From 922a8f47081601214d3db0d95085744f37b54ba9 Mon Sep 17 00:00:00 2001
From: v-shukore <v-shukore@microsoft.com>
Date: Tue, 1 Oct 2024 19:31:28 +0530
Subject: [PATCH] Solution packaged to update createui

---
 Solutions/IllumioSaaS/Package/3.2.0.zip       | Bin 17818 -> 17898 bytes
 .../Package/createUiDefinition.json           |   2 +-
 .../IllumioSaaS/Package/mainTemplate.json     |  60 +++++++++---------
 Solutions/IllumioSaaS/ReleaseNotes.md         |   8 ++-
 .../data/Solution_IllumioSaaS.json            |   2 +-
 5 files changed, 37 insertions(+), 35 deletions(-)

diff --git a/Solutions/IllumioSaaS/Package/3.2.0.zip b/Solutions/IllumioSaaS/Package/3.2.0.zip
index 8d2f513fb03f5738b21ac565840f6092492f4fb6..beb8586926dfd0d8edf63dcd214a6ce0afb90b04 100644
GIT binary patch
literal 17898
zcmaI7Ly#_9%r)A!ZJf4k+qSLKwr$(CZR=^<_G#PhzVG+{^$qUe-l`0eRCWe?kXn_s
zq9_9jh6V%#1O;@EC8X6`D;N0(3J9oy1PBQ8zpROqnURZ`nw6-Txs{!ji<P|{{a<H$
zyB)1>JKRp>-+sY8qXLWuQ%M^C0!t%ScL!SvwuEi)#J|N2F#(&Uq^sM<Y5%nEOMyRV
zeOvgYEIOvX=j-r!EcBefQAA`A!iV3#5+Co|`+?8CcSC3hns<?()K|++EO}=of-=Z#
zCQS0y1HMzN2tugoPo_N>))5iJD^J>k>c=RuSf+m6{3bE~Agfo9dL&EH&>!v-ij(zU
z!tdzQq=_b3Z(hbiwKD%T3N{(*9xWv5JKiKB`D16JE?X|!oS{Q192L(R5?m;aVXOte
zpTL-YNKr<Dr^{&d){v9QLNc`ZmjlZY^>5;)@u@(x2ef!NgL$bNs}7`$k;Voui|$ce
z8mnlRBgMpT962W?3jJ6GEt=DpHeD)qzD(wb@PdS)U3xP?jhLy%_;<X&q`>}ZRP^y=
z+TPwwl2%jqXK>S(r90-X^ei0Y45n_dnxO_BhO~4m#stcVPa!L0BGyz%333*Pw7E+b
z36cKq_pASYu8N5XO5N^#4u`E--RDokyU?vb?n=%li9C$?F%w0M+$gxo7)L}guoN)q
zsLP1bX2wq8zJqIWg)7KVMok}Iw-5)biHgnX2wNOC1%cpXtJ#^Gi{WA<<GvWS@TR)f
z_NuC&vfc`yPE@mgEpVJ72L~c`QMuL*oExs8Ght{K+23?D7CcRCsHyW`06ijX3(}nq
zZ)jksIuo9OyrC1+BW=&Ys%>Al_atpFYAPvji!^T2>kpEfJ40$;CXMTnID*wbPNRp}
zD5PDpq|;&fpS7HGFk^0<?CNP@Y}0-CRpr`foBBQAFW608>2Cg>4p#Y+At8biG1*KT
zeZ(s5jssF=#Y}|vE!|A|ocaqiMFk9jqQ=avW4X-S(c{@?y<45}f1bva<I^6oS!`6W
zo!FRV%O2#iimOyFz;^H$vz&-XCN0tPN=bwn`nh*qA8)D}nX1H>s+eWG7=`6F@``Tg
zN&vmpkLn0Y9NuK&8ZO#Sa3kl};`#Kyk$sswNrB4f@aGqQl*BQ_3uHcJz2eVy3+h`Y
z7t_A5?Em_{2w^>8OE0TixQhQ++z+$VIk}$WJeTAek`*`~VH*${q)AlDnB6K%C})<s
zT<&X*ja3fJH)~IvP?!Ewou~3rnWTXwt~?z0s$0wua%G0inGHF(P5G>w2j(OT7{tTU
zCSdb0IUc}MTF$I4t@iI?@N8<S_7jQx780bugL{QogU87FMP(_tc1lVuidyq_Ww-Sr
zUzO{2;yL^|Blz}mI28YbbF*A@&<Om*Co@t}vCe?-g76~l?T>SPeOoY~w~EhiI`T{c
z?@@G!6*yX{eomDZ4AE-pOdr{^g{vG%LPK^RBg*Rd0;~=j9Nt4Tgik`PVNDB1G;u?n
z$d+E=8RA(agH_#_rnQ96$=hX!B6kCa)!dTLV=90c|0B-=<OVTFmxx$cfIAR<8-N6B
zXY_&LIF5sP>TLNwi1ejd{tKT_z(5<1PY7lh_6p0e`OZ1z%72MJ<HaK)%f{<g9oE2d
z32(tiA@zDyj&HhicQw==Dh}T2B&uhkCS8S!9_M!53^|ni)I1T~^j9-&&(40cVgbIW
z(-b)$=CZ^y0Yy&1wOZ|*9o4Jd^pj*tU|qeplY_rZ@*9&DoTHX(65Mxc#mTKD+}$Ie
zn$Nf>Wh@X7q)ZQ1g!31QI-tKAPB^V&QYAZpkp&|f37u#R1oR(5ZY^l7Dl+=OJxJ~o
zzXMMQ-a84NV?Z<of;Sg!2Qhis4Gc2_3vwe^FpAkYuvq8~6e(n^ljf9RcHEohQLN%q
zcCamOJo|Z8MYj{|3A%8ScFyDj*gOb(oJ^V6_fSLxVxun=&!8zJyv#m7eMWr5<GAy#
z>DM{2nFirnJOc@x<ti=QwN*`6J#3Wu$H){#nf?=oL8F3nIEh3LB;<>-nT_*KrSt{S
z<<d7*iOx_tdAxFy0l#gA`sUrx)BR>xdMSE3)d)XrBN1|HF#20@$CkFcX7%knmzh3;
zUP&9uh{X~pf;DXBJ&S$<9fV)02WH%!>bQV{;uf4rmZ4LKG3*yt5$lccmsR06sq2k^
zeln`G1(s_ztaK=v8g$&$)`ym#)NA3IwwJ+^tK=@7uLYW4p@`2c6%MlJl}UuIE*+3P
zg7*Be*t<KNgCVv5gaffApD~&}W>&eh3X(B0ol845CH|-#ysm%eGh&<Jcls0e(cR|i
zwBMaIbGNrzO|Pb}Z#ALa;DxDmr6w5aR2%kvxWUX*9YlJld=VSlYNt<xeB5nXB~ktz
zHSxa~&hUqBs_Of>wx{Gkop<UL`0cOD(?_88*%?1_hs(6P%7NOHD;*%a8TnvLc-Fq;
zKhn|ne4%--0^U;2@w(5r+QG>ie{iZ>-u>f8|6D~Ks7=*LZkeYTwD<StKsdhXi!$sQ
zGfPxGl-%mcoci_xzkZ#~RQuzeU6b*n)-LQBP8$1^khWX9NaoR%riZ`%rQ+jIUXz*d
zL@}mQpw+GOP_F#9jix>L;2YW7V^C)2EoKW^n@jdKkH!r;1kIkpq+zqR3AxwP%5djj
z2eYJzNQ|53?xSz69QSBp=Qw3lwU5Vhe-sV#VKmt`b2GQPV}jdob9e>$=GZs@Hhr*6
zCQSWD$1!HuAk?Hs`3(Iu<g!;gZ){Po!R}}S-vE87W@EA<i>FvSy4k%IX><Jt(~T8L
zL6PuKrW;4(iq%kHsoudBy5E<IzLgT^8gXst&cd>V;bLZMH}&_7L$XR7b;0H8<kMWf
z{0;K=8&UE91uK%>dq^jFfq=Fzfq{_!gB7+$R(7gpwhlJ`fs6kGD6W02owqug_Fr{e
ze?a3;?Ivc~%>EnIld{TV$zw6@Ns$UynU!=~)gp-r0PCpbgcN**xayboD}^nCrX7z2
zB5=hNT7jhb)7?lpAozlX9m^-sx3BhJ#+caOm|UjJb=<kwSjQyUqf;K9D;Z~F$d?FN
z$pqHxesg3i?t_r@5uWR`6&4-6X0z)K(~EEp&D#{&vcBAe6aO)zyPZ+?>jCIsut`4(
zrK?cj7ZWy}HvxTq;>hbw=(v3rzW{|7TI_IS_11EgrQnz1arpw*FT}Z53seR`W5Y{J
zIP?pFNpSLfzL6ZsfeBNXkttrIIz^jrQ(&x})|v`WQ=vCj=5i+?cT4>hs*kK)8Q9>M
z)IV^N1(vv7*xf|Kl$gThN&aqA%ek+A?pyf_ZWhRq!&?6m@{1hUceejV>C>BPI%n)R
z7*jly`N-n-hea|)M|Ru7nMWcc9ipsB3Y+{LYc!HTWs#ycdT})Vy2QT)@M4Fv?6DPA
zzLPNdw~?$t7jE=th229k^$^KNT>nue!A3nYSTl0LR<I4vFwXd8t{cl^VeeUYkou=5
zls-(EGk<Z55ZeMgLjSYfWPnv<gz`vKeb62;Ub^54@dSx)$IhRGTpB%Z2xbikQUz=R
z!mMzZgsKF)2HztGhb;0r-*ilPinC_IDD7=*^=R|F?Iy`smQ-{~seXw+SU|8S%>vvH
z#yR0^e#!51uvU{q0UozpN?75;08ZeWdyvDUhf&f@Ihk^1s9~8Y(fMjRVhiyjhZC<z
zzPrf#6PS&)w_s3%X?=7qv1x)z)fk_H<xT61O&x(AcKu<X{P7%a>kQOc0HTm=4(UrV
zT^eam{nfb0MWUIz!5yn`GK2#7uUlhM3z=({Z6mP|ywbt=2y@@DN1(}dt2gBJi+*{t
z`@HqT?RSRroDXEpw-)!}jJWzDP#`hRbdQD+<CC~Vof;PFB2o%Ck+-3UEDt4Xf_FmH
zKYCs4d73sdjhniX#_iU!EH^9=uy-&vM>2jVA)kMCFqv@u?8-tbUyNk3$PM2lmP|Ml
z_wv+wN26`TQztDzA&+guLR`eNv=2$yXrgwiP~urBb`PqD)l4l=Y-XIu)XNhooRWaF
zo^UJk_MLUAOkERiCF>>E>CqS3yPq6nas>8jVnK1CI*e0VZjWl{k30w!T@KzjVfT{~
z(vh+3^>k7Wq)g8?cOA}$QMX}NoF~j+x&08ifZ=)eayjRJvjwVIoR<piJ;o2<V9=Rq
zV{%oHGHfYVnKx-R&9qT_EscUjS%FTv!7H%K`~o3(xzUFbg^QO$*s0VKc}GfYUS{-a
zgX0Q$apb5f&KY?rQB?v}5!53QYlGx#!KoXf^P9Zk6-ex3cw$2gr_pZUeU>slfmN%*
zX_ocLWSgm)Mc-grMZF1R>lK*OeITK2`Lv;Jm@1aYa-oN_Uv=zjG7?3Kg`8umj`W3#
zv)q*}Dv{DW3JKCYu$3vXUV~ROidLr+%2pOksTd2Uk4N8QnF{=HKe(#MH17M!Q_<Yx
zbuLktQ|MfyZ)qZ4B{E&!-sa`)d(7RdyLDU+2)fSx{kB}*rt9aM-YBHlik;fb5^CZ6
zktjA4P#6=vN~Qi*2e2X@Xr&`@Q7s0J7>kR4F^=Ug0`O~PM=SB6$A$`2vr#V_grMW(
z8Vu_)C=Oo!px9|p7-_q<ui<vd*V`ry=2^QzcI!P3?A&JBcC&2Xwp|6^<kgZLyzEGI
zNdK-#b$m;b>e^z+BshHDOLZ*fs1qH`{z17>{jW(XXYF_4k=yjQo4cjk7USlwLp$g$
z)@6Yi*UOE=+(MFr1-x>H@c;C9)Ku<Rq)q$pDQd!y+DS`7$kJ>Si>^^nWB&tKD22Vg
zPF8hx^BQ_hx2{YQ+*oBd<cag>39mgy{a@$pO!0$MNd88T@M4-{^i1HgJX0IH_D%c~
z9=3Ai&WG_<)l}Sz=ha~@Hu5>^ByZaz*$L!INcugb9%E96BSfJvjF0d8ndTq_+fx+0
zMX}EsS@<N>n?Kpuw8(I@_of<wli<YIL-3-V2T(b<Yx>Nyx|13<bg?;W0m3=!`a~F%
zdmEq~n@e#gdN<mCCu5jV=oo8`bB@~IhjJcE70dP+?vsZl^8WicP+F^obO^?=th9{_
zN-Y*!CrIqXS5`{H`pG`302zjYpbrX^fa2ZvYe^-EF(hW-M&h5*Ua1Q&#ieX#$B9|0
zV<c>ZUcg)@Ce@nltnoTwjL1LWqifm%f>#e2P!n$4H+{H18|b*QD!}>e_1PkPJ$9I9
zb+p`I!rI!}P@_bqgA59Y54Oogk;_#j-<=PU2pm;_k_iCZD9$EA6B_;Ixy&&N{`6o5
zv`J;J17ENLyepZ@1}DwoZ7kApF%SspG>KGhCWqMEocre#u0n7m>QJJyriD+D04d?F
zBrh!TTIT3*I5I+n5l@s40%nYYWL@)LE4?t46>oz{kaI`k=BtW<WWJW)XZ>!elfZ8>
zrd;)G)}cV29J%1J=?K@U5iO5NixWd$&4qIt;(t@qc3of`zoNLoJx|d?oKx4_@wcX-
zVbs&`3)k4S2!OSXRlXadI02!P4;#qaI6UcVe@GU#qK%7fS+3!U|4VBy{5)+Pi9S|)
zisn|As;*<RWQM0X1n-tpQ2$I~kwXm!zm)FxL#OzIS=hm>kA?cVWR75~GeS-~JrNy@
z#Mb^VOnpxqHxkWJd4GYYfCTY;kf{+&>3(LqJLvin{mhg|{wftp_DofRNh2Oi`^mEB
z5Lr5_&k`U0*6QvZ0R!UCF`$c5Dcc@ahjY^d&T4(W3hK1fD1K;0erm;%Idrh9WdA5u
zlVd-+TP5Dt%$r}s&jpA4Ms1%Xd!)0VNf@4i|77#S*~IdbNohsJ`3=Hy2$f+JG(a48
z7XNQtC$)jNyEe5&RlB9Z`<J3L>*Ae(H&YI@z5KyI+&)Rnx!ChP4)#(4H4YZ!)bN#N
zK?VFF@gM)$o`?<{-zG-j-Au)l#rd$s(MC|n_=}a1h`4H6WP1?`*w!RVacM)9vo@W|
zBG|@$Dp_ASvg4(o>+qtKTn{*!^B-Zm8&Ou~%7M%fU^aT-zx2W?LfoSp&_+W4?9Qg=
z6$gjPfuj_zC>hC#RofwnL+UJukeuAWg3}yXU`qy7u-Kv+ezTGp@AjWsf=>{!;L(Dr
zax>N(Zs6;WZij?G*s)l6=)LQpWetT1b!e1cgiZN@l(wFTd>~;|F)K!x?Jk=+p()64
zJ-N<dW++Lv1jY?1AVy=%HmSu_gn)l5FwF&Zz=MJPoC1;xi*o(g5Xx2H91J4WVewVT
zR|_p0K>_Xh??eec4|AwdSazrl_!K$d(6f7D-Jn-tJT!-28!Q1E0-lc-N7+jjb8YZ1
zuVWkn_`Ywgzn2G}92;W>yI%}1V*>u(k6YP4_Jn(U-f0pq%<E;NYv<FigE&r&@52%e
zUPT!N;+i~+1-7EGWL%OA?OCG>^BvF@s-#RZ%Cs@0L+gi!R?#%tTb9vM0qp=t#hNk|
z&P2A@VK87ZmoLlsK*v47-#&)@dA|%btg@8mvH6;4+ZXs%bBy=%56S4Dqwv;0Ol%Z#
zH__aSrqM?vXw5F9Oo5K1Q%XY%-R}Lp0w42`oEyedgy5Ou)$;DJJh3NZR0;$3q_T!S
z@0G{5Z!5Uw7k?r_qj{ehX)IvCWDZf5EdiS-n}jF)Vl3Qg$sw|9Mlhc5R~z+&@_W3H
zx;b&cxS50Y5Y0-H)as!Aa+T1O7LZmjEZqU9Z~}O#I2eV+&{d!j?V0(4YQt^^ctUF6
zqe|0l5t{BpoRQh1)l81`R_PWaN^*lxVQ{RWJ8a2r(_D#|?mgsh<c3G!MkJBET|Zym
zkG!0SKy2BB|G~wGTRK4$wo}yK(EvWk(SVdm6rkSzj0m8votSpGW!@nfl>J*q9(LpP
z+}J%P18@)aUm@oDKO-g^A)F>WcZbj`e=Y4Lod@6yr#g$gB7_uD1G1aj3**ZO2IQxe
z|8ZujqWmmXVke(XIy?0jqZsQS>`zC)9Y_)Y{n{TGGCtRF`Vrqe$OLa`KK4!PsxNt<
z0@ia2gv9#|XY!%_#GNJp)NB&X+k$_wMSL)517cj1$m4}csWNT?6pKcE51=ZLY4f%!
z;pEd}pMm5>)(L_5aJ1yc(0;Ltb9T}o#8vjrEbC0PZrB$ZR_$;y5U_%Khd6nC;2+E{
zym^=ASa(4HYxVp%*{s1+z})*o)F2u>dh{g<Fo>)%)0T6YaPBP*V7|_f-|Ray<ORwL
zW`3aE>2$B_tTlL@#}PAvQ*z>tF4eRNc+k^YHL8io_dFADexaGcdzNU~m2iy6o^8MQ
zOUbgU^ALJmxa(<+&{$ccVP-drR`Edf4SS$N@=}JwlLVc*-~kHtKJj-7Xt$m914jd9
zb9vBL&eS4+7~6ebb{NeX-isy{5O!Yk5C^I8WkDH?EE8mdb7cwIkz}226d-t2QON-o
zewp~TObHlSXcy4pj|*SN&1y%iA>AROTyP?O7~8vdC&IY^BEFCoaK&rf1PH;}KN9Jw
z1b#mGo~6yx>RlPi+BB&{Euv5sSMV=~hUT9?a%43<@_KWxp-FpZ%MOGjMBkkcKmeWt
zcE<&QKUWQmB4yWw4PY?^_IP?n9Y;Xcz|aqRHybSM(NE(*CEOWg(EGuMsF83#={euu
zF&ezb=%sXbDBI8b<E6(^l1ej%HZy7{nSo_!T81z}2u?mzoC;^ZAcoL(T1B98=#+h)
zK@B3cl<LP<W##f^PSQno*~QT7cZw(uAmmOlH7JZ!a}QU*$PBTv@mwIjK_9)AWqb;p
z3JRLQoe++bX+s6jH$F${8nhCgs`O)yX9Zxc&8{J2m#pwl^UQ=a7ZkyF$-v^m4TA-;
zz&nO$2SP!W(nJFkHsp+cW!FGWDC9B_2k147^nW!J2b(R%=8?z2bw5&!sF{EiQA8}b
zS6*5Fk}$Iep0&lWUL8R<gqOTec>ET<fldFiIN^Ab2sS2JRMFzxp%WHjkTFUq!syMb
z8;`x*+P*WtTj_eX-FIWoRUp81DO>iy=qX1+QMnf^pDayI4XgV0*Gutwo0~z+RF=%;
zIZ}JU7oxMu={nX7L~R_#8%kuuSHOr=H~wY`H(ZOpJR<-EfTM3CGzUB+iW2Zu=YAx*
zQ%9B}luy_PZ)f^>3o;5%gF)_3P$~5b1UHF*1||Yw73SWs6hJ9R=heO)q>*7nvStem
z_Th+#q*!=VuJV~LE90S~$+_=_12e4X$=J-<mdwm#@@svZ5B(^_L!z=L#7)gfn2(W_
z@Z)Geo^rG}9}jXe0^Ytulu1)Z!$p>pj6j8TMjX<z88q}vYixoIi{4-cifkCak;PKi
z4Ul>unP^_c3mc4Sf1oJBi&c`S43>N7E+7Xm0Ahh_d>uYga}fo1Lv|3-%57xH`;*Z_
z0gg>j-o`ped&crMZMTxr^j8j%@CniDAmB*sC}$9qfrLrMmhe#*JH6Hy-k45m9z-T-
z^JOhL)BZW1s&9(AqjQ%rg)*mV#2E^>7Tq^MqK;FtasEuK*ty@?`-*oD_p^_fAcBbR
zF?D7jFNVvklZmtcqWcwyIa*oYjp*kc?tM`w$0d)+FuB__`5n@R4bN6b<)Q{7a^+Bm
zG0$$9lwQgQlz%3X!5ON>^LGcHJ6$wO*PPX^qP83{UepNop%WML`W+;@G*wT`_#mL+
zg;2A!JE+DBw?-tD_z~}KM`4szepHx^rz}C`%a!i>Q|99<iX(sX<`Oy-TQPnV%v5NX
zTXZCYoN#BiDOi{J+zI1dfCsbz0YG<Cf2bM`PQLr6ASmrAm&{v0^JGqF<8+XXdhr6x
zN;6NGD_j4KPv7p)9FOu2_G;$~s31sZHa0n-#Ivs)U#cM8&?93|gSjh#vBC@l#rofe
z^?!-yZ}BhVem3EHA(WVdGVFC|Y&1-9T=3Y;x5J9<nv_z}CFZ#hT1i#I7A3Kg_9kd&
zxVfaa6vCVf?<r@^2R#+MqkiHq1*%JfYO{S?G=3k*Tk+GByw)VFCJP{-L8;|W7tS^6
zQhOdrQP|Sz@0lgD<o#6^$3|9_?VHEl!=TVfA=C0fo<KK{R2~s~Rx?QG<mlgYA7AeN
zh3g&3>2V_8?KR&|tyT2Yj^@uT<&7;(Ff+(%Q>M}rvy#wP@tPDVEv-q3Q)V*u&y@Tg
zv7&%olEWy?oYp~XzqJ;_EJ<8GCvlg=?L<7(Ng!w%ztMdnOe^)Tki0@TC)g9tl3?T4
zGvJoU9lcLk<V@4~K3-(Y^T-lcnohA~iC$vFpbm506w7tHZ?M9Y$=ADhisJ4)#FeS9
zNK<cQrQo}NiiEL3l~L%FkFQuF$&>X0<SzZWN&V_ycnW7L<D>26tuEo%W~((i7g{}s
zb^RFXEn%n;j5ILI63)~xy_aj80{h21;oa3bSG=O(QvVutGi2g%Zc<{f!ngByTgEqw
zzVlea{)?riWh}P>`EqlFVRJHGl|%*R=nC235><8VsVWA;m%<Pe01uHnk0lrK+ToD>
zh@KPZNr?#$tRkvZ_|EOFp@csCaL8IHZ25`zx4AsG)rt<w^iU)vBzlk;>fd80R5IV5
zhhN-WGAdZ}e|xS|+^thwhwXfTq6-9iV#@v+fzL?`qCYy&*F(8KZI~;Vt%~4=As6dh
zDZCftXE$j14qJG4nu%Mj-qh7KypDOc%k_a@_0r{)D^-AW@BTk4csQs6gSUe2uQk*@
z*rvp0_d&<|v)~D1OL~P8|9HZhV2qz_J4{$^?<|n&t(6qKt8?iWZN1$&@EA0gz`GCh
z=OZEP4{&?OFGh+<?|jZfwgzAg&g>@cmUPa}d+fF|tE8f6aXmvD93T6^J>k_mg;U&2
zT)OEt8+*Sg{=JUWH4+`aVOF<BMiR<uJ#nQV((@ItbK&^AdKblz=7Km=9#~0s2@y2#
zmJ(X^8{UNAxQc9h=jgWhgWv*A-akr;Xkh--xk`T{Xx|8Q6&ffOsB7G<68D10XvrRV
z)#@EH6Lil!;|<nDvw7V9H609a!tf?5&kW##H%|bKxkX3M;LZ7a*fEzK=YlBA9s~qU
ziiB&{@&X0;oVu1+w{K8t&5mN|DVpPzI`zcsDU(={1Qw7X<qTFdURC8sr9IT-Z^C$w
zutkg=JjWY>U9f-2k!0Gf$wEu__z*7#WP20V&<`#yJH!nBrI>%9QW?h4(Bj(rTkVs$
z#aq#kzsGT-R~0-2KJ1djAARUy)L|1lwjZ%A{7hdAznSy^=f}WW5-P<RDhPO2&eYfT
zJO`#jfZaS!F3Jpv8G`yU`WX<<N=T1!Ly%eRTC3$BUZG(Oj~nosxseCm^kP*Th!g+r
zj4-(aRSpuGRGLb|WQc(PL_L)gV|mzRO`onAmaud(Pn1(RA2zaG@!0e+L>U-w3W~Cx
zjsb~1SnX@~*lf3li{L!N^#h?>8F6@G&b+6|Z8pt=W=k979GxCS_Gd2wJg-40d%7lN
zK2Xc()xc8iRRcJo_3Y0Eb3{I7O>~jX8?_vBTF4BP;D17T=2`qcPFjfXqFaW=2fF8}
z68pn8x^UJcO<)Ci!)UR^@^scs4XfYo#dF{S!HJ7V@P(uY;Y<{tK{e!Q+myCzU8$R^
z3crEfh{*Axa%{iwMFAUP!Fu0mWO-<pw%9y8hJt10MoQ#i3bFn3iv@BTNxGSgLr(`8
zPYdkq0uecQ(lT5oq{RN?&W7<H9{yjtpDFKcv)Y(Cp@DrvzK`H*?G6rHZ(e=I*<c}j
z+onJA;)C4!D3-||jEnqvoR^BUGswQ)z*8x0Sxaw%B*|PAXoIk90;;!tKsQ4$iak`e
zyZfVMjWkFmBK+8~zwm+7N{?E>D?7A#M2j={yeiIS&6U-3CR`98w1}`5piRGV$ET-;
z<AZBxcbF$M%F93*rN>W2`gax*Z;&RuUIziz0f+)go*IWgaPzBLpcH!@hQG=tC0YK!
zDS$z!9+aapbi$m^G}8bZafPUxQnq{w9GBGDbmycAsV6Nl<AR1noKZy;Id~NGY3a&<
z?r3qVJj|AYJJ-p1VmebHmyUBYy6XVK-IJ68@U#{0vU0Zrs9wX#XvykYPFWU|R77b+
zuQL4#(}I^Fg9t1y{#|_!zBW`XEM<!r$Y2Ge0!T+b_IbLuD3r2-^>nb{@CEx}J?6{`
z$BBed=zd1+jE1y1+>*lZ{QE8E3#tB*y7fIGAbTspK%>}43V$pH+whITG#L@0;5(cy
z<+ash4)N2+dxU_{vu|*RpfH7iSSG~{RPN6?5WxgzDP6AzgP|zNTe@+Le<>0h*2W5t
zq5G7)Fk!^kPr120uvCL5P+cIqPUI1PLW}2%0{T90cpBOpx)0uMr|{_K(c`sJi&XUP
z*05WeV^nR`9?b{YgRCJzx98%md+pew6MW0JcG)0T4cD$VKhr$-x$&Dh&fH$Z+t{u&
zy=gjDC^gD)@MCpNzX&;h;Btyvcvartmgmn%xU{h=55FPLjE^bJZ(%&(;-=OC(E<+v
zSeC*n4EI|Kew+>8S5shb8$5-1Jy%EhEQ<S<67VoEsuZ%|Cq7NNar6qdT0Oan1{>a(
zXr0@&FJD|9r?VUtps{XVXP?X7lEeZgU+^uzSyDKeZ;6Wz@kMNN9mo4DTP9RsZ^v9e
z;TQ2pSNOAMeLZs3j5g8Ks<=~C0V1Bry!+P$x8S8fjR@7s==(*)#-$e~A<%SKM%pG!
z4OEubOckIF0lqP%&meyxDDmm4?fzA#yNxt2WqGdNBHAWIY|g?MlUMh6s4EMUxX{1z
zR{>jeWe;dmdE|9dsr7=NVai;n45{e-qo>C1q`gF-8?)2tK51C{o4r$b9e@>#6c{X@
z?&1vz*|xH2AeQD^)Fe)^=y9JbhGXQgJ(g(MN?Jv>z(E-~Iq-`Ev3YPZwf-|ZKe+gK
zOL<7?LBE}bs!s8=nJ9)5v2s{%=(|OYhQh2l;0pWAPD8ID^S1KN%}FtG=$XZIBO6<-
zh`+~^8?0|{U*C&(@ACO+-tOFB@qz~x(>89nwqx7rfY7kMtJQ|gAXV-06!bQprA?zk
z6Zr=pxhJwH0V8cGF}&Oq9?C0-zEm-!i#zf9bz8l@`!dVU+QZOos~3TQean1oW9RmX
zc8sid$LY^hIEg&pUOXW^o})b-IV0mt`PiDD`JK>F@+mwA^48oLbI{=5N9QWnT{~Oc
z8+f>BXZFmQ9Q+`ht#d*LpT9P^@b5_JzdCh9_LCsuehlaaD`O-LbJCzmqn?dsHol0g
z$}`inT0IVZ)PQjzb#Y)m8<OtQIq@dkc9^{dUnQI25d`~@U+OfeT#Ot}8$Fotpsm^-
zie|$$Q9OiSmtb3~p)DW4);cg4>>VhvyRUSZQzxgmfQ572U|Ys$n`y=^>>LaQ-Gphp
z5@|kF@?OBZqp;T3<27CPh1MPeOguRm3^4baVAI*DwQZ^n3vAahiA3*Aw|w#42YwZ+
zCAy6f<aAVerJy!LrDj?w2?_?=v=$rNTk#?aeBvLz<A}%uR@Bx6Ly`w;%Y0tGFm^>=
z$CR?jE6MoT%s*xTw1UI!W(hdcECu0aGezsj<vE{Y!aA!;7IfBE({k%9J-<2`xBYvo
zCj_CutXPKQ^KAB$TE2fv9L8qP9Ou!;y`SD3p(WY=J{SdoGWr$C0Ki>eIs06@gX9P+
zmeM=EkM*cV@hv>`Q}n0wNuWLeys!Se8JN@o=q4JK+Buuh(sX?TygE&9T2DWn;b{SE
z+q*F%zlh*87juAfX7v>Uy#oYZxy6#W6@l7G>ppS7zn8|zhQb8Cj_TJBk-r-_I4;<P
zl@@24{g_NupP8~>vw)<?EFZ2aBY@m2A@ZH!QE`4~ns2wqk3`Z@>wx1&JmDj&J?6HR
z)9?e<cgyJLZfz|Knfoix@;P<(SmFA3{cq(IAXUMx;7w<XC7`PDfDZ?j@KYI%wz?iW
z_rm!A!osZgqqp3(=e0#K3^U(LIr45r#R#+imNcvWp+)7mO~!`LV9gBX`hz+2S-&ix
zy{LHoliW^eTxCwfDSGIuq;F6M?JSpV5tcLFD^mDVrdu=+E{A^O+GWPK+d5m%T5wv(
z!hX#~Z|oYueb9K%1Srk<UqNaep;3n=F?&#7(gPD+!i^@S7b&92aF__SDrOs7Dd@v}
zz4@8jri{Vn{O<KRj<3oq*Ht}RSjU}eJiDgPKKKZwv9+#oB7f`^aYk=COa-08fN%JU
zu-XtvW@F9|JK^kO9KQh>cIAQ!Led#0m=uo1o&fqEE9dR0v`2BB(4#2AvW(yV>fEy%
zxXDM#E1_C?>vawIIV1SlMJMwD;|et?Y-B|I`dM}br2zC(rRUcjW@b_;9{$_U>(1+B
zkNS*2FsAi*0b8-(iF&QGC|8>Mn7wBB`HY<Ss1bN+i_G^h-W7tu#TytDdaLqOJrhR&
zmAJASJu@uFSN`D$9s0(d)xmk2VRmCTo!~gDcG{^Hckhyw&344`A8Op_fzTA-{0054
zGA-(?mbel4u>Qp0wIJnUBt0n}U=hYLhenI9bsE8r1Y~|Z$kTK~Q(0jjWg?PN7hf3T
z$gU;8Q;0;awn3!~{x8WLopj?w=T%X;KQD({CFqZ?+x%R*<jwn|?mluXXr$=j-Crsi
z$VGFI=7FaK>bh6Z-YWsk>_=V&wEeBGoL?sz?|k%ZFa;IVNO9KlVTjZ%;%vu%Pb2Pk
zc4JZ>8llUqm4%q-RfJ5AMA|}wWgK{R!eTBXi|eo$9zxbOxO6@`ub}C;WVQTgIuoE$
z^~scmv<71R$bAx%8c+*w6W8G*H00FeSrHo#BpB5Y5=k4R9`Tu3T-c(8K{grd(AlM-
zfSY6^<xO5x`OdcMClQPnh}v?&2*pq;i)PUXr>>oz(iN><t%06}PsK@l0Sj={&t#5F
zIeA8YLf==RhfUCSIyJZUrNee)Z&^w@>)|}#YIQPxe7^_d69^1ZlEa%QoG|s|1j^Id
z3sGn_4BaD5mTJlizM2Q4o_Da5SV=rfH1089cp#r()u%%@@pnWHmcDqUc#_&V<tHuY
z#+WM|dK4Efy@`zMFV6rNG=FcPEJGM@na`IpA_i!Em*F7HDF35-f*{!<M(DuSwhin=
zX$-1dX<3>-2#g+Z+Q^qkhhiffKa;x5(I7-wT0kHI80rx1nUjMsQL4B6=#`+}4YvvU
zQ!Ou7e9ba1k)91a0S(jo-8<)-eC<b?G?dC6jh;(EAg)8|`)3|TK;&v{P3XnX8gbzI
z52TRYsjMH6h@^FO0(8y94^N9Wa1V@Y{YL7NdB7t(O;A>uwL;d0Zn@ui8_ft1h9}P9
z-JjR;V{KbBNCX#(&LOYbhqsf<>6j?@B1;9ViCGZo9MBW&<GTr(-iDr}`#@*HvJD%T
zcmW&*D_gFc!FG^CGa96<+ceUW@VA*df$Pc@h_bd;{jZ|-(WP4&M5|p5@d(_tap#(~
z#ERJ_nZ3jw6bI?@-Q8=K@Lj#=6>?`J;D3421kx2VD<o1`{{AMWHmgPh$L<w~ay%cX
zM%LpTsF}4HjfqQ}8@6<ij_$U#{?4;XI}+trfGf{i1WB08KeKz1gU}6$R9iLv1JR{2
z$CyZO*SzP<8EO>Q3I@H)nNZc*Jvk<k^9)ao7r!{9x99J@pq|PEhd>iEJ13x#!(+Si
zRlkB;u0_;jT7aviFfXHT<Gg_g9*Dsk%eiyu==8!19z+L7cwSKBMJ{EQ(Zq@J;LI4i
z!pBK41Mg_+1)Dsm2(rS?Btly(DlS2foldX7C6l-?f0odnV!7rH<P0o`$|(eqx;~9A
zaK(~eIK@pV2-$dL1-5bV2O0#+EGe&@Pr7biaO0Ib%;H=OTuG_1DspO*>{xPX_fjsX
zBBkJjn=`9DDuoxLtNR1tv^T+wU71Qw6RkS1jNO109}{mYs6-#Fxw6J=9E@Mf;=6K5
z(9#-~)D0|rNChV$j8#?-TAdPI4!DqWQ{pvFJoW#`(Dibv^R>EM!yIt+ZmMYPpT+D*
zk`VA<gP~3%@fN$+X_Je;P8*rVFSjb!TzDO6#vanhfyb>P&+X^XoLah?JU6*=2}1_f
zroG_hi;DPl8}r~+M~|4BLi8bkNLcz@AK2zs;ozkQ)($SxOB|7gNJ7KIH8NR+4<ch5
zcxAyrE=K+3*xSidrGW}o$g*uBQwxsOr}KQ}e90*c!++s4H|8mHm(#DZc6`zm=U5_r
zvVC@Ip^&_uR7-aT^HhnASidw2Ua;-`^w~8WRA1Win=F`3?Ft&0U{$=e`pn78Irk{2
z8%T7+w;ml|U|VU}=9gF|VwNeVhWd+<VMwB`en9HVH!pHts`doyGe6me3;#^u(4&7&
zdKrl1lkqMr>&q9X?*M;@KUsxSc_y<AGYBl<fP`rD$l`jj4LsIdO>+t*pHtYSYni+&
zNy34^=``%Yy&PLK=7_7nRI(kz3fMb(dv;~6qIj`_*Y_4K{#v%Vt+FohSgCPT_>Vei
zo_OUHH&KjZGj145l)l5)(h~q_3^ci9b&P9GwChrrVf;`ek*ZCb9}E^OE@|hSEz8TA
zufdSO#@k?pago8Z$f>M@kl4(}@ib}WoV>!1&D)c9N8s$eAg2i_7Y}R(96$)I`)8>P
z(G#et%95Q?C_=hE44_ctR7;99q;Vd}O5j{YfyV5u(lv1ocGN+*9|9e1Xd~fyHns%~
z<k%4$et{eSvS9E`8tohb(B!K`!a4e7T})BMumGn~2+<s|uon;8NRsLKr3#lc&Oy$u
zqi`|=M)?vx>?jslJe~uW!?P~w73>-05tOkE%`t&PBv56UrAW>pK%5=_;Ty9mtbt69
zzM>qvRQ5m~O2C$!iq<LyQ=J=JArH45${5Z7$?}TOzq7Ej>yDUH05;^GVOI%1#{uk1
z!w67$-WT!<k{B`st~Kt`9hCAMN<3>u>NqYJ!udG$9H*-VN$=4{05L@bx<yF3rcu0j
zWFw-$K5-r*;_SPSM{Qb_t)m@fJpfWuKN1lsrjfMkkVEiZJ9P989n>hV2=gCJgBqgF
zr~KuBRrWCPX4Te9pH(-4M_~9(UAI6>PGD<PElzLwwrH)>Z=X!GG~6m}MnG0|CuYWw
zClmu-cQ8pVSa(2gVl&SXJX#&)tX^&++ZHvibbuBj!xd$d{lm4{fYl}D`)9S-4vY0o
z(%+lf**m@FiLQ;3(;M#K@9)BmMw<w>)(C3?JQwdWThv8@EA8Ba8)^ojqA9r%@+L?}
zE&aru2<)ry{d5=hse74K8+1P@9flDGPr%w&6NcY}#HDe`!5k9dJ0|~T!^?H;B(6PU
z4gahCi`CVVa(z!@0qb3OIWO%4CM)omFU}wLy>s%Il{4}qxs6`MD|fe6)gvvE-$a4&
zL18IP<j-D310U08EzsFo6P}x+Vz3&N?+VN5etT@ZfEI6apvCy8g)*Q;V3L<+ggXYY
z{wo&y5ms4ka^B%k@{LnE5{iQLU_*LG-k(2M8vn_nJuiwjC+C0*_`}vbb5nmBq`ycV
z;ELEJc?$+{k0b;DmWpzqb)MGL2YdZyn+_A8=%LtXLp59Pf^xDJvLwy#EXr0><rshY
zo-s@b7SQCol%&Bete_zv8?c~8iWD=5Lt++jIKVK|SsV*nHD7&T9Y7NWcLaC9dv8_M
z^k|)t`+P-)W7Ph{htriVTHbfjC;34+;xqICz4LXUbqB*ue(1<S@u$Egi)9>bInv%d
zB$r~+2`VkUA>SH*F$E>KP)g!(S*5Ia#kcMjk7}x4a#W0zpw_l^?N5&ODw>a2eN)hu
zRQ-2}z%1i@60{}^$6D)w#T$#M+V!+5m%cM#I0uevenNzEPmoBJWe(I9O&T8g_sR(Q
zLmUPoSP9n|A|#1%cX!ZuVcsrz)=J3cv)AIRj?!keU|?Ixjh5tsKyx)>&UIT4-(6#D
zr_}A5`$pdErvB*W;jH5522E6XY-h#M-E}*68u@>V{!jdW>;Kn%-FI}?GDK-7?`I^M
z2FX808Wp`mzuG6^PZDdeygIdA+G-{}5@3+NjonP;f1p{P{Erham6O->{i|3`-*5#{
zGM&g?U<7L!fN(E8^hz3M`vgBvV=tQS;XVU*i|O^zE|<ESO*$WiZvUnMwLVUg7AE?a
zK`|*ffinnGw-nH*-@#ky6G<@iH1~a#sr761f!8mXUi_w8zFQ5j&Glj!DOsz0-C+Np
zxChMj!Z+8;pnUhg)PL?ZNQKJn<?<)@Gk^NB*8gVzw*c`9Bw+Pzv{}hxF+xjvqklsN
zEfY9}&qByvBR#Lx(4T2e$ozU556beEf#v<N2FLN>(<JM{+3lv&kuS$;t4eOG)ykW`
zfVua!u1~G4PYpxN-?!Svk)_5ywf284*CO~sedGV%>aW!|D9kt0Zp(2ToShy3)7zyc
zKAg$!GF|3%2&Z+!oz~gyE}^{rKfQiZwQZhrw@Ixt-EE$0?6;dIdRsl0>B|@Y-`4k&
zzDzK9Qp@J?NP(W0ljv=y+m89pBe(8;G*ezlD9*|LVK|L6>Mc#KLWtxA(2pCES?&#Z
zBj0Sk-^~;#m=nU%U%dadxQdwol(CITF~{cLUd8m7^5U}QIy61%$M~H(a6jKexMTHu
z0>bTK6z>tR4k39^c_3J?853OWG}lerhxYO$P6tO{_I^luC-Q%xn!iS!O+ahzC#m5o
zCFobVx|>Mm2;N9{ZA#uy<8SdhV{2i_p!@=7;DeAjHz-%TXZ$<pfIf6<6!hSsn8Z{c
zMcSq%9;aeBmJK}Vr#&DoC*6$rP9(aG6nghqN?LTT+cui+e#`!k?5qe{8Da#%gZIv<
z<VuSOS|+ykTD+}n2G!?vL&k2=k-g3HGE7sexzYBmp(dNDFSJujkZ+aKX$#H91lA9&
zVlMz2R2n57z}UwHCk%d0$CNWDzz;j$pOB5YjT;P@@?kPI-NW_cgxT}rAB4>p?RCGa
z#WslT;~=eIK!8sGeS5;vCqqMk|EG-=5Bw*lKHTwmguown8FrtikCPE#9RziaPDly_
z4T{Ir!Q^2ecLuhKsKw_eS4Qd}wGXt8Nx?AynS2rs4Aa>Rs}4^p4dfrT5Y*)p8BhKa
z0WkK8^2)K+2byBl*~3*Wfu?PMjZ4^wh0}vhhb4smTI>EZ=Ej`15WPZG?`IEa1`ZA%
zHhQA|yUTujtjvU?NMI;CQ%yB!>5<}jd9w8)cBD}hh5^yH5jHadz>LIOLE?I}`ZR13
zmz!Ngk{9+b6G;X%;Whs!PA;mfMD_p9cpU)j`fL>e70+L3F(Z&%pN%wJoue%?A!W(t
zjQrklZVZnqwpM$vi?wO3V@d>?e>7x!{0tFSZUt=*R@x2F=LHlMR)X_9kgcNV>_0!d
zss!~8pA!Gna{Fo=y3iqH=nG<+{@+Cf$W$QXt4)P#SyjP$&aw?zcl*(Ff9(ys#B6<M
zgUYmic;N9^sP3IMMmjoV+R9pt{PVkTV_dW<$h$&iFRwRJ;4E3ht%3BvfC`f9N9oy<
zV{j=_?W5fS+o;eiH(0UA?J$NVXtm3ddpCzur4?N<zv#C9l!#mSHBdG{pOl53s#Al|
zmS|y7pdVi7%`_FRVdLR8XD?5Sp79oPEoU$EgLLLOeHH~_IVUAx1M8G+E^gz3nr%+@
zNOf8?fIkxjQlmO~7yu!9Js(JonTW84ruG1zDHtmN=E>CIC|(Z=FtUIQlyk%gHo#SD
z40(;HVmqbtNs_JSj&8O13UzRqCZoF%V`s@t(_N11%n*IK6WNMYK*4QM8Kk>%r7Jv#
z#$PyN-2#^n#b-l`R^8476e{i_ZKR(75DeW=Gc1>WtTB+=xE7l{%6FQ)Vzk{1bHDB&
zE+geD%-{9&Ghpk!dQo)#Sw+aOG^%oje?hb)3M;2TFGifUFHu|c;2q3^I&4JBGL@>r
z%_>~T!!ftBjhf7l?odm}avBf}EK*gKL9R%TwJ$Yd;u`0LA&!+pVF&pYp;-&Ac|f6B
zpquv=#rGcYIKnkQQaq|5q@lM($NlY=B;E(j^gyI{R2mZ`3S}HJAjU!-EO87eD3t>o
z<)`LNpjt|DZ5GhNtJ5s8YW0{Cls02EP-){65H6TpC6LZ?jxgc*p(<t`@!FY$Y^nAK
zuFZzaYdf2yQG6q`9P8ehzD(*HBfd>VyzG;HbKi-Rv?v|m9?h%ohxgm=x=L*|df_+s
z_A5-^+y!JnLI&$KU$3{B{CDn@_!6MUDeLp={`1C?F>oaWbH5xXPCC&ao`dlKIbA5b
zzb?rE{PS>NLnK5w3vCp^HBnF8R+i7X`X-71vBP&d;5xI~XO_JaxW(peXEE2Zx#Rn4
zNa&}1&8F~=vSUamNn&$CQ$~*5-n7IT9I!xxB+(ti2`2Fs60cN_CY)a;A6o=?F7U=n
z%ra4r+0GSr;FQfQKy(oRFWHYhh@BJY<&xuq%Q$IEWD%9AADm-TAPfy(q6op83l4{O
zOUCWd3b@ln@3UX*IDqKe-zmsB9|0z^W|p%%@wOG$_t~)E$k?-SyxR!4H@m}P-}j3F
z!KhVdh;hP_W7Hly_=ocnY_9E$AbV4(_9jHa-JJa#_@7=ADPv68*R22LG!VTzTh6GM
z*ltfg?E;i8<-3LsvWw0BMFIXZre+&E8RRzc2jQiQ?yJ)`U~8G>g77~c%|jLk4o+Yf
z3K{wd*j!P5H>%apIfR_>&;0fMjP@wNJzN-B-3N)CAbd?AtY>ll#U!cUI`<EPC<H&c
z%owl@+_e0{qxWB9vj%10bbdiPQew+g#j{A;#pt~+XeeHIY<87FDGs{I$9O6+A7T)h
zbz|j;WdURbj1J!f<v+IpfAHw$xWcj79LsMpG@Xw-y%&`RI)70aVPeRnco=^H--B}b
z@f@kHL|BT#dP%rl3X$SyL2w#5jQRsuhhYD1E&qq1o2TDJi*5gppL6gk()f9`l0#au
zI^PHi!}LrizEuoJ*6K-qyfXVh+dqEg=*Q9B@x?(L1;y>9V6>&c@M)Rp>mwl<pz#6N
z8voP=8?s|3oY`W@U4e{i?UVVi6RVAiX`HXd&owC6C=wOGP$s7A7W%HP0bqM3Y@9+c
z)KPk029P5JYjnOU@5)*Xe|8{!&%VzYk@t?%&5KldJSfR0xu3#@XSj~R=<u&_e?D{u
zXachBiP!GkRC}dx%}-G_c~=F3k_b?&>3iMjul<U3qaHQ0#2Ocd?<ro|GS&=LinDQb
zGAJ6VeIvcqPH~Te81=Ithu#i2iDIg6*)q+Lksc2INi__u)$U)@4YGQ~iL!`*^&uPi
z9g}q3J`%q$AR0L2+I&~fMao3Nqriz6l002KQ51H6iATi}C@z@wa=FQ}Z`>9fAz1Xq
zM_ucD)Y}9~SDP*vely<LH@J!CjzWG&Z7`CvPG7;KTEcnqA^T4mHNFM=6Lt=C+}W3D
zoQkN)AhaxU&(G$E4SkVKHhtTx0t?#D+jx=%uz7PLn18DoBNZYR|Jtat0IJ}Oe5>Ic
zQ8`m+()N~{$`Hq~tny`;AlY#xj0Q%ykLy34H2<Y?m01de2n;WtRXgkNhISGl87q~0
zE?W^;%RQd)3T8?0*Vv}2#y^J;@+D3qSo1fNq(Z+B^gles@oE#2Pl(`ewCN@|oB}8D
zw)ief5x6FerRV)qDpFg6CiIcJ42g%7dOO?J7?QB)g(l49A@!MV)iZ|uU`FL106*Fz
z&3kk_K`k59jIAyEYR!N#UWp{Slm$EQfBxfS`|0<)oF^#KK=@>UihS^@z}xqN`0ljM
zPcLZ`(Qg9!`%~p4j<G~yPnmpBe3CSsJB#3}>6htTMV?-9x|=Rg{?NtgTT5%1ZordJ
z#y#xSH6Q3rI6*r_KxZHZM#VMK=s0x!$57Hy@K4a(zj!8SxIykwB^$;Y;OIlb0r<&B
zK_dofm22>XlwakaqN~ynF%VrA0G=~EO_kzQ^7L6a%YXOQdeXVOQgZfG1%-5@>v6<!
zGH_*uoi4#a{<z3*91fNOW98npuOD4wK=dwCG*OgJ(g#TYDag#tmTDaKaY$R%ctNrU
zTmAG^e`kyVf$-?fa{Q7wuL>zdMN5sf;t=*u++q5oh4K43lYxqJAS(y;HgjWzln2Dx
zfwY#3istz9R?j%Oek5!{XYruoRGyZ~h0QZ%K$FNKdI^cOf9uBU)t{Ra*Be;4HmPiT
z$VD2)k~uWkQ$^GYgAADO0_2|q6l!;R-PAlN8IrPJU(kHxWEi&RN&31g9HD_=0MNjn
ztl_w8LxpHpLHWY|cEw%Pad;o)roSwlXp}&D(OYEDA%&s4zypKTRz{zRjiIb%-EJb0
zl_G0mz|IO0+}wSrQ;Hk(c>6<S<*lsi#Y&<X<$`#%72?1TpCpkMe#cWZHa5>$WGH?>
zodm#>PrZwi8we9QKV+Y#UFe{Ixx-hI*BA9(1G6J3_m2xbG%rT+%Fp@Hrkt?^1VeC|
zK@M*fRj&*|Gl^RX&6<p0<u3W(pcZd*MBY_p@@r`lgT-ZE4K=;R9_KfMQG~t+rO4pg
z>!ViRo;#H-<=f%3uC4~kP0iLOWBl-~Q1Z2lM@b>gXxT>h@J@*Hx7G~1Em+z1>rIz#
z^(8uh>GPf>@JjsvKhvMq_qG`F5qzz^p!c>~^v98N|KyXcy@OxuDL@!NoRv8Y3yZ+Q
zFydDpC)hqG3}STqR<iMn^~Vw0yM7z>(s$-XKc5t9H-9v_i$jnuuh|oV*q;$U0-Kd_
zQQ;rDjjoNaKY<|$m6gx}JB=9<uPnb|ET(3L7!2vWvw?%m-a*7%=pu#;lbxDX@u+Gf
z>!0cgyBkX^r@GAB#V?eYB(>))v|kKV<t$K;|7Y?i%BE!sPIxWqc+**-gfpm0k@H4p
zdsM+A=c?0Q!mC#wSRfL?#<Tx}&EX6yQ+)%o?$i5Soo@%ZBu$;NX4?{vq|5uZ<=;@4
z_cZ83#p$<OX1}#zTVj9H_D$>SJI1q9-!`wP75F*-7W>DiKNX7Z#O+pmcQUiMpKrEv
zyIR+ka~xBJ%K86wOp42zek8cWQ-ptZ!G$V?=`O$f^f-^6c>iWn#JeAr_IjON$LsmF
zm3dy#>pbNDc2b4JbeGV?!u07!jJ{15jS<>anKJ#C{`*N0V$Y<OJih*D(hHpe&k~@K
zw_=6l+nnXktlcWVs7Ju{)v@gl+FxX(Ru}%dzefJiasmCP$J-xUeAjs&alksu^|49w
zV?pN=xg3+de<_NyZ7?|ZbTRAX|2!tK?USxAd}7J8()nb#(PJ@N-}olg@3Xt6Ofzq)
z-r%+B!1ZS*mS^<oyqdEh-*$rKregQvB}q@p&D`~tx8Ccw-1JDZp?U4uiCZl<eF&bd
zEPqTUGBo1OO_|8ISGF}N2AMa%+0^-zcjD<oG0ibG49-g`ii=IHpPb5{nB|)-bnTgb
zphmTH4QE(DaPmjakG(H*9#k93ypPv@{oFC_*1_{9TlQ`Ld-%&!{z9SFgD+I~P5Sbu
zUH0Gf!Z*U!YHTiz6FKh7`y3M}l>Aj!(QC=1!^WQ<?42VYk?eB%sPYPiv|pcW7#{q8
z|Nl??W98ThF|3c-Zy#XTEdKmutdO$4<axF)uR5IfxHSE}E+RH_u8LAhI#ZQsXBkV@
zV_8mJYk5vtqjSo6es@0iPXE*GX#aOZ^8Pcuuct`4stHJ$D|9j5oL*Ke^u9w{{OE<p
zrxo__?Xj5mQ1z7l%Xqfm!qo;7l5+GHXgIE^+^E>LJJ;v=M5~#{Q;lVx{aMlVe%fIH
z6`2cyOFW*{h)A39x3<bL+H?vZ7AsSda<XU%O}(~ohU-<ie}zeNN_q~S*{RZLBI74B
zLnkj~8&_x6nq21)q3eH79G$zy;`ybMS2bta#tT=S?ud{$aKJjrz0uH7=T>vUG!309
z5##@6s~UZ--{O@O{W0aA(JZaoMW<96|NT-j>_|GwwOu?kk4tog$OkoL<vtls-HEk#
zQ*<o5J&!QH+&S4;?cR+UMoV|>`&e^$$Fb;E#$W&R?3^-tI8Xig@_xE#{+vtp3G1x4
zPcaEx{ch={Xe*1XBZXY$4+BizpSry{#V3Euk2P<^7X9_%fA9Q!z4RYvAy%si72Dk;
zRHJ5e&1K@%72Z&)^Tz1D+C#S`$<|&9ZaV_H@_Un3`c3*+*i~P8S#x*K`aeSZCY}EN
z?5}<k->2_MXXH<Qy)tXJg~?u(vq9B*CRGu9Z65BYC;JOJKD~S~e)-NbzWJwp7Zr%#
z5|*g{t@k+J{@)MN{I2x{;&(Saj!($kxxeN|X<DJ(qb1XQenchDIic)V<@x@T)cGYf
zmp;uGpH-Xs!nLsIj9;+A7f$=ILo<u6Zz;NVsrO4w)E$pYdrf|8R2!N-nBeJ_xa8K(
zI|BOmgIm}RFdLtF$5Vdgzn4(TGo^D+v?>mZ-l=5LlHVTkq(IT%&UU-DQrWvSG4qlv
zf31p)=RBs;3j+MpIk{*2xLtqX|KIumZ$>5&2HYpA0Cztl0UYP6pc{g|e;Q#zIPkC*
WjNQ}$-mGjOB}_or0;B_6K|BD&=4hAz

literal 17818
zcmY(KQ;;T1(52h9ZQHi(Y1_7K8`CzYZM*wz+qP|Ezkg$QBlfCJ<aw^@rcPvLDanF@
zp#cE_K>=OXa%o-tl_SE30s@*M0RqDOuWI6KX5?!2$4bo1+{)g{)yl!1!P>>aep~C;
zev=F3r%#c2jsc0c{+JA4ggD@i*-Lf}Vd)XWlWv#<22MZE!I)Y>{;z#qKhWo|PqR;Q
zcA<Yp@-c^1%Jk0n{78|+(Eb!BE8%#;EKsn6eDfYO><h7`W_ITHd<7OX>fc6gMNezd
z7oS=$tbZlG781Ps_U)WgY<(EM+&ptRT0gIcq5`P@>P1TTvvswdvO<5EXuc`1=G0*S
zjwIV;UBpE;vsjxCHK<-wQ<>Iva8!hw;;N!Mu$E~J(oYohOX3YQNR_fO*X28jWw74!
zE;7eYXR!Gy^<=P+k{m`IXimwOh?`GJ_hF9X#m4LFF4@o9V$X!>9W8D-#w}_&!*c^_
z3f}^_285HGxkVTYgNj$JYp2dMC-{(~2}E4@`=AV|jk|=dcfZL$0~25wPGEHee;t$b
zOExzJX(wOX+V*RXrX1&dN7yyN-3N@yO4MYNW{f5*WL%K`HOR@}6uwG~=cqR!mRt({
zesFfX5ZHEyK6-S|$*X2g>bI;J7iMc%u%9lYP?k1&XQGZ!6st5W;!-%}R|Byenhwlw
zgl-q?JNl<pn!yZaY~|<a5&uk$r7r$C!J*WHdL=&GU>U}x&+sLIQ!9fb((%x0y!n?{
z&BHjYFW;xjAgT<<gZTtJl>0D71D~nB3NjC3OH)$MS%SyzWD<1TP;X1aO|)PXz7Oml
zC(FdNNE39w4n{F+lqIRL6)ql%m}%yyM9qnIwGC|RkWcN${^w#Mj;}n)Y2qjj9l3jw
zoH0E2zK(m5nyi_D<4;EzPg_CsN|u41fX2-Akf4#CEdG*WfUYEky0Rcv^~3m)s$ijd
zX87%$OWI{*AHD8*<J%T0P@m9Ou#vfaG^d*|&hnzSs{Kd&_~DY0d*(b!k2MR16YE4}
zha{X$vYWzob#>tYz^sXmq9Zbgh`1jtZ_DiabHyc14f)a;Rh<iiR6zSsO<Ek!MWfsw
zg?YbEg*lKsg1e2#Hi%os{oe`H7zjUvHQ`(M_D2<TZ5VRoL8ZMrjvnAHP2FpyHAmTs
z=Yt5&I8>%_xug6z^S5oOqjDS_se2>GxS<?yFsPp}YyHV@b0t5L?N>VDz_l{Yg_>ca
zPP_glMeRj0_O=%qJt`+<P0iG!#XVjCnF+37Gr;EY<Ez1dzqK)7SQtZ>;J2*FV66O{
z{Md16-%07k(-xyY<ksUaHF=5X{*f*`)YoT})P$d*Np)d4P*t1)0ntFc5tfZWDarQq
z1vjiE#<%vM6tF7xo@8dM>3)dm!|TI4l-q~k;odg4@f?Z3F>3GCR*zpnCj8=9@y9)~
zbO-aV?F6~B2MJLMSG^Jo1JuYcI5?K;>}IrY>>^+(;;-hjuuAnG8h$KKDyG+vpavYD
zRQ6oz!9!IF<|zhS=t*yIFduQ2r`D{%-HV7-GJ!yqT0}<wf*CQrxhJ}X7;=Bz?jg@t
zNToP8k=g_hej~4gC!%teZVh9L%R}+~+Ze-Nk~JKlsE#^_dN*V^1`rGB*Ue3OHNSN*
z$^k7)f;x22S)HoJ!zi@1PP!_vhqx<N@n9PB?HYN?KyCTe^h_CyM^vL+?0l4AOI1qi
zwp#VV8xCs^%Xi4l8zS74eXy|KaP*(b@34tzg0&mOl30q0J-y|@=r^nggU0bg_OaOh
zLkHroO6N$;i;bvPkfJTkE4rmWIWTe&xL_KPx0=U_P>0yT&Zv_3LIXQ4dP<aeJQ&AR
zdXsW=GqfkXv*J?=ky!X>SB3!FsLOESA;z{H)#Af#YHLxpPwQLdVhL8)*v~aRQtQ&7
zBZSjRlKIWAVe0XgyH_u%^~B6ochq^et=h8fVwKlKG(=heeNS7qp6+k0=j<ttShg0s
z&CiC;m1CW3kc1tehh*hXsKjy*qO~jXMJKmzBDG0&K7QqriF6z8q*%GrD=kuse1M}B
zlTB%1V@U)r-PQ(O`xI55QM`P337&92;W5Wjr<=B4h)}9Hr0aUSI-GzGh@+;?nEZ1Y
z%TZFY&#_awTR>K`f8uZpw>sUx5t2N{n~N0sM(I8O!YhHoR!`F}g<6%`#@{-8Wp^B`
zRiE=>V^}?Mt<On#uU324wtc<#mveMmk-$%DRv4I4vzxdoTVkdvY@*fGU=G|$9s{7!
z@Mu(sbla+-um?HeM>#7QPTQ!`)j@aH&3ijR1An9L+Z~8ooZEC)?Sr?KLon~#0E)RA
z$5~!p?+Gr!fIBW#*HU9<IXa)_YX2X$0eAcsdmWU+@&+4p(Pned_Dl*iwHcz?Z1f1L
zvYQ$M^i3b-+7G3Q6z90E9e?8Ei>&i1Dvkf{saUr~UQwYVYxF%$ufSyk^qwpwc4khn
zE6llE?&s%U;W!^kf_BIKZ>A(*Ye8a+VQk!7^C~ESj~6=StS8c-8vqlh@=UYab(#G7
z)3OrsP&;vsINPNUGo2pE$YmrQ-UDN_((dJ%A)>eW%NEudDZ3g4aKbTCRG`nH_v~~Y
zX`ucNvU`(T1DL$-P6#5-HpMSw4%+bn;1DqA0M>Vr_kJWRZmVy32YrLkW&2nM6y5DY
zUYWAoGzuvI_6St)(T1bqMRY4xvM)*CgMH}r^ZD7kN!#$2w4uT(=Orux0vN^N@f*-E
z4Hzd!IlOM?vDH!c+{BK)<)GFHyT6?Fkm{V|qPNCOT=~#;wzsg1(1~bIy$3~x{Q;Ai
zY|EH8C4E``9a$Z2#e4SPmF#bvAi^d_%c8UCntGdwQlq-Z&!}FHFYDJ$zaUEgU!wT^
zgIgTH2Lz;W3Jiq&U!t%xva(k*vvailFIW8UEOG5;<8jE*xcB-6qkDRjw5^dUF6~bx
zeHy!%5X<?U)tZvSf2|KMF2YhrtwK!Q#m_Hb5it4F{7tSC1__-UC^nwpzVNh_-5MnV
zOr?en6GpT5$Qf$;ZE=vdnA!A<zs{q$==HFD!|=P1$z8}=%8FBle`*ku;l5=_F_FBj
zze=FJ9kkry!Ow$OWE09;+T^uY()_q9jppCAEb(QJR;KiX8;2?g(}3Nz2>87}z?R3K
zm2UW+z2o$C!Z`OrBQ0Rf*AZCC8&QC9OX+(TuFrT!b`M=PKeJeK4!)yQt``zYj`mNK
zMoTf#KOc5dXf2q5w{gE2Mqq=_oxnvPNpDH<3vxJr&LO!Vi~Dw@!2#HR?$hEZEV@uN
zH`Nj3a>WpRPeWr=uS8@}%#*mE&pI_{INZ9Lq7tIZnSnsbMd5zB%;(l{D$8I%KW~_J
zOG!)pljKj9Fufszb~?yRE5l^EAS3_vCC{o?m?;+D(^6Xgh|&)5FrJMo*bw9m{Zfb`
zq@Z@=8<tsck@@jL2VjnGIsGH&eOGjLyXiU|R*aN1`9;af8J>>~>f<5N3ZtLD#(lYs
z%gCVV<#DA~b(H7v1F{bpY1O$sPh}Pn<MK!rdkD`-4%NhvreXnMfkBXSM-zZt0_<vE
z=P0-8G<LT%JvspjmK(B0O^<4MOuqG6#YN7DO`bL8Q}MzS9CJVHL7F5@Wb{An@yO@N
z$SH{^{iQ&2=0eM2I=tWxsXFWFhr7m0prc47VP_R{orK0?WK)$Nx`cXU;xEQS@z@`V
zubv)=pY8ce(uG~c^F&vB-!wnk2w>xhB84DxN@mhCa^$cLcp4IHi_Q*`Qdc>B6Ll&v
z9MTO_TS|A&qtd{EOy3(K#EtLoL|1oi;Sqg$zWoD!9oLX|C8LlMV7&FeMOP-T)%6!P
zk}7>|_61`GqXhY1u2dqD3<~JLazS9T#SDTq?rFtkK=Yzcunp8NIa*6<H|l|>mY}18
z{6U0rf?q{C2z)l3er#wLg>&0nCNNznxx#T4AKBKYQ_UBwQUC0kgBLh%iVZl6Y>Qu&
zuVP1w)FH*OP%N%xVyrG$pd0;F64Mr<bh#k8+_<PT#nS0&=`yvfd8yp^d#YXYLh|&h
zsl@QP`5fM7f)$!bnT>1X&Y&c&JJ{%hDY-K^-7fva;l^NDh+8?;{Mxy8tKN0oLH`1~
zzb&}GjmZ_ethEeM>_XQPKE260U4!S7#HSL1PQ5ryO$yv>oLLj%i%mzpQC(Y7pzjQG
z5WGjuQTI|%irtU7KU;Or^0VZwn<me1Cs>W;V{}%{*x_86=+&ww{H-r3{O8jL^TCOI
zM^k_-`;WM&WNoxss+Rvhp(k}%F-2sk<|6fRky{3{LJdg_?*t_b?<&*6HWdu-8l3KR
zpXTm$o$2hJ((d&-I+HYx4;TlTDlQ}ShD^avkMaC(p0D+Q(64m^K>l~y*LvMh{<q|0
z{`c~i7D+Ox``IlfupjS_0~4>U8*Vv9`gL57uM3CD{?_1vRD`P#<mab)fahEb#LG_}
zyE`KP<z9hB*Qe_OA=f823Hq!vYRRCYBygN+HKi8%d-tF6ci$OV{x=ecXw>w~-V-AC
zC8IO*BlVa*REMelOiZZH!G<MV6o-01MqEPOo?pd-y#x5|i}fQz$QCXFWghR9mTUK|
zR>=KMKhG0Fxccn5A_9cosbl?ZhNnm7xKfJ8C7VIE2jOtR+?{=o@Y3nFd~68s$+otr
zcDBbSt!LYRCN`N{7bNQHr4D4zz%b5JLHW?Q{_X|B)lls<k57u<>TuWOR8*&To5W*_
z*Q;<WeC|#Sd*nxVSJb}as(0H=qWYcvikg=%E*v8?2SFa6QPqYxx@HkAx-<Dz;S_LA
z?s&hYKs~TV&W4*_WY;5C=M%rBg+?Mx3Ub)}Y3~8+jhm03f2!5AiTC+p6`so5+H`M!
zbdO3R)A5<jWr#XL^_P<Lzteec_?{!X4CGM1pNDw$asPOqeL1W3#Yz@of3X*4T#PAr
zSK4QE#Xc<i{X3z1b5t@8C-Ro@wEVo&(XMn~l&Fhm3n+_t!ih|3Hn(5M9WCDF5C>A!
zV}ZX3;&=d)i)<0C{iPC3wKU52$Bw)7iM=+}=garav=`bUOP%dr1+*rdwmB$(NifX?
zJb=9_U_U~R_*YI8=kum+^bb-9RE6$P*J~9Q=t3}XfdO|Kj#Wb3#M0wpfg{XViLFmk
zKaNm*;^p|H_!vT83O;}IyD{F|ICmU6o41sBtpV?S7^a@nLbMEFTPcvfo}OFkUi>z`
z_z~cV{EBMc?PO*RG4TD)mhdB%88J1V;gi_6lEA}bj9R_=po+w~5!8nAX$)-E8{8g)
z(DCULn)^KEez2#&N>cF1>S}8Cw;}L+RVx2$UY@E7{tLpFbe2!CcnLaHA*y$HsT3=&
z@ES-Ib&mQthsvTOc39WriVW>Dphk_*j1r6VrWK#xr=?Wfv3Rs=B@lZ%1z>wZgv^O!
zj||8P5x;$!aI)_8Ut$qE=tmLeJc(Rb@Eoj9vTPiQ{ZTgI7}t{ekx!;l7=O#k`Cy%J
z#iFw#7+|=2=+A$rZs_u0eH|%W&h44#k7o6tG^ymDZEwvPTxcG^n`HOQY|hNwl~&<{
z@nak=iN6}`Ps<OG)&7lPp-Cz?J@MUOK(Z~@4THpdm&Ph&|Ete>m)m6&%fc@M(!os~
z9Z8S{)1oC^{pW|gT4A<-4rF=XwqJcgiAN!Hnv~j@Y_Ajwd4Y3S2(GB?t0L4Fob`bw
zYXW+Hp;;4C-QsBqsdQ1PD)v<JK(6@Oe|0gNs<ijwX*>P0zOawbVVrHI^bm5egn2Et
z9j8>GQ)<bx79}vh8#VmZ!}I_QdO6VQ*b8=QBQw8%ypGcjJ8>(s8<pc7#hmq?owLa7
zdSf%tEVjt?yCc6p{^kSCeIt^81WStzqD~1R3Pg&jTMex3o=FZ;O<3+%^NsoWX~pQ@
zXA!;Cx2X}t<OPL2TOA^O*JJI-RwRvW0Z{4)to4W-m(@kT7h3_g1ZhG1{JIC~4X=5^
z_7UF6>}Qz%Zn&!2PoN$6s5AqR6)~2|5aZDh^l{Rf{t?4mTfb-$u&hun7g-Zjf38!r
z6gpZY_pZ3`bV*7?<DNwHJM&vWjTYKRJ@AHj0{9aI%z&*z4eeU9gvNN=JeS+o+(cVv
zuLba_&fLfh#Z`B7>g&vSJgwa1G?wD0UX_p2xIUQ`8!O|2?E9Y$UhcXdh0!kPF{2{q
zC6<R&+w)iR7I3&f8z+a9m}{6oxmUE@S+mSazN8TJ>`K|9l#L?{j$8ONVA6Xj0Xa;S
zk#XIJo%1AePIm-6u!bF*+p#-}c|a5M<1rSu1~~#=3lv|suZ;cz{-5SgCuh$wUx$p0
zKbXIVgnhkl&w#Vl*Sb7DY7}pL8P?Y`Ut}<UuJ88mAs-kNDDR*S>D)x2?F?=%m<<1|
z^Tb2wj(7|?NT*#z5`5eR;e-8J=?o>ir~DFxEN<h7T)GpNH7&O><>*M`m4K&0p}xAp
zZ=ys`P2MdBSW%icCCw9&?0}GeTEoH|{1Z8bzebgogStXZKKrqBX8YUBG=Em&LPaPS
zTH5#Cma7a52>bAXvwVw|6OzT3uq|XmQpCp(9W7?WPa08FXTMx;^LqAbsk1tn23!ai
zwNCo0*qBqq>&C1%-7=`r7&QeIRCxM&5D!Nw6?eM%{qFIV_Mh<161z??m=J2*50Kt$
zMnwA=yT+t5z`?&1gDpFkz@gx$9p@#Z>4VXPq7Dao1F^w$<J&Qj&aWk;vs}lTTrTwM
zDFjn}*c1FP0p<uXmbJTY4Z_L;&|`WDgC8(B63WiDCxF)(El&&(tJd8a@%+RMULmp*
z`|<(yAaaP0K)MN+qptub01#YP?iCUnQxPoA!7UTdj)`X2xI@OzJavE)Ug6k<CP(p2
z2kOUoEH+~``%x=auIp2BCT{38au5fhz69`xRUi+vA|<MvitP66sk+Fa>@NLRd~3K{
zRBn?oPf(2;luBPn?f_eh^KWS~tpYrQE`(NlX~@J)BBoKWoixPJ6z_dGEcM73Z3l&!
zzDb_gsIRuvRPt{8BYow*Rp=L(3BKycd^;K*C@l|kh19?NM(#uU=5f5gp`lqzte2_}
zlEIZNHLkH{u?;)A<dv1z1&Y<H#2EtVC2SOulC#3oQ=kT>BU(q~hQ2>n{OkTRiYFjR
zG?EA6LhHK3E-b!=N=LnJ#76Cr;;JMGS1BAi1m=bU4cz{~uz!nN*NEMNR$+1^=Dw4g
zaCPuyza&I$k}RhU$-eA60}YIhFn-L;VERQ4xCh#{=o&r6A+PqkO?XXth25lVZ4%&p
zU|hq<3836%L?O*z)=;Yie7!N=)O?Ly8GZSUV5d_klRttd6PZpCBJpp*<<yg0-vxkZ
zdk<qBh0k*ecwzAWN!8g_n&hES>#9>1Krj@sp<yRazEr>eoA1hKG>gG5e<d-SohgPI
zK@MAo3OsW<YA>*87mA~P5E-@x8tnyQ7doU%N=ql`3CJZxJ=H3(B}qe5D)ZNhTAEnH
zq3hcpgbu#sLG#MPhuDSX_BR_E1jGbSV77uVUCXsMm>o)07cZQ(8%5xtR0K&bd#c1u
z!bPIh=V@-_@$HL_xkL099g1gx&|}djb?gP4NBq7K0V#qPG~VcO<!X^2j4VbbWgf2m
z0~+V!mE}HZD|vx9?h&0)dFewE6Ml=*lw|dhuFfbpnuC&YrLJAiYt(C{*bJ5<@|TP@
zPT^8kQR5A?@yH862z^UB8kuyOsNu>BW?*S-ic^!Si;P_$qWjgUez}N6Z;wAeB#Y9`
zpSI&jU^4qg7ywoC2aA>%=lT!>fjo&QVgL>?#8IWWCRN&E6+k%?<a7$uq+TUHJWF=|
z!<wjjcQnpx3H1c5;738{ma+R+U7TZKl`fowVzb|cmn>%BZK0?z!<%OMSB>Q%0bFlx
zaV;OjujN6-WKgI?3^EQah&UMeEGQ_sUBOXMHJw)8`JDHNQ&5X31k<)Sk}rl&JK{Y<
zsi25rmff0(b@|o|NHK4Xn;f?FG=(zQCr?s?ShjBEiV%q@|B1TVFou~`0}Jc7jy!GM
z{z~_H2CsS4-3&;-vC46TA<Ou;cy(G-$CO&|w*NLa;Ju$3RS?KzA3({}*stj-boMP<
z#<7M$V4`D43+8TxG>y$(DEkQBylFI{*)S+zxgz`L=;<@)4=6t5yk>lJ;!dXHn61Kl
z_vzwJrq}KSL1B{lJ%N^20$qzFZ?tqjM{4ObetZ;d_^tvLCkwnUn{W&k2EMDf9EPwo
zfQTfG#!g8pR-gDg6~&&mC_32&rs#F?bG?$!3uN(G&R$+~wV98`y!p)H16WGj=oaa1
zACO>63H6tr&cG1)*oFz7@tX^#18NeBtoJ06{djmEHqLl@F!?W!lQuEBrcb@A5Nkh#
zF=wif-K<#7MuhQ37Yqzi`b7_025H%2j9PD6AKEX2ygvEK4F<C9dZ0SwLZ-2H6OISk
z2W6cuH545L(4o_pI|zlk^^7EDM|oEm9Cc|z)!=c#EM2GLWt}6uu#u^jwJ`aV!!bEL
zI3EjzvInCW@ZAGOP$dXBWec^j@{3rl(FagxvZQ*)o#<vpxBy_2yRxzB+|&Iuwe_%3
zR`#~Iayi~{vfA3xN{KvoK*G$-18yMyOX&%pYCrL!9jMq+=(=iP{&-D}8REUpd~Y(X
z_(9_)R6P=$Wjc5=fVn9KjCojHV-a4!nx=0)^aZmvcV0th+))Odc!-iNwA)cuz74C+
zU)Cu7IY5i}Qb+$j(tR4sa9xi1eRyqC2FCQ?Viwd%%SByPeXlaM64RF6QKs6;k^F-!
z!7h%ioQPJuRLV<(6-F$z-VtNl*{=4F2K_^u=GJq}#{<Ckn56gRpr#ga1K>R^t_>(R
zNKI!L!KE9N#oV37+|Dl5zJ@h>U7Ee<h_KCzTaM%Q8Lfy?H@n;-**15}n$}3wZ{n*d
zYaHm+!<nWyXT>d>u6{t<qTo0GZq9gKG=drNP2!9@M;bvJc3U7MaM>8Dl-6VI*-t8C
z&nWNJ{|KI^ZDr9jlFk~;C+6RuP5OJ+aAL}+=ujp1aB^<@nm5uaW6LS8(KXA){@6_?
z56N5>L?{1Cb&|m-`&yB5Qs{EBBd<LQTIyn(Jfh5a<`-x9ns$y;wZNucVxi{iWrpX$
z7B{)bnAHpm?{!(Kv&BD3uUMsd^F^P#Krfv=cei|Eg<>G=ErvhP-NY72@x6~+Dp<|>
zXj96~ck>jUY|OktO}mJxj_obqDUwoqS8xtvV=tD~97;jIe<>qdkrrQHhQ@!>9I|{4
zVS~^nO>4OTLm;a?V7CZ;ll0s-(;U<#i>c{i%^?NbZpPD}g>O6flU@J&3H51^4gVXx
z|9vtPyX=wcuPWhus_g&jmfd`BR(nEn-qk79`ShdxvT$s0%5i>SqKD|8<oc(%vW|#;
zT=?I6R<_D>ErZQTx%jhvnLsFXl?cN$3(ezE(nU_-^C6<Y>kM9qv4%7Brxr3FfDbim
zj@%UtO?Rnkdyv+}N@idmJ?kU^Bzr-SX@T_aSG?ym2S+D=*7WFneZ|A#EtXxJuFJjL
zr*&CiGuZBvE~p3*C=w2=4`IK_(EY6{bT3^n*rQQnREbkG_4SY8Bfq+lr)NE<yAP;M
zqea(B|4viQ{!fX`^I3l;p6ln(&rcw6#WGBMuJ9f;|0f9#KT=;_Bzyd8jv#3q>gdi+
zn%?8^$Su2nJ!03J%OV5j(<?mqi=iPE_ZDZ`l?P-|Zo-@@WKFQe)fxQ69o8+xC!&cl
z$*VNdPT*(k=q_D|Q4QI-TmL@*M?|bH9oj+aVl`}l>^F%(uHCVIBb9;2*F~pGt6TAm
zq`>zuiH~LmYwEVnh;lOdx;jtx8TC(^TQtl)YlCe7_#}pBWKv)nU5pwp?D8F<yFgpd
z&;{k4urr>$9~MoxNO$8jH@gV3FFXcqwJ=<0Tdmx~Bv+Q1t^UykZw`eiW@{YkPJsHh
zn{k2%<cD%{W~|M~51a1P$XXk2j;+7?SJ!RnX?3?j@;D4URwc<x=HtJ}J&EH~_|v56
zZFie-*H-tnP-jBQ#eGuS<aZvOf2^Q5B7{1ZGavt||HXeaOxGLag&gs9eo#mAuaIMy
zxVnty6qHWphvGUK5t7%U)=tCU-WeW)Sqqrkw-0Hp#JBCx1<=tE$gOLv#`&yX7&-`Z
zZo3W-G3KEp%-(y+QSw@D9Cr^`vt$n3mPS`I#hnb_sLTHGKgVc+T;ih9`kN4Kp~4eq
zyz3U+fSSJIv%)2(^{Su#k)u94lj|rmZsRWj+5HTV1E$Q2r)lW3dkAHQbB@<<<MWfz
zhIW&Dq`KR_L=aT4bXv*O(|%ga$p_qX<8}CUD^41qs0)u^V17EP$CC6V-=4+ijE4dU
zhZy_CCARSA#mcpthOGZ;?}=iM>-nJPe{~hZ=?bMQ?JLLR$D42IRz_87{tI=&@cJ2!
zV3xcp94Mifac*%I)RJc|hWL>7Gs5_~3Ns-&kLe!r5jx_#j2q)r7N|Rd@v;SvW-OE~
zYq(9rz}BSk@BGUviZozw=C%?N8^R3$da7Yku<cdas&y}Gx=8v4Rwt^(n@E=b0aY80
zNTByu%PjX#-FF|mVJO@>r=2u?&9uR^Mp1Voolc`Ab)}<l4ehPBriAgPqD2o*k~m-=
zZ(zkYs<tonr|{(^>?HJ%!S@TlJW(}rFgk^Kn|6MdLjtxoJxwof3|IfV)h!`0Q5`4A
zz%%Q7DPr`o1CyksU1fZKjZWWN3Z`%Me!U&%7qGh!2Bg$oL$||9X=X&loV%b{^4y0B
z9mlJvjpyFg9WsXTN>zKsz!TG9L3fx5gi;fEgALs93pzPFGt;Vh#Pc(#7|ezg=wihU
z3-u`cc8|#5c||oy+BaCBw*IF?P_p^4Ff7Eu@93AsphVvvIE`c=vit9zc_1Q#pAC$V
zK#?Tibs|S26GBnA>Nwa82FFi11slu$DBLA*$t7eEJf>8a2qB_O>j8bq@J)VX4w?3-
z!Lj}9m_7GyqrQ+w=SHi?!v7+zb&fW?JG#X?YnshM*{%4gz~>@O0z#XSgxc@`(z7wZ
z?WUxX#T1fRz*Rsz)L+W*Gm6$N#~BpRQGf*$Yr%2AMWMk?kXx_0TV4_aZ3ZwEzz~1K
z?(-X+8F#3s{^6wR$Hkx(x_UgAA^e!UFv=^tZh#7B>I^P>nlpbHS@WLXWsXGZq6c!H
zyMwN9LePDQeEEq%f;!SyO1S=7y(4L~0f`O_e$4Qk&hctsirhMML}`#P;6AU4WVQ_|
zw3(~f3#M}6qM;8z+jQt7mn4DE5`%>4?$;psQiEoDKCo2KG~uq|>Ac8Ib^tp?;PF(t
zTHPk7T2Cct5826MZyohn>F2Jm5uLr(8M-%gWOBNa-rd>V(~OgLGoNn|5@Yx+#HHh#
z!1wDIrwk8QAUsY?YogKT4;-xu9_I7kKK0~dpzwdt5ADjiS7my+J|)8875*`Uc(}^1
zPwD<TB!p$!(-fr-hmoV4nnibBnDN#)YUK-8$g1P>3P#qztMYrzMHRZd0*YhzMg!}M
zdTec~q15dSdd+u{FJ=*R#;H|?dkDG1^F6Vl8*&UMzaumkgqUa3u6OI07UF6lhiV#e
zMsi-%4?{HN#e3gZ356OGz97+E76+@`mBgBhCNM{;N}3+9R-~Ft!Zot2CS>94U)XVW
zQ~@*CNFAfSL=z8Sa}pxO!KM9|iRbxTk?MZ7(15mC5s|ZLpKL8V9}{TtU(=#KKzA`O
znR40e+&D}5tZ`u2JvXn%LOy&uk3EBnp`t;0mFEia%+S;GY;8M4-gTX_%tnqz9&J~<
zR5^b1lLe<{UM!B{1BQK`<;kIFZf)Bb+hCWQ+mqv){tuogW9p{&#6{>fWTOnI6IGJR
zyIZ!>*jUUO*F59n!SRGpXj=ANPHIdQUlU#czWr9{<?zNi0Yb#*XAfwVBqBn!@UP=8
zPG?WA+2Va(+v>9+q2XhT%eqK6Mcu*5q+%Veea&<YTfDs79Z7t#Cwu-!yDUcm7enef
z7g~e;j47mO9WUOM*WcA#JnfL3`h@K1yk(D9gb&fp=QBqK?iBPP<Wqknve*6I<p|Q7
z-6&YP0;^U({9^<{SAq8*Q`~>wq4LFq$=9=)%U(^36g%v$Qyy&{vpLxWHSV$vJ=%5)
zD)QwAyEK8FRI+%07B&B6T=JR(>xfi;|1DzPUC@Lj7gkyVM!dRsChJ6W>ZFLOa9npt
z;69kDC;SA)3AfM<<d$KBW0unS1!9E!^o6oL^K#E*EoU7Pc*+1zBOPo<ou~FV_%~Fm
z@Tg)%fO0JcrRU80KQ+rqqh|EcFR8q0s1+667cB9IOz3wv5Zei{ug7V4MG)q;n2F+{
z43Q!RH6^|e@d}Z8o#kw;M*2R-C7tIpw)k58eG=e+bv@fapZf=KfTv7Wh3pm&GISLU
zMt2s(2eVyNyi{hq^A+?KNk?<40%?<#W;O|a_@B9wU$b%IE}7(Ja#V4;C>rV#Fy~Y)
z4Cx3THHYR~J@j3dbL%EFI1NRM$INmu><2tCOPsDnMHRF6XSRex@eBfrQvSUdCTE^$
z%=t;~o@-X7QoQUwzrT^fOnDbg{idhA7BgY#^^AaFOz1C|Ubp1Q^H(w9@26g8k6y}k
zw~kq@K>~Qa{?Dh-f9o?k7;rE9q>z(MCh0@bS^{}S{<(Ph5DHRLs<?!uZ+T4kpKM)J
zG?)I=9ygzK4mbQ^zaQyOxhZ+LmeXP{KFM?=c%QGyx((Hii^}Cn9+$b^r+rZ&E51_Y
z`bC+^G!&41BahrwERSN>C&xMH*S`3Sr<ROHlVMwI-u8L*R%<-okGi|O8oGe$9xm*F
z*n~-RGRs_@PFA>!Pqd1Yo0EB7y}rat4Su)Mb2Wt8+su>8(TgYgHsGbF7e0fYk3pr!
zJ7xT1UH?a^;%v?tOTF*8r0SjlTuHa8+J=I!KR0}5>>dPL%ej!Aqg-7uw~PVn!nbv9
z>%wMSZAoF(Kl!JPpzdC=4{THEU6%!~lwFsB@!P=Lmx$G%7JHhYK5{iq0RgiQe5<%}
zFE5bWMjjzT5Uyo$#<3T4VNCU>VmlV#6MvwNi!(^Oo6+x)&OsLQx_#eq(ICEeHauvb
zUc$>{43=A9Aw6&|bi5Zwuon4WhMeo`{CbC-d~tYFqHb%^U$v71KjZzul_n138gjnX
z<2t<n1Rg5B<EOqo0hsSoF|>UFG~nGBCFzQ%Ey!YX7h3MBoGe1jd>qG27{%qKQ4u|L
zsk-wWu$tJW=J*4T*~2Ba=@KXYF&bYg{>m(~BBRGNvu?w<TW@jWUyZxWjzj?>MA{`^
z310#(d61)rO>2KnJS`rmyF9hW^M-j3fCB+ckH_*I$hl6Q5l2RE)x}q6>bTdu?X#A<
zwUYRCK3omn^|6{EH|-AGdYi2|J;c}Uh&iI(_2YviR)u7hr`_q(R(Z^2Qzl+PNv|C|
z#76%394QJie9@WeUv|7d!3YW^?L>Htks0Ei76CId>tCr$D7??fLn)BEQzjD%z4wC2
zJB?^nIsYinExx3D6LM4X|DB#Kqa34sS0fP)53$=PsXJFxlQD(Xa@}dU@%dY-e?@q>
z_v;-&J*4_F_;)BPMzYg}N|C3G3(+wT0kdwFZc1OpAH8ziC$oK4Nql6e%qPh1jp|~K
zX)D!VD^hF%MUIxz2?Rq*GDUKnA28h4DB;Lj_t3AZ@FwfMD-~%X4|l`#O0=$8&f$!f
zBX(o`tqZbTm4!$u_A6r{xe~`{x??w2#Xv(EidKB&vZ7ItRmPl`?riq1&4h9DS&!gb
zJ7tZAb8L?!9=r?>Be1ZUmW7zv#~>DD76@FB5@&J|cy9t+fstz5`|``>f2!u!JX1Lr
zy_rqzo{mp=bNT{S){yh#1>T_rE7Rmii{mCv!scU@xK3AEhf!+j@C`^!5#D?_5)iGt
z5;5~ngwZCqV@LMd>kzt4v#IP;nchtp*&_A5=!oF<ym0vI7|N3ZXovf1EU1zu_GU$z
z^M=`fQ?Zpv*f;ar?w{BIV}#9C69I?4y>b45Y#{U2kMJambTShuco;ho1U_#lU=DYY
z+v=0OQJ6go;&>p7bb~<o6G?S%t}OhTL(w=p<>+o_v52}nSK2SVO%Cv9z%2-`BarG2
zYnRWEGjo?+FA(Zz47NYrru?~g*j)Z?EK<qq*zd8-Z*inVt6L)j)}>EB14ERTn~Ilo
zktE=3w;>zTT?R}xWbJ{=_M55hH8<_Ntq?Z@b2u9jCRH{*DLo<jeYada@K}g;6)=bV
z8b@6mujpxF4|9AKa3%W#&)>q8pw3){F9Izi&AjyxkfO6VFNhK9ZM<79K8M1)o13Qj
zk&huZ02Fl}%9vG?R=7)0mrdR48~(dZ>lyDUx<9Hl@P_#KuU&qVEnTR49ILJ2DYbS3
zjNdzk0bF>9;kb_3&5|-(FACq?p_62ItTP#plI$}qv=I4K#&Vp9h8i7)ie|tmdrhp^
z*-8C<1*Uy=gnVoXEI1Xs*3zk*#v1UgJFR0FhT`p3Ew*_;fvf;O62Jokqd>w*ea*ZG
z6j(2Bw#}qZk*_t??c>9_ngJiu@@YD#-Fu#t;hcwketKCg!8<Uc`{>6;M0W;GCr2vj
zBIahW`=OI1pf<)K?0g>#d}y-c_|qFnc=&yAE|sVVRS`3aKx8gyMpu;+j9f5miD^DK
zqn<JjE)L3@flrhZT-YK;@xxhIc^19~+gASRi%e@_*daLQ(X)*4cHD{Lufv(8;vDJ`
zdw0Dp|CCVJ`MD98yiq<obK$y%5S%8MmWiqZxYjopJCKxuJPB>?<#7e$7)+BO!V}ya
zW@@f{1v&+U6~<DokyzJp1Vlw|j%A493%Jv#i-rLM6f7#%B`}zlAhy&3CfhR{+cn_{
zyyneRs5lZw?(b^Ac}sdhW!-8m=s&*G^iOXf;hEtW_=|>olllWo;zoN~Lr`#A6kb(+
zHHkl}Ho=un&Q?H3rnw{G{!oqHQT`hc!3BqN^EN)hiq?jG{2e*Dmodl2reQ(QAw-tW
z$Ft8SYpBg|_@HSoVAvM(Ylv`MM}wwU;Y6m+`?x>|Y1r%xy*{GgG_iw<;bx6hfde9S
ztKFZ$-Z#TU2%o_$Q7Mg|M2t^L!F-ta&wOzpl6`pBvg%z=PsfmrlMv_)f>XRE+TMu6
z?Tp`Ivks7%ft~5zK+-8*6$Xn4A1Hgi)sRSHT{3WfXh&JNVmCra)_6Ly5j5D=$l8T@
zC6K|TwIk+qLvX`<0};vDh8@g~w}l0lrP56VGJsJ6_|_>$Kkg9XWtVHCvJaIWVMi(`
zJPK6JFS-<N52~}P%n8Jj8t(aYS(}A?oTrgOBKy=S$})X8aJv+4h;W^Tp!bN@sdx5f
z_SDPfpjuHYW&ew(mnS4_J$M(sRO>lTx(89=d9YZM5F9+1A{F1(<)wHs+cO>tSzRSN
zYn<Bcv|s^dOO-BKyE`T}taCl#rj9xbwl3a8^G*k*f-Yy?!x?#`V9Nlkr?_o&G8cDv
zcYjVD?mK`GXslWu1nA7)Y+SMZFQaMdWyZ7CT&p=nLxilSAbJn3^oAfKyN=OJMfjyO
z+>8Q?EYpsVdp^+XBZv`?SSo~L|3xq&Y73l*tv))HMSVpjI%fI!tpPF!k+JQ`ttH70
zw|i7U;(7A8C?_AgN&2Z_&J5Sqt%3Hk>j-*ICVSg0><NCk<o0>rldP<XDeNH(z>USn
zJdvO?Dl2EEN9)!gS*;bH^C!zZt%1&s{+wK^WrDWnWMY)B-?H{_;D*bECxun=CQboq
ze-;yr^X!Rmquj|6fyD_{+m~~Qi~S%mC)ap~;G%<(ZO3>A3-)#E*75LsM^KS-_RtEj
ziNi6&Xr@A(51vmV{c9HgU;<SAtjO?N1fe4;V<+V27gOhg&2rurCmkft5-<vWtkr)L
zD((7ZnY4Xch(W`56JGFl*tbf`ZO}HKvzO{|Fu!H~(|%_@k6j$OZvI<C<1P~)R0H<B
zJQ&QDo440L>dnJO(;?6qUD`PytbB-0Fr&BQV-N$3(x<ls(tWHuDEs3FgU=XV>;(O3
zf_Q-)2#UE}?zJ(`e}=WL%K^M)<X4bg&PmN&H3%?bcEd*u0MoPUj>C|UsO7d?ej7v8
zSsp$-IQr4TX3m|a&y*f{eVbuY&fJU&%E-%!Xz$pJLw_i*afzn9?xSUnr1a_+?FSVy
zUs6U75=MZfUM$;}4;a{J1p3XsYrr$F?OaU~*DhYeT6v4Uu}xD!GnK;bKO<EZZV6OJ
zK4W6%*Ib)Hal7mY%KNVDx7)9e@|6_z`(jVFkci|vk{=&vegC67u_PH^M59ndNJpX<
zWmPTTU1E@+M(-1-#)PaLbErlH(&tBrJ4X4gucitBy`1`pzgw}h?E5LcijvaTJVQcf
zuV;&FM)8%D*G=I%%?q$(2E(6bt#w356y6{YWQ9&dK2Ldn7?M~Bb~U8GZNN~!KkRMc
z>3k&0I0IVDQ=O{}VAjS2CK#FYdEOJ&_BH<kZg`ixZ|bCYjXSb!3)Nr*OvxP{(y^;j
z1|21Yhb7(Rot(pv(yb@G7*{ezQo}!BJ}B1c6L=iCr_H`**kM^${&n{xPw4R1RW<MK
z;P-HNx3Uo)7&WiayDIJMn9JN1x@J@kZuLu}c<ts@_GkiEX00fC8XPD(f%))JO6!2z
zrHb}QRIFMuGlYD!EMsg$1=-cMKls-zX-Px;My9Fh3Dd)y+l}kq7eNZIMkfp`dPbFu
z+K)WFnZYWMuQ7Q*HblN=%*?Z+8p9iMPpKRx1k`)TMS2oR3lC~~YLFQEXWPnIOqy)o
z^7DI$nz=wiOwqfI@>Jdgxy5~L4R5nMdB|_+sqYMLTLJ2$x@c25ojiB~DQ;?`x@-<^
z)c!|VbNmN&KK!TP=7zWb5M{M@{a^n-Ng{^oF<Ky#HtV^iN033*J+3I7Jn|MD?n==r
zZPS)!kp3Xy;*wU8y`5Le^(#J~+0ALK_)c|WpyO_^L|x@PxSuJSiyw5%NpuWpWrEQf
zh;RmVOX@41GMwp5=RmSfwxibs^`5kC!lO60#nJM#Lnf^b){S8xXqtZvaK}0_>=u%S
z7vV`d`>S6{R-xa?XZ4Q8A9`t!({yV8J?eGxM#<-#nx9Pyr03)URv^SC3B)b;p8&Or
z2bxftMizoD;0Cdb2g)J^LjO<A1^ox$M4mtufGpqvrxIt82A)6(fnZH!|Bu+K<_2K`
z`bJLxD&P>9kdwK^c2cDN<qU`-@d#`Mz>fed=r_m&xyO2P-+@7zJzJ-a85^yS!fxU2
zU^^~g{cmLY2xeOBIBTy*TJ)UUO|x%CTDIF;^Eqnm<h>3zYC+g)uR$~qH_QQXHadNB
z9RI`p=i{!r>+iI;P9ptR-ELy5wF4FU4;J|k{@->V#%im#;Id|W%A(}SiT=iDgo~F)
zn#~DLzQ^GshJK<g=gwO<ZvN}y$Y~9=gYV9tz>!luARFJE>h^oD%k=S))9wH9|AS{H
z|2wdY?!Bsf{*Ij50a^YBNB$rC)nNRz$IRI?h7z41H>GQ#E;|9hEC1&4aInY+q!ot@
zG(kDHs|u402FCv~EKX+xvtn*oD2RKT`;NbXCpiy(`5QoS!=1|w_rNEAI_}Zcr7Fm8
z5X)Pye$)H6XO}-K1gfk0cctO1mt2{=>yQZNb|wdGta(zovBAhFVizXB1;f6jkGPcZ
zJZ1MI-gZ5=79kk*X-zZ{G2Jkh>oAaFvnJO4A*{rtuH{iVLU>EhB@T;>yH&=JGpx@c
zT2mlBa2*=dc=Bw~D|`0F$<6)V_(PWP$+Qu+`pA<BJ}us!+vT?{2dBrr&ce;^tItc0
z(a-x&P0&^U*ntG`PGo8ycu8V;%cA`;>N@uTJq*=Nb$U%}#dh+dRm%ohV8@n%lAS}k
zWjxZTenO$$b-!ZTi4K!)f#k&^Sf@rAK`QNRgwgNsix$aGn7$x7B-2>k*PHmur4NeO
z;#n!7Qum?sU{A0^?ve8czjD0*KMB#t8x_V50h&A%42^3<;0lV1up#bsjQAAdKCb`^
z(?E6*l@0nX5l|_J2v;vfQ4Inch)cvmE?>C|j<?|m=teo^YX3*m%qH_i3nC#m7F80`
zPwWADy|I6S#Y`%NvnLK0F|DGo63_N6^rCSx%$EXbszY)LEqdkN|7#^w9f><q<n5-I
zGM~KlrawiIAIVGRGQ{};ZvqcIp=3G5=(D`v>$Y4-t@u$8%Te9Maa7Yw_K1w1eNdLn
zEP<>tXiKPX2u1~m1qnr$z$E8!%|sE*m0U|i_0P8GmR`h_9nO&OCm5@anx*Hw<4rNl
zCF%x{2Rwq;4S^`t<(e`}N^31AVs-g%)f>MJOx##j1!oNi+YgB32GbWp2D86{1Rarh
zxVbGWGu=irj|E)9Z>bJ%uzB}hHT~cI1?Dy>(<;!Du&TaZ&_h-w*gwftX@B<`yOia>
zQ=ht2Ef@9hq6S@xWB0Rvay9Ezx!Zd!vg!z{RNH)OG=3&7X-pu#PxJ$=e*kpnC`X(<
zMdP6wshH?-)n5{|C!JZE6?LsD8dQIVr*fEJ<<D&iHPGPqAfmO@zX8?hZG41uu%|q@
zj_dZqZ+YnI5p<4yF{BRr43~P?^;^;bkCirb6uT986kIYg({{E}^Ws+Llv=Nq9H#$m
zUb=Fa+VfhE5FzJJ{fkLi(vYr47xN`7$mLnlkPSw=aI(wnhKJR*zXXl>?q@g+|8mdy
z-Kdl$>IPMF0J`0CF*b+QoZ(8R95z8I^HmTuA7WYSG{e<66Gn?5a_&ANbL$^TT^Ps*
zB)?=eKS}j1(oT?9Cl}`AE<}^QI$zL?_PLrXK!IitVDZlMVK5)l641)J`{?<MWtw7|
zQ$^NVz}PTf-fafg{uQyDb0g<IOOK;D9#Fv(GO}BrxKoQElO#)HZydR)?x(jM?KEXA
z#g;3(q8aLl6El52j!w@BA-`T;!yatCL!zjL$-HK`wCz%u{SF-?P6le_XMPa;9QI5V
z8fy1S_JO;xG`?-zPqEJ_OUr%w=o-M86gFtWGljatm+h|o>plCv)+RIW?@*LV@|SK4
zajGWMx43D=#yuG<^9zNd-@>BMOv{3<x>0II93(ZhC4L9Lspd4a?8ZyNV6DE)@R>rq
zlOnRMIH0mtBi6B*)=wSs8%AzNB-Z2yOaCGk02)5?M)t|`Qm#62`y%e5wIInSEO2Kz
z+Y;ed<>4q)GjNos9T9QJUv<h8Z*xm{wYZb9?Dp>i;rSoy3{xJ@eQFuNBBp6jW1YP>
zd4z27^&n^vpgEvKfO?Q<qC!Z2H6sXJ85M*V5BYghc&fDxy4e6>;$R5h^V4hg3IVyZ
z5B%lo<H47Bc!$Esnuh~vQpcWA#F#jZ&NNy-jMrl}MNEER;mgW%i1ZTddeT*rmtRD}
zCOs7n-1><1;*p6I8+dyvgx0;*_56N{S)LghG`H0Z^J9EG|045zb?v?;1hI<qRG%~9
zsX{QS1B`r0277C_FS<!jk?D^j(auu7x~$IIkgps2CVsfe3*xt9<lE011n!Yq;4H4V
zs4Cw?6R&U;D$Ujv99EDbtUf0N+4UuC!1?MHCuFLdfrK@xZFk%kUpY20O@Bh*eI=>T
zsg8T5ig)Y=zK~n#;lF<P6!96t@Uz9&UwX>@s%WxH+w+bGI9FU%5eEtQ5+V1oISEcc
zuI!HEcTb)>6!G<;i#0s<&`EhbyC|0elFuP31klc7?+cl^ma+gdLl{{cz0<qIIO}Ex
zPwqth%}UHI8#0Bpejkq!3=AwsE;ldZ@+ob(@*6=8KnWw?rpYwN$sJ1v??$$y&LrrE
zir+aH?7(o5%^yDnzmj>+#QBYfnfc6z_W9MDcTcYu#)+$wEb7aw9jc(Ha2Kvy=OL$M
zhNIE%$oGWtlTw-MTfF{nMkm~3s-wR1KKBiUOYYA48z~%|H6tTfUGdi7*+_|#dZvba
zi;1x3>;rT5uo=U7#K}#bu&?KVRJ@87eodhgzwvcR%TxL$Gvv`Or<P9!h1tX$XCQGu
zMO~;H>Q5tqIvvK|pEdE<-<RI+1gu)oP>jVt;=@aaRq)9oW}TTw+Ujd7|AU&O!NK0%
zx@VptEP%0%n_!RsWt3FRIL$yOlI3!*FqFz+E?=&db_AN|zi&5R&#Ov6&F<>5xfP>R
z+119qj7G~HbC$a_;~bH3sXJY%2)!!Q0H<pDBF*#tBUBw7dYk%+20)zR6lr3*U@_WL
zp9*zka*G*}41oejQOS?COR2WEgCao~)mKY;{5N|j#B0)-dE_G94m~n|=k2#qTeD!Q
zO1bxMmfwN4bx3#$)G(ByvqaOFP5?1L2GR2DVMTL-^B3QCYn%jXuHJ9_=MTRUwiLkt
zd-UKQPNB;UnZr7z9U!!Eu3na{h?(VC?59Se?f~(}@9Ms}eXEv1B9&o%j^?o+CjbxP
zF<&_y-?tP3C=Y^ug%iZHB_hReN1q-z>E#Z(Y5{6E9K<M~2E+-!Q;ufEVCkU}kqS#I
z+Xfm^oj0La$&opw&iqyLZ(6j{6Tt!B5XV|on(9s(HTKMwLnCvRZS1Cn$<r-AZZTF{
ztF*+(wiqsdG8kM}R$$V<AY;?r2fA1iEkZI(QQW~+{joY|!1l3mhPI_MvwHL5kuhJR
zZY(*5OG<jf)hz|%p}QCM_viTJ9Qc8KUb^zl5snx3@qf<)T|jF$9He%yg5T>mNx>FQ
zgAOnLvkkY&ko^Pu4TXWp(?Y^|8Y)<^ss+TeVE~V}f|=!xpyMt#4+`o&7#BKpQUE2`
z@6Tn4d$qZ!^1MG7H6eN}H;m!RAFY3xphbkwQr|gNW;#uu3sL?K=MpTeCPp~?LUrR%
z9d;w*SvrFj%;G!K6|xG$Be{4X1IPRKBe$n)WGb3tP9p8yN(o;GUv*8#vQ_eb#~7SU
zLDHeoQYi6ha1Km~=ijjH(SyAr)j9;UBSnRd<4>=mE!;tYV1);CQlx3q^sLUmDd0XQ
zGY0z#C$qdfI(Pl-!2BS`NF1nh;GWHO<@o~&o7yuw5RHSko^{2fU8-MpH3IuIr5oAI
z--#U1i{C9qAn(sRipfJNoV*e2awLICZZEtC_<pCL`a*LdUPL3{$DzCT(66Q|8TJId
zi#=#vFtBR88dJ%iPOe9-9k59>UYx_CYX0f9WU$BCmd3|iMjJ8d%$|d(n|~ZE7+sVR
z$Xw(_2soA^U;gW9+pUU#YZ3AO#(9Z5gVcAZ^xRf09Q!38|7S$o$bN6NS7SN6g(N!Q
z`d1LS>yK^hKjOumh-rE`bE>qoNw5LjxVmS&qFs=44&iV+U3wDyJ|89&d@ll;_zyJa
zj4)TorGKNIRP_%)!g-<@TR=0eII1_L>0QL;c!BB=DelNiPh4D@r`(GBKClx!5YgD#
zNA>GP6Nqwu>3rS?Ki-?Zp4YlMh!?MvrUx1axi{i=YVuq18QY&Xe`}Y5Sf_Jp*Tw?U
zZa!^M136;WBl<SVAgUg2d_O0W)pp9%nxfL%Q*7LP_&FcxuWbSL42k~mgimFkxIr!V
z@^zM{mv{1<3i8UwFACFfe?->Ttrnm>>LK;cKdS{J;lg?bDZOn{Jqmz+zXX<cU<j@2
z?hAL45TDyH9V8f26OSxTJ%g+dCD|K`y2UQ)t|hOr)4XnJUyFYrerLnTh@<!F=TKyr
zN@5K)zw9yE6ck8<oi4g$zIbD>b%*XNIfiljR7Y)uRAVD%L6~}M_E2`We;ixG3V$qg
z?1BrO{@08I>R&%T_dQ)PENIam(^CDZAMB1iNZw+%e$Sz++Qn>*z3xFSZtE6QDSq1$
z)73aHD&6pzSjtBq*}AK)-78K;Hkwb`DY~o7`qTX)HurR&hs?RpS8^)uy(KW!m{Bg=
zAl1BL&he5Y7j^rT>yt_ZV%pi3*2|haQhGmU(aj4V)*kru<+C}Pv6GU=u`p||7i*u!
zSYF>F?9XMHy(rB(ds*xfhus#F%6`uJbm#kZ88(x4#<PhHoHxUZB?1D(<3HIvIFYK!
z#_zUDzas6^)Hz%kIh)$;BqA=gKFfK~c%JRlZ<iaIwkK{nye~^<o|Sk1TTa5-y^r_K
z;k|NuGxwUaHxG1`&Dz`uR68x5*);S}?s>Lr1(S0M%o3zr>SX`kN@vbqw1=7X$8&q>
z7wavgUzn#emsgm5C^KTbdrO96#!vq={XbjzS$?_k-pl7>IdNX_o<_g^RL;uC+lTwV
zuRgVF=9=1#3$g_Ce^?7`;tzflS2Od&tNqOK=Kro7n}6#^uzb7y)|#{{JGi+wc;9JV
z)l{EhzYy3Fb^LLF@6e{Z9Mdj0TX6i|UM!Hct2UbbVbr!Kdo4I#-~7Oo{a7L9qTgeM
z9GRBwB?8w%IJcJyT)UN;`#{R1)PBEUV(#?^vozj2e7(ClJK)zEvyVJ^uZ|mA?$HZf
zr~7lsG>tF6)~tWNf6}e{v-FQO&Y$!6Z>7}-rb9J*|5sZj&-&E<v)^7NQ>OK@{KvGX
z@9S=e)=w;FEEV!fx*>Md#csYFt7A#)!%sFbyzAe3%~d#{AE9?t_QIKZ8*av*|9{*6
zpS~wuIFLcX-hw50<Gd{WL)K31GQb71vTD0CeOB)I;y20kW@yKz-}5%<J+_#1?u_;A
zUx77>Z!YuiKG)w`H`i$U(K9>SE@oIgi2*KB-lYA0!{k_hy+bdwzD!POEZ6yW;-AtV
z|C~mJ^%iv}Jeop23oGrut@c?fFg-M?Y*SuXb!c4i0`4ZZHD7bYb=Qk|cPKw{U1%x4
zJzBHyN!;AlTfQGsE4P_@RlIn4@xA(!CH}{_zc&HrFImzzxW6c#-*m{RY_`XOH=CT6
z?wBtw?ia#k;N7OD*0MAE>6!x{;se$BPV#uZ=vnN#>f<)UOMh<L9A}+!)1`XiYUlZe
z@#g}(!=|fB9jKYx_r^)G;A^f`Y4)y|=YJlYU#8L-+p4m$`0B$=J3KOUKFl~8<e_qp
zbB5>QJqjOkx?>)OZf*FRz#ng>@?4~}=G*uFtzlK0MH6o|&dAPq`{C)g?_RsBbE~6G
zUvByKbynHdF8_RY{jKxOH_V=X>-6l~C(T=ro~n3w`%?G4Gva$f=Wzd$KCg8<!#G(?
zZ{eA|XPdUFv$H*3)!?)&KC~=-^&J)M{Ir<oX&blxir-cLn!9{&dH1^S`*N;-_4i+2
z|N3TCZ2UXEo!fKXS)U2`6ZAM%fA`CGi}dzgskm;vXYcN{OC;WV-9K@pfASaE`#iSK
z7c%USZQ1)^Ug~%5u;x3V)51D(3eW7*T+Z<+F8gfO6IY3*09&7%ljIVTCYqbL&eRq3
zYCX_wude!jQ+wj}FV54f-((#*{kG<^cC*8VRJRGb8=9VXPhpp<DgJ!+KYM^TBa;X-
z?h{aeTb99KNh65DaUKe~A?TZ)Ax1DTENKh^9<GA11v<c+l?|kX2?$$23|9~V0F)&N
A_5c6?

diff --git a/Solutions/IllumioSaaS/Package/createUiDefinition.json b/Solutions/IllumioSaaS/Package/createUiDefinition.json
index 356beb9ff71..cb18df34c5f 100644
--- a/Solutions/IllumioSaaS/Package/createUiDefinition.json
+++ b/Solutions/IllumioSaaS/Package/createUiDefinition.json
@@ -6,7 +6,7 @@
     "config": {
       "isWizard": false,
       "basics": {
-        "description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/IllumioLogo.svg\" width=\"75px\" height=\"75px\">\n\n**Note:** Please refer to the following before installing the solution: \n\n• Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/IllumioSaaS/ReleaseNotes.md)\n\n • There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing.\n\n[Illumio](https://www.illumio.com/) connector provides ability to ingest auditable and flow events from AWS S3 bucket.\n\n**Data Connectors:** 1, **Workbooks:** 3, **Analytic Rules:** 3\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
+        "description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/IllumioLogo.svg\" width=\"75px\" height=\"75px\">\n\n**Note:** Please refer to the following before installing the solution: \n\n• Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/IllumioSaaS/ReleaseNotes.md)\n\n • There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing.\n\n[IllumioSaaS](https://www.illumio.com/) solution provides ability to ingest auditable and flow events from AWS S3 bucket.\n\n**Data Connectors:** 1, **Workbooks:** 3, **Analytic Rules:** 3\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
         "subscription": {
           "resourceProviders": [
             "Microsoft.OperationsManagement/solutions",
diff --git a/Solutions/IllumioSaaS/Package/mainTemplate.json b/Solutions/IllumioSaaS/Package/mainTemplate.json
index 4ccb7dd0f78..71e6d301129 100644
--- a/Solutions/IllumioSaaS/Package/mainTemplate.json
+++ b/Solutions/IllumioSaaS/Package/mainTemplate.json
@@ -483,7 +483,7 @@
               },
               "properties": {
                 "displayName": "[parameters('workbook1-name')]",
-                "serializedData": "{\"version\":\"Notebook/1.0\",\"items\":[{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"parameters\":[{\"id\":\"9875bc24-f51c-4151-96f0-2e4af7039364\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"Time\",\"type\":4,\"typeSettings\":{\"selectableValues\":[{\"durationMs\":1800000},{\"durationMs\":3600000},{\"durationMs\":14400000},{\"durationMs\":86400000},{\"durationMs\":604800000}],\"allowCustom\":true},\"timeContext\":{\"durationMs\":86400000},\"value\":{\"durationMs\":86400000}}],\"style\":\"above\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"name\":\"parameters - 5\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Illumio_Auditable_Events_CL\\n| summarize count()\",\"size\":4,\"title\":\"Audit Events\",\"noDataMessage\":\"0\",\"timeContextFromParameter\":\"Time\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"card\",\"textSettings\":{\"style\":\"bignumber\"}},\"customWidth\":\"30\",\"name\":\"Audit Events\",\"styleSettings\":{\"maxWidth\":\"30\"}},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"table('Illumio_Auditable_Events_CL')\\n| where event_type has 'tampering'\\n| summarize count()\",\"size\":4,\"title\":\"Tampering Events\",\"timeContextFromParameter\":\"Time\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"card\",\"tileSettings\":{\"showBorder\":false},\"textSettings\":{\"style\":\"bignumber\"}},\"customWidth\":\"30\",\"name\":\"Tampering Events\",\"styleSettings\":{\"maxWidth\":\"30\"}},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"table('Illumio_Auditable_Events_CL')\\n| where event_type has 'port_scan'\\n| summarize count()\",\"size\":4,\"title\":\"Port Scan Events\",\"timeContextFromParameter\":\"Time\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"card\",\"textSettings\":{\"style\":\"bignumber\"}},\"customWidth\":\"30\",\"name\":\"Port Scan Events\",\"styleSettings\":{\"maxWidth\":\"30\"}}]},\"name\":\"group - 5\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Illumio_Auditable_Events_CL\\n| summarize distinct_count = dcount(href) by event_type\\n| order by distinct_count \\n| top 10 by distinct_count\",\"size\":0,\"title\":\"Top Auditable events\",\"timeContextFromParameter\":\"Time\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"categoricalbar\"},\"name\":\"query - 0\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"title\":\"Change Monitoring\",\"items\":[{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Illumio_Auditable_Events_CL\\n| summarize arg_max(TimeGenerated, *) by href\\n| where event_type == 'sec_policy.create' \\n| mv-expand resource_change = resource_changes\\n| project TimeGenerated,\\n            workloads_affected_after_change = resource_change.changes.workloads_affected.after,\\n           policy_version = resource_change.resource.sec_policy.version,\\n           commit_message = resource_change.resource.sec_policy.commit_message,\\n           modified_objects = resource_change.resource.sec_policy.modified_objects,\\n           change_type = resource_change.change_type\\n\",\"size\":0,\"title\":\"Workloads affected by policy changes\",\"noDataMessage\":\"No workloads were affected by policy changes\",\"timeContextFromParameter\":\"Time\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"gridSettings\":{\"sortBy\":[{\"itemKey\":\"TimeGenerated\",\"sortOrder\":1}]},\"sortBy\":[{\"itemKey\":\"TimeGenerated\",\"sortOrder\":1}]},\"name\":\"Workloads affected by policy changes\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Illumio_Auditable_Events_CL\\n| where resource_changes != '[]' and isnotempty(resource_changes) // ensure resource changes are not empty\\n| summarize arg_max(TimeGenerated, *) by href\\n| mv-expand  parse_json(resource_changes)\\n| project resource_type = tostring(bag_keys(resource_changes.resource)[0])\\n| summarize Count=count() by resource_type\",\"size\":0,\"title\":\"Changes by Resource Type\",\"noDataMessage\":\"No changes by resource type\",\"timeContextFromParameter\":\"Time\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"gridSettings\":{\"sortBy\":[{\"itemKey\":\"Count\",\"sortOrder\":2}]},\"sortBy\":[{\"itemKey\":\"Count\",\"sortOrder\":2}]},\"customWidth\":\"35\",\"name\":\"Changes by Resource Type\",\"styleSettings\":{\"maxWidth\":\"35\"}},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Illumio_Auditable_Events_CL\\n| where resource_changes != '[]' and isnotempty(resource_changes) and not(event_type matches regex '^user.*') and (event_type has '.create' or event_type has '.update' or event_type has '.delete') and (created_by !has \\\"agent\\\" and created_by !has \\\"ven\\\" and created_by !has \\\"container\\\")\\n| extend User = tostring(parse_json(created_by)['user']['username'])\\n| summarize Count = count() by User\",\"size\":0,\"title\":\"Changes by User\",\"timeContextFromParameter\":\"Time\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"35\",\"name\":\"Changes by User\",\"styleSettings\":{\"maxWidth\":\"35\"}},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Illumio_Auditable_Events_CL\\n| where created_by has \\\"agent\\\" or created_by has \\\"ven\\\"\\n| project user = tostring(parse_json(created_by)['agent']['hostname'])\\n| summarize count() by user\",\"size\":0,\"title\":\"Events generated by agents\",\"noDataMessage\":\"Agents have not generated any events\",\"timeContext\":{\"durationMs\":86400000},\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"20\",\"name\":\"Events generated by agents\",\"styleSettings\":{\"maxWidth\":\"20\"}}]},\"name\":\"ChangeMonitoring\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Illumio_Auditable_Events_CL\\n| summarize arg_max(TimeGenerated, *) by href // try to filter what event_type to prioritize in bar chart\\n| make-series events = count() default = 0 on TimeGenerated from {Time:start} to {Time:end} step 1h by event_type //from ago(1d) to now() step 1h by event_type \",\"size\":0,\"title\":\"PCE events breakdown - every hour\",\"timeContextFromParameter\":\"Time\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"unstackedbar\",\"tileSettings\":{\"showBorder\":false},\"graphSettings\":{\"type\":0},\"mapSettings\":{\"locInfo\":\"LatLong\"}},\"name\":\"PCE events breakdown - every hour\"},{\"type\":1,\"content\":{\"json\":\"### Authentication events \\nChoose from below drop down to filter authentication events.\"},\"name\":\"text - 7\"},{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"parameters\":[{\"id\":\"1ee7c425-b1b5-4a71-8dc3-9b447fa1f316\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"EventType\",\"label\":\"Include Event Type\",\"type\":2,\"description\":\"Types of events to be included \",\"isRequired\":true,\"isGlobal\":true,\"multiSelect\":true,\"quote\":\"'\",\"delimiter\":\",\",\"typeSettings\":{\"additionalResourceOptions\":[\"value::all\"],\"selectAllValue\":\"*\",\"showDefault\":false},\"jsonData\":\"[\\n    { \\\"value\\\":\\\"user.logout\\\", \\\"label\\\":\\\"User logout\\\" },\\n    { \\\"value\\\":\\\"user.sign_in\\\", \\\"label\\\":\\\"User signin\\\" },\\n    { \\\"value\\\":\\\"user.sign_out\\\", \\\"label\\\":\\\"User signout\\\" },\\n    { \\\"value\\\":\\\"user.login\\\", \\\"label\\\":\\\"User login\\\"},\\n    { \\\"value\\\":\\\"user.pce_session_terminated\\\", \\\"label\\\":\\\"User session terminated\\\"},\\n    { \\\"value\\\":\\\"request.authentication_failed\\\", \\\"label\\\":\\\"Authentication failed\\\"},\\n    { \\\"value\\\":\\\"user.authenticate\\\", \\\"label\\\":\\\"User Authentication\\\"},\\n    { \\\"value\\\":\\\"user.create_session\\\", \\\"label\\\":\\\"User create session\\\"}\\n]\",\"timeContext\":{\"durationMs\":86400000},\"value\":[\"value::all\"]},{\"id\":\"4f1ca215-f902-4fac-9bf0-834e4988a107\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"ExcludeEventType\",\"label\":\"Exclude Event Type\",\"type\":2,\"description\":\"Types of events to be excluded\",\"isRequired\":true,\"isGlobal\":true,\"multiSelect\":true,\"quote\":\"'\",\"delimiter\":\",\",\"typeSettings\":{\"showDefault\":false},\"jsonData\":\"[\\n    { \\\"value\\\":\\\"user.logout\\\", \\\"label\\\":\\\"User logout\\\" },\\n    { \\\"value\\\":\\\"user.sign_in\\\", \\\"label\\\":\\\"User signin\\\" },\\n    { \\\"value\\\":\\\"user.sign_out\\\", \\\"label\\\":\\\"User signout\\\" },\\n    { \\\"value\\\":\\\"user.login\\\", \\\"label\\\":\\\"User login\\\"},\\n    { \\\"value\\\":\\\"user.pce_session_terminated\\\", \\\"label\\\":\\\"User session terminated\\\"},\\n    { \\\"value\\\":\\\"request.authentication_failed\\\", \\\"label\\\":\\\"Authentication failed\\\"},\\n    { \\\"value\\\":\\\"user.authenticate\\\", \\\"label\\\":\\\"User Authentication\\\"},\\n    { \\\"value\\\":\\\"user.create_session\\\", \\\"label\\\":\\\"User create session\\\"},\\n    { \\\"value\\\":\\\"None\\\", \\\"label\\\":\\\"None\\\", \\\"selected\\\": true}\\n]\",\"timeContext\":{\"durationMs\":86400000},\"value\":[\"None\"]},{\"version\":\"KqlParameterItem/1.0\",\"name\":\"Status\",\"type\":2,\"description\":\"Status values\",\"isRequired\":true,\"isGlobal\":true,\"multiSelect\":true,\"quote\":\"'\",\"delimiter\":\",\",\"typeSettings\":{\"additionalResourceOptions\":[\"value::all\"],\"selectAllValue\":\"*\",\"showDefault\":false},\"jsonData\":\"[\\n    { \\\"value\\\":\\\"failure\\\", \\\"label\\\":\\\"Failure\\\" },\\n    { \\\"value\\\":\\\"success\\\", \\\"label\\\":\\\"Success\\\", \\\"selected\\\": true },\\n    { \\\"value\\\":\\\"None\\\", \\\"label\\\":\\\"None\\\"}\\n]\",\"timeContext\":{\"durationMs\":86400000},\"id\":\"c8996627-2e77-4386-9c23-1eb5d50df311\",\"value\":[\"value::all\"]},{\"version\":\"KqlParameterItem/1.0\",\"name\":\"Severity\",\"type\":2,\"description\":\"Status values\",\"isRequired\":true,\"isGlobal\":true,\"multiSelect\":true,\"quote\":\"'\",\"delimiter\":\",\",\"typeSettings\":{\"additionalResourceOptions\":[\"value::all\"],\"selectAllValue\":\"*\",\"showDefault\":false},\"jsonData\":\"[\\n    { \\\"value\\\":\\\"err\\\", \\\"label\\\":\\\"Error\\\" },\\n    { \\\"value\\\":\\\"info\\\", \\\"label\\\":\\\"Info\\\", \\\"selected\\\": true }    \\n]\",\"timeContext\":{\"durationMs\":86400000},\"id\":\"79d0945d-d0f8-4293-8dc2-3c57391cde95\",\"value\":[\"value::all\"]}],\"style\":\"pills\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"name\":\"parameters - 6\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let included_event_types = iif(\\\"*\\\" in ({EventType}), dynamic(['user.login','user.logout', 'user.sign_in', 'user.sign_out', 'user.authenticate','user.create_session','user.pce_session_terminated']), dynamic([{EventType}]) );\\nIllumio_Auditable_Events_CL\\n| where event_type in (included_event_types)\\n| where  \\\"*\\\" in ({Status}) or status in ({Status}) and \\\"*\\\" in ({Severity}) or severity in ({Severity})\\n| where not(event_type in ({ExcludeEventType}))\\n| project TimeGenerated, pce_fqdn, event_type, status, notification_type = parse_json(notifications)[0].notification_type,severity, created_by_username = iif(created_by == '{\\\"system\\\":{}}', parse_json(notifications)[0].info.user.username, parse_json(created_by).user.username)\",\"size\":0,\"title\":\"PCE Authentication Events\",\"timeContextFromParameter\":\"Time\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"gridSettings\":{\"rowLimit\":100,\"filter\":true,\"sortBy\":[{\"itemKey\":\"severity\",\"sortOrder\":1}]},\"sortBy\":[{\"itemKey\":\"severity\",\"sortOrder\":1}]},\"name\":\"PCE Authentication Events\"}],\"fromTemplateId\":\"sentinel-AuditableEventsWorkbook\",\"$schema\":\"https://github.com/Microsoft/Application-Insights-Workbooks/blob/master/schema/workbook.json\"}\n",
+                "serializedData": "{\"version\":\"Notebook/1.0\",\"items\":[{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"parameters\":[{\"id\":\"9875bc24-f51c-4151-96f0-2e4af7039364\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"Time\",\"type\":4,\"typeSettings\":{\"selectableValues\":[{\"durationMs\":1800000},{\"durationMs\":3600000},{\"durationMs\":14400000},{\"durationMs\":86400000},{\"durationMs\":604800000}],\"allowCustom\":true},\"timeContext\":{\"durationMs\":86400000},\"value\":{\"durationMs\":86400000}}],\"style\":\"above\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"name\":\"parameters - 5\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Illumio_Auditable_Events_CL\\n| summarize count()\",\"size\":4,\"title\":\"Audit Events\",\"noDataMessage\":\"0\",\"timeContextFromParameter\":\"Time\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"card\",\"textSettings\":{\"style\":\"bignumber\"}},\"customWidth\":\"30\",\"name\":\"Audit Events\",\"styleSettings\":{\"maxWidth\":\"30\"}},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"table('Illumio_Auditable_Events_CL')\\n| where event_type has 'tampering'\\n| summarize count()\",\"size\":4,\"title\":\"Tampering Events\",\"timeContextFromParameter\":\"Time\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"card\",\"tileSettings\":{\"showBorder\":false},\"textSettings\":{\"style\":\"bignumber\"}},\"customWidth\":\"30\",\"name\":\"Tampering Events\",\"styleSettings\":{\"maxWidth\":\"30\"}},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"table('Illumio_Auditable_Events_CL')\\n| where event_type has 'port_scan'\\n| summarize count()\",\"size\":4,\"title\":\"Port Scan Events\",\"timeContextFromParameter\":\"Time\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"card\",\"textSettings\":{\"style\":\"bignumber\"}},\"customWidth\":\"30\",\"name\":\"Port Scan Events\",\"styleSettings\":{\"maxWidth\":\"30\"}}]},\"name\":\"group - 5\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Illumio_Auditable_Events_CL\\n| summarize distinct_count = dcount(href) by event_type\\n| order by distinct_count \\n| top 10 by distinct_count\",\"size\":0,\"title\":\"Top Auditable events\",\"timeContextFromParameter\":\"Time\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"categoricalbar\"},\"name\":\"query - 0\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"title\":\"Change Monitoring\",\"items\":[{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Illumio_Auditable_Events_CL\\n| summarize arg_max(TimeGenerated, *) by href\\n| where event_type == 'sec_policy.create' \\n| mv-expand resource_change = resource_changes\\n| project TimeGenerated,\\n            workloads_affected_after_change = resource_change.changes.workloads_affected.after,\\n           policy_version = resource_change.resource.sec_policy.version,\\n           commit_message = resource_change.resource.sec_policy.commit_message,\\n           modified_objects = resource_change.resource.sec_policy.modified_objects,\\n           change_type = resource_change.change_type\\n\",\"size\":0,\"title\":\"Workloads affected by policy changes\",\"noDataMessage\":\"No workloads were affected by policy changes\",\"timeContextFromParameter\":\"Time\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"gridSettings\":{\"sortBy\":[{\"itemKey\":\"TimeGenerated\",\"sortOrder\":1}]},\"sortBy\":[{\"itemKey\":\"TimeGenerated\",\"sortOrder\":1}]},\"name\":\"Workloads affected by policy changes\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Illumio_Auditable_Events_CL\\n| where resource_changes != '[]' and isnotempty(resource_changes) // ensure resource changes are not empty\\n| summarize arg_max(TimeGenerated, *) by href\\n| mv-expand  parse_json(resource_changes)\\n| project resource_type = tostring(bag_keys(resource_changes.resource)[0])\\n| summarize Count=count() by resource_type\",\"size\":0,\"title\":\"Changes by Resource Type\",\"noDataMessage\":\"No changes by resource type\",\"timeContextFromParameter\":\"Time\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"gridSettings\":{\"sortBy\":[{\"itemKey\":\"Count\",\"sortOrder\":2}]},\"sortBy\":[{\"itemKey\":\"Count\",\"sortOrder\":2}]},\"customWidth\":\"35\",\"name\":\"Changes by Resource Type\",\"styleSettings\":{\"maxWidth\":\"35\"}},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Illumio_Auditable_Events_CL\\n| where resource_changes != '[]' and isnotempty(resource_changes) and not(event_type matches regex '^user.*') and (event_type has '.create' or event_type has '.update' or event_type has '.delete') and (created_by !has \\\"agent\\\" and created_by !has \\\"ven\\\" and created_by !has \\\"container\\\")\\n| extend User = tostring(parse_json(created_by)['user']['username'])\\n| summarize Count = count() by User\",\"size\":0,\"title\":\"Changes by User\",\"timeContextFromParameter\":\"Time\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"35\",\"name\":\"Changes by User\",\"styleSettings\":{\"maxWidth\":\"35\"}},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Illumio_Auditable_Events_CL\\n| where created_by has \\\"agent\\\" or created_by has \\\"ven\\\"\\n| project user = tostring(parse_json(created_by)['agent']['hostname'])\\n| summarize count() by user\",\"size\":0,\"title\":\"Events generated by agents\",\"noDataMessage\":\"Agents have not generated any events\",\"timeContext\":{\"durationMs\":86400000},\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"20\",\"name\":\"Events generated by agents\",\"styleSettings\":{\"maxWidth\":\"20\"}}]},\"name\":\"ChangeMonitoring\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Illumio_Auditable_Events_CL\\n| summarize arg_max(TimeGenerated, *) by href // try to filter what event_type to prioritize in bar chart\\n| make-series events = count() default = 0 on TimeGenerated from {Time:start} to {Time:end} step 1h by event_type //from ago(1d) to now() step 1h by event_type \",\"size\":0,\"title\":\"PCE events breakdown - every hour\",\"timeContextFromParameter\":\"Time\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"unstackedbar\",\"tileSettings\":{\"showBorder\":false},\"graphSettings\":{\"type\":0},\"mapSettings\":{\"locInfo\":\"LatLong\"}},\"name\":\"PCE events breakdown - every hour\"},{\"type\":1,\"content\":{\"json\":\"### Authentication events \\nChoose from below drop down to filter authentication events.\"},\"name\":\"text - 7\"},{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"parameters\":[{\"id\":\"1ee7c425-b1b5-4a71-8dc3-9b447fa1f316\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"EventType\",\"label\":\"Include Event Type\",\"type\":2,\"description\":\"Types of events to be included \",\"isRequired\":true,\"isGlobal\":true,\"multiSelect\":true,\"quote\":\"'\",\"delimiter\":\",\",\"typeSettings\":{\"additionalResourceOptions\":[\"value::all\"],\"selectAllValue\":\"*\",\"showDefault\":false},\"jsonData\":\"[\\n    { \\\"value\\\":\\\"user.logout\\\", \\\"label\\\":\\\"User logout\\\" },\\n    { \\\"value\\\":\\\"user.sign_in\\\", \\\"label\\\":\\\"User signin\\\" },\\n    { \\\"value\\\":\\\"user.sign_out\\\", \\\"label\\\":\\\"User signout\\\" },\\n    { \\\"value\\\":\\\"user.login\\\", \\\"label\\\":\\\"User login\\\"},\\n    { \\\"value\\\":\\\"user.pce_session_terminated\\\", \\\"label\\\":\\\"User session terminated\\\"},\\n    { \\\"value\\\":\\\"request.authentication_failed\\\", \\\"label\\\":\\\"Authentication failed\\\"},\\n    { \\\"value\\\":\\\"user.authenticate\\\", \\\"label\\\":\\\"User Authentication\\\"},\\n    { \\\"value\\\":\\\"user.create_session\\\", \\\"label\\\":\\\"User create session\\\"}\\n]\",\"timeContext\":{\"durationMs\":86400000},\"value\":[\"value::all\"]},{\"id\":\"4f1ca215-f902-4fac-9bf0-834e4988a107\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"ExcludeEventType\",\"label\":\"Exclude Event Type\",\"type\":2,\"description\":\"Types of events to be excluded\",\"isRequired\":true,\"isGlobal\":true,\"multiSelect\":true,\"quote\":\"'\",\"delimiter\":\",\",\"typeSettings\":{\"showDefault\":false},\"jsonData\":\"[\\n    { \\\"value\\\":\\\"user.logout\\\", \\\"label\\\":\\\"User logout\\\" },\\n    { \\\"value\\\":\\\"user.sign_in\\\", \\\"label\\\":\\\"User signin\\\" },\\n    { \\\"value\\\":\\\"user.sign_out\\\", \\\"label\\\":\\\"User signout\\\" },\\n    { \\\"value\\\":\\\"user.login\\\", \\\"label\\\":\\\"User login\\\"},\\n    { \\\"value\\\":\\\"user.pce_session_terminated\\\", \\\"label\\\":\\\"User session terminated\\\"},\\n    { \\\"value\\\":\\\"request.authentication_failed\\\", \\\"label\\\":\\\"Authentication failed\\\"},\\n    { \\\"value\\\":\\\"user.authenticate\\\", \\\"label\\\":\\\"User Authentication\\\"},\\n    { \\\"value\\\":\\\"user.create_session\\\", \\\"label\\\":\\\"User create session\\\"},\\n    { \\\"value\\\":\\\"None\\\", \\\"label\\\":\\\"None\\\", \\\"selected\\\": true}\\n]\",\"timeContext\":{\"durationMs\":86400000},\"value\":[\"None\"]},{\"version\":\"KqlParameterItem/1.0\",\"name\":\"Status\",\"type\":2,\"description\":\"Status values\",\"isRequired\":true,\"isGlobal\":true,\"multiSelect\":true,\"quote\":\"'\",\"delimiter\":\",\",\"typeSettings\":{\"additionalResourceOptions\":[\"value::all\"],\"selectAllValue\":\"*\",\"showDefault\":false},\"jsonData\":\"[\\n    { \\\"value\\\":\\\"failure\\\", \\\"label\\\":\\\"Failure\\\" },\\n    { \\\"value\\\":\\\"success\\\", \\\"label\\\":\\\"Success\\\", \\\"selected\\\": true },\\n    { \\\"value\\\":\\\"None\\\", \\\"label\\\":\\\"None\\\"}\\n]\",\"timeContext\":{\"durationMs\":86400000},\"id\":\"c8996627-2e77-4386-9c23-1eb5d50df311\",\"value\":[\"value::all\"]},{\"version\":\"KqlParameterItem/1.0\",\"name\":\"Severity\",\"type\":2,\"description\":\"Status values\",\"isRequired\":true,\"isGlobal\":true,\"multiSelect\":true,\"quote\":\"'\",\"delimiter\":\",\",\"typeSettings\":{\"additionalResourceOptions\":[\"value::all\"],\"selectAllValue\":\"*\",\"showDefault\":false},\"jsonData\":\"[\\n    { \\\"value\\\":\\\"err\\\", \\\"label\\\":\\\"Error\\\" },\\n    { \\\"value\\\":\\\"info\\\", \\\"label\\\":\\\"Info\\\", \\\"selected\\\": true }    \\n]\",\"timeContext\":{\"durationMs\":86400000},\"id\":\"79d0945d-d0f8-4293-8dc2-3c57391cde95\",\"value\":[\"value::all\"]}],\"style\":\"pills\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"name\":\"parameters - 6\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let included_event_types = iif(\\\"*\\\" in ({EventType}), dynamic(['user.login','user.logout', 'user.sign_in', 'user.sign_out', 'user.authenticate','user.create_session','user.pce_session_terminated']), dynamic([{EventType}]) );\\nIllumio_Auditable_Events_CL\\n| where event_type in (included_event_types)\\n| where  \\\"*\\\" in ({Status}) or status in ({Status}) and \\\"*\\\" in ({Severity}) or severity in ({Severity})\\n| where not(event_type in ({ExcludeEventType}))\\n| project TimeGenerated, pce_fqdn, event_type, status, notification_type = parse_json(notifications)[0].notification_type,severity, created_by_username = iif(created_by == '{\\\"system\\\":{}}', parse_json(notifications)[0].info.user.username, parse_json(created_by).user.username)\",\"size\":0,\"title\":\"PCE Authentication Events\",\"timeContextFromParameter\":\"Time\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"gridSettings\":{\"rowLimit\":100,\"filter\":true,\"sortBy\":[{\"itemKey\":\"severity\",\"sortOrder\":1}]},\"sortBy\":[{\"itemKey\":\"severity\",\"sortOrder\":1}]},\"name\":\"PCE Authentication Events\"}],\"fromTemplateId\":\"sentinel-AuditableEventsWorkbook\",\"$schema\":\"https://github.com/Microsoft/Application-Insights-Workbooks/blob/master/schema/workbook.json\"}\r\n",
                 "version": "1.0",
                 "sourceId": "[variables('workspaceResourceId')]",
                 "category": "sentinel"
@@ -570,7 +570,7 @@
               },
               "properties": {
                 "displayName": "[parameters('workbook2-name')]",
-                "serializedData": "{\"version\":\"Notebook/1.0\",\"items\":[{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"parameters\":[{\"id\":\"ebc4e534-7a4a-41be-b365-ddcd4f564090\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"time_range\",\"label\":\"Time Range\",\"type\":4,\"description\":\"As a time filter\",\"isGlobal\":true,\"typeSettings\":{\"selectableValues\":[{\"durationMs\":1800000},{\"durationMs\":3600000},{\"durationMs\":14400000},{\"durationMs\":43200000},{\"durationMs\":86400000},{\"durationMs\":259200000},{\"durationMs\":604800000}],\"allowCustom\":true},\"timeContext\":{\"durationMs\":86400000},\"value\":{\"durationMs\":86400000}}],\"style\":\"above\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"name\":\"parameters - 7\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Illumio_Flow_Events_CL\\n| summarize count() by bin(TimeGenerated, 1h)\",\"size\":0,\"title\":\"Traffic every hour\",\"timeContextFromParameter\":\"time_range\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"linechart\",\"chartSettings\":{\"showLegend\":true,\"showDataPoints\":true,\"xSettings\":{\"label\":\"Time\"},\"ySettings\":{\"label\":\"Traffic Connections\"}}},\"name\":\"traffic-every-hour\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"title\":\"Trafficked Workload Stats\",\"items\":[{\"type\":1,\"content\":{\"json\":\"#### Enter the number of workloads for which the inbound and outbound connections are to be fetched. These workloads will be ordered by connection count. \",\"style\":\"info\"},\"name\":\"text - 4\"},{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"parameters\":[{\"id\":\"0dead08f-24f5-40b3-a011-a59e007a8e70\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"workload_count\",\"label\":\"Workload Count\",\"type\":1,\"description\":\"Provide an integer that denotes the limit for retrieving most trafficked workloads\",\"query\":\"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": 5, \\\\\\\"label\\\\\\\": 5, \\\\\\\"selected\\\\\\\": true}\\\"}\\n\",\"timeContext\":{\"durationMs\":86400000},\"queryType\":8,\"value\":\"10\"}],\"style\":\"pills\",\"queryType\":8},\"name\":\"parameters - 8\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let workload_count = {workload_count};\\nIllumio_Flow_Events_CL\\n| extend hostname = coalesce(src_hostname, dst_hostname)\\n| summarize Count = count() by hostname, dir\\n| summarize InboundCount = sum(iff(dir == \\\"I\\\", Count, 0)), OutboundCount = sum(iff(dir == \\\"O\\\", Count, 0)) by hostname\\n| top workload_count by hostname\\n\",\"size\":0,\"title\":\"Most Trafficked Workloads\",\"timeContextFromParameter\":\"time_range\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"categoricalbar\",\"tileSettings\":{\"showBorder\":false,\"titleContent\":{\"columnMatch\":\"workload\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"Count\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"},\"numberFormat\":{\"unit\":17,\"options\":{\"maximumSignificantDigits\":3,\"maximumFractionDigits\":2}}}},\"chartSettings\":{\"xAxis\":\"hostname\",\"showLegend\":true,\"xSettings\":{\"label\":\"Workloads\"},\"ySettings\":{\"label\":\"Traffic Connections\"}}},\"name\":\"Most Trafficked Workloads\"}]},\"name\":\"MostTraffickedWorkload\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"title\":\"Traffic Explorer\",\"items\":[{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"title\":\"Filters for querying traffic data\",\"expandable\":true,\"expanded\":true,\"items\":[{\"type\":1,\"content\":{\"json\":\"## Traffic Explorer\\n### Please enter source ip, destination ip, destination port, protocol, time range to filter traffic records. \\n### All records are returned unless provided.\\n\",\"style\":\"info\"},\"name\":\"text - 9\"},{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"parameters\":[{\"id\":\"8ab7ce90-16a6-4e7e-85b7-292234a9d3c1\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"src_ip\",\"label\":\"Source IP\",\"type\":2,\"description\":\"Select source ip\",\"multiSelect\":true,\"quote\":\"'\",\"delimiter\":\",\",\"query\":\"Illumio_Flow_Events_CL\\n| summarize by src_ip\",\"typeSettings\":{\"additionalResourceOptions\":[\"value::all\"],\"selectAllValue\":\"*\",\"showDefault\":false},\"timeContext\":{\"durationMs\":86400000},\"timeContextFromParameter\":\"time_range\",\"defaultValue\":\"value::all\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"value\":[\"value::all\"]},{\"id\":\"24f11ee0-0b0b-4c79-918b-01df57233aa2\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"dst_ip\",\"label\":\"Destination IP\",\"type\":2,\"description\":\"Select destination ips\",\"multiSelect\":true,\"quote\":\"'\",\"delimiter\":\",\",\"query\":\"Illumio_Flow_Events_CL\\n| summarize by dst_ip\",\"typeSettings\":{\"additionalResourceOptions\":[\"value::all\"],\"selectAllValue\":\"*\",\"showDefault\":false},\"timeContext\":{\"durationMs\":86400000},\"timeContextFromParameter\":\"time_range\",\"defaultValue\":\"value::all\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},{\"id\":\"eb9fe16e-be04-479d-9389-0095c2b43d50\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"dst_port\",\"label\":\"Destination Port\",\"type\":2,\"description\":\"Select destination port\",\"multiSelect\":true,\"quote\":\"'\",\"delimiter\":\",\",\"query\":\"Illumio_Flow_Events_CL\\n| summarize by dst_port\",\"typeSettings\":{\"additionalResourceOptions\":[\"value::all\"],\"selectAllValue\":\"*\"},\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"time_range\",\"defaultValue\":\"value::all\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"value\":[\"value::all\"]},{\"id\":\"416ab303-c10f-47c1-9f01-7c1324699b49\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"protocol\",\"label\":\"Protocol\",\"type\":2,\"description\":\"Protocol for fetching traffic records. For multiple, use comma as delimiter like 6,17\",\"multiSelect\":true,\"quote\":\"'\",\"delimiter\":\",\",\"query\":\"Illumio_Flow_Events_CL\\n| summarize by proto\\n| extend protocolName = case(\\n    proto == -1, \\\"all\\\",\\n    proto == 0, \\\"hopopt\\\",\\n    proto == 1, \\\"icmp\\\",\\n    proto == 2, \\\"igmp\\\",\\n    proto == 3, \\\"ggp\\\",\\n    proto == 4, \\\"ipv4\\\",\\n    proto == 5, \\\"st\\\",\\n    proto == 6, \\\"tcp\\\",\\n    proto == 7, \\\"cbt\\\",\\n    proto == 8, \\\"egp\\\",\\n    proto == 9, \\\"igp\\\",\\n    proto == 10, \\\"bbn-rcc-mon\\\",\\n    proto == 11, \\\"nvp-ii\\\",\\n    proto == 12, \\\"pup\\\",\\n    proto == 13, \\\"argus\\\",\\n    proto == 14, \\\"emcon\\\",\\n    proto == 15, \\\"xnet\\\",\\n    proto == 16, \\\"chaos\\\",\\n    proto == 17, \\\"udp\\\",\\n    proto == 18, \\\"mux\\\",\\n    proto == 19, \\\"dcn-meas\\\",\\n    proto == 20, \\\"hmp\\\",\\n    proto == 21, \\\"prm\\\",\\n    proto == 22, \\\"xns-idp\\\",\\n    proto == 23, \\\"trunk-1\\\",\\n    proto == 24, \\\"trunk-2\\\",\\n    proto == 25, \\\"leaf-1\\\",\\n    proto == 26, \\\"leaf-2\\\",\\n    proto == 27, \\\"rdp\\\",\\n    proto == 28, \\\"irtp\\\",\\n    proto == 29, \\\"iso-tp4\\\",\\n    proto == 30, \\\"netblt\\\",\\n    proto == 31, \\\"mfe-nsp\\\",\\n    proto == 32, \\\"merit-inp\\\",\\n    proto == 33, \\\"dccp\\\",\\n    proto == 34, \\\"3pc\\\",\\n    proto == 35, \\\"idpr\\\",\\n    proto == 36, \\\"xtp\\\",\\n    proto == 37, \\\"ddp\\\",\\n    proto == 38, \\\"idpr-cmtp\\\",\\n    proto == 39, \\\"tp++\\\",\\n    proto == 40, \\\"il\\\",\\n    proto == 41, \\\"ipv6\\\",\\n    proto == 42, \\\"sdrp\\\",\\n    proto == 43, \\\"ipv6-route\\\",\\n    proto == 44, \\\"ipv6-frag\\\",\\n    proto == 45, \\\"idrp\\\",\\n    proto == 46, \\\"rsvp\\\",\\n    proto == 47, \\\"gre\\\",\\n    proto == 48, \\\"dsr\\\",\\n    proto == 49, \\\"bna\\\",\\n    proto == 50, \\\"esp\\\",\\n    proto == 51, \\\"ah\\\",\\n    proto == 52, \\\"i-nlsp\\\",\\n    proto == 53, \\\"swipe\\\",\\n    proto == 54, \\\"narp\\\",\\n    proto == 55, \\\"mobile\\\",\\n    proto == 56, \\\"tlsp\\\",\\n    proto == 57, \\\"skip\\\",\\n    proto == 58, \\\"ipv6-icmp\\\",\\n    proto == 59, \\\"ipv6-nonxt\\\",\\n    proto == 60, \\\"ipv6-opts\\\",\\n    proto == 62, \\\"cftp\\\",\\n    proto == 64, \\\"sat-expak\\\",\\n    proto == 65, \\\"kryptolan\\\",\\n    proto == 66, \\\"rvd\\\",\\n    proto == 67, \\\"ippc\\\",\\n    proto == 69, \\\"sat-mon\\\",\\n    proto == 70, \\\"visa\\\",\\n    proto == 71, \\\"ipcv\\\",\\n    proto == 72, \\\"cpnx\\\",\\n    proto == 73, \\\"cphb\\\",\\n    proto == 74, \\\"wsn\\\",\\n    proto == 75, \\\"pvp\\\",\\n    proto == 76, \\\"br-sat-mon\\\",\\n    proto == 77, \\\"sun-nd\\\",\\n    proto == 78, \\\"wb-mon\\\",\\n    proto == 79, \\\"wb-expak\\\",\\n    proto == 80, \\\"iso-ip\\\",\\n    proto == 81, \\\"vmtp\\\",\\n    proto == 82, \\\"secure-vmtp\\\",\\n    proto == 83, \\\"vines\\\",\\n    proto == 84, \\\"iptm\\\",\\n    proto == 85, \\\"nsfnet-igp\\\",\\n    proto == 86, \\\"dgp\\\",\\n    proto == 87, \\\"tcf\\\",\\n    proto == 88, \\\"eigrp\\\",\\n    proto == 89, \\\"ospfigp\\\",\\n    proto == 90, \\\"sprite-rpc\\\",\\n    proto == 91, \\\"larp\\\",\\n    proto == 92, \\\"mtp\\\",\\n    proto == 93, \\\"ax.25\\\",\\n    proto == 94, \\\"ipip\\\",\\n    proto == 95, \\\"micp\\\",\\n    proto == 96, \\\"scc-sp\\\",\\n    proto == 97, \\\"etherip\\\",\\n    proto == 98, \\\"encap\\\",\\n    proto == 100, \\\"gmtp\\\",\\n    proto == 101, \\\"ifmp\\\",\\n    proto == 102, \\\"pnni\\\",\\n    proto == 103, \\\"pim\\\",\\n    proto == 104, \\\"aris\\\",\\n    proto == 105, \\\"scps\\\",\\n    proto == 106, \\\"qnx\\\",\\n    proto == 107, \\\"a/n\\\",\\n    proto == 108, \\\"ipcomp\\\",\\n    proto == 109, \\\"snp\\\",\\n    proto == 110, \\\"compaq-peer\\\",\\n    proto == 111, \\\"ipx-in-ip\\\",\\n    proto == 112, \\\"vrrp\\\",\\n    proto == 113, \\\"pgm\\\",\\n    proto == 115, \\\"l2tp\\\",\\n    proto == 116, \\\"ddx\\\",\\n    proto == 117, \\\"iatp\\\",\\n    proto == 118, \\\"stp\\\",\\n    proto == 119, \\\"srp\\\",\\n    proto == 120, \\\"uti\\\",\\n    proto == 121, \\\"smp\\\",\\n    proto == 122, \\\"sm\\\",\\n    proto == 123, \\\"ptp\\\",\\n    proto == 124, \\\"isis over ipv4\\\",\\n    proto == 125, \\\"fire\\\",\\n    proto == 126, \\\"crtp\\\",\\n    proto == 127, \\\"crudp\\\",\\n    proto == 128, \\\"sscopmce\\\",\\n    proto == 129, \\\"iplt\\\",\\n    proto == 130, \\\"sps\\\",\\n    proto == 131, \\\"pipe\\\",\\n    proto == 132, \\\"sctp\\\",\\n    proto == 133, \\\"fc\\\",\\n    proto == 134, \\\"rsvp-e2e-ignore\\\",\\n    proto == 135, \\\"mobility header\\\",\\n    proto == 136, \\\"udplite\\\",\\n    proto == 137, \\\"mpls-in-ip\\\",\\n    proto == 138, \\\"manet\\\",\\n    proto == 139, \\\"hip\\\",\\n    proto == 140, \\\"shim6\\\",\\n    proto == 141, \\\"wesp\\\",\\n    proto == 142, \\\"rohc\\\",\\n    proto == 143, \\\"ethernet\\\",\\n    proto == 144, \\\"aggfrag\\\",\\n    proto == 145, \\\"nsh\\\",\\n    proto >= 146 and proto <= 252, \\\"unknown\\\",\\n    proto == 253, \\\"unknown\\\",\\n    proto == 254, \\\"unknown\\\",\\n    proto == 255, \\\"reserved\\\",\\n    \\\"unknown\\\"\\n)\\n\",\"typeSettings\":{\"additionalResourceOptions\":[\"value::all\"],\"selectAllValue\":\"*\",\"showDefault\":false},\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"time_range\",\"defaultValue\":\"value::all\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"value\":[\"value::all\"]},{\"id\":\"f07c08c2-ff0f-42a7-adc6-4fd5d7f1cb19\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"src_label\",\"label\":\"Source Label\",\"type\":2,\"description\":\"Filter for source labels\",\"multiSelect\":true,\"quote\":\"'\",\"delimiter\":\",\",\"query\":\"Illumio_Flow_Events_CL\\n| where src_labels != ''\\n| extend parsed_labels = parse_json(src_labels)\\n| mv-expand kind=array parsed_labels\\n| extend src_label=tostring(parsed_labels[1])\\n| summarize by src_label\",\"typeSettings\":{\"additionalResourceOptions\":[\"value::all\"],\"selectAllValue\":\"*\",\"showDefault\":false},\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"time_range\",\"defaultValue\":\"value::all\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"value\":[\"value::all\"]},{\"id\":\"9d5cb77f-31a5-41ed-8849-aaee2b513f54\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"dst_label\",\"label\":\"Destination Label\",\"type\":2,\"description\":\"Filter for destination label\",\"multiSelect\":true,\"quote\":\"'\",\"delimiter\":\",\",\"query\":\"Illumio_Flow_Events_CL\\n| where dst_labels != ''\\n| extend parsed_labels = parse_json(dst_labels)\\n| mv-expand kind=array parsed_labels\\n| extend dst_label=tostring(parsed_labels[1])\\n| summarize by dst_label\",\"typeSettings\":{\"additionalResourceOptions\":[\"value::all\"],\"selectAllValue\":\"*\",\"showDefault\":false},\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"time_range\",\"defaultValue\":\"value::all\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"value\":[\"value::all\"]}],\"style\":\"formHorizontal\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"30\",\"name\":\"all_traffic_params\",\"styleSettings\":{\"maxWidth\":\"30\"}}],\"exportParameters\":true},\"name\":\"parameters_group\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Illumio_Flow_Events_CL\\n| where (src_ip in ({src_ip}) or '*' in ({src_ip})) and (dst_ip in ({dst_ip}) or '*' in ({dst_ip})) and  (dst_labels has_any ({dst_label}) or '*' in ({dst_label}))  and  (src_labels has_any ({src_label}) or '*' in ({src_label})) and (dst_port in ({dst_port}) or '*' in ({dst_port})) and (proto in ({protocol}) or '*' in ({protocol})) \\n| extend policy_decision = \\n    case(pd == 0, \\\"Allowed\\\",\\n         pd == 1, \\\"Potentially Blocked\\\",\\n         pd == 2, \\\"Blocked\\\",\\n        \\\"Unknown\\\")\\n| summarize count() by policy_decision\\n\",\"size\":2,\"title\":\"Flow count by policy decision\",\"timeContextFromParameter\":\"time_range\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"piechart\",\"chartSettings\":{\"seriesLabelSettings\":[{\"seriesName\":\"Potentially Blocked\",\"color\":\"yellow\"},{\"seriesName\":\"Allowed\",\"color\":\"green\"},{\"seriesName\":\"Blocked\",\"color\":\"red\"},{\"seriesName\":\"Unknown\",\"color\":\"gray\"}]}},\"customWidth\":\"50\",\"name\":\"Flow count by policy decision\",\"styleSettings\":{\"maxWidth\":\"50\"}},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"\\nIllumio_Flow_Events_CL\\n| where (src_ip in ({src_ip}) or '*' in ({src_ip})) and (dst_ip in ({dst_ip}) or '*' in ({dst_ip})) and (src_labels has_any ({src_label}) or '*' in ({src_label}))  and (dst_labels has_any ({dst_label}) or '*' in ({dst_label})) and (dst_port in ({dst_port}) or '*' in ({dst_port})) and (proto in ({protocol}) or '*' in ({protocol}))\\n| extend class_type = \\n    case(class == 'B', 'Broadcast',\\n         class == 'M', 'Multicast',\\n         class == 'U', \\\"Unicast\\\",\\n        \\\"Unknown\\\")\\n| summarize count() by class_type\\n\",\"size\":2,\"title\":\"Flows by class\",\"timeContextFromParameter\":\"time_range\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"piechart\"},\"customWidth\":\"50\",\"name\":\"Flows by class\",\"styleSettings\":{\"maxWidth\":\"50\"}},{\"type\":1,\"content\":{\"json\":\"### A service is indicated with a destination port and protocol, represented in the below graph as \\\"destination_port/protocol\\\"\",\"style\":\"info\"},\"name\":\"text - 7\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Illumio_Flow_Events_CL\\n| where (src_ip in ({src_ip}) or '*' in ({src_ip})) and (src_labels has_any ({src_label}) or '*' in ({src_label})) and (dst_labels has_any ({dst_label}) or '*' in ({dst_label})) and (dst_ip in ({dst_ip}) or '*' in ({dst_ip})) and (dst_port in ({dst_port}) or '*' in ({dst_port})) and (proto in ({protocol}) or '*' in ({protocol}))\\n| extend protocolName = case(\\n    proto == -1, \\\"all\\\",\\n    proto == 0, \\\"hopopt\\\",\\n    proto == 1, \\\"icmp\\\",\\n    proto == 2, \\\"igmp\\\",\\n    proto == 3, \\\"ggp\\\",\\n    proto == 4, \\\"ipv4\\\",\\n    proto == 5, \\\"st\\\",\\n    proto == 6, \\\"tcp\\\",\\n    proto == 7, \\\"cbt\\\",\\n    proto == 8, \\\"egp\\\",\\n    proto == 9, \\\"igp\\\",\\n    proto == 10, \\\"bbn-rcc-mon\\\",\\n    proto == 11, \\\"nvp-ii\\\",\\n    proto == 12, \\\"pup\\\",\\n    proto == 13, \\\"argus\\\",\\n    proto == 14, \\\"emcon\\\",\\n    proto == 15, \\\"xnet\\\",\\n    proto == 16, \\\"chaos\\\",\\n    proto == 17, \\\"udp\\\",\\n    proto == 18, \\\"mux\\\",\\n    proto == 19, \\\"dcn-meas\\\",\\n    proto == 20, \\\"hmp\\\",\\n    proto == 21, \\\"prm\\\",\\n    proto == 22, \\\"xns-idp\\\",\\n    proto == 23, \\\"trunk-1\\\",\\n    proto == 24, \\\"trunk-2\\\",\\n    proto == 25, \\\"leaf-1\\\",\\n    proto == 26, \\\"leaf-2\\\",\\n    proto == 27, \\\"rdp\\\",\\n    proto == 28, \\\"irtp\\\",\\n    proto == 29, \\\"iso-tp4\\\",\\n    proto == 30, \\\"netblt\\\",\\n    proto == 31, \\\"mfe-nsp\\\",\\n    proto == 32, \\\"merit-inp\\\",\\n    proto == 33, \\\"dccp\\\",\\n    proto == 34, \\\"3pc\\\",\\n    proto == 35, \\\"idpr\\\",\\n    proto == 36, \\\"xtp\\\",\\n    proto == 37, \\\"ddp\\\",\\n    proto == 38, \\\"idpr-cmtp\\\",\\n    proto == 39, \\\"tp++\\\",\\n    proto == 40, \\\"il\\\",\\n    proto == 41, \\\"ipv6\\\",\\n    proto == 42, \\\"sdrp\\\",\\n    proto == 43, \\\"ipv6-route\\\",\\n    proto == 44, \\\"ipv6-frag\\\",\\n    proto == 45, \\\"idrp\\\",\\n    proto == 46, \\\"rsvp\\\",\\n    proto == 47, \\\"gre\\\",\\n    proto == 48, \\\"dsr\\\",\\n    proto == 49, \\\"bna\\\",\\n    proto == 50, \\\"esp\\\",\\n    proto == 51, \\\"ah\\\",\\n    proto == 52, \\\"i-nlsp\\\",\\n    proto == 53, \\\"swipe\\\",\\n    proto == 54, \\\"narp\\\",\\n    proto == 55, \\\"mobile\\\",\\n    proto == 56, \\\"tlsp\\\",\\n    proto == 57, \\\"skip\\\",\\n    proto == 58, \\\"ipv6-icmp\\\",\\n    proto == 59, \\\"ipv6-nonxt\\\",\\n    proto == 60, \\\"ipv6-opts\\\",\\n    proto == 62, \\\"cftp\\\",\\n    proto == 64, \\\"sat-expak\\\",\\n    proto == 65, \\\"kryptolan\\\",\\n    proto == 66, \\\"rvd\\\",\\n    proto == 67, \\\"ippc\\\",\\n    proto == 69, \\\"sat-mon\\\",\\n    proto == 70, \\\"visa\\\",\\n    proto == 71, \\\"ipcv\\\",\\n    proto == 72, \\\"cpnx\\\",\\n    proto == 73, \\\"cphb\\\",\\n    proto == 74, \\\"wsn\\\",\\n    proto == 75, \\\"pvp\\\",\\n    proto == 76, \\\"br-sat-mon\\\",\\n    proto == 77, \\\"sun-nd\\\",\\n    proto == 78, \\\"wb-mon\\\",\\n    proto == 79, \\\"wb-expak\\\",\\n    proto == 80, \\\"iso-ip\\\",\\n    proto == 81, \\\"vmtp\\\",\\n    proto == 82, \\\"secure-vmtp\\\",\\n    proto == 83, \\\"vines\\\",\\n    proto == 84, \\\"iptm\\\",\\n    proto == 85, \\\"nsfnet-igp\\\",\\n    proto == 86, \\\"dgp\\\",\\n    proto == 87, \\\"tcf\\\",\\n    proto == 88, \\\"eigrp\\\",\\n    proto == 89, \\\"ospfigp\\\",\\n    proto == 90, \\\"sprite-rpc\\\",\\n    proto == 91, \\\"larp\\\",\\n    proto == 92, \\\"mtp\\\",\\n    proto == 93, \\\"ax.25\\\",\\n    proto == 94, \\\"ipip\\\",\\n    proto == 95, \\\"micp\\\",\\n    proto == 96, \\\"scc-sp\\\",\\n    proto == 97, \\\"etherip\\\",\\n    proto == 98, \\\"encap\\\",\\n    proto == 100, \\\"gmtp\\\",\\n    proto == 101, \\\"ifmp\\\",\\n    proto == 102, \\\"pnni\\\",\\n    proto == 103, \\\"pim\\\",\\n    proto == 104, \\\"aris\\\",\\n    proto == 105, \\\"scps\\\",\\n    proto == 106, \\\"qnx\\\",\\n    proto == 107, \\\"a/n\\\",\\n    proto == 108, \\\"ipcomp\\\",\\n    proto == 109, \\\"snp\\\",\\n    proto == 110, \\\"compaq-peer\\\",\\n    proto == 111, \\\"ipx-in-ip\\\",\\n    proto == 112, \\\"vrrp\\\",\\n    proto == 113, \\\"pgm\\\",\\n    proto == 115, \\\"l2tp\\\",\\n    proto == 116, \\\"ddx\\\",\\n    proto == 117, \\\"iatp\\\",\\n    proto == 118, \\\"stp\\\",\\n    proto == 119, \\\"srp\\\",\\n    proto == 120, \\\"uti\\\",\\n    proto == 121, \\\"smp\\\",\\n    proto == 122, \\\"sm\\\",\\n    proto == 123, \\\"ptp\\\",\\n    proto == 124, \\\"isis over ipv4\\\",\\n    proto == 125, \\\"fire\\\",\\n    proto == 126, \\\"crtp\\\",\\n    proto == 127, \\\"crudp\\\",\\n    proto == 128, \\\"sscopmce\\\",\\n    proto == 129, \\\"iplt\\\",\\n    proto == 130, \\\"sps\\\",\\n    proto == 131, \\\"pipe\\\",\\n    proto == 132, \\\"sctp\\\",\\n    proto == 133, \\\"fc\\\",\\n    proto == 134, \\\"rsvp-e2e-ignore\\\",\\n    proto == 135, \\\"mobility header\\\",\\n    proto == 136, \\\"udplite\\\",\\n    proto == 137, \\\"mpls-in-ip\\\",\\n    proto == 138, \\\"manet\\\",\\n    proto == 139, \\\"hip\\\",\\n    proto == 140, \\\"shim6\\\",\\n    proto == 141, \\\"wesp\\\",\\n    proto == 142, \\\"rohc\\\",\\n    proto == 143, \\\"ethernet\\\",\\n    proto == 144, \\\"aggfrag\\\",\\n    proto == 145, \\\"nsh\\\",\\n    proto >= 146 and proto <= 252, \\\"unknown\\\",\\n    proto == 253, \\\"unknown\\\",\\n    proto == 254, \\\"unknown\\\",\\n    proto == 255, \\\"reserved\\\",\\n    \\\"unknown\\\"\\n)\\n| extend service = strcat(dst_port, '/', protocolName)\\n| summarize service_count = count() by service\\n| top 5 by service_count\\n\",\"size\":0,\"title\":\"Top 5 Services by Flow Count\",\"color\":\"blue\",\"noDataMessage\":\"No services found\",\"timeContextFromParameter\":\"time_range\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"categoricalbar\",\"chartSettings\":{\"xAxis\":\"service\",\"yAxis\":[\"service_count\"],\"xSettings\":{\"label\":\"Destination Service\"},\"ySettings\":{\"label\":\"Count\"}}},\"name\":\"Top 5 Services by Flow Count\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Illumio_Flow_Events_CL\\n| where pd == 2 and (src_ip in ({src_ip}) or '*' in ({src_ip})) and (dst_ip in ({dst_ip}) or '*' in ({dst_ip})) and (src_labels has_any ({src_label}) or '*' in ({src_label})) and (dst_labels has_any ({dst_label}) or '*' in ({dst_label})) and (dst_port in ({dst_port}) or '*' in ({dst_port})) and (proto in ({protocol}) or '*' in ({protocol}))\\n| extend protocol = case(\\n    proto == -1, \\\"all\\\",\\n    proto == 0, \\\"hopopt\\\",\\n    proto == 1, \\\"icmp\\\",\\n    proto == 2, \\\"igmp\\\",\\n    proto == 3, \\\"ggp\\\",\\n    proto == 4, \\\"ipv4\\\",\\n    proto == 5, \\\"st\\\",\\n    proto == 6, \\\"tcp\\\",\\n    proto == 7, \\\"cbt\\\",\\n    proto == 8, \\\"egp\\\",\\n    proto == 9, \\\"igp\\\",\\n    proto == 10, \\\"bbn-rcc-mon\\\",\\n    proto == 11, \\\"nvp-ii\\\",\\n    proto == 12, \\\"pup\\\",\\n    proto == 13, \\\"argus\\\",\\n    proto == 14, \\\"emcon\\\",\\n    proto == 15, \\\"xnet\\\",\\n    proto == 16, \\\"chaos\\\",\\n    proto == 17, \\\"udp\\\",\\n    proto == 18, \\\"mux\\\",\\n    proto == 19, \\\"dcn-meas\\\",\\n    proto == 20, \\\"hmp\\\",\\n    proto == 21, \\\"prm\\\",\\n    proto == 22, \\\"xns-idp\\\",\\n    proto == 23, \\\"trunk-1\\\",\\n    proto == 24, \\\"trunk-2\\\",\\n    proto == 25, \\\"leaf-1\\\",\\n    proto == 26, \\\"leaf-2\\\",\\n    proto == 27, \\\"rdp\\\",\\n    proto == 28, \\\"irtp\\\",\\n    proto == 29, \\\"iso-tp4\\\",\\n    proto == 30, \\\"netblt\\\",\\n    proto == 31, \\\"mfe-nsp\\\",\\n    proto == 32, \\\"merit-inp\\\",\\n    proto == 33, \\\"dccp\\\",\\n    proto == 34, \\\"3pc\\\",\\n    proto == 35, \\\"idpr\\\",\\n    proto == 36, \\\"xtp\\\",\\n    proto == 37, \\\"ddp\\\",\\n    proto == 38, \\\"idpr-cmtp\\\",\\n    proto == 39, \\\"tp++\\\",\\n    proto == 40, \\\"il\\\",\\n    proto == 41, \\\"ipv6\\\",\\n    proto == 42, \\\"sdrp\\\",\\n    proto == 43, \\\"ipv6-route\\\",\\n    proto == 44, \\\"ipv6-frag\\\",\\n    proto == 45, \\\"idrp\\\",\\n    proto == 46, \\\"rsvp\\\",\\n    proto == 47, \\\"gre\\\",\\n    proto == 48, \\\"dsr\\\",\\n    proto == 49, \\\"bna\\\",\\n    proto == 50, \\\"esp\\\",\\n    proto == 51, \\\"ah\\\",\\n    proto == 52, \\\"i-nlsp\\\",\\n    proto == 53, \\\"swipe\\\",\\n    proto == 54, \\\"narp\\\",\\n    proto == 55, \\\"mobile\\\",\\n    proto == 56, \\\"tlsp\\\",\\n    proto == 57, \\\"skip\\\",\\n    proto == 58, \\\"ipv6-icmp\\\",\\n    proto == 59, \\\"ipv6-nonxt\\\",\\n    proto == 60, \\\"ipv6-opts\\\",\\n    proto == 62, \\\"cftp\\\",\\n    proto == 64, \\\"sat-expak\\\",\\n    proto == 65, \\\"kryptolan\\\",\\n    proto == 66, \\\"rvd\\\",\\n    proto == 67, \\\"ippc\\\",\\n    proto == 69, \\\"sat-mon\\\",\\n    proto == 70, \\\"visa\\\",\\n    proto == 71, \\\"ipcv\\\",\\n    proto == 72, \\\"cpnx\\\",\\n    proto == 73, \\\"cphb\\\",\\n    proto == 74, \\\"wsn\\\",\\n    proto == 75, \\\"pvp\\\",\\n    proto == 76, \\\"br-sat-mon\\\",\\n    proto == 77, \\\"sun-nd\\\",\\n    proto == 78, \\\"wb-mon\\\",\\n    proto == 79, \\\"wb-expak\\\",\\n    proto == 80, \\\"iso-ip\\\",\\n    proto == 81, \\\"vmtp\\\",\\n    proto == 82, \\\"secure-vmtp\\\",\\n    proto == 83, \\\"vines\\\",\\n    proto == 84, \\\"iptm\\\",\\n    proto == 85, \\\"nsfnet-igp\\\",\\n    proto == 86, \\\"dgp\\\",\\n    proto == 87, \\\"tcf\\\",\\n    proto == 88, \\\"eigrp\\\",\\n    proto == 89, \\\"ospfigp\\\",\\n    proto == 90, \\\"sprite-rpc\\\",\\n    proto == 91, \\\"larp\\\",\\n    proto == 92, \\\"mtp\\\",\\n    proto == 93, \\\"ax.25\\\",\\n    proto == 94, \\\"ipip\\\",\\n    proto == 95, \\\"micp\\\",\\n    proto == 96, \\\"scc-sp\\\",\\n    proto == 97, \\\"etherip\\\",\\n    proto == 98, \\\"encap\\\",\\n    proto == 100, \\\"gmtp\\\",\\n    proto == 101, \\\"ifmp\\\",\\n    proto == 102, \\\"pnni\\\",\\n    proto == 103, \\\"pim\\\",\\n    proto == 104, \\\"aris\\\",\\n    proto == 105, \\\"scps\\\",\\n    proto == 106, \\\"qnx\\\",\\n    proto == 107, \\\"a/n\\\",\\n    proto == 108, \\\"ipcomp\\\",\\n    proto == 109, \\\"snp\\\",\\n    proto == 110, \\\"compaq-peer\\\",\\n    proto == 111, \\\"ipx-in-ip\\\",\\n    proto == 112, \\\"vrrp\\\",\\n    proto == 113, \\\"pgm\\\",\\n    proto == 115, \\\"l2tp\\\",\\n    proto == 116, \\\"ddx\\\",\\n    proto == 117, \\\"iatp\\\",\\n    proto == 118, \\\"stp\\\",\\n    proto == 119, \\\"srp\\\",\\n    proto == 120, \\\"uti\\\",\\n    proto == 121, \\\"smp\\\",\\n    proto == 122, \\\"sm\\\",\\n    proto == 123, \\\"ptp\\\",\\n    proto == 124, \\\"isis over ipv4\\\",\\n    proto == 125, \\\"fire\\\",\\n    proto == 126, \\\"crtp\\\",\\n    proto == 127, \\\"crudp\\\",\\n    proto == 128, \\\"sscopmce\\\",\\n    proto == 129, \\\"iplt\\\",\\n    proto == 130, \\\"sps\\\",\\n    proto == 131, \\\"pipe\\\",\\n    proto == 132, \\\"sctp\\\",\\n    proto == 133, \\\"fc\\\",\\n    proto == 134, \\\"rsvp-e2e-ignore\\\",\\n    proto == 135, \\\"mobility header\\\",\\n    proto == 136, \\\"udplite\\\",\\n    proto == 137, \\\"mpls-in-ip\\\",\\n    proto == 138, \\\"manet\\\",\\n    proto == 139, \\\"hip\\\",\\n    proto == 140, \\\"shim6\\\",\\n    proto == 141, \\\"wesp\\\",\\n    proto == 142, \\\"rohc\\\",\\n    proto == 143, \\\"ethernet\\\",\\n    proto == 144, \\\"aggfrag\\\",\\n    proto == 145, \\\"nsh\\\",\\n    proto >= 146 and proto <= 252, \\\"unknown\\\",\\n    proto == 253, \\\"unknown\\\",\\n    proto == 254, \\\"unknown\\\",\\n    proto == 255, \\\"reserved\\\",\\n    \\\"unknown\\\"\\n)\\n| project TimeGenerated, src_ip, src_hostname, src_labels, dst_ip, dst_hostname, dst_port, dst_labels, protocol\\n\\n\",\"size\":0,\"title\":\"Blocked Traffic\",\"timeContextFromParameter\":\"time_range\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"name\":\"Blocked Traffic\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Illumio_Flow_Events_CL\\n| where pd == 1 and (src_ip in ({src_ip}) or '*' in ({src_ip})) and (dst_ip in ({dst_ip}) or '*' in ({dst_ip})) and (src_labels has_any ({src_label}) or '*' in ({src_label})) and (dst_labels has_any ({dst_label}) or '*' in ({dst_label})) and (dst_port in ({dst_port}) or '*' in ({dst_port})) and (proto in ({protocol}) or '*' in ({protocol}))\\n| extend protocol = case(\\n    proto == -1, \\\"all\\\",\\n    proto == 0, \\\"hopopt\\\",\\n    proto == 1, \\\"icmp\\\",\\n    proto == 2, \\\"igmp\\\",\\n    proto == 3, \\\"ggp\\\",\\n    proto == 4, \\\"ipv4\\\",\\n    proto == 5, \\\"st\\\",\\n    proto == 6, \\\"tcp\\\",\\n    proto == 7, \\\"cbt\\\",\\n    proto == 8, \\\"egp\\\",\\n    proto == 9, \\\"igp\\\",\\n    proto == 10, \\\"bbn-rcc-mon\\\",\\n    proto == 11, \\\"nvp-ii\\\",\\n    proto == 12, \\\"pup\\\",\\n    proto == 13, \\\"argus\\\",\\n    proto == 14, \\\"emcon\\\",\\n    proto == 15, \\\"xnet\\\",\\n    proto == 16, \\\"chaos\\\",\\n    proto == 17, \\\"udp\\\",\\n    proto == 18, \\\"mux\\\",\\n    proto == 19, \\\"dcn-meas\\\",\\n    proto == 20, \\\"hmp\\\",\\n    proto == 21, \\\"prm\\\",\\n    proto == 22, \\\"xns-idp\\\",\\n    proto == 23, \\\"trunk-1\\\",\\n    proto == 24, \\\"trunk-2\\\",\\n    proto == 25, \\\"leaf-1\\\",\\n    proto == 26, \\\"leaf-2\\\",\\n    proto == 27, \\\"rdp\\\",\\n    proto == 28, \\\"irtp\\\",\\n    proto == 29, \\\"iso-tp4\\\",\\n    proto == 30, \\\"netblt\\\",\\n    proto == 31, \\\"mfe-nsp\\\",\\n    proto == 32, \\\"merit-inp\\\",\\n    proto == 33, \\\"dccp\\\",\\n    proto == 34, \\\"3pc\\\",\\n    proto == 35, \\\"idpr\\\",\\n    proto == 36, \\\"xtp\\\",\\n    proto == 37, \\\"ddp\\\",\\n    proto == 38, \\\"idpr-cmtp\\\",\\n    proto == 39, \\\"tp++\\\",\\n    proto == 40, \\\"il\\\",\\n    proto == 41, \\\"ipv6\\\",\\n    proto == 42, \\\"sdrp\\\",\\n    proto == 43, \\\"ipv6-route\\\",\\n    proto == 44, \\\"ipv6-frag\\\",\\n    proto == 45, \\\"idrp\\\",\\n    proto == 46, \\\"rsvp\\\",\\n    proto == 47, \\\"gre\\\",\\n    proto == 48, \\\"dsr\\\",\\n    proto == 49, \\\"bna\\\",\\n    proto == 50, \\\"esp\\\",\\n    proto == 51, \\\"ah\\\",\\n    proto == 52, \\\"i-nlsp\\\",\\n    proto == 53, \\\"swipe\\\",\\n    proto == 54, \\\"narp\\\",\\n    proto == 55, \\\"mobile\\\",\\n    proto == 56, \\\"tlsp\\\",\\n    proto == 57, \\\"skip\\\",\\n    proto == 58, \\\"ipv6-icmp\\\",\\n    proto == 59, \\\"ipv6-nonxt\\\",\\n    proto == 60, \\\"ipv6-opts\\\",\\n    proto == 62, \\\"cftp\\\",\\n    proto == 64, \\\"sat-expak\\\",\\n    proto == 65, \\\"kryptolan\\\",\\n    proto == 66, \\\"rvd\\\",\\n    proto == 67, \\\"ippc\\\",\\n    proto == 69, \\\"sat-mon\\\",\\n    proto == 70, \\\"visa\\\",\\n    proto == 71, \\\"ipcv\\\",\\n    proto == 72, \\\"cpnx\\\",\\n    proto == 73, \\\"cphb\\\",\\n    proto == 74, \\\"wsn\\\",\\n    proto == 75, \\\"pvp\\\",\\n    proto == 76, \\\"br-sat-mon\\\",\\n    proto == 77, \\\"sun-nd\\\",\\n    proto == 78, \\\"wb-mon\\\",\\n    proto == 79, \\\"wb-expak\\\",\\n    proto == 80, \\\"iso-ip\\\",\\n    proto == 81, \\\"vmtp\\\",\\n    proto == 82, \\\"secure-vmtp\\\",\\n    proto == 83, \\\"vines\\\",\\n    proto == 84, \\\"iptm\\\",\\n    proto == 85, \\\"nsfnet-igp\\\",\\n    proto == 86, \\\"dgp\\\",\\n    proto == 87, \\\"tcf\\\",\\n    proto == 88, \\\"eigrp\\\",\\n    proto == 89, \\\"ospfigp\\\",\\n    proto == 90, \\\"sprite-rpc\\\",\\n    proto == 91, \\\"larp\\\",\\n    proto == 92, \\\"mtp\\\",\\n    proto == 93, \\\"ax.25\\\",\\n    proto == 94, \\\"ipip\\\",\\n    proto == 95, \\\"micp\\\",\\n    proto == 96, \\\"scc-sp\\\",\\n    proto == 97, \\\"etherip\\\",\\n    proto == 98, \\\"encap\\\",\\n    proto == 100, \\\"gmtp\\\",\\n    proto == 101, \\\"ifmp\\\",\\n    proto == 102, \\\"pnni\\\",\\n    proto == 103, \\\"pim\\\",\\n    proto == 104, \\\"aris\\\",\\n    proto == 105, \\\"scps\\\",\\n    proto == 106, \\\"qnx\\\",\\n    proto == 107, \\\"a/n\\\",\\n    proto == 108, \\\"ipcomp\\\",\\n    proto == 109, \\\"snp\\\",\\n    proto == 110, \\\"compaq-peer\\\",\\n    proto == 111, \\\"ipx-in-ip\\\",\\n    proto == 112, \\\"vrrp\\\",\\n    proto == 113, \\\"pgm\\\",\\n    proto == 115, \\\"l2tp\\\",\\n    proto == 116, \\\"ddx\\\",\\n    proto == 117, \\\"iatp\\\",\\n    proto == 118, \\\"stp\\\",\\n    proto == 119, \\\"srp\\\",\\n    proto == 120, \\\"uti\\\",\\n    proto == 121, \\\"smp\\\",\\n    proto == 122, \\\"sm\\\",\\n    proto == 123, \\\"ptp\\\",\\n    proto == 124, \\\"isis over ipv4\\\",\\n    proto == 125, \\\"fire\\\",\\n    proto == 126, \\\"crtp\\\",\\n    proto == 127, \\\"crudp\\\",\\n    proto == 128, \\\"sscopmce\\\",\\n    proto == 129, \\\"iplt\\\",\\n    proto == 130, \\\"sps\\\",\\n    proto == 131, \\\"pipe\\\",\\n    proto == 132, \\\"sctp\\\",\\n    proto == 133, \\\"fc\\\",\\n    proto == 134, \\\"rsvp-e2e-ignore\\\",\\n    proto == 135, \\\"mobility header\\\",\\n    proto == 136, \\\"udplite\\\",\\n    proto == 137, \\\"mpls-in-ip\\\",\\n    proto == 138, \\\"manet\\\",\\n    proto == 139, \\\"hip\\\",\\n    proto == 140, \\\"shim6\\\",\\n    proto == 141, \\\"wesp\\\",\\n    proto == 142, \\\"rohc\\\",\\n    proto == 143, \\\"ethernet\\\",\\n    proto == 144, \\\"aggfrag\\\",\\n    proto == 145, \\\"nsh\\\",\\n    proto >= 146 and proto <= 252, \\\"unknown\\\",\\n    proto == 253, \\\"unknown\\\",\\n    proto == 254, \\\"unknown\\\",\\n    proto == 255, \\\"reserved\\\",\\n    \\\"unknown\\\"\\n)\\n| project TimeGenerated, src_ip, src_hostname, src_labels, dst_ip, dst_hostname, dst_port, dst_labels, protocol\\n\\n\",\"size\":0,\"title\":\"Potentially blocked traffic\",\"timeContextFromParameter\":\"time_range\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"name\":\"Potentially blocked traffic\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Illumio_Flow_Events_CL\\n| where pd == 0 and  (src_ip in ({src_ip}) or '*' in ({src_ip})) and (dst_ip in ({dst_ip}) or '*' in ({dst_ip})) and (src_labels has_any ({src_label}) or '*' in ({src_label})) and (dst_labels has_any ({dst_label}) or '*' in ({dst_label})) and (dst_port in ({dst_port}) or '*' in ({dst_port})) and (proto in ({protocol}) or '*' in ({protocol}))\\n| extend protocol = case(\\n    proto == -1, \\\"all\\\",\\n    proto == 0, \\\"hopopt\\\",\\n    proto == 1, \\\"icmp\\\",\\n    proto == 2, \\\"igmp\\\",\\n    proto == 3, \\\"ggp\\\",\\n    proto == 4, \\\"ipv4\\\",\\n    proto == 5, \\\"st\\\",\\n    proto == 6, \\\"tcp\\\",\\n    proto == 7, \\\"cbt\\\",\\n    proto == 8, \\\"egp\\\",\\n    proto == 9, \\\"igp\\\",\\n    proto == 10, \\\"bbn-rcc-mon\\\",\\n    proto == 11, \\\"nvp-ii\\\",\\n    proto == 12, \\\"pup\\\",\\n    proto == 13, \\\"argus\\\",\\n    proto == 14, \\\"emcon\\\",\\n    proto == 15, \\\"xnet\\\",\\n    proto == 16, \\\"chaos\\\",\\n    proto == 17, \\\"udp\\\",\\n    proto == 18, \\\"mux\\\",\\n    proto == 19, \\\"dcn-meas\\\",\\n    proto == 20, \\\"hmp\\\",\\n    proto == 21, \\\"prm\\\",\\n    proto == 22, \\\"xns-idp\\\",\\n    proto == 23, \\\"trunk-1\\\",\\n    proto == 24, \\\"trunk-2\\\",\\n    proto == 25, \\\"leaf-1\\\",\\n    proto == 26, \\\"leaf-2\\\",\\n    proto == 27, \\\"rdp\\\",\\n    proto == 28, \\\"irtp\\\",\\n    proto == 29, \\\"iso-tp4\\\",\\n    proto == 30, \\\"netblt\\\",\\n    proto == 31, \\\"mfe-nsp\\\",\\n    proto == 32, \\\"merit-inp\\\",\\n    proto == 33, \\\"dccp\\\",\\n    proto == 34, \\\"3pc\\\",\\n    proto == 35, \\\"idpr\\\",\\n    proto == 36, \\\"xtp\\\",\\n    proto == 37, \\\"ddp\\\",\\n    proto == 38, \\\"idpr-cmtp\\\",\\n    proto == 39, \\\"tp++\\\",\\n    proto == 40, \\\"il\\\",\\n    proto == 41, \\\"ipv6\\\",\\n    proto == 42, \\\"sdrp\\\",\\n    proto == 43, \\\"ipv6-route\\\",\\n    proto == 44, \\\"ipv6-frag\\\",\\n    proto == 45, \\\"idrp\\\",\\n    proto == 46, \\\"rsvp\\\",\\n    proto == 47, \\\"gre\\\",\\n    proto == 48, \\\"dsr\\\",\\n    proto == 49, \\\"bna\\\",\\n    proto == 50, \\\"esp\\\",\\n    proto == 51, \\\"ah\\\",\\n    proto == 52, \\\"i-nlsp\\\",\\n    proto == 53, \\\"swipe\\\",\\n    proto == 54, \\\"narp\\\",\\n    proto == 55, \\\"mobile\\\",\\n    proto == 56, \\\"tlsp\\\",\\n    proto == 57, \\\"skip\\\",\\n    proto == 58, \\\"ipv6-icmp\\\",\\n    proto == 59, \\\"ipv6-nonxt\\\",\\n    proto == 60, \\\"ipv6-opts\\\",\\n    proto == 62, \\\"cftp\\\",\\n    proto == 64, \\\"sat-expak\\\",\\n    proto == 65, \\\"kryptolan\\\",\\n    proto == 66, \\\"rvd\\\",\\n    proto == 67, \\\"ippc\\\",\\n    proto == 69, \\\"sat-mon\\\",\\n    proto == 70, \\\"visa\\\",\\n    proto == 71, \\\"ipcv\\\",\\n    proto == 72, \\\"cpnx\\\",\\n    proto == 73, \\\"cphb\\\",\\n    proto == 74, \\\"wsn\\\",\\n    proto == 75, \\\"pvp\\\",\\n    proto == 76, \\\"br-sat-mon\\\",\\n    proto == 77, \\\"sun-nd\\\",\\n    proto == 78, \\\"wb-mon\\\",\\n    proto == 79, \\\"wb-expak\\\",\\n    proto == 80, \\\"iso-ip\\\",\\n    proto == 81, \\\"vmtp\\\",\\n    proto == 82, \\\"secure-vmtp\\\",\\n    proto == 83, \\\"vines\\\",\\n    proto == 84, \\\"iptm\\\",\\n    proto == 85, \\\"nsfnet-igp\\\",\\n    proto == 86, \\\"dgp\\\",\\n    proto == 87, \\\"tcf\\\",\\n    proto == 88, \\\"eigrp\\\",\\n    proto == 89, \\\"ospfigp\\\",\\n    proto == 90, \\\"sprite-rpc\\\",\\n    proto == 91, \\\"larp\\\",\\n    proto == 92, \\\"mtp\\\",\\n    proto == 93, \\\"ax.25\\\",\\n    proto == 94, \\\"ipip\\\",\\n    proto == 95, \\\"micp\\\",\\n    proto == 96, \\\"scc-sp\\\",\\n    proto == 97, \\\"etherip\\\",\\n    proto == 98, \\\"encap\\\",\\n    proto == 100, \\\"gmtp\\\",\\n    proto == 101, \\\"ifmp\\\",\\n    proto == 102, \\\"pnni\\\",\\n    proto == 103, \\\"pim\\\",\\n    proto == 104, \\\"aris\\\",\\n    proto == 105, \\\"scps\\\",\\n    proto == 106, \\\"qnx\\\",\\n    proto == 107, \\\"a/n\\\",\\n    proto == 108, \\\"ipcomp\\\",\\n    proto == 109, \\\"snp\\\",\\n    proto == 110, \\\"compaq-peer\\\",\\n    proto == 111, \\\"ipx-in-ip\\\",\\n    proto == 112, \\\"vrrp\\\",\\n    proto == 113, \\\"pgm\\\",\\n    proto == 115, \\\"l2tp\\\",\\n    proto == 116, \\\"ddx\\\",\\n    proto == 117, \\\"iatp\\\",\\n    proto == 118, \\\"stp\\\",\\n    proto == 119, \\\"srp\\\",\\n    proto == 120, \\\"uti\\\",\\n    proto == 121, \\\"smp\\\",\\n    proto == 122, \\\"sm\\\",\\n    proto == 123, \\\"ptp\\\",\\n    proto == 124, \\\"isis over ipv4\\\",\\n    proto == 125, \\\"fire\\\",\\n    proto == 126, \\\"crtp\\\",\\n    proto == 127, \\\"crudp\\\",\\n    proto == 128, \\\"sscopmce\\\",\\n    proto == 129, \\\"iplt\\\",\\n    proto == 130, \\\"sps\\\",\\n    proto == 131, \\\"pipe\\\",\\n    proto == 132, \\\"sctp\\\",\\n    proto == 133, \\\"fc\\\",\\n    proto == 134, \\\"rsvp-e2e-ignore\\\",\\n    proto == 135, \\\"mobility header\\\",\\n    proto == 136, \\\"udplite\\\",\\n    proto == 137, \\\"mpls-in-ip\\\",\\n    proto == 138, \\\"manet\\\",\\n    proto == 139, \\\"hip\\\",\\n    proto == 140, \\\"shim6\\\",\\n    proto == 141, \\\"wesp\\\",\\n    proto == 142, \\\"rohc\\\",\\n    proto == 143, \\\"ethernet\\\",\\n    proto == 144, \\\"aggfrag\\\",\\n    proto == 145, \\\"nsh\\\",\\n    proto >= 146 and proto <= 252, \\\"unknown\\\",\\n    proto == 253, \\\"unknown\\\",\\n    proto == 254, \\\"unknown\\\",\\n    proto == 255, \\\"reserved\\\",\\n    \\\"unknown\\\"\\n)\\n| project TimeGenerated, src_ip, src_hostname, src_labels, dst_ip, dst_hostname, dst_port, dst_labels, protocol\\n\",\"size\":0,\"title\":\"Allowed traffic\",\"timeContextFromParameter\":\"time_range\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"name\":\"Allowed traffic\"}]},\"name\":\"Traffic Explorer\"}],\"fromTemplateId\":\"sentinel-FlowDataWorkbook\",\"$schema\":\"https://github.com/Microsoft/Application-Insights-Workbooks/blob/master/schema/workbook.json\"}\n",
+                "serializedData": "{\"version\":\"Notebook/1.0\",\"items\":[{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"parameters\":[{\"id\":\"ebc4e534-7a4a-41be-b365-ddcd4f564090\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"time_range\",\"label\":\"Time Range\",\"type\":4,\"description\":\"As a time filter\",\"isGlobal\":true,\"typeSettings\":{\"selectableValues\":[{\"durationMs\":1800000},{\"durationMs\":3600000},{\"durationMs\":14400000},{\"durationMs\":43200000},{\"durationMs\":86400000},{\"durationMs\":259200000},{\"durationMs\":604800000}],\"allowCustom\":true},\"timeContext\":{\"durationMs\":86400000},\"value\":{\"durationMs\":86400000}}],\"style\":\"above\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"name\":\"parameters - 7\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Illumio_Flow_Events_CL\\n| summarize count() by bin(TimeGenerated, 1h)\",\"size\":0,\"title\":\"Traffic every hour\",\"timeContextFromParameter\":\"time_range\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"linechart\",\"chartSettings\":{\"showLegend\":true,\"showDataPoints\":true,\"xSettings\":{\"label\":\"Time\"},\"ySettings\":{\"label\":\"Traffic Connections\"}}},\"name\":\"traffic-every-hour\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"title\":\"Trafficked Workload Stats\",\"items\":[{\"type\":1,\"content\":{\"json\":\"#### Enter the number of workloads for which the inbound and outbound connections are to be fetched. These workloads will be ordered by connection count. \",\"style\":\"info\"},\"name\":\"text - 4\"},{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"parameters\":[{\"id\":\"0dead08f-24f5-40b3-a011-a59e007a8e70\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"workload_count\",\"label\":\"Workload Count\",\"type\":1,\"description\":\"Provide an integer that denotes the limit for retrieving most trafficked workloads\",\"query\":\"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": 5, \\\\\\\"label\\\\\\\": 5, \\\\\\\"selected\\\\\\\": true}\\\"}\\r\\n\",\"timeContext\":{\"durationMs\":86400000},\"queryType\":8,\"value\":\"10\"}],\"style\":\"pills\",\"queryType\":8},\"name\":\"parameters - 8\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let workload_count = {workload_count};\\nIllumio_Flow_Events_CL\\n| extend hostname = coalesce(src_hostname, dst_hostname)\\n| summarize Count = count() by hostname, dir\\n| summarize InboundCount = sum(iff(dir == \\\"I\\\", Count, 0)), OutboundCount = sum(iff(dir == \\\"O\\\", Count, 0)) by hostname\\n| top workload_count by hostname\\n\",\"size\":0,\"title\":\"Most Trafficked Workloads\",\"timeContextFromParameter\":\"time_range\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"categoricalbar\",\"tileSettings\":{\"showBorder\":false,\"titleContent\":{\"columnMatch\":\"workload\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"Count\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"},\"numberFormat\":{\"unit\":17,\"options\":{\"maximumSignificantDigits\":3,\"maximumFractionDigits\":2}}}},\"chartSettings\":{\"xAxis\":\"hostname\",\"showLegend\":true,\"xSettings\":{\"label\":\"Workloads\"},\"ySettings\":{\"label\":\"Traffic Connections\"}}},\"name\":\"Most Trafficked Workloads\"}]},\"name\":\"MostTraffickedWorkload\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"title\":\"Traffic Explorer\",\"items\":[{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"title\":\"Filters for querying traffic data\",\"expandable\":true,\"expanded\":true,\"items\":[{\"type\":1,\"content\":{\"json\":\"## Traffic Explorer\\n### Please enter source ip, destination ip, destination port, protocol, time range to filter traffic records. \\n### All records are returned unless provided.\\n\",\"style\":\"info\"},\"name\":\"text - 9\"},{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"parameters\":[{\"id\":\"8ab7ce90-16a6-4e7e-85b7-292234a9d3c1\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"src_ip\",\"label\":\"Source IP\",\"type\":2,\"description\":\"Select source ip\",\"multiSelect\":true,\"quote\":\"'\",\"delimiter\":\",\",\"query\":\"Illumio_Flow_Events_CL\\n| summarize by src_ip\",\"typeSettings\":{\"additionalResourceOptions\":[\"value::all\"],\"selectAllValue\":\"*\",\"showDefault\":false},\"timeContext\":{\"durationMs\":86400000},\"timeContextFromParameter\":\"time_range\",\"defaultValue\":\"value::all\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"value\":[\"value::all\"]},{\"id\":\"24f11ee0-0b0b-4c79-918b-01df57233aa2\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"dst_ip\",\"label\":\"Destination IP\",\"type\":2,\"description\":\"Select destination ips\",\"multiSelect\":true,\"quote\":\"'\",\"delimiter\":\",\",\"query\":\"Illumio_Flow_Events_CL\\n| summarize by dst_ip\",\"typeSettings\":{\"additionalResourceOptions\":[\"value::all\"],\"selectAllValue\":\"*\",\"showDefault\":false},\"timeContext\":{\"durationMs\":86400000},\"timeContextFromParameter\":\"time_range\",\"defaultValue\":\"value::all\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},{\"id\":\"eb9fe16e-be04-479d-9389-0095c2b43d50\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"dst_port\",\"label\":\"Destination Port\",\"type\":2,\"description\":\"Select destination port\",\"multiSelect\":true,\"quote\":\"'\",\"delimiter\":\",\",\"query\":\"Illumio_Flow_Events_CL\\n| summarize by dst_port\",\"typeSettings\":{\"additionalResourceOptions\":[\"value::all\"],\"selectAllValue\":\"*\"},\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"time_range\",\"defaultValue\":\"value::all\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"value\":[\"value::all\"]},{\"id\":\"416ab303-c10f-47c1-9f01-7c1324699b49\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"protocol\",\"label\":\"Protocol\",\"type\":2,\"description\":\"Protocol for fetching traffic records. For multiple, use comma as delimiter like 6,17\",\"multiSelect\":true,\"quote\":\"'\",\"delimiter\":\",\",\"query\":\"Illumio_Flow_Events_CL\\n| summarize by proto\\n| extend protocolName = case(\\n    proto == -1, \\\"all\\\",\\n    proto == 0, \\\"hopopt\\\",\\n    proto == 1, \\\"icmp\\\",\\n    proto == 2, \\\"igmp\\\",\\n    proto == 3, \\\"ggp\\\",\\n    proto == 4, \\\"ipv4\\\",\\n    proto == 5, \\\"st\\\",\\n    proto == 6, \\\"tcp\\\",\\n    proto == 7, \\\"cbt\\\",\\n    proto == 8, \\\"egp\\\",\\n    proto == 9, \\\"igp\\\",\\n    proto == 10, \\\"bbn-rcc-mon\\\",\\n    proto == 11, \\\"nvp-ii\\\",\\n    proto == 12, \\\"pup\\\",\\n    proto == 13, \\\"argus\\\",\\n    proto == 14, \\\"emcon\\\",\\n    proto == 15, \\\"xnet\\\",\\n    proto == 16, \\\"chaos\\\",\\n    proto == 17, \\\"udp\\\",\\n    proto == 18, \\\"mux\\\",\\n    proto == 19, \\\"dcn-meas\\\",\\n    proto == 20, \\\"hmp\\\",\\n    proto == 21, \\\"prm\\\",\\n    proto == 22, \\\"xns-idp\\\",\\n    proto == 23, \\\"trunk-1\\\",\\n    proto == 24, \\\"trunk-2\\\",\\n    proto == 25, \\\"leaf-1\\\",\\n    proto == 26, \\\"leaf-2\\\",\\n    proto == 27, \\\"rdp\\\",\\n    proto == 28, \\\"irtp\\\",\\n    proto == 29, \\\"iso-tp4\\\",\\n    proto == 30, \\\"netblt\\\",\\n    proto == 31, \\\"mfe-nsp\\\",\\n    proto == 32, \\\"merit-inp\\\",\\n    proto == 33, \\\"dccp\\\",\\n    proto == 34, \\\"3pc\\\",\\n    proto == 35, \\\"idpr\\\",\\n    proto == 36, \\\"xtp\\\",\\n    proto == 37, \\\"ddp\\\",\\n    proto == 38, \\\"idpr-cmtp\\\",\\n    proto == 39, \\\"tp++\\\",\\n    proto == 40, \\\"il\\\",\\n    proto == 41, \\\"ipv6\\\",\\n    proto == 42, \\\"sdrp\\\",\\n    proto == 43, \\\"ipv6-route\\\",\\n    proto == 44, \\\"ipv6-frag\\\",\\n    proto == 45, \\\"idrp\\\",\\n    proto == 46, \\\"rsvp\\\",\\n    proto == 47, \\\"gre\\\",\\n    proto == 48, \\\"dsr\\\",\\n    proto == 49, \\\"bna\\\",\\n    proto == 50, \\\"esp\\\",\\n    proto == 51, \\\"ah\\\",\\n    proto == 52, \\\"i-nlsp\\\",\\n    proto == 53, \\\"swipe\\\",\\n    proto == 54, \\\"narp\\\",\\n    proto == 55, \\\"mobile\\\",\\n    proto == 56, \\\"tlsp\\\",\\n    proto == 57, \\\"skip\\\",\\n    proto == 58, \\\"ipv6-icmp\\\",\\n    proto == 59, \\\"ipv6-nonxt\\\",\\n    proto == 60, \\\"ipv6-opts\\\",\\n    proto == 62, \\\"cftp\\\",\\n    proto == 64, \\\"sat-expak\\\",\\n    proto == 65, \\\"kryptolan\\\",\\n    proto == 66, \\\"rvd\\\",\\n    proto == 67, \\\"ippc\\\",\\n    proto == 69, \\\"sat-mon\\\",\\n    proto == 70, \\\"visa\\\",\\n    proto == 71, \\\"ipcv\\\",\\n    proto == 72, \\\"cpnx\\\",\\n    proto == 73, \\\"cphb\\\",\\n    proto == 74, \\\"wsn\\\",\\n    proto == 75, \\\"pvp\\\",\\n    proto == 76, \\\"br-sat-mon\\\",\\n    proto == 77, \\\"sun-nd\\\",\\n    proto == 78, \\\"wb-mon\\\",\\n    proto == 79, \\\"wb-expak\\\",\\n    proto == 80, \\\"iso-ip\\\",\\n    proto == 81, \\\"vmtp\\\",\\n    proto == 82, \\\"secure-vmtp\\\",\\n    proto == 83, \\\"vines\\\",\\n    proto == 84, \\\"iptm\\\",\\n    proto == 85, \\\"nsfnet-igp\\\",\\n    proto == 86, \\\"dgp\\\",\\n    proto == 87, \\\"tcf\\\",\\n    proto == 88, \\\"eigrp\\\",\\n    proto == 89, \\\"ospfigp\\\",\\n    proto == 90, \\\"sprite-rpc\\\",\\n    proto == 91, \\\"larp\\\",\\n    proto == 92, \\\"mtp\\\",\\n    proto == 93, \\\"ax.25\\\",\\n    proto == 94, \\\"ipip\\\",\\n    proto == 95, \\\"micp\\\",\\n    proto == 96, \\\"scc-sp\\\",\\n    proto == 97, \\\"etherip\\\",\\n    proto == 98, \\\"encap\\\",\\n    proto == 100, \\\"gmtp\\\",\\n    proto == 101, \\\"ifmp\\\",\\n    proto == 102, \\\"pnni\\\",\\n    proto == 103, \\\"pim\\\",\\n    proto == 104, \\\"aris\\\",\\n    proto == 105, \\\"scps\\\",\\n    proto == 106, \\\"qnx\\\",\\n    proto == 107, \\\"a/n\\\",\\n    proto == 108, \\\"ipcomp\\\",\\n    proto == 109, \\\"snp\\\",\\n    proto == 110, \\\"compaq-peer\\\",\\n    proto == 111, \\\"ipx-in-ip\\\",\\n    proto == 112, \\\"vrrp\\\",\\n    proto == 113, \\\"pgm\\\",\\n    proto == 115, \\\"l2tp\\\",\\n    proto == 116, \\\"ddx\\\",\\n    proto == 117, \\\"iatp\\\",\\n    proto == 118, \\\"stp\\\",\\n    proto == 119, \\\"srp\\\",\\n    proto == 120, \\\"uti\\\",\\n    proto == 121, \\\"smp\\\",\\n    proto == 122, \\\"sm\\\",\\n    proto == 123, \\\"ptp\\\",\\n    proto == 124, \\\"isis over ipv4\\\",\\n    proto == 125, \\\"fire\\\",\\n    proto == 126, \\\"crtp\\\",\\n    proto == 127, \\\"crudp\\\",\\n    proto == 128, \\\"sscopmce\\\",\\n    proto == 129, \\\"iplt\\\",\\n    proto == 130, \\\"sps\\\",\\n    proto == 131, \\\"pipe\\\",\\n    proto == 132, \\\"sctp\\\",\\n    proto == 133, \\\"fc\\\",\\n    proto == 134, \\\"rsvp-e2e-ignore\\\",\\n    proto == 135, \\\"mobility header\\\",\\n    proto == 136, \\\"udplite\\\",\\n    proto == 137, \\\"mpls-in-ip\\\",\\n    proto == 138, \\\"manet\\\",\\n    proto == 139, \\\"hip\\\",\\n    proto == 140, \\\"shim6\\\",\\n    proto == 141, \\\"wesp\\\",\\n    proto == 142, \\\"rohc\\\",\\n    proto == 143, \\\"ethernet\\\",\\n    proto == 144, \\\"aggfrag\\\",\\n    proto == 145, \\\"nsh\\\",\\n    proto >= 146 and proto <= 252, \\\"unknown\\\",\\n    proto == 253, \\\"unknown\\\",\\n    proto == 254, \\\"unknown\\\",\\n    proto == 255, \\\"reserved\\\",\\n    \\\"unknown\\\"\\n)\\n\",\"typeSettings\":{\"additionalResourceOptions\":[\"value::all\"],\"selectAllValue\":\"*\",\"showDefault\":false},\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"time_range\",\"defaultValue\":\"value::all\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"value\":[\"value::all\"]},{\"id\":\"f07c08c2-ff0f-42a7-adc6-4fd5d7f1cb19\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"src_label\",\"label\":\"Source Label\",\"type\":2,\"description\":\"Filter for source labels\",\"multiSelect\":true,\"quote\":\"'\",\"delimiter\":\",\",\"query\":\"Illumio_Flow_Events_CL\\n| where src_labels != ''\\n| extend parsed_labels = parse_json(src_labels)\\n| mv-expand kind=array parsed_labels\\n| extend src_label=tostring(parsed_labels[1])\\n| summarize by src_label\",\"typeSettings\":{\"additionalResourceOptions\":[\"value::all\"],\"selectAllValue\":\"*\",\"showDefault\":false},\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"time_range\",\"defaultValue\":\"value::all\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"value\":[\"value::all\"]},{\"id\":\"9d5cb77f-31a5-41ed-8849-aaee2b513f54\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"dst_label\",\"label\":\"Destination Label\",\"type\":2,\"description\":\"Filter for destination label\",\"multiSelect\":true,\"quote\":\"'\",\"delimiter\":\",\",\"query\":\"Illumio_Flow_Events_CL\\n| where dst_labels != ''\\n| extend parsed_labels = parse_json(dst_labels)\\n| mv-expand kind=array parsed_labels\\n| extend dst_label=tostring(parsed_labels[1])\\n| summarize by dst_label\",\"typeSettings\":{\"additionalResourceOptions\":[\"value::all\"],\"selectAllValue\":\"*\",\"showDefault\":false},\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"time_range\",\"defaultValue\":\"value::all\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"value\":[\"value::all\"]}],\"style\":\"formHorizontal\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"30\",\"name\":\"all_traffic_params\",\"styleSettings\":{\"maxWidth\":\"30\"}}],\"exportParameters\":true},\"name\":\"parameters_group\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Illumio_Flow_Events_CL\\n| where (src_ip in ({src_ip}) or '*' in ({src_ip})) and (dst_ip in ({dst_ip}) or '*' in ({dst_ip})) and  (dst_labels has_any ({dst_label}) or '*' in ({dst_label}))  and  (src_labels has_any ({src_label}) or '*' in ({src_label})) and (dst_port in ({dst_port}) or '*' in ({dst_port})) and (proto in ({protocol}) or '*' in ({protocol})) \\n| extend policy_decision = \\n    case(pd == 0, \\\"Allowed\\\",\\n         pd == 1, \\\"Potentially Blocked\\\",\\n         pd == 2, \\\"Blocked\\\",\\n        \\\"Unknown\\\")\\n| summarize count() by policy_decision\\n\",\"size\":2,\"title\":\"Flow count by policy decision\",\"timeContextFromParameter\":\"time_range\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"piechart\",\"chartSettings\":{\"seriesLabelSettings\":[{\"seriesName\":\"Potentially Blocked\",\"color\":\"yellow\"},{\"seriesName\":\"Allowed\",\"color\":\"green\"},{\"seriesName\":\"Blocked\",\"color\":\"red\"},{\"seriesName\":\"Unknown\",\"color\":\"gray\"}]}},\"customWidth\":\"50\",\"name\":\"Flow count by policy decision\",\"styleSettings\":{\"maxWidth\":\"50\"}},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"\\nIllumio_Flow_Events_CL\\n| where (src_ip in ({src_ip}) or '*' in ({src_ip})) and (dst_ip in ({dst_ip}) or '*' in ({dst_ip})) and (src_labels has_any ({src_label}) or '*' in ({src_label}))  and (dst_labels has_any ({dst_label}) or '*' in ({dst_label})) and (dst_port in ({dst_port}) or '*' in ({dst_port})) and (proto in ({protocol}) or '*' in ({protocol}))\\n| extend class_type = \\n    case(class == 'B', 'Broadcast',\\n         class == 'M', 'Multicast',\\n         class == 'U', \\\"Unicast\\\",\\n        \\\"Unknown\\\")\\n| summarize count() by class_type\\n\",\"size\":2,\"title\":\"Flows by class\",\"timeContextFromParameter\":\"time_range\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"piechart\"},\"customWidth\":\"50\",\"name\":\"Flows by class\",\"styleSettings\":{\"maxWidth\":\"50\"}},{\"type\":1,\"content\":{\"json\":\"### A service is indicated with a destination port and protocol, represented in the below graph as \\\"destination_port/protocol\\\"\",\"style\":\"info\"},\"name\":\"text - 7\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Illumio_Flow_Events_CL\\n| where (src_ip in ({src_ip}) or '*' in ({src_ip})) and (src_labels has_any ({src_label}) or '*' in ({src_label})) and (dst_labels has_any ({dst_label}) or '*' in ({dst_label})) and (dst_ip in ({dst_ip}) or '*' in ({dst_ip})) and (dst_port in ({dst_port}) or '*' in ({dst_port})) and (proto in ({protocol}) or '*' in ({protocol}))\\n| extend protocolName = case(\\n    proto == -1, \\\"all\\\",\\n    proto == 0, \\\"hopopt\\\",\\n    proto == 1, \\\"icmp\\\",\\n    proto == 2, \\\"igmp\\\",\\n    proto == 3, \\\"ggp\\\",\\n    proto == 4, \\\"ipv4\\\",\\n    proto == 5, \\\"st\\\",\\n    proto == 6, \\\"tcp\\\",\\n    proto == 7, \\\"cbt\\\",\\n    proto == 8, \\\"egp\\\",\\n    proto == 9, \\\"igp\\\",\\n    proto == 10, \\\"bbn-rcc-mon\\\",\\n    proto == 11, \\\"nvp-ii\\\",\\n    proto == 12, \\\"pup\\\",\\n    proto == 13, \\\"argus\\\",\\n    proto == 14, \\\"emcon\\\",\\n    proto == 15, \\\"xnet\\\",\\n    proto == 16, \\\"chaos\\\",\\n    proto == 17, \\\"udp\\\",\\n    proto == 18, \\\"mux\\\",\\n    proto == 19, \\\"dcn-meas\\\",\\n    proto == 20, \\\"hmp\\\",\\n    proto == 21, \\\"prm\\\",\\n    proto == 22, \\\"xns-idp\\\",\\n    proto == 23, \\\"trunk-1\\\",\\n    proto == 24, \\\"trunk-2\\\",\\n    proto == 25, \\\"leaf-1\\\",\\n    proto == 26, \\\"leaf-2\\\",\\n    proto == 27, \\\"rdp\\\",\\n    proto == 28, \\\"irtp\\\",\\n    proto == 29, \\\"iso-tp4\\\",\\n    proto == 30, \\\"netblt\\\",\\n    proto == 31, \\\"mfe-nsp\\\",\\n    proto == 32, \\\"merit-inp\\\",\\n    proto == 33, \\\"dccp\\\",\\n    proto == 34, \\\"3pc\\\",\\n    proto == 35, \\\"idpr\\\",\\n    proto == 36, \\\"xtp\\\",\\n    proto == 37, \\\"ddp\\\",\\n    proto == 38, \\\"idpr-cmtp\\\",\\n    proto == 39, \\\"tp++\\\",\\n    proto == 40, \\\"il\\\",\\n    proto == 41, \\\"ipv6\\\",\\n    proto == 42, \\\"sdrp\\\",\\n    proto == 43, \\\"ipv6-route\\\",\\n    proto == 44, \\\"ipv6-frag\\\",\\n    proto == 45, \\\"idrp\\\",\\n    proto == 46, \\\"rsvp\\\",\\n    proto == 47, \\\"gre\\\",\\n    proto == 48, \\\"dsr\\\",\\n    proto == 49, \\\"bna\\\",\\n    proto == 50, \\\"esp\\\",\\n    proto == 51, \\\"ah\\\",\\n    proto == 52, \\\"i-nlsp\\\",\\n    proto == 53, \\\"swipe\\\",\\n    proto == 54, \\\"narp\\\",\\n    proto == 55, \\\"mobile\\\",\\n    proto == 56, \\\"tlsp\\\",\\n    proto == 57, \\\"skip\\\",\\n    proto == 58, \\\"ipv6-icmp\\\",\\n    proto == 59, \\\"ipv6-nonxt\\\",\\n    proto == 60, \\\"ipv6-opts\\\",\\n    proto == 62, \\\"cftp\\\",\\n    proto == 64, \\\"sat-expak\\\",\\n    proto == 65, \\\"kryptolan\\\",\\n    proto == 66, \\\"rvd\\\",\\n    proto == 67, \\\"ippc\\\",\\n    proto == 69, \\\"sat-mon\\\",\\n    proto == 70, \\\"visa\\\",\\n    proto == 71, \\\"ipcv\\\",\\n    proto == 72, \\\"cpnx\\\",\\n    proto == 73, \\\"cphb\\\",\\n    proto == 74, \\\"wsn\\\",\\n    proto == 75, \\\"pvp\\\",\\n    proto == 76, \\\"br-sat-mon\\\",\\n    proto == 77, \\\"sun-nd\\\",\\n    proto == 78, \\\"wb-mon\\\",\\n    proto == 79, \\\"wb-expak\\\",\\n    proto == 80, \\\"iso-ip\\\",\\n    proto == 81, \\\"vmtp\\\",\\n    proto == 82, \\\"secure-vmtp\\\",\\n    proto == 83, \\\"vines\\\",\\n    proto == 84, \\\"iptm\\\",\\n    proto == 85, \\\"nsfnet-igp\\\",\\n    proto == 86, \\\"dgp\\\",\\n    proto == 87, \\\"tcf\\\",\\n    proto == 88, \\\"eigrp\\\",\\n    proto == 89, \\\"ospfigp\\\",\\n    proto == 90, \\\"sprite-rpc\\\",\\n    proto == 91, \\\"larp\\\",\\n    proto == 92, \\\"mtp\\\",\\n    proto == 93, \\\"ax.25\\\",\\n    proto == 94, \\\"ipip\\\",\\n    proto == 95, \\\"micp\\\",\\n    proto == 96, \\\"scc-sp\\\",\\n    proto == 97, \\\"etherip\\\",\\n    proto == 98, \\\"encap\\\",\\n    proto == 100, \\\"gmtp\\\",\\n    proto == 101, \\\"ifmp\\\",\\n    proto == 102, \\\"pnni\\\",\\n    proto == 103, \\\"pim\\\",\\n    proto == 104, \\\"aris\\\",\\n    proto == 105, \\\"scps\\\",\\n    proto == 106, \\\"qnx\\\",\\n    proto == 107, \\\"a/n\\\",\\n    proto == 108, \\\"ipcomp\\\",\\n    proto == 109, \\\"snp\\\",\\n    proto == 110, \\\"compaq-peer\\\",\\n    proto == 111, \\\"ipx-in-ip\\\",\\n    proto == 112, \\\"vrrp\\\",\\n    proto == 113, \\\"pgm\\\",\\n    proto == 115, \\\"l2tp\\\",\\n    proto == 116, \\\"ddx\\\",\\n    proto == 117, \\\"iatp\\\",\\n    proto == 118, \\\"stp\\\",\\n    proto == 119, \\\"srp\\\",\\n    proto == 120, \\\"uti\\\",\\n    proto == 121, \\\"smp\\\",\\n    proto == 122, \\\"sm\\\",\\n    proto == 123, \\\"ptp\\\",\\n    proto == 124, \\\"isis over ipv4\\\",\\n    proto == 125, \\\"fire\\\",\\n    proto == 126, \\\"crtp\\\",\\n    proto == 127, \\\"crudp\\\",\\n    proto == 128, \\\"sscopmce\\\",\\n    proto == 129, \\\"iplt\\\",\\n    proto == 130, \\\"sps\\\",\\n    proto == 131, \\\"pipe\\\",\\n    proto == 132, \\\"sctp\\\",\\n    proto == 133, \\\"fc\\\",\\n    proto == 134, \\\"rsvp-e2e-ignore\\\",\\n    proto == 135, \\\"mobility header\\\",\\n    proto == 136, \\\"udplite\\\",\\n    proto == 137, \\\"mpls-in-ip\\\",\\n    proto == 138, \\\"manet\\\",\\n    proto == 139, \\\"hip\\\",\\n    proto == 140, \\\"shim6\\\",\\n    proto == 141, \\\"wesp\\\",\\n    proto == 142, \\\"rohc\\\",\\n    proto == 143, \\\"ethernet\\\",\\n    proto == 144, \\\"aggfrag\\\",\\n    proto == 145, \\\"nsh\\\",\\n    proto >= 146 and proto <= 252, \\\"unknown\\\",\\n    proto == 253, \\\"unknown\\\",\\n    proto == 254, \\\"unknown\\\",\\n    proto == 255, \\\"reserved\\\",\\n    \\\"unknown\\\"\\n)\\n| extend service = strcat(dst_port, '/', protocolName)\\n| summarize service_count = count() by service\\n| top 5 by service_count\\n\",\"size\":0,\"title\":\"Top 5 Services by Flow Count\",\"color\":\"blue\",\"noDataMessage\":\"No services found\",\"timeContextFromParameter\":\"time_range\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"categoricalbar\",\"chartSettings\":{\"xAxis\":\"service\",\"yAxis\":[\"service_count\"],\"xSettings\":{\"label\":\"Destination Service\"},\"ySettings\":{\"label\":\"Count\"}}},\"name\":\"Top 5 Services by Flow Count\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Illumio_Flow_Events_CL\\n| where pd == 2 and (src_ip in ({src_ip}) or '*' in ({src_ip})) and (dst_ip in ({dst_ip}) or '*' in ({dst_ip})) and (src_labels has_any ({src_label}) or '*' in ({src_label})) and (dst_labels has_any ({dst_label}) or '*' in ({dst_label})) and (dst_port in ({dst_port}) or '*' in ({dst_port})) and (proto in ({protocol}) or '*' in ({protocol}))\\n| extend protocol = case(\\n    proto == -1, \\\"all\\\",\\n    proto == 0, \\\"hopopt\\\",\\n    proto == 1, \\\"icmp\\\",\\n    proto == 2, \\\"igmp\\\",\\n    proto == 3, \\\"ggp\\\",\\n    proto == 4, \\\"ipv4\\\",\\n    proto == 5, \\\"st\\\",\\n    proto == 6, \\\"tcp\\\",\\n    proto == 7, \\\"cbt\\\",\\n    proto == 8, \\\"egp\\\",\\n    proto == 9, \\\"igp\\\",\\n    proto == 10, \\\"bbn-rcc-mon\\\",\\n    proto == 11, \\\"nvp-ii\\\",\\n    proto == 12, \\\"pup\\\",\\n    proto == 13, \\\"argus\\\",\\n    proto == 14, \\\"emcon\\\",\\n    proto == 15, \\\"xnet\\\",\\n    proto == 16, \\\"chaos\\\",\\n    proto == 17, \\\"udp\\\",\\n    proto == 18, \\\"mux\\\",\\n    proto == 19, \\\"dcn-meas\\\",\\n    proto == 20, \\\"hmp\\\",\\n    proto == 21, \\\"prm\\\",\\n    proto == 22, \\\"xns-idp\\\",\\n    proto == 23, \\\"trunk-1\\\",\\n    proto == 24, \\\"trunk-2\\\",\\n    proto == 25, \\\"leaf-1\\\",\\n    proto == 26, \\\"leaf-2\\\",\\n    proto == 27, \\\"rdp\\\",\\n    proto == 28, \\\"irtp\\\",\\n    proto == 29, \\\"iso-tp4\\\",\\n    proto == 30, \\\"netblt\\\",\\n    proto == 31, \\\"mfe-nsp\\\",\\n    proto == 32, \\\"merit-inp\\\",\\n    proto == 33, \\\"dccp\\\",\\n    proto == 34, \\\"3pc\\\",\\n    proto == 35, \\\"idpr\\\",\\n    proto == 36, \\\"xtp\\\",\\n    proto == 37, \\\"ddp\\\",\\n    proto == 38, \\\"idpr-cmtp\\\",\\n    proto == 39, \\\"tp++\\\",\\n    proto == 40, \\\"il\\\",\\n    proto == 41, \\\"ipv6\\\",\\n    proto == 42, \\\"sdrp\\\",\\n    proto == 43, \\\"ipv6-route\\\",\\n    proto == 44, \\\"ipv6-frag\\\",\\n    proto == 45, \\\"idrp\\\",\\n    proto == 46, \\\"rsvp\\\",\\n    proto == 47, \\\"gre\\\",\\n    proto == 48, \\\"dsr\\\",\\n    proto == 49, \\\"bna\\\",\\n    proto == 50, \\\"esp\\\",\\n    proto == 51, \\\"ah\\\",\\n    proto == 52, \\\"i-nlsp\\\",\\n    proto == 53, \\\"swipe\\\",\\n    proto == 54, \\\"narp\\\",\\n    proto == 55, \\\"mobile\\\",\\n    proto == 56, \\\"tlsp\\\",\\n    proto == 57, \\\"skip\\\",\\n    proto == 58, \\\"ipv6-icmp\\\",\\n    proto == 59, \\\"ipv6-nonxt\\\",\\n    proto == 60, \\\"ipv6-opts\\\",\\n    proto == 62, \\\"cftp\\\",\\n    proto == 64, \\\"sat-expak\\\",\\n    proto == 65, \\\"kryptolan\\\",\\n    proto == 66, \\\"rvd\\\",\\n    proto == 67, \\\"ippc\\\",\\n    proto == 69, \\\"sat-mon\\\",\\n    proto == 70, \\\"visa\\\",\\n    proto == 71, \\\"ipcv\\\",\\n    proto == 72, \\\"cpnx\\\",\\n    proto == 73, \\\"cphb\\\",\\n    proto == 74, \\\"wsn\\\",\\n    proto == 75, \\\"pvp\\\",\\n    proto == 76, \\\"br-sat-mon\\\",\\n    proto == 77, \\\"sun-nd\\\",\\n    proto == 78, \\\"wb-mon\\\",\\n    proto == 79, \\\"wb-expak\\\",\\n    proto == 80, \\\"iso-ip\\\",\\n    proto == 81, \\\"vmtp\\\",\\n    proto == 82, \\\"secure-vmtp\\\",\\n    proto == 83, \\\"vines\\\",\\n    proto == 84, \\\"iptm\\\",\\n    proto == 85, \\\"nsfnet-igp\\\",\\n    proto == 86, \\\"dgp\\\",\\n    proto == 87, \\\"tcf\\\",\\n    proto == 88, \\\"eigrp\\\",\\n    proto == 89, \\\"ospfigp\\\",\\n    proto == 90, \\\"sprite-rpc\\\",\\n    proto == 91, \\\"larp\\\",\\n    proto == 92, \\\"mtp\\\",\\n    proto == 93, \\\"ax.25\\\",\\n    proto == 94, \\\"ipip\\\",\\n    proto == 95, \\\"micp\\\",\\n    proto == 96, \\\"scc-sp\\\",\\n    proto == 97, \\\"etherip\\\",\\n    proto == 98, \\\"encap\\\",\\n    proto == 100, \\\"gmtp\\\",\\n    proto == 101, \\\"ifmp\\\",\\n    proto == 102, \\\"pnni\\\",\\n    proto == 103, \\\"pim\\\",\\n    proto == 104, \\\"aris\\\",\\n    proto == 105, \\\"scps\\\",\\n    proto == 106, \\\"qnx\\\",\\n    proto == 107, \\\"a/n\\\",\\n    proto == 108, \\\"ipcomp\\\",\\n    proto == 109, \\\"snp\\\",\\n    proto == 110, \\\"compaq-peer\\\",\\n    proto == 111, \\\"ipx-in-ip\\\",\\n    proto == 112, \\\"vrrp\\\",\\n    proto == 113, \\\"pgm\\\",\\n    proto == 115, \\\"l2tp\\\",\\n    proto == 116, \\\"ddx\\\",\\n    proto == 117, \\\"iatp\\\",\\n    proto == 118, \\\"stp\\\",\\n    proto == 119, \\\"srp\\\",\\n    proto == 120, \\\"uti\\\",\\n    proto == 121, \\\"smp\\\",\\n    proto == 122, \\\"sm\\\",\\n    proto == 123, \\\"ptp\\\",\\n    proto == 124, \\\"isis over ipv4\\\",\\n    proto == 125, \\\"fire\\\",\\n    proto == 126, \\\"crtp\\\",\\n    proto == 127, \\\"crudp\\\",\\n    proto == 128, \\\"sscopmce\\\",\\n    proto == 129, \\\"iplt\\\",\\n    proto == 130, \\\"sps\\\",\\n    proto == 131, \\\"pipe\\\",\\n    proto == 132, \\\"sctp\\\",\\n    proto == 133, \\\"fc\\\",\\n    proto == 134, \\\"rsvp-e2e-ignore\\\",\\n    proto == 135, \\\"mobility header\\\",\\n    proto == 136, \\\"udplite\\\",\\n    proto == 137, \\\"mpls-in-ip\\\",\\n    proto == 138, \\\"manet\\\",\\n    proto == 139, \\\"hip\\\",\\n    proto == 140, \\\"shim6\\\",\\n    proto == 141, \\\"wesp\\\",\\n    proto == 142, \\\"rohc\\\",\\n    proto == 143, \\\"ethernet\\\",\\n    proto == 144, \\\"aggfrag\\\",\\n    proto == 145, \\\"nsh\\\",\\n    proto >= 146 and proto <= 252, \\\"unknown\\\",\\n    proto == 253, \\\"unknown\\\",\\n    proto == 254, \\\"unknown\\\",\\n    proto == 255, \\\"reserved\\\",\\n    \\\"unknown\\\"\\n)\\n| project TimeGenerated, src_ip, src_hostname, src_labels, dst_ip, dst_hostname, dst_port, dst_labels, protocol\\n\\n\",\"size\":0,\"title\":\"Blocked Traffic\",\"timeContextFromParameter\":\"time_range\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"name\":\"Blocked Traffic\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Illumio_Flow_Events_CL\\n| where pd == 1 and (src_ip in ({src_ip}) or '*' in ({src_ip})) and (dst_ip in ({dst_ip}) or '*' in ({dst_ip})) and (src_labels has_any ({src_label}) or '*' in ({src_label})) and (dst_labels has_any ({dst_label}) or '*' in ({dst_label})) and (dst_port in ({dst_port}) or '*' in ({dst_port})) and (proto in ({protocol}) or '*' in ({protocol}))\\n| extend protocol = case(\\n    proto == -1, \\\"all\\\",\\n    proto == 0, \\\"hopopt\\\",\\n    proto == 1, \\\"icmp\\\",\\n    proto == 2, \\\"igmp\\\",\\n    proto == 3, \\\"ggp\\\",\\n    proto == 4, \\\"ipv4\\\",\\n    proto == 5, \\\"st\\\",\\n    proto == 6, \\\"tcp\\\",\\n    proto == 7, \\\"cbt\\\",\\n    proto == 8, \\\"egp\\\",\\n    proto == 9, \\\"igp\\\",\\n    proto == 10, \\\"bbn-rcc-mon\\\",\\n    proto == 11, \\\"nvp-ii\\\",\\n    proto == 12, \\\"pup\\\",\\n    proto == 13, \\\"argus\\\",\\n    proto == 14, \\\"emcon\\\",\\n    proto == 15, \\\"xnet\\\",\\n    proto == 16, \\\"chaos\\\",\\n    proto == 17, \\\"udp\\\",\\n    proto == 18, \\\"mux\\\",\\n    proto == 19, \\\"dcn-meas\\\",\\n    proto == 20, \\\"hmp\\\",\\n    proto == 21, \\\"prm\\\",\\n    proto == 22, \\\"xns-idp\\\",\\n    proto == 23, \\\"trunk-1\\\",\\n    proto == 24, \\\"trunk-2\\\",\\n    proto == 25, \\\"leaf-1\\\",\\n    proto == 26, \\\"leaf-2\\\",\\n    proto == 27, \\\"rdp\\\",\\n    proto == 28, \\\"irtp\\\",\\n    proto == 29, \\\"iso-tp4\\\",\\n    proto == 30, \\\"netblt\\\",\\n    proto == 31, \\\"mfe-nsp\\\",\\n    proto == 32, \\\"merit-inp\\\",\\n    proto == 33, \\\"dccp\\\",\\n    proto == 34, \\\"3pc\\\",\\n    proto == 35, \\\"idpr\\\",\\n    proto == 36, \\\"xtp\\\",\\n    proto == 37, \\\"ddp\\\",\\n    proto == 38, \\\"idpr-cmtp\\\",\\n    proto == 39, \\\"tp++\\\",\\n    proto == 40, \\\"il\\\",\\n    proto == 41, \\\"ipv6\\\",\\n    proto == 42, \\\"sdrp\\\",\\n    proto == 43, \\\"ipv6-route\\\",\\n    proto == 44, \\\"ipv6-frag\\\",\\n    proto == 45, \\\"idrp\\\",\\n    proto == 46, \\\"rsvp\\\",\\n    proto == 47, \\\"gre\\\",\\n    proto == 48, \\\"dsr\\\",\\n    proto == 49, \\\"bna\\\",\\n    proto == 50, \\\"esp\\\",\\n    proto == 51, \\\"ah\\\",\\n    proto == 52, \\\"i-nlsp\\\",\\n    proto == 53, \\\"swipe\\\",\\n    proto == 54, \\\"narp\\\",\\n    proto == 55, \\\"mobile\\\",\\n    proto == 56, \\\"tlsp\\\",\\n    proto == 57, \\\"skip\\\",\\n    proto == 58, \\\"ipv6-icmp\\\",\\n    proto == 59, \\\"ipv6-nonxt\\\",\\n    proto == 60, \\\"ipv6-opts\\\",\\n    proto == 62, \\\"cftp\\\",\\n    proto == 64, \\\"sat-expak\\\",\\n    proto == 65, \\\"kryptolan\\\",\\n    proto == 66, \\\"rvd\\\",\\n    proto == 67, \\\"ippc\\\",\\n    proto == 69, \\\"sat-mon\\\",\\n    proto == 70, \\\"visa\\\",\\n    proto == 71, \\\"ipcv\\\",\\n    proto == 72, \\\"cpnx\\\",\\n    proto == 73, \\\"cphb\\\",\\n    proto == 74, \\\"wsn\\\",\\n    proto == 75, \\\"pvp\\\",\\n    proto == 76, \\\"br-sat-mon\\\",\\n    proto == 77, \\\"sun-nd\\\",\\n    proto == 78, \\\"wb-mon\\\",\\n    proto == 79, \\\"wb-expak\\\",\\n    proto == 80, \\\"iso-ip\\\",\\n    proto == 81, \\\"vmtp\\\",\\n    proto == 82, \\\"secure-vmtp\\\",\\n    proto == 83, \\\"vines\\\",\\n    proto == 84, \\\"iptm\\\",\\n    proto == 85, \\\"nsfnet-igp\\\",\\n    proto == 86, \\\"dgp\\\",\\n    proto == 87, \\\"tcf\\\",\\n    proto == 88, \\\"eigrp\\\",\\n    proto == 89, \\\"ospfigp\\\",\\n    proto == 90, \\\"sprite-rpc\\\",\\n    proto == 91, \\\"larp\\\",\\n    proto == 92, \\\"mtp\\\",\\n    proto == 93, \\\"ax.25\\\",\\n    proto == 94, \\\"ipip\\\",\\n    proto == 95, \\\"micp\\\",\\n    proto == 96, \\\"scc-sp\\\",\\n    proto == 97, \\\"etherip\\\",\\n    proto == 98, \\\"encap\\\",\\n    proto == 100, \\\"gmtp\\\",\\n    proto == 101, \\\"ifmp\\\",\\n    proto == 102, \\\"pnni\\\",\\n    proto == 103, \\\"pim\\\",\\n    proto == 104, \\\"aris\\\",\\n    proto == 105, \\\"scps\\\",\\n    proto == 106, \\\"qnx\\\",\\n    proto == 107, \\\"a/n\\\",\\n    proto == 108, \\\"ipcomp\\\",\\n    proto == 109, \\\"snp\\\",\\n    proto == 110, \\\"compaq-peer\\\",\\n    proto == 111, \\\"ipx-in-ip\\\",\\n    proto == 112, \\\"vrrp\\\",\\n    proto == 113, \\\"pgm\\\",\\n    proto == 115, \\\"l2tp\\\",\\n    proto == 116, \\\"ddx\\\",\\n    proto == 117, \\\"iatp\\\",\\n    proto == 118, \\\"stp\\\",\\n    proto == 119, \\\"srp\\\",\\n    proto == 120, \\\"uti\\\",\\n    proto == 121, \\\"smp\\\",\\n    proto == 122, \\\"sm\\\",\\n    proto == 123, \\\"ptp\\\",\\n    proto == 124, \\\"isis over ipv4\\\",\\n    proto == 125, \\\"fire\\\",\\n    proto == 126, \\\"crtp\\\",\\n    proto == 127, \\\"crudp\\\",\\n    proto == 128, \\\"sscopmce\\\",\\n    proto == 129, \\\"iplt\\\",\\n    proto == 130, \\\"sps\\\",\\n    proto == 131, \\\"pipe\\\",\\n    proto == 132, \\\"sctp\\\",\\n    proto == 133, \\\"fc\\\",\\n    proto == 134, \\\"rsvp-e2e-ignore\\\",\\n    proto == 135, \\\"mobility header\\\",\\n    proto == 136, \\\"udplite\\\",\\n    proto == 137, \\\"mpls-in-ip\\\",\\n    proto == 138, \\\"manet\\\",\\n    proto == 139, \\\"hip\\\",\\n    proto == 140, \\\"shim6\\\",\\n    proto == 141, \\\"wesp\\\",\\n    proto == 142, \\\"rohc\\\",\\n    proto == 143, \\\"ethernet\\\",\\n    proto == 144, \\\"aggfrag\\\",\\n    proto == 145, \\\"nsh\\\",\\n    proto >= 146 and proto <= 252, \\\"unknown\\\",\\n    proto == 253, \\\"unknown\\\",\\n    proto == 254, \\\"unknown\\\",\\n    proto == 255, \\\"reserved\\\",\\n    \\\"unknown\\\"\\n)\\n| project TimeGenerated, src_ip, src_hostname, src_labels, dst_ip, dst_hostname, dst_port, dst_labels, protocol\\n\\n\",\"size\":0,\"title\":\"Potentially blocked traffic\",\"timeContextFromParameter\":\"time_range\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"name\":\"Potentially blocked traffic\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Illumio_Flow_Events_CL\\n| where pd == 0 and  (src_ip in ({src_ip}) or '*' in ({src_ip})) and (dst_ip in ({dst_ip}) or '*' in ({dst_ip})) and (src_labels has_any ({src_label}) or '*' in ({src_label})) and (dst_labels has_any ({dst_label}) or '*' in ({dst_label})) and (dst_port in ({dst_port}) or '*' in ({dst_port})) and (proto in ({protocol}) or '*' in ({protocol}))\\n| extend protocol = case(\\n    proto == -1, \\\"all\\\",\\n    proto == 0, \\\"hopopt\\\",\\n    proto == 1, \\\"icmp\\\",\\n    proto == 2, \\\"igmp\\\",\\n    proto == 3, \\\"ggp\\\",\\n    proto == 4, \\\"ipv4\\\",\\n    proto == 5, \\\"st\\\",\\n    proto == 6, \\\"tcp\\\",\\n    proto == 7, \\\"cbt\\\",\\n    proto == 8, \\\"egp\\\",\\n    proto == 9, \\\"igp\\\",\\n    proto == 10, \\\"bbn-rcc-mon\\\",\\n    proto == 11, \\\"nvp-ii\\\",\\n    proto == 12, \\\"pup\\\",\\n    proto == 13, \\\"argus\\\",\\n    proto == 14, \\\"emcon\\\",\\n    proto == 15, \\\"xnet\\\",\\n    proto == 16, \\\"chaos\\\",\\n    proto == 17, \\\"udp\\\",\\n    proto == 18, \\\"mux\\\",\\n    proto == 19, \\\"dcn-meas\\\",\\n    proto == 20, \\\"hmp\\\",\\n    proto == 21, \\\"prm\\\",\\n    proto == 22, \\\"xns-idp\\\",\\n    proto == 23, \\\"trunk-1\\\",\\n    proto == 24, \\\"trunk-2\\\",\\n    proto == 25, \\\"leaf-1\\\",\\n    proto == 26, \\\"leaf-2\\\",\\n    proto == 27, \\\"rdp\\\",\\n    proto == 28, \\\"irtp\\\",\\n    proto == 29, \\\"iso-tp4\\\",\\n    proto == 30, \\\"netblt\\\",\\n    proto == 31, \\\"mfe-nsp\\\",\\n    proto == 32, \\\"merit-inp\\\",\\n    proto == 33, \\\"dccp\\\",\\n    proto == 34, \\\"3pc\\\",\\n    proto == 35, \\\"idpr\\\",\\n    proto == 36, \\\"xtp\\\",\\n    proto == 37, \\\"ddp\\\",\\n    proto == 38, \\\"idpr-cmtp\\\",\\n    proto == 39, \\\"tp++\\\",\\n    proto == 40, \\\"il\\\",\\n    proto == 41, \\\"ipv6\\\",\\n    proto == 42, \\\"sdrp\\\",\\n    proto == 43, \\\"ipv6-route\\\",\\n    proto == 44, \\\"ipv6-frag\\\",\\n    proto == 45, \\\"idrp\\\",\\n    proto == 46, \\\"rsvp\\\",\\n    proto == 47, \\\"gre\\\",\\n    proto == 48, \\\"dsr\\\",\\n    proto == 49, \\\"bna\\\",\\n    proto == 50, \\\"esp\\\",\\n    proto == 51, \\\"ah\\\",\\n    proto == 52, \\\"i-nlsp\\\",\\n    proto == 53, \\\"swipe\\\",\\n    proto == 54, \\\"narp\\\",\\n    proto == 55, \\\"mobile\\\",\\n    proto == 56, \\\"tlsp\\\",\\n    proto == 57, \\\"skip\\\",\\n    proto == 58, \\\"ipv6-icmp\\\",\\n    proto == 59, \\\"ipv6-nonxt\\\",\\n    proto == 60, \\\"ipv6-opts\\\",\\n    proto == 62, \\\"cftp\\\",\\n    proto == 64, \\\"sat-expak\\\",\\n    proto == 65, \\\"kryptolan\\\",\\n    proto == 66, \\\"rvd\\\",\\n    proto == 67, \\\"ippc\\\",\\n    proto == 69, \\\"sat-mon\\\",\\n    proto == 70, \\\"visa\\\",\\n    proto == 71, \\\"ipcv\\\",\\n    proto == 72, \\\"cpnx\\\",\\n    proto == 73, \\\"cphb\\\",\\n    proto == 74, \\\"wsn\\\",\\n    proto == 75, \\\"pvp\\\",\\n    proto == 76, \\\"br-sat-mon\\\",\\n    proto == 77, \\\"sun-nd\\\",\\n    proto == 78, \\\"wb-mon\\\",\\n    proto == 79, \\\"wb-expak\\\",\\n    proto == 80, \\\"iso-ip\\\",\\n    proto == 81, \\\"vmtp\\\",\\n    proto == 82, \\\"secure-vmtp\\\",\\n    proto == 83, \\\"vines\\\",\\n    proto == 84, \\\"iptm\\\",\\n    proto == 85, \\\"nsfnet-igp\\\",\\n    proto == 86, \\\"dgp\\\",\\n    proto == 87, \\\"tcf\\\",\\n    proto == 88, \\\"eigrp\\\",\\n    proto == 89, \\\"ospfigp\\\",\\n    proto == 90, \\\"sprite-rpc\\\",\\n    proto == 91, \\\"larp\\\",\\n    proto == 92, \\\"mtp\\\",\\n    proto == 93, \\\"ax.25\\\",\\n    proto == 94, \\\"ipip\\\",\\n    proto == 95, \\\"micp\\\",\\n    proto == 96, \\\"scc-sp\\\",\\n    proto == 97, \\\"etherip\\\",\\n    proto == 98, \\\"encap\\\",\\n    proto == 100, \\\"gmtp\\\",\\n    proto == 101, \\\"ifmp\\\",\\n    proto == 102, \\\"pnni\\\",\\n    proto == 103, \\\"pim\\\",\\n    proto == 104, \\\"aris\\\",\\n    proto == 105, \\\"scps\\\",\\n    proto == 106, \\\"qnx\\\",\\n    proto == 107, \\\"a/n\\\",\\n    proto == 108, \\\"ipcomp\\\",\\n    proto == 109, \\\"snp\\\",\\n    proto == 110, \\\"compaq-peer\\\",\\n    proto == 111, \\\"ipx-in-ip\\\",\\n    proto == 112, \\\"vrrp\\\",\\n    proto == 113, \\\"pgm\\\",\\n    proto == 115, \\\"l2tp\\\",\\n    proto == 116, \\\"ddx\\\",\\n    proto == 117, \\\"iatp\\\",\\n    proto == 118, \\\"stp\\\",\\n    proto == 119, \\\"srp\\\",\\n    proto == 120, \\\"uti\\\",\\n    proto == 121, \\\"smp\\\",\\n    proto == 122, \\\"sm\\\",\\n    proto == 123, \\\"ptp\\\",\\n    proto == 124, \\\"isis over ipv4\\\",\\n    proto == 125, \\\"fire\\\",\\n    proto == 126, \\\"crtp\\\",\\n    proto == 127, \\\"crudp\\\",\\n    proto == 128, \\\"sscopmce\\\",\\n    proto == 129, \\\"iplt\\\",\\n    proto == 130, \\\"sps\\\",\\n    proto == 131, \\\"pipe\\\",\\n    proto == 132, \\\"sctp\\\",\\n    proto == 133, \\\"fc\\\",\\n    proto == 134, \\\"rsvp-e2e-ignore\\\",\\n    proto == 135, \\\"mobility header\\\",\\n    proto == 136, \\\"udplite\\\",\\n    proto == 137, \\\"mpls-in-ip\\\",\\n    proto == 138, \\\"manet\\\",\\n    proto == 139, \\\"hip\\\",\\n    proto == 140, \\\"shim6\\\",\\n    proto == 141, \\\"wesp\\\",\\n    proto == 142, \\\"rohc\\\",\\n    proto == 143, \\\"ethernet\\\",\\n    proto == 144, \\\"aggfrag\\\",\\n    proto == 145, \\\"nsh\\\",\\n    proto >= 146 and proto <= 252, \\\"unknown\\\",\\n    proto == 253, \\\"unknown\\\",\\n    proto == 254, \\\"unknown\\\",\\n    proto == 255, \\\"reserved\\\",\\n    \\\"unknown\\\"\\n)\\n| project TimeGenerated, src_ip, src_hostname, src_labels, dst_ip, dst_hostname, dst_port, dst_labels, protocol\\n\",\"size\":0,\"title\":\"Allowed traffic\",\"timeContextFromParameter\":\"time_range\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"name\":\"Allowed traffic\"}]},\"name\":\"Traffic Explorer\"}],\"fromTemplateId\":\"sentinel-FlowDataWorkbook\",\"$schema\":\"https://github.com/Microsoft/Application-Insights-Workbooks/blob/master/schema/workbook.json\"}\r\n",
                 "version": "1.0",
                 "sourceId": "[variables('workspaceResourceId')]",
                 "category": "sentinel"
@@ -657,7 +657,7 @@
               },
               "properties": {
                 "displayName": "[parameters('workbook3-name')]",
-                "serializedData": "{\"version\":\"Notebook/1.0\",\"items\":[{\"type\":1,\"content\":{\"json\":\"### Illumio Workloads Stats\\n---\\n\\nThis workbook uses Illumio APIs to fetch workload details and presents stats.\"},\"name\":\"text - 2\"},{\"type\":11,\"content\":{\"version\":\"LinkItem/1.0\",\"style\":\"tabs\",\"tabStyle\":\"bigger\",\"links\":[{\"id\":\"4de2c193-277e-4f8e-88b5-2caac1676e2b\",\"cellValue\":\"Tab\",\"linkTarget\":\"parameter\",\"linkLabel\":\"Workload Operations\",\"subTarget\":\"0\",\"style\":\"link\",\"tabWidth\":\"500px\"},{\"id\":\"8b46c8dd-071a-4bd4-9d36-1247d8777702\",\"cellValue\":\"Tab\",\"linkTarget\":\"parameter\",\"linkLabel\":\"Workload Investigations\",\"subTarget\":\"1\",\"style\":\"link\",\"tabWidth\":\"500px\"}]},\"name\":\"links - 9\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"print workload_response = '{GETWorkloadsAPI}'\\n| project parse_json(workload_response)\\n| mv-apply workload_response on (\\n    where workload_response.managed == 'true' and isnotempty(workload_response.risk_summary)\\n    | project exposure_severity = workload_response.risk_summary.ransomware.workload_exposure_severity,\\n            protection_percentage = workload_response.risk_summary.ransomware.ransomware_protection_percent,\\n            updated_at = workload_response.risk_summary.ransomware.last_updated_at\\n    )\",\"size\":0,\"timeContext\":{\"durationMs\":86400000},\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"gridSettings\":{\"sortBy\":[{\"itemKey\":\"protection_percentage\",\"sortOrder\":2}]},\"sortBy\":[{\"itemKey\":\"protection_percentage\",\"sortOrder\":2}],\"tileSettings\":{\"showBorder\":false}},\"name\":\"query - 0\"}]},\"conditionalVisibility\":{\"parameterName\":\"Tab\",\"comparison\":\"isEqualTo\",\"value\":\"2\"},\"name\":\"Ransomware\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Illumio_Workloads_Summarized_API_CL\\n| order by TimeGenerated desc\\n| top 1 by TimeGenerated\\n| extend parsedJson = parse_json(vens_by_version)\\n| mv-expand keyValue = parsedJson\\n| extend version = tostring(bag_keys(keyValue)[0]), count_ = toint(keyValue[tostring(bag_keys(keyValue)[0])])\\n| project version, count_\",\"size\":3,\"title\":\"Workloads by VEN Version\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"piechart\",\"chartSettings\":{\"showMetrics\":false,\"showLegend\":true,\"ySettings\":{\"numberFormatSettings\":{\"unit\":0,\"options\":{\"style\":\"decimal\",\"useGrouping\":true,\"minimumIntegerDigits\":1}}}}},\"customWidth\":\"50\",\"name\":\"query - 5\",\"styleSettings\":{\"maxWidth\":\"50\"}},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Illumio_Workloads_Summarized_API_CL\\n| order by TimeGenerated desc\\n| top 1 by TimeGenerated\\n| extend parsedJson = parse_json(vens_by_managed)\\n| mv-expand keyValue = parsedJson\\n| extend managed = tostring(bag_keys(keyValue)[0]), count_ = toint(keyValue[tostring(bag_keys(keyValue)[0])])\\n| project managed = iff(managed == 'true', 'Managed', 'Unmanaged'), count_\",\"size\":3,\"title\":\"Managed and Unmanaged workload counts\",\"noDataMessage\":\"No workloads\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"piechart\",\"chartSettings\":{\"showMetrics\":false,\"showLegend\":true,\"ySettings\":{\"numberFormatSettings\":{\"unit\":0,\"options\":{\"style\":\"decimal\",\"useGrouping\":true,\"minimumIntegerDigits\":1}}}}},\"customWidth\":\"50\",\"name\":\"query - 4\",\"styleSettings\":{\"maxWidth\":\"50\"}},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Illumio_Workloads_Summarized_API_CL\\n| order by TimeGenerated desc\\n| top 1 by TimeGenerated\\n| extend parsedJson = parse_json(vens_by_type)\\n| mv-expand keyValue = parsedJson\\n| extend type = tostring(bag_keys(keyValue)[0]), count_ = toint(keyValue[tostring(bag_keys(keyValue)[0])])\\n| project type, count_\",\"size\":3,\"title\":\"VENs by type\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"piechart\",\"chartSettings\":{\"ySettings\":{\"numberFormatSettings\":{\"unit\":0,\"options\":{\"style\":\"decimal\",\"useGrouping\":true,\"minimumIntegerDigits\":1}}}}},\"customWidth\":\"50\",\"name\":\"query - 3\",\"styleSettings\":{\"maxWidth\":\"50\"}},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Illumio_Workloads_Summarized_API_CL\\n| order by TimeGenerated desc\\n| top 1 by TimeGenerated\\n| extend parsedJson = parse_json(vens_by_os)\\n| mv-expand keyValue = parsedJson\\n| extend os = tostring(bag_keys(keyValue)[0]), count_ = toint(keyValue[tostring(bag_keys(keyValue)[0])])\\n| project os, count_\",\"size\":3,\"title\":\"Managed workloads by OS\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"piechart\",\"chartSettings\":{\"showMetrics\":false,\"showLegend\":true,\"ySettings\":{\"numberFormatSettings\":{\"unit\":0,\"options\":{\"style\":\"decimal\",\"useGrouping\":true,\"minimumIntegerDigits\":1}}}}},\"customWidth\":\"50\",\"name\":\"query - 6\",\"styleSettings\":{\"maxWidth\":\"50\"}}],\"exportParameters\":true},\"conditionalVisibility\":{\"parameterName\":\"Tab\",\"comparison\":\"isEqualTo\",\"value\":\"0\"},\"name\":\"WorkloadOperations\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Illumio_Workloads_Summarized_API_CL\\n| order by TimeGenerated desc\\n| top 1 by TimeGenerated\\n| extend parsedJson = parse_json(vens_by_enforcement_mode)\\n| mv-expand keyValue = parsedJson\\n| extend mode = tostring(bag_keys(keyValue)[0]), count_ = toint(keyValue[tostring(bag_keys(keyValue)[0])])\\n| project mode = case(mode == 'full', 'Full',\\n         mode == 'visibility_only', 'Visibility Only',\\n         mode == 'selective', \\\"Selective\\\",\\n        \\\"Idle\\\"), count_\\n\",\"size\":3,\"title\":\"Workloads by enforcement modes\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"piechart\",\"chartSettings\":{\"ySettings\":{\"numberFormatSettings\":{\"unit\":0,\"options\":{\"style\":\"decimal\",\"useGrouping\":true,\"minimumIntegerDigits\":1}}}}},\"customWidth\":\"50\",\"name\":\"query - 7\",\"styleSettings\":{\"maxWidth\":\"50\"}},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Illumio_Workloads_Summarized_API_CL\\n| order by TimeGenerated desc\\n| top 1 by TimeGenerated\\n| extend parsedJson = parse_json(vens_by_status)\\n| mv-expand keyValue = parsedJson\\n| extend status = tostring(bag_keys(keyValue)[0]), count_ = toint(keyValue[tostring(bag_keys(keyValue)[0])])\\n| project status, count_\\n\",\"size\":3,\"title\":\"VENs by Status\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"piechart\",\"chartSettings\":{\"ySettings\":{\"numberFormatSettings\":{\"unit\":0,\"options\":{\"style\":\"decimal\",\"useGrouping\":true,\"minimumIntegerDigits\":1}}}}},\"customWidth\":\"50\",\"name\":\"query - 1\",\"styleSettings\":{\"maxWidth\":\"50\"}},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Illumio_Workloads_Summarized_API_CL\\n| order by TimeGenerated desc\\n| top 1 by TimeGenerated\\n| extend parsedJson = parse_json(vens_by_sync_state)\\n| mv-expand keyValue = parsedJson\\n| extend sync_state = tostring(bag_keys(keyValue)[0]), count_ = toint(keyValue[tostring(bag_keys(keyValue)[0])])\\n| project sync_state, count_\\n\",\"size\":3,\"title\":\"VENs by synchronization state\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"piechart\",\"chartSettings\":{\"ySettings\":{\"numberFormatSettings\":{\"unit\":0,\"options\":{\"style\":\"decimal\",\"useGrouping\":true,\"minimumIntegerDigits\":1}}}}},\"name\":\"query - 2\"}]},\"conditionalVisibility\":{\"parameterName\":\"Tab\",\"comparison\":\"isEqualTo\",\"value\":\"1\"},\"name\":\"Workload Investigations\"}],\"fromTemplateId\":\"sentinel-apiWorkbook\",\"$schema\":\"https://github.com/Microsoft/Application-Insights-Workbooks/blob/master/schema/workbook.json\"}\n",
+                "serializedData": "{\"version\":\"Notebook/1.0\",\"items\":[{\"type\":1,\"content\":{\"json\":\"### Illumio Workloads Stats\\n---\\n\\nThis workbook uses Illumio APIs to fetch workload details and presents stats.\"},\"name\":\"text - 2\"},{\"type\":11,\"content\":{\"version\":\"LinkItem/1.0\",\"style\":\"tabs\",\"tabStyle\":\"bigger\",\"links\":[{\"id\":\"4de2c193-277e-4f8e-88b5-2caac1676e2b\",\"cellValue\":\"Tab\",\"linkTarget\":\"parameter\",\"linkLabel\":\"Workload Operations\",\"subTarget\":\"0\",\"style\":\"link\",\"tabWidth\":\"500px\"},{\"id\":\"8b46c8dd-071a-4bd4-9d36-1247d8777702\",\"cellValue\":\"Tab\",\"linkTarget\":\"parameter\",\"linkLabel\":\"Workload Investigations\",\"subTarget\":\"1\",\"style\":\"link\",\"tabWidth\":\"500px\"}]},\"name\":\"links - 9\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"print workload_response = '{GETWorkloadsAPI}'\\n| project parse_json(workload_response)\\n| mv-apply workload_response on (\\n    where workload_response.managed == 'true' and isnotempty(workload_response.risk_summary)\\n    | project exposure_severity = workload_response.risk_summary.ransomware.workload_exposure_severity,\\n            protection_percentage = workload_response.risk_summary.ransomware.ransomware_protection_percent,\\n            updated_at = workload_response.risk_summary.ransomware.last_updated_at\\n    )\",\"size\":0,\"timeContext\":{\"durationMs\":86400000},\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"gridSettings\":{\"sortBy\":[{\"itemKey\":\"protection_percentage\",\"sortOrder\":2}]},\"sortBy\":[{\"itemKey\":\"protection_percentage\",\"sortOrder\":2}],\"tileSettings\":{\"showBorder\":false}},\"name\":\"query - 0\"}]},\"conditionalVisibility\":{\"parameterName\":\"Tab\",\"comparison\":\"isEqualTo\",\"value\":\"2\"},\"name\":\"Ransomware\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Illumio_Workloads_Summarized_API_CL\\n| order by TimeGenerated desc\\n| top 1 by TimeGenerated\\n| extend parsedJson = parse_json(vens_by_version)\\n| mv-expand keyValue = parsedJson\\n| extend version = tostring(bag_keys(keyValue)[0]), count_ = toint(keyValue[tostring(bag_keys(keyValue)[0])])\\n| project version, count_\",\"size\":3,\"title\":\"Workloads by VEN Version\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"piechart\",\"chartSettings\":{\"showMetrics\":false,\"showLegend\":true,\"ySettings\":{\"numberFormatSettings\":{\"unit\":0,\"options\":{\"style\":\"decimal\",\"useGrouping\":true,\"minimumIntegerDigits\":1}}}}},\"customWidth\":\"50\",\"name\":\"query - 5\",\"styleSettings\":{\"maxWidth\":\"50\"}},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Illumio_Workloads_Summarized_API_CL\\n| order by TimeGenerated desc\\n| top 1 by TimeGenerated\\n| extend parsedJson = parse_json(vens_by_managed)\\n| mv-expand keyValue = parsedJson\\n| extend managed = tostring(bag_keys(keyValue)[0]), count_ = toint(keyValue[tostring(bag_keys(keyValue)[0])])\\n| project managed = iff(managed == 'true', 'Managed', 'Unmanaged'), count_\",\"size\":3,\"title\":\"Managed and Unmanaged workload counts\",\"noDataMessage\":\"No workloads\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"piechart\",\"chartSettings\":{\"showMetrics\":false,\"showLegend\":true,\"ySettings\":{\"numberFormatSettings\":{\"unit\":0,\"options\":{\"style\":\"decimal\",\"useGrouping\":true,\"minimumIntegerDigits\":1}}}}},\"customWidth\":\"50\",\"name\":\"query - 4\",\"styleSettings\":{\"maxWidth\":\"50\"}},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Illumio_Workloads_Summarized_API_CL\\n| order by TimeGenerated desc\\n| top 1 by TimeGenerated\\n| extend parsedJson = parse_json(vens_by_type)\\n| mv-expand keyValue = parsedJson\\n| extend type = tostring(bag_keys(keyValue)[0]), count_ = toint(keyValue[tostring(bag_keys(keyValue)[0])])\\n| project type, count_\",\"size\":3,\"title\":\"VENs by type\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"piechart\",\"chartSettings\":{\"ySettings\":{\"numberFormatSettings\":{\"unit\":0,\"options\":{\"style\":\"decimal\",\"useGrouping\":true,\"minimumIntegerDigits\":1}}}}},\"customWidth\":\"50\",\"name\":\"query - 3\",\"styleSettings\":{\"maxWidth\":\"50\"}},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Illumio_Workloads_Summarized_API_CL\\n| order by TimeGenerated desc\\n| top 1 by TimeGenerated\\n| extend parsedJson = parse_json(vens_by_os)\\n| mv-expand keyValue = parsedJson\\n| extend os = tostring(bag_keys(keyValue)[0]), count_ = toint(keyValue[tostring(bag_keys(keyValue)[0])])\\n| project os, count_\",\"size\":3,\"title\":\"Managed workloads by OS\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"piechart\",\"chartSettings\":{\"showMetrics\":false,\"showLegend\":true,\"ySettings\":{\"numberFormatSettings\":{\"unit\":0,\"options\":{\"style\":\"decimal\",\"useGrouping\":true,\"minimumIntegerDigits\":1}}}}},\"customWidth\":\"50\",\"name\":\"query - 6\",\"styleSettings\":{\"maxWidth\":\"50\"}}],\"exportParameters\":true},\"conditionalVisibility\":{\"parameterName\":\"Tab\",\"comparison\":\"isEqualTo\",\"value\":\"0\"},\"name\":\"WorkloadOperations\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Illumio_Workloads_Summarized_API_CL\\n| order by TimeGenerated desc\\n| top 1 by TimeGenerated\\n| extend parsedJson = parse_json(vens_by_enforcement_mode)\\n| mv-expand keyValue = parsedJson\\n| extend mode = tostring(bag_keys(keyValue)[0]), count_ = toint(keyValue[tostring(bag_keys(keyValue)[0])])\\n| project mode = case(mode == 'full', 'Full',\\n         mode == 'visibility_only', 'Visibility Only',\\n         mode == 'selective', \\\"Selective\\\",\\n        \\\"Idle\\\"), count_\\n\",\"size\":3,\"title\":\"Workloads by enforcement modes\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"piechart\",\"chartSettings\":{\"ySettings\":{\"numberFormatSettings\":{\"unit\":0,\"options\":{\"style\":\"decimal\",\"useGrouping\":true,\"minimumIntegerDigits\":1}}}}},\"customWidth\":\"50\",\"name\":\"query - 7\",\"styleSettings\":{\"maxWidth\":\"50\"}},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Illumio_Workloads_Summarized_API_CL\\n| order by TimeGenerated desc\\n| top 1 by TimeGenerated\\n| extend parsedJson = parse_json(vens_by_status)\\n| mv-expand keyValue = parsedJson\\n| extend status = tostring(bag_keys(keyValue)[0]), count_ = toint(keyValue[tostring(bag_keys(keyValue)[0])])\\n| project status, count_\\n\",\"size\":3,\"title\":\"VENs by Status\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"piechart\",\"chartSettings\":{\"ySettings\":{\"numberFormatSettings\":{\"unit\":0,\"options\":{\"style\":\"decimal\",\"useGrouping\":true,\"minimumIntegerDigits\":1}}}}},\"customWidth\":\"50\",\"name\":\"query - 1\",\"styleSettings\":{\"maxWidth\":\"50\"}},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Illumio_Workloads_Summarized_API_CL\\n| order by TimeGenerated desc\\n| top 1 by TimeGenerated\\n| extend parsedJson = parse_json(vens_by_sync_state)\\n| mv-expand keyValue = parsedJson\\n| extend sync_state = tostring(bag_keys(keyValue)[0]), count_ = toint(keyValue[tostring(bag_keys(keyValue)[0])])\\n| project sync_state, count_\\n\",\"size\":3,\"title\":\"VENs by synchronization state\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"piechart\",\"chartSettings\":{\"ySettings\":{\"numberFormatSettings\":{\"unit\":0,\"options\":{\"style\":\"decimal\",\"useGrouping\":true,\"minimumIntegerDigits\":1}}}}},\"name\":\"query - 2\"}]},\"conditionalVisibility\":{\"parameterName\":\"Tab\",\"comparison\":\"isEqualTo\",\"value\":\"1\"},\"name\":\"Workload Investigations\"}],\"fromTemplateId\":\"sentinel-apiWorkbook\",\"$schema\":\"https://github.com/Microsoft/Application-Insights-Workbooks/blob/master/schema/workbook.json\"}\r\n",
                 "version": "1.0",
                 "sourceId": "[variables('workspaceResourceId')]",
                 "category": "sentinel"
@@ -768,30 +768,30 @@
                 ],
                 "entityMappings": [
                   {
-                    "entityType": "Host",
                     "fieldMappings": [
                       {
-                        "identifier": "HostName",
-                        "columnName": "created_by"
+                        "columnName": "created_by",
+                        "identifier": "HostName"
                       }
-                    ]
+                    ],
+                    "entityType": "Host"
                   },
                   {
-                    "entityType": "IP",
                     "fieldMappings": [
                       {
-                        "identifier": "Address",
-                        "columnName": "action"
+                        "columnName": "action",
+                        "identifier": "Address"
                       }
-                    ]
+                    ],
+                    "entityType": "IP"
                   }
                 ],
                 "eventGroupingSettings": {
                   "aggregationKind": "AlertPerResult"
                 },
                 "alertDetailsOverride": {
-                  "alertDescriptionFormat": "Illumio Firewall Tamper Incident {{IncidentId}} generated at {{TimeGenerated}}\n",
-                  "alertDisplayNameFormat": "Illumio Firewall Tamper Incident: {{IncidentId}}\n"
+                  "alertDisplayNameFormat": "Illumio Firewall Tamper Incident: {{IncidentId}}\n",
+                  "alertDescriptionFormat": "Illumio Firewall Tamper Incident {{IncidentId}} generated at {{TimeGenerated}}\n"
                 }
               }
             },
@@ -887,30 +887,30 @@
                 ],
                 "entityMappings": [
                   {
-                    "entityType": "Host",
                     "fieldMappings": [
                       {
-                        "identifier": "HostName",
-                        "columnName": "workload_name"
+                        "columnName": "workload_name",
+                        "identifier": "HostName"
                       }
-                    ]
+                    ],
+                    "entityType": "Host"
                   },
                   {
-                    "entityType": "Account",
                     "fieldMappings": [
                       {
-                        "identifier": "Name",
-                        "columnName": "created_by"
+                        "columnName": "created_by",
+                        "identifier": "Name"
                       }
-                    ]
+                    ],
+                    "entityType": "Account"
                   }
                 ],
                 "eventGroupingSettings": {
                   "aggregationKind": "AlertPerResult"
                 },
                 "alertDetailsOverride": {
-                  "alertDescriptionFormat": "Illumio Enforcement Change Incident {{IncidentId}} generated at {{TimeGenerated}}\n",
-                  "alertDisplayNameFormat": "Illumio Enforcement Change Incident: {{IncidentId}}\n"
+                  "alertDisplayNameFormat": "Illumio Enforcement Change Incident: {{IncidentId}}\n",
+                  "alertDescriptionFormat": "Illumio Enforcement Change Incident {{IncidentId}} generated at {{TimeGenerated}}\n"
                 }
               }
             },
@@ -1006,21 +1006,21 @@
                 ],
                 "entityMappings": [
                   {
-                    "entityType": "Host",
                     "fieldMappings": [
                       {
-                        "identifier": "HostName",
-                        "columnName": "resource_changes"
+                        "columnName": "resource_changes",
+                        "identifier": "HostName"
                       }
-                    ]
+                    ],
+                    "entityType": "Host"
                   }
                 ],
                 "eventGroupingSettings": {
                   "aggregationKind": "AlertPerResult"
                 },
                 "alertDetailsOverride": {
-                  "alertDescriptionFormat": "Illumio VEN Offline Incident {{IncidentId}} generated at {{TimeGenerated}}\n",
-                  "alertDisplayNameFormat": "Illumio VEN Offline Incident: {{IncidentId}}\n"
+                  "alertDisplayNameFormat": "Illumio VEN Offline Incident: {{IncidentId}}\n",
+                  "alertDescriptionFormat": "Illumio VEN Offline Incident {{IncidentId}} generated at {{TimeGenerated}}\n"
                 }
               }
             },
@@ -1075,7 +1075,7 @@
         "contentSchemaVersion": "3.0.0",
         "displayName": "IllumioSaaS",
         "publisherDisplayName": "Illumio",
-        "descriptionHtml": "<p><strong>Note:</strong> Please refer to the following before installing the solution:</p>\n<p>• Review the solution <a href=\"https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/IllumioSaaS/ReleaseNotes.md\">Release Notes</a></p>\n<p>• There may be <a href=\"https://aka.ms/sentinelsolutionsknownissues\">known issues</a> pertaining to this Solution, please refer to them before installing.</p>\n<p><a href=\"https://www.illumio.com/\">Illumio</a> connector provides ability to ingest auditable and flow events from AWS S3 bucket.</p>\n<p><strong>Data Connectors:</strong> 1, <strong>Workbooks:</strong> 3, <strong>Analytic Rules:</strong> 3</p>\n<p><a href=\"https://aka.ms/azuresentinel\">Learn more about Microsoft Sentinel</a> | <a href=\"https://aka.ms/azuresentinelsolutionsdoc\">Learn more about Solutions</a></p>\n",
+        "descriptionHtml": "<p><strong>Note:</strong> Please refer to the following before installing the solution:</p>\n<p>• Review the solution <a href=\"https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/IllumioSaaS/ReleaseNotes.md\">Release Notes</a></p>\n<p>• There may be <a href=\"https://aka.ms/sentinelsolutionsknownissues\">known issues</a> pertaining to this Solution, please refer to them before installing.</p>\n<p><a href=\"https://www.illumio.com/\">IllumioSaaS</a> solution provides ability to ingest auditable and flow events from AWS S3 bucket.</p>\n<p><strong>Data Connectors:</strong> 1, <strong>Workbooks:</strong> 3, <strong>Analytic Rules:</strong> 3</p>\n<p><a href=\"https://aka.ms/azuresentinel\">Learn more about Microsoft Sentinel</a> | <a href=\"https://aka.ms/azuresentinelsolutionsdoc\">Learn more about Solutions</a></p>\n",
         "contentKind": "Solution",
         "contentProductId": "[variables('_solutioncontentProductId')]",
         "id": "[variables('_solutioncontentProductId')]",
diff --git a/Solutions/IllumioSaaS/ReleaseNotes.md b/Solutions/IllumioSaaS/ReleaseNotes.md
index 30801ea4bf6..3057a7f27db 100644
--- a/Solutions/IllumioSaaS/ReleaseNotes.md
+++ b/Solutions/IllumioSaaS/ReleaseNotes.md
@@ -1,5 +1,7 @@
-| **Version** | **Date Modified (DD-MM-YYYY)** | **Change History**                     |
-|-------------|--------------------------------|----------------------------------------|
-| 3.0.0       | 13-05-2024                     | Initial Solution Release               |
+| **Version** | **Date Modified (DD-MM-YYYY)** | **Change History**                     				 |
+|-------------|--------------------------------|---------------------------------------------------------|
+| 3.2.0       | 01-10-2024                     | Added new **Analytic Rules**                            |
+| 3.1.0       | 04-08-2024                     | Solution packaged with Modified logo link               |
+| 3.0.0       | 13-05-2024                     | Initial Solution Release         					     |
          
                                                                                                                  
diff --git a/Solutions/IllumioSaaS/data/Solution_IllumioSaaS.json b/Solutions/IllumioSaaS/data/Solution_IllumioSaaS.json
index 59e29f4c446..fcba9bda4d1 100644
--- a/Solutions/IllumioSaaS/data/Solution_IllumioSaaS.json
+++ b/Solutions/IllumioSaaS/data/Solution_IllumioSaaS.json
@@ -2,7 +2,7 @@
     "Name": "IllumioSaaS",
     "Author": "app-integrations@illumio.com",
     "Logo": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/IllumioLogo.svg\" width=\"75px\" height=\"75px\">",    
-    "Description": "[Illumio](https://www.illumio.com/) connector provides ability to ingest auditable and flow events from AWS S3 bucket.",
+    "Description": "[IllumioSaaS](https://www.illumio.com/) solution provides ability to ingest auditable and flow events from AWS S3 bucket.",
     "Data Connectors": [
         "Data Connectors/IllumioSaaS_FunctionApp.json"
     ],