From bb3e5e4af137a418061497359d1b44b7697ca7c8 Mon Sep 17 00:00:00 2001 From: Andrew Scott <77340714+andrew-paloalto@users.noreply.github.com> Date: Tue, 5 Sep 2023 08:48:42 -0400 Subject: [PATCH 01/12] Xpanse api updates (#29339) * improve classifier setup * release notes * release notes style * remove field applicability * Apply suggestions from code review Co-authored-by: johnnywilkes <32227961+johnnywilkes@users.noreply.github.com> --------- Co-authored-by: johnnywilkes <32227961+johnnywilkes@users.noreply.github.com> --- .../classifier-Xpanse_-_Incoming_Mapper.json | 44 ++++++++++++------- .../incidentfield-Xpanse_Tags.json | 2 +- .../incidentfields-Xpanse_Provider.json | 7 ++- .../CortexXpanse/CortexXpanse.yml | 2 + Packs/CortexXpanse/ReleaseNotes/1_0_10.md | 18 ++++++++ Packs/CortexXpanse/pack_metadata.json | 2 +- 6 files changed, 55 insertions(+), 20 deletions(-) create mode 100644 Packs/CortexXpanse/ReleaseNotes/1_0_10.md diff --git a/Packs/CortexXpanse/Classifiers/classifier-Xpanse_-_Incoming_Mapper.json b/Packs/CortexXpanse/Classifiers/classifier-Xpanse_-_Incoming_Mapper.json index 98d06f67a2b5..f6026c304883 100644 --- a/Packs/CortexXpanse/Classifiers/classifier-Xpanse_-_Incoming_Mapper.json +++ b/Packs/CortexXpanse/Classifiers/classifier-Xpanse_-_Incoming_Mapper.json @@ -9,7 +9,7 @@ "Xpanse Alert ID": { "complex": { "filters": [], - "root": "external_id", + "root": "alert_id", "transformers": [] } }, @@ -78,19 +78,10 @@ "Xpanse IP": { "complex": { "filters": [], - "root": "action_remote_ip", + "root": "ipv4_addresses", "transformers": [ { - "args": { - "applyIfEmpty": {}, - "defaultValue": { - "isContext": true, - "value": { - "simple": "ipv4_addresses[0]" - } - } - }, - "operator": "SetIfEmpty" + "operator": "FirstArrayElement" } ] } @@ -175,14 +166,35 @@ "dbot_classification_incident_type_all": { "dontMapEventToLabels": false, "internalMapping": { - "Tags": { - "complex": { + "Description": { + "simple": "description" + }, + "Destination IP": { + "complex": { + "filters": [], + "root": "ipv4_addresses", + "transformers": [ + { + "operator": "FirstArrayElement" + } + ] + } + }, + "Protocol": { + "complex": { + "filters": [], + "root": "port_protocol", + "transformers": [] + } + }, + "Tags": { + "complex": { "filters": [], "root": "tags", "transformers": [] } - } - } + } + } } }, "name": "Xpanse - Incoming Mapper", diff --git a/Packs/CortexXpanse/IncidentFields/incidentfield-Xpanse_Tags.json b/Packs/CortexXpanse/IncidentFields/incidentfield-Xpanse_Tags.json index 99425c875228..a753c662458a 100644 --- a/Packs/CortexXpanse/IncidentFields/incidentfield-Xpanse_Tags.json +++ b/Packs/CortexXpanse/IncidentFields/incidentfield-Xpanse_Tags.json @@ -22,7 +22,7 @@ "threshold": 72, "type": "shortText", "unmapped": false, - "unsearchable": true, + "unsearchable": false, "useAsKpi": true, "version": -1, "fromVersion": "6.5.0" diff --git a/Packs/CortexXpanse/IncidentFields/incidentfields-Xpanse_Provider.json b/Packs/CortexXpanse/IncidentFields/incidentfields-Xpanse_Provider.json index 09bb1f857e47..9cf5004f3ce4 100644 --- a/Packs/CortexXpanse/IncidentFields/incidentfields-Xpanse_Provider.json +++ b/Packs/CortexXpanse/IncidentFields/incidentfields-Xpanse_Provider.json @@ -19,9 +19,12 @@ "group": 0, "hidden": false, "openEnded": false, - "associatedToAll": true, + "associatedToAll": false, + "associatedTypes": [ + "Xpanse Alert" + ], "unmapped": false, - "unsearchable": true, + "unsearchable": false, "caseInsensitive": true, "sla": 0, "threshold": 72, diff --git a/Packs/CortexXpanse/Integrations/CortexXpanse/CortexXpanse.yml b/Packs/CortexXpanse/Integrations/CortexXpanse/CortexXpanse.yml index d8fcdfa2ae0b..5575d2f2370e 100644 --- a/Packs/CortexXpanse/Integrations/CortexXpanse/CortexXpanse.yml +++ b/Packs/CortexXpanse/Integrations/CortexXpanse/CortexXpanse.yml @@ -686,6 +686,8 @@ script: script: '' subtype: python3 type: python +defaultmapperin: Xpanse - Incoming Mapper +defaultclassifier: Xpanse - Classifier fromversion: 6.5.0 tests: - CortexXpanse_Test diff --git a/Packs/CortexXpanse/ReleaseNotes/1_0_10.md b/Packs/CortexXpanse/ReleaseNotes/1_0_10.md new file mode 100644 index 000000000000..162ce0841c42 --- /dev/null +++ b/Packs/CortexXpanse/ReleaseNotes/1_0_10.md @@ -0,0 +1,18 @@ + +#### Integrations +##### Cortex Xpanse + +- Updated the default classifier and incoming mapper for the integration. + +#### Mappers +##### Xpanse - Incoming Mapper + +- Updated the targets for several fields for improved accuracy and formatting. + +#### Incident Fields +##### Xpanse Tags +Updated the field to be searchable. + +##### Xpanse Provider +Updated the field to be searchable and to not be scoped to all incident types. + diff --git a/Packs/CortexXpanse/pack_metadata.json b/Packs/CortexXpanse/pack_metadata.json index c0b6b521edf3..9e2f232e01c6 100644 --- a/Packs/CortexXpanse/pack_metadata.json +++ b/Packs/CortexXpanse/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Cortex Xpanse", "description": "Content for working with Attack Surface Management (ASM).", "support": "xsoar", - "currentVersion": "1.0.9", + "currentVersion": "1.0.10", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", From 2d462840deeedd6eb7eca72966f8eb73c3a435c4 Mon Sep 17 00:00:00 2001 From: Michael Yochpaz <8832013+MichaelYochpaz@users.noreply.github.com> Date: Wed, 6 Sep 2023 10:51:27 +0300 Subject: [PATCH 02/12] Fix missing dot --- Packs/CortexXpanse/Integrations/CortexXpanse/CortexXpanse.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Packs/CortexXpanse/Integrations/CortexXpanse/CortexXpanse.yml b/Packs/CortexXpanse/Integrations/CortexXpanse/CortexXpanse.yml index 5575d2f2370e..2ba7b25eccc6 100644 --- a/Packs/CortexXpanse/Integrations/CortexXpanse/CortexXpanse.yml +++ b/Packs/CortexXpanse/Integrations/CortexXpanse/CortexXpanse.yml @@ -399,7 +399,7 @@ script: - resolved_contested_asset - resolved_remediated_automatically - resolved - - description: Comma-separated list of strings of the business units + - description: Comma-separated list of strings of the business units. name: business_units_list - description: A date in the format 2019-12-31T23:59:00. Only incidents that were created on or before the specified date/time will be retrieved. name: lte_creation_time From 28040fb157c4494c69baed875c1cc06a0487c154 Mon Sep 17 00:00:00 2001 From: Koby Meir Date: Wed, 6 Sep 2023 06:10:31 +0300 Subject: [PATCH 03/12] Revert "Bump markdownlint from 0.26.2 to 0.30.0 (#28899)" (#29481) This reverts commit e16906851c84553cd05d3d306a582579b1e1301a. --- package-lock.json | 35 ++++++++++------------------------- package.json | 2 +- 2 files changed, 11 insertions(+), 26 deletions(-) diff --git a/package-lock.json b/package-lock.json index 556cd04e35d9..cca67914318a 100644 --- a/package-lock.json +++ b/package-lock.json @@ -12,7 +12,7 @@ "@mdx-js/mdx": "^1.6.22", "commander": "^5.1.0", "fs-extra": "^8.1.0", - "markdownlint": "^0.30.0", + "markdownlint": "^0.26.2", "markdownlint-rule-helpers": "^0.17.2" } }, @@ -949,23 +949,14 @@ } }, "node_modules/markdownlint": { - "version": "0.30.0", - "resolved": "https://registry.npmjs.org/markdownlint/-/markdownlint-0.30.0.tgz", - "integrity": "sha512-nInuFvI/rEzanAOArW5490Ez4EYpB5ODqVM0mcDYCPx9DKJWCQqCgejjiCvbSeE7sjbDscVtZmwr665qpF5xGA==", + "version": "0.26.2", + "resolved": "https://registry.npmjs.org/markdownlint/-/markdownlint-0.26.2.tgz", + "integrity": "sha512-2Am42YX2Ex5SQhRq35HxYWDfz1NLEOZWWN25nqd2h3AHRKsGRE+Qg1gt1++exW792eXTrR4jCNHfShfWk9Nz8w==", "dependencies": { - "markdown-it": "13.0.1", - "markdownlint-micromark": "0.1.7" + "markdown-it": "13.0.1" }, "engines": { - "node": ">=16" - } - }, - "node_modules/markdownlint-micromark": { - "version": "0.1.7", - "resolved": "https://registry.npmjs.org/markdownlint-micromark/-/markdownlint-micromark-0.1.7.tgz", - "integrity": "sha512-BbRPTC72fl5vlSKv37v/xIENSRDYL/7X/XoFzZ740FGEbs9vZerLrIkFRY0rv7slQKxDczToYuMmqQFN61fi4Q==", - "engines": { - "node": ">=16" + "node": ">=14" } }, "node_modules/markdownlint-rule-helpers": { @@ -2169,12 +2160,11 @@ "integrity": "sha512-8z4efJYk43E0upd0NbVXwgSTQs6cT3T06etieCMEg7dRbzCbxUCK/GHlX8mhHRDcp+OLlHkPKsvqQTCvsRl2cg==" }, "markdownlint": { - "version": "0.30.0", - "resolved": "https://registry.npmjs.org/markdownlint/-/markdownlint-0.30.0.tgz", - "integrity": "sha512-nInuFvI/rEzanAOArW5490Ez4EYpB5ODqVM0mcDYCPx9DKJWCQqCgejjiCvbSeE7sjbDscVtZmwr665qpF5xGA==", + "version": "0.26.2", + "resolved": "https://registry.npmjs.org/markdownlint/-/markdownlint-0.26.2.tgz", + "integrity": "sha512-2Am42YX2Ex5SQhRq35HxYWDfz1NLEOZWWN25nqd2h3AHRKsGRE+Qg1gt1++exW792eXTrR4jCNHfShfWk9Nz8w==", "requires": { - "markdown-it": "13.0.1", - "markdownlint-micromark": "0.1.7" + "markdown-it": "13.0.1" }, "dependencies": { "entities": { @@ -2204,11 +2194,6 @@ } } }, - "markdownlint-micromark": { - "version": "0.1.7", - "resolved": "https://registry.npmjs.org/markdownlint-micromark/-/markdownlint-micromark-0.1.7.tgz", - "integrity": "sha512-BbRPTC72fl5vlSKv37v/xIENSRDYL/7X/XoFzZ740FGEbs9vZerLrIkFRY0rv7slQKxDczToYuMmqQFN61fi4Q==" - }, "markdownlint-rule-helpers": { "version": "0.17.2", "resolved": "https://registry.npmjs.org/markdownlint-rule-helpers/-/markdownlint-rule-helpers-0.17.2.tgz", diff --git a/package.json b/package.json index ef3d2437fc01..abb2d4b36e27 100644 --- a/package.json +++ b/package.json @@ -22,7 +22,7 @@ "@mdx-js/mdx": "^1.6.22", "commander": "^5.1.0", "fs-extra": "^8.1.0", - "markdownlint": "^0.30.0", + "markdownlint": "^0.26.2", "markdownlint-rule-helpers": "^0.17.2" } } From cefd1f5e4dee665d63331ddcc3f78de6ae69761c Mon Sep 17 00:00:00 2001 From: Koby Meir Date: Wed, 6 Sep 2023 07:36:41 +0300 Subject: [PATCH 04/12] fix using deprecated -vvv argument when calling the demisto sdk (#29470) Co-authored-by: kobymeir --- .circleci/config.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 3fecea54e145..f822403df319 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -244,7 +244,7 @@ references: # poll for neo4j status until available while ! curl --fail http://127.0.0.1:7474 &> /dev/null; do sleep 1; done - demisto-sdk lint -p 8 -g -vvv --test-xml ./unit-tests --log-path ./artifacts --failure-report ./artifacts --coverage-report $ARTIFACTS_FOLDER/coverage_report --docker-image << parameters.dockerimageflag >> --check-dependent-api-module + demisto-sdk lint -p 8 -g --test-xml ./unit-tests --log-path ./artifacts --failure-report ./artifacts --coverage-report $ARTIFACTS_FOLDER/coverage_report --docker-image << parameters.dockerimageflag >> --check-dependent-api-module generate_coverage_reports: &generate_coverage_reports run: From 9d96b1167d73d8bb311f0ae84a622dad1dab1a59 Mon Sep 17 00:00:00 2001 From: content-bot <55035720+content-bot@users.noreply.github.com> Date: Wed, 6 Sep 2023 08:57:10 +0300 Subject: [PATCH 05/12] Update Docker Image To demisto/oci (#29488) * Updated Metadata Of Pack OracleCloudInfrastructure * Added release notes to pack OracleCloudInfrastructure * Packs/OracleCloudInfrastructure/Integrations/OracleCloudInfrastructureEventCollector/OracleCloudInfrastructureEventCollector.yml Docker image update --- .../OracleCloudInfrastructureEventCollector.yml | 2 +- Packs/OracleCloudInfrastructure/ReleaseNotes/1_0_10.md | 3 +++ Packs/OracleCloudInfrastructure/pack_metadata.json | 2 +- 3 files changed, 5 insertions(+), 2 deletions(-) create mode 100644 Packs/OracleCloudInfrastructure/ReleaseNotes/1_0_10.md diff --git a/Packs/OracleCloudInfrastructure/Integrations/OracleCloudInfrastructureEventCollector/OracleCloudInfrastructureEventCollector.yml b/Packs/OracleCloudInfrastructure/Integrations/OracleCloudInfrastructureEventCollector/OracleCloudInfrastructureEventCollector.yml index 52e764b8783c..20d36a5c7dd1 100644 --- a/Packs/OracleCloudInfrastructure/Integrations/OracleCloudInfrastructureEventCollector/OracleCloudInfrastructureEventCollector.yml +++ b/Packs/OracleCloudInfrastructure/Integrations/OracleCloudInfrastructureEventCollector/OracleCloudInfrastructureEventCollector.yml @@ -61,7 +61,7 @@ script: required: true description: Manual command to fetch and display events. name: oracle-cloud-infrastructure-get-events - dockerimage: demisto/oci:1.0.0.70980 + dockerimage: demisto/oci:1.0.0.72733 isfetchevents: true script: '-' subtype: python3 diff --git a/Packs/OracleCloudInfrastructure/ReleaseNotes/1_0_10.md b/Packs/OracleCloudInfrastructure/ReleaseNotes/1_0_10.md new file mode 100644 index 000000000000..13da1e5725c3 --- /dev/null +++ b/Packs/OracleCloudInfrastructure/ReleaseNotes/1_0_10.md @@ -0,0 +1,3 @@ +#### Integrations +##### Oracle Cloud Infrastructure Event Collector +- Updated the Docker image to: *demisto/oci:1.0.0.72733*. diff --git a/Packs/OracleCloudInfrastructure/pack_metadata.json b/Packs/OracleCloudInfrastructure/pack_metadata.json index 76639fd01c09..9913489b6a24 100644 --- a/Packs/OracleCloudInfrastructure/pack_metadata.json +++ b/Packs/OracleCloudInfrastructure/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Oracle Cloud Infrastructure (OCI)", "description": "Oracle Cloud Infrastructure (OCI)", "support": "xsoar", - "currentVersion": "1.0.9", + "currentVersion": "1.0.10", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", From 783e9611059c24c2e8ecba8d27d0a5fc721e0bfb Mon Sep 17 00:00:00 2001 From: content-bot <55035720+content-bot@users.noreply.github.com> Date: Wed, 6 Sep 2023 09:03:51 +0300 Subject: [PATCH 06/12] Update Docker Image To demisto/taxii2 (#29490) * Updated Metadata Of Pack FeedUnit42v2 * Added release notes to pack FeedUnit42v2 * Packs/FeedUnit42v2/Integrations/FeedUnit42v2/FeedUnit42v2.yml Docker image update --- Packs/FeedUnit42v2/Integrations/FeedUnit42v2/FeedUnit42v2.yml | 2 +- Packs/FeedUnit42v2/ReleaseNotes/1_0_35.md | 3 +++ Packs/FeedUnit42v2/pack_metadata.json | 2 +- 3 files changed, 5 insertions(+), 2 deletions(-) create mode 100644 Packs/FeedUnit42v2/ReleaseNotes/1_0_35.md diff --git a/Packs/FeedUnit42v2/Integrations/FeedUnit42v2/FeedUnit42v2.yml b/Packs/FeedUnit42v2/Integrations/FeedUnit42v2/FeedUnit42v2.yml index ff91da143562..1dade5c8728b 100644 --- a/Packs/FeedUnit42v2/Integrations/FeedUnit42v2/FeedUnit42v2.yml +++ b/Packs/FeedUnit42v2/Integrations/FeedUnit42v2/FeedUnit42v2.yml @@ -111,7 +111,7 @@ script: - attack-pattern description: Retrieves a limited number of the indicators. name: unit42-get-indicators - dockerimage: demisto/taxii2:1.0.0.69228 + dockerimage: demisto/taxii2:1.0.0.72332 feed: true runonce: false script: '-' diff --git a/Packs/FeedUnit42v2/ReleaseNotes/1_0_35.md b/Packs/FeedUnit42v2/ReleaseNotes/1_0_35.md new file mode 100644 index 000000000000..69045456afa8 --- /dev/null +++ b/Packs/FeedUnit42v2/ReleaseNotes/1_0_35.md @@ -0,0 +1,3 @@ +#### Integrations +##### Unit 42 ATOMs Feed +- Updated the Docker image to: *demisto/taxii2:1.0.0.72332*. diff --git a/Packs/FeedUnit42v2/pack_metadata.json b/Packs/FeedUnit42v2/pack_metadata.json index d9d11c7ec964..6c684554fbcc 100644 --- a/Packs/FeedUnit42v2/pack_metadata.json +++ b/Packs/FeedUnit42v2/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Unit 42 ATOMs Feed", "description": "Unit 42 feed of published IOCs which contains malicious indicators.", "support": "xsoar", - "currentVersion": "1.0.34", + "currentVersion": "1.0.35", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", From a6257880f18a7daadaa1f639086260ddfb002cde Mon Sep 17 00:00:00 2001 From: content-bot <55035720+content-bot@users.noreply.github.com> Date: Wed, 6 Sep 2023 09:11:48 +0300 Subject: [PATCH 07/12] Update Docker Image To demisto/netmiko (#29501) * Updated Metadata Of Pack Netmiko * Added release notes to pack Netmiko * Packs/Netmiko/Integrations/Netmiko/Netmiko.yml Docker image update --- Packs/Netmiko/Integrations/Netmiko/Netmiko.yml | 2 +- Packs/Netmiko/ReleaseNotes/1_0_9.md | 3 +++ Packs/Netmiko/pack_metadata.json | 2 +- 3 files changed, 5 insertions(+), 2 deletions(-) create mode 100644 Packs/Netmiko/ReleaseNotes/1_0_9.md diff --git a/Packs/Netmiko/Integrations/Netmiko/Netmiko.yml b/Packs/Netmiko/Integrations/Netmiko/Netmiko.yml index 87f09775d480..0d31abcb838c 100644 --- a/Packs/Netmiko/Integrations/Netmiko/Netmiko.yml +++ b/Packs/Netmiko/Integrations/Netmiko/Netmiko.yml @@ -452,7 +452,7 @@ script: - contextPath: Netmiko.Output description: The results of the command. type: string - dockerimage: demisto/netmiko:1.0.0.71475 + dockerimage: demisto/netmiko:1.0.0.72651 script: "" subtype: python3 type: python diff --git a/Packs/Netmiko/ReleaseNotes/1_0_9.md b/Packs/Netmiko/ReleaseNotes/1_0_9.md new file mode 100644 index 000000000000..2be594cc4956 --- /dev/null +++ b/Packs/Netmiko/ReleaseNotes/1_0_9.md @@ -0,0 +1,3 @@ +#### Integrations +##### Netmiko +- Updated the Docker image to: *demisto/netmiko:1.0.0.72651*. diff --git a/Packs/Netmiko/pack_metadata.json b/Packs/Netmiko/pack_metadata.json index 6ea3b6c1014c..7fd29ac6ccc7 100644 --- a/Packs/Netmiko/pack_metadata.json +++ b/Packs/Netmiko/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Netmiko", "description": "The Netmiko pack uses the Netmiko/Paramiko libraries to execute commands via SSH on platforms supported by these python modules.", "support": "xsoar", - "currentVersion": "1.0.8", + "currentVersion": "1.0.9", "author": "Josh Levine", "url": "", "email": "", From c67a181e943b9e219ef94a422e6f461be2352b18 Mon Sep 17 00:00:00 2001 From: ArikDay <115150768+ArikDay@users.noreply.github.com> Date: Wed, 6 Sep 2023 09:31:03 +0300 Subject: [PATCH 08/12] Deprecating block url generic (#29453) * Release Notes * enhance * RN * validation fix * fix * Bump pack from version CommonPlaybooks to 2.5.0. * fix * fix * fix --------- Co-authored-by: Content Bot --- Packs/CommonPlaybooks/.pack-ignore | 3 ++ .../playbook-Block_URL_-_Generic.yml | 11 ++--- .../playbook-Block_URL_-_Generic_README.md | 44 +++++++++++------- Packs/CommonPlaybooks/ReleaseNotes/2_4_1.md | 6 +++ .../doc_files/Block_URL_-_Generic.png | Bin 0 -> 161442 bytes Packs/CommonPlaybooks/pack_metadata.json | 2 +- 6 files changed, 41 insertions(+), 25 deletions(-) create mode 100644 Packs/CommonPlaybooks/ReleaseNotes/2_4_1.md create mode 100644 Packs/CommonPlaybooks/doc_files/Block_URL_-_Generic.png diff --git a/Packs/CommonPlaybooks/.pack-ignore b/Packs/CommonPlaybooks/.pack-ignore index 92a0f8b9351e..f1ee8b4a3553 100644 --- a/Packs/CommonPlaybooks/.pack-ignore +++ b/Packs/CommonPlaybooks/.pack-ignore @@ -81,6 +81,9 @@ ignore=RM106 [file:playbook-Block_Indicators_-_Generic_v2_README.md] ignore=RM106 +[file:playbook-Block_URL_-_Generic_README.md] +ignore=RM106 + [file:playbook-Block_Indicators_-_Generic_v2_5_5_README.md] ignore=RM106 diff --git a/Packs/CommonPlaybooks/Playbooks/playbook-Block_URL_-_Generic.yml b/Packs/CommonPlaybooks/Playbooks/playbook-Block_URL_-_Generic.yml index c9d2c2fa0171..7c788c432679 100644 --- a/Packs/CommonPlaybooks/Playbooks/playbook-Block_URL_-_Generic.yml +++ b/Packs/CommonPlaybooks/Playbooks/playbook-Block_URL_-_Generic.yml @@ -1,13 +1,7 @@ id: block_url_-_generic version: -1 name: Block URL - Generic -description: |- - This playbook blocks malicious URLs using all integrations that are enabled. - - Supported integrations for this playbook: - * Palo Alto Networks Minemeld - * Palo Alto Networks PAN-OS - * Zscaler +description: Deprecated. Use 'Block URL - Generic v2' instead. starttaskid: "0" tasks: "0": @@ -565,4 +559,5 @@ tests: - block_indicators_-_generic_-_test marketplaces: - xsoar - - marketplacev2 \ No newline at end of file + - marketplacev2 +deprecated: true \ No newline at end of file diff --git a/Packs/CommonPlaybooks/Playbooks/playbook-Block_URL_-_Generic_README.md b/Packs/CommonPlaybooks/Playbooks/playbook-Block_URL_-_Generic_README.md index 11b1a8585dc6..d833d68478a1 100644 --- a/Packs/CommonPlaybooks/Playbooks/playbook-Block_URL_-_Generic_README.md +++ b/Packs/CommonPlaybooks/Playbooks/playbook-Block_URL_-_Generic_README.md @@ -1,39 +1,51 @@ -Blocks malicious URLs using all integrations that are enabled. - -Supported integrations for this playbook: -* Palo Alto Networks Minemeld -* Palo Alto Networks PAN-OS -* Zscaler +Deprecated. Use 'Block URL - Generic v2' instead. ## Dependencies + This playbook uses the following sub-playbooks, integrations, and scripts. -## Sub-playbooks +### Sub-playbooks + * PAN-OS - Block URL - Custom URL Category -* Add Indicator to Miner - Minemeld * PAN-OS - Block IP and URL - External Dynamic List +* Add Indicator to Miner - Palo Alto MineMeld + +### Integrations -## Integrations This playbook does not use any integrations. -## Scripts +### Scripts + This playbook does not use any scripts. -## Commands +### Commands + * zscaler-blacklist-url ## Playbook Inputs + --- -| **Name** | **Description** | **Required** | -| --- | --- | --- | -| URLBlacklistMiner | The name of the URL block list Miner in Minemeld. | Optional | -| URL | The array of malicious URLs to block. | Optional | +| **Name** | **Description** | **Default Value** | **Required** | +| --- | --- | --- | --- | +| URLBlacklistMiner | The name of the URL block list Miner in Minemeld. | | Optional | +| URL | Array of malicious URLs to block. | | Optional | +| URLListName | URL list from the instance context with which to override the remote file. | Demisto Remediation - URL EDL | Optional | +| LogForwarding | Log Forwarding object name. | | Optional | +| EDLServerIP | EDL server IP address. | | Optional | +| AutoCommit | This input establishes whether to commit the configuration automatically.
Yes - Commit automatically.
No - Commit manually. | No | Optional | +| CustomURLCategory | Custom URL Category name. | Demisto Remediation - Malicious URLs | Optional | +| type | Custom URL category type. Insert "URL List"/ "Category Match". | | Optional | +| device-group | Device group for the Custom URL Category \(Panorama instances\). | | Optional | +| categories | The list of categories. Relevant from PAN-OS v9.x. | | Optional | ## Playbook Outputs + --- There are no outputs for this playbook. ## Playbook Image + --- -![Block_URL_Generic](https://raw.githubusercontent.com/demisto/content/1bdd5229392bd86f0cc58265a24df23ee3f7e662/docs/images/playbooks/Block_URL_Generic.png) + +![Block URL - Generic](../doc_files/Block_URL_-_Generic.png) diff --git a/Packs/CommonPlaybooks/ReleaseNotes/2_4_1.md b/Packs/CommonPlaybooks/ReleaseNotes/2_4_1.md new file mode 100644 index 000000000000..e7e43f440fa9 --- /dev/null +++ b/Packs/CommonPlaybooks/ReleaseNotes/2_4_1.md @@ -0,0 +1,6 @@ + +#### Playbooks + +##### Block URL - Generic + +- Deprecated. Use 'Block URL - Generic v2' instead. diff --git a/Packs/CommonPlaybooks/doc_files/Block_URL_-_Generic.png b/Packs/CommonPlaybooks/doc_files/Block_URL_-_Generic.png new file mode 100644 index 0000000000000000000000000000000000000000..2e16e63ca0d0262c273e9ee9670297a2d4e95396 GIT binary patch literal 161442 zcmdSBcOcd6-#A_(R8pj(tgK{}8M2ibmA#csMrIrwqqvn__N$jM4SI(Ce3@Ypf@ zQlgXKlQ+cYs=@z`J3Nw+JO*pKI)CgK-7z_73DxKNiz6=2Rn_+DS8SV7!d^HMc|VY{ zl~=QPqV-MxL0>-1#HmLQnq_4G>CN~z6JXbJxaxpxyi}Oa-}RostA{E6O(f@ z^2Ef&U_26Cy;>?~6W4^IcGgPA93;`Gk#ddO=fsa4$N%4c)G&CT^KlM|zfJtVKYQ#r zgLp@quh%g=BD(+OM~wv0xk6g}i|NhlMT%&R^oQNBC-7tK*5-C-W5%G3GmW^J8w;o`;E zGaF5zhfjP{+yAkK*#CMh%}K+-Kd#2d^`8V|CSjZ6Hj8S$ORg6HE1j)zk8+ zA4_!Qo6)i+YDKDj-#1;34O0X3mOps;&31;JwIHXaUwQU0{M;o5R=H>4iC0+~t%u~F zJ}r^HcTaw(*qVu*UGd42CyGS2l_^s;0j^?a{dEpNqBA^w+{al*@kGK=Qfp+Z2!*RRs#CH{z|zA;J6c5~B^@omSy1@q!1I&<4+_BMYV zp?w|EUWh$}dQFu`y7Rz(`&_abHZP2nDlaU+Og0 zQ8`Lf3(3U5q#qt0PIYED&Qk`4lM$d3PN&Zm!ckivFh}TsII*U}H!Fg2Pv@mk4q@lT zNCLLrW*?I{;~|(N9@;DR*-77Hc+TW@B*QA?MkaP+!Q6Q=!YU()iHSCuLmNgMEV;Yz z$hYtz%{kJa#H_jiv?Z0(`X`rvHv`Yv$IDdRwX|ZUrluOwI9$1nI)$_<>OPpiuVqBVRL(V8>L(&&=re}!gI&KhTX5L82%$Mv^nKXI6&)LP5Ras~| zR;APr>p`lIkKQ1ZOaG~z=04y8@{SUG90mWw?$$u?Hl&>OI6b#___&Ssv{^ZG=!`Km zd>lA&xKGxxfPS?~WQA!BE`>Fdx3|yVx_$L5@#)h%3XSB&0s&F44-VDNz+sVa zyDaEPED(u{RC$Qm^ntAD`T@4ody-$zpJ#gac*6UpY8{TSg_g&yShtpMhSi>Qj5zPh z!^Fh&jj~t=Ta2I^D5z9Z=1Y*lLB9OJD|tlfx{}m?pmFeBmDfpRQBl!*Nd8j)C#ke{ z9S#-KTry%}GcM;Phwf{DryWndn^wt)fd{%rg1k|?Z6<&3o}bn|(QDVwz$F3-LejZ!H0jd#iILKZZQl z{44NEm)=QCYbZ>wT;A9?MeCkE+mM!IRgdzm69-IK76*5nU{sPg3Kf`F5f|kC{h$nE zgFN>S?jjza7Mr-jqWkfeMgw~ffU4kpp#F%Cc%{?+dxL>_-2d01X9&iI4M0K|3I@|uN(1@lw0YV=I0Js(a1#S!O# zU7=o+=K3ke|CU{EuXA~kfw?(3dlce8R7b+(h{2i0&OH8IrQhn%eC2 zFqYl7>4NDAtMtGgL(I*uD>M*JN_~#TDJR`|;7`K?Or!s_C0^9{*_P<8u1Ae+qs+8W zF`3BRq0iwf&e2!5anj2BP#j~`-lP~|M2cXh7Iw}qcu_%7Ebz&K^QU0e6yxC|ixa4X z{EkqDNH4Wk7^J|858Gm((d<9gV%E4>6Ki@87$=GAh8*Sq&+%sd&>E=OZrT6Ak)4j-+Jx)8ZSRINoQ8wjL^O9C|a`(Bve{$jtxwWaWp` z2N<@V@5n^MC>yyStCBW0G~9e#&Ph*8Lxa+ltP(^zaQr;Z8AJ&1p}-E>KWzn_IDw;q zvz0A+tGQr0N7?gTtcdt*>|=T_@nvF7H6%+Ag5`vpsjR7KT0y2>R7f8w;m;$z8O1wj zWD6QK|J0`Aai=t!>ky-hLvY(D<#hJ&Qic2sQ~11lCkM{jv*Ky@h$fp63R*rFm>;by zFSO{sckS9WMKy@5>|a}UKPB$mbwF%y?l*xyz0q$*F7K09(NlLhxqxi_>WBKSOJ=Os zGeR5YG_PP{VK@s%bT!aRy$Bv~CXA<^G`uZgNUq!&$#~;N(_#;d0*Q|#{Lol>Ks#sP z;^5dbonl9j9+u3k+v+>-EVaRP-scA;%R1Jw1*q0yb~C(m5h2t6>c0@PRv> z)ZpNnD|lt@JMTQWjax!t?6gZH4+alZBrgX=Ln|R3_OI_lxXfa_c3oLXe#-A|__wIKL@lfR(tBWw}dMSYH$nPE^0t+@pcYhz!p^ z1(y=u>0mEijAxh*i>i9dlm+K?+9a$%{otu@h@PmN?$XhZTv(t=8vgLozx@d1 zwrbQk8b74%FHwDdSyntMgft^3@-*|A$d(qz+0~WBZq#{NmIKljUOVoCR_E1nr1(wf z4wzsbghw^n`~CZ0Cy@$KxlyyDSUF(+e%MJDZQAWU>wLytqHLOgwXCVU0r7Vibb80G zQ_!7zWhRkX^VnSDSO^^y|} z>L6M=m(qwdv4zTa+>+OkJsEAH$j6T#gGjOKt!e4WpKuKkpDP@)k)J#FC*{v+;sKY* zY!1wZt3q#cN~6P0u~_*@FTb-nfy$Oc_ll|M0!d%& zlK@4%`8x2kiuYiwWyW=`u*u*#rV|ho+1a)PCT3=wZcF<*>xm}*9axG32SEBl%NWEv zIA#6!53lS7g9k~*aF&gTrd}!q(8O5l#(9Jpr<5s_f)j2kU zm?fe?5$H!HD(GMF&xUW7t_6e`*GB3k8eC>HTOiwl-kHA{8H_QkqMmq6MtgVYt+uvgLx42$bAB_i%X7bD zH0}PCfWSariE{Nqm7Y;|GwlOeSjMGC`?Fp&|3=_%e2%jj5+HkedfrQ5;bI(NOJ+HF zdL1xwyEOylaA#KQXWYOQWo#{o!+$Co`g!n#5T&MI=XUfZ-q+9 z!d%!BJoGYiWqGQCqGQU_;j-p+R*1rg$d?gh zCro1Yu37Lcq`-x1WuwdD04|=S@N;ZSo`O0`V$L7W(0;#vk$vd8Ep+eooQu#*y}_=w zrKRUsbESd0jG)DiVWW8xqseqc_#1=8ijk0N_9%lW>zn(%TSAkhwJ9=D&SX?%PquZi zL!xVzxsyE%yu8wdneP2wHsSrnK~G1+xRN{ts@v>0Jlq^Zi6>9SRbBOzjlAmgT#P($ zp=!ZxE^&RE+q>!`h%C#3gj=JXFGco#(kKrg_q&40T+r4keDdbP#i&m*<^I*v+=EQ9 z`={G0cYXaec$W$p{EQnjH-wG*P-98Alyw#pW0;XDS7Jx-j&q^BboWY7`WoJiw( z*fqJpkg(NPBHXSElC12Un2%d2FErP(ckkrd4AJNf*T}KZdVE~lmv$JmSkz`SryUSe z3BKG_q|`w}L!;C&dYNwQAfYIv!dVXJ(v2^j)4FPq{t7b`TlRJ#4es8t_DHD$RhvX@syc9H4^v>HK@ zk&zQI_mOC8$$GZAf@uI}^AKm2a-mnbJPNoKqYZS*`zQ-%FTItu@%&_=5tS$Qql2BC za|}I4n4fMr)`f7(MR1DfZ=>g~7hHt#eXa_=>$|XI#>vxMtRo}o9yq)QSGivUlW>>Q zN+mAo?j}=AGUd{py#x2`pt*SQhQQ7=KKYZe-KqL;11?!-0RzHQgGIZEdP8wH9SoP0 zxS<0lwLUp#wHTCr7Ti;?b=AtuvQq5!#TvhAd!wzG1ebSnv|*X_!|>CWaU%8+`9XF1 zz6}tVpwugcrs<)is95V`!J_Z0U-dn+_U3gBLyYlvv$auHKb39NTm#Jor?u)P8M$vGUR@bq1%^RO?J>+(l zw&n3JBlWP*O5IYzrl3CE3gh+|wH(k>y>Y_L`K?Wi#SCR^>Xt1D#&SM+ zclga&p7wzm<8d6FsXmd_U~NYtJ)lBtQdQ!%~=n^TY8dyK+BV70r9IKG#{RS}1e( zF0lkeVa|aR7m9dCl7SeR)dB^g$KUKD_$U55FN#79HMM|~NPrf7_sjs7Iqj{Ia@}XB zhpVmYOsj3P)zLBbmkO;k2L&1K_S&{RYct(Xq@FHQU}@NGcV{kRDW!=@Pq-o%~yu}s&ZiQl&+9Y#y$#a!lr4c6cfIb9T{a0_|Xgu4s zI1I$h`_T7Dk*uV5Fs1eH?2II^z`2`1l)PO7-Yvkz^{~bxLwx4dyG!ZvZk9efyC{K# z39LaI4U5#aOGMU^XZO~R&sya78eTl}ok~m>4ReY^x7N?StDFiisB7|Qcc0O{FD|ul zTA7xERAj$2Teo^7K79h4ppj&=ZNJo=)Ei^#@o6G>-_v;8iW(~7QlXVGZV*zz^(~cR zrk<);>=~9IO@6C3cQ!U@o`=`{fs5#uU!D&2=HS^S{=N#sGg}rT%IYJA%d?ZVT` zLR=+tf@N-BB4(*MlJ@gzwxG&Tm;`)Jf75c|+CZLDlxt#_%23l=gUGlv^2wp-*{z&* z)7U75y0c5x`h%?OtWiA(c=O_2MC=`P57ybK4`(CZrrhp~ay#{^SxMw&Oqq=HanYrwrl0Azwaw_nwLEZP69#AiD=MTki+rRpH_|N%yE)ID=VwJ zQNaQfNS?@M<+a|;qW2!+xxw5fbydsSY*l>y-3t$Mczf*zGU+gmA-m=$ktGT?e|X|QIxs{_ev%gx>Mfg%hR~+y%wtNG#OXEETFl! znj6(Bf3nvd@o39nr=-KxM)ieMV&&|$t*LU?)p=WmP91|$w;t9RZ4aAk3}2>8A)JwS z+4!3#b3IgM^~;{_3bF(S8hu~K#Nq^@6)4KsnP^{jQUELFFr@_gI238R#5#>A~SD3F9FNV7+ z6qv|@5)`Y5mgtsE)s{BKet%MqVY*SEif4bH5QBVLm(%`44U}C$AfFbj2G^bojl6C~ zBc`kGX`8vV`;P0{+^H*xfjzz!LrWJ_I!9%E(PzjD>+9-bMFxxBi}3Qk6&Z~4Y2rID zamBb4b>wXa{SmpC9sc6wLehm1IewcFcv6{q+)@)4e@_k-yA?F&!@FcXHoYQkkFUun z=IgIt2XQz1AU3ET=+uk!#am?7<#=Jj1B~udAe>06IC`zAfTs%bx4Bb~@1%VCHO z3=&41OzTjvzE*83RF7|_9bo-(r_8p36M_O7Jrgo&ZiT|-6wWi&VKFnFw8L7T02pj zBo|piGa{5K_kuwYR=ICI-*xL-#hG{SP_rr*zYB&WkGx4Y9}`6RphX~=)9JufVnB#* zYzUH|wo3&q)qL)W{E$>*+W|Nu6#KoHdu8+d>eQ97SSamv^S&i6;aS-&%fV|v*#}26 zH-=15KQ@^2Z09<9$cqHg#<3aL)g5;J$v6G}|3WPPuD;JyrHK($J^?UaY)pEWT&>6%~( zh!mu-kHzIuVLDTNb5K;$b^2?ja`PY$jIOLTDBBO;^+A7d+`^~?heAb{i!WS=h&8E8 zZ`ER5f(q8VW}P5Fh77yIh|8TyHbl*!gnmRKeZ+aCcuKzAW}e$@LZ~y-MVZw0 zB(k#HB^0sGE#bN4l#`*2`cALaCi?h=miCx-uK|_Xl`o)wcwCCJoc_ipP)Z%Fe#VN)L5fRVGqLOvT50bOUG z`DQZ}&m0FXA7|wxMhwU_9F+Gt%=@CQ+#^LWm5un&Y}A^0)Nu(~#oxj9V$x3S82UQr z$kOsuM5UxNHH53_829=VIjM){-LoHU^nYE|@<=SOkAr|y1QLG-gT7D@?t^&Oo?gXX zU_Q;93o0Ny>Mj!H=|&swXiu>>fLE43dDSrp%1}B(ft?0_YGE=3F}`+(C-Pf;+;oa9 zWbwqT{)iBDu88}9r$jj_cV}#~y7-71ZFFxW>f}aeZHhzjb&RKVMzDx-j<0FGaB&wlHu=l%$KImZN8)*&U=QHrq zuIWw|Wxcs-Ay)78yKSiY-LeMP?1Ns99Wsg(s!Mx5rKSJu6Gh4!V)DhH|!^vS`gozdJj^J?GE z$^rx5gvYN3@{nR;G13S&+1X(KAQFQaTK`%`#K zB0Ff-@Ig4oR+BIbEy)yx`y0I)2@3BK#OgP(T@aP&S=X#qzS$)ElB*ul`$CWkM0@?2 zC2KsafauHy*$1!^!CLGwIaNiE0k6$2sWrrN5yQ*nl3>z3PfcZPExp> zczQsTPXbnofja5u*;%u(v#Ziz`&`LD!6ys#yt1uo6e?u>Hc%{^3sMMK#%8gCY;^<1 zWi-c=MGtvqQR=YdIAU+uha!u)1udGZTG+Pru#m)<_esr~PP_^-%{pGG4?orsrL^85 z*j>8~HF1K@dBIGxPI_c~8F`m=#k{8y_B0uwtsuZcBdFQLmNoTy?2D_%JLC7Ln7uvT zjLgh1BN@ykkMnif_WE$X%fc1#iuF<6*^8%oA1&Rdv{F=kp^L6xS*?@lZf#~u4DRt| zb%4Ag9>hAm4ci^~P?_PU>yHcT4WYm;V%yJ){A_~#W*oJ1K-Xg%TosNh`?_>THDL=3oW+|w!M@EKU?`|~&mab>K6OS}FC?P1~h z@|1jq>2vmI?M6^*?R~s4@&1Z|<7k!!+_7{kmnEjM&Z&K+?kq5@8i_82>+_wT*_(5? z_!c3amMx--Fl?O_Q6_x`>TxAA#D6gZ78x5`$!uJNe%j}$V^h|?3o&Sm>=_VNTy~Wm zYs+VVKQQIcweoXGP99nPegjKdmB=<^@BCVwE^B^@_EN0#`fXEHXeZM*Cs(^1XBe(S zM2fV~x9OnUgRzK>+A1&AJ@rLm)9{fmznQ#mPL`2=p`fJy30JvWBX|Qcxap6z+p+rs zphd^Oe@VXSM!W>JW;9`{;k<{j%flEgzQ=Q*hH;tJNdIkzmE+x0)?*vdw;z|duhf1K zVq^K9#F8T`_Cz+aLI0M{6ODcMjv! zEBg!8Nkd7=de*--P*3dY&xEni8D}d*eb;IKjMzc_9HfvM8qK{qI@9TbS;nh{-*T>* zyS(sk^w^KTuI=j9u96geLqji9i!BA>bpKLo0KaW})V_z1RNH3lO^_~^8Fau@9NPKJ z?;Ru`0YW7)x4HZQsHjJw`A16v zcdB43*<3E!xo64Adewb-dQp45beg2d_NI-YmerkJ4@V`XJFDjer=#h~Xf9gL$Yjky zW6K{o4gt+v+Rx8Nn~zm67+m{Oo6=%3bPQo5G+Rb3wJXw{v*cvuy}bN@l_QH+tjkP6 zgSq39@dB+jrRSG0-vos!0si;>{0|?g>uZ?}o#?Y#7cJwh+K>!FxD49r+3V-_agbHq zQXi4hhbMPH`1yP5>Uujc>K&rn9VqT>sGlQhcmN;y@Zm$UgUXVsChVa9lm{jP%8_X= z&K}hOU>K(=w7QEOzKfXJwVlCon2Tv@k(3qwP-Sc5`&fLI#Ky|fvh@)nh`LOmoPoXN zMK+-jn9)d)(tf|l$)2N9ibPT6G$`GF#S`%zwrlSKL#x$(MwSwg_;~~cy-TgqSh~U~ zEV1ew75&PYgmvSukf6v~(#G&l3~q6mjviX$xN2(Xo*pRRSM$F6sDFiGA{12BriR~; z3MhDsZ8vE+mBAioaUM@Hc+fRYwj30s=GzX+YXdPlnr5ZYJ_N6EA9it2Z`iP8sNZ9A zl;=2`d)sI@Vt}CaP8KLJ1_V1cRE+6&n43BfI=L!@Y$OZK+UHXg((-UCoJ22-p8@Ga zLULtB=HHg}e~vg$4FX~?a&akN%++M!suYttDB&-jet2T5BXz{KVn^B)mo)YW)q4{Z zTJH2_DcyoJAh?k*f0W?tE)KJ!w zyb*leE2u%SykR#~_f7WhG>zHalH8@)K~IH{q70*~%*@ctrc;7O?qc&j3{qX)-3bcy z{x4rX>>T|+ahvIZjt(1D;q2^e^Gxf|bc{=yoQbupI3Y5D=TVAIIE1D?d`vv9d{yn7b6uFYiY($Lu1y5|%LqT?iJF zdn{Kvy!*Ajt;s&el2$A~Bp$kO-F0Pz)?_Bvs$xh&Tk4qiJ%Ss}3SZCP;9i;Y?kaVN zB_1?-@`Ul)HA!A`QW6sDLK3Be61jLXA7~=O{j}bP{AU>pG=kYKc4Rt}48DH-`fgMR zboYaSaV^?CAmG0Fw-1&jh{x~Vt+tFn`6u#Fh`r$<6-I&T+jR8{uO%#cP@qPv;B-GI zdn}#}Vug8CRr270>J3|WZYg!xkf{yCyqeRLc8f@+ws~6J?ude;d+puwQ8;w!KIOoo+aiE`fek2-*(5@_j4EO3r#nHrHnUeY4}G zD0N&PCEuo7X`mc#6XmFk_7oA8x0k$m44Iu;LmRQaVU|d1jNayXmPMe z!85U3S9Hf&q62igNF7iCAOhKxsyQ_nLK(xfTQH~qdNr+ki-$%B6(Tp0c)&7I+-w;o z2gy;>G9Ph4N@ubj#=-#p>~+P~{8LuWT;e&8!59yaKG5~!I}U7a@}K8^>=I2W3fgf1|8Rn$L={_sC$ue&?fI*2vbHfph_{g{eN1I6Swl z=R@P&=fM@pFY%k?Po>ymoVnfXWahtTykTTwl2cR+Bp!4cc)okc#{apMj1WcYz-=N3 zngtrLW9*@JGWcpp{zQQ?T$lg(jR$IK^lA|l_KOoDskZP!q2{^*vGVj+@dqJXM=UN~ z>VDd(aYVWlaq7E)s3)N7>ZrzP@m<#7(Hb@JtO1^G@~P;F1STGyZmm|} zzZ>&c?%X(_`Egc2k~KkV{xQj-}EzoTvqUukS?G_`fkiq(@shlYlZ-+eOm ze?y}WG*Z=iL?IKFF?XCwRTYTTkmxvWw-0f*N?%JfEbJ(a}cYF_!%`)u( zsV`r?C^mq8%XKD}gT7lKH?H5p|Jd=;pK*?PE8a%dpcC;HE00EVHq!t*{a7qZWEF## z_=8iL3U#Dy3v{*H@Hc^hXUzB@($X&m;u0*;$?m+Dc>x{IT>#22ajW$V*`EjJ`FpAL zz_3M20|oW$^wp-j>RZk;_FC1hQPOwo<;^uqM1&N$4wy%E0SvS(^;hKtE+nxg2&dyF z5mN5Q@jp>3(4iOZS-c~AKq~L+fa8A^G({i5@hhjn7)IHP3O{6-2KI+q+%z_Z%>+cB zU%xW_oDNLd z5w0$B^ZzNZHEDQM#a12qU@##fA|gB?fnzPoHZsGZSKg^rKOiu;$fAAzBJL0`R5K0D z#cQ=#Gub3gIn%~X+zes9%)NWDOp`g41D!wXJai90$@qkmDdi>H-{2CSe|{Jm9k(KO zWqZoS&i)q6PJsG!obh%=(W5J5lKnQ5TOX_d`77|sxFFU&G?cw!QYRgi!`9aw<>ck< z{T4x(OPOC_?7l3@5_lCLPjnJUfMK*r-4TO|{SRsY`@u+EfdK?4OpA8OLsO0cx*oo3 z!GB#xKZQ>WcQSz!M30ZWskBsn`Qjxi;orzZ!gf-#M}zXSu-$(#u8G0Bd8z z5Xbq^TQH>t8?}5y)gnmJ2o>rGCw#wz9?VXG(MZxSa%K(xX4X%(c_rXy<1p(J83Mg* zwxI%n>4qH&9pi7?31k;9wmn*Pj=jC@a}4h|hathDPyxY#&aY^|g6 z4P{gMToUc&$$t6jffT(41Fj(_ev^y8uNos*@JDKoRGGEYs0>sUe3Vts8Rcy5MZE}D1)C~VAz2QsbcDj18&f{{_P-0RN*N`(sbLK{AzNtzu=r5C( z3_aS6)^%G?&O(M}$*l)lGHeUWG)aq%e}_>m0{f5gubWp0gxc+?DL|!Kjp1 zI*^w{`DZjoq1sNMi+Ku1Tj$c2*tWApI>oIT*A|bYeF2!Mi>k7*N!2p(vJcPhPMyR_ zgw>_LCwVh+aG9|sPyBZJP2N91x)sdC z*#^_}9W}_kDP1%2XjOe2%$JtCEJcQg%MZk>T#s|P*wh<;Z9q?RVe$3JC78e8GA^+c zzj@j`8Rk!ssdF)4rL#+vNna@Ct6X~F?SNOOcp!OJHLwUouS~5|kYB6$N-~*F*TLh*^2V=mW;V2(yOnVOk5;lE<~uw z%2}koRZ~@PvJO)1Ta2hIDk{Fpl7O=`?yTp?sBS!_r~mO6QA9M6KQKn}?r}u8Q72Xa zVp@*W59+f87&j0VWIS=XeYH(l>bS7NH>`cH`N5#|{}`f%0zc7+NTMp%q3!F?^92Kv zr%#C&$1p#t4i_R z8ohn%m-E}{8=r2B@jZo0x{A28CyJN`f~mwLOC1-xEx)TVMeYu-H&*gI6H=6C3on+_ z3Y^kCPEuDSuebkww^y&$VYmF`0*n@6=2o?r;3Z<0L~`$7nz6$X7}2z$XG}*3srYH! zyfX}2Qm&p`esU4k+zz+XDAhZ5DtjoF#h^`l5VI8}Tf>39z6JZ#ADJzmOb+TB9kUfb5SEps3=W*kz)T2b0h|K$amwZgIU1fHEG@|G{rcE*8mT!5!aYdiB1<~Ot%eXSf z(o>5gyesZdJWV=yvg!=1|C&O93qR!TZh6t0^B%%-_U?)WL+=j{0Z)zr(qc!Wh5rj_ zy-tD2hsdq0;@FVAUBeLmhv&I(v+12}T%f!4Fxa;;e(fJ(?tl~v#q!+d_3uHhZJRFA|hhPF3=Obcn=yj8yAoL0Q1%bph5altFx8D5c?0*xg27@P9 zu3*yLhBpwY!RY$ZB-}ui6O1;J%@alS&k@Nfyoy+#x;-CF#f5zH!+ne%bqE0n`pH4X zDk-n)`Y)dT4l7;0%aZ=qX8N?>kM&QxbpH&c5}gBje=J7U&-?d3I6NACVbgq&yZe@p zGo+2Q@>d5h7GN@Zfe-f2LBBKn4sOTd+^gz{=+{(>!|!X9!3Ul`v&Dbt#{sR*T?Jo%zSSOhXcT-DyplyqX5u>k z3&y8`e8O+uhW}c6&<3jml?0)sNA3Iol<;$b(OGU2VK`Ws0M@OB0t9Qrr6$Hl0|chV zeVnf-;_3b3Oa(iTW0ME5zi#|RiJv&?;zA>u!w%lQnr^Y5S3`y~Sv zI6YyKjs5k(;Zc8UcfOMjt@rwkadJoEPa5%p4VpjQwOFl%1QgJrmbKUxk4mM4nN;_vy| zL&pCS3_AdDo5L?f!A}GX8E<7}_@x!UBXR{dpKH!NcaV7Da2RI-6yuWUI`dzYbX>_R zIbjy>(1sD+0jgOOr*aRM5C5XtKfm#V88LXLaR(3s42c%@eqpjaio9M9ng{{femFixRPAKp&43?4sW zt3-*bN*vmgfBn`k3)p$@jfBQ8vT*^5L5Rame|>Ox)Zd7>0D$jYIy^#r96U}q8qa<0 zKOX!0pLt<`ok7gLuwR$!1BzkD7+ZgRaCp?;h@b$#uAGOr|Nl+_K6B({C9B$>md8kG ze!A7SldU}aU1)4$KK$aaVIa++SebtVRLpt4Iw$mB*rG6={&FBcD=)iKsVFEY{DYsP z?fRX+>$x~a&>d`=9fq3yWg`EE5n5jz< z3SeT%(h4L0)bT|M(>HlH`*=sipeVH5vtn9O>VL|Pc3i-wzWHTS|IHbol)Ng2wZS9# zmff6MMXVZNFGXNbJMJUVd}0`5CAUhdmD`gKvkrKNV0w8~0yvR;wCn%Hf@_C)`7Nwz zSo6^;e>KN^>Ys%VA{)TW@kHo96#pHt`xhEGu1A!z6*qJ( zCft8Ifoa}$v0`D^b`GD~j5dYe{d?gM_eWJA`^8k=aygn)-p9zV-^h7uak{VhRZyw^ z6|JQfRZ5QQ%~d6Kablx&;qe==|FF7w_Vu(SD zS|$BTJAga^=8d{b{alCm13|Efcl}1z+eRLZrkQxjq@ddjeELeavjr3yu!{dqUT{g; zSm?!n#Pr|4(aGXp%pPDKYt=)nb<*$@`d{rT@NHkJCHd!}SY`kPuK?^HV*LZka(>Nd zC8TorS}Xmyhc{_D#~UY|wTdyj%8La;%*_@?+gm%L!^e)>62Exy;&~S9;Lp${Sq;~< zdS&tc&2Rd6;3dSziN2G5C+Vn2vYH=@y>!md4pTDdpeY~|P4*iH{ z=MM80o`4)vx+!%4nH@;d)^7eTM?a4*j0R!}qpiFp0eQXR@WJ#{_CUUZ=&tMCgGvHO zM8jw(Sq~}+{o>-aPHcwoJ*9CQ-+*^N^EG{(gbA_!i^>07QbL}GhaMc%?o0+8^6CC;OPCvKswLt>y`rV-z_f_a;EIl2w97Fa1C6Vx*;!DREX%N&IuJ`DU2i_CzE=!)be|X* z-S4M4e_lcjGOi@RfQ!m~9syrL=by`zGT2%pzHcd$SP6srJ;U;$a32S_ztw7Va!h=U&hyiceiZ|y&3{Flb<&;uyd z)YQQ4naE&t^c_XnqEn8BI$;d;fXy ze_u-XM^bsH4gm6HP(Lp>=r3gj?r+=$MBdfP$3a~j_su8pO^CO}uaNH-cg_)+0>@^U z=urps;$N2@^B%|T2Bw^F`wWlhpR}wA!Q-GP)S)luQ~lyBrX&Qv2OtH}_Q?Z`d_d|eLc| zQx&3`xT;&i9olz4fPLe-5T3RiQuXnTzA@Y?e?#;wqqEN~^z{?n*E{REZH8|*HZ45M zgIlb-XYGCnrs5hYbFx}@R}xRY1?X4zV)KBs$wjyn9!;6@v&jA%<-CFj+$jqMF6Qg7 zJ8RwB8(OO3(Gx;P8&!xJEkT#P@2s^HtfErn!XqOWHqg60<5P_W@^SpPm~~;$Y^?(I znf4^E^mzMxX&ITgT)6ERXLs7})Ez!XUTLyH=4iTdv-U)%Sj`f4`+)x>5h~-7Cz#Z6-Wy;_VwtT-NY`XHw+e8 zrRr(N#zRI+x!t~BuikoQgauw|$i-%k5*Ji?xd0YbPRjnu01rIi-#={d-6;woRQWo3 z`BMF!-zYR*y?D`3(0*rR%51uPsVXYBdg~s|R(my~@cc&!Y!c^A0kOmW?vg)-2fN;_ zJiW3nN>5v{pNQ+%ECF;l1V-Fnr=+LHHSN86b!wo@DQnK5zZwd4UG~N%Q0%vh?fWRY zVf41Pv$&YJxw|F>x3E3?EadHXK6IXPRKD``zC^iOwa&Kq$lNM) zta$|7uNg)t0U1f&{Y*$3dcM~G%KPwevKVfYSH#mH!YESvNfLqRBmpLK@cx2`4Fxz9Uf$8q+n zO_!VOKz%T{WS8jEaw!b z^{R@OBjON6_jAl$NCt~UDlvC28L&gpi(&9Fx8~s=hQ4U<<{qtT&&r*(GQ@OzL3<=a z@NL~M)MwKJina9hITa$=BdCR4WTV;=QVps-gE$p(C9q*KV6jghlEZHBNwPOr$JS?Y zyN||ve$%&fsYxxXC4b3!a?)hH#=8r&7AHG9x>gWZ(2DP97;=o!C7^}bz-;y%*BtgNj2 z=H<^yl_Dt1X9D$F%K+9ZH_`Rt=Pni-SymRlu*pgiRWN;2P|!i*>3l|nJh@Y*U0;-o?LAQv;5U_97;Yt&`TBkhMylv{||LYMcHvZXbsoFnTlJh(*Au32epI+H~C&+wf+ta>X_ws~?_Hz?}LGyA2^t*-jw2 z2=QPzQ6@bQWp6-vnmL}9&3}2aL-!N%S^M!mu2;U>e=T-rh?771Ui@guWbSw7cHz zW1#s?2>z{QUrcMrFaa`g)ManS;I1#4Ew@6FIngz3$g|`m(x00D5o~*Ctd;+yb`Gpv zdRIzAsKX3VYL;|MZSyM8zgpWwxCW|t(&M^=!LZ-!KbsGeOC`#4C7oZVFx8^B!M4nn z$F~TL7?Ur`Li5sskH5UQhhev6H;1}(F`9*D8@bO-_)n)Nr8Q4+i3&*d-rVfbFnEK= ztyTi*e1dYFU(l7Q9QbIYz}Ry=A?HOfJwBGO9-NYzD%ifZzU@aNNRkQNn!co!R5_|T z1Ku4~s|rDoAy8*Y2Kg@Uw^#31j`bzEuV(CE0$5rU2*L2y3>Hk-HQyH)dlLC2BqT%t z+hRLh(y96~2|DWPl-X2CS%_#l4&IgaX1{XlUV>+2WMoqSOTyF0;p+8ph2h|bzUWUz z^(YO#JrKe+VV9tE1|EW1@87>4J_*RG0YCnH;@hRx)0dEgMGixx!276?q}|8Lr70(I z+E(moCtM=TKD{wbKr%?{v3_3Ac-c^F&u^mF8HCI5wZ#sB18-;xd?Q3EjQ z*1)hj8KROPQGT*J$#XkqfP8r5S$B|ty#HBhT_1GW=gRcHK3g5Oq@|KIPOVC}qCjfl zdneav=>$s!SGN(i4Jyi_kI_UfEJn*{xwq=+RIwSy+`S5OujIIb{tftO40L~hsLs^0^zzA>UVCr#et>t7RCwLwG?t>g^csrk+ z$$gl!uvII`U{2+55)`F14`jtx+0RLT_mr!0ZtmD}D}1L}HBxNrD>R{JR>gBu0#%8r zIst}b!^Dj06t~vjgkXjyb*pvq4Bt6uxmTL)ChI}d)F!m4!MhOtI?oWVw`SVmIfR5a z1K&7Z>B7=OSq9U#8=NwZCA#0DJHv@1Mx=Mq6Yp|QO(Yoc zX*_`$W4Zh7o2e&_$CQ|T1HJ$EQezNby@wQH=DX`ds`W~WMnEQq6qQ;h#aXxHQs9qT zDW=^1OjC||pCqWDC`6Ee7e8ScjQjS0|LrW}E12h^ZDDiz@Hi8P@AS&3ib-?6Ku;$HhCK2kf_|qe>H8vOM~t@YY>h z8XLo+4BVbod-OZ;`Stf}dSdB2l0lO9^Tkj9OOiJVR#`5$k__!q1VYT-Wy~RjUAs^dRXJ;;(z!SJ zJ!5syDp%p|-EYTz(H`_$OyOXPD@xxjU>(^lV{h*;4Lr~rFnt*}USU*!W)=zT{`PcB z49~OyeAIN9_i1nKsX?dG9Xpxl37jrVz4w8W%OBg12lIo18-?9WA|iS=Wh*BOzE-y- zpx1sVa7KWbpcEYom4(}k7`F|VuC8~tH$3(a;^jKU>uBBqL+-7_I|M>O&;b%Yo_x1f zD%X{lmr``#u$f0AwtFoBW-$w!Yi%MLU>AdQp-PBQC0*%_n8EXRT1{0YB@HcW{kM#O z3sVRBkpmY>@&%wbGDYp(ZHvAAaBnqAAwlZ-_-Fqqe_GE_vm{q-xAnP+`mvkCgKa>- zofE0I4@P_bAA4^e4`ufT4nK(!6=jVqrJ|H2BKv65lPskuYb8t8tRsVI+Ow;WeWDN{ z`#Q8($~I&ljIwVtlWhjWc+WlPsfXwL`@Mg>|Gj_o`Izo=pL3n-T>EvM>;AqCXnaSp zZ@b66B4vpJ+sY(MhxbC}@DvH$&4o&a6O<&OS}Krq&=xz|{u|DD`Jn356@T3@S#o+@=;GO^uQ~jmzwy z3(C#*1J$ANHA!PNTl5=<+vnr`XorzS-x=~A z#v3&(et!23odTL_X#OFO*)yyvwU%+(a~MC<>bC*hL{iZ(8~31KD7A-JyNluSZQV{o zCP%&JU1i|FkRQkwVsL=+=2CRc#9#t^%m%BM6YE6Vd^mreZb<*E(Eh%=XAc#Xh%PBH zcKv%YCr9?FpP#L3Uh^evo6T%(tv21V+74ch$?wD<*NK7<8}$hL8YgHMhIj zo|TpLO+mq_qem5Gk7s}j3yJZjsUs$AI;7M+)WNzas4-*0P+j+5)BEp(O-9KbXSW9F z*%&K&%O>Flu)~esk9GQj zSK+ml2>)nthRYwq)r&>1EA2s`Rj>N9ZeSb-9)bg9S3HvLFVun9pkuml+d4rrW?3k{ zvj_w4DzQPm$iAxqLSO1|v4Z3}Dh#T5++{`lRX*@5M90kd2ByhKAbtW>nrN>ssM`C_ zT(lRcZXt5$^R1U<)J27{;7mTdpKy;=0qcBN0<1=h+vrJWs_#Ysf}Z(r>!eoMn;DMm z$`POT-_JkrWJAn-T=Yk1PwpV@mjC&1!*Usl8Hm16FNWu>4N9Pdd8|j!DqjkBsX`d# z2kUg6XA)Qr|3ZoGpli3df0^!36mZ$ALR*9fRxLM_RRxfeBUnA@2>A}p&{Od3(ApEd z3u7fUZa)q^xa$oi)MR+3=}ksI$b%V5o!(qto&29={sObbLW>GpLorkL(OuB{?6Tkm zb(xl}>-9pqvw>{wc*lhZMU>ms0l93?h6&N3_5!{-QPTtmg$Vzl6#8HHKnqWmFG7Dk z0;y1S=-x<<9`*yk777hcn=SIKC3W-bQ4m&x!>I0h3 zx`UZ63d6(_%QxLWnSH-F(@v!DY?ejMGrLrZs!7?9vCHES<;gB^DLKZ-lyYa&Rhb^r z!3^w;xVJNdDC%3PW2m zF%pg$d2)!t?!xMrnQ^v>%?Hl?`vox!n09*5a~~L_00z~(VyOh6ZeXb3WY6KzGw56c z)BnGT|F2F0mU)jXV$Rso8n?@;NawW4)PrQ(2;LcUp3|Ra z-&|0;ep*%=vp4?Lo9Vyk#}~i?&N%01A|MJB-%dbjx|v#`|4`pDRq5KGPHZMv;V2qy z^_>X_3R{BJ(n$rKr0dm@*3mQb){!nJ4?LjkfvB|?%;z_j>IRW7@0|^xDN@@9=4DF$ zMWGuQE{p4aL1V@qlFm>9jS>(&8}A^FoyQ!C99%M%t@Ad=+k1pSFl+*(&*sp-1)40` z4iKqD8+LdLoh^Qw%;Jb{FdCDjqL}9;rx-`GJEc?ge#ofp_<_i<63NK$63Nj>+@tQ; zO%N2{-!R;BPrV0Co?-%+iNGbN2F(s}+Uk@am|3>UTdOts2rK4$9Z<~oDg2&oZMqO^ zUHa4DD7=UY4TfC@eDZLnnGbsDMI2y<1)CeE{x#8GsFWSN4h{H;ax;ygrZ~w+jj3l8 zjhgBn|72S+Lm|EcV4foo{xe4h&jZ}yApGlN>cW13vhs)SMbr;QLX1%vr$Eq>MR^2X zy-Il=hkWwrV0he&@z8T5k3f{#vEkw)JWCF;l6OdG>>c`coB{rZ90vZT;}7C~i`Kg2 zHTdJ&6YSW4ce(AIqc*v@5#em5J++(aNQ>FHS_{xRBYB6|tWvg9WwW5*^x}NpT%%`) zM#A-PDe7@EbP)Rw2wP+8zUn~;&@E)RN3Kqb3E}u1snD=$Q{f&o#`|;JnYO%)0ok&g z=PCqiHOh0_hFH9<;cTF_$s$!@W@rxtF0V1HLA4-66gnDo7C?5WiCO{>N`Io}MJ`NL z9fAG0&1oLh^8~Pgb7Uv1sxm2N{Gc^21b#E>i@6o6^T^8$7CI}?oU#KY{Xw$aS zk?RhSn`_X%@FyjK6-C6P`q7K$9ixk;78_k|>eVL*4*QV%@{K)PsUse9ABnb(FI}Dd zeP)JSh;8>F{N481pkCaf4(+r>LfATk%n~I8QQ7Y_dX16k5nm2vH=Z|%=w((f0?o;p z47Z~dTSt4|85EnHK0m*;s0Ne1r?Q0XcR|hPYW*UDj(|^Vle=;uTL=VX)des0IV z&*_ZrwPbY!rCz9f#7*eyo$@0!$Rm-G3%c6axZ)abbod#QnM~_wHxq5bohSeINd2ID zpImQM$}13rJUq06%~g#GlZ30z!5cH@^zP?%W{tuV?o1#yd)IG-p!+!q7*+fMH2wc% zR0V6~Bq_msO4LPg0!GPZn|78c?r1_BsaZNHYc`vzKq0Bq$>|Ev?iO^;%>}2Hiup9C z@h@6p=T%4D*hJXajg3u=BwAzfHL;6`qBxcCAhZh4ek^$R+HD}uzMqMO@P(=dh%|6t z^pAx={QYorTNzGn$34F73OeYJIp0xsd+h5A4t%Ue!IL?&lB}HPjw`DEznyOzt{6@e z*3O`Qc|X{^1SWbvR1~G+rZ}1sbh_`|*rS%RaEPsiPc%4i{U0~^Y7;@_v3%uQr5^cr zJ1AxO-eSca3BM?%S5D?JV(9l5f(9zM^moe=v1a^F> z2nfAz;?@h$=A~ZVMSDx_QCq{H>|cx^T8bVC(1Vw%c?Q~5r($W8JT^CZ#OK$3=F_Qa zaRz0DB{{Zj=^oRWRlNc7UF`WjV@6IhEe2INZ}nt;%*#7sj>$RVqvuEuS-H!L@iXb! zCuWUtl&t{o)qevSuH7QV4IP2lBLER^3J&7UKhNX~^Hv3G9m+e$1rJw;x$~y?7Vney z5G;e93|cIy8cNL1l+4!+yb0i!ubk+slG#8VQeB$!AR+M2J213a4xMrVc-M}yi7`p? zqR!H^juY^-%ef4ULo~BvfzE?n1tPpA>+q)2(6UUB1;nmLmxO=9Va3|d0a&(+JxORb z;CPeUjW5w1)Q-pC9Qh2*r;j1|x9LgnJI584{QQ2O&5~gzF){I_@*U^b4c-;LToK&_ zemT1*M~w2yC275qmXSq^9#R4asNHSt@rEJH9x6vbzqS^HZR)XrA)8%Pd`T9FI}Tw)LKy9FTVE zEiWLLEgi#8C(2s{K6P|-3|gW-)w$_jWac^YW@1DKsfb@B!mR>BAp-#R1|UN`*SV5z zWEO%SE}@gV*8&mDG`S6j*q$Cl)}RS{>JV!SvE!K&01VR}IW16Q?kj2^ek^BEV4nQzpNP*;cMnkQVr>pvqyPOi`MXT)^RGYiUSM;c(ws-%O z?!3kQD2JkhvEJm4D>>E|a^SAzAMbBApBZh5==)JN)lI65z~c)hD*0uuQ^OsL4z?P5 z-ZDlIa_3x!1i<<)9)jf$S6^d?_(b;<&=WhHj;%Gp-B4ce9II}{*x9jRulXqj=|pNr zlPD9R&<9vBYKHnW%Tp#N(=+;Kx?Y`p+?$x;wI9F8TE-5ND3_vDy%ip1pBi9BFGrO1xOdt+{cLzuo2?3vk$ef@;*EZN0bOz#fFJ1>W7jBScHXQHx9^kB zKUN_$W)5UG&P`j1cq-N_J#uyRDvI-duVd2p(%Nvc)Y^2iG}+dMe|+NJf)^H#nP@0- zn;4WYQz-QYi_TeuSNQLeIclHOO&lqhEh;Lq26PP46|)uaGNl7rk(Yu?kDUNgJ%pV- zC+IbxfWZ3{20yV*Qh|q|kK5ooj zdKGQeDrKQ1Tkq*DTUWSe)bPOILhNQb;?w}*d>rt5={ji#&`H{9{x8-*?8NYJJ1+Y# zt0L`F*jH8Yl%IW#F8yzZRpw4aE9A=5yT(;_6~=y=p3n4)zrOG-Iqv;lz9iEfjSUx_ zd^SO*={YViv(12i6g0Cl_%U>7Kmp>eKWqoo9#&98fb2j4d7qprG=edU*Kql5- z)TDF3?^5ayFjG!kJ9Uqo5-bCm`5e-PN69QC#k zIRWL2c*xW66T-?hU7)Garv(3i4tjz8ivg@5HY1t>F=Gd0sHVp?LWb&x@8HMB0A;$} z1ugnZS_CJ-me4>Ss*r__vjbxOntd#TE@Iy>zeZygr$>0ze7yYm|1pak0|HhEm5RA9X}y&M^qplkCSq3~{_W zUs5|pIbuskRiHrB792l6KNDf#!rlZ3FcbrDx>@fg(;cIKAcdZwm@YQNmS(9_-!>(g zceQ6qdrn*5gy7J9!!Qz_a`6kkqXU}Me^(P|tJpp6o?~$9hZaQQ$AAr=k$Eplf{v%( zW(9lz08L5~8Scn;`Y6m0%sN-U9h+-JcfCpXvP1bMpV za$Q{=uo;54bTAS2i#?E_?|2yCIG$td-|AUdx07L!bc+N8iR|)9Bl=JQ*igGo8CRqw^$$mzX3<#U2-NQX!ZhBgM?#em_iK8P>>K1`&v zIjRB=d73E->oTKg#keM9(rp#O4eTS*3GxXsTRPqTVP^eC8Fyi!te`c|c-*Zb2J#_E z&rmJWV6og8T!-m6w)g7uzBF6OL+5+t+F=l{&mQd>1CoI8QRoe~#h(M7Q=( z&OmI3pXBmK{fTQZ-G_R2Tl8K=?O39}V^{G(ccPkp&P08*vYZbQ=XaxPI4pkV)pdr4 z-0aCbhL;d@yb>Y2W&}^H@rxiX(r4h0?GWfOqqttEeDSGzEaS?~@WT;TUyzUeijwK_ z0&=^)I~VAae{b$CEP#1BR)GVqTym^c4U_s^M!Tw_j5fKS$;t$L7D z`yJWz*_!Wu2;m?&Va+?uK@Ux)D8l5NUSB8=Ht6rZGd%CKw*3N{Qv=vQyA9HIu9*Vt zVt`?DP>ipTy_bZX1HVsusq>F%kBaI$(oW;ahYVy?Ag%_l!Q6nDNlgf}Tq_iTz+`5Q zwjovT-c$Btq}wSASE*>f{*l;_xpPZ|Um;B0T>zcc$ zr$p8;fMd}j_Vy0`Z(Nd2DN6W!^nZF^mGldVs7VkY2{%yjf3y~{f1y~o+g*k|O5T&K z$5mbTZWmJGdK{Fm0p|2~u=kZttCM#7^zxfBX*BF`$_;zGg+qEvcSWTnKq@BiO{^@_l;zm=f6+*ix|{^k~d;m`H30@y4Ao;tB&r7|BGHw zM%5ezh3r$*d7z0C2QFcxZ8H>q#i& z2fe^~77&~8*}C60_0QDTz^cV=t2C6X3SgLNY4-mYu=I7sM8LycT%UDUA2NX*@GxJL z`L+As|KL3<%%78ixv73WLTb}5PY1>YQ7!sO;y)1lbE>d8$XUymJ9B2`|9-Ov){YOp z50kStQ$^YwHj_H?SYG)TN9+Di8PN!i&sQSu<7xnG6YvR*z-OG+!H!rwuydXifSW4I z@c0JJFre0)U0)o$j(%QyQ}B=r&aau>BSsTGDQC%?)ZxiI5ZHTTRce_U`-roL+Ag(%NZ!<*SlZpuNAiZ0|hBp(a46< zJJiy%Ku1~4Exg@hmoZo!#lMUu-8z7CoAmU;b@{880XY1!FKO4QI8E;I7hBBFc=>Po zg)J#rfTe~K1AUDDnpiFL4hsjbn6-}H zmq&zK8VFnm@fW}8DgZF6--d>)D-2N#L#()_OGF=6#O~wHM_s&1-eVa2Y`-k839AF7 zYnwNHK>Oe40Ey~@jHVLSJbB^q4D+jWz-bDY(nIgadTYVZI@jK#RaC64ikViSOFj&! z!=k0edOcD~mO_C`AlDHOxms>7KSxDEiK&I1fBiz_Z-2m~nVh%b9ug|v-OF2@?tiH@ z_T!q@#MBX?@RyUVv;UGZB%s0UaQM?m-by)=u$)_D3rS`Ol0PG@t(i5Y#Px z@4fHP8*p8peuyxLiM!I2|6T{5;M`gJ!MO+S7E!zDAi2t0=k^L)OK!>5{zbCC{gHeb z3es;5jIMn^7?H8~^zsVg>pepYS;y7ou5JOMCuR4hReZ0W6Erz2cgt2$YaQ-SWE-O$ zgDWF0L7qBaiuLyO80keC@QcBLbcD5jSfNQi5Rz=WJ)srz2ji?f>}BQL3kZa#OxtsH z;jO0uzi}SHu1g@-o-jOQ!Rh4(h6wE~ty(?9(~vygqMyAUMC@l79&W|yAwIc}`K~}9 z1){j*kPOt0RRsQqFJavZ$SK8c>kP-n@zwC0Prae8w<<#ZGo=EZB`~2u+llK4t|RPv zE0XHaML_Ez7Bbc=$o>NZhfbrffV0P3)W7SrveyL&=qC(sn8E1NhtY|v zSltLT))ChAKxgK>fW8F5{^WG?iYWp6z8mP%{j2(P^)Ts+q4u)8I0~I|X7DeSG7T&Q zqjgD$T`V5<7NVgYes6EBto}g<>@b01dZ!V><y@&jma$=O%eBY&wA331HwF!}tEc?OZf#M{tYEwa#&~PsGO;GJgYgeJtEJW( zpL`zWycLWOEe!Kt(dJ@8VEkP3r?cz9lY9aNy zQ!B(SRszJ!&qTxZ#OqyH986&|;a2b`cfZwiuoT!3wV|$Leaeews#XE#F=Tv>Z55%A z3CX?jKZrwj3!OMvVNJ_;fn5gbEj8=i0eTqycU(c@v5@)FxdsV4$#5?7-7Dkw1Evvw zb*^&RpZpUEunLw-7s2?9b_>hzE90L6ZL)t;o4|VT-n$)oZ{Tz_iQ!Z27 z>kVgg-kDquBt)#&dIT zAJ~~v_JFfu%N!P5$=IYow!+MQIra5;=gdX4A&|G!v*~-iS8Un=5G<0+_vKyJ_qn`Z z7hJk}k4Xtj{JJ6oKLZDyZ6h{yJ?yaao=4-L`LA(NT$a~Ia|6=J)wOV0k2bHBGp0xb z@Ppc&zez72kM04$%SR7BxW1mq)s10jflP%|7fdAA^7!B=P%R`cs*+BCA z&XFyWD+4YI19fq4Z{)giaX?&`0BzT+EjDCjd<7Ko#Ol|qyWJ;-ko@OXTmjt{fNq#t zFt^Gzzf-c59cqXy@U<`iA!mnGMi54s6w00pM$6lO3XYY0{8-+xhbIa?j@@bj?BPtW zk2%h~VbZH8U;)Wv$>VP~txGX-D5_x34lGH9@8p(t*6YEa$hP`*smTq1=$=$B2YoK8<7*z33xZoRy7C;qm1ygXct2g25+Psi88kQghvgS9?|5)DU96CBE0LvZ!EiechXw+`1xAfxtvP!y? z3uI18jji)~WVZG4_ry*iznoM|v|1=%j;P*sghIw)^A!W@KSTHcTQ(=qJMWQQ?YtCK zOE0P|ekSLJAAWL>qw><|rRDfP2)17Udkx^m=d4Fuydbn^8X3CBPBI|dbVZ`|0%7gf zmvVVM@p9-A7+>^hOQ)t)n&=AuzXwe5$f3^ImS(_xFj7LzthyBQ0VWu>Bx8e>Ep9&z?6V>;NF9wobM8)ica{5k371?NV%Z-M6eO8e?HCad&Jfz;(Y>C421)nAO$2kpC>eOJT0Z5hD`mP; zp4ibW|H`hxhq!eKhzyFiIKifDG``SjU{ay6`HE0f9>EVG)U%^X$89T%9zh+!z@Eoe zv{iXUMERqE>Smm9TQ3{|o7>XQmy;9%LdF%DgZDZn3P}scL2jf`KEkenR#xWTb5#ka zCyXSDJ{%Y4seh7cP#aMBXnuBxloli+iZkO*Vz-1N3uqnTX@93N61J$f6XRB7 zzHT5mC+By*((4I*sT&M$Sa3~^Q=*+p*vO&H_<{rOLdt?YMwA>hChqQg?{b>L@XKY^ zKOO`MfWQ65&i_y~ObvBn69Ig8;c+~rHlnl@fjzZbsYCEq6*VfoP>P6ueHs)o$s`-zb=8H41SnTr?D`sg zyn9z%!GK1DV}@Zg(ISqA17|3MbR>-j77KNA^T*;was=a{q6j=s+vLY5Wpmx^sb+rPXHB5Ucxu@bHQoZe{O}!~qqiqbci2 z+~h;3i<=2^-&>r4&5O0F@K{wzIY2Bn#N$@I>Q&PKI&5@2u!lo0s48`eCupBpj)A0H z2C^(I^cX#@_ivm-!S|sGxxJFzi^JsOxBG7(aU|EJ=0#*XX)7I8Hh7mwC&~XEIKR&FVoHS& z7@&r9dPw+eJZrjQCOZR5Wa#{W`g*e7<}^AQp4(YRn@rVhHx*wxw_=O?zXSYyb8%)} zFE)bZMV|>Fqr}7KwPak^Co)j8oN+Pv+p=hO7 zUNd_7y-*(Caq5cmwM(Wpcx zBs3Xv;0#=3Rudb)O9S*5hK=<1zYKr2R((i_avu+xwwh<|dW;%bwh(nipydzd+*+6J z4N)!-qnR2md3lZ@UwDzdUm;YV;g^lS7Es}vLF0?svmOD82;U~AlUmxu*GF5GJHR*)>&a17fh z_~t9eU3$@21QgQ-`6?|XGUXxBy}-aIv<^~BEkIyr5a%P;jl-PgJo{>1M2Ar8HL&x2 zoYD)vM`A5O(8_ z&bK`UYFvg_sbPZq6f3txh^w4{dRBA6VM_SI_fo@RF3(dL~AM(RLLE_b|wJ$v$5P)yNDu*>+elMj;0 zHc&~T%p182>&~^Op}UD6o{p6BDX}ov6RDIMaEzzc7nD349~~QI!RKw-a>*CQ(n$iD zAK-u%Ar_cDlv>IrTCQtz3Nln_yOrBh)OKM>N|9Bag_xs=(E^VqaS7K4UJk~w zDK}72B;3o07?J+ef-i|6vkG$Yz>~f`v2|UK{Ts_Wq^H5c_g7ZF_z`{yvz_6lD`g!D ztnDqP^)1qJ&~8A~nqCS18|5tv*Dn{on-OumMsUH}iID{%BSkCc5;ubH0{_ngs6#ux z5FyrFL?l0Z76~b#6bSLh-pKA)gCUfRRXt2tR~B`$O1r{}HWM;TI6_mjb+CKF*5wh= z*XO6NwatoYbab?uPoy}tdt$=E79An7O4)q7D)~p@#r-G*|DE z|F`f$KVqui*4)&CU9@p@#4@|Nx;DRm@s{Tz{eV@1>?LnLm+Wi>#9NtCAwyrm01Z0J zI65CZ>u7IZx1h2}DKzUKQI=d@TkIB6`^MFv1}(7_SiSl5+N^)fY6!`P&Y+PWVz;#- z5Qx6v#)Js;Vtb}}2o1013O-;}&G`4s%nX-|&c-7;sBJnVUm?ei%UK`O3a{zEGgVBz zxj2%n$n`)Q6XsJm;5$WYm=Q-QxOBuF=XZy97+S8@rqI5Z0DZL0ug4>z`i02lwCAvb(P`ukt}=f_e4pOlgGp)(5t!-@sws0J{S$c6emVq+fc9scz!r9QIa1hWM3ZzDJ z!r|WjD+z;tB%W?I!(tFpX9EKFF}Bp5sI)UGwu8$kj}Tx&4ZP`fF*%lD=Fxm*^3vZQ zOtWu8`D4^>Mo&ahLQ=lcMdr9|_#`bsexAcGxp|I6ay2F8RFpsEkU=5L=a<^z9uS8F z#p6yIeD>KVz#kVFqyui(^!0hu)zF`J{~#Rw;?>(>uqA3+_691^Tcfv86kb`G1h4#< zAR7Pn&9NzMy(T~8JTw|cV>swR8nwedAdXni4ft7APQH=3L4M&Ree2unsZGQ=%1dh0 zKS|m*Agmf*Z>aOfQuHz3mb|r178>9 z#-`c2lCp&JRM1^V{9 zADJtFFUn-vlCEz+Y)jvwcL0V~W-KbgC8Q>(SZWLK7^EAsi-*-e0nL!2x$=^_2^}9W zR}#2$cr^8k=`{SGp;*pS-@AfU1bC2G5uGaUAZ3m!9pGB9#=nE)X1`>xdwzbL>JIZW z`Q_sJbwM=-^?qNUi&~XNMn=ZJdbP*pg_rbacXb49X6gWhr2j5H>lbcV(gycek}`^g zx^}90{ro!ow8+}VAz=PdsYc4kxZlB7BN z>cKkFsj2pmwDRh-qQpBMnq3p$^>(-g5N}96 zd4C4Hp?d`t*d!WHtBvqz8DQ=64V}6{9`A@S?~jU#!h#ycc2f~>hl0CB5Q1qds2f%_ zRwu2shx_+8sNL)-hC3?H4rfnb5b|dXC=u4XTEYyXOzBnGy{xa_V=`Y!n7VZIUh!@m z2i^Iu=j7zv3=Gjx>hyDZP=dzHy0y^rWLtqcSCy62S-T1+Oc)`F0QYY!MXB>zO1;Gt zW$w+}W1ckHbFehrKL8;B{gNR`d-u~VeP=4%3?%)yG%YRM^YZiZEI}~W3h@d$AL-P$ z{|CH1+7Ivsg851vpmW8pe0=Vn*p5s|Lyg?R=iXPcOaVWD!1}is0wGDK{9ecNzIofQ z%6o;`HvkJn#1KHR_(Z^&22-)W33T>;1-yWV&ze`9ieJ(JOrp&&gs-7>7soz9_$;`} z=H?WItB9(z0pa=&MWV-f_NTeawQmr`E9ZvVM0ckK$n2{3ngDxiMz&O8&R8p7C(rdE|ee{3Vx8~`Au zfpRsYe!HXBH*av*7c{Skc6;C@XD37~U?P0xnx+>da~cAZ#QFkZttQzj7TjGIOSIG} z?jS8qgw2MNRC>R7j6wB#ToS=5Cumltcdi>}TizOEp1Y86=Cq!ko~*1a=S>5EnNK`V ze*n5cvjF$|@|8<^t09D6Qu##!Y^i%3d}hv9vO7;AwyQ|=Oum*_)ek;;LVT;bFu}&` zIKsJWHf6swxKwk#JvK1d(avsM>4Xn+9j5;RsHmPUp_h(T0OO43rRp zmKDhod9x{RwpU*8eN?w1@XKJK%s1h=Wpl^GdwW?et4i)n&AaCUJ<`;6TlF6K$MBtS z==gm103YX3irgC2&se|niy(g-(Xt1FfO|~^YV^IT%I~Oih=Hiym+@OV*-!E%SDQ(p z7`LS9Zu3h2r-Orowdqhqxz?amNF7n?jE7=is2f1Q`t46Op_9t*kfT&l;Qo=QcJz}Y zSmG0`*9`tRNCp_5$-O{l;X^w>)mc?ebA^&A{O{U0H5JgJN)TL*ivYD~fq<_aKPZ8QodR1?!kRw;l z(De~6u+taCFhy0Ly2*}Aa@Ip86;;y)Q(~w*X!^kXpV2zhGnShm>4eA9bmZ08mD~jm zrJDEg^N*T0mfWHnTDNCC8od&Ab_w-W1^OQ8By*;*Z3D!2Z6COPplUTbJ3BWP1|9Q_ z-twowlx|WXd{zJpt3JEjLbq-I%kcC)6ub?`CZNbUGCW&0KVEiP!@#i->LO;CP&ksL z(FAv+lutY-gjBi^t-j4lPZ*Rf;R^_l`Fm}9t{TV&nfX-Vt{?^;PJHa4KHgB}R2ry} zD_1q#I(Xc9{L=I^xwJo1wym=A(Q&Won>|=VqsSYz$zi2sNmqr`oD`pZhQLYjj*L2StBII55PXWZopVjO0EKUPrD^C;1j za}J*Y6upb!QmJIp{B>XPdSXM2}O_>8rys@im_d#o&s;Z%> z9XUe@gV2RKcCkc&^_N8}w%KnosJQ@!tBdV!ECsho3&uVs^@4u2Vpkh{8lPRANG)56 z$WFQ4QT=d&zij%^>_?1FIgcYoZ7Lh&`j>|L^2_svC~+3SgJqT#_h#9UKRZBNqk7?d zgK6K=6|FcJiV@tY!PW3ogo+PY+#^eySDpe+!vSj@CEQd;i-fhLE=rbewlP7efB%c? z6u%C!fN%(rNIa`frI37-9hMpgcWlEoc@H9|dVCJj2&jMwY)^rtOn*2l&Ppqa-4R2Z zydn!XbajJQh1nx|$9lZQ0%MLZKD(zAaa;~hmKo`I8==&cPi*JOU-T&Ll zoE<~XJ17^;71kcF=gG;qqA2P!wXv=0hj~&jN=Qwh4rE3MTs22Y3nQYA0o~NV={oa{ z_=t(lGB0pd$Q?3Q1(I+|y(ya9RrM;5`<|N>iA;4Bsv}OG^!DmEz;iYw`3D90EQFn< zB(Y5&bOm22s{(U{_cnxZL`b-7!8OH@)LaNDwE`sUcsoDq;Q6Pik|sNa7H8#ekWk@x z0ki47;L;K*i}Sc!?^)x#8`{R%HV%icX6?&P0N)!t25RB2O5CR_3T2>t?|izmHgA0m zT!Cr8x3q8_v@TmLt#fMo{Du`LX(}gLip2IspaN~|0~KTrR4jDp^|AsYAR1C`_AqV& z1(?Y+(WQx)M#SKGuW3hzr_Ym=j$(CUWF=@-q!JaE-H4(g74Jws{@$RaKBa`*Lg{Qx zW&W2*0^b9+ZS$_mj^ocMTT09DwUsOrrj6_Mcz&HAF1oSq$Z2aiT^pmIpf4FG1n4Zw z!+DH2J5`2sS{Qk**+7HD>Unf*4BS&v!Oh)`t&|sBj062(UZWQ${RYchQU}Ywz0srw z20Gf6VP zl3`%_mfgD`V7FGi-eT`W`fSwO+KJq~8JQJ@K%>2ZqzrMdKoSQLy^qy!USU5FcxNr+ zrIgT#5Vf*{WC3OFREcPwvZ)&R^6;`5m={U(BMmkT3chm<4%h77we(dIzk^M+XvV@; zHX6M+`;|OAG7=CrSXnE{KTVGPx;qM4LlGLG4xpOvNT^eV7Ur>4FP_>@@F0;!gUJY} z;(P19;Eu*pWhO$lj5@-|$Y?N-oRfelEyW8E!nQ$X=OyTl@1bhzoxceqx@Cl#COmPn(81` zKsJ75oAFLk(L~Cu5Rw|uKHpV3#Vx|0vos>=5D?@wY?Y9ZEv`DL=BOzCQ*d}74*A(4 zq?A@uRqEO5G}B>)9NVbI0Z2KZXTDEz8sh_WMo6G1pgqyv?;+2ny{ij6>MqyFlwG?$ zMG^A(TfUHyFd}=mhxUD&w9k05$N1MFnIwjHJvl1o!;mg~_W|(JQbHdSp>+#=%YIsN=}M-W$)D_uE@%? z+PCw?&CPd98ev=|7s`-BsWKXQj`*Un{aD(M$31*s6}v-Y7lEu*o1X<&0Y}EbHTg2+ zY?`!1Z~H8!Z1!CA@fII_C1}GBTf-88^H+u$k^&(e@5I4^o7kKC|46!ZRc>#v#0}SEXDza^6WNGI|NLP z`TWwj7*M+|WL#ivxiDmga9QZw7}YzK--Q6X-b7e5tEMr0u!lQ5$ygjK;xp_>Ja_j) z4X}*U*dX+$n>kwUyC4UE!3iSKhkj&sWiE zBr6;HlKR+aqhpOtpkT*XaXW3JW0_pGIF0D0L-t0Z(JG5S<$XrBIgOlV?PUYaZOf;M zkwsM1aI}g*eotdZcbi6JXAg~H<|~>{3=Bfjs3JMlu9~3Ibj!_qWG`g zo@rdmM7_Lego2=Iw;R5znHRDQuatVUYPuJd5v(MF@{RKkG*!Y$K8HEZW?U^4mbfA% z0tx!+z_AB^QV*yMAlv)s1=Z&9(PL- z`KC?bOeW!x`?8Bm^C?N;Z{j4a;}mZhFLZ!!6vWn+f_cU~ZlLujg%i@ET z$85RF?=i9N?QX<>`?eFhLu-5ZTbr($e9uhpQdJ2^4?mhu8KP4l>;ecPoW9;728o?N z{7u--FPjM6-QAfkL-hrSZat??lc3PU)@B$lQ?otaBz}s3>#phEkNW~Q%T**q!J~7h z7EYGU7I{>>(LAbwPD*IVj%zcG351s&{gysCt>8L+(~CBUxbb;#sQ!?1bpZZnb?8Lv zm?Q}yM=)H%!CNaZY-*t+wt%*dO{S83?2X;N_RfA@a+$hA^3Wk9WxoEdrWDpZ_*qAp z-)y#W(P?`2ZFZ$gDY#}coz9=(%WvlLw^y%UepQi%newPA6CtfmYokP0ROw>E`GUB? za6EsT+@UFB9UaF(>Ie^aRxvrv3nY$=zE86iqO+tdZOiTn*<`vyQ#=;#F`Pk zN^naOZrMhu@iz5xH@1Y&(N0#?vrJ9xYAPhXCMTV@^J@(oY={3GzN%5k6TfJTJ6koH zAK)O6NpsniU9%}@q{r`#uPIorqo0>Q_vkCfF z$vFlf7jWK<&ENR6w9@F81JTv1p-nukh%3|X>-b9r7t5Z;iEZ1qfotnmFA53`wDT(F6szx{(F9}W5 zw`KUwO(g-lzA-^V!^On~TGIX948O$=KKM~`l7L|` z(H9aJwA59{R!;7Ie8aVqQ5hmvT?>YT)^V!0To=Z3HE-Zc?nvL6?B_jZbIGhBHoff2 zkcc%_qmG_4|IhY(!ok2oO(%n%0`1_N241At0H>u#RzMNc(_80-5o**?3z@!AKdY)| z`!#QX7(fIX0~!%zN0~I3TAY@LoTmRQPe)yZE)@c=PC?ZV=5I6lx2=pK1z>j?w;7D1>CF%dBH8%~xz$mCln&YYwS z@DG8@CwlCm%|)?QPBf_yZ)J>xUY`VZQxr^5&Zq0;V8I0LO{VLQuG-8A;O4@NPKT1J1PF80cY+{*efNX#Q`kHAHH$FLGtT!k zl>#YqrR)~Mi+~tQ$b8$8?mh;!r@AcM(9$AkB0z9jJjPRg+AlH2&2Hf~$w~)&mgvxx zeTk44eF*r323OVT^!kSk17&hUfgIv7J*uG3~U30%5-hfBBD_K|vr_=etOyRK=*_ zcza5xCai64<)(H|LU|V^)|>F`vO(X|nKmQ-=Ns^?t=!<-0KVf6GyQ3o7%DFwZ&CZkyY6I2a%lTE1QZqop`e_*kN~ zn)hDr+DP_{t1_Z4Hy8T9K9_-KTfwuFf-&jo4q|ns{a1l^>W8Hl%Ih+M#dhc(Tdqa> zeZ`*_QR5R6Dk>@=z(D){=!jEiOjNwm=(tV3HN;{l27x4}d(O_|jJ)BJ{&7gpt3@D#%n;rRvxF0fAHjlAPwXFQr33 zPwZd(}%MxAlM2vqt_k_lHudPC?r$k{6B*%_i)}85d~%X zB@WnjdbVJ~+^}y{bFhkOO0)trBbC`hO}>z@mtd)*QORQ?UyN3He9r?SbH;PfbpnOL z?Q6N?Vted8NP<9(fb2W-DnvkuwNjf3N4JVqyu~H{eGuZs^iZyn2=kLB#)Z!A;5PL^ zKn+lqaSsASQ3k)vj(3kgjJzlCD_OvK4$$>V76DrQA8P174C3Ib{CPqup0e&Fya1c( zym8mmPnkv|15rEd)u#Kij15GjV*TX zii-hK()HN#ZLr__7yijeOx(lB2VS5<2x!*<@luf7_!A+OQk5da-pEL!?heyy@H$`> z3JalJMG*#82-)Vir!AURl_{)=4>c^&2r~prC)@7h>}-x+s)8P_8qtc~I{>+W@3=v!j5E5zgd3z$ z>!1rqv@&fv{0lr9`_F$-bsKF4Yqhqv#&^}=k=3AB+W4;`D2s{O02bq3TbB3X$(Gk> z6>m=jLWYu?6ho*A5(+XYcCX+tqLhp1C<`IB@AgX!Yqhqq5y*5Jg{pFML5#K|>HKbv z)UaCr3YW@Qt}H8fRuZD4Nt--wtDqJ0rmJXYOl12Z%Z~se9C2v8EdxOl24m{85 zGdU;QyVHf*8&W4(K4?WbbMjkfeXFLU4e1aNMp3F@8lk*8*wYTLcxObj%RhVgfpnZy09h)mZB}ppO>W8R8O`8JZZ1yI;=ac zcw0Hv(;cb2*j0Mmb0OygW>o*~mL0-U&lnark~0&GZcKC?%yh-izLa&ibUsq{AV-$f zMl#52lm@Htzvq#;$&(Y*U)?~Drbp|5>!$W=b-;@N*pd>IH;v;jAgOvN=c&S_@<@u& z9Y11KN3P7x=VWJgE+`Hgizf~fh=H-O#9ApRT@D0N#itGq^Xh`7 zI1Ke}MwT+anokIZ`R}uz&ffhJ{1$!M>0Yr-n!b&#EtPCP)WYyrh+lcw@CAl?u z4)&>T7n!)!bsuFJ@NW29nDOihxh3q(cMhFTe>>NI%_j9s&Hdc)e5k7r(f!iTC5Gyg z1samKAIhRgyzj)C!>1y~G2QKrg3Y1j1yHMJ7bdZsD1L+`y@U8~9qU22XhwZu{Dn#P zk0$VZq2sq84PvXY9vxRxhozP z9?iL_4Vg|$2T|cBM=DsA2Ef6SNZsrES7$pd8_7nYP+m#&8tD~ zTXr^~gJIi8hDTon)+adUq}F)o{RKLQE2H+@y7f%;=98P2Z~ivbPwXGC(7f&wwv|6p z{LRC{XKIJ_SY%|sMon<%th=v|*H$bHH{$+p1TemWO+7N`c5t1QiR;SF9;J1om@AEt} zN{Vt@KXOwYZ7OGX98F8<%BBsAMKa7UVcJFT1gn&>HWpUa{VI#?+ue)Ng4ALk9a1*3 zqrxr2Z=7$Jdya;S_fc`E19&Y1C+_oZ73dR#|8B<3ySJhEd-{?+Pty#X8jhJV@gulj zFeTaB+Gf8N%i+(uW*j+)8#TO|<({OOCe$;&tEp1gnsQzVCvfY!G5qZqX})Bpy|<8d zm31_;Y&>IRao$Reb(}B4dz)64_2t|b+ygaT5tkdcb7#{(2gn=%PO#yDFKX}F6J##u z?lO<-69n}-Fu<~#2JpU=9toPkl=TFJc9*~C4FmBrU9-duA zvg;3WjLEB~OkfrSw3+(iF?-oG$#mxCdb z32rZ$hjv&}Adh8wXQg&OWq#RFNxQE#NlDVzL|7$_{iSdzB=}z z1H#<(9q0zZu(Q(I|L(>P_!RYkQ7lEYyj<%b%e(dhqgdlog$e^vT9%)s&I>)A-7&MQ z1so`KX2#3{L8X|@-08rVq?L@^f4N_Bxw-y_s{mc~p5OS^&xU@g#>Cyj(v9At`a_jmQ92G-}7GA=O2nXvt#Ym>$moH{l%p> zmUAEWnWMSn_rq|S8EAFiz`h+d3X-80HvfgLH{pHmTe-aYjf%PsV;DJm>6E^iU)v*I z{4g@I63?>yGi|M9ERZULJ>!tekhZ=2Q0iaDfs=U!g|IY?Y8%VC3j54!j}e;BUfa%0NpNM;MV?g{{QQy{M|D<%#Rb{BpSsKBZ0|GY2$-`mY2xn5On zq}*OSQLg;fa4go**4DH#RqA2Zw(7~ZkW++hFyPm{SKJr&w5H_!vqhK&&`Z;|KO^w_ z|6jks9S9|NMB5=zuWHa3lax5e5TKzOsz#^H?Zf8rqx}~FcHt~c?Mk1r@ZuDELwS4A zR}Vne{~uZ!1`RKhb`^~Um*zCyzr^r3@$?I$tcnKt4Hsc{Sx(i?unjBAj(fBwhFqDd zFG4-iE-(;O!MIB6*j4NBOV=Q|XX|Mgzw^J={D;IrG(mVSwg+5X4M)hy5|;E@4G%J9 z>n6+qQh*`k%z@=PCwl$Dh5z+>0e;MPaKH@b?^|ASB)MnlY4is4xq+cmsnYw_%DFKA zVr%fr5(4sVaEa&w??<5LY)ec~ZAHCSe+&O2B>YTQ|Ly59=p-}1*i6goLSCd`qu|+i zYW#>%&_+|^&;E<$z)O)BjH|qij%?8g!6KRe=NXU!NVC(4w?Z#`{5Ol>|C&Jt<_QxN zQeg)3;1C)~f94?u^F+jk{$B*00pu#+x6e2H%N{M zXo3Xy@s)xSpvn|fXr7Z2QjGe`<*4H48U`e*(@;D2Z-)RL2l;?7G0*CATt06;Nik~h z=kekDlz?VG+Jy!FeX;8%)8I+)+BQLV<7Bl$?p=Si3#SN*A$DO`m&H#L0F>&kJW}T0 z*#*8qxU)IBU9);%(=gwg!nE%#atrnVP;qJMnaVQMSV@= zk`FGrZRDhWnp3V>P z$;BYQ;?=f!82GX_OSja&uf16$$m^>T&KtA(c$fEr+ib}xMUUuDOZb=1oAtm!HEs-w z|0}~2DX4?z<%@c)hb?9>UB|V@VqbT16_NY*ENw30<>L)d{OIzRB4+F^$wmxeN!e(xlx#h?S!9ZF1^vg>|| zYfMhKQzj;BTav0~(Qx90Fa;9A@9&@dJB5h~pzH{2(Ac(JFOWw%u9?!r-8y6W!iU^SW zcoIHiHK!gPeo{=*lTJhY-wY-Phy9}Db~D$Y9-dJjI_|4l%Zfe{te)&T_xW^*6b%g0 zA$JLw?qBKrD71(;50r$hISmz_Aa#Tds34n$`x^(2u%j}6US`yWo7koD|9ImHCWv~G z<;&Iq&@s^xGEh4yr6yas!LImky=vSQ_q5h=_U)NG*|y4N&2W~mzk9=^8<4J45QA(dwev{ zj5+)dc3<$dz6b~Bwf&t7AAXz`z?&*c_j?UM4;!e^lf3*Pqv=!3+wgx17g zm^gcTJjx#RI-KK_%kY01P)~<9Bh!Q>sP+?Z7JS?RsifPya+9>briI)f#tdQt z>f3;f=*_kCuO3IZV(PCRBEzT3G)#d!ZdljwE6^&frn{1!Ns3-=#I z;6HSl_+z*`{Ayz~!hn#J*Vsb+&8|*&m}Hsyf9(WDxRdiyHGD%6)!p;QDZ(op1U+CE z$J_zvtu6#236P}Wd$s`V^VQ~}ou^-3-9G?3LZ8qG65?f<8n&uw@;C;Bh)@*&x5lcz zDmS?l%KZe-HeT#w8Y)t0Y;0;0o>X%8_qH$B3NJH?jYl9c+#`Gsk zuQcG2?MA$f!kd^0vc5pLV^LnxPE-#;ip>igLSf=R-YHtyj=dPv;_zE$)+G)cG*Z<3Ct%s~waK^w?a9KbjR{ zhk4@Ho^PpL@mY|6Z05QW!f%+~#^+TOurP~XVw0hdDv@mM+NpY!(KlRwBlY)5PUoKT z&dE%@{^yCrQXu0=L3T_*MCV^)l>~FuI&J`^Rn$Kq_!qDG`;Wzo+p6`Ilj*6nAnJV!h$hg{St5swTIn93ib2#hj@OiSx_LFY!w#Q~3MqkjoFp zy8Rt#0RO)o@Bf=8g6|vrwyw+r{;VcCN)Jy!m|FU74&P`u)5lXn41b?FoCUDbWn#8L zNZ+t<%f(2)3$ijK^5T+fT)8T05@HBgDYvC<8qdf+BwqrcEfkRc{q<8I@M)Js$G$g# z{w3%W(LGD%2&Q7iQ$hL!8zw`i2~UF+Fps>H#4q_aTeB>eJOyuP*x#b~TpwtLFP|(H z0c*=CoY@65Nx2Q zzdVb1t_=?N=1glYbhs90be+7_6AMPKUX0`m7Utq^j}gg^PKe`-V0a)|PXk7PI0OV% zZvn&fNAQ$EVaHk4k6ueI-VZy3^IuUX@-wSx2M1u1U9DA>HS&J+Y!93AgOEPhG43qT zC%k|m%6@e_pg~4tEsCcQ&y&^g^tut0i4I?PAttIkEeUyTp{JnKqskR8;D6|24rHX1 z3P1g$Gmf}XjLUd$AftXfz3leon%{%W7gzUaXh23+6X7T3CG=3?Cj|&oda8vUgVi?Q z3@WT!nai6?IoA-^AeOr3&}6%#Kr37O<)$_V-ZbOY)YE#Pq5cXSb>WMO9=-)O-N}3? z+?KLpAU;AqAcs#``NOAEK^U;WYex)`qM1ENzPoT^HatZufCDGjGGJ3_=6Aq$?OPYq zqHg0qTtoH{I2AO=uTzteY(WaX`GlzX8sfmH80| z^q}E$Ge{Zk_jVZ>Biqm9XuKZP<~GIzx8g++PmX7Nz__pO2}(eVQ4RXIYKeXFS!lzw z=*q!uxF67oKf`HRFI7S*=(ZRA(Cn=w40f2;FVaj{CGAOT9}8vsy{X4cEXAfEe?FG| z^U@}sAY^J_$$#gq1Be#+J<#1uL*bA9`0h{jfQB?NGZX_1RF~{*GX!z1Eld%~is=6~zYac)KoLHa5^k)bR&K}DJX@p>G6y>ItO$Pu z_XMCo3!|)3G;m*|n55}mIt#wEJulVpD4*A;sw=JoDO#b`BWqR9>EHiqlu$nOf)G7o z6mm7Lod+s_sIBYD6*yMy<*St29Dq2b2%(8)D3zzi6+ut5U*vps*X{Fc9muUFD-#AR z)KQE{pTCZVld%VlJQs+ORkmCE_SHA2j;bKhgrAw-srN%EAkfO^xCRuPw2~oQbX0Y= zH>TCx1=?^d;j7uV^|Z-s+*P~RBzL_ zt%&5-=F0-!XH$;vZB{z-u4-_LQ}ajZxF? zu~lGGF`LlAUA#>J8Ik%pou9w}=K!;~6c7H?jx7&v77F?(i$X`S_S%uIg>g(>baZ$p zCA@*=QWiUKC2?s~&5%A=iKb-{Q%BItjs}d4jHo_32JADLh2oI>Etx1Hxz!ZH9hb(G<<8TrLV7Vdn7I< zR)t&fr<`W(Y$*p!98?X|3GW42;AI|t&%u5odhK~hDSDWN46n0W_<&qgS=xzR1}aM- zzMAtT;jLcJYvt#he+Y8G2;pP`za_oa(*d%(6TEd(FtxIh@;!MY6EmZ5=+}t|*hr_W1Z!XD0dQ6IvCN`0SmUc<&b=@Wg4&Wi$v2>l%TP0n@yPD=}o>H*?*4){vUeM>;KvakY1OTH%@ za|*abr1u0_gef-AFJZBEfXxN|tQS|xyGRjaPBKzAwC#z`C_3X&*WT#bOE6knrdv7u zy(?;XM^)8cdDn7aFdAd7X~F6H@$|PvFbjE5QIy#6$;jw_E6TN0B&)Puzcq?K(V6nS zmiRCIjE3A?m5q&!f@gKdVO3q|xS&BO2As|S$NXZ%4YgKhE~O(0hO&!TOs zX6r6r3@hiY(F>Gc#b&{BkB1Sc~C8su#x83V4@UFca>huDIrj{QBKrpbjTm; zJLMi3!6hKQR^f@>CCwXc$T8DM>tDk@W}Vs|MonIpgC7vy>Hv(R99SqM54&;&?AFTF zwQNyjq@u6!FDWY31>ItU;hF8G>Z9FK_wk*8S0GHOc&5`zFFgV)nwJse5x{EBe6+~k4Nmgey`y$p`_%n!A(d7OA=x*d;^nXEC=5* zXvvj23-S_#9o=5V$H(iR@kFC1akOh|5zloYbK?ob6TSW39gqWD(ZA6X^n6c-kfnoS z%myhXU*xk8*k(na+ZWJQ9LU1{_3K8Z{S>&KF_}|6>0*i~KyBo2-{32k-QHr^{}dgV z>}JbV&Z$1%PSWnl_%Q1-7!z(qP`qh!9&_zQ7&QyoMFPqFmDSa9kB=)tzXghl60M3I zlEx0?DMm6cTU!I)>gr`%=>c0t9y7xS@Eo> z8D!f z23na3f_tFw=EYb)8$Gi4zgeA(1ND2Rl zRQCa5;YSK35p*{?xhuy(Z8vjPnu!Swnch3Vjp0ylC4nrrCUBaiA7;mqooCawmBpy% zw4amNSXwivtf=e?3O&2hbZ)Fa;0I+=Cq@<*B(+tnJZE!)lN|kM*X3+zXlquw%DzA6 zw6=I`s%=qrUG&C9uCAyZf>#W6L4LzRcj+L{jDd2U1#Du?w%ztZ&^plw>f`r?k`;}e z$R9U0Cc;zZesteheMG8BLksd43i{2*-{)qX=Y(x^6VzxVZ-Gs8mE$ zoeZ>+C%fhKFu9Ls9z_d*_Y8|2#%hhy3`=!Ib%wPpNj(;67zv4JILu|W7oT@tN%rkj z5PxV~^Web)674-CFo3t&rEaz4O7P?At49XCv1q5MRzos|CR__{dAr@ z6G{V4dSzyp$s0yp52G6I6?cE8hPglkzPIxrEYwP7W>}SHe5gc)RB$sw>ep107I8HF2_4hf+0IdRnvf!PCfWo)+`TG-kH$Qxs_?lsobv zsg40Ov_W1qe~mb*hvSl0B|YjnqIr#Z5=!(8oHyCKW*SHj&H^nECpJUbPrm-4&(u_xyTTpkb82$q zN6PHy&7K5T{@Q^9iIAP?A^{Lzw1&n&=XpeY6A7)Q0a^*q)AOamq4a=c1zIoqE0)dPJbmmyvM+iDgh$$@5leA!9{lqLWR z=G^JGF8U3FXd{k!u)ogfxZJO%?OL`vZZ_rbc9mLud z*Kl*#T`8`*$2;u?HfbEPCn#(?GO$Un@hBMOK|Pk#P_GrR85p?M-*$X(dSK-Hcc)Y0 z5|ij{^~RMVfkMc~bUc3(&z&M#<&km-fQ^WFo02kDF>D&QU^d1U&FiN)Fet(%Sp}D4 zwc-Lg_7tH%G1%0Z9L?BKkyia)djVeFa*xWKoE)PNk1$LDGmLEA2vI+XCF+v}nnchG z=&4Wi1Gl}-fUQlf2kkP6^`AT0ciP{xX__#x#rn%{MdFD2hbduvHEL5g@p9?qQmswFr z7V=JwPfAkt@Tj!3whmi+JZy%?$d~~J4(J#ZfIJWoPvvZ8m(yGdQXs)-baQZW8Yx9G zJOo#Hk*sQzt7o8zzs`&U*=b9_+ZS0_YCBj9?y~rS0*HlhT$$O~9Ql0#Co=*aVeXRN z{B>>4>5_n7o391Ux1LQF4R~I^ze-+syY6_v1Vc+ptDAu|!D!qW1c_WWkRnR{tK9Jk zq(?4z_|YIG2~DZT(8(c0As(KV9iHev570LY1bvzZF~Ct6!x77L4C3foS5J>detYBW zT%^lX91q(Q6}q}n=`aE`bd(w-i~UNBm?thv$()_EIU2E-S(Q{YG@^7Isz@*t<4D~c zX&4!e3ZmW>N^U{{oF-seKOu`R!PMz}GF~mYm2!>rf9hv~2Ie34`9nP7^hjOBZo_x9 z6G2Z%Y?Dl>n&^{p9`7@XO5ad-An)QnWuK;zuFj>Ts#NKIAKg0t=TdcJnRL$cA#&?L z9D|uzm7rKL3piHEVRXgBWgyrSRPIHW#9?b!R97H7Z$=mlxjs0`8wZNbr-LR@rN*_7 z$|g2Pggd_V#C-e4K&mA7r=06ZyqLo`Ze%oDT9(tXb!Sf4`Imx6MO}zGC~FI*pYmS# zE3Nlj7i_FN!(#f{d4>0V0aH@}0w7#Qz9SS^;gf6ZdJDJ<_KrvJ4e&;M-GAmlhEj zAM4+}z`rGgtU;byQ!{$h&pV-r@ z59J_IXAbYbm zKEP$u&A{oZ!DP?Kj7m!4G%zqgL(1XW=EiLpnaVvt>RVinkY4}09IzD+1J<*6t`aqs zHeesT&LS;r>RIk8&I-(E1ZyG0tGB3BZa_ZFY_6~C{_8ngKQv_OYbo{!kH`yJ~8) zyxfzht(9~jAqi5Wx5)b}A_t->yDF%WEaV&!rBTtn-Q5-7A_G;`nZ3RAGZDYx0GtAn zCTA0_K~}^W7;posY~ttcdbmi`aqh%kUi2F(e!T_N#uaXXNNCKU%PQ>9j^C^ck-<_a zKceWf>PC}_MtFCnDkCgrknGv`MUoM|Jq2z$X@75{8DpT$V+C3u&~0t@876_w&_s?P ziBOw29yreVAn}f}P15Q_Szz<62N7I}6REtT_5N7IuFGk_K4d_&{b@}1^sp+ z+=Vt3E3RXko12B;j)lR&LPm^K4tn8Kzck@xs&z>KbzP1PmG5>Axe@qXsxSc|cZ~r^95=(XDcIWwgOME=flkkh!GRIRvNWpc>TZ?+Hd{gmw8ODenpkJ@iw^mjE_{R#Q1psd)J-fe9Ot%tiH7C0s{Y$ zN$oRK0w(-s$3ss_?T*HpFWUwkeG@NJ^el4~7ns&-#0`;X#8jF27^29>Jf}bU9s34) z27D$if1`Hkt(@xwR8xoDg^xliJNl(49CWNC*mA3Oi1Pz(nJkR(bcMM1-`qC@gT$D@WL+SE$zic+BEvd^QTvw7@$`JCi zwa7qx$Tj!1#%24Aw$((nvzC_DfQjvbIOZB+;|kEJ`pwvSZCuk#qvFPD>BY9l{c~p3 zL!CmyPNRdFeMOSp+X`9eii^a(A_?>reE}Gwd3|QD+9jOl9h0LBrtU==M_i|`!fdY8 z-mEIcnD(vt8-Pn|fXA~i>qbKs1mGj3j=snnZzB@@wG8701b9u>Ru;L6d|R-3jYhg! zT&$`j(J8ZeA|GZCMY1~@P6F;Td0W31BWm!;=vyO^M1s17GGPZ~NTknSK*OisBao*= zMMXQ;&~o&o zA;~GeB=d!8fN7=Qg5HT#)Ljw`$aTHzO)y^nY*>Tsrv|iF%PL_ku~@n5WKk8H_&&d~9TRBMmx=xP^^De3pCzUppBX>A(gzci z6_YQjb5runkQNiu6NVti<*sh^W-%FNuy+E}o|82JD@;73xKB=#BPB)4K92{6Wt}S= zJ_M*sNY?pKj5UOXQH^cCIjD@%FgOI_t6a>ulGL4YZ2>8yQz{}dE2}zGYifJ4g`46X z?Z`obUgIJ!<9&vV@!jQ^n8#vh{mFp^!4mI8cr?ZH~9S&)>`~4%x{gSL&jc^$R)t zeGF1C?^k#uU(G1B>&XTrxW~`Gx!*G9uZLn43)n4wr(E4;YG?~?MUK@IU5n)rxT)B9 zD7(AmmF6QHvXkQI6%HO8>>Q(I#wM@kAf-%Yjwi!sf9B|UP;a?c;rLK#PX2cv$nteU z6>gY1csp1zD__2->2YENgZRL~`;Z-w+Xe0n3DwLk_#=?8M!rokaUHdDnejXsVtrA+ z)>)SI;oWy186RsUpXl2-_F~!0qntpmZ`_|(-kb68F>!lJA3n1UI{dz*GZbi_aokHP zVAo@K&=uNXis{UFvlL<>dh7=9A;2PS2U{!%+L)I1!Cx zTguU@;nkH!c2;S1ep#o)R2kR$#TfxltTa4a&!JMoKMc)~70o-qpd%)AgW0Zv3ANuB zC*Up{dPg&$cKzFu?qn|Z$Fg*n8QL06?t9zLOx%`5yfnd+no_@J^H9~=$YLlJG}HTh z0^tn=5s*`e?FPPanFH{05FGcANTimTnG+-933^KU8f~&cY;y9~wO^+!^y(buxiCB&ng(hvW6CX#HK=(hri@O_#FS zC|~N10iBePi>pQa>~zZD)x|T{307^L;z%2}+42es;=#3E1|c5k{-QH*k8)1pP7D$J z^+&{%ch0;$v(NDU#uwM(_9m3L$2%>Vkfmp?}x81Qa9D_2mnapzT)!AW7X zG^U7IJfa4@Uc;op%jfj4fquz{_MgJmO1}8UZO&e^nA67AjT}5h$n@M1 z;M+=~m@{JL-2?6e8-tl6J~slD13AiM9G8}Fw(p3&+w)J{4; zWM@FxwQ+wUu8`E~@memnf9#C6zhyQu#T1t)VmWNTU3!>M7>i7>lQ!H0#-n3UHR?&& z0O_;G83A)+jHNk6x5@=&?UzSp4kD6*Io`6`Px}8NX0>V=8lD9!oPB@eN2#N0WP&Tc zOnHk;MHKQppXUmlg)vaQR6hl-k(f<9@mCNobM@mXU&*=Jw3oq?^~kcsoelS?rF*F4 zx1qjSL%@q|WA%o{-yQkyR~GNrY$uU!ll9-mg^x5Bwdu+u_7R6{NMz_fLBLn}l&8#$tx*-<`I>_fkI4$iK|^)_&a zn@w^RK4HA196kRhe{-F{!Rbj1X}9bT?$VX0o%(vI^Oz3pjq|`JY5|+L+2$$rnDWbZ zWLxp^o{aq#(6yZlGG2Mx4|`G^tBv1Amv4{sPwD}Sfz_14g&iLKWJgN|mJ^wZm+CuK z??OA9+*~X6Q2lKb1JC?!K%BNGHV~Wb zc~{A&)^BrxRHY@udZiImAND(yi_2XepU2$ccX0%Q!UP2=MA`s)nsQ|+XkkgOkzP`` zdu}T@<$yrzDBT*j!c0|x-T&QC{5GEZc|OCH|eUqjSFXQ+YWtj{^=$oDNHTXYSYE_I)Q_iVVl*J$YSxvUNN&FZ@&i zf&-8})x&#Ib#=ef-C=&0*Leua!Rx050qP$-hwk|Jyj{$p-HudIUkmWu6)Clxv+h!m zt;u!TS&BjO3}ZevX7@fF7GrceoSd>e32JqeF13S_pvxUAIt#s>%}LJvZ(mLEC#As)WUbxe%CQ693aAox`KbUutr}8O4o~TN1tz2N z+BU-PsfN+DIekn=O-Z2cDF&4*zQ4zSCJsx`#PLk%Qqu-{WYlbTNM!Dpt41vLWZtaw z;Y!+!`Bpi*^u-67z8^+?r>n7MxI}T6(fZ_#NR)KnO#6P&^X;tM6QA)>u(!bi(vs!* zYYjdN=^eA}9vLRg>>ui|HIQ7T6SJj&94DzEjFyz}64745sj(0bf6=*5Ey@KfdqMK* z?@;#+dt)o4!xr9VnLM3$+dq=-bqjQHR#*~DKA9gKz%A~N+^*YLEKxK&Sf|{`0sd~3 z=m1*Yr#{ETwh06!Lz`R}RaAFg@6h)w?C{hvLTB}4d+K;FXDhmK%W*}0V6wNr+$mZh#=m7BGNkbx@d@KKmxg{c=Mh^U^{Lq_5#quVKPjn1GV;DyxQ zp34d>b84#YUSd<}lfIChs#ICkN$1g}p*45^L6^@XE-NE@+eW)8{w?&(7j%+;TXeGX zh?vOi9^|Q%gm_5vEpeLpM;~sHMjO?IIv(#OY>Yac{OA<-r56fxZ#C;k1eD%e-EblXX2T z&ARiO+EKeTJM99Tasp+?>+-9yX^Ga-EO(}6B7shiV{MZ(=|r^;@IcYL8D3l^d58ga z3mo6hZp4nhH9FzAthiyATdS?^gD0jesLR( zn1Gah?KUq9?y;R+Qq%F~h!AqDm?OC_ipGhCgj{8H{Y5?Ch(e%4ENPXL&&%t>5N!ycgBR zCM$-kzFo&8VkTbt#Yg1EUIkEx(kmQ@knAUjM>8YclN%CWt>4wc==ab#en8Zq%pIiONg>PxR3*E_& z=3;A&4lAc*A2%pzn$j7Fs>%HBmfa;O=8RmvrgjkY3U=H)8hQJ>$}PjeIT|88hOKH z5?5I^hduGR#T2-cKrq~~jZNiT=t<*6?e8Gbz0C~kig?)KP2SfIgo{siuY+ z&#{o5Uk~>;W{Qn%FcMP_8ipnIRRnTKFbDcssDSN;QipBb{V7S*ve-rg3Fd8CW8iVk zz{CK@?xAlUuSpHNW5&^GCln8`=u4A|Q)ZmtLz@~X7UpVe#|iQz(6o3+osh>m4f1R` z!Edfpask&k=)7|J*%`gYd?Gzlw-4W%EGrMUqNBSyE2K3gmr0i<206O6v2Qq|rOLF{ zj&{QzQCG=&ccBWEAGX%HEgTNZ?u*u(lvr&PpA;-MDu%C~rW}jwhylQf$KE0|pp3`* z+5vz(kXFy-U}qkYH#hk1b{1C2awm_9|M7Uq`N~(y__r6gHPIW?b`k?)7HXWjkre() z2maBGBMtOirWqz?S*X%_;ByZ=&As!%euw>mEwfPly++?bNvoA8LwoA`tDLvC7Y_si zXA1{@{9rdb{E0>@k7+W=-qk>wvhT_qJc?ehTwdE9Z*)N}ZiYdea?xumHh&MoAt{lJ z5KnLGb;pN=olom`+yG54X`L1WLsFH9+GZW$)Hev4)0M9L1ECVv~0 z(}QJy=m;d2m+ty3Md2!UqN+o7Mmdq@$jPlQWyS4N$J@7?2rwqL!)R5BM&MR;?FMc> z-L)4H9+a(y!|5cfkDf4w9DpZ`Rgz!71Tb>iEl!X{k*uv(Y1|&QpM9@a z)d5ArPOnSLgtICNGjUAP>RU-ueyD<}Qssc(3!DY&cbOa3Zm%@x`uE=08Sr(FI$+p2 zNeheuZof3@^vQ7*${zC=i(TBabg=~b&tD!`5|Tfb#7BXa86d^BG)@KX;W*#ht0=+G zV+`YuM~9EQ#)6JBr=(pbR%e)zymE8|x^J2!X7+BzGg z>%)(m5}CriKA-u6!JjtGyM_{!Z4f6*yk zrWp_U>vM@d+x+D#!`DfFtn`QE7fj7CG8UT+FO+Mh=s(183}i}5*3~M=zW#7Dak5vs zw(q~xqNieTCu3qG{M_8Vnae9HD8DK8jci(-QuE(*JjzU>*EP3@4nKrxNFNlnXP)M3a`lR(qg}@yU7o3XaO(8(A2m> zal@sofbgL4^ou!A=ID$k&Qx?&_1Ao`sm?dKa+b53XInm{BxJ`+-1eO~$PZ9Zvj~91 zelH9kg!)p^N!)IhB#e~@*zW+}95PJmQ~ zlf+b?-c!n_Jch}63&iP98t#t*&)m#!Cq*NkzDQai?{;0I#?(vyVM?3M+)|eQ*^11v zuCck}HXL=w+F0mJtNXyL(9nH#3nkK|h^^}@xC86?V9k0qO@UXkqi=-Hr83pk_}4*OYZ`QR8c3#d#=U$(Hf% z&j02Ev&^LV!UHBu>+*2HNh8R6KrU>d$MqNAFW$8m8*aCmJegIdmnpA2;VzWAu7qefzdh^?lHe6+<++_HT5 zYG!A6AuE=Y!C|)Ai!=C^5s24IK~bDF%yq7FlLL$p8+!$iI3a=E&dzStR?{Gnng!7; zN0_~Ul;3pC%F3178Dfl2tlSBzjy(?WF?<`rOK;uKU(@vS>BNM#XMw%5Keo|AatX7d zpJrt4|MJ0FJXyF1-s)9ec$rd`h)=1F1>OnX% zImr+5@o~P){vd;E%nHhv)le~oNa0?3P01~esA~z~^A9?*?!;xKr>FZWONQ(aolU)V zl?;LsojMbo0aXQ<0P@cV^pzGt9j(ZlT8scg&z-7v7H}cWJ-lOpLu5@Lg za<{EOKKoPfbEt@8#KA>iYzsmy&$N5SQO*QFb*zcM_Q&W1K&Zx`hPa(XHD>?#vE}G8 zpUc#YfU31el%@52Iv$HncJ=Qn9yLnnjtHuZ52l{Hsa#0CfzDNo-^bTRNU~xfxP;2Up2- zh4R(SM&VFNQJL}}ktR5)2Jpw%EHy|wj6hV@CR}HiWKGK+QuRpcVk4HTV{#C9LUkOg8;{dl*u^+6g z|7;m5+L1h|P^(-knA!7c86p@2D2+vuMQ5c1*6`VlvevFQLKc>L>px@vE?e#_@(9WU zOoKMSG-&!CKuvD-z=&@3yiH4`1kDKrIj;(1uy1MH=fP=loX77~%=x{b4J&MQ;ao*k zRafPcam%0K^mDSRVk&Pf-W7qz1+ zL27;3b!>ZYPjARELH1-*F=p#RRCKh*Vlo6VVoPtMecy54du5_S>qhp2)=2tce+NG$ zrL*AcLxkFj&6;2q+3h8Iz@?yVq<#>zjX3LqHo&qpjw+=_dzYN42jOy4N&7^j*elC{|Vt~_(OlP4M+6#99xZ$2({m3~$RGD=8KKA`0f?L*MfT#t{ z<{KcV-pWtU;rI;UUl2nz4v31B^z4+^Y~oI-!dmFn5tAUqSrBqrXSTExEtD_Dd6y}5 zJtrp50>5zJhP5rXsK{uytz-tmPk?7Gn5xlShRT0`VU|H>yrPFdeD`Ybf3_=cE(jf@ z$PiK4^#{!|L%I3+s$*kgmf#9$P}iy0h(41)`onSYt@#*;s4f!tTi>&>d13tYz$;nE zIjbT?T2|H!;vgQL{JQp@lHdI=#meO17l4pFe0jwJN;Sq(11R}qgx((1Xe8@P?!z&4 z<7(%(%LFhr3L40PMt{+1NsYYnQTEAbe?LIC4BJ$kY$of?{)m*yN9Tq#TLN_{OlX2+ z9B|3H&k;$_?`orC2wHv7tKQz;u}CBzfUc}sN2`@56A}Idxb+Kq^)vu%02h1>z!q}1 z{bW@@yHqem)}gfqAKvo96mFHCUqv$Y9+c$6)GN%LAU7C zpb9im6C$9qR8UrRK21X71NYrp&$8VBQOUZ|7G`^EgxmE(TsmCV&ECo@oUrPPh?*AOH=Dl~R6tA6F+Ej1r3`IW+kvn=fyi{el8r zXmV~47OLm%4PA}5_c$miDTf?AaP3|mWy+jG-(W!>A!U2RB?1zYMF=V%M)cQY5@51O z4c=q`TYkeg{Qx5ADu7*HywbN&zEZriv$MuJ%N*z!T%g|+_o(jH3L+0o=5=Ol+$gJ| zLNPm%`Krw~nyaiz3^*%hT2yj!N7-l#y{S@^To%|LE2RcUFx1BR+LMlE>$OHQi?7OQ z>Y#^lSS9#NHPF5vLG@G^WNsa|v>t765RWL+yL)&*fWX!9Dov27Yk&4N#nOMsWtk6-czSc}&@ohg%v+*+y8!Cmk0IqoflS|+ycX_mt4f;Z#SW=GqJ~R+7Rnb7*znU=Dl2ux&wXwPRmA};0(l1@UeVR;A z3+SKrk0N&9>_IWorv0>S-#XsaJ*Ao8C)WJwp)CaEVkUHiP#Ok~kai8dqpfEw*p!far>-(Ins2W@xvfu@SM%a$oi8n)UW?W}LD(n$Z;wJ+0e5JnK^>e3K~ zLi^47x&!%5ZS78I10Ge~CrOb%eA%U?jF2p^og%*sc*?s5 z2FVnZl#F_o3+;R6U!(fr2z<|?E*|8233wAw3uqXK)+k}>pd09~>r&+W2*jX*Ux5Vd z0>vT{w%oJx_AQ-vVUcNK!Q@qtaV-tQBpZk`uscm3n0Eq|($&R1*3`UkFr?KyO)n93{Sb4uE_jBflTIIf1OB%?+3iSU_&f zLny}z7FmT~z;)OK%9lyd0%~g|3@U!!Feu4TTBd(Hf_7XyfYj7yspQaB@ll{)ABzh}XM#Qq1Bm8reg|hcqF2Io*&H9%8$OJ>!Sy#5 zprf|XUH7MnKvcY#-zPzEBgRv;^!ze;i8=`&>t7$2xmd=e-mFw;jpmR4_3II>gj+5J z6_sJz7aJ?9S5%|!)RK~;j3fjAMT}?zI-DtZ5Lj^ddM(s@dKKI{G74@Tacxs?w0B%h z23Ilc@l4x5>Sk(WP?9i+>|M-}Y&R-=nVC5ohchHeQ zop8G}9MeFu2C7qNj3L6w(J?VNl2L2Cj}1r45G(&;eD>+!Wjn{E*YiW7P$1S*WP!nh zt+I);axTVfZC&r^?u4OKBM~)|9 zd>;WD{&>w&XUFqupM}f>Nc>`JVlp`LDsbeJK7%PZaL{P6>~l__)vCccn;LLxqg)>( zeEnv@-^hZp&ODNJ&kG!ynZ=kvHLCIz6e*Jw7at!VdTRJry{S(V)$`RX;iX&agfNAy z%raFb>pyM1F0jhQe9c5F4|1c zROoXGp4<1=1!_tQ5-&1bUe{zVRViwY$p|rAZ1>3|a2RJ~WK`$@%GJ$hdDg*QUmY=( zVo_)&2j8Ox88IIDN&kK|a1ZB`U|9LhBFXO+=0&}RRpAQDUFnR5yY*BD#XA{aey1R2&kd!YQlAOj51Rtiqyc3MCbgzfJW3WAU-0m z`lSIHK|G;GkX;zQdB{^>tvo`G4fcy2+=skTqWo?A%+4fgAOc1hx2`k&NzvX?4}Dd$ z^`3z)mtHS&4YaF03Po@Pd1OrRziV65jjnPl?mXT?ES8#9A`S?z3LX3tK*;5mQ z$x0FVAn@lDAclMwbg{i0`1DtZLVy0%zdoN1eCu;UcHCN^XEf%#%`}I6BYpL2LHIe? zVGn>uNRlbwF}=WJ5B_G=7^$~7~A0Rd73{q_?i zFfJ&k(y#;Ns|SMDKUXWj>A-UPU$T}FL7n#-jG~=p!J4x z0VQn8@gV-@82>-b|3skuxn3mI+2T9!bN#>pe~P}$3cP+1aK_y)Mas6oMK^U~JzJ2* zgHI!xKXm)fCR2`sd%#+Ph7=%FQoXju>tu3e@d2jD|E!cqK^}}s=WIy@MrD9TeRYNv z0;N4b_$9d`5F(%t59ypm2}0CU1kteT#Kx74)_s!W?wmL~ZEjFzp%ANuJ`VjixJeF} zjLMfnrob?K0K`mJ3I&Q2u>`iAU3_XD`y4bQb5hvhZ&mAo1D@Ah=?5)oTEbT^6^EBwSC+&&WgV3}@ zdu)AfS?WViiW4qM?%q*HXFONBe_xj?t}VXvyYn1?fF|_WSL3^&@r!MC0FqKR)4K`+ z9(S zjs0X9^}*5kegwZ6rRGsCucsFy+#$>?DB1I7S<%ZS$R@7og+_&iK9Nu_y#<3IvnSPqfW%I`!#jQA7MqO^okqxK=@^5se+XPb3P?uH-EjTt04p~v0;FZn)!O&;))F#-8i zK#wvMiF%F+Ha37b7()kJL*(NKka6HRHJ~yC0(6Y0|C#rH9bIP-z7c!~p^t^<0o}m8 z*i-z05cJf4U}Q%|-O!{0(Ku;>Oi2G-vKY|bg7j1-dEgBHf4&SHwKtFL@4_X)m#NG~ zpxkg^ARqYhEdR)zf4^)3JgEFX4+BrZLZsctpxuDy0Bn~{SMnq_fNVLR$F_wgBSvEa z-bA^B(eWSo1$Yv(WJo{VMuS}@zAUf9hb?N>M`lAc_P+bV#P&1>*GNcOM&2jzf@ggbwL=7$3zpMUMb(K>YBhiyP7L zv`8u-*$qHF_^5L5q*nm>e*k`|Xhohwv7{Yn<$Ugu)8t^~|1K63U4n|s*Lmbf_96dU zh>|4+dJ{l!#r*@p#c2py-w*D!UZ4|zo{m_&IV3a(Mq+FII)p+*jY02CPhd{o!Yw}?1k=H`LZhdUb!AsPggL(FG4iyXHD6ES)>0!oPi3yM&I1%7w6 zXbke=rD`Mm|6xVr4JV=dEoe8yT1f#-Iz!UlLT5u^umJ!t5IDwXXCRLvGr?{uTsgu zhhpo%PWi1hZ42;t-JdKD6hl%Vhxx4;<)gGaKuxnGnL8XLnxen=5{el7ofw(~pw&(M z+qXf>DGn5sCQU$=QQ-kvz2Wz~J3|O)mC1>0xeg4}N4?pEf~Rl4is4oJN$f8UBp4?! z6}55K#%em12UV4rbZu@zHB-3jmJwbywNP$U zboHo^YmYT83d0Dk=l{+LdMXGH$dXt{kT@7!5@;~W*PqFt?I!^=7(N!0x{EZ>U=NGA zksu}WHDa5}hZC!n$D`YyG)J|>jX0v?JOrP@{sT{uLfc9nWA!anm(Juh*x-bp`Y0gc zECDt`&3;y(sh#iPY#)Tcg3%;qA0#~a$!q(!P{WjD3q{Jmw4#|W0-|}=qp}KYWh@vb zjK&rU-GkndQ%9(GgaUxjZ9QQAYkuo!Ki+!T1dPjuqmf5NzS@HrVaHiVw$YmDl!p$G zME_lE2qdf>gb!uFN_KCVz1w{IfjEpF`XfM&T57QRo<7O+zW`SA@qvCYpP3EW#&Jsf zEs?F6Ew$?fV*t?x+*sTfM7vm9@Q*XiS6_=C%&kkdbp8*jl$aBc8Ve1&QS3(j;SAZZj$59KKX-1m9^hjDc)%k(^q6eOHc$awuwajCQOk<146PbSO@5%EjWMjS-Us!f z7~7hSj0e06WX(w^4bO5V9K;SERLU|Z^+CtZ9R;9X0U8%(5g<8)R&!4G(dlgJ){WVN zV@9-BNRc*)726D(dgXBrV483DXM%_z5EuY424n?~u@iK|0TiPQH>4EBMgZ|+ebLy- z0JbWVboy5ug;xJ6BBfIyrEC1`@utv+4(zaV4t8G)C$f)R+>)Dh%J zz|m;jv$qYKUK9b$h~DeM*?Gk9eVlEz~^&Kn?x1);kA#pi0p1Qr&!l=NW100Pr+ zh1Ujv!ZCVlG;UcTtNo!@18(t4%o+!HBTe5L3s4`$7=X>6fKb!OgmOXVcY%oJ@2S=U zjMG$=myd@v(J(3SSR|y)yc;>6IHGcoYS-as3?03n!Jt7ym^+>3YZ9G-_~DIUpzg2~ zOo*|W(Cz@bpBCC3kTGyVGrKlz--XSl{Oh8;#n_2y1mGZl{k}UW{!Cuk&!~aUF9736 z<<{Xs3#I|Uely^QK@A`Yc`}(^xDNnI^GyO5sGAFXrx~NXXokccgfzg@;q+ilYipWnyAeB{WR~$#x0YoweiE#O<*YNTeP(jocyBx0!f1e82;L& zYkgVP&!_kOm3;^ay&?DL8BzH0b|(O5WyA9OEWi1Eke*N*!&Ro$7^MO4)3)v(dOWDI z5KP4xzzsGKM!@hb!Ms(YAGs>(h^$x+brKfen57mf_zV~WP8 zg)CYEg`F!r^ zU4leH43cIkQc|fvpkL7W`S14o1YNl^gNvfiJ%^BX;09_1>cs~uVTe5#XySocvf|;W z=3tWlIE*(?IKZLC2Z)0yg!j9$#^v61>kOXJ>ge9}#TEix1E2YP>qH=fn+$YPLG*?O zdGv9Z0fbpWoJN@Ckt3AF#3Kb~tt0XIT{U_zAUVDjQ);AG;|wOa*F`4Q=dYe~Rtd}+ z*_s@F3`vyOZ`2DRh3N=EPd6`M>7=A7@RBBWSjP5cI+l{B@dX_`!N`{>k*2 zR00-0ixzQ}Z50JWTuqKV0YjS<0s^bk4>l4)xUL06$7GCn4T3>4n=+x9KmO`MF)$HY z3<62WJ-&-KzZ!>3(xE{bBk*LItj4Wd6`xE5iM?w1YbX1$qg2I`m9^AB zAm%?a)&Mg`=Xo3nZ9+~(z*5Lrpui#cvjZ&UOK=K=gHvEM2EfL0NamS3 zNIB6f>dx%W{eJXivB&ZZa~X6vrgkg-RWN|0YJjA#z@|aA@wU34_)`feD+B|D0}e<> zXt8xj4cqDlHY^Cch<5|w4Ff43QMaJ}hNE5(MzHAJI!m~p%2_XErA)y{_%JO0z}pBq z7(rs}cW1{nZ4|hi;FyI5hQ39M6^Vkf57n~&gH#AI3lcsMa?Wcyv25W7aV8X*SjDq@ zX>7VxlK1cH-yU^R6_5VFg)t5fP7rrCM1)=aaH$?Mwv5`NCgC(dUaUD3J059Yg zKtdY}Z8U+Wk?j9o1u*|5aLX*fU9+0IwnlK+$;dtLgJ4w;eC9upoWX#X2lE%6kWGi8 z8y7+^JL9x~J`ez;{^8{UP;tQTK~xqFqOxJm01Xh=Cctb2t_{aZAB0GU5ey`SQ|c|( z84E!D1O*328uQOxi-b;p=OtwQ5E(K#Ohu4niO2(_fAspq?SD?Cs@T3;B{>8__imkMt3+r;lAa*;_q0Rn52$A=q>2QSd1ZMbTy|+b_Ow2hWQpW zo0yB*Z5>yF9c|Pu4uj-H5~qUoo*4L z2ulaLr`-%f`#^}nAgJW?O?3+w`hIq@j;t{r27}Mi9si$+@^Lc?O>OnDVEH#N16%v2 zaF;p}=y4`C=GSJYy32{H~$9GI{zBnNaazG#WF-xf3sJ2Yt z^`v)7+SNOkjaUNJilBT>Xh9|-)uJhx1OYqNsbX*i^GWZ0|MeCVN!Iz1}0I6dU*ml^@N0WnGkjYL{Vb zmFz8}mXt3|G~N&+%#NJ#r0i0K!t|Tf?HfVg^>KQa$uqIZ%S?OXALafE$bWw0xjEtQ z`zZD)6W1RviKZ{jiH4NVWkoBJeiDAnSXrY9n!r2>&d3vvXrew1sm2_l(rpOP5wyeG zLHDu1R^u9%xYMB+H$(0H&W!;QmOAPAV?yoa;p!i zIdT+>dhJPNiue`!!{+FXy=z^4byHhMtOqT|()?attEOldrn0$&!wR&fA6i!65jZCY zGJUp7XWU)vBDr9Yi=~NJ+j7+PoqK|2lP}zn_|-e+#$O6v)6c88ryX@)caqpqq~1W_ z%c5aQskCNo#)%%}tn^2pPb^?}OQAwCCWfj-ccaW51A!~ik)d^m&S&@9!fe9xq1*k9 z-|DDbSO~ZkX!8%>#K*_qn_rMjAKDs8t8yk7lE1O&x&5~2X%_ElMSPhhFEjm$1ga5T z>;nd=#1QO+j~{6;ad5QE1f@KbLXOombs|wvVI#Lqc2#=`K4#R|kC&Sf)0wydF|){S zYcH&O7I@Tc`O23I2fw^tcrUqBtlKjjarf&6hj6ENJYcNYG(FyXZNa9=#aU02cjioh zd^mB!LP7>xvklB1ThnpBIGVmaZ>P|N)`Vw*<{Zw-&8-10Rb*-t7bhSfpu;3&()c9! z&0Q%3x7_O7&$XQPnIPhLru#M|$zsK5#g6&5F=hw}5hP7e#9P;ox~XZV=K76_eEkCo z9&gAY$%TiGDYZJP>~zG>Pdc%rgDLe8W@m)CV-|Mu5^?7C+l-TR&Sv->x>stawHM0g{36a>TEhmSnW2(;?N42x&evk%fqa&bY2 zsAdy(Xu7TXXvH>w0ga>QY+;ZlES7AIIO=}->QmWUVqOu4!p{me*2tNG$rTZnAHT@w zYZ&!;cesBKC10X}_zIT_P=P`MQ{CoRldr-6NmLxLk>{N?r9A6C%f(4}RWCNX_vd6t zGWs`lMXqO9ze(@ZQ=APN4)z?5R*3u%F~1^AARZO$r;+>5dQwpMq}K0z$Wp? z=zOV5RPf(g0PU-KHx0bRw_+1slinrby~xSZQG}+#nI1U0$&HAc6z;n~(m@nMr=RK+ zod+KaaW$-7j1-}7!l*Ir?aMLyb-$PD2__F2!VzVbiX5k|pOe4Qws{*ZJYm3#1>Qfp zMQx=j(p=t0aZIV}?4NQ{o!H@ZNs@&KH%4Q^18JEkmo_~}E(2=;x2e1uE=!YSvu8A4 z`o-=Hr%wu4qx&iR+XcW{ZdqM%WQCoDo z=6D7MogU(W(#EM&Ihse%B~Z!U=?;wG(I6cRuq4qp7@^qLYs_Qu&;t6H{u0j}_lYPp z-VQFbGp@vyLL?em4v7AWW{}GKbk=qE%G_Wb;>VU8RwiPbc#vJ-Ngj@GxIHcAg(z^m zDX^fGh@tXAONnU{Gwl#Pds__|NtCL;yDxR7qYuf7i(nudaRJXEnY{e=S0+Ca)}3=c z<3$J{_A)jrcH1%#i3%%mMDh}5J_%Xx#l-N+Lx!$4;@)9d{dql!ipokZ4t?xOA&{Ku z>Zj{0F|SSjrMW?Q68L413LqSO>gd6aPYOG70@px7e3qzx0g@|=B=^^Y zbYp@rG%py1l`^Up&Ad7QncFuCM#;`FYq$r{2%!m*K=LQ*J)_@#8vzT5M2GlAvxQfl zmT?3VzF%PymOapa_L9}BNKC6OAQjqUKpc_E#g(0h&wBQ!<0F+78B{I$z^`0{m^vA) ze;)E#evdXc`eN1p@{~bk1!lzZE;Kf<0qytqcdIXnMF`;;4zqS8A1Ah62JA^g%W-~p zgYVgN`)YNvFuVOnTG)uuhB7hIbk##F^%4%ls1C&tvKHYHm#M)1|Gj1q8eFg zy4}HQcK-cc@>1=b|9g))KiT2DDDN|?(};WVjILHJs-HqqFG(GYAg`#mtfdFcarp=_ z6~A5WyEmrqq>#pK+o;yeamOW>gVzzxa6Nt2rGpki%EVMvn$$1hgEql<^2yd3MLwoAc;pcM5#p>*8YYPrr0-lDlabFU9dgG}T%i*MPz$N2U zZOhJ3h*D1)&%1dtYhKCTTF05E@igM7`KS90W1a!K*w85h$ZTe%EZzhytRc;p9p*Gq zu39cqpjA@HpqTVb`^k=P3Eb_oZdKl%%VH;2^Aqm_(o@_1`;(Pk>af8-71Z^tR>wnw zqE7EoZld?pRhZ|Rw4tuQ2Ow%cmV1*ecRz*JPrZN{1o#>0zq>ka+5Vx((L|I>W<8jh z*yIzC46c}k9}!+1PdV+4YWpoM#*izHFezQ+{fXZH2v#Hy$eQcCAQ3O*^->bS?{^jn zdoiQueYnoDtyyTXW+<{L4C$v?yRSZssx}@m)N@QI5AlYi+#INiFUPUm%qiu>aR0~e zAEj5UPf)wgknk@2ZY|fUhDK95b^Y-r7v>f~r#rNtwUa8Lsd1V)tGY|UEyol|&3wAQ z8Z$h}V>hbxdVMv^rSF6tYB z*ze2Ealv2FfAn&+*uR)9wOCOwhB-_r4;a_c=vG>&N=wWKhKc?D_BK~C>`3kO66A(D z+S`{ddo(|b2cHesYd(}5oocdpeT%SiU&D^Vq$QbgJ`%5tHwL z4_ck+Z{e}6ge4Z!n{J;n+)J$Ulrxx4W__+Qs0DuEtzaVH)tY46pvc(!=uB-=)AQP} z#ouuLdpP!qGNqux>0VsRdA09&nf``G_^L;V-R1XMxmIJO0_dRjDl5xI8N&}Am`ShLQ%Onxsly;?^`?Dg>&H4+NF8zV0?i-6P&WQlU*$i&0} zaX1@Av2T)}*UKffrRJOZdI6-O-OrSyQ9zc;s=+s?=&ZF`_D# zUtWxGm?wzxDYbujo(s_oC5o4(4PT{KndYx?vxbMiOPOV8c^5>lmedmu1Fwt~n|)7z zwb0_Jq;czpZue$PO_#qw$Dv9nH55($>e`&#m-@u#lkS_nSGgSJUuk!L|5%bI)YMJc zG^l?ie;b#K4#V%{(xZw|J@470JBV<$p_&=%LeU`(yo5NK4}B>D>Q6n^iGH|>)Z8|I zdE}UT{MjyfK&?ctdV;F!ea2gHj5< zXBRogO^o(y+2VqiAL5O~B?;kS*yOBE32a|B33!jYA}N{CaVVaf`9$5Ph7WZmakSVS zMyiQOq6SGq7FGSITg1MRYGHczCKa9FY}>Z4i}pFZdc$IDb5advga6gLWGVyEdyFY>1IO0n+xK(jm{^S2YWyO-dc&gge`ur8~pvt(4~EM93nNX7D*x(9$4 ze-!e+&@uAki2)a@%Qo$e8wVg;ZQuugfaYt`oY>a*q9#o+?cxEC%aL7P2o8(q+YU(J ztM$Xe#@3|m*k9={3JH-6!|g=`IQ4FnkyM2abi5e`Q)HBn|F+jj?j+Y90$R1_6^!{o zr|L=?pG;Y%aktNQ(`w}q&bBKC!#mq%N7|&$LmQ>U9a1|&DE^y5^_lF%+Scx=s8~E^Pr-- z*RKf*yoAP3b4Qe`;NVRnu=$?*UfqLehk3s7^U58!Y z-;pd&>@LPXV2FzlNfz;|Cmqj$d*?k%9gfRKH$<&as$=#r~{q>2~CvV^04CM+U!&LQoSFFKB5+Qsd3eORBJJqq;%->N_&IU;bs<}40PDhLHHeW zhq}*ISpQ&{e}vMfVq)IW(XqVM9yxTmH%>+|X5e*nhIJ@^ciH}RnI)n`CUp;nd_ni8T ze@8Opt)%rrrn5b#MzM}~^XBM7xHMfmt^@-$&)yWNEHQBp^;iK*mjBsX?$d*>=t9G@ zO+L9@B*OF=4A;xa#+o|5ckx2XzspFcKDPXPJ%0Ji&}V0?MkSH8sc1bM_TunGs*qR2 z8K3fkTGt`yu8I@J(RkV1^LH;2_}qFds#zXe_34aST~PgI-+oTi^HPDWG;n@;Gz zuiV~xNiApvd$A9$pSRq_jcelJbobY3lv^&bp8jYUjE<{H&SE?KSEbJO{Xt{Yde{I@eZT&vF6 z^q$}Mt7!M7x6Z3~RtBqh@WU|jl+qt5CbO&CNg5=+_Js$GDZdykWaM+4e!lS20|B=r zJZYQHiMcOVl*B&zlWBhfP0OddcKZebu7x69Z7-B;JeVGv-<==2)NX1?2nxPk zbo6Pi)%~PAyU-YhR_wF%yPs1QRnvz(vhAD>!fRkRy;_OW^AM3#ENTj=vz$WaH-X!C8s zn!mUkZ|0+H($3!(Mi@F>mQ+!wMl*VB%_er4nyxq8oKrc`uf;8qS5^giiPZuc5Sskh z@5MFODzpqg+=%a5>aM(!e^U)bg@Rfc0&g~Jml`F;hF~VXxr0rVMh;W5HbPL5!22f} z$Lo7Y%oHVoaJta;)z#yRlHngP388g1WHcH ztJ1tJWVQV3@ZrAW-U2$c-1$+~mpO;2W<$(I9=l)VGm=H@u@w{R!?{&@28$Mc$5h4z z(xkkv&U{Dp!P$^rJzptVvqft{05wXc;*4C7B6 zIe!-Emo>xfTV=31iFva+qo~Wy@X$qLBaf(g#pXk2%NJy8Lig)j7A-qEqbhwT)u!68 z?1$#XFt(byghP%n$sd&H)y9FyG}b2!PTgd1hAy7sJK}i)#SYx(lyjV5*ehH)veJ9^ zJ1p*^FT;r550y^toE@&qr}LJKK9mV@_a8s&n&YsOM@63Zc}J*h4K|x5quxY~XNK_! z#@BAY=$a-+3?=M@E7Qf35}oospCbdd=-C6cmc#W?_1Pkg zAG}NzF|WIEgKuMN_^|V9%x?4=?F}n_8P#-&He%fJ9S1;HP{8rKk-43aIPgO+TlHc= zxyRA$W=c+L4kf-VGF%^shMIf>=je^Ff8=?ALzqG}&lhcBc>grmZ@p8{eyg1uza0JJ zGJRR%~$uHb{?0V_Nmm>m6}iBiXKx@Z#-sM^Gh=dmmwf4%f`F zVz-?xi0hYZv$$YzjA7Jp0! z0|AcW7S0t()G^AE<0yqIu1r>gh8jINKNl;1ZA(`R#kABEin;hsiV==7{l9L;WxM`Ozg<16wv>Gy#X}Sqe5a z#`@rnESVXfCd>UioAmiU|JHK~J52+hT*Lj4;Dyn`0GjP4ZFz71-3zhJV%;jstwyh& zUc&~xyDj6Ta}hssD4DM-t{xaQ*0C=&Pz}J(P|?S@aUCdRL;={xXF<5C@se?~ufU(n z<>Z=TF5+}vyS%adC)Rz>TgJz72F9L5yS?;4Y!pZ7t$9)?cLgos)4wSS9)DohpT<*| zi7oP?pp-1UKZjD{yg2mYyx``0ES{b@IjbfG5L|Y&rQ5`my;n~3DHIG*FSS) zq}Ta;vMJG3iP;PajzDzdhgq-86#Wq0=+}|k&32JcaJK?}zGVyUU^X9&mv5y+O|hma z#QW4EW}!k#QT(Zh6H2Y$z(fPyqsR743&&ulh-Tb`a|)H}0=LpHBm3hN*#>6b?dnJS zc@rS^RW2Xh|FSDYT0|m-zV9JHd#c;Un4y>5c%iOjM!77r4QBp;3xR}SNy(*uS2Sf$ z$NhB9Xv~FKkyF@PnEfPOk5BaAeSA1iHYqt7&kNrNmI}$yugYqw`fopDqd{#v-x3@~ z><`l4D+?{UTuH}YxA1#KJ0}x;pPii7J~oPcY-%=)q+M`ZOD$b#;?>Kf$fH|(tt*|m zy~&Bmd<5TY>|dI?c3Xr-88 z8)SUpGDGF6i*g{Fv{a;3R4UX*yVme4;5s0t$^4vVf>|j^!|Q;)O&x_i%(eOY(Qrc@T{FukG?`Oj4emtnwi<=e7iy*Uxxpzn&b*DbDcAz%*4{pM>{;}IiONZNP-s}r3&*LojA+&8X z`|YU~V;s<=xLUy^;;n&6vN2wwsVg`o+v`xdes(;zWx!TeYVzSR;Y8g z6Sp5I9v=(G4WVRmP>)w(IlwT_f(rK~@flC!6GY}MiCk6`p+nIaP2lMx9PKvo``Ssg z3Vb-N00Wj(BvZnN%`eaEkJ-pV3Evz52)gT#dwf;&%_-z$gkZ}ui!Y$reyYas5^MGw zM(CSgFkM$SK98f#!4A)@0B*$rh$${z9$%A7PrLVZgbzh~xUBo_{-%a7 z8Wb?r;JNRhcyVG05dRM;T??qzcP2%nDb>?&*ZE*CbmS1iT{zC+ZX0x%hzDg7-#yF# z0??m3T|>JVrr}C&K-gpAn@0j7V#t4Io>tsO#5!GQ;LRuq0%<(BiX?j?_qB4F!DGun z;e$*8ErqgJgtE=JpyRys{$R^>_s5`{ngMhS^DFH73CA}ju+x49=uP1r;d)fkKfTG6 zjG=Gbq{ox)(R?&rY1w`nYZBN6wCw%$hLA2^}(J2|EoIIe|WV&e#H&gWNri|`nSd^?0-b_=fGh%GQW$^>? z+vjuUU6EQ@v}UAZx)^be0W?#pHeDIZ)V?~Bp;Iyw4(Ap%L(!bOla*H0n27LlMgkS9 zffTAQ20*4ui8kf}0_Uk-c~%Q5lJbEIeAMkE42nR0&qe+{QwdfMPK8Fp!|Bu^aHAW} z;RpA+DUs{bJH!Qe7vSKMe3#7Vt-J7gvGP`_U&gX62W`u2qoz9o&YsTe_&f$F%B1A_ zgq^aNCal%a(HP z3TYUv7&5N*uErX?azEXB?d-Qx_-6HKs*_mIcmW*lv(zqzwF20xS#l(Gx&ouC+Qmy{XL!nnpAjMie;hi{2|t19Sy$k9Sk zG*s#_ZL(;)RG_*(D|oT=BSRmrkTc+lB%OWhC~HiHvq-%*lVI%5(qLIB-%umNrU1?B zn_Jlai0bhJ91oFINmQ+=)?->MMG}W3DD|J2!7FLgweVn?t3~yPRRQJF3%c@`R6`8K3%Dx1L>YjJh_;ZDt zMJum1JH|{igkCJkvFPl0{o<#P>4MYoW>d~?v+LEUWiDtI3dK--WJHMZ3FRzU;>~!6 z=8F~mTMO_@H+LH7-rf--o3Qf8o!zqLG}+(sLQ`jh07!dZBkQSUWj%>V{Xu(g%z!e(iq8AgL0)i}jQqF<*5C zIm~~`zB*+A$XL1OLqvMIf6$+4ozEl=*6{&HO%C}~${9dT~|_ICZsn;nKHfkXSue2h)ko}7KH zS0+j{X{A4H@)HdW2XLQ#%f0r!#!J=e5A@f!XdL$2{XcvK`^hVcoX;q*1YqH{s6Dr?N+z>piRt^b!pXcE;8S7zun=07tI)YFF0n zUaLlf`lA~=^89Ol40TBNNWxBf}7nE+nha;vK;Ry;VY8{}-wi9i5KxA0R(6q&Gs z^I=93%Z+;&VQpJFFXu zW=g4eyL~6lu%pFgQHJcPeO=>jC%Ia_vV+^7OQ-8|CE`bV3{X&UD{F-K7-Z=Z9_RKx zz^6prh!MT~th`}Ih2Z}_(Em0sOB2CtEGBsK6Rs^@{XuHW|N62X=Ry-5mTADF=M;LBa-Lkaw_I;)8zSSWmX57qG^RJY>{=_Hw7K53F%e~w1 z)~j^u4LLD-=*XCdtg7gxL~NAr!n5IDU038*`cgl^Zkn;K^oHx8TJ4;4y3uAlb$`Cm zrk=0d`%V5m+T|3?mhiOB#XPZ#qve7XFL&;Nt{Ub}%2b&_wF0PID7!+Q6H^5Q3ql|0 zdWX1EP_!->d(M0O8P+vY&NA}9oV)&YIj7_L4fwMXc<*UhTP}~L*3)>VlcRU$W2i*p zfz5`Cgw5-HmNOObT?&7eDI_i3)*fWe{z_=!{pr_s>+9RS8joaz61GZyYM_=Oz2GVDH4uh2zf^6m{s; z*wBIuelkcqf4Mm?F5XtdQ&I*d%w0A&PyZv0r|8w6Y2B#Ydk?h=9-`p|iQS-jWtwwO_cCwd8G& zYts&tbUZn{uK z7B6_Yn&JV)cR)^wwH-xbPcYBl_&6CrzZFJ(_dVT{?v10?2@b@+X%=ZA;}iUx{XN{3f?{ zoj2=t)xPeX18*a%?Vayl!j~6Kud69>MpyjU%bulh{xp{m>5)D<> zK-TP_SdPDiXvm^<4NOjcyXtC`(d`>MlIPB>n|>$9k+LyWe;vfS_782I#ach zO8r8m=oEW>BgSsnIZLqFXXiL@_jNESmth&nFN~BU3s9?~IcC_C%j^($MP8XW5qT z39Uq4rjl53_?zml7H=EvXEeM@^!Gb2@b4n^yx=zgr54N`vcB}8Soac~TD)8`ZtQXA zT-P6;NO;lH7-Ut2+`LIDy7Sw#QUrzm_P4VV%<22yFMya)diB+r=QjzTofvL7{APOYjNgc4r^5F%RsE6g2TaY26*V1jn!M_ais3`ysA{?~zVJLN zZrcs|;&en#waw|rOFVdWQT2!AvSobyT`5owLtxwgcCggw``N>9u)dmp%T5;dSp(m zQg#ai0Z+p}Za7aLa-50lOoJj~VttT1a*^BeZ&};U>piOQihZ+-|SH=PCmOTl)xu3#tDAg8@ zwTlhDG~VruqReTZesU@bG3{D^qlJCvKqAH+9?*5$P8pOOPW&@DyzaPJ*4WYK=)WD^ z*=@aSW)W{5|L*wf5WRuwc*zPIajC)WrjjRYX=nxvfM(<0f1lp}>$=B4uKSsk4SI44 z?=DN_xy@3!P771ubCAM}Nj}`*D|jAMcfC7S5}=`T4gB67eWxZ%z4PYH8GYps{49(S zB*}v!b|j3AO}4kV=*u93-)JO2Y(qaE6-tHRMyG(jq7wt6j4<6JxhjFuh^6GRIn@ot zQu-1;D_u}+4-#BZy(dQkxPlW|9{87zP0zUUrP~{m-u^8I_CSm5^YCMW-HfSH@^y?p zahxw-YNZJj+;C1d^OOp)@Lawp4|byocVx*97DTXz_snROF+J^onD?U~dj-bm{`w8W zgi4Hgvw9J4IPgmh=ztSdX z@;Aut^gzlLDDSV5Ev;@pcLJAgiMS@ofmk1>Pcylp-`d)|qsp!y^gd@YB+#I`l{fAF_tofDwGFPVe@dYgS+_vA3R*ZT`&mlNF@tt&)JhEU!7ZBYFtcY!Vs$`^BD6C! zP-X67oSsGp@)3JC+fgbatJ?{}qrqIb5%^uK&{N-(AR1f^-vQUl=H`P|3QzIYk$pqq zab{h{NTE{JnP$JR1P){6#}?i5!<+)(dhriJUaW8r#UwTsP;ckV;-qc7eyK?<5OCGV zmLfVh%EoqXH2PvR7ns!H9G_a!jXH}zYN_0|m25^Zx#4`3Rd=7O%VXm&nhnw1c4HbM zj?+5JB>4EW`>PzW!T{eNRGzSZbzO}gE76k&Rh=`BV#s0xnW5dGW^*is%ZY6E*ii>d z3(w-^qA5iD2{jTEGoyzXN&{pZ*|IQCWBwlcg%~=dswg#UzR?rG*?(deqhXTL&Hp$p zrHV5wD!%va2pB%aK_laya#P9WsCY(fmtRzGlJ`L7b_Q37y8AJa2D@s5%{9Pc`K=UyrEA)&~ZaOo<3$b~+Zd&*29Y z5?xSo-gmaTh(gfcU?4-7d9uc;=-yBtyI1R@bj!MJu(Sd`lnH-0r)7L5&GZ}?Zt(mL6Q?V1vBz6ELnz=*#8_ypNz zf`JA^R*nWXZag*rHZ-%P(gfM02$~H*bSqEzrNe>W^(DoRIQj-gzJyF6FS><=h4=@m zbmR9|7i&TG44iRl6z}t1$bqJ%`{oY+TOHn2ZMDlVAAq!jp){fH0e@J=-lG}e0admU z4Me9$+pOV9_GPlMemf!~nCOiPPPWAVfOqkCg)t||#}&S>yuKluGY#6HPL&a_d9f>ogZ>S!`s=KlYq?Y*O-+M4!3Xj^SSpaBsDfhOl95+pVVlA{upAR;+Q&Nd2?a}p2` z0Rcg>NCpwfNS2(GAW8Zv;DTGy2YFz`A~ z%*{pzq>68hWjyaUevS68dHOftm6V^MtgP(9+3B%%k-oq+(br7??Z`>er1v)h5|f*U z&%1jZiv!u3P<{a{-0;_Mu|3xhP`e!jg=Obo!yF@|020Ul!^!!=Ua0{pF5ljp@PWK^ zxHB5vHwLe|{0U zz0ven`Gbv)eHPhTX6p;R!|lafg?$G)nu4)QQ^4q&1L1Tf@%*lQ1raugD@dhJ(By3D zMH$vZRq5N*hV@oiL$zsI^ML-uK}zd6eX=b5H#Ck#c==nA0as@nTRfouQgaS=oW=o; zo0i9Ihw=JO&1=3d;fixL)lZh!jl8a3d0T&slA6Pi)c=?Z3Z{RX587*7?m_Ll{4R~Q zFFK0Jc7w*&RjnMy@?&#Ul8x{9A4if;3S9g`8aOpZzHaU~SeXJ*yW67asXE>5rmD4G zkkAy%?U1u5vzK{wC%xA$eqf;Vl0U1f_Wu65^Y>PzmC3y51a1RaFP+<0OCHpedtZ<} z00Dn4VB9MQzEGU1QK3>w{Kb-3lJtsTZPxE^1Gho>Fzdu@t(ywL2Af6(R7A?JvXK=J zTvy&`EF|%^sp>CVyR-fL>P*?~i(dQF9tobaA5Eldympd`9+W*u46pP*y};6<_ineC zb7wGD#fEOS`U#Wu!GJ>5_p)`&vd@l1Z;nMTbyzouhZfTun-ZgGM090E<0@|5Tv|1% zb^k#73_(P6SJeq&x(7(CcyR4@_4EaZEdKiM=&#rK8EJrq#cfo@ZI}h6{01xZ_*P~b z((d{HJso>ND9whSi3GW@-2U}=Ub8I7$eXG`u1n}XQpD!*k}RJC@(~xV+YX8vhv?*K z^^l>qBgNTLKL=|nfaAH>TGbG)~vC+kz^ZlCLrzU<;CX$@LL zZrD$_8Z_ACs+EFD4MWFhzJZF==`MveNQUrC0um~xme+8HW8&)~&=xpDcWZmniZta~ zZ^@%}677mR#P@6B^HgK${q-4%sCtt1jJ;SUELsXdj=AoJ_b~gUpuWePQwx=(x12ZW zTDA8d4TCDz(4&TmTdv0>v?C86_>lUA9FIsJX#N^4WCO<;3)ne@9p|D>F}K_GDP%f= zUpre5e7VNDFy(nzyw}4qgGjLQ)ntY;wlo@9*5zsq9Eg` z*I#t8ow#!l>H|H{VpZRYjq>Ux=H5pllfTL;fc&84)BW`A?=ODZ-)Xt?Q_t^+la$KN zG?C{nt9Dg|MQ;-Q(<7zQfyaE6XJ zoR3|1^U(bUz}OFIIBUgk8h!2eIjN-a*L#vaGl%HSjXj3npp^e4@*Am2lIP85NqtSC`T-aS8mnYUqH147 zV)3{O;;H~@DWT&5D4?{-_9Z(1R{;fwALVID0Wm7(ruC3w==U!=)heE$sG@Se^4U$; zXQ&bm0L$aQ0q1Ub_M`t;0Y>sdZnANC!;53yXj*CBP+9Tn}SD$luF zvY#g6*p>A;cu`3%@EzBLS!U@qkKJhLdp}ozgOaa}rtpyPA1;k0Z1P$?C}WpB2CqE7 zUushAsWnpIlqE}k{kmPZ6l=75;7qGzCL+ZkN0BT=+_ACfK}}rN55MCNZG)!?5a4Vw z{qM0>kHxpIquQrWI}^E*nU%IryjhO#)#=(NW-blPbjw`z@ST}H5q6wm zd>(u$l({k!G`Sq@)4y(6)C0Wc?K8F#yHl@1&>ePP*nY~iP}WuUI3h*xG2rx-n;qT| zYWH|``#Ej>(Y#D1uh9hiB|=J0W}Z|LDmfN(0-hWK&CJ8|g}HKnWm1n8aaC$n{=naV zIR-w)AtTOSx@x$Yu12lKWJai7jF2cix8HK1I-I% z7y8mB++x=oi*<(;KGjDE|`Q@N$cQns?I921)9rNiq+~X0W zJYa6`vs3Ng`N3=5ljVdr2TG@xC(iA2#q)qL7g!}y;gR7Yj>@#K_>@?T9^$3Y?4Q7~ zbu~x#X7{B5hgkv;&gytP{cP)dR$o(fnDR(rzR~&mjr5yOp7j<=y#3l*Ppp*QG@GS5MoN(jHfK22EQ z>&HKYYwJtP?3IsrFr};KiLNA^ne124-n)9srn1PS$vC;6t>>wsvlm8YD z1w_7RsB|dvM}Ofj1wY7byoU4ybk@payN}to4+5@|X!(wGQT~$pT%74~mvoL!;dtSv z0r{0HtmiHg>!!s)EI~edJ2XSi35Z`7!|A4TfxKYR>nlT+9pCBwHD@*;vgeRYk$oWJ zD^^((MsCXw@A}UBO?i0zSR(eS^YyxR(=&t@P|9F7!}$!EzEk?4Bh|P4Cim82TO8;l zJQZtQ*Eng#D)o$iSy2hgkSRX}0H&%=gu!!Ttmdx$gpl>bz0j5FXxajUohzI-*@fpw z=)|rnSt-nTY|O;Ze}17nQE9!nI$m+ZsUOvu{@d%PGP9*@oqO;y#J>LMkjcfz?)ioE zn%F%+VF!KnO^p`}?uP>>C|Qn3(l3lE%^`^X<-(E#k-8-Q z5&MaCBVsA?DIV~W*H+8@CVT5Vpfg5`VMbuzJ!x-soXcc)wSa_q z&h%N5Q*)NmkcIk&ReOL@ku?Y-xcB$J62@XAak_9_94B*OU>p!-P?CklF6>_}KnjuM z?1yJ8xX~+DA#SCb&*hqn|BX61eDNRZBp1V^)TR0gWE5xucrVerwqX@4A}TA)c=PcF zUsEOJg>?W(?mnEf{Q7d<^{O>Z7IIy$*pLOpw+UsB?r>?Wi@E()8s$x21l_H*k`tiN zTr6QxxjX4t2TyYZG!h07W|;i>y+1-5&gXe(0RYsgs}}K8Oi8_js~uZE#^oBiHOpnDfSrkq{NPNpXFu z^pBm}!6e;)NtK{*+&5WO;Kf7|GZ7pW%q9xA@tn7v?*k1G`NaXUfgC-L7;3X;UfuEeYUdR)3iF&}<^D|lWTmGwh_{%^j_IhL*;{lCC> z!xn~DhHm&x-0Vyd47LehT9LNcW#@QMU3xT~2->R{^mmme-R)UGlhrmD0Rn=%`%t0z zml*3VAe-9X%P9bk0wLR#DduL#s-But9NKd7_eWbK)B8u%LJr*X^JL{tpH8ewi03?z z1OU}w(+gZ+5(d`xT!E6G`Z--s%Bd~*cE2;r38zAq>Ldp1mIlIQ0yjetG^Ej~oQYh8 zq)u$2!WpI44(5aDC+NO$Ro?at77>%%10CILgCXgnPvUAxpG;2(*~E7Xj1#R@XVV(< zfzG%DKx}=t`5VC!ttQ@(^#f=ypJc7{e!oJC(Jw%wWnY`9N(6CKzM61g^V5oZ92}q} zDd!jZQeXUW&}dCVf7EA0cT$NaO`4!ZPlBLj-@E68V-G%1O^|8(@2zg+`0P87OB?&% zKcnI`*4$UId3YPtU55+*;ZOp-+zXYhqxUB$?@9vQZa(JM_{;A7*Te-rgr^xucZ{ub z;ZzIpZ3l42z`1j1xG+!cPuJXKV{sLKTc}r}{3BXA^oi%E?gj_oWRCh5IPNAciyh$= zfIQh?p``|xNE3SWRBg-UOQ`)Q7i1y`Bqnb*A8cCTq4?XHY0KWdLm?n<1E1|{)K&^q${Zyf!V zp~7^Nsw7ri{4!|N*@d0Xt#MKCn*Fi9>$>vhMH2k^mEN>M z?+Kt`qrkLNutg-xJin+?@wWF~h=xKIt)1R`L!R@53m#q7%Ty+c03&C6Rz9lO1Zg)# z(7~H?`?!y>0fc5pvtC76ZV)}nAo<=xDoExhXP8MU&7H^B==CrnoAl!-Z@x zy{O7?=}~d0S7lvi(MdC{@p67L-ICQT;M;+&={BR`~n4AIShpC|aaFgK`{SSYJW%)|k z%Y-1`@^60FI6}a)El|?Gs9t1s=mjy&<1bx_U5{?>9QA`COZ$B88{gD|-dAdX7DkZIY&0GgH;wy-S>PgxeDGS22{QDn%(JN-jo*$Y1Ex-b}=zR<0CHv9>|wlM zi_(AV!AAlNKv&CsPj7{+QxJa+zO@&pyix&ToPnja)u=u9%nwxcO`snKDz>ampPgRp z06Z-(1s{yBbosRzh_Adb{jJWJI>>!=d`pddlM-K}&*M+X+U0RSFs3OPlp%O2usI*P zWCg-WY`KaA+I`CoExrcduJ7oLBvlA4G9xLl3Bl~;h7We*&MEv)-t?pkD%`M)qUI!f zBO16&@FO!g>F+_j253*cbi-;64UG9r)lBbf%^>M`#&%%g= zSB`yMRh*E@70O>OAZa)FM&4!8Xgf;w7^HV|JvK^mtcO_R_)Mg9M8K77q7nE`GhY8V zywYw!*2&WMgeh=WqeKxYvpr`{?re*9CXEU&0@-&P5(NsG5n(yC>I0@j>Yo z%zfz6@Gw+L`)n%;i5frqxzXtqjxfR1wEE=%9v?_#px;K|J96(zXg{$~#vbw9m4A+S zdc4u^qSxkTR!@e|koDiFOnxohB7FwPsev%2v&W#q97K)Voow_f@fy-P8*|1TeRXch zAf_(-TXO$nRPEpE1ZKy8y>#A#iBYBpT=F`o1TnF-plapeJ7$+fdzgJT>wEkj0 z#em4C6S$)h9~l`L?K0W(oyUg8Df|x^gWNwhCLTD0q9atIJp~h&OuWPXFb7b<>xE|B zSgY=uFDqj2-7J=QSKEKKd&c7B?2;*QxSuc4;Gv!|BhJ^?vLS5}c#$pspwmV1WZ@Re zCzbQeG83aL{^doDOr3GqG-MPRC>?*lO06O^8V_;BRNREPZbL^I3*{%l@S5}9qb7i^ z>{apE)<|WJfOIn?ge^|U_6m#k10*;}vU0%mmEo>dR5nBQl$~x`*V?=(o+(*8(FYLAVvzAwOi##v+wcbq9Tm&Vv z%#n8O%=~TWx&dAyR2P517vxy0(o6yE&ci2Y19E?uWhn9E(?aK!!Km_2$rg&|W9!zo zz8!;-t$gZY48{vyFF6}D76s2r|L^5+N#06nKPUN?K0Y1kK1RA~ITmA0ZGx{_3a70a zspGj42jq~E2h+fT5r`Rc`9YDvXu1S32<|qt`eHMRzSs)&1k;YSfC5x5M&WCKs*vRN zJ@MYJ;6s_?aw+r#o*8({bs3gDg|P z@P-F%2`4YX$C9AennMA~I0#S-pdHWtVZhaa^&oiymePZVpRmPn5Y%GlAbBuHB&udj zU*(emm0?u#VKJq5fE#vA8<17|^Rl0A3mmq)S(rqFOV>Tv*4;)<2Cqp)%{IcfOWi%t z>M(FQVD7fJY4HWGcvlWJ{+7lWyyAZvX==KjZ9vu^cs{5W9lN1;l`BQIPQchV6<&nK z>=<$F!f>E=h7Dks-(*>|bj}Z-Mu-@hk7{z3Nj|;kUFGxCu1pTF7Vy{r?1hUGs)+PW z1Exb|Ze4OBRND-&f+SjJ8$C9Hll_?z)Q4}v4wBpdf`hLfx2U1@q8!M<&V-Dt+Koyc zUJU+8NR^4Qf1;%A?ww%lU0snYQFG`M(GbkP%^=^nkiPcBC87d)C>f?-1%>%AyFq^ZnI>cpk?PLGnZL zRHK^s92FJYp4T*bo`Mk!Wo&nKl-DxaVC&f_2)z8W=(mB?KO+#u0bpR>n>q;0LsVDv zXQ%JoE8#bRUcD&+**oy+W$QBd{|i-8qnyZmFv}9{?h$WEM(Xf~3;DoaFTzhbWvb??Qgmd6yPnj|!_;f;h#(5-!|F=u$pC^MZ8#|Dj^prsC}6 zfr<)bIEt@`*JVzJh}7vS*0-*(D5b2BOB?7KEp9Vl4-$Nc7U1TEpW?7$Za_`)8#Uoh zfponG;B-EwzrLKnFw~OqIOSyP~2r%JxEY&dX6H+mwKC!Z)HO8)%dQ*xG%O6uh@JG zh(7R=pF(pYr0yF>;n*w##sK0H7?mkll$lE5WYh@wxjqZxvGNGAIbH1a5 z4b5WE8DaLJG-oPnWiZ`U_IawL-wy99j>pM_rPz(0BnGp#{N8dV{c5a2PPvv{XD5ZV zxXg2}Kw(q%MI+N(7i7OYPQPHCMl&~Lzlz70D)jm3aY{FfwO_OZk67+niL`}l#A7HC zPK~xf#-_B;jcY!}>N~{*{kj#Wh6C;Jw4vpGg}BdnN^;!~7lOgdvCNAWzj@P0A=i&b zAPQabn5+#%bvdN$Mo-Jkq1W(-1M5-Awb#LYr3X75Q?c0tDuVkewCHz&!SP$)hnP*z z!(MF|W>M*1gnqFJn0GryLxFq8wlhhV(HlQ)piO7{Y|VtdDO~BS8)E@Ue4H;fqQp)Lw?8Vy-*nhy&2gT!{=+pU1d;{{!`vq6Uc@OXeBjk*BsBP0zv zZ9m3JNWTsAR<7!}>FMr^SVUk5 z3HQz#SzQvO?TRRV$dnxt>HLTN*L=vUfW6ItOav<7ZxL(FcFfH0-KE7PzQr;+obYNm zobm4MSN-@)ziwAhc=4K;F%>IrlV#+IxpfY zM7Rm3n^&Q06)iNp5CM|RmlDQfF;qaQexL8)eg-X#TM>7yPUoZEZZCY3F%orB5D#=c zUhs4jmve8oeA6u}{5n7aOaT+Nn_>qeo^=0yjc1EK*>Biq2F!8JI;dC$m@|u7R{6|osrRTwY?%2P zcD3!~w_LC{j{}Nv^C%;K1l5)IhugYS--c)#+sBQ5&OiGZ3XBSq%0~<*K00RFP1GCE zCUqxp#19wV*8?*F$=emKq=C6Orf&b3nLg+rz+bEOW=? zG6rsKl6=rv?wvQl9fVbNG~|;hCLUg;I~&x_kgQ$Trn1_vp!s7Foh;hG%po|P{lWq? zI}Fx)xj>VdPM)m3Bp)s@Zr}vdxRUp0pPHCDCG*^8T`}=Dm?_ZL`tbC7j*@n{904>Y z@nqxa-@6+h>;_s`gnhASvL1?Iwsh0=)$c(b=6h=Tg%2RZ)(r}>=Ivk8m96^HL`t58 zes%&wJmN{#CJWhxz*GvIi$AD`OZw)qBUC}E2kVN;Z<>m5E!$0Bjh75t6BH@@Jc@;x zk070p_@)^z2s{FIVyZD}F7$9c{&yYoNna+*_YM2n50|Y_G9~pqpRRE!KHJT$?{~g} z_2f^|AV+O2D;^U}cb#*7`6<8ZEEsI2<+wL@{SUKNtnrKP;hh#RPKT>Wmig}w(#}lj zCb3UQQ15u$ols`~&Grzj`1f!*GxyXolY_JtYA^%&?F2XhIijVVlv+Z+)^(k`Ks$Hv z?#)cB7X`ctGqkU^%$0YD>e~MBLU(U4k3l=v`ElCX3z1_`h|UF*7Q@(9Pd_p#D1%rCkfaD*JCX7vjLw*8T%5pVk9Cq!F2rH?5O99&6W^W7yoyLEWcl}XA`T#8n+Oglvnl2Ub(bQHt zY5Pbg{^h*ZDX5t!+dW-Q_gDZu-f_J4hAg#t>gi(I8g{3LmNoussW+|q(O{e<2aSlm zc80Sd^(~u(;dcgiodLJZhjg0&yGAnTz9{IJmpLHTo{XrAhfzH}JIv#LP^l=jF`*NQ zow5c^FnVuTl>lf@P7(jvdRonvmBCLj&bJ=ZidjY%Ri$KsL7>7K1Q_)Oz`qV4Iff#K z$o6ET{;`{aM9klh9N!{Il>fekFFUZy@FfedNLzqkK}m`f96}R+M+WLQ5>lrPSyBV* zmLk7;Gx+=R$hBWrWR*uqoj}C;#?#|m!;yF8fLg_&^Ddztgu*#?>(g~?kJ_RVE!5K9 z`4}^FYykF{VU?Y=4@uU-tpBlnXC`0f0OzI`cGJ|*rfn0=WV9e$8y@aHky0w)J|zmx zcrouzQUh7o?BYPEb*M8n(IaC^BkEsv_;i`Vx7=03-rXWFZ@R86$q^g}mhT+<2XU)} zO!7bM)`&xg)=X)Yu~3ff-LD*X2ii0a-vut%Gs#@zdYQ^6h-*DS&Q1*!2PhyCN}u1p zl>W8lboEZd_!AqhoQ`BV;#f#f;~#93C46@QrB#J3nb$-&!=XAG%%3pPRf`Gr-(3xMg`LYXF3}*x`4)?j@roY?=p5FTsV0R=Y3c0>}uw-hXJe`l&QS5?XGtX2_vkT}ntG z4RUDK18;)fu|}*8KJH%F1N6IiRyAf(QBmzbY^tx=9UBhcf~>nL7}&=HSTb>-p>xHW z@gHLZWkq~-m97-oA^jn8CLo?V|NV51KXlHz%rv7@;+6Ni+{rp(Eq=&lma#t?n zP>)F|y4?ILlouQBjmAP*3?DY?ei-fhX@KJKosSL?opdXwJrsW)XJB0z350MwCcgJV z^x=5nZbp0;M77|okh5E+`-kF3?>FAFzbj;zsW#KolRvuf*6$zVIOyw{ZbVKh(Z$kWw>KE05jsJm!IGRaeLS ztp>LREL<^#(sWD}6N@Xp;5$gE{5x#;I|S8YvwqHg$r2OOYQP}(>u`YTb8MmekMk^v zt&YB21cS+gI&}0nY#4&IQVK!t_b3>&v6&ce;_yd1rtHsLhP9-(;w|>l&Vm`*Sfylp z1+j)w8gefuS&{*U3LuvJ>e>2OJW>&l;Q8~BEKydhExHJy4bbTObgoYf7luf%;nHui z|AABw(l=h<{9%9O4X@sFS{Wl0!ZT;N|2W0k?uF-&V9~GvZ1SYKzgUMNue#;$i2>u; z3~L{q(dfw2|CX-uq*kF4z#-#xNad!uLLKXFH;)7vt3Do7uNz|W1?goFKw|rYDE2zU znGFcBkugRbGVfE?;UW;%P;G)c9Nxn)*M$Q=o5@MFLP!u`(QH|a8WQsS8``>1_dS4| z8j1wFxYYjQKNm0c#-|-GbT%n0t~9u8@6LF6UGX>ZyUr(?(yEbh8^9$F0%J}T!C<5M zXJqij8)+cD4Tcp0e$2jYJGl@9Ty_Vu)4!>N^AXVGF^pAkQLgBQbtd*q#P?ooE_g4Pp0)XJ`zx5S@ z2sS(|XUqnAF9I7kgAcg~HI7k3fAN1h8>y**dl^$=`E~sNH&HS~b4$+-!JWVzV2T-p zXUUu%XD!!Flw(6?6n+I{frjW(Mk;VIGw9cX60QCJe(M1A+Z2NVLnU7KGb9_ciL(Fi z;$x^UW7!IK3rorRFDXJ(E`ZyBswd3K35w**iYUlyNUJuofwV#2{s#+U9Fm&C@gf!+ zqPI`~KH89&E8;Ac_QwRBzk*M8g%W9p(AQig7D{R*k8B&;i59XkQ;BGcv$Er0t$L|% zrlMsQ$y0STTPBjWG$4`{m8Hl>wA%95g}0`Aa&fKEXSVKf*S^2hv5d#^*H=4|J2N$c zP2z$`3?6)y+0;;~Jcv=YjwiN79Z|%9-1pLpp1Hrfkil3;&G?YpUCO77CcDUjblrAH z{oCQ4-^7_b2hK@tl!3iA)V6DF=$XuID%z0 z)Yei1R9H$yvfDBA;`~Jy6dpbzN3pq5LQP6pVC)_-J_6lr3VXZA^ju3wfH-S9N%0{Y z{2Nm7z7-#MyTF;2ZpFoYFgo6k0sN3z7A2772gWwPp*SD{FCd{6>+nXbg~CIWq36C- zHvLs;U0$9g1I#*Ek=4djO+|kHOqKn8UGV9&N~hNf8N%%BFJa)FsB_?**4tVaWbz0Q zXgt^ja(*8AYa#jhN{F>8IYM!U(ii9lSwh$sQgy}pqlNz8CI|VC?Kvbq8vT9R z*_|g(NOZqlp+$}X`aKH)Gh?MK7cnt07&h;0Q0rRIlOnDsJZo1G7kL*P3HG#K&;Aj6 zI9OIIc5r55neLVYy1+k$>&}1Ma`#@!7!m7d(x{`-lX!*)NA*+VQ|!2^9OgS_N_`T9 zQ^BF_RVy^N`kE6x4s^fI7?h6Gzy11pmS1N_e9nBgKrH{SYipc2RK~r1_Ij}mUMWeO zjvr^L2E7g>V<+AsvA?fWeQlOyRQQeg4cDTp&Lbluqs{F59lryWELqilK82R}im}vr zgfm6l!vR(PyEQbUmoB4k227%9qg+$JWnUw>VBLK#7VXfyIB!|vteS2(Yaij?!M+JmIa`0+bh z+EQ-~NM(IeT?=SnD@b+)D-(egtpXaq$Kw|$GbZUQh3bUIp44^coMJwAJJbzFKCRg| zzIBwJZ7%QEAhFd-;k+u)4*%GbDx@;wzf22J@)y$-t}_6}g4d>xQODtw^cllO!@lw6 z?9p)vofEn=oE0nRcmigSi!^y57Fq(tkLv3nBdPf^2jiST0{k95Npn zOnE$isn0UHF10}|&v2!_op!LQ`_AJJG>dQR)@xPNZ!KO<5p#RzE9!2CO8qSadX+%C zTU>bdhgrzqyMef`uBS{ zUzfq`U;hLPj&qRh5rLHZm&|-lDB=1%Y2mm_I3IDcjOjvMy!kNOP*=6!8PDend$IGk zFSa(tilbuA1!$uA9%Lbl9Y~)BcVyf)HM^;l5rrTAri~n>K|@1*sXGOu=9TK3;9{9| zD2IrNCjX?!LPB23L7x&qpEbSk)074tM!~LU<@oZjmfP=#Lis!YC)|};{d7J;K01-E z6Ne&$#qP=aYw|orZ;rqKhjV3qvwr)D0*~4hOEM(S4Kyf3(?yOXkWc*m^F92AOWUPe zOHc2ARj|)=h9p+b3S2>PTks_Qi_oCNRfFJ!Jx-R*mErO21Fj#O?^y>=gVzM~g*PSz zwG9YmnweoiE#C8TVM@YgD&6Or_)VymY(T5!6(AqTu6dCI`3O4nR0Q|Clfyd{lr(cl zMhSpcsz&0=))mBl;za;M25htKgS}6YGIahcekn=Yds}|qZi!6$GlpXKJ{0zwIRvBk;Dma` z6=9M-XG)cd8S2j%-4r%*V=&XXv`c&0h z6T_5{`Eph!HJ7bLq=RYRy zJHrMfyEg}QYv40yR_{)1hXb7*qg`k9Uf45=UsB%4VvQra{0yxM3;87wV4(j>!v0~u z#LX0mwTJyrZjs|BZ{Iv**Y4m*5Cpg7EB+yP ztVJ6!b_XwOx+>%$A6%Edpimk(Y;8R~w(u)_Nxw*FQ(vhVhuuA;;_E7pcHrWuD(p9w zJaE;@lI)@kS$+OB<{j~VsCNDL8yb?Qm3HE;R;6pl=^is2c^Tfn4BdpOCK9JVM@um7 zEPYL+(2&pqDO{5>+I!GyP((1qnt|q9VlIM+OkoA%>yk1{-1>3(r;@eqNq$w6a>8pv zOatBpm#|0yHAjKJU8yn9rU&g~i5x|rLPNv-9McO&PS{7$RUIp%2(paESGx8nGb2Mj zMEctHxYZr(rO_rIDeuYBtkVd{lKgEG$+4fT0tPm^W2>Eh_P~;IjEY+yS!C!44qJ2S zRYhMC#JbOpmIBmhSLC#m)YSa1u}9H~@2jQ;M;(G@kr>Q*@IoF0IqQH9>W`ijataYjO*_jAz&CgltoPICouPS&KyGKKR?Ig#G)yJUi2?g|=U<9gC{Ico; zrC^MDYW<&q$}qjE-^zQm7yrnZYp|&f6Jq6?0gRsywdd3eNWNErd>`U}x{lCS2lCy< zGiywS$ARw~V~7P!k||B<+5i0YQ_|&0zZPnnrv5?u!`aNB|7X7(qcz^x^(-7bO3=W| zYVdWRS|P)qCUF{OGfD8XsLSY-vYUHhN424q`AG+o2C^dx&r3}FTO}O32p$R){eU-Lj1qD~lKja96ig3&>znbg}90Rr{5Z}O%6Pih7P-s09ARPRw|;9}d5r`E!!cz$&vG#cE2{p9%C%|I21;L-AOeygL z-3wcS%8&?zIZx$tTC8UGpfLRocdnPVIKwVsxJgkfWj4E!qIA}#(zFm4%@su&5i4V)rU z03WCt0ux3zlfZmU#>m);0?`a$JxAxD9ZM4g${vR;cISekf%e_IOtj+e31CbT$gJ8w z%iOf7P_8%+a9HUT{0nGTLfr9UYQPGY+AefMD>#tD_%7V7+@gdflFc2zx#2%W93X+X zOt{va#1kJBenrVGm}C$XwIq77)Nm>jf<^(K!~W;ItdEnRU z!eHW|6L>+HhdluWZ~{gh{8wQ$;Q5RqV3KD*Ike`kL@xQDJl;8B?zKhN zF~m>>I2|7x9UYiv8cj6?PP} zWsllTyFE|!^eXgpbl!ikuNMaH@Txzjb0pq5)F@+^H1-H7X1a_PH)gcL9pURf{t=+5 zmXYG4xX#DqAN#Yy@l{rESR#2p)$Lt{{{`!N-AAk?4les!67b_W3s;I>z#bn75~U%I zlzRZ(jyXJFD$mKZo=2F=VK%}e&_kEt+9)L9O4eBM_u8|c;|)i5*(>w3xzsc_`%LF7P_Hi{NL)?|hB7I>uUo)GvrvDI}O&WSTF)vM|Qg<&qDk>CTE@ zb`&=gI_yP1!cto8#4 zcpS4Pdl41kCeMd}{tRZnU(R9RYo_W!6qZ+j^y{)h;ER&CXuXZvx7 z=y`A_vg0M5tWR6BH3{^7SLpq1teblZcNa~vSz8Y-ve}>Ob{^onIc|656akCO0H6e;R?B4KT#*pK^=Kc!nc$x8A1(`lS(?aq`;muNF zO+OH|r;_Q`;Nte~@63+Y6&LNTr~flVGo=RRc!=?tWE+zGRr7Maxm%Jg>2krVsl-lT5|FojfBTszbIrh|7W~Y8U$7Yl4f6f2m;TcjC!RYUDEMcVt6fs zl?MhL4h*_03HA^Cp?HN8YGD_u(9Nnq$1U2<7eX&TP(^>)`zV#FyVd1x)YISe< z-2-1lpx3yQn@)kpmQn-E4gP)D%{B0s;QBm(g(veSKZ&>OYQJmIU1>nXI6VVYb^MKq z#t2crRcFy*c&@|vFTp8sT|K1|2O;e` z2P&;tzvc_Sm4n~8`(r+-ASz|?veMV_1Fj%$(&JG&obT{jbEUx@8@dr3+u?Se8}^Uv z>X;`?lILJZt57^yaX;`M;MnY#(P!lXHe;_?@B{a_t%s6y;9)E=ElTkq1Xt`^7t%cp zEW;@$z8**#8HF69!Cb42)ogeHuUna~TT7}00WTp6D65@2Bq zDcadga6=Uo(`-6(#WD|xZY5KdIJwglPVj|bW$y{8+CaF3+>8S&C_;Xx$GydK`My{6+#gp(r54Yp7+ zOg4mBgyI8$;_?(w%CLun%#vrrm#_{8X%z`B@fpq?S0RB)spOPWz*fjZwog)v&ky6g zIx<89b3&PU&Er5GV7d~|ANH4ES`>(QR)N>rm$9dUia~;0l`N{@0``wL7@DgED0*(f z@Uscz{QQL`2qK{94iA3=5z|ypbc>{&8PiWkarMh71ClM^vU=*Jm02#)x^yDk!|(!j z5eaF4FF+fUq4i%Y4Z<@MpFRikrwG|O`6a?pkHeGk;EAf>&c0LxOKZ(HjVFVDXN_?h zl#3iy@@;izY6&63T^{xT=bg$W%T{*<@$(LlY)dhCW_9OfTI3Kpa;WtkTV)GPo`25m z3jVep_k+uOF+kaaW!e|5;9W|nkhOs^Z9?1%H8}#5w{M#H$v67OFh}xY&sItYzS{tOXc{% z+DGW$7v?U800}6xRh}jK^?6t#2?ja2Vu(FHNF*_NLyuH&rYMFMzjbd_e~28u&8oSw zV>`1qB!xY@1AqyBfJlb#%=3CA@MkyG6SiZ}PJnPSRgtD6O z1ctsX7;$cgF=hb|Q6^c!KFEvRNVPJmQzCL~-G=WIA9U>QWN5pOT*mrD0oCw0U;oHS z;l+RQ7f%p3O?spH>4NDV`!RtK`hM${$c=!Ui$EZ;19y@CC`=rB(2KgPf!Uc5vPc;8 z1vqk25TiRyq-(?eLj>=IncfgkW7@aF|mpB)Js!C>TonK^?(`nNh+$M?e#4pUJ`nebpKWL9fl@h6D}SFJjt@#pu8|E>EU4@gy}S zSK`1BvNRs83)VRO^$d6T517C`Hk8|HSAZEvHXU_b$;7J8YhPGyhG3`3V#T7mG!V!! znPolqb953ANJ9kP6PywER6~_WNc#T7TN!U?v)vOV#jfQL$u2~Y8m&_aV6z-c%;Jvi zy)^cV*#8CWET*>+v@oS!vVX6`kumb)+mHe{>2hB&nY7F(eW;M+YzA#0C=BGRx1 z1BDM;t&GEydxt@*!^{2sdpp%qgRmA`1tCW^K0>*j%!2==X9}!x`9;PHHMST9n2eoB zgPtipRtPU;Q5%rjC~GuhvD6v3E&F^+o~suEBr;5g7ouG$4o&1?SxHkmQU z2NdP$qv+*5vX0}!5h*i$oKsaIXIC%>F~AMj@FFLGS$a(2CX^KX5Ag!WjGtUBfUZ9t z{5p%NA-K36mD%%Gpd%y#_x3)LSv3$7@^bS;8HKas(lCG@lFH&OL(e8Fd?J6I$iE6d zp$xwA*bg|+^+&^7An$vZ9AV~@H){s31&!xG1NfiuohO2t{ zv!JmDGe?R~Ir`_8R*AEmdqeceqQ=utL)$>O5aN?SMeg^Q{mTU~)dqszfBku$5i96c zMpGN`_-M*Igg8xl2J9F`ppp(!F#w~~SHe-PkcfSQ>D2&cIrl*K&(Fec-2u5RksI7s zAH(p6AV0;rOK69~LU$1_U*(Zas;#h$LFTJj8d&VJFV~~j7)&R23MCgxaq!|hxuP;S z(P)*7?SJ!R*F!O(keyM?%EqMyJ<-j(klM(wwaPN47bWp2GEEvt3GtvK z6;(tj#nNU?e}kMmMw0-zJLR8G_~3&KroVP< z#b&g*u*b0=gR%yXlZ<8uJ(<8O+lOD>v$)f|03PRKF^zeFlcFZ93i8Ic#gP`+s09KZ z7iHSy3lT3*PHZR@Bd}L3;0=5beCKvz#SY1?2CUyrCS_0M=3QuId9)NCaVZ&;>0NOA zc|#C*#GnBXn1p};Qa=r|(pS=oOG~e^#3Xe%d_D zAe?{*@FxL;sbirf5`>;DstD{d2u;dY+>AIQ1yKmy);g-!)Gwr)9{XrBqdjp)Eo zSt;_;$3U0YA8oW+LMM$Z6#(XQ$Pu?fJ|IG`*gPXZQ!wq`;S#_BKOe;9u+`_s`*EMn z*-(gNoFs~BbGk+Vc=ZVXOZoz0ECE>L_;7I{>_r19F1ucE(cE|WilF2r2v%CL!HO_h z>B`{rmV~Cxo8{d7n`u zs%2<>3&2}Q>YdzNzlA@UVIoONg(X7pr=oSCT@Fm+{kR0u;0~Z?;Ijlwm;_U??6lfNwzmZcGVfON=>rY$^Te*D5%D z%l6bHZYEP(Sf|*4;T7E;oLyBwjHLq2r(MBRV>RCy99z;w0iP; zr*qGqIdkGV*Exel%J5fo6qsDgKy+p`Op%wGoD4)aJm2hwhh24eW{F|@4AMUXQH&QW zhn=tyS0<{bAOVJV`4-IRV-_p@-tt+kr~)@m$mKRCpx zLY^gy@n~Nj12;zO%6=ydjg%6J0(qzCT^0rRr%kO`hHC!EuZr^zFOPu{`~^A&gBzJ_ ze~%&MiXnV_t%?YuBiCGNN3#9caK@qe;Ux`g%Ki269pQig3_LX$TX30X|LK8nwG9G;z z-FSwGa-;cg5bxU!1&Yo15#7*PQZdZEf!x=ZZwvU)>Wbhh=-hq$i$C7CyRW28vi$+H z6dBP2RbaO(KV5xoX$vl>qm)W>9*MmdupYJ^1TA8hKg~SCcM~}2H1yxlhM5r9ZF=0X zIb4j<447Uh$z=-P5#U<@MGiFee*88d%C^;M`6|GRDRvX2D7>4>e1EGvI3&A}%CSsY ze8Rs}xvqO4EhFQ%^#^&5r<*s^)}`qq%t86cjc}JqB}HtGKTpa4`%-{8knK>fd%2B+0Ry%Jhs74M!cPNzZy9;-Yu?MuBMt^Z zurQUbZs9v$6&&eSj+&`{`lasEG&yCF2N}@>%*ps%m*PA)$<|YpcuhIVi!^5tCLd92$cPi+vqLluxOyHMu;@mbh zRcRUpA$GbKEc?=Nf^5I3UBqTcLd09T`X3+xvRhk#3=HvMiitHQlU?0{0%ZeCjLA0S z5;uv*E&jx3ApHge2AyIoPi0_#t6fCzUM9eP*jS!DLlw6=7y@JNT}t189$0g{fVZ91 zB)fl39=Yz`0Y+1zi4K!La=jCF-I?wgPYh7y_pg7jl3*XF1IM7W7BmL^n=6={M7x42 zlaC+dvs~)GFB~ZFbohOmT*ao<)lsKTHDTzagt5nj;#qvg2O7UV6bDxGq%_~88T1uP z6HeaR$w`FbZ&^#P$OYa?`_h%iZ{>r=Z;-q=ca zfnAnN=cvHORwcuv?i0?PJi7MjB@VPNdrYo(Gmt0TxS^y|x_7f<8?86o$C7V={8i-BP#!6u?zT4H4nv%d0>}=SjDZv$VsKNzL3RvT zwg1lbtAmS@MFDAHA4`FFBtvV_LIhK!v29Vt0y_T+VtX5FWpvqh7DHDJpugYlDG84d z(fO5AJ#2B=tl_;5sf9hL{MNWV)uZee9(8bl!eU<*a3G>Me70@(zy<-ba|wwvVUV{k zEpfBg-jg*0=#i+@7@r9_2JzF)JxS}zLUE%@G-wpS9y*bq!mq+dPr1?1?cMbQca=c3 zt^F~Un|Fj%co`(>Erz)bt<*CU7_4Q%8dw3d?vxRZdlH!UsX1DZgYQ`XCg(w%st?uvdv!U1>@42r>QmzEo>?0G{z?J%E5V1!74@SNHgI|+_Y9;X+jd)fby#3) z^==s1I^oRAyy$~mcR_f{}39x_JtMFs4JMAU~_VdYp1^Acdsd2#$h1gxx>2xO1A=j zSNckrr7?=mVj1@j1;u#byL*=&Q5(3LyS?KiGppILACuhnIqSpPD(tuWobsJ4Cf z#CB;{ty*FziRQgfT4;m&3=-+e!Sw`JFPu75|Ax?v^1eJqF?ltBNxi$x-xD?_i^^^}k3ITyqBWhCo&i1WboSq2YhB0wm9{;D#7 zoGZYDJSlZz8yAp-T_{;!QbdEy)KwqnKd0vxo_%*zoSjiTC>x`9qOb1!Y>_AXU;$ZG z-!usBZtJPU@$C=TQ%y}!5H65+oB5KBc?FXOh+vi0n3m=GetzV&OA+*^0^HQ=rvO;9L59lb z@0vpK(3-LTdre)O#ILt(6t56Y5=}au+xI_)_Hz~J{w?gE7teN`{hLy;0Y?PdBr8y{ zQ$H0fLbl6l?G^BLmc7kQYO~CRZX@Pv^HYwK7^Ocy3!lGv(sTptSWFrWe=VWr88o-! z7O|}wK<2)tB4N2KAOfXx0X3==Qh`xs++SJYk1jV%7p~0^^Ac?ktDt>H9{FNzGiK(tPLe{lD+@BuS`EhG|R`EK)r$?h&9Dnm2 zGY}66Q)*M8Xu*%D!Gr`?i#;ZmVKd=>L(lgU9#J*j98_8xy|+;+espnA|Ep3gGCtr%+%E<=L*MoUu6SE92Mi(3obIbyd<5Ju3kLa0sZwh2 zo*r%K!I1ATfB?%O2(XCWz;MAFKdQ0IG`uyEA2f!T6o+R;?0bC~ik;4Qe5)gB-AB>Df-l3R1xw%ud zTQyHnA^U>xX##LwHJ$~cQkc)?%&>+1@^szJ<*!^*hxWDW56&+A0Yk+k2|EXrHqAW* zx|fi>nQw=U@NT0n0Xu+WS3QK;OpI@}dibUf7uQ|@wYvt?j!T+|789&FIZCAK?p7Kl zLI$~pj&wi@g0IAthx|qB!J3zppbCf*1QLmUD3QQ`EU*J6SI>)-IvdZY8HmLb#u{l5 z-{hKmY%3PvoXv>VbTCsQqXpWO--7{Kj|M;MRm$>D+t<$>O^>d#2B1cZW!}tW37yz4 zylb01Dnu~rSpR+@^isXkXO$zSG}iR#^!{lK(cC-accSV;!WU&%pM$;m`nH3^MqZ;W zoo+~c%>$_n097jhs4DIyX@11J?FPcfM3tuRC+lhl+|1HgnbU!+22yIk4aVM+7p*2? zjgt@p+=C&4N%?f2&2P+ECzZ%?g?O&QgvN_ihVi-`5Ac{FXFy|#c6Mv`)=BtskHd?r zw3V}2QCs!XZ4c+es~_6UtE~?e7CIHJv-)_ueBjWosZ+0YjeOO(^5NlEe)CwS{qRfmgQRBq1?G?S7U%AS!?Wtn2g=9L07#c>YmwjL zYP|(r(=YTA=@rZ`Wp2q>R|Ddsy0z0jNtZvgdDxI*#RFUGmg9mVC@zZ#dQ zNu6Tq7$i{gAn#R)VRl|tptHmrHydMCo2-{j_c$jJJnyGoR_Ti*OA{Gkzdd0GKZ{^q zts=L@@o7>{=^jZrj2CEEj&l`DVpiPHkVd9psof%@of3D7S zk@oFrn{qO}bN8m=b?USnP*Tu>u5y;aYs*b61yDS$J(_&|f`b2R)Y*EH>O-ULtTyo= zFjJVIeuA;{6W#2Y+Iz3Uh|vVSiY*p(#6%Y?osu)zT)Xxu-2j}2gk|8B>Sg?T3zDz& z{p1KxC48*<*UbzvH6`-sHT+KhSFnO8V1AFWJPF6+9RUGBA$^U1UXcu(>7cBc z6cdKKXD<#^7keAoK9^{Jf4l$hk_N!68)az6;k6MaKgk_UW`5=lf|CBa_K+(2Y>V~& z6n&M}yMFnFL*1@qh*f!r{TgPBnM?fiwTzDKln(xs`^U2tbVAB+*v31gVVl#|b0!wr zI;pR?sMY}z?e7U##Db|$o-ivf>}6eoK(W9@C`BrJP7+Qo@-F`6Mm$XiP8k%ojXc0r z`A->8foNC8SQB4$1%{k(F&Z!L^LTUg!tTbJhjYn$5&|k_SMfiQp4A5O+5PC0#s&^{ zyf`Fg|0-2=$~*KDp8H9?d_*HcXHqGzHxGEh#3+ zT3gY^DqD9FBR(9Zi#M4fM=SY7cjYldXTy^ohxWY_hEzEbvPgz6*}mbF)$7 zy7Icw|F?ahUfd+bMO2ESWn&p!@G1kv4f17FLuiIDh>mGwQ2cp|0p6V6h+9E`xbz9-Lv3ne>Puh>3!u^B&l!_GG1#K}Wm zN}i61=)0D0Xzc#D!)0a*Xq@>J^+??G6b>Cn|JLp>S0v^iHC*khmI(qAKqIQAo1Fb@-4YnD=XA{*6l59%?34h zh>P+nnEulHJ*Fy|dEOSRZ&Q|~ckN^)A#6*>=1VvUN?sj!hJ;nw?m8LgA{QYi;tR1@ zF8I6t?Ke)M2b{{7op`r!a^CDeOMUr|W%;-9;E(kr$L&dHVX^7>sDB0V=tn?euSoLi z|3TSQ(8jy4k2%WNs~;b5=enTJdtflzH!ZeS?+1cH!4(c*y&#uUF@F@Y#u)d3-0q4z=R_E>%r%dQd4>jtt_SK(Q6zbunwR~4epG5;_ zM(vYd7Zoe9|0WeHhRVGKxum5A@x%Q%fL?t2Xe~<_f-wC@hdKr&{^=tcgY*k*#7Zkx zIJmu)*mPwjk!GnU32Kt4G?j*7V;R)ns}yR>>9cDaV7!zVx<6jdotybO?k2@^cGS&D zY0&C%HEFk%D$u1;Oy6w?7mBijd9n1pe9G3MI>{yBWdqG09FnUnonb|K*Dq zvmio7kvTY?%a{uY@M{6~=a>@IS0vq@;qi}rsm~SE9;ZlddgJCT$HIg&HI~+t_L4eS!m`K8yn?^Nu zRbMiEKtUJ9cZwj8texF+?S;o`c9$lLo^QV$OBXY`M8!dYZQqIMaI1m5bb9;vwJ7)u zU~qxpmsno-9GECxTP-N~mA~@7ez^)z7sky>yYztIx7$W^`kskgbvY_Rg`@3rRX`%+ z)pl8j2SvQ4b%nKYFK)xy>AmJloV6HW%dSi@$P>SQTi7q%iequRI?j@Mw8l2qc1?Gr z->q6ioz!-P!KF-eqT)gixOzBEWokt;1UNYV)#S9EHsu)mccgpWkhJbg7vzMb8Y1N@ zLLD5hV?s1J9mX;P&(6k% zpb`P#zjh3%vR1!(ONB7i-Gc%SUr>OYvtNn(ii*6 z>TkK`!uQ~ORm`-LWwj#uqKH zV{1!RK75}+`1CV`_(tCY#}sCNt3)W35#SE8fYD=6_5Bi11${gaRfOmB%4uM~t*y0g z#`0Rs`>dJroI&@Whc0F|FuDhVzF6gL>~zd_`{ zs0`Y`9uH2jNn7{b61@eb48BblK=X!3%jf`B2*8?bK@8Gyb?eGKL-pDSRmB<8w(w=% zM|)pfA}2V-)2A%Bz-4hX3NR5QF}U)<@d~jm&3}Ijof*)<)T`0<2hY+OZ+_T-z9>P* z4~ofS9aZ$q;I|lIX1ldwS?l-E2wm)k)IKh$Ur0BwyY`NRJt|G!5FFR?Ue0x104SzV zkbimT3pRb#Kl&>UTSZiwh~govH$dqQ*Dz$`0DIV7$Y_p&ubolhdb9-;^aH*rlkb@F z4f$Ar-dPOhZX041*RJzdZ&y}o-wIYoXatwsTcn`X2rTLBsfjrAnL+6u&em~BBkMYb zY{|e0ef#)~68XR(@IPDt4PwxqU@~@(q9;I`@!4(2xEb&PBxGRz{^a8~PM75==(EJ2 z>XHsr=2bZOuv6F>UBo_5VUS)A*8+E&>&95MdtlB8Gr2@GdT4z_?@A z=hCX3&yy;0HL6T=1$|QK-L#nRZuEpdI_a)UGSEN43cMtr-S_g!__b(|nlkt}2ChSi(DC z5JC7CR4rEK_{u1U>0x^G1&oH#dH{%9a~C&`c7~UZ>T5=^R^g7-Pd@Hq*gn0`ZyAaB zx&Y`-bD$5Z+z2CL4PQ{`9&6ZNwAB)P@rBf;Nh>y~{##Mae4+`*R+U8_?6pLnt)*94 z7aMh`-OQ_oQ%VDjI1esj7?n2mA$l{Y^!91stj(Q#vv340%~JAe$!kOtiiTyMB_6*o zktKl@N(KW~EWp4!hSITWLQ;YRwPD^=A|FR!cijFGJgb3S?7LPQ8vzFHQD|hRNtz1? ziQG97#|&~OdoOxn`{PUz&C`U50=fMpIWLEDXwxLEQf!~uFRSlJD2^U=p-GIn_A-S9 zgIQ%iN9B@yqX7Dx5=@sYLsv++w(GU;6#9JMC;7uP{Mfeaykhc; z^A3AS{e8Q-N1xSqfwKq@5n13m@?Wf$3ldaU{R&TdMeTn={%yhU(F)Y5ATFzwNbff? zGh+A%{?@OfwBRSN-|w5#Wg&5ng4YA{AOP()Kx~JoaVuj89GwzNGXGM|2%kdb-ig5J zVvq_Wj+58)z#PUx6oTPs$~#-+a4oj%&2pElfY`Z{|J0jy+JFlmbmxub4DQGeFujY~ z?^9bNMTH`$V_0rx!xQwM9nBngrR|%h26!j6Pn`;|0V5yJNX4rq@Wl`5+~;!>Ql>5r z9l1LWxX)_Uov;zi$S?aggCas!=$JVUmwLjnZnGq0+ONhOrNmP`ke_X<@$KarVsh3O zwOS&>2DCMw%u6@ijheI7!{)gILX5vX4)OD92b~oAP85XI*Dj4w7c;2E@(bumnWq+PU;8N98Ey$x%0ErLc?)UfGulTK7l zo3aaTecEX;1-^?i$wA=LCo!uTLka>tWWJOkx z6^`G+eumE+NZ=o2r~NkeyKH+~z`G4qVd zr9ayHYiX(-$LGgxQ!Jh5gsK6)AOOBw0Pvk$Ebfkn2s(eHr&2I|8`B{Wxx!Cg{MJs% zd=v%UK27wY{R(tC{a|c9a<<>! z4RzKC)@Q@}f~6eVNwLQy0gM2Zxvyg`c~WKtMgV)&35>E*WaO)gW%_cfi{FL2*2bju zlJw6m+TOdF{)uHQ3jOAMMkeJNOZvx3qnzCKDonwgz-Gp>gHCYsUF>pyKqH$^6^eWR zo0T`onS2oP^`tH5tk8V9?2$&XE)(<~$vT%=d4jYw7`LL}dy?>SPpz5(xGHMUa>%Gc z7lrYBU;jA+Rt!`BpnKJ+BrY_0;$If0q$5Ubet-2KCM~KS0~Cw=02Dl_NVKq{K-axG zYUrN&?fv;?Fpz7+b^O@Vw{Nqevv3jfJ+tEH#?{AiX5DiLWHe}lydjCIn6zdJrv8&Q z_T*pxX7pn}jswkwwionR4?&udj$xeqAfsu}8la6Yb zE=F~M=SYYqc;5*sJ^84H`K$4zLNvBp< z`ju&O2*`*-7|M4_XEO(%H=4@8o4c-q2Mau&rxly~SpB|JecmfBfFWXY>g2v*chs3G zc(8PuVi!x$?!}>lKO%B|Veq-5L2GuK!A3M}n^Re?hJb?p8`gDX#qkJfz zKKd5M3ao7Y8M`gSec~;4BlT-Cd(rs8RXl}jvC;h8uQ>NJ|Mb`3o72`;$G_}&5NT&) zV@)wP8O$J#7pSrJ=_Jy71B7fOKl1tgOf501d*k`c!t?`($Ik9Gjdhf`weRuUWTrKc zv)uLm5W!F`!1Bo^Z8&d`ZNRsWo5>Vp{yV=uQ@kIUVTilJp;8{wY_aVz^g_GUsQa7*) zCqWrb*zYH=E_iWe=hiWS-+yM!5OySA5frytC-83-GcqQ=r`j4a>!LJepT4_cQ+qSsaQ=P~%;OTf9SC-&F|bG`a|@p-rZ zyw3r>4=Ty5f1Wf^1BI_5Q55NfP)!h&`M<;F&?V;0F%LqtI?Ime7~HbET4)) z?z5b^D`RvO2B;K*AoIcV&j;xs$UM?(qP=40!>5FPWa;@C-^XMuudMl_SV6^;WeCeB z+2NPL)1i;%2KiybnFTfId!<{|1oskzI0;Y@i)wnUfr+V{{J$j7Y|1C{CD>H%Q}_2X z1ZFBG%qk))g*@-rv4T5r^VUt%SBd~;o#=n?(+?TvEO*(y7?tnCy) zPN@MK)7p?gNjJxa!91fE!QuUcP7t{9OY~`G9j>ESzJL} znd`g#v{GfKb7TFmWdaS2L&B%A-fJKglmh1W5+}pOdC5@@0C?Oi!UyS1`7g}6vl-e= z4OhYQ(j6;aaMMAu2nk?$KoO{*JnZQaxpEzFB8rDwF2&Xm;stJS9KdrmK?n0RQ?z=z za*RRZ!S`N3c!@rU4O9fw9N#}!gz`lMuVwIGvXu|{u>IUw?g1$2+q9DeYxf~-cdSI8 z`%#px)hZujP7<^v;jhc+9I9qZb@z932S}ERqVh}^1|tJbyJjYBV&rxBF#Q;DZZpR! z5GyM3^X#P?mxqnYq$>lCLJq(s((pAcox?%Xgpj=U(ix+L8t@>H2UZ)scXv8N0W{ky zIrV<9R%lv5EGo_Lr=O6ESyT`kpj$^eUc1I)E%Y`@6Hhd^WL}V=jo0tkJOQ{0LEUcp zv!uA~ioHy)a}Vd(?4#*CV#jK7%xc1ZEVbioSw_w(-o12X^UfgvMU8AhLNQWOL=uBO z3l{m{)C`cifaDRhMVN1BOJ|?FDDGGG32jSIYsFau)3GWh-Mo0vdW*kI(XCa{2G5@X zm2bh4b>PNnN%OgXznmO*6KZ+~A@Cf_S-qO6b8UiG&)t0JkvXX10E(6zBq_B{pW|N; z%x`^sW-#=$6-$y{^cfA9vq5?eF#c)nEO=|gc?l--Ozget8k&8lGLZsKIMAJ~q@gTP zto@E5`9b2~QMxsRgEcH8kjxalZm}%+*c)A}PAN7>IT|FFsD~`9K8(UzMHY zBh_12W%T`E(3tsC5(RbjxN`7#DdD8L6M@VzBj@V{QHtcHb)b=o|LKer#x_pNkIj+n zg(`#~X#^OXv@>T`5sF09Jm2SdSbPvU!d!ZO=Ggb)pihv&hOu!sT@p>|Bxw`Ja4cEHeMc!hp0E>;Gwp4>we ze$J_>(H3%ABMjMQtJrMi-(PXQ=_SFel0r_-aS3qp`HAd1#fZ^W{BMcn0g1(*hXRRl zpRJR>^7uU20rMFu%DPB)OJe;RoC*T<(sqMOlz0i}1MkIPRzFQcZf@b2x@QuPW8NWR zNKVLk<3ru@B|{Am7fHalWqPehK8^2%&Clu*XkGT5PPVE@ zpd2&e@&w=9`yVIx8SG~PEloOshiV2%bdK54UGXdPCZ<>b)&DLq6F;i&!~V@BMWB3> zOZa-@g!3x3ab;SM=-Y2&XWc6)Hu01KcOlLg;8H3YYTkifdXID^A@II1S__`syD#-Kh2+y8A&G664g3h63o~6sGPX$p2 zg9=M0_B@?@@^4^)svt-6J){_+ayv6^uM~BDg#f|ObQbQ#(`*RkB5}kaKvJLki&x9Q z)3hRl2K-rz6E@#ub6?z>R{JA!w(I zi4f?|r+ymS;4JouX7x8UaStTn)%5e1TwWJ&|FgI?hfB2R^=e&iX?zD$(dNUD<$*4_ z%`NalG0F7E-mn;G9o>7;X238q2#WuoKYcI%QKsnaap#m{`g3@xUR~|7!l$f1gL@Gi8dts|?%nU={{;(f}WLqhF!d;vq!0BSr$$C}Jex zdU|Ob+I4p_MZ2*Fq23+8RO~<;PrXkA<@RG80+BS39$DL&^ ze+RVsF93dB{*Ey4JIDi(U$P|s&OM+5J-9gte3Bhb64Q?fE<4%Ykg}N)Ke!L9b;$p) z)??es(s)5g$@d_l)_>?GQ6wC>fP+PK4;+uwj}}tsfAL_qB>6lskHU!0x|A~uSljpq zP`iZ>6l*2}C@}XATu^tcXWc{c#Q*bxR@4#=NP-h9D;(>s-m+~W(-XG@&J{mdOb6np8e@rWuoS+l^l&fJ%}M@GH|K(4xQmOZQL4j5 zglr+(Zxc+hfMroUZBo#(t$(+hPjHFA`3^|d-feGz4=Hy^L=jxlKgDrcDAvXmLQ?Ji z^29p)0Wd@MVaST%_Jq2@=AEL#KlXJ5p<)$iei6P9Kl9dvc@W4BRq|v?}7fyUWvYIvP+)i zSs?^~7p0AL9QiEV+T#xyF2b5JgT@T}_W#glpl@%{gXNgWGtVc87>ov{KDoM%+Z0Af zUo8JUxI?Hkx&BJE#&nh?Zjff}eZJz+69q_UfZ@*x4v)WK^^Eb=WspLH0fZ4|F%Lq5 za;O`Bh2$w5-Rg;{b;&sfZ?&$#9+FS&_{@u*c(&D*-E*9GXzs3wO8LdO8?~B2Pyu_q zvX=dV2fV!~7CovD*NYTKKL#0%Bb&|h`yluLXR?H-?Tb~gfM%Y$A6Yw2u&A(*hl4TG zU3lDebg+w4`ZDzCCW|J|BX_x`JdreGd(Ykz`8StHj1s1&+yu$!b936iGfb?a=CyD! zqHuBqFBTq-fH&mS(8x+T6EHV29=xl@L8^Iim@nR)mtxBX-ztT({YlYZUjP%!^YZd? zl3ulB;&Xv|h#*i=k%ysYnzjQ~%&CHP#xdvMQ?h)KmL8d2kL z&g)%oDQ&fW$E~KLg2B8UO?<&6gZ05&#n^`+Hrnr(BIrKdJi;edI@lc6gvEiUr91p? z(A=RI0uPui4{Kg9(E99`{vH+R_{doit>-fSYDCAbKFj%6hBz$Ufo2^>N2+9a{YhgoFzEky_l-b`*v7d6!*IMZD<*L9oKoMiV2vg{cxcH&Td<& zb&Wvu?CaEyScOfLTjrip>U;6>Jr=U+7nKQWSJ z_71CEZ9Ob`a~A5M!qgyb6Yz!*8wVKh&X?wP>C#z@VGq{9h?@4TTBQ|L@5Km#rL1sn zoCc~tx9CX?|MXCtyB_a~F0&-)PZ(or%Iq*SxEmX+67&kI;0t{!Fo1>*pG^4OxQ02S z=Q=}wjuKFc*VJ{$eU{26k9O;ue(wnedVSG#SXO^%HNrvhz(9h|G>TSSjPRJd`q*&X zB7fN5(5>Lu10BT`&7>IL(d2hk261wB&=&yraXB%uVrqRVd;7M~!LOapoX%Jii3@ZY zG!$3J*|I-g*$w70u3{35sI=p-S-@)Wc5857s$Ba0LK#Qnr$8g0SVqLfGxYwdxBz+` zIe9^MB)%)LdtDDq7Q=LagNHf?!7SpFQ~KZz_tmsXEsc|>Dg19XIUA$G`PEJeUgUSi zY3kiib}H{fZj8SWJ2@Qs2-8IlWpv;RZxI%xe+o+XL1*l5Irf1Z^TheLjvD7tiBCPN zrk>aLv+b4Hu6P~WY7L!W+C8Olqoe8Nvjd+yXPjpuV2r;g;fiLlb#$M2#=X-rNgEsP z>eJ7Kl(RKAyJ;MM4ZJyZZA|%0>#jiqOqYe(>q#+Xwp^b67kNwTk7n_fEO>*E@eSdR z8aEDN@xhzhx)gQgpZctX)*9E^$@v=$;zo}&Kpo+f(iX&C?i%SA?T%JSg6{jqf_pi! z&@tXaZP#)Oa+FBi?Jtf1w%A&1<&5z}6-pTSfi3Qd;+CvE;rS_v&Bqcwa;Eru8cUsk zXZi8;bC&hV$`U6K?#hIdca~egu(%nvs#nv0OgUCXbK^ZJr^*!Vad7QeO=vs|+Nv8; zF7Qrt!ao~mr-`M7x%ruk940?B2|L>gV_#k!)#U__)Y@7%#%Sq!tgHA}$FGcnnD(mI zX66mrXn^?SZCJftjysM?de66X(+?11l5i10IE-QTV8|5LGq%%Oj#$M~?x&>lPWKMq zQrdkmiV~Dn7DoJT>&-5V*lt**8Mm#qF`215+26GC8O|{ZB57e0u`6vQvpN@z>@O}{ zi4sN!8W5i(G#*!5mk(@^Dhri@tDewhmf=MfazbfW=a79XKh;BW|Wx!s_TRp)P|t@^7}?3uigtXQgsid9=Al1CeGK?%JOV3$M;%wjG_R zrn@6wRj;*+$Cr5j@tr%ez(qh~H|;KFUHx5(>lVx&F8Q$UfA3rG@}4es`PLIN{dqNA z9IXmwSX#IrXWn36=MSCMDel*2O)t?Zm23lVBIvr!N9D>zIh(Y29bH4xmsjG6)y}U9 zlzwD-`Q9#8;nhvx=awwMz-lW=_yPI&;mJx@VKKfwYu(OF$=ZgR~T7sbe&-a0m*#tI{PYK3Oni1b%oF)a(zeP! zM0nHFN5QKZ++aFq7?tZ*=_}{PU#IGM_ydUp|2!c~*szCeOX2GW1AVu6cvZ4q>nTTN zv>gHu+_B!c50@`sa3^*c*`$y@ZKM{RjtPx6}8}1_1KAti8+?K!yiv!Vg1v$aHB-} zhfl!#LY&jnCchMrrrOce6?`(eI9qM(_%x8coLpFf`x!h@s1y?ry2JMiXR zKGshM(?>J0?vAV1bY=qon8UmedMa}qSCz{SdW8krDiZ_1aP`;q0#o)zyC)uV=*H^+ z>Fgn!c!cM3680Z1fUTGkTkaz;3cbX=;H}8?DV{@a!))`;V9tRPRi>Ve+iIHXel{Lg zbOy{(DR#AJMNoRS4ZRerV$wS$ST>%Q!r$CedKokZvY*(md<9l6I$05IC(knQ?Wc3_SpCrqyOw>Prj=wZ z7a9EGoM5Su7frbpR_J&U)b2{wwvZhqj=vIF>x^KVwEm_V<5p&`Ud2VGRpw-2FJkW&ba3MFp_Jx*;Q?_?mBi|AXL7&wp$m5K zuvpC5e5CLai+DBP<1S6|mm8Kx56Ehy(rHY-$jxn(I@bu>m1aBYp!oX*DfBuD4h}14 z-YCXakq!|ikLJqVEsQ@{PH^~(K-{mmnG#=7!9Mp@Oh40iG zV6z_7||SsO+2{c<9eXI+Rm~!U?Kms zVQEltxtXB7%P0z6G)#)9Nj_egJy%Zm+~4u*IbHrNjGgMTQSj!s>a3+<7ITo5H`;N4 zyG_5|;~I`>^DTjB9q$X2!C);o5caPZr=zIlx0@yGHQ(K0Bx{ku*^y$*Zl&{E-}-Q^ zRbH5nGT^;r1k;#j%kL^oD<6HeqvD!9>AmO-oqbi0sn3mwB1a!*eH0HeOKjZlD*U0b zH6iZYO+l)G95W)QKF*@O!EM9WSPt8Cz)@Yi!z`!gS3-cvYu1ZvSd3W5<2Wq~YIvSS zpmPdWYM5|!)+#D`(iEMD{D^Oenk_JTVu5nU9Licju_x1z5o0h8^jC`MA4K zaX%UxJ98qQmH{eRdtlHzNG2!w7fn(8ulLZ1VtCbWm2KrMMd4 zJR>B+RbJg+JkjK;BF^w>XQQx~qlVoK#GzG^wWn@Nm60(dDrb>rvz3k0W1Q$6VV3Ld zd!HkTErn=3cm39~`ciCbR4c|kHf5(5{ZKmufriT^4y<*^S)ax^^Lcx;o~wyBu#T9V zGOOF)?Kby5o$h=8-b9L@J)!Yfo0l-w%oM599waP29$$_yIjlRHo$+*hkdRe6dXfl0 zdqu4k@OEA8l=G4358W_J(NkAW*8@8{%PmUK%5l2T2BJCALlUnalCX;7E=?rP83Ame z-#u+(1HWuIUZ<<45#{w!e9Eo)kIbX2Pa>?V{Fh+|4kD;iH(W^STDAMZHd-r%Han;b!%~ZhTA>D`|61|D~U$Azibva(vR_@*RrEx0`Ns1 zJcf%EC7C)a)yO5KhIOrqH{fu)k2#G4p&`Q~!N8 z_r)uF4Xe^lmwJ}_nR+B~H1r=E*2pWAzi!6GgIH;x(R=N+70%Vxg}cBKY#%S?YL-mQ z-9!%CwJQ;Lzr96C#@Jd|+`z0wEe=w{fV@KvH?OtOyX_AIU7!aaOkU5Hc*-39nD@u? zp*mC~ec*i>s~CXxK+$eTx6}HFgdEYpxAe=qnVHHrR~0Mg!7Cj~(1jaai#J?P~uavSDE6Z1D7O91#M{kjst1zL7tpvvk~N zo3QHkNjFm}W&x;(v3N{b52$9`X5Rp)`56OnVyRMdZ+dRZo}YGtRGsug z+Jo0wx}Ke_W!p8POCvhov#gPuy-wiGD~GQi9e^#rNwy&R=l6>@bAC7Yw_UVZ%L@T4 zQN4N%@4Gk9>Z>++V{sq)^{uC8~-|HU{BLGRL1>IU<-pi^7Pj)Pnr1~2R3B9-7S37s-;ax%Gx`ZL~HI`l@TjLR{ znCWok5nmISZ|F91WmBTE=2V{IdtC(|e)t;HX=^Z!gq!0e0 zk5zaebo$VL#A}_2T%b5l;7{UjwOOSzQLjrkMl_La5vWC6LjLUT&H2eupO7#i3&Hv6 zXn4&RlAj(LwYGR=I}IrQc=tcUn#%;PQxu-BECvOSKL#uvFGeXYZK;vQI4dTsBzO<# zc@D@ZO_+0)Zz5@G7Q9R9-*)FF=niTHiS@7H;UrUS*BtcD9n~n+*w*_@7F9y|ZulvT zwcP5Srhc%`B4w7H-FGMTd*!qa$Mb#>-x_u6hifVdLKV;P8@~<_PdGbYB+a54Qe9`N z-;8AjSDX?7!op_P(d$VYmIUyg=YY_o*A_4ik!(?As^+Cn@@UH0$6rb#zV!;}h@qEA z-1kG<1D5g=Y$>w|Xjw8mV?0rTBw-VvG}q8drh{d7b%S4|CJY^`B8Jm)9?sps`q=vk zH{g&5x)!`yjVK4c6rDXCL$>#1(3Ep1B_^rKx7iz#dGQWz?sLXnyce z{_Tebv-l^LWUB2YTrOa8eE1TNX4khRZ%}>pSwyPC;|0)r5{(b?(xG{6+ahela?GL_pbyZkpClNjkG;`{e~RTh zdLpB($C_Ih+gzAP_qn#YKW$)@nWIjN*%od64XHhdr`$Y_z+{zp- zpnK-@4QjKbk!UMg+wG<00ji61BKuu!H|T{39u21TmPP}C{lLTO6G44BJKs^cCh3ks zs{f!0)?d9?^KVO_IJ`)~L!8z&ik^O&@;unl7RlBlfAX21Sif?{B}L?TPD&~A)F$+M zZ&Jod{Z6PYs^s*Uo0FYZ!-uyY3-=n27s3rn^_`uamk7!&2|O5KRfNUnjWwHG?hBzT z%Rg>x+x;ezH2uS_fmM5DE%!jE1Uz4->pE?BcNN7zDftAHNdbZ*Z5~x~O+j&BkazrG zj9(vdKVIS`;b>(AdS{XaYgKeDclGIJ#a?~}dfFhaN}sJ|(}ig@4IWA5GGGe2o#Y$KokG7Ku8eMN1SnoF*FxpNP*mx<1$M`+?s2wijXU1jkc)T;mneP>`MF za4f6h=v_nFF+6&v>;0!2cHQpqw*G1KE=Wzft`dl_g4_>`MM<%(qkjx9Kgrce+o-0P z|BgPbHz_QtV7to&?ux%orRk_*<$6D9Urn-Z>naR}Dr|!Tan5&NWh*O`&~rOSA5~&? zE+pk=;5KylfJ?Q1viibbx_^+AnaaeyGglmECS>rSLIq^yqL>x<1p+KX!0SswClxdv>;?;3Z3cQgqRu z;NA4clBn||ak?6&cf}o=^qx`Eu6Fxxb$BwtMbeqrmT}c{+pb<+qU{r%T>HFj`*p_~ zb%Q|b^rQL~F6}QT#Uw+om$0S&z9{bzT=A%yhpMOsZ?QkAiF&TnGF**YWz3;~2hbZFK zB`to*U4a)h;=1L~-px#D$1$qw==}U#h8%W}ghiRqtFUf2jICV!{E&CQZ}p-yzTi~E zey}qi%dBX9oBP$$gPww9c(c{++!L7$5}j+^v?MHqW*-yW7O!irz3COWBb*0d_jtlN z;lWf1`tlSKJPtpJmzeT>jpe^>f4e75S8j8k#?uX``AVk#+>Qr3i4BlsZgIW%Ny2;9V3&sK>1td_A6 zH6OQp&yVb+vvsO3_B9)|tuiHeT<*pSZ`bkmd;Uy=<8^<}qhB+78uf8lhETj=_oqf} zalDt=Z&nIk(|6BOAE?e;%msYR5JmkODnhc0`hTpJsJRTdoaJwexdTxFCk&#b=j;s+|Can@v2Pg-+{ zyjGhyrdfSm>N>%DP`&s#*KK3C2;MJ8A3as2M~yZ%Xt<1dqnL+h1q`L_nKwdE+p)L! zwP4C3>&EM9FBlq8(>F8(dc=42zi?PT!sy zY>w{Y2DzO792F>=aX0(0hUA~`z8!SEjdVgM%*Qc*c)Nt!E!q=d1+(!SDq;fd11?2U zeU-!H4`%?FIu~?vn&xScd3_iT!eL=7roUK@M&$e#uTr3kja^2`)+7jnxr5f;-(qvy zs@N=6A_Vo73*VCK@|v2hk|1q6xq`p$)m}blS7LG+;Wd+a zOuU7+iv027Z+gO~6dQ11u$XI4*}T4pahKQ5vv^aVgiDN!WItZ^sxYYmp_!BimE59yOS4{Gy*R|~Au$%Q&r(=KQ9wx$* z;{DS*mWVP8XIiU1)QF&nTbiO@`s0r0vPxP!9vMz%KC7|8RMj$6+kehWo(JoYkl7d# ze_hnfAourUT()YsxOUJ|^n?W3!x< zouk1W%!yrv{seqbzZ4ZZdEdgnF?Qa+$LNqj_*eQmQekeOzvKNm{Efh}hl#fz?zA?9 za`-A%!GtSGgV(+#FM~^so*P{236(4^DN#O))k61T)67-^Kyq-Om|H-7=daCRH$Fk$ z@hc7QBBNkoFT89~>nyn>4aZn?0DB~am!{&|rxX+GDCf>Wzvuh9Dj35HsM0sEN##TEdG(GOMjY~;rSuM4=JtLO3l0Js~DM6?i!{lK_7qD zi6wtU`7Bt1g2nfgL$WiTgJa$Dhd&$A%x+~_1P})I^>!l8D4`_%v++5Xw3;lQbCfzL zI@dVJ(f_$8!dfs_wtZfQ+_HPwz1$QwnmHfuy+WtzQ_1`zHCpQt8_R9P0h| zq!%JAgvPLVG7i##NhWkCaWdfe;^UtD_OT_KOS!3~_$PiW z7O8DW`RG^psr0#?Zfd9)aiMzt3q5Lw)Age_UnI5q;_1+xXT840ySO4?%Lk~e$awit z{80;^6g>$U?KPqL^_D*q3}o1My9>({_qeC#_cgtTk+LE$9(ugZ;BaQseXNx}lV4DC zd&rVSW{t(ZWB6PTC&I()-CXmo++TdHtC`)S=3LLHc&&36B%0VwX{cOw8Ej}2b|RQh z`yb31cHBeV?7qYP`M|7dqUdPCiC^v9AhpbW-R;+!B1`-LNhotM_3FQobQ!%qhFp(8 zm)XA)AvimI1qTnk1%GR-f2O_n%sR}vbj2QJ9R3wI!9&jJ>spC?Tya5(pU*Zw&0F(3 zWrV>SYq{^w%+%xih-;{IL9m&J**is<=QVrQnp}bgWJ04i<3E#QX+9FM>y&9=_3O{O-+OABaa2=?);$}X{8thFVT%h}F zeGeMr=lz&)4z_+%L3GG?j_*oa<<)nX#ck81yW4=Cu}ieBrPQvUPeH*#HT?1wVPkPg zg?@699j45#@O=H;xC4}E?f%`hfGMSI`Pf_CQp#J~+p|kHO`pl>QaI!UZ~WF|-xZKB zqd)#aa{56;t?lM>=0o(8{-s4n(cItOHsfPKMstAn$hot#!ED?38y z@Fk~Z;Q6juHOX&!rw+ko_F|f-<^GV}<-uqWP98SZ9#?rR_DozjTFDZ+vH1QJ0dIC4 ziyKudeUW_I?+Ycq)(# z(jFyygM3S$?${3>zRVMT*!KZ0=BOn@TQ?|~a5i@QC|ylKc>b9P-Y#IL-AU|G zqFCm04z-eHzI0#zruy+Vjoh-$scg+=2jbUu)RMgn{;7FL65GMwW=@s(?0(#P{Y#}Q z>jR-2K2PKikKFqM*oR88mk<*O;^_pbm+9Vwk7eANu637=@D~Y(dTYOrhD23#CM?&o zc{Z=Df3{rS#(4ZSrQiw-Jhve$_7X>;gqU8f6eEp1S0Q~&|Ko!H6R`y^ z+{|RO$Pd+VNPs8YLWCQQ?*6%`eW7}K$XGy&pFAaC!h1gGWpde1p^fG19%c*`02XZZ zm)eQB&FWg;jjyd5MvHIn?~Sd`rk@uT*KBi{sBZnR%Q>`tLwdE)tbnn6qSsm2CO^8) zBR%zOCClx2oJ{2tzjf*d!LkdE(RE}lyDNjY)}PXp8POcBfE%+u$u&LrG4Rj=cesC1 zTjTNL$elX8U^MZG$@etBwedVS*tdktG( zqXEPmyzay)qP%~&{@QJHEr&0^W44U$F| z^X+V0c$tTFef?bF9h!3d|PTi*mo&8O|EY;I0umgIr~{G zO!ocO7s1~4Ui->bGA!YcCL(XFJYlrpYdOE#2l2Yg6J7+*iv!E3QstUDllb!E?$=BS z7UHlFSj_~hORd06Q_YLB2A;XP+2Kj9N1O9Z_Dg&-p3EP6zoo`0EOawreLeag;orB5 z(s=0f9u<63Dz4T3jrK^mXht1C)Jg^yf0k%e3;DOj2)Hen!8O5kX)39fCAX>U)Z``F zu3Hr(%2(g;+ITwZGU=yz$!T|4VymU_nV28mK&<;+40KRWOO*eUc57ufd3$I}ppJNqS~}%v$C3PQ;#>1qw_VTx zmFbq3X2$u!YqxCpUUxQ)_+l2P-dQTP%N2&D{Z+?renHaf?QOuo-P&+Q$YL*trJ0QZ z)==R#%^BMRkAB2VX}?yqrs$GkdZ*Br%zSM{dE(LetdjMiJQFTkn!&5+atrN!!KnGI z@teRcyBQ`_gQBb+wdRTX?DV6YS@3qm6UW4>tmdQEZ@1SlF)<~Q<2@>G``P1XqqW@F zN>>OO&j>X*YO0;zctw-RTEDqBze0WkD2S8Cjc?DFDdVk-CH+E^^S@-wQF2^Mqbb?c zRG@_4-}6UzUe%0~pL}?+>-8y8iYKH;;SV}$6v5qU@cj4S^OepY>s|?lU~VQT?>Sw; z^Yd{gI%aL&GpQrk;}eV8At=c%$>jsl3%|kK^Q{}zC zzc~bul-;sKU!$VunIA51W+Yt7PPFF9PM#Q(S}I<|E7q001_;lFMt&z^(NYtGF133x zQO9A|bG+G{`gt`o9SdlsIP1Xc=3gGa9TKa^+$k1iE-M5WEEX0KVI@JF@N3ih%ZYC zg|X6Z;~7dbla$j=k5}FN?UYvcs&uCJspNRp;gV<>y38SdpO1Y_3K@{E^j*Zx0`Dh; z4g!KFx7LoI#?KG-9t{sGZGjKY-H*QdQOH-)o7c*s&cDW6Q1c<^MCOfh__KUj7)9B4C4x?tMH4ltTfzTm z0X*~>k+-q3yX{}8??_=vKMgU!e(2@c8w?4o-}lX4unHia&$z3AwHD%2PF>F;U$}dU zge>^Xkn@P(WVgBH@ei{wN4xmM(~mx!p+LX5(6L1KHYm_!Ml>^QJ|0)Brdj3s_wKEH zbD!cwiIjpXPAV_T4c>gsr8O3sRyDc0vTsS4$eU!AVCt#n+y8q8Io>9#U2)-;j8=R0 zdh&2NjsFcW-G!d&^p`VDR$_0bR^s3mOQ%_6;-Zq1v3LT#gF@H390~u7XbKfNkH74v zR%jXqA<4pb_f*jAMc2Nd{mMOmPA~XMn7O!;ETJ@&NRzfo!8K(VqzBf+k+TkW;B4$F zLPo2YR(k3g!grlAcyHgwU4m?!*45!C)5B;rygA}sMeqBh(*Py9icA4hm{&qE5~rw9 z6Rl40et3yVB21>rsALSA5<;L=1Z$IYUTR4(DHUU)w(mWK0q$(Tsi}a?Lqzv+1%jKo zC^K{vu=8e93&8!zPu%YnJ(uIBNk63?4h4t&SAiyw`;o;ryJ$9{tXjRHXDU!iF$cV} z>v8sEiF`AwY3OoEF4S;Bc{)2Wu$UV>G?D_ml3TiNIDB)Z9%W*&vzT22Q`6yq=Jh;C zZzUU3&3S}gK-txUZv~tR+9IPEn{jucEp2X2$mN>Kg0{;!?w$J;@Fij6$GTa-P24xH4AZj|6nQJM4pY+i5(rF#^Qw+?`{(NW@JIJA=-8~o%~ zo4C6Go$87zq_40=bqc^LTsjzNT}?oG$b@WfIyhOS=luVzrGf5bNq$K`?3Syoc$ z|MMkF^5EJOclS;pn-}C~1fhQ`CCx!=tF18l-cgE5{E~E@ge>Y|;ACWx z)8pX15xg6W?D>_cy?xE=Z7tGt&}NJ?xr!ar$ERTkf^Mo{IZg#Vf!6BzOTxXBe(h(n z7CZFb*{vsqVxkq22`oPt}f8pou`!OD}EgPu^{IHnge>IwsE zGbILw3%&`dQI=ETzEHB$4Ia!emjOmsNBX7r>f>OLOpcIM!EOt$w;)Z^6fe zdFt2I;bT#07&GmzH;Q-2E(g2|6&r>Yv>MvC*TBiJYVV-sd<7WF@S*=ih`#e8vNbkwWZ3pzj}T{wy#!S1wmhm znrShjeVYviu{khr3~d*jEa^iXZK)+ng=CU&oqL*YB--1h0p z=XxjQH^3!a*Gno&hb}@DVB%3HCr0VgbiJW}e!C z^ZuTGQBs%mf@9@TaeJFwb3f3lfG+Gf#9FOMUw^-oSy;DE`R5SFTxS76)UJzDqzxyAIElWiZfEw}<`ywt3R(MqSu+urf- zonzZv+uzg?zNM=r^_Ps*X0)cgUTIhZW)L?H8>3ZgF1iJrht`3FpI!ZD`*hhh!tT*K zQ6JPgwUBMVRM6pE+G&~(`{lj*4*94xAMd%jcy4NEp4y6#)5&DmUnIq6u?5vzKPa<- zX88(y;$>(^?$w2SSje8beYZ`G`hZkZIM`bD%thR$PAaFLlhkR*RrA3#cyPS7pT@&^ z=+tANX+$klLDP8tZyKR?xy-lx<5EZ`TZfQVq69}dg)@Qe6O z!`ANZcz`il+2Ip>A6X<~!bGZjjtJ%mtd(`eih-%AV_ddHsaKJ>^Y{~)HDsz@zG>wH zfrX>3up`3oq)x6uC;hE;!0xhph1!~%ryOmy7XSgbMypfrUFb%3>#IZ4jhehXJeZi5 zqs0N1Lq8KB$wMnpX7dFc!t7AE39Ed<;d)(SrcIs?-yRIGF3?F7P5q~H1wUtM&a5{b zHnAq#q}3zuGI1xzSV9-L2(#3q!&%S`p$?K$%jR&>1E86iOSt)>L)n$e%`F3{Mfpf^ zWe&q_tJ3Zn-wS(ovNI3sE8Q2q_?y^7LIRs&%T^s}{NguDfSuCU^@nTC59gqkzba3n z25C@Szyd%Eqw!ny<7{A8vSx?;CvjV(V17x-q}TRCX8BdR(EuW$(}q!&P&4$a z(}yfod*zNF{z8s{urBC&ytL0&V%bWcaLXoK+zzd`w?2^br+`w<+=8_S_?uYCcD$&C z2zvhYYn8sQ%A@7QT9%Tw!`&KV$c4n)rMC$I8w;s6U-;(SS!P>m*=0U=tHR`04(4#| zb30k52p&ghzKZVdA12B^u#S(Djg|C}NxUQ}@D<&X(oLAAD?Q9>ye3M@{h`j42@0b* z0w>{Gu0zfZP&X|DISQ>6$jK;s;GY%9HPP|I ztQKKpTyo|Ifjkqnt*tE;3jy~=hWPdbn>m774_uG}IbZW_S>#k9@Y7S>lCn*qdCr+Klkxx+N)1W_IzNsUBw8+z+x`L{g zc(B&r>!7tL2C>dA zh_Cf1>+M$7{=~tj{gFl3!gup^PRa4=&yuc~-27^>sk~-~#Oi}4)~M)`!&`l~x z%BuyZUGd8q)un)4{XP_YU9665^(@vWV9^FuR8YgRe;r1k3h7in1^BdhD%RUy#3le= z>xik!Z0Pn`BV3(+kRu3A$;mi=$4>>4hRUZ%0w}%yA|mVl+@nAfhMvbTkp#omKm=9f z(*G~QRBDP;?ugwQJIaaVX_(NK*(dA{TO|H^N`>^~@&^pK2BvCv7AXF2d__@nube`5 zJwhGKCw55h9@*L1xnVtrTfq_2S&urq8$j5NA9r7`>GSCx3bLB_EHpp8p%zLbS@L&> zCEns?W~syQZCZ-Ov@IfG;jZ1p&xCQrx}3Ga#AJYIjEQrN%JN{Y=(iLWyZr1#29d?5 zI}s)>H=k8I6tZBk!YV=P>M9RyX?ZFix>@Jrcq7)CY|rfS}91r(EtZ+_eK|`My`P|J-iid(j2N>@%Y>``9IZiOa)<)oE#p z5Rc$(KXA<()^W@FD(VdezmXvCl||SNBq3ztma-GwYY2N%-p8+*W?wI)N-E_#vy={h zf2?d=<|q(ymP(waWl8#{;*-fk|MpJFR{ujRKTxN}u)0(kRk67SE=J*ovTiMV&chbE zk~@nm{10Ns;Y5O%+n?y-ZsIbdQ&0YI6)1PjmozUv)_!-a;F4VjM{x`t?EF>mqfoL5 z`@~61u{%u|ck59i|MJwVX7|cHvxf^<Ka?E=k}ar&o_}`3kx$_rO;YV(0Jso4x*?-tE)n-(M(6YISBYdnUk;w!C>VNr*cz zFo2AnP}8EIgVNCGSwk{@tEQkWb*DKAK7#)RA2YWj%9;!WZq3@jhc~gyvVT-xCb!d= z<2XiFJNh&VCcGKGw{*+8W$Kq?+gm#AIEr)T-n;tVn~m|a+uiaKr;n?;mn9r#Gnp(X zE-lQ(TSN{wg~w_u9E@BLgrsR=d%MG(@LTVh_2+(c$7$Q{J908NbWIOe_*2;)&$D9*FQM7Mg#FPW}E_u!Pw1~j|sS@M0fPkIwn8VQ+~It6H~@ka&~h0I}Ks!oE$KY z0kv>njTEn=m)jaCPYoSZQ6lXD=%t!W09nfwzTIOfT|um+dQIQ&A2Jx#L_Yi8?Q@fu z`R9zz-9Ueto1G6vPRJf`VHBd~=^q2{mc_VT)U_r%MhT9TXWqPJrUx4R|ZF zO$r~-T4g7cS;G5&A*c$7=KDx*wMFn1g3jx14&`3oe;HCWS$O?bVZO6}HYcXs!TSk@ zQP|uv&eIRTo{kHs!}S0~f8xw1F(nlBU5C#FiCt0sxaeAZTRY$TYR?q|>7`lSS-_S= zYvOlrDU6k|El-N=l?}J)b)Vz&xLwzEZop`5`Q=!|6}Q<)wUN1}3INDPLU2KC@V(LF zixS`O_0*#7=cN&{SY5=0YRFvhEOAp0Z9=sZZ)2*_bMKltA-GZwSVWoBo|St`6M2c= zXC7>1(KM9V)gT&~sov78jOsd9zjS>^xZ7Dh#LnTnc;(>u@ZHv?8fV;y#qUYL+q70s z21wGJ24F|jnt{z>9>uDJlD|{9}kcIH1%_NB>_6 z^%-ReVsHX3F`hb4nLX=P|60Yi$ia5E!d&5RpSD`|z1TqqgLX~P8b@nuqtp1WXDv7b zrYXHaD@BHKC?@3i*KkkJ3qO~o4x^G;{EEwscFghxBtTuC3y;2k3y(QAv~Z$cLcCNc z@pam8ys={1%!Wu}^PY{gJ}|~;)WOB~zp&g$3ix&A1n{K=4YvT%on@SdpUV+y9+M3P zU*D79o9kyOq46h;Ug>bHym&ht=HTK-Xnh;Wlll1Do2_M`0y688m2TxTSaiY4bvvrn zl9H0PajvQh)w@$)DA6>s51iS2mERHC&c|>v-+oYgFh2&K1eiU0{Aklh*8ANYa+#hh za&tfr5n=r>vF$gFf@Rl=YEM2*XPI5UDn|uT-dzhoxUt=9>%L68SRrX?Dh)F1&=!H= z40h5Vmptw{jIo|0Ngi~z2?O-KyF<%y6Hvlsr}|rS+`BXV_P5mrmE>n!19+x$_L&iW zdXRId4~)ycDa6QWc7dF>l|SO`x{ALpuPx3b?6El+1-gdX3PyN&IuOYOkU@2Y+UYK^MViKYm|A894KL3YAb2Q%5_CkLTqw=bT=@ zer?Sd+tp-JV*PR8r;)BtvTLxZ@5{;hz8zu>0d@dr=(#+}$!jlJl7l>b)^Byx65+qj z%-eve;oZ%m%qPKTtSXRJEfHfKyP%;?{l{^gN)4U550uIDy^#9;w3>W^62!o8Oqw62 z%5y9Ayl50CdDubf<~}W%6sF;45?M zyU#z0uao?ehN)5nHI>EF^xAh0GLpQe-_8HJhoL|_Ns!2@Z~?GF@})iW52_npxt~P+ zFSmP!Xsjl~-mD==Nt52B1KIA?pGlX%KW$Y17sNVqN@7Iz>xiEdENJ9i1KuT!9~>M2 zzAS3;zgbVts2Cbsg>D6oyJ1LZ=5P=0mW zbtM*G-=*m#gp$JX{zV7?%$sF>wT^SRk$-EN1L0BOv08y(HruYRU+mr5fAQ&kS3|$B zX-~dnbR2GvIB`{Z9c8grF$0sXK)}0++KMD}id01gg~%M;fGEjHFSFv} zwk~_*Uf6A0r1jWJh|})Muw=Hdh)A4!x2(k%Nr!ojo?5p#jmo8YlY16?--LFbloae5 z|HUIvfaLb60OfX@^b&lMQ=IGY@b1Vc1PX|CrKP3x@fB-$)(^SzH*!qCX##5lR{*}c zn3hV-f2l4tKmieHJDIAFe6zFqnYHe`J0Ady^)rA1oRg$gLN&XXzYkTU0CZP{FysRR z|ClM~8IA+c6=Avm?bH30p}e`Be(mUSM&a3lI$|7r5{M4s>Hv7xsqyiwJWN4=Ru*Zu zbvbw(55xL&ekRR5P!~7J$vjxqz@7R(1hRX|cJWEcY$^ zj*duWM(XOgfc3iri2s-OEV%6ioebh%aa(ikRt>KTI{o#3=-q5qV=WamD*h95-)0mi zy>k6vAvM6Vqog~*&2u7vsMwQ#YrFeS?kA(<`J?SFp`xQ2eYlX~+Gt7kj?7=Li|H$e z6AA}Ay1Em@iQD&N;A^H$KhlpUoO_&+9H10z%xso3)vLxC4ML`Amn_aycetSLz<8^C zt`z`eqpaGvXn94i*~e;e``%wN&d4KTkALpehtOy|dltDPz4E}FrW1U|#<^}rYiTgo z@Tn@oJ9YOtLH6x7e;wd6km%2a7!$0L9WW1BU>;w`g3~avxNCe$_4$CzfMt$AB$c`d zMCy}aZ;$zdhHh)49?(me08dz+asvC?c_@{~?2LDY`7QjYRnR}Z;Y`lXYm@3;et}I2 z;DF;p&H#|Sjtf@Bpq!OMCmgKbIVc_jf}+L5rOwGZcO@%`(CBxlQDDyhnK<;Kt8R+; z;4MeB-H1O>#I(m6nm@BP0y|mw_qSDBOiorcOL(ep-+i}(x%k-6XI%JgQ|0}tF4S&b zmEQbg?)H0kco{70&5L%#eT)YlJGNaIJSe9P^Q{%@UiE5)-iV`hhNOlc~1q6X#txzk7g zL8%fd#gOxD{|(baujIjr_31FHE>U+&4B8V&5^??A4DS91Dje+caCsdI3c@RNpjKIsCqyZ?-En!e+Pfs@xt3NqRKZ^A{igOL zdy2jEV_nKd>_Ki{YOFtD*N|BPZ?{dGeq8r`>}x0oH*(y!#Ct;rxh22SI0L60R(A&U z@p_r)GZYT}ivCJqpd=_Tw3nX-QmVCwCsM{HizM43QNUG1+#v)nUJVDD0w9^^?l z47WU#oVa}X-q0hnc>822JDmhR7tccfxi#RqeJ1vb6FETitXA%)_pCA_{a$t8ctLxYy9<*4fj5(3mqffr${^=~X2)%RbtGQai z<6MJ0vG|V{6(8Y6(y$lh1S+okh$wolDLt;Z8PP_Q zIQ3pMvrg%;p}@ou@{)`BHQDp!pSiR2^95q<%VIRjjPLu@P)DVB2I~D79k<&Y4Ul%PY)z@Dz;2U6Od>|C*v}5)xC z0FHnYvzz8Uc)4Zi{XdNAd<+{X!pPG?1%fmgO3~*(8}^>~_G(Hoo>6~$ir{y5r1Bam z-T5AEwFgY`rzyu~8ah)?LHg%?6(zY%F;nPo89_tO5O@Uf!7lJ zN^L3%V}3BAti^3O!cs(GiHz$ms{EDzVeWqQq|<{RYcB-dovj|uU9+oa1+ ziH|y3xzUswtBxijG%-IC`snx$-5}9$A zf&Q}_Bp9>`!?z->;4h}+(4s!?eku$@L>*oFt{2bKGa#+BN zn(t>OTT{Ra}amY4&auZxDWS?!~ZG$@O z>}Cew?e)K9&ffTVcMz2Fg8HD>?{G7{g-ywQ5%r0T{{n7b|KC}<`upW}5Az^k9kD;F zB$85JL2D4idr7^q5NLNOT`YgZ?2z_;sB`Y1>5sV2ruoulPpjbFr!go*KYo>1zsy|vGZJyT?;B&a?z3lZ*wJA(E>mw*65_kr}KcT@5HfrU6!eeOI&k>i$LbwWjV}@ zg_W0nV9~**sqxBXCnjS?$xmX?hkrFCXK+<3m`Wh9bh7frGe3iHFyZ1%Gv{#ZMOC~? z_uiQiI_T&1(ZIS>92resb2}m%!Kb>pB7#YCE`hgaPf=;b`iasm?Q0(YJj{Ih*Q9*K zVr3`6YOk!s(RV{B)?_cTLkl@ldsP-Hd{e}Tp2U=7S;~`PZ~*`EcwZ7}q`&A^;@ST=4=#F8^xll)D|YJ3EWYJZCfx97 z-3Bg}h^bNs(JaS*@p6t{NoC$j@x_zp9sE1RDx*(~mlWFWk#V}uNZYawlj^3Vj6G*Xn;#+QBq~}&44+Jm!)~j_@5@rnN(2_zwvQ8GIZ22rtV0RU$vABPnf^Mqcn?vBqPCm9O)JFj&!kQY1X-xWk?k~2(tsrU4L<~nP`2TK$!bs@5wX$Nc*v9IS?2?*Z||q&^Sq9Ye(NOQ_2QsW(}a z`%N0YAL=ar$goUU{Yp(O(O$FTzl89JT9&gY^mBsUgXTdY{BOrm6#u*9oqi+^Q+(s} zTVTTOb)`usM#eP(jBJzf6LvS)u(UUHb?2GvZOA%FA}y)LDAAQDx{Xvt-WgF7d3jUV z+K6p#@z;rN^NFCu=5@}!Bs=|O_0EfRR47haX!sO**Z+I%|1mV^we?^IekM@SoPsw5 z6llaspSQ};mh)RA>VOY{yQ*<9|Aqy_;A>P}!HRdzB%Q^|hHY84hsxc9F^&paf5(-C z%Jg(O!rV=bs|IB9rg0Txf|pN@OM(AR%SIQ*AD_U}$sk!tMA*l`d4sTlsJ$_CWWm3PiAJ(5HH*h$r{0^Pa=^V~u ztG&h=g}xG~IR3BV-JEAs0UdW!eh@IiIm~p^qZ0<#cEVB=_^wHun3^4U&1?-n#aJ}b zDTkR99742gAiV|Eu|0U*yNvqKMW`u*7!Rx6vZPGs#v^No2M&rE+T&NMrXi9am z(Trd>iyrNENmGv1^fShgfg(I##Pw&gK!vd;q!ALx{(mjV-KQ5`>JY(E9qaFcdb65| z6Ih@9A4BqVfwPw1%Tif)S?7IaUv={o*!`GB`+_bplv@s(GV5Djs-Sx zB~0(Aug2o?A2RK_6x8VC4(s9b23=U;ghQg_v_q)ujlNAL&+(!cp{-9wAPZHXI5{(s zz3Bzj_#a7_>`#|2F}49E9oIsNd$_bc0L@~4O&1d65amg|C?wEKXLXD+3LEqK_^$VB z$M0d4yC0N3CWEq4vT1G*6W?hD>FjX-jr#fOlD z+Hns9c7+nKjnQdzPI^Iwn6va?5fnAf?aMjx+iJIt#c3RxLURdLnc)kV$IuPm*{{KB z0haE}EnJ**ZWjm)s5qH^u#JWO`WVC`Xo^JEWJR(>VHi z6d)biw5@K;3uJSJ2WeOZ)BMTYgr3Gz#jUlxboi(Zb@)r-w~$gRzF_O14AD zbSN*LOwe5ER-Q$jx&QvA+5r|h*`Zk7V84*YuI&0<{-{?ibC{Aph7zp+s)qLq^zMU8 z1q8@FmhSeX6cYI=Zje%pK*FLCIsQXwroywIp2*ZbN7>?+BDLkL@M|EqlX2k+hk`pj zFF;RR`($Qug>p(8ri>(HcSNU#q2RiWWIS^(?SmpONFR9vh6p-^8^X=$zuKE*lRM2T ztvFj(J;G)j(9&FAHshzZyTNz;u0Ht8bsCRDx*P35=0kt=B<|G&TlYO805yi#GgO!Q zFrQX&N%4b4^E!V*edO2RJ&>KZA=c|e2?e#r<~|2jOXxBoB}Bt<{8R%4*Hc4)NS@=8 zRu@d`S)|(jVO~#cSju*k*Wp_*AGJ4B(KR@=1l^N#fMSKgEAptd|ax{v~*XbbV2DPS3sAnGS6C6RzVPg^>M ze4mjzR1$D}u+W$GOgTrVvKVTTFe*}=>@^3q;6o-G2;FjZfvEBFEUslP`1jtH0cunI zvA|g{99lz?y4PTSFKgr~E|ca{K!uz}BoY64^)oT*o7%Q|JfCSFsuZ3-=dqyP zY_TKb@`;uIq&ROs&{7?Y1ca8BX!kLMeN6v>Q^OwdI-uTokRYZ~J~ww?3s!#JsA|CD zEIxeiEENk`_;tYhp;Q?~%^e#&F;^dc;T3jwp9?%q9Wmee0v8@rF=1tT0jTYCAaogX zisOf#O2~~~-`?#<4BtdFG6)_^=Uqk$l{oxo>A=ST1H~^aPks~O;)kr$lrb$8#yp^w z&EtrB{Nk}5aKzle)CO4aUd03pc&H&+I&*-)MAd`x?keqbhT7$3jD8BJ{?S!tX-p=- z*_k>Yv&su*Jk%tcEC$?`wG~=%p!_>*hRE}_Igt!b>Hph7hSGEq{@g3x;Cn3@o-0FJ z5M3{AlPU}pAtJqWG1TY){1U%W-81E>juM;h+a!L&B4%yX&6r$Cx;Y^D1Ds@EP)63H zBm0Lv91}8q{xSmz>s5!&OYqIczEZo@+Rtwa=n#-^Gl1kWdyoC@ND3OOjipme^ChW+ z(A;<<#lAMzmozg6lM4GNMnGQug4q1ldXtCfTR*=1v6 zqg!(_{0qYwR!L{JhmlgicY##tKhFB$<|cotdUiN_CJ3Ed;LAvDeDS6_^KT!m+tN(D z%ba=PQ|ImmP{w0O3^8pbtxo|;^$4U2FJWigd)u;k4?Cay6r5@&oe<9&$e4Y9Q{8#& z^eMRp*q;)xKgwWSj}_&Z+`#2aXF$;4n+k=3hA#5LYo+=)MZh_kXSg0n787v2&wj(G z(7EL(Q=o+@NrSq6Y-?Iu zTMt-GlR<{~^B>j-wR;VfZ~L`nJ3Yw2_t?UdfU5-Yh(DbywTr%V>5{sSPu1uGXyM5K zt(1IS8a*7jCdu2N&^!jgY-B;_fyO!DWhfr*rR-hG<;|Jq_BQ?844>WQbc>|JBu~Zy zc#&F{IdE)609nYU5sQ7VupIUm-UBF}LcifNqSdpOGxoZH>#1h_$22q1j9X*p89#WI ze(+T}GcY$Tgp?PZzcm`tP74}TwVb`+M_xwdjtP`Q=g*&?E7jGG1(APj%jN{aJpPvk zTpZLeWdi%Qkp?i#pO8lFAKY}M&9%}de*OiB{z5Zx*z+gP|knI z6hO%%zNtBA$t`g7nJS8B#(})u6yLS?|40c^t^Xk<{%j?$(lO)*hj=U<93A;?zc)|* z+42S;Coi*qIA+)+dJ9UpUqWX5r|5}*w?Ob-j3Z3&BlwZtHARI^D*Ee+BV7dW8;Vzq z8}?u!y4b@4iDcuTPYlhJm%@Ffy)LpLb`m=K${+Rpm{V8%{X5fbh6hUZ@?MPmgT8M6 zoGnt;ofnFp9$;4@GIFb%1@HB&6`lPm1-3en9H0of9tsX2(r2hVkCJfEQ(CW+o^&Zh`{wr%$&Gq0{^b00nIJkj4We%CU2Z5O7C(hXmSaIaV6e%i4)ZS(ZWH7O>yx(2PIeccnVij12QVUtDie}uH(ZVAcMos zVq*pMpQ|Fo3+dPn39BmUrTx+pNdn4@H8ig*M}9G)21E`dr~3p z(!fZ*u(VrAtA9pztsbSb;!Adq{*WAZcq@m7dN$3Xc5Qxw+Q5m0`{Ps}D0k zxhN+`BM(|}UZ$SOU38G8L7u%oarlRR`%%|0dEU>=ndqc?-NBNxEn{UZaj;5ht6&)3 zPFsTMHMIKAML_A&eL4dLS`GRn1Qnl0dD`Ih{)E2iJ*BdA`^e-gP;@Kw{Z0oE-pbq0FFIPJBG zN?jnPb-4?}s_$S{hYm-D4D;DO_pUXSNrlPPCCUt-v*;aw^IrZiL0=^RTX$6o7rYXZ{T1p61+M_c|+)=2S3mn#LN ze26p+^V42msQsYX<9&Ns1qEsExy6txc(uu2`R%_Q3iAWR zU6FTTD}>cv^RSuZ^Lpa6FLqHo{at3#4G7?@kaT^P3Y0!vN|nW8f(zxCjU#1F&bes@ z5b2tKoRJnKEn)z*=oNG>j(dM3ZX3cx(kwpvA8&ImkgK}hTd4V>-W^^^ z$JTm<;*UlBxt@^Jkz#A4Nq|}l2N713e|b#~3u2f9YyN6J*h5rGlCU?FPG$?&=v-`o z6_k?A0cR9F_eTcglep)(x>tc5ACOhEynC3DeiN`jUb%ADKEfe9NXc3X7Ux&UL5C$y zYettILAo8E7mMTXEJ3=*Ad-D-W$pUKh1yD7rARlKD5!@*WaIYZUkRN(Kf?T>DDGwn z-Ue^CcBKw9AwZ_%!VSi8@oP%bFt4L_7Ytmm%rzCRc>Om_b`m?DbH+vq^o9J_-@z&h zmSmc*)AQ*1l*dt{L636~SzTx{y!i0o_WhdT^=sFoUQQl!6aRP}>|Y%%o9p?z~C+xIjOVCT%HT~u>ykY=^w2Vs$mVpuI=GMG0GXd3#^X~p229+rO z1ji9fVUi(+Jt&HFmUo=aADByHfv{TTi~#iZ$35oeDioNR(Lbg_IzdZyqR|Bb$FhCD zo!H@)3kH3ePP!(CfRZ$)tlr`i>PnxIj;{PJE#E75fQLs9HCVHGj0I z@h;b(E8;iKMS$Hz(rwQ7%!WRm~qT4D8#EBb%EA(#6k^AiD`AVNkYRFpsxD$46*(j&2MoghmMp86dLme5Db|X zRs273{x&oLZ4+G`XjfuEhtK`Yp{)EOS^ySa3oh(@tRJdo7jxOPKX|cZd|=ag)nv{& z%FJZXIgSr&JgffEUf+@ZHz4i<0~1LNM)Gf=J*`15)(Vuw$v=g`wQ7p>?a+ETv$p|^ z`i}AKRft0JSb6COUI%rcT@Ls=p~&S%61>-fl@fbL2D`-An$EEDaHQ6Uz-UzRGI!Qx za+ey{@q;j(cky@!xR9;&%^^J$@*`S`p_;7#$`|R0)?vDx8|bz!u3pP8P4W{p^7>b_hjm$ zFU4ll3y6X#Y#~pb0+8+nsM20O?d}77wM>zBvT^@tdF5*M2DBq>=XwG%9s6}(CXxb` z!q*YuU9v?*or2Dso235WD(P`ZnTNRq5?|eDcjyHFdS?IUuViSOLCHegaba5seo{&Z zs1T`Yn(x;u?)OUaUgiOaEkYppq2_I7+Met~wBs~S*n?$z%laAk3 z1V~nEFS*i}ZyyZCKYZ{N!X$txA!;0$oC>@Fo;1!)5yPWM-jD}g=}!j+Br2>T{eK6< zaGoq+sO29SBSC&74D=-z*{s{xdF@w;_D0xYm93%-(E$Z<< zH(L+a-yZ*e?R|GRm2dcXL`J1#^l728M~WnSGzi&ylNF)t&7l&qH(4cnA1lXf*^WI9 z2Mv6TV;zpo_j!-jr}}=c>-Yb!KU}X%@AKTxec#W$@B3Z)oB^A4JXpx+60G#)h`UGB z5qD#U=N)wD`-OFrF*U&IBLG!#i8B}xt{9NLntCe=tl70Y zH^JXKG!jZNQ29)o8UZm;H(94QlU}6q`B>09t9NL^p&5`YLfHDw z-Q&`HfcI3bmU{EJcN{Fsh01P2IpFmx57gKQ2mYNu=~*O6U$pq8e7kVSi}RYPJRvMl zfBM7J0HcLr4rDN(e~N$6XjCQq3hN(e&eX+uv-q+$gVE3s5QOksTTw_@E+IkXLUZS2jV9$ zCPWs2EP@u)AwW*l0{ARN2XupOUpg*a|L(>OFWb8<2HHMe3GRe|h|fYnuvMMLm~5kI zo~lmFFs;l?-QC0*sWeYY0BM$u=mM{9@i7z0Cm*FjoHR>lNCf zTIwfmh3e0_+oz#?>Hq*=@733vbU?)6H2oCM0>4BX_R-yG#S=}co5Y_sMqkuk#A;5E*mV56aF3zwzAzxZfFj+RJd8(BZ-r--%MZFZUK#8EM~e zofI@N62!{_a9R#CzRNSSe*frR3NP>Q&>TL}XRJWPeu9)@0Hl*N@T+b!*IW8}SzT#K z1fdw*%`E%7W2B2rP5gInNdSC5KVT$OAV_V2-Eh!$xDOjoy?)? zYxNMQTZ9eA{5wD*QMX=OW^^a_5x#R3SobtVAN5?AULy)#aJ>Q8iOdzr4sIoEi?Kfy z)dR>NNt~Cd2%qUczT?yO)MpIjJavYDtiWurp(CZ9uB2Kv%JUX+4z8$O8cDsxlgSD)xJ>qd(Ss{>7x=1{imL<7ljN z4d3dE>pj6>p^%TuD2JGZhg8$^WUevu4J&1TP4FKZK?m%XKEwK9N?6oFVk9|(PyHT| zuXn{#TKw=^B;a;08<7@J<)D8OoYC#@hXM~GOfh_-Et~ClwTCb-N(D=o+7A}?F(Arg z`chV1orvbnzb!xo)Niu1X94C6K}^Q#T@@uo;M_AD-)@LMhNKuD?6U_eCtIB$2Z{MR z7Yz9=#Hyzn?8Gy7T6*2OzowYXl%~9viDu^+4-7ILSr0W?>NY*^sD0IneJaKN=~bIv z@m<};3XkOtBCW*%NqC{7$MnIVprDB^O621{&}3i~&@yKT`X=FO1uvYsmrO(YuJxDq zV|?v9qQIAcTaT$^JmI{VpTPHZuR}x@Rfd*T&(mcBLwAec*M6GM543bzl+ZI78Jv2d z0je&Z!NeDHjDaO~U=phB0G}fyB?={_pnCni7J!BajPX>Kk01ovgsrnlwd)*gd_vi! zuvjSL1yH}$=Z_2j`wBk1ac(NuDUG@Vh{7b-Vo)N)U?^2@)9E!}?KiQa;@14wmL=wT z{?iEq`E_~AfgH9vlr$)C;iQjK>b1#U-!5fZv}c&bwu6w9NE}8BMR#h869VP!|#O(%6+U} zPk^-0kl09#no>I{Dyc$9>b<-V$&GvFt?`hMAsV6V4D-a7>oA%)H%7tJpB|8Kw=Cr? zbGYNPb{av{3{^7P6TTihlSRzvu%^qalzJHwrxzghK@iIO;^em+!&J6(|0y}}$rm>z zCB_bh$wc;a)UrPGX!IOzrN^F>_S(f2NqAOjQNe373m95M3_&HTXu!%B(~~vxuZdWd5D8hb*yXZh2Gnp z^VOK^Zxaa{WS2lPn1A@0GGqc}vnslMKFT|!vUDl6qYK1vr8t_F*w_^HkKg(?IiliV z^lb(PbND(L ziW}oD5zsA{EU4FUy)b11@equ&>6xv3WzrPvmu_lfkEL7lr}LCCYkQ&hdA++&1Y7O3 z{H1r=h=vsP?nE)DV!6p`NKEDCQrQUtf|4c_piK{GRA~kmVdV2!>k)M`VPwk{)WqaX zhoclAu0#nGG9i)f@gl+eH$el(Mc<4!v+ZLPk5+MpC5SOQl5o-ROO;m@|NZconWu3U}rZ;EZ=IXKVy4X=a`dtJr}`I4$$DrwdNr2=XB1B+-p!vq3s~j zri^w9igGDy_&gMG98OMXybWTa*9uuT(d+n`BRwu4dl?v4nfS&C3wHeMQw{D&1Hs-ge zps3wk4w?Xc)Y6EZW6|w8Dv2A!K=8Z*X`=8^a{hU0*j4@T-rl3O*W~DVX zQn#g4V!4XS^2GuB{lb@zq9@Dg=6rngVBPR$4(+}o;EA)<9I?G6;hv>IwX7|P;Ckov z9aZ8WMT4R;M@HjC-Y=Z82+A~4cTx+ICYE>oWP43#%dMHE%Y1P#{t;%eyD6szrDD%; zv$IFhGkY)=)@+1S@AkWB;gIB@w?V`8b9mbF%&cu|%`s8+`6aiP6CCO>n&raO%n}H! zPTL*Oi*tjTWTVPzyckJl#F*JYNfIMdjx!*NlL0VO?_(89OhP#CiB6SGFP;II__`#c09piBrq% zZ`viHx8BwE!{N5(^fC^RoVCj%>s_eZQlEbGkUv|$CShm_5fC}?RA(W=J7$4=hR>q# z-_e{bGa^jKaMHz>RHQVOB>tdh7`I@~OJy>Es?m-)nbV3UwK7C@%c55@;i zK8?hn4cJEQA}>7Ws^wsP+tYp@bUvtmeUlCnP8(V`=);rs?jyCxk?=Zx9L)3S3%W~zbe+9%;UKBSV1Yzc*(zudSziDpKC$BypI6OKm+yzT@vyHe z_@tt}t#1eX&WF$50Ik~=AmR>g6Y|%wTTnzIVN^>~3c&E)+pa^A_G{f}=+%@zICR3x3biu#24gNa6cP;(U z@5g(8li?JhhOg69#mD%m)kykGd1tRw|B&%$0y@j*)ZBrqHaNpWdhGh<@Lx}*15P!D zk-~c|zcSskcyS&gOzU34Io=c#kw-jvX7vYYo86o@3-!~?%HSr|d#LaeP`L~qj5O$2 z+C)p{Mu~9(&@?)0V)Oy=gAMFz=&29v@pLWw1#)4panqbJ*YSAiRpz>Q2#-V z2JtpsB~Pxv@^Aw(_tc`#t*@Al@M20*ebMBhx#BC6dEb#BegTpaX&rpOQ)e;2$KV}q zmPDUzGufuRiD(-&udSnh^0-!_eUuQP75{^1zBA=9*M|~1w8eU zHj(G;^?J*- zW|hp=uWUWW?#1LC@(7ma$%loGlj0YqxI6?+)Y*qI3&1FK=BY7cV}0N6=aY{&aZ6$! zC^6hCXJh&y^L&BR`-c9%Z15d(2MA)ny%L)yaPIq(VGO{ABxYlILUwZzM}@{ej>|Pz3TIPwY4Rd_U!PboEk` zCijhQ72&c2#Gy8pj&G^uzfoS8xyYvHTKw|xi4E&dGg-3zX{HCKN7LT)=Bjbc*gqotL2lR} zS z++GRvkun*tUpE))>Bu(r2OHaY?WZ5`3^^VGZjeyOz5)091qJ4&xS`c3g{y71E{KC? z#PyYT(UpDerQ4Fm%&6USIx7GC$9Bh)fcSFoItx`?{5a*$CpN~*Smea=#0v41!s1Kx zg{@7$=m-}Tpd%77lG%SpM!g^5m)ae*UHx6#HraCXNRhA4-=P|}1$BSI3wlUFG=1bc z`486l`8V*okn{YCVK%FB2`QAC(cdwSnPcS)bdAnY%jcY;?@^i=D4@eyJ%aVpO3TX1 zS|6~4s*XWu)0elCtH|_pXm}KTeCR zQ6>#_JOu;oUf*z>t@GPU9!GOoci`DLY!0jn5>LHQv)^wwP+Ah!4XfI9o)!Z+?u^Od z3R?w9f}AK)*wA71ruPCtpPi=ZwkBi%89zITT#BkD1RarNs`7p-ZEbScvCW0odz#+# z+sLocX=eK%-@F8pCU4G3{jd*yImvr1hUNqOGgB6fCcaB*E0Rua8L%PU(r{%T7{*Az zwmfCbjz1Og50XU4r8?BxwCfL?nmfZk+4^?E%H&fCU&(rkW69=NJCkKfalR{9DASAUJ}N7@)S}eC)Kb~NvcD|~R8%I2ovyMPx7j)WP@zxg znH%1^0V5DCrfPp|`U^)ari(8wFPtu#J>s;3Ma~@Mac;2Nu>ZuaRqN)*hIl%2IxAD7 zB}``T@Sunm8#z?g;BqsyGD|Tq@bIl0E*vh%p;s|;(TNwgN-a5$mRQQvxUI^KC#TgJ z?47KN)mIDAcIw5(*jAWdyg!hUcC|T&3-n-f^FIvT4m`VWru)=E zQD?MQ6y2Y@NwX7JWxFIb6nH~Z(Lnh|Y&>>1Cccgansa+ zS#Vl4Ze^TW!}JF#sWp4kGS9meK|5Z220&Wj7Qq!c5=3qy)kbHmEoe62k2VXM9z z8cq4+*IzF(Pm1H0O#zx=tD1mK^iMtyJ3^Qi6PUv1oGq8|Mm(laTcJMrNU+>F5Iu_} zBqrWaE)p>~Z8{KhQ0S}7*0rOr!RN`D-Z~|rZHVV<^BAA(D^mtSAmd0oum54gg5B#y zVBO~tmrja3`slG?^pS9=nlB{`En?XLwMpG%Oob0)vE|aiGitB5ytvY3{U`Ag7R10v z)|izQ2Y8gQk^9Z+v-qB>|4W5ONHDA?%>j-~S;*XF8ZEsfB-vTS#&nn6u)p7( z9-wu*7Q~pD%*v%a&&%%{T)-6sg>j?e)PIw<>ag)JPf)|fjil`~#*~f?M!V&u}>AsB(o9pFqy= zXm_pSJzls7FK-VKX0yZTtn#92dJQ0rY?2|zTg!dAcl->QR8*xcGuPM4T9uf7a2A6 zSJ?)f$26+;$;w;=m?|Q`{9wux)Ah#gDjxj*!w8cmC$MT>2bu_Ovb|!k8{=FT*Wf-B z`O-0)2qg4g`aH$l|3GXf8R}#w?ynA7qYv`t>b=7OVi!O5U>~LKg$6T%!aQFb^?i$+ z-@^d_b{C2Ig!Wo6Y)7l|;hX1sGc56212Qqs*Cf9v9)j3OlEBlzJ#li#?!lTmD0uEU zA={*5YY-O3xNmWHI^IHs?;YPrncZk<_K=D3Ii6m^2B0>fY7iF!uJpR0pJ4i8k&vrrI?~CB9P{^Kou3o-6|E$@a{`PW40~4)BHX-)KXCx&h2~|k%d?Jnw zlgupiQSR1x3cJ%25yhs++DSypq-xuFwDL2(AXBrA*Y%MX-iZH$7 z{%A^|ZK!~ncfCCKm3^%c{GzENP8f;ZNLflW*hT)uh_6(wf6;1_(q3EhT5k_K+wK5I zl=gE%bu27~&Sl<Kq_D|hw)%_KKFe-sd&aiI zY+-u3Yer+V`wRj#ZRTuI69*Y156=^37AR+&M<0y^1QE;e_y~fbkAcY>mSg2fA}nuUu8!( z+-N|qIFEN1$2EaR*BJ9O;4d!r{PCiS;0mPq-V$%3W2L)~^%t~~zB=@p+=Jbk^YjOC$IFL1r__U6#S zuxU^;kwWKu8=74ED5IpD^Hfy{@RP1?I?ae%76?94;!dM+(oHgG;?P@F|n_*$gNud<5g!Mnt}}C%!34x zc>NQ=pO-k?ZZ|9R>J-}#bExU)uL?G`Z01kouis!Qr?bx_aYq< zPO8mf*G6*saj)Fg!}%zp??D5C>)WV{{BUX-?E}jhr#UQ;&CN=ndyb|wF~q3~Wo~92 zk8hQ%Hv!uwlm3os2<|AdK?(P(r=!VG2B;!gtBSd#{!}z4E|R`hf?sbq%T^fYJ38vj zSnNf$J5ptrU7#(f01v|U^|?!)DWC6|JV(NEs>XIgIhuNMx|uK0aX80Juh^tub&NzX zWM;{rCgYRJy~qM&)1uaZUX4R7`C+?WR|oN2gV6#%e|Hr#WH2OWr;md((A?##+HG-- z^u+e~-C4Z_*4Dpd zK5M~$aG;H?|DeJ8GcRmQqTA#L>waCirrp=bYJ=caHB<>UHN;^}XUw3gNZX1Z(}nb^ zxpHO7eL?$mEA2qm)?n(gog@mq8FG4-BY(?g44t+hysP|K+y3m*$-QMKtKrR9{`vmJ zrZ}5wvtpSb?8+*=aHgk!m5NORsM7Kg7bLzdb;xldf?aPwH-B@}E%%iOHF-d)NRpZ% zsQL#-Rs~jRrgq%ck4WlI6+=f0up!NOfvU6+U8yl!ao4*u`5gJo*0GUS1I~2aYu>wo zYH4eE7QLDC)e>SlHFvD|=jBx~RDfa&HRVdjL`s+`0~1p{`<8FHP50@!8Mo8Udb3^z zWtxcyRW8LH4SuRCy(o$u;Z#`2J3M1&5dh~n`)sHI^MAL%=cEcqVy`gxsU4y17h1nELs zADpvwEVX^m_0*aqqvjPlZ^z$Y>p4Z7J&JzkodAY;y#v|W545~wv5RoSJ;DCE)rnA@ zwCz_4yQ7<68kZPWK}?2dX40N2t4`AoRdnD0jmw>z5~}7OjL~bIR5NG(DKFS*nG($_ zUTQ*g`0X`WYs`k6iJgY8?MW98?uEvNR9%K_rZ5?T+*h8(WGIgOR1tpu0l`;5_M4lS zJiP7BzVrqv67Ug60V&;cyIuSzExtebtP#C9U7EPKEo88fu8%G^5OcGvq1hB(9?vXW zGpwlH_;PYoEvs;7iENJ7plUPq#&)Jr&IBUs9}v`}CNm54Ufr9+ zZw_H5YsJ=M-SgoiW24Sr^A^pvRbG9W<{-Zai6}OZic+|8xdQJDJbVl`zt~dG_?w7^ zesv}Xo9}IlR9Fsu*7jT-M*jP7;L+i|v@Ovb>8m;1-q_g4z)#4g&NaG9DR+u$FlF~E z)2!_jK%y1>E+Ukj#mDkGt%h}0-x=h|HhF9#3wzoJ_@^5d3i=z~)dV0lxC~5) zXG8a9_;zgUgH|^-h%oefovT$FRZQyAdy~l__j8EeLDFWLs>m0|q^8~V{uE|f#hej; zR~?|cs`Fy$FIYH67MF^yz8Lj7gn>gEb{v;*y3=n8{Z z1+Q3E>b-YmmexoN$~n310oBt1!?7 zSX1(T**UUVf#N52+lV8Gg@eYeyMGr*aUE95-h&oj1#leS4|>~0}^-zt5fFbjPT=V>IGZFuv9?W zMQij<&t%B-_4k7TRjky?W@gM1TN{t;@XE`_54eiwbkAn|jAsK%?cdBc2iRAjvrFri z`p=8(e8!a$VNTvN7wnJ?TFwi>21u_M+we^zv>N21V>`O*$D7h^Hf66J;D_{ohE_cV z%2ul@b@GY*2?@ls1sJ0>`T4Riv~oQYsI90=e=!1G!Qb)20KIsxIBs)mYZW(oWAjtb z8JZ??w&SEQDAvO;&I6M+kqckC;`ud$Nn6t(J1{WtegBeIT}p^kY+vF8r1|xs3QoIK zEunA6_{ACsI|OqPzC=}e?8uQUI9zJX-MHrC7g1l_)j?k1axsM2z?OP0lAB07kB#J^ zP($jSbQJzHM-G|#;+{W$?w}CxjZ38iKmbif^9|ddJNWo;8CIe0c8UrMbHY8h6_SVY zLXrud*qg)l0}VU`RHd;rPgY^ktB{TO=ut8F{3DeF0y$+r6sSc3EeMsiqiVEW`~MPF zPQO!6gvrPiIT4UmQ=`XSTP2m~R8Co%*_>ho(c6J+a0v(BrprRLF_eD5%C_|1SZ>Vt3#U-AlboQe zaD)Z?u_DhxQRT)PODn5>E`V3tY6=TU7*0`2sq+eEMT}_5+-E0bQ%-a-oJlb=DBSHN41wPO|}E?3qnE#s1!%Mj>rQwtv_+H|Maj(d|3da zr>BSN>Q2iv7)fgr4=ZpY83@jXB>NQm@qp)SJfazEdKKcqSaSu`wPfrNQZ0NI|F&7g z0f{ZS99sLonB-DLwNM@2;emlPH%%$Cn}B{(9eo5;KR=Bw?l zfH@`N<1dKkY;b1^lM5%G+5yY9ycV%@=Dx!V9@iXE6P#*iH*2v zLL6=hFv`x(4v$V#;qDGynNw$fFJJcDWT@X6gYr-SHX% z-EJf41U^@!$EXf@6b$1sz;@P%iN5t0PpgBfs3J7EJlU z3yGNB^!oK_$_?K1GldDcx3Fd`RYNztW0eZ)jXAvurJJDi2F(equTg0J}rr-nwpj)ZW2SC7zvwg9<&@VAv^` zm}KLmAbOe;$~!MY3Y?{-?ZTgml)#*HP!BU%jSC1MvpT$S&|1&!zDf{EFqC88v*l%O z<-{|_ZkA7tsfU^?%*G-|$r|$@Iy#z-g+DR##J}0_^RcfHWl_aRgj&a`-59J?Zn1BRLE#=`^u@mJ-(CAO?^hCITie zWF(>=oKoNyLhkcZBH$;qu3rCNRKa!C`o|b%i_qJzPSewCxVt0DD;zA*{eFQTJ6Jh{ z2GV%VA%E!r;iN83u1=vfk-f~tCLB;5_`ozJfN8aKJ`S71U+r_Mj}EkvwpRb&7+14? zRC1JJ7<@@JJ2{!IX1AZR27K`9vnah0!f&<_Xf?oGU>6q?NezBA%lmo(?Ck8Ss;W_> zLkD5v7fj4sT^2-H^3Fo^!6)+sxCi@6Pitt=v_WpQ^%PLC|>w6+PD#`-PrzH1(r_KT>1UIc-OFpI!B?MiR zfaD8OGjIP>^7-5#%19otd5inf7-}_~EN|^KTXb6iVg=d3`7pODN5NJZKGVjb&qLXS zIDp2S&=#y4Bp(7EV+HJu0dK=PW7Gh2z0Ye zhbe#3+~kLtB{~m9O&(}J39#QW+9amG>?ePs2x-M{gb;wEDTeQwyKjZxL)EUG!&uKo zkEJxLFUzx^wFjXpjl+Wk2rUy&$Kr&^*z7#UVZq3n)YSSJW3geUrN?sxUYwd|A!#NK zM5ItCetZ`s7=F2?^`(d9jt<{--U4#HZ)jBLYWhyT2+F=lqjA%pY$UTrTMkHr5l%xw zCoGT7hgjOjY8pB(Hw8ZAWW~J(!BwkV7pkJfifQAutsOu$vO%&T^tMS6el`>=8;Cez zs{d^FZTFDlMem%jJr3o=;D{BThKAzkM*p(9d8|zB+6%4fxI^bV(`1vm+{6ZEC|Gg>i!X_{fjJQ2s;6T zTQk{`%x55W-Um>fK6OfCsyK3HP9(eF-VMP=%c{ngm|YaS;*Tevgm}Z0fGR67_FT>| z?Gtcj?&g6P5yEQ74i(m~6&;5B1c+(fiZNzg^IR8hF^N3rlRV;vIe^AU$kO_Sym);3 zTqKUDh~P(Ka8Aq255*j3qAr9#qp1uH39&R`%-H=zdGtt9e?WuM(cqB#UwbQWH@*z~ zcn=7lf8~Vdn;d!Az~T(igtcHWkEbZH?5OK6Sz zArqlF<>kG3Cfg;Olx!Q(R`5BVu|0nZCm}_J-TS*{1@JMaO8KUaSNp=(=VoVz%I`>m zpc;39Wy25~wnB3JVwei_hRs_ip(y?Vc{w>vD@F@vkL+_I4KX42P~F|}6NHT+4Xii~Kh%La~ zzchM;Zuk9S7M-_||7Y`#bPpPWI)jwTRXdumPnAV!4^|p52(T*5%cq>KR>0_jF!~<6 zfgG=vFX{TE?!3jUGyje04iZK9VY3OUMMT~@l2ErWskoTk2trkDs?;WI<`{cgnBHq? zG&*2QCU>+0SBW6b`c!{1h1; zw<>hi3R_RM-PyQ)#K(t{L3c`EAG_nAff0oqdv5#3mDs-*Qp8VhH?GcQc+Lnr@t6`u zzuu_&g1VLPp?ryrck<(R{MCN|<@E-63}b&W=^;BqfvnoGNQ&D=B&>vQ%&DD_Zy-8z zZg=D#=u+Yx)bY;%4DQh|q5lO8f1;PgmHiltp2U1~tVf>)XWXmAf;^R{NayB-_M<H;0FpVjK=LJjlQjo z-vIxk{x#t}DkbZ&G1Hp%g{iF;GUBqlG|5>0Hl^#-*T)L&MSgHh{Z-INtUx7<4`TcY zlaD)*U`TT3?#0HkJ?Sw4;(2Dn!d%Yow+YJaxvUPyh&X;EY=ogCOSmLl?gxxN2mpa3 zT~l97mFbY~tcc#ZF(W3B154`({P3lP+=QK9C~N4}n;g~-6}9`dEkVo5V&`w~BMblH z|KX291Yk%Ku)i&uq7ZJO3u`+f{Sy_s5I_- Date: Wed, 6 Sep 2023 09:41:27 +0300 Subject: [PATCH 09/12] Fix dnstwistTest TPB (#29455) * Change domain argument in task 6 * Update task 6 name * Test different domain argument due to timeout --- Packs/dnstwist/TestPlaybooks/playbook-dnstwist_Test.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Packs/dnstwist/TestPlaybooks/playbook-dnstwist_Test.yml b/Packs/dnstwist/TestPlaybooks/playbook-dnstwist_Test.yml index 46f251438b2f..3ec22e37830f 100644 --- a/Packs/dnstwist/TestPlaybooks/playbook-dnstwist_Test.yml +++ b/Packs/dnstwist/TestPlaybooks/playbook-dnstwist_Test.yml @@ -217,7 +217,7 @@ tasks: task: id: ad9da2dd-267c-471c-8423-0e8912a4633d version: -1 - name: dnstwist domain on "wikipediao.org" that has no MX + name: dnstwist domain on "lemisto.com" that has no MX description: Checks for variations of a phishing domain name. script: dnstwist|||dnstwist-domain-variations type: regular @@ -228,7 +228,7 @@ tasks: - "7" scriptarguments: domain: - simple: wikipediao.org + simple: lemisto.com limit: {} whois: {} separatecontext: false From ec18f5d2b50813cccc41ce9e4c00f8869cecbdf2 Mon Sep 17 00:00:00 2001 From: samuelFain <65926551+samuelFain@users.noreply.github.com> Date: Wed, 6 Sep 2023 09:41:48 +0300 Subject: [PATCH 10/12] Fix Get Original Email - Microsoft Graph Mail - test TPB (#29467) * Update MessageID and SHA256 values in the TPB * Update secrets-ignore --- Packs/MicrosoftGraphMail/.secrets-ignore | 1 + ...ybook-Get_Original_Email_-_Microsoft_Graph_Mail_-_test.yml | 4 ++-- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/Packs/MicrosoftGraphMail/.secrets-ignore b/Packs/MicrosoftGraphMail/.secrets-ignore index 4292e8b9e1b0..7d0ff68d030b 100644 --- a/Packs/MicrosoftGraphMail/.secrets-ignore +++ b/Packs/MicrosoftGraphMail/.secrets-ignore @@ -1,6 +1,7 @@ AM6PR07MB44530DA96C2DF255705F30FD83CA0@AM6PR07MB4453.eurprd07.prod.outlook.com AM6PR07MB44530DA96C2DF255705F30FD83CA0@AM6PR07MB4453.eurprd07.prod.outlook. VI1PR07MB4751252DDE7DD134E41EB032E2859@VI1PR07MB4751.eurprd07.prod.outlook.com +VI1PR07MB6656AF1CC691E69D7FB0AD2F99859@VI1PR07MB6656.eurprd07.prod.outlook.com 2.3.4.1 2.3.4.2 http://www.arm.com diff --git a/Packs/MicrosoftGraphMail/TestPlaybooks/playbook-Get_Original_Email_-_Microsoft_Graph_Mail_-_test.yml b/Packs/MicrosoftGraphMail/TestPlaybooks/playbook-Get_Original_Email_-_Microsoft_Graph_Mail_-_test.yml index 618d7a53cbf9..c1c824239efd 100644 --- a/Packs/MicrosoftGraphMail/TestPlaybooks/playbook-Get_Original_Email_-_Microsoft_Graph_Mail_-_test.yml +++ b/Packs/MicrosoftGraphMail/TestPlaybooks/playbook-Get_Original_Email_-_Microsoft_Graph_Mail_-_test.yml @@ -63,7 +63,7 @@ tasks: iscontext: true right: value: - simple: 5284e46729c4f554172494938be7482627cbfb3d91b83f83b7a5c70cf647ae94 + simple: 4d012709df219dd46f4fa5992aea81193c1465f0e12c8580df59ccb335a6f66b view: |- { "position": { @@ -212,7 +212,7 @@ inputs: playbookInputQuery: - key: MessageID value: - simple: + simple: required: false description: "" playbookInputQuery: From 9812e1e777726959aa8944ab1728ef741ff5b252 Mon Sep 17 00:00:00 2001 From: content-bot <55035720+content-bot@users.noreply.github.com> Date: Wed, 6 Sep 2023 10:26:59 +0300 Subject: [PATCH 11/12] New features for emails (#29400) * New features for emails (#28916) * New features for emails * Fix validations * Fix lint and test * Increase coverage and fix validation * Increase test coverage * Manual report condition * Request changes * Fixes request changes * Fix last fetch * Skip event with last fetch time * Remove sensitive data * Change args from simple to complex format * Update notification endpoint * Minor fixes * Fix layout field * Fix condition for manual alerts * Update docker * Add button to get campaign result and fix scan info command output * Update release notes * fix Rn * fix rn * fix rn * remove an empty line * add a "." for validation to pass * one more period --------- Co-authored-by: Christian Gutierrez <138159801+chkp-christiang@users.noreply.github.com> Co-authored-by: Yehuda --- Packs/CheckPointHEC/.pack-ignore | 22 + Packs/CheckPointHEC/.secrets-ignore | 7 +- ...dentfield-CheckPointHEC_Campaign_Task.json | 32 + .../incidentfield-CheckPointHEC_Customer.json | 4 +- ...identfield-CheckPointHEC_Email_Sender.json | 33 + ...dentfield-CheckPointHEC_Email_Subject.json | 33 + .../incidentfield-CheckPointHEC_Entity.json | 4 +- .../incidentfield-CheckPointHEC_Farm.json | 33 + .../incidentfield-CheckPointHEC_Saas.json | 4 +- .../incidentfield-CheckPointHEC_Task.json | 32 + .../incidentfield-CheckPointHEC_Type.json | 4 +- ...denttype-CheckPointHEC_Security_Event.json | 2 +- .../CheckPointHEC/CheckPointHEC.py | 248 +- .../CheckPointHEC/CheckPointHEC.yml | 176 +- .../CheckPointHEC/CheckPointHEC_test.py | 276 +- .../Integrations/CheckPointHEC/README.md | 181 +- .../CheckPointHEC/command_examples | 2 +- .../checkpointhec-get_action_result.json | 36 + .../checkpointhec-get_email_info.json | 113 + .../test_data/checkpointhec-get_entity.json | 2 +- .../test_data/checkpointhec-get_scopes.json | 13 - .../test_data/checkpointhec-query_events.json | 4 +- .../checkpointhec-search_emails.json | 17260 ++++++++++++++++ .../test_data/checkpointhec-send_action.json | 16 + .../test_data/checkpointhec-test_api.json | 3 + ...r-CheckPointHEC_Security_Event_Layout.json | 1216 +- Packs/CheckPointHEC/ReleaseNotes/1_0_3.md | 66 + .../Scripts/RunCPPhishingCampaign/README.md | 25 + .../RunCPPhishingCampaign.py | 63 + .../RunCPPhishingCampaign.yml | 36 + .../RunCPPhishingCampaign_test.py | 37 + .../Scripts/SendCPAction/README.md | 33 + .../Scripts/SendCPAction/SendCPAction.py | 39 + .../Scripts/SendCPAction/SendCPAction.yml | 40 + .../Scripts/SendCPAction/SendCPAction_test.py | 21 + .../Scripts/ShowCPEmailInfo/README.md | 27 + .../ShowCPEmailInfo/ShowCPEmailInfo.py | 47 + .../ShowCPEmailInfo/ShowCPEmailInfo.yml | 20 + .../ShowCPEmailInfo/ShowCPEmailInfo_test.py | 52 + .../checkpointhec-get_email_info.json | 113 + .../Scripts/ShowCPScanInfo/README.md | 27 + .../Scripts/ShowCPScanInfo/ShowCPScanInfo.py | 30 + .../Scripts/ShowCPScanInfo/ShowCPScanInfo.yml | 20 + .../ShowCPScanInfo/ShowCPScanInfo_test.py | 24 + .../test_data/checkpointhec-get_entity.json | 185 + Packs/CheckPointHEC/pack_metadata.json | 2 +- 46 files changed, 20176 insertions(+), 487 deletions(-) create mode 100644 Packs/CheckPointHEC/IncidentFields/incidentfield-CheckPointHEC_Campaign_Task.json create mode 100644 Packs/CheckPointHEC/IncidentFields/incidentfield-CheckPointHEC_Email_Sender.json create mode 100644 Packs/CheckPointHEC/IncidentFields/incidentfield-CheckPointHEC_Email_Subject.json create mode 100644 Packs/CheckPointHEC/IncidentFields/incidentfield-CheckPointHEC_Farm.json create mode 100644 Packs/CheckPointHEC/IncidentFields/incidentfield-CheckPointHEC_Task.json create mode 100644 Packs/CheckPointHEC/Integrations/CheckPointHEC/test_data/checkpointhec-get_action_result.json create mode 100644 Packs/CheckPointHEC/Integrations/CheckPointHEC/test_data/checkpointhec-get_email_info.json delete mode 100644 Packs/CheckPointHEC/Integrations/CheckPointHEC/test_data/checkpointhec-get_scopes.json create mode 100644 Packs/CheckPointHEC/Integrations/CheckPointHEC/test_data/checkpointhec-search_emails.json create mode 100644 Packs/CheckPointHEC/Integrations/CheckPointHEC/test_data/checkpointhec-send_action.json create mode 100644 Packs/CheckPointHEC/Integrations/CheckPointHEC/test_data/checkpointhec-test_api.json create mode 100644 Packs/CheckPointHEC/ReleaseNotes/1_0_3.md create mode 100644 Packs/CheckPointHEC/Scripts/RunCPPhishingCampaign/README.md create mode 100644 Packs/CheckPointHEC/Scripts/RunCPPhishingCampaign/RunCPPhishingCampaign.py create mode 100644 Packs/CheckPointHEC/Scripts/RunCPPhishingCampaign/RunCPPhishingCampaign.yml create mode 100644 Packs/CheckPointHEC/Scripts/RunCPPhishingCampaign/RunCPPhishingCampaign_test.py create mode 100644 Packs/CheckPointHEC/Scripts/SendCPAction/README.md create mode 100644 Packs/CheckPointHEC/Scripts/SendCPAction/SendCPAction.py create mode 100644 Packs/CheckPointHEC/Scripts/SendCPAction/SendCPAction.yml create mode 100644 Packs/CheckPointHEC/Scripts/SendCPAction/SendCPAction_test.py create mode 100644 Packs/CheckPointHEC/Scripts/ShowCPEmailInfo/README.md create mode 100644 Packs/CheckPointHEC/Scripts/ShowCPEmailInfo/ShowCPEmailInfo.py create mode 100644 Packs/CheckPointHEC/Scripts/ShowCPEmailInfo/ShowCPEmailInfo.yml create mode 100644 Packs/CheckPointHEC/Scripts/ShowCPEmailInfo/ShowCPEmailInfo_test.py create mode 100644 Packs/CheckPointHEC/Scripts/ShowCPEmailInfo/test_data/checkpointhec-get_email_info.json create mode 100644 Packs/CheckPointHEC/Scripts/ShowCPScanInfo/README.md create mode 100644 Packs/CheckPointHEC/Scripts/ShowCPScanInfo/ShowCPScanInfo.py create mode 100644 Packs/CheckPointHEC/Scripts/ShowCPScanInfo/ShowCPScanInfo.yml create mode 100644 Packs/CheckPointHEC/Scripts/ShowCPScanInfo/ShowCPScanInfo_test.py create mode 100644 Packs/CheckPointHEC/Scripts/ShowCPScanInfo/test_data/checkpointhec-get_entity.json diff --git a/Packs/CheckPointHEC/.pack-ignore b/Packs/CheckPointHEC/.pack-ignore index e69de29bb2d1..aa6df17ed5fb 100644 --- a/Packs/CheckPointHEC/.pack-ignore +++ b/Packs/CheckPointHEC/.pack-ignore @@ -0,0 +1,22 @@ +[file:incidentfield-CheckPointHEC_Campaign_Task.json] +ignore=IF113 + +[file:incidentfield-CheckPointHEC_Farm.json] +ignore=IF113 + +[file:incidentfield-CheckPointHEC_Email_Sender.json] +ignore=IF113 + +[file:incidentfield-CheckPointHEC_Email_Subject.json] +ignore=IF113 + +[file:incidentfield-CheckPointHEC_Reported.json] +ignore=IF113 + +[file:incidentfield-CheckPointHEC_Task.json] +ignore=IF113 + +[known_words] +HEC +CP +Saas \ No newline at end of file diff --git a/Packs/CheckPointHEC/.secrets-ignore b/Packs/CheckPointHEC/.secrets-ignore index 23a90e031ba4..e80cf8a1a00f 100644 --- a/Packs/CheckPointHEC/.secrets-ignore +++ b/Packs/CheckPointHEC/.secrets-ignore @@ -1,3 +1,6 @@ Automation@avtestqa.com -24dfc0f6bd9c7f2eaf5f8457b8c593d3 -54.240.9.35 +a@b.test +https://yardiasp14.com +http://operatf.xyz +a@b.c +d@e.f \ No newline at end of file diff --git a/Packs/CheckPointHEC/IncidentFields/incidentfield-CheckPointHEC_Campaign_Task.json b/Packs/CheckPointHEC/IncidentFields/incidentfield-CheckPointHEC_Campaign_Task.json new file mode 100644 index 000000000000..1ffcf277bb4d --- /dev/null +++ b/Packs/CheckPointHEC/IncidentFields/incidentfield-CheckPointHEC_Campaign_Task.json @@ -0,0 +1,32 @@ +{ + "id": "incident_checkpointheccampaigntask", + "version": -1, + "modified": "2023-08-07T15:36:49.667762Z", + "name": "CP HEC Campaign Task", + "ownerOnly": false, + "description": "Campaign task id to get results", + "cliName": "checkpointheccampaigntask", + "type": "shortText", + "closeForm": false, + "editForm": true, + "required": false, + "neverSetAsRequired": false, + "isReadOnly": false, + "useAsKpi": false, + "locked": false, + "system": false, + "content": true, + "group": 0, + "hidden": false, + "openEnded": false, + "associatedTypes": [ + "CheckPointHEC Security Event" + ], + "associatedToAll": false, + "unmapped": false, + "unsearchable": true, + "caseInsensitive": true, + "sla": 0, + "threshold": 72, + "fromVersion": "6.9.0" +} \ No newline at end of file diff --git a/Packs/CheckPointHEC/IncidentFields/incidentfield-CheckPointHEC_Customer.json b/Packs/CheckPointHEC/IncidentFields/incidentfield-CheckPointHEC_Customer.json index dd7272699e12..c5fe5dd746fd 100644 --- a/Packs/CheckPointHEC/IncidentFields/incidentfield-CheckPointHEC_Customer.json +++ b/Packs/CheckPointHEC/IncidentFields/incidentfield-CheckPointHEC_Customer.json @@ -1,8 +1,8 @@ { "id": "incident_checkpointheccustomer", "version": -1, - "modified": "2023-07-02T03:39:22.498231281Z", - "name": "CheckPointHEC Customer", + "modified": "2023-08-01T19:26:46.346683Z", + "name": "CP HEC Customer", "ownerOnly": false, "placeholder": "CP Customer", "description": "Customer portal name", diff --git a/Packs/CheckPointHEC/IncidentFields/incidentfield-CheckPointHEC_Email_Sender.json b/Packs/CheckPointHEC/IncidentFields/incidentfield-CheckPointHEC_Email_Sender.json new file mode 100644 index 000000000000..322e05bcdda8 --- /dev/null +++ b/Packs/CheckPointHEC/IncidentFields/incidentfield-CheckPointHEC_Email_Sender.json @@ -0,0 +1,33 @@ +{ + "id": "incident_checkpointhecemailsender", + "version": -1, + "modified": "2023-08-07T15:36:49.667762Z", + "name": "CP HEC Email Sender", + "ownerOnly": false, + "placeholder": "Email Sender", + "description": "Sender of the email", + "cliName": "checkpointhecemailsender", + "type": "shortText", + "closeForm": false, + "editForm": true, + "required": false, + "neverSetAsRequired": false, + "isReadOnly": false, + "useAsKpi": false, + "locked": false, + "system": false, + "content": true, + "group": 0, + "hidden": false, + "openEnded": false, + "associatedTypes": [ + "CheckPointHEC Security Event" + ], + "associatedToAll": false, + "unmapped": false, + "unsearchable": true, + "caseInsensitive": true, + "sla": 0, + "threshold": 72, + "fromVersion": "6.9.0" +} \ No newline at end of file diff --git a/Packs/CheckPointHEC/IncidentFields/incidentfield-CheckPointHEC_Email_Subject.json b/Packs/CheckPointHEC/IncidentFields/incidentfield-CheckPointHEC_Email_Subject.json new file mode 100644 index 000000000000..099bc9151649 --- /dev/null +++ b/Packs/CheckPointHEC/IncidentFields/incidentfield-CheckPointHEC_Email_Subject.json @@ -0,0 +1,33 @@ +{ + "id": "incident_checkpointhecemailsubject", + "version": -1, + "modified": "2023-08-07T15:36:49.667762Z", + "name": "CP HEC Email Subject", + "ownerOnly": false, + "placeholder": "Email Subject", + "description": "Subject of the email", + "cliName": "checkpointhecemailsubject", + "type": "shortText", + "closeForm": false, + "editForm": true, + "required": false, + "neverSetAsRequired": false, + "isReadOnly": false, + "useAsKpi": false, + "locked": false, + "system": false, + "content": true, + "group": 0, + "hidden": false, + "openEnded": false, + "associatedTypes": [ + "CheckPointHEC Security Event" + ], + "associatedToAll": false, + "unmapped": false, + "unsearchable": true, + "caseInsensitive": true, + "sla": 0, + "threshold": 72, + "fromVersion": "6.9.0" +} \ No newline at end of file diff --git a/Packs/CheckPointHEC/IncidentFields/incidentfield-CheckPointHEC_Entity.json b/Packs/CheckPointHEC/IncidentFields/incidentfield-CheckPointHEC_Entity.json index 2a92ed3c7d3f..91a3dc2a47f4 100644 --- a/Packs/CheckPointHEC/IncidentFields/incidentfield-CheckPointHEC_Entity.json +++ b/Packs/CheckPointHEC/IncidentFields/incidentfield-CheckPointHEC_Entity.json @@ -1,8 +1,8 @@ { "id": "incident_checkpointhecentity", "version": -1, - "modified": "2023-07-02T04:30:15.829662037Z", - "name": "CheckPointHEC Entity", + "modified": "2023-08-01T19:26:46.346683Z", + "name": "CP HEC Entity", "ownerOnly": false, "placeholder": "CP Entity ID", "description": "Internal entity ID of email with leak", diff --git a/Packs/CheckPointHEC/IncidentFields/incidentfield-CheckPointHEC_Farm.json b/Packs/CheckPointHEC/IncidentFields/incidentfield-CheckPointHEC_Farm.json new file mode 100644 index 000000000000..57858044a808 --- /dev/null +++ b/Packs/CheckPointHEC/IncidentFields/incidentfield-CheckPointHEC_Farm.json @@ -0,0 +1,33 @@ +{ + "id": "incident_checkpointhecfarm", + "version": -1, + "modified": "2023-08-07T15:36:49.667762Z", + "name": "CP HEC Farm", + "ownerOnly": false, + "placeholder": "CP Farm", + "description": "Customer farm", + "cliName": "checkpointhecfarm", + "type": "shortText", + "closeForm": false, + "editForm": true, + "required": false, + "neverSetAsRequired": false, + "isReadOnly": false, + "useAsKpi": false, + "locked": false, + "system": false, + "content": true, + "group": 0, + "hidden": false, + "openEnded": false, + "associatedTypes": [ + "CheckPointHEC Security Event" + ], + "associatedToAll": false, + "unmapped": false, + "unsearchable": true, + "caseInsensitive": true, + "sla": 0, + "threshold": 72, + "fromVersion": "6.9.0" +} \ No newline at end of file diff --git a/Packs/CheckPointHEC/IncidentFields/incidentfield-CheckPointHEC_Saas.json b/Packs/CheckPointHEC/IncidentFields/incidentfield-CheckPointHEC_Saas.json index 48f745162db0..768d2987a2dc 100644 --- a/Packs/CheckPointHEC/IncidentFields/incidentfield-CheckPointHEC_Saas.json +++ b/Packs/CheckPointHEC/IncidentFields/incidentfield-CheckPointHEC_Saas.json @@ -1,8 +1,8 @@ { "id": "incident_checkpointhecsaas", "version": -1, - "modified": "2023-07-02T04:30:00.142598958Z", - "name": "CheckPointHEC Saas", + "modified": "2023-08-01T19:26:46.346683Z", + "name": "CP HEC Saas", "ownerOnly": false, "placeholder": "CP Saas Identifier", "description": "Internal SaaS Identifier", diff --git a/Packs/CheckPointHEC/IncidentFields/incidentfield-CheckPointHEC_Task.json b/Packs/CheckPointHEC/IncidentFields/incidentfield-CheckPointHEC_Task.json new file mode 100644 index 000000000000..d505dd6848bb --- /dev/null +++ b/Packs/CheckPointHEC/IncidentFields/incidentfield-CheckPointHEC_Task.json @@ -0,0 +1,32 @@ +{ + "id": "incident_checkpointhectask", + "version": -1, + "modified": "2023-08-07T15:36:49.667762Z", + "name": "CP HEC Task", + "ownerOnly": false, + "description": "Action task id to get results", + "cliName": "checkpointhectask", + "type": "shortText", + "closeForm": false, + "editForm": true, + "required": false, + "neverSetAsRequired": false, + "isReadOnly": false, + "useAsKpi": false, + "locked": false, + "system": false, + "content": true, + "group": 0, + "hidden": false, + "openEnded": false, + "associatedTypes": [ + "CheckPointHEC Security Event" + ], + "associatedToAll": false, + "unmapped": false, + "unsearchable": true, + "caseInsensitive": true, + "sla": 0, + "threshold": 72, + "fromVersion": "6.9.0" +} \ No newline at end of file diff --git a/Packs/CheckPointHEC/IncidentFields/incidentfield-CheckPointHEC_Type.json b/Packs/CheckPointHEC/IncidentFields/incidentfield-CheckPointHEC_Type.json index 093ab1b00562..2d898a4e8188 100644 --- a/Packs/CheckPointHEC/IncidentFields/incidentfield-CheckPointHEC_Type.json +++ b/Packs/CheckPointHEC/IncidentFields/incidentfield-CheckPointHEC_Type.json @@ -1,8 +1,8 @@ { "id": "incident_checkpointhectype", "version": -1, - "modified": "2023-07-02T04:30:44.192922335Z", - "name": "CheckPointHEC Type", + "modified": "2023-08-01T19:26:46.346683Z", + "name": "CP HEC Type", "ownerOnly": false, "placeholder": "CP Event Type", "description": "Detection type (dlp, phishing, malware, spam)", diff --git a/Packs/CheckPointHEC/IncidentTypes/incidenttype-CheckPointHEC_Security_Event.json b/Packs/CheckPointHEC/IncidentTypes/incidenttype-CheckPointHEC_Security_Event.json index e02192ee5a0a..ac6c18afc95d 100644 --- a/Packs/CheckPointHEC/IncidentTypes/incidenttype-CheckPointHEC_Security_Event.json +++ b/Packs/CheckPointHEC/IncidentTypes/incidenttype-CheckPointHEC_Security_Event.json @@ -19,7 +19,7 @@ "disabled": false, "reputationCalc": 0, "onChangeRepAlg": 0, - "layout": "CheckPointHEC Security Event Layout", + "layout": "CP HEC Security Event Layout", "detached": false, "extractSettings": { "mode": "Specific", diff --git a/Packs/CheckPointHEC/Integrations/CheckPointHEC/CheckPointHEC.py b/Packs/CheckPointHEC/Integrations/CheckPointHEC/CheckPointHEC.py index 1a2569dc7eb4..26b6c9da9f21 100644 --- a/Packs/CheckPointHEC/Integrations/CheckPointHEC/CheckPointHEC.py +++ b/Packs/CheckPointHEC/Integrations/CheckPointHEC/CheckPointHEC.py @@ -1,15 +1,15 @@ -from CommonServerPython import * - -import base64 import hashlib -import json -import urllib3 import uuid -from typing import Any +from urllib.parse import urlencode + +import urllib3 + +from CommonServerPython import * urllib3.disable_warnings() DATE_FORMAT = '%Y-%m-%dT%H:%M:%SZ' +SAAS_NAMES = ['office365_emails'] class Client(BaseClient): @@ -56,27 +56,29 @@ def _get_token(self) -> str: ) return self.token or '' - def _call_api(self, method: str, url_suffix: str, json_data: dict = None) -> dict[str, Any]: + def _call_api(self, method: str, url_suffix: str, params: dict = None, json_data: dict = None) -> dict[str, Any]: path = '/'.join([self.api_version, url_suffix]) request_string = f'/{path}' + if params: + request_string += f'?{urlencode(params)}' return self._http_request( method, url_suffix=path, headers=self._get_headers(request_string), + params=params, json_data=json_data ) - def get_scopes(self) -> dict[str, Any]: + def test_api(self) -> dict[str, bool]: return self._call_api( 'GET', - url_suffix='scopes' + url_suffix='soar/test' ) def query_events(self, start_date: str) -> dict[str, Any]: - saas = ['office365_emails'] request_data = { 'startDate': start_date, - 'saas': saas + 'saas': SAAS_NAMES } payload = { 'requestData': request_data @@ -93,40 +95,125 @@ def get_entity(self, entity: str) -> dict[str, Any]: url_suffix=f'search/entity/{entity}' ) + def get_email(self, entity: str) -> dict[str, Any]: + return self._call_api( + 'GET', + url_suffix=f'soar/entity/{entity}' + ) + + def search_emails(self, start_date: str, sender: str = None, subject: str = None): + entity_filter = { + 'saas': SAAS_NAMES[0], + 'startDate': start_date + } + extended_filter = [] + if sender: + extended_filter.append({ + 'saasAttrName': 'entityPayload.fromEmail', + 'saasAttrOp': 'contains', + 'saasAttrValue': sender + }) + if subject: + extended_filter.append({ + 'saasAttrName': 'entityPayload.subject', + 'saasAttrOp': 'contains', + 'saasAttrValue': subject + }) + request_data = { + 'entityFilter': entity_filter, + 'entityExtendedFilter': extended_filter, + } + payload = { + 'requestData': request_data + } + return self._call_api( + 'POST', + url_suffix='search/query', + json_data=payload + ) + + def send_action(self, entities: list, action: str, scope: str): + request_data = { + 'entityIds': entities, + 'entityType': 'office365_emails_email', + 'entityActionName': action, + 'scope': scope + } + payload = { + 'requestData': request_data + } + return self._call_api( + 'POST', + 'action/entity', + json_data=payload + ) + + def get_task(self, task: str, scope: str): + return self._call_api( + 'GET', + f'task/{task}', + params={'scope': scope} + ) + + def send_notification(self, entity: str, emails: List[str]): + payload = { + 'requestData': { + 'entityId': entity, + 'emails': emails + } + } + return self._call_api( + 'POST', + 'soar/notify', + json_data=payload + ) + def test_module(client: Client): - client.get_scopes() - demisto.results('ok') + result = client.test_api() + return 'ok' if result.get('ok') else 'error' def fetch_incidents(client: Client, first_fetch: str, max_fetch: int): last_run = demisto.getLastRun() if not (last_fetch := last_run.get('last_fetch')): - last_fetch, _ = parse_date_range(first_fetch, DATE_FORMAT) + if last_fetch := dateparser.parse(first_fetch, date_formats=[DATE_FORMAT]): + last_fetch = last_fetch.isoformat() + else: + raise Exception('Could not get last fetch') result = client.query_events(start_date=last_fetch) events = result['responseData'][:min(max_fetch, len(result['responseData']))] incidents: list[dict[str, Any]] = [] for event in events: + if (occurred := event.get('eventCreated')) <= last_fetch: + continue + event_id = event.get('eventId') + threat_type = event.get('type') incidents.append({ - 'name': f'#CP Event: {event_id}', + 'name': f'Threat: {threat_type.title()}', 'details': event.get('description'), - 'occurred': event.get('eventCreated'), + 'occurred': occurred, 'rawJSON': json.dumps(event), 'type': 'CheckPointHEC Security Event', 'severity': int(event.get('severity')), 'dbotMirrorId': event_id, 'CustomFields': { + 'checkpointhecfarm': event.get('farm'), 'checkpointheccustomer': event.get('customerId'), 'checkpointhecsaas': event.get('saas'), 'checkpointhecentity': event.get('entityId'), - 'checkpointhectype': event.get('type'), + 'checkpointhectype': threat_type, 'state': event.get('state'), # From CommonTypes Pack }, }) - last = incidents[-1]['occurred'] if incidents else datetime.utcnow().isoformat() + if incidents: + last = incidents[-1]['occurred'] + else: + last = (datetime.utcnow() - timedelta(minutes=10)).isoformat() + demisto.setLastRun({ 'last_fetch': last }) @@ -135,17 +222,112 @@ def fetch_incidents(client: Client, first_fetch: str, max_fetch: int): def checkpointhec_get_entity(client: Client, entity: str) -> CommandResults: result = client.get_entity(entity) - if row := result['responseData']: + if entities := result['responseData']: return CommandResults( outputs_prefix='CheckPointHEC.Entity', - outputs_key_field='entity_id', - outputs=row[0]['entityPayload'] + outputs_key_field='internetMessageId', + outputs=entities[0]['entityPayload'] ) raise Exception(f'Entity with id {entity} not found') +def checkpointhec_get_email_info(client: Client, entity: str) -> CommandResults: + result = client.get_email(entity) + if entities := result['responseData']: + return CommandResults( + outputs_prefix='CheckPointHEC.Email', + outputs_key_field='internetMessageId', + outputs=entities[0]['entityPayload'] + ) + else: + return CommandResults( + readable_output=f'Entity with id {entity} not found' + ) + + +def checkpointhec_get_scan_info(client: Client, entity: str) -> CommandResults: + result = client.get_entity(entity) + outputs = {} + if entities := result['responseData']: + sec_result = entities[0]['entitySecurityResult'] + for tool, verdict in sec_result['combinedVerdict'].items(): + if verdict not in (None, 'clean'): + outputs[tool] = json.dumps(sec_result[tool]) + return CommandResults( + outputs_prefix='CheckPointHEC.ScanResult', + outputs=outputs + ) + else: + return CommandResults( + readable_output=f'Entity with id {entity} not found' + ) + + +def checkpointhec_search_emails(client: Client, date_range: str, sender: str = None, subject: str = None) -> CommandResults: + if not sender and not subject: + raise Exception('One param to search emails by sender or subject is required') + + start_date = dateparser.parse(date_range, date_formats=[DATE_FORMAT]) + if start_date: + result = client.search_emails(start_date.isoformat(), sender, subject) + if entities := result['responseData']: + ids = [entity['entityInfo']['entityId'] for entity in entities] + return CommandResults( + outputs_prefix='CheckPointHEC.SearchResult', + outputs={'ids': ids} + ) + else: + return CommandResults( + readable_output=f'Error searching with {sender=} and/or {subject=}' + ) + else: + return CommandResults( + readable_output=f'Could not establish start date with {date_range=} {sender=} and/or {subject=}' + ) + + +def checkpointhec_send_action(client: Client, farm: str, customer: str, entities: list, action: str) -> CommandResults: + result = client.send_action(entities, action, scope=f'{farm}:{customer}') + if resp := result['responseData']: + return CommandResults( + outputs_prefix='CheckPointHEC.Task', + outputs={'task': resp[0]['taskId']} + ) + else: + return CommandResults( + readable_output='Task not queued successfully' + ) + + +def checkpointhec_get_action_result(client: Client, farm: str, customer: str, task: str) -> CommandResults: + result = client.get_task(task, scope=f'{farm}:{customer}') + if resp := result['responseData']: + return CommandResults( + outputs_prefix='CheckPointHEC.ActionResult', + outputs=resp + ) + else: + return CommandResults( + readable_output=f'Cannot get results about task with id {task}' + ) + + +def checkpointhec_send_notification(client: Client, entity: str, emails: List[str]) -> CommandResults: + result = client.send_notification(entity, emails) + if result.get('ok'): + return CommandResults( + outputs_prefix='CheckPointHEC.Notification', + outputs=result + ) + else: + return CommandResults( + readable_output='Error sending notification email' + ) + + def main() -> None: # pragma: no cover + args = demisto.args() params = demisto.params() base_url = params.get('url') client_id = params.get('client_id', {}).get('password') @@ -164,15 +346,33 @@ def main() -> None: # pragma: no cover try: command = demisto.command() if command == 'test-module': - test_module(client) + return_results(test_module(client)) elif command == 'fetch-incidents': first_fetch = params.get('first_fetch') - args = demisto.args() max_fetch = int(args.get('max_fetch', 10)) fetch_incidents(client, first_fetch, max_fetch) elif command == 'checkpointhec-get-entity': - args = demisto.args() return_results(checkpointhec_get_entity(client, args.get('entity'))) + elif command == 'checkpointhec-get-email-info': + return_results(checkpointhec_get_email_info(client, args.get('entity'))) + elif command == 'checkpointhec-get-scan-info': + return_results(checkpointhec_get_scan_info(client, args.get('entity'))) + elif command == 'checkpointhec-search-emails': + return_results(checkpointhec_search_emails( + client, args.get('date_range'), args.get('sender'), args.get('subject') + )) + elif command == 'checkpointhec-send-action': + entities = argToList(args.get('entity')) + return_results(checkpointhec_send_action( + client, args.get('farm'), args.get('customer'), entities, args.get('action') + )) + elif command == 'checkpointhec-get-action-result': + return_results(checkpointhec_get_action_result( + client, args.get('farm'), args.get('customer'), args.get('task') + )) + elif command == 'checkpointhec-send-notification': + emails = argToList(args.get('emails')) + return_results(checkpointhec_send_notification(client, args.get('entity'), emails)) except Exception as e: return_error(f'Failed to execute {demisto.command()} command.\nError:\n{str(e)}') diff --git a/Packs/CheckPointHEC/Integrations/CheckPointHEC/CheckPointHEC.yml b/Packs/CheckPointHEC/Integrations/CheckPointHEC/CheckPointHEC.yml index b0c39b75d3d1..5dc05f34c5ae 100644 --- a/Packs/CheckPointHEC/Integrations/CheckPointHEC/CheckPointHEC.yml +++ b/Packs/CheckPointHEC/Integrations/CheckPointHEC/CheckPointHEC.yml @@ -69,9 +69,9 @@ script: - name: checkpointhec-get-entity arguments: - name: entity - description: Entity id to retrieve + description: Entity id to retrieve. required: true - description: Retrieve specific entity + description: Retrieve specific entity. outputs: - contextPath: CheckPointHEC.Entity.internetMessageId description: Email message id in internet. @@ -168,12 +168,182 @@ script: - contextPath: CheckPointHEC.Entity.restoreRequestTime description: Restore request datetime in iso 8601 format. type: String + - name: checkpointhec-get-email-info + arguments: + - name: entity + description: Email entity id. + required: true + description: Retrieve specific email entity. + outputs: + - contextPath: CheckPointHEC.Email.fromEmail + description: Email sender. + type: String + - contextPath: CheckPointHEC.Email.to + description: Email main recipients. + - contextPath: CheckPointHEC.Email.replyToEmail + description: Email reply. + type: String + - contextPath: CheckPointHEC.Email.replyToNickname + description: Email reply nickname. + type: String + - contextPath: CheckPointHEC.Email.recipients + description: Recipient email addresses. + - contextPath: CheckPointHEC.Email.subject + description: Email subject. + type: String + - contextPath: CheckPointHEC.Email.cc + description: Email carbon copy recipients. + - contextPath: CheckPointHEC.Email.bcc + description: Email blind carbon copy recipients. + - contextPath: CheckPointHEC.Email.isRead + description: Email has been read. + type: Boolean + - contextPath: CheckPointHEC.Email.received + description: Datetime email was received in iso 8601 format. + type: String + - contextPath: CheckPointHEC.Email.isDeleted + description: Email has been deleted. + type: Boolean + - contextPath: CheckPointHEC.Email.isIncoming + description: Email is from external organization. + type: Boolean + - contextPath: CheckPointHEC.Email.isOutgoing + description: Email is to an external organization. + type: Boolean + - contextPath: CheckPointHEC.Email.internetMessageId + description: Email message id in internet. + type: String + - contextPath: CheckPointHEC.Email.isUserExposed + description: Email reached user inbox. + type: Boolean + - name: checkpointhec-get-scan-info + arguments: + - name: entity + description: Scanned entity id. + required: true + description: Retrieve specific email scan with positive threats. + outputs: + - contextPath: CheckPointHEC.ScanResult.ap + description: Anti-phishing scan results. + - contextPath: CheckPointHEC.ScanResult.dlp + description: Data Loss Prevention scan results. + - contextPath: CheckPointHEC.ScanResult.clicktimeProtection + description: Click Time Protection scan results. + - contextPath: CheckPointHEC.ScanResult.shadowIt + description: Shadow IT scan results. + - contextPath: CheckPointHEC.ScanResult.av + description: Antivirus scan results. + - name: checkpointhec-search-emails + description: Get email ids with same sender and/or subject. + arguments: + - name: date_range + description: Range to search for emails (1 day, 2 weeks, etc.). + required: true + - name: sender + description: Search emails with this sender. + - name: subject + description: Search emails with this subject. + outputs: + - contextPath: CheckPointHEC.SearchResult.ids + description: List of email ids returned by the search. + - name: checkpointhec-send-action + arguments: + - name: farm + description: Customer farm. + required: true + - name: customer + description: Customer portal name. + required: true + - name: entity + description: One or multiple Email ids to apply action over. + isArray: true + required: true + - name: action + description: Action to perform (quarantine or restore). + required: true + auto: PREDEFINED + predefined: + - quarantine + - restore + description: Quarantine or restore an email. + outputs: + - contextPath: CheckPointHEC.Task.task + description: Task id of the sent action. + type: String + - name: checkpointhec-get-action-result + arguments: + - name: farm + description: Customer farm. + required: true + - name: customer + description: Customer portal name. + required: true + - name: task + description: Task id to retrieve. + required: true + description: Get task info related to a sent action. + outputs: + - contextPath: CheckPointHEC.ActionResult.actions + description: Action information for each sent entity. + - contextPath: CheckPointHEC.ActionResult.created + description: Date when action was created in iso 8601 format. + type: String + - contextPath: CheckPointHEC.ActionResult.customer + description: Customer portal name. + type: String + - contextPath: CheckPointHEC.ActionResult.failed + description: Number of failed actions. + type: Number + - contextPath: CheckPointHEC.ActionResult.id + description: Action task id. + type: Number + - contextPath: CheckPointHEC.ActionResult.name + description: Action name. + type: String + - contextPath: CheckPointHEC.ActionResult.owner + description: Action owner. + type: String + - contextPath: CheckPointHEC.ActionResult.progress + description: Number of actions in progress. + type: Number + - contextPath: CheckPointHEC.ActionResult.sequential + description: Actions are in sequence. + type: Boolean + - contextPath: CheckPointHEC.ActionResult.status + description: Action status. + type: String + - contextPath: CheckPointHEC.ActionResult.succeed + description: Number of succeed actions. + type: Number + - contextPath: CheckPointHEC.ActionResult.total + description: Total of actions. + type: Number + - contextPath: CheckPointHEC.ActionResult.type + description: Action internal name. + type: String + - contextPath: CheckPointHEC.ActionResult.updated + description: Date when action last updated in iso 8601 format. + type: String + - name: checkpointhec-send-notification + arguments: + - name: entity + description: Email entity id. + required: true + - name: emails + description: List of emails to send notification. + isArray: true + required: true + description: Send notification about user exposition for the specific entity to the list of emails. + outputs: + - contextPath: CheckPointHEC.Notification.ok + description: Result of the operation. + type: Boolean isfetch: true runonce: false script: '-' type: python subtype: python3 - dockerimage: demisto/python3:3.10.12.68714 + dockerimage: demisto/python3:3.10.13.72123 fromversion: 6.9.0 tests: - No tests (auto formatted) diff --git a/Packs/CheckPointHEC/Integrations/CheckPointHEC/CheckPointHEC_test.py b/Packs/CheckPointHEC/Integrations/CheckPointHEC/CheckPointHEC_test.py index 6e4bbba6a3db..6da1924f8ed0 100644 --- a/Packs/CheckPointHEC/Integrations/CheckPointHEC/CheckPointHEC_test.py +++ b/Packs/CheckPointHEC/Integrations/CheckPointHEC/CheckPointHEC_test.py @@ -1,9 +1,10 @@ -import demistomock as demisto import json -import pytest - -from CheckPointHEC import Client, fetch_incidents, checkpointhec_get_entity, test_module as check_module +import demistomock as demisto +from CheckPointHEC import (Client, fetch_incidents, checkpointhec_get_entity, checkpointhec_get_email_info, + checkpointhec_get_scan_info, checkpointhec_search_emails, checkpointhec_send_action, + checkpointhec_get_action_result, checkpointhec_send_notification, + test_module as check_module) def util_load_json(path): @@ -11,6 +12,35 @@ def util_load_json(path): return json.loads(f.read()) +def test_generate_signature_with_request_string(): + client = Client( + base_url='https://smart-api-example-1-us.avanan-example.net', + client_id='****', + client_secret='****', + verify=False, + proxy=False + ) + assert client._generate_signature( + f"{'0' * 8}-{'0' * 4}-{'0' * 4}-{'0' * 4}-{'0' * 12}", + '2023-08-13T19:08:35.263817', + '/v1.0/soar/test' + ) == '66968b7de6a44c879eedc2a426ec76c254c203d60ce746236645b52b5b5dcddb' + + +def test_generate_signature_with_no_request_string(): + client = Client( + base_url='https://smart-api-example-1-us.avanan-example.net', + client_id='****', + client_secret='****', + verify=False, + proxy=False + ) + assert client._generate_signature( + f"{'0' * 8}-{'0' * 4}-{'0' * 4}-{'0' * 4}-{'0' * 12}", + '2023-08-13T19:08:35.263817' + ) == 'ac07ea6ddd026cbbfad8751d45d6e9e1823bc03e227eeb117976834391b629b8' + + def test_token_header(mocker): client = Client( base_url='https://smart-api-example-1-us.avanan-example.net', @@ -32,6 +62,47 @@ def test_token_header(mocker): get_token.assert_called_once() +def test_get_token_empty(mocker): + client = Client( + base_url='https://smart-api-example-1-us.avanan-example.net', + client_id='****', + client_secret='****', + verify=False, + proxy=False + ) + + _token = 'super token' + mocker.patch.object( + Client, + '_http_request', + return_value=_token + ) + + token = client._get_token() + assert token == _token + + +def test_get_token_existing(mocker): + client = Client( + base_url='https://smart-api-example-1-us.avanan-example.net', + client_id='****', + client_secret='****', + verify=False, + proxy=False + ) + + _token = 'super token' + mocker.patch.object( + Client, + '_http_request', + return_value=_token + ) + + client.token = 'nice token' + token = client._get_token() + assert token != _token + + def test_test_module(mocker): client = Client( base_url='https://smart-api-example-1-us.avanan-example.net', @@ -41,17 +112,16 @@ def test_test_module(mocker): proxy=False ) - mock_response = util_load_json('./test_data/checkpointhec-get_scopes.json') - get_scopes = mocker.patch.object( + mock_response = util_load_json('./test_data/checkpointhec-test_api.json') + test_api = mocker.patch.object( Client, - 'get_scopes', + '_call_api', return_value=mock_response, ) - demisto_results = mocker.patch.object(demisto, 'results') - check_module(client) - get_scopes.assert_called_once() - demisto_results.assert_called_once_with('ok') + result = check_module(client) + test_api.assert_called_once() + assert result == 'ok' def test_fetch_incidents(mocker): @@ -66,7 +136,7 @@ def test_fetch_incidents(mocker): mock_response = util_load_json('./test_data/checkpointhec-query_events.json') query_events = mocker.patch.object( Client, - 'query_events', + '_call_api', return_value=mock_response, ) demisto_incidents = mocker.patch.object(demisto, 'incidents') @@ -88,7 +158,7 @@ def test_checkpointhec_get_entity_success(mocker): mock_response = util_load_json('./test_data/checkpointhec-get_entity.json') get_entity = mocker.patch.object( Client, - 'get_entity', + '_call_api', return_value=mock_response, ) @@ -106,12 +176,184 @@ def test_checkpointhec_get_entity_fail(mocker): proxy=False ) - mocker.patch.object( + get_entity = mocker.patch.object( + Client, + '_call_api', + return_value={'responseData': []} + ) + + entity = '00000000000000000000000000000001' + result = checkpointhec_get_scan_info(client, entity) + get_entity.assert_called_once() + assert result.readable_output == f'Entity with id {entity} not found' + + +def test_checkpointhec_get_email_info_success(mocker): + client = Client( + base_url='https://smart-api-example-1-us.avanan-example.net', + client_id='****', + client_secret='****', + verify=False, + proxy=False + ) + + mock_response = util_load_json('./test_data/checkpointhec-get_email_info.json') + get_entity = mocker.patch.object( + Client, + '_call_api', + return_value=mock_response, + ) + + result = checkpointhec_get_email_info(client, '00000000000000000000000000000000') + get_entity.assert_called_once() + assert result.outputs == mock_response['responseData'][0]['entityPayload'] + + +def test_checkpointhec_get_email_info_fail(mocker): + client = Client( + base_url='https://smart-api-example-1-us.avanan-example.net', + client_id='****', + client_secret='****', + verify=False, + proxy=False + ) + + get_entity = mocker.patch.object( Client, - 'get_entity', + '_call_api', return_value={'responseData': []} ) entity = '00000000000000000000000000000001' - with pytest.raises(Exception, match=f'Entity with id {entity} not found'): - checkpointhec_get_entity(client, entity) + result = checkpointhec_get_scan_info(client, entity) + get_entity.assert_called_once() + assert result.readable_output == f'Entity with id {entity} not found' + + +def test_checkpointhec_get_scan_info_success(mocker): + client = Client( + base_url='https://smart-api-example-1-us.avanan-example.net', + client_id='****', + client_secret='****', + verify=False, + proxy=False + ) + + mock_response = util_load_json('./test_data/checkpointhec-get_entity.json') + get_entity = mocker.patch.object( + Client, + '_call_api', + return_value=mock_response, + ) + + result = checkpointhec_get_scan_info(client, '00000000000000000000000000000000') + get_entity.assert_called_once() + assert result.outputs == {'av': json.dumps(mock_response['responseData'][0]['entitySecurityResult']['av'])} + + +def test_checkpointhec_get_scan_info_fail(mocker): + client = Client( + base_url='https://smart-api-example-1-us.avanan-example.net', + client_id='****', + client_secret='****', + verify=False, + proxy=False + ) + + get_entity = mocker.patch.object( + Client, + '_call_api', + return_value={'responseData': []} + ) + + entity = '00000000000000000000000000000001' + result = checkpointhec_get_scan_info(client, entity) + get_entity.assert_called_once() + assert result.readable_output == f'Entity with id {entity} not found' + + +def test_checkpointhec_search_emails(mocker): + client = Client( + base_url='https://smart-api-example-1-us.avanan-example.net', + client_id='****', + client_secret='****', + verify=False, + proxy=False + ) + + mock_response = util_load_json('./test_data/checkpointhec-search_emails.json') + search_emails = mocker.patch.object( + Client, + '_call_api', + return_value=mock_response, + ) + + result = checkpointhec_search_emails(client, '1 day', 'Automation@avtestqa.com') + search_emails.assert_called_once() + ids = [entity['entityInfo']['entityId'] for entity in mock_response['responseData']] + assert result.outputs == {'ids': ids} + + +def test_checkpointhec_send_action(mocker): + client = Client( + base_url='https://smart-api-example-1-us.avanan-example.net', + client_id='****', + client_secret='****', + verify=False, + proxy=False + ) + + mock_response = util_load_json('./test_data/checkpointhec-send_action.json') + send_action = mocker.patch.object( + Client, + '_call_api', + return_value=mock_response, + ) + + result = checkpointhec_send_action( + client, 'mt-rnd-ng-6', 'avananlab', ['00000000000000000000000000000002'], 'restore' + ) + send_action.assert_called_once() + assert result.outputs == {'task': mock_response['responseData'][0]['taskId']} + + +def test_checkpointhec_get_action_result(mocker): + client = Client( + base_url='https://smart-api-example-1-us.avanan-example.net', + client_id='****', + client_secret='****', + verify=False, + proxy=False + ) + + mock_response = util_load_json('./test_data/checkpointhec-get_action_result.json') + get_task = mocker.patch.object( + Client, + '_call_api', + return_value=mock_response, + ) + + result = checkpointhec_get_action_result(client, 'mt-rnd-ng-6', 'avananlab', '1691525788820900') + get_task.assert_called_once() + assert result.outputs == mock_response['responseData'] + + +def test_send_notification(mocker): + client = Client( + base_url='https://smart-api-example-1-us.avanan-example.net', + client_id='****', + client_secret='****', + verify=False, + proxy=False + ) + + mock_response = util_load_json('./test_data/checkpointhec-test_api.json') + get_task = mocker.patch.object( + Client, + '_call_api', + return_value=mock_response, + ) + + result = checkpointhec_send_notification(client, '0000', ['a@b.c', 'd@e.f']) + get_task.assert_called_once() + assert result.outputs == mock_response diff --git a/Packs/CheckPointHEC/Integrations/CheckPointHEC/README.md b/Packs/CheckPointHEC/Integrations/CheckPointHEC/README.md index 52a06945e471..dd92b981912b 100644 --- a/Packs/CheckPointHEC/Integrations/CheckPointHEC/README.md +++ b/Packs/CheckPointHEC/Integrations/CheckPointHEC/README.md @@ -1,5 +1,5 @@ The Best Way to Protect Enterprise Email & Collaboration from phishing, malware, account takeover, data loss, etc. -This integration was integrated and tested with version 1.0.0 of CheckPointHEC +This integration was integrated and tested with version 1.0.3 of CheckPointHEC ## Configure Check Point Harmony Email and Collaboration (HEC) on Cortex XSOAR @@ -10,15 +10,15 @@ This integration was integrated and tested with version 1.0.0 of CheckPointHEC | **Parameter** | **Required** | | --- | --- | | Smart API URL (e.g. https://smart-api-dev-1-us.avanan-dev.net) | True | - | Fetch incidents | | - | Incident type | | - | Maximum number of incidents per fetch | | + | Fetch incidents | False | + | Incident type | False | + | Maximum number of incidents per fetch | False | | Client ID | True | | Client Secret | True | - | First fetch time | | - | Trust any certificate (not secure) | | - | Use system proxy settings | | - | Incidents Fetch Interval | | + | First fetch time | False | + | Trust any certificate (not secure) | False | + | Use system proxy settings | False | + | Incidents Fetch Interval | False | 4. Click **Test** to validate the URLs, token, and connection. @@ -81,3 +81,168 @@ Retrieve specific entity | CheckPointHEC.Entity.saasSpamVerdict | String | Spam verdict. | | CheckPointHEC.Entity.SpfResult | String | Sender Policy Framework check result. | | CheckPointHEC.Entity.restoreRequestTime | String | Restore request datetime in iso 8601 format. | + +### checkpointhec-get-email-info + +*** +Retrieve specific email entity + +#### Base Command + +`checkpointhec-get-email-info` + +#### Input + +| **Argument Name** | **Description** | **Required** | +| --- | --- | --- | +| entity | Email entity id. | Required | + +#### Context Output + +| **Path** | **Type** | **Description** | +| --- | --- | --- | +| CheckPointHEC.Email.fromEmail | String | Email sender. | +| CheckPointHEC.Email.to | unknown | Email main recipients. | +| CheckPointHEC.Email.replyToEmail | String | Email reply. | +| CheckPointHEC.Email.replyToNickname | String | Email reply nickname. | +| CheckPointHEC.Email.recipients | unknown | Recipient email addresses. | +| CheckPointHEC.Email.subject | String | Email subject. | +| CheckPointHEC.Email.cc | unknown | Email carbon copy recipients. | +| CheckPointHEC.Email.bcc | unknown | Email blind carbon copy recipients. | +| CheckPointHEC.Email.isRead | Boolean | Email has been read. | +| CheckPointHEC.Email.received | String | Datetime email was received in iso 8601 format. | +| CheckPointHEC.Email.isDeleted | Boolean | Email has been deleted. | +| CheckPointHEC.Email.isIncoming | Boolean | Email is from external organization. | +| CheckPointHEC.Email.isOutgoing | Boolean | Email is to an external organization. | +| CheckPointHEC.Email.internetMessageId | String | Email message id in internet. | +| CheckPointHEC.Email.isUserExposed | Boolean | Email reached user inbox | + +### checkpointhec-get-scan-info + +*** +Retrieve specific email scan with positive threats + +#### Base Command + +`checkpointhec-get-scan-info` + +#### Input + +| **Argument Name** | **Description** | **Required** | +| --- | --- | --- | +| entity | Scanned entity id. | Required | + +#### Context Output + +| **Path** | **Type** | **Description** | +| --- | --- | --- | +| CheckPointHEC.ScanResult.ap | unknown | Anti-phishing scan results | +| CheckPointHEC.ScanResult.dlp | unknown | Data Loss Prevention scan results | +| CheckPointHEC.ScanResult.clicktimeProtection | unknown | Click Time Protection scan results | +| CheckPointHEC.ScanResult.shadowIt | unknown | Shadow IT scan results | +| CheckPointHEC.ScanResult.av | unknown | Antivirus scan results | + +### checkpointhec-search-emails + +*** +Get email ids with same sender and/or subject + +#### Base Command + +`checkpointhec-search-emails` + +#### Input + +| **Argument Name** | **Description** | **Required** | +| --- | --- | --- | +| date_range | Range to search for emails (1 day, 2 weeks, etc.). | Required | +| sender | Search emails with this sender. | Optional | +| subject | Search emails with this subject. | Optional | + +#### Context Output + +| **Path** | **Type** | **Description** | +| --- | --- | --- | +| CheckPointHEC.SearchResult.ids | unknown | List of email ids returned by the search | + +### checkpointhec-send-action + +*** +Quarantine or restore an email + +#### Base Command + +`checkpointhec-send-action` + +#### Input + +| **Argument Name** | **Description** | **Required** | +| --- | --- | --- | +| farm | Customer farm. | Required | +| customer | Customer portal name. | Required | +| entity | One or multiple Email ids to apply action over. | Required | +| action | Action to perform (quarantine or restore). Possible values are: quarantine, restore. | Required | + +#### Context Output + +| **Path** | **Type** | **Description** | +| --- | --- | --- | +| CheckPointHEC.Task.task | String | Task id of the sent action | + +### checkpointhec-get-action-result + +*** +Get task info related to a sent action + +#### Base Command + +`checkpointhec-get-action-result` + +#### Input + +| **Argument Name** | **Description** | **Required** | +| --- | --- | --- | +| farm | Customer farm. | Required | +| customer | Customer portal name. | Required | +| task | Task id to retrieve. | Required | + +#### Context Output + +| **Path** | **Type** | **Description** | +| --- | --- | --- | +| CheckPointHEC.ActionResult.actions | unknown | Action information for each sent entity | +| CheckPointHEC.ActionResult.created | String | Date when action was created in iso 8601 format | +| CheckPointHEC.ActionResult.customer | String | Customer portal name | +| CheckPointHEC.ActionResult.failed | Number | Number of failed actions | +| CheckPointHEC.ActionResult.id | Number | Action task id | +| CheckPointHEC.ActionResult.name | String | Action name | +| CheckPointHEC.ActionResult.owner | String | Action owner | +| CheckPointHEC.ActionResult.progress | Number | Number of actions in progress | +| CheckPointHEC.ActionResult.sequential | Boolean | Actions are in sequence | +| CheckPointHEC.ActionResult.status | String | Action status | +| CheckPointHEC.ActionResult.succeed | Number | Number of succeed actions | +| CheckPointHEC.ActionResult.total | Number | Total of actions | +| CheckPointHEC.ActionResult.type | String | Action internal name | +| CheckPointHEC.ActionResult.updated | String | Date when action last updated in iso 8601 format | + +### checkpointhec-send-notification + +*** +Send notification about user exposition for the specific entity to the list of emails + +#### Base Command + +`checkpointhec-send-notification` + +#### Input + +| **Argument Name** | **Description** | **Required** | +| --- | --- | --- | +| entity | Email entity id. | Required | +| emails | List of emails to send notification. | Required | + +#### Context Output + +| **Path** | **Type** | **Description** | +| --- | --- | --- | +| CheckPointHEC.Notification.ok | Boolean | Result of the operation. | diff --git a/Packs/CheckPointHEC/Integrations/CheckPointHEC/command_examples b/Packs/CheckPointHEC/Integrations/CheckPointHEC/command_examples index b111fcf99394..8c34ecfe68cc 100644 --- a/Packs/CheckPointHEC/Integrations/CheckPointHEC/command_examples +++ b/Packs/CheckPointHEC/Integrations/CheckPointHEC/command_examples @@ -1 +1 @@ -!checkpointhec-get-entity entity=00000000000000000000000000000000 \ No newline at end of file +!checkpointhec-get-email-info entity=00000000000000000000000000000000 \ No newline at end of file diff --git a/Packs/CheckPointHEC/Integrations/CheckPointHEC/test_data/checkpointhec-get_action_result.json b/Packs/CheckPointHEC/Integrations/CheckPointHEC/test_data/checkpointhec-get_action_result.json new file mode 100644 index 000000000000..13c0411f8231 --- /dev/null +++ b/Packs/CheckPointHEC/Integrations/CheckPointHEC/test_data/checkpointhec-get_action_result.json @@ -0,0 +1,36 @@ +{ + "responseEnvelope": { + "requestId": "53ed36c3-f7bc-420d-b78b-2598333b0fd1", + "responseCode": 200, + "responseText": "", + "recordsNumber": 1, + "scrollId": "" + }, + "responseData": { + "actions": [ + { + "action_created": "2023-08-08 21:16:16.947618", + "action_id": "Restore_a2c6f91ef3dd7215d44e6840d33b7c19", + "action_message": "Message is not quarantined.. log record id: 1843d814-0afd-404e-82f8-c348fa4d291b", + "action_name": "Restore a2c6f91ef3dd7215d44e6840d33b7c19", + "action_status": "completed", + "action_type": "Restore_a2c6f91ef3dd7215d44e6840d33b7c19", + "action_updated": "2023-08-08 21:16:17.945549", + "hash_key": "mt-prod-3##prod-3-con-lab44##1691529376887109" + } + ], + "created": "2023-08-08 21:16:16.887115", + "customer": "prod-3-con-lab44", + "failed": 0, + "id": 1691529376887109, + "name": "Office365 Emails Manual Action", + "owner": "service@avanan.com", + "progress": 1, + "sequential": false, + "status": "completed", + "succeed": 1, + "total": 1, + "type": "office365_emails_manual_action", + "updated": "2023-08-08 21:16:17.761625" + } +} \ No newline at end of file diff --git a/Packs/CheckPointHEC/Integrations/CheckPointHEC/test_data/checkpointhec-get_email_info.json b/Packs/CheckPointHEC/Integrations/CheckPointHEC/test_data/checkpointhec-get_email_info.json new file mode 100644 index 000000000000..0fd2f4aaf7c4 --- /dev/null +++ b/Packs/CheckPointHEC/Integrations/CheckPointHEC/test_data/checkpointhec-get_email_info.json @@ -0,0 +1,113 @@ +{ + "responseEnvelope": { + "requestId": "b58b1e41-1018-4062-9d1c-bcaeccbfcb93", + "responseCode": 200, + "responseText": "", + "additionalText": "", + "recordsNumber": 1, + "scrollId": "" + }, + "responseData": [ + { + "entityInfo": { + "entityId": "637d86da7bcf42375cb8431d266e3dc3", + "customerId": "fdolab", + "customerOem": "Avanan", + "saas": "office365_emails", + "saasEntityType": "office365_emails_email", + "entityCreated": "2022-08-15T21:24:27.745655Z", + "entityUpdated": "2022-08-15T21:24:36.979329", + "entityActionState": null + }, + "entityPayload": { + "fromEmail": "example@checkpoint.com", + "to": [ + "unicode@avanandevus1.onmicrosoft.com", + "user1@avanandevus1.onmicrosoft.com" + ], + "replyToEmail": null, + "replyToNickname": null, + "recipients": [ + "user1@avanandevus1.onmicrosoft.com", + "unicode@avanandevus1.onmicrosoft.com" + ], + "subject": "Fw: dnp-split-quarantine-2", + "cc": [], + "bcc": [], + "isRead": null, + "received": "2022-08-15T21:24:15", + "isDeleted": false, + "isIncoming": true, + "isOutgoing": false, + "internetMessageId": "<00000000.00000000000000.00000000000000.00000000@mail.example.com>", + "isUserExposed": true + }, + "entitySecurityResult": { + "combinedVerdict": { + "ap": "phishing", + "dlp": null, + "clicktimeProtection": null, + "shadowIt": "clean", + "av": null + }, + "ap": [ + { + "entityId": "637d86da7bcf42375cb8431d266e3dc3", + "entityType": "office365_emails_email", + "payload": { + "reasons": [], + "reasons_by_category": { + "Links": [ + { + "short_text": "Link to a low-traffic site", + "full_text": "The email contains link to low-traffic web-sites - often indicating low-trust domains" + } + ], + "Email Headers": [ + { + "short_text": "Missing DMARC", + "full_text": "The email's header suggest that DMARC signature is missing/invalid" + } + ], + "Sender Reputation": [ + { + "short_text": "Insignificant historical reputation with sender", + "full_text": "The sending email address hasn't established significant historical reputation with your domain" + } + ] + } + }, + "score": "225.994363", + "securityResultEntityId": "637d86da7bcf42375cb8431d266e3dc3", + "securityResultEntityType": "avanan_ap_scan", + "statusCode": "0", + "statusDescription": null, + "verdict": "phishing" + } + ], + "dlp": null, + "clicktimeProtection": null, + "shadowIt": [ + { + "entityId": "637d86da7bcf42375cb8431d266e3dc3", + "entityType": "office365_emails_email", + "payload": { + "domain": "", + "subject": "Fw: dnp-split-quarantine-2", + "from": "example@checkpoint.com" + }, + "score": "0", + "securityResultEntityId": "637d86da7bcf42375cb8431d266e3dc3", + "securityResultEntityType": "shadow_it_emails_scan", + "statusCode": "clean", + "statusDescription": "Clean", + "verdict": "clean" + } + ], + "av": null + }, + "entityActions": [], + "entityAvailableActions": [] + } + ] +} \ No newline at end of file diff --git a/Packs/CheckPointHEC/Integrations/CheckPointHEC/test_data/checkpointhec-get_entity.json b/Packs/CheckPointHEC/Integrations/CheckPointHEC/test_data/checkpointhec-get_entity.json index 373b163f9289..3b5759ff08bf 100644 --- a/Packs/CheckPointHEC/Integrations/CheckPointHEC/test_data/checkpointhec-get_entity.json +++ b/Packs/CheckPointHEC/Integrations/CheckPointHEC/test_data/checkpointhec-get_entity.json @@ -99,7 +99,7 @@ ], "Domain Impersonation": [ { - "short_text": "SPF check failed when checking sending IP: 54.240.9.35 for domain avtestqa.com", + "short_text": "SPF check failed when checking sending IP: 10.10.10.10 for domain avtestqa.com", "full_text": "The email 'from' address doesn't pass the SPF-check" } ], diff --git a/Packs/CheckPointHEC/Integrations/CheckPointHEC/test_data/checkpointhec-get_scopes.json b/Packs/CheckPointHEC/Integrations/CheckPointHEC/test_data/checkpointhec-get_scopes.json deleted file mode 100644 index fbab31033998..000000000000 --- a/Packs/CheckPointHEC/Integrations/CheckPointHEC/test_data/checkpointhec-get_scopes.json +++ /dev/null @@ -1,13 +0,0 @@ -{ - "responseEnvelope": { - "requestId": "2e802d0c-5d02-49f0-8fb7-ac0d507d0a76", - "responseCode": 200, - "responseText": "", - "additionalText": "", - "recordsNumber": 2, - "scrollId": "" - }, - "responseData": [ - "mt-prod-3:prod-3-con-lab44" - ] -} diff --git a/Packs/CheckPointHEC/Integrations/CheckPointHEC/test_data/checkpointhec-query_events.json b/Packs/CheckPointHEC/Integrations/CheckPointHEC/test_data/checkpointhec-query_events.json index 15fac60c8b8e..11197c5c26c0 100644 --- a/Packs/CheckPointHEC/Integrations/CheckPointHEC/test_data/checkpointhec-query_events.json +++ b/Packs/CheckPointHEC/Integrations/CheckPointHEC/test_data/checkpointhec-query_events.json @@ -12,14 +12,14 @@ "eventId": "99c2f9b654514dc5b3f950044bf1b056", "customerId": "prod-3-con-lab44", "saas": "office365_emails", - "entityId": "24dfc0f6bd9c7f2eaf5f8457b8c593d3", + "entityId": "00000000000000000000000000000000", "state": "remediated", "type": "malicious_url", "confidenceIndicator": "malicious_url", "eventCreated": "2023-06-30T15:14:58.463039+00:00", "severity": "4", "description": "A user clicked a malicious URL in an email from Automation@avtestqa.com - 'AUT-clicktime-qa-1-blacklist_300623_18_11_20_314397' (user2@avananlab44.onmicrosoft.com's mailbox)", - "data": "A user #{\"entity_id\": \"24dfc0f6bd9c7f2eaf5f8457b8c593d3\", \"entity_type\": \"clicktime_protection_scan\", \"label\": \"clicked a malicious URL\"} in an email from #{\"entity_id\": \"fc90ec7c-f056-4e6b-9629-c3609bf8bf11\", \"entity_type\": \"office365_emails_user\", \"disable_link\": true, \"label\": \"Automation@avtestqa.com\"} - '#{\"entity_id\": \"24dfc0f6bd9c7f2eaf5f8457b8c593d3\", \"entity_type\": \"office365_emails_email\", \"label\": \"AUT-clicktime-qa-1-blacklist_300623_18_11_20_314397\"}' (#{\"entity_id\": \"04df0456-6328-4cfe-a285-e41e3d035e9e\", \"entity_type\": \"office365_emails_user\", \"label\": \"user2@avananlab44.onmicrosoft.com\"}'s mailbox)", + "data": "A user #{\"entity_id\": \"00000000000000000000000000000000\", \"entity_type\": \"clicktime_protection_scan\", \"label\": \"clicked a malicious URL\"} in an email from #{\"entity_id\": \"fc90ec7c-f056-4e6b-9629-c3609bf8bf11\", \"entity_type\": \"office365_emails_user\", \"disable_link\": true, \"label\": \"Automation@avtestqa.com\"} - '#{\"entity_id\": \"00000000000000000000000000000000\", \"entity_type\": \"office365_emails_email\", \"label\": \"AUT-clicktime-qa-1-blacklist_300623_18_11_20_314397\"}' (#{\"entity_id\": \"04df0456-6328-4cfe-a285-e41e3d035e9e\", \"entity_type\": \"office365_emails_user\", \"label\": \"user2@avananlab44.onmicrosoft.com\"}'s mailbox)", "additionalData": null, "availableEventActions": null, "actions": [] diff --git a/Packs/CheckPointHEC/Integrations/CheckPointHEC/test_data/checkpointhec-search_emails.json b/Packs/CheckPointHEC/Integrations/CheckPointHEC/test_data/checkpointhec-search_emails.json new file mode 100644 index 000000000000..2b76121c35a3 --- /dev/null +++ b/Packs/CheckPointHEC/Integrations/CheckPointHEC/test_data/checkpointhec-search_emails.json @@ -0,0 +1,17260 @@ +{ + "responseEnvelope": { + "requestId": "73c59f66-8a46-4421-83e2-4e0ff7ad3a39", + "responseCode": 200, + "responseText": "", + "additionalText": "", + "recordsNumber": 1302, + "scrollId": "9c4e7ee44c664aaf826551227fd7ec94" + }, + "responseData": [ + { + "entityInfo": { + "entityId": "1217545e0a4903451080e20c82e8faeb", + "customerId": "prod-3-con-lab44", + "customerOem": "Avanan", + "saas": "office365_emails", + "saasEntityType": "office365_emails_email", + "entityCreated": "2023-08-07T00:01:30.128277Z", + "entityUpdated": "2023-08-07T00:01:45.907811Z", + "entityActionState": null + }, + "entityPayload": { + "internetMessageId": "<00000000.00000000000000.00000000000000.00000000@mail.example.com>", + "subject": "AUT-clicktime-qa-1-ignorelist_070823_03_01_23_263568", + "received": "2023-08-07T00:01:25Z", + "size": null, + "emailLinks": [ + "https://mail.google.com", + "https://www.youtube.com", + "https://yardiasp14.com" + ], + "attachmentCount": 0, + "attachments": [], + "mode": "inline", + "recipients": [ + "user2@avananlab44.onmicrosoft.com" + ], + "fromEmail": "Automation@avtestqa.com", + "fromDomain": "avtestqa.com", + "fromUser": {}, + "fromName": "", + "to": [ + "user2@avananlab44.onmicrosoft.com" + ], + "toUser": [ + { + "entity_id": "04df0456-6328-4cfe-a285-e41e3d035e9e", + "entity_type": "office365_emails_user", + "mail": null + } + ], + "cc": [], + "ccUser": [], + "bcc": [], + "bccUser": [], + "replyToEmail": "Automation@avtestqa.com", + "replyToNickname": "", + "isRead": null, + "isDeleted": false, + "isIncoming": true, + "isInternal": false, + "isOutgoing": false, + "isQuarantined": false, + "isQuarantineNotification": false, + "isRestored": false, + "isRestoreRequested": false, + "isRestoreDeclined": false, + "saasSpamVerdict": "-1", + "SpfResult": "pass", + "restoreRequestTime": null + }, + "entitySecurityResult": { + "combinedVerdict": { + "ap": "clean", + "dlp": "clean", + "clicktimeProtection": "no_links_replaced", + "shadowIt": "clean", + "av": null + }, + "ap": [ + { + "entityId": "1217545e0a4903451080e20c82e8faeb", + "entityType": "office365_emails_email", + "payload": { + "reasons_by_category_list": [ + "Email Headers", + "Sender Reputation" + ], + "reasons_by_category": { + "Email Headers": [ + { + "short_text": "Missing DMARC", + "full_text": "The email's header suggest that DMARC signature is missing/invalid" + } + ], + "Sender Reputation": [ + { + "short_text": "Insignificant historical reputation with sender", + "full_text": "The sending email address hasn't established significant historical reputation with your domain" + }, + { + "short_text": "Low-traffic 'From'-domain", + "full_text": "The sender's domain has very low traffic - often indicating low-trust domains" + } + ] + }, + "reasons": [ + "First Time Sender" + ] + }, + "score": "68.697515", + "securityResultEntityId": "1217545e0a4903451080e20c82e8faeb", + "securityResultEntityType": "avanan_ap_scan", + "statusCode": "0", + "statusDescription": null, + "verdict": "clean" + } + ], + "dlp": [ + { + "entityId": "1217545e0a4903451080e20c82e8faeb", + "entityType": "office365_emails_email", + "payload": { + "matches_dlp_rules": [], + "found_text": [], + "scan_details": [], + "hit_count": 0 + }, + "score": "0", + "securityResultEntityId": "1217545e0a4903451080e20c82e8faeb", + "securityResultEntityType": "avanan_dlp", + "statusCode": "0", + "statusDescription": "Clean", + "verdict": "clean" + } + ], + "clicktimeProtection": [ + { + "entityId": "1217545e0a4903451080e20c82e8faeb", + "entityType": "office365_emails_email", + "payload": null, + "score": "0", + "securityResultEntityId": "1217545e0a4903451080e20c82e8faeb", + "securityResultEntityType": "clicktime_protection_scan", + "statusCode": "0", + "statusDescription": null, + "verdict": "no_links_replaced" + } + ], + "shadowIt": [ + { + "entityId": "1217545e0a4903451080e20c82e8faeb", + "entityType": "office365_emails_email", + "payload": { + "from": "Automation@avtestqa.com", + "subject": "AUT-clicktime-qa-1-ignorelist_070823_03_01_23_263568", + "domain": "" + }, + "score": "0", + "securityResultEntityId": "1217545e0a4903451080e20c82e8faeb", + "securityResultEntityType": "shadow_it_emails_scan", + "statusCode": "clean", + "statusDescription": "Clean", + "verdict": "clean" + } + ], + "av": null + }, + "entityActions": [], + "entityAvailableActions": [] + }, + { + "entityInfo": { + "entityId": "c574ca39a9e3ae0491f0942edc6850e2", + "customerId": "prod-3-con-lab44", + "customerOem": "Avanan", + "saas": "office365_emails", + "saasEntityType": "office365_emails_email", + "entityCreated": "2023-08-07T00:01:30.412509Z", + "entityUpdated": "2023-08-07T00:02:49.068182Z", + "entityActionState": "links_replaced" + }, + "entityPayload": { + "internetMessageId": "<00000000.00000000000000.00000000000000.00000000@mail.example.com>", + "subject": "AUT-clicktime-qa-1_070823_03_01_22_663114", + "received": "2023-08-07T00:01:24Z", + "size": null, + "emailLinks": [ + "http://www.xvira-malwareavrad.com", + "https://google.com", + "https://stackoverflow.com" + ], + "attachmentCount": 0, + "attachments": [], + "mode": "inline", + "recipients": [ + "user2@avananlab44.onmicrosoft.com" + ], + "fromEmail": "Automation@avtestqa.com", + "fromDomain": "avtestqa.com", + "fromUser": {}, + "fromName": "", + "to": [ + "user2@avananlab44.onmicrosoft.com" + ], + "toUser": [ + { + "entity_id": "04df0456-6328-4cfe-a285-e41e3d035e9e", + "entity_type": "office365_emails_user", + "mail": null + } + ], + "cc": [], + "ccUser": [], + "bcc": [], + "bccUser": [], + "replyToEmail": "Automation@avtestqa.com", + "replyToNickname": "", + "isRead": null, + "isDeleted": false, + "isIncoming": true, + "isInternal": false, + "isOutgoing": false, + "isQuarantined": false, + "isQuarantineNotification": false, + "isRestored": false, + "isRestoreRequested": false, + "isRestoreDeclined": false, + "saasSpamVerdict": "-1", + "SpfResult": "pass", + "restoreRequestTime": null + }, + "entitySecurityResult": { + "combinedVerdict": { + "ap": "clean", + "dlp": "clean", + "clicktimeProtection": "malicious_url", + "shadowIt": "clean", + "av": null + }, + "ap": [ + { + "entityId": "c574ca39a9e3ae0491f0942edc6850e2", + "entityType": "office365_emails_email", + "payload": { + "reasons_by_category_list": [ + "Email Headers", + "Sender Reputation", + "Links", + "Email Text" + ], + "reasons_by_category": { + "Links": [ + { + "short_text": "Link to a low-traffic site", + "full_text": "The email contains link to low-traffic web-sites - often indicating low-trust domains" + }, + { + "short_text": "Suspicious-looking link", + "full_text": "The email presents a link that can be misleading (link text vs. actual URL)" + } + ], + "Sender Reputation": [ + { + "short_text": "Insignificant historical reputation with sender", + "full_text": "The sending email address hasn't established significant historical reputation with your domain" + }, + { + "short_text": "Low-traffic 'From'-domain", + "full_text": "The sender's domain has very low traffic - often indicating low-trust domains" + } + ], + "Email Text": [ + { + "short_text": "Suspicious-looking email text", + "full_text": "NLP analysis of the email text indicates a suspicious-looking email content" + } + ], + "Email Headers": [ + { + "short_text": "Missing DMARC", + "full_text": "The email's header suggest that DMARC signature is missing/invalid" + } + ] + }, + "reasons": [ + "First Time Sender" + ] + }, + "score": "275.646318", + "securityResultEntityId": "c574ca39a9e3ae0491f0942edc6850e2", + "securityResultEntityType": "avanan_ap_scan", + "statusCode": "0", + "statusDescription": null, + "verdict": "clean" + } + ], + "dlp": [ + { + "entityId": "c574ca39a9e3ae0491f0942edc6850e2", + "entityType": "office365_emails_email", + "payload": { + "matches_dlp_rules": [], + "found_text": [], + "scan_details": [], + "hit_count": 0 + }, + "score": "0", + "securityResultEntityId": "c574ca39a9e3ae0491f0942edc6850e2", + "securityResultEntityType": "avanan_dlp", + "statusCode": "0", + "statusDescription": "Clean", + "verdict": "clean" + } + ], + "clicktimeProtection": [ + { + "entityId": "c574ca39a9e3ae0491f0942edc6850e2", + "entityType": "office365_emails_email", + "payload": { + "malicious_url_clicks": [ + "http://www.xvira-malwareavrad.com" + ] + }, + "score": "0", + "securityResultEntityId": "c574ca39a9e3ae0491f0942edc6850e2", + "securityResultEntityType": "clicktime_protection_scan", + "statusCode": "0", + "statusDescription": null, + "verdict": "malicious_url" + }, + { + "entityId": "c574ca39a9e3ae0491f0942edc6850e2", + "entityType": "office365_emails_email", + "payload": { + "result": { + "entity_type": "office365_emails_email", + "guid": "3619", + "ip_address": "10.10.10.10, 10.10.10.11", + "entity_id": "c574ca39a9e3ae0491f0942edc6850e2", + "event": "block", + "brand": "avanan", + "request_id": "9d7d40e26b0d3afc", + "url": "http://www.xvira-malwareavrad.com/", + "user_agent": "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/81.0.4044.92 Safari/537.36", + "customer": "prod-3-con-lab44", + "farm_id": "mt-prod-3", + "detection_info": null + }, + "link": "http://www.xvira-malwareavrad.com", + "client_ip_address": null, + "user_agent": "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/81.0.4044.92 Safari/537.36", + "detection_info": "{}" + }, + "score": "0.0", + "securityResultEntityId": "39ad0ac72cd940e48ac3c80e2cea89b2", + "securityResultEntityType": "clicktime_protection_scan_clicks", + "statusCode": "0", + "statusDescription": null, + "verdict": "malicious_url" + }, + { + "entityId": "c574ca39a9e3ae0491f0942edc6850e2", + "entityType": "office365_emails_email", + "payload": { + "result": { + "entity_type": "office365_emails_email", + "guid": "227e", + "ip_address": "10.10.10.10, 10.10.10.11", + "entity_id": "c574ca39a9e3ae0491f0942edc6850e2", + "event": "block", + "brand": "avanan", + "request_id": "826ef435d21f30e5", + "url": "http://www.xvira-malwareavrad.com/", + "user_agent": "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/81.0.4044.92 Safari/537.36", + "customer": "prod-3-con-lab44", + "farm_id": "mt-prod-3", + "detection_info": null + }, + "link": "http://www.xvira-malwareavrad.com", + "client_ip_address": null, + "user_agent": "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/81.0.4044.92 Safari/537.36", + "detection_info": "{}" + }, + "score": "0.0", + "securityResultEntityId": "4b6acaa8425c4060b0cf817ea89d27e9", + "securityResultEntityType": "clicktime_protection_scan_clicks", + "statusCode": "0", + "statusDescription": null, + "verdict": "malicious_url" + } + ], + "shadowIt": [ + { + "entityId": "c574ca39a9e3ae0491f0942edc6850e2", + "entityType": "office365_emails_email", + "payload": { + "from": "Automation@avtestqa.com", + "subject": "AUT-clicktime-qa-1_070823_03_01_22_663114", + "domain": "" + }, + "score": "0", + "securityResultEntityId": "c574ca39a9e3ae0491f0942edc6850e2", + "securityResultEntityType": "shadow_it_emails_scan", + "statusCode": "clean", + "statusDescription": "Clean", + "verdict": "clean" + } + ], + "av": null + }, + "entityActions": [ + { + "entityActionName": "body_change", + "entityActionDate": "2023-08-07T00:01:30.412509Z", + "entityActionResponseCode": null, + "entityActionResponseText": null, + "entityActionState": "body_changed" + }, + { + "entityActionName": "links_replace", + "entityActionDate": "2023-08-07T00:01:30.412509Z", + "entityActionResponseCode": null, + "entityActionResponseText": null, + "entityActionState": "links_replaced" + } + ], + "entityAvailableActions": [] + }, + { + "entityInfo": { + "entityId": "41052bc90c612c3333e0dfff159191d1", + "customerId": "prod-3-con-lab44", + "customerOem": "Avanan", + "saas": "office365_emails", + "saasEntityType": "office365_emails_email", + "entityCreated": "2023-08-07T00:01:30.643231Z", + "entityUpdated": "2023-08-07T00:05:39.499711Z", + "entityActionState": "links_replaced" + }, + "entityPayload": { + "internetMessageId": "<00000000.00000000000000.00000000000000.00000000@mail.example.com>", + "subject": "AUT-clicktime-qa-1-blacklist_070823_03_01_24_402228", + "received": "2023-08-07T00:01:26Z", + "size": null, + "emailLinks": [ + "https://facebook.com" + ], + "attachmentCount": 0, + "attachments": [], + "mode": "inline", + "recipients": [ + "user2@avananlab44.onmicrosoft.com" + ], + "fromEmail": "Automation@avtestqa.com", + "fromDomain": "avtestqa.com", + "fromUser": {}, + "fromName": "", + "to": [ + "user2@avananlab44.onmicrosoft.com" + ], + "toUser": [ + { + "entity_id": "04df0456-6328-4cfe-a285-e41e3d035e9e", + "entity_type": "office365_emails_user", + "mail": null + } + ], + "cc": [], + "ccUser": [], + "bcc": [], + "bccUser": [], + "replyToEmail": "Automation@avtestqa.com", + "replyToNickname": "", + "isRead": null, + "isDeleted": false, + "isIncoming": true, + "isInternal": false, + "isOutgoing": false, + "isQuarantined": false, + "isQuarantineNotification": false, + "isRestored": false, + "isRestoreRequested": false, + "isRestoreDeclined": false, + "saasSpamVerdict": "-1", + "SpfResult": "pass", + "restoreRequestTime": null + }, + "entitySecurityResult": { + "combinedVerdict": { + "ap": "clean", + "dlp": "clean", + "clicktimeProtection": "malicious_url", + "shadowIt": "clean", + "av": null + }, + "ap": [ + { + "entityId": "41052bc90c612c3333e0dfff159191d1", + "entityType": "office365_emails_email", + "payload": { + "reasons_by_category_list": [ + "Email Headers", + "Sender Reputation" + ], + "reasons_by_category": { + "Email Headers": [ + { + "short_text": "Missing DMARC", + "full_text": "The email's header suggest that DMARC signature is missing/invalid" + } + ], + "Sender Reputation": [ + { + "short_text": "Insignificant historical reputation with sender", + "full_text": "The sending email address hasn't established significant historical reputation with your domain" + }, + { + "short_text": "Low-traffic 'From'-domain", + "full_text": "The sender's domain has very low traffic - often indicating low-trust domains" + } + ] + }, + "reasons": [ + "First Time Sender" + ] + }, + "score": "52.964422", + "securityResultEntityId": "41052bc90c612c3333e0dfff159191d1", + "securityResultEntityType": "avanan_ap_scan", + "statusCode": "0", + "statusDescription": null, + "verdict": "clean" + } + ], + "dlp": [ + { + "entityId": "41052bc90c612c3333e0dfff159191d1", + "entityType": "office365_emails_email", + "payload": { + "matches_dlp_rules": [], + "found_text": [], + "scan_details": [], + "hit_count": 0 + }, + "score": "0", + "securityResultEntityId": "41052bc90c612c3333e0dfff159191d1", + "securityResultEntityType": "avanan_dlp", + "statusCode": "0", + "statusDescription": "Clean", + "verdict": "clean" + } + ], + "clicktimeProtection": [ + { + "entityId": "41052bc90c612c3333e0dfff159191d1", + "entityType": "office365_emails_email", + "payload": null, + "score": "0", + "securityResultEntityId": "41052bc90c612c3333e0dfff159191d1", + "securityResultEntityType": "clicktime_protection_scan", + "statusCode": "0", + "statusDescription": null, + "verdict": "malicious_url" + } + ], + "shadowIt": [ + { + "entityId": "41052bc90c612c3333e0dfff159191d1", + "entityType": "office365_emails_email", + "payload": { + "subject": "AUT-clicktime-qa-1-blacklist_070823_03_01_24_402228", + "from": "Automation@avtestqa.com", + "domain": "" + }, + "score": "0", + "securityResultEntityId": "41052bc90c612c3333e0dfff159191d1", + "securityResultEntityType": "shadow_it_emails_scan", + "statusCode": "clean", + "statusDescription": "Clean", + "verdict": "clean" + } + ], + "av": null + }, + "entityActions": [ + { + "entityActionName": "body_change", + "entityActionDate": "2023-08-07T00:01:30.643231Z", + "entityActionResponseCode": null, + "entityActionResponseText": null, + "entityActionState": "body_changed" + }, + { + "entityActionName": "links_replace", + "entityActionDate": "2023-08-07T00:01:30.643231Z", + "entityActionResponseCode": null, + "entityActionResponseText": null, + "entityActionState": "links_replaced" + } + ], + "entityAvailableActions": [] + }, + { + "entityInfo": { + "entityId": "702f2101b082cf83a06e0a333717de0b", + "customerId": "prod-3-con-lab44", + "customerOem": "Avanan", + "saas": "office365_emails", + "saasEntityType": "office365_emails_email", + "entityCreated": "2023-08-07T00:01:30.829448Z", + "entityUpdated": "2023-08-07T00:01:43.435232Z", + "entityActionState": "links_replaced" + }, + "entityPayload": { + "internetMessageId": "<00000000.00000000000000.00000000000000.00000000@mail.example.com>", + "subject": "AUT-clicktime-qa-1-special-urls_070823_03_01_24_965888", + "received": "2023-08-07T00:01:26Z", + "size": null, + "emailLinks": [ + "https://hengold.github.io/clicktime_url/?url=!*", + "https://hengold.github.io/clicktime_url/?url=!*'();:@&=+$,/?%#[]/", + "https://hengold.github.io/clicktime_url/?\u043f\u0440\u0430\u0432\u0438\u0442\u0435\u043b\u044c\u0441\u0442\u0432\u043e/", + "https://hengold.github.io/clicktime_url/?\u05d1\u05e2\u05d1\u05e8\u05d9\u05ea/", + "https://hengold.github.io/clicktime_url/?\u4e2d\u6587/" + ], + "attachmentCount": 0, + "attachments": [], + "mode": "inline", + "recipients": [ + "user2@avananlab44.onmicrosoft.com" + ], + "fromEmail": "Automation@avtestqa.com", + "fromDomain": "avtestqa.com", + "fromUser": {}, + "fromName": "", + "to": [ + "user2@avananlab44.onmicrosoft.com" + ], + "toUser": [ + { + "entity_id": "04df0456-6328-4cfe-a285-e41e3d035e9e", + "entity_type": "office365_emails_user", + "mail": null + } + ], + "cc": [], + "ccUser": [], + "bcc": [], + "bccUser": [], + "replyToEmail": "Automation@avtestqa.com", + "replyToNickname": "", + "isRead": null, + "isDeleted": false, + "isIncoming": true, + "isInternal": false, + "isOutgoing": false, + "isQuarantined": false, + "isQuarantineNotification": false, + "isRestored": false, + "isRestoreRequested": false, + "isRestoreDeclined": false, + "saasSpamVerdict": "-1", + "SpfResult": "pass", + "restoreRequestTime": null + }, + "entitySecurityResult": { + "combinedVerdict": { + "ap": "clean", + "dlp": "clean", + "clicktimeProtection": "links_replaced", + "shadowIt": "clean", + "av": null + }, + "ap": [ + { + "entityId": "702f2101b082cf83a06e0a333717de0b", + "entityType": "office365_emails_email", + "payload": { + "reasons_by_category_list": [ + "Email Headers", + "Sender Reputation", + "Links" + ], + "reasons_by_category": { + "Email Headers": [ + { + "short_text": "Missing DMARC", + "full_text": "The email's header suggest that DMARC signature is missing/invalid" + } + ], + "Links": [ + { + "short_text": "Suspicious-looking link", + "full_text": "Some of the links in the email has suspicious format - often used by Phishing emails" + }, + { + "short_text": "Link to a low-traffic site", + "full_text": "The email contains link to low-traffic web-sites - often indicating low-trust domains" + } + ], + "Sender Reputation": [ + { + "short_text": "Insignificant historical reputation with sender", + "full_text": "The sending email address hasn't established significant historical reputation with your domain" + }, + { + "short_text": "Low-traffic 'From'-domain", + "full_text": "The sender's domain has very low traffic - often indicating low-trust domains" + } + ] + }, + "reasons": [ + "First Time Sender" + ] + }, + "score": "45.599355", + "securityResultEntityId": "702f2101b082cf83a06e0a333717de0b", + "securityResultEntityType": "avanan_ap_scan", + "statusCode": "0", + "statusDescription": null, + "verdict": "clean" + } + ], + "dlp": [ + { + "entityId": "702f2101b082cf83a06e0a333717de0b", + "entityType": "office365_emails_email", + "payload": { + "matches_dlp_rules": [], + "found_text": [], + "scan_details": [], + "hit_count": 0 + }, + "score": "0", + "securityResultEntityId": "702f2101b082cf83a06e0a333717de0b", + "securityResultEntityType": "avanan_dlp", + "statusCode": "0", + "statusDescription": "Clean", + "verdict": "clean" + } + ], + "clicktimeProtection": [ + { + "entityId": "702f2101b082cf83a06e0a333717de0b", + "entityType": "office365_emails_email", + "payload": null, + "score": "0", + "securityResultEntityId": "702f2101b082cf83a06e0a333717de0b", + "securityResultEntityType": "clicktime_protection_scan", + "statusCode": "0", + "statusDescription": null, + "verdict": "links_replaced" + } + ], + "shadowIt": [ + { + "entityId": "702f2101b082cf83a06e0a333717de0b", + "entityType": "office365_emails_email", + "payload": { + "from": "Automation@avtestqa.com", + "subject": "AUT-clicktime-qa-1-special-urls_070823_03_01_24_965888", + "domain": "" + }, + "score": "0", + "securityResultEntityId": "702f2101b082cf83a06e0a333717de0b", + "securityResultEntityType": "shadow_it_emails_scan", + "statusCode": "clean", + "statusDescription": "Clean", + "verdict": "clean" + } + ], + "av": null + }, + "entityActions": [ + { + "entityActionName": "body_change", + "entityActionDate": "2023-08-07T00:01:30.829448Z", + "entityActionResponseCode": null, + "entityActionResponseText": null, + "entityActionState": "body_changed" + }, + { + "entityActionName": "links_replace", + "entityActionDate": "2023-08-07T00:01:30.829448Z", + "entityActionResponseCode": null, + "entityActionResponseText": null, + "entityActionState": "links_replaced" + } + ], + "entityAvailableActions": [] + }, + { + "entityInfo": { + "entityId": "363f26ed96712bb58f31f16be3ecbc46", + "customerId": "prod-3-con-lab44", + "customerOem": "Avanan", + "saas": "office365_emails", + "saasEntityType": "office365_emails_email", + "entityCreated": "2023-08-07T00:01:32.358069Z", + "entityUpdated": "2023-08-07T00:01:43.438062Z", + "entityActionState": "links_replaced" + }, + "entityPayload": { + "internetMessageId": "<00000000.00000000000000.00000000000000.00000000@mail.example.com>", + "subject": "AUT-clicktime-qa-1-whitelist_070823_03_01_23_819440", + "received": "2023-08-07T00:01:25Z", + "size": null, + "emailLinks": [ + "http://www.xvirb-malwareavrad.com" + ], + "attachmentCount": 0, + "attachments": [], + "mode": "inline", + "recipients": [ + "user2@avananlab44.onmicrosoft.com" + ], + "fromEmail": "Automation@avtestqa.com", + "fromDomain": "avtestqa.com", + "fromUser": {}, + "fromName": "", + "to": [ + "user2@avananlab44.onmicrosoft.com" + ], + "toUser": [ + { + "entity_id": "04df0456-6328-4cfe-a285-e41e3d035e9e", + "entity_type": "office365_emails_user", + "mail": null + } + ], + "cc": [], + "ccUser": [], + "bcc": [], + "bccUser": [], + "replyToEmail": "Automation@avtestqa.com", + "replyToNickname": "", + "isRead": null, + "isDeleted": false, + "isIncoming": true, + "isInternal": false, + "isOutgoing": false, + "isQuarantined": false, + "isQuarantineNotification": false, + "isRestored": false, + "isRestoreRequested": false, + "isRestoreDeclined": false, + "saasSpamVerdict": "-1", + "SpfResult": "pass", + "restoreRequestTime": null + }, + "entitySecurityResult": { + "combinedVerdict": { + "ap": "clean", + "dlp": "clean", + "clicktimeProtection": "links_replaced", + "shadowIt": "clean", + "av": null + }, + "ap": [ + { + "entityId": "363f26ed96712bb58f31f16be3ecbc46", + "entityType": "office365_emails_email", + "payload": { + "reasons_by_category_list": [ + "Email Headers", + "Sender Reputation", + "Links" + ], + "reasons_by_category": { + "Email Headers": [ + { + "short_text": "Missing DMARC", + "full_text": "The email's header suggest that DMARC signature is missing/invalid" + } + ], + "Links": [ + { + "short_text": "Link to a low-traffic site", + "full_text": "The email contains link to low-traffic web-sites - often indicating low-trust domains" + } + ], + "Sender Reputation": [ + { + "short_text": "Insignificant historical reputation with sender", + "full_text": "The sending email address hasn't established significant historical reputation with your domain" + }, + { + "short_text": "Low-traffic 'From'-domain", + "full_text": "The sender's domain has very low traffic - often indicating low-trust domains" + } + ] + }, + "reasons": [ + "First Time Sender" + ] + }, + "score": "148.308417", + "securityResultEntityId": "363f26ed96712bb58f31f16be3ecbc46", + "securityResultEntityType": "avanan_ap_scan", + "statusCode": "0", + "statusDescription": null, + "verdict": "clean" + } + ], + "dlp": [ + { + "entityId": "363f26ed96712bb58f31f16be3ecbc46", + "entityType": "office365_emails_email", + "payload": { + "matches_dlp_rules": [], + "found_text": [], + "scan_details": [], + "hit_count": 0 + }, + "score": "0", + "securityResultEntityId": "363f26ed96712bb58f31f16be3ecbc46", + "securityResultEntityType": "avanan_dlp", + "statusCode": "0", + "statusDescription": "Clean", + "verdict": "clean" + } + ], + "clicktimeProtection": [ + { + "entityId": "363f26ed96712bb58f31f16be3ecbc46", + "entityType": "office365_emails_email", + "payload": null, + "score": "0", + "securityResultEntityId": "363f26ed96712bb58f31f16be3ecbc46", + "securityResultEntityType": "clicktime_protection_scan", + "statusCode": "0", + "statusDescription": null, + "verdict": "links_replaced" + } + ], + "shadowIt": [ + { + "entityId": "363f26ed96712bb58f31f16be3ecbc46", + "entityType": "office365_emails_email", + "payload": { + "from": "Automation@avtestqa.com", + "subject": "AUT-clicktime-qa-1-whitelist_070823_03_01_23_819440", + "domain": "" + }, + "score": "0", + "securityResultEntityId": "363f26ed96712bb58f31f16be3ecbc46", + "securityResultEntityType": "shadow_it_emails_scan", + "statusCode": "clean", + "statusDescription": "Clean", + "verdict": "clean" + } + ], + "av": null + }, + "entityActions": [ + { + "entityActionName": "body_change", + "entityActionDate": "2023-08-07T00:01:32.358069Z", + "entityActionResponseCode": null, + "entityActionResponseText": null, + "entityActionState": "body_changed" + }, + { + "entityActionName": "links_replace", + "entityActionDate": "2023-08-07T00:01:32.358069Z", + "entityActionResponseCode": null, + "entityActionResponseText": null, + "entityActionState": "links_replaced" + } + ], + "entityAvailableActions": [] + }, + { + "entityInfo": { + "entityId": "79e44e516892fe9d1f686ed315c3ef66", + "customerId": "prod-3-con-lab44", + "customerOem": "Avanan", + "saas": "office365_emails", + "saasEntityType": "office365_emails_email", + "entityCreated": "2023-08-07T00:05:13.144224Z", + "entityUpdated": "2023-08-07T00:05:27.153353Z", + "entityActionState": null + }, + "entityPayload": { + "internetMessageId": "<01000189cd4fd2d2-7a504979-e610-42ab-8b7b-a7812c5ab927-000000@email.amazonses.com>", + "subject": "aut_clean_prod3_17__070823_00_05_07_877621", + "received": "2023-08-07T00:05:08Z", + "size": null, + "emailLinks": [], + "attachmentCount": 0, + "attachments": [], + "mode": "inline", + "recipients": [ + "user2@avananlab44.onmicrosoft.com" + ], + "fromEmail": "Automation@avtestqa.com", + "fromDomain": "avtestqa.com", + "fromUser": {}, + "fromName": "", + "to": [ + "user2@avananlab44.onmicrosoft.com" + ], + "toUser": [ + { + "entity_id": "04df0456-6328-4cfe-a285-e41e3d035e9e", + "entity_type": "office365_emails_user", + "mail": null + } + ], + "cc": [], + "ccUser": [], + "bcc": [], + "bccUser": [], + "replyToEmail": null, + "replyToNickname": null, + "isRead": null, + "isDeleted": false, + "isIncoming": true, + "isInternal": false, + "isOutgoing": false, + "isQuarantined": false, + "isQuarantineNotification": false, + "isRestored": false, + "isRestoreRequested": false, + "isRestoreDeclined": false, + "saasSpamVerdict": "-1", + "SpfResult": "pass", + "restoreRequestTime": null + }, + "entitySecurityResult": { + "combinedVerdict": { + "ap": "clean", + "dlp": "clean", + "clicktimeProtection": "no_links_replaced", + "shadowIt": "clean", + "av": null + }, + "ap": [ + { + "entityId": "79e44e516892fe9d1f686ed315c3ef66", + "entityType": "office365_emails_email", + "payload": { + "reasons_by_category_list": [ + "Email Headers", + "Domain Impersonation", + "Sender Reputation" + ], + "reasons_by_category": { + "Email Headers": [ + { + "short_text": "Missing DMARC", + "full_text": "The email's header suggest that DMARC signature is missing/invalid" + } + ], + "Domain Impersonation": [ + { + "short_text": "SPF check failed when checking sending IP: 10.10.10.10 for domain avtestqa.com", + "full_text": "The email 'from' address doesn't pass the SPF-check" + } + ], + "Sender Reputation": [ + { + "short_text": "Insignificant historical reputation with sender", + "full_text": "The sending email address hasn't established significant historical reputation with your domain" + }, + { + "short_text": "Low-traffic 'From'-domain", + "full_text": "The sender's domain has very low traffic - often indicating low-trust domains" + } + ] + }, + "reasons": [ + "First Time Sender" + ] + }, + "score": "112.199243", + "securityResultEntityId": "79e44e516892fe9d1f686ed315c3ef66", + "securityResultEntityType": "avanan_ap_scan", + "statusCode": "0", + "statusDescription": null, + "verdict": "clean" + } + ], + "dlp": [ + { + "entityId": "79e44e516892fe9d1f686ed315c3ef66", + "entityType": "office365_emails_email", + "payload": { + "matches_dlp_rules": [], + "found_text": [], + "scan_details": [], + "hit_count": 0 + }, + "score": "0", + "securityResultEntityId": "79e44e516892fe9d1f686ed315c3ef66", + "securityResultEntityType": "avanan_dlp", + "statusCode": "0", + "statusDescription": "Clean", + "verdict": "clean" + } + ], + "clicktimeProtection": [ + { + "entityId": "79e44e516892fe9d1f686ed315c3ef66", + "entityType": "office365_emails_email", + "payload": null, + "score": "0", + "securityResultEntityId": "79e44e516892fe9d1f686ed315c3ef66", + "securityResultEntityType": "clicktime_protection_scan", + "statusCode": "0", + "statusDescription": null, + "verdict": "no_links_replaced" + } + ], + "shadowIt": [ + { + "entityId": "79e44e516892fe9d1f686ed315c3ef66", + "entityType": "office365_emails_email", + "payload": { + "from": "Automation@avtestqa.com", + "subject": "aut_clean_prod3_17__070823_00_05_07_877621", + "domain": "" + }, + "score": "0", + "securityResultEntityId": "79e44e516892fe9d1f686ed315c3ef66", + "securityResultEntityType": "shadow_it_emails_scan", + "statusCode": "clean", + "statusDescription": "Clean", + "verdict": "clean" + } + ], + "av": null + }, + "entityActions": [], + "entityAvailableActions": [] + }, + { + "entityInfo": { + "entityId": "8b689e19885c25a027f74f1ac2645084", + "customerId": "prod-3-con-lab44", + "customerOem": "Avanan", + "saas": "office365_emails", + "saasEntityType": "office365_emails_email", + "entityCreated": "2023-08-07T00:05:13.392563Z", + "entityUpdated": "2023-08-07T00:05:26.890327Z", + "entityActionState": "links_replaced" + }, + "entityPayload": { + "internetMessageId": "<01000189cd4fd23f-8ad56d58-249d-4c12-b3f0-0b5aaeda57fc-000000@email.amazonses.com>-alert", + "subject": "Phishing Alert! [aut_phish_prod3_17__070823_00_05_07_725804]", + "received": "2023-08-07T00:05:09Z", + "size": null, + "emailLinks": [ + "http://operatf.xyz/redirect53dfhbhfhfhb" + ], + "attachmentCount": 0, + "attachments": [], + "mode": "inline", + "recipients": [ + "user2@avananlab44.onmicrosoft.com" + ], + "fromEmail": "Automation@avtestqa.com", + "fromDomain": "avtestqa.com", + "fromUser": {}, + "fromName": "", + "to": [ + "user2@avananlab44.onmicrosoft.com" + ], + "toUser": [ + { + "entity_id": "04df0456-6328-4cfe-a285-e41e3d035e9e", + "entity_type": "office365_emails_user", + "mail": null + } + ], + "cc": [], + "ccUser": [], + "bcc": [], + "bccUser": [], + "replyToEmail": null, + "replyToNickname": null, + "isRead": null, + "isDeleted": false, + "isIncoming": true, + "isInternal": false, + "isOutgoing": false, + "isQuarantined": false, + "isQuarantineNotification": false, + "isRestored": false, + "isRestoreRequested": false, + "isRestoreDeclined": false, + "saasSpamVerdict": "-1", + "SpfResult": "pass", + "restoreRequestTime": null + }, + "entitySecurityResult": { + "combinedVerdict": { + "ap": "phishing", + "dlp": "clean", + "clicktimeProtection": "links_replaced", + "shadowIt": "clean", + "av": null + }, + "ap": [ + { + "entityId": "8b689e19885c25a027f74f1ac2645084", + "entityType": "office365_emails_email", + "payload": { + "reasons_by_category_list": [ + "Email Headers", + "Domain Impersonation", + "Sender Reputation", + "Links" + ], + "reasons_by_category": { + "Links": [ + { + "short_text": "Link to a low-traffic site", + "full_text": "The email contains link to low-traffic web-sites - often indicating low-trust domains" + } + ], + "Domain Impersonation": [ + { + "short_text": "SPF check failed when checking sending IP: 10.10.10.10 for domain avtestqa.com", + "full_text": "The email 'from' address doesn't pass the SPF-check" + } + ], + "Sender Reputation": [ + { + "short_text": "Insignificant historical reputation with sender", + "full_text": "The sending email address hasn't established significant historical reputation with your domain" + }, + { + "short_text": "Low-traffic 'From'-domain", + "full_text": "The sender's domain has very low traffic - often indicating low-trust domains" + } + ], + "Email Headers": [ + { + "short_text": "Missing DMARC", + "full_text": "The email's header suggest that DMARC signature is missing/invalid" + } + ] + }, + "reasons": [] + }, + "score": "234.309006", + "securityResultEntityId": "8b689e19885c25a027f74f1ac2645084", + "securityResultEntityType": "avanan_ap_scan", + "statusCode": "0", + "statusDescription": null, + "verdict": "phishing" + } + ], + "dlp": [ + { + "entityId": "8b689e19885c25a027f74f1ac2645084", + "entityType": "office365_emails_email", + "payload": { + "matches_dlp_rules": [], + "found_text": [], + "scan_details": [], + "hit_count": 0 + }, + "score": "0", + "securityResultEntityId": "8b689e19885c25a027f74f1ac2645084", + "securityResultEntityType": "avanan_dlp", + "statusCode": "0", + "statusDescription": "Clean", + "verdict": "clean" + } + ], + "clicktimeProtection": [ + { + "entityId": "8b689e19885c25a027f74f1ac2645084", + "entityType": "office365_emails_email", + "payload": null, + "score": "0", + "securityResultEntityId": "8b689e19885c25a027f74f1ac2645084", + "securityResultEntityType": "clicktime_protection_scan", + "statusCode": "0", + "statusDescription": null, + "verdict": "links_replaced" + } + ], + "shadowIt": [ + { + "entityId": "8b689e19885c25a027f74f1ac2645084", + "entityType": "office365_emails_email", + "payload": { + "from": "Automation@avtestqa.com", + "subject": "aut_phish_prod3_17__070823_00_05_07_725804", + "domain": "" + }, + "score": "0", + "securityResultEntityId": "8b689e19885c25a027f74f1ac2645084", + "securityResultEntityType": "shadow_it_emails_scan", + "statusCode": "clean", + "statusDescription": "Clean", + "verdict": "clean" + } + ], + "av": null + }, + "entityActions": [ + { + "entityActionName": "subject_change", + "entityActionDate": "2023-08-07T00:05:13.392563Z", + "entityActionResponseCode": null, + "entityActionResponseText": null, + "entityActionState": "subject_changed" + }, + { + "entityActionName": "body_change", + "entityActionDate": "2023-08-07T00:05:13.392563Z", + "entityActionResponseCode": null, + "entityActionResponseText": null, + "entityActionState": "body_changed" + }, + { + "entityActionName": "links_replace", + "entityActionDate": "2023-08-07T00:05:13.392563Z", + "entityActionResponseCode": null, + "entityActionResponseText": null, + "entityActionState": "links_replaced" + } + ], + "entityAvailableActions": [] + }, + { + "entityInfo": { + "entityId": "122885ead93b2ebc9a63705cc01b79db", + "customerId": "prod-3-con-lab44", + "customerOem": "Avanan", + "saas": "office365_emails", + "saasEntityType": "office365_emails_email", + "entityCreated": "2023-08-07T00:05:14.801418Z", + "entityUpdated": "2023-08-07T00:05:27.636917Z", + "entityActionState": "quarantined" + }, + "entityPayload": { + "internetMessageId": "<01000189cd4fd1b5-37ca593a-89fa-460e-82c1-8ec9443d0314-000000@email.amazonses.com>", + "subject": "aut_quar_prod3_17__070823_00_05_07_591877", + "received": "2023-08-07T00:05:08Z", + "size": null, + "emailLinks": [], + "attachmentCount": 1, + "attachments": [ + { + "name": "avanan_malicious_59_070823_00_05_07_1691366707.pdf", + "mimetype": "application/pdf", + "size": 2071, + "MD5": "91783a7d37185ee9d8cf21b8dcc072e8" + } + ], + "mode": "inline", + "recipients": [ + "user2@avananlab44.onmicrosoft.com" + ], + "fromEmail": "Automation@avtestqa.com", + "fromDomain": "avtestqa.com", + "fromUser": {}, + "fromName": "", + "to": [ + "user2@avananlab44.onmicrosoft.com" + ], + "toUser": [ + { + "entity_id": "04df0456-6328-4cfe-a285-e41e3d035e9e", + "entity_type": "office365_emails_user", + "mail": null + } + ], + "cc": [], + "ccUser": [], + "bcc": [], + "bccUser": [], + "replyToEmail": null, + "replyToNickname": null, + "isRead": null, + "isDeleted": true, + "isIncoming": true, + "isInternal": false, + "isOutgoing": false, + "isQuarantined": true, + "isQuarantineNotification": false, + "isRestored": false, + "isRestoreRequested": false, + "isRestoreDeclined": false, + "saasSpamVerdict": "-1", + "SpfResult": "pass", + "restoreRequestTime": null + }, + "entitySecurityResult": { + "combinedVerdict": { + "ap": "clean", + "dlp": "clean", + "clicktimeProtection": "no_links_replaced", + "shadowIt": "clean", + "av": "malicious" + }, + "ap": [ + { + "entityId": "122885ead93b2ebc9a63705cc01b79db", + "entityType": "office365_emails_email", + "payload": { + "reasons_by_category_list": [ + "Email Headers", + "Domain Impersonation", + "Sender Reputation" + ], + "reasons_by_category": { + "Email Headers": [ + { + "short_text": "Missing DMARC", + "full_text": "The email's header suggest that DMARC signature is missing/invalid" + } + ], + "Domain Impersonation": [ + { + "short_text": "SPF check failed when checking sending IP: 10.10.10.10 for domain avtestqa.com", + "full_text": "The email 'from' address doesn't pass the SPF-check" + } + ], + "Sender Reputation": [ + { + "short_text": "Insignificant historical reputation with sender", + "full_text": "The sending email address hasn't established significant historical reputation with your domain" + }, + { + "short_text": "Low-traffic 'From'-domain", + "full_text": "The sender's domain has very low traffic - often indicating low-trust domains" + } + ] + }, + "reasons": [ + "First Time Sender" + ] + }, + "score": "33.833035", + "securityResultEntityId": "122885ead93b2ebc9a63705cc01b79db", + "securityResultEntityType": "avanan_ap_scan", + "statusCode": "0", + "statusDescription": null, + "verdict": "clean" + } + ], + "dlp": [ + { + "entityId": "122885ead93b2ebc9a63705cc01b79db", + "entityType": "office365_emails_email", + "payload": { + "matches_dlp_rules": [], + "found_text": [], + "scan_details": [], + "hit_count": 0 + }, + "score": "0", + "securityResultEntityId": "122885ead93b2ebc9a63705cc01b79db", + "securityResultEntityType": "avanan_dlp", + "statusCode": "0", + "statusDescription": "Clean", + "verdict": "clean" + }, + { + "entityId": "1773f31fd53799315e5de707298aed22bc36f8b4", + "entityType": "office365_emails_attachment", + "payload": { + "matches_dlp_rules": [], + "found_text": [], + "scan_details": [], + "hit_count": 0 + }, + "score": "0", + "securityResultEntityId": "1773f31fd53799315e5de707298aed22bc36f8b4", + "securityResultEntityType": "avanan_dlp", + "statusCode": "0", + "statusDescription": "Clean", + "verdict": "clean" + } + ], + "clicktimeProtection": [ + { + "entityId": "122885ead93b2ebc9a63705cc01b79db", + "entityType": "office365_emails_email", + "payload": null, + "score": "0", + "securityResultEntityId": "122885ead93b2ebc9a63705cc01b79db", + "securityResultEntityType": "clicktime_protection_scan", + "statusCode": "0", + "statusDescription": null, + "verdict": "no_links_replaced" + } + ], + "shadowIt": [ + { + "entityId": "122885ead93b2ebc9a63705cc01b79db", + "entityType": "office365_emails_email", + "payload": { + "from": "Automation@avtestqa.com", + "subject": "aut_quar_prod3_17__070823_00_05_07_591877", + "domain": "" + }, + "score": "0", + "securityResultEntityId": "122885ead93b2ebc9a63705cc01b79db", + "securityResultEntityType": "shadow_it_emails_scan", + "statusCode": "clean", + "statusDescription": "Clean", + "verdict": "clean" + } + ], + "av": [ + { + "entityId": "1773f31fd53799315e5de707298aed22bc36f8b4", + "entityType": "office365_emails_attachment", + "payload": { + "scan_details": [ + "Dummy Core Detection" + ] + }, + "score": "100", + "securityResultEntityId": "1773f31fd53799315e5de707298aed22bc36f8b4", + "securityResultEntityType": "checkpoint2", + "statusCode": "0", + "statusDescription": "Dummy Core Detection", + "verdict": "malicious" + } + ] + }, + "entityActions": [ + { + "entityActionName": "quarantine", + "entityActionDate": "2023-08-07T00:05:26.757482Z", + "entityActionResponseCode": null, + "entityActionResponseText": null, + "entityActionState": "quarantined" + } + ], + "entityAvailableActions": [] + }, + { + "entityInfo": { + "entityId": "3ca56002e74f2fd867a9b709aeb2ea41", + "customerId": "prod-3-con-lab44", + "customerOem": "Avanan", + "saas": "office365_emails", + "saasEntityType": "office365_emails_email", + "entityCreated": "2023-08-07T00:06:10.210214Z", + "entityUpdated": "2023-08-07T00:06:18.748541Z", + "entityActionState": "body_changed" + }, + "entityPayload": { + "internetMessageId": "<01000189cd4fd423-70667a4d-f17a-4915-b1c3-777a8e9907f4-000000@email.amazonses.com>", + "subject": "Phishing Alert! [aut_phish_prod3_17__070823_00_05_08_041294]", + "received": "2023-08-07T00:05:09Z", + "size": null, + "emailLinks": [ + "http://operatf.xyz/redirect53dfhbhfhfhb" + ], + "attachmentCount": 0, + "attachments": [], + "mode": "monitor", + "recipients": [ + "user3@avananlab44.onmicrosoft.com" + ], + "fromEmail": "Automation@avtestqa.com", + "fromDomain": "avtestqa.com", + "fromUser": {}, + "fromName": "", + "to": [ + "user3@avananlab44.onmicrosoft.com" + ], + "toUser": [ + { + "entity_id": "1ec5d519-54a5-40fa-9651-19d7286710df", + "entity_type": "office365_emails_user", + "mail": null + } + ], + "cc": [], + "ccUser": [], + "bcc": [], + "bccUser": [], + "replyToEmail": null, + "replyToNickname": null, + "isRead": null, + "isDeleted": false, + "isIncoming": true, + "isInternal": false, + "isOutgoing": false, + "isQuarantined": false, + "isQuarantineNotification": false, + "isRestored": false, + "isRestoreRequested": false, + "isRestoreDeclined": false, + "saasSpamVerdict": "-1", + "SpfResult": "pass", + "restoreRequestTime": null + }, + "entitySecurityResult": { + "combinedVerdict": { + "ap": "phishing", + "dlp": null, + "clicktimeProtection": null, + "shadowIt": "clean", + "av": null + }, + "ap": [ + { + "entityId": "3ca56002e74f2fd867a9b709aeb2ea41", + "entityType": "office365_emails_email", + "payload": { + "reasons_by_category_list": [ + "Email Headers", + "Domain Impersonation", + "Sender Reputation", + "Links" + ], + "reasons_by_category": { + "Links": [ + { + "short_text": "Link to a low-traffic site", + "full_text": "The email contains link to low-traffic web-sites - often indicating low-trust domains" + } + ], + "Domain Impersonation": [ + { + "short_text": "SPF check failed when checking sending IP: 10.10.10.10 for domain avtestqa.com", + "full_text": "The email 'from' address doesn't pass the SPF-check" + } + ], + "Sender Reputation": [ + { + "short_text": "Insignificant historical reputation with sender", + "full_text": "The sending email address hasn't established significant historical reputation with your domain" + }, + { + "short_text": "Low-traffic 'From'-domain", + "full_text": "The sender's domain has very low traffic - often indicating low-trust domains" + } + ], + "Email Headers": [ + { + "short_text": "Missing DMARC", + "full_text": "The email's header suggest that DMARC signature is missing/invalid" + } + ] + }, + "reasons": [] + }, + "score": "230.291001", + "securityResultEntityId": "3ca56002e74f2fd867a9b709aeb2ea41", + "securityResultEntityType": "avanan_ap_scan", + "statusCode": "0", + "statusDescription": null, + "verdict": "phishing" + } + ], + "dlp": null, + "clicktimeProtection": null, + "shadowIt": [ + { + "entityId": "3ca56002e74f2fd867a9b709aeb2ea41", + "entityType": "office365_emails_email", + "payload": { + "from": "Automation@avtestqa.com", + "subject": "aut_phish_prod3_17__070823_00_05_08_041294", + "domain": "" + }, + "score": "0", + "securityResultEntityId": "3ca56002e74f2fd867a9b709aeb2ea41", + "securityResultEntityType": "shadow_it_emails_scan", + "statusCode": "clean", + "statusDescription": "Clean", + "verdict": "clean" + } + ], + "av": null + }, + "entityActions": [ + { + "entityActionName": "subject_change", + "entityActionDate": "2023-08-07T00:06:10.210214Z", + "entityActionResponseCode": null, + "entityActionResponseText": null, + "entityActionState": "subject_changed" + }, + { + "entityActionName": "body_change", + "entityActionDate": "2023-08-07T00:06:10.210214Z", + "entityActionResponseCode": null, + "entityActionResponseText": null, + "entityActionState": "body_changed" + } + ], + "entityAvailableActions": [] + }, + { + "entityInfo": { + "entityId": "f6184ec30a36f0ede3e6fb473c59129a", + "customerId": "prod-3-con-lab44", + "customerOem": "Avanan", + "saas": "office365_emails", + "saasEntityType": "office365_emails_email", + "entityCreated": "2023-08-07T00:06:11.733389Z", + "entityUpdated": "2023-08-07T00:06:26.773075Z", + "entityActionState": "quarantined" + }, + "entityPayload": { + "internetMessageId": "<01000189cd4fd5c8-2e99ec91-2fdb-46ee-928d-7ab4ad680455-000000@email.amazonses.com>", + "subject": "aut_quar_prod3_17__070823_00_05_08_640371", + "received": "2023-08-07T00:05:10Z", + "size": null, + "emailLinks": [], + "attachmentCount": 1, + "attachments": [ + { + "name": "avanan_malicious_13_070823_00_05_08_1691366708.pdf", + "mimetype": "application/pdf", + "size": 2070, + "MD5": "e67c2377f05efb30eac41f8bc67dc134" + } + ], + "mode": "monitor", + "recipients": [ + "user3@avananlab44.onmicrosoft.com" + ], + "fromEmail": "Automation@avtestqa.com", + "fromDomain": "avtestqa.com", + "fromUser": {}, + "fromName": "", + "to": [ + "user3@avananlab44.onmicrosoft.com" + ], + "toUser": [ + { + "entity_id": "1ec5d519-54a5-40fa-9651-19d7286710df", + "entity_type": "office365_emails_user", + "mail": null + } + ], + "cc": [], + "ccUser": [], + "bcc": [], + "bccUser": [], + "replyToEmail": null, + "replyToNickname": null, + "isRead": null, + "isDeleted": true, + "isIncoming": true, + "isInternal": false, + "isOutgoing": false, + "isQuarantined": true, + "isQuarantineNotification": false, + "isRestored": false, + "isRestoreRequested": false, + "isRestoreDeclined": false, + "saasSpamVerdict": "-1", + "SpfResult": "pass", + "restoreRequestTime": null + }, + "entitySecurityResult": { + "combinedVerdict": { + "ap": "clean", + "dlp": null, + "clicktimeProtection": null, + "shadowIt": "clean", + "av": "malicious" + }, + "ap": [ + { + "entityId": "f6184ec30a36f0ede3e6fb473c59129a", + "entityType": "office365_emails_email", + "payload": { + "reasons_by_category_list": [ + "Email Headers", + "Domain Impersonation", + "Sender Reputation" + ], + "reasons_by_category": { + "Email Headers": [ + { + "short_text": "Missing DMARC", + "full_text": "The email's header suggest that DMARC signature is missing/invalid" + } + ], + "Domain Impersonation": [ + { + "short_text": "SPF check failed when checking sending IP: 10.10.10.10 for domain avtestqa.com", + "full_text": "The email 'from' address doesn't pass the SPF-check" + } + ], + "Sender Reputation": [ + { + "short_text": "Insignificant historical reputation with sender", + "full_text": "The sending email address hasn't established significant historical reputation with your domain" + }, + { + "short_text": "Low-traffic 'From'-domain", + "full_text": "The sender's domain has very low traffic - often indicating low-trust domains" + } + ] + }, + "reasons": [ + "First Time Sender" + ] + }, + "score": "37.397321", + "securityResultEntityId": "f6184ec30a36f0ede3e6fb473c59129a", + "securityResultEntityType": "avanan_ap_scan", + "statusCode": "0", + "statusDescription": null, + "verdict": "clean" + } + ], + "dlp": null, + "clicktimeProtection": null, + "shadowIt": [ + { + "entityId": "f6184ec30a36f0ede3e6fb473c59129a", + "entityType": "office365_emails_email", + "payload": { + "from": "Automation@avtestqa.com", + "subject": "aut_quar_prod3_17__070823_00_05_08_640371", + "domain": "" + }, + "score": "0", + "securityResultEntityId": "f6184ec30a36f0ede3e6fb473c59129a", + "securityResultEntityType": "shadow_it_emails_scan", + "statusCode": "clean", + "statusDescription": "Clean", + "verdict": "clean" + } + ], + "av": [ + { + "entityId": "ce4baf72c22442107e7da49ccbdf625c12a92deb", + "entityType": "office365_emails_attachment", + "payload": { + "scan_details": [ + "Dummy Core Detection" + ] + }, + "score": "100", + "securityResultEntityId": "ce4baf72c22442107e7da49ccbdf625c12a92deb", + "securityResultEntityType": "checkpoint2", + "statusCode": "0", + "statusDescription": "Dummy Core Detection", + "verdict": "malicious" + } + ] + }, + "entityActions": [ + { + "entityActionName": "quarantine", + "entityActionDate": "2023-08-07T00:06:18.857992Z", + "entityActionResponseCode": null, + "entityActionResponseText": null, + "entityActionState": "quarantined" + } + ], + "entityAvailableActions": [] + }, + { + "entityInfo": { + "entityId": "2cd7e22f49be04b5abb989d00d8ef76f", + "customerId": "prod-3-con-lab44", + "customerOem": "Avanan", + "saas": "office365_emails", + "saasEntityType": "office365_emails_email", + "entityCreated": "2023-08-07T00:11:09.709766Z", + "entityUpdated": "2023-08-07T00:16:10.494616Z", + "entityActionState": null + }, + "entityPayload": { + "internetMessageId": "<01000189cd553a32-a141b17c-b9fe-4591-8e1c-fa9f2918a219-000000@email.amazonses.com>", + "subject": "aut_clean_prod3_17__070823_00_11_01_952862", + "received": "2023-08-07T00:11:03Z", + "size": null, + "emailLinks": [], + "attachmentCount": 0, + "attachments": [], + "mode": "inline", + "recipients": [ + "user4@avananlab44.onmicrosoft.com" + ], + "fromEmail": "Automation@avtestqa.com", + "fromDomain": "avtestqa.com", + "fromUser": {}, + "fromName": "", + "to": [ + "user4@avananlab44.onmicrosoft.com" + ], + "toUser": [ + { + "entity_id": "37bf0b54-5136-49e7-82c8-58f85d42b333", + "entity_type": "office365_emails_user", + "mail": null + } + ], + "cc": [], + "ccUser": [], + "bcc": [], + "bccUser": [], + "replyToEmail": null, + "replyToNickname": null, + "isRead": null, + "isDeleted": false, + "isIncoming": true, + "isInternal": false, + "isOutgoing": false, + "isQuarantined": false, + "isQuarantineNotification": false, + "isRestored": true, + "isRestoreRequested": false, + "isRestoreDeclined": false, + "saasSpamVerdict": "-1", + "SpfResult": "pass", + "restoreRequestTime": null + }, + "entitySecurityResult": { + "combinedVerdict": { + "ap": "clean", + "dlp": null, + "clicktimeProtection": null, + "shadowIt": "clean", + "av": null + }, + "ap": [ + { + "entityId": "2cd7e22f49be04b5abb989d00d8ef76f", + "entityType": "office365_emails_email", + "payload": { + "reasons_by_category_list": [ + "Email Headers", + "Domain Impersonation", + "Sender Reputation" + ], + "reasons_by_category": { + "Email Headers": [ + { + "short_text": "Missing DMARC", + "full_text": "The email's header suggest that DMARC signature is missing/invalid" + } + ], + "Domain Impersonation": [ + { + "short_text": "SPF check failed when checking sending IP: 10.10.10.10 for domain avtestqa.com", + "full_text": "The email 'from' address doesn't pass the SPF-check" + } + ], + "Sender Reputation": [ + { + "short_text": "Insignificant historical reputation with sender", + "full_text": "The sending email address hasn't established significant historical reputation with your domain" + }, + { + "short_text": "Low-traffic 'From'-domain", + "full_text": "The sender's domain has very low traffic - often indicating low-trust domains" + } + ] + }, + "reasons": [ + "First Time Sender" + ] + }, + "score": "96.863378", + "securityResultEntityId": "2cd7e22f49be04b5abb989d00d8ef76f", + "securityResultEntityType": "avanan_ap_scan", + "statusCode": "0", + "statusDescription": null, + "verdict": "clean" + } + ], + "dlp": null, + "clicktimeProtection": null, + "shadowIt": [ + { + "entityId": "2cd7e22f49be04b5abb989d00d8ef76f", + "entityType": "office365_emails_email", + "payload": { + "from": "Automation@avtestqa.com", + "subject": "aut_clean_prod3_17__070823_00_11_01_952862", + "domain": "" + }, + "score": "0", + "securityResultEntityId": "2cd7e22f49be04b5abb989d00d8ef76f", + "securityResultEntityType": "shadow_it_emails_scan", + "statusCode": "clean", + "statusDescription": "Clean", + "verdict": "clean" + } + ], + "av": null + }, + "entityActions": [], + "entityAvailableActions": [] + }, + { + "entityInfo": { + "entityId": "31b69d5b6d41aac688be9b892d792922", + "customerId": "prod-3-con-lab44", + "customerOem": "Avanan", + "saas": "office365_emails", + "saasEntityType": "office365_emails_email", + "entityCreated": "2023-08-07T00:11:23.562136Z", + "entityUpdated": "2023-08-07T00:11:32.920763Z", + "entityActionState": "quarantined" + }, + "entityPayload": { + "internetMessageId": "<00000000.00000000000000.00000000000000.00000000@mail.example.com>", + "subject": "AUT-clicktime-qa-1_070823_03_11_18_982345", + "received": "2023-08-07T00:11:20Z", + "size": null, + "emailLinks": [ + "http://www.xvira-malwareavrad.com", + "https://google.com", + "https://stackoverflow.com" + ], + "attachmentCount": 0, + "attachments": [], + "mode": "inline", + "recipients": [ + "user2@avananlab44.onmicrosoft.com" + ], + "fromEmail": "Automation@avtestqa.com", + "fromDomain": "avtestqa.com", + "fromUser": {}, + "fromName": "", + "to": [ + "user2@avananlab44.onmicrosoft.com" + ], + "toUser": [ + { + "entity_id": "04df0456-6328-4cfe-a285-e41e3d035e9e", + "entity_type": "office365_emails_user", + "mail": null + } + ], + "cc": [], + "ccUser": [], + "bcc": [], + "bccUser": [], + "replyToEmail": "Automation@avtestqa.com", + "replyToNickname": "", + "isRead": null, + "isDeleted": true, + "isIncoming": true, + "isInternal": false, + "isOutgoing": false, + "isQuarantined": true, + "isQuarantineNotification": false, + "isRestored": false, + "isRestoreRequested": false, + "isRestoreDeclined": false, + "saasSpamVerdict": "-1", + "SpfResult": "pass", + "restoreRequestTime": null + }, + "entitySecurityResult": { + "combinedVerdict": { + "ap": "spam", + "dlp": "clean", + "clicktimeProtection": "links_replaced", + "shadowIt": "clean", + "av": null + }, + "ap": [ + { + "entityId": "31b69d5b6d41aac688be9b892d792922", + "entityType": "office365_emails_email", + "payload": { + "reasons_by_category_list": [ + "Email Headers", + "Sender Reputation", + "Links", + "Email Text" + ], + "reasons_by_category": { + "Links": [ + { + "short_text": "Link to a low-traffic site", + "full_text": "The email contains link to low-traffic web-sites - often indicating low-trust domains" + }, + { + "short_text": "Suspicious-looking link", + "full_text": "The email presents a link that can be misleading (link text vs. actual URL)" + } + ], + "Sender Reputation": [ + { + "short_text": "Insignificant historical reputation with sender", + "full_text": "The sending email address hasn't established significant historical reputation with your domain" + }, + { + "short_text": "Low-traffic 'From'-domain", + "full_text": "The sender's domain has very low traffic - often indicating low-trust domains" + } + ], + "Email Text": [ + { + "short_text": "Suspicious-looking email text", + "full_text": "NLP analysis of the email text indicates a suspicious-looking email content" + } + ], + "Email Headers": [ + { + "short_text": "Missing DMARC", + "full_text": "The email's header suggest that DMARC signature is missing/invalid" + } + ] + }, + "reasons": [] + }, + "score": "275.646318", + "securityResultEntityId": "31b69d5b6d41aac688be9b892d792922", + "securityResultEntityType": "avanan_ap_scan", + "statusCode": "0", + "statusDescription": null, + "verdict": "spam" + } + ], + "dlp": [ + { + "entityId": "31b69d5b6d41aac688be9b892d792922", + "entityType": "office365_emails_email", + "payload": { + "matches_dlp_rules": [], + "found_text": [], + "scan_details": [], + "hit_count": 0 + }, + "score": "0", + "securityResultEntityId": "31b69d5b6d41aac688be9b892d792922", + "securityResultEntityType": "avanan_dlp", + "statusCode": "0", + "statusDescription": "Clean", + "verdict": "clean" + } + ], + "clicktimeProtection": [ + { + "entityId": "31b69d5b6d41aac688be9b892d792922", + "entityType": "office365_emails_email", + "payload": null, + "score": "0", + "securityResultEntityId": "31b69d5b6d41aac688be9b892d792922", + "securityResultEntityType": "clicktime_protection_scan", + "statusCode": "0", + "statusDescription": null, + "verdict": "links_replaced" + } + ], + "shadowIt": [ + { + "entityId": "31b69d5b6d41aac688be9b892d792922", + "entityType": "office365_emails_email", + "payload": { + "from": "Automation@avtestqa.com", + "subject": "AUT-clicktime-qa-1_070823_03_11_18_982345", + "domain": "" + }, + "score": "0", + "securityResultEntityId": "31b69d5b6d41aac688be9b892d792922", + "securityResultEntityType": "shadow_it_emails_scan", + "statusCode": "clean", + "statusDescription": "Clean", + "verdict": "clean" + } + ], + "av": null + }, + "entityActions": [ + { + "entityActionName": "quarantine", + "entityActionDate": "2023-08-07T00:11:31.946750Z", + "entityActionResponseCode": null, + "entityActionResponseText": null, + "entityActionState": "quarantined" + } + ], + "entityAvailableActions": [] + }, + { + "entityInfo": { + "entityId": "d32e2ee26d71cc0b7a29cd47aba0767d", + "customerId": "prod-3-con-lab44", + "customerOem": "Avanan", + "saas": "office365_emails", + "saasEntityType": "office365_emails_email", + "entityCreated": "2023-08-07T00:11:26.892283Z", + "entityUpdated": "2023-08-07T00:11:34.744164Z", + "entityActionState": null + }, + "entityPayload": { + "internetMessageId": "<00000000.00000000000000.00000000000000.00000000@mail.example.com>", + "subject": "AUT-clicktime-qa-1-ignorelist_070823_03_11_19_353425", + "received": "2023-08-07T00:11:20Z", + "size": null, + "emailLinks": [ + "https://mail.google.com", + "https://www.youtube.com", + "https://yardiasp14.com" + ], + "attachmentCount": 0, + "attachments": [], + "mode": "inline", + "recipients": [ + "user2@avananlab44.onmicrosoft.com" + ], + "fromEmail": "Automation@avtestqa.com", + "fromDomain": "avtestqa.com", + "fromUser": {}, + "fromName": "", + "to": [ + "user2@avananlab44.onmicrosoft.com" + ], + "toUser": [ + { + "entity_id": "04df0456-6328-4cfe-a285-e41e3d035e9e", + "entity_type": "office365_emails_user", + "mail": null + } + ], + "cc": [], + "ccUser": [], + "bcc": [], + "bccUser": [], + "replyToEmail": "Automation@avtestqa.com", + "replyToNickname": "", + "isRead": null, + "isDeleted": false, + "isIncoming": true, + "isInternal": false, + "isOutgoing": false, + "isQuarantined": false, + "isQuarantineNotification": false, + "isRestored": false, + "isRestoreRequested": false, + "isRestoreDeclined": false, + "saasSpamVerdict": "-1", + "SpfResult": "pass", + "restoreRequestTime": null + }, + "entitySecurityResult": { + "combinedVerdict": { + "ap": "clean", + "dlp": "clean", + "clicktimeProtection": "no_links_replaced", + "shadowIt": "clean", + "av": null + }, + "ap": [ + { + "entityId": "d32e2ee26d71cc0b7a29cd47aba0767d", + "entityType": "office365_emails_email", + "payload": { + "reasons_by_category_list": [ + "Email Headers", + "Sender Reputation" + ], + "reasons_by_category": { + "Email Headers": [ + { + "short_text": "Missing DMARC", + "full_text": "The email's header suggest that DMARC signature is missing/invalid" + } + ], + "Sender Reputation": [ + { + "short_text": "Insignificant historical reputation with sender", + "full_text": "The sending email address hasn't established significant historical reputation with your domain" + }, + { + "short_text": "Low-traffic 'From'-domain", + "full_text": "The sender's domain has very low traffic - often indicating low-trust domains" + } + ] + }, + "reasons": [ + "First Time Sender" + ] + }, + "score": "68.697515", + "securityResultEntityId": "d32e2ee26d71cc0b7a29cd47aba0767d", + "securityResultEntityType": "avanan_ap_scan", + "statusCode": "0", + "statusDescription": null, + "verdict": "clean" + } + ], + "dlp": [ + { + "entityId": "d32e2ee26d71cc0b7a29cd47aba0767d", + "entityType": "office365_emails_email", + "payload": { + "matches_dlp_rules": [], + "found_text": [], + "scan_details": [], + "hit_count": 0 + }, + "score": "0", + "securityResultEntityId": "d32e2ee26d71cc0b7a29cd47aba0767d", + "securityResultEntityType": "avanan_dlp", + "statusCode": "0", + "statusDescription": "Clean", + "verdict": "clean" + } + ], + "clicktimeProtection": [ + { + "entityId": "d32e2ee26d71cc0b7a29cd47aba0767d", + "entityType": "office365_emails_email", + "payload": null, + "score": "0", + "securityResultEntityId": "d32e2ee26d71cc0b7a29cd47aba0767d", + "securityResultEntityType": "clicktime_protection_scan", + "statusCode": "0", + "statusDescription": null, + "verdict": "no_links_replaced" + } + ], + "shadowIt": [ + { + "entityId": "d32e2ee26d71cc0b7a29cd47aba0767d", + "entityType": "office365_emails_email", + "payload": { + "from": "Automation@avtestqa.com", + "subject": "AUT-clicktime-qa-1-ignorelist_070823_03_11_19_353425", + "domain": "" + }, + "score": "0", + "securityResultEntityId": "d32e2ee26d71cc0b7a29cd47aba0767d", + "securityResultEntityType": "shadow_it_emails_scan", + "statusCode": "clean", + "statusDescription": "Clean", + "verdict": "clean" + } + ], + "av": null + }, + "entityActions": [], + "entityAvailableActions": [] + }, + { + "entityInfo": { + "entityId": "7840796fbbdcfed7e339329ff6d54ac4", + "customerId": "prod-3-con-lab44", + "customerOem": "Avanan", + "saas": "office365_emails", + "saasEntityType": "office365_emails_email", + "entityCreated": "2023-08-07T00:11:27.475406Z", + "entityUpdated": "2023-08-07T00:15:00.448858Z", + "entityActionState": "links_replaced" + }, + "entityPayload": { + "internetMessageId": "<00000000.00000000000000.00000000000000.00000000@mail.example.com>", + "subject": "AUT-clicktime-qa-1-blacklist_070823_03_11_20_525146", + "received": "2023-08-07T00:11:22Z", + "size": null, + "emailLinks": [ + "https://facebook.com" + ], + "attachmentCount": 0, + "attachments": [], + "mode": "inline", + "recipients": [ + "user2@avananlab44.onmicrosoft.com" + ], + "fromEmail": "Automation@avtestqa.com", + "fromDomain": "avtestqa.com", + "fromUser": {}, + "fromName": "", + "to": [ + "user2@avananlab44.onmicrosoft.com" + ], + "toUser": [ + { + "entity_id": "04df0456-6328-4cfe-a285-e41e3d035e9e", + "entity_type": "office365_emails_user", + "mail": null + } + ], + "cc": [], + "ccUser": [], + "bcc": [], + "bccUser": [], + "replyToEmail": "Automation@avtestqa.com", + "replyToNickname": "", + "isRead": null, + "isDeleted": false, + "isIncoming": true, + "isInternal": false, + "isOutgoing": false, + "isQuarantined": false, + "isQuarantineNotification": false, + "isRestored": false, + "isRestoreRequested": false, + "isRestoreDeclined": false, + "saasSpamVerdict": "-1", + "SpfResult": "pass", + "restoreRequestTime": null + }, + "entitySecurityResult": { + "combinedVerdict": { + "ap": "clean", + "dlp": "clean", + "clicktimeProtection": "malicious_url", + "shadowIt": "clean", + "av": null + }, + "ap": [ + { + "entityId": "7840796fbbdcfed7e339329ff6d54ac4", + "entityType": "office365_emails_email", + "payload": { + "reasons_by_category": { + "Sender Reputation": [ + { + "short_text": "Insignificant historical reputation with sender", + "full_text": "The sending email address hasn't established significant historical reputation with your domain" + }, + { + "short_text": "Low-traffic 'From'-domain", + "full_text": "The sender's domain has very low traffic - often indicating low-trust domains" + } + ], + "Email Headers": [ + { + "short_text": "Missing DMARC", + "full_text": "The email's header suggest that DMARC signature is missing/invalid" + } + ] + }, + "reasons": [ + "First Time Sender" + ], + "reasons_by_category_list": [ + "Email Headers", + "Sender Reputation" + ] + }, + "score": "52.964422", + "securityResultEntityId": "7840796fbbdcfed7e339329ff6d54ac4", + "securityResultEntityType": "avanan_ap_scan", + "statusCode": "0", + "statusDescription": null, + "verdict": "clean" + } + ], + "dlp": [ + { + "entityId": "7840796fbbdcfed7e339329ff6d54ac4", + "entityType": "office365_emails_email", + "payload": { + "matches_dlp_rules": [], + "found_text": [], + "scan_details": [], + "hit_count": 0 + }, + "score": "0", + "securityResultEntityId": "7840796fbbdcfed7e339329ff6d54ac4", + "securityResultEntityType": "avanan_dlp", + "statusCode": "0", + "statusDescription": "Clean", + "verdict": "clean" + } + ], + "clicktimeProtection": [ + { + "entityId": "7840796fbbdcfed7e339329ff6d54ac4", + "entityType": "office365_emails_email", + "payload": null, + "score": "0", + "securityResultEntityId": "7840796fbbdcfed7e339329ff6d54ac4", + "securityResultEntityType": "clicktime_protection_scan", + "statusCode": "0", + "statusDescription": null, + "verdict": "malicious_url" + } + ], + "shadowIt": [ + { + "entityId": "7840796fbbdcfed7e339329ff6d54ac4", + "entityType": "office365_emails_email", + "payload": { + "subject": "AUT-clicktime-qa-1-blacklist_070823_03_11_20_525146", + "domain": "", + "from": "Automation@avtestqa.com" + }, + "score": "0", + "securityResultEntityId": "7840796fbbdcfed7e339329ff6d54ac4", + "securityResultEntityType": "shadow_it_emails_scan", + "statusCode": "clean", + "statusDescription": "Clean", + "verdict": "clean" + } + ], + "av": null + }, + "entityActions": [ + { + "entityActionName": "body_change", + "entityActionDate": "2023-08-07T00:11:27.475406Z", + "entityActionResponseCode": null, + "entityActionResponseText": null, + "entityActionState": "body_changed" + }, + { + "entityActionName": "links_replace", + "entityActionDate": "2023-08-07T00:11:27.475406Z", + "entityActionResponseCode": null, + "entityActionResponseText": null, + "entityActionState": "links_replaced" + } + ], + "entityAvailableActions": [] + }, + { + "entityInfo": { + "entityId": "eed07b7021643963a36037a9ac83c1d3", + "customerId": "prod-3-con-lab44", + "customerOem": "Avanan", + "saas": "office365_emails", + "saasEntityType": "office365_emails_email", + "entityCreated": "2023-08-07T00:11:27.703194Z", + "entityUpdated": "2023-08-07T00:11:43.760130Z", + "entityActionState": "links_replaced" + }, + "entityPayload": { + "internetMessageId": "<00000000.00000000000000.00000000000000.00000000@mail.example.com>", + "subject": "AUT-clicktime-qa-1-special-urls_070823_03_11_21_097209", + "received": "2023-08-07T00:11:22Z", + "size": null, + "emailLinks": [ + "https://hengold.github.io/clicktime_url/?url=!*", + "https://hengold.github.io/clicktime_url/?url=!*'();:@&=+$,/?%#[]/", + "https://hengold.github.io/clicktime_url/?\u043f\u0440\u0430\u0432\u0438\u0442\u0435\u043b\u044c\u0441\u0442\u0432\u043e/", + "https://hengold.github.io/clicktime_url/?\u05d1\u05e2\u05d1\u05e8\u05d9\u05ea/", + "https://hengold.github.io/clicktime_url/?\u4e2d\u6587/" + ], + "attachmentCount": 0, + "attachments": [], + "mode": "inline", + "recipients": [ + "user2@avananlab44.onmicrosoft.com" + ], + "fromEmail": "Automation@avtestqa.com", + "fromDomain": "avtestqa.com", + "fromUser": {}, + "fromName": "", + "to": [ + "user2@avananlab44.onmicrosoft.com" + ], + "toUser": [ + { + "entity_id": "04df0456-6328-4cfe-a285-e41e3d035e9e", + "entity_type": "office365_emails_user", + "mail": null + } + ], + "cc": [], + "ccUser": [], + "bcc": [], + "bccUser": [], + "replyToEmail": "Automation@avtestqa.com", + "replyToNickname": "", + "isRead": null, + "isDeleted": false, + "isIncoming": true, + "isInternal": false, + "isOutgoing": false, + "isQuarantined": false, + "isQuarantineNotification": false, + "isRestored": false, + "isRestoreRequested": false, + "isRestoreDeclined": false, + "saasSpamVerdict": "-1", + "SpfResult": "pass", + "restoreRequestTime": null + }, + "entitySecurityResult": { + "combinedVerdict": { + "ap": "clean", + "dlp": "clean", + "clicktimeProtection": "links_replaced", + "shadowIt": "clean", + "av": null + }, + "ap": [ + { + "entityId": "eed07b7021643963a36037a9ac83c1d3", + "entityType": "office365_emails_email", + "payload": { + "reasons_by_category_list": [ + "Email Headers", + "Sender Reputation", + "Links" + ], + "reasons_by_category": { + "Email Headers": [ + { + "short_text": "Missing DMARC", + "full_text": "The email's header suggest that DMARC signature is missing/invalid" + } + ], + "Links": [ + { + "short_text": "Suspicious-looking link", + "full_text": "Some of the links in the email has suspicious format - often used by Phishing emails" + }, + { + "short_text": "Link to a low-traffic site", + "full_text": "The email contains link to low-traffic web-sites - often indicating low-trust domains" + } + ], + "Sender Reputation": [ + { + "short_text": "Insignificant historical reputation with sender", + "full_text": "The sending email address hasn't established significant historical reputation with your domain" + }, + { + "short_text": "Low-traffic 'From'-domain", + "full_text": "The sender's domain has very low traffic - often indicating low-trust domains" + } + ] + }, + "reasons": [ + "First Time Sender" + ] + }, + "score": "45.599355", + "securityResultEntityId": "eed07b7021643963a36037a9ac83c1d3", + "securityResultEntityType": "avanan_ap_scan", + "statusCode": "0", + "statusDescription": null, + "verdict": "clean" + } + ], + "dlp": [ + { + "entityId": "eed07b7021643963a36037a9ac83c1d3", + "entityType": "office365_emails_email", + "payload": { + "matches_dlp_rules": [], + "found_text": [], + "scan_details": [], + "hit_count": 0 + }, + "score": "0", + "securityResultEntityId": "eed07b7021643963a36037a9ac83c1d3", + "securityResultEntityType": "avanan_dlp", + "statusCode": "0", + "statusDescription": "Clean", + "verdict": "clean" + } + ], + "clicktimeProtection": [ + { + "entityId": "eed07b7021643963a36037a9ac83c1d3", + "entityType": "office365_emails_email", + "payload": null, + "score": "0", + "securityResultEntityId": "eed07b7021643963a36037a9ac83c1d3", + "securityResultEntityType": "clicktime_protection_scan", + "statusCode": "0", + "statusDescription": null, + "verdict": "links_replaced" + } + ], + "shadowIt": [ + { + "entityId": "eed07b7021643963a36037a9ac83c1d3", + "entityType": "office365_emails_email", + "payload": { + "from": "Automation@avtestqa.com", + "subject": "AUT-clicktime-qa-1-special-urls_070823_03_11_21_097209", + "domain": "" + }, + "score": "0", + "securityResultEntityId": "eed07b7021643963a36037a9ac83c1d3", + "securityResultEntityType": "shadow_it_emails_scan", + "statusCode": "clean", + "statusDescription": "Clean", + "verdict": "clean" + } + ], + "av": null + }, + "entityActions": [ + { + "entityActionName": "body_change", + "entityActionDate": "2023-08-07T00:11:27.703194Z", + "entityActionResponseCode": null, + "entityActionResponseText": null, + "entityActionState": "body_changed" + }, + { + "entityActionName": "links_replace", + "entityActionDate": "2023-08-07T00:11:27.703194Z", + "entityActionResponseCode": null, + "entityActionResponseText": null, + "entityActionState": "links_replaced" + } + ], + "entityAvailableActions": [] + }, + { + "entityInfo": { + "entityId": "d32e918d7417fa4a3002f424c74ac4a6", + "customerId": "prod-3-con-lab44", + "customerOem": "Avanan", + "saas": "office365_emails", + "saasEntityType": "office365_emails_email", + "entityCreated": "2023-08-07T00:11:30.331874Z", + "entityUpdated": "2023-08-07T00:11:43.962165Z", + "entityActionState": "links_replaced" + }, + "entityPayload": { + "internetMessageId": "<00000000.00000000000000.00000000000000.00000000@mail.example.com>", + "subject": "AUT-clicktime-qa-1-whitelist_070823_03_11_19_929121", + "received": "2023-08-07T00:11:22Z", + "size": null, + "emailLinks": [ + "http://www.xvirb-malwareavrad.com" + ], + "attachmentCount": 0, + "attachments": [], + "mode": "inline", + "recipients": [ + "user2@avananlab44.onmicrosoft.com" + ], + "fromEmail": "Automation@avtestqa.com", + "fromDomain": "avtestqa.com", + "fromUser": {}, + "fromName": "", + "to": [ + "user2@avananlab44.onmicrosoft.com" + ], + "toUser": [ + { + "entity_id": "04df0456-6328-4cfe-a285-e41e3d035e9e", + "entity_type": "office365_emails_user", + "mail": null + } + ], + "cc": [], + "ccUser": [], + "bcc": [], + "bccUser": [], + "replyToEmail": "Automation@avtestqa.com", + "replyToNickname": "", + "isRead": null, + "isDeleted": false, + "isIncoming": true, + "isInternal": false, + "isOutgoing": false, + "isQuarantined": false, + "isQuarantineNotification": false, + "isRestored": false, + "isRestoreRequested": false, + "isRestoreDeclined": false, + "saasSpamVerdict": "-1", + "SpfResult": "pass", + "restoreRequestTime": null + }, + "entitySecurityResult": { + "combinedVerdict": { + "ap": "clean", + "dlp": "clean", + "clicktimeProtection": "links_replaced", + "shadowIt": "clean", + "av": null + }, + "ap": [ + { + "entityId": "d32e918d7417fa4a3002f424c74ac4a6", + "entityType": "office365_emails_email", + "payload": { + "reasons_by_category_list": [ + "Email Headers", + "Sender Reputation", + "Links" + ], + "reasons_by_category": { + "Email Headers": [ + { + "short_text": "Missing DMARC", + "full_text": "The email's header suggest that DMARC signature is missing/invalid" + } + ], + "Links": [ + { + "short_text": "Link to a low-traffic site", + "full_text": "The email contains link to low-traffic web-sites - often indicating low-trust domains" + } + ], + "Sender Reputation": [ + { + "short_text": "Insignificant historical reputation with sender", + "full_text": "The sending email address hasn't established significant historical reputation with your domain" + }, + { + "short_text": "Low-traffic 'From'-domain", + "full_text": "The sender's domain has very low traffic - often indicating low-trust domains" + } + ] + }, + "reasons": [ + "First Time Sender" + ] + }, + "score": "148.308417", + "securityResultEntityId": "d32e918d7417fa4a3002f424c74ac4a6", + "securityResultEntityType": "avanan_ap_scan", + "statusCode": "0", + "statusDescription": null, + "verdict": "clean" + } + ], + "dlp": [ + { + "entityId": "d32e918d7417fa4a3002f424c74ac4a6", + "entityType": "office365_emails_email", + "payload": { + "matches_dlp_rules": [], + "found_text": [], + "scan_details": [], + "hit_count": 0 + }, + "score": "0", + "securityResultEntityId": "d32e918d7417fa4a3002f424c74ac4a6", + "securityResultEntityType": "avanan_dlp", + "statusCode": "0", + "statusDescription": "Clean", + "verdict": "clean" + } + ], + "clicktimeProtection": [ + { + "entityId": "d32e918d7417fa4a3002f424c74ac4a6", + "entityType": "office365_emails_email", + "payload": null, + "score": "0", + "securityResultEntityId": "d32e918d7417fa4a3002f424c74ac4a6", + "securityResultEntityType": "clicktime_protection_scan", + "statusCode": "0", + "statusDescription": null, + "verdict": "links_replaced" + } + ], + "shadowIt": [ + { + "entityId": "d32e918d7417fa4a3002f424c74ac4a6", + "entityType": "office365_emails_email", + "payload": { + "from": "Automation@avtestqa.com", + "subject": "AUT-clicktime-qa-1-whitelist_070823_03_11_19_929121", + "domain": "" + }, + "score": "0", + "securityResultEntityId": "d32e918d7417fa4a3002f424c74ac4a6", + "securityResultEntityType": "shadow_it_emails_scan", + "statusCode": "clean", + "statusDescription": "Clean", + "verdict": "clean" + } + ], + "av": null + }, + "entityActions": [ + { + "entityActionName": "body_change", + "entityActionDate": "2023-08-07T00:11:30.331874Z", + "entityActionResponseCode": null, + "entityActionResponseText": null, + "entityActionState": "body_changed" + }, + { + "entityActionName": "links_replace", + "entityActionDate": "2023-08-07T00:11:30.331874Z", + "entityActionResponseCode": null, + "entityActionResponseText": null, + "entityActionState": "links_replaced" + } + ], + "entityAvailableActions": [] + }, + { + "entityInfo": { + "entityId": "96237f22c52798520bafa9f763b99ce0", + "customerId": "prod-3-con-lab44", + "customerOem": "Avanan", + "saas": "office365_emails", + "saasEntityType": "office365_emails_email", + "entityCreated": "2023-08-07T00:14:27.784239Z", + "entityUpdated": "2023-08-07T00:14:42.092962Z", + "entityActionState": null + }, + "entityPayload": { + "internetMessageId": "<01000189cd584801-934c5cb3-d00b-4336-b5ac-52cb0e10278b-000000@email.amazonses.com>", + "subject": "aut_clean_prod3_17__070823_00_14_21_927924", + "received": "2023-08-07T00:14:23Z", + "size": null, + "emailLinks": [], + "attachmentCount": 0, + "attachments": [], + "mode": "inline", + "recipients": [ + "user2@avananlab44.onmicrosoft.com" + ], + "fromEmail": "Automation@avtestqa.com", + "fromDomain": "avtestqa.com", + "fromUser": {}, + "fromName": "", + "to": [ + "user2@avananlab44.onmicrosoft.com" + ], + "toUser": [ + { + "entity_id": "04df0456-6328-4cfe-a285-e41e3d035e9e", + "entity_type": "office365_emails_user", + "mail": null + } + ], + "cc": [], + "ccUser": [], + "bcc": [], + "bccUser": [], + "replyToEmail": null, + "replyToNickname": null, + "isRead": null, + "isDeleted": false, + "isIncoming": true, + "isInternal": false, + "isOutgoing": false, + "isQuarantined": false, + "isQuarantineNotification": false, + "isRestored": false, + "isRestoreRequested": false, + "isRestoreDeclined": false, + "saasSpamVerdict": "-1", + "SpfResult": "pass", + "restoreRequestTime": null + }, + "entitySecurityResult": { + "combinedVerdict": { + "ap": "clean", + "dlp": "clean", + "clicktimeProtection": "no_links_replaced", + "shadowIt": "clean", + "av": null + }, + "ap": [ + { + "entityId": "96237f22c52798520bafa9f763b99ce0", + "entityType": "office365_emails_email", + "payload": { + "reasons_by_category_list": [ + "Email Headers", + "Domain Impersonation", + "Sender Reputation" + ], + "reasons_by_category": { + "Email Headers": [ + { + "short_text": "Missing DMARC", + "full_text": "The email's header suggest that DMARC signature is missing/invalid" + } + ], + "Domain Impersonation": [ + { + "short_text": "SPF check failed when checking sending IP: 10.10.10.10 for domain avtestqa.com", + "full_text": "The email 'from' address doesn't pass the SPF-check" + } + ], + "Sender Reputation": [ + { + "short_text": "Insignificant historical reputation with sender", + "full_text": "The sending email address hasn't established significant historical reputation with your domain" + }, + { + "short_text": "Low-traffic 'From'-domain", + "full_text": "The sender's domain has very low traffic - often indicating low-trust domains" + } + ] + }, + "reasons": [ + "First Time Sender" + ] + }, + "score": "125.763193", + "securityResultEntityId": "96237f22c52798520bafa9f763b99ce0", + "securityResultEntityType": "avanan_ap_scan", + "statusCode": "0", + "statusDescription": null, + "verdict": "clean" + } + ], + "dlp": [ + { + "entityId": "96237f22c52798520bafa9f763b99ce0", + "entityType": "office365_emails_email", + "payload": { + "matches_dlp_rules": [], + "found_text": [], + "scan_details": [], + "hit_count": 0 + }, + "score": "0", + "securityResultEntityId": "96237f22c52798520bafa9f763b99ce0", + "securityResultEntityType": "avanan_dlp", + "statusCode": "0", + "statusDescription": "Clean", + "verdict": "clean" + } + ], + "clicktimeProtection": [ + { + "entityId": "96237f22c52798520bafa9f763b99ce0", + "entityType": "office365_emails_email", + "payload": null, + "score": "0", + "securityResultEntityId": "96237f22c52798520bafa9f763b99ce0", + "securityResultEntityType": "clicktime_protection_scan", + "statusCode": "0", + "statusDescription": null, + "verdict": "no_links_replaced" + } + ], + "shadowIt": [ + { + "entityId": "96237f22c52798520bafa9f763b99ce0", + "entityType": "office365_emails_email", + "payload": { + "from": "Automation@avtestqa.com", + "subject": "aut_clean_prod3_17__070823_00_14_21_927924", + "domain": "" + }, + "score": "0", + "securityResultEntityId": "96237f22c52798520bafa9f763b99ce0", + "securityResultEntityType": "shadow_it_emails_scan", + "statusCode": "clean", + "statusDescription": "Clean", + "verdict": "clean" + } + ], + "av": null + }, + "entityActions": [], + "entityAvailableActions": [] + }, + { + "entityInfo": { + "entityId": "c606e93cc9e5014307753251017bdd4c", + "customerId": "prod-3-con-lab44", + "customerOem": "Avanan", + "saas": "office365_emails", + "saasEntityType": "office365_emails_email", + "entityCreated": "2023-08-07T00:14:28.695200Z", + "entityUpdated": "2023-08-07T00:14:34.455413Z", + "entityActionState": null + }, + "entityPayload": { + "internetMessageId": "<00000000.00000000000000.00000000000000.00000000@mail.example.com>", + "subject": "AUT-clean-qa1-4-_070823_00_14_16_330231", + "received": "2023-08-07T00:14:17Z", + "size": null, + "emailLinks": [], + "attachmentCount": 0, + "attachments": [], + "mode": "monitor", + "recipients": [ + "user3@avananlab44.onmicrosoft.com" + ], + "fromEmail": "Automation@avtestqa.com", + "fromDomain": "avtestqa.com", + "fromUser": {}, + "fromName": "", + "to": [ + "user3@avananlab44.onmicrosoft.com" + ], + "toUser": [ + { + "entity_id": "1ec5d519-54a5-40fa-9651-19d7286710df", + "entity_type": "office365_emails_user", + "mail": null + } + ], + "cc": [], + "ccUser": [], + "bcc": [], + "bccUser": [], + "replyToEmail": "Automation@avtestqa.com", + "replyToNickname": "", + "isRead": null, + "isDeleted": false, + "isIncoming": true, + "isInternal": false, + "isOutgoing": false, + "isQuarantined": false, + "isQuarantineNotification": false, + "isRestored": false, + "isRestoreRequested": false, + "isRestoreDeclined": false, + "saasSpamVerdict": "-1", + "SpfResult": "pass", + "restoreRequestTime": null + }, + "entitySecurityResult": { + "combinedVerdict": { + "ap": "clean", + "dlp": null, + "clicktimeProtection": null, + "shadowIt": "clean", + "av": null + }, + "ap": [ + { + "entityId": "c606e93cc9e5014307753251017bdd4c", + "entityType": "office365_emails_email", + "payload": { + "reasons_by_category_list": [ + "Email Headers", + "Sender Reputation" + ], + "reasons_by_category": { + "Email Headers": [ + { + "short_text": "Missing DMARC", + "full_text": "The email's header suggest that DMARC signature is missing/invalid" + } + ], + "Sender Reputation": [ + { + "short_text": "Insignificant historical reputation with sender", + "full_text": "The sending email address hasn't established significant historical reputation with your domain" + }, + { + "short_text": "Low-traffic 'From'-domain", + "full_text": "The sender's domain has very low traffic - often indicating low-trust domains" + } + ] + }, + "reasons": [ + "First Time Sender" + ] + }, + "score": "42.792424", + "securityResultEntityId": "c606e93cc9e5014307753251017bdd4c", + "securityResultEntityType": "avanan_ap_scan", + "statusCode": "0", + "statusDescription": null, + "verdict": "clean" + } + ], + "dlp": null, + "clicktimeProtection": null, + "shadowIt": [ + { + "entityId": "c606e93cc9e5014307753251017bdd4c", + "entityType": "office365_emails_email", + "payload": { + "from": "Automation@avtestqa.com", + "subject": "AUT-clean-qa1-4-_070823_00_14_16_330231", + "domain": "" + }, + "score": "0", + "securityResultEntityId": "c606e93cc9e5014307753251017bdd4c", + "securityResultEntityType": "shadow_it_emails_scan", + "statusCode": "clean", + "statusDescription": "Clean", + "verdict": "clean" + } + ], + "av": null + }, + "entityActions": [], + "entityAvailableActions": [] + }, + { + "entityInfo": { + "entityId": "b858066dab59209d1410f6a948a82623", + "customerId": "prod-3-con-lab44", + "customerOem": "Avanan", + "saas": "office365_emails", + "saasEntityType": "office365_emails_email", + "entityCreated": "2023-08-07T00:14:30.013633Z", + "entityUpdated": "2023-08-07T00:14:45.268104Z", + "entityActionState": "links_replaced" + }, + "entityPayload": { + "internetMessageId": "<01000189cd58464a-76f39896-0ab0-44fe-b693-cd1f5f42acf9-000000@email.amazonses.com>-alert", + "subject": "Phishing Alert! [aut_phish_prod3_17__070823_00_14_21_545683]", + "received": "2023-08-07T00:14:23Z", + "size": null, + "emailLinks": [ + "http://operatf.xyz/redirect53dfhbhfhfhb" + ], + "attachmentCount": 0, + "attachments": [], + "mode": "inline", + "recipients": [ + "user2@avananlab44.onmicrosoft.com" + ], + "fromEmail": "Automation@avtestqa.com", + "fromDomain": "avtestqa.com", + "fromUser": {}, + "fromName": "", + "to": [ + "user2@avananlab44.onmicrosoft.com" + ], + "toUser": [ + { + "entity_id": "04df0456-6328-4cfe-a285-e41e3d035e9e", + "entity_type": "office365_emails_user", + "mail": null + } + ], + "cc": [], + "ccUser": [], + "bcc": [], + "bccUser": [], + "replyToEmail": null, + "replyToNickname": null, + "isRead": null, + "isDeleted": false, + "isIncoming": true, + "isInternal": false, + "isOutgoing": false, + "isQuarantined": false, + "isQuarantineNotification": false, + "isRestored": false, + "isRestoreRequested": false, + "isRestoreDeclined": false, + "saasSpamVerdict": "-1", + "SpfResult": "pass", + "restoreRequestTime": null + }, + "entitySecurityResult": { + "combinedVerdict": { + "ap": "phishing", + "dlp": "clean", + "clicktimeProtection": "links_replaced", + "shadowIt": "clean", + "av": null + }, + "ap": [ + { + "entityId": "b858066dab59209d1410f6a948a82623", + "entityType": "office365_emails_email", + "payload": { + "reasons_by_category_list": [ + "Email Headers", + "Domain Impersonation", + "Sender Reputation", + "Links" + ], + "reasons_by_category": { + "Links": [ + { + "short_text": "Link to a low-traffic site", + "full_text": "The email contains link to low-traffic web-sites - often indicating low-trust domains" + } + ], + "Domain Impersonation": [ + { + "short_text": "SPF check failed when checking sending IP: 10.10.10.10 for domain avtestqa.com", + "full_text": "The email 'from' address doesn't pass the SPF-check" + } + ], + "Sender Reputation": [ + { + "short_text": "Insignificant historical reputation with sender", + "full_text": "The sending email address hasn't established significant historical reputation with your domain" + }, + { + "short_text": "Low-traffic 'From'-domain", + "full_text": "The sender's domain has very low traffic - often indicating low-trust domains" + } + ], + "Email Headers": [ + { + "short_text": "Missing DMARC", + "full_text": "The email's header suggest that DMARC signature is missing/invalid" + } + ] + }, + "reasons": [] + }, + "score": "234.309006", + "securityResultEntityId": "b858066dab59209d1410f6a948a82623", + "securityResultEntityType": "avanan_ap_scan", + "statusCode": "0", + "statusDescription": null, + "verdict": "phishing" + } + ], + "dlp": [ + { + "entityId": "b858066dab59209d1410f6a948a82623", + "entityType": "office365_emails_email", + "payload": { + "matches_dlp_rules": [], + "found_text": [], + "scan_details": [], + "hit_count": 0 + }, + "score": "0", + "securityResultEntityId": "b858066dab59209d1410f6a948a82623", + "securityResultEntityType": "avanan_dlp", + "statusCode": "0", + "statusDescription": "Clean", + "verdict": "clean" + } + ], + "clicktimeProtection": [ + { + "entityId": "b858066dab59209d1410f6a948a82623", + "entityType": "office365_emails_email", + "payload": null, + "score": "0", + "securityResultEntityId": "b858066dab59209d1410f6a948a82623", + "securityResultEntityType": "clicktime_protection_scan", + "statusCode": "0", + "statusDescription": null, + "verdict": "links_replaced" + } + ], + "shadowIt": [ + { + "entityId": "b858066dab59209d1410f6a948a82623", + "entityType": "office365_emails_email", + "payload": { + "from": "Automation@avtestqa.com", + "subject": "aut_phish_prod3_17__070823_00_14_21_545683", + "domain": "" + }, + "score": "0", + "securityResultEntityId": "b858066dab59209d1410f6a948a82623", + "securityResultEntityType": "shadow_it_emails_scan", + "statusCode": "clean", + "statusDescription": "Clean", + "verdict": "clean" + } + ], + "av": null + }, + "entityActions": [ + { + "entityActionName": "subject_change", + "entityActionDate": "2023-08-07T00:14:30.013633Z", + "entityActionResponseCode": null, + "entityActionResponseText": null, + "entityActionState": "subject_changed" + }, + { + "entityActionName": "body_change", + "entityActionDate": "2023-08-07T00:14:30.013633Z", + "entityActionResponseCode": null, + "entityActionResponseText": null, + "entityActionState": "body_changed" + }, + { + "entityActionName": "links_replace", + "entityActionDate": "2023-08-07T00:14:30.013633Z", + "entityActionResponseCode": null, + "entityActionResponseText": null, + "entityActionState": "links_replaced" + } + ], + "entityAvailableActions": [] + }, + { + "entityInfo": { + "entityId": "5b34e57b97bcd29a3db4fc97d3a69285", + "customerId": "prod-3-con-lab44", + "customerOem": "Avanan", + "saas": "office365_emails", + "saasEntityType": "office365_emails_email", + "entityCreated": "2023-08-07T00:14:30.120385Z", + "entityUpdated": "2023-08-07T00:14:54.848875Z", + "entityActionState": "quarantined" + }, + "entityPayload": { + "internetMessageId": "<01000189cd5844ed-128832d9-8636-4496-baa4-07d2c2a5f82f-000000@email.amazonses.com>", + "subject": "aut_quar_prod3_17__070823_00_14_21_043366", + "received": "2023-08-07T00:14:22Z", + "size": null, + "emailLinks": [], + "attachmentCount": 1, + "attachments": [ + { + "name": "avanan_malicious_48_070823_00_14_21_1691367261.pdf", + "mimetype": "application/pdf", + "size": 2070, + "MD5": "8f9e46069203e4fd7f0d7303dd8bc26d" + } + ], + "mode": "inline", + "recipients": [ + "user2@avananlab44.onmicrosoft.com" + ], + "fromEmail": "Automation@avtestqa.com", + "fromDomain": "avtestqa.com", + "fromUser": {}, + "fromName": "", + "to": [ + "user2@avananlab44.onmicrosoft.com" + ], + "toUser": [ + { + "entity_id": "04df0456-6328-4cfe-a285-e41e3d035e9e", + "entity_type": "office365_emails_user", + "mail": null + } + ], + "cc": [], + "ccUser": [], + "bcc": [], + "bccUser": [], + "replyToEmail": null, + "replyToNickname": null, + "isRead": null, + "isDeleted": true, + "isIncoming": true, + "isInternal": false, + "isOutgoing": false, + "isQuarantined": true, + "isQuarantineNotification": false, + "isRestored": false, + "isRestoreRequested": false, + "isRestoreDeclined": false, + "saasSpamVerdict": "-1", + "SpfResult": "pass", + "restoreRequestTime": null + }, + "entitySecurityResult": { + "combinedVerdict": { + "ap": "clean", + "dlp": "clean", + "clicktimeProtection": "no_links_replaced", + "shadowIt": "clean", + "av": "malicious" + }, + "ap": [ + { + "entityId": "5b34e57b97bcd29a3db4fc97d3a69285", + "entityType": "office365_emails_email", + "payload": { + "reasons_by_category_list": [ + "Email Headers", + "Domain Impersonation", + "Sender Reputation" + ], + "reasons_by_category": { + "Email Headers": [ + { + "short_text": "Missing DMARC", + "full_text": "The email's header suggest that DMARC signature is missing/invalid" + } + ], + "Domain Impersonation": [ + { + "short_text": "SPF check failed when checking sending IP: 10.10.10.10 for domain avtestqa.com", + "full_text": "The email 'from' address doesn't pass the SPF-check" + } + ], + "Sender Reputation": [ + { + "short_text": "Insignificant historical reputation with sender", + "full_text": "The sending email address hasn't established significant historical reputation with your domain" + }, + { + "short_text": "Low-traffic 'From'-domain", + "full_text": "The sender's domain has very low traffic - often indicating low-trust domains" + } + ] + }, + "reasons": [ + "First Time Sender" + ] + }, + "score": "38.152973", + "securityResultEntityId": "5b34e57b97bcd29a3db4fc97d3a69285", + "securityResultEntityType": "avanan_ap_scan", + "statusCode": "0", + "statusDescription": null, + "verdict": "clean" + } + ], + "dlp": [ + { + "entityId": "c289af4177baea0d3508e1d789532e3964da4ae3", + "entityType": "office365_emails_attachment", + "payload": { + "matches_dlp_rules": [], + "found_text": [], + "scan_details": [], + "hit_count": 0 + }, + "score": "0", + "securityResultEntityId": "c289af4177baea0d3508e1d789532e3964da4ae3", + "securityResultEntityType": "avanan_dlp", + "statusCode": "0", + "statusDescription": "Clean", + "verdict": "clean" + }, + { + "entityId": "5b34e57b97bcd29a3db4fc97d3a69285", + "entityType": "office365_emails_email", + "payload": { + "matches_dlp_rules": [], + "found_text": [], + "scan_details": [], + "hit_count": 0 + }, + "score": "0", + "securityResultEntityId": "5b34e57b97bcd29a3db4fc97d3a69285", + "securityResultEntityType": "avanan_dlp", + "statusCode": "0", + "statusDescription": "Clean", + "verdict": "clean" + } + ], + "clicktimeProtection": [ + { + "entityId": "5b34e57b97bcd29a3db4fc97d3a69285", + "entityType": "office365_emails_email", + "payload": null, + "score": "0", + "securityResultEntityId": "5b34e57b97bcd29a3db4fc97d3a69285", + "securityResultEntityType": "clicktime_protection_scan", + "statusCode": "0", + "statusDescription": null, + "verdict": "no_links_replaced" + } + ], + "shadowIt": [ + { + "entityId": "5b34e57b97bcd29a3db4fc97d3a69285", + "entityType": "office365_emails_email", + "payload": { + "from": "Automation@avtestqa.com", + "subject": "aut_quar_prod3_17__070823_00_14_21_043366", + "domain": "" + }, + "score": "0", + "securityResultEntityId": "5b34e57b97bcd29a3db4fc97d3a69285", + "securityResultEntityType": "shadow_it_emails_scan", + "statusCode": "clean", + "statusDescription": "Clean", + "verdict": "clean" + } + ], + "av": [ + { + "entityId": "c289af4177baea0d3508e1d789532e3964da4ae3", + "entityType": "office365_emails_attachment", + "payload": { + "scan_details": [ + "Dummy Core Detection" + ] + }, + "score": "100", + "securityResultEntityId": "c289af4177baea0d3508e1d789532e3964da4ae3", + "securityResultEntityType": "checkpoint2", + "statusCode": "0", + "statusDescription": "Dummy Core Detection", + "verdict": "malicious" + } + ] + }, + "entityActions": [ + { + "entityActionName": "quarantine", + "entityActionDate": "2023-08-07T00:14:42.425667Z", + "entityActionResponseCode": null, + "entityActionResponseText": null, + "entityActionState": "quarantined" + } + ], + "entityAvailableActions": [] + }, + { + "entityInfo": { + "entityId": "8c6ab95b797c0d5ff8e773b96a371ba3", + "customerId": "prod-3-con-lab44", + "customerOem": "Avanan", + "saas": "office365_emails", + "saasEntityType": "office365_emails_email", + "entityCreated": "2023-08-07T00:14:30.920207Z", + "entityUpdated": "2023-08-07T00:14:46.904906Z", + "entityActionState": "body_changed" + }, + "entityPayload": { + "internetMessageId": "<01000189cd584a39-ce0ed875-197c-4466-a447-fdb287a58fe5-000000@email.amazonses.com>", + "subject": "Phishing Alert! [aut_phish_prod3_17__070823_00_14_22_355685]", + "received": "2023-08-07T00:14:23Z", + "size": null, + "emailLinks": [ + "http://operatf.xyz/redirect53dfhbhfhfhb" + ], + "attachmentCount": 0, + "attachments": [], + "mode": "monitor", + "recipients": [ + "user3@avananlab44.onmicrosoft.com" + ], + "fromEmail": "Automation@avtestqa.com", + "fromDomain": "avtestqa.com", + "fromUser": {}, + "fromName": "", + "to": [ + "user3@avananlab44.onmicrosoft.com" + ], + "toUser": [ + { + "entity_id": "1ec5d519-54a5-40fa-9651-19d7286710df", + "entity_type": "office365_emails_user", + "mail": null + } + ], + "cc": [], + "ccUser": [], + "bcc": [], + "bccUser": [], + "replyToEmail": null, + "replyToNickname": null, + "isRead": null, + "isDeleted": false, + "isIncoming": true, + "isInternal": false, + "isOutgoing": false, + "isQuarantined": false, + "isQuarantineNotification": false, + "isRestored": false, + "isRestoreRequested": false, + "isRestoreDeclined": false, + "saasSpamVerdict": "-1", + "SpfResult": "pass", + "restoreRequestTime": null + }, + "entitySecurityResult": { + "combinedVerdict": { + "ap": "phishing", + "dlp": null, + "clicktimeProtection": null, + "shadowIt": "clean", + "av": null + }, + "ap": [ + { + "entityId": "8c6ab95b797c0d5ff8e773b96a371ba3", + "entityType": "office365_emails_email", + "payload": { + "reasons_by_category_list": [ + "Email Headers", + "Domain Impersonation", + "Sender Reputation", + "Links" + ], + "reasons_by_category": { + "Links": [ + { + "short_text": "Link to a low-traffic site", + "full_text": "The email contains link to low-traffic web-sites - often indicating low-trust domains" + } + ], + "Domain Impersonation": [ + { + "short_text": "SPF check failed when checking sending IP: 10.10.10.10 for domain avtestqa.com", + "full_text": "The email 'from' address doesn't pass the SPF-check" + } + ], + "Sender Reputation": [ + { + "short_text": "Insignificant historical reputation with sender", + "full_text": "The sending email address hasn't established significant historical reputation with your domain" + }, + { + "short_text": "Low-traffic 'From'-domain", + "full_text": "The sender's domain has very low traffic - often indicating low-trust domains" + } + ], + "Email Headers": [ + { + "short_text": "Missing DMARC", + "full_text": "The email's header suggest that DMARC signature is missing/invalid" + } + ] + }, + "reasons": [] + }, + "score": "207.210314", + "securityResultEntityId": "8c6ab95b797c0d5ff8e773b96a371ba3", + "securityResultEntityType": "avanan_ap_scan", + "statusCode": "0", + "statusDescription": null, + "verdict": "phishing" + } + ], + "dlp": null, + "clicktimeProtection": null, + "shadowIt": [ + { + "entityId": "8c6ab95b797c0d5ff8e773b96a371ba3", + "entityType": "office365_emails_email", + "payload": { + "from": "Automation@avtestqa.com", + "subject": "aut_phish_prod3_17__070823_00_14_22_355685", + "domain": "" + }, + "score": "0", + "securityResultEntityId": "8c6ab95b797c0d5ff8e773b96a371ba3", + "securityResultEntityType": "shadow_it_emails_scan", + "statusCode": "clean", + "statusDescription": "Clean", + "verdict": "clean" + } + ], + "av": null + }, + "entityActions": [ + { + "entityActionName": "subject_change", + "entityActionDate": "2023-08-07T00:14:30.920207Z", + "entityActionResponseCode": null, + "entityActionResponseText": null, + "entityActionState": "subject_changed" + }, + { + "entityActionName": "body_change", + "entityActionDate": "2023-08-07T00:14:30.920207Z", + "entityActionResponseCode": null, + "entityActionResponseText": null, + "entityActionState": "body_changed" + } + ], + "entityAvailableActions": [] + }, + { + "entityInfo": { + "entityId": "2b918c1a320bfc274efda5549b94081c", + "customerId": "prod-3-con-lab44", + "customerOem": "Avanan", + "saas": "office365_emails", + "saasEntityType": "office365_emails_email", + "entityCreated": "2023-08-07T00:14:36.237712Z", + "entityUpdated": "2023-08-07T00:14:49.363078Z", + "entityActionState": "quarantined" + }, + "entityPayload": { + "internetMessageId": "<01000189cd584f73-15f33510-d01f-4f3b-b964-872756f50460-000000@email.amazonses.com>", + "subject": "aut_quar_prod3_17__070823_00_14_23_293851", + "received": "2023-08-07T00:14:26Z", + "size": null, + "emailLinks": [], + "attachmentCount": 1, + "attachments": [ + { + "name": "avanan_malicious_29_070823_00_14_24_1691367264.pdf", + "mimetype": "application/pdf", + "size": 2071, + "MD5": "ee2b13e4a5460d009223bf9ebb6e9b40" + } + ], + "mode": "monitor", + "recipients": [ + "user3@avananlab44.onmicrosoft.com" + ], + "fromEmail": "Automation@avtestqa.com", + "fromDomain": "avtestqa.com", + "fromUser": {}, + "fromName": "", + "to": [ + "user3@avananlab44.onmicrosoft.com" + ], + "toUser": [ + { + "entity_id": "1ec5d519-54a5-40fa-9651-19d7286710df", + "entity_type": "office365_emails_user", + "mail": null + } + ], + "cc": [], + "ccUser": [], + "bcc": [], + "bccUser": [], + "replyToEmail": null, + "replyToNickname": null, + "isRead": null, + "isDeleted": true, + "isIncoming": true, + "isInternal": false, + "isOutgoing": false, + "isQuarantined": true, + "isQuarantineNotification": false, + "isRestored": false, + "isRestoreRequested": false, + "isRestoreDeclined": false, + "saasSpamVerdict": "-1", + "SpfResult": "pass", + "restoreRequestTime": null + }, + "entitySecurityResult": { + "combinedVerdict": { + "ap": "clean", + "dlp": null, + "clicktimeProtection": null, + "shadowIt": "clean", + "av": "malicious" + }, + "ap": [ + { + "entityId": "2b918c1a320bfc274efda5549b94081c", + "entityType": "office365_emails_email", + "payload": { + "reasons_by_category_list": [ + "Email Headers", + "Domain Impersonation", + "Sender Reputation" + ], + "reasons_by_category": { + "Email Headers": [ + { + "short_text": "Missing DMARC", + "full_text": "The email's header suggest that DMARC signature is missing/invalid" + } + ], + "Domain Impersonation": [ + { + "short_text": "SPF check failed when checking sending IP: 10.10.10.10 for domain avtestqa.com", + "full_text": "The email 'from' address doesn't pass the SPF-check" + } + ], + "Sender Reputation": [ + { + "short_text": "Insignificant historical reputation with sender", + "full_text": "The sending email address hasn't established significant historical reputation with your domain" + }, + { + "short_text": "Low-traffic 'From'-domain", + "full_text": "The sender's domain has very low traffic - often indicating low-trust domains" + } + ] + }, + "reasons": [ + "First Time Sender" + ] + }, + "score": "37.397321", + "securityResultEntityId": "2b918c1a320bfc274efda5549b94081c", + "securityResultEntityType": "avanan_ap_scan", + "statusCode": "0", + "statusDescription": null, + "verdict": "clean" + } + ], + "dlp": null, + "clicktimeProtection": null, + "shadowIt": [ + { + "entityId": "2b918c1a320bfc274efda5549b94081c", + "entityType": "office365_emails_email", + "payload": { + "from": "Automation@avtestqa.com", + "subject": "aut_quar_prod3_17__070823_00_14_23_293851", + "domain": "" + }, + "score": "0", + "securityResultEntityId": "2b918c1a320bfc274efda5549b94081c", + "securityResultEntityType": "shadow_it_emails_scan", + "statusCode": "clean", + "statusDescription": "Clean", + "verdict": "clean" + } + ], + "av": [ + { + "entityId": "5e6bbfd3c4778d640567885544ef2a17a7f31d89", + "entityType": "office365_emails_attachment", + "payload": { + "scan_details": [ + "Dummy Core Detection" + ] + }, + "score": "100", + "securityResultEntityId": "5e6bbfd3c4778d640567885544ef2a17a7f31d89", + "securityResultEntityType": "checkpoint2", + "statusCode": "0", + "statusDescription": "Dummy Core Detection", + "verdict": "malicious" + } + ] + }, + "entityActions": [ + { + "entityActionName": "quarantine", + "entityActionDate": "2023-08-07T00:14:41.932257Z", + "entityActionResponseCode": null, + "entityActionResponseText": null, + "entityActionState": "quarantined" + } + ], + "entityAvailableActions": [] + }, + { + "entityInfo": { + "entityId": "784e91debd228c28b22a578c6bf38578", + "customerId": "prod-3-con-lab44", + "customerOem": "Avanan", + "saas": "office365_emails", + "saasEntityType": "office365_emails_email", + "entityCreated": "2023-08-07T00:18:41.821385Z", + "entityUpdated": "2023-08-07T00:23:43.623674Z", + "entityActionState": null + }, + "entityPayload": { + "internetMessageId": "<01000189cd5c23ea-3c9018cb-29f4-4c69-88e2-2b99cfa22cf0-000000@email.amazonses.com>", + "subject": "aut_clean_prod3_17__070823_00_18_35_043583", + "received": "2023-08-07T00:18:36Z", + "size": null, + "emailLinks": [], + "attachmentCount": 0, + "attachments": [], + "mode": "inline", + "recipients": [ + "user4@avananlab44.onmicrosoft.com" + ], + "fromEmail": "Automation@avtestqa.com", + "fromDomain": "avtestqa.com", + "fromUser": {}, + "fromName": "", + "to": [ + "user4@avananlab44.onmicrosoft.com" + ], + "toUser": [ + { + "entity_id": "37bf0b54-5136-49e7-82c8-58f85d42b333", + "entity_type": "office365_emails_user", + "mail": null + } + ], + "cc": [], + "ccUser": [], + "bcc": [], + "bccUser": [], + "replyToEmail": null, + "replyToNickname": null, + "isRead": null, + "isDeleted": false, + "isIncoming": true, + "isInternal": false, + "isOutgoing": false, + "isQuarantined": false, + "isQuarantineNotification": false, + "isRestored": true, + "isRestoreRequested": false, + "isRestoreDeclined": false, + "saasSpamVerdict": "-1", + "SpfResult": "pass", + "restoreRequestTime": null + }, + "entitySecurityResult": { + "combinedVerdict": { + "ap": "clean", + "dlp": null, + "clicktimeProtection": null, + "shadowIt": "clean", + "av": null + }, + "ap": [ + { + "entityId": "784e91debd228c28b22a578c6bf38578", + "entityType": "office365_emails_email", + "payload": { + "reasons_by_category_list": [ + "Email Headers", + "Domain Impersonation", + "Sender Reputation" + ], + "reasons_by_category": { + "Email Headers": [ + { + "short_text": "Missing DMARC", + "full_text": "The email's header suggest that DMARC signature is missing/invalid" + } + ], + "Domain Impersonation": [ + { + "short_text": "SPF check failed when checking sending IP: 10.10.10.10 for domain avtestqa.com", + "full_text": "The email 'from' address doesn't pass the SPF-check" + } + ], + "Sender Reputation": [ + { + "short_text": "Insignificant historical reputation with sender", + "full_text": "The sending email address hasn't established significant historical reputation with your domain" + }, + { + "short_text": "Low-traffic 'From'-domain", + "full_text": "The sender's domain has very low traffic - often indicating low-trust domains" + } + ] + }, + "reasons": [ + "First Time Sender" + ] + }, + "score": "96.863378", + "securityResultEntityId": "784e91debd228c28b22a578c6bf38578", + "securityResultEntityType": "avanan_ap_scan", + "statusCode": "0", + "statusDescription": null, + "verdict": "clean" + } + ], + "dlp": null, + "clicktimeProtection": null, + "shadowIt": [ + { + "entityId": "784e91debd228c28b22a578c6bf38578", + "entityType": "office365_emails_email", + "payload": { + "from": "Automation@avtestqa.com", + "subject": "aut_clean_prod3_17__070823_00_18_35_043583", + "domain": "" + }, + "score": "0", + "securityResultEntityId": "784e91debd228c28b22a578c6bf38578", + "securityResultEntityType": "shadow_it_emails_scan", + "statusCode": "clean", + "statusDescription": "Clean", + "verdict": "clean" + } + ], + "av": null + }, + "entityActions": [], + "entityAvailableActions": [] + }, + { + "entityInfo": { + "entityId": "da9f3f5ce6f5a531a90a86f8a45ce079", + "customerId": "prod-3-con-lab44", + "customerOem": "Avanan", + "saas": "office365_emails", + "saasEntityType": "office365_emails_email", + "entityCreated": "2023-08-07T00:20:15.512625Z", + "entityUpdated": "2023-08-07T00:20:18.614064Z", + "entityActionState": null + }, + "entityPayload": { + "internetMessageId": "0.7617977524613935Automation@avtestqa.com", + "subject": "aut_clean_prod3_17__070823_00_10_41_429820", + "received": "2023-08-05T16:35:06.828791Z", + "size": null, + "emailLinks": [], + "attachmentCount": 0, + "attachments": [], + "mode": "monitor", + "recipients": [ + "user2@avananlab44.onmicrosoft.com" + ], + "fromEmail": "Automation@avtestqa.com", + "fromDomain": "avtestqa.com", + "fromUser": {}, + "fromName": "", + "to": [ + "user2@avananlab44.onmicrosoft.com" + ], + "toUser": [ + { + "entity_id": "04df0456-6328-4cfe-a285-e41e3d035e9e", + "entity_type": "office365_emails_user", + "mail": null + } + ], + "cc": [], + "ccUser": [], + "bcc": [], + "bccUser": [], + "replyToEmail": null, + "replyToNickname": null, + "isRead": null, + "isDeleted": false, + "isIncoming": true, + "isInternal": false, + "isOutgoing": false, + "isQuarantined": false, + "isQuarantineNotification": false, + "isRestored": false, + "isRestoreRequested": false, + "isRestoreDeclined": false, + "saasSpamVerdict": null, + "SpfResult": null, + "restoreRequestTime": null + }, + "entitySecurityResult": { + "combinedVerdict": { + "ap": "clean", + "dlp": null, + "clicktimeProtection": null, + "shadowIt": "clean", + "av": null + }, + "ap": [ + { + "entityId": "da9f3f5ce6f5a531a90a86f8a45ce079", + "entityType": "office365_emails_email", + "payload": { + "reasons_by_category_list": [ + "Sender Reputation" + ], + "reasons_by_category": { + "Sender Reputation": [ + { + "short_text": "Insignificant historical reputation with sender", + "full_text": "The sending email address hasn't established significant historical reputation with your domain" + }, + { + "short_text": "Low-traffic 'From'-domain", + "full_text": "The sender's domain has very low traffic - often indicating low-trust domains" + } + ] + }, + "reasons": [ + "First Time Sender" + ] + }, + "score": "59.53873", + "securityResultEntityId": "da9f3f5ce6f5a531a90a86f8a45ce079", + "securityResultEntityType": "avanan_ap_scan", + "statusCode": "0", + "statusDescription": null, + "verdict": "clean" + } + ], + "dlp": null, + "clicktimeProtection": null, + "shadowIt": [ + { + "entityId": "da9f3f5ce6f5a531a90a86f8a45ce079", + "entityType": "office365_emails_email", + "payload": { + "from": "Automation@avtestqa.com", + "subject": "aut_clean_prod3_17__070823_00_10_41_429820", + "domain": "" + }, + "score": "0", + "securityResultEntityId": "da9f3f5ce6f5a531a90a86f8a45ce079", + "securityResultEntityType": "shadow_it_emails_scan", + "statusCode": "clean", + "statusDescription": "Clean", + "verdict": "clean" + } + ], + "av": null + }, + "entityActions": [], + "entityAvailableActions": [] + }, + { + "entityInfo": { + "entityId": "55ea95e1e23438a7a645b8c8795ccca7", + "customerId": "prod-3-con-lab44", + "customerOem": "Avanan", + "saas": "office365_emails", + "saasEntityType": "office365_emails_email", + "entityCreated": "2023-08-07T00:21:32.099063Z", + "entityUpdated": "2023-08-07T00:21:39.188965Z", + "entityActionState": "links_replaced" + }, + "entityPayload": { + "internetMessageId": "<00000000.00000000000000.00000000000000.00000000@mail.example.com>", + "subject": "AUT-clicktime-qa-1-special-urls_070823_03_21_22_301043", + "received": "2023-08-07T00:21:23Z", + "size": null, + "emailLinks": [ + "https://hengold.github.io/clicktime_url/?url=!*", + "https://hengold.github.io/clicktime_url/?url=!*'();:@&=+$,/?%#[]/", + "https://hengold.github.io/clicktime_url/?\u043f\u0440\u0430\u0432\u0438\u0442\u0435\u043b\u044c\u0441\u0442\u0432\u043e/", + "https://hengold.github.io/clicktime_url/?\u05d1\u05e2\u05d1\u05e8\u05d9\u05ea/", + "https://hengold.github.io/clicktime_url/?\u4e2d\u6587/" + ], + "attachmentCount": 0, + "attachments": [], + "mode": "inline", + "recipients": [ + "user2@avananlab44.onmicrosoft.com" + ], + "fromEmail": "Automation@avtestqa.com", + "fromDomain": "avtestqa.com", + "fromUser": {}, + "fromName": "", + "to": [ + "user2@avananlab44.onmicrosoft.com" + ], + "toUser": [ + { + "entity_id": "04df0456-6328-4cfe-a285-e41e3d035e9e", + "entity_type": "office365_emails_user", + "mail": null + } + ], + "cc": [], + "ccUser": [], + "bcc": [], + "bccUser": [], + "replyToEmail": "Automation@avtestqa.com", + "replyToNickname": "", + "isRead": null, + "isDeleted": false, + "isIncoming": true, + "isInternal": false, + "isOutgoing": false, + "isQuarantined": false, + "isQuarantineNotification": false, + "isRestored": false, + "isRestoreRequested": false, + "isRestoreDeclined": false, + "saasSpamVerdict": "-1", + "SpfResult": "pass", + "restoreRequestTime": null + }, + "entitySecurityResult": { + "combinedVerdict": { + "ap": "clean", + "dlp": "clean", + "clicktimeProtection": "links_replaced", + "shadowIt": "clean", + "av": null + }, + "ap": [ + { + "entityId": "55ea95e1e23438a7a645b8c8795ccca7", + "entityType": "office365_emails_email", + "payload": { + "reasons_by_category_list": [ + "Email Headers", + "Sender Reputation", + "Links" + ], + "reasons_by_category": { + "Email Headers": [ + { + "short_text": "Missing DMARC", + "full_text": "The email's header suggest that DMARC signature is missing/invalid" + } + ], + "Links": [ + { + "short_text": "Suspicious-looking link", + "full_text": "Some of the links in the email has suspicious format - often used by Phishing emails" + }, + { + "short_text": "Link to a low-traffic site", + "full_text": "The email contains link to low-traffic web-sites - often indicating low-trust domains" + } + ], + "Sender Reputation": [ + { + "short_text": "Insignificant historical reputation with sender", + "full_text": "The sending email address hasn't established significant historical reputation with your domain" + }, + { + "short_text": "Low-traffic 'From'-domain", + "full_text": "The sender's domain has very low traffic - often indicating low-trust domains" + } + ] + }, + "reasons": [ + "First Time Sender" + ] + }, + "score": "45.599355", + "securityResultEntityId": "55ea95e1e23438a7a645b8c8795ccca7", + "securityResultEntityType": "avanan_ap_scan", + "statusCode": "0", + "statusDescription": null, + "verdict": "clean" + } + ], + "dlp": [ + { + "entityId": "55ea95e1e23438a7a645b8c8795ccca7", + "entityType": "office365_emails_email", + "payload": { + "matches_dlp_rules": [], + "found_text": [], + "scan_details": [], + "hit_count": 0 + }, + "score": "0", + "securityResultEntityId": "55ea95e1e23438a7a645b8c8795ccca7", + "securityResultEntityType": "avanan_dlp", + "statusCode": "0", + "statusDescription": "Clean", + "verdict": "clean" + } + ], + "clicktimeProtection": [ + { + "entityId": "55ea95e1e23438a7a645b8c8795ccca7", + "entityType": "office365_emails_email", + "payload": null, + "score": "0", + "securityResultEntityId": "55ea95e1e23438a7a645b8c8795ccca7", + "securityResultEntityType": "clicktime_protection_scan", + "statusCode": "0", + "statusDescription": null, + "verdict": "links_replaced" + } + ], + "shadowIt": [ + { + "entityId": "55ea95e1e23438a7a645b8c8795ccca7", + "entityType": "office365_emails_email", + "payload": { + "from": "Automation@avtestqa.com", + "subject": "AUT-clicktime-qa-1-special-urls_070823_03_21_22_301043", + "domain": "" + }, + "score": "0", + "securityResultEntityId": "55ea95e1e23438a7a645b8c8795ccca7", + "securityResultEntityType": "shadow_it_emails_scan", + "statusCode": "clean", + "statusDescription": "Clean", + "verdict": "clean" + } + ], + "av": null + }, + "entityActions": [ + { + "entityActionName": "body_change", + "entityActionDate": "2023-08-07T00:21:32.099063Z", + "entityActionResponseCode": null, + "entityActionResponseText": null, + "entityActionState": "body_changed" + }, + { + "entityActionName": "links_replace", + "entityActionDate": "2023-08-07T00:21:32.099063Z", + "entityActionResponseCode": null, + "entityActionResponseText": null, + "entityActionState": "links_replaced" + } + ], + "entityAvailableActions": [] + }, + { + "entityInfo": { + "entityId": "df97084fb8f4b8c7ba64176ea48a5666", + "customerId": "prod-3-con-lab44", + "customerOem": "Avanan", + "saas": "office365_emails", + "saasEntityType": "office365_emails_email", + "entityCreated": "2023-08-07T00:21:32.318877Z", + "entityUpdated": "2023-08-07T00:21:39.195962Z", + "entityActionState": "links_replaced" + }, + "entityPayload": { + "internetMessageId": "<00000000.00000000000000.00000000000000.00000000@mail.example.com>", + "subject": "AUT-clicktime-qa-1-whitelist_070823_03_21_21_311286", + "received": "2023-08-07T00:21:22Z", + "size": null, + "emailLinks": [ + "http://www.xvirb-malwareavrad.com" + ], + "attachmentCount": 0, + "attachments": [], + "mode": "inline", + "recipients": [ + "user2@avananlab44.onmicrosoft.com" + ], + "fromEmail": "Automation@avtestqa.com", + "fromDomain": "avtestqa.com", + "fromUser": {}, + "fromName": "", + "to": [ + "user2@avananlab44.onmicrosoft.com" + ], + "toUser": [ + { + "entity_id": "04df0456-6328-4cfe-a285-e41e3d035e9e", + "entity_type": "office365_emails_user", + "mail": null + } + ], + "cc": [], + "ccUser": [], + "bcc": [], + "bccUser": [], + "replyToEmail": "Automation@avtestqa.com", + "replyToNickname": "", + "isRead": null, + "isDeleted": false, + "isIncoming": true, + "isInternal": false, + "isOutgoing": false, + "isQuarantined": false, + "isQuarantineNotification": false, + "isRestored": false, + "isRestoreRequested": false, + "isRestoreDeclined": false, + "saasSpamVerdict": "-1", + "SpfResult": "pass", + "restoreRequestTime": null + }, + "entitySecurityResult": { + "combinedVerdict": { + "ap": "clean", + "dlp": "clean", + "clicktimeProtection": "links_replaced", + "shadowIt": "clean", + "av": null + }, + "ap": [ + { + "entityId": "df97084fb8f4b8c7ba64176ea48a5666", + "entityType": "office365_emails_email", + "payload": { + "reasons_by_category_list": [ + "Email Headers", + "Sender Reputation", + "Links" + ], + "reasons_by_category": { + "Email Headers": [ + { + "short_text": "Missing DMARC", + "full_text": "The email's header suggest that DMARC signature is missing/invalid" + } + ], + "Links": [ + { + "short_text": "Link to a low-traffic site", + "full_text": "The email contains link to low-traffic web-sites - often indicating low-trust domains" + } + ], + "Sender Reputation": [ + { + "short_text": "Insignificant historical reputation with sender", + "full_text": "The sending email address hasn't established significant historical reputation with your domain" + }, + { + "short_text": "Low-traffic 'From'-domain", + "full_text": "The sender's domain has very low traffic - often indicating low-trust domains" + } + ] + }, + "reasons": [ + "First Time Sender" + ] + }, + "score": "148.308417", + "securityResultEntityId": "df97084fb8f4b8c7ba64176ea48a5666", + "securityResultEntityType": "avanan_ap_scan", + "statusCode": "0", + "statusDescription": null, + "verdict": "clean" + } + ], + "dlp": [ + { + "entityId": "df97084fb8f4b8c7ba64176ea48a5666", + "entityType": "office365_emails_email", + "payload": { + "matches_dlp_rules": [], + "found_text": [], + "scan_details": [], + "hit_count": 0 + }, + "score": "0", + "securityResultEntityId": "df97084fb8f4b8c7ba64176ea48a5666", + "securityResultEntityType": "avanan_dlp", + "statusCode": "0", + "statusDescription": "Clean", + "verdict": "clean" + } + ], + "clicktimeProtection": [ + { + "entityId": "df97084fb8f4b8c7ba64176ea48a5666", + "entityType": "office365_emails_email", + "payload": null, + "score": "0", + "securityResultEntityId": "df97084fb8f4b8c7ba64176ea48a5666", + "securityResultEntityType": "clicktime_protection_scan", + "statusCode": "0", + "statusDescription": null, + "verdict": "links_replaced" + } + ], + "shadowIt": [ + { + "entityId": "df97084fb8f4b8c7ba64176ea48a5666", + "entityType": "office365_emails_email", + "payload": { + "from": "Automation@avtestqa.com", + "subject": "AUT-clicktime-qa-1-whitelist_070823_03_21_21_311286", + "domain": "" + }, + "score": "0", + "securityResultEntityId": "df97084fb8f4b8c7ba64176ea48a5666", + "securityResultEntityType": "shadow_it_emails_scan", + "statusCode": "clean", + "statusDescription": "Clean", + "verdict": "clean" + } + ], + "av": null + }, + "entityActions": [ + { + "entityActionName": "body_change", + "entityActionDate": "2023-08-07T00:21:32.318877Z", + "entityActionResponseCode": null, + "entityActionResponseText": null, + "entityActionState": "body_changed" + }, + { + "entityActionName": "links_replace", + "entityActionDate": "2023-08-07T00:21:32.318877Z", + "entityActionResponseCode": null, + "entityActionResponseText": null, + "entityActionState": "links_replaced" + } + ], + "entityAvailableActions": [] + }, + { + "entityInfo": { + "entityId": "fac394e980fc25c29e08517568e86574", + "customerId": "prod-3-con-lab44", + "customerOem": "Avanan", + "saas": "office365_emails", + "saasEntityType": "office365_emails_email", + "entityCreated": "2023-08-07T00:21:32.598778Z", + "entityUpdated": "2023-08-07T00:21:39.189442Z", + "entityActionState": null + }, + "entityPayload": { + "internetMessageId": "<00000000.00000000000000.00000000000000.00000000@mail.example.com>", + "subject": "AUT-clicktime-qa-1-ignorelist_070823_03_21_20_739982", + "received": "2023-08-07T00:21:22Z", + "size": null, + "emailLinks": [ + "https://mail.google.com", + "https://www.youtube.com", + "https://yardiasp14.com" + ], + "attachmentCount": 0, + "attachments": [], + "mode": "inline", + "recipients": [ + "user2@avananlab44.onmicrosoft.com" + ], + "fromEmail": "Automation@avtestqa.com", + "fromDomain": "avtestqa.com", + "fromUser": {}, + "fromName": "", + "to": [ + "user2@avananlab44.onmicrosoft.com" + ], + "toUser": [ + { + "entity_id": "04df0456-6328-4cfe-a285-e41e3d035e9e", + "entity_type": "office365_emails_user", + "mail": null + } + ], + "cc": [], + "ccUser": [], + "bcc": [], + "bccUser": [], + "replyToEmail": "Automation@avtestqa.com", + "replyToNickname": "", + "isRead": null, + "isDeleted": false, + "isIncoming": true, + "isInternal": false, + "isOutgoing": false, + "isQuarantined": false, + "isQuarantineNotification": false, + "isRestored": false, + "isRestoreRequested": false, + "isRestoreDeclined": false, + "saasSpamVerdict": "-1", + "SpfResult": "pass", + "restoreRequestTime": null + }, + "entitySecurityResult": { + "combinedVerdict": { + "ap": "clean", + "dlp": "clean", + "clicktimeProtection": "no_links_replaced", + "shadowIt": "clean", + "av": null + }, + "ap": [ + { + "entityId": "fac394e980fc25c29e08517568e86574", + "entityType": "office365_emails_email", + "payload": { + "reasons_by_category_list": [ + "Email Headers", + "Sender Reputation" + ], + "reasons_by_category": { + "Email Headers": [ + { + "short_text": "Missing DMARC", + "full_text": "The email's header suggest that DMARC signature is missing/invalid" + } + ], + "Sender Reputation": [ + { + "short_text": "Insignificant historical reputation with sender", + "full_text": "The sending email address hasn't established significant historical reputation with your domain" + }, + { + "short_text": "Low-traffic 'From'-domain", + "full_text": "The sender's domain has very low traffic - often indicating low-trust domains" + } + ] + }, + "reasons": [ + "First Time Sender" + ] + }, + "score": "68.697515", + "securityResultEntityId": "fac394e980fc25c29e08517568e86574", + "securityResultEntityType": "avanan_ap_scan", + "statusCode": "0", + "statusDescription": null, + "verdict": "clean" + } + ], + "dlp": [ + { + "entityId": "fac394e980fc25c29e08517568e86574", + "entityType": "office365_emails_email", + "payload": { + "matches_dlp_rules": [], + "found_text": [], + "scan_details": [], + "hit_count": 0 + }, + "score": "0", + "securityResultEntityId": "fac394e980fc25c29e08517568e86574", + "securityResultEntityType": "avanan_dlp", + "statusCode": "0", + "statusDescription": "Clean", + "verdict": "clean" + } + ], + "clicktimeProtection": [ + { + "entityId": "fac394e980fc25c29e08517568e86574", + "entityType": "office365_emails_email", + "payload": null, + "score": "0", + "securityResultEntityId": "fac394e980fc25c29e08517568e86574", + "securityResultEntityType": "clicktime_protection_scan", + "statusCode": "0", + "statusDescription": null, + "verdict": "no_links_replaced" + } + ], + "shadowIt": [ + { + "entityId": "fac394e980fc25c29e08517568e86574", + "entityType": "office365_emails_email", + "payload": { + "from": "Automation@avtestqa.com", + "subject": "AUT-clicktime-qa-1-ignorelist_070823_03_21_20_739982", + "domain": "" + }, + "score": "0", + "securityResultEntityId": "fac394e980fc25c29e08517568e86574", + "securityResultEntityType": "shadow_it_emails_scan", + "statusCode": "clean", + "statusDescription": "Clean", + "verdict": "clean" + } + ], + "av": null + }, + "entityActions": [], + "entityAvailableActions": [] + }, + { + "entityInfo": { + "entityId": "e47f688c992f426d94fe45566f5383dc", + "customerId": "prod-3-con-lab44", + "customerOem": "Avanan", + "saas": "office365_emails", + "saasEntityType": "office365_emails_email", + "entityCreated": "2023-08-07T00:21:32.599909Z", + "entityUpdated": "2023-08-07T00:21:40.090650Z", + "entityActionState": "quarantined" + }, + "entityPayload": { + "internetMessageId": "<00000000.00000000000000.00000000000000.00000000@mail.example.com>", + "subject": "AUT-clicktime-qa-1_070823_03_21_20_166278", + "received": "2023-08-07T00:21:21Z", + "size": null, + "emailLinks": [ + "http://www.xvira-malwareavrad.com", + "https://google.com", + "https://stackoverflow.com" + ], + "attachmentCount": 0, + "attachments": [], + "mode": "inline", + "recipients": [ + "user2@avananlab44.onmicrosoft.com" + ], + "fromEmail": "Automation@avtestqa.com", + "fromDomain": "avtestqa.com", + "fromUser": {}, + "fromName": "", + "to": [ + "user2@avananlab44.onmicrosoft.com" + ], + "toUser": [ + { + "entity_id": "04df0456-6328-4cfe-a285-e41e3d035e9e", + "entity_type": "office365_emails_user", + "mail": null + } + ], + "cc": [], + "ccUser": [], + "bcc": [], + "bccUser": [], + "replyToEmail": "Automation@avtestqa.com", + "replyToNickname": "", + "isRead": null, + "isDeleted": true, + "isIncoming": true, + "isInternal": false, + "isOutgoing": false, + "isQuarantined": true, + "isQuarantineNotification": false, + "isRestored": false, + "isRestoreRequested": false, + "isRestoreDeclined": false, + "saasSpamVerdict": "-1", + "SpfResult": "pass", + "restoreRequestTime": null + }, + "entitySecurityResult": { + "combinedVerdict": { + "ap": "spam", + "dlp": "clean", + "clicktimeProtection": "links_replaced", + "shadowIt": "clean", + "av": null + }, + "ap": [ + { + "entityId": "e47f688c992f426d94fe45566f5383dc", + "entityType": "office365_emails_email", + "payload": { + "reasons_by_category_list": [ + "O365 clarifications", + "Email Headers", + "Sender Reputation", + "Links", + "Email Text" + ], + "reasons_by_category": { + "Links": [ + { + "short_text": "Link to a low-traffic site", + "full_text": "The email contains link to low-traffic web-sites - often indicating low-trust domains" + }, + { + "short_text": "Suspicious-looking link", + "full_text": "The email presents a link that can be misleading (link text vs. actual URL)" + } + ], + "O365 clarifications": [ + { + "short_text": "Microsoft SCL value was -1", + "full_text": "Microsoft SCL value was -1" + } + ], + "Sender Reputation": [ + { + "short_text": "Insignificant historical reputation with sender", + "full_text": "The sending email address hasn't established significant historical reputation with your domain" + }, + { + "short_text": "Low-traffic 'From'-domain", + "full_text": "The sender's domain has very low traffic - often indicating low-trust domains" + } + ], + "Email Text": [ + { + "short_text": "Suspicious-looking email text", + "full_text": "NLP analysis of the email text indicates a suspicious-looking email content" + } + ], + "Email Headers": [ + { + "short_text": "Missing DMARC", + "full_text": "The email's header suggest that DMARC signature is missing/invalid" + } + ] + }, + "reasons": [] + }, + "score": "275.646318", + "securityResultEntityId": "e47f688c992f426d94fe45566f5383dc", + "securityResultEntityType": "avanan_ap_scan", + "statusCode": "0", + "statusDescription": null, + "verdict": "spam" + } + ], + "dlp": [ + { + "entityId": "e47f688c992f426d94fe45566f5383dc", + "entityType": "office365_emails_email", + "payload": { + "matches_dlp_rules": [], + "found_text": [], + "scan_details": [], + "hit_count": 0 + }, + "score": "0", + "securityResultEntityId": "e47f688c992f426d94fe45566f5383dc", + "securityResultEntityType": "avanan_dlp", + "statusCode": "0", + "statusDescription": "Clean", + "verdict": "clean" + } + ], + "clicktimeProtection": [ + { + "entityId": "e47f688c992f426d94fe45566f5383dc", + "entityType": "office365_emails_email", + "payload": null, + "score": "0", + "securityResultEntityId": "e47f688c992f426d94fe45566f5383dc", + "securityResultEntityType": "clicktime_protection_scan", + "statusCode": "0", + "statusDescription": null, + "verdict": "links_replaced" + } + ], + "shadowIt": [ + { + "entityId": "e47f688c992f426d94fe45566f5383dc", + "entityType": "office365_emails_email", + "payload": { + "from": "Automation@avtestqa.com", + "subject": "AUT-clicktime-qa-1_070823_03_21_20_166278", + "domain": "" + }, + "score": "0", + "securityResultEntityId": "e47f688c992f426d94fe45566f5383dc", + "securityResultEntityType": "shadow_it_emails_scan", + "statusCode": "clean", + "statusDescription": "Clean", + "verdict": "clean" + } + ], + "av": null + }, + "entityActions": [ + { + "entityActionName": "quarantine", + "entityActionDate": "2023-08-07T00:21:38.966569Z", + "entityActionResponseCode": null, + "entityActionResponseText": null, + "entityActionState": "quarantined" + } + ], + "entityAvailableActions": [] + }, + { + "entityInfo": { + "entityId": "17b2af20d0e385c30900dfbe0ae999e6", + "customerId": "prod-3-con-lab44", + "customerOem": "Avanan", + "saas": "office365_emails", + "saasEntityType": "office365_emails_email", + "entityCreated": "2023-08-07T00:21:32.599043Z", + "entityUpdated": "2023-08-07T00:24:51.642998Z", + "entityActionState": "links_replaced" + }, + "entityPayload": { + "internetMessageId": "<00000000.00000000000000.00000000000000.00000000@mail.example.com>", + "subject": "AUT-clicktime-qa-1-blacklist_070823_03_21_21_730212", + "received": "2023-08-07T00:21:23Z", + "size": null, + "emailLinks": [ + "https://facebook.com" + ], + "attachmentCount": 0, + "attachments": [], + "mode": "inline", + "recipients": [ + "user2@avananlab44.onmicrosoft.com" + ], + "fromEmail": "Automation@avtestqa.com", + "fromDomain": "avtestqa.com", + "fromUser": {}, + "fromName": "", + "to": [ + "user2@avananlab44.onmicrosoft.com" + ], + "toUser": [ + { + "entity_id": "04df0456-6328-4cfe-a285-e41e3d035e9e", + "entity_type": "office365_emails_user", + "mail": null + } + ], + "cc": [], + "ccUser": [], + "bcc": [], + "bccUser": [], + "replyToEmail": "Automation@avtestqa.com", + "replyToNickname": "", + "isRead": null, + "isDeleted": false, + "isIncoming": true, + "isInternal": false, + "isOutgoing": false, + "isQuarantined": false, + "isQuarantineNotification": false, + "isRestored": false, + "isRestoreRequested": false, + "isRestoreDeclined": false, + "saasSpamVerdict": "-1", + "SpfResult": "pass", + "restoreRequestTime": null + }, + "entitySecurityResult": { + "combinedVerdict": { + "ap": "clean", + "dlp": "clean", + "clicktimeProtection": "malicious_url", + "shadowIt": "clean", + "av": null + }, + "ap": [ + { + "entityId": "17b2af20d0e385c30900dfbe0ae999e6", + "entityType": "office365_emails_email", + "payload": { + "reasons_by_category_list": [ + "Email Headers", + "Sender Reputation" + ], + "reasons_by_category": { + "Email Headers": [ + { + "short_text": "Missing DMARC", + "full_text": "The email's header suggest that DMARC signature is missing/invalid" + } + ], + "Sender Reputation": [ + { + "short_text": "Insignificant historical reputation with sender", + "full_text": "The sending email address hasn't established significant historical reputation with your domain" + }, + { + "short_text": "Low-traffic 'From'-domain", + "full_text": "The sender's domain has very low traffic - often indicating low-trust domains" + } + ] + }, + "reasons": [ + "First Time Sender" + ] + }, + "score": "52.964422", + "securityResultEntityId": "17b2af20d0e385c30900dfbe0ae999e6", + "securityResultEntityType": "avanan_ap_scan", + "statusCode": "0", + "statusDescription": null, + "verdict": "clean" + } + ], + "dlp": [ + { + "entityId": "17b2af20d0e385c30900dfbe0ae999e6", + "entityType": "office365_emails_email", + "payload": { + "matches_dlp_rules": [], + "found_text": [], + "scan_details": [], + "hit_count": 0 + }, + "score": "0", + "securityResultEntityId": "17b2af20d0e385c30900dfbe0ae999e6", + "securityResultEntityType": "avanan_dlp", + "statusCode": "0", + "statusDescription": "Clean", + "verdict": "clean" + } + ], + "clicktimeProtection": [ + { + "entityId": "17b2af20d0e385c30900dfbe0ae999e6", + "entityType": "office365_emails_email", + "payload": null, + "score": "0", + "securityResultEntityId": "17b2af20d0e385c30900dfbe0ae999e6", + "securityResultEntityType": "clicktime_protection_scan", + "statusCode": "0", + "statusDescription": null, + "verdict": "malicious_url" + } + ], + "shadowIt": [ + { + "entityId": "17b2af20d0e385c30900dfbe0ae999e6", + "entityType": "office365_emails_email", + "payload": { + "subject": "AUT-clicktime-qa-1-blacklist_070823_03_21_21_730212", + "from": "Automation@avtestqa.com", + "domain": "" + }, + "score": "0", + "securityResultEntityId": "17b2af20d0e385c30900dfbe0ae999e6", + "securityResultEntityType": "shadow_it_emails_scan", + "statusCode": "clean", + "statusDescription": "Clean", + "verdict": "clean" + } + ], + "av": null + }, + "entityActions": [ + { + "entityActionName": "body_change", + "entityActionDate": "2023-08-07T00:21:32.599043Z", + "entityActionResponseCode": null, + "entityActionResponseText": null, + "entityActionState": "body_changed" + }, + { + "entityActionName": "links_replace", + "entityActionDate": "2023-08-07T00:21:32.599043Z", + "entityActionResponseCode": null, + "entityActionResponseText": null, + "entityActionState": "links_replaced" + } + ], + "entityAvailableActions": [] + }, + { + "entityInfo": { + "entityId": "a03e6cdd6fcd1fba7c5aa32a08429a3b", + "customerId": "prod-3-con-lab44", + "customerOem": "Avanan", + "saas": "office365_emails", + "saasEntityType": "office365_emails_email", + "entityCreated": "2023-08-07T00:24:46.475878Z", + "entityUpdated": "2023-08-07T00:24:52.099515Z", + "entityActionState": null + }, + "entityPayload": { + "internetMessageId": "<00000000.00000000000000.00000000000000.00000000@mail.example.com>", + "subject": "AUT-clean-qa1-4-_070823_00_23_48_851272", + "received": "2023-08-07T00:23:50Z", + "size": null, + "emailLinks": [], + "attachmentCount": 0, + "attachments": [], + "mode": "monitor", + "recipients": [ + "user3@avananlab44.onmicrosoft.com" + ], + "fromEmail": "Automation@avtestqa.com", + "fromDomain": "avtestqa.com", + "fromUser": {}, + "fromName": "", + "to": [ + "user3@avananlab44.onmicrosoft.com" + ], + "toUser": [ + { + "entity_id": "1ec5d519-54a5-40fa-9651-19d7286710df", + "entity_type": "office365_emails_user", + "mail": null + } + ], + "cc": [], + "ccUser": [], + "bcc": [], + "bccUser": [], + "replyToEmail": "Automation@avtestqa.com", + "replyToNickname": "", + "isRead": null, + "isDeleted": false, + "isIncoming": true, + "isInternal": false, + "isOutgoing": false, + "isQuarantined": false, + "isQuarantineNotification": false, + "isRestored": false, + "isRestoreRequested": false, + "isRestoreDeclined": false, + "saasSpamVerdict": "-1", + "SpfResult": "pass", + "restoreRequestTime": null + }, + "entitySecurityResult": { + "combinedVerdict": { + "ap": "clean", + "dlp": null, + "clicktimeProtection": null, + "shadowIt": "clean", + "av": null + }, + "ap": [ + { + "entityId": "a03e6cdd6fcd1fba7c5aa32a08429a3b", + "entityType": "office365_emails_email", + "payload": { + "reasons_by_category_list": [ + "Email Headers", + "Sender Reputation" + ], + "reasons_by_category": { + "Email Headers": [ + { + "short_text": "Missing DMARC", + "full_text": "The email's header suggest that DMARC signature is missing/invalid" + } + ], + "Sender Reputation": [ + { + "short_text": "Insignificant historical reputation with sender", + "full_text": "The sending email address hasn't established significant historical reputation with your domain" + }, + { + "short_text": "Low-traffic 'From'-domain", + "full_text": "The sender's domain has very low traffic - often indicating low-trust domains" + } + ] + }, + "reasons": [ + "First Time Sender" + ] + }, + "score": "42.792424", + "securityResultEntityId": "a03e6cdd6fcd1fba7c5aa32a08429a3b", + "securityResultEntityType": "avanan_ap_scan", + "statusCode": "0", + "statusDescription": null, + "verdict": "clean" + } + ], + "dlp": null, + "clicktimeProtection": null, + "shadowIt": [ + { + "entityId": "a03e6cdd6fcd1fba7c5aa32a08429a3b", + "entityType": "office365_emails_email", + "payload": { + "from": "Automation@avtestqa.com", + "subject": "AUT-clean-qa1-4-_070823_00_23_48_851272", + "domain": "" + }, + "score": "0", + "securityResultEntityId": "a03e6cdd6fcd1fba7c5aa32a08429a3b", + "securityResultEntityType": "shadow_it_emails_scan", + "statusCode": "clean", + "statusDescription": "Clean", + "verdict": "clean" + } + ], + "av": null + }, + "entityActions": [], + "entityAvailableActions": [] + }, + { + "entityInfo": { + "entityId": "13b7686006d8f9e071081d3a99704ea3", + "customerId": "prod-3-con-lab44", + "customerOem": "Avanan", + "saas": "office365_emails", + "saasEntityType": "office365_emails_email", + "entityCreated": "2023-08-07T00:25:24.400836Z", + "entityUpdated": "2023-08-07T00:25:37.392194Z", + "entityActionState": "quarantined" + }, + "entityPayload": { + "internetMessageId": "<01000189cd6240e9-4cb1a317-60f2-4454-b17a-34a2be65a1e5-000000@email.amazonses.com>", + "subject": "aut_quar_prod3_17__070823_00_25_15_699019", + "received": "2023-08-07T00:25:16Z", + "size": null, + "emailLinks": [], + "attachmentCount": 1, + "attachments": [ + { + "name": "avanan_malicious_49_070823_00_25_15_1691367915.pdf", + "mimetype": "application/pdf", + "size": 2071, + "MD5": "c99144ee5a87c6178774a7a96e93a582" + } + ], + "mode": "monitor", + "recipients": [ + "user3@avananlab44.onmicrosoft.com" + ], + "fromEmail": "Automation@avtestqa.com", + "fromDomain": "avtestqa.com", + "fromUser": {}, + "fromName": "", + "to": [ + "user3@avananlab44.onmicrosoft.com" + ], + "toUser": [ + { + "entity_id": "1ec5d519-54a5-40fa-9651-19d7286710df", + "entity_type": "office365_emails_user", + "mail": null + } + ], + "cc": [], + "ccUser": [], + "bcc": [], + "bccUser": [], + "replyToEmail": null, + "replyToNickname": null, + "isRead": null, + "isDeleted": true, + "isIncoming": true, + "isInternal": false, + "isOutgoing": false, + "isQuarantined": true, + "isQuarantineNotification": false, + "isRestored": false, + "isRestoreRequested": false, + "isRestoreDeclined": false, + "saasSpamVerdict": "-1", + "SpfResult": "pass", + "restoreRequestTime": null + }, + "entitySecurityResult": { + "combinedVerdict": { + "ap": "clean", + "dlp": null, + "clicktimeProtection": null, + "shadowIt": "clean", + "av": "malicious" + }, + "ap": [ + { + "entityId": "13b7686006d8f9e071081d3a99704ea3", + "entityType": "office365_emails_email", + "payload": { + "reasons_by_category_list": [ + "Email Headers", + "Domain Impersonation", + "Sender Reputation" + ], + "reasons_by_category": { + "Email Headers": [ + { + "short_text": "Missing DMARC", + "full_text": "The email's header suggest that DMARC signature is missing/invalid" + } + ], + "Domain Impersonation": [ + { + "short_text": "SPF check failed when checking sending IP: 10.10.10.10 for domain avtestqa.com", + "full_text": "The email 'from' address doesn't pass the SPF-check" + } + ], + "Sender Reputation": [ + { + "short_text": "Insignificant historical reputation with sender", + "full_text": "The sending email address hasn't established significant historical reputation with your domain" + }, + { + "short_text": "Low-traffic 'From'-domain", + "full_text": "The sender's domain has very low traffic - often indicating low-trust domains" + } + ] + }, + "reasons": [ + "First Time Sender" + ] + }, + "score": "37.397321", + "securityResultEntityId": "13b7686006d8f9e071081d3a99704ea3", + "securityResultEntityType": "avanan_ap_scan", + "statusCode": "0", + "statusDescription": null, + "verdict": "clean" + } + ], + "dlp": null, + "clicktimeProtection": null, + "shadowIt": [ + { + "entityId": "13b7686006d8f9e071081d3a99704ea3", + "entityType": "office365_emails_email", + "payload": { + "from": "Automation@avtestqa.com", + "subject": "aut_quar_prod3_17__070823_00_25_15_699019", + "domain": "" + }, + "score": "0", + "securityResultEntityId": "13b7686006d8f9e071081d3a99704ea3", + "securityResultEntityType": "shadow_it_emails_scan", + "statusCode": "clean", + "statusDescription": "Clean", + "verdict": "clean" + } + ], + "av": [ + { + "entityId": "cf8881c8136165595092c1f385048942573fca6c", + "entityType": "office365_emails_attachment", + "payload": { + "scan_details": [ + "Dummy Core Detection" + ] + }, + "score": "100", + "securityResultEntityId": "cf8881c8136165595092c1f385048942573fca6c", + "securityResultEntityType": "checkpoint2", + "statusCode": "0", + "statusDescription": "Dummy Core Detection", + "verdict": "malicious" + } + ] + }, + "entityActions": [ + { + "entityActionName": "quarantine", + "entityActionDate": "2023-08-07T00:25:33.294687Z", + "entityActionResponseCode": null, + "entityActionResponseText": null, + "entityActionState": "quarantined" + } + ], + "entityAvailableActions": [] + }, + { + "entityInfo": { + "entityId": "7235fa131fa6ee89215b3587c5264291", + "customerId": "prod-3-con-lab44", + "customerOem": "Avanan", + "saas": "office365_emails", + "saasEntityType": "office365_emails_email", + "entityCreated": "2023-08-07T00:25:26.842611Z", + "entityUpdated": "2023-08-07T00:25:40.460607Z", + "entityActionState": "body_changed" + }, + "entityPayload": { + "internetMessageId": "<01000189cd624043-5c3e89fd-5d42-4f0e-8c39-dbb4c9479cd2-000000@email.amazonses.com>", + "subject": "Phishing Alert! [aut_phish_prod3_17__070823_00_25_15_531319]", + "received": "2023-08-07T00:25:17Z", + "size": null, + "emailLinks": [ + "http://operatf.xyz/redirect53dfhbhfhfhb" + ], + "attachmentCount": 0, + "attachments": [], + "mode": "monitor", + "recipients": [ + "user3@avananlab44.onmicrosoft.com" + ], + "fromEmail": "Automation@avtestqa.com", + "fromDomain": "avtestqa.com", + "fromUser": {}, + "fromName": "", + "to": [ + "user3@avananlab44.onmicrosoft.com" + ], + "toUser": [ + { + "entity_id": "1ec5d519-54a5-40fa-9651-19d7286710df", + "entity_type": "office365_emails_user", + "mail": null + } + ], + "cc": [], + "ccUser": [], + "bcc": [], + "bccUser": [], + "replyToEmail": null, + "replyToNickname": null, + "isRead": null, + "isDeleted": false, + "isIncoming": true, + "isInternal": false, + "isOutgoing": false, + "isQuarantined": false, + "isQuarantineNotification": false, + "isRestored": false, + "isRestoreRequested": false, + "isRestoreDeclined": false, + "saasSpamVerdict": "-1", + "SpfResult": "pass", + "restoreRequestTime": null + }, + "entitySecurityResult": { + "combinedVerdict": { + "ap": "phishing", + "dlp": null, + "clicktimeProtection": null, + "shadowIt": "clean", + "av": null + }, + "ap": [ + { + "entityId": "7235fa131fa6ee89215b3587c5264291", + "entityType": "office365_emails_email", + "payload": { + "reasons_by_category_list": [ + "Email Headers", + "Domain Impersonation", + "Sender Reputation", + "Links" + ], + "reasons_by_category": { + "Links": [ + { + "short_text": "Link to a low-traffic site", + "full_text": "The email contains link to low-traffic web-sites - often indicating low-trust domains" + } + ], + "Domain Impersonation": [ + { + "short_text": "SPF check failed when checking sending IP: 10.10.10.10 for domain avtestqa.com", + "full_text": "The email 'from' address doesn't pass the SPF-check" + } + ], + "Sender Reputation": [ + { + "short_text": "Insignificant historical reputation with sender", + "full_text": "The sending email address hasn't established significant historical reputation with your domain" + }, + { + "short_text": "Low-traffic 'From'-domain", + "full_text": "The sender's domain has very low traffic - often indicating low-trust domains" + } + ], + "Email Headers": [ + { + "short_text": "Missing DMARC", + "full_text": "The email's header suggest that DMARC signature is missing/invalid" + } + ] + }, + "reasons": [] + }, + "score": "230.313577", + "securityResultEntityId": "7235fa131fa6ee89215b3587c5264291", + "securityResultEntityType": "avanan_ap_scan", + "statusCode": "0", + "statusDescription": null, + "verdict": "phishing" + } + ], + "dlp": null, + "clicktimeProtection": null, + "shadowIt": [ + { + "entityId": "7235fa131fa6ee89215b3587c5264291", + "entityType": "office365_emails_email", + "payload": { + "from": "Automation@avtestqa.com", + "subject": "aut_phish_prod3_17__070823_00_25_15_531319", + "domain": "" + }, + "score": "0", + "securityResultEntityId": "7235fa131fa6ee89215b3587c5264291", + "securityResultEntityType": "shadow_it_emails_scan", + "statusCode": "clean", + "statusDescription": "Clean", + "verdict": "clean" + } + ], + "av": null + }, + "entityActions": [ + { + "entityActionName": "subject_change", + "entityActionDate": "2023-08-07T00:25:26.842611Z", + "entityActionResponseCode": null, + "entityActionResponseText": null, + "entityActionState": "subject_changed" + }, + { + "entityActionName": "body_change", + "entityActionDate": "2023-08-07T00:25:26.842611Z", + "entityActionResponseCode": null, + "entityActionResponseText": null, + "entityActionState": "body_changed" + } + ], + "entityAvailableActions": [] + }, + { + "entityInfo": { + "entityId": "766cde81cd1f9d33b7b95c0ab8181485", + "customerId": "prod-3-con-lab44", + "customerOem": "Avanan", + "saas": "office365_emails", + "saasEntityType": "office365_emails_email", + "entityCreated": "2023-08-07T00:25:27.389539Z", + "entityUpdated": "2023-08-07T00:25:36.809815Z", + "entityActionState": "links_replaced" + }, + "entityPayload": { + "internetMessageId": "<01000189cd623f13-241388f7-4231-458c-834a-bcf0978891c4-000000@email.amazonses.com>-alert", + "subject": "Phishing Alert! [aut_phish_prod3_17__070823_00_25_15_236455]", + "received": "2023-08-07T00:25:16Z", + "size": null, + "emailLinks": [ + "http://operatf.xyz/redirect53dfhbhfhfhb" + ], + "attachmentCount": 0, + "attachments": [], + "mode": "inline", + "recipients": [ + "user2@avananlab44.onmicrosoft.com" + ], + "fromEmail": "Automation@avtestqa.com", + "fromDomain": "avtestqa.com", + "fromUser": {}, + "fromName": "", + "to": [ + "user2@avananlab44.onmicrosoft.com" + ], + "toUser": [ + { + "entity_id": "04df0456-6328-4cfe-a285-e41e3d035e9e", + "entity_type": "office365_emails_user", + "mail": null + } + ], + "cc": [], + "ccUser": [], + "bcc": [], + "bccUser": [], + "replyToEmail": null, + "replyToNickname": null, + "isRead": null, + "isDeleted": false, + "isIncoming": true, + "isInternal": false, + "isOutgoing": false, + "isQuarantined": false, + "isQuarantineNotification": false, + "isRestored": false, + "isRestoreRequested": false, + "isRestoreDeclined": false, + "saasSpamVerdict": "-1", + "SpfResult": "pass", + "restoreRequestTime": null + }, + "entitySecurityResult": { + "combinedVerdict": { + "ap": "phishing", + "dlp": "clean", + "clicktimeProtection": "links_replaced", + "shadowIt": "clean", + "av": null + }, + "ap": [ + { + "entityId": "766cde81cd1f9d33b7b95c0ab8181485", + "entityType": "office365_emails_email", + "payload": { + "reasons_by_category_list": [ + "Email Headers", + "Domain Impersonation", + "Sender Reputation", + "Links" + ], + "reasons_by_category": { + "Links": [ + { + "short_text": "Link to a low-traffic site", + "full_text": "The email contains link to low-traffic web-sites - often indicating low-trust domains" + } + ], + "Domain Impersonation": [ + { + "short_text": "SPF check failed when checking sending IP: 10.10.10.10 for domain avtestqa.com", + "full_text": "The email 'from' address doesn't pass the SPF-check" + } + ], + "Sender Reputation": [ + { + "short_text": "Insignificant historical reputation with sender", + "full_text": "The sending email address hasn't established significant historical reputation with your domain" + }, + { + "short_text": "Low-traffic 'From'-domain", + "full_text": "The sender's domain has very low traffic - often indicating low-trust domains" + } + ], + "Email Headers": [ + { + "short_text": "Missing DMARC", + "full_text": "The email's header suggest that DMARC signature is missing/invalid" + } + ] + }, + "reasons": [] + }, + "score": "234.309006", + "securityResultEntityId": "766cde81cd1f9d33b7b95c0ab8181485", + "securityResultEntityType": "avanan_ap_scan", + "statusCode": "0", + "statusDescription": null, + "verdict": "phishing" + } + ], + "dlp": [ + { + "entityId": "766cde81cd1f9d33b7b95c0ab8181485", + "entityType": "office365_emails_email", + "payload": { + "matches_dlp_rules": [], + "found_text": [], + "scan_details": [], + "hit_count": 0 + }, + "score": "0", + "securityResultEntityId": "766cde81cd1f9d33b7b95c0ab8181485", + "securityResultEntityType": "avanan_dlp", + "statusCode": "0", + "statusDescription": "Clean", + "verdict": "clean" + } + ], + "clicktimeProtection": [ + { + "entityId": "766cde81cd1f9d33b7b95c0ab8181485", + "entityType": "office365_emails_email", + "payload": null, + "score": "0", + "securityResultEntityId": "766cde81cd1f9d33b7b95c0ab8181485", + "securityResultEntityType": "clicktime_protection_scan", + "statusCode": "0", + "statusDescription": null, + "verdict": "links_replaced" + } + ], + "shadowIt": [ + { + "entityId": "766cde81cd1f9d33b7b95c0ab8181485", + "entityType": "office365_emails_email", + "payload": { + "from": "Automation@avtestqa.com", + "subject": "aut_phish_prod3_17__070823_00_25_15_236455", + "domain": "" + }, + "score": "0", + "securityResultEntityId": "766cde81cd1f9d33b7b95c0ab8181485", + "securityResultEntityType": "shadow_it_emails_scan", + "statusCode": "clean", + "statusDescription": "Clean", + "verdict": "clean" + } + ], + "av": null + }, + "entityActions": [ + { + "entityActionName": "subject_change", + "entityActionDate": "2023-08-07T00:25:27.389539Z", + "entityActionResponseCode": null, + "entityActionResponseText": null, + "entityActionState": "subject_changed" + }, + { + "entityActionName": "body_change", + "entityActionDate": "2023-08-07T00:25:27.389539Z", + "entityActionResponseCode": null, + "entityActionResponseText": null, + "entityActionState": "body_changed" + }, + { + "entityActionName": "links_replace", + "entityActionDate": "2023-08-07T00:25:27.389539Z", + "entityActionResponseCode": null, + "entityActionResponseText": null, + "entityActionState": "links_replaced" + } + ], + "entityAvailableActions": [] + }, + { + "entityInfo": { + "entityId": "2d563f39c9f9f83da3fba11677497878", + "customerId": "prod-3-con-lab44", + "customerOem": "Avanan", + "saas": "office365_emails", + "saasEntityType": "office365_emails_email", + "entityCreated": "2023-08-07T00:25:27.390819Z", + "entityUpdated": "2023-08-07T00:25:42.757858Z", + "entityActionState": null + }, + "entityPayload": { + "internetMessageId": "<01000189cd623f9e-a4670489-f19a-4115-84b0-c8e3a6d0e5da-000000@email.amazonses.com>", + "subject": "aut_clean_prod3_17__070823_00_25_15_363407", + "received": "2023-08-07T00:25:16Z", + "size": null, + "emailLinks": [], + "attachmentCount": 0, + "attachments": [], + "mode": "inline", + "recipients": [ + "user2@avananlab44.onmicrosoft.com" + ], + "fromEmail": "Automation@avtestqa.com", + "fromDomain": "avtestqa.com", + "fromUser": {}, + "fromName": "", + "to": [ + "user2@avananlab44.onmicrosoft.com" + ], + "toUser": [ + { + "entity_id": "04df0456-6328-4cfe-a285-e41e3d035e9e", + "entity_type": "office365_emails_user", + "mail": null + } + ], + "cc": [], + "ccUser": [], + "bcc": [], + "bccUser": [], + "replyToEmail": null, + "replyToNickname": null, + "isRead": null, + "isDeleted": false, + "isIncoming": true, + "isInternal": false, + "isOutgoing": false, + "isQuarantined": false, + "isQuarantineNotification": false, + "isRestored": false, + "isRestoreRequested": false, + "isRestoreDeclined": false, + "saasSpamVerdict": "-1", + "SpfResult": "pass", + "restoreRequestTime": null + }, + "entitySecurityResult": { + "combinedVerdict": { + "ap": "clean", + "dlp": "clean", + "clicktimeProtection": "no_links_replaced", + "shadowIt": "clean", + "av": null + }, + "ap": [ + { + "entityId": "2d563f39c9f9f83da3fba11677497878", + "entityType": "office365_emails_email", + "payload": { + "reasons_by_category_list": [ + "Email Headers", + "Domain Impersonation", + "Sender Reputation" + ], + "reasons_by_category": { + "Email Headers": [ + { + "short_text": "Missing DMARC", + "full_text": "The email's header suggest that DMARC signature is missing/invalid" + } + ], + "Domain Impersonation": [ + { + "short_text": "SPF check failed when checking sending IP: 10.10.10.10 for domain avtestqa.com", + "full_text": "The email 'from' address doesn't pass the SPF-check" + } + ], + "Sender Reputation": [ + { + "short_text": "Insignificant historical reputation with sender", + "full_text": "The sending email address hasn't established significant historical reputation with your domain" + }, + { + "short_text": "Low-traffic 'From'-domain", + "full_text": "The sender's domain has very low traffic - often indicating low-trust domains" + } + ] + }, + "reasons": [ + "First Time Sender" + ] + }, + "score": "125.763193", + "securityResultEntityId": "2d563f39c9f9f83da3fba11677497878", + "securityResultEntityType": "avanan_ap_scan", + "statusCode": "0", + "statusDescription": null, + "verdict": "clean" + } + ], + "dlp": [ + { + "entityId": "2d563f39c9f9f83da3fba11677497878", + "entityType": "office365_emails_email", + "payload": { + "matches_dlp_rules": [], + "found_text": [], + "scan_details": [], + "hit_count": 0 + }, + "score": "0", + "securityResultEntityId": "2d563f39c9f9f83da3fba11677497878", + "securityResultEntityType": "avanan_dlp", + "statusCode": "0", + "statusDescription": "Clean", + "verdict": "clean" + } + ], + "clicktimeProtection": [ + { + "entityId": "2d563f39c9f9f83da3fba11677497878", + "entityType": "office365_emails_email", + "payload": null, + "score": "0", + "securityResultEntityId": "2d563f39c9f9f83da3fba11677497878", + "securityResultEntityType": "clicktime_protection_scan", + "statusCode": "0", + "statusDescription": null, + "verdict": "no_links_replaced" + } + ], + "shadowIt": [ + { + "entityId": "2d563f39c9f9f83da3fba11677497878", + "entityType": "office365_emails_email", + "payload": { + "from": "Automation@avtestqa.com", + "subject": "aut_clean_prod3_17__070823_00_25_15_363407", + "domain": "" + }, + "score": "0", + "securityResultEntityId": "2d563f39c9f9f83da3fba11677497878", + "securityResultEntityType": "shadow_it_emails_scan", + "statusCode": "clean", + "statusDescription": "Clean", + "verdict": "clean" + } + ], + "av": null + }, + "entityActions": [], + "entityAvailableActions": [] + }, + { + "entityInfo": { + "entityId": "a8ccb2e818b2a25ebbf1ac196c5fe9d0", + "customerId": "prod-3-con-lab44", + "customerOem": "Avanan", + "saas": "office365_emails", + "saasEntityType": "office365_emails_email", + "entityCreated": "2023-08-07T00:25:27.571626Z", + "entityUpdated": "2023-08-07T00:25:42.008390Z", + "entityActionState": "quarantined" + }, + "entityPayload": { + "internetMessageId": "<01000189cd623e6d-b1bf33a0-9888-4f1c-88db-ef5de5d6ceeb-000000@email.amazonses.com>", + "subject": "aut_quar_prod3_17__070823_00_25_15_054392", + "received": "2023-08-07T00:25:16Z", + "size": null, + "emailLinks": [], + "attachmentCount": 1, + "attachments": [ + { + "name": "avanan_malicious_18_070823_00_25_15_1691367915.pdf", + "mimetype": "application/pdf", + "size": 2068, + "MD5": "7f8b6a4f6f56a8faeb6b7a924dbf6811" + } + ], + "mode": "inline", + "recipients": [ + "user2@avananlab44.onmicrosoft.com" + ], + "fromEmail": "Automation@avtestqa.com", + "fromDomain": "avtestqa.com", + "fromUser": {}, + "fromName": "", + "to": [ + "user2@avananlab44.onmicrosoft.com" + ], + "toUser": [ + { + "entity_id": "04df0456-6328-4cfe-a285-e41e3d035e9e", + "entity_type": "office365_emails_user", + "mail": null + } + ], + "cc": [], + "ccUser": [], + "bcc": [], + "bccUser": [], + "replyToEmail": null, + "replyToNickname": null, + "isRead": null, + "isDeleted": true, + "isIncoming": true, + "isInternal": false, + "isOutgoing": false, + "isQuarantined": true, + "isQuarantineNotification": false, + "isRestored": false, + "isRestoreRequested": false, + "isRestoreDeclined": false, + "saasSpamVerdict": "-1", + "SpfResult": "pass", + "restoreRequestTime": null + }, + "entitySecurityResult": { + "combinedVerdict": { + "ap": "clean", + "dlp": "clean", + "clicktimeProtection": "no_links_replaced", + "shadowIt": "clean", + "av": "malicious" + }, + "ap": [ + { + "entityId": "a8ccb2e818b2a25ebbf1ac196c5fe9d0", + "entityType": "office365_emails_email", + "payload": { + "reasons_by_category_list": [ + "Email Headers", + "Domain Impersonation", + "Sender Reputation" + ], + "reasons_by_category": { + "Email Headers": [ + { + "short_text": "Missing DMARC", + "full_text": "The email's header suggest that DMARC signature is missing/invalid" + } + ], + "Domain Impersonation": [ + { + "short_text": "SPF check failed when checking sending IP: 10.10.10.10 for domain avtestqa.com", + "full_text": "The email 'from' address doesn't pass the SPF-check" + } + ], + "Sender Reputation": [ + { + "short_text": "Insignificant historical reputation with sender", + "full_text": "The sending email address hasn't established significant historical reputation with your domain" + }, + { + "short_text": "Low-traffic 'From'-domain", + "full_text": "The sender's domain has very low traffic - often indicating low-trust domains" + } + ] + }, + "reasons": [ + "First Time Sender" + ] + }, + "score": "33.833035", + "securityResultEntityId": "a8ccb2e818b2a25ebbf1ac196c5fe9d0", + "securityResultEntityType": "avanan_ap_scan", + "statusCode": "0", + "statusDescription": null, + "verdict": "clean" + } + ], + "dlp": [ + { + "entityId": "a8ccb2e818b2a25ebbf1ac196c5fe9d0", + "entityType": "office365_emails_email", + "payload": { + "matches_dlp_rules": [], + "found_text": [], + "scan_details": [], + "hit_count": 0 + }, + "score": "0", + "securityResultEntityId": "a8ccb2e818b2a25ebbf1ac196c5fe9d0", + "securityResultEntityType": "avanan_dlp", + "statusCode": "0", + "statusDescription": "Clean", + "verdict": "clean" + }, + { + "entityId": "516e288cf9ebce6cfa7741710f7e56846b81d4b7", + "entityType": "office365_emails_attachment", + "payload": { + "matches_dlp_rules": [], + "found_text": [], + "scan_details": [], + "hit_count": 0 + }, + "score": "0", + "securityResultEntityId": "516e288cf9ebce6cfa7741710f7e56846b81d4b7", + "securityResultEntityType": "avanan_dlp", + "statusCode": "0", + "statusDescription": "Clean", + "verdict": "clean" + } + ], + "clicktimeProtection": [ + { + "entityId": "a8ccb2e818b2a25ebbf1ac196c5fe9d0", + "entityType": "office365_emails_email", + "payload": null, + "score": "0", + "securityResultEntityId": "a8ccb2e818b2a25ebbf1ac196c5fe9d0", + "securityResultEntityType": "clicktime_protection_scan", + "statusCode": "0", + "statusDescription": null, + "verdict": "no_links_replaced" + } + ], + "shadowIt": [ + { + "entityId": "a8ccb2e818b2a25ebbf1ac196c5fe9d0", + "entityType": "office365_emails_email", + "payload": { + "from": "Automation@avtestqa.com", + "subject": "aut_quar_prod3_17__070823_00_25_15_054392", + "domain": "" + }, + "score": "0", + "securityResultEntityId": "a8ccb2e818b2a25ebbf1ac196c5fe9d0", + "securityResultEntityType": "shadow_it_emails_scan", + "statusCode": "clean", + "statusDescription": "Clean", + "verdict": "clean" + } + ], + "av": [ + { + "entityId": "516e288cf9ebce6cfa7741710f7e56846b81d4b7", + "entityType": "office365_emails_attachment", + "payload": { + "scan_details": [ + "Dummy Core Detection" + ] + }, + "score": "100", + "securityResultEntityId": "516e288cf9ebce6cfa7741710f7e56846b81d4b7", + "securityResultEntityType": "checkpoint2", + "statusCode": "0", + "statusDescription": "Dummy Core Detection", + "verdict": "malicious" + } + ] + }, + "entityActions": [ + { + "entityActionName": "quarantine", + "entityActionDate": "2023-08-07T00:25:41.274512Z", + "entityActionResponseCode": null, + "entityActionResponseText": null, + "entityActionState": "quarantined" + } + ], + "entityAvailableActions": [] + }, + { + "entityInfo": { + "entityId": "04361493c5a90b0445cbafbbca2618f9", + "customerId": "prod-3-con-lab44", + "customerOem": "Avanan", + "saas": "office365_emails", + "saasEntityType": "office365_emails_email", + "entityCreated": "2023-08-07T00:29:18.493869Z", + "entityUpdated": "2023-08-07T00:34:16.449330Z", + "entityActionState": null + }, + "entityPayload": { + "internetMessageId": "<01000189cd65cf85-6a3cb067-7958-47c9-b2c2-d6b53bfad919-000000@email.amazonses.com>", + "subject": "aut_clean_prod3_17__070823_00_29_08_799594", + "received": "2023-08-07T00:29:09Z", + "size": null, + "emailLinks": [], + "attachmentCount": 0, + "attachments": [], + "mode": "inline", + "recipients": [ + "user4@avananlab44.onmicrosoft.com" + ], + "fromEmail": "Automation@avtestqa.com", + "fromDomain": "avtestqa.com", + "fromUser": {}, + "fromName": "", + "to": [ + "user4@avananlab44.onmicrosoft.com" + ], + "toUser": [ + { + "entity_id": "37bf0b54-5136-49e7-82c8-58f85d42b333", + "entity_type": "office365_emails_user", + "mail": null + } + ], + "cc": [], + "ccUser": [], + "bcc": [], + "bccUser": [], + "replyToEmail": null, + "replyToNickname": null, + "isRead": null, + "isDeleted": false, + "isIncoming": true, + "isInternal": false, + "isOutgoing": false, + "isQuarantined": false, + "isQuarantineNotification": false, + "isRestored": true, + "isRestoreRequested": false, + "isRestoreDeclined": false, + "saasSpamVerdict": "-1", + "SpfResult": "pass", + "restoreRequestTime": null + }, + "entitySecurityResult": { + "combinedVerdict": { + "ap": "clean", + "dlp": null, + "clicktimeProtection": null, + "shadowIt": "clean", + "av": null + }, + "ap": [ + { + "entityId": "04361493c5a90b0445cbafbbca2618f9", + "entityType": "office365_emails_email", + "payload": { + "reasons_by_category_list": [ + "Email Headers", + "Domain Impersonation", + "Sender Reputation" + ], + "reasons_by_category": { + "Email Headers": [ + { + "short_text": "Missing DMARC", + "full_text": "The email's header suggest that DMARC signature is missing/invalid" + } + ], + "Domain Impersonation": [ + { + "short_text": "SPF check failed when checking sending IP: 10.10.10.10 for domain avtestqa.com", + "full_text": "The email 'from' address doesn't pass the SPF-check" + } + ], + "Sender Reputation": [ + { + "short_text": "Insignificant historical reputation with sender", + "full_text": "The sending email address hasn't established significant historical reputation with your domain" + }, + { + "short_text": "Low-traffic 'From'-domain", + "full_text": "The sender's domain has very low traffic - often indicating low-trust domains" + } + ] + }, + "reasons": [ + "First Time Sender" + ] + }, + "score": "108.677335", + "securityResultEntityId": "04361493c5a90b0445cbafbbca2618f9", + "securityResultEntityType": "avanan_ap_scan", + "statusCode": "0", + "statusDescription": null, + "verdict": "clean" + } + ], + "dlp": null, + "clicktimeProtection": null, + "shadowIt": [ + { + "entityId": "04361493c5a90b0445cbafbbca2618f9", + "entityType": "office365_emails_email", + "payload": { + "from": "Automation@avtestqa.com", + "subject": "aut_clean_prod3_17__070823_00_29_08_799594", + "domain": "" + }, + "score": "0", + "securityResultEntityId": "04361493c5a90b0445cbafbbca2618f9", + "securityResultEntityType": "shadow_it_emails_scan", + "statusCode": "clean", + "statusDescription": "Clean", + "verdict": "clean" + } + ], + "av": null + }, + "entityActions": [], + "entityAvailableActions": [] + }, + { + "entityInfo": { + "entityId": "7f2aac8b146c749881c560745ffe5287", + "customerId": "prod-3-con-lab44", + "customerOem": "Avanan", + "saas": "office365_emails", + "saasEntityType": "office365_emails_email", + "entityCreated": "2023-08-07T00:31:26.131555Z", + "entityUpdated": "2023-08-07T00:33:02.036563Z", + "entityActionState": "links_replaced" + }, + "entityPayload": { + "internetMessageId": "<00000000.00000000000000.00000000000000.00000000@mail.example.com>", + "subject": "AUT-clicktime-qa-1_070823_03_31_18_209515", + "received": "2023-08-07T00:31:19Z", + "size": null, + "emailLinks": [ + "http://www.xvira-malwareavrad.com", + "https://google.com", + "https://stackoverflow.com" + ], + "attachmentCount": 0, + "attachments": [], + "mode": "inline", + "recipients": [ + "user2@avananlab44.onmicrosoft.com" + ], + "fromEmail": "Automation@avtestqa.com", + "fromDomain": "avtestqa.com", + "fromUser": {}, + "fromName": "", + "to": [ + "user2@avananlab44.onmicrosoft.com" + ], + "toUser": [ + { + "entity_id": "04df0456-6328-4cfe-a285-e41e3d035e9e", + "entity_type": "office365_emails_user", + "mail": null + } + ], + "cc": [], + "ccUser": [], + "bcc": [], + "bccUser": [], + "replyToEmail": "Automation@avtestqa.com", + "replyToNickname": "", + "isRead": null, + "isDeleted": false, + "isIncoming": true, + "isInternal": false, + "isOutgoing": false, + "isQuarantined": false, + "isQuarantineNotification": false, + "isRestored": false, + "isRestoreRequested": false, + "isRestoreDeclined": false, + "saasSpamVerdict": "-1", + "SpfResult": "pass", + "restoreRequestTime": null + }, + "entitySecurityResult": { + "combinedVerdict": { + "ap": "clean", + "dlp": "clean", + "clicktimeProtection": "malicious_url", + "shadowIt": "clean", + "av": null + }, + "ap": [ + { + "entityId": "7f2aac8b146c749881c560745ffe5287", + "entityType": "office365_emails_email", + "payload": { + "reasons_by_category_list": [ + "Email Headers", + "Sender Reputation", + "Links", + "Email Text" + ], + "reasons_by_category": { + "Links": [ + { + "short_text": "Link to a low-traffic site", + "full_text": "The email contains link to low-traffic web-sites - often indicating low-trust domains" + }, + { + "short_text": "Suspicious-looking link", + "full_text": "The email presents a link that can be misleading (link text vs. actual URL)" + } + ], + "Sender Reputation": [ + { + "short_text": "Insignificant historical reputation with sender", + "full_text": "The sending email address hasn't established significant historical reputation with your domain" + }, + { + "short_text": "Low-traffic 'From'-domain", + "full_text": "The sender's domain has very low traffic - often indicating low-trust domains" + } + ], + "Email Text": [ + { + "short_text": "Suspicious-looking email text", + "full_text": "NLP analysis of the email text indicates a suspicious-looking email content" + } + ], + "Email Headers": [ + { + "short_text": "Missing DMARC", + "full_text": "The email's header suggest that DMARC signature is missing/invalid" + } + ] + }, + "reasons": [ + "First Time Sender" + ] + }, + "score": "275.646318", + "securityResultEntityId": "7f2aac8b146c749881c560745ffe5287", + "securityResultEntityType": "avanan_ap_scan", + "statusCode": "0", + "statusDescription": null, + "verdict": "clean" + } + ], + "dlp": [ + { + "entityId": "7f2aac8b146c749881c560745ffe5287", + "entityType": "office365_emails_email", + "payload": { + "matches_dlp_rules": [], + "found_text": [], + "scan_details": [], + "hit_count": 0 + }, + "score": "0", + "securityResultEntityId": "7f2aac8b146c749881c560745ffe5287", + "securityResultEntityType": "avanan_dlp", + "statusCode": "0", + "statusDescription": "Clean", + "verdict": "clean" + } + ], + "clicktimeProtection": [ + { + "entityId": "7f2aac8b146c749881c560745ffe5287", + "entityType": "office365_emails_email", + "payload": { + "malicious_url_clicks": [ + "http://www.xvira-malwareavrad.com" + ] + }, + "score": "0", + "securityResultEntityId": "7f2aac8b146c749881c560745ffe5287", + "securityResultEntityType": "clicktime_protection_scan", + "statusCode": "0", + "statusDescription": null, + "verdict": "malicious_url" + }, + { + "entityId": "7f2aac8b146c749881c560745ffe5287", + "entityType": "office365_emails_email", + "payload": { + "result": { + "entity_type": "office365_emails_email", + "guid": "a76f", + "ip_address": "10.10.10.10, 10.10.10.11", + "entity_id": "7f2aac8b146c749881c560745ffe5287", + "event": "block", + "brand": "avanan", + "request_id": "4eb54d3f146b403f", + "url": "http://www.xvira-malwareavrad.com/", + "user_agent": "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/81.0.4044.92 Safari/537.36", + "customer": "prod-3-con-lab44", + "farm_id": "mt-prod-3", + "detection_info": null + }, + "link": "http://www.xvira-malwareavrad.com", + "client_ip_address": null, + "user_agent": "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/81.0.4044.92 Safari/537.36", + "detection_info": "{}" + }, + "score": "0.0", + "securityResultEntityId": "574bba05708e4e0bbdb061d5ad4bb9f8", + "securityResultEntityType": "clicktime_protection_scan_clicks", + "statusCode": "0", + "statusDescription": null, + "verdict": "malicious_url" + }, + { + "entityId": "7f2aac8b146c749881c560745ffe5287", + "entityType": "office365_emails_email", + "payload": { + "result": { + "entity_type": "office365_emails_email", + "guid": "22f0", + "ip_address": "10.10.10.10, 10.10.10.11", + "entity_id": "7f2aac8b146c749881c560745ffe5287", + "event": "block", + "brand": "avanan", + "request_id": "d07a52c232c860ea", + "url": "http://www.xvira-malwareavrad.com/", + "user_agent": "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/81.0.4044.92 Safari/537.36", + "customer": "prod-3-con-lab44", + "farm_id": "mt-prod-3", + "detection_info": null + }, + "link": "http://www.xvira-malwareavrad.com", + "client_ip_address": null, + "user_agent": "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/81.0.4044.92 Safari/537.36", + "detection_info": "{}" + }, + "score": "0.0", + "securityResultEntityId": "293ec8f2761748f1b82742d35c383a01", + "securityResultEntityType": "clicktime_protection_scan_clicks", + "statusCode": "0", + "statusDescription": null, + "verdict": "malicious_url" + } + ], + "shadowIt": [ + { + "entityId": "7f2aac8b146c749881c560745ffe5287", + "entityType": "office365_emails_email", + "payload": { + "from": "Automation@avtestqa.com", + "subject": "AUT-clicktime-qa-1_070823_03_31_18_209515", + "domain": "" + }, + "score": "0", + "securityResultEntityId": "7f2aac8b146c749881c560745ffe5287", + "securityResultEntityType": "shadow_it_emails_scan", + "statusCode": "clean", + "statusDescription": "Clean", + "verdict": "clean" + } + ], + "av": null + }, + "entityActions": [ + { + "entityActionName": "body_change", + "entityActionDate": "2023-08-07T00:31:26.131555Z", + "entityActionResponseCode": null, + "entityActionResponseText": null, + "entityActionState": "body_changed" + }, + { + "entityActionName": "links_replace", + "entityActionDate": "2023-08-07T00:31:26.131555Z", + "entityActionResponseCode": null, + "entityActionResponseText": null, + "entityActionState": "links_replaced" + } + ], + "entityAvailableActions": [] + }, + { + "entityInfo": { + "entityId": "6e5882cd54a4b970e42889e3d1006300", + "customerId": "prod-3-con-lab44", + "customerOem": "Avanan", + "saas": "office365_emails", + "saasEntityType": "office365_emails_email", + "entityCreated": "2023-08-07T00:31:26.438665Z", + "entityUpdated": "2023-08-07T00:35:42.143121Z", + "entityActionState": "links_replaced" + }, + "entityPayload": { + "internetMessageId": "<00000000.00000000000000.00000000000000.00000000@mail.example.com>", + "subject": "AUT-clicktime-qa-1-blacklist_070823_03_31_19_329573", + "received": "2023-08-07T00:31:20Z", + "size": null, + "emailLinks": [ + "https://facebook.com" + ], + "attachmentCount": 0, + "attachments": [], + "mode": "inline", + "recipients": [ + "user2@avananlab44.onmicrosoft.com" + ], + "fromEmail": "Automation@avtestqa.com", + "fromDomain": "avtestqa.com", + "fromUser": {}, + "fromName": "", + "to": [ + "user2@avananlab44.onmicrosoft.com" + ], + "toUser": [ + { + "entity_id": "04df0456-6328-4cfe-a285-e41e3d035e9e", + "entity_type": "office365_emails_user", + "mail": null + } + ], + "cc": [], + "ccUser": [], + "bcc": [], + "bccUser": [], + "replyToEmail": "Automation@avtestqa.com", + "replyToNickname": "", + "isRead": null, + "isDeleted": false, + "isIncoming": true, + "isInternal": false, + "isOutgoing": false, + "isQuarantined": false, + "isQuarantineNotification": false, + "isRestored": false, + "isRestoreRequested": false, + "isRestoreDeclined": false, + "saasSpamVerdict": "-1", + "SpfResult": "pass", + "restoreRequestTime": null + }, + "entitySecurityResult": { + "combinedVerdict": { + "ap": "clean", + "dlp": "clean", + "clicktimeProtection": "malicious_url", + "shadowIt": "clean", + "av": null + }, + "ap": [ + { + "entityId": "6e5882cd54a4b970e42889e3d1006300", + "entityType": "office365_emails_email", + "payload": { + "reasons_by_category_list": [ + "Email Headers", + "Sender Reputation" + ], + "reasons_by_category": { + "Email Headers": [ + { + "short_text": "Missing DMARC", + "full_text": "The email's header suggest that DMARC signature is missing/invalid" + } + ], + "Sender Reputation": [ + { + "short_text": "Insignificant historical reputation with sender", + "full_text": "The sending email address hasn't established significant historical reputation with your domain" + }, + { + "short_text": "Low-traffic 'From'-domain", + "full_text": "The sender's domain has very low traffic - often indicating low-trust domains" + } + ] + }, + "reasons": [ + "First Time Sender" + ] + }, + "score": "52.964422", + "securityResultEntityId": "6e5882cd54a4b970e42889e3d1006300", + "securityResultEntityType": "avanan_ap_scan", + "statusCode": "0", + "statusDescription": null, + "verdict": "clean" + } + ], + "dlp": [ + { + "entityId": "6e5882cd54a4b970e42889e3d1006300", + "entityType": "office365_emails_email", + "payload": { + "matches_dlp_rules": [], + "found_text": [], + "scan_details": [], + "hit_count": 0 + }, + "score": "0", + "securityResultEntityId": "6e5882cd54a4b970e42889e3d1006300", + "securityResultEntityType": "avanan_dlp", + "statusCode": "0", + "statusDescription": "Clean", + "verdict": "clean" + } + ], + "clicktimeProtection": [ + { + "entityId": "6e5882cd54a4b970e42889e3d1006300", + "entityType": "office365_emails_email", + "payload": null, + "score": "0", + "securityResultEntityId": "6e5882cd54a4b970e42889e3d1006300", + "securityResultEntityType": "clicktime_protection_scan", + "statusCode": "0", + "statusDescription": null, + "verdict": "malicious_url" + } + ], + "shadowIt": [ + { + "entityId": "6e5882cd54a4b970e42889e3d1006300", + "entityType": "office365_emails_email", + "payload": { + "subject": "AUT-clicktime-qa-1-blacklist_070823_03_31_19_329573", + "from": "Automation@avtestqa.com", + "domain": "" + }, + "score": "0", + "securityResultEntityId": "6e5882cd54a4b970e42889e3d1006300", + "securityResultEntityType": "shadow_it_emails_scan", + "statusCode": "clean", + "statusDescription": "Clean", + "verdict": "clean" + } + ], + "av": null + }, + "entityActions": [ + { + "entityActionName": "body_change", + "entityActionDate": "2023-08-07T00:31:26.438665Z", + "entityActionResponseCode": null, + "entityActionResponseText": null, + "entityActionState": "body_changed" + }, + { + "entityActionName": "links_replace", + "entityActionDate": "2023-08-07T00:31:26.438665Z", + "entityActionResponseCode": null, + "entityActionResponseText": null, + "entityActionState": "links_replaced" + } + ], + "entityAvailableActions": [] + }, + { + "entityInfo": { + "entityId": "a5c8d4306614f9bea0fb3d01bb44d33d", + "customerId": "prod-3-con-lab44", + "customerOem": "Avanan", + "saas": "office365_emails", + "saasEntityType": "office365_emails_email", + "entityCreated": "2023-08-07T00:31:26.768023Z", + "entityUpdated": "2023-08-07T00:31:56.890247Z", + "entityActionState": null + }, + "entityPayload": { + "internetMessageId": "<00000000.00000000000000.00000000000000.00000000@mail.example.com>", + "subject": "AUT-clicktime-qa-1-ignorelist_070823_03_31_18_641789", + "received": "2023-08-07T00:31:20Z", + "size": null, + "emailLinks": [ + "https://mail.google.com", + "https://www.youtube.com", + "https://yardiasp14.com" + ], + "attachmentCount": 0, + "attachments": [], + "mode": "inline", + "recipients": [ + "user2@avananlab44.onmicrosoft.com" + ], + "fromEmail": "Automation@avtestqa.com", + "fromDomain": "avtestqa.com", + "fromUser": {}, + "fromName": "", + "to": [ + "user2@avananlab44.onmicrosoft.com" + ], + "toUser": [ + { + "entity_id": "04df0456-6328-4cfe-a285-e41e3d035e9e", + "entity_type": "office365_emails_user", + "mail": null + } + ], + "cc": [], + "ccUser": [], + "bcc": [], + "bccUser": [], + "replyToEmail": "Automation@avtestqa.com", + "replyToNickname": "", + "isRead": null, + "isDeleted": false, + "isIncoming": true, + "isInternal": false, + "isOutgoing": false, + "isQuarantined": false, + "isQuarantineNotification": false, + "isRestored": false, + "isRestoreRequested": false, + "isRestoreDeclined": false, + "saasSpamVerdict": "-1", + "SpfResult": "pass", + "restoreRequestTime": null + }, + "entitySecurityResult": { + "combinedVerdict": { + "ap": "clean", + "dlp": "clean", + "clicktimeProtection": "no_links_replaced", + "shadowIt": "clean", + "av": null + }, + "ap": [ + { + "entityId": "a5c8d4306614f9bea0fb3d01bb44d33d", + "entityType": "office365_emails_email", + "payload": { + "reasons_by_category_list": [ + "Email Headers", + "Sender Reputation" + ], + "reasons_by_category": { + "Email Headers": [ + { + "short_text": "Missing DMARC", + "full_text": "The email's header suggest that DMARC signature is missing/invalid" + } + ], + "Sender Reputation": [ + { + "short_text": "Insignificant historical reputation with sender", + "full_text": "The sending email address hasn't established significant historical reputation with your domain" + }, + { + "short_text": "Low-traffic 'From'-domain", + "full_text": "The sender's domain has very low traffic - often indicating low-trust domains" + } + ] + }, + "reasons": [ + "First Time Sender" + ] + }, + "score": "68.697515", + "securityResultEntityId": "a5c8d4306614f9bea0fb3d01bb44d33d", + "securityResultEntityType": "avanan_ap_scan", + "statusCode": "0", + "statusDescription": null, + "verdict": "clean" + } + ], + "dlp": [ + { + "entityId": "a5c8d4306614f9bea0fb3d01bb44d33d", + "entityType": "office365_emails_email", + "payload": { + "matches_dlp_rules": [], + "found_text": [], + "scan_details": [], + "hit_count": 0 + }, + "score": "0", + "securityResultEntityId": "a5c8d4306614f9bea0fb3d01bb44d33d", + "securityResultEntityType": "avanan_dlp", + "statusCode": "0", + "statusDescription": "Clean", + "verdict": "clean" + } + ], + "clicktimeProtection": [ + { + "entityId": "a5c8d4306614f9bea0fb3d01bb44d33d", + "entityType": "office365_emails_email", + "payload": null, + "score": "0", + "securityResultEntityId": "a5c8d4306614f9bea0fb3d01bb44d33d", + "securityResultEntityType": "clicktime_protection_scan", + "statusCode": "0", + "statusDescription": null, + "verdict": "no_links_replaced" + } + ], + "shadowIt": [ + { + "entityId": "a5c8d4306614f9bea0fb3d01bb44d33d", + "entityType": "office365_emails_email", + "payload": { + "from": "Automation@avtestqa.com", + "subject": "AUT-clicktime-qa-1-ignorelist_070823_03_31_18_641789", + "domain": "" + }, + "score": "0", + "securityResultEntityId": "a5c8d4306614f9bea0fb3d01bb44d33d", + "securityResultEntityType": "shadow_it_emails_scan", + "statusCode": "clean", + "statusDescription": "Clean", + "verdict": "clean" + } + ], + "av": null + }, + "entityActions": [], + "entityAvailableActions": [] + }, + { + "entityInfo": { + "entityId": "00de1eca4442681e175bc52e099dd451", + "customerId": "prod-3-con-lab44", + "customerOem": "Avanan", + "saas": "office365_emails", + "saasEntityType": "office365_emails_email", + "entityCreated": "2023-08-07T00:31:27.024477Z", + "entityUpdated": "2023-08-07T00:31:58.905203Z", + "entityActionState": "links_replaced" + }, + "entityPayload": { + "internetMessageId": "<00000000.00000000000000.00000000000000.00000000@mail.example.com>", + "subject": "AUT-clicktime-qa-1-whitelist_070823_03_31_18_969962", + "received": "2023-08-07T00:31:20Z", + "size": null, + "emailLinks": [ + "http://www.xvirb-malwareavrad.com" + ], + "attachmentCount": 0, + "attachments": [], + "mode": "inline", + "recipients": [ + "user2@avananlab44.onmicrosoft.com" + ], + "fromEmail": "Automation@avtestqa.com", + "fromDomain": "avtestqa.com", + "fromUser": {}, + "fromName": "", + "to": [ + "user2@avananlab44.onmicrosoft.com" + ], + "toUser": [ + { + "entity_id": "04df0456-6328-4cfe-a285-e41e3d035e9e", + "entity_type": "office365_emails_user", + "mail": null + } + ], + "cc": [], + "ccUser": [], + "bcc": [], + "bccUser": [], + "replyToEmail": "Automation@avtestqa.com", + "replyToNickname": "", + "isRead": null, + "isDeleted": false, + "isIncoming": true, + "isInternal": false, + "isOutgoing": false, + "isQuarantined": false, + "isQuarantineNotification": false, + "isRestored": false, + "isRestoreRequested": false, + "isRestoreDeclined": false, + "saasSpamVerdict": "-1", + "SpfResult": "pass", + "restoreRequestTime": null + }, + "entitySecurityResult": { + "combinedVerdict": { + "ap": "clean", + "dlp": "clean", + "clicktimeProtection": "links_replaced", + "shadowIt": "clean", + "av": null + }, + "ap": [ + { + "entityId": "00de1eca4442681e175bc52e099dd451", + "entityType": "office365_emails_email", + "payload": { + "reasons_by_category_list": [ + "Email Headers", + "Sender Reputation", + "Links" + ], + "reasons_by_category": { + "Email Headers": [ + { + "short_text": "Missing DMARC", + "full_text": "The email's header suggest that DMARC signature is missing/invalid" + } + ], + "Links": [ + { + "short_text": "Link to a low-traffic site", + "full_text": "The email contains link to low-traffic web-sites - often indicating low-trust domains" + } + ], + "Sender Reputation": [ + { + "short_text": "Insignificant historical reputation with sender", + "full_text": "The sending email address hasn't established significant historical reputation with your domain" + }, + { + "short_text": "Low-traffic 'From'-domain", + "full_text": "The sender's domain has very low traffic - often indicating low-trust domains" + } + ] + }, + "reasons": [ + "First Time Sender" + ] + }, + "score": "148.308417", + "securityResultEntityId": "00de1eca4442681e175bc52e099dd451", + "securityResultEntityType": "avanan_ap_scan", + "statusCode": "0", + "statusDescription": null, + "verdict": "clean" + } + ], + "dlp": [ + { + "entityId": "00de1eca4442681e175bc52e099dd451", + "entityType": "office365_emails_email", + "payload": { + "matches_dlp_rules": [], + "found_text": [], + "scan_details": [], + "hit_count": 0 + }, + "score": "0", + "securityResultEntityId": "00de1eca4442681e175bc52e099dd451", + "securityResultEntityType": "avanan_dlp", + "statusCode": "0", + "statusDescription": "Clean", + "verdict": "clean" + } + ], + "clicktimeProtection": [ + { + "entityId": "00de1eca4442681e175bc52e099dd451", + "entityType": "office365_emails_email", + "payload": null, + "score": "0", + "securityResultEntityId": "00de1eca4442681e175bc52e099dd451", + "securityResultEntityType": "clicktime_protection_scan", + "statusCode": "0", + "statusDescription": null, + "verdict": "links_replaced" + } + ], + "shadowIt": [ + { + "entityId": "00de1eca4442681e175bc52e099dd451", + "entityType": "office365_emails_email", + "payload": { + "from": "Automation@avtestqa.com", + "subject": "AUT-clicktime-qa-1-whitelist_070823_03_31_18_969962", + "domain": "" + }, + "score": "0", + "securityResultEntityId": "00de1eca4442681e175bc52e099dd451", + "securityResultEntityType": "shadow_it_emails_scan", + "statusCode": "clean", + "statusDescription": "Clean", + "verdict": "clean" + } + ], + "av": null + }, + "entityActions": [ + { + "entityActionName": "body_change", + "entityActionDate": "2023-08-07T00:31:27.024477Z", + "entityActionResponseCode": null, + "entityActionResponseText": null, + "entityActionState": "body_changed" + }, + { + "entityActionName": "links_replace", + "entityActionDate": "2023-08-07T00:31:27.024477Z", + "entityActionResponseCode": null, + "entityActionResponseText": null, + "entityActionState": "links_replaced" + } + ], + "entityAvailableActions": [] + }, + { + "entityInfo": { + "entityId": "c2bddd74c8296899cebaa41f544b00fa", + "customerId": "prod-3-con-lab44", + "customerOem": "Avanan", + "saas": "office365_emails", + "saasEntityType": "office365_emails_email", + "entityCreated": "2023-08-07T00:31:27.286650Z", + "entityUpdated": "2023-08-07T00:31:57.894455Z", + "entityActionState": "links_replaced" + }, + "entityPayload": { + "internetMessageId": "<00000000.00000000000000.00000000000000.00000000@mail.example.com>", + "subject": "AUT-clicktime-qa-1-special-urls_070823_03_31_19_662869", + "received": "2023-08-07T00:31:21Z", + "size": null, + "emailLinks": [ + "https://hengold.github.io/clicktime_url/?url=!*", + "https://hengold.github.io/clicktime_url/?url=!*'();:@&=+$,/?%#[]/", + "https://hengold.github.io/clicktime_url/?\u043f\u0440\u0430\u0432\u0438\u0442\u0435\u043b\u044c\u0441\u0442\u0432\u043e/", + "https://hengold.github.io/clicktime_url/?\u05d1\u05e2\u05d1\u05e8\u05d9\u05ea/", + "https://hengold.github.io/clicktime_url/?\u4e2d\u6587/" + ], + "attachmentCount": 0, + "attachments": [], + "mode": "inline", + "recipients": [ + "user2@avananlab44.onmicrosoft.com" + ], + "fromEmail": "Automation@avtestqa.com", + "fromDomain": "avtestqa.com", + "fromUser": {}, + "fromName": "", + "to": [ + "user2@avananlab44.onmicrosoft.com" + ], + "toUser": [ + { + "entity_id": "04df0456-6328-4cfe-a285-e41e3d035e9e", + "entity_type": "office365_emails_user", + "mail": null + } + ], + "cc": [], + "ccUser": [], + "bcc": [], + "bccUser": [], + "replyToEmail": "Automation@avtestqa.com", + "replyToNickname": "", + "isRead": null, + "isDeleted": false, + "isIncoming": true, + "isInternal": false, + "isOutgoing": false, + "isQuarantined": false, + "isQuarantineNotification": false, + "isRestored": false, + "isRestoreRequested": false, + "isRestoreDeclined": false, + "saasSpamVerdict": "-1", + "SpfResult": "pass", + "restoreRequestTime": null + }, + "entitySecurityResult": { + "combinedVerdict": { + "ap": "clean", + "dlp": "clean", + "clicktimeProtection": "links_replaced", + "shadowIt": "clean", + "av": null + }, + "ap": [ + { + "entityId": "c2bddd74c8296899cebaa41f544b00fa", + "entityType": "office365_emails_email", + "payload": { + "reasons_by_category_list": [ + "Email Headers", + "Sender Reputation", + "Links" + ], + "reasons_by_category": { + "Email Headers": [ + { + "short_text": "Missing DMARC", + "full_text": "The email's header suggest that DMARC signature is missing/invalid" + } + ], + "Links": [ + { + "short_text": "Suspicious-looking link", + "full_text": "Some of the links in the email has suspicious format - often used by Phishing emails" + }, + { + "short_text": "Link to a low-traffic site", + "full_text": "The email contains link to low-traffic web-sites - often indicating low-trust domains" + } + ], + "Sender Reputation": [ + { + "short_text": "Insignificant historical reputation with sender", + "full_text": "The sending email address hasn't established significant historical reputation with your domain" + }, + { + "short_text": "Low-traffic 'From'-domain", + "full_text": "The sender's domain has very low traffic - often indicating low-trust domains" + } + ] + }, + "reasons": [ + "First Time Sender" + ] + }, + "score": "45.599355", + "securityResultEntityId": "c2bddd74c8296899cebaa41f544b00fa", + "securityResultEntityType": "avanan_ap_scan", + "statusCode": "0", + "statusDescription": null, + "verdict": "clean" + } + ], + "dlp": [ + { + "entityId": "c2bddd74c8296899cebaa41f544b00fa", + "entityType": "office365_emails_email", + "payload": { + "matches_dlp_rules": [], + "found_text": [], + "scan_details": [], + "hit_count": 0 + }, + "score": "0", + "securityResultEntityId": "c2bddd74c8296899cebaa41f544b00fa", + "securityResultEntityType": "avanan_dlp", + "statusCode": "0", + "statusDescription": "Clean", + "verdict": "clean" + } + ], + "clicktimeProtection": [ + { + "entityId": "c2bddd74c8296899cebaa41f544b00fa", + "entityType": "office365_emails_email", + "payload": null, + "score": "0", + "securityResultEntityId": "c2bddd74c8296899cebaa41f544b00fa", + "securityResultEntityType": "clicktime_protection_scan", + "statusCode": "0", + "statusDescription": null, + "verdict": "links_replaced" + } + ], + "shadowIt": [ + { + "entityId": "c2bddd74c8296899cebaa41f544b00fa", + "entityType": "office365_emails_email", + "payload": { + "from": "Automation@avtestqa.com", + "subject": "AUT-clicktime-qa-1-special-urls_070823_03_31_19_662869", + "domain": "" + }, + "score": "0", + "securityResultEntityId": "c2bddd74c8296899cebaa41f544b00fa", + "securityResultEntityType": "shadow_it_emails_scan", + "statusCode": "clean", + "statusDescription": "Clean", + "verdict": "clean" + } + ], + "av": null + }, + "entityActions": [ + { + "entityActionName": "body_change", + "entityActionDate": "2023-08-07T00:31:27.286650Z", + "entityActionResponseCode": null, + "entityActionResponseText": null, + "entityActionState": "body_changed" + }, + { + "entityActionName": "links_replace", + "entityActionDate": "2023-08-07T00:31:27.286650Z", + "entityActionResponseCode": null, + "entityActionResponseText": null, + "entityActionState": "links_replaced" + } + ], + "entityAvailableActions": [] + }, + { + "entityInfo": { + "entityId": "eb13f2e0e566edb8f59751eb41bc9337", + "customerId": "prod-3-con-lab44", + "customerOem": "Avanan", + "saas": "office365_emails", + "saasEntityType": "office365_emails_email", + "entityCreated": "2023-08-07T00:36:14.740115Z", + "entityUpdated": "2023-08-07T00:36:27.923921Z", + "entityActionState": "quarantined" + }, + "entityPayload": { + "internetMessageId": "<01000189cd6c322b-b4fc7590-110c-41cb-9327-fbf0ffbb8a2c-000000@email.amazonses.com>", + "subject": "aut_quar_prod3_17__070823_00_36_07_281790", + "received": "2023-08-07T00:36:08Z", + "size": null, + "emailLinks": [], + "attachmentCount": 1, + "attachments": [ + { + "name": "avanan_malicious_55_070823_00_36_07_1691368567.pdf", + "mimetype": "application/pdf", + "size": 2067, + "MD5": "6f77dfce15b49b4de0068bd5950a6f4f" + } + ], + "mode": "inline", + "recipients": [ + "user2@avananlab44.onmicrosoft.com" + ], + "fromEmail": "Automation@avtestqa.com", + "fromDomain": "avtestqa.com", + "fromUser": {}, + "fromName": "", + "to": [ + "user2@avananlab44.onmicrosoft.com" + ], + "toUser": [ + { + "entity_id": "04df0456-6328-4cfe-a285-e41e3d035e9e", + "entity_type": "office365_emails_user", + "mail": null + } + ], + "cc": [], + "ccUser": [], + "bcc": [], + "bccUser": [], + "replyToEmail": null, + "replyToNickname": null, + "isRead": null, + "isDeleted": true, + "isIncoming": true, + "isInternal": false, + "isOutgoing": false, + "isQuarantined": true, + "isQuarantineNotification": false, + "isRestored": false, + "isRestoreRequested": false, + "isRestoreDeclined": false, + "saasSpamVerdict": "-1", + "SpfResult": "pass", + "restoreRequestTime": null + }, + "entitySecurityResult": { + "combinedVerdict": { + "ap": "clean", + "dlp": "clean", + "clicktimeProtection": "no_links_replaced", + "shadowIt": "clean", + "av": "malicious" + }, + "ap": [ + { + "entityId": "eb13f2e0e566edb8f59751eb41bc9337", + "entityType": "office365_emails_email", + "payload": { + "reasons_by_category_list": [ + "Email Headers", + "Domain Impersonation", + "Sender Reputation" + ], + "reasons_by_category": { + "Email Headers": [ + { + "short_text": "Missing DMARC", + "full_text": "The email's header suggest that DMARC signature is missing/invalid" + } + ], + "Domain Impersonation": [ + { + "short_text": "SPF check failed when checking sending IP: 10.10.10.10 for domain avtestqa.com", + "full_text": "The email 'from' address doesn't pass the SPF-check" + } + ], + "Sender Reputation": [ + { + "short_text": "Insignificant historical reputation with sender", + "full_text": "The sending email address hasn't established significant historical reputation with your domain" + }, + { + "short_text": "Low-traffic 'From'-domain", + "full_text": "The sender's domain has very low traffic - often indicating low-trust domains" + } + ] + }, + "reasons": [ + "First Time Sender" + ] + }, + "score": "38.152973", + "securityResultEntityId": "eb13f2e0e566edb8f59751eb41bc9337", + "securityResultEntityType": "avanan_ap_scan", + "statusCode": "0", + "statusDescription": null, + "verdict": "clean" + } + ], + "dlp": [ + { + "entityId": "eb13f2e0e566edb8f59751eb41bc9337", + "entityType": "office365_emails_email", + "payload": { + "matches_dlp_rules": [], + "found_text": [], + "scan_details": [], + "hit_count": 0 + }, + "score": "0", + "securityResultEntityId": "eb13f2e0e566edb8f59751eb41bc9337", + "securityResultEntityType": "avanan_dlp", + "statusCode": "0", + "statusDescription": "Clean", + "verdict": "clean" + }, + { + "entityId": "b435d1581d3030f3979923f57d4fffc9c49c7089", + "entityType": "office365_emails_attachment", + "payload": { + "matches_dlp_rules": [], + "found_text": [], + "scan_details": [], + "hit_count": 0 + }, + "score": "0", + "securityResultEntityId": "b435d1581d3030f3979923f57d4fffc9c49c7089", + "securityResultEntityType": "avanan_dlp", + "statusCode": "0", + "statusDescription": "Clean", + "verdict": "clean" + } + ], + "clicktimeProtection": [ + { + "entityId": "eb13f2e0e566edb8f59751eb41bc9337", + "entityType": "office365_emails_email", + "payload": null, + "score": "0", + "securityResultEntityId": "eb13f2e0e566edb8f59751eb41bc9337", + "securityResultEntityType": "clicktime_protection_scan", + "statusCode": "0", + "statusDescription": null, + "verdict": "no_links_replaced" + } + ], + "shadowIt": [ + { + "entityId": "eb13f2e0e566edb8f59751eb41bc9337", + "entityType": "office365_emails_email", + "payload": { + "from": "Automation@avtestqa.com", + "subject": "aut_quar_prod3_17__070823_00_36_07_281790", + "domain": "" + }, + "score": "0", + "securityResultEntityId": "eb13f2e0e566edb8f59751eb41bc9337", + "securityResultEntityType": "shadow_it_emails_scan", + "statusCode": "clean", + "statusDescription": "Clean", + "verdict": "clean" + } + ], + "av": [ + { + "entityId": "b435d1581d3030f3979923f57d4fffc9c49c7089", + "entityType": "office365_emails_attachment", + "payload": { + "scan_details": [ + "Dummy Core Detection" + ] + }, + "score": "100", + "securityResultEntityId": "b435d1581d3030f3979923f57d4fffc9c49c7089", + "securityResultEntityType": "checkpoint2", + "statusCode": "0", + "statusDescription": "Dummy Core Detection", + "verdict": "malicious" + } + ] + }, + "entityActions": [ + { + "entityActionName": "quarantine", + "entityActionDate": "2023-08-07T00:36:24.072880Z", + "entityActionResponseCode": null, + "entityActionResponseText": null, + "entityActionState": "quarantined" + } + ], + "entityAvailableActions": [] + }, + { + "entityInfo": { + "entityId": "2be800dd1703fd4ac512350652891119", + "customerId": "prod-3-con-lab44", + "customerOem": "Avanan", + "saas": "office365_emails", + "saasEntityType": "office365_emails_email", + "entityCreated": "2023-08-07T00:36:14.965820Z", + "entityUpdated": "2023-08-07T00:36:21.640350Z", + "entityActionState": null + }, + "entityPayload": { + "internetMessageId": "<01000189cd6c3391-019bb1ef-e9d8-44d6-b60f-5e924d5abc23-000000@email.amazonses.com>", + "subject": "aut_clean_prod3_17__070823_00_36_07_650110", + "received": "2023-08-07T00:36:08Z", + "size": null, + "emailLinks": [], + "attachmentCount": 0, + "attachments": [], + "mode": "inline", + "recipients": [ + "user2@avananlab44.onmicrosoft.com" + ], + "fromEmail": "Automation@avtestqa.com", + "fromDomain": "avtestqa.com", + "fromUser": {}, + "fromName": "", + "to": [ + "user2@avananlab44.onmicrosoft.com" + ], + "toUser": [ + { + "entity_id": "04df0456-6328-4cfe-a285-e41e3d035e9e", + "entity_type": "office365_emails_user", + "mail": null + } + ], + "cc": [], + "ccUser": [], + "bcc": [], + "bccUser": [], + "replyToEmail": null, + "replyToNickname": null, + "isRead": null, + "isDeleted": false, + "isIncoming": true, + "isInternal": false, + "isOutgoing": false, + "isQuarantined": false, + "isQuarantineNotification": false, + "isRestored": false, + "isRestoreRequested": false, + "isRestoreDeclined": false, + "saasSpamVerdict": "-1", + "SpfResult": "pass", + "restoreRequestTime": null + }, + "entitySecurityResult": { + "combinedVerdict": { + "ap": "clean", + "dlp": "clean", + "clicktimeProtection": "no_links_replaced", + "shadowIt": "clean", + "av": null + }, + "ap": [ + { + "entityId": "2be800dd1703fd4ac512350652891119", + "entityType": "office365_emails_email", + "payload": { + "reasons_by_category_list": [ + "Email Headers", + "Domain Impersonation", + "Sender Reputation" + ], + "reasons_by_category": { + "Email Headers": [ + { + "short_text": "Missing DMARC", + "full_text": "The email's header suggest that DMARC signature is missing/invalid" + } + ], + "Domain Impersonation": [ + { + "short_text": "SPF check failed when checking sending IP: 10.10.10.10 for domain avtestqa.com", + "full_text": "The email 'from' address doesn't pass the SPF-check" + } + ], + "Sender Reputation": [ + { + "short_text": "Insignificant historical reputation with sender", + "full_text": "The sending email address hasn't established significant historical reputation with your domain" + }, + { + "short_text": "Low-traffic 'From'-domain", + "full_text": "The sender's domain has very low traffic - often indicating low-trust domains" + } + ] + }, + "reasons": [ + "First Time Sender" + ] + }, + "score": "125.763193", + "securityResultEntityId": "2be800dd1703fd4ac512350652891119", + "securityResultEntityType": "avanan_ap_scan", + "statusCode": "0", + "statusDescription": null, + "verdict": "clean" + } + ], + "dlp": [ + { + "entityId": "2be800dd1703fd4ac512350652891119", + "entityType": "office365_emails_email", + "payload": { + "matches_dlp_rules": [], + "found_text": [], + "scan_details": [], + "hit_count": 0 + }, + "score": "0", + "securityResultEntityId": "2be800dd1703fd4ac512350652891119", + "securityResultEntityType": "avanan_dlp", + "statusCode": "0", + "statusDescription": "Clean", + "verdict": "clean" + } + ], + "clicktimeProtection": [ + { + "entityId": "2be800dd1703fd4ac512350652891119", + "entityType": "office365_emails_email", + "payload": null, + "score": "0", + "securityResultEntityId": "2be800dd1703fd4ac512350652891119", + "securityResultEntityType": "clicktime_protection_scan", + "statusCode": "0", + "statusDescription": null, + "verdict": "no_links_replaced" + } + ], + "shadowIt": [ + { + "entityId": "2be800dd1703fd4ac512350652891119", + "entityType": "office365_emails_email", + "payload": { + "from": "Automation@avtestqa.com", + "subject": "aut_clean_prod3_17__070823_00_36_07_650110", + "domain": "" + }, + "score": "0", + "securityResultEntityId": "2be800dd1703fd4ac512350652891119", + "securityResultEntityType": "shadow_it_emails_scan", + "statusCode": "clean", + "statusDescription": "Clean", + "verdict": "clean" + } + ], + "av": null + }, + "entityActions": [], + "entityAvailableActions": [] + }, + { + "entityInfo": { + "entityId": "2c895639803507df2a32afc092166a84", + "customerId": "prod-3-con-lab44", + "customerOem": "Avanan", + "saas": "office365_emails", + "saasEntityType": "office365_emails_email", + "entityCreated": "2023-08-07T00:36:15.162479Z", + "entityUpdated": "2023-08-07T00:36:24.038472Z", + "entityActionState": "links_replaced" + }, + "entityPayload": { + "internetMessageId": "<01000189cd6c32c0-3f71d004-0cd0-4937-be22-06042ba6ff71-000000@email.amazonses.com>-alert", + "subject": "Phishing Alert! [aut_phish_prod3_17__070823_00_36_07_439014]", + "received": "2023-08-07T00:36:08Z", + "size": null, + "emailLinks": [ + "http://operatf.xyz/redirect53dfhbhfhfhb" + ], + "attachmentCount": 0, + "attachments": [], + "mode": "inline", + "recipients": [ + "user2@avananlab44.onmicrosoft.com" + ], + "fromEmail": "Automation@avtestqa.com", + "fromDomain": "avtestqa.com", + "fromUser": {}, + "fromName": "", + "to": [ + "user2@avananlab44.onmicrosoft.com" + ], + "toUser": [ + { + "entity_id": "04df0456-6328-4cfe-a285-e41e3d035e9e", + "entity_type": "office365_emails_user", + "mail": null + } + ], + "cc": [], + "ccUser": [], + "bcc": [], + "bccUser": [], + "replyToEmail": null, + "replyToNickname": null, + "isRead": null, + "isDeleted": false, + "isIncoming": true, + "isInternal": false, + "isOutgoing": false, + "isQuarantined": false, + "isQuarantineNotification": false, + "isRestored": false, + "isRestoreRequested": false, + "isRestoreDeclined": false, + "saasSpamVerdict": "-1", + "SpfResult": "pass", + "restoreRequestTime": null + }, + "entitySecurityResult": { + "combinedVerdict": { + "ap": "phishing", + "dlp": "clean", + "clicktimeProtection": "links_replaced", + "shadowIt": "clean", + "av": null + }, + "ap": [ + { + "entityId": "2c895639803507df2a32afc092166a84", + "entityType": "office365_emails_email", + "payload": { + "reasons_by_category_list": [ + "Email Headers", + "Domain Impersonation", + "Sender Reputation", + "Links" + ], + "reasons_by_category": { + "Links": [ + { + "short_text": "Link to a low-traffic site", + "full_text": "The email contains link to low-traffic web-sites - often indicating low-trust domains" + } + ], + "Domain Impersonation": [ + { + "short_text": "SPF check failed when checking sending IP: 10.10.10.10 for domain avtestqa.com", + "full_text": "The email 'from' address doesn't pass the SPF-check" + } + ], + "Sender Reputation": [ + { + "short_text": "Insignificant historical reputation with sender", + "full_text": "The sending email address hasn't established significant historical reputation with your domain" + }, + { + "short_text": "Low-traffic 'From'-domain", + "full_text": "The sender's domain has very low traffic - often indicating low-trust domains" + } + ], + "Email Headers": [ + { + "short_text": "Missing DMARC", + "full_text": "The email's header suggest that DMARC signature is missing/invalid" + } + ] + }, + "reasons": [] + }, + "score": "210.879967", + "securityResultEntityId": "2c895639803507df2a32afc092166a84", + "securityResultEntityType": "avanan_ap_scan", + "statusCode": "0", + "statusDescription": null, + "verdict": "phishing" + } + ], + "dlp": [ + { + "entityId": "2c895639803507df2a32afc092166a84", + "entityType": "office365_emails_email", + "payload": { + "matches_dlp_rules": [], + "found_text": [], + "scan_details": [], + "hit_count": 0 + }, + "score": "0", + "securityResultEntityId": "2c895639803507df2a32afc092166a84", + "securityResultEntityType": "avanan_dlp", + "statusCode": "0", + "statusDescription": "Clean", + "verdict": "clean" + } + ], + "clicktimeProtection": [ + { + "entityId": "2c895639803507df2a32afc092166a84", + "entityType": "office365_emails_email", + "payload": null, + "score": "0", + "securityResultEntityId": "2c895639803507df2a32afc092166a84", + "securityResultEntityType": "clicktime_protection_scan", + "statusCode": "0", + "statusDescription": null, + "verdict": "links_replaced" + } + ], + "shadowIt": [ + { + "entityId": "2c895639803507df2a32afc092166a84", + "entityType": "office365_emails_email", + "payload": { + "from": "Automation@avtestqa.com", + "subject": "aut_phish_prod3_17__070823_00_36_07_439014", + "domain": "" + }, + "score": "0", + "securityResultEntityId": "2c895639803507df2a32afc092166a84", + "securityResultEntityType": "shadow_it_emails_scan", + "statusCode": "clean", + "statusDescription": "Clean", + "verdict": "clean" + } + ], + "av": null + }, + "entityActions": [ + { + "entityActionName": "subject_change", + "entityActionDate": "2023-08-07T00:36:15.162479Z", + "entityActionResponseCode": null, + "entityActionResponseText": null, + "entityActionState": "subject_changed" + }, + { + "entityActionName": "body_change", + "entityActionDate": "2023-08-07T00:36:15.162479Z", + "entityActionResponseCode": null, + "entityActionResponseText": null, + "entityActionState": "body_changed" + }, + { + "entityActionName": "links_replace", + "entityActionDate": "2023-08-07T00:36:15.162479Z", + "entityActionResponseCode": null, + "entityActionResponseText": null, + "entityActionState": "links_replaced" + } + ], + "entityAvailableActions": [] + }, + { + "entityInfo": { + "entityId": "a92c5cf71cfb128d6cb1bc7f8203a710", + "customerId": "prod-3-con-lab44", + "customerOem": "Avanan", + "saas": "office365_emails", + "saasEntityType": "office365_emails_email", + "entityCreated": "2023-08-07T00:36:15.185435Z", + "entityUpdated": "2023-08-07T00:36:22.192022Z", + "entityActionState": "quarantined" + }, + "entityPayload": { + "internetMessageId": "<01000189cd6c35d9-6247d610-8e33-4daa-9646-bb2917d4ea83-000000@email.amazonses.com>", + "subject": "aut_quar_prod3_17__070823_00_36_07_968164", + "received": "2023-08-07T00:36:09Z", + "size": null, + "emailLinks": [], + "attachmentCount": 1, + "attachments": [ + { + "name": "avanan_malicious_23_070823_00_36_08_1691368568.pdf", + "mimetype": "application/pdf", + "size": 2068, + "MD5": "09be6f7a8375d04964aaaa9c500cb519" + } + ], + "mode": "monitor", + "recipients": [ + "user3@avananlab44.onmicrosoft.com" + ], + "fromEmail": "Automation@avtestqa.com", + "fromDomain": "avtestqa.com", + "fromUser": {}, + "fromName": "", + "to": [ + "user3@avananlab44.onmicrosoft.com" + ], + "toUser": [ + { + "entity_id": "1ec5d519-54a5-40fa-9651-19d7286710df", + "entity_type": "office365_emails_user", + "mail": null + } + ], + "cc": [], + "ccUser": [], + "bcc": [], + "bccUser": [], + "replyToEmail": null, + "replyToNickname": null, + "isRead": null, + "isDeleted": true, + "isIncoming": true, + "isInternal": false, + "isOutgoing": false, + "isQuarantined": true, + "isQuarantineNotification": false, + "isRestored": false, + "isRestoreRequested": false, + "isRestoreDeclined": false, + "saasSpamVerdict": "-1", + "SpfResult": "pass", + "restoreRequestTime": null + }, + "entitySecurityResult": { + "combinedVerdict": { + "ap": "clean", + "dlp": null, + "clicktimeProtection": null, + "shadowIt": "clean", + "av": "malicious" + }, + "ap": [ + { + "entityId": "a92c5cf71cfb128d6cb1bc7f8203a710", + "entityType": "office365_emails_email", + "payload": { + "reasons_by_category_list": [ + "Email Headers", + "Domain Impersonation", + "Sender Reputation" + ], + "reasons_by_category": { + "Email Headers": [ + { + "short_text": "Missing DMARC", + "full_text": "The email's header suggest that DMARC signature is missing/invalid" + } + ], + "Domain Impersonation": [ + { + "short_text": "SPF check failed when checking sending IP: 10.10.10.10 for domain avtestqa.com", + "full_text": "The email 'from' address doesn't pass the SPF-check" + } + ], + "Sender Reputation": [ + { + "short_text": "Insignificant historical reputation with sender", + "full_text": "The sending email address hasn't established significant historical reputation with your domain" + }, + { + "short_text": "Low-traffic 'From'-domain", + "full_text": "The sender's domain has very low traffic - often indicating low-trust domains" + } + ] + }, + "reasons": [ + "First Time Sender" + ] + }, + "score": "37.394969", + "securityResultEntityId": "a92c5cf71cfb128d6cb1bc7f8203a710", + "securityResultEntityType": "avanan_ap_scan", + "statusCode": "0", + "statusDescription": null, + "verdict": "clean" + } + ], + "dlp": null, + "clicktimeProtection": null, + "shadowIt": [ + { + "entityId": "a92c5cf71cfb128d6cb1bc7f8203a710", + "entityType": "office365_emails_email", + "payload": { + "from": "Automation@avtestqa.com", + "subject": "aut_quar_prod3_17__070823_00_36_07_968164", + "domain": "" + }, + "score": "0", + "securityResultEntityId": "a92c5cf71cfb128d6cb1bc7f8203a710", + "securityResultEntityType": "shadow_it_emails_scan", + "statusCode": "clean", + "statusDescription": "Clean", + "verdict": "clean" + } + ], + "av": [ + { + "entityId": "5cae1a11f1787a1624e518ae4bc198170aee6543", + "entityType": "office365_emails_attachment", + "payload": { + "scan_details": [ + "Dummy Core Detection" + ] + }, + "score": "100", + "securityResultEntityId": "5cae1a11f1787a1624e518ae4bc198170aee6543", + "securityResultEntityType": "checkpoint2", + "statusCode": "0", + "statusDescription": "Dummy Core Detection", + "verdict": "malicious" + } + ] + }, + "entityActions": [ + { + "entityActionName": "quarantine", + "entityActionDate": "2023-08-07T00:36:21.957155Z", + "entityActionResponseCode": null, + "entityActionResponseText": null, + "entityActionState": "quarantined" + } + ], + "entityAvailableActions": [] + }, + { + "entityInfo": { + "entityId": "5244bc1edcda7b4eb1394cfd5caae536", + "customerId": "prod-3-con-lab44", + "customerOem": "Avanan", + "saas": "office365_emails", + "saasEntityType": "office365_emails_email", + "entityCreated": "2023-08-07T00:36:17.554898Z", + "entityUpdated": "2023-08-07T00:36:29.019312Z", + "entityActionState": "body_changed" + }, + "entityPayload": { + "internetMessageId": "<01000189cd6c3435-85994fcf-f157-45dd-b04c-0f54e6b251b9-000000@email.amazonses.com>", + "subject": "Phishing Alert! [aut_phish_prod3_17__070823_00_36_07_808755]", + "received": "2023-08-07T00:36:09Z", + "size": null, + "emailLinks": [ + "http://operatf.xyz/redirect53dfhbhfhfhb" + ], + "attachmentCount": 0, + "attachments": [], + "mode": "monitor", + "recipients": [ + "user3@avananlab44.onmicrosoft.com" + ], + "fromEmail": "Automation@avtestqa.com", + "fromDomain": "avtestqa.com", + "fromUser": {}, + "fromName": "", + "to": [ + "user3@avananlab44.onmicrosoft.com" + ], + "toUser": [ + { + "entity_id": "1ec5d519-54a5-40fa-9651-19d7286710df", + "entity_type": "office365_emails_user", + "mail": null + } + ], + "cc": [], + "ccUser": [], + "bcc": [], + "bccUser": [], + "replyToEmail": null, + "replyToNickname": null, + "isRead": null, + "isDeleted": false, + "isIncoming": true, + "isInternal": false, + "isOutgoing": false, + "isQuarantined": false, + "isQuarantineNotification": false, + "isRestored": false, + "isRestoreRequested": false, + "isRestoreDeclined": false, + "saasSpamVerdict": "-1", + "SpfResult": "pass", + "restoreRequestTime": null + }, + "entitySecurityResult": { + "combinedVerdict": { + "ap": "phishing", + "dlp": null, + "clicktimeProtection": null, + "shadowIt": "clean", + "av": null + }, + "ap": [ + { + "entityId": "5244bc1edcda7b4eb1394cfd5caae536", + "entityType": "office365_emails_email", + "payload": { + "reasons_by_category_list": [ + "Email Headers", + "Domain Impersonation", + "Sender Reputation", + "Links" + ], + "reasons_by_category": { + "Links": [ + { + "short_text": "Link to a low-traffic site", + "full_text": "The email contains link to low-traffic web-sites - often indicating low-trust domains" + } + ], + "Domain Impersonation": [ + { + "short_text": "SPF check failed when checking sending IP: 10.10.10.10 for domain avtestqa.com", + "full_text": "The email 'from' address doesn't pass the SPF-check" + } + ], + "Sender Reputation": [ + { + "short_text": "Insignificant historical reputation with sender", + "full_text": "The sending email address hasn't established significant historical reputation with your domain" + }, + { + "short_text": "Low-traffic 'From'-domain", + "full_text": "The sender's domain has very low traffic - often indicating low-trust domains" + } + ], + "Email Headers": [ + { + "short_text": "Missing DMARC", + "full_text": "The email's header suggest that DMARC signature is missing/invalid" + } + ] + }, + "reasons": [] + }, + "score": "230.313577", + "securityResultEntityId": "5244bc1edcda7b4eb1394cfd5caae536", + "securityResultEntityType": "avanan_ap_scan", + "statusCode": "0", + "statusDescription": null, + "verdict": "phishing" + } + ], + "dlp": null, + "clicktimeProtection": null, + "shadowIt": [ + { + "entityId": "5244bc1edcda7b4eb1394cfd5caae536", + "entityType": "office365_emails_email", + "payload": { + "from": "Automation@avtestqa.com", + "subject": "aut_phish_prod3_17__070823_00_36_07_808755", + "domain": "" + }, + "score": "0", + "securityResultEntityId": "5244bc1edcda7b4eb1394cfd5caae536", + "securityResultEntityType": "shadow_it_emails_scan", + "statusCode": "clean", + "statusDescription": "Clean", + "verdict": "clean" + } + ], + "av": null + }, + "entityActions": [ + { + "entityActionName": "subject_change", + "entityActionDate": "2023-08-07T00:36:17.554898Z", + "entityActionResponseCode": null, + "entityActionResponseText": null, + "entityActionState": "subject_changed" + }, + { + "entityActionName": "body_change", + "entityActionDate": "2023-08-07T00:36:17.554898Z", + "entityActionResponseCode": null, + "entityActionResponseText": null, + "entityActionState": "body_changed" + } + ], + "entityAvailableActions": [] + }, + { + "entityInfo": { + "entityId": "387791d2a40b948abee1cdd0f19ab478", + "customerId": "prod-3-con-lab44", + "customerOem": "Avanan", + "saas": "office365_emails", + "saasEntityType": "office365_emails_email", + "entityCreated": "2023-08-07T00:38:40.203026Z", + "entityUpdated": "2023-08-07T00:43:36.226074Z", + "entityActionState": null + }, + "entityPayload": { + "internetMessageId": "<01000189cd6e578c-879f8da0-ae88-49d2-9b5e-684911078aed-000000@email.amazonses.com>", + "subject": "aut_clean_prod3_17__070823_00_38_27_657038", + "received": "2023-08-07T00:38:29Z", + "size": null, + "emailLinks": [], + "attachmentCount": 0, + "attachments": [], + "mode": "inline", + "recipients": [ + "user4@avananlab44.onmicrosoft.com" + ], + "fromEmail": "Automation@avtestqa.com", + "fromDomain": "avtestqa.com", + "fromUser": {}, + "fromName": "", + "to": [ + "user4@avananlab44.onmicrosoft.com" + ], + "toUser": [ + { + "entity_id": "37bf0b54-5136-49e7-82c8-58f85d42b333", + "entity_type": "office365_emails_user", + "mail": null + } + ], + "cc": [], + "ccUser": [], + "bcc": [], + "bccUser": [], + "replyToEmail": null, + "replyToNickname": null, + "isRead": null, + "isDeleted": false, + "isIncoming": true, + "isInternal": false, + "isOutgoing": false, + "isQuarantined": false, + "isQuarantineNotification": false, + "isRestored": true, + "isRestoreRequested": false, + "isRestoreDeclined": false, + "saasSpamVerdict": "-1", + "SpfResult": "pass", + "restoreRequestTime": null + }, + "entitySecurityResult": { + "combinedVerdict": { + "ap": "clean", + "dlp": null, + "clicktimeProtection": null, + "shadowIt": "clean", + "av": null + }, + "ap": [ + { + "entityId": "387791d2a40b948abee1cdd0f19ab478", + "entityType": "office365_emails_email", + "payload": { + "reasons_by_category_list": [ + "Email Headers", + "Domain Impersonation", + "Sender Reputation" + ], + "reasons_by_category": { + "Email Headers": [ + { + "short_text": "Missing DMARC", + "full_text": "The email's header suggest that DMARC signature is missing/invalid" + } + ], + "Domain Impersonation": [ + { + "short_text": "SPF check failed when checking sending IP: 10.10.10.10 for domain avtestqa.com", + "full_text": "The email 'from' address doesn't pass the SPF-check" + } + ], + "Sender Reputation": [ + { + "short_text": "Insignificant historical reputation with sender", + "full_text": "The sending email address hasn't established significant historical reputation with your domain" + }, + { + "short_text": "Low-traffic 'From'-domain", + "full_text": "The sender's domain has very low traffic - often indicating low-trust domains" + } + ] + }, + "reasons": [ + "First Time Sender" + ] + }, + "score": "108.677335", + "securityResultEntityId": "387791d2a40b948abee1cdd0f19ab478", + "securityResultEntityType": "avanan_ap_scan", + "statusCode": "0", + "statusDescription": null, + "verdict": "clean" + } + ], + "dlp": null, + "clicktimeProtection": null, + "shadowIt": [ + { + "entityId": "387791d2a40b948abee1cdd0f19ab478", + "entityType": "office365_emails_email", + "payload": { + "from": "Automation@avtestqa.com", + "subject": "aut_clean_prod3_17__070823_00_38_27_657038", + "domain": "" + }, + "score": "0", + "securityResultEntityId": "387791d2a40b948abee1cdd0f19ab478", + "securityResultEntityType": "shadow_it_emails_scan", + "statusCode": "clean", + "statusDescription": "Clean", + "verdict": "clean" + } + ], + "av": null + }, + "entityActions": [], + "entityAvailableActions": [] + }, + { + "entityInfo": { + "entityId": "f0fda7b572e69176188bf0332fc59188", + "customerId": "prod-3-con-lab44", + "customerOem": "Avanan", + "saas": "office365_emails", + "saasEntityType": "office365_emails_email", + "entityCreated": "2023-08-07T00:41:04.618352Z", + "entityUpdated": "2023-08-07T00:41:10.282286Z", + "entityActionState": null + }, + "entityPayload": { + "internetMessageId": "<00000000.00000000000000.00000000000000.00000000@mail.example.com>", + "subject": "AUT-clean-qa1-4-_070823_00_40_49_014194", + "received": "2023-08-07T00:40:50Z", + "size": null, + "emailLinks": [], + "attachmentCount": 0, + "attachments": [], + "mode": "monitor", + "recipients": [ + "user3@avananlab44.onmicrosoft.com" + ], + "fromEmail": "Automation@avtestqa.com", + "fromDomain": "avtestqa.com", + "fromUser": {}, + "fromName": "", + "to": [ + "user3@avananlab44.onmicrosoft.com" + ], + "toUser": [ + { + "entity_id": "1ec5d519-54a5-40fa-9651-19d7286710df", + "entity_type": "office365_emails_user", + "mail": null + } + ], + "cc": [], + "ccUser": [], + "bcc": [], + "bccUser": [], + "replyToEmail": "Automation@avtestqa.com", + "replyToNickname": "", + "isRead": null, + "isDeleted": false, + "isIncoming": true, + "isInternal": false, + "isOutgoing": false, + "isQuarantined": false, + "isQuarantineNotification": false, + "isRestored": false, + "isRestoreRequested": false, + "isRestoreDeclined": false, + "saasSpamVerdict": "-1", + "SpfResult": "pass", + "restoreRequestTime": null + }, + "entitySecurityResult": { + "combinedVerdict": { + "ap": "clean", + "dlp": null, + "clicktimeProtection": null, + "shadowIt": "clean", + "av": null + }, + "ap": [ + { + "entityId": "f0fda7b572e69176188bf0332fc59188", + "entityType": "office365_emails_email", + "payload": { + "reasons_by_category_list": [ + "Email Headers", + "Sender Reputation" + ], + "reasons_by_category": { + "Email Headers": [ + { + "short_text": "Missing DMARC", + "full_text": "The email's header suggest that DMARC signature is missing/invalid" + } + ], + "Sender Reputation": [ + { + "short_text": "Insignificant historical reputation with sender", + "full_text": "The sending email address hasn't established significant historical reputation with your domain" + }, + { + "short_text": "Low-traffic 'From'-domain", + "full_text": "The sender's domain has very low traffic - often indicating low-trust domains" + } + ] + }, + "reasons": [ + "First Time Sender" + ] + }, + "score": "42.792424", + "securityResultEntityId": "f0fda7b572e69176188bf0332fc59188", + "securityResultEntityType": "avanan_ap_scan", + "statusCode": "0", + "statusDescription": null, + "verdict": "clean" + } + ], + "dlp": null, + "clicktimeProtection": null, + "shadowIt": [ + { + "entityId": "f0fda7b572e69176188bf0332fc59188", + "entityType": "office365_emails_email", + "payload": { + "from": "Automation@avtestqa.com", + "subject": "AUT-clean-qa1-4-_070823_00_40_49_014194", + "domain": "" + }, + "score": "0", + "securityResultEntityId": "f0fda7b572e69176188bf0332fc59188", + "securityResultEntityType": "shadow_it_emails_scan", + "statusCode": "clean", + "statusDescription": "Clean", + "verdict": "clean" + } + ], + "av": null + }, + "entityActions": [], + "entityAvailableActions": [] + }, + { + "entityInfo": { + "entityId": "3f7e45cd636b4fc78b347f681f0b18f3", + "customerId": "prod-3-con-lab44", + "customerOem": "Avanan", + "saas": "office365_emails", + "saasEntityType": "office365_emails_email", + "entityCreated": "2023-08-07T00:41:24.013944Z", + "entityUpdated": "2023-08-07T00:41:30.743911Z", + "entityActionState": "quarantined" + }, + "entityPayload": { + "internetMessageId": "<00000000.00000000000000.00000000000000.00000000@mail.example.com>", + "subject": "AUT-clicktime-qa-1_070823_03_41_18_715975", + "received": "2023-08-07T00:41:19Z", + "size": null, + "emailLinks": [ + "http://www.xvira-malwareavrad.com", + "https://google.com", + "https://stackoverflow.com" + ], + "attachmentCount": 0, + "attachments": [], + "mode": "inline", + "recipients": [ + "user2@avananlab44.onmicrosoft.com" + ], + "fromEmail": "Automation@avtestqa.com", + "fromDomain": "avtestqa.com", + "fromUser": {}, + "fromName": "", + "to": [ + "user2@avananlab44.onmicrosoft.com" + ], + "toUser": [ + { + "entity_id": "04df0456-6328-4cfe-a285-e41e3d035e9e", + "entity_type": "office365_emails_user", + "mail": null + } + ], + "cc": [], + "ccUser": [], + "bcc": [], + "bccUser": [], + "replyToEmail": "Automation@avtestqa.com", + "replyToNickname": "", + "isRead": null, + "isDeleted": true, + "isIncoming": true, + "isInternal": false, + "isOutgoing": false, + "isQuarantined": true, + "isQuarantineNotification": false, + "isRestored": false, + "isRestoreRequested": false, + "isRestoreDeclined": false, + "saasSpamVerdict": "-1", + "SpfResult": "pass", + "restoreRequestTime": null + }, + "entitySecurityResult": { + "combinedVerdict": { + "ap": "spam", + "dlp": "clean", + "clicktimeProtection": "links_replaced", + "shadowIt": "clean", + "av": null + }, + "ap": [ + { + "entityId": "3f7e45cd636b4fc78b347f681f0b18f3", + "entityType": "office365_emails_email", + "payload": { + "reasons_by_category_list": [ + "Email Headers", + "Sender Reputation", + "Links", + "Email Text" + ], + "reasons_by_category": { + "Links": [ + { + "short_text": "Link to a low-traffic site", + "full_text": "The email contains link to low-traffic web-sites - often indicating low-trust domains" + }, + { + "short_text": "Suspicious-looking link", + "full_text": "The email presents a link that can be misleading (link text vs. actual URL)" + } + ], + "Sender Reputation": [ + { + "short_text": "Insignificant historical reputation with sender", + "full_text": "The sending email address hasn't established significant historical reputation with your domain" + }, + { + "short_text": "Low-traffic 'From'-domain", + "full_text": "The sender's domain has very low traffic - often indicating low-trust domains" + } + ], + "Email Text": [ + { + "short_text": "Suspicious-looking email text", + "full_text": "NLP analysis of the email text indicates a suspicious-looking email content" + } + ], + "Email Headers": [ + { + "short_text": "Missing DMARC", + "full_text": "The email's header suggest that DMARC signature is missing/invalid" + } + ] + }, + "reasons": [] + }, + "score": "275.646318", + "securityResultEntityId": "3f7e45cd636b4fc78b347f681f0b18f3", + "securityResultEntityType": "avanan_ap_scan", + "statusCode": "0", + "statusDescription": null, + "verdict": "spam" + } + ], + "dlp": [ + { + "entityId": "3f7e45cd636b4fc78b347f681f0b18f3", + "entityType": "office365_emails_email", + "payload": { + "matches_dlp_rules": [], + "found_text": [], + "scan_details": [], + "hit_count": 0 + }, + "score": "0", + "securityResultEntityId": "3f7e45cd636b4fc78b347f681f0b18f3", + "securityResultEntityType": "avanan_dlp", + "statusCode": "0", + "statusDescription": "Clean", + "verdict": "clean" + } + ], + "clicktimeProtection": [ + { + "entityId": "3f7e45cd636b4fc78b347f681f0b18f3", + "entityType": "office365_emails_email", + "payload": null, + "score": "0", + "securityResultEntityId": "3f7e45cd636b4fc78b347f681f0b18f3", + "securityResultEntityType": "clicktime_protection_scan", + "statusCode": "0", + "statusDescription": null, + "verdict": "links_replaced" + } + ], + "shadowIt": [ + { + "entityId": "3f7e45cd636b4fc78b347f681f0b18f3", + "entityType": "office365_emails_email", + "payload": { + "from": "Automation@avtestqa.com", + "subject": "AUT-clicktime-qa-1_070823_03_41_18_715975", + "domain": "" + }, + "score": "0", + "securityResultEntityId": "3f7e45cd636b4fc78b347f681f0b18f3", + "securityResultEntityType": "shadow_it_emails_scan", + "statusCode": "clean", + "statusDescription": "Clean", + "verdict": "clean" + } + ], + "av": null + }, + "entityActions": [ + { + "entityActionName": "quarantine", + "entityActionDate": "2023-08-07T00:41:29.033072Z", + "entityActionResponseCode": null, + "entityActionResponseText": null, + "entityActionState": "quarantined" + } + ], + "entityAvailableActions": [] + }, + { + "entityInfo": { + "entityId": "0568b67f6f3e6f3ad946ffdb63375b5a", + "customerId": "prod-3-con-lab44", + "customerOem": "Avanan", + "saas": "office365_emails", + "saasEntityType": "office365_emails_email", + "entityCreated": "2023-08-07T00:41:24.487466Z", + "entityUpdated": "2023-08-07T00:41:38.238913Z", + "entityActionState": null + }, + "entityPayload": { + "internetMessageId": "<00000000.00000000000000.00000000000000.00000000@mail.example.com>", + "subject": "AUT-clicktime-qa-1-ignorelist_070823_03_41_19_103913", + "received": "2023-08-07T00:41:20Z", + "size": null, + "emailLinks": [ + "https://mail.google.com", + "https://www.youtube.com", + "https://yardiasp14.com" + ], + "attachmentCount": 0, + "attachments": [], + "mode": "inline", + "recipients": [ + "user2@avananlab44.onmicrosoft.com" + ], + "fromEmail": "Automation@avtestqa.com", + "fromDomain": "avtestqa.com", + "fromUser": {}, + "fromName": "", + "to": [ + "user2@avananlab44.onmicrosoft.com" + ], + "toUser": [ + { + "entity_id": "04df0456-6328-4cfe-a285-e41e3d035e9e", + "entity_type": "office365_emails_user", + "mail": null + } + ], + "cc": [], + "ccUser": [], + "bcc": [], + "bccUser": [], + "replyToEmail": "Automation@avtestqa.com", + "replyToNickname": "", + "isRead": null, + "isDeleted": false, + "isIncoming": true, + "isInternal": false, + "isOutgoing": false, + "isQuarantined": false, + "isQuarantineNotification": false, + "isRestored": false, + "isRestoreRequested": false, + "isRestoreDeclined": false, + "saasSpamVerdict": "-1", + "SpfResult": "pass", + "restoreRequestTime": null + }, + "entitySecurityResult": { + "combinedVerdict": { + "ap": "clean", + "dlp": "clean", + "clicktimeProtection": "no_links_replaced", + "shadowIt": "clean", + "av": null + }, + "ap": [ + { + "entityId": "0568b67f6f3e6f3ad946ffdb63375b5a", + "entityType": "office365_emails_email", + "payload": { + "reasons_by_category_list": [ + "Email Headers", + "Sender Reputation" + ], + "reasons_by_category": { + "Email Headers": [ + { + "short_text": "Missing DMARC", + "full_text": "The email's header suggest that DMARC signature is missing/invalid" + } + ], + "Sender Reputation": [ + { + "short_text": "Insignificant historical reputation with sender", + "full_text": "The sending email address hasn't established significant historical reputation with your domain" + }, + { + "short_text": "Low-traffic 'From'-domain", + "full_text": "The sender's domain has very low traffic - often indicating low-trust domains" + } + ] + }, + "reasons": [ + "First Time Sender" + ] + }, + "score": "68.697515", + "securityResultEntityId": "0568b67f6f3e6f3ad946ffdb63375b5a", + "securityResultEntityType": "avanan_ap_scan", + "statusCode": "0", + "statusDescription": null, + "verdict": "clean" + } + ], + "dlp": [ + { + "entityId": "0568b67f6f3e6f3ad946ffdb63375b5a", + "entityType": "office365_emails_email", + "payload": { + "matches_dlp_rules": [], + "found_text": [], + "scan_details": [], + "hit_count": 0 + }, + "score": "0", + "securityResultEntityId": "0568b67f6f3e6f3ad946ffdb63375b5a", + "securityResultEntityType": "avanan_dlp", + "statusCode": "0", + "statusDescription": "Clean", + "verdict": "clean" + } + ], + "clicktimeProtection": [ + { + "entityId": "0568b67f6f3e6f3ad946ffdb63375b5a", + "entityType": "office365_emails_email", + "payload": null, + "score": "0", + "securityResultEntityId": "0568b67f6f3e6f3ad946ffdb63375b5a", + "securityResultEntityType": "clicktime_protection_scan", + "statusCode": "0", + "statusDescription": null, + "verdict": "no_links_replaced" + } + ], + "shadowIt": [ + { + "entityId": "0568b67f6f3e6f3ad946ffdb63375b5a", + "entityType": "office365_emails_email", + "payload": { + "from": "Automation@avtestqa.com", + "subject": "AUT-clicktime-qa-1-ignorelist_070823_03_41_19_103913", + "domain": "" + }, + "score": "0", + "securityResultEntityId": "0568b67f6f3e6f3ad946ffdb63375b5a", + "securityResultEntityType": "shadow_it_emails_scan", + "statusCode": "clean", + "statusDescription": "Clean", + "verdict": "clean" + } + ], + "av": null + }, + "entityActions": [], + "entityAvailableActions": [] + }, + { + "entityInfo": { + "entityId": "b7dfff40a7838d204f1c21e85711cedd", + "customerId": "prod-3-con-lab44", + "customerOem": "Avanan", + "saas": "office365_emails", + "saasEntityType": "office365_emails_email", + "entityCreated": "2023-08-07T00:41:24.520346Z", + "entityUpdated": "2023-08-07T00:44:52.588539Z", + "entityActionState": "links_replaced" + }, + "entityPayload": { + "internetMessageId": "<00000000.00000000000000.00000000000000.00000000@mail.example.com>", + "subject": "AUT-clicktime-qa-1-blacklist_070823_03_41_19_868416", + "received": "2023-08-07T00:41:20Z", + "size": null, + "emailLinks": [ + "https://facebook.com" + ], + "attachmentCount": 0, + "attachments": [], + "mode": "inline", + "recipients": [ + "user2@avananlab44.onmicrosoft.com" + ], + "fromEmail": "Automation@avtestqa.com", + "fromDomain": "avtestqa.com", + "fromUser": {}, + "fromName": "", + "to": [ + "user2@avananlab44.onmicrosoft.com" + ], + "toUser": [ + { + "entity_id": "04df0456-6328-4cfe-a285-e41e3d035e9e", + "entity_type": "office365_emails_user", + "mail": null + } + ], + "cc": [], + "ccUser": [], + "bcc": [], + "bccUser": [], + "replyToEmail": "Automation@avtestqa.com", + "replyToNickname": "", + "isRead": null, + "isDeleted": false, + "isIncoming": true, + "isInternal": false, + "isOutgoing": false, + "isQuarantined": false, + "isQuarantineNotification": false, + "isRestored": false, + "isRestoreRequested": false, + "isRestoreDeclined": false, + "saasSpamVerdict": "-1", + "SpfResult": "pass", + "restoreRequestTime": null + }, + "entitySecurityResult": { + "combinedVerdict": { + "ap": "clean", + "dlp": "clean", + "clicktimeProtection": "malicious_url", + "shadowIt": "clean", + "av": null + }, + "ap": [ + { + "entityId": "b7dfff40a7838d204f1c21e85711cedd", + "entityType": "office365_emails_email", + "payload": { + "reasons_by_category_list": [ + "Email Headers", + "Sender Reputation" + ], + "reasons_by_category": { + "Email Headers": [ + { + "short_text": "Missing DMARC", + "full_text": "The email's header suggest that DMARC signature is missing/invalid" + } + ], + "Sender Reputation": [ + { + "short_text": "Insignificant historical reputation with sender", + "full_text": "The sending email address hasn't established significant historical reputation with your domain" + }, + { + "short_text": "Low-traffic 'From'-domain", + "full_text": "The sender's domain has very low traffic - often indicating low-trust domains" + } + ] + }, + "reasons": [ + "First Time Sender" + ] + }, + "score": "52.964422", + "securityResultEntityId": "b7dfff40a7838d204f1c21e85711cedd", + "securityResultEntityType": "avanan_ap_scan", + "statusCode": "0", + "statusDescription": null, + "verdict": "clean" + } + ], + "dlp": [ + { + "entityId": "b7dfff40a7838d204f1c21e85711cedd", + "entityType": "office365_emails_email", + "payload": { + "matches_dlp_rules": [], + "found_text": [], + "scan_details": [], + "hit_count": 0 + }, + "score": "0", + "securityResultEntityId": "b7dfff40a7838d204f1c21e85711cedd", + "securityResultEntityType": "avanan_dlp", + "statusCode": "0", + "statusDescription": "Clean", + "verdict": "clean" + } + ], + "clicktimeProtection": [ + { + "entityId": "b7dfff40a7838d204f1c21e85711cedd", + "entityType": "office365_emails_email", + "payload": null, + "score": "0", + "securityResultEntityId": "b7dfff40a7838d204f1c21e85711cedd", + "securityResultEntityType": "clicktime_protection_scan", + "statusCode": "0", + "statusDescription": null, + "verdict": "malicious_url" + } + ], + "shadowIt": [ + { + "entityId": "b7dfff40a7838d204f1c21e85711cedd", + "entityType": "office365_emails_email", + "payload": { + "subject": "AUT-clicktime-qa-1-blacklist_070823_03_41_19_868416", + "from": "Automation@avtestqa.com", + "domain": "" + }, + "score": "0", + "securityResultEntityId": "b7dfff40a7838d204f1c21e85711cedd", + "securityResultEntityType": "shadow_it_emails_scan", + "statusCode": "clean", + "statusDescription": "Clean", + "verdict": "clean" + } + ], + "av": null + }, + "entityActions": [ + { + "entityActionName": "body_change", + "entityActionDate": "2023-08-07T00:41:24.520346Z", + "entityActionResponseCode": null, + "entityActionResponseText": null, + "entityActionState": "body_changed" + }, + { + "entityActionName": "links_replace", + "entityActionDate": "2023-08-07T00:41:24.520346Z", + "entityActionResponseCode": null, + "entityActionResponseText": null, + "entityActionState": "links_replaced" + } + ], + "entityAvailableActions": [] + }, + { + "entityInfo": { + "entityId": "c2815b63c3caadbf0c89ef67e86b6f4a", + "customerId": "prod-3-con-lab44", + "customerOem": "Avanan", + "saas": "office365_emails", + "saasEntityType": "office365_emails_email", + "entityCreated": "2023-08-07T00:41:25.650768Z", + "entityUpdated": "2023-08-07T00:41:36.347426Z", + "entityActionState": "links_replaced" + }, + "entityPayload": { + "internetMessageId": "<00000000.00000000000000.00000000000000.00000000@mail.example.com>", + "subject": "AUT-clicktime-qa-1-whitelist_070823_03_41_19_509772", + "received": "2023-08-07T00:41:20Z", + "size": null, + "emailLinks": [ + "http://www.xvirb-malwareavrad.com" + ], + "attachmentCount": 0, + "attachments": [], + "mode": "inline", + "recipients": [ + "user2@avananlab44.onmicrosoft.com" + ], + "fromEmail": "Automation@avtestqa.com", + "fromDomain": "avtestqa.com", + "fromUser": {}, + "fromName": "", + "to": [ + "user2@avananlab44.onmicrosoft.com" + ], + "toUser": [ + { + "entity_id": "04df0456-6328-4cfe-a285-e41e3d035e9e", + "entity_type": "office365_emails_user", + "mail": null + } + ], + "cc": [], + "ccUser": [], + "bcc": [], + "bccUser": [], + "replyToEmail": "Automation@avtestqa.com", + "replyToNickname": "", + "isRead": null, + "isDeleted": false, + "isIncoming": true, + "isInternal": false, + "isOutgoing": false, + "isQuarantined": false, + "isQuarantineNotification": false, + "isRestored": false, + "isRestoreRequested": false, + "isRestoreDeclined": false, + "saasSpamVerdict": "-1", + "SpfResult": "pass", + "restoreRequestTime": null + }, + "entitySecurityResult": { + "combinedVerdict": { + "ap": "clean", + "dlp": "clean", + "clicktimeProtection": "links_replaced", + "shadowIt": "clean", + "av": null + }, + "ap": [ + { + "entityId": "c2815b63c3caadbf0c89ef67e86b6f4a", + "entityType": "office365_emails_email", + "payload": { + "reasons_by_category_list": [ + "Email Headers", + "Sender Reputation", + "Links" + ], + "reasons_by_category": { + "Email Headers": [ + { + "short_text": "Missing DMARC", + "full_text": "The email's header suggest that DMARC signature is missing/invalid" + } + ], + "Links": [ + { + "short_text": "Link to a low-traffic site", + "full_text": "The email contains link to low-traffic web-sites - often indicating low-trust domains" + } + ], + "Sender Reputation": [ + { + "short_text": "Insignificant historical reputation with sender", + "full_text": "The sending email address hasn't established significant historical reputation with your domain" + }, + { + "short_text": "Low-traffic 'From'-domain", + "full_text": "The sender's domain has very low traffic - often indicating low-trust domains" + } + ] + }, + "reasons": [ + "First Time Sender" + ] + }, + "score": "148.308417", + "securityResultEntityId": "c2815b63c3caadbf0c89ef67e86b6f4a", + "securityResultEntityType": "avanan_ap_scan", + "statusCode": "0", + "statusDescription": null, + "verdict": "clean" + } + ], + "dlp": [ + { + "entityId": "c2815b63c3caadbf0c89ef67e86b6f4a", + "entityType": "office365_emails_email", + "payload": { + "matches_dlp_rules": [], + "found_text": [], + "scan_details": [], + "hit_count": 0 + }, + "score": "0", + "securityResultEntityId": "c2815b63c3caadbf0c89ef67e86b6f4a", + "securityResultEntityType": "avanan_dlp", + "statusCode": "0", + "statusDescription": "Clean", + "verdict": "clean" + } + ], + "clicktimeProtection": [ + { + "entityId": "c2815b63c3caadbf0c89ef67e86b6f4a", + "entityType": "office365_emails_email", + "payload": null, + "score": "0", + "securityResultEntityId": "c2815b63c3caadbf0c89ef67e86b6f4a", + "securityResultEntityType": "clicktime_protection_scan", + "statusCode": "0", + "statusDescription": null, + "verdict": "links_replaced" + } + ], + "shadowIt": [ + { + "entityId": "c2815b63c3caadbf0c89ef67e86b6f4a", + "entityType": "office365_emails_email", + "payload": { + "from": "Automation@avtestqa.com", + "subject": "AUT-clicktime-qa-1-whitelist_070823_03_41_19_509772", + "domain": "" + }, + "score": "0", + "securityResultEntityId": "c2815b63c3caadbf0c89ef67e86b6f4a", + "securityResultEntityType": "shadow_it_emails_scan", + "statusCode": "clean", + "statusDescription": "Clean", + "verdict": "clean" + } + ], + "av": null + }, + "entityActions": [ + { + "entityActionName": "body_change", + "entityActionDate": "2023-08-07T00:41:25.650768Z", + "entityActionResponseCode": null, + "entityActionResponseText": null, + "entityActionState": "body_changed" + }, + { + "entityActionName": "links_replace", + "entityActionDate": "2023-08-07T00:41:25.650768Z", + "entityActionResponseCode": null, + "entityActionResponseText": null, + "entityActionState": "links_replaced" + } + ], + "entityAvailableActions": [] + }, + { + "entityInfo": { + "entityId": "6454cedfa600c62c8831f8d434ebe473", + "customerId": "prod-3-con-lab44", + "customerOem": "Avanan", + "saas": "office365_emails", + "saasEntityType": "office365_emails_email", + "entityCreated": "2023-08-07T00:41:27.916864Z", + "entityUpdated": "2023-08-07T00:41:42.471251Z", + "entityActionState": "links_replaced" + }, + "entityPayload": { + "internetMessageId": "<00000000.00000000000000.00000000000000.00000000@mail.example.com>", + "subject": "AUT-clicktime-qa-1-special-urls_070823_03_41_20_217946", + "received": "2023-08-07T00:41:22Z", + "size": null, + "emailLinks": [ + "https://hengold.github.io/clicktime_url/?url=!*", + "https://hengold.github.io/clicktime_url/?url=!*'();:@&=+$,/?%#[]/", + "https://hengold.github.io/clicktime_url/?\u043f\u0440\u0430\u0432\u0438\u0442\u0435\u043b\u044c\u0441\u0442\u0432\u043e/", + "https://hengold.github.io/clicktime_url/?\u05d1\u05e2\u05d1\u05e8\u05d9\u05ea/", + "https://hengold.github.io/clicktime_url/?\u4e2d\u6587/" + ], + "attachmentCount": 0, + "attachments": [], + "mode": "inline", + "recipients": [ + "user2@avananlab44.onmicrosoft.com" + ], + "fromEmail": "Automation@avtestqa.com", + "fromDomain": "avtestqa.com", + "fromUser": {}, + "fromName": "", + "to": [ + "user2@avananlab44.onmicrosoft.com" + ], + "toUser": [ + { + "entity_id": "04df0456-6328-4cfe-a285-e41e3d035e9e", + "entity_type": "office365_emails_user", + "mail": null + } + ], + "cc": [], + "ccUser": [], + "bcc": [], + "bccUser": [], + "replyToEmail": "Automation@avtestqa.com", + "replyToNickname": "", + "isRead": null, + "isDeleted": false, + "isIncoming": true, + "isInternal": false, + "isOutgoing": false, + "isQuarantined": false, + "isQuarantineNotification": false, + "isRestored": false, + "isRestoreRequested": false, + "isRestoreDeclined": false, + "saasSpamVerdict": "-1", + "SpfResult": "pass", + "restoreRequestTime": null + }, + "entitySecurityResult": { + "combinedVerdict": { + "ap": "clean", + "dlp": "clean", + "clicktimeProtection": "links_replaced", + "shadowIt": "clean", + "av": null + }, + "ap": [ + { + "entityId": "6454cedfa600c62c8831f8d434ebe473", + "entityType": "office365_emails_email", + "payload": { + "reasons_by_category_list": [ + "Email Headers", + "Sender Reputation", + "Links" + ], + "reasons_by_category": { + "Email Headers": [ + { + "short_text": "Missing DMARC", + "full_text": "The email's header suggest that DMARC signature is missing/invalid" + } + ], + "Links": [ + { + "short_text": "Suspicious-looking link", + "full_text": "Some of the links in the email has suspicious format - often used by Phishing emails" + }, + { + "short_text": "Link to a low-traffic site", + "full_text": "The email contains link to low-traffic web-sites - often indicating low-trust domains" + } + ], + "Sender Reputation": [ + { + "short_text": "Insignificant historical reputation with sender", + "full_text": "The sending email address hasn't established significant historical reputation with your domain" + }, + { + "short_text": "Low-traffic 'From'-domain", + "full_text": "The sender's domain has very low traffic - often indicating low-trust domains" + } + ] + }, + "reasons": [ + "First Time Sender" + ] + }, + "score": "45.599355", + "securityResultEntityId": "6454cedfa600c62c8831f8d434ebe473", + "securityResultEntityType": "avanan_ap_scan", + "statusCode": "0", + "statusDescription": null, + "verdict": "clean" + } + ], + "dlp": [ + { + "entityId": "6454cedfa600c62c8831f8d434ebe473", + "entityType": "office365_emails_email", + "payload": { + "matches_dlp_rules": [], + "found_text": [], + "scan_details": [], + "hit_count": 0 + }, + "score": "0", + "securityResultEntityId": "6454cedfa600c62c8831f8d434ebe473", + "securityResultEntityType": "avanan_dlp", + "statusCode": "0", + "statusDescription": "Clean", + "verdict": "clean" + } + ], + "clicktimeProtection": [ + { + "entityId": "6454cedfa600c62c8831f8d434ebe473", + "entityType": "office365_emails_email", + "payload": null, + "score": "0", + "securityResultEntityId": "6454cedfa600c62c8831f8d434ebe473", + "securityResultEntityType": "clicktime_protection_scan", + "statusCode": "0", + "statusDescription": null, + "verdict": "links_replaced" + } + ], + "shadowIt": [ + { + "entityId": "6454cedfa600c62c8831f8d434ebe473", + "entityType": "office365_emails_email", + "payload": { + "from": "Automation@avtestqa.com", + "subject": "AUT-clicktime-qa-1-special-urls_070823_03_41_20_217946", + "domain": "" + }, + "score": "0", + "securityResultEntityId": "6454cedfa600c62c8831f8d434ebe473", + "securityResultEntityType": "shadow_it_emails_scan", + "statusCode": "clean", + "statusDescription": "Clean", + "verdict": "clean" + } + ], + "av": null + }, + "entityActions": [ + { + "entityActionName": "body_change", + "entityActionDate": "2023-08-07T00:41:27.916864Z", + "entityActionResponseCode": null, + "entityActionResponseText": null, + "entityActionState": "body_changed" + }, + { + "entityActionName": "links_replace", + "entityActionDate": "2023-08-07T00:41:27.916864Z", + "entityActionResponseCode": null, + "entityActionResponseText": null, + "entityActionState": "links_replaced" + } + ], + "entityAvailableActions": [] + }, + { + "entityInfo": { + "entityId": "06d41d4c112802af7dfd250d05dbd103", + "customerId": "prod-3-con-lab44", + "customerOem": "Avanan", + "saas": "office365_emails", + "saasEntityType": "office365_emails_email", + "entityCreated": "2023-08-07T00:44:53.987615Z", + "entityUpdated": "2023-08-07T00:44:57.791695Z", + "entityActionState": null + }, + "entityPayload": { + "internetMessageId": "<00000000.00000000000000.00000000000000.00000000@mail.example.com>", + "subject": "AUT-clean-qa1-4-_070823_00_44_44_526852", + "received": "2023-08-07T00:44:45Z", + "size": null, + "emailLinks": [], + "attachmentCount": 0, + "attachments": [], + "mode": "monitor", + "recipients": [ + "user3@avananlab44.onmicrosoft.com" + ], + "fromEmail": "Automation@avtestqa.com", + "fromDomain": "avtestqa.com", + "fromUser": {}, + "fromName": "", + "to": [ + "user3@avananlab44.onmicrosoft.com" + ], + "toUser": [ + { + "entity_id": "1ec5d519-54a5-40fa-9651-19d7286710df", + "entity_type": "office365_emails_user", + "mail": null + } + ], + "cc": [], + "ccUser": [], + "bcc": [], + "bccUser": [], + "replyToEmail": "Automation@avtestqa.com", + "replyToNickname": "", + "isRead": null, + "isDeleted": false, + "isIncoming": true, + "isInternal": false, + "isOutgoing": false, + "isQuarantined": false, + "isQuarantineNotification": false, + "isRestored": false, + "isRestoreRequested": false, + "isRestoreDeclined": false, + "saasSpamVerdict": "-1", + "SpfResult": "pass", + "restoreRequestTime": null + }, + "entitySecurityResult": { + "combinedVerdict": { + "ap": "clean", + "dlp": null, + "clicktimeProtection": null, + "shadowIt": "clean", + "av": null + }, + "ap": [ + { + "entityId": "06d41d4c112802af7dfd250d05dbd103", + "entityType": "office365_emails_email", + "payload": { + "reasons_by_category_list": [ + "Email Headers", + "Sender Reputation" + ], + "reasons_by_category": { + "Email Headers": [ + { + "short_text": "Missing DMARC", + "full_text": "The email's header suggest that DMARC signature is missing/invalid" + } + ], + "Sender Reputation": [ + { + "short_text": "Insignificant historical reputation with sender", + "full_text": "The sending email address hasn't established significant historical reputation with your domain" + }, + { + "short_text": "Low-traffic 'From'-domain", + "full_text": "The sender's domain has very low traffic - often indicating low-trust domains" + } + ] + }, + "reasons": [ + "First Time Sender" + ] + }, + "score": "42.792424", + "securityResultEntityId": "06d41d4c112802af7dfd250d05dbd103", + "securityResultEntityType": "avanan_ap_scan", + "statusCode": "0", + "statusDescription": null, + "verdict": "clean" + } + ], + "dlp": null, + "clicktimeProtection": null, + "shadowIt": [ + { + "entityId": "06d41d4c112802af7dfd250d05dbd103", + "entityType": "office365_emails_email", + "payload": { + "from": "Automation@avtestqa.com", + "subject": "AUT-clean-qa1-4-_070823_00_44_44_526852", + "domain": "" + }, + "score": "0", + "securityResultEntityId": "06d41d4c112802af7dfd250d05dbd103", + "securityResultEntityType": "shadow_it_emails_scan", + "statusCode": "clean", + "statusDescription": "Clean", + "verdict": "clean" + } + ], + "av": null + }, + "entityActions": [], + "entityAvailableActions": [] + }, + { + "entityInfo": { + "entityId": "06c484917b9ae7737ef6c145de89dbda", + "customerId": "prod-3-con-lab44", + "customerOem": "Avanan", + "saas": "office365_emails", + "saasEntityType": "office365_emails_email", + "entityCreated": "2023-08-07T00:44:57.313659Z", + "entityUpdated": "2023-08-07T00:45:05.318853Z", + "entityActionState": "quarantined" + }, + "entityPayload": { + "internetMessageId": "<01000189cd74260c-f2f896a5-9b2a-42b6-9aba-111eb6e4f3f3-000000@email.amazonses.com>", + "subject": "aut_quar_prod3_17__070823_00_44_48_474253", + "received": "2023-08-07T00:44:50Z", + "size": null, + "emailLinks": [], + "attachmentCount": 1, + "attachments": [ + { + "name": "avanan_malicious_53_070823_00_44_48_1691369088.pdf", + "mimetype": "application/pdf", + "size": 2066, + "MD5": "57a1ace5e373537ef2d0c5b6f5b536c3" + } + ], + "mode": "monitor", + "recipients": [ + "user3@avananlab44.onmicrosoft.com" + ], + "fromEmail": "Automation@avtestqa.com", + "fromDomain": "avtestqa.com", + "fromUser": {}, + "fromName": "", + "to": [ + "user3@avananlab44.onmicrosoft.com" + ], + "toUser": [ + { + "entity_id": "1ec5d519-54a5-40fa-9651-19d7286710df", + "entity_type": "office365_emails_user", + "mail": null + } + ], + "cc": [], + "ccUser": [], + "bcc": [], + "bccUser": [], + "replyToEmail": null, + "replyToNickname": null, + "isRead": null, + "isDeleted": true, + "isIncoming": true, + "isInternal": false, + "isOutgoing": false, + "isQuarantined": true, + "isQuarantineNotification": false, + "isRestored": false, + "isRestoreRequested": false, + "isRestoreDeclined": false, + "saasSpamVerdict": "-1", + "SpfResult": "pass", + "restoreRequestTime": null + }, + "entitySecurityResult": { + "combinedVerdict": { + "ap": "clean", + "dlp": null, + "clicktimeProtection": null, + "shadowIt": "clean", + "av": "malicious" + }, + "ap": [ + { + "entityId": "06c484917b9ae7737ef6c145de89dbda", + "entityType": "office365_emails_email", + "payload": { + "reasons_by_category_list": [ + "Email Headers", + "Domain Impersonation", + "Sender Reputation" + ], + "reasons_by_category": { + "Email Headers": [ + { + "short_text": "Missing DMARC", + "full_text": "The email's header suggest that DMARC signature is missing/invalid" + } + ], + "Domain Impersonation": [ + { + "short_text": "SPF check failed when checking sending IP: 10.10.10.10 for domain avtestqa.com", + "full_text": "The email 'from' address doesn't pass the SPF-check" + } + ], + "Sender Reputation": [ + { + "short_text": "Insignificant historical reputation with sender", + "full_text": "The sending email address hasn't established significant historical reputation with your domain" + }, + { + "short_text": "Low-traffic 'From'-domain", + "full_text": "The sender's domain has very low traffic - often indicating low-trust domains" + } + ] + }, + "reasons": [ + "First Time Sender" + ] + }, + "score": "37.394969", + "securityResultEntityId": "06c484917b9ae7737ef6c145de89dbda", + "securityResultEntityType": "avanan_ap_scan", + "statusCode": "0", + "statusDescription": null, + "verdict": "clean" + } + ], + "dlp": null, + "clicktimeProtection": null, + "shadowIt": [ + { + "entityId": "06c484917b9ae7737ef6c145de89dbda", + "entityType": "office365_emails_email", + "payload": { + "from": "Automation@avtestqa.com", + "subject": "aut_quar_prod3_17__070823_00_44_48_474253", + "domain": "" + }, + "score": "0", + "securityResultEntityId": "06c484917b9ae7737ef6c145de89dbda", + "securityResultEntityType": "shadow_it_emails_scan", + "statusCode": "clean", + "statusDescription": "Clean", + "verdict": "clean" + } + ], + "av": [ + { + "entityId": "fdf469fe67e26c66d49551da4588c8f358fb8f30", + "entityType": "office365_emails_attachment", + "payload": { + "scan_details": [ + "Dummy Core Detection" + ] + }, + "score": "100", + "securityResultEntityId": "fdf469fe67e26c66d49551da4588c8f358fb8f30", + "securityResultEntityType": "checkpoint2", + "statusCode": "0", + "statusDescription": "Dummy Core Detection", + "verdict": "malicious" + } + ] + }, + "entityActions": [ + { + "entityActionName": "quarantine", + "entityActionDate": "2023-08-07T00:45:05.064158Z", + "entityActionResponseCode": null, + "entityActionResponseText": null, + "entityActionState": "quarantined" + } + ], + "entityAvailableActions": [] + }, + { + "entityInfo": { + "entityId": "cb7714713336eac22c45052af41635f4", + "customerId": "prod-3-con-lab44", + "customerOem": "Avanan", + "saas": "office365_emails", + "saasEntityType": "office365_emails_email", + "entityCreated": "2023-08-07T00:44:59.424099Z", + "entityUpdated": "2023-08-07T00:45:13.768062Z", + "entityActionState": null + }, + "entityPayload": { + "internetMessageId": "<01000189cd7424a8-c1683679-e937-4cf4-9002-62cc1c7bef48-000000@email.amazonses.com>", + "subject": "aut_clean_prod3_17__070823_00_44_48_125774", + "received": "2023-08-07T00:44:49Z", + "size": null, + "emailLinks": [], + "attachmentCount": 0, + "attachments": [], + "mode": "inline", + "recipients": [ + "user2@avananlab44.onmicrosoft.com" + ], + "fromEmail": "Automation@avtestqa.com", + "fromDomain": "avtestqa.com", + "fromUser": {}, + "fromName": "", + "to": [ + "user2@avananlab44.onmicrosoft.com" + ], + "toUser": [ + { + "entity_id": "04df0456-6328-4cfe-a285-e41e3d035e9e", + "entity_type": "office365_emails_user", + "mail": null + } + ], + "cc": [], + "ccUser": [], + "bcc": [], + "bccUser": [], + "replyToEmail": null, + "replyToNickname": null, + "isRead": null, + "isDeleted": false, + "isIncoming": true, + "isInternal": false, + "isOutgoing": false, + "isQuarantined": false, + "isQuarantineNotification": false, + "isRestored": false, + "isRestoreRequested": false, + "isRestoreDeclined": false, + "saasSpamVerdict": "-1", + "SpfResult": "pass", + "restoreRequestTime": null + }, + "entitySecurityResult": { + "combinedVerdict": { + "ap": "clean", + "dlp": "clean", + "clicktimeProtection": "no_links_replaced", + "shadowIt": "clean", + "av": null + }, + "ap": [ + { + "entityId": "cb7714713336eac22c45052af41635f4", + "entityType": "office365_emails_email", + "payload": { + "reasons_by_category_list": [ + "Email Headers", + "Domain Impersonation", + "Sender Reputation" + ], + "reasons_by_category": { + "Email Headers": [ + { + "short_text": "Missing DMARC", + "full_text": "The email's header suggest that DMARC signature is missing/invalid" + } + ], + "Domain Impersonation": [ + { + "short_text": "SPF check failed when checking sending IP: 10.10.10.10 for domain avtestqa.com", + "full_text": "The email 'from' address doesn't pass the SPF-check" + } + ], + "Sender Reputation": [ + { + "short_text": "Insignificant historical reputation with sender", + "full_text": "The sending email address hasn't established significant historical reputation with your domain" + }, + { + "short_text": "Low-traffic 'From'-domain", + "full_text": "The sender's domain has very low traffic - often indicating low-trust domains" + } + ] + }, + "reasons": [ + "First Time Sender" + ] + }, + "score": "125.763193", + "securityResultEntityId": "cb7714713336eac22c45052af41635f4", + "securityResultEntityType": "avanan_ap_scan", + "statusCode": "0", + "statusDescription": null, + "verdict": "clean" + } + ], + "dlp": [ + { + "entityId": "cb7714713336eac22c45052af41635f4", + "entityType": "office365_emails_email", + "payload": { + "matches_dlp_rules": [], + "found_text": [], + "scan_details": [], + "hit_count": 0 + }, + "score": "0", + "securityResultEntityId": "cb7714713336eac22c45052af41635f4", + "securityResultEntityType": "avanan_dlp", + "statusCode": "0", + "statusDescription": "Clean", + "verdict": "clean" + } + ], + "clicktimeProtection": [ + { + "entityId": "cb7714713336eac22c45052af41635f4", + "entityType": "office365_emails_email", + "payload": null, + "score": "0", + "securityResultEntityId": "cb7714713336eac22c45052af41635f4", + "securityResultEntityType": "clicktime_protection_scan", + "statusCode": "0", + "statusDescription": null, + "verdict": "no_links_replaced" + } + ], + "shadowIt": [ + { + "entityId": "cb7714713336eac22c45052af41635f4", + "entityType": "office365_emails_email", + "payload": { + "from": "Automation@avtestqa.com", + "subject": "aut_clean_prod3_17__070823_00_44_48_125774", + "domain": "" + }, + "score": "0", + "securityResultEntityId": "cb7714713336eac22c45052af41635f4", + "securityResultEntityType": "shadow_it_emails_scan", + "statusCode": "clean", + "statusDescription": "Clean", + "verdict": "clean" + } + ], + "av": null + }, + "entityActions": [], + "entityAvailableActions": [] + }, + { + "entityInfo": { + "entityId": "3fcb8ec01d38974550554f99b8838efc", + "customerId": "prod-3-con-lab44", + "customerOem": "Avanan", + "saas": "office365_emails", + "saasEntityType": "office365_emails_email", + "entityCreated": "2023-08-07T00:44:59.546368Z", + "entityUpdated": "2023-08-07T00:45:14.538074Z", + "entityActionState": "quarantined" + }, + "entityPayload": { + "internetMessageId": "<01000189cd742347-2d92ce4c-5529-46bc-a11b-ad9e85a0c390-000000@email.amazonses.com>", + "subject": "aut_quar_prod3_17__070823_00_44_47_764454", + "received": "2023-08-07T00:44:49Z", + "size": null, + "emailLinks": [], + "attachmentCount": 1, + "attachments": [ + { + "name": "avanan_malicious_57_070823_00_44_47_1691369087.pdf", + "mimetype": "application/pdf", + "size": 2069, + "MD5": "0b0cad0167740b88ab914e0e50905b71" + } + ], + "mode": "inline", + "recipients": [ + "user2@avananlab44.onmicrosoft.com" + ], + "fromEmail": "Automation@avtestqa.com", + "fromDomain": "avtestqa.com", + "fromUser": {}, + "fromName": "", + "to": [ + "user2@avananlab44.onmicrosoft.com" + ], + "toUser": [ + { + "entity_id": "04df0456-6328-4cfe-a285-e41e3d035e9e", + "entity_type": "office365_emails_user", + "mail": null + } + ], + "cc": [], + "ccUser": [], + "bcc": [], + "bccUser": [], + "replyToEmail": null, + "replyToNickname": null, + "isRead": null, + "isDeleted": true, + "isIncoming": true, + "isInternal": false, + "isOutgoing": false, + "isQuarantined": true, + "isQuarantineNotification": false, + "isRestored": false, + "isRestoreRequested": false, + "isRestoreDeclined": false, + "saasSpamVerdict": "-1", + "SpfResult": "pass", + "restoreRequestTime": null + }, + "entitySecurityResult": { + "combinedVerdict": { + "ap": "clean", + "dlp": "clean", + "clicktimeProtection": "no_links_replaced", + "shadowIt": "clean", + "av": "malicious" + }, + "ap": [ + { + "entityId": "3fcb8ec01d38974550554f99b8838efc", + "entityType": "office365_emails_email", + "payload": { + "reasons_by_category_list": [ + "Email Headers", + "Domain Impersonation", + "Sender Reputation" + ], + "reasons_by_category": { + "Email Headers": [ + { + "short_text": "Missing DMARC", + "full_text": "The email's header suggest that DMARC signature is missing/invalid" + } + ], + "Domain Impersonation": [ + { + "short_text": "SPF check failed when checking sending IP: 10.10.10.10 for domain avtestqa.com", + "full_text": "The email 'from' address doesn't pass the SPF-check" + } + ], + "Sender Reputation": [ + { + "short_text": "Insignificant historical reputation with sender", + "full_text": "The sending email address hasn't established significant historical reputation with your domain" + }, + { + "short_text": "Low-traffic 'From'-domain", + "full_text": "The sender's domain has very low traffic - often indicating low-trust domains" + } + ] + }, + "reasons": [ + "First Time Sender" + ] + }, + "score": "33.833035", + "securityResultEntityId": "3fcb8ec01d38974550554f99b8838efc", + "securityResultEntityType": "avanan_ap_scan", + "statusCode": "0", + "statusDescription": null, + "verdict": "clean" + } + ], + "dlp": [ + { + "entityId": "3fcb8ec01d38974550554f99b8838efc", + "entityType": "office365_emails_email", + "payload": { + "matches_dlp_rules": [], + "found_text": [], + "scan_details": [], + "hit_count": 0 + }, + "score": "0", + "securityResultEntityId": "3fcb8ec01d38974550554f99b8838efc", + "securityResultEntityType": "avanan_dlp", + "statusCode": "0", + "statusDescription": "Clean", + "verdict": "clean" + }, + { + "entityId": "23d153ad643cfe3ec30748849367f3d3a8186513", + "entityType": "office365_emails_attachment", + "payload": { + "matches_dlp_rules": [], + "found_text": [], + "scan_details": [], + "hit_count": 0 + }, + "score": "0", + "securityResultEntityId": "23d153ad643cfe3ec30748849367f3d3a8186513", + "securityResultEntityType": "avanan_dlp", + "statusCode": "0", + "statusDescription": "Clean", + "verdict": "clean" + } + ], + "clicktimeProtection": [ + { + "entityId": "3fcb8ec01d38974550554f99b8838efc", + "entityType": "office365_emails_email", + "payload": null, + "score": "0", + "securityResultEntityId": "3fcb8ec01d38974550554f99b8838efc", + "securityResultEntityType": "clicktime_protection_scan", + "statusCode": "0", + "statusDescription": null, + "verdict": "no_links_replaced" + } + ], + "shadowIt": [ + { + "entityId": "3fcb8ec01d38974550554f99b8838efc", + "entityType": "office365_emails_email", + "payload": { + "from": "Automation@avtestqa.com", + "subject": "aut_quar_prod3_17__070823_00_44_47_764454", + "domain": "" + }, + "score": "0", + "securityResultEntityId": "3fcb8ec01d38974550554f99b8838efc", + "securityResultEntityType": "shadow_it_emails_scan", + "statusCode": "clean", + "statusDescription": "Clean", + "verdict": "clean" + } + ], + "av": [ + { + "entityId": "23d153ad643cfe3ec30748849367f3d3a8186513", + "entityType": "office365_emails_attachment", + "payload": { + "scan_details": [ + "Dummy Core Detection" + ] + }, + "score": "100", + "securityResultEntityId": "23d153ad643cfe3ec30748849367f3d3a8186513", + "securityResultEntityType": "checkpoint2", + "statusCode": "0", + "statusDescription": "Dummy Core Detection", + "verdict": "malicious" + } + ] + }, + "entityActions": [ + { + "entityActionName": "quarantine", + "entityActionDate": "2023-08-07T00:45:12.685968Z", + "entityActionResponseCode": null, + "entityActionResponseText": null, + "entityActionState": "quarantined" + } + ], + "entityAvailableActions": [] + }, + { + "entityInfo": { + "entityId": "d7a2bb4ec0ede75e1e4f369c74d96fe1", + "customerId": "prod-3-con-lab44", + "customerOem": "Avanan", + "saas": "office365_emails", + "saasEntityType": "office365_emails_email", + "entityCreated": "2023-08-07T00:44:59.800856Z", + "entityUpdated": "2023-08-07T00:45:14.478277Z", + "entityActionState": "links_replaced" + }, + "entityPayload": { + "internetMessageId": "<01000189cd742405-d34efd8e-259a-4920-b75c-053bcfbee5bc-000000@email.amazonses.com>-alert", + "subject": "Phishing Alert! [aut_phish_prod3_17__070823_00_44_47_955222]", + "received": "2023-08-07T00:44:49Z", + "size": null, + "emailLinks": [ + "http://operatf.xyz/redirect53dfhbhfhfhb" + ], + "attachmentCount": 0, + "attachments": [], + "mode": "inline", + "recipients": [ + "user2@avananlab44.onmicrosoft.com" + ], + "fromEmail": "Automation@avtestqa.com", + "fromDomain": "avtestqa.com", + "fromUser": {}, + "fromName": "", + "to": [ + "user2@avananlab44.onmicrosoft.com" + ], + "toUser": [ + { + "entity_id": "04df0456-6328-4cfe-a285-e41e3d035e9e", + "entity_type": "office365_emails_user", + "mail": null + } + ], + "cc": [], + "ccUser": [], + "bcc": [], + "bccUser": [], + "replyToEmail": null, + "replyToNickname": null, + "isRead": null, + "isDeleted": false, + "isIncoming": true, + "isInternal": false, + "isOutgoing": false, + "isQuarantined": false, + "isQuarantineNotification": false, + "isRestored": false, + "isRestoreRequested": false, + "isRestoreDeclined": false, + "saasSpamVerdict": "-1", + "SpfResult": "pass", + "restoreRequestTime": null + }, + "entitySecurityResult": { + "combinedVerdict": { + "ap": "phishing", + "dlp": "clean", + "clicktimeProtection": "links_replaced", + "shadowIt": "clean", + "av": null + }, + "ap": [ + { + "entityId": "d7a2bb4ec0ede75e1e4f369c74d96fe1", + "entityType": "office365_emails_email", + "payload": { + "reasons_by_category_list": [ + "Email Headers", + "Domain Impersonation", + "Sender Reputation", + "Links" + ], + "reasons_by_category": { + "Links": [ + { + "short_text": "Link to a low-traffic site", + "full_text": "The email contains link to low-traffic web-sites - often indicating low-trust domains" + } + ], + "Domain Impersonation": [ + { + "short_text": "SPF check failed when checking sending IP: 10.10.10.10 for domain avtestqa.com", + "full_text": "The email 'from' address doesn't pass the SPF-check" + } + ], + "Sender Reputation": [ + { + "short_text": "Insignificant historical reputation with sender", + "full_text": "The sending email address hasn't established significant historical reputation with your domain" + }, + { + "short_text": "Low-traffic 'From'-domain", + "full_text": "The sender's domain has very low traffic - often indicating low-trust domains" + } + ], + "Email Headers": [ + { + "short_text": "Missing DMARC", + "full_text": "The email's header suggest that DMARC signature is missing/invalid" + } + ] + }, + "reasons": [] + }, + "score": "234.309006", + "securityResultEntityId": "d7a2bb4ec0ede75e1e4f369c74d96fe1", + "securityResultEntityType": "avanan_ap_scan", + "statusCode": "0", + "statusDescription": null, + "verdict": "phishing" + } + ], + "dlp": [ + { + "entityId": "d7a2bb4ec0ede75e1e4f369c74d96fe1", + "entityType": "office365_emails_email", + "payload": { + "matches_dlp_rules": [], + "found_text": [], + "scan_details": [], + "hit_count": 0 + }, + "score": "0", + "securityResultEntityId": "d7a2bb4ec0ede75e1e4f369c74d96fe1", + "securityResultEntityType": "avanan_dlp", + "statusCode": "0", + "statusDescription": "Clean", + "verdict": "clean" + } + ], + "clicktimeProtection": [ + { + "entityId": "d7a2bb4ec0ede75e1e4f369c74d96fe1", + "entityType": "office365_emails_email", + "payload": null, + "score": "0", + "securityResultEntityId": "d7a2bb4ec0ede75e1e4f369c74d96fe1", + "securityResultEntityType": "clicktime_protection_scan", + "statusCode": "0", + "statusDescription": null, + "verdict": "links_replaced" + } + ], + "shadowIt": [ + { + "entityId": "d7a2bb4ec0ede75e1e4f369c74d96fe1", + "entityType": "office365_emails_email", + "payload": { + "from": "Automation@avtestqa.com", + "subject": "aut_phish_prod3_17__070823_00_44_47_955222", + "domain": "" + }, + "score": "0", + "securityResultEntityId": "d7a2bb4ec0ede75e1e4f369c74d96fe1", + "securityResultEntityType": "shadow_it_emails_scan", + "statusCode": "clean", + "statusDescription": "Clean", + "verdict": "clean" + } + ], + "av": null + }, + "entityActions": [ + { + "entityActionName": "subject_change", + "entityActionDate": "2023-08-07T00:44:59.800856Z", + "entityActionResponseCode": null, + "entityActionResponseText": null, + "entityActionState": "subject_changed" + }, + { + "entityActionName": "body_change", + "entityActionDate": "2023-08-07T00:44:59.800856Z", + "entityActionResponseCode": null, + "entityActionResponseText": null, + "entityActionState": "body_changed" + }, + { + "entityActionName": "links_replace", + "entityActionDate": "2023-08-07T00:44:59.800856Z", + "entityActionResponseCode": null, + "entityActionResponseText": null, + "entityActionState": "links_replaced" + } + ], + "entityAvailableActions": [] + }, + { + "entityInfo": { + "entityId": "c81c680d7a9bca2374d5b8fd8c3286e1", + "customerId": "prod-3-con-lab44", + "customerOem": "Avanan", + "saas": "office365_emails", + "saasEntityType": "office365_emails_email", + "entityCreated": "2023-08-07T00:45:06.510217Z", + "entityUpdated": "2023-08-07T00:45:14.359683Z", + "entityActionState": "body_changed" + }, + "entityPayload": { + "internetMessageId": "<01000189cd742556-bbb6894d-0c22-431a-bf16-a31100df6ff9-000000@email.amazonses.com>", + "subject": "Phishing Alert! [aut_phish_prod3_17__070823_00_44_48_301117]", + "received": "2023-08-07T00:44:52Z", + "size": null, + "emailLinks": [ + "http://operatf.xyz/redirect53dfhbhfhfhb" + ], + "attachmentCount": 0, + "attachments": [], + "mode": "monitor", + "recipients": [ + "user3@avananlab44.onmicrosoft.com" + ], + "fromEmail": "Automation@avtestqa.com", + "fromDomain": "avtestqa.com", + "fromUser": {}, + "fromName": "", + "to": [ + "user3@avananlab44.onmicrosoft.com" + ], + "toUser": [ + { + "entity_id": "1ec5d519-54a5-40fa-9651-19d7286710df", + "entity_type": "office365_emails_user", + "mail": null + } + ], + "cc": [], + "ccUser": [], + "bcc": [], + "bccUser": [], + "replyToEmail": null, + "replyToNickname": null, + "isRead": null, + "isDeleted": false, + "isIncoming": true, + "isInternal": false, + "isOutgoing": false, + "isQuarantined": false, + "isQuarantineNotification": false, + "isRestored": false, + "isRestoreRequested": false, + "isRestoreDeclined": false, + "saasSpamVerdict": "-1", + "SpfResult": "pass", + "restoreRequestTime": null + }, + "entitySecurityResult": { + "combinedVerdict": { + "ap": "phishing", + "dlp": null, + "clicktimeProtection": null, + "shadowIt": "clean", + "av": null + }, + "ap": [ + { + "entityId": "c81c680d7a9bca2374d5b8fd8c3286e1", + "entityType": "office365_emails_email", + "payload": { + "reasons_by_category_list": [ + "Email Headers", + "Domain Impersonation", + "Sender Reputation", + "Links" + ], + "reasons_by_category": { + "Links": [ + { + "short_text": "Link to a low-traffic site", + "full_text": "The email contains link to low-traffic web-sites - often indicating low-trust domains" + } + ], + "Domain Impersonation": [ + { + "short_text": "SPF check failed when checking sending IP: 10.10.10.10 for domain avtestqa.com", + "full_text": "The email 'from' address doesn't pass the SPF-check" + } + ], + "Sender Reputation": [ + { + "short_text": "Insignificant historical reputation with sender", + "full_text": "The sending email address hasn't established significant historical reputation with your domain" + }, + { + "short_text": "Low-traffic 'From'-domain", + "full_text": "The sender's domain has very low traffic - often indicating low-trust domains" + } + ], + "Email Headers": [ + { + "short_text": "Missing DMARC", + "full_text": "The email's header suggest that DMARC signature is missing/invalid" + } + ] + }, + "reasons": [] + }, + "score": "230.313577", + "securityResultEntityId": "c81c680d7a9bca2374d5b8fd8c3286e1", + "securityResultEntityType": "avanan_ap_scan", + "statusCode": "0", + "statusDescription": null, + "verdict": "phishing" + } + ], + "dlp": null, + "clicktimeProtection": null, + "shadowIt": [ + { + "entityId": "c81c680d7a9bca2374d5b8fd8c3286e1", + "entityType": "office365_emails_email", + "payload": { + "from": "Automation@avtestqa.com", + "subject": "aut_phish_prod3_17__070823_00_44_48_301117", + "domain": "" + }, + "score": "0", + "securityResultEntityId": "c81c680d7a9bca2374d5b8fd8c3286e1", + "securityResultEntityType": "shadow_it_emails_scan", + "statusCode": "clean", + "statusDescription": "Clean", + "verdict": "clean" + } + ], + "av": null + }, + "entityActions": [ + { + "entityActionName": "subject_change", + "entityActionDate": "2023-08-07T00:45:06.510217Z", + "entityActionResponseCode": null, + "entityActionResponseText": null, + "entityActionState": "subject_changed" + }, + { + "entityActionName": "body_change", + "entityActionDate": "2023-08-07T00:45:06.510217Z", + "entityActionResponseCode": null, + "entityActionResponseText": null, + "entityActionState": "body_changed" + } + ], + "entityAvailableActions": [] + }, + { + "entityInfo": { + "entityId": "1caad6b8d760c5677a63fb2563bf9bd1", + "customerId": "prod-3-con-lab44", + "customerOem": "Avanan", + "saas": "office365_emails", + "saasEntityType": "office365_emails_email", + "entityCreated": "2023-08-07T00:48:37.699839Z", + "entityUpdated": "2023-08-07T00:53:26.460785Z", + "entityActionState": null + }, + "entityPayload": { + "internetMessageId": "<01000189cd77828a-94889b82-9d23-4b78-94c7-deee90f04644-000000@email.amazonses.com>", + "subject": "aut_clean_prod3_17__070823_00_48_28_346652", + "received": "2023-08-07T00:48:30Z", + "size": null, + "emailLinks": [], + "attachmentCount": 0, + "attachments": [], + "mode": "inline", + "recipients": [ + "user4@avananlab44.onmicrosoft.com" + ], + "fromEmail": "Automation@avtestqa.com", + "fromDomain": "avtestqa.com", + "fromUser": {}, + "fromName": "", + "to": [ + "user4@avananlab44.onmicrosoft.com" + ], + "toUser": [ + { + "entity_id": "37bf0b54-5136-49e7-82c8-58f85d42b333", + "entity_type": "office365_emails_user", + "mail": null + } + ], + "cc": [], + "ccUser": [], + "bcc": [], + "bccUser": [], + "replyToEmail": null, + "replyToNickname": null, + "isRead": null, + "isDeleted": false, + "isIncoming": true, + "isInternal": false, + "isOutgoing": false, + "isQuarantined": false, + "isQuarantineNotification": false, + "isRestored": true, + "isRestoreRequested": false, + "isRestoreDeclined": false, + "saasSpamVerdict": "-1", + "SpfResult": "pass", + "restoreRequestTime": null + }, + "entitySecurityResult": { + "combinedVerdict": { + "ap": "clean", + "dlp": null, + "clicktimeProtection": null, + "shadowIt": "clean", + "av": null + }, + "ap": [ + { + "entityId": "1caad6b8d760c5677a63fb2563bf9bd1", + "entityType": "office365_emails_email", + "payload": { + "reasons_by_category_list": [ + "Email Headers", + "Domain Impersonation", + "Sender Reputation" + ], + "reasons_by_category": { + "Email Headers": [ + { + "short_text": "Missing DMARC", + "full_text": "The email's header suggest that DMARC signature is missing/invalid" + } + ], + "Domain Impersonation": [ + { + "short_text": "SPF check failed when checking sending IP: 10.10.10.10 for domain avtestqa.com", + "full_text": "The email 'from' address doesn't pass the SPF-check" + } + ], + "Sender Reputation": [ + { + "short_text": "Insignificant historical reputation with sender", + "full_text": "The sending email address hasn't established significant historical reputation with your domain" + }, + { + "short_text": "Low-traffic 'From'-domain", + "full_text": "The sender's domain has very low traffic - often indicating low-trust domains" + } + ] + }, + "reasons": [ + "First Time Sender" + ] + }, + "score": "108.677335", + "securityResultEntityId": "1caad6b8d760c5677a63fb2563bf9bd1", + "securityResultEntityType": "avanan_ap_scan", + "statusCode": "0", + "statusDescription": null, + "verdict": "clean" + } + ], + "dlp": null, + "clicktimeProtection": null, + "shadowIt": [ + { + "entityId": "1caad6b8d760c5677a63fb2563bf9bd1", + "entityType": "office365_emails_email", + "payload": { + "from": "Automation@avtestqa.com", + "subject": "aut_clean_prod3_17__070823_00_48_28_346652", + "domain": "" + }, + "score": "0", + "securityResultEntityId": "1caad6b8d760c5677a63fb2563bf9bd1", + "securityResultEntityType": "shadow_it_emails_scan", + "statusCode": "clean", + "statusDescription": "Clean", + "verdict": "clean" + } + ], + "av": null + }, + "entityActions": [], + "entityAvailableActions": [] + }, + { + "entityInfo": { + "entityId": "db3b2d4f21e8f73364da558407db769b", + "customerId": "prod-3-con-lab44", + "customerOem": "Avanan", + "saas": "office365_emails", + "saasEntityType": "office365_emails_email", + "entityCreated": "2023-08-07T00:50:12.687054Z", + "entityUpdated": "2023-08-07T00:50:17.232705Z", + "entityActionState": null + }, + "entityPayload": { + "internetMessageId": "0.14662166908162633Automation@avtestqa.com", + "subject": "aut_clean_prod3_17__070823_00_40_53_318272", + "received": "2023-08-05T16:35:06.828791Z", + "size": null, + "emailLinks": [], + "attachmentCount": 0, + "attachments": [], + "mode": "monitor", + "recipients": [ + "user2@avananlab44.onmicrosoft.com" + ], + "fromEmail": "Automation@avtestqa.com", + "fromDomain": "avtestqa.com", + "fromUser": {}, + "fromName": "", + "to": [ + "user2@avananlab44.onmicrosoft.com" + ], + "toUser": [ + { + "entity_id": "04df0456-6328-4cfe-a285-e41e3d035e9e", + "entity_type": "office365_emails_user", + "mail": null + } + ], + "cc": [], + "ccUser": [], + "bcc": [], + "bccUser": [], + "replyToEmail": null, + "replyToNickname": null, + "isRead": null, + "isDeleted": false, + "isIncoming": true, + "isInternal": false, + "isOutgoing": false, + "isQuarantined": false, + "isQuarantineNotification": false, + "isRestored": false, + "isRestoreRequested": false, + "isRestoreDeclined": false, + "saasSpamVerdict": null, + "SpfResult": null, + "restoreRequestTime": null + }, + "entitySecurityResult": { + "combinedVerdict": { + "ap": "clean", + "dlp": null, + "clicktimeProtection": null, + "shadowIt": "clean", + "av": null + }, + "ap": [ + { + "entityId": "db3b2d4f21e8f73364da558407db769b", + "entityType": "office365_emails_email", + "payload": { + "reasons_by_category_list": [ + "Sender Reputation" + ], + "reasons_by_category": { + "Sender Reputation": [ + { + "short_text": "Insignificant historical reputation with sender", + "full_text": "The sending email address hasn't established significant historical reputation with your domain" + }, + { + "short_text": "Low-traffic 'From'-domain", + "full_text": "The sender's domain has very low traffic - often indicating low-trust domains" + } + ] + }, + "reasons": [ + "First Time Sender" + ] + }, + "score": "59.53873", + "securityResultEntityId": "db3b2d4f21e8f73364da558407db769b", + "securityResultEntityType": "avanan_ap_scan", + "statusCode": "0", + "statusDescription": null, + "verdict": "clean" + } + ], + "dlp": null, + "clicktimeProtection": null, + "shadowIt": [ + { + "entityId": "db3b2d4f21e8f73364da558407db769b", + "entityType": "office365_emails_email", + "payload": { + "from": "Automation@avtestqa.com", + "subject": "aut_clean_prod3_17__070823_00_40_53_318272", + "domain": "" + }, + "score": "0", + "securityResultEntityId": "db3b2d4f21e8f73364da558407db769b", + "securityResultEntityType": "shadow_it_emails_scan", + "statusCode": "clean", + "statusDescription": "Clean", + "verdict": "clean" + } + ], + "av": null + }, + "entityActions": [], + "entityAvailableActions": [] + }, + { + "entityInfo": { + "entityId": "33dcb85fd41503c33070552de4dc69dc", + "customerId": "prod-3-con-lab44", + "customerOem": "Avanan", + "saas": "office365_emails", + "saasEntityType": "office365_emails_email", + "entityCreated": "2023-08-07T00:51:31.962844Z", + "entityUpdated": "2023-08-07T00:51:39.231516Z", + "entityActionState": null + }, + "entityPayload": { + "internetMessageId": "<00000000.00000000000000.00000000000000.00000000@mail.example.com>", + "subject": "AUT-clicktime-qa-1-ignorelist_070823_03_51_20_909818", + "received": "2023-08-07T00:51:21Z", + "size": null, + "emailLinks": [ + "https://mail.google.com", + "https://www.youtube.com", + "https://yardiasp14.com" + ], + "attachmentCount": 0, + "attachments": [], + "mode": "inline", + "recipients": [ + "user2@avananlab44.onmicrosoft.com" + ], + "fromEmail": "Automation@avtestqa.com", + "fromDomain": "avtestqa.com", + "fromUser": {}, + "fromName": "", + "to": [ + "user2@avananlab44.onmicrosoft.com" + ], + "toUser": [ + { + "entity_id": "04df0456-6328-4cfe-a285-e41e3d035e9e", + "entity_type": "office365_emails_user", + "mail": null + } + ], + "cc": [], + "ccUser": [], + "bcc": [], + "bccUser": [], + "replyToEmail": "Automation@avtestqa.com", + "replyToNickname": "", + "isRead": null, + "isDeleted": false, + "isIncoming": true, + "isInternal": false, + "isOutgoing": false, + "isQuarantined": false, + "isQuarantineNotification": false, + "isRestored": false, + "isRestoreRequested": false, + "isRestoreDeclined": false, + "saasSpamVerdict": "-1", + "SpfResult": "pass", + "restoreRequestTime": null + }, + "entitySecurityResult": { + "combinedVerdict": { + "ap": "clean", + "dlp": "clean", + "clicktimeProtection": "no_links_replaced", + "shadowIt": "clean", + "av": null + }, + "ap": [ + { + "entityId": "33dcb85fd41503c33070552de4dc69dc", + "entityType": "office365_emails_email", + "payload": { + "reasons_by_category_list": [ + "Email Headers", + "Sender Reputation" + ], + "reasons_by_category": { + "Email Headers": [ + { + "short_text": "Missing DMARC", + "full_text": "The email's header suggest that DMARC signature is missing/invalid" + } + ], + "Sender Reputation": [ + { + "short_text": "Insignificant historical reputation with sender", + "full_text": "The sending email address hasn't established significant historical reputation with your domain" + }, + { + "short_text": "Low-traffic 'From'-domain", + "full_text": "The sender's domain has very low traffic - often indicating low-trust domains" + } + ] + }, + "reasons": [ + "First Time Sender" + ] + }, + "score": "68.697515", + "securityResultEntityId": "33dcb85fd41503c33070552de4dc69dc", + "securityResultEntityType": "avanan_ap_scan", + "statusCode": "0", + "statusDescription": null, + "verdict": "clean" + } + ], + "dlp": [ + { + "entityId": "33dcb85fd41503c33070552de4dc69dc", + "entityType": "office365_emails_email", + "payload": { + "matches_dlp_rules": [], + "found_text": [], + "scan_details": [], + "hit_count": 0 + }, + "score": "0", + "securityResultEntityId": "33dcb85fd41503c33070552de4dc69dc", + "securityResultEntityType": "avanan_dlp", + "statusCode": "0", + "statusDescription": "Clean", + "verdict": "clean" + } + ], + "clicktimeProtection": [ + { + "entityId": "33dcb85fd41503c33070552de4dc69dc", + "entityType": "office365_emails_email", + "payload": null, + "score": "0", + "securityResultEntityId": "33dcb85fd41503c33070552de4dc69dc", + "securityResultEntityType": "clicktime_protection_scan", + "statusCode": "0", + "statusDescription": null, + "verdict": "no_links_replaced" + } + ], + "shadowIt": [ + { + "entityId": "33dcb85fd41503c33070552de4dc69dc", + "entityType": "office365_emails_email", + "payload": { + "from": "Automation@avtestqa.com", + "subject": "AUT-clicktime-qa-1-ignorelist_070823_03_51_20_909818", + "domain": "" + }, + "score": "0", + "securityResultEntityId": "33dcb85fd41503c33070552de4dc69dc", + "securityResultEntityType": "shadow_it_emails_scan", + "statusCode": "clean", + "statusDescription": "Clean", + "verdict": "clean" + } + ], + "av": null + }, + "entityActions": [], + "entityAvailableActions": [] + }, + { + "entityInfo": { + "entityId": "0e0b0ed8fb1e848838d3003be88eb56f", + "customerId": "prod-3-con-lab44", + "customerOem": "Avanan", + "saas": "office365_emails", + "saasEntityType": "office365_emails_email", + "entityCreated": "2023-08-07T00:51:31.988926Z", + "entityUpdated": "2023-08-07T00:52:43.051969Z", + "entityActionState": "links_replaced" + }, + "entityPayload": { + "internetMessageId": "<00000000.00000000000000.00000000000000.00000000@mail.example.com>", + "subject": "AUT-clicktime-qa-1_070823_03_51_20_487453", + "received": "2023-08-07T00:51:21Z", + "size": null, + "emailLinks": [ + "http://www.xvira-malwareavrad.com", + "https://google.com", + "https://stackoverflow.com" + ], + "attachmentCount": 0, + "attachments": [], + "mode": "inline", + "recipients": [ + "user2@avananlab44.onmicrosoft.com" + ], + "fromEmail": "Automation@avtestqa.com", + "fromDomain": "avtestqa.com", + "fromUser": {}, + "fromName": "", + "to": [ + "user2@avananlab44.onmicrosoft.com" + ], + "toUser": [ + { + "entity_id": "04df0456-6328-4cfe-a285-e41e3d035e9e", + "entity_type": "office365_emails_user", + "mail": null + } + ], + "cc": [], + "ccUser": [], + "bcc": [], + "bccUser": [], + "replyToEmail": "Automation@avtestqa.com", + "replyToNickname": "", + "isRead": null, + "isDeleted": false, + "isIncoming": true, + "isInternal": false, + "isOutgoing": false, + "isQuarantined": false, + "isQuarantineNotification": false, + "isRestored": false, + "isRestoreRequested": false, + "isRestoreDeclined": false, + "saasSpamVerdict": "-1", + "SpfResult": "pass", + "restoreRequestTime": null + }, + "entitySecurityResult": { + "combinedVerdict": { + "ap": "clean", + "dlp": "clean", + "clicktimeProtection": "malicious_url", + "shadowIt": "clean", + "av": null + }, + "ap": [ + { + "entityId": "0e0b0ed8fb1e848838d3003be88eb56f", + "entityType": "office365_emails_email", + "payload": { + "reasons_by_category_list": [ + "Email Headers", + "Sender Reputation", + "Links", + "Email Text" + ], + "reasons_by_category": { + "Links": [ + { + "short_text": "Link to a low-traffic site", + "full_text": "The email contains link to low-traffic web-sites - often indicating low-trust domains" + }, + { + "short_text": "Suspicious-looking link", + "full_text": "The email presents a link that can be misleading (link text vs. actual URL)" + } + ], + "Sender Reputation": [ + { + "short_text": "Insignificant historical reputation with sender", + "full_text": "The sending email address hasn't established significant historical reputation with your domain" + }, + { + "short_text": "Low-traffic 'From'-domain", + "full_text": "The sender's domain has very low traffic - often indicating low-trust domains" + } + ], + "Email Text": [ + { + "short_text": "Suspicious-looking email text", + "full_text": "NLP analysis of the email text indicates a suspicious-looking email content" + } + ], + "Email Headers": [ + { + "short_text": "Missing DMARC", + "full_text": "The email's header suggest that DMARC signature is missing/invalid" + } + ] + }, + "reasons": [ + "First Time Sender" + ] + }, + "score": "275.646318", + "securityResultEntityId": "0e0b0ed8fb1e848838d3003be88eb56f", + "securityResultEntityType": "avanan_ap_scan", + "statusCode": "0", + "statusDescription": null, + "verdict": "clean" + } + ], + "dlp": [ + { + "entityId": "0e0b0ed8fb1e848838d3003be88eb56f", + "entityType": "office365_emails_email", + "payload": { + "matches_dlp_rules": [], + "found_text": [], + "scan_details": [], + "hit_count": 0 + }, + "score": "0", + "securityResultEntityId": "0e0b0ed8fb1e848838d3003be88eb56f", + "securityResultEntityType": "avanan_dlp", + "statusCode": "0", + "statusDescription": "Clean", + "verdict": "clean" + } + ], + "clicktimeProtection": [ + { + "entityId": "0e0b0ed8fb1e848838d3003be88eb56f", + "entityType": "office365_emails_email", + "payload": { + "malicious_url_clicks": [ + "http://www.xvira-malwareavrad.com" + ] + }, + "score": "0", + "securityResultEntityId": "0e0b0ed8fb1e848838d3003be88eb56f", + "securityResultEntityType": "clicktime_protection_scan", + "statusCode": "0", + "statusDescription": null, + "verdict": "malicious_url" + }, + { + "entityId": "0e0b0ed8fb1e848838d3003be88eb56f", + "entityType": "office365_emails_email", + "payload": { + "result": { + "entity_type": "office365_emails_email", + "guid": "433a", + "ip_address": "10.10.10.10, 10.10.10.11", + "entity_id": "0e0b0ed8fb1e848838d3003be88eb56f", + "event": "block", + "brand": "avanan", + "request_id": "7bdcb2417638fb53", + "url": "http://www.xvira-malwareavrad.com/", + "user_agent": "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/81.0.4044.92 Safari/537.36", + "customer": "prod-3-con-lab44", + "farm_id": "mt-prod-3", + "detection_info": null + }, + "link": "http://www.xvira-malwareavrad.com", + "client_ip_address": null, + "user_agent": "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/81.0.4044.92 Safari/537.36", + "detection_info": "{}" + }, + "score": "0.0", + "securityResultEntityId": "bb79754b964b44eea859cf51455750b7", + "securityResultEntityType": "clicktime_protection_scan_clicks", + "statusCode": "0", + "statusDescription": null, + "verdict": "malicious_url" + }, + { + "entityId": "0e0b0ed8fb1e848838d3003be88eb56f", + "entityType": "office365_emails_email", + "payload": { + "result": { + "entity_type": "office365_emails_email", + "guid": "528e", + "ip_address": "10.10.10.10, 10.10.10.11", + "entity_id": "0e0b0ed8fb1e848838d3003be88eb56f", + "event": "block", + "brand": "avanan", + "request_id": "b77060e5e6ab2043", + "url": "http://www.xvira-malwareavrad.com/", + "user_agent": "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/81.0.4044.92 Safari/537.36", + "customer": "prod-3-con-lab44", + "farm_id": "mt-prod-3", + "detection_info": null + }, + "link": "http://www.xvira-malwareavrad.com", + "client_ip_address": null, + "user_agent": "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/81.0.4044.92 Safari/537.36", + "detection_info": "{}" + }, + "score": "0.0", + "securityResultEntityId": "4fb0c7573fc943ea9d0baf414a627486", + "securityResultEntityType": "clicktime_protection_scan_clicks", + "statusCode": "0", + "statusDescription": null, + "verdict": "malicious_url" + } + ], + "shadowIt": [ + { + "entityId": "0e0b0ed8fb1e848838d3003be88eb56f", + "entityType": "office365_emails_email", + "payload": { + "from": "Automation@avtestqa.com", + "subject": "AUT-clicktime-qa-1_070823_03_51_20_487453", + "domain": "" + }, + "score": "0", + "securityResultEntityId": "0e0b0ed8fb1e848838d3003be88eb56f", + "securityResultEntityType": "shadow_it_emails_scan", + "statusCode": "clean", + "statusDescription": "Clean", + "verdict": "clean" + } + ], + "av": null + }, + "entityActions": [ + { + "entityActionName": "body_change", + "entityActionDate": "2023-08-07T00:51:31.988926Z", + "entityActionResponseCode": null, + "entityActionResponseText": null, + "entityActionState": "body_changed" + }, + { + "entityActionName": "links_replace", + "entityActionDate": "2023-08-07T00:51:31.988926Z", + "entityActionResponseCode": null, + "entityActionResponseText": null, + "entityActionState": "links_replaced" + } + ], + "entityAvailableActions": [] + }, + { + "entityInfo": { + "entityId": "c3d66a7f324acfd2474a439c9c6c8ee1", + "customerId": "prod-3-con-lab44", + "customerOem": "Avanan", + "saas": "office365_emails", + "saasEntityType": "office365_emails_email", + "entityCreated": "2023-08-07T00:51:32.009466Z", + "entityUpdated": "2023-08-07T00:51:47.893499Z", + "entityActionState": "links_replaced" + }, + "entityPayload": { + "internetMessageId": "<00000000.00000000000000.00000000000000.00000000@mail.example.com>", + "subject": "AUT-clicktime-qa-1-whitelist_070823_03_51_21_233726", + "received": "2023-08-07T00:51:24Z", + "size": null, + "emailLinks": [ + "http://www.xvirb-malwareavrad.com" + ], + "attachmentCount": 0, + "attachments": [], + "mode": "inline", + "recipients": [ + "user2@avananlab44.onmicrosoft.com" + ], + "fromEmail": "Automation@avtestqa.com", + "fromDomain": "avtestqa.com", + "fromUser": {}, + "fromName": "", + "to": [ + "user2@avananlab44.onmicrosoft.com" + ], + "toUser": [ + { + "entity_id": "04df0456-6328-4cfe-a285-e41e3d035e9e", + "entity_type": "office365_emails_user", + "mail": null + } + ], + "cc": [], + "ccUser": [], + "bcc": [], + "bccUser": [], + "replyToEmail": "Automation@avtestqa.com", + "replyToNickname": "", + "isRead": null, + "isDeleted": false, + "isIncoming": true, + "isInternal": false, + "isOutgoing": false, + "isQuarantined": false, + "isQuarantineNotification": false, + "isRestored": false, + "isRestoreRequested": false, + "isRestoreDeclined": false, + "saasSpamVerdict": "-1", + "SpfResult": "pass", + "restoreRequestTime": null + }, + "entitySecurityResult": { + "combinedVerdict": { + "ap": "clean", + "dlp": "clean", + "clicktimeProtection": "links_replaced", + "shadowIt": "clean", + "av": null + }, + "ap": [ + { + "entityId": "c3d66a7f324acfd2474a439c9c6c8ee1", + "entityType": "office365_emails_email", + "payload": { + "reasons_by_category_list": [ + "Email Headers", + "Sender Reputation", + "Links" + ], + "reasons_by_category": { + "Email Headers": [ + { + "short_text": "Missing DMARC", + "full_text": "The email's header suggest that DMARC signature is missing/invalid" + } + ], + "Links": [ + { + "short_text": "Link to a low-traffic site", + "full_text": "The email contains link to low-traffic web-sites - often indicating low-trust domains" + } + ], + "Sender Reputation": [ + { + "short_text": "Insignificant historical reputation with sender", + "full_text": "The sending email address hasn't established significant historical reputation with your domain" + }, + { + "short_text": "Low-traffic 'From'-domain", + "full_text": "The sender's domain has very low traffic - often indicating low-trust domains" + } + ] + }, + "reasons": [ + "First Time Sender" + ] + }, + "score": "148.308417", + "securityResultEntityId": "c3d66a7f324acfd2474a439c9c6c8ee1", + "securityResultEntityType": "avanan_ap_scan", + "statusCode": "0", + "statusDescription": null, + "verdict": "clean" + } + ], + "dlp": [ + { + "entityId": "c3d66a7f324acfd2474a439c9c6c8ee1", + "entityType": "office365_emails_email", + "payload": { + "matches_dlp_rules": [], + "found_text": [], + "scan_details": [], + "hit_count": 0 + }, + "score": "0", + "securityResultEntityId": "c3d66a7f324acfd2474a439c9c6c8ee1", + "securityResultEntityType": "avanan_dlp", + "statusCode": "0", + "statusDescription": "Clean", + "verdict": "clean" + } + ], + "clicktimeProtection": [ + { + "entityId": "c3d66a7f324acfd2474a439c9c6c8ee1", + "entityType": "office365_emails_email", + "payload": null, + "score": "0", + "securityResultEntityId": "c3d66a7f324acfd2474a439c9c6c8ee1", + "securityResultEntityType": "clicktime_protection_scan", + "statusCode": "0", + "statusDescription": null, + "verdict": "links_replaced" + } + ], + "shadowIt": [ + { + "entityId": "c3d66a7f324acfd2474a439c9c6c8ee1", + "entityType": "office365_emails_email", + "payload": { + "from": "Automation@avtestqa.com", + "subject": "AUT-clicktime-qa-1-whitelist_070823_03_51_21_233726", + "domain": "" + }, + "score": "0", + "securityResultEntityId": "c3d66a7f324acfd2474a439c9c6c8ee1", + "securityResultEntityType": "shadow_it_emails_scan", + "statusCode": "clean", + "statusDescription": "Clean", + "verdict": "clean" + } + ], + "av": null + }, + "entityActions": [ + { + "entityActionName": "body_change", + "entityActionDate": "2023-08-07T00:51:32.009466Z", + "entityActionResponseCode": null, + "entityActionResponseText": null, + "entityActionState": "body_changed" + }, + { + "entityActionName": "links_replace", + "entityActionDate": "2023-08-07T00:51:32.009466Z", + "entityActionResponseCode": null, + "entityActionResponseText": null, + "entityActionState": "links_replaced" + } + ], + "entityAvailableActions": [] + }, + { + "entityInfo": { + "entityId": "097dc1e5a899373d35e2d9231296bcc2", + "customerId": "prod-3-con-lab44", + "customerOem": "Avanan", + "saas": "office365_emails", + "saasEntityType": "office365_emails_email", + "entityCreated": "2023-08-07T00:51:32.269766Z", + "entityUpdated": "2023-08-07T00:51:39.227774Z", + "entityActionState": "links_replaced" + }, + "entityPayload": { + "internetMessageId": "<00000000.00000000000000.00000000000000.00000000@mail.example.com>", + "subject": "AUT-clicktime-qa-1-special-urls_070823_03_51_21_987971", + "received": "2023-08-07T00:51:23Z", + "size": null, + "emailLinks": [ + "https://hengold.github.io/clicktime_url/?url=!*", + "https://hengold.github.io/clicktime_url/?url=!*'();:@&=+$,/?%#[]/", + "https://hengold.github.io/clicktime_url/?\u043f\u0440\u0430\u0432\u0438\u0442\u0435\u043b\u044c\u0441\u0442\u0432\u043e/", + "https://hengold.github.io/clicktime_url/?\u05d1\u05e2\u05d1\u05e8\u05d9\u05ea/", + "https://hengold.github.io/clicktime_url/?\u4e2d\u6587/" + ], + "attachmentCount": 0, + "attachments": [], + "mode": "inline", + "recipients": [ + "user2@avananlab44.onmicrosoft.com" + ], + "fromEmail": "Automation@avtestqa.com", + "fromDomain": "avtestqa.com", + "fromUser": {}, + "fromName": "", + "to": [ + "user2@avananlab44.onmicrosoft.com" + ], + "toUser": [ + { + "entity_id": "04df0456-6328-4cfe-a285-e41e3d035e9e", + "entity_type": "office365_emails_user", + "mail": null + } + ], + "cc": [], + "ccUser": [], + "bcc": [], + "bccUser": [], + "replyToEmail": "Automation@avtestqa.com", + "replyToNickname": "", + "isRead": null, + "isDeleted": false, + "isIncoming": true, + "isInternal": false, + "isOutgoing": false, + "isQuarantined": false, + "isQuarantineNotification": false, + "isRestored": false, + "isRestoreRequested": false, + "isRestoreDeclined": false, + "saasSpamVerdict": "-1", + "SpfResult": "pass", + "restoreRequestTime": null + }, + "entitySecurityResult": { + "combinedVerdict": { + "ap": "clean", + "dlp": "clean", + "clicktimeProtection": "links_replaced", + "shadowIt": "clean", + "av": null + }, + "ap": [ + { + "entityId": "097dc1e5a899373d35e2d9231296bcc2", + "entityType": "office365_emails_email", + "payload": { + "reasons_by_category_list": [ + "Email Headers", + "Sender Reputation", + "Links" + ], + "reasons_by_category": { + "Email Headers": [ + { + "short_text": "Missing DMARC", + "full_text": "The email's header suggest that DMARC signature is missing/invalid" + } + ], + "Links": [ + { + "short_text": "Suspicious-looking link", + "full_text": "Some of the links in the email has suspicious format - often used by Phishing emails" + }, + { + "short_text": "Link to a low-traffic site", + "full_text": "The email contains link to low-traffic web-sites - often indicating low-trust domains" + } + ], + "Sender Reputation": [ + { + "short_text": "Insignificant historical reputation with sender", + "full_text": "The sending email address hasn't established significant historical reputation with your domain" + }, + { + "short_text": "Low-traffic 'From'-domain", + "full_text": "The sender's domain has very low traffic - often indicating low-trust domains" + } + ] + }, + "reasons": [ + "First Time Sender" + ] + }, + "score": "45.599355", + "securityResultEntityId": "097dc1e5a899373d35e2d9231296bcc2", + "securityResultEntityType": "avanan_ap_scan", + "statusCode": "0", + "statusDescription": null, + "verdict": "clean" + } + ], + "dlp": [ + { + "entityId": "097dc1e5a899373d35e2d9231296bcc2", + "entityType": "office365_emails_email", + "payload": { + "matches_dlp_rules": [], + "found_text": [], + "scan_details": [], + "hit_count": 0 + }, + "score": "0", + "securityResultEntityId": "097dc1e5a899373d35e2d9231296bcc2", + "securityResultEntityType": "avanan_dlp", + "statusCode": "0", + "statusDescription": "Clean", + "verdict": "clean" + } + ], + "clicktimeProtection": [ + { + "entityId": "097dc1e5a899373d35e2d9231296bcc2", + "entityType": "office365_emails_email", + "payload": null, + "score": "0", + "securityResultEntityId": "097dc1e5a899373d35e2d9231296bcc2", + "securityResultEntityType": "clicktime_protection_scan", + "statusCode": "0", + "statusDescription": null, + "verdict": "links_replaced" + } + ], + "shadowIt": [ + { + "entityId": "097dc1e5a899373d35e2d9231296bcc2", + "entityType": "office365_emails_email", + "payload": { + "from": "Automation@avtestqa.com", + "subject": "AUT-clicktime-qa-1-special-urls_070823_03_51_21_987971", + "domain": "" + }, + "score": "0", + "securityResultEntityId": "097dc1e5a899373d35e2d9231296bcc2", + "securityResultEntityType": "shadow_it_emails_scan", + "statusCode": "clean", + "statusDescription": "Clean", + "verdict": "clean" + } + ], + "av": null + }, + "entityActions": [ + { + "entityActionName": "body_change", + "entityActionDate": "2023-08-07T00:51:32.269766Z", + "entityActionResponseCode": null, + "entityActionResponseText": null, + "entityActionState": "body_changed" + }, + { + "entityActionName": "links_replace", + "entityActionDate": "2023-08-07T00:51:32.269766Z", + "entityActionResponseCode": null, + "entityActionResponseText": null, + "entityActionState": "links_replaced" + } + ], + "entityAvailableActions": [] + }, + { + "entityInfo": { + "entityId": "218422382b1a09f96871a85d7b159a57", + "customerId": "prod-3-con-lab44", + "customerOem": "Avanan", + "saas": "office365_emails", + "saasEntityType": "office365_emails_email", + "entityCreated": "2023-08-07T00:51:32.474494Z", + "entityUpdated": "2023-08-07T00:55:33.553249Z", + "entityActionState": "links_replaced" + }, + "entityPayload": { + "internetMessageId": "<00000000.00000000000000.00000000000000.00000000@mail.example.com>", + "subject": "AUT-clicktime-qa-1-blacklist_070823_03_51_21_565745", + "received": "2023-08-07T00:51:23Z", + "size": null, + "emailLinks": [ + "https://facebook.com" + ], + "attachmentCount": 0, + "attachments": [], + "mode": "inline", + "recipients": [ + "user2@avananlab44.onmicrosoft.com" + ], + "fromEmail": "Automation@avtestqa.com", + "fromDomain": "avtestqa.com", + "fromUser": {}, + "fromName": "", + "to": [ + "user2@avananlab44.onmicrosoft.com" + ], + "toUser": [ + { + "entity_id": "04df0456-6328-4cfe-a285-e41e3d035e9e", + "entity_type": "office365_emails_user", + "mail": null + } + ], + "cc": [], + "ccUser": [], + "bcc": [], + "bccUser": [], + "replyToEmail": "Automation@avtestqa.com", + "replyToNickname": "", + "isRead": null, + "isDeleted": false, + "isIncoming": true, + "isInternal": false, + "isOutgoing": false, + "isQuarantined": false, + "isQuarantineNotification": false, + "isRestored": false, + "isRestoreRequested": false, + "isRestoreDeclined": false, + "saasSpamVerdict": "-1", + "SpfResult": "pass", + "restoreRequestTime": null + }, + "entitySecurityResult": { + "combinedVerdict": { + "ap": "clean", + "dlp": "clean", + "clicktimeProtection": "malicious_url", + "shadowIt": "clean", + "av": null + }, + "ap": [ + { + "entityId": "218422382b1a09f96871a85d7b159a57", + "entityType": "office365_emails_email", + "payload": { + "reasons_by_category_list": [ + "Email Headers", + "Sender Reputation" + ], + "reasons_by_category": { + "Email Headers": [ + { + "short_text": "Missing DMARC", + "full_text": "The email's header suggest that DMARC signature is missing/invalid" + } + ], + "Sender Reputation": [ + { + "short_text": "Insignificant historical reputation with sender", + "full_text": "The sending email address hasn't established significant historical reputation with your domain" + }, + { + "short_text": "Low-traffic 'From'-domain", + "full_text": "The sender's domain has very low traffic - often indicating low-trust domains" + } + ] + }, + "reasons": [ + "First Time Sender" + ] + }, + "score": "52.964422", + "securityResultEntityId": "218422382b1a09f96871a85d7b159a57", + "securityResultEntityType": "avanan_ap_scan", + "statusCode": "0", + "statusDescription": null, + "verdict": "clean" + } + ], + "dlp": [ + { + "entityId": "218422382b1a09f96871a85d7b159a57", + "entityType": "office365_emails_email", + "payload": { + "matches_dlp_rules": [], + "found_text": [], + "scan_details": [], + "hit_count": 0 + }, + "score": "0", + "securityResultEntityId": "218422382b1a09f96871a85d7b159a57", + "securityResultEntityType": "avanan_dlp", + "statusCode": "0", + "statusDescription": "Clean", + "verdict": "clean" + } + ], + "clicktimeProtection": [ + { + "entityId": "218422382b1a09f96871a85d7b159a57", + "entityType": "office365_emails_email", + "payload": null, + "score": "0", + "securityResultEntityId": "218422382b1a09f96871a85d7b159a57", + "securityResultEntityType": "clicktime_protection_scan", + "statusCode": "0", + "statusDescription": null, + "verdict": "malicious_url" + } + ], + "shadowIt": [ + { + "entityId": "218422382b1a09f96871a85d7b159a57", + "entityType": "office365_emails_email", + "payload": { + "subject": "AUT-clicktime-qa-1-blacklist_070823_03_51_21_565745", + "from": "Automation@avtestqa.com", + "domain": "" + }, + "score": "0", + "securityResultEntityId": "218422382b1a09f96871a85d7b159a57", + "securityResultEntityType": "shadow_it_emails_scan", + "statusCode": "clean", + "statusDescription": "Clean", + "verdict": "clean" + } + ], + "av": null + }, + "entityActions": [ + { + "entityActionName": "body_change", + "entityActionDate": "2023-08-07T00:51:32.474494Z", + "entityActionResponseCode": null, + "entityActionResponseText": null, + "entityActionState": "body_changed" + }, + { + "entityActionName": "links_replace", + "entityActionDate": "2023-08-07T00:51:32.474494Z", + "entityActionResponseCode": null, + "entityActionResponseText": null, + "entityActionState": "links_replaced" + } + ], + "entityAvailableActions": [] + }, + { + "entityInfo": { + "entityId": "0c7e634c8be8243bb529bbecfb2db455", + "customerId": "prod-3-con-lab44", + "customerOem": "Avanan", + "saas": "office365_emails", + "saasEntityType": "office365_emails_email", + "entityCreated": "2023-08-07T00:52:20.064866Z", + "entityUpdated": "2023-08-07T00:52:24.265441Z", + "entityActionState": null + }, + "entityPayload": { + "internetMessageId": "<00000000.00000000000000.00000000000000.00000000@mail.example.com>", + "subject": "AUT-clean-qa1-4-_070823_00_51_15_113583", + "received": "2023-08-07T00:51:16Z", + "size": null, + "emailLinks": [], + "attachmentCount": 0, + "attachments": [], + "mode": "monitor", + "recipients": [ + "user3@avananlab44.onmicrosoft.com" + ], + "fromEmail": "Automation@avtestqa.com", + "fromDomain": "avtestqa.com", + "fromUser": {}, + "fromName": "", + "to": [ + "user3@avananlab44.onmicrosoft.com" + ], + "toUser": [ + { + "entity_id": "1ec5d519-54a5-40fa-9651-19d7286710df", + "entity_type": "office365_emails_user", + "mail": null + } + ], + "cc": [], + "ccUser": [], + "bcc": [], + "bccUser": [], + "replyToEmail": "Automation@avtestqa.com", + "replyToNickname": "", + "isRead": null, + "isDeleted": false, + "isIncoming": true, + "isInternal": false, + "isOutgoing": false, + "isQuarantined": false, + "isQuarantineNotification": false, + "isRestored": false, + "isRestoreRequested": false, + "isRestoreDeclined": false, + "saasSpamVerdict": "-1", + "SpfResult": "pass", + "restoreRequestTime": null + }, + "entitySecurityResult": { + "combinedVerdict": { + "ap": "clean", + "dlp": null, + "clicktimeProtection": null, + "shadowIt": "clean", + "av": null + }, + "ap": [ + { + "entityId": "0c7e634c8be8243bb529bbecfb2db455", + "entityType": "office365_emails_email", + "payload": { + "reasons_by_category_list": [ + "Email Headers", + "Sender Reputation" + ], + "reasons_by_category": { + "Email Headers": [ + { + "short_text": "Missing DMARC", + "full_text": "The email's header suggest that DMARC signature is missing/invalid" + } + ], + "Sender Reputation": [ + { + "short_text": "Insignificant historical reputation with sender", + "full_text": "The sending email address hasn't established significant historical reputation with your domain" + }, + { + "short_text": "Low-traffic 'From'-domain", + "full_text": "The sender's domain has very low traffic - often indicating low-trust domains" + } + ] + }, + "reasons": [ + "First Time Sender" + ] + }, + "score": "42.792424", + "securityResultEntityId": "0c7e634c8be8243bb529bbecfb2db455", + "securityResultEntityType": "avanan_ap_scan", + "statusCode": "0", + "statusDescription": null, + "verdict": "clean" + } + ], + "dlp": null, + "clicktimeProtection": null, + "shadowIt": [ + { + "entityId": "0c7e634c8be8243bb529bbecfb2db455", + "entityType": "office365_emails_email", + "payload": { + "from": "Automation@avtestqa.com", + "subject": "AUT-clean-qa1-4-_070823_00_51_15_113583", + "domain": "" + }, + "score": "0", + "securityResultEntityId": "0c7e634c8be8243bb529bbecfb2db455", + "securityResultEntityType": "shadow_it_emails_scan", + "statusCode": "clean", + "statusDescription": "Clean", + "verdict": "clean" + } + ], + "av": null + }, + "entityActions": [], + "entityAvailableActions": [] + }, + { + "entityInfo": { + "entityId": "068418362c897bf22a2a21ec5cdf9aef", + "customerId": "prod-3-con-lab44", + "customerOem": "Avanan", + "saas": "office365_emails", + "saasEntityType": "office365_emails_email", + "entityCreated": "2023-08-07T00:54:29.334880Z", + "entityUpdated": "2023-08-07T00:54:43.218079Z", + "entityActionState": null + }, + "entityPayload": { + "internetMessageId": "<01000189cd7cdcaa-79608eea-18c5-42e9-ae04-479d682e297b-000000@email.amazonses.com>", + "subject": "aut_clean_prod3_17__070823_00_54_19_500895", + "received": "2023-08-07T00:54:20Z", + "size": null, + "emailLinks": [], + "attachmentCount": 0, + "attachments": [], + "mode": "inline", + "recipients": [ + "user2@avananlab44.onmicrosoft.com" + ], + "fromEmail": "Automation@avtestqa.com", + "fromDomain": "avtestqa.com", + "fromUser": {}, + "fromName": "", + "to": [ + "user2@avananlab44.onmicrosoft.com" + ], + "toUser": [ + { + "entity_id": "04df0456-6328-4cfe-a285-e41e3d035e9e", + "entity_type": "office365_emails_user", + "mail": null + } + ], + "cc": [], + "ccUser": [], + "bcc": [], + "bccUser": [], + "replyToEmail": null, + "replyToNickname": null, + "isRead": null, + "isDeleted": false, + "isIncoming": true, + "isInternal": false, + "isOutgoing": false, + "isQuarantined": false, + "isQuarantineNotification": false, + "isRestored": false, + "isRestoreRequested": false, + "isRestoreDeclined": false, + "saasSpamVerdict": "-1", + "SpfResult": "pass", + "restoreRequestTime": null + }, + "entitySecurityResult": { + "combinedVerdict": { + "ap": "clean", + "dlp": "clean", + "clicktimeProtection": "no_links_replaced", + "shadowIt": "clean", + "av": null + }, + "ap": [ + { + "entityId": "068418362c897bf22a2a21ec5cdf9aef", + "entityType": "office365_emails_email", + "payload": { + "reasons_by_category_list": [ + "Email Headers", + "Domain Impersonation", + "Sender Reputation" + ], + "reasons_by_category": { + "Email Headers": [ + { + "short_text": "Missing DMARC", + "full_text": "The email's header suggest that DMARC signature is missing/invalid" + } + ], + "Domain Impersonation": [ + { + "short_text": "SPF check failed when checking sending IP: 10.10.10.10 for domain avtestqa.com", + "full_text": "The email 'from' address doesn't pass the SPF-check" + } + ], + "Sender Reputation": [ + { + "short_text": "Insignificant historical reputation with sender", + "full_text": "The sending email address hasn't established significant historical reputation with your domain" + }, + { + "short_text": "Low-traffic 'From'-domain", + "full_text": "The sender's domain has very low traffic - often indicating low-trust domains" + } + ] + }, + "reasons": [ + "First Time Sender" + ] + }, + "score": "125.763193", + "securityResultEntityId": "068418362c897bf22a2a21ec5cdf9aef", + "securityResultEntityType": "avanan_ap_scan", + "statusCode": "0", + "statusDescription": null, + "verdict": "clean" + } + ], + "dlp": [ + { + "entityId": "068418362c897bf22a2a21ec5cdf9aef", + "entityType": "office365_emails_email", + "payload": { + "matches_dlp_rules": [], + "found_text": [], + "scan_details": [], + "hit_count": 0 + }, + "score": "0", + "securityResultEntityId": "068418362c897bf22a2a21ec5cdf9aef", + "securityResultEntityType": "avanan_dlp", + "statusCode": "0", + "statusDescription": "Clean", + "verdict": "clean" + } + ], + "clicktimeProtection": [ + { + "entityId": "068418362c897bf22a2a21ec5cdf9aef", + "entityType": "office365_emails_email", + "payload": null, + "score": "0", + "securityResultEntityId": "068418362c897bf22a2a21ec5cdf9aef", + "securityResultEntityType": "clicktime_protection_scan", + "statusCode": "0", + "statusDescription": null, + "verdict": "no_links_replaced" + } + ], + "shadowIt": [ + { + "entityId": "068418362c897bf22a2a21ec5cdf9aef", + "entityType": "office365_emails_email", + "payload": { + "from": "Automation@avtestqa.com", + "subject": "aut_clean_prod3_17__070823_00_54_19_500895", + "domain": "" + }, + "score": "0", + "securityResultEntityId": "068418362c897bf22a2a21ec5cdf9aef", + "securityResultEntityType": "shadow_it_emails_scan", + "statusCode": "clean", + "statusDescription": "Clean", + "verdict": "clean" + } + ], + "av": null + }, + "entityActions": [], + "entityAvailableActions": [] + }, + { + "entityInfo": { + "entityId": "3afce0e438f6ea96076ebe8ae3fe3124", + "customerId": "prod-3-con-lab44", + "customerOem": "Avanan", + "saas": "office365_emails", + "saasEntityType": "office365_emails_email", + "entityCreated": "2023-08-07T00:54:29.640129Z", + "entityUpdated": "2023-08-07T00:54:48.047862Z", + "entityActionState": "quarantined" + }, + "entityPayload": { + "internetMessageId": "<01000189cd7cdb3b-b2c4aba0-2abb-4fe3-bb5b-a452f9e75a9f-000000@email.amazonses.com>", + "subject": "aut_quar_prod3_17__070823_00_54_19_146130", + "received": "2023-08-07T00:54:21Z", + "size": null, + "emailLinks": [], + "attachmentCount": 1, + "attachments": [ + { + "name": "avanan_malicious_25_070823_00_54_19_1691369659.pdf", + "mimetype": "application/pdf", + "size": 2072, + "MD5": "598e9716152a194a367f4935055be067" + } + ], + "mode": "inline", + "recipients": [ + "user2@avananlab44.onmicrosoft.com" + ], + "fromEmail": "Automation@avtestqa.com", + "fromDomain": "avtestqa.com", + "fromUser": {}, + "fromName": "", + "to": [ + "user2@avananlab44.onmicrosoft.com" + ], + "toUser": [ + { + "entity_id": "04df0456-6328-4cfe-a285-e41e3d035e9e", + "entity_type": "office365_emails_user", + "mail": null + } + ], + "cc": [], + "ccUser": [], + "bcc": [], + "bccUser": [], + "replyToEmail": null, + "replyToNickname": null, + "isRead": null, + "isDeleted": true, + "isIncoming": true, + "isInternal": false, + "isOutgoing": false, + "isQuarantined": true, + "isQuarantineNotification": false, + "isRestored": false, + "isRestoreRequested": false, + "isRestoreDeclined": false, + "saasSpamVerdict": "-1", + "SpfResult": "pass", + "restoreRequestTime": null + }, + "entitySecurityResult": { + "combinedVerdict": { + "ap": "clean", + "dlp": "clean", + "clicktimeProtection": "no_links_replaced", + "shadowIt": "clean", + "av": "malicious" + }, + "ap": [ + { + "entityId": "3afce0e438f6ea96076ebe8ae3fe3124", + "entityType": "office365_emails_email", + "payload": { + "reasons_by_category_list": [ + "Email Headers", + "Domain Impersonation", + "Sender Reputation" + ], + "reasons_by_category": { + "Email Headers": [ + { + "short_text": "Missing DMARC", + "full_text": "The email's header suggest that DMARC signature is missing/invalid" + } + ], + "Domain Impersonation": [ + { + "short_text": "SPF check failed when checking sending IP: 10.10.10.10 for domain avtestqa.com", + "full_text": "The email 'from' address doesn't pass the SPF-check" + } + ], + "Sender Reputation": [ + { + "short_text": "Insignificant historical reputation with sender", + "full_text": "The sending email address hasn't established significant historical reputation with your domain" + }, + { + "short_text": "Low-traffic 'From'-domain", + "full_text": "The sender's domain has very low traffic - often indicating low-trust domains" + } + ] + }, + "reasons": [ + "First Time Sender" + ] + }, + "score": "38.152973", + "securityResultEntityId": "3afce0e438f6ea96076ebe8ae3fe3124", + "securityResultEntityType": "avanan_ap_scan", + "statusCode": "0", + "statusDescription": null, + "verdict": "clean" + } + ], + "dlp": [ + { + "entityId": "9e64ff90ff47a3e2b168a0d1625bcad050444c1d", + "entityType": "office365_emails_attachment", + "payload": { + "matches_dlp_rules": [], + "found_text": [], + "scan_details": [], + "hit_count": 0 + }, + "score": "0", + "securityResultEntityId": "9e64ff90ff47a3e2b168a0d1625bcad050444c1d", + "securityResultEntityType": "avanan_dlp", + "statusCode": "0", + "statusDescription": "Clean", + "verdict": "clean" + }, + { + "entityId": "3afce0e438f6ea96076ebe8ae3fe3124", + "entityType": "office365_emails_email", + "payload": { + "matches_dlp_rules": [], + "found_text": [], + "scan_details": [], + "hit_count": 0 + }, + "score": "0", + "securityResultEntityId": "3afce0e438f6ea96076ebe8ae3fe3124", + "securityResultEntityType": "avanan_dlp", + "statusCode": "0", + "statusDescription": "Clean", + "verdict": "clean" + } + ], + "clicktimeProtection": [ + { + "entityId": "3afce0e438f6ea96076ebe8ae3fe3124", + "entityType": "office365_emails_email", + "payload": null, + "score": "0", + "securityResultEntityId": "3afce0e438f6ea96076ebe8ae3fe3124", + "securityResultEntityType": "clicktime_protection_scan", + "statusCode": "0", + "statusDescription": null, + "verdict": "no_links_replaced" + } + ], + "shadowIt": [ + { + "entityId": "3afce0e438f6ea96076ebe8ae3fe3124", + "entityType": "office365_emails_email", + "payload": { + "from": "Automation@avtestqa.com", + "subject": "aut_quar_prod3_17__070823_00_54_19_146130", + "domain": "" + }, + "score": "0", + "securityResultEntityId": "3afce0e438f6ea96076ebe8ae3fe3124", + "securityResultEntityType": "shadow_it_emails_scan", + "statusCode": "clean", + "statusDescription": "Clean", + "verdict": "clean" + } + ], + "av": [ + { + "entityId": "9e64ff90ff47a3e2b168a0d1625bcad050444c1d", + "entityType": "office365_emails_attachment", + "payload": { + "scan_details": [ + "Dummy Core Detection" + ] + }, + "score": "100", + "securityResultEntityId": "9e64ff90ff47a3e2b168a0d1625bcad050444c1d", + "securityResultEntityType": "checkpoint2", + "statusCode": "0", + "statusDescription": "Dummy Core Detection", + "verdict": "malicious" + } + ] + }, + "entityActions": [ + { + "entityActionName": "quarantine", + "entityActionDate": "2023-08-07T00:54:42.293457Z", + "entityActionResponseCode": null, + "entityActionResponseText": null, + "entityActionState": "quarantined" + } + ], + "entityAvailableActions": [] + }, + { + "entityInfo": { + "entityId": "6ac87cdcd82a6fab8c7b09a3570764e0", + "customerId": "prod-3-con-lab44", + "customerOem": "Avanan", + "saas": "office365_emails", + "saasEntityType": "office365_emails_email", + "entityCreated": "2023-08-07T00:54:29.824380Z", + "entityUpdated": "2023-08-07T00:54:43.199954Z", + "entityActionState": "links_replaced" + }, + "entityPayload": { + "internetMessageId": "<01000189cd7cdbe8-e82d2d81-ce6d-4e68-bb14-09bbaccea2d3-000000@email.amazonses.com>-alert", + "subject": "Phishing Alert! [aut_phish_prod3_17__070823_00_54_19_320200]", + "received": "2023-08-07T00:54:21Z", + "size": null, + "emailLinks": [ + "http://operatf.xyz/redirect53dfhbhfhfhb" + ], + "attachmentCount": 0, + "attachments": [], + "mode": "inline", + "recipients": [ + "user2@avananlab44.onmicrosoft.com" + ], + "fromEmail": "Automation@avtestqa.com", + "fromDomain": "avtestqa.com", + "fromUser": {}, + "fromName": "", + "to": [ + "user2@avananlab44.onmicrosoft.com" + ], + "toUser": [ + { + "entity_id": "04df0456-6328-4cfe-a285-e41e3d035e9e", + "entity_type": "office365_emails_user", + "mail": null + } + ], + "cc": [], + "ccUser": [], + "bcc": [], + "bccUser": [], + "replyToEmail": null, + "replyToNickname": null, + "isRead": null, + "isDeleted": false, + "isIncoming": true, + "isInternal": false, + "isOutgoing": false, + "isQuarantined": false, + "isQuarantineNotification": false, + "isRestored": false, + "isRestoreRequested": false, + "isRestoreDeclined": false, + "saasSpamVerdict": "-1", + "SpfResult": "pass", + "restoreRequestTime": null + }, + "entitySecurityResult": { + "combinedVerdict": { + "ap": "phishing", + "dlp": "clean", + "clicktimeProtection": "links_replaced", + "shadowIt": "clean", + "av": null + }, + "ap": [ + { + "entityId": "6ac87cdcd82a6fab8c7b09a3570764e0", + "entityType": "office365_emails_email", + "payload": { + "reasons_by_category_list": [ + "Email Headers", + "Domain Impersonation", + "Sender Reputation", + "Links" + ], + "reasons_by_category": { + "Links": [ + { + "short_text": "Link to a low-traffic site", + "full_text": "The email contains link to low-traffic web-sites - often indicating low-trust domains" + } + ], + "Domain Impersonation": [ + { + "short_text": "SPF check failed when checking sending IP: 10.10.10.10 for domain avtestqa.com", + "full_text": "The email 'from' address doesn't pass the SPF-check" + } + ], + "Sender Reputation": [ + { + "short_text": "Insignificant historical reputation with sender", + "full_text": "The sending email address hasn't established significant historical reputation with your domain" + }, + { + "short_text": "Low-traffic 'From'-domain", + "full_text": "The sender's domain has very low traffic - often indicating low-trust domains" + } + ], + "Email Headers": [ + { + "short_text": "Missing DMARC", + "full_text": "The email's header suggest that DMARC signature is missing/invalid" + } + ] + }, + "reasons": [] + }, + "score": "234.309006", + "securityResultEntityId": "6ac87cdcd82a6fab8c7b09a3570764e0", + "securityResultEntityType": "avanan_ap_scan", + "statusCode": "0", + "statusDescription": null, + "verdict": "phishing" + } + ], + "dlp": [ + { + "entityId": "6ac87cdcd82a6fab8c7b09a3570764e0", + "entityType": "office365_emails_email", + "payload": { + "matches_dlp_rules": [], + "found_text": [], + "scan_details": [], + "hit_count": 0 + }, + "score": "0", + "securityResultEntityId": "6ac87cdcd82a6fab8c7b09a3570764e0", + "securityResultEntityType": "avanan_dlp", + "statusCode": "0", + "statusDescription": "Clean", + "verdict": "clean" + } + ], + "clicktimeProtection": [ + { + "entityId": "6ac87cdcd82a6fab8c7b09a3570764e0", + "entityType": "office365_emails_email", + "payload": null, + "score": "0", + "securityResultEntityId": "6ac87cdcd82a6fab8c7b09a3570764e0", + "securityResultEntityType": "clicktime_protection_scan", + "statusCode": "0", + "statusDescription": null, + "verdict": "links_replaced" + } + ], + "shadowIt": [ + { + "entityId": "6ac87cdcd82a6fab8c7b09a3570764e0", + "entityType": "office365_emails_email", + "payload": { + "from": "Automation@avtestqa.com", + "subject": "aut_phish_prod3_17__070823_00_54_19_320200", + "domain": "" + }, + "score": "0", + "securityResultEntityId": "6ac87cdcd82a6fab8c7b09a3570764e0", + "securityResultEntityType": "shadow_it_emails_scan", + "statusCode": "clean", + "statusDescription": "Clean", + "verdict": "clean" + } + ], + "av": null + }, + "entityActions": [ + { + "entityActionName": "subject_change", + "entityActionDate": "2023-08-07T00:54:29.824380Z", + "entityActionResponseCode": null, + "entityActionResponseText": null, + "entityActionState": "subject_changed" + }, + { + "entityActionName": "body_change", + "entityActionDate": "2023-08-07T00:54:29.824380Z", + "entityActionResponseCode": null, + "entityActionResponseText": null, + "entityActionState": "body_changed" + }, + { + "entityActionName": "links_replace", + "entityActionDate": "2023-08-07T00:54:29.824380Z", + "entityActionResponseCode": null, + "entityActionResponseText": null, + "entityActionState": "links_replaced" + } + ], + "entityAvailableActions": [] + }, + { + "entityInfo": { + "entityId": "1883a190b821f30ea867bffe34d60ddd", + "customerId": "prod-3-con-lab44", + "customerOem": "Avanan", + "saas": "office365_emails", + "saasEntityType": "office365_emails_email", + "entityCreated": "2023-08-07T00:54:30.841426Z", + "entityUpdated": "2023-08-07T00:54:43.798884Z", + "entityActionState": "quarantined" + }, + "entityPayload": { + "internetMessageId": "<01000189cd7cde04-0f8bbac4-2054-4472-bc57-2953217fc549-000000@email.amazonses.com>", + "subject": "aut_quar_prod3_17__070823_00_54_19_855951", + "received": "2023-08-07T00:54:21Z", + "size": null, + "emailLinks": [], + "attachmentCount": 1, + "attachments": [ + { + "name": "avanan_malicious_40_070823_00_54_19_1691369659.pdf", + "mimetype": "application/pdf", + "size": 2067, + "MD5": "3ddc54374219cf8406aa94028f463fca" + } + ], + "mode": "monitor", + "recipients": [ + "user3@avananlab44.onmicrosoft.com" + ], + "fromEmail": "Automation@avtestqa.com", + "fromDomain": "avtestqa.com", + "fromUser": {}, + "fromName": "", + "to": [ + "user3@avananlab44.onmicrosoft.com" + ], + "toUser": [ + { + "entity_id": "1ec5d519-54a5-40fa-9651-19d7286710df", + "entity_type": "office365_emails_user", + "mail": null + } + ], + "cc": [], + "ccUser": [], + "bcc": [], + "bccUser": [], + "replyToEmail": null, + "replyToNickname": null, + "isRead": null, + "isDeleted": true, + "isIncoming": true, + "isInternal": false, + "isOutgoing": false, + "isQuarantined": true, + "isQuarantineNotification": false, + "isRestored": false, + "isRestoreRequested": false, + "isRestoreDeclined": false, + "saasSpamVerdict": "-1", + "SpfResult": "pass", + "restoreRequestTime": null + }, + "entitySecurityResult": { + "combinedVerdict": { + "ap": "clean", + "dlp": null, + "clicktimeProtection": null, + "shadowIt": "clean", + "av": "malicious" + }, + "ap": [ + { + "entityId": "1883a190b821f30ea867bffe34d60ddd", + "entityType": "office365_emails_email", + "payload": { + "reasons_by_category_list": [ + "Email Headers", + "Domain Impersonation", + "Sender Reputation" + ], + "reasons_by_category": { + "Email Headers": [ + { + "short_text": "Missing DMARC", + "full_text": "The email's header suggest that DMARC signature is missing/invalid" + } + ], + "Domain Impersonation": [ + { + "short_text": "SPF check failed when checking sending IP: 10.10.10.10 for domain avtestqa.com", + "full_text": "The email 'from' address doesn't pass the SPF-check" + } + ], + "Sender Reputation": [ + { + "short_text": "Insignificant historical reputation with sender", + "full_text": "The sending email address hasn't established significant historical reputation with your domain" + }, + { + "short_text": "Low-traffic 'From'-domain", + "full_text": "The sender's domain has very low traffic - often indicating low-trust domains" + } + ] + }, + "reasons": [ + "First Time Sender" + ] + }, + "score": "37.397321", + "securityResultEntityId": "1883a190b821f30ea867bffe34d60ddd", + "securityResultEntityType": "avanan_ap_scan", + "statusCode": "0", + "statusDescription": null, + "verdict": "clean" + } + ], + "dlp": null, + "clicktimeProtection": null, + "shadowIt": [ + { + "entityId": "1883a190b821f30ea867bffe34d60ddd", + "entityType": "office365_emails_email", + "payload": { + "from": "Automation@avtestqa.com", + "subject": "aut_quar_prod3_17__070823_00_54_19_855951", + "domain": "" + }, + "score": "0", + "securityResultEntityId": "1883a190b821f30ea867bffe34d60ddd", + "securityResultEntityType": "shadow_it_emails_scan", + "statusCode": "clean", + "statusDescription": "Clean", + "verdict": "clean" + } + ], + "av": [ + { + "entityId": "f43ba83e7356aa36f4eb59047145d19b0a5097fb", + "entityType": "office365_emails_attachment", + "payload": { + "scan_details": [ + "Dummy Core Detection" + ] + }, + "score": "100", + "securityResultEntityId": "f43ba83e7356aa36f4eb59047145d19b0a5097fb", + "securityResultEntityType": "checkpoint2", + "statusCode": "0", + "statusDescription": "Dummy Core Detection", + "verdict": "malicious" + } + ] + }, + "entityActions": [ + { + "entityActionName": "quarantine", + "entityActionDate": "2023-08-07T00:54:37.811132Z", + "entityActionResponseCode": null, + "entityActionResponseText": null, + "entityActionState": "quarantined" + } + ], + "entityAvailableActions": [] + }, + { + "entityInfo": { + "entityId": "7591a93e7f7e480af4353e0290f38ae6", + "customerId": "prod-3-con-lab44", + "customerOem": "Avanan", + "saas": "office365_emails", + "saasEntityType": "office365_emails_email", + "entityCreated": "2023-08-07T00:55:15.350150Z", + "entityUpdated": "2023-08-07T00:55:24.493433Z", + "entityActionState": "body_changed" + }, + "entityPayload": { + "internetMessageId": "<01000189cd7cdd35-537343b9-7622-4c97-8243-a2faed339fd6-000000@email.amazonses.com>", + "subject": "Phishing Alert! [aut_phish_prod3_17__070823_00_54_19_660403]", + "received": "2023-08-07T00:54:21Z", + "size": null, + "emailLinks": [ + "http://operatf.xyz/redirect53dfhbhfhfhb" + ], + "attachmentCount": 0, + "attachments": [], + "mode": "monitor", + "recipients": [ + "user3@avananlab44.onmicrosoft.com" + ], + "fromEmail": "Automation@avtestqa.com", + "fromDomain": "avtestqa.com", + "fromUser": {}, + "fromName": "", + "to": [ + "user3@avananlab44.onmicrosoft.com" + ], + "toUser": [ + { + "entity_id": "1ec5d519-54a5-40fa-9651-19d7286710df", + "entity_type": "office365_emails_user", + "mail": null + } + ], + "cc": [], + "ccUser": [], + "bcc": [], + "bccUser": [], + "replyToEmail": null, + "replyToNickname": null, + "isRead": null, + "isDeleted": false, + "isIncoming": true, + "isInternal": false, + "isOutgoing": false, + "isQuarantined": false, + "isQuarantineNotification": false, + "isRestored": false, + "isRestoreRequested": false, + "isRestoreDeclined": false, + "saasSpamVerdict": "-1", + "SpfResult": "pass", + "restoreRequestTime": null + }, + "entitySecurityResult": { + "combinedVerdict": { + "ap": "phishing", + "dlp": null, + "clicktimeProtection": null, + "shadowIt": "clean", + "av": null + }, + "ap": [ + { + "entityId": "7591a93e7f7e480af4353e0290f38ae6", + "entityType": "office365_emails_email", + "payload": { + "reasons_by_category_list": [ + "Email Headers", + "Domain Impersonation", + "Sender Reputation", + "Links" + ], + "reasons_by_category": { + "Links": [ + { + "short_text": "Link to a low-traffic site", + "full_text": "The email contains link to low-traffic web-sites - often indicating low-trust domains" + } + ], + "Domain Impersonation": [ + { + "short_text": "SPF check failed when checking sending IP: 10.10.10.10 for domain avtestqa.com", + "full_text": "The email 'from' address doesn't pass the SPF-check" + } + ], + "Sender Reputation": [ + { + "short_text": "Insignificant historical reputation with sender", + "full_text": "The sending email address hasn't established significant historical reputation with your domain" + }, + { + "short_text": "Low-traffic 'From'-domain", + "full_text": "The sender's domain has very low traffic - often indicating low-trust domains" + } + ], + "Email Headers": [ + { + "short_text": "Missing DMARC", + "full_text": "The email's header suggest that DMARC signature is missing/invalid" + } + ] + }, + "reasons": [] + }, + "score": "207.210314", + "securityResultEntityId": "7591a93e7f7e480af4353e0290f38ae6", + "securityResultEntityType": "avanan_ap_scan", + "statusCode": "0", + "statusDescription": null, + "verdict": "phishing" + } + ], + "dlp": null, + "clicktimeProtection": null, + "shadowIt": [ + { + "entityId": "7591a93e7f7e480af4353e0290f38ae6", + "entityType": "office365_emails_email", + "payload": { + "from": "Automation@avtestqa.com", + "subject": "aut_phish_prod3_17__070823_00_54_19_660403", + "domain": "" + }, + "score": "0", + "securityResultEntityId": "7591a93e7f7e480af4353e0290f38ae6", + "securityResultEntityType": "shadow_it_emails_scan", + "statusCode": "clean", + "statusDescription": "Clean", + "verdict": "clean" + } + ], + "av": null + }, + "entityActions": [ + { + "entityActionName": "subject_change", + "entityActionDate": "2023-08-07T00:55:15.350150Z", + "entityActionResponseCode": null, + "entityActionResponseText": null, + "entityActionState": "subject_changed" + }, + { + "entityActionName": "body_change", + "entityActionDate": "2023-08-07T00:55:15.350150Z", + "entityActionResponseCode": null, + "entityActionResponseText": null, + "entityActionState": "body_changed" + } + ], + "entityAvailableActions": [] + }, + { + "entityInfo": { + "entityId": "cb08860eb761386df1874bc6a658f80a", + "customerId": "prod-3-con-lab44", + "customerOem": "Avanan", + "saas": "office365_emails", + "saasEntityType": "office365_emails_email", + "entityCreated": "2023-08-07T00:58:36.673369Z", + "entityUpdated": "2023-08-07T01:03:35.914763Z", + "entityActionState": null + }, + "entityPayload": { + "internetMessageId": "<01000189cd80a83c-d4a2ff7a-d639-4f57-ac55-33896fb5efd4-000000@email.amazonses.com>", + "subject": "aut_clean_prod3_17__070823_00_58_28_191873", + "received": "2023-08-07T00:58:29Z", + "size": null, + "emailLinks": [], + "attachmentCount": 0, + "attachments": [], + "mode": "inline", + "recipients": [ + "user4@avananlab44.onmicrosoft.com" + ], + "fromEmail": "Automation@avtestqa.com", + "fromDomain": "avtestqa.com", + "fromUser": {}, + "fromName": "", + "to": [ + "user4@avananlab44.onmicrosoft.com" + ], + "toUser": [ + { + "entity_id": "37bf0b54-5136-49e7-82c8-58f85d42b333", + "entity_type": "office365_emails_user", + "mail": null + } + ], + "cc": [], + "ccUser": [], + "bcc": [], + "bccUser": [], + "replyToEmail": null, + "replyToNickname": null, + "isRead": null, + "isDeleted": false, + "isIncoming": true, + "isInternal": false, + "isOutgoing": false, + "isQuarantined": false, + "isQuarantineNotification": false, + "isRestored": true, + "isRestoreRequested": false, + "isRestoreDeclined": false, + "saasSpamVerdict": "-1", + "SpfResult": "pass", + "restoreRequestTime": null + }, + "entitySecurityResult": { + "combinedVerdict": { + "ap": "clean", + "dlp": null, + "clicktimeProtection": null, + "shadowIt": "clean", + "av": null + }, + "ap": [ + { + "entityId": "cb08860eb761386df1874bc6a658f80a", + "entityType": "office365_emails_email", + "payload": { + "reasons_by_category_list": [ + "Email Headers", + "Domain Impersonation", + "Sender Reputation" + ], + "reasons_by_category": { + "Email Headers": [ + { + "short_text": "Missing DMARC", + "full_text": "The email's header suggest that DMARC signature is missing/invalid" + } + ], + "Domain Impersonation": [ + { + "short_text": "SPF check failed when checking sending IP: 10.10.10.10 for domain avtestqa.com", + "full_text": "The email 'from' address doesn't pass the SPF-check" + } + ], + "Sender Reputation": [ + { + "short_text": "Insignificant historical reputation with sender", + "full_text": "The sending email address hasn't established significant historical reputation with your domain" + }, + { + "short_text": "Low-traffic 'From'-domain", + "full_text": "The sender's domain has very low traffic - often indicating low-trust domains" + } + ] + }, + "reasons": [ + "First Time Sender" + ] + }, + "score": "108.677335", + "securityResultEntityId": "cb08860eb761386df1874bc6a658f80a", + "securityResultEntityType": "avanan_ap_scan", + "statusCode": "0", + "statusDescription": null, + "verdict": "clean" + } + ], + "dlp": null, + "clicktimeProtection": null, + "shadowIt": [ + { + "entityId": "cb08860eb761386df1874bc6a658f80a", + "entityType": "office365_emails_email", + "payload": { + "from": "Automation@avtestqa.com", + "subject": "aut_clean_prod3_17__070823_00_58_28_191873", + "domain": "" + }, + "score": "0", + "securityResultEntityId": "cb08860eb761386df1874bc6a658f80a", + "securityResultEntityType": "shadow_it_emails_scan", + "statusCode": "clean", + "statusDescription": "Clean", + "verdict": "clean" + } + ], + "av": null + }, + "entityActions": [], + "entityAvailableActions": [] + }, + { + "entityInfo": { + "entityId": "11ccb8f77d8324207ef36ab3d8575732", + "customerId": "prod-3-con-lab44", + "customerOem": "Avanan", + "saas": "office365_emails", + "saasEntityType": "office365_emails_email", + "entityCreated": "2023-08-07T01:01:11.742127Z", + "entityUpdated": "2023-08-07T01:01:22.255795Z", + "entityActionState": null + }, + "entityPayload": { + "internetMessageId": "<00000000.00000000000000.00000000000000.00000000@mail.example.com>", + "subject": "AUT-clean-qa1-4-_070823_01_01_04_511406", + "received": "2023-08-07T01:01:05Z", + "size": null, + "emailLinks": [], + "attachmentCount": 0, + "attachments": [], + "mode": "monitor", + "recipients": [ + "user3@avananlab44.onmicrosoft.com" + ], + "fromEmail": "Automation@avtestqa.com", + "fromDomain": "avtestqa.com", + "fromUser": {}, + "fromName": "", + "to": [ + "user3@avananlab44.onmicrosoft.com" + ], + "toUser": [ + { + "entity_id": "1ec5d519-54a5-40fa-9651-19d7286710df", + "entity_type": "office365_emails_user", + "mail": null + } + ], + "cc": [], + "ccUser": [], + "bcc": [], + "bccUser": [], + "replyToEmail": "Automation@avtestqa.com", + "replyToNickname": "", + "isRead": null, + "isDeleted": false, + "isIncoming": true, + "isInternal": false, + "isOutgoing": false, + "isQuarantined": false, + "isQuarantineNotification": false, + "isRestored": false, + "isRestoreRequested": false, + "isRestoreDeclined": false, + "saasSpamVerdict": "-1", + "SpfResult": "pass", + "restoreRequestTime": null + }, + "entitySecurityResult": { + "combinedVerdict": { + "ap": "clean", + "dlp": null, + "clicktimeProtection": null, + "shadowIt": "clean", + "av": null + }, + "ap": [ + { + "entityId": "11ccb8f77d8324207ef36ab3d8575732", + "entityType": "office365_emails_email", + "payload": { + "reasons_by_category_list": [ + "Email Headers", + "Sender Reputation" + ], + "reasons_by_category": { + "Email Headers": [ + { + "short_text": "Missing DMARC", + "full_text": "The email's header suggest that DMARC signature is missing/invalid" + } + ], + "Sender Reputation": [ + { + "short_text": "Insignificant historical reputation with sender", + "full_text": "The sending email address hasn't established significant historical reputation with your domain" + }, + { + "short_text": "Low-traffic 'From'-domain", + "full_text": "The sender's domain has very low traffic - often indicating low-trust domains" + } + ] + }, + "reasons": [ + "First Time Sender" + ] + }, + "score": "42.792424", + "securityResultEntityId": "11ccb8f77d8324207ef36ab3d8575732", + "securityResultEntityType": "avanan_ap_scan", + "statusCode": "0", + "statusDescription": null, + "verdict": "clean" + } + ], + "dlp": null, + "clicktimeProtection": null, + "shadowIt": [ + { + "entityId": "11ccb8f77d8324207ef36ab3d8575732", + "entityType": "office365_emails_email", + "payload": { + "from": "Automation@avtestqa.com", + "subject": "AUT-clean-qa1-4-_070823_01_01_04_511406", + "domain": "" + }, + "score": "0", + "securityResultEntityId": "11ccb8f77d8324207ef36ab3d8575732", + "securityResultEntityType": "shadow_it_emails_scan", + "statusCode": "clean", + "statusDescription": "Clean", + "verdict": "clean" + } + ], + "av": null + }, + "entityActions": [], + "entityAvailableActions": [] + }, + { + "entityInfo": { + "entityId": "087400ea554227eb0adae2be07469526", + "customerId": "prod-3-con-lab44", + "customerOem": "Avanan", + "saas": "office365_emails", + "saasEntityType": "office365_emails_email", + "entityCreated": "2023-08-07T01:01:24.246920Z", + "entityUpdated": "2023-08-07T01:02:44.671831Z", + "entityActionState": "links_replaced" + }, + "entityPayload": { + "internetMessageId": "<00000000.00000000000000.00000000000000.00000000@mail.example.com>", + "subject": "AUT-clicktime-qa-1_070823_04_01_18_397334", + "received": "2023-08-07T01:01:19Z", + "size": null, + "emailLinks": [ + "http://www.xvira-malwareavrad.com", + "https://google.com", + "https://stackoverflow.com" + ], + "attachmentCount": 0, + "attachments": [], + "mode": "inline", + "recipients": [ + "user2@avananlab44.onmicrosoft.com" + ], + "fromEmail": "Automation@avtestqa.com", + "fromDomain": "avtestqa.com", + "fromUser": {}, + "fromName": "", + "to": [ + "user2@avananlab44.onmicrosoft.com" + ], + "toUser": [ + { + "entity_id": "04df0456-6328-4cfe-a285-e41e3d035e9e", + "entity_type": "office365_emails_user", + "mail": null + } + ], + "cc": [], + "ccUser": [], + "bcc": [], + "bccUser": [], + "replyToEmail": "Automation@avtestqa.com", + "replyToNickname": "", + "isRead": null, + "isDeleted": false, + "isIncoming": true, + "isInternal": false, + "isOutgoing": false, + "isQuarantined": false, + "isQuarantineNotification": false, + "isRestored": false, + "isRestoreRequested": false, + "isRestoreDeclined": false, + "saasSpamVerdict": "-1", + "SpfResult": "pass", + "restoreRequestTime": null + }, + "entitySecurityResult": { + "combinedVerdict": { + "ap": "clean", + "dlp": "clean", + "clicktimeProtection": "malicious_url", + "shadowIt": "clean", + "av": null + }, + "ap": [ + { + "entityId": "087400ea554227eb0adae2be07469526", + "entityType": "office365_emails_email", + "payload": { + "reasons_by_category_list": [ + "Email Headers", + "Sender Reputation", + "Links", + "Email Text" + ], + "reasons_by_category": { + "Links": [ + { + "short_text": "Link to a low-traffic site", + "full_text": "The email contains link to low-traffic web-sites - often indicating low-trust domains" + }, + { + "short_text": "Suspicious-looking link", + "full_text": "The email presents a link that can be misleading (link text vs. actual URL)" + } + ], + "Sender Reputation": [ + { + "short_text": "Insignificant historical reputation with sender", + "full_text": "The sending email address hasn't established significant historical reputation with your domain" + }, + { + "short_text": "Low-traffic 'From'-domain", + "full_text": "The sender's domain has very low traffic - often indicating low-trust domains" + } + ], + "Email Text": [ + { + "short_text": "Suspicious-looking email text", + "full_text": "NLP analysis of the email text indicates a suspicious-looking email content" + } + ], + "Email Headers": [ + { + "short_text": "Missing DMARC", + "full_text": "The email's header suggest that DMARC signature is missing/invalid" + } + ] + }, + "reasons": [ + "First Time Sender" + ] + }, + "score": "275.646318", + "securityResultEntityId": "087400ea554227eb0adae2be07469526", + "securityResultEntityType": "avanan_ap_scan", + "statusCode": "0", + "statusDescription": null, + "verdict": "clean" + } + ], + "dlp": [ + { + "entityId": "087400ea554227eb0adae2be07469526", + "entityType": "office365_emails_email", + "payload": { + "matches_dlp_rules": [], + "found_text": [], + "scan_details": [], + "hit_count": 0 + }, + "score": "0", + "securityResultEntityId": "087400ea554227eb0adae2be07469526", + "securityResultEntityType": "avanan_dlp", + "statusCode": "0", + "statusDescription": "Clean", + "verdict": "clean" + } + ], + "clicktimeProtection": [ + { + "entityId": "087400ea554227eb0adae2be07469526", + "entityType": "office365_emails_email", + "payload": { + "malicious_url_clicks": [ + "http://www.xvira-malwareavrad.com" + ] + }, + "score": "0", + "securityResultEntityId": "087400ea554227eb0adae2be07469526", + "securityResultEntityType": "clicktime_protection_scan", + "statusCode": "0", + "statusDescription": null, + "verdict": "malicious_url" + }, + { + "entityId": "087400ea554227eb0adae2be07469526", + "entityType": "office365_emails_email", + "payload": { + "result": { + "entity_type": "office365_emails_email", + "guid": "9480", + "ip_address": "10.10.10.10, 10.10.10.11", + "entity_id": "087400ea554227eb0adae2be07469526", + "event": "block", + "brand": "avanan", + "request_id": "7b13c7823fd738c4", + "url": "http://www.xvira-malwareavrad.com/", + "user_agent": "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/81.0.4044.92 Safari/537.36", + "customer": "prod-3-con-lab44", + "farm_id": "mt-prod-3", + "detection_info": null + }, + "link": "http://www.xvira-malwareavrad.com", + "client_ip_address": null, + "user_agent": "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/81.0.4044.92 Safari/537.36", + "detection_info": "{}" + }, + "score": "0.0", + "securityResultEntityId": "f7f0fba3af324bddaee1e8fdb1db7b92", + "securityResultEntityType": "clicktime_protection_scan_clicks", + "statusCode": "0", + "statusDescription": null, + "verdict": "malicious_url" + }, + { + "entityId": "087400ea554227eb0adae2be07469526", + "entityType": "office365_emails_email", + "payload": { + "result": { + "entity_type": "office365_emails_email", + "guid": "c477", + "ip_address": "10.10.10.10, 10.10.10.11", + "entity_id": "087400ea554227eb0adae2be07469526", + "event": "block", + "brand": "avanan", + "request_id": "45e07307bfd3f552", + "url": "http://www.xvira-malwareavrad.com/", + "user_agent": "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/81.0.4044.92 Safari/537.36", + "customer": "prod-3-con-lab44", + "farm_id": "mt-prod-3", + "detection_info": null + }, + "link": "http://www.xvira-malwareavrad.com", + "client_ip_address": null, + "user_agent": "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/81.0.4044.92 Safari/537.36", + "detection_info": "{}" + }, + "score": "0.0", + "securityResultEntityId": "ae46baba09cb49a0867f62d9f8671bf1", + "securityResultEntityType": "clicktime_protection_scan_clicks", + "statusCode": "0", + "statusDescription": null, + "verdict": "malicious_url" + } + ], + "shadowIt": [ + { + "entityId": "087400ea554227eb0adae2be07469526", + "entityType": "office365_emails_email", + "payload": { + "from": "Automation@avtestqa.com", + "subject": "AUT-clicktime-qa-1_070823_04_01_18_397334", + "domain": "" + }, + "score": "0", + "securityResultEntityId": "087400ea554227eb0adae2be07469526", + "securityResultEntityType": "shadow_it_emails_scan", + "statusCode": "clean", + "statusDescription": "Clean", + "verdict": "clean" + } + ], + "av": null + }, + "entityActions": [ + { + "entityActionName": "body_change", + "entityActionDate": "2023-08-07T01:01:24.246920Z", + "entityActionResponseCode": null, + "entityActionResponseText": null, + "entityActionState": "body_changed" + }, + { + "entityActionName": "links_replace", + "entityActionDate": "2023-08-07T01:01:24.246920Z", + "entityActionResponseCode": null, + "entityActionResponseText": null, + "entityActionState": "links_replaced" + } + ], + "entityAvailableActions": [] + }, + { + "entityInfo": { + "entityId": "128abc0143af989ab3cadd43708cd89e", + "customerId": "prod-3-con-lab44", + "customerOem": "Avanan", + "saas": "office365_emails", + "saasEntityType": "office365_emails_email", + "entityCreated": "2023-08-07T01:01:25.287665Z", + "entityUpdated": "2023-08-07T01:01:41.820281Z", + "entityActionState": null + }, + "entityPayload": { + "internetMessageId": "<00000000.00000000000000.00000000000000.00000000@mail.example.com>", + "subject": "AUT-clicktime-qa-1-ignorelist_070823_04_01_18_818776", + "received": "2023-08-07T01:01:19Z", + "size": null, + "emailLinks": [ + "https://mail.google.com", + "https://www.youtube.com", + "https://yardiasp14.com" + ], + "attachmentCount": 0, + "attachments": [], + "mode": "inline", + "recipients": [ + "user2@avananlab44.onmicrosoft.com" + ], + "fromEmail": "Automation@avtestqa.com", + "fromDomain": "avtestqa.com", + "fromUser": {}, + "fromName": "", + "to": [ + "user2@avananlab44.onmicrosoft.com" + ], + "toUser": [ + { + "entity_id": "04df0456-6328-4cfe-a285-e41e3d035e9e", + "entity_type": "office365_emails_user", + "mail": null + } + ], + "cc": [], + "ccUser": [], + "bcc": [], + "bccUser": [], + "replyToEmail": "Automation@avtestqa.com", + "replyToNickname": "", + "isRead": null, + "isDeleted": false, + "isIncoming": true, + "isInternal": false, + "isOutgoing": false, + "isQuarantined": false, + "isQuarantineNotification": false, + "isRestored": false, + "isRestoreRequested": false, + "isRestoreDeclined": false, + "saasSpamVerdict": "-1", + "SpfResult": "pass", + "restoreRequestTime": null + }, + "entitySecurityResult": { + "combinedVerdict": { + "ap": "clean", + "dlp": "clean", + "clicktimeProtection": "no_links_replaced", + "shadowIt": "clean", + "av": null + }, + "ap": [ + { + "entityId": "128abc0143af989ab3cadd43708cd89e", + "entityType": "office365_emails_email", + "payload": { + "reasons_by_category_list": [ + "Email Headers", + "Sender Reputation" + ], + "reasons_by_category": { + "Email Headers": [ + { + "short_text": "Missing DMARC", + "full_text": "The email's header suggest that DMARC signature is missing/invalid" + } + ], + "Sender Reputation": [ + { + "short_text": "Insignificant historical reputation with sender", + "full_text": "The sending email address hasn't established significant historical reputation with your domain" + }, + { + "short_text": "Low-traffic 'From'-domain", + "full_text": "The sender's domain has very low traffic - often indicating low-trust domains" + } + ] + }, + "reasons": [ + "First Time Sender" + ] + }, + "score": "68.697515", + "securityResultEntityId": "128abc0143af989ab3cadd43708cd89e", + "securityResultEntityType": "avanan_ap_scan", + "statusCode": "0", + "statusDescription": null, + "verdict": "clean" + } + ], + "dlp": [ + { + "entityId": "128abc0143af989ab3cadd43708cd89e", + "entityType": "office365_emails_email", + "payload": { + "matches_dlp_rules": [], + "found_text": [], + "scan_details": [], + "hit_count": 0 + }, + "score": "0", + "securityResultEntityId": "128abc0143af989ab3cadd43708cd89e", + "securityResultEntityType": "avanan_dlp", + "statusCode": "0", + "statusDescription": "Clean", + "verdict": "clean" + } + ], + "clicktimeProtection": [ + { + "entityId": "128abc0143af989ab3cadd43708cd89e", + "entityType": "office365_emails_email", + "payload": null, + "score": "0", + "securityResultEntityId": "128abc0143af989ab3cadd43708cd89e", + "securityResultEntityType": "clicktime_protection_scan", + "statusCode": "0", + "statusDescription": null, + "verdict": "no_links_replaced" + } + ], + "shadowIt": [ + { + "entityId": "128abc0143af989ab3cadd43708cd89e", + "entityType": "office365_emails_email", + "payload": { + "from": "Automation@avtestqa.com", + "subject": "AUT-clicktime-qa-1-ignorelist_070823_04_01_18_818776", + "domain": "" + }, + "score": "0", + "securityResultEntityId": "128abc0143af989ab3cadd43708cd89e", + "securityResultEntityType": "shadow_it_emails_scan", + "statusCode": "clean", + "statusDescription": "Clean", + "verdict": "clean" + } + ], + "av": null + }, + "entityActions": [], + "entityAvailableActions": [] + }, + { + "entityInfo": { + "entityId": "f429a07ec0f09b85d5ca2272ab3958dd", + "customerId": "prod-3-con-lab44", + "customerOem": "Avanan", + "saas": "office365_emails", + "saasEntityType": "office365_emails_email", + "entityCreated": "2023-08-07T01:01:26.746646Z", + "entityUpdated": "2023-08-07T01:01:38.823390Z", + "entityActionState": "links_replaced" + }, + "entityPayload": { + "internetMessageId": "<00000000.00000000000000.00000000000000.00000000@mail.example.com>", + "subject": "AUT-clicktime-qa-1-whitelist_070823_04_01_19_174675", + "received": "2023-08-07T01:01:20Z", + "size": null, + "emailLinks": [ + "http://www.xvirb-malwareavrad.com" + ], + "attachmentCount": 0, + "attachments": [], + "mode": "inline", + "recipients": [ + "user2@avananlab44.onmicrosoft.com" + ], + "fromEmail": "Automation@avtestqa.com", + "fromDomain": "avtestqa.com", + "fromUser": {}, + "fromName": "", + "to": [ + "user2@avananlab44.onmicrosoft.com" + ], + "toUser": [ + { + "entity_id": "04df0456-6328-4cfe-a285-e41e3d035e9e", + "entity_type": "office365_emails_user", + "mail": null + } + ], + "cc": [], + "ccUser": [], + "bcc": [], + "bccUser": [], + "replyToEmail": "Automation@avtestqa.com", + "replyToNickname": "", + "isRead": null, + "isDeleted": false, + "isIncoming": true, + "isInternal": false, + "isOutgoing": false, + "isQuarantined": false, + "isQuarantineNotification": false, + "isRestored": false, + "isRestoreRequested": false, + "isRestoreDeclined": false, + "saasSpamVerdict": "-1", + "SpfResult": "pass", + "restoreRequestTime": null + }, + "entitySecurityResult": { + "combinedVerdict": { + "ap": "clean", + "dlp": "clean", + "clicktimeProtection": "links_replaced", + "shadowIt": "clean", + "av": null + }, + "ap": [ + { + "entityId": "f429a07ec0f09b85d5ca2272ab3958dd", + "entityType": "office365_emails_email", + "payload": { + "reasons_by_category_list": [ + "Email Headers", + "Sender Reputation", + "Links" + ], + "reasons_by_category": { + "Email Headers": [ + { + "short_text": "Missing DMARC", + "full_text": "The email's header suggest that DMARC signature is missing/invalid" + } + ], + "Links": [ + { + "short_text": "Link to a low-traffic site", + "full_text": "The email contains link to low-traffic web-sites - often indicating low-trust domains" + } + ], + "Sender Reputation": [ + { + "short_text": "Insignificant historical reputation with sender", + "full_text": "The sending email address hasn't established significant historical reputation with your domain" + }, + { + "short_text": "Low-traffic 'From'-domain", + "full_text": "The sender's domain has very low traffic - often indicating low-trust domains" + } + ] + }, + "reasons": [ + "First Time Sender" + ] + }, + "score": "148.308417", + "securityResultEntityId": "f429a07ec0f09b85d5ca2272ab3958dd", + "securityResultEntityType": "avanan_ap_scan", + "statusCode": "0", + "statusDescription": null, + "verdict": "clean" + } + ], + "dlp": [ + { + "entityId": "f429a07ec0f09b85d5ca2272ab3958dd", + "entityType": "office365_emails_email", + "payload": { + "matches_dlp_rules": [], + "found_text": [], + "scan_details": [], + "hit_count": 0 + }, + "score": "0", + "securityResultEntityId": "f429a07ec0f09b85d5ca2272ab3958dd", + "securityResultEntityType": "avanan_dlp", + "statusCode": "0", + "statusDescription": "Clean", + "verdict": "clean" + } + ], + "clicktimeProtection": [ + { + "entityId": "f429a07ec0f09b85d5ca2272ab3958dd", + "entityType": "office365_emails_email", + "payload": null, + "score": "0", + "securityResultEntityId": "f429a07ec0f09b85d5ca2272ab3958dd", + "securityResultEntityType": "clicktime_protection_scan", + "statusCode": "0", + "statusDescription": null, + "verdict": "links_replaced" + } + ], + "shadowIt": [ + { + "entityId": "f429a07ec0f09b85d5ca2272ab3958dd", + "entityType": "office365_emails_email", + "payload": { + "from": "Automation@avtestqa.com", + "subject": "AUT-clicktime-qa-1-whitelist_070823_04_01_19_174675", + "domain": "" + }, + "score": "0", + "securityResultEntityId": "f429a07ec0f09b85d5ca2272ab3958dd", + "securityResultEntityType": "shadow_it_emails_scan", + "statusCode": "clean", + "statusDescription": "Clean", + "verdict": "clean" + } + ], + "av": null + }, + "entityActions": [ + { + "entityActionName": "body_change", + "entityActionDate": "2023-08-07T01:01:26.746646Z", + "entityActionResponseCode": null, + "entityActionResponseText": null, + "entityActionState": "body_changed" + }, + { + "entityActionName": "links_replace", + "entityActionDate": "2023-08-07T01:01:26.746646Z", + "entityActionResponseCode": null, + "entityActionResponseText": null, + "entityActionState": "links_replaced" + } + ], + "entityAvailableActions": [] + }, + { + "entityInfo": { + "entityId": "bef4d11a149787aa89b9e648c8dacb26", + "customerId": "prod-3-con-lab44", + "customerOem": "Avanan", + "saas": "office365_emails", + "saasEntityType": "office365_emails_email", + "entityCreated": "2023-08-07T01:01:27.613323Z", + "entityUpdated": "2023-08-07T01:01:41.806748Z", + "entityActionState": "links_replaced" + }, + "entityPayload": { + "internetMessageId": "<00000000.00000000000000.00000000000000.00000000@mail.example.com>", + "subject": "AUT-clicktime-qa-1-special-urls_070823_04_01_19_845846", + "received": "2023-08-07T01:01:21Z", + "size": null, + "emailLinks": [ + "https://hengold.github.io/clicktime_url/?url=!*", + "https://hengold.github.io/clicktime_url/?url=!*'();:@&=+$,/?%#[]/", + "https://hengold.github.io/clicktime_url/?\u043f\u0440\u0430\u0432\u0438\u0442\u0435\u043b\u044c\u0441\u0442\u0432\u043e/", + "https://hengold.github.io/clicktime_url/?\u05d1\u05e2\u05d1\u05e8\u05d9\u05ea/", + "https://hengold.github.io/clicktime_url/?\u4e2d\u6587/" + ], + "attachmentCount": 0, + "attachments": [], + "mode": "inline", + "recipients": [ + "user2@avananlab44.onmicrosoft.com" + ], + "fromEmail": "Automation@avtestqa.com", + "fromDomain": "avtestqa.com", + "fromUser": {}, + "fromName": "", + "to": [ + "user2@avananlab44.onmicrosoft.com" + ], + "toUser": [ + { + "entity_id": "04df0456-6328-4cfe-a285-e41e3d035e9e", + "entity_type": "office365_emails_user", + "mail": null + } + ], + "cc": [], + "ccUser": [], + "bcc": [], + "bccUser": [], + "replyToEmail": "Automation@avtestqa.com", + "replyToNickname": "", + "isRead": null, + "isDeleted": false, + "isIncoming": true, + "isInternal": false, + "isOutgoing": false, + "isQuarantined": false, + "isQuarantineNotification": false, + "isRestored": false, + "isRestoreRequested": false, + "isRestoreDeclined": false, + "saasSpamVerdict": "-1", + "SpfResult": "pass", + "restoreRequestTime": null + }, + "entitySecurityResult": { + "combinedVerdict": { + "ap": "clean", + "dlp": "clean", + "clicktimeProtection": "links_replaced", + "shadowIt": "clean", + "av": null + }, + "ap": [ + { + "entityId": "bef4d11a149787aa89b9e648c8dacb26", + "entityType": "office365_emails_email", + "payload": { + "reasons_by_category_list": [ + "Email Headers", + "Sender Reputation", + "Links" + ], + "reasons_by_category": { + "Email Headers": [ + { + "short_text": "Missing DMARC", + "full_text": "The email's header suggest that DMARC signature is missing/invalid" + } + ], + "Links": [ + { + "short_text": "Suspicious-looking link", + "full_text": "Some of the links in the email has suspicious format - often used by Phishing emails" + }, + { + "short_text": "Link to a low-traffic site", + "full_text": "The email contains link to low-traffic web-sites - often indicating low-trust domains" + } + ], + "Sender Reputation": [ + { + "short_text": "Insignificant historical reputation with sender", + "full_text": "The sending email address hasn't established significant historical reputation with your domain" + }, + { + "short_text": "Low-traffic 'From'-domain", + "full_text": "The sender's domain has very low traffic - often indicating low-trust domains" + } + ] + }, + "reasons": [ + "First Time Sender" + ] + }, + "score": "45.599355", + "securityResultEntityId": "bef4d11a149787aa89b9e648c8dacb26", + "securityResultEntityType": "avanan_ap_scan", + "statusCode": "0", + "statusDescription": null, + "verdict": "clean" + } + ], + "dlp": [ + { + "entityId": "bef4d11a149787aa89b9e648c8dacb26", + "entityType": "office365_emails_email", + "payload": { + "matches_dlp_rules": [], + "found_text": [], + "scan_details": [], + "hit_count": 0 + }, + "score": "0", + "securityResultEntityId": "bef4d11a149787aa89b9e648c8dacb26", + "securityResultEntityType": "avanan_dlp", + "statusCode": "0", + "statusDescription": "Clean", + "verdict": "clean" + } + ], + "clicktimeProtection": [ + { + "entityId": "bef4d11a149787aa89b9e648c8dacb26", + "entityType": "office365_emails_email", + "payload": null, + "score": "0", + "securityResultEntityId": "bef4d11a149787aa89b9e648c8dacb26", + "securityResultEntityType": "clicktime_protection_scan", + "statusCode": "0", + "statusDescription": null, + "verdict": "links_replaced" + } + ], + "shadowIt": [ + { + "entityId": "bef4d11a149787aa89b9e648c8dacb26", + "entityType": "office365_emails_email", + "payload": { + "from": "Automation@avtestqa.com", + "subject": "AUT-clicktime-qa-1-special-urls_070823_04_01_19_845846", + "domain": "" + }, + "score": "0", + "securityResultEntityId": "bef4d11a149787aa89b9e648c8dacb26", + "securityResultEntityType": "shadow_it_emails_scan", + "statusCode": "clean", + "statusDescription": "Clean", + "verdict": "clean" + } + ], + "av": null + }, + "entityActions": [ + { + "entityActionName": "body_change", + "entityActionDate": "2023-08-07T01:01:27.613323Z", + "entityActionResponseCode": null, + "entityActionResponseText": null, + "entityActionState": "body_changed" + }, + { + "entityActionName": "links_replace", + "entityActionDate": "2023-08-07T01:01:27.613323Z", + "entityActionResponseCode": null, + "entityActionResponseText": null, + "entityActionState": "links_replaced" + } + ], + "entityAvailableActions": [] + }, + { + "entityInfo": { + "entityId": "813f8857dc2b8edd5d6eae35e4c8a5c9", + "customerId": "prod-3-con-lab44", + "customerOem": "Avanan", + "saas": "office365_emails", + "saasEntityType": "office365_emails_email", + "entityCreated": "2023-08-07T01:01:27.656534Z", + "entityUpdated": "2023-08-07T01:05:35.321752Z", + "entityActionState": "links_replaced" + }, + "entityPayload": { + "internetMessageId": "<00000000.00000000000000.00000000000000.00000000@mail.example.com>", + "subject": "AUT-clicktime-qa-1-blacklist_070823_04_01_19_505540", + "received": "2023-08-07T01:01:20Z", + "size": null, + "emailLinks": [ + "https://facebook.com" + ], + "attachmentCount": 0, + "attachments": [], + "mode": "inline", + "recipients": [ + "user2@avananlab44.onmicrosoft.com" + ], + "fromEmail": "Automation@avtestqa.com", + "fromDomain": "avtestqa.com", + "fromUser": {}, + "fromName": "", + "to": [ + "user2@avananlab44.onmicrosoft.com" + ], + "toUser": [ + { + "entity_id": "04df0456-6328-4cfe-a285-e41e3d035e9e", + "entity_type": "office365_emails_user", + "mail": null + } + ], + "cc": [], + "ccUser": [], + "bcc": [], + "bccUser": [], + "replyToEmail": "Automation@avtestqa.com", + "replyToNickname": "", + "isRead": null, + "isDeleted": false, + "isIncoming": true, + "isInternal": false, + "isOutgoing": false, + "isQuarantined": false, + "isQuarantineNotification": false, + "isRestored": false, + "isRestoreRequested": false, + "isRestoreDeclined": false, + "saasSpamVerdict": "-1", + "SpfResult": "pass", + "restoreRequestTime": null + }, + "entitySecurityResult": { + "combinedVerdict": { + "ap": "clean", + "dlp": "clean", + "clicktimeProtection": "malicious_url", + "shadowIt": "clean", + "av": null + }, + "ap": [ + { + "entityId": "813f8857dc2b8edd5d6eae35e4c8a5c9", + "entityType": "office365_emails_email", + "payload": { + "reasons_by_category_list": [ + "Email Headers", + "Sender Reputation" + ], + "reasons_by_category": { + "Email Headers": [ + { + "short_text": "Missing DMARC", + "full_text": "The email's header suggest that DMARC signature is missing/invalid" + } + ], + "Sender Reputation": [ + { + "short_text": "Insignificant historical reputation with sender", + "full_text": "The sending email address hasn't established significant historical reputation with your domain" + }, + { + "short_text": "Low-traffic 'From'-domain", + "full_text": "The sender's domain has very low traffic - often indicating low-trust domains" + } + ] + }, + "reasons": [ + "First Time Sender" + ] + }, + "score": "52.964422", + "securityResultEntityId": "813f8857dc2b8edd5d6eae35e4c8a5c9", + "securityResultEntityType": "avanan_ap_scan", + "statusCode": "0", + "statusDescription": null, + "verdict": "clean" + } + ], + "dlp": [ + { + "entityId": "813f8857dc2b8edd5d6eae35e4c8a5c9", + "entityType": "office365_emails_email", + "payload": { + "matches_dlp_rules": [], + "found_text": [], + "scan_details": [], + "hit_count": 0 + }, + "score": "0", + "securityResultEntityId": "813f8857dc2b8edd5d6eae35e4c8a5c9", + "securityResultEntityType": "avanan_dlp", + "statusCode": "0", + "statusDescription": "Clean", + "verdict": "clean" + } + ], + "clicktimeProtection": [ + { + "entityId": "813f8857dc2b8edd5d6eae35e4c8a5c9", + "entityType": "office365_emails_email", + "payload": null, + "score": "0", + "securityResultEntityId": "813f8857dc2b8edd5d6eae35e4c8a5c9", + "securityResultEntityType": "clicktime_protection_scan", + "statusCode": "0", + "statusDescription": null, + "verdict": "malicious_url" + } + ], + "shadowIt": [ + { + "entityId": "813f8857dc2b8edd5d6eae35e4c8a5c9", + "entityType": "office365_emails_email", + "payload": { + "subject": "AUT-clicktime-qa-1-blacklist_070823_04_01_19_505540", + "from": "Automation@avtestqa.com", + "domain": "" + }, + "score": "0", + "securityResultEntityId": "813f8857dc2b8edd5d6eae35e4c8a5c9", + "securityResultEntityType": "shadow_it_emails_scan", + "statusCode": "clean", + "statusDescription": "Clean", + "verdict": "clean" + } + ], + "av": null + }, + "entityActions": [ + { + "entityActionName": "body_change", + "entityActionDate": "2023-08-07T01:01:27.656534Z", + "entityActionResponseCode": null, + "entityActionResponseText": null, + "entityActionState": "body_changed" + }, + { + "entityActionName": "links_replace", + "entityActionDate": "2023-08-07T01:01:27.656534Z", + "entityActionResponseCode": null, + "entityActionResponseText": null, + "entityActionState": "links_replaced" + } + ], + "entityAvailableActions": [] + }, + { + "entityInfo": { + "entityId": "2ce0186f007a8bef228c02ab54e292c1", + "customerId": "prod-3-con-lab44", + "customerOem": "Avanan", + "saas": "office365_emails", + "saasEntityType": "office365_emails_email", + "entityCreated": "2023-08-07T01:04:54.388941Z", + "entityUpdated": "2023-08-07T01:05:00.694193Z", + "entityActionState": "links_replaced" + }, + "entityPayload": { + "internetMessageId": "<01000189cd8667f2-92d1fe86-9587-436e-b849-78190f64989d-000000@email.amazonses.com>-alert", + "subject": "Phishing Alert! [aut_phish_prod3_17__070823_01_04_44_980095]", + "received": "2023-08-07T01:04:45Z", + "size": null, + "emailLinks": [ + "http://operatf.xyz/redirect53dfhbhfhfhb" + ], + "attachmentCount": 0, + "attachments": [], + "mode": "inline", + "recipients": [ + "user2@avananlab44.onmicrosoft.com" + ], + "fromEmail": "Automation@avtestqa.com", + "fromDomain": "avtestqa.com", + "fromUser": {}, + "fromName": "", + "to": [ + "user2@avananlab44.onmicrosoft.com" + ], + "toUser": [ + { + "entity_id": "04df0456-6328-4cfe-a285-e41e3d035e9e", + "entity_type": "office365_emails_user", + "mail": null + } + ], + "cc": [], + "ccUser": [], + "bcc": [], + "bccUser": [], + "replyToEmail": null, + "replyToNickname": null, + "isRead": null, + "isDeleted": false, + "isIncoming": true, + "isInternal": false, + "isOutgoing": false, + "isQuarantined": false, + "isQuarantineNotification": false, + "isRestored": false, + "isRestoreRequested": false, + "isRestoreDeclined": false, + "saasSpamVerdict": "-1", + "SpfResult": "pass", + "restoreRequestTime": null + }, + "entitySecurityResult": { + "combinedVerdict": { + "ap": "phishing", + "dlp": "clean", + "clicktimeProtection": "links_replaced", + "shadowIt": "clean", + "av": null + }, + "ap": [ + { + "entityId": "2ce0186f007a8bef228c02ab54e292c1", + "entityType": "office365_emails_email", + "payload": { + "reasons_by_category_list": [ + "Email Headers", + "Domain Impersonation", + "Sender Reputation", + "Links" + ], + "reasons_by_category": { + "Links": [ + { + "short_text": "Link to a low-traffic site", + "full_text": "The email contains link to low-traffic web-sites - often indicating low-trust domains" + } + ], + "Domain Impersonation": [ + { + "short_text": "SPF check failed when checking sending IP: 10.10.10.10 for domain avtestqa.com", + "full_text": "The email 'from' address doesn't pass the SPF-check" + } + ], + "Sender Reputation": [ + { + "short_text": "Insignificant historical reputation with sender", + "full_text": "The sending email address hasn't established significant historical reputation with your domain" + }, + { + "short_text": "Low-traffic 'From'-domain", + "full_text": "The sender's domain has very low traffic - often indicating low-trust domains" + } + ], + "Email Headers": [ + { + "short_text": "Missing DMARC", + "full_text": "The email's header suggest that DMARC signature is missing/invalid" + } + ] + }, + "reasons": [] + }, + "score": "234.309006", + "securityResultEntityId": "2ce0186f007a8bef228c02ab54e292c1", + "securityResultEntityType": "avanan_ap_scan", + "statusCode": "0", + "statusDescription": null, + "verdict": "phishing" + } + ], + "dlp": [ + { + "entityId": "2ce0186f007a8bef228c02ab54e292c1", + "entityType": "office365_emails_email", + "payload": { + "matches_dlp_rules": [], + "found_text": [], + "scan_details": [], + "hit_count": 0 + }, + "score": "0", + "securityResultEntityId": "2ce0186f007a8bef228c02ab54e292c1", + "securityResultEntityType": "avanan_dlp", + "statusCode": "0", + "statusDescription": "Clean", + "verdict": "clean" + } + ], + "clicktimeProtection": [ + { + "entityId": "2ce0186f007a8bef228c02ab54e292c1", + "entityType": "office365_emails_email", + "payload": null, + "score": "0", + "securityResultEntityId": "2ce0186f007a8bef228c02ab54e292c1", + "securityResultEntityType": "clicktime_protection_scan", + "statusCode": "0", + "statusDescription": null, + "verdict": "links_replaced" + } + ], + "shadowIt": [ + { + "entityId": "2ce0186f007a8bef228c02ab54e292c1", + "entityType": "office365_emails_email", + "payload": { + "from": "Automation@avtestqa.com", + "subject": "aut_phish_prod3_17__070823_01_04_44_980095", + "domain": "" + }, + "score": "0", + "securityResultEntityId": "2ce0186f007a8bef228c02ab54e292c1", + "securityResultEntityType": "shadow_it_emails_scan", + "statusCode": "clean", + "statusDescription": "Clean", + "verdict": "clean" + } + ], + "av": null + }, + "entityActions": [ + { + "entityActionName": "subject_change", + "entityActionDate": "2023-08-07T01:04:54.388941Z", + "entityActionResponseCode": null, + "entityActionResponseText": null, + "entityActionState": "subject_changed" + }, + { + "entityActionName": "body_change", + "entityActionDate": "2023-08-07T01:04:54.388941Z", + "entityActionResponseCode": null, + "entityActionResponseText": null, + "entityActionState": "body_changed" + }, + { + "entityActionName": "links_replace", + "entityActionDate": "2023-08-07T01:04:54.388941Z", + "entityActionResponseCode": null, + "entityActionResponseText": null, + "entityActionState": "links_replaced" + } + ], + "entityAvailableActions": [] + }, + { + "entityInfo": { + "entityId": "adb34788c6b2173b21650bd63bcf75a8", + "customerId": "prod-3-con-lab44", + "customerOem": "Avanan", + "saas": "office365_emails", + "saasEntityType": "office365_emails_email", + "entityCreated": "2023-08-07T01:04:55.020706Z", + "entityUpdated": "2023-08-07T01:05:03.057577Z", + "entityActionState": null + }, + "entityPayload": { + "internetMessageId": "<01000189cd8668b1-f5817e0a-2422-46f2-9a6a-e1f366c0fafb-000000@email.amazonses.com>", + "subject": "aut_clean_prod3_17__070823_01_04_45_188850", + "received": "2023-08-07T01:04:46Z", + "size": null, + "emailLinks": [], + "attachmentCount": 0, + "attachments": [], + "mode": "inline", + "recipients": [ + "user2@avananlab44.onmicrosoft.com" + ], + "fromEmail": "Automation@avtestqa.com", + "fromDomain": "avtestqa.com", + "fromUser": {}, + "fromName": "", + "to": [ + "user2@avananlab44.onmicrosoft.com" + ], + "toUser": [ + { + "entity_id": "04df0456-6328-4cfe-a285-e41e3d035e9e", + "entity_type": "office365_emails_user", + "mail": null + } + ], + "cc": [], + "ccUser": [], + "bcc": [], + "bccUser": [], + "replyToEmail": null, + "replyToNickname": null, + "isRead": null, + "isDeleted": false, + "isIncoming": true, + "isInternal": false, + "isOutgoing": false, + "isQuarantined": false, + "isQuarantineNotification": false, + "isRestored": false, + "isRestoreRequested": false, + "isRestoreDeclined": false, + "saasSpamVerdict": "-1", + "SpfResult": "pass", + "restoreRequestTime": null + }, + "entitySecurityResult": { + "combinedVerdict": { + "ap": "clean", + "dlp": "clean", + "clicktimeProtection": "no_links_replaced", + "shadowIt": "clean", + "av": null + }, + "ap": [ + { + "entityId": "adb34788c6b2173b21650bd63bcf75a8", + "entityType": "office365_emails_email", + "payload": { + "reasons_by_category_list": [ + "Email Headers", + "Domain Impersonation", + "Sender Reputation" + ], + "reasons_by_category": { + "Email Headers": [ + { + "short_text": "Missing DMARC", + "full_text": "The email's header suggest that DMARC signature is missing/invalid" + } + ], + "Domain Impersonation": [ + { + "short_text": "SPF check failed when checking sending IP: 10.10.10.10 for domain avtestqa.com", + "full_text": "The email 'from' address doesn't pass the SPF-check" + } + ], + "Sender Reputation": [ + { + "short_text": "Insignificant historical reputation with sender", + "full_text": "The sending email address hasn't established significant historical reputation with your domain" + }, + { + "short_text": "Low-traffic 'From'-domain", + "full_text": "The sender's domain has very low traffic - often indicating low-trust domains" + } + ] + }, + "reasons": [ + "First Time Sender" + ] + }, + "score": "125.763193", + "securityResultEntityId": "adb34788c6b2173b21650bd63bcf75a8", + "securityResultEntityType": "avanan_ap_scan", + "statusCode": "0", + "statusDescription": null, + "verdict": "clean" + } + ], + "dlp": [ + { + "entityId": "adb34788c6b2173b21650bd63bcf75a8", + "entityType": "office365_emails_email", + "payload": { + "matches_dlp_rules": [], + "found_text": [], + "scan_details": [], + "hit_count": 0 + }, + "score": "0", + "securityResultEntityId": "adb34788c6b2173b21650bd63bcf75a8", + "securityResultEntityType": "avanan_dlp", + "statusCode": "0", + "statusDescription": "Clean", + "verdict": "clean" + } + ], + "clicktimeProtection": [ + { + "entityId": "adb34788c6b2173b21650bd63bcf75a8", + "entityType": "office365_emails_email", + "payload": null, + "score": "0", + "securityResultEntityId": "adb34788c6b2173b21650bd63bcf75a8", + "securityResultEntityType": "clicktime_protection_scan", + "statusCode": "0", + "statusDescription": null, + "verdict": "no_links_replaced" + } + ], + "shadowIt": [ + { + "entityId": "adb34788c6b2173b21650bd63bcf75a8", + "entityType": "office365_emails_email", + "payload": { + "from": "Automation@avtestqa.com", + "subject": "aut_clean_prod3_17__070823_01_04_45_188850", + "domain": "" + }, + "score": "0", + "securityResultEntityId": "adb34788c6b2173b21650bd63bcf75a8", + "securityResultEntityType": "shadow_it_emails_scan", + "statusCode": "clean", + "statusDescription": "Clean", + "verdict": "clean" + } + ], + "av": null + }, + "entityActions": [], + "entityAvailableActions": [] + }, + { + "entityInfo": { + "entityId": "0386fd95a190b68d4092886b0a5f9067", + "customerId": "prod-3-con-lab44", + "customerOem": "Avanan", + "saas": "office365_emails", + "saasEntityType": "office365_emails_email", + "entityCreated": "2023-08-07T01:04:55.201147Z", + "entityUpdated": "2023-08-07T01:05:13.171380Z", + "entityActionState": "quarantined" + }, + "entityPayload": { + "internetMessageId": "<01000189cd866710-4276d808-f1e0-4c77-a383-3adb901faadf-000000@email.amazonses.com>", + "subject": "aut_quar_prod3_17__070823_01_04_44_734694", + "received": "2023-08-07T01:04:46Z", + "size": null, + "emailLinks": [], + "attachmentCount": 1, + "attachments": [ + { + "name": "avanan_malicious_21_070823_01_04_44_1691370284.pdf", + "mimetype": "application/pdf", + "size": 2073, + "MD5": "8a1ddab9304a47998cf441cd883194ad" + } + ], + "mode": "inline", + "recipients": [ + "user2@avananlab44.onmicrosoft.com" + ], + "fromEmail": "Automation@avtestqa.com", + "fromDomain": "avtestqa.com", + "fromUser": {}, + "fromName": "", + "to": [ + "user2@avananlab44.onmicrosoft.com" + ], + "toUser": [ + { + "entity_id": "04df0456-6328-4cfe-a285-e41e3d035e9e", + "entity_type": "office365_emails_user", + "mail": null + } + ], + "cc": [], + "ccUser": [], + "bcc": [], + "bccUser": [], + "replyToEmail": null, + "replyToNickname": null, + "isRead": null, + "isDeleted": true, + "isIncoming": true, + "isInternal": false, + "isOutgoing": false, + "isQuarantined": true, + "isQuarantineNotification": false, + "isRestored": false, + "isRestoreRequested": false, + "isRestoreDeclined": false, + "saasSpamVerdict": "-1", + "SpfResult": "pass", + "restoreRequestTime": null + }, + "entitySecurityResult": { + "combinedVerdict": { + "ap": "clean", + "dlp": "clean", + "clicktimeProtection": "no_links_replaced", + "shadowIt": "clean", + "av": "malicious" + }, + "ap": [ + { + "entityId": "0386fd95a190b68d4092886b0a5f9067", + "entityType": "office365_emails_email", + "payload": { + "reasons_by_category_list": [ + "Email Headers", + "Domain Impersonation", + "Sender Reputation" + ], + "reasons_by_category": { + "Email Headers": [ + { + "short_text": "Missing DMARC", + "full_text": "The email's header suggest that DMARC signature is missing/invalid" + } + ], + "Domain Impersonation": [ + { + "short_text": "SPF check failed when checking sending IP: 10.10.10.10 for domain avtestqa.com", + "full_text": "The email 'from' address doesn't pass the SPF-check" + } + ], + "Sender Reputation": [ + { + "short_text": "Insignificant historical reputation with sender", + "full_text": "The sending email address hasn't established significant historical reputation with your domain" + }, + { + "short_text": "Low-traffic 'From'-domain", + "full_text": "The sender's domain has very low traffic - often indicating low-trust domains" + } + ] + }, + "reasons": [ + "First Time Sender" + ] + }, + "score": "39.256369", + "securityResultEntityId": "0386fd95a190b68d4092886b0a5f9067", + "securityResultEntityType": "avanan_ap_scan", + "statusCode": "0", + "statusDescription": null, + "verdict": "clean" + } + ], + "dlp": [ + { + "entityId": "0386fd95a190b68d4092886b0a5f9067", + "entityType": "office365_emails_email", + "payload": { + "matches_dlp_rules": [], + "found_text": [], + "scan_details": [], + "hit_count": 0 + }, + "score": "0", + "securityResultEntityId": "0386fd95a190b68d4092886b0a5f9067", + "securityResultEntityType": "avanan_dlp", + "statusCode": "0", + "statusDescription": "Clean", + "verdict": "clean" + }, + { + "entityId": "14ffb0b6ae7557aa9ae9d1b6824fe6ebe4ff63a9", + "entityType": "office365_emails_attachment", + "payload": { + "matches_dlp_rules": [], + "found_text": [], + "scan_details": [], + "hit_count": 0 + }, + "score": "0", + "securityResultEntityId": "14ffb0b6ae7557aa9ae9d1b6824fe6ebe4ff63a9", + "securityResultEntityType": "avanan_dlp", + "statusCode": "0", + "statusDescription": "Clean", + "verdict": "clean" + } + ], + "clicktimeProtection": [ + { + "entityId": "0386fd95a190b68d4092886b0a5f9067", + "entityType": "office365_emails_email", + "payload": null, + "score": "0", + "securityResultEntityId": "0386fd95a190b68d4092886b0a5f9067", + "securityResultEntityType": "clicktime_protection_scan", + "statusCode": "0", + "statusDescription": null, + "verdict": "no_links_replaced" + } + ], + "shadowIt": [ + { + "entityId": "0386fd95a190b68d4092886b0a5f9067", + "entityType": "office365_emails_email", + "payload": { + "from": "Automation@avtestqa.com", + "subject": "aut_quar_prod3_17__070823_01_04_44_734694", + "domain": "" + }, + "score": "0", + "securityResultEntityId": "0386fd95a190b68d4092886b0a5f9067", + "securityResultEntityType": "shadow_it_emails_scan", + "statusCode": "clean", + "statusDescription": "Clean", + "verdict": "clean" + } + ], + "av": [ + { + "entityId": "14ffb0b6ae7557aa9ae9d1b6824fe6ebe4ff63a9", + "entityType": "office365_emails_attachment", + "payload": { + "scan_details": [ + "Dummy Core Detection" + ] + }, + "score": "100", + "securityResultEntityId": "14ffb0b6ae7557aa9ae9d1b6824fe6ebe4ff63a9", + "securityResultEntityType": "checkpoint2", + "statusCode": "0", + "statusDescription": "Dummy Core Detection", + "verdict": "malicious" + } + ] + }, + "entityActions": [ + { + "entityActionName": "quarantine", + "entityActionDate": "2023-08-07T01:05:09.382124Z", + "entityActionResponseCode": null, + "entityActionResponseText": null, + "entityActionState": "quarantined" + } + ], + "entityAvailableActions": [] + }, + { + "entityInfo": { + "entityId": "ccbe60faf67e92360f44c3499ca3e07c", + "customerId": "prod-3-con-lab44", + "customerOem": "Avanan", + "saas": "office365_emails", + "saasEntityType": "office365_emails_email", + "entityCreated": "2023-08-07T01:04:56.515885Z", + "entityUpdated": "2023-08-07T01:05:09.451338Z", + "entityActionState": "body_changed" + }, + "entityPayload": { + "internetMessageId": "<01000189cd86696e-0db2a1ca-4bd7-45ea-84a6-d377727cf16e-000000@email.amazonses.com>", + "subject": "Phishing Alert! [aut_phish_prod3_17__070823_01_04_45_385921]", + "received": "2023-08-07T01:04:46Z", + "size": null, + "emailLinks": [ + "http://operatf.xyz/redirect53dfhbhfhfhb" + ], + "attachmentCount": 0, + "attachments": [], + "mode": "monitor", + "recipients": [ + "user3@avananlab44.onmicrosoft.com" + ], + "fromEmail": "Automation@avtestqa.com", + "fromDomain": "avtestqa.com", + "fromUser": {}, + "fromName": "", + "to": [ + "user3@avananlab44.onmicrosoft.com" + ], + "toUser": [ + { + "entity_id": "1ec5d519-54a5-40fa-9651-19d7286710df", + "entity_type": "office365_emails_user", + "mail": null + } + ], + "cc": [], + "ccUser": [], + "bcc": [], + "bccUser": [], + "replyToEmail": null, + "replyToNickname": null, + "isRead": null, + "isDeleted": false, + "isIncoming": true, + "isInternal": false, + "isOutgoing": false, + "isQuarantined": false, + "isQuarantineNotification": false, + "isRestored": false, + "isRestoreRequested": false, + "isRestoreDeclined": false, + "saasSpamVerdict": "-1", + "SpfResult": "pass", + "restoreRequestTime": null + }, + "entitySecurityResult": { + "combinedVerdict": { + "ap": "phishing", + "dlp": null, + "clicktimeProtection": null, + "shadowIt": "clean", + "av": null + }, + "ap": [ + { + "entityId": "ccbe60faf67e92360f44c3499ca3e07c", + "entityType": "office365_emails_email", + "payload": { + "reasons_by_category_list": [ + "Email Headers", + "Domain Impersonation", + "Sender Reputation", + "Links" + ], + "reasons_by_category": { + "Links": [ + { + "short_text": "Link to a low-traffic site", + "full_text": "The email contains link to low-traffic web-sites - often indicating low-trust domains" + } + ], + "Domain Impersonation": [ + { + "short_text": "SPF check failed when checking sending IP: 10.10.10.10 for domain avtestqa.com", + "full_text": "The email 'from' address doesn't pass the SPF-check" + } + ], + "Sender Reputation": [ + { + "short_text": "Insignificant historical reputation with sender", + "full_text": "The sending email address hasn't established significant historical reputation with your domain" + }, + { + "short_text": "Low-traffic 'From'-domain", + "full_text": "The sender's domain has very low traffic - often indicating low-trust domains" + } + ], + "Email Headers": [ + { + "short_text": "Missing DMARC", + "full_text": "The email's header suggest that DMARC signature is missing/invalid" + } + ] + }, + "reasons": [] + }, + "score": "207.210314", + "securityResultEntityId": "ccbe60faf67e92360f44c3499ca3e07c", + "securityResultEntityType": "avanan_ap_scan", + "statusCode": "0", + "statusDescription": null, + "verdict": "phishing" + } + ], + "dlp": null, + "clicktimeProtection": null, + "shadowIt": [ + { + "entityId": "ccbe60faf67e92360f44c3499ca3e07c", + "entityType": "office365_emails_email", + "payload": { + "from": "Automation@avtestqa.com", + "subject": "aut_phish_prod3_17__070823_01_04_45_385921", + "domain": "" + }, + "score": "0", + "securityResultEntityId": "ccbe60faf67e92360f44c3499ca3e07c", + "securityResultEntityType": "shadow_it_emails_scan", + "statusCode": "clean", + "statusDescription": "Clean", + "verdict": "clean" + } + ], + "av": null + }, + "entityActions": [ + { + "entityActionName": "subject_change", + "entityActionDate": "2023-08-07T01:04:56.515885Z", + "entityActionResponseCode": null, + "entityActionResponseText": null, + "entityActionState": "subject_changed" + }, + { + "entityActionName": "body_change", + "entityActionDate": "2023-08-07T01:04:56.515885Z", + "entityActionResponseCode": null, + "entityActionResponseText": null, + "entityActionState": "body_changed" + } + ], + "entityAvailableActions": [] + }, + { + "entityInfo": { + "entityId": "9a9e1ba6c1444933f526209834a8405b", + "customerId": "prod-3-con-lab44", + "customerOem": "Avanan", + "saas": "office365_emails", + "saasEntityType": "office365_emails_email", + "entityCreated": "2023-08-07T01:04:56.520204Z", + "entityUpdated": "2023-08-07T01:05:05.980938Z", + "entityActionState": "quarantined" + }, + "entityPayload": { + "internetMessageId": "<01000189cd866a54-5427d66d-4bc6-473e-bc8e-66e3ca107d18-000000@email.amazonses.com>", + "subject": "aut_quar_prod3_17__070823_01_04_45_506213", + "received": "2023-08-07T01:04:46Z", + "size": null, + "emailLinks": [], + "attachmentCount": 1, + "attachments": [ + { + "name": "avanan_malicious_50_070823_01_04_45_1691370285.pdf", + "mimetype": "application/pdf", + "size": 2076, + "MD5": "f3506ac6586cd9f97b23707ea1bbcdc3" + } + ], + "mode": "monitor", + "recipients": [ + "user3@avananlab44.onmicrosoft.com" + ], + "fromEmail": "Automation@avtestqa.com", + "fromDomain": "avtestqa.com", + "fromUser": {}, + "fromName": "", + "to": [ + "user3@avananlab44.onmicrosoft.com" + ], + "toUser": [ + { + "entity_id": "1ec5d519-54a5-40fa-9651-19d7286710df", + "entity_type": "office365_emails_user", + "mail": null + } + ], + "cc": [], + "ccUser": [], + "bcc": [], + "bccUser": [], + "replyToEmail": null, + "replyToNickname": null, + "isRead": null, + "isDeleted": true, + "isIncoming": true, + "isInternal": false, + "isOutgoing": false, + "isQuarantined": true, + "isQuarantineNotification": false, + "isRestored": false, + "isRestoreRequested": false, + "isRestoreDeclined": false, + "saasSpamVerdict": "-1", + "SpfResult": "pass", + "restoreRequestTime": null + }, + "entitySecurityResult": { + "combinedVerdict": { + "ap": "clean", + "dlp": null, + "clicktimeProtection": null, + "shadowIt": "clean", + "av": "malicious" + }, + "ap": [ + { + "entityId": "9a9e1ba6c1444933f526209834a8405b", + "entityType": "office365_emails_email", + "payload": { + "reasons_by_category_list": [ + "Email Headers", + "Domain Impersonation", + "Sender Reputation" + ], + "reasons_by_category": { + "Email Headers": [ + { + "short_text": "Missing DMARC", + "full_text": "The email's header suggest that DMARC signature is missing/invalid" + } + ], + "Domain Impersonation": [ + { + "short_text": "SPF check failed when checking sending IP: 10.10.10.10 for domain avtestqa.com", + "full_text": "The email 'from' address doesn't pass the SPF-check" + } + ], + "Sender Reputation": [ + { + "short_text": "Insignificant historical reputation with sender", + "full_text": "The sending email address hasn't established significant historical reputation with your domain" + }, + { + "short_text": "Low-traffic 'From'-domain", + "full_text": "The sender's domain has very low traffic - often indicating low-trust domains" + } + ] + }, + "reasons": [ + "First Time Sender" + ] + }, + "score": "34.122053", + "securityResultEntityId": "9a9e1ba6c1444933f526209834a8405b", + "securityResultEntityType": "avanan_ap_scan", + "statusCode": "0", + "statusDescription": null, + "verdict": "clean" + } + ], + "dlp": null, + "clicktimeProtection": null, + "shadowIt": [ + { + "entityId": "9a9e1ba6c1444933f526209834a8405b", + "entityType": "office365_emails_email", + "payload": { + "from": "Automation@avtestqa.com", + "subject": "aut_quar_prod3_17__070823_01_04_45_506213", + "domain": "" + }, + "score": "0", + "securityResultEntityId": "9a9e1ba6c1444933f526209834a8405b", + "securityResultEntityType": "shadow_it_emails_scan", + "statusCode": "clean", + "statusDescription": "Clean", + "verdict": "clean" + } + ], + "av": [ + { + "entityId": "db7640f87e8fcc166ee737bc769b103260e8c7a5", + "entityType": "office365_emails_attachment", + "payload": { + "scan_details": [ + "Dummy Core Detection" + ] + }, + "score": "100", + "securityResultEntityId": "db7640f87e8fcc166ee737bc769b103260e8c7a5", + "securityResultEntityType": "checkpoint2", + "statusCode": "0", + "statusDescription": "Dummy Core Detection", + "verdict": "malicious" + } + ] + }, + "entityActions": [ + { + "entityActionName": "quarantine", + "entityActionDate": "2023-08-07T01:05:05.765986Z", + "entityActionResponseCode": null, + "entityActionResponseText": null, + "entityActionState": "quarantined" + } + ], + "entityAvailableActions": [] + }, + { + "entityInfo": { + "entityId": "ebb837acc2552bf71e2efe90a2544a49", + "customerId": "prod-3-con-lab44", + "customerOem": "Avanan", + "saas": "office365_emails", + "saasEntityType": "office365_emails_email", + "entityCreated": "2023-08-07T01:08:30.025500Z", + "entityUpdated": "2023-08-07T01:13:32.538105Z", + "entityActionState": null + }, + "entityPayload": { + "internetMessageId": "<01000189cd89c0b0-9ac33532-b80a-4b8e-b392-3baf2b9b6213-000000@email.amazonses.com>", + "subject": "aut_clean_prod3_17__070823_01_08_24_320854", + "received": "2023-08-07T01:08:25Z", + "size": null, + "emailLinks": [], + "attachmentCount": 0, + "attachments": [], + "mode": "inline", + "recipients": [ + "user4@avananlab44.onmicrosoft.com" + ], + "fromEmail": "Automation@avtestqa.com", + "fromDomain": "avtestqa.com", + "fromUser": {}, + "fromName": "", + "to": [ + "user4@avananlab44.onmicrosoft.com" + ], + "toUser": [ + { + "entity_id": "37bf0b54-5136-49e7-82c8-58f85d42b333", + "entity_type": "office365_emails_user", + "mail": null + } + ], + "cc": [], + "ccUser": [], + "bcc": [], + "bccUser": [], + "replyToEmail": null, + "replyToNickname": null, + "isRead": null, + "isDeleted": false, + "isIncoming": true, + "isInternal": false, + "isOutgoing": false, + "isQuarantined": false, + "isQuarantineNotification": false, + "isRestored": true, + "isRestoreRequested": false, + "isRestoreDeclined": false, + "saasSpamVerdict": "-1", + "SpfResult": "pass", + "restoreRequestTime": null + }, + "entitySecurityResult": { + "combinedVerdict": { + "ap": "clean", + "dlp": null, + "clicktimeProtection": null, + "shadowIt": "clean", + "av": null + }, + "ap": [ + { + "entityId": "ebb837acc2552bf71e2efe90a2544a49", + "entityType": "office365_emails_email", + "payload": { + "reasons_by_category_list": [ + "Email Headers", + "Domain Impersonation", + "Sender Reputation" + ], + "reasons_by_category": { + "Email Headers": [ + { + "short_text": "Missing DMARC", + "full_text": "The email's header suggest that DMARC signature is missing/invalid" + } + ], + "Domain Impersonation": [ + { + "short_text": "SPF check failed when checking sending IP: 10.10.10.10 for domain avtestqa.com", + "full_text": "The email 'from' address doesn't pass the SPF-check" + } + ], + "Sender Reputation": [ + { + "short_text": "Insignificant historical reputation with sender", + "full_text": "The sending email address hasn't established significant historical reputation with your domain" + }, + { + "short_text": "Low-traffic 'From'-domain", + "full_text": "The sender's domain has very low traffic - often indicating low-trust domains" + } + ] + }, + "reasons": [ + "First Time Sender" + ] + }, + "score": "108.677335", + "securityResultEntityId": "ebb837acc2552bf71e2efe90a2544a49", + "securityResultEntityType": "avanan_ap_scan", + "statusCode": "0", + "statusDescription": null, + "verdict": "clean" + } + ], + "dlp": null, + "clicktimeProtection": null, + "shadowIt": [ + { + "entityId": "ebb837acc2552bf71e2efe90a2544a49", + "entityType": "office365_emails_email", + "payload": { + "from": "Automation@avtestqa.com", + "subject": "aut_clean_prod3_17__070823_01_08_24_320854", + "domain": "" + }, + "score": "0", + "securityResultEntityId": "ebb837acc2552bf71e2efe90a2544a49", + "securityResultEntityType": "shadow_it_emails_scan", + "statusCode": "clean", + "statusDescription": "Clean", + "verdict": "clean" + } + ], + "av": null + }, + "entityActions": [], + "entityAvailableActions": [] + }, + { + "entityInfo": { + "entityId": "a18ca9708c1fc1da749c5a23c08fb0bc", + "customerId": "prod-3-con-lab44", + "customerOem": "Avanan", + "saas": "office365_emails", + "saasEntityType": "office365_emails_email", + "entityCreated": "2023-08-07T01:11:22.664337Z", + "entityUpdated": "2023-08-07T01:11:29.658947Z", + "entityActionState": "links_replaced" + }, + "entityPayload": { + "internetMessageId": "<00000000.00000000000000.00000000000000.00000000@mail.example.com>", + "subject": "AUT-clicktime-qa-1-whitelist_070823_04_11_18_450645", + "received": "2023-08-07T01:11:19Z", + "size": null, + "emailLinks": [ + "http://www.xvirb-malwareavrad.com" + ], + "attachmentCount": 0, + "attachments": [], + "mode": "inline", + "recipients": [ + "user2@avananlab44.onmicrosoft.com" + ], + "fromEmail": "Automation@avtestqa.com", + "fromDomain": "avtestqa.com", + "fromUser": {}, + "fromName": "", + "to": [ + "user2@avananlab44.onmicrosoft.com" + ], + "toUser": [ + { + "entity_id": "04df0456-6328-4cfe-a285-e41e3d035e9e", + "entity_type": "office365_emails_user", + "mail": null + } + ], + "cc": [], + "ccUser": [], + "bcc": [], + "bccUser": [], + "replyToEmail": "Automation@avtestqa.com", + "replyToNickname": "", + "isRead": null, + "isDeleted": false, + "isIncoming": true, + "isInternal": false, + "isOutgoing": false, + "isQuarantined": false, + "isQuarantineNotification": false, + "isRestored": false, + "isRestoreRequested": false, + "isRestoreDeclined": false, + "saasSpamVerdict": "-1", + "SpfResult": "pass", + "restoreRequestTime": null + }, + "entitySecurityResult": { + "combinedVerdict": { + "ap": "clean", + "dlp": "clean", + "clicktimeProtection": "links_replaced", + "shadowIt": "clean", + "av": null + }, + "ap": [ + { + "entityId": "a18ca9708c1fc1da749c5a23c08fb0bc", + "entityType": "office365_emails_email", + "payload": { + "reasons_by_category_list": [ + "Email Headers", + "Sender Reputation", + "Links" + ], + "reasons_by_category": { + "Email Headers": [ + { + "short_text": "Missing DMARC", + "full_text": "The email's header suggest that DMARC signature is missing/invalid" + } + ], + "Links": [ + { + "short_text": "Link to a low-traffic site", + "full_text": "The email contains link to low-traffic web-sites - often indicating low-trust domains" + } + ], + "Sender Reputation": [ + { + "short_text": "Insignificant historical reputation with sender", + "full_text": "The sending email address hasn't established significant historical reputation with your domain" + }, + { + "short_text": "Low-traffic 'From'-domain", + "full_text": "The sender's domain has very low traffic - often indicating low-trust domains" + } + ] + }, + "reasons": [ + "First Time Sender" + ] + }, + "score": "148.308417", + "securityResultEntityId": "a18ca9708c1fc1da749c5a23c08fb0bc", + "securityResultEntityType": "avanan_ap_scan", + "statusCode": "0", + "statusDescription": null, + "verdict": "clean" + } + ], + "dlp": [ + { + "entityId": "a18ca9708c1fc1da749c5a23c08fb0bc", + "entityType": "office365_emails_email", + "payload": { + "matches_dlp_rules": [], + "found_text": [], + "scan_details": [], + "hit_count": 0 + }, + "score": "0", + "securityResultEntityId": "a18ca9708c1fc1da749c5a23c08fb0bc", + "securityResultEntityType": "avanan_dlp", + "statusCode": "0", + "statusDescription": "Clean", + "verdict": "clean" + } + ], + "clicktimeProtection": [ + { + "entityId": "a18ca9708c1fc1da749c5a23c08fb0bc", + "entityType": "office365_emails_email", + "payload": null, + "score": "0", + "securityResultEntityId": "a18ca9708c1fc1da749c5a23c08fb0bc", + "securityResultEntityType": "clicktime_protection_scan", + "statusCode": "0", + "statusDescription": null, + "verdict": "links_replaced" + } + ], + "shadowIt": [ + { + "entityId": "a18ca9708c1fc1da749c5a23c08fb0bc", + "entityType": "office365_emails_email", + "payload": { + "from": "Automation@avtestqa.com", + "subject": "AUT-clicktime-qa-1-whitelist_070823_04_11_18_450645", + "domain": "" + }, + "score": "0", + "securityResultEntityId": "a18ca9708c1fc1da749c5a23c08fb0bc", + "securityResultEntityType": "shadow_it_emails_scan", + "statusCode": "clean", + "statusDescription": "Clean", + "verdict": "clean" + } + ], + "av": null + }, + "entityActions": [ + { + "entityActionName": "body_change", + "entityActionDate": "2023-08-07T01:11:22.664337Z", + "entityActionResponseCode": null, + "entityActionResponseText": null, + "entityActionState": "body_changed" + }, + { + "entityActionName": "links_replace", + "entityActionDate": "2023-08-07T01:11:22.664337Z", + "entityActionResponseCode": null, + "entityActionResponseText": null, + "entityActionState": "links_replaced" + } + ], + "entityAvailableActions": [] + }, + { + "entityInfo": { + "entityId": "62b922c1027893bb2b65e005e87c3095", + "customerId": "prod-3-con-lab44", + "customerOem": "Avanan", + "saas": "office365_emails", + "saasEntityType": "office365_emails_email", + "entityCreated": "2023-08-07T01:11:22.985852Z", + "entityUpdated": "2023-08-07T01:14:55.878047Z", + "entityActionState": "links_replaced" + }, + "entityPayload": { + "internetMessageId": "<00000000.00000000000000.00000000000000.00000000@mail.example.com>", + "subject": "AUT-clicktime-qa-1-blacklist_070823_04_11_18_860261", + "received": "2023-08-07T01:11:19Z", + "size": null, + "emailLinks": [ + "https://facebook.com" + ], + "attachmentCount": 0, + "attachments": [], + "mode": "inline", + "recipients": [ + "user2@avananlab44.onmicrosoft.com" + ], + "fromEmail": "Automation@avtestqa.com", + "fromDomain": "avtestqa.com", + "fromUser": {}, + "fromName": "", + "to": [ + "user2@avananlab44.onmicrosoft.com" + ], + "toUser": [ + { + "entity_id": "04df0456-6328-4cfe-a285-e41e3d035e9e", + "entity_type": "office365_emails_user", + "mail": null + } + ], + "cc": [], + "ccUser": [], + "bcc": [], + "bccUser": [], + "replyToEmail": "Automation@avtestqa.com", + "replyToNickname": "", + "isRead": null, + "isDeleted": false, + "isIncoming": true, + "isInternal": false, + "isOutgoing": false, + "isQuarantined": false, + "isQuarantineNotification": false, + "isRestored": false, + "isRestoreRequested": false, + "isRestoreDeclined": false, + "saasSpamVerdict": "-1", + "SpfResult": "pass", + "restoreRequestTime": null + }, + "entitySecurityResult": { + "combinedVerdict": { + "ap": "clean", + "dlp": "clean", + "clicktimeProtection": "malicious_url", + "shadowIt": "clean", + "av": null + }, + "ap": [ + { + "entityId": "62b922c1027893bb2b65e005e87c3095", + "entityType": "office365_emails_email", + "payload": { + "reasons_by_category_list": [ + "Email Headers", + "Sender Reputation" + ], + "reasons_by_category": { + "Email Headers": [ + { + "short_text": "Missing DMARC", + "full_text": "The email's header suggest that DMARC signature is missing/invalid" + } + ], + "Sender Reputation": [ + { + "short_text": "Insignificant historical reputation with sender", + "full_text": "The sending email address hasn't established significant historical reputation with your domain" + }, + { + "short_text": "Low-traffic 'From'-domain", + "full_text": "The sender's domain has very low traffic - often indicating low-trust domains" + } + ] + }, + "reasons": [ + "First Time Sender" + ] + }, + "score": "52.964422", + "securityResultEntityId": "62b922c1027893bb2b65e005e87c3095", + "securityResultEntityType": "avanan_ap_scan", + "statusCode": "0", + "statusDescription": null, + "verdict": "clean" + } + ], + "dlp": [ + { + "entityId": "62b922c1027893bb2b65e005e87c3095", + "entityType": "office365_emails_email", + "payload": { + "matches_dlp_rules": [], + "found_text": [], + "scan_details": [], + "hit_count": 0 + }, + "score": "0", + "securityResultEntityId": "62b922c1027893bb2b65e005e87c3095", + "securityResultEntityType": "avanan_dlp", + "statusCode": "0", + "statusDescription": "Clean", + "verdict": "clean" + } + ], + "clicktimeProtection": [ + { + "entityId": "62b922c1027893bb2b65e005e87c3095", + "entityType": "office365_emails_email", + "payload": null, + "score": "0", + "securityResultEntityId": "62b922c1027893bb2b65e005e87c3095", + "securityResultEntityType": "clicktime_protection_scan", + "statusCode": "0", + "statusDescription": null, + "verdict": "malicious_url" + } + ], + "shadowIt": [ + { + "entityId": "62b922c1027893bb2b65e005e87c3095", + "entityType": "office365_emails_email", + "payload": { + "subject": "AUT-clicktime-qa-1-blacklist_070823_04_11_18_860261", + "from": "Automation@avtestqa.com", + "domain": "" + }, + "score": "0", + "securityResultEntityId": "62b922c1027893bb2b65e005e87c3095", + "securityResultEntityType": "shadow_it_emails_scan", + "statusCode": "clean", + "statusDescription": "Clean", + "verdict": "clean" + } + ], + "av": null + }, + "entityActions": [ + { + "entityActionName": "body_change", + "entityActionDate": "2023-08-07T01:11:22.985852Z", + "entityActionResponseCode": null, + "entityActionResponseText": null, + "entityActionState": "body_changed" + }, + { + "entityActionName": "links_replace", + "entityActionDate": "2023-08-07T01:11:22.985852Z", + "entityActionResponseCode": null, + "entityActionResponseText": null, + "entityActionState": "links_replaced" + } + ], + "entityAvailableActions": [] + }, + { + "entityInfo": { + "entityId": "63beff0cc4104b4009f20c3f597ed8b5", + "customerId": "prod-3-con-lab44", + "customerOem": "Avanan", + "saas": "office365_emails", + "saasEntityType": "office365_emails_email", + "entityCreated": "2023-08-07T01:11:23.060534Z", + "entityUpdated": "2023-08-07T01:11:30.856636Z", + "entityActionState": "quarantined" + }, + "entityPayload": { + "internetMessageId": "<00000000.00000000000000.00000000000000.00000000@mail.example.com>", + "subject": "AUT-clicktime-qa-1_070823_04_11_17_763736", + "received": "2023-08-07T01:11:18Z", + "size": null, + "emailLinks": [ + "http://www.xvira-malwareavrad.com", + "https://google.com", + "https://stackoverflow.com" + ], + "attachmentCount": 0, + "attachments": [], + "mode": "inline", + "recipients": [ + "user2@avananlab44.onmicrosoft.com" + ], + "fromEmail": "Automation@avtestqa.com", + "fromDomain": "avtestqa.com", + "fromUser": {}, + "fromName": "", + "to": [ + "user2@avananlab44.onmicrosoft.com" + ], + "toUser": [ + { + "entity_id": "04df0456-6328-4cfe-a285-e41e3d035e9e", + "entity_type": "office365_emails_user", + "mail": null + } + ], + "cc": [], + "ccUser": [], + "bcc": [], + "bccUser": [], + "replyToEmail": "Automation@avtestqa.com", + "replyToNickname": "", + "isRead": null, + "isDeleted": true, + "isIncoming": true, + "isInternal": false, + "isOutgoing": false, + "isQuarantined": true, + "isQuarantineNotification": false, + "isRestored": false, + "isRestoreRequested": false, + "isRestoreDeclined": false, + "saasSpamVerdict": "-1", + "SpfResult": "pass", + "restoreRequestTime": null + }, + "entitySecurityResult": { + "combinedVerdict": { + "ap": "spam", + "dlp": "clean", + "clicktimeProtection": "links_replaced", + "shadowIt": "clean", + "av": null + }, + "ap": [ + { + "entityId": "63beff0cc4104b4009f20c3f597ed8b5", + "entityType": "office365_emails_email", + "payload": { + "reasons_by_category_list": [ + "O365 clarifications", + "Email Headers", + "Sender Reputation", + "Links", + "Email Text" + ], + "reasons_by_category": { + "Links": [ + { + "short_text": "Link to a low-traffic site", + "full_text": "The email contains link to low-traffic web-sites - often indicating low-trust domains" + }, + { + "short_text": "Suspicious-looking link", + "full_text": "The email presents a link that can be misleading (link text vs. actual URL)" + } + ], + "O365 clarifications": [ + { + "short_text": "Microsoft SCL value was -1", + "full_text": "Microsoft SCL value was -1" + } + ], + "Sender Reputation": [ + { + "short_text": "Insignificant historical reputation with sender", + "full_text": "The sending email address hasn't established significant historical reputation with your domain" + }, + { + "short_text": "Low-traffic 'From'-domain", + "full_text": "The sender's domain has very low traffic - often indicating low-trust domains" + } + ], + "Email Text": [ + { + "short_text": "Suspicious-looking email text", + "full_text": "NLP analysis of the email text indicates a suspicious-looking email content" + } + ], + "Email Headers": [ + { + "short_text": "Missing DMARC", + "full_text": "The email's header suggest that DMARC signature is missing/invalid" + } + ] + }, + "reasons": [] + }, + "score": "275.646318", + "securityResultEntityId": "63beff0cc4104b4009f20c3f597ed8b5", + "securityResultEntityType": "avanan_ap_scan", + "statusCode": "0", + "statusDescription": null, + "verdict": "spam" + } + ], + "dlp": [ + { + "entityId": "63beff0cc4104b4009f20c3f597ed8b5", + "entityType": "office365_emails_email", + "payload": { + "matches_dlp_rules": [], + "found_text": [], + "scan_details": [], + "hit_count": 0 + }, + "score": "0", + "securityResultEntityId": "63beff0cc4104b4009f20c3f597ed8b5", + "securityResultEntityType": "avanan_dlp", + "statusCode": "0", + "statusDescription": "Clean", + "verdict": "clean" + } + ], + "clicktimeProtection": [ + { + "entityId": "63beff0cc4104b4009f20c3f597ed8b5", + "entityType": "office365_emails_email", + "payload": null, + "score": "0", + "securityResultEntityId": "63beff0cc4104b4009f20c3f597ed8b5", + "securityResultEntityType": "clicktime_protection_scan", + "statusCode": "0", + "statusDescription": null, + "verdict": "links_replaced" + } + ], + "shadowIt": [ + { + "entityId": "63beff0cc4104b4009f20c3f597ed8b5", + "entityType": "office365_emails_email", + "payload": { + "from": "Automation@avtestqa.com", + "subject": "AUT-clicktime-qa-1_070823_04_11_17_763736", + "domain": "" + }, + "score": "0", + "securityResultEntityId": "63beff0cc4104b4009f20c3f597ed8b5", + "securityResultEntityType": "shadow_it_emails_scan", + "statusCode": "clean", + "statusDescription": "Clean", + "verdict": "clean" + } + ], + "av": null + }, + "entityActions": [ + { + "entityActionName": "quarantine", + "entityActionDate": "2023-08-07T01:11:30.019896Z", + "entityActionResponseCode": null, + "entityActionResponseText": null, + "entityActionState": "quarantined" + } + ], + "entityAvailableActions": [] + }, + { + "entityInfo": { + "entityId": "c5938cac8f1e7dbafaafbe880c462128", + "customerId": "prod-3-con-lab44", + "customerOem": "Avanan", + "saas": "office365_emails", + "saasEntityType": "office365_emails_email", + "entityCreated": "2023-08-07T01:11:23.285730Z", + "entityUpdated": "2023-08-07T01:11:30.676056Z", + "entityActionState": "links_replaced" + }, + "entityPayload": { + "internetMessageId": "<00000000.00000000000000.00000000000000.00000000@mail.example.com>", + "subject": "AUT-clicktime-qa-1-special-urls_070823_04_11_19_284114", + "received": "2023-08-07T01:11:20Z", + "size": null, + "emailLinks": [ + "https://hengold.github.io/clicktime_url/?url=!*", + "https://hengold.github.io/clicktime_url/?url=!*'();:@&=+$,/?%#[]/", + "https://hengold.github.io/clicktime_url/?\u043f\u0440\u0430\u0432\u0438\u0442\u0435\u043b\u044c\u0441\u0442\u0432\u043e/", + "https://hengold.github.io/clicktime_url/?\u05d1\u05e2\u05d1\u05e8\u05d9\u05ea/", + "https://hengold.github.io/clicktime_url/?\u4e2d\u6587/" + ], + "attachmentCount": 0, + "attachments": [], + "mode": "inline", + "recipients": [ + "user2@avananlab44.onmicrosoft.com" + ], + "fromEmail": "Automation@avtestqa.com", + "fromDomain": "avtestqa.com", + "fromUser": {}, + "fromName": "", + "to": [ + "user2@avananlab44.onmicrosoft.com" + ], + "toUser": [ + { + "entity_id": "04df0456-6328-4cfe-a285-e41e3d035e9e", + "entity_type": "office365_emails_user", + "mail": null + } + ], + "cc": [], + "ccUser": [], + "bcc": [], + "bccUser": [], + "replyToEmail": "Automation@avtestqa.com", + "replyToNickname": "", + "isRead": null, + "isDeleted": false, + "isIncoming": true, + "isInternal": false, + "isOutgoing": false, + "isQuarantined": false, + "isQuarantineNotification": false, + "isRestored": false, + "isRestoreRequested": false, + "isRestoreDeclined": false, + "saasSpamVerdict": "-1", + "SpfResult": "pass", + "restoreRequestTime": null + }, + "entitySecurityResult": { + "combinedVerdict": { + "ap": "clean", + "dlp": "clean", + "clicktimeProtection": "links_replaced", + "shadowIt": "clean", + "av": null + }, + "ap": [ + { + "entityId": "c5938cac8f1e7dbafaafbe880c462128", + "entityType": "office365_emails_email", + "payload": { + "reasons_by_category_list": [ + "Email Headers", + "Sender Reputation", + "Links" + ], + "reasons_by_category": { + "Email Headers": [ + { + "short_text": "Missing DMARC", + "full_text": "The email's header suggest that DMARC signature is missing/invalid" + } + ], + "Links": [ + { + "short_text": "Suspicious-looking link", + "full_text": "Some of the links in the email has suspicious format - often used by Phishing emails" + }, + { + "short_text": "Link to a low-traffic site", + "full_text": "The email contains link to low-traffic web-sites - often indicating low-trust domains" + } + ], + "Sender Reputation": [ + { + "short_text": "Insignificant historical reputation with sender", + "full_text": "The sending email address hasn't established significant historical reputation with your domain" + }, + { + "short_text": "Low-traffic 'From'-domain", + "full_text": "The sender's domain has very low traffic - often indicating low-trust domains" + } + ] + }, + "reasons": [ + "First Time Sender" + ] + }, + "score": "45.599355", + "securityResultEntityId": "c5938cac8f1e7dbafaafbe880c462128", + "securityResultEntityType": "avanan_ap_scan", + "statusCode": "0", + "statusDescription": null, + "verdict": "clean" + } + ], + "dlp": [ + { + "entityId": "c5938cac8f1e7dbafaafbe880c462128", + "entityType": "office365_emails_email", + "payload": { + "matches_dlp_rules": [], + "found_text": [], + "scan_details": [], + "hit_count": 0 + }, + "score": "0", + "securityResultEntityId": "c5938cac8f1e7dbafaafbe880c462128", + "securityResultEntityType": "avanan_dlp", + "statusCode": "0", + "statusDescription": "Clean", + "verdict": "clean" + } + ], + "clicktimeProtection": [ + { + "entityId": "c5938cac8f1e7dbafaafbe880c462128", + "entityType": "office365_emails_email", + "payload": null, + "score": "0", + "securityResultEntityId": "c5938cac8f1e7dbafaafbe880c462128", + "securityResultEntityType": "clicktime_protection_scan", + "statusCode": "0", + "statusDescription": null, + "verdict": "links_replaced" + } + ], + "shadowIt": [ + { + "entityId": "c5938cac8f1e7dbafaafbe880c462128", + "entityType": "office365_emails_email", + "payload": { + "from": "Automation@avtestqa.com", + "subject": "AUT-clicktime-qa-1-special-urls_070823_04_11_19_284114", + "domain": "" + }, + "score": "0", + "securityResultEntityId": "c5938cac8f1e7dbafaafbe880c462128", + "securityResultEntityType": "shadow_it_emails_scan", + "statusCode": "clean", + "statusDescription": "Clean", + "verdict": "clean" + } + ], + "av": null + }, + "entityActions": [ + { + "entityActionName": "body_change", + "entityActionDate": "2023-08-07T01:11:23.285730Z", + "entityActionResponseCode": null, + "entityActionResponseText": null, + "entityActionState": "body_changed" + }, + { + "entityActionName": "links_replace", + "entityActionDate": "2023-08-07T01:11:23.285730Z", + "entityActionResponseCode": null, + "entityActionResponseText": null, + "entityActionState": "links_replaced" + } + ], + "entityAvailableActions": [] + }, + { + "entityInfo": { + "entityId": "3dea53e0acbbe5fbd1c46102fa30f2f4", + "customerId": "prod-3-con-lab44", + "customerOem": "Avanan", + "saas": "office365_emails", + "saasEntityType": "office365_emails_email", + "entityCreated": "2023-08-07T01:11:26.192797Z", + "entityUpdated": "2023-08-07T01:11:39.423173Z", + "entityActionState": null + }, + "entityPayload": { + "internetMessageId": "<00000000.00000000000000.00000000000000.00000000@mail.example.com>", + "subject": "AUT-clicktime-qa-1-ignorelist_070823_04_11_18_114733", + "received": "2023-08-07T01:11:18Z", + "size": null, + "emailLinks": [ + "https://mail.google.com", + "https://www.youtube.com", + "https://yardiasp14.com" + ], + "attachmentCount": 0, + "attachments": [], + "mode": "inline", + "recipients": [ + "user2@avananlab44.onmicrosoft.com" + ], + "fromEmail": "Automation@avtestqa.com", + "fromDomain": "avtestqa.com", + "fromUser": {}, + "fromName": "", + "to": [ + "user2@avananlab44.onmicrosoft.com" + ], + "toUser": [ + { + "entity_id": "04df0456-6328-4cfe-a285-e41e3d035e9e", + "entity_type": "office365_emails_user", + "mail": null + } + ], + "cc": [], + "ccUser": [], + "bcc": [], + "bccUser": [], + "replyToEmail": "Automation@avtestqa.com", + "replyToNickname": "", + "isRead": null, + "isDeleted": false, + "isIncoming": true, + "isInternal": false, + "isOutgoing": false, + "isQuarantined": false, + "isQuarantineNotification": false, + "isRestored": false, + "isRestoreRequested": false, + "isRestoreDeclined": false, + "saasSpamVerdict": "-1", + "SpfResult": "pass", + "restoreRequestTime": null + }, + "entitySecurityResult": { + "combinedVerdict": { + "ap": "clean", + "dlp": "clean", + "clicktimeProtection": "no_links_replaced", + "shadowIt": "clean", + "av": null + }, + "ap": [ + { + "entityId": "3dea53e0acbbe5fbd1c46102fa30f2f4", + "entityType": "office365_emails_email", + "payload": { + "reasons_by_category_list": [ + "Email Headers", + "Sender Reputation" + ], + "reasons_by_category": { + "Email Headers": [ + { + "short_text": "Missing DMARC", + "full_text": "The email's header suggest that DMARC signature is missing/invalid" + } + ], + "Sender Reputation": [ + { + "short_text": "Insignificant historical reputation with sender", + "full_text": "The sending email address hasn't established significant historical reputation with your domain" + }, + { + "short_text": "Low-traffic 'From'-domain", + "full_text": "The sender's domain has very low traffic - often indicating low-trust domains" + } + ] + }, + "reasons": [ + "First Time Sender" + ] + }, + "score": "68.697515", + "securityResultEntityId": "3dea53e0acbbe5fbd1c46102fa30f2f4", + "securityResultEntityType": "avanan_ap_scan", + "statusCode": "0", + "statusDescription": null, + "verdict": "clean" + } + ], + "dlp": [ + { + "entityId": "3dea53e0acbbe5fbd1c46102fa30f2f4", + "entityType": "office365_emails_email", + "payload": { + "matches_dlp_rules": [], + "found_text": [], + "scan_details": [], + "hit_count": 0 + }, + "score": "0", + "securityResultEntityId": "3dea53e0acbbe5fbd1c46102fa30f2f4", + "securityResultEntityType": "avanan_dlp", + "statusCode": "0", + "statusDescription": "Clean", + "verdict": "clean" + } + ], + "clicktimeProtection": [ + { + "entityId": "3dea53e0acbbe5fbd1c46102fa30f2f4", + "entityType": "office365_emails_email", + "payload": null, + "score": "0", + "securityResultEntityId": "3dea53e0acbbe5fbd1c46102fa30f2f4", + "securityResultEntityType": "clicktime_protection_scan", + "statusCode": "0", + "statusDescription": null, + "verdict": "no_links_replaced" + } + ], + "shadowIt": [ + { + "entityId": "3dea53e0acbbe5fbd1c46102fa30f2f4", + "entityType": "office365_emails_email", + "payload": { + "from": "Automation@avtestqa.com", + "subject": "AUT-clicktime-qa-1-ignorelist_070823_04_11_18_114733", + "domain": "" + }, + "score": "0", + "securityResultEntityId": "3dea53e0acbbe5fbd1c46102fa30f2f4", + "securityResultEntityType": "shadow_it_emails_scan", + "statusCode": "clean", + "statusDescription": "Clean", + "verdict": "clean" + } + ], + "av": null + }, + "entityActions": [], + "entityAvailableActions": [] + }, + { + "entityInfo": { + "entityId": "292a704793170989d9eddf3c06106a55", + "customerId": "prod-3-con-lab44", + "customerOem": "Avanan", + "saas": "office365_emails", + "saasEntityType": "office365_emails_email", + "entityCreated": "2023-08-07T01:14:26.523104Z", + "entityUpdated": "2023-08-07T01:14:41.409973Z", + "entityActionState": "links_replaced" + }, + "entityPayload": { + "internetMessageId": "<01000189cd8f2732-bedd5da4-9950-4b5c-bc4f-d200c25a5a27-000000@email.amazonses.com>-alert", + "subject": "Phishing Alert! [aut_phish_prod3_17__070823_01_14_18_245274]", + "received": "2023-08-07T01:14:20Z", + "size": null, + "emailLinks": [ + "http://operatf.xyz/redirect53dfhbhfhfhb" + ], + "attachmentCount": 0, + "attachments": [], + "mode": "inline", + "recipients": [ + "user2@avananlab44.onmicrosoft.com" + ], + "fromEmail": "Automation@avtestqa.com", + "fromDomain": "avtestqa.com", + "fromUser": {}, + "fromName": "", + "to": [ + "user2@avananlab44.onmicrosoft.com" + ], + "toUser": [ + { + "entity_id": "04df0456-6328-4cfe-a285-e41e3d035e9e", + "entity_type": "office365_emails_user", + "mail": null + } + ], + "cc": [], + "ccUser": [], + "bcc": [], + "bccUser": [], + "replyToEmail": null, + "replyToNickname": null, + "isRead": null, + "isDeleted": false, + "isIncoming": true, + "isInternal": false, + "isOutgoing": false, + "isQuarantined": false, + "isQuarantineNotification": false, + "isRestored": false, + "isRestoreRequested": false, + "isRestoreDeclined": false, + "saasSpamVerdict": "-1", + "SpfResult": "pass", + "restoreRequestTime": null + }, + "entitySecurityResult": { + "combinedVerdict": { + "ap": "phishing", + "dlp": "clean", + "clicktimeProtection": "links_replaced", + "shadowIt": "clean", + "av": null + }, + "ap": [ + { + "entityId": "292a704793170989d9eddf3c06106a55", + "entityType": "office365_emails_email", + "payload": { + "reasons_by_category_list": [ + "Email Headers", + "Domain Impersonation", + "Sender Reputation", + "Links" + ], + "reasons_by_category": { + "Links": [ + { + "short_text": "Link to a low-traffic site", + "full_text": "The email contains link to low-traffic web-sites - often indicating low-trust domains" + } + ], + "Domain Impersonation": [ + { + "short_text": "SPF check failed when checking sending IP: 10.10.10.10 for domain avtestqa.com", + "full_text": "The email 'from' address doesn't pass the SPF-check" + } + ], + "Sender Reputation": [ + { + "short_text": "Insignificant historical reputation with sender", + "full_text": "The sending email address hasn't established significant historical reputation with your domain" + }, + { + "short_text": "Low-traffic 'From'-domain", + "full_text": "The sender's domain has very low traffic - often indicating low-trust domains" + } + ], + "Email Headers": [ + { + "short_text": "Missing DMARC", + "full_text": "The email's header suggest that DMARC signature is missing/invalid" + } + ] + }, + "reasons": [] + }, + "score": "234.309006", + "securityResultEntityId": "292a704793170989d9eddf3c06106a55", + "securityResultEntityType": "avanan_ap_scan", + "statusCode": "0", + "statusDescription": null, + "verdict": "phishing" + } + ], + "dlp": [ + { + "entityId": "292a704793170989d9eddf3c06106a55", + "entityType": "office365_emails_email", + "payload": { + "matches_dlp_rules": [], + "found_text": [], + "scan_details": [], + "hit_count": 0 + }, + "score": "0", + "securityResultEntityId": "292a704793170989d9eddf3c06106a55", + "securityResultEntityType": "avanan_dlp", + "statusCode": "0", + "statusDescription": "Clean", + "verdict": "clean" + } + ], + "clicktimeProtection": [ + { + "entityId": "292a704793170989d9eddf3c06106a55", + "entityType": "office365_emails_email", + "payload": null, + "score": "0", + "securityResultEntityId": "292a704793170989d9eddf3c06106a55", + "securityResultEntityType": "clicktime_protection_scan", + "statusCode": "0", + "statusDescription": null, + "verdict": "links_replaced" + } + ], + "shadowIt": [ + { + "entityId": "292a704793170989d9eddf3c06106a55", + "entityType": "office365_emails_email", + "payload": { + "from": "Automation@avtestqa.com", + "subject": "aut_phish_prod3_17__070823_01_14_18_245274", + "domain": "" + }, + "score": "0", + "securityResultEntityId": "292a704793170989d9eddf3c06106a55", + "securityResultEntityType": "shadow_it_emails_scan", + "statusCode": "clean", + "statusDescription": "Clean", + "verdict": "clean" + } + ], + "av": null + }, + "entityActions": [ + { + "entityActionName": "subject_change", + "entityActionDate": "2023-08-07T01:14:26.523104Z", + "entityActionResponseCode": null, + "entityActionResponseText": null, + "entityActionState": "subject_changed" + }, + { + "entityActionName": "body_change", + "entityActionDate": "2023-08-07T01:14:26.523104Z", + "entityActionResponseCode": null, + "entityActionResponseText": null, + "entityActionState": "body_changed" + }, + { + "entityActionName": "links_replace", + "entityActionDate": "2023-08-07T01:14:26.523104Z", + "entityActionResponseCode": null, + "entityActionResponseText": null, + "entityActionState": "links_replaced" + } + ], + "entityAvailableActions": [] + }, + { + "entityInfo": { + "entityId": "9b2313721d0cc4101c3c0e3746b4d78c", + "customerId": "prod-3-con-lab44", + "customerOem": "Avanan", + "saas": "office365_emails", + "saasEntityType": "office365_emails_email", + "entityCreated": "2023-08-07T01:14:26.725693Z", + "entityUpdated": "2023-08-07T01:14:38.582875Z", + "entityActionState": null + }, + "entityPayload": { + "internetMessageId": "<01000189cd8f27c5-b0fa1044-1b18-464f-869b-ec00f3f65baa-000000@email.amazonses.com>", + "subject": "aut_clean_prod3_17__070823_01_14_18_393995", + "received": "2023-08-07T01:14:19Z", + "size": null, + "emailLinks": [], + "attachmentCount": 0, + "attachments": [], + "mode": "inline", + "recipients": [ + "user2@avananlab44.onmicrosoft.com" + ], + "fromEmail": "Automation@avtestqa.com", + "fromDomain": "avtestqa.com", + "fromUser": {}, + "fromName": "", + "to": [ + "user2@avananlab44.onmicrosoft.com" + ], + "toUser": [ + { + "entity_id": "04df0456-6328-4cfe-a285-e41e3d035e9e", + "entity_type": "office365_emails_user", + "mail": null + } + ], + "cc": [], + "ccUser": [], + "bcc": [], + "bccUser": [], + "replyToEmail": null, + "replyToNickname": null, + "isRead": null, + "isDeleted": false, + "isIncoming": true, + "isInternal": false, + "isOutgoing": false, + "isQuarantined": false, + "isQuarantineNotification": false, + "isRestored": false, + "isRestoreRequested": false, + "isRestoreDeclined": false, + "saasSpamVerdict": "-1", + "SpfResult": "pass", + "restoreRequestTime": null + }, + "entitySecurityResult": { + "combinedVerdict": { + "ap": "clean", + "dlp": "clean", + "clicktimeProtection": "no_links_replaced", + "shadowIt": "clean", + "av": null + }, + "ap": [ + { + "entityId": "9b2313721d0cc4101c3c0e3746b4d78c", + "entityType": "office365_emails_email", + "payload": { + "reasons_by_category_list": [ + "Email Headers", + "Domain Impersonation", + "Sender Reputation" + ], + "reasons_by_category": { + "Email Headers": [ + { + "short_text": "Missing DMARC", + "full_text": "The email's header suggest that DMARC signature is missing/invalid" + } + ], + "Domain Impersonation": [ + { + "short_text": "SPF check failed when checking sending IP: 10.10.10.10 for domain avtestqa.com", + "full_text": "The email 'from' address doesn't pass the SPF-check" + } + ], + "Sender Reputation": [ + { + "short_text": "Insignificant historical reputation with sender", + "full_text": "The sending email address hasn't established significant historical reputation with your domain" + }, + { + "short_text": "Low-traffic 'From'-domain", + "full_text": "The sender's domain has very low traffic - often indicating low-trust domains" + } + ] + }, + "reasons": [ + "First Time Sender" + ] + }, + "score": "112.199243", + "securityResultEntityId": "9b2313721d0cc4101c3c0e3746b4d78c", + "securityResultEntityType": "avanan_ap_scan", + "statusCode": "0", + "statusDescription": null, + "verdict": "clean" + } + ], + "dlp": [ + { + "entityId": "9b2313721d0cc4101c3c0e3746b4d78c", + "entityType": "office365_emails_email", + "payload": { + "matches_dlp_rules": [], + "found_text": [], + "scan_details": [], + "hit_count": 0 + }, + "score": "0", + "securityResultEntityId": "9b2313721d0cc4101c3c0e3746b4d78c", + "securityResultEntityType": "avanan_dlp", + "statusCode": "0", + "statusDescription": "Clean", + "verdict": "clean" + } + ], + "clicktimeProtection": [ + { + "entityId": "9b2313721d0cc4101c3c0e3746b4d78c", + "entityType": "office365_emails_email", + "payload": null, + "score": "0", + "securityResultEntityId": "9b2313721d0cc4101c3c0e3746b4d78c", + "securityResultEntityType": "clicktime_protection_scan", + "statusCode": "0", + "statusDescription": null, + "verdict": "no_links_replaced" + } + ], + "shadowIt": [ + { + "entityId": "9b2313721d0cc4101c3c0e3746b4d78c", + "entityType": "office365_emails_email", + "payload": { + "from": "Automation@avtestqa.com", + "subject": "aut_clean_prod3_17__070823_01_14_18_393995", + "domain": "" + }, + "score": "0", + "securityResultEntityId": "9b2313721d0cc4101c3c0e3746b4d78c", + "securityResultEntityType": "shadow_it_emails_scan", + "statusCode": "clean", + "statusDescription": "Clean", + "verdict": "clean" + } + ], + "av": null + }, + "entityActions": [], + "entityAvailableActions": [] + }, + { + "entityInfo": { + "entityId": "e23f5137a03bc0c9f3d934d6ab65af37", + "customerId": "prod-3-con-lab44", + "customerOem": "Avanan", + "saas": "office365_emails", + "saasEntityType": "office365_emails_email", + "entityCreated": "2023-08-07T01:14:27.139177Z", + "entityUpdated": "2023-08-07T01:14:39.789466Z", + "entityActionState": "quarantined" + }, + "entityPayload": { + "internetMessageId": "<01000189cd8f268e-83e08a30-5caf-4fb3-9825-97fbde4bd126-000000@email.amazonses.com>", + "subject": "aut_quar_prod3_17__070823_01_14_18_072262", + "received": "2023-08-07T01:14:19Z", + "size": null, + "emailLinks": [], + "attachmentCount": 1, + "attachments": [ + { + "name": "avanan_malicious_23_070823_01_14_18_1691370858.pdf", + "mimetype": "application/pdf", + "size": 2064, + "MD5": "66a4d7541cbde9f76e3edfdd35c88ee2" + } + ], + "mode": "inline", + "recipients": [ + "user2@avananlab44.onmicrosoft.com" + ], + "fromEmail": "Automation@avtestqa.com", + "fromDomain": "avtestqa.com", + "fromUser": {}, + "fromName": "", + "to": [ + "user2@avananlab44.onmicrosoft.com" + ], + "toUser": [ + { + "entity_id": "04df0456-6328-4cfe-a285-e41e3d035e9e", + "entity_type": "office365_emails_user", + "mail": null + } + ], + "cc": [], + "ccUser": [], + "bcc": [], + "bccUser": [], + "replyToEmail": null, + "replyToNickname": null, + "isRead": null, + "isDeleted": true, + "isIncoming": true, + "isInternal": false, + "isOutgoing": false, + "isQuarantined": true, + "isQuarantineNotification": false, + "isRestored": false, + "isRestoreRequested": false, + "isRestoreDeclined": false, + "saasSpamVerdict": "-1", + "SpfResult": "pass", + "restoreRequestTime": null + }, + "entitySecurityResult": { + "combinedVerdict": { + "ap": "clean", + "dlp": "clean", + "clicktimeProtection": "no_links_replaced", + "shadowIt": "clean", + "av": "malicious" + }, + "ap": [ + { + "entityId": "e23f5137a03bc0c9f3d934d6ab65af37", + "entityType": "office365_emails_email", + "payload": { + "reasons_by_category_list": [ + "Email Headers", + "Domain Impersonation", + "Sender Reputation" + ], + "reasons_by_category": { + "Email Headers": [ + { + "short_text": "Missing DMARC", + "full_text": "The email's header suggest that DMARC signature is missing/invalid" + } + ], + "Domain Impersonation": [ + { + "short_text": "SPF check failed when checking sending IP: 10.10.10.10 for domain avtestqa.com", + "full_text": "The email 'from' address doesn't pass the SPF-check" + } + ], + "Sender Reputation": [ + { + "short_text": "Insignificant historical reputation with sender", + "full_text": "The sending email address hasn't established significant historical reputation with your domain" + }, + { + "short_text": "Low-traffic 'From'-domain", + "full_text": "The sender's domain has very low traffic - often indicating low-trust domains" + } + ] + }, + "reasons": [ + "First Time Sender" + ] + }, + "score": "38.152973", + "securityResultEntityId": "e23f5137a03bc0c9f3d934d6ab65af37", + "securityResultEntityType": "avanan_ap_scan", + "statusCode": "0", + "statusDescription": null, + "verdict": "clean" + } + ], + "dlp": [ + { + "entityId": "e23f5137a03bc0c9f3d934d6ab65af37", + "entityType": "office365_emails_email", + "payload": { + "matches_dlp_rules": [], + "found_text": [], + "scan_details": [], + "hit_count": 0 + }, + "score": "0", + "securityResultEntityId": "e23f5137a03bc0c9f3d934d6ab65af37", + "securityResultEntityType": "avanan_dlp", + "statusCode": "0", + "statusDescription": "Clean", + "verdict": "clean" + }, + { + "entityId": "dd9ede8b2b3b84ff06935d0d27f307f376f22c3f", + "entityType": "office365_emails_attachment", + "payload": { + "matches_dlp_rules": [], + "found_text": [], + "scan_details": [], + "hit_count": 0 + }, + "score": "0", + "securityResultEntityId": "dd9ede8b2b3b84ff06935d0d27f307f376f22c3f", + "securityResultEntityType": "avanan_dlp", + "statusCode": "0", + "statusDescription": "Clean", + "verdict": "clean" + } + ], + "clicktimeProtection": [ + { + "entityId": "e23f5137a03bc0c9f3d934d6ab65af37", + "entityType": "office365_emails_email", + "payload": null, + "score": "0", + "securityResultEntityId": "e23f5137a03bc0c9f3d934d6ab65af37", + "securityResultEntityType": "clicktime_protection_scan", + "statusCode": "0", + "statusDescription": null, + "verdict": "no_links_replaced" + } + ], + "shadowIt": [ + { + "entityId": "e23f5137a03bc0c9f3d934d6ab65af37", + "entityType": "office365_emails_email", + "payload": { + "from": "Automation@avtestqa.com", + "subject": "aut_quar_prod3_17__070823_01_14_18_072262", + "domain": "" + }, + "score": "0", + "securityResultEntityId": "e23f5137a03bc0c9f3d934d6ab65af37", + "securityResultEntityType": "shadow_it_emails_scan", + "statusCode": "clean", + "statusDescription": "Clean", + "verdict": "clean" + } + ], + "av": [ + { + "entityId": "dd9ede8b2b3b84ff06935d0d27f307f376f22c3f", + "entityType": "office365_emails_attachment", + "payload": { + "scan_details": [ + "Dummy Core Detection" + ] + }, + "score": "100", + "securityResultEntityId": "dd9ede8b2b3b84ff06935d0d27f307f376f22c3f", + "securityResultEntityType": "checkpoint2", + "statusCode": "0", + "statusDescription": "Dummy Core Detection", + "verdict": "malicious" + } + ] + }, + "entityActions": [ + { + "entityActionName": "quarantine", + "entityActionDate": "2023-08-07T01:14:38.000385Z", + "entityActionResponseCode": null, + "entityActionResponseText": null, + "entityActionState": "quarantined" + } + ], + "entityAvailableActions": [] + }, + { + "entityInfo": { + "entityId": "1cfd1fadcf25fdf2a59192d54b465683", + "customerId": "prod-3-con-lab44", + "customerOem": "Avanan", + "saas": "office365_emails", + "saasEntityType": "office365_emails_email", + "entityCreated": "2023-08-07T01:14:29.537222Z", + "entityUpdated": "2023-08-07T01:14:39.726531Z", + "entityActionState": "body_changed" + }, + "entityPayload": { + "internetMessageId": "<01000189cd8f285b-f596252e-dae6-4d37-a48b-3b7f3962dd48-000000@email.amazonses.com>", + "subject": "Phishing Alert! [aut_phish_prod3_17__070823_01_14_18_542558]", + "received": "2023-08-07T01:14:19Z", + "size": null, + "emailLinks": [ + "http://operatf.xyz/redirect53dfhbhfhfhb" + ], + "attachmentCount": 0, + "attachments": [], + "mode": "monitor", + "recipients": [ + "user3@avananlab44.onmicrosoft.com" + ], + "fromEmail": "Automation@avtestqa.com", + "fromDomain": "avtestqa.com", + "fromUser": {}, + "fromName": "", + "to": [ + "user3@avananlab44.onmicrosoft.com" + ], + "toUser": [ + { + "entity_id": "1ec5d519-54a5-40fa-9651-19d7286710df", + "entity_type": "office365_emails_user", + "mail": null + } + ], + "cc": [], + "ccUser": [], + "bcc": [], + "bccUser": [], + "replyToEmail": null, + "replyToNickname": null, + "isRead": null, + "isDeleted": false, + "isIncoming": true, + "isInternal": false, + "isOutgoing": false, + "isQuarantined": false, + "isQuarantineNotification": false, + "isRestored": false, + "isRestoreRequested": false, + "isRestoreDeclined": false, + "saasSpamVerdict": "-1", + "SpfResult": "pass", + "restoreRequestTime": null + }, + "entitySecurityResult": { + "combinedVerdict": { + "ap": "phishing", + "dlp": null, + "clicktimeProtection": null, + "shadowIt": "clean", + "av": null + }, + "ap": [ + { + "entityId": "1cfd1fadcf25fdf2a59192d54b465683", + "entityType": "office365_emails_email", + "payload": { + "reasons_by_category_list": [ + "Email Headers", + "Domain Impersonation", + "Sender Reputation", + "Links" + ], + "reasons_by_category": { + "Links": [ + { + "short_text": "Link to a low-traffic site", + "full_text": "The email contains link to low-traffic web-sites - often indicating low-trust domains" + } + ], + "Domain Impersonation": [ + { + "short_text": "SPF check failed when checking sending IP: 10.10.10.10 for domain avtestqa.com", + "full_text": "The email 'from' address doesn't pass the SPF-check" + } + ], + "Sender Reputation": [ + { + "short_text": "Insignificant historical reputation with sender", + "full_text": "The sending email address hasn't established significant historical reputation with your domain" + }, + { + "short_text": "Low-traffic 'From'-domain", + "full_text": "The sender's domain has very low traffic - often indicating low-trust domains" + } + ], + "Email Headers": [ + { + "short_text": "Missing DMARC", + "full_text": "The email's header suggest that DMARC signature is missing/invalid" + } + ] + }, + "reasons": [] + }, + "score": "230.313577", + "securityResultEntityId": "1cfd1fadcf25fdf2a59192d54b465683", + "securityResultEntityType": "avanan_ap_scan", + "statusCode": "0", + "statusDescription": null, + "verdict": "phishing" + } + ], + "dlp": null, + "clicktimeProtection": null, + "shadowIt": [ + { + "entityId": "1cfd1fadcf25fdf2a59192d54b465683", + "entityType": "office365_emails_email", + "payload": { + "from": "Automation@avtestqa.com", + "subject": "aut_phish_prod3_17__070823_01_14_18_542558", + "domain": "" + }, + "score": "0", + "securityResultEntityId": "1cfd1fadcf25fdf2a59192d54b465683", + "securityResultEntityType": "shadow_it_emails_scan", + "statusCode": "clean", + "statusDescription": "Clean", + "verdict": "clean" + } + ], + "av": null + }, + "entityActions": [ + { + "entityActionName": "subject_change", + "entityActionDate": "2023-08-07T01:14:29.537222Z", + "entityActionResponseCode": null, + "entityActionResponseText": null, + "entityActionState": "subject_changed" + }, + { + "entityActionName": "body_change", + "entityActionDate": "2023-08-07T01:14:29.537222Z", + "entityActionResponseCode": null, + "entityActionResponseText": null, + "entityActionState": "body_changed" + } + ], + "entityAvailableActions": [] + }, + { + "entityInfo": { + "entityId": "27ad96048d30d3964a0a031a42b3ed3f", + "customerId": "prod-3-con-lab44", + "customerOem": "Avanan", + "saas": "office365_emails", + "saasEntityType": "office365_emails_email", + "entityCreated": "2023-08-07T01:14:31.049314Z", + "entityUpdated": "2023-08-07T01:14:38.413831Z", + "entityActionState": "quarantined" + }, + "entityPayload": { + "internetMessageId": "<01000189cd8f28df-9fbc757f-d4c9-4c7d-bd23-da235cddcf4f-000000@email.amazonses.com>", + "subject": "aut_quar_prod3_17__070823_01_14_18_669295", + "received": "2023-08-07T01:14:19Z", + "size": null, + "emailLinks": [], + "attachmentCount": 1, + "attachments": [ + { + "name": "avanan_malicious_49_070823_01_14_18_1691370858.pdf", + "mimetype": "application/pdf", + "size": 2065, + "MD5": "99fb19b41c9c7cfea1eda8596ba29c22" + } + ], + "mode": "monitor", + "recipients": [ + "user3@avananlab44.onmicrosoft.com" + ], + "fromEmail": "Automation@avtestqa.com", + "fromDomain": "avtestqa.com", + "fromUser": {}, + "fromName": "", + "to": [ + "user3@avananlab44.onmicrosoft.com" + ], + "toUser": [ + { + "entity_id": "1ec5d519-54a5-40fa-9651-19d7286710df", + "entity_type": "office365_emails_user", + "mail": null + } + ], + "cc": [], + "ccUser": [], + "bcc": [], + "bccUser": [], + "replyToEmail": null, + "replyToNickname": null, + "isRead": null, + "isDeleted": true, + "isIncoming": true, + "isInternal": false, + "isOutgoing": false, + "isQuarantined": true, + "isQuarantineNotification": false, + "isRestored": false, + "isRestoreRequested": false, + "isRestoreDeclined": false, + "saasSpamVerdict": "-1", + "SpfResult": "pass", + "restoreRequestTime": null + }, + "entitySecurityResult": { + "combinedVerdict": { + "ap": "clean", + "dlp": null, + "clicktimeProtection": null, + "shadowIt": "clean", + "av": "malicious" + }, + "ap": [ + { + "entityId": "27ad96048d30d3964a0a031a42b3ed3f", + "entityType": "office365_emails_email", + "payload": { + "reasons_by_category_list": [ + "Email Headers", + "Domain Impersonation", + "Sender Reputation" + ], + "reasons_by_category": { + "Email Headers": [ + { + "short_text": "Missing DMARC", + "full_text": "The email's header suggest that DMARC signature is missing/invalid" + } + ], + "Domain Impersonation": [ + { + "short_text": "SPF check failed when checking sending IP: 10.10.10.10 for domain avtestqa.com", + "full_text": "The email 'from' address doesn't pass the SPF-check" + } + ], + "Sender Reputation": [ + { + "short_text": "Insignificant historical reputation with sender", + "full_text": "The sending email address hasn't established significant historical reputation with your domain" + }, + { + "short_text": "Low-traffic 'From'-domain", + "full_text": "The sender's domain has very low traffic - often indicating low-trust domains" + } + ] + }, + "reasons": [ + "First Time Sender" + ] + }, + "score": "37.394969", + "securityResultEntityId": "27ad96048d30d3964a0a031a42b3ed3f", + "securityResultEntityType": "avanan_ap_scan", + "statusCode": "0", + "statusDescription": null, + "verdict": "clean" + } + ], + "dlp": null, + "clicktimeProtection": null, + "shadowIt": [ + { + "entityId": "27ad96048d30d3964a0a031a42b3ed3f", + "entityType": "office365_emails_email", + "payload": { + "from": "Automation@avtestqa.com", + "subject": "aut_quar_prod3_17__070823_01_14_18_669295", + "domain": "" + }, + "score": "0", + "securityResultEntityId": "27ad96048d30d3964a0a031a42b3ed3f", + "securityResultEntityType": "shadow_it_emails_scan", + "statusCode": "clean", + "statusDescription": "Clean", + "verdict": "clean" + } + ], + "av": [ + { + "entityId": "eab9214c29c587d370ce71a1e888b954821ae161", + "entityType": "office365_emails_attachment", + "payload": { + "scan_details": [ + "Dummy Core Detection" + ] + }, + "score": "100", + "securityResultEntityId": "eab9214c29c587d370ce71a1e888b954821ae161", + "securityResultEntityType": "checkpoint2", + "statusCode": "0", + "statusDescription": "Dummy Core Detection", + "verdict": "malicious" + } + ] + }, + "entityActions": [ + { + "entityActionName": "quarantine", + "entityActionDate": "2023-08-07T01:14:38.167717Z", + "entityActionResponseCode": null, + "entityActionResponseText": null, + "entityActionState": "quarantined" + } + ], + "entityAvailableActions": [] + }, + { + "entityInfo": { + "entityId": "4d2a66b2c4cf412d28d476c25f20e7ab", + "customerId": "prod-3-con-lab44", + "customerOem": "Avanan", + "saas": "office365_emails", + "saasEntityType": "office365_emails_email", + "entityCreated": "2023-08-07T01:15:03.933095Z", + "entityUpdated": "2023-08-07T01:15:08.933362Z", + "entityActionState": null + }, + "entityPayload": { + "internetMessageId": "<00000000.00000000000000.00000000000000.00000000@mail.example.com>", + "subject": "AUT-clean-qa1-4-_070823_01_14_55_462368", + "received": "2023-08-07T01:14:56Z", + "size": null, + "emailLinks": [], + "attachmentCount": 0, + "attachments": [], + "mode": "monitor", + "recipients": [ + "user3@avananlab44.onmicrosoft.com" + ], + "fromEmail": "Automation@avtestqa.com", + "fromDomain": "avtestqa.com", + "fromUser": {}, + "fromName": "", + "to": [ + "user3@avananlab44.onmicrosoft.com" + ], + "toUser": [ + { + "entity_id": "1ec5d519-54a5-40fa-9651-19d7286710df", + "entity_type": "office365_emails_user", + "mail": null + } + ], + "cc": [], + "ccUser": [], + "bcc": [], + "bccUser": [], + "replyToEmail": "Automation@avtestqa.com", + "replyToNickname": "", + "isRead": null, + "isDeleted": false, + "isIncoming": true, + "isInternal": false, + "isOutgoing": false, + "isQuarantined": false, + "isQuarantineNotification": false, + "isRestored": false, + "isRestoreRequested": false, + "isRestoreDeclined": false, + "saasSpamVerdict": "-1", + "SpfResult": "pass", + "restoreRequestTime": null + }, + "entitySecurityResult": { + "combinedVerdict": { + "ap": "clean", + "dlp": null, + "clicktimeProtection": null, + "shadowIt": "clean", + "av": null + }, + "ap": [ + { + "entityId": "4d2a66b2c4cf412d28d476c25f20e7ab", + "entityType": "office365_emails_email", + "payload": { + "reasons_by_category_list": [ + "Email Headers", + "Sender Reputation" + ], + "reasons_by_category": { + "Email Headers": [ + { + "short_text": "Missing DMARC", + "full_text": "The email's header suggest that DMARC signature is missing/invalid" + } + ], + "Sender Reputation": [ + { + "short_text": "Insignificant historical reputation with sender", + "full_text": "The sending email address hasn't established significant historical reputation with your domain" + }, + { + "short_text": "Low-traffic 'From'-domain", + "full_text": "The sender's domain has very low traffic - often indicating low-trust domains" + } + ] + }, + "reasons": [ + "First Time Sender" + ] + }, + "score": "42.792424", + "securityResultEntityId": "4d2a66b2c4cf412d28d476c25f20e7ab", + "securityResultEntityType": "avanan_ap_scan", + "statusCode": "0", + "statusDescription": null, + "verdict": "clean" + } + ], + "dlp": null, + "clicktimeProtection": null, + "shadowIt": [ + { + "entityId": "4d2a66b2c4cf412d28d476c25f20e7ab", + "entityType": "office365_emails_email", + "payload": { + "from": "Automation@avtestqa.com", + "subject": "AUT-clean-qa1-4-_070823_01_14_55_462368", + "domain": "" + }, + "score": "0", + "securityResultEntityId": "4d2a66b2c4cf412d28d476c25f20e7ab", + "securityResultEntityType": "shadow_it_emails_scan", + "statusCode": "clean", + "statusDescription": "Clean", + "verdict": "clean" + } + ], + "av": null + }, + "entityActions": [], + "entityAvailableActions": [] + }, + { + "entityInfo": { + "entityId": "a7b57135b3d89dba6755b0234ad40a13", + "customerId": "prod-3-con-lab44", + "customerOem": "Avanan", + "saas": "office365_emails", + "saasEntityType": "office365_emails_email", + "entityCreated": "2023-08-07T01:18:40.645095Z", + "entityUpdated": "2023-08-07T01:23:41.527697Z", + "entityActionState": null + }, + "entityPayload": { + "internetMessageId": "<01000189cd92f9f4-5213674b-0b60-4cbc-9df2-fb401285d5ec-000000@email.amazonses.com>", + "subject": "aut_clean_prod3_17__070823_01_18_28_801633", + "received": "2023-08-07T01:18:30Z", + "size": null, + "emailLinks": [], + "attachmentCount": 0, + "attachments": [], + "mode": "inline", + "recipients": [ + "user4@avananlab44.onmicrosoft.com" + ], + "fromEmail": "Automation@avtestqa.com", + "fromDomain": "avtestqa.com", + "fromUser": {}, + "fromName": "", + "to": [ + "user4@avananlab44.onmicrosoft.com" + ], + "toUser": [ + { + "entity_id": "37bf0b54-5136-49e7-82c8-58f85d42b333", + "entity_type": "office365_emails_user", + "mail": null + } + ], + "cc": [], + "ccUser": [], + "bcc": [], + "bccUser": [], + "replyToEmail": null, + "replyToNickname": null, + "isRead": null, + "isDeleted": false, + "isIncoming": true, + "isInternal": false, + "isOutgoing": false, + "isQuarantined": false, + "isQuarantineNotification": false, + "isRestored": true, + "isRestoreRequested": false, + "isRestoreDeclined": false, + "saasSpamVerdict": "-1", + "SpfResult": "pass", + "restoreRequestTime": null + }, + "entitySecurityResult": { + "combinedVerdict": { + "ap": "clean", + "dlp": null, + "clicktimeProtection": null, + "shadowIt": "clean", + "av": null + }, + "ap": [ + { + "entityId": "a7b57135b3d89dba6755b0234ad40a13", + "entityType": "office365_emails_email", + "payload": { + "reasons_by_category_list": [ + "Email Headers", + "Domain Impersonation", + "Sender Reputation" + ], + "reasons_by_category": { + "Email Headers": [ + { + "short_text": "Missing DMARC", + "full_text": "The email's header suggest that DMARC signature is missing/invalid" + } + ], + "Domain Impersonation": [ + { + "short_text": "SPF check failed when checking sending IP: 10.10.10.10 for domain avtestqa.com", + "full_text": "The email 'from' address doesn't pass the SPF-check" + } + ], + "Sender Reputation": [ + { + "short_text": "Insignificant historical reputation with sender", + "full_text": "The sending email address hasn't established significant historical reputation with your domain" + }, + { + "short_text": "Low-traffic 'From'-domain", + "full_text": "The sender's domain has very low traffic - often indicating low-trust domains" + } + ] + }, + "reasons": [ + "First Time Sender" + ] + }, + "score": "108.677335", + "securityResultEntityId": "a7b57135b3d89dba6755b0234ad40a13", + "securityResultEntityType": "avanan_ap_scan", + "statusCode": "0", + "statusDescription": null, + "verdict": "clean" + } + ], + "dlp": null, + "clicktimeProtection": null, + "shadowIt": [ + { + "entityId": "a7b57135b3d89dba6755b0234ad40a13", + "entityType": "office365_emails_email", + "payload": { + "from": "Automation@avtestqa.com", + "subject": "aut_clean_prod3_17__070823_01_18_28_801633", + "domain": "" + }, + "score": "0", + "securityResultEntityId": "a7b57135b3d89dba6755b0234ad40a13", + "securityResultEntityType": "shadow_it_emails_scan", + "statusCode": "clean", + "statusDescription": "Clean", + "verdict": "clean" + } + ], + "av": null + }, + "entityActions": [], + "entityAvailableActions": [] + }, + { + "entityInfo": { + "entityId": "83061da7291971bc23d3911341a70da7", + "customerId": "prod-3-con-lab44", + "customerOem": "Avanan", + "saas": "office365_emails", + "saasEntityType": "office365_emails_email", + "entityCreated": "2023-08-07T01:19:41.328852Z", + "entityUpdated": "2023-08-07T01:19:45.529883Z", + "entityActionState": null + }, + "entityPayload": { + "internetMessageId": "0.6796415769381349Automation@avtestqa.com", + "subject": "aut_clean_prod3_17__070823_01_10_29_199799", + "received": "2023-08-05T17:14:47.564045Z", + "size": null, + "emailLinks": [], + "attachmentCount": 0, + "attachments": [], + "mode": "monitor", + "recipients": [ + "user2@avananlab44.onmicrosoft.com" + ], + "fromEmail": "Automation@avtestqa.com", + "fromDomain": "avtestqa.com", + "fromUser": {}, + "fromName": "", + "to": [ + "user2@avananlab44.onmicrosoft.com" + ], + "toUser": [ + { + "entity_id": "04df0456-6328-4cfe-a285-e41e3d035e9e", + "entity_type": "office365_emails_user", + "mail": null + } + ], + "cc": [], + "ccUser": [], + "bcc": [], + "bccUser": [], + "replyToEmail": null, + "replyToNickname": null, + "isRead": null, + "isDeleted": false, + "isIncoming": true, + "isInternal": false, + "isOutgoing": false, + "isQuarantined": false, + "isQuarantineNotification": false, + "isRestored": false, + "isRestoreRequested": false, + "isRestoreDeclined": false, + "saasSpamVerdict": null, + "SpfResult": null, + "restoreRequestTime": null + }, + "entitySecurityResult": { + "combinedVerdict": { + "ap": "clean", + "dlp": null, + "clicktimeProtection": null, + "shadowIt": "clean", + "av": null + }, + "ap": [ + { + "entityId": "83061da7291971bc23d3911341a70da7", + "entityType": "office365_emails_email", + "payload": { + "reasons_by_category_list": [ + "Sender Reputation" + ], + "reasons_by_category": { + "Sender Reputation": [ + { + "short_text": "Insignificant historical reputation with sender", + "full_text": "The sending email address hasn't established significant historical reputation with your domain" + }, + { + "short_text": "Low-traffic 'From'-domain", + "full_text": "The sender's domain has very low traffic - often indicating low-trust domains" + } + ] + }, + "reasons": [ + "First Time Sender" + ] + }, + "score": "59.53873", + "securityResultEntityId": "83061da7291971bc23d3911341a70da7", + "securityResultEntityType": "avanan_ap_scan", + "statusCode": "0", + "statusDescription": null, + "verdict": "clean" + } + ], + "dlp": null, + "clicktimeProtection": null, + "shadowIt": [ + { + "entityId": "83061da7291971bc23d3911341a70da7", + "entityType": "office365_emails_email", + "payload": { + "from": "Automation@avtestqa.com", + "subject": "aut_clean_prod3_17__070823_01_10_29_199799", + "domain": "" + }, + "score": "0", + "securityResultEntityId": "83061da7291971bc23d3911341a70da7", + "securityResultEntityType": "shadow_it_emails_scan", + "statusCode": "clean", + "statusDescription": "Clean", + "verdict": "clean" + } + ], + "av": null + }, + "entityActions": [], + "entityAvailableActions": [] + }, + { + "entityInfo": { + "entityId": "956c09c2f46bbbb06df0a7521e9e924a", + "customerId": "prod-3-con-lab44", + "customerOem": "Avanan", + "saas": "office365_emails", + "saasEntityType": "office365_emails_email", + "entityCreated": "2023-08-07T01:21:22.980805Z", + "entityUpdated": "2023-08-07T01:21:33.622809Z", + "entityActionState": "links_replaced" + }, + "entityPayload": { + "internetMessageId": "<00000000.00000000000000.00000000000000.00000000@mail.example.com>", + "subject": "AUT-clicktime-qa-1-whitelist_070823_04_21_17_055759", + "received": "2023-08-07T01:21:18Z", + "size": null, + "emailLinks": [ + "http://www.xvirb-malwareavrad.com" + ], + "attachmentCount": 0, + "attachments": [], + "mode": "inline", + "recipients": [ + "user2@avananlab44.onmicrosoft.com" + ], + "fromEmail": "Automation@avtestqa.com", + "fromDomain": "avtestqa.com", + "fromUser": {}, + "fromName": "", + "to": [ + "user2@avananlab44.onmicrosoft.com" + ], + "toUser": [ + { + "entity_id": "04df0456-6328-4cfe-a285-e41e3d035e9e", + "entity_type": "office365_emails_user", + "mail": null + } + ], + "cc": [], + "ccUser": [], + "bcc": [], + "bccUser": [], + "replyToEmail": "Automation@avtestqa.com", + "replyToNickname": "", + "isRead": null, + "isDeleted": false, + "isIncoming": true, + "isInternal": false, + "isOutgoing": false, + "isQuarantined": false, + "isQuarantineNotification": false, + "isRestored": false, + "isRestoreRequested": false, + "isRestoreDeclined": false, + "saasSpamVerdict": "-1", + "SpfResult": "pass", + "restoreRequestTime": null + }, + "entitySecurityResult": { + "combinedVerdict": { + "ap": "clean", + "dlp": "clean", + "clicktimeProtection": "links_replaced", + "shadowIt": "clean", + "av": null + }, + "ap": [ + { + "entityId": "956c09c2f46bbbb06df0a7521e9e924a", + "entityType": "office365_emails_email", + "payload": { + "reasons_by_category_list": [ + "Email Headers", + "Sender Reputation", + "Links" + ], + "reasons_by_category": { + "Email Headers": [ + { + "short_text": "Missing DMARC", + "full_text": "The email's header suggest that DMARC signature is missing/invalid" + } + ], + "Links": [ + { + "short_text": "Link to a low-traffic site", + "full_text": "The email contains link to low-traffic web-sites - often indicating low-trust domains" + } + ], + "Sender Reputation": [ + { + "short_text": "Insignificant historical reputation with sender", + "full_text": "The sending email address hasn't established significant historical reputation with your domain" + }, + { + "short_text": "Low-traffic 'From'-domain", + "full_text": "The sender's domain has very low traffic - often indicating low-trust domains" + } + ] + }, + "reasons": [ + "First Time Sender" + ] + }, + "score": "148.308417", + "securityResultEntityId": "956c09c2f46bbbb06df0a7521e9e924a", + "securityResultEntityType": "avanan_ap_scan", + "statusCode": "0", + "statusDescription": null, + "verdict": "clean" + } + ], + "dlp": [ + { + "entityId": "956c09c2f46bbbb06df0a7521e9e924a", + "entityType": "office365_emails_email", + "payload": { + "matches_dlp_rules": [], + "found_text": [], + "scan_details": [], + "hit_count": 0 + }, + "score": "0", + "securityResultEntityId": "956c09c2f46bbbb06df0a7521e9e924a", + "securityResultEntityType": "avanan_dlp", + "statusCode": "0", + "statusDescription": "Clean", + "verdict": "clean" + } + ], + "clicktimeProtection": [ + { + "entityId": "956c09c2f46bbbb06df0a7521e9e924a", + "entityType": "office365_emails_email", + "payload": null, + "score": "0", + "securityResultEntityId": "956c09c2f46bbbb06df0a7521e9e924a", + "securityResultEntityType": "clicktime_protection_scan", + "statusCode": "0", + "statusDescription": null, + "verdict": "links_replaced" + } + ], + "shadowIt": [ + { + "entityId": "956c09c2f46bbbb06df0a7521e9e924a", + "entityType": "office365_emails_email", + "payload": { + "from": "Automation@avtestqa.com", + "subject": "AUT-clicktime-qa-1-whitelist_070823_04_21_17_055759", + "domain": "" + }, + "score": "0", + "securityResultEntityId": "956c09c2f46bbbb06df0a7521e9e924a", + "securityResultEntityType": "shadow_it_emails_scan", + "statusCode": "clean", + "statusDescription": "Clean", + "verdict": "clean" + } + ], + "av": null + }, + "entityActions": [ + { + "entityActionName": "body_change", + "entityActionDate": "2023-08-07T01:21:22.980805Z", + "entityActionResponseCode": null, + "entityActionResponseText": null, + "entityActionState": "body_changed" + }, + { + "entityActionName": "links_replace", + "entityActionDate": "2023-08-07T01:21:22.980805Z", + "entityActionResponseCode": null, + "entityActionResponseText": null, + "entityActionState": "links_replaced" + } + ], + "entityAvailableActions": [] + }, + { + "entityInfo": { + "entityId": "4329568f02e82eafdf288e652fe3fb4a", + "customerId": "prod-3-con-lab44", + "customerOem": "Avanan", + "saas": "office365_emails", + "saasEntityType": "office365_emails_email", + "entityCreated": "2023-08-07T01:21:23.191075Z", + "entityUpdated": "2023-08-07T01:24:46.410148Z", + "entityActionState": "links_replaced" + }, + "entityPayload": { + "internetMessageId": "<00000000.00000000000000.00000000000000.00000000@mail.example.com>", + "subject": "AUT-clicktime-qa-1-blacklist_070823_04_21_17_393872", + "received": "2023-08-07T01:21:18Z", + "size": null, + "emailLinks": [ + "https://facebook.com" + ], + "attachmentCount": 0, + "attachments": [], + "mode": "inline", + "recipients": [ + "user2@avananlab44.onmicrosoft.com" + ], + "fromEmail": "Automation@avtestqa.com", + "fromDomain": "avtestqa.com", + "fromUser": {}, + "fromName": "", + "to": [ + "user2@avananlab44.onmicrosoft.com" + ], + "toUser": [ + { + "entity_id": "04df0456-6328-4cfe-a285-e41e3d035e9e", + "entity_type": "office365_emails_user", + "mail": null + } + ], + "cc": [], + "ccUser": [], + "bcc": [], + "bccUser": [], + "replyToEmail": "Automation@avtestqa.com", + "replyToNickname": "", + "isRead": null, + "isDeleted": false, + "isIncoming": true, + "isInternal": false, + "isOutgoing": false, + "isQuarantined": false, + "isQuarantineNotification": false, + "isRestored": false, + "isRestoreRequested": false, + "isRestoreDeclined": false, + "saasSpamVerdict": "-1", + "SpfResult": "pass", + "restoreRequestTime": null + }, + "entitySecurityResult": { + "combinedVerdict": { + "ap": "clean", + "dlp": "clean", + "clicktimeProtection": "malicious_url", + "shadowIt": "clean", + "av": null + }, + "ap": [ + { + "entityId": "4329568f02e82eafdf288e652fe3fb4a", + "entityType": "office365_emails_email", + "payload": { + "reasons_by_category_list": [ + "Email Headers", + "Sender Reputation" + ], + "reasons_by_category": { + "Email Headers": [ + { + "short_text": "Missing DMARC", + "full_text": "The email's header suggest that DMARC signature is missing/invalid" + } + ], + "Sender Reputation": [ + { + "short_text": "Insignificant historical reputation with sender", + "full_text": "The sending email address hasn't established significant historical reputation with your domain" + }, + { + "short_text": "Low-traffic 'From'-domain", + "full_text": "The sender's domain has very low traffic - often indicating low-trust domains" + } + ] + }, + "reasons": [ + "First Time Sender" + ] + }, + "score": "52.964422", + "securityResultEntityId": "4329568f02e82eafdf288e652fe3fb4a", + "securityResultEntityType": "avanan_ap_scan", + "statusCode": "0", + "statusDescription": null, + "verdict": "clean" + } + ], + "dlp": [ + { + "entityId": "4329568f02e82eafdf288e652fe3fb4a", + "entityType": "office365_emails_email", + "payload": { + "matches_dlp_rules": [], + "found_text": [], + "scan_details": [], + "hit_count": 0 + }, + "score": "0", + "securityResultEntityId": "4329568f02e82eafdf288e652fe3fb4a", + "securityResultEntityType": "avanan_dlp", + "statusCode": "0", + "statusDescription": "Clean", + "verdict": "clean" + } + ], + "clicktimeProtection": [ + { + "entityId": "4329568f02e82eafdf288e652fe3fb4a", + "entityType": "office365_emails_email", + "payload": null, + "score": "0", + "securityResultEntityId": "4329568f02e82eafdf288e652fe3fb4a", + "securityResultEntityType": "clicktime_protection_scan", + "statusCode": "0", + "statusDescription": null, + "verdict": "malicious_url" + } + ], + "shadowIt": [ + { + "entityId": "4329568f02e82eafdf288e652fe3fb4a", + "entityType": "office365_emails_email", + "payload": { + "subject": "AUT-clicktime-qa-1-blacklist_070823_04_21_17_393872", + "from": "Automation@avtestqa.com", + "domain": "" + }, + "score": "0", + "securityResultEntityId": "4329568f02e82eafdf288e652fe3fb4a", + "securityResultEntityType": "shadow_it_emails_scan", + "statusCode": "clean", + "statusDescription": "Clean", + "verdict": "clean" + } + ], + "av": null + }, + "entityActions": [ + { + "entityActionName": "body_change", + "entityActionDate": "2023-08-07T01:21:23.191075Z", + "entityActionResponseCode": null, + "entityActionResponseText": null, + "entityActionState": "body_changed" + }, + { + "entityActionName": "links_replace", + "entityActionDate": "2023-08-07T01:21:23.191075Z", + "entityActionResponseCode": null, + "entityActionResponseText": null, + "entityActionState": "links_replaced" + } + ], + "entityAvailableActions": [] + } + ] +} \ No newline at end of file diff --git a/Packs/CheckPointHEC/Integrations/CheckPointHEC/test_data/checkpointhec-send_action.json b/Packs/CheckPointHEC/Integrations/CheckPointHEC/test_data/checkpointhec-send_action.json new file mode 100644 index 000000000000..cc82c73d381e --- /dev/null +++ b/Packs/CheckPointHEC/Integrations/CheckPointHEC/test_data/checkpointhec-send_action.json @@ -0,0 +1,16 @@ +{ + "responseEnvelope": { + "requestId": "e5d1ca37-f789-4115-933c-fce0708cd446", + "responseCode": 200, + "responseText": "", + "additionalText": "", + "recordsNumber": 1, + "scrollId": "" + }, + "responseData": [ + { + "entityId": "00000000000000000000000000000002", + "taskId": "1691525788820900" + } + ] +} \ No newline at end of file diff --git a/Packs/CheckPointHEC/Integrations/CheckPointHEC/test_data/checkpointhec-test_api.json b/Packs/CheckPointHEC/Integrations/CheckPointHEC/test_data/checkpointhec-test_api.json new file mode 100644 index 000000000000..0287aedde69e --- /dev/null +++ b/Packs/CheckPointHEC/Integrations/CheckPointHEC/test_data/checkpointhec-test_api.json @@ -0,0 +1,3 @@ +{ + "ok": true +} diff --git a/Packs/CheckPointHEC/Layouts/layoutscontainer-CheckPointHEC_Security_Event_Layout.json b/Packs/CheckPointHEC/Layouts/layoutscontainer-CheckPointHEC_Security_Event_Layout.json index 7281c3815903..514597fd4bf0 100644 --- a/Packs/CheckPointHEC/Layouts/layoutscontainer-CheckPointHEC_Security_Event_Layout.json +++ b/Packs/CheckPointHEC/Layouts/layoutscontainer-CheckPointHEC_Security_Event_Layout.json @@ -1,413 +1,817 @@ { - "description": "CheckPointHEC Incidents Layout", - "detailsV2": { - "tabs": [ - { - "id": "summary", - "name": "Legacy Summary", - "type": "summary" - }, - { - "hidden": false, - "id": "u9xzifnfzu", - "name": "Check Point Info", - "sections": [ - { - "displayType": "CARD", - "h": 2, - "hideName": false, - "i": "u9xzifnfzu-caseinfoid-8da75b40-1f89-11ee-a584-e72e916fb060", - "items": [ - { - "endCol": 2, - "fieldId": "checkpointheccustomer", - "height": 53, - "id": "a4340fc0-1f89-11ee-a584-e72e916fb060", - "index": 0, - "sectionItemType": "field", - "startCol": 0 - }, - { - "endCol": 2, - "fieldId": "checkpointhecsaas", - "height": 53, - "id": "aaa2ca40-1f89-11ee-a584-e72e916fb060", - "index": 1, - "sectionItemType": "field", - "startCol": 0 - }, - { - "dropEffect": "move", - "endCol": 2, - "fieldId": "state", - "height": 53, - "id": "b0885790-1f89-11ee-a584-e72e916fb060", - "index": 2, - "listId": "u9xzifnfzu-caseinfoid-8da75b40-1f89-11ee-a584-e72e916fb060", - "sectionItemType": "field", - "startCol": 0 - }, - { - "dropEffect": "move", - "endCol": 4, - "fieldId": "checkpointhectype", - "height": 53, - "id": "a89b1360-1f89-11ee-a584-e72e916fb060", - "index": 0, - "listId": "u9xzifnfzu-caseinfoid-8da75b40-1f89-11ee-a584-e72e916fb060", - "sectionItemType": "field", - "startCol": 2 - }, - { - "endCol": 4, - "fieldId": "checkpointhecentity", - "height": 53, - "id": "7405be00-202b-11ee-b262-3763e4f7e303", - "index": 1, - "sectionItemType": "field", - "startCol": 2 - } - ], - "maxW": 3, - "minH": 1, - "moved": false, - "name": "Security Event Info", - "static": false, - "w": 2, - "x": 0, - "y": 0 - } - ], - "type": "custom" - }, - { - "id": "caseinfoid", - "name": "Incident Info", - "sections": [ - { - "displayType": "ROW", - "h": 2, - "i": "caseinfoid-fce71720-98b0-11e9-97d7-ed26ef9e46c8", - "isVisible": true, - "items": [ - { - "endCol": 2, - "fieldId": "type", - "height": 22, - "id": "incident-type-field", - "index": 0, - "sectionItemType": "field", - "startCol": 0 - }, - { - "endCol": 2, - "fieldId": "severity", - "height": 22, - "id": "incident-severity-field", - "index": 1, - "sectionItemType": "field", - "startCol": 0 - }, - { - "endCol": 2, - "fieldId": "owner", - "height": 22, - "id": "incident-owner-field", - "index": 2, - "sectionItemType": "field", - "startCol": 0 - }, - { - "endCol": 2, - "fieldId": "sourcebrand", - "height": 22, - "id": "incident-sourceBrand-field", - "index": 4, - "sectionItemType": "field", - "startCol": 0 - }, - { - "endCol": 2, - "fieldId": "sourceinstance", - "height": 22, - "id": "incident-sourceInstance-field", - "index": 5, - "sectionItemType": "field", - "startCol": 0 - }, - { - "endCol": 2, - "fieldId": "playbookid", - "height": 22, - "id": "incident-playbookId-field", - "index": 6, - "sectionItemType": "field", - "startCol": 0 - } - ], - "maxW": 3, - "moved": false, - "name": "Case Details", - "static": false, - "w": 1, - "x": 0, - "y": 0 - }, - { - "h": 2, - "i": "caseinfoid-61263cc0-98b1-11e9-97d7-ed26ef9e46c8", - "maxW": 3, - "moved": false, - "name": "Notes", - "static": false, - "type": "notes", - "w": 1, - "x": 2, - "y": 0 - }, - { - "displayType": "ROW", - "h": 2, - "i": "caseinfoid-6aabad20-98b1-11e9-97d7-ed26ef9e46c8", - "maxW": 3, - "moved": false, - "name": "Work Plan", - "static": false, - "type": "workplan", - "w": 1, - "x": 1, - "y": 0 - }, - { - "displayType": "ROW", - "h": 2, - "i": "caseinfoid-770ec200-98b1-11e9-97d7-ed26ef9e46c8", - "isVisible": true, - "maxW": 3, - "moved": false, - "name": "Linked Incidents", - "static": false, - "type": "linkedIncidents", - "w": 1, - "x": 1, - "y": 6 - }, - { - "displayType": "ROW", - "h": 2, - "i": "caseinfoid-842632c0-98b1-11e9-97d7-ed26ef9e46c8", - "maxW": 3, - "moved": false, - "name": "Child Incidents", - "static": false, - "type": "childInv", - "w": 1, - "x": 2, - "y": 4 - }, - { - "displayType": "ROW", - "h": 2, - "i": "caseinfoid-4a31afa0-98ba-11e9-a519-93a53c759fe0", - "maxW": 3, - "moved": false, - "name": "Evidence", - "static": false, - "type": "evidence", - "w": 1, - "x": 2, - "y": 2 - }, - { - "displayType": "ROW", - "h": 2, - "hideName": false, - "i": "caseinfoid-7717e580-9bed-11e9-9a3f-8b4b2158e260", - "maxW": 3, - "moved": false, - "name": "Team Members", - "static": false, - "type": "team", - "w": 1, - "x": 2, - "y": 6 - }, - { - "displayType": "ROW", - "h": 2, - "i": "caseinfoid-7ce69dd0-a07f-11e9-936c-5395a1acf11e", - "maxW": 3, - "moved": false, - "name": "Indicators", - "query": "", - "queryType": "input", - "static": false, - "type": "indicators", - "w": 2, - "x": 0, - "y": 4 - }, - { - "displayType": "CARD", - "h": 2, - "i": "caseinfoid-ac32f620-a0b0-11e9-b27f-13ae1773d289", - "items": [ - { - "endCol": 1, - "fieldId": "occurred", - "height": 22, - "id": "incident-occurred-field", - "index": 0, - "sectionItemType": "field", - "startCol": 0 - }, - { - "endCol": 1, - "fieldId": "dbotmodified", - "height": 22, - "id": "incident-modified-field", - "index": 1, - "sectionItemType": "field", - "startCol": 0 - }, - { - "endCol": 2, - "fieldId": "dbotduedate", - "height": 22, - "id": "incident-dueDate-field", - "index": 2, - "sectionItemType": "field", - "startCol": 0 - }, - { - "endCol": 2, - "fieldId": "dbotcreated", - "height": 22, - "id": "incident-created-field", - "index": 0, - "sectionItemType": "field", - "startCol": 1 - }, - { - "endCol": 2, - "fieldId": "dbotclosed", - "height": 22, - "id": "incident-closed-field", - "index": 1, - "sectionItemType": "field", - "startCol": 1 - } - ], - "maxW": 3, - "moved": false, - "name": "Timeline Information", - "static": false, - "w": 1, - "x": 1, - "y": 2 - }, - { - "displayType": "ROW", - "h": 2, - "i": "caseinfoid-88e6bf70-a0b1-11e9-b27f-13ae1773d289", - "isVisible": true, - "items": [ - { - "endCol": 2, - "fieldId": "dbotclosed", - "height": 22, - "id": "incident-dbotClosed-field", - "index": 0, - "sectionItemType": "field", - "startCol": 0 - }, - { - "endCol": 2, - "fieldId": "closereason", - "height": 22, - "id": "incident-closeReason-field", - "index": 1, - "sectionItemType": "field", - "startCol": 0 - }, - { - "endCol": 2, - "fieldId": "closenotes", - "height": 22, - "id": "incident-closeNotes-field", - "index": 2, - "sectionItemType": "field", - "startCol": 0 - } - ], - "maxW": 3, - "moved": false, - "name": "Closing Information", - "static": false, - "w": 1, - "x": 0, - "y": 6 - }, - { - "displayType": "CARD", - "h": 2, - "i": "caseinfoid-e54b1770-a0b1-11e9-b27f-13ae1773d289", - "isVisible": true, - "items": [ - { - "endCol": 2, - "fieldId": "details", - "height": 22, - "id": "incident-details-field", - "index": 0, - "sectionItemType": "field", - "startCol": 0 - } - ], - "maxW": 3, - "moved": false, - "name": "Investigation Data", - "static": false, - "w": 1, - "x": 0, - "y": 2 - } - ], - "type": "custom" - }, - { - "id": "warRoom", - "name": "War Room", - "type": "warRoom" - }, - { - "id": "workPlan", - "name": "Work Plan", - "type": "workPlan" - }, - { - "id": "evidenceBoard", - "name": "Evidence Board", - "type": "evidenceBoard" - }, - { - "id": "relatedIncidents", - "name": "Related Incidents", - "type": "relatedIncidents" - }, - { - "id": "canvas", - "name": "Canvas", - "type": "canvas" - } - ] - }, - "group": "incident", - "id": "CheckPointHEC Security Event Layout", + "description": "Check Point HEC Incidents Layout", + "detailsV2": { + "tabs": [ + { + "id": "summary", + "name": "Legacy Summary", + "type": "summary" + }, + { + "hidden": false, + "id": "zsgh4yoppk", + "name": "Check Point HEC Info", + "sections": [ + { + "displayType": "CARD", + "h": 3, + "hideName": false, + "i": "zsgh4yoppk-caseinfoid-e3d26b30-30a1-11ee-a2f1-bb0fdfd31f7a", + "items": [ + { + "dropEffect": "move", + "endCol": 2, + "fieldId": "checkpointhecfarm", + "height": 53, + "id": "bc5fbb10-362e-11ee-b944-c7997e9b1fa5", + "index": 0, + "listId": "zsgh4yoppk-caseinfoid-e3d26b30-30a1-11ee-a2f1-bb0fdfd31f7a", + "sectionItemType": "field", + "startCol": 0 + }, + { + "endCol": 2, + "fieldId": "checkpointheccustomer", + "height": 53, + "id": "e7844fa0-30a1-11ee-a2f1-bb0fdfd31f7a", + "index": 1, + "sectionItemType": "field", + "startCol": 0 + }, + { + "dropEffect": "move", + "endCol": 2, + "fieldId": "checkpointhecsaas", + "height": 53, + "id": "ec22de00-30a1-11ee-a2f1-bb0fdfd31f7a", + "index": 2, + "listId": "zsgh4yoppk-caseinfoid-e3d26b30-30a1-11ee-a2f1-bb0fdfd31f7a", + "sectionItemType": "field", + "startCol": 0 + }, + { + "endCol": 2, + "fieldId": "checkpointhectype", + "height": 53, + "id": "f6421d60-30a1-11ee-a2f1-bb0fdfd31f7a", + "index": 3, + "sectionItemType": "field", + "startCol": 0 + }, + { + "endCol": 2, + "fieldId": "state", + "height": 53, + "id": "ce02f060-357c-11ee-b33b-21e4a1f3ca81", + "index": 4, + "sectionItemType": "field", + "startCol": 0 + } + ], + "maxW": 3, + "minH": 1, + "moved": false, + "name": "Security Event Info", + "static": false, + "w": 2, + "x": 0, + "y": 0 + }, + { + "h": 3, + "i": "zsgh4yoppk-28abc140-3302-11ee-ae75-252a1de5d493", + "items": [], + "maxW": 3, + "minH": 1, + "moved": false, + "name": "Email Info", + "query": "ShowCPEmailInfo", + "queryType": "script", + "static": false, + "type": "dynamic", + "w": 3, + "x": 0, + "y": 3 + }, + { + "displayType": "CARD", + "h": 3, + "hideItemTitleOnlyOne": false, + "hideName": false, + "i": "zsgh4yoppk-722daf70-3570-11ee-b33b-21e4a1f3ca81", + "items": [ + { + "args": { + "action": { + "simple": "quarantine" + }, + "customer": { + "complex": { + "accessor": "checkpointheccustomer", + "filters": [], + "root": "incident", + "transformers": [] + } + }, + "entity": { + "complex": { + "accessor": "checkpointhecentity", + "filters": [], + "root": "incident", + "transformers": [] + } + }, + "farm": { + "complex": { + "accessor": "checkpointhecfarm", + "filters": [], + "root": "incident", + "transformers": [] + } + } + }, + "buttonClass": "warning", + "dropEffect": "move", + "endCol": 2, + "fieldId": "", + "filters": [ + [ + { + "ignoreCase": false, + "left": { + "isContext": true, + "value": { + "simple": "state" + } + }, + "operator": "isEqualString", + "right": { + "isContext": false, + "value": { + "simple": "new" + } + }, + "type": "shortText" + } + ], + [ + { + "ignoreCase": false, + "left": { + "isContext": true, + "value": { + "simple": "checkpointhectask" + } + }, + "operator": "isEmpty", + "right": null, + "type": "shortText" + } + ] + ], + "height": 53, + "id": "c7f88c20-323e-11ee-a6a3-6fc59c892e47", + "index": 0, + "listId": "zsgh4yoppk-caseinfoid-cd39e4f0-30a3-11ee-a2f1-bb0fdfd31f7a", + "name": "Quarantine Email", + "scriptId": "SendCPAction", + "sectionItemType": "button", + "startCol": 0 + }, + { + "args": { + "action": { + "simple": "restore" + }, + "customer": { + "complex": { + "accessor": "checkpointheccustomer", + "filters": [], + "root": "incident", + "transformers": [] + } + }, + "entity": { + "complex": { + "accessor": "checkpointhecentity", + "filters": [], + "root": "incident", + "transformers": [] + } + }, + "farm": { + "complex": { + "accessor": "checkpointhecfarm", + "filters": [], + "root": "incident", + "transformers": [] + } + } + }, + "buttonClass": "success", + "dropEffect": "move", + "endCol": 2, + "fieldId": "", + "filters": [ + [ + { + "ignoreCase": false, + "left": { + "isContext": true, + "value": { + "simple": "state" + } + }, + "operator": "isEqualString", + "right": { + "isContext": false, + "value": { + "simple": "remediated" + } + }, + "type": "shortText" + } + ], + [ + { + "ignoreCase": false, + "left": { + "isContext": true, + "value": { + "simple": "checkpointhectask" + } + }, + "operator": "isEmpty", + "right": null, + "type": "shortText" + } + ] + ], + "height": 53, + "id": "680e2530-323f-11ee-a6a3-6fc59c892e47", + "index": 1, + "listId": "zsgh4yoppk-722daf70-3570-11ee-b33b-21e4a1f3ca81", + "name": "Release from Quarantine", + "scriptId": "SendCPAction", + "sectionItemType": "button", + "startCol": 0 + }, + { + "args": { + "customer": { + "complex": { + "accessor": "checkpointheccustomer", + "filters": [], + "root": "incident", + "transformers": [] + } + }, + "farm": { + "complex": { + "accessor": "checkpointhecfarm", + "filters": [], + "root": "incident", + "transformers": [] + } + }, + "task": { + "complex": { + "accessor": "checkpointhectask", + "filters": [], + "root": "incident", + "transformers": [] + } + } + }, + "buttonClass": "primary", + "endCol": 2, + "fieldId": "", + "filters": [ + [ + { + "ignoreCase": false, + "left": { + "isContext": true, + "value": { + "simple": "checkpointhectask" + } + }, + "operator": "isNotEmpty", + "right": null, + "type": "shortText" + } + ] + ], + "height": 53, + "id": "abaa10c0-3635-11ee-b944-c7997e9b1fa5", + "index": 2, + "name": "Get Action Result", + "scriptId": "CheckPointHEC|||checkpointhec-get-action-result", + "sectionItemType": "button", + "startCol": 0 + }, + { + "args": {}, + "endCol": 2, + "fieldId": "", + "filters": [ + [ + { + "ignoreCase": false, + "left": { + "isContext": true, + "value": { + "simple": "checkpointhectype" + } + }, + "operator": "isEqualString", + "right": { + "isContext": false, + "value": { + "simple": "alert" + } + }, + "type": "shortText" + } + ], + [ + { + "ignoreCase": false, + "left": { + "isContext": true, + "value": { + "simple": "checkpointheccampaigntask" + } + }, + "operator": "isEmpty", + "right": null, + "type": "shortText" + } + ] + ], + "height": 53, + "id": "c412e950-3245-11ee-a6a3-6fc59c892e47", + "index": 3, + "name": "Run Phishing Campaign", + "scriptId": "RunCPPhishingCampaign", + "sectionItemType": "button", + "startCol": 0 + }, + { + "args": { + "customer": { + "complex": { + "accessor": "checkpointheccustomer", + "filters": [], + "root": "incident", + "transformers": [] + } + }, + "farm": { + "complex": { + "accessor": "checkpointhecfarm", + "filters": [], + "root": "incident", + "transformers": [] + } + }, + "task": { + "complex": { + "accessor": "checkpointheccampaigntask", + "filters": [], + "root": "incident", + "transformers": [] + } + } + }, + "buttonClass": "primary", + "endCol": 2, + "fieldId": "", + "filters": [ + [ + { + "ignoreCase": false, + "left": { + "isContext": true, + "value": { + "simple": "checkpointheccampaigntask" + } + }, + "operator": "isNotEmpty", + "right": null, + "type": "shortText" + } + ] + ], + "height": 53, + "id": "d46a3d40-4806-11ee-8b3e-2fd74623537f", + "index": 4, + "name": "Get Campaign Result", + "scriptId": "CheckPointHEC|||checkpointhec-get-action-result", + "sectionItemType": "button", + "startCol": 0 + }, + { + "args": { + "entity": { + "complex": { + "accessor": "checkpointhecentity", + "filters": [], + "root": "incident", + "transformers": [] + } + } + }, + "buttonClass": "error", + "endCol": 2, + "fieldId": "", + "filters": [ + [ + { + "ignoreCase": false, + "left": { + "isContext": true, + "value": { + "simple": "checkpointhectype" + } + }, + "operator": "isNotEqualString", + "right": { + "isContext": false, + "value": { + "simple": "alert" + } + }, + "type": "shortText" + } + ] + ], + "height": 53, + "id": "4754b380-3452-11ee-972b-17833fbd34fb", + "index": 5, + "name": "Send Warning", + "scriptId": "CheckPointHEC|||checkpointhec-send-notification", + "sectionItemType": "button", + "startCol": 0 + } + ], + "maxW": 3, + "minH": 1, + "moved": false, + "name": "Email Actions", + "static": false, + "w": 1, + "wrapLabels": false, + "x": 2, + "y": 0 + }, + { + "h": 3, + "i": "zsgh4yoppk-8e43d870-3579-11ee-b33b-21e4a1f3ca81", + "items": [], + "maxW": 3, + "minH": 1, + "moved": false, + "name": "Scan Info", + "query": "ShowCPScanInfo", + "queryType": "script", + "static": false, + "type": "dynamic", + "w": 3, + "x": 0, + "y": 6 + } + ], + "type": "custom" + }, + { + "id": "caseinfoid", + "name": "Incident Info", + "sections": [ + { + "displayType": "ROW", + "h": 2, + "i": "zsgh4yoppk-caseinfoid-fce71720-98b0-11e9-97d7-ed26ef9e46c8", + "isVisible": true, + "items": [ + { + "endCol": 2, + "fieldId": "type", + "height": 22, + "id": "incident-type-field", + "index": 0, + "sectionItemType": "field", + "startCol": 0 + }, + { + "endCol": 2, + "fieldId": "severity", + "height": 22, + "id": "incident-severity-field", + "index": 1, + "sectionItemType": "field", + "startCol": 0 + }, + { + "endCol": 2, + "fieldId": "owner", + "height": 22, + "id": "incident-owner-field", + "index": 2, + "sectionItemType": "field", + "startCol": 0 + }, + { + "endCol": 2, + "fieldId": "sourcebrand", + "height": 22, + "id": "incident-sourceBrand-field", + "index": 4, + "sectionItemType": "field", + "startCol": 0 + }, + { + "endCol": 2, + "fieldId": "sourceinstance", + "height": 22, + "id": "incident-sourceInstance-field", + "index": 5, + "sectionItemType": "field", + "startCol": 0 + }, + { + "endCol": 2, + "fieldId": "playbookid", + "height": 22, + "id": "incident-playbookId-field", + "index": 6, + "sectionItemType": "field", + "startCol": 0 + } + ], + "maxW": 3, + "moved": false, + "name": "Case Details", + "static": false, + "w": 1, + "x": 0, + "y": 0 + }, + { + "h": 2, + "i": "zsgh4yoppk-caseinfoid-61263cc0-98b1-11e9-97d7-ed26ef9e46c8", + "maxW": 3, + "moved": false, + "name": "Notes", + "static": false, + "type": "notes", + "w": 1, + "x": 2, + "y": 0 + }, + { + "displayType": "ROW", + "h": 2, + "i": "zsgh4yoppk-caseinfoid-6aabad20-98b1-11e9-97d7-ed26ef9e46c8", + "maxW": 3, + "moved": false, + "name": "Work Plan", + "static": false, + "type": "workplan", + "w": 1, + "x": 1, + "y": 0 + }, + { + "displayType": "ROW", + "h": 2, + "i": "zsgh4yoppk-caseinfoid-770ec200-98b1-11e9-97d7-ed26ef9e46c8", + "isVisible": true, + "maxW": 3, + "moved": false, + "name": "Linked Incidents", + "static": false, + "type": "linkedIncidents", + "w": 1, + "x": 1, + "y": 6 + }, + { + "displayType": "ROW", + "h": 2, + "i": "zsgh4yoppk-caseinfoid-842632c0-98b1-11e9-97d7-ed26ef9e46c8", + "maxW": 3, + "moved": false, + "name": "Child Incidents", + "static": false, + "type": "childInv", + "w": 1, + "x": 2, + "y": 4 + }, + { + "displayType": "ROW", + "h": 2, + "i": "zsgh4yoppk-caseinfoid-4a31afa0-98ba-11e9-a519-93a53c759fe0", + "maxW": 3, + "moved": false, + "name": "Evidence", + "static": false, + "type": "evidence", + "w": 1, + "x": 2, + "y": 2 + }, + { + "displayType": "ROW", + "h": 2, + "hideName": false, + "i": "zsgh4yoppk-caseinfoid-7717e580-9bed-11e9-9a3f-8b4b2158e260", + "maxW": 3, + "moved": false, + "name": "Team Members", + "static": false, + "type": "team", + "w": 1, + "x": 2, + "y": 6 + }, + { + "displayType": "ROW", + "h": 2, + "i": "zsgh4yoppk-caseinfoid-7ce69dd0-a07f-11e9-936c-5395a1acf11e", + "maxW": 3, + "moved": false, + "name": "Indicators", + "query": "", + "queryType": "input", + "static": false, + "type": "indicators", + "w": 2, + "x": 0, + "y": 4 + }, + { + "displayType": "CARD", + "h": 2, + "i": "zsgh4yoppk-caseinfoid-ac32f620-a0b0-11e9-b27f-13ae1773d289", + "items": [ + { + "endCol": 1, + "fieldId": "occurred", + "height": 22, + "id": "incident-occurred-field", + "index": 0, + "sectionItemType": "field", + "startCol": 0 + }, + { + "endCol": 1, + "fieldId": "dbotmodified", + "height": 22, + "id": "incident-modified-field", + "index": 1, + "sectionItemType": "field", + "startCol": 0 + }, + { + "endCol": 2, + "fieldId": "dbotduedate", + "height": 22, + "id": "incident-dueDate-field", + "index": 2, + "sectionItemType": "field", + "startCol": 0 + }, + { + "endCol": 2, + "fieldId": "dbotcreated", + "height": 22, + "id": "incident-created-field", + "index": 0, + "sectionItemType": "field", + "startCol": 1 + }, + { + "endCol": 2, + "fieldId": "dbotclosed", + "height": 22, + "id": "incident-closed-field", + "index": 1, + "sectionItemType": "field", + "startCol": 1 + } + ], + "maxW": 3, + "moved": false, + "name": "Timeline Information", + "static": false, + "w": 1, + "x": 0, + "y": 2 + }, + { + "displayType": "ROW", + "h": 2, + "i": "zsgh4yoppk-caseinfoid-88e6bf70-a0b1-11e9-b27f-13ae1773d289", + "isVisible": true, + "items": [ + { + "endCol": 2, + "fieldId": "dbotclosed", + "height": 22, + "id": "incident-dbotClosed-field", + "index": 0, + "sectionItemType": "field", + "startCol": 0 + }, + { + "endCol": 2, + "fieldId": "closereason", + "height": 22, + "id": "incident-closeReason-field", + "index": 1, + "sectionItemType": "field", + "startCol": 0 + }, + { + "endCol": 2, + "fieldId": "closenotes", + "height": 22, + "id": "incident-closeNotes-field", + "index": 2, + "sectionItemType": "field", + "startCol": 0 + } + ], + "maxW": 3, + "moved": false, + "name": "Closing Information", + "static": false, + "w": 1, + "x": 0, + "y": 6 + }, + { + "displayType": "CARD", + "h": 2, + "i": "zsgh4yoppk-caseinfoid-e54b1770-a0b1-11e9-b27f-13ae1773d289", + "isVisible": true, + "items": [ + { + "endCol": 2, + "fieldId": "details", + "height": 22, + "id": "incident-details-field", + "index": 0, + "sectionItemType": "field", + "startCol": 0 + } + ], + "maxW": 3, + "moved": false, + "name": "Investigation Data", + "static": false, + "w": 1, + "x": 1, + "y": 2 + } + ], + "type": "custom" + }, + { + "id": "warRoom", + "name": "War Room", + "type": "warRoom" + }, + { + "id": "workPlan", + "name": "Work Plan", + "type": "workPlan" + }, + { + "id": "evidenceBoard", + "name": "Evidence Board", + "type": "evidenceBoard" + }, + { + "id": "relatedIncidents", + "name": "Related Incidents", + "type": "relatedIncidents" + }, + { + "id": "canvas", + "name": "Canvas", + "type": "canvas" + } + ] + }, + "group": "incident", + "id": "CP HEC Security Event Layout", "marketplaces": [ "xsoar" ], - "name": "CheckPointHEC Security Event Layout", + "name": "CP HEC Security Event Layout", "system": false, "version": -1, "fromVersion": "6.9.0" diff --git a/Packs/CheckPointHEC/ReleaseNotes/1_0_3.md b/Packs/CheckPointHEC/ReleaseNotes/1_0_3.md new file mode 100644 index 000000000000..3cefcbfaf550 --- /dev/null +++ b/Packs/CheckPointHEC/ReleaseNotes/1_0_3.md @@ -0,0 +1,66 @@ + +#### Scripts + +##### New: RunCPPhishingCampaign + +- New: Search other emails by sender and/or subject and quarantine. + +##### New: SendCPAction + +- New: Send quarantine or restore action and update action task id. + +##### New: ShowCPEmailInfo + +- New: Get email info from Check Point Smart API. + +##### New: ShowCPScanInfo + +- New: Get scan info from Check Point Smart API. + +#### Incident Types + +- **CheckPointHEC Security Event** + + +#### Integrations + +##### Check Point Harmony Email and Collaboration (HEC) + +- Updated the Docker image to: *demisto/python3:3.10.13.72123*. +- Added a new command ***checkpointhec-get-email-info*** to get email info. +- Added a new command ***checkpointhec-get-scan-info*** to get email scan info. +- Added a new command ***checkpointhec-search-emails*** to search emails by sender and/or subject. +- Added a new command ***checkpointhec-send-action*** to quarantine/restore emails. +- Added a new command ***checkpointhec-get-action-result*** to get the result of the quarantine/restore actions. +- Added a new command ***checkpointhec-send-notification*** to send email notification with the information about if end user was exposed to email. + + +#### Incident Fields + +- New: **CP HEC Campaign Task** + +- **CP HEC Customer** + +- New: **CP HEC Email Sender** + +- New: **CP HEC Email Subject** + +- **CP HEC Entity** + +- New: **CP HEC Farm** + +- **CP HEC Saas** + +- New: **CP HEC Task** + +- **CP HEC Type** + + +#### Layouts + +##### CP HEC Security Event Layout + +- Added a new section with actions for emails. +- Added a new section with email info in table format. +- Added a new section with scan info in JSON format. + diff --git a/Packs/CheckPointHEC/Scripts/RunCPPhishingCampaign/README.md b/Packs/CheckPointHEC/Scripts/RunCPPhishingCampaign/README.md new file mode 100644 index 000000000000..072cbb90b0c0 --- /dev/null +++ b/Packs/CheckPointHEC/Scripts/RunCPPhishingCampaign/README.md @@ -0,0 +1,25 @@ +Search other emails by sender and/or subject and quarantine + +## Script Data + +--- + +| **Name** | **Description** | +| --- | --- | +| Script Type | python3 | +| Cortex XSOAR Version | 6.9.0 | + +## Inputs + +--- + +| **Argument Name** | **Description** | +| --- | --- | +| date_range | Range to cover from the past | +| by_sender | Get emails from the same sender | +| by_subject | Get emails with the same subject | + +## Outputs + +--- +There are no outputs for this script. diff --git a/Packs/CheckPointHEC/Scripts/RunCPPhishingCampaign/RunCPPhishingCampaign.py b/Packs/CheckPointHEC/Scripts/RunCPPhishingCampaign/RunCPPhishingCampaign.py new file mode 100644 index 000000000000..ce7b022cb2ce --- /dev/null +++ b/Packs/CheckPointHEC/Scripts/RunCPPhishingCampaign/RunCPPhishingCampaign.py @@ -0,0 +1,63 @@ +from CommonServerPython import * + + +def search_and_quarantine(farm: str, customer: str, date_range: str, sender: str, subject: str): + result = demisto.executeCommand( + "checkpointhec-search-emails", + { + 'date_range': date_range, + 'sender': sender, + 'subject': subject + } + ) + if ids := result[0].get('Contents', {}).get('ids'): + result = demisto.executeCommand( + "checkpointhec-send-action", + { + 'farm': farm, + 'customer': customer, + 'entity': ids, + 'action': 'quarantine' + } + ) + task = result[0]['Contents']['task'] + demisto.executeCommand( + "setIncident", + { + 'customFields': json.dumps({ + 'checkpointheccampaigntask': task + }) + } + ) + return result + + +def main(): # pragma: no cover + try: + args = demisto.args() + date_range = args.get('date_range') + by_sender = args.get('by_sender') == 'true' + by_subject = args.get('by_subject') == 'true' + + if not by_sender and not by_subject: + raise Exception('Need to select at least one option to search for') + + custom_fields = demisto.incident()['CustomFields'] + sender = subject = '' + if by_sender: + sender = custom_fields.get('checkpointhecemailsender') + if by_subject: + subject = custom_fields.get('checkpointhecemailsubject') + + farm = custom_fields.get('checkpointhecfarm') + customer = custom_fields.get('checkpointheccustomer') + return_results( + search_and_quarantine(farm, customer, date_range, sender, subject) + ) + except Exception as ex: + demisto.error(traceback.format_exc()) + return_error(f'Failed to execute BaseScript. Error: {str(ex)}') + + +if __name__ in ('__main__', '__builtin__', 'builtins'): # pragma: no cover + main() diff --git a/Packs/CheckPointHEC/Scripts/RunCPPhishingCampaign/RunCPPhishingCampaign.yml b/Packs/CheckPointHEC/Scripts/RunCPPhishingCampaign/RunCPPhishingCampaign.yml new file mode 100644 index 000000000000..38f867404f37 --- /dev/null +++ b/Packs/CheckPointHEC/Scripts/RunCPPhishingCampaign/RunCPPhishingCampaign.yml @@ -0,0 +1,36 @@ +commonfields: + id: RunCPPhishingCampaign + version: -1 +name: RunCPPhishingCampaign +script: "" +type: python +tags: [] +comment: Search other emails by sender and/or subject and quarantine. +enabled: true +args: +- name: date_range + required: true + type: String + description: Range to cover from the past. +- name: by_sender + required: true + auto: PREDEFINED + predefined: + - "false" + - "true" + description: Get emails from the same sender. +- name: by_subject + required: true + auto: PREDEFINED + predefined: + - "false" + - "true" + description: Get emails with the same subject. +scripttarget: 0 +subtype: python3 +runonce: false +dockerimage: demisto/python3:3.10.13.72123 +runas: DBotWeakRole +fromversion: 6.9.0 +tests: +- No tests (auto formatted) diff --git a/Packs/CheckPointHEC/Scripts/RunCPPhishingCampaign/RunCPPhishingCampaign_test.py b/Packs/CheckPointHEC/Scripts/RunCPPhishingCampaign/RunCPPhishingCampaign_test.py new file mode 100644 index 000000000000..b1912440a73a --- /dev/null +++ b/Packs/CheckPointHEC/Scripts/RunCPPhishingCampaign/RunCPPhishingCampaign_test.py @@ -0,0 +1,37 @@ +import demistomock as demisto +from RunCPPhishingCampaign import search_and_quarantine + +FARM = 'mt-rnd-ng-6' +CUSTOMER = 'avananlab' + + +def test_search_and_quarantine_with_results(mocker): + def execute_command(name, args): + if name == 'checkpointhec-search-emails': + return [{'Contents': {'ids': ['1', '2']}}] + + if name == 'checkpointhec-send-action': + return [{'Contents': {'task': 1}}] + + if name == 'setIncident': + return [{'Contents': None}] + + raise ValueError(f'Error: Unknown command or command/argument pair: {name} {args!r}') + + mocker.patch.object(demisto, 'executeCommand', side_effect=execute_command) + + result = search_and_quarantine(FARM, CUSTOMER, '1 day', 'a@b.test', '') + assert result == [{'Contents': {'task': 1}}] + + +def test_search_and_quarantine_with_no_results(mocker): + def execute_command(name, args): + if name == 'checkpointhec-search-emails': + return [{'Contents': {'ids': []}}] + + raise ValueError(f'Error: Unknown command or command/argument pair: {name} {args!r}') + + mocker.patch.object(demisto, 'executeCommand', side_effect=execute_command) + + result = search_and_quarantine(FARM, CUSTOMER, '1 day', 'a@b.test', '') + assert result == [{'Contents': {'ids': []}}] diff --git a/Packs/CheckPointHEC/Scripts/SendCPAction/README.md b/Packs/CheckPointHEC/Scripts/SendCPAction/README.md new file mode 100644 index 000000000000..0dc3ce6b65ef --- /dev/null +++ b/Packs/CheckPointHEC/Scripts/SendCPAction/README.md @@ -0,0 +1,33 @@ +Send quarantine or restore action and update action task id + +## Script Data + +--- + +| **Name** | **Description** | +| --- | --- | +| Script Type | python3 | +| Cortex XSOAR Version | 6.9.0 | + +## Dependencies + +--- +This script uses the following commands and scripts. + +* checkpointhec-send-action + +## Inputs + +--- + +| **Argument Name** | **Description** | +| --- | --- | +| farm | Customer farm | +| customer | Customer portal name | +| entity | Email entity id | +| action | Action name | + +## Outputs + +--- +There are no outputs for this script. diff --git a/Packs/CheckPointHEC/Scripts/SendCPAction/SendCPAction.py b/Packs/CheckPointHEC/Scripts/SendCPAction/SendCPAction.py new file mode 100644 index 000000000000..f39b89e6cd5f --- /dev/null +++ b/Packs/CheckPointHEC/Scripts/SendCPAction/SendCPAction.py @@ -0,0 +1,39 @@ +from CommonServerPython import * + + +def send_action_and_update_incident(farm: str, customer: str, entity: str, action: str): + result = demisto.executeCommand( + "checkpointhec-send-action", + { + 'farm': farm, + 'customer': customer, + 'entity': entity, + 'action': action, + } + ) + demisto.executeCommand( + "setIncident", + { + 'customFields': json.dumps({ + 'checkpointhectask': result[0]['Contents']['task'] + }) + } + ) + return result + + +def main(): # pragma: no cover + try: + args = demisto.args() + farm = args.get('farm') + customer = args.get('customer') + entity = args.get('entity') + action = args.get('action') + return_results(send_action_and_update_incident(farm, customer, entity, action)) + except Exception as ex: + demisto.error(traceback.format_exc()) + return_error(f'Failed to execute BaseScript. Error: {str(ex)}') + + +if __name__ in ('__main__', '__builtin__', 'builtins'): # pragma: no cover + main() diff --git a/Packs/CheckPointHEC/Scripts/SendCPAction/SendCPAction.yml b/Packs/CheckPointHEC/Scripts/SendCPAction/SendCPAction.yml new file mode 100644 index 000000000000..2e0409d41a50 --- /dev/null +++ b/Packs/CheckPointHEC/Scripts/SendCPAction/SendCPAction.yml @@ -0,0 +1,40 @@ +commonfields: + id: SendCPAction + version: -1 +name: SendCPAction +script: "" +type: python +tags: [] +comment: Send quarantine or restore action and update action task id. +enabled: true +args: +- name: farm + required: true + type: String + description: Customer farm. +- name: customer + required: true + type: String + description: Customer portal name. +- name: entity + required: true + type: String + description: Email entity id. +- name: action + required: true + auto: PREDEFINED + predefined: + - quarantine + - restore + description: Action name. +scripttarget: 0 +subtype: python3 +dependson: + must: + - CheckPointHEC|||checkpointhec-send-action +runonce: false +dockerimage: demisto/python3:3.10.13.72123 +runas: DBotWeakRole +fromversion: 6.9.0 +tests: +- No tests (auto formatted) diff --git a/Packs/CheckPointHEC/Scripts/SendCPAction/SendCPAction_test.py b/Packs/CheckPointHEC/Scripts/SendCPAction/SendCPAction_test.py new file mode 100644 index 000000000000..9cf299915112 --- /dev/null +++ b/Packs/CheckPointHEC/Scripts/SendCPAction/SendCPAction_test.py @@ -0,0 +1,21 @@ +import demistomock as demisto +from SendCPAction import send_action_and_update_incident + +FARM = 'mt-rnd-ng-6' +CUSTOMER = 'avananlab' + + +def test_send_action_and_update_incident(mocker): + def execute_command(name, args): + if name == 'checkpointhec-send-action': + return [{'Contents': {'task': 1}}] + + if name == 'setIncident': + return None + + raise ValueError(f'Error: Unknown command or command/argument pair: {name} {args!r}') + + mocker.patch.object(demisto, 'executeCommand', side_effect=execute_command) + + result = send_action_and_update_incident(FARM, CUSTOMER, '0000', 'quarantine') + assert result == [{'Contents': {'task': 1}}] diff --git a/Packs/CheckPointHEC/Scripts/ShowCPEmailInfo/README.md b/Packs/CheckPointHEC/Scripts/ShowCPEmailInfo/README.md new file mode 100644 index 000000000000..23243dae5e35 --- /dev/null +++ b/Packs/CheckPointHEC/Scripts/ShowCPEmailInfo/README.md @@ -0,0 +1,27 @@ +Get email info from Check Point Smart API + +## Script Data + +--- + +| **Name** | **Description** | +| --- | --- | +| Script Type | python3 | +| Cortex XSOAR Version | 6.9.0 | + +## Dependencies + +--- +This script uses the following commands and scripts. + +* checkpointhec-get-email-info + +## Inputs + +--- +There are no inputs for this script. + +## Outputs + +--- +There are no outputs for this script. diff --git a/Packs/CheckPointHEC/Scripts/ShowCPEmailInfo/ShowCPEmailInfo.py b/Packs/CheckPointHEC/Scripts/ShowCPEmailInfo/ShowCPEmailInfo.py new file mode 100644 index 000000000000..10fb7801da06 --- /dev/null +++ b/Packs/CheckPointHEC/Scripts/ShowCPEmailInfo/ShowCPEmailInfo.py @@ -0,0 +1,47 @@ +from CommonServerPython import * + + +def get_email_info(entity: str): + result = demisto.executeCommand( + "checkpointhec-get-email-info", + {'entity': entity} + ) + email_info = result[0]['Contents'] + demisto.executeCommand( + "setIncident", + { + 'customFields': json.dumps({ + 'checkpointhecemailsender': email_info['fromEmail'], + 'checkpointhecemailsubject': email_info['subject'] + }) + } + ) + return result + + +def dict_to_md(info: dict) -> str: + lines = ['|field|value|', '|-|-|'] + for key, value in info.items(): + if value: + _value = ', '.join(value) if isinstance(value, list) else value + lines.append(f'|{key}|{_value}|') + return '\n'.join(lines) + + +def main(): # pragma: no cover + try: + custom_fields = demisto.incident()['CustomFields'] + result = get_email_info(custom_fields['checkpointhecentity']) + email_info = result[0]['Contents'] + return_results({ + 'ContentsFormat': EntryFormat.MARKDOWN, + 'Type': EntryType.NOTE, + 'Contents': dict_to_md(email_info), + }) + except Exception as ex: + demisto.error(traceback.format_exc()) + return_error(f'Failed to execute BaseScript. Error: {str(ex)}') + + +if __name__ in ('__main__', '__builtin__', 'builtins'): # pragma: no cover + main() diff --git a/Packs/CheckPointHEC/Scripts/ShowCPEmailInfo/ShowCPEmailInfo.yml b/Packs/CheckPointHEC/Scripts/ShowCPEmailInfo/ShowCPEmailInfo.yml new file mode 100644 index 000000000000..cc8e59d98016 --- /dev/null +++ b/Packs/CheckPointHEC/Scripts/ShowCPEmailInfo/ShowCPEmailInfo.yml @@ -0,0 +1,20 @@ +commonfields: + id: ShowCPEmailInfo + version: -1 +name: ShowCPEmailInfo +script: '-' +type: python +tags: [] +comment: Get email info from Check Point Smart API. +enabled: true +scripttarget: 0 +subtype: python3 +dependson: + must: + - CheckPointHEC|||checkpointhec-get-email-info +runonce: false +dockerimage: demisto/python3:3.10.13.72123 +runas: DBotWeakRole +fromversion: 6.9.0 +tests: +- No tests (auto formatted) diff --git a/Packs/CheckPointHEC/Scripts/ShowCPEmailInfo/ShowCPEmailInfo_test.py b/Packs/CheckPointHEC/Scripts/ShowCPEmailInfo/ShowCPEmailInfo_test.py new file mode 100644 index 000000000000..7e4bedf5e118 --- /dev/null +++ b/Packs/CheckPointHEC/Scripts/ShowCPEmailInfo/ShowCPEmailInfo_test.py @@ -0,0 +1,52 @@ +import json + +import demistomock as demisto +from ShowCPEmailInfo import get_email_info, dict_to_md + + +def util_load_json(path): + with open(path, encoding='utf-8') as f: + return json.loads(f.read()) + + +def test_get_email_info(mocker): + mock_response = util_load_json('./test_data/checkpointhec-get_email_info.json') + + def execute_command(name, args): + if name == 'checkpointhec-get-email-info': + return [{'Contents': mock_response['responseData'][0]['entityPayload']}] + + if name == 'setIncident': + return None + + raise ValueError(f'Error: Unknown command or command/argument pair: {name} {args!r}') + + mocked_ec = mocker.patch.object(demisto, 'executeCommand', side_effect=execute_command) + + result = get_email_info('0000') + email_info = result[0]['Contents'] + custom_fields = json.dumps({ + 'checkpointhecemailsender': email_info['fromEmail'], + 'checkpointhecemailsubject': email_info['subject'] + }) + assert result == [{'Contents': mock_response['responseData'][0]['entityPayload']}] + assert mocked_ec.call_args_list[1][0][0] == 'setIncident' + assert mocked_ec.call_args_list[1][0][1] == {'customFields': custom_fields} + + +def test_dict_to_md(): + mock_response = util_load_json('./test_data/checkpointhec-get_email_info.json') + md = dict_to_md(mock_response['responseData'][0]['entityPayload']) + lines = [ + '|field|value|', + '|-|-|', + '|fromEmail|example@checkpoint.com|', + '|to|unicode@avanandevus1.onmicrosoft.com, user1@avanandevus1.onmicrosoft.com|', + '|recipients|user1@avanandevus1.onmicrosoft.com, unicode@avanandevus1.onmicrosoft.com|', + '|subject|Fw: dnp-split-quarantine-2|', + '|received|2022-08-15T21:24:15|', + '|isIncoming|True|', + '|internetMessageId|<00000000.00000000000000.00000000000000.00000000@mail.example.com>|', + '|isUserExposed|True|' + ] + assert md == '\n'.join(lines) diff --git a/Packs/CheckPointHEC/Scripts/ShowCPEmailInfo/test_data/checkpointhec-get_email_info.json b/Packs/CheckPointHEC/Scripts/ShowCPEmailInfo/test_data/checkpointhec-get_email_info.json new file mode 100644 index 000000000000..0fd2f4aaf7c4 --- /dev/null +++ b/Packs/CheckPointHEC/Scripts/ShowCPEmailInfo/test_data/checkpointhec-get_email_info.json @@ -0,0 +1,113 @@ +{ + "responseEnvelope": { + "requestId": "b58b1e41-1018-4062-9d1c-bcaeccbfcb93", + "responseCode": 200, + "responseText": "", + "additionalText": "", + "recordsNumber": 1, + "scrollId": "" + }, + "responseData": [ + { + "entityInfo": { + "entityId": "637d86da7bcf42375cb8431d266e3dc3", + "customerId": "fdolab", + "customerOem": "Avanan", + "saas": "office365_emails", + "saasEntityType": "office365_emails_email", + "entityCreated": "2022-08-15T21:24:27.745655Z", + "entityUpdated": "2022-08-15T21:24:36.979329", + "entityActionState": null + }, + "entityPayload": { + "fromEmail": "example@checkpoint.com", + "to": [ + "unicode@avanandevus1.onmicrosoft.com", + "user1@avanandevus1.onmicrosoft.com" + ], + "replyToEmail": null, + "replyToNickname": null, + "recipients": [ + "user1@avanandevus1.onmicrosoft.com", + "unicode@avanandevus1.onmicrosoft.com" + ], + "subject": "Fw: dnp-split-quarantine-2", + "cc": [], + "bcc": [], + "isRead": null, + "received": "2022-08-15T21:24:15", + "isDeleted": false, + "isIncoming": true, + "isOutgoing": false, + "internetMessageId": "<00000000.00000000000000.00000000000000.00000000@mail.example.com>", + "isUserExposed": true + }, + "entitySecurityResult": { + "combinedVerdict": { + "ap": "phishing", + "dlp": null, + "clicktimeProtection": null, + "shadowIt": "clean", + "av": null + }, + "ap": [ + { + "entityId": "637d86da7bcf42375cb8431d266e3dc3", + "entityType": "office365_emails_email", + "payload": { + "reasons": [], + "reasons_by_category": { + "Links": [ + { + "short_text": "Link to a low-traffic site", + "full_text": "The email contains link to low-traffic web-sites - often indicating low-trust domains" + } + ], + "Email Headers": [ + { + "short_text": "Missing DMARC", + "full_text": "The email's header suggest that DMARC signature is missing/invalid" + } + ], + "Sender Reputation": [ + { + "short_text": "Insignificant historical reputation with sender", + "full_text": "The sending email address hasn't established significant historical reputation with your domain" + } + ] + } + }, + "score": "225.994363", + "securityResultEntityId": "637d86da7bcf42375cb8431d266e3dc3", + "securityResultEntityType": "avanan_ap_scan", + "statusCode": "0", + "statusDescription": null, + "verdict": "phishing" + } + ], + "dlp": null, + "clicktimeProtection": null, + "shadowIt": [ + { + "entityId": "637d86da7bcf42375cb8431d266e3dc3", + "entityType": "office365_emails_email", + "payload": { + "domain": "", + "subject": "Fw: dnp-split-quarantine-2", + "from": "example@checkpoint.com" + }, + "score": "0", + "securityResultEntityId": "637d86da7bcf42375cb8431d266e3dc3", + "securityResultEntityType": "shadow_it_emails_scan", + "statusCode": "clean", + "statusDescription": "Clean", + "verdict": "clean" + } + ], + "av": null + }, + "entityActions": [], + "entityAvailableActions": [] + } + ] +} \ No newline at end of file diff --git a/Packs/CheckPointHEC/Scripts/ShowCPScanInfo/README.md b/Packs/CheckPointHEC/Scripts/ShowCPScanInfo/README.md new file mode 100644 index 000000000000..124f846193e9 --- /dev/null +++ b/Packs/CheckPointHEC/Scripts/ShowCPScanInfo/README.md @@ -0,0 +1,27 @@ +Get scan info from Check Point Smart API + +## Script Data + +--- + +| **Name** | **Description** | +| --- | --- | +| Script Type | python3 | +| Cortex XSOAR Version | 6.9.0 | + +## Dependencies + +--- +This script uses the following commands and scripts. + +* checkpointhec-get-scan-info + +## Inputs + +--- +There are no inputs for this script. + +## Outputs + +--- +There are no outputs for this script. diff --git a/Packs/CheckPointHEC/Scripts/ShowCPScanInfo/ShowCPScanInfo.py b/Packs/CheckPointHEC/Scripts/ShowCPScanInfo/ShowCPScanInfo.py new file mode 100644 index 000000000000..f14098884f31 --- /dev/null +++ b/Packs/CheckPointHEC/Scripts/ShowCPScanInfo/ShowCPScanInfo.py @@ -0,0 +1,30 @@ +from CommonServerPython import * + + +def get_scan_info(entity: str): + return demisto.executeCommand( + "checkpointhec-get-scan-info", + {'entity': entity} + ) + + +def main(): # pragma: no cover + try: + custom_fields = demisto.incident()['CustomFields'] + result = get_scan_info(custom_fields['checkpointhecentity']) + scan_info = result[0]['Contents'] + for k, v in scan_info.items(): + scan_info[k] = json.loads(v) + + return_results({ + 'ContentsFormat': EntryFormat.JSON, + 'Type': EntryType.NOTE, + 'Contents': json.dumps(scan_info) + }) + except Exception as ex: + demisto.error(traceback.format_exc()) + return_error(f'Failed to execute BaseScript. Error: {str(ex)}') + + +if __name__ in ('__main__', '__builtin__', 'builtins'): # pragma: no cover + main() diff --git a/Packs/CheckPointHEC/Scripts/ShowCPScanInfo/ShowCPScanInfo.yml b/Packs/CheckPointHEC/Scripts/ShowCPScanInfo/ShowCPScanInfo.yml new file mode 100644 index 000000000000..29a1815c7be9 --- /dev/null +++ b/Packs/CheckPointHEC/Scripts/ShowCPScanInfo/ShowCPScanInfo.yml @@ -0,0 +1,20 @@ +commonfields: + id: ShowCPScanInfo + version: -1 +name: ShowCPScanInfo +script: '-' +type: python +tags: [] +comment: Get scan info from Check Point Smart API. +enabled: true +scripttarget: 0 +subtype: python3 +dependson: + must: + - CheckPointHEC|||checkpointhec-get-scan-info +runonce: false +dockerimage: demisto/python3:3.10.13.72123 +runas: DBotWeakRole +fromversion: 6.9.0 +tests: +- No tests (auto formatted) diff --git a/Packs/CheckPointHEC/Scripts/ShowCPScanInfo/ShowCPScanInfo_test.py b/Packs/CheckPointHEC/Scripts/ShowCPScanInfo/ShowCPScanInfo_test.py new file mode 100644 index 000000000000..5454c0af8b1f --- /dev/null +++ b/Packs/CheckPointHEC/Scripts/ShowCPScanInfo/ShowCPScanInfo_test.py @@ -0,0 +1,24 @@ +import json + +import demistomock as demisto +from ShowCPScanInfo import get_scan_info + + +def util_load_json(path): + with open(path, encoding='utf-8') as f: + return json.loads(f.read()) + + +def test_get_scan_info(mocker): + mock_response = util_load_json('./test_data/checkpointhec-get_entity.json') + + def execute_command(name, args): + if name == 'checkpointhec-get-scan-info': + return [{'Contents': {'av': mock_response['responseData'][0]['entitySecurityResult']['av']}}] + + raise ValueError(f'Error: Unknown command or command/argument pair: {name} {args!r}') + + mocker.patch.object(demisto, 'executeCommand', side_effect=execute_command) + + result = get_scan_info('0000') + assert result == [{'Contents': {'av': mock_response['responseData'][0]['entitySecurityResult']['av']}}] diff --git a/Packs/CheckPointHEC/Scripts/ShowCPScanInfo/test_data/checkpointhec-get_entity.json b/Packs/CheckPointHEC/Scripts/ShowCPScanInfo/test_data/checkpointhec-get_entity.json new file mode 100644 index 000000000000..3b5759ff08bf --- /dev/null +++ b/Packs/CheckPointHEC/Scripts/ShowCPScanInfo/test_data/checkpointhec-get_entity.json @@ -0,0 +1,185 @@ +{ + "responseEnvelope": { + "requestId": "8854aa3a-ef63-49d5-ba63-ec8b667b1a75", + "responseCode": 200, + "responseText": "", + "additionalText": "", + "recordsNumber": 1, + "scrollId": "" + }, + "responseData": [ + { + "entityInfo": { + "entityId": "0ab5b49860cdaa57506769821ddea425", + "customerId": "prod-3-con-lab44", + "saas": "office365_emails", + "saasEntityType": "office365_emails_email", + "entityCreated": "2023-06-30T15:15:06.759583Z", + "entityUpdated": "2023-06-30T15:15:14.074234", + "entityActionState": null + }, + "entityPayload": { + "internetMessageId": "<010001890cdf0d62-8195ad70-a237-4fbc-bbbf-4aaed7a55aa8-000000@email.amazonses.com>", + "subject": "aut_quar_prod3_17__300623_15_14_51_445699", + "received": "2023-06-30T15:14:53Z", + "size": null, + "emailLinks": [], + "attachmentCount": 2, + "attachments": [ + { + "name": "avanan_malicious_33_300623_15_14_51_1688138091.pdf", + "mimetype": "application/pdf", + "size": 2071, + "MD5": "d5e719c11cb2a209c306b06ffff4cd39" + }, + { + "name": "avanan_malicious_1.pdf", + "mimetype": "application/pdf", + "size": 3028, + "MD5": "4b41a3475132bd861b30a878e30aa56a" + } + ], + "mode": "monitor", + "recipients": [ + "user3@avananlab44.onmicrosoft.com" + ], + "fromEmail": "Automation@avtestqa.com", + "fromDomain": "avtestqa.com", + "fromUser": {}, + "fromName": "", + "to": [ + "user3@avananlab44.onmicrosoft.com" + ], + "toUser": [ + { + "entity_id": "1ec5d519-54a5-40fa-9651-19d7286710df", + "entity_type": "office365_emails_user", + "mail": null + } + ], + "cc": [], + "ccUser": [], + "bcc": [], + "bccUser": [], + "replyToEmail": null, + "replyToNickname": null, + "isRead": null, + "isDeleted": false, + "isIncoming": true, + "isInternal": false, + "isOutgoing": false, + "isQuarantined": false, + "isQuarantineNotification": false, + "isRestored": false, + "isRestoreRequested": false, + "isRestoreDeclined": false, + "saasSpamVerdict": "-1", + "SpfResult": "pass", + "restoreRequestTime": null + }, + "entitySecurityResult": { + "combinedVerdict": { + "ap": "clean", + "dlp": null, + "clicktimeProtection": null, + "shadowIt": "clean", + "av": "malicious" + }, + "ap": [ + { + "entityId": "0ab5b49860cdaa57506769821ddea425", + "entityType": "office365_emails_email", + "payload": { + "reasons_by_category": { + "Email Headers": [ + { + "short_text": "Missing DMARC", + "full_text": "The email's header suggest that DMARC signature is missing/invalid" + } + ], + "Domain Impersonation": [ + { + "short_text": "SPF check failed when checking sending IP: 10.10.10.10 for domain avtestqa.com", + "full_text": "The email 'from' address doesn't pass the SPF-check" + } + ], + "Sender Reputation": [ + { + "short_text": "Insignificant historical reputation with sender", + "full_text": "The sending email address hasn't established significant historical reputation with your domain" + }, + { + "short_text": "Low-traffic 'From'-domain", + "full_text": "The sender's domain has very low traffic - often indicating low-trust domains" + } + ] + }, + "reasons": [ + "First Time Sender" + ] + }, + "score": "22.119542", + "securityResultEntityId": "0ab5b49860cdaa57506769821ddea425", + "securityResultEntityType": "avanan_ap_scan", + "statusCode": "0", + "statusDescription": null, + "verdict": "clean" + } + ], + "dlp": null, + "clicktimeProtection": null, + "shadowIt": [ + { + "entityId": "0ab5b49860cdaa57506769821ddea425", + "entityType": "office365_emails_email", + "payload": { + "from": "Automation@avtestqa.com", + "subject": "aut_quar_prod3_17__300623_15_14_51_445699", + "domain": "" + }, + "score": "0", + "securityResultEntityId": "0ab5b49860cdaa57506769821ddea425", + "securityResultEntityType": "shadow_it_emails_scan", + "statusCode": "clean", + "statusDescription": "Clean", + "verdict": "clean" + } + ], + "av": [ + { + "entityId": "abc11b586de3efca8e5bf22fe5193edd2b729ba8", + "entityType": "office365_emails_attachment", + "payload": { + "scan_details": [ + "Dummy Core Detection" + ] + }, + "score": "100", + "securityResultEntityId": "abc11b586de3efca8e5bf22fe5193edd2b729ba8", + "securityResultEntityType": "checkpoint2", + "statusCode": "0", + "statusDescription": "Dummy Core Detection", + "verdict": "malicious" + }, + { + "entityId": "3aad8378b7edd5a69f6f063280037c2f7379faa8", + "entityType": "office365_emails_attachment", + "payload": { + "scan_details": [ + "Dummy Core Detection" + ] + }, + "score": "100", + "securityResultEntityId": "3aad8378b7edd5a69f6f063280037c2f7379faa8", + "securityResultEntityType": "checkpoint2", + "statusCode": "0", + "statusDescription": "Dummy Core Detection", + "verdict": "malicious" + } + ] + }, + "entityActions": [], + "entityAvailableActions": [] + } + ] +} diff --git a/Packs/CheckPointHEC/pack_metadata.json b/Packs/CheckPointHEC/pack_metadata.json index c08122b10ff0..e11f4182ba9a 100644 --- a/Packs/CheckPointHEC/pack_metadata.json +++ b/Packs/CheckPointHEC/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Check Point Harmony Email and Collaboration (HEC)", "description": "The Best Way to Protect Enterprise Email & Collaboration from phishing, malware, account takeover, data loss, etc.", "support": "partner", - "currentVersion": "1.0.2", + "currentVersion": "1.0.3", "author": "Check Point Harmony Email & Collaboration (HEC)", "url": "https://supportcenter.checkpoint.com/", "email": "EmailSecurity_Support@checkpoint.com", From 4e25d33c761afde7cd45e62d11e51bd34e37a68f Mon Sep 17 00:00:00 2001 From: Yuval Cohen <86777474+yucohen@users.noreply.github.com> Date: Wed, 6 Sep 2023 10:47:48 +0300 Subject: [PATCH 12/12] Security scans (#25915) * added as a new build flow * reverted gitlab * changed ref to master --- .gitlab/ci/.gitlab-ci.on-push.yml | 2 + .gitlab/ci/.gitlab-ci.security-scans.yml | 48 ++++++++++++++++++++++++ .gitlab/ci/.gitlab-ci.yml | 2 + Tests/scripts/gitlab_slack_notifier.py | 3 +- 4 files changed, 54 insertions(+), 1 deletion(-) create mode 100644 .gitlab/ci/.gitlab-ci.security-scans.yml diff --git a/.gitlab/ci/.gitlab-ci.on-push.yml b/.gitlab/ci/.gitlab-ci.on-push.yml index eb21eaa89e7a..ca94d9ba37b9 100644 --- a/.gitlab/ci/.gitlab-ci.on-push.yml +++ b/.gitlab/ci/.gitlab-ci.on-push.yml @@ -69,6 +69,8 @@ run-unittests-and-lint: rules: - if: '$BUCKET_UPLOAD == "true"' when: never + - if: '$SECURITY_SCANS == "true"' + when: never - if: '$FORCE_BUCKET_UPLOAD == "true"' when: never - if: '$DEMISTO_TEST_NATIVE_CANDIDATE == "true"' diff --git a/.gitlab/ci/.gitlab-ci.security-scans.yml b/.gitlab/ci/.gitlab-ci.security-scans.yml new file mode 100644 index 000000000000..3e29ab95b346 --- /dev/null +++ b/.gitlab/ci/.gitlab-ci.security-scans.yml @@ -0,0 +1,48 @@ +.auto-secure-cicd-rule: + rules: + - if: '$SECURITY_SCANS == "true"' + +.auto-secure-cicd-rule-always: + rules: + - if: '$SECURITY_SCANS == "true"' + when: always + +stages: + - security + +auto secure cicd: + stage: security + variables: + PYTHONPATH: "/root/prodsec_tools/" + trigger: + include: + - file: "/.gitlab/ci/security-scans.yml" + ref: master + project: "xsoar/infra" + strategy: depend + extends: + .auto-secure-cicd-rule + +fan-in-security-scans: + tags: + - gke + stage: fan-in + extends: + - .auto-secure-cicd-rule-always + script: + - echo "fan in" + + +slack-notify-security-scans: + variables: + PIPELINE_TO_QUERY: $CI_PIPELINE_ID + WORKFLOW: 'Security Scans' + JOB_NAME: 'fan-in-security-scans' + # Passes the environment variable from the parent pipeline to the child which can be useful for cases + # when triggering pipeline with alternate env variable value passed in the API call + SLACK_CHANNEL: $SLACK_CHANNEL + SLACK_JOB: 'true' + extends: + - .trigger-slack-notification + - .auto-secure-cicd-rule-always + diff --git a/.gitlab/ci/.gitlab-ci.yml b/.gitlab/ci/.gitlab-ci.yml index f8bbc65c79a3..25bbe5fbd64b 100644 --- a/.gitlab/ci/.gitlab-ci.yml +++ b/.gitlab/ci/.gitlab-ci.yml @@ -9,6 +9,7 @@ default: when: always stages: + - security - unittests-and-validations - prepare-testing-bucket - run-instances @@ -68,3 +69,4 @@ include: - local: .gitlab/ci/.gitlab-ci.sdk-nightly.yml - local: .gitlab/ci/.gitlab-ci.miscellaneous.yml - local: .gitlab/ci/.gitlab-ci.test-native-candidate.yml + - local: .gitlab/ci/.gitlab-ci.security-scans.yml diff --git a/Tests/scripts/gitlab_slack_notifier.py b/Tests/scripts/gitlab_slack_notifier.py index b4630306d3f7..af7b62c0ca0f 100644 --- a/Tests/scripts/gitlab_slack_notifier.py +++ b/Tests/scripts/gitlab_slack_notifier.py @@ -26,7 +26,8 @@ SDK_NIGHTLY = 'Demisto SDK Nightly' PRIVATE_NIGHTLY = 'Private Nightly' TEST_NATIVE_CANDIDATE = 'Test Native Candidate' -WORKFLOW_TYPES = {CONTENT_NIGHTLY, SDK_NIGHTLY, BUCKET_UPLOAD, PRIVATE_NIGHTLY, TEST_NATIVE_CANDIDATE} +SECURITY_SCANS = 'Security Scans' +WORKFLOW_TYPES = {CONTENT_NIGHTLY, SDK_NIGHTLY, BUCKET_UPLOAD, PRIVATE_NIGHTLY, TEST_NATIVE_CANDIDATE, SECURITY_SCANS} SLACK_USERNAME = 'Content GitlabCI'