Investigations runs security tools on the AWS EC2 platform. Using the EC2 Investigations plugin for Rapid7 InsightConnect will allow users to mount drives and scan directories with ClamAV', - author='rapid7', - author_email='', - url='', - packages=find_packages(), - install_requires=['komand'], # Add third-party dependencies to requirements.txt, not here! - scripts=['bin/komand_ec2_investigations'] - ) diff --git a/plugins/elastalert/.CHECKSUM b/plugins/elastalert/.CHECKSUM deleted file mode 100644 index 4f0abfd7b3..0000000000 --- a/plugins/elastalert/.CHECKSUM +++ /dev/null @@ -1,15 +0,0 @@ -{ - "spec": "37c39512906a5c65e705ca8d7db776f0", - "manifest": "36882c239657e1793eafabf50fea89b9", - "setup": "ddc5ef63a067ca980e930bd3e495895e", - "schemas": [ - { - "identifier": "connection/schema.py", - "hash": "43ce6dc5005d093e08b4bd85808ae9e8" - }, - { - "identifier": "receive/schema.py", - "hash": "598bb27456ffd421eca61d81f0d39a8c" - } - ] -} \ No newline at end of file diff --git a/plugins/elastalert/.dockerignore b/plugins/elastalert/.dockerignore deleted file mode 100644 index 93dc53fb01..0000000000 --- a/plugins/elastalert/.dockerignore +++ /dev/null @@ -1,9 +0,0 @@ -unit_test/**/* -unit_test -examples/**/* -examples -tests -tests/**/* -**/*.json -**/*.tar -**/*.gz \ No newline at end of file diff --git a/plugins/elastalert/Dockerfile b/plugins/elastalert/Dockerfile deleted file mode 100755 index 7f3c8de076..0000000000 --- a/plugins/elastalert/Dockerfile +++ /dev/null @@ -1,25 +0,0 @@ -FROM komand/python-3-plugin:2 -# The three supported python parent images are: -# - komand/python-2-plugin -# - komand/python-3-plugin -# - komand/python-pypy3-plugin -# -# Update the tag to a full semver version - -# Add any custom package dependencies here -# NOTE: Add pip packages to requirements.txt - -# End package dependencies - -# Add source code -WORKDIR /python/src -ADD ./plugin.spec.yaml /plugin.spec.yaml -ADD . /python/src - -# Install pip dependencies -RUN if [ -f requirements.txt ]; then pip install -r requirements.txt; fi - -# Install plugin -RUN python setup.py build && python setup.py install - -ENTRYPOINT ["/usr/local/bin/komand_elastalert"] \ No newline at end of file diff --git a/plugins/elastalert/Makefile b/plugins/elastalert/Makefile deleted file mode 100755 index cb85f96b6c..0000000000 --- a/plugins/elastalert/Makefile +++ /dev/null @@ -1,53 +0,0 @@ -# Include other Makefiles for improved functionality -INCLUDE_DIR = ../../tools/Makefiles -MAKEFILES := $(wildcard $(INCLUDE_DIR)/*.mk) -# We can't guarantee customers will have the include files -# - prefix to ignore Makefiles when not present -# https://www.gnu.org/software/make/manual/html_node/Include.html --include $(MAKEFILES) - -ifneq ($(MAKEFILES),) - $(info [$(YELLOW)*$(NORMAL)] Use ``make menu`` for available targets) - $(info [$(YELLOW)*$(NORMAL)] Including available Makefiles: $(MAKEFILES)) - $(info --) -else - $(warning Makefile includes directory not present: $(INCLUDE_DIR)) -endif - -VERSION?=$(shell grep '^version: ' plugin.spec.yaml | sed 's/version: //') -NAME?=$(shell grep '^name: ' plugin.spec.yaml | sed 's/name: //') -VENDOR?=$(shell grep '^vendor: ' plugin.spec.yaml | sed 's/vendor: //') -CWD?=$(shell basename $(PWD)) -_NAME?=$(shell echo $(NAME) | awk '{ print toupper(substr($$0,1,1)) tolower(substr($$0,2)) }') -PKG=$(VENDOR)-$(NAME)-$(VERSION).tar.gz - -# Set default target explicitly. Make's default behavior is the first target in the Makefile. -# We don't want that behavior due to includes which are read first -.DEFAULT_GOAL := default # Make >= v3.80 (make -version) - - -default: image tarball - -tarball: - $(info [$(YELLOW)*$(NORMAL)] Creating plugin tarball) - rm -rf build - rm -rf $(PKG) - tar -cvzf $(PKG) --exclude=$(PKG) --exclude=tests --exclude=run.sh * - -image: - $(info [$(YELLOW)*$(NORMAL)] Building plugin image) - docker build --pull -t $(VENDOR)/$(NAME):$(VERSION) . - docker tag $(VENDOR)/$(NAME):$(VERSION) $(VENDOR)/$(NAME):latest - -regenerate: - $(info [$(YELLOW)*$(NORMAL)] Regenerating schema from plugin.spec.yaml) - icon-plugin generate python --regenerate - -export: image - $(info [$(YELLOW)*$(NORMAL)] Exporting docker image) - @printf "\n ---> Exporting Docker image to ./$(VENDOR)_$(NAME)_$(VERSION).tar\n" - @docker save $(VENDOR)/$(NAME):$(VERSION) | gzip > $(VENDOR)_$(NAME)_$(VERSION).tar - -# Make will not run a target if a file of the same name exists unless setting phony targets -# https://www.gnu.org/software/make/manual/html_node/Phony-Targets.html -.PHONY: default tarball image regenerate diff --git a/plugins/elastalert/bin/komand_elastalert b/plugins/elastalert/bin/komand_elastalert deleted file mode 100755 index 38e64c9e8f..0000000000 --- a/plugins/elastalert/bin/komand_elastalert +++ /dev/null @@ -1,32 +0,0 @@ -#!/usr/bin/env python -# GENERATED BY KOMAND SDK - DO NOT EDIT -import komand -from komand_elastalert import connection, actions, triggers - - -Name = 'ElastAlert' -Vendor = 'rapid7' -Version = '1.0.1' -Description = 'ElastAlert provides easy & flexible alerting with Elasticsearch. Users of the ElastAlert plugin can monitor alerts in real-time for automation use' - - -class ICONElastalert(komand.Plugin): - def __init__(self): - super(self.__class__, self).__init__( - name=Name, - vendor=Vendor, - version=Version, - description=Description, - connection=connection.Connection() - ) - self.add_trigger(triggers.Receive()) - - -def main(): - """Run plugin""" - cli = komand.CLI(ICONElastalert()) - cli.run() - - -if __name__ == "__main__": - main() diff --git a/plugins/elastalert/extension.png b/plugins/elastalert/extension.png deleted file mode 100644 index f4bd7f5ba58d80b327d9dd0a444f1a1993af838c..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 2910 zcmbVO`#aMO8=u4+^N2*MIYeaTRJ6iZ4waWoL`pSLB%&UaH2a3hv9^@gF{6^=6-gxz zHWU$!qDisM#+>3i!#2Lp_U`!;-uH+5y6@{gT-WDwU!Na7nLge})K#{qAP@+3kE3qB z2!tG77K!WSWt}Oqgeyx{K3*r>k6iVVN~H@ob_oBvFDN{{Hu?zytygN3#9bAOWG{H) z```0ieg?2Q*tA@J2_El1eR5h!cDpXl*V_-_jKJnRM<7&wdbk}rkudUmlph(y*o1`A zFZkC-#Y?n$^FmH#h7wCIhWeNlJ!tp6bG5SOqC(c`f(UC}6TSW`1`T}`QN+j5RyMkw z+D+|<`!)ZO3rO+kHj66AiKiimstQxUK&O9*$AVK!?7SmyW_0Nn>XE30R3V&S8xzbY zSq7>!N4IZoh0-kXY*n1-e=0#Wv3=r9p)pQe7`l8hsCu=VJ~-qNbZ{}38PM@|-WbF> zUPi5Tf!MnZRWb0~^K*Ht1b%Fdb?XQ}i|TVy>k3PYYWL!#g*qs@wd+^U7{ol@^p>Lx zR4-j&DS-9gFpluS?U1eGrlDPHnLNv_)l&i94%C`wZ+;U6!oj7LS~me$Jw8&gUI3Oo zj06m&+Y}-IPc!L)%J)4cxf(;?R`W|{^H#&hMY=7%!1T^+R0TLuFX7D|@ffG-mxGRr zlz?;C4bncPzlAO)=>uA26g2|7Qj-=k`01LiGxfoGiS)F!ct1+7d|?}AoVqqQ+E-2e zjvu8DJ&Cd)UG|%v+B0>f4+W7_9hWONm`KlWZM?Ni4Rw8BKQmBop}FZ@=E_3MN|!xm zuKN14D3n9(tH$m_HQ>%Qs@+@JTzO7`VE=1epwI9oy?&EqBl)+>yXAsEFuEkgktQ2XD_owf!)(R}wvgyo~&^+ zJ94{|`$x2=6ERy4u*09tPZUav^D(7Vy9rArk(dcy z2I?Xgq`aVF#{h!Wxy{2{-(snwJE~)O#eFOQrUHrnuf4JOsaF!n?y^_qo#CkJxLFMjbAq zUSu8)%SWN|(Gndb$R!?F$N>yE^z*f8oi*8y1QaykZYt%G0@bw>`x?8RLF`aOQn`jy zD^-GXCw)K1B21E%j)wz&i%m4ddfN$~W1N}*+bD&lW$WYcUJdE6BbY}9Ho6BgqQeK| zRne%|*O%!GJA3My{udYd9OgbYP*R%J7-8QIcz$Bquy`Bz@4R>eChBMqF+@6JLCgN_ z=Ku#y8SzBpn5oOt+Sj-5$f39hejc9fgVx#>4+$Jnes*|t=`aasQi?J6q~Vh+Cv((^saKPn z>JvB(!k9A1m9uET`;>PT#aQvYL~5{&HOjZLeuBr3-{^pQ#kVD?OC791Zb~DG#cau8 zrSAD1hCjO1W482BbGK8$3i#Z`Y)?vj!l^p&5ReJ= z&*vW$CaLbd0K&`PV;05FOpWX0Cc9uyzbIB;V0C2 zNXNpN|EPIhC{QaJw9Q>!Vwm7J@jlHDIcm#*7ENY z3zPqT=TV%Hy$cDBKMIe0*g`K2;bFf-8seYNGqnLgTS;=X!m@!@9n>o>f2DnD0fPxu z6nyZv0_EP}H;xgMw)YQ1sgP&S(L_4*v-w;o+tTQ(ww}SOiW&$9V3)^K z!L90tTcfR;+!tPm_bSTm1me;frX5vxuhB!gSI-35CcV8@%sT3}=sNAAN7ZDzXAy$C zC2@ZC5$!2W8zF(f@w3G-ZkX50`Sqd9iRHQu^?y%@X} zc?`L7oRw9ps_}g6n-h8%if>W8EM#X3d+xio?r|{4H98bn$C+)HZ)`rKse=}8ajA&G zPwK}tU&o(KK&+Hn`fk|bC2oSC26jY@^#$8W%cYzqjmLGteT+1uGds%+JuHZ48?Jo4 zS=<#i_wZYx^**>%3X=tnI@N1%isqCFszZ6$a&bFrx{X%xZ zc-8mhf8AL>`eb4URnViYBOY=^5gM3$O4koWk+c7X|&(e}^->Co2&&*WN|b-4OZ nM<}1pB>o@n@E=nNJXldkY*uA+V!1D5rWfJi?(O!{B{=23V@mf1 diff --git a/plugins/elastalert/help.md b/plugins/elastalert/help.md deleted file mode 100644 index fe9826da4c..0000000000 --- a/plugins/elastalert/help.md +++ /dev/null @@ -1,70 +0,0 @@ -# Description - -[ElastAlert](https://github.com/Yelp/elastalert) allows for easy & flexible alerting with ElasticSearch. Users of the -ElastAlert plugin can monitor alerts using an ElastAlert webhook in real-time for automation use. - -# Key Features - -* Monitor alerts - -# Requirements - -* Username and password - -# Documentation - -## Setup - -The connection configuration accepts the following parameters: - -|Name|Type|Default|Required|Description|Enum| -|----|----|-------|--------|-----------|----| -|credentials|credential_username_password|None|True|Basic Auth username and password|None| - -## Technical Details - -### Actions - -_This plugin does not contain any actions._ - -### Triggers - -#### Get Alerts - -This trigger is used to listen for and trigger on new alerts from a simple ElastAlert webhook. -It opens a network socket on the specified port and endpoint. ElastAlert should be configured to use the specified port and endpoint. - -##### Input - -|Name|Type|Default|Required|Description|Enum| -|----|----|-------|--------|-----------|----| -|tcp_port|integer|None|True|TCP port to listen for messages|None| -|endpoint|string|0.0.0.0|True|IP address of the Komand host to listen on. Use 0.0.0.0 to listen on the all address|None| -|interval|integer|5|False|Interval to wait before reading another message|None| - -##### Output - -|Name|Type|Required|Description| -|----|----|--------|-----------| -|alert|string|True|None| - -### Custom Output Types - -_This plugin does not contain any custom output types._ - -## Troubleshooting - -_This plugin does not contain any troubleshooting information._ - -# Version History - -* 1.0.1 - New spec and help.md format for the Extension Library -* 1.0.0 - Support web server mode | Update to new credential types -* 0.1.0 - Initial plugin - -# Links - -## References - -* [ElastAlert](https://github.com/Yelp/elastalert) - diff --git a/plugins/elastalert/icon.png b/plugins/elastalert/icon.png deleted file mode 100644 index 6bba0b9882eeecd1b59e65062cbb97c7b32e67c7..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 31888 zcma%iWmFtZ6YfHA2@WB+yGsHD+u+VZa7l1?3GTt&eUU|iyF-GzyN2K%V6nySzTf?G zf8IG~cY1oNpRTT|>FKJjiBwaO#m0D#0RRB7<>jP60008?zaQEgc+C?US1SO3_*qR! zQ(9eJUG4ul{_mx%lM=iDKa`b~Ra8_I6cps;cg)l$4yDoOE<_;Emt}@Je@g z_qw_|V`F0n2M2$D|E;Ypc;(E@44ejj%g@ix#l_|K@899!;SCK9T3T93Nl9*QZjO$Q zmX?;fy1Jd6o&Wy*i-?GbjEr=4cD}y8zP-J*wzhtKea+6!URYRodU}GxrlzLG#l^Y0 zx|*1nz%dgN5^{5M;jnN5dwY9DMa9$8)4;&MgM$MP50Apa!l|jLuCA`8rl!WmMhFD* zpA0MC0%uINvaF*b=ii(Qh#Ov$p?d|PDLql-Dc3`SS-Z zjn>vyIOlKzI3>Kiv9SR!!chX2$f8CzgHTeG#JgNcV#GEdEthoL}>4UsJ;6?27%->IG)3 zP-SM!;o{kTq)q=f;xa0js03~J-s*WK%`@)ab0%f>cF5F;*AMUQ~6R{J66^N3qoQ5Z2nzc+EGsb$k?JY@e~ZUTY{YMe8gg zYq>S0SGD+=Ir(SRRMU2JGLDNT0N|x0FD0q@ef8AvAb?PIwmPr;ynHo>UXfaAk~BG4 zlHN3CWCbNgnHvR_yLk##W%(Uh&XiED-)*kncGt#p0b0`i+$PQjp9mYeg#>=3iawPD zJ6qjp!-k>Z&HQzsM(j5dH9yRsVC^CdZ-M`>lh37Gr~jIwW7o}cD_nh(lW}AZCXZ## zaP99fcHZ2~upF_jzJ3N&wVvlOV}Czqg_5X;SENIYrJn2A&^R1Vc7s-@?OtGk8gth0!30Sdu%OmyJ48g7 zN|dK2>LCGzf;e~c`6}S`ap(i82yu*^qXXN1^n<=EPrhT9^L0b4@k^bH6cMzbB{x3c zZiCAI{@X+I1y$F&7hQmU*<(avJmupF&P7~JuvoFlX|sl^=w1G+ukVq!wvVggi%L<` z$#hS?$fG?Glm_o;FS_UXre;fJ)ydgl=%(3Myzrw73^l;-lLm6vl_@lvOY~u-K*)8! zdv+GYe2WV8EjUa4Vwt8bS#$X0d+0e(_ ze7C^2-%U>vvft+GU`j;L(P$RS>X#E^D)R14cM?+lulyHX!i5;#4AN&;`Tkh~u6Lnv zCj(DkrR#2XGiHuh4~Yn3Wj)V~8!S{@^%ed96>=YB=H7gnW}^Y|1-v{&V>)^^9-xZr z<*jfRc4NSvyP`{}yox=J?sls8E_6=~c_A1uzu2Lcv(4}4naCe7?%qP1zp(uTZ}rTd zUB-9&ye1!gxVjVeCrhjd_RsGX^ZB>Mm*?ovb^xC8vVimZh-cdU>~Ytcct`1!JCU0M zLVn&HT4owN)6rqxq#C~tBdb}`mh36LJfBT}{dl($`{Wn%_b1aayoZK&uje>8zFR9f zT>BTc24tQk7%8YQ>l73uQBZ*uyCF)>pb8HTk3hycL~sx4KDT zA2teje(;N~0ONS~YjyWr#_szR&ft3Dp?hLSyCL<6sX!>`}b<%!N4l<`kr575B{h{|?s>2OM^IUGH) zRPFB0^-jR%cbWRe*+hYAVvUMwd9c{KM3tqIrc^KeW+P(b6q>NZ-}Q7 zclz@y=*^I&uLo(5*G9Y@s%E;#R@-+lK=-}tKAT6f((aRsco-2bVrd4&S!ooCCx zvu7#|CY5V`B2|SXjbsoA)$aajU;HysXl_dcmDD+?>Dmyh6}|p@6NlcR#ZJZ7R$c9| z+Hc27WN)KDj~^*To2?8#l}ORzZOiaHJR;NhFQ>!D{%NpNyxR6ptNjNDvAey&C1an9 zu$^A#q&gjT;we^!OauVn9Uu_xT>{>Lw8*~{dv&Oo#VrQzkLE?=&xtZ`jJaR8K#kq+x$tbjYbiBOJU^}$AiY1_O zIf5h{_xS)505wok4hth$d2Z4J8RGhZ>bV&MCZV;q^;}=E)pFguf3WoAa{pJPf`W-8 zzBFr^)}zIlD}~mB%7n#E5(~har0?x)I6YK;9nE_9CaceH@s;p=e~&GBu+m7diY7Bk zs%WNiFbhE~v1P!vQJ#j6J8?cAbyS8{!ynVGX#zem1o}KyJdbVbt+qVft}Qfhu`3GK zX|n%JP&m=Y2h(yN9>2+xXJJ9l*uV*CoSQrcA3LtWjqeR{lOpF`&8q+N)e&r_u;BMT zI|hTF_4{NA0H8d8EsU_4HTOn|6{skT=x~Br!RGhN(tBj2lmGk1hx z2Tv=l7W*&_nHZlM;SFmFqee>v0tX`vdn0b*J9c`oRUak+VzoVve`0m8m_!}y(cM$q z+d5OkbmJwRSm?5ZdBrM?14CC~A#A>*P0c(q2Sgo)WR6J_fe>aESN4GlyH%X<$D8E8 zltJBp`#Kc=Vo>OlI2yHA(hw_4+1T-;@+YcH-z*`0WkI9`Sd_CfA_9__?a+Ih)e-sR z0WrTYCBY>5dZO?NMWX+nXKQ_;+W&BeE_+hN+2m43YI!&fk-Pk35$&QiIUWF|P=wJ+nCFcsc?9F+U@SXFJ;udV1&iVGocuMkI}cOukX6bRo|&|0SYby;mS7L7 z@^qyJ)UNxH1!f>2Vwmtgc0GDgBYtI3JMg*8Oh=T+f0^8Y+Y$J_-Pdy|*Wvu^(RkCz z!i6_oQE;XIS15C2rWy@C4}h-#Hw77ULtO7G4UfKDATi*uC@?b!od_Qcu!IgFfa5FR zJgE1a{p}Ue`x~a+&PAmxvXYfm|45Ryu;y(rJj#0B#p%en_1S6Ap*+~1OM)t3uTP{S zQB}Oz>bB8MlJ!V7gB~Fn2>4naN{f>8i#ml*&k;L_KP{IaM2!9wku@f=E+a%CmgMMJ!I}BC`V?ec?jl z0T2Y?PhNpj{av?Yzf3<;Xyh&Xp!O9pS*lc5G|;INqp6LqxgGCc{KTyr*-E7?0ijX^ zLh3v5KjGrls@zBNng&Z;i0L5v0jdulJwm0PQt8OztKyhkN0<>=Fze~1j+QNw{-iD; zyrVxdW}maBi$w9UX1k-KX5dpqr%#n0Z)1T^!pMjEpQmUpGDAaOY`naHKZ1wv0tt0q zu(%r7L`PwO=>;K_KpjIOs1Lx~!gM(H`RY8=S<(31pt6~nq5t)v`yHeFgG#T;Fv0Cnx)%KE*ntuK-nmh3P7UotEn8ca(Tby*ad z^^aJyOQa7C*AQtF1hZUhRCVwW&^m>4?^^u*=>a-G9r6m1cigvXPd-G@mqC);-#~(a zYRhzCl_+~i3h=80GFF<=0@f&^1@*j0TS|NGUsGB1axzvUkD3<2Vk@{mRSk?mL!kk(#m0N{Ce4hMjUGs5`tl0mh}Cg5NePx>2zkL^#rJ zC@Ixt{Bt1lWia|T(el2sB7xAiBF>BubFT%WZ?i7+wd~aN4SyuH*E6RP0U#hXEjR8l z;->=0Ytjg)3>UzWkc4g;1Qx#^%V0fxj&gJ83z5vYSnipRTzvuQPo>5If$?8(%-vYb zqwxcN&YNFTG8^6mOHKtewZdg=0&R{C>cggri72VB*L20x`T4sJGVa9@s&B(r>5(vs z2sHFbPLibI#!Y?e3@~hsB?xO+-^wp6@>*i0$_Gj>$zr?t2v;HF@^DrtPfn)3d3SH9^K^m8KJ?u{RBIR-jBu;O4^bas=jW{ zl7PeTIF-Io95oQIpt=u_Rf`E3>px+u%=+j4sq>WYU81B2dFGQvsn2! z20+K@;LY*2o*!>7oVNGx+~s-0+sptG1r^oa+HioR^T-p*cK`Q$E4`}z^Z^xJL&t)q zl~Mr0%=`Urz;umhb1_^;60eVEo_A@^OpJp9B7+7sk!TX=U%#p~;|gX$-zrDX3pQXk zvo36=Y-DpSooEE2(WfZbeP=*}GW`VK;Xng1*Y*eqcCrYhBX(Wr)Mx+&pwaayb_lzn zBb^kYMhqQ#F_m_i8V+}w!;!%)0<|?JU;)?JC`TXp`6XEFxxc^F2=Zbr_1PqSz2o+L ztHtNjbo7_)wd1ZVKkmbc|1D*pshswb=Bigc1`Hf5cHZAl4`wA(LI9N8Ndo3kv4aDBj91j;EXr#w z#fFOQ^br-;?3<87Hk*$I6VQ0`~OE~-2*O(-2Uakp>wD!_j z<;Tz^Polz<#~Xoz-TbcycD~ZMhedFK6F{jq$75oXUFFf~XIv2I__HKW6KU${?LK&Y zuISJI3Y0QmE35IQM_6}6(Aa-N_}&dOF|gq>7XeJ-@Ko_XZL>}nLH44Q7LbUhe7@`| zj(;y_`{4i6_h=J7)us~8eds7Ln^u@Qc-2MjGH$x-GYq1SdgfA!ws4<|$;{-(sVCQ0 z+$ih=CI!+LB$YI%B)t=`?ES|CsaLMTksB%5jVcW>nhAijiV6L-Xd|{I@XdpfHmG=H zkuc5Ka6;0*qWOJ@%9`PHkUXo|EcnfdYD_i<^GeG4gYU1z>#y#RJ2uMKVm@3b@S2{f zI@4~HI0=2UwHiR}UhUD*wdGlU@nz)N@D4r8WNi~IDf_jm89qly1UP!5A^dSn6BN{q zNUIN<+-A?8XDg7BicDi1<<-&oD}ShoGktZV#j)Wl07_EwU(xwdvV3|Z={48}_bmLS z-kF$*ZN2Ose~%BXj1m7L7Q4*mc*54Xw|PyfT(^=QLij6y%oskOsEb@I;DSlCVx8^C zJx7wP z0l{KB(RGobA|*1_3gm&By~GOg5(SD}3`g26#*+XAyaYy>)qXI6=i*kiw}*X}Nkb`W z6%?n$3@%T)+2rc*3>D*63r}{_G$EFPagdBOvznqBuJx>IBxTKLiIzIXJUFC=6Q^s? zpfBfWDz>~D>OU~f^x0aRDo?boTqb>MF625qSE_m_Wi>>p*@{|UF9U$^lD~W!_ zwvjB7r^l)V4r8Q$LuIF^0fBbBP7sogEj@MQu7Jz_)_rd9>vJ|sTjjib3lcSufi!}j zEjVIWy!QNcmEmJDt;8Oq6Y%0POI3rmHyj`u&;U0a)0LIa1?*ljRnLYN47G^?W*pRg z-v4p{!(>j}Z#m41u%xK%A<6Ev)M2Ao1I*EWlqxIt^}o)#+GigrGWTSGBM%oJ-N7{8 zC!NZh^{{grSh8Zj+8%#&{cy=~+<8qkR5BiBNZ0rApJ=P6&v>2vl50ifpaac46G1`c zEhmIgI|EVl5Z^CSZ7)DjGByXFUQGOI25u^`bxfS$4eI_DMw88cl^*)YNo>BnLA3u? zsKbhXb{Hw;CD?OHJvQoZ5RBoHT};FlCIpH zo9*HYrl6?6)34KOL!xTPU0av;pKXDAE*q+5NeYELe-PPcSc?Ctvpwy4+~&eC1o}1> z-a)&6;|TBPq=!gc+_%B!jUvJ6hiTlx|FkLysv$0)T@d<98QIbE#+J_OQS?TuaN5oq zokpT(Q5V@yf|dWQfR&$WDxYMGwRZX>xsaBQ=mf+z{>z3XaSr*Na*icSvC1w~i9U_! z91XovhtUb*snv296frlq_POfje4;J1ys{&@^8l+ppY(*$#UH_H#izf{u5Bn;zhdoC zG}4Q$IdpVS&y&J220+7V7;Z^jUYUd(FY>qS?z_iLpTZNSbx{v;cv%XlUkpWy6(7m_ z4265fo*Vk>eM z7L1XHMi{`rJh(R~aXI&5TaX3|W?0cwWqaFGs1!f`wyOuKeK0mc!j9~{rH%Yd87$^M z;98*6UM&g%W$iQGObcPGW!spHk(qfq+Jcrx5f_CFR6SB^oDS0dY9yK(N}6xm+=_i| zTd$}p5WJ^jD=DepwJpThI&EhHBImV-G9V%1$?ru<-+k3dk!E#iq$^{8l7Rc!5{8Q+ zpY8v-;!L^G3f8WPaal*zx-GSVc7s%;keH!%1Z_ecZWW&EWKi`g1g`C8m>Ur^C~`y* zxO!z+W;+ZU<}sjEUm4D0&RMfHw*V+IM^9+T7rID(up#b_kjh6x@;h0E3%IFg32yHJ zwL7`ib(Zj@xn?Xw$OVl2onOFAZuhqZ5w@Lb_0ibU9Ixax4ZFWIc&h zv9%nuEUAJXk3BPN>=0bq875*)$sW%{qvzFjwYGKbXwwxJk$4wBo-0?z6j~N~bmYDH zktEhwhnYkPP;f83i++VA>{pPHcsU(m{@)`y5e=TM%9+Ce8#>gk?z-`Bq{Tpanb0VO z32o(kZ3Tr{A|aqTW)y!_z?F;|?Ol)PxQAnlr{z;!Lieg8m+dq*F^yZQGV2%tf>fA} z-Vs(ed7MJ^DAq4ZT~PLK<{(0A*b@Z&yQJd3029t1y#R6YL(EN~Jh_x6t&#Lpyj8)? z+3xaF1W8ePCc2raEsU%hvb#xm81K!yY}v5YKiMKJLh`w(*2p}FSB7)!knr43Lb}R{ z)QSarQ+LDl-g5I!^mtg_2a5lNtG-tHTT7NfHk%6s9a8a_ym@Gq)+Wrqe77-a=~{6v zKDz$ZwlG<9;SVWQR7c*BGP`M@*_fZ2huC~-PNpxR{2Z+WDy;wXlHzg064~9b6q9`F z`V>JQ7a;C}D>=1m!e=<73Zp$a`$5;XYz&r8_g8)@G&$wVCJ)1%5y~G0Rc@N&gH{o79R-|{WKdQJ zf`U+!r1GYE{)?OCYw6zgL5;7wvFu$eXs$V9>fn0dHj!ed+V}FhCi*1&!{Owz;fK!) zdsjFUW2rT}VtkEBQf}pdgVLefvM#nYQVJyRrM1`AhUml9A%|w7>lPCP;?=u+!(7Tu z@REuc=})Bm*MEogB~qE=J@iwyO}mAP_&#MZ2&++nO=z**N3Pa`EbpKvj~4*w`jhLy zTaPV|YgV@^@7vvT`=-8kZbO-EALiwDnvP_Xov$YCpM6wmKiyoW+75&VXK>Iw_Yx6@ z0Ysq+Q&0cyi=&r5`-RGOHCjFF;NTcfGX=Qtk-OW3B-j1MYSC4o29UAgc;4ubS`F1{ z&gxI+tzf7P#Vs17{_PfS$4GN`?z9`t^VQj89j;O=n;kNEl_Wi7#7S&IxZLurVp3=MucA?TS!hD@ zw^c+PJh~@>6dJ}x1|@iJU!Mi;vzooub3f<7tzaTOzibLib^4^wa4~v9b$|lcl7CKY zpe!hx6hWAT7uQUPfM2ATytL;{3)s0R5GNcNq|Y(t1P0i`d!CC5UC4)9wq1D6yYPPx5Yzc>dBQS)dZ7e zEU7q_r0Ni(D3ya@XID4N!VWQKalV8$>o0ZP%@WInv9KTfhuL}<&xn4fFv|n>Q`Ez- zw(yHmLYDQO0B>lRF|bSWjD%N6dOUPjU4O(>)@o0i&>QOqdTObdq}(4dW$j&e+Vq@O zHmeMmN&AMo^3prQu{$mdM+4o5K5nEgkI|FubCH9=LEB|M-4lJITE`bcsL;&2{O>kq zzrvg+?Az^*>TK`!9;ud?KK+yPUJlBeJnP0|CDOZw5i*&xF(4Grd+FmG2!h%j^=`Qz z8HN?GSj&3@yYD?xA(oC`?&WzpKJnN{Y4H_VT;WV`CU%%rkU)q?C7_d|Ky_$oIO`^Z)htcOTo}Tajs7 z;|$#DpEq~$q5YZT z1~vcX;7M*hL>X($-vR^?Kh7Hs~*hsD0NaI(X=hI+PnmWQVjNM;IBIbo6%tF@Gka2QQ5 zqMQk1*sNc$kNN@op{^GCWn|Er&vmk`&(h$K!=~{tjxQn36qU%hgsP)IJK;cOt!a0% z<~d<mbs_KX zLFXT9Cb2zr1MIBh6z$M&IqY2Bd}ax$zm!w&T=d}q0#lucQL$DUZ;g&L(tXpYDqDHZ zqr>O=Frj!gQ|PI`FDSOnQmf0@kactO6ZL#j8}pO%vGqsS{t-8KIK){pzV8e4f3OoejJJEL z<<0<;$oSXW>ja(8JG?Lw;y_w$o*TDp>3PgXh=0+?Y)2C^hb2TvEW4hL+#u5cMQ0*t z-$9!v*~}Z58;qW7&AEA|Nc4r{HuxwSq5vDt7S))UV_mqa3n@6X9RuIZF;|!-y3%PI zDX_f9Cc>Y`ywHl=$8ArL3wRXs4Y!>WQ-H*ohH}&^3g3GoAR;_lYDePNDehNAKA&> zkMpTw9e%P*&1a+xqy@9T!EGykpP#JVhVhZdoG&_9!uVe-4iuIt+e^FjwEcT-_hZ|4 z_MMOJ0jrIc8x*?%OzEZJ1cz;&Q%x<;}A3XCe&4lY1zMD537!GB`}r6qc7K1yb^Q4tdsUE4(-Uw~X&eai87LMK1y) zkmw^b=@ZNm%uJ)tzxqs7b>n(8`QJ&K2A-5Au zI*YuHmh8kP@>*lSp?sEG%9GT|^A0%;F#!pPE2oLUfJ@8G^Z|7q zfLZklm7r=6HxphIK91C62R74En`5An%kK}Wv=b8F*gl?1V;D<T`ThTa?bPv~C_Dt}&LN*$^ z)YtO8aB4FB_aD>EBvjdj-=!fmSbNaRV8oI)O_Ay8sN9a{)!IH6WH$AoLt!I0Vfq?e zBBTqSl@olTo*t_jQ)y8kzlad02Ghh=DBnV*9o@r`Y%dB8ZqtGrXO<_CX)?8@sGh7p z2IW=b=-$KDet2b;0l)ChE*ujmr45*a`N*=6Y4iZIz{bFa5lE2m>nr)i$GBvp6$+QI z7h4d0dg?C&d{j|x3BDh$JJ}-*sbNY+% zAW}0t$dc-cw6xWOtk!0;4fqd4-r(tLxg5d6w$ZYKX5^O8lkF7et1|)%OAyE>Tz*Qb zcbz;CV8&0BNeCMHv-;WeKQX(~tW%#%7@E%7@r0!8wz$mF;YxrI!KAuemS4E#3QQF9 zvD#V4NfT96MJdk35*=4wdmF6?9@iCq$P5qCUCqQ zMH*e;BG2>aJ@uaMk%(TEml3^;Yw+S=vrd;;5%Bg>F>C zd^jF#NlGA~s80+H?C5J0jkDLJ#5~LDmYX9ry}SWKZ;Q@0yq;FLLHsz)?)ml+A)xA$ zEU35D-r$;fx^TMMz@>S>F_yv62p$dDPgQZg1%&Mil={3bUJJU>jToEym2$E^_k<3r zT%jC^shE!>oQ9hpI_e@vQazcHOA3IZ&FdX~Kc~@f5le$5104DbErE${*Eo4(c=Cwt z7IavF3Q3xSDoSYEFGSL`iVi>8Q<^bkE6i>DVo9XVQX#=#on^Di97~<>7e5i=n^a4DJov7%zN%DX55FacVbiyKgv()R@#_T1$>&mQ`~qsO<81XU0{C6 z^!eA9{NM92SVSW$U(IRDUthObTbP0sh*3pZi4i&LIqCY-!EZUq`;XA|E#@4p?p7`y zN8hmJ65k|~sY2WEY&h_Yn#1Qq45iLcy4N?V=>yAL$}=s$9dvmiMd&4Y;sA>ja7InUxX#v|o5vI*0-lb~s<=<+EkL7$d?@ zVMb7+$u#l(bocTr(BEocUQ>z{>1$f^)a#dP0i|ozM{hnwNPXS#ctDumFiA0;zh2EAP&7Ga*Lcr#6#o1!!|o z$CDWwwFwLEX$GHoPRhTwy|!&6ScYGLOIuia^AIooi1MBq9v>e@(5Z?b3?vHFM_dJ# z1tI!v501>V5-K3-M1AU!aBak`D=^_(!BE4+4N}@$R7DdIcD9;}fIkh-tCoEWy|+^i zWh3=#YITHxDYMO~Z35|sb@Y)z34k!QQI)r7ha7aCgXY+52)b&5<}1m38u0iOZ^-3p zhD3Jo2ZoZae=r}{knfhvY1>MukbH*t+z}hSE!A+y-Eg{Usy1e4~#ZCq!Q}D4$4qH z$GEx#Aw$2;6f7k8u6MCsYTY1bh@z)PTIjvOhd`TbVLP=QoH5|p_6 z!$0JuWuW|f3II8)zUBmH1dDni+L=#e;?RlfGRM}So|W+1`FuU}AHs(G)H>mD{pNaG z^N;#pSRi>W#|DE6WnMp=BzmHD@L0+4`HRWsi}xU2Fh9#!2Msm8T)B8q^%@s|00Y`` zR}?#^A`rejqBoRFD#NznY-1VrHf*`ViN_;A?-kOavz3U=}UPce1ULF8C@bzqbK^2KnA2n(m(Uj_5|PXRg!Dn*HP~? z;>>Y@-)}(H0F64LEfH1?x1)70CxRO7%6FJkMu62+bNOcqXd~G-37nLB*R6CGp7yF- z*>Y9~2M=8N8vAwr;LCUmhGm+JT=evJnPrt({ssVcu;gQjR-Oq}{LJ-?;_rt$McQ= zU+A3u*jT(cVN}riVi!H}=ff|tJm(aL!N6UCO}g^4XS}yru4bXhjbjl6=lwYq#xiAC zRYRXf9VjRxB$yS-tYzUpZcgAmfo<|}F z*Y;dYf$F7E92X*)DA7Lq8l&&r%Qt_%CeGj9`X6?_*lN++mW$;S4ja=QLcBGT*tDbS zQ}ntn^!`ONpNsRj4+n|uNB2D4zYI(wf6&7ewRZT>F2ZSie;pt2U@}|vqEFTiyi^j) zgDn6VCs#(l7p<$1g?_ z^?{&P0g^sGX5;2}Rx=G@aZJx0!I%b-t(iQP18n{L@>dMKEn96)LpHMc)Jc1js*qr- zaUELEc6t85{xKl}Cm+?1h26#2U-~nJJ|G?YSVF?_53e`HJ0XZVg z?eSE#4^FN6*VQ`&MZZojtRETEu*1t6nd!=#ay_wOH+%#<2)gln+v)9+^X{baH3)#} zQ|$JWb#f8fzm;$MP;;(VgH{U=VfXQr;-aFB33_8?=!%1%UcPgs-c*SI1$0Ha^Ff%z zH(gJknrU@l_mG!LsDSpqP~e|O--j1<*BrKOvOInz1JO^`)ph{Tu$|3n07QdH*=5=W@nB z@I^w92wAlqH>1l4qhpfhe5*|`5NSLC8Pba7R$Gs)9qfn~wqKD+g8)0ki6&#Yy zHanNP+JC7Br9B!4Q+vcc6x9vgUn42PjjFzA^DOc`OgG5Pbf7#p6uILm-f*6$ANw;G z=SQ+3A1hK|(1ap2ZjjI+WYueEhbH9d3Dgd*g&=yviZ-%|*Q-DtV>fZ(MjN7Sn*I7v z{W72VrfAgnS!GhnQkrrS-dB?N++ZMPm_)E0f4l$s#zz+7><`KWx??7@v$H=M)LCna zfMMXOqGf(BbaumHlHQ4fb-#iiNgA6D*uE7WouWOnk^#Hhu5*uj!D@Dto*oY!7wxDk zPfnS?HH0 z@VvP)C2^hTZyxmNF8+p{ZLl{ej~Clv3&RL4bZknsC#JqBu1TwBPPwY~p$ERtfk{Vb zJnvzk`W>HVzxftCE#~+5H{jFx$2biVEm{~bHORoJgIXG)@txtiq%ok;m|6&i+z=EO29Y9D~N=b-HjS70dfM)t%$b zH)AcU?2hvWzMHt6;*%cq7FYIrfA{**_7v!ziV=yXfV6mz>vXhgfO`HgEb6|@Q0i&L zpaxofLF{P#FS5Q3vJ;Hcr=HJV{dL;%?1fwWtMksEv49sZi>mAUMJHDkMw@dk798>VLr@u{+rrr%_#kCP4`l%00A}WM9WQV^I$fzV z&zkJihq;lzdqtNP)VfZN{^@caj6PC8_8YI8LRlU8`P|3xD(vxhM$M~tPFAbmMXqy<_?f z-<%X`MrBubarqxL+jGAq!m8^Hk0cq_w33FK@Xb`D;`2AizJKttnYoWb66JIBy#Csn zPNbKe{h9JTe4}F%o+yuRu^6##6g}(j0IT*T0aIm?D4Gc@M9Qs1#mL88sK`_wC$g!? zS4%Uq=#SLn=i&yBZ+|AtCi(ueMLFPXBMQmy>8LNnM8ubAL~BTasT80?3(!IP^Khz% zgg^e|#DDcrhl+EhR5 zYI3c@)y*ZBLx=A=@w0Umv*DDKTgYi+Pk5?2)wZr6 zl^#-D`wqEo&C*krJk02ob({T_;ZVR%SJT)F9RE^Mr323eS*(f(G^caQ*EXf4{%hs- z*d!t^#1$dco8H()+LmAW4J760!_#le5FyDjqGvh|N;wYM19L&O~#G6 z8T7{Q^oQa@R74n+U0i>PS=vu}Ms)vDoF8(&j}*QVmO0sf`^V`0Q@=RS1K}xkMTRAJ zJ}8kOg~kX3_4lzn=EZiI@&)WiIRm9<82BhXJlnv5pciRryYmNMv7UbgUe+~)pugo0 z?ckKrjghjewoB5A{lx*n^qPV|0qZx&b!@nb23j#(W81z(I^~fk`PiKqod(~)@%dNY zG{!7-=gW=XqZ9O_1tyl4T;N*Gl z9eN+b_20GMAa2PRXEzm*pFjl#TJ)eH@h-}Lpzd)^{KKYb6;We#Fjvl_Hq(Mr^x{uy z%d3J~Qn`~SgP-(No6-2C>nRgj5WRpJe2P^dlzw9L3Kc)mJcyV7V6cP@4SH!=(z3_K z_VSP}YcrLPx{_Q^ADR8Wl){H$H>i7mSCh%Ss2+{}h`;LenhuaK49c5E1_K+Pz-t)n zUuY-1`&8PkhBu|?mXN>W5$BVFuf~4`8U--qtjQPHpXb0oav0BC(|UI*ta1`_K`H-a zq%o%$Dl^|-l9xeQO|H%E%g69rpuTc`bIATo@J(_{rYn?92fUHsVf6O9P(B5PhJ2*K zu!+GV6g!%P%c%4FUF%6m_iwJJDdQaI!&V!6kqHRTS;-;~24D8JsQ{>eUO{5>ovs&w9VgHPpe5XrE}Kt8xRfGKxVj!H7a+6O(HX zyTf5&f58Y_Ps^CGEF5pD3AqKno;}s3kNwRVP?36=tR^1I z5vQY)&Y2XE92Xaz@Y>nl;KZkh_6haR3zLel+Lcyyk#(mupZ2D3o=FT+dS`)v|H3K!?o9Gewn zN|?-GXw!zN(5{k;LmF#b7auLbUID_WlFe%}+b|J=ihhkeq=d*&#M2&L^ib}c2);Cwb-K>{gQ?>FMn)hRL7osEv*RO9IB)_fnb?rX=aFvXL^3N16}{uBa9 zX5H_~!s()KG%mp9lFBFE7E z+y-;~Yzg6dYiC5BC(4t3Q_V>)aPTYbhZF$JO{QGZFy!g*{kdUZA@J$QmCi+o){r0W zMUCs75ume2$7*GS6<^rT(%b3c3l^@7Wc;2#?Lt>b8s!Zm2Z*AhuN*cq1@F$WmVQk3 z=lNRFy?m?uiOzgVwe9>Xj3o zFL4;q{u2!HQWl`)o%r~nk1nBCYqqM(mXtrLe-X9WNA`;Xsi0vGF96z{ZD~G9b~S5; zXaQ&>N`;8b6GrmSSLN~A&fPp>!D7)X=5z}J*ChoQP0ve*=hD*@tR*q}z+bJiEsGL% zvjz&(EUGbxc;3(iH$wR1>md<#mDUj=$-$$u1ERL++9-!RB%(yqCF{Tkq2p)JN`iglVGR(_UtDa?25-{@NV4nZt?Ha*8H z4E%-tWl;BA`k>m>%vf!~AbKDYkcB8qESgq=?09Gj#`|$91Efz1?(w;G`Gx8>_(MiS zf8Xt-wCvVSnb)#hayPA;|M(?nvs;wt8`Z=@k#y}*%}@PiIUmA5Pu+G3rGEZ`KOSXr zri8_xIKF>6%=XHJe?AqiT!eVlD!}IolW4@%p+(eDIQWR4y2r{302EN()n=Q-!JgnL zzEkcSB;)y8Et+h^=m_AGzYg-)2FVWB2&qX=c@%rtnv7M!lHSeoD@az|b3pn8y@X1} z_nxz__m*go0WMUle#k3Woa9$N^9wI+$f&0wi(!C+^anLW+bmGx;bgSWK_{s7z?3gM zeo;ER^QH`G;|FR%#OL`nc>MJQWa%t8=3(mKRtu2t*14|-MI>JMlmE)MS`imQMbdke zX5;kos?0w7jwGp?9a)qpXZAM;kB`f!=KvhQE%0ThTdbUaW~LNjsF=O0J(im~Rq3~Z zD$XtC^p6Vf0Ut)^UuJaCC~Wv+#ikYM27a7UBxN_=1A$_K5#r7}Bj!A&Ix?ce+nfCP zvdFhF(?JLy6J2tqR7HL6r$xIuNT$rm*(2rUcs-AJ^*C1h-)ql@9O%^Vf%@AQN4qDC zR(bW0O9>Xt;9NC2uk4N_8{w4JJKGx!{M)od4(k2`F&FaVX$VC+9$_>sFFpY2p68+D z#LAG79dP)a#rg<~UdJlIh8D-G4Hyv**?zSFKZ~hgC99eL43gOz_W?~jY!M`Cawf0d zj#%0*j-w9=bX+diVIcUOPJ-(OluwvS8sGEUEC#VCBxc?uHY0g*q_W$@_9XRcay~x> z@sSvHTgn@5ucrR^_!!}&hfMqqO+CwZ{#n&ZyV(VntwlDsqvCHY_`H=)o2|eww^K@P z?Bm^6G36F6))@tlIaK3LGv$jC{xhMHldas`v||v(Tx{3!3+@K*kSVKx%JT;iLXW;qS^tmEH@SL>zMbpkSkrSN;@EmY*SW2T zia}{s-}v}qfHZp5tUfiv3TraTpXoLOM^Dws(aL4VX0l3XUz;VNZ8{Z>)0#6Mt>k+ov!w`d(tPE9+tWHpxLZ zQ-ubcU;!BBr&MEhCYzEkDOQ|{Vz@4;+66ngjRW2OZ*6Us+zwM?fAc#J@{9$b3B}NAD zzLDrAE^2ga;qw-@-S^v(VpZ3MzoJH;L)K$inhovcBJtfI#N|BSuR|uyuWKRL6XK1< zlliZrNij^h>)FP}>#j$RwpkZ4bw&1Dt5GvK4?Fv3w!0i>r5fl7{b@=2%|#G0H3feD zHx0%LXzr5Y699Uos!$PXnD+U-&y3Jyg&XC72uP;oAn*Q z9a29NQ%8-_PJ1gJVe#XfXDPyS% z4^>9(&c>c-pKdORTCF`fnz{-IRF~D}@3YR(S|o9j_5!~ZNu}dQOU!B|AX7JHfkw;* z6HzyP|1ML#J|B=R>0dvOO1FDrgRxBmByqCZI(WYMeX>y?>6XWdcbF~;MNmSNf8Z1z z%?)%!m~9^=v)A9= zUT*p!KZ_gp=kh>rx4mij+rte^&_Kda|V*E5QE-q#SrBG z6Z$#@#Q?_hO_4|>6-y@S4$NLObJDB(7F^5c2k3e^9Ik2JO+j>x2O`0jrH$@`R zl#`x!^wa$x&Y3f}t!3cOo+D#2l>>V1n1=$Bq8Kru(NoKkuysOaMD+9>jnD#8ersGN z6t-8h)5dBR>YkQou3*(fGEUu_XLg@Fd~JYF^_7rGp!QvJjdIy%(rvkF&cty3d{ZhJ zPdblGIllhP_E+COxo6}+HwC*-Rg%H(=*`arkv-CBw0!)DQjJaWEvwW3EPc#)yoG== z0FX>XQjvLQE+3lHHjqi(y3MgHo6Z2=+O?ONIg!AI#)*v&|M0-q({ElIgcPH2?a8C# zD+u&i@4OKNy5lIJDdA+i(fkHgx@-;Ffq}WK$R*vPJQ-moW~tEqL2ffH5lKa|bxTLA z7*J1%woRW$a)d^M!fOwpR*3h~?)Ol&NZ2NFY%nqW%R@ zV!4Qek#uE13oJC>&%P;e06=6?wiVB1VvQ>vx;a2MxWdR?#~Wfz{*NA>Z;Hg@sdz5k z`1$(N+gE;ZwWE8mhwqB3cF%L1iUR$`M{fqLbd29lk%7EYo4**}hdiH9wboy0*O{MS99RhK&|zb z>(B0tJF!?SnM}rF$#~LnW_|v`k}Dg}o!c|A{ob(lx;IR9Dh%}WuW#HwWiGV8hH+QS zO9@wz!Bkrfp-?GvrnAxFAl*-Q6TXrVuM$MAuz^HZ1eDyVLIzUt-0@F79H_P4^4W{a zC$FxntE;Q4n>KCrN8kPVlgl^n-MCeudDVq_r_w-oe(k(H=xyCgFz)W=LeSb}k2PZyCvp&s-B@R^i}GWZ$=yd1f@sJ7{E8bSS%C@g<|nu z588CSwKAO^qM+L;Kc~dSz- zRLzwFbr)NDjX8nwX@B}`C?j5M-ErvI5zgR6|3Lps0ClCg^F0+Wm%{ai7E3N^K&aDt zO<1tNQo;fvVg~BvKJT-=BUFSXWe+3rMVxJTbtr@0(y{A-kH%Ln=nn?;3MRZDg=2|f5;-~N1 z(PXJv7bF$x>YOgd_cGvdk9hWm2!}A}H^yDuzIgFZ^^WsD0y-G|doSovUF-Vgz111# zK1BbzYxvv9f)q+A$*v2%0I7&c z*^&^+^w1d;`efYnJ-q@uE``?S=YQF<<==mM_SAc;o%|Up{`wg6@oYH5hc2 z@=PYRMygL;LhDZ$w?fy0Qcph#sjZ##EU2+ZvMgPxS4hmHP?p4gd}$on(Od;KTv~2E z_Rh|Col1y)fj%|FO1C3@8qJn;Vr@4~E1Pq&-HP08)K^^_jh+>`8a4G~<)v@U9iOg$ zJU#S553|xminNFxXtD$ut`sVZTunWF^(qZ8GH50RpatZA+*M!I$si$+X3V>45x|6! zQ+0vH826(Hb7R!AfBg54S2x>38}#L&&UF8HB9XBeC9h<|K992=HniBoy}IW$&bfE8c-Zpf(fsk)aK39mtayLPeys zeHoMz9u|es0szc|#R+=huZn&EYp? z1krLgW=jZ5+lC7T?9=7aS1&iEQwp>}C3`8LzSW`WwXip}YV53m$yPuTtl#U$k9m1+ zg%{&Sc1+m*>tBCeJQVNgfwlJ=pS~$0J*h7}xG-K5)lKz!jfDFva^><6WldWI6m#X?Kl+_`h!_~bs_*9RB$=IKW<<%uQ(SeChP>6A{(?4c0K(%GB^mPJ~C zOqMvX(#Yr=OAWG>k1*wTM@OqE<9zhr{~IFhwXRWbTz&uj_fJpx-vZs^z4sydTw0|l zglA(`V#D5sKXD5o7|v3|=!gH?)tVnd(RKOJqw^kqczo^u4CpN`=;l}^VleG6LPb)G zt&)^d0w4mj8B#S_nU61DPK`w6S2tiwk!)y+Wunuz|MUM^3quL?mK)bsJ@>EQwom+@ z0bP$ZkykKdki=$c4HZd~jxjT9<6$X0(9P$h575~!Lqn1XYZB2&ym8s;ZO8Tx%`u1W z%g1Ie{%Q384(PrKq>?mP-z7RPsUz=1pj$O$OMO?gn^LKmv*@L_4?X`%VJKo=Yqy7gx^eDTnN*8C8TV#}ya@BjGoh+M^kzN0Om;C#V1!07j7D__`sRp-5l z#xnKj9#=L7+fLMvKRuzlnEzjh=5g;$u6-n3(V+i4D&Pn$ypC}~)M^8y-PafhmC|F$ z?ieBhgQa9?c*R$hF*zU-2mw+7*~kD?)0B#3GLhL!UOzV|TA}x+Vs~TJGaHXBt?Y{2 zxFF&6jVfNMy_ZRYmFAQ55|#?tE3cE!0m=0>LqG&6h!oajqmihbST|+Fq)iJ39f{WG z|F&hzmP=cihbYMDJCkzQuR*ch``c+>O)tE-T72q zp$C$RBC$+v>d}jbe_8YV;PavuoSHRu%H-9Pr!F6H;T{Y@7n`5IbZXnf6$|>e(*sv} zDu%$NE1M?DnehaFFV$3K5DBE8=58wTT5+2&8%f1uaeLXe6)U&y@45%#5I3IN`o!#7 zCliY&9VfT?=xZC#9l1W}hsn)NfBr|NQbB*LJK)uSnW=5C_;#*qy&foM(HZw@Pvk$# z(RgI?+0N!d;a-SC+?cR59T6qzN;{DnyYthVgTC4e*EWr*P|)WG%7lLDq;1RXv6%uq zmIzLo9?M=M4J=E8&P>`4%hD7HDeR_HGUM=pH;9$pj$*Gujl5 zBxA|O**jNmxH@WZU&6wXzwJKrLnVSfGf*b*L9|XV-;7G80iEmCGbozqjv~uVyq4=0-pA(f8l2Jas8& z#CriM(8X2nO-n^d>2Y*ZfF&azXC#2hPlF=@X-j6QY(ZJwLYJ6GB^{?>{i$aM${!JP0|jKWEF0{^yhWP^tsMAZ>xYA(89CU-JuM^Grkbc!UbmD- zdjLc?vm*vevtB(XK0JRu8%a9p#@S~!ynl67dp>`!3$4%0Zir+_b2^!a&~| zbe``9~sZc5TuBSasaqo?Bt0T6ID8_hOMoH%;Q6Z;1G8do^9yRtyv{a8@T zW$)R#7z0>{!sn^xSvIlpre!++dpw?W-ktsC=^y|5;m!NYfGM~A4kG*>GneGAH=!?Zwr;5*8%!=`XUbFLyL{EHZp_67H3fg^{ zp+6&pYA8e79qs`C;ljxq|M~CGKnjpxx{FWdJ829*4=CtLX2N7HCm04H#p+dt!DaIV zoTW>et7;$IoG9n6aQDGWHK_wSFL*D}6VKaLX7|X0Pd@@RwE@DY0Kdy+_u$IPobP^| zJ=l{Xtf$Vc7xJAVR)km>2fK;np|_ERHe&?8n9Dj|jkxGIE{ zMnVD+usI#vTe^1f>8Gb2j{6?A{&Y@e>VUqfFJa!*F?+4Y7VYGrN%*Ta-_Ff-J+F-q zF*Ng7Huv}mb$Prw&#iNvWTZ#L%80yQ)tR`_zI3ia+;i@A$YN-#qLuKi(ix_v&+zQxy1KW*)QU2WFx!3SIBRt9`-r^n-Tc+rXG zbL(DoTRzi0lD?r}5QtJuKtq0LfkJeoO9g5nBvW4?q6(EU6;ai1^8^C9OPZI}Uf(;O z0zTZ+x-?}#FIoAZJ@F%V%-(6k87{jYpsC4KP?TGmRZ&>=pzk#nXZ5QNeq6}|HWgz4 zg#qz<+)iiNiaA!2#rAs_@@=vp(+A)q(g&klg!IX3K!`CaHw2KnXoxWYwaMn;JpWkB z;b*IMj5$~RZCOF8fbMnIS}?>4bsWB4=J5L5PN&0}$=A=ld#3f>FJ5a~ea*#+%3P1F z2~;X5W(b7cZujGg?R6n5o5bCGHxL3sK(urfjB=>}U6q(JRUo3M`YnUPbi)!=xI7-3 zwWO?YXG`5!i}xM3m!%5m+*|$75_bKkYiBjgojZ5#+}fXiY#V&tHfO(miW+9;qt;qLC zf4CS~3>5dSHO?1Eob=A`XSt;iD7$=fEO|`msW)XJy=e6*%OBQ(-rkNk(N#Zxri?e? zsBKs)wTaD9dg*53XE;^v!3t>HEdtsUrihSwjo!P-TSV*5>y#0{$yioJ0w^PXyUoFy zmaN{s{6=1~a}(j#OG{HF(s|%Yip>XyyAH0+viW1R4CL4hrC$5hL-mP%#=FZZGMe-j zq9I8gcS6TJkQ22lK$H`a0LG92q7c8m$-yf>xVL-NyrdKq`e%NdGN5}u>P#)vyXr2N zHtE*qLOW6w?fx5($5Zi6BK@iG{MIdAH$_Mnz0kdURVio+LS+;QLJ*ZSUtN(HBG#}( zVcH-MQwS28eH>8gcQx4@cwfW9oO832so%SYYf}bvzHIM~lmdPD`x8zlM3OBDy6)W$ z*v<A_fE)Q-qkDycEWVK~C;rm&5Jj z`6pXWz5j(}Gxqk2sRMe|<%g-Xx%cc@Y4iJIwp+uGohrodXqcVwKn>kIS?Te|I813j zg(`}IiI%s4{0@k3KSyw+iD#O+r%WNj--Js`^9z>UvwFH8O`%9H+LB6Itf3VRb_Y>Z z1hQAA%7RLhv=Bf*c$R#hc*1#L_Db$j5F(7pp8*DSUvmkTDV^1 zNYXDMgh*O20_=CY9lT=g_A3W1RY0K|%_##qFWImoWlr^@jb+@WD3~FL7P^Q;tgw}? zJ(Kt+&A;gLD~Kqd?H1%!B#=>>IEoVE7#?ZjN3%&F!^H!ie*Mr&kE{4r>VVFxPq(KE z=r77VZa)D^5u%C`si{;#_2XIi?KRsh)cU7Z=i3NY07(yEjSWi}2t$xsH~Q6ovY;A$ zp8~-wrj?_MqJl1cGV6bgf3_tt*#(s&%n@FAdCtr zby?mzFX0o76sJ(6^F_0JQv&qgmRES16k`L`6~ZwwtV9GNIM>bJv2ujISHv+!f=Xv^ zVj8!N?zibqazvp5KtD-d+Q~!4r7g&jT|mNR4;1~LFh`xymr9@~(UyCiYp5;XNiaje z08uK#3S>5?svv|wlu*Jff*xG;w{oWk3CajXLLZfvZMmqSOR0WHb;~K;LXJsG4CiomIXGXU=n-v;IZMq-@gM4>1$ zmMIT+iWNZ8QOw+kH}X0#voRusN?!9`XljA(&AvQ1xy5?#@m#-MNOra4tYQU(%#ZcA zPYFSUDV9O+8LHwoEF?@|q~V4qiQyh+%Fu+0vBD@~45{+iCIkVaNH+^t83-_|ZxBWW zPzYr0=?G6L&^h1IHZqxpIfou(aSt)MI#I?52Qz4LvnV~W&gb>ck?-TNBQVsNt zKi$cjM9{yaZt>ENnOT<>A?w?FFg&9r%N<32)upVB5htmZ^l}MYZ7v^>$uU?C0K_b3 z*2&pZ4Rr2pcra<9zT--{!-HSiCslQQX-bhwl8N;Czn61@P1Tz82qJ_jOl!fb$RJcu zDqHkIidF*!AqWPf5-OFlKve*T#D2Ri3fx6gM?N;cQN!ov|ZcT6B& zKSZ|=NdolXs*7${hN8PeY2}sxh80Co6rBbeUDSc;8NeL+LieMCQ57FnJX0~!InT~H zn>Q)h-2H`i2QtTw?2rR7d_lCbNeBcH|8pHH)XRu~9Xp-2b>6o67H1y70W ztRuk`!;VDqCo}~MVIt1T^p3<(ErDR?)C8ULg`4UoWQ*@fMoX$^#yJ}WJ$z&(Wq=;x zvT7wWN)Gg3_~6QGl82)zj8MXmkX~{^2-$$sEoT4-F@a8*reI;t+G0RAo(?E;W}Pga zlAve))G{~`jHmvgBpu9#?h;W+7>??(LF})J+TNoY za8ht1PKK!vak-PGF zg2OQsN>R{xX3mWr^g-$}_wvkRH?40D zhc9_JP?J)Co+Kk6j3O|%#3@pk5J+(+2YPVF>;{LB^cj?`b>F+3fZx z!mDH`Fa(TBPK#mPi#7GKTxXJ?hYu~YQI*k{0mis@t(r82074>Zn$$Fq4*)SmI+0H& zkf-X`1dq`-GnGN-oG<$Kho?p?fY&uJ(s%0Vzn|_hEQSlO%(D!~yX$Ir6N^&+VJZlu z63Q?Y3dU4U73tf%iUic$E>!+)xxfrUeicNo!Hc zRETEIYMLg(&KhpanM%aS_wVXQ`#P70W{nB$( zJYq+(pa+91kPqNxmcP-No#s>!!>Z8OurE#ZoMiDxf)g=x@3T|~o%4c=PoA_D_w~nZ z*YpgG^c5f3^~*ngnU&)){img;t+O%aoi6t|W8N*M0;voMN+=*or4Cqh5yi#;`tD;( znwqH2d^dQnNY(ihk<5-MfT)>Op;O^i1T^ybGwa+7lFRvriCPo&ZOy3x@|YA+sr-0B@0fke z;lUvEuAhjMX`^V5N|aTFk?S!QH4|a}Hlbe2-v6J3mp@MmrUvNQ`+xfCyRWLNw{MNC zv$Z*kzWeU0uYTHJ5Ib_6eSNp(62JcT>IxgCI=fJqb9ZK%Eh7YJuHEARJ=F0D&&&nN zC=v(}2AVJ)jN0_2nxOo=3A1`hw5Ww9gRJcvO}2e4342-#zV%KG&~;{f`K84N4jede z;K1So#|#DYQGY|lI_thXJ#`1NGVBb1F$xjA2>AgZrYX`10X-P}&%bJ#1eLqF$_$UG zQTFasYY74%piE2kw3}INd#6;YUsL11czE+*qLH@lfz%mQwwl&uZY(L;Sdy8Undy7k z2iAMK&w8;o{PjLf)sehZFCzX|#|HY2Jq?biiN^R@*(ef4oc|J&>JbGyd2PZQrlHwW z4fHr+J!}?L% zq_-OtI?Xj^qmBMI7?)#X13h?jTRGU|Pc_rrrGi*2@mBi|kXPjjiA*Ugqd%R(vGPb_ zmARXDbEX~W1#6Ea;fio@q0lUWsFa6@9XmmkfzXpEB9DIU*dHV4;b+@C9OSKwDJvrk zC?gahnLZ%xs$Di*6@oM)5b0pT08tX#H()Nlv@!9Y{-Qj4x`FPidTd=gxBb*kUqIex z3Z!!wVh!FHku##8fll=LZH%A?gS)rj3}7;A1U+>m3}l|D=~f7!8l^@D9pr=?A(Hp1 zvY1?;NmM*Z*n|vsU74UaojRaYPY*Q;K~@ajmK`A1V{8D#-GRqgTa9#pZaZD z>P5^OIhYeig7s@yt$>W3Vv2oECq9rknF;mons%W3mbEUh{PG{wI=mSS#ZpS6;)fDS z2qAg_MQNnC8Z+o!{l~eF079yvL;(~<%_tESsf-Z9RD^Wt3IT*5l_2@uu}6A_>aN(7 zm?zXxynVWX?kjxHdY@!|Ew_&6gHJO9YHY7R&NO12a#45vfY@jD zHz~6oCH~E8K4_k9pjX|WZ~4Wq*|gGU*W{R)oDL?;m{Qbv3yMNP_$gLoyeUegMK=!6 zpIy&#xIh|4sstf|F-6jVNEHGR61iF@OdF}vDSEQ^j5c zK*g7qo3G){Gbc*ze$zw{fQ(~e(ufcs&6Wtm7zBX9oI?QP0X@`zsY&>es$hl)rc_?o z%MTd{^L|2^2D<)4RAIU$h<3pa07&>V@^4u9tGiF7j>!MStm>BC)_WvedC?$k3Z0BWz7Ift5 zH#KKZE6|Hh-m_e+g*w_w9ivkvb9Wn$>V3qLSjPi;FnGA!D*$O0L@%-6ji)oC04P}3 zyJA>AC$sZKb1eMQ`O5>|X$5-0ChJBQoj0=VZWNhWFOO2o0w^Jhl(*4;9eK$FrK$>$Jv%}{NPP-I2}OW>?k(@vTR2okW=-7t zP6g1jXC*Y!24^ck3OMS4%(U6%t85=2vkH_cMT2c0QE z70}ZP`MpBwSlU(|v|@MAepf&Qe`vhrYfLygnsH>CO`U4odUcnu9$#E7Ii7>T?5 z6aX9V_8#g!%{ik;AeoLuxKE&Giz51-onfgk!c62Igpd$6*Ein}TjKWLEu2oE7hP<% zJhe9eehznFP&KJOiUbnEm|}{eGyq|$q&gTSx3_Y9 zojzXB>mTlP*oaBvIr@CjTK+LlH;PI}aIV{T#maDQsN-*5?{orvOP^IDa&ew;JwG9&~l>Gg&9#WF^&_-hyY5=64A!30L9c~ zAS4h%NNMs`eDs^8kl@EM4)Of6XI)Pqv+_F@B@4dAdsy`CT z!k|4$s41h=P=FAcLMWw_Fhxa_DFlQ7DIKbeH`0Thw=1|G0|g|6*7wKKK$sDTxORz% zEHr4PJs}_vA%KLB9c#6c&4fD6RF_OA(5r7+ZN+unzEJA$8#95Cye$Gc2wjtvXdD?K zgisC85ojiB<2}=Z!Qh;Vm)vrVWNHFH4|cY>Ic7rtRX~Y~RKfru?GYGZ7|Q`C^L)B4`W)~bAF+gacU~2r zPLW>npx;{4J=A{P86Zk*2#?kZQxwHiDv@XlHKS~r2+)In7WgtCu8_M~bS%DXv;Z6^ z`Ow<$dDv1otw7ISVbNpw{PGH$jS>(@9@e^`t`MqZMQXBMlv0frMTj)+K}aQFXh&!b zk_iEQ&WkdylSGt0wagL;q{?ItC}kKBQ5a~3ABHRj^YHQ)7Msr-CbBOx`JfkUd1UeZ z-f(k*H6dOzshmo&3DCYEgwP6d#2BLT`h#E^88uB>CiGR?&x2gu2@Jr@#AQq$o>UnC zQ5Z;Z1kfFrh0Tt)S#0zV)K2(&pH$En90f+C`O%LLk-UsaXD-HO#vX=kVzTdd?k7nq!R%?XD&{j;0VWb>yVlE`d=wocXFl z`;M3-%L3?OD_5T3P-~eDgg{gpIhb-rv!QRKEhq%!I{C$C7Fi=BUl&d{(5=j(hu+)i z@gdEjoXK$l9duPnESu+*VpBbP} zBEam+7D?oC?fkoERtW?{wLb531Kq+X&u_bGye_PZs;X+VZ>df-HD&@$GzC48ixz2B zuvO4!+`3h4Dcd^uX{Ad<6FBriX%!))5~>X_3IMDG9RK{U)i%Iy%L`u5o1Zk$y+!L1 zf*$HQUEvo-JI(BI2+?NcS}g`K(#$lL%D^luQS{&X_;RC_3z7cKa|3pWWk*H(duYvg zMRhsK4<lo9WJ5Y`38pwXo5;d%%dH4iK?W5Qt*K3Qf}i5b`Go3!o3( zT3vX`io0OXP!)ILC>~_g!%7kb1te&$lQ*2Ps&3s`d|=vv{`uv53G=vzmruCtLbo0_ z&!5MDu0|NCB9gKJlX4(PAWBT;Y?eG+`fn}dwU)Tq3$9eyZKIXN^e+(2q7#AN<1gD} znKSb6Y{N7JeRg-Edgx5KQ&B|>wKchvEl#a$&CX+Jb2AStw=!_FU`<ThDQx^UzWTUw5pMxsZ_h6kzyt0O*Vk5Q4FQr{PPBjksVi^yR|W_wFYP zbnp5VBVCDDXcTAYGJCqrOB|^_9EU$;$U|sjhB{NqdZZ8B`-tQJ zO91+zGVY=p%{88mki12Yd=+FXR3N4>RYV!$3B%YNS3u*=8a%1944E)0nH3S1Ey1yzU`RVM+MYo>UOc`K1FLEl+y zNyBo@ow*JhjoO8Xq7Z#*4JVVs1%m^do4uUBjc0oI?FP3VnbNA(xHC1n+dv43@>kR= zbcnDj^d|V&KrcUFX&56kaJ-cH^#||+CWv6nq)sfm=CH5)(z=R$$KFeYe40jjg6+Nc zhyl8s?;hokVb)nTCvs6U>2X;V*0*==J#CG;d2ns1jS;iiwjo>y!ka`67wjIqTEaPh zE6?bV;hJK$(gt2!g3Vz?ce%5(2;&Ls5~g=>}@2Edz_ZcP-L6Kb~iW z(-l77R>S>R_vuj-LglWHS4+ow_wBX$PCKEJ3r7F}2#2S#d0lG~R+Q(zEPVa% ze)4+nR}=N#=Pcro8%2JNXOQ$t6)!!J!-^91ZK~7vH_M=xl;5xvso|lmpL%RGGOvgr z!|S?xb4LYyI5eboz5~lhf_+1?&q?C*e;L49hw1XCe&Ub1i|2YPnSeT#Qvz3;9#`|*Ve&hsyPe0kG*@6JmK^qU8Y zrZ?!EUrhK$eyc4iv0o$7WKC!UW)jUf)xH3LK=LHyv>1Si{HpUS#tJ&;+j=ecP=^O+ zuB%?OZf0>^PcWPeYWm^EjprUt>{6m`ji&a=PVku;9Utoq%HbKcmSpUmz3abM!kf7f51__*7z zIo48)vD(^cL5M$cjIj`C}Ges^ z9zsC~8Ss>3j1Banb?3dGv9w>5BM|mNLDB?A`l>8 zs^rKqMNxFw4;5>tzV6f)5wD*X%paWm3tkJ5UeiKQv5Z126re~a_Hi@vU#P|#N_^?CVQ20G`} zH!mJvEKLgg6=JNFg&K} zcX-7++nXyK0f$ErjWTC&U>QM3WrnARmctp!WA28%iSn`ca$bswcgu=_abjM#Y5Px; z_sUbiYt?({$XJ`&9cQ-G2%L-jLWm6W*dmUK?pQky;cjS5l#RXrDvn~+-*-xAq>%qh&dye?%owUFH9)0|Ng6_ zAWHuEe&5)8bN!nZRTuEL9CV(!{q{Jj-~J=D)hm}|6=d7&E>)2N5F%!VF-qOQZm)Tg zkbeE=tDB=w+FI9)Db~ZiyHCxUx9a)^oSV(?p{3HZvPm zXxlqL01hTdHw#X2i;@K;2wNck_Me~&WpAm9^X~QjEDdCk8^8JP@mJ| zu{B-$!{oB7O}`L|5CKFz?$Wh;6Pb7S^sQK*XnQLA=wN@6AJuUG!EKioP5RqT5zsl` zK0NL^sI%{JRVGy!R*-+R;J-cz>2Y1ynlSn9o^3@9V)ea&kagI@q57ej&76DFpzEt< zdE>Z?-|iXjfB53+v2SuXceou68^%Di+ZUje5Jte}E4^@JDB-TMqpiV0w`}RRPj2K{ z{;c-T-u3ObMXB(vQwDVI-PPDT{sw0_*jfDe%6DI7Rc2-7+ii9~WcZt!T&|`jyGvwb z_!+)*&%&_EoaNcp0!s>tLL|Vn<%_=F2O68#j8rY0zKRn_IU1R9A39 z*Mg3Y-r>Bwyt=w!>&@PqcayyVD=2&N%a1>PvhJg8r}qpF4h|OYx$)7uPk#LImv?G& zvU!Rvlw!}5y|Z;**J~XWw6aT_nVWo@RK{|ksABc==g*(tU0ojV@f2OD2D-PP@cKw- zl0gq%DHtgwvkq7u&2pj%$mFAn#2O(x{s!%z6MUMUE=Z~d;#Lz4;mjLpl^ zpuh3;)6R7(`X}vR4>WhFcf z`sA*_g{?E{LvJjT5BDzTJPrC}ufkcg9u)V#DbR=RtAa+-awNs+bqKynFc*&R`t0*|9pSs^;U2lc{eU{o(4U2%69L@jb)Et z>-}43uw}nD4SK3|=`OzWq;2qZm2e$>Z%Ld_EzmjVeBa}}t5(hH4o!RxceCXuo(4TN zqy49U{p;e@!3n>E>lwW9)5bLDDZExb`18Myb`MRQl3%F*;DfhiZ=b55XRcrW!=k%0 zM<%Rv?`YZi`NlNpDZfg})_wASAMVMU0FmB-Q|lHMah?W!YOJEQj~nOBZ|@0>9r;lE zn!j)1Z`YdIpl_^M^z+Z}oV}OVF=o(*+ur%-=V{QV*7ABwmMmWJ=+UFyLmiz-9`fC5 zzWD9;g_)eEL7#H4mwf)i51;28*j!wfT)>Cx9xwaqhZ1iZ^eMZ_cW(Rlzn^Y6m^ad& zcrLYbsP5o~D_6D@@waiIY4-Qv)z3HI8#!8EUtb>zg+igQT+$#f91ev-q5Aszqy5E? zSJ&{jbxk+WeM_q@e*4QmeyOd!eq{FS!Mu?f!^6WfI>Mpe{*mF~;kv=%dpDLp`Q;z~ zT(s1i27S7LA6R(zgIk+t77q>%4)zU&diwhY2L}gdZ@u-|mYPhjK5v)?J-yPPr&k*E z^h$%CUTM(ND-C*jr9n@xH0bG-20gvfpr=ndZj^6uQcfCl?MH- aUH=c!Ww1oY?*A|V0000 0: - self.send({"alert": data_json}) - else: - self.logger.info("No data in message") - return False - else: - self.logger.debug("Server Key: %s", self.connection.auth_key) - self.logger.info("Authorization key did not match") - return False - else: - self.logger.info("Not a POST Request") - time.sleep(2) - return False - return False - - def run(self, params={}): - """Run the trigger""" - # Send a test event - - BUFF = 4096 - interval = params.get("interval") - endpoint = params.get("endpoint", "0.0.0.0") # noqa: B104 - tcp_port = params.get("tcp_port") - - host = endpoint + ":" + str(tcp_port) - self.logger.info("Listening on %s", host) - - # Open socket server to listen for messages - server = socket.socket(socket.AF_INET, socket.SOCK_STREAM) - server.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1) - server.bind((endpoint, tcp_port)) - # System default backlog for sanity - server.listen(5) - - while True: - conn, addr = server.accept() - recv_data = conn.recv(BUFF) - conn.send(recv_data) - conn.close() - - # Handler receiving data - self.handler_data(recv_data.decode()) - time.sleep(interval) - - def test(self): - """TODO: Test the trigger""" - return {} diff --git a/plugins/elastalert/komand_elastalert/util/__init__.py b/plugins/elastalert/komand_elastalert/util/__init__.py deleted file mode 100755 index bace8db897..0000000000 --- a/plugins/elastalert/komand_elastalert/util/__init__.py +++ /dev/null @@ -1 +0,0 @@ -# GENERATED BY KOMAND SDK - DO NOT EDIT diff --git a/plugins/elastalert/plugin.spec.yaml b/plugins/elastalert/plugin.spec.yaml deleted file mode 100644 index b862bb16e2..0000000000 --- a/plugins/elastalert/plugin.spec.yaml +++ /dev/null @@ -1,58 +0,0 @@ -plugin_spec_version: v2 -extension: plugin -products: [insightconnect] -name: elastalert -title: ElastAlert -description: "ElastAlert provides easy & flexible alerting with Elasticsearch. Users of the ElastAlert plugin can -monitor alerts in real-time for automation use" -version: 1.0.1 -vendor: rapid7 -support: community -status: ["hidden"] -resources: - source_url: https://github.com/rapid7/insightconnect-plugins/tree/master/plugins/elastalert - license_url: https://github.com/rapid7/insightconnect-plugins/blob/master/LICENSE - vendor_url: https://www.yelp.com -tags: -- elasticsearch -- elk -- alert -hub_tags: - use_cases: [alerting_and_notifications] - keywords: [elasticsearch, elk, alert] - features: [] - -connection: - credentials: - title: Basic Auth Username and Password - description: Basic Auth username and password - type: credential_username_password - required: true -triggers: - receive: - title: Get Alerts - description: Listen for and trigger on new alerts from an ElastAlert webhook - input: - tcp_port: - type: integer - title: TCP Port - description: TCP port to listen for messages - required: true - endpoint: - type: string - title: Endpoint - description: IP address of the Komand host to listen on. 0.0.0.0 to listen - on the all address - default: 0.0.0.0 - required: true - interval: - type: integer - description: Interval to wait before reading another message - default: 5 - required: false - output: - alert: - title: Alert - description: Alert - type: object - required: true diff --git a/plugins/elastalert/requirements.txt b/plugins/elastalert/requirements.txt deleted file mode 100755 index d0674c75e2..0000000000 --- a/plugins/elastalert/requirements.txt +++ /dev/null @@ -1,3 +0,0 @@ -# List third-party dependencies here, separated by newlines. -# All dependencies must be version-pinned, eg. requests==1.2.0 -# See: https://pip.pypa.io/en/stable/user_guide/#requirements-files \ No newline at end of file diff --git a/plugins/elastalert/setup.py b/plugins/elastalert/setup.py deleted file mode 100755 index eae662307d..0000000000 --- a/plugins/elastalert/setup.py +++ /dev/null @@ -1,14 +0,0 @@ -# GENERATED BY KOMAND SDK - DO NOT EDIT -from setuptools import setup, find_packages - - -setup(name='elastalert-rapid7-plugin', - version='1.0.1', - description='ElastAlert provides easy & flexible alerting with Elasticsearch. Users of the ElastAlert plugin can monitor alerts in real-time for automation use', - author='rapid7', - author_email='', - url='', - packages=find_packages(), - install_requires=['komand'], # Add third-party dependencies to requirements.txt, not here! - scripts=['bin/komand_elastalert'] - ) diff --git a/plugins/elastalert/tests/elastpost.sh b/plugins/elastalert/tests/elastpost.sh deleted file mode 100755 index 748d4903ab..0000000000 --- a/plugins/elastalert/tests/elastpost.sh +++ /dev/null @@ -1,6 +0,0 @@ -for i in {1..10}; do - #curl -v -X POST --data '{"Authorization": "blah89d9-blah-blah-blah-blahd3d4blah", "Alert": "<44>Sep 6 21:23:55 SFO01-asasfr SFIMS: [Primary Detection Engine (ef3dbb34-c555-11e4-ba7d-98bb84d7b7c2)][Initial Passive Policy _ sfr01lax02us_corp_auction_local][1:28039:6] \"INDICATOR-COMPROMISE Suspicious .pw dns query\" [Classification: Misc Activity] User: Unknown, Application: Unknown, Client: DNS client, App Protocol: DNS, Interface Ingress: inside, Interface Egress: outside, Security Zone Ingress: N/A, Security Zone Egress: N/A, Context: unknown, [Priority: 3] {UDP} 192.1.21.79:59596 -> 8.8.8.8:53"}' http://127.0.0.1:4444 - curl -v -X POST -H 'Content-Type: application/json' -H 'Accept: application/json;charset=utf-8' -H 'Authorization: Basic dGVzdDo=' -d '{"matches": [{"search": {}, "_id": "0b#kHuAl${(N`QDM1+fW", "_index": "active-logs-000020", "num_hits": 4400, "@timestamp": "2018-02-21T18:28:25.376Z", "lyftlog": {"debug": {}, "errors": {}}, "_type": "syslog", "canary": false, "source": "/var/log/auth.log", "host": "example-staging-iad-000000", "tag": "sshd[4000]:", "asg": "example", "msg": "Did not receive identification string from 127.0.0.1", "num_matches": 4400, "az": "us-east-1a", "region": "iad"}], "rule": "Test"}' http://127.0.0.1:4444 - sleep 1 -done - diff --git a/plugins/elastalert/tests/listen.py b/plugins/elastalert/tests/listen.py deleted file mode 100755 index f820d0d7bc..0000000000 --- a/plugins/elastalert/tests/listen.py +++ /dev/null @@ -1,100 +0,0 @@ -import base64 -import logging -import time -import json -import socket - - -def handler_data(recv_data): - try: - headers, data = recv_data.split("\r\n\r\n") - headers = headers.split("\n") - req_method = headers[0].strip().split() - print("Headers: {}".format(headers)) - except: - logging.error("Bad HTTP request format") - return False - - if not isinstance(req_method, list): - logging.error("Unable to find HTTP method") - return False - - if req_method[0] == "POST": - try: - data_json = json.loads(data) - except json.decoder.JSONDecodeError: - logging.error("Unable to decode JSON") - return False - - try: - for header in headers: - if header.startswith("Authorization: "): - auth_header = header - print("Authorization: {}".format(auth_header)) - except: - logging.error("Missing Authorization header") - return False - - try: - auth = auth_header.split()[2] - print("Token: {}".format(auth)) - except: - logging.error("Authorization header is incomplete") - return False - - try: - key = base64.b64decode(auth).decode() - except: - logging.error("Unable to decode base64 auth value") - return False - - # Check Authorization - if key == "test:": - if isinstance(data_json, dict) and len(data_json) > 0: - print(data_json) - else: - logging.info("No data in message") - return False - else: - logging.info("Authorization key did not match") - return False - else: - logging.info("Not a POST Request") - time.sleep(2) - return False - return False - - -def run(): - """Run the trigger""" - # send a test event - - BUFF = 4096 - interval = 10 - protocol = "http" - endpoint = "0.0.0.0" - tcp_port = 8080 - - host = protocol + "://" + endpoint + ":" + str(tcp_port) - print("Listening on", host) - - # Open socket server to listen for messages - server = socket.socket(socket.AF_INET, socket.SOCK_STREAM) - server.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1) - server.bind((endpoint, tcp_port)) - server.listen(5) - - while True: - conn, addr = server.accept() - print(conn, addr) - recv_data = conn.recv(BUFF) - print(recv_data) - conn.sendall(recv_data) - conn.close() - - # Handler receiving data - handler_data(recv_data.decode("utf-8")) - time.sleep(interval) - - -run() diff --git a/plugins/elastalert/tests/listen_count.py b/plugins/elastalert/tests/listen_count.py deleted file mode 100755 index d7e4f45fdd..0000000000 --- a/plugins/elastalert/tests/listen_count.py +++ /dev/null @@ -1,63 +0,0 @@ -import time -import json -import socket - -COUNT = 0 - - -def handler_data(recv_data): - global COUNT - headers, data = recv_data.split("\r\n\r\n") - headers = headers.split("\n") - req_method = headers[0].strip().split() - - if req_method[0] == "POST": - data_json = json.loads(data) - auth = data_json.get("Authorization") - # Check Authorization - if auth == "blah89d9-blah-blah-blah-blahd3d4blah": - COUNT += 1 - if "Alert" in data_json: - print(COUNT) - else: - return False - else: - return False - else: - time.sleep(2) - return False - return False - - -def run(): - """Run the trigger""" - # send a test event - - COUNT = 0 - BUFF = 4096 - interval = 0 - protocol = "http" - endpoint = "0.0.0.0" - tcp_port = 8080 - - host = protocol + "://" + endpoint + ":" + str(tcp_port) - print("Listening on", host) - - # Open socket server to listen for messages - server = socket.socket(socket.AF_INET, socket.SOCK_STREAM) - server.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1) - server.bind((endpoint, tcp_port)) - server.listen() - - while True: - conn, addr = server.accept() - recv_data = conn.recv(BUFF) - conn.send(recv_data) - conn.close() - - # Handler receiving data - handler_data(recv_data.decode("utf-8")) - time.sleep(interval) - - -run() diff --git a/plugins/try_bro/.CHECKSUM b/plugins/try_bro/.CHECKSUM deleted file mode 100644 index 3ed50cacd9..0000000000 --- a/plugins/try_bro/.CHECKSUM +++ /dev/null @@ -1,19 +0,0 @@ -{ - "spec": "5396bace2a6b9a89c1b5f44291cd05ac", - "manifest": "a9acd3cde5aa8d2baa752854efbaeb98", - "setup": "75d5752cacbe71309bc0a9094a33387c", - "schemas": [ - { - "identifier": "files/schema.py", - "hash": "3c04ce23d115087d07ae95e9f8832300" - }, - { - "identifier": "run/schema.py", - "hash": "01523bd247e294e57afff80d94193f5a" - }, - { - "identifier": "connection/schema.py", - "hash": "84bc5fe37ed0f7c6c315c5bad7d808bd" - } - ] -} \ No newline at end of file diff --git a/plugins/try_bro/.dockerignore b/plugins/try_bro/.dockerignore deleted file mode 100644 index 93dc53fb01..0000000000 --- a/plugins/try_bro/.dockerignore +++ /dev/null @@ -1,9 +0,0 @@ -unit_test/**/* -unit_test -examples/**/* -examples -tests -tests/**/* -**/*.json -**/*.tar -**/*.gz \ No newline at end of file diff --git a/plugins/try_bro/.state/state.bst b/plugins/try_bro/.state/state.bst deleted file mode 100644 index ee8c9066c62e17d092b2be92de3122b4711c0994..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 10 RcmZ= v3.80 (make -version) - - -default: image tarball - -tarball: - $(info [$(YELLOW)*$(NORMAL)] Creating plugin tarball) - rm -rf build - rm -rf $(PKG) - tar -cvzf $(PKG) --exclude=$(PKG) --exclude=tests --exclude=run.sh * - -image: - $(info [$(YELLOW)*$(NORMAL)] Building plugin image) - docker build --pull -t $(VENDOR)/$(NAME):$(VERSION) . - docker tag $(VENDOR)/$(NAME):$(VERSION) $(VENDOR)/$(NAME):latest - -regenerate: - $(info [$(YELLOW)*$(NORMAL)] Regenerating schema from plugin.spec.yaml) - icon-plugin generate python --regenerate - -export: image - $(info [$(YELLOW)*$(NORMAL)] Exporting docker image) - @printf "\n ---> Exporting Docker image to ./$(VENDOR)_$(NAME)_$(VERSION).tar\n" - @docker save $(VENDOR)/$(NAME):$(VERSION) | gzip > $(VENDOR)_$(NAME)_$(VERSION).tar - -# Make will not run a target if a file of the same name exists unless setting phony targets -# https://www.gnu.org/software/make/manual/html_node/Phony-Targets.html -.PHONY: default tarball image regenerate diff --git a/plugins/try_bro/bin/komand_try_bro b/plugins/try_bro/bin/komand_try_bro deleted file mode 100755 index 31e14166ee..0000000000 --- a/plugins/try_bro/bin/komand_try_bro +++ /dev/null @@ -1,34 +0,0 @@ -#!/usr/bin/env python -# GENERATED BY KOMAND SDK - DO NOT EDIT -import komand -from komand_try_bro import connection, actions, triggers - - -Name = 'Try Bro' -Vendor = 'rapid7' -Version = '1.0.2' -Description = 'Upload PCAP files to an instance of Bro Network Security Monitor for analysis and access to Bro logs' - - -class ICONTryBro(komand.Plugin): - def __init__(self): - super(self.__class__, self).__init__( - name=Name, - vendor=Vendor, - version=Version, - description=Description, - connection=connection.Connection() - ) - self.add_action(actions.Files()) - - self.add_action(actions.Run()) - - -def main(): - """Run plugin""" - cli = komand.CLI(ICONTryBro()) - cli.run() - - -if __name__ == "__main__": - main() diff --git a/plugins/try_bro/extension.png b/plugins/try_bro/extension.png deleted file mode 100644 index b4cb7c2158993a98370f1cbd1602dc8e3db69b8e..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 4392 zcmV+@5!ddCP))6{(6V1dW6s?vhm;7Az`D zam0dUZD5BW4*x(BA+cdmTOe3~XtF>o>qy?v1+j(1hDGdMK~&gcQ7YY*xO}uy5rf8l zZ*qL+%sKBn_slsnbDp1cH|N;Sz0P?&Gtc{_jWKG>Xswr(Qfo@7MWxiXQtGZT=FzBs zDL~Aqg`~CKR7%~LxqM)ZS#rJ@fCirO-zpoe_1zi~SuSg>*PN>WG;q#;t4y@k7wq;; zDRr&k11>sO0BB%TLLw3E+EvH73BVkTW^1RlUV?}~EJm>+RYY{&xmnL{?NtCg6u%;o zy)6+D0P^RoWc!=kw>O*{Ef`~T^H%_HmSR^Vt@TEThyVzo$TJefh+cDU@HpuE{et`{ zZbh0?L>8n60Wrl0$;ODZ*85Bm*;QxDxq8aJa|M7FiV%`8&}v1r>|A{URwN)Mdm&Mb z=#VL*dp04Jvb%kWsaTPKn5=~)476GiRg+PD`E*#3fS7EBL@^?+h}LIBWVz^k)hUP0 z6#!bu(*70(TCIrg&V0XbTW5o@5E2lRosc}mcy%0GQ^6Qhcjmd^Tsh^)xdH%#thROy z#dxzEHHb(xxOP~LKoD81NX%lqDF-B?Cey&TA~k&v0A7+8k}yWJr<7W45s`xR4Z0@j zt(~wK&)VBB7DS_x{ZwreXbe;+}h>(QEcsGSHqBb^L?t`+qA0@-z z_O6!aOF- z6EbO~w>XkeMA1GlD3Z+<5h?n^9POFv<%~qdcpMQ~dwUTg0$eDF-{$(>jJ>;wzO@U8 z5g`K`u%Nuj2Q6Pa+w>+1(S$_%R-1Tw#kuLy%ZCN!ptW8k^Pnjwv$sFaQMPuK!yiXP zTM!YDQ28U>B%)(xk!L4#E+k@35xOVBSr+~AUShkmSD3%5NJh=2n3U=xiCx68A)&^vTd?%J68eVJ!i?93$ui- zNSu~dqBdCoR3UR=yXBW+&)rGHA!8=3qJJEihubNe3$ug@iL=tYM&~F1LTGDJGpM;R zOOTN0VCS0(Ud4)OpX^HjBs8rwgPRMp1aIvqM{eD@;bLveU5E(?@$F`;xsY7njk(T9 zWG1ZBezgfJro$Nh#6X!CW316|oeTv6h4z5rPyleBujDggII0%IX+Upv~i-E?laOk+*3$3d3#(y|y`Rzd0X*85v9VELGu z=eK44_JV!iFMav)v;X|sH&!PvfAzoW#ihTe@VfVo@qds5eK*nP25wdCG7K^} zrd!D+8a}m1uM1Px@zT|=|L5)R{qiaGsb`*cen|P8o?TZKaCU8>S0SkSh0?w{2^gd{;k_EvD+}`TC6oV@w%h9)Q{mr>JJ}&E> z31WRM3^K8gZ0==hiqeLSHFcRi&VMK_U47BHHcqf2wJ_KWSqj{)G6T0)IxNNDoX@~n zFbTeeL8qFlC$T0@k)Se-*)l5&D0g9yoRE}U zOrlbZrly0&80}mv0KGH0Kn>_G3O>y}v$6o&n@N&q0AZ1!wC$I7n?fQh3KG$-P(;Zz zUd)AL57U)c6IV>EwqGgrLhA`m1NtgQNDGpav@0bn5|p(4+HcXOGdG# zB}uGl>gY9fE6TM2i{6=VizTNV!{+XetdlY+Cd7_4&Di5U3p~4XQlQNZ5p_uR+0DWt z!D`zt-#IC(+M7U|dkr>sw-iw(AS@EROlJw-%9D+d$f1+Y3R*{ZpzbNE-iBgLcbpq8 z)>OFWTsu({(=WCf_8NU)9^ zR;29!n|sx{3OXandZexp)-^pQ<+>!Yxup)>5~^I|Qgly(N)Npw=Vk+`j+xOrlZ`-| z8zPEK@y$Jif!is`1!c+R_La!{*nrL552NUkBP;?urNRSqFuJ~Nf+E4efz6!{qildkVrq&tr4spJK0y+}sH$u=s5E<@zdNlV3FfkQVOqZd+Y=$(n(n!PD}TkCM> zh6PRH6M}4RsUYq^M8ks>DG|t_I}EV7;m{=jgp>f4w!$KZ4zpd;0b9E?2(h`F`u2gI zfsh79?@TsfbLS7Xb^{V+#Ar{`7MLXQTVks?D5-9zEOl593NnGAn* zZn&IwFiN1ds}HauMWn>(d4hVa=?KzMRO~`Xktlq69=A`R{p@cxj36xr2q_*VPtTK9 z5&K4v76XJ7fe}p43wfV)BS?z@Lh6{2OwS875YCJsEeQyzLq;?`ZywRljvy@p2&p5; zp$p08&T)F4PxuGSw$PVL6BC5g0hPAG5^|oN=Ub632--qhF&&l?xJ5vAP688At<9Zv zd_`+r``}DxOKGh)nb{mg1a7e+%}>bmykg@j(-p=Tv(eHPdWwxTJ1<+1ytI zKOxmb)DZSO-}Cs~)6f>WjyG}^6ND59rssJ%)7^-~v@8%)U5Q5WKu7^#dfo{>bH#Du zgd<3AHg%y9q^p8hQx-*n5E36u&pV56MN*sxpBkmyac;O|AtnfkLE!YfQf%&8Xq)E4 zyS=MojJYj{H6>jn2qCpV4xPm2RwJ>wRfBQBUOmVjzs|77lP(fG=Uf4gq3L&&FEfoC8*8#TeMuQO z$hGrO>9-&;7s}+lKYeii2d_SN{Nab(kGE%x5s#gr#wy&DtE3uIVr%C|+Hav;o`3nd ze|`T)?+HF%kTF1wRhApJj8&2<62yvBLtqQ7via}FAF1mvKEwTt(=70y-~W?tuAH;! z0cDRjZ8f8V6{((4w%u*y+|z6ksZ%ioPZXqB)0!~WH0b{sgal$Sw`)may6N0-8N5gk zLaJw$6k_aY!+wX-sKaPI1`PD&&J!8*WHq zodnnm5K;@2@x3e!GG@^5*emOTz3f$R~q{kj+{ z)&#Qw6obGXKRy{=U`%Iy*RdjjVi2_b>byuWc_EE$IyRUOVcRcTB-lv?OR_?;*~8Yh zq?C_Gr4Fb9-6L%Kb*qbplu4eE8YUU^7O4hhKqBGPHQhVuh8vi{k(`id-|Fj=aBPgh zssu#P_KlM>8C)co)Ygv9LrqOBQ2GtT2-<$xSX0oBCmA8p`KPUusc)1B0F6+r=_(`E z6ja%p(u%a**6ud+uLS@^v<&_v`r47X&^EAZJ@@g5U^rUN-c@|#Y8n~bY+!!Cqh8*!s(3oT z%9tRBu8v;MNKA7fXp#XKHv)V6n2rpc?sj_H+A%X1jtU2eEm0k9F++fk=h^s*u`&4mq^3xJE=;Rs74qB_9QS0tDVplecW5E<2MfVlv= zhMuXrOcC9o5{l?V6B09X;fM}@I2VCdQf{Je>olUg=mQ(PM)f)whZE^}TBV=g_WOK9 zrj_$EV!mRD=yuHq#A`gS&AR7ej^}BO`MY~WI~?a{#C}ED+S#r@C<`Aq^9*CIBIvhp zL@UuC&TlLsp?&Mf=|V`U#E3Y=iX&nEDhP&RM7vB8?WIs95KBnttuStao77ZdL~Q|l zMKPizN^PP9WUcK;=OhTKY?eG{;jku)r}j3dPEDoOejr+A19kfEtlK|G53Ti~M@ZrW zf6_4`2ADASL)d-t*b7!b|3`bio_wAV!SSakU$8&6{(G4X8}V< zAcT-H`<+b2OBKYCfEZs4sex<*tz2L>01=dU%B6@H5eIDTfE2EfMk68xA%OrmMne|G zcwK_69gxztA{7;A<$@InNNGwe&8ir$OCTg5!Wd%<_qJ-j=Ojin)>&7uzd;a`0Y1$F i-!;bA9J_I%l=?r<|7hw2iITto0000Zl_OgHhg{=bY!9^T+x8{y(n|dsy~bdzE|L>$@bM6)_!6e?W)JhV_Jmw{VdrK8VNr!zJ3#ax)^`3LeGsWDSFXQz zGjvew{(BFsG}pET>g+LZu)|644; z%JQ#UV9wI4|Iw+JnmR1Syt}K6Bw6<~chDoymJ^ha%K;1Pp|EpnF zum7AVV9Esitlb3!`JW0vp?}Bque-fqdXWF_#{YV^mw~@KL_iPX<>u{a3#^Ad+rKLV zbNBy#(BB(@-biSBIs%Jg?V{jj>kWmt!c-NcS%LrX+d0}vJQcCG5wjMA@QDdRtoelP z#fA8+ZH2`7M4s8$2tsV0S&NH;|J~02R$mM(B&wvS^y0-cv8RH9ilXB3N`i7iV6do= zu%aRutnlx;s;*uzYgb#yzn|?0Jo`WEivK_BO2~UctYL1R25xRH|F#01*KRO3uh(ww zEb{VyS6zf(goRtv+SbwaZ!yo`rTUMND?mIQeIRy9o^DWUR4{h_M#2@9hM|~n|eMxpgY3$(p4nk>?X&<7%wi>Rmyph+!9#N|1^a_fKFAzp| z?HnK3MVdAT99~>Ztbaz3l;~T`dzTX7IqN!xnmL=LUhTNRj?2cQz^#f#24M4ZyPQ6T z0iSOvfy*sM;Br?2xUl@6EgLcfy8j#tT;2>{1+KZ*fr}jJ|DVeKwM_ptuK%%g|0m15 zXn+O!Z=?I~rTf29wx=9IaF5-aKDm_4NhP0+-D}>tbs18x{MQOe6l((C&UFV`ROTBf zM-W?E3kx~M$HyNyL7^4csVXaz%Zu}Y=;&w=EP2cSrELLB-FTgm!S%Tb8tj~_oubhyV0aFZ@o-on_|Fy@T;bw0+}BCV>cz$RhP zAGRiNdqK?CqW#~nn>`j+gp;d_67BkN9Azto9g~IyIaBYnDA0k z;X6!HVixywRu|)ggF9EM`i;l#nchxx{m~iQz3U7#I~@MGpbU0rQcxiQR><0#WT|*fs3s7jKfUiA|=m zvl(iIh%(md#`=2vm(ec`SGF5-TDrLUN#9b!KV7YCiqn6@V83Ma&ELku0XCo zU#&WV!<#hj>bMLqT01WZ@bLIsRuPb0n3As{IlQORt_5zS;b&KJ<-ghLm%nSdN9cX| z#D0m1%{tCF)K5!Scf_5`cdYtKSXiPjIwMM9X;6iIUqfELn=`Oto$~}dj}2}dTd1OX zGyK^7!?<8`Nr|JKt?lyjzJO|x6kbnp<2Wv{J5txH*MjH=t%{>}^rT(u+5^v@RQ6tc z;SH4Zc^vp0JFNdQ=|qf1X+lElR%G}6lut@WTT{4eksIb$W)ka*h@+#Us}&U$-qG7u zsaRj^y3e@y&L9CeL7ExhadAD%wj4Np_T3sa$(VmMDTmKhb`SfVQ6S8Y5tBJxlmY_V zPbk$b#@KH!V>%7}G7Gwvg$t8LKpM0X!Wq|Zgdq@!to|fX7B^+q1V6oa5`)V&6{Nx_|FIfLxGA$HXX$AuV_ruI#_3=p5^&HXLeXPwJcE zIFlZET|e}3X(u7n_ZA~re3F54PF|0`x|$m2#-H>46&iEeH!}b9gGHcZ5pvq>)KMbQ zOW+M<+CI0Xeiqm*PK3rL9Zo7i@Jb)$FW0ZYVpo`TPjrg+yH1zDo61|TaWBYS zi5030HPM!u8jngR%rpEMyuUz~pZv=4?ZwrIo{BWfun?s%tFoMmwOSS!HW=hhwLbGe z2=Y8b%crut-}y?sWVYc+Z3hy0qDVrfy>%EvslN)ed4t|tMw~Wg@V!!g9qf{`WvuVY zm1f2iaS@Q0Ci+EE6u#f95D<`)TkLOg_J&{6V5OeA)x1tx#Oii=- zcz8_K>IrRb%cU$ZKk)sezLjxzu`?Oz%R8ypuUv~2L764B9)7EuTDIrEEr%PJ-nAVA ze8GCz&lVjNY9;Z?^Q%g`aUf5t++u;RPwGOwHDctk@M~LiIfbu-T>bq|(n@D6zj0iB zW64hF;8yYHe?TU^UQa;Qc{0l343m-6IUG?r{83iRPbCI1LNzkY{X zxOU|CkogV;Bbf$ZZ@nLExJA+!YWTh!WBMYwa?!*}C{F3g9v?`Z52Cmwy{8e|vwUF4 z)>hwGK3!B_r)?wiW%i04+5vAX zofl-BpDG~kLJ~84@ZqCDW1+FY#2=*GaVNEA+xIqo<+f1;sENtUvqVCv49iY_zxmY4 z!#*E_*aZP^>~O9(k${V9JKZcJKU|0fscz(#l=L~exWL#0)@uj&%|Ih`Gr4N7YE-S_ zI4|nYG*3B0is8^}%~!uPdd2Mb=A@7sN&Er^DE-T2;t5^qr%ywarz+mJS1A;82IO;x znUhVjaotP7slDDWF{gU--7k=S^5{J|R@viz-l``$96Wq(1HROFbmYY(I&R}bNzde@ zQH!?YZ*(qkl^ZTz3KLJY3O=De50+(AY>xcV9Qn8p6YF_SK~Htp8Z3=f)FpPS5eFVL z2uuvDH?iJoGgGWIU4dN92J@5FxAG^ne(5E)%P{$O6#wEF*=UxbT3H$_&#*ydOS^q# z32^RyM?o(2FmN;&^CD?aj9ZOEs}4Nl=Is2tB}6l3oCE$3Y+eUc3h5X<^ajTJI%`s9Y6qR6al z(>3LVo_OR9Dee81XLN2pz@*a@hS1n+nP}_@su*5=-grBw!te3xmp6$YV`Vq1*N$b{$Qk5N znRv_P=w1P%Z(^vv<@et6b@CrSesq3t0yVHEevNgQzm!`t={4`+Zv2Fquuq_9@!6Sm zgs*0EhyNNm-IbmRIFJT(4xFKvpwJ9d-A(GQr~&1(gI6i z&pR#mZKs&9;(AVCvb1XB3ZP%~9Z{q!gj7Wr9*(7Myx;ULw3B_ye$)RhQ5sZt`QW1x zpOfr|;cv_EW|d5ofOyB)?Vs;JAOosqt${nx4%);hr`bgfUODLnyfIp zi~lM`mq*AB)I4T{;0`BHS&~zy8$_OSQw1v{OH0>8<~*-b6`x^wn+_`)lw``qt}+&$ zktQKiVH-GFMgwv9? zph^E%8C<}G>dxNcU!;T*K!XpY#&K)89WRGP*GKLaJYb1LBNLd(N+z>SX#wri1~kn=8krZkIHCBvs>WXH;P z{ZIquQOt@QF{Ie8J41sA{+-rK>`!&`fYhhPeI6(ET)H z**l9A8NLh3I^uA@dKP`oR9Kg@S+&>RyGBQ&Zh+W}f2N zZxKNs=$DK;NB{DzG;4Itjr#etBm<_o!j%Qn(~_-<+K%GNcDJc{DPfA!9NY`uE1K}P zxaYHDDCjjLzMjbuy(n*JXlQ#V$)@sqF)1~mduHABHhpt*^UvuFcjX0 zFV7AFSIAw^h(VKPSc$%=Y4o_HbvQ+_Mw;HU06ey@SyUd$8n4-A@@@LEmum8kRrNsc z5lt>?f^hcXEwO}Q0&4@BHr^aL+HM=*_3FF-Eg1>&yfoL<{qx5~%SXAc!=C)-=U)|3 z^Rf4}rAEZh@neDbnCVVr4|9mrIU(@i4br7LdT6{vKNT>#O@p;&dAe%;(aWs|*awXZ z{P+Z5voj~bDxT)dO@Q@(x2rZZk+LTAhCJTuVo6bhTi%;P)wN<;I1UbJ)6k`_Y11;s zwPjB19M*oN`4hE#F>v40dnFxao5k4yn~A{Gjn$g_F0eimEecJwshLLQjbNd-q{W_0 z`Vy`BrOg|pN}S{m3fb?4diaXlgB{ihZIXXT*K0{{_oc_d3&{wm;BwTn*8T1AFVP{ZU}G9^9~f@H@m5eDuQ3@}-dRx3h{T5La|g zd#lq#=}DiR(D`gpqREZVZfW$BzOvq%xYyEf9${+9L(jg+1W8n?!R3zNRN zqMFzdVvuZ#+KfH(cFTO@KV|qmk<}_@$(;=Fz1;QCv{M;Oa&OhIBMKnUMU*{n8pwJU z+et1dfk_{XLb!j(JJ?xZ5d#N!@i#4o!QL`GU<%rMq1>gaTsZt#Z3BZzlYs{qv0*rH zTQpf1SOLDk^PBxo^RHwVnJ&E1I)1%8z5_hq%?;DH3(xL+{9&_RVh^P+v7?bISq#=% zUnuSRb6dgkSSU3aH_?WdcB-)LKn`B_9ebw_V5FU~v9sEc%L~|8%g25D6{2Jf5A>P+ zuj&h!S=S88Kr!aKwuI6{oeG$cc$$W#uBoX+OF_Z+qK?{5P28tbtCdLRjScpY>gNcJ~YYzJM+1Uws17-VT>bqR0=(15#{yvKO!5&z+@ zrKM`%j=+PZ-)_?ySJ0`!>qA)rL@AL6aXlRy^^JQBAEBks&wr$^ad?@@`I)mO9LItZ z2C|M0xxS?Su4F%zPvJ9ujCYlLh*GM$bQVQtZ2p|KMA~-!-lIEgx|%@9#+noGIkn<{ z0Iw=w(&69J?ieUz*Bjrd)LCagsAepNRSz*%Ncj{XFE8)>gw||h-8|})T;_5P0niyC zMjW1%**Pr8%NRbwFAJ=9W@YUvdT?+sl@&int*dnYPG~{)<=fqL1w~7dfX@Z=UTwS{ z3JWoIu3ke~PmIF#lUoeswBz0!90?N&p2AP@ox#>yV~yVevV4QWkGSDGvkl}&yYqo6 zDcRuj%(DH})SmaF81>!DuYvn7is3r*9o$gpqAUJU(Wm6(p!tn&(1yU4VXn<%4ZgHRk_`1W@2Y;OHXUTtUUI25_~Bp=V#2X9-s zxF;PuCdkDUcR6d6$&RMw?6+OZ3mF-EK5;}2v9ni5+j0iEyF8au;%%QPbp<86-2WuO zz5oW|dK_x0z96p=Y!$fEKr(5yt5}-N&=bo@e~g1(UvB+qrqO$Zt#EP}n{^RB%axDJ z?2e?$m>#ttn><~-jX82-e){Tp0DA{TeUjg(Y@_q<3NxHVoZR}r7C`tz_3Q)1)fBoY) zNZ)U6)nBa?{QTb3M^M48;tHHJYHNU#wL=BARgp8H)WBRa%rOd!k&+y+WnpruDg`IM+RxbgBSeR+B^o{QP7XF zf1gHJ zEF+M^(K%+pKjP5xI0?DR2atBrLNZmDc{zgxf{xJ6QqNHB}Kyfob`&hjxm9m%+~RJqpz7JYSbb|L_ffkQ)h zDYH{UU3|~J4#Hr|&8kT4hqr_lM={;a{tzl&=5}smmEJ|o#HuJ^^;TPm6w_r`%O*Nd zi=rB0>K&vQ1t$U0j3Y>)Aq-Jkm9oa3j`CO-)G( zbez>b^H}@YXC#7V^BQeQykr2;pI~iGRX8(+qJ3GwtM(_Mj zDXpqM+V&oW#!d_9avW2GFQxJ#!3KipQnI}az}1Sh1-Dn-k_K3(t;7>q<}ErPbe8|^ zevC`ux#!RPlT7?JJPdQ-gIhR%N0BUH`qnYQ@v&+fmr|jbf-4*kgh$>^&dynX;m>-O zucd?y;jPJ)jUUYqXiHzgU3=pncMC}iB&Y=C0s#s0K8FucdE=~6;?s;5i8RJY{6v>4 zMuhH*@@lrF!0gTJ=4q!eg!6iq#HZC(hFinFReD!XL)6sO<2VkISre!-ens_14RIu( zAosJ-!VR{H^%3kaxA~Lo&dLD*muGUQe-Z;@g6a;2<*5plQFL8Kl}9rbyd1PKBAXr# zMe8NzwGSUmTsb!@_>wVa%EGr~{>9#+HW{xbaRIR=bq^epPY< zqFQPHkVWh&t-Z1vV*ovbTC@cmhS{E5=4wpT3SMz*Ke3Oyv`AWxWt7Zp!L_52%dwJ~ z;iOdU((`;+-DW;fFCc8)Nz2wZHxG)w-+I+aRBhpuz^BKY|Mi>}ZT?;_m!+C!y}eAz zE}X>+@c?r7t!u-tOP#K>>A*9sB(e&Dnf8_U3{ozornJ-&Uk=jaIGn5c=F>li$HG&C zlzM2hWdD4>KLl-@Uvt5LQ(l)=T64%mt_tZgdu!IxZEf zNw(*4()8132cK>{i{)S-hHTwOC}+el+POrh!G}^U19o)h*XdHXe=1*pC)CD7zE!MCd;c@9DNE9q z_WO^f-|y%%wS)JQ{Byu=Ueh6mWme)S*~_5j36`(to1&elPtEfkAt66?%lk`T>+6p# zUF&Bva^p;NkmWe6nZ-N9un{1oTd8e?-(S;5nG( za)_2f#&UsbBpW2}85Y8wXf#q!q;U&^D2g3Z9m`)rRu`V7~wUqoK>f zDf7i%BrK;{vFpXQej_)0FkOV)&~czCt**X){Pb%XxzweLelK*mJnLmgbhW1Ue zRJ+bgtS2ZlscL)Fjo@B%o4w|wjbS|UF#QTlik3jXGUCUUFO7nUahC>qX(B}u-MV&r zHHB*Hcj6avcoBVChx!^~DT9eqi8XD9h!j#!rIi~N__Sru@z*-m(}tmi!p<`M z?~7tKH(?44$+wRCxN=}jf!j5BDgUjmTaR`tVbIfZG(4zE0N>>TS=}8#{3zQUQw@;O z^1MtypWl`q=<_TbT>K;bsImC1j4tz@r1GOH#bG}FKza$v(@oLKAms6BM{%3Lu4o;| z=Q(IU-f-I!08u0!9xe{`EKqJ++q+D`$JXm9#+ItSBsZWr-Z7(4t!A0^44KjHC&hai z^UtE@I)3|v#K!b2%Qo_r@B|0k+)6Y`^LD)(0bu`NoQnRKi<&7AlH5!P*Z#(jr+>nk z)b~?Exv_&cNkwkbpz4@ntg?s+twr5wtyM4EnQ7oWvp zT;a075T(%mHRu&RWYEB}wqZ4i62?37di>_ASc=49Qf#%%fiKjgP~i_(QNar;n%S0| zp#44)i?sVtXF)WBGulSDcYC2tGTylq-HaPZ70@;o4SP@+m_H9t8)h`2_6&t(*YbVs&ny!s&%9}9e`RaTFfeDCzyUWK?K-MFtD!n{ws;a7Lh57TO z?QiR22OgT5n#^?%)e@y*LRRmRP>Vj_EeIlSd-?D<1IWx_um^}Ykh zY2Nefd@{Sabi%G?a)Gtdunf`8|4UQ#!gn zadP+6ZlbHBq-TcFX?5}g1b$@;DKPxwmRmW-tK4e5C~Gw!>26Xpw=h;nPe`*F3%6V&%32P z-ahHQ&g=eBlNEA*{=|hywf%CsOFWEwJGjv}a{OXbxiQp(`lF$+jm%J*dgU+6-F``` z=4V+y#dbm7Yj^lj_jt2n07l@X=Z>%^p75@ztP|cOZ&xq(a3!2_a67)`>$KY?@^)L_ z_Yn(yWa|&TCrjovHWB(}W?LWr5$sBPY8`ez%C5bx?2s4zjuTOuZg|Hf^fS3Y>o9V^ zpEv8za!<#yFH~oy7BY~DcI%igDJk*T+}a{nT6^bB?lN8dSjVh9Ah4e+V(@+MQ>RBj z52NPB;t*_SNivKaxcn_x#>{5HM{awx+*81>}c}*}Qs1 z0KVx)PO&f#Uy&rL#q7~Stj%PB%e@xWne-Jy74h(!6l&@hP0O)?ftp_Qo%TYA!y)MP zBmiH`zCQES5U(pb%Q@e6*w8dqiet)Rih?FoK!a?k8@R~SJij=87|uz(Kv;OB8e zlUnlGMAezED4AsQnToK>crL$*I+rhpA`<03^pwv{XDU&4KIjFtzTD*QT;)qyMfku3ewu$_kkd_wV$;sQhxoRR? zp?XHwaU4(P%cQQNGzGh%(NMiGtftR$RtKNBve|;?H0`|*- zV)y0x_82Zp$z&@3^J1C7$$5F$PbBrm=j`{3JCAh{H_1wC*ErGn zL0q&KBQHr?C;*oWs=^ygZ@j=x;@zgE7@yC4jv79c4Db8oAGO#xqgT&(Lsl*9QU^#d zKTy3;SgjEhKbGV}Y?%Ye~l@;gzFlni1g?*>%13cZuy@QHS~H#ilQF^xbG?i#WctA`y7pm;r73 zb4rTjMQC|{Roq?8!0WrEu(&dgJwcGM(uO6@!2R?~aL9o!>z;;58Nu``!F<#rp}FA= z?>}OOG@mnXp9gU)x`~IFA&Umzjk9@Swb;9oD&oc*pa?#0{d^5`BV_fxO+?{qHzyg? z%@#`0T3HqPzG-O>w%QMDF!+Vw%1~Eg+n5Z*H3hTJE-za43;FT{Zo)Y)I>VA?R!3y~ zWG8uT78y`Yr1%TR}bz;vF2^*4RMy5f?qI zxrWhQI{!?#uJ}kmWo=4axIrG(>;7C+j%wB@YqFgF`+5ICDA-e0qqD`Z-+&cge8z1Yk9XmL`mYRet^An7r?aWU00N*p zw3eCs;{cFXIZA8sq|wdDSG)IeGk(n@hu}=W(rG?XVY}F2I#C4!ysih=@0WV1VA<3G za6R%cKupj!w-JE|W}%J>%3W6Nv)hkD*iaHkJAKLJP0cxBW*^I|z%6EWu3K}Yj(om2 znZtbT8=fEb&ubM}|HvYPv`OY{g=kJ0AWZ_2yCC;>WcixF5fqT;)vLdpR`&v#rkoRif zR+nqPu4%&r7KBm9vK^{pbj1C1dzed&{#fsltRTM}TDY4Q&=ff8E;tA#oXqgHfvG7Y zvmVR8yW#pn3M?mZ^oOXqqP6!806893v7@CQVO27v!zsv0W19<|o*a`7q!SH_I!iwL zkF;7nz^f|0aPlO`3{+cpj|y!KOcNS8312EcJJ8&b1#BUi>0nA%(m799DecTb1*c6-S1S}xkvSw50dQ@yRq=K9jl4-b=E3vbPy zdzk6U$&7LgT!dO7cy!u1NOAfMF+XA@6NjN;&5CPDl8{#MUWTwYVMUB4@AKJTm(`{X z=Z}2#>blJ(HeWBUuvmkG@Aq*PlYS@B#D20&c0Ie(Ci{H%?UOuw1|XtvYH`6YEiK2f zPlEsH8k;pG!(y{NJkYQ`T z?5sg@e)yQxaXQ3|5|@(K9mk5qfpe2`CDsc;pS^5**r>ye2O;m*zHnT>UD%k~ywB7x zACA{KqRid;m=Qb7zIO=NoqX{ax5OJMk7?ZPb0VQi?BLfk=ddHi@+oym$iynT1B&U(%2b}1sHyJgd1j8P1d88uGPqE z=e<8N=~(~zhACNv{TeZ={P5L6tN&0*aki-rp(}4^tExk0>i{LT`~iOj$)d2ifItBJ z4nkP8v&Vm{Hzl6D))9{1%+rc|=%l>G8=$dv`Hp&fN4aX47E>IykBgVUKZr&!9|gvO zzJ$|U71$6Pm3UP_xlyzgBhW5Z9sWb&na}pi^&Z&^k5o+0>C|-t6WEX>uC;L2GyS2i zrR4=XlG@Xt29vg0VpQG0q>lXwQa$JW<9C)%O}s}w3gkF&Dw~&44O4mhvAE3Lylwm!+@Q81;G(cbVmAFZ>DoeS!bt!SWs9BNQs9xzmI8o ztP=2MZs|wN^|ppm=%s}3?p$VDj^_LTAqeK|+IZn*cqUX?xMJf)@rKf|ns*-Db-y$&L5XWhnLjDBHLJl(A1Yp`+C(BJlUO;`oF0<*H>$U!K zX&?SU(TVz@K2;3TxZA*?%1E8`eNML!t8$#}Z zG_ISxS4d?=PRmo;kvew^DF+!_e4^dp$a>z)iibVD7p1VP_xqG%!l0vKDns&84oDV> z2TXIx?Vy)kTaG6Q0 z1A1`~bd+o6Mf_{eY`Jmxq#J<3NzapYh0GAdfg^E;&cPN95$XBou}+;+ zFE5)}j|A9!uw-iL1c;X z&frheWFFf&8@crvdf0@5;co)q9RH3Chj0$YInzYCn5aGEBJ z)NH^Wqf;~UaJNL%e7a5#U>NaGH7gTE)s&Q!@bD(0=}nr?FibOFOTeJWl$h1Ueri@( zWizO)!%y4#dT)8eBA{l|0AKoYsD=Eca)_Pl&mDL@8JC622We-u--A2YL#{u(Db#mM0%7lAx%m;i@Uk7qyhof^<~}jg z2wT{Fg+@TVEd5t$8~}=M2mljaqYoAyCN)OQ(YDrbI4Q?6r0o(ADC?~n^nOL~ON5I_ zfEBEaWrZBwV}XIFdV4qU1+F`M|NT!tS1(O}H%7~F(W1qBVQD$}RgHes=1JD+Iw8BpiwP^KlKSkB{KVa9)Lq!LC`{ZT211cL& zTsdf-!Q{w>T&M#vY-ZYqKR~7lM9Agxa;LHwLq6{hgJj7cdHS^Nfhz=X?Cg*|a>;(!U8(g%#&!z_2TN5wG&`u`dasQxUJO54uzy zS6Z}WGD`Xs#GRf7H~{4726p}ebH6sr)~4>l-z`7+9-C5uFTAeXsG{zw|3We{ADU+) z+xUJe{gN*c$Ka2~VCo%{>VWhR9=BGOHs9S|m3Q#SP_O8ON5e3*^#$gDYelLz;#UeC z&Tv7ZjeONgV}lSR4d-W;1Hao;2h#jq1=+fTFG+SeC%(!S6t~=ygbh6qr5Ux?K9=^t zEwrKdtlEPrKeFO9VVT#~`1EWsBcDP z`?n;%>Oyo|n(@9j4z12v4cwNCtPG+{lFh9Umt}(V0u`EO;0LsYS}){OP6s zs=tRZrq@1c<_g}|;N=0n(50kA0MK8Bz^i_|mS9aoUuju)p=<%>dofS$h*p}t?yd!F zZ}Hpp{rNNWyq{-7w;goEv!~lEV1jsQZpf;!@*)Y@AoFrd0gyZuGN-j{Y}e2ny6ZM*WTFDnFcM1_x!);=28{5;gV_{Xd~8NOXK5! zb}zNcqQxgyL{%R5Gw)zytXSY7kkXzB4ttmpSlQnv)t|O_yLN1=+FYoQH&;b9WiSfLS$^z3s4~h#evRR*oXMEh~w2oPsZMOQ_Py~ zG}@0z`z1%8o}Yfm@sJR1Bvr&Z!mi7F5g-b}dwI_@i@7h?0F6JJkXa6DdPc+AE3t27 z7Dxo`S^-*&vwVuvu&$mwuZ$v5K-Oaofk3#3Pi%uXhekuQX%6>_ii%W$=#^^|SwZ)- zzNyKtn%#`Y_zr9egX`0zOcecMMDtD>#Ot#;or|iq+}MEl()F^5e>L4$S1QbL_Bwfi z&(4_$TzK^TRvR1J;R^x7dhZDSVWf-`uOQ8@Mr>;i>ruPO6?e{MAfr&cjQ)|$NSx}yVA^)-FZWb--Dj# zVM@t*?co>2hP3B}fGR#4l!zHLG+6lUCe124o6VgO&JT-AV#mgK>+(;L=HT?VsnoYI zun+~#ZAp!(8ljB)d~B|O>l*;P3>_Y!i(4#E-ftNj=S&wn%gj(=4_@N;A-RaK_@q`y z%afSJV-lBI9yfMKRi?rG#nxS*ChA&)20wpbQBR5dP(bcuxv>`Jl^G-3cZC*4{ z<3f;u(kgD6sP&jtP&Q#Fy|={|7kmU9WHMuU_=Trn#tYgkbZ1Z9kc9Ke;zQBWkQ;G;( zKhkG4*8pM{R90G=zDx+3zl>A0@x^n54v;JxmbAU3$<y$lRU4zh~aCR z939=4Q&sJ=4LA==`n_aw9`GVm#31T`q3@*s$#+-sajCx|U7I+zBTK{AZAJM{GLmT0 za0`IMC16Y2;agf)cls=#{nQ1dCDQVcuFfY5d0=RQ>HOTBly*uop(OE{$vzW@e;j+t zjq4dU)+I+}0E~{D~y9Q0`oVW|L0r zVy(uEnb;k@cQI(~+bH*QQrmJW;sEWlJLh;Xw(f5hEBCa9!nz!Dh9A=o`742Uus>j; zUY;5l7zm*oK64%Mg@95_zry_N0XSli;w-A19gJI4J0qy+4;YRF<(HRld!J(si{ZbF z2&>^TLRg1r{%w-}a@rcykyjqszG46K#?5z9AEwC#)KK3f`ZW&^4^dU-$bA>3c2eUt zQA`k!Wk%GOeS9r&L}X%Yo(qfb(Of{>IWpXp<6E9z)fs3)ho&Cy&_*cdk2D0Fyc=sT zQAe#t$cRS!x;&wkR3lIAr6^mm)QoOL*{0G-^WK`xn-I- z&Ohhg-rmke6{ablB*tdK?x&$y#QK5)KC#VK@UBv;;$g-34BvpDVY-8w3%tB4991?-81gG7>70_E8CA#f>4!WzJoy zT7EJ=uGqg_Ox$ob9!JP^Tr&56N3kBgQnPq?6g;1kX7S|85g<{jvZ%575wxYvMRnNv z%V8)J3H$#3-dHWv-nY3uDZO#vvnG9uisL4X@mZ66=tqQYY3GhAXAaUF8k7_4qoe!_UjM$uIMziGn`Z4bTg=0j!&{S+ zYa9Hop-Z~-?i_QJ!o`pCd!E3Xg@)W#r5eHd{0lC?`!T4WHZ^M^&XdD8FdwHG4uJSu zprpL~$xc_Epkp#uM}Gg&PET*#Mv3j|Je3+XEj-SlZ~Xc2=8NnuMAAK{5=&d*t zn0ZvF2aTS#=6W7Jem7uGT$kiHNcGeP?1Xx4qR7#jURx`KHuI;mL3NA+ynG{!N;WkH zj0R3&uSiNpr&@^3!>c)Fb%r;HfaWt{Cv~>SP_|2?^6vEci1&A4!e{mxj)YUb( zBM+xfGxO2=rH}|lm`A{b0BPGDG)-x&Dz#})tnzKzx4+<)Lp>B7T!Hn$Yn|RBgi;QB z7`-AuiYMODcX38<_r@q?mG(&Zy%jy3*^l65##M-v)|ZC-bPvm$rqMSW?56?Rx^8;x zEGySSeV{A=<(zqBZyeK(n%W|$E?PLXM`p&?GX8W?@E1y}-*_e2{ku8}eZvy9`T{FG z=n@qWN|uFGOE$I(NNho)37JPEr}qM>)GZ=TWy?Gd|CqO?ef%`v;5>B-?DNUl24}iy z&zg9}-0>Pp4!S98#JQTWf?NiKQBt=kN z?^&|GR>?ylyWY;%!u`E}7TDY~rq17p(uP!ECIzoGcM?%9r4;|H5T zL+ZFgKAFYp2Irx|%HGrUQZb9<0k9#geHBnjOB!@Gv|gNUk-N;iyx*c)QPqp4bXFtW za20AaBA0xSF!gm&prX8-p#<|#Ug$}0AiQJrFs8Yx3duI2xx!Op3#JJZgBZ^29enO^dggqIo?2 ze4r!Bu^I7k&OhQ0EGX+gc!l-oK?hx{hjCM)f%YndFcqsZnhDs)l?7^4|) zT=Fs>*{K)Uc2*h=rI`kHtg0sVYI%C$Fl~tk!lNC5trkAXipDPg} zJKZ?F{Zqup3AX#Rd@PaYB6&NairVb}ftJh&wHu*^{eXR)z1Wv4O!B-n!ZxabF-X_#}vg8=^`=JKRcT_F$^gvl*Wu!l; z@Fqy2O3us|SZ(cjBy7KBl)rKh*65e@F|Pl*Yguvs&rC7CpK~>0b}dLS)~LP~tau2& z)frczSZOKQVrfb}99bh_o$5ra9!a+DTu7vf zbNxH@gNZ=p`z^CXE@4S8!1lBJ6|(!AqJFvHVS_FM+=LpWgZnG@eu3l(^Y|8Dk}8p8 zaoCzvanV87(HlXFNBrT~GVCj8>w8knuW~9YCdX7xx^mZo+?YAGO-2Qk7nK^g{=EyY zgUN^AD;|}q;ju^QGbS%NAF7phKnUAKa7x9#u7~6mFG|%vrF=K&;wTPoUryD6uBvXl z)rt{!$I)|7QabWK49M0$f67pOeT%;13P!coL?SH~SN_x{FDh58`vysNtK4|@DYS3{ zTp_tJhg?{r0zQs-8~VgQ@Ds+_`N@=ciP7sfjknO-6ztatY?|1~TxCVRe-f<lnln@%~;N7`%XSE&V^4#*dWk3uVfeh5nKUDkmUbir|6wMk${3;9-FseYHtvL>7abvt)1 ziZm8X@}e=Gc`C;&$<`!$Hkl|Sn^MWEH7dYP?>|5f>+|%2B(+&u@kT+~@8BO4WKvjN z{p)yqEMBM*!jqx%*%OD!N|J`Mdn;EmblBK>Yg1XVWWd%iIT>J(X_M#B%RNb2w}Q#= zV`*!PQG%7B+=7&A`hW&;RVFg8hmAuVQci(lfL!w&oLbDc{uX$-Nc_$&334O%e z@IX;IyISRhLG(ojV=mCNSM~#4Hgh^fS6jQ#<=Jt7Ai4Oe6_Ng7tLU2*aJwL)tp#~+ z#jXNe4m%df??YXkAB_jHU^5bld<*PAzrb>dCQfS@&RA`0zS};B&*d?y6+rK!1p{df z$oT^x7b^kk(q*Kj2GFQ=()p*ZC*;JtX4|P>byAy$6B@}Mgm*ypRZ*+d*Sr%fd}#JX zPO6ALm)3_f9KC%K*u7~R=gur|ggkZ<-vP;CT)ax9d&o9|! zN3?vj97sTEu?*<&kFQC_iXk_*6&CGX@JZMI1<{zo;wLg-;4@VC+B05*49CA>Ol5pk2GR#hP;!g zhJeW@WlJYpat@*#9*uEA+z4?@C>dA*A0S3bx)s6DOyl)?C@Re;(g;U0g+*BO(@Sj3 zu~@&R@}L?nonUNb0pcKJ+-}@V21AEwX({CPgVMSvcz-Q2D?a|4QT zn;Q735TnJiI|UTxYE-YjhYqt?giD*K5tx0)sZnr?*9P~V^y5FWXq!|grb1vof*ml7 ziYixW9aUY@N?1Ss{*rK3_n7m@5fkG9@H}xDSP1*3+y{+$I-b9S`F9RcQFDf5JM|#j zFH+yGg;RMAIv#aq=81+sw1=CCwrkcVpFvp10X4&=1Ac;^EMmSrM(F$jZv5c4U_B!n zDkX<^J{$-uQ;9R$s;jY)eAaUuXC@M(O744?x?b@Q z2nYz(lvT(p^En+7G7riqz6(o7p|9SZDO%p#z$uMAyXef%FR=4;m1{|jaPEL5b`ylu zAfU(&9+TU+2+#xgX^`q r?Eg1y;5huZx&7zc%wm6Ti0&2Qc?